Commit Graph

1676 Commits

Author SHA1 Message Date
Frank Denis
b7abc4542e No need to provison for the tag if we are below SIZE_MAX 2018-09-12 15:22:30 +02:00
Frank Denis
f0e5c3940d Substract the number of blocks, and make similar code more uniform 2018-09-12 15:19:56 +02:00
Frank Denis
3574ab879e Do not even use untested code in non-production environments 2018-09-12 14:53:16 +02:00
Frank Denis
5a7290ce6a Make this warning more difficult to ignore 2018-09-12 14:51:03 +02:00
Frank Denis
43909c1ffb Allow ic + mlen to overflow a size_t in chacha20_ietf_xor_ic() 2018-09-12 08:40:22 +02:00
Frank Denis
bea8839c6b Do not count the overhead in xchacha20poly1305_MESSAGEBYTES_MAX 2018-09-12 08:19:12 +02:00
Frank Denis
04a7ab95f2 Don't mix lengths and block sizes 2018-09-10 19:57:06 +02:00
Frank Denis
3e9d341d06 Add crypto_stream_chacha20_ietf_ext, use _ext suffix everywhere for consistency 2018-09-08 14:54:12 +02:00
Frank Denis
cf217e3dfc Call misuse() if we ask too much data from the IETF variant of ChaCha20
Fix #753
2018-09-08 02:12:23 +02:00
Frank Denis
ab4ab23d57 x25519_ref: ignore the high bit in the small order PK check 2018-08-29 16:04:40 +02:00
Frank Denis
1ec6edc1a8 Indent 2018-08-27 12:29:49 +02:00
Jakob Rieck
543b5ad068 Fixes padding for blocksizes > 256 2018-08-27 11:42:49 +02:00
Frank Denis
7cdf3f0e84 strnlen() may not be available everywhere 2018-07-22 21:54:38 +02:00
Frank Denis
922e4dcd9e Merge branch 'master' of github.com:jedisct1/libsodium
* 'master' of github.com:jedisct1/libsodium:
  Invert (1-y) just before the multiplication by (1+y) for readability
  Nits
2018-07-22 21:40:39 +02:00
Frank Denis
74ba82210e memchr() can process its input in any order
Fixes #737
2018-07-22 21:26:31 +02:00
Frank Denis
d25d6ce7fb Invert (1-y) just before the multiplication by (1+y) for readability 2018-07-21 00:43:39 +02:00
Frank Denis
91d9051bce Nits 2018-07-19 14:44:17 +02:00
Anton Maklakov
f16896146a Fix warnings that appeared in GCC7+ (related to -Wimplicit-fallthrough) 2018-07-04 23:29:33 +07:00
Frank Denis
cfb0f94704 Visual Studio documentation states that eax/ecx/edx don't need to be
preserved in inline assembly code. But that doesn't seem to always
hold true on Visual Studio 2010.
2018-05-12 09:12:36 +02:00
Tom Auger
462a8ab775 Use _MESSAGEBYTES_MAX in crypto_aead_xchacha20poly1305 2018-04-29 15:12:39 +01:00
Frank Denis
10207d5aa6 This reverts commit 38b19412e8. 2018-04-01 23:25:06 +02:00
Frank Denis
38b19412e8 Introduce pwhash_ntlm() for low-sodium, salt-free password hashing
. #passthesalt
2018-03-31 21:46:37 +02:00
Frank Denis
19f5c4f620 Include limits.h for ancient Android NDKs. Sigh. 2018-01-19 16:48:06 +01:00
Frank Denis
57ca449c7e Include <stdint.h> for SIZE_MAX, and <stddef.h> as a dependency 2018-01-19 15:25:01 +01:00
Frank Denis
13513e886b Keep things simple; directly initialize the example RNG from the system one 2018-01-17 15:11:18 +01:00
Frank Denis
e2581d9105 Swap #ifdef branches for clarity 2018-01-16 01:06:03 +01:00
Frank Denis
958060e2ec Signatures: do not reject weak public keys if ED25519_COMPAT is defined 2018-01-16 01:02:29 +01:00
Frank Denis
0468e778d2 Revert "Solaris Studio apparently supports __attribute__()"
This reverts commit 74a4496cc5.
2018-01-15 13:34:31 +01:00
Frank Denis
74a4496cc5 Solaris Studio apparently supports __attribute__()
Fixes #660
2018-01-14 23:09:46 +01:00
Frank Denis
764656443f Check if we can use inline asm code, not only on x86_64 2017-12-31 01:23:58 +01:00
Frank Denis
a18e21b49d Use (""::"r"(pnt):"memory") instead of (""::"p"(pnt)) for the barrier 2017-12-31 01:11:45 +01:00
Ryan Lester
607d9b7943
Closure fix 2017-12-26 22:39:17 -05:00
Frank Denis
0187ba70ad Require the generichash state to be aligned
Alignment is already required by other functions anyway.
2017-12-21 18:21:43 +01:00
Frank Denis
1e7839a90c Lift alignment requirements in crypto_generichash() 2017-12-21 18:14:17 +01:00
Frank Denis
2604a41774 Add extra align statements 2017-12-21 17:24:23 +01:00
Frank Denis
ffb8475a4a Brace yourself 2017-12-21 17:24:01 +01:00
Frank Denis
3383fd1bdf Extra braces 2017-12-21 16:57:27 +01:00
Frank Denis
107b42af3f Remove unused LOAD128() and STORE128() macros 2017-12-21 16:48:15 +01:00
Frank Denis
1f1b0afb5c Do not assume that __clang__ being defined implied __GNUC__ defined as well 2017-12-19 21:44:48 +01:00
Frank Denis
b1273b0411 Back to dev mode 2017-12-19 21:44:25 +01:00
Frank Denis
77e7d88d89 We really don't need an intermediate variable here 2017-12-16 13:04:59 +01:00
Frank Denis
675149b9b8 Comment 2017-12-13 10:24:13 +01:00
Frank Denis
a1d438c8ba Comments 2017-12-13 00:03:01 +01:00
Frank Denis
95a7dc5e46 Always prefer vararrays to alloca() 2017-12-12 22:27:21 +01:00
Frank Denis
2f56443631 Don't redefine alloca 2017-12-12 22:23:37 +01:00
Frank Denis
ac8dffbecb Return -1 if the scalar is 0 in crypto_scalarmult_ed25519()
For consistency with _base()
2017-12-12 14:35:08 +01:00
Frank Denis
ec67b0890f Do not wipe the workspace after argon2 completes
The overhead can be really prohibitive on servers.
2017-12-11 23:38:20 +01:00
Frank Denis
534250a833 Give the compiler a change to inline index_alpha() 2017-12-11 23:22:34 +01:00
Frank Denis
5aa2b913f4 Immediately allocate all required memory in argon2/scrypt 2017-12-11 23:15:15 +01:00
Frank Denis
bd9e859e52 Coverage exclusion -- this is just an extra, redundant check 2017-12-11 20:08:56 +01:00