summaryrefslogtreecommitdiff
path: root/libs/libsodium/src/include
diff options
context:
space:
mode:
Diffstat (limited to 'libs/libsodium/src/include')
-rw-r--r--libs/libsodium/src/include/Makefile.am150
-rw-r--r--libs/libsodium/src/include/sodium.h140
-rw-r--r--libs/libsodium/src/include/sodium/core.h56
-rw-r--r--libs/libsodium/src/include/sodium/crypto_aead_aes256gcm.h350
-rw-r--r--libs/libsodium/src/include/sodium/crypto_aead_chacha20poly1305.h354
-rw-r--r--libs/libsodium/src/include/sodium/crypto_aead_xchacha20poly1305.h197
-rw-r--r--libs/libsodium/src/include/sodium/crypto_auth.h90
-rw-r--r--libs/libsodium/src/include/sodium/crypto_auth_hmacsha256.h138
-rw-r--r--libs/libsodium/src/include/sodium/crypto_auth_hmacsha512.h135
-rw-r--r--libs/libsodium/src/include/sodium/crypto_auth_hmacsha512256.h125
-rw-r--r--libs/libsodium/src/include/sodium/crypto_box.h350
-rw-r--r--libs/libsodium/src/include/sodium/crypto_box_curve25519xchacha20poly1305.h323
-rw-r--r--libs/libsodium/src/include/sodium/crypto_box_curve25519xsalsa20poly1305.h221
-rw-r--r--libs/libsodium/src/include/sodium/crypto_core_ed25519.h120
-rw-r--r--libs/libsodium/src/include/sodium/crypto_core_hchacha20.h71
-rw-r--r--libs/libsodium/src/include/sodium/crypto_core_hsalsa20.h71
-rw-r--r--libs/libsodium/src/include/sodium/crypto_core_salsa20.h71
-rw-r--r--libs/libsodium/src/include/sodium/crypto_core_salsa2012.h71
-rw-r--r--libs/libsodium/src/include/sodium/crypto_core_salsa208.h79
-rw-r--r--libs/libsodium/src/include/sodium/crypto_generichash.h163
-rw-r--r--libs/libsodium/src/include/sodium/crypto_generichash_blake2b.h235
-rw-r--r--libs/libsodium/src/include/sodium/crypto_hash.h80
-rw-r--r--libs/libsodium/src/include/sodium/crypto_hash_sha256.h117
-rw-r--r--libs/libsodium/src/include/sodium/crypto_hash_sha512.h117
-rw-r--r--libs/libsodium/src/include/sodium/crypto_kdf.h104
-rw-r--r--libs/libsodium/src/include/sodium/crypto_kdf_blake2b.h86
-rw-r--r--libs/libsodium/src/include/sodium/crypto_kx.h130
-rw-r--r--libs/libsodium/src/include/sodium/crypto_onetimeauth.h127
-rw-r--r--libs/libsodium/src/include/sodium/crypto_onetimeauth_poly1305.h139
-rw-r--r--libs/libsodium/src/include/sodium/crypto_pwhash.h294
-rw-r--r--libs/libsodium/src/include/sodium/crypto_pwhash_argon2i.h244
-rw-r--r--libs/libsodium/src/include/sodium/crypto_pwhash_argon2id.h244
-rw-r--r--libs/libsodium/src/include/sodium/crypto_pwhash_scryptsalsa208sha256.h240
-rw-r--r--libs/libsodium/src/include/sodium/crypto_scalarmult.h91
-rw-r--r--libs/libsodium/src/include/sodium/crypto_scalarmult_curve25519.h82
-rw-r--r--libs/libsodium/src/include/sodium/crypto_scalarmult_ed25519.h92
-rw-r--r--libs/libsodium/src/include/sodium/crypto_secretbox.h184
-rw-r--r--libs/libsodium/src/include/sodium/crypto_secretbox_xchacha20poly1305.h138
-rw-r--r--libs/libsodium/src/include/sodium/crypto_secretbox_xsalsa20poly1305.h136
-rw-r--r--libs/libsodium/src/include/sodium/crypto_secretstream_xchacha20poly1305.h211
-rw-r--r--libs/libsodium/src/include/sodium/crypto_shorthash.h80
-rw-r--r--libs/libsodium/src/include/sodium/crypto_shorthash_siphash24.h98
-rw-r--r--libs/libsodium/src/include/sodium/crypto_sign.h210
-rw-r--r--libs/libsodium/src/include/sodium/crypto_sign_ed25519.h238
-rw-r--r--libs/libsodium/src/include/sodium/crypto_sign_edwards25519sha512batch.h110
-rw-r--r--libs/libsodium/src/include/sodium/crypto_stream.h115
-rw-r--r--libs/libsodium/src/include/sodium/crypto_stream_chacha20.h204
-rw-r--r--libs/libsodium/src/include/sodium/crypto_stream_salsa20.h118
-rw-r--r--libs/libsodium/src/include/sodium/crypto_stream_salsa2012.h103
-rw-r--r--libs/libsodium/src/include/sodium/crypto_stream_salsa208.h112
-rw-r--r--libs/libsodium/src/include/sodium/crypto_stream_xchacha20.h118
-rw-r--r--libs/libsodium/src/include/sodium/crypto_stream_xsalsa20.h118
-rw-r--r--libs/libsodium/src/include/sodium/crypto_verify_16.h46
-rw-r--r--libs/libsodium/src/include/sodium/crypto_verify_32.h46
-rw-r--r--libs/libsodium/src/include/sodium/crypto_verify_64.h46
-rw-r--r--libs/libsodium/src/include/sodium/export.h114
-rw-r--r--libs/libsodium/src/include/sodium/private/chacha20_ietf_ext.h32
-rw-r--r--libs/libsodium/src/include/sodium/private/common.h522
-rw-r--r--libs/libsodium/src/include/sodium/private/ed25519_ref10.h252
-rw-r--r--libs/libsodium/src/include/sodium/private/ed25519_ref10_fe_25_5.h2100
-rw-r--r--libs/libsodium/src/include/sodium/private/ed25519_ref10_fe_51.h1036
-rw-r--r--libs/libsodium/src/include/sodium/private/implementations.h22
-rw-r--r--libs/libsodium/src/include/sodium/private/mutex.h14
-rw-r--r--libs/libsodium/src/include/sodium/private/sse2_64_32.h100
-rw-r--r--libs/libsodium/src/include/sodium/randombytes.h140
-rw-r--r--libs/libsodium/src/include/sodium/randombytes_nativeclient.h46
-rw-r--r--libs/libsodium/src/include/sodium/randombytes_salsa20_random.h38
-rw-r--r--libs/libsodium/src/include/sodium/randombytes_sysrandom.h38
-rw-r--r--libs/libsodium/src/include/sodium/runtime.h104
-rw-r--r--libs/libsodium/src/include/sodium/utils.h352
-rw-r--r--libs/libsodium/src/include/sodium/version.h64
71 files changed, 6650 insertions, 6452 deletions
diff --git a/libs/libsodium/src/include/Makefile.am b/libs/libsodium/src/include/Makefile.am
index b70c22b39b..0e1ed2634c 100644
--- a/libs/libsodium/src/include/Makefile.am
+++ b/libs/libsodium/src/include/Makefile.am
@@ -1,75 +1,75 @@
-
-SODIUM_EXPORT = \
- sodium.h \
- sodium/core.h \
- sodium/crypto_aead_aes256gcm.h \
- sodium/crypto_aead_chacha20poly1305.h \
- sodium/crypto_aead_xchacha20poly1305.h \
- sodium/crypto_auth.h \
- sodium/crypto_auth_hmacsha256.h \
- sodium/crypto_auth_hmacsha512.h \
- sodium/crypto_auth_hmacsha512256.h \
- sodium/crypto_box.h \
- sodium/crypto_box_curve25519xchacha20poly1305.h \
- sodium/crypto_box_curve25519xsalsa20poly1305.h \
- sodium/crypto_core_ed25519.h \
- sodium/crypto_core_hchacha20.h \
- sodium/crypto_core_hsalsa20.h \
- sodium/crypto_core_salsa20.h \
- sodium/crypto_core_salsa2012.h \
- sodium/crypto_core_salsa208.h \
- sodium/crypto_generichash.h \
- sodium/crypto_generichash_blake2b.h \
- sodium/crypto_hash.h \
- sodium/crypto_hash_sha256.h \
- sodium/crypto_hash_sha512.h \
- sodium/crypto_kdf.h \
- sodium/crypto_kdf_blake2b.h \
- sodium/crypto_kx.h \
- sodium/crypto_onetimeauth.h \
- sodium/crypto_onetimeauth_poly1305.h \
- sodium/crypto_pwhash.h \
- sodium/crypto_pwhash_argon2i.h \
- sodium/crypto_pwhash_argon2id.h \
- sodium/crypto_pwhash_scryptsalsa208sha256.h \
- sodium/crypto_scalarmult.h \
- sodium/crypto_scalarmult_curve25519.h \
- sodium/crypto_scalarmult_ed25519.h \
- sodium/crypto_secretbox.h \
- sodium/crypto_secretbox_xchacha20poly1305.h \
- sodium/crypto_secretbox_xsalsa20poly1305.h \
- sodium/crypto_secretstream_xchacha20poly1305.h \
- sodium/crypto_shorthash.h \
- sodium/crypto_shorthash_siphash24.h \
- sodium/crypto_sign.h \
- sodium/crypto_sign_ed25519.h \
- sodium/crypto_sign_edwards25519sha512batch.h \
- sodium/crypto_stream.h \
- sodium/crypto_stream_chacha20.h \
- sodium/crypto_stream_salsa20.h \
- sodium/crypto_stream_salsa2012.h \
- sodium/crypto_stream_salsa208.h \
- sodium/crypto_stream_xchacha20.h \
- sodium/crypto_stream_xsalsa20.h \
- sodium/crypto_verify_16.h \
- sodium/crypto_verify_32.h \
- sodium/crypto_verify_64.h \
- sodium/export.h \
- sodium/randombytes.h \
- sodium/randombytes_salsa20_random.h \
- sodium/randombytes_sysrandom.h \
- sodium/runtime.h \
- sodium/utils.h
-
-if NATIVECLIENT
-SODIUM_EXPORT += \
- sodium/randombytes_nativeclient.h
-endif
-
-EXTRA_SRC = $(SODIUM_EXPORT) \
- sodium/version.h.in
-
-nobase_include_HEADERS = $(SODIUM_EXPORT)
-
-nobase_nodist_include_HEADERS = \
- sodium/version.h
+
+SODIUM_EXPORT = \
+ sodium.h \
+ sodium/core.h \
+ sodium/crypto_aead_aes256gcm.h \
+ sodium/crypto_aead_chacha20poly1305.h \
+ sodium/crypto_aead_xchacha20poly1305.h \
+ sodium/crypto_auth.h \
+ sodium/crypto_auth_hmacsha256.h \
+ sodium/crypto_auth_hmacsha512.h \
+ sodium/crypto_auth_hmacsha512256.h \
+ sodium/crypto_box.h \
+ sodium/crypto_box_curve25519xchacha20poly1305.h \
+ sodium/crypto_box_curve25519xsalsa20poly1305.h \
+ sodium/crypto_core_ed25519.h \
+ sodium/crypto_core_hchacha20.h \
+ sodium/crypto_core_hsalsa20.h \
+ sodium/crypto_core_salsa20.h \
+ sodium/crypto_core_salsa2012.h \
+ sodium/crypto_core_salsa208.h \
+ sodium/crypto_generichash.h \
+ sodium/crypto_generichash_blake2b.h \
+ sodium/crypto_hash.h \
+ sodium/crypto_hash_sha256.h \
+ sodium/crypto_hash_sha512.h \
+ sodium/crypto_kdf.h \
+ sodium/crypto_kdf_blake2b.h \
+ sodium/crypto_kx.h \
+ sodium/crypto_onetimeauth.h \
+ sodium/crypto_onetimeauth_poly1305.h \
+ sodium/crypto_pwhash.h \
+ sodium/crypto_pwhash_argon2i.h \
+ sodium/crypto_pwhash_argon2id.h \
+ sodium/crypto_pwhash_scryptsalsa208sha256.h \
+ sodium/crypto_scalarmult.h \
+ sodium/crypto_scalarmult_curve25519.h \
+ sodium/crypto_scalarmult_ed25519.h \
+ sodium/crypto_secretbox.h \
+ sodium/crypto_secretbox_xchacha20poly1305.h \
+ sodium/crypto_secretbox_xsalsa20poly1305.h \
+ sodium/crypto_secretstream_xchacha20poly1305.h \
+ sodium/crypto_shorthash.h \
+ sodium/crypto_shorthash_siphash24.h \
+ sodium/crypto_sign.h \
+ sodium/crypto_sign_ed25519.h \
+ sodium/crypto_sign_edwards25519sha512batch.h \
+ sodium/crypto_stream.h \
+ sodium/crypto_stream_chacha20.h \
+ sodium/crypto_stream_salsa20.h \
+ sodium/crypto_stream_salsa2012.h \
+ sodium/crypto_stream_salsa208.h \
+ sodium/crypto_stream_xchacha20.h \
+ sodium/crypto_stream_xsalsa20.h \
+ sodium/crypto_verify_16.h \
+ sodium/crypto_verify_32.h \
+ sodium/crypto_verify_64.h \
+ sodium/export.h \
+ sodium/randombytes.h \
+ sodium/randombytes_salsa20_random.h \
+ sodium/randombytes_sysrandom.h \
+ sodium/runtime.h \
+ sodium/utils.h
+
+if NATIVECLIENT
+SODIUM_EXPORT += \
+ sodium/randombytes_nativeclient.h
+endif
+
+EXTRA_SRC = $(SODIUM_EXPORT) \
+ sodium/version.h.in
+
+nobase_include_HEADERS = $(SODIUM_EXPORT)
+
+nobase_nodist_include_HEADERS = \
+ sodium/version.h
diff --git a/libs/libsodium/src/include/sodium.h b/libs/libsodium/src/include/sodium.h
index e7b1af46f0..3cd9b5b79a 100644
--- a/libs/libsodium/src/include/sodium.h
+++ b/libs/libsodium/src/include/sodium.h
@@ -1,70 +1,70 @@
-
-#ifndef sodium_H
-#define sodium_H
-
-#include "sodium/version.h"
-
-#include "sodium/core.h"
-#include "sodium/crypto_aead_aes256gcm.h"
-#include "sodium/crypto_aead_chacha20poly1305.h"
-#include "sodium/crypto_aead_xchacha20poly1305.h"
-#include "sodium/crypto_auth.h"
-#include "sodium/crypto_auth_hmacsha256.h"
-#include "sodium/crypto_auth_hmacsha512.h"
-#include "sodium/crypto_auth_hmacsha512256.h"
-#include "sodium/crypto_box.h"
-#include "sodium/crypto_box_curve25519xsalsa20poly1305.h"
-#include "sodium/crypto_core_hsalsa20.h"
-#include "sodium/crypto_core_hchacha20.h"
-#include "sodium/crypto_core_salsa20.h"
-#include "sodium/crypto_core_salsa2012.h"
-#include "sodium/crypto_core_salsa208.h"
-#include "sodium/crypto_generichash.h"
-#include "sodium/crypto_generichash_blake2b.h"
-#include "sodium/crypto_hash.h"
-#include "sodium/crypto_hash_sha256.h"
-#include "sodium/crypto_hash_sha512.h"
-#include "sodium/crypto_kdf.h"
-#include "sodium/crypto_kdf_blake2b.h"
-#include "sodium/crypto_kx.h"
-#include "sodium/crypto_onetimeauth.h"
-#include "sodium/crypto_onetimeauth_poly1305.h"
-#include "sodium/crypto_pwhash.h"
-#include "sodium/crypto_pwhash_argon2i.h"
-#include "sodium/crypto_scalarmult.h"
-#include "sodium/crypto_scalarmult_curve25519.h"
-#include "sodium/crypto_secretbox.h"
-#include "sodium/crypto_secretbox_xsalsa20poly1305.h"
-#include "sodium/crypto_secretstream_xchacha20poly1305.h"
-#include "sodium/crypto_shorthash.h"
-#include "sodium/crypto_shorthash_siphash24.h"
-#include "sodium/crypto_sign.h"
-#include "sodium/crypto_sign_ed25519.h"
-#include "sodium/crypto_stream.h"
-#include "sodium/crypto_stream_chacha20.h"
-#include "sodium/crypto_stream_salsa20.h"
-#include "sodium/crypto_stream_xsalsa20.h"
-#include "sodium/crypto_verify_16.h"
-#include "sodium/crypto_verify_32.h"
-#include "sodium/crypto_verify_64.h"
-#include "sodium/randombytes.h"
-#ifdef __native_client__
-# include "sodium/randombytes_nativeclient.h"
-#endif
-#include "sodium/randombytes_salsa20_random.h"
-#include "sodium/randombytes_sysrandom.h"
-#include "sodium/runtime.h"
-#include "sodium/utils.h"
-
-#ifndef SODIUM_LIBRARY_MINIMAL
-# include "sodium/crypto_box_curve25519xchacha20poly1305.h"
-# include "sodium/crypto_core_ed25519.h"
-# include "sodium/crypto_scalarmult_ed25519.h"
-# include "sodium/crypto_secretbox_xchacha20poly1305.h"
-# include "sodium/crypto_pwhash_scryptsalsa208sha256.h"
-# include "sodium/crypto_stream_salsa2012.h"
-# include "sodium/crypto_stream_salsa208.h"
-# include "sodium/crypto_stream_xchacha20.h"
-#endif
-
-#endif
+
+#ifndef sodium_H
+#define sodium_H
+
+#include "sodium/version.h"
+
+#include "sodium/core.h"
+#include "sodium/crypto_aead_aes256gcm.h"
+#include "sodium/crypto_aead_chacha20poly1305.h"
+#include "sodium/crypto_aead_xchacha20poly1305.h"
+#include "sodium/crypto_auth.h"
+#include "sodium/crypto_auth_hmacsha256.h"
+#include "sodium/crypto_auth_hmacsha512.h"
+#include "sodium/crypto_auth_hmacsha512256.h"
+#include "sodium/crypto_box.h"
+#include "sodium/crypto_box_curve25519xsalsa20poly1305.h"
+#include "sodium/crypto_core_hsalsa20.h"
+#include "sodium/crypto_core_hchacha20.h"
+#include "sodium/crypto_core_salsa20.h"
+#include "sodium/crypto_core_salsa2012.h"
+#include "sodium/crypto_core_salsa208.h"
+#include "sodium/crypto_generichash.h"
+#include "sodium/crypto_generichash_blake2b.h"
+#include "sodium/crypto_hash.h"
+#include "sodium/crypto_hash_sha256.h"
+#include "sodium/crypto_hash_sha512.h"
+#include "sodium/crypto_kdf.h"
+#include "sodium/crypto_kdf_blake2b.h"
+#include "sodium/crypto_kx.h"
+#include "sodium/crypto_onetimeauth.h"
+#include "sodium/crypto_onetimeauth_poly1305.h"
+#include "sodium/crypto_pwhash.h"
+#include "sodium/crypto_pwhash_argon2i.h"
+#include "sodium/crypto_scalarmult.h"
+#include "sodium/crypto_scalarmult_curve25519.h"
+#include "sodium/crypto_secretbox.h"
+#include "sodium/crypto_secretbox_xsalsa20poly1305.h"
+#include "sodium/crypto_secretstream_xchacha20poly1305.h"
+#include "sodium/crypto_shorthash.h"
+#include "sodium/crypto_shorthash_siphash24.h"
+#include "sodium/crypto_sign.h"
+#include "sodium/crypto_sign_ed25519.h"
+#include "sodium/crypto_stream.h"
+#include "sodium/crypto_stream_chacha20.h"
+#include "sodium/crypto_stream_salsa20.h"
+#include "sodium/crypto_stream_xsalsa20.h"
+#include "sodium/crypto_verify_16.h"
+#include "sodium/crypto_verify_32.h"
+#include "sodium/crypto_verify_64.h"
+#include "sodium/randombytes.h"
+#ifdef __native_client__
+# include "sodium/randombytes_nativeclient.h"
+#endif
+#include "sodium/randombytes_salsa20_random.h"
+#include "sodium/randombytes_sysrandom.h"
+#include "sodium/runtime.h"
+#include "sodium/utils.h"
+
+#ifndef SODIUM_LIBRARY_MINIMAL
+# include "sodium/crypto_box_curve25519xchacha20poly1305.h"
+# include "sodium/crypto_core_ed25519.h"
+# include "sodium/crypto_scalarmult_ed25519.h"
+# include "sodium/crypto_secretbox_xchacha20poly1305.h"
+# include "sodium/crypto_pwhash_scryptsalsa208sha256.h"
+# include "sodium/crypto_stream_salsa2012.h"
+# include "sodium/crypto_stream_salsa208.h"
+# include "sodium/crypto_stream_xchacha20.h"
+#endif
+
+#endif
diff --git a/libs/libsodium/src/include/sodium/core.h b/libs/libsodium/src/include/sodium/core.h
index dd088d2cae..0afb78a831 100644
--- a/libs/libsodium/src/include/sodium/core.h
+++ b/libs/libsodium/src/include/sodium/core.h
@@ -1,28 +1,28 @@
-
-#ifndef sodium_core_H
-#define sodium_core_H
-
-#include "export.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-SODIUM_EXPORT
-int sodium_init(void)
- __attribute__ ((warn_unused_result));
-
-/* ---- */
-
-SODIUM_EXPORT
-int sodium_set_misuse_handler(void (*handler)(void));
-
-SODIUM_EXPORT
-void sodium_misuse(void)
- __attribute__ ((noreturn));
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
+
+#ifndef sodium_core_H
+#define sodium_core_H
+
+#include "export.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+SODIUM_EXPORT
+int sodium_init(void)
+ __attribute__ ((warn_unused_result));
+
+/* ---- */
+
+SODIUM_EXPORT
+int sodium_set_misuse_handler(void (*handler)(void));
+
+SODIUM_EXPORT
+void sodium_misuse(void)
+ __attribute__ ((noreturn));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/libs/libsodium/src/include/sodium/crypto_aead_aes256gcm.h b/libs/libsodium/src/include/sodium/crypto_aead_aes256gcm.h
index 5e67aa99c5..47c32b06df 100644
--- a/libs/libsodium/src/include/sodium/crypto_aead_aes256gcm.h
+++ b/libs/libsodium/src/include/sodium/crypto_aead_aes256gcm.h
@@ -1,171 +1,179 @@
-#ifndef crypto_aead_aes256gcm_H
-#define crypto_aead_aes256gcm_H
-
-/*
- * WARNING: Despite being the most popular AEAD construction due to its
- * use in TLS, safely using AES-GCM in a different context is tricky.
- *
- * No more than ~ 350 GB of input data should be encrypted with a given key.
- * This is for ~ 16 KB messages -- Actual figures vary according to
- * message sizes.
- *
- * In addition, nonces are short and repeated nonces would totally destroy
- * the security of this scheme.
- *
- * Nonces should thus come from atomic counters, which can be difficult to
- * set up in a distributed environment.
- *
- * Unless you absolutely need AES-GCM, use crypto_aead_xchacha20poly1305_ietf_*()
- * instead. It doesn't have any of these limitations.
- * Or, if you don't need to authenticate additional data, just stick to
- * crypto_secretbox().
- */
-
-#include <stddef.h>
-#include "export.h"
-
-#ifdef __cplusplus
-# ifdef __GNUC__
-# pragma GCC diagnostic ignored "-Wlong-long"
-# endif
-extern "C" {
-#endif
-
-SODIUM_EXPORT
-int crypto_aead_aes256gcm_is_available(void);
-
-#define crypto_aead_aes256gcm_KEYBYTES 32U
-SODIUM_EXPORT
-size_t crypto_aead_aes256gcm_keybytes(void);
-
-#define crypto_aead_aes256gcm_NSECBYTES 0U
-SODIUM_EXPORT
-size_t crypto_aead_aes256gcm_nsecbytes(void);
-
-#define crypto_aead_aes256gcm_NPUBBYTES 12U
-SODIUM_EXPORT
-size_t crypto_aead_aes256gcm_npubbytes(void);
-
-#define crypto_aead_aes256gcm_ABYTES 16U
-SODIUM_EXPORT
-size_t crypto_aead_aes256gcm_abytes(void);
-
-#define crypto_aead_aes256gcm_MESSAGEBYTES_MAX \
- SODIUM_MIN(SODIUM_SIZE_MAX - crypto_aead_aes256gcm_ABYTES, \
- (16ULL * ((1ULL << 32) - 2ULL)))
-SODIUM_EXPORT
-size_t crypto_aead_aes256gcm_messagebytes_max(void);
-
-typedef CRYPTO_ALIGN(16) unsigned char crypto_aead_aes256gcm_state[512];
-
-SODIUM_EXPORT
-size_t crypto_aead_aes256gcm_statebytes(void);
-
-SODIUM_EXPORT
-int crypto_aead_aes256gcm_encrypt(unsigned char *c,
- unsigned long long *clen_p,
- const unsigned char *m,
- unsigned long long mlen,
- const unsigned char *ad,
- unsigned long long adlen,
- const unsigned char *nsec,
- const unsigned char *npub,
- const unsigned char *k);
-
-SODIUM_EXPORT
-int crypto_aead_aes256gcm_decrypt(unsigned char *m,
- unsigned long long *mlen_p,
- unsigned char *nsec,
- const unsigned char *c,
- unsigned long long clen,
- const unsigned char *ad,
- unsigned long long adlen,
- const unsigned char *npub,
- const unsigned char *k)
- __attribute__ ((warn_unused_result));
-
-SODIUM_EXPORT
-int crypto_aead_aes256gcm_encrypt_detached(unsigned char *c,
- unsigned char *mac,
- unsigned long long *maclen_p,
- const unsigned char *m,
- unsigned long long mlen,
- const unsigned char *ad,
- unsigned long long adlen,
- const unsigned char *nsec,
- const unsigned char *npub,
- const unsigned char *k);
-
-SODIUM_EXPORT
-int crypto_aead_aes256gcm_decrypt_detached(unsigned char *m,
- unsigned char *nsec,
- const unsigned char *c,
- unsigned long long clen,
- const unsigned char *mac,
- const unsigned char *ad,
- unsigned long long adlen,
- const unsigned char *npub,
- const unsigned char *k)
- __attribute__ ((warn_unused_result));
-
-/* -- Precomputation interface -- */
-
-SODIUM_EXPORT
-int crypto_aead_aes256gcm_beforenm(crypto_aead_aes256gcm_state *ctx_,
- const unsigned char *k);
-
-SODIUM_EXPORT
-int crypto_aead_aes256gcm_encrypt_afternm(unsigned char *c,
- unsigned long long *clen_p,
- const unsigned char *m,
- unsigned long long mlen,
- const unsigned char *ad,
- unsigned long long adlen,
- const unsigned char *nsec,
- const unsigned char *npub,
- const crypto_aead_aes256gcm_state *ctx_);
-
-SODIUM_EXPORT
-int crypto_aead_aes256gcm_decrypt_afternm(unsigned char *m,
- unsigned long long *mlen_p,
- unsigned char *nsec,
- const unsigned char *c,
- unsigned long long clen,
- const unsigned char *ad,
- unsigned long long adlen,
- const unsigned char *npub,
- const crypto_aead_aes256gcm_state *ctx_)
- __attribute__ ((warn_unused_result));
-
-SODIUM_EXPORT
-int crypto_aead_aes256gcm_encrypt_detached_afternm(unsigned char *c,
- unsigned char *mac,
- unsigned long long *maclen_p,
- const unsigned char *m,
- unsigned long long mlen,
- const unsigned char *ad,
- unsigned long long adlen,
- const unsigned char *nsec,
- const unsigned char *npub,
- const crypto_aead_aes256gcm_state *ctx_);
-
-SODIUM_EXPORT
-int crypto_aead_aes256gcm_decrypt_detached_afternm(unsigned char *m,
- unsigned char *nsec,
- const unsigned char *c,
- unsigned long long clen,
- const unsigned char *mac,
- const unsigned char *ad,
- unsigned long long adlen,
- const unsigned char *npub,
- const crypto_aead_aes256gcm_state *ctx_)
- __attribute__ ((warn_unused_result));
-
-SODIUM_EXPORT
-void crypto_aead_aes256gcm_keygen(unsigned char k[crypto_aead_aes256gcm_KEYBYTES]);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
+#ifndef crypto_aead_aes256gcm_H
+#define crypto_aead_aes256gcm_H
+
+/*
+ * WARNING: Despite being the most popular AEAD construction due to its
+ * use in TLS, safely using AES-GCM in a different context is tricky.
+ *
+ * No more than ~ 350 GB of input data should be encrypted with a given key.
+ * This is for ~ 16 KB messages -- Actual figures vary according to
+ * message sizes.
+ *
+ * In addition, nonces are short and repeated nonces would totally destroy
+ * the security of this scheme.
+ *
+ * Nonces should thus come from atomic counters, which can be difficult to
+ * set up in a distributed environment.
+ *
+ * Unless you absolutely need AES-GCM, use crypto_aead_xchacha20poly1305_ietf_*()
+ * instead. It doesn't have any of these limitations.
+ * Or, if you don't need to authenticate additional data, just stick to
+ * crypto_secretbox().
+ */
+
+#include <stddef.h>
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+# pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+SODIUM_EXPORT
+int crypto_aead_aes256gcm_is_available(void);
+
+#define crypto_aead_aes256gcm_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_aead_aes256gcm_keybytes(void);
+
+#define crypto_aead_aes256gcm_NSECBYTES 0U
+SODIUM_EXPORT
+size_t crypto_aead_aes256gcm_nsecbytes(void);
+
+#define crypto_aead_aes256gcm_NPUBBYTES 12U
+SODIUM_EXPORT
+size_t crypto_aead_aes256gcm_npubbytes(void);
+
+#define crypto_aead_aes256gcm_ABYTES 16U
+SODIUM_EXPORT
+size_t crypto_aead_aes256gcm_abytes(void);
+
+#define crypto_aead_aes256gcm_MESSAGEBYTES_MAX \
+ SODIUM_MIN(SODIUM_SIZE_MAX - crypto_aead_aes256gcm_ABYTES, \
+ (16ULL * ((1ULL << 32) - 2ULL)))
+SODIUM_EXPORT
+size_t crypto_aead_aes256gcm_messagebytes_max(void);
+
+typedef CRYPTO_ALIGN(16) struct crypto_aead_aes256gcm_state_ {
+ unsigned char opaque[512];
+} crypto_aead_aes256gcm_state;
+
+SODIUM_EXPORT
+size_t crypto_aead_aes256gcm_statebytes(void);
+
+SODIUM_EXPORT
+int crypto_aead_aes256gcm_encrypt(unsigned char *c,
+ unsigned long long *clen_p,
+ const unsigned char *m,
+ unsigned long long mlen,
+ const unsigned char *ad,
+ unsigned long long adlen,
+ const unsigned char *nsec,
+ const unsigned char *npub,
+ const unsigned char *k)
+ __attribute__ ((nonnull(1, 8, 9)));
+
+SODIUM_EXPORT
+int crypto_aead_aes256gcm_decrypt(unsigned char *m,
+ unsigned long long *mlen_p,
+ unsigned char *nsec,
+ const unsigned char *c,
+ unsigned long long clen,
+ const unsigned char *ad,
+ unsigned long long adlen,
+ const unsigned char *npub,
+ const unsigned char *k)
+ __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(4, 8, 9)));
+
+SODIUM_EXPORT
+int crypto_aead_aes256gcm_encrypt_detached(unsigned char *c,
+ unsigned char *mac,
+ unsigned long long *maclen_p,
+ const unsigned char *m,
+ unsigned long long mlen,
+ const unsigned char *ad,
+ unsigned long long adlen,
+ const unsigned char *nsec,
+ const unsigned char *npub,
+ const unsigned char *k)
+ __attribute__ ((nonnull(1, 2, 9, 10)));
+
+SODIUM_EXPORT
+int crypto_aead_aes256gcm_decrypt_detached(unsigned char *m,
+ unsigned char *nsec,
+ const unsigned char *c,
+ unsigned long long clen,
+ const unsigned char *mac,
+ const unsigned char *ad,
+ unsigned long long adlen,
+ const unsigned char *npub,
+ const unsigned char *k)
+ __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 5, 8, 9)));
+
+/* -- Precomputation interface -- */
+
+SODIUM_EXPORT
+int crypto_aead_aes256gcm_beforenm(crypto_aead_aes256gcm_state *ctx_,
+ const unsigned char *k)
+ __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_aead_aes256gcm_encrypt_afternm(unsigned char *c,
+ unsigned long long *clen_p,
+ const unsigned char *m,
+ unsigned long long mlen,
+ const unsigned char *ad,
+ unsigned long long adlen,
+ const unsigned char *nsec,
+ const unsigned char *npub,
+ const crypto_aead_aes256gcm_state *ctx_)
+ __attribute__ ((nonnull(1, 8, 9)));
+
+SODIUM_EXPORT
+int crypto_aead_aes256gcm_decrypt_afternm(unsigned char *m,
+ unsigned long long *mlen_p,
+ unsigned char *nsec,
+ const unsigned char *c,
+ unsigned long long clen,
+ const unsigned char *ad,
+ unsigned long long adlen,
+ const unsigned char *npub,
+ const crypto_aead_aes256gcm_state *ctx_)
+ __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(4, 8, 9)));
+
+SODIUM_EXPORT
+int crypto_aead_aes256gcm_encrypt_detached_afternm(unsigned char *c,
+ unsigned char *mac,
+ unsigned long long *maclen_p,
+ const unsigned char *m,
+ unsigned long long mlen,
+ const unsigned char *ad,
+ unsigned long long adlen,
+ const unsigned char *nsec,
+ const unsigned char *npub,
+ const crypto_aead_aes256gcm_state *ctx_)
+ __attribute__ ((nonnull(1, 2, 9, 10)));
+
+SODIUM_EXPORT
+int crypto_aead_aes256gcm_decrypt_detached_afternm(unsigned char *m,
+ unsigned char *nsec,
+ const unsigned char *c,
+ unsigned long long clen,
+ const unsigned char *mac,
+ const unsigned char *ad,
+ unsigned long long adlen,
+ const unsigned char *npub,
+ const crypto_aead_aes256gcm_state *ctx_)
+ __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 5, 8, 9)));
+
+SODIUM_EXPORT
+void crypto_aead_aes256gcm_keygen(unsigned char k[crypto_aead_aes256gcm_KEYBYTES])
+ __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/libs/libsodium/src/include/sodium/crypto_aead_chacha20poly1305.h b/libs/libsodium/src/include/sodium/crypto_aead_chacha20poly1305.h
index 8ab31243ff..20d63c6755 100644
--- a/libs/libsodium/src/include/sodium/crypto_aead_chacha20poly1305.h
+++ b/libs/libsodium/src/include/sodium/crypto_aead_chacha20poly1305.h
@@ -1,174 +1,180 @@
-#ifndef crypto_aead_chacha20poly1305_H
-#define crypto_aead_chacha20poly1305_H
-
-#include <stddef.h>
-#include "export.h"
-
-#ifdef __cplusplus
-# ifdef __GNUC__
-# pragma GCC diagnostic ignored "-Wlong-long"
-# endif
-extern "C" {
-#endif
-
-/* -- IETF ChaCha20-Poly1305 construction with a 96-bit nonce and a 32-bit internal counter -- */
-
-#define crypto_aead_chacha20poly1305_ietf_KEYBYTES 32U
-SODIUM_EXPORT
-size_t crypto_aead_chacha20poly1305_ietf_keybytes(void);
-
-#define crypto_aead_chacha20poly1305_ietf_NSECBYTES 0U
-SODIUM_EXPORT
-size_t crypto_aead_chacha20poly1305_ietf_nsecbytes(void);
-
-#define crypto_aead_chacha20poly1305_ietf_NPUBBYTES 12U
-
-SODIUM_EXPORT
-size_t crypto_aead_chacha20poly1305_ietf_npubbytes(void);
-
-#define crypto_aead_chacha20poly1305_ietf_ABYTES 16U
-SODIUM_EXPORT
-size_t crypto_aead_chacha20poly1305_ietf_abytes(void);
-
-#define crypto_aead_chacha20poly1305_ietf_MESSAGEBYTES_MAX \
- SODIUM_MIN(SODIUM_SIZE_MAX - crypto_aead_chacha20poly1305_ietf_ABYTES, \
- (64ULL * ((1ULL << 32) - 1ULL)))
-SODIUM_EXPORT
-size_t crypto_aead_chacha20poly1305_ietf_messagebytes_max(void);
-
-SODIUM_EXPORT
-int crypto_aead_chacha20poly1305_ietf_encrypt(unsigned char *c,
- unsigned long long *clen_p,
- const unsigned char *m,
- unsigned long long mlen,
- const unsigned char *ad,
- unsigned long long adlen,
- const unsigned char *nsec,
- const unsigned char *npub,
- const unsigned char *k);
-
-SODIUM_EXPORT
-int crypto_aead_chacha20poly1305_ietf_decrypt(unsigned char *m,
- unsigned long long *mlen_p,
- unsigned char *nsec,
- const unsigned char *c,
- unsigned long long clen,
- const unsigned char *ad,
- unsigned long long adlen,
- const unsigned char *npub,
- const unsigned char *k)
- __attribute__ ((warn_unused_result));
-
-SODIUM_EXPORT
-int crypto_aead_chacha20poly1305_ietf_encrypt_detached(unsigned char *c,
- unsigned char *mac,
- unsigned long long *maclen_p,
- const unsigned char *m,
- unsigned long long mlen,
- const unsigned char *ad,
- unsigned long long adlen,
- const unsigned char *nsec,
- const unsigned char *npub,
- const unsigned char *k);
-
-SODIUM_EXPORT
-int crypto_aead_chacha20poly1305_ietf_decrypt_detached(unsigned char *m,
- unsigned char *nsec,
- const unsigned char *c,
- unsigned long long clen,
- const unsigned char *mac,
- const unsigned char *ad,
- unsigned long long adlen,
- const unsigned char *npub,
- const unsigned char *k)
- __attribute__ ((warn_unused_result));
-
-SODIUM_EXPORT
-void crypto_aead_chacha20poly1305_ietf_keygen(unsigned char k[crypto_aead_chacha20poly1305_ietf_KEYBYTES]);
-
-/* -- Original ChaCha20-Poly1305 construction with a 64-bit nonce and a 64-bit internal counter -- */
-
-#define crypto_aead_chacha20poly1305_KEYBYTES 32U
-SODIUM_EXPORT
-size_t crypto_aead_chacha20poly1305_keybytes(void);
-
-#define crypto_aead_chacha20poly1305_NSECBYTES 0U
-SODIUM_EXPORT
-size_t crypto_aead_chacha20poly1305_nsecbytes(void);
-
-#define crypto_aead_chacha20poly1305_NPUBBYTES 8U
-SODIUM_EXPORT
-size_t crypto_aead_chacha20poly1305_npubbytes(void);
-
-#define crypto_aead_chacha20poly1305_ABYTES 16U
-SODIUM_EXPORT
-size_t crypto_aead_chacha20poly1305_abytes(void);
-
-#define crypto_aead_chacha20poly1305_MESSAGEBYTES_MAX \
- (SODIUM_SIZE_MAX - crypto_aead_chacha20poly1305_ABYTES)
-SODIUM_EXPORT
-size_t crypto_aead_chacha20poly1305_messagebytes_max(void);
-
-SODIUM_EXPORT
-int crypto_aead_chacha20poly1305_encrypt(unsigned char *c,
- unsigned long long *clen_p,
- const unsigned char *m,
- unsigned long long mlen,
- const unsigned char *ad,
- unsigned long long adlen,
- const unsigned char *nsec,
- const unsigned char *npub,
- const unsigned char *k);
-
-SODIUM_EXPORT
-int crypto_aead_chacha20poly1305_decrypt(unsigned char *m,
- unsigned long long *mlen_p,
- unsigned char *nsec,
- const unsigned char *c,
- unsigned long long clen,
- const unsigned char *ad,
- unsigned long long adlen,
- const unsigned char *npub,
- const unsigned char *k)
- __attribute__ ((warn_unused_result));
-
-SODIUM_EXPORT
-int crypto_aead_chacha20poly1305_encrypt_detached(unsigned char *c,
- unsigned char *mac,
- unsigned long long *maclen_p,
- const unsigned char *m,
- unsigned long long mlen,
- const unsigned char *ad,
- unsigned long long adlen,
- const unsigned char *nsec,
- const unsigned char *npub,
- const unsigned char *k);
-
-SODIUM_EXPORT
-int crypto_aead_chacha20poly1305_decrypt_detached(unsigned char *m,
- unsigned char *nsec,
- const unsigned char *c,
- unsigned long long clen,
- const unsigned char *mac,
- const unsigned char *ad,
- unsigned long long adlen,
- const unsigned char *npub,
- const unsigned char *k)
- __attribute__ ((warn_unused_result));
-
-SODIUM_EXPORT
-void crypto_aead_chacha20poly1305_keygen(unsigned char k[crypto_aead_chacha20poly1305_KEYBYTES]);
-
-/* Aliases */
-
-#define crypto_aead_chacha20poly1305_IETF_KEYBYTES crypto_aead_chacha20poly1305_ietf_KEYBYTES
-#define crypto_aead_chacha20poly1305_IETF_NSECBYTES crypto_aead_chacha20poly1305_ietf_NSECBYTES
-#define crypto_aead_chacha20poly1305_IETF_NPUBBYTES crypto_aead_chacha20poly1305_ietf_NPUBBYTES
-#define crypto_aead_chacha20poly1305_IETF_ABYTES crypto_aead_chacha20poly1305_ietf_ABYTES
-#define crypto_aead_chacha20poly1305_IETF_MESSAGEBYTES_MAX crypto_aead_chacha20poly1305_ietf_MESSAGEBYTES_MAX
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
+#ifndef crypto_aead_chacha20poly1305_H
+#define crypto_aead_chacha20poly1305_H
+
+#include <stddef.h>
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+# pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+/* -- IETF ChaCha20-Poly1305 construction with a 96-bit nonce and a 32-bit internal counter -- */
+
+#define crypto_aead_chacha20poly1305_ietf_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_aead_chacha20poly1305_ietf_keybytes(void);
+
+#define crypto_aead_chacha20poly1305_ietf_NSECBYTES 0U
+SODIUM_EXPORT
+size_t crypto_aead_chacha20poly1305_ietf_nsecbytes(void);
+
+#define crypto_aead_chacha20poly1305_ietf_NPUBBYTES 12U
+
+SODIUM_EXPORT
+size_t crypto_aead_chacha20poly1305_ietf_npubbytes(void);
+
+#define crypto_aead_chacha20poly1305_ietf_ABYTES 16U
+SODIUM_EXPORT
+size_t crypto_aead_chacha20poly1305_ietf_abytes(void);
+
+#define crypto_aead_chacha20poly1305_ietf_MESSAGEBYTES_MAX \
+ SODIUM_MIN(SODIUM_SIZE_MAX - crypto_aead_chacha20poly1305_ietf_ABYTES, \
+ (64ULL * ((1ULL << 32) - 1ULL)))
+SODIUM_EXPORT
+size_t crypto_aead_chacha20poly1305_ietf_messagebytes_max(void);
+
+SODIUM_EXPORT
+int crypto_aead_chacha20poly1305_ietf_encrypt(unsigned char *c,
+ unsigned long long *clen_p,
+ const unsigned char *m,
+ unsigned long long mlen,
+ const unsigned char *ad,
+ unsigned long long adlen,
+ const unsigned char *nsec,
+ const unsigned char *npub,
+ const unsigned char *k)
+ __attribute__ ((nonnull(1, 8, 9)));
+
+SODIUM_EXPORT
+int crypto_aead_chacha20poly1305_ietf_decrypt(unsigned char *m,
+ unsigned long long *mlen_p,
+ unsigned char *nsec,
+ const unsigned char *c,
+ unsigned long long clen,
+ const unsigned char *ad,
+ unsigned long long adlen,
+ const unsigned char *npub,
+ const unsigned char *k)
+ __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(4, 8, 9)));
+
+SODIUM_EXPORT
+int crypto_aead_chacha20poly1305_ietf_encrypt_detached(unsigned char *c,
+ unsigned char *mac,
+ unsigned long long *maclen_p,
+ const unsigned char *m,
+ unsigned long long mlen,
+ const unsigned char *ad,
+ unsigned long long adlen,
+ const unsigned char *nsec,
+ const unsigned char *npub,
+ const unsigned char *k)
+ __attribute__ ((nonnull(1, 2, 9, 10)));
+
+SODIUM_EXPORT
+int crypto_aead_chacha20poly1305_ietf_decrypt_detached(unsigned char *m,
+ unsigned char *nsec,
+ const unsigned char *c,
+ unsigned long long clen,
+ const unsigned char *mac,
+ const unsigned char *ad,
+ unsigned long long adlen,
+ const unsigned char *npub,
+ const unsigned char *k)
+ __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 5, 8, 9)));
+
+SODIUM_EXPORT
+void crypto_aead_chacha20poly1305_ietf_keygen(unsigned char k[crypto_aead_chacha20poly1305_ietf_KEYBYTES])
+ __attribute__ ((nonnull));
+
+/* -- Original ChaCha20-Poly1305 construction with a 64-bit nonce and a 64-bit internal counter -- */
+
+#define crypto_aead_chacha20poly1305_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_aead_chacha20poly1305_keybytes(void);
+
+#define crypto_aead_chacha20poly1305_NSECBYTES 0U
+SODIUM_EXPORT
+size_t crypto_aead_chacha20poly1305_nsecbytes(void);
+
+#define crypto_aead_chacha20poly1305_NPUBBYTES 8U
+SODIUM_EXPORT
+size_t crypto_aead_chacha20poly1305_npubbytes(void);
+
+#define crypto_aead_chacha20poly1305_ABYTES 16U
+SODIUM_EXPORT
+size_t crypto_aead_chacha20poly1305_abytes(void);
+
+#define crypto_aead_chacha20poly1305_MESSAGEBYTES_MAX \
+ (SODIUM_SIZE_MAX - crypto_aead_chacha20poly1305_ABYTES)
+SODIUM_EXPORT
+size_t crypto_aead_chacha20poly1305_messagebytes_max(void);
+
+SODIUM_EXPORT
+int crypto_aead_chacha20poly1305_encrypt(unsigned char *c,
+ unsigned long long *clen_p,
+ const unsigned char *m,
+ unsigned long long mlen,
+ const unsigned char *ad,
+ unsigned long long adlen,
+ const unsigned char *nsec,
+ const unsigned char *npub,
+ const unsigned char *k)
+ __attribute__ ((nonnull(1, 8, 9)));
+
+SODIUM_EXPORT
+int crypto_aead_chacha20poly1305_decrypt(unsigned char *m,
+ unsigned long long *mlen_p,
+ unsigned char *nsec,
+ const unsigned char *c,
+ unsigned long long clen,
+ const unsigned char *ad,
+ unsigned long long adlen,
+ const unsigned char *npub,
+ const unsigned char *k)
+ __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(4, 8, 9)));
+
+SODIUM_EXPORT
+int crypto_aead_chacha20poly1305_encrypt_detached(unsigned char *c,
+ unsigned char *mac,
+ unsigned long long *maclen_p,
+ const unsigned char *m,
+ unsigned long long mlen,
+ const unsigned char *ad,
+ unsigned long long adlen,
+ const unsigned char *nsec,
+ const unsigned char *npub,
+ const unsigned char *k)
+ __attribute__ ((nonnull(1, 2, 9, 10)));
+
+SODIUM_EXPORT
+int crypto_aead_chacha20poly1305_decrypt_detached(unsigned char *m,
+ unsigned char *nsec,
+ const unsigned char *c,
+ unsigned long long clen,
+ const unsigned char *mac,
+ const unsigned char *ad,
+ unsigned long long adlen,
+ const unsigned char *npub,
+ const unsigned char *k)
+ __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 5, 8, 9)));
+
+SODIUM_EXPORT
+void crypto_aead_chacha20poly1305_keygen(unsigned char k[crypto_aead_chacha20poly1305_KEYBYTES])
+ __attribute__ ((nonnull));
+
+/* Aliases */
+
+#define crypto_aead_chacha20poly1305_IETF_KEYBYTES crypto_aead_chacha20poly1305_ietf_KEYBYTES
+#define crypto_aead_chacha20poly1305_IETF_NSECBYTES crypto_aead_chacha20poly1305_ietf_NSECBYTES
+#define crypto_aead_chacha20poly1305_IETF_NPUBBYTES crypto_aead_chacha20poly1305_ietf_NPUBBYTES
+#define crypto_aead_chacha20poly1305_IETF_ABYTES crypto_aead_chacha20poly1305_ietf_ABYTES
+#define crypto_aead_chacha20poly1305_IETF_MESSAGEBYTES_MAX crypto_aead_chacha20poly1305_ietf_MESSAGEBYTES_MAX
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/libs/libsodium/src/include/sodium/crypto_aead_xchacha20poly1305.h b/libs/libsodium/src/include/sodium/crypto_aead_xchacha20poly1305.h
index 99692aae9a..5e2eb5bb61 100644
--- a/libs/libsodium/src/include/sodium/crypto_aead_xchacha20poly1305.h
+++ b/libs/libsodium/src/include/sodium/crypto_aead_xchacha20poly1305.h
@@ -1,97 +1,100 @@
-#ifndef crypto_aead_xchacha20poly1305_H
-#define crypto_aead_xchacha20poly1305_H
-
-#include <stddef.h>
-#include "export.h"
-
-#ifdef __cplusplus
-# ifdef __GNUC__
-# pragma GCC diagnostic ignored "-Wlong-long"
-# endif
-extern "C" {
-#endif
-
-#define crypto_aead_xchacha20poly1305_ietf_KEYBYTES 32U
-SODIUM_EXPORT
-size_t crypto_aead_xchacha20poly1305_ietf_keybytes(void);
-
-#define crypto_aead_xchacha20poly1305_ietf_NSECBYTES 0U
-SODIUM_EXPORT
-size_t crypto_aead_xchacha20poly1305_ietf_nsecbytes(void);
-
-#define crypto_aead_xchacha20poly1305_ietf_NPUBBYTES 24U
-SODIUM_EXPORT
-size_t crypto_aead_xchacha20poly1305_ietf_npubbytes(void);
-
-#define crypto_aead_xchacha20poly1305_ietf_ABYTES 16U
-SODIUM_EXPORT
-size_t crypto_aead_xchacha20poly1305_ietf_abytes(void);
-
-#define crypto_aead_xchacha20poly1305_ietf_MESSAGEBYTES_MAX \
- (SODIUM_SIZE_MAX - crypto_aead_xchacha20poly1305_ietf_ABYTES)
-SODIUM_EXPORT
-size_t crypto_aead_xchacha20poly1305_ietf_messagebytes_max(void);
-
-SODIUM_EXPORT
-int crypto_aead_xchacha20poly1305_ietf_encrypt(unsigned char *c,
- unsigned long long *clen_p,
- const unsigned char *m,
- unsigned long long mlen,
- const unsigned char *ad,
- unsigned long long adlen,
- const unsigned char *nsec,
- const unsigned char *npub,
- const unsigned char *k);
-
-SODIUM_EXPORT
-int crypto_aead_xchacha20poly1305_ietf_decrypt(unsigned char *m,
- unsigned long long *mlen_p,
- unsigned char *nsec,
- const unsigned char *c,
- unsigned long long clen,
- const unsigned char *ad,
- unsigned long long adlen,
- const unsigned char *npub,
- const unsigned char *k)
- __attribute__ ((warn_unused_result));
-
-SODIUM_EXPORT
-int crypto_aead_xchacha20poly1305_ietf_encrypt_detached(unsigned char *c,
- unsigned char *mac,
- unsigned long long *maclen_p,
- const unsigned char *m,
- unsigned long long mlen,
- const unsigned char *ad,
- unsigned long long adlen,
- const unsigned char *nsec,
- const unsigned char *npub,
- const unsigned char *k);
-
-SODIUM_EXPORT
-int crypto_aead_xchacha20poly1305_ietf_decrypt_detached(unsigned char *m,
- unsigned char *nsec,
- const unsigned char *c,
- unsigned long long clen,
- const unsigned char *mac,
- const unsigned char *ad,
- unsigned long long adlen,
- const unsigned char *npub,
- const unsigned char *k)
- __attribute__ ((warn_unused_result));
-
-SODIUM_EXPORT
-void crypto_aead_xchacha20poly1305_ietf_keygen(unsigned char k[crypto_aead_xchacha20poly1305_ietf_KEYBYTES]);
-
-/* Aliases */
-
-#define crypto_aead_xchacha20poly1305_IETF_KEYBYTES crypto_aead_xchacha20poly1305_ietf_KEYBYTES
-#define crypto_aead_xchacha20poly1305_IETF_NSECBYTES crypto_aead_xchacha20poly1305_ietf_NSECBYTES
-#define crypto_aead_xchacha20poly1305_IETF_NPUBBYTES crypto_aead_xchacha20poly1305_ietf_NPUBBYTES
-#define crypto_aead_xchacha20poly1305_IETF_ABYTES crypto_aead_xchacha20poly1305_ietf_ABYTES
-#define crypto_aead_xchacha20poly1305_IETF_MESSAGEBYTES_MAX crypto_aead_xchacha20poly1305_ietf_MESSAGEBYTES_MAX
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
+#ifndef crypto_aead_xchacha20poly1305_H
+#define crypto_aead_xchacha20poly1305_H
+
+#include <stddef.h>
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+# pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_aead_xchacha20poly1305_ietf_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_aead_xchacha20poly1305_ietf_keybytes(void);
+
+#define crypto_aead_xchacha20poly1305_ietf_NSECBYTES 0U
+SODIUM_EXPORT
+size_t crypto_aead_xchacha20poly1305_ietf_nsecbytes(void);
+
+#define crypto_aead_xchacha20poly1305_ietf_NPUBBYTES 24U
+SODIUM_EXPORT
+size_t crypto_aead_xchacha20poly1305_ietf_npubbytes(void);
+
+#define crypto_aead_xchacha20poly1305_ietf_ABYTES 16U
+SODIUM_EXPORT
+size_t crypto_aead_xchacha20poly1305_ietf_abytes(void);
+
+#define crypto_aead_xchacha20poly1305_ietf_MESSAGEBYTES_MAX \
+ (SODIUM_SIZE_MAX - crypto_aead_xchacha20poly1305_ietf_ABYTES)
+SODIUM_EXPORT
+size_t crypto_aead_xchacha20poly1305_ietf_messagebytes_max(void);
+
+SODIUM_EXPORT
+int crypto_aead_xchacha20poly1305_ietf_encrypt(unsigned char *c,
+ unsigned long long *clen_p,
+ const unsigned char *m,
+ unsigned long long mlen,
+ const unsigned char *ad,
+ unsigned long long adlen,
+ const unsigned char *nsec,
+ const unsigned char *npub,
+ const unsigned char *k)
+ __attribute__ ((nonnull(1, 8, 9)));
+
+SODIUM_EXPORT
+int crypto_aead_xchacha20poly1305_ietf_decrypt(unsigned char *m,
+ unsigned long long *mlen_p,
+ unsigned char *nsec,
+ const unsigned char *c,
+ unsigned long long clen,
+ const unsigned char *ad,
+ unsigned long long adlen,
+ const unsigned char *npub,
+ const unsigned char *k)
+ __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(4, 8, 9)));
+
+SODIUM_EXPORT
+int crypto_aead_xchacha20poly1305_ietf_encrypt_detached(unsigned char *c,
+ unsigned char *mac,
+ unsigned long long *maclen_p,
+ const unsigned char *m,
+ unsigned long long mlen,
+ const unsigned char *ad,
+ unsigned long long adlen,
+ const unsigned char *nsec,
+ const unsigned char *npub,
+ const unsigned char *k)
+ __attribute__ ((nonnull(1, 2, 9, 10)));
+
+SODIUM_EXPORT
+int crypto_aead_xchacha20poly1305_ietf_decrypt_detached(unsigned char *m,
+ unsigned char *nsec,
+ const unsigned char *c,
+ unsigned long long clen,
+ const unsigned char *mac,
+ const unsigned char *ad,
+ unsigned long long adlen,
+ const unsigned char *npub,
+ const unsigned char *k)
+ __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 5, 9, 9)));
+
+SODIUM_EXPORT
+void crypto_aead_xchacha20poly1305_ietf_keygen(unsigned char k[crypto_aead_xchacha20poly1305_ietf_KEYBYTES])
+ __attribute__ ((nonnull));
+
+/* Aliases */
+
+#define crypto_aead_xchacha20poly1305_IETF_KEYBYTES crypto_aead_xchacha20poly1305_ietf_KEYBYTES
+#define crypto_aead_xchacha20poly1305_IETF_NSECBYTES crypto_aead_xchacha20poly1305_ietf_NSECBYTES
+#define crypto_aead_xchacha20poly1305_IETF_NPUBBYTES crypto_aead_xchacha20poly1305_ietf_NPUBBYTES
+#define crypto_aead_xchacha20poly1305_IETF_ABYTES crypto_aead_xchacha20poly1305_ietf_ABYTES
+#define crypto_aead_xchacha20poly1305_IETF_MESSAGEBYTES_MAX crypto_aead_xchacha20poly1305_ietf_MESSAGEBYTES_MAX
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/libs/libsodium/src/include/sodium/crypto_auth.h b/libs/libsodium/src/include/sodium/crypto_auth.h
index 7174e7bced..44e8f7e91a 100644
--- a/libs/libsodium/src/include/sodium/crypto_auth.h
+++ b/libs/libsodium/src/include/sodium/crypto_auth.h
@@ -1,44 +1,46 @@
-#ifndef crypto_auth_H
-#define crypto_auth_H
-
-#include <stddef.h>
-
-#include "crypto_auth_hmacsha512256.h"
-#include "export.h"
-
-#ifdef __cplusplus
-# ifdef __GNUC__
-# pragma GCC diagnostic ignored "-Wlong-long"
-# endif
-extern "C" {
-#endif
-
-#define crypto_auth_BYTES crypto_auth_hmacsha512256_BYTES
-SODIUM_EXPORT
-size_t crypto_auth_bytes(void);
-
-#define crypto_auth_KEYBYTES crypto_auth_hmacsha512256_KEYBYTES
-SODIUM_EXPORT
-size_t crypto_auth_keybytes(void);
-
-#define crypto_auth_PRIMITIVE "hmacsha512256"
-SODIUM_EXPORT
-const char *crypto_auth_primitive(void);
-
-SODIUM_EXPORT
-int crypto_auth(unsigned char *out, const unsigned char *in,
- unsigned long long inlen, const unsigned char *k);
-
-SODIUM_EXPORT
-int crypto_auth_verify(const unsigned char *h, const unsigned char *in,
- unsigned long long inlen, const unsigned char *k)
- __attribute__ ((warn_unused_result));
-
-SODIUM_EXPORT
-void crypto_auth_keygen(unsigned char k[crypto_auth_KEYBYTES]);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
+#ifndef crypto_auth_H
+#define crypto_auth_H
+
+#include <stddef.h>
+
+#include "crypto_auth_hmacsha512256.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+# pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_auth_BYTES crypto_auth_hmacsha512256_BYTES
+SODIUM_EXPORT
+size_t crypto_auth_bytes(void);
+
+#define crypto_auth_KEYBYTES crypto_auth_hmacsha512256_KEYBYTES
+SODIUM_EXPORT
+size_t crypto_auth_keybytes(void);
+
+#define crypto_auth_PRIMITIVE "hmacsha512256"
+SODIUM_EXPORT
+const char *crypto_auth_primitive(void);
+
+SODIUM_EXPORT
+int crypto_auth(unsigned char *out, const unsigned char *in,
+ unsigned long long inlen, const unsigned char *k)
+ __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_auth_verify(const unsigned char *h, const unsigned char *in,
+ unsigned long long inlen, const unsigned char *k)
+ __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_auth_keygen(unsigned char k[crypto_auth_KEYBYTES])
+ __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/libs/libsodium/src/include/sodium/crypto_auth_hmacsha256.h b/libs/libsodium/src/include/sodium/crypto_auth_hmacsha256.h
index deec5266e6..7c3959cb52 100644
--- a/libs/libsodium/src/include/sodium/crypto_auth_hmacsha256.h
+++ b/libs/libsodium/src/include/sodium/crypto_auth_hmacsha256.h
@@ -1,68 +1,70 @@
-#ifndef crypto_auth_hmacsha256_H
-#define crypto_auth_hmacsha256_H
-
-#include <stddef.h>
-#include "crypto_hash_sha256.h"
-#include "export.h"
-
-#ifdef __cplusplus
-# ifdef __GNUC__
-# pragma GCC diagnostic ignored "-Wlong-long"
-# endif
-extern "C" {
-#endif
-
-#define crypto_auth_hmacsha256_BYTES 32U
-SODIUM_EXPORT
-size_t crypto_auth_hmacsha256_bytes(void);
-
-#define crypto_auth_hmacsha256_KEYBYTES 32U
-SODIUM_EXPORT
-size_t crypto_auth_hmacsha256_keybytes(void);
-
-SODIUM_EXPORT
-int crypto_auth_hmacsha256(unsigned char *out,
- const unsigned char *in,
- unsigned long long inlen,
- const unsigned char *k);
-
-SODIUM_EXPORT
-int crypto_auth_hmacsha256_verify(const unsigned char *h,
- const unsigned char *in,
- unsigned long long inlen,
- const unsigned char *k)
- __attribute__ ((warn_unused_result));
-
-/* ------------------------------------------------------------------------- */
-
-typedef struct crypto_auth_hmacsha256_state {
- crypto_hash_sha256_state ictx;
- crypto_hash_sha256_state octx;
-} crypto_auth_hmacsha256_state;
-
-SODIUM_EXPORT
-size_t crypto_auth_hmacsha256_statebytes(void);
-
-SODIUM_EXPORT
-int crypto_auth_hmacsha256_init(crypto_auth_hmacsha256_state *state,
- const unsigned char *key,
- size_t keylen);
-
-SODIUM_EXPORT
-int crypto_auth_hmacsha256_update(crypto_auth_hmacsha256_state *state,
- const unsigned char *in,
- unsigned long long inlen);
-
-SODIUM_EXPORT
-int crypto_auth_hmacsha256_final(crypto_auth_hmacsha256_state *state,
- unsigned char *out);
-
-
-SODIUM_EXPORT
-void crypto_auth_hmacsha256_keygen(unsigned char k[crypto_auth_hmacsha256_KEYBYTES]);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
+#ifndef crypto_auth_hmacsha256_H
+#define crypto_auth_hmacsha256_H
+
+#include <stddef.h>
+#include "crypto_hash_sha256.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+# pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_auth_hmacsha256_BYTES 32U
+SODIUM_EXPORT
+size_t crypto_auth_hmacsha256_bytes(void);
+
+#define crypto_auth_hmacsha256_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_auth_hmacsha256_keybytes(void);
+
+SODIUM_EXPORT
+int crypto_auth_hmacsha256(unsigned char *out,
+ const unsigned char *in,
+ unsigned long long inlen,
+ const unsigned char *k) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_auth_hmacsha256_verify(const unsigned char *h,
+ const unsigned char *in,
+ unsigned long long inlen,
+ const unsigned char *k)
+ __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+/* ------------------------------------------------------------------------- */
+
+typedef struct crypto_auth_hmacsha256_state {
+ crypto_hash_sha256_state ictx;
+ crypto_hash_sha256_state octx;
+} crypto_auth_hmacsha256_state;
+
+SODIUM_EXPORT
+size_t crypto_auth_hmacsha256_statebytes(void);
+
+SODIUM_EXPORT
+int crypto_auth_hmacsha256_init(crypto_auth_hmacsha256_state *state,
+ const unsigned char *key,
+ size_t keylen) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_auth_hmacsha256_update(crypto_auth_hmacsha256_state *state,
+ const unsigned char *in,
+ unsigned long long inlen)
+ __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_auth_hmacsha256_final(crypto_auth_hmacsha256_state *state,
+ unsigned char *out) __attribute__ ((nonnull));
+
+
+SODIUM_EXPORT
+void crypto_auth_hmacsha256_keygen(unsigned char k[crypto_auth_hmacsha256_KEYBYTES])
+ __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/libs/libsodium/src/include/sodium/crypto_auth_hmacsha512.h b/libs/libsodium/src/include/sodium/crypto_auth_hmacsha512.h
index 77a55fbc00..fe49556329 100644
--- a/libs/libsodium/src/include/sodium/crypto_auth_hmacsha512.h
+++ b/libs/libsodium/src/include/sodium/crypto_auth_hmacsha512.h
@@ -1,67 +1,68 @@
-#ifndef crypto_auth_hmacsha512_H
-#define crypto_auth_hmacsha512_H
-
-#include <stddef.h>
-#include "crypto_hash_sha512.h"
-#include "export.h"
-
-#ifdef __cplusplus
-# ifdef __GNUC__
-# pragma GCC diagnostic ignored "-Wlong-long"
-# endif
-extern "C" {
-#endif
-
-#define crypto_auth_hmacsha512_BYTES 64U
-SODIUM_EXPORT
-size_t crypto_auth_hmacsha512_bytes(void);
-
-#define crypto_auth_hmacsha512_KEYBYTES 32U
-SODIUM_EXPORT
-size_t crypto_auth_hmacsha512_keybytes(void);
-
-SODIUM_EXPORT
-int crypto_auth_hmacsha512(unsigned char *out,
- const unsigned char *in,
- unsigned long long inlen,
- const unsigned char *k);
-
-SODIUM_EXPORT
-int crypto_auth_hmacsha512_verify(const unsigned char *h,
- const unsigned char *in,
- unsigned long long inlen,
- const unsigned char *k)
- __attribute__ ((warn_unused_result));
-
-/* ------------------------------------------------------------------------- */
-
-typedef struct crypto_auth_hmacsha512_state {
- crypto_hash_sha512_state ictx;
- crypto_hash_sha512_state octx;
-} crypto_auth_hmacsha512_state;
-
-SODIUM_EXPORT
-size_t crypto_auth_hmacsha512_statebytes(void);
-
-SODIUM_EXPORT
-int crypto_auth_hmacsha512_init(crypto_auth_hmacsha512_state *state,
- const unsigned char *key,
- size_t keylen);
-
-SODIUM_EXPORT
-int crypto_auth_hmacsha512_update(crypto_auth_hmacsha512_state *state,
- const unsigned char *in,
- unsigned long long inlen);
-
-SODIUM_EXPORT
-int crypto_auth_hmacsha512_final(crypto_auth_hmacsha512_state *state,
- unsigned char *out);
-
-SODIUM_EXPORT
-void crypto_auth_hmacsha512_keygen(unsigned char k[crypto_auth_hmacsha512_KEYBYTES]);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
+#ifndef crypto_auth_hmacsha512_H
+#define crypto_auth_hmacsha512_H
+
+#include <stddef.h>
+#include "crypto_hash_sha512.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+# pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_auth_hmacsha512_BYTES 64U
+SODIUM_EXPORT
+size_t crypto_auth_hmacsha512_bytes(void);
+
+#define crypto_auth_hmacsha512_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_auth_hmacsha512_keybytes(void);
+
+SODIUM_EXPORT
+int crypto_auth_hmacsha512(unsigned char *out,
+ const unsigned char *in,
+ unsigned long long inlen,
+ const unsigned char *k) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_auth_hmacsha512_verify(const unsigned char *h,
+ const unsigned char *in,
+ unsigned long long inlen,
+ const unsigned char *k)
+ __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+/* ------------------------------------------------------------------------- */
+
+typedef struct crypto_auth_hmacsha512_state {
+ crypto_hash_sha512_state ictx;
+ crypto_hash_sha512_state octx;
+} crypto_auth_hmacsha512_state;
+
+SODIUM_EXPORT
+size_t crypto_auth_hmacsha512_statebytes(void);
+
+SODIUM_EXPORT
+int crypto_auth_hmacsha512_init(crypto_auth_hmacsha512_state *state,
+ const unsigned char *key,
+ size_t keylen) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_auth_hmacsha512_update(crypto_auth_hmacsha512_state *state,
+ const unsigned char *in,
+ unsigned long long inlen) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_auth_hmacsha512_final(crypto_auth_hmacsha512_state *state,
+ unsigned char *out) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_auth_hmacsha512_keygen(unsigned char k[crypto_auth_hmacsha512_KEYBYTES])
+ __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/libs/libsodium/src/include/sodium/crypto_auth_hmacsha512256.h b/libs/libsodium/src/include/sodium/crypto_auth_hmacsha512256.h
index 4842f3debc..8754baa142 100644
--- a/libs/libsodium/src/include/sodium/crypto_auth_hmacsha512256.h
+++ b/libs/libsodium/src/include/sodium/crypto_auth_hmacsha512256.h
@@ -1,62 +1,63 @@
-#ifndef crypto_auth_hmacsha512256_H
-#define crypto_auth_hmacsha512256_H
-
-#include <stddef.h>
-#include "crypto_auth_hmacsha512.h"
-#include "export.h"
-
-#ifdef __cplusplus
-# ifdef __GNUC__
-# pragma GCC diagnostic ignored "-Wlong-long"
-# endif
-extern "C" {
-#endif
-
-#define crypto_auth_hmacsha512256_BYTES 32U
-SODIUM_EXPORT
-size_t crypto_auth_hmacsha512256_bytes(void);
-
-#define crypto_auth_hmacsha512256_KEYBYTES 32U
-SODIUM_EXPORT
-size_t crypto_auth_hmacsha512256_keybytes(void);
-
-SODIUM_EXPORT
-int crypto_auth_hmacsha512256(unsigned char *out, const unsigned char *in,
- unsigned long long inlen,const unsigned char *k);
-
-SODIUM_EXPORT
-int crypto_auth_hmacsha512256_verify(const unsigned char *h,
- const unsigned char *in,
- unsigned long long inlen,
- const unsigned char *k)
- __attribute__ ((warn_unused_result));
-
-/* ------------------------------------------------------------------------- */
-
-typedef crypto_auth_hmacsha512_state crypto_auth_hmacsha512256_state;
-
-SODIUM_EXPORT
-size_t crypto_auth_hmacsha512256_statebytes(void);
-
-SODIUM_EXPORT
-int crypto_auth_hmacsha512256_init(crypto_auth_hmacsha512256_state *state,
- const unsigned char *key,
- size_t keylen);
-
-SODIUM_EXPORT
-int crypto_auth_hmacsha512256_update(crypto_auth_hmacsha512256_state *state,
- const unsigned char *in,
- unsigned long long inlen);
-
-SODIUM_EXPORT
-int crypto_auth_hmacsha512256_final(crypto_auth_hmacsha512256_state *state,
- unsigned char *out);
-
-SODIUM_EXPORT
-void crypto_auth_hmacsha512256_keygen(unsigned char k[crypto_auth_hmacsha512256_KEYBYTES]);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
+#ifndef crypto_auth_hmacsha512256_H
+#define crypto_auth_hmacsha512256_H
+
+#include <stddef.h>
+#include "crypto_auth_hmacsha512.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+# pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_auth_hmacsha512256_BYTES 32U
+SODIUM_EXPORT
+size_t crypto_auth_hmacsha512256_bytes(void);
+
+#define crypto_auth_hmacsha512256_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_auth_hmacsha512256_keybytes(void);
+
+SODIUM_EXPORT
+int crypto_auth_hmacsha512256(unsigned char *out, const unsigned char *in,
+ unsigned long long inlen,const unsigned char *k);
+
+SODIUM_EXPORT
+int crypto_auth_hmacsha512256_verify(const unsigned char *h,
+ const unsigned char *in,
+ unsigned long long inlen,
+ const unsigned char *k)
+ __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+/* ------------------------------------------------------------------------- */
+
+typedef crypto_auth_hmacsha512_state crypto_auth_hmacsha512256_state;
+
+SODIUM_EXPORT
+size_t crypto_auth_hmacsha512256_statebytes(void);
+
+SODIUM_EXPORT
+int crypto_auth_hmacsha512256_init(crypto_auth_hmacsha512256_state *state,
+ const unsigned char *key,
+ size_t keylen) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_auth_hmacsha512256_update(crypto_auth_hmacsha512256_state *state,
+ const unsigned char *in,
+ unsigned long long inlen) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_auth_hmacsha512256_final(crypto_auth_hmacsha512256_state *state,
+ unsigned char *out) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_auth_hmacsha512256_keygen(unsigned char k[crypto_auth_hmacsha512256_KEYBYTES])
+ __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/libs/libsodium/src/include/sodium/crypto_box.h b/libs/libsodium/src/include/sodium/crypto_box.h
index 99ee19a8f6..33787e9d8d 100644
--- a/libs/libsodium/src/include/sodium/crypto_box.h
+++ b/libs/libsodium/src/include/sodium/crypto_box.h
@@ -1,173 +1,177 @@
-#ifndef crypto_box_H
-#define crypto_box_H
-
-/*
- * THREAD SAFETY: crypto_box_keypair() is thread-safe,
- * provided that sodium_init() was called before.
