RubyGems - rbnacl-libsodium - Versions diffs - 1.0.8 → 1.0.9 - Mend

rbnacl-libsodium 1.0.8 → 1.0.9

Files changed (204) hide show

data/vendor/libsodium/src/libsodium/crypto_generichash/blake2/ref/blake2b-load-sse2.h CHANGED

@@ -63,6 +63,4 @@
 #define LOAD_MSG_11_3(b0, b1) b0 = _mm_set_epi64x(m0, m1); b1 = _mm_set_epi64x(m5, m11)
 #define LOAD_MSG_11_4(b0, b1) b0 = _mm_set_epi64x(m2, m12); b1 = _mm_set_epi64x(m3, m7)
 #endif

data/vendor/libsodium/src/libsodium/crypto_generichash/blake2/ref/blake2b-load-sse41.h CHANGED

@@ -397,6 +397,4 @@ b0 = _mm_unpacklo_epi64(m6, m1); \
 b1 = _mm_unpackhi_epi64(m3, m1); \
 } while(0)
 #endif

data/vendor/libsodium/src/libsodium/crypto_generichash/blake2/ref/blake2b-ref.c CHANGED

@@ -19,6 +19,7 @@
 #include "blake2.h"
 #include "blake2-impl.h"
 #include "runtime.h"
+#include "../../sodium/common.h"
 #ifdef HAVE_TI_MODE
 # if defined(__SIZEOF_INT128__)
@@ -83,7 +84,7 @@ static inline int blake2b_increment_counter( blake2b_state *S, const uint64_t in
   return 0;
 }
-// Parameter-related functions
+/* Parameter-related functions */
 #if 0
 static inline int blake2b_param_set_digest_length( blake2b_param *P, const uint8_t digest_length )
 {
@@ -105,13 +106,13 @@ static inline int blake2b_param_set_max_depth( blake2b_param *P, const uint8_t d
 static inline int blake2b_param_set_leaf_length( blake2b_param *P, const uint32_t leaf_length )
 {
-  store32( &P->leaf_length, leaf_length );
+  STORE32_LE( P->leaf_length, leaf_length );
   return 0;
 }
 static inline int blake2b_param_set_node_offset( blake2b_param *P, const uint64_t node_offset )
 {
-  store64( &P->node_offset, node_offset );
+  STORE64_LE( P->node_offset, node_offset );
   return 0;
 }
@@ -155,12 +156,13 @@ int blake2b_init_param( blake2b_state *S, const blake2b_param *P )
   size_t i;
   const uint8_t *p;
+  (void) sizeof(int[sizeof *P == 64 ? 1 : -1]);
   blake2b_init0( S );
   p = ( const uint8_t * )( P );
   /* IV XOR ParamBlock */
   for( i = 0; i < 8; ++i )
-    S->h[i] ^= load64( p + sizeof( S->h[i] ) * i );
+    S->h[i] ^= LOAD64_LE( p + sizeof( S->h[i] ) * i );
   return 0;
 }
@@ -175,8 +177,8 @@ int blake2b_init( blake2b_state *S, const uint8_t outlen )
   P->key_length    = 0;
   P->fanout        = 1;
   P->depth         = 1;
-  store32( &P->leaf_length, 0 );
-  store64( &P->node_offset, 0 );
+  STORE32_LE( P->leaf_length, 0 );
+  STORE64_LE( P->node_offset, 0 );
   P->node_depth    = 0;
   P->inner_length  = 0;
   memset( P->reserved, 0, sizeof( P->reserved ) );
@@ -196,8 +198,8 @@ int blake2b_init_salt_personal( blake2b_state *S, const uint8_t outlen,
   P->key_length    = 0;
   P->fanout        = 1;
   P->depth         = 1;
-  store32( &P->leaf_length, 0 );
-  store64( &P->node_offset, 0 );
+  STORE32_LE( P->leaf_length, 0 );
+  STORE64_LE( P->node_offset, 0 );
   P->node_depth    = 0;
   P->inner_length  = 0;
   memset( P->reserved, 0, sizeof( P->reserved ) );
