libgmp differential fuzzer running on Google's oss-fuzz

[Niels Möller]

Guido Vranken <guidovranken at gmail.com> writes:

> I built a bignum differential fuzzer [1] that has been running on
> Google's oss-fuzz service [2] for a while. It performs the same
> mathematical operations (addition, subtraction, multiplication,
> modular exponentation, etc) across multiple bignum libraries (
> currently OpenSSL, Go, Rust, C++ Boost, libgmp), compares their
> results and crashes if they don't match.

You may want to add mini-gmp to the list of tested libraries, even if
it's not strictly a "library". It is likely to have different bugs than
gmp.

Also beware that valgrind-based testing of gmp requires support for
recent instructions. The oss-fuzz tests of gnutls have recently suffered
from valgrind having problems with instructions such as mulx (I'm
assuming most of these tests are on x86_64 architecture).

Feel free to cc my work address (nisse at google.com) on any resulting
issues.

Regards,
/Niels

-- 
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesale government surveillance.