jedisct1
Repos
371
Followers
3247
Following
141

A modern, portable, easy to use crypto library.

C
10484
1429

dnscrypt-proxy 2 - A flexible DNS proxy, with support for encrypted DNS protocols.

9298
837

An easy to install, high-performance, zero maintenance proxy to run an encrypted DNS server.

617
63

A Dead Simple VPN.

C
5003
358

A dead simple tool to sign files and verify digital signatures.

C
1599
90

A lightweight, secure, easy-to-use crypto library suitable for constrained environments.

C
420
51

Events

Bump deps. I hate that Cargo.lock thing.

Created at 3 days ago
closed issue
function crypto_generichash_blake2b_salt_personal id and ctx can't be null ?

in blake2b-ref.c I found that both salt and personal could be null.

how could I set salt without setting ctx ?

OR, blake2b has a default salt or ctx ? I tried Uint8Array filled with 0, it did not generate correct hash

Created at 3 days ago

Make blake2b salt and context optional

Fixes #303

Created at 3 days ago

Add input_buf_optional type

Created at 3 days ago
issue comment
function crypto_generichash_blake2b_salt_personal id and ctx can't be null ?

Good catch.

The type for these parameters is buf. I guess it should be something like buf_optional.

It's quite surprising to see that such type is not implemented yet, as there are other functions with nullable fixed-size buffers.

Created at 3 days ago

Make Cargo.toml license match the LICENSE file

Fixes #16

Created at 4 days ago
Clarify license

The LICENSE is MIT, but Cargo.toml says ISC.

Created at 4 days ago

We suggest crypto_auth, so make the key a function parameter

Created at 5 days ago

hostcalls: remove curve25159-dalek

This avoids using a deprecated crate, but also unblocks dependency issues with the zeroize and rand crates.

Add links to the meetings, and minutes from 2022-09-22

Created at 5 days ago

Add links to the meetings, and minutes from 2022-09-22

Created at 5 days ago

Update quic-go

Created at 5 days ago
A cloaking rule is always interpreted as starting with a wildcard

Output of the following commands:

./dnscrypt-proxy -version

2.1.2

./dnscrypt-proxy -check

./dnscrypt-proxy -resolve example.com

Resolver      : 212.47.228.136 (scaleway-fr.dnscrypt.info.)

Canonical name: example.com.

IPv4 addresses: 93.184.216.34
IPv6 addresses: 2606:2800:220:1:248:1893:25c8:1946

Name servers  : b.iana-servers.net., a.iana-servers.net.
DNSSEC signed : yes
Mail servers  : 1 mail servers found

HTTPS alias   : -
HTTPS info    : -

Host info     : -
TXT records   : wgyf8z8cgvm2qmxpnbnldrcltvk4xqfn, v=spf1 -all

What is affected by this bug?

all resolutions

When does this occur?

all the time

Where does it happen?

paris, france

How do we replicate the issue?

cloaking-rules.txt

ns2.domain.local        192.168.122.77

Resolving ns2.domain.local

dig ns2.domain.local A +short
192.168.122.77

Resolving any other fqdns ending with the same fqdn:

dig whateverns2.domain.local A +short
192.168.122.77

The last part should never happen!

Created at 5 days ago
issue comment
A cloaking rule is always interpreted as starting with a wildcard

This is expected.

An = prefix is required for exact matching. See the documentation: filter patterns.

Created at 5 days ago
issue comment
howto tutorial

Hi!

What parts of the README file would benefit from more verbose documentation?

DNSCrypt may be easier to setup (see https://github.com/DNSCrypt/encrypted-dns-server - there's also a docker image). And if the intent is to bypass a country's restrictions, it makes way more sense than DoH due to its instant support for anonymization.

Created at 6 days ago
Formal verification report link

Hi @jedisct1

The crate README.md says there is Formal verification -

Re: https://github.com/The-DevX-Initiative/RCIG_Coordination_Repo/blob/main/Awesome_Rust_Cryptography.md

I'm sending a PR there - do we have a link to the formal verification report we can refer to please ?

Cheers

Created at 1 week ago

Remove unused parameter

Created at 1 week ago

No need to check R in signature verification

Created at 1 week ago

ios: remove the support for bitcode (#1210)

Created at 1 week ago

Add support for arm64 watchOS (#1211)

Created at 1 week ago

Add support for arm64 watchOS (#1211)

Created at 1 week ago
pull request closed
Add support for arm64 watchOS

According to the Xcode 14 release notes:

Xcode builds for watchOS devices now include the arm64 architecture by default. (83319300)

https://developer.apple.com/documentation/xcode-release-notes/xcode-14-release-notes

As a result adding swift-sodium to a watchOS target fails during the Archive step due to missing arm64 architecture.

Here's how I validated - I ran ./apple-xcframework.sh, switched out the xcframework in swift-sodium for this one, tested for watchOS, successfully built.

Created at 1 week ago
issue comment
Add support for arm64 watchOS

Thank you!

Created at 1 week ago
Feature-change for `>= 1.0.13` regarding `signatures` imports

This is not a bug per se. I'm not even entirely sure what the correct action is in this case, but I thought I'd mention it anyway. With versions 1.0.13 and onward, a new feature signatures was introduced. AFAIU, this constitutes a minor SemVer version bump, according to API Evolution RFC. I'd have though this would require a 1.1.x version, instead.

Feel free to close this @jedisct1, if this was intentional.

In case anyone else had their ed25519-compact on non-default-features, pulled in signature-related types and their build broke: this can be fixed by adding "signatures" to selected features of this crate.

Created at 1 week ago
Feature-change for `>= 1.0.13` regarding `signatures` imports

Backward compatibility feels more important.

To some extent opt_size also removes something.

Version 1.0.15 was released to fix this.

Thanks!

Created at 1 week ago

Turn the "signatures" compile-time feat into "disable-signatures"

Refactor a little bit

Created at 1 week ago
Feature-change for `>= 1.0.13` regarding `signatures` imports

Oh, indeed, thanks!

I guess a better way would be to have a "disable-signatures" feature instead.

Created at 1 week ago