rbnacl-libsodium 1.0.7 → 1.0.8

data/vendor/libsodium/test/default/box7.c

@@ -7,20 +7,24 @@ static unsigned char alicepk[crypto_box_PUBLICKEYBYTES];
 static unsigned char bobsk[crypto_box_SECRETKEYBYTES];
 static unsigned char bobpk[crypto_box_PUBLICKEYBYTES];
 static unsigned char n[crypto_box_NONCEBYTES];
-static unsigned char m[10000];
-static unsigned char c[10000];
-static unsigned char m2[10000];
 
 int main(void)
 {
-    size_t mlen;
-    size_t i;
-    int    ret;
+    unsigned char *m;
+    unsigned char *c;
+    unsigned char *m2;
+    size_t         mlen;
+    size_t         mlen_max = 1000;
+    size_t         i;
+    int            ret;
 
-    for (mlen = 0; mlen < 1000 && mlen + crypto_box_ZEROBYTES < sizeof m;
-         ++mlen) {
-        crypto_box_keypair(alicepk, alicesk);
-        crypto_box_keypair(bobpk, bobsk);
+    m = (unsigned char *) sodium_malloc(mlen_max);
+    c = (unsigned char *) sodium_malloc(mlen_max);
+    m2 = (unsigned char *) sodium_malloc(mlen_max);
+    memset(m, 0, crypto_box_ZEROBYTES);
+    crypto_box_keypair(alicepk, alicesk);
+    crypto_box_keypair(bobpk, bobsk);
+    for (mlen = 0; mlen + crypto_box_ZEROBYTES <= mlen_max; mlen++) {
         randombytes_buf(n, crypto_box_NONCEBYTES);
         randombytes_buf(m + crypto_box_ZEROBYTES, mlen);
         ret = crypto_box(c, m, mlen + crypto_box_ZEROBYTES, n, bobpk, alicesk);
@@ -37,5 +41,9 @@ int main(void)
             printf("ciphertext fails verification\n");
         }
     }
+    sodium_free(m);
+    sodium_free(c);
+    sodium_free(m2);
+
     return 0;
 }

data/vendor/libsodium/test/default/box8.c

@@ -14,7 +14,7 @@ int main(void)
     unsigned char *c;
     unsigned char *m2;
     size_t         mlen;
-    size_t         mlen_max = 600;
+    size_t         mlen_max = 1000;
     size_t         i;
     int            faults;
     int            ret;

data/vendor/libsodium/test/default/box_easy2.c

@@ -2,6 +2,11 @@
 #define TEST_NAME "box_easy2"
 #include "cmptest.h"
 
+static const unsigned char small_order_p[crypto_box_PUBLICKEYBYTES]
+    = { 0xe0, 0xeb, 0x7a, 0x7c, 0x3b, 0x41, 0xb8, 0xae, 0x16, 0x56, 0xe3,
+        0xfa, 0xf1, 0x9f, 0xc4, 0x6a, 0xda, 0x09, 0x8d, 0xeb, 0x9c, 0x32,
+        0xb1, 0xfd, 0x86, 0x62, 0x05, 0x16, 0x5f, 0x49, 0xb8, 0x00 };
+
 int main(void)
 {
     unsigned char *alicepk;
@@ -68,6 +73,11 @@ int main(void)
         printf("crypto_box_open_easy() failed\n");
     }
 
