You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If you discover a potential security issue in s2n we ask that you notify
AWS Security via our vulnerability reporting page. Please do not create a public github issue.
Problem:
While working on this PR #3913 I noticed that we don't have any unit tests for s2n_compute_weight_of_encrypt_decrypt_keys(). This is a pretty complicated function and we should add tests explicitly for the random float generation and the calculating of key weights. Currently the function is implicitly being tested in s2n_session_ticket_test.c through self-talk tests, which is not fine-grained enough to fully test the key selection algorithm.
Solution:
Some units tests for our ticket key selection algorithm. Additionally it may a good idea to refactor the function since it is doing several different things.
The text was updated successfully, but these errors were encountered:
Security issue notifications
If you discover a potential security issue in s2n we ask that you notify
AWS Security via our vulnerability reporting page. Please do not create a public github issue.
Problem:
While working on this PR #3913 I noticed that we don't have any unit tests for
s2n_compute_weight_of_encrypt_decrypt_keys(). This is a pretty complicated function and we should add tests explicitly for the random float generation and the calculating of key weights. Currently the function is implicitly being tested in s2n_session_ticket_test.c through self-talk tests, which is not fine-grained enough to fully test the key selection algorithm.Solution:
Some units tests for our ticket key selection algorithm. Additionally it may a good idea to refactor the function since it is doing several different things.
The text was updated successfully, but these errors were encountered: