update to 1.0.0-1 version of the package

author: Micah Anderson <micah@riseup.net> 2014-11-11 11:18:18 -0500
committer: Micah Anderson <micah@riseup.net> 2014-11-11 11:18:18 -0500
commit: c73b6c9ba513fea3e18b696e659049df69931171 (patch)
tree: a001cd6acbecead76b9a55f324278e8d077fe3d5
parent: eabdc6e3d62550679476899dd861c23b63937142 (diff)
214 files changed, 3698 insertions, 4627 deletions
diff --git a/AUTHORS b/AUTHORS
index 361aa49..6208f0e 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -63,9 +63,6 @@ crypto_sign/ed25519                    Peter Schwabe
 
 crypto_stream/aes128ctr                Peter Schwabe
 
-crypto_stream/aes256estream            Hongjun Wu
-                                       Frank Denis
-
 crypto_stream/chacha20                 Daniel J. Bernstein
 
 crypto_stream/salsa20                  Daniel J. Bernstein
diff --git a/ChangeLog b/ChangeLog
index b8ddb0b..42bd744 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,41 @@
 
+* Version 1.0.0
+ - The API and ABI are now stable. New features will be added, but
+backward-compatibility is guaranteed through all the 1.x.y releases.
+ - crypto_sign() properly works with overlapping regions again. Thanks
+to @pysiak for reporting this regression introduced in version 0.6.1.
+ - The test suite has been extended.
+
+* Version 0.7.1 (1.0 RC2)
+ - This is the second release candidate of Sodium 1.0. Minor
+compilation, readability and portability changes have been made and the
+test suite was improved, but the API is the same as the previous release
+candidate.
+
+* Version 0.7.0 (1.0 RC1)
+ - Allocating memory to store sensitive data can now be done using
+sodium_malloc() and sodium_allocarray(). These functions add guard
+pages around the protected data to make it less likely to be
+accessible in a heartbleed-like scenario. In addition, the protection
+for memory regions allocated that way can be changed using
+sodium_mprotect_noaccess(), sodium_mprotect_readonly() and
+sodium_mprotect_readwrite().
+ - ed25519 keys can be converted to curve25519 keys with
+crypto_sign_ed25519_pk_to_curve25519() and
+crypto_sign_ed25519_sk_to_curve25519(). This allows using the same
+keys for signature and encryption.
+ - The seed and the public key can be extracted from an ed25519 key
+using crypto_sign_ed25519_sk_to_seed() and crypto_sign_ed25519_sk_to_pk().
+ - aes256 was removed. A timing-attack resistant implementation might
+be added later, but not before version 1.0 is tagged.
+ - The crypto_pwhash_scryptxsalsa208sha256_* compatibility layer was
+removed. Use crypto_pwhash_scryptsalsa208sha256_*.
+ - The compatibility layer for implementation-specific functions was
+removed.
+ - Compilation issues with Mingw64 on MSYS (not MSYS2) were fixed.
+ - crypto_pwhash_scryptsalsa208sha256_STRPREFIX was added: it contains
+the prefix produced by crypto_pwhash_scryptsalsa208sha256_str()
+
 * Version 0.6.1
  - Important bug fix: when crypto_sign_open() was given a signed
 message too short to even contain a signature, it was putting an
diff --git a/LICENSE b/LICENSE
index 9a56e63..d4d12ef 100644
--- a/LICENSE
+++ b/LICENSE
@@ -2,7 +2,7 @@
  * Copyright (c) 2013-2014
  * Frank Denis <j at pureftpd dot org>
  *
- * Permission to use, copy, modify, and distribute this software for any
+ * Permission to use, copy, modify, and/or distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
diff --git a/THANKS b/THANKS
index 78f2784..2df2bad 100644
--- a/THANKS
+++ b/THANKS
@@ -2,6 +2,7 @@
 @dnaq
 @joshjdevl
 @jshahbazi
+@lvh
 @neheb
 Amit Murthy (@amitmurthy)
 Bruno Oliveira (@abstractj)
@@ -14,11 +15,13 @@ Eric Voskuil (@evoskuil)
 Gabriel Handford (@gabriel)
 Jachym Holecek (@freza)
 Jan de Muijnck-Hughes (@jfdm)
+Jason McCampbell (@jasonmccampbell)
 Jeroen Habraken (@VeXocide)
 Joseph Abrahamson (@tel)
 Kenneth Ballenegger (@kballenegger)
 Michael Gorlick (@mgorlick)
 Michael Gregorowicz (@mgregoro)
+Omar Ayub (@electricFeel)
 Pedro Paixao (@paixaop)
 Ruben De Visscher (@rubendv)
 Samuel Neves (@sneves)
diff --git a/builds/msvc/properties/Common.props b/builds/msvc/properties/Common.props
index 72588d6..6e10d88 100644
--- a/builds/msvc/properties/Common.props
+++ b/builds/msvc/properties/Common.props
@@ -14,8 +14,10 @@
     <ClCompile>
       <MultiProcessorCompilation>true</MultiProcessorCompilation>
       <PreprocessorDefinitions>UNICODE;_UNICODE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>NATIVE_LITTLE_ENDIAN=1;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>inline=__inline;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <WarningLevel>Level3</WarningLevel>
     </ClCompile>
   </ItemDefinitionGroup>
 
-</Project>
-\ No newline at end of file
+</Project>
diff --git a/builds/msvc/properties/Release.props b/builds/msvc/properties/Release.props
index 1c5415b..296dbfe 100644
--- a/builds/msvc/properties/Release.props
+++ b/builds/msvc/properties/Release.props
@@ -20,10 +20,8 @@
       <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
       <MinimalRebuild>false</MinimalRebuild>
       <Optimization>MaxSpeed</Optimization>
-      <PreprocessorDefinitions>NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
     </ClCompile>
     <ResourceCompile>
-      <PreprocessorDefinitions>NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
     </ResourceCompile>
     <Link>
       <EnableCOMDATFolding>true</EnableCOMDATFolding>
@@ -38,4 +36,4 @@
     </ClCompile>
   </ItemDefinitionGroup>
 
-</Project>
-\ No newline at end of file
+</Project>
diff --git a/builds/msvc/version.h b/builds/msvc/version.h
index ca13a74..da4fd43 100644
--- a/builds/msvc/version.h
+++ b/builds/msvc/version.h
@@ -4,10 +4,10 @@
 
 #include "export.h"
 
-#define SODIUM_VERSION_STRING "0.6.1"
+#define SODIUM_VERSION_STRING "1.0.0"
 
-#define SODIUM_LIBRARY_VERSION_MAJOR 6
-#define SODIUM_LIBRARY_VERSION_MINOR 1
+#define SODIUM_LIBRARY_VERSION_MAJOR 7
+#define SODIUM_LIBRARY_VERSION_MINOR 2
 