- *
- * Other functions are always thread-safe.
- */
-
-#include <stddef.h>
-
-#include "crypto_box_curve25519xsalsa20poly1305.h"
-#include "export.h"
-
-#ifdef __cplusplus
-# ifdef __GNUC__
-# pragma GCC diagnostic ignored "-Wlong-long"
-# endif
-extern "C" {
-#endif
-
-#define crypto_box_SEEDBYTES crypto_box_curve25519xsalsa20poly1305_SEEDBYTES
-SODIUM_EXPORT
-size_t crypto_box_seedbytes(void);
-
-#define crypto_box_PUBLICKEYBYTES crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES
-SODIUM_EXPORT
-size_t crypto_box_publickeybytes(void);
-
-#define crypto_box_SECRETKEYBYTES crypto_box_curve25519xsalsa20poly1305_SECRETKEYBYTES
-SODIUM_EXPORT
-size_t crypto_box_secretkeybytes(void);
-
-#define crypto_box_NONCEBYTES crypto_box_curve25519xsalsa20poly1305_NONCEBYTES
-SODIUM_EXPORT
-size_t crypto_box_noncebytes(void);
-
-#define crypto_box_MACBYTES crypto_box_curve25519xsalsa20poly1305_MACBYTES
-SODIUM_EXPORT
-size_t crypto_box_macbytes(void);
-
-#define crypto_box_MESSAGEBYTES_MAX crypto_box_curve25519xsalsa20poly1305_MESSAGEBYTES_MAX
-SODIUM_EXPORT
-size_t crypto_box_messagebytes_max(void);
-
-#define crypto_box_PRIMITIVE "curve25519xsalsa20poly1305"
-SODIUM_EXPORT
-const char *crypto_box_primitive(void);
-
-SODIUM_EXPORT
-int crypto_box_seed_keypair(unsigned char *pk, unsigned char *sk,
- const unsigned char *seed);
-
-SODIUM_EXPORT
-int crypto_box_keypair(unsigned char *pk, unsigned char *sk);
-
-SODIUM_EXPORT
-int crypto_box_easy(unsigned char *c, const unsigned char *m,
- unsigned long long mlen, const unsigned char *n,
- const unsigned char *pk, const unsigned char *sk)
- __attribute__ ((warn_unused_result));
-
-SODIUM_EXPORT
-int crypto_box_open_easy(unsigned char *m, const unsigned char *c,
- unsigned long long clen, const unsigned char *n,
- const unsigned char *pk, const unsigned char *sk)
- __attribute__ ((warn_unused_result));
-
-SODIUM_EXPORT
-int crypto_box_detached(unsigned char *c, unsigned char *mac,
- const unsigned char *m, unsigned long long mlen,
- const unsigned char *n, const unsigned char *pk,
- const unsigned char *sk)
- __attribute__ ((warn_unused_result));
-
-SODIUM_EXPORT
-int crypto_box_open_detached(unsigned char *m, const unsigned char *c,
- const unsigned char *mac,
- unsigned long long clen,
- const unsigned char *n,
- const unsigned char *pk,
- const unsigned char *sk)
- __attribute__ ((warn_unused_result));
-
-/* -- Precomputation interface -- */
-
-#define crypto_box_BEFORENMBYTES crypto_box_curve25519xsalsa20poly1305_BEFORENMBYTES
-SODIUM_EXPORT
-size_t crypto_box_beforenmbytes(void);
-
-SODIUM_EXPORT
-int crypto_box_beforenm(unsigned char *k, const unsigned char *pk,
- const unsigned char *sk)
- __attribute__ ((warn_unused_result));
-
-SODIUM_EXPORT
-int crypto_box_easy_afternm(unsigned char *c, const unsigned char *m,
- unsigned long long mlen, const unsigned char *n,
- const unsigned char *k);
-
-SODIUM_EXPORT
-int crypto_box_open_easy_afternm(unsigned char *m, const unsigned char *c,
- unsigned long long clen, const unsigned char *n,
- const unsigned char *k)
- __attribute__ ((warn_unused_result));
-
-SODIUM_EXPORT
-int crypto_box_detached_afternm(unsigned char *c, unsigned char *mac,
- const unsigned char *m, unsigned long long mlen,
- const unsigned char *n, const unsigned char *k);
-
-SODIUM_EXPORT
-int crypto_box_open_detached_afternm(unsigned char *m, const unsigned char *c,
- const unsigned char *mac,
- unsigned long long clen, const unsigned char *n,
- const unsigned char *k)
- __attribute__ ((warn_unused_result));
-
-/* -- Ephemeral SK interface -- */
-
-#define crypto_box_SEALBYTES (crypto_box_PUBLICKEYBYTES + crypto_box_MACBYTES)
-SODIUM_EXPORT
-size_t crypto_box_sealbytes(void);
-
-SODIUM_EXPORT
-int crypto_box_seal(unsigned char *c, const unsigned char *m,
- unsigned long long mlen, const unsigned char *pk);
-
-SODIUM_EXPORT
-int crypto_box_seal_open(unsigned char *m, const unsigned char *c,
- unsigned long long clen,
- const unsigned char *pk, const unsigned char *sk)
- __attribute__ ((warn_unused_result));
-
-/* -- NaCl compatibility interface ; Requires padding -- */
-
-#define crypto_box_ZEROBYTES crypto_box_curve25519xsalsa20poly1305_ZEROBYTES
-SODIUM_EXPORT
-size_t crypto_box_zerobytes(void);
-
-#define crypto_box_BOXZEROBYTES crypto_box_curve25519xsalsa20poly1305_BOXZEROBYTES
-SODIUM_EXPORT
-size_t crypto_box_boxzerobytes(void);
-
-SODIUM_EXPORT
-int crypto_box(unsigned char *c, const unsigned char *m,
- unsigned long long mlen, const unsigned char *n,
- const unsigned char *pk, const unsigned char *sk)
- __attribute__ ((warn_unused_result));
-
-SODIUM_EXPORT
-int crypto_box_open(unsigned char *m, const unsigned char *c,
- unsigned long long clen, const unsigned char *n,
- const unsigned char *pk, const unsigned char *sk)
- __attribute__ ((warn_unused_result));
-
-SODIUM_EXPORT
-int crypto_box_afternm(unsigned char *c, const unsigned char *m,
- unsigned long long mlen, const unsigned char *n,
- const unsigned char *k);
-
-SODIUM_EXPORT
-int crypto_box_open_afternm(unsigned char *m, const unsigned char *c,
- unsigned long long clen, const unsigned char *n,
- const unsigned char *k)
- __attribute__ ((warn_unused_result));
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
+#ifndef crypto_box_H
+#define crypto_box_H
+
+/*
+ * THREAD SAFETY: crypto_box_keypair() is thread-safe,
+ * provided that sodium_init() was called before.
+ *
+ * Other functions are always thread-safe.
+ */
+
+#include <stddef.h>
+
+#include "crypto_box_curve25519xsalsa20poly1305.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+# pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_box_SEEDBYTES crypto_box_curve25519xsalsa20poly1305_SEEDBYTES
+SODIUM_EXPORT
+size_t crypto_box_seedbytes(void);
+
+#define crypto_box_PUBLICKEYBYTES crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES
+SODIUM_EXPORT
+size_t crypto_box_publickeybytes(void);
+
+#define crypto_box_SECRETKEYBYTES crypto_box_curve25519xsalsa20poly1305_SECRETKEYBYTES
+SODIUM_EXPORT
+size_t crypto_box_secretkeybytes(void);
+
+#define crypto_box_NONCEBYTES crypto_box_curve25519xsalsa20poly1305_NONCEBYTES
+SODIUM_EXPORT
+size_t crypto_box_noncebytes(void);
+
+#define crypto_box_MACBYTES crypto_box_curve25519xsalsa20poly1305_MACBYTES
+SODIUM_EXPORT
+size_t crypto_box_macbytes(void);
+
+#define crypto_box_MESSAGEBYTES_MAX crypto_box_curve25519xsalsa20poly1305_MESSAGEBYTES_MAX
+SODIUM_EXPORT
+size_t crypto_box_messagebytes_max(void);
+
+#define crypto_box_PRIMITIVE "curve25519xsalsa20poly1305"
+SODIUM_EXPORT
+const char *crypto_box_primitive(void);
+
+SODIUM_EXPORT
+int crypto_box_seed_keypair(unsigned char *pk, unsigned char *sk,
+ const unsigned char *seed)
+ __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_box_keypair(unsigned char *pk, unsigned char *sk)
+ __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_box_easy(unsigned char *c, const unsigned char *m,
+ unsigned long long mlen, const unsigned char *n,
+ const unsigned char *pk, const unsigned char *sk)
+ __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_box_open_easy(unsigned char *m, const unsigned char *c,
+ unsigned long long clen, const unsigned char *n,
+ const unsigned char *pk, const unsigned char *sk)
+ __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5, 6)));
+
+SODIUM_EXPORT
+int crypto_box_detached(unsigned char *c, unsigned char *mac,
+ const unsigned char *m, unsigned long long mlen,
+ const unsigned char *n, const unsigned char *pk,
+ const unsigned char *sk)
+ __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_box_open_detached(unsigned char *m, const unsigned char *c,
+ const unsigned char *mac,
+ unsigned long long clen,
+ const unsigned char *n,
+ const unsigned char *pk,
+ const unsigned char *sk)
+ __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 3, 5, 6, 7)));
+
+/* -- Precomputation interface -- */
+
+#define crypto_box_BEFORENMBYTES crypto_box_curve25519xsalsa20poly1305_BEFORENMBYTES
+SODIUM_EXPORT
+size_t crypto_box_beforenmbytes(void);
+
+SODIUM_EXPORT
+int crypto_box_beforenm(unsigned char *k, const unsigned char *pk,
+ const unsigned char *sk)
+ __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_box_easy_afternm(unsigned char *c, const unsigned char *m,
+ unsigned long long mlen, const unsigned char *n,
+ const unsigned char *k) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_box_open_easy_afternm(unsigned char *m, const unsigned char *c,
+ unsigned long long clen, const unsigned char *n,
+ const unsigned char *k)
+ __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5)));
+
+SODIUM_EXPORT
+int crypto_box_detached_afternm(unsigned char *c, unsigned char *mac,
+ const unsigned char *m, unsigned long long mlen,
+ const unsigned char *n, const unsigned char *k)
+ __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_box_open_detached_afternm(unsigned char *m, const unsigned char *c,
+ const unsigned char *mac,
+ unsigned long long clen, const unsigned char *n,
+ const unsigned char *k)
+ __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 3, 5, 6)));
+
+/* -- Ephemeral SK interface -- */
+
+#define crypto_box_SEALBYTES (crypto_box_PUBLICKEYBYTES + crypto_box_MACBYTES)
+SODIUM_EXPORT
+size_t crypto_box_sealbytes(void);
+
+SODIUM_EXPORT
+int crypto_box_seal(unsigned char *c, const unsigned char *m,
+ unsigned long long mlen, const unsigned char *pk)
+ __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_box_seal_open(unsigned char *m, const unsigned char *c,
+ unsigned long long clen,
+ const unsigned char *pk, const unsigned char *sk)
+ __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5)));
+
+/* -- NaCl compatibility interface ; Requires padding -- */
+
+#define crypto_box_ZEROBYTES crypto_box_curve25519xsalsa20poly1305_ZEROBYTES
+SODIUM_EXPORT
+size_t crypto_box_zerobytes(void);
+
+#define crypto_box_BOXZEROBYTES crypto_box_curve25519xsalsa20poly1305_BOXZEROBYTES
+SODIUM_EXPORT
+size_t crypto_box_boxzerobytes(void);
+
+SODIUM_EXPORT
+int crypto_box(unsigned char *c, const unsigned char *m,
+ unsigned long long mlen, const unsigned char *n,
+ const unsigned char *pk, const unsigned char *sk)
+ __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_box_open(unsigned char *m, const unsigned char *c,
+ unsigned long long clen, const unsigned char *n,
+ const unsigned char *pk, const unsigned char *sk)
+ __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5, 6)));
+
+SODIUM_EXPORT
+int crypto_box_afternm(unsigned char *c, const unsigned char *m,
+ unsigned long long mlen, const unsigned char *n,
+ const unsigned char *k) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_box_open_afternm(unsigned char *m, const unsigned char *c,
+ unsigned long long clen, const unsigned char *n,
+ const unsigned char *k)
+ __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5)));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/libs/libsodium/src/include/sodium/crypto_box_curve25519xchacha20poly1305.h b/libs/libsodium/src/include/sodium/crypto_box_curve25519xchacha20poly1305.h
index c1cf756687..2616e9b2b8 100644
--- a/libs/libsodium/src/include/sodium/crypto_box_curve25519xchacha20poly1305.h
+++ b/libs/libsodium/src/include/sodium/crypto_box_curve25519xchacha20poly1305.h
@@ -1,159 +1,164 @@
-
-#ifndef crypto_box_curve25519xchacha20poly1305_H
-#define crypto_box_curve25519xchacha20poly1305_H
-
-#include <stddef.h>
-#include "crypto_stream_xchacha20.h"
-#include "export.h"
-
-#ifdef __cplusplus
-# ifdef __GNUC__
-# pragma GCC diagnostic ignored "-Wlong-long"
-# endif
-extern "C" {
-#endif
-
-#define crypto_box_curve25519xchacha20poly1305_SEEDBYTES 32U
-SODIUM_EXPORT
-size_t crypto_box_curve25519xchacha20poly1305_seedbytes(void);
-
-#define crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES 32U
-SODIUM_EXPORT
-size_t crypto_box_curve25519xchacha20poly1305_publickeybytes(void);
-
-#define crypto_box_curve25519xchacha20poly1305_SECRETKEYBYTES 32U
-SODIUM_EXPORT
-size_t crypto_box_curve25519xchacha20poly1305_secretkeybytes(void);
-
-#define crypto_box_curve25519xchacha20poly1305_BEFORENMBYTES 32U
-SODIUM_EXPORT
-size_t crypto_box_curve25519xchacha20poly1305_beforenmbytes(void);
-
-#define crypto_box_curve25519xchacha20poly1305_NONCEBYTES 24U
-SODIUM_EXPORT
-size_t crypto_box_curve25519xchacha20poly1305_noncebytes(void);
-
-#define crypto_box_curve25519xchacha20poly1305_MACBYTES 16U
-SODIUM_EXPORT
-size_t crypto_box_curve25519xchacha20poly1305_macbytes(void);
-
-#define crypto_box_curve25519xchacha20poly1305_MESSAGEBYTES_MAX \
- (crypto_stream_xchacha20_MESSAGEBYTES_MAX - crypto_box_curve25519xchacha20poly1305_MACBYTES)
-SODIUM_EXPORT
-size_t crypto_box_curve25519xchacha20poly1305_messagebytes_max(void);
-
-SODIUM_EXPORT
-int crypto_box_curve25519xchacha20poly1305_seed_keypair(unsigned char *pk,
- unsigned char *sk,
- const unsigned char *seed);
-
-SODIUM_EXPORT
-int crypto_box_curve25519xchacha20poly1305_keypair(unsigned char *pk,
- unsigned char *sk);
-
-SODIUM_EXPORT
-int crypto_box_curve25519xchacha20poly1305_easy(unsigned char *c,
- const unsigned char *m,
- unsigned long long mlen,
- const unsigned char *n,
- const unsigned char *pk,
- const unsigned char *sk)
- __attribute__ ((warn_unused_result));
-
-SODIUM_EXPORT
-int crypto_box_curve25519xchacha20poly1305_open_easy(unsigned char *m,
- const unsigned char *c,
- unsigned long long clen,
- const unsigned char *n,
- const unsigned char *pk,
- const unsigned char *sk)
- __attribute__ ((warn_unused_result));
-
-SODIUM_EXPORT
-int crypto_box_curve25519xchacha20poly1305_detached(unsigned char *c,
- unsigned char *mac,
- const unsigned char *m,
- unsigned long long mlen,
- const unsigned char *n,
- const unsigned char *pk,
- const unsigned char *sk)
- __attribute__ ((warn_unused_result));
-
-SODIUM_EXPORT
-int crypto_box_curve25519xchacha20poly1305_open_detached(unsigned char *m,
- const unsigned char *c,
- const unsigned char *mac,
- unsigned long long clen,
- const unsigned char *n,
- const unsigned char *pk,
- const unsigned char *sk)
- __attribute__ ((warn_unused_result));
-
-/* -- Precomputation interface -- */
-
-SODIUM_EXPORT
-int crypto_box_curve25519xchacha20poly1305_beforenm(unsigned char *k,
- const unsigned char *pk,
- const unsigned char *sk)
- __attribute__ ((warn_unused_result));
-
-SODIUM_EXPORT
-int crypto_box_curve25519xchacha20poly1305_easy_afternm(unsigned char *c,
- const unsigned char *m,
- unsigned long long mlen,
- const unsigned char *n,
- const unsigned char *k);
-
-SODIUM_EXPORT
-int crypto_box_curve25519xchacha20poly1305_open_easy_afternm(unsigned char *m,
- const unsigned char *c,
- unsigned long long clen,
- const unsigned char *n,
- const unsigned char *k)
- __attribute__ ((warn_unused_result));
-
-SODIUM_EXPORT
-int crypto_box_curve25519xchacha20poly1305_detached_afternm(unsigned char *c,
- unsigned char *mac,
- const unsigned char *m,
- unsigned long long mlen,
- const unsigned char *n,
- const unsigned char *k);
-
-SODIUM_EXPORT
-int crypto_box_curve25519xchacha20poly1305_open_detached_afternm(unsigned char *m,
- const unsigned char *c,
- const unsigned char *mac,
- unsigned long long clen,
- const unsigned char *n,
- const unsigned char *k)
- __attribute__ ((warn_unused_result));
-
-/* -- Ephemeral SK interface -- */
-
-#define crypto_box_curve25519xchacha20poly1305_SEALBYTES \
- (crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES + \
- crypto_box_curve25519xchacha20poly1305_MACBYTES)
-
-SODIUM_EXPORT
-size_t crypto_box_curve25519xchacha20poly1305_sealbytes(void);
-
-SODIUM_EXPORT
-int crypto_box_curve25519xchacha20poly1305_seal(unsigned char *c,
- const unsigned char *m,
- unsigned long long mlen,
- const unsigned char *pk);
-
-SODIUM_EXPORT
-int crypto_box_curve25519xchacha20poly1305_seal_open(unsigned char *m,
- const unsigned char *c,
- unsigned long long clen,
- const unsigned char *pk,
- const unsigned char *sk)
- __attribute__ ((warn_unused_result));
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
+
+#ifndef crypto_box_curve25519xchacha20poly1305_H
+#define crypto_box_curve25519xchacha20poly1305_H
+
+#include <stddef.h>
+#include "crypto_stream_xchacha20.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+# pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_box_curve25519xchacha20poly1305_SEEDBYTES 32U
+SODIUM_EXPORT
+size_t crypto_box_curve25519xchacha20poly1305_seedbytes(void);
+
+#define crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_box_curve25519xchacha20poly1305_publickeybytes(void);
+
+#define crypto_box_curve25519xchacha20poly1305_SECRETKEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_box_curve25519xchacha20poly1305_secretkeybytes(void);
+
+#define crypto_box_curve25519xchacha20poly1305_BEFORENMBYTES 32U
+SODIUM_EXPORT
+size_t crypto_box_curve25519xchacha20poly1305_beforenmbytes(void);
+
+#define crypto_box_curve25519xchacha20poly1305_NONCEBYTES 24U
+SODIUM_EXPORT
+size_t crypto_box_curve25519xchacha20poly1305_noncebytes(void);
+
+#define crypto_box_curve25519xchacha20poly1305_MACBYTES 16U
+SODIUM_EXPORT
+size_t crypto_box_curve25519xchacha20poly1305_macbytes(void);
+
+#define crypto_box_curve25519xchacha20poly1305_MESSAGEBYTES_MAX \
+ (crypto_stream_xchacha20_MESSAGEBYTES_MAX - crypto_box_curve25519xchacha20poly1305_MACBYTES)
+SODIUM_EXPORT
+size_t crypto_box_curve25519xchacha20poly1305_messagebytes_max(void);
+
+SODIUM_EXPORT
+int crypto_box_curve25519xchacha20poly1305_seed_keypair(unsigned char *pk,
+ unsigned char *sk,
+ const unsigned char *seed)
+ __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_box_curve25519xchacha20poly1305_keypair(unsigned char *pk,
+ unsigned char *sk)
+ __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_box_curve25519xchacha20poly1305_easy(unsigned char *c,
+ const unsigned char *m,
+ unsigned long long mlen,
+ const unsigned char *n,
+ const unsigned char *pk,
+ const unsigned char *sk)
+ __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_box_curve25519xchacha20poly1305_open_easy(unsigned char *m,
+ const unsigned char *c,
+ unsigned long long clen,
+ const unsigned char *n,
+ const unsigned char *pk,
+ const unsigned char *sk)
+ __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5, 6)));
+
+SODIUM_EXPORT
+int crypto_box_curve25519xchacha20poly1305_detached(unsigned char *c,
+ unsigned char *mac,
+ const unsigned char *m,
+ unsigned long long mlen,
+ const unsigned char *n,
+ const unsigned char *pk,
+ const unsigned char *sk)
+ __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_box_curve25519xchacha20poly1305_open_detached(unsigned char *m,
+ const unsigned char *c,
+ const unsigned char *mac,
+ unsigned long long clen,
+ const unsigned char *n,
+ const unsigned char *pk,
+ const unsigned char *sk)
+ __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 3, 5, 6, 7)));
+
+/* -- Precomputation interface -- */
+
+SODIUM_EXPORT
+int crypto_box_curve25519xchacha20poly1305_beforenm(unsigned char *k,
+ const unsigned char *pk,
+ const unsigned char *sk)
+ __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_box_curve25519xchacha20poly1305_easy_afternm(unsigned char *c,
+ const unsigned char *m,
+ unsigned long long mlen,
+ const unsigned char *n,
+ const unsigned char *k)
+ __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_box_curve25519xchacha20poly1305_open_easy_afternm(unsigned char *m,
+ const unsigned char *c,
+ unsigned long long clen,
+ const unsigned char *n,
+ const unsigned char *k)
+ __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5)));
+
+SODIUM_EXPORT
+int crypto_box_curve25519xchacha20poly1305_detached_afternm(unsigned char *c,
+ unsigned char *mac,
+ const unsigned char *m,
+ unsigned long long mlen,
+ const unsigned char *n,
+ const unsigned char *k)
+ __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_box_curve25519xchacha20poly1305_open_detached_afternm(unsigned char *m,
+ const unsigned char *c,
+ const unsigned char *mac,
+ unsigned long long clen,
+ const unsigned char *n,
+ const unsigned char *k)
+ __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 3, 5, 6)));
+
+/* -- Ephemeral SK interface -- */
+
+#define crypto_box_curve25519xchacha20poly1305_SEALBYTES \
+ (crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES + \
+ crypto_box_curve25519xchacha20poly1305_MACBYTES)
+
+SODIUM_EXPORT
+size_t crypto_box_curve25519xchacha20poly1305_sealbytes(void);
+
+SODIUM_EXPORT
+int crypto_box_curve25519xchacha20poly1305_seal(unsigned char *c,
+ const unsigned char *m,
+ unsigned long long mlen,
+ const unsigned char *pk)
+ __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_box_curve25519xchacha20poly1305_seal_open(unsigned char *m,
+ const unsigned char *c,
+ unsigned long long clen,
+ const unsigned char *pk,
+ const unsigned char *sk)
+ __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5)));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/libs/libsodium/src/include/sodium/crypto_box_curve25519xsalsa20poly1305.h b/libs/libsodium/src/include/sodium/crypto_box_curve25519xsalsa20poly1305.h
index c5b15f42e4..ffaead2bff 100644
--- a/libs/libsodium/src/include/sodium/crypto_box_curve25519xsalsa20poly1305.h
+++ b/libs/libsodium/src/include/sodium/crypto_box_curve25519xsalsa20poly1305.h
@@ -1,109 +1,112 @@
-#ifndef crypto_box_curve25519xsalsa20poly1305_H
-#define crypto_box_curve25519xsalsa20poly1305_H
-
-#include <stddef.h>
-#include "crypto_stream_xsalsa20.h"
-#include "export.h"
-
-#ifdef __cplusplus
-# ifdef __GNUC__
-# pragma GCC diagnostic ignored "-Wlong-long"
-# endif
-extern "C" {
-#endif
-
-#define crypto_box_curve25519xsalsa20poly1305_SEEDBYTES 32U
-SODIUM_EXPORT
-size_t crypto_box_curve25519xsalsa20poly1305_seedbytes(void);
-
-#define crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES 32U
-SODIUM_EXPORT
-size_t crypto_box_curve25519xsalsa20poly1305_publickeybytes(void);
-
-#define crypto_box_curve25519xsalsa20poly1305_SECRETKEYBYTES 32U
-SODIUM_EXPORT
-size_t crypto_box_curve25519xsalsa20poly1305_secretkeybytes(void);
-
-#define crypto_box_curve25519xsalsa20poly1305_BEFORENMBYTES 32U
-SODIUM_EXPORT
-size_t crypto_box_curve25519xsalsa20poly1305_beforenmbytes(void);
-
-#define crypto_box_curve25519xsalsa20poly1305_NONCEBYTES 24U
-SODIUM_EXPORT
-size_t crypto_box_curve25519xsalsa20poly1305_noncebytes(void);
-
-#define crypto_box_curve25519xsalsa20poly1305_MACBYTES 16U
-SODIUM_EXPORT
-size_t crypto_box_curve25519xsalsa20poly1305_macbytes(void);
-
-/* Only for the libsodium API - The NaCl compatibility API would require BOXZEROBYTES extra bytes */
-#define crypto_box_curve25519xsalsa20poly1305_MESSAGEBYTES_MAX \
- (crypto_stream_xsalsa20_MESSAGEBYTES_MAX - crypto_box_curve25519xsalsa20poly1305_MACBYTES)
-SODIUM_EXPORT
-size_t crypto_box_curve25519xsalsa20poly1305_messagebytes_max(void);
-
-SODIUM_EXPORT
-int crypto_box_curve25519xsalsa20poly1305_seed_keypair(unsigned char *pk,
- unsigned char *sk,
- const unsigned char *seed);
-
-SODIUM_EXPORT
-int crypto_box_curve25519xsalsa20poly1305_keypair(unsigned char *pk,
- unsigned char *sk);
-
-SODIUM_EXPORT
-int crypto_box_curve25519xsalsa20poly1305_beforenm(unsigned char *k,
- const unsigned char *pk,
- const unsigned char *sk)
- __attribute__ ((warn_unused_result));
-
-/* -- NaCl compatibility interface ; Requires padding -- */
-
-#define crypto_box_curve25519xsalsa20poly1305_BOXZEROBYTES 16U
-SODIUM_EXPORT
-size_t crypto_box_curve25519xsalsa20poly1305_boxzerobytes(void);
-
-#define crypto_box_curve25519xsalsa20poly1305_ZEROBYTES \
- (crypto_box_curve25519xsalsa20poly1305_BOXZEROBYTES + \
- crypto_box_curve25519xsalsa20poly1305_MACBYTES)
-SODIUM_EXPORT
-size_t crypto_box_curve25519xsalsa20poly1305_zerobytes(void);
-
-SODIUM_EXPORT
-int crypto_box_curve25519xsalsa20poly1305(unsigned char *c,
- const unsigned char *m,
- unsigned long long mlen,
- const unsigned char *n,
- const unsigned char *pk,
- const unsigned char *sk)
- __attribute__ ((warn_unused_result));
-
-SODIUM_EXPORT
-int crypto_box_curve25519xsalsa20poly1305_open(unsigned char *m,
- const unsigned char *c,
- unsigned long long clen,
- const unsigned char *n,
- const unsigned char *pk,
- const unsigned char *sk)
- __attribute__ ((warn_unused_result));
-
-SODIUM_EXPORT
-int crypto_box_curve25519xsalsa20poly1305_afternm(unsigned char *c,
- const unsigned char *m,
- unsigned long long mlen,
- const unsigned char *n,
- const unsigned char *k);
-
-SODIUM_EXPORT
-int crypto_box_curve25519xsalsa20poly1305_open_afternm(unsigned char *m,
- const unsigned char *c,
- unsigned long long clen,
- const unsigned char *n,
- const unsigned char *k)
- __attribute__ ((warn_unused_result));
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
+#ifndef crypto_box_curve25519xsalsa20poly1305_H
+#define crypto_box_curve25519xsalsa20poly1305_H
+
+#include <stddef.h>
+#include "crypto_stream_xsalsa20.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+# pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_box_curve25519xsalsa20poly1305_SEEDBYTES 32U
+SODIUM_EXPORT
+size_t crypto_box_curve25519xsalsa20poly1305_seedbytes(void);
+
+#define crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_box_curve25519xsalsa20poly1305_publickeybytes(void);
+
+#define crypto_box_curve25519xsalsa20poly1305_SECRETKEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_box_curve25519xsalsa20poly1305_secretkeybytes(void);
+
+#define crypto_box_curve25519xsalsa20poly1305_BEFORENMBYTES 32U
+SODIUM_EXPORT
+size_t crypto_box_curve25519xsalsa20poly1305_beforenmbytes(void);
+
+#define crypto_box_curve25519xsalsa20poly1305_NONCEBYTES 24U
+SODIUM_EXPORT
+size_t crypto_box_curve25519xsalsa20poly1305_noncebytes(void);
+
+#define crypto_box_curve25519xsalsa20poly1305_MACBYTES 16U
+SODIUM_EXPORT
+size_t crypto_box_curve25519xsalsa20poly1305_macbytes(void);
+
+/* Only for the libsodium API - The NaCl compatibility API would require BOXZEROBYTES extra bytes */
+#define crypto_box_curve25519xsalsa20poly1305_MESSAGEBYTES_MAX \
+ (crypto_stream_xsalsa20_MESSAGEBYTES_MAX - crypto_box_curve25519xsalsa20poly1305_MACBYTES)
+SODIUM_EXPORT
+size_t crypto_box_curve25519xsalsa20poly1305_messagebytes_max(void);
+
+SODIUM_EXPORT
+int crypto_box_curve25519xsalsa20poly1305_seed_keypair(unsigned char *pk,
+ unsigned char *sk,
+ const unsigned char *seed)
+ __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_box_curve25519xsalsa20poly1305_keypair(unsigned char *pk,
+ unsigned char *sk)
+ __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_box_curve25519xsalsa20poly1305_beforenm(unsigned char *k,
+ const unsigned char *pk,
+ const unsigned char *sk)
+ __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+/* -- NaCl compatibility interface ; Requires padding -- */
+
+#define crypto_box_curve25519xsalsa20poly1305_BOXZEROBYTES 16U
+SODIUM_EXPORT
+size_t crypto_box_curve25519xsalsa20poly1305_boxzerobytes(void);
+
+#define crypto_box_curve25519xsalsa20poly1305_ZEROBYTES \
+ (crypto_box_curve25519xsalsa20poly1305_BOXZEROBYTES + \
+ crypto_box_curve25519xsalsa20poly1305_MACBYTES)
+SODIUM_EXPORT
+size_t crypto_box_curve25519xsalsa20poly1305_zerobytes(void);
+
+SODIUM_EXPORT
+int crypto_box_curve25519xsalsa20poly1305(unsigned char *c,
+ const unsigned char *m,
+ unsigned long long mlen,
+ const unsigned char *n,
+ const unsigned char *pk,
+ const unsigned char *sk)
+ __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_box_curve25519xsalsa20poly1305_open(unsigned char *m,
+ const unsigned char *c,
+ unsigned long long clen,
+ const unsigned char *n,
+ const unsigned char *pk,
+ const unsigned char *sk)
+ __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5, 6)));
+
+SODIUM_EXPORT
+int crypto_box_curve25519xsalsa20poly1305_afternm(unsigned char *c,
+ const unsigned char *m,
+ unsigned long long mlen,
+ const unsigned char *n,
+ const unsigned char *k)
+ __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_box_curve25519xsalsa20poly1305_open_afternm(unsigned char *m,
+ const unsigned char *c,
+ unsigned long long clen,
+ const unsigned char *n,
+ const unsigned char *k)
+ __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5)));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/libs/libsodium/src/include/sodium/crypto_core_ed25519.h b/libs/libsodium/src/include/sodium/crypto_core_ed25519.h
index 1536294b21..003ac3565b 100644
--- a/libs/libsodium/src/include/sodium/crypto_core_ed25519.h
+++ b/libs/libsodium/src/include/sodium/crypto_core_ed25519.h
@@ -1,37 +1,83 @@
-#ifndef crypto_core_ed25519_H
-#define crypto_core_ed25519_H
-
-#include <stddef.h>
-#include "export.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#define crypto_core_ed25519_BYTES 32
-SODIUM_EXPORT
-size_t crypto_core_ed25519_bytes(void);
-
-#define crypto_core_ed25519_UNIFORMBYTES 32
-SODIUM_EXPORT
-size_t crypto_core_ed25519_uniformbytes(void);
-
-SODIUM_EXPORT
-int crypto_core_ed25519_is_valid_point(const unsigned char *p);
-
-SODIUM_EXPORT
-int crypto_core_ed25519_add(unsigned char *r,
- const unsigned char *p, const unsigned char *q);
-
-SODIUM_EXPORT
-int crypto_core_ed25519_sub(unsigned char *r,
- const unsigned char *p, const unsigned char *q);
-
-SODIUM_EXPORT
-int crypto_core_ed25519_from_uniform(unsigned char *p, const unsigned char *r);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
+#ifndef crypto_core_ed25519_H
+#define crypto_core_ed25519_H
+
+#include <stddef.h>
+#include "export.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define crypto_core_ed25519_BYTES 32
+SODIUM_EXPORT
+size_t crypto_core_ed25519_bytes(void);
+
+#define crypto_core_ed25519_UNIFORMBYTES 32
+SODIUM_EXPORT
+size_t crypto_core_ed25519_uniformbytes(void);
+
+#define crypto_core_ed25519_SCALARBYTES 32
+SODIUM_EXPORT
+size_t crypto_core_ed25519_scalarbytes(void);
+
+#define crypto_core_ed25519_NONREDUCEDSCALARBYTES 64
+SODIUM_EXPORT
+size_t crypto_core_ed25519_nonreducedscalarbytes(void);
+
+SODIUM_EXPORT
+int crypto_core_ed25519_is_valid_point(const unsigned char *p)
+ __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_core_ed25519_add(unsigned char *r,
+ const unsigned char *p, const unsigned char *q)
+ __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_core_ed25519_sub(unsigned char *r,
+ const unsigned char *p, const unsigned char *q)
+ __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_core_ed25519_from_uniform(unsigned char *p, const unsigned char *r)
+ __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_core_ed25519_scalar_random(unsigned char *r)
+ __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_core_ed25519_scalar_invert(unsigned char *recip, const unsigned char *s)
+ __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_core_ed25519_scalar_negate(unsigned char *neg, const unsigned char *s)
+ __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_core_ed25519_scalar_complement(unsigned char *comp, const unsigned char *s)
+ __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_core_ed25519_scalar_add(unsigned char *z, const unsigned char *x,
+ const unsigned char *y)
+ __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_core_ed25519_scalar_sub(unsigned char *z, const unsigned char *x,
+ const unsigned char *y)
+ __attribute__ ((nonnull));
+
+/*
+ * The interval `s` is sampled from should be at least 317 bits to ensure almost
+ * uniformity of `r` over `L`.
+ */
+SODIUM_EXPORT
+void crypto_core_ed25519_scalar_reduce(unsigned char *r, const unsigned char *s)
+ __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/libs/libsodium/src/include/sodium/crypto_core_hchacha20.h b/libs/libsodium/src/include/sodium/crypto_core_hchacha20.h
index 05e5670c10..fd885a32d0 100644
--- a/libs/libsodium/src/include/sodium/crypto_core_hchacha20.h
+++ b/libs/libsodium/src/include/sodium/crypto_core_hchacha20.h
@@ -1,35 +1,36 @@
-#ifndef crypto_core_hchacha20_H
-#define crypto_core_hchacha20_H
-
-#include <stddef.h>
-#include "export.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#define crypto_core_hchacha20_OUTPUTBYTES 32U
-SODIUM_EXPORT
-size_t crypto_core_hchacha20_outputbytes(void);
-
-#define crypto_core_hchacha20_INPUTBYTES 16U
-SODIUM_EXPORT
-size_t crypto_core_hchacha20_inputbytes(void);
-
-#define crypto_core_hchacha20_KEYBYTES 32U
-SODIUM_EXPORT
-size_t crypto_core_hchacha20_keybytes(void);
-
-#define crypto_core_hchacha20_CONSTBYTES 16U
-SODIUM_EXPORT
-size_t crypto_core_hchacha20_constbytes(void);
-
-SODIUM_EXPORT
-int crypto_core_hchacha20(unsigned char *out, const unsigned char *in,
- const unsigned char *k, const unsigned char *c);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
+#ifndef crypto_core_hchacha20_H
+#define crypto_core_hchacha20_H
+
+#include <stddef.h>
+#include "export.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define crypto_core_hchacha20_OUTPUTBYTES 32U
+SODIUM_EXPORT
+size_t crypto_core_hchacha20_outputbytes(void);
+
+#define crypto_core_hchacha20_INPUTBYTES 16U
+SODIUM_EXPORT
+size_t crypto_core_hchacha20_inputbytes(void);
+
+#define crypto_core_hchacha20_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_core_hchacha20_keybytes(void);
+
+#define crypto_core_hchacha20_CONSTBYTES 16U
+SODIUM_EXPORT
+size_t crypto_core_hchacha20_constbytes(void);
+
+SODIUM_EXPORT
+int crypto_core_hchacha20(unsigned char *out, const unsigned char *in,
+ const unsigned char *k, const unsigned char *c)
+ __attribute__ ((nonnull(1, 2, 3)));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/libs/libsodium/src/include/sodium/crypto_core_hsalsa20.h b/libs/libsodium/src/include/sodium/crypto_core_hsalsa20.h
index 82e475b8f6..e53ae3b1c7 100644
--- a/libs/libsodium/src/include/sodium/crypto_core_hsalsa20.h
+++ b/libs/libsodium/src/include/sodium/crypto_core_hsalsa20.h
@@ -1,35 +1,36 @@
-#ifndef crypto_core_hsalsa20_H
-#define crypto_core_hsalsa20_H
-
-#include <stddef.h>
-#include "export.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#define crypto_core_hsalsa20_OUTPUTBYTES 32U
-SODIUM_EXPORT
-size_t crypto_core_hsalsa20_outputbytes(void);
-
-#define crypto_core_hsalsa20_INPUTBYTES 16U
-SODIUM_EXPORT
-size_t crypto_core_hsalsa20_inputbytes(void);
-
-#define crypto_core_hsalsa20_KEYBYTES 32U
-SODIUM_EXPORT
-size_t crypto_core_hsalsa20_keybytes(void);
-
-#define crypto_core_hsalsa20_CONSTBYTES 16U
-SODIUM_EXPORT
-size_t crypto_core_hsalsa20_constbytes(void);
-
-SODIUM_EXPORT
-int crypto_core_hsalsa20(unsigned char *out, const unsigned char *in,
- const unsigned char *k, const unsigned char *c);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
+#ifndef crypto_core_hsalsa20_H
+#define crypto_core_hsalsa20_H
+
+#include <stddef.h>
+#include "export.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define crypto_core_hsalsa20_OUTPUTBYTES 32U
+SODIUM_EXPORT
+size_t crypto_core_hsalsa20_outputbytes(void);
+
+#define crypto_core_hsalsa20_INPUTBYTES 16U
+SODIUM_EXPORT
+size_t crypto_core_hsalsa20_inputbytes(void);
+
+#define crypto_core_hsalsa20_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_core_hsalsa20_keybytes(void);
+
+#define crypto_core_hsalsa20_CONSTBYTES 16U
+SODIUM_EXPORT
+size_t crypto_core_hsalsa20_constbytes(void);
+
+SODIUM_EXPORT
+int crypto_core_hsalsa20(unsigned char *out, const unsigned char *in,
+ const unsigned char *k, const unsigned char *c)
+ __attribute__ ((nonnull(1, 2, 3)));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/libs/libsodium/src/include/sodium/crypto_core_salsa20.h b/libs/libsodium/src/include/sodium/crypto_core_salsa20.h
index 160cc56d2c..5ff3dbdbf8 100644
--- a/libs/libsodium/src/include/sodium/crypto_core_salsa20.h
+++ b/libs/libsodium/src/include/sodium/crypto_core_salsa20.h
@@ -1,35 +1,36 @@
-#ifndef crypto_core_salsa20_H
-#define crypto_core_salsa20_H
-
-#include <stddef.h>
-#include "export.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#define crypto_core_salsa20_OUTPUTBYTES 64U
-SODIUM_EXPORT
-size_t crypto_core_salsa20_outputbytes(void);
-
-#define crypto_core_salsa20_INPUTBYTES 16U
-SODIUM_EXPORT
-size_t crypto_core_salsa20_inputbytes(void);
-
-#define crypto_core_salsa20_KEYBYTES 32U
-SODIUM_EXPORT
-size_t crypto_core_salsa20_keybytes(void);
-
-#define crypto_core_salsa20_CONSTBYTES 16U
-SODIUM_EXPORT
-size_t crypto_core_salsa20_constbytes(void);
-
-SODIUM_EXPORT
-int crypto_core_salsa20(unsigned char *out, const unsigned char *in,
- const unsigned char *k, const unsigned char *c);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
+#ifndef crypto_core_salsa20_H
+#define crypto_core_salsa20_H
+
+#include <stddef.h>
+#include "export.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define crypto_core_salsa20_OUTPUTBYTES 64U
+SODIUM_EXPORT
+size_t crypto_core_salsa20_outputbytes(void);
+
+#define crypto_core_salsa20_INPUTBYTES 16U
+SODIUM_EXPORT
+size_t crypto_core_salsa20_inputbytes(void);
+
+#define crypto_core_salsa20_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_core_salsa20_keybytes(void);
+
+#define crypto_core_salsa20_CONSTBYTES 16U
+SODIUM_EXPORT
+size_t crypto_core_salsa20_constbytes(void);
+
+SODIUM_EXPORT
+int crypto_core_salsa20(unsigned char *out, const unsigned char *in,
+ const unsigned char *k, const unsigned char *c)
+ __attribute__ ((nonnull(1, 2, 3)));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/libs/libsodium/src/include/sodium/crypto_core_salsa2012.h b/libs/libsodium/src/include/sodium/crypto_core_salsa2012.h
index bdd5f9fdbb..3879d8d97c 100644
--- a/libs/libsodium/src/include/sodium/crypto_core_salsa2012.h
+++ b/libs/libsodium/src/include/sodium/crypto_core_salsa2012.h
@@ -1,35 +1,36 @@
-#ifndef crypto_core_salsa2012_H
-#define crypto_core_salsa2012_H
-
-#include <stddef.h>
-#include "export.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#define crypto_core_salsa2012_OUTPUTBYTES 64U
-SODIUM_EXPORT
-size_t crypto_core_salsa2012_outputbytes(void);
-
-#define crypto_core_salsa2012_INPUTBYTES 16U
-SODIUM_EXPORT
-size_t crypto_core_salsa2012_inputbytes(void);
-
-#define crypto_core_salsa2012_KEYBYTES 32U
-SODIUM_EXPORT
-size_t crypto_core_salsa2012_keybytes(void);
-
-#define crypto_core_salsa2012_CONSTBYTES 16U
-SODIUM_EXPORT
-size_t crypto_core_salsa2012_constbytes(void);
-
-SODIUM_EXPORT
-int crypto_core_salsa2012(unsigned char *out, const unsigned char *in,
- const unsigned char *k, const unsigned char *c);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
+#ifndef crypto_core_salsa2012_H
+#define crypto_core_salsa2012_H
+
+#include <stddef.h>
+#include "export.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define crypto_core_salsa2012_OUTPUTBYTES 64U
+SODIUM_EXPORT
+size_t crypto_core_salsa2012_outputbytes(void);
+
+#define crypto_core_salsa2012_INPUTBYTES 16U
+SODIUM_EXPORT
+size_t crypto_core_salsa2012_inputbytes(void);
+
+#define crypto_core_salsa2012_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_core_salsa2012_keybytes(void);
+
+#define crypto_core_salsa2012_CONSTBYTES 16U
+SODIUM_EXPORT
+size_t crypto_core_salsa2012_constbytes(void);
+
+SODIUM_EXPORT
+int crypto_core_salsa2012(unsigned char *out, const unsigned char *in,
+ const unsigned char *k, const unsigned char *c)
+ __attribute__ ((nonnull(1, 2, 3)));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/libs/libsodium/src/include/sodium/crypto_core_salsa208.h b/libs/libsodium/src/include/sodium/crypto_core_salsa208.h
index 876bda8936..4e4d99366e 100644
--- a/libs/libsodium/src/include/sodium/crypto_core_salsa208.h
+++ b/libs/libsodium/src/include/sodium/crypto_core_salsa208.h
@@ -1,39 +1,40 @@
-#ifndef crypto_core_salsa208_H
-#define crypto_core_salsa208_H
-
-#include <stddef.h>
-#include "export.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#define crypto_core_salsa208_OUTPUTBYTES 64U
-SODIUM_EXPORT
-size_t crypto_core_salsa208_outputbytes(void)
- __attribute__ ((deprecated));
-
-#define crypto_core_salsa208_INPUTBYTES 16U
-SODIUM_EXPORT
-size_t crypto_core_salsa208_inputbytes(void)
- __attribute__ ((deprecated));
-
-#define crypto_core_salsa208_KEYBYTES 32U
-SODIUM_EXPORT
-size_t crypto_core_salsa208_keybytes(void)
- __attribute__ ((deprecated));
-
-#define crypto_core_salsa208_CONSTBYTES 16U
-SODIUM_EXPORT
-size_t crypto_core_salsa208_constbytes(void)
- __attribute__ ((deprecated));
-
-SODIUM_EXPORT
-int crypto_core_salsa208(unsigned char *out, const unsigned char *in,
- const unsigned char *k, const unsigned char *c);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
+#ifndef crypto_core_salsa208_H
+#define crypto_core_salsa208_H
+
+#include <stddef.h>
+#include "export.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define crypto_core_salsa208_OUTPUTBYTES 64U
+SODIUM_EXPORT
+size_t crypto_core_salsa208_outputbytes(void)
+ __attribute__ ((deprecated));
+
+#define crypto_core_salsa208_INPUTBYTES 16U
+SODIUM_EXPORT
+size_t crypto_core_salsa208_inputbytes(void)
+ __attribute__ ((deprecated));
+
+#define crypto_core_salsa208_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_core_salsa208_keybytes(void)
+ __attribute__ ((deprecated));
+
+#define crypto_core_salsa208_CONSTBYTES 16U
+SODIUM_EXPORT
+size_t crypto_core_salsa208_constbytes(void)
+ __attribute__ ((deprecated));
+
+SODIUM_EXPORT
+int crypto_core_salsa208(unsigned char *out, const unsigned char *in,
+ const unsigned char *k, const unsigned char *c)
+ __attribute__ ((nonnull(1, 2, 3)));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/libs/libsodium/src/include/sodium/crypto_generichash.h b/libs/libsodium/src/include/sodium/crypto_generichash.h
index a5e1646fd1..c1cc435fd7 100644
--- a/libs/libsodium/src/include/sodium/crypto_generichash.h
+++ b/libs/libsodium/src/include/sodium/crypto_generichash.h
@@ -1,79 +1,84 @@
-#ifndef crypto_generichash_H
-#define crypto_generichash_H
-
-#include <stddef.h>
-
-#include "crypto_generichash_blake2b.h"
-#include "export.h"
-
-#ifdef __cplusplus
-# ifdef __GNUC__
-# pragma GCC diagnostic ignored "-Wlong-long"
-# endif
-extern "C" {
-#endif
-
-#define crypto_generichash_BYTES_MIN crypto_generichash_blake2b_BYTES_MIN
-SODIUM_EXPORT
-size_t crypto_generichash_bytes_min(void);
-
-#define crypto_generichash_BYTES_MAX crypto_generichash_blake2b_BYTES_MAX
-SODIUM_EXPORT
-size_t crypto_generichash_bytes_max(void);
-
-#define crypto_generichash_BYTES crypto_generichash_blake2b_BYTES
-SODIUM_EXPORT
-size_t crypto_generichash_bytes(void);
-
-#define crypto_generichash_KEYBYTES_MIN crypto_generichash_blake2b_KEYBYTES_MIN
-SODIUM_EXPORT
-size_t crypto_generichash_keybytes_min(void);
-
-#define crypto_generichash_KEYBYTES_MAX crypto_generichash_blake2b_KEYBYTES_MAX
-SODIUM_EXPORT
-size_t crypto_generichash_keybytes_max(void);
-
-#define crypto_generichash_KEYBYTES crypto_generichash_blake2b_KEYBYTES
-SODIUM_EXPORT
-size_t crypto_generichash_keybytes(void);
-
-#define crypto_generichash_PRIMITIVE "blake2b"
-SODIUM_EXPORT
-const char *crypto_generichash_primitive(void);
-
-/*
- * Important when writing bindings for other programming languages:
- * the state address *must* be 64-bytes aligned.
