RubyGems - rbnacl-libsodium - Versions diffs - 1.0.1 → 1.0.2 - Mend

rbnacl-libsodium 1.0.1 → 1.0.2

Files changed (72) hide show

data/vendor/libsodium/src/libsodium/include/sodium/crypto_box.h CHANGED

@@ -32,22 +32,10 @@ size_t  crypto_box_publickeybytes(void);
 SODIUM_EXPORT
 size_t  crypto_box_secretkeybytes(void);
-#define crypto_box_BEFORENMBYTES crypto_box_curve25519xsalsa20poly1305_BEFORENMBYTES
-SODIUM_EXPORT
-size_t  crypto_box_beforenmbytes(void);
 #define crypto_box_NONCEBYTES crypto_box_curve25519xsalsa20poly1305_NONCEBYTES
 SODIUM_EXPORT
 size_t  crypto_box_noncebytes(void);
-#define crypto_box_ZEROBYTES crypto_box_curve25519xsalsa20poly1305_ZEROBYTES
-SODIUM_EXPORT
-size_t  crypto_box_zerobytes(void);
-#define crypto_box_BOXZEROBYTES crypto_box_curve25519xsalsa20poly1305_BOXZEROBYTES
-SODIUM_EXPORT
-size_t  crypto_box_boxzerobytes(void);
 #define crypto_box_MACBYTES crypto_box_curve25519xsalsa20poly1305_MACBYTES
 SODIUM_EXPORT
 size_t  crypto_box_macbytes(void);
@@ -63,30 +51,6 @@ int crypto_box_seed_keypair(unsigned char *pk, unsigned char *sk,
 SODIUM_EXPORT
 int crypto_box_keypair(unsigned char *pk, unsigned char *sk);
-SODIUM_EXPORT
-int crypto_box_beforenm(unsigned char *k, const unsigned char *pk,
-                        const unsigned char *sk);
-SODIUM_EXPORT
-int crypto_box_afternm(unsigned char *c, const unsigned char *m,
-                       unsigned long long mlen, const unsigned char *n,
-                       const unsigned char *k);
-SODIUM_EXPORT
-int crypto_box_open_afternm(unsigned char *m, const unsigned char *c,
-                            unsigned long long clen, const unsigned char *n,
-                            const unsigned char *k);
-SODIUM_EXPORT
-int crypto_box(unsigned char *c, const unsigned char *m,
-               unsigned long long mlen, const unsigned char *n,
-               const unsigned char *pk, const unsigned char *sk);
-SODIUM_EXPORT
-int crypto_box_open(unsigned char *m, const unsigned char *c,
-                    unsigned long long clen, const unsigned char *n,
-                    const unsigned char *pk, const unsigned char *sk);
 SODIUM_EXPORT
 int crypto_box_easy(unsigned char *c, const unsigned char *m,
                     unsigned long long mlen, const unsigned char *n,
@@ -110,6 +74,67 @@ int crypto_box_open_detached(unsigned char *m, const unsigned char *c,
                              const unsigned char *n,
                              const unsigned char *pk,
                              const unsigned char *sk);
+/* -- Precomputation interface -- */
+#define crypto_box_BEFORENMBYTES crypto_box_curve25519xsalsa20poly1305_BEFORENMBYTES
+SODIUM_EXPORT
+size_t  crypto_box_beforenmbytes(void);
+SODIUM_EXPORT
+int crypto_box_beforenm(unsigned char *k, const unsigned char *pk,
+                        const unsigned char *sk);
+SODIUM_EXPORT
+int crypto_box_easy_afternm(unsigned char *c, const unsigned char *m,
+                            unsigned long long mlen, const unsigned char *n,
+                            const unsigned char *k);
+SODIUM_EXPORT
+int crypto_box_open_easy_afternm(unsigned char *m, const unsigned char *c,
+                                 unsigned long long clen, const unsigned char *n,
+                                 const unsigned char *k);
+SODIUM_EXPORT
+int crypto_box_detached_afternm(unsigned char *c, unsigned char *mac,
+                                const unsigned char *m, unsigned long long mlen,
+                                const unsigned char *n, const unsigned char *k);
+SODIUM_EXPORT
+int crypto_box_open_detached_afternm(unsigned char *m, const unsigned char *c,
+                                     const unsigned char *mac,
+                                     unsigned long long clen, const unsigned char *n,
+                                     const unsigned char *k);
+/* -- NaCl compatibility interface ; Requires padding -- */
+#define crypto_box_ZEROBYTES crypto_box_curve25519xsalsa20poly1305_ZEROBYTES
+SODIUM_EXPORT
+size_t  crypto_box_zerobytes(void);
+#define crypto_box_BOXZEROBYTES crypto_box_curve25519xsalsa20poly1305_BOXZEROBYTES
+SODIUM_EXPORT
+size_t  crypto_box_boxzerobytes(void);
+SODIUM_EXPORT
+int crypto_box(unsigned char *c, const unsigned char *m,
+               unsigned long long mlen, const unsigned char *n,
+               const unsigned char *pk, const unsigned char *sk);
+SODIUM_EXPORT
+int crypto_box_open(unsigned char *m, const unsigned char *c,
+                    unsigned long long clen, const unsigned char *n,
+                    const unsigned char *pk, const unsigned char *sk);
+SODIUM_EXPORT
+int crypto_box_afternm(unsigned char *c, const unsigned char *m,
+                       unsigned long long mlen, const unsigned char *n,
+                       const unsigned char *k);
+SODIUM_EXPORT
+int crypto_box_open_afternm(unsigned char *m, const unsigned char *c,
+                            unsigned long long clen, const unsigned char *n,
+                            const unsigned char *k);
 #ifdef __cplusplus
 }
 #endif

