Commit graph

5 commits

Author SHA1 Message Date
Rodolphe Bréard
0aac6402eb Change the randomly generated benchmark input
The xz backdoor relied on obfuscated test files that contained malicious
code instead of a real test. Since then, test and benchmark input that
cannot be explained should be considered suspicious.

Out of laziness, the input for the xl test (05) was generated through
the `openssl rand -hex` command, which outputs random data as an
hexadecimal string. Although I generated it myself and know there is
nothing hidden in there, I cannot prove it to someone else. Therefore, I
chose to stop using random data for this test and changed it to a
readable "lorem ipsum" string of the same size, like the other tests.

For more information about the xz backdoor and the context in which this
commit take place, please read:
CVE-2024-3094
https://www.openwall.com/lists/oss-security/2024/03/29/4
https://gynvael.coldwind.pl/?lang=en&id=782
https://gist.github.com/thesamesam/223949d5a074ebc3dce9ee78baad9e27
2024-04-01 16:25:37 +02:00
Rodolphe Bréard
360917adb8 Add AES128-GCM to the benchmark 2024-03-24 14:38:03 +01:00
Rodolphe Bréard
ae19a16531 Improve the context and IKM list APIs 2024-03-24 09:47:36 +01:00
Rodolphe Bréard
90c8a2aa87 API change: pass the data after the context 2024-03-24 09:25:27 +01:00
Rodolphe Bréard
c62029ee91 Add a benchmark 2024-03-23 19:23:14 +01:00