+    ret = crypto_box_beforenm(k1, small_order_p, bobsk);
+    assert(ret == -1);
+    ret = crypto_box_beforenm(k2, small_order_p, alicesk);
+    assert(ret == -1);
+
     ret = crypto_box_beforenm(k1, alicepk, bobsk);
     assert(ret == 0);
     ret = crypto_box_beforenm(k2, bobpk, alicesk);
@@ -90,6 +100,9 @@ int main(void)
         printf("crypto_box_open_easy_afternm() with a huge ciphertext should have failed\n");
     }
     memset(m2, 0, m2_size);
+    ret = crypto_box_detached(c, mac, m, (unsigned long long) mlen,
+                              nonce, small_order_p, bobsk);
+    assert(ret == -1);
     ret = crypto_box_detached(c, mac, m, (unsigned long long) mlen,
                               nonce, alicepk, bobsk);
     assert(ret == 0);

data/vendor/libsodium/test/default/onetimeauth.c

@@ -38,6 +38,7 @@ int main(void)
     memset(a, 0, sizeof a);
     crypto_onetimeauth_init(&st, rs);
     crypto_onetimeauth_update(&st, c, 100);
+    crypto_onetimeauth_update(&st, c, 0);
     crypto_onetimeauth_update(&st, c + 100, 31);
     crypto_onetimeauth_final(&st, a);
     for (i = 0; i < 16; ++i) {

data/vendor/libsodium/test/default/pwhash_scrypt_ll.c

@@ -41,8 +41,8 @@ static void test_vector(const char *password, const char *salt, uint64_t N,
         return;
     }
 
-    printf("scrypt('%s', '%s', %llu, %lu, %lu, %lu) =\n", password, salt,
-           (unsigned long long)N, (unsigned long)r, (unsigned long)p,
+    printf("scrypt('%s', '%s', %lu, %lu, %lu, %lu) =\n", password, salt,
+           (unsigned long)N, (unsigned long)r, (unsigned long)p,
            (unsigned long)olen);
 
     for (i = 0; i < olen; ++i) {

data/vendor/libsodium/test/default/verify1.c

@@ -21,7 +21,7 @@ int main(void)
     v32x = (unsigned char *) sodium_malloc(32);
     v64 = (unsigned char *) sodium_malloc(64);
     v64x = (unsigned char *) sodium_malloc(64);
-    for (i = 0; i < 100000; i++) {
+    for (i = 0; i < 10000; i++) {
         randombytes_buf(v16, 16);
         randombytes_buf(v32, 32);
         randombytes_buf(v64, 64);

