RubyGems - rbnacl-libsodium - Versions diffs - 1.0.3 → 1.0.4 - Mend

rbnacl-libsodium 1.0.3 → 1.0.4

Files changed (131) hide show

data/vendor/libsodium/src/libsodium/crypto_aead/chacha20poly1305/sodium/aead_chacha20poly1305.c CHANGED

@@ -8,6 +8,8 @@
 #include "crypto_verify_16.h"
 #include "utils.h"
+static unsigned char _pad0[16];
 static inline void
 _u64_le_from_ull(unsigned char out[8U], unsigned long long x)
 {
@@ -23,7 +25,7 @@ _u64_le_from_ull(unsigned char out[8U], unsigned long long x)
 int
 crypto_aead_chacha20poly1305_encrypt(unsigned char *c,
-                                     unsigned long long *clen,
+                                     unsigned long long *clen_p,
                                      const unsigned char *m,
                                      unsigned long long mlen,
                                      const unsigned char *ad,
@@ -40,8 +42,8 @@ crypto_aead_chacha20poly1305_encrypt(unsigned char *c,
 /* LCOV_EXCL_START */
 #ifdef ULONG_LONG_MAX
     if (mlen > ULONG_LONG_MAX - crypto_aead_chacha20poly1305_ABYTES) {
-        if (clen != NULL) {
-            *clen = 0ULL;
+        if (clen_p != NULL) {
+            *clen_p = 0ULL;
         }
         return -1;
     }
@@ -65,15 +67,69 @@ crypto_aead_chacha20poly1305_encrypt(unsigned char *c,
     crypto_onetimeauth_poly1305_final(&state, c + mlen);
     sodium_memzero(&state, sizeof state);
-    if (clen != NULL) {
-        *clen = mlen + crypto_aead_chacha20poly1305_ABYTES;
+    if (clen_p != NULL) {
+        *clen_p = mlen + crypto_aead_chacha20poly1305_ABYTES;
+    }
+    return 0;
+}
+int
+crypto_aead_chacha20poly1305_ietf_encrypt(unsigned char *c,
+                                          unsigned long long *clen_p,
+                                          const unsigned char *m,
+                                          unsigned long long mlen,
+                                          const unsigned char *ad,
+                                          unsigned long long adlen,
+                                          const unsigned char *nsec,
+                                          const unsigned char *npub,
+                                          const unsigned char *k)
+{
+    crypto_onetimeauth_poly1305_state state;
+    unsigned char                     block0[64U];
+    unsigned char                     slen[8U];
+    (void) nsec;
+/* LCOV_EXCL_START */
+#ifdef ULONG_LONG_MAX
+    if (mlen > ULONG_LONG_MAX - crypto_aead_chacha20poly1305_ABYTES) {
+        if (clen_p != NULL) {
+            *clen_p = 0ULL;
+        }
+        return -1;
+    }
+#endif
+/* LCOV_EXCL_STOP */
+    crypto_stream_chacha20_ietf(block0, sizeof block0, npub, k);
+    crypto_onetimeauth_poly1305_init(&state, block0);
+    sodium_memzero(block0, sizeof block0);
+    crypto_onetimeauth_poly1305_update(&state, ad, adlen);
+    crypto_onetimeauth_poly1305_update(&state, _pad0, (0x10 - adlen) & 0xf);
+    crypto_stream_chacha20_ietf_xor_ic(c, m, mlen, npub, 1U, k);
+    crypto_onetimeauth_poly1305_update(&state, c, mlen);
+    crypto_onetimeauth_poly1305_update(&state, _pad0, (0x10 - mlen) & 0xf);
+    _u64_le_from_ull(slen, adlen);
+    crypto_onetimeauth_poly1305_update(&state, slen, sizeof slen);
+    _u64_le_from_ull(slen, mlen);
+    crypto_onetimeauth_poly1305_update(&state, slen, sizeof slen);
+    crypto_onetimeauth_poly1305_final(&state, c + mlen);
+    sodium_memzero(&state, sizeof state);
+    if (clen_p != NULL) {
+        *clen_p = mlen + crypto_aead_chacha20poly1305_ABYTES;
     }
     return 0;
 }
 int
 crypto_aead_chacha20poly1305_decrypt(unsigned char *m,
-                                     unsigned long long *mlen,
+                                     unsigned long long *mlen_p,
                                      unsigned char *nsec,
                                      const unsigned char *c,
                                      unsigned long long clen,
@@ -86,11 +142,12 @@ crypto_aead_chacha20poly1305_decrypt(unsigned char *m,
     unsigned char                     block0[64U];
     unsigned char                     slen[8U];
     unsigned char                     mac[crypto_aead_chacha20poly1305_ABYTES];
+    unsigned long long                mlen;
