rbnacl-libsodium 1.0.7 → 1.0.8

data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/scalarmult_curve25519.c

@@ -11,7 +11,7 @@
 static const crypto_scalarmult_curve25519_implementation *implementation =
     &crypto_scalarmult_curve25519_donna_c64_implementation;
 #else
-# include "ref10/curve25519_ref10.h"
+# include "ref10/x25519_ref10.h"
 static const crypto_scalarmult_curve25519_implementation *implementation =
     &crypto_scalarmult_curve25519_ref10_implementation;
 #endif

data/vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/keypair.c

@@ -4,10 +4,9 @@
 #include "crypto_sign_ed25519.h"
 #include "crypto_hash_sha512.h"
 #include "crypto_scalarmult_curve25519.h"
-#include "fe.h"
-#include "ge.h"
 #include "randombytes.h"
 #include "utils.h"
+#include "../../../crypto_core/curve25519/ref10/curve25519_ref10.h"
 
 int crypto_sign_ed25519_seed_keypair(unsigned char *pk, unsigned char *sk,
                                      const unsigned char *seed)

data/vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/obsolete.c

@@ -6,11 +6,9 @@
 #include "crypto_hash_sha512.h"
 #include "crypto_sign_edwards25519sha512batch.h"
 #include "crypto_verify_32.h"
-#include "fe.h"
-#include "ge.h"
 #include "randombytes.h"
-#include "sc.h"
 #include "utils.h"
+#include "../../../crypto_core/curve25519/ref10/curve25519_ref10.h"
 
 int crypto_sign_edwards25519sha512batch_keypair(unsigned char *pk,
                                                 unsigned char *sk)
@@ -107,7 +105,7 @@ int crypto_sign_edwards25519sha512batch_open(unsigned char *m,
         return -1;
     }
     *mlen_p = mlen;
-    memmove(m, sm + 64, mlen);
+    memmove(m, sm + 32, mlen);
 
     return 0;
 }

data/vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/open.c

@@ -6,9 +6,8 @@
 #include "crypto_hash_sha512.h"
 #include "crypto_sign_ed25519.h"
 #include "crypto_verify_32.h"
-#include "ge.h"
-#include "sc.h"
 #include "utils.h"
+#include "../../../crypto_core/curve25519/ref10/curve25519_ref10.h"
 
 int
 crypto_sign_ed25519_verify_detached(const unsigned char *sig,

data/vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/sign.c

@@ -3,9 +3,8 @@
 
 #include "crypto_hash_sha512.h"
 #include "crypto_sign_ed25519.h"
-#include "ge.h"
-#include "sc.h"
 #include "utils.h"
+#include "../../../crypto_core/curve25519/ref10/curve25519_ref10.h"
 
 int
 crypto_sign_ed25519_detached(unsigned char *sig, unsigned long long *siglen_p,

data/vendor/libsodium/src/libsodium/crypto_stream/chacha20/ref/stream_chacha20_ref.c

@@ -229,7 +229,7 @@ chacha_encrypt_bytes(chacha_ctx *ctx, const u8 *m, u8 *c, unsigned long long byt
         if (bytes <= 64) {
             if (bytes < 64) {
                 for (i = 0; i < (unsigned int) bytes; ++i) {
-                    ctarget[i] = c[i];
+                    ctarget[i] = c[i]; /* ctarget cannot be NULL */
                 }
             }
             ctx->input[12] = j12;

data/vendor/libsodium/src/libsodium/crypto_stream/chacha20/vec/stream_chacha20_vec.c

@@ -16,7 +16,7 @@
 
 #define CHACHA_RNDS 20
 
-typedef unsigned int vec __attribute__((vector_size(16)));
+typedef unsigned int vec __attribute__ ((vector_size(16)));
 
