RubyGems - rbnacl-libsodium - Versions diffs - 1.0.10 → 1.0.11 - Mend

rbnacl-libsodium 1.0.10 → 1.0.11

Files changed (124) hide show

data/vendor/libsodium/src/libsodium/include/sodium/private/mutex.h ADDED

@@ -0,0 +1,7 @@
+#ifndef mutex_H
+#define mutex_H 1
+extern int sodium_crit_enter(void);
+extern int sodium_crit_leave(void);
+#endif

data/vendor/libsodium/src/libsodium/include/sodium/randombytes.h CHANGED

@@ -10,7 +10,7 @@
 #include "export.h"
 #ifdef __cplusplus
-# if __GNUC__
+# ifdef __GNUC__
 #  pragma GCC diagnostic ignored "-Wlong-long"
 # endif
 extern "C" {

data/vendor/libsodium/src/libsodium/randombytes/nativeclient/randombytes_nativeclient.c CHANGED

@@ -4,7 +4,7 @@
 #include <stdlib.h>
 #ifdef __native_client__
-# include <nacl/nacl_random.h>
+# include <irt.h>
 # include "utils.h"
 # include "randombytes.h"
@@ -13,12 +13,23 @@
 static void
 randombytes_nativeclient_buf(void * const buf, const size_t size)
 {
-    size_t readnb;
+    unsigned char          *buf_ = (unsigned char *) buf;
+    struct nacl_irt_random  rand_intf;
+    size_t                  readnb = (size_t) 0U;
+    size_t                  toread = size;
-    if (nacl_secure_random(buf, size, &readnb) != 0) {
+    if (nacl_interface_query(NACL_IRT_RANDOM_v0_1, &rand_intf,
+                             sizeof rand_intf) != sizeof rand_intf) {
         abort();
     }
-    assert(readnb == size);
+    while (toread > (size_t) 0U) {
+        if (rand_intf.get_random_bytes(buf_, size, &readnb) != 0 ||
+            readnb > size) {
+            abort();
+        }
+        toread -= readnb;
+        buf_ += readnb;
+    }
 }
 static uint32_t

data/vendor/libsodium/src/libsodium/randombytes/randombytes.c CHANGED

@@ -20,18 +20,27 @@
 /* C++Builder defines a "random" macro */
 #undef random
-#ifndef __EMSCRIPTEN__
-#ifdef __native_client__
-static const randombytes_implementation *implementation =
-    &randombytes_nativeclient_implementation;
-#else
-static const randombytes_implementation *implementation =
-    &randombytes_sysrandom_implementation;
-#endif
+static const randombytes_implementation *implementation;
+#ifdef __EMSCRIPTEN__
+# define RANDOMBYTES_DEFAULT_IMPLEMENTATION NULL
 #else
-static const randombytes_implementation *implementation = NULL;
+# ifdef __native_client__
+#  define RANDOMBYTES_DEFAULT_IMPLEMENTATION &randombytes_nativeclient_implementation;
+# else
+#  define RANDOMBYTES_DEFAULT_IMPLEMENTATION &randombytes_sysrandom_implementation;
+# endif
 #endif
+static void
+randombytes_init_if_needed(void)
+{
+    if (implementation == NULL) {
+        implementation = RANDOMBYTES_DEFAULT_IMPLEMENTATION;
+        randombytes_stir();
+    }
+}
 int
 randombytes_set_implementation(randombytes_implementation *impl)
 {
@@ -44,6 +53,7 @@ const char *
 randombytes_implementation_name(void)
 {
 #ifndef __EMSCRIPTEN__
+    randombytes_init_if_needed();
     return implementation->implementation_name();
 #else
     return "js";
@@ -54,6 +64,7 @@ uint32_t
 randombytes_random(void)
 {
 #ifndef __EMSCRIPTEN__
+    randombytes_init_if_needed();
     return implementation->random();
 #else
     return EM_ASM_INT_V({
@@ -66,7 +77,8 @@ void
 randombytes_stir(void)
 {
 #ifndef __EMSCRIPTEN__
-    if (implementation != NULL && implementation->stir != NULL) {
+    randombytes_init_if_needed();
+    if (implementation->stir != NULL) {
         implementation->stir();
     }
 #else
@@ -110,11 +122,8 @@ randombytes_uniform(const uint32_t upper_bound)
     uint32_t min;
     uint32_t r;
-#ifdef __EMSCRIPTEN__
-    if (implementation != NULL && implementation->uniform != NULL) {
-        return implementation->uniform(upper_bound);
-    }
-#else
+#ifndef __EMSCRIPTEN__
+    randombytes_init_if_needed();
     if (implementation->uniform != NULL) {
         return implementation->uniform(upper_bound);
     }
@@ -134,6 +143,7 @@ void
 randombytes_buf(void * const buf, const size_t size)
 {
 #ifndef __EMSCRIPTEN__
+    randombytes_init_if_needed();
     if (size > (size_t) 0U) {
         implementation->buf(buf, size);
     }

