rbnacl-libsodium 1.0.13 → 1.0.15

data/vendor/libsodium/src/libsodium/sodium/core.c

@@ -1,4 +1,5 @@
 
+#include <stdlib.h>
 #include <string.h>
 #include <time.h>
 #ifdef _WIN32
@@ -40,11 +41,11 @@ int
 sodium_init(void)
 {
     if (sodium_crit_enter() != 0) {
-        return -1;
+        return -1; /* LCOV_EXCL_LINE */
     }
     if (initialized != 0) {
         if (sodium_crit_leave() != 0) {
-            return -1;
+            return -1; /* LCOV_EXCL_LINE */
         }
         return 1;
     }
@@ -59,7 +60,7 @@ sodium_init(void)
     _crypto_stream_salsa20_pick_best_implementation();
     initialized = 1;
     if (sodium_crit_leave() != 0) {
-        return -1;
+        return -1; /* LCOV_EXCL_LINE */
     }
     return 0;
 }
@@ -94,7 +95,7 @@ int
 sodium_crit_enter(void)
 {
     if (_sodium_crit_init() != 0) {
-        return -1;
+        return -1; /* LCOV_EXCL_LINE */
     }
     EnterCriticalSection(&_sodium_lock);
 
@@ -169,3 +170,34 @@ sodium_crit_leave(void)
 }
 
 #endif
+
+static void (*_misuse_handler)(void);
+
+void
+sodium_misuse(void)
+{
+    void (*handler)(void);
+
+    if (sodium_crit_enter() == 0) {
+        handler = _misuse_handler;
+        if (sodium_crit_leave() == 0 && handler != NULL) {
+            handler();
+        }
+    }
+/* LCOV_EXCL_START */
+    abort();
+}
+/* LCOV_EXCL_STOP */
+
+int
+sodium_set_misuse_handler(void (*handler)(void))
+{
+    if (sodium_crit_enter() != 0) {
+        return -1; /* LCOV_EXCL_LINE */
+    }
+    _misuse_handler = handler;
+    if (sodium_crit_leave() != 0) {
+        return -1; /* LCOV_EXCL_LINE */
+    }
+    return 0;
+}

data/vendor/libsodium/src/libsodium/sodium/runtime.c

@@ -16,6 +16,7 @@ typedef struct CPUFeatures_ {
     int has_sse41;
     int has_avx;
     int has_avx2;
+    int has_avx512f;
     int has_pclmul;
     int has_aesni;
 } CPUFeatures;
@@ -23,6 +24,7 @@ typedef struct CPUFeatures_ {
 static CPUFeatures _cpu_features;
 
 #define CPUID_EBX_AVX2    0x00000020
+#define CPUID_EBX_AVX512F 0x00010000
 
 #define CPUID_ECX_SSE3    0x00000001
 #define CPUID_ECX_PCLMUL  0x00000002
@@ -176,6 +178,16 @@ _sodium_runtime_intel_cpu_features(CPUFeatures * const cpu_features)
     }
 #endif
 
+    cpu_features->has_avx512f = 0;
+#ifdef HAVE_AVX512FINTRIN_H
+    if (cpu_features->has_avx2) {
+        unsigned int cpu_info7[4];
+
+        _cpuid(cpu_info7, 0x00000007);
+        cpu_features->has_avx512f = ((cpu_info7[1] & CPUID_EBX_AVX512F) != 0x0);
+    }
+#endif
+
 #ifdef HAVE_WMMINTRIN_H
     cpu_features->has_pclmul = ((cpu_info[2] & CPUID_ECX_PCLMUL) != 0x0);
     cpu_features->has_aesni  = ((cpu_info[2] & CPUID_ECX_AESNI) != 0x0);
@@ -241,6 +253,12 @@ sodium_runtime_has_avx2(void)
     return _cpu_features.has_avx2;
 }
 
+int
+sodium_runtime_has_avx512f(void)
+{
+    return _cpu_features.has_avx512f;
+}
+
 int
 sodium_runtime_has_pclmul(void)
 {

data/vendor/libsodium/src/libsodium/sodium/utils.c

@@ -21,6 +21,7 @@
 # include <unistd.h>
 #endif
 
+#include "core.h"
 #include "randombytes.h"
 #include "utils.h"
 
@@ -62,19 +63,17 @@
 static size_t        page_size;
 static unsigned char canary[CANARY_SIZE];
 
