diff options
| author | aunsane <aunsane@gmail.com> | 2018-07-18 00:06:49 +0300 |
|---|---|---|
| committer | aunsane <aunsane@gmail.com> | 2018-07-18 00:17:42 +0300 |
| commit | 5a8dadd96ca13797f67c39079ba5c4889ef8c421 (patch) | |
| tree | 0532b9a3c21feb03a6a3be810f559ebf0af45947 /libs/libsodium/src | |
| parent | 39d52f0ab12ecf2a3a5f48bf7af140db282a13a6 (diff) | |
updated libsodium
Diffstat (limited to 'libs/libsodium/src')
18 files changed, 66 insertions, 48 deletions
diff --git a/libs/libsodium/src/crypto_aead/xchacha20poly1305/sodium/aead_xchacha20poly1305.c b/libs/libsodium/src/crypto_aead/xchacha20poly1305/sodium/aead_xchacha20poly1305.c index c18cdf9458..04971a82a7 100644 --- a/libs/libsodium/src/crypto_aead/xchacha20poly1305/sodium/aead_xchacha20poly1305.c +++ b/libs/libsodium/src/crypto_aead/xchacha20poly1305/sodium/aead_xchacha20poly1305.c @@ -53,7 +53,7 @@ crypto_aead_xchacha20poly1305_ietf_encrypt(unsigned char *c, unsigned long long clen = 0ULL; int ret; - if (mlen > UINT64_MAX - crypto_aead_xchacha20poly1305_ietf_ABYTES) { + if (mlen > crypto_aead_xchacha20poly1305_ietf_MESSAGEBYTES_MAX) { sodium_misuse(); } ret = crypto_aead_xchacha20poly1305_ietf_encrypt_detached diff --git a/libs/libsodium/src/crypto_generichash/blake2b/ref/blake2b-compress-avx2.h b/libs/libsodium/src/crypto_generichash/blake2b/ref/blake2b-compress-avx2.h index 21acb2fa0c..bc7e42d25e 100644 --- a/libs/libsodium/src/crypto_generichash/blake2b/ref/blake2b-compress-avx2.h +++ b/libs/libsodium/src/crypto_generichash/blake2b/ref/blake2b-compress-avx2.h @@ -2,9 +2,6 @@ #ifndef blake2b_compress_avx2_H #define blake2b_compress_avx2_H -#define LOAD128(p) _mm_load_si128((__m128i *) (p)) -#define STORE128(p, r) _mm_store_si128((__m128i *) (p), r) - #define LOADU128(p) _mm_loadu_si128((__m128i *) (p)) #define STOREU128(p, r) _mm_storeu_si128((__m128i *) (p), r) diff --git a/libs/libsodium/src/crypto_generichash/blake2b/ref/blake2b-compress-ref.c b/libs/libsodium/src/crypto_generichash/blake2b/ref/blake2b-compress-ref.c index 614fa34af7..b0422c93f1 100644 --- a/libs/libsodium/src/crypto_generichash/blake2b/ref/blake2b-compress-ref.c +++ b/libs/libsodium/src/crypto_generichash/blake2b/ref/blake2b-compress-ref.c @@ -34,12 +34,12 @@ blake2b_compress_ref(blake2b_state *S, const uint8_t block[BLAKE2B_BLOCKBYTES]) uint64_t v[16]; int i; - for (i = 0; i < 16; ++i) + for (i = 0; i < 16; ++i) { m[i] = LOAD64_LE(block + i * sizeof(m[i])); - - for (i = 0; i < 8; ++i) + } + for (i = 0; i < 8; ++i) { v[i] = S->h[i]; - + } v[8] = blake2b_IV[0]; v[9] = blake2b_IV[1]; v[10] = blake2b_IV[2]; diff --git a/libs/libsodium/src/crypto_generichash/blake2b/ref/blake2b-ref.c b/libs/libsodium/src/crypto_generichash/blake2b/ref/blake2b-ref.c index 91435a1b16..1d7adb76e2 100644 --- a/libs/libsodium/src/crypto_generichash/blake2b/ref/blake2b-ref.c +++ b/libs/libsodium/src/crypto_generichash/blake2b/ref/blake2b-ref.c @@ -51,9 +51,9 @@ blake2b_is_lastblock(const blake2b_state *S) static