profile
viewpoint
遗忘
Guido Vranken guidovranken @ForAllSecure Netherlands https://guidovranken.com/

ethereum/evmlab 157

Utilities for interacting with the Ethereum virtual machine

guidovranken/emufuzz 52

libFuzzer + Unicorn + Capstone

ForAllSecure/VulnerabilitiesLab 44

Reproduce CVEs from ForAllSecure Vulnerabilities Lab

guidovranken/binloop 12

Find call graph loops in 64 bit binaries using objdump and some Python code

guidovranken/CVE-2017-3730 11

OpenSSL CVE-2017-3730 proof-of-concept

create barnchguidovranken/cryptofuzz

branch : wolfcrypt-shake256

created branch time in 10 hours

push eventguidovranken/cryptofuzz

Guido Vranken

commit sha 56f206146a51da1a606d28b87d06a26fa3493519

wolfCrypt module: Support OpECC_GenerateKeyPair

view details

push time in 11 hours

push eventguidovranken/VulnerabilitiesLab

Guido Vranken

commit sha c0a5c9198bed1f0ba7fa0a214fd4e2876aad4eb7

openwrt-relayd-cve-2020-11752: Fix baseimage in Mayhemfile

view details

push time in a day

PR opened ForAllSecure/VulnerabilitiesLab

Add project for OpenWRT relayd CVE-2020-11752

Uses modified source code of OpenWRT relayd (GPLv2). Like https://github.com/ForAllSecure/VulnerabilitiesLab/pull/15 this needs some annotation of that.

+297 -0

0 comment

8 changed files

pr created time in a day

PR opened ForAllSecure/VulnerabilitiesLab

Add project for OpenWRT mdnsd CVE-2020-11750

TODO: Uses modified code from OpenWRT (GPLv2) and musl libc (MIT). Please suggest if I should include the licenses, annotate the source file, ...

+452 -0

0 comment

8 changed files

pr created time in 2 days

create barnchguidovranken/VulnerabilitiesLab

branch : openwrt-mdnsd-cve-2020-11750

created branch time in 2 days

push eventguidovranken/VulnerabilitiesLab

Adam Van Prooyen

commit sha ac45641f4837036e0b5818a7de20e22f47dfa425

Add stb vorbis cve

view details

Adam Van Prooyen

commit sha 80967f14baadf0ce680816e2b1ba4679224cca9b

Add crashing poc

view details

Adam Van Prooyen

commit sha 156aff62897285dd7080bebff4887d14490b4208

Rename mayhem folder in stb

view details

Adam Van Prooyen

commit sha 1e9433cb142dcc0c5706b1e1db2b82d10eca3c55

Add stb to docker ci

view details

Adam Van Prooyen

commit sha d0711300cfe711644541a4392749d8c73aa20e75

Add matio cve (wip)

view details

Adam Van Prooyen

commit sha 6e9d1e20cf44319ae5519377fc741d6a3b4326e6

Add corpus for matio

view details

Adam Van Prooyen

commit sha dde207be15874efbd9aec2882508199b050ef3cb

Add patch for matio

view details

Adam Van Prooyen

commit sha af3091e00732a90ba1b53b75a562ef1e2534d087

Add matio poc

view details

Adam Van Prooyen

commit sha 9c54496220ba16a6a2badd33fe48835d7f3a626a

Move matio corpus into mayhem package folder

view details

Adam Van Prooyen

commit sha 52bf5826be7e1954a24ecf02a9d6d07b8aac7aef

Add matio to github ci

view details

Adam Van Prooyen

commit sha 18fa01acc4366cdaf8db394865de1e1f1bc5e2ee

Fix project and baseimage in matio mayhemfile

view details

Adam Van Prooyen

commit sha ec13e3736b5902e37010e1b441df3a11f7e1ed35

Fix link to bug fix in netflix readme

view details

Adam Van Prooyen

commit sha 0faea4afc9424f9f07a9ef6283d1d95eaad5f6b0

Merge branch 'master' into add-stb-cve

view details

Adam Van Prooyen

commit sha 2a918cf21a62e708934852238daad0083ac539b8

Add stb readme

view details

Adam Van Prooyen

commit sha ffb4962b3c7ab9f6e3a1c3cfac7b2d87a4583d3a

Add link to stb readme to main readme

view details

Adam Van Prooyen

commit sha 2e19d864c9198042fa66490bc107bcf1227a03d7

Merge branch 'master' into add-matio-cve

view details

Adam Van Prooyen

commit sha 5f4fa1c603afe5626341af2ac4d70960646a8b7f

Add readme for matio

view details

Adam Van Prooyen

commit sha 34058ec702edf311e40a0d6de94316758d21c4df

Add Matio readme link to main readme

view details

Adam Van Prooyen

commit sha e2cd328da81d04b8e5e9d653c7fa7dd4f09ea6c7

Fix capitalization in matio readme

view details

Adam Van Prooyen

commit sha fa0531f174508b068e3a1077d8cbf0c64f989bfe

Fix failing sthttpd dockerfile

view details

push time in 2 days

pull request commentguidovranken/vfuzz

Add quick start guide

Thanks!

practicalswift

comment created time in 3 days

push eventguidovranken/vfuzz

practicalswift

commit sha 5f24d4049cb4afb17678012e1a89220b90c49b58

Add quick start guide

view details

Guido Vranken

commit sha d44b7ecae34f54d8bbe934262dde04f27fa2fac7

Merge pull request #2 from practicalswift/quick-start-guide Add quick start guide

view details

push time in 3 days

PR merged guidovranken/vfuzz

Add quick start guide

Add quick start guide.

+32 -4

0 comment

1 changed file

practicalswift

pr closed time in 3 days

push eventguidovranken/vfuzz

practicalswift

commit sha 900f737abd94fbabd5965c977ffd2e4695984649

Fix build. Add missing include (fuzzing-headers/include/).

view details

Guido Vranken

commit sha 8e027a05d13f5cf81f32f9cfe5dc8e216fe72d0e

Merge pull request #1 from practicalswift/fix-missing-include-dir Fix build. Add missing include (fuzzing-headers/include/).

view details

push time in 3 days

PR merged guidovranken/vfuzz

Fix build. Add missing include (fuzzing-headers/include/).

Fix build. Add missing include (fuzzing-headers/include/).

Before this patch:

$ git clone https://github.com/guidovranken/vfuzz
$ cd vfuzz/
$ mkdir build/
$ cd build/
$ cmake -DCMAKE_CXX_COMPILER=clang++ -DCMAKE_C_COMPILER=clang ..
$ make -j $(nproc)
…
[ 97%] Building CXX object examples/CMakeFiles/nlohmann.dir/nlohmann.cpp.o
vfuzz/examples/../include/vfuzz/datasource.h:3:10: fatal error: 'fuzzing/datasource/datasource.hpp' file not found
vfuzz/examples/../include/vfuzz/types.h:5:10: fatal error: 'fuzzing/datasource/id.hpp' file not found
$ echo $?
2

After this patch:

$ git clone https://github.com/guidovranken/vfuzz
$ cd vfuzz/
$ mkdir build/
$ cd build/
$ cmake -DCMAKE_CXX_COMPILER=clang++ -DCMAKE_C_COMPILER=clang ..
$ make -j $(nproc)
…
[ 97%] Building CXX object examples/CMakeFiles/nlohmann.dir/nlohmann.cpp.o
[ 98%] Linking CXX executable libvfuzz-core-example
[ 98%] Built target libvfuzz-core-example
[100%] Linking CXX executable nlohmann
[100%] Built target nlohmann
$ echo $?
0
+1 -0

0 comment

1 changed file

practicalswift

pr closed time in 3 days

push eventguidovranken/cryptofuzz

Guido Vranken

commit sha 43b1bc4e7c4cd6405ff66ef5905357f248cd9c80

wolfCrypt module: Support OpECC_PrivateToPublic

view details

push time in 3 days

push eventguidovranken/cryptofuzz

Guido Vranken

commit sha b3fa40ec89726d474ad2f38ea3e0ede4ad9edad2

wolfCrypt module: Extend OpBignumCalc support

view details

push time in 4 days

create barnchguidovranken/cryptofuzz

branch : wolfcrypt-bignum

created branch time in 6 days

push eventguidovranken/cryptofuzz

Guido Vranken

commit sha 919fa5710aec81c21dc26492e499ae541042e68c

wolfCrypt module: Implement mechanism to detect address space overflows on 32 bit

view details

push time in 6 days

push eventguidovranken/cryptofuzz

Guido Vranken

commit sha 1d170d104e48b5d103fd0528743cd7daac95e287

Update wolfCrypt build instructions

view details

push time in 6 days

create barnchguidovranken/guidovranken

branch : master

created branch time in 7 days

created repositoryguidovranken/guidovranken

created time in 7 days

issue commentopenssl/openssl

KBKDF (SP 800 108 KDF) NULL ptr dereference if secret is empty

Additionally, KBKDF seems to produce the incorrect output in feedback mode if OSSL_KDF_PARAM_INFO is not empty. Either that parameter is ignored, or incorrectly processed. This was discovered through differential fuzzing against Botan.

guidovranken

comment created time in 7 days

issue commentopenssl/openssl

KBKDF (SP 800 108 KDF) NULL ptr dereference if secret is empty

Tested on commit f6f159e7a133d1b2f82a82fab3f8c357a07b574f, so one commit behind on master. So that PR didn't fix it.