data/vendor/libsodium/src/libsodium/include/sodium/crypto_pwhash_scryptsalsa208sha256.h CHANGED

@@ -72,14 +72,4 @@ int crypto_pwhash_scryptsalsa208sha256_ll(const uint8_t * passwd, size_t passwdl
 }
 #endif
-/* Backward compatibility with version 0.5.0 */
-#define crypto_pwhash_scryptxsalsa208sha256_SALTBYTES crypto_pwhash_scryptsalsa208sha256_SALTBYTES
-#define crypto_pwhash_scryptxsalsa208sha256_saltbytes crypto_pwhash_scryptsalsa208sha256_saltbytes
-#define crypto_pwhash_scryptxsalsa208sha256_STRBYTES crypto_pwhash_scryptsalsa208sha256_STRBYTES
-#define crypto_pwhash_scryptxsalsa208sha256_strbytes crypto_pwhash_scryptsalsa208sha256_strbytes
-#define crypto_pwhash_scryptxsalsa208sha256 crypto_pwhash_scryptsalsa208sha256
-#define crypto_pwhash_scryptxsalsa208sha256_str crypto_pwhash_scryptsalsa208sha256_str
-#define crypto_pwhash_scryptxsalsa208sha256_str_verify crypto_pwhash_scryptsalsa208sha256_str_verify
 #endif