- */
-typedef crypto_generichash_blake2b_state crypto_generichash_state;
-
-SODIUM_EXPORT
-size_t crypto_generichash_statebytes(void);
-
-SODIUM_EXPORT
-int crypto_generichash(unsigned char *out, size_t outlen,
- const unsigned char *in, unsigned long long inlen,
- const unsigned char *key, size_t keylen);
-
-SODIUM_EXPORT
-int crypto_generichash_init(crypto_generichash_state *state,
- const unsigned char *key,
- const size_t keylen, const size_t outlen);
-
-SODIUM_EXPORT
-int crypto_generichash_update(crypto_generichash_state *state,
- const unsigned char *in,
- unsigned long long inlen);
-
-SODIUM_EXPORT
-int crypto_generichash_final(crypto_generichash_state *state,
- unsigned char *out, const size_t outlen);
-
-SODIUM_EXPORT
-void crypto_generichash_keygen(unsigned char k[crypto_generichash_KEYBYTES]);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
+#ifndef crypto_generichash_H
+#define crypto_generichash_H
+
+#include <stddef.h>
+
+#include "crypto_generichash_blake2b.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+# pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_generichash_BYTES_MIN crypto_generichash_blake2b_BYTES_MIN
+SODIUM_EXPORT
+size_t crypto_generichash_bytes_min(void);
+
+#define crypto_generichash_BYTES_MAX crypto_generichash_blake2b_BYTES_MAX
+SODIUM_EXPORT
+size_t crypto_generichash_bytes_max(void);
+
+#define crypto_generichash_BYTES crypto_generichash_blake2b_BYTES
+SODIUM_EXPORT
+size_t crypto_generichash_bytes(void);
+
+#define crypto_generichash_KEYBYTES_MIN crypto_generichash_blake2b_KEYBYTES_MIN
+SODIUM_EXPORT
+size_t crypto_generichash_keybytes_min(void);
+
+#define crypto_generichash_KEYBYTES_MAX crypto_generichash_blake2b_KEYBYTES_MAX
+SODIUM_EXPORT
+size_t crypto_generichash_keybytes_max(void);
+
+#define crypto_generichash_KEYBYTES crypto_generichash_blake2b_KEYBYTES
+SODIUM_EXPORT
+size_t crypto_generichash_keybytes(void);
+
+#define crypto_generichash_PRIMITIVE "blake2b"
+SODIUM_EXPORT
+const char *crypto_generichash_primitive(void);
+
+/*
+ * Important when writing bindings for other programming languages:
+ * the state address should be 64-bytes aligned.
+ */
+typedef crypto_generichash_blake2b_state crypto_generichash_state;
+
+SODIUM_EXPORT
+size_t crypto_generichash_statebytes(void);
+
+SODIUM_EXPORT
+int crypto_generichash(unsigned char *out, size_t outlen,
+ const unsigned char *in, unsigned long long inlen,
+ const unsigned char *key, size_t keylen)
+ __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_generichash_init(crypto_generichash_state *state,
+ const unsigned char *key,
+ const size_t keylen, const size_t outlen)
+ __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_generichash_update(crypto_generichash_state *state,
+ const unsigned char *in,
+ unsigned long long inlen)
+ __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_generichash_final(crypto_generichash_state *state,
+ unsigned char *out, const size_t outlen)
+ __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_generichash_keygen(unsigned char k[crypto_generichash_KEYBYTES])
+ __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/libs/libsodium/src/include/sodium/crypto_generichash_blake2b.h b/libs/libsodium/src/include/sodium/crypto_generichash_blake2b.h
index 9326a04ad1..3e4b8a1059 100644
--- a/libs/libsodium/src/include/sodium/crypto_generichash_blake2b.h
+++ b/libs/libsodium/src/include/sodium/crypto_generichash_blake2b.h
@@ -1,117 +1,118 @@
-#ifndef crypto_generichash_blake2b_H
-#define crypto_generichash_blake2b_H
-
-#include <stddef.h>
-#include <stdint.h>
-#include <stdlib.h>
-
-#include "export.h"
-
-#ifdef __cplusplus
-# ifdef __GNUC__
-# pragma GCC diagnostic ignored "-Wlong-long"
-# endif
-extern "C" {
-#endif
-
-#if defined(__IBMC__) || defined(__SUNPRO_C) || defined(__SUNPRO_CC)
-# pragma pack(1)
-#else
-# pragma pack(push, 1)
-#endif
-
-typedef struct CRYPTO_ALIGN(64) crypto_generichash_blake2b_state {
- uint64_t h[8];
- uint64_t t[2];
- uint64_t f[2];
- uint8_t buf[2 * 128];
- size_t buflen;
- uint8_t last_node;
-} crypto_generichash_blake2b_state;
-
-#if defined(__IBMC__) || defined(__SUNPRO_C) || defined(__SUNPRO_CC)
-# pragma pack()
-#else
-# pragma pack(pop)
-#endif
-
-#define crypto_generichash_blake2b_BYTES_MIN 16U
-SODIUM_EXPORT
-size_t crypto_generichash_blake2b_bytes_min(void);
-
-#define crypto_generichash_blake2b_BYTES_MAX 64U
-SODIUM_EXPORT
-size_t crypto_generichash_blake2b_bytes_max(void);
-
-#define crypto_generichash_blake2b_BYTES 32U
-SODIUM_EXPORT
-size_t crypto_generichash_blake2b_bytes(void);
-
-#define crypto_generichash_blake2b_KEYBYTES_MIN 16U
-SODIUM_EXPORT
-size_t crypto_generichash_blake2b_keybytes_min(void);
-
-#define crypto_generichash_blake2b_KEYBYTES_MAX 64U
-SODIUM_EXPORT
-size_t crypto_generichash_blake2b_keybytes_max(void);
-
-#define crypto_generichash_blake2b_KEYBYTES 32U
-SODIUM_EXPORT
-size_t crypto_generichash_blake2b_keybytes(void);
-
-#define crypto_generichash_blake2b_SALTBYTES 16U
-SODIUM_EXPORT
-size_t crypto_generichash_blake2b_saltbytes(void);
-
-#define crypto_generichash_blake2b_PERSONALBYTES 16U
-SODIUM_EXPORT
-size_t crypto_generichash_blake2b_personalbytes(void);
-
-SODIUM_EXPORT
-size_t crypto_generichash_blake2b_statebytes(void);
-
-SODIUM_EXPORT
-int crypto_generichash_blake2b(unsigned char *out, size_t outlen,
- const unsigned char *in,
- unsigned long long inlen,
- const unsigned char *key, size_t keylen);
-
-SODIUM_EXPORT
-int crypto_generichash_blake2b_salt_personal(unsigned char *out, size_t outlen,
- const unsigned char *in,
- unsigned long long inlen,
- const unsigned char *key,
- size_t keylen,
- const unsigned char *salt,
- const unsigned char *personal);
-
-SODIUM_EXPORT
-int crypto_generichash_blake2b_init(crypto_generichash_blake2b_state *state,
- const unsigned char *key,
- const size_t keylen, const size_t outlen);
-
-SODIUM_EXPORT
-int crypto_generichash_blake2b_init_salt_personal(crypto_generichash_blake2b_state *state,
- const unsigned char *key,
- const size_t keylen, const size_t outlen,
- const unsigned char *salt,
- const unsigned char *personal);
-
-SODIUM_EXPORT
-int crypto_generichash_blake2b_update(crypto_generichash_blake2b_state *state,
- const unsigned char *in,
- unsigned long long inlen);
-
-SODIUM_EXPORT
-int crypto_generichash_blake2b_final(crypto_generichash_blake2b_state *state,
- unsigned char *out,
- const size_t outlen);
-
-SODIUM_EXPORT
-void crypto_generichash_blake2b_keygen(unsigned char k[crypto_generichash_blake2b_KEYBYTES]);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
+#ifndef crypto_generichash_blake2b_H
+#define crypto_generichash_blake2b_H
+
+#include <stddef.h>
+#include <stdint.h>
+#include <stdlib.h>
+
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+# pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#if defined(__IBMC__) || defined(__SUNPRO_C) || defined(__SUNPRO_CC)
+# pragma pack(1)
+#else
+# pragma pack(push, 1)
+#endif
+
+typedef struct CRYPTO_ALIGN(64) crypto_generichash_blake2b_state {
+ unsigned char opaque[384];
+} crypto_generichash_blake2b_state;
+
+#if defined(__IBMC__) || defined(__SUNPRO_C) || defined(__SUNPRO_CC)
+# pragma pack()
+#else
+# pragma pack(pop)
+#endif
+
+#define crypto_generichash_blake2b_BYTES_MIN 16U
+SODIUM_EXPORT
+size_t crypto_generichash_blake2b_bytes_min(void);
+
+#define crypto_generichash_blake2b_BYTES_MAX 64U
+SODIUM_EXPORT
+size_t crypto_generichash_blake2b_bytes_max(void);
+
+#define crypto_generichash_blake2b_BYTES 32U
+SODIUM_EXPORT
+size_t crypto_generichash_blake2b_bytes(void);
+
+#define crypto_generichash_blake2b_KEYBYTES_MIN 16U
+SODIUM_EXPORT
+size_t crypto_generichash_blake2b_keybytes_min(void);
+
+#define crypto_generichash_blake2b_KEYBYTES_MAX 64U
+SODIUM_EXPORT
+size_t crypto_generichash_blake2b_keybytes_max(void);
+
+#define crypto_generichash_blake2b_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_generichash_blake2b_keybytes(void);
+
+#define crypto_generichash_blake2b_SALTBYTES 16U
+SODIUM_EXPORT
+size_t crypto_generichash_blake2b_saltbytes(void);
+
+#define crypto_generichash_blake2b_PERSONALBYTES 16U
+SODIUM_EXPORT
+size_t crypto_generichash_blake2b_personalbytes(void);
+
+SODIUM_EXPORT
+size_t crypto_generichash_blake2b_statebytes(void);
+
+SODIUM_EXPORT
+int crypto_generichash_blake2b(unsigned char *out, size_t outlen,
+ const unsigned char *in,
+ unsigned long long inlen,
+ const unsigned char *key, size_t keylen)
+ __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_generichash_blake2b_salt_personal(unsigned char *out, size_t outlen,
+ const unsigned char *in,
+ unsigned long long inlen,
+ const unsigned char *key,
+ size_t keylen,
+ const unsigned char *salt,
+ const unsigned char *personal)
+ __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_generichash_blake2b_init(crypto_generichash_blake2b_state *state,
+ const unsigned char *key,
+ const size_t keylen, const size_t outlen)
+ __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_generichash_blake2b_init_salt_personal(crypto_generichash_blake2b_state *state,
+ const unsigned char *key,
+ const size_t keylen, const size_t outlen,
+ const unsigned char *salt,
+ const unsigned char *personal)
+ __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_generichash_blake2b_update(crypto_generichash_blake2b_state *state,
+ const unsigned char *in,
+ unsigned long long inlen)
+ __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_generichash_blake2b_final(crypto_generichash_blake2b_state *state,
+ unsigned char *out,
+ const size_t outlen) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_generichash_blake2b_keygen(unsigned char k[crypto_generichash_blake2b_KEYBYTES])
+ __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/libs/libsodium/src/include/sodium/crypto_hash.h b/libs/libsodium/src/include/sodium/crypto_hash.h
index 302ed5c5ea..c5e338e3ba 100644
--- a/libs/libsodium/src/include/sodium/crypto_hash.h
+++ b/libs/libsodium/src/include/sodium/crypto_hash.h
@@ -1,40 +1,40 @@
-#ifndef crypto_hash_H
-#define crypto_hash_H
-
-/*
- * WARNING: Unless you absolutely need to use SHA512 for interoperatibility,
- * purposes, you might want to consider crypto_generichash() instead.
- * Unlike SHA512, crypto_generichash() is not vulnerable to length
- * extension attacks.
- */
-
-#include <stddef.h>
-
-#include "crypto_hash_sha512.h"
-#include "export.h"
-
-#ifdef __cplusplus
-# ifdef __GNUC__
-# pragma GCC diagnostic ignored "-Wlong-long"
-# endif
-extern "C" {
-#endif
-
-#define crypto_hash_BYTES crypto_hash_sha512_BYTES
-SODIUM_EXPORT
-size_t crypto_hash_bytes(void);
-
-SODIUM_EXPORT
-int crypto_hash(unsigned char *out, const unsigned char *in,
- unsigned long long inlen);
-
-#define crypto_hash_PRIMITIVE "sha512"
-SODIUM_EXPORT
-const char *crypto_hash_primitive(void)
- __attribute__ ((warn_unused_result));
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
+#ifndef crypto_hash_H
+#define crypto_hash_H
+
+/*
+ * WARNING: Unless you absolutely need to use SHA512 for interoperatibility,
+ * purposes, you might want to consider crypto_generichash() instead.
+ * Unlike SHA512, crypto_generichash() is not vulnerable to length
+ * extension attacks.
+ */
+
+#include <stddef.h>
+
+#include "crypto_hash_sha512.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+# pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_hash_BYTES crypto_hash_sha512_BYTES
+SODIUM_EXPORT
+size_t crypto_hash_bytes(void);
+
+SODIUM_EXPORT
+int crypto_hash(unsigned char *out, const unsigned char *in,
+ unsigned long long inlen) __attribute__ ((nonnull));
+
+#define crypto_hash_PRIMITIVE "sha512"
+SODIUM_EXPORT
+const char *crypto_hash_primitive(void)
+ __attribute__ ((warn_unused_result));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/libs/libsodium/src/include/sodium/crypto_hash_sha256.h b/libs/libsodium/src/include/sodium/crypto_hash_sha256.h
index f64d16e0e5..a53c2f104d 100644
--- a/libs/libsodium/src/include/sodium/crypto_hash_sha256.h
+++ b/libs/libsodium/src/include/sodium/crypto_hash_sha256.h
@@ -1,57 +1,60 @@
-#ifndef crypto_hash_sha256_H
-#define crypto_hash_sha256_H
-
-/*
- * WARNING: Unless you absolutely need to use SHA256 for interoperatibility,
- * purposes, you might want to consider crypto_generichash() instead.
- * Unlike SHA256, crypto_generichash() is not vulnerable to length
- * extension attacks.
- */
-
-#include <stddef.h>
-#include <stdint.h>
-#include <stdlib.h>
-
-#include "export.h"
-
-#ifdef __cplusplus
-# ifdef __GNUC__
-# pragma GCC diagnostic ignored "-Wlong-long"
-# endif
-extern "C" {
-#endif
-
-typedef struct crypto_hash_sha256_state {
- uint32_t state[8];
- uint64_t count;
- uint8_t buf[64];
-} crypto_hash_sha256_state;
-
-SODIUM_EXPORT
-size_t crypto_hash_sha256_statebytes(void);
-
-#define crypto_hash_sha256_BYTES 32U
-SODIUM_EXPORT
-size_t crypto_hash_sha256_bytes(void);
-
-SODIUM_EXPORT
-int crypto_hash_sha256(unsigned char *out, const unsigned char *in,
- unsigned long long inlen);
-
-SODIUM_EXPORT
-int crypto_hash_sha256_init(crypto_hash_sha256_state *state);
-
-SODIUM_EXPORT
-int crypto_hash_sha256_update(crypto_hash_sha256_state *state,
- const unsigned char *in,
- unsigned long long inlen);
-
-SODIUM_EXPORT
-int crypto_hash_sha256_final(crypto_hash_sha256_state *state,
- unsigned char *out);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
+#ifndef crypto_hash_sha256_H
+#define crypto_hash_sha256_H
+
+/*
+ * WARNING: Unless you absolutely need to use SHA256 for interoperatibility,
+ * purposes, you might want to consider crypto_generichash() instead.
+ * Unlike SHA256, crypto_generichash() is not vulnerable to length
+ * extension attacks.
+ */
+
+#include <stddef.h>
+#include <stdint.h>
+#include <stdlib.h>
+
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+# pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+typedef struct crypto_hash_sha256_state {
+ uint32_t state[8];
+ uint64_t count;
+ uint8_t buf[64];
+} crypto_hash_sha256_state;
+
+SODIUM_EXPORT
+size_t crypto_hash_sha256_statebytes(void);
+
+#define crypto_hash_sha256_BYTES 32U
+SODIUM_EXPORT
+size_t crypto_hash_sha256_bytes(void);
+
+SODIUM_EXPORT
+int crypto_hash_sha256(unsigned char *out, const unsigned char *in,
+ unsigned long long inlen) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_hash_sha256_init(crypto_hash_sha256_state *state)
+ __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_hash_sha256_update(crypto_hash_sha256_state *state,
+ const unsigned char *in,
+ unsigned long long inlen)
+ __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_hash_sha256_final(crypto_hash_sha256_state *state,
+ unsigned char *out)
+ __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/libs/libsodium/src/include/sodium/crypto_hash_sha512.h b/libs/libsodium/src/include/sodium/crypto_hash_sha512.h
index 6b0330f14f..02aea29641 100644
--- a/libs/libsodium/src/include/sodium/crypto_hash_sha512.h
+++ b/libs/libsodium/src/include/sodium/crypto_hash_sha512.h
@@ -1,57 +1,60 @@
-#ifndef crypto_hash_sha512_H
-#define crypto_hash_sha512_H
-
-/*
- * WARNING: Unless you absolutely need to use SHA512 for interoperatibility,
- * purposes, you might want to consider crypto_generichash() instead.
- * Unlike SHA512, crypto_generichash() is not vulnerable to length
- * extension attacks.
- */
-
-#include <stddef.h>
-#include <stdint.h>
-#include <stdlib.h>
-
-#include "export.h"
-
-#ifdef __cplusplus
-# ifdef __GNUC__
-# pragma GCC diagnostic ignored "-Wlong-long"
-# endif
-extern "C" {
-#endif
-
-typedef struct crypto_hash_sha512_state {
- uint64_t state[8];
- uint64_t count[2];
- uint8_t buf[128];
-} crypto_hash_sha512_state;
-
-SODIUM_EXPORT
-size_t crypto_hash_sha512_statebytes(void);
-
-#define crypto_hash_sha512_BYTES 64U
-SODIUM_EXPORT
-size_t crypto_hash_sha512_bytes(void);
-
-SODIUM_EXPORT
-int crypto_hash_sha512(unsigned char *out, const unsigned char *in,
- unsigned long long inlen);
-
-SODIUM_EXPORT
-int crypto_hash_sha512_init(crypto_hash_sha512_state *state);
-
-SODIUM_EXPORT
-int crypto_hash_sha512_update(crypto_hash_sha512_state *state,
- const unsigned char *in,
- unsigned long long inlen);
-
-SODIUM_EXPORT
-int crypto_hash_sha512_final(crypto_hash_sha512_state *state,
- unsigned char *out);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
+#ifndef crypto_hash_sha512_H
+#define crypto_hash_sha512_H
+
+/*
+ * WARNING: Unless you absolutely need to use SHA512 for interoperatibility,
+ * purposes, you might want to consider crypto_generichash() instead.
+ * Unlike SHA512, crypto_generichash() is not vulnerable to length
+ * extension attacks.
+ */
+
+#include <stddef.h>
+#include <stdint.h>
+#include <stdlib.h>
+
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+# pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+typedef struct crypto_hash_sha512_state {
+ uint64_t state[8];
+ uint64_t count[2];
+ uint8_t buf[128];
+} crypto_hash_sha512_state;
+
+SODIUM_EXPORT
+size_t crypto_hash_sha512_statebytes(void);
+
+#define crypto_hash_sha512_BYTES 64U
+SODIUM_EXPORT
+size_t crypto_hash_sha512_bytes(void);
+
+SODIUM_EXPORT
+int crypto_hash_sha512(unsigned char *out, const unsigned char *in,
+ unsigned long long inlen) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_hash_sha512_init(crypto_hash_sha512_state *state)
+ __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_hash_sha512_update(crypto_hash_sha512_state *state,
+ const unsigned char *in,
+ unsigned long long inlen)
+ __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_hash_sha512_final(crypto_hash_sha512_state *state,
+ unsigned char *out)
+ __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/libs/libsodium/src/include/sodium/crypto_kdf.h b/libs/libsodium/src/include/sodium/crypto_kdf.h
index 52e496a744..755bc34453 100644
--- a/libs/libsodium/src/include/sodium/crypto_kdf.h
+++ b/libs/libsodium/src/include/sodium/crypto_kdf.h
@@ -1,51 +1,53 @@
-#ifndef crypto_kdf_H
-#define crypto_kdf_H
-
-#include <stddef.h>
-#include <stdint.h>
-
-#include "crypto_kdf_blake2b.h"
-#include "export.h"
-
-#ifdef __cplusplus
-# ifdef __GNUC__
-# pragma GCC diagnostic ignored "-Wlong-long"
-# endif
-extern "C" {
-#endif
-
-#define crypto_kdf_BYTES_MIN crypto_kdf_blake2b_BYTES_MIN
-SODIUM_EXPORT
-size_t crypto_kdf_bytes_min(void);
-
-#define crypto_kdf_BYTES_MAX crypto_kdf_blake2b_BYTES_MAX
-SODIUM_EXPORT
-size_t crypto_kdf_bytes_max(void);
-
-#define crypto_kdf_CONTEXTBYTES crypto_kdf_blake2b_CONTEXTBYTES
-SODIUM_EXPORT
-size_t crypto_kdf_contextbytes(void);
-
-#define crypto_kdf_KEYBYTES crypto_kdf_blake2b_KEYBYTES
-SODIUM_EXPORT
-size_t crypto_kdf_keybytes(void);
-
-#define crypto_kdf_PRIMITIVE "blake2b"
-SODIUM_EXPORT
-const char *crypto_kdf_primitive(void)
- __attribute__ ((warn_unused_result));
-
-SODIUM_EXPORT
-int crypto_kdf_derive_from_key(unsigned char *subkey, size_t subkey_len,
- uint64_t subkey_id,
- const char ctx[crypto_kdf_CONTEXTBYTES],
- const unsigned char key[crypto_kdf_KEYBYTES]);
-
-SODIUM_EXPORT
-void crypto_kdf_keygen(unsigned char k[crypto_kdf_KEYBYTES]);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
+#ifndef crypto_kdf_H
+#define crypto_kdf_H
+
+#include <stddef.h>
+#include <stdint.h>
+
+#include "crypto_kdf_blake2b.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+# pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_kdf_BYTES_MIN crypto_kdf_blake2b_BYTES_MIN
+SODIUM_EXPORT
+size_t crypto_kdf_bytes_min(void);
+
+#define crypto_kdf_BYTES_MAX crypto_kdf_blake2b_BYTES_MAX
+SODIUM_EXPORT
+size_t crypto_kdf_bytes_max(void);
+
+#define crypto_kdf_CONTEXTBYTES crypto_kdf_blake2b_CONTEXTBYTES
+SODIUM_EXPORT
+size_t crypto_kdf_contextbytes(void);
+
+#define crypto_kdf_KEYBYTES crypto_kdf_blake2b_KEYBYTES
+SODIUM_EXPORT
+size_t crypto_kdf_keybytes(void);
+
+#define crypto_kdf_PRIMITIVE "blake2b"
+SODIUM_EXPORT
+const char *crypto_kdf_primitive(void)
+ __attribute__ ((warn_unused_result));
+
+SODIUM_EXPORT
+int crypto_kdf_derive_from_key(unsigned char *subkey, size_t subkey_len,
+ uint64_t subkey_id,
+ const char ctx[crypto_kdf_CONTEXTBYTES],
+ const unsigned char key[crypto_kdf_KEYBYTES])
+ __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_kdf_keygen(unsigned char k[crypto_kdf_KEYBYTES])
+ __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/libs/libsodium/src/include/sodium/crypto_kdf_blake2b.h b/libs/libsodium/src/include/sodium/crypto_kdf_blake2b.h
index 5480ebe82f..add4a1921c 100644
--- a/libs/libsodium/src/include/sodium/crypto_kdf_blake2b.h
+++ b/libs/libsodium/src/include/sodium/crypto_kdf_blake2b.h
@@ -1,42 +1,44 @@
-#ifndef crypto_kdf_blake2b_H
-#define crypto_kdf_blake2b_H
-
-#include <stddef.h>
-#include <stdint.h>
-
-#include "crypto_kdf_blake2b.h"
-#include "export.h"
-
-#ifdef __cplusplus
-# ifdef __GNUC__
-# pragma GCC diagnostic ignored "-Wlong-long"
-# endif
-extern "C" {
-#endif
-
-#define crypto_kdf_blake2b_BYTES_MIN 16
-SODIUM_EXPORT
-size_t crypto_kdf_blake2b_bytes_min(void);
-
-#define crypto_kdf_blake2b_BYTES_MAX 64
-SODIUM_EXPORT
-size_t crypto_kdf_blake2b_bytes_max(void);
-
-#define crypto_kdf_blake2b_CONTEXTBYTES 8
-SODIUM_EXPORT
-size_t crypto_kdf_blake2b_contextbytes(void);
-
-#define crypto_kdf_blake2b_KEYBYTES 32
-SODIUM_EXPORT
-size_t crypto_kdf_blake2b_keybytes(void);
-
-SODIUM_EXPORT
-int crypto_kdf_blake2b_derive_from_key(unsigned char *subkey, size_t subkey_len,
- uint64_t subkey_id,
- const char ctx[crypto_kdf_blake2b_CONTEXTBYTES],
- const unsigned char key[crypto_kdf_blake2b_KEYBYTES]);
-#ifdef __cplusplus
-}
-#endif
-
-#endif
+#ifndef crypto_kdf_blake2b_H
+#define crypto_kdf_blake2b_H
+
+#include <stddef.h>
+#include <stdint.h>
+
+#include "crypto_kdf_blake2b.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+# pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_kdf_blake2b_BYTES_MIN 16
+SODIUM_EXPORT
+size_t crypto_kdf_blake2b_bytes_min(void);
+
+#define crypto_kdf_blake2b_BYTES_MAX 64
+SODIUM_EXPORT
+size_t crypto_kdf_blake2b_bytes_max(void);
+
+#define crypto_kdf_blake2b_CONTEXTBYTES 8
+SODIUM_EXPORT
+size_t crypto_kdf_blake2b_contextbytes(void);
+
+#define crypto_kdf_blake2b_KEYBYTES 32
+SODIUM_EXPORT
+size_t crypto_kdf_blake2b_keybytes(void);
+
+SODIUM_EXPORT
+int crypto_kdf_blake2b_derive_from_key(unsigned char *subkey, size_t subkey_len,
+ uint64_t subkey_id,
+ const char ctx[crypto_kdf_blake2b_CONTEXTBYTES],
+ const unsigned char key[crypto_kdf_blake2b_KEYBYTES])
+ __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/libs/libsodium/src/include/sodium/crypto_kx.h b/libs/libsodium/src/include/sodium/crypto_kx.h
index d1fce90da5..5c6adc1648 100644
--- a/libs/libsodium/src/include/sodium/crypto_kx.h
+++ b/libs/libsodium/src/include/sodium/crypto_kx.h
@@ -1,64 +1,66 @@
-#ifndef crypto_kx_H
-#define crypto_kx_H
-
-#include <stddef.h>
-
-#include "export.h"
-
-#ifdef __cplusplus
-# ifdef __GNUC__
-# pragma GCC diagnostic ignored "-Wlong-long"
-# endif
-extern "C" {
-#endif
-
-#define crypto_kx_PUBLICKEYBYTES 32
-SODIUM_EXPORT
-size_t crypto_kx_publickeybytes(void);
-
-#define crypto_kx_SECRETKEYBYTES 32
-SODIUM_EXPORT
-size_t crypto_kx_secretkeybytes(void);
-
-#define crypto_kx_SEEDBYTES 32
-SODIUM_EXPORT
-size_t crypto_kx_seedbytes(void);
-
-#define crypto_kx_SESSIONKEYBYTES 32
-SODIUM_EXPORT
-size_t crypto_kx_sessionkeybytes(void);
-
-#define crypto_kx_PRIMITIVE "x25519blake2b"
-SODIUM_EXPORT
-const char *crypto_kx_primitive(void);
-
-SODIUM_EXPORT
-int crypto_kx_seed_keypair(unsigned char pk[crypto_kx_PUBLICKEYBYTES],
- unsigned char sk[crypto_kx_SECRETKEYBYTES],
- const unsigned char seed[crypto_kx_SEEDBYTES]);
-
-SODIUM_EXPORT
-int crypto_kx_keypair(unsigned char pk[crypto_kx_PUBLICKEYBYTES],
- unsigned char sk[crypto_kx_SECRETKEYBYTES]);
-
-SODIUM_EXPORT
-int crypto_kx_client_session_keys(unsigned char rx[crypto_kx_SESSIONKEYBYTES],
- unsigned char tx[crypto_kx_SESSIONKEYBYTES],
- const unsigned char client_pk[crypto_kx_PUBLICKEYBYTES],
- const unsigned char client_sk[crypto_kx_SECRETKEYBYTES],
- const unsigned char server_pk[crypto_kx_PUBLICKEYBYTES])
- __attribute__ ((warn_unused_result));
-
-SODIUM_EXPORT
-int crypto_kx_server_session_keys(unsigned char rx[crypto_kx_SESSIONKEYBYTES],
- unsigned char tx[crypto_kx_SESSIONKEYBYTES],
- const unsigned char server_pk[crypto_kx_PUBLICKEYBYTES],
- const unsigned char server_sk[crypto_kx_SECRETKEYBYTES],
- const unsigned char client_pk[crypto_kx_PUBLICKEYBYTES])
- __attribute__ ((warn_unused_result));
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
+#ifndef crypto_kx_H
+#define crypto_kx_H
+
+#include <stddef.h>
+
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+# pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_kx_PUBLICKEYBYTES 32
+SODIUM_EXPORT
+size_t crypto_kx_publickeybytes(void);
+
+#define crypto_kx_SECRETKEYBYTES 32
+SODIUM_EXPORT
+size_t crypto_kx_secretkeybytes(void);
+
+#define crypto_kx_SEEDBYTES 32
+SODIUM_EXPORT
+size_t crypto_kx_seedbytes(void);
+
+#define crypto_kx_SESSIONKEYBYTES 32
+SODIUM_EXPORT
+size_t crypto_kx_sessionkeybytes(void);
+
+#define crypto_kx_PRIMITIVE "x25519blake2b"
+SODIUM_EXPORT
+const char *crypto_kx_primitive(void);
+
+SODIUM_EXPORT
+int crypto_kx_seed_keypair(unsigned char pk[crypto_kx_PUBLICKEYBYTES],
+ unsigned char sk[crypto_kx_SECRETKEYBYTES],
+ const unsigned char seed[crypto_kx_SEEDBYTES])
+ __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_kx_keypair(unsigned char pk[crypto_kx_PUBLICKEYBYTES],
+ unsigned char sk[crypto_kx_SECRETKEYBYTES])
+ __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_kx_client_session_keys(unsigned char rx[crypto_kx_SESSIONKEYBYTES],
+ unsigned char tx[crypto_kx_SESSIONKEYBYTES],
+ const unsigned char client_pk[crypto_kx_PUBLICKEYBYTES],
+ const unsigned char client_sk[crypto_kx_SECRETKEYBYTES],
+ const unsigned char server_pk[crypto_kx_PUBLICKEYBYTES])
+ __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 4, 5)));
+
+SODIUM_EXPORT
+int crypto_kx_server_session_keys(unsigned char rx[crypto_kx_SESSIONKEYBYTES],
+ unsigned char tx[crypto_kx_SESSIONKEYBYTES],
+ const unsigned char server_pk[crypto_kx_PUBLICKEYBYTES],
+ const unsigned char server_sk[crypto_kx_SECRETKEYBYTES],
+ const unsigned char client_pk[crypto_kx_PUBLICKEYBYTES])
+ __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 4, 5)));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/libs/libsodium/src/include/sodium/crypto_onetimeauth.h b/libs/libsodium/src/include/sodium/crypto_onetimeauth.h
index 5951c5b82d..ab856b9cbe 100644
--- a/libs/libsodium/src/include/sodium/crypto_onetimeauth.h
+++ b/libs/libsodium/src/include/sodium/crypto_onetimeauth.h
@@ -1,62 +1,65 @@
-#ifndef crypto_onetimeauth_H
-#define crypto_onetimeauth_H
-
-#include <stddef.h>
-
-#include "crypto_onetimeauth_poly1305.h"
-#include "export.h"
-
-#ifdef __cplusplus
-# ifdef __GNUC__
-# pragma GCC diagnostic ignored "-Wlong-long"
-# endif
-extern "C" {
-#endif
-
-typedef crypto_onetimeauth_poly1305_state crypto_onetimeauth_state;
-
-SODIUM_EXPORT
-size_t crypto_onetimeauth_statebytes(void);
-
-#define crypto_onetimeauth_BYTES crypto_onetimeauth_poly1305_BYTES
-SODIUM_EXPORT
-size_t crypto_onetimeauth_bytes(void);
-
-#define crypto_onetimeauth_KEYBYTES crypto_onetimeauth_poly1305_KEYBYTES
-SODIUM_EXPORT
-size_t crypto_onetimeauth_keybytes(void);
-
-#define crypto_onetimeauth_PRIMITIVE "poly1305"
-SODIUM_EXPORT
-const char *crypto_onetimeauth_primitive(void);
-
-SODIUM_EXPORT
-int crypto_onetimeauth(unsigned char *out, const unsigned char *in,
- unsigned long long inlen, const unsigned char *k);
-
-SODIUM_EXPORT
-int crypto_onetimeauth_verify(const unsigned char *h, const unsigned char *in,
- unsigned long long inlen, const unsigned char *k)
- __attribute__ ((warn_unused_result));
-
-SODIUM_EXPORT
-int crypto_onetimeauth_init(crypto_onetimeauth_state *state,
- const unsigned char *key);
-
-SODIUM_EXPORT
-int crypto_onetimeauth_update(crypto_onetimeauth_state *state,
- const unsigned char *in,
- unsigned long long inlen);
-
-SODIUM_EXPORT
-int crypto_onetimeauth_final(crypto_onetimeauth_state *state,
- unsigned char *out);
-
-SODIUM_EXPORT
-void crypto_onetimeauth_keygen(unsigned char k[crypto_onetimeauth_KEYBYTES]);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
+#ifndef crypto_onetimeauth_H
+#define crypto_onetimeauth_H
+
+#include <stddef.h>
+
+#include "crypto_onetimeauth_poly1305.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+# pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+typedef crypto_onetimeauth_poly1305_state crypto_onetimeauth_state;
+
+SODIUM_EXPORT
+size_t crypto_onetimeauth_statebytes(void);
+
+#define crypto_onetimeauth_BYTES crypto_onetimeauth_poly1305_BYTES
+SODIUM_EXPORT
+size_t crypto_onetimeauth_bytes(void);
+
+#define crypto_onetimeauth_KEYBYTES crypto_onetimeauth_poly1305_KEYBYTES
+SODIUM_EXPORT
+size_t crypto_onetimeauth_keybytes(void);
+
+#define crypto_onetimeauth_PRIMITIVE "poly1305"
+SODIUM_EXPORT
+const char *crypto_onetimeauth_primitive(void);
+
+SODIUM_EXPORT
+int crypto_onetimeauth(unsigned char *out, const unsigned char *in,
+ unsigned long long inlen, const unsigned char *k)
+ __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_onetimeauth_verify(const unsigned char *h, const unsigned char *in,
+ unsigned long long inlen, const unsigned char *k)
+ __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_onetimeauth_init(crypto_onetimeauth_state *state,
+ const unsigned char *key) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_onetimeauth_update(crypto_onetimeauth_state *state,
+ const unsigned char *in,
+ unsigned long long inlen)
+ __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_onetimeauth_final(crypto_onetimeauth_state *state,
+ unsigned char *out) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_onetimeauth_keygen(unsigned char k[crypto_onetimeauth_KEYBYTES])
+ __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/libs/libsodium/src/include/sodium/crypto_onetimeauth_poly1305.h b/libs/libsodium/src/include/sodium/crypto_onetimeauth_poly1305.h
index 4b89c4f019..510f20561b 100644
--- a/libs/libsodium/src/include/sodium/crypto_onetimeauth_poly1305.h
+++ b/libs/libsodium/src/include/sodium/crypto_onetimeauth_poly1305.h
@@ -1,67 +1,72 @@
-#ifndef crypto_onetimeauth_poly1305_H
-#define crypto_onetimeauth_poly1305_H
-
-#ifdef __cplusplus
-# ifdef __GNUC__
-# pragma GCC diagnostic ignored "-Wlong-long"
-# endif
-extern "C" {
-#endif
-
-#include <stdint.h>
-#include <stdio.h>
-#include <stdlib.h>
-
-#include <sys/types.h>
-
-#include "export.h"
-
-typedef struct CRYPTO_ALIGN(16) crypto_onetimeauth_poly1305_state {
- unsigned char opaque[256];
-} crypto_onetimeauth_poly1305_state;
-
-SODIUM_EXPORT
-size_t crypto_onetimeauth_poly1305_statebytes(void);
-
-#define crypto_onetimeauth_poly1305_BYTES 16U
-SODIUM_EXPORT
-size_t crypto_onetimeauth_poly1305_bytes(void);
-
-#define crypto_onetimeauth_poly1305_KEYBYTES 32U
-SODIUM_EXPORT
-size_t crypto_onetimeauth_poly1305_keybytes(void);
-
-SODIUM_EXPORT
-int crypto_onetimeauth_poly1305(unsigned char *out,
- const unsigned char *in,
- unsigned long long inlen,
- const unsigned char *k);
-
-SODIUM_EXPORT
-int crypto_onetimeauth_poly1305_verify(const unsigned char *h,
- const unsigned char *in,
- unsigned long long inlen,
- const unsigned char *k)
- __attribute__ ((warn_unused_result));
-
-SODIUM_EXPORT
-int crypto_onetimeauth_poly1305_init(crypto_onetimeauth_poly1305_state *state,
- const unsigned char *key);
-
-SODIUM_EXPORT
-int crypto_onetimeauth_poly1305_update(crypto_onetimeauth_poly1305_state *state,
- const unsigned char *in,
- unsigned long long inlen);
-
-SODIUM_EXPORT
-int crypto_onetimeauth_poly1305_final(crypto_onetimeauth_poly1305_state *state,
- unsigned char *out);
-
-SODIUM_EXPORT
-void crypto_onetimeauth_poly1305_keygen(unsigned char k[crypto_onetimeauth_poly1305_KEYBYTES]);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
+#ifndef crypto_onetimeauth_poly1305_H
+#define crypto_onetimeauth_poly1305_H
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+# pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+#include <sys/types.h>
+
+#include "export.h"
+
+typedef struct CRYPTO_ALIGN(16) crypto_onetimeauth_poly1305_state {
+ unsigned char opaque[256];
+} crypto_onetimeauth_poly1305_state;
+
+SODIUM_EXPORT
+size_t crypto_onetimeauth_poly1305_statebytes(void);
+
+#define crypto_onetimeauth_poly1305_BYTES 16U
+SODIUM_EXPORT
+size_t crypto_onetimeauth_poly1305_bytes(void);
+
+#define crypto_onetimeauth_poly1305_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_onetimeauth_poly1305_keybytes(void);
+
+SODIUM_EXPORT
+int crypto_onetimeauth_poly1305(unsigned char *out,
+ const unsigned char *in,
+ unsigned long long inlen,
+ const unsigned char *k)
+ __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_onetimeauth_poly1305_verify(const unsigned char *h,
+ const unsigned char *in,
+ unsigned long long inlen,
+ const unsigned char *k)
+ __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_onetimeauth_poly1305_init(crypto_onetimeauth_poly1305_state *state,
+ const unsigned char *key)
+ __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_onetimeauth_poly1305_update(crypto_onetimeauth_poly1305_state *state,
+ const unsigned char *in,
+ unsigned long long inlen)
+ __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_onetimeauth_poly1305_final(crypto_onetimeauth_poly1305_state *state,
+ unsigned char *out)
+ __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_onetimeauth_poly1305_keygen(unsigned char k[crypto_onetimeauth_poly1305_KEYBYTES])
+ __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/libs/libsodium/src/include/sodium/crypto_pwhash.h b/libs/libsodium/src/include/sodium/crypto_pwhash.h
index 2c76461f44..e398522b82 100644
--- a/libs/libsodium/src/include/sodium/crypto_pwhash.h
+++ b/libs/libsodium/src/include/sodium/crypto_pwhash.h
@@ -1,147 +1,147 @@
-#ifndef crypto_pwhash_H
-#define crypto_pwhash_H
-
-#include <stddef.h>
-
-#include "crypto_pwhash_argon2i.h"
-#include "crypto_pwhash_argon2id.h"
-#include "export.h"
-
-#ifdef __cplusplus
-# ifdef __GNUC__
-# pragma GCC diagnostic ignored "-Wlong-long"
-# endif
-extern "C" {
-#endif
-
-#define crypto_pwhash_ALG_ARGON2I13 crypto_pwhash_argon2i_ALG_ARGON2I13
-SODIUM_EXPORT
-int crypto_pwhash_alg_argon2i13(void);
-
-#define crypto_pwhash_ALG_ARGON2ID13 crypto_pwhash_argon2id_ALG_ARGON2ID13
-SODIUM_EXPORT
-int crypto_pwhash_alg_argon2id13(void);
-
-#define crypto_pwhash_ALG_DEFAULT crypto_pwhash_ALG_ARGON2ID13
-SODIUM_EXPORT
-int crypto_pwhash_alg_default(void);
-
-#define crypto_pwhash_BYTES_MIN crypto_pwhash_argon2id_BYTES_MIN
-SODIUM_EXPORT
-size_t crypto_pwhash_bytes_min(void);
-
-#define crypto_pwhash_BYTES_MAX crypto_pwhash_argon2id_BYTES_MAX
-SODIUM_EXPORT
-size_t crypto_pwhash_bytes_max(void);
-
-#define crypto_pwhash_PASSWD_MIN crypto_pwhash_argon2id_PASSWD_MIN
-SODIUM_EXPORT
-size_t crypto_pwhash_passwd_min(void);
-
-#define crypto_pwhash_PASSWD_MAX crypto_pwhash_argon2id_PASSWD_MAX
-SODIUM_EXPORT
-size_t crypto_pwhash_passwd_max(void);
-
-#define crypto_pwhash_SALTBYTES crypto_pwhash_argon2id_SALTBYTES
-SODIUM_EXPORT
-size_t crypto_pwhash_saltbytes(void);
-
-#define crypto_pwhash_STRBYTES crypto_pwhash_argon2id_STRBYTES
-SODIUM_EXPORT
-size_t crypto_pwhash_strbytes(void);
-
-#define crypto_pwhash_STRPREFIX crypto_pwhash_argon2id_STRPREFIX
-SODIUM_EXPORT
-const char *crypto_pwhash_strprefix(void);
-
-#define crypto_pwhash_OPSLIMIT_MIN crypto_pwhash_argon2id_OPSLIMIT_MIN
-SODIUM_EXPORT
-size_t crypto_pwhash_opslimit_min(void);
-
-#define crypto_pwhash_OPSLIMIT_MAX crypto_pwhash_argon2id_OPSLIMIT_MAX
-SODIUM_EXPORT
-size_t crypto_pwhash_opslimit_max(void);
-
-#define crypto_pwhash_MEMLIMIT_MIN crypto_pwhash_argon2id_MEMLIMIT_MIN
-SODIUM_EXPORT
-size_t crypto_pwhash_memlimit_min(void);
-
-#define crypto_pwhash_MEMLIMIT_MAX crypto_pwhash_argon2id_MEMLIMIT_MAX
-SODIUM_EXPORT
-size_t crypto_pwhash_memlimit_max(void);
-
-#define crypto_pwhash_OPSLIMIT_INTERACTIVE crypto_pwhash_argon2id_OPSLIMIT_INTERACTIVE
-SODIUM_EXPORT
-size_t crypto_pwhash_opslimit_interactive(void);
-
-#define crypto_pwhash_MEMLIMIT_INTERACTIVE crypto_pwhash_argon2id_MEMLIMIT_INTERACTIVE
-SODIUM_EXPORT
-size_t crypto_pwhash_memlimit_interactive(void);
-
-#define crypto_pwhash_OPSLIMIT_MODERATE crypto_pwhash_argon2id_OPSLIMIT_MODERATE
-SODIUM_EXPORT
-size_t crypto_pwhash_opslimit_moderate(void);
-
-#define crypto_pwhash_MEMLIMIT_MODERATE crypto_pwhash_argon2id_MEMLIMIT_MODERATE
-SODIUM_EXPORT
-size_t crypto_pwhash_memlimit_moderate(void);
-
-#define crypto_pwhash_OPSLIMIT_SENSITIVE crypto_pwhash_argon2id_OPSLIMIT_SENSITIVE
-SODIUM_EXPORT
-size_t crypto_pwhash_opslimit_sensitive(void);
-
-#define crypto_pwhash_MEMLIMIT_SENSITIVE crypto_pwhash_argon2id_MEMLIMIT_SENSITIVE
-SODIUM_EXPORT
-size_t crypto_pwhash_memlimit_sensitive(void);
-
-/*
- * With this function, do not forget to store all parameters, including the
- * algorithm identifier in order to produce deterministic output.
- * The crypto_pwhash_* definitions, including crypto_pwhash_ALG_DEFAULT,
- * may change.
- */
-SODIUM_EXPORT
-int crypto_pwhash(unsigned char * const out, unsigned long long outlen,
- const char * const passwd, unsigned long long passwdlen,
- const unsigned char * const salt,
- unsigned long long opslimit, size_t memlimit, int alg)
- __attribute__ ((warn_unused_result));
-
-/*
- * The output string already includes all the required parameters, including
- * the algorithm identifier. The string is all that has to be stored in
- * order to verify a password.
- */
-SODIUM_EXPORT
-int crypto_pwhash_str(char out[crypto_pwhash_STRBYTES],
- const char * const passwd, unsigned long long passwdlen,
- unsigned long long opslimit, size_t memlimit)
- __attribute__ ((warn_unused_result));
-
-SODIUM_EXPORT
-int crypto_pwhash_str_alg(char out[crypto_pwhash_STRBYTES],
- const char * const passwd, unsigned long long passwdlen,
- unsigned long long opslimit, size_t memlimit, int alg)
- __attribute__ ((warn_unused_result));
-
-SODIUM_EXPORT
-int crypto_pwhash_str_verify(const char str[crypto_pwhash_STRBYTES],
- const char * const passwd,
- unsigned long long passwdlen)
- __attribute__ ((warn_unused_result));
-
-SODIUM_EXPORT
-int crypto_pwhash_str_needs_rehash(const char str[crypto_pwhash_STRBYTES],
- unsigned long long opslimit, size_t memlimit)
- __attribute__ ((warn_unused_result));
-
-#define crypto_pwhash_PRIMITIVE "argon2i"
-SODIUM_EXPORT
-const char *crypto_pwhash_primitive(void)
- __attribute__ ((warn_unused_result));
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
+#ifndef crypto_pwhash_H
+#define crypto_pwhash_H
+
+#include <stddef.h>
+
+#include "crypto_pwhash_argon2i.h"
+#include "crypto_pwhash_argon2id.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+# pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_pwhash_ALG_ARGON2I13 crypto_pwhash_argon2i_ALG_ARGON2I13
+SODIUM_EXPORT
+int crypto_pwhash_alg_argon2i13(void);
+
+#define crypto_pwhash_ALG_ARGON2ID13 crypto_pwhash_argon2id_ALG_ARGON2ID13
+SODIUM_EXPORT
+int crypto_pwhash_alg_argon2id13(void);
+
+#define crypto_pwhash_ALG_DEFAULT crypto_pwhash_ALG_ARGON2ID13
+SODIUM_EXPORT
+int crypto_pwhash_alg_default(void);
+
+#define crypto_pwhash_BYTES_MIN crypto_pwhash_argon2id_BYTES_MIN
+SODIUM_EXPORT
+size_t crypto_pwhash_bytes_min(void);
+
+#define crypto_pwhash_BYTES_MAX crypto_pwhash_argon2id_BYTES_MAX
+SODIUM_EXPORT
+size_t crypto_pwhash_bytes_max(void);
+
+#define crypto_pwhash_PASSWD_MIN crypto_pwhash_argon2id_PASSWD_MIN
+SODIUM_EXPORT
+size_t crypto_pwhash_passwd_min(void);
+
+#define crypto_pwhash_PASSWD_MAX crypto_pwhash_argon2id_PASSWD_MAX
+SODIUM_EXPORT
+size_t crypto_pwhash_passwd_max(void);
+
+#define crypto_pwhash_SALTBYTES crypto_pwhash_argon2id_SALTBYTES
+SODIUM_EXPORT
+size_t crypto_pwhash_saltbytes(void);
+
+#define crypto_pwhash_STRBYTES crypto_pwhash_argon2id_STRBYTES
+SODIUM_EXPORT
+size_t crypto_pwhash_strbytes(void);
+
+#define crypto_pwhash_STRPREFIX crypto_pwhash_argon2id_STRPREFIX
+SODIUM_EXPORT
+const char *crypto_pwhash_strprefix(void);
+
+#define crypto_pwhash_OPSLIMIT_MIN crypto_pwhash_argon2id_OPSLIMIT_MIN
+SODIUM_EXPORT
+size_t crypto_pwhash_opslimit_min(void);
+
+#define crypto_pwhash_OPSLIMIT_MAX crypto_pwhash_argon2id_OPSLIMIT_MAX
+SODIUM_EXPORT
+size_t crypto_pwhash_opslimit_max(void);
+
+#define crypto_pwhash_MEMLIMIT_MIN crypto_pwhash_argon2id_MEMLIMIT_MIN
+SODIUM_EXPORT
+size_t crypto_pwhash_memlimit_min(void);
+
+#define crypto_pwhash_MEMLIMIT_MAX crypto_pwhash_argon2id_MEMLIMIT_MAX
+SODIUM_EXPORT
+size_t crypto_pwhash_memlimit_max(void);
+
+#define crypto_pwhash_OPSLIMIT_INTERACTIVE crypto_pwhash_argon2id_OPSLIMIT_INTERACTIVE
+SODIUM_EXPORT
+size_t crypto_pwhash_opslimit_interactive(void);
+
+#define crypto_pwhash_MEMLIMIT_INTERACTIVE crypto_pwhash_argon2id_MEMLIMIT_INTERACTIVE
+SODIUM_EXPORT
+size_t crypto_pwhash_memlimit_interactive(void);
+
+#define crypto_pwhash_OPSLIMIT_MODERATE crypto_pwhash_argon2id_OPSLIMIT_MODERATE
+SODIUM_EXPORT
+size_t crypto_pwhash_opslimit_moderate(void);
+
+#define crypto_pwhash_MEMLIMIT_MODERATE crypto_pwhash_argon2id_MEMLIMIT_MODERATE
+SODIUM_EXPORT
+size_t crypto_pwhash_memlimit_moderate(void);
+
+#define crypto_pwhash_OPSLIMIT_SENSITIVE crypto_pwhash_argon2id_OPSLIMIT_SENSITIVE
+SODIUM_EXPORT
+size_t crypto_pwhash_opslimit_sensitive(void);
+
+#define crypto_pwhash_MEMLIMIT_SENSITIVE crypto_pwhash_argon2id_MEMLIMIT_SENSITIVE
+SODIUM_EXPORT
+size_t crypto_pwhash_memlimit_sensitive(void);
+
+/*
+ * With this function, do not forget to store all parameters, including the
+ * algorithm identifier in order to produce deterministic output.
+ * The crypto_pwhash_* definitions, including crypto_pwhash_ALG_DEFAULT,
+ * may change.
+ */
+SODIUM_EXPORT
+int crypto_pwhash(unsigned char * const out, unsigned long long outlen,
+ const char * const passwd, unsigned long long passwdlen,
+ const unsigned char * const salt,
+ unsigned long long opslimit, size_t memlimit, int alg)
+ __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+/*
+ * The output string already includes all the required parameters, including
+ * the algorithm identifier. The string is all that has to be stored in
+ * order to verify a password.
