RubyGems - rbnacl-libsodium - Versions diffs - 1.0.3 → 1.0.4 - Mend

rbnacl-libsodium 1.0.3 → 1.0.4

Files changed (131) hide show

data/vendor/libsodium/src/libsodium/include/sodium/crypto_aead_chacha20poly1305.h CHANGED

@@ -29,7 +29,7 @@ size_t crypto_aead_chacha20poly1305_abytes(void);
 SODIUM_EXPORT
 int crypto_aead_chacha20poly1305_encrypt(unsigned char *c,
-                                         unsigned long long *clen,
+                                         unsigned long long *clen_p,
                                          const unsigned char *m,
                                          unsigned long long mlen,
                                          const unsigned char *ad,
@@ -40,7 +40,7 @@ int crypto_aead_chacha20poly1305_encrypt(unsigned char *c,
 SODIUM_EXPORT
 int crypto_aead_chacha20poly1305_decrypt(unsigned char *m,
-                                         unsigned long long *mlen,
+                                         unsigned long long *mlen_p,
                                          unsigned char *nsec,
                                          const unsigned char *c,
                                          unsigned long long clen,
@@ -48,6 +48,32 @@ int crypto_aead_chacha20poly1305_decrypt(unsigned char *m,
                                          unsigned long long adlen,
                                          const unsigned char *npub,
                                          const unsigned char *k);
+#define crypto_aead_chacha20poly1305_IETF_NPUBBYTES 12U
+SODIUM_EXPORT
+size_t crypto_aead_chacha20poly1305_ietf_npubbytes(void);
+SODIUM_EXPORT
+int crypto_aead_chacha20poly1305_ietf_encrypt(unsigned char *c,
+                                              unsigned long long *clen_p,
+                                              const unsigned char *m,
+                                              unsigned long long mlen,
+                                              const unsigned char *ad,
+                                              unsigned long long adlen,
+                                              const unsigned char *nsec,
+                                              const unsigned char *npub,
+                                              const unsigned char *k);
+SODIUM_EXPORT
+int crypto_aead_chacha20poly1305_ietf_decrypt(unsigned char *m,
+                                              unsigned long long *mlen_p,
+                                              unsigned char *nsec,
+                                              const unsigned char *c,
+                                              unsigned long long clen,
+                                              const unsigned char *ad,
+                                              unsigned long long adlen,
+                                              const unsigned char *npub,
+                                              const unsigned char *k);
 #ifdef __cplusplus
 }
 #endif

data/vendor/libsodium/src/libsodium/include/sodium/crypto_generichash_blake2b.h CHANGED

@@ -7,12 +7,6 @@
 #include "export.h"
-#if defined(_MSC_VER)
-# define CRYPTO_ALIGN(x) __declspec(align(x))
-#else
-# define CRYPTO_ALIGN(x) __attribute__((aligned(x)))
-#endif
 #ifdef __cplusplus
 # if __GNUC__
 #  pragma GCC diagnostic ignored "-Wlong-long"

data/vendor/libsodium/src/libsodium/include/sodium/crypto_hash_sha256.h CHANGED

@@ -23,7 +23,7 @@ extern "C" {
 typedef struct crypto_hash_sha256_state {
     uint32_t      state[8];
-    uint32_t      count[2];
+    uint64_t      count;
     unsigned char buf[64];
 } crypto_hash_sha256_state;
 SODIUM_EXPORT

data/vendor/libsodium/src/libsodium/include/sodium/crypto_stream_chacha20.h CHANGED

