From 5c615a14d311bd6a472a30703df209d5ccca4595 Mon Sep 17 00:00:00 2001 From: Miguel Oliveira Date: Fri, 9 Jun 2023 21:22:25 -0300 Subject: [PATCH 1/5] Fix random.random erroring with a negative length Calling random.random(-1) will return an empty string and set the state to a 31-byte string. This makes any further call in the module error. --- ccryptolib/random.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ccryptolib/random.lua b/ccryptolib/random.lua index 797a152..856d1c4 100644 --- a/ccryptolib/random.lua +++ b/ccryptolib/random.lua @@ -39,7 +39,7 @@ end local function random(len) expect(1, len, "number") lassert(initialized, "attempt to use an uninitialized random generator", 2) - local msg = ("\0"):rep(len + 32) + local msg = ("\0"):rep(math.min(len, 0) + 32) local nonce = ("\0"):rep(12) local out = chacha20.crypt(state, nonce, msg, 8, 0) state = out:sub(1, 32) From 8d77e6597ccc9fda7dc2842585b4717ba4104ed4 Mon Sep 17 00:00:00 2001 From: Miguel Oliveira Date: Fri, 9 Jun 2023 21:23:02 -0300 Subject: [PATCH 2/5] Check argument types in random.mix --- ccryptolib/random.lua | 1 + 1 file changed, 1 insertion(+) diff --git a/ccryptolib/random.lua b/ccryptolib/random.lua index 856d1c4..65656f2 100644 --- a/ccryptolib/random.lua +++ b/ccryptolib/random.lua @@ -30,6 +30,7 @@ end --- Mixes extra entropy into the generator state. --- @param data string The additional entropy to mix. local function mix(data) + expect(1, data, "string") state = blake3.digestKeyed(state, data) end From 3da91cf3a28aaebb949a27a54b895596d6ea2ec2 Mon Sep 17 00:00:00 2001 From: Miguel Oliveira Date: Sun, 11 Jun 2023 12:01:05 -0300 Subject: [PATCH 3/5] Fix random.random Whoops. --- ccryptolib/random.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ccryptolib/random.lua b/ccryptolib/random.lua index 65656f2..f667ad1 100644 --- a/ccryptolib/random.lua +++ b/ccryptolib/random.lua @@ -40,7 +40,7 @@ end local function random(len) expect(1, len, "number") lassert(initialized, "attempt to use an uninitialized random generator", 2) - local msg = ("\0"):rep(math.min(len, 0) + 32) + local msg = ("\0"):rep(math.max(len, 0) + 32) local nonce = ("\0"):rep(12) local out = chacha20.crypt(state, nonce, msg, 8, 0) state = out:sub(1, 32) From 0604359dbb4690335531f757d066e26c63819dc4 Mon Sep 17 00:00:00 2001 From: Miguel Oliveira Date: Tue, 18 Jul 2023 21:12:00 -0300 Subject: [PATCH 4/5] Loosen integral limits on packing.lua --- ccryptolib/internal/packing.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ccryptolib/internal/packing.lua b/ccryptolib/internal/packing.lua index f5597d6..1ea0db3 100644 --- a/ccryptolib/internal/packing.lua +++ b/ccryptolib/internal/packing.lua @@ -95,7 +95,7 @@ if not string.pack or pcall(string.dump, string.pack) then local w = {} for i in fmt:gmatch("I([%d]+)") do local n = tonumber(i) or 4 - assert(n > 0 and n <= 4, "integral size out of limits") + assert(n > 0 and n <= 16, "integral size out of limits") w[#w + 1] = n end return fn(w, e == ">") From 91e6f32894bb7d9425008925a6a5f2e4179be8dc Mon Sep 17 00:00:00 2001 From: Miguel Oliveira Date: Tue, 18 Jul 2023 21:12:20 -0300 Subject: [PATCH 5/5] Fix "cryptolib" typo --- ccryptolib/util.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ccryptolib/util.lua b/ccryptolib/util.lua index 0f2df8e..c4bf192 100644 --- a/ccryptolib/util.lua +++ b/ccryptolib/util.lua @@ -1,7 +1,7 @@ --- General utilities for handling byte strings. local expect = require "cc.expect".expect -local random = require "cryptolib.random" +local random = require "ccryptolib.random" local poly1305 = require "ccryptolib.poly1305" --- Returns the hexadecimal version of a string.