+ */
+SODIUM_EXPORT
+int crypto_pwhash_str(char out[crypto_pwhash_STRBYTES],
+ const char * const passwd, unsigned long long passwdlen,
+ unsigned long long opslimit, size_t memlimit)
+ __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_pwhash_str_alg(char out[crypto_pwhash_STRBYTES],
+ const char * const passwd, unsigned long long passwdlen,
+ unsigned long long opslimit, size_t memlimit, int alg)
+ __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_pwhash_str_verify(const char str[crypto_pwhash_STRBYTES],
+ const char * const passwd,
+ unsigned long long passwdlen)
+ __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_pwhash_str_needs_rehash(const char str[crypto_pwhash_STRBYTES],
+ unsigned long long opslimit, size_t memlimit)
+ __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+#define crypto_pwhash_PRIMITIVE "argon2i"
+SODIUM_EXPORT
+const char *crypto_pwhash_primitive(void)
+ __attribute__ ((warn_unused_result));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/libs/libsodium/src/include/sodium/crypto_pwhash_argon2i.h b/libs/libsodium/src/include/sodium/crypto_pwhash_argon2i.h
index 8e4c1c3531..c5e940c869 100644
--- a/libs/libsodium/src/include/sodium/crypto_pwhash_argon2i.h
+++ b/libs/libsodium/src/include/sodium/crypto_pwhash_argon2i.h
@@ -1,122 +1,122 @@
-#ifndef crypto_pwhash_argon2i_H
-#define crypto_pwhash_argon2i_H
-
-#include <limits.h>
-#include <stddef.h>
-#include <stdint.h>
-
-#include "export.h"
-
-#ifdef __cplusplus
-# ifdef __GNUC__
-# pragma GCC diagnostic ignored "-Wlong-long"
-# endif
-extern "C" {
-#endif
-
-#define crypto_pwhash_argon2i_ALG_ARGON2I13 1
-SODIUM_EXPORT
-int crypto_pwhash_argon2i_alg_argon2i13(void);
-
-#define crypto_pwhash_argon2i_BYTES_MIN 16U
-SODIUM_EXPORT
-size_t crypto_pwhash_argon2i_bytes_min(void);
-
-#define crypto_pwhash_argon2i_BYTES_MAX SODIUM_MIN(SODIUM_SIZE_MAX, 4294967295U)
-SODIUM_EXPORT
-size_t crypto_pwhash_argon2i_bytes_max(void);
-
-#define crypto_pwhash_argon2i_PASSWD_MIN 0U
-SODIUM_EXPORT
-size_t crypto_pwhash_argon2i_passwd_min(void);
-
-#define crypto_pwhash_argon2i_PASSWD_MAX 4294967295U
-SODIUM_EXPORT
-size_t crypto_pwhash_argon2i_passwd_max(void);
-
-#define crypto_pwhash_argon2i_SALTBYTES 16U
-SODIUM_EXPORT
-size_t crypto_pwhash_argon2i_saltbytes(void);
-
-#define crypto_pwhash_argon2i_STRBYTES 128U
-SODIUM_EXPORT
-size_t crypto_pwhash_argon2i_strbytes(void);
-
-#define crypto_pwhash_argon2i_STRPREFIX "$argon2i$"
-SODIUM_EXPORT
-const char *crypto_pwhash_argon2i_strprefix(void);
-
-#define crypto_pwhash_argon2i_OPSLIMIT_MIN 3U
-SODIUM_EXPORT
-size_t crypto_pwhash_argon2i_opslimit_min(void);
-
-#define crypto_pwhash_argon2i_OPSLIMIT_MAX 4294967295U
-SODIUM_EXPORT
-size_t crypto_pwhash_argon2i_opslimit_max(void);
-
-#define crypto_pwhash_argon2i_MEMLIMIT_MIN 8192U
-SODIUM_EXPORT
-size_t crypto_pwhash_argon2i_memlimit_min(void);
-
-#define crypto_pwhash_argon2i_MEMLIMIT_MAX \
- ((SIZE_MAX >= 4398046510080U) ? 4398046510080U : (SIZE_MAX >= 2147483648U) ? 2147483648U : 32768U)
-SODIUM_EXPORT
-size_t crypto_pwhash_argon2i_memlimit_max(void);
-
-#define crypto_pwhash_argon2i_OPSLIMIT_INTERACTIVE 4U
-SODIUM_EXPORT
-size_t crypto_pwhash_argon2i_opslimit_interactive(void);
-
-#define crypto_pwhash_argon2i_MEMLIMIT_INTERACTIVE 33554432U
-SODIUM_EXPORT
-size_t crypto_pwhash_argon2i_memlimit_interactive(void);
-
-#define crypto_pwhash_argon2i_OPSLIMIT_MODERATE 6U
-SODIUM_EXPORT
-size_t crypto_pwhash_argon2i_opslimit_moderate(void);
-
-#define crypto_pwhash_argon2i_MEMLIMIT_MODERATE 134217728U
-SODIUM_EXPORT
-size_t crypto_pwhash_argon2i_memlimit_moderate(void);
-
-#define crypto_pwhash_argon2i_OPSLIMIT_SENSITIVE 8U
-SODIUM_EXPORT
-size_t crypto_pwhash_argon2i_opslimit_sensitive(void);
-
-#define crypto_pwhash_argon2i_MEMLIMIT_SENSITIVE 536870912U
-SODIUM_EXPORT
-size_t crypto_pwhash_argon2i_memlimit_sensitive(void);
-
-SODIUM_EXPORT
-int crypto_pwhash_argon2i(unsigned char * const out,
- unsigned long long outlen,
- const char * const passwd,
- unsigned long long passwdlen,
- const unsigned char * const salt,
- unsigned long long opslimit, size_t memlimit,
- int alg)
- __attribute__ ((warn_unused_result));
-
-SODIUM_EXPORT
-int crypto_pwhash_argon2i_str(char out[crypto_pwhash_argon2i_STRBYTES],
- const char * const passwd,
- unsigned long long passwdlen,
- unsigned long long opslimit, size_t memlimit)
- __attribute__ ((warn_unused_result));
-
-SODIUM_EXPORT
-int crypto_pwhash_argon2i_str_verify(const char str[crypto_pwhash_argon2i_STRBYTES],
- const char * const passwd,
- unsigned long long passwdlen)
- __attribute__ ((warn_unused_result));
-
-SODIUM_EXPORT
-int crypto_pwhash_argon2i_str_needs_rehash(const char str[crypto_pwhash_argon2i_STRBYTES],
- unsigned long long opslimit, size_t memlimit)
- __attribute__ ((warn_unused_result));
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
+#ifndef crypto_pwhash_argon2i_H
+#define crypto_pwhash_argon2i_H
+
+#include <limits.h>
+#include <stddef.h>
+#include <stdint.h>
+
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+# pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_pwhash_argon2i_ALG_ARGON2I13 1
+SODIUM_EXPORT
+int crypto_pwhash_argon2i_alg_argon2i13(void);
+
+#define crypto_pwhash_argon2i_BYTES_MIN 16U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2i_bytes_min(void);
+
+#define crypto_pwhash_argon2i_BYTES_MAX SODIUM_MIN(SODIUM_SIZE_MAX, 4294967295U)
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2i_bytes_max(void);
+
+#define crypto_pwhash_argon2i_PASSWD_MIN 0U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2i_passwd_min(void);
+
+#define crypto_pwhash_argon2i_PASSWD_MAX 4294967295U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2i_passwd_max(void);
+
+#define crypto_pwhash_argon2i_SALTBYTES 16U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2i_saltbytes(void);
+
+#define crypto_pwhash_argon2i_STRBYTES 128U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2i_strbytes(void);
+
+#define crypto_pwhash_argon2i_STRPREFIX "$argon2i$"
+SODIUM_EXPORT
+const char *crypto_pwhash_argon2i_strprefix(void);
+
+#define crypto_pwhash_argon2i_OPSLIMIT_MIN 3U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2i_opslimit_min(void);
+
+#define crypto_pwhash_argon2i_OPSLIMIT_MAX 4294967295U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2i_opslimit_max(void);
+
+#define crypto_pwhash_argon2i_MEMLIMIT_MIN 8192U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2i_memlimit_min(void);
+
+#define crypto_pwhash_argon2i_MEMLIMIT_MAX \
+ ((SIZE_MAX >= 4398046510080U) ? 4398046510080U : (SIZE_MAX >= 2147483648U) ? 2147483648U : 32768U)
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2i_memlimit_max(void);
+
+#define crypto_pwhash_argon2i_OPSLIMIT_INTERACTIVE 4U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2i_opslimit_interactive(void);
+
+#define crypto_pwhash_argon2i_MEMLIMIT_INTERACTIVE 33554432U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2i_memlimit_interactive(void);
+
+#define crypto_pwhash_argon2i_OPSLIMIT_MODERATE 6U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2i_opslimit_moderate(void);
+
+#define crypto_pwhash_argon2i_MEMLIMIT_MODERATE 134217728U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2i_memlimit_moderate(void);
+
+#define crypto_pwhash_argon2i_OPSLIMIT_SENSITIVE 8U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2i_opslimit_sensitive(void);
+
+#define crypto_pwhash_argon2i_MEMLIMIT_SENSITIVE 536870912U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2i_memlimit_sensitive(void);
+
+SODIUM_EXPORT
+int crypto_pwhash_argon2i(unsigned char * const out,
+ unsigned long long outlen,
+ const char * const passwd,
+ unsigned long long passwdlen,
+ const unsigned char * const salt,
+ unsigned long long opslimit, size_t memlimit,
+ int alg)
+ __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_pwhash_argon2i_str(char out[crypto_pwhash_argon2i_STRBYTES],
+ const char * const passwd,
+ unsigned long long passwdlen,
+ unsigned long long opslimit, size_t memlimit)
+ __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_pwhash_argon2i_str_verify(const char str[crypto_pwhash_argon2i_STRBYTES],
+ const char * const passwd,
+ unsigned long long passwdlen)
+ __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_pwhash_argon2i_str_needs_rehash(const char str[crypto_pwhash_argon2i_STRBYTES],
+ unsigned long long opslimit, size_t memlimit)
+ __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/libs/libsodium/src/include/sodium/crypto_pwhash_argon2id.h b/libs/libsodium/src/include/sodium/crypto_pwhash_argon2id.h
index 51b17aa8e3..a8dd1a5260 100644
--- a/libs/libsodium/src/include/sodium/crypto_pwhash_argon2id.h
+++ b/libs/libsodium/src/include/sodium/crypto_pwhash_argon2id.h
@@ -1,122 +1,122 @@
-#ifndef crypto_pwhash_argon2id_H
-#define crypto_pwhash_argon2id_H
-
-#include <limits.h>
-#include <stddef.h>
-#include <stdint.h>
-
-#include "export.h"
-
-#ifdef __cplusplus
-# ifdef __GNUC__
-# pragma GCC diagnostic ignored "-Wlong-long"
-# endif
-extern "C" {
-#endif
-
-#define crypto_pwhash_argon2id_ALG_ARGON2ID13 2
-SODIUM_EXPORT
-int crypto_pwhash_argon2id_alg_argon2id13(void);
-
-#define crypto_pwhash_argon2id_BYTES_MIN 16U
-SODIUM_EXPORT
-size_t crypto_pwhash_argon2id_bytes_min(void);
-
-#define crypto_pwhash_argon2id_BYTES_MAX SODIUM_MIN(SODIUM_SIZE_MAX, 4294967295U)
-SODIUM_EXPORT
-size_t crypto_pwhash_argon2id_bytes_max(void);
-
-#define crypto_pwhash_argon2id_PASSWD_MIN 0U
-SODIUM_EXPORT
-size_t crypto_pwhash_argon2id_passwd_min(void);
-
-#define crypto_pwhash_argon2id_PASSWD_MAX 4294967295U
-SODIUM_EXPORT
-size_t crypto_pwhash_argon2id_passwd_max(void);
-
-#define crypto_pwhash_argon2id_SALTBYTES 16U
-SODIUM_EXPORT
-size_t crypto_pwhash_argon2id_saltbytes(void);
-
-#define crypto_pwhash_argon2id_STRBYTES 128U
-SODIUM_EXPORT
-size_t crypto_pwhash_argon2id_strbytes(void);
-
-#define crypto_pwhash_argon2id_STRPREFIX "$argon2id$"
-SODIUM_EXPORT
-const char *crypto_pwhash_argon2id_strprefix(void);
-
-#define crypto_pwhash_argon2id_OPSLIMIT_MIN 1U
-SODIUM_EXPORT
-size_t crypto_pwhash_argon2id_opslimit_min(void);
-
-#define crypto_pwhash_argon2id_OPSLIMIT_MAX 4294967295U
-SODIUM_EXPORT
-size_t crypto_pwhash_argon2id_opslimit_max(void);
-
-#define crypto_pwhash_argon2id_MEMLIMIT_MIN 8192U
-SODIUM_EXPORT
-size_t crypto_pwhash_argon2id_memlimit_min(void);
-
-#define crypto_pwhash_argon2id_MEMLIMIT_MAX \
- ((SIZE_MAX >= 4398046510080U) ? 4398046510080U : (SIZE_MAX >= 2147483648U) ? 2147483648U : 32768U)
-SODIUM_EXPORT
-size_t crypto_pwhash_argon2id_memlimit_max(void);
-
-#define crypto_pwhash_argon2id_OPSLIMIT_INTERACTIVE 2U
-SODIUM_EXPORT
-size_t crypto_pwhash_argon2id_opslimit_interactive(void);
-
-#define crypto_pwhash_argon2id_MEMLIMIT_INTERACTIVE 67108864U
-SODIUM_EXPORT
-size_t crypto_pwhash_argon2id_memlimit_interactive(void);
-
-#define crypto_pwhash_argon2id_OPSLIMIT_MODERATE 3U
-SODIUM_EXPORT
-size_t crypto_pwhash_argon2id_opslimit_moderate(void);
-
-#define crypto_pwhash_argon2id_MEMLIMIT_MODERATE 268435456U
-SODIUM_EXPORT
-size_t crypto_pwhash_argon2id_memlimit_moderate(void);
-
-#define crypto_pwhash_argon2id_OPSLIMIT_SENSITIVE 4U
-SODIUM_EXPORT
-size_t crypto_pwhash_argon2id_opslimit_sensitive(void);
-
-#define crypto_pwhash_argon2id_MEMLIMIT_SENSITIVE 1073741824U
-SODIUM_EXPORT
-size_t crypto_pwhash_argon2id_memlimit_sensitive(void);
-
-SODIUM_EXPORT
-int crypto_pwhash_argon2id(unsigned char * const out,
- unsigned long long outlen,
- const char * const passwd,
- unsigned long long passwdlen,
- const unsigned char * const salt,
- unsigned long long opslimit, size_t memlimit,
- int alg)
- __attribute__ ((warn_unused_result));
-
-SODIUM_EXPORT
-int crypto_pwhash_argon2id_str(char out[crypto_pwhash_argon2id_STRBYTES],
- const char * const passwd,
- unsigned long long passwdlen,
- unsigned long long opslimit, size_t memlimit)
- __attribute__ ((warn_unused_result));
-
-SODIUM_EXPORT
-int crypto_pwhash_argon2id_str_verify(const char str[crypto_pwhash_argon2id_STRBYTES],
- const char * const passwd,
- unsigned long long passwdlen)
- __attribute__ ((warn_unused_result));
-
-SODIUM_EXPORT
-int crypto_pwhash_argon2id_str_needs_rehash(const char str[crypto_pwhash_argon2id_STRBYTES],
- unsigned long long opslimit, size_t memlimit)
- __attribute__ ((warn_unused_result));
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
+#ifndef crypto_pwhash_argon2id_H
+#define crypto_pwhash_argon2id_H
+
+#include <limits.h>
+#include <stddef.h>
+#include <stdint.h>
+
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+# pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_pwhash_argon2id_ALG_ARGON2ID13 2
+SODIUM_EXPORT
+int crypto_pwhash_argon2id_alg_argon2id13(void);
+
+#define crypto_pwhash_argon2id_BYTES_MIN 16U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2id_bytes_min(void);
+
+#define crypto_pwhash_argon2id_BYTES_MAX SODIUM_MIN(SODIUM_SIZE_MAX, 4294967295U)
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2id_bytes_max(void);
+
+#define crypto_pwhash_argon2id_PASSWD_MIN 0U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2id_passwd_min(void);
+
+#define crypto_pwhash_argon2id_PASSWD_MAX 4294967295U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2id_passwd_max(void);
+
+#define crypto_pwhash_argon2id_SALTBYTES 16U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2id_saltbytes(void);
+
+#define crypto_pwhash_argon2id_STRBYTES 128U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2id_strbytes(void);
+
+#define crypto_pwhash_argon2id_STRPREFIX "$argon2id$"
+SODIUM_EXPORT
+const char *crypto_pwhash_argon2id_strprefix(void);
+
+#define crypto_pwhash_argon2id_OPSLIMIT_MIN 1U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2id_opslimit_min(void);
+
+#define crypto_pwhash_argon2id_OPSLIMIT_MAX 4294967295U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2id_opslimit_max(void);
+
+#define crypto_pwhash_argon2id_MEMLIMIT_MIN 8192U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2id_memlimit_min(void);
+
+#define crypto_pwhash_argon2id_MEMLIMIT_MAX \
+ ((SIZE_MAX >= 4398046510080U) ? 4398046510080U : (SIZE_MAX >= 2147483648U) ? 2147483648U : 32768U)
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2id_memlimit_max(void);
+
+#define crypto_pwhash_argon2id_OPSLIMIT_INTERACTIVE 2U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2id_opslimit_interactive(void);
+
+#define crypto_pwhash_argon2id_MEMLIMIT_INTERACTIVE 67108864U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2id_memlimit_interactive(void);
+
+#define crypto_pwhash_argon2id_OPSLIMIT_MODERATE 3U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2id_opslimit_moderate(void);
+
+#define crypto_pwhash_argon2id_MEMLIMIT_MODERATE 268435456U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2id_memlimit_moderate(void);
+
+#define crypto_pwhash_argon2id_OPSLIMIT_SENSITIVE 4U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2id_opslimit_sensitive(void);
+
+#define crypto_pwhash_argon2id_MEMLIMIT_SENSITIVE 1073741824U
+SODIUM_EXPORT
+size_t crypto_pwhash_argon2id_memlimit_sensitive(void);
+
+SODIUM_EXPORT
+int crypto_pwhash_argon2id(unsigned char * const out,
+ unsigned long long outlen,
+ const char * const passwd,
+ unsigned long long passwdlen,
+ const unsigned char * const salt,
+ unsigned long long opslimit, size_t memlimit,
+ int alg)
+ __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_pwhash_argon2id_str(char out[crypto_pwhash_argon2id_STRBYTES],
+ const char * const passwd,
+ unsigned long long passwdlen,
+ unsigned long long opslimit, size_t memlimit)
+ __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_pwhash_argon2id_str_verify(const char str[crypto_pwhash_argon2id_STRBYTES],
+ const char * const passwd,
+ unsigned long long passwdlen)
+ __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_pwhash_argon2id_str_needs_rehash(const char str[crypto_pwhash_argon2id_STRBYTES],
+ unsigned long long opslimit, size_t memlimit)
+ __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/libs/libsodium/src/include/sodium/crypto_pwhash_scryptsalsa208sha256.h b/libs/libsodium/src/include/sodium/crypto_pwhash_scryptsalsa208sha256.h
index 951b87b962..71893bdd65 100644
--- a/libs/libsodium/src/include/sodium/crypto_pwhash_scryptsalsa208sha256.h
+++ b/libs/libsodium/src/include/sodium/crypto_pwhash_scryptsalsa208sha256.h
@@ -1,120 +1,120 @@
-#ifndef crypto_pwhash_scryptsalsa208sha256_H
-#define crypto_pwhash_scryptsalsa208sha256_H
-
-#include <limits.h>
-#include <stddef.h>
-#include <stdint.h>
-
-#include "export.h"
-
-#ifdef __cplusplus
-# ifdef __GNUC__
-# pragma GCC diagnostic ignored "-Wlong-long"
-# endif
-extern "C" {
-#endif
-
-#define crypto_pwhash_scryptsalsa208sha256_BYTES_MIN 16U
-SODIUM_EXPORT
-size_t crypto_pwhash_scryptsalsa208sha256_bytes_min(void);
-
-#define crypto_pwhash_scryptsalsa208sha256_BYTES_MAX \
- SODIUM_MIN(SODIUM_SIZE_MAX, 0x1fffffffe0ULL)
-SODIUM_EXPORT
-size_t crypto_pwhash_scryptsalsa208sha256_bytes_max(void);
-
-#define crypto_pwhash_scryptsalsa208sha256_PASSWD_MIN 0U
-SODIUM_EXPORT
-size_t crypto_pwhash_scryptsalsa208sha256_passwd_min(void);
-
-#define crypto_pwhash_scryptsalsa208sha256_PASSWD_MAX SODIUM_SIZE_MAX
-SODIUM_EXPORT
-size_t crypto_pwhash_scryptsalsa208sha256_passwd_max(void);
-
-#define crypto_pwhash_scryptsalsa208sha256_SALTBYTES 32U
-SODIUM_EXPORT
-size_t crypto_pwhash_scryptsalsa208sha256_saltbytes(void);
-
-#define crypto_pwhash_scryptsalsa208sha256_STRBYTES 102U
-SODIUM_EXPORT
-size_t crypto_pwhash_scryptsalsa208sha256_strbytes(void);
-
-#define crypto_pwhash_scryptsalsa208sha256_STRPREFIX "$7$"
-SODIUM_EXPORT
-const char *crypto_pwhash_scryptsalsa208sha256_strprefix(void);
-
-#define crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_MIN 32768U
-SODIUM_EXPORT
-size_t crypto_pwhash_scryptsalsa208sha256_opslimit_min(void);
-
-#define crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_MAX 4294967295U
-SODIUM_EXPORT
-size_t crypto_pwhash_scryptsalsa208sha256_opslimit_max(void);
-
-#define crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_MIN 16777216U
-SODIUM_EXPORT
-size_t crypto_pwhash_scryptsalsa208sha256_memlimit_min(void);
-
-#define crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_MAX \
- SODIUM_MIN(SIZE_MAX, 68719476736ULL)
-SODIUM_EXPORT
-size_t crypto_pwhash_scryptsalsa208sha256_memlimit_max(void);
-
-#define crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_INTERACTIVE 524288U
-SODIUM_EXPORT
-size_t crypto_pwhash_scryptsalsa208sha256_opslimit_interactive(void);
-
-#define crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_INTERACTIVE 16777216U
-SODIUM_EXPORT
-size_t crypto_pwhash_scryptsalsa208sha256_memlimit_interactive(void);
-
-#define crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_SENSITIVE 33554432U
-SODIUM_EXPORT
-size_t crypto_pwhash_scryptsalsa208sha256_opslimit_sensitive(void);
-
-#define crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_SENSITIVE 1073741824U
-SODIUM_EXPORT
-size_t crypto_pwhash_scryptsalsa208sha256_memlimit_sensitive(void);
-
-SODIUM_EXPORT
-int crypto_pwhash_scryptsalsa208sha256(unsigned char * const out,
- unsigned long long outlen,
- const char * const passwd,
- unsigned long long passwdlen,
- const unsigned char * const salt,
- unsigned long long opslimit,
- size_t memlimit)
- __attribute__ ((warn_unused_result));
-
-SODIUM_EXPORT
-int crypto_pwhash_scryptsalsa208sha256_str(char out[crypto_pwhash_scryptsalsa208sha256_STRBYTES],
- const char * const passwd,
- unsigned long long passwdlen,
- unsigned long long opslimit,
- size_t memlimit)
- __attribute__ ((warn_unused_result));
-
-SODIUM_EXPORT
-int crypto_pwhash_scryptsalsa208sha256_str_verify(const char str[crypto_pwhash_scryptsalsa208sha256_STRBYTES],
- const char * const passwd,
- unsigned long long passwdlen)
- __attribute__ ((warn_unused_result));
-
-SODIUM_EXPORT
-int crypto_pwhash_scryptsalsa208sha256_ll(const uint8_t * passwd, size_t passwdlen,
- const uint8_t * salt, size_t saltlen,
- uint64_t N, uint32_t r, uint32_t p,
- uint8_t * buf, size_t buflen)
- __attribute__ ((warn_unused_result));
-
-SODIUM_EXPORT
-int crypto_pwhash_scryptsalsa208sha256_str_needs_rehash(const char str[crypto_pwhash_scryptsalsa208sha256_STRBYTES],
- unsigned long long opslimit,
- size_t memlimit)
- __attribute__ ((warn_unused_result));
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
+#ifndef crypto_pwhash_scryptsalsa208sha256_H
+#define crypto_pwhash_scryptsalsa208sha256_H
+
+#include <limits.h>
+#include <stddef.h>
+#include <stdint.h>
+
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+# pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_pwhash_scryptsalsa208sha256_BYTES_MIN 16U
+SODIUM_EXPORT
+size_t crypto_pwhash_scryptsalsa208sha256_bytes_min(void);
+
+#define crypto_pwhash_scryptsalsa208sha256_BYTES_MAX \
+ SODIUM_MIN(SODIUM_SIZE_MAX, 0x1fffffffe0ULL)
+SODIUM_EXPORT
+size_t crypto_pwhash_scryptsalsa208sha256_bytes_max(void);
+
+#define crypto_pwhash_scryptsalsa208sha256_PASSWD_MIN 0U
+SODIUM_EXPORT
+size_t crypto_pwhash_scryptsalsa208sha256_passwd_min(void);
+
+#define crypto_pwhash_scryptsalsa208sha256_PASSWD_MAX SODIUM_SIZE_MAX
+SODIUM_EXPORT
+size_t crypto_pwhash_scryptsalsa208sha256_passwd_max(void);
+
+#define crypto_pwhash_scryptsalsa208sha256_SALTBYTES 32U
+SODIUM_EXPORT
+size_t crypto_pwhash_scryptsalsa208sha256_saltbytes(void);
+
+#define crypto_pwhash_scryptsalsa208sha256_STRBYTES 102U
+SODIUM_EXPORT
+size_t crypto_pwhash_scryptsalsa208sha256_strbytes(void);
+
+#define crypto_pwhash_scryptsalsa208sha256_STRPREFIX "$7$"
+SODIUM_EXPORT
+const char *crypto_pwhash_scryptsalsa208sha256_strprefix(void);
+
+#define crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_MIN 32768U
+SODIUM_EXPORT
+size_t crypto_pwhash_scryptsalsa208sha256_opslimit_min(void);
+
+#define crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_MAX 4294967295U
+SODIUM_EXPORT
+size_t crypto_pwhash_scryptsalsa208sha256_opslimit_max(void);
+
+#define crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_MIN 16777216U
+SODIUM_EXPORT
+size_t crypto_pwhash_scryptsalsa208sha256_memlimit_min(void);
+
+#define crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_MAX \
+ SODIUM_MIN(SIZE_MAX, 68719476736ULL)
+SODIUM_EXPORT
+size_t crypto_pwhash_scryptsalsa208sha256_memlimit_max(void);
+
+#define crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_INTERACTIVE 524288U
+SODIUM_EXPORT
+size_t crypto_pwhash_scryptsalsa208sha256_opslimit_interactive(void);
+
+#define crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_INTERACTIVE 16777216U
+SODIUM_EXPORT
+size_t crypto_pwhash_scryptsalsa208sha256_memlimit_interactive(void);
+
+#define crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_SENSITIVE 33554432U
+SODIUM_EXPORT
+size_t crypto_pwhash_scryptsalsa208sha256_opslimit_sensitive(void);
+
+#define crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_SENSITIVE 1073741824U
+SODIUM_EXPORT
+size_t crypto_pwhash_scryptsalsa208sha256_memlimit_sensitive(void);
+
+SODIUM_EXPORT
+int crypto_pwhash_scryptsalsa208sha256(unsigned char * const out,
+ unsigned long long outlen,
+ const char * const passwd,
+ unsigned long long passwdlen,
+ const unsigned char * const salt,
+ unsigned long long opslimit,
+ size_t memlimit)
+ __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_pwhash_scryptsalsa208sha256_str(char out[crypto_pwhash_scryptsalsa208sha256_STRBYTES],
+ const char * const passwd,
+ unsigned long long passwdlen,
+ unsigned long long opslimit,
+ size_t memlimit)
+ __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_pwhash_scryptsalsa208sha256_str_verify(const char str[crypto_pwhash_scryptsalsa208sha256_STRBYTES],
+ const char * const passwd,
+ unsigned long long passwdlen)
+ __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_pwhash_scryptsalsa208sha256_ll(const uint8_t * passwd, size_t passwdlen,
+ const uint8_t * salt, size_t saltlen,
+ uint64_t N, uint32_t r, uint32_t p,
+ uint8_t * buf, size_t buflen)
+ __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_pwhash_scryptsalsa208sha256_str_needs_rehash(const char str[crypto_pwhash_scryptsalsa208sha256_STRBYTES],
+ unsigned long long opslimit,
+ size_t memlimit)
+ __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/libs/libsodium/src/include/sodium/crypto_scalarmult.h b/libs/libsodium/src/include/sodium/crypto_scalarmult.h
index f7fa6f8f39..842281371f 100644
--- a/libs/libsodium/src/include/sodium/crypto_scalarmult.h
+++ b/libs/libsodium/src/include/sodium/crypto_scalarmult.h
@@ -1,45 +1,46 @@
-#ifndef crypto_scalarmult_H
-#define crypto_scalarmult_H
-
-#include <stddef.h>
-
-#include "crypto_scalarmult_curve25519.h"
-#include "export.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#define crypto_scalarmult_BYTES crypto_scalarmult_curve25519_BYTES
-SODIUM_EXPORT
-size_t crypto_scalarmult_bytes(void);
-
-#define crypto_scalarmult_SCALARBYTES crypto_scalarmult_curve25519_SCALARBYTES
-SODIUM_EXPORT
-size_t crypto_scalarmult_scalarbytes(void);
-
-#define crypto_scalarmult_PRIMITIVE "curve25519"
-SODIUM_EXPORT
-const char *crypto_scalarmult_primitive(void);
-
-SODIUM_EXPORT
-int crypto_scalarmult_base(unsigned char *q, const unsigned char *n);
-
-/*
- * NOTE: Do not use the result of this function directly.
- *
- * Hash the result with the public keys in order to compute a shared
- * secret key: H(q || client_pk || server_pk)
- *
- * Or unless this is not an option, use the crypto_kx() API instead.
- */
-SODIUM_EXPORT
-int crypto_scalarmult(unsigned char *q, const unsigned char *n,
- const unsigned char *p)
- __attribute__ ((warn_unused_result));
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
+#ifndef crypto_scalarmult_H
+#define crypto_scalarmult_H
+
+#include <stddef.h>
+
+#include "crypto_scalarmult_curve25519.h"
+#include "export.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define crypto_scalarmult_BYTES crypto_scalarmult_curve25519_BYTES
+SODIUM_EXPORT
+size_t crypto_scalarmult_bytes(void);
+
+#define crypto_scalarmult_SCALARBYTES crypto_scalarmult_curve25519_SCALARBYTES
+SODIUM_EXPORT
+size_t crypto_scalarmult_scalarbytes(void);
+
+#define crypto_scalarmult_PRIMITIVE "curve25519"
+SODIUM_EXPORT
+const char *crypto_scalarmult_primitive(void);
+
+SODIUM_EXPORT
+int crypto_scalarmult_base(unsigned char *q, const unsigned char *n)
+ __attribute__ ((nonnull));
+
+/*
+ * NOTE: Do not use the result of this function directly.
+ *
+ * Hash the result with the public keys in order to compute a shared
+ * secret key: H(q || client_pk || server_pk)
+ *
+ * Or unless this is not an option, use the crypto_kx() API instead.
+ */
+SODIUM_EXPORT
+int crypto_scalarmult(unsigned char *q, const unsigned char *n,
+ const unsigned char *p)
+ __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/libs/libsodium/src/include/sodium/crypto_scalarmult_curve25519.h b/libs/libsodium/src/include/sodium/crypto_scalarmult_curve25519.h
index ae85eadc22..8a59123303 100644
--- a/libs/libsodium/src/include/sodium/crypto_scalarmult_curve25519.h
+++ b/libs/libsodium/src/include/sodium/crypto_scalarmult_curve25519.h
@@ -1,40 +1,42 @@
-#ifndef crypto_scalarmult_curve25519_H
-#define crypto_scalarmult_curve25519_H
-
-#include <stddef.h>
-
-#include "export.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#define crypto_scalarmult_curve25519_BYTES 32U
-SODIUM_EXPORT
-size_t crypto_scalarmult_curve25519_bytes(void);
-
-#define crypto_scalarmult_curve25519_SCALARBYTES 32U
-SODIUM_EXPORT
-size_t crypto_scalarmult_curve25519_scalarbytes(void);
-
-/*
- * NOTE: Do not use the result of this function directly.
- *
- * Hash the result with the public keys in order to compute a shared
- * secret key: H(q || client_pk || server_pk)
- *
- * Or unless this is not an option, use the crypto_kx() API instead.
- */
-SODIUM_EXPORT
-int crypto_scalarmult_curve25519(unsigned char *q, const unsigned char *n,
- const unsigned char *p)
- __attribute__ ((warn_unused_result));
-
-SODIUM_EXPORT
-int crypto_scalarmult_curve25519_base(unsigned char *q, const unsigned char *n);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
+#ifndef crypto_scalarmult_curve25519_H
+#define crypto_scalarmult_curve25519_H
+
+#include <stddef.h>
+
+#include "export.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define crypto_scalarmult_curve25519_BYTES 32U
+SODIUM_EXPORT
+size_t crypto_scalarmult_curve25519_bytes(void);
+
+#define crypto_scalarmult_curve25519_SCALARBYTES 32U
+SODIUM_EXPORT
+size_t crypto_scalarmult_curve25519_scalarbytes(void);
+
+/*
+ * NOTE: Do not use the result of this function directly.
+ *
+ * Hash the result with the public keys in order to compute a shared
+ * secret key: H(q || client_pk || server_pk)
+ *
+ * Or unless this is not an option, use the crypto_kx() API instead.
+ */
+SODIUM_EXPORT
+int crypto_scalarmult_curve25519(unsigned char *q, const unsigned char *n,
+ const unsigned char *p)
+ __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_scalarmult_curve25519_base(unsigned char *q,
+ const unsigned char *n)
+ __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/libs/libsodium/src/include/sodium/crypto_scalarmult_ed25519.h b/libs/libsodium/src/include/sodium/crypto_scalarmult_ed25519.h
index 3d51235112..a3d562b207 100644
--- a/libs/libsodium/src/include/sodium/crypto_scalarmult_ed25519.h
+++ b/libs/libsodium/src/include/sodium/crypto_scalarmult_ed25519.h
@@ -1,41 +1,51 @@
-
-#ifndef crypto_scalarmult_ed25519_H
-#define crypto_scalarmult_ed25519_H
-
-#include <stddef.h>
-
-#include "export.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#define crypto_scalarmult_ed25519_BYTES 32U
-SODIUM_EXPORT
-size_t crypto_scalarmult_ed25519_bytes(void);
-
-#define crypto_scalarmult_ed25519_SCALARBYTES 32U
-SODIUM_EXPORT
-size_t crypto_scalarmult_ed25519_scalarbytes(void);
-
-/*
- * NOTE: Do not use the result of this function directly.
- *
- * Hash the result with the public keys in order to compute a shared
- * secret key: H(q || client_pk || server_pk)
- *
- * Or unless this is not an option, use the crypto_kx() API instead.
- */
-SODIUM_EXPORT
-int crypto_scalarmult_ed25519(unsigned char *q, const unsigned char *n,
- const unsigned char *p)
- __attribute__ ((warn_unused_result));
-
-SODIUM_EXPORT
-int crypto_scalarmult_ed25519_base(unsigned char *q, const unsigned char *n);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
+
+#ifndef crypto_scalarmult_ed25519_H
+#define crypto_scalarmult_ed25519_H
+
+#include <stddef.h>
+
+#include "export.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define crypto_scalarmult_ed25519_BYTES 32U
+SODIUM_EXPORT
+size_t crypto_scalarmult_ed25519_bytes(void);
+
+#define crypto_scalarmult_ed25519_SCALARBYTES 32U
+SODIUM_EXPORT
+size_t crypto_scalarmult_ed25519_scalarbytes(void);
+
+/*
+ * NOTE: Do not use the result of this function directly.
+ *
+ * Hash the result with the public keys in order to compute a shared
+ * secret key: H(q || client_pk || server_pk)
+ *
+ * Or unless this is not an option, use the crypto_kx() API instead.
+ */
+SODIUM_EXPORT
+int crypto_scalarmult_ed25519(unsigned char *q, const unsigned char *n,
+ const unsigned char *p)
+ __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_scalarmult_ed25519_noclamp(unsigned char *q, const unsigned char *n,
+ const unsigned char *p)
+ __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_scalarmult_ed25519_base(unsigned char *q, const unsigned char *n)
+ __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_scalarmult_ed25519_base_noclamp(unsigned char *q, const unsigned char *n)
+ __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/libs/libsodium/src/include/sodium/crypto_secretbox.h b/libs/libsodium/src/include/sodium/crypto_secretbox.h
index 55e94a0292..c5f653c0a2 100644
--- a/libs/libsodium/src/include/sodium/crypto_secretbox.h
+++ b/libs/libsodium/src/include/sodium/crypto_secretbox.h
@@ -1,91 +1,93 @@
-#ifndef crypto_secretbox_H
-#define crypto_secretbox_H
-
-#include <stddef.h>
-
-#include "crypto_secretbox_xsalsa20poly1305.h"
-#include "export.h"
-
-#ifdef __cplusplus
-# ifdef __GNUC__
-# pragma GCC diagnostic ignored "-Wlong-long"
-# endif
-extern "C" {
-#endif
-
-#define crypto_secretbox_KEYBYTES crypto_secretbox_xsalsa20poly1305_KEYBYTES
-SODIUM_EXPORT
-size_t crypto_secretbox_keybytes(void);
-
-#define crypto_secretbox_NONCEBYTES crypto_secretbox_xsalsa20poly1305_NONCEBYTES
-SODIUM_EXPORT
-size_t crypto_secretbox_noncebytes(void);
-
-#define crypto_secretbox_MACBYTES crypto_secretbox_xsalsa20poly1305_MACBYTES
-SODIUM_EXPORT
-size_t crypto_secretbox_macbytes(void);
-
-#define crypto_secretbox_PRIMITIVE "xsalsa20poly1305"
-SODIUM_EXPORT
-const char *crypto_secretbox_primitive(void);
-
-#define crypto_secretbox_MESSAGEBYTES_MAX crypto_secretbox_xsalsa20poly1305_MESSAGEBYTES_MAX
-SODIUM_EXPORT
-size_t crypto_secretbox_messagebytes_max(void);
-
-SODIUM_EXPORT
-int crypto_secretbox_easy(unsigned char *c, const unsigned char *m,
- unsigned long long mlen, const unsigned char *n,
- const unsigned char *k);
-
-SODIUM_EXPORT
-int crypto_secretbox_open_easy(unsigned char *m, const unsigned char *c,
- unsigned long long clen, const unsigned char *n,
- const unsigned char *k)
- __attribute__ ((warn_unused_result));
-
-SODIUM_EXPORT
-int crypto_secretbox_detached(unsigned char *c, unsigned char *mac,
- const unsigned char *m,
- unsigned long long mlen,
- const unsigned char *n,
- const unsigned char *k);
-
-SODIUM_EXPORT
-int crypto_secretbox_open_detached(unsigned char *m,
- const unsigned char *c,
- const unsigned char *mac,
- unsigned long long clen,
- const unsigned char *n,
- const unsigned char *k)
- __attribute__ ((warn_unused_result));
-
-SODIUM_EXPORT
-void crypto_secretbox_keygen(unsigned char k[crypto_secretbox_KEYBYTES]);
-
-/* -- NaCl compatibility interface ; Requires padding -- */
-
-#define crypto_secretbox_ZEROBYTES crypto_secretbox_xsalsa20poly1305_ZEROBYTES
-SODIUM_EXPORT
-size_t crypto_secretbox_zerobytes(void);
-
-#define crypto_secretbox_BOXZEROBYTES crypto_secretbox_xsalsa20poly1305_BOXZEROBYTES
-SODIUM_EXPORT
-size_t crypto_secretbox_boxzerobytes(void);
-
-SODIUM_EXPORT
-int crypto_secretbox(unsigned char *c, const unsigned char *m,
- unsigned long long mlen, const unsigned char *n,
- const unsigned char *k);
-
-SODIUM_EXPORT
-int crypto_secretbox_open(unsigned char *m, const unsigned char *c,
- unsigned long long clen, const unsigned char *n,
- const unsigned char *k)
- __attribute__ ((warn_unused_result));
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
+#ifndef crypto_secretbox_H
+#define crypto_secretbox_H
+
+#include <stddef.h>
+
+#include "crypto_secretbox_xsalsa20poly1305.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+# pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_secretbox_KEYBYTES crypto_secretbox_xsalsa20poly1305_KEYBYTES
+SODIUM_EXPORT
+size_t crypto_secretbox_keybytes(void);
+
+#define crypto_secretbox_NONCEBYTES crypto_secretbox_xsalsa20poly1305_NONCEBYTES
+SODIUM_EXPORT
+size_t crypto_secretbox_noncebytes(void);
+
+#define crypto_secretbox_MACBYTES crypto_secretbox_xsalsa20poly1305_MACBYTES
+SODIUM_EXPORT
+size_t crypto_secretbox_macbytes(void);
+
+#define crypto_secretbox_PRIMITIVE "xsalsa20poly1305"
+SODIUM_EXPORT
+const char *crypto_secretbox_primitive(void);
+
+#define crypto_secretbox_MESSAGEBYTES_MAX crypto_secretbox_xsalsa20poly1305_MESSAGEBYTES_MAX
+SODIUM_EXPORT
+size_t crypto_secretbox_messagebytes_max(void);
+
+SODIUM_EXPORT
+int crypto_secretbox_easy(unsigned char *c, const unsigned char *m,
+ unsigned long long mlen, const unsigned char *n,
+ const unsigned char *k) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_secretbox_open_easy(unsigned char *m, const unsigned char *c,
+ unsigned long long clen, const unsigned char *n,
+ const unsigned char *k)
+ __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5)));
+
+SODIUM_EXPORT
+int crypto_secretbox_detached(unsigned char *c, unsigned char *mac,
+ const unsigned char *m,
+ unsigned long long mlen,
+ const unsigned char *n,
+ const unsigned char *k)
+ __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_secretbox_open_detached(unsigned char *m,
+ const unsigned char *c,
+ const unsigned char *mac,
+ unsigned long long clen,
+ const unsigned char *n,
+ const unsigned char *k)
+ __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 3, 5, 6)));
+
+SODIUM_EXPORT
+void crypto_secretbox_keygen(unsigned char k[crypto_secretbox_KEYBYTES])
+ __attribute__ ((nonnull));
+
+/* -- NaCl compatibility interface ; Requires padding -- */
+
+#define crypto_secretbox_ZEROBYTES crypto_secretbox_xsalsa20poly1305_ZEROBYTES
+SODIUM_EXPORT
+size_t crypto_secretbox_zerobytes(void);
+
+#define crypto_secretbox_BOXZEROBYTES crypto_secretbox_xsalsa20poly1305_BOXZEROBYTES
+SODIUM_EXPORT
+size_t crypto_secretbox_boxzerobytes(void);
+
+SODIUM_EXPORT
+int crypto_secretbox(unsigned char *c, const unsigned char *m,
+ unsigned long long mlen, const unsigned char *n,
+ const unsigned char *k) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_secretbox_open(unsigned char *m, const unsigned char *c,
+ unsigned long long clen, const unsigned char *n,
+ const unsigned char *k)
+ __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5)));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/libs/libsodium/src/include/sodium/crypto_secretbox_xchacha20poly1305.h b/libs/libsodium/src/include/sodium/crypto_secretbox_xchacha20poly1305.h
index 2919da161c..eb1754e8a6 100644
--- a/libs/libsodium/src/include/sodium/crypto_secretbox_xchacha20poly1305.h
+++ b/libs/libsodium/src/include/sodium/crypto_secretbox_xchacha20poly1305.h
@@ -1,68 +1,70 @@
-#ifndef crypto_secretbox_xchacha20poly1305_H
-#define crypto_secretbox_xchacha20poly1305_H
-
-#include <stddef.h>
-#include "crypto_stream_xchacha20.h"
-#include "export.h"
-
-#ifdef __cplusplus
-# ifdef __GNUC__
-# pragma GCC diagnostic ignored "-Wlong-long"
-# endif
-extern "C" {
-#endif
-
-#define crypto_secretbox_xchacha20poly1305_KEYBYTES 32U
-SODIUM_EXPORT
-size_t crypto_secretbox_xchacha20poly1305_keybytes(void);
-
-#define crypto_secretbox_xchacha20poly1305_NONCEBYTES 24U
-SODIUM_EXPORT
-size_t crypto_secretbox_xchacha20poly1305_noncebytes(void);
-
-#define crypto_secretbox_xchacha20poly1305_MACBYTES 16U
-SODIUM_EXPORT
-size_t crypto_secretbox_xchacha20poly1305_macbytes(void);
-
-#define crypto_secretbox_xchacha20poly1305_MESSAGEBYTES_MAX \
- (crypto_stream_xchacha20_MESSAGEBYTES_MAX - crypto_secretbox_xchacha20poly1305_MACBYTES)
-SODIUM_EXPORT
-size_t crypto_secretbox_xchacha20poly1305_messagebytes_max(void);
-
-SODIUM_EXPORT
-int crypto_secretbox_xchacha20poly1305_easy(unsigned char *c,
- const unsigned char *m,
- unsigned long long mlen,
- const unsigned char *n,
- const unsigned char *k);
-
-SODIUM_EXPORT
-int crypto_secretbox_xchacha20poly1305_open_easy(unsigned char *m,
- const unsigned char *c,
- unsigned long long clen,
- const unsigned char *n,
- const unsigned char *k)
- __attribute__ ((warn_unused_result));
-
-SODIUM_EXPORT
-int crypto_secretbox_xchacha20poly1305_detached(unsigned char *c,
- unsigned char *mac,
- const unsigned char *m,
- unsigned long long mlen,
- const unsigned char *n,
- const unsigned char *k);
-
-SODIUM_EXPORT
-int crypto_secretbox_xchacha20poly1305_open_detached(unsigned char *m,
- const unsigned char *c,
- const unsigned char *mac,
- unsigned long long clen,
- const unsigned char *n,
- const unsigned char *k)
- __attribute__ ((warn_unused_result));
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
+#ifndef crypto_secretbox_xchacha20poly1305_H
+#define crypto_secretbox_xchacha20poly1305_H
+
+#include <stddef.h>
+#include "crypto_stream_xchacha20.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+# pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_secretbox_xchacha20poly1305_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_secretbox_xchacha20poly1305_keybytes(void);
+
+#define crypto_secretbox_xchacha20poly1305_NONCEBYTES 24U
+SODIUM_EXPORT
+size_t crypto_secretbox_xchacha20poly1305_noncebytes(void);
+
+#define crypto_secretbox_xchacha20poly1305_MACBYTES 16U
+SODIUM_EXPORT
+size_t crypto_secretbox_xchacha20poly1305_macbytes(void);
+
+#define crypto_secretbox_xchacha20poly1305_MESSAGEBYTES_MAX \
+ (crypto_stream_xchacha20_MESSAGEBYTES_MAX - crypto_secretbox_xchacha20poly1305_MACBYTES)
+SODIUM_EXPORT
+size_t crypto_secretbox_xchacha20poly1305_messagebytes_max(void);
+
+SODIUM_EXPORT
+int crypto_secretbox_xchacha20poly1305_easy(unsigned char *c,
+ const unsigned char *m,
+ unsigned long long mlen,
+ const unsigned char *n,
+ const unsigned char *k)
+ __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_secretbox_xchacha20poly1305_open_easy(unsigned char *m,
+ const unsigned char *c,
+ unsigned long long clen,
+ const unsigned char *n,
+ const unsigned char *k)
+ __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5)));
+
+SODIUM_EXPORT
+int crypto_secretbox_xchacha20poly1305_detached(unsigned char *c,
+ unsigned char *mac,
+ const unsigned char *m,
+ unsigned long long mlen,
+ const unsigned char *n,
+ const unsigned char *k)
+ __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_secretbox_xchacha20poly1305_open_detached(unsigned char *m,
+ const unsigned char *c,
+ const unsigned char *mac,
+ unsigned long long clen,
+ const unsigned char *n,
+ const unsigned char *k)
+ __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 3, 5, 6)));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/libs/libsodium/src/include/sodium/crypto_secretbox_xsalsa20poly1305.h b/libs/libsodium/src/include/sodium/crypto_secretbox_xsalsa20poly1305.h
index 4b8c7c8ea2..f4d83aa562 100644
--- a/libs/libsodium/src/include/sodium/crypto_secretbox_xsalsa20poly1305.h
+++ b/libs/libsodium/src/include/sodium/crypto_secretbox_xsalsa20poly1305.h
@@ -1,67 +1,69 @@
-#ifndef crypto_secretbox_xsalsa20poly1305_H
-#define crypto_secretbox_xsalsa20poly1305_H
-
-#include <stddef.h>
-#include "crypto_stream_xsalsa20.h"
-#include "export.h"
-
-#ifdef __cplusplus
-# ifdef __GNUC__
-# pragma GCC diagnostic ignored "-Wlong-long"
-# endif
-extern "C" {
-#endif
-
-#define crypto_secretbox_xsalsa20poly1305_KEYBYTES 32U
-SODIUM_EXPORT
-size_t crypto_secretbox_xsalsa20poly1305_keybytes(void);
-
-#define crypto_secretbox_xsalsa20poly1305_NONCEBYTES 24U
-SODIUM_EXPORT
-size_t crypto_secretbox_xsalsa20poly1305_noncebytes(void);
-
-#define crypto_secretbox_xsalsa20poly1305_MACBYTES 16U
-SODIUM_EXPORT
-size_t crypto_secretbox_xsalsa20poly1305_macbytes(void);
-
-/* Only for the libsodium API - The NaCl compatibility API would require BOXZEROBYTES extra bytes */
-#define crypto_secretbox_xsalsa20poly1305_MESSAGEBYTES_MAX \
- (crypto_stream_xsalsa20_MESSAGEBYTES_MAX - crypto_secretbox_xsalsa20poly1305_MACBYTES)
-SODIUM_EXPORT
-size_t crypto_secretbox_xsalsa20poly1305_messagebytes_max(void);
-
-SODIUM_EXPORT
-int crypto_secretbox_xsalsa20poly1305(unsigned char *c,
- const unsigned char *m,
- unsigned long long mlen,
- const unsigned char *n,
- const unsigned char *k);
-
-SODIUM_EXPORT
-int crypto_secretbox_xsalsa20poly1305_open(unsigned char *m,
- const unsigned char *c,
- unsigned long long clen,
- const unsigned char *n,
- const unsigned char *k)
- __attribute__ ((warn_unused_result));
-
-SODIUM_EXPORT
-void crypto_secretbox_xsalsa20poly1305_keygen(unsigned char k[crypto_secretbox_xsalsa20poly1305_KEYBYTES]);
-
-/* -- NaCl compatibility interface ; Requires padding -- */
-
-#define crypto_secretbox_xsalsa20poly1305_BOXZEROBYTES 16U
-SODIUM_EXPORT
-size_t crypto_secretbox_xsalsa20poly1305_boxzerobytes(void);
-
-#define crypto_secretbox_xsalsa20poly1305_ZEROBYTES \
- (crypto_secretbox_xsalsa20poly1305_BOXZEROBYTES + \
- crypto_secretbox_xsalsa20poly1305_MACBYTES)
-SODIUM_EXPORT
-size_t crypto_secretbox_xsalsa20poly1305_zerobytes(void);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
+#ifndef crypto_secretbox_xsalsa20poly1305_H
+#define crypto_secretbox_xsalsa20poly1305_H
+
+#include <stddef.h>
+#include "crypto_stream_xsalsa20.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+# pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_secretbox_xsalsa20poly1305_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_secretbox_xsalsa20poly1305_keybytes(void);
+
+#define crypto_secretbox_xsalsa20poly1305_NONCEBYTES 24U
+SODIUM_EXPORT
+size_t crypto_secretbox_xsalsa20poly1305_noncebytes(void);
+
+#define crypto_secretbox_xsalsa20poly1305_MACBYTES 16U
+SODIUM_EXPORT
+size_t crypto_secretbox_xsalsa20poly1305_macbytes(void);
+
+/* Only for the libsodium API - The NaCl compatibility API would require BOXZEROBYTES extra bytes */
+#define crypto_secretbox_xsalsa20poly1305_MESSAGEBYTES_MAX \
+ (crypto_stream_xsalsa20_MESSAGEBYTES_MAX - crypto_secretbox_xsalsa20poly1305_MACBYTES)
+SODIUM_EXPORT
+size_t crypto_secretbox_xsalsa20poly1305_messagebytes_max(void);
+
+SODIUM_EXPORT
+int crypto_secretbox_xsalsa20poly1305(unsigned char *c,
+ const unsigned char *m,
+ unsigned long long mlen,
+ const unsigned char *n,
+ const unsigned char *k)
+ __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_secretbox_xsalsa20poly1305_open(unsigned char *m,
+ const unsigned char *c,
+ unsigned long long clen,
+ const unsigned char *n,
+ const unsigned char *k)
+ __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5)));
+
+SODIUM_EXPORT
+void crypto_secretbox_xsalsa20poly1305_keygen(unsigned char k[crypto_secretbox_xsalsa20poly1305_KEYBYTES])
+ __attribute__ ((nonnull));
+
+/* -- NaCl compatibility interface ; Requires padding -- */
+
+#define crypto_secretbox_xsalsa20poly1305_BOXZEROBYTES 16U
+SODIUM_EXPORT
+size_t crypto_secretbox_xsalsa20poly1305_boxzerobytes(void);
+
+#define crypto_secretbox_xsalsa20poly1305_ZEROBYTES \
+ (crypto_secretbox_xsalsa20poly1305_BOXZEROBYTES + \
+ crypto_secretbox_xsalsa20poly1305_MACBYTES)
+SODIUM_EXPORT
+size_t crypto_secretbox_xsalsa20poly1305_zerobytes(void);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/libs/libsodium/src/include/sodium/crypto_secretstream_xchacha20poly1305.h b/libs/libsodium/src/include/sodium/crypto_secretstream_xchacha20poly1305.h
index dac273b599..8764d1cbbd 100644
--- a/libs/libsodium/src/include/sodium/crypto_secretstream_xchacha20poly1305.h
+++ b/libs/libsodium/src/include/sodium/crypto_secretstream_xchacha20poly1305.h
@@ -1,103 +1,108 @@
-#ifndef crypto_secretstream_xchacha20poly1305_H
-#define crypto_secretstream_xchacha20poly1305_H
-
-#include <stddef.h>
-
-#include "crypto_aead_xchacha20poly1305.h"
-#include "crypto_stream_chacha20.h"
-#include "export.h"
-
-#ifdef __cplusplus
-# ifdef __GNUC__
-# pragma GCC diagnostic ignored "-Wlong-long"
-# endif
-extern "C" {
-#endif
-
-#define crypto_secretstream_xchacha20poly1305_ABYTES \
- (1U + crypto_aead_xchacha20poly1305_ietf_ABYTES)
-SODIUM_EXPORT
-size_t crypto_secretstream_xchacha20poly1305_abytes(void);
-
-#define crypto_secretstream_xchacha20poly1305_HEADERBYTES \
- crypto_aead_xchacha20poly1305_ietf_NPUBBYTES
-SODIUM_EXPORT
-size_t crypto_secretstream_xchacha20poly1305_headerbytes(void);
-
-#define crypto_secretstream_xchacha20poly1305_KEYBYTES \
- crypto_aead_xchacha20poly1305_ietf_KEYBYTES
-SODIUM_EXPORT
-size_t crypto_secretstream_xchacha20poly1305_keybytes(void);
-
-#define crypto_secretstream_xchacha20poly1305_MESSAGEBYTES_MAX \
- SODIUM_MIN(SODIUM_SIZE_MAX - crypto_secretstream_xchacha20poly1305_ABYTES, \
- (64ULL * ((1ULL << 32) - 2ULL)))
-SODIUM_EXPORT
-size_t crypto_secretstream_xchacha20poly1305_messagebytes_max(void);
-
-#define crypto_secretstream_xchacha20poly1305_TAG_MESSAGE 0x00
-SODIUM_EXPORT
-unsigned char crypto_secretstream_xchacha20poly1305_tag_message(void);
-
-#define crypto_secretstream_xchacha20poly1305_TAG_PUSH 0x01
-SODIUM_EXPORT
-unsigned char crypto_secretstream_xchacha20poly1305_tag_push(void);
-
-#define crypto_secretstream_xchacha20poly1305_TAG_REKEY 0x02
-SODIUM_EXPORT
-unsigned char crypto_secretstream_xchacha20poly1305_tag_rekey(void);
-
-#define crypto_secretstream_xchacha20poly1305_TAG_FINAL \
- (crypto_secretstream_xchacha20poly1305_TAG_PUSH | \
- crypto_secretstream_xchacha20poly1305_TAG_REKEY)
-SODIUM_EXPORT
-unsigned char crypto_secretstream_xchacha20poly1305_tag_final(void);
-
-typedef struct crypto_secretstream_xchacha20poly1305_state {
- unsigned char k[crypto_stream_chacha20_ietf_KEYBYTES];
- unsigned char nonce[crypto_stream_chacha20_ietf_NONCEBYTES];
- unsigned char _pad[8];
-} crypto_secretstream_xchacha20poly1305_state;
-
-SODIUM_EXPORT
-size_t crypto_secretstream_xchacha20poly1305_statebytes(void);
-
-SODIUM_EXPORT
-void crypto_secretstream_xchacha20poly1305_keygen
- (unsigned char k[crypto_secretstream_xchacha20poly1305_KEYBYTES]);
-
-SODIUM_EXPORT
-int crypto_secretstream_xchacha20poly1305_init_push
- (crypto_secretstream_xchacha20poly1305_state *state,
- unsigned char header[crypto_secretstream_xchacha20poly1305_HEADERBYTES],
- const unsigned char k[crypto_secretstream_xchacha20poly1305_KEYBYTES]);
-
-SODIUM_EXPORT
-int crypto_secretstream_xchacha20poly1305_push
- (crypto_secretstream_xchacha20poly1305_state *state,
- unsigned char *c, unsigned long long *clen_p,
- const unsigned char *m, unsigned long long mlen,
- const unsigned char *ad, unsigned long long adlen, unsigned char tag);
-
-SODIUM_EXPORT
-int crypto_secretstream_xchacha20poly1305_init_pull
- (crypto_secretstream_xchacha20poly1305_state *state,
- const unsigned char header[crypto_secretstream_xchacha20poly1305_HEADERBYTES],
- const unsigned char k[crypto_secretstream_xchacha20poly1305_KEYBYTES]);
-
-SODIUM_EXPORT
-int crypto_secretstream_xchacha20poly1305_pull
- (crypto_secretstream_xchacha20poly1305_state *state,
- unsigned char *m, unsigned long long *mlen_p, unsigned char *tag_p,
- const unsigned char *c, unsigned long long clen,
- const unsigned char *ad, unsigned long long adlen);
-
-SODIUM_EXPORT
-void crypto_secretstream_xchacha20poly1305_rekey
- (crypto_secretstream_xchacha20poly1305_state *state);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
+#ifndef crypto_secretstream_xchacha20poly1305_H
+#define crypto_secretstream_xchacha20poly1305_H
+
+#include <stddef.h>
+
+#include "crypto_aead_xchacha20poly1305.h"
+#include "crypto_stream_chacha20.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+# pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_secretstream_xchacha20poly1305_ABYTES \
+ (1U + crypto_aead_xchacha20poly1305_ietf_ABYTES)
+SODIUM_EXPORT
+size_t crypto_secretstream_xchacha20poly1305_abytes(void);
+
+#define crypto_secretstream_xchacha20poly1305_HEADERBYTES \
+ crypto_aead_xchacha20poly1305_ietf_NPUBBYTES
+SODIUM_EXPORT
+size_t crypto_secretstream_xchacha20poly1305_headerbytes(void);
+
+#define crypto_secretstream_xchacha20poly1305_KEYBYTES \
+ crypto_aead_xchacha20poly1305_ietf_KEYBYTES
+SODIUM_EXPORT
+size_t crypto_secretstream_xchacha20poly1305_keybytes(void);
+
+#define crypto_secretstream_xchacha20poly1305_MESSAGEBYTES_MAX \
+ SODIUM_MIN(SODIUM_SIZE_MAX - crypto_secretstream_xchacha20poly1305_ABYTES, \
+ (64ULL * ((1ULL << 32) - 2ULL)))
+SODIUM_EXPORT
+size_t crypto_secretstream_xchacha20poly1305_messagebytes_max(void);
+
+#define crypto_secretstream_xchacha20poly1305_TAG_MESSAGE 0x00
+SODIUM_EXPORT
+unsigned char crypto_secretstream_xchacha20poly1305_tag_message(void);
+
+#define crypto_secretstream_xchacha20poly1305_TAG_PUSH 0x01
+SODIUM_EXPORT
+unsigned char crypto_secretstream_xchacha20poly1305_tag_push(void);
+
+#define crypto_secretstream_xchacha20poly1305_TAG_REKEY 0x02
+SODIUM_EXPORT
+unsigned char crypto_secretstream_xchacha20poly1305_tag_rekey(void);
+
+#define crypto_secretstream_xchacha20poly1305_TAG_FINAL \
+ (crypto_secretstream_xchacha20poly1305_TAG_PUSH | \
+ crypto_secretstream_xchacha20poly1305_TAG_REKEY)
+SODIUM_EXPORT
+unsigned char crypto_secretstream_xchacha20poly1305_tag_final(void);
+
+typedef struct crypto_secretstream_xchacha20poly1305_state {
+ unsigned char k[crypto_stream_chacha20_ietf_KEYBYTES];
+ unsigned char nonce[crypto_stream_chacha20_ietf_NONCEBYTES];
+ unsigned char _pad[8];
+} crypto_secretstream_xchacha20poly1305_state;
+
+SODIUM_EXPORT
+size_t crypto_secretstream_xchacha20poly1305_statebytes(void);
+
+SODIUM_EXPORT
+void crypto_secretstream_xchacha20poly1305_keygen
+ (unsigned char k[crypto_secretstream_xchacha20poly1305_KEYBYTES])
+ __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_secretstream_xchacha20poly1305_init_push
+ (crypto_secretstream_xchacha20poly1305_state *state,
+ unsigned char header[crypto_secretstream_xchacha20poly1305_HEADERBYTES],
+ const unsigned char k[crypto_secretstream_xchacha20poly1305_KEYBYTES])
+ __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_secretstream_xchacha20poly1305_push
+ (crypto_secretstream_xchacha20poly1305_state *state,
+ unsigned char *c, unsigned long long *clen_p,
+ const unsigned char *m, unsigned long long mlen,
+ const unsigned char *ad, unsigned long long adlen, unsigned char tag)
+ __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+int crypto_secretstream_xchacha20poly1305_init_pull
+ (crypto_secretstream_xchacha20poly1305_state *state,
+ const unsigned char header[crypto_secretstream_xchacha20poly1305_HEADERBYTES],
+ const unsigned char k[crypto_secretstream_xchacha20poly1305_KEYBYTES])
+ __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_secretstream_xchacha20poly1305_pull
+ (crypto_secretstream_xchacha20poly1305_state *state,
+ unsigned char *m, unsigned long long *mlen_p, unsigned char *tag_p,
+ const unsigned char *c, unsigned long long clen,
+ const unsigned char *ad, unsigned long long adlen)
+ __attribute__ ((nonnull(1)));
+
+SODIUM_EXPORT
+void crypto_secretstream_xchacha20poly1305_rekey
+ (crypto_secretstream_xchacha20poly1305_state *state);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/libs/libsodium/src/include/sodium/crypto_shorthash.h b/libs/libsodium/src/include/sodium/crypto_shorthash.h
index a498808247..a55d98f170 100644
--- a/libs/libsodium/src/include/sodium/crypto_shorthash.h
+++ b/libs/libsodium/src/include/sodium/crypto_shorthash.h
@@ -1,39 +1,41 @@
-#ifndef crypto_shorthash_H
-#define crypto_shorthash_H
-
-#include <stddef.h>
-
-#include "crypto_shorthash_siphash24.h"
-#include "export.h"
-
-#ifdef __cplusplus
-# ifdef __GNUC__
-# pragma GCC diagnostic ignored "-Wlong-long"
-# endif
-extern "C" {
-#endif
-
-#define crypto_shorthash_BYTES crypto_shorthash_siphash24_BYTES
-SODIUM_EXPORT
-size_t crypto_shorthash_bytes(void);
-
-#define crypto_shorthash_KEYBYTES crypto_shorthash_siphash24_KEYBYTES
-SODIUM_EXPORT
-size_t crypto_shorthash_keybytes(void);
-
-#define crypto_shorthash_PRIMITIVE "siphash24"
-SODIUM_EXPORT
-const char *crypto_shorthash_primitive(void);
-
-SODIUM_EXPORT
-int crypto_shorthash(unsigned char *out, const unsigned char *in,
- unsigned long long inlen, const unsigned char *k);
-
-SODIUM_EXPORT
-void crypto_shorthash_keygen(unsigned char k[crypto_shorthash_KEYBYTES]);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
+#ifndef crypto_shorthash_H
+#define crypto_shorthash_H
+
+#include <stddef.h>
+
+#include "crypto_shorthash_siphash24.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+# pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_shorthash_BYTES crypto_shorthash_siphash24_BYTES
+SODIUM_EXPORT
+size_t crypto_shorthash_bytes(void);
+
+#define crypto_shorthash_KEYBYTES crypto_shorthash_siphash24_KEYBYTES
+SODIUM_EXPORT
+size_t crypto_shorthash_keybytes(void);
+
+#define crypto_shorthash_PRIMITIVE "siphash24"
+SODIUM_EXPORT
+const char *crypto_shorthash_primitive(void);
+
+SODIUM_EXPORT
+int crypto_shorthash(unsigned char *out, const unsigned char *in,
+ unsigned long long inlen, const unsigned char *k)
+ __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_shorthash_keygen(unsigned char k[crypto_shorthash_KEYBYTES])
+ __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/libs/libsodium/src/include/sodium/crypto_shorthash_siphash24.h b/libs/libsodium/src/include/sodium/crypto_shorthash_siphash24.h
index 745ed48fae..0b4efd5156 100644
--- a/libs/libsodium/src/include/sodium/crypto_shorthash_siphash24.h
+++ b/libs/libsodium/src/include/sodium/crypto_shorthash_siphash24.h
@@ -1,48 +1,50 @@
-#ifndef crypto_shorthash_siphash24_H
-#define crypto_shorthash_siphash24_H
-
-#include <stddef.h>
-#include "export.h"
-
-#ifdef __cplusplus
-# ifdef __GNUC__
-# pragma GCC diagnostic ignored "-Wlong-long"
-# endif
-extern "C" {
-#endif
-
-/* -- 64-bit output -- */
-
-#define crypto_shorthash_siphash24_BYTES 8U
-SODIUM_EXPORT
-size_t crypto_shorthash_siphash24_bytes(void);
-
-#define crypto_shorthash_siphash24_KEYBYTES 16U
-SODIUM_EXPORT
-size_t crypto_shorthash_siphash24_keybytes(void);
-
-SODIUM_EXPORT
-int crypto_shorthash_siphash24(unsigned char *out, const unsigned char *in,
- unsigned long long inlen, const unsigned char *k);
-
-#ifndef SODIUM_LIBRARY_MINIMAL
-/* -- 128-bit output -- */
-
-#define crypto_shorthash_siphashx24_BYTES 16U
-SODIUM_EXPORT
-size_t crypto_shorthash_siphashx24_bytes(void);
-
-#define crypto_shorthash_siphashx24_KEYBYTES 16U
-SODIUM_EXPORT
-size_t crypto_shorthash_siphashx24_keybytes(void);
-
-SODIUM_EXPORT
-int crypto_shorthash_siphashx24(unsigned char *out, const unsigned char *in,
- unsigned long long inlen, const unsigned char *k);
-#endif
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
+#ifndef crypto_shorthash_siphash24_H
+#define crypto_shorthash_siphash24_H
+
+#include <stddef.h>
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+# pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+/* -- 64-bit output -- */
+
+#define crypto_shorthash_siphash24_BYTES 8U
+SODIUM_EXPORT
+size_t crypto_shorthash_siphash24_bytes(void);
+
+#define crypto_shorthash_siphash24_KEYBYTES 16U
+SODIUM_EXPORT
+size_t crypto_shorthash_siphash24_keybytes(void);
+
+SODIUM_EXPORT
+int crypto_shorthash_siphash24(unsigned char *out, const unsigned char *in,
+ unsigned long long inlen, const unsigned char *k)
+ __attribute__ ((nonnull));
+
+#ifndef SODIUM_LIBRARY_MINIMAL
+/* -- 128-bit output -- */
+
+#define crypto_shorthash_siphashx24_BYTES 16U
+SODIUM_EXPORT
+size_t crypto_shorthash_siphashx24_bytes(void);
+
+#define crypto_shorthash_siphashx24_KEYBYTES 16U
+SODIUM_EXPORT
+size_t crypto_shorthash_siphashx24_keybytes(void);
+
+SODIUM_EXPORT
+int crypto_shorthash_siphashx24(unsigned char *out, const unsigned char *in,
+ unsigned long long inlen, const unsigned char *k)
+ __attribute__ ((nonnull));
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/libs/libsodium/src/include/sodium/crypto_sign.h b/libs/libsodium/src/include/sodium/crypto_sign.h
index 85aff0c9db..7b2febbcb5 100644
--- a/libs/libsodium/src/include/sodium/crypto_sign.h
+++ b/libs/libsodium/src/include/sodium/crypto_sign.h
@@ -1,103 +1,107 @@
-#ifndef crypto_sign_H
-#define crypto_sign_H
-
-/*
- * THREAD SAFETY: crypto_sign_keypair() is thread-safe,
- * provided that sodium_init() was called before.
- *
- * Other functions, including crypto_sign_seed_keypair() are always thread-safe.
