Differential Testing of Cryptographic Libraries with Hybrid Fuzzing

Abstract

Differential fuzz testing is a promising technique to detect numerous bugs in cryptographic libraries by providing the same input for different implementations of cryptographic algorithms. Cryptofuzz is an edge-cutting project that supports various libraries in this regard, employing coverage-guided libFuzzer as its back-end core. However, we observe that Cryptofuzz heavily relies on heuristic custom mutation strategies to expand code coverage while fuzzing, compensating for the limited performance of libFuzzer and the overhead of differential fuzzing. In this paper, we show such evidence and then present a novel tweak method to make differential fuzzing perform better with advanced fuzzers rather than the custom mutators overfitted with cryptographic features. Our basic insight is that hybrid fuzzing, which combines fuzzing and concolic execution, could help. We make the front end of Cryptofuzz standalone for differential testing of cryptographic libraries with hybrid fuzzers. We conduct experiments and use AFL and Intriguer for hybrid fuzzing. Our evaluation results show that the proposed method achieves better code coverage independently of the custom mutators and is more effective in bug-finding than Cryptofuzz. Our method generalizes its back end to use any advanced fuzzers for differential testing of cryptographic libraries.