cheng/libsodium
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3,711 Commits 1 Branch 0 Tags 32 MiB
57e753130e
Commit Graph

1801 Commits

Author SHA1 Message Date
Jakob Rieck
543b5ad068 Fixes padding for blocksizes > 256 2018-08-27 11:42:49 +02:00
Frank Denis
2052cc7847 strnlen() may not be available everywhere 2018-07-22 21:55:01 +02:00
Frank Denis
7cdf3f0e84 strnlen() may not be available everywhere 2018-07-22 21:54:38 +02:00
Frank Denis
d2728ad93e Merge branch 'stable' of github.com:jedisct1/libsodium into stable 
* 'stable' of github.com:jedisct1/libsodium:
  Nits
 2018-07-22 21:40:51 +02:00
Frank Denis
922e4dcd9e Merge branch 'master' of github.com:jedisct1/libsodium 
* 'master' of github.com:jedisct1/libsodium:
  Invert (1-y) just before the multiplication by (1+y) for readability
  Nits
 2018-07-22 21:40:39 +02:00
Frank Denis
e8fea07f19 memchr() can process its input in any order 
Fixes #737
 2018-07-22 21:27:56 +02:00
Frank Denis
74ba82210e memchr() can process its input in any order 
Fixes #737
 2018-07-22 21:26:31 +02:00
Frank Denis
d25d6ce7fb Invert (1-y) just before the multiplication by (1+y) for readability 2018-07-21 00:43:39 +02:00
Frank Denis
dcd9b13e31 Nits 2018-07-19 14:44:42 +02:00
Frank Denis
91d9051bce Nits 2018-07-19 14:44:17 +02:00
Anton Maklakov
c398a51e21 Fix warnings that appeared in GCC7+ (related to -Wimplicit-fallthrough) 2018-07-04 21:19:04 +02:00
Anton Maklakov
f16896146a Fix warnings that appeared in GCC7+ (related to -Wimplicit-fallthrough) 2018-07-04 23:29:33 +07:00
Frank Denis
cfb0f94704 Visual Studio documentation states that eax/ecx/edx don't need to be 
preserved in inline assembly code. But that doesn't seem to always
hold true on Visual Studio 2010.
 2018-05-12 09:12:36 +02:00
Frank Denis
8b346c86b8 Visual Studio documentation states that eax/ecx/edx don't need to be 
preserved in inline assembly code. But that doesn't seem to always
hold true on Visual Studio 2010.
 2018-05-12 09:11:01 +02:00
Tom Auger
7432c4394b Use _MESSAGEBYTES_MAX in crypto_aead_xchacha20poly1305 2018-04-29 17:48:03 +02:00
Tom Auger
462a8ab775 Use _MESSAGEBYTES_MAX in crypto_aead_xchacha20poly1305 2018-04-29 15:12:39 +01:00
Frank Denis
10207d5aa6 This reverts commit 38b19412e8. 2018-04-01 23:25:06 +02:00
Frank Denis
38b19412e8 Introduce pwhash_ntlm() for low-sodium, salt-free password hashing 
. #passthesalt
 2018-03-31 21:46:37 +02:00
Frank Denis
06ee95c3f1 Regen autoconf scripts 2018-03-14 12:03:49 -07:00
Frank Denis
19f5c4f620 Include limits.h for ancient Android NDKs. Sigh. 2018-01-19 16:48:06 +01:00
Frank Denis
b862bf0267 Include limits.h for ancient Android NDKs. Sigh. 2018-01-19 16:46:46 +01:00
Frank Denis
729d80a1ac Include <stdint.h> for SIZE_MAX, and <stddef.h> as a dependency 2018-01-19 15:25:39 +01:00
Frank Denis
57ca449c7e Include <stdint.h> for SIZE_MAX, and <stddef.h> as a dependency 2018-01-19 15:25:01 +01:00
Frank Denis
13513e886b Keep things simple; directly initialize the example RNG from the system one 2018-01-17 15:11:18 +01:00
Frank Denis
e2581d9105 Swap #ifdef branches for clarity 2018-01-16 01:06:03 +01:00
Frank Denis
958060e2ec Signatures: do not reject weak public keys if ED25519_COMPAT is defined 2018-01-16 01:02:29 +01:00
Frank Denis
0468e778d2 Revert "Solaris Studio apparently supports __attribute__()" 
This reverts commit 74a4496cc5.
