oss-sec mailing list archives
Re: Go programming language invalid modular exponentiation result (Exp() in math/big pkg)
From: Chad Dougherty <dougherty477 () comcast net>
Date: Wed, 22 Nov 2017 12:10:02 -0500
On 2017-11-22 11:34, Michal Zalewski wrote:
Is this fuzzer freely available? I'd love to try it out on the bignum support I added to the CHICKEN Scheme implementation for its upcoming new major release (probably somewhere mid-2018). Being able to release it with a bit higher confidence in its correctness would be nice, as this is almost all brand new code.Not the same tool, but Hanno released a bignum fuzzer that found quite a few issues back in the day: https://github.com/hannob/bignum-fuzz/
One more reference that might help you, perhaps indirectly, is Ralf-Philipp Weinmann's talk from BlackHat USA 2015, "Assessing and Exploiting BigNum Vulnerabilities":
<https://comsecuris.com/slides/slides-bignum-bhus2015.pdf> -- -Chad
Current thread:
- Go programming language invalid modular exponentiation result (Exp() in math/big pkg) Guido Vranken (Nov 21)
- Re: Go programming language invalid modular exponentiation result (Exp() in math/big pkg) Peter Bex (Nov 22)
- Re: Go programming language invalid modular exponentiation result (Exp() in math/big pkg) Guido Vranken (Nov 22)
- Re: Go programming language invalid modular exponentiation result (Exp() in math/big pkg) Michal Zalewski (Nov 22)
- Re: Go programming language invalid modular exponentiation result (Exp() in math/big pkg) Chad Dougherty (Nov 22)
- Re: Go programming language invalid modular exponentiation result (Exp() in math/big pkg) Peter Bex (Nov 22)