guidovranken

comment created time in 7 days

push eventguidovranken/cryptofuzz

Guido Vranken

commit sha a2d3c73a1c50149eb227fb964e5f9ee4f1cfd32d

OpenSSL module: Support SP 800 108 KDF

view details

push time in 7 days

issue openedopenssl/openssl

KBKDF (SP 800 108 KDF) NULL ptr dereference if secret is empty

#include <openssl/kdf.h>
#include <openssl/params.h>
#include <openssl/core_names.h>
#include <string.h>

static void error(const char* e) {
    printf("%s\n", e);
    abort();
}

int main(void)
{
    EVP_KDF *kdf;
    EVP_KDF_CTX *kctx;
    unsigned char out[32];
    OSSL_PARAM params[7], *p = params;

    const unsigned char salt[] = {0x00};
    //const unsigned char secret[] = {0x00};
    const unsigned char secret[] = {};
    const unsigned char label[] = {0x00};

    kdf = EVP_KDF_fetch(NULL, "KBKDF", NULL);
    kctx = EVP_KDF_new_ctx(kdf);
    EVP_KDF_free(kdf);

    *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
            "SHA384", 0);
    *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC,
            "HMAC", 0);
    *p++ = OSSL_PARAM_construct_utf8_string(
            OSSL_KDF_PARAM_MODE, "COUNTER", 0);
    *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY,
            secret, sizeof(secret));
    *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
            label, sizeof(label));
    *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO,
            salt, sizeof(salt));
    *p = OSSL_PARAM_construct_end();
    if (EVP_KDF_set_ctx_params(kctx, params) <= 0)
        error("EVP_KDF_set_ctx_params");
    else if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0)
        error("EVP_KDF_derive");
    for (size_t i = 0; i < sizeof(out); i++) {
        printf("%02X ", out[i]);
    }
    printf("\n");

    EVP_KDF_free_ctx(kctx);
    return 0;
}

created time in 7 days

push eventguidovranken/cryptofuzz

Guido Vranken

commit sha ecf872d09e834aa28f955ad2e1fb0db334ada5d9

Botan module: Support SP 800 108 KDF

view details

push time in 7 days

push eventguidovranken/cryptofuzz

Guido Vranken

commit sha 1d74cc536a55106ce38fc547c15e66be36b4ccd4

mbed TLS module: Induce pseudo-random allocation failures if CRYPTOFUZZ_MBEDTLS_ALLOCATION_FAILURES is defined

view details

push time in 8 days

issue openedARMmbed/mbedtls

mbedtls_md_setup memory leak if allocation fails

Description

  • Type: Bug
  • Priority: Minor

Bug

The following code produces a memory leak. This happens because I've modified the allocator to return NULL on the second allocation request.

#include <mbedtls/md.h>
#include <mbedtls/platform.h>

#include <string.h>
#include <stdint.h>
#include <stdlib.h>
#include <stddef.h>

#define CF_CHECK_EQ(expr, res) if ( (expr) != (res) ) { goto end; }
#define CF_CHECK_NE(expr, res) if ( (expr) == (res) ) { goto end; }

static void* mbedTLS_custom_calloc(size_t A, size_t B) {
    static int i;
    i++;
    if ( i == 2 ) return NULL;
    const size_t size = A*B;
    void* p = malloc(size);
    if ( size ) {
        memset(p, 0x00, size);
    }
    return p;
}

static void mbedTLS_custom_free(void* ptr) {
    free(ptr);
}

int main(void)
{
    if ( mbedtls_platform_set_calloc_free(mbedTLS_custom_calloc, mbedTLS_custom_free) != 0 ) {
        abort();
    }

    mbedtls_md_info_t const* md_info = NULL;
    mbedtls_md_context_t md_ctx;

    mbedtls_md_init(&md_ctx);

    CF_CHECK_NE(md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA512), NULL);
    CF_CHECK_EQ(mbedtls_md_setup(&md_ctx, md_info, 1), 0 );

end:
    mbedtls_md_free(&md_ctx);

    return 0;
}

Fix it by moving

https://github.com/ARMmbed/mbedtls/blob/3ee91f47f44d4133d3f155b113abfdf7bef98c4e/library/md.c#L471

to before line 461

created time in 8 days

create barnchguidovranken/mbedtls

branch : fix-mbedtls_md_setup-memleak

created branch time in 8 days

fork guidovranken/mbedtls

An open source, portable, easy to use, readable and flexible SSL library

https://tls.mbed.org

fork in 8 days

push eventguidovranken/cryptofuzz

Guido Vranken

commit sha cea0d0df3b64dfd45ecf9e090f618c5c8de3fc79

Update mbed TLS build instructions

view details

push time in 8 days

push eventguidovranken/cryptofuzz

Guido Vranken

commit sha da0eb20af0b1b4546a9603acd8c6d43554fffcf2

wolfCrypt module Induce pseudo-random allocation failures if CRYPTOFUZZ_WOLFCRYPT_ALLOCATION_FAILURES is defined

view details

push time in 8 days

push eventguidovranken/wolfssl

Guido Vranken

commit sha 7f6667144900dead5f13be22e7886eaa183d9a4b

In wc_PKCS12_PBKDF_ex, break out of outer loop on error

view details

push time in 9 days

create barnchguidovranken/wolfssl

branch : scrypt-return-memory-e

created branch time in 9 days

push eventguidovranken/wolfssl

Sean Parkinson

commit sha e8e455bf399126e9d04afab697c1856d71e19785

Add section to asm files to avoid exe stack For Linux ELF need a note section for GNU to indicate stack is not executable.

view details

Jacob Barthelmeh

commit sha 0c7b851bd39b586d94e1b11f14037937213f9308

restrict the cert version allowed

view details

Jacob Barthelmeh

commit sha 14d0b4e7d62f5820afa0ef2876dbb8e37f02dee8

adjust test case

view details

kaleb-himes

commit sha 970391319beb023680eccd0e447e76834dbb4808

Add or later verbage to LICENSING and sync header license versions

view details

Ethan Looney

commit sha 5f3a287a6a82bbc49235597504d006734a864947

Added tests to sha256.c for sha224 and sha256.

view details

Sean Parkinson

commit sha 0e79943a5c2e0602b980867c58569b4f39cc3072

Fix SP int size of result checks sp_lshb: Only put values in extra word id necessary

view details

Guido Vranken

commit sha 04d063f2ba7528542c0cf255d249b7943941f9bf

In TLSX_SupportedFFDHE_Set, free TLSX list if TLSX_PopulateSupportedGroups fails

view details

Ethan Looney

commit sha dfde73620ccba0d431b9acbdb3948a202542125e

Added if defined cases for tests using hashes

view details

toddouska

commit sha 514254e294c9cc3bd61a477ebad51cf900b1f58a

Merge pull request #3069 from SparkiDev/gnu-stack Add section to asm files to avoid exe stack

view details

toddouska

commit sha b8314a70f953cbab87a87449b80488df4413b9c2

Merge pull request #3089 from kaleb-himes/ZD10539_LICENSING Add or later verbage to LICENSING and sync header license versions

view details

toddouska

commit sha 301e5c03b964f62b4e20fe26e40bae63794b5b20

Merge pull request #3097 from SparkiDev/sp_int_mul_of Fix SP int size of result checks

view details

Ethan Looney

commit sha 1b7a96627c89c21a083173da4425b1c24ca62103

Changed formatting

view details

Ethan Looney

commit sha 296b562113f9e73b841fa68ad9a4351e9de5045e

Fixed formatting and forgotten curly bracket

view details

Sean Parkinson

commit sha 80246dfbc370840e13a7f177803c958a7dbc7218

Merge pull request #3102 from guidovranken/free-tlsx In TLSX_SupportedFFDHE_Set, free TLSX list if TLSX_PopulateSupportedG…

view details

Chris Conlon

commit sha 6196698d8b3d8c2338a193bcb73ead7550befe96

Merge pull request #3099 from ethanlooney/eighth_branch Added unit tests to sha256.c for sha224 and sha256.

view details

toddouska

commit sha c8dcd59565ba0ea782236191a70e34a2c1eab9ec

Merge pull request #3082 from JacobBarthelmeh/Testing restrict the cert version allowed

view details

push time in 9 days

issue openedngageoint/Spectral-Library-Reader

Infinite loop in SpectralData::aGetSpectralRecord

https://github.com/ngageoint/Spectral-Library-Reader/blob/621aa96883577f4ef2023f810d2ba1797126210e/SpectralData.cpp#L45-L73

Input data can be such that lContinuationCount is never incremented, and the same records keeps getting retrieved at line 71, and the do { } while () loop is never broken out of.

This can occur when processing untrusted input.

created time in 9 days

issue openedngageoint/Spectral-Library-Reader

Memory violations in SpectralData methods

In SpectralData, there are several places where array elements are accessed in a for loop.

While the involved arrays (wavelengths and reflectances) are hardcoded to hold 5000 elements, the array index can exceed this value, and memory violations (read and write) can occur when parsing untrusted data.

