Frank Denis
c322b1a63c
Revert "scrypt: reject r == 0 and p == 0"
...
This reverts commit 00c8ecd1c4
.
2019-06-01 15:33:51 +02:00
Frank Denis
940ef42797
1.0.18
2019-05-30 21:57:51 +02:00
Frank Denis
575babb389
Comment
2019-05-30 17:33:59 +02:00
Frank Denis
a53fbe4d48
10% speedup on AVX2 for BLAKE2b
...
Thanks to Shunsuke Shimizu (@grafi-tt)
2019-05-30 17:32:45 +02:00
Frank Denis
eefb1cd79e
Nits
2019-05-30 17:32:40 +02:00
Ilya Maykov
6bece9c8c4
Relax most __attribute__ ((nonnull)) to allow 0-length inputs to be NULL.
...
Justifications:
- crypto_(auth|hash|generichash|onetimeauth|shorthash)*:
it's legal to hash or HMAC a 0-length message
- crypto_box*: it's legal to encrypt a 0-length message
- crypto_sign*: it's legal to sign a 0-length message
- utils:
comparing two 0-length byte arrays is legal
memzero on a 0-length byte array is a no-op
converting an empty hex string to binary results in an empty binary string
converting an empty binary string to hex results in an empty hex string
converting an empty b64 string to binary results in an empty binary string
converting an empty binary string to b64 results in an empty b64 string
sodium_add / sodium_sub on zero-length arrays is a no-op
For the functions declared in utils.h, I moved the logic into private functions that
have the __attribute__ ((nonnull)) check, but they are only called when the
corresponding length argument is non-0. I didn't do this for the hash/box/sign
functions since it would have been a lot more work and quite a large refactor.
Only memset() may have issues with a zero length.
Fix tests, use guard page instead of NULL because of Wasm
2019-04-26 15:36:58 +02:00
Frank Denis
daa6cb3e78
raise() may not be available
2019-03-26 14:38:55 +01:00
Frank Denis
b347bcfa89
Remove unnecessary brackets
2019-03-26 13:45:28 +01:00
Frank Denis
01ed4737af
Trust another safe arc4random() implementation
2019-03-26 13:44:28 +01:00
Frank Denis
be509424e9
Typo
2019-02-09 20:49:52 +01:00
Luca Boccassi
ecdcf55173
Add -pthread to pkgconfig's Libs.private if enabled
...
Allows static builds to correctly inherit the pthread dependency when
used with pkg-config --static --libs libsodium
AC_SUBST doesn't require explicit values
Regen autoconf
Fixes #800
2019-01-15 00:29:20 +01:00
Frank Denis
59f55cd420
Force clear the high bit in _noclamp variants
...
_noclamp variants should always be used with a scalar < L, but
if this is not the case, at least explicitly ignore the high bit.
2019-01-14 04:07:41 +01:00
Frank Denis
10ac185647
Merge branch 'master' into stable-1.0.17
...
* master: (190 commits)
fileinput is not used any more
2019
local-dynamic is enough
Set tls-model only if TLS is supported
Enable -ftls-model=global-dynamic if available
Set nonce in randombytes_salsa20_random_stir() instead of random_init()
Bump .NET version examples
Add another test
Avoid memory leak and overflow in addition test
Avoid partial array initialization
Bump SODIUM_LIBRARY_VERSION_MINOR
More tests
More tests
Improve clarity
ALLOW_MEMORY_GROWTH is now enabled
AVX512 detection has been improved
Add a conditional to enable retpoline support
must -> should
Add comments, avoid implicit array initialization
Add comments
...
