1
mirror of https://github.com/jedisct1/libsodium.git synced 2024-12-24 12:36:01 -07:00
Commit Graph

1987 Commits

Author SHA1 Message Date
Frank Denis
07b4176eca pwhash: fill output buffer with junk prior to running the actual KDF
These functions are a little bit special, because unlike everything
else, they do dynamic memory allocations, and are more likely to fail.

Applications are expected to check the return code, and these functions
are tagged with ((warn_unused_result)) but applications may still
ignore these.

This is also an issue with JavaScript, when total memory hasn't been
properly configured.

To be safe, fill the buffer with non-deterministic bytes, that are
unlikely to ever verify later.
2023-02-15 20:16:10 +01:00
Frank Denis
48af322b7a AES-256-GCM (AES-NI): prefetch the next blocks
...while computing the GHASH of the previous blocks.

For AMD CPUs with disabled hardware prefetchers, the gain may
be significant.
2023-01-14 00:03:27 +01:00
Frank Denis
1bd73c1a68 Add crypto_kdf_hkdf_sha{256,512}_extract_{init,update,final} 2023-01-08 22:16:34 +01:00
Frank Denis
337fba6c23 2023 2023-01-05 14:06:26 +01:00
Frank Denis
415331e73b Mention that mlock() failing is not a hard error for sodium_malloc() 2022-12-19 12:12:05 +01:00
Frank Denis
c4a9f1b2af Add missing <stdint.h> includes 2022-12-13 20:33:09 +01:00
Frank Denis
1994ad93bd Sync the AESNI aes_gcm_decrypt_generic() impl with the ARM one 2022-12-11 23:47:46 +01:00
Frank Denis
4482067df9 Add a test for aes256gcm_decrypt with long inputs, make it pass 2022-12-11 23:44:50 +01:00
Frank Denis
ff480f17f0 Nits 2022-12-11 23:15:06 +01:00
Frank Denis
408125a72b Add AEGIS-256 software support 2022-12-10 00:03:42 +01:00
Frank Denis
15cceaad90 MSVC compat 2022-12-09 21:29:33 +01:00
Frank Denis
11d2fa5bb0 Add AEGIS-128L software support 2022-12-09 21:12:35 +01:00
Frank Denis
0f767c7d07 Get rid of the has_small_order() lookup table 2022-11-27 15:28:15 +01:00
Frank Denis
87ba2c4d36 Unexport _cached_ symbols, regen quirks.h 2022-11-26 22:28:08 +01:00
Frank Denis
f29f58e6ed Leverage p3_add()/p3_sub() 2022-11-26 22:20:37 +01:00
Frank Denis
d2d8f573b7 Add ge25519_p2_to_p3(), ge25519_p3_add(), ge25519_p3_sub() 2022-11-26 22:14:24 +01:00
Frank Denis
42b4a295fc crypto_sign_verify(): add and match the Zig test vectors 2022-11-26 21:25:47 +01:00
Frank Denis
6e8468d875 Support memset_explicit() if available
NetBSD has explicit_memset(), but C23 decided to implement the
same thing but call it memset_explicit() instead. Go figure.
2022-11-21 15:29:44 +01:00
Frank Denis
ece8e60524 AEGIS: add a specialized function to absorb the AD 2022-11-20 18:16:13 +01:00
Frank Denis
dd5c2bf23c Make the AEGIS code for ARM and Intel similar 2022-11-17 22:32:37 +01:00
Frank Denis
af679cfb66 Add _mm_set_epi64x emulation if required 2022-11-17 13:48:45 +01:00
Frank Denis
de83673ae4 Add some sanity checks 2022-11-17 13:04:22 +01:00
Frank Denis
104de0dcd1 clsq128(): simplify squaring 2022-11-16 22:51:44 +01:00
Frank Denis
9590e64fce salsa20: initialize partial block
A compiler trying to be too smart could notice that we are shifting
ununitialized data (even though we then discard it), and apply
unwanted optimizations.
2022-11-16 13:39:20 +01:00
Frank Denis
3105de25da Simplify 2022-11-16 13:25:00 +01:00
Frank Denis
ae82b44b70 ghash: move addmul operation into inline functions 2022-11-14 22:07:02 +01:00
Frank Denis
8489b4d124 __vectorcall didn't exist prior to Visual Studio 2012 2022-11-14 13:12:15 +01:00
Frank Denis
ad3241a0da Add __vectorcall to please MSVC 2022-11-14 12:51:11 +01:00
Frank Denis
479c370bc1 Require zig cc or clang for the amazing __builtin_shufflevector() 2022-11-13 23:53:28 +01:00
Frank Denis
b677924b2e Use enum instead of integers for C++ compat 2022-11-13 22:36:54 +01:00
Frank Denis
495a16cbe0 MSVC cannot compile AES-GCM for now 2022-11-13 21:26:04 +01:00
Frank Denis
379cd8303b Avoid C99isms 2022-11-13 21:23:19 +01:00
Frank Denis
ae8f462ad3 Avoid gcc extensions in aead_aes256gcm_aesni 2022-11-13 21:18:03 +01:00
Frank Denis
36d0196a4a Don't try ARM Crypto implementations on big-endian yet 2022-11-13 20:56:21 +01:00
Frank Denis
f3cf71edd7 Add AES256-GCM support for ARM crypto 2022-11-13 20:23:15 +01:00
Frank Denis
45a0cef2fc AES-NI can be available on i386 2022-11-13 19:40:39 +01:00
Frank Denis
73d039d8ca Remove unused macro 2022-11-13 18:46:22 +01:00
Frank Denis
9b623852bd Rewrite the AES256-GCM implementation
Faster, way more readable, easier to port to other architectures.
2022-11-13 18:42:38 +01:00
Frank Denis
a972fe6498 Indent 2022-10-21 17:54:39 +02:00
Frank Denis
992168c50f Win32: SecureZeroMemory may not be available 2022-10-20 14:42:55 +02:00
Frank Denis
b4c5d37fb5 scalarmult(): don't use the output as a temporary buffer
So that application can use the same pointer for the public key
and the shared secret.
2022-10-11 14:02:29 +02:00
Steve Thomas
0a6178f203
Clear decrypted block from stack (#1190) 2022-06-18 20:32:35 +02:00
Frank Denis
4bffcc63b1 sodium_compare(): cast operands to unsigned int
This matches the Zig implementation and
fixes #1184
2022-06-05 14:28:54 +02:00
Frank Denis
0124c4cddb Indent 2022-05-11 18:13:08 +02:00
Frank Denis
f425d4d96f Simplify blkxor() 2022-05-11 18:02:10 +02:00
Frank Denis
75bde19055 Revert "Add the shifumi128 ZKP system"
This reverts commit 6efe9ee2b5.
2022-04-02 09:32:22 +02:00
Frank Denis
6efe9ee2b5 Add the shifumi128 ZKP system 2022-03-31 20:04:51 +02:00
Frank Denis
69d15f1123 Support gcc-like and C11-like memory fences 2022-03-07 16:47:43 +01:00
Frank Denis
d4ee08ab8a Add memory fences where supported 2022-03-07 16:38:37 +01:00
Frank Denis
fbe2c92f0d AEGIS: rename constants to match the draft 2022-01-04 16:06:44 +01:00