data/vendor/libsodium/src/libsodium/include/sodium/crypto_secretbox.h CHANGED

@@ -21,14 +21,6 @@ size_t  crypto_secretbox_keybytes(void);
 SODIUM_EXPORT
 size_t  crypto_secretbox_noncebytes(void);
-#define crypto_secretbox_ZEROBYTES crypto_secretbox_xsalsa20poly1305_ZEROBYTES
-SODIUM_EXPORT
-size_t  crypto_secretbox_zerobytes(void);
-#define crypto_secretbox_BOXZEROBYTES crypto_secretbox_xsalsa20poly1305_BOXZEROBYTES
-SODIUM_EXPORT
-size_t  crypto_secretbox_boxzerobytes(void);
 #define crypto_secretbox_MACBYTES crypto_secretbox_xsalsa20poly1305_MACBYTES
 SODIUM_EXPORT
 size_t  crypto_secretbox_macbytes(void);
@@ -37,16 +29,6 @@ size_t  crypto_secretbox_macbytes(void);
 SODIUM_EXPORT
 const char *crypto_secretbox_primitive(void);
-SODIUM_EXPORT
-int crypto_secretbox(unsigned char *c, const unsigned char *m,
-                     unsigned long long mlen, const unsigned char *n,
-                     const unsigned char *k);
-SODIUM_EXPORT
-int crypto_secretbox_open(unsigned char *m, const unsigned char *c,
-                          unsigned long long clen, const unsigned char *n,
-                          const unsigned char *k);
 SODIUM_EXPORT
 int crypto_secretbox_easy(unsigned char *c, const unsigned char *m,
                           unsigned long long mlen, const unsigned char *n,
@@ -71,6 +53,26 @@ int crypto_secretbox_open_detached(unsigned char *m,
                                    unsigned long long clen,
                                    const unsigned char *n,
                                    const unsigned char *k);
+/* -- NaCl compatibility interface ; Requires padding -- */
+#define crypto_secretbox_ZEROBYTES crypto_secretbox_xsalsa20poly1305_ZEROBYTES
+SODIUM_EXPORT
+size_t  crypto_secretbox_zerobytes(void);
+#define crypto_secretbox_BOXZEROBYTES crypto_secretbox_xsalsa20poly1305_BOXZEROBYTES
+SODIUM_EXPORT
+size_t  crypto_secretbox_boxzerobytes(void);
+SODIUM_EXPORT
+int crypto_secretbox(unsigned char *c, const unsigned char *m,
+                     unsigned long long mlen, const unsigned char *n,
+                     const unsigned char *k);
+SODIUM_EXPORT
+int crypto_secretbox_open(unsigned char *m, const unsigned char *c,
+                          unsigned long long clen, const unsigned char *n,
+                          const unsigned char *k);
 #ifdef __cplusplus
 }
 #endif

data/vendor/libsodium/src/libsodium/include/sodium/crypto_sign.h CHANGED

@@ -48,17 +48,17 @@ SODIUM_EXPORT
 int crypto_sign_keypair(unsigned char *pk, unsigned char *sk);
 SODIUM_EXPORT
-int crypto_sign(unsigned char *sm, unsigned long long *smlen,
+int crypto_sign(unsigned char *sm, unsigned long long *smlen_p,
                 const unsigned char *m, unsigned long long mlen,
                 const unsigned char *sk);
 SODIUM_EXPORT
-int crypto_sign_open(unsigned char *m, unsigned long long *mlen,
+int crypto_sign_open(unsigned char *m, unsigned long long *mlen_p,
                      const unsigned char *sm, unsigned long long smlen,
                      const unsigned char *pk);
 SODIUM_EXPORT
-int crypto_sign_detached(unsigned char *sig, unsigned long long *siglen,
+int crypto_sign_detached(unsigned char *sig, unsigned long long *siglen_p,
                          const unsigned char *m, unsigned long long mlen,
                          const unsigned char *sk);

data/vendor/libsodium/src/libsodium/include/sodium/crypto_sign_ed25519.h CHANGED

@@ -28,18 +28,18 @@ SODIUM_EXPORT
 size_t crypto_sign_ed25519_secretkeybytes(void);
 SODIUM_EXPORT
-int crypto_sign_ed25519(unsigned char *sm, unsigned long long *smlen,
+int crypto_sign_ed25519(unsigned char *sm, unsigned long long *smlen_p,
                         const unsigned char *m, unsigned long long mlen,
                         const unsigned char *sk);
 SODIUM_EXPORT
-int crypto_sign_ed25519_open(unsigned char *m, unsigned long long *mlen,
+int crypto_sign_ed25519_open(unsigned char *m, unsigned long long *mlen_p,
                              const unsigned char *sm, unsigned long long smlen,
                              const unsigned char *pk);
 SODIUM_EXPORT
 int crypto_sign_ed25519_detached(unsigned char *sig,
-                                 unsigned long long *siglen,
+                                 unsigned long long *siglen_p,
                                  const unsigned char *m,
                                  unsigned long long mlen,
                                  const unsigned char *sk);

data/vendor/libsodium/src/libsodium/include/sodium/crypto_sign_edwards25519sha512batch.h CHANGED

