I present a new approach to test crypto software we developed together with JPAumasson: differential fuzzing and our newly released tool, CDF, implementing it along with many edge case tests for common algorithms such as ECDSA, DSA and RSA. CDF also features time leakage detection.
CDF allowed the discovery of issues in high-profile, widely used crypto software components such as Go's crypto package, OpenSSL, and mbedTLS.
It is easy to use CDF to test your own library and everything is performed in a black-boxfashion, so you only need to provide CDF with an executable to test it.