inline int blake2b_set_lastblock(blake2b_state *S) { - if (S->last_node) + if (S->last_node) { blake2b_set_lastnode(S); - + } S->f[0] = -1; return 0; } @@ -333,7 +333,7 @@ int blake2b(uint8_t *out, const void *in, const void *key, const uint8_t outlen, const uint64_t inlen, uint8_t keylen) { - blake2b_state S[1]; + CRYPTO_ALIGN(64) blake2b_state S[1]; /* Verify parameters */ if (NULL == in && inlen > 0) { @@ -371,7 +371,7 @@ blake2b_salt_personal(uint8_t *out, const void *in, const void *key, const uint8_t outlen, const uint64_t inlen, uint8_t keylen, const void *salt, const void *personal) { - blake2b_state S[1]; + CRYPTO_ALIGN(64) blake2b_state S[1]; /* Verify parameters */ if (NULL == in && inlen > 0) { diff --git a/libs/libsodium/src/crypto_onetimeauth/poly1305/donna/poly1305_donna32.h b/libs/libsodium/src/crypto_onetimeauth/poly1305/donna/poly1305_donna32.h index bcf447cd7d..cef6448048 100644 --- a/libs/libsodium/src/crypto_onetimeauth/poly1305/donna/poly1305_donna32.h +++ b/libs/libsodium/src/crypto_onetimeauth/poly1305/donna/poly1305_donna32.h @@ -5,7 +5,7 @@ #if defined(_MSC_VER) # define POLY1305_NOINLINE __declspec(noinline) -#elif defined(__GNUC__) +#elif defined(__clang__) || defined(__GNUC__) # define POLY1305_NOINLINE __attribute__((noinline)) #else # define POLY1305_NOINLINE diff --git a/libs/libsodium/src/crypto_onetimeauth/poly1305/donna/poly1305_donna64.h b/libs/libsodium/src/crypto_onetimeauth/poly1305/donna/poly1305_donna64.h index e0ed754779..c827f89834 100644 --- a/libs/libsodium/src/crypto_onetimeauth/poly1305/donna/poly1305_donna64.h +++ b/libs/libsodium/src/crypto_onetimeauth/poly1305/donna/poly1305_donna64.h @@ -13,7 +13,7 @@ #if defined(_MSC_VER) # define POLY1305_NOINLINE __declspec(noinline) -#elif defined(__GNUC__) +#elif defined(__clang__) || defined(__GNUC__) # define POLY1305_NOINLINE __attribute__((noinline)) #else # define POLY1305_NOINLINE diff --git a/libs/libsodium/src/crypto_onetimeauth/poly1305/sse2/poly1305_sse2.c b/libs/libsodium/src/crypto_onetimeauth/poly1305/sse2/poly1305_sse2.c index 022f15249b..e80c961d98 100644 --- a/libs/libsodium/src/crypto_onetimeauth/poly1305/sse2/poly1305_sse2.c +++ b/libs/libsodium/src/crypto_onetimeauth/poly1305/sse2/poly1305_sse2.c @@ -21,7 +21,7 @@ typedef __m128i xmmi; # if defined(_MSC_VER) # define POLY1305_NOINLINE __declspec(noinline) -# elif defined(__GNUC__) +# elif defined(__clang__) || defined(__GNUC__) # define POLY1305_NOINLINE __attribute__((noinline)) # else # define POLY1305_NOINLINE diff --git a/libs/libsodium/src/crypto_shorthash/siphash24/ref/shorthash_siphash24_ref.c b/libs/libsodium/src/crypto_shorthash/siphash24/ref/shorthash_siphash24_ref.c index 0c173d4c89..5487745b8a 100644 --- a/libs/libsodium/src/crypto_shorthash/siphash24/ref/shorthash_siphash24_ref.c +++ b/libs/libsodium/src/crypto_shorthash/siphash24/ref/shorthash_siphash24_ref.c @@ -33,16 +33,22 @@ crypto_shorthash_siphash24(unsigned char *out, const unsigned char *in, switch (left) { case 7: b |= ((uint64_t) in[6]) << 48; + /* FALLTHRU */ case 6: b |= ((uint64_t) in[5]) << 40; + /* FALLTHRU */ case 5: b |= ((uint64_t) in[4]) << 32; + /* FALLTHRU */ case 4: b |= ((uint64_t) in[3]) << 24; + /* FALLTHRU */ case 3: b |= ((uint64_t) in[2]) << 16; + /* FALLTHRU */ case 2: b |= ((uint64_t) in[1]) << 8; + /* FALLTHRU */ case 1: b |= ((uint64_t) in[0]); break; diff --git a/libs/libsodium/src/crypto_shorthash/siphash24/ref/shorthash_siphashx24_ref.c b/libs/libsodium/src/crypto_shorthash/siphash24/ref/shorthash_siphashx24_ref.c index 20480d0d5f..be984eeee5 100644 --- a/libs/libsodium/src/crypto_shorthash/siphash24/ref/shorthash_siphashx24_ref.c +++ b/libs/libsodium/src/crypto_shorthash/siphash24/ref/shorthash_siphashx24_ref.c @@ -32,16 +32,22 @@ crypto_shorthash_siphashx24(unsigned char *out, const unsigned char *in, switch (left) { case 7: b |= ((uint64_t) in[6]) << 48; + /* FALLTHRU */ case 6: b |= ((uint64_t) in[5]) << 40; + /* FALLTHRU */ case 5: b |= ((uint64_t) in[4]) << 32; + /* FALLTHRU */ case 4: b |= ((uint64_t) in[3]) << 24; + /* FALLTHRU */ case 3: b |= ((uint64_t) in[2]) << 16; + /* FALLTHRU */ case 2: b |= ((uint64_t) in[1]) << 8; + /* FALLTHRU */ case 1: b |= ((uint64_t) in[0]); break; diff --git a/libs/libsodium/src/crypto_sign/ed25519/ref10/open.c b/libs/libsodium/src/crypto_sign/ed25519/ref10/open.c index c9e8843c1e..aafecf64a1 100644 --- a/libs/libsodium/src/crypto_sign/ed25519/ref10/open.c +++ b/libs/libsodium/src/crypto_sign/ed25519/ref10/open.c @@ -23,21 +23,21 @@ _crypto_sign_ed25519_verify_detached(const unsigned char *sig, ge25519_p3 A; ge25519_p2 R; -#ifndef ED25519_COMPAT - if (sc25519_is_canonical(sig + 32) == 0 || - ge25519_has_small_order(sig) != 0) { +#ifdef ED25519_COMPAT + if (sig[63] & 224) { return -1; } - if (ge25519_is_canonical(pk) == 0) { +#else + if (sc25519_is_canonical(sig + 32) == 0 || + ge25519_has_small_order(sig) != 0) { return -1; } -#else - if (sig[63] & 224) { + if (ge25519_is_canonical(pk) == 0 || + ge25519_has_small_order(pk) != 0) { return -1; } #endif - if (ge25519_has_small_order(pk) != 0 || - ge25519_frombytes_negate_vartime(&A, pk) != 0) { + if (ge25519_frombytes_negate_vartime(&A, pk) != 0) { return -1; } _crypto_sign_ed25519_ref10_hinit(&hs, prehashed); diff --git a/libs/libsodium/src/include/sodium/crypto_generichash.h b/libs/libsodium/src/include/sodium/crypto_generichash.h index 2398fb9dbb..a5e1646fd1 100644 --- a/libs/libsodium/src/include/sodium/crypto_generichash.h +++ b/libs/libsodium/src/include/sodium/crypto_generichash.h @@ -41,6 +41,10 @@ size_t crypto_generichash_keybytes(void); SODIUM_EXPORT const char *crypto_generichash_primitive(void); +/* + * Important when writing bindings for other programming languages: + * the state address *must* be 64-bytes aligned. + */ typedef crypto_generichash_blake2b_state crypto_generichash_state; SODIUM_EXPORT diff --git a/libs/libsodium/src/include/sodium/export.h b/libs/libsodium/src/include/sodium/export.h index 