2019-01-06 15:43:38 +01:00
Frank Denis
358767f238
Set nonce in randombytes_salsa20_random_stir() instead of random_init()
2019-01-06 04:31:44 +01:00
Frank Denis
531b545578
Avoid partial array initialization
2019-01-05 22:58:07 +01:00
Frank Denis
48852da7cd
Improve clarity
2019-01-05 14:31:44 +01:00
Frank Denis
3ab71f873f
must -> should
2019-01-04 11:55:17 +01:00
Frank Denis
e45fadffb1
Add comments, avoid implicit array initialization
2019-01-03 22:44:58 +01:00
Frank Denis
1647f0d53a
Add comments
2019-01-03 22:28:59 +01:00
Frank Denis
32385c6b9a
Avoid negative indices, especially with unsigned types
2019-01-03 22:28:42 +01:00
Frank Denis
1cd6641cde
Add an extra compile-time assertion
2019-01-03 18:52:43 +01:00
Frank Denis
74ccac9e83
Do not assume that CRYPTO_ALIGN works
2019-01-03 18:34:24 +01:00
Frank Denis
3c59cebe91
Make the blake2b and poly1305 state opaque
2019-01-03 18:18:20 +01:00
Frank Denis
6fd78e4a39
More paranoid AVX512 detection
2019-01-02 17:35:15 +01:00
Frank Denis
e614671fc8
More paranoid AVX512 detection
2019-01-02 17:33:57 +01:00
Frank Denis
6bbcab33ed
Consistent initialization
2019-01-01 22:59:23 +01:00
Frank Denis
f3ce049a98
Bump to 1.0.17
...
Not released yet. This is just to encourage people to test the current
code.
2018-12-30 12:04:52 +01:00
Frank Denis
f2942b9c88
Add sodium_sub(), simplify scalar_complement() and scalar_negate()
2018-12-30 10:26:44 +01:00
Frank Denis
1542d473da
Add crypto_core_ed25519_scalar_complement(), _negate(), _add(), _sub()
2018-12-30 01:48:58 +01:00
Frank Denis
cff3d7f6c7
Remove unused variables
2018-12-29 16:42:09 +01:00
Frank Denis
52ff9c8980
Constify, add missing private include
2018-12-26 18:32:39 +01:00
Frank Denis
0a6e10f75f
Constify
2018-12-26 18:25:16 +01:00
Frank Denis
7bc5a3da66
Constify
2018-12-26 18:19:37 +01:00
Frank Denis
c9842d9af9
Make allocate_memory() error path less confusing
2018-12-26 17:57:06 +01:00
Frank Denis
e60049aad1
Revert "Add crypto_kx_ed25519" and "Add low-level kx_curve25519 functions"
...
This reverts commit 2d736dc2bc
.
This reverts commit 7f3bc5cd08
.
2018-12-25 19:22:33 +01:00
Frank Denis
d3976446a0
ED25519_NONDETERMINISTIC: derive keys from the seed the same way
...
as when ED25519_NONDETERMINISTIC is not defined
2018-12-25 13:25:57 +01:00
Frank Denis
2d736dc2bc
Add crypto_kx_ed25519
2018-12-25 12:46:21 +01:00
Frank Denis
7f3bc5cd08
Add low-level kx_curve25519 functions
2018-12-25 11:10:33 +01:00
Frank Denis
4cba5ff49b
In prototypes, use pointers, not arrays for consistency
2018-12-24 17:38:22 +01:00
Frank Denis
59bd82edab
Add a crypto_core_ed25519_NONREDUCEDSCALARBYTES constant
...
and reject 0 in crypto_core_ed25519_random()
2018-12-24 17:26:38 +01:00
Frank Denis
2916230061
Add a guideline
2018-12-23 18:49:56 +01:00
Frank Denis
b4617940f3
Correct sc25519_reduce() prototype
2018-12-23 18:45:28 +01:00
Frank Denis
63573bb98c
Add crypto_core_ed25519_scalar_random()
2018-12-23 12:32:07 +01:00
Frank Denis
6fa0220302
Export crypto_core_ed25519_scalar_reduce, add tests
2018-12-23 02:56:11 +01:00
Frank Denis
36f2d99fac
Add crypto_core_ed25519_{scalar_invert, ed25519_scalar_reduce)()
...
