Mercurial > dropbear
view libtomcrypt/notes/tech0005.txt @ 1630:9579377b5f8b
use strlcpy & strlcat (#74)
* refactor checkpubkeyperms() with safe BSD functions
fix gcc8 warnings
```
svr-authpubkey.c: In function 'checkpubkeyperms':
svr-authpubkey.c:427:2: warning: 'strncat' specified bound 5 equals source length [-Wstringop-overflow=]
strncat(filename, "/.ssh", 5); /* strlen("/.ssh") == 5 */
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
svr-authpubkey.c:433:2: warning: 'strncat' specified bound 16 equals source length [-Wstringop-overflow=]
strncat(filename, "/authorized_keys", 16);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
```
see https://www.sudo.ws/todd/papers/strlcpy.html
* restore strlcpy in xstrdup
see original https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/xmalloc.c?rev=1.16
author | François Perrad <francois.perrad@gadz.org> |
---|---|
date | Wed, 20 Mar 2019 15:09:19 +0100 |
parents | f849a5ca2efc |
children |
line wrap: on
line source
Tech Note 0005 Minimizing Code Space Tom St Denis Introduction ------------ Tweaking... You can disable whole classes of algorithms on the command line with the LTC_NO_* defines. From there you can manually turn on what you want to enable. The following build with GCC 3.4.4 on an AMD64 box gets you AES, CTR mode, SHA-256, HMAC, Yarrow, full RSA PKCS #1, PKCS #5 and ASN.1 DER in roughly 40KB of code (49KB on the ARMv4) (both excluding the math library). CFLAGS="-DLTC_NO_CIPHERS -DLTC_NO_HASHES -DLTC_NO_PRNGS -DLTC_NO_MACS -DLTC_NO_MODES -DLTC_NO_PK -DLTC_RIJNDAEL -DLTC_CTR_MODE -DSHA256 \ -DLTC_HMAC -DYARROW -DMRSA -DMPI -DTFM_DESC -DARGTYPE=3 -Os -DLTC_SMALL_CODE -fomit-frame-pointer" make IGNORE_SPEED=1 Obviously this won't get you performance but if you need to pack a crypto lib in a device with limited means it's more than enough... Neato eh?