rbnacl-libsodium 1.0.8 → 1.0.9

data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/donna_c64/curve25519_donna_c64.c

@@ -34,8 +34,7 @@
 typedef uint8_t u8;
 typedef uint64_t limb;
 typedef limb felem[5];
-// This is a special gcc mode for 128-bit integers. It's implemented on 64-bit
-// platforms only as far as I know.
+/* Special gcc mode for 128-bit integers */
 typedef unsigned uint128_t __attribute__ ((mode(TI)));
 
 /* Sum two numbers: output += in */
@@ -315,7 +314,7 @@ fmonty(limb *x2, limb *z2, /* output 2Q */
 
   memcpy(origx, x, 5 * sizeof(limb));
   fsum(x, z);
-  fdifference_backwards(z, origx);  // does x - z
+  fdifference_backwards(z, origx); /* does x - z */
 
   memcpy(origxprime, xprime, sizeof(limb) * 5);
   fsum(xprime, zprime);
@@ -332,19 +331,19 @@ fmonty(limb *x2, limb *z2, /* output 2Q */
   fsquare_times(xx, x, 1);
   fsquare_times(zz, z, 1);
   fmul(x2, xx, zz);
-  fdifference_backwards(zz, xx);  // does zz = xx - zz
+  fdifference_backwards(zz, xx); /* does zz = xx - zz */
   fscalar_product(zzz, zz, 121665);
   fsum(zzz, xx);
   fmul(z2, zz, zzz);
 }
 
-// -----------------------------------------------------------------------------
-// Maybe swap the contents of two limb arrays (@a and @b), each @len elements
-// long. Perform the swap iff @swap is non-zero.
-//
-// This function performs the swap without leaking any side-channel
-// information.
-// -----------------------------------------------------------------------------
+/* -----------------------------------------------------------------------------
+   Maybe swap the contents of two limb arrays (@a and @b), each @len elements
+   long. Perform the swap iff @swap is non-zero.
+
+   This function performs the swap without leaking any side-channel
+   information.
+   ----------------------------------------------------------------------------- */
 static void
 swap_conditional(limb a[5], limb b[5], limb iswap) {
   unsigned i;
@@ -411,17 +410,17 @@ cmult(limb *resultx, limb *resultz, const u8 *n, const limb *q) {
 }
 
 
-// -----------------------------------------------------------------------------
-// Shamelessly copied from djb's code, tightened a little
-// -----------------------------------------------------------------------------
+/* -----------------------------------------------------------------------------
+   Shamelessly copied from djb's code, tightened a little
+   ----------------------------------------------------------------------------- */
 static void
 crecip(felem out, const felem z) {
   felem a,t0,b,c;
 
-  /* 2 */ fsquare_times(a, z, 1); // a = 2
+  /* 2 */ fsquare_times(a, z, 1); /* a = 2 */
   /* 8 */ fsquare_times(t0, a, 2);
-  /* 9 */ fmul(b, t0, z); // b = 9
-  /* 11 */ fmul(a, b, a); // a = 11
+  /* 9 */ fmul(b, t0, z); /* b = 9 */
+  /* 11 */ fmul(a, b, a); /* a = 11 */
   /* 22 */ fsquare_times(t0, a, 1);
   /* 2^5 - 2^0 = 31 */ fmul(b, t0, b);
   /* 2^10 - 2^5 */ fsquare_times(t0, b, 5);

data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/donna_c64/curve25519_donna_c64.h

@@ -2,6 +2,7 @@
 #define curve25519_donna_c64_H
 
 #include "crypto_scalarmult_curve25519.h"
+#include "../scalarmult_curve25519.h"
 
 extern struct crypto_scalarmult_curve25519_implementation
     crypto_scalarmult_curve25519_donna_c64_implementation;

data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/ref10/x25519_ref10.c

@@ -127,17 +127,17 @@ fe_mul121666(fe h,const fe f)
   int64_t carry8;
   int64_t carry9;
 