 #include <emmintrin.h>
 #include <tmmintrin.h>
@@ -97,13 +97,20 @@ typedef struct chacha_ctx chacha_ctx;
 static void
 chacha_ivsetup(chacha_ctx *ctx, const uint8_t *iv, uint64_t ic)
 {
-    const vec s3 = {
-        (uint32_t) ic,
-        (uint32_t) (ic >> 32),
-        ((const uint32_t *) (const void *) iv)[0],
-        ((const uint32_t *) (const void *) iv)[1]
-    };
-    ctx->s3 = s3;
+    uint32_t iv_low;
+    uint32_t iv_high;
+
+    memcpy(&iv_low, iv, 4);
+    memcpy(&iv_high, iv + 4, 4);
+    {
+        const vec s3 = {
+            (uint32_t) ic,
+            (uint32_t) (ic >> 32),
+            iv_low,
+            iv_high
+        };
+        ctx->s3 = s3;
+    }
 }
 
 static void
@@ -138,7 +145,7 @@ chacha_encrypt_bytes(chacha_ctx *ctx, const uint8_t *in, uint8_t *out,
     unsigned long long  i;
 
     if (inlen > 64ULL * (1ULL << 32) - 64ULL) {
-        abort();
+        abort(); /* LCOV_EXCL_LINE */
     }
     s0 = LOAD_ALIGNED(chacha_const);
     s1 = ctx->s1;

data/vendor/libsodium/src/libsodium/include/sodium/export.h

@@ -21,7 +21,7 @@
 # else
 #  if defined(__SUNPRO_C)
 #   ifndef __GNU_C__
-#    define SODIUM_EXPORT __attribute__(visibility(__global))
+#    define SODIUM_EXPORT __attribute__ (visibility(__global))
 #   else
 #    define SODIUM_EXPORT __attribute__ __global
 #   endif
@@ -37,7 +37,7 @@
 # if defined(__INTEL_COMPILER) || defined(_MSC_VER)
 #  define CRYPTO_ALIGN(x) __declspec(align(x))
 # else
-#  define CRYPTO_ALIGN(x) __attribute__((aligned(x)))
+#  define CRYPTO_ALIGN(x) __attribute__ ((aligned(x)))
 # endif
 #endif
 

data/vendor/libsodium/src/libsodium/include/sodium/utils.h

@@ -10,10 +10,12 @@
 extern "C" {
 #endif
 
-#if defined(__cplusplus) || !defined(__STDC_VERSION__) || __STDC_VERSION__ < 199901L
-# define SODIUM_C99(X)
-#else
-# define SODIUM_C99(X) X
+#ifndef SODIUM_C99
+# if defined(__cplusplus) || !defined(__STDC_VERSION__) || __STDC_VERSION__ < 199901L
+#  define SODIUM_C99(X)
+# else
+#  define SODIUM_C99(X) X
+# endif
 #endif
 
 SODIUM_EXPORT

data/vendor/libsodium/src/libsodium/randombytes/salsa20/randombytes_salsa20_random.c

@@ -14,6 +14,7 @@
 #include <fcntl.h>
 #include <limits.h>
 #include <stdint.h>
+#include <stdlib.h>
 #include <string.h>
 #ifndef _MSC_VER
 # include <unistd.h>
@@ -50,21 +51,21 @@ BOOLEAN NTAPI RtlGenRandom(PVOID RandomBuffer, ULONG RandomBufferLength);
 #endif
 
 typedef struct Salsa20Random_ {
+    size_t        rnd32_outleft;
+    int           random_data_source_fd;
+    int           initialized;
+    int           getrandom_available;
     unsigned char key[crypto_stream_salsa20_KEYBYTES];
     unsigned char rnd32[16U * SALSA20_RANDOM_BLOCK_SIZE];
     uint64_t      nonce;
-    size_t        rnd32_outleft;
 #ifdef HAVE_GETPID
     pid_t         pid;
 #endif
-    int           random_data_source_fd;
-    int           initialized;
-    int           getrandom_available;
 } Salsa20Random;
 
