Update to the latest stable libsodium

Author: Face Kapow

deps/SConscript

@@ -1,16 +1,19 @@
+*.bc
 *.cmake
 *.dSYM
-*.exp
+*.done
 *.final
 *.gcda
 *.gcno
+*.i
 *.la
 *.lo
 *.log
 *.mem
 *.nexe
 *.o
 *.plist
+*.s
 *.scan
 *.sdf
 *.status
@@ -21,11 +24,16 @@
 .dirstamp
 .done
 .libs
+/bin/
+/obj/
 Build
 INSTALL
 Makefile
 Makefile.in
+Vagrantfile
 aclocal.m4
+android-toolchain
+android-toolchain-*
 autom4te.cache
 build
 compile
@@ -35,11 +43,25 @@ configure
 configure.lineno
 coverage.info
 depcomp
-android-toolchain
 install-sh
-libtool
+libsodium-*.tar.bz2
+libsodium-*.tar.gz
+libsodium-*.vcproj
+libsodium-*.vcproj.filters
+libsodium-*.vcxproj
+libsodium-*.vcxproj.filters
+libsodium-android-*
+libsodium-ios
+libsodium-js
+libsodium-js-*
+libsodium-nativeclient
+libsodium-nativeclient-*
+libsodium-osx
+libsodium-uninstalled.pc
+libsodium-win32
+libsodium-win64
 libsodium.pc
-libsodium-*
+libtool
 ltmain.sh
 m4/argz.m4
 m4/libtool.m4
@@ -50,17 +72,14 @@ m4/lt~obsolete.m4
 man/*.html
 man/Makefile.in
 missing
-src/curvecp/curvecpclient
-src/curvecp/curvecpmakekey
-src/curvecp/curvecpmessage
-src/curvecp/curvecpprintkey
-src/curvecp/curvecpserver
 src/libsodium/*.def
 src/libsodium/include/sodium/version.h
 stamp-*
-test/js.done
+test-driver
+test/default/browser
 test/default/*.res
 test/default/*.trs
+test/default/aead_aes256gcm
 test/default/aead_chacha20poly1305
 test/default/auth
 test/default/auth2
@@ -93,6 +112,7 @@ test/default/onetimeauth
 test/default/onetimeauth2
 test/default/onetimeauth7
 test/default/pwhash
+test/default/pwhash_scrypt
 test/default/pwhash_scrypt_ll
 test/default/randombytes
 test/default/scalarmult
@@ -118,10 +138,5 @@ test/default/stream2
 test/default/stream3
 test/default/stream4
 test/default/verify1
-test-driver
+test/js.done
 testing
-android-toolchain-*
-libsodium-android-*
-/bin/
-/obj/
-Vagrantfile

deps/libsodium/.gitignore

@@ -1,3 +1,5 @@
+sudo: false
+
 language: c
 
 os:
@@ -14,10 +16,13 @@ before_script:
 
 script:
  - ./configure --disable-dependency-tracking
+ - >
+   if [ "$TRAVIS_OS_NAME" = 'linux' -a "$CC" = 'gcc' ]; then make CFLAGS='-g0' > /dev/null && cp src/libsodium/.libs/libsodium.so lib.so && make clean > /dev/null && make CFLAGS='-g0' CPPFLAGS='-DSODIUM_C99\(X\)=' > /dev/null && cp src/libsodium/.libs/libsodium.so lib-oldc.so && cmp lib.so lib-oldc.so && echo No binary changes && make clean > /dev/null ; fi
  - make distcheck
- - make distclean
+ - make distclean > /dev/null
  - ./configure --disable-dependency-tracking --enable-minimal
  - make distcheck
+ - ( echo '#include <sodium.h>' ; echo 'int main(void) { return sodium_init(); }' ) > /tmp/main.c && gcc -Isrc/libsodium/include -Isrc/libsodium/include/sodium $(find src -name '*.c' -o -name '*.S') /tmp/main.c
 