 #ifdef __cplusplus
 extern "C" {
diff --git a/builds/msvc/vs2010/libsodium/libsodium.vcxproj b/builds/msvc/vs2010/libsodium/libsodium.vcxproj
index 95b0006..04c8950 100644
--- a/builds/msvc/vs2010/libsodium/libsodium.vcxproj
+++ b/builds/msvc/vs2010/libsodium/libsodium.vcxproj
@@ -130,7 +130,6 @@
     <ClInclude Include="..\..\..\..\src\libsodium\include\sodium\crypto_sign_edwards25519sha512batch.h" />
     <ClInclude Include="..\..\..\..\src\libsodium\include\sodium\crypto_stream.h" />
     <ClInclude Include="..\..\..\..\src\libsodium\include\sodium\crypto_stream_aes128ctr.h" />
-    <ClInclude Include="..\..\..\..\src\libsodium\include\sodium\crypto_stream_aes256estream.h" />
     <ClInclude Include="..\..\..\..\src\libsodium\include\sodium\crypto_stream_salsa20.h" />
     <ClInclude Include="..\..\..\..\src\libsodium\include\sodium\crypto_stream_salsa2012.h" />
     <ClInclude Include="..\..\..\..\src\libsodium\include\sodium\crypto_stream_salsa208.h" />
@@ -303,14 +302,6 @@
     <ClCompile Include="..\..\..\..\src\libsodium\crypto_stream\aes128ctr\portable\stream_aes128ctr.c" />
     <ClInclude Include="..\..\..\..\src\libsodium\crypto_stream\aes128ctr\portable\types.h" />
     <ClCompile Include="..\..\..\..\src\libsodium\crypto_stream\aes128ctr\portable\xor_afternm_aes128ctr.c" />
-    <ClInclude Include="..\..\..\..\src\libsodium\crypto_stream\aes256estream\hongjun\aes-table.h" />
-    <ClInclude Include="..\..\..\..\src\libsodium\crypto_stream\aes256estream\hongjun\aes-table-be.h" />
-    <ClInclude Include="..\..\..\..\src\libsodium\crypto_stream\aes256estream\hongjun\aes-table-le.h" />
-    <ClCompile Include="..\..\..\..\src\libsodium\crypto_stream\aes256estream\hongjun\aes256-ctr.c" />
-    <ClInclude Include="..\..\..\..\src\libsodium\crypto_stream\aes256estream\hongjun\aes256.h" />
-    <ClCompile Include="..\..\..\..\src\libsodium\crypto_stream\aes256estream\stream_aes256estream_api.c" />
-    <ClInclude Include="..\..\..\..\src\libsodium\crypto_stream\aes256estream\hongjun\api.h" />
-    <ClInclude Include="..\..\..\..\src\libsodium\crypto_stream\aes256estream\hongjun\ecrypt-sync.h" />
     <ClInclude Include="..\..\..\..\src\libsodium\crypto_stream\salsa20\amd64_xmm6\api.h" />
     <ClInclude Include="..\..\..\..\src\libsodium\crypto_stream\salsa20\ref\api.h" />
     <ClCompile Include="..\..\..\..\src\libsodium\crypto_stream\salsa20\stream_salsa20_api.c" />
@@ -338,7 +329,6 @@
     <ClCompile Include="..\..\..\..\src\libsodium\randombytes\randombytes.c" />
     <ClCompile Include="..\..\..\..\src\libsodium\randombytes\salsa20\randombytes_salsa20_random.c" />
     <ClCompile Include="..\..\..\..\src\libsodium\randombytes\sysrandom\randombytes_sysrandom.c" />
-    <ClCompile Include="..\..\..\..\src\libsodium\sodium\compat.c" />
     <ClCompile Include="..\..\..\..\src\libsodium\sodium\core.c" />
     <ClCompile Include="..\..\..\..\src\libsodium\sodium\runtime.c" />
     <ClCompile Include="..\..\..\..\src\libsodium\sodium\utils.c" />
@@ -362,4 +352,4 @@
     <Xml Include="..\..\..\..\packaging\nuget\package.xml" />
   </ItemGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
-</Project>
-\ No newline at end of file
+</Project>
diff --git a/builds/msvc/vs2010/libsodium/libsodium.vcxproj.filters b/builds/msvc/vs2010/libsodium/libsodium.vcxproj.filters
index 13805be..438508a 100644
--- a/builds/msvc/vs2010/libsodium/libsodium.vcxproj.filters
+++ b/builds/msvc/vs2010/libsodium/libsodium.vcxproj.filters
@@ -94,9 +94,6 @@
     <ClInclude Include="..\..\..\..\src\libsodium\include\sodium\crypto_stream_aes128ctr.h">
       <Filter>include\sodium</Filter>
     </ClInclude>
-    <ClInclude Include="..\..\..\..\src\libsodium\include\sodium\crypto_stream_aes256estream.h">
-      <Filter>include\sodium</Filter>
-    </ClInclude>
     <ClInclude Include="..\..\..\..\src\libsodium\include\sodium\crypto_stream_salsa20.h">
       <Filter>include\sodium</Filter>
     </ClInclude>
@@ -154,9 +151,6 @@
     <ClInclude Include="..\..\..\..\src\libsodium\include\sodium\utils.h">
       <Filter>include\sodium</Filter>
     </ClInclude>
-    <ClCompile Include="..\..\..\..\src\libsodium\crypto_stream\aes256estream\hongjun\aes256-ctr.c">
-      <Filter>src\crypto_stream\aes256estream\hongjun</Filter>
-    </ClCompile>
     <ClCompile Include="..\..\..\..\src\libsodium\crypto_box\curve25519xsalsa20poly1305\ref\after_curve25519xsalsa20poly1305.c">
       <Filter>src\crypto_box\curve25519xsalsa20poly1305\ref</Filter>
     </ClCompile>
@@ -427,9 +421,6 @@
     <ClCompile Include="..\..\..\..\src\libsodium\crypto_stream\aes128ctr\stream_aes128ctr_api.c">
       <Filter>src\crypto_stream\aes128ctr</Filter>
     </ClCompile>
-    <ClCompile Include="..\..\..\..\src\libsodium\crypto_stream\aes256estream\stream_aes256estream_api.c">
-      <Filter>src\crypto_stream\aes256estream</Filter>
-    </ClCompile>
     <ClCompile Include="..\..\..\..\src\libsodium\crypto_stream\salsa20\stream_salsa20_api.c">
       <Filter>src\crypto_stream\salsa20</Filter>
     </ClCompile>
@@ -493,9 +484,6 @@
     <ClCompile Include="..\..\..\..\src\libsodium\crypto_auth\hmacsha512256\cp\verify_hmacsha512256.c">
       <Filter>src\crypto_auth\hmacsha512256\cp</Filter>
     </ClCompile>
-    <ClCompile Include="..\..\..\..\src\libsodium\sodium\compat.c">
-      <Filter>src\sodium</Filter>
-    </ClCompile>
     <ClCompile Include="..\..\..\..\src\libsodium\sodium\core.c">
       <Filter>src\sodium</Filter>
     </ClCompile>
@@ -532,18 +520,6 @@
     <ClCompile Include="..\..\..\..\src\libsodium\randombytes\sysrandom\randombytes_sysrandom.c">
       <Filter>src\randombytes\sysrandom</Filter>
     </ClCompile>
-    <ClInclude Include="..\..\..\..\src\libsodium\crypto_stream\aes256estream\hongjun\aes256.h">
-      <Filter>src\crypto_stream\aes256estream\hongjun</Filter>
-    </ClInclude>
-    <ClInclude Include="..\..\..\..\src\libsodium\crypto_stream\aes256estream\hongjun\aes-table.h">
-      <Filter>src\crypto_stream\aes256estream\hongjun</Filter>
-    </ClInclude>
-    <ClInclude Include="..\..\..\..\src\libsodium\crypto_stream\aes256estream\hongjun\aes-table-be.h">
-      <Filter>src\crypto_stream\aes256estream\hongjun</Filter>
-    </ClInclude>
-    <ClInclude Include="..\..\..\..\src\libsodium\crypto_stream\aes256estream\hongjun\aes-table-le.h">
-      <Filter>src\crypto_stream\aes256estream\hongjun</Filter>
-    </ClInclude>
     <ClCompile Include="..\..\..\..\src\libsodium\crypto_auth\hmacsha512\auth_hmacsha512_api.c">
       <Filter>src\crypto_auth\hmacsha512</Filter>
     </ClCompile>
@@ -565,9 +541,6 @@
     <ClCompile Include="..\..\..\..\src\libsodium\crypto_pwhash\scryptsalsa208sha256\crypto_scrypt-common.c">
       <Filter>src\crypto_pwhash\scryptsalsa208sha256</Filter>
     </ClCompile>
-    <ClInclude Include="..\..\..\..\src\libsodium\crypto_stream\aes256estream\hongjun\ecrypt-sync.h">
-      <Filter>src\crypto_stream\aes256estream\hongjun</Filter>
-    </ClInclude>
     <ClInclude Include="..\..\..\..\src\libsodium\crypto_sign\ed25519\ref10\fe.h">
       <Filter>src\crypto_sign\ed25519\ref10</Filter>
     </ClInclude>
@@ -676,9 +649,6 @@
     <ClInclude Include="..\..\..\..\src\libsodium\crypto_stream\aes128ctr\portable\api.h">
       <Filter>src\crypto_stream\aes128ctr\portable</Filter>
     </ClInclude>
-    <ClInclude Include="..\..\..\..\src\libsodium\crypto_stream\aes256estream\hongjun\api.h">
-      <Filter>src\crypto_stream\aes256estream\hongjun</Filter>
-    </ClInclude>
     <ClInclude Include="..\..\..\..\src\libsodium\crypto_verify\16\ref\api.h">
       <Filter>src\crypto_verify\16\ref</Filter>
     </ClInclude>
@@ -946,9 +916,6 @@
     <Filter Include="src\crypto_stream\aes128ctr">
       <UniqueIdentifier>{ca40b775-e025-4359-87ae-02c771c1a222}</UniqueIdentifier>
     </Filter>
-    <Filter Include="src\crypto_stream\aes256estream">
-      <UniqueIdentifier>{afb86556-101b-407c-93f6-db784a9e3f4f}</UniqueIdentifier>
-    </Filter>
     <Filter Include="src\crypto_stream\salsa20">
       <UniqueIdentifier>{91c31952-2f36-418e-aa07-68ed57057d0f}</UniqueIdentifier>
     </Filter>
@@ -970,9 +937,6 @@
     <Filter Include="src\crypto_stream\salsa2012\ref">
       <UniqueIdentifier>{1c006197-b25b-48e8-833f-2dd59a571b9d}</UniqueIdentifier>
     </Filter>
-    <Filter Include="src\crypto_stream\aes256estream\hongjun">
-      <UniqueIdentifier>{3acc42ca-4646-462d-bbac-2a07e9eb30be}</UniqueIdentifier>
-    </Filter>
     <Filter Include="src\crypto_stream\aes128ctr\portable">
       <UniqueIdentifier>{46eb8265-dc41-4289-aa7d-c1918e05cf75}</UniqueIdentifier>
     </Filter>
@@ -1111,4 +1075,4 @@
       <Filter>src\crypto_aead\chacha20poly1305\sodium</Filter>
     </ClCompile>
   </ItemGroup>
-</Project>
-\ No newline at end of file
+</Project>
diff --git a/builds/msvc/vs2010/test/test.vcxproj b/builds/msvc/vs2010/test/test.vcxproj
index 2cd94c3..4c8f931 100644
--- a/builds/msvc/vs2010/test/test.vcxproj
+++ b/builds/msvc/vs2010/test/test.vcxproj
@@ -112,6 +112,9 @@
     <ClCompile Include="..\..\..\..\test\default\core6.c">
       <ExcludedFromBuild>true</ExcludedFromBuild>
     </ClCompile>
+    <ClCompile Include="..\..\..\..\test\default\ed25519_convert.c">
+      <ExcludedFromBuild>true</ExcludedFromBuild>
+    </ClCompile>
     <ClCompile Include="..\..\..\..\test\default\generichash.c">
       <ExcludedFromBuild>true</ExcludedFromBuild>
     </ClCompile>
@@ -154,6 +157,9 @@
     <ClCompile Include="..\..\..\..\test\default\scalarmult6.c">
       <ExcludedFromBuild>true</ExcludedFromBuild>
     </ClCompile>
+    <ClCompile Include="..\..\..\..\test\default\scalarmult7.c">
+      <ExcludedFromBuild>true</ExcludedFromBuild>
+    </ClCompile>
     <ClCompile Include="..\..\..\..\test\default\secretbox.c">
       <ExcludedFromBuild>true</ExcludedFromBuild>
     </ClCompile>
@@ -184,6 +190,12 @@
     <ClCompile Include="..\..\..\..\test\default\sodium_utils.c">
       <ExcludedFromBuild>true</ExcludedFromBuild>
     </ClCompile>
+    <ClCompile Include="..\..\..\..\test\default\sodium_utils2.c">
+      <ExcludedFromBuild>true</ExcludedFromBuild>
+    </ClCompile>
+    <ClCompile Include="..\..\..\..\test\default\sodium_utils3.c">
+      <ExcludedFromBuild>true</ExcludedFromBuild>
+    </ClCompile>
     <ClCompile Include="..\..\..\..\test\default\sodium_version.c">
       <ExcludedFromBuild>true</ExcludedFromBuild>
     </ClCompile>
@@ -211,4 +223,4 @@
     <ClInclude Include="..\..\..\..\test\quirks\windows\windows-quirks.h" />
   </ItemGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
-</Project>
-\ No newline at end of file
+</Project>
diff --git a/builds/msvc/vs2010/test/test.vcxproj.filters b/builds/msvc/vs2010/test/test.vcxproj.filters
index c0819e8..42b8528 100644
--- a/builds/msvc/vs2010/test/test.vcxproj.filters
+++ b/builds/msvc/vs2010/test/test.vcxproj.filters
@@ -49,6 +49,9 @@
     <ClCompile Include="..\..\..\..\test\default\core6.c">
       <Filter>src</Filter>
     </ClCompile>
+    <ClCompile Include="..\..\..\..\test\default\ed25519_convert.c">
+      <Filter>src</Filter>
+    </ClCompile>
     <ClCompile Include="..\..\..\..\test\default\generichash.c">
       <Filter>src</Filter>
     </ClCompile>
@@ -88,6 +91,9 @@
     <ClCompile Include="..\..\..\..\test\default\scalarmult6.c">
       <Filter>src</Filter>
     </ClCompile>
+    <ClCompile Include="..\..\..\..\test\default\scalarmult7.c">
+      <Filter>src</Filter>
+    </ClCompile>
     <ClCompile Include="..\..\..\..\test\default\secretbox.c">
       <Filter>src</Filter>
     </ClCompile>
@@ -115,6 +121,12 @@
     <ClCompile Include="..\..\..\..\test\default\sodium_utils.c">
       <Filter>src</Filter>
     </ClCompile>
+    <ClCompile Include="..\..\..\..\test\default\sodium_utils2.c">
+      <Filter>src</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\..\..\test\default\sodium_utils3.c">
+      <Filter>src</Filter>
+    </ClCompile>
     <ClCompile Include="..\..\..\..\test\default\sodium_version.c">
       <Filter>src</Filter>
     </ClCompile>
@@ -159,4 +171,4 @@
       <UniqueIdentifier>{5b5af4b5-c6aa-4b30-bdef-074b1bdc43ea}</UniqueIdentifier>
     </Filter>
   </ItemGroup>
-</Project>
-\ No newline at end of file
+</Project>
diff --git a/builds/msvc/vs2012/libsodium/libsodium.vcxproj b/builds/msvc/vs2012/libsodium/libsodium.vcxproj
index f47a042..d6edfc4 100644
--- a/builds/msvc/vs2012/libsodium/libsodium.vcxproj
+++ b/builds/msvc/vs2012/libsodium/libsodium.vcxproj
@@ -130,7 +130,6 @@
     <ClInclude Include="..\..\..\..\src\libsodium\include\sodium\crypto_sign_edwards25519sha512batch.h" />
     <ClInclude Include="..\..\..\..\src\libsodium\include\sodium\crypto_stream.h" />
     <ClInclude Include="..\..\..\..\src\libsodium\include\sodium\crypto_stream_aes128ctr.h" />
-    <ClInclude Include="..\..\..\..\src\libsodium\include\sodium\crypto_stream_aes256estream.h" />
     <ClInclude Include="..\..\..\..\src\libsodium\include\sodium\crypto_stream_salsa20.h" />
     <ClInclude Include="..\..\..\..\src\libsodium\include\sodium\crypto_stream_salsa2012.h" />
     <ClInclude Include="..\..\..\..\src\libsodium\include\sodium\crypto_stream_salsa208.h" />
@@ -303,14 +302,6 @@
     <ClCompile Include="..\..\..\..\src\libsodium\crypto_stream\aes128ctr\portable\stream_aes128ctr.c" />
     <ClInclude Include="..\..\..\..\src\libsodium\crypto_stream\aes128ctr\portable\types.h" />
     <ClCompile Include="..\..\..\..\src\libsodium\crypto_stream\aes128ctr\portable\xor_afternm_aes128ctr.c" />
-    <ClInclude Include="..\..\..\..\src\libsodium\crypto_stream\aes256estream\hongjun\aes-table.h" />
-    <ClInclude Include="..\..\..\..\src\libsodium\crypto_stream\aes256estream\hongjun\aes-table-be.h" />
-    <ClInclude Include="..\..\..\..\src\libsodium\crypto_stream\aes256estream\hongjun\aes-table-le.h" />
-    <ClCompile Include="..\..\..\..\src\libsodium\crypto_stream\aes256estream\hongjun\aes256-ctr.c" />
-    <ClInclude Include="..\..\..\..\src\libsodium\crypto_stream\aes256estream\hongjun\aes256.h" />
-    <ClCompile Include="..\..\..\..\src\libsodium\crypto_stream\aes256estream\stream_aes256estream_api.c" />
-    <ClInclude Include="..\..\..\..\src\libsodium\crypto_stream\aes256estream\hongjun\api.h" />
-    <ClInclude Include="..\..\..\..\src\libsodium\crypto_stream\aes256estream\hongjun\ecrypt-sync.h" />
     <ClInclude Include="..\..\..\..\src\libsodium\crypto_stream\salsa20\amd64_xmm6\api.h" />
     <ClInclude Include="..\..\..\..\src\libsodium\crypto_stream\salsa20\ref\api.h" />
     <ClCompile Include="..\..\..\..\src\libsodium\crypto_stream\salsa20\stream_salsa20_api.c" />
@@ -338,7 +329,6 @@
     <ClCompile Include="..\..\..\..\src\libsodium\randombytes\randombytes.c" />
     <ClCompile Include="..\..\..\..\src\libsodium\randombytes\salsa20\randombytes_salsa20_random.c" />
     <ClCompile Include="..\..\..\..\src\libsodium\randombytes\sysrandom\randombytes_sysrandom.c" />
-    <ClCompile Include="..\..\..\..\src\libsodium\sodium\compat.c" />
     <ClCompile Include="..\..\..\..\src\libsodium\sodium\core.c" />
     <ClCompile Include="..\..\..\..\src\libsodium\sodium\runtime.c" />
     <ClCompile Include="..\..\..\..\src\libsodium\sodium\utils.c" />
@@ -362,4 +352,4 @@
     <Xml Include="..\..\..\..\packaging\nuget\package.xml" />
   </ItemGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
-</Project>
-\ No newline at end of file
+</Project>
diff --git a/builds/msvc/vs2012/libsodium/libsodium.vcxproj.filters b/builds/msvc/vs2012/libsodium/libsodium.vcxproj.filters
index 13805be..438508a 100644
--- a/builds/msvc/vs2012/libsodium/libsodium.vcxproj.filters
+++ b/builds/msvc/vs2012/libsodium/libsodium.vcxproj.filters
@@ -94,9 +94,6 @@
     <ClInclude Include="..\..\..\..\src\libsodium\include\sodium\crypto_stream_aes128ctr.h">
       <Filter>include\sodium</Filter>
     </ClInclude>
-    <ClInclude Include="..\..\..\..\src\libsodium\include\sodium\crypto_stream_aes256estream.h">
-      <Filter>include\sodium</Filter>
-    </ClInclude>
     <ClInclude Include="..\..\..\..\src\libsodium\include\sodium\crypto_stream_salsa20.h">
       <Filter>include\sodium</Filter>
     </ClInclude>
@@ -154,9 +151,6 @@
     <ClInclude Include="..\..\..\..\src\libsodium\include\sodium\utils.h">
       <Filter>include\sodium</Filter>
     </ClInclude>
-    <ClCompile Include="..\..\..\..\src\libsodium\crypto_stream\aes256estream\hongjun\aes256-ctr.c">
-      <Filter>src\crypto_stream\aes256estream\hongjun</Filter>
-    </ClCompile>
     <ClCompile Include="..\..\..\..\src\libsodium\crypto_box\curve25519xsalsa20poly1305\ref\after_curve25519xsalsa20poly1305.c">
       <Filter>src\crypto_box\curve25519xsalsa20poly1305\ref</Filter>
     </ClCompile>
@@ -427,9 +421,6 @@
     <ClCompile Include="..\..\..\..\src\libsodium\crypto_stream\aes128ctr\stream_aes128ctr_api.c">
       <Filter>src\crypto_stream\aes128ctr</Filter>
     </ClCompile>
-    <ClCompile Include="..\..\..\..\src\libsodium\crypto_stream\aes256estream\stream_aes256estream_api.c">
-      <Filter>src\crypto_stream\aes256estream</Filter>
-    </ClCompile>
     <ClCompile Include="..\..\..\..\src\libsodium\crypto_stream\salsa20\stream_salsa20_api.c">
       <Filter>src\crypto_stream\salsa20</Filter>
     </ClCompile>
@@ -493,9 +484,6 @@
     <ClCompile Include="..\..\..\..\src\libsodium\crypto_auth\hmacsha512256\cp\verify_hmacsha512256.c">
       <Filter>src\crypto_auth\hmacsha512256\cp</Filter>
     </ClCompile>
-    <ClCompile Include="..\..\..\..\src\libsodium\sodium\compat.c">
-      <Filter>src\sodium</Filter>
-    </ClCompile>
     <ClCompile Include="..\..\..\..\src\libsodium\sodium\core.c">
       <Filter>src\sodium</Filter>
     </ClCompile>
@@ -532,18 +520,6 @@
     <ClCompile Include="..\..\..\..\src\libsodium\randombytes\sysrandom\randombytes_sysrandom.c">
       <Filter>src\randombytes\sysrandom</Filter>
     </ClCompile>
-    <ClInclude Include="..\..\..\..\src\libsodium\crypto_stream\aes256estream\hongjun\aes256.h">
-      <Filter>src\crypto_stream\aes256estream\hongjun</Filter>
-    </ClInclude>
-    <ClInclude Include="..\..\..\..\src\libsodium\crypto_stream\aes256estream\hongjun\aes-table.h">
-      <Filter>src\crypto_stream\aes256estream\hongjun</Filter>
-    </ClInclude>
-    <ClInclude Include="..\..\..\..\src\libsodium\crypto_stream\aes256estream\hongjun\aes-table-be.h">
-      <Filter>src\crypto_stream\aes256estream\hongjun</Filter>
-    </ClInclude>
-    <ClInclude Include="..\..\..\..\src\libsodium\crypto_stream\aes256estream\hongjun\aes-table-le.h">