@@ -226,8 +228,8 @@ int blake2b_init_key( blake2b_state *S, const uint8_t outlen, const void *key, c
   P->key_length    = keylen;
   P->fanout        = 1;
   P->depth         = 1;
-  store32( &P->leaf_length, 0 );
-  store64( &P->node_offset, 0 );
+  STORE32_LE( P->leaf_length, 0 );
+  STORE64_LE( P->node_offset, 0 );
   P->node_depth    = 0;
   P->inner_length  = 0;
   memset( P->reserved, 0, sizeof( P->reserved ) );
@@ -259,8 +261,8 @@ int blake2b_init_key_salt_personal( blake2b_state *S, const uint8_t outlen, cons
   P->key_length    = keylen;
   P->fanout        = 1;
   P->depth         = 1;
-  store32( &P->leaf_length, 0 );
-  store64( &P->node_offset, 0 );
+  STORE32_LE( P->leaf_length, 0 );
+  STORE64_LE( P->node_offset, 0 );
   P->node_depth    = 0;
   P->inner_length  = 0;
   memset( P->reserved, 0, sizeof( P->reserved ) );
@@ -297,19 +299,19 @@ int blake2b_update( blake2b_state *S, const uint8_t *in, uint64_t inlen )
     if( inlen > fill )
     {
-      memcpy( S->buf + left, in, fill ); // Fill buffer
+      memcpy( S->buf + left, in, fill ); /* Fill buffer */
       S->buflen += fill;
       blake2b_increment_counter( S, BLAKE2B_BLOCKBYTES );
-      blake2b_compress( S, S->buf ); // Compress
-      memcpy( S->buf, S->buf + BLAKE2B_BLOCKBYTES, BLAKE2B_BLOCKBYTES ); // Shift buffer left
+      blake2b_compress( S, S->buf ); /* Compress */
+      memcpy( S->buf, S->buf + BLAKE2B_BLOCKBYTES, BLAKE2B_BLOCKBYTES ); /* Shift buffer left */
       S->buflen -= BLAKE2B_BLOCKBYTES;
       in += fill;
       inlen -= fill;
     }
-    else // inlen <= fill
+    else /* inlen <= fill */
     {
       memcpy( S->buf + left, in, inlen );
-      S->buflen += inlen; // Be lazy, do not compress
+      S->buflen += inlen; /* Be lazy, do not compress */
       in += inlen;
       inlen -= inlen;
     }
@@ -345,7 +347,7 @@ int blake2b_final( blake2b_state *S, uint8_t *out, uint8_t outlen )
     int     i;
     for( i = 0; i < 8; ++i ) /* Output full hash to temp buffer */
-      store64( buffer + sizeof( S->h[i] ) * i, S->h[i] );
+      STORE64_LE( buffer + sizeof( S->h[i] ) * i, S->h[i] );
     memcpy( out, buffer, outlen );
   }
 #endif
@@ -415,6 +417,14 @@ int blake2b_salt_personal( uint8_t *out, const void *in, const void *key, const
 int
 blake2b_pick_best_implementation(void)
 {
+/* LCOV_EXCL_START */
+#if (defined(HAVE_AVX2INTRIN_H) && defined(HAVE_TMMINTRIN_H) && defined(HAVE_SMMINTRIN_H)) || \
+    (defined(_MSC_VER) && (defined(_M_X64) || defined(_M_AMD64)))
+  if (sodium_runtime_has_avx2()) {
+    blake2b_compress = blake2b_compress_avx2;
+    return 0;
+  }
+#endif
 #if (defined(HAVE_EMMINTRIN_H) && defined(HAVE_TMMINTRIN_H) && defined(HAVE_SMMINTRIN_H)) || \
     (defined(_MSC_VER) && (defined(_M_X64) || defined(_M_AMD64) || defined(_M_IX86)))
   if (sodium_runtime_has_sse41()) {
@@ -432,4 +442,5 @@ blake2b_pick_best_implementation(void)
   blake2b_compress = blake2b_compress_ref;
   return 0;
+/* LCOV_EXCL_STOP */
 }

