Date: Wed, 22 Nov 2017 12:10:02 -0500 From: Chad Dougherty <dougherty477@...cast.net> To: oss-security@...ts.openwall.com Subject: Re: Go programming language invalid modular exponentiation result (Exp() in math/big pkg) On 2017-11-22 11:34, Michal Zalewski wrote: >> Is this fuzzer freely available? I'd love to try it out on the bignum >> support I added to the CHICKEN Scheme implementation for its upcoming >> new major release (probably somewhere mid-2018). Being able to release >> it with a bit higher confidence in its correctness would be nice, as this >> is almost all brand new code. > > Not the same tool, but Hanno released a bignum fuzzer that found quite > a few issues back in the day: > > https://github.com/hannob/bignum-fuzz/ > One more reference that might help you, perhaps indirectly, is Ralf-Philipp Weinmann's talk from BlackHat USA 2015, "Assessing and Exploiting BigNum Vulnerabilities": <https://comsecuris.com/slides/slides-bignum-bhus2015.pdf> -- -Chad
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