rbnacl-libsodium 0.5.0.1 → 0.6.0

data/vendor/libsodium/src/libsodium/include/sodium/crypto_stream_salsa20.h

@@ -10,6 +10,7 @@
  */
 
 #include <stddef.h>
+#include <stdint.h>
 #include "export.h"
 
 #ifdef __cplusplus
@@ -36,6 +37,11 @@ int crypto_stream_salsa20_xor(unsigned char *c, const unsigned char *m,
                               unsigned long long mlen, const unsigned char *n,
                               const unsigned char *k);
 
+SODIUM_EXPORT
+int crypto_stream_salsa20_xor_ic(unsigned char *c, const unsigned char *m,
+                                 unsigned long long mlen,
+                                 const unsigned char *n, uint64_t ic,
+                                 const unsigned char *k);
 #ifdef __cplusplus
 }
 #endif

data/vendor/libsodium/src/libsodium/include/sodium/randombytes.h

@@ -26,28 +26,28 @@ typedef struct randombytes_implementation {
 } randombytes_implementation;
 
 SODIUM_EXPORT
-int         randombytes_set_implementation(randombytes_implementation *impl);
+int randombytes_set_implementation(randombytes_implementation *impl);
 
 SODIUM_EXPORT
-void        randombytes(unsigned char * const buf, const unsigned long long buf_len);
+void randombytes(unsigned char * const buf, const unsigned long long buf_len);
 
 SODIUM_EXPORT
 const char *randombytes_implementation_name(void);
 
 SODIUM_EXPORT
-uint32_t    randombytes_random(void);
+uint32_t randombytes_random(void);
 
 SODIUM_EXPORT
-void        randombytes_stir(void);
+void randombytes_stir(void);
 
 SODIUM_EXPORT
-uint32_t    randombytes_uniform(const uint32_t upper_bound);
+uint32_t randombytes_uniform(const uint32_t upper_bound);
 
 SODIUM_EXPORT
-void        randombytes_buf(void * const buf, const size_t size);
+void randombytes_buf(void * const buf, const size_t size);
 
 SODIUM_EXPORT
-int         randombytes_close(void);
+int randombytes_close(void);
 
 #ifdef __cplusplus
 }

data/vendor/libsodium/src/libsodium/randombytes/salsa20/randombytes_salsa20_random.c

@@ -25,8 +25,13 @@
 
 #ifdef _WIN32
 # include <windows.h>
-# include <wincrypt.h>
 # include <sys/timeb.h>
+# define RtlGenRandom SystemFunction036
+# if defined(__cplusplus)
+extern "C"
+# endif
+BOOLEAN NTAPI RtlGenRandom(PVOID RandomBuffer, ULONG RandomBufferLength);
+# pragma comment(lib, "advapi32.lib")
 #endif
 
 #define SALSA20_RANDOM_BLOCK_SIZE crypto_core_salsa20_OUTPUTBYTES
@@ -41,9 +46,6 @@ typedef struct Salsa20Random_ {
     size_t        rnd32_outleft;
 #ifndef _MSC_VER
     pid_t         pid;
-#endif
-#ifdef _WIN32
-    HCRYPTPROV    hcrypt_prov;
 #endif
     int           random_data_source_fd;
     int           initialized;
@@ -119,8 +121,7 @@ randombytes_salsa20_random_random_dev_open(void)
     int               fd;
 
     do {
-        if (access(*device, F_OK | R_OK) == 0 &&
-            (fd = open(*device, O_RDONLY)) != -1) {
+        if ((fd = open(*device, O_RDONLY)) != -1) {
             if (fstat(fd, &st) == 0 && S_ISCHR(st.st_mode)) {
                 return fd;
             }
@@ -154,11 +155,6 @@ randombytes_salsa20_random_init(void)
 {
     stream.nonce = sodium_hrtime();
     assert(stream.nonce != (uint64_t) 0U);
-
-    if (! CryptAcquireContextW(&stream.hcrypt_prov, NULL, NULL,
-                               PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) {
-        abort();
-    }
 }
 #endif
 