 2018-01-15 13:34:31 +01:00
Frank Denis
74a4496cc5 Solaris Studio apparently supports __attribute__() 
Fixes #660
 2018-01-14 23:09:46 +01:00
Frank Denis
59f8556bfa Check if we can use inline asm code, not only on x86_64 2017-12-31 01:24:26 +01:00
Frank Denis
764656443f Check if we can use inline asm code, not only on x86_64 2017-12-31 01:23:58 +01:00
Frank Denis
a18e21b49d Use (""::"r"(pnt):"memory") instead of (""::"p"(pnt)) for the barrier 2017-12-31 01:11:45 +01:00
Frank Denis
8c2e89d109 Use (""::"r"(pnt):"memory") instead of (""::"p"(pnt)) for the barrier 2017-12-31 01:10:48 +01:00
Ryan Lester
0ceb245eea Closure fix 2017-12-27 08:54:20 +01:00
Ryan Lester
607d9b7943
Closure fix 2017-12-26 22:39:17 -05:00
Frank Denis
b92e7b40ed Brace yourself 2017-12-22 17:06:38 +01:00
Frank Denis
0187ba70ad Require the generichash state to be aligned 
Alignment is already required by other functions anyway.
 2017-12-21 18:21:43 +01:00
Frank Denis
1e7839a90c Lift alignment requirements in crypto_generichash() 2017-12-21 18:14:17 +01:00
Frank Denis
2604a41774 Add extra align statements 2017-12-21 17:24:23 +01:00
Frank Denis
ffb8475a4a Brace yourself 2017-12-21 17:24:01 +01:00
Frank Denis
3383fd1bdf Extra braces 2017-12-21 16:57:27 +01:00
Frank Denis
bee480cfd3 Extra braces 2017-12-21 16:57:04 +01:00
Frank Denis
fb53590047 Remove unused LOAD128() and STORE128() macros 2017-12-21 16:48:52 +01:00
Frank Denis
107b42af3f Remove unused LOAD128() and STORE128() macros 2017-12-21 16:48:15 +01:00
Frank Denis
1f1b0afb5c Do not assume that __clang__ being defined implied __GNUC__ defined as well 2017-12-19 21:44:48 +01:00
Frank Denis
b1273b0411 Back to dev mode 2017-12-19 21:44:25 +01:00
Frank Denis
bf1444f976 Do not assume that __clang__ being defined implied __GNUC__ defined as well 2017-12-19 21:41:56 +01:00
Frank Denis
8fed6e5b46 We really don't need an intermediate variable here 2017-12-16 13:29:44 +01:00
Frank Denis
77e7d88d89 We really don't need an intermediate variable here 2017-12-16 13:04:59 +01:00
Frank Denis
5bc564cac1 1.0.16 
* master: (221 commits)
  Comment
  Comments
  msys2 build scripts: just use -Ofast
  Always prefer vararrays to alloca()
  Don't redefine alloca
  Return -1 if the scalar is 0 in crypto_scalarmult_ed25519()
  Remove trailing space
  Import the regen-msvc script
  Update ChangeLog
  Do not wipe the workspace after argon2 completes
  Remove tests for deprecated functions
  Give the compiler a change to inline index_alpha()
  Immediately allocate all required memory in argon2/scrypt
  Check reduced-round salsa variants in non-minimal mode
  Coverage exclusion -- this is just an extra, redundant check
  Remove incorrect and useless cast
  -fomit-frame-pointer makes a different on mips
  WebAssembly benefits from the 128-bit types, too
  Remove extra spaces
  Undef devel
  ...
 2017-12-13 16:21:20 +01:00
Frank Denis
675149b9b8 Comment 2017-12-13 10:24:13 +01:00
Frank Denis
a1d438c8ba Comments 2017-12-13 00:03:01 +01:00
Frank Denis
95a7dc5e46 Always prefer vararrays to alloca() 2017-12-12 22:27:21 +01:00
Frank Denis
2f56443631 Don't redefine alloca 2017-12-12 22:23:37 +01:00
Frank Denis
ac8dffbecb Return -1 if the scalar is 0 in crypto_scalarmult_ed25519() 
For consistency with _base()
 2017-12-12 14:35:08 +01:00
Frank Denis
ec67b0890f Do not wipe the workspace after argon2 completes 
The overhead can be really prohibitive on servers.
