libgcrypt integration into OSS-Fuzz differential cryptography fuzzer
Dmitry Eremin-Solenikov
dbaryshkov at gmail.com
Fri May 10 23:48:50 CEST 2019
Hello,
пт, 10 мая 2019 г. в 21:23, Guido Vranken <guidovranken at gmail.com>:
>
> I hadn't noticed Veracrypt deliberately disabled the carry overflow check. Thanks for the suggestion; I've modified the Veracrypt code and there are no differences anymore.
>
> Can people who are interested in receiving messages from OSS-Fuzz send their Google account-linked address to guidovranken at gmail.com ? Thanks
>
> Dimitry/others: was the carry overflow bug in Stribog in libgcrypt found because I notified LibreSSL about the same bug (https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libcrypto/gost/streebog.c?rev=1.6&content-type=text/x-cvsweb-markup). Would it be fair to say, then, that my fuzzer found the libgcrypt Stribog bug? If so I'll add it to my HoF.
I've received a report from another Russian developer
(https://habr.com/ru/post/450024/). He was using Kleopatra, thus he
stumbled upon an issue in libgcrypt.
--
With best wishes
Dmitry
More information about the Gcrypt-devel
mailing list