1
mirror of https://github.com/jedisct1/libsodium.git synced 2024-12-23 20:15:19 -07:00
Commit Graph

2035 Commits

Author SHA1 Message Date
Frank Denis
44b99c5a23 Add forgotten crypto_kdf_hkdf_sha512_statebytes() 2023-11-29 22:02:37 +01:00
Frank Denis
39184b5b96 Include argon2id in crypto_pwhash_primitive()
Fixes #1331
2023-11-10 12:12:02 +01:00
Frank Denis
b5eaa810c8 Revert "Include argon2id in crypto_pwhash_primitive()"
This reverts commit a2b12dfcc0.
2023-11-10 12:10:10 +01:00
Frank Denis
a2b12dfcc0 Include argon2id in crypto_pwhash_primitive()
Fixes #1331
2023-11-10 11:30:47 +01:00
Frank Denis
6ee5a73452 Add a comment where coordinates are expected to be normalized 2023-11-08 07:37:12 +01:00
Frank Denis
51126865d0 _M_AMD64 is the same as _M_X64 2023-11-02 06:40:17 +01:00
Frank Denis
1d03ea77fb Make aegis_mac() fallible
So that we can include additional checks, especially for weak states.

Ideally, weak states should be checked after every update, but they
would be especially bad when the cipher is used as a stream cipher.

And in that case, checking for a weak state only at the end is
sufficient.
2023-11-01 19:12:15 +01:00
Frank Denis
8f453f41f8 aarch64: set compiler attributes *after* including <arm_neon.h>
Fixes #1321
2023-10-20 13:47:57 +02:00
Ørjan Malde
0bbfe33ba9
midipix support (#1315) 2023-09-14 18:00:27 +02:00
Frank Denis
f26b9f72eb Use ANDROID_CPU_ARM64_FEATURE_AES for AES detection on Android/aarch64 2023-09-13 08:59:14 +02:00
Frank Denis
45aa3adb96 Handle SIGPROT, CHERI's in-address space security exception 2023-09-12 21:02:18 +02:00
Frank Denis
38ada39711 Forgotten attribute pop 2023-09-12 16:02:49 +02:00
Frank Denis
8b1f568cb1 aarch64: try harder when checking for the crypto extensions 2023-09-12 15:57:03 +02:00
Frank Denis
1074191f87 Don't hardcode type sizes 2023-09-12 12:51:53 +02:00
Frank Denis
605382399b Promote HKDF to minimal builds 2023-09-11 19:31:38 +02:00
Frank Denis
1ef7b43ae9 Switch AEGIS to 256-bit tags by default 2023-09-11 18:02:24 +02:00
Frank Denis
b7ac85b5b7 Don't hardcode the AEGIS tag length 2023-09-11 17:38:29 +02:00
Frank Denis
9db77385d0 Visual Studio: define __ARM_NEON on Windows/ARM 2023-09-11 00:58:53 +02:00
Frank Denis
08070591be Define additional capabilities when using Visual Studio 2023-09-11 00:52:12 +02:00
Frank Denis
3567436865 Replace the aegis256 implementation with the libaegis implementation 2023-09-09 20:20:54 +02:00
Frank Denis
e494ce3e69 Move sodium implementations out of their dedicated directory 2023-09-09 17:24:49 +02:00
Frank Denis
3acf050566 Replace aegis128l implementation with libaegis' implementation 2023-09-09 17:24:46 +02:00
Frank Denis
94c650ae80 Proper casts for C++ 2023-09-08 23:35:24 +02:00
Frank Denis
c3692bbe0f Revert "C++ compat"
This reverts commit 48a679650e.
2023-09-08 23:31:27 +02:00
Frank Denis
4776f392ab Simplify how non-deterministic ed25519 nonces are computed 2023-09-08 23:30:25 +02:00
Frank Denis
48a679650e C++ compat 2023-09-08 20:59:33 +02:00
Scr3amer
18fad78494
Add missing undef in _mm_roti_epi64 definition for blake2b-ssse3 (#1306) 2023-09-02 22:16:15 +02:00
Frank Denis
503a1ef2c3 Simplify _mm_roti_epi64 definition 2023-09-02 15:23:53 +02:00
Scr3amer
4ebe29b2e3
Do not redefine _mm_roti_epi64 if xop target feature is enabled. (#1305)
Undefine compiler macro if present and XOP not enable to avoid preprocessor warnings due to macro redefinition
2023-09-02 15:22:20 +02:00
Frank Denis
8ad54cb636 Fallback to _Thread_local on C11 regardless of the platform 2023-09-01 23:43:21 +02:00
Scr3amer
a04c8687ac
Define TLS as _Thread_local is compiler supports C11 (#1304)
This avoids having warnings when compiling with Clang-MinGW on windows.
2023-09-01 23:37:36 +02:00
Frank Denis
baa75cd1b8 Indent 2023-09-01 16:32:45 +02:00
Frank Denis
0ea62015f2 scrypt_nosse: Remove the 64-bit version of blkxor()
It broke strict aliasing.

