NielsFerguson
commented
4 years ago I'd love to get notifications for problems. I don't have a Google account, can you send it to my work email "(firstname)@microsoft.com"?
Closed guidovranken closed 3 years ago
NielsFerguson
commented
4 years ago I'd love to get notifications for problems. I don't have a Google account, can you send it to my work email "(firstname)@microsoft.com"?
mlindgren
commented
4 years ago @guidovranken has this been resolved? We would definitely like to get notifications whenever a bug is found, but I also do not have a Google account associated with my work email. If you can send messages to non-Google addresses, I can provide a list of emails that should be notified.
guidovranken
commented
4 years ago Hi @mlindgren
OSS-Fuzz can send e-mail notifications about bugs to non-Google addresses, but it is not possible to log in to the dashboard at oss-fuzz.com and see details like stack traces and regression ranges without a Google account. I believe OSS-Fuzz also allows Firebase authentication, but I have no personal experience with that.
So far, only signed overshift issues have been found in SymCrypt have been found (https://github.com/microsoft/SymCrypt/issues/8).
Currently I'm testing these SymCrypt operations in Cryptofuzz: https://github.com/guidovranken/cryptofuzz/blob/844797e80561de5aa06114bd38c18b4510a03a89/modules/symcrypt/module.h#L13-L21 Other operations like elliptic curve operations have not yet been implemented (though Cryptofuzz supports these). I'm actively maintaining and enhancing Cryptofuzz, and I will get around to extending the SymCrypt module eventually, but if you would like to, you are very welcome to do this yourselves, in the interest of uncovering bugs in Symcrypt (if any).
mlindgren
commented
3 years ago Resolved privately.
I've integrated SymCrypt into my cryptography fuzzing project Cryptofuzz (SymCrypt module is not yet pushed to the repository).
I would now like to activate the SymCrypt module for Cryptofuzz on Google OSS-Fuzz.
Would you like to receive e-mail notifications when a bug is found? For this I need one or more e-mail addresses linked to a Google account.
If I include you in the e-mail list, you will also receive notifications of bugs that do not pertain to SymCrypt. If this is not desired, you may also choose to instead be informed by me personally once a bug is found.