Frank Denis
2a562f8986
Proper overlapping check; memmove() was called when it was superfluous.
2015-01-15 00:44:28 +01:00
Frank Denis
f0b76de13e
chacha20: counting the remaining bytes in a block doesn't require ULL
2015-01-13 20:43:27 +01:00
Frank Denis
f580fcfa92
Sync reduced rounds versions of salsa20 with supercop
2015-01-13 19:36:50 +01:00
Frank Denis
0fef202b37
Wipe the last salsa20 block in the reduced rounds versions
2015-01-13 19:18:50 +01:00
Frank Denis
ab4171e37f
Error checking
2015-01-13 16:26:58 +01:00
Frank Denis
8ba7fbd062
Mention that sodium_alloc() can be used with sodium data structures
...
And explain how to deal with crypto_generichash_state
2015-01-13 11:04:39 +01:00
Frank Denis
2d380c97f3
Move prototypes of functions requiring padding together
2015-01-06 18:28:07 +01:00
Frank Denis
aaf5fbf2e5
+ precomputed interface for crypto_box()
2015-01-06 17:52:42 +01:00
Frank Denis
fab8a0b55f
Indentation
2015-01-06 17:22:12 +01:00
Frank Denis
49f87845b7
Missing #include for sodium_memzero()
2015-01-04 20:02:03 +01:00
Frank Denis
16f32cf1a5
Wipe the shared key in crypto_box() and crypto_secretbox()
...
The _easy and _detached interfaces already did this.
2015-01-04 18:29:17 +01:00
Frank Denis
26f87e266e
Let sodium_malloc() and friends work on systems without protected memory.
...
On these systems, they become simple aliases for malloc() and friends.
Canaries could be added, but adding too much bloat for these rare systems
is probably not worth it, and malloc debuggers are better tools to use.
2014-12-29 23:23:33 +01:00
Frank Denis
cae09d458a
Let crypto_sign_open() accept NULL for the message length pointer
...
Ditto for edwards25519sha512batch for consistency
Add a _p suffix to lengths that are actually pointers for clarity
2014-12-28 21:34:59 +01:00
Frank Denis
4cd1d03a28
Use relative paths in sodium.h
...
This make it easier to use sodium when bundled with another project.
2014-12-27 09:15:02 +01:00
Frank Denis
d5ad99fed6
Retry if open(2) is interrupted; set the CLOEXEC flag as well.
...
Also retry if read(2) returns EAGAIN. This shouldn't happen in blocking mode,
but it can't hurt either.
2014-12-25 12:30:14 +01:00
Frank Denis
e7a84c9e84
We always need to allocate aligned memory
2014-12-12 08:52:05 -08:00
Frank Denis
9b27460618
We always need a page size
2014-12-12 08:51:47 -08:00
Frank Denis
b1cac74b00
We can still directly call _mprotect_readwrite() instead of the high-level function.
2014-12-07 14:59:32 -08:00
Frank Denis
5e364632e0
Make sodium_free() callable even if protection is PROT_NONE.
...
Reported by @stouset, thanks!
2014-12-07 14:52:44 -08:00
Frank Denis
e5024c368f
Remove obsolete, undocumented compatibility layer with Sodium 0.5
2014-11-30 19:57:41 -08:00
Frank Denis
da2c9952db
Check if mmap(2) works, not just the presence of MAP_ANON
...
In particular, mmap(2) doesn't return an aligner pointer on Emscripten.
2014-11-24 10:22:50 -08:00
Frank Denis
60610da39d
Zero the subkey in {stream,xor}_xsalsa20
...
Spotted by Michael Rogers.
2014-11-23 23:42:07 -08:00
Frank Denis
d0eab9323f
Don't assume that madvise() is available even if related macros are defined.
2014-11-22 13:32:54 -08:00
Frank Denis
28a07bf0c9
Add explicit size_t conversions.