@@ -36,14 +36,14 @@ size_t crypto_sign_edwards25519sha512batch_secretkeybytes(void);
 SODIUM_EXPORT
 int crypto_sign_edwards25519sha512batch(unsigned char *sm,
-                                        unsigned long long *smlen,
+                                        unsigned long long *smlen_p,
                                         const unsigned char *m,
                                         unsigned long long mlen,
                                         const unsigned char *sk);
 SODIUM_EXPORT
 int crypto_sign_edwards25519sha512batch_open(unsigned char *m,
-                                             unsigned long long *mlen,
+                                             unsigned long long *mlen_p,
                                              const unsigned char *sm,
                                              unsigned long long smlen,
                                              const unsigned char *pk);

data/vendor/libsodium/src/libsodium/include/sodium/randombytes.h CHANGED

@@ -46,7 +46,7 @@ int randombytes_set_implementation(randombytes_implementation *impl);
 SODIUM_EXPORT
 const char *randombytes_implementation_name(void);
-/* -- Compatibility layer with NaCl -- */
+/* -- NaCl compatibility interface -- */
 SODIUM_EXPORT
 void randombytes(unsigned char * const buf, const unsigned long long buf_len);

data/vendor/libsodium/src/libsodium/include/sodium/utils.h CHANGED

@@ -65,9 +65,16 @@ int sodium_munlock(void * const addr, const size_t len);
  * - The returned address will not be aligned if the allocation size is not
  *   a multiple of the required alignment. For this reason, these functions
  *   are designed to store data, such as secret keys and messages.
- *   They should not be used to store pointers mixed with other types
- *   in portable code unless extreme care is taken to ensure correct
- *   pointers alignment.
+ *
+ * sodium_malloc() can be used to allocate any libsodium data structure,
+ * with the exception of crypto_generichash_state.
+ *
+ * The crypto_generichash_state structure is packed and its length is
+ * either 357 or 361 bytes. For this reason, when using sodium_malloc() to
+ * allocate a crypto_generichash_state structure, padding must be added in
+ * order to ensure proper alignment:
+ * state = sodium_malloc((sizeof(crypto_generichash_state)
+ *                            + (size_t) 63U) & ~(size_t) 63U);
  */
 SODIUM_EXPORT

data/vendor/libsodium/src/libsodium/randombytes/salsa20/randombytes_salsa20_random.c CHANGED

@@ -94,7 +94,7 @@ safe_read(const int fd, void * const buf_, size_t count)
     assert(count > (size_t) 0U);
     do {
         while ((readnb = read(fd, buf, count)) < (ssize_t) 0 &&
-               errno == EINTR);  /* LCOV_EXCL_LINE */
+               (errno == EINTR || errno == EAGAIN));  /* LCOV_EXCL_LINE */
         if (readnb < (ssize_t) 0) {
             return readnb; /* LCOV_EXCL_LINE */
         }
@@ -125,15 +125,22 @@ randombytes_salsa20_random_random_dev_open(void)
     int               fd;
     do {
-        if ((fd = open(*device, O_RDONLY)) != -1) {
+        fd = open(*device, O_RDONLY);
+        if (fd != -1) {
             if (fstat(fd, &st) == 0 && S_ISCHR(st.st_mode)) {
+# if defined(F_SETFD) && defined(FD_CLOEXEC)
+                (void) fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | FD_CLOEXEC);
+# endif
                 return fd;
             }
             (void) close(fd);
+        } else if (errno == EINTR) {
+            continue;
         }
         device++;
     } while (*device != NULL);
+    errno = EIO;
     return -1;
 /* LCOV_EXCL_STOP */
 }

data/vendor/libsodium/src/libsodium/randombytes/sysrandom/randombytes_sysrandom.c CHANGED

