Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 22 Nov 2017 12:10:02 -0500
From: Chad Dougherty <dougherty477@...cast.net>
To: oss-security@...ts.openwall.com
Subject: Re: Go programming language invalid modular
 exponentiation result (Exp() in math/big pkg)

On 2017-11-22 11:34, Michal Zalewski wrote:
>> Is this fuzzer freely available?  I'd love to try it out on the bignum
>> support I added to the CHICKEN Scheme implementation for its upcoming
>> new major release (probably somewhere mid-2018).  Being able to release
>> it with a bit higher confidence in its correctness would be nice, as this
>> is almost all brand new code.
> 
> Not the same tool, but Hanno released a bignum fuzzer that found quite
> a few issues back in the day:
> 
> https://github.com/hannob/bignum-fuzz/
> 

One more reference that might help you, perhaps indirectly, is 
Ralf-Philipp Weinmann's talk from BlackHat USA 2015, "Assessing and 
Exploiting BigNum Vulnerabilities":

<https://comsecuris.com/slides/slides-bignum-bhus2015.pdf>

-- 
     -Chad

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