@@ -188,7 +184,7 @@ randombytes_salsa20_random_stir(void)
         abort();
     }
 #else /* _WIN32 */
-    if (! CryptGenRandom(stream.hcrypt_prov, sizeof m0, (BYTE *) m0)) {
+    if (! RtlGenRandom((PVOID) m0, (ULONG) sizeof m0)) {
         abort();
     }
 #endif
@@ -256,8 +252,7 @@ randombytes_salsa20_random_close(void)
         ret = 0;
     }
 #else /* _WIN32 */
-    if (stream.initialized != 0 &&
-        CryptReleaseContext(stream.hcrypt_prov, 0)) {
+    if (stream.initialized != 0) {
         stream.initialized = 0;
         ret = 0;
     }
@@ -279,6 +274,7 @@ randombytes_salsa20_random_buf(void * const buf, const size_t size)
     randombytes_salsa20_random_stir_if_needed();
     COMPILER_ASSERT(sizeof stream.nonce == crypto_stream_salsa20_NONCEBYTES);
 #ifdef ULONG_LONG_MAX
+    /* coverity[result_independent_of_operands] */
     assert(size <= ULONG_LONG_MAX);
 #endif
     ret = crypto_stream_salsa20((unsigned char *) buf, (unsigned long long) size,

data/vendor/libsodium/src/libsodium/randombytes/sysrandom/randombytes_sysrandom.c

@@ -22,7 +22,12 @@
 
 #ifdef _WIN32
 # include <windows.h>
-# include <wincrypt.h>
+# define RtlGenRandom SystemFunction036
+# if defined(__cplusplus)
+extern "C"
+# endif
+BOOLEAN NTAPI RtlGenRandom(PVOID RandomBuffer, ULONG RandomBufferLength);
+# pragma comment(lib, "advapi32.lib")
 #endif
 
 #ifdef __OpenBSD__
@@ -59,9 +64,6 @@ randombytes_sysrandom_close(void)
 #else /* __OpenBSD__ */
 
 typedef struct SysRandom_ {
-#ifdef _WIN32
-    HCRYPTPROV hcrypt_prov;
-#endif
     int        random_data_source_fd;
     int        initialized;
 } SysRandom;
@@ -111,8 +113,7 @@ randombytes_sysrandom_random_dev_open(void)
     int                fd;
 
     do {
-        if (access(*device, F_OK | R_OK) == 0 &&
-            (fd = open(*device, O_RDONLY)) != -1) {
+        if ((fd = open(*device, O_RDONLY)) != -1) {
             if (fstat(fd, &st) == 0 && S_ISCHR(st.st_mode)) {
                 return fd;
             }
@@ -141,10 +142,6 @@ randombytes_sysrandom_init(void)
 static void
 randombytes_sysrandom_init(void)
 {
-    if (! CryptAcquireContextW(&stream.hcrypt_prov, NULL, NULL,
-                               PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) {
-        abort();
-    }
 }
 #endif
 
@@ -178,8 +175,7 @@ randombytes_sysrandom_close(void)
         ret = 0;
     }
 #else /* _WIN32 */
-    if (stream.initialized != 0 &&
-        CryptReleaseContext(stream.hcrypt_prov, 0)) {
+    if (stream.initialized != 0) {
         stream.initialized = 0;
         ret = 0;
     }
@@ -202,6 +198,7 @@ randombytes_sysrandom_buf(void * const buf, const size_t size)
 {
     randombytes_sysrandom_stir_if_needed();
 #ifdef ULONG_LONG_MAX
+    /* coverity[result_independent_of_operands] */
     assert(size <= ULONG_LONG_MAX);
 #endif
 #ifndef _WIN32
@@ -212,7 +209,7 @@ randombytes_sysrandom_buf(void * const buf, const size_t size)
     if (size > 0xffffffff) {
         abort();
     }
-    if (! CryptGenRandom(stream.hcrypt_prov, (DWORD) size, (BYTE *) buf)) {
+    if (! RtlGenRandom((PVOID) buf, (ULONG) size)) {
         abort();
     }
 #endif

data/vendor/libsodium/src/libsodium/sodium/compat.c

@@ -5,6 +5,7 @@
 #include "crypto_hash_sha256.h"
 #include "crypto_hash_sha512.h"
 #include "crypto_onetimeauth_poly1305.h"
+#include "crypto_pwhash_scryptsalsa208sha256.h"
 #include "crypto_scalarmult_curve25519.h"
 #include "crypto_secretbox_xsalsa20poly1305.h"
 #include "crypto_sign_ed25519.h"
@@ -14,12 +15,62 @@
 #include "crypto_verify_32.h"
 #include "export.h"
 
-#ifdef EXPORT_ORIGINAL_IMPLEMENTATIONS
-
 #ifdef __cplusplus
 extern "C" {
 #endif
 