-      <Filter>src\crypto_stream\aes256estream\hongjun</Filter>
-    </ClInclude>
     <ClCompile Include="..\..\..\..\src\libsodium\crypto_auth\hmacsha512\auth_hmacsha512_api.c">
       <Filter>src\crypto_auth\hmacsha512</Filter>
     </ClCompile>
@@ -565,9 +541,6 @@
     <ClCompile Include="..\..\..\..\src\libsodium\crypto_pwhash\scryptsalsa208sha256\crypto_scrypt-common.c">
       <Filter>src\crypto_pwhash\scryptsalsa208sha256</Filter>
     </ClCompile>
-    <ClInclude Include="..\..\..\..\src\libsodium\crypto_stream\aes256estream\hongjun\ecrypt-sync.h">
-      <Filter>src\crypto_stream\aes256estream\hongjun</Filter>
-    </ClInclude>
     <ClInclude Include="..\..\..\..\src\libsodium\crypto_sign\ed25519\ref10\fe.h">
       <Filter>src\crypto_sign\ed25519\ref10</Filter>
     </ClInclude>
@@ -676,9 +649,6 @@
     <ClInclude Include="..\..\..\..\src\libsodium\crypto_stream\aes128ctr\portable\api.h">
       <Filter>src\crypto_stream\aes128ctr\portable</Filter>
     </ClInclude>
-    <ClInclude Include="..\..\..\..\src\libsodium\crypto_stream\aes256estream\hongjun\api.h">
-      <Filter>src\crypto_stream\aes256estream\hongjun</Filter>
-    </ClInclude>
     <ClInclude Include="..\..\..\..\src\libsodium\crypto_verify\16\ref\api.h">
       <Filter>src\crypto_verify\16\ref</Filter>
     </ClInclude>
@@ -946,9 +916,6 @@
     <Filter Include="src\crypto_stream\aes128ctr">
       <UniqueIdentifier>{ca40b775-e025-4359-87ae-02c771c1a222}</UniqueIdentifier>
     </Filter>
-    <Filter Include="src\crypto_stream\aes256estream">
-      <UniqueIdentifier>{afb86556-101b-407c-93f6-db784a9e3f4f}</UniqueIdentifier>
-    </Filter>
     <Filter Include="src\crypto_stream\salsa20">
       <UniqueIdentifier>{91c31952-2f36-418e-aa07-68ed57057d0f}</UniqueIdentifier>
     </Filter>
@@ -970,9 +937,6 @@
     <Filter Include="src\crypto_stream\salsa2012\ref">
       <UniqueIdentifier>{1c006197-b25b-48e8-833f-2dd59a571b9d}</UniqueIdentifier>
     </Filter>
-    <Filter Include="src\crypto_stream\aes256estream\hongjun">
-      <UniqueIdentifier>{3acc42ca-4646-462d-bbac-2a07e9eb30be}</UniqueIdentifier>
-    </Filter>
     <Filter Include="src\crypto_stream\aes128ctr\portable">
       <UniqueIdentifier>{46eb8265-dc41-4289-aa7d-c1918e05cf75}</UniqueIdentifier>
     </Filter>
@@ -1111,4 +1075,4 @@
       <Filter>src\crypto_aead\chacha20poly1305\sodium</Filter>
     </ClCompile>
   </ItemGroup>
-</Project>
-\ No newline at end of file
+</Project>
diff --git a/builds/msvc/vs2012/test/test.vcxproj b/builds/msvc/vs2012/test/test.vcxproj
index 65fd4d8..dcde649 100644
--- a/builds/msvc/vs2012/test/test.vcxproj
+++ b/builds/msvc/vs2012/test/test.vcxproj
@@ -112,6 +112,9 @@
     <ClCompile Include="..\..\..\..\test\default\core6.c">
       <ExcludedFromBuild>true</ExcludedFromBuild>
     </ClCompile>
+    <ClCompile Include="..\..\..\..\test\default\ed25519_convert.c">
+      <ExcludedFromBuild>true</ExcludedFromBuild>
+    </ClCompile>
     <ClCompile Include="..\..\..\..\test\default\generichash.c">
       <ExcludedFromBuild>true</ExcludedFromBuild>
     </ClCompile>
@@ -154,6 +157,9 @@
     <ClCompile Include="..\..\..\..\test\default\scalarmult6.c">
       <ExcludedFromBuild>true</ExcludedFromBuild>
     </ClCompile>
+    <ClCompile Include="..\..\..\..\test\default\scalarmult7.c">
+      <ExcludedFromBuild>true</ExcludedFromBuild>
+    </ClCompile>
     <ClCompile Include="..\..\..\..\test\default\secretbox.c">
       <ExcludedFromBuild>true</ExcludedFromBuild>
     </ClCompile>
@@ -184,6 +190,12 @@
     <ClCompile Include="..\..\..\..\test\default\sodium_utils.c">
       <ExcludedFromBuild>true</ExcludedFromBuild>
     </ClCompile>
+    <ClCompile Include="..\..\..\..\test\default\sodium_utils2.c">
+      <ExcludedFromBuild>true</ExcludedFromBuild>
+    </ClCompile>
+    <ClCompile Include="..\..\..\..\test\default\sodium_utils3.c">
+      <ExcludedFromBuild>true</ExcludedFromBuild>
+    </ClCompile>
     <ClCompile Include="..\..\..\..\test\default\sodium_version.c">
       <ExcludedFromBuild>true</ExcludedFromBuild>
     </ClCompile>
@@ -211,4 +223,4 @@
     <ClInclude Include="..\..\..\..\test\quirks\windows\windows-quirks.h" />
   </ItemGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
-</Project>
-\ No newline at end of file
+</Project>
diff --git a/builds/msvc/vs2012/test/test.vcxproj.filters b/builds/msvc/vs2012/test/test.vcxproj.filters
index c0819e8..42b8528 100644
--- a/builds/msvc/vs2012/test/test.vcxproj.filters
+++ b/builds/msvc/vs2012/test/test.vcxproj.filters
@@ -49,6 +49,9 @@
     <ClCompile Include="..\..\..\..\test\default\core6.c">
       <Filter>src</Filter>
     </ClCompile>
+    <ClCompile Include="..\..\..\..\test\default\ed25519_convert.c">
+      <Filter>src</Filter>
+    </ClCompile>
     <ClCompile Include="..\..\..\..\test\default\generichash.c">
       <Filter>src</Filter>
     </ClCompile>
@@ -88,6 +91,9 @@
     <ClCompile Include="..\..\..\..\test\default\scalarmult6.c">
       <Filter>src</Filter>
     </ClCompile>
+    <ClCompile Include="..\..\..\..\test\default\scalarmult7.c">
+      <Filter>src</Filter>
+    </ClCompile>
     <ClCompile Include="..\..\..\..\test\default\secretbox.c">
       <Filter>src</Filter>
     </ClCompile>
@@ -115,6 +121,12 @@
     <ClCompile Include="..\..\..\..\test\default\sodium_utils.c">
       <Filter>src</Filter>
     </ClCompile>
+    <ClCompile Include="..\..\..\..\test\default\sodium_utils2.c">
+      <Filter>src</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\..\..\test\default\sodium_utils3.c">
+      <Filter>src</Filter>
+    </ClCompile>
     <ClCompile Include="..\..\..\..\test\default\sodium_version.c">
       <Filter>src</Filter>
     </ClCompile>
@@ -159,4 +171,4 @@
       <UniqueIdentifier>{5b5af4b5-c6aa-4b30-bdef-074b1bdc43ea}</UniqueIdentifier>
     </Filter>
   </ItemGroup>
-</Project>
-\ No newline at end of file
+</Project>
diff --git a/builds/msvc/vs2013/libsodium/libsodium.vcxproj b/builds/msvc/vs2013/libsodium/libsodium.vcxproj
index 022bbe7..bd30e82 100644
--- a/builds/msvc/vs2013/libsodium/libsodium.vcxproj
+++ b/builds/msvc/vs2013/libsodium/libsodium.vcxproj
@@ -130,7 +130,6 @@
     <ClInclude Include="..\..\..\..\src\libsodium\include\sodium\crypto_sign_edwards25519sha512batch.h" />
     <ClInclude Include="..\..\..\..\src\libsodium\include\sodium\crypto_stream.h" />
     <ClInclude Include="..\..\..\..\src\libsodium\include\sodium\crypto_stream_aes128ctr.h" />
-    <ClInclude Include="..\..\..\..\src\libsodium\include\sodium\crypto_stream_aes256estream.h" />
     <ClInclude Include="..\..\..\..\src\libsodium\include\sodium\crypto_stream_salsa20.h" />
     <ClInclude Include="..\..\..\..\src\libsodium\include\sodium\crypto_stream_salsa2012.h" />
     <ClInclude Include="..\..\..\..\src\libsodium\include\sodium\crypto_stream_salsa208.h" />
@@ -303,14 +302,6 @@
     <ClCompile Include="..\..\..\..\src\libsodium\crypto_stream\aes128ctr\portable\stream_aes128ctr.c" />
     <ClInclude Include="..\..\..\..\src\libsodium\crypto_stream\aes128ctr\portable\types.h" />
     <ClCompile Include="..\..\..\..\src\libsodium\crypto_stream\aes128ctr\portable\xor_afternm_aes128ctr.c" />
-    <ClInclude Include="..\..\..\..\src\libsodium\crypto_stream\aes256estream\hongjun\aes-table.h" />
-    <ClInclude Include="..\..\..\..\src\libsodium\crypto_stream\aes256estream\hongjun\aes-table-be.h" />
-    <ClInclude Include="..\..\..\..\src\libsodium\crypto_stream\aes256estream\hongjun\aes-table-le.h" />
-    <ClCompile Include="..\..\..\..\src\libsodium\crypto_stream\aes256estream\hongjun\aes256-ctr.c" />
-    <ClInclude Include="..\..\..\..\src\libsodium\crypto_stream\aes256estream\hongjun\aes256.h" />
-    <ClCompile Include="..\..\..\..\src\libsodium\crypto_stream\aes256estream\stream_aes256estream_api.c" />
-    <ClInclude Include="..\..\..\..\src\libsodium\crypto_stream\aes256estream\hongjun\api.h" />
-    <ClInclude Include="..\..\..\..\src\libsodium\crypto_stream\aes256estream\hongjun\ecrypt-sync.h" />
     <ClInclude Include="..\..\..\..\src\libsodium\crypto_stream\salsa20\amd64_xmm6\api.h" />
     <ClInclude Include="..\..\..\..\src\libsodium\crypto_stream\salsa20\ref\api.h" />
     <ClCompile Include="..\..\..\..\src\libsodium\crypto_stream\salsa20\stream_salsa20_api.c" />
@@ -338,7 +329,6 @@
     <ClCompile Include="..\..\..\..\src\libsodium\randombytes\randombytes.c" />
     <ClCompile Include="..\..\..\..\src\libsodium\randombytes\salsa20\randombytes_salsa20_random.c" />
     <ClCompile Include="..\..\..\..\src\libsodium\randombytes\sysrandom\randombytes_sysrandom.c" />
-    <ClCompile Include="..\..\..\..\src\libsodium\sodium\compat.c" />
     <ClCompile Include="..\..\..\..\src\libsodium\sodium\core.c" />
     <ClCompile Include="..\..\..\..\src\libsodium\sodium\runtime.c" />
     <ClCompile Include="..\..\..\..\src\libsodium\sodium\utils.c" />
@@ -362,4 +352,4 @@
     <Xml Include="..\..\..\..\packaging\nuget\package.xml" />
   </ItemGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
-</Project>
-\ No newline at end of file
+</Project>
diff --git a/builds/msvc/vs2013/libsodium/libsodium.vcxproj.filters b/builds/msvc/vs2013/libsodium/libsodium.vcxproj.filters
index 13805be..438508a 100644
--- a/builds/msvc/vs2013/libsodium/libsodium.vcxproj.filters
+++ b/builds/msvc/vs2013/libsodium/libsodium.vcxproj.filters
@@ -94,9 +94,6 @@
     <ClInclude Include="..\..\..\..\src\libsodium\include\sodium\crypto_stream_aes128ctr.h">
       <Filter>include\sodium</Filter>
     </ClInclude>
-    <ClInclude Include="..\..\..\..\src\libsodium\include\sodium\crypto_stream_aes256estream.h">
-      <Filter>include\sodium</Filter>
-    </ClInclude>
     <ClInclude Include="..\..\..\..\src\libsodium\include\sodium\crypto_stream_salsa20.h">
       <Filter>include\sodium</Filter>
     </ClInclude>
@@ -154,9 +151,6 @@
     <ClInclude Include="..\..\..\..\src\libsodium\include\sodium\utils.h">
       <Filter>include\sodium</Filter>
     </ClInclude>
-    <ClCompile Include="..\..\..\..\src\libsodium\crypto_stream\aes256estream\hongjun\aes256-ctr.c">
-      <Filter>src\crypto_stream\aes256estream\hongjun</Filter>
-    </ClCompile>
     <ClCompile Include="..\..\..\..\src\libsodium\crypto_box\curve25519xsalsa20poly1305\ref\after_curve25519xsalsa20poly1305.c">
       <Filter>src\crypto_box\curve25519xsalsa20poly1305\ref</Filter>
     </ClCompile>
@@ -427,9 +421,6 @@
     <ClCompile Include="..\..\..\..\src\libsodium\crypto_stream\aes128ctr\stream_aes128ctr_api.c">
       <Filter>src\crypto_stream\aes128ctr</Filter>
     </ClCompile>
-    <ClCompile Include="..\..\..\..\src\libsodium\crypto_stream\aes256estream\stream_aes256estream_api.c">
-      <Filter>src\crypto_stream\aes256estream</Filter>
-    </ClCompile>
     <ClCompile Include="..\..\..\..\src\libsodium\crypto_stream\salsa20\stream_salsa20_api.c">
       <Filter>src\crypto_stream\salsa20</Filter>
     </ClCompile>
@@ -493,9 +484,6 @@
     <ClCompile Include="..\..\..\..\src\libsodium\crypto_auth\hmacsha512256\cp\verify_hmacsha512256.c">
       <Filter>src\crypto_auth\hmacsha512256\cp</Filter>
     </ClCompile>
-    <ClCompile Include="..\..\..\..\src\libsodium\sodium\compat.c">
-      <Filter>src\sodium</Filter>
-    </ClCompile>
     <ClCompile Include="..\..\..\..\src\libsodium\sodium\core.c">
       <Filter>src\sodium</Filter>
     </ClCompile>
@@ -532,18 +520,6 @@
     <ClCompile Include="..\..\..\..\src\libsodium\randombytes\sysrandom\randombytes_sysrandom.c">
       <Filter>src\randombytes\sysrandom</Filter>
     </ClCompile>
-    <ClInclude Include="..\..\..\..\src\libsodium\crypto_stream\aes256estream\hongjun\aes256.h">
-      <Filter>src\crypto_stream\aes256estream\hongjun</Filter>
-    </ClInclude>
-    <ClInclude Include="..\..\..\..\src\libsodium\crypto_stream\aes256estream\hongjun\aes-table.h">
-      <Filter>src\crypto_stream\aes256estream\hongjun</Filter>
-    </ClInclude>
-    <ClInclude Include="..\..\..\..\src\libsodium\crypto_stream\aes256estream\hongjun\aes-table-be.h">
-      <Filter>src\crypto_stream\aes256estream\hongjun</Filter>
-    </ClInclude>
-    <ClInclude Include="..\..\..\..\src\libsodium\crypto_stream\aes256estream\hongjun\aes-table-le.h">
-      <Filter>src\crypto_stream\aes256estream\hongjun</Filter>
-    </ClInclude>
     <ClCompile Include="..\..\..\..\src\libsodium\crypto_auth\hmacsha512\auth_hmacsha512_api.c">
       <Filter>src\crypto_auth\hmacsha512</Filter>
     </ClCompile>
@@ -565,9 +541,6 @@
     <ClCompile Include="..\..\..\..\src\libsodium\crypto_pwhash\scryptsalsa208sha256\crypto_scrypt-common.c">
       <Filter>src\crypto_pwhash\scryptsalsa208sha256</Filter>
     </ClCompile>
-    <ClInclude Include="..\..\..\..\src\libsodium\crypto_stream\aes256estream\hongjun\ecrypt-sync.h">
-      <Filter>src\crypto_stream\aes256estream\hongjun</Filter>
-    </ClInclude>
     <ClInclude Include="..\..\..\..\src\libsodium\crypto_sign\ed25519\ref10\fe.h">
       <Filter>src\crypto_sign\ed25519\ref10</Filter>
     </ClInclude>
@@ -676,9 +649,6 @@
     <ClInclude Include="..\..\..\..\src\libsodium\crypto_stream\aes128ctr\portable\api.h">
       <Filter>src\crypto_stream\aes128ctr\portable</Filter>
     </ClInclude>
-    <ClInclude Include="..\..\..\..\src\libsodium\crypto_stream\aes256estream\hongjun\api.h">
-      <Filter>src\crypto_stream\aes256estream\hongjun</Filter>
-    </ClInclude>
     <ClInclude Include="..\..\..\..\src\libsodium\crypto_verify\16\ref\api.h">
       <Filter>src\crypto_verify\16\ref</Filter>
     </ClInclude>
@@ -946,9 +916,6 @@
     <Filter Include="src\crypto_stream\aes128ctr">
       <UniqueIdentifier>{ca40b775-e025-4359-87ae-02c771c1a222}</UniqueIdentifier>
     </Filter>
-    <Filter Include="src\crypto_stream\aes256estream">
-      <UniqueIdentifier>{afb86556-101b-407c-93f6-db784a9e3f4f}</UniqueIdentifier>
-    </Filter>
     <Filter Include="src\crypto_stream\salsa20">
       <UniqueIdentifier>{91c31952-2f36-418e-aa07-68ed57057d0f}</UniqueIdentifier>
     </Filter>
@@ -970,9 +937,6 @@
     <Filter Include="src\crypto_stream\salsa2012\ref">
       <UniqueIdentifier>{1c006197-b25b-48e8-833f-2dd59a571b9d}</UniqueIdentifier>
     </Filter>
-    <Filter Include="src\crypto_stream\aes256estream\hongjun">
-      <UniqueIdentifier>{3acc42ca-4646-462d-bbac-2a07e9eb30be}</UniqueIdentifier>
-    </Filter>
     <Filter Include="src\crypto_stream\aes128ctr\portable">
       <UniqueIdentifier>{46eb8265-dc41-4289-aa7d-c1918e05cf75}</UniqueIdentifier>
     </Filter>
@@ -1111,4 +1075,4 @@
       <Filter>src\crypto_aead\chacha20poly1305\sodium</Filter>
     </ClCompile>
   </ItemGroup>
-</Project>
-\ No newline at end of file
+</Project>
diff --git a/builds/msvc/vs2013/test/test.vcxproj b/builds/msvc/vs2013/test/test.vcxproj
index 780396e..04f12bc 100644
--- a/builds/msvc/vs2013/test/test.vcxproj
+++ b/builds/msvc/vs2013/test/test.vcxproj
@@ -112,6 +112,9 @@
     <ClCompile Include="..\..\..\..\test\default\core6.c">
       <ExcludedFromBuild>true</ExcludedFromBuild>
     </ClCompile>
+    <ClCompile Include="..\..\..\..\test\default\ed25519_convert.c">
+      <ExcludedFromBuild>true</ExcludedFromBuild>
+    </ClCompile>
     <ClCompile Include="..\..\..\..\test\default\generichash.c">
       <ExcludedFromBuild>true</ExcludedFromBuild>
     </ClCompile>
@@ -154,6 +157,9 @@
     <ClCompile Include="..\..\..\..\test\default\scalarmult6.c">
       <ExcludedFromBuild>true</ExcludedFromBuild>
     </ClCompile>
+    <ClCompile Include="..\..\..\..\test\default\scalarmult7.c">
+      <ExcludedFromBuild>true</ExcludedFromBuild>
+    </ClCompile>
     <ClCompile Include="..\..\..\..\test\default\secretbox.c">
       <ExcludedFromBuild>true</ExcludedFromBuild>
     </ClCompile>
@@ -184,6 +190,12 @@
     <ClCompile Include="..\..\..\..\test\default\sodium_utils.c">
       <ExcludedFromBuild>true</ExcludedFromBuild>
     </ClCompile>
+    <ClCompile Include="..\..\..\..\test\default\sodium_utils2.c">
+      <ExcludedFromBuild>true</ExcludedFromBuild>
+    </ClCompile>
+    <ClCompile Include="..\..\..\..\test\default\sodium_utils3.c">
+      <ExcludedFromBuild>true</ExcludedFromBuild>
+    </ClCompile>
     <ClCompile Include="..\..\..\..\test\default\sodium_version.c">
       <ExcludedFromBuild>true</ExcludedFromBuild>
     </ClCompile>
@@ -211,4 +223,4 @@
     <ClInclude Include="..\..\..\..\test\quirks\windows\windows-quirks.h" />
   </ItemGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
-</Project>
-\ No newline at end of file
+</Project>
diff --git a/builds/msvc/vs2013/test/test.vcxproj.filters b/builds/msvc/vs2013/test/test.vcxproj.filters
index c0819e8..42b8528 100644
--- a/builds/msvc/vs2013/test/test.vcxproj.filters
+++ b/builds/msvc/vs2013/test/test.vcxproj.filters
@@ -49,6 +49,9 @@
     <ClCompile Include="..\..\..\..\test\default\core6.c">
       <Filter>src</Filter>
     </ClCompile>
+    <ClCompile Include="..\..\..\..\test\default\ed25519_convert.c">
+      <Filter>src</Filter>
+    </ClCompile>
     <ClCompile Include="..\..\..\..\test\default\generichash.c">
       <Filter>src</Filter>
     </ClCompile>
@@ -88,6 +91,9 @@
     <ClCompile Include="..\..\..\..\test\default\scalarmult6.c">
       <Filter>src</Filter>
     </ClCompile>
+    <ClCompile Include="..\..\..\..\test\default\scalarmult7.c">
+      <Filter>src</Filter>
+    </ClCompile>
     <ClCompile Include="..\..\..\..\test\default\secretbox.c">
       <Filter>src</Filter>
     </ClCompile>
@@ -115,6 +121,12 @@
     <ClCompile Include="..\..\..\..\test\default\sodium_utils.c">
       <Filter>src</Filter>
     </ClCompile>
+    <ClCompile Include="..\..\..\..\test\default\sodium_utils2.c">
+      <Filter>src</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\..\..\test\default\sodium_utils3.c">
+      <Filter>src</Filter>
+    </ClCompile>
     <ClCompile Include="..\..\..\..\test\default\sodium_version.c">
       <Filter>src</Filter>
     </ClCompile>
@@ -159,4 +171,4 @@
       <UniqueIdentifier>{5b5af4b5-c6aa-4b30-bdef-074b1bdc43ea}</UniqueIdentifier>
     </Filter>
   </ItemGroup>
-</Project>
-\ No newline at end of file
+</Project>
diff --git a/configure.ac b/configure.ac
index 773c0d3..359021f 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,5 +1,5 @@
 AC_PREREQ([2.65])
-AC_INIT([libsodium],[0.6.1],
+AC_INIT([libsodium],[1.0.0],
   [https://github.com/jedisct1/libsodium/issues],
   [libsodium],
   [https://github.com/jedisct1/libsodium])
@@ -15,10 +15,10 @@ AC_SUBST(VERSION)
 ISODATE=`date +%Y-%m-%d`
 AC_SUBST(ISODATE)
 