These new low-level APIs are especially useful for blinding.
2018-12-20 20:05:34 +01:00
Frank Denis
b42082d6d2
Add unclamped versions of scalarmult_ed25519*()
2018-12-18 22:46:56 +01:00
Frank Denis
536ed00d2c
Merge branch 'master' of github.com:jedisct1/libsodium
2018-12-10 21:05:47 +01:00
Frank Denis
055e0ae82c
Even in non-deterministic EdDSA, the actual secret key is H(sk).
2018-12-10 21:05:40 +01:00
Frank Denis
fec4c92d81
Even in non-deterministic EdDSA, the actual secret key is H(sk).
2018-12-10 21:03:52 +01:00
Ilya Maykov
c60df7b9ff
Made sig parameter of crypto_sign_final_verify() const
2018-12-03 21:02:31 +01:00
Frank Denis
a1dff41891
LONG_LONG_* -> LLONG_*
2018-11-11 00:00:13 +01:00
Frank Denis
1dae690ad7
Avoid memset(NULL, _, 0)
2018-10-18 13:49:42 +02:00
Frank Denis
52f814e50c
Avoid memset(NULL, _, 0)
2018-10-18 13:49:12 +02:00
Frank Denis
67b0b476d8
Add incomplete nonnull attributes
2018-10-18 13:22:37 +02:00
Frank Denis
574a45afc3
Add a dummy return value
2018-09-30 23:49:57 +02:00
Frank Denis
c4f03ededb
Add a dummy return value
2018-09-30 23:49:34 +02:00
Frank Denis
82b1739b98
Add getrandom(2) support for FreeBSD 12
2018-09-30 16:44:27 -05:00
Frank Denis
9771795351
Revert "Add getrandom(2) support for FreeBSD 12"
...
This reverts commit 52fdd7ab39
.
Due to TinyC crashing.
2018-09-29 22:53:05 +02:00
Frank Denis
9d5fcef52e
Revert "TinyC now crashes on Travis when compiling sysrandom"
...
This reverts commit 44dccfe6d4
.
2018-09-29 22:52:56 +02:00
Frank Denis
44dccfe6d4
TinyC now crashes on Travis when compiling sysrandom
2018-09-29 22:48:53 +02:00
Frank Denis
52fdd7ab39
Add getrandom(2) support for FreeBSD 12
...
Fixes #762
2018-09-29 22:37:39 +02:00
David Carlier
b3ba348d08
Provides explicit_memset supports/NetBSD.
...
Similar to explicit_bzero function is to defeat
compiler optimisation.
2018-09-29 19:19:23 +01:00
Frank Denis
675a899d11
No need to provison for the tag if we are below SIZE_MAX
2018-09-12 15:26:38 +02:00
Frank Denis
90112d3eb0
Substract the number of blocks, and make similar code more uniform
2018-09-12 15:26:33 +02:00
Frank Denis
b7abc4542e
No need to provison for the tag if we are below SIZE_MAX
2018-09-12 15:22:30 +02:00
Frank Denis
f0e5c3940d
Substract the number of blocks, and make similar code more uniform
2018-09-12 15:19:56 +02:00
Frank Denis
3574ab879e
Do not even use untested code in non-production environments
2018-09-12 14:53:16 +02:00
Frank Denis
5a7290ce6a
Make this warning more difficult to ignore
2018-09-12 14:51:03 +02:00
Frank Denis
f9c1947fce
Do not count the overhead in xchacha20poly1305_MESSAGEBYTES_MAX
2018-09-12 08:44:06 +02:00
Frank Denis
43909c1ffb
Allow ic + mlen to overflow a size_t in chacha20_ietf_xor_ic()
2018-09-12 08:40:22 +02:00
Frank Denis
bea8839c6b
Do not count the overhead in xchacha20poly1305_MESSAGEBYTES_MAX
2018-09-12 08:19:12 +02:00
Frank Denis
04a7ab95f2
Don't mix lengths and block sizes
2018-09-10 19:57:06 +02:00
Frank Denis
3e9d341d06
Add crypto_stream_chacha20_ietf_ext, use _ext suffix everywhere for consistency
2018-09-08 14:54:12 +02:00
Frank Denis
cf217e3dfc
Call misuse() if we ask too much data from the IETF variant of ChaCha20
...