 2017-12-11 23:38:20 +01:00
Frank Denis
534250a833 Give the compiler a change to inline index_alpha() 2017-12-11 23:22:34 +01:00
Frank Denis
5aa2b913f4 Immediately allocate all required memory in argon2/scrypt 2017-12-11 23:15:15 +01:00
Frank Denis
bd9e859e52 Coverage exclusion -- this is just an extra, redundant check 2017-12-11 20:08:56 +01:00
Frank Denis
11f217fec8 Undef devel 2017-12-09 11:14:28 +01:00
Frank Denis
e985fe204c Spacing 2017-12-06 15:34:06 +00:00
Frank Denis
a916fff400 Reorder 2017-12-06 15:19:15 +00:00
Frank Denis
715cb6ba33 Faster scalarmult_ed25519() 2017-12-06 15:13:18 +00:00
Frank Denis
3e588a48e3 scalarmult_ed25519_base(): return -1 if the scalar (not the result) is all zero 2017-12-03 20:53:54 +01:00
Frank Denis
3d6cd63b2a Add an empty line for consistency 2017-12-01 17:41:45 +01:00
Frank Denis
ccdad9d68d Coverage exclusion 2017-12-01 17:34:03 +01:00
Frank Denis
307503df96 Coverage exclusion 2017-12-01 17:31:45 +01:00
Frank Denis
cc92e26a6b Coverage exclusion 2017-12-01 17:23:16 +01:00
Frank Denis
07c5764d5e Correct argument names in internal prototype 2017-12-01 15:23:01 +01:00
Frank Denis
5ecaeb33aa Correct argument names in internal prototype 2017-12-01 15:22:33 +01:00
Frank Denis
4098a12635 Improve clarity 2017-11-26 13:05:47 +01:00
Frank Denis
f5a4064646 CompCert seems to be fine with S_* macros now 2017-11-26 12:31:31 +01:00
Frank Denis
06a523423a Oh, the joy of compilers pretending to support C99, but that actually don't 2017-11-26 00:11:56 +01:00
Frank Denis
7df2a1ae91 Remove unused variable 2017-11-25 23:16:39 +01:00
Frank Denis
b9cbbef03b Use __declspec(thread) on Visual Studio 2017-11-25 23:16:35 +01:00
Frank Denis
a261eec0aa Make the salsa20 random stream thread local 2017-11-25 22:29:20 +01:00
Frank Denis
cf521f05e2 Reorder 2017-11-25 22:18:35 +01:00
Frank Denis
a7074ffc18 Split global information and stream information 2017-11-25 22:08:40 +01:00
Frank Denis
5117b1adc5 Optionally use RDRAND to mitigate prediction of future values 
if a key is compromised.
 2017-11-25 21:07:05 +01:00
Frank Denis
56cef5e01a Revert "Add crypto_core_curve25519_is_valid_point()" 
I'm not convinced that there are actual use cases for this, but I'd be
glad to re-merge it if you can show me some.

This reverts commit 2a031b95ff.
 2017-11-25 19:52:55 +01:00
Frank Denis
f24bfdc3ca Revert "destatic fe25519_pow22523()" 
This reverts commit 3998cd7228.
 2017-11-25 19:52:41 +01:00
Frank Denis
23af44d1ed No need to add a dependency on blake2 here, use salsa20 as an extractor 2017-11-25 19:43:25 +01:00
Frank Denis
3998cd7228 destatic fe25519_pow22523() 2017-11-25 18:00:19 +01:00
Frank Denis
ee2403deba Check for RDRAND presence 2017-11-25 17:53:33 +01:00
Frank Denis
3cef66a853 Rename random_rekey() to random_xorkey() for clarity 
Zero the xor key after having used it
 2017-11-25 17:49:30 +01:00
Frank Denis
2a031b95ff Add crypto_core_curve25519_is_valid_point() 2017-11-18 17:48:56 +01:00
Frank Denis
933b3e8ec1 Help compilers with vectorization 2017-11-18 13:19:00 +01:00
Frank Denis
686c6a210d Help compilers vectorize 2017-11-18 13:09:13 +01:00
Frank Denis
c190574cee x25519-ref10: reject low order points before the multiplication 2017-11-17 10:47:00 +01:00
Frank Denis
3d8889560e Export constants 2017-11-15 01:47:54 +01:00
Frank Denis
1df2285362 Add a preliminary test for core_ed25519 2017-11-15 01:34:43 +01:00
Frank Denis
d5634850e4 Consistency check 2017-11-14 23:11:16 +01:00
Frank Denis
150de39b2b Move sign addition where it makes more sense 2017-11-14 22:11:35 +01:00
Frank Denis
5257cceda8 Merge crypto_core_ed25519_from_uniform() 
Fixes #628
although we need another one that keeps montgomery coordinates.