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rbnacl-libsodium
 version: !ruby/object:Gem::Version
-  version: 1.0.7
+  version: 1.0.8
 platform: ruby
 authors:
 - Artiom Di
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-12-08 00:00:00.000000000 Z
+date: 2015-12-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rbnacl
@@ -263,6 +263,10 @@ files:
 - vendor/libsodium/src/libsodium/crypto_box/curve25519xsalsa20poly1305/ref/before_curve25519xsalsa20poly1305.c
 - vendor/libsodium/src/libsodium/crypto_box/curve25519xsalsa20poly1305/ref/box_curve25519xsalsa20poly1305.c
 - vendor/libsodium/src/libsodium/crypto_box/curve25519xsalsa20poly1305/ref/keypair_curve25519xsalsa20poly1305.c
+- vendor/libsodium/src/libsodium/crypto_core/curve25519/ref10/base.h
+- vendor/libsodium/src/libsodium/crypto_core/curve25519/ref10/base2.h
+- vendor/libsodium/src/libsodium/crypto_core/curve25519/ref10/curve25519_ref10.c
+- vendor/libsodium/src/libsodium/crypto_core/curve25519/ref10/curve25519_ref10.h
 - vendor/libsodium/src/libsodium/crypto_core/hsalsa20/core_hsalsa20_api.c
 - vendor/libsodium/src/libsodium/crypto_core/hsalsa20/ref2/core_hsalsa20.c
 - vendor/libsodium/src/libsodium/crypto_core/salsa20/core_salsa20_api.c
@@ -309,23 +313,8 @@ files:
 - vendor/libsodium/src/libsodium/crypto_scalarmult/crypto_scalarmult.c
 - vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/donna_c64/curve25519_donna_c64.c
 - vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/donna_c64/curve25519_donna_c64.h
-- vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/ref10/curve25519_ref10.c
-- vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/ref10/curve25519_ref10.h
-- vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/ref10/fe.h
-- vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/ref10/fe_0_curve25519_ref10.c
-- vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/ref10/fe_1_curve25519_ref10.c
-- vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/ref10/fe_add_curve25519_ref10.c
-- vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/ref10/fe_copy_curve25519_ref10.c
-- vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/ref10/fe_cswap_curve25519_ref10.c
-- vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/ref10/fe_frombytes_curve25519_ref10.c
-- vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/ref10/fe_invert_curve25519_ref10.c
-- vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/ref10/fe_mul121666_curve25519_ref10.c
-- vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/ref10/fe_mul_curve25519_ref10.c
-- vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/ref10/fe_sq_curve25519_ref10.c
-- vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/ref10/fe_sub_curve25519_ref10.c
-- vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/ref10/fe_tobytes_curve25519_ref10.c
-- vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/ref10/montgomery.h
-- vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/ref10/pow225521.h
+- vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/ref10/x25519_ref10.c
+- vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/ref10/x25519_ref10.h
 - vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/sandy2x/consts.S
 - vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/sandy2x/consts_namespace.h
 - vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/sandy2x/curve25519_sandy2x.c
@@ -356,61 +345,10 @@ files:
 - vendor/libsodium/src/libsodium/crypto_shorthash/siphash24/shorthash_siphash24_api.c
 - vendor/libsodium/src/libsodium/crypto_sign/crypto_sign.c
 - vendor/libsodium/src/libsodium/crypto_sign/ed25519/description
-- vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/base.h
-- vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/base2.h
-- vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/d.h
-- vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/d2.h
-- vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/fe.h
-- vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/fe_0.c
-- vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/fe_1.c
-- vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/fe_add.c
-- vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/fe_cmov.c
-- vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/fe_copy.c
-- vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/fe_frombytes.c
-- vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/fe_invert.c
-- vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/fe_isnegative.c
-- vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/fe_isnonzero.c
-- vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/fe_mul.c
-- vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/fe_neg.c
-- vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/fe_pow22523.c
-- vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/fe_sq.c
-- vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/fe_sq2.c
-- vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/fe_sub.c
-- vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/fe_tobytes.c
-- vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/ge.h
-- vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/ge_add.c
-- vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/ge_add.h
-- vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/ge_double_scalarmult.c
-- vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/ge_frombytes.c
-- vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/ge_madd.c
-- vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/ge_madd.h
-- vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/ge_msub.c
-- vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/ge_msub.h
-- vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/ge_p1p1_to_p2.c
-- vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/ge_p1p1_to_p3.c
-- vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/ge_p2_0.c
-- vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/ge_p2_dbl.c
-- vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/ge_p2_dbl.h
-- vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/ge_p3_0.c
-- vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/ge_p3_dbl.c
-- vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/ge_p3_to_cached.c
-- vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/ge_p3_to_p2.c
-- vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/ge_p3_tobytes.c
-- vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/ge_precomp_0.c
-- vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/ge_scalarmult_base.c
-- vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/ge_sub.c
-- vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/ge_sub.h
-- vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/ge_tobytes.c
 - vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/keypair.c
 - vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/obsolete.c
 - vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/open.c
-- vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/pow22523.h
-- vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/pow225521.h
-- vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/sc.h
-- vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/sc_muladd.c
-- vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/sc_reduce.c
 - vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/sign.c
-- vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/sqrtm1.h
 - vendor/libsodium/src/libsodium/crypto_sign/ed25519/sign_ed25519_api.c
 - vendor/libsodium/src/libsodium/crypto_stream/aes128ctr/portable/afternm_aes128ctr.c
 - vendor/libsodium/src/libsodium/crypto_stream/aes128ctr/portable/beforenm_aes128ctr.c
@@ -663,7 +601,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.4.8
+rubygems_version: 2.5.1
 signing_key: 
 specification_version: 4
 summary: rbnacl with bundled libsodium

data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/ref10/curve25519_ref10.c