@@ -83,7 +83,7 @@ safe_read(const int fd, void * const buf_, size_t count)
     assert(count > (size_t) 0U);
     do {
         while ((readnb = read(fd, buf, count)) < (ssize_t) 0 &&
-               errno == EINTR); /* LCOV_EXCL_LINE */
+               (errno == EINTR || errno == EAGAIN)); /* LCOV_EXCL_LINE */
         if (readnb < (ssize_t) 0) {
             return readnb; /* LCOV_EXCL_LINE */
         }
@@ -114,15 +114,22 @@ randombytes_sysrandom_random_dev_open(void)
     int                fd;
     do {
-        if ((fd = open(*device, O_RDONLY)) != -1) {
+        fd = open(*device, O_RDONLY);
+        if (fd != -1) {
             if (fstat(fd, &st) == 0 && S_ISCHR(st.st_mode)) {
+# if defined(F_SETFD) && defined(FD_CLOEXEC)
+                (void) fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | FD_CLOEXEC);
+# endif
                 return fd;
             }
             (void) close(fd);
+        } else if (errno == EINTR) {
+            continue;
         }
         device++;
     } while (*device != NULL);
+    errno = EIO;
     return -1;
 /* LCOV_EXCL_STOP */
 }

data/vendor/libsodium/src/libsodium/sodium/utils.c CHANGED

@@ -32,7 +32,7 @@
 #if !defined(MAP_ANON) && defined(MAP_ANONYMOUS)
 # define MAP_ANON MAP_ANONYMOUS
 #endif
-#if defined(_WIN32) || defined(MAP_ANON) || defined(HAVE_POSIX_MEMALIGN)
+#if defined(_WIN32) || (defined(MAP_ANON) && defined(HAVE_MMAP)) || defined(HAVE_POSIX_MEMALIGN)
 # define HAVE_ALIGNED_MALLOC
 #endif
 #if defined(HAVE_MPROTECT) && !(defined(PROT_NONE) && defined(PROT_READ) && defined(PROT_WRITE))
@@ -172,10 +172,33 @@ sodium_hex2bin(unsigned char * const bin, const size_t bin_maxlen,
     return ret;
 }
+int
+_sodium_alloc_init(void)
+{
+#ifdef HAVE_ALIGNED_MALLOC
+# if defined(_SC_PAGESIZE)
+    long page_size_ = sysconf(_SC_PAGESIZE);
+    if (page_size_ > 0L) {
+        page_size = (size_t) page_size_;
+    }
+# elif defined(_WIN32)
+    SYSTEM_INFO si;
+    GetSystemInfo(&si);
+    page_size = (size_t) si.dwPageSize;
+# endif
+    if (page_size < CANARY_SIZE || page_size < sizeof(size_t)) {
+        abort(); /* LCOV_EXCL_LINE */
+    }
+#endif
+    randombytes_buf(canary, sizeof canary);
+    return 0;
+}
 int
 sodium_mlock(void * const addr, const size_t len)
 {
-#ifdef MADV_DONTDUMP
+#if defined(MADV_DONTDUMP) && defined(HAVE_MADVISE)
     (void) madvise(addr, len, MADV_DONTDUMP);
 #endif
 #ifdef HAVE_MLOCK
@@ -192,7 +215,7 @@ int
 sodium_munlock(void * const addr, const size_t len)
 {
     sodium_memzero(addr, len);
-#ifdef MADV_DODUMP
+#if defined(MADV_DODUMP) && defined(HAVE_MADVISE)
     (void) madvise(addr, len, MADV_DODUMP);
 #endif
 #ifdef HAVE_MLOCK
@@ -205,45 +228,14 @@ sodium_munlock(void * const addr, const size_t len)
 #endif
 }
-int
-_sodium_alloc_init(void)
-{
-#if defined(_SC_PAGESIZE)
-    long page_size_ = sysconf(_SC_PAGESIZE);
-    if (page_size_ > 0L) {
-        page_size = (size_t) page_size_;
-    }
-#elif defined(_WIN32)
-    SYSTEM_INFO si;
-    GetSystemInfo(&si);
-    page_size = (size_t) si.dwPageSize;
-#endif
-    if (page_size < CANARY_SIZE) {