0f624ae3c5..a0074fc9cb 100644 --- a/libs/libsodium/src/include/sodium/export.h +++ b/libs/libsodium/src/include/sodium/export.h @@ -2,7 +2,11 @@ #ifndef sodium_export_H #define sodium_export_H -#ifndef __GNUC__ +#include <stddef.h> +#include <stdint.h> +#include <limits.h> + +#if !defined(__clang__) && !defined(__GNUC__) # ifdef __attribute__ # undef __attribute__ # endif diff --git a/libs/libsodium/src/include/sodium/private/common.h b/libs/libsodium/src/include/sodium/private/common.h index 954d02ccd7..632fc8a73c 100644 --- a/libs/libsodium/src/include/sodium/private/common.h +++ b/libs/libsodium/src/include/sodium/private/common.h @@ -196,7 +196,7 @@ xor_buf(unsigned char *out, const unsigned char *in, size_t n) } } -#ifndef __GNUC__ +#if !defined(__clang__) && !defined(__GNUC__) # ifdef __attribute__ # undef __attribute__ # endif diff --git a/libs/libsodium/src/randombytes/randombytes.c b/libs/libsodium/src/randombytes/randombytes.c index 708616b8aa..4c1a536ef2 100644 --- a/libs/libsodium/src/randombytes/randombytes.c +++ b/libs/libsodium/src/randombytes/randombytes.c @@ -107,7 +107,7 @@ randombytes_stir(void) try { var crypto = require('crypto'); var randomValueNodeJS = function() { - var buf = crypto.randomBytes(4); + var buf = crypto['randomBytes'](4); return (buf[0] << 24 | buf[1] << 16 | buf[2] << 8 | buf[3]) >>> 0; }; randomValueNodeJS(); diff --git a/libs/libsodium/src/randombytes/salsa20/randombytes_salsa20_random.c b/libs/libsodium/src/randombytes/salsa20/randombytes_salsa20_random.c index 79916eabc0..477fda1c39 100644 --- a/libs/libsodium/src/randombytes/salsa20/randombytes_salsa20_random.c +++ b/libs/libsodium/src/randombytes/salsa20/randombytes_salsa20_random.c @@ -329,9 +329,6 @@ randombytes_salsa20_random_init(void) static void randombytes_salsa20_random_stir(void) { - unsigned char m0[crypto_stream_salsa20_KEYBYTES + - crypto_stream_salsa20_NONCEBYTES]; - memset(stream.rnd32, 0, sizeof stream.rnd32); stream.rnd32_outleft = (size_t) 0U; if (global.initialized == 0) { @@ -345,34 +342,31 @@ randombytes_salsa20_random_stir(void) #ifndef _WIN32 # ifdef HAVE_SAFE_ARC4RANDOM - arc4random_buf(m0, sizeof m0); + arc4random_buf(stream.key, sizeof stream.key); # elif defined(SYS_getrandom) && defined(__NR_getrandom) if (global.getrandom_available != 0) { - if (randombytes_linux_getrandom(m0, sizeof m0) != 0) { + if (randombytes_linux_getrandom(stream.key, sizeof stream.key) != 0) { sodium_misuse(); /* LCOV_EXCL_LINE */ } } else if (global.random_data_source_fd == -1 || - safe_read(global.random_data_source_fd, m0, - sizeof m0) != (ssize_t) sizeof m0) { + safe_read(global.random_data_source_fd, stream.key, + sizeof stream.key) != (ssize_t) sizeof stream.key) { sodium_misuse(); /* LCOV_EXCL_LINE */ } # else if (global.random_data_source_fd == -1 || - safe_read(global.random_data_source_fd, m0, - sizeof m0) != (ssize_t) sizeof m0) { + safe_read(global.random_data_source_fd, stream.key, + sizeof stream.key) != (ssize_t) sizeof