@@ -1,73 +0,0 @@
-
-#include <stddef.h>
-
-#ifndef HAVE_TI_MODE
-
-#include "utils.h"
-#include "curve25519_ref10.h"
-#include "../scalarmult_curve25519.h"
-#include "fe.h"
-
-static const unsigned char basepoint[32] = {9};
-
-static int
-crypto_scalarmult_curve25519_ref10(unsigned char *q,
-                                   const unsigned char *n,
-                                   const unsigned char *p)
-{
-  unsigned char e[32];
-  unsigned int i;
-  fe x1;
-  fe x2;
-  fe z2;
-  fe x3;
-  fe z3;
-  fe tmp0;
-  fe tmp1;
-  int pos;
-  unsigned int swap;
-  unsigned int b;
-
-  for (i = 0;i < 32;++i) e[i] = n[i];
-  e[0] &= 248;
-  e[31] &= 127;
-  e[31] |= 64;
-  fe_frombytes(x1,p);
-  fe_1(x2);
-  fe_0(z2);
-  fe_copy(x3,x1);
-  fe_1(z3);
-
-  swap = 0;
-  for (pos = 254;pos >= 0;--pos) {
-    b = e[pos / 8] >> (pos & 7);
-    b &= 1;
-    swap ^= b;
-    fe_cswap(x2,x3,swap);
-    fe_cswap(z2,z3,swap);
-    swap = b;
-#include "montgomery.h"
-  }
-  fe_cswap(x2,x3,swap);
-  fe_cswap(z2,z3,swap);
-
-  fe_invert(z2,z2);
-  fe_mul(x2,x2,z2);
-  fe_tobytes(q,x2);
-  return 0;
-}
-
-static int
-crypto_scalarmult_curve25519_ref10_base(unsigned char *q,
-                                        const unsigned char *n)
-{
-  return crypto_scalarmult_curve25519_ref10(q,n,basepoint);
-}
-
-struct crypto_scalarmult_curve25519_implementation
-crypto_scalarmult_curve25519_ref10_implementation = {
-        SODIUM_C99(.mult = ) crypto_scalarmult_curve25519_ref10,
-        SODIUM_C99(.mult_base = ) crypto_scalarmult_curve25519_ref10_base
-};
-
-#endif

data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/ref10/fe.h

@@ -1,44 +0,0 @@
-#ifndef FE_H
-#define FE_H
-
-#include "crypto_int32.h"
-
-typedef crypto_int32 fe[10];
-
-/*
-fe means field element.
-Here the field is \Z/(2^255-19).
-An element t, entries t[0]...t[9], represents the integer
-t[0]+2^26 t[1]+2^51 t[2]+2^77 t[3]+2^102 t[4]+...+2^230 t[9].
-Bounds on each t[i] vary depending on context.
-*/
-
-#define fe_frombytes crypto_scalarmult_curve25519_ref10_fe_frombytes
-#define fe_tobytes crypto_scalarmult_curve25519_ref10_fe_tobytes
-#define fe_copy crypto_scalarmult_curve25519_ref10_fe_copy
-#define fe_0 crypto_scalarmult_curve25519_ref10_fe_0
-#define fe_1 crypto_scalarmult_curve25519_ref10_fe_1
-#define fe_cswap crypto_scalarmult_curve25519_ref10_fe_cswap
-#define fe_add crypto_scalarmult_curve25519_ref10_fe_add
-#define fe_sub crypto_scalarmult_curve25519_ref10_fe_sub
-#define fe_mul crypto_scalarmult_curve25519_ref10_fe_mul
-#define fe_sq crypto_scalarmult_curve25519_ref10_fe_sq
-#define fe_mul121666 crypto_scalarmult_curve25519_ref10_fe_mul121666
-#define fe_invert crypto_scalarmult_curve25519_ref10_fe_invert
-
-extern void fe_frombytes(fe,const unsigned char *);
-extern void fe_tobytes(unsigned char *,fe);
-
-extern void fe_copy(fe,fe);
-extern void fe_0(fe);
-extern void fe_1(fe);
-extern void fe_cswap(fe,fe,unsigned int);
-
-extern void fe_add(fe,fe,fe);
-extern void fe_sub(fe,fe,fe);
-extern void fe_mul(fe,fe,fe);
-extern void fe_sq(fe,fe);
-extern void fe_mul121666(fe,fe);
-extern void fe_invert(fe,fe);
-
-#endif