-SODIUM_LIBRARY_VERSION_MAJOR=6
-SODIUM_LIBRARY_VERSION_MINOR=1
-DLL_VERSION=5
-SODIUM_LIBRARY_VERSION=12:0:2
+SODIUM_LIBRARY_VERSION_MAJOR=7
+SODIUM_LIBRARY_VERSION_MINOR=2
+DLL_VERSION=6
+SODIUM_LIBRARY_VERSION=13:2:0
 #                       | | |
 #                +------+ | +---+
 #                |        |     |
@@ -70,13 +70,11 @@ AS_IF([test "x$EMSCRIPTEN" != "x"],[
   AC_MSG_WARN([compiling to javascript - asm implementations disabled])
 ])
 
-AS_CASE([$host], [x86_64-*-mingw* | x86_64-*-cygwin*], [enable_asm="no"])
-
 AC_ARG_ENABLE(pie,
 [AS_HELP_STRING(--disable-pie,Do not produce position independent executables)],
  enable_pie=$enableval, enable_pie="maybe")
 
-AS_CASE([$host_os], [mingw*], [enable_pie="no"])
+AS_CASE([$host_os], [mingw*|cygwin*|msys], [enable_pie="no"])
 
 AC_ARG_ENABLE(blocking-random,
 [AS_HELP_STRING(--enable-blocking-random,Use /dev/random instead of /dev/urandom)],
@@ -142,10 +140,12 @@ CPPFLAGS="$CPPFLAGS -D_FORTIFY_SOURCE=2"
 AX_CHECK_COMPILE_FLAG([-fvisibility=hidden],
   [CFLAGS="$CFLAGS -fvisibility=hidden"])
 
