Commit Graph

2760 Commits

Author SHA1 Message Date
Frank Denis
d7ecf04d68 Comment randombytes_uniform() 2017-07-23 19:44:22 +02:00
Frank Denis
eaab512788 Add specialized ge_mul_l() to multiply by the order of the main subgroup 2017-07-23 13:50:10 +02:00
Frank Denis
6de26b59d7 ed25519_pk_to_curve25519: check that the input is in the right subgroup 2017-07-23 13:25:02 +02:00
Frank Denis
571915ea2c ed25519: un-static the check for low-order points 2017-07-23 13:15:50 +02:00
Frank Denis
b57f9668fc More tests 2017-07-21 16:52:01 +02:00
Frank Denis
cc51916072 Tag sodium_runtime_has_*() symbols as weak 2017-07-19 12:30:40 +02:00
Frank Denis
8b9b6a54be Remove error string from sodium_misuse()
Returning the name of an internal function to bindings is useless.

They need way more context to recover from these errors, and
their own backtrace will be way more useful for diagnostics.
2017-07-19 00:57:19 +02:00
Frank Denis
9361070f96 Merge branch 'master' of github.com:jedisct1/libsodium
* 'master' of github.com:jedisct1/libsodium:
  Tweak emscripten-wasm.sh
  Clear the BLAKE2B state only once, on finalization
  memzero() the state if we call generichash_final() twice
2017-07-19 00:20:53 +02:00
Frank Denis
63cbad7506 Visual Studio doesn't like abort() chains
Let's limit this test to systems this has been tested on for the
time being.
2017-07-19 00:20:06 +02:00
Frank Denis
21fd252ac2 Tweak emscripten-wasm.sh 2017-07-18 22:08:15 +02:00
Frank Denis
97486f7d45 Clear the BLAKE2B state only once, on finalization
No need to clear everything, and no need to clear again
if _final() is called more than once.
2017-07-18 20:16:47 +02:00
Frank Denis
1090fcfd4d memzero() the state if we call generichash_final() twice 2017-07-18 19:19:04 +02:00
Frank Denis
6768d82ea2 Add missing return value in set_misuse_handler() 2017-07-18 03:49:58 +02:00
Frank Denis
9df008a786 Add some invalid base64 strings to pwhash_str_verify() tests 2017-07-17 23:26:36 +02:00
Frank Denis
5d56821d3d More tests, and start testing misuse cases 2017-07-17 23:09:44 +02:00
Frank Denis
0238cbcf68 Bump NuGet package 2017-07-17 22:38:04 +02:00
Frank Denis
0e8d7c9268 Implement sodium_set_misuse_handler() 2017-07-17 01:00:00 +02:00
Frank Denis
9def4d9a8a Add tests for crypto_kx_*() when a single key is required 2017-07-17 00:36:55 +02:00
Frank Denis
8a70f258fd No more abort() calls! 2017-07-16 23:11:36 +02:00
Frank Denis
c3b24c1d22 Explain why some abort() calls are still around 2017-07-16 20:09:27 +02:00
Frank Denis
74703c63a6 More abort() -> sodium_misuse() 2017-07-16 20:03:03 +02:00
Frank Denis
a0e997b8ae More abort() -> sodium_misuse()
Keep the abort() call on the hash function, which should never fail.
2017-07-16 19:51:08 +02:00
Frank Denis
ea9281cb03 More abort() -> sodium_misuse() 2017-07-16 19:24:46 +02:00
Frank Denis
c7459c125e Remove the useless donations button
Total donations since the project exists: $0.00
Total number of people having asked about commercial support: 0

So, just remove the button.
2017-07-16 19:10:58 +02:00
Frank Denis
a61dddd496 Back to dev mode. If you want a stable version, use the stable branch. 2017-07-16 19:07:43 +02:00
Frank Denis
bcf98b5546 Start replacing abort() with an internal sodium_misuse() function
This function will eventually be able to call a user-defined hook,
that may be useful to people writing bindings for other languages.

The function will not return, though, and will keep calling
abort() after the hook. So, hooks should not return either.

They should gracefully kill the current process or thread instead.