In the following places, i can be >= 5000:

https://github.com/ngageoint/Spectral-Library-Reader/blob/621aa96883577f4ef2023f810d2ba1797126210e/SpectralData.cpp#L86 https://github.com/ngageoint/Spectral-Library-Reader/blob/621aa96883577f4ef2023f810d2ba1797126210e/SpectralData.cpp#L125

created time in 9 days

issue openedngageoint/Spectral-Library-Reader

Memory leak: USGS_SpectralDataReader::mRecords is never freed

USGS_SpectralDataReader::aCreateRecord allocates memory using new: https://github.com/ngageoint/Spectral-Library-Reader/blob/621aa96883577f4ef2023f810d2ba1797126210e/USGS_SpectralDataReader.cpp#L206

This memory is however never freed, causing a memory leak.

created time in 9 days

pull request commentgoogle/oss-fuzz

[cryptofuzz] Build script updates

Adding Marina, requested by @msprotz

guidovranken

comment created time in 10 days

push eventguidovranken/oss-fuzz

Guido Vranken

commit sha f33a8ff365638e9f5c6079fb6c306849ee42cdf8

[cryptofuzz] Add Marina Polubelovam to CC list

view details

push time in 10 days

PR opened google/oss-fuzz

[cryptofuzz] Build script updates
  • Update mbed TLS repository location
  • mbed TLS: Enable components disabled by default
  • wolfCrypt: Build AES key wrap ciphers
+11 -6

0 comment

2 changed files

pr created time in 10 days

create barnchguidovranken/oss-fuzz

branch : cryptofuzz-build-script-update

created branch time in 10 days

push eventguidovranken/oss-fuzz

Guido Vranken

commit sha 7e58bb137b0fa12f293d5272265b26c02469b63d

[python3-libraries] Fix build (#3869)

view details

Abhishek Arya

commit sha 854bc5f736a3c847d8b1a26921b5e8825e8d45be

Use latest git version. (#3870) Adds features needed by firefox and spidermonkey-ufi builds.

view details

Luca Boccassi

commit sha dfa5a7976f1bfeedbddac27e71d80a6c840745ca

libzmq: fix MSAN (#3868) * libzmq: build libsodium with --disable-asm to avoid false positives in MSAN checks * libzmq: set autoconf install prefix to avoid /usr/local being added to the linker library paths A non-working version of the standard library is installed in oss-fuzz's images under /usr/local/lib. Using it breaks MSAN's tests with false positives. Set the prefix in autoconf to something different from the default /usr/local, as /lib is added by autoconf automatically to the linker flags, which means this broken standard library is used instead of the instrumented one in /usr/lib.

view details

Oliver Chang

commit sha 9ac361c149923fad3028a3444bddede9d5c96a9d

build_specified_commit: revert to using cp. (#3871) rsync seems to have disappeared in the latest images somehow, and we can't rely on it always existing.

view details

Abhishek Arya

commit sha d70af2fc967e103cd2e30b8a5df95697fffc5aec

Don't add sanitizer=coverage in RUSTFLAGS

view details

Catena cyber

commit sha b2d6eadcbdf55dc1356048bb69ab5564d5590be9

Remove libpcap patch merged upstream (#3865)

view details

Abhishek Arya

commit sha 8ce95adeace79f552357d260a8e6557b1fa43e96

Install Python 3.8.3 on builder image. (#3874) Part of fixing #3756.

view details

Robert Löhning

commit sha e41dd0e6420cdd62af3a17d17f21697c79c663f1

[qt] Get a shallow clone of qtbase (#3872) Reduces the size by nearly 200 MB

view details

Robert Löhning

commit sha 77fd079da7b202ef777d7b995bf70592febb8ed5

[qt] Add fuzzer for QImage::loadFromData() (#3873)

view details

Abhishek Arya

commit sha 29eabc746fdfad55a8090b19cd035f240b27a753

Fix jsoncpp build

view details

Oliver Chang

commit sha 1778067c4bf822213d795be571de1b4d9b6ea22b

build_specified_commit: Don't replace gitdir if already relative. (#3875) Upgraded git broke this.

view details

Kevin Lubick

commit sha 56770c7f56bfda38358c6cfe9469d2607a97125d

[skia] Speculative build fix (#3847)

view details

Randy

commit sha 4ef2d5c359d305e46b8ded3585a9f66c24f17930

[stb] extend code coverage for stb_image (#3784) * [stb] extend code coverage for stb_image * remove wget's from build.sh * add wget's to Dockerfile * fix Dockerfile

view details

neildhar

commit sha 5b5937db45989ca6ace93e5978fe67e8b925f32d

[hermes] Fix coverage build (#3877)

view details

Will

commit sha 8ed0a72c7b70eefb53580ed0245ed2aa28b9b835

Update email address to non-alias for clusterfuzz login (#3878)

view details

asraa

commit sha fc2236c22aed0a8adc07e35d4d7b4b7afa4177e4

add hosts and interns (#3879) Signed-off-by: Asra Ali <asraa@google.com>

view details

Robert Löhning

commit sha d942fb96578f5492e3e473ba32b66b8d219c0dde

[qt] Don't install build-essential (#3880) It's in base-builder now.

view details

neildhar

commit sha 801aeb5a14eb49cd6c7001b928fb8b06a50047cc

[hermes] Add CC for issues (#3882)

view details

Evgeny Vereshchagin

commit sha d638fac80c5287db8e85cabd3c5f2cd867494e6e

[systemd] turn off hongfuzz (#3889) See https://github.com/google/oss-fuzz/issues/3887

view details

Abhishek Arya

commit sha 4f9383f50c451f7ece4302ab9f8a99a713137e64

Remove libbz2-dev dependency installed in base-builder for python3 (#3890) * Remove libbz2-dev dependency installed in base-builder for python3 Fixes #3888

view details

push time in 10 days

PR opened wolfSSL/wolfssl

In TLSX_SupportedFFDHE_Set, free TLSX list if TLSX_PopulateSupportedG…

…roups fails

+3 -1

0 comment

1 changed file

pr created time in 11 days

create barnchguidovranken/wolfssl

branch : free-tlsx

created branch time in 11 days

push eventguidovranken/wolfssl

toddouska

commit sha c2e5991b50a7b18517d47ae556134fbb9a6d9eb6

Merge pull request #2681 from ejohnstown/crl-skid Find CRL Signer By AuthKeyId

view details

toddouska

commit sha 74a8fbcff457f3a1d15322b78896ea127b9d47f3

Merge pull request #2666 from SparkiDev/b64_dec_fix Bade64_Decode - check out length (malformed input)

view details

toddouska

commit sha b89121236f18b3d9c32a00977b3ef753cd10b29d

Merge pull request #2635 from dgarske/async_date Fix for async date check issue

view details

toddouska

commit sha 5a04ee0d8bb2967fe9f6da6c431e435f1c6fcedf

Merge pull request #2640 from dgarske/alt_chain Fixes for Alternate chain processing

view details

kaleb-himes

commit sha 2607cf342933bc315802ea07f7ac88fcccd1b25e

Fix up based on peer feedback

view details

John Safranek

commit sha 6c6d72e4d64b26a6e8f02d61db691857b9a853c1

Find CRL Signer By AuthKeyId When looking up the signer of the CRL by SKID/AKID, also verify that the CRL issuer name matches the CA's subject name, per RFC 5280 section 4.1.2.6.

view details

Eric Blankenhorn

commit sha 52893877d7519b52d5bf1daf133690b2d8fc6fda

Fixes from review

view details

David Garske

commit sha c05429392611d150e0a8a0da7547d8129a373f15

Merge pull request #2684 from JacobBarthelmeh/build-tests fix for g++ build warning

view details

toddouska

commit sha 573d045437f06a9ef04e790c13c698061b59c085

Merge pull request #2682 from SparkiDev/akid_name_check Check name hash after matching AKID

view details

toddouska

commit sha 0057eb16f84bcc8e4c0a0f4144b8e8d119073263

Merge pull request #2686 from ejohnstown/crl-skid Check name hash after matching AKID for CRL

view details

David Garske

commit sha 031e78e103e0cd5392cb7523470f82f778c43706

Merge pull request #2606 from kaleb-himes/DOCS_UPDATE_19_NOV_2019 Add dox documentation for wc_ecc_make_key_ex

view details

toddouska

commit sha 531fedfbb43260bed94894f46c66da195e5e6f5e

Merge pull request #2687 from ejohnstown/dtls-cap DTLS Handshake Message Cap

view details

toddouska

commit sha 6922d7031c62f97ee6853443abd19f0d450002b0

Merge pull request #2685 from embhorn/coverity_fixes Coverity fixes

view details

Sean Parkinson

commit sha 64a1045dc391aa7dd2efa96841ebeff818887b3f

Cleanup ParseCertRelative code Fix for case: - can't find a signer for a certificate with the AKID - find it by name Has to error as the signer's SKID is always set for signer and would have matched the AKID. Simplify the path length code - don't look up CA twice. Don't require the tsip_encRsaKeyIdx field in DecodedCert when !WOLFSSL_RENESAS_TSIP - use local variable.

