search

Mbed-TLS / mbedtls

An open source, portable, easy to use, readable and flexible TLS library, and reference implementation of the PSA Cryptography API. Releases are on a varying cadence, typically around 3 - 6 months between releases.
https://www.trustedfirmware.org/projects/mbed-tls/
Other
5.56k stars 2.61k forks source link

Integrate the new bignum modules with cryptofuzz #6738

Open gilles-peskine-arm opened 1 year ago

gilles-peskine-arm commented 1 year ago

The differential fuzzer cryptofuzz runs bignum calculations with multiple libraries and checks that they don't corrupt the memory and they obtain the same results.

We'll need to migrate cryptofuzz to the new bignum module(s), at the latest, before we retire the current bignum. In the meantime, we should have a transition period during which the fuzzer runs both the new bignum and the old one.

Guidance from the author of cryptofuzz: https://github.com/guidovranken/cryptofuzz/issues/47

Should the new bignum be just core, or mod_raw and mod as well?

(No need to integrate into bignum-fuzzer: cryptofuzz subsumes it.)

gilles-peskine-arm commented 1 year ago

The tech debt team is looking at cryptofuzz. Our first goal will be to fuzz PSA crypto APIs, which is easier because they are stable. When we're more familiar with cryptofuzz, we'll look into how we can practically integrate the low-level bignum APIs which are likely to evolve over time (we don't want to break the build of cryptofuzz whenever that happens).