- */
-
-#include <stddef.h>
-
-#include "crypto_sign_ed25519.h"
-#include "export.h"
-
-#ifdef __cplusplus
-# ifdef __GNUC__
-# pragma GCC diagnostic ignored "-Wlong-long"
-# endif
-extern "C" {
-#endif
-
-typedef crypto_sign_ed25519ph_state crypto_sign_state;
-
-SODIUM_EXPORT
-size_t crypto_sign_statebytes(void);
-
-#define crypto_sign_BYTES crypto_sign_ed25519_BYTES
-SODIUM_EXPORT
-size_t crypto_sign_bytes(void);
-
-#define crypto_sign_SEEDBYTES crypto_sign_ed25519_SEEDBYTES
-SODIUM_EXPORT
-size_t crypto_sign_seedbytes(void);
-
-#define crypto_sign_PUBLICKEYBYTES crypto_sign_ed25519_PUBLICKEYBYTES
-SODIUM_EXPORT
-size_t crypto_sign_publickeybytes(void);
-
-#define crypto_sign_SECRETKEYBYTES crypto_sign_ed25519_SECRETKEYBYTES
-SODIUM_EXPORT
-size_t crypto_sign_secretkeybytes(void);
-
-#define crypto_sign_MESSAGEBYTES_MAX crypto_sign_ed25519_MESSAGEBYTES_MAX
-SODIUM_EXPORT
-size_t crypto_sign_messagebytes_max(void);
-
-#define crypto_sign_PRIMITIVE "ed25519"
-SODIUM_EXPORT
-const char *crypto_sign_primitive(void);
-
-SODIUM_EXPORT
-int crypto_sign_seed_keypair(unsigned char *pk, unsigned char *sk,
- const unsigned char *seed);
-
-SODIUM_EXPORT
-int crypto_sign_keypair(unsigned char *pk, unsigned char *sk);
-
-SODIUM_EXPORT
-int crypto_sign(unsigned char *sm, unsigned long long *smlen_p,
- const unsigned char *m, unsigned long long mlen,
- const unsigned char *sk);
-
-SODIUM_EXPORT
-int crypto_sign_open(unsigned char *m, unsigned long long *mlen_p,
- const unsigned char *sm, unsigned long long smlen,
- const unsigned char *pk)
- __attribute__ ((warn_unused_result));
-
-SODIUM_EXPORT
-int crypto_sign_detached(unsigned char *sig, unsigned long long *siglen_p,
- const unsigned char *m, unsigned long long mlen,
- const unsigned char *sk);
-
-SODIUM_EXPORT
-int crypto_sign_verify_detached(const unsigned char *sig,
- const unsigned char *m,
- unsigned long long mlen,
- const unsigned char *pk)
- __attribute__ ((warn_unused_result));
-
-SODIUM_EXPORT
-int crypto_sign_init(crypto_sign_state *state);
-
-SODIUM_EXPORT
-int crypto_sign_update(crypto_sign_state *state,
- const unsigned char *m, unsigned long long mlen);
-
-SODIUM_EXPORT
-int crypto_sign_final_create(crypto_sign_state *state, unsigned char *sig,
- unsigned long long *siglen_p,
- const unsigned char *sk);
-
-SODIUM_EXPORT
-int crypto_sign_final_verify(crypto_sign_state *state, unsigned char *sig,
- const unsigned char *pk)
- __attribute__ ((warn_unused_result));
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
+#ifndef crypto_sign_H
+#define crypto_sign_H
+
+/*
+ * THREAD SAFETY: crypto_sign_keypair() is thread-safe,
+ * provided that sodium_init() was called before.
+ *
+ * Other functions, including crypto_sign_seed_keypair() are always thread-safe.
+ */
+
+#include <stddef.h>
+
+#include "crypto_sign_ed25519.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+# pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+typedef crypto_sign_ed25519ph_state crypto_sign_state;
+
+SODIUM_EXPORT
+size_t crypto_sign_statebytes(void);
+
+#define crypto_sign_BYTES crypto_sign_ed25519_BYTES
+SODIUM_EXPORT
+size_t crypto_sign_bytes(void);
+
+#define crypto_sign_SEEDBYTES crypto_sign_ed25519_SEEDBYTES
+SODIUM_EXPORT
+size_t crypto_sign_seedbytes(void);
+
+#define crypto_sign_PUBLICKEYBYTES crypto_sign_ed25519_PUBLICKEYBYTES
+SODIUM_EXPORT
+size_t crypto_sign_publickeybytes(void);
+
+#define crypto_sign_SECRETKEYBYTES crypto_sign_ed25519_SECRETKEYBYTES
+SODIUM_EXPORT
+size_t crypto_sign_secretkeybytes(void);
+
+#define crypto_sign_MESSAGEBYTES_MAX crypto_sign_ed25519_MESSAGEBYTES_MAX
+SODIUM_EXPORT
+size_t crypto_sign_messagebytes_max(void);
+
+#define crypto_sign_PRIMITIVE "ed25519"
+SODIUM_EXPORT
+const char *crypto_sign_primitive(void);
+
+SODIUM_EXPORT
+int crypto_sign_seed_keypair(unsigned char *pk, unsigned char *sk,
+ const unsigned char *seed)
+ __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_sign_keypair(unsigned char *pk, unsigned char *sk)
+ __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_sign(unsigned char *sm, unsigned long long *smlen_p,
+ const unsigned char *m, unsigned long long mlen,
+ const unsigned char *sk) __attribute__ ((nonnull(1, 3, 5)));
+
+SODIUM_EXPORT
+int crypto_sign_open(unsigned char *m, unsigned long long *mlen_p,
+ const unsigned char *sm, unsigned long long smlen,
+ const unsigned char *pk)
+ __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 5)));
+
+SODIUM_EXPORT
+int crypto_sign_detached(unsigned char *sig, unsigned long long *siglen_p,
+ const unsigned char *m, unsigned long long mlen,
+ const unsigned char *sk) __attribute__ ((nonnull(1, 3, 5)));
+
+SODIUM_EXPORT
+int crypto_sign_verify_detached(const unsigned char *sig,
+ const unsigned char *m,
+ unsigned long long mlen,
+ const unsigned char *pk)
+ __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_sign_init(crypto_sign_state *state);
+
+SODIUM_EXPORT
+int crypto_sign_update(crypto_sign_state *state,
+ const unsigned char *m, unsigned long long mlen)
+ __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_sign_final_create(crypto_sign_state *state, unsigned char *sig,
+ unsigned long long *siglen_p,
+ const unsigned char *sk)
+ __attribute__ ((nonnull(1, 2, 4)));
+
+SODIUM_EXPORT
+int crypto_sign_final_verify(crypto_sign_state *state, const unsigned char *sig,
+ const unsigned char *pk)
+ __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/libs/libsodium/src/include/sodium/crypto_sign_ed25519.h b/libs/libsodium/src/include/sodium/crypto_sign_ed25519.h
index 38d2b9dd63..c2024da017 100644
--- a/libs/libsodium/src/include/sodium/crypto_sign_ed25519.h
+++ b/libs/libsodium/src/include/sodium/crypto_sign_ed25519.h
@@ -1,114 +1,124 @@
-#ifndef crypto_sign_ed25519_H
-#define crypto_sign_ed25519_H
-
-#include <stddef.h>
-#include "crypto_hash_sha512.h"
-#include "export.h"
-
-#ifdef __cplusplus
-# ifdef __GNUC__
-# pragma GCC diagnostic ignored "-Wlong-long"
-# endif
-extern "C" {
-#endif
-
-typedef struct crypto_sign_ed25519ph_state {
- crypto_hash_sha512_state hs;
-} crypto_sign_ed25519ph_state;
-
-SODIUM_EXPORT
-size_t crypto_sign_ed25519ph_statebytes(void);
-
-#define crypto_sign_ed25519_BYTES 64U
-SODIUM_EXPORT
-size_t crypto_sign_ed25519_bytes(void);
-
-#define crypto_sign_ed25519_SEEDBYTES 32U
-SODIUM_EXPORT
-size_t crypto_sign_ed25519_seedbytes(void);
-
-#define crypto_sign_ed25519_PUBLICKEYBYTES 32U
-SODIUM_EXPORT
-size_t crypto_sign_ed25519_publickeybytes(void);
-
-#define crypto_sign_ed25519_SECRETKEYBYTES (32U + 32U)
-SODIUM_EXPORT
-size_t crypto_sign_ed25519_secretkeybytes(void);
-
-#define crypto_sign_ed25519_MESSAGEBYTES_MAX (SODIUM_SIZE_MAX - crypto_sign_ed25519_BYTES)
-SODIUM_EXPORT
-size_t crypto_sign_ed25519_messagebytes_max(void);
-
-SODIUM_EXPORT
-int crypto_sign_ed25519(unsigned char *sm, unsigned long long *smlen_p,
- const unsigned char *m, unsigned long long mlen,
- const unsigned char *sk);
-
-SODIUM_EXPORT
-int crypto_sign_ed25519_open(unsigned char *m, unsigned long long *mlen_p,
- const unsigned char *sm, unsigned long long smlen,
- const unsigned char *pk)
- __attribute__ ((warn_unused_result));
-
-SODIUM_EXPORT
-int crypto_sign_ed25519_detached(unsigned char *sig,
- unsigned long long *siglen_p,
- const unsigned char *m,
- unsigned long long mlen,
- const unsigned char *sk);
-
-SODIUM_EXPORT
-int crypto_sign_ed25519_verify_detached(const unsigned char *sig,
- const unsigned char *m,
- unsigned long long mlen,
- const unsigned char *pk)
- __attribute__ ((warn_unused_result));
-
-SODIUM_EXPORT
-int crypto_sign_ed25519_keypair(unsigned char *pk, unsigned char *sk);
-
-SODIUM_EXPORT
-int crypto_sign_ed25519_seed_keypair(unsigned char *pk, unsigned char *sk,
- const unsigned char *seed);
-
-SODIUM_EXPORT
-int crypto_sign_ed25519_pk_to_curve25519(unsigned char *curve25519_pk,
- const unsigned char *ed25519_pk)
- __attribute__ ((warn_unused_result));
-
-SODIUM_EXPORT
-int crypto_sign_ed25519_sk_to_curve25519(unsigned char *curve25519_sk,
- const unsigned char *ed25519_sk);
-
-SODIUM_EXPORT
-int crypto_sign_ed25519_sk_to_seed(unsigned char *seed,
- const unsigned char *sk);
-
-SODIUM_EXPORT
-int crypto_sign_ed25519_sk_to_pk(unsigned char *pk, const unsigned char *sk);
-
-SODIUM_EXPORT
-int crypto_sign_ed25519ph_init(crypto_sign_ed25519ph_state *state);
-
-SODIUM_EXPORT
-int crypto_sign_ed25519ph_update(crypto_sign_ed25519ph_state *state,
- const unsigned char *m,
- unsigned long long mlen);
-
-SODIUM_EXPORT
-int crypto_sign_ed25519ph_final_create(crypto_sign_ed25519ph_state *state,
- unsigned char *sig,
- unsigned long long *siglen_p,
- const unsigned char *sk);
-
-SODIUM_EXPORT
-int crypto_sign_ed25519ph_final_verify(crypto_sign_ed25519ph_state *state,
- unsigned char *sig,
- const unsigned char *pk)
- __attribute__ ((warn_unused_result));
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
+#ifndef crypto_sign_ed25519_H
+#define crypto_sign_ed25519_H
+
+#include <stddef.h>
+#include "crypto_hash_sha512.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+# pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+typedef struct crypto_sign_ed25519ph_state {
+ crypto_hash_sha512_state hs;
+} crypto_sign_ed25519ph_state;
+
+SODIUM_EXPORT
+size_t crypto_sign_ed25519ph_statebytes(void);
+
+#define crypto_sign_ed25519_BYTES 64U
+SODIUM_EXPORT
+size_t crypto_sign_ed25519_bytes(void);
+
+#define crypto_sign_ed25519_SEEDBYTES 32U
+SODIUM_EXPORT
+size_t crypto_sign_ed25519_seedbytes(void);
+
+#define crypto_sign_ed25519_PUBLICKEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_sign_ed25519_publickeybytes(void);
+
+#define crypto_sign_ed25519_SECRETKEYBYTES (32U + 32U)
+SODIUM_EXPORT
+size_t crypto_sign_ed25519_secretkeybytes(void);
+
+#define crypto_sign_ed25519_MESSAGEBYTES_MAX (SODIUM_SIZE_MAX - crypto_sign_ed25519_BYTES)
+SODIUM_EXPORT
+size_t crypto_sign_ed25519_messagebytes_max(void);
+
+SODIUM_EXPORT
+int crypto_sign_ed25519(unsigned char *sm, unsigned long long *smlen_p,
+ const unsigned char *m, unsigned long long mlen,
+ const unsigned char *sk)
+ __attribute__ ((nonnull(1, 3, 5)));
+
+SODIUM_EXPORT
+int crypto_sign_ed25519_open(unsigned char *m, unsigned long long *mlen_p,
+ const unsigned char *sm, unsigned long long smlen,
+ const unsigned char *pk)
+ __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 5)));
+
+SODIUM_EXPORT
+int crypto_sign_ed25519_detached(unsigned char *sig,
+ unsigned long long *siglen_p,
+ const unsigned char *m,
+ unsigned long long mlen,
+ const unsigned char *sk)
+ __attribute__ ((nonnull(1, 3)));
+
+SODIUM_EXPORT
+int crypto_sign_ed25519_verify_detached(const unsigned char *sig,
+ const unsigned char *m,
+ unsigned long long mlen,
+ const unsigned char *pk)
+ __attribute__ ((warn_unused_result));
+
+SODIUM_EXPORT
+int crypto_sign_ed25519_keypair(unsigned char *pk, unsigned char *sk)
+ __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_sign_ed25519_seed_keypair(unsigned char *pk, unsigned char *sk,
+ const unsigned char *seed)
+ __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_sign_ed25519_pk_to_curve25519(unsigned char *curve25519_pk,
+ const unsigned char *ed25519_pk)
+ __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_sign_ed25519_sk_to_curve25519(unsigned char *curve25519_sk,
+ const unsigned char *ed25519_sk)
+ __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_sign_ed25519_sk_to_seed(unsigned char *seed,
+ const unsigned char *sk)
+ __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_sign_ed25519_sk_to_pk(unsigned char *pk, const unsigned char *sk)
+ __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_sign_ed25519ph_init(crypto_sign_ed25519ph_state *state)
+ __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_sign_ed25519ph_update(crypto_sign_ed25519ph_state *state,
+ const unsigned char *m,
+ unsigned long long mlen)
+ __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_sign_ed25519ph_final_create(crypto_sign_ed25519ph_state *state,
+ unsigned char *sig,
+ unsigned long long *siglen_p,
+ const unsigned char *sk)
+ __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_sign_ed25519ph_final_verify(crypto_sign_ed25519ph_state *state,
+ const unsigned char *sig,
+ const unsigned char *pk)
+ __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/libs/libsodium/src/include/sodium/crypto_sign_edwards25519sha512batch.h b/libs/libsodium/src/include/sodium/crypto_sign_edwards25519sha512batch.h
index 4bb9192470..208de4016c 100644
--- a/libs/libsodium/src/include/sodium/crypto_sign_edwards25519sha512batch.h
+++ b/libs/libsodium/src/include/sodium/crypto_sign_edwards25519sha512batch.h
@@ -1,55 +1,55 @@
-#ifndef crypto_sign_edwards25519sha512batch_H
-#define crypto_sign_edwards25519sha512batch_H
-
-/*
- * WARNING: This construction was a prototype, which should not be used
- * any more in new projects.
- *
- * crypto_sign_edwards25519sha512batch is provided for applications
- * initially built with NaCl, but as recommended by the author of this
- * construction, new applications should use ed25519 instead.
- *
- * In Sodium, you should use the high-level crypto_sign_*() functions instead.
- */
-
-#include <stddef.h>
-#include "export.h"
-
-#ifdef __cplusplus
-# ifdef __GNUC__
-# pragma GCC diagnostic ignored "-Wlong-long"
-# endif
-extern "C" {
-#endif
-
-#define crypto_sign_edwards25519sha512batch_BYTES 64U
-#define crypto_sign_edwards25519sha512batch_PUBLICKEYBYTES 32U
-#define crypto_sign_edwards25519sha512batch_SECRETKEYBYTES (32U + 32U)
-#define crypto_sign_edwards25519sha512batch_MESSAGEBYTES_MAX (SODIUM_SIZE_MAX - crypto_sign_edwards25519sha512batch_BYTES)
-
-SODIUM_EXPORT
-int crypto_sign_edwards25519sha512batch(unsigned char *sm,
- unsigned long long *smlen_p,
- const unsigned char *m,
- unsigned long long mlen,
- const unsigned char *sk)
- __attribute__ ((deprecated));
-
-SODIUM_EXPORT
-int crypto_sign_edwards25519sha512batch_open(unsigned char *m,
- unsigned long long *mlen_p,
- const unsigned char *sm,
- unsigned long long smlen,
- const unsigned char *pk)
- __attribute__ ((deprecated));
-
-SODIUM_EXPORT
-int crypto_sign_edwards25519sha512batch_keypair(unsigned char *pk,
- unsigned char *sk)
- __attribute__ ((deprecated));
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
+#ifndef crypto_sign_edwards25519sha512batch_H
+#define crypto_sign_edwards25519sha512batch_H
+
+/*
+ * WARNING: This construction was a prototype, which should not be used
+ * any more in new projects.
+ *
+ * crypto_sign_edwards25519sha512batch is provided for applications
+ * initially built with NaCl, but as recommended by the author of this
+ * construction, new applications should use ed25519 instead.
+ *
+ * In Sodium, you should use the high-level crypto_sign_*() functions instead.
+ */
+
+#include <stddef.h>
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+# pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_sign_edwards25519sha512batch_BYTES 64U
+#define crypto_sign_edwards25519sha512batch_PUBLICKEYBYTES 32U
+#define crypto_sign_edwards25519sha512batch_SECRETKEYBYTES (32U + 32U)
+#define crypto_sign_edwards25519sha512batch_MESSAGEBYTES_MAX (SODIUM_SIZE_MAX - crypto_sign_edwards25519sha512batch_BYTES)
+
+SODIUM_EXPORT
+int crypto_sign_edwards25519sha512batch(unsigned char *sm,
+ unsigned long long *smlen_p,
+ const unsigned char *m,
+ unsigned long long mlen,
+ const unsigned char *sk)
+ __attribute__ ((deprecated)) __attribute__ ((nonnull(1, 3, 5)));
+
+SODIUM_EXPORT
+int crypto_sign_edwards25519sha512batch_open(unsigned char *m,
+ unsigned long long *mlen_p,
+ const unsigned char *sm,
+ unsigned long long smlen,
+ const unsigned char *pk)
+ __attribute__ ((deprecated)) __attribute__ ((nonnull(3, 5)));
+
+SODIUM_EXPORT
+int crypto_sign_edwards25519sha512batch_keypair(unsigned char *pk,
+ unsigned char *sk)
+ __attribute__ ((deprecated)) __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/libs/libsodium/src/include/sodium/crypto_stream.h b/libs/libsodium/src/include/sodium/crypto_stream.h
index d288f0b6dd..778a0be68c 100644
--- a/libs/libsodium/src/include/sodium/crypto_stream.h
+++ b/libs/libsodium/src/include/sodium/crypto_stream.h
@@ -1,56 +1,59 @@
-#ifndef crypto_stream_H
-#define crypto_stream_H
-
-/*
- * WARNING: This is just a stream cipher. It is NOT authenticated encryption.
- * While it provides some protection against eavesdropping, it does NOT
- * provide any security against active attacks.
- * Unless you know what you're doing, what you are looking for is probably
- * the crypto_box functions.
- */
-
-#include <stddef.h>
-
-#include "crypto_stream_xsalsa20.h"
-#include "export.h"
-
-#ifdef __cplusplus
-# ifdef __GNUC__
-# pragma GCC diagnostic ignored "-Wlong-long"
-# endif
-extern "C" {
-#endif
-
-#define crypto_stream_KEYBYTES crypto_stream_xsalsa20_KEYBYTES
-SODIUM_EXPORT
-size_t crypto_stream_keybytes(void);
-
-#define crypto_stream_NONCEBYTES crypto_stream_xsalsa20_NONCEBYTES
-SODIUM_EXPORT
-size_t crypto_stream_noncebytes(void);
-
-#define crypto_stream_MESSAGEBYTES_MAX crypto_stream_xsalsa20_MESSAGEBYTES_MAX
-SODIUM_EXPORT
-size_t crypto_stream_messagebytes_max(void);
-
-#define crypto_stream_PRIMITIVE "xsalsa20"
-SODIUM_EXPORT
-const char *crypto_stream_primitive(void);
-
-SODIUM_EXPORT
-int crypto_stream(unsigned char *c, unsigned long long clen,
- const unsigned char *n, const unsigned char *k);
-
-SODIUM_EXPORT
-int crypto_stream_xor(unsigned char *c, const unsigned char *m,
- unsigned long long mlen, const unsigned char *n,
- const unsigned char *k);
-
-SODIUM_EXPORT
-void crypto_stream_keygen(unsigned char k[crypto_stream_KEYBYTES]);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
+#ifndef crypto_stream_H
+#define crypto_stream_H
+
+/*
+ * WARNING: This is just a stream cipher. It is NOT authenticated encryption.
+ * While it provides some protection against eavesdropping, it does NOT
+ * provide any security against active attacks.
+ * Unless you know what you're doing, what you are looking for is probably
+ * the crypto_box functions.
+ */
+
+#include <stddef.h>
+
+#include "crypto_stream_xsalsa20.h"
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+# pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_stream_KEYBYTES crypto_stream_xsalsa20_KEYBYTES
+SODIUM_EXPORT
+size_t crypto_stream_keybytes(void);
+
+#define crypto_stream_NONCEBYTES crypto_stream_xsalsa20_NONCEBYTES
+SODIUM_EXPORT
+size_t crypto_stream_noncebytes(void);
+
+#define crypto_stream_MESSAGEBYTES_MAX crypto_stream_xsalsa20_MESSAGEBYTES_MAX
+SODIUM_EXPORT
+size_t crypto_stream_messagebytes_max(void);
+
+#define crypto_stream_PRIMITIVE "xsalsa20"
+SODIUM_EXPORT
+const char *crypto_stream_primitive(void);
+
+SODIUM_EXPORT
+int crypto_stream(unsigned char *c, unsigned long long clen,
+ const unsigned char *n, const unsigned char *k)
+ __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_stream_xor(unsigned char *c, const unsigned char *m,
+ unsigned long long mlen, const unsigned char *n,
+ const unsigned char *k)
+ __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_stream_keygen(unsigned char k[crypto_stream_KEYBYTES])
+ __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/libs/libsodium/src/include/sodium/crypto_stream_chacha20.h b/libs/libsodium/src/include/sodium/crypto_stream_chacha20.h
index d3e2b234ef..610f24d6b9 100644
--- a/libs/libsodium/src/include/sodium/crypto_stream_chacha20.h
+++ b/libs/libsodium/src/include/sodium/crypto_stream_chacha20.h
@@ -1,98 +1,106 @@
-#ifndef crypto_stream_chacha20_H
-#define crypto_stream_chacha20_H
-
-/*
- * WARNING: This is just a stream cipher. It is NOT authenticated encryption.
- * While it provides some protection against eavesdropping, it does NOT
- * provide any security against active attacks.
- * Unless you know what you're doing, what you are looking for is probably
- * the crypto_box functions.
- */
-
-#include <stddef.h>
-#include <stdint.h>
-#include "export.h"
-
-#ifdef __cplusplus
-# ifdef __GNUC__
-# pragma GCC diagnostic ignored "-Wlong-long"
-# endif
-extern "C" {
-#endif
-
-#define crypto_stream_chacha20_KEYBYTES 32U
-SODIUM_EXPORT
-size_t crypto_stream_chacha20_keybytes(void);
-
-#define crypto_stream_chacha20_NONCEBYTES 8U
-SODIUM_EXPORT
-size_t crypto_stream_chacha20_noncebytes(void);
-
-#define crypto_stream_chacha20_MESSAGEBYTES_MAX SODIUM_SIZE_MAX
-SODIUM_EXPORT
-size_t crypto_stream_chacha20_messagebytes_max(void);
-
-/* ChaCha20 with a 64-bit nonce and a 64-bit counter, as originally designed */
-
-SODIUM_EXPORT
-int crypto_stream_chacha20(unsigned char *c, unsigned long long clen,
- const unsigned char *n, const unsigned char *k);
-
-SODIUM_EXPORT
-int crypto_stream_chacha20_xor(unsigned char *c, const unsigned char *m,
- unsigned long long mlen, const unsigned char *n,
- const unsigned char *k);
-
-SODIUM_EXPORT
-int crypto_stream_chacha20_xor_ic(unsigned char *c, const unsigned char *m,
- unsigned long long mlen,
- const unsigned char *n, uint64_t ic,
- const unsigned char *k);
-
-SODIUM_EXPORT
-void crypto_stream_chacha20_keygen(unsigned char k[crypto_stream_chacha20_KEYBYTES]);
-
-/* ChaCha20 with a 96-bit nonce and a 32-bit counter (IETF) */
-
-#define crypto_stream_chacha20_ietf_KEYBYTES 32U
-SODIUM_EXPORT
-size_t crypto_stream_chacha20_ietf_keybytes(void);
-
-#define crypto_stream_chacha20_ietf_NONCEBYTES 12U
-SODIUM_EXPORT
-size_t crypto_stream_chacha20_ietf_noncebytes(void);
-
-#define crypto_stream_chacha20_ietf_MESSAGEBYTES_MAX \
- SODIUM_MIN(SODIUM_SIZE_MAX, 64ULL * (1ULL << 32))
-SODIUM_EXPORT
-size_t crypto_stream_chacha20_ietf_messagebytes_max(void);
-
-SODIUM_EXPORT
-int crypto_stream_chacha20_ietf(unsigned char *c, unsigned long long clen,
- const unsigned char *n, const unsigned char *k);
-
-SODIUM_EXPORT
-int crypto_stream_chacha20_ietf_xor(unsigned char *c, const unsigned char *m,
- unsigned long long mlen, const unsigned char *n,
- const unsigned char *k);
-
-SODIUM_EXPORT
-int crypto_stream_chacha20_ietf_xor_ic(unsigned char *c, const unsigned char *m,
- unsigned long long mlen,
- const unsigned char *n, uint32_t ic,
- const unsigned char *k);
-
-SODIUM_EXPORT
-void crypto_stream_chacha20_ietf_keygen(unsigned char k[crypto_stream_chacha20_ietf_KEYBYTES]);
-
-/* Aliases */
-
-#define crypto_stream_chacha20_IETF_KEYBYTES crypto_stream_chacha20_ietf_KEYBYTES
-#define crypto_stream_chacha20_IETF_NONCEBYTES crypto_stream_chacha20_ietf_NONCEBYTES
-#define crypto_stream_chacha20_IETF_MESSAGEBYTES_MAX crypto_stream_chacha20_ietf_MESSAGEBYTES_MAX
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
+#ifndef crypto_stream_chacha20_H
+#define crypto_stream_chacha20_H
+
+/*
+ * WARNING: This is just a stream cipher. It is NOT authenticated encryption.
+ * While it provides some protection against eavesdropping, it does NOT
+ * provide any security against active attacks.
+ * Unless you know what you're doing, what you are looking for is probably
+ * the crypto_box functions.
+ */
+
+#include <stddef.h>
+#include <stdint.h>
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+# pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_stream_chacha20_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_stream_chacha20_keybytes(void);
+
+#define crypto_stream_chacha20_NONCEBYTES 8U
+SODIUM_EXPORT
+size_t crypto_stream_chacha20_noncebytes(void);
+
+#define crypto_stream_chacha20_MESSAGEBYTES_MAX SODIUM_SIZE_MAX
+SODIUM_EXPORT
+size_t crypto_stream_chacha20_messagebytes_max(void);
+
+/* ChaCha20 with a 64-bit nonce and a 64-bit counter, as originally designed */
+
+SODIUM_EXPORT
+int crypto_stream_chacha20(unsigned char *c, unsigned long long clen,
+ const unsigned char *n, const unsigned char *k)
+ __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_stream_chacha20_xor(unsigned char *c, const unsigned char *m,
+ unsigned long long mlen, const unsigned char *n,
+ const unsigned char *k)
+ __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_stream_chacha20_xor_ic(unsigned char *c, const unsigned char *m,
+ unsigned long long mlen,
+ const unsigned char *n, uint64_t ic,
+ const unsigned char *k)
+ __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_stream_chacha20_keygen(unsigned char k[crypto_stream_chacha20_KEYBYTES])
+ __attribute__ ((nonnull));
+
+/* ChaCha20 with a 96-bit nonce and a 32-bit counter (IETF) */
+
+#define crypto_stream_chacha20_ietf_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_stream_chacha20_ietf_keybytes(void);
+
+#define crypto_stream_chacha20_ietf_NONCEBYTES 12U
+SODIUM_EXPORT
+size_t crypto_stream_chacha20_ietf_noncebytes(void);
+
+#define crypto_stream_chacha20_ietf_MESSAGEBYTES_MAX \
+ SODIUM_MIN(SODIUM_SIZE_MAX, 64ULL * (1ULL << 32))
+SODIUM_EXPORT
+size_t crypto_stream_chacha20_ietf_messagebytes_max(void);
+
+SODIUM_EXPORT
+int crypto_stream_chacha20_ietf(unsigned char *c, unsigned long long clen,
+ const unsigned char *n, const unsigned char *k)
+ __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_stream_chacha20_ietf_xor(unsigned char *c, const unsigned char *m,
+ unsigned long long mlen, const unsigned char *n,
+ const unsigned char *k)
+ __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_stream_chacha20_ietf_xor_ic(unsigned char *c, const unsigned char *m,
+ unsigned long long mlen,
+ const unsigned char *n, uint32_t ic,
+ const unsigned char *k)
+ __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_stream_chacha20_ietf_keygen(unsigned char k[crypto_stream_chacha20_ietf_KEYBYTES])
+ __attribute__ ((nonnull));
+
+/* Aliases */
+
+#define crypto_stream_chacha20_IETF_KEYBYTES crypto_stream_chacha20_ietf_KEYBYTES
+#define crypto_stream_chacha20_IETF_NONCEBYTES crypto_stream_chacha20_ietf_NONCEBYTES
+#define crypto_stream_chacha20_IETF_MESSAGEBYTES_MAX crypto_stream_chacha20_ietf_MESSAGEBYTES_MAX
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/libs/libsodium/src/include/sodium/crypto_stream_salsa20.h b/libs/libsodium/src/include/sodium/crypto_stream_salsa20.h
index 0c7688c736..f75a3e942a 100644
--- a/libs/libsodium/src/include/sodium/crypto_stream_salsa20.h
+++ b/libs/libsodium/src/include/sodium/crypto_stream_salsa20.h
@@ -1,57 +1,61 @@
-#ifndef crypto_stream_salsa20_H
-#define crypto_stream_salsa20_H
-
-/*
- * WARNING: This is just a stream cipher. It is NOT authenticated encryption.
- * While it provides some protection against eavesdropping, it does NOT
- * provide any security against active attacks.
- * Unless you know what you're doing, what you are looking for is probably
- * the crypto_box functions.
- */
-
-#include <stddef.h>
-#include <stdint.h>
-#include "export.h"
-
-#ifdef __cplusplus
-# ifdef __GNUC__
-# pragma GCC diagnostic ignored "-Wlong-long"
-# endif
-extern "C" {
-#endif
-
-#define crypto_stream_salsa20_KEYBYTES 32U
-SODIUM_EXPORT
-size_t crypto_stream_salsa20_keybytes(void);
-
-#define crypto_stream_salsa20_NONCEBYTES 8U
-SODIUM_EXPORT
-size_t crypto_stream_salsa20_noncebytes(void);
-
-#define crypto_stream_salsa20_MESSAGEBYTES_MAX SODIUM_SIZE_MAX
-SODIUM_EXPORT
-size_t crypto_stream_salsa20_messagebytes_max(void);
-
-SODIUM_EXPORT
-int crypto_stream_salsa20(unsigned char *c, unsigned long long clen,
- const unsigned char *n, const unsigned char *k);
-
-SODIUM_EXPORT
-int crypto_stream_salsa20_xor(unsigned char *c, const unsigned char *m,
- unsigned long long mlen, const unsigned char *n,
- const unsigned char *k);
-
-SODIUM_EXPORT
-int crypto_stream_salsa20_xor_ic(unsigned char *c, const unsigned char *m,
- unsigned long long mlen,
- const unsigned char *n, uint64_t ic,
- const unsigned char *k);
-
-SODIUM_EXPORT
-void crypto_stream_salsa20_keygen(unsigned char k[crypto_stream_salsa20_KEYBYTES]);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
+#ifndef crypto_stream_salsa20_H
+#define crypto_stream_salsa20_H
+
+/*
+ * WARNING: This is just a stream cipher. It is NOT authenticated encryption.
+ * While it provides some protection against eavesdropping, it does NOT
+ * provide any security against active attacks.
+ * Unless you know what you're doing, what you are looking for is probably
+ * the crypto_box functions.
+ */
+
+#include <stddef.h>
+#include <stdint.h>
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+# pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_stream_salsa20_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_stream_salsa20_keybytes(void);
+
+#define crypto_stream_salsa20_NONCEBYTES 8U
+SODIUM_EXPORT
+size_t crypto_stream_salsa20_noncebytes(void);
+
+#define crypto_stream_salsa20_MESSAGEBYTES_MAX SODIUM_SIZE_MAX
+SODIUM_EXPORT
+size_t crypto_stream_salsa20_messagebytes_max(void);
+
+SODIUM_EXPORT
+int crypto_stream_salsa20(unsigned char *c, unsigned long long clen,
+ const unsigned char *n, const unsigned char *k)
+ __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_stream_salsa20_xor(unsigned char *c, const unsigned char *m,
+ unsigned long long mlen, const unsigned char *n,
+ const unsigned char *k)
+ __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_stream_salsa20_xor_ic(unsigned char *c, const unsigned char *m,
+ unsigned long long mlen,
+ const unsigned char *n, uint64_t ic,
+ const unsigned char *k)
+ __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_stream_salsa20_keygen(unsigned char k[crypto_stream_salsa20_KEYBYTES])
+ __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/libs/libsodium/src/include/sodium/crypto_stream_salsa2012.h b/libs/libsodium/src/include/sodium/crypto_stream_salsa2012.h
index c93d1c81f8..d0f5fbcfa1 100644
--- a/libs/libsodium/src/include/sodium/crypto_stream_salsa2012.h
+++ b/libs/libsodium/src/include/sodium/crypto_stream_salsa2012.h
@@ -1,50 +1,53 @@
-#ifndef crypto_stream_salsa2012_H
-#define crypto_stream_salsa2012_H
-
-/*
- * WARNING: This is just a stream cipher. It is NOT authenticated encryption.
- * While it provides some protection against eavesdropping, it does NOT
- * provide any security against active attacks.
- * Unless you know what you're doing, what you are looking for is probably
- * the crypto_box functions.
- */
-
-#include <stddef.h>
-#include "export.h"
-
-#ifdef __cplusplus
-# ifdef __GNUC__
-# pragma GCC diagnostic ignored "-Wlong-long"
-# endif
-extern "C" {
-#endif
-
-#define crypto_stream_salsa2012_KEYBYTES 32U
-SODIUM_EXPORT
-size_t crypto_stream_salsa2012_keybytes(void);
-
-#define crypto_stream_salsa2012_NONCEBYTES 8U
-SODIUM_EXPORT
-size_t crypto_stream_salsa2012_noncebytes(void);
-
-#define crypto_stream_salsa2012_MESSAGEBYTES_MAX SODIUM_SIZE_MAX
-SODIUM_EXPORT
-size_t crypto_stream_salsa2012_messagebytes_max(void);
-
-SODIUM_EXPORT
-int crypto_stream_salsa2012(unsigned char *c, unsigned long long clen,
- const unsigned char *n, const unsigned char *k);
-
-SODIUM_EXPORT
-int crypto_stream_salsa2012_xor(unsigned char *c, const unsigned char *m,
- unsigned long long mlen, const unsigned char *n,
- const unsigned char *k);
-
-SODIUM_EXPORT
-void crypto_stream_salsa2012_keygen(unsigned char k[crypto_stream_salsa2012_KEYBYTES]);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
+#ifndef crypto_stream_salsa2012_H
+#define crypto_stream_salsa2012_H
+
+/*
+ * WARNING: This is just a stream cipher. It is NOT authenticated encryption.
+ * While it provides some protection against eavesdropping, it does NOT
+ * provide any security against active attacks.
+ * Unless you know what you're doing, what you are looking for is probably
+ * the crypto_box functions.
+ */
+
+#include <stddef.h>
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+# pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_stream_salsa2012_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_stream_salsa2012_keybytes(void);
+
+#define crypto_stream_salsa2012_NONCEBYTES 8U
+SODIUM_EXPORT
+size_t crypto_stream_salsa2012_noncebytes(void);
+
+#define crypto_stream_salsa2012_MESSAGEBYTES_MAX SODIUM_SIZE_MAX
+SODIUM_EXPORT
+size_t crypto_stream_salsa2012_messagebytes_max(void);
+
+SODIUM_EXPORT
+int crypto_stream_salsa2012(unsigned char *c, unsigned long long clen,
+ const unsigned char *n, const unsigned char *k)
+ __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_stream_salsa2012_xor(unsigned char *c, const unsigned char *m,
+ unsigned long long mlen, const unsigned char *n,
+ const unsigned char *k)
+ __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_stream_salsa2012_keygen(unsigned char k[crypto_stream_salsa2012_KEYBYTES])
+ __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/libs/libsodium/src/include/sodium/crypto_stream_salsa208.h b/libs/libsodium/src/include/sodium/crypto_stream_salsa208.h
index 653f6504bd..504010e0b3 100644
--- a/libs/libsodium/src/include/sodium/crypto_stream_salsa208.h
+++ b/libs/libsodium/src/include/sodium/crypto_stream_salsa208.h
@@ -1,56 +1,56 @@
-#ifndef crypto_stream_salsa208_H
-#define crypto_stream_salsa208_H
-
-/*
- * WARNING: This is just a stream cipher. It is NOT authenticated encryption.
- * While it provides some protection against eavesdropping, it does NOT
- * provide any security against active attacks.
- * Unless you know what you're doing, what you are looking for is probably
- * the crypto_box functions.
- */
-
-#include <stddef.h>
-#include "export.h"
-
-#ifdef __cplusplus
-# ifdef __GNUC__
-# pragma GCC diagnostic ignored "-Wlong-long"
-# endif
-extern "C" {
-#endif
-
-#define crypto_stream_salsa208_KEYBYTES 32U
-SODIUM_EXPORT
-size_t crypto_stream_salsa208_keybytes(void)
- __attribute__ ((deprecated));
-
-#define crypto_stream_salsa208_NONCEBYTES 8U
-SODIUM_EXPORT
-size_t crypto_stream_salsa208_noncebytes(void)
- __attribute__ ((deprecated));
-
-#define crypto_stream_salsa208_MESSAGEBYTES_MAX SODIUM_SIZE_MAX
- SODIUM_EXPORT
-size_t crypto_stream_salsa208_messagebytes_max(void)
- __attribute__ ((deprecated));
-
-SODIUM_EXPORT
-int crypto_stream_salsa208(unsigned char *c, unsigned long long clen,
- const unsigned char *n, const unsigned char *k)
- __attribute__ ((deprecated));
-
-SODIUM_EXPORT
-int crypto_stream_salsa208_xor(unsigned char *c, const unsigned char *m,
- unsigned long long mlen, const unsigned char *n,
- const unsigned char *k)
- __attribute__ ((deprecated));
-
-SODIUM_EXPORT
-void crypto_stream_salsa208_keygen(unsigned char k[crypto_stream_salsa208_KEYBYTES])
- __attribute__ ((deprecated));
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
+#ifndef crypto_stream_salsa208_H
+#define crypto_stream_salsa208_H
+
+/*
+ * WARNING: This is just a stream cipher. It is NOT authenticated encryption.
+ * While it provides some protection against eavesdropping, it does NOT
+ * provide any security against active attacks.
+ * Unless you know what you're doing, what you are looking for is probably
+ * the crypto_box functions.
+ */
+
+#include <stddef.h>
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+# pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_stream_salsa208_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_stream_salsa208_keybytes(void)
+ __attribute__ ((deprecated));
+
+#define crypto_stream_salsa208_NONCEBYTES 8U
+SODIUM_EXPORT
+size_t crypto_stream_salsa208_noncebytes(void)
+ __attribute__ ((deprecated));
+
+#define crypto_stream_salsa208_MESSAGEBYTES_MAX SODIUM_SIZE_MAX
+ SODIUM_EXPORT
+size_t crypto_stream_salsa208_messagebytes_max(void)
+ __attribute__ ((deprecated));
+
+SODIUM_EXPORT
+int crypto_stream_salsa208(unsigned char *c, unsigned long long clen,
+ const unsigned char *n, const unsigned char *k)
+ __attribute__ ((deprecated)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_stream_salsa208_xor(unsigned char *c, const unsigned char *m,
+ unsigned long long mlen, const unsigned char *n,
+ const unsigned char *k)
+ __attribute__ ((deprecated)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_stream_salsa208_keygen(unsigned char k[crypto_stream_salsa208_KEYBYTES])
+ __attribute__ ((deprecated)) __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/libs/libsodium/src/include/sodium/crypto_stream_xchacha20.h b/libs/libsodium/src/include/sodium/crypto_stream_xchacha20.h
index cf0407ffa7..9a8afb8bbb 100644
--- a/libs/libsodium/src/include/sodium/crypto_stream_xchacha20.h
+++ b/libs/libsodium/src/include/sodium/crypto_stream_xchacha20.h
@@ -1,57 +1,61 @@
-#ifndef crypto_stream_xchacha20_H
-#define crypto_stream_xchacha20_H
-
-/*
- * WARNING: This is just a stream cipher. It is NOT authenticated encryption.
- * While it provides some protection against eavesdropping, it does NOT
- * provide any security against active attacks.
- * Unless you know what you're doing, what you are looking for is probably
- * the crypto_box functions.
- */
-
-#include <stddef.h>
-#include <stdint.h>
-#include "export.h"
-
-#ifdef __cplusplus
-# ifdef __GNUC__
-# pragma GCC diagnostic ignored "-Wlong-long"
-# endif
-extern "C" {
-#endif
-
-#define crypto_stream_xchacha20_KEYBYTES 32U
-SODIUM_EXPORT
-size_t crypto_stream_xchacha20_keybytes(void);
-
-#define crypto_stream_xchacha20_NONCEBYTES 24U
-SODIUM_EXPORT
-size_t crypto_stream_xchacha20_noncebytes(void);
-
-#define crypto_stream_xchacha20_MESSAGEBYTES_MAX SODIUM_SIZE_MAX
-SODIUM_EXPORT
-size_t crypto_stream_xchacha20_messagebytes_max(void);
-
-SODIUM_EXPORT
-int crypto_stream_xchacha20(unsigned char *c, unsigned long long clen,
- const unsigned char *n, const unsigned char *k);
-
-SODIUM_EXPORT
-int crypto_stream_xchacha20_xor(unsigned char *c, const unsigned char *m,
- unsigned long long mlen, const unsigned char *n,
- const unsigned char *k);
-
-SODIUM_EXPORT
-int crypto_stream_xchacha20_xor_ic(unsigned char *c, const unsigned char *m,
- unsigned long long mlen,
- const unsigned char *n, uint64_t ic,
- const unsigned char *k);
-
-SODIUM_EXPORT
-void crypto_stream_xchacha20_keygen(unsigned char k[crypto_stream_xchacha20_KEYBYTES]);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
+#ifndef crypto_stream_xchacha20_H
+#define crypto_stream_xchacha20_H
+
+/*
+ * WARNING: This is just a stream cipher. It is NOT authenticated encryption.
+ * While it provides some protection against eavesdropping, it does NOT
+ * provide any security against active attacks.
+ * Unless you know what you're doing, what you are looking for is probably
+ * the crypto_box functions.
+ */
+
+#include <stddef.h>
+#include <stdint.h>
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+# pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_stream_xchacha20_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_stream_xchacha20_keybytes(void);
+
+#define crypto_stream_xchacha20_NONCEBYTES 24U
+SODIUM_EXPORT
+size_t crypto_stream_xchacha20_noncebytes(void);
+
+#define crypto_stream_xchacha20_MESSAGEBYTES_MAX SODIUM_SIZE_MAX
+SODIUM_EXPORT
+size_t crypto_stream_xchacha20_messagebytes_max(void);
+
+SODIUM_EXPORT
+int crypto_stream_xchacha20(unsigned char *c, unsigned long long clen,
+ const unsigned char *n, const unsigned char *k)
+ __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_stream_xchacha20_xor(unsigned char *c, const unsigned char *m,
+ unsigned long long mlen, const unsigned char *n,
+ const unsigned char *k)
+ __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_stream_xchacha20_xor_ic(unsigned char *c, const unsigned char *m,
+ unsigned long long mlen,
+ const unsigned char *n, uint64_t ic,
+ const unsigned char *k)
+ __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_stream_xchacha20_keygen(unsigned char k[crypto_stream_xchacha20_KEYBYTES])
+ __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/libs/libsodium/src/include/sodium/crypto_stream_xsalsa20.h b/libs/libsodium/src/include/sodium/crypto_stream_xsalsa20.h
index cb4c44a8b8..d6ee1d354f 100644
--- a/libs/libsodium/src/include/sodium/crypto_stream_xsalsa20.h
+++ b/libs/libsodium/src/include/sodium/crypto_stream_xsalsa20.h
@@ -1,57 +1,61 @@
-#ifndef crypto_stream_xsalsa20_H
-#define crypto_stream_xsalsa20_H
-
-/*
- * WARNING: This is just a stream cipher. It is NOT authenticated encryption.
- * While it provides some protection against eavesdropping, it does NOT
- * provide any security against active attacks.
- * Unless you know what you're doing, what you are looking for is probably
- * the crypto_box functions.
- */
-
-#include <stddef.h>
-#include <stdint.h>
-#include "export.h"
-
-#ifdef __cplusplus
-# ifdef __GNUC__
-# pragma GCC diagnostic ignored "-Wlong-long"
-# endif
-extern "C" {
-#endif
-
-#define crypto_stream_xsalsa20_KEYBYTES 32U
-SODIUM_EXPORT
-size_t crypto_stream_xsalsa20_keybytes(void);
-
-#define crypto_stream_xsalsa20_NONCEBYTES 24U
-SODIUM_EXPORT
-size_t crypto_stream_xsalsa20_noncebytes(void);
-
-#define crypto_stream_xsalsa20_MESSAGEBYTES_MAX SODIUM_SIZE_MAX
-SODIUM_EXPORT
-size_t crypto_stream_xsalsa20_messagebytes_max(void);
-
-SODIUM_EXPORT
-int crypto_stream_xsalsa20(unsigned char *c, unsigned long long clen,
- const unsigned char *n, const unsigned char *k);
-
-SODIUM_EXPORT
-int crypto_stream_xsalsa20_xor(unsigned char *c, const unsigned char *m,
- unsigned long long mlen, const unsigned char *n,
- const unsigned char *k);
-
-SODIUM_EXPORT
-int crypto_stream_xsalsa20_xor_ic(unsigned char *c, const unsigned char *m,
- unsigned long long mlen,
- const unsigned char *n, uint64_t ic,
- const unsigned char *k);
-
-SODIUM_EXPORT
-void crypto_stream_xsalsa20_keygen(unsigned char k[crypto_stream_xsalsa20_KEYBYTES]);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
+#ifndef crypto_stream_xsalsa20_H
+#define crypto_stream_xsalsa20_H
+
+/*
+ * WARNING: This is just a stream cipher. It is NOT authenticated encryption.
+ * While it provides some protection against eavesdropping, it does NOT
+ * provide any security against active attacks.
+ * Unless you know what you're doing, what you are looking for is probably
+ * the crypto_box functions.
+ */
+
+#include <stddef.h>
+#include <stdint.h>
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+# pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+#define crypto_stream_xsalsa20_KEYBYTES 32U
+SODIUM_EXPORT
+size_t crypto_stream_xsalsa20_keybytes(void);
+
+#define crypto_stream_xsalsa20_NONCEBYTES 24U
+SODIUM_EXPORT
+size_t crypto_stream_xsalsa20_noncebytes(void);
+
+#define crypto_stream_xsalsa20_MESSAGEBYTES_MAX SODIUM_SIZE_MAX
+SODIUM_EXPORT
+size_t crypto_stream_xsalsa20_messagebytes_max(void);
+
+SODIUM_EXPORT
+int crypto_stream_xsalsa20(unsigned char *c, unsigned long long clen,
+ const unsigned char *n, const unsigned char *k)
+ __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_stream_xsalsa20_xor(unsigned char *c, const unsigned char *m,
+ unsigned long long mlen, const unsigned char *n,
+ const unsigned char *k)
+ __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int crypto_stream_xsalsa20_xor_ic(unsigned char *c, const unsigned char *m,
+ unsigned long long mlen,
+ const unsigned char *n, uint64_t ic,
+ const unsigned char *k)
+ __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void crypto_stream_xsalsa20_keygen(unsigned char k[crypto_stream_xsalsa20_KEYBYTES])
+ __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/libs/libsodium/src/include/sodium/crypto_verify_16.h b/libs/libsodium/src/include/sodium/crypto_verify_16.h
index 5e9eeabee8..b79a833bda 100644
--- a/libs/libsodium/src/include/sodium/crypto_verify_16.h
+++ b/libs/libsodium/src/include/sodium/crypto_verify_16.h
@@ -1,23 +1,23 @@
-#ifndef crypto_verify_16_H
-#define crypto_verify_16_H
-
-#include <stddef.h>
-#include "export.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#define crypto_verify_16_BYTES 16U
-SODIUM_EXPORT
-size_t crypto_verify_16_bytes(void);
-
-SODIUM_EXPORT
-int crypto_verify_16(const unsigned char *x, const unsigned char *y)
- __attribute__ ((warn_unused_result));
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
+#ifndef crypto_verify_16_H
+#define crypto_verify_16_H
+
+#include <stddef.h>
+#include "export.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define crypto_verify_16_BYTES 16U
+SODIUM_EXPORT
+size_t crypto_verify_16_bytes(void);
+
+SODIUM_EXPORT
+int crypto_verify_16(const unsigned char *x, const unsigned char *y)
+ __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/libs/libsodium/src/include/sodium/crypto_verify_32.h b/libs/libsodium/src/include/sodium/crypto_verify_32.h
index 281b5a1bb7..11f8b4e8df 100644
--- a/libs/libsodium/src/include/sodium/crypto_verify_32.h
+++ b/libs/libsodium/src/include/sodium/crypto_verify_32.h
@@ -1,23 +1,23 @@
-#ifndef crypto_verify_32_H
-#define crypto_verify_32_H
-
-#include <stddef.h>
-#include "export.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#define crypto_verify_32_BYTES 32U
-SODIUM_EXPORT
-size_t crypto_verify_32_bytes(void);
-
-SODIUM_EXPORT
-int crypto_verify_32(const unsigned char *x, const unsigned char *y)
- __attribute__ ((warn_unused_result));
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
+#ifndef crypto_verify_32_H
+#define crypto_verify_32_H
+
+#include <stddef.h>
+#include "export.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define crypto_verify_32_BYTES 32U
+SODIUM_EXPORT
+size_t crypto_verify_32_bytes(void);
+
+SODIUM_EXPORT
+int crypto_verify_32(const unsigned char *x, const unsigned char *y)
+ __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/libs/libsodium/src/include/sodium/crypto_verify_64.h b/libs/libsodium/src/include/sodium/crypto_verify_64.h
index 0dc7c304a9..d2ae3397e7 100644
--- a/libs/libsodium/src/include/sodium/crypto_verify_64.h
+++ b/libs/libsodium/src/include/sodium/crypto_verify_64.h
@@ -1,23 +1,23 @@
-#ifndef crypto_verify_64_H
-#define crypto_verify_64_H
-
-#include <stddef.h>
-#include "export.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#define crypto_verify_64_BYTES 64U
-SODIUM_EXPORT
-size_t crypto_verify_64_bytes(void);
-
-SODIUM_EXPORT
-int crypto_verify_64(const unsigned char *x, const unsigned char *y)
- __attribute__ ((warn_unused_result));
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
+#ifndef crypto_verify_64_H
+#define crypto_verify_64_H
+
+#include <stddef.h>
+#include "export.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define crypto_verify_64_BYTES 64U
+SODIUM_EXPORT
+size_t crypto_verify_64_bytes(void);
+
+SODIUM_EXPORT
+int crypto_verify_64(const unsigned char *x, const unsigned char *y)
+ __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/libs/libsodium/src/include/sodium/export.h b/libs/libsodium/src/include/sodium/export.h
index a0074fc9cb..725d39e94e 100644
--- a/libs/libsodium/src/include/sodium/export.h
+++ b/libs/libsodium/src/include/sodium/export.h
@@ -1,57 +1,57 @@
-
-#ifndef sodium_export_H
-#define sodium_export_H
-
-#include <stddef.h>
-#include <stdint.h>
-#include <limits.h>
-
-#if !defined(__clang__) && !defined(__GNUC__)
-# ifdef __attribute__
-# undef __attribute__
-# endif
-# define __attribute__(a)
-#endif
-
-#ifdef SODIUM_STATIC
-# define SODIUM_EXPORT
-# define SODIUM_EXPORT_WEAK
-#else
-# if defined(_MSC_VER)
-# ifdef SODIUM_DLL_EXPORT
-# define SODIUM_EXPORT __declspec(dllexport)
-# else
-# define SODIUM_EXPORT __declspec(dllimport)
-# endif
-# else
-# if defined(__SUNPRO_C)
-# ifndef __GNU_C__
-# define SODIUM_EXPORT __attribute__ (visibility(__global))
-# else
-# define SODIUM_EXPORT __attribute__ __global
-# endif
-# elif defined(_MSG_VER)
-# define SODIUM_EXPORT extern __declspec(dllexport)
-# else
-# define SODIUM_EXPORT __attribute__ ((visibility ("default")))
-# endif
-# endif
-# if defined(__ELF__) && !defined(SODIUM_DISABLE_WEAK_FUNCTIONS)
-# define SODIUM_EXPORT_WEAK SODIUM_EXPORT __attribute__((weak))
-# else
-# define SODIUM_EXPORT_WEAK SODIUM_EXPORT
-# endif
-#endif
-
-#ifndef CRYPTO_ALIGN
-# if defined(__INTEL_COMPILER) || defined(_MSC_VER)
-# define CRYPTO_ALIGN(x) __declspec(align(x))
-# else
-# define CRYPTO_ALIGN(x) __attribute__ ((aligned(x)))
-# endif
-#endif
-
-#define SODIUM_MIN(A, B) ((A) < (B) ? (A) : (B))
-#define SODIUM_SIZE_MAX SODIUM_MIN(UINT64_MAX, SIZE_MAX)
-
-#endif
+
+#ifndef sodium_export_H
+#define sodium_export_H
+
+#include <stddef.h>
+#include <stdint.h>
+#include <limits.h>
+
+#if !defined(__clang__) && !defined(__GNUC__)
+# ifdef __attribute__
+# undef __attribute__
+# endif
+# define __attribute__(a)
+#endif
+
+#ifdef SODIUM_STATIC
+# define SODIUM_EXPORT
+# define SODIUM_EXPORT_WEAK
+#else
+# if defined(_MSC_VER)
+# ifdef SODIUM_DLL_EXPORT
+# define SODIUM_EXPORT __declspec(dllexport)
+# else
+# define SODIUM_EXPORT __declspec(dllimport)
+# endif
+# else
+# if defined(__SUNPRO_C)
+# ifndef __GNU_C__
+# define SODIUM_EXPORT __attribute__ (visibility(__global))
+# else
+# define SODIUM_EXPORT __attribute__ __global
+# endif
+# elif defined(_MSG_VER)
+# define SODIUM_EXPORT extern __declspec(dllexport)
+# else
+# define SODIUM_EXPORT __attribute__ ((visibility ("default")))
+# endif
+# endif
+# if defined(__ELF__) && !defined(SODIUM_DISABLE_WEAK_FUNCTIONS)
+# define SODIUM_EXPORT_WEAK SODIUM_EXPORT __attribute__((weak))
+# else
+# define SODIUM_EXPORT_WEAK SODIUM_EXPORT
+# endif
+#endif
+
+#ifndef CRYPTO_ALIGN
+# if defined(__INTEL_COMPILER) || defined(_MSC_VER)
+# define CRYPTO_ALIGN(x) __declspec(align(x))
+# else
+# define CRYPTO_ALIGN(x) __attribute__ ((aligned(x)))
+# endif
+#endif
+
+#define SODIUM_MIN(A, B) ((A) < (B) ? (A) : (B))
+#define SODIUM_SIZE_MAX SODIUM_MIN(UINT64_MAX, SIZE_MAX)
+
+#endif
diff --git a/libs/libsodium/src/include/sodium/private/chacha20_ietf_ext.h b/libs/libsodium/src/include/sodium/private/chacha20_ietf_ext.h
index 2c80b96aa7..d03cfd3329 100644
--- a/libs/libsodium/src/include/sodium/private/chacha20_ietf_ext.h
+++ b/libs/libsodium/src/include/sodium/private/chacha20_ietf_ext.h
@@ -1,16 +1,16 @@
-#ifndef chacha20_ietf_ext_H
-#define chacha20_ietf_ext_H
-
-#include <stdint.h>
-
-/* The ietf_ext variant allows the internal counter to overflow into the IV */
-
-int crypto_stream_chacha20_ietf_ext(unsigned char *c, unsigned long long clen,
- const unsigned char *n, const unsigned char *k);
-
-int crypto_stream_chacha20_ietf_ext_xor_ic(unsigned char *c, const unsigned char *m,
- unsigned long long mlen,
- const unsigned char *n, uint32_t ic,
- const unsigned char *k);
-#endif
-
+#ifndef chacha20_ietf_ext_H
+#define chacha20_ietf_ext_H
+
+#include <stdint.h>
+
+/* The ietf_ext variant allows the internal counter to overflow into the IV */
+
+int crypto_stream_chacha20_ietf_ext(unsigned char *c, unsigned long long clen,
+ const unsigned char *n, const unsigned char *k);
+
+int crypto_stream_chacha20_ietf_ext_xor_ic(unsigned char *c, const unsigned char *m,
+ unsigned long long mlen,
+ const unsigned char *n, uint32_t ic,
+ const unsigned char *k);
+#endif
+
diff --git a/libs/libsodium/src/include/sodium/private/common.h b/libs/libsodium/src/include/sodium/private/common.h
index f87d682e53..aaf6030248 100644
--- a/libs/libsodium/src/include/sodium/private/common.h
+++ b/libs/libsodium/src/include/sodium/private/common.h
@@ -1,261 +1,261 @@
-#ifndef common_H
-#define common_H 1
-
-#if !defined(_MSC_VER) && 1
-# warning *** This is unstable, untested, development code.
-# warning It might not compile. It might not work as expected.
-# warning It might be totally insecure.
-# warning Do not use this except if you are planning to contribute code.
-# warning Use releases available at https://download.libsodium.org/libsodium/releases/ instead.
-# warning Alternatively, use the "stable" branch in the git repository.
-#endif
-
-#if !defined(_MSC_VER) && (!defined(CONFIGURED) || CONFIGURED != 1)
-# warning *** The library is being compiled using an undocumented method.
-# warning This is not supported. It has not been tested, it might not
-# warning work as expected, and performance is likely to be suboptimal.