Fix #753
2018-09-08 02:12:23 +02:00
Frank Denis
ab4ab23d57
x25519_ref: ignore the high bit in the small order PK check
2018-08-29 16:04:40 +02:00
Frank Denis
2fe2893616
Indent
2018-08-27 12:30:06 +02:00
Frank Denis
1ec6edc1a8
Indent
2018-08-27 12:29:49 +02:00
Jakob Rieck
d7df251cd0
Fixes padding for blocksizes > 256
2018-08-27 12:22:07 +02:00
Jakob Rieck
543b5ad068
Fixes padding for blocksizes > 256
2018-08-27 11:42:49 +02:00
Frank Denis
2052cc7847
strnlen() may not be available everywhere
2018-07-22 21:55:01 +02:00
Frank Denis
7cdf3f0e84
strnlen() may not be available everywhere
2018-07-22 21:54:38 +02:00
Frank Denis
d2728ad93e
Merge branch 'stable' of github.com:jedisct1/libsodium into stable
...
* 'stable' of github.com:jedisct1/libsodium:
Nits
2018-07-22 21:40:51 +02:00
Frank Denis
922e4dcd9e
Merge branch 'master' of github.com:jedisct1/libsodium
...
* 'master' of github.com:jedisct1/libsodium:
Invert (1-y) just before the multiplication by (1+y) for readability
Nits
2018-07-22 21:40:39 +02:00
Frank Denis
e8fea07f19
memchr() can process its input in any order
...
Fixes #737
2018-07-22 21:27:56 +02:00
Frank Denis
74ba82210e
memchr() can process its input in any order
...
Fixes #737
2018-07-22 21:26:31 +02:00
Frank Denis
d25d6ce7fb
Invert (1-y) just before the multiplication by (1+y) for readability
2018-07-21 00:43:39 +02:00
Frank Denis
dcd9b13e31
Nits
2018-07-19 14:44:42 +02:00
Frank Denis
91d9051bce
Nits
2018-07-19 14:44:17 +02:00
Anton Maklakov
c398a51e21
Fix warnings that appeared in GCC7+ (related to -Wimplicit-fallthrough)
2018-07-04 21:19:04 +02:00
Anton Maklakov
f16896146a
Fix warnings that appeared in GCC7+ (related to -Wimplicit-fallthrough)
2018-07-04 23:29:33 +07:00
Frank Denis
cfb0f94704
Visual Studio documentation states that eax/ecx/edx don't need to be
...
preserved in inline assembly code. But that doesn't seem to always
hold true on Visual Studio 2010.
2018-05-12 09:12:36 +02:00
Frank Denis
8b346c86b8
Visual Studio documentation states that eax/ecx/edx don't need to be
...
preserved in inline assembly code. But that doesn't seem to always
hold true on Visual Studio 2010.
2018-05-12 09:11:01 +02:00
Tom Auger
7432c4394b
Use _MESSAGEBYTES_MAX in crypto_aead_xchacha20poly1305
2018-04-29 17:48:03 +02:00
Tom Auger
462a8ab775
Use _MESSAGEBYTES_MAX in crypto_aead_xchacha20poly1305
2018-04-29 15:12:39 +01:00
Frank Denis
10207d5aa6
This reverts commit 38b19412e8
.
2018-04-01 23:25:06 +02:00
Frank Denis
38b19412e8
Introduce pwhash_ntlm() for low-sodium, salt-free password hashing
...