-  carry9 = (h9 + (int64_t) (1<<24)) >> 25; h0 += carry9 * 19; h9 -= carry9 << 25;
-  carry1 = (h1 + (int64_t) (1<<24)) >> 25; h2 += carry1; h1 -= carry1 << 25;
-  carry3 = (h3 + (int64_t) (1<<24)) >> 25; h4 += carry3; h3 -= carry3 << 25;
-  carry5 = (h5 + (int64_t) (1<<24)) >> 25; h6 += carry5; h5 -= carry5 << 25;
-  carry7 = (h7 + (int64_t) (1<<24)) >> 25; h8 += carry7; h7 -= carry7 << 25;
-
-  carry0 = (h0 + (int64_t) (1<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26;
-  carry2 = (h2 + (int64_t) (1<<25)) >> 26; h3 += carry2; h2 -= carry2 << 26;
-  carry4 = (h4 + (int64_t) (1<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26;
-  carry6 = (h6 + (int64_t) (1<<25)) >> 26; h7 += carry6; h6 -= carry6 << 26;
-  carry8 = (h8 + (int64_t) (1<<25)) >> 26; h9 += carry8; h8 -= carry8 << 26;
+  carry9 = (h9 + ((int64_t) 1 << 24)) >> 25; h0 += carry9 * 19; h9 -= carry9 << 25;
+  carry1 = (h1 + ((int64_t) 1 << 24)) >> 25; h2 += carry1; h1 -= carry1 << 25;
+  carry3 = (h3 + ((int64_t) 1 << 24)) >> 25; h4 += carry3; h3 -= carry3 << 25;
+  carry5 = (h5 + ((int64_t) 1 << 24)) >> 25; h6 += carry5; h5 -= carry5 << 25;
+  carry7 = (h7 + ((int64_t) 1 << 24)) >> 25; h8 += carry7; h7 -= carry7 << 25;
+
+  carry0 = (h0 + ((int64_t) 1 << 25)) >> 26; h1 += carry0; h0 -= carry0 << 26;
+  carry2 = (h2 + ((int64_t) 1 << 25)) >> 26; h3 += carry2; h2 -= carry2 << 26;
+  carry4 = (h4 + ((int64_t) 1 << 25)) >> 26; h5 += carry4; h4 -= carry4 << 26;
+  carry6 = (h6 + ((int64_t) 1 << 25)) >> 26; h7 += carry6; h6 -= carry6 << 26;
+  carry8 = (h8 + ((int64_t) 1 << 25)) >> 26; h9 += carry8; h8 -= carry8 << 26;
 
   h[0] = h0;
   h[1] = h1;

data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/ref10/x25519_ref10.h

@@ -2,6 +2,7 @@
 #define curve25519_ref10_H
 
 #include "crypto_scalarmult_curve25519.h"
+#include "../scalarmult_curve25519.h"
 
 extern struct crypto_scalarmult_curve25519_implementation
         crypto_scalarmult_curve25519_ref10_implementation;

data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/sandy2x/consts_namespace.h

@@ -16,5 +16,5 @@
 #define subc2 crypto_scalarmult_curve25519_sandy2x_subc2
 #define REDMASK51 crypto_scalarmult_curve25519_sandy2x_REDMASK51
 
-#endif //ifndef consts_namespace_H
+#endif /* ifndef consts_namespace_H */
 

data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe.h

@@ -6,9 +6,10 @@
 #ifndef fe_H
 #define fe_H
 
-#include "crypto_uint64.h"
+#include <stdint.h>
+#include <stdlib.h>
 
-typedef crypto_uint64 fe[10];
+typedef uint64_t fe[10];
 
 /*
 fe means field element.

data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe51.h

@@ -12,12 +12,14 @@
 extern "C" {
 #endif
 
-#include "crypto_uint64.h"
+#include <stdint.h>
+#include <stdlib.h>
+
 #include "fe51_namespace.h"
 
-typedef struct 
+typedef struct
 {
-  crypto_uint64 v[5]; 
+    uint64_t v[5];
 }
 fe51;
 

