ctz
commented
3 years ago This project is passively maintained: I don't have immediate plans to add new features, but will fix bugs.
Open guidovranken opened 3 years ago
ctz
commented
3 years ago This project is passively maintained: I don't have immediate plans to add new features, but will fix bugs.
guidovranken
commented
3 years ago That's great to hear; new features are not necessary, only bugfixes. Are you interested in running cifra on OSS-Fuzz? You don't need to do anything, except address bugs.
The first bug I found is memory corruption when using a SHA3 family hash with HMAC (or PBKDF2). This is also what https://github.com/ctz/cifra/issues/14 seems to be reporting. I can provide a compilable proof of concept if you like. Are you willing to address this bug?
Thanks
My project (https://github.com/guidovranken/cryptofuzz) fuzzers cryptographic libraries and it has support for cifra.
We can run a cifra fuzzer on OSS-Fuzz (https://github.com/google/oss-fuzz) but this requires that the project is being maintained. Is this the case?