@@ -28,6 +28,8 @@ size_t crypto_stream_chacha20_keybytes(void);
 SODIUM_EXPORT
 size_t crypto_stream_chacha20_noncebytes(void);
+/* ChaCha20 with a 64-bit nonce and a 64-bit counter, as originally designed */
 SODIUM_EXPORT
 int crypto_stream_chacha20(unsigned char *c, unsigned long long clen,
                            const unsigned char *n, const unsigned char *k);
@@ -42,6 +44,27 @@ int crypto_stream_chacha20_xor_ic(unsigned char *c, const unsigned char *m,
                                   unsigned long long mlen,
                                   const unsigned char *n, uint64_t ic,
                                   const unsigned char *k);
+/* ChaCha20 with a 96-bit nonce and a 32-bit counter (IETF) */
+#define crypto_stream_chacha20_IETF_NONCEBYTES 12U
+SODIUM_EXPORT
+size_t crypto_stream_chacha20_ietf_noncebytes(void);
+SODIUM_EXPORT
+int crypto_stream_chacha20_ietf(unsigned char *c, unsigned long long clen,
+                                const unsigned char *n, const unsigned char *k);
+SODIUM_EXPORT
+int crypto_stream_chacha20_ietf_xor(unsigned char *c, const unsigned char *m,
+                                    unsigned long long mlen, const unsigned char *n,
+                                    const unsigned char *k);
+SODIUM_EXPORT
+int crypto_stream_chacha20_ietf_xor_ic(unsigned char *c, const unsigned char *m,
+                                       unsigned long long mlen,
+                                       const unsigned char *n, uint32_t ic,
+                                       const unsigned char *k);
 #ifdef __cplusplus
 }
 #endif

data/vendor/libsodium/src/libsodium/include/sodium/export.h CHANGED

@@ -29,4 +29,12 @@
 # endif
 #endif
+#ifndef CRYPTO_ALIGN
+# if defined(__INTEL_COMPILER) || defined(_MSC_VER)
+#  define CRYPTO_ALIGN(x) __declspec(align(x))
+# else
+#  define CRYPTO_ALIGN(x) __attribute__((aligned(x)))
+# endif
+#endif
 #endif

data/vendor/libsodium/src/libsodium/include/sodium/randombytes_nativeclient.h ADDED

@@ -0,0 +1,37 @@
+#ifndef randombytes_nativeclient_H
+#define randombytes_nativeclient_H
+#ifdef __native_client__
+#include <stddef.h>
+#include <stdint.h>
+#include "export.h"
+#ifdef __cplusplus
+extern "C" {
+#endif
+SODIUM_EXPORT
+extern struct randombytes_implementation randombytes_nativeclient_implementation;
+SODIUM_EXPORT
+const char *randombytes_nativeclient_implementation_name(void);
+SODIUM_EXPORT
+uint32_t    randombytes_nativeclient(void);
+SODIUM_EXPORT
+uint32_t    randombytes_nativeclient_uniform(const uint32_t upper_bound);
+SODIUM_EXPORT
+void        randombytes_nativeclient_buf(void * const buf, const size_t size);
+#ifdef __cplusplus
+}
+#endif
+#endif
+#endif

data/vendor/libsodium/src/libsodium/include/sodium/randombytes_salsa20_random.h CHANGED

@@ -4,8 +4,9 @@
 /*
  * THREAD SAFETY: randombytes_salsa20_random*() functions are
- * fork()-safe but not thread-safe.
- * Always wrap them in a mutex if you need thread safety.
+ * not thread-safe.
+ * Always wrap them in a mutex if you need thread safety,
+ * and call randombytes_stir() after fork()ing.
  */
 #include <stddef.h>

data/vendor/libsodium/src/libsodium/include/sodium/runtime.h CHANGED

@@ -20,6 +20,12 @@ int sodium_runtime_has_sse2(void);
 SODIUM_EXPORT
 int sodium_runtime_has_sse3(void);
+SODIUM_EXPORT
+int sodium_runtime_has_pclmul(void);
+SODIUM_EXPORT
+int sodium_runtime_has_aesni(void);
 #ifdef __cplusplus
 }
 #endif

data/vendor/libsodium/src/libsodium/include/sodium/utils.h CHANGED

@@ -19,7 +19,8 @@ extern "C" {
 SODIUM_EXPORT
 void sodium_memzero(void * const pnt, const size_t len);
-/* WARNING: sodium_memcmp() must be used to verify if two secret keys
+/*
+ * WARNING: sodium_memcmp() must be used to verify if two secret keys
  * are equal, in constant time.
  * It returns 0 if the keys are equal, and -1 if they differ.
  * This function is not designed for lexicographical comparisons.
@@ -27,6 +28,19 @@ void sodium_memzero(void * const pnt, const size_t len);
 SODIUM_EXPORT
 int sodium_memcmp(const void * const b1_, const void * const b2_, size_t len);
+/*
+ * sodium_compare() returns -1 if b1_ < b2_, 1 if b1_ > b2_ and 0 if b1_ == b2_
+ * It is suitable for lexicographical comparisons, or to compare nonces
+ * and counters stored in little-endian format.
+ * However, it is slower than sodium_memcmp().
+ */
+SODIUM_EXPORT
+int sodium_compare(const unsigned char *b1_, const unsigned char *b2_,
+                   size_t len);
+SODIUM_EXPORT
+void sodium_increment(unsigned char *n, const size_t nlen);
 SODIUM_EXPORT
 char *sodium_bin2hex(char * const hex, const size_t hex_maxlen,
                      const unsigned char * const bin, const size_t bin_len);