-        abort(); /* LCOV_EXCL_LINE */
-    }
-    randombytes_buf(canary, sizeof canary);
-    return 0;
-}
-static inline size_t
-_page_round(const size_t size)
-{
-    const size_t page_mask = page_size - 1U;
-    return (size + page_mask) & ~page_mask;
-}
 static int
 _mprotect_noaccess(void *ptr, size_t size)
 {
-#if defined(HAVE_MPROTECT) && defined(HAVE_PAGE_PROTECTION)
+#ifdef HAVE_MPROTECT
     return mprotect(ptr, size, PROT_NONE);
 #elif defined(_WIN32)
-    {
-        DWORD old;
-        return -(VirtualProtect(ptr, size, PAGE_NOACCESS, &old) == 0);
-    }
+    DWORD old;
+    return -(VirtualProtect(ptr, size, PAGE_NOACCESS, &old) == 0);
 #else
     errno = ENOSYS;
     return -1;
@@ -253,13 +245,11 @@ _mprotect_noaccess(void *ptr, size_t size)
 static int
 _mprotect_readonly(void *ptr, size_t size)
 {
-#if defined(HAVE_MPROTECT) && defined(HAVE_PAGE_PROTECTION)
+#ifdef HAVE_MPROTECT
     return mprotect(ptr, size, PROT_READ);
 #elif defined(_WIN32)
-    {
-        DWORD old;
-        return -(VirtualProtect(ptr, size, PAGE_READONLY, &old) == 0);
-    }
+    DWORD old;
+    return -(VirtualProtect(ptr, size, PAGE_READONLY, &old) == 0);
 #else
     errno = ENOSYS;
     return -1;
@@ -269,66 +259,72 @@ _mprotect_readonly(void *ptr, size_t size)
 static int
 _mprotect_readwrite(void *ptr, size_t size)
 {
-#if defined(HAVE_MPROTECT) && defined(HAVE_PAGE_PROTECTION)
+#ifdef HAVE_MPROTECT
     return mprotect(ptr, size, PROT_READ | PROT_WRITE);
 #elif defined(_WIN32)
-    {
-        DWORD old;
-        return -(VirtualProtect(ptr, size, PAGE_READWRITE, &old) == 0);
-    }
+    DWORD old;
+    return -(VirtualProtect(ptr, size, PAGE_READWRITE, &old) == 0);
 #else
     errno = ENOSYS;
     return -1;
 #endif
 }
+#ifdef HAVE_ALIGNED_MALLOC
 static void
 _out_of_bounds(void)
 {
-#ifdef SIGSEGV
+# ifdef SIGSEGV
     raise(SIGSEGV);
-#elif defined(SIGKILL)
+# elif defined(SIGKILL)
     raise(SIGKILL);
-#endif
+# endif
     abort();
-}  /* LCOV_EXCL_LINE */
+} /* LCOV_EXCL_LINE */
+static inline size_t
+_page_round(const size_t size)
+{
+    const size_t page_mask = page_size - 1U;
+    return (size + page_mask) & ~page_mask;
+}
 static __attribute__((malloc)) unsigned char *
 _alloc_aligned(const size_t size)
 {
     void *ptr;
-#ifdef MAP_ANON
+# if defined(MAP_ANON) && defined(HAVE_MMAP)
     if ((ptr = mmap(NULL, size, PROT_READ | PROT_WRITE,
                     MAP_ANON | MAP_PRIVATE | MAP_NOCORE, -1, 0)) == MAP_FAILED) {
         ptr = NULL; /* LCOV_EXCL_LINE */
     } /* LCOV_EXCL_LINE */
-#elif defined(HAVE_POSIX_MEMALIGN)
+# elif defined(HAVE_POSIX_MEMALIGN)
     if (posix_memalign(&ptr, page_size, size) != 0) {
         ptr = NULL; /* LCOV_EXCL_LINE */
     } /* LCOV_EXCL_LINE */
-#elif defined(_WIN32)
+# elif defined(_WIN32)
     ptr = VirtualAlloc(NULL, size, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
-#elif !defined(HAVE_ALIGNED_MALLOC)
-    ptr = malloc(size);
-#else
-# error Bug
-#endif
+# else
+#  error Bug
+# endif
     return (unsigned char *) ptr;
 }
 static void
 _free_aligned(unsigned char * const ptr, const size_t size)