+#undef crypto_pwhash_scryptxsalsa208sha256_saltbytes
+SODIUM_EXPORT size_t
+crypto_pwhash_scryptxsalsa208sha256_saltbytes(void)
+{
+    return crypto_pwhash_scryptsalsa208sha256_saltbytes();
+}
+
+#undef crypto_pwhash_scryptxsalsa208sha256_strbytes
+SODIUM_EXPORT size_t
+crypto_pwhash_scryptxsalsa208sha256_strbytes(void)
+{
+    return crypto_pwhash_scryptsalsa208sha256_strbytes();
+}
+
+#undef crypto_pwhash_scryptxsalsa208sha256
+SODIUM_EXPORT int
+crypto_pwhash_scryptxsalsa208sha256(unsigned char * const out,
+                                    unsigned long long outlen,
+                                    const char * const passwd,
+                                    unsigned long long passwdlen,
+                                    const unsigned char * const salt,
+                                    unsigned long long opslimit,
+                                    size_t memlimit)
+{
+    return crypto_pwhash_scryptsalsa208sha256(out, outlen, passwd, passwdlen,
+                                              salt, opslimit, memlimit);
+}
+
+#undef crypto_pwhash_scryptxsalsa208sha256_str
+SODIUM_EXPORT int
+crypto_pwhash_scryptxsalsa208sha256_str(char out[crypto_pwhash_scryptsalsa208sha256_STRBYTES],
+                                        const char * const passwd,
+                                        unsigned long long passwdlen,
+                                        unsigned long long opslimit,
+                                        size_t memlimit)
+{
+    return crypto_pwhash_scryptsalsa208sha256_str(out, passwd, passwdlen,
+                                                  opslimit, memlimit);
+}
+
+#undef crypto_pwhash_scryptxsalsa208sha256_str_verify
+SODIUM_EXPORT int
+crypto_pwhash_scryptxsalsa208sha256_str_verify(const char str[crypto_pwhash_scryptsalsa208sha256_STRBYTES],
+                                               const char * const passwd,
+                                               unsigned long long passwdlen)
+{
+    return crypto_pwhash_scryptsalsa208sha256_str_verify(str,
+                                                         passwd, passwdlen);
+}
+
+#ifdef EXPORT_ORIGINAL_IMPLEMENTATIONS
+
 #undef crypto_hash_sha256_ref
 SODIUM_EXPORT int
 crypto_hash_sha256_ref(unsigned char *out, const unsigned char *in,
@@ -303,8 +354,8 @@ crypto_stream_salsa20_ref_xor(unsigned char *c,
     return crypto_stream_salsa20_xor(c, m, mlen, n, k);
 }
 
-#ifdef __cplusplus
-}
 #endif
 
+#ifdef __cplusplus
+}
 #endif

data/vendor/libsodium/src/libsodium/sodium/utils.c

@@ -19,6 +19,15 @@
 # include <wincrypt.h>
 #endif
 
+#ifdef HAVE_WEAK_SYMBOLS
+__attribute__((weak)) void
+__sodium_dummy_symbol_to_prevent_lto(void * const pnt, const size_t len)
+{
+    (void) pnt;
+    (void) len;
+}
+#endif
+
 void
 sodium_memzero(void * const pnt, const size_t len)
 {
@@ -30,6 +39,9 @@ sodium_memzero(void * const pnt, const size_t len)
     }
 #elif defined(HAVE_EXPLICIT_BZERO)
     explicit_bzero(pnt, len);
+#elif HAVE_WEAK_SYMBOLS
+    memset(pnt, 0, len);
+    __sodium_dummy_symbol_to_prevent_lto(pnt, len);
 #else
     volatile unsigned char *pnt_ = (volatile unsigned char *) pnt;
     size_t                     i = (size_t) 0U;
@@ -161,6 +173,9 @@ sodium_hex2bin(unsigned char * const bin, const size_t bin_maxlen,
 int
 sodium_mlock(void * const addr, const size_t len)
 {
+#ifdef MADV_DONTDUMP
+    (void) madvise(addr, len, MADV_DONTDUMP);
+#endif
 #ifdef HAVE_MLOCK
     return mlock(addr, len);
 #elif defined(HAVE_VIRTUALLOCK)
@@ -175,6 +190,9 @@ int
 sodium_munlock(void * const addr, const size_t len)
 {
     sodium_memzero(addr, len);
+#ifdef MADV_DODUMP
+    (void) madvise(addr, len, MADV_DODUMP);
+#endif
 #ifdef HAVE_MLOCK
     return munlock(addr, len);
 #elif defined(HAVE_VIRTUALLOCK)

data/vendor/libsodium/test/default/Makefile.am

@@ -2,6 +2,7 @@
 EXTRA_DIST = \
 	cmptest.h \
 	wintest.bat \
+	aead_chacha20poly1305.exp \
 	auth.exp \
 	auth2.exp \
 	auth3.exp \
@@ -14,6 +15,8 @@ EXTRA_DIST = \
 	box8.exp \
 	box_easy.exp \
 	box_easy2.exp \
+	box_seed.exp \
+	chacha20.exp \
 	core1.exp \
 	core2.exp \
 	core3.exp \
@@ -30,12 +33,11 @@ EXTRA_DIST = \
 	onetimeauth2.exp \
 	onetimeauth7.exp \
 	pwhash.exp \
+	pwhash_scrypt_ll.exp \
 	scalarmult.exp \
 	scalarmult2.exp \
 	scalarmult5.exp \
 	scalarmult6.exp \
-	scalarmult7.exp \
-	scalarmult8.exp \
 	secretbox.exp \
 	secretbox2.exp \
 	secretbox7.exp \
@@ -56,6 +58,7 @@ EXTRA_DIST = \
 	verify1.exp
 