-#endif
-
-#include <stdint.h>
-#include <stdlib.h>
-#include <string.h>
-
-#define COMPILER_ASSERT(X) (void) sizeof(char[(X) ? 1 : -1])
-
-#ifdef HAVE_TI_MODE
-# if defined(__SIZEOF_INT128__)
-typedef unsigned __int128 uint128_t;
-# else
-typedef unsigned uint128_t __attribute__((mode(TI)));
-# endif
-#endif
-
-#define ROTL32(X, B) rotl32((X), (B))
-static inline uint32_t
-rotl32(const uint32_t x, const int b)
-{
- return (x << b) | (x >> (32 - b));
-}
-
-#define ROTL64(X, B) rotl64((X), (B))
-static inline uint64_t
-rotl64(const uint64_t x, const int b)
-{
- return (x << b) | (x >> (64 - b));
-}
-
-#define ROTR32(X, B) rotr32((X), (B))
-static inline uint32_t
-rotr32(const uint32_t x, const int b)
-{
- return (x >> b) | (x << (32 - b));
-}
-
-#define ROTR64(X, B) rotr64((X), (B))
-static inline uint64_t
-rotr64(const uint64_t x, const int b)
-{
- return (x >> b) | (x << (64 - b));
-}
-
-#define LOAD64_LE(SRC) load64_le(SRC)
-static inline uint64_t
-load64_le(const uint8_t src[8])
-{
-#ifdef NATIVE_LITTLE_ENDIAN
- uint64_t w;
- memcpy(&w, src, sizeof w);
- return w;
-#else
- uint64_t w = (uint64_t) src[0];
- w |= (uint64_t) src[1] << 8;
- w |= (uint64_t) src[2] << 16;
- w |= (uint64_t) src[3] << 24;
- w |= (uint64_t) src[4] << 32;
- w |= (uint64_t) src[5] << 40;
- w |= (uint64_t) src[6] << 48;
- w |= (uint64_t) src[7] << 56;
- return w;
-#endif
-}
-
-#define STORE64_LE(DST, W) store64_le((DST), (W))
-static inline void
-store64_le(uint8_t dst[8], uint64_t w)
-{
-#ifdef NATIVE_LITTLE_ENDIAN
- memcpy(dst, &w, sizeof w);
-#else
- dst[0] = (uint8_t) w; w >>= 8;
- dst[1] = (uint8_t) w; w >>= 8;
- dst[2] = (uint8_t) w; w >>= 8;
- dst[3] = (uint8_t) w; w >>= 8;
- dst[4] = (uint8_t) w; w >>= 8;
- dst[5] = (uint8_t) w; w >>= 8;
- dst[6] = (uint8_t) w; w >>= 8;
- dst[7] = (uint8_t) w;
-#endif
-}
-
-#define LOAD32_LE(SRC) load32_le(SRC)
-static inline uint32_t
-load32_le(const uint8_t src[4])
-{
-#ifdef NATIVE_LITTLE_ENDIAN
- uint32_t w;
- memcpy(&w, src, sizeof w);
- return w;
-#else
- uint32_t w = (uint32_t) src[0];
- w |= (uint32_t) src[1] << 8;
- w |= (uint32_t) src[2] << 16;
- w |= (uint32_t) src[3] << 24;
- return w;
-#endif
-}
-
-#define STORE32_LE(DST, W) store32_le((DST), (W))
-static inline void
-store32_le(uint8_t dst[4], uint32_t w)
-{
-#ifdef NATIVE_LITTLE_ENDIAN
- memcpy(dst, &w, sizeof w);
-#else
- dst[0] = (uint8_t) w; w >>= 8;
- dst[1] = (uint8_t) w; w >>= 8;
- dst[2] = (uint8_t) w; w >>= 8;
- dst[3] = (uint8_t) w;
-#endif
-}
-
-/* ----- */
-
-#define LOAD64_BE(SRC) load64_be(SRC)
-static inline uint64_t
-load64_be(const uint8_t src[8])
-{
-#ifdef NATIVE_BIG_ENDIAN
- uint64_t w;
- memcpy(&w, src, sizeof w);
- return w;
-#else
- uint64_t w = (uint64_t) src[7];
- w |= (uint64_t) src[6] << 8;
- w |= (uint64_t) src[5] << 16;
- w |= (uint64_t) src[4] << 24;
- w |= (uint64_t) src[3] << 32;
- w |= (uint64_t) src[2] << 40;
- w |= (uint64_t) src[1] << 48;
- w |= (uint64_t) src[0] << 56;
- return w;
-#endif
-}
-
-#define STORE64_BE(DST, W) store64_be((DST), (W))
-static inline void
-store64_be(uint8_t dst[8], uint64_t w)
-{
-#ifdef NATIVE_BIG_ENDIAN
- memcpy(dst, &w, sizeof w);
-#else
- dst[7] = (uint8_t) w; w >>= 8;
- dst[6] = (uint8_t) w; w >>= 8;
- dst[5] = (uint8_t) w; w >>= 8;
- dst[4] = (uint8_t) w; w >>= 8;
- dst[3] = (uint8_t) w; w >>= 8;
- dst[2] = (uint8_t) w; w >>= 8;
- dst[1] = (uint8_t) w; w >>= 8;
- dst[0] = (uint8_t) w;
-#endif
-}
-
-#define LOAD32_BE(SRC) load32_be(SRC)
-static inline uint32_t
-load32_be(const uint8_t src[4])
-{
-#ifdef NATIVE_BIG_ENDIAN
- uint32_t w;
- memcpy(&w, src, sizeof w);
- return w;
-#else
- uint32_t w = (uint32_t) src[3];
- w |= (uint32_t) src[2] << 8;
- w |= (uint32_t) src[1] << 16;
- w |= (uint32_t) src[0] << 24;
- return w;
-#endif
-}
-
-#define STORE32_BE(DST, W) store32_be((DST), (W))
-static inline void
-store32_be(uint8_t dst[4], uint32_t w)
-{
-#ifdef NATIVE_BIG_ENDIAN
- memcpy(dst, &w, sizeof w);
-#else
- dst[3] = (uint8_t) w; w >>= 8;
- dst[2] = (uint8_t) w; w >>= 8;
- dst[1] = (uint8_t) w; w >>= 8;
- dst[0] = (uint8_t) w;
-#endif
-}
-
-#define XOR_BUF(OUT, IN, N) xor_buf((OUT), (IN), (N))
-static inline void
-xor_buf(unsigned char *out, const unsigned char *in, size_t n)
-{
- size_t i;
-
- for (i = 0; i < n; i++) {
- out[i] ^= in[i];
- }
-}
-
-#if !defined(__clang__) && !defined(__GNUC__)
-# ifdef __attribute__
-# undef __attribute__
-# endif
-# define __attribute__(a)
-#endif
-
-#ifndef CRYPTO_ALIGN
-# if defined(__INTEL_COMPILER) || defined(_MSC_VER)
-# define CRYPTO_ALIGN(x) __declspec(align(x))
-# else
-# define CRYPTO_ALIGN(x) __attribute__ ((aligned(x)))
-# endif
-#endif
-
-#if defined(_MSC_VER) && \
- (defined(_M_X64) || defined(_M_AMD64) || defined(_M_IX86))
-
-# include <intrin.h>
-
-# define HAVE_INTRIN_H 1
-# define HAVE_MMINTRIN_H 1
-# define HAVE_EMMINTRIN_H 1
-# define HAVE_PMMINTRIN_H 1
-# define HAVE_TMMINTRIN_H 1
-# define HAVE_SMMINTRIN_H 1
-# define HAVE_AVXINTRIN_H 1
-# if _MSC_VER >= 1600
-# define HAVE_WMMINTRIN_H 1
-# endif
-# if _MSC_VER >= 1700 && defined(_M_X64)
-# define HAVE_AVX2INTRIN_H 1
-# endif
-#elif defined(HAVE_INTRIN_H)
-# include <intrin.h>
-#endif
-
-#ifdef HAVE_LIBCTGRIND
-extern void ct_poison (const void *, size_t);
-extern void ct_unpoison(const void *, size_t);
-# define POISON(X, L) ct_poison((X), (L))
-# define UNPOISON(X, L) ct_unpoison((X), (L))
-#else
-# define POISON(X, L) (void) 0
-# define UNPOISON(X, L) (void) 0
-#endif
-
-#endif
+#ifndef common_H
+#define common_H 1
+
+#if !defined(_MSC_VER) && 0
+# warning *** This is unstable, untested, development code.
+# warning It might not compile. It might not work as expected.
+# warning It might be totally insecure.
+# warning Do not use this except if you are planning to contribute code.
+# warning Use releases available at https://download.libsodium.org/libsodium/releases/ instead.
+# warning Alternatively, use the "stable" branch in the git repository.
+#endif
+
+#if !defined(_MSC_VER) && (!defined(CONFIGURED) || CONFIGURED != 1)
+# warning *** The library is being compiled using an undocumented method.
+# warning This is not supported. It has not been tested, it might not
+# warning work as expected, and performance is likely to be suboptimal.
+#endif
+
+#include <stdint.h>
+#include <stdlib.h>
+#include <string.h>
+
+#define COMPILER_ASSERT(X) (void) sizeof(char[(X) ? 1 : -1])
+
+#ifdef HAVE_TI_MODE
+# if defined(__SIZEOF_INT128__)
+typedef unsigned __int128 uint128_t;
+# else
+typedef unsigned uint128_t __attribute__((mode(TI)));
+# endif
+#endif
+
+#define ROTL32(X, B) rotl32((X), (B))
+static inline uint32_t
+rotl32(const uint32_t x, const int b)
+{
+ return (x << b) | (x >> (32 - b));
+}
+
+#define ROTL64(X, B) rotl64((X), (B))
+static inline uint64_t
+rotl64(const uint64_t x, const int b)
+{
+ return (x << b) | (x >> (64 - b));
+}
+
+#define ROTR32(X, B) rotr32((X), (B))
+static inline uint32_t
+rotr32(const uint32_t x, const int b)
+{
+ return (x >> b) | (x << (32 - b));
+}
+
+#define ROTR64(X, B) rotr64((X), (B))
+static inline uint64_t
+rotr64(const uint64_t x, const int b)
+{
+ return (x >> b) | (x << (64 - b));
+}
+
+#define LOAD64_LE(SRC) load64_le(SRC)
+static inline uint64_t
+load64_le(const uint8_t src[8])
+{
+#ifdef NATIVE_LITTLE_ENDIAN
+ uint64_t w;
+ memcpy(&w, src, sizeof w);
+ return w;
+#else
+ uint64_t w = (uint64_t) src[0];
+ w |= (uint64_t) src[1] << 8;
+ w |= (uint64_t) src[2] << 16;
+ w |= (uint64_t) src[3] << 24;
+ w |= (uint64_t) src[4] << 32;
+ w |= (uint64_t) src[5] << 40;
+ w |= (uint64_t) src[6] << 48;
+ w |= (uint64_t) src[7] << 56;
+ return w;
+#endif
+}
+
+#define STORE64_LE(DST, W) store64_le((DST), (W))
+static inline void
+store64_le(uint8_t dst[8], uint64_t w)
+{
+#ifdef NATIVE_LITTLE_ENDIAN
+ memcpy(dst, &w, sizeof w);
+#else
+ dst[0] = (uint8_t) w; w >>= 8;
+ dst[1] = (uint8_t) w; w >>= 8;
+ dst[2] = (uint8_t) w; w >>= 8;
+ dst[3] = (uint8_t) w; w >>= 8;
+ dst[4] = (uint8_t) w; w >>= 8;
+ dst[5] = (uint8_t) w; w >>= 8;
+ dst[6] = (uint8_t) w; w >>= 8;
+ dst[7] = (uint8_t) w;
+#endif
+}
+
+#define LOAD32_LE(SRC) load32_le(SRC)
+static inline uint32_t
+load32_le(const uint8_t src[4])
+{
+#ifdef NATIVE_LITTLE_ENDIAN
+ uint32_t w;
+ memcpy(&w, src, sizeof w);
+ return w;
+#else
+ uint32_t w = (uint32_t) src[0];
+ w |= (uint32_t) src[1] << 8;
+ w |= (uint32_t) src[2] << 16;
+ w |= (uint32_t) src[3] << 24;
+ return w;
+#endif
+}
+
+#define STORE32_LE(DST, W) store32_le((DST), (W))
+static inline void
+store32_le(uint8_t dst[4], uint32_t w)
+{
+#ifdef NATIVE_LITTLE_ENDIAN
+ memcpy(dst, &w, sizeof w);
+#else
+ dst[0] = (uint8_t) w; w >>= 8;
+ dst[1] = (uint8_t) w; w >>= 8;
+ dst[2] = (uint8_t) w; w >>= 8;
+ dst[3] = (uint8_t) w;
+#endif
+}
+
+/* ----- */
+
+#define LOAD64_BE(SRC) load64_be(SRC)
+static inline uint64_t
+load64_be(const uint8_t src[8])
+{
+#ifdef NATIVE_BIG_ENDIAN
+ uint64_t w;
+ memcpy(&w, src, sizeof w);
+ return w;
+#else
+ uint64_t w = (uint64_t) src[7];
+ w |= (uint64_t) src[6] << 8;
+ w |= (uint64_t) src[5] << 16;
+ w |= (uint64_t) src[4] << 24;
+ w |= (uint64_t) src[3] << 32;
+ w |= (uint64_t) src[2] << 40;
+ w |= (uint64_t) src[1] << 48;
+ w |= (uint64_t) src[0] << 56;
+ return w;
+#endif
+}
+
+#define STORE64_BE(DST, W) store64_be((DST), (W))
+static inline void
+store64_be(uint8_t dst[8], uint64_t w)
+{
+#ifdef NATIVE_BIG_ENDIAN
+ memcpy(dst, &w, sizeof w);
+#else
+ dst[7] = (uint8_t) w; w >>= 8;
+ dst[6] = (uint8_t) w; w >>= 8;
+ dst[5] = (uint8_t) w; w >>= 8;
+ dst[4] = (uint8_t) w; w >>= 8;
+ dst[3] = (uint8_t) w; w >>= 8;
+ dst[2] = (uint8_t) w; w >>= 8;
+ dst[1] = (uint8_t) w; w >>= 8;
+ dst[0] = (uint8_t) w;
+#endif
+}
+
+#define LOAD32_BE(SRC) load32_be(SRC)
+static inline uint32_t
+load32_be(const uint8_t src[4])
+{
+#ifdef NATIVE_BIG_ENDIAN
+ uint32_t w;
+ memcpy(&w, src, sizeof w);
+ return w;
+#else
+ uint32_t w = (uint32_t) src[3];
+ w |= (uint32_t) src[2] << 8;
+ w |= (uint32_t) src[1] << 16;
+ w |= (uint32_t) src[0] << 24;
+ return w;
+#endif
+}
+
+#define STORE32_BE(DST, W) store32_be((DST), (W))
+static inline void
+store32_be(uint8_t dst[4], uint32_t w)
+{
+#ifdef NATIVE_BIG_ENDIAN
+ memcpy(dst, &w, sizeof w);
+#else
+ dst[3] = (uint8_t) w; w >>= 8;
+ dst[2] = (uint8_t) w; w >>= 8;
+ dst[1] = (uint8_t) w; w >>= 8;
+ dst[0] = (uint8_t) w;
+#endif
+}
+
+#define XOR_BUF(OUT, IN, N) xor_buf((OUT), (IN), (N))
+static inline void
+xor_buf(unsigned char *out, const unsigned char *in, size_t n)
+{
+ size_t i;
+
+ for (i = 0; i < n; i++) {
+ out[i] ^= in[i];
+ }
+}
+
+#if !defined(__clang__) && !defined(__GNUC__)
+# ifdef __attribute__
+# undef __attribute__
+# endif
+# define __attribute__(a)
+#endif
+
+#ifndef CRYPTO_ALIGN
+# if defined(__INTEL_COMPILER) || defined(_MSC_VER)
+# define CRYPTO_ALIGN(x) __declspec(align(x))
+# else
+# define CRYPTO_ALIGN(x) __attribute__ ((aligned(x)))
+# endif
+#endif
+
+#if defined(_MSC_VER) && \
+ (defined(_M_X64) || defined(_M_AMD64) || defined(_M_IX86))
+
+# include <intrin.h>
+
+# define HAVE_INTRIN_H 1
+# define HAVE_MMINTRIN_H 1
+# define HAVE_EMMINTRIN_H 1
+# define HAVE_PMMINTRIN_H 1
+# define HAVE_TMMINTRIN_H 1
+# define HAVE_SMMINTRIN_H 1
+# define HAVE_AVXINTRIN_H 1
+# if _MSC_VER >= 1600
+# define HAVE_WMMINTRIN_H 1
+# endif
+# if _MSC_VER >= 1700 && defined(_M_X64)
+# define HAVE_AVX2INTRIN_H 1
+# endif
+#elif defined(HAVE_INTRIN_H)
+# include <intrin.h>
+#endif
+
+#ifdef HAVE_LIBCTGRIND
+extern void ct_poison (const void *, size_t);
+extern void ct_unpoison(const void *, size_t);
+# define POISON(X, L) ct_poison((X), (L))
+# define UNPOISON(X, L) ct_unpoison((X), (L))
+#else
+# define POISON(X, L) (void) 0
+# define UNPOISON(X, L) (void) 0
+#endif
+
+#endif
diff --git a/libs/libsodium/src/include/sodium/private/ed25519_ref10.h b/libs/libsodium/src/include/sodium/private/ed25519_ref10.h
index 42fcd98139..cbf258e0c1 100644
--- a/libs/libsodium/src/include/sodium/private/ed25519_ref10.h
+++ b/libs/libsodium/src/include/sodium/private/ed25519_ref10.h
@@ -1,125 +1,127 @@
-#ifndef ed25519_ref10_H
-#define ed25519_ref10_H
-
-#include <stddef.h>
-#include <stdint.h>
-
-/*
- fe means field element.
- Here the field is \Z/(2^255-19).
- */
-
-#ifdef HAVE_TI_MODE
-typedef uint64_t fe25519[5];
-#else
-typedef int32_t fe25519[10];
-#endif
-
-void fe25519_invert(fe25519 out, const fe25519 z);
-void fe25519_frombytes(fe25519 h, const unsigned char *s);
-void fe25519_tobytes(unsigned char *s, const fe25519 h);
-
-#ifdef HAVE_TI_MODE
-# include "ed25519_ref10_fe_51.h"
-#else
-# include "ed25519_ref10_fe_25_5.h"
-#endif
-
-
-/*
- ge means group element.
-
- Here the group is the set of pairs (x,y) of field elements
- satisfying -x^2 + y^2 = 1 + d x^2y^2
- where d = -121665/121666.
-
- Representations:
- ge25519_p2 (projective): (X:Y:Z) satisfying x=X/Z, y=Y/Z
- ge25519_p3 (extended): (X:Y:Z:T) satisfying x=X/Z, y=Y/Z, XY=ZT
- ge25519_p1p1 (completed): ((X:Z),(Y:T)) satisfying x=X/Z, y=Y/T
- ge25519_precomp (Duif): (y+x,y-x,2dxy)
- */
-
-typedef struct {
- fe25519 X;
- fe25519 Y;
- fe25519 Z;
-} ge25519_p2;
-
-typedef struct {
- fe25519 X;
- fe25519 Y;
- fe25519 Z;
- fe25519 T;
-} ge25519_p3;
-
-typedef struct {
- fe25519 X;
- fe25519 Y;
- fe25519 Z;
- fe25519 T;
-} ge25519_p1p1;
-
-typedef struct {
- fe25519 yplusx;
- fe25519 yminusx;
- fe25519 xy2d;
-} ge25519_precomp;
-
-typedef struct {
- fe25519 YplusX;
- fe25519 YminusX;
- fe25519 Z;
- fe25519 T2d;
-} ge25519_cached;
-
-void ge25519_tobytes(unsigned char *s, const ge25519_p2 *h);
-
-void ge25519_p3_tobytes(unsigned char *s, const ge25519_p3 *h);
-
-int ge25519_frombytes(ge25519_p3 *h, const unsigned char *s);
-
-int ge25519_frombytes_negate_vartime(ge25519_p3 *h, const unsigned char *s);
-
-void ge25519_p3_to_cached(ge25519_cached *r, const ge25519_p3 *p);
-
-void ge25519_p1p1_to_p2(ge25519_p2 *r, const ge25519_p1p1 *p);
-
-void ge25519_p1p1_to_p3(ge25519_p3 *r, const ge25519_p1p1 *p);
-
-void ge25519_add(ge25519_p1p1 *r, const ge25519_p3 *p, const ge25519_cached *q);
-
-void ge25519_sub(ge25519_p1p1 *r, const ge25519_p3 *p, const ge25519_cached *q);
-
-void ge25519_scalarmult_base(ge25519_p3 *h, const unsigned char *a);
-
-void ge25519_double_scalarmult_vartime(ge25519_p2 *r, const unsigned char *a,
- const ge25519_p3 *A,
- const unsigned char *b);
-
-void ge25519_scalarmult(ge25519_p3 *h, const unsigned char *a,
- const ge25519_p3 *p);
-
-int ge25519_is_canonical(const unsigned char *s);
-
-int ge25519_is_on_curve(const ge25519_p3 *p);
-
-int ge25519_is_on_main_subgroup(const ge25519_p3 *p);
-
-int ge25519_has_small_order(const unsigned char s[32]);
-
-void ge25519_from_uniform(unsigned char s[32], const unsigned char r[32]);
-
-/*
- The set of scalars is \Z/l
- where l = 2^252 + 27742317777372353535851937790883648493.
- */
-
-void sc25519_reduce(unsigned char *s);
-
-void sc25519_muladd(unsigned char *s, const unsigned char *a,
- const unsigned char *b, const unsigned char *c);
-
-int sc25519_is_canonical(const unsigned char *s);
-
-#endif
+#ifndef ed25519_ref10_H
+#define ed25519_ref10_H
+
+#include <stddef.h>
+#include <stdint.h>
+
+/*
+ fe means field element.
+ Here the field is \Z/(2^255-19).
+ */
+
+#ifdef HAVE_TI_MODE
+typedef uint64_t fe25519[5];
+#else
+typedef int32_t fe25519[10];
+#endif
+
+void fe25519_invert(fe25519 out, const fe25519 z);
+void fe25519_frombytes(fe25519 h, const unsigned char *s);
+void fe25519_tobytes(unsigned char *s, const fe25519 h);
+
+#ifdef HAVE_TI_MODE
+# include "ed25519_ref10_fe_51.h"
+#else
+# include "ed25519_ref10_fe_25_5.h"
+#endif
+
+
+/*
+ ge means group element.
+
+ Here the group is the set of pairs (x,y) of field elements
+ satisfying -x^2 + y^2 = 1 + d x^2y^2
+ where d = -121665/121666.
+
+ Representations:
+ ge25519_p2 (projective): (X:Y:Z) satisfying x=X/Z, y=Y/Z
+ ge25519_p3 (extended): (X:Y:Z:T) satisfying x=X/Z, y=Y/Z, XY=ZT
+ ge25519_p1p1 (completed): ((X:Z),(Y:T)) satisfying x=X/Z, y=Y/T
+ ge25519_precomp (Duif): (y+x,y-x,2dxy)
+ */
+
+typedef struct {
+ fe25519 X;
+ fe25519 Y;
+ fe25519 Z;
+} ge25519_p2;
+
+typedef struct {
+ fe25519 X;
+ fe25519 Y;
+ fe25519 Z;
+ fe25519 T;
+} ge25519_p3;
+
+typedef struct {
+ fe25519 X;
+ fe25519 Y;
+ fe25519 Z;
+ fe25519 T;
+} ge25519_p1p1;
+
+typedef struct {
+ fe25519 yplusx;
+ fe25519 yminusx;
+ fe25519 xy2d;
+} ge25519_precomp;
+
+typedef struct {
+ fe25519 YplusX;
+ fe25519 YminusX;
+ fe25519 Z;
+ fe25519 T2d;
+} ge25519_cached;
+
+void ge25519_tobytes(unsigned char *s, const ge25519_p2 *h);
+
+void ge25519_p3_tobytes(unsigned char *s, const ge25519_p3 *h);
+
+int ge25519_frombytes(ge25519_p3 *h, const unsigned char *s);
+
+int ge25519_frombytes_negate_vartime(ge25519_p3 *h, const unsigned char *s);
+
+void ge25519_p3_to_cached(ge25519_cached *r, const ge25519_p3 *p);
+
+void ge25519_p1p1_to_p2(ge25519_p2 *r, const ge25519_p1p1 *p);
+
+void ge25519_p1p1_to_p3(ge25519_p3 *r, const ge25519_p1p1 *p);
+
+void ge25519_add(ge25519_p1p1 *r, const ge25519_p3 *p, const ge25519_cached *q);
+
+void ge25519_sub(ge25519_p1p1 *r, const ge25519_p3 *p, const ge25519_cached *q);
+
+void ge25519_scalarmult_base(ge25519_p3 *h, const unsigned char *a);
+
+void ge25519_double_scalarmult_vartime(ge25519_p2 *r, const unsigned char *a,
+ const ge25519_p3 *A,
+ const unsigned char *b);
+
+void ge25519_scalarmult(ge25519_p3 *h, const unsigned char *a,
+ const ge25519_p3 *p);
+
+int ge25519_is_canonical(const unsigned char *s);
+
+int ge25519_is_on_curve(const ge25519_p3 *p);
+
+int ge25519_is_on_main_subgroup(const ge25519_p3 *p);
+
+int ge25519_has_small_order(const unsigned char s[32]);
+
+void ge25519_from_uniform(unsigned char s[32], const unsigned char r[32]);
+
+/*
+ The set of scalars is \Z/l
+ where l = 2^252 + 27742317777372353535851937790883648493.
+ */
+
+void sc25519_invert(unsigned char recip[32], const unsigned char s[32]);
+
+void sc25519_reduce(unsigned char s[64]);
+
+void sc25519_muladd(unsigned char s[32], const unsigned char a[32],
+ const unsigned char b[32], const unsigned char c[32]);
+
+int sc25519_is_canonical(const unsigned char s[32]);
+
+#endif
diff --git a/libs/libsodium/src/include/sodium/private/ed25519_ref10_fe_25_5.h b/libs/libsodium/src/include/sodium/private/ed25519_ref10_fe_25_5.h
index 5a0b6148b7..ffb689e4a4 100644
--- a/libs/libsodium/src/include/sodium/private/ed25519_ref10_fe_25_5.h
+++ b/libs/libsodium/src/include/sodium/private/ed25519_ref10_fe_25_5.h
@@ -1,1050 +1,1050 @@
-#include <string.h>
-
-#include "private/common.h"
-#include "utils.h"
-
-/*
- h = 0
- */
-
-static inline void
-fe25519_0(fe25519 h)
-{
- memset(&h[0], 0, 10 * sizeof h[0]);
-}
-
-/*
- h = 1
- */
-
-static inline void
-fe25519_1(fe25519 h)
-{
- h[0] = 1;
- h[1] = 0;
- memset(&h[2], 0, 8 * sizeof h[0]);
-}
-
-/*
- h = f + g
- Can overlap h with f or g.
- *
- Preconditions:
- |f| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
- |g| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
- *
- Postconditions:
- |h| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
- */
-
-static inline void
-fe25519_add(fe25519 h, const fe25519 f, const fe25519 g)
-{
- int32_t h0 = f[0] + g[0];
- int32_t h1 = f[1] + g[1];
- int32_t h2 = f[2] + g[2];
- int32_t h3 = f[3] + g[3];
- int32_t h4 = f[4] + g[4];
- int32_t h5 = f[5] + g[5];
- int32_t h6 = f[6] + g[6];
- int32_t h7 = f[7] + g[7];
- int32_t h8 = f[8] + g[8];
- int32_t h9 = f[9] + g[9];
-
- h[0] = h0;
- h[1] = h1;
- h[2] = h2;
- h[3] = h3;
- h[4] = h4;
- h[5] = h5;
- h[6] = h6;
- h[7] = h7;
- h[8] = h8;
- h[9] = h9;
-}
-
-/*
- h = f - g
- Can overlap h with f or g.
- *
- Preconditions:
- |f| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
- |g| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
- *
- Postconditions:
- |h| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
- */
-
-static void
-fe25519_sub(fe25519 h, const fe25519 f, const fe25519 g)
-{
- int32_t h0 = f[0] - g[0];
- int32_t h1 = f[1] - g[1];
- int32_t h2 = f[2] - g[2];
- int32_t h3 = f[3] - g[3];
- int32_t h4 = f[4] - g[4];
- int32_t h5 = f[5] - g[5];
- int32_t h6 = f[6] - g[6];
- int32_t h7 = f[7] - g[7];
- int32_t h8 = f[8] - g[8];
- int32_t h9 = f[9] - g[9];
-
- h[0] = h0;
- h[1] = h1;
- h[2] = h2;
- h[3] = h3;
- h[4] = h4;
- h[5] = h5;
- h[6] = h6;
- h[7] = h7;
- h[8] = h8;
- h[9] = h9;
-}
-
-/*
- h = -f
- *
- Preconditions:
- |f| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
- *
- Postconditions:
- |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
- */
-
-static inline void
-fe25519_neg(fe25519 h, const fe25519 f)
-{
- int32_t h0 = -f[0];
- int32_t h1 = -f[1];
- int32_t h2 = -f[2];
- int32_t h3 = -f[3];
- int32_t h4 = -f[4];
- int32_t h5 = -f[5];
- int32_t h6 = -f[6];
- int32_t h7 = -f[7];
- int32_t h8 = -f[8];
- int32_t h9 = -f[9];
-
- h[0] = h0;
- h[1] = h1;
- h[2] = h2;
- h[3] = h3;
- h[4] = h4;
- h[5] = h5;
- h[6] = h6;
- h[7] = h7;
- h[8] = h8;
- h[9] = h9;
-}
-
-/*
- Replace (f,g) with (g,g) if b == 1;
- replace (f,g) with (f,g) if b == 0.
- *
- Preconditions: b in {0,1}.
- */
-
-static void
-fe25519_cmov(fe25519 f, const fe25519 g, unsigned int b)
-{
- const uint32_t mask = (uint32_t) (-(int32_t) b);
-
- int32_t f0 = f[0];
- int32_t f1 = f[1];
- int32_t f2 = f[2];
- int32_t f3 = f[3];
- int32_t f4 = f[4];
- int32_t f5 = f[5];
- int32_t f6 = f[6];
- int32_t f7 = f[7];
- int32_t f8 = f[8];
- int32_t f9 = f[9];
-
- int32_t x0 = f0 ^ g[0];
- int32_t x1 = f1 ^ g[1];
- int32_t x2 = f2 ^ g[2];
- int32_t x3 = f3 ^ g[3];
- int32_t x4 = f4 ^ g[4];
- int32_t x5 = f5 ^ g[5];
- int32_t x6 = f6 ^ g[6];
- int32_t x7 = f7 ^ g[7];
- int32_t x8 = f8 ^ g[8];
- int32_t x9 = f9 ^ g[9];
-
- x0 &= mask;
- x1 &= mask;
- x2 &= mask;
- x3 &= mask;
- x4 &= mask;
- x5 &= mask;
- x6 &= mask;
- x7 &= mask;
- x8 &= mask;
- x9 &= mask;
-
- f[0] = f0 ^ x0;
- f[1] = f1 ^ x1;
- f[2] = f2 ^ x2;
- f[3] = f3 ^ x3;
- f[4] = f4 ^ x4;
- f[5] = f5 ^ x5;
- f[6] = f6 ^ x6;
- f[7] = f7 ^ x7;
- f[8] = f8 ^ x8;
- f[9] = f9 ^ x9;
-}
-
-static void
-fe25519_cswap(fe25519 f, fe25519 g, unsigned int b)
-{
- const uint32_t mask = (uint32_t) (-(int64_t) b);
-
- int32_t f0 = f[0];
- int32_t f1 = f[1];
- int32_t f2 = f[2];
- int32_t f3 = f[3];
- int32_t f4 = f[4];
- int32_t f5 = f[5];
- int32_t f6 = f[6];
- int32_t f7 = f[7];
- int32_t f8 = f[8];
- int32_t f9 = f[9];
-
- int32_t g0 = g[0];
- int32_t g1 = g[1];
- int32_t g2 = g[2];
- int32_t g3 = g[3];
- int32_t g4 = g[4];
- int32_t g5 = g[5];
- int32_t g6 = g[6];
- int32_t g7 = g[7];
- int32_t g8 = g[8];
- int32_t g9 = g[9];
-
- int32_t x0 = f0 ^ g0;
- int32_t x1 = f1 ^ g1;
- int32_t x2 = f2 ^ g2;
- int32_t x3 = f3 ^ g3;
- int32_t x4 = f4 ^ g4;
- int32_t x5 = f5 ^ g5;
- int32_t x6 = f6 ^ g6;
- int32_t x7 = f7 ^ g7;
- int32_t x8 = f8 ^ g8;
- int32_t x9 = f9 ^ g9;
-
- x0 &= mask;
- x1 &= mask;
- x2 &= mask;
- x3 &= mask;
- x4 &= mask;
- x5 &= mask;
- x6 &= mask;
- x7 &= mask;
- x8 &= mask;
- x9 &= mask;
-
- f[0] = f0 ^ x0;
- f[1] = f1 ^ x1;
- f[2] = f2 ^ x2;
- f[3] = f3 ^ x3;
- f[4] = f4 ^ x4;
- f[5] = f5 ^ x5;
- f[6] = f6 ^ x6;
- f[7] = f7 ^ x7;
- f[8] = f8 ^ x8;
- f[9] = f9 ^ x9;
-
- g[0] = g0 ^ x0;
- g[1] = g1 ^ x1;
- g[2] = g2 ^ x2;
- g[3] = g3 ^ x3;
- g[4] = g4 ^ x4;
- g[5] = g5 ^ x5;
- g[6] = g6 ^ x6;
- g[7] = g7 ^ x7;
- g[8] = g8 ^ x8;
- g[9] = g9 ^ x9;
-}
-
-/*
- h = f
- */
-
-static inline void
-fe25519_copy(fe25519 h, const fe25519 f)
-{
- int32_t f0 = f[0];
- int32_t f1 = f[1];
- int32_t f2 = f[2];
- int32_t f3 = f[3];
- int32_t f4 = f[4];
- int32_t f5 = f[5];
- int32_t f6 = f[6];
- int32_t f7 = f[7];
- int32_t f8 = f[8];
- int32_t f9 = f[9];
-
- h[0] = f0;
- h[1] = f1;
- h[2] = f2;
- h[3] = f3;
- h[4] = f4;
- h[5] = f5;
- h[6] = f6;
- h[7] = f7;
- h[8] = f8;
- h[9] = f9;
-}
-
-/*
- return 1 if f is in {1,3,5,...,q-2}
- return 0 if f is in {0,2,4,...,q-1}
-
- Preconditions:
- |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
- */
-
-static inline int
-fe25519_isnegative(const fe25519 f)
-{
- unsigned char s[32];
-
- fe25519_tobytes(s, f);
-
- return s[0] & 1;
-}
-
-/*
- return 1 if f == 0
- return 0 if f != 0
-
- Preconditions:
- |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
- */
-
-static inline int
-fe25519_iszero(const fe25519 f)
-{
- unsigned char s[32];
-
- fe25519_tobytes(s, f);
-
- return sodium_is_zero(s, 32);
-}
-
-/*
- h = f * g
- Can overlap h with f or g.
- *
- Preconditions:
- |f| bounded by 1.65*2^26,1.65*2^25,1.65*2^26,1.65*2^25,etc.
- |g| bounded by 1.65*2^26,1.65*2^25,1.65*2^26,1.65*2^25,etc.
- *
- Postconditions:
- |h| bounded by 1.01*2^25,1.01*2^24,1.01*2^25,1.01*2^24,etc.
- */
-
-/*
- Notes on implementation strategy:
- *
- Using schoolbook multiplication.
- Karatsuba would save a little in some cost models.
- *
- Most multiplications by 2 and 19 are 32-bit precomputations;
- cheaper than 64-bit postcomputations.
- *
- There is one remaining multiplication by 19 in the carry chain;
- one *19 precomputation can be merged into this,
- but the resulting data flow is considerably less clean.
- *
- There are 12 carries below.
- 10 of them are 2-way parallelizable and vectorizable.
- Can get away with 11 carries, but then data flow is much deeper.
- *
- With tighter constraints on inputs can squeeze carries into int32.
- */
-
-static void
-fe25519_mul(fe25519 h, const fe25519 f, const fe25519 g)
-{
- int32_t f0 = f[0];
- int32_t f1 = f[1];
- int32_t f2 = f[2];
- int32_t f3 = f[3];
- int32_t f4 = f[4];
- int32_t f5 = f[5];
- int32_t f6 = f[6];
- int32_t f7 = f[7];
- int32_t f8 = f[8];
- int32_t f9 = f[9];
-
- int32_t g0 = g[0];
- int32_t g1 = g[1];
- int32_t g2 = g[2];
- int32_t g3 = g[3];
- int32_t g4 = g[4];
- int32_t g5 = g[5];
- int32_t g6 = g[6];
- int32_t g7 = g[7];
- int32_t g8 = g[8];
- int32_t g9 = g[9];
-
- int32_t g1_19 = 19 * g1; /* 1.959375*2^29 */
- int32_t g2_19 = 19 * g2; /* 1.959375*2^30; still ok */
- int32_t g3_19 = 19 * g3;
- int32_t g4_19 = 19 * g4;
- int32_t g5_19 = 19 * g5;
- int32_t g6_19 = 19 * g6;
- int32_t g7_19 = 19 * g7;
- int32_t g8_19 = 19 * g8;
- int32_t g9_19 = 19 * g9;
- int32_t f1_2 = 2 * f1;
- int32_t f3_2 = 2 * f3;
- int32_t f5_2 = 2 * f5;
- int32_t f7_2 = 2 * f7;
- int32_t f9_2 = 2 * f9;
-
- int64_t f0g0 = f0 * (int64_t) g0;
- int64_t f0g1 = f0 * (int64_t) g1;
- int64_t f0g2 = f0 * (int64_t) g2;
- int64_t f0g3 = f0 * (int64_t) g3;
- int64_t f0g4 = f0 * (int64_t) g4;
- int64_t f0g5 = f0 * (int64_t) g5;
- int64_t f0g6 = f0 * (int64_t) g6;
- int64_t f0g7 = f0 * (int64_t) g7;
- int64_t f0g8 = f0 * (int64_t) g8;
- int64_t f0g9 = f0 * (int64_t) g9;
- int64_t f1g0 = f1 * (int64_t) g0;
- int64_t f1g1_2 = f1_2 * (int64_t) g1;
- int64_t f1g2 = f1 * (int64_t) g2;
- int64_t f1g3_2 = f1_2 * (int64_t) g3;
- int64_t f1g4 = f1 * (int64_t) g4;
- int64_t f1g5_2 = f1_2 * (int64_t) g5;
- int64_t f1g6 = f1 * (int64_t) g6;
- int64_t f1g7_2 = f1_2 * (int64_t) g7;
- int64_t f1g8 = f1 * (int64_t) g8;
- int64_t f1g9_38 = f1_2 * (int64_t) g9_19;
- int64_t f2g0 = f2 * (int64_t) g0;
- int64_t f2g1 = f2 * (int64_t) g1;
- int64_t f2g2 = f2 * (int64_t) g2;
- int64_t f2g3 = f2 * (int64_t) g3;
- int64_t f2g4 = f2 * (int64_t) g4;
- int64_t f2g5 = f2 * (int64_t) g5;
- int64_t f2g6 = f2 * (int64_t) g6;
- int64_t f2g7 = f2 * (int64_t) g7;
- int64_t f2g8_19 = f2 * (int64_t) g8_19;
- int64_t f2g9_19 = f2 * (int64_t) g9_19;
- int64_t f3g0 = f3 * (int64_t) g0;
- int64_t f3g1_2 = f3_2 * (int64_t) g1;
- int64_t f3g2 = f3 * (int64_t) g2;
- int64_t f3g3_2 = f3_2 * (int64_t) g3;
- int64_t f3g4 = f3 * (int64_t) g4;
- int64_t f3g5_2 = f3_2 * (int64_t) g5;
- int64_t f3g6 = f3 * (int64_t) g6;
- int64_t f3g7_38 = f3_2 * (int64_t) g7_19;
- int64_t f3g8_19 = f3 * (int64_t) g8_19;
- int64_t f3g9_38 = f3_2 * (int64_t) g9_19;
- int64_t f4g0 = f4 * (int64_t) g0;
- int64_t f4g1 = f4 * (int64_t) g1;
- int64_t f4g2 = f4 * (int64_t) g2;
- int64_t f4g3 = f4 * (int64_t) g3;
- int64_t f4g4 = f4 * (int64_t) g4;
- int64_t f4g5 = f4 * (int64_t) g5;
- int64_t f4g6_19 = f4 * (int64_t) g6_19;
- int64_t f4g7_19 = f4 * (int64_t) g7_19;
- int64_t f4g8_19 = f4 * (int64_t) g8_19;
- int64_t f4g9_19 = f4 * (int64_t) g9_19;
- int64_t f5g0 = f5 * (int64_t) g0;
- int64_t f5g1_2 = f5_2 * (int64_t) g1;
- int64_t f5g2 = f5 * (int64_t) g2;
- int64_t f5g3_2 = f5_2 * (int64_t) g3;
- int64_t f5g4 = f5 * (int64_t) g4;
- int64_t f5g5_38 = f5_2 * (int64_t) g5_19;
- int64_t f5g6_19 = f5 * (int64_t) g6_19;
- int64_t f5g7_38 = f5_2 * (int64_t) g7_19;
- int64_t f5g8_19 = f5 * (int64_t) g8_19;
- int64_t f5g9_38 = f5_2 * (int64_t) g9_19;
- int64_t f6g0 = f6 * (int64_t) g0;
- int64_t f6g1 = f6 * (int64_t) g1;
- int64_t f6g2 = f6 * (int64_t) g2;
- int64_t f6g3 = f6 * (int64_t) g3;
- int64_t f6g4_19 = f6 * (int64_t) g4_19;
- int64_t f6g5_19 = f6 * (int64_t) g5_19;
- int64_t f6g6_19 = f6 * (int64_t) g6_19;
- int64_t f6g7_19 = f6 * (int64_t) g7_19;
- int64_t f6g8_19 = f6 * (int64_t) g8_19;
- int64_t f6g9_19 = f6 * (int64_t) g9_19;
- int64_t f7g0 = f7 * (int64_t) g0;
- int64_t f7g1_2 = f7_2 * (int64_t) g1;
- int64_t f7g2 = f7 * (int64_t) g2;
- int64_t f7g3_38 = f7_2 * (int64_t) g3_19;
- int64_t f7g4_19 = f7 * (int64_t) g4_19;
- int64_t f7g5_38 = f7_2 * (int64_t) g5_19;
- int64_t f7g6_19 = f7 * (int64_t) g6_19;
- int64_t f7g7_38 = f7_2 * (int64_t) g7_19;
- int64_t f7g8_19 = f7 * (int64_t) g8_19;
- int64_t f7g9_38 = f7_2 * (int64_t) g9_19;
- int64_t f8g0 = f8 * (int64_t) g0;
- int64_t f8g1 = f8 * (int64_t) g1;
- int64_t f8g2_19 = f8 * (int64_t) g2_19;
- int64_t f8g3_19 = f8 * (int64_t) g3_19;
- int64_t f8g4_19 = f8 * (int64_t) g4_19;
- int64_t f8g5_19 = f8 * (int64_t) g5_19;
- int64_t f8g6_19 = f8 * (int64_t) g6_19;
- int64_t f8g7_19 = f8 * (int64_t) g7_19;
- int64_t f8g8_19 = f8 * (int64_t) g8_19;
- int64_t f8g9_19 = f8 * (int64_t) g9_19;
- int64_t f9g0 = f9 * (int64_t) g0;
- int64_t f9g1_38 = f9_2 * (int64_t) g1_19;
- int64_t f9g2_19 = f9 * (int64_t) g2_19;
- int64_t f9g3_38 = f9_2 * (int64_t) g3_19;
- int64_t f9g4_19 = f9 * (int64_t) g4_19;
- int64_t f9g5_38 = f9_2 * (int64_t) g5_19;
- int64_t f9g6_19 = f9 * (int64_t) g6_19;
- int64_t f9g7_38 = f9_2 * (int64_t) g7_19;
- int64_t f9g8_19 = f9 * (int64_t) g8_19;
- int64_t f9g9_38 = f9_2 * (int64_t) g9_19;
-
- int64_t h0 = f0g0 + f1g9_38 + f2g8_19 + f3g7_38 + f4g6_19 + f5g5_38 +
- f6g4_19 + f7g3_38 + f8g2_19 + f9g1_38;
- int64_t h1 = f0g1 + f1g0 + f2g9_19 + f3g8_19 + f4g7_19 + f5g6_19 + f6g5_19 +
- f7g4_19 + f8g3_19 + f9g2_19;
- int64_t h2 = f0g2 + f1g1_2 + f2g0 + f3g9_38 + f4g8_19 + f5g7_38 + f6g6_19 +
- f7g5_38 + f8g4_19 + f9g3_38;
- int64_t h3 = f0g3 + f1g2 + f2g1 + f3g0 + f4g9_19 + f5g8_19 + f6g7_19 +
- f7g6_19 + f8g5_19 + f9g4_19;
- int64_t h4 = f0g4 + f1g3_2 + f2g2 + f3g1_2 + f4g0 + f5g9_38 + f6g8_19 +
- f7g7_38 + f8g6_19 + f9g5_38;
- int64_t h5 = f0g5 + f1g4 + f2g3 + f3g2 + f4g1 + f5g0 + f6g9_19 + f7g8_19 +
- f8g7_19 + f9g6_19;
- int64_t h6 = f0g6 + f1g5_2 + f2g4 + f3g3_2 + f4g2 + f5g1_2 + f6g0 +
- f7g9_38 + f8g8_19 + f9g7_38;
- int64_t h7 = f0g7 + f1g6 + f2g5 + f3g4 + f4g3 + f5g2 + f6g1 + f7g0 +
- f8g9_19 + f9g8_19;
- int64_t h8 = f0g8 + f1g7_2 + f2g6 + f3g5_2 + f4g4 + f5g3_2 + f6g2 + f7g1_2 +
- f8g0 + f9g9_38;
- int64_t h9 =
- f0g9 + f1g8 + f2g7 + f3g6 + f4g5 + f5g4 + f6g3 + f7g2 + f8g1 + f9g0;
-
- int64_t carry0;
- int64_t carry1;
- int64_t carry2;
- int64_t carry3;
- int64_t carry4;
- int64_t carry5;
- int64_t carry6;
- int64_t carry7;
- int64_t carry8;
- int64_t carry9;
-
- /*
- |h0| <= (1.65*1.65*2^52*(1+19+19+19+19)+1.65*1.65*2^50*(38+38+38+38+38))
- i.e. |h0| <= 1.4*2^60; narrower ranges for h2, h4, h6, h8
- |h1| <= (1.65*1.65*2^51*(1+1+19+19+19+19+19+19+19+19))
- i.e. |h1| <= 1.7*2^59; narrower ranges for h3, h5, h7, h9
- */
-
- carry0 = (h0 + (int64_t)(1L << 25)) >> 26;
- h1 += carry0;
- h0 -= carry0 * ((uint64_t) 1L << 26);
- carry4 = (h4 + (int64_t)(1L << 25)) >> 26;
- h5 += carry4;
- h4 -= carry4 * ((uint64_t) 1L << 26);
- /* |h0| <= 2^25 */
- /* |h4| <= 2^25 */
- /* |h1| <= 1.71*2^59 */
- /* |h5| <= 1.71*2^59 */
-
- carry1 = (h1 + (int64_t)(1L << 24)) >> 25;
- h2 += carry1;
- h1 -= carry1 * ((uint64_t) 1L << 25);
- carry5 = (h5 + (int64_t)(1L << 24)) >> 25;
- h6 += carry5;
- h5 -= carry5 * ((uint64_t) 1L << 25);
- /* |h1| <= 2^24; from now on fits into int32 */
- /* |h5| <= 2^24; from now on fits into int32 */
- /* |h2| <= 1.41*2^60 */
- /* |h6| <= 1.41*2^60 */
-
- carry2 = (h2 + (int64_t)(1L << 25)) >> 26;
- h3 += carry2;
- h2 -= carry2 * ((uint64_t) 1L << 26);
- carry6 = (h6 + (int64_t)(1L << 25)) >> 26;
- h7 += carry6;
- h6 -= carry6 * ((uint64_t) 1L << 26);
- /* |h2| <= 2^25; from now on fits into int32 unchanged */
- /* |h6| <= 2^25; from now on fits into int32 unchanged */
- /* |h3| <= 1.71*2^59 */
- /* |h7| <= 1.71*2^59 */
-
- carry3 = (h3 + (int64_t)(1L << 24)) >> 25;
- h4 += carry3;
- h3 -= carry3 * ((uint64_t) 1L << 25);
- carry7 = (h7 + (int64_t)(1L << 24)) >> 25;
- h8 += carry7;
- h7 -= carry7 * ((uint64_t) 1L << 25);
- /* |h3| <= 2^24; from now on fits into int32 unchanged */
- /* |h7| <= 2^24; from now on fits into int32 unchanged */
- /* |h4| <= 1.72*2^34 */
- /* |h8| <= 1.41*2^60 */
-
- carry4 = (h4 + (int64_t)(1L << 25)) >> 26;
- h5 += carry4;
- h4 -= carry4 * ((uint64_t) 1L << 26);
- carry8 = (h8 + (int64_t)(1L << 25)) >> 26;
- h9 += carry8;
- h8 -= carry8 * ((uint64_t) 1L << 26);
- /* |h4| <= 2^25; from now on fits into int32 unchanged */
- /* |h8| <= 2^25; from now on fits into int32 unchanged */
- /* |h5| <= 1.01*2^24 */
- /* |h9| <= 1.71*2^59 */
-
- carry9 = (h9 + (int64_t)(1L << 24)) >> 25;
- h0 += carry9 * 19;
- h9 -= carry9 * ((uint64_t) 1L << 25);
- /* |h9| <= 2^24; from now on fits into int32 unchanged */
- /* |h0| <= 1.1*2^39 */
-
- carry0 = (h0 + (int64_t)(1L << 25)) >> 26;
- h1 += carry0;
- h0 -= carry0 * ((uint64_t) 1L << 26);
- /* |h0| <= 2^25; from now on fits into int32 unchanged */
- /* |h1| <= 1.01*2^24 */
-
- h[0] = (int32_t) h0;
- h[1] = (int32_t) h1;
- h[2] = (int32_t) h2;
- h[3] = (int32_t) h3;
- h[4] = (int32_t) h4;
- h[5] = (int32_t) h5;
- h[6] = (int32_t) h6;
- h[7] = (int32_t) h7;
- h[8] = (int32_t) h8;
- h[9] = (int32_t) h9;
-}
-
-/*
- h = f * f
- Can overlap h with f.
- *
- Preconditions:
- |f| bounded by 1.65*2^26,1.65*2^25,1.65*2^26,1.65*2^25,etc.
- *
- Postconditions:
- |h| bounded by 1.01*2^25,1.01*2^24,1.01*2^25,1.01*2^24,etc.
- */
-
-static void
-fe25519_sq(fe25519 h, const fe25519 f)
-{
- int32_t f0 = f[0];
- int32_t f1 = f[1];
- int32_t f2 = f[2];
- int32_t f3 = f[3];
- int32_t f4 = f[4];
- int32_t f5 = f[5];
- int32_t f6 = f[6];
- int32_t f7 = f[7];
- int32_t f8 = f[8];
- int32_t f9 = f[9];
-
- int32_t f0_2 = 2 * f0;
- int32_t f1_2 = 2 * f1;
- int32_t f2_2 = 2 * f2;
- int32_t f3_2 = 2 * f3;
- int32_t f4_2 = 2 * f4;
- int32_t f5_2 = 2 * f5;
- int32_t f6_2 = 2 * f6;
- int32_t f7_2 = 2 * f7;
- int32_t f5_38 = 38 * f5; /* 1.959375*2^30 */
- int32_t f6_19 = 19 * f6; /* 1.959375*2^30 */
- int32_t f7_38 = 38 * f7; /* 1.959375*2^30 */
- int32_t f8_19 = 19 * f8; /* 1.959375*2^30 */
- int32_t f9_38 = 38 * f9; /* 1.959375*2^30 */
-
- int64_t f0f0 = f0 * (int64_t) f0;
- int64_t f0f1_2 = f0_2 * (int64_t) f1;
- int64_t f0f2_2 = f0_2 * (int64_t) f2;
- int64_t f0f3_2 = f0_2 * (int64_t) f3;
- int64_t f0f4_2 = f0_2 * (int64_t) f4;
- int64_t f0f5_2 = f0_2 * (int64_t) f5;
- int64_t f0f6_2 = f0_2 * (int64_t) f6;
- int64_t f0f7_2 = f0_2 * (int64_t) f7;
- int64_t f0f8_2 = f0_2 * (int64_t) f8;
- int64_t f0f9_2 = f0_2 * (int64_t) f9;
- int64_t f1f1_2 = f1_2 * (int64_t) f1;
- int64_t f1f2_2 = f1_2 * (int64_t) f2;
- int64_t f1f3_4 = f1_2 * (int64_t) f3_2;
- int64_t f1f4_2 = f1_2 * (int64_t) f4;
- int64_t f1f5_4 = f1_2 * (int64_t) f5_2;
- int64_t f1f6_2 = f1_2 * (int64_t) f6;
- int64_t f1f7_4 = f1_2 * (int64_t) f7_2;
- int64_t f1f8_2 = f1_2 * (int64_t) f8;
- int64_t f1f9_76 = f1_2 * (int64_t) f9_38;
- int64_t f2f2 = f2 * (int64_t) f2;
- int64_t f2f3_2 = f2_2 * (int64_t) f3;
- int64_t f2f4_2 = f2_2 * (int64_t) f4;
- int64_t f2f5_2 = f2_2 * (int64_t) f5;
- int64_t f2f6_2 = f2_2 * (int64_t) f6;
- int64_t f2f7_2 = f2_2 * (int64_t) f7;
- int64_t f2f8_38 = f2_2 * (int64_t) f8_19;
- int64_t f2f9_38 = f2 * (int64_t) f9_38;
- int64_t f3f3_2 = f3_2 * (int64_t) f3;
- int64_t f3f4_2 = f3_2 * (int64_t) f4;
- int64_t f3f5_4 = f3_2 * (int64_t) f5_2;
- int64_t f3f6_2 = f3_2 * (int64_t) f6;
- int64_t f3f7_76 = f3_2 * (int64_t) f7_38;
- int64_t f3f8_38 = f3_2 * (int64_t) f8_19;
- int64_t f3f9_76 = f3_2 * (int64_t) f9_38;
- int64_t f4f4 = f4 * (int64_t) f4;
- int64_t f4f5_2 = f4_2 * (int64_t) f5;
- int64_t f4f6_38 = f4_2 * (int64_t) f6_19;
- int64_t f4f7_38 = f4 * (int64_t) f7_38;
- int64_t f4f8_38 = f4_2 * (int64_t) f8_19;
- int64_t f4f9_38 = f4 * (int64_t) f9_38;
- int64_t f5f5_38 = f5 * (int64_t) f5_38;
- int64_t f5f6_38 = f5_2 * (int64_t) f6_19;
- int64_t f5f7_76 = f5_2 * (int64_t) f7_38;
- int64_t f5f8_38 = f5_2 * (int64_t) f8_19;
- int64_t f5f9_76 = f5_2 * (int64_t) f9_38;
- int64_t f6f6_19 = f6 * (int64_t) f6_19;
- int64_t f6f7_38 = f6 * (int64_t) f7_38;
- int64_t f6f8_38 = f6_2 * (int64_t) f8_19;
- int64_t f6f9_38 = f6 * (int64_t) f9_38;
- int64_t f7f7_38 = f7 * (int64_t) f7_38;
- int64_t f7f8_38 = f7_2 * (int64_t) f8_19;
- int64_t f7f9_76 = f7_2 * (int64_t) f9_38;
- int64_t f8f8_19 = f8 * (int64_t) f8_19;
- int64_t f8f9_38 = f8 * (int64_t) f9_38;
- int64_t f9f9_38 = f9 * (int64_t) f9_38;
-
- int64_t h0 = f0f0 + f1f9_76 + f2f8_38 + f3f7_76 + f4f6_38 + f5f5_38;
- int64_t h1 = f0f1_2 + f2f9_38 + f3f8_38 + f4f7_38 + f5f6_38;
- int64_t h2 = f0f2_2 + f1f1_2 + f3f9_76 + f4f8_38 + f5f7_76 + f6f6_19;
- int64_t h3 = f0f3_2 + f1f2_2 + f4f9_38 + f5f8_38 + f6f7_38;
- int64_t h4 = f0f4_2 + f1f3_4 + f2f2 + f5f9_76 + f6f8_38 + f7f7_38;
- int64_t h5 = f0f5_2 + f1f4_2 + f2f3_2 + f6f9_38 + f7f8_38;
- int64_t h6 = f0f6_2 + f1f5_4 + f2f4_2 + f3f3_2 + f7f9_76 + f8f8_19;
- int64_t h7 = f0f7_2 + f1f6_2 + f2f5_2 + f3f4_2 + f8f9_38;
- int64_t h8 = f0f8_2 + f1f7_4 + f2f6_2 + f3f5_4 + f4f4 + f9f9_38;
- int64_t h9 = f0f9_2 + f1f8_2 + f2f7_2 + f3f6_2 + f4f5_2;
-
- int64_t carry0;
- int64_t carry1;
- int64_t carry2;
- int64_t carry3;
- int64_t carry4;
- int64_t carry5;
- int64_t carry6;
- int64_t carry7;
- int64_t carry8;
- int64_t carry9;
-
- carry0 = (h0 + (int64_t)(1L << 25)) >> 26;
- h1 += carry0;
- h0 -= carry0 * ((uint64_t) 1L << 26);
- carry4 = (h4 + (int64_t)(1L << 25)) >> 26;
- h5 += carry4;
- h4 -= carry4 * ((uint64_t) 1L << 26);
-
- carry1 = (h1 + (int64_t)(1L << 24)) >> 25;
- h2 += carry1;
- h1 -= carry1 * ((uint64_t) 1L << 25);
- carry5 = (h5 + (int64_t)(1L << 24)) >> 25;
- h6 += carry5;
- h5 -= carry5 * ((uint64_t) 1L << 25);
-
- carry2 = (h2 + (int64_t)(1L << 25)) >> 26;
- h3 += carry2;
- h2 -= carry2 * ((uint64_t) 1L << 26);
- carry6 = (h6 + (int64_t)(1L << 25)) >> 26;
- h7 += carry6;
- h6 -= carry6 * ((uint64_t) 1L << 26);
-
- carry3 = (h3 + (int64_t)(1L << 24)) >> 25;
- h4 += carry3;
- h3 -= carry3 * ((uint64_t) 1L << 25);
- carry7 = (h7 + (int64_t)(1L << 24)) >> 25;
- h8 += carry7;
- h7 -= carry7 * ((uint64_t) 1L << 25);
-
- carry4 = (h4 + (int64_t)(1L << 25)) >> 26;
- h5 += carry4;
- h4 -= carry4 * ((uint64_t) 1L << 26);
- carry8 = (h8 + (int64_t)(1L << 25)) >> 26;
- h9 += carry8;
- h8 -= carry8 * ((uint64_t) 1L << 26);
-
- carry9 = (h9 + (int64_t)(1L << 24)) >> 25;
- h0 += carry9 * 19;
- h9 -= carry9 * ((uint64_t) 1L << 25);
-
- carry0 = (h0 + (int64_t)(1L << 25)) >> 26;
- h1 += carry0;
- h0 -= carry0 * ((uint64_t) 1L << 26);
-
- h[0] = (int32_t) h0;
- h[1] = (int32_t) h1;
- h[2] = (int32_t) h2;
- h[3] = (int32_t) h3;
- h[4] = (int32_t) h4;
- h[5] = (int32_t) h5;
- h[6] = (int32_t) h6;
- h[7] = (int32_t) h7;
- h[8] = (int32_t) h8;
- h[9] = (int32_t) h9;
-}
-
-/*
- h = 2 * f * f
- Can overlap h with f.
- *
- Preconditions:
- |f| bounded by 1.65*2^26,1.65*2^25,1.65*2^26,1.65*2^25,etc.
- *
- Postconditions:
- |h| bounded by 1.01*2^25,1.01*2^24,1.01*2^25,1.01*2^24,etc.
