|
Message-ID: <8007904f-d86d-783f-35c9-b53aeb025e32@comcast.net> Date: Wed, 22 Nov 2017 12:10:02 -0500 From: Chad Dougherty <dougherty477@...cast.net> To: oss-security@...ts.openwall.com Subject: Re: Go programming language invalid modular exponentiation result (Exp() in math/big pkg) On 2017-11-22 11:34, Michal Zalewski wrote: >> Is this fuzzer freely available? I'd love to try it out on the bignum >> support I added to the CHICKEN Scheme implementation for its upcoming >> new major release (probably somewhere mid-2018). Being able to release >> it with a bit higher confidence in its correctness would be nice, as this >> is almost all brand new code. > > Not the same tool, but Hanno released a bignum fuzzer that found quite > a few issues back in the day: > > https://github.com/hannob/bignum-fuzz/ > One more reference that might help you, perhaps indirectly, is Ralf-Philipp Weinmann's talk from BlackHat USA 2015, "Assessing and Exploiting BigNum Vulnerabilities": <https://comsecuris.com/slides/slides-bignum-bhus2015.pdf> -- -Chad
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.