data/vendor/libsodium/src/libsodium/crypto_hash/sha256/cp/hash_sha256.c CHANGED

@@ -28,6 +28,7 @@
 #include "crypto_hash_sha256.h"
 #include "utils.h"
+#include "../../../sodium/common.h"
 #include <sys/types.h>
@@ -36,53 +37,13 @@
 #include <stdlib.h>
 #include <string.h>
-/* Avoid namespace collisions with BSD <sys/endian.h>. */
-#define be32dec _sha256_be32dec
-#define be32enc _sha256_be32enc
-#define be64enc _sha256_be64enc
-static inline uint32_t
-be32dec(const void *pp)
-{
-    const uint8_t *p = (uint8_t const *)pp;
-    return ((uint32_t)(p[3]) + ((uint32_t)(p[2]) << 8) +
-            ((uint32_t)(p[1]) << 16) + ((uint32_t)(p[0]) << 24));
-}
-static inline void
-be32enc(void *pp, uint32_t x)
-{
-    uint8_t *p = (uint8_t *)pp;
-    p[3] = x & 0xff;
-    p[2] = (x >> 8) & 0xff;
-    p[1] = (x >> 16) & 0xff;
-    p[0] = (x >> 24) & 0xff;
-}
-static inline void
-be64enc(void * pp, uint64_t x)
-{
-    uint8_t * p = (uint8_t *)pp;
-    p[7] = x & 0xff;
-    p[6] = (x >> 8) & 0xff;
-    p[5] = (x >> 16) & 0xff;
-    p[4] = (x >> 24) & 0xff;
-    p[3] = (x >> 32) & 0xff;
-    p[2] = (x >> 40) & 0xff;
-    p[1] = (x >> 48) & 0xff;
-    p[0] = (x >> 56) & 0xff;
-}
 static void
 be32enc_vect(unsigned char *dst, const uint32_t *src, size_t len)
 {
     size_t i;
     for (i = 0; i < len / 4; i++) {
-        be32enc(dst + i * 4, src[i]);
+        STORE32_BE(dst + i * 4, src[i]);
     }
 }
@@ -92,7 +53,7 @@ be32dec_vect(uint32_t *dst, const unsigned char *src, size_t len)
     size_t i;
     for (i = 0; i < len / 4; i++) {
-        dst[i] = be32dec(src + i * 4);
+        dst[i] = LOAD32_BE(src + i * 4);
     }
 }
@@ -221,7 +182,7 @@ SHA256_Pad(crypto_hash_sha256_state *state)
     unsigned char len[8];
     uint32_t r, plen;
-    be64enc(len, state->count);
+    STORE64_BE(len, state->count);
     r = (state->count >> 3) & 0x3f;
     plen = (r < 56) ? (56 - r) : (120 - r);

data/vendor/libsodium/src/libsodium/crypto_hash/sha512/cp/hash_sha512.c CHANGED

@@ -28,6 +28,7 @@
 #include "crypto_hash_sha512.h"
 #include "utils.h"
+#include "../../../sodium/common.h"
 #include <sys/types.h>
@@ -36,43 +37,13 @@
 #include <stdlib.h>
 #include <string.h>
-/* Avoid namespace collisions with BSD <sys/endian.h>. */
-#define be64dec _sha512_be64dec
-#define be64enc _sha512_be64enc
-static inline uint64_t
-be64dec(const void *pp)
-{
-    const uint8_t *p = (uint8_t const *)pp;
-    return ((uint64_t)(p[7]) + ((uint64_t)(p[6]) << 8) +
-            ((uint64_t)(p[5]) << 16) + ((uint64_t)(p[4]) << 24) +
-            ((uint64_t)(p[3]) << 32) + ((uint64_t)(p[2]) << 40) +
-            ((uint64_t)(p[1]) << 48) + ((uint64_t)(p[0]) << 56));
-}
-static inline void
-be64enc(void *pp, uint64_t x)
-{
-    uint8_t *p = (uint8_t *)pp;
-    p[7] = x & 0xff;
-    p[6] = (x >> 8) & 0xff;
-    p[5] = (x >> 16) & 0xff;
-    p[4] = (x >> 24) & 0xff;
-    p[3] = (x >> 32) & 0xff;
-    p[2] = (x >> 40) & 0xff;
-    p[1] = (x >> 48) & 0xff;
-    p[0] = (x >> 56) & 0xff;
-}
 static void
 be64enc_vect(unsigned char *dst, const uint64_t *src, size_t len)
 {
     size_t i;
     for (i = 0; i < len / 8; i++) {
-        be64enc(dst + i * 8, src[i]);
+        STORE64_BE(dst + i * 8, src[i]);
     }
 }
@@ -82,7 +53,7 @@ be64dec_vect(uint64_t *dst, const unsigned char *src, size_t len)
     size_t i;
     for (i = 0; i < len / 8; i++) {
-        dst[i] = be64dec(src + i * 8);
+        dst[i] = LOAD64_BE(src + i * 8);
     }
 }

data/vendor/libsodium/src/libsodium/crypto_onetimeauth/poly1305/donna/poly1305_donna.h CHANGED

