RubyGems - rbnacl-libsodium - Versions diffs - 0.6.1 → 0.7.0 - Mend

rbnacl-libsodium 0.6.1 → 0.7.0

Files changed (89) hide show

data/vendor/libsodium/test/default/sodium_utils2.c ADDED

@@ -0,0 +1,70 @@
+#include <sys/types.h>
+#include <limits.h>
+#include <signal.h>
+#include <string.h>
+#include <stdio.h>
+#include <string.h>
+#define TEST_NAME "sodium_utils2"
+#include "cmptest.h"
+static void
+segv_handler(int sig)
+{
+    printf("Intentional segfault / bus error caught\n");
+    printf("OK\n");
+#ifdef SIGSEGV
+    signal(SIGSEGV, SIG_DFL);
+#endif
+#ifdef SIGBUS
+    signal(SIGBUS, SIG_DFL);
+#endif
+#ifdef SIGABRT
+    signal(SIGABRT, SIG_DFL);
+#endif
+    exit(0);
+}
+int
+main(void)
+{
+    void         *buf;
+    size_t        size;
+    unsigned int  i;
+    if (sodium_allocarray(SIZE_MAX / 2U + 1U, SIZE_MAX / 2U) != NULL) {
+        return 1;
+    }
+    sodium_free(sodium_malloc(0U));
+    sodium_free(NULL);
+    for (i = 0U; i < 10000U; i++) {
+        size = randombytes_uniform(100000U);
+        buf = sodium_malloc(size);
+        memset(buf, i, size);
+        sodium_mprotect_readonly(buf);
+        sodium_free(buf);
+    }
+    printf("OK\n");
+#ifdef SIGSEGV
+    signal(SIGSEGV, segv_handler);
+#endif
+#ifdef SIGBUS
+    signal(SIGBUS, segv_handler);
+#endif
+#ifdef SIGABRT
+    signal(SIGABRT, segv_handler);
+#endif
+    size = randombytes_uniform(100000U);
+    buf = sodium_malloc(size);
+    sodium_mprotect_readonly(buf);
+    sodium_mprotect_readwrite(buf);
+    sodium_memzero(((unsigned char *) buf) + size, 1U);
+    sodium_mprotect_noaccess(buf);
+    sodium_free(buf);
+    printf("Overflow not caught\n");
+    return 0;
+}

data/vendor/libsodium/test/default/sodium_utils2.exp ADDED

@@ -0,0 +1,3 @@
+OK
+Intentional segfault / bus error caught
+OK

data/vendor/libsodium/test/default/sodium_utils3.c ADDED

@@ -0,0 +1,55 @@
+#include <sys/types.h>
+#include <limits.h>
+#include <signal.h>
+#include <string.h>
+#include <stdio.h>
+#include <string.h>
+#define TEST_NAME "sodium_utils3"
+#include "cmptest.h"
+static void
+segv_handler(int sig)
+{
+    printf("Intentional segfault / bus error caught\n");
+    printf("OK\n");
+#ifdef SIGSEGV
+    signal(SIGSEGV, SIG_DFL);
+#endif
+#ifdef SIGBUS
+    signal(SIGBUS, SIG_DFL);
+#endif
+#ifdef SIGABRT
+    signal(SIGABRT, SIG_DFL);
+#endif
+    exit(0);
+}
+int
+main(void)
+{
+    void   *buf;
+    size_t  size;
+#ifdef SIGSEGV
+    signal(SIGSEGV, segv_handler);
+#endif
+#ifdef SIGBUS
+    signal(SIGBUS, segv_handler);
+#endif
+#ifdef SIGABRT
+    signal(SIGABRT, segv_handler);
+#endif
+    size = randombytes_uniform(100000U);
+    buf = sodium_malloc(size);
+    sodium_mprotect_noaccess(buf);
+    sodium_mprotect_readwrite(buf);
+    sodium_memzero(((unsigned char *) buf) - 8, 8U);
+    sodium_mprotect_readonly(buf);
+    sodium_free(buf);
+    printf("Underflow not caught\n");
+    return 0;
+}