-AX_CHECK_COMPILE_FLAG([-fPIC], [
-  AX_CHECK_LINK_FLAG([-fPIC],
-    [CFLAGS="$CFLAGS -fPIC"]
-  )
+AS_CASE([$host_os], [cygwin*|mingw*|msys|pw32*|cegcc*], [ ], [
+  AX_CHECK_COMPILE_FLAG([-fPIC], [
+    AX_CHECK_LINK_FLAG([-fPIC],
+      [CFLAGS="$CFLAGS -fPIC"]
+    )
+  ])
 ])
 
 AS_IF([test "$enable_pie" != "no"],[
@@ -165,7 +165,7 @@ AX_CHECK_COMPILE_FLAG([-fno-strict-overflow], [CFLAGS="$CFLAGS -fno-strict-overf
 LIBTOOL_OLD_FLAGS="$LIBTOOL_EXTRA_FLAGS"
 LIBTOOL_EXTRA_FLAGS="$LIBTOOL_EXTRA_FLAGS -version-info $SODIUM_LIBRARY_VERSION"
 AC_ARG_ENABLE(soname-versions,
-  [AC_HELP_STRING([--enable-soname-versions], [enable soname versions (must be disabled for android) (default: enabled)])],
+  [AC_HELP_STRING([--enable-soname-versions], [enable soname versions (must be disabled for Android) (default: enabled)])],
     [
 	AS_IF([test "x$enableval" = "xno"], [
           LIBTOOL_EXTRA_FLAGS="$LIBTOOL_OLD_FLAGS -avoid-version"
@@ -174,7 +174,7 @@ AC_ARG_ENABLE(soname-versions,
 )
 
 AS_CASE([$host_os],
-  [cygwin* | mingw* | pw32* | cegcc*], [
+  [cygwin*|mingw*|msys|pw32*|cegcc*], [
     AX_CHECK_LINK_FLAG([-Wl,--dynamicbase], [LDFLAGS="$LDFLAGS -Wl,--dynamicbase"])
     AX_CHECK_LINK_FLAG([-Wl,--nxcompat], [LDFLAGS="$LDFLAGS -Wl,--nxcompat"])
   ])
@@ -182,20 +182,13 @@ AS_CASE([$host_os],
 AS_IF([test "x$enable_ssp" != "xno"],[
 
 AS_CASE([$host_os],
-  [cygwin* | mingw* | pw32* | cegcc*], [ ],
-  [dragonfly*], [
+  [cygwin*|mingw*|msys|pw32*|cegcc*], [ ],
+  [*], [
     AX_CHECK_COMPILE_FLAG([-fstack-protector], [
       AX_CHECK_LINK_FLAG([-fstack-protector],
         [CFLAGS="$CFLAGS -fstack-protector"]
       )
     ])
-  ],
-  [*], [
-    AX_CHECK_COMPILE_FLAG([-fstack-protector-all], [
-      AX_CHECK_LINK_FLAG([-fstack-protector-all],
-        [CFLAGS="$CFLAGS -fstack-protector-all"]
-      )
-    ])
   ])
 ])
 
@@ -320,18 +313,21 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
 
 HAVE_AMD64_ASM_V=0
 AS_IF([test "$enable_asm" != "no"],[
-  AC_MSG_CHECKING(whether we can assemble basic amd64 code)
+  AC_MSG_CHECKING(whether we should use x86_64 asm code)
   AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
   ]], [[
 #if defined(__amd64) || defined(__amd64__) || defined(__x86_64__)
+# if defined(__CYGWIN__) || defined(__MINGW32__) || defined(__MINGW64__) || defined(_WIN32) || defined(_WIN64)
+#  error Windows x86_64 calling conventions are not supported yet
+# endif
 /* neat */
 #else
-# error !amd64
+# error !x86_64
 #endif
 __asm__("pxor %xmm12,%xmm6");
 ]])],
   [AC_MSG_RESULT(yes)
-   AC_DEFINE([HAVE_AMD64_ASM], [1], [basic amd64 code can be assembled])
+   AC_DEFINE([HAVE_AMD64_ASM], [1], [x86_64 asm code should be used])
    HAVE_AMD64_ASM_V=1],
   [AC_MSG_RESULT(no)])
 ])
@@ -406,14 +402,10 @@ AS_CASE([$host_cpu],
 
 dnl Checks for functions and headers
 
-AC_CHECK_FUNC(clock_gettime, , [AC_CHECK_LIB(rt, clock_gettime)])
-AC_CHECK_FUNC(fegetenv, , [AC_CHECK_LIB(m, fegetenv)])
-
 AS_IF([test "x$EMSCRIPTEN" = "x"],[
   AC_CHECK_FUNCS([arc4random arc4random_buf])
 ])
-AC_CHECK_FUNCS([mlock VirtualLock])
-AC_CHECK_FUNCS([SecureZeroMemory explicit_bzero posix_memalign])
+AC_CHECK_FUNCS([mlock mprotect explicit_bzero posix_memalign])
 
 AC_SUBST([LIBTOOL_EXTRA_FLAGS])
 
@@ -425,7 +417,7 @@ gl_LD_OUTPUT_DEF
 
 dnl Output.
 
-AH_VERBATIM([NDEBUG], [/* Never ever ignore assertions */
+AH_VERBATIM([NDEBUG], [/* Always evaluate assert() calls */
 #ifdef NDEBUG
 #/**/undef/**/ NDEBUG
 #endif])
diff --git a/debian/changelog b/debian/changelog
index ca0f955..2ff77fb 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,12 +1,6 @@
-libsodium (0.6.1-1~leap) unstable; urgency=medium
-
-  * Remove _crypto_stream_salsa20 lines from libsodium10.symbols
-
- -- Micah Anderson <micah@debian.org>  Mon, 11 Aug 2014 14:48:43 -0400
-
-libsodium (0.6.1-1) unstable; urgency=medium
+libsodium (1.0.0-1) unstable; urgency=low
 
   * Initial release. (Closes: #701962: ITP: libsodium -- Library for
     build higher-level cryptographic tools)
 
- -- Raúl Sánchez Siles <rasasi78@gmail.com>  Tue, 22 Jul 2014 00:49:38 +0200
+ -- Laszlo Boszormenyi (GCS) <gcs@debian.org>  Wed, 08 Oct 2014 18:54:15 +0000
diff --git a/debian/clean b/debian/clean
new file mode 100644
index 0000000..3f7e4a3
--- /dev/null
+++ b/debian/clean
@@ -0,0 +1 @@
+build/config.log
diff --git a/debian/control b/debian/control
index f06c49a..f3cb17f 100644
--- a/debian/control
+++ b/debian/control
@@ -4,12 +4,12 @@ Priority: optional
 Build-Depends: debhelper ( >= 9), pkg-config, dh-autoreconf
 Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org>
 Uploaders: Raúl Sánchez Siles <rasasi78@gmail.com>
-Standards-Version: 3.9.5
+Standards-Version: 3.9.6
 Vcs-Hg: http://trismegisto.no-ip.org/hg/libsodium-debian
 Vcs-Browser: http://trismegisto.no-ip.org/hg/libsodium-debian
 Homepage: http://www.libsodium.org/
 
-Package: libsodium10
+Package: libsodium13
 Depends: ${misc:Depends}, ${shlibs:Depends}
 Pre-Depends: ${misc:Pre-Depends}
 Architecture: any
@@ -26,7 +26,7 @@ Description: Network communication, cryptography and signaturing library
 
 Package: libsodium-dev
 Section: libdevel
-Depends: ${misc:Depends}, libsodium10 (= ${binary:Version})
+Depends: ${misc:Depends}, libsodium13 (= ${binary:Version})
 Architecture: any
 Multi-Arch: same
 Description: Network communication, cryptography and signaturing library - headers
@@ -45,7 +45,7 @@ Description: Network communication, cryptography and signaturing library - heade
 Package: libsodium-dbg
 Section: debug
 Priority: extra
-Depends: ${misc:Depends}, libsodium10 (= ${binary:Version})
+Depends: ${misc:Depends}, libsodium13 (= ${binary:Version})
 Architecture: any
 Multi-Arch: same
 Description: Network communication, cryptography and signaturing library - debug symbols
diff --git a/debian/copyright b/debian/copyright
index cb3ee84..b4c0ccc 100644
--- a/debian/copyright
+++ b/debian/copyright
@@ -28,7 +28,7 @@ License: BSD-2-clause
 Files: src/libsodium/crypto_pwhash/scryptsalsa208sha256/crypto_scrypt-common.c
  src/libsodium/crypto_pwhash/scryptsalsa208sha256/scrypt_platform.c
 Copyright: 2013 Alexander Peslyak
-License: BSD
+License: BSD-2-clause
 
 Files: src/libsodium/crypto_auth/hmacsha256/cp/hmac_hmacsha256.c
  src/libsodium/crypto_auth/hmacsha512/cp/hmac_hmacsha256.c
@@ -99,6 +99,27 @@ License: CC0
  You should have received a copy of the CC0 Public Domain Dedication along with
  this software. If not, see <http://creativecommons.org/publicdomain/zero/1.0/>
 
+Files: packaging/nuget/package.gsl
+Copyright: 2013-2014 Frank Denis <j at pureftpd dot org>
+License: MIT
+ Permission is hereby granted, free of charge, to any person obtaining a
+ copy of this software and associated documentation files (the "Software"),
+ to deal in the Software without restriction, including without limitation
+ the rights to use, copy, modify, merge, publish, distribute, sublicense,
+ and/or sell copies of the Software, and to permit persons to whom the
+ Software is furnished to do so, subject to the following conditions:
+ .
+ The above copyright notice and this permission notice shall be included
+ in all copies or substantial portions of the Software.
+ .
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+ OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+ IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+ CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+ TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+ SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
 Files: debian/*
 Copyright: 2014 Laszlo Boszormenyi (GCS) <gcs@debian.org>,
  2013-2014 Raúl Sánchez Siles <rasasi78@gmail.com>
@@ -145,20 +166,3 @@ License: BSD-2-clause
  LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  SUCH DAMAGE.
-
-License: BSD
- Redistribution and use in source and binary forms, with or without
- modification, are permitted.
- .
- THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- SUCH DAMAGE.
-
diff --git a/debian/gbp.conf b/debian/gbp.conf
deleted file mode 100644
index ae1dc36..0000000
--- a/debian/gbp.conf
+++ /dev/null
@@ -1,7 +0,0 @@
-[DEFAULT]
-upstream-branch = upstream
-debian-branch = master
-upstream-tag = upstream/%(version)s
-debian-tag = debian/%(version)s
-pristine-tar = True
-sign-tags = True
diff --git a/debian/libsodium10.docs b/debian/libsodium13.docs
index 18afe51..18afe51 100644
--- a/debian/libsodium10.docs
+++ b/debian/libsodium13.docs
diff --git a/debian/libsodium10.install b/debian/libsodium13.install
index 86ca402..86ca402 100644
--- a/debian/libsodium10.install
+++ b/debian/libsodium13.install
diff --git a/debian/libsodium10.symbols b/debian/libsodium13.symbols
index 3777098..cd302e7 100644
--- a/debian/libsodium10.symbols
+++ b/debian/libsodium13.symbols
@@ -1,4 +1,6 @@
-libsodium.so.10 libsodium10 #MINVER#
+libsodium.so.13 libsodium13 #MINVER#
+ (arch=amd64)_crypto_stream_salsa20@Base 0.6.0
+ (arch=amd64)_crypto_stream_salsa20_xor_ic@Base 0.6.0
  crypto_aead_chacha20poly1305_abytes@Base 0.6.0
  crypto_aead_chacha20poly1305_decrypt@Base 0.6.0
  crypto_aead_chacha20poly1305_encrypt@Base 0.6.0
@@ -129,7 +131,6 @@ libsodium.so.10 libsodium10 #MINVER#
  crypto_onetimeauth_final@Base 0.6.0
  crypto_onetimeauth_init@Base 0.6.0
  crypto_onetimeauth_keybytes@Base 0.6.0
- crypto_onetimeauth_pick_best_implementation@Base 0.6.0
  crypto_onetimeauth_poly1305@Base 0.6.0
  crypto_onetimeauth_poly1305_bytes@Base 0.6.0
  crypto_onetimeauth_poly1305_final@Base 0.6.0
@@ -152,11 +153,7 @@ libsodium.so.10 libsodium10 #MINVER#
  crypto_pwhash_scryptsalsa208sha256_str@Base 0.6.0
  crypto_pwhash_scryptsalsa208sha256_str_verify@Base 0.6.0
  crypto_pwhash_scryptsalsa208sha256_strbytes@Base 0.6.0
- crypto_pwhash_scryptxsalsa208sha256@Base 0.6.0
- crypto_pwhash_scryptxsalsa208sha256_saltbytes@Base 0.6.0
- crypto_pwhash_scryptxsalsa208sha256_str@Base 0.6.0
- crypto_pwhash_scryptxsalsa208sha256_str_verify@Base 0.6.0
- crypto_pwhash_scryptxsalsa208sha256_strbytes@Base 0.6.0
+ crypto_pwhash_scryptsalsa208sha256_strprefix@Base 0.7.0
  crypto_scalarmult@Base 0.6.0
  crypto_scalarmult_base@Base 0.6.0
  crypto_scalarmult_bytes@Base 0.6.0
@@ -200,10 +197,14 @@ libsodium.so.10 libsodium10 #MINVER#
  crypto_sign_ed25519_detached@Base 0.6.1
  crypto_sign_ed25519_keypair@Base 0.6.0
  crypto_sign_ed25519_open@Base 0.6.0
+ crypto_sign_ed25519_pk_to_curve25519@Base 0.7.0
  crypto_sign_ed25519_publickeybytes@Base 0.6.0
  crypto_sign_ed25519_secretkeybytes@Base 0.6.0
  crypto_sign_ed25519_seed_keypair@Base 0.6.0
  crypto_sign_ed25519_seedbytes@Base 0.6.0
+ crypto_sign_ed25519_sk_to_curve25519@Base 0.7.0
+ crypto_sign_ed25519_sk_to_pk@Base 0.7.0
+ crypto_sign_ed25519_sk_to_seed@Base 0.7.0
  crypto_sign_ed25519_verify_detached@Base 0.6.1
  crypto_sign_edwards25519sha512batch@Base 0.6.0
  crypto_sign_edwards25519sha512batch_bytes@Base 0.6.0
@@ -228,14 +229,6 @@ libsodium.so.10 libsodium10 #MINVER#
  crypto_stream_aes128ctr_noncebytes@Base 0.6.0
  crypto_stream_aes128ctr_xor@Base 0.6.0
  crypto_stream_aes128ctr_xor_afternm@Base 0.6.0
- crypto_stream_aes256estream@Base 0.6.0
- crypto_stream_aes256estream_afternm@Base 0.6.0
- crypto_stream_aes256estream_beforenm@Base 0.6.0
- crypto_stream_aes256estream_beforenmbytes@Base 0.6.0
- crypto_stream_aes256estream_keybytes@Base 0.6.0
- crypto_stream_aes256estream_noncebytes@Base 0.6.0
- crypto_stream_aes256estream_xor@Base 0.6.0
- crypto_stream_aes256estream_xor_afternm@Base 0.6.0
  crypto_stream_chacha20@Base 0.6.0
  crypto_stream_chacha20_keybytes@Base 0.6.0
  crypto_stream_chacha20_noncebytes@Base 0.6.0
@@ -290,14 +283,20 @@ libsodium.so.10 libsodium10 #MINVER#
  randombytes_sysrandom_stir@Base 0.6.0
  randombytes_sysrandom_uniform@Base 0.6.0
  randombytes_uniform@Base 0.6.0
+ sodium_allocarray@Base 0.7.0
  sodium_bin2hex@Base 0.6.0
+ sodium_free@Base 0.7.0
  sodium_hex2bin@Base 0.6.0
  sodium_init@Base 0.6.0
  sodium_library_version_major@Base 0.6.0
  sodium_library_version_minor@Base 0.6.0
+ sodium_malloc@Base 0.7.0
  sodium_memcmp@Base 0.6.0
  sodium_memzero@Base 0.6.0
  sodium_mlock@Base 0.6.0
+ sodium_mprotect_noaccess@Base 0.7.0
+ sodium_mprotect_readonly@Base 0.7.0
+ sodium_mprotect_readwrite@Base 0.7.0
  sodium_munlock@Base 0.6.0
  sodium_runtime_get_cpu_features@Base 0.6.0
  sodium_runtime_has_neon@Base 0.6.0
diff --git a/dist-build/android-build.sh b/dist-build/android-build.sh
index deb333e..ba848d7 100755
--- a/dist-build/android-build.sh
+++ b/dist-build/android-build.sh
@@ -31,6 +31,7 @@ $MAKE_TOOLCHAIN --platform="${NDK_PLATFORM:-android-14}" \
 ./configure --host="${HOST_COMPILER}" \
             --with-sysroot="${TOOLCHAIN_DIR}/sysroot" \
             --prefix="${PREFIX}" \
+            --enable-minimal \
             --disable-soname-versions && \
 make clean && \
 make -j3 install && \
diff --git a/dist-build/emscripten.sh b/dist-build/emscripten.sh
index bd656dc..8b0a009 100755
--- a/dist-build/emscripten.sh
+++ b/dist-build/emscripten.sh
@@ -1,9 +1,9 @@
 #! /bin/sh
 