@@ -4,28 +4,9 @@
 #include <stddef.h>
 #include "crypto_onetimeauth_poly1305.h"
+#include "../onetimeauth_poly1305.h"
 extern struct crypto_onetimeauth_poly1305_implementation
     crypto_onetimeauth_poly1305_donna_implementation;
-static int crypto_onetimeauth_poly1305_donna(unsigned char *out,
-                                             const unsigned char *in,
-                                             unsigned long long inlen,
-                                             const unsigned char *k);
-static int crypto_onetimeauth_poly1305_donna_verify(const unsigned char *h,
-                                                    const unsigned char *in,
-                                                    unsigned long long inlen,
-                                                    const unsigned char *k);
-static int crypto_onetimeauth_poly1305_donna_init(crypto_onetimeauth_poly1305_state *state,
-                                                  const unsigned char *key);
-static int crypto_onetimeauth_poly1305_donna_update(crypto_onetimeauth_poly1305_state *state,
-                                                    const unsigned char *in,
-                                                    unsigned long long inlen);
-static int crypto_onetimeauth_poly1305_donna_final(crypto_onetimeauth_poly1305_state *state,
-                                                   unsigned char *out);
 #endif /* poly1305_donna_H */

data/vendor/libsodium/src/libsodium/crypto_onetimeauth/poly1305/donna/poly1305_donna32.h CHANGED