data/vendor/libsodium/src/libsodium/randombytes/nativeclient/randombytes_nativeclient.c ADDED

@@ -0,0 +1,49 @@
+#include <assert.h>
+#include <stdint.h>
+#include <stdlib.h>
+#ifdef __native_client__
+# include <nacl/nacl_random.h>
+# include "utils.h"
+# include "randombytes.h"
+# include "randombytes_nativeclient.h"
+void
+randombytes_nativeclient_buf(void * const buf, const size_t size)
+{
+    size_t readnb;
+    if (nacl_secure_random(buf, size, &readnb) != 0) {
+        abort();
+    }
+    assert(readnb == size);
+}
+uint32_t
+randombytes_nativeclient_random(void)
+{
+    uint32_t r;
+    randombytes_nativeclient_buf(&r, sizeof r);
+    return r;
+}
+const char *
+randombytes_nativeclient_implementation_name(void)
+{
+    return "nativeclient";
+}
+struct randombytes_implementation randombytes_nativeclient_implementation = {
+    SODIUM_C99(.implementation_name =) randombytes_nativeclient_implementation_name,
+    SODIUM_C99(.random =) randombytes_nativeclient_random,
+    SODIUM_C99(.stir =) NULL,
+    SODIUM_C99(.uniform =) NULL,
+    SODIUM_C99(.buf =) randombytes_nativeclient_buf,
+    SODIUM_C99(.close =) NULL
+};
+#endif

data/vendor/libsodium/src/libsodium/randombytes/randombytes.c CHANGED

@@ -12,9 +12,18 @@
 #include "randombytes.h"
 #include "randombytes_sysrandom.h"
+#ifdef __native_client__
+# include "randombytes_nativeclient.h"
+#endif
 #ifndef __EMSCRIPTEN__
+#ifdef __native_client__
+static const randombytes_implementation *implementation =
+    &randombytes_nativeclient_implementation;
+#else
 static const randombytes_implementation *implementation =
     &randombytes_sysrandom_implementation;
+#endif
 #else
 static const randombytes_implementation *implementation = NULL;
 #endif
@@ -60,7 +69,8 @@ randombytes_stir(void)
     EM_ASM({
         if (Module.getRandomValue === undefined) {
             try {
-                var crypto_ = ("object" === typeof window ? window : self).crypto,
+                var window_ = "object" === typeof window ? window : self,
+                    crypto_ = typeof window_.crypto !== "undefined" ? window_.crypto : window_.msCrypto,
                     randomValuesStandard = function() {
                         var buf = new Uint32Array(1);
                         crypto_.getRandomValues(buf);

data/vendor/libsodium/src/libsodium/randombytes/salsa20/randombytes_salsa20_random.c CHANGED