view details

kaleb-himes

commit sha 95c0c1f2a541d40463a1c09636993ecc133297bc

use const to declare array rather than variable sz - VS doesn't like this

view details

Sean Parkinson

commit sha 36f697c93ddc6a6e5714f6965b8566d0bfd434c7

Fix SP to build for different configurations Was failing: --enable-sp --enable-sp-math --enable-sp --enable-sp-math --enable-smallstack

view details

JacobBarthelmeh

commit sha e10ace21df54b25481cbf5e1410dfd33faa23aff

Merge pull request #2690 from SparkiDev/sp_int_fixes_1 Fix SP to build for different configurations

view details

David Garske

commit sha 2aa8fa2de688b93c5efd21145c6b899b53eb2da9

Merge pull request #2688 from kaleb-himes/GH2552 use const to declare array rather than variable sz - VS doesn't like …

view details

toddouska

commit sha 3342a19e29f484af1c11b68285417f38ef99ac9a

Merge pull request #2578 from cariepointer/ZD-9478-and-9479 Add sanity checks for parameters in wc_scrypt and wc_Arc4SetKey

view details

toddouska

commit sha 51f956490f54e4a11020f09817e238cd16b0f92e

Merge pull request #2661 from SparkiDev/parse_cert_rel_fixes Cleanup ParseCertRelative code

view details

push time in 11 days

pull request commentwolfSSL/wolfssl

Fix div implementation in SP int

@SparkiDev

This breaks clang x86 (32 bit) compilation:

CC=clang CFLAGS="-m32" ./configure --enable-static --disable-examples --disable-crypttests --enable-sp --enable-sp-math && make -j12
wolfcrypt/src/sp_int.c:931:33: error: implicit conversion loses integer precision: 'sp_int_sword' (aka 'long long') to 'sp_int_digit' (aka 'unsigned int') [-Werror,-Wshorten-64-to-32]
                sa->dp[j + o] = sw;
SparkiDev

comment created time in 12 days

push eventguidovranken/VulnerabilitiesLab

Guido Vranken

commit sha efd75d6dcac9f674e853cb45eefef9bfd409a80a

libm-cve-2020-10029: Reference project in README.md

view details

push time in 17 days

create barnchguidovranken/VulnerabilitiesLab

branch : libm-cve-2020-10029

created branch time in 17 days

push eventguidovranken/VulnerabilitiesLab

Guido Vranken

commit sha 79d4538c9ed4b8b6c227a1f02193339889cfac12

Fix documentation error

view details

David Brumley

commit sha cebe871cc54776f3b6450cefb71f2fa2995bdb89

Merge pull request #1 from guidovranken/fix-documentation-error Fix documentation error

view details

Adam Van Prooyen

commit sha 8e49dcb759f2073231ee957acc6c4e0716c70f7a

Add sthttpd mayhem target and crashing input

view details

Adam Van Prooyen

commit sha a4acb7e4a6f4a670f81a050c2d343814bdf0c7f5

Move push logic from docker_publish to external script in .github

view details

Adam Van Prooyen

commit sha 181f1026575487b29ab8bc9d6e121fb19f1e34d9

Add netflix cve Dockerfile/mayhemfile/dictionary

view details

David Brumley

commit sha 9af3fdd9fac9fa95e520694e35231617b5f29cd2

Merge pull request #3 from sciencemanx/update-docker-publish Move push logic from docker_publish to external script in .github

view details

Adam Van Prooyen

commit sha c0ac8fac535c3ea09f93c8accb07a2dd79890684

Merge branch 'master' of https://github.com/ForAllSecure/VulnerabilitiesLab into add-sthttpd-cve

view details

Adam Van Prooyen

commit sha b263589ee43201b598cf8a3ba1da94da05582cbd

Add sthttpd to docker_publish.yml

view details

David Brumley

commit sha 28dc5ba2bd2440d675953fa998b8eda28b43b21b

Fixed docker push script to use git reference

view details

Adam Van Prooyen

commit sha c7157bf79998d61ba8305a8674312412696790f2

Add sthttpd link to main readme

view details

Adam Van Prooyen

commit sha 2a30f7dc0d8e7894453dc6064dcdd8651b4f893c

Add readme for sthttpd

view details

Adam Van Prooyen

commit sha 0d695ba5f378e93e2f157029d09142e18fb3bff4

Update mayhemfile to have time to repro

view details

Adam Van Prooyen

commit sha e5dc3714743472075dfcbeb091679b549325ca42

Merge branch 'master' into add-sthttpd-cve

view details

Adam Van Prooyen

commit sha 19289cfa36a3ee38cd27b8cd3134aeaf75cfca62

Fix links to projects from main readme

view details

Adam Van Prooyen

commit sha 94a9b1aae26c78485b669cc6c342c4dcd6941678

Merge branch 'add-sthttpd-cve' of https://github.com/sciencemanx/VulnerabilitiesLab into add-sthttpd-cve

view details

Adam Van Prooyen

commit sha 466ecfecd6cc20baec32d65edfae205f47576c10

Add crashing input poc to dial

view details

Adam Van Prooyen

commit sha 538aa658dc6329c0248fd66d3f241d42350a9ff9

Add starting corpus

view details

Adam Van Prooyen

commit sha 43adfe44129e997811efb019d122fc43594c7717

Add login.sh to only log into docker if creds provided

view details

Adam Van Prooyen

commit sha f9b0d66375b0af4b52c8549de9ef663e59cd203c

Update push.sh to only push if logged in

view details

Adam Van Prooyen

commit sha d92956ca224e69c7e02839b84d4f1354da30be6a

Use login.sh instead of direct command in docker_publish.yml

view details

push time in 17 days

issue closedgoogle/oss-fuzz

Make JavaScript corpora public

From what I've been reading, I understood that you are using a custom fuzzing construct for fuzzing JavaScript engines, like the projects spidermonkey and jsc. I cannot seem to access the corpora for these fuzzers though. They should normally be accessible at these URLs:

https://console.cloud.google.com/storage/browser/_details/spidermonkey-backup.clusterfuzz-external.appspot.com/corpus/libFuzzer/spidermonkey_js_fuzzer/public.zip https://console.cloud.google.com/storage/browser/_details/jsc-backup.clusterfuzz-external.appspot.com/corpus/libFuzzer/jsc_js_fuzzer/public.zip

But there is nothing there. Is it possible that you publish the (3 months old) corpora for these fuzzers? They would be invaluable as a seed corpus for separate JavaScript engine fuzzing efforts.

Thanks!

closed time in 22 days

guidovranken

pull request commentopenssl/openssl

KDF: Introduce Argon2i, Argon2d, Argon2id

I tested this again with Cryptofuzz. Verifying against Botan's ARGON2 implementation. So far, output appears to be correct in all cases.

It found a minor flaw:

providers/implementations/kdfs/argon2.c:1128:12: runtime error: null pointer passed as argument 1, which is declared to never be null
/usr/include/string.h:43:28: note: nonnull attribute specified here

You can add return 1 to kdf_argon2_derive if outlen is 0 to circumvent this.

Once this is merged, long term fuzzing at OSS-Fuzz should bring to light any remaining issues.

ckalina

comment created time in 22 days

push eventguidovranken/cryptofuzz

Guido Vranken

commit sha b5921574d7ed12ff9ac3015aa919f7a992c14346

Nettle module: Various additions

view details

push time in a month

push eventguidovranken/cryptofuzz

Guido Vranken

commit sha 914bd6c62d1e9c47d232efeed960e55d78628968

libgcrypt module: Support SM4

view details

push time in a month

push eventguidovranken/cryptofuzz

Guido Vranken

commit sha 9c88ace1bbfa1964f5726b8a4290ef4e55005214

Docs: Improve build scripts

view details

push time in a month

push eventguidovranken/cryptofuzz

Guido Vranken

commit sha 27a32a5381e525de5646bb23898a1748cd09172a

OpenSSL module: Use new style OpenSSL function names

view details

push time in a month

issue commentgoogle/oss-fuzz

Make JavaScript corpora public

Thank you for your insightful response Jonathan.

Thank you both. Tangential but are you running any project that fuzzes v8 with a default libFuzzer setup (with no restraint for generating incorrect grammer)?

Yes. The fuzzer is called v8_fully_instrumented_fuzzer (source, bugs)

Is this corpus public? 3 months old is fine. (Sorry, I'm new to browser fuzzing).

Having a Spidermonkey eval() fuzzer not only benefits Spidermonkey but all JS engines, as we can periodically run each interpreter on the corpus. This is how I found the V8 bug. My Spidermonkey corpus currently reaches a libFuzzer 'cov: ' value of 18435 (built with -fsanitize=fuzzer-no-link)

Right, but how much of this is initialization or garbage collection/other things that are non-deterministic ?

Difficult to tell precisely but I've observed only some 50 or so cov points variance across runs on the same corpus, and the coverage durably increases from consecutive runs.

It has found a few bugs now that the existing internal and external testing efforts (apparently) did not find. But if you don't want to do this that's fine and you can close this issue.

guidovranken

comment created time in a month

fork guidovranken/js-vuln-db

A collection of JavaScript engine CVEs with PoCs

fork in a month

issue commentgoogle/oss-fuzz

Make JavaScript corpora public

It has found a Spidermonkey memory bug now.

guidovranken

comment created time in a month

issue commentgoogle/oss-fuzz

Make JavaScript corpora public

Thank you both. Tangential but are you running any project that fuzzes v8 with a default libFuzzer setup (with no restraint for generating incorrect grammer)?

I see the value in grammar-based fuzzers for JS, but a generic libFuzzer approach is not without merit entirely I think.

In fact, I've been fuzzing Spidermonkey based on a seed corpus of hundreds of thousands of JS and WASM files. This found a few minor bugs (including the DoS bug in V8 that I reported to Jonathan).

