cheng/libsodium
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3,868 Commits 1 Branch 0 Tags 32 MiB
e2bd402400
Commit Graph

1834 Commits

Author SHA1 Message Date
Frank Denis
557c7eafab Rename fill_segment_* to argon2_fill_segment_* 2019-06-10 18:40:06 +02:00
Frank Denis
a03e6bd16d Rename a few common internal symbols 2019-06-10 18:40:01 +02:00
Frank Denis
d3787c23b8 Rename PBKDF2_SHA256 to escrypt_PBKDF2_SHA256 2019-06-10 18:39:53 +02:00
Frank Denis
7c44e6a8c4 Remove useless macros hiding the actual symbol names 2019-06-10 18:39:48 +02:00
Frank Denis
7ec812b83d Use MAP_CONCEAL on OpenBSD 2019-06-06 12:06:45 +02:00
Frank Denis
c322b1a63c Revert "scrypt: reject r == 0 and p == 0" 
This reverts commit 00c8ecd1c492cf5c6599ff5b8c28ed35d54cf2a1.
 2019-06-01 15:33:51 +02:00
Frank Denis
940ef42797 1.0.18 2019-05-30 21:57:51 +02:00
Frank Denis
575babb389 Comment 2019-05-30 17:33:59 +02:00
Frank Denis
a53fbe4d48 10% speedup on AVX2 for BLAKE2b 
Thanks to Shunsuke Shimizu (@grafi-tt)
 2019-05-30 17:32:45 +02:00
Frank Denis
eefb1cd79e Nits 2019-05-30 17:32:40 +02:00
Ilya Maykov
6bece9c8c4 Relax most __attribute__ ((nonnull)) to allow 0-length inputs to be NULL. 
Justifications:
- crypto_(auth|hash|generichash|onetimeauth|shorthash)*:
  it's legal to hash or HMAC a 0-length message
- crypto_box*: it's legal to encrypt a 0-length message
- crypto_sign*: it's legal to sign a 0-length message
- utils:
  comparing two 0-length byte arrays is legal
  memzero on a 0-length byte array is a no-op
  converting an empty hex string to binary results in an empty binary string
  converting an empty binary string to hex results in an empty hex string
  converting an empty b64 string to binary results in an empty binary string
  converting an empty binary string to b64 results in an empty b64 string
  sodium_add / sodium_sub on zero-length arrays is a no-op

For the functions declared in utils.h, I moved the logic into private functions that
have the __attribute__ ((nonnull)) check, but they are only called when the
corresponding length argument is non-0. I didn't do this for the hash/box/sign
functions since it would have been a lot more work and quite a large refactor.

Only memset() may have issues with a zero length.

Fix tests, use guard page instead of NULL because of Wasm
 2019-04-26 15:36:58 +02:00
Frank Denis
daa6cb3e78 raise() may not be available 2019-03-26 14:38:55 +01:00
Frank Denis
b347bcfa89 Remove unnecessary brackets 2019-03-26 13:45:28 +01:00
Frank Denis
01ed4737af Trust another safe arc4random() implementation 2019-03-26 13:44:28 +01:00
Frank Denis
be509424e9 Typo 2019-02-09 20:49:52 +01:00
Luca Boccassi
ecdcf55173 Add -pthread to pkgconfig's Libs.private if enabled 
Allows static builds to correctly inherit the pthread dependency when
used with pkg-config --static --libs libsodium

