serval-dna/libsodium/THANKS

92 lines
2.2 KiB
Plaintext
Raw Normal View History

Squashed 'libsodium/' changes from 7d5d9204e..18609cffa 4c37368f9 Nits 94550cefd Remove dev #warning 3e0b4dec6 Add sodium_base64_encoded_len() 4ce2856a5 Avoid negations on unsigned values 7e06a6a99 Annotate 18f0fff89 More tests: verify that they key gets updated after the counter wraps e061abc2b The documentation is not a work in progress any more 91233a014 Tag salsa208 as deprecated ee1d5c96d Move the codecs tests to their own test file 558355e56 Check if SIGABRT can be trapped multiple times in a row 8ee67b1dd More tests 1f72dec89 More tests 3db75fc64 No need for ge_scalarmult_vartime() in minimal mode 41dc93322 More tests aec433cec Additional check 87af832ae Do not trigger Travis+Coverity in the master branch 7423408cd Make the behavior of hex2bin() consistent with base642bin() 00660d79b secretstream test: don't pull twice if we don't test with AD 3c8a7f17f Add tests for short, invalid unpadded base64 strings c7fe84cfb Skip trailing ignored characters in base64 decoding 70e5ff5e1 Add a helper macro to compute the length of a base64 string 9209e89d9 More tests 31e9a5541 More tests 61214ba6b Remove redundant test 525c21ed1 Tests 77f3b7135 Indent 1875980d3 More tests 5b9680ead More tests 4828c5923 ~ 80 columns please 66c621f41 Faster; doesn't require to wipe the output stream 5da8f4fbc Add a global xor_buf() private helper function 7d756fab9 xor the key and the nonce on rekey for better separation bb1b27fa3 Improve readability 10bb28b27 One more COMPILER_ASSERT() 2ce41de29 Define macros instead of repeated offsets e878bc141 More keygen tests f244f658d int -> size_t 9c53da4a6 metamorphic tests for HMAC bd69a3083 metamorphic tests for onetimeauth a7b75a2d7 + simple metamorphic tests for crypto_generichash() a029b352a Don't generate SSE2 code if that instruction set hasn't been enabled 09fd953fc Revert "__SSE2__ may need to be explicitly enabled" 35d8aa5d3 __SSE2__ may need to be explicitly enabled a161dd9fa On 32-bit systems, the limit is SIZE_MAX 251751e69 Update ChangeLog d8a8201bb Avoid "in" and "out". Use "c" to represent the ciphertext. 1181a47cb Proper xchacha20poly1305_MESSAGEBYTES_MAX definition bfab44aa4 initbytes -> headerbytes for clarity e8f1c0be6 secretstream: use "header" instead of "in" and "out" for clarity 9e0ff55eb Add the ability to use only strong symbols, even on ELF targets b0420b32d Define SODIUM_EXPORT_WEAK instead of adding __attribute__((weak)) tags ae515a16a Bring back -fno-asynchronous-unwind-tables on MingW 3df3fabb8 No default clause needed 1f8056ab1 Use #error in autoconf tests 147d8b620 Disable AVX512 on MingW even harder ffce4334e Disable AVX512 on MingW for now 07de00bc9 Revert -fno-asynchronous-unwind-tables addition 9aa116531 up eb8c283dd Add -fno-asynchronous-unwind-tables to optimized builds 186b398a2 -fno-asynchronous-unwind-tables is now required on MingW 7de597f05 Update m4 deps ; remove pkg.m4 383705ffc The AVX512 optimized BLAKE2B implementation hasn't been imported yet f86f021ac Travis CI : Move the tcc check to the install step 19496bcc0 Don't try to access /usr/local on Travis CI ca43a1268 Old tcc versions miscompile `while (++in[x])` 10edd16b4 Modernize the core3 test dcde773e5 Travis CI: don't run multiple jobs in parallel due to memory requirements 150c6930e Travis CI: avoid duplicate addons section cdfb0aaa3 tcc + travis... 9f4011197 tcc doesn't seem to work on Travis CI 7e8cdd827 Travis: start with a quick compilation using tcc c6aa04108 Move #ifdef up b31a3f247 Disable AVX512 optimizations on clang < 4 4aba976d5 Explicit casts 15ee95c64 Remove unused var dcd60ba66 Force inline 5cc334b33 Add AVX512F optimized Argon2 implementation 70f66c9a6 Check for avx/avx2/avx512f linkage 6866b3d55 Use macros instead of magic numbers 1c0677b09 Check for AVX512F support 80095105b Missing pieces of a version bump 390f865e3 Add tests for scrypt rehash 2a2b85eee Add tests for crypto_pwhash_str_needs_rehash() 979b21d67 Remove extra semicolumns 62c41c703 Avoid untagged unions 5cf1de94a Remove trailing coma 3aa1c71de Don't return void d0a418a86 + _crypto_pwhash_scryptsalsa208sha256_str_needs_rehash() 6dcba550c Confirm that emcc is actually being used if EMSCRIPTEN is defined 0ae678b0f Avoid multiple declarations in an EN_ASM({}) block b26de68a6 Use single quotes inside EM_ASM 1aae564da Avoid duplicate initializations; reorder for consistency w/ decl 81cf1ff6d Use unsigned for loop counters e2efa6d7e Remove unused variable e06c70afe Use the dedicated type for the argon2 type id 378304f81 Export crypto_pwhash_str_needs_rehash() to Javascript/WebAssembly e8828eef7 Don't bother verifying hashes whose length is >= crypto_pwhash_STRBYTES 7cc482523 Add crypto_pwhash_str_needs_rehash() c65189a0c Explicit casts 7b687bb45 + Jonathan Stowe for Natrium (Perl 6 bindings) c72ef48f0 Static-ify what we currently don't need in crypto_core/curve25519_ref10 5c8b8ea01 Simplify 0af31aeb2 Fill the max output buffer size in sodium_bin2base64() 6b43c1ddb Javascript: don't define crypto_pwhash constants in non-sumo builds e236df63e Trim empty lines 75cfcf208 Merge branch 'master' of github.com:jedisct1/libsodium e40e0f6dd Adjust secretstream_..._rekey() after e84336ac 514150d8b Merge branch 'master' of github.com:jedisct1/libsodium 394e21884 Do not clear the padding (for alignment) section of a blake2b state a0fea6965 Remove RUNNING_JS_OPTS for WebAssembly d863c9665 chmod +x *.sh 957c251f8 chmod +x *.sh ce2ecc596 One more compiler assertion e84336ac4 secretstream: assume the internal nonce is little endian fd4478288 Test sodium_pad() with a NULL pointer f61a121b8 Regen emscripten symbols f8e535a44 messagesbytes -> messagebytes cd721cfc1 Have generate-emscripten-symbols.sh automatically update the js/wasm build script aa20d2e86 Add secretstream constants 49f1d87cf salsa208: messagebyte -> messagebytes a0b9bc46e constcheck: grab a few more constants 0ccdfd0c8 Update emscripten symbols list 242045cb4 Update emscripten symbols list 30a25dbb2 Bump be58b2e66 Accept a NULL pointer for the padded length in sodium_pad() b503d75e4 Add crypto_secretstream_*() to MSVC solutions a55e13246 Update packaging for .NET Core (#583) 4c93d0391 C++ compat 0850e5580 Check that a zero blocksize returns -1 a27c18d0e No need for two buffers in the padding test d5574a69f Complete sodium_pad/unpad() and add a couple tests b9ed93fcb Change the sodium_pad() API to accept a maximum buffer length 4fd66e3ad Name similar things the same way in sodium_pad() and sodium_unpad() fb4dc083e Update ChangeLog 50c7632cc + sodium_pad() / sodium_unpad() 55a578d62 Merge branch 'master' of github.com:jedisct1/libsodium b27714898 Reorder crypto_secretstream_*() prototypes in a more intuitive sequence c3b315ec7 + Firefox 80296be94 Some notes about RtlGenRandom 914ff8757 Format paragraphs c65426147 Explain that sodium_misuse() still aborts by default 901c49203 + crypto_secretstream_*() a335fc2da Merge branch 'master' of github.com:jedisct1/libsodium 5f1f6f747 THANKS += PIA 6e8e0a93f Add a couple tests for crypto_secretstream_*() 88c0b6538 Trigger sodium_misuse() if mlen > secretstream_MESSAGESBYTES_MAX 72d5d506d Sort df7ad2632 Introduce a new crypto_secretstream_*() API 45f2759d8 Update packaging scripts to .NET Core 2.0 (#582) c39ecb245 Update packaging for .NET Core (#581) 100a055a5 Indent e6e3f7dd8 ChangeLog 76995c52f Argon2: use sodium_{bin2base64,base642bin} instead