Is integrating this Spidermonkey fuzzer eligible for the integration bounty? It is libFuzzer based (using a modified version of https://github.com/mozilla/gecko-dev/blob/master/js/src/fuzz-tests/parsing-evaluate.js) and I will include the (minimized) corpus that I've built so far.

The current Spidermonkey project on OSS-Fuzz uses your blackbox fuzzer as far as I can tell.

There is also spidermonkey-ufi but as far as I can tell it does not perform eval() fuzzing.

Is the QuickJS project based on the blackbox fuzzer or not? If not, we can cross-pollinate if both parties (Mozilla/Bellard) consent to possibly give both projects a coverage boost.

Having a Spidermonkey eval() fuzzer not only benefits Spidermonkey but all JS engines, as we can periodically run each interpreter on the corpus. This is how I found the V8 bug.

My Spidermonkey corpus currently reaches a libFuzzer 'cov: ' value of 18435 (built with -fsanitize=fuzzer-no-link)

guidovranken

comment created time in a month

issue openedgoogle/oss-fuzz

Make JavaScript corpora public

From what I've been reading, I understood that you are using a custom fuzzing construct for fuzzing JavaScript engines, like the projects spidermonkey and jsc. I cannot seem to access the corpora for these fuzzers though. They should normally be accessible at these URLs:

https://console.cloud.google.com/storage/browser/_details/spidermonkey-backup.clusterfuzz-external.appspot.com/corpus/libFuzzer/spidermonkey_js_fuzzer/public.zip https://console.cloud.google.com/storage/browser/_details/jsc-backup.clusterfuzz-external.appspot.com/corpus/libFuzzer/jsc_js_fuzzer/public.zip

But there is nothing there. Is it possible that you publish the (3 months old) corpora for these fuzzers? They would be invaluable as a seed corpus for separate JavaScript engine fuzzing efforts.

Thanks!

created time in a month

push eventguidovranken/cryptofuzz

Guido Vranken

commit sha e111c9f8e9fab8b4abfb38883de8af0587995d24

Remove duplicate semicolons after statements

view details

push time in a month

push eventguidovranken/cryptofuzz

Guido Vranken

commit sha b09d33d0ab99330690b985da9658eb8ab75e1b0b

README.md: Update bug list

view details

push time in a month

push eventguidovranken/cryptofuzz

Guido Vranken

commit sha 432ae5e2fbc041ce4e247291fb087cba3d6ac1f5

Crypto++ module: Support AES GCM,CCM

view details

Guido Vranken

commit sha 857fb75b712358044b5d9f31f2295f3b05db41a2

Crypto++ module: Support (X)ChaCha20-Poly1305

view details

push time in a month

issue openedweidai11/cryptopp

AES GCM encryption with large tag size results in incorrect output, out-of-bounds reads

The code below is essentially the same as the example at https://www.cryptopp.com/wiki/GCM_Mode#AEAD except that the tag size is configurable using a compiler define.

The following anomalies were observed with fuzz testing:

  • Compile with -DTAG_SIZE=32 to observe that encryption succeeds, but subsequent decryption does not
  • Compile with -DTAG_SIZE=200 to observe out-of-bounds reads (use Valgrind or AddressSanitizer)
#include <cassert>
#include <gcm.h>
#include <aes.h>
#include <iostream>
#include <filters.h>
using namespace std;
using namespace CryptoPP;

int main(void)
{
    byte key[32]; memset( key, 0, sizeof(key) );
    byte iv[12]; memset( iv, 0, sizeof(iv) );

    string adata( 16, (char)0x00 );
    string pdata( 16, (char)0x00 );

    // Encrypted, with Tag
    string cipher, encoded;

    // Recovered (decrypted)
    string radata, rpdata;

    /*********************************\
      \*********************************/

    try
    {
        GCM< AES >::Encryption e;
        e.SetKeyWithIV( key, sizeof(key), iv, sizeof(iv) );

        // AuthenticatedEncryptionFilter defines two
        //   channels: DEFAULT_CHANNEL and AAD_CHANNEL
        //   DEFAULT_CHANNEL is encrypted and authenticated
        //   AAD_CHANNEL is authenticated
        AuthenticatedEncryptionFilter ef( e,
                new StringSink( cipher ), false,
                TAG_SIZE /* MAC_AT_END */
                ); // AuthenticatedEncryptionFilter

        // Authenticated data *must* be pushed before
        //  Confidential/Authenticated data. Otherwise
        //  we must catch the BadState exception
        ef.ChannelPut( AAD_CHANNEL, (const unsigned char*)adata.data(), adata.size() );
        ef.ChannelMessageEnd(AAD_CHANNEL);

        // Confidential data comes after authenticated data.
        // This is a limitation due to CCM mode, not GCM mode.
        ef.ChannelPut( DEFAULT_CHANNEL, (const unsigned char*)pdata.data(), pdata.size() );
        ef.ChannelMessageEnd(DEFAULT_CHANNEL);
        printf("Encryption succeeded\n");
    }
    catch( CryptoPP::Exception& e )
    {
        cerr << "Caught Exception..." << endl;
        cerr << e.what() << endl;
        cerr << endl;
        return 0;
    }


    try
    {
        GCM< AES >::Decryption d;
        d.SetKeyWithIV( key, sizeof(key), iv, sizeof(iv) );

        // Break the cipher text out into it's
        //  components: Encrypted and MAC
        string enc = cipher.substr( 0, cipher.length()-TAG_SIZE );
        string mac = cipher.substr( cipher.length()-TAG_SIZE );

        // Sanity checks
        assert( cipher.size() == enc.size() + mac.size() );
        assert( enc.size() == pdata.size() );
        assert( TAG_SIZE == mac.size() );

        // Not recovered - sent via clear channel
        radata = adata;

        // Object *will* throw an exception
        //  during decryption\verification _if_
        //  verification fails.
        AuthenticatedDecryptionFilter df( d, NULL,
                AuthenticatedDecryptionFilter::MAC_AT_BEGIN | AuthenticatedDecryptionFilter::THROW_EXCEPTION, TAG_SIZE );

        // The order of the following calls are important
        df.ChannelPut( DEFAULT_CHANNEL, (const unsigned char*)mac.data(), mac.size() );
        df.ChannelPut( AAD_CHANNEL, (const unsigned char*)adata.data(), adata.size() );
        df.ChannelPut( DEFAULT_CHANNEL, (const unsigned char*)enc.data(), enc.size() );

        // If the object throws, it will most likely occur
        //   during ChannelMessageEnd()
        df.ChannelMessageEnd( AAD_CHANNEL );
        df.ChannelMessageEnd( DEFAULT_CHANNEL );

        // If the object does not throw, here's the only
        //  opportunity to check the data's integrity
        bool b = false;
        b = df.GetLastResult();
        assert( true == b );

        // Remove data from channel
        string retrieved;
        size_t n = (size_t)-1;

        // Plain text recovered from enc.data()
        df.SetRetrievalChannel( DEFAULT_CHANNEL );
        n = (size_t)df.MaxRetrievable();
        retrieved.resize( n );

        if( n > 0 ) { df.Get( (byte*)retrieved.data(), n ); }
        rpdata = retrieved;
        assert( rpdata == pdata );

        // All is well - work with data
        cout << "Decrypted and Verified data. Ready for use." << endl;
        cout << endl;

        cout << "adata length: " << adata.size() << endl;
        cout << "pdata length: " << pdata.size() << endl;
        cout << endl;

        cout << "recovered adata length: " << radata.size() << endl;
        cout << "recovered pdata length: " << rpdata.size() << endl;
        cout << endl;
    }
    catch( CryptoPP::Exception& e )
    {
        cerr << "Caught Exception..." << endl;
        cerr << e.what() << endl;
        cerr << endl;
        return 0;
    }
    return 0;
}

created time in a month

push eventguidovranken/cryptofuzz

Guido Vranken

commit sha 857fb75b712358044b5d9f31f2295f3b05db41a2

Crypto++ module: Support (X)ChaCha20-Poly1305

view details

push time in a month

create barnchguidovranken/cryptofuzz

branch : cryptopp-aes-gcm-ccm

created branch time in a month

push eventguidovranken/cryptofuzz

Guido Vranken

commit sha df1bb6ae78a1003b0d82ccea1e6c1c34da385011

README.md: Update bug list

view details

push time in a month

issue commentopenssl/openssl

OpenSSL 1.1.1 AES key wrap ciphers use-after-free

This is the LibreSSL fix for this bug: https://github.com/openbsd/src/commit/f72711c6fb8692f12b01b3a3b7f54687729f6f9b

guidovranken

comment created time in a month

issue openedopenssl/openssl

OpenSSL 1.1.1 AES key wrap ciphers use-after-free

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23014

This OSS-Fuzz bug triggered only in LibreSSL, not OpenSSL, because OpenSSL master branch is not affected, but the 1.1.1 branch is.

This is a different bug than https://github.com/openssl/openssl/issues/12014

Compile the following poc against the OpenSSL_1_1_1 branch.