@@ -10,6 +10,8 @@
 # define POLY1305_NOINLINE
 #endif
+#include "../../../sodium/common.h"
 #define poly1305_block_size 16
 /* 17 + sizeof(unsigned long long) + 14*sizeof(unsigned long) */
@@ -22,36 +24,15 @@ typedef struct poly1305_state_internal_t {
         unsigned char final;
 } poly1305_state_internal_t;
-/* interpret four 8 bit unsigned integers as a 32 bit unsigned integer in little endian */
-static unsigned long
-U8TO32(const unsigned char *p)
-{
-        return
-        (((unsigned long)(p[0] & 0xff)      ) |
-         ((unsigned long)(p[1] & 0xff) <<  8) |
-         ((unsigned long)(p[2] & 0xff) << 16) |
-         ((unsigned long)(p[3] & 0xff) << 24));
-}
-/* store a 32 bit unsigned integer as four 8 bit unsigned integers in little endian */
-static void
-U32TO8(unsigned char *p, unsigned long v)
-{
-        p[0] = (v      ) & 0xff;
-        p[1] = (v >>  8) & 0xff;
-        p[2] = (v >> 16) & 0xff;
-        p[3] = (v >> 24) & 0xff;
-}
 static void
 poly1305_init(poly1305_state_internal_t *st, const unsigned char key[32])
 {
         /* r &= 0xffffffc0ffffffc0ffffffc0fffffff */
-        st->r[0] = (U8TO32(&key[ 0])     ) & 0x3ffffff;
-        st->r[1] = (U8TO32(&key[ 3]) >> 2) & 0x3ffff03;
-        st->r[2] = (U8TO32(&key[ 6]) >> 4) & 0x3ffc0ff;
-        st->r[3] = (U8TO32(&key[ 9]) >> 6) & 0x3f03fff;
-        st->r[4] = (U8TO32(&key[12]) >> 8) & 0x00fffff;
+        st->r[0] = (LOAD32_LE(&key[ 0])     ) & 0x3ffffff;
+        st->r[1] = (LOAD32_LE(&key[ 3]) >> 2) & 0x3ffff03;
+        st->r[2] = (LOAD32_LE(&key[ 6]) >> 4) & 0x3ffc0ff;
+        st->r[3] = (LOAD32_LE(&key[ 9]) >> 6) & 0x3f03fff;
+        st->r[4] = (LOAD32_LE(&key[12]) >> 8) & 0x00fffff;
         /* h = 0 */
         st->h[0] = 0;
@@ -61,10 +42,10 @@ poly1305_init(poly1305_state_internal_t *st, const unsigned char key[32])
         st->h[4] = 0;
         /* save pad for later */
-        st->pad[0] = U8TO32(&key[16]);
-        st->pad[1] = U8TO32(&key[20]);
-        st->pad[2] = U8TO32(&key[24]);
-        st->pad[3] = U8TO32(&key[28]);
+        st->pad[0] = LOAD32_LE(&key[16]);
+        st->pad[1] = LOAD32_LE(&key[20]);
+        st->pad[2] = LOAD32_LE(&key[24]);
+        st->pad[3] = LOAD32_LE(&key[28]);
         st->leftover = 0;
         st->final = 0;
@@ -73,7 +54,7 @@ poly1305_init(poly1305_state_internal_t *st, const unsigned char key[32])
 static void
 poly1305_blocks(poly1305_state_internal_t *st, const unsigned char *m, unsigned long long bytes)
 {
-        const unsigned long hibit = (st->final) ? 0 : (1 << 24); /* 1 << 128 */
+        const unsigned long hibit = (st->final) ? 0UL : (1UL << 24); /* 1 << 128 */
         unsigned long r0,r1,r2,r3,r4;
         unsigned long s1,s2,s3,s4;
         unsigned long h0,h1,h2,h3,h4;
@@ -99,11 +80,11 @@ poly1305_blocks(poly1305_state_internal_t *st, const unsigned char *m, unsigned
         while (bytes >= poly1305_block_size) {
                 /* h += m[i] */
-                h0 += (U8TO32(m+ 0)     ) & 0x3ffffff;
-                h1 += (U8TO32(m+ 3) >> 2) & 0x3ffffff;
-                h2 += (U8TO32(m+ 6) >> 4) & 0x3ffffff;
-                h3 += (U8TO32(m+ 9) >> 6) & 0x3ffffff;
-                h4 += (U8TO32(m+12) >> 8) | hibit;
+                h0 += (LOAD32_LE(m+ 0)     ) & 0x3ffffff;
+                h1 += (LOAD32_LE(m+ 3) >> 2) & 0x3ffffff;
+                h2 += (LOAD32_LE(m+ 6) >> 4) & 0x3ffffff;
+                h3 += (LOAD32_LE(m+ 9) >> 6) & 0x3ffffff;
+                h4 += (LOAD32_LE(m+12) >> 8) | hibit;
                 /* h *= r */
                 d0 = ((unsigned long long)h0 * r0) + ((unsigned long long)h1 * s4) + ((unsigned long long)h2 * s3) + ((unsigned long long)h3 * s2) + ((unsigned long long)h4 * s1);
@@ -169,7 +150,7 @@ poly1305_finish(poly1305_state_internal_t *st, unsigned char mac[16])
         g1 = h1 + c; c = g1 >> 26; g1 &= 0x3ffffff;
         g2 = h2 + c; c = g2 >> 26; g2 &= 0x3ffffff;
         g3 = h3 + c; c = g3 >> 26; g3 &= 0x3ffffff;
-        g4 = h4 + c - (1 << 26);
+        g4 = h4 + c - (1UL << 26);
         /* select h if h < p, or h + -p if h >= p */
         mask = (g4 >> ((sizeof(unsigned long) * 8) - 1)) - 1;
@@ -197,10 +178,10 @@ poly1305_finish(poly1305_state_internal_t *st, unsigned char mac[16])
         f = (unsigned long long)h2 + st->pad[2] + (f >> 32); h2 = (unsigned long)f;
         f = (unsigned long long)h3 + st->pad[3] + (f >> 32); h3 = (unsigned long)f;
-        U32TO8(mac +  0, h0);
-        U32TO8(mac +  4, h1);
-        U32TO8(mac +  8, h2);
-        U32TO8(mac + 12, h3);
+        STORE32_LE(mac +  0, h0);
+        STORE32_LE(mac +  4, h1);
+        STORE32_LE(mac +  8, h2);
+        STORE32_LE(mac + 12, h3);
         /* zero out the state */
         sodium_memzero((void *)st, sizeof *st);

data/vendor/libsodium/src/libsodium/crypto_onetimeauth/poly1305/donna/poly1305_donna64.h CHANGED