 env:
   global:

deps/libsodium/.travis.yml

@@ -2,13 +2,18 @@
 Designers
 =========
 
+argon2                                 Alex Biryukov
+                                       Daniel Dinu
+                                       Dmitry Khovratovich
+
 blake2                                 Jean-Philippe Aumasson
                                        Christian Winnerlein
                                        Samuel Neves
                                        Zooko Wilcox-O'Hearn
 
 chacha20                               Daniel J. Bernstein
-salsa20
+
+salsa20                                Daniel J. Bernstein
 
 chacha20poly1305                       Adam Langley
 
@@ -32,10 +37,17 @@ scrypt                                 Colin Percival
 Implementors
 ============
 
+crypto_aead/aes256gcm/aesni            Romain Dolbeau
+                                       Frank Denis
+
 crypto_aead/chacha20poly1305           Frank Denis
 
+crypto_core/curve25519                 Daniel J. Bernstein
+
 crypto_box/curve25519xsalsa20poly1305  Daniel J. Bernstein
 
+crypto_core/hchacha20                  Frank Denis
+
 crypto_core/hsalsa20                   Daniel J. Bernstein
 crypto_core/salsa20
 crypto_core/salsa2012
@@ -53,6 +65,8 @@ crypto_scalarmult/curve25519/ref10     Daniel J. Bernstein
 
 crypto_scalarmult/curve25519/donna_c64 Adam Langley
 
+crypto_scalarmult/curve25519/sandy2x   Tung Chou
+
 crypto_secretbox/xsalsa20poly1305      Daniel J. Bernstein
 
 crypto_sign/ed25519                    Peter Schwabe
@@ -63,7 +77,9 @@ crypto_sign/ed25519                    Peter Schwabe
 
 crypto_stream/aes128ctr                Peter Schwabe
 
-crypto_stream/chacha20                 Daniel J. Bernstein
+crypto_stream/chacha20/ref             Daniel J. Bernstein
+
+crypto_stream/chacha20/vec             Ted Krovetz
 
 crypto_stream/salsa20                  Daniel J. Bernstein
 crypto_stream/salsa2012
@@ -78,7 +94,15 @@ crypto_generichash/blake2b             Jean-Philippe Aumasson
                                        Samuel Neves
                                        Zooko Wilcox-O'Hearn
 
-crypto_onetimeauth/poly1305/donna      Andrew "floodyberry" Moon.
+crypto_onetimeauth/poly1305/donna      Andrew "floodyberry" Moon
+
+crypto_onetimeauth/poly1305/sse2       Andrew "floodyberry" Moon
+
+crypto_pwhash/argon2                   Samuel Neves
+                                       Dmitry Khovratovich
+                                       Jean-Philippe Aumasson
+                                       Daniel Dinu
+                                       Thomas Pornin
 
 crypto_pwhash/scryptsalsa208sha256     Colin Percival
                                        Alexander Peslyak