data/vendor/libsodium/src/libsodium/randombytes/salsa20/randombytes_salsa20_random.c CHANGED

@@ -7,6 +7,7 @@
 #endif
 #ifdef __linux__
 # include <sys/syscall.h>
+# include <poll.h>
 #endif
 #include <assert.h>
@@ -26,6 +27,7 @@
 #include "randombytes.h"
 #include "randombytes_salsa20_random.h"
 #include "utils.h"
+#include "private/mutex.h"
 #ifdef _WIN32
 # include <windows.h>
@@ -128,6 +130,33 @@ safe_read(const int fd, void * const buf_, size_t size)
 #endif
 #ifndef _WIN32
+# if defined(__linux__) && !defined(USE_BLOCKING_RANDOM)
+static int
+randombytes_block_on_dev_random(void)
+{
+    struct pollfd pfd;
+    int           fd;
+    int           pret;
+    fd = open("/dev/random", O_RDONLY);
+    if (fd == -1) {
+        return 0;
+    }
+    pfd.fd = fd;
+    pfd.events = POLLIN;
+    pfd.revents = 0;
+    do {
+        pret = poll(&pfd, 1, -1);
+    } while (pret < 0 && (errno == EINTR || errno == EAGAIN));
+    if (pret != 1) {
+        (void) close(fd);
+        errno = EIO;
+        return -1;
+    }
+    return close(fd);
+}
+# endif
 # ifndef HAVE_SAFE_ARC4RANDOM
 static int
 randombytes_salsa20_random_random_dev_open(void)
@@ -143,6 +172,11 @@ randombytes_salsa20_random_random_dev_open(void)
     const char **     device = devices;
     int               fd;
+# if defined(__linux__) && !defined(USE_BLOCKING_RANDOM)
+    if (randombytes_block_on_dev_random() != 0) {
+        return -1;
+    }
+# endif
     do {
         fd = open(*device, O_RDONLY);
         if (fd != -1) {
@@ -173,7 +207,7 @@ randombytes_salsa20_random_random_dev_open(void)
 }
 # endif
-# ifdef SYS_getrandom
+# if defined(SYS_getrandom) && defined(__NR_getrandom)
 static int
 _randombytes_linux_getrandom(void * const buf, const size_t size)
 {
@@ -221,7 +255,7 @@ randombytes_salsa20_random_init(void)
     errno = errno_save;
 # else
-#  ifdef SYS_getrandom
+#  if defined(SYS_getrandom) && defined(__NR_getrandom)
     {
         unsigned char fodder[16];
@@ -264,7 +298,7 @@ randombytes_salsa20_random_rekey(const unsigned char * const mix)
 }
 static void
-randombytes_salsa20_random_stir(void)
+randombytes_salsa20_random_stir_unlocked(void)
 {
     /* constant to personalize the hash function */
     const unsigned char hsigma[crypto_generichash_KEYBYTES] = {
@@ -287,7 +321,7 @@ randombytes_salsa20_random_stir(void)
 # ifdef HAVE_SAFE_ARC4RANDOM
     arc4random_buf(m0, sizeof m0);
-# elif defined(SYS_getrandom)
+# elif defined(SYS_getrandom) && defined(__NR_getrandom)
     if (stream.getrandom_available != 0) {
         if (randombytes_linux_getrandom(m0, sizeof m0) != 0) {
             abort(); /* LCOV_EXCL_LINE */
@@ -322,18 +356,30 @@ randombytes_salsa20_random_stir(void)
 #endif
 }
+static void
+randombytes_salsa20_random_stir(void)
+{
+    if (sodium_crit_enter() != 0) {
+        abort();
+    }