     int                               ret;
     (void) nsec;
-    if (mlen != NULL) {
-        *mlen = 0ULL;
+    if (mlen_p != NULL) {
+        *mlen_p = 0ULL;
     }
     if (clen < crypto_aead_chacha20poly1305_ABYTES) {
         return -1;
@@ -103,26 +160,84 @@ crypto_aead_chacha20poly1305_decrypt(unsigned char *m,
     _u64_le_from_ull(slen, adlen);
     crypto_onetimeauth_poly1305_update(&state, slen, sizeof slen);
-    crypto_onetimeauth_poly1305_update
-        (&state, c, clen - crypto_aead_chacha20poly1305_ABYTES);
-    _u64_le_from_ull(slen, clen - crypto_aead_chacha20poly1305_ABYTES);
+    mlen = clen - crypto_aead_chacha20poly1305_ABYTES;
+    crypto_onetimeauth_poly1305_update(&state, c, mlen);
+    _u64_le_from_ull(slen, mlen);
     crypto_onetimeauth_poly1305_update(&state, slen, sizeof slen);
     crypto_onetimeauth_poly1305_final(&state, mac);
     sodium_memzero(&state, sizeof state);
     (void) sizeof(int[sizeof mac == 16U ? 1 : -1]);
-    ret = crypto_verify_16(mac,
-                           c + clen - crypto_aead_chacha20poly1305_ABYTES);
+    ret = crypto_verify_16(mac, c + mlen);
     sodium_memzero(mac, sizeof mac);
     if (ret != 0) {
-        memset(m, 0, clen - crypto_aead_chacha20poly1305_ABYTES);
+        memset(m, 0, mlen);
         return -1;
     }
     crypto_stream_chacha20_xor_ic
-        (m, c,  clen - crypto_aead_chacha20poly1305_ABYTES, npub, 1U, k);
-    if (mlen != NULL) {
-        *mlen = clen - crypto_aead_chacha20poly1305_ABYTES;
+        (m, c, mlen, npub, 1U, k);
+    if (mlen_p != NULL) {
+        *mlen_p = mlen;
+    }
+    return 0;
+}
+int
+crypto_aead_chacha20poly1305_ietf_decrypt(unsigned char *m,
+                                          unsigned long long *mlen_p,
+                                          unsigned char *nsec,
+                                          const unsigned char *c,
+                                          unsigned long long clen,
+                                          const unsigned char *ad,
+                                          unsigned long long adlen,
+                                          const unsigned char *npub,
+                                          const unsigned char *k)
+{
+    crypto_onetimeauth_poly1305_state state;
+    unsigned char                     block0[64U];
+    unsigned char                     slen[8U];
+    unsigned char                     mac[crypto_aead_chacha20poly1305_ABYTES];
+    unsigned long long                mlen;
+    int                               ret;
+    (void) nsec;
+    if (mlen_p != NULL) {
+        *mlen_p = 0ULL;
+    }
+    if (clen < crypto_aead_chacha20poly1305_ABYTES) {
+        return -1;
+    }
+    crypto_stream_chacha20_ietf(block0, sizeof block0, npub, k);
+    crypto_onetimeauth_poly1305_init(&state, block0);
+    sodium_memzero(block0, sizeof block0);
+    crypto_onetimeauth_poly1305_update(&state, ad, adlen);
+    crypto_onetimeauth_poly1305_update(&state, _pad0, (0x10 - adlen) & 0xf);
+    mlen = clen - crypto_aead_chacha20poly1305_ABYTES;
+    crypto_onetimeauth_poly1305_update(&state, c, mlen);
+    crypto_onetimeauth_poly1305_update(&state, _pad0, (0x10 - mlen) & 0xf);
+    _u64_le_from_ull(slen, adlen);
+    crypto_onetimeauth_poly1305_update(&state, slen, sizeof slen);
+    _u64_le_from_ull(slen, mlen);
+    crypto_onetimeauth_poly1305_update(&state, slen, sizeof slen);
+    crypto_onetimeauth_poly1305_final(&state, mac);
+    sodium_memzero(&state, sizeof state);
+    (void) sizeof(int[sizeof mac == 16U ? 1 : -1]);
+    ret = crypto_verify_16(mac, c + mlen);
+    sodium_memzero(mac, sizeof mac);
+    if (ret != 0) {
+        memset(m, 0, mlen);
+        return -1;
+    }
+    crypto_stream_chacha20_ietf_xor_ic(m, c, mlen, npub, 1U, k);
+    if (mlen_p != NULL) {
+        *mlen_p = mlen;
     }
     return 0;
 }
@@ -137,6 +252,11 @@ crypto_aead_chacha20poly1305_npubbytes(void) {
     return crypto_aead_chacha20poly1305_NPUBBYTES;
 }
+size_t
+crypto_aead_chacha20poly1305_ietf_npubbytes(void) {
+    return crypto_aead_chacha20poly1305_IETF_NPUBBYTES;
+}
 size_t
 crypto_aead_chacha20poly1305_nsecbytes(void) {
     return crypto_aead_chacha20poly1305_NSECBYTES;