 static Salsa20Random stream = {
-    SODIUM_C99(.random_data_source_fd =) -1,
     SODIUM_C99(.rnd32_outleft =) (size_t) 0U,
+    SODIUM_C99(.random_data_source_fd =) -1,
     SODIUM_C99(.initialized =) 0,
     SODIUM_C99(.getrandom_available =) 0
 };
@@ -86,7 +87,10 @@ sodium_hrtime(void)
 #else
     {
         struct timeval tv;
-        assert(gettimeofday(&tv, NULL) == 0);
+
+        if (gettimeofday(&tv, NULL) != 0) {
+            abort(); /* LCOV_EXCL_LINE */
+        }
         ts = ((uint64_t) tv.tv_sec) * 1000000U + (uint64_t) tv.tv_usec;
     }
 #endif
@@ -104,7 +108,7 @@ safe_read(const int fd, void * const buf_, size_t size)
     assert(size <= SSIZE_MAX);
     do {
         while ((readnb = read(fd, buf, size)) < (ssize_t) 0 &&
-               (errno == EINTR || errno == EAGAIN));  /* LCOV_EXCL_LINE */
+               (errno == EINTR || errno == EAGAIN)); /* LCOV_EXCL_LINE */
         if (readnb < (ssize_t) 0) {
             return readnb; /* LCOV_EXCL_LINE */
         }
@@ -304,7 +308,7 @@ randombytes_salsa20_random_stir(void)
 #endif
     if (crypto_generichash(stream.key, sizeof stream.key, k0, sizeof_k0,
                            hsigma, sizeof hsigma) != 0) {
-        abort();
+        abort(); /* LCOV_EXCL_LINE */
     }
     COMPILER_ASSERT(sizeof stream.key <= sizeof m0);
     randombytes_salsa20_random_rekey(m0);

data/vendor/libsodium/src/libsodium/sodium/core.c

@@ -8,6 +8,15 @@
 #include "runtime.h"
 #include "utils.h"
 
+#if 0
+# warning This is unstable, untested, development code.
+# warning It might not compile. It might not work as expected.
+# warning It might be totally insecure.
+# warning Do not use this in production.
+# warning Use releases available at https://download.libsodium.org/libsodium/releases/ instead.
+# warning Alternatively, use the "stable" branch in the git repository.
+#endif
+
 static int initialized;
 
 int

data/vendor/libsodium/src/libsodium/sodium/runtime.c

@@ -1,4 +1,6 @@
 
+#include <stddef.h>
+#include <stdint.h>
 #ifdef HAVE_ANDROID_GETCPUFEATURES
 # include <cpu-features.h>
 #endif
@@ -19,13 +21,18 @@ typedef struct CPUFeatures_ {
 
 static CPUFeatures _cpu_features;
 
-#define CPUID_SSE2      0x04000000
-#define CPUIDECX_SSE3   0x00000001
-#define CPUIDECX_SSSE3  0x00000200
-#define CPUIDECX_SSE41  0x00080000
-#define CPUIDECX_AVX    0x10000000
-#define CPUIDECX_PCLMUL 0x00000002
-#define CPUIDECX_AESNI  0x02000000
+#define CPUID_SSE2       0x04000000
+#define CPUIDECX_SSE3    0x00000001
+#define CPUIDECX_SSSE3   0x00000200
+#define CPUIDECX_SSE41   0x00080000
+#define CPUIDECX_AVX     0x10000000
+#define CPUIDECX_PCLMUL  0x00000002
+#define CPUIDECX_AESNI   0x02000000
+#define CPUIDECX_XSAVE   0x04000000
+#define CPUIDECX_OSXSAVE 0x08000000
+
+#define XCR0_SSE         0x00000002
+#define XCR0_AVX         0x00000004
 
 static int
 _sodium_runtime_arm_cpu_features(CPUFeatures * const cpu_features)
@@ -130,11 +137,26 @@ _sodium_runtime_intel_cpu_features(CPUFeatures * const cpu_features)
     cpu_features->has_sse41 = 0;
 #endif
 
+    cpu_features->has_avx = 0;
 #if defined(HAVE_AVXINTRIN_H) || \
     (defined(_MSC_VER) && (defined(_M_X64) || defined(_M_AMD64) || defined(_M_IX86)))
-    cpu_features->has_avx = ((cpu_info[2] & CPUIDECX_AVX) != 0x0);
-#else
-    cpu_features->has_avx = 0;
+    if ((cpu_info[2] & (CPUIDECX_AVX | CPUIDECX_XSAVE | CPUIDECX_OSXSAVE))
+        == (CPUIDECX_AVX | CPUIDECX_XSAVE | CPUIDECX_OSXSAVE)) {
+        uint32_t xcr0 = 0U;
+# ifdef MSC_VER
+        __asm {
+            xor ecx, ecx
+            _asm _emit 0x0f _asm _emit 0x01 _asm _emit 0xd0
+            mov xcr0, eax
+        }
+# elif defined(HAVE_AVX_ASM)
+        __asm__ __volatile__ (".byte 0x0f, 0x01, 0xd0" /* XGETBV */
+                              : "=a"(xcr0) : "c"((uint32_t) 0U) : "%edx");
+# endif
+        if ((xcr0 & (XCR0_SSE | XCR0_AVX)) == (XCR0_SSE | XCR0_AVX)) {
+            cpu_features->has_avx = 1;
+        }
+    }
 #endif
 