+    randombytes_salsa20_random_stir_unlocked();
+    if (sodium_crit_leave() != 0) {
+        abort();
+    }
+}
 static void
 randombytes_salsa20_random_stir_if_needed(void)
 {
 #ifdef HAVE_GETPID
     if (stream.initialized == 0) {
-        randombytes_salsa20_random_stir();
+        randombytes_salsa20_random_stir_unlocked();
     } else if (stream.pid != getpid()) {
         abort();
     }
 #else
     if (stream.initialized == 0) {
-        randombytes_salsa20_random_stir();
+        randombytes_salsa20_random_stir_unlocked();
     }
 #endif
 }
@@ -343,6 +389,9 @@ randombytes_salsa20_random_close(void)
 {
     int ret = -1;
+    if (sodium_crit_enter() != 0) {
+        abort();
+    }
 #ifndef _WIN32
     if (stream.random_data_source_fd != -1 &&
         close(stream.random_data_source_fd) == 0) {
@@ -358,7 +407,7 @@ randombytes_salsa20_random_close(void)
     ret = 0;
 # endif
-# ifdef SYS_getrandom
+# if defined(SYS_getrandom) && defined(__NR_getrandom)
     if (stream.getrandom_available != 0) {
         ret = 0;
     }
@@ -370,6 +419,9 @@ randombytes_salsa20_random_close(void)
         ret = 0;
     }
 #endif
+    if (sodium_crit_leave() != 0) {
+        abort();
+    }
     return ret;
 }
@@ -379,6 +431,9 @@ randombytes_salsa20_random_buf(void * const buf, const size_t size)
     size_t i;
     int    ret;
+    if (sodium_crit_enter() != 0) {
+        abort();
+    }
     randombytes_salsa20_random_stir_if_needed();
     COMPILER_ASSERT(sizeof stream.nonce == crypto_stream_salsa20_NONCEBYTES);
 #ifdef ULONG_LONG_MAX
@@ -394,14 +449,20 @@ randombytes_salsa20_random_buf(void * const buf, const size_t size)
     stream.nonce++;
     crypto_stream_salsa20_xor(stream.key, stream.key, sizeof stream.key,
                               (unsigned char *) &stream.nonce, stream.key);
+    if (sodium_crit_leave() != 0) {
+        abort();
+    }
 }
 static uint32_t
-randombytes_salsa20_random_getword(void)
+randombytes_salsa20_random(void)
 {
     uint32_t val;
     int      ret;
+    if (sodium_crit_enter() != 0) {
+        abort();
+    }
     COMPILER_ASSERT(sizeof stream.rnd32 >= (sizeof stream.key) + (sizeof val));
     COMPILER_ASSERT(((sizeof stream.rnd32) - (sizeof stream.key))
                     % sizeof val == (size_t) 0U);
@@ -420,16 +481,12 @@ randombytes_salsa20_random_getword(void)
     stream.rnd32_outleft -= sizeof val;
     memcpy(&val, &stream.rnd32[stream.rnd32_outleft], sizeof val);
     memset(&stream.rnd32[stream.rnd32_outleft], 0, sizeof val);
+    if (sodium_crit_leave() != 0) {
+        abort();
+    }
     return val;
 }
-static uint32_t
-randombytes_salsa20_random(void)
-{
-    return randombytes_salsa20_random_getword();
-}
 static const char *
 randombytes_salsa20_implementation_name(void)
 {

data/vendor/libsodium/src/libsodium/randombytes/sysrandom/randombytes_sysrandom.c CHANGED