. #passthesalt
2018-03-31 21:46:37 +02:00
Frank Denis
06ee95c3f1
Regen autoconf scripts
2018-03-14 12:03:49 -07:00
Frank Denis
19f5c4f620
Include limits.h for ancient Android NDKs. Sigh.
2018-01-19 16:48:06 +01:00
Frank Denis
b862bf0267
Include limits.h for ancient Android NDKs. Sigh.
2018-01-19 16:46:46 +01:00
Frank Denis
729d80a1ac
Include <stdint.h> for SIZE_MAX, and <stddef.h> as a dependency
2018-01-19 15:25:39 +01:00
Frank Denis
57ca449c7e
Include <stdint.h> for SIZE_MAX, and <stddef.h> as a dependency
2018-01-19 15:25:01 +01:00
Frank Denis
13513e886b
Keep things simple; directly initialize the example RNG from the system one
2018-01-17 15:11:18 +01:00
Frank Denis
e2581d9105
Swap #ifdef branches for clarity
2018-01-16 01:06:03 +01:00
Frank Denis
958060e2ec
Signatures: do not reject weak public keys if ED25519_COMPAT is defined
2018-01-16 01:02:29 +01:00
Frank Denis
0468e778d2
Revert "Solaris Studio apparently supports __attribute__()"
...
This reverts commit 74a4496cc5
.
2018-01-15 13:34:31 +01:00
Frank Denis
74a4496cc5
Solaris Studio apparently supports __attribute__()
...
Fixes #660
2018-01-14 23:09:46 +01:00
Frank Denis
59f8556bfa
Check if we can use inline asm code, not only on x86_64
2017-12-31 01:24:26 +01:00
Frank Denis
764656443f
Check if we can use inline asm code, not only on x86_64
2017-12-31 01:23:58 +01:00
Frank Denis
a18e21b49d
Use (""::"r"(pnt):"memory") instead of (""::"p"(pnt)) for the barrier
2017-12-31 01:11:45 +01:00
Frank Denis
8c2e89d109
Use (""::"r"(pnt):"memory") instead of (""::"p"(pnt)) for the barrier
2017-12-31 01:10:48 +01:00
Ryan Lester
0ceb245eea
Closure fix
2017-12-27 08:54:20 +01:00
Ryan Lester
607d9b7943
Closure fix
2017-12-26 22:39:17 -05:00
Frank Denis
b92e7b40ed
Brace yourself
2017-12-22 17:06:38 +01:00
Frank Denis
0187ba70ad
Require the generichash state to be aligned
...
Alignment is already required by other functions anyway.
2017-12-21 18:21:43 +01:00
Frank Denis
1e7839a90c
Lift alignment requirements in crypto_generichash()
2017-12-21 18:14:17 +01:00
Frank Denis
2604a41774
Add extra align statements
2017-12-21 17:24:23 +01:00
Frank Denis
ffb8475a4a
Brace yourself
2017-12-21 17:24:01 +01:00
Frank Denis
3383fd1bdf
Extra braces
2017-12-21 16:57:27 +01:00
Frank Denis
bee480cfd3
Extra braces
2017-12-21 16:57:04 +01:00
Frank Denis
fb53590047
Remove unused LOAD128() and STORE128() macros
2017-12-21 16:48:52 +01:00
Frank Denis
107b42af3f
Remove unused LOAD128() and STORE128() macros
2017-12-21 16:48:15 +01:00
Frank Denis
1f1b0afb5c
Do not assume that __clang__ being defined implied __GNUC__ defined as well
2017-12-19 21:44:48 +01:00
Frank Denis
b1273b0411
Back to dev mode
2017-12-19 21:44:25 +01:00
Frank Denis
bf1444f976
Do not assume that __clang__ being defined implied __GNUC__ defined as well
2017-12-19 21:41:56 +01:00
Frank Denis
8fed6e5b46
We really don't need an intermediate variable here
2017-12-16 13:29:44 +01:00
Frank Denis
77e7d88d89
We really don't need an intermediate variable here
2017-12-16 13:04:59 +01:00
Frank Denis
5bc564cac1
1.0.16
...