data/vendor/libsodium/test/default/sodium_utils3.exp ADDED

	@@ -0,0 +1,2 @@
1	+ Intentional segfault / bus error caught
2	+ OK

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rbnacl-libsodium
 version: !ruby/object:Gem::Version
-  version: 0.6.1
+  version: 0.7.0
 platform: ruby
 authors:
 - Artiom Di
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2014-07-19 00:00:00.000000000 Z
+date: 2014-08-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rbnacl
@@ -224,7 +224,6 @@ files:
 - vendor/libsodium/src/libsodium/crypto_auth/hmacsha512256/cp/api.h
 - vendor/libsodium/src/libsodium/crypto_auth/hmacsha512256/cp/hmac_hmacsha512256.c
 - vendor/libsodium/src/libsodium/crypto_auth/hmacsha512256/cp/verify_hmacsha512256.c
-- vendor/libsodium/src/libsodium/crypto_auth/try.c
 - vendor/libsodium/src/libsodium/crypto_box/crypto_box.c
 - vendor/libsodium/src/libsodium/crypto_box/crypto_box_easy.c
 - vendor/libsodium/src/libsodium/crypto_box/curve25519xsalsa20poly1305/box_curve25519xsalsa20poly1305_api.c
@@ -234,7 +233,6 @@ files:
 - vendor/libsodium/src/libsodium/crypto_box/curve25519xsalsa20poly1305/ref/before_curve25519xsalsa20poly1305.c
 - vendor/libsodium/src/libsodium/crypto_box/curve25519xsalsa20poly1305/ref/box_curve25519xsalsa20poly1305.c
 - vendor/libsodium/src/libsodium/crypto_box/curve25519xsalsa20poly1305/ref/keypair_curve25519xsalsa20poly1305.c
-- vendor/libsodium/src/libsodium/crypto_box/try.c
 - vendor/libsodium/src/libsodium/crypto_core/hsalsa20/checksum
 - vendor/libsodium/src/libsodium/crypto_core/hsalsa20/core_hsalsa20_api.c
 - vendor/libsodium/src/libsodium/crypto_core/hsalsa20/ref2/api.h
@@ -268,7 +266,6 @@ files:
 - vendor/libsodium/src/libsodium/crypto_hash/sha512/cp/api.h
 - vendor/libsodium/src/libsodium/crypto_hash/sha512/cp/hash_sha512.c
 - vendor/libsodium/src/libsodium/crypto_hash/sha512/hash_sha512_api.c
-- vendor/libsodium/src/libsodium/crypto_hash/try.c
 - vendor/libsodium/src/libsodium/crypto_onetimeauth/crypto_onetimeauth.c
 - vendor/libsodium/src/libsodium/crypto_onetimeauth/poly1305/donna/auth_poly1305_donna.c
 - vendor/libsodium/src/libsodium/crypto_onetimeauth/poly1305/donna/poly1305_donna.h
@@ -311,10 +308,8 @@ files:
 - vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/ref10/pow225521.h
 - vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/ref10/scalarmult_curve25519_ref10.c
 - vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/scalarmult_curve25519_api.c
-- vendor/libsodium/src/libsodium/crypto_scalarmult/try.c
 - vendor/libsodium/src/libsodium/crypto_secretbox/crypto_secretbox.c
 - vendor/libsodium/src/libsodium/crypto_secretbox/crypto_secretbox_easy.c
-- vendor/libsodium/src/libsodium/crypto_secretbox/try.c