data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/ref10/fe_0_curve25519_ref10.c

@@ -1,23 +0,0 @@
-#include "fe.h"
-
-#ifndef HAVE_TI_MODE
-
-/*
-h = 0
-*/
-
-void fe_0(fe h)
-{
-  h[0] = 0;
-  h[1] = 0;
-  h[2] = 0;
-  h[3] = 0;
-  h[4] = 0;
-  h[5] = 0;
-  h[6] = 0;
-  h[7] = 0;
-  h[8] = 0;
-  h[9] = 0;
-}
-
-#endif

data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/ref10/fe_1_curve25519_ref10.c

@@ -1,23 +0,0 @@
-#include "fe.h"
-
-#ifndef HAVE_TI_MODE
-
-/*
-h = 1
-*/
-
-void fe_1(fe h)
-{
-  h[0] = 1;
-  h[1] = 0;
-  h[2] = 0;
-  h[3] = 0;
-  h[4] = 0;
-  h[5] = 0;
-  h[6] = 0;
-  h[7] = 0;
-  h[8] = 0;
-  h[9] = 0;
-}
-
-#endif

data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/ref10/fe_add_curve25519_ref10.c

@@ -1,61 +0,0 @@
-#include "fe.h"
-
-#ifndef HAVE_TI_MODE
-
-/*
-h = f + g
-Can overlap h with f or g.
-
-Preconditions:
-   |f| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
-   |g| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
-
-Postconditions:
-   |h| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
-*/
-
-void fe_add(fe h,fe f,fe g)
-{
-  crypto_int32 f0 = f[0];
-  crypto_int32 f1 = f[1];
-  crypto_int32 f2 = f[2];
-  crypto_int32 f3 = f[3];
-  crypto_int32 f4 = f[4];
-  crypto_int32 f5 = f[5];
-  crypto_int32 f6 = f[6];
-  crypto_int32 f7 = f[7];
-  crypto_int32 f8 = f[8];
-  crypto_int32 f9 = f[9];
-  crypto_int32 g0 = g[0];
-  crypto_int32 g1 = g[1];
-  crypto_int32 g2 = g[2];
-  crypto_int32 g3 = g[3];
-  crypto_int32 g4 = g[4];
-  crypto_int32 g5 = g[5];
-  crypto_int32 g6 = g[6];
-  crypto_int32 g7 = g[7];
-  crypto_int32 g8 = g[8];
-  crypto_int32 g9 = g[9];
-  crypto_int32 h0 = f0 + g0;
-  crypto_int32 h1 = f1 + g1;
-  crypto_int32 h2 = f2 + g2;
-  crypto_int32 h3 = f3 + g3;
-  crypto_int32 h4 = f4 + g4;
-  crypto_int32 h5 = f5 + g5;
-  crypto_int32 h6 = f6 + g6;
-  crypto_int32 h7 = f7 + g7;
-  crypto_int32 h8 = f8 + g8;
-  crypto_int32 h9 = f9 + g9;
-  h[0] = h0;
-  h[1] = h1;
-  h[2] = h2;
-  h[3] = h3;
-  h[4] = h4;
-  h[5] = h5;
-  h[6] = h6;
-  h[7] = h7;
-  h[8] = h8;
-  h[9] = h9;
-}
-
-#endif