of a private implementation 265bdcfe0 bin2hex & bin2base64: return a null size on error a6480aec4 b64 test: intentionally overestimate sizes 74fd8fd1c C++ compat ad5a5232a Make that a size_t f42390a55 Update Visual Studio solutions cdbb43f44 base64 tests eb84b00b7 glibc requires <stdint.h> for SIZE_MAX 3f272cbbf Add a base64 codec, due to popular request 308684790 Move the codecs from sodium/utils.c to a dedicated file b49054ff8 Merge branch 'master' of github.com:jedisct1/libsodium ef7c9f44c Sort c87e6f5e1 Add -Wold-style-declaration dd9416fd5 Doc 1c573d4cb Update 5b141eb9e Add some blank lines for readability 7e91aa3f8 s/the// 4baea3575 Merge branch 'master' of github.com:jedisct1/libsodium 9b7db7c3f Document crypto_aead_aes256gcm_*() limitations 8f0953b31 Merge branch 'master' of github.com:jedisct1/libsodium 9e0e77a3f Update ChangeLog a894ec93f Add crypto_pwhash_str_alg() cde31281d Bench: don't tie the printed result to the number of iterations 6d59a5897 Make the number of iterations configurable; reduce the default 28a1e6886 Add an interesting test case for a custom randombytes_uniform implementation 5b4db091d Add a benchmark mode 8813c36ff randombytes test: restore the salsa20-based rng at the end, for benchmarks a8cc1634f Indent 9d03fbb38 Merge branch 'master' of github.com:jedisct1/libsodium 196e03299 Preliminary ChangeLog 19f76d7cb Simplify 544ce6400 Just a simple script to match constants with functions f711c6d04 + emscripten-wasm.sh 1a3b474f7 Update the exported list of JS symbols e1fa9cc90 Add *_messagebytes_max() wrappers 53280aa28 Revert "wasm tests: skip over *.asm.js files" ac8111c31 wasm tests: skip over *.asm.js files 29914ec82 [Findsodium.cmake] DON'T OVERWRITE LIBRARY SUFFIXES (#576) f02770b2a Revert "+ sodium_alloc_overhead()" c5b61d812 + sodium_alloc_overhead() 23c36615c Remove TOTAL_MEMORY from wasm builds c56fa3ccf Include private/common.h for COMPILER_ASSERT 56eb70f8b Sort 3c3214fbd Node need for --expose-wasm any more with recent nodejs versions b5b67d074 Add -fembed-bitcode to the iOS 64 target, for WatchOS and TVOS 580bf7a19 emscripten-wasm.sh: generate HTML files even if we don't use them ae8cd7208 emscript-wasm: don't use --enable-minimal on sumo builds f2a7b6123 Update symbols 774ec67e2 Repair sodium_core test 8a14f5c16 Don't call sodium_misuse() in the sodium_core test for Javascript/wasm targets 0ce03b6ce misuse test: just return from main() on unsupported platforms 6ac18dae4 The MESSAGEBYTES_MAX constants are to be used with the libsodium API 180a89cb2 More tests for signatures 90bd94e4e Coverage exclusion b34b89ab3 secrebox: add a test with in/out buffers next to each other 3dd56fa91 Coverage exclusions ff8bb6705 More tests for scrypt a3f90d602 Indent 63d8a896f Test KX with a weak PK 7ad9a46cb More tests a9a21a7df Test Ed->X conversion with x not being a square root 982cde1a7 Test crypto_box_open_detached() with a weak PK 52bfc0325 Initialize the base&aligned addresses in argon2's allocate_memory fc9088792 Add missing include "core.h" c15173de1 Turn a few calls with an insane message length into a sodium_misuse() f28fe0ae2 Cap argon2*_BYTES_MAX to SODIUM_SIZE_MAX bac61ebf5 BYTES_MAX -> MESSAGEBYTES_MAX 16179b87f Introduce *_BYTES_MAX constants 568adb570 Trim crypto_pwhash_scryptsalsa208sha256_BYTES_MAX down to ~127 GB 3525f032d Inline 3ee2151f1 memzero(): with weak symbols, just call memset() 105f7108d Argon2: wipe all blocks if the ARGON2_FLAG_CLEAR_MEMORY flag is set dc2c68067 C++ compat fb739acd7 fill_memory_blocks() cannot possibly fail c3908f87d Argon2: deallocate memory if fill_memory_blocks() ever fails 8d91a3275 Add more tests for crypto_sign_ed25519_pk_to_curve25519() 214fe473f Add an invalid key to the signature tests e1b044820 Test crypto_secretbox_open_detached() with a NULL message pointer c90ddae75 Use the right state type for the auth256 test 51a0b96f1 Test crypto_hmac_sha256_update() with empty chunks 2a2ed3df3 Volatilify the accumulator, at least for consistency with sodium_is_zero() cd51ff29e Coverage exclusions 33d6908f9 Test crypto_auth_hmacsha256_*() f92c82537 More tests 67a7df73b Add all the Visual Studio files in the tarball 56efb47ab .13 -> .14 334738cf2 Add resource.rc to the Visual Studio filters files 47796a5b8 Indent d7ecf04d6 Comment randombytes_uniform() eaab51278 Add specialized ge_mul_l() to multiply by the order of the main subgroup 6de26b59d ed25519_pk_to_curve25519: check that the input is in the right subgroup 571915ea2 ed25519: un-static the check for low-order points b57f9668f More tests cc5191607 Tag sodium_runtime_has_*() symbols as weak 8b9b6a54b Remove error string from sodium_misuse() 9361070f9 Merge branch 'master' of github.com:jedisct1/libsodium * 'master' of github.com:jedisct1/libsodium: Tweak emscripten-wasm.sh Clear the BLAKE2B state only once, on finalization memzero() the state if we call generichash_final() twice 63cbad750 Visual Studio doesn't like abort() chains 21fd252ac Tweak emscripten-wasm.sh 97486f7d4 Clear the BLAKE2B state only once, on finalization 1090fcfd4 memzero() the state if we call generichash_final() twice 6768d82ea Add missing return value in set_misuse_handler() 9df008a78 Add some invalid base64 strings to pwhash_str_verify() tests 5d56821d3 More tests, and start testing misuse cases 0238cbcf6 Bump NuGet package 0e8d7c926 Implement sodium_set_misuse_handler() 9def4d9a8 Add tests for crypto_kx_*() when a single key is required 8a70f258f No more abort() calls! c3b24c1d2 Explain why some abort() calls are still around 74703c63a More abort() -> sodium_misuse() a0e997b8a More abort() -> sodium_misuse() ea9281cb0 More abort() -> sodium_misuse() c7459c125 Remove the useless donations button a61dddd49 Back to dev mode. If you want a stable version, use the stable branch. bcf98b554 Start replacing abort() with an internal sodium_misuse() function c86080e7b Fix funky indentation 608e103e4 Finish the Argon2id tests 8b99f44ff Abort on misuse in crypto_kx_server_session_keys() too 765ba55cd crypto_kx(): abort if the function is called without any non-NULL pointer 90658321d Only include sodium/crypto_pwhash_scryptsalsa208sha256.h on !minimal 1f826df2d is_zero(): volatilize the accumulator 3d400363b sodium_compare: x1, x2 don't have to be volatile 99f8c19a1 memzero(): call the weak function after zeroing 30e8a2b23 The time has come to use memset_s() if available f0c15da02 We don't need these extra loads bcdb042ad Revert "Explicitly include <limits.h>" 7dbbd266b Simple SSE2 implementation of crypto_verify*() 94a8b3327 Simplify crypto_verify_*() 37e99aa4f Make it more difficult for the compiler to optimize crypto_verify_*() c746eb277 Revert "Bail out if SIZE_MAX < crypto_pwhash_MEMLIMIT_MAX" 0fd9aae17 Explicitly include <limits.h> c2ef7d088 Bail out if SIZE_MAX < crypto_pwhash_MEMLIMIT_MAX git-subtree-dir: libsodium git-subtree-split: 18609cffafed6ccfcac77088d402074e1d74f02c
2017-09-27 05:22:05 +00:00
Special thanks to people, companies and organizations having written
libsodium bindings for their favorite programming languages:
@alethia7
@artemisc
@carblue
@dnaq
@ektrah
@graxrabble
@harleqin
@joshjdevl
@jrmarino
@jshahbazi
@lvh
@neheb
Adam Caudill (@adamcaudill)
Alexander Morris (@alexpmorris)
Amit Murthy (@amitmurthy)
Andrew Bennett (@potatosalad)
Andrew Lambert (@charonn0)
Bruce Mitchener (@waywardmonkeys)
Bruno Oliveira (@abstractj)
Caolan McMahon (@caolan)
Chris Rebert (@cvrebert)