 - vendor/libsodium/src/libsodium/crypto_secretbox/xsalsa20poly1305/checksum
 - vendor/libsodium/src/libsodium/crypto_secretbox/xsalsa20poly1305/ref/api.h
 - vendor/libsodium/src/libsodium/crypto_secretbox/xsalsa20poly1305/ref/box_xsalsa20poly1305.c
@@ -390,7 +385,6 @@ files:
 - vendor/libsodium/src/libsodium/crypto_sign/edwards25519sha512batch/ref/sc25519_edwards25519sha512batch.c
 - vendor/libsodium/src/libsodium/crypto_sign/edwards25519sha512batch/ref/sign_edwards25519sha512batch.c
 - vendor/libsodium/src/libsodium/crypto_sign/edwards25519sha512batch/sign_edwards25519sha512batch_api.c
-- vendor/libsodium/src/libsodium/crypto_sign/try.c
 - vendor/libsodium/src/libsodium/crypto_stream/aes128ctr/checksum
 - vendor/libsodium/src/libsodium/crypto_stream/aes128ctr/portable/afternm_aes128ctr.c
 - vendor/libsodium/src/libsodium/crypto_stream/aes128ctr/portable/api.h
@@ -405,14 +399,6 @@ files:
 - vendor/libsodium/src/libsodium/crypto_stream/aes128ctr/portable/types.h
 - vendor/libsodium/src/libsodium/crypto_stream/aes128ctr/portable/xor_afternm_aes128ctr.c
 - vendor/libsodium/src/libsodium/crypto_stream/aes128ctr/stream_aes128ctr_api.c
-- vendor/libsodium/src/libsodium/crypto_stream/aes256estream/hongjun/aes-table-be.h
-- vendor/libsodium/src/libsodium/crypto_stream/aes256estream/hongjun/aes-table-le.h
-- vendor/libsodium/src/libsodium/crypto_stream/aes256estream/hongjun/aes-table.h
-- vendor/libsodium/src/libsodium/crypto_stream/aes256estream/hongjun/aes256-ctr.c
-- vendor/libsodium/src/libsodium/crypto_stream/aes256estream/hongjun/aes256.h
-- vendor/libsodium/src/libsodium/crypto_stream/aes256estream/hongjun/api.h
-- vendor/libsodium/src/libsodium/crypto_stream/aes256estream/hongjun/ecrypt-sync.h
-- vendor/libsodium/src/libsodium/crypto_stream/aes256estream/stream_aes256estream_api.c
 - vendor/libsodium/src/libsodium/crypto_stream/chacha20/ref/api.h
 - vendor/libsodium/src/libsodium/crypto_stream/chacha20/ref/stream_chacha20_ref.c
 - vendor/libsodium/src/libsodium/crypto_stream/chacha20/stream_chacha20_api.c
@@ -434,7 +420,6 @@ files:
 - vendor/libsodium/src/libsodium/crypto_stream/salsa208/ref/stream_salsa208.c
 - vendor/libsodium/src/libsodium/crypto_stream/salsa208/ref/xor_salsa208.c
 - vendor/libsodium/src/libsodium/crypto_stream/salsa208/stream_salsa208_api.c
-- vendor/libsodium/src/libsodium/crypto_stream/try.c
 - vendor/libsodium/src/libsodium/crypto_stream/xsalsa20/checksum
 - vendor/libsodium/src/libsodium/crypto_stream/xsalsa20/ref/api.h
 - vendor/libsodium/src/libsodium/crypto_stream/xsalsa20/ref/stream_xsalsa20.c
@@ -451,7 +436,6 @@ files:
 - vendor/libsodium/src/libsodium/crypto_verify/64/ref/api.h
 - vendor/libsodium/src/libsodium/crypto_verify/64/ref/verify_64.c