stream.key) { sodium_misuse(); /* LCOV_EXCL_LINE */ } # endif #else /* _WIN32 */ - if (! RtlGenRandom((PVOID) m0, (ULONG) sizeof m0)) { + if (! RtlGenRandom((PVOID) stream.key, (ULONG) sizeof stream.key)) { sodium_misuse(); /* LCOV_EXCL_LINE */ } #endif - crypto_stream_salsa20(stream.key, sizeof stream.key, - m0 + crypto_stream_salsa20_KEYBYTES, m0); - sodium_memzero(m0, sizeof m0); stream.initialized = 1; } diff --git a/libs/libsodium/src/sodium/core.c b/libs/libsodium/src/sodium/core.c index 1ac29d09c8..d667312f19 100644 --- a/libs/libsodium/src/sodium/core.c +++ b/libs/libsodium/src/sodium/core.c @@ -21,7 +21,7 @@ #include "private/implementations.h" #include "private/mutex.h" -#if !defined(_MSC_VER) && 0 +#if !defined(_MSC_VER) && 1 # warning *** This is unstable, untested, development code. # warning It might not compile. It might not work as expected. # warning It might be totally insecure. diff --git a/libs/libsodium/src/sodium/runtime.c b/libs/libsodium/src/sodium/runtime.c index ba1000f4dc..f5c805cf55 100644 --- a/libs/libsodium/src/sodium/runtime.c +++ b/libs/libsodium/src/sodium/runtime.c @@ -153,10 +153,21 @@ _sodium_runtime_intel_cpu_features(CPUFeatures * const cpu_features) (defined(_MSC_VER) && defined(_XCR_XFEATURE_ENABLED_MASK) && _MSC_FULL_VER >= 160040219) xcr0 = (uint32_t) _xgetbv(0); # elif defined(_MSC_VER) && defined(_M_IX86) + /* + * Visual Studio documentation states that eax/ecx/edx don't need to + * be preserved in inline assembly code. But that doesn't seem to + * always hold true on Visual Studio 2010. + */ __asm { + push eax + push ecx + push edx xor ecx, ecx _asm _emit 0x0f _asm _emit 0x01 _asm _emit 0xd0 mov xcr0, eax + pop edx + pop ecx + pop eax } # elif defined(HAVE_AVX_ASM) __asm__ __volatile__(".byte 0x0f, 0x01, 0xd0" /* XGETBV */ diff --git a/libs/libsodium/src/sodium/utils.c b/libs/libsodium/src/sodium/utils.c index 85aad29200..3a5f835b9f 100644 --- a/libs/libsodium/src/sodium/utils.c +++ b/libs/libsodium/src/sodium/utils.c @@ -25,7 +25,7 @@ # ifdef HAVE_ALLOCA_H # include <alloca.h> # elif !defined(alloca) -# if defined(__GNUC__) +# if defined(__clang__) || defined(__GNUC__) # define alloca __builtin_alloca # elif defined _AIX # define alloca __alloca @@ -113,8 +113,8 @@ sodium_memzero(void *const pnt, const size_t len) #elif HAVE_WEAK_SYMBOLS memset(pnt, 0, len); _sodium_dummy_symbol_to_prevent_memzero_lto(pnt, len); -# ifdef HAVE_AMD64_ASM - __asm__ __volatile__ ("" : : "p"(pnt)); +# ifdef HAVE_INLINE_ASM + __asm__ __volatile__ ("" : : "r"(pnt) : "memory"); # endif #else volatile unsigned char *volatile pnt_ = @@ -573,15 +573,11 @@ sodium_malloc(const size_t size) __attribute__((malloc)) void * sodium_allocarray(size_t count, size_t size) { - size_t total_size; - if (count > (size_t) 0U && size >= (size_t) SIZE_MAX / count) { errno = ENOMEM; return NULL; } - total_size = count * size; - - return sodium_malloc(total_size); + return sodium_malloc(count * size); } #ifndef HAVE_ALIGNED_MALLOC |