 DISTCLEANFILES = \
+	aead_chacha20poly1305.res \
 	auth.res \
 	auth2.res \
 	auth3.res \
@@ -68,6 +71,8 @@ DISTCLEANFILES = \
 	box8.res \
 	box_easy.res \
 	box_easy2.res \
+	box_seed.res \
+	chacha20.res \
 	core1.res \
 	core2.res \
 	core3.res \
@@ -84,12 +89,11 @@ DISTCLEANFILES = \
 	onetimeauth2.res \
 	onetimeauth7.res \
 	pwhash.res \
+	pwhash_scrypt_ll.res \
 	scalarmult.res \
 	scalarmult2.res \
 	scalarmult5.res \
 	scalarmult6.res \
-	scalarmult7.res \
-	scalarmult8.res \
 	secretbox.res \
 	secretbox2.res \
 	secretbox7.res \
@@ -118,6 +122,7 @@ AM_CPPFLAGS = \
 	-I$(top_srcdir)/test/quirks
 
 TESTS_TARGETS = \
+	aead_chacha20poly1305 \
 	auth \
 	auth2 \
 	auth3 \
@@ -130,6 +135,8 @@ TESTS_TARGETS = \
 	box8 \
 	box_easy \
 	box_easy2 \
+	box_seed \
+	chacha20 \
 	core1 \
 	core2 \
 	core3 \
@@ -145,13 +152,12 @@ TESTS_TARGETS = \
 	onetimeauth2 \
 	onetimeauth7 \
 	pwhash \
+	pwhash_scrypt_ll \
 	randombytes \
 	scalarmult \
 	scalarmult2 \
 	scalarmult5 \
 	scalarmult6 \
-	scalarmult7 \
-	scalarmult8 \
 	secretbox \
 	secretbox2 \
 	secretbox7 \
@@ -178,6 +184,9 @@ TESTS = $(TESTS_TARGETS)
 TESTS_LDADD = \
 	${top_builddir}/src/libsodium/libsodium.la
 
+aead_chacha20poly1305_SOURCE          = cmptest.h aead_chacha20poly1305.c
+aead_chacha20poly1305_LDADD           = $(TESTS_LDADD)
+
 auth_SOURCE               = cmptest.h auth.c
 auth_LDADD                = $(TESTS_LDADD)
 
@@ -214,6 +223,12 @@ box_easy_LDADD            = $(TESTS_LDADD)
 box_easy2_SOURCE          = cmptest.h box_easy2.c
 box_easy2_LDADD           = $(TESTS_LDADD)
 
+box_seed_SOURCE           = cmptest.h box_seed.c
+box_seed_LDADD            = $(TESTS_LDADD)
+
+chacha20_SOURCE           = cmptest.h chacha20.c
+chacha20_LDADD            = $(TESTS_LDADD)
+
 core1_SOURCE              = cmptest.h core1.c
 core1_LDADD               = $(TESTS_LDADD)
 
@@ -259,6 +274,9 @@ onetimeauth7_LDADD        = $(TESTS_LDADD)
 pwhash_SOURCE             = cmptest.h pwhash.c
 pwhash_LDADD              = $(TESTS_LDADD)
 
+pwhash_scrypt_ll_SOURCE   = cmptest.h pwhash_scrypt_ll.c
+pwhash_scrypt_ll_LDADD    = $(TESTS_LDADD)
+
 randombytes_SOURCE        = randombytes.c
 randombytes_LDADD         = $(TESTS_LDADD)
 
@@ -274,12 +292,6 @@ scalarmult5_LDADD         = $(TESTS_LDADD)
 scalarmult6_SOURCE        = cmptest.h scalarmult6.c
 scalarmult6_LDADD         = $(TESTS_LDADD)
 
-scalarmult7_SOURCE        = cmptest.h scalarmult7.c
-scalarmult7_LDADD         = $(TESTS_LDADD)
-
-scalarmult8_SOURCE        = cmptest.h scalarmult8.c
-scalarmult8_LDADD         = $(TESTS_LDADD)
-
 secretbox_SOURCE          = cmptest.h secretbox.c
 secretbox_LDADD           = $(TESTS_LDADD)