AC_SUBST doesn't require explicit values

Regen autoconf

Fixes #800
 2019-01-15 00:29:20 +01:00
Frank Denis
59f55cd420 Force clear the high bit in _noclamp variants 
_noclamp variants should always be used with a scalar < L, but
if this is not the case, at least explicitly ignore the high bit.
 2019-01-14 04:07:41 +01:00
Frank Denis
10ac185647 Merge branch 'master' into stable-1.0.17 
* master: (190 commits)
  fileinput is not used any more
  2019
  local-dynamic is enough
  Set tls-model only if TLS is supported
  Enable -ftls-model=global-dynamic if available
  Set nonce in randombytes_salsa20_random_stir() instead of random_init()
  Bump .NET version examples
  Add another test
  Avoid memory leak and overflow in addition test
  Avoid partial array initialization
  Bump SODIUM_LIBRARY_VERSION_MINOR
  More tests
  More tests
  Improve clarity
  ALLOW_MEMORY_GROWTH is now enabled
  AVX512 detection has been improved
  Add a conditional to enable retpoline support
  must -> should
  Add comments, avoid implicit array initialization
  Add comments
  ...
 2019-01-06 15:43:38 +01:00
Frank Denis
358767f238 Set nonce in randombytes_salsa20_random_stir() instead of random_init() 2019-01-06 04:31:44 +01:00
Frank Denis
531b545578 Avoid partial array initialization 2019-01-05 22:58:07 +01:00
Frank Denis
48852da7cd Improve clarity 2019-01-05 14:31:44 +01:00
Frank Denis
3ab71f873f must -> should 2019-01-04 11:55:17 +01:00
Frank Denis
e45fadffb1 Add comments, avoid implicit array initialization 2019-01-03 22:44:58 +01:00
Frank Denis
1647f0d53a Add comments 2019-01-03 22:28:59 +01:00
Frank Denis
32385c6b9a Avoid negative indices, especially with unsigned types 2019-01-03 22:28:42 +01:00
Frank Denis
1cd6641cde Add an extra compile-time assertion 2019-01-03 18:52:43 +01:00
Frank Denis
74ccac9e83 Do not assume that CRYPTO_ALIGN works 2019-01-03 18:34:24 +01:00
Frank Denis
3c59cebe91 Make the blake2b and poly1305 state opaque 2019-01-03 18:18:20 +01:00
Frank Denis
6fd78e4a39 More paranoid AVX512 detection 2019-01-02 17:35:15 +01:00
Frank Denis
e614671fc8 More paranoid AVX512 detection 2019-01-02 17:33:57 +01:00
Frank Denis
6bbcab33ed Consistent initialization 2019-01-01 22:59:23 +01:00
Frank Denis
f3ce049a98 Bump to 1.0.17 
Not released yet. This is just to encourage people to test the current
code.
 2018-12-30 12:04:52 +01:00
Frank Denis
f2942b9c88 Add sodium_sub(), simplify scalar_complement() and scalar_negate() 2018-12-30 10:26:44 +01:00
Frank Denis
1542d473da Add crypto_core_ed25519_scalar_complement(), _negate(), _add(), _sub() 2018-12-30 01:48:58 +01:00
Frank Denis
cff3d7f6c7 Remove unused variables 2018-12-29 16:42:09 +01:00
Frank Denis
52ff9c8980 Constify, add missing private include 2018-12-26 18:32:39 +01:00