#include <openssl/evp.h>

#define CF_CHECK_EQ(expr, res) if ( (expr) != (res) ) { goto end; }
#define CF_CHECK_GTE(expr, res) if ( (expr) < (res) ) { goto end; }
int main(void)
{
const unsigned char key[16] = { 0 };
const unsigned char iv[8] = { 0 };
unsigned char cleartext[16] = { 0 };
unsigned char out[1024];
int len = -1;
EVP_CIPHER_CTX* ctx = EVP_CIPHER_CTX_new();
EVP_CIPHER_CTX* ctx2 = NULL;
const EVP_CIPHER* cipher = EVP_aes_128_wrap();
OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW);

CF_CHECK_EQ(EVP_EncryptInit_ex(ctx, cipher, NULL, NULL, NULL), 1);

CF_CHECK_EQ(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv), 1);

/* Duplicate the ctx */
ctx2 = EVP_CIPHER_CTX_new();
CF_CHECK_EQ(EVP_CIPHER_CTX_copy(ctx2, ctx), 1);
EVP_CIPHER_CTX_free(ctx);
ctx = ctx2;


/* "the amount of data written may be anything from zero bytes to (inl + cipher_block_size - 1)" */
CF_CHECK_GTE(sizeof(out), sizeof(cleartext) + EVP_CIPHER_block_size(cipher) - 1);
CF_CHECK_EQ(EVP_EncryptUpdate(ctx, out, &len, cleartext, sizeof(cleartext)), 1);
end:
return 0;
}

created time in a month

push eventguidovranken/cryptofuzz

Guido Vranken

commit sha 57f70505254cda0fde38d20da50a9686d0b8875a

README.md: Update bug list

view details

push time in a month

create barnchguidovranken/VulnerabilitiesLab

branch : fix-documentation-error

created branch time in a month

fork guidovranken/VulnerabilitiesLab

Reproduce CVEs from ForAllSecure Vulnerabilities Lab

fork in a month

issue commentgoogle/oss-fuzz

JavaScript fuzzers

Structure aware fuzzing will be eligible for high rewards.

What is this? Structured fuzzing of Javascript projects is eligible for higher rewards than normal?

I am curious if you can add javascript fuzzing with chromium d8 shell or any browser js shell, that would be a nice project to add in OSS-Fuzz.

I've previously spent a considerable amount of time to extract a coverage signal from V8 and Chakra but due to the underlying JIT magic I wasn't able to do it. I eventually settled on Fabrice Bellard's QuickJS which only is an interpreter, not a JIT. Source code is here (needs a little work but generally works as expected). My intention was to use this for fuzzing Javascript projects on OSS-Fuzz.

simple stuff, start with any popular image or video parsers (things that have low coverage).

I'm gonna look for a project to fuzz.

guidovranken

comment created time in a month

issue closedgoogle/oss-fuzz

zbar barcode scanner integration

http://zbar.sourceforge.net/

This project is apparently dead but the code is probably used in a lot of software/devices. Someone forked it: https://github.com/mchehab/zbar but at least Ubuntu still uses the sourceforge one as upstream.

I have a fuzzer + corpus ready and it's finding bugs.

Questions:

  • Is this eligible for integration?
  • Do you prefer the fork or the original, or both?
  • Who should receive the bug reports. Maybe major Linux distribution maintainers?

closed time in a month

guidovranken

issue commentgoogle/oss-fuzz

zbar barcode scanner integration

Thank you @inferno-chromium . I've decided not to follow through with this. I've asked around, but I'd end up dedicating more time forwarding bug reports and asking for fixes than writing the fuzzers. Closing this.

guidovranken

comment created time in a month

push eventguidovranken/cryptofuzz

Guido Vranken

commit sha 65d7aca879ee557b80ebc9b06cea0a3197b91e64

OpenSSL module: Set flag for wrap ciphers

view details

push time in a month

issue openedopenssl/openssl

Heap-buffer-overflow in CRYPTO_128_wrap

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22836


#include <openssl/evp.h>
--
 
#define CF_CHECK_EQ(expr, res) if ( (expr) != (res) ) { goto end; }
#define CF_CHECK_GTE(expr, res) if ( (expr) < (res) ) { goto end; }
int main(void)
{
const unsigned char key[16] = { 0 };
const unsigned char iv[8] = { 0 };
unsigned char cleartext[16] = { 0 };
unsigned char out[23];
int len = -1;
EVP_CIPHER_CTX* ctx = EVP_CIPHER_CTX_new();
const EVP_CIPHER* cipher = EVP_aes_128_wrap();
OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
CF_CHECK_EQ(EVP_EncryptInit_ex(ctx, cipher, NULL, NULL, NULL), 1);
CF_CHECK_EQ(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv), 1);
/* "the amount of data written may be anything from zero bytes to (inl + cipher_block_size - 1)" */
CF_CHECK_GTE(sizeof(out), sizeof(cleartext) + EVP_CIPHER_block_size(cipher) - 1);
CF_CHECK_EQ(EVP_EncryptUpdate(ctx, out, &len, cleartext, sizeof(cleartext)), 1);
end:
return 0;
}

created time in a month

push eventguidovranken/cryptofuzz

Guido Vranken

commit sha 59561bb573302d4115428cf5c249c99637a9ccec

wolfCrypt module: Support AES-CFB, AES-OFB, multi-part ChaCha20-Poly1305

view details

push time in 2 months

create barnchguidovranken/oss-fuzz

branch : cryptofuzz-wolfcrypt-aescfb-aesofb

created branch time in 2 months

create barnchguidovranken/cryptofuzz

branch : wolfcrypt-module-extensions

created branch time in 2 months

push eventguidovranken/cryptofuzz

Guido Vranken

commit sha 3114ed52027aa438a6e99c52bd86cd432cc614a4

libgcrypt module: Support CBC

view details

push time in 2 months

startedForAllSecure/VulnerabilitiesLab

started time in 2 months

issue commentopenssl/openssl

CMAC EVP_aes_128_xts() outputs uninitialized memory

That's what I suspected. Let me know if you want me to skip CMAC+XTS in Cryptofuzz.

guidovranken

comment created time in 2 months

issue openedopenssl/openssl

CMAC EVP_aes_128_xts() outputs uninitialized memory

OSS-Fuzz #22453

#include <openssl/cmac.h>
#define CF_CHECK_EQ(expr, res) if ( (expr) != (res) ) { goto end; }
int main(void)
{
    OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
    unsigned char key[32] = {0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0xff};
    unsigned char cleartext[32] = { 0 };
    CMAC_CTX* ctx = CMAC_CTX_new();
    CF_CHECK_EQ(CMAC_Init(ctx, key, sizeof(key), EVP_aes_128_xts(), NULL), 1);
    CF_CHECK_EQ(CMAC_Update(ctx, cleartext, sizeof(cleartext)), 1);
    {
        size_t len = 0;
        uint8_t out[EVP_MAX_MD_SIZE];
        CF_CHECK_EQ(CMAC_Final(ctx, out, &len), 1);
        if ( len ) {
            printf("%02X\n", out[0]);
        }
    }
end:
    return 0;
}

out[0] will be uninitialized upon printing it, which you can verify with valgrind.

created time in 2 months

PR opened google/oss-fuzz

[python3-libraries] Fix build
+0 -1

0 comment

1 changed file

pr created time in 2 months

create barnchguidovranken/oss-fuzz

branch : fix-python3-libraries-build

created branch time in 2 months

push eventguidovranken/oss-fuzz

Guido Vranken

commit sha 5ccca1f9312cc313eb6a1904218fa320ba29e351

[cryptofuzz] Add Microsoft SymCrypt (#3826)

view details

AdamKorcz

commit sha 0e2df024ed6b3e16af9d1b4af469a8d6f6a84c58

[gRPC-gateway] Initial integration (#3807)

view details

Zhicheng Cai

commit sha 6b9b08eb601c69a3c67366e0fe0c31b54f7427d5

[doc] Update new_project_guide.md (#3828)

view details

Daniel Salzman

commit sha 261abce8574986579d01322113014381a09050ba

[knot-dns] link against liblmdb statically (#3797) Relates to https://gitlab.labs.nic.cz/knot/knot-dns/-/commit/d4ec3a3aa8b7e2ba4d196e2f7984173069e3d91b Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22191

view details

Abhishek Arya

commit sha 4f7cf1b33480a56e51008ba7498be2bbc1d2df9d

Simplify rust project setup. (#3830) * Simplify rust project setup. - Add rust and cargo-fuzz in base builder. - Set RUSTC_BOOSTRAP to make ASan available. - Set RUSTFLAGS and C,CXXFLAGS properly.

view details

Oliver Chang

commit sha 1e83b88e95ac75364950d4b64a59a80beda229e9

Quick fix for helper.py build_fuzzers. (#3832)

view details

Abhishek Arya

commit sha 22443e5230085291a683dd536e7e84d881333a26

Parse project language and use in infra/helper.py (#3834) * Parse project language and use in infra/helper.py * Fix exception message.

view details

Abhishek Arya

commit sha 3ffe0a9f5a863c9647279167f94076d878683622

Add FUZZING_LANGUAGE to build step. (#3835)

view details

Abhishek Arya

commit sha 9c53cc323a2a3490f74f8993373edf94ae176e7f

Add fuzzing language correctly during compile step. (#3837)

view details

Abhishek Arya

commit sha bc45406906f5ffddf2b82663e7ecdef8ad679db9

Remove unneeded rust hacks after #3830. (#3840)

view details

Abhishek Arya

commit sha c066a4232ff15a899c3974a579714da6638413eb

Fix missing FUZZING_LANGUAGE in coverage build. (#3843)

view details

Abhishek Arya

commit sha 8d5aef84dbf7a29beefa79f0ca62668423922ac7

Use hardcoded FUZZING_LANGUAGE to unbreak CIFuzz. (#3844)

view details

Bhargava Shastry

commit sha 0bf59456ec48469037035de6252cb34b105524ec

solidity: Disable Z3 build in dockerfile (#3831)

view details

Evgeny Vereshchagin

commit sha 0b35444f7360aed7a4e35025b23bccf2b2ddca5c

cifuzz: use pull_request.number instead of GITHUB_REF (#3845) Closes https://github.com/google/oss-fuzz/issues/3732

view details

Nick Fitzgerald

commit sha 703b92adea71c1a219f6d057c1782fda24fc16ad

wasmtime: build fuzz targets with --all-features (#3850) This enables not only the binaryen-using fuzz targets, but also the peepmatic fuzz targets (which is necessary after https://github.com/bytecodealliance/wasmtime/pull/1727).

