We failed to clear the negative flag when handling trivial cases, so if one of the terms was 0 and the other was negative, the result would be an exact copy of the non-zero term instead of its absolute value.
- Use the new vector byte-order conversion functions where appropriate.
- Use memset_s() instead of memset() where appropriate.
- Use consistent names and types for function arguments.
- Reindent, rename and reorganize to conform to Cryb style and idiom.
SHA224 and SHA256 were left mostly unchanged. MD2 and MD4 were completely rewritten as the previous versions (taken from XySSL) seem to have been copied from RSAREF.
This breaks the ABI as some context structures have grown or shrunk and some function arguments have been changed from int to size_t.
Single-DES is now a special case of triple-DES with all three keys being the same. This is significantly slower than a pure single-DES implementation, but that's fine since nobody should be using it anyway.
We now have separate encryption and decryption methods, and can process an arbitrary amount of plaintext or ciphertext per call, rounded down to the block size (if applicable). For stream ciphers, we also have a keystream method which fills the provided buffer with an arbitrary amount of keystream (once again, rounded down if applicable).
Not only is this a slightly more logical name, but it allows us to expose the verbose flag, previously private to cryb_t_main.c, as the equally logically named t_verbose.
If the key length is not a multiple of 40 bits, its base32 representation may be padded, and that padding will be encoded. We already decoded the label (which may contain spaces and other unsafe characters), but not the key. For the sake of simplicity and robustness, we now decode the name and value of every property.
This corresponds to OpenPAM r886.
The rk pointer in struct aes_ctx always pointed to the context's buffer and served no purpose whatsoever, but the compiler had no way of knowing that and could therefore not optimize away assignments to and from it.
Note that the removal of rk breaks the ABI, since it changes the size of struct aes_ctx, but we allow ourselves that because neither the API nor the ABI have been fixed yet.
If its operands were identical, cryb_mpi_add_abs() would leave the target untouched. Explicitly call mpi_zero() before returning. While there, extend the “identical operands” shortcut to also cover equality.
Both cryb_mpi_add_abs() and cryb_mpi_sub_abs() would leave the target's negative flag untouched. Explicitly clear it before returning.
Unlike assert(3), which uses abort(3), this has no other side effects (before raising SIGABRT) than an fprintf() call. The test framework will catch the SIGABRT, report that the test case failed, and proceed with the next case.
It is reasonable to assume that a SIGABRT originates from a call to abort(3), either directly or via assert(3). Both the C standard and POSIX give the implementation great latitude with regard to abort(3)'s behavior, and both explicitly mention that it may close all streams before raising SIGABRT. This means that we cannot safely proceed after a call to abort(3). One could argue that we can't safely proceed after a SIGBUS or SIGSEGV either, but in practice, the damage is usually quite limited.
All further instances of asprintf() or vasprintf() in our codebase are either in libcryb-test or in individual unit tests, and in all cases, the only consequence of a failed call is that the result will say "no description" instead of either a description of the test or an explanation of how it failed. Therefore, we can simply ignore the problem and cast the call to void to satisfy gcc.
This is actually redundant, because we already check the pointer, which is NULL if and only if asprintf() fails and returns < 0, but the version of gcc used by Travis CI insists. I have not been able to reproduce the issue on any other platform available to me.
Instead of having libcryb-test provide main() and assume that the test program defines t_prepare() and t_cleanup(), have libcryb-test provide a t_main() function which the test program calls with pointers to its prepare and cleanup functions.
When decoding a trigram, percent_decode() would correctly increment the input pointer by an extra two characters (three total) but would not decrement the input length by the same amount. This would result in a buffer over-read when decoding unterminated strings.
- Ensure that the output is always NUL-terminated.
- Always include the terminating NUL in the returned length.
- Allow out == NULL, allowing the caller to check how much space is required before allocating.
- Add man page.
not the numbers themselves.
In t_malloc_printstats(), show information about mapped allocations.
In t_malloc_leaked(), check for leaked mapped allocations. Note that
they would show up anyway since the metadata are allocated from the
bucket allocator, but this makes them more visible.
a caller-provided buffer. Use it to warn about leaks in each individual
test case. Note that we can't fail a test case for leaking, because
individual test cases in a unit may modify shared state which is cleaned
up at the end of the series.
Add an oath_mode(3) function which translates from mode names to numbers.
Consistently use UINT_MAX, not -1, to indicate an invalid response.
Change the meaning of the window parameter to always indicate the number
of codes to check *in addition* to the current code. Note that for TOTP,
the window goes in both directions; a window of 1 means to check the
current code plus the previous and next.