Christian Hermann (@bitbeans)
Christian Wiese (@morfoh)
Christian Wiese (@morfoh)
Colm MacCárthaigh (@colmmacc)
David Parrish (@dmp1ce)
Donald Stufft (@dstufft)
Douglas Campos (@qmx)
Drew Crawford (@drewcrawford)
Emil Bay (@emilbayes)
Eric Dong (@quantum1423)
Eric Voskuil (@evoskuil)
Farid Hajji (@fhajji)
Frank Siebenlist (@franks42)
Gabriel Handford (@gabriel)
Geo Carncross (@geocar)
Henrik Gassmann (BurningEnlightenment)
Jachym Holecek (@freza)
Jack Wink (@jackwink)
James Ruan (@jamesruan)
Jan de Muijnck-Hughes (@jfdm)
Jason McCampbell (@jasonmccampbell)
Jeroen Habraken (@VeXocide)
Jeroen Ooms (@jeroen)
Jesper Louis Andersen (@jlouis)
Joe Eli McIlvain (@jemc)
Squashed 'libsodium/' changes from 7d5d9204e..18609cffa 4c37368f9 Nits 94550cefd Remove dev #warning 3e0b4dec6 Add sodium_base64_encoded_len() 4ce2856a5 Avoid negations on unsigned values 7e06a6a99 Annotate 18f0fff89 More tests: verify that they key gets updated after the counter wraps e061abc2b The documentation is not a work in progress any more 91233a014 Tag salsa208 as deprecated ee1d5c96d Move the codecs tests to their own test file 558355e56 Check if SIGABRT can be trapped multiple times in a row 8ee67b1dd More tests 1f72dec89 More tests 3db75fc64 No need for ge_scalarmult_vartime() in minimal mode 41dc93322 More tests aec433cec Additional check 87af832ae Do not trigger Travis+Coverity in the master branch 7423408cd Make the behavior of hex2bin() consistent with base642bin() 00660d79b secretstream test: don't pull twice if we don't test with AD 3c8a7f17f Add tests for short, invalid unpadded base64 strings c7fe84cfb Skip trailing ignored characters in base64 decoding 70e5ff5e1 Add a helper macro to compute the length of a base64 string 9209e89d9 More tests 31e9a5541 More tests 61214ba6b Remove redundant test 525c21ed1 Tests 77f3b7135 Indent 1875980d3 More tests 5b9680ead More tests 4828c5923 ~ 80 columns please 66c621f41 Faster; doesn't require to wipe the output stream 5da8f4fbc Add a global xor_buf() private helper function 7d756fab9 xor the key and the nonce on rekey for better separation bb1b27fa3 Improve readability 10bb28b27 One more COMPILER_ASSERT() 2ce41de29 Define macros instead of repeated offsets e878bc141 More keygen tests f244f658d int -> size_t 9c53da4a6 metamorphic tests for HMAC bd69a3083 metamorphic tests for onetimeauth a7b75a2d7 + simple metamorphic tests for crypto_generichash() a029b352a Don't generate SSE2 code if that instruction set hasn't been enabled 09fd953fc Revert "__SSE2__ may need to be explicitly enabled" 35d8aa5d3 __SSE2__ may need to be explicitly enabled a161dd9fa On 32-bit systems, the limit is SIZE_MAX 251751e69 Update ChangeLog d8a8201bb Avoid "in" and "out". Use "c" to represent the ciphertext. 1181a47cb Proper xchacha20poly1305_MESSAGEBYTES_MAX definition bfab44aa4 initbytes -> headerbytes for clarity e8f1c0be6 secretstream: use "header" instead of "in" and "out" for clarity 9e0ff55eb Add the ability to use only strong symbols, even on ELF targets b0420b32d Define SODIUM_EXPORT_WEAK instead of adding __attribute__((weak)) tags ae515a16a Bring back -fno-asynchronous-unwind-tables on MingW 3df3fabb8 No default clause needed 1f8056ab1 Use #error in autoconf tests 147d8b620 Disable AVX512 on MingW even harder ffce4334e Disable AVX512 on MingW for now 07de00bc9 Revert -fno-asynchronous-unwind-tables addition 9aa116531 up eb8c283dd Add -fno-asynchronous-unwind-tables to optimized builds 186b398a2 -fno-asynchronous-unwind-tables is now required on MingW 7de597f05 Update m4 deps ; remove pkg.m4 383705ffc The AVX512 optimized BLAKE2B implementation hasn't been imported yet f86f021ac Travis CI : Move the tcc check to the install step 19496bcc0 Don't try to access /usr/local on Travis CI ca43a1268 Old tcc versions miscompile `while (++in[x])` 10edd16b4 Modernize the core3 test dcde773e5 Travis CI: don't run multiple jobs in parallel due to memory requirements 150c6930e Travis CI: avoid duplicate addons section cdfb0aaa3 tcc + travis... 9f4011197 tcc doesn't seem to work on Travis CI 7e8cdd827 Travis: start with a quick compilation using tcc c6aa04108 Move #ifdef up b31a3f247 Disable AVX512 optimizations on clang < 4 4aba976d5 Explicit casts 15ee95c64 Remove unused var dcd60ba66 Force inline 5cc334b33 Add AVX512F optimized Argon2 implementation 70f66c9a6 Check for avx/avx2/avx512f linkage 6866b3d55 Use macros instead of magic numbers 1c0677b09 Check for AVX512F support 80095105b Missing pieces of a version bump 390f865e3 Add tests for scrypt rehash 2a2b85eee Add tests for crypto_pwhash_str_needs_rehash() 979b21d67 Remove extra semicolumns 62c41c703 Avoid untagged unions 5cf1de94a Remove trailing coma 3aa1c71de Don't return void d0a418a86 + _crypto_pwhash_scryptsalsa208sha256_str_needs_rehash() 6dcba550c Confirm that emcc is actually being used if EMSCRIPTEN is defined 0ae678b0f Avoid multiple declarations in an EN_ASM({}) block b26de68a6 Use single quotes inside EM_ASM 1aae564da Avoid duplicate initializations; reorder for consistency w/ decl 81cf1ff6d Use unsigned for loop counters e2efa6d7e Remove unused variable e06c70afe Use the dedicated type for the argon2 type id 378304f81 Export crypto_pwhash_str_needs_rehash() to Javascript/WebAssembly e8828eef7 Don't bother verifying hashes whose length is >= crypto_pwhash_STRBYTES 7cc482523 Add crypto_pwhash_str_needs_rehash() c65189a0c Explicit casts 7b687bb45 + Jonathan Stowe for Natrium (Perl 6 bindings) c72ef48f0 Static-ify what we currently don't need in crypto_core/curve25519_ref10 5c8b8ea01 Simplify 0af31aeb2 Fill the max output buffer size in sodium_bin2base64() 6b43c1ddb Javascript: don't define crypto_pwhash constants in non-sumo builds e236df63e Trim empty lines 75cfcf208 Merge branch 'master' of github.com:jedisct1/libsodium e40e0f6dd Adjust secretstream_..._rekey() after e84336ac 514150d8b Merge branch 'master' of github.com:jedisct1/libsodium 394e21884 Do not clear the padding (for alignment) section of a blake2b state a0fea6965 Remove RUNNING_JS_OPTS for WebAssembly d863c9665 chmod +x *.sh 957c251f8 chmod +x *.sh ce2ecc596 One more compiler assertion e84336ac4 secretstream: assume the internal nonce is little endian fd4478288 Test sodium_pad() with a NULL pointer f61a121b8 Regen emscripten symbols f8e535a44 messagesbytes -> messagebytes cd721cfc1 Have generate-emscripten-symbols.sh automatically update the js/wasm build script aa20d2e86 Add secretstream constants 49f1d87cf salsa208: messagebyte -> messagebytes a0b9bc46e constcheck: grab a few more constants 0ccdfd0c8 Update emscripten symbols list 242045cb4 Update emscripten symbols list 30a25dbb2 Bump be58b2e66 Accept a NULL pointer for the padded length in sodium_pad() b503d75e4 Add crypto_secretstream_*() to MSVC solutions a55e13246 Update packaging for .NET Core (#583) 4c93d0391 C++ compat 0850e5580 Check that a zero blocksize returns -1 a27c18d0e No need for two buffers in the padding test d5574a69f Complete sodium_pad/unpad() and add a couple tests b9ed93fcb Change the sodium_pad() API to accept a maximum buffer length 4fd66e3ad Name similar things the same way in sodium_pad() and sodium_unpad() fb4dc083e Update ChangeLog 50c7632cc + sodium_pad() / sodium_unpad() 55a578d62 Merge branch 'master' of github.com:jedisct1/libsodium b27714898 Reorder crypto_secretstream_*() prototypes in a more intuitive sequence c3b315ec7 + Firefox 80296be94 Some notes about RtlGenRandom 914ff8757 Format paragraphs