| Age | Commit message (Collapse) | Author |
|---|
|
|
|
(This will be used by prop224)
|
|
Previously, the IV and key were stored in the structure, even though
they mostly weren't needed. The only purpose they had was to
support a seldom-used API where you could pass NULL when creating
a cipher in order to get a random key/IV, and then pull that key/IV
back out.
This saves 32 bytes per AES instance, and makes it easier to support
different key lengths.
|
|
The point of diminishing returns has been reached.
|
|
This shaves another 3-4 seconds off the main-path tests for me,
which is again worth it, according to XKCD#1204.
|
|
The functions it warns about are:
assert, memcmp, strcat, strcpy, sprintf, malloc, free, realloc,
strdup, strndup, calloc.
Also, fix a few lingering instances of these in the code. Use other
conventions to indicate _intended_ use of assert and
malloc/realloc/etc.
|
|
|
|
base16_decodes() now returns the number of decoded bytes. It's interface
changes from returning a "int" to a "ssize_t". Every callsite now checks the
returned value.
Fixes #14013
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
|
|
This is a big-ish patch, but it's very straightforward. Under this
clang warning, we're not actually allowed to have a global variable
without a previous extern declaration for it. The cases where we
violated this rule fall into three roughly equal groups:
* Stuff that should have been static.
* Stuff that was global but where the extern was local to some
other C file.
* Stuff that was only global when built for the unit tests, that
needed a conditional extern in the headers.
The first two were IMO genuine problems; the last is a wart of how
we build tests.
|
|
|
|
|
|
Coverity noticed that we check tor_sscanf's return value everywhere
else.
|
|
Fixes the 0.2.9 instance of bug #19213, which prevented mingw64 from
working. This case wasn't in any released Tor.
|
|
|
|
|
|
Fix the new crypto tests, which used truncate(3).
|
|
|
|
Apparently, we detect and reject them correctly. Aren't you glad?
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Coverage-driven; part of ticket 16794.
|
|
|
|
|
|
Also simplify crypto_common_digests() to have no loop.
|
|
They are no longer "all" digests, but only the "common" digests.
Part of 17795.
This is an automated patch I made with a couple of perl one-liners:
perl -i -pe 's/crypto_digest_all/crypto_common_digests/g;' src/*/*.[ch]
perl -i -pe 's/\bdigests_t\b/common_digests_t/g;' src/*/*.[ch]
|
|
|
|
Also tested with 1.0.0t and 1.0.2f.
Closes ticket 19784.
Closes most of 17921. (Still need to make some tests pass.)
|
|
|
|
Part of 16794.
|
|
Part of #16794
|
|
|
|
This creates a random 100 KiB buffer, and incrementally hashes
(SHA3-512) between 1 and 5 * Rate bytes in a loop, comparing the running
digest with the equivalent one shot call from the start of the buffer.
|
|
This is an eXtendable-Output Function with the following claimed
security strengths against *all* adversaries:
Collision: min(d/2, 256)
Preimage: >= min(d, 256)
2nd Preimage: min(d, 256)
where d is the amount of output used, in bits.
|
|
* DIGEST_SHA3_[256,512] added as supported algorithms, which do
exactly what is said on the tin.
* test/bench now benchmarks all of the supported digest algorithms,
so it's possible to see just how slow SHA-3 is, though the message
sizes could probably use tweaking since this is very dependent on
the message size vs the SHA-3 rate.
|
|
Bugfix on a tor version before the refactoring in git commit
cea12251995d (23 Sep 2009). Patch by "teor".
|
|
|
|
Nobody likes a stack overflow, even in unit tests.
Closes 17699; but not in any released tor.
|
|
Check that crypto_rand doesn't return all zeroes, identical values,
or incrementing values (OpenSSL's rand_predictable feature).
|
|
|
|
|
|
The runtime sanity checking is slightly different from the optimized
basepoint stuff in that it uses a given implementation's self tests if
available, and checks if signing/verification works with a test vector
from the IETF EdDSA draft.
The unit tests include a new testcase that will fuzz donna against ref0,
including the blinding and curve25519 key conversion routines. If this
is something that should be done at runtime (No?), the code can be
stolen from there.
Note: Integrating batch verification is not done yet.
|
|
Integration work scavanged from nickm's `ticket8897_9663_v2` branch,
with minor modifications. Tor will still sanity check the output but
now also attempts to catch extreme breakage by spot checking the
optimized implementation vs known values from the NaCl documentation.
Implements feature 9663.
|
|
Fixed numerous conflicts, and ported code to use new base64 api.
|