- */
-
-static void
-fe25519_sq2(fe25519 h, const fe25519 f)
-{
- int32_t f0 = f[0];
- int32_t f1 = f[1];
- int32_t f2 = f[2];
- int32_t f3 = f[3];
- int32_t f4 = f[4];
- int32_t f5 = f[5];
- int32_t f6 = f[6];
- int32_t f7 = f[7];
- int32_t f8 = f[8];
- int32_t f9 = f[9];
-
- int32_t f0_2 = 2 * f0;
- int32_t f1_2 = 2 * f1;
- int32_t f2_2 = 2 * f2;
- int32_t f3_2 = 2 * f3;
- int32_t f4_2 = 2 * f4;
- int32_t f5_2 = 2 * f5;
- int32_t f6_2 = 2 * f6;
- int32_t f7_2 = 2 * f7;
- int32_t f5_38 = 38 * f5; /* 1.959375*2^30 */
- int32_t f6_19 = 19 * f6; /* 1.959375*2^30 */
- int32_t f7_38 = 38 * f7; /* 1.959375*2^30 */
- int32_t f8_19 = 19 * f8; /* 1.959375*2^30 */
- int32_t f9_38 = 38 * f9; /* 1.959375*2^30 */
-
- int64_t f0f0 = f0 * (int64_t) f0;
- int64_t f0f1_2 = f0_2 * (int64_t) f1;
- int64_t f0f2_2 = f0_2 * (int64_t) f2;
- int64_t f0f3_2 = f0_2 * (int64_t) f3;
- int64_t f0f4_2 = f0_2 * (int64_t) f4;
- int64_t f0f5_2 = f0_2 * (int64_t) f5;
- int64_t f0f6_2 = f0_2 * (int64_t) f6;
- int64_t f0f7_2 = f0_2 * (int64_t) f7;
- int64_t f0f8_2 = f0_2 * (int64_t) f8;
- int64_t f0f9_2 = f0_2 * (int64_t) f9;
- int64_t f1f1_2 = f1_2 * (int64_t) f1;
- int64_t f1f2_2 = f1_2 * (int64_t) f2;
- int64_t f1f3_4 = f1_2 * (int64_t) f3_2;
- int64_t f1f4_2 = f1_2 * (int64_t) f4;
- int64_t f1f5_4 = f1_2 * (int64_t) f5_2;
- int64_t f1f6_2 = f1_2 * (int64_t) f6;
- int64_t f1f7_4 = f1_2 * (int64_t) f7_2;
- int64_t f1f8_2 = f1_2 * (int64_t) f8;
- int64_t f1f9_76 = f1_2 * (int64_t) f9_38;
- int64_t f2f2 = f2 * (int64_t) f2;
- int64_t f2f3_2 = f2_2 * (int64_t) f3;
- int64_t f2f4_2 = f2_2 * (int64_t) f4;
- int64_t f2f5_2 = f2_2 * (int64_t) f5;
- int64_t f2f6_2 = f2_2 * (int64_t) f6;
- int64_t f2f7_2 = f2_2 * (int64_t) f7;
- int64_t f2f8_38 = f2_2 * (int64_t) f8_19;
- int64_t f2f9_38 = f2 * (int64_t) f9_38;
- int64_t f3f3_2 = f3_2 * (int64_t) f3;
- int64_t f3f4_2 = f3_2 * (int64_t) f4;
- int64_t f3f5_4 = f3_2 * (int64_t) f5_2;
- int64_t f3f6_2 = f3_2 * (int64_t) f6;
- int64_t f3f7_76 = f3_2 * (int64_t) f7_38;
- int64_t f3f8_38 = f3_2 * (int64_t) f8_19;
- int64_t f3f9_76 = f3_2 * (int64_t) f9_38;
- int64_t f4f4 = f4 * (int64_t) f4;
- int64_t f4f5_2 = f4_2 * (int64_t) f5;
- int64_t f4f6_38 = f4_2 * (int64_t) f6_19;
- int64_t f4f7_38 = f4 * (int64_t) f7_38;
- int64_t f4f8_38 = f4_2 * (int64_t) f8_19;
- int64_t f4f9_38 = f4 * (int64_t) f9_38;
- int64_t f5f5_38 = f5 * (int64_t) f5_38;
- int64_t f5f6_38 = f5_2 * (int64_t) f6_19;
- int64_t f5f7_76 = f5_2 * (int64_t) f7_38;
- int64_t f5f8_38 = f5_2 * (int64_t) f8_19;
- int64_t f5f9_76 = f5_2 * (int64_t) f9_38;
- int64_t f6f6_19 = f6 * (int64_t) f6_19;
- int64_t f6f7_38 = f6 * (int64_t) f7_38;
- int64_t f6f8_38 = f6_2 * (int64_t) f8_19;
- int64_t f6f9_38 = f6 * (int64_t) f9_38;
- int64_t f7f7_38 = f7 * (int64_t) f7_38;
- int64_t f7f8_38 = f7_2 * (int64_t) f8_19;
- int64_t f7f9_76 = f7_2 * (int64_t) f9_38;
- int64_t f8f8_19 = f8 * (int64_t) f8_19;
- int64_t f8f9_38 = f8 * (int64_t) f9_38;
- int64_t f9f9_38 = f9 * (int64_t) f9_38;
-
- int64_t h0 = f0f0 + f1f9_76 + f2f8_38 + f3f7_76 + f4f6_38 + f5f5_38;
- int64_t h1 = f0f1_2 + f2f9_38 + f3f8_38 + f4f7_38 + f5f6_38;
- int64_t h2 = f0f2_2 + f1f1_2 + f3f9_76 + f4f8_38 + f5f7_76 + f6f6_19;
- int64_t h3 = f0f3_2 + f1f2_2 + f4f9_38 + f5f8_38 + f6f7_38;
- int64_t h4 = f0f4_2 + f1f3_4 + f2f2 + f5f9_76 + f6f8_38 + f7f7_38;
- int64_t h5 = f0f5_2 + f1f4_2 + f2f3_2 + f6f9_38 + f7f8_38;
- int64_t h6 = f0f6_2 + f1f5_4 + f2f4_2 + f3f3_2 + f7f9_76 + f8f8_19;
- int64_t h7 = f0f7_2 + f1f6_2 + f2f5_2 + f3f4_2 + f8f9_38;
- int64_t h8 = f0f8_2 + f1f7_4 + f2f6_2 + f3f5_4 + f4f4 + f9f9_38;
- int64_t h9 = f0f9_2 + f1f8_2 + f2f7_2 + f3f6_2 + f4f5_2;
-
- int64_t carry0;
- int64_t carry1;
- int64_t carry2;
- int64_t carry3;
- int64_t carry4;
- int64_t carry5;
- int64_t carry6;
- int64_t carry7;
- int64_t carry8;
- int64_t carry9;
-
- h0 += h0;
- h1 += h1;
- h2 += h2;
- h3 += h3;
- h4 += h4;
- h5 += h5;
- h6 += h6;
- h7 += h7;
- h8 += h8;
- h9 += h9;
-
- carry0 = (h0 + (int64_t)(1L << 25)) >> 26;
- h1 += carry0;
- h0 -= carry0 * ((uint64_t) 1L << 26);
- carry4 = (h4 + (int64_t)(1L << 25)) >> 26;
- h5 += carry4;
- h4 -= carry4 * ((uint64_t) 1L << 26);
-
- carry1 = (h1 + (int64_t)(1L << 24)) >> 25;
- h2 += carry1;
- h1 -= carry1 * ((uint64_t) 1L << 25);
- carry5 = (h5 + (int64_t)(1L << 24)) >> 25;
- h6 += carry5;
- h5 -= carry5 * ((uint64_t) 1L << 25);
-
- carry2 = (h2 + (int64_t)(1L << 25)) >> 26;
- h3 += carry2;
- h2 -= carry2 * ((uint64_t) 1L << 26);
- carry6 = (h6 + (int64_t)(1L << 25)) >> 26;
- h7 += carry6;
- h6 -= carry6 * ((uint64_t) 1L << 26);
-
- carry3 = (h3 + (int64_t)(1L << 24)) >> 25;
- h4 += carry3;
- h3 -= carry3 * ((uint64_t) 1L << 25);
- carry7 = (h7 + (int64_t)(1L << 24)) >> 25;
- h8 += carry7;
- h7 -= carry7 * ((uint64_t) 1L << 25);
-
- carry4 = (h4 + (int64_t)(1L << 25)) >> 26;
- h5 += carry4;
- h4 -= carry4 * ((uint64_t) 1L << 26);
- carry8 = (h8 + (int64_t)(1L << 25)) >> 26;
- h9 += carry8;
- h8 -= carry8 * ((uint64_t) 1L << 26);
-
- carry9 = (h9 + (int64_t)(1L << 24)) >> 25;
- h0 += carry9 * 19;
- h9 -= carry9 * ((uint64_t) 1L << 25);
-
- carry0 = (h0 + (int64_t)(1L << 25)) >> 26;
- h1 += carry0;
- h0 -= carry0 * ((uint64_t) 1L << 26);
-
- h[0] = (int32_t) h0;
- h[1] = (int32_t) h1;
- h[2] = (int32_t) h2;
- h[3] = (int32_t) h3;
- h[4] = (int32_t) h4;
- h[5] = (int32_t) h5;
- h[6] = (int32_t) h6;
- h[7] = (int32_t) h7;
- h[8] = (int32_t) h8;
- h[9] = (int32_t) h9;
-}
-
-static void
-fe25519_scalar_product(fe25519 h, const fe25519 f, uint32_t n)
-{
- int64_t sn = (int64_t) n;
- int32_t f0 = f[0];
- int32_t f1 = f[1];
- int32_t f2 = f[2];
- int32_t f3 = f[3];
- int32_t f4 = f[4];
- int32_t f5 = f[5];
- int32_t f6 = f[6];
- int32_t f7 = f[7];
- int32_t f8 = f[8];
- int32_t f9 = f[9];
- int64_t h0 = f0 * sn;
- int64_t h1 = f1 * sn;
- int64_t h2 = f2 * sn;
- int64_t h3 = f3 * sn;
- int64_t h4 = f4 * sn;
- int64_t h5 = f5 * sn;
- int64_t h6 = f6 * sn;
- int64_t h7 = f7 * sn;
- int64_t h8 = f8 * sn;
- int64_t h9 = f9 * sn;
- int64_t carry0, carry1, carry2, carry3, carry4, carry5, carry6, carry7,
- carry8, carry9;
-
- carry9 = (h9 + ((int64_t) 1 << 24)) >> 25;
- h0 += carry9 * 19;
- h9 -= carry9 * ((int64_t) 1 << 25);
- carry1 = (h1 + ((int64_t) 1 << 24)) >> 25;
- h2 += carry1;
- h1 -= carry1 * ((int64_t) 1 << 25);
- carry3 = (h3 + ((int64_t) 1 << 24)) >> 25;
- h4 += carry3;
- h3 -= carry3 * ((int64_t) 1 << 25);
- carry5 = (h5 + ((int64_t) 1 << 24)) >> 25;
- h6 += carry5;
- h5 -= carry5 * ((int64_t) 1 << 25);
- carry7 = (h7 + ((int64_t) 1 << 24)) >> 25;
- h8 += carry7;
- h7 -= carry7 * ((int64_t) 1 << 25);
-
- carry0 = (h0 + ((int64_t) 1 << 25)) >> 26;
- h1 += carry0;
- h0 -= carry0 * ((int64_t) 1 << 26);
- carry2 = (h2 + ((int64_t) 1 << 25)) >> 26;
- h3 += carry2;
- h2 -= carry2 * ((int64_t) 1 << 26);
- carry4 = (h4 + ((int64_t) 1 << 25)) >> 26;
- h5 += carry4;
- h4 -= carry4 * ((int64_t) 1 << 26);
- carry6 = (h6 + ((int64_t) 1 << 25)) >> 26;
- h7 += carry6;
- h6 -= carry6 * ((int64_t) 1 << 26);
- carry8 = (h8 + ((int64_t) 1 << 25)) >> 26;
- h9 += carry8;
- h8 -= carry8 * ((int64_t) 1 << 26);
-
- h[0] = (int32_t) h0;
- h[1] = (int32_t) h1;
- h[2] = (int32_t) h2;
- h[3] = (int32_t) h3;
- h[4] = (int32_t) h4;
- h[5] = (int32_t) h5;
- h[6] = (int32_t) h6;
- h[7] = (int32_t) h7;
- h[8] = (int32_t) h8;
- h[9] = (int32_t) h9;
-}
+#include <string.h>
+
+#include "private/common.h"
+#include "utils.h"
+
+/*
+ h = 0
+ */
+
+static inline void
+fe25519_0(fe25519 h)
+{
+ memset(&h[0], 0, 10 * sizeof h[0]);
+}
+
+/*
+ h = 1
+ */
+
+static inline void
+fe25519_1(fe25519 h)
+{
+ h[0] = 1;
+ h[1] = 0;
+ memset(&h[2], 0, 8 * sizeof h[0]);
+}
+
+/*
+ h = f + g
+ Can overlap h with f or g.
+ *
+ Preconditions:
+ |f| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
+ |g| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
+ *
+ Postconditions:
+ |h| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
+ */
+
+static inline void
+fe25519_add(fe25519 h, const fe25519 f, const fe25519 g)
+{
+ int32_t h0 = f[0] + g[0];
+ int32_t h1 = f[1] + g[1];
+ int32_t h2 = f[2] + g[2];
+ int32_t h3 = f[3] + g[3];
+ int32_t h4 = f[4] + g[4];
+ int32_t h5 = f[5] + g[5];
+ int32_t h6 = f[6] + g[6];
+ int32_t h7 = f[7] + g[7];
+ int32_t h8 = f[8] + g[8];
+ int32_t h9 = f[9] + g[9];
+
+ h[0] = h0;
+ h[1] = h1;
+ h[2] = h2;
+ h[3] = h3;
+ h[4] = h4;
+ h[5] = h5;
+ h[6] = h6;
+ h[7] = h7;
+ h[8] = h8;
+ h[9] = h9;
+}
+
+/*
+ h = f - g
+ Can overlap h with f or g.
+ *
+ Preconditions:
+ |f| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
+ |g| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
+ *
+ Postconditions:
+ |h| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
+ */
+
+static void
+fe25519_sub(fe25519 h, const fe25519 f, const fe25519 g)
+{
+ int32_t h0 = f[0] - g[0];
+ int32_t h1 = f[1] - g[1];
+ int32_t h2 = f[2] - g[2];
+ int32_t h3 = f[3] - g[3];
+ int32_t h4 = f[4] - g[4];
+ int32_t h5 = f[5] - g[5];
+ int32_t h6 = f[6] - g[6];
+ int32_t h7 = f[7] - g[7];
+ int32_t h8 = f[8] - g[8];
+ int32_t h9 = f[9] - g[9];
+
+ h[0] = h0;
+ h[1] = h1;
+ h[2] = h2;
+ h[3] = h3;
+ h[4] = h4;
+ h[5] = h5;
+ h[6] = h6;
+ h[7] = h7;
+ h[8] = h8;
+ h[9] = h9;
+}
+
+/*
+ h = -f
+ *
+ Preconditions:
+ |f| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
+ *
+ Postconditions:
+ |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
+ */
+
+static inline void
+fe25519_neg(fe25519 h, const fe25519 f)
+{
+ int32_t h0 = -f[0];
+ int32_t h1 = -f[1];
+ int32_t h2 = -f[2];
+ int32_t h3 = -f[3];
+ int32_t h4 = -f[4];
+ int32_t h5 = -f[5];
+ int32_t h6 = -f[6];
+ int32_t h7 = -f[7];
+ int32_t h8 = -f[8];
+ int32_t h9 = -f[9];
+
+ h[0] = h0;
+ h[1] = h1;
+ h[2] = h2;
+ h[3] = h3;
+ h[4] = h4;
+ h[5] = h5;
+ h[6] = h6;
+ h[7] = h7;
+ h[8] = h8;
+ h[9] = h9;
+}
+
+/*
+ Replace (f,g) with (g,g) if b == 1;
+ replace (f,g) with (f,g) if b == 0.
+ *
+ Preconditions: b in {0,1}.
+ */
+
+static void
+fe25519_cmov(fe25519 f, const fe25519 g, unsigned int b)
+{
+ const uint32_t mask = (uint32_t) (-(int32_t) b);
+
+ int32_t f0 = f[0];
+ int32_t f1 = f[1];
+ int32_t f2 = f[2];
+ int32_t f3 = f[3];
+ int32_t f4 = f[4];
+ int32_t f5 = f[5];
+ int32_t f6 = f[6];
+ int32_t f7 = f[7];
+ int32_t f8 = f[8];
+ int32_t f9 = f[9];
+
+ int32_t x0 = f0 ^ g[0];
+ int32_t x1 = f1 ^ g[1];
+ int32_t x2 = f2 ^ g[2];
+ int32_t x3 = f3 ^ g[3];
+ int32_t x4 = f4 ^ g[4];
+ int32_t x5 = f5 ^ g[5];
+ int32_t x6 = f6 ^ g[6];
+ int32_t x7 = f7 ^ g[7];
+ int32_t x8 = f8 ^ g[8];
+ int32_t x9 = f9 ^ g[9];
+
+ x0 &= mask;
+ x1 &= mask;
+ x2 &= mask;
+ x3 &= mask;
+ x4 &= mask;
+ x5 &= mask;
+ x6 &= mask;
+ x7 &= mask;
+ x8 &= mask;
+ x9 &= mask;
+
+ f[0] = f0 ^ x0;
+ f[1] = f1 ^ x1;
+ f[2] = f2 ^ x2;
+ f[3] = f3 ^ x3;
+ f[4] = f4 ^ x4;
+ f[5] = f5 ^ x5;
+ f[6] = f6 ^ x6;
+ f[7] = f7 ^ x7;
+ f[8] = f8 ^ x8;
+ f[9] = f9 ^ x9;
+}
+
+static void
+fe25519_cswap(fe25519 f, fe25519 g, unsigned int b)
+{
+ const uint32_t mask = (uint32_t) (-(int64_t) b);
+
+ int32_t f0 = f[0];
+ int32_t f1 = f[1];
+ int32_t f2 = f[2];
+ int32_t f3 = f[3];
+ int32_t f4 = f[4];
+ int32_t f5 = f[5];
+ int32_t f6 = f[6];
+ int32_t f7 = f[7];
+ int32_t f8 = f[8];
+ int32_t f9 = f[9];
+
+ int32_t g0 = g[0];
+ int32_t g1 = g[1];
+ int32_t g2 = g[2];
+ int32_t g3 = g[3];
+ int32_t g4 = g[4];
+ int32_t g5 = g[5];
+ int32_t g6 = g[6];
+ int32_t g7 = g[7];
+ int32_t g8 = g[8];
+ int32_t g9 = g[9];
+
+ int32_t x0 = f0 ^ g0;
+ int32_t x1 = f1 ^ g1;
+ int32_t x2 = f2 ^ g2;
+ int32_t x3 = f3 ^ g3;
+ int32_t x4 = f4 ^ g4;
+ int32_t x5 = f5 ^ g5;
+ int32_t x6 = f6 ^ g6;
+ int32_t x7 = f7 ^ g7;
+ int32_t x8 = f8 ^ g8;
+ int32_t x9 = f9 ^ g9;
+
+ x0 &= mask;
+ x1 &= mask;
+ x2 &= mask;
+ x3 &= mask;
+ x4 &= mask;
+ x5 &= mask;
+ x6 &= mask;
+ x7 &= mask;
+ x8 &= mask;
+ x9 &= mask;
+
+ f[0] = f0 ^ x0;
+ f[1] = f1 ^ x1;
+ f[2] = f2 ^ x2;
+ f[3] = f3 ^ x3;
+ f[4] = f4 ^ x4;
+ f[5] = f5 ^ x5;
+ f[6] = f6 ^ x6;
+ f[7] = f7 ^ x7;
+ f[8] = f8 ^ x8;
+ f[9] = f9 ^ x9;
+
+ g[0] = g0 ^ x0;
+ g[1] = g1 ^ x1;
+ g[2] = g2 ^ x2;
+ g[3] = g3 ^ x3;
+ g[4] = g4 ^ x4;
+ g[5] = g5 ^ x5;
+ g[6] = g6 ^ x6;
+ g[7] = g7 ^ x7;
+ g[8] = g8 ^ x8;
+ g[9] = g9 ^ x9;
+}
+
+/*
+ h = f
+ */
+
+static inline void
+fe25519_copy(fe25519 h, const fe25519 f)
+{
+ int32_t f0 = f[0];
+ int32_t f1 = f[1];
+ int32_t f2 = f[2];
+ int32_t f3 = f[3];
+ int32_t f4 = f[4];
+ int32_t f5 = f[5];
+ int32_t f6 = f[6];
+ int32_t f7 = f[7];
+ int32_t f8 = f[8];
+ int32_t f9 = f[9];
+
+ h[0] = f0;
+ h[1] = f1;
+ h[2] = f2;
+ h[3] = f3;
+ h[4] = f4;
+ h[5] = f5;
+ h[6] = f6;
+ h[7] = f7;
+ h[8] = f8;
+ h[9] = f9;
+}
+
+/*
+ return 1 if f is in {1,3,5,...,q-2}
+ return 0 if f is in {0,2,4,...,q-1}
+
+ Preconditions:
+ |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
+ */
+
+static inline int
+fe25519_isnegative(const fe25519 f)
+{
+ unsigned char s[32];
+
+ fe25519_tobytes(s, f);
+
+ return s[0] & 1;
+}
+
+/*
+ return 1 if f == 0
+ return 0 if f != 0
+
+ Preconditions:
+ |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
+ */
+
+static inline int
+fe25519_iszero(const fe25519 f)
+{
+ unsigned char s[32];
+
+ fe25519_tobytes(s, f);
+
+ return sodium_is_zero(s, 32);
+}
+
+/*
+ h = f * g
+ Can overlap h with f or g.
+ *
+ Preconditions:
+ |f| bounded by 1.65*2^26,1.65*2^25,1.65*2^26,1.65*2^25,etc.
+ |g| bounded by 1.65*2^26,1.65*2^25,1.65*2^26,1.65*2^25,etc.
+ *
+ Postconditions:
+ |h| bounded by 1.01*2^25,1.01*2^24,1.01*2^25,1.01*2^24,etc.
+ */
+
+/*
+ Notes on implementation strategy:
+ *
+ Using schoolbook multiplication.
+ Karatsuba would save a little in some cost models.
+ *
+ Most multiplications by 2 and 19 are 32-bit precomputations;
+ cheaper than 64-bit postcomputations.
+ *
+ There is one remaining multiplication by 19 in the carry chain;
+ one *19 precomputation can be merged into this,
+ but the resulting data flow is considerably less clean.
+ *
+ There are 12 carries below.
+ 10 of them are 2-way parallelizable and vectorizable.
+ Can get away with 11 carries, but then data flow is much deeper.
+ *
+ With tighter constraints on inputs can squeeze carries into int32.
+ */
+
+static void
+fe25519_mul(fe25519 h, const fe25519 f, const fe25519 g)
+{
+ int32_t f0 = f[0];
+ int32_t f1 = f[1];
+ int32_t f2 = f[2];
+ int32_t f3 = f[3];
+ int32_t f4 = f[4];
+ int32_t f5 = f[5];
+ int32_t f6 = f[6];
+ int32_t f7 = f[7];
+ int32_t f8 = f[8];
+ int32_t f9 = f[9];
+
+ int32_t g0 = g[0];
+ int32_t g1 = g[1];
+ int32_t g2 = g[2];
+ int32_t g3 = g[3];
+ int32_t g4 = g[4];
+ int32_t g5 = g[5];
+ int32_t g6 = g[6];
+ int32_t g7 = g[7];
+ int32_t g8 = g[8];
+ int32_t g9 = g[9];
+
+ int32_t g1_19 = 19 * g1; /* 1.959375*2^29 */
+ int32_t g2_19 = 19 * g2; /* 1.959375*2^30; still ok */
+ int32_t g3_19 = 19 * g3;
+ int32_t g4_19 = 19 * g4;
+ int32_t g5_19 = 19 * g5;
+ int32_t g6_19 = 19 * g6;
+ int32_t g7_19 = 19 * g7;
+ int32_t g8_19 = 19 * g8;
+ int32_t g9_19 = 19 * g9;
+ int32_t f1_2 = 2 * f1;
+ int32_t f3_2 = 2 * f3;
+ int32_t f5_2 = 2 * f5;
+ int32_t f7_2 = 2 * f7;
+ int32_t f9_2 = 2 * f9;
+
+ int64_t f0g0 = f0 * (int64_t) g0;
+ int64_t f0g1 = f0 * (int64_t) g1;
+ int64_t f0g2 = f0 * (int64_t) g2;
+ int64_t f0g3 = f0 * (int64_t) g3;
+ int64_t f0g4 = f0 * (int64_t) g4;
+ int64_t f0g5 = f0 * (int64_t) g5;
+ int64_t f0g6 = f0 * (int64_t) g6;
+ int64_t f0g7 = f0 * (int64_t) g7;
+ int64_t f0g8 = f0 * (int64_t) g8;
+ int64_t f0g9 = f0 * (int64_t) g9;
+ int64_t f1g0 = f1 * (int64_t) g0;
+ int64_t f1g1_2 = f1_2 * (int64_t) g1;
+ int64_t f1g2 = f1 * (int64_t) g2;
+ int64_t f1g3_2 = f1_2 * (int64_t) g3;
+ int64_t f1g4 = f1 * (int64_t) g4;
+ int64_t f1g5_2 = f1_2 * (int64_t) g5;
+ int64_t f1g6 = f1 * (int64_t) g6;
+ int64_t f1g7_2 = f1_2 * (int64_t) g7;
+ int64_t f1g8 = f1 * (int64_t) g8;
+ int64_t f1g9_38 = f1_2 * (int64_t) g9_19;
+ int64_t f2g0 = f2 * (int64_t) g0;
+ int64_t f2g1 = f2 * (int64_t) g1;
+ int64_t f2g2 = f2 * (int64_t) g2;
+ int64_t f2g3 = f2 * (int64_t) g3;
+ int64_t f2g4 = f2 * (int64_t) g4;
+ int64_t f2g5 = f2 * (int64_t) g5;
+ int64_t f2g6 = f2 * (int64_t) g6;
+ int64_t f2g7 = f2 * (int64_t) g7;
+ int64_t f2g8_19 = f2 * (int64_t) g8_19;
+ int64_t f2g9_19 = f2 * (int64_t) g9_19;
+ int64_t f3g0 = f3 * (int64_t) g0;
+ int64_t f3g1_2 = f3_2 * (int64_t) g1;
+ int64_t f3g2 = f3 * (int64_t) g2;
+ int64_t f3g3_2 = f3_2 * (int64_t) g3;
+ int64_t f3g4 = f3 * (int64_t) g4;
+ int64_t f3g5_2 = f3_2 * (int64_t) g5;
+ int64_t f3g6 = f3 * (int64_t) g6;
+ int64_t f3g7_38 = f3_2 * (int64_t) g7_19;
+ int64_t f3g8_19 = f3 * (int64_t) g8_19;
+ int64_t f3g9_38 = f3_2 * (int64_t) g9_19;
+ int64_t f4g0 = f4 * (int64_t) g0;
+ int64_t f4g1 = f4 * (int64_t) g1;
+ int64_t f4g2 = f4 * (int64_t) g2;
+ int64_t f4g3 = f4 * (int64_t) g3;
+ int64_t f4g4 = f4 * (int64_t) g4;
+ int64_t f4g5 = f4 * (int64_t) g5;
+ int64_t f4g6_19 = f4 * (int64_t) g6_19;
+ int64_t f4g7_19 = f4 * (int64_t) g7_19;
+ int64_t f4g8_19 = f4 * (int64_t) g8_19;
+ int64_t f4g9_19 = f4 * (int64_t) g9_19;
+ int64_t f5g0 = f5 * (int64_t) g0;
+ int64_t f5g1_2 = f5_2 * (int64_t) g1;
+ int64_t f5g2 = f5 * (int64_t) g2;
+ int64_t f5g3_2 = f5_2 * (int64_t) g3;
+ int64_t f5g4 = f5 * (int64_t) g4;
+ int64_t f5g5_38 = f5_2 * (int64_t) g5_19;
+ int64_t f5g6_19 = f5 * (int64_t) g6_19;
+ int64_t f5g7_38 = f5_2 * (int64_t) g7_19;
+ int64_t f5g8_19 = f5 * (int64_t) g8_19;
+ int64_t f5g9_38 = f5_2 * (int64_t) g9_19;
+ int64_t f6g0 = f6 * (int64_t) g0;
+ int64_t f6g1 = f6 * (int64_t) g1;
+ int64_t f6g2 = f6 * (int64_t) g2;
+ int64_t f6g3 = f6 * (int64_t) g3;
+ int64_t f6g4_19 = f6 * (int64_t) g4_19;
+ int64_t f6g5_19 = f6 * (int64_t) g5_19;
+ int64_t f6g6_19 = f6 * (int64_t) g6_19;
+ int64_t f6g7_19 = f6 * (int64_t) g7_19;
+ int64_t f6g8_19 = f6 * (int64_t) g8_19;
+ int64_t f6g9_19 = f6 * (int64_t) g9_19;
+ int64_t f7g0 = f7 * (int64_t) g0;
+ int64_t f7g1_2 = f7_2 * (int64_t) g1;
+ int64_t f7g2 = f7 * (int64_t) g2;
+ int64_t f7g3_38 = f7_2 * (int64_t) g3_19;
+ int64_t f7g4_19 = f7 * (int64_t) g4_19;
+ int64_t f7g5_38 = f7_2 * (int64_t) g5_19;
+ int64_t f7g6_19 = f7 * (int64_t) g6_19;
+ int64_t f7g7_38 = f7_2 * (int64_t) g7_19;
+ int64_t f7g8_19 = f7 * (int64_t) g8_19;
+ int64_t f7g9_38 = f7_2 * (int64_t) g9_19;
+ int64_t f8g0 = f8 * (int64_t) g0;
+ int64_t f8g1 = f8 * (int64_t) g1;
+ int64_t f8g2_19 = f8 * (int64_t) g2_19;
+ int64_t f8g3_19 = f8 * (int64_t) g3_19;
+ int64_t f8g4_19 = f8 * (int64_t) g4_19;
+ int64_t f8g5_19 = f8 * (int64_t) g5_19;
+ int64_t f8g6_19 = f8 * (int64_t) g6_19;
+ int64_t f8g7_19 = f8 * (int64_t) g7_19;
+ int64_t f8g8_19 = f8 * (int64_t) g8_19;
+ int64_t f8g9_19 = f8 * (int64_t) g9_19;
+ int64_t f9g0 = f9 * (int64_t) g0;
+ int64_t f9g1_38 = f9_2 * (int64_t) g1_19;
+ int64_t f9g2_19 = f9 * (int64_t) g2_19;
+ int64_t f9g3_38 = f9_2 * (int64_t) g3_19;
+ int64_t f9g4_19 = f9 * (int64_t) g4_19;
+ int64_t f9g5_38 = f9_2 * (int64_t) g5_19;
+ int64_t f9g6_19 = f9 * (int64_t) g6_19;
+ int64_t f9g7_38 = f9_2 * (int64_t) g7_19;
+ int64_t f9g8_19 = f9 * (int64_t) g8_19;
+ int64_t f9g9_38 = f9_2 * (int64_t) g9_19;
+
+ int64_t h0 = f0g0 + f1g9_38 + f2g8_19 + f3g7_38 + f4g6_19 + f5g5_38 +
+ f6g4_19 + f7g3_38 + f8g2_19 + f9g1_38;
+ int64_t h1 = f0g1 + f1g0 + f2g9_19 + f3g8_19 + f4g7_19 + f5g6_19 + f6g5_19 +
+ f7g4_19 + f8g3_19 + f9g2_19;
+ int64_t h2 = f0g2 + f1g1_2 + f2g0 + f3g9_38 + f4g8_19 + f5g7_38 + f6g6_19 +
+ f7g5_38 + f8g4_19 + f9g3_38;
+ int64_t h3 = f0g3 + f1g2 + f2g1 + f3g0 + f4g9_19 + f5g8_19 + f6g7_19 +
+ f7g6_19 + f8g5_19 + f9g4_19;
+ int64_t h4 = f0g4 + f1g3_2 + f2g2 + f3g1_2 + f4g0 + f5g9_38 + f6g8_19 +
+ f7g7_38 + f8g6_19 + f9g5_38;
+ int64_t h5 = f0g5 + f1g4 + f2g3 + f3g2 + f4g1 + f5g0 + f6g9_19 + f7g8_19 +
+ f8g7_19 + f9g6_19;
+ int64_t h6 = f0g6 + f1g5_2 + f2g4 + f3g3_2 + f4g2 + f5g1_2 + f6g0 +
+ f7g9_38 + f8g8_19 + f9g7_38;
+ int64_t h7 = f0g7 + f1g6 + f2g5 + f3g4 + f4g3 + f5g2 + f6g1 + f7g0 +
+ f8g9_19 + f9g8_19;
+ int64_t h8 = f0g8 + f1g7_2 + f2g6 + f3g5_2 + f4g4 + f5g3_2 + f6g2 + f7g1_2 +
+ f8g0 + f9g9_38;
+ int64_t h9 =
+ f0g9 + f1g8 + f2g7 + f3g6 + f4g5 + f5g4 + f6g3 + f7g2 + f8g1 + f9g0;
+
+ int64_t carry0;
+ int64_t carry1;
+ int64_t carry2;
+ int64_t carry3;
+ int64_t carry4;
+ int64_t carry5;
+ int64_t carry6;
+ int64_t carry7;
+ int64_t carry8;
+ int64_t carry9;
+
+ /*
+ |h0| <= (1.65*1.65*2^52*(1+19+19+19+19)+1.65*1.65*2^50*(38+38+38+38+38))
+ i.e. |h0| <= 1.4*2^60; narrower ranges for h2, h4, h6, h8
+ |h1| <= (1.65*1.65*2^51*(1+1+19+19+19+19+19+19+19+19))
+ i.e. |h1| <= 1.7*2^59; narrower ranges for h3, h5, h7, h9
+ */
+
+ carry0 = (h0 + (int64_t)(1L << 25)) >> 26;
+ h1 += carry0;
+ h0 -= carry0 * ((uint64_t) 1L << 26);
+ carry4 = (h4 + (int64_t)(1L << 25)) >> 26;
+ h5 += carry4;
+ h4 -= carry4 * ((uint64_t) 1L << 26);
+ /* |h0| <= 2^25 */
+ /* |h4| <= 2^25 */
+ /* |h1| <= 1.71*2^59 */
+ /* |h5| <= 1.71*2^59 */
+
+ carry1 = (h1 + (int64_t)(1L << 24)) >> 25;
+ h2 += carry1;
+ h1 -= carry1 * ((uint64_t) 1L << 25);
+ carry5 = (h5 + (int64_t)(1L << 24)) >> 25;
+ h6 += carry5;
+ h5 -= carry5 * ((uint64_t) 1L << 25);
+ /* |h1| <= 2^24; from now on fits into int32 */
+ /* |h5| <= 2^24; from now on fits into int32 */
+ /* |h2| <= 1.41*2^60 */
+ /* |h6| <= 1.41*2^60 */
+
+ carry2 = (h2 + (int64_t)(1L << 25)) >> 26;
+ h3 += carry2;
+ h2 -= carry2 * ((uint64_t) 1L << 26);
+ carry6 = (h6 + (int64_t)(1L << 25)) >> 26;
+ h7 += carry6;
+ h6 -= carry6 * ((uint64_t) 1L << 26);
+ /* |h2| <= 2^25; from now on fits into int32 unchanged */
+ /* |h6| <= 2^25; from now on fits into int32 unchanged */
+ /* |h3| <= 1.71*2^59 */
+ /* |h7| <= 1.71*2^59 */
+
+ carry3 = (h3 + (int64_t)(1L << 24)) >> 25;
+ h4 += carry3;
+ h3 -= carry3 * ((uint64_t) 1L << 25);
+ carry7 = (h7 + (int64_t)(1L << 24)) >> 25;
+ h8 += carry7;
+ h7 -= carry7 * ((uint64_t) 1L << 25);
+ /* |h3| <= 2^24; from now on fits into int32 unchanged */
+ /* |h7| <= 2^24; from now on fits into int32 unchanged */
+ /* |h4| <= 1.72*2^34 */
+ /* |h8| <= 1.41*2^60 */
+
+ carry4 = (h4 + (int64_t)(1L << 25)) >> 26;
+ h5 += carry4;
+ h4 -= carry4 * ((uint64_t) 1L << 26);
+ carry8 = (h8 + (int64_t)(1L << 25)) >> 26;
+ h9 += carry8;
+ h8 -= carry8 * ((uint64_t) 1L << 26);
+ /* |h4| <= 2^25; from now on fits into int32 unchanged */
+ /* |h8| <= 2^25; from now on fits into int32 unchanged */
+ /* |h5| <= 1.01*2^24 */
+ /* |h9| <= 1.71*2^59 */
+
+ carry9 = (h9 + (int64_t)(1L << 24)) >> 25;
+ h0 += carry9 * 19;
+ h9 -= carry9 * ((uint64_t) 1L << 25);
+ /* |h9| <= 2^24; from now on fits into int32 unchanged */
+ /* |h0| <= 1.1*2^39 */
+
+ carry0 = (h0 + (int64_t)(1L << 25)) >> 26;
+ h1 += carry0;
+ h0 -= carry0 * ((uint64_t) 1L << 26);
+ /* |h0| <= 2^25; from now on fits into int32 unchanged */
+ /* |h1| <= 1.01*2^24 */
+
+ h[0] = (int32_t) h0;
+ h[1] = (int32_t) h1;
+ h[2] = (int32_t) h2;
+ h[3] = (int32_t) h3;
+ h[4] = (int32_t) h4;
+ h[5] = (int32_t) h5;
+ h[6] = (int32_t) h6;
+ h[7] = (int32_t) h7;
+ h[8] = (int32_t) h8;
+ h[9] = (int32_t) h9;
+}
+
+/*
+ h = f * f
+ Can overlap h with f.
+ *
+ Preconditions:
+ |f| bounded by 1.65*2^26,1.65*2^25,1.65*2^26,1.65*2^25,etc.
+ *
+ Postconditions:
+ |h| bounded by 1.01*2^25,1.01*2^24,1.01*2^25,1.01*2^24,etc.
+ */
+
+static void
+fe25519_sq(fe25519 h, const fe25519 f)
+{
+ int32_t f0 = f[0];
+ int32_t f1 = f[1];
+ int32_t f2 = f[2];
+ int32_t f3 = f[3];
+ int32_t f4 = f[4];
+ int32_t f5 = f[5];
+ int32_t f6 = f[6];
+ int32_t f7 = f[7];
+ int32_t f8 = f[8];
+ int32_t f9 = f[9];
+
+ int32_t f0_2 = 2 * f0;
+ int32_t f1_2 = 2 * f1;
+ int32_t f2_2 = 2 * f2;
+ int32_t f3_2 = 2 * f3;
+ int32_t f4_2 = 2 * f4;
+ int32_t f5_2 = 2 * f5;
+ int32_t f6_2 = 2 * f6;
+ int32_t f7_2 = 2 * f7;
+ int32_t f5_38 = 38 * f5; /* 1.959375*2^30 */
+ int32_t f6_19 = 19 * f6; /* 1.959375*2^30 */
+ int32_t f7_38 = 38 * f7; /* 1.959375*2^30 */
+ int32_t f8_19 = 19 * f8; /* 1.959375*2^30 */
+ int32_t f9_38 = 38 * f9; /* 1.959375*2^30 */
+
+ int64_t f0f0 = f0 * (int64_t) f0;
+ int64_t f0f1_2 = f0_2 * (int64_t) f1;
+ int64_t f0f2_2 = f0_2 * (int64_t) f2;
+ int64_t f0f3_2 = f0_2 * (int64_t) f3;
+ int64_t f0f4_2 = f0_2 * (int64_t) f4;
+ int64_t f0f5_2 = f0_2 * (int64_t) f5;
+ int64_t f0f6_2 = f0_2 * (int64_t) f6;
+ int64_t f0f7_2 = f0_2 * (int64_t) f7;
+ int64_t f0f8_2 = f0_2 * (int64_t) f8;
+ int64_t f0f9_2 = f0_2 * (int64_t) f9;
+ int64_t f1f1_2 = f1_2 * (int64_t) f1;
+ int64_t f1f2_2 = f1_2 * (int64_t) f2;
+ int64_t f1f3_4 = f1_2 * (int64_t) f3_2;
+ int64_t f1f4_2 = f1_2 * (int64_t) f4;
+ int64_t f1f5_4 = f1_2 * (int64_t) f5_2;
+ int64_t f1f6_2 = f1_2 * (int64_t) f6;
+ int64_t f1f7_4 = f1_2 * (int64_t) f7_2;
+ int64_t f1f8_2 = f1_2 * (int64_t) f8;
+ int64_t f1f9_76 = f1_2 * (int64_t) f9_38;
+ int64_t f2f2 = f2 * (int64_t) f2;
+ int64_t f2f3_2 = f2_2 * (int64_t) f3;
+ int64_t f2f4_2 = f2_2 * (int64_t) f4;
+ int64_t f2f5_2 = f2_2 * (int64_t) f5;
+ int64_t f2f6_2 = f2_2 * (int64_t) f6;
+ int64_t f2f7_2 = f2_2 * (int64_t) f7;
+ int64_t f2f8_38 = f2_2 * (int64_t) f8_19;
+ int64_t f2f9_38 = f2 * (int64_t) f9_38;
+ int64_t f3f3_2 = f3_2 * (int64_t) f3;
+ int64_t f3f4_2 = f3_2 * (int64_t) f4;
+ int64_t f3f5_4 = f3_2 * (int64_t) f5_2;
+ int64_t f3f6_2 = f3_2 * (int64_t) f6;
+ int64_t f3f7_76 = f3_2 * (int64_t) f7_38;
+ int64_t f3f8_38 = f3_2 * (int64_t) f8_19;
+ int64_t f3f9_76 = f3_2 * (int64_t) f9_38;
+ int64_t f4f4 = f4 * (int64_t) f4;
+ int64_t f4f5_2 = f4_2 * (int64_t) f5;
+ int64_t f4f6_38 = f4_2 * (int64_t) f6_19;
+ int64_t f4f7_38 = f4 * (int64_t) f7_38;
+ int64_t f4f8_38 = f4_2 * (int64_t) f8_19;
+ int64_t f4f9_38 = f4 * (int64_t) f9_38;
+ int64_t f5f5_38 = f5 * (int64_t) f5_38;
+ int64_t f5f6_38 = f5_2 * (int64_t) f6_19;
+ int64_t f5f7_76 = f5_2 * (int64_t) f7_38;
+ int64_t f5f8_38 = f5_2 * (int64_t) f8_19;
+ int64_t f5f9_76 = f5_2 * (int64_t) f9_38;
+ int64_t f6f6_19 = f6 * (int64_t) f6_19;
+ int64_t f6f7_38 = f6 * (int64_t) f7_38;
+ int64_t f6f8_38 = f6_2 * (int64_t) f8_19;
+ int64_t f6f9_38 = f6 * (int64_t) f9_38;
+ int64_t f7f7_38 = f7 * (int64_t) f7_38;
+ int64_t f7f8_38 = f7_2 * (int64_t) f8_19;
+ int64_t f7f9_76 = f7_2 * (int64_t) f9_38;
+ int64_t f8f8_19 = f8 * (int64_t) f8_19;
+ int64_t f8f9_38 = f8 * (int64_t) f9_38;
+ int64_t f9f9_38 = f9 * (int64_t) f9_38;
+
+ int64_t h0 = f0f0 + f1f9_76 + f2f8_38 + f3f7_76 + f4f6_38 + f5f5_38;
+ int64_t h1 = f0f1_2 + f2f9_38 + f3f8_38 + f4f7_38 + f5f6_38;
+ int64_t h2 = f0f2_2 + f1f1_2 + f3f9_76 + f4f8_38 + f5f7_76 + f6f6_19;
+ int64_t h3 = f0f3_2 + f1f2_2 + f4f9_38 + f5f8_38 + f6f7_38;
+ int64_t h4 = f0f4_2 + f1f3_4 + f2f2 + f5f9_76 + f6f8_38 + f7f7_38;
+ int64_t h5 = f0f5_2 + f1f4_2 + f2f3_2 + f6f9_38 + f7f8_38;
+ int64_t h6 = f0f6_2 + f1f5_4 + f2f4_2 + f3f3_2 + f7f9_76 + f8f8_19;
+ int64_t h7 = f0f7_2 + f1f6_2 + f2f5_2 + f3f4_2 + f8f9_38;
+ int64_t h8 = f0f8_2 + f1f7_4 + f2f6_2 + f3f5_4 + f4f4 + f9f9_38;
+ int64_t h9 = f0f9_2 + f1f8_2 + f2f7_2 + f3f6_2 + f4f5_2;
+
+ int64_t carry0;
+ int64_t carry1;
+ int64_t carry2;
+ int64_t carry3;
+ int64_t carry4;
+ int64_t carry5;
+ int64_t carry6;
+ int64_t carry7;
+ int64_t carry8;
+ int64_t carry9;
+
+ carry0 = (h0 + (int64_t)(1L << 25)) >> 26;
+ h1 += carry0;
+ h0 -= carry0 * ((uint64_t) 1L << 26);
+ carry4 = (h4 + (int64_t)(1L << 25)) >> 26;
+ h5 += carry4;
+ h4 -= carry4 * ((uint64_t) 1L << 26);
+
+ carry1 = (h1 + (int64_t)(1L << 24)) >> 25;
+ h2 += carry1;
+ h1 -= carry1 * ((uint64_t) 1L << 25);
+ carry5 = (h5 + (int64_t)(1L << 24)) >> 25;
+ h6 += carry5;
+ h5 -= carry5 * ((uint64_t) 1L << 25);
+
+ carry2 = (h2 + (int64_t)(1L << 25)) >> 26;
+ h3 += carry2;
+ h2 -= carry2 * ((uint64_t) 1L << 26);
+ carry6 = (h6 + (int64_t)(1L << 25)) >> 26;
+ h7 += carry6;
+ h6 -= carry6 * ((uint64_t) 1L << 26);
+
+ carry3 = (h3 + (int64_t)(1L << 24)) >> 25;
+ h4 += carry3;
+ h3 -= carry3 * ((uint64_t) 1L << 25);
+ carry7 = (h7 + (int64_t)(1L << 24)) >> 25;
+ h8 += carry7;
+ h7 -= carry7 * ((uint64_t) 1L << 25);
+
+ carry4 = (h4 + (int64_t)(1L << 25)) >> 26;
+ h5 += carry4;
+ h4 -= carry4 * ((uint64_t) 1L << 26);
+ carry8 = (h8 + (int64_t)(1L << 25)) >> 26;
+ h9 += carry8;
+ h8 -= carry8 * ((uint64_t) 1L << 26);
+
+ carry9 = (h9 + (int64_t)(1L << 24)) >> 25;
+ h0 += carry9 * 19;
+ h9 -= carry9 * ((uint64_t) 1L << 25);
+
+ carry0 = (h0 + (int64_t)(1L << 25)) >> 26;
+ h1 += carry0;
+ h0 -= carry0 * ((uint64_t) 1L << 26);
+
+ h[0] = (int32_t) h0;
+ h[1] = (int32_t) h1;
+ h[2] = (int32_t) h2;
+ h[3] = (int32_t) h3;
+ h[4] = (int32_t) h4;
+ h[5] = (int32_t) h5;
+ h[6] = (int32_t) h6;
+ h[7] = (int32_t) h7;
+ h[8] = (int32_t) h8;
+ h[9] = (int32_t) h9;
+}
+
+/*
+ h = 2 * f * f
+ Can overlap h with f.
+ *
+ Preconditions:
+ |f| bounded by 1.65*2^26,1.65*2^25,1.65*2^26,1.65*2^25,etc.
+ *
+ Postconditions:
+ |h| bounded by 1.01*2^25,1.01*2^24,1.01*2^25,1.01*2^24,etc.
+ */
+
+static void
+fe25519_sq2(fe25519 h, const fe25519 f)
+{
+ int32_t f0 = f[0];
+ int32_t f1 = f[1];
+ int32_t f2 = f[2];
+ int32_t f3 = f[3];
+ int32_t f4 = f[4];
+ int32_t f5 = f[5];
+ int32_t f6 = f[6];
+ int32_t f7 = f[7];
+ int32_t f8 = f[8];
+ int32_t f9 = f[9];
+
+ int32_t f0_2 = 2 * f0;
+ int32_t f1_2 = 2 * f1;
+ int32_t f2_2 = 2 * f2;
+ int32_t f3_2 = 2 * f3;
+ int32_t f4_2 = 2 * f4;
+ int32_t f5_2 = 2 * f5;
+ int32_t f6_2 = 2 * f6;
+ int32_t f7_2 = 2 * f7;
+ int32_t f5_38 = 38 * f5; /* 1.959375*2^30 */
+ int32_t f6_19 = 19 * f6; /* 1.959375*2^30 */
+ int32_t f7_38 = 38 * f7; /* 1.959375*2^30 */
+ int32_t f8_19 = 19 * f8; /* 1.959375*2^30 */
+ int32_t f9_38 = 38 * f9; /* 1.959375*2^30 */
+
+ int64_t f0f0 = f0 * (int64_t) f0;
+ int64_t f0f1_2 = f0_2 * (int64_t) f1;
+ int64_t f0f2_2 = f0_2 * (int64_t) f2;
+ int64_t f0f3_2 = f0_2 * (int64_t) f3;
+ int64_t f0f4_2 = f0_2 * (int64_t) f4;
+ int64_t f0f5_2 = f0_2 * (int64_t) f5;
+ int64_t f0f6_2 = f0_2 * (int64_t) f6;
+ int64_t f0f7_2 = f0_2 * (int64_t) f7;
+ int64_t f0f8_2 = f0_2 * (int64_t) f8;
+ int64_t f0f9_2 = f0_2 * (int64_t) f9;
+ int64_t f1f1_2 = f1_2 * (int64_t) f1;
+ int64_t f1f2_2 = f1_2 * (int64_t) f2;
+ int64_t f1f3_4 = f1_2 * (int64_t) f3_2;
+ int64_t f1f4_2 = f1_2 * (int64_t) f4;
+ int64_t f1f5_4 = f1_2 * (int64_t) f5_2;
+ int64_t f1f6_2 = f1_2 * (int64_t) f6;
+ int64_t f1f7_4 = f1_2 * (int64_t) f7_2;
+ int64_t f1f8_2 = f1_2 * (int64_t) f8;
+ int64_t f1f9_76 = f1_2 * (int64_t) f9_38;
+ int64_t f2f2 = f2 * (int64_t) f2;
+ int64_t f2f3_2 = f2_2 * (int64_t) f3;
+ int64_t f2f4_2 = f2_2 * (int64_t) f4;
+ int64_t f2f5_2 = f2_2 * (int64_t) f5;
+ int64_t f2f6_2 = f2_2 * (int64_t) f6;
+ int64_t f2f7_2 = f2_2 * (int64_t) f7;
+ int64_t f2f8_38 = f2_2 * (int64_t) f8_19;
+ int64_t f2f9_38 = f2 * (int64_t) f9_38;
+ int64_t f3f3_2 = f3_2 * (int64_t) f3;
+ int64_t f3f4_2 = f3_2 * (int64_t) f4;
+ int64_t f3f5_4 = f3_2 * (int64_t) f5_2;
+ int64_t f3f6_2 = f3_2 * (int64_t) f6;
+ int64_t f3f7_76 = f3_2 * (int64_t) f7_38;
+ int64_t f3f8_38 = f3_2 * (int64_t) f8_19;
+ int64_t f3f9_76 = f3_2 * (int64_t) f9_38;
+ int64_t f4f4 = f4 * (int64_t) f4;
+ int64_t f4f5_2 = f4_2 * (int64_t) f5;
+ int64_t f4f6_38 = f4_2 * (int64_t) f6_19;
+ int64_t f4f7_38 = f4 * (int64_t) f7_38;
+ int64_t f4f8_38 = f4_2 * (int64_t) f8_19;
+ int64_t f4f9_38 = f4 * (int64_t) f9_38;
+ int64_t f5f5_38 = f5 * (int64_t) f5_38;
+ int64_t f5f6_38 = f5_2 * (int64_t) f6_19;
+ int64_t f5f7_76 = f5_2 * (int64_t) f7_38;
+ int64_t f5f8_38 = f5_2 * (int64_t) f8_19;
+ int64_t f5f9_76 = f5_2 * (int64_t) f9_38;
+ int64_t f6f6_19 = f6 * (int64_t) f6_19;
+ int64_t f6f7_38 = f6 * (int64_t) f7_38;
+ int64_t f6f8_38 = f6_2 * (int64_t) f8_19;
+ int64_t f6f9_38 = f6 * (int64_t) f9_38;
+ int64_t f7f7_38 = f7 * (int64_t) f7_38;
+ int64_t f7f8_38 = f7_2 * (int64_t) f8_19;
+ int64_t f7f9_76 = f7_2 * (int64_t) f9_38;
+ int64_t f8f8_19 = f8 * (int64_t) f8_19;
+ int64_t f8f9_38 = f8 * (int64_t) f9_38;
+ int64_t f9f9_38 = f9 * (int64_t) f9_38;
+
+ int64_t h0 = f0f0 + f1f9_76 + f2f8_38 + f3f7_76 + f4f6_38 + f5f5_38;
+ int64_t h1 = f0f1_2 + f2f9_38 + f3f8_38 + f4f7_38 + f5f6_38;
+ int64_t h2 = f0f2_2 + f1f1_2 + f3f9_76 + f4f8_38 + f5f7_76 + f6f6_19;
+ int64_t h3 = f0f3_2 + f1f2_2 + f4f9_38 + f5f8_38 + f6f7_38;
+ int64_t h4 = f0f4_2 + f1f3_4 + f2f2 + f5f9_76 + f6f8_38 + f7f7_38;
+ int64_t h5 = f0f5_2 + f1f4_2 + f2f3_2 + f6f9_38 + f7f8_38;
+ int64_t h6 = f0f6_2 + f1f5_4 + f2f4_2 + f3f3_2 + f7f9_76 + f8f8_19;
+ int64_t h7 = f0f7_2 + f1f6_2 + f2f5_2 + f3f4_2 + f8f9_38;
+ int64_t h8 = f0f8_2 + f1f7_4 + f2f6_2 + f3f5_4 + f4f4 + f9f9_38;
+ int64_t h9 = f0f9_2 + f1f8_2 + f2f7_2 + f3f6_2 + f4f5_2;
+
+ int64_t carry0;
+ int64_t carry1;
+ int64_t carry2;
+ int64_t carry3;
+ int64_t carry4;
+ int64_t carry5;
+ int64_t carry6;
+ int64_t carry7;
+ int64_t carry8;
+ int64_t carry9;
+
+ h0 += h0;
+ h1 += h1;
+ h2 += h2;
+ h3 += h3;
+ h4 += h4;
+ h5 += h5;
+ h6 += h6;
+ h7 += h7;
+ h8 += h8;
+ h9 += h9;
+
+ carry0 = (h0 + (int64_t)(1L << 25)) >> 26;
+ h1 += carry0;
+ h0 -= carry0 * ((uint64_t) 1L << 26);
+ carry4 = (h4 + (int64_t)(1L << 25)) >> 26;
+ h5 += carry4;
+ h4 -= carry4 * ((uint64_t) 1L << 26);
+
+ carry1 = (h1 + (int64_t)(1L << 24)) >> 25;
+ h2 += carry1;
+ h1 -= carry1 * ((uint64_t) 1L << 25);
+ carry5 = (h5 + (int64_t)(1L << 24)) >> 25;
+ h6 += carry5;
+ h5 -= carry5 * ((uint64_t) 1L << 25);
+
+ carry2 = (h2 + (int64_t)(1L << 25)) >> 26;
+ h3 += carry2;
+ h2 -= carry2 * ((uint64_t) 1L << 26);
+ carry6 = (h6 + (int64_t)(1L << 25)) >> 26;
+ h7 += carry6;
+ h6 -= carry6 * ((uint64_t) 1L << 26);
+
+ carry3 = (h3 + (int64_t)(1L << 24)) >> 25;
+ h4 += carry3;
+ h3 -= carry3 * ((uint64_t) 1L << 25);
+ carry7 = (h7 + (int64_t)(1L << 24)) >> 25;
+ h8 += carry7;
+ h7 -= carry7 * ((uint64_t) 1L << 25);
+
+ carry4 = (h4 + (int64_t)(1L << 25)) >> 26;
+ h5 += carry4;
+ h4 -= carry4 * ((uint64_t) 1L << 26);
+ carry8 = (h8 + (int64_t)(1L << 25)) >> 26;
+ h9 += carry8;
+ h8 -= carry8 * ((uint64_t) 1L << 26);
+
+ carry9 = (h9 + (int64_t)(1L << 24)) >> 25;
+ h0 += carry9 * 19;
+ h9 -= carry9 * ((uint64_t) 1L << 25);
+
+ carry0 = (h0 + (int64_t)(1L << 25)) >> 26;
+ h1 += carry0;
+ h0 -= carry0 * ((uint64_t) 1L << 26);
+
+ h[0] = (int32_t) h0;
+ h[1] = (int32_t) h1;
+ h[2] = (int32_t) h2;
+ h[3] = (int32_t) h3;
+ h[4] = (int32_t) h4;
+ h[5] = (int32_t) h5;
+ h[6] = (int32_t) h6;
+ h[7] = (int32_t) h7;
+ h[8] = (int32_t) h8;
+ h[9] = (int32_t) h9;
+}
+
+static void
+fe25519_scalar_product(fe25519 h, const fe25519 f, uint32_t n)
+{
+ int64_t sn = (int64_t) n;
+ int32_t f0 = f[0];
+ int32_t f1 = f[1];
+ int32_t f2 = f[2];
+ int32_t f3 = f[3];
+ int32_t f4 = f[4];
+ int32_t f5 = f[5];
+ int32_t f6 = f[6];
+ int32_t f7 = f[7];
+ int32_t f8 = f[8];
+ int32_t f9 = f[9];
+ int64_t h0 = f0 * sn;
+ int64_t h1 = f1 * sn;
+ int64_t h2 = f2 * sn;
+ int64_t h3 = f3 * sn;
+ int64_t h4 = f4 * sn;
+ int64_t h5 = f5 * sn;
+ int64_t h6 = f6 * sn;
+ int64_t h7 = f7 * sn;
+ int64_t h8 = f8 * sn;
+ int64_t h9 = f9 * sn;
+ int64_t carry0, carry1, carry2, carry3, carry4, carry5, carry6, carry7,
+ carry8, carry9;
+
+ carry9 = (h9 + ((int64_t) 1 << 24)) >> 25;
+ h0 += carry9 * 19;
+ h9 -= carry9 * ((int64_t) 1 << 25);
+ carry1 = (h1 + ((int64_t) 1 << 24)) >> 25;
+ h2 += carry1;
+ h1 -= carry1 * ((int64_t) 1 << 25);
+ carry3 = (h3 + ((int64_t) 1 << 24)) >> 25;
+ h4 += carry3;
+ h3 -= carry3 * ((int64_t) 1 << 25);
+ carry5 = (h5 + ((int64_t) 1 << 24)) >> 25;
+ h6 += carry5;
+ h5 -= carry5 * ((int64_t) 1 << 25);
+ carry7 = (h7 + ((int64_t) 1 << 24)) >> 25;
+ h8 += carry7;
+ h7 -= carry7 * ((int64_t) 1 << 25);
+
+ carry0 = (h0 + ((int64_t) 1 << 25)) >> 26;
+ h1 += carry0;
+ h0 -= carry0 * ((int64_t) 1 << 26);
+ carry2 = (h2 + ((int64_t) 1 << 25)) >> 26;
+ h3 += carry2;
+ h2 -= carry2 * ((int64_t) 1 << 26);
+ carry4 = (h4 + ((int64_t) 1 << 25)) >> 26;
+ h5 += carry4;
+ h4 -= carry4 * ((int64_t) 1 << 26);
+ carry6 = (h6 + ((int64_t) 1 << 25)) >> 26;
+ h7 += carry6;
+ h6 -= carry6 * ((int64_t) 1 << 26);
+ carry8 = (h8 + ((int64_t) 1 << 25)) >> 26;
+ h9 += carry8;
+ h8 -= carry8 * ((int64_t) 1 << 26);
+
+ h[0] = (int32_t) h0;
+ h[1] = (int32_t) h1;
+ h[2] = (int32_t) h2;
+ h[3] = (int32_t) h3;
+ h[4] = (int32_t) h4;
+ h[5] = (int32_t) h5;
+ h[6] = (int32_t) h6;
+ h[7] = (int32_t) h7;
+ h[8] = (int32_t) h8;
+ h[9] = (int32_t) h9;
+}
diff --git a/libs/libsodium/src/include/sodium/private/ed25519_ref10_fe_51.h b/libs/libsodium/src/include/sodium/private/ed25519_ref10_fe_51.h
index 3a30f30148..28363083d9 100644
--- a/libs/libsodium/src/include/sodium/private/ed25519_ref10_fe_51.h
+++ b/libs/libsodium/src/include/sodium/private/ed25519_ref10_fe_51.h
@@ -1,518 +1,518 @@
-#include <string.h>
-
-#include "private/common.h"
-#include "utils.h"
-
-/*
- h = 0
- */
-
-static inline void
-fe25519_0(fe25519 h)
-{
- memset(&h[0], 0, 5 * sizeof h[0]);
-}
-
-/*
- h = 1
- */
-
-static inline void
-fe25519_1(fe25519 h)
-{
- h[0] = 1;
- memset(&h[1], 0, 4 * sizeof h[0]);
-}
-
-/*
- h = f + g
- Can overlap h with f or g.
- */
-
-static inline void
-fe25519_add(fe25519 h, const fe25519 f, const fe25519 g)
-{
- uint64_t h0 = f[0] + g[0];
- uint64_t h1 = f[1] + g[1];
- uint64_t h2 = f[2] + g[2];
- uint64_t h3 = f[3] + g[3];
- uint64_t h4 = f[4] + g[4];
-
- h[0] = h0;
- h[1] = h1;
- h[2] = h2;
- h[3] = h3;
- h[4] = h4;
-}
-
-/*
- h = f - g
- */
-
-static void
-fe25519_sub(fe25519 h, const fe25519 f, const fe25519 g)
-{
- const uint64_t mask = 0x7ffffffffffffULL;
- uint64_t h0, h1, h2, h3, h4;
-
- h0 = g[0];
- h1 = g[1];
- h2 = g[2];
- h3 = g[3];
- h4 = g[4];
-
- h1 += h0 >> 51;
- h0 &= mask;
- h2 += h1 >> 51;
- h1 &= mask;
- h3 += h2 >> 51;
- h2 &= mask;
- h4 += h3 >> 51;
- h3 &= mask;
- h0 += 19ULL * (h4 >> 51);
- h4 &= mask;
-
- h0 = (f[0] + 0xfffffffffffdaULL) - h0;
- h1 = (f[1] + 0xffffffffffffeULL) - h1;
- h2 = (f[2] + 0xffffffffffffeULL) - h2;
- h3 = (f[3] + 0xffffffffffffeULL) - h3;
- h4 = (f[4] + 0xffffffffffffeULL) - h4;
-
- h[0] = h0;
- h[1] = h1;
- h[2] = h2;
- h[3] = h3;
- h[4] = h4;
-}
-
-/*
- h = -f
- */
-
-static inline void
-fe25519_neg(fe25519 h, const fe25519 f)
-{
- fe25519 zero;
-
- fe25519_0(zero);
- fe25519_sub(h, zero, f);
-}
-
-/*
- Replace (f,g) with (g,g) if b == 1;
- replace (f,g) with (f,g) if b == 0.
- *
- Preconditions: b in {0,1}.
- */
-
-static void
-fe25519_cmov(fe25519 f, const fe25519 g, unsigned int b)
-{
- const uint64_t mask = (uint64_t) (-(int64_t) b);
-
- uint64_t f0 = f[0];
- uint64_t f1 = f[1];
- uint64_t f2 = f[2];
- uint64_t f3 = f[3];
- uint64_t f4 = f[4];
-
- uint64_t x0 = f0 ^ g[0];
- uint64_t x1 = f1 ^ g[1];
- uint64_t x2 = f2 ^ g[2];
- uint64_t x3 = f3 ^ g[3];
- uint64_t x4 = f4 ^ g[4];
-
- x0 &= mask;
- x1 &= mask;
- x2 &= mask;
- x3 &= mask;
- x4 &= mask;
-
- f[0] = f0 ^ x0;
- f[1] = f1 ^ x1;
- f[2] = f2 ^ x2;
- f[3] = f3 ^ x3;
- f[4] = f4 ^ x4;
-}
-
-/*
-Replace (f,g) with (g,f) if b == 1;
-replace (f,g) with (f,g) if b == 0.