+/* LCOV_EXCL_START */
 #ifdef HAVE_WEAK_SYMBOLS
 __attribute__((weak)) void
-_sodium_memzero_as_a_weak_symbol_to_prevent_lto(void *const  pnt,
-                                                const size_t len)
+_sodium_dummy_symbol_to_prevent_memzero_lto(void *const  pnt,
+                                            const size_t len)
 {
-    unsigned char *pnt_ = (unsigned char *) pnt;
-    size_t         i    = (size_t) 0U;
-
-    while (i < len) {
-        pnt_[i++] = 0U;
-    }
+    (void) pnt; /* LCOV_EXCL_LINE */
+    (void) len; /* LCOV_EXCL_LINE */
 }
 #endif
+/* LCOV_EXCL_STOP */
 
 void
 sodium_memzero(void *const pnt, const size_t len)
@@ -83,12 +82,13 @@ sodium_memzero(void *const pnt, const size_t len)
     SecureZeroMemory(pnt, len);
 #elif defined(HAVE_MEMSET_S)
     if (len > 0U && memset_s(pnt, (rsize_t) len, 0, (rsize_t) len) != 0) {
-        abort(); /* LCOV_EXCL_LINE */
+        sodium_misuse(); /* LCOV_EXCL_LINE */
     }
 #elif defined(HAVE_EXPLICIT_BZERO)
     explicit_bzero(pnt, len);
 #elif HAVE_WEAK_SYMBOLS
-    _sodium_memzero_as_a_weak_symbol_to_prevent_lto(pnt, len);
+    memset(pnt, 0, len);
+    _sodium_dummy_symbol_to_prevent_memzero_lto(pnt, len);
 #else
     volatile unsigned char *volatile pnt_ =
         (volatile unsigned char *volatile) pnt;
@@ -163,7 +163,7 @@ sodium_compare(const unsigned char *b1_, const unsigned char *b2_, size_t len)
     size_t                 i;
     volatile unsigned char gt = 0U;
     volatile unsigned char eq = 1U;
-    volatile uint16_t      x1, x2;
+    uint16_t               x1, x2;
 
 #if HAVE_WEAK_SYMBOLS
     _sodium_dummy_symbol_to_prevent_compare_lto(b1, b2, len);
@@ -182,8 +182,8 @@ sodium_compare(const unsigned char *b1_, const unsigned char *b2_, size_t len)
 int
 sodium_is_zero(const unsigned char *n, const size_t nlen)
 {
-    size_t        i;
-    unsigned char d = 0U;
+    size_t                 i;
+    volatile unsigned char d = 0U;
 
     for (i = 0U; i < nlen; i++) {
         d |= n[i];
@@ -287,89 +287,6 @@ sodium_add(unsigned char *a, const unsigned char *b, const size_t len)
     }
 }
 
-/* Derived from original code by CodesInChaos */
-char *
-sodium_bin2hex(char *const hex, const size_t hex_maxlen,
-               const unsigned char *const bin, const size_t bin_len)
-{
-    size_t       i = (size_t) 0U;
-    unsigned int x;
-    int          b;
-    int          c;
-
-    if (bin_len >= SIZE_MAX / 2 || hex_maxlen <= bin_len * 2U) {
-        abort(); /* LCOV_EXCL_LINE */
-    }
-    while (i < bin_len) {
-        c = bin[i] & 0xf;
-        b = bin[i] >> 4;
-        x = (unsigned char) (87U + c + (((c - 10U) >> 8) & ~38U)) << 8 |
-            (unsigned char) (87U + b + (((b - 10U) >> 8) & ~38U));
-        hex[i * 2U] = (char) x;
-        x >>= 8;
-        hex[i * 2U + 1U] = (char) x;
-        i++;
-    }
-    hex[i * 2U] = 0U;
-
-    return hex;
-}
-
-int
-sodium_hex2bin(unsigned char *const bin, const size_t bin_maxlen,
-               const char *const hex, const size_t hex_len,
-               const char *const ignore, size_t *const bin_len,
-               const char **const hex_end)
-{
-    size_t        bin_pos = (size_t) 0U;
-    size_t        hex_pos = (size_t) 0U;
-    int           ret     = 0;
-    unsigned char c;
-    unsigned char c_acc = 0U;
-    unsigned char c_alpha0, c_alpha;
-    unsigned char c_num0, c_num;
-    unsigned char c_val;
-    unsigned char state = 0U;
-
-    while (hex_pos < hex_len) {
-        c        = (unsigned char) hex[hex_pos];
-        c_num    = c ^ 48U;
-        c_num0   = (c_num - 10U) >> 8;
-        c_alpha  = (c & ~32U) - 55U;
-        c_alpha0 = ((c_alpha - 10U) ^ (c_alpha - 16U)) >> 8;
-        if ((c_num0 | c_alpha0) == 0U) {
-            if (ignore != NULL && state == 0U && strchr(ignore, c) != NULL) {
-                hex_pos++;
-                continue;
-            }
-            break;
-        }
-        c_val = (c_num0 & c_num) | (c_alpha0 & c_alpha);
-        if (bin_pos >= bin_maxlen) {
-            ret   = -1;
-            errno = ERANGE;
-            break;
-        }
-        if (state == 0U) {
-            c_acc = c_val * 16U;
-        } else {
-            bin[bin_pos++] = c_acc | c_val;
-        }
-        state = ~state;
-        hex_pos++;
-    }
-    if (state != 0U) {
-        hex_pos--;
-    }
-    if (hex_end != NULL) {
-        *hex_end = &hex[hex_pos];
-    }
-    if (bin_len != NULL) {
-        *bin_len = bin_pos;
-    }
-    return ret;
-}
-
 int
 _sodium_alloc_init(void)
 {
@@ -385,7 +302,7 @@ _sodium_alloc_init(void)
     page_size = (size_t) si.dwPageSize;
 # endif
     if (page_size < CANARY_SIZE || page_size < sizeof(size_t)) {
-        abort(); /* LCOV_EXCL_LINE */
+        sodium_misuse(); /* LCOV_EXCL_LINE */
     }
 #endif
     randombytes_buf(canary, sizeof canary);
@@ -478,7 +395,7 @@ _out_of_bounds(void)
 # elif defined(SIGKILL)
     raise(SIGKILL);
 # endif
-    abort();
+    abort(); /* not something we want any higher-level API to catch */
 } /* LCOV_EXCL_LINE */
 