2014-11-20 13:31:13 -08:00
Frank Denis
a31a353f0e
curve25519-donna-c64: use limb instead of uint64_t everywhere for consistency
2014-11-20 11:46:25 -08:00
Frank Denis
ae13df74e1
curve25519-donna-c64: replace U8TO64/U64TO8 with load_limb/store_limb
...
To match the current @agl code.
2014-11-20 11:43:53 -08:00
Frank Denis
d3e716aa49
curve25519-donna-c64: don't read an extra byte when expanding a 32-byte number into polynomial form
...
Reported by Michael Holmwood.
2014-11-20 11:22:24 -08:00
Frank Denis
63ee1abf82
Explicit int32 -> int64 conversions
2014-10-29 08:37:21 -07:00
Frank Denis
caeeefbcf4
Credit CodesInChaos
2014-10-19 19:26:15 -07:00
Andre Caron
a7a04d7af5
Changes DLL_EXPORT to SODIUM_DLL_EXPORT.
...
This macro conflicts with other projects. This results in the inability to
build one DLL that depends on libsodium if the other DLL also uses the
DLL_EXPORT macro to control visibility of library symbols. Since the choice of
name for this macro is arbitrary, use of a library prefix is preferred.
2014-10-13 15:18:09 -04:00
Frank Denis
9e64361e66
Make sodium_bin2hex() slightly faster
2014-10-07 21:15:46 -07:00
Frank Denis
814df1e60d
Constant-time sodium_bin2hex()
...
Original C# code by CodesInChaos.
2014-10-07 20:50:26 -07:00
Frank Denis
5c3c132e47
Make include guards consistent, and avoid reserved identifiers.
2014-10-06 14:14:49 -07:00
Frank Denis
cb07df046f
Remove S<l check.
...
Plan is to add is_standard()/is_canonical() instead of changing the current behavior
of the verification function. Suggested by CodesInChaos.
2014-10-06 12:21:40 -07:00
Frank Denis
15889c2e64
Remove dead variable and assignment
2014-10-05 01:28:00 -07:00
Frank Denis
e04f1b6854
Avoid a conditional jump
2014-10-04 23:36:53 -07:00
Frank Denis
d34743241e
Add a test for ed25519 malleability and restore traditional behavior.
...
If an application really requires non-malleability, ED25519_PREVENT_MALLEABILITY
can be defined to enable the check.
This might become the default behavior depending on what other implementations
are planning to do.
2014-10-04 23:25:01 -07:00
Frank Denis
9f6d37d9c6
Support overlapping input and output regions in crypto_secretbox_detached()
...
crypto_stream_salsa20() doesn't support overlapping input and output regions,
except when they are aliases.
2014-10-04 22:08:09 -07:00
Frank Denis
4099618de2
ed25519_open(): check that S < l
...
Not strictly required, but I don't see any downsides either.
2014-10-04 22:07:58 -07:00
Frank Denis
727f3993a1
lcov exclusion
2014-09-23 21:22:44 -07:00
Frank Denis
f71c1c0e17
lcov exclusion
2014-09-23 21:19:49 -07:00
Frank Denis
41db958e83
lcov exclusion
2014-09-23 14:54:10 -07:00
Frank Denis
0cb0578ede
lcov exclusion
2014-09-23 14:03:28 -07:00
Frank Denis
0c73253249
lcov exclusions
2014-09-23 13:45:11 -07:00
Frank Denis
dcbc538cd9
lcov exclusions
2014-09-23 13:31:42 -07:00
Frank Denis
99734cf8b4
lcov exclusions
2014-09-23 13:22:24 -07:00
Frank Denis
c775f87260
escrypt_gensalt_r() cannot fail
2014-09-23 13:20:39 -07:00
Frank Denis
116cdf32f1
pickparams() and escrypt_init_local() cannot fail
2014-09-23 13:08:25 -07:00
Frank Denis
a858a1971e
lcov exclusion
...
Testing for this case rather belongs to the sodium-validation project.
2014-09-23 12:39:15 -07:00
Frank Denis
5fc704cbf0
lcov exclusions
2014-09-23 12:18:24 -07:00