Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 22 Nov 2017 17:42:53 +0100
From: Guido Vranken <guidovranken@...il.com>
To: oss-security@...ts.openwall.com
Subject: Re: Go programming language invalid modular
 exponentiation result (Exp() in math/big pkg)

Peter,

It is available: https://github.com/guidovranken/bignum-fuzzer

It has a modular set-up, meaning individual bignum libraries can
easily be added, removed, enabled or disabled.
I'll write some documentation soon, but you can probably figure out
the module layout from looking at the existing ones.
Compiling your code must result in a static archive that can be linked
to the other objects. If that really is not possible, you must come up
with some sort of inter-process communication.
Feel free to create a PR for your own module and I'll add it.

Thanks

Guido

On Wed, Nov 22, 2017 at 9:13 AM, Peter Bex <peter@...e-magic.net> wrote:
> On Wed, Nov 22, 2017 at 12:30:08AM +0100, Guido Vranken wrote:
>> Dear list,
>>
>> I've written a bignum fuzzer that compares the results of mathematical
>> operations (addtion, subtraction, multiplication, ...) across multiple
>> bignum libraries.
>
> Hi there,
>
> Is this fuzzer freely available?  I'd love to try it out on the bignum
> support I added to the CHICKEN Scheme implementation for its upcoming
> new major release (probably somewhere mid-2018).  Being able to release
> it with a bit higher confidence in its correctness would be nice, as this
> is almost all brand new code.
>
> Cheers,
> Peter Bex (CHICKEN core maintainer)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