Frank Denis
d7ecf04d68
Comment randombytes_uniform()
2017-07-23 19:44:22 +02:00
Frank Denis
eaab512788
Add specialized ge_mul_l() to multiply by the order of the main subgroup
2017-07-23 13:50:10 +02:00
Frank Denis
6de26b59d7
ed25519_pk_to_curve25519: check that the input is in the right subgroup
2017-07-23 13:25:02 +02:00
Frank Denis
571915ea2c
ed25519: un-static the check for low-order points
2017-07-23 13:15:50 +02:00
Frank Denis
b57f9668fc
More tests
2017-07-21 16:52:01 +02:00
Frank Denis
cc51916072
Tag sodium_runtime_has_*() symbols as weak
2017-07-19 12:30:40 +02:00
Frank Denis
8b9b6a54be
Remove error string from sodium_misuse()
...
Returning the name of an internal function to bindings is useless.
They need way more context to recover from these errors, and
their own backtrace will be way more useful for diagnostics.
2017-07-19 00:57:19 +02:00
Frank Denis
9361070f96
Merge branch 'master' of github.com:jedisct1/libsodium
...
* 'master' of github.com:jedisct1/libsodium:
Tweak emscripten-wasm.sh
Clear the BLAKE2B state only once, on finalization
memzero() the state if we call generichash_final() twice
2017-07-19 00:20:53 +02:00
Frank Denis
63cbad7506
Visual Studio doesn't like abort() chains
...
Let's limit this test to systems this has been tested on for the
time being.
2017-07-19 00:20:06 +02:00
Frank Denis
21fd252ac2
Tweak emscripten-wasm.sh
2017-07-18 22:08:15 +02:00
Frank Denis
97486f7d45
Clear the BLAKE2B state only once, on finalization
...
No need to clear everything, and no need to clear again
if _final() is called more than once.
2017-07-18 20:16:47 +02:00
Frank Denis
1090fcfd4d
memzero() the state if we call generichash_final() twice
2017-07-18 19:19:04 +02:00
Frank Denis
6768d82ea2
Add missing return value in set_misuse_handler()
2017-07-18 03:49:58 +02:00
Frank Denis
9df008a786
Add some invalid base64 strings to pwhash_str_verify() tests
2017-07-17 23:26:36 +02:00
Frank Denis
5d56821d3d
More tests, and start testing misuse cases
2017-07-17 23:09:44 +02:00
Frank Denis
0238cbcf68
Bump NuGet package
2017-07-17 22:38:04 +02:00
Frank Denis
0e8d7c9268
Implement sodium_set_misuse_handler()
2017-07-17 01:00:00 +02:00
Frank Denis
9def4d9a8a
Add tests for crypto_kx_*() when a single key is required
2017-07-17 00:36:55 +02:00
Frank Denis
8a70f258fd
No more abort() calls!
2017-07-16 23:11:36 +02:00
Frank Denis
c3b24c1d22
Explain why some abort() calls are still around
2017-07-16 20:09:27 +02:00
Frank Denis
74703c63a6
More abort() -> sodium_misuse()
2017-07-16 20:03:03 +02:00
Frank Denis
a0e997b8ae
More abort() -> sodium_misuse()
...
Keep the abort() call on the hash function, which should never fail.
2017-07-16 19:51:08 +02:00
Frank Denis
ea9281cb03
More abort() -> sodium_misuse()
2017-07-16 19:24:46 +02:00
Frank Denis
c7459c125e
Remove the useless donations button
...
Total donations since the project exists: $0.00
Total number of people having asked about commercial support: 0
So, just remove the button.
2017-07-16 19:10:58 +02:00
Frank Denis
a61dddd496
Back to dev mode. If you want a stable version, use the stable branch.
2017-07-16 19:07:43 +02:00
Frank Denis
bcf98b5546
Start replacing abort() with an internal sodium_misuse() function
...
This function will eventually be able to call a user-defined hook,
that may be useful to people writing bindings for other languages.
The function will not return, though, and will keep calling
abort() after the hook. So, hooks should not return either.
They should gracefully kill the current process or thread instead.
There are many more abort() instances to replace.