c65426147 Explain that sodium_misuse() still aborts by default 901c49203 + crypto_secretstream_*() a335fc2da Merge branch 'master' of github.com:jedisct1/libsodium 5f1f6f747 THANKS += PIA 6e8e0a93f Add a couple tests for crypto_secretstream_*() 88c0b6538 Trigger sodium_misuse() if mlen > secretstream_MESSAGESBYTES_MAX 72d5d506d Sort df7ad2632 Introduce a new crypto_secretstream_*() API 45f2759d8 Update packaging scripts to .NET Core 2.0 (#582) c39ecb245 Update packaging for .NET Core (#581) 100a055a5 Indent e6e3f7dd8 ChangeLog 76995c52f Argon2: use sodium_{bin2base64,base642bin} instead of a private implementation 265bdcfe0 bin2hex & bin2base64: return a null size on error a6480aec4 b64 test: intentionally overestimate sizes 74fd8fd1c C++ compat ad5a5232a Make that a size_t f42390a55 Update Visual Studio solutions cdbb43f44 base64 tests eb84b00b7 glibc requires <stdint.h> for SIZE_MAX 3f272cbbf Add a base64 codec, due to popular request 308684790 Move the codecs from sodium/utils.c to a dedicated file b49054ff8 Merge branch 'master' of github.com:jedisct1/libsodium ef7c9f44c Sort c87e6f5e1 Add -Wold-style-declaration dd9416fd5 Doc 1c573d4cb Update 5b141eb9e Add some blank lines for readability 7e91aa3f8 s/the// 4baea3575 Merge branch 'master' of github.com:jedisct1/libsodium 9b7db7c3f Document crypto_aead_aes256gcm_*() limitations 8f0953b31 Merge branch 'master' of github.com:jedisct1/libsodium 9e0e77a3f Update ChangeLog a894ec93f Add crypto_pwhash_str_alg() cde31281d Bench: don't tie the printed result to the number of iterations 6d59a5897 Make the number of iterations configurable; reduce the default 28a1e6886 Add an interesting test case for a custom randombytes_uniform implementation 5b4db091d Add a benchmark mode 8813c36ff randombytes test: restore the salsa20-based rng at the end, for benchmarks a8cc1634f Indent 9d03fbb38 Merge branch 'master' of github.com:jedisct1/libsodium 196e03299 Preliminary ChangeLog 19f76d7cb Simplify 544ce6400 Just a simple script to match constants with functions f711c6d04 + emscripten-wasm.sh 1a3b474f7 Update the exported list of JS symbols e1fa9cc90 Add *_messagebytes_max() wrappers 53280aa28 Revert "wasm tests: skip over *.asm.js files" ac8111c31 wasm tests: skip over *.asm.js files 29914ec82 [Findsodium.cmake] DON'T OVERWRITE LIBRARY SUFFIXES (#576) f02770b2a Revert "+ sodium_alloc_overhead()" c5b61d812 + sodium_alloc_overhead() 23c36615c Remove TOTAL_MEMORY from wasm builds c56fa3ccf Include private/common.h for COMPILER_ASSERT 56eb70f8b Sort 3c3214fbd Node need for --expose-wasm any more with recent nodejs versions b5b67d074 Add -fembed-bitcode to the iOS 64 target, for WatchOS and TVOS 580bf7a19 emscripten-wasm.sh: generate HTML files even if we don't use them ae8cd7208 emscript-wasm: don't use --enable-minimal on sumo builds f2a7b6123 Update symbols 774ec67e2 Repair sodium_core test 8a14f5c16 Don't call sodium_misuse() in the sodium_core test for Javascript/wasm targets 0ce03b6ce misuse test: just return from main() on unsupported platforms 6ac18dae4 The MESSAGEBYTES_MAX constants are to be used with the libsodium API 180a89cb2 More tests for signatures 90bd94e4e Coverage exclusion b34b89ab3 secrebox: add a test with in/out buffers next to each other 3dd56fa91 Coverage exclusions ff8bb6705 More tests for scrypt a3f90d602 Indent 63d8a896f Test KX with a weak PK 7ad9a46cb More tests a9a21a7df Test Ed->X conversion with x not being a square root 982cde1a7 Test crypto_box_open_detached() with a weak PK 52bfc0325 Initialize the base&aligned addresses in argon2's allocate_memory fc9088792 Add missing include "core.h" c15173de1 Turn a few calls with an insane message length into a sodium_misuse() f28fe0ae2 Cap argon2*_BYTES_MAX to SODIUM_SIZE_MAX bac61ebf5 BYTES_MAX -> MESSAGEBYTES_MAX 16179b87f Introduce *_BYTES_MAX constants 568adb570 Trim crypto_pwhash_scryptsalsa208sha256_BYTES_MAX down to ~127 GB 3525f032d Inline 3ee2151f1 memzero(): with weak symbols, just call memset() 105f7108d Argon2: wipe all blocks if the ARGON2_FLAG_CLEAR_MEMORY flag is set dc2c68067 C++ compat fb739acd7 fill_memory_blocks() cannot possibly fail c3908f87d Argon2: deallocate memory if fill_memory_blocks() ever fails 8d91a3275 Add more tests for crypto_sign_ed25519_pk_to_curve25519() 214fe473f Add an invalid key to the signature tests e1b044820 Test crypto_secretbox_open_detached() with a NULL message pointer c90ddae75 Use the right state type for the auth256 test 51a0b96f1 Test crypto_hmac_sha256_update() with empty chunks 2a2ed3df3 Volatilify the accumulator, at least for consistency with sodium_is_zero() cd51ff29e Coverage exclusions 33d6908f9 Test crypto_auth_hmacsha256_*() f92c82537 More tests 67a7df73b Add all the Visual Studio files in the tarball 56efb47ab .13 -> .14 334738cf2 Add resource.rc to the Visual Studio filters files 47796a5b8 Indent d7ecf04d6 Comment randombytes_uniform() eaab51278 Add specialized ge_mul_l() to multiply by the order of the main subgroup 6de26b59d ed25519_pk_to_curve25519: check that the input is in the right subgroup 571915ea2 ed25519: un-static the check for low-order points b57f9668f More tests cc5191607 Tag sodium_runtime_has_*() symbols as weak 8b9b6a54b Remove error string from sodium_misuse() 9361070f9 Merge branch 'master' of github.com:jedisct1/libsodium * 'master' of github.com:jedisct1/libsodium: Tweak emscripten-wasm.sh Clear the BLAKE2B state only once, on finalization memzero() the state if we call generichash_final() twice 63cbad750 Visual Studio doesn't like abort() chains 21fd252ac Tweak emscripten-wasm.sh 97486f7d4 Clear the BLAKE2B state only once, on finalization 1090fcfd4 memzero() the state if we call generichash_final() twice 6768d82ea Add missing return value in set_misuse_handler() 9df008a78 Add some invalid base64 strings to pwhash_str_verify() tests 5d56821d3 More tests, and start testing misuse cases 0238cbcf6 Bump NuGet package 0e8d7c926 Implement sodium_set_misuse_handler() 9def4d9a8 Add tests for crypto_kx_*() when a single key is required 8a70f258f No more abort() calls! c3b24c1d2 Explain why some abort() calls are still around 74703c63a More abort() -> sodium_misuse() a0e997b8a More abort() -> sodium_misuse() ea9281cb0 More abort() -> sodium_misuse() c7459c125 Remove the useless donations button a61dddd49 Back to dev mode. If you want a stable version, use the stable branch. bcf98b554 Start replacing abort() with an internal sodium_misuse() function c86080e7b Fix funky indentation 608e103e4 Finish the Argon2id tests 8b99f44ff Abort on misuse in crypto_kx_server_session_keys() too 765ba55cd crypto_kx(): abort if the function is called without any non-NULL pointer 90658321d Only include sodium/crypto_pwhash_scryptsalsa208sha256.h on !minimal 1f826df2d is_zero(): volatilize the accumulator 3d400363b sodium_compare: x1, x2 don't have to be volatile 99f8c19a1 memzero(): call the weak function after zeroing 30e8a2b23 The time has come to use memset_s() if available f0c15da02 We don't need these extra loads bcdb042ad Revert "Explicitly include <limits.h>" 7dbbd266b Simple SSE2 implementation of crypto_verify*() 94a8b3327 Simplify crypto_verify_*() 37e99aa4f Make it more difficult for the compiler to optimize crypto_verify_*() c746eb277 Revert "Bail out if SIZE_MAX < crypto_pwhash_MEMLIMIT_MAX" 0fd9aae17 Explicitly include <limits.h> c2ef7d088 Bail out if SIZE_MAX < crypto_pwhash_MEMLIMIT_MAX git-subtree-dir: libsodium git-subtree-split: 18609cffafed6ccfcac77088d402074e1d74f02c