data/vendor/libsodium/src/libsodium/crypto_auth/hmacsha256/cp/hmac_hmacsha256.c CHANGED

@@ -66,6 +66,7 @@ crypto_auth_hmacsha256_init(crypto_auth_hmacsha256_state *state,
     }
     crypto_hash_sha256_update(&state->octx, pad, 64);
+    sodium_memzero((void *) pad, sizeof pad);
     sodium_memzero((void *) khash, sizeof khash);
     return 0;

data/vendor/libsodium/src/libsodium/crypto_auth/hmacsha512/cp/hmac_hmacsha512.c CHANGED

@@ -66,6 +66,7 @@ crypto_auth_hmacsha512_init(crypto_auth_hmacsha512_state *state,
     }
     crypto_hash_sha512_update(&state->octx, pad, 128);
+    sodium_memzero((void *) pad, sizeof pad);
     sodium_memzero((void *) khash, sizeof khash);
     return 0;

data/vendor/libsodium/src/libsodium/crypto_generichash/blake2/ref/blake2b-ref.c CHANGED

@@ -46,14 +46,14 @@ static const uint8_t blake2b_sigma[12][16] =
 /* LCOV_EXCL_START */
 static inline int blake2b_set_lastnode( blake2b_state *S )
 {
-  S->f[1] = ~0ULL;
+  S->f[1] = -1;
   return 0;
 }
 /* LCOV_EXCL_STOP */
 #if 0
 static inline int blake2b_clear_lastnode( blake2b_state *S )
 {
-  S->f[1] = 0ULL;
+  S->f[1] = 0;
   return 0;
 }
 #endif
@@ -62,7 +62,7 @@ static inline int blake2b_set_lastblock( blake2b_state *S )
 {
   if( S->last_node ) blake2b_set_lastnode( S );
-  S->f[0] = ~0ULL;
+  S->f[0] = -1;
   return 0;
 }
 #if 0
@@ -70,7 +70,7 @@ static inline int blake2b_clear_lastblock( blake2b_state *S )
 {
   if( S->last_node ) blake2b_clear_lastnode( S );
-  S->f[0] = 0ULL;
+  S->f[0] = 0;
   return 0;
 }
 #endif
@@ -418,11 +418,15 @@ int blake2b( uint8_t *out, const void *in, const void *key, const uint8_t outlen
   blake2b_state S[1];
   /* Verify parameters */
-  if ( NULL == in ) return -1;
+  if ( NULL == in && inlen > 0 ) return -1;
   if ( NULL == out ) return -1;
-  if( NULL == key ) keylen = 0;
+  if( NULL == key && keylen > 0 ) return -1;
+  if( !outlen || outlen > BLAKE2B_OUTBYTES ) return -1;
+  if( keylen > BLAKE2B_KEYBYTES ) return -1;
   if( keylen > 0 )
   {

data/vendor/libsodium/src/libsodium/crypto_generichash/crypto_generichash.c CHANGED