 static inline size_t
@@ -537,7 +454,7 @@ _unprotected_ptr_from_user_ptr(void *const ptr)
     page_mask = page_size - 1U;
     unprotected_ptr_u = ((uintptr_t) canary_ptr & (uintptr_t) ~page_mask);
     if (unprotected_ptr_u <= page_size * 2U) {
-        abort(); /* LCOV_EXCL_LINE */
+        sodium_misuse(); /* LCOV_EXCL_LINE */
     }
     return (unsigned char *) unprotected_ptr_u;
 }
@@ -567,7 +484,7 @@ _sodium_malloc(const size_t size)
         return NULL;
     }
     if (page_size <= sizeof canary || page_size < sizeof unprotected_size) {
-        abort(); /* LCOV_EXCL_LINE */
+        sodium_misuse(); /* LCOV_EXCL_LINE */
     }
     size_with_canary = (sizeof canary) + size;
     unprotected_size = _page_round(size_with_canary);
@@ -702,3 +619,73 @@ sodium_mprotect_readwrite(void *ptr)
 {
     return _sodium_mprotect(ptr, _mprotect_readwrite);
 }
+
+int
+sodium_pad(size_t *padded_buflen_p, unsigned char *buf,
+           size_t unpadded_buflen, size_t blocksize, size_t max_buflen)
+{
+    unsigned char          *tail;
+    size_t                  i;
+    size_t                  xpadlen;
+    size_t                  xpadded_len;
+    volatile unsigned char  mask;
+    unsigned char           barrier_mask;
+
+    if (blocksize <= 0U) {
+        return -1;
+    }
+    xpadlen = blocksize - 1U;
+    if ((blocksize & (blocksize - 1U)) == 0U) {
+        xpadlen -= unpadded_buflen & (blocksize - 1U);
+    } else {
+        xpadlen -= unpadded_buflen % blocksize;
+    }
+    if ((size_t) SIZE_MAX - unpadded_buflen <= xpadlen) {
+        sodium_misuse();
+    }
+    xpadded_len = unpadded_buflen + xpadlen;
+    if (xpadded_len >= max_buflen) {
+        return -1;
+    }
+    tail = &buf[xpadded_len];
+    if (padded_buflen_p != NULL) {
+        *padded_buflen_p = xpadded_len + 1U;
+    }
+    mask = 0U;
+    for (i = 0; i < blocksize; i++) {
+        barrier_mask = (unsigned char) (((i ^ xpadlen) - 1U) >> 8);
+        tail[-i] = (tail[-i] & mask) | (0x80 & barrier_mask);
+        mask |= barrier_mask;
+    }
+    return 0;
+}
+
+int
+sodium_unpad(size_t *unpadded_buflen_p, const unsigned char *buf,
+             size_t padded_buflen, size_t blocksize)
+{
+    const unsigned char *tail;
+    unsigned char        acc = 0U;
+    unsigned char        c;
+    unsigned char        valid = 0U;
+    volatile size_t      pad_len = 0U;
+    size_t               i;
+    size_t               is_barrier;
+
+    if (padded_buflen < blocksize || blocksize <= 0U) {
+        return -1;
+    }
+    tail = &buf[padded_buflen - 1U];
+
+    for (i = 0U; i < blocksize; i++) {
+        c = tail[-i];
+        is_barrier =
+            (( (acc - 1U) & (pad_len - 1U) & ((c ^ 0x80) - 1U) ) >> 8) & 1U;
+        acc |= c;
+        pad_len |= i & (1U + ~is_barrier);
+        valid |= (unsigned char) is_barrier;
+    }
+    *unpadded_buflen_p = padded_buflen - 1U - pad_len;
+
+    return (int) (valid - 1U);
+}