 2017-11-14 22:05:37 +01:00
Frank Denis
c44d847207 Format & add A 2017-11-14 21:58:15 +01:00
Frank Denis
75d507a434 + crypto_core_ed25519_is_valid_point() 2017-11-13 14:36:40 +01:00
Frank Denis
57dac9eb60 + crypto_core_ed25519_add(), crypto_core_ed25519_sub() 2017-11-13 14:22:44 +01:00
Frank Denis
d5a90f8f45 Adjust #include 2017-11-11 18:06:29 +01:00
Frank Denis
569778b517 Rename core/curve25519 to core/ed25519 2017-11-11 17:44:00 +01:00
Frank Denis
82efb10fc1 Merge branch 'master' of github.com:jedisct1/libsodium 
* 'master' of github.com:jedisct1/libsodium:
  Register sodium_stackzero()
  Add sodium_stackzero()
  Check for alloca()
 2017-11-11 17:31:55 +01:00
Frank Denis
27872ca13c Add an empty assembly statement to the memzero() weak symbol 2017-11-11 17:31:22 +01:00
Frank Denis
b93d773f7b Add sodium_stackzero() 2017-11-10 20:48:05 +01:00
Frank Denis
40070b342a Initialize the argon2 position structure a bit earlier 2017-11-08 12:56:33 +01:00
Frank Denis
8ab638b983 argon2: let fill_memory_blocks() accept a pass counter 2017-11-08 12:53:37 +01:00
Frank Denis
06f5c9a773 Funky indentation 2017-11-08 00:16:53 +01:00
Frank Denis
aa06d871ba Indent 2017-11-07 01:07:22 +01:00
Frank Denis
a9b6eda279 + UNPOISON macro 2017-11-06 23:57:23 +01:00
Frank Denis
ce3ca605a3 Better poison 2017-11-06 23:42:40 +01:00
Frank Denis
e73e2ee2c2 Define a POISON macro 2017-11-06 23:41:50 +01:00
Frank Denis
bd0e0303f9 Comment 2017-11-06 23:34:41 +01:00
Frank Denis
f8de352e6d Reduce nesting, improve readability 2017-11-06 21:55:20 +01:00
Frank Denis
1621448f6c Consistent spacing 2017-11-06 21:31:46 +01:00
Frank Denis
fd14a458d7 Use verbose prototypes 
Having only parameter types in prototypes is confusing.
So, include parameter names as well.
 2017-11-06 20:19:50 +01:00
Frank Denis
780974a109 sc_* -> sc25519_* 2017-11-06 20:13:47 +01:00
Frank Denis
e371a870f3 ge_* -> ge25519_* 2017-11-06 20:05:33 +01:00
Frank Denis
fb2e83a4d1 fe -> fe25519 2017-11-06 19:40:28 +01:00
Frank Denis
4bd6196c96 Move functions not worth inlining back to core 2017-11-06 15:06:21 +01:00
Frank Denis
221350c78a Import fe constants 2017-11-06 14:35:41 +01:00
Frank Denis
f954997fc3 Move field arithmetic to include/private/, and make everything static 
to get some inlining.