@@ -7,6 +7,7 @@
 #endif
 #ifdef __linux__
 # include <sys/syscall.h>
+# include <poll.h>
 #endif
 #include <assert.h>
@@ -24,6 +25,12 @@
 #include "utils.h"
 #ifdef _WIN32
+/* `RtlGenRandom` is used over `CryptGenRandom` on Microsoft Windows based systems:
+ *  - `CryptGenRandom` requires pulling in `CryptoAPI` which causes unnecessary
+ *     memory overhead if this API is not being used for other purposes
+ *  - `RtlGenRandom` is thus called directly instead. A detailed explanation
+ *     can be found here: https://blogs.msdn.microsoft.com/michael_howard/2005/01/14/cryptographically-secure-random-number-on-windows-without-using-cryptoapi/
+ */
 # include <windows.h>
 # define RtlGenRandom SystemFunction036
 # if defined(__cplusplus)
@@ -107,6 +114,33 @@ safe_read(const int fd, void * const buf_, size_t size)
 #endif
 #ifndef _WIN32
+# if defined(__linux__) && !defined(USE_BLOCKING_RANDOM)
+static int
+randombytes_block_on_dev_random(void)
+{
+    struct pollfd pfd;
+    int           fd;
+    int           pret;
+    fd = open("/dev/random", O_RDONLY);
+    if (fd == -1) {
+        return 0;
+    }
+    pfd.fd = fd;
+    pfd.events = POLLIN;
+    pfd.revents = 0;
+    do {
+        pret = poll(&pfd, 1, -1);
+    } while (pret < 0 && (errno == EINTR || errno == EAGAIN));
+    if (pret != 1) {
+        (void) close(fd);
+        errno = EIO;
+        return -1;
+    }
+    return close(fd);
+}
+# endif
 static int
 randombytes_sysrandom_random_dev_open(void)
 {
@@ -121,6 +155,11 @@ randombytes_sysrandom_random_dev_open(void)
     const char **      device = devices;
     int                fd;
+# if defined(__linux__) && !defined(USE_BLOCKING_RANDOM)
+    if (randombytes_block_on_dev_random() != 0) {
+        return -1;
+    }
+# endif
     do {
         fd = open(*device, O_RDONLY);
         if (fd != -1) {
@@ -150,7 +189,7 @@ randombytes_sysrandom_random_dev_open(void)
 /* LCOV_EXCL_STOP */
 }
-# ifdef SYS_getrandom
+# if defined(SYS_getrandom) && defined(__NR_getrandom)
 static int
 _randombytes_linux_getrandom(void * const buf, const size_t size)
 {
@@ -191,7 +230,7 @@ randombytes_sysrandom_init(void)
 {
     const int     errno_save = errno;
-# ifdef SYS_getrandom
+# if defined(SYS_getrandom) && defined(__NR_getrandom)
     {
         unsigned char fodder[16];
@@ -248,7 +287,7 @@ randombytes_sysrandom_close(void)
         stream.initialized = 0;
         ret = 0;
     }
-# ifdef SYS_getrandom
+# if defined(SYS_getrandom) && defined(__NR_getrandom)
     if (stream.getrandom_available != 0) {
         ret = 0;
     }
@@ -271,7 +310,7 @@ randombytes_sysrandom_buf(void * const buf, const size_t size)
     assert(size <= ULONG_LONG_MAX);
 #endif
 #ifndef _WIN32
-# ifdef SYS_getrandom
+# if defined(SYS_getrandom) && defined(__NR_getrandom)
     if (stream.getrandom_available != 0) {
         if (randombytes_linux_getrandom(buf, size) != 0) {
             abort();