 #if defined(HAVE_WMMINTRIN_H) || \

data/vendor/libsodium/src/libsodium/sodium/utils.c

@@ -50,7 +50,7 @@ static size_t page_size;
 static unsigned char canary[CANARY_SIZE];
 
 #ifdef HAVE_WEAK_SYMBOLS
-__attribute__((weak)) void
+__attribute__ ((weak)) void
 _sodium_dummy_symbol_to_prevent_memzero_lto(void * const pnt, const size_t len)
 {
     (void) pnt;
@@ -83,7 +83,7 @@ sodium_memzero(void * const pnt, const size_t len)
 }
 
 #ifdef HAVE_WEAK_SYMBOLS
-__attribute__((weak)) void
+__attribute__ ((weak)) void
 _sodium_dummy_symbol_to_prevent_memcmp_lto(const unsigned char *b1,
                                            const unsigned char *b2,
                                            const size_t len)
@@ -117,7 +117,7 @@ sodium_memcmp(const void * const b1_, const void * const b2_, size_t len)
 }
 
 #ifdef HAVE_WEAK_SYMBOLS
-__attribute__((weak)) void
+__attribute__ ((weak)) void
 _sodium_dummy_symbol_to_prevent_compare_lto(const unsigned char *b1,
                                             const unsigned char *b2,
                                             const size_t len)
@@ -459,7 +459,7 @@ _page_round(const size_t size)
     return (size + page_mask) & ~page_mask;
 }
 
-static __attribute__((malloc)) unsigned char *
+static __attribute__ ((malloc)) unsigned char *
 _alloc_aligned(const size_t size)
 {
     void *ptr;
@@ -514,13 +514,13 @@ _unprotected_ptr_from_user_ptr(void * const ptr)
 #endif /* HAVE_ALIGNED_MALLOC */
 
 #ifndef HAVE_ALIGNED_MALLOC
-static __attribute__((malloc)) void *
+static __attribute__ ((malloc)) void *
 _sodium_malloc(const size_t size)
 {
     return malloc(size);
 }
 #else
-static __attribute__((malloc)) void *
+static __attribute__ ((malloc)) void *
 _sodium_malloc(const size_t size)
 {
     void          *user_ptr;
@@ -563,7 +563,7 @@ _sodium_malloc(const size_t size)
 }
 #endif /* !HAVE_ALIGNED_MALLOC */
 
-__attribute__((malloc)) void *
+__attribute__ ((malloc)) void *
 sodium_malloc(const size_t size)
 {
     void *ptr;
@@ -576,7 +576,7 @@ sodium_malloc(const size_t size)
     return ptr;
 }
 
-__attribute__((malloc)) void *
+__attribute__ ((malloc)) void *
 sodium_allocarray(size_t count, size_t size)
 {
     size_t total_size;

data/vendor/libsodium/test/default/auth.c

@@ -15,7 +15,7 @@ static unsigned char a2[crypto_auth_hmacsha512_BYTES];
 int main(void)
 {
     crypto_auth_hmacsha512_state st;
-    int i;
+    size_t i;
 
     assert(crypto_auth_hmacsha512_statebytes() ==
            sizeof(crypto_auth_hmacsha512_state));

data/vendor/libsodium/test/default/box.c

@@ -2,23 +2,28 @@
 #define TEST_NAME "box"
 #include "cmptest.h"
 
-static unsigned char alicesk[32]
+static const unsigned char alicesk[32]
     = { 0x77, 0x07, 0x6d, 0x0a, 0x73, 0x18, 0xa5, 0x7d, 0x3c, 0x16, 0xc1,
         0x72, 0x51, 0xb2, 0x66, 0x45, 0xdf, 0x4c, 0x2f, 0x87, 0xeb, 0xc0,
         0x99, 0x2a, 0xb1, 0x77, 0xfb, 0xa5, 0x1d, 0xb9, 0x2c, 0x2a };
 