data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe51_invert.c

@@ -11,47 +11,47 @@
 
 void fe51_invert(fe51 *r, const fe51 *x)
 {
-	fe51 z2;
-	fe51 z9;
-	fe51 z11;
-	fe51 z2_5_0;
-	fe51 z2_10_0;
-	fe51 z2_20_0;
-	fe51 z2_50_0;
-	fe51 z2_100_0;
-	fe51 t;
-	
-	/* 2 */ fe51_square(&z2,x);
-	/* 4 */ fe51_square(&t,&z2);
-	/* 8 */ fe51_square(&t,&t);
-	/* 9 */ fe51_mul(&z9,&t,x);
-	/* 11 */ fe51_mul(&z11,&z9,&z2);
-	/* 22 */ fe51_square(&t,&z11);
-	/* 2^5 - 2^0 = 31 */ fe51_mul(&z2_5_0,&t,&z9);
-
-	/* 2^10 - 2^5 */ fe51_nsquare(&t,&z2_5_0, 5); 
-	/* 2^10 - 2^0 */ fe51_mul(&z2_10_0,&t,&z2_5_0);
-
-	/* 2^20 - 2^10 */ fe51_nsquare(&t,&z2_10_0, 10); 
-	/* 2^20 - 2^0 */ fe51_mul(&z2_20_0,&t,&z2_10_0);
-
-	/* 2^40 - 2^20 */ fe51_nsquare(&t,&z2_20_0, 20); 
-	/* 2^40 - 2^0 */ fe51_mul(&t,&t,&z2_20_0);
-
-	/* 2^50 - 2^10 */ fe51_nsquare(&t,&t,10);
-	/* 2^50 - 2^0 */ fe51_mul(&z2_50_0,&t,&z2_10_0);
-
-	/* 2^100 - 2^50 */ fe51_nsquare(&t,&z2_50_0, 50); 
-	/* 2^100 - 2^0 */ fe51_mul(&z2_100_0,&t,&z2_50_0);
-
-	/* 2^200 - 2^100 */ fe51_nsquare(&t,&z2_100_0, 100); 
-	/* 2^200 - 2^0 */ fe51_mul(&t,&t,&z2_100_0);
-
-	/* 2^250 - 2^50 */ fe51_nsquare(&t,&t, 50);
-	/* 2^250 - 2^0 */ fe51_mul(&t,&t,&z2_50_0);
-
-	/* 2^255 - 2^5 */ fe51_nsquare(&t,&t,5);
-	/* 2^255 - 21 */ fe51_mul(r,&t,&z11);
+    fe51 z2;
+    fe51 z9;
+    fe51 z11;
+    fe51 z2_5_0;
+    fe51 z2_10_0;
+    fe51 z2_20_0;
+    fe51 z2_50_0;
+    fe51 z2_100_0;
+    fe51 t;
+
+    /* 2 */ fe51_square(&z2,x);
+    /* 4 */ fe51_square(&t,&z2);
+    /* 8 */ fe51_square(&t,&t);
+    /* 9 */ fe51_mul(&z9,&t,x);
+    /* 11 */ fe51_mul(&z11,&z9,&z2);
+    /* 22 */ fe51_square(&t,&z11);
+    /* 2^5 - 2^0 = 31 */ fe51_mul(&z2_5_0,&t,&z9);
+
+    /* 2^10 - 2^5 */ fe51_nsquare(&t,&z2_5_0, 5);
+    /* 2^10 - 2^0 */ fe51_mul(&z2_10_0,&t,&z2_5_0);
+
+    /* 2^20 - 2^10 */ fe51_nsquare(&t,&z2_10_0, 10);
+    /* 2^20 - 2^0 */ fe51_mul(&z2_20_0,&t,&z2_10_0);
+
+    /* 2^40 - 2^20 */ fe51_nsquare(&t,&z2_20_0, 20);
+    /* 2^40 - 2^0 */ fe51_mul(&t,&t,&z2_20_0);
+
+    /* 2^50 - 2^10 */ fe51_nsquare(&t,&t,10);
+    /* 2^50 - 2^0 */ fe51_mul(&z2_50_0,&t,&z2_10_0);
+
+    /* 2^100 - 2^50 */ fe51_nsquare(&t,&z2_50_0, 50);
+    /* 2^100 - 2^0 */ fe51_mul(&z2_100_0,&t,&z2_50_0);
+
+    /* 2^200 - 2^100 */ fe51_nsquare(&t,&z2_100_0, 100);
+    /* 2^200 - 2^0 */ fe51_mul(&t,&t,&z2_100_0);
+
+    /* 2^250 - 2^50 */ fe51_nsquare(&t,&t, 50);
+    /* 2^250 - 2^0 */ fe51_mul(&t,&t,&z2_50_0);
+
+    /* 2^255 - 2^5 */ fe51_nsquare(&t,&t,5);
+    /* 2^255 - 21 */ fe51_mul(r,&t,&z11);
 }
 