@@ -42,12 +42,16 @@ BOOLEAN NTAPI RtlGenRandom(PVOID RandomBuffer, ULONG RandomBufferLength);
 #define SHA512_MIN_PAD_SIZE (1U + 16U)
 #define COMPILER_ASSERT(X) (void) sizeof(char[(X) ? 1 : -1])
+#if defined(__OpenBSD__) || defined(__CloudABI__)
+# define HAVE_SAFE_ARC4RANDOM 1
+#endif
 typedef struct Salsa20Random_ {
     unsigned char key[crypto_stream_salsa20_KEYBYTES];
     unsigned char rnd32[16U * SALSA20_RANDOM_BLOCK_SIZE];
     uint64_t      nonce;
     size_t        rnd32_outleft;
-#ifndef _MSC_VER
+#ifdef HAVE_GETPID
     pid_t         pid;
 #endif
     int           random_data_source_fd;
@@ -65,27 +69,24 @@ static Salsa20Random stream = {
 static uint64_t
 sodium_hrtime(void)
 {
-    struct timeval tv;
-    uint64_t       ts = (uint64_t) 0U;
-    int            ret;
+    uint64_t ts;
 #ifdef _WIN32
-    struct _timeb tb;
+    {
+        struct _timeb tb;
 # pragma warning(push)
 # pragma warning(disable: 4996)
-    _ftime(&tb);
+        _ftime(&tb);
 # pragma warning(pop)
-    tv.tv_sec = (long) tb.time;
-    tv.tv_usec = ((int) tb.millitm) * 1000;
-    ret = 0;
+        ts = ((uint64_t) tb.time) * 1000000U + ((uint64_t) tb.millitm) * 1000U;
+    }
 #else
-    ret = gettimeofday(&tv, NULL);
-#endif
-    assert(ret == 0);
-    if (ret == 0) {
-        ts = (uint64_t) tv.tv_sec * 1000000U + (uint64_t) tv.tv_usec;
+    {
+        struct timeval tv;
+        assert(gettimeofday(&tv, NULL) == 0);
+        ts = ((uint64_t) tv.tv_sec) * 1000000U + (uint64_t) tv.tv_usec;
     }
+#endif
     return ts;
 }
@@ -115,15 +116,16 @@ safe_read(const int fd, void * const buf_, size_t size)
 #endif
 #ifndef _WIN32
+# ifndef HAVE_SAFE_ARC4RANDOM
 static int
 randombytes_salsa20_random_random_dev_open(void)
 {
 /* LCOV_EXCL_START */
     struct stat       st;
     static const char *devices[] = {
-# ifndef USE_BLOCKING_RANDOM
+#  ifndef USE_BLOCKING_RANDOM
         "/dev/urandom",
-# endif
+#  endif
         "/dev/random", NULL
     };
     const char **     device = devices;
@@ -132,10 +134,16 @@ randombytes_salsa20_random_random_dev_open(void)
     do {
         fd = open(*device, O_RDONLY);
         if (fd != -1) {
-            if (fstat(fd, &st) == 0 && S_ISCHR(st.st_mode)) {
-# if defined(F_SETFD) && defined(FD_CLOEXEC)
-                (void) fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | FD_CLOEXEC);
+            if (fstat(fd, &st) == 0 &&
+# ifdef S_ISNAM
+                (S_ISNAM(st.st_mode) || S_ISCHR(st.st_mode))
+# else
+                S_ISCHR(st.st_mode)
 # endif
+               ) {
+#  if defined(F_SETFD) && defined(FD_CLOEXEC)
+                (void) fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | FD_CLOEXEC);
+#  endif
                 return fd;
             }
             (void) close(fd);
@@ -149,8 +157,9 @@ randombytes_salsa20_random_random_dev_open(void)
     return -1;
 /* LCOV_EXCL_STOP */
 }
+# endif
-#ifdef SYS_getrandom
+# ifdef SYS_getrandom
 static int
 _randombytes_linux_getrandom(void * const buf, const size_t size)
 {
@@ -184,7 +193,7 @@ randombytes_linux_getrandom(void * const buf_, size_t size)
     return 0;
 }
-#endif
+# endif
 static void
 randombytes_salsa20_random_init(void)
@@ -194,7 +203,11 @@ randombytes_salsa20_random_init(void)
     stream.nonce = sodium_hrtime();
     assert(stream.nonce != (uint64_t) 0U);
-# ifdef SYS_getrandom
+# ifdef HAVE_SAFE_ARC4RANDOM
+    errno = errno_save;
+# else
+#  ifdef SYS_getrandom
     {
         unsigned char fodder[16];
@@ -205,13 +218,14 @@ randombytes_salsa20_random_init(void)
