kevin/libsodium
1
Fork 0
mirror of https://github.com/jedisct1/libsodium.git synced 2024-12-19 18:15:18 -07:00
Code Releases Wiki Activity
4,382 Commits 7 Branches 36 Tags 16 MiB
d0eb23e532
Commit Graph

2054 Commits

Author SHA1 Message Date
Frank Denis
baa75cd1b8 Indent 2023-09-01 16:32:45 +02:00
Frank Denis
0ea62015f2 scrypt_nosse: Remove the 64-bit version of blkxor() 
It broke strict aliasing.

Also remove ARCH_BITS that is not required any longer.

Fixes #1301
 2023-08-31 23:23:30 +02:00
Frank Denis
b828df51dd scrypt_integerify_sse: be consistent with the no_sse version 2023-08-31 23:18:09 +02:00
Frank Denis
30212c0952 scrypt_nosse: no need to use void * in integerify() 2023-08-31 23:08:56 +02:00
Frank Denis
a3f200abe6 Manually define __ARM_FEATURE_AES (necessary for CheriOS) 2023-08-23 22:18:11 +02:00
Frank Denis
4dc02ce841 Assume all CPUs supported by ARM Windows have the crypto extensions 
RADDI.net said:

"All supported AArch64 CPUs on desktop Windows 10 and 11 have
both AES (crypto) and NEON, no feature testing needed."
 2023-08-05 23:15:33 +02:00
Frank Denis
e698b1b000 Check _M_ARM64 in addition to __aarch64__ 2023-08-05 23:04:35 +02:00
Frank Denis
02368730f0 Compile libaesni with CFLAGS_AVX 2023-08-05 09:40:02 +02:00
Frank Denis
6668dc8008 Require/enable AVX for AES-based ciphers 2023-08-05 09:33:04 +02:00
Frank Denis
50c2f39b38 Move lut to the data section 2023-07-30 01:02:54 +02:00
Frank Denis
890905f946
Add proper CET support (followup to #1290) (#1291) 2023-07-19 18:27:36 +02:00
Siddhesh Poyarekar
0bc8e0bdfd
Build correctly with IBT and Shadow Stack (#1289) 
Add .gnu.property notes to indicate support for IBT and shadow stacks
when libsodium is built with it.  There's no stack switching code in
here, so this should not need any other codegen changes.
 2023-07-18 17:56:18 +02:00
Frank Denis
6187ebc10f Reorder AES ops on ARM 2023-06-19 12:34:10 +02:00
Frank Denis
c524c7a14b Revert "Leverage aegis*_absorb() when no message is desired" 
This reverts commit 2c56be1d77.
 2023-06-15 17:15:51 +02:00
Frank Denis
2c56be1d77 Leverage aegis*_absorb() when no message is desired 2023-06-06 23:21:22 +02:00
Frank Denis
8d9ab6cd76 Use CCRandomGenerateBytes if present 
Helps with App Store validation rules.
 2023-04-16 15:15:53 +02:00
Frank Denis
66a68f0947 AEGIS/ARM: help the compiler emit eor3 instructions on recent ARM CPUs 2023-03-12 23:41:23 +01:00
Frank Denis
07b4176eca pwhash: fill output buffer with junk prior to running the actual KDF 
These functions are a little bit special, because unlike everything
else, they do dynamic memory allocations, and are more likely to fail.

Applications are expected to check the return code, and these functions
are tagged with ((warn_unused_result)) but applications may still
ignore these.

This is also an issue with JavaScript, when total memory hasn't been
properly configured.

To be safe, fill the buffer with non-deterministic bytes, that are
unlikely to ever verify later.
 2023-02-15 20:16:10 +01:00
Frank Denis
48af322b7a AES-256-GCM (AES-NI): prefetch the next blocks 
...while computing the GHASH of the previous blocks.