-
-Preconditions: b in {0,1}.
-*/
-
-static void
-fe25519_cswap(fe25519 f, fe25519 g, unsigned int b)
-{
- const uint64_t mask = (uint64_t) (-(int64_t) b);
-
- uint64_t f0 = f[0];
- uint64_t f1 = f[1];
- uint64_t f2 = f[2];
- uint64_t f3 = f[3];
- uint64_t f4 = f[4];
-
- uint64_t g0 = g[0];
- uint64_t g1 = g[1];
- uint64_t g2 = g[2];
- uint64_t g3 = g[3];
- uint64_t g4 = g[4];
-
- uint64_t x0 = f0 ^ g0;
- uint64_t x1 = f1 ^ g1;
- uint64_t x2 = f2 ^ g2;
- uint64_t x3 = f3 ^ g3;
- uint64_t x4 = f4 ^ g4;
-
- x0 &= mask;
- x1 &= mask;
- x2 &= mask;
- x3 &= mask;
- x4 &= mask;
-
- f[0] = f0 ^ x0;
- f[1] = f1 ^ x1;
- f[2] = f2 ^ x2;
- f[3] = f3 ^ x3;
- f[4] = f4 ^ x4;
-
- g[0] = g0 ^ x0;
- g[1] = g1 ^ x1;
- g[2] = g2 ^ x2;
- g[3] = g3 ^ x3;
- g[4] = g4 ^ x4;
-}
-
-/*
- h = f
- */
-
-static inline void
-fe25519_copy(fe25519 h, const fe25519 f)
-{
- uint64_t f0 = f[0];
- uint64_t f1 = f[1];
- uint64_t f2 = f[2];
- uint64_t f3 = f[3];
- uint64_t f4 = f[4];
-
- h[0] = f0;
- h[1] = f1;
- h[2] = f2;
- h[3] = f3;
- h[4] = f4;
-}
-
-/*
- return 1 if f is in {1,3,5,...,q-2}
- return 0 if f is in {0,2,4,...,q-1}
- */
-
-static inline int
-fe25519_isnegative(const fe25519 f)
-{
- unsigned char s[32];
-
- fe25519_tobytes(s, f);
-
- return s[0] & 1;
-}
-
-/*
- return 1 if f == 0
- return 0 if f != 0
- */
-
-static inline int
-fe25519_iszero(const fe25519 f)
-{
- unsigned char s[32];
-
- fe25519_tobytes(s, f);
-
- return sodium_is_zero(s, 32);
-}
-
-/*
- h = f * g
- Can overlap h with f or g.
- */
-
-static void
-fe25519_mul(fe25519 h, const fe25519 f, const fe25519 g)
-{
- const uint64_t mask = 0x7ffffffffffffULL;
- uint128_t r0, r1, r2, r3, r4, carry;
- uint64_t f0, f1, f2, f3, f4;
- uint64_t f1_19, f2_19, f3_19, f4_19;
- uint64_t g0, g1, g2, g3, g4;
- uint64_t r00, r01, r02, r03, r04;
-
- f0 = f[0];
- f1 = f[1];
- f2 = f[2];
- f3 = f[3];
- f4 = f[4];
-
- g0 = g[0];
- g1 = g[1];
- g2 = g[2];
- g3 = g[3];
- g4 = g[4];
-
- f1_19 = 19ULL * f1;
- f2_19 = 19ULL * f2;
- f3_19 = 19ULL * f3;
- f4_19 = 19ULL * f4;
-
- r0 = ((uint128_t) f0 ) * ((uint128_t) g0);
- r0 += ((uint128_t) f1_19) * ((uint128_t) g4);
- r0 += ((uint128_t) f2_19) * ((uint128_t) g3);
- r0 += ((uint128_t) f3_19) * ((uint128_t) g2);
- r0 += ((uint128_t) f4_19) * ((uint128_t) g1);
-
- r1 = ((uint128_t) f0 ) * ((uint128_t) g1);
- r1 += ((uint128_t) f1 ) * ((uint128_t) g0);
- r1 += ((uint128_t) f2_19) * ((uint128_t) g4);
- r1 += ((uint128_t) f3_19) * ((uint128_t) g3);
- r1 += ((uint128_t) f4_19) * ((uint128_t) g2);
-
- r2 = ((uint128_t) f0 ) * ((uint128_t) g2);
- r2 += ((uint128_t) f1 ) * ((uint128_t) g1);
- r2 += ((uint128_t) f2 ) * ((uint128_t) g0);
- r2 += ((uint128_t) f3_19) * ((uint128_t) g4);
- r2 += ((uint128_t) f4_19) * ((uint128_t) g3);
-
- r3 = ((uint128_t) f0 ) * ((uint128_t) g3);
- r3 += ((uint128_t) f1 ) * ((uint128_t) g2);
- r3 += ((uint128_t) f2 ) * ((uint128_t) g1);
- r3 += ((uint128_t) f3 ) * ((uint128_t) g0);
- r3 += ((uint128_t) f4_19) * ((uint128_t) g4);
-
- r4 = ((uint128_t) f0 ) * ((uint128_t) g4);
- r4 += ((uint128_t) f1 ) * ((uint128_t) g3);
- r4 += ((uint128_t) f2 ) * ((uint128_t) g2);
- r4 += ((uint128_t) f3 ) * ((uint128_t) g1);
- r4 += ((uint128_t) f4 ) * ((uint128_t) g0);
-
- r00 = ((uint64_t) r0) & mask;
- carry = r0 >> 51;
- r1 += carry;
- r01 = ((uint64_t) r1) & mask;
- carry = r1 >> 51;
- r2 += carry;
- r02 = ((uint64_t) r2) & mask;
- carry = r2 >> 51;
- r3 += carry;
- r03 = ((uint64_t) r3) & mask;
- carry = r3 >> 51;
- r4 += carry;
- r04 = ((uint64_t) r4) & mask;
- carry = r4 >> 51;
- r00 += 19ULL * (uint64_t) carry;
- carry = r00 >> 51;
- r00 &= mask;
- r01 += (uint64_t) carry;
- carry = r01 >> 51;
- r01 &= mask;
- r02 += (uint64_t) carry;
-
- h[0] = r00;
- h[1] = r01;
- h[2] = r02;
- h[3] = r03;
- h[4] = r04;
-}
-
-/*
- h = f * f
- Can overlap h with f.
- */
-
-static void
-fe25519_sq(fe25519 h, const fe25519 f)
-{
- const uint64_t mask = 0x7ffffffffffffULL;
- uint128_t r0, r1, r2, r3, r4, carry;
- uint64_t f0, f1, f2, f3, f4;
- uint64_t f0_2, f1_2, f1_38, f2_38, f3_38, f3_19, f4_19;
- uint64_t r00, r01, r02, r03, r04;
-
- f0 = f[0];
- f1 = f[1];
- f2 = f[2];
- f3 = f[3];
- f4 = f[4];
-
- f0_2 = f0 << 1;
- f1_2 = f1 << 1;
-
- f1_38 = 38ULL * f1;
- f2_38 = 38ULL * f2;
- f3_38 = 38ULL * f3;
-
- f3_19 = 19ULL * f3;
- f4_19 = 19ULL * f4;
-
- r0 = ((uint128_t) f0 ) * ((uint128_t) f0);
- r0 += ((uint128_t) f1_38) * ((uint128_t) f4);
- r0 += ((uint128_t) f2_38) * ((uint128_t) f3);
-
- r1 = ((uint128_t) f0_2 ) * ((uint128_t) f1);
- r1 += ((uint128_t) f2_38) * ((uint128_t) f4);
- r1 += ((uint128_t) f3_19) * ((uint128_t) f3);
-
- r2 = ((uint128_t) f0_2 ) * ((uint128_t) f2);
- r2 += ((uint128_t) f1 ) * ((uint128_t) f1);
- r2 += ((uint128_t) f3_38) * ((uint128_t) f4);
-
- r3 = ((uint128_t) f0_2 ) * ((uint128_t) f3);
- r3 += ((uint128_t) f1_2 ) * ((uint128_t) f2);
- r3 += ((uint128_t) f4_19) * ((uint128_t) f4);
-
- r4 = ((uint128_t) f0_2 ) * ((uint128_t) f4);
- r4 += ((uint128_t) f1_2 ) * ((uint128_t) f3);
- r4 += ((uint128_t) f2 ) * ((uint128_t) f2);
-
- r00 = ((uint64_t) r0) & mask;
- carry = r0 >> 51;
- r1 += carry;
- r01 = ((uint64_t) r1) & mask;
- carry = r1 >> 51;
- r2 += carry;
- r02 = ((uint64_t) r2) & mask;
- carry = r2 >> 51;
- r3 += carry;
- r03 = ((uint64_t) r3) & mask;
- carry = r3 >> 51;
- r4 += carry;
- r04 = ((uint64_t) r4) & mask;
- carry = r4 >> 51;
- r00 += 19ULL * (uint64_t) carry;
- carry = r00 >> 51;
- r00 &= mask;
- r01 += (uint64_t) carry;
- carry = r01 >> 51;
- r01 &= mask;
- r02 += (uint64_t) carry;
-
- h[0] = r00;
- h[1] = r01;
- h[2] = r02;
- h[3] = r03;
- h[4] = r04;
-}
-
-/*
- h = 2 * f * f
- Can overlap h with f.
-*/
-
-static void
-fe25519_sq2(fe25519 h, const fe25519 f)
-{
- const uint64_t mask = 0x7ffffffffffffULL;
- uint128_t r0, r1, r2, r3, r4, carry;
- uint64_t f0, f1, f2, f3, f4;
- uint64_t f0_2, f1_2, f1_38, f2_38, f3_38, f3_19, f4_19;
- uint64_t r00, r01, r02, r03, r04;
-
- f0 = f[0];
- f1 = f[1];
- f2 = f[2];
- f3 = f[3];
- f4 = f[4];
-
- f0_2 = f0 << 1;
- f1_2 = f1 << 1;
-
- f1_38 = 38ULL * f1;
- f2_38 = 38ULL * f2;
- f3_38 = 38ULL * f3;
-
- f3_19 = 19ULL * f3;
- f4_19 = 19ULL * f4;
-
- r0 = ((uint128_t) f0 ) * ((uint128_t) f0);
- r0 += ((uint128_t) f1_38) * ((uint128_t) f4);
- r0 += ((uint128_t) f2_38) * ((uint128_t) f3);
-
- r1 = ((uint128_t) f0_2 ) * ((uint128_t) f1);
- r1 += ((uint128_t) f2_38) * ((uint128_t) f4);
- r1 += ((uint128_t) f3_19) * ((uint128_t) f3);
-
- r2 = ((uint128_t) f0_2 ) * ((uint128_t) f2);
- r2 += ((uint128_t) f1 ) * ((uint128_t) f1);
- r2 += ((uint128_t) f3_38) * ((uint128_t) f4);
-
- r3 = ((uint128_t) f0_2 ) * ((uint128_t) f3);
- r3 += ((uint128_t) f1_2 ) * ((uint128_t) f2);
- r3 += ((uint128_t) f4_19) * ((uint128_t) f4);
-
- r4 = ((uint128_t) f0_2 ) * ((uint128_t) f4);
- r4 += ((uint128_t) f1_2 ) * ((uint128_t) f3);
- r4 += ((uint128_t) f2 ) * ((uint128_t) f2);
-
- r0 <<= 1;
- r1 <<= 1;
- r2 <<= 1;
- r3 <<= 1;
- r4 <<= 1;
-
- r00 = ((uint64_t) r0) & mask;
- carry = r0 >> 51;
- r1 += carry;
- r01 = ((uint64_t) r1) & mask;
- carry = r1 >> 51;
- r2 += carry;
- r02 = ((uint64_t) r2) & mask;
- carry = r2 >> 51;
- r3 += carry;
- r03 = ((uint64_t) r3) & mask;
- carry = r3 >> 51;
- r4 += carry;
- r04 = ((uint64_t) r4) & mask;
- carry = r4 >> 51;
- r00 += 19ULL * (uint64_t) carry;
- carry = r00 >> 51;
- r00 &= mask;
- r01 += (uint64_t) carry;
- carry = r01 >> 51;
- r01 &= mask;
- r02 += (uint64_t) carry;
-
- h[0] = r00;
- h[1] = r01;
- h[2] = r02;
- h[3] = r03;
- h[4] = r04;
-}
-
-static void
-fe25519_scalar_product(fe25519 h, const fe25519 f, uint32_t n)
-{
- const uint64_t mask = 0x7ffffffffffffULL;
- uint128_t a;
- uint128_t sn = (uint128_t) n;
- uint64_t h0, h1, h2, h3, h4;
-
- a = f[0] * sn;
- h0 = ((uint64_t) a) & mask;
- a = f[1] * sn + ((uint64_t) (a >> 51));
- h1 = ((uint64_t) a) & mask;
- a = f[2] * sn + ((uint64_t) (a >> 51));
- h2 = ((uint64_t) a) & mask;
- a = f[3] * sn + ((uint64_t) (a >> 51));
- h3 = ((uint64_t) a) & mask;
- a = f[4] * sn + ((uint64_t) (a >> 51));
- h4 = ((uint64_t) a) & mask;
-
- h0 += (a >> 51) * 19ULL;
-
- h[0] = h0;
- h[1] = h1;
- h[2] = h2;
- h[3] = h3;
- h[4] = h4;
-}
+#include <string.h>
+
+#include "private/common.h"
+#include "utils.h"
+
+/*
+ h = 0
+ */
+
+static inline void
+fe25519_0(fe25519 h)
+{
+ memset(&h[0], 0, 5 * sizeof h[0]);
+}
+
+/*
+ h = 1
+ */
+
+static inline void
+fe25519_1(fe25519 h)
+{
+ h[0] = 1;
+ memset(&h[1], 0, 4 * sizeof h[0]);
+}
+
+/*
+ h = f + g
+ Can overlap h with f or g.
+ */
+
+static inline void
+fe25519_add(fe25519 h, const fe25519 f, const fe25519 g)
+{
+ uint64_t h0 = f[0] + g[0];
+ uint64_t h1 = f[1] + g[1];
+ uint64_t h2 = f[2] + g[2];
+ uint64_t h3 = f[3] + g[3];
+ uint64_t h4 = f[4] + g[4];
+
+ h[0] = h0;
+ h[1] = h1;
+ h[2] = h2;
+ h[3] = h3;
+ h[4] = h4;
+}
+
+/*
+ h = f - g
+ */
+
+static void
+fe25519_sub(fe25519 h, const fe25519 f, const fe25519 g)
+{
+ const uint64_t mask = 0x7ffffffffffffULL;
+ uint64_t h0, h1, h2, h3, h4;
+
+ h0 = g[0];
+ h1 = g[1];
+ h2 = g[2];
+ h3 = g[3];
+ h4 = g[4];
+
+ h1 += h0 >> 51;
+ h0 &= mask;
+ h2 += h1 >> 51;
+ h1 &= mask;
+ h3 += h2 >> 51;
+ h2 &= mask;
+ h4 += h3 >> 51;
+ h3 &= mask;
+ h0 += 19ULL * (h4 >> 51);
+ h4 &= mask;
+
+ h0 = (f[0] + 0xfffffffffffdaULL) - h0;
+ h1 = (f[1] + 0xffffffffffffeULL) - h1;
+ h2 = (f[2] + 0xffffffffffffeULL) - h2;
+ h3 = (f[3] + 0xffffffffffffeULL) - h3;
+ h4 = (f[4] + 0xffffffffffffeULL) - h4;
+
+ h[0] = h0;
+ h[1] = h1;
+ h[2] = h2;
+ h[3] = h3;
+ h[4] = h4;
+}
+
+/*
+ h = -f
+ */
+
+static inline void
+fe25519_neg(fe25519 h, const fe25519 f)
+{
+ fe25519 zero;
+
+ fe25519_0(zero);
+ fe25519_sub(h, zero, f);
+}
+
+/*
+ Replace (f,g) with (g,g) if b == 1;
+ replace (f,g) with (f,g) if b == 0.
+ *
+ Preconditions: b in {0,1}.
+ */
+
+static void
+fe25519_cmov(fe25519 f, const fe25519 g, unsigned int b)
+{
+ const uint64_t mask = (uint64_t) (-(int64_t) b);
+
+ uint64_t f0 = f[0];
+ uint64_t f1 = f[1];
+ uint64_t f2 = f[2];
+ uint64_t f3 = f[3];
+ uint64_t f4 = f[4];
+
+ uint64_t x0 = f0 ^ g[0];
+ uint64_t x1 = f1 ^ g[1];
+ uint64_t x2 = f2 ^ g[2];
+ uint64_t x3 = f3 ^ g[3];
+ uint64_t x4 = f4 ^ g[4];
+
+ x0 &= mask;
+ x1 &= mask;
+ x2 &= mask;
+ x3 &= mask;
+ x4 &= mask;
+
+ f[0] = f0 ^ x0;
+ f[1] = f1 ^ x1;
+ f[2] = f2 ^ x2;
+ f[3] = f3 ^ x3;
+ f[4] = f4 ^ x4;
+}
+
+/*
+Replace (f,g) with (g,f) if b == 1;
+replace (f,g) with (f,g) if b == 0.
+
+Preconditions: b in {0,1}.
+*/
+
+static void
+fe25519_cswap(fe25519 f, fe25519 g, unsigned int b)
+{
+ const uint64_t mask = (uint64_t) (-(int64_t) b);
+
+ uint64_t f0 = f[0];
+ uint64_t f1 = f[1];
+ uint64_t f2 = f[2];
+ uint64_t f3 = f[3];
+ uint64_t f4 = f[4];
+
+ uint64_t g0 = g[0];
+ uint64_t g1 = g[1];
+ uint64_t g2 = g[2];
+ uint64_t g3 = g[3];
+ uint64_t g4 = g[4];
+
+ uint64_t x0 = f0 ^ g0;
+ uint64_t x1 = f1 ^ g1;
+ uint64_t x2 = f2 ^ g2;
+ uint64_t x3 = f3 ^ g3;
+ uint64_t x4 = f4 ^ g4;
+
+ x0 &= mask;
+ x1 &= mask;
+ x2 &= mask;
+ x3 &= mask;
+ x4 &= mask;
+
+ f[0] = f0 ^ x0;
+ f[1] = f1 ^ x1;
+ f[2] = f2 ^ x2;
+ f[3] = f3 ^ x3;
+ f[4] = f4 ^ x4;
+
+ g[0] = g0 ^ x0;
+ g[1] = g1 ^ x1;
+ g[2] = g2 ^ x2;
+ g[3] = g3 ^ x3;
+ g[4] = g4 ^ x4;
+}
+
+/*
+ h = f
+ */
+
+static inline void
+fe25519_copy(fe25519 h, const fe25519 f)
+{
+ uint64_t f0 = f[0];
+ uint64_t f1 = f[1];
+ uint64_t f2 = f[2];
+ uint64_t f3 = f[3];
+ uint64_t f4 = f[4];
+
+ h[0] = f0;
+ h[1] = f1;
+ h[2] = f2;
+ h[3] = f3;
+ h[4] = f4;
+}
+
+/*
+ return 1 if f is in {1,3,5,...,q-2}
+ return 0 if f is in {0,2,4,...,q-1}
+ */
+
+static inline int
+fe25519_isnegative(const fe25519 f)
+{
+ unsigned char s[32];
+
+ fe25519_tobytes(s, f);
+
+ return s[0] & 1;
+}
+
+/*
+ return 1 if f == 0
+ return 0 if f != 0
+ */
+
+static inline int
+fe25519_iszero(const fe25519 f)
+{
+ unsigned char s[32];
+
+ fe25519_tobytes(s, f);
+
+ return sodium_is_zero(s, 32);
+}
+
+/*
+ h = f * g
+ Can overlap h with f or g.
+ */
+
+static void
+fe25519_mul(fe25519 h, const fe25519 f, const fe25519 g)
+{
+ const uint64_t mask = 0x7ffffffffffffULL;
+ uint128_t r0, r1, r2, r3, r4, carry;
+ uint64_t f0, f1, f2, f3, f4;
+ uint64_t f1_19, f2_19, f3_19, f4_19;
+ uint64_t g0, g1, g2, g3, g4;
+ uint64_t r00, r01, r02, r03, r04;
+
+ f0 = f[0];
+ f1 = f[1];
+ f2 = f[2];
+ f3 = f[3];
+ f4 = f[4];
+
+ g0 = g[0];
+ g1 = g[1];
+ g2 = g[2];
+ g3 = g[3];
+ g4 = g[4];
+
+ f1_19 = 19ULL * f1;
+ f2_19 = 19ULL * f2;
+ f3_19 = 19ULL * f3;
+ f4_19 = 19ULL * f4;
+
+ r0 = ((uint128_t) f0 ) * ((uint128_t) g0);
+ r0 += ((uint128_t) f1_19) * ((uint128_t) g4);
+ r0 += ((uint128_t) f2_19) * ((uint128_t) g3);
+ r0 += ((uint128_t) f3_19) * ((uint128_t) g2);
+ r0 += ((uint128_t) f4_19) * ((uint128_t) g1);
+
+ r1 = ((uint128_t) f0 ) * ((uint128_t) g1);
+ r1 += ((uint128_t) f1 ) * ((uint128_t) g0);
+ r1 += ((uint128_t) f2_19) * ((uint128_t) g4);
+ r1 += ((uint128_t) f3_19) * ((uint128_t) g3);
+ r1 += ((uint128_t) f4_19) * ((uint128_t) g2);
+
+ r2 = ((uint128_t) f0 ) * ((uint128_t) g2);
+ r2 += ((uint128_t) f1 ) * ((uint128_t) g1);
+ r2 += ((uint128_t) f2 ) * ((uint128_t) g0);
+ r2 += ((uint128_t) f3_19) * ((uint128_t) g4);
+ r2 += ((uint128_t) f4_19) * ((uint128_t) g3);
+
+ r3 = ((uint128_t) f0 ) * ((uint128_t) g3);
+ r3 += ((uint128_t) f1 ) * ((uint128_t) g2);
+ r3 += ((uint128_t) f2 ) * ((uint128_t) g1);
+ r3 += ((uint128_t) f3 ) * ((uint128_t) g0);
+ r3 += ((uint128_t) f4_19) * ((uint128_t) g4);
+
+ r4 = ((uint128_t) f0 ) * ((uint128_t) g4);
+ r4 += ((uint128_t) f1 ) * ((uint128_t) g3);
+ r4 += ((uint128_t) f2 ) * ((uint128_t) g2);
+ r4 += ((uint128_t) f3 ) * ((uint128_t) g1);
+ r4 += ((uint128_t) f4 ) * ((uint128_t) g0);
+
+ r00 = ((uint64_t) r0) & mask;
+ carry = r0 >> 51;
+ r1 += carry;
+ r01 = ((uint64_t) r1) & mask;
+ carry = r1 >> 51;
+ r2 += carry;
+ r02 = ((uint64_t) r2) & mask;
+ carry = r2 >> 51;
+ r3 += carry;
+ r03 = ((uint64_t) r3) & mask;
+ carry = r3 >> 51;
+ r4 += carry;
+ r04 = ((uint64_t) r4) & mask;
+ carry = r4 >> 51;
+ r00 += 19ULL * (uint64_t) carry;
+ carry = r00 >> 51;
+ r00 &= mask;
+ r01 += (uint64_t) carry;
+ carry = r01 >> 51;
+ r01 &= mask;
+ r02 += (uint64_t) carry;
+
+ h[0] = r00;
+ h[1] = r01;
+ h[2] = r02;
+ h[3] = r03;
+ h[4] = r04;
+}
+
+/*
+ h = f * f
+ Can overlap h with f.
+ */
+
+static void
+fe25519_sq(fe25519 h, const fe25519 f)
+{
+ const uint64_t mask = 0x7ffffffffffffULL;
+ uint128_t r0, r1, r2, r3, r4, carry;
+ uint64_t f0, f1, f2, f3, f4;
+ uint64_t f0_2, f1_2, f1_38, f2_38, f3_38, f3_19, f4_19;
+ uint64_t r00, r01, r02, r03, r04;
+
+ f0 = f[0];
+ f1 = f[1];
+ f2 = f[2];
+ f3 = f[3];
+ f4 = f[4];
+
+ f0_2 = f0 << 1;
+ f1_2 = f1 << 1;
+
+ f1_38 = 38ULL * f1;
+ f2_38 = 38ULL * f2;
+ f3_38 = 38ULL * f3;
+
+ f3_19 = 19ULL * f3;
+ f4_19 = 19ULL * f4;
+
+ r0 = ((uint128_t) f0 ) * ((uint128_t) f0);
+ r0 += ((uint128_t) f1_38) * ((uint128_t) f4);
+ r0 += ((uint128_t) f2_38) * ((uint128_t) f3);
+
+ r1 = ((uint128_t) f0_2 ) * ((uint128_t) f1);
+ r1 += ((uint128_t) f2_38) * ((uint128_t) f4);
+ r1 += ((uint128_t) f3_19) * ((uint128_t) f3);
+
+ r2 = ((uint128_t) f0_2 ) * ((uint128_t) f2);
+ r2 += ((uint128_t) f1 ) * ((uint128_t) f1);
+ r2 += ((uint128_t) f3_38) * ((uint128_t) f4);
+
+ r3 = ((uint128_t) f0_2 ) * ((uint128_t) f3);
+ r3 += ((uint128_t) f1_2 ) * ((uint128_t) f2);
+ r3 += ((uint128_t) f4_19) * ((uint128_t) f4);
+
+ r4 = ((uint128_t) f0_2 ) * ((uint128_t) f4);
+ r4 += ((uint128_t) f1_2 ) * ((uint128_t) f3);
+ r4 += ((uint128_t) f2 ) * ((uint128_t) f2);
+
+ r00 = ((uint64_t) r0) & mask;
+ carry = r0 >> 51;
+ r1 += carry;
+ r01 = ((uint64_t) r1) & mask;
+ carry = r1 >> 51;
+ r2 += carry;
+ r02 = ((uint64_t) r2) & mask;
+ carry = r2 >> 51;
+ r3 += carry;
+ r03 = ((uint64_t) r3) & mask;
+ carry = r3 >> 51;
+ r4 += carry;
+ r04 = ((uint64_t) r4) & mask;
+ carry = r4 >> 51;
+ r00 += 19ULL * (uint64_t) carry;
+ carry = r00 >> 51;
+ r00 &= mask;
+ r01 += (uint64_t) carry;
+ carry = r01 >> 51;
+ r01 &= mask;
+ r02 += (uint64_t) carry;
+
+ h[0] = r00;
+ h[1] = r01;
+ h[2] = r02;
+ h[3] = r03;
+ h[4] = r04;
+}
+
+/*
+ h = 2 * f * f
+ Can overlap h with f.
+*/
+
+static void
+fe25519_sq2(fe25519 h, const fe25519 f)
+{
+ const uint64_t mask = 0x7ffffffffffffULL;
+ uint128_t r0, r1, r2, r3, r4, carry;
+ uint64_t f0, f1, f2, f3, f4;
+ uint64_t f0_2, f1_2, f1_38, f2_38, f3_38, f3_19, f4_19;
+ uint64_t r00, r01, r02, r03, r04;
+
+ f0 = f[0];
+ f1 = f[1];
+ f2 = f[2];
+ f3 = f[3];
+ f4 = f[4];
+
+ f0_2 = f0 << 1;
+ f1_2 = f1 << 1;
+
+ f1_38 = 38ULL * f1;
+ f2_38 = 38ULL * f2;
+ f3_38 = 38ULL * f3;
+
+ f3_19 = 19ULL * f3;
+ f4_19 = 19ULL * f4;
+
+ r0 = ((uint128_t) f0 ) * ((uint128_t) f0);
+ r0 += ((uint128_t) f1_38) * ((uint128_t) f4);
+ r0 += ((uint128_t) f2_38) * ((uint128_t) f3);
+
+ r1 = ((uint128_t) f0_2 ) * ((uint128_t) f1);
+ r1 += ((uint128_t) f2_38) * ((uint128_t) f4);
+ r1 += ((uint128_t) f3_19) * ((uint128_t) f3);
+
+ r2 = ((uint128_t) f0_2 ) * ((uint128_t) f2);
+ r2 += ((uint128_t) f1 ) * ((uint128_t) f1);
+ r2 += ((uint128_t) f3_38) * ((uint128_t) f4);
+
+ r3 = ((uint128_t) f0_2 ) * ((uint128_t) f3);
+ r3 += ((uint128_t) f1_2 ) * ((uint128_t) f2);
+ r3 += ((uint128_t) f4_19) * ((uint128_t) f4);
+
+ r4 = ((uint128_t) f0_2 ) * ((uint128_t) f4);
+ r4 += ((uint128_t) f1_2 ) * ((uint128_t) f3);
+ r4 += ((uint128_t) f2 ) * ((uint128_t) f2);
+
+ r0 <<= 1;
+ r1 <<= 1;
+ r2 <<= 1;
+ r3 <<= 1;
+ r4 <<= 1;
+
+ r00 = ((uint64_t) r0) & mask;
+ carry = r0 >> 51;
+ r1 += carry;
+ r01 = ((uint64_t) r1) & mask;
+ carry = r1 >> 51;
+ r2 += carry;
+ r02 = ((uint64_t) r2) & mask;
+ carry = r2 >> 51;
+ r3 += carry;
+ r03 = ((uint64_t) r3) & mask;
+ carry = r3 >> 51;
+ r4 += carry;
+ r04 = ((uint64_t) r4) & mask;
+ carry = r4 >> 51;
+ r00 += 19ULL * (uint64_t) carry;
+ carry = r00 >> 51;
+ r00 &= mask;
+ r01 += (uint64_t) carry;
+ carry = r01 >> 51;
+ r01 &= mask;
+ r02 += (uint64_t) carry;
+
+ h[0] = r00;
+ h[1] = r01;
+ h[2] = r02;
+ h[3] = r03;
+ h[4] = r04;
+}
+
+static void
+fe25519_scalar_product(fe25519 h, const fe25519 f, uint32_t n)
+{
+ const uint64_t mask = 0x7ffffffffffffULL;
+ uint128_t a;
+ uint128_t sn = (uint128_t) n;
+ uint64_t h0, h1, h2, h3, h4;
+
+ a = f[0] * sn;
+ h0 = ((uint64_t) a) & mask;
+ a = f[1] * sn + ((uint64_t) (a >> 51));
+ h1 = ((uint64_t) a) & mask;
+ a = f[2] * sn + ((uint64_t) (a >> 51));
+ h2 = ((uint64_t) a) & mask;
+ a = f[3] * sn + ((uint64_t) (a >> 51));
+ h3 = ((uint64_t) a) & mask;
+ a = f[4] * sn + ((uint64_t) (a >> 51));
+ h4 = ((uint64_t) a) & mask;
+
+ h0 += (a >> 51) * 19ULL;
+
+ h[0] = h0;
+ h[1] = h1;
+ h[2] = h2;
+ h[3] = h3;
+ h[4] = h4;
+}
diff --git a/libs/libsodium/src/include/sodium/private/implementations.h b/libs/libsodium/src/include/sodium/private/implementations.h
index c7237f851d..926c3a61a6 100644
--- a/libs/libsodium/src/include/sodium/private/implementations.h
+++ b/libs/libsodium/src/include/sodium/private/implementations.h
@@ -1,11 +1,11 @@
-#ifndef implementations_H
-#define implementations_H
-
-int _crypto_generichash_blake2b_pick_best_implementation(void);
-int _crypto_onetimeauth_poly1305_pick_best_implementation(void);
-int _crypto_pwhash_argon2_pick_best_implementation(void);
-int _crypto_scalarmult_curve25519_pick_best_implementation(void);
-int _crypto_stream_chacha20_pick_best_implementation(void);
-int _crypto_stream_salsa20_pick_best_implementation(void);
-
-#endif
+#ifndef implementations_H
+#define implementations_H
+
+int _crypto_generichash_blake2b_pick_best_implementation(void);
+int _crypto_onetimeauth_poly1305_pick_best_implementation(void);
+int _crypto_pwhash_argon2_pick_best_implementation(void);
+int _crypto_scalarmult_curve25519_pick_best_implementation(void);
+int _crypto_stream_chacha20_pick_best_implementation(void);
+int _crypto_stream_salsa20_pick_best_implementation(void);
+
+#endif
diff --git a/libs/libsodium/src/include/sodium/private/mutex.h b/libs/libsodium/src/include/sodium/private/mutex.h
index 322b6742b2..03433173eb 100644
--- a/libs/libsodium/src/include/sodium/private/mutex.h
+++ b/libs/libsodium/src/include/sodium/private/mutex.h
@@ -1,7 +1,7 @@
-#ifndef mutex_H
-#define mutex_H 1
-
-extern int sodium_crit_enter(void);
-extern int sodium_crit_leave(void);
-
-#endif
+#ifndef mutex_H
+#define mutex_H 1
+
+extern int sodium_crit_enter(void);
+extern int sodium_crit_leave(void);
+
+#endif
diff --git a/libs/libsodium/src/include/sodium/private/sse2_64_32.h b/libs/libsodium/src/include/sodium/private/sse2_64_32.h
index d0455b41b4..8c4889a05e 100644
--- a/libs/libsodium/src/include/sodium/private/sse2_64_32.h
+++ b/libs/libsodium/src/include/sodium/private/sse2_64_32.h
@@ -1,50 +1,50 @@
-#ifndef sse2_64_32_H
-#define sse2_64_32_H 1
-
-#include "common.h"
-
-#ifdef HAVE_INTRIN_H
-# include <intrin.h>
-#endif
-
-#if defined(HAVE_EMMINTRIN_H) && \
- !(defined(__amd64) || defined(__amd64__) || defined(__x86_64__) || \
- defined(_M_X64) || defined(_M_AMD64))
-
-# include <emmintrin.h>
-# include <stdint.h>
-
-# ifndef _mm_set_epi64x
-# define _mm_set_epi64x(Q0, Q1) sodium__mm_set_epi64x((Q0), (Q1))
-static inline __m128i
-sodium__mm_set_epi64x(int64_t q1, int64_t q0)
-{
- union { int64_t as64; int32_t as32[2]; } x0, x1;
- x0.as64 = q0; x1.as64 = q1;
- return _mm_set_epi32(x1.as32[1], x1.as32[0], x0.as32[1], x0.as32[0]);
-}
-# endif
-
-# ifndef _mm_set1_epi64x
-# define _mm_set1_epi64x(Q) sodium__mm_set1_epi64x(Q)
-static inline __m128i
-sodium__mm_set1_epi64x(int64_t q)
-{
- return _mm_set_epi64x(q, q);
-}
-# endif
-
-# ifndef _mm_cvtsi64_si128
-# define _mm_cvtsi64_si128(Q) sodium__mm_cvtsi64_si128(Q)
-static inline __m128i
-sodium__mm_cvtsi64_si128(int64_t q)
-{
- union { int64_t as64; int32_t as32[2]; } x;
- x.as64 = q;
- return _mm_setr_epi32(x.as32[0], x.as32[1], 0, 0);
-}
-# endif
-
-#endif
-
-#endif
+#ifndef sse2_64_32_H
+#define sse2_64_32_H 1
+
+#include "common.h"
+
+#ifdef HAVE_INTRIN_H
+# include <intrin.h>
+#endif
+
+#if defined(HAVE_EMMINTRIN_H) && \
+ !(defined(__amd64) || defined(__amd64__) || defined(__x86_64__) || \
+ defined(_M_X64) || defined(_M_AMD64))
+
+# include <emmintrin.h>
+# include <stdint.h>
+
+# ifndef _mm_set_epi64x
+# define _mm_set_epi64x(Q0, Q1) sodium__mm_set_epi64x((Q0), (Q1))
+static inline __m128i
+sodium__mm_set_epi64x(int64_t q1, int64_t q0)
+{
+ union { int64_t as64; int32_t as32[2]; } x0, x1;
+ x0.as64 = q0; x1.as64 = q1;
+ return _mm_set_epi32(x1.as32[1], x1.as32[0], x0.as32[1], x0.as32[0]);
+}
+# endif
+
+# ifndef _mm_set1_epi64x
+# define _mm_set1_epi64x(Q) sodium__mm_set1_epi64x(Q)
+static inline __m128i
+sodium__mm_set1_epi64x(int64_t q)
+{
+ return _mm_set_epi64x(q, q);
+}
+# endif
+
+# ifndef _mm_cvtsi64_si128
+# define _mm_cvtsi64_si128(Q) sodium__mm_cvtsi64_si128(Q)
+static inline __m128i
+sodium__mm_cvtsi64_si128(int64_t q)
+{
+ union { int64_t as64; int32_t as32[2]; } x;
+ x.as64 = q;
+ return _mm_setr_epi32(x.as32[0], x.as32[1], 0, 0);
+}
+# endif
+
+#endif
+
+#endif
diff --git a/libs/libsodium/src/include/sodium/randombytes.h b/libs/libsodium/src/include/sodium/randombytes.h
index d19f684ed6..47dc62f63e 100644
--- a/libs/libsodium/src/include/sodium/randombytes.h
+++ b/libs/libsodium/src/include/sodium/randombytes.h
@@ -1,68 +1,72 @@
-
-#ifndef randombytes_H
-#define randombytes_H
-
-#include <stddef.h>
-#include <stdint.h>
-
-#include <sys/types.h>
-
-#include "export.h"
-
-#ifdef __cplusplus
-# ifdef __GNUC__
-# pragma GCC diagnostic ignored "-Wlong-long"
-# endif
-extern "C" {
-#endif
-
-typedef struct randombytes_implementation {
- const char *(*implementation_name)(void); /* required */
- uint32_t (*random)(void); /* required */
- void (*stir)(void); /* optional */
- uint32_t (*uniform)(const uint32_t upper_bound); /* optional, a default implementation will be used if NULL */
- void (*buf)(void * const buf, const size_t size); /* required */
- int (*close)(void); /* optional */
-} randombytes_implementation;
-
-#define randombytes_BYTES_MAX SODIUM_MIN(SODIUM_SIZE_MAX, 0xffffffffUL)
-
-#define randombytes_SEEDBYTES 32U
-SODIUM_EXPORT
-size_t randombytes_seedbytes(void);
-
-SODIUM_EXPORT
-void randombytes_buf(void * const buf, const size_t size);
-
-SODIUM_EXPORT
-void randombytes_buf_deterministic(void * const buf, const size_t size,
- const unsigned char seed[randombytes_SEEDBYTES]);
-
-SODIUM_EXPORT
-uint32_t randombytes_random(void);
-
-SODIUM_EXPORT
-uint32_t randombytes_uniform(const uint32_t upper_bound);
-
-SODIUM_EXPORT
-void randombytes_stir(void);
-
-SODIUM_EXPORT
-int randombytes_close(void);
-
-SODIUM_EXPORT
-int randombytes_set_implementation(randombytes_implementation *impl);
-
-SODIUM_EXPORT
-const char *randombytes_implementation_name(void);
-
-/* -- NaCl compatibility interface -- */
-
-SODIUM_EXPORT
-void randombytes(unsigned char * const buf, const unsigned long long buf_len);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
+
+#ifndef randombytes_H
+#define randombytes_H
+
+#include <stddef.h>
+#include <stdint.h>
+
+#include <sys/types.h>
+
+#include "export.h"
+
+#ifdef __cplusplus
+# ifdef __GNUC__
+# pragma GCC diagnostic ignored "-Wlong-long"
+# endif
+extern "C" {
+#endif
+
+typedef struct randombytes_implementation {
+ const char *(*implementation_name)(void); /* required */
+ uint32_t (*random)(void); /* required */
+ void (*stir)(void); /* optional */
+ uint32_t (*uniform)(const uint32_t upper_bound); /* optional, a default implementation will be used if NULL */
+ void (*buf)(void * const buf, const size_t size); /* required */
+ int (*close)(void); /* optional */
+} randombytes_implementation;
+
+#define randombytes_BYTES_MAX SODIUM_MIN(SODIUM_SIZE_MAX, 0xffffffffUL)
+
+#define randombytes_SEEDBYTES 32U
+SODIUM_EXPORT
+size_t randombytes_seedbytes(void);
+
+SODIUM_EXPORT
+void randombytes_buf(void * const buf, const size_t size)
+ __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void randombytes_buf_deterministic(void * const buf, const size_t size,
+ const unsigned char seed[randombytes_SEEDBYTES])
+ __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+uint32_t randombytes_random(void);
+
+SODIUM_EXPORT
+uint32_t randombytes_uniform(const uint32_t upper_bound);
+
+SODIUM_EXPORT
+void randombytes_stir(void);
+
+SODIUM_EXPORT
+int randombytes_close(void);
+
+SODIUM_EXPORT
+int randombytes_set_implementation(randombytes_implementation *impl)
+ __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+const char *randombytes_implementation_name(void);
+
+/* -- NaCl compatibility interface -- */
+
+SODIUM_EXPORT
+void randombytes(unsigned char * const buf, const unsigned long long buf_len)
+ __attribute__ ((nonnull));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/libs/libsodium/src/include/sodium/randombytes_nativeclient.h b/libs/libsodium/src/include/sodium/randombytes_nativeclient.h
index 5158d8c3c3..ba014929e4 100644
--- a/libs/libsodium/src/include/sodium/randombytes_nativeclient.h
+++ b/libs/libsodium/src/include/sodium/randombytes_nativeclient.h
@@ -1,23 +1,23 @@
-
-#ifndef randombytes_nativeclient_H
-#define randombytes_nativeclient_H
-
-#ifdef __native_client__
-
-# include "export.h"
-# include "randombytes.h"
-
-# ifdef __cplusplus
-extern "C" {
-# endif
-
-SODIUM_EXPORT
-extern struct randombytes_implementation randombytes_nativeclient_implementation;
-
-# ifdef __cplusplus
-}
-# endif
-
-#endif
-
-#endif
+
+#ifndef randombytes_nativeclient_H
+#define randombytes_nativeclient_H
+
+#ifdef __native_client__
+
+# include "export.h"
+# include "randombytes.h"
+
+# ifdef __cplusplus
+extern "C" {
+# endif
+
+SODIUM_EXPORT
+extern struct randombytes_implementation randombytes_nativeclient_implementation;
+
+# ifdef __cplusplus
+}
+# endif
+
+#endif
+
+#endif
diff --git a/libs/libsodium/src/include/sodium/randombytes_salsa20_random.h b/libs/libsodium/src/include/sodium/randombytes_salsa20_random.h
index 4deae15b6d..d3a1da6ad5 100644
--- a/libs/libsodium/src/include/sodium/randombytes_salsa20_random.h
+++ b/libs/libsodium/src/include/sodium/randombytes_salsa20_random.h
@@ -1,19 +1,19 @@
-
-#ifndef randombytes_salsa20_random_H
-#define randombytes_salsa20_random_H
-
-#include "export.h"
-#include "randombytes.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-SODIUM_EXPORT
-extern struct randombytes_implementation randombytes_salsa20_implementation;
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
+
+#ifndef randombytes_salsa20_random_H
+#define randombytes_salsa20_random_H
+
+#include "export.h"
+#include "randombytes.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+SODIUM_EXPORT
+extern struct randombytes_implementation randombytes_salsa20_implementation;
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/libs/libsodium/src/include/sodium/randombytes_sysrandom.h b/libs/libsodium/src/include/sodium/randombytes_sysrandom.h
index 9e27b674c7..554b459dde 100644
--- a/libs/libsodium/src/include/sodium/randombytes_sysrandom.h
+++ b/libs/libsodium/src/include/sodium/randombytes_sysrandom.h
@@ -1,19 +1,19 @@
-
-#ifndef randombytes_sysrandom_H
-#define randombytes_sysrandom_H
-
-#include "export.h"
-#include "randombytes.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-SODIUM_EXPORT
-extern struct randombytes_implementation randombytes_sysrandom_implementation;
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
+
+#ifndef randombytes_sysrandom_H
+#define randombytes_sysrandom_H
+
+#include "export.h"
+#include "randombytes.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+SODIUM_EXPORT
+extern struct randombytes_implementation randombytes_sysrandom_implementation;
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/libs/libsodium/src/include/sodium/runtime.h b/libs/libsodium/src/include/sodium/runtime.h
index 7f15d58e7c..4cd8c2c499 100644
--- a/libs/libsodium/src/include/sodium/runtime.h
+++ b/libs/libsodium/src/include/sodium/runtime.h
@@ -1,52 +1,52 @@
-
-#ifndef sodium_runtime_H
-#define sodium_runtime_H
-
-#include "export.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-SODIUM_EXPORT_WEAK
-int sodium_runtime_has_neon(void);
-
-SODIUM_EXPORT_WEAK
-int sodium_runtime_has_sse2(void);
-
-SODIUM_EXPORT_WEAK
-int sodium_runtime_has_sse3(void);
-
-SODIUM_EXPORT_WEAK
-int sodium_runtime_has_ssse3(void);
-
-SODIUM_EXPORT_WEAK
-int sodium_runtime_has_sse41(void);
-
-SODIUM_EXPORT_WEAK
-int sodium_runtime_has_avx(void);
-
-SODIUM_EXPORT_WEAK
-int sodium_runtime_has_avx2(void);
-
-SODIUM_EXPORT_WEAK
-int sodium_runtime_has_avx512f(void);
-
-SODIUM_EXPORT_WEAK
-int sodium_runtime_has_pclmul(void);
-
-SODIUM_EXPORT_WEAK
-int sodium_runtime_has_aesni(void);
-
-SODIUM_EXPORT_WEAK
-int sodium_runtime_has_rdrand(void);
-
-/* ------------------------------------------------------------------------- */
-
-int _sodium_runtime_get_cpu_features(void);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
+
+#ifndef sodium_runtime_H
+#define sodium_runtime_H
+
+#include "export.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+SODIUM_EXPORT_WEAK
+int sodium_runtime_has_neon(void);
+
+SODIUM_EXPORT_WEAK
+int sodium_runtime_has_sse2(void);
+
+SODIUM_EXPORT_WEAK
+int sodium_runtime_has_sse3(void);
+
+SODIUM_EXPORT_WEAK
+int sodium_runtime_has_ssse3(void);
+
+SODIUM_EXPORT_WEAK
+int sodium_runtime_has_sse41(void);
+
+SODIUM_EXPORT_WEAK
+int sodium_runtime_has_avx(void);
+
+SODIUM_EXPORT_WEAK
+int sodium_runtime_has_avx2(void);
+
+SODIUM_EXPORT_WEAK
+int sodium_runtime_has_avx512f(void);
+
+SODIUM_EXPORT_WEAK
+int sodium_runtime_has_pclmul(void);
+
+SODIUM_EXPORT_WEAK
+int sodium_runtime_has_aesni(void);
+
+SODIUM_EXPORT_WEAK
+int sodium_runtime_has_rdrand(void);
+
+/* ------------------------------------------------------------------------- */
+
+int _sodium_runtime_get_cpu_features(void);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/libs/libsodium/src/include/sodium/utils.h b/libs/libsodium/src/include/sodium/utils.h
index 46eb331cfd..8054e1ab4a 100644
--- a/libs/libsodium/src/include/sodium/utils.h
+++ b/libs/libsodium/src/include/sodium/utils.h
@@ -1,170 +1,182 @@
-
-#ifndef sodium_utils_H
-#define sodium_utils_H
-
-#include <stddef.h>
-
-#include "export.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#ifndef SODIUM_C99
-# if defined(__cplusplus) || !defined(__STDC_VERSION__) || __STDC_VERSION__ < 199901L
-# define SODIUM_C99(X)
-# else
-# define SODIUM_C99(X) X
-# endif
-#endif
-
-SODIUM_EXPORT
-void sodium_memzero(void * const pnt, const size_t len);
-
-SODIUM_EXPORT
-void sodium_stackzero(const size_t len);
-
-/*
- * WARNING: sodium_memcmp() must be used to verify if two secret keys
- * are equal, in constant time.
- * It returns 0 if the keys are equal, and -1 if they differ.
- * This function is not designed for lexicographical comparisons.
- */
-SODIUM_EXPORT
-int sodium_memcmp(const void * const b1_, const void * const b2_, size_t len)
- __attribute__ ((warn_unused_result));
-
-/*
- * sodium_compare() returns -1 if b1_ < b2_, 1 if b1_ > b2_ and 0 if b1_ == b2_
- * It is suitable for lexicographical comparisons, or to compare nonces
- * and counters stored in little-endian format.
- * However, it is slower than sodium_memcmp().
- */
-SODIUM_EXPORT
-int sodium_compare(const unsigned char *b1_, const unsigned char *b2_,
- size_t len)
- __attribute__ ((warn_unused_result));
-
-SODIUM_EXPORT
-int sodium_is_zero(const unsigned char *n, const size_t nlen);
-
-SODIUM_EXPORT
-void sodium_increment(unsigned char *n, const size_t nlen);
-
-SODIUM_EXPORT
-void sodium_add(unsigned char *a, const unsigned char *b, const size_t len);
-
-SODIUM_EXPORT
-char *sodium_bin2hex(char * const hex, const size_t hex_maxlen,
- const unsigned char * const bin, const size_t bin_len);
-
-SODIUM_EXPORT
-int sodium_hex2bin(unsigned char * const bin, const size_t bin_maxlen,
- const char * const hex, const size_t hex_len,
- const char * const ignore, size_t * const bin_len,
- const char ** const hex_end);
-
-#define sodium_base64_VARIANT_ORIGINAL 1
-#define sodium_base64_VARIANT_ORIGINAL_NO_PADDING 3
-#define sodium_base64_VARIANT_URLSAFE 5
-#define sodium_base64_VARIANT_URLSAFE_NO_PADDING 7
-
-/*
- * Computes the required length to encode BIN_LEN bytes as a base64 string
- * using the given variant. The computed length includes a trailing \0.
- */
-#define sodium_base64_ENCODED_LEN(BIN_LEN, VARIANT) \
- (((BIN_LEN) / 3U) * 4U + \
- ((((BIN_LEN) - ((BIN_LEN) / 3U) * 3U) | (((BIN_LEN) - ((BIN_LEN) / 3U) * 3U) >> 1)) & 1U) * \
- (4U - (~((((VARIANT) & 2U) >> 1) - 1U) & (3U - ((BIN_LEN) - ((BIN_LEN) / 3U) * 3U)))) + 1U)
-
-SODIUM_EXPORT
-size_t sodium_base64_encoded_len(const size_t bin_len, const int variant);
-
-SODIUM_EXPORT
-char *sodium_bin2base64(char * const b64, const size_t b64_maxlen,
- const unsigned char * const bin, const size_t bin_len,
- const int variant);
-
-SODIUM_EXPORT
-int sodium_base642bin(unsigned char * const bin, const size_t bin_maxlen,
- const char * const b64, const size_t b64_len,
- const char * const ignore, size_t * const bin_len,
- const char ** const b64_end, const int variant);
-
-SODIUM_EXPORT
-int sodium_mlock(void * const addr, const size_t len);
-
-SODIUM_EXPORT
-int sodium_munlock(void * const addr, const size_t len);
-
-/* WARNING: sodium_malloc() and sodium_allocarray() are not general-purpose
- * allocation functions.
- *
- * They return a pointer to a region filled with 0xd0 bytes, immediately
- * followed by a guard page.
- * As a result, accessing a single byte after the requested allocation size
- * will intentionally trigger a segmentation fault.
- *
- * A canary and an additional guard page placed before the beginning of the
- * region may also kill the process if a buffer underflow is detected.
- *
- * The memory layout is:
- * [unprotected region size (read only)][guard page (no access)][unprotected pages (read/write)][guard page (no access)]
- * With the layout of the unprotected pages being:
- * [optional padding][16-bytes canary][user region]
- *
- * However:
- * - These functions are significantly slower than standard functions
- * - Each allocation requires 3 or 4 additional pages
- * - The returned address will not be aligned if the allocation size is not
- * a multiple of the required alignment. For this reason, these functions
- * are designed to store data, such as secret keys and messages.
- *
- * sodium_malloc() can be used to allocate any libsodium data structure.
- *
- * The crypto_generichash_state structure is packed and its length is
- * either 357 or 361 bytes. For this reason, when using sodium_malloc() to
- * allocate a crypto_generichash_state structure, padding must be added in
- * order to ensure proper alignment. crypto_generichash_statebytes()
- * returns the rounded up structure size, and should be prefered to sizeof():
- * state = sodium_malloc(crypto_generichash_statebytes());
- */
-
-SODIUM_EXPORT
-void *sodium_malloc(const size_t size)
- __attribute__ ((malloc));
-
-SODIUM_EXPORT
-void *sodium_allocarray(size_t count, size_t size)
- __attribute__ ((malloc));
-
-SODIUM_EXPORT
-void sodium_free(void *ptr);
-
-SODIUM_EXPORT
-int sodium_mprotect_noaccess(void *ptr);
-
-SODIUM_EXPORT
-int sodium_mprotect_readonly(void *ptr);
-
-SODIUM_EXPORT
-int sodium_mprotect_readwrite(void *ptr);
-
-SODIUM_EXPORT
-int sodium_pad(size_t *padded_buflen_p, unsigned char *buf,
- size_t unpadded_buflen, size_t blocksize, size_t max_buflen);
-
-SODIUM_EXPORT
-int sodium_unpad(size_t *unpadded_buflen_p, const unsigned char *buf,
- size_t padded_buflen, size_t blocksize);
-
-/* -------- */
-
-int _sodium_alloc_init(void);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
+
+#ifndef sodium_utils_H
+#define sodium_utils_H
+
+#include <stddef.h>
+
+#include "export.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#ifndef SODIUM_C99
+# if defined(__cplusplus) || !defined(__STDC_VERSION__) || __STDC_VERSION__ < 199901L
+# define SODIUM_C99(X)
+# else
+# define SODIUM_C99(X) X
+# endif
+#endif
+
+SODIUM_EXPORT
+void sodium_memzero(void * const pnt, const size_t len) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void sodium_stackzero(const size_t len);
+
+/*
+ * WARNING: sodium_memcmp() must be used to verify if two secret keys
+ * are equal, in constant time.
+ * It returns 0 if the keys are equal, and -1 if they differ.
+ * This function is not designed for lexicographical comparisons.
+ */
+SODIUM_EXPORT
+int sodium_memcmp(const void * const b1_, const void * const b2_, size_t len)
+ __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+/*
+ * sodium_compare() returns -1 if b1_ < b2_, 1 if b1_ > b2_ and 0 if b1_ == b2_
+ * It is suitable for lexicographical comparisons, or to compare nonces
+ * and counters stored in little-endian format.
+ * However, it is slower than sodium_memcmp().
+ */
+SODIUM_EXPORT
+int sodium_compare(const unsigned char *b1_, const unsigned char *b2_,
+ size_t len)
+ __attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int sodium_is_zero(const unsigned char *n, const size_t nlen);
+
+SODIUM_EXPORT
+void sodium_increment(unsigned char *n, const size_t nlen);
+
+SODIUM_EXPORT
+void sodium_add(unsigned char *a, const unsigned char *b, const size_t len)
+ __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+void sodium_sub(unsigned char *a, const unsigned char *b, const size_t len)
+ __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+char *sodium_bin2hex(char * const hex, const size_t hex_maxlen,
+ const unsigned char * const bin, const size_t bin_len)
+ __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int sodium_hex2bin(unsigned char * const bin, const size_t bin_maxlen,
+ const char * const hex, const size_t hex_len,
+ const char * const ignore, size_t * const bin_len,
+ const char ** const hex_end)
+ __attribute__ ((nonnull(1, 3)));
+
+#define sodium_base64_VARIANT_ORIGINAL 1
+#define sodium_base64_VARIANT_ORIGINAL_NO_PADDING 3
+#define sodium_base64_VARIANT_URLSAFE 5
+#define sodium_base64_VARIANT_URLSAFE_NO_PADDING 7
+
+/*
+ * Computes the required length to encode BIN_LEN bytes as a base64 string
+ * using the given variant. The computed length includes a trailing \0.
+ */
+#define sodium_base64_ENCODED_LEN(BIN_LEN, VARIANT) \
+ (((BIN_LEN) / 3U) * 4U + \
+ ((((BIN_LEN) - ((BIN_LEN) / 3U) * 3U) | (((BIN_LEN) - ((BIN_LEN) / 3U) * 3U) >> 1)) & 1U) * \
+ (4U - (~((((VARIANT) & 2U) >> 1) - 1U) & (3U - ((BIN_LEN) - ((BIN_LEN) / 3U) * 3U)))) + 1U)
+
+SODIUM_EXPORT
+size_t sodium_base64_encoded_len(const size_t bin_len, const int variant);
+
+SODIUM_EXPORT
+char *sodium_bin2base64(char * const b64, const size_t b64_maxlen,
+ const unsigned char * const bin, const size_t bin_len,
+ const int variant) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int sodium_base642bin(unsigned char * const bin, const size_t bin_maxlen,
+ const char * const b64, const size_t b64_len,
+ const char * const ignore, size_t * const bin_len,
+ const char ** const b64_end, const int variant)
+ __attribute__ ((nonnull(1, 3)));
+
+SODIUM_EXPORT
+int sodium_mlock(void * const addr, const size_t len)
+ __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int sodium_munlock(void * const addr, const size_t len)
+ __attribute__ ((nonnull));
+
+/* WARNING: sodium_malloc() and sodium_allocarray() are not general-purpose
+ * allocation functions.
+ *
+ * They return a pointer to a region filled with 0xd0 bytes, immediately
+ * followed by a guard page.
+ * As a result, accessing a single byte after the requested allocation size
+ * will intentionally trigger a segmentation fault.
+ *
+ * A canary and an additional guard page placed before the beginning of the
+ * region may also kill the process if a buffer underflow is detected.
+ *
+ * The memory layout is:
+ * [unprotected region size (read only)][guard page (no access)][unprotected pages (read/write)][guard page (no access)]
+ * With the layout of the unprotected pages being:
+ * [optional padding][16-bytes canary][user region]
+ *
+ * However:
+ * - These functions are significantly slower than standard functions
+ * - Each allocation requires 3 or 4 additional pages
+ * - The returned address will not be aligned if the allocation size is not
+ * a multiple of the required alignment. For this reason, these functions
+ * are designed to store data, such as secret keys and messages.
+ *
+ * sodium_malloc() can be used to allocate any libsodium data structure.
+ *
+ * The crypto_generichash_state structure is packed and its length is
+ * either 357 or 361 bytes. For this reason, when using sodium_malloc() to
+ * allocate a crypto_generichash_state structure, padding must be added in
+ * order to ensure proper alignment. crypto_generichash_statebytes()
+ * returns the rounded up structure size, and should be prefered to sizeof():
+ * state = sodium_malloc(crypto_generichash_statebytes());
+ */
+
+SODIUM_EXPORT
+void *sodium_malloc(const size_t size)
+ __attribute__ ((malloc));
+
+SODIUM_EXPORT
+void *sodium_allocarray(size_t count, size_t size)
+ __attribute__ ((malloc));
+
+SODIUM_EXPORT
+void sodium_free(void *ptr);
+
+SODIUM_EXPORT
+int sodium_mprotect_noaccess(void *ptr) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int sodium_mprotect_readonly(void *ptr) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int sodium_mprotect_readwrite(void *ptr) __attribute__ ((nonnull));
+
+SODIUM_EXPORT
+int sodium_pad(size_t *padded_buflen_p, unsigned char *buf,
+ size_t unpadded_buflen, size_t blocksize, size_t max_buflen)
+ __attribute__ ((nonnull(2)));
+
+SODIUM_EXPORT
+int sodium_unpad(size_t *unpadded_buflen_p, const unsigned char *buf,
+ size_t padded_buflen, size_t blocksize)
+ __attribute__ ((nonnull(2)));
+
+/* -------- */
+
+int _sodium_alloc_init(void);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/libs/libsodium/src/include/sodium/version.h b/libs/libsodium/src/include/sodium/version.h
index fc5f462da1..8dce217855 100644
--- a/libs/libsodium/src/include/sodium/version.h
+++ b/libs/libsodium/src/include/sodium/version.h
@@ -1,32 +1,32 @@
-
-#ifndef sodium_version_H
-#define sodium_version_H
-
-#include "export.h"
-
-#define SODIUM_VERSION_STRING "1.0.17"
-
-#define SODIUM_LIBRARY_VERSION_MAJOR 10
-#define SODIUM_LIBRARY_VERSION_MINOR 1
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
- SODIUM_EXPORT
- const char *sodium_version_string(void);
-
- SODIUM_EXPORT
- int sodium_library_version_major(void);
-
- SODIUM_EXPORT
- int sodium_library_version_minor(void);
-
- SODIUM_EXPORT
- int sodium_library_minimal(void);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
+
+#ifndef sodium_version_H
+#define sodium_version_H
+
+#include "export.h"
+
+#define SODIUM_VERSION_STRING "1.0.17"
+
+#define SODIUM_LIBRARY_VERSION_MAJOR 10
+#define SODIUM_LIBRARY_VERSION_MINOR 2
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+SODIUM_EXPORT
+const char *sodium_version_string(void);
+
+SODIUM_EXPORT
+int sodium_library_version_major(void);
+
+SODIUM_EXPORT
+int sodium_library_version_minor(void);
+
+SODIUM_EXPORT
+int sodium_library_minimal(void);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-02 07:09:01 +0000