Frank Denis
0a6e10f75f Constify 2018-12-26 18:25:16 +01:00
Frank Denis
7bc5a3da66 Constify 2018-12-26 18:19:37 +01:00
Frank Denis
c9842d9af9 Make allocate_memory() error path less confusing 2018-12-26 17:57:06 +01:00
Frank Denis
e60049aad1 Revert "Add crypto_kx_ed25519" and "Add low-level kx_curve25519 functions" 
This reverts commit 2d736dc2bc.
This reverts commit 7f3bc5cd08.
 2018-12-25 19:22:33 +01:00
Frank Denis
d3976446a0 ED25519_NONDETERMINISTIC: derive keys from the seed the same way 
as when ED25519_NONDETERMINISTIC is not defined
 2018-12-25 13:25:57 +01:00
Frank Denis
2d736dc2bc Add crypto_kx_ed25519 2018-12-25 12:46:21 +01:00
Frank Denis
7f3bc5cd08 Add low-level kx_curve25519 functions 2018-12-25 11:10:33 +01:00
Frank Denis
4cba5ff49b In prototypes, use pointers, not arrays for consistency 2018-12-24 17:38:22 +01:00
Frank Denis
59bd82edab Add a crypto_core_ed25519_NONREDUCEDSCALARBYTES constant 
and reject 0 in crypto_core_ed25519_random()
 2018-12-24 17:26:38 +01:00
Frank Denis
2916230061 Add a guideline 2018-12-23 18:49:56 +01:00
Frank Denis
b4617940f3 Correct sc25519_reduce() prototype 2018-12-23 18:45:28 +01:00
Frank Denis
63573bb98c Add crypto_core_ed25519_scalar_random() 2018-12-23 12:32:07 +01:00
Frank Denis
6fa0220302 Export crypto_core_ed25519_scalar_reduce, add tests 2018-12-23 02:56:11 +01:00
Frank Denis
36f2d99fac Add crypto_core_ed25519_{scalar_invert, ed25519_scalar_reduce)() 
These new low-level APIs are especially useful for blinding.
 2018-12-20 20:05:34 +01:00
Frank Denis
b42082d6d2 Add unclamped versions of scalarmult_ed25519*() 2018-12-18 22:46:56 +01:00
Frank Denis
536ed00d2c Merge branch 'master' of github.com:jedisct1/libsodium 2018-12-10 21:05:47 +01:00
Frank Denis
055e0ae82c Even in non-deterministic EdDSA, the actual secret key is H(sk). 2018-12-10 21:05:40 +01:00
Frank Denis
fec4c92d81 Even in non-deterministic EdDSA, the actual secret key is H(sk). 2018-12-10 21:03:52 +01:00
Ilya Maykov
c60df7b9ff Made sig parameter of crypto_sign_final_verify() const 2018-12-03 21:02:31 +01:00
Frank Denis
a1dff41891 LONG_LONG_* -> LLONG_* 2018-11-11 00:00:13 +01:00
Frank Denis
1dae690ad7 Avoid memset(NULL, _, 0) 2018-10-18 13:49:42 +02:00
Frank Denis
52f814e50c Avoid memset(NULL, _, 0) 2018-10-18 13:49:12 +02:00
Frank Denis
67b0b476d8 Add incomplete nonnull attributes 2018-10-18 13:22:37 +02:00
Frank Denis
574a45afc3 Add a dummy return value 2018-09-30 23:49:57 +02:00
Frank Denis
c4f03ededb Add a dummy return value 2018-09-30 23:49:34 +02:00
Frank Denis
82b1739b98 Add getrandom(2) support for FreeBSD 12 2018-09-30 16:44:27 -05:00
Frank Denis
9771795351 Revert "Add getrandom(2) support for FreeBSD 12" 
This reverts commit 52fdd7ab39.