For AMD CPUs with disabled hardware prefetchers, the gain may
be significant.
 2023-01-14 00:03:27 +01:00
Frank Denis
1bd73c1a68 Add crypto_kdf_hkdf_sha{256,512}_extract_{init,update,final} 2023-01-08 22:16:34 +01:00
Frank Denis
337fba6c23 2023 2023-01-05 14:06:26 +01:00
Frank Denis
415331e73b Mention that mlock() failing is not a hard error for sodium_malloc() 2022-12-19 12:12:05 +01:00
Frank Denis
c4a9f1b2af Add missing <stdint.h> includes 2022-12-13 20:33:09 +01:00
Frank Denis
1994ad93bd Sync the AESNI aes_gcm_decrypt_generic() impl with the ARM one 2022-12-11 23:47:46 +01:00
Frank Denis
4482067df9 Add a test for aes256gcm_decrypt with long inputs, make it pass 2022-12-11 23:44:50 +01:00
Frank Denis
ff480f17f0 Nits 2022-12-11 23:15:06 +01:00
Frank Denis
408125a72b Add AEGIS-256 software support 2022-12-10 00:03:42 +01:00
Frank Denis
15cceaad90 MSVC compat 2022-12-09 21:29:33 +01:00
Frank Denis
11d2fa5bb0 Add AEGIS-128L software support 2022-12-09 21:12:35 +01:00
Frank Denis
0f767c7d07 Get rid of the has_small_order() lookup table 2022-11-27 15:28:15 +01:00
Frank Denis
87ba2c4d36 Unexport _cached_ symbols, regen quirks.h 2022-11-26 22:28:08 +01:00
Frank Denis
f29f58e6ed Leverage p3_add()/p3_sub() 2022-11-26 22:20:37 +01:00
Frank Denis
d2d8f573b7 Add ge25519_p2_to_p3(), ge25519_p3_add(), ge25519_p3_sub() 2022-11-26 22:14:24 +01:00
Frank Denis
42b4a295fc crypto_sign_verify(): add and match the Zig test vectors 2022-11-26 21:25:47 +01:00
Frank Denis
6e8468d875 Support memset_explicit() if available 
NetBSD has explicit_memset(), but C23 decided to implement the
same thing but call it memset_explicit() instead. Go figure.
 2022-11-21 15:29:44 +01:00
Frank Denis
ece8e60524 AEGIS: add a specialized function to absorb the AD 2022-11-20 18:16:13 +01:00
Frank Denis
dd5c2bf23c Make the AEGIS code for ARM and Intel similar 2022-11-17 22:32:37 +01:00
Frank Denis
af679cfb66 Add _mm_set_epi64x emulation if required 2022-11-17 13:48:45 +01:00
Frank Denis
de83673ae4 Add some sanity checks 2022-11-17 13:04:22 +01:00
Frank Denis
104de0dcd1 clsq128(): simplify squaring 2022-11-16 22:51:44 +01:00
Frank Denis
9590e64fce salsa20: initialize partial block 
A compiler trying to be too smart could notice that we are shifting
ununitialized data (even though we then discard it), and apply
unwanted optimizations.
 2022-11-16 13:39:20 +01:00
Frank Denis
3105de25da Simplify 2022-11-16 13:25:00 +01:00
Frank Denis
ae82b44b70 ghash: move addmul operation into inline functions 2022-11-14 22:07:02 +01:00
Frank Denis
8489b4d124 __vectorcall didn't exist prior to Visual Studio 2012 2022-11-14 13:12:15 +01:00
Frank Denis
ad3241a0da Add __vectorcall to please MSVC 2022-11-14 12:51:11 +01:00