view details

Oliver Chang

commit sha e8ef6095687d74cdb21bb53531a9667f4f502764

Relax project language requirement. (#3846) This is necessary for the bisector to be able to build older revisions. Print a warning instead.

view details

Luca Boccassi

commit sha 8ca308e0db5269a0d944e1765872ac872fa0f5c9

libzmq: add maintainer, add UBSAN (#3829) * Add another maintainer to libzmq's CC list * Enable UBSAN for libzmq * libzmq: disable afl fuzzer, CI fails * libsodium: do not let libsodium's autogen.sh download files from gnu.org There is no sanity check and if the download fails because gnu.org is down the build fails with unhelpful errors

view details

DavidKorczynski

commit sha 063f7b2e8a66fece8fdefb00d40a77640e30e9d5

Fixed changes added in clang-11.0. (#3852)

view details

dependabot[bot]

commit sha 931b4dea5408c9436edf38525f1f36339efbf075

Bump httplib2 from 0.11.3 to 0.18.0 in /infra/gcb (#3853) Bumps [httplib2](https://github.com/httplib2/httplib2) from 0.11.3 to 0.18.0. - [Release notes](https://github.com/httplib2/httplib2/releases) - [Changelog](https://github.com/httplib2/httplib2/blob/master/CHANGELOG) - [Commits](https://github.com/httplib2/httplib2/compare/v0.11.3...v0.18.0) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

view details

AdamKorcz

commit sha 31ea6533201b0a69ba30539e12ad350e8f9168b9

[TiDB] initial integration (#3849)

view details

push time in 2 months

issue openedgoogle/oss-fuzz

zbar barcode scanner integration

http://zbar.sourceforge.net/

This project is apparently dead but the code is probably used in a lot of software/devices. Someone forked it: https://github.com/mchehab/zbar but at least Ubuntu still uses the sourceforge one as upstream.

I have a fuzzer + corpus ready and it's finding bugs.

Questions:

  • Is this eligible for integration?
  • Do you prefer the fork or the original, or both?
  • Who should receive the bug reports. Maybe major Linux distribution maintainers?

created time in 2 months

issue closedlibressl-portable/portable

OSS-Fuzz builds failing -- issue with update.sh

See the Cryptofuzz and LibreSSL projects here: https://oss-fuzz-build-logs.storage.googleapis.com/index.html

...
...
Step #1: Hunk #1 succeeded at 1657 (offset 1 line).
Step #1: Hunk #2 succeeded at 1822 (offset 1 line).
Step #1: Hunk #3 succeeded at 1833 (offset 1 line).
Step #1: Hunk #4 succeeded at 2724 (offset 1 line).
Step #1: Hunk #5 succeeded at 2792 (offset 1 line).
Step #1: Hunk #6 FAILED at 2817.
Step #1: Hunk #7 succeeded at 2860 (offset 3 lines).
Step #1: 1 out of 7 hunks FAILED -- saving rejects to file tests/tlsexttest.c.rej
Step #1: The command '/bin/sh -c ./update.sh' returned a non-zero code: 1
Finished Step #1

closed time in 2 months

guidovranken

issue commentlibressl-portable/portable

OSS-Fuzz builds failing -- issue with update.sh

Thank you!

guidovranken

comment created time in 2 months

issue openedlibressl-portable/portable

OSS-Fuzz builds failing -- issue with update.sh

See the Cryptofuzz and LibreSSL projects here: https://oss-fuzz-build-logs.storage.googleapis.com/index.html

...
...
Step #1: Hunk #1 succeeded at 1657 (offset 1 line).
Step #1: Hunk #2 succeeded at 1822 (offset 1 line).
Step #1: Hunk #3 succeeded at 1833 (offset 1 line).
Step #1: Hunk #4 succeeded at 2724 (offset 1 line).
Step #1: Hunk #5 succeeded at 2792 (offset 1 line).
Step #1: Hunk #6 FAILED at 2817.
Step #1: Hunk #7 succeeded at 2860 (offset 3 lines).
Step #1: 1 out of 7 hunks FAILED -- saving rejects to file tests/tlsexttest.c.rej
Step #1: The command '/bin/sh -c ./update.sh' returned a non-zero code: 1
Finished Step #1

created time in 2 months

issue commentgoogle/oss-fuzz

CIFuzz seems to be failing with "FUZZING_LANGUAGE: unbound variable"

No worries, just wanted to let you know.

evverx

comment created time in 2 months

issue commentgoogle/oss-fuzz

CIFuzz seems to be failing with "FUZZING_LANGUAGE: unbound variable"

All coverage builds are failing too.

evverx

comment created time in 2 months

issue commentwolfSSL/wolfssl

Cross-compiling with clang with --enable-curve448 fails

Thank you, confirmed fixed.

guidovranken

comment created time in 2 months

issue closedwolfSSL/wolfssl

Cross-compiling with clang with --enable-curve448 fails

Cross-compiling on 64 bit for 32 bit on Linux.

Build procedure:

export CC=clang
export CFLAGS="-m32"
setarch i386 ./configure --enable-curve448
make

Output:

wolfcrypt/src/fe_448.c:1781:13: error: implicit conversion loses integer precision: 'int64_t' (aka 'long long') to 'int32_t' (aka 'int') [-Werror,-Wshorten-64-to-32]
    o = t0  >> 28; t1  += o; t = (int64_t)o << 28; t0  -= t;
      ~ ~~~~^~~~~
wolfcrypt/src/fe_448.c:1782:13: error: implicit conversion loses integer precision: 'int64_t' (aka 'long long') to 'int32_t' (aka 'int') [-Werror,-Wshorten-64-to-32]
    o = t1  >> 28; t2  += o; t = (int64_t)o << 28; t1  -= t;
      ~ ~~~~^~~~~
wolfcrypt/src/fe_448.c:1783:13: error: implicit conversion loses integer precision: 'int64_t' (aka 'long long') to 'int32_t' (aka 'int') [-Werror,-Wshorten-64-to-32]
    o = t2  >> 28; t3  += o; t = (int64_t)o << 28; t2  -= t;
      ~ ~~~~^~~~~
wolfcrypt/src/fe_448.c:1784:13: error: implicit conversion loses integer precision: 'int64_t' (aka 'long long') to 'int32_t' (aka 'int') [-Werror,-Wshorten-64-to-32]
    o = t3  >> 28; t4  += o; t = (int64_t)o << 28; t3  -= t;
      ~ ~~~~^~~~~
wolfcrypt/src/fe_448.c:1785:13: error: implicit conversion loses integer precision: 'int64_t' (aka 'long long') to 'int32_t' (aka 'int') [-Werror,-Wshorten-64-to-32]
    o = t4  >> 28; t5  += o; t = (int64_t)o << 28; t4  -= t;
      ~ ~~~~^~~~~
wolfcrypt/src/fe_448.c:1786:13: error: implicit conversion loses integer precision: 'int64_t' (aka 'long long') to 'int32_t' (aka 'int') [-Werror,-Wshorten-64-to-32]
    o = t5  >> 28; t6  += o; t = (int64_t)o << 28; t5  -= t;
      ~ ~~~~^~~~~
wolfcrypt/src/fe_448.c:1787:13: error: implicit conversion loses integer precision: 'int64_t' (aka 'long long') to 'int32_t' (aka 'int') [-Werror,-Wshorten-64-to-32]
    o = t6  >> 28; t7  += o; t = (int64_t)o << 28; t6  -= t;
      ~ ~~~~^~~~~
wolfcrypt/src/fe_448.c:1788:13: error: implicit conversion loses integer precision: 'int64_t' (aka 'long long') to 'int32_t' (aka 'int') [-Werror,-Wshorten-64-to-32]
    o = t7  >> 28; t8  += o; t = (int64_t)o << 28; t7  -= t;
      ~ ~~~~^~~~~
wolfcrypt/src/fe_448.c:1789:13: error: implicit conversion loses integer precision: 'int64_t' (aka 'long long') to 'int32_t' (aka 'int') [-Werror,-Wshorten-64-to-32]
    o = t8  >> 28; t9  += o; t = (int64_t)o << 28; t8  -= t;
      ~ ~~~~^~~~~
wolfcrypt/src/fe_448.c:1790:13: error: implicit conversion loses integer precision: 'int64_t' (aka 'long long') to 'int32_t' (aka 'int') [-Werror,-Wshorten-64-to-32]
    o = t9  >> 28; t10 += o; t = (int64_t)o << 28; t9  -= t;
      ~ ~~~~^~~~~
wolfcrypt/src/fe_448.c:1791:13: error: implicit conversion loses integer precision: 'int64_t' (aka 'long long') to 'int32_t' (aka 'int') [-Werror,-Wshorten-64-to-32]
    o = t10 >> 28; t11 += o; t = (int64_t)o << 28; t10 -= t;
      ~ ~~~~^~~~~
wolfcrypt/src/fe_448.c:1792:13: error: implicit conversion loses integer precision: 'int64_t' (aka 'long long') to 'int32_t' (aka 'int') [-Werror,-Wshorten-64-to-32]
    o = t11 >> 28; t12 += o; t = (int64_t)o << 28; t11 -= t;
      ~ ~~~~^~~~~
wolfcrypt/src/fe_448.c:1793:13: error: implicit conversion loses integer precision: 'int64_t' (aka 'long long') to 'int32_t' (aka 'int') [-Werror,-Wshorten-64-to-32]
    o = t12 >> 28; t13 += o; t = (int64_t)o << 28; t12 -= t;
      ~ ~~~~^~~~~
wolfcrypt/src/fe_448.c:1794:13: error: implicit conversion loses integer precision: 'int64_t' (aka 'long long') to 'int32_t' (aka 'int') [-Werror,-Wshorten-64-to-32]
    o = t13 >> 28; t14 += o; t = (int64_t)o << 28; t13 -= t;
      ~ ~~~~^~~~~
wolfcrypt/src/fe_448.c:1795:13: error: implicit conversion loses integer precision: 'int64_t' (aka 'long long') to 'int32_t' (aka 'int') [-Werror,-Wshorten-64-to-32]
    o = t14 >> 28; t15 += o; t = (int64_t)o << 28; t14 -= t;
      ~ ~~~~^~~~~
wolfcrypt/src/fe_448.c:1796:13: error: implicit conversion loses integer precision: 'int64_t' (aka 'long long') to 'int32_t' (aka 'int') [-Werror,-Wshorten-64-to-32]
    o = t15 >> 28; t0  += o;
      ~ ~~~~^~~~~
wolfcrypt/src/fe_448.c:1800:12: error: implicit conversion loses integer precision: 'int64_t' (aka 'long long') to 'int32_t' (aka 'int') [-Werror,-Wshorten-64-to-32]
    r[0] = t0;
         ~ ^~
wolfcrypt/src/fe_448.c:1801:12: error: implicit conversion loses integer precision: 'int64_t' (aka 'long long') to 'int32_t' (aka 'int') [-Werror,-Wshorten-64-to-32]
    r[1] = t1;
         ~ ^~
wolfcrypt/src/fe_448.c:1802:12: error: implicit conversion loses integer precision: 'int64_t' (aka 'long long') to 'int32_t' (aka 'int') [-Werror,-Wshorten-64-to-32]
    r[2] = t2;
         ~ ^~