Due to TinyC crashing.
 2018-09-29 22:53:05 +02:00
Frank Denis
9d5fcef52e Revert "TinyC now crashes on Travis when compiling sysrandom" 
This reverts commit 44dccfe6d4.
 2018-09-29 22:52:56 +02:00
Frank Denis
44dccfe6d4 TinyC now crashes on Travis when compiling sysrandom 2018-09-29 22:48:53 +02:00
Frank Denis
52fdd7ab39 Add getrandom(2) support for FreeBSD 12 
Fixes #762
 2018-09-29 22:37:39 +02:00
David Carlier
b3ba348d08 Provides explicit_memset supports/NetBSD. 
Similar to explicit_bzero function is to defeat
compiler optimisation.
 2018-09-29 19:19:23 +01:00
Frank Denis
675a899d11 No need to provison for the tag if we are below SIZE_MAX 2018-09-12 15:26:38 +02:00
Frank Denis
90112d3eb0 Substract the number of blocks, and make similar code more uniform 2018-09-12 15:26:33 +02:00
Frank Denis
b7abc4542e No need to provison for the tag if we are below SIZE_MAX 2018-09-12 15:22:30 +02:00
Frank Denis
f0e5c3940d Substract the number of blocks, and make similar code more uniform 2018-09-12 15:19:56 +02:00
Frank Denis
3574ab879e Do not even use untested code in non-production environments 2018-09-12 14:53:16 +02:00
Frank Denis
5a7290ce6a Make this warning more difficult to ignore 2018-09-12 14:51:03 +02:00
Frank Denis
f9c1947fce Do not count the overhead in xchacha20poly1305_MESSAGEBYTES_MAX 2018-09-12 08:44:06 +02:00
Frank Denis
43909c1ffb Allow ic + mlen to overflow a size_t in chacha20_ietf_xor_ic() 2018-09-12 08:40:22 +02:00
Frank Denis
bea8839c6b Do not count the overhead in xchacha20poly1305_MESSAGEBYTES_MAX 2018-09-12 08:19:12 +02:00
Frank Denis
04a7ab95f2 Don't mix lengths and block sizes 2018-09-10 19:57:06 +02:00
Frank Denis
3e9d341d06 Add crypto_stream_chacha20_ietf_ext, use _ext suffix everywhere for consistency 2018-09-08 14:54:12 +02:00
Frank Denis
cf217e3dfc Call misuse() if we ask too much data from the IETF variant of ChaCha20 
Fix #753
 2018-09-08 02:12:23 +02:00
Frank Denis
ab4ab23d57 x25519_ref: ignore the high bit in the small order PK check 2018-08-29 16:04:40 +02:00
Frank Denis
2fe2893616 Indent 2018-08-27 12:30:06 +02:00
Frank Denis
1ec6edc1a8 Indent 2018-08-27 12:29:49 +02:00
Jakob Rieck
d7df251cd0 Fixes padding for blocksizes > 256 2018-08-27 12:22:07 +02:00
Jakob Rieck
543b5ad068 Fixes padding for blocksizes > 256 2018-08-27 11:42:49 +02:00
Frank Denis
2052cc7847 strnlen() may not be available everywhere 2018-07-22 21:55:01 +02:00
Frank Denis
7cdf3f0e84 strnlen() may not be available everywhere 2018-07-22 21:54:38 +02:00
Frank Denis
d2728ad93e Merge branch 'stable' of github.com:jedisct1/libsodium into stable 
* 'stable' of github.com:jedisct1/libsodium:
  Nits
 2018-07-22 21:40:51 +02:00
Frank Denis
922e4dcd9e Merge branch 'master' of github.com:jedisct1/libsodium 
* 'master' of github.com:jedisct1/libsodium:
  Invert (1-y) just before the multiplication by (1+y) for readability
  Nits
 2018-07-22 21:40:39 +02:00
Frank Denis
e8fea07f19 memchr() can process its input in any order 
Fixes #737
 2018-07-22 21:27:56 +02:00
Frank Denis
74ba82210e memchr() can process its input in any order 
Fixes #737
 2018-07-22 21:26:31 +02:00
Frank Denis
d25d6ce7fb Invert (1-y) just before the multiplication by (1+y) for readability 2018-07-21 00:43:39 +02:00
Frank Denis
dcd9b13e31 Nits 2018-07-19 14:44:42 +02:00
Frank Denis
91d9051bce Nits 2018-07-19 14:44:17 +02:00
Anton Maklakov
c398a51e21 Fix warnings that appeared in GCC7+ (related to -Wimplicit-fallthrough) 2018-07-04 21:19:04 +02:00
Anton Maklakov
f16896146a Fix warnings that appeared in GCC7+ (related to -Wimplicit-fallthrough) 2018-07-04 23:29:33 +07:00
Frank Denis
cfb0f94704 Visual Studio documentation states that eax/ecx/edx don't need to be 
preserved in inline assembly code. But that doesn't seem to always
hold true on Visual Studio 2010.
 2018-05-12 09:12:36 +02:00
Frank Denis
8b346c86b8 Visual Studio documentation states that eax/ecx/edx don't need to be 
preserved in inline assembly code. But that doesn't seem to always
hold true on Visual Studio 2010.
 2018-05-12 09:11:01 +02:00
Tom Auger
7432c4394b Use _MESSAGEBYTES_MAX in crypto_aead_xchacha20poly1305 2018-04-29 17:48:03 +02:00
Tom Auger
462a8ab775 Use _MESSAGEBYTES_MAX in crypto_aead_xchacha20poly1305 2018-04-29 15:12:39 +01:00
Frank Denis
10207d5aa6 This reverts commit 38b19412e8. 2018-04-01 23:25:06 +02:00