data/vendor/libsodium/test/constcheck.sh

@@ -0,0 +1,19 @@
+#! /bin/sh
+
+CT='ct.c'
+
+echo '#include <assert.h>' > "$CT"
+echo '#include <sodium.h>' >> "$CT"
+echo 'int main(void) {' >> "$CT"
+for macro in $(egrep -r '#define crypto_.*BYTES(_[A-Z]+)? ' src/libsodium/include | \
+               cut -d: -f2- | cut -d' ' -f2 | \
+               fgrep -v edwards25519sha512batch | sort -u); do
+  func=$(echo "$macro" | tr A-Z a-z)
+  echo "    assert($func() == $macro);" >> "$CT"
+done
+echo "return 0; }" >> "$CT"
+
+${CC:-cc} "$CT" $CPPFLAGS $CFLAGS $LDFLAGS -lsodium || exit 1
+./a.out || exit 1
+rm -f a.out "$CT"
+

data/vendor/libsodium/test/default/Makefile.am

@@ -21,6 +21,7 @@ EXTRA_DIST = \
 	box_seal.exp \
 	box_seed.exp \
 	chacha20.exp \
+	codecs.exp \
 	core1.exp \
 	core2.exp \
 	core3.exp \
@@ -37,10 +38,12 @@ EXTRA_DIST = \
 	kdf.exp \
 	keygen.exp \
 	kx.exp \
+	metamorphic.exp \
+	misuse.exp \
 	onetimeauth.exp \
 	onetimeauth2.exp \
 	onetimeauth7.exp \
-	pwhash.exp \
+	pwhash_argon2i.exp \
 	pwhash_argon2id.exp \
 	pwhash_scrypt.exp \
 	pwhash_scrypt_ll.exp \
@@ -56,6 +59,7 @@ EXTRA_DIST = \
 	secretbox8.exp \
 	secretbox_easy.exp \
 	secretbox_easy2.exp \
+	secretstream.exp \
 	shorthash.exp \
 	sign.exp \
 	siphashx24.exp \
@@ -90,6 +94,7 @@ DISTCLEANFILES = \
 	box_seal.res \
 	box_seed.res \
 	chacha20.res \
+	codecs.res \
 	core1.res \
 	core2.res \
 	core3.res \
@@ -106,10 +111,12 @@ DISTCLEANFILES = \
 	kdf.res \
 	keygen.res \
 	kx.res \
+	metamorphic.res \
+	misuse.res \
 	onetimeauth.res \
 	onetimeauth2.res \
 	onetimeauth7.res \
-	pwhash.res \
+	pwhash_argon2i.res \
 	pwhash_argon2id.res \
 	pwhash_scrypt.res \
 	pwhash_scrypt_ll.res \
@@ -125,6 +132,7 @@ DISTCLEANFILES = \
 	secretbox8.res \
 	secretbox_easy.res \
 	secretbox_easy2.res \
+	secretstream.res \
 	shorthash.res \
 	sign.res \
 	siphashx24.res \
@@ -160,6 +168,7 @@ CLEANFILES = \
 	box_seal.final \
 	box_seed.final \
 	chacha20.final \
+	codecs.final \
 	core1.final \
 	core2.final \
 	core3.final \
@@ -176,10 +185,12 @@ CLEANFILES = \
 	kdf.final \
 	keygen.final \
 	kx.final \
+	metamorphic.final \
+	misuse.final \
 	onetimeauth.final \
 	onetimeauth2.final \
 	onetimeauth7.final \
-	pwhash.final \
+	pwhash_argon2i.final \
 	pwhash_argon2id.final \
 	pwhash_scrypt.final \
 	pwhash_scrypt_ll.final \
@@ -195,6 +206,7 @@ CLEANFILES = \
 	secretbox8.final \
 	secretbox_easy.final \
 	secretbox_easy2.final \
+	secretstream.final \
 	shorthash.final \
 	sign.final \
 	siphashx24.final \
@@ -225,6 +237,7 @@ CLEANFILES = \
 	box_seal.nexe \
 	box_seed.nexe \
 	chacha20.nexe \
+	codecs.nexe \
 	core1.nexe \
 	core2.nexe \
 	core3.nexe \
@@ -241,10 +254,12 @@ CLEANFILES = \
 	kdf.nexe \
 	keygen.nexe \
 	kx.nexe \
+	metamorphic.nexe \
+	misuse.nexe \
 	onetimeauth.nexe \
 	onetimeauth2.nexe \
 	onetimeauth7.nexe \
-	pwhash.nexe \
+	pwhash_argon2i.nexe \
 	pwhash_argon2id.nexe \
 	pwhash_scrypt.nexe \
 	pwhash_scrypt_ll.nexe \
@@ -260,6 +275,7 @@ CLEANFILES = \
 	secretbox8.nexe \
 	secretbox_easy.nexe \
 	secretbox_easy2.nexe \
+	secretstream.nexe \
 	shorthash.nexe \
 	sign.nexe \
 	siphashx24.nexe \
@@ -303,6 +319,7 @@ TESTS_TARGETS = \
 	box_seal \
 	box_seed \
 	chacha20 \
+	codecs \
 	core1 \
 	core2 \
 	core3 \
@@ -318,10 +335,12 @@ TESTS_TARGETS = \
 	kdf \
 	keygen \
 	kx \
+	metamorphic \
+	misuse \
 	onetimeauth \
 	onetimeauth2 \
 	onetimeauth7 \
-	pwhash \
+	pwhash_argon2i \
 	pwhash_argon2id \
 	randombytes \
 	scalarmult \
@@ -335,6 +354,7 @@ TESTS_TARGETS = \
 	secretbox8 \
 	secretbox_easy \
 	secretbox_easy2 \
+	secretstream \
 	shorthash \
 	sign \
 	sodium_core \
@@ -415,6 +435,9 @@ box_seed_LDADD            = $(TESTS_LDADD)
 chacha20_SOURCE           = cmptest.h chacha20.c
 chacha20_LDADD            = $(TESTS_LDADD)
 