 2017-11-06 14:32:01 +01:00
Frank Denis
2e7b8e1de9 Still #define the fe & ge types for now 2017-11-06 11:47:00 +01:00
Frank Denis
55a6b6bb46 Remove these useless #define 2017-11-06 11:42:02 +01:00
Frank Denis
1e57b1d455 Update comment 2017-11-06 11:10:29 +01:00
Frank Denis
7eacdc6ff0 Remove X25519-donna 2017-11-06 11:03:18 +01:00
Frank Denis
cdfd98e908 Move fe_cswap and fe_scalar_product to core 2017-11-06 10:52:03 +01:00
Frank Denis
8730d16d4b Fix comment 2017-11-06 02:09:47 +01:00
Frank Denis
0a20032a8f KNF 2017-11-06 02:00:32 +01:00
Frank Denis
a5b9c381e5 Shrink x25519_donna_c64; reuse functions from core 2017-11-06 01:57:05 +01:00
Frank Denis
28cac20a7b Symbolically clear the round keys after aes256gcm_(en|de)crypt() 
Fixes #617
 2017-11-05 23:53:25 +01:00
Frank Denis
1947a49020 Symbolically clear the round keys after aes256gcm_(en|de)crypt() 
Fixes #617
 2017-11-05 23:46:55 +01:00
Frank Denis
820bf58b93 Reduce the diff between fe_25_5/fe.h and fe_51/fe.h 2017-11-05 21:27:53 +01:00
Frank Denis
f49dd35fdf Update paths 2017-11-05 18:26:25 +01:00
Frank Denis
bfd656b67b core/25519: Use 51-bit limbs on platforms supporting 128 bit arithmetic 2017-11-05 17:50:15 +01:00
Frank Denis
bd82e08337 Move 25.5 bit field arithmetic to ref10/fe_25_5 2017-11-05 17:35:22 +01:00
Frank Denis
7b05b7da50 Ed25519 synthetic nonces: pad to 128 bytes boundaries, not 16. 
Spotted by Trevor Perrin. Good catch, thanks!
 2017-11-04 09:57:06 +01:00
Frank Denis
9f71f5aade Ed25519 synthetic nonces: pad to 128 bytes boundaries, not 16. 
Spotted by Trevor Perrin. Good catch, thanks!
 2017-11-04 09:53:44 +01:00
Frank Denis
bfcaab49f3 Tolerate sodium_crit_leave() to be called on an unlocked mutex 2017-11-03 15:47:02 +01:00
Frank Denis
b45d52a8cf Tolerate sodium_crit_leave() to be called on an unlocked mutex 2017-11-03 15:46:19 +01:00
Frank Denis
8e364d29db Move d2 definition close to the d definition 2017-11-01 19:38:16 +01:00
Frank Denis
f57fcb9c26 Use the correct type for the cmov mask 2017-11-01 19:37:34 +01:00
Frank Denis
5d484e6cb2 Leave and immediately reenter the critical section in sodium_misuse() 
Keep running everything in the critical section from there.
 2017-11-01 01:48:23 +01:00
Frank Denis
8d5b6b1fc9 Leave and immediately reenter the critical section in sodium_misuse() 
Keep running everything in the critical section from there.
 2017-11-01 01:45:02 +01:00
Frank Denis
802830e4e6 Regen precomputation tables 2017-11-01 00:08:34 +01:00
Frank Denis
a366ea0839 Tidy up curve25519_ref10, remove comments that are not relevant any more 2017-10-31 20:22:48 +01:00
Frank Denis
a3f96045d4 Remove ge_scalarmult_vartime() which is not used any more 2017-10-31 16:10:51 +01:00
Frank Denis
0b734963db edwards25519sha512batch_open(): check order before decoding instead of after 2017-10-31 16:09:43 +01:00
Frank Denis
1cd0633186 Accept non-canonical PKs if ED25519_COMPAT is defined 2017-10-31 16:08:45 +01:00
Frank Denis
5808b83092 ed25519_open(): reject all small order public keys and non-canonical representations 2017-10-31 16:07:01 +01:00
Frank Denis
ce56bb596f edwards25519sha512batch: reuse ge_scalarmult() 
Check public key and R order by the way.
 2017-10-31 15:56:31 +01:00
Frank Denis
52fce922f4 Add constant-time edx recovery; use it in ed25519_scalarmult() 2017-10-31 15:41:40 +01:00
Frank Denis
4bd18252d4 Don't hardcode the number of rounds 2017-10-28 21:37:01 +02:00
Frank Denis
5468c39d7d Don't hardcode the number of rounds 2017-10-28 21:36:01 +02:00