 #endif

data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe51_mul.S

@@ -7,10 +7,18 @@
 #include "consts_namespace.h"
 .text
 .p2align 5
-.globl _fe51_mul
+#ifdef ASM_HIDE_SYMBOL
+ASM_HIDE_SYMBOL fe51_mul
+ASM_HIDE_SYMBOL _fe51_mul
+#endif
 .globl fe51_mul
-_fe51_mul:
+.globl _fe51_mul
+#ifdef __ELF__
+.type fe51_mul, @function
+.type _fe51_mul, @function
+#endif
 fe51_mul:
+_fe51_mul:
 mov %rsp,%r11
 and $31,%r11
 add $96,%r11

data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe51_namespace.h

@@ -12,5 +12,5 @@
 
 #define  fe51_invert       crypto_scalarmult_curve25519_sandy2x_fe51_invert
 
-#endif //ifndef fe51_namespace_H
+#endif /* ifndef fe51_namespace_H */
 

data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe51_nsquare.S

@@ -8,6 +8,10 @@
 #include "consts_namespace.h"
 .p2align 5
 
+#ifdef ASM_HIDE_SYMBOL
+ASM_HIDE_SYMBOL fe51_nsquare
+ASM_HIDE_SYMBOL _fe51_nsquare
+#endif
 .globl fe51_nsquare
 .globl _fe51_nsquare
 #ifdef __ELF__

data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe51_pack.S

@@ -8,6 +8,10 @@
 #include "consts_namespace.h"
 .p2align 5
 
+#ifdef ASM_HIDE_SYMBOL
+ASM_HIDE_SYMBOL fe51_pack
+ASM_HIDE_SYMBOL _fe51_pack
+#endif
 .globl fe51_pack
 .globl _fe51_pack
 #ifdef __ELF__

data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe_frombytes_sandy2x.c

@@ -3,51 +3,50 @@
 */
 
 #include "fe.h"
-#include "crypto_uint64.h"
 
 #ifdef HAVE_AVX_ASM
 
-static crypto_uint64 load_3(const unsigned char *in)
+static uint64_t load_3(const unsigned char *in)
 {
-  crypto_uint64 result;
-  result = (crypto_uint64) in[0];
-  result |= ((crypto_uint64) in[1]) << 8;
-  result |= ((crypto_uint64) in[2]) << 16;
+  uint64_t result;
+  result = (uint64_t) in[0];
+  result |= ((uint64_t) in[1]) << 8;
+  result |= ((uint64_t) in[2]) << 16;
   return result;
 }
 
-static crypto_uint64 load_4(const unsigned char *in)
+static uint64_t load_4(const unsigned char *in)
 {
-  crypto_uint64 result;
-  result = (crypto_uint64) in[0];
-  result |= ((crypto_uint64) in[1]) << 8;
-  result |= ((crypto_uint64) in[2]) << 16;
-  result |= ((crypto_uint64) in[3]) << 24;
+  uint64_t result;
+  result = (uint64_t) in[0];
+  result |= ((uint64_t) in[1]) << 8;
+  result |= ((uint64_t) in[2]) << 16;
+  result |= ((uint64_t) in[3]) << 24;
   return result;
 }
 
 void fe_frombytes(fe h,const unsigned char *s)
 {
-  crypto_uint64 h0 = load_4(s);
-  crypto_uint64 h1 = load_3(s + 4) << 6;
-  crypto_uint64 h2 = load_3(s + 7) << 5;
-  crypto_uint64 h3 = load_3(s + 10) << 3;
-  crypto_uint64 h4 = load_3(s + 13) << 2;
-  crypto_uint64 h5 = load_4(s + 16);
-  crypto_uint64 h6 = load_3(s + 20) << 7;
-  crypto_uint64 h7 = load_3(s + 23) << 5;
-  crypto_uint64 h8 = load_3(s + 26) << 4;
-  crypto_uint64 h9 = (load_3(s + 29) & 8388607) << 2;
-  crypto_uint64 carry0;
-  crypto_uint64 carry1;
-  crypto_uint64 carry2;
-  crypto_uint64 carry3;
-  crypto_uint64 carry4;
-  crypto_uint64 carry5;
-  crypto_uint64 carry6;
-  crypto_uint64 carry7;
-  crypto_uint64 carry8;
-  crypto_uint64 carry9;
+  uint64_t h0 = load_4(s);
+  uint64_t h1 = load_3(s + 4) << 6;
+  uint64_t h2 = load_3(s + 7) << 5;
+  uint64_t h3 = load_3(s + 10) << 3;
+  uint64_t h4 = load_3(s + 13) << 2;
+  uint64_t h5 = load_4(s + 16);
+  uint64_t h6 = load_3(s + 20) << 7;
+  uint64_t h7 = load_3(s + 23) << 5;
+  uint64_t h8 = load_3(s + 26) << 4;
+  uint64_t h9 = (load_3(s + 29) & 8388607) << 2;
+  uint64_t carry0;
+  uint64_t carry1;
+  uint64_t carry2;
+  uint64_t carry3;
+  uint64_t carry4;
+  uint64_t carry5;
+  uint64_t carry6;
+  uint64_t carry7;
+  uint64_t carry8;
+  uint64_t carry9;
 
