libp2p/go-libp2p-core
1
0
Fork 0
mirror of https://github.com/libp2p/go-libp2p-core.git synced 2025-01-15 02:30:05 +08:00
Code Issues Projects Releases Wiki Activity
288 Commits 76 Branches 54 Tags 1.3 MiB
247031f933
Commit Graph

9 Commits

Author SHA1 Message Date
Steven Allen
648dc3fba2
feat: harden encoding/decoding functions against panics (#243) 
* feat: harden encoding/decoding functions against panics

Part of https://github.com/libp2p/go-libp2p/issues/1389

These kinds of functions:

1. Handle user input.
2. Often have out-of-bounds, null pointer, etc bugs.
3. Have completely isolated logic where local panics are unlikely to
   cause memory corruption elsewhere.

* test: add a panic catcher test
 2022-04-18 12:40:37 -07:00
Marten Seemann
d28ef6339a
remove deprecated Bytes method from the Key interface (#204) 2021-07-22 12:18:09 -07:00
Dmitry Yu Okunev
205fb711b9 Use standard library "crypto/ed25519" 2019-12-06 21:58:31 -05:00
Steven Allen
469ed581a0
Merge pull request #48 from libp2p/fix/fallback-cmp 
fix: use fallback comparison for ed25519 keys
 2019-09-27 15:33:55 -07:00
Steven Allen
947196bbb7 crypto: use constant time compare when decoding private keys 
In practice, this is impossible to exploit without being able to corrupt the
private key which would allow a much simpler guess-and-check attack. However,
it's still a bad practice to compare private key material like this.
 2019-09-24 10:40:54 -07:00
Steven Allen
1461eb16af fix: use fallback comparison for ed25519 keys 2019-08-01 17:45:55 -07:00
Cole Brown
652a852edd Use short-circuiting comparisons for public keys 2019-07-12 16:34:29 -04:00
Cole Brown
2726b6493c Replace bytes.Equal -> subtle.ConstantTimeCompare 2019-07-10 15:30:22 -04:00
Raúl Kripalani
6e566d10f4
Absorb go-libp2p abstractions and core types into this module (#1) 2019-05-22 18:31:11 +01:00