Changelog-None: Use the common library utilities for temporary
allocations instead of manually calling `malloc` and `free`.
This makes the code conformant with rest of the codebase and
reduces the chances of leaks.
Change in the fuzzing scheme of `fuzz-close_tx` led to the
discovery of test inputs that result in greater in code
coverage. Add these inputs to the test's seed corpus.
Changelog-None: The value WALLY_SATOSHI_PER_BTC * WALLY_BTC_MAX
is equal to 2.1e15, which is much higher than the maximum capacity
of a u32, which is 4.29e9.
Hence, use a u64 to store this value instead.
Improvements in the fuzz-testing scheme of `fuzz-channel_id led
to the discovery of test inputs that result in greater in code
coverage. Add these inputs to the test's seed corpus.
Changelog-None: `memcmp()` the output of `towire_channel_id()`
and the input to `fromwire_channel_id()` to ensure that wire
encoding-decoding is correctly performed.
Change in the fuzzing scheme of `fuzz-bolt11` led to the
discovery of test inputs that result in greater in code
coverage. Add these inputs to the test's seed corpus.
Changelog-None: `handle_peer_error_or_warning()` in
`common/read_peer_message.{c, h}` is responsible for parsing any
incoming `error` or `warning` messages as defined in BOLT #1.
Add a test for it.
The FUZZ_COMMON_OBJS list roughly follows lexicographic
order. Make it adhere strictly to the order. This makes adding
and reviewing changes to the file easier.
Improvements in the fuzz-testing scheme of fuzz-bigsize led
to the discovery of test inputs that result in greater in
code-coverage. Add these inputs to the test's seed corpus.
Add a roundtrip check for `bigsize_put()` using `bigsize_get()`.
This enforces a stricter check for the former and adds a test
for the latter, which is currently untested.
Changelog-None: The exisiting fuzz test only extracts chunks of
a fixed size (8) from the fuzzer's input. Replace this with an
iteration over a set of chunk sizes (1 to BIGSIZE_MAX_LEN) for
better coverage.
While at it, get rid of the check `if (bs != 0)` because 0 is a
valid value for bigsize_t as well.
Change in the fuzz-testing scheme of fuzz-addr led to the
discovery of test inputs that result in greater in code
coverage. Add these inputs to the test's seed corpus.
Changelog-None: Currently, fuzz-addr only tests encoding via
encode_scriptpubkey_to_addr(), without checking decoding. Add a
round‑trip assertion: if encoding produces an address, decode
it back with decode_scriptpubkey_from_addr() and confirm the
result matches the original scriptpubkey.
Changelog-None: 'closing_signed' and 'closing_sig' are
channel closing negotiation messages defined in BOLT #2.
While 'closing_signed' has a wire fuzz test, 'closing_sig'
does not. Add a test to perform a round-trip encoding check
(towire -> fromwire) similar to the other wire fuzzers.
Changelog-None: 'closing_signed' and 'closing_complete'
are channel closing negotiation messages defined in BOLT #2.
While 'closing_signed' has a wire fuzz test, 'closing_complete'
does not. Add a test to perform a round-trip encoding check
(towire -> fromwire) similar to the other wire fuzzers.
Improvements in the fuzz-testing scheme of
`fuzz-bolt12-invrequest-decode` led to the discovery of test inputs
that result in greater in code coverage.
Add these inputs to the test's seed corpus.
Changelog-None: Currently, the `BOLT #12` invrequest parsing test
only tests the invrequest decode function. Add a test for the
encoding function as well by making the test roundtrip.
Changelog-None: Add a differential fuzz test for
HMAC-SHA256, similar to those for SHA256 and RIPEMD160,
to verify CCAN’s implementation against OpenSSL’s.
Change in the fuzz-testing scheme of fuzz-base32-64 led to
the discovery of test inputs that result in greater in
code-coverage. Add these inputs to the test's seed corpus.
Changelog-None: Currently, fuzz testing for b64_encode() merely
encodes input and frees the result, providing no real verification
of its behavior.
Introduce a new b64_decode() function (modeled after b32_decode())
and update the fuzz test to perform a roundtrip—encoding followed
by decoding—to ensure that b64_encode() correctly preserves the
original data.
The handshake targets were based on a false premise: that it is
impossible for any fuzzer to generate valid Act 1 or 2 packets. Niklas
Gogge proved this premise incorrect using AFL++ with the CMPLOG feature,
which enabled AFL++ to generate such valid packets.
We modify the targets to allow the scenario where the fuzzer finds these
valid packets and add the inputs AFL++ found to the corpus.
The cryptofuzz target was based on a false premise: that it is
impossible for any fuzzer to generate a valid ciphertext+MAC for the
decrypt function. Niklas Gogge proved this premise incorrect using AFL++
with the CMPLOG feature, which enabled AFL++ to generate such valid
messages.
We remove the assertions requiring decryption to fail and add the inputs
AFL++ found to the corpus.
Unfortunately a spec typo means the data fields are missing (PR pending),
so we still patch those in.
The message "your_peer_storage" got renamed to "peer_storage_retrieval",
and the option "want_peer_backup_storage" was removed.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Changelog-EXPERIMENTAL: `experimental-peer-storage` now only advertizes feature 43, not 41.
It is possible for prevtx to be larger than max packet size, so for shared outputs (currently only the funding tx) we add support for sending the `txid` only across the wire and filling in the prevtx locally.
Changelog-None
No code changes, just catching up with the BOLT changes which rework our
blinded path terminology (for the better!).
Another patch will sweep the rest of our internal names, this tries only to
make things compile and fix up the BOLT quotes.
1. Inside payload: current_blinding_point -> current_path_key
2. Inside update_add_htlc TLV: blinding_point -> blinded_path
3. Inside blinded_path: blinding -> first_path_key
4. Inside onion_message: blinding -> path_key.
5. Inside encrypted_data_tlv: next_blinding_override -> next_path_key_override
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
These were removed from the spec.
We still support existing ones, though we were the only implementation
which ever did, and only in experimental mode, so we should be able to
upgrade them and avoid a forced close, with a bit of engineering...
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
We still support *existing* channels. Just not new ones (before they could,
in theory, explicitly ask for one).
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
We don't actually support it yet, but this threads through the type change,
puts it in "decode" etc.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
It's a u64, we should pass by copy. This is a big sweeping change,
but mainly mechanical (change one, compile, fix breakage, repeat).
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
For better performance it is recommended to use the modern OpenSSL
EVP_MD_fetch API to load digest algorithms (i.e. explicit fetching),
instead of the older implicit fetching API.
As a side effect, using this API seems to avoid memory leaks with some
versions of OpenSSL.
