go-fuzz for CIRCL about circl HOT 13 CLOSED

Very interesting. I can start playing with this a little.

from circl.

oh, while I'm here. I was recently informed by the author via linkedin that this exists and uses CIRCL
https://github.com/kuking/go-pqsw

thought you may want to know

from circl.

Hey @henrydcase @claucece , I'm the maintainer of Cryptofuzz. I'm still improving it every day. It now supports elliptic curve operations and has been effective at finding EC bugs (see full bug list here ). PQ crypto not yet but I'm planning on implementing that. Have you gotten around to work with Cryptofuzz to test circl? Feel free to reach out to me at [email protected] to discuss these plans in depth.

from circl.

Oh, wow, interesting @henrydcase .. check it out @bwesterb : https://github.com/kuking/go-pqsw

from circl.

Fuzzing is something we want to include in CIRCL, we are open for discussion.
thanks for the pointer @guidovranken

from circl.

I now have a circl module for Cryptofuzz https://github.com/guidovranken/cryptofuzz/tree/master/modules/circl
It found one bug so far #312

I can install it on OSS-Fuzz if you want @armfazh ?

from circl.

I now have a circl module for Cryptofuzz https://github.com/guidovranken/cryptofuzz/tree/master/modules/circl It found one bug so far #312

Thanks for writing the module.

I can install it on OSS-Fuzz if you want @armfazh ?

What does this implies and what it is required to be included? (sorry, not so familiar with the internals of the project).

from circl.

Basically:

• Requires participants to have a Google account. I need a list of e-mail addresses (linked to a Google account) of maintainers. Note: these will be public
• You will receive an e-mail notification when a bug is found, and when it is detected as fixed
• There is an expectation that bugs found by OSS-Fuzz will be fixed by the maintainers (you)
• Bugs found remain private for 90 days, then they are automatically publicly disclosed whether they are fixed or not
• "To be accepted to OSS-Fuzz, an open-source project must have a significant user base and/or be critical to the global IT infrastructure."
• Usage of OSS-Fuzz is free of charge
• I will collect the $1,000 integration reward

More information: https://google.github.io/oss-fuzz/

from circl.

Requires participants to have a Google account. I need a list of e-mail addresses (linked to a Google account) of maintainers. Note: these will be public

@guidovranken can you please clarify who the "participants" are here?

from circl.

People who receive the bug reports, typically the maintainers of the software being fuzzed, in this case the circl maintainers.

from circl.

@guidovranken just reached at this address https://guidovranken.com/contact/, please confirm you have received my email.

from circl.

Yes I did, thanks, I will reply in a minute.

from circl.

Tracking integration at: google/oss-fuzz#7262

from circl.