@@ -46,7 +46,7 @@ crypto_generichash_primitive(void)
 size_t
 crypto_generichash_statebytes(void)
 {
-    return sizeof(crypto_generichash_state);
+    return (sizeof(crypto_generichash_state) + (size_t) 63U) & ~(size_t) 63U;
 }
 int

data/vendor/libsodium/src/libsodium/crypto_hash/sha256/cp/hash_sha256.c CHANGED

@@ -40,6 +40,7 @@
 /* Avoid namespace collisions with BSD <sys/endian.h>. */
 #define be32dec _sha256_be32dec
 #define be32enc _sha256_be32enc
+#define be64enc _sha256_be64enc
 static inline uint32_t
 be32dec(const void *pp)
@@ -53,7 +54,7 @@ be32dec(const void *pp)
 static inline void
 be32enc(void *pp, uint32_t x)
 {
-    uint8_t * p = (uint8_t *)pp;
+    uint8_t *p = (uint8_t *)pp;
     p[3] = x & 0xff;
     p[2] = (x >> 8) & 0xff;
@@ -61,6 +62,21 @@ be32enc(void *pp, uint32_t x)
     p[0] = (x >> 24) & 0xff;
 }
+static inline void
+be64enc(void * pp, uint64_t x)
+{
+    uint8_t * p = (uint8_t *)pp;
+    p[7] = x & 0xff;
+    p[6] = (x >> 8) & 0xff;
+    p[5] = (x >> 16) & 0xff;
+    p[4] = (x >> 24) & 0xff;
+    p[3] = (x >> 32) & 0xff;
+    p[2] = (x >> 40) & 0xff;
+    p[1] = (x >> 48) & 0xff;
+    p[0] = (x >> 56) & 0xff;
+}
 static void
 be32enc_vect(unsigned char *dst, const uint32_t *src, size_t len)
 {
@@ -206,9 +222,9 @@ SHA256_Pad(crypto_hash_sha256_state *state)
     unsigned char len[8];
     uint32_t r, plen;
-    be32enc_vect(len, state->count, 8);
+    be64enc(len, state->count);
-    r = (state->count[1] >> 3) & 0x3f;
+    r = (state->count >> 3) & 0x3f;
     plen = (r < 56) ? (56 - r) : (120 - r);
     crypto_hash_sha256_update(state, PAD, (unsigned long long) plen);
@@ -218,16 +234,13 @@ SHA256_Pad(crypto_hash_sha256_state *state)
 int
 crypto_hash_sha256_init(crypto_hash_sha256_state *state)
 {
-    state->count[0] = state->count[1] = 0;
+    static const uint32_t sha256_initstate[8] = {
+        0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a,
+        0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19
+    };
-    state->state[0] = 0x6A09E667;
-    state->state[1] = 0xBB67AE85;
-    state->state[2] = 0x3C6EF372;
-    state->state[3] = 0xA54FF53A;
-    state->state[4] = 0x510E527F;
-    state->state[5] = 0x9B05688C;
-    state->state[6] = 0x1F83D9AB;
-    state->state[7] = 0x5BE0CD19;
+    state->count = (uint64_t) 0U;
+    memcpy(state->state, sha256_initstate, sizeof sha256_initstate);
     return 0;
 }
@@ -237,20 +250,13 @@ crypto_hash_sha256_update(crypto_hash_sha256_state *state,
                           const unsigned char *in,
                           unsigned long long inlen)
 {
-    uint32_t bitlen[2];
     uint32_t r;
-    r = (state->count[1] >> 3) & 0x3f;
-    bitlen[1] = ((uint32_t)inlen) << 3;
-    bitlen[0] = (uint32_t)(inlen >> 29);
-    /* LCOV_EXCL_START */
-    if ((state->count[1] += bitlen[1]) < bitlen[1]) {
-        state->count[0]++;
+    if (inlen <= 0U) {
+        return 0;
     }
-    /* LCOV_EXCL_STOP */
-    state->count[0] += bitlen[0];
+    r = (state->count >> 3) & 0x3f;
+    state->count += (uint64_t)(inlen) << 3;
     if (inlen < 64 - r) {
         memcpy(&state->buf[r], in, inlen);

