Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

crypto: added signify fuzzer #6

Merged
merged 6 commits into from
Nov 23, 2020
Merged

crypto: added signify fuzzer #6

merged 6 commits into from
Nov 23, 2020

Conversation

MariusVanDerWijden
Copy link

No description provided.

gballet
gballet reviewed Nov 19, 2020
View reviewed changes
crypto/signify_fuzz.go Outdated
// if signify-openbsd is present, check the signature.
// signify-openbsd will be present in CI.
if runtime.GOOS == "linux" {
cmd := exec.Command("which", "signify")
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

would it somehow be possible to pass the executable name as some parameter to Fuzz ?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not to fuzz, but we can pass it as an environment parameter

crypto/signify_fuzz.go Show resolved Hide resolved
crypto/signify_fuzz.go Show resolved Hide resolved
crypto/signify_fuzz.go Outdated
panic(err)
}

err = SignifySignFile(tmpFile.Name(), tmpFile.Name()+".sig", testSecKey, "clé", "croissants")
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

would it be possible to generate the comments as random strings instead?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sure

@gballet gballet merged commit dfac93a into gballet:build-signify Nov 23, 2020
gballet added a commit that referenced this pull request Dec 4, 2020
@gballet @MariusVanDerWijden
crypto: signing builds with signify/minisign (ethereum#21798)
fa572cd 
* internal/build: implement signify's signing func
* Add signify to the ci utility
* fix output file format
* Add unit test for signify
* holiman's + travis' feedback
* internal/build: verify signify's output
* crypto: move signify to common dir
* use go-minisign to verify binaries
* more holiman feedback
* crypto, ci: support minisign output
* only accept one-line trusted comments
* configurable untrusted comments
* code cleanup in tests
* revert to use ed25519 from the stdlib
* bug: fix for empty untrusted comments
* write timestamp as comment if trusted comment isn't present
* rename line checker to commentHasManyLines
* crypto: added signify fuzzer (#6)
* crypto: added signify fuzzer
* stuff
* crypto: updated signify fuzzer to fuzz comments
* crypto: repro signify crashes
* rebased fuzzer on build-signify branch
* hide fuzzer behind gofuzz build flag
* extract key data inside a single function
* don't treat \r as a newline
* travis: fix signing command line
* do not use an external binary in tests
* crypto: move signify to crypto/signify
* travis: fix formatting issue
* ci: fix linter build after package move

Co-authored-by: Marius van der Wijden <m.vanderwijden@live.de>
@MariusVanDerWijden MariusVanDerWijden deleted the signify-fuzz branch November 30, 2021 15:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gballet gballet gballet left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@MariusVanDerWijden @gballet