data/vendor/libsodium/src/libsodium/sodium/core.c CHANGED

@@ -1,4 +1,12 @@
+#include <string.h>
+#include <time.h>
+#ifdef HAVE_PTHREAD
+# include <pthread.h>
+#elif defined(_WIN32)
+# include <windows.h>
+#endif
 #include "core.h"
 #include "crypto_generichash.h"
 #include "crypto_onetimeauth.h"
@@ -8,9 +16,10 @@
 #include "randombytes.h"
 #include "runtime.h"
 #include "utils.h"
+#include "private/mutex.h"
 #if !defined(_MSC_VER) && 0
-# warning This is unstable, untested, development code.
+# warning *** This is unstable, untested, development code.
 # warning It might not compile. It might not work as expected.
 # warning It might be totally insecure.
 # warning Do not use this in production.
@@ -18,12 +27,24 @@
 # warning Alternatively, use the "stable" branch in the git repository.
 #endif
-static int initialized;
+#if !defined(_MSC_VER) && (!defined(CONFIGURED) || CONFIGURED != 1)
+# warning *** The library is being compiled using an undocumented method.
+# warning This is not supported. It has not been tested, it might not
+# warning work as expected, and performance is likely to be suboptimal.
+#endif
+static volatile int initialized;
 int
 sodium_init(void)
 {
+    if (sodium_crit_enter() != 0) {
+        return -1;
+    }
     if (initialized != 0) {
+        if (sodium_crit_leave() != 0) {
+            return -1;
+        }
         return 1;
     }
     _sodium_runtime_get_cpu_features();
@@ -35,6 +56,114 @@ sodium_init(void)
     _crypto_scalarmult_curve25519_pick_best_implementation();
     _crypto_stream_chacha20_pick_best_implementation();
     initialized = 1;
+    if (sodium_crit_leave() != 0) {
+        return -1;
+    }
+    return 0;
+}
+#if defined(HAVE_PTHREAD) && !defined(__EMSCRIPTEN__)
+static pthread_mutex_t _sodium_lock = PTHREAD_MUTEX_INITIALIZER;
+int
+sodium_crit_enter(void)
+{
+    return pthread_mutex_lock(&_sodium_lock);
+}
+int
+sodium_crit_leave(void)
+{
+    return pthread_mutex_unlock(&_sodium_lock);
+}
+#elif defined(_WIN32)
+static CRITICAL_SECTION _sodium_lock;
+static volatile LONG    _sodium_lock_initialized;
+int
+_sodium_crit_init(void)
+{
+    LONG status = 0L;
+    while ((status = InterlockedCompareExchange(&_sodium_lock_initialized,
+                                                1L, 0L)) == 1L) {
+        Sleep(0);
+    }
+    switch (status) {
+    case 0L:
+        InitializeCriticalSection(&_sodium_lock);
+        return InterlockedExchange(&_sodium_lock_initialized, 2L) == 1L ? 0 : -1;
+    case 2L:
+        return 0;
+    default: /* should never be reached */
+        return -1;
+    }
+}
+int
+sodium_crit_enter(void)
+{
+    if (_sodium_crit_init() != 0) {
+        return -1;
+    }
+    EnterCriticalSection(&_sodium_lock);
     return 0;
 }
+int
+sodium_crit_leave(void)
+{
+    LeaveCriticalSection(&_sodium_lock);
+    return 0;
+}
+#elif defined(__GNUC__) && !defined(__EMSCRIPTEN__) && !defined(__native_client__)
+static volatile int _sodium_lock;
+int
+sodium_crit_enter(void)
+{
+# ifdef HAVE_NANOSLEEP
+    struct timespec q;
+    memset(&q, 0, sizeof q);
+# endif
+    while (__sync_lock_test_and_set(&_sodium_lock, 1) != 0) {
+# ifdef HAVE_NANOSLEEP
+        (void) nanosleep(&q, NULL);
+# elif defined(__x86_64__) || defined(__i386__)
+        __asm__ __volatile__ ("pause");
+# endif
+    }
+    return 0;
+}
+int
+sodium_crit_leave(void)
+{
+    __sync_lock_release(&_sodium_lock);
+    return 0;
+}
+#else
+int
+sodium_crit_enter(void)
+{
+    return 0;
+}
+int
+sodium_crit_leave(void)
+{
+    return 0;
+}
+#endif