deps/libsodium/AUTHORS

@@ -1,15 +1,109 @@
 
-* Version 1.0.4 (not released yet)
+* Version 1.0.10
+ - This release only fixes a compilation issue reported with some older
+gcc versions. There are no functional changes over the previous release.
+
+* Version 1.0.9
+ - The Javascript target now includes a `--sumo` option to include all
+the symbols of the original C library.
+ - A detached API was added to the ChaCha20-Poly1305 and AES256-GCM
+implementations.
+ - The Argon2i password hashing function was added, and is accessible
+directly and through a new, high-level `crypto_pwhash` API. The scrypt
+function remains available as well.
+ - A speed-record AVX2 implementation of BLAKE2b was added (thanks to
+Samuel Neves).
+ - The library can now be compiled using C++Builder (thanks to @jcolli44)
+ - Countermeasures for Ed25519 signatures malleability have been added
+to match the irtf-cfrg-eddsa draft (note that malleability is irrelevant to
+the standard definition of signature security). Signatures with a small-order
+`R` point are now also rejected.
+ - Some implementations are now slightly faster when using the Clang
+compiler.
+ - The HChaCha20 core function was implemented (`crypto_core_hchacha20()`).
+ - No-op stubs were added for all AES256-GCM public functions even when
+compiled on non-Intel platforms.
+ - `crypt_generichash_blake2b_statebytes()` was added.
+ - New macros were added for the IETF variant of the ChaCha20-Poly1305
+construction.
+ - The library can now be compiled on Minix.
+ - HEASLR is now enabled on MinGW builds.
+
+* Version 1.0.8
+ - Handle the case where the CPU supports AVX, but we are running
+on an hypervisor with AVX disabled/not supported.
+ - Faster (2x) scalarmult_base() when using the ref10 implementation.
+
+* Version 1.0.7
+ - More functions whose return value should be checked have been
+tagged with `__attribute__ ((warn_unused_result))`: `crypto_box_easy()`,
+`crypto_box_detached()`, `crypto_box_beforenm()`, `crypto_box()`, and
+`crypto_scalarmult()`.
+ - Sandy2x, the fastest Curve25519 implementation ever, has been
+merged in, and is automatically used on CPUs supporting the AVX
+instructions set.
+ - An SSE2 optimized implementation of Poly1305 was added, and is
+twice as fast as the portable one.
+ - An SSSE3 optimized implementation of ChaCha20 was added, and is
+twice as fast as the portable one.
+ - Faster `sodium_increment()` for common nonce sizes.
+ - New helper functions have been added: `sodium_is_zero()` and
+ `sodium_add()`.
+ - `sodium_runtime_has_aesni()` now properly detects the CPU flag when
+ compiled using Visual Studio.
+
+* Version 1.0.6
+ - Optimized implementations of Blake2 have been added for modern
+Intel platforms. `crypto_generichash()` is now faster than MD5 and SHA1
+implementations while being far more secure.
+ - Functions for which the return value should be checked have been
+tagged with `__attribute__ ((warn_unused_result))`. This will
+intentionally break code compiled with `-Werror` that didn't bother
+checking critical return values.
+ - The `crypto_sign_edwards25519sha512batch_*()` functions have been
+tagged as deprecated.
+ - Undocumented symbols that were exported, but were only useful for
+internal purposes have been removed or made private:
+`sodium_runtime_get_cpu_features()`, the implementation-specific
+`crypto_onetimeauth_poly1305_donna()` symbols,
+`crypto_onetimeauth_poly1305_set_implementation()`,
+`crypto_onetimeauth_poly1305_implementation_name()` and
+`crypto_onetimeauth_pick_best_implementation()`.
+ - `sodium_compare()` now works as documented, and compares numbers
+in little-endian format instead of behaving like `memcmp()`.
+ - The previous changes should not break actual applications, but to be
+safe, the library version major was incremented.
+ - `sodium_runtime_has_ssse3()` and `sodium_runtime_has_sse41()` have
+been added.
+ - The library can now be compiled with the CompCert compiler.
+
+* Version 1.0.5
+ - Compilation issues on some platforms were fixed: missing alignment
+directives were added (required at least on RHEL-6/i386), a workaround
+for a VRP bug on gcc/armv7 was added, and the library can now be compiled
+with the SunPro compiler.
+ - Javascript target: io.js is not supported any more. Use nodejs.
+
+* Version 1.0.4
+ - Support for AES256-GCM has been added. This requires
+a CPU with the aesni and pclmul extensions, and is accessible via the
+crypto_aead_aes256gcm_*() functions.
+ - The Javascript target doesn't use eval() any more, so that the
+library can be used in Chrome packaged applications.
+ - QNX and CloudABI are now supported.
+ - Support for NaCl has finally been added.
  - ChaCha20 with an extended (96 bit) nonce and a 32-bit counter has
 been implemented as crypto_stream_chacha20_ietf(),
 crypto_stream_chacha20_ietf_xor() and crypto_stream_chacha20_ietf_xor_ic().
 An IETF-compatible version of ChaCha20Poly1305 is available as
 crypto_aead_chacha20poly1305_ietf_npubbytes(),
 crypto_aead_chacha20poly1305_ietf_encrypt() and
 crypto_aead_chacha20poly1305_ietf_decrypt().
- - Sodium can now be used in Windows Store apps.
  - The sodium_increment() helper function has been added, to increment
-an arbitrary long number (such as a nonce).
+an arbitrary large number (such as a nonce).
+ - The sodium_compare() helper function has been added, to compare
+arbitrary large numbers (such as nonces, in order to prevent replay
+attacks).
 