* master: (221 commits)
Comment
Comments
msys2 build scripts: just use -Ofast
Always prefer vararrays to alloca()
Don't redefine alloca
Return -1 if the scalar is 0 in crypto_scalarmult_ed25519()
Remove trailing space
Import the regen-msvc script
Update ChangeLog
Do not wipe the workspace after argon2 completes
Remove tests for deprecated functions
Give the compiler a change to inline index_alpha()
Immediately allocate all required memory in argon2/scrypt
Check reduced-round salsa variants in non-minimal mode
Coverage exclusion -- this is just an extra, redundant check
Remove incorrect and useless cast
-fomit-frame-pointer makes a different on mips
WebAssembly benefits from the 128-bit types, too
Remove extra spaces
Undef devel
...
2017-12-13 16:21:20 +01:00
Frank Denis
675149b9b8
Comment
2017-12-13 10:24:13 +01:00
Frank Denis
a1d438c8ba
Comments
2017-12-13 00:03:01 +01:00
Frank Denis
95a7dc5e46
Always prefer vararrays to alloca()
2017-12-12 22:27:21 +01:00
Frank Denis
2f56443631
Don't redefine alloca
2017-12-12 22:23:37 +01:00
Frank Denis
ac8dffbecb
Return -1 if the scalar is 0 in crypto_scalarmult_ed25519()
...
For consistency with _base()
2017-12-12 14:35:08 +01:00
Frank Denis
ec67b0890f
Do not wipe the workspace after argon2 completes
...
The overhead can be really prohibitive on servers.
2017-12-11 23:38:20 +01:00
Frank Denis
534250a833
Give the compiler a change to inline index_alpha()
2017-12-11 23:22:34 +01:00
Frank Denis
5aa2b913f4
Immediately allocate all required memory in argon2/scrypt
2017-12-11 23:15:15 +01:00
Frank Denis
bd9e859e52
Coverage exclusion -- this is just an extra, redundant check
2017-12-11 20:08:56 +01:00
Frank Denis
11f217fec8
Undef devel
2017-12-09 11:14:28 +01:00
Frank Denis
e985fe204c
Spacing
2017-12-06 15:34:06 +00:00
Frank Denis
a916fff400
Reorder
2017-12-06 15:19:15 +00:00
Frank Denis
715cb6ba33
Faster scalarmult_ed25519()
2017-12-06 15:13:18 +00:00
Frank Denis
3e588a48e3
scalarmult_ed25519_base(): return -1 if the scalar (not the result) is all zero
2017-12-03 20:53:54 +01:00
Frank Denis
3d6cd63b2a
Add an empty line for consistency
2017-12-01 17:41:45 +01:00
Frank Denis
ccdad9d68d
Coverage exclusion
2017-12-01 17:34:03 +01:00
Frank Denis
307503df96
Coverage exclusion
2017-12-01 17:31:45 +01:00
Frank Denis
cc92e26a6b
Coverage exclusion
2017-12-01 17:23:16 +01:00
Frank Denis
07c5764d5e
Correct argument names in internal prototype
2017-12-01 15:23:01 +01:00
Frank Denis
5ecaeb33aa
Correct argument names in internal prototype
2017-12-01 15:22:33 +01:00
Frank Denis
4098a12635
Improve clarity
2017-11-26 13:05:47 +01:00
Frank Denis
f5a4064646
CompCert seems to be fine with S_* macros now
2017-11-26 12:31:31 +01:00
Frank Denis
06a523423a
Oh, the joy of compilers pretending to support C99, but that actually don't
2017-11-26 00:11:56 +01:00