Also remove ARCH_BITS that is not required any longer.

Fixes #1301
2023-08-31 23:23:30 +02:00
Frank Denis
b828df51dd scrypt_integerify_sse: be consistent with the no_sse version 2023-08-31 23:18:09 +02:00
Frank Denis
30212c0952 scrypt_nosse: no need to use void * in integerify() 2023-08-31 23:08:56 +02:00
Frank Denis
a3f200abe6 Manually define __ARM_FEATURE_AES (necessary for CheriOS) 2023-08-23 22:18:11 +02:00
Frank Denis
4dc02ce841 Assume all CPUs supported by ARM Windows have the crypto extensions
RADDI.net said:

"All supported AArch64 CPUs on desktop Windows 10 and 11 have
both AES (crypto) and NEON, no feature testing needed."
2023-08-05 23:15:33 +02:00
Frank Denis
e698b1b000 Check _M_ARM64 in addition to __aarch64__ 2023-08-05 23:04:35 +02:00
Frank Denis
02368730f0 Compile libaesni with CFLAGS_AVX 2023-08-05 09:40:02 +02:00
Frank Denis
6668dc8008 Require/enable AVX for AES-based ciphers 2023-08-05 09:33:04 +02:00
Frank Denis
50c2f39b38 Move lut to the data section 2023-07-30 01:02:54 +02:00
Frank Denis
890905f946
Add proper CET support (followup to #1290) (#1291) 2023-07-19 18:27:36 +02:00
Siddhesh Poyarekar
0bc8e0bdfd
Build correctly with IBT and Shadow Stack (#1289)
Add .gnu.property notes to indicate support for IBT and shadow stacks
when libsodium is built with it.  There's no stack switching code in
here, so this should not need any other codegen changes.
2023-07-18 17:56:18 +02:00
Frank Denis
6187ebc10f Reorder AES ops on ARM 2023-06-19 12:34:10 +02:00
Frank Denis
c524c7a14b Revert "Leverage aegis*_absorb() when no message is desired"
This reverts commit 2c56be1d77.
2023-06-15 17:15:51 +02:00
Frank Denis
2c56be1d77 Leverage aegis*_absorb() when no message is desired 2023-06-06 23:21:22 +02:00
Frank Denis
8d9ab6cd76 Use CCRandomGenerateBytes if present
Helps with App Store validation rules.
2023-04-16 15:15:53 +02:00
Frank Denis
66a68f0947 AEGIS/ARM: help the compiler emit eor3 instructions on recent ARM CPUs 2023-03-12 23:41:23 +01:00
Frank Denis
07b4176eca pwhash: fill output buffer with junk prior to running the actual KDF
These functions are a little bit special, because unlike everything
else, they do dynamic memory allocations, and are more likely to fail.

Applications are expected to check the return code, and these functions
are tagged with ((warn_unused_result)) but applications may still
ignore these.

This is also an issue with JavaScript, when total memory hasn't been
properly configured.

To be safe, fill the buffer with non-deterministic bytes, that are
unlikely to ever verify later.
2023-02-15 20:16:10 +01:00
Frank Denis
48af322b7a AES-256-GCM (AES-NI): prefetch the next blocks
...while computing the GHASH of the previous blocks.

For AMD CPUs with disabled hardware prefetchers, the gain may
be significant.
2023-01-14 00:03:27 +01:00