2017-09-27 05:22:05 +00:00
Jonathan Stowe (@jonathanstowe)
Joseph Abrahamson (@tel)
Julien Kauffmann (@ereOn)
Kenneth Ballenegger (@kballenegger)
Loic Maury (@loicmaury)
Michael Gorlick (@mgorlick)
Michael Gregorowicz (@mgregoro)
Michał Zieliński (@zielmicha)
Omar Ayub (@electricFeel)
Pedro Paixao (@paixaop)
Project ArteMisc (@artemisc)
Rich FitzJohn (@richfitz)
Ruben De Visscher (@rubendv)
Rudolf Von Krugstein (@rudolfvonkrugstein)
Samuel Neves (@sneves)
Scott Arciszewski (@paragonie-scott)
Stanislav Ovsiannikov (@naphaso)
Stefan Marsiske (@stef)
Stephan Touset (@stouset)
Stephen Chavez (@redragonx)
Steve Gibson (@sggrc)
Tony Arcieri (@bascule)
Tony Garnock-Jones (@tonyg)
Y. T. Chung (@zonyitoo)
Bytecurry Software
Cryptotronix
Squashed 'libsodium/' changes from 7d5d9204e..18609cffa 4c37368f9 Nits 94550cefd Remove dev #warning 3e0b4dec6 Add sodium_base64_encoded_len() 4ce2856a5 Avoid negations on unsigned values 7e06a6a99 Annotate 18f0fff89 More tests: verify that they key gets updated after the counter wraps e061abc2b The documentation is not a work in progress any more 91233a014 Tag salsa208 as deprecated ee1d5c96d Move the codecs tests to their own test file 558355e56 Check if SIGABRT can be trapped multiple times in a row 8ee67b1dd More tests 1f72dec89 More tests 3db75fc64 No need for ge_scalarmult_vartime() in minimal mode 41dc93322 More tests aec433cec Additional check 87af832ae Do not trigger Travis+Coverity in the master branch 7423408cd Make the behavior of hex2bin() consistent with base642bin() 00660d79b secretstream test: don't pull twice if we don't test with AD 3c8a7f17f Add tests for short, invalid unpadded base64 strings c7fe84cfb Skip trailing ignored characters in base64 decoding 70e5ff5e1 Add a helper macro to compute the length of a base64 string 9209e89d9 More tests 31e9a5541 More tests 61214ba6b Remove redundant test 525c21ed1 Tests 77f3b7135 Indent 1875980d3 More tests 5b9680ead More tests 4828c5923 ~ 80 columns please 66c621f41 Faster; doesn't require to wipe the output stream 5da8f4fbc Add a global xor_buf() private helper function 7d756fab9 xor the key and the nonce on rekey for better separation bb1b27fa3 Improve readability 10bb28b27 One more COMPILER_ASSERT() 2ce41de29 Define macros instead of repeated offsets e878bc141 More keygen tests f244f658d int -> size_t 9c53da4a6 metamorphic tests for HMAC bd69a3083 metamorphic tests for onetimeauth a7b75a2d7 + simple metamorphic tests for crypto_generichash() a029b352a Don't generate SSE2 code if that instruction set hasn't been enabled 09fd953fc Revert "__SSE2__ may need to be explicitly enabled" 35d8aa5d3 __SSE2__ may need to be explicitly enabled a161dd9fa On 32-bit systems, the limit is SIZE_MAX 251751e69 Update ChangeLog d8a8201bb Avoid "in" and "out". Use "c" to represent the ciphertext. 1181a47cb Proper xchacha20poly1305_MESSAGEBYTES_MAX definition bfab44aa4 initbytes -> headerbytes for clarity e8f1c0be6 secretstream: use "header" instead of "in" and "out" for clarity 9e0ff55eb Add the ability to use only strong symbols, even on ELF targets b0420b32d Define SODIUM_EXPORT_WEAK instead of adding __attribute__((weak)) tags ae515a16a Bring back -fno-asynchronous-unwind-tables on MingW 3df3fabb8 No default clause needed 1f8056ab1 Use #error in autoconf tests 147d8b620 Disable AVX512 on MingW even harder ffce4334e Disable AVX512 on MingW for now 07de00bc9 Revert -fno-asynchronous-unwind-tables addition 9aa116531 up eb8c283dd Add -fno-asynchronous-unwind-tables to optimized builds 186b398a2 -fno-asynchronous-unwind-tables is now required on MingW 7de597f05 Update m4 deps ; remove pkg.m4 383705ffc The AVX512 optimized BLAKE2B implementation hasn't been imported yet f86f021ac Travis CI : Move the tcc check to the install step 19496bcc0 Don't try to access /usr/local on Travis CI ca43a1268 Old tcc versions miscompile `while (++in[x])` 10edd16b4 Modernize the core3 test dcde773e5 Travis CI: don't run multiple jobs in parallel due to memory requirements 150c6930e Travis CI: avoid duplicate addons section cdfb0aaa3 tcc + travis... 9f4011197 tcc doesn't seem to work on Travis CI 7e8cdd827 Travis: start with a quick compilation using tcc c6aa04108 Move #ifdef up b31a3f247 Disable AVX512 optimizations on clang < 4 4aba976d5 Explicit casts 15ee95c64 Remove unused var dcd60ba66 Force inline 5cc334b33 Add AVX512F optimized Argon2 implementation 70f66c9a6 Check for avx/avx2/avx512f linkage 6866b3d55 Use macros instead of magic numbers 1c0677b09 Check for AVX512F support 80095105b Missing pieces of a version bump 390f865e3 Add tests for scrypt rehash 2a2b85eee Add tests for crypto_pwhash_str_needs_rehash() 979b21d67 Remove extra semicolumns 62c41c703 Avoid untagged unions 5cf1de94a Remove trailing coma 3aa1c71de Don't return void d0a418a86 + _crypto_pwhash_scryptsalsa208sha256_str_needs_rehash() 6dcba550c Confirm that emcc is actually being used if EMSCRIPTEN is defined 0ae678b0f Avoid multiple declarations in an EN_ASM({}) block b26de68a6 Use single quotes inside EM_ASM 1aae564da Avoid duplicate initializations; reorder for consistency w/ decl 81cf1ff6d Use unsigned for loop counters e2efa6d7e Remove unused variable e06c70afe Use the dedicated type for the argon2 type id 378304f81 Export crypto_pwhash_str_needs_rehash() to Javascript/WebAssembly e8828eef7 Don't bother verifying hashes whose length is >= crypto_pwhash_STRBYTES 7cc482523 Add crypto_pwhash_str_needs_rehash() c65189a0c Explicit casts 7b687bb45 + Jonathan Stowe for Natrium (Perl 6 bindings) c72ef48f0 Static-ify what we currently don't need in crypto_core/curve25519_ref10 5c8b8ea01 Simplify 0af31aeb2 Fill the max output buffer size in sodium_bin2base64() 6b43c1ddb Javascript: don't define crypto_pwhash constants in non-sumo builds e236df63e Trim empty lines 75cfcf208 Merge branch 'master' of github.com:jedisct1/libsodium e40e0f6dd Adjust secretstream_..._rekey() after e84336ac 514150d8b Merge branch 'master' of github.com:jedisct1/libsodium 394e21884 Do not clear the padding (for alignment) section of a blake2b state a0fea6965 Remove RUNNING_JS_OPTS for WebAssembly d863c9665 chmod +x *.sh 957c251f8 chmod +x *.sh ce2ecc596 One more compiler assertion e84336ac4 secretstream: assume the internal nonce is little endian fd4478288 Test sodium_pad() with a NULL pointer f61a121b8 Regen emscripten symbols f8e535a44 messagesbytes -> messagebytes cd721cfc1 Have generate-emscripten-symbols.sh automatically update the js/wasm build script aa20d2e86 Add secretstream constants 49f1d87cf salsa208: messagebyte -> messagebytes a0b9bc46e constcheck: grab a few more constants 0ccdfd0c8 Update emscripten symbols list 242045cb4 Update emscripten symbols list 30a25dbb2 Bump be58b2e66 Accept a NULL pointer for the padded length in sodium_pad() b503d75e4 Add crypto_secretstream_*() to MSVC solutions a55e13246 Update packaging for .NET Core (#583) 4c93d0391 C++ compat 0850e5580 Check that a zero blocksize returns -1 a27c18d0e No need for two buffers in the padding test d5574a69f Complete sodium_pad/unpad() and add a couple tests b9ed93fcb Change the sodium_pad() API to accept a maximum buffer length 4fd66e3ad Name similar things the same way in sodium_pad() and sodium_unpad() fb4dc083e Update ChangeLog 50c7632cc + sodium_pad() / sodium_unpad() 55a578d62 Merge branch 'master' of github.com:jedisct1/libsodium b27714898 Reorder crypto_secretstream_*() prototypes