 * Version 1.0.3
  - In addition to sodium_bin2hex(), sodium_hex2bin() is now a

deps/libsodium/ChangeLog

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2013-2015
+ * Copyright (c) 2013-2016
  * Frank Denis <j at pureftpd dot org>
  *
  * Permission to use, copy, modify, and/or distribute this software for any

deps/libsodium/LICENSE

@@ -17,5 +17,6 @@ SUBDIRS = \
 
 pkgconfigdir = $(libdir)/pkgconfig
 pkgconfig_DATA = @[email protected]
+
 DISTCLEANFILES = $(pkgconfig_DATA)
 

deps/libsodium/Makefile.am

@@ -1,4 +1,5 @@
-[![Build Status](https://travis-ci.org/jedisct1/libsodium.png?branch=master)](https://travis-ci.org/jedisct1/libsodium?branch=master)
+[![Build Status](https://travis-ci.org/jedisct1/libsodium.svg?branch=master)](https://travis-ci.org/jedisct1/libsodium?branch=master)
+[![Windows build status](https://ci.appveyor.com/api/projects/status/fu8s2elx25il98hj?svg=true)](https://ci.appveyor.com/project/jedisct1/libsodium)
 [![Coverity Scan Build Status](https://scan.coverity.com/projects/2397/badge.svg)](https://scan.coverity.com/projects/2397)
 
 ![libsodium](https://raw.github.com/jedisct1/libsodium/master/logo.png)
@@ -22,7 +23,16 @@ including Windows (with MingW or Visual Studio, x86 and x64), iOS and Android.
 The documentation is a work-in-progress, and is being written using
 Gitbook:
 
-[libsodium documentation](https://download.libsodium.org/doc/)
+* [libsodium documentation](https://download.libsodium.org/doc/) -
+online, requires Javascript.
+* [offline documentation](https://www.gitbook.com/book/jedisct1/libsodium/details)
+in PDF, MOBI and ePUB formats.
+
+## Integrity Checking
+
+The integrity checking instructions (including the signing key for libsodium)
+are available in the [installation](https://download.libsodium.org/doc/installation/index.html#integrity-checking)
+section of the documentation.
 
 ## Community
 

deps/libsodium/README

@@ -12,6 +12,7 @@ Chris Rebert (@cvrebert)
 Colm MacCárthaigh (@colmmacc)
 Donald Stufft (@dstufft)
 Douglas Campos (@qmx)
+Drew Crawford (@drewcrawford)
 Eric Dong (@quantum1423)
 Eric Voskuil (@evoskuil)
 Frank Siebenlist (@franks42)
@@ -28,9 +29,11 @@ Michael Gorlick (@mgorlick)
 Michael Gregorowicz (@mgregoro)
 Omar Ayub (@electricFeel)
 Pedro Paixao (@paixaop)
+Project ArteMisc (@artemisc)
 Ruben De Visscher (@rubendv)
 Rudolf Von Krugstein (@rudolfvonkrugstein)
 Samuel Neves (@sneves)
+Scott Arciszewski (@paragonie-scott)
 Stefan Marsiske
 Stephan Touset (@stouset)
 Steve Gibson (@sggrc)