 - vendor/libsodium/src/libsodium/crypto_verify/64/verify_64_api.c
-- vendor/libsodium/src/libsodium/crypto_verify/try.c
 - vendor/libsodium/src/libsodium/include/Makefile.am
 - vendor/libsodium/src/libsodium/include/Makefile.in
 - vendor/libsodium/src/libsodium/include/sodium.h
@@ -488,7 +472,6 @@ files:
 - vendor/libsodium/src/libsodium/include/sodium/crypto_sign_edwards25519sha512batch.h
 - vendor/libsodium/src/libsodium/include/sodium/crypto_stream.h
 - vendor/libsodium/src/libsodium/include/sodium/crypto_stream_aes128ctr.h
-- vendor/libsodium/src/libsodium/include/sodium/crypto_stream_aes256estream.h
 - vendor/libsodium/src/libsodium/include/sodium/crypto_stream_chacha20.h
 - vendor/libsodium/src/libsodium/include/sodium/crypto_stream_salsa20.h
 - vendor/libsodium/src/libsodium/include/sodium/crypto_stream_salsa2012.h
@@ -511,7 +494,6 @@ files:
 - vendor/libsodium/src/libsodium/randombytes/randombytes.c
 - vendor/libsodium/src/libsodium/randombytes/salsa20/randombytes_salsa20_random.c
 - vendor/libsodium/src/libsodium/randombytes/sysrandom/randombytes_sysrandom.c
-- vendor/libsodium/src/libsodium/sodium/compat.c
 - vendor/libsodium/src/libsodium/sodium/core.c
 - vendor/libsodium/src/libsodium/sodium/runtime.c
 - vendor/libsodium/src/libsodium/sodium/utils.c
@@ -564,6 +546,8 @@ files:
 - vendor/libsodium/test/default/core5.exp
 - vendor/libsodium/test/default/core6.c
 - vendor/libsodium/test/default/core6.exp
+- vendor/libsodium/test/default/ed25519_convert.c
+- vendor/libsodium/test/default/ed25519_convert.exp
 - vendor/libsodium/test/default/generichash.c
 - vendor/libsodium/test/default/generichash.exp
 - vendor/libsodium/test/default/generichash2.c
@@ -615,6 +599,10 @@ files:
 - vendor/libsodium/test/default/sodium_core.exp
 - vendor/libsodium/test/default/sodium_utils.c
 - vendor/libsodium/test/default/sodium_utils.exp
+- vendor/libsodium/test/default/sodium_utils2.c
+- vendor/libsodium/test/default/sodium_utils2.exp
+- vendor/libsodium/test/default/sodium_utils3.c
+- vendor/libsodium/test/default/sodium_utils3.exp
 - vendor/libsodium/test/default/sodium_version.c
 - vendor/libsodium/test/default/sodium_version.exp
 - vendor/libsodium/test/default/stream.c
@@ -625,10 +613,6 @@ files:
 - vendor/libsodium/test/default/stream3.exp
 - vendor/libsodium/test/default/stream4.c
 - vendor/libsodium/test/default/stream4.exp
-- vendor/libsodium/test/default/stream5.c
-- vendor/libsodium/test/default/stream5.exp
-- vendor/libsodium/test/default/stream6.c
-- vendor/libsodium/test/default/stream6.exp
 - vendor/libsodium/test/default/verify1.c
 - vendor/libsodium/test/default/verify1.exp
 - vendor/libsodium/test/default/wintest.bat