         }
         stream.getrandom_available = 0;
     }
-# endif
+#  endif /* SYS_getrandom */
     if ((stream.random_data_source_fd =
          randombytes_salsa20_random_random_dev_open()) == -1) {
         abort(); /* LCOV_EXCL_LINE */
     }
     errno = errno_save;
+# endif /* HAVE_SAFE_ARC4RANDOM */
 }
 #else /* _WIN32 */
@@ -224,6 +238,17 @@ randombytes_salsa20_random_init(void)
 }
 #endif
+static void
+randombytes_salsa20_random_rekey(const unsigned char * const mix)
+{
+    unsigned char *key = stream.key;
+    size_t         i;
+    for (i = (size_t) 0U; i < sizeof stream.key; i++) {
+        key[i] ^= mix[i];
+    }
+}
 void
 randombytes_salsa20_random_stir(void)
 {
@@ -235,7 +260,6 @@ randombytes_salsa20_random_stir(void)
     unsigned char  m0[crypto_auth_hmacsha512256_BYTES +
                       2U * SHA512_BLOCK_SIZE - SHA512_MIN_PAD_SIZE];
     unsigned char *k0 = m0 + crypto_auth_hmacsha512256_BYTES;
-    size_t         i;
     size_t         sizeof_k0 = sizeof m0 - crypto_auth_hmacsha512256_BYTES;
     memset(stream.rnd32, 0, sizeof stream.rnd32);
@@ -245,7 +269,10 @@ randombytes_salsa20_random_stir(void)
         stream.initialized = 1;
     }
 #ifndef _WIN32
-# ifdef SYS_getrandom
+# ifdef HAVE_SAFE_ARC4RANDOM
+    arc4random_buf(m0, sizeof m0);
+# elif defined(SYS_getrandom)
     if (stream.getrandom_available != 0) {
         if (randombytes_linux_getrandom(m0, sizeof m0) != 0) {
             abort(); /* LCOV_EXCL_LINE */
@@ -262,6 +289,7 @@ randombytes_salsa20_random_stir(void)
         abort(); /* LCOV_EXCL_LINE */
     }
 # endif
 #else /* _WIN32 */
     if (! RtlGenRandom((PVOID) m0, (ULONG) sizeof m0)) {
         abort(); /* LCOV_EXCL_LINE */
@@ -270,40 +298,29 @@ randombytes_salsa20_random_stir(void)
     COMPILER_ASSERT(sizeof stream.key == crypto_auth_hmacsha512256_BYTES);
     crypto_auth_hmacsha512256(stream.key, k0, sizeof_k0, s);
     COMPILER_ASSERT(sizeof stream.key <= sizeof m0);
-    for (i = (size_t) 0U; i < sizeof stream.key; i++) {
-        stream.key[i] ^= m0[i];
-    }
+    randombytes_salsa20_random_rekey(m0);
     sodium_memzero(m0, sizeof m0);
+#ifdef HAVE_GETPID
+    stream.pid = getpid();
+#endif
 }
 static void
 randombytes_salsa20_random_stir_if_needed(void)
 {
-#ifdef _MSC_VER
+#ifdef HAVE_GETPID
     if (stream.initialized == 0) {
         randombytes_salsa20_random_stir();
+    } else if (stream.pid != getpid()) {
+        abort();
     }
 #else
-    const pid_t pid = getpid();
-    if (stream.initialized == 0 || stream.pid != pid) {
-        stream.pid = pid;
+    if (stream.initialized == 0) {
         randombytes_salsa20_random_stir();
     }
 #endif
 }
-static void
-randombytes_salsa20_random_rekey(const unsigned char * const mix)
-{
-    unsigned char *key = stream.key;
-    size_t         i;
-    for (i = (size_t) 0U; i < sizeof stream.key; i++) {
-        key[i] ^= mix[i];
-    }
-}
 static uint32_t
 randombytes_salsa20_random_getword(void)
 {
@@ -342,13 +359,22 @@ randombytes_salsa20_random_close(void)
         close(stream.random_data_source_fd) == 0) {
         stream.random_data_source_fd = -1;
         stream.initialized = 0;
+# ifdef HAVE_GETPID
+        stream.pid = (pid_t) 0;
+# endif
         ret = 0;
     }
+# ifdef HAVE_SAFE_ARC4RANDOM
+    ret = 0;
+# endif
 # ifdef SYS_getrandom
     if (stream.getrandom_available != 0) {
         ret = 0;
     }
 # endif
 #else /* _WIN32 */
     if (stream.initialized != 0) {
         stream.initialized = 0;