Dear list, I built a bignum differential fuzzer  that has been running on Google's oss-fuzz service  for a while. It performs the same mathematical operations (addition, subtraction, multiplication, modular exponentation, etc) across multiple bignum libraries ( currently OpenSSL, Go, Rust, C++ Boost, libgmp), compares their results and crashes if they don't match. This effort has so far found a couple of (minor) bugs in OpenSSL and Go.
As soon as a mismatch is found, oss-fuzz will send a notification e-mail to the developers of the various bignum libraries so the bug can be examined and resolved. At which e-mail address(es) do the developers of libgmp wish to receive these notifications? Please bear in mind that the notifications will contain potentially security-sensitive information so the recipient may not be a public mailing list. Currently, a potential bug is found only every couple of weeks, so recipients do not have to worry about a lot of incoming traffic. If you wish to write comments to the fuzzer's private bug tracker, the e-mail you specify must be linked to a Google account. See my libgmp module for bignum-fuzzer here . Thanks, Guido  https://github.com/guidovranken/bignum-fuzzer  https://github.com/google/oss-fuzz  https://github.com/guidovranken/bignum-fuzzer/blob/master/modules/libgmp/module.c _______________________________________________ gmp-devel mailing list email@example.com https://gmplib.org/mailman/listinfo/gmp-devel