data/vendor/libsodium/src/libsodium/crypto_auth/try.c DELETED

@@ -1,119 +0,0 @@
-/*
- * crypto_auth/try.c version 20090118
- * D. J. Bernstein
- * Public domain.
- */
-#include <stdlib.h>
-#include "crypto_hash_sha256.h"
-#include "crypto_auth.h"
-#include "utils.h"
-#include "windows/windows-quirks.h"
-extern unsigned char *alignedcalloc(unsigned long long);
-const char *primitiveimplementation = crypto_auth_IMPLEMENTATION;
-#define MAXTEST_BYTES 10000
-#define CHECKSUM_BYTES 4096
-#define TUNE_BYTES 1536
-static unsigned char *h;
-static unsigned char *m;
-static unsigned char *k;
-static unsigned char *h2;
-static unsigned char *m2;
-static unsigned char *k2;
-void preallocate(void)
-{
-}
-void allocate(void)
-{
-  h = alignedcalloc(crypto_auth_BYTES);
-  m = alignedcalloc(MAXTEST_BYTES);
-  k = alignedcalloc(crypto_auth_KEYBYTES);
-  h2 = alignedcalloc(crypto_auth_BYTES);
-  m2 = alignedcalloc(MAXTEST_BYTES + crypto_auth_BYTES);
-  k2 = alignedcalloc(crypto_auth_KEYBYTES + crypto_auth_BYTES);
-}
-void predoit(void)
-{
-}
-void doit(void)
-{
-  crypto_auth(h,m,TUNE_BYTES,k);
-  crypto_auth_verify(h,m,TUNE_BYTES,k);
-}
-char checksum[crypto_auth_BYTES * 2 + 1];
-const char *checksum_compute(void)
-{
-  long long i;
-  long long j;
-  for (i = 0;i < CHECKSUM_BYTES;++i) {
-    long long mlen = i;
-    long long klen = crypto_auth_KEYBYTES;
-    long long hlen = crypto_auth_BYTES;
-    for (j = -16;j < 0;++j) h[j] = rand();
-    for (j = -16;j < 0;++j) k[j] = rand();
-    for (j = -16;j < 0;++j) m[j] = rand();
-    for (j = hlen;j < hlen + 16;++j) h[j] = rand();
-    for (j = klen;j < klen + 16;++j) k[j] = rand();
-    for (j = mlen;j < mlen + 16;++j) m[j] = rand();
-    for (j = -16;j < hlen + 16;++j) h2[j] = h[j];
-    for (j = -16;j < klen + 16;++j) k2[j] = k[j];
-    for (j = -16;j < mlen + 16;++j) m2[j] = m[j];
-    if (crypto_auth(h,m,mlen,k) != 0) return "crypto_auth returns nonzero";
-    for (j = -16;j < klen + 16;++j) if (k[j] != k2[j]) return "crypto_auth overwrites k";
-    for (j = -16;j < mlen + 16;++j) if (m[j] != m2[j]) return "crypto_auth overwrites m";
-    for (j = -16;j < 0;++j) if (h[j] != h2[j]) return "crypto_auth writes before output";
-    for (j = hlen;j < hlen + 16;++j) if (h[j] != h2[j]) return "crypto_auth writes after output";
-    for (j = -16;j < 0;++j) h[j] = rand();
-    for (j = -16;j < 0;++j) k[j] = rand();
-    for (j = -16;j < 0;++j) m[j] = rand();
-    for (j = hlen;j < hlen + 16;++j) h[j] = rand();
-    for (j = klen;j < klen + 16;++j) k[j] = rand();
-    for (j = mlen;j < mlen + 16;++j) m[j] = rand();
-    for (j = -16;j < hlen + 16;++j) h2[j] = h[j];
-    for (j = -16;j < klen + 16;++j) k2[j] = k[j];
-    for (j = -16;j < mlen + 16;++j) m2[j] = m[j];
-    if (crypto_auth(m2,m2,mlen,k) != 0) return "crypto_auth returns nonzero";
-    for (j = 0;j < hlen;++j) if (m2[j] != h[j]) return "crypto_auth does not handle m overlap";
-    for (j = 0;j < hlen;++j) m2[j] = m[j];
-    if (crypto_auth(k2,m2,mlen,k2) != 0) return "crypto_auth returns nonzero";
-    for (j = 0;j < hlen;++j) if (k2[j] != h[j]) return "crypto_auth does not handle k overlap";
-    for (j = 0;j < hlen;++j) k2[j] = k[j];
-    if (crypto_auth_verify(h,m,mlen,k) != 0) return "crypto_auth_verify returns nonzero";
-    for (j = -16;j < hlen + 16;++j) if (h[j] != h2[j]) return "crypto_auth overwrites h";
-    for (j = -16;j < klen + 16;++j) if (k[j] != k2[j]) return "crypto_auth overwrites k";
-    for (j = -16;j < mlen + 16;++j) if (m[j] != m2[j]) return "crypto_auth overwrites m";
-    crypto_hash_sha256(h2,h,hlen);
-    for (j = 0;j < klen;++j) k[j] ^= h2[j % 32];
-    if (crypto_auth(h,m,mlen,k) != 0) return "crypto_auth returns nonzero";
-    if (crypto_auth_verify(h,m,mlen,k) != 0) return "crypto_auth_verify returns nonzero";
-    crypto_hash_sha256(h2,h,hlen);
-    for (j = 0;j < mlen;++j) m[j] ^= h2[j % 32];
-    m[mlen] = h2[0];
-  }
-  if (crypto_auth(h,m,CHECKSUM_BYTES,k) != 0) return "crypto_auth returns nonzero";
-  if (crypto_auth_verify(h,m,CHECKSUM_BYTES,k) != 0) return "crypto_auth_verify returns nonzero";
-  sodium_bin2hex(checksum, sizeof checksum, h, crypto_auth_BYTES);
-  return 0;
-}