Frank Denis
479c370bc1 Require zig cc or clang for the amazing __builtin_shufflevector() 2022-11-13 23:53:28 +01:00
Frank Denis
b677924b2e Use enum instead of integers for C++ compat 2022-11-13 22:36:54 +01:00
Frank Denis
495a16cbe0 MSVC cannot compile AES-GCM for now 2022-11-13 21:26:04 +01:00
Frank Denis
379cd8303b Avoid C99isms 2022-11-13 21:23:19 +01:00
Frank Denis
ae8f462ad3 Avoid gcc extensions in aead_aes256gcm_aesni 2022-11-13 21:18:03 +01:00
Frank Denis
36d0196a4a Don't try ARM Crypto implementations on big-endian yet 2022-11-13 20:56:21 +01:00
Frank Denis
f3cf71edd7 Add AES256-GCM support for ARM crypto 2022-11-13 20:23:15 +01:00
Frank Denis
45a0cef2fc AES-NI can be available on i386 2022-11-13 19:40:39 +01:00
Frank Denis
73d039d8ca Remove unused macro 2022-11-13 18:46:22 +01:00
Frank Denis
9b623852bd Rewrite the AES256-GCM implementation 
Faster, way more readable, easier to port to other architectures.
 2022-11-13 18:42:38 +01:00
Frank Denis
a972fe6498 Indent 2022-10-21 17:54:39 +02:00
Frank Denis
992168c50f Win32: SecureZeroMemory may not be available 2022-10-20 14:42:55 +02:00
Frank Denis
b4c5d37fb5 scalarmult(): don't use the output as a temporary buffer 
So that application can use the same pointer for the public key
and the shared secret.
 2022-10-11 14:02:29 +02:00
Steve Thomas
0a6178f203
Clear decrypted block from stack (#1190) 2022-06-18 20:32:35 +02:00
Frank Denis
4bffcc63b1 sodium_compare(): cast operands to unsigned int 
This matches the Zig implementation and
fixes #1184
 2022-06-05 14:28:54 +02:00
Frank Denis
0124c4cddb Indent 2022-05-11 18:13:08 +02:00
Frank Denis
f425d4d96f Simplify blkxor() 2022-05-11 18:02:10 +02:00
Frank Denis
75bde19055 Revert "Add the shifumi128 ZKP system" 
This reverts commit 6efe9ee2b5.
 2022-04-02 09:32:22 +02:00
Frank Denis
6efe9ee2b5 Add the shifumi128 ZKP system 2022-03-31 20:04:51 +02:00
Frank Denis
69d15f1123 Support gcc-like and C11-like memory fences 2022-03-07 16:47:43 +01:00
Frank Denis
d4ee08ab8a Add memory fences where supported 2022-03-07 16:38:37 +01:00
Frank Denis
fbe2c92f0d AEGIS: rename constants to match the draft 2022-01-04 16:06:44 +01:00
Frank Denis
447cd270d9 edwards25519: faster recovery of the X coordinate 2021-12-27 15:16:56 +01:00
Frank Denis
089f850608 Remove expected length from the pwhash_str_verify()/needs_rehash() 2021-11-11 14:15:24 +01:00
Frank Denis
b65f8fdf4f Remove unused variables 2021-11-08 22:00:33 +01:00
Frank Denis
7052e4733f H2C: Y should be negative is gx1 is a square 
Fixes #1119
 2021-11-08 14:31:14 +01:00
Jørgen P. Tjernø
64129657a5
Portability improvements (#1105) 
* Move `raise` code to be behind an autoconf check