in a more intuitive sequence c3b315ec7 + Firefox 80296be94 Some notes about RtlGenRandom 914ff8757 Format paragraphs c65426147 Explain that sodium_misuse() still aborts by default 901c49203 + crypto_secretstream_*() a335fc2da Merge branch 'master' of github.com:jedisct1/libsodium 5f1f6f747 THANKS += PIA 6e8e0a93f Add a couple tests for crypto_secretstream_*() 88c0b6538 Trigger sodium_misuse() if mlen > secretstream_MESSAGESBYTES_MAX 72d5d506d Sort df7ad2632 Introduce a new crypto_secretstream_*() API 45f2759d8 Update packaging scripts to .NET Core 2.0 (#582) c39ecb245 Update packaging for .NET Core (#581) 100a055a5 Indent e6e3f7dd8 ChangeLog 76995c52f Argon2: use sodium_{bin2base64,base642bin} instead of a private implementation 265bdcfe0 bin2hex & bin2base64: return a null size on error a6480aec4 b64 test: intentionally overestimate sizes 74fd8fd1c C++ compat ad5a5232a Make that a size_t f42390a55 Update Visual Studio solutions cdbb43f44 base64 tests eb84b00b7 glibc requires <stdint.h> for SIZE_MAX 3f272cbbf Add a base64 codec, due to popular request 308684790 Move the codecs from sodium/utils.c to a dedicated file b49054ff8 Merge branch 'master' of github.com:jedisct1/libsodium ef7c9f44c Sort c87e6f5e1 Add -Wold-style-declaration dd9416fd5 Doc 1c573d4cb Update 5b141eb9e Add some blank lines for readability 7e91aa3f8 s/the// 4baea3575 Merge branch 'master' of github.com:jedisct1/libsodium 9b7db7c3f Document crypto_aead_aes256gcm_*() limitations 8f0953b31 Merge branch 'master' of github.com:jedisct1/libsodium 9e0e77a3f Update ChangeLog a894ec93f Add crypto_pwhash_str_alg() cde31281d Bench: don't tie the printed result to the number of iterations 6d59a5897 Make the number of iterations configurable; reduce the default 28a1e6886 Add an interesting test case for a custom randombytes_uniform implementation 5b4db091d Add a benchmark mode 8813c36ff randombytes test: restore the salsa20-based rng at the end, for benchmarks a8cc1634f Indent 9d03fbb38 Merge branch 'master' of github.com:jedisct1/libsodium 196e03299 Preliminary ChangeLog 19f76d7cb Simplify 544ce6400 Just a simple script to match constants with functions f711c6d04 + emscripten-wasm.sh 1a3b474f7 Update the exported list of JS symbols e1fa9cc90 Add *_messagebytes_max() wrappers 53280aa28 Revert "wasm tests: skip over *.asm.js files" ac8111c31 wasm tests: skip over *.asm.js files 29914ec82 [Findsodium.cmake] DON'T OVERWRITE LIBRARY SUFFIXES (#576) f02770b2a Revert "+ sodium_alloc_overhead()" c5b61d812 + sodium_alloc_overhead() 23c36615c Remove TOTAL_MEMORY from wasm builds c56fa3ccf Include private/common.h for COMPILER_ASSERT 56eb70f8b Sort 3c3214fbd Node need for --expose-wasm any more with recent nodejs versions b5b67d074 Add -fembed-bitcode to the iOS 64 target, for WatchOS and TVOS 580bf7a19 emscripten-wasm.sh: generate HTML files even if we don't use them ae8cd7208 emscript-wasm: don't use --enable-minimal on sumo builds f2a7b6123 Update symbols 774ec67e2 Repair sodium_core test 8a14f5c16 Don't call sodium_misuse() in the sodium_core test for Javascript/wasm targets 0ce03b6ce misuse test: just return from main() on unsupported platforms 6ac18dae4 The MESSAGEBYTES_MAX constants are to be used with the libsodium API 180a89cb2 More tests for signatures 90bd94e4e Coverage exclusion b34b89ab3 secrebox: add a test with in/out buffers next to each other 3dd56fa91 Coverage exclusions ff8bb6705 More tests for scrypt a3f90d602 Indent 63d8a896f Test KX with a weak PK 7ad9a46cb More tests a9a21a7df Test Ed->X conversion with x not being a square root 982cde1a7 Test crypto_box_open_detached() with a weak PK 52bfc0325 Initialize the base&aligned addresses in argon2's allocate_memory fc9088792 Add missing include "core.h" c15173de1 Turn a few calls with an insane message length into a sodium_misuse() f28fe0ae2 Cap argon2*_BYTES_MAX to SODIUM_SIZE_MAX bac61ebf5 BYTES_MAX -> MESSAGEBYTES_MAX 16179b87f Introduce *_BYTES_MAX constants 568adb570 Trim crypto_pwhash_scryptsalsa208sha256_BYTES_MAX down to ~127 GB 3525f032d Inline 3ee2151f1 memzero(): with weak symbols, just call memset() 105f7108d Argon2: wipe all blocks if the ARGON2_FLAG_CLEAR_MEMORY flag is set dc2c68067 C++ compat fb739acd7 fill_memory_blocks() cannot possibly fail c3908f87d Argon2: deallocate memory if fill_memory_blocks() ever fails 8d91a3275 Add more tests for crypto_sign_ed25519_pk_to_curve25519() 214fe473f Add an invalid key to the signature tests e1b044820 Test crypto_secretbox_open_detached() with a NULL message pointer c90ddae75 Use the right state type for the auth256 test 51a0b96f1 Test crypto_hmac_sha256_update() with empty chunks 2a2ed3df3 Volatilify the accumulator, at least for consistency with sodium_is_zero() cd51ff29e Coverage exclusions 33d6908f9 Test crypto_auth_hmacsha256_*() f92c82537 More tests 67a7df73b Add all the Visual Studio files in the tarball 56efb47ab .13 -> .14 334738cf2 Add resource.rc to the Visual Studio filters files 47796a5b8 Indent d7ecf04d6 Comment randombytes_uniform() eaab51278 Add specialized ge_mul_l() to multiply by the order of the main subgroup 6de26b59d ed25519_pk_to_curve25519: check that the input is in the right subgroup 571915ea2 ed25519: un-static the check for low-order points b57f9668f More tests cc5191607 Tag sodium_runtime_has_*() symbols as weak 8b9b6a54b Remove error string from sodium_misuse() 9361070f9 Merge branch 'master' of github.com:jedisct1/libsodium * 'master' of github.com:jedisct1/libsodium: Tweak emscripten-wasm.sh Clear the BLAKE2B state only once, on finalization memzero() the state if we call generichash_final() twice 63cbad750 Visual Studio doesn't like abort() chains 21fd252ac Tweak emscripten-wasm.sh 97486f7d4 Clear the BLAKE2B state only once, on finalization 1090fcfd4 memzero() the state if we call generichash_final() twice 6768d82ea Add missing return value in set_misuse_handler() 9df008a78 Add some invalid base64 strings to pwhash_str_verify() tests 5d56821d3 More tests, and start testing misuse cases 0238cbcf6 Bump NuGet package 0e8d7c926 Implement sodium_set_misuse_handler() 9def4d9a8 Add tests for crypto_kx_*() when a single key is required 8a70f258f No more abort() calls! c3b24c1d2 Explain why some abort() calls are still around 74703c63a More abort() -> sodium_misuse() a0e997b8a More abort() -> sodium_misuse() ea9281cb0 More abort() -> sodium_misuse() c7459c125 Remove the useless donations button a61dddd49 Back to dev mode. If you want a stable version, use the stable branch. bcf98b554 Start replacing abort() with an internal sodium_misuse() function c86080e7b Fix funky indentation 608e103e4 Finish the Argon2id tests 8b99f44ff Abort on misuse in crypto_kx_server_session_keys() too 765ba55cd crypto_kx(): abort if the function is called without any non-NULL pointer 90658321d Only include sodium/crypto_pwhash_scryptsalsa208sha256.h on !minimal 1f826df2d is_zero(): volatilize the accumulator 3d400363b sodium_compare: x1, x2 don't have to be volatile 99f8c19a1 memzero(): call the weak function after zeroing 30e8a2b23 The time has come to use memset_s() if available f0c15da02 We don't need these extra loads bcdb042ad Revert "Explicitly include <limits.h>" 7dbbd266b Simple SSE2 implementation of crypto_verify*() 94a8b3327 Simplify crypto_verify_*() 37e99aa4f Make it more difficult for the compiler to optimize crypto_verify_*() c746eb277 Revert "Bail out if SIZE_MAX < crypto_pwhash_MEMLIMIT_MAX" 0fd9aae17 Explicitly include <limits.h> c2ef7d088 Bail out if SIZE_MAX < crypto_pwhash_MEMLIMIT_MAX git-subtree-dir: libsodium git-subtree-split: 18609cffafed6ccfcac77088d402074e1d74f02c