 export PREFIX="$(pwd)/libsodium-js"
-export EXPORTED_FUNCTIONS='["_crypto_aead_chacha20poly1305_abytes", "_crypto_aead_chacha20poly1305_decrypt", "_crypto_aead_chacha20poly1305_encrypt", "_crypto_aead_chacha20poly1305_keybytes", "_crypto_aead_chacha20poly1305_npubbytes", "_crypto_aead_chacha20poly1305_nsecbytes", "_crypto_auth", "_crypto_auth_bytes", "_crypto_auth_hmacsha256", "_crypto_auth_hmacsha256_bytes", "_crypto_auth_hmacsha256_final", "_crypto_auth_hmacsha256_init", "_crypto_auth_hmacsha256_keybytes", "_crypto_auth_hmacsha256_update", "_crypto_auth_hmacsha256_verify", "_crypto_auth_hmacsha512", "_crypto_auth_hmacsha512256", "_crypto_auth_hmacsha512256_bytes", "_crypto_auth_hmacsha512256_final", "_crypto_auth_hmacsha512256_init", "_crypto_auth_hmacsha512256_keybytes", "_crypto_auth_hmacsha512256_update", "_crypto_auth_hmacsha512256_verify", "_crypto_auth_hmacsha512_bytes", "_crypto_auth_hmacsha512_final", "_crypto_auth_hmacsha512_init", "_crypto_auth_hmacsha512_keybytes", "_crypto_auth_hmacsha512_update", "_crypto_auth_hmacsha512_verify", "_crypto_auth_keybytes", "_crypto_auth_primitive", "_crypto_auth_verify", "_crypto_box", "_crypto_box_afternm", "_crypto_box_beforenm", "_crypto_box_beforenmbytes", "_crypto_box_boxzerobytes", "_crypto_box_curve25519xsalsa20poly1305", "_crypto_box_curve25519xsalsa20poly1305_afternm", "_crypto_box_curve25519xsalsa20poly1305_beforenm", "_crypto_box_curve25519xsalsa20poly1305_beforenmbytes", "_crypto_box_curve25519xsalsa20poly1305_boxzerobytes", "_crypto_box_curve25519xsalsa20poly1305_keypair", "_crypto_box_curve25519xsalsa20poly1305_macbytes", "_crypto_box_curve25519xsalsa20poly1305_noncebytes", "_crypto_box_curve25519xsalsa20poly1305_open", "_crypto_box_curve25519xsalsa20poly1305_open_afternm", "_crypto_box_curve25519xsalsa20poly1305_publickeybytes", "_crypto_box_curve25519xsalsa20poly1305_secretkeybytes", "_crypto_box_curve25519xsalsa20poly1305_seed_keypair", "_crypto_box_curve25519xsalsa20poly1305_seedbytes", "_crypto_box_curve25519xsalsa20poly1305_zerobytes", "_crypto_box_detached", "_crypto_box_easy", "_crypto_box_keypair", "_crypto_box_macbytes", "_crypto_box_noncebytes", "_crypto_box_open", "_crypto_box_open_afternm", "_crypto_box_open_detached", "_crypto_box_open_easy", "_crypto_box_primitive", "_crypto_box_publickeybytes", "_crypto_box_secretkeybytes", "_crypto_box_seed_keypair", "_crypto_box_seedbytes", "_crypto_box_zerobytes", "_crypto_core_hsalsa20", "_crypto_core_hsalsa20_constbytes", "_crypto_core_hsalsa20_inputbytes", "_crypto_core_hsalsa20_keybytes", "_crypto_core_hsalsa20_outputbytes", "_crypto_core_salsa20", "_crypto_core_salsa20_constbytes", "_crypto_core_salsa20_inputbytes", "_crypto_core_salsa20_keybytes", "_crypto_core_salsa20_outputbytes", "_crypto_generichash", "_crypto_generichash_blake2b", "_crypto_generichash_blake2b_bytes", "_crypto_generichash_blake2b_bytes_max", "_crypto_generichash_blake2b_bytes_min", "_crypto_generichash_blake2b_final", "_crypto_generichash_blake2b_init", "_crypto_generichash_blake2b_init_salt_personal", "_crypto_generichash_blake2b_keybytes", "_crypto_generichash_blake2b_keybytes_max", "_crypto_generichash_blake2b_keybytes_min", "_crypto_generichash_blake2b_personalbytes", "_crypto_generichash_blake2b_salt_personal", "_crypto_generichash_blake2b_saltbytes", "_crypto_generichash_blake2b_update", "_crypto_generichash_bytes", "_crypto_generichash_bytes_max", "_crypto_generichash_bytes_min", "_crypto_generichash_final", "_crypto_generichash_init", "_crypto_generichash_keybytes", "_crypto_generichash_keybytes_max", "_crypto_generichash_keybytes_min", "_crypto_generichash_primitive", "_crypto_generichash_update", "_crypto_hash", "_crypto_hash_bytes", "_crypto_hash_primitive", "_crypto_hash_sha256", "_crypto_hash_sha256_bytes", "_crypto_hash_sha256_final", "_crypto_hash_sha256_init", "_crypto_hash_sha256_update", "_crypto_hash_sha512", "_crypto_hash_sha512_bytes", "_crypto_hash_sha512_final", "_crypto_hash_sha512_init", "_crypto_hash_sha512_update", "_crypto_onetimeauth", "_crypto_onetimeauth_bytes", "_crypto_onetimeauth_final", "_crypto_onetimeauth_init", "_crypto_onetimeauth_keybytes", "_crypto_onetimeauth_pick_best_implementation", "_crypto_onetimeauth_poly1305", "_crypto_onetimeauth_poly1305_bytes", "_crypto_onetimeauth_poly1305_final", "_crypto_onetimeauth_poly1305_implementation_name", "_crypto_onetimeauth_poly1305_init", "_crypto_onetimeauth_poly1305_keybytes", "_crypto_onetimeauth_poly1305_set_implementation", "_crypto_onetimeauth_poly1305_update", "_crypto_onetimeauth_poly1305_verify", "_crypto_onetimeauth_primitive", "_crypto_onetimeauth_update", "_crypto_onetimeauth_verify", "_crypto_pwhash_scryptsalsa208sha256", "_crypto_pwhash_scryptsalsa208sha256_ll", "_crypto_pwhash_scryptsalsa208sha256_memlimit_interactive", "_crypto_pwhash_scryptsalsa208sha256_memlimit_sensitive", "_crypto_pwhash_scryptsalsa208sha256_opslimit_interactive", "_crypto_pwhash_scryptsalsa208sha256_opslimit_sensitive", "_crypto_pwhash_scryptsalsa208sha256_saltbytes", "_crypto_pwhash_scryptsalsa208sha256_str", "_crypto_pwhash_scryptsalsa208sha256_str_verify", "_crypto_pwhash_scryptsalsa208sha256_strbytes", "_crypto_scalarmult", "_crypto_scalarmult_base", "_crypto_scalarmult_bytes", "_crypto_scalarmult_curve25519", "_crypto_scalarmult_curve25519_base", "_crypto_scalarmult_curve25519_bytes", "_crypto_scalarmult_curve25519_scalarbytes", "_crypto_scalarmult_primitive", "_crypto_scalarmult_scalarbytes", "_crypto_secretbox", "_crypto_secretbox_boxzerobytes", "_crypto_secretbox_detached", "_crypto_secretbox_easy", "_crypto_secretbox_keybytes", "_crypto_secretbox_macbytes", "_crypto_secretbox_noncebytes", "_crypto_secretbox_open", "_crypto_secretbox_open_detached", "_crypto_secretbox_open_easy", "_crypto_secretbox_primitive", "_crypto_secretbox_xsalsa20poly1305", "_crypto_secretbox_xsalsa20poly1305_boxzerobytes", "_crypto_secretbox_xsalsa20poly1305_keybytes", "_crypto_secretbox_xsalsa20poly1305_macbytes", "_crypto_secretbox_xsalsa20poly1305_noncebytes", "_crypto_secretbox_xsalsa20poly1305_open", "_crypto_secretbox_xsalsa20poly1305_zerobytes", "_crypto_secretbox_zerobytes", "_crypto_shorthash", "_crypto_shorthash_bytes", "_crypto_shorthash_keybytes", "_crypto_shorthash_primitive", "_crypto_shorthash_siphash24", "_crypto_shorthash_siphash24_bytes", "_crypto_shorthash_siphash24_keybytes", "_crypto_sign", "_crypto_sign_bytes", "_crypto_sign_detached", "_crypto_sign_ed25519", "_crypto_sign_ed25519_bytes", "_crypto_sign_ed25519_detached", "_crypto_sign_ed25519_keypair", "_crypto_sign_ed25519_open", "_crypto_sign_ed25519_publickeybytes", "_crypto_sign_ed25519_secretkeybytes", "_crypto_sign_ed25519_seed_keypair", "_crypto_sign_ed25519_seedbytes", "_crypto_sign_ed25519_verify_detached", "_crypto_sign_keypair", "_crypto_sign_open", "_crypto_sign_primitive", "_crypto_sign_publickeybytes", "_crypto_sign_secretkeybytes", "_crypto_sign_seed_keypair", "_crypto_sign_seedbytes", "_crypto_sign_verify_detached", "_crypto_stream", "_crypto_stream_aes128ctr", "_crypto_stream_aes128ctr_afternm", "_crypto_stream_aes128ctr_beforenm", "_crypto_stream_aes128ctr_beforenmbytes", "_crypto_stream_aes128ctr_keybytes", "_crypto_stream_aes128ctr_noncebytes", "_crypto_stream_aes128ctr_xor", "_crypto_stream_aes128ctr_xor_afternm", "_crypto_stream_chacha20", "_crypto_stream_chacha20_keybytes", "_crypto_stream_chacha20_noncebytes", "_crypto_stream_chacha20_xor", "_crypto_stream_chacha20_xor_ic", "_crypto_stream_keybytes", "_crypto_stream_noncebytes", "_crypto_stream_primitive", "_crypto_stream_salsa20", "_crypto_stream_salsa20_keybytes", "_crypto_stream_salsa20_noncebytes", "_crypto_stream_salsa20_xor", "_crypto_stream_salsa20_xor_ic", "_crypto_stream_xor", "_crypto_stream_xsalsa20", "_crypto_stream_xsalsa20_keybytes", "_crypto_stream_xsalsa20_noncebytes", "_crypto_stream_xsalsa20_xor", "_crypto_verify_16", "_crypto_verify_16_bytes", "_crypto_verify_32", "_crypto_verify_32_bytes", "_crypto_verify_64", "_crypto_verify_64_bytes", "_randombytes", "_randombytes_buf", "_randombytes_close", "_randombytes_implementation_name", "_randombytes_random", "_randombytes_salsa20_implementation_name", "_randombytes_salsa20_random", "_randombytes_salsa20_random_buf", "_randombytes_salsa20_random_close", "_randombytes_salsa20_random_stir", "_randombytes_salsa20_random_uniform", "_randombytes_set_implementation", "_randombytes_stir", "_randombytes_sysrandom", "_randombytes_sysrandom_buf", "_randombytes_sysrandom_close", "_randombytes_sysrandom_implementation_name", "_randombytes_sysrandom_stir", "_randombytes_sysrandom_uniform", "_randombytes_uniform", "_sodium_bin2hex", "_sodium_hex2bin", "_sodium_init", "_sodium_library_version_major", "_sodium_library_version_minor", "_sodium_memcmp", "_sodium_memzero", "_sodium_version_string"]'
+export EXPORTED_FUNCTIONS='["_crypto_aead_chacha20poly1305_abytes","_crypto_aead_chacha20poly1305_decrypt","_crypto_aead_chacha20poly1305_encrypt","_crypto_aead_chacha20poly1305_keybytes","_crypto_aead_chacha20poly1305_npubbytes","_crypto_aead_chacha20poly1305_nsecbytes","_crypto_auth","_crypto_auth_bytes","_crypto_auth_keybytes","_crypto_auth_verify","_crypto_box","_crypto_box_detached","_crypto_box_easy","_crypto_box_keypair","_crypto_box_macbytes","_crypto_box_noncebytes","_crypto_box_open","_crypto_box_open_detached","_crypto_box_open_easy","_crypto_box_publickeybytes","_crypto_box_secretkeybytes","_crypto_box_seed_keypair","_crypto_box_seedbytes","_crypto_generichash","_crypto_generichash_bytes","_crypto_generichash_bytes_max","_crypto_generichash_bytes_min","_crypto_generichash_final","_crypto_generichash_init","_crypto_generichash_keybytes","_crypto_generichash_keybytes_max","_crypto_generichash_keybytes_min","_crypto_generichash_update","_crypto_hash","_crypto_hash_bytes","_crypto_scalarmult","_crypto_scalarmult_base","_crypto_scalarmult_bytes","_crypto_scalarmult_scalarbytes","_crypto_secretbox","_crypto_secretbox_detached","_crypto_secretbox_easy","_crypto_secretbox_keybytes","_crypto_secretbox_macbytes","_crypto_secretbox_noncebytes","_crypto_secretbox_open","_crypto_secretbox_open_detached","_crypto_secretbox_open_easy","_crypto_shorthash","_crypto_shorthash_bytes","_crypto_shorthash_keybytes","_crypto_sign","_crypto_sign_bytes","_crypto_sign_detached","_crypto_sign_ed25519_pk_to_curve25519","_crypto_sign_ed25519_sk_to_curve25519","_crypto_sign_keypair","_crypto_sign_open","_crypto_sign_publickeybytes","_crypto_sign_secretkeybytes","_crypto_sign_seed_keypair","_crypto_sign_seedbytes","_crypto_sign_verify_detached","_randombytes","_randombytes_buf","_randombytes_close","_randombytes_random","_randombytes_set_implementation","_randombytes_stir","_randombytes_sysrandom","_randombytes_sysrandom_buf","_randombytes_sysrandom_close","_randombytes_sysrandom_stir","_randombytes_sysrandom_uniform","_randombytes_uniform","_sodium_bin2hex","_sodium_hex2bin","_sodium_init","_sodium_library_version_major","_sodium_library_version_minor","_sodium_memcmp","_sodium_memzero","_sodium_version_string"]'
 export TOTAL_MEMORY=33554432
-export OPTFLAGS="--llvm-lto 3 -Oz"
+export OPTFLAGS="--llvm-lto 1 -Oz --emit-symbol-map"
 export CFLAGS="$OPTFLAGS --pre-js=test/default/pre.js "
 export LDFLAGS="-s EXPORTED_FUNCTIONS=${EXPORTED_FUNCTIONS} -s TOTAL_MEMORY=${TOTAL_MEMORY}"
 