closed time in 2 months

guidovranken

issue openedwolfSSL/wolfssl

Cross-compiling with clang with --enable-curve448 fails

Cross-compiling on 64 bit for 32 bit on Linux.

Build procedure:

export CC=clang
export CFLAGS="-m32"
setarch i386 ./configure --enable-curve448
make

Output:

wolfcrypt/src/fe_448.c:1781:13: error: implicit conversion loses integer precision: 'int64_t' (aka 'long long') to 'int32_t' (aka 'int') [-Werror,-Wshorten-64-to-32]
    o = t0  >> 28; t1  += o; t = (int64_t)o << 28; t0  -= t;
      ~ ~~~~^~~~~
wolfcrypt/src/fe_448.c:1782:13: error: implicit conversion loses integer precision: 'int64_t' (aka 'long long') to 'int32_t' (aka 'int') [-Werror,-Wshorten-64-to-32]
    o = t1  >> 28; t2  += o; t = (int64_t)o << 28; t1  -= t;
      ~ ~~~~^~~~~
wolfcrypt/src/fe_448.c:1783:13: error: implicit conversion loses integer precision: 'int64_t' (aka 'long long') to 'int32_t' (aka 'int') [-Werror,-Wshorten-64-to-32]
    o = t2  >> 28; t3  += o; t = (int64_t)o << 28; t2  -= t;
      ~ ~~~~^~~~~
wolfcrypt/src/fe_448.c:1784:13: error: implicit conversion loses integer precision: 'int64_t' (aka 'long long') to 'int32_t' (aka 'int') [-Werror,-Wshorten-64-to-32]
    o = t3  >> 28; t4  += o; t = (int64_t)o << 28; t3  -= t;
      ~ ~~~~^~~~~
wolfcrypt/src/fe_448.c:1785:13: error: implicit conversion loses integer precision: 'int64_t' (aka 'long long') to 'int32_t' (aka 'int') [-Werror,-Wshorten-64-to-32]
    o = t4  >> 28; t5  += o; t = (int64_t)o << 28; t4  -= t;
      ~ ~~~~^~~~~
wolfcrypt/src/fe_448.c:1786:13: error: implicit conversion loses integer precision: 'int64_t' (aka 'long long') to 'int32_t' (aka 'int') [-Werror,-Wshorten-64-to-32]
    o = t5  >> 28; t6  += o; t = (int64_t)o << 28; t5  -= t;
      ~ ~~~~^~~~~
wolfcrypt/src/fe_448.c:1787:13: error: implicit conversion loses integer precision: 'int64_t' (aka 'long long') to 'int32_t' (aka 'int') [-Werror,-Wshorten-64-to-32]
    o = t6  >> 28; t7  += o; t = (int64_t)o << 28; t6  -= t;
      ~ ~~~~^~~~~
wolfcrypt/src/fe_448.c:1788:13: error: implicit conversion loses integer precision: 'int64_t' (aka 'long long') to 'int32_t' (aka 'int') [-Werror,-Wshorten-64-to-32]
    o = t7  >> 28; t8  += o; t = (int64_t)o << 28; t7  -= t;
      ~ ~~~~^~~~~
wolfcrypt/src/fe_448.c:1789:13: error: implicit conversion loses integer precision: 'int64_t' (aka 'long long') to 'int32_t' (aka 'int') [-Werror,-Wshorten-64-to-32]
    o = t8  >> 28; t9  += o; t = (int64_t)o << 28; t8  -= t;
      ~ ~~~~^~~~~
wolfcrypt/src/fe_448.c:1790:13: error: implicit conversion loses integer precision: 'int64_t' (aka 'long long') to 'int32_t' (aka 'int') [-Werror,-Wshorten-64-to-32]
    o = t9  >> 28; t10 += o; t = (int64_t)o << 28; t9  -= t;
      ~ ~~~~^~~~~
wolfcrypt/src/fe_448.c:1791:13: error: implicit conversion loses integer precision: 'int64_t' (aka 'long long') to 'int32_t' (aka 'int') [-Werror,-Wshorten-64-to-32]
    o = t10 >> 28; t11 += o; t = (int64_t)o << 28; t10 -= t;
      ~ ~~~~^~~~~
wolfcrypt/src/fe_448.c:1792:13: error: implicit conversion loses integer precision: 'int64_t' (aka 'long long') to 'int32_t' (aka 'int') [-Werror,-Wshorten-64-to-32]
    o = t11 >> 28; t12 += o; t = (int64_t)o << 28; t11 -= t;
      ~ ~~~~^~~~~
wolfcrypt/src/fe_448.c:1793:13: error: implicit conversion loses integer precision: 'int64_t' (aka 'long long') to 'int32_t' (aka 'int') [-Werror,-Wshorten-64-to-32]
    o = t12 >> 28; t13 += o; t = (int64_t)o << 28; t12 -= t;
      ~ ~~~~^~~~~
wolfcrypt/src/fe_448.c:1794:13: error: implicit conversion loses integer precision: 'int64_t' (aka 'long long') to 'int32_t' (aka 'int') [-Werror,-Wshorten-64-to-32]
    o = t13 >> 28; t14 += o; t = (int64_t)o << 28; t13 -= t;
      ~ ~~~~^~~~~
wolfcrypt/src/fe_448.c:1795:13: error: implicit conversion loses integer precision: 'int64_t' (aka 'long long') to 'int32_t' (aka 'int') [-Werror,-Wshorten-64-to-32]
    o = t14 >> 28; t15 += o; t = (int64_t)o << 28; t14 -= t;
      ~ ~~~~^~~~~
wolfcrypt/src/fe_448.c:1796:13: error: implicit conversion loses integer precision: 'int64_t' (aka 'long long') to 'int32_t' (aka 'int') [-Werror,-Wshorten-64-to-32]
    o = t15 >> 28; t0  += o;
      ~ ~~~~^~~~~
wolfcrypt/src/fe_448.c:1800:12: error: implicit conversion loses integer precision: 'int64_t' (aka 'long long') to 'int32_t' (aka 'int') [-Werror,-Wshorten-64-to-32]
    r[0] = t0;
         ~ ^~
wolfcrypt/src/fe_448.c:1801:12: error: implicit conversion loses integer precision: 'int64_t' (aka 'long long') to 'int32_t' (aka 'int') [-Werror,-Wshorten-64-to-32]
    r[1] = t1;
         ~ ^~
wolfcrypt/src/fe_448.c:1802:12: error: implicit conversion loses integer precision: 'int64_t' (aka 'long long') to 'int32_t' (aka 'int') [-Werror,-Wshorten-64-to-32]
    r[2] = t2;
         ~ ^~

created time in 2 months

more