+codecs_SOURCE             = cmptest.h codecs.c
+codecs_LDADD              = $(TESTS_LDADD)
+
 core1_SOURCE              = cmptest.h core1.c
 core1_LDADD               = $(TESTS_LDADD)
 
@@ -460,6 +483,12 @@ keygen_LDADD              = $(TESTS_LDADD)
 kx_SOURCE                 = cmptest.h kx.c
 kx_LDADD                  = $(TESTS_LDADD)
 
+metamorphic_SOURCE        = cmptest.h metamorphic.c
+metamorphic_LDADD         = $(TESTS_LDADD)
+
+misuse_SOURCE             = cmptest.h misuse.c
+misuse_LDADD              = $(TESTS_LDADD)
+
 onetimeauth_SOURCE        = cmptest.h onetimeauth.c
 onetimeauth_LDADD         = $(TESTS_LDADD)
 
@@ -469,8 +498,8 @@ onetimeauth2_LDADD        = $(TESTS_LDADD)
 onetimeauth7_SOURCE       = cmptest.h onetimeauth7.c
 onetimeauth7_LDADD        = $(TESTS_LDADD)
 
-pwhash_SOURCE             = cmptest.h pwhash.c
-pwhash_LDADD              = $(TESTS_LDADD)
+pwhash_argon2i_SOURCE     = cmptest.h pwhash_argon2i.c
+pwhash_argon2i_LDADD      = $(TESTS_LDADD)
 
 pwhash_argon2id_SOURCE    = cmptest.h pwhash_argon2id.c
 pwhash_argon2id_LDADD     = $(TESTS_LDADD)
@@ -517,6 +546,9 @@ secretbox_easy_LDADD      = $(TESTS_LDADD)
 secretbox_easy2_SOURCE    = cmptest.h secretbox_easy2.c
 secretbox_easy2_LDADD     = $(TESTS_LDADD)
 
+secretstream_SOURCE       = cmptest.h secretstream.c
+secretstream_LDADD        = $(TESTS_LDADD)
+
 shorthash_SOURCE          = cmptest.h shorthash.c
 shorthash_LDADD           = $(TESTS_LDADD)