Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

OSS-Fuzz integration #17

Open
guidovranken opened this issue Jan 10, 2021 · 2 comments
Open

OSS-Fuzz integration #17

guidovranken opened this issue Jan 10, 2021 · 2 comments

Comments

@guidovranken
Copy link

My project (https://github.com/guidovranken/cryptofuzz) fuzzers cryptographic libraries and it has support for cifra.

We can run a cifra fuzzer on OSS-Fuzz (https://github.com/google/oss-fuzz) but this requires that the project is being maintained. Is this the case?
@ctz
Copy link
Owner

ctz commented Jan 10, 2021

This project is passively maintained: I don't have immediate plans to add new features, but will fix bugs.

@guidovranken
Copy link
Author

That's great to hear; new features are not necessary, only bugfixes. Are you interested in running cifra on OSS-Fuzz? You don't need to do anything, except address bugs.

The first bug I found is memory corruption when using a SHA3 family hash with HMAC (or PBKDF2). This is also what #14 seems to be reporting. I can provide a compilable proof of concept if you like. Are you willing to address this bug?

Thanks

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ctz @guidovranken