This moves the call to `raise` behind a `HAVE_RAISE` autoconf check,
in addition to `__wasm__`. This is intended to help porting to
other platforms that don't support `raise` (e.g. modern game consoles).

* Add autoconf check for `sysconf`

Only try to invoke `sysconf` if the target platform supports it, and
don't warn about unknown page size if `PAGE_SIZE` was defined. Add an
include for `sys/param.h` to increase likelihood of finding `PAGE_SIZE`.
This is intended to help porting to other platforms that don't support
`sysconf` (e.g. modern game consoles) that have a fixed hardware page
size.

* Don't try to use raise & sysconf in a WASI environment

Co-authored-by: Frank Denis <124872+jedisct1@users.noreply.github.com>
 2021-09-16 20:01:24 +02:00
Frank Denis
038e4114e9 fe25519_reduce64: handle the top bit 
This is only for code clarity and for people copy/pasting that
private code to use it in a different context.

The top 128 bits are always zero.
 2021-07-22 00:41:50 +02:00
Frank Denis
07c2f6c053 Handle the Sun and the IBM compilers separately 2021-07-09 15:47:40 +02:00
infinitydev
b9b66faddb
Fix build on z/OS using XLC (#1089) 
* Fix incorrect XLC #pragma in public header

* Fix incorrect XLC #pragma in internal blake2 header
 2021-07-09 15:38:07 +02:00
niooss-ledger
6cd2677d44
Remove unused variable from _sodium_runtime_intel_cpu_features (#1085) 
The function `_sodium_runtime_intel_cpu_features` assigns some value to
its local variable `id` but never reads it. Remove this variable, which
also simplifies the `if` statement that contains the assignment.
 2021-07-01 10:05:30 +02:00
Frank Denis
558886fd0e Use assignement + case instead of memcpy() 2021-06-17 20:57:21 +02:00
Frank Denis
a2ee77b90a Include private/sse2_64_32.h only where SSE2 is required 
Fixes #1074
 2021-06-13 21:40:54 +02:00
Alcaro
9faa6bb62b
core.c: Make _sodium_crit_init static (#1073) 2021-06-13 18:22:32 +02:00
Jordan Frank
7d1aad1797
define randombytes_set_implementation argument to be const (#1068) 2021-05-25 19:25:56 +02:00
Frank Denis
0e870c5406 Don't define DllMain in static builds 2021-05-22 10:29:00 +02:00
Christoph M. Becker
8b66d2b969
Delete critical section on DLL_PROCESS_DETACH (#1058) 
To explicitly release all allocated resources on shutdown on Windows, we delete the critical section on `DLL_PROCESS_DETACH`.

We do not employ any locking to avoid any potential deadlock.  In case of normal
DLL unloading there is no need to, and in case of forced unloading all bets are likely off anyway.
 2021-05-22 10:26:13 +02:00
P.I.E. Security Team
710b2d3963
Fix comment in ristretto255_elligator (#1052) 2021-04-21 11:21:58 +02:00
harl
144e6e3161
Fix MAC computation in AEGIS128L on aarch64 2021-03-15 10:24:48 +01:00
martingd
3de0b3cdad
Error from argon2_hash() during verify propagated. (#1039) 2021-03-12 18:01:08 +01:00
Frank Denis
f01675fcf2 Fix alignment after #1032 2021-02-12 17:15:00 +01:00
Tobias Nießen
219e74cc98
src: improve a few comments (#1032) 2021-02-12 17:13:22 +01:00
Frank Denis
e4206f1337 Change crypto_core_ed25519_from_string() to accept a hash function 2021-01-24 19:21:07 +01:00
Frank Denis
e0629769d3 Move the H2C string->hash functions to their own files 2021-01-24 18:45:14 +01:00
Frank Denis
5ff2b1a0e7 Allow arbitrary long string-to-H2C-hash operations 
Make the ristretto and edwards25519 string to hash code lookalike.
 2021-01-23 21:41:20 +01:00
Frank Denis
41e6cb3368 Use SHA-256 for the hash-to-ristretto255 operation 
We may eventually revert to SHA-512
 2021-01-23 19:00:05 +01:00
Frank Denis
89916bbe11 Explicit 2021-01-07 19:54:07 +01:00
Frank Denis
611e1a0bc1 Typo (risretto -> ristretto) 
Fixes #1014
 2020-12-10 22:17:06 +01:00
Frank Denis
45bca21a95 Detect ARM features with elf_aux_info on FreeBSD >= 12.0 
by @devnexen, thanks!

Fixes #1012
 2020-12-04 15:34:27 +01:00
Frank Denis
761c1b34cd Reorganize ARM features detection 2020-12-04 15:27:32 +01:00
Frank Denis
4aa74923d2 pwhash never supported "in-place" operation - return EINVAL 2020-11-24 22:50:15 +01:00
David CARLIER
d250858c74
DragonFlyBSD supports getrandom too since 5.7 2020-11-08 15:58:29 +01:00
Frank Denis
b302c8e8e1 secretbox_xchacha: don't do useless rounds for the first block 2020-10-29 18:39:40 +01:00
Frank Denis
31436eb1df secretbox_open: no need to encrypt the first block twice 2020-10-29 18:30:14 +01:00
Frank Denis
82652f0a0b Merge branch 'master' of github.com:jedisct1/libsodium into master 
* 'master' of github.com:jedisct1/libsodium:
  docs: fix simple typo, interoperatibility -> interoperability (#1002)
  Repair AEGIS on aarch64
 2020-10-12 11:51:13 +02:00