@@ -22,6 +22,8 @@ typedef unsigned uint128_t __attribute__ ((mode(TI)));
 # define POLY1305_NOINLINE
 #endif
+#include "../../../sodium/common.h"
 #define poly1305_block_size 16
 /* 17 + sizeof(unsigned long long) + 8*sizeof(unsigned long long) */
@@ -34,43 +36,14 @@ typedef struct poly1305_state_internal_t {
         unsigned char final;
 } poly1305_state_internal_t;
-/* interpret eight 8 bit unsigned integers as a 64 bit unsigned integer in little endian */
-static unsigned long long
-U8TO64(const unsigned char *p)
-{
-        return
-           (((unsigned long long)(p[0] & 0xff)      ) |
-            ((unsigned long long)(p[1] & 0xff) <<  8) |
-            ((unsigned long long)(p[2] & 0xff) << 16) |
-            ((unsigned long long)(p[3] & 0xff) << 24) |
-            ((unsigned long long)(p[4] & 0xff) << 32) |
-            ((unsigned long long)(p[5] & 0xff) << 40) |
-            ((unsigned long long)(p[6] & 0xff) << 48) |
-            ((unsigned long long)(p[7] & 0xff) << 56));
-}
-/* store a 64 bit unsigned integer as eight 8 bit unsigned integers in little endian */
-static void
-U64TO8(unsigned char *p, unsigned long long v)
-{
-        p[0] = (v      ) & 0xff;
-        p[1] = (v >>  8) & 0xff;
-        p[2] = (v >> 16) & 0xff;
-        p[3] = (v >> 24) & 0xff;
-        p[4] = (v >> 32) & 0xff;
-        p[5] = (v >> 40) & 0xff;
-        p[6] = (v >> 48) & 0xff;
-        p[7] = (v >> 56) & 0xff;
-}
 static void
 poly1305_init(poly1305_state_internal_t *st, const unsigned char key[32])
 {
         unsigned long long t0,t1;
         /* r &= 0xffffffc0ffffffc0ffffffc0fffffff */
-        t0 = U8TO64(&key[0]);
-        t1 = U8TO64(&key[8]);
+        t0 = LOAD64_LE(&key[0]);
+        t1 = LOAD64_LE(&key[8]);
         st->r[0] = ( t0                    ) & 0xffc0fffffff;
         st->r[1] = ((t0 >> 44) | (t1 << 20)) & 0xfffffc0ffff;
@@ -82,8 +55,8 @@ poly1305_init(poly1305_state_internal_t *st, const unsigned char key[32])
         st->h[2] = 0;
         /* save pad for later */
-        st->pad[0] = U8TO64(&key[16]);
-        st->pad[1] = U8TO64(&key[24]);
+        st->pad[0] = LOAD64_LE(&key[16]);
+        st->pad[1] = LOAD64_LE(&key[24]);
         st->leftover = 0;
         st->final = 0;
@@ -92,7 +65,7 @@ poly1305_init(poly1305_state_internal_t *st, const unsigned char key[32])
 static void
 poly1305_blocks(poly1305_state_internal_t *st, const unsigned char *m, unsigned long long bytes)
 {
-        const unsigned long long hibit = (st->final) ? 0 : ((unsigned long long)1 << 40); /* 1 << 128 */
+        const unsigned long long hibit = (st->final) ? 0ULL : (1ULL << 40); /* 1 << 128 */
         unsigned long long r0,r1,r2;
         unsigned long long s1,s2;
         unsigned long long h0,h1,h2;
@@ -114,8 +87,8 @@ poly1305_blocks(poly1305_state_internal_t *st, const unsigned char *m, unsigned
                 unsigned long long t0,t1;
                 /* h += m[i] */
-                t0 = U8TO64(&m[0]);
-                t1 = U8TO64(&m[8]);
+                t0 = LOAD64_LE(&m[0]);
+                t1 = LOAD64_LE(&m[8]);
                 h0 += (( t0                    ) & 0xfffffffffff);
                 h1 += (((t0 >> 44) | (t1 << 20)) & 0xfffffffffff);
@@ -176,7 +149,7 @@ poly1305_finish(poly1305_state_internal_t *st, unsigned char mac[16])
         /* compute h + -p */
         g0 = h0 + 5; c = (g0 >> 44); g0 &= 0xfffffffffff;
         g1 = h1 + c; c = (g1 >> 44); g1 &= 0xfffffffffff;
-        g2 = h2 + c - ((unsigned long long)1 << 42);
+        g2 = h2 + c - (1ULL << 42);
         /* select h if h < p, or h + -p if h >= p */
         c = (g2 >> ((sizeof(unsigned long long) * 8) - 1)) - 1;
@@ -200,8 +173,8 @@ poly1305_finish(poly1305_state_internal_t *st, unsigned char mac[16])
         h0 = ((h0      ) | (h1 << 44));
         h1 = ((h1 >> 20) | (h2 << 24));
-        U64TO8(&mac[0], h0);
-        U64TO8(&mac[8], h1);
+        STORE64_LE(&mac[0], h0);
+        STORE64_LE(&mac[8], h1);
         /* zero out the state */
         sodium_memzero((void *)st, sizeof *st);