diff --git a/dist-build/ios.sh b/dist-build/ios.sh
index cd8384a..3378060 100755
--- a/dist-build/ios.sh
+++ b/dist-build/ios.sh
@@ -10,6 +10,7 @@ export PREFIX="$(pwd)/libsodium-ios"
 
 ./configure --host=arm-apple-darwin10 \
             --disable-shared \
+            --enable-minimal \
             --prefix="$PREFIX" && \
 make clean && \
 make -j3 install && \
diff --git a/libsodium.pc.in b/libsodium.pc.in
index c1d4372..6a983d5 100644
--- a/libsodium.pc.in
+++ b/libsodium.pc.in
@@ -1,5 +1,5 @@
 prefix=@prefix@
-exec_prefix=@prefix@
+exec_prefix=@exec_prefix@
 libdir=@libdir@
 includedir=@includedir@
 
diff --git a/libsodium.vcxproj b/libsodium.vcxproj
index 228aa0f..f6a2f85 100644
--- a/libsodium.vcxproj
+++ b/libsodium.vcxproj
@@ -349,7 +349,6 @@
     <ClInclude Include="src\libsodium\include\sodium\crypto_sign_edwards25519sha512batch.h" />
     <ClInclude Include="src\libsodium\include\sodium\crypto_stream.h" />
     <ClInclude Include="src\libsodium\include\sodium\crypto_stream_aes128ctr.h" />
-    <ClInclude Include="src\libsodium\include\sodium\crypto_stream_aes256estream.h" />
     <ClInclude Include="src\libsodium\include\sodium\crypto_stream_chacha20.h" />
     <ClInclude Include="src\libsodium\include\sodium\crypto_stream_salsa20.h" />
     <ClInclude Include="src\libsodium\include\sodium\crypto_stream_salsa2012.h" />
@@ -497,8 +496,6 @@
     <ClCompile Include="src\libsodium\crypto_stream\aes128ctr\portable\stream_aes128ctr.c" />
     <ClCompile Include="src\libsodium\crypto_stream\aes128ctr\portable\xor_afternm_aes128ctr.c" />
     <ClCompile Include="src\libsodium\crypto_stream\aes128ctr\stream_aes128ctr_api.c" />
-    <ClCompile Include="src\libsodium\crypto_stream\aes256estream\hongjun\aes256-ctr.c" />
-    <ClCompile Include="src\libsodium\crypto_stream\aes256estream\stream_aes256estream_api.c" />
     <ClCompile Include="src\libsodium\crypto_stream\chacha20\ref\stream_chacha20_ref.c" />
     <ClCompile Include="src\libsodium\crypto_stream\chacha20\stream_chacha20_api.c" />
     <ClCompile Include="src\libsodium\crypto_stream\crypto_stream.c" />
@@ -523,7 +520,6 @@
     <ClCompile Include="src\libsodium\randombytes\randombytes.c" />
     <ClCompile Include="src\libsodium\randombytes\salsa20\randombytes_salsa20_random.c" />
     <ClCompile Include="src\libsodium\randombytes\sysrandom\randombytes_sysrandom.c" />
-    <ClCompile Include="src\libsodium\sodium\compat.c" />
     <ClCompile Include="src\libsodium\sodium\core.c" />
     <ClCompile Include="src\libsodium\sodium\runtime.c" />
     <ClCompile Include="src\libsodium\sodium\utils.c" />
@@ -532,4 +528,4 @@
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
   <ImportGroup Label="ExtensionTargets">
   </ImportGroup>
-</Project>
-\ No newline at end of file
+</Project>
diff --git a/libsodium.vcxproj.filters b/libsodium.vcxproj.filters
index ea790a3..18f0b46 100644
--- a/libsodium.vcxproj.filters
+++ b/libsodium.vcxproj.filters
@@ -105,9 +105,6 @@
     <ClInclude Include="src\libsodium\include\sodium\crypto_stream_aes128ctr.h">
       <Filter>Header Files</Filter>
     </ClInclude>
-    <ClInclude Include="src\libsodium\include\sodium\crypto_stream_aes256estream.h">
-      <Filter>Header Files</Filter>
-    </ClInclude>
     <ClInclude Include="src\libsodium\include\sodium\crypto_stream_salsa20.h">
       <Filter>Header Files</Filter>
     </ClInclude>
@@ -452,9 +449,6 @@
     <ClCompile Include="src\libsodium\crypto_sign\edwards25519sha512batch\sign_edwards25519sha512batch_api.c">
       <Filter>Source Files</Filter>
     </ClCompile>
-    <ClCompile Include="src\libsodium\crypto_stream\aes256estream\hongjun\aes256-ctr.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
     <ClCompile Include="src\libsodium\crypto_stream\aes128ctr\portable\afternm_aes128ctr.c">
       <Filter>Source Files</Filter>
     </ClCompile>
@@ -479,9 +473,6 @@
     <ClCompile Include="src\libsodium\crypto_stream\aes128ctr\stream_aes128ctr_api.c">
       <Filter>Source Files</Filter>
     </ClCompile>
-    <ClCompile Include="src\libsodium\crypto_stream\aes256estream\stream_aes256estream_api.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
     <ClCompile Include="src\libsodium\crypto_stream\salsa20\stream_salsa20_api.c">
       <Filter>Source Files</Filter>
     </ClCompile>
@@ -539,9 +530,6 @@
     <ClCompile Include="src\libsodium\crypto_verify\64\verify_64_api.c">
       <Filter>Source Files</Filter>
     </ClCompile>
-    <ClCompile Include="src\libsodium\sodium\compat.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
     <ClCompile Include="src\libsodium\sodium\core.c">
       <Filter>Source Files</Filter>
     </ClCompile>
@@ -651,4 +639,4 @@
       <Filter>Source Files</Filter>
     </ClCompile>
   </ItemGroup>
-</Project>
-\ No newline at end of file
+</Project>
diff --git a/msvc-scripts/process.bat b/msvc-scripts/process.bat
index 530f77c..2d03187 100755
--- a/msvc-scripts/process.bat
+++ b/msvc-scripts/process.bat
@@ -1,4 +1,4 @@
-cscript msvc-scripts/rep.vbs //Nologo s/@VERSION@/0.6.1/ < src\libsodium\include\sodium\version.h.in > tmp
-cscript msvc-scripts/rep.vbs //Nologo s/@SODIUM_LIBRARY_VERSION_MAJOR@/6/ < tmp > tmp2
-cscript msvc-scripts/rep.vbs //Nologo s/@SODIUM_LIBRARY_VERSION_MINOR@/1/ < tmp2 > src\libsodium\include\sodium\version.h
+cscript msvc-scripts/rep.vbs //Nologo s/@VERSION@/1.0.0/ < src\libsodium\include\sodium\version.h.in > tmp
+cscript msvc-scripts/rep.vbs //Nologo s/@SODIUM_LIBRARY_VERSION_MAJOR@/7/ < tmp > tmp2
+cscript msvc-scripts/rep.vbs //Nologo s/@SODIUM_LIBRARY_VERSION_MINOR@/2/ < tmp2 > src\libsodium\include\sodium\version.h
 del tmp tmp2
diff --git a/msvc-scripts/sodium.props b/msvc-scripts/sodium.props
index d68425a..613cbd0 100644
--- a/msvc-scripts/sodium.props
+++ b/msvc-scripts/sodium.props
@@ -6,7 +6,10 @@
   <ItemDefinitionGroup>
     <ClCompile>
       <AdditionalIncludeDirectories>$(SolutionDir);$(SolutionDir)src\libsodium\include\sodium;$(SolutionDir)src\libsodium\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>inline=__inline;NATIVE_LITTLE_ENDIAN;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MultiProcessorCompilation>true</MultiProcessorCompilation>
+      <PreprocessorDefinitions>UNICODE;_UNICODE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>NATIVE_LITTLE_ENDIAN=1;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>inline=__inline;%(PreprocessorDefinitions)</PreprocessorDefinitions>
     </ClCompile>
     <PreBuildEvent>
       <Command>$(SolutionDir)/msvc-scripts/process.bat</Command>
diff --git a/packaging/nuget/package.config b/packaging/nuget/package.config
index c986633..6e68a3b 100644
--- a/packaging/nuget/package.config
+++ b/packaging/nuget/package.config
@@ -1,4 +1,4 @@
 <?xml version="1.0" encoding="utf-8"?>
 <!-- These values are populated into the package.gsl templates by package.bat. -->
 <!-- The target attribute controls path and file name only, id controls package naming. -->
-<package id="libsodium_vc120" target="libsodium" version = "0.6.0.1" pathversion="0_6_0_1" platformtoolset="v120" />
+<package id="libsodium_vc120" target="libsodium" version = "0.7.0.0" pathversion="0_7_0_0" platformtoolset="v120" />
diff --git a/packaging/nuget/package.nuspec b/packaging/nuget/package.nuspec
index 36ee748..f836a8a 100644
--- a/packaging/nuget/package.nuspec
+++ b/packaging/nuget/package.nuspec
@@ -7,7 +7,7 @@
 <package xmlns="http://schemas.microsoft.com/packaging/2013/01/nuspec.xsd">
     <metadata minClientVersion="2.5">
         <id>libsodium_vc120</id>
-        <version>0.6.0.1</version>
+        <version>0.7.0.0</version>
         <title>libsodium_vc120</title>
         <authors>libsodium contributors</authors>
         <owners>Eric Voskuil</owners>
@@ -40,52 +40,52 @@
         <!-- libraries -->
 
