Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2022-02-01 | Update NEWS. | Björn Esser | 1 | -0/+2 | |
2022-02-01 | libcrypt.minver: Add glibc-on-or1k (OpenRISC 1000) entry. | Björn Esser | 2 | -1/+2 | |
This was added in GNU libc 2.35. | |||||
2022-01-05 | Handle properly looping over filenames with whitespace | quapka | 1 | -1/+1 | |
Using `-exec` would be another option, maybe slightly simpler. | |||||
2022-01-05 | Restrain from using undefined shell features | quapka | 1 | -1/+1 | |
I've missed a ShellCheck's warning about `local`, which said that `In POSIX sh, 'local' is undefined.` | |||||
2022-01-05 | Generate a sufficiently random stop-commands token | quapka | 1 | -2/+8 | |
The token in ::stop-commands::{token} GA workflow command has to be a cryptographically random and secure string. Definitely not a hardcoded string literal. See the docs for details: https://docs.github.com/en/actions/learn-github-actions/workflow-commands-for-github-actions#stopping-and-starting-workflow-commands | |||||
2021-12-17 | Bump tarball version to 4.4.28 and update NEWS. | Björn Esser | 2 | -1/+3 | |
2021-12-17 | Update NEWS. | Björn Esser | 1 | -0/+3 | |
2021-11-30 | lib: Silently truncate rbytes after a maximum of 512 bits for yescrypt. | Björn Esser | 3 | -0/+12 | |
Likewise for gost-yescrypt and scrypt, as those hashing methods share the same codebase. | |||||
2021-11-30 | doc/crypt.5: Document the recommended amount of salt-bits for yescrypt. | Björn Esser | 1 | -3/+3 | |
Also document the same value as the recommended amount for gost-yescrypt and scrypt. | |||||
2021-09-18 | Makefile: Add release target for signed distribution tarballs. | Björn Esser | 2 | -0/+44 | |
2021-09-18 | configure: Check for optional gpg2 and sha256sum programs. | Björn Esser | 1 | -0/+2 | |
2021-09-18 | Packit: Drop COPR builds, as scratch-building on Fedora Koji is enough. | Björn Esser | 1 | -21/+0 | |
2021-09-18 | autogen.sh: Consider all files obsolete when running autoreconf. | Björn Esser | 1 | -1/+1 | |
2021-09-18 | Move CI-scripts into seperate subdir. | Björn Esser | 11 | -19/+19 | |
2021-09-18 | Move auxiliary build-scripts into seperate subdir. | Björn Esser | 17 | -40/+43 | |
2021-09-18 | Use seperate subdir for autogenerated autotools-scripts. | Björn Esser | 9 | -71/+17 | |
2021-09-18 | Move m4sh scripts to build-aux/m4 directory. | Björn Esser | 27 | -66/+65 | |
2021-09-17 | Bump tarball version to 4.4.27 and update NEWS. | Björn Esser | 2 | -1/+3 | |
2021-09-17 | Update NEWS. | Björn Esser | 1 | -0/+2 | |
2021-09-17 | configure: Check availability of __attribute__((symver)). | Björn Esser | 2 | -1/+2 | |
Fixes #140. | |||||
2021-09-17 | build-aux/ax_gcc_func_attribute.m4: Add check for symver attribute. | Björn Esser | 1 | -1/+5 | |
2021-09-17 | build-aux/ax_gcc_func_attribute.m4: New file. | Björn Esser | 2 | -0/+245 | |
2021-08-16 | rpkg: Compile test-programs during %%build stage. | Björn Esser | 1 | -0/+3 | |
2021-08-08 | Bump tarball version to 4.4.26 and update NEWS. | Björn Esser | 2 | -1/+3 | |
2021-08-08 | Update NEWS. | Björn Esser | 1 | -0/+6 | |
2021-08-08 | test/checksalt.c: Add some testcases for invalid salt characters. | Björn Esser | 1 | -9/+21 | |
Add some more testcases for stricter checks of valid salt strings. | |||||
2021-08-08 | test/special-char-salt.c: Adapt testcases for invalid salt characters. | Björn Esser | 1 | -493/+493 | |
In the previous commit we added stricter checks for which characters are valid inside of salt strings, so we need to update the testcases for this change. | |||||
2021-08-08 | lib/crypt.c: Stricter checking of invalid salt characters. | Björn Esser | 1 | -17/+38 | |
However, our generic code currently only enforced the absence of ‘:’ and newline. Prior to 2112d2b, there was no generic check at all. Prior to b2b813a, some but not all hashing methods implemented much more restrictive rules (allowing only their own base64 alphabet in the salt part of a setting); these were found to conflict with existing salts (see #105). The setting-parsing code in each hashing method is ad hoc and difficult to audit for what syntax it actually accepts; there might be other quirks hiding. The change in this commit enforces salt strings to not contain characters that are present in the ‘badsalt_chars’ array. The ‘crypt_checksalt’ function now also validates the passed salt string for the absense of such invalid characters. For now we consider the following characters to be valid for any salt string in the generic check: 0 1 2 3 4 5 6 7 8 9 a b c d e f g h i j k l m n o p q r s t u v w x y z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z . / + - _ = , $ " # % & ' ( ) < > ? @ [ ] ^ ` { | } ~ Fixes #135. | |||||