2017-09-27 05:22:05 +00:00
Facebook
FSF France
MaidSafe
Paragonie Initiative Enterprises
Python Cryptographic Authority
Squashed 'libsodium/' changes from 7d5d9204e..18609cffa 4c37368f9 Nits 94550cefd Remove dev #warning 3e0b4dec6 Add sodium_base64_encoded_len() 4ce2856a5 Avoid negations on unsigned values 7e06a6a99 Annotate 18f0fff89 More tests: verify that they key gets updated after the counter wraps e061abc2b The documentation is not a work in progress any more 91233a014 Tag salsa208 as deprecated ee1d5c96d Move the codecs tests to their own test file 558355e56 Check if SIGABRT can be trapped multiple times in a row 8ee67b1dd More tests 1f72dec89 More tests 3db75fc64 No need for ge_scalarmult_vartime() in minimal mode 41dc93322 More tests aec433cec Additional check 87af832ae Do not trigger Travis+Coverity in the master branch 7423408cd Make the behavior of hex2bin() consistent with base642bin() 00660d79b secretstream test: don't pull twice if we don't test with AD 3c8a7f17f Add tests for short, invalid unpadded base64 strings c7fe84cfb Skip trailing ignored characters in base64 decoding 70e5ff5e1 Add a helper macro to compute the length of a base64 string 9209e89d9 More tests 31e9a5541 More tests 61214ba6b Remove redundant test 525c21ed1 Tests 77f3b7135 Indent 1875980d3 More tests 5b9680ead More tests 4828c5923 ~ 80 columns please 66c621f41 Faster; doesn't require to wipe the output stream 5da8f4fbc Add a global xor_buf() private helper function 7d756fab9 xor the key and the nonce on rekey for better separation bb1b27fa3 Improve readability 10bb28b27 One more COMPILER_ASSERT() 2ce41de29 Define macros instead of repeated offsets e878bc141 More keygen tests f244f658d int -> size_t 9c53da4a6 metamorphic tests for HMAC bd69a3083 metamorphic tests for onetimeauth a7b75a2d7 + simple metamorphic tests for crypto_generichash() a029b352a Don't generate SSE2 code if that instruction set hasn't been enabled 09fd953fc Revert "__SSE2__ may need to be explicitly enabled" 35d8aa5d3 __SSE2__ may need to be explicitly enabled a161dd9fa On 32-bit systems, the limit is SIZE_MAX 251751e69 Update ChangeLog d8a8201bb Avoid "in" and "out". Use "c" to represent the ciphertext. 1181a47cb Proper xchacha20poly1305_MESSAGEBYTES_MAX definition bfab44aa4 initbytes -> headerbytes for clarity e8f1c0be6 secretstream: use "header" instead of "in" and "out" for clarity 9e0ff55eb Add the ability to use only strong symbols, even on ELF targets b0420b32d Define SODIUM_EXPORT_WEAK instead of adding __attribute__((weak)) tags ae515a16a Bring back -fno-asynchronous-unwind-tables on MingW 3df3fabb8 No default clause needed 1f8056ab1 Use #error in autoconf tests 147d8b620 Disable AVX512 on MingW even harder ffce4334e Disable AVX512 on MingW for now 07de00bc9 Revert -fno-asynchronous-unwind-tables addition 9aa116531 up eb8c283dd Add -fno-asynchronous-unwind-tables to optimized builds 186b398a2 -fno-asynchronous-unwind-tables is now required on MingW 7de597f05 Update m4 deps ; remove pkg.m4 383705ffc The AVX512 optimized BLAKE2B implementation hasn't been imported yet f86f021ac Travis CI : Move the tcc check to the install step 19496bcc0 Don't try to access /usr/local on Travis CI ca43a1268 Old tcc versions miscompile `while (++in[x])` 10edd16b4 Modernize the core3 test dcde773e5 Travis CI: don't run multiple jobs in parallel due to memory requirements 150c6930e Travis CI: avoid duplicate addons section cdfb0aaa3 tcc + travis... 9f4011197 tcc doesn't seem to work on Travis CI 7e8cdd827 Travis: start with a quick compilation using tcc c6aa04108 Move #ifdef up b31a3f247 Disable AVX512 optimizations on clang < 4 4aba976d5 Explicit casts 15ee95c64 Remove unused var dcd60ba66 Force inline 5cc334b33 Add AVX512F optimized Argon2 implementation 70f66c9a6 Check for avx/avx2/avx512f linkage 6866b3d55 Use macros instead of magic numbers 1c0677b09 Check for AVX512F support 80095105b Missing pieces of a version bump 390f865e3 Add tests for scrypt rehash 2a2b85eee Add tests for crypto_pwhash_str_needs_rehash() 979b21d67 Remove extra semicolumns 62c41c703 Avoid untagged unions 5cf1de94a Remove trailing coma 3aa1c71de Don't return void d0a418a86 + _crypto_pwhash_scryptsalsa208sha256_str_needs_rehash() 6dcba550c Confirm that emcc is actually being used if EMSCRIPTEN is defined 0ae678b0f Avoid multiple declarations in an EN_ASM({}) block b26de68a6 Use single quotes inside EM_ASM 1aae564da Avoid duplicate initializations; reorder for consistency w/ decl 81cf1ff6d Use unsigned for loop counters e2efa6d7e Remove unused variable e06c70afe Use the dedicated type for the argon2 type id 378304f81 Export crypto_pwhash_str_needs_rehash() to Javascript/WebAssembly e8828eef7 Don't bother verifying hashes whose length is >= crypto_pwhash_STRBYTES 7cc482523 Add crypto_pwhash_str_needs_rehash() c65189a0c Explicit casts 7b687bb45 + Jonathan Stowe for Natrium (Perl 6 bindings) c72ef48f0 Static-ify what we currently don't need in crypto_core/curve25519_ref10 5c8b8ea01 Simplify 0af31aeb2 Fill the max output buffer size in sodium_bin2base64() 6b43c1ddb Javascript: don't define crypto_pwhash constants in non-sumo builds e236df63e Trim empty lines 75cfcf208 Merge branch 'master' of github.com:jedisct1/libsodium e40e0f6dd Adjust secretstream_..._rekey() after e84336ac 514150d8b Merge branch 'master' of github.com:jedisct1/libsodium 394e21884 Do not clear the padding (for alignment) section of a blake2b state a0fea6965 Remove RUNNING_JS_OPTS for WebAssembly d863c9665 chmod +x *.sh 957c251f8 chmod +x *.sh ce2ecc596 One more compiler assertion e84336ac4 secretstream: assume the internal nonce is little endian fd4478288 Test sodium_pad() with a NULL pointer f61a121b8 Regen emscripten symbols f8e535a44 messagesbytes -> messagebytes cd721cfc1 Have generate-emscripten-symbols.sh automatically update the js/wasm build script aa20d2e86 Add secretstream constants 49f1d87cf salsa208: messagebyte -> messagebytes a0b9bc46e constcheck: grab a few more constants 0ccdfd0c8 Update emscripten symbols list 242045cb4 Update emscripten symbols list 30a25dbb2 Bump be58b2e66 Accept a NULL pointer for the padded length in sodium_pad() b503d75e4 Add crypto_secretstream_*() to MSVC solutions a55e13246 Update packaging for .NET Core (#583) 4c93d0391 C++ compat 0850e5580 Check that a zero blocksize returns -1 a27c18d0e No need for two buffers in the padding test d5574a69f Complete sodium_pad/unpad() and add a couple tests b9ed93fcb Change the sodium_pad() API to accept a maximum buffer length 4fd66e3ad Name similar things the same way in sodium_pad() and sodium_unpad() fb4dc083e Update ChangeLog 50c7632cc + sodium_pad() / sodium_unpad() 55a578d62 Merge branch 'master' of github.com:jedisct1/libsodium b27714898 Reorder crypto_secretstream_*() prototypes in a more intuitive sequence c3b315ec7 + Firefox 80296be94 Some notes about RtlGenRandom 914ff8757 Format paragraphs c65426147 Explain that sodium_misuse() still aborts by default 901c49203 + crypto_secretstream_*() a335fc2da Merge branch 'master' of github.com:jedisct1/libsodium 5f1f6f747 THANKS += PIA 6e8e0a93f Add a couple tests for crypto_secretstream_*() 88c0b6538 Trigger sodium_misuse() if mlen > secretstream_MESSAGESBYTES_MAX 72d5d506d Sort df7ad2632 Introduce a new