         <!-- x86 Dynamic libraries (.dll) -->
-        <file src="..\..\bin\Win32\Release\v120\dynamic\libsodium.dll" target="build\native\bin\libsodium-x86-v120-mt-0_6_0_1.dll" />
-        <file src="..\..\bin\Win32\Debug\v120\dynamic\libsodium.dll" target="build\native\bin\libsodium-x86-v120-mt-gd-0_6_0_1.dll" />
+        <file src="..\..\bin\Win32\Release\v120\dynamic\libsodium.dll" target="build\native\bin\libsodium-x86-v120-mt-0_7_0_0.dll" />
+        <file src="..\..\bin\Win32\Debug\v120\dynamic\libsodium.dll" target="build\native\bin\libsodium-x86-v120-mt-gd-0_7_0_0.dll" />
 
         <!-- x86 Debugging symbols (.pdb) -->
-        <!--<file src="..\..\bin\Win32\Release\v120\dynamic\libsodium.pdb" target="build\native\bin\libsodium-x86-v120-mt-0_6_0_1.pdb" />-->
-        <file src="..\..\bin\Win32\Debug\v120\dynamic\libsodium.pdb" target="build\native\bin\libsodium-x86-v120-mt-gd-0_6_0_1.pdb" />
+        <!--<file src="..\..\bin\Win32\Release\v120\dynamic\libsodium.pdb" target="build\native\bin\libsodium-x86-v120-mt-0_7_0_0.pdb" />-->
+        <file src="..\..\bin\Win32\Debug\v120\dynamic\libsodium.pdb" target="build\native\bin\libsodium-x86-v120-mt-gd-0_7_0_0.pdb" />
 
         <!-- x86 Import libraries (.imp.lib) -->
-        <file src="..\..\bin\Win32\Release\v120\dynamic\libsodium.lib" target="build\native\bin\libsodium-x86-v120-mt-0_6_0_1.imp.lib" />
-        <file src="..\..\bin\Win32\Debug\v120\dynamic\libsodium.lib" target="build\native\bin\libsodium-x86-v120-mt-gd-0_6_0_1.imp.lib" />
+        <file src="..\..\bin\Win32\Release\v120\dynamic\libsodium.lib" target="build\native\bin\libsodium-x86-v120-mt-0_7_0_0.imp.lib" />
+        <file src="..\..\bin\Win32\Debug\v120\dynamic\libsodium.lib" target="build\native\bin\libsodium-x86-v120-mt-gd-0_7_0_0.imp.lib" />
 
         <!-- x86 Export libraries (.exp) -->
-        <file src="..\..\bin\Win32\Release\v120\dynamic\libsodium.exp" target="build\native\bin\libsodium-x86-v120-mt-0_6_0_1.exp" />
-        <file src="..\..\bin\Win32\Debug\v120\dynamic\libsodium.exp" target="build\native\bin\libsodium-x86-v120-mt-gd-0_6_0_1.exp" />
+        <file src="..\..\bin\Win32\Release\v120\dynamic\libsodium.exp" target="build\native\bin\libsodium-x86-v120-mt-0_7_0_0.exp" />
+        <file src="..\..\bin\Win32\Debug\v120\dynamic\libsodium.exp" target="build\native\bin\libsodium-x86-v120-mt-gd-0_7_0_0.exp" />
 
         <!-- x86 Static libraries (.lib) -->
-        <file src="..\..\bin\Win32\Release\v120\static\libsodium.lib" target="build\native\bin\libsodium-x86-v120-mt-s-0_6_0_1.lib" />
-        <file src="..\..\bin\Win32\Debug\v120\static\libsodium.lib" target="build\native\bin\libsodium-x86-v120-mt-sgd-0_6_0_1.lib" />
+        <file src="..\..\bin\Win32\Release\v120\static\libsodium.lib" target="build\native\bin\libsodium-x86-v120-mt-s-0_7_0_0.lib" />
+        <file src="..\..\bin\Win32\Debug\v120\static\libsodium.lib" target="build\native\bin\libsodium-x86-v120-mt-sgd-0_7_0_0.lib" />
 
         <!-- x86 Static link time code generation libraries (.ltcg.lib) -->
-        <file src="..\..\bin\Win32\Release\v120\ltcg\libsodium.lib" target="build\native\bin\libsodium-x86-v120-mt-s-0_6_0_1.ltcg.lib" />
-        <file src="..\..\bin\Win32\Debug\v120\ltcg\libsodium.lib" target="build\native\bin\libsodium-x86-v120-mt-sgd-0_6_0_1.ltcg.lib" />
+        <file src="..\..\bin\Win32\Release\v120\ltcg\libsodium.lib" target="build\native\bin\libsodium-x86-v120-mt-s-0_7_0_0.ltcg.lib" />
+        <file src="..\..\bin\Win32\Debug\v120\ltcg\libsodium.lib" target="build\native\bin\libsodium-x86-v120-mt-sgd-0_7_0_0.ltcg.lib" />
 
         <!-- x64 Dynamic libraries (.dll) -->
-        <file src="..\..\bin\x64\Release\v120\dynamic\libsodium.dll" target="build\native\bin\libsodium-x64-v120-mt-0_6_0_1.dll" />
-        <file src="..\..\bin\x64\Debug\v120\dynamic\libsodium.dll" target="build\native\bin\libsodium-x64-v120-mt-gd-0_6_0_1.dll" />
+        <file src="..\..\bin\x64\Release\v120\dynamic\libsodium.dll" target="build\native\bin\libsodium-x64-v120-mt-0_7_0_0.dll" />
+        <file src="..\..\bin\x64\Debug\v120\dynamic\libsodium.dll" target="build\native\bin\libsodium-x64-v120-mt-gd-0_7_0_0.dll" />
 
         <!-- x64 Debugging symbols (.pdb) -->
-        <!--<file src="..\..\bin\x64\Release\v120\dynamic\libsodium.pdb" target="build\native\bin\libsodium-x64-v120-mt-0_6_0_1.pdb" />-->
-        <file src="..\..\bin\x64\Debug\v120\dynamic\libsodium.pdb" target="build\native\bin\libsodium-x64-v120-mt-gd-0_6_0_1.pdb" />
+        <!--<file src="..\..\bin\x64\Release\v120\dynamic\libsodium.pdb" target="build\native\bin\libsodium-x64-v120-mt-0_7_0_0.pdb" />-->
+        <file src="..\..\bin\x64\Debug\v120\dynamic\libsodium.pdb" target="build\native\bin\libsodium-x64-v120-mt-gd-0_7_0_0.pdb" />
 
         <!-- x64 Import libraries (.imp.lib) -->
-        <file src="..\..\bin\x64\Release\v120\dynamic\libsodium.lib" target="build\native\bin\libsodium-x64-v120-mt-0_6_0_1.imp.lib" />
-        <file src="..\..\bin\x64\Debug\v120\dynamic\libsodium.lib" target="build\native\bin\libsodium-x64-v120-mt-gd-0_6_0_1.imp.lib" />
+        <file src="..\..\bin\x64\Release\v120\dynamic\libsodium.lib" target="build\native\bin\libsodium-x64-v120-mt-0_7_0_0.imp.lib" />
+        <file src="..\..\bin\x64\Debug\v120\dynamic\libsodium.lib" target="build\native\bin\libsodium-x64-v120-mt-gd-0_7_0_0.imp.lib" />
 
         <!-- x64 Export libraries (.exp) -->
-        <file src="..\..\bin\x64\Release\v120\dynamic\libsodium.exp" target="build\native\bin\libsodium-x64-v120-mt-0_6_0_1.exp" />
-        <file src="..\..\bin\x64\Debug\v120\dynamic\libsodium.exp" target="build\native\bin\libsodium-x64-v120-mt-gd-0_6_0_1.exp" />
+        <file src="..\..\bin\x64\Release\v120\dynamic\libsodium.exp" target="build\native\bin\libsodium-x64-v120-mt-0_7_0_0.exp" />
+        <file src="..\..\bin\x64\Debug\v120\dynamic\libsodium.exp" target="build\native\bin\libsodium-x64-v120-mt-gd-0_7_0_0.exp" />
 
         <!-- x64 Static libraries (.lib) -->
-        <file src="..\..\bin\x64\Release\v120\static\libsodium.lib" target="build\native\bin\libsodium-x64-v120-mt-s-0_6_0_1.lib" />
-        <file src="..\..\bin\x64\Debug\v120\static\libsodium.lib" target="build\native\bin\libsodium-x64-v120-mt-sgd-0_6_0_1.lib" />
+        <file src="..\..\bin\x64\Release\v120\static\libsodium.lib" target="build\native\bin\libsodium-x64-v120-mt-s-0_7_0_0.lib" />
+        <file src="..\..\bin\x64\Debug\v120\static\libsodium.lib" target="build\native\bin\libsodium-x64-v120-mt-sgd-0_7_0_0.lib" />
 
         <!-- x64 Static link time code generation libraries (.ltcg.lib) -->
-        <file src="..\..\bin\x64\Release\v120\ltcg\libsodium.lib" target="build\native\bin\libsodium-x64-v120-mt-s-0_6_0_1.ltcg.lib" />
-        <file src="..\..\bin\x64\Debug\v120\ltcg\libsodium.lib" target="build\native\bin\libsodium-x64-v120-mt-sgd-0_6_0_1.ltcg.lib" />
+        <file src="..\..\bin\x64\Release\v120\ltcg\libsodium.lib" target="build\native\bin\libsodium-x64-v120-mt-s-0_7_0_0.ltcg.lib" />
+        <file src="..\..\bin\x64\Debug\v120\ltcg\libsodium.lib" target="build\native\bin\libsodium-x64-v120-mt-sgd-0_7_0_0.ltcg.lib" />
     </files>
 <!--
 #################################################################
diff --git a/packaging/nuget/package.targets b/packaging/nuget/package.targets
index c6a049c..e0e130d 100644
--- a/packaging/nuget/package.targets
+++ b/packaging/nuget/package.targets
@@ -30,66 +30,66 @@
   <!-- static libraries -->
   <ItemDefinitionGroup Condition="'$(Platform)' == 'Win32' And ('$(PlatformToolset)' == 'v120' Or '$(PlatformToolset)' == 'CTP_Nov2013') And '$(Linkage-libsodium)' == 'static' And $(Configuration.IndexOf('Release')) != -1">
     <Link>
-      <AdditionalDependencies>libsodium-x86-v120-mt-s-0_6_0_1.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <AdditionalDependencies>libsodium-x86-v120-mt-s-0_7_0_0.lib;%(AdditionalDependencies)</AdditionalDependencies>
     </Link>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Platform)' == 'Win32' And ('$(PlatformToolset)' == 'v120' Or '$(PlatformToolset)' == 'CTP_Nov2013') And '$(Linkage-libsodium)' == 'static' And $(Configuration.IndexOf('Debug')) != -1">
     <Link>
-      <AdditionalDependencies>libsodium-x86-v120-mt-sgd-0_6_0_1.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <AdditionalDependencies>libsodium-x86-v120-mt-sgd-0_7_0_0.lib;%(AdditionalDependencies)</AdditionalDependencies>
     </Link>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Platform)' == 'x64' And ('$(PlatformToolset)' == 'v120' Or '$(PlatformToolset)' == 'CTP_Nov2013') And '$(Linkage-libsodium)' == 'static' And $(Configuration.IndexOf('Release')) != -1">
     <Link>
-      <AdditionalDependencies>libsodium-x64-v120-mt-s-0_6_0_1.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <AdditionalDependencies>libsodium-x64-v120-mt-s-0_7_0_0.lib;%(AdditionalDependencies)</AdditionalDependencies>
     </Link>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Platform)' == 'x64' And ('$(PlatformToolset)' == 'v120' Or '$(PlatformToolset)' == 'CTP_Nov2013') And '$(Linkage-libsodium)' == 'static' And $(Configuration.IndexOf('Debug')) != -1">
     <Link>
-      <AdditionalDependencies>libsodium-x64-v120-mt-sgd-0_6_0_1.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <AdditionalDependencies>libsodium-x64-v120-mt-sgd-0_7_0_0.lib;%(AdditionalDependencies)</AdditionalDependencies>
     </Link>
   </ItemDefinitionGroup>
 
   <!-- static ltcg libraries -->
   <ItemDefinitionGroup Condition="'$(Platform)' == 'Win32' And ('$(PlatformToolset)' == 'v120' Or '$(PlatformToolset)' == 'CTP_Nov2013') And '$(Linkage-libsodium)' == 'ltcg' And $(Configuration.IndexOf('Release')) != -1">
     <Link>
-      <AdditionalDependencies>libsodium-x86-v120-mt-s-0_6_0_1.ltcg.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <AdditionalDependencies>libsodium-x86-v120-mt-s-0_7_0_0.ltcg.lib;%(AdditionalDependencies)</AdditionalDependencies>
     </Link>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Platform)' == 'Win32' And ('$(PlatformToolset)' == 'v120' Or '$(PlatformToolset)' == 'CTP_Nov2013') And '$(Linkage-libsodium)' == 'ltcg' And $(Configuration.IndexOf('Debug')) != -1">
     <Link>
-      <AdditionalDependencies>libsodium-x86-v120-mt-sgd-0_6_0_1.ltcg.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <AdditionalDependencies>libsodium-x86-v120-mt-sgd-0_7_0_0.ltcg.lib;%(AdditionalDependencies)</AdditionalDependencies>
     </Link>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Platform)' == 'x64' And ('$(PlatformToolset)' == 'v120' Or '$(PlatformToolset)' == 'CTP_Nov2013') And '$(Linkage-libsodium)' == 'ltcg' And $(Configuration.IndexOf('Release')) != -1">
     <Link>
-      <AdditionalDependencies>libsodium-x64-v120-mt-s-0_6_0_1.ltcg.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <AdditionalDependencies>libsodium-x64-v120-mt-s-0_7_0_0.ltcg.lib;%(AdditionalDependencies)</AdditionalDependencies>
     </Link>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Platform)' == 'x64' And ('$(PlatformToolset)' == 'v120' Or '$(PlatformToolset)' == 'CTP_Nov2013') And '$(Linkage-libsodium)' == 'ltcg' And $(Configuration.IndexOf('Debug')) != -1">
     <Link>
-      <AdditionalDependencies>