Mercurial > dropbear
view libtomcrypt/coverity.sh @ 1855:35d504d59c05
Implement server-side support for sk-ecdsa U2F-backed keys (#142)
* Implement server-side support for sk-ecdsa U2F-backed keys
* Fix out-of-bounds read on normal ecdsa-sha2-[identifier] keys
* Fix one more potential out-of-bounds read
* Check if nistp256 curve is used in sk-ecdsa-sha2- key
It's the only allowed curve per PROTOCOL.u2f specification
* Implement server-side support for sk-ed25519 FIDO2-backed keys
* Keys with type sk-* make no sense as host keys, so they should be
disabled
* fix typo
* Make sk-ecdsa call buf_ecdsa_verify
This reduces code duplication, the SK code just handles the
different message format.
* Reduce sk specific code
The application id can be stored in signkey, then we don't need
to call sk-specific functions from svr-authpubkey
* Remove debugging output, which causes compilation errors with DEBUG_TRACE disabled
* Proper cleanup of sk_app
Co-authored-by: Matt Johnston <[email protected]>
author | egor-duda <egor-duda@users.noreply.github.com> |
---|---|
date | Sat, 22 Jan 2022 16:53:04 +0300 |
parents | 6dba84798cd5 |
children |
line wrap: on
line source
#!/bin/bash if [ $# -lt 2 ] then echo "usage is: ${0##*/} <path to coverity scan> <extra compiler options>" echo "e.g. \"${0##*/} \"/usr/local/bin/coverity\" \"-DLTM_DESC -I/path/to/libtommath/\"\"" exit -1 fi PATH=$PATH:$1/bin make clean rm -r cov-int/ myCflags="" myCflags="$myCflags -O2 ${2}" myCflags="$myCflags -pipe -Werror -Wpointer-arith -Winit-self -Wextra -Wall -Wformat -Wformat-security" CFLAGS="$myCflags" cov-build --dir cov-int make -f makefile.unix $MAKE_OPTS IGNORE_SPEED=1 1>gcc_1.txt if [ $? -ne 0 ] then echo "make failed" exit -1 fi # zipup everything tar caf libtomcrypt.lzma cov-int mytoken=$(cat .coverity_token) mymail=$(cat .coverity_mail) myversion=$(git describe --dirty) curl -k --form project=libtomcrypt \ --form token=${mytoken} \ --form email=${mymail} \ --form file=@libtomcrypt.lzma \ --form version=\"${myversion}\" \ --form description="\"libtomcrypt version ${myversion}\"" \ https://scan.coverity.com/builds?project=libtom%2Flibtomcrypt