-static unsigned char bobpk[32]
+static const unsigned char bobpk[32]
     = { 0xde, 0x9e, 0xdb, 0x7d, 0x7b, 0x7d, 0xc1, 0xb4, 0xd3, 0x5b, 0x61,
         0xc2, 0xec, 0xe4, 0x35, 0x37, 0x3f, 0x83, 0x43, 0xc8, 0x5b, 0x78,
         0x67, 0x4d, 0xad, 0xfc, 0x7e, 0x14, 0x6f, 0x88, 0x2b, 0x4f };
 
-static unsigned char nonce[24]
+static const unsigned char small_order_p[crypto_box_PUBLICKEYBYTES]
+    = { 0xe0, 0xeb, 0x7a, 0x7c, 0x3b, 0x41, 0xb8, 0xae, 0x16, 0x56, 0xe3,
+        0xfa, 0xf1, 0x9f, 0xc4, 0x6a, 0xda, 0x09, 0x8d, 0xeb, 0x9c, 0x32,
+        0xb1, 0xfd, 0x86, 0x62, 0x05, 0x16, 0x5f, 0x49, 0xb8, 0x00 };
+
+static const unsigned char nonce[24]
     = { 0x69, 0x69, 0x6e, 0xe9, 0x55, 0xb6, 0x2b, 0x73,
         0xcd, 0x62, 0xbd, 0xa8, 0x75, 0xfc, 0x73, 0xd6,
         0x82, 0x19, 0xe0, 0x03, 0x6b, 0x7a, 0x0b, 0x37 };
 
 // API requires first 32 bytes to be 0
-static unsigned char m[163]
+static const unsigned char m[163]
     = { 0,    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
         0,    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
         0,    0,    0,    0,    0,    0,    0,    0,    0xbe, 0x07, 0x5f, 0xc5,
@@ -50,8 +55,12 @@ int main(void)
             printf("\n");
     }
     printf("\n");
+    
+    ret = crypto_box(c, m, 163, nonce, small_order_p, alicesk);
+    assert(ret == -1);
 
     memset(c, 0, sizeof c);
+    
     ret = crypto_box_beforenm(k, bobpk, alicesk);
     assert(ret == 0);
     crypto_box_afternm(c, m, 163, nonce, k);
@@ -61,6 +70,9 @@ int main(void)
             printf("\n");
     }
     printf("\n");
+    
+    ret = crypto_box_beforenm(k, small_order_p, alicesk);
+    assert(ret == -1);
 
     assert(crypto_box_seedbytes() > 0U);
     assert(crypto_box_publickeybytes() > 0U);

data/vendor/libsodium/test/default/box2.c

@@ -12,6 +12,11 @@ static unsigned char alicepk[32]
         0xdc, 0xb4, 0x3e, 0xf7, 0x5a, 0x0d, 0xbf, 0x3a, 0x0d, 0x26, 0x38,
         0x1a, 0xf4, 0xeb, 0xa4, 0xa9, 0x8e, 0xaa, 0x9b, 0x4e, 0x6a };
 
+static const unsigned char small_order_p[crypto_box_PUBLICKEYBYTES]
+    = { 0xe0, 0xeb, 0x7a, 0x7c, 0x3b, 0x41, 0xb8, 0xae, 0x16, 0x56, 0xe3,
+        0xfa, 0xf1, 0x9f, 0xc4, 0x6a, 0xda, 0x09, 0x8d, 0xeb, 0x9c, 0x32,
+        0xb1, 0xfd, 0x86, 0x62, 0x05, 0x16, 0x5f, 0x49, 0xb8, 0x00 };
+
 static unsigned char nonce[24]
     = { 0x69, 0x69, 0x6e, 0xe9, 0x55, 0xb6, 0x2b, 0x73,
         0xcd, 0x62, 0xbd, 0xa8, 0x75, 0xfc, 0x73, 0xd6,
@@ -50,6 +55,8 @@ int main(void)
         }
         printf("\n");
     }
+    ret = crypto_box_open(m, c, 163, nonce, small_order_p, bobsk);
+    assert(ret == -1);
 
     memset(m, 0, sizeof m);
     ret = crypto_box_beforenm(k, alicepk, bobsk);