data/vendor/libsodium/src/libsodium/crypto_hash/sha512/cp/hash_sha512.c CHANGED

@@ -244,16 +244,15 @@ SHA512_Pad(crypto_hash_sha512_state *state)
 int
 crypto_hash_sha512_init(crypto_hash_sha512_state *state)
 {
-    state->count[0] = state->count[1] = 0;
-    state->state[0] = 0x6a09e667f3bcc908ULL;
-    state->state[1] = 0xbb67ae8584caa73bULL;
-    state->state[2] = 0x3c6ef372fe94f82bULL;
-    state->state[3] = 0xa54ff53a5f1d36f1ULL;
-    state->state[4] = 0x510e527fade682d1ULL;
-    state->state[5] = 0x9b05688c2b3e6c1fULL;
-    state->state[6] = 0x1f83d9abfb41bd6bULL;
-    state->state[7] = 0x5be0cd19137e2179ULL;
+    static const uint64_t sha512_initstate[8] = {
+        0x6a09e667f3bcc908ULL, 0xbb67ae8584caa73bULL,
+        0x3c6ef372fe94f82bULL, 0xa54ff53a5f1d36f1ULL,
+        0x510e527fade682d1ULL, 0x9b05688c2b3e6c1fULL,
+        0x1f83d9abfb41bd6bULL, 0x5be0cd19137e2179ULL
+    };
+    state->count[0] = state->count[1] = (uint64_t) 0U;
+    memcpy(state->state, sha512_initstate, sizeof sha512_initstate);
     return 0;
 }

data/vendor/libsodium/src/libsodium/crypto_pwhash/scryptsalsa208sha256/crypto_scrypt-common.c CHANGED

@@ -153,7 +153,8 @@ escrypt_r(escrypt_local_t * local, const uint8_t * passwd, size_t passwdlen,
     if (need > buflen || need < saltlen) {
         return NULL;
     }
-#if defined(HAVE_EMMINTRIN_H) || defined(_MSC_VER)
+#if defined(HAVE_EMMINTRIN_H) || \
+    (defined(_MSC_VER) && (defined(_M_X64) || defined(_M_AMD64) || defined(_M_IX86)))
     escrypt_kdf =
         sodium_runtime_has_sse2() ? escrypt_kdf_sse : escrypt_kdf_nosse;
 #else
@@ -234,7 +235,8 @@ crypto_pwhash_scryptsalsa208sha256_ll(const uint8_t * passwd, size_t passwdlen,
     if (escrypt_init_local(&local)) {
         return -1; /* LCOV_EXCL_LINE */
     }
-#if defined(HAVE_EMMINTRIN_H) || defined(_MSC_VER)
+#if defined(HAVE_EMMINTRIN_H) || \
+    (defined(_MSC_VER) && (defined(_M_X64) || defined(_M_AMD64) || defined(_M_IX86)))
     escrypt_kdf =
         sodium_runtime_has_sse2() ? escrypt_kdf_sse : escrypt_kdf_nosse;
 #else

data/vendor/libsodium/src/libsodium/crypto_pwhash/scryptsalsa208sha256/crypto_scrypt.h CHANGED

@@ -31,6 +31,7 @@
 #define crypto_scrypt_H
 #include <stdint.h>
+#include <stddef.h>
 #if SIZE_MAX > 0xffffffffULL
 # define ARCH_BITS 64