 {
-#ifdef MAP_ANON
+# if defined(MAP_ANON) && defined(HAVE_MMAP)
     (void) munmap(ptr, size);
-#elif defined(HAVE_POSIX_MEMALIGN)
+# elif defined(HAVE_POSIX_MEMALIGN)
     free(ptr);
-#elif defined(_WIN32)
+# elif defined(_WIN32)
     VirtualFree(ptr, 0U, MEM_RELEASE);
-#else
-    free(ptr);
-#endif
+# else
+#  error Bug
+# endif
 }
 static unsigned char *
@@ -347,6 +343,15 @@ _unprotected_ptr_from_user_ptr(const void *ptr)
     return (unsigned char *) unprotected_ptr_u;
 }
+#endif /* HAVE_ALIGNED_MALLOC */
+#ifndef HAVE_ALIGNED_MALLOC
+static __attribute__((malloc)) void *
+_sodium_malloc(const size_t size)
+{
+    return malloc(size);
+}
+#else
 static __attribute__((malloc)) void *
 _sodium_malloc(const size_t size)
 {
@@ -373,9 +378,9 @@ _sodium_malloc(const size_t size)
     }
     unprotected_ptr = base_ptr + page_size * 2U;
     _mprotect_noaccess(base_ptr + page_size, page_size);
-#ifndef HAVE_PAGE_PROTECTION
+# ifndef HAVE_PAGE_PROTECTION
     memcpy(unprotected_ptr + unprotected_size, canary, sizeof canary);
-#endif
+# endif
     _mprotect_noaccess(unprotected_ptr + unprotected_size, page_size);
     sodium_mlock(unprotected_ptr, unprotected_size);
     canary_ptr = unprotected_ptr + _page_round(size_with_canary) -
@@ -388,6 +393,7 @@ _sodium_malloc(const size_t size)
     return user_ptr;
 }
+#endif /* !HAVE_ALIGNED_MALLOC */
 __attribute__((malloc)) void *
 sodium_malloc(const size_t size)
@@ -416,6 +422,13 @@ sodium_allocarray(size_t count, size_t size)
     return sodium_malloc(total_size);
 }
+#ifndef HAVE_ALIGNED_MALLOC
+void
+sodium_free(void *ptr)
+{
+    free(ptr);
+}
+#else
 void
 sodium_free(void *ptr)
 {
@@ -429,24 +442,35 @@ sodium_free(void *ptr)
         return;
     }
     canary_ptr = ((unsigned char *) ptr) - sizeof canary;
-    if (sodium_memcmp(canary_ptr, canary, sizeof canary) != 0) {
-        _out_of_bounds();
-    }
     unprotected_ptr = _unprotected_ptr_from_user_ptr(ptr);
     base_ptr = unprotected_ptr - page_size * 2U;
     memcpy(&unprotected_size, base_ptr, sizeof unprotected_size);
     total_size = page_size + page_size + unprotected_size + page_size;
     _mprotect_readwrite(base_ptr, total_size);
-#ifndef HAVE_PAGE_PROTECTION
+    if (sodium_memcmp(canary_ptr, canary, sizeof canary) != 0) {
+        _out_of_bounds();
+    }
+# ifndef HAVE_PAGE_PROTECTION
     if (sodium_memcmp(unprotected_ptr + unprotected_size,
                       canary, sizeof canary) != 0) {
         _out_of_bounds();
     }
-#endif
+# endif
     sodium_munlock(unprotected_ptr, unprotected_size);
     _free_aligned(base_ptr, total_size);
 }
+#endif /* HAVE_ALIGNED_MALLOC */
+#ifndef HAVE_PAGE_PROTECTION
+static int
+_sodium_mprotect(void *ptr, int (*cb)(void *ptr, size_t size))
+{
+    (void) ptr;
+    (void) cb;
+    errno = ENOSYS;
+    return -1;
+}
+#else
 static int
 _sodium_mprotect(void *ptr, int (*cb)(void *ptr, size_t size))
 {
@@ -460,6 +484,7 @@ _sodium_mprotect(void *ptr, int (*cb)(void *ptr, size_t size))
     return cb(unprotected_ptr, unprotected_size);
 }
+#endif
 int
 sodium_mprotect_noaccess(void *ptr)