data/vendor/libsodium/src/libsodium/crypto_box/try.c DELETED

@@ -1,195 +0,0 @@
-/*
- * crypto_box/try.c version 20090118
- * D. J. Bernstein
- * Public domain.
- */
-#include <stdlib.h>
-#include "crypto_box.h"
-#include "utils.h"
-#include "windows/windows-quirks.h"
-extern unsigned char *alignedcalloc(unsigned long long);
-const char *primitiveimplementation = crypto_box_IMPLEMENTATION;
-#define MAXTEST_BYTES 10000
-#define CHECKSUM_BYTES 4096
-#define TUNE_BYTES 1536
-static unsigned char *ska;
-static unsigned char *pka;
-static unsigned char *skb;
-static unsigned char *pkb;
-static unsigned char *s;
-static unsigned char *n;
-static unsigned char *m;
-static unsigned char *c;
-static unsigned char *t;
-static unsigned char *ska2;
-static unsigned char *pka2;
-static unsigned char *skb2;
-static unsigned char *pkb2;
-static unsigned char *s2;
-static unsigned char *n2;
-static unsigned char *m2;
-static unsigned char *c2;
-static unsigned char *t2;
-#define sklen crypto_box_SECRETKEYBYTES
-#define pklen crypto_box_PUBLICKEYBYTES
-#define nlen crypto_box_NONCEBYTES
-#define slen crypto_box_BEFORENMBYTES
-void preallocate(void)
-{
-}
-void allocate(void)
-{
-  ska = alignedcalloc(sklen);
-  pka = alignedcalloc(pklen);
-  skb = alignedcalloc(sklen);
-  pkb = alignedcalloc(pklen);
-  n = alignedcalloc(nlen);
-  m = alignedcalloc(MAXTEST_BYTES + crypto_box_ZEROBYTES);
-  c = alignedcalloc(MAXTEST_BYTES + crypto_box_ZEROBYTES);
-  t = alignedcalloc(MAXTEST_BYTES + crypto_box_ZEROBYTES);
-  s = alignedcalloc(slen);
-  ska2 = alignedcalloc(sklen);
-  pka2 = alignedcalloc(pklen);
-  skb2 = alignedcalloc(sklen);
-  pkb2 = alignedcalloc(pklen);
-  n2 = alignedcalloc(nlen);
-  m2 = alignedcalloc(MAXTEST_BYTES + crypto_box_ZEROBYTES);
-  c2 = alignedcalloc(MAXTEST_BYTES + crypto_box_ZEROBYTES);
-  t2 = alignedcalloc(MAXTEST_BYTES + crypto_box_ZEROBYTES);
-  s2 = alignedcalloc(slen);
-}
-void predoit(void)
-{
-}
-void doit(void)
-{
-  crypto_box(c,m,TUNE_BYTES + crypto_box_ZEROBYTES,n,pka,skb);
-  crypto_box_open(t,c,TUNE_BYTES + crypto_box_ZEROBYTES,n,pkb,ska);
-}
-char checksum[nlen * 2 + 1];
-const char *checksum_compute(void)
-{
-  long long i;
-  long long j;
-  if (crypto_box_keypair(pka,ska) != 0) return "crypto_box_keypair returns nonzero";
-  if (crypto_box_keypair(pkb,skb) != 0) return "crypto_box_keypair returns nonzero";
-  for (j = 0;j < crypto_box_ZEROBYTES;++j) m[j] = 0;
-  for (i = 0;i < CHECKSUM_BYTES;++i) {
-    long long mlen = i + crypto_box_ZEROBYTES;
-    long long tlen = i + crypto_box_ZEROBYTES;
-    long long clen = i + crypto_box_ZEROBYTES;
-    for (j = -16;j < 0;++j) ska[j] = rand();
-    for (j = -16;j < 0;++j) skb[j] = rand();
-    for (j = -16;j < 0;++j) pka[j] = rand();
-    for (j = -16;j < 0;++j) pkb[j] = rand();
-    for (j = -16;j < 0;++j) m[j] = rand();
-    for (j = -16;j < 0;++j) n[j] = rand();