crypto_secretstream_*() API 45f2759d8 Update packaging scripts to .NET Core 2.0 (#582) c39ecb245 Update packaging for .NET Core (#581) 100a055a5 Indent e6e3f7dd8 ChangeLog 76995c52f Argon2: use sodium_{bin2base64,base642bin} instead of a private implementation 265bdcfe0 bin2hex & bin2base64: return a null size on error a6480aec4 b64 test: intentionally overestimate sizes 74fd8fd1c C++ compat ad5a5232a Make that a size_t f42390a55 Update Visual Studio solutions cdbb43f44 base64 tests eb84b00b7 glibc requires <stdint.h> for SIZE_MAX 3f272cbbf Add a base64 codec, due to popular request 308684790 Move the codecs from sodium/utils.c to a dedicated file b49054ff8 Merge branch 'master' of github.com:jedisct1/libsodium ef7c9f44c Sort c87e6f5e1 Add -Wold-style-declaration dd9416fd5 Doc 1c573d4cb Update 5b141eb9e Add some blank lines for readability 7e91aa3f8 s/the// 4baea3575 Merge branch 'master' of github.com:jedisct1/libsodium 9b7db7c3f Document crypto_aead_aes256gcm_*() limitations 8f0953b31 Merge branch 'master' of github.com:jedisct1/libsodium 9e0e77a3f Update ChangeLog a894ec93f Add crypto_pwhash_str_alg() cde31281d Bench: don't tie the printed result to the number of iterations 6d59a5897 Make the number of iterations configurable; reduce the default 28a1e6886 Add an interesting test case for a custom randombytes_uniform implementation 5b4db091d Add a benchmark mode 8813c36ff randombytes test: restore the salsa20-based rng at the end, for benchmarks a8cc1634f Indent 9d03fbb38 Merge branch 'master' of github.com:jedisct1/libsodium 196e03299 Preliminary ChangeLog 19f76d7cb Simplify 544ce6400 Just a simple script to match constants with functions f711c6d04 + emscripten-wasm.sh 1a3b474f7 Update the exported list of JS symbols e1fa9cc90 Add *_messagebytes_max() wrappers 53280aa28 Revert "wasm tests: skip over *.asm.js files" ac8111c31 wasm tests: skip over *.asm.js files 29914ec82 [Findsodium.cmake] DON'T OVERWRITE LIBRARY SUFFIXES (#576) f02770b2a Revert "+ sodium_alloc_overhead()" c5b61d812 + sodium_alloc_overhead() 23c36615c Remove TOTAL_MEMORY from wasm builds c56fa3ccf Include private/common.h for COMPILER_ASSERT 56eb70f8b Sort 3c3214fbd Node need for --expose-wasm any more with recent nodejs versions b5b67d074 Add -fembed-bitcode to the iOS 64 target, for WatchOS and TVOS 580bf7a19 emscripten-wasm.sh: generate HTML files even if we don't use them ae8cd7208 emscript-wasm: don't use --enable-minimal on sumo builds f2a7b6123 Update symbols 774ec67e2 Repair sodium_core test 8a14f5c16 Don't call sodium_misuse() in the sodium_core test for Javascript/wasm targets 0ce03b6ce misuse test: just return from main() on unsupported platforms 6ac18dae4 The MESSAGEBYTES_MAX constants are to be used with the libsodium API 180a89cb2 More tests for signatures 90bd94e4e Coverage exclusion b34b89ab3 secrebox: add a test with in/out buffers next to each other 3dd56fa91 Coverage exclusions ff8bb6705 More tests for scrypt a3f90d602 Indent 63d8a896f Test KX with a weak PK 7ad9a46cb More tests a9a21a7df Test Ed->X conversion with x not being a square root 982cde1a7 Test crypto_box_open_detached() with a weak PK 52bfc0325 Initialize the base&aligned addresses in argon2's allocate_memory fc9088792 Add missing include "core.h" c15173de1 Turn a few calls with an insane message length into a sodium_misuse() f28fe0ae2 Cap argon2*_BYTES_MAX to SODIUM_SIZE_MAX bac61ebf5 BYTES_MAX -> MESSAGEBYTES_MAX 16179b87f Introduce *_BYTES_MAX constants 568adb570 Trim crypto_pwhash_scryptsalsa208sha256_BYTES_MAX down to ~127 GB 3525f032d Inline 3ee2151f1 memzero(): with weak symbols, just call memset() 105f7108d Argon2: wipe all blocks if the ARGON2_FLAG_CLEAR_MEMORY flag is set dc2c68067 C++ compat fb739acd7 fill_memory_blocks() cannot possibly fail c3908f87d Argon2: deallocate memory if fill_memory_blocks() ever fails 8d91a3275 Add more tests for crypto_sign_ed25519_pk_to_curve25519() 214fe473f Add an invalid key to the signature tests e1b044820 Test crypto_secretbox_open_detached() with a NULL message pointer c90ddae75 Use the right state type for the auth256 test 51a0b96f1 Test crypto_hmac_sha256_update() with empty chunks 2a2ed3df3 Volatilify the accumulator, at least for consistency with sodium_is_zero() cd51ff29e Coverage exclusions 33d6908f9 Test crypto_auth_hmacsha256_*() f92c82537 More tests 67a7df73b Add all the Visual Studio files in the tarball 56efb47ab .13 -> .14 334738cf2 Add resource.rc to the Visual Studio filters files 47796a5b8 Indent d7ecf04d6 Comment randombytes_uniform() eaab51278 Add specialized ge_mul_l() to multiply by the order of the main subgroup 6de26b59d ed25519_pk_to_curve25519: check that the input is in the right subgroup 571915ea2 ed25519: un-static the check for low-order points b57f9668f More tests cc5191607 Tag sodium_runtime_has_*() symbols as weak 8b9b6a54b Remove error string from sodium_misuse() 9361070f9 Merge branch 'master' of github.com:jedisct1/libsodium * 'master' of github.com:jedisct1/libsodium: Tweak emscripten-wasm.sh Clear the BLAKE2B state only once, on finalization memzero() the state if we call generichash_final() twice 63cbad750 Visual Studio doesn't like abort() chains 21fd252ac Tweak emscripten-wasm.sh 97486f7d4 Clear the BLAKE2B state only once, on finalization 1090fcfd4 memzero() the state if we call generichash_final() twice 6768d82ea Add missing return value in set_misuse_handler() 9df008a78 Add some invalid base64 strings to pwhash_str_verify() tests 5d56821d3 More tests, and start testing misuse cases 0238cbcf6 Bump NuGet package 0e8d7c926 Implement sodium_set_misuse_handler() 9def4d9a8 Add tests for crypto_kx_*() when a single key is required 8a70f258f No more abort() calls! c3b24c1d2 Explain why some abort() calls are still around 74703c63a More abort() -> sodium_misuse() a0e997b8a More abort() -> sodium_misuse() ea9281cb0 More abort() -> sodium_misuse() c7459c125 Remove the useless donations button a61dddd49 Back to dev mode. If you want a stable version, use the stable branch. bcf98b554 Start replacing abort() with an internal sodium_misuse() function c86080e7b Fix funky indentation 608e103e4 Finish the Argon2id tests 8b99f44ff Abort on misuse in crypto_kx_server_session_keys() too 765ba55cd crypto_kx(): abort if the function is called without any non-NULL pointer 90658321d Only include sodium/crypto_pwhash_scryptsalsa208sha256.h on !minimal 1f826df2d is_zero(): volatilize the accumulator 3d400363b sodium_compare: x1, x2 don't have to be volatile 99f8c19a1 memzero(): call the weak function after zeroing 30e8a2b23 The time has come to use memset_s() if available f0c15da02 We don't need these extra loads bcdb042ad Revert "Explicitly include <limits.h>" 7dbbd266b Simple SSE2 implementation of crypto_verify*() 94a8b3327 Simplify crypto_verify_*() 37e99aa4f Make it more difficult for the compiler to optimize crypto_verify_*() c746eb277 Revert "Bail out if SIZE_MAX < crypto_pwhash_MEMLIMIT_MAX" 0fd9aae17 Explicitly include <limits.h> c2ef7d088 Bail out if SIZE_MAX < crypto_pwhash_MEMLIMIT_MAX git-subtree-dir: libsodium git-subtree-split: 18609cffafed6ccfcac77088d402074e1d74f02c
2017-09-27 05:22:05 +00:00
(this list may not be complete, if you don't see your name, please
submit a pull request!)
Also thanks to:
- Coverity, Inc. to provide static analysis.
- FSF France for providing access to their compilation servers.
- Private Internet Access for having sponsored a complete security audit.