There are many more abort() instances to replace.
This is long and boring.
2017-07-16 19:01:22 +02:00
Frank Denis
c86080e7b9 Fix funky indentation 2017-07-16 18:50:50 +02:00
Frank Denis
608e103e45 Finish the Argon2id tests 2017-07-16 18:34:01 +02:00
Frank Denis
8b99f44ff9 Abort on misuse in crypto_kx_server_session_keys() too 2017-07-16 16:43:47 +02:00
Frank Denis
765ba55cdc crypto_kx(): abort if the function is called without any non-NULL pointer 2017-07-16 16:37:47 +02:00
Frank Denis
90658321d3 Only include sodium/crypto_pwhash_scryptsalsa208sha256.h on !minimal 2017-07-16 12:15:06 +02:00
Frank Denis
1f826df2d4 is_zero(): volatilize the accumulator 2017-07-16 01:07:38 +02:00
Frank Denis
3d400363b6 sodium_compare: x1, x2 don't have to be volatile 2017-07-16 01:05:47 +02:00
Frank Denis
99f8c19a1b memzero(): call the weak function after zeroing
A weak function cannot be inlined, but even if it's a little bit
far stretched, a compiler could add code taking different paths
according to the callee.

With a weak function called after the zeroing, we can be sure
that the zeroing has to happen.
2017-07-16 00:49:31 +02:00
Frank Denis
30e8a2b231 The time has come to use memset_s() if available
memset_s() detection had been removed from the autoconf script a long
time ago because it was incorrectly defined in some obsolete Xcode version.

We're in year 2017, move on.
2017-07-15 23:16:55 +02:00
Frank Denis
f0c15da02f We don't need these extra loads 2017-07-15 20:54:57 +02:00
Frank Denis
bcdb042ad9 Revert "Explicitly include <limits.h>"
This reverts commit 0fd9aae17a.
2017-07-15 20:33:34 +02:00
Frank Denis
7dbbd266b5 Simple SSE2 implementation of crypto_verify*()
`z` being volatile implies more load/store than needed, but this should
be safer if we want to stick with pure C code, and gives us a chance to
zero the registers.

It's still way faster than byte-by-byte comparisons anyway.

Xored secrets don't matter much when compared byte-by-byte, but they
can be more annoying in 128-bit registers.
2017-07-15 20:29:27 +02:00
Frank Denis
94a8b3327f Simplify crypto_verify_*()
Do not expect any modern compiler not to be able to inline this.
2017-07-15 18:31:21 +02:00
Frank Denis
37e99aa4fc Make it more difficult for the compiler to optimize crypto_verify_*() 2017-07-15 18:17:44 +02:00
Frank Denis
c746eb2776 Revert "Bail out if SIZE_MAX < crypto_pwhash_MEMLIMIT_MAX"
This reverts commit c2ef7d0882.
2017-07-15 17:59:55 +02:00
Frank Denis
0fd9aae17a Explicitly include <limits.h> 2017-07-15 17:53:18 +02:00
Frank Denis
c2ef7d0882 Bail out if SIZE_MAX < crypto_pwhash_MEMLIMIT_MAX 2017-07-15 17:51:10 +02:00
Frank Denis
7d5d9204e5 Nuget -> NuGet 2017-07-14 00:23:18 +02:00
Frank Denis
ff615b270a Fix the AES test on error path 2017-07-13 21:41:06 +02:00
Frank Denis
c350bdd87c <winres.h> -> <windows.h> to unbreak builds with MSVC < 2013 2017-07-13 21:15:01 +02:00
Frank Denis
a4fba60c5c Now available on Nugget! 2017-07-13 20:03:48 +02:00
Frank Denis
6a3dfb2658 python3 doesn't have to be in /usr/bin 2017-07-13 17:03:27 +02:00
Frank Denis
24335c250d Bump 2017-07-13 16:20:17 +02:00
Frank Denis
7cfbb5922b Dont expect EFBIG to be returned if a requested allocation is too large
Some environments return funny things such as "function not implemented",
EINVAL or "permission denied" instead.

So, don't assume anything.
2017-07-12 21:36:33 +02:00