This is long and boring.
2017-07-16 19:01:22 +02:00
Frank Denis
c86080e7b9
Fix funky indentation
2017-07-16 18:50:50 +02:00
Frank Denis
608e103e45
Finish the Argon2id tests
2017-07-16 18:34:01 +02:00
Frank Denis
8b99f44ff9
Abort on misuse in crypto_kx_server_session_keys() too
2017-07-16 16:43:47 +02:00
Frank Denis
765ba55cdc
crypto_kx(): abort if the function is called without any non-NULL pointer
2017-07-16 16:37:47 +02:00
Frank Denis
90658321d3
Only include sodium/crypto_pwhash_scryptsalsa208sha256.h on !minimal
2017-07-16 12:15:06 +02:00
Frank Denis
1f826df2d4
is_zero(): volatilize the accumulator
2017-07-16 01:07:38 +02:00
Frank Denis
3d400363b6
sodium_compare: x1, x2 don't have to be volatile
2017-07-16 01:05:47 +02:00
Frank Denis
99f8c19a1b
memzero(): call the weak function after zeroing
...
A weak function cannot be inlined, but even if it's a little bit
far stretched, a compiler could add code taking different paths
according to the callee.
With a weak function called after the zeroing, we can be sure
that the zeroing has to happen.
2017-07-16 00:49:31 +02:00
Frank Denis
30e8a2b231
The time has come to use memset_s() if available
...
memset_s() detection had been removed from the autoconf script a long
time ago because it was incorrectly defined in some obsolete Xcode version.
We're in year 2017, move on.
2017-07-15 23:16:55 +02:00
Frank Denis
f0c15da02f
We don't need these extra loads
2017-07-15 20:54:57 +02:00
Frank Denis
bcdb042ad9
Revert "Explicitly include <limits.h>"
...
This reverts commit 0fd9aae17a
.
2017-07-15 20:33:34 +02:00
Frank Denis
7dbbd266b5
Simple SSE2 implementation of crypto_verify*()
...
`z` being volatile implies more load/store than needed, but this should
be safer if we want to stick with pure C code, and gives us a chance to
zero the registers.
It's still way faster than byte-by-byte comparisons anyway.
Xored secrets don't matter much when compared byte-by-byte, but they
can be more annoying in 128-bit registers.
2017-07-15 20:29:27 +02:00
Frank Denis
94a8b3327f
Simplify crypto_verify_*()
...
Do not expect any modern compiler not to be able to inline this.
2017-07-15 18:31:21 +02:00
Frank Denis
37e99aa4fc
Make it more difficult for the compiler to optimize crypto_verify_*()
2017-07-15 18:17:44 +02:00
Frank Denis
c746eb2776
Revert "Bail out if SIZE_MAX < crypto_pwhash_MEMLIMIT_MAX"
...
This reverts commit c2ef7d0882
.
2017-07-15 17:59:55 +02:00
Frank Denis
0fd9aae17a
Explicitly include <limits.h>
2017-07-15 17:53:18 +02:00
Frank Denis
c2ef7d0882
Bail out if SIZE_MAX < crypto_pwhash_MEMLIMIT_MAX
2017-07-15 17:51:10 +02:00
Frank Denis
7d5d9204e5
Nuget -> NuGet
2017-07-14 00:23:18 +02:00
Frank Denis
ff615b270a
Fix the AES test on error path
2017-07-13 21:41:06 +02:00
Frank Denis
c350bdd87c
<winres.h> -> <windows.h> to unbreak builds with MSVC < 2013
2017-07-13 21:15:01 +02:00
Frank Denis
a4fba60c5c
Now available on Nugget!
2017-07-13 20:03:48 +02:00
Frank Denis
6a3dfb2658
python3 doesn't have to be in /usr/bin
2017-07-13 17:03:27 +02:00
Frank Denis
24335c250d
Bump
2017-07-13 16:20:17 +02:00
Frank Denis
7cfbb5922b
Dont expect EFBIG to be returned if a requested allocation is too large
...
Some environments return funny things such as "function not implemented",
EINVAL or "permission denied" instead.
So, don't assume anything.
2017-07-12 21:36:33 +02:00