2021-08-05 | CI: Run make with parallel jobs. | Björn Esser | 6 | -11/+46 | |
This cuts down build times for code coverage and memory access checking drastically. | |||||
2021-08-05 | configure: Add support for Python 3.11. | Björn Esser | 1 | -1/+1 | |
2021-08-05 | CI: Add more files to be ignored for CI run. | Björn Esser | 4 | -4/+4 | |
2021-08-05 | Packit: Add scratch build for Rawhide on Koji. | Björn Esser | 1 | -6/+16 | |
2021-08-05 | lib/util-base64.c: Explicitly terminate the c string. | Björn Esser | 1 | -2/+3 | |
Adding an explicit terminator at the end of the base64 character array will ensure it cannot be declared, nor defined in a too small size, which might omit the needed null byte at the end for proper termination of the c string. | |||||
2021-08-05 | test/special-char-salt.c: Fix formatting of error message. | Björn Esser | 1 | -2/+2 | |
2021-08-04 | Drop scripts used for TravisCI. | Björn Esser | 5 | -605/+0 | |
2021-08-04 | NEWS: Fix interpunction. | Björn Esser | 1 | -1/+1 | |
2021-08-04 | Bump tarball version to 4.4.25 and update NEWS. | Björn Esser | 2 | -1/+3 | |
2021-08-04 | Update NEWS. | Björn Esser | 1 | -0/+33 | |
2021-08-04 | test/explicit-bzero.c: Fix indentation. | Björn Esser | 1 | -33/+33 | |
2021-08-04 | test/badsalt.c: Fix indentation. | Björn Esser | 1 | -6/+6 | |
2021-08-04 | test/getrandom-interface.c: Fix 'NEGATIVE_RETURNS' found by Covscan. | Björn Esser | 1 | -4/+5 | |
CWE-687: Argument cannot be negative (NEGATIVE_RETURNS) negative_returns: pagesize is passed to a parameter that cannot be negative. | |||||
2021-08-04 | test/crypt-badargs.c: Fix 'NEGATIVE_RETURNS' found by Covscan. | Björn Esser | 1 | -3/+4 | |
CWE-687: Argument cannot be negative (NEGATIVE_RETURNS) negative_returns: pagesize is passed to a parameter that cannot be negative. | |||||
2021-08-04 | test/badsalt.c: Fix 'NEGATIVE_RETURNS' found by Covscan. | Björn Esser | 1 | -3/+4 | |
CWE-687: Argument cannot be negative (NEGATIVE_RETURNS) negative_returns: pagesize is passed to a parameter that cannot be negative. | |||||
2021-08-04 | test/explicit-bzero.c: Fix 'NEGATIVE_RETURNS' found by Covscan. | Björn Esser | 1 | -3/+4 | |
CWE-687: Argument cannot be negative (NEGATIVE_RETURNS) negative_returns: page_alignment is passed to a parameter that cannot be negative. | |||||
2021-08-04 | test/short-outbuf.c: Fix 'INCOMPATIBLE_CAST' found by Covscan. | Björn Esser | 1 | -7/+8 | |
CWE-188: Reliance on integer endianness (INCOMPATIBLE_CAST) incompatible_cast: Pointer &j points to an object whose effective type is unsigned long (64 bits, unsigned) but is dereferenced as a narrower int (32 bits, signed). This may lead to unexpected results depending on machine endianness. | |||||
2021-07-22 | test/getrandom-fallbacks.c: Fix 'STRING_NULL' found by Covscan. | Björn Esser | 1 | -1/+2 | |
CWE-170: String not null terminated (STRING_NULL) string_null: Passing unterminated string dbuf to strcmp, which expects a null-terminated string. | |||||
2021-07-22 | test/alg-hmac-sha1.c: Fix 'STRING_NULL' found by Covscan. | Björn Esser | 1 | -2/+2 | |
CWE-170: String not null terminated (STRING_NULL) string_null: Passing unterminated string dbuf to strcmp, which expects a null-terminated string. | |||||
2021-07-22 | test/alg-yescrypt.c: Fix 'OVERFLOW_BEFORE_WIDEN' found by Covscan. | Björn Esser | 1 | -1/+1 | |
CWE-190: Unintentional integer overflow (OVERFLOW_BEFORE_WIDEN) overflow_before_widen: Potentially overflowing expression 'r << 7UL + N_log2' with type 'uint32_t' (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type 'uint64_t' (64 bits, unsigned). | |||||
2021-07-22 | test/getrandom-fallbacks.c: Fix 'VARARGS' found by Covscan. | Björn Esser | 1 | -0/+1 | |
CWE-573: Missing varargs init or cleanup (VARARGS) missing_va_end: va_end was not called for ap. | |||||
2021-07-22 | test/short-outbuf.c: Fix 'SIZEOF_MISMATCH' found by Covscan. | Björn Esser | 1 | -17/+10 | |
CWE-569: Wrong sizeof argument (SIZEOF_MISMATCH) suspicious_sizeof: Passing argument '8UL /* sizeof (char *) */ * *j' to function malloc and then casting the return value to 'char *' is suspicious. |