   carry9 = h9 >> 25; h0 += carry9 * 19; h9 &= 0x1FFFFFF;
   carry1 = h1 >> 25; h2 += carry1; h1 &= 0x1FFFFFF;

data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/sandy2x/ladder.S

@@ -4,6 +4,10 @@
 #include "consts_namespace.h"
 .p2align 5
 
+#ifdef ASM_HIDE_SYMBOL
+ASM_HIDE_SYMBOL ladder
+ASM_HIDE_SYMBOL _ladder
+#endif
 .globl ladder
 .globl _ladder
 #ifdef __ELF__

data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/sandy2x/ladder.h

@@ -14,5 +14,5 @@ extern void ladder(fe *, const unsigned char *);
 }
 #endif
 
-#endif //ifndef ladder_H
+#endif /* ifndef ladder_H */
 

data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/sandy2x/ladder_base.S

@@ -4,6 +4,10 @@
 #include "consts_namespace.h"
 .p2align 5
 
+#ifdef ASM_HIDE_SYMBOL
+ASM_HIDE_SYMBOL ladder_base
+ASM_HIDE_SYMBOL _ladder_base
+#endif
 .globl ladder_base
 .globl _ladder_base
 #ifdef __ELF__

data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/sandy2x/ladder_base.h

@@ -14,5 +14,5 @@ extern void ladder_base(fe *, const unsigned char *);
 }
 #endif
 
-#endif //ifndef ladder_base_H
+#endif /* ifndef ladder_base_H */
 

data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/sandy2x/ladder_base_namespace.h

@@ -4,5 +4,5 @@
 #define  ladder_base  crypto_scalarmult_curve25519_sandy2x_ladder_base
 #define _ladder_base _crypto_scalarmult_curve25519_sandy2x_ladder_base
 
-#endif //ifndef ladder_base_namespace_H
+#endif /* ifndef ladder_base_namespace_H */
 

data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/sandy2x/ladder_namespace.h

@@ -4,5 +4,5 @@
 #define  ladder  crypto_scalarmult_curve25519_sandy2x_ladder
 #define _ladder _crypto_scalarmult_curve25519_sandy2x_ladder
 
-#endif //ifndef ladder_namespace_H
+#endif /* ifndef ladder_namespace_H */
 

data/vendor/libsodium/src/libsodium/crypto_secretbox/crypto_secretbox_easy.c

@@ -11,10 +11,6 @@
 #include "crypto_stream_salsa20.h"
 #include "utils.h"
 
-static const unsigned char sigma[16] = {
-    'e', 'x', 'p', 'a', 'n', 'd', ' ', '3', '2', '-', 'b', 'y', 't', 'e', ' ', 'k'
-};
-
 int
 crypto_secretbox_detached(unsigned char *c, unsigned char *mac,
                           const unsigned char *m,
@@ -27,7 +23,7 @@ crypto_secretbox_detached(unsigned char *c, unsigned char *mac,
     unsigned long long                i;
     unsigned long long                mlen0;
 
-    crypto_core_hsalsa20(subkey, n, k, sigma);
+    crypto_core_hsalsa20(subkey, n, k, NULL);
 
     if (((uintptr_t) c >= (uintptr_t) m &&
          (uintptr_t) c - (uintptr_t) m < mlen) ||
@@ -93,7 +89,7 @@ crypto_secretbox_open_detached(unsigned char *m, const unsigned char *c,
     unsigned long long i;
     unsigned long long mlen0;
 
-    crypto_core_hsalsa20(subkey, n, k, sigma);
+    crypto_core_hsalsa20(subkey, n, k, NULL);
     crypto_stream_salsa20(block0, crypto_stream_salsa20_KEYBYTES,
                           n + 16, subkey);
     if (crypto_onetimeauth_poly1305_verify(mac, c, clen, block0) != 0) {