-    for (j = sklen;j < sklen + 16;++j) ska[j] = rand();
-    for (j = sklen;j < sklen + 16;++j) skb[j] = rand();
-    for (j = pklen;j < pklen + 16;++j) pka[j] = rand();
-    for (j = pklen;j < pklen + 16;++j) pkb[j] = rand();
-    for (j = mlen;j < mlen + 16;++j) m[j] = rand();
-    for (j = nlen;j < nlen + 16;++j) n[j] = rand();
-    for (j = -16;j < sklen + 16;++j) ska2[j] = ska[j];
-    for (j = -16;j < sklen + 16;++j) skb2[j] = skb[j];
-    for (j = -16;j < pklen + 16;++j) pka2[j] = pka[j];
-    for (j = -16;j < pklen + 16;++j) pkb2[j] = pkb[j];
-    for (j = -16;j < mlen + 16;++j) m2[j] = m[j];
-    for (j = -16;j < nlen + 16;++j) n2[j] = n[j];
-    for (j = -16;j < clen + 16;++j) c2[j] = c[j] = rand();
-    if (crypto_box(c,m,mlen,n,pkb,ska) != 0) return "crypto_box returns nonzero";
-    for (j = -16;j < mlen + 16;++j) if (m2[j] != m[j]) return "crypto_box overwrites m";
-    for (j = -16;j < nlen + 16;++j) if (n2[j] != n[j]) return "crypto_box overwrites n";
-    for (j = -16;j < 0;++j) if (c2[j] != c[j]) return "crypto_box writes before output";
-    for (j = clen;j < clen + 16;++j) if (c2[j] != c[j]) return "crypto_box writes after output";
-    for (j = 0;j < crypto_box_BOXZEROBYTES;++j)
-      if (c[j] != 0) return "crypto_box does not clear extra bytes";
-    for (j = -16;j < sklen + 16;++j) if (ska2[j] != ska[j]) return "crypto_box overwrites ska";
-    for (j = -16;j < sklen + 16;++j) if (skb2[j] != skb[j]) return "crypto_box overwrites skb";
-    for (j = -16;j < pklen + 16;++j) if (pka2[j] != pka[j]) return "crypto_box overwrites pka";
-    for (j = -16;j < pklen + 16;++j) if (pkb2[j] != pkb[j]) return "crypto_box overwrites pkb";
-    for (j = -16;j < 0;++j) c[j] = rand();
-    for (j = clen;j < clen + 16;++j) c[j] = rand();
-    for (j = -16;j < clen + 16;++j) c2[j] = c[j];
-    for (j = -16;j < tlen + 16;++j) t2[j] = t[j] = rand();
-    if (crypto_box_open(t,c,clen,n,pka,skb) != 0) return "crypto_box_open returns nonzero";
-    for (j = -16;j < clen + 16;++j) if (c2[j] != c[j]) return "crypto_box_open overwrites c";
-    for (j = -16;j < nlen + 16;++j) if (n2[j] != n[j]) return "crypto_box_open overwrites n";
-    for (j = -16;j < 0;++j) if (t2[j] != t[j]) return "crypto_box_open writes before output";
-    for (j = tlen;j < tlen + 16;++j) if (t2[j] != t[j]) return "crypto_box_open writes after output";
-    for (j = 0;j < crypto_box_ZEROBYTES;++j)
-      if (t[j] != 0) return "crypto_box_open does not clear extra bytes";
-    for (j = -16;j < sklen + 16;++j) if (ska2[j] != ska[j]) return "crypto_box_open overwrites ska";
-    for (j = -16;j < sklen + 16;++j) if (skb2[j] != skb[j]) return "crypto_box_open overwrites skb";
-    for (j = -16;j < pklen + 16;++j) if (pka2[j] != pka[j]) return "crypto_box_open overwrites pka";
-    for (j = -16;j < pklen + 16;++j) if (pkb2[j] != pkb[j]) return "crypto_box_open overwrites pkb";
-    for (j = 0;j < mlen;++j) if (t[j] != m[j]) return "plaintext does not match";
-    for (j = -16;j < slen + 16;++j) s2[j] = s[j] = rand();
-    if (crypto_box_beforenm(s,pkb,ska) != 0) return "crypto_box_beforenm returns nonzero";
-    for (j = -16;j < pklen + 16;++j) if (pka2[j] != pka[j]) return "crypto_box_open overwrites pk";
-    for (j = -16;j < sklen + 16;++j) if (skb2[j] != skb[j]) return "crypto_box_open overwrites sk";
-    for (j = -16;j < 0;++j) if (s2[j] != s[j]) return "crypto_box_beforenm writes before output";
-    for (j = slen;j < slen + 16;++j) if (s2[j] != s[j]) return "crypto_box_beforenm writes after output";
-    for (j = -16;j < slen + 16;++j) s2[j] = s[j];
-    for (j = -16;j < tlen + 16;++j) t2[j] = t[j] = rand();
-    if (crypto_box_afternm(t,m,mlen,n,s) != 0) return "crypto_box_afternm returns nonzero";
-    for (j = -16;j < slen + 16;++j) if (s2[j] != s[j]) return "crypto_box_afternm overwrites s";
-    for (j = -16;j < mlen + 16;++j) if (m2[j] != m[j]) return "crypto_box_afternm overwrites m";
-    for (j = -16;j < nlen + 16;++j) if (n2[j] != n[j]) return "crypto_box_afternm overwrites n";
-    for (j = -16;j < 0;++j) if (t2[j] != t[j]) return "crypto_box_afternm writes before output";
-    for (j = tlen;j < tlen + 16;++j) if (t2[j] != t[j]) return "crypto_box_afternm writes after output";
-    for (j = 0;j < crypto_box_BOXZEROBYTES;++j)
-      if (t[j] != 0) return "crypto_box_afternm does not clear extra bytes";
-    for (j = 0;j < mlen;++j) if (t[j] != c[j]) return "crypto_box_afternm does not match crypto_box";
-    if (crypto_box_beforenm(s,pka,skb) != 0) return "crypto_box_beforenm returns nonzero";
-    for (j = -16;j < tlen + 16;++j) t2[j] = t[j] = rand();
-    if (crypto_box_open_afternm(t,c,clen,n,s) != 0) return "crypto_box_open_afternm returns nonzero";
-    for (j = -16;j < slen + 16;++j) if (s2[j] != s[j]) return "crypto_box_open_afternm overwrites s";
-    for (j = -16;j < mlen + 16;++j) if (m2[j] != m[j]) return "crypto_box_open_afternm overwrites m";
-    for (j = -16;j < nlen + 16;++j) if (n2[j] != n[j]) return "crypto_box_open_afternm overwrites n";
-    for (j = -16;j < 0;++j) if (t2[j] != t[j]) return "crypto_box_open_afternm writes before output";
-    for (j = tlen;j < tlen + 16;++j) if (t2[j] != t[j]) return "crypto_box_open_afternm writes after output";
-    for (j = 0;j < crypto_box_ZEROBYTES;++j)
-      if (t[j] != 0) return "crypto_box_open_afternm does not clear extra bytes";
-    for (j = 0;j < mlen;++j) if (t[j] != m[j]) return "crypto_box_open_afternm does not match crypto_box_open";
-    for (j = 0;j < i;++j) n[j % nlen] ^= c[j + crypto_box_BOXZEROBYTES];
-    if (i == 0) m[crypto_box_ZEROBYTES] = 0;
-    m[i + crypto_box_ZEROBYTES] = m[crypto_box_ZEROBYTES];
-    for (j = 0;j < i;++j) m[j + crypto_box_ZEROBYTES] ^= c[j + crypto_box_BOXZEROBYTES];
-  }
-  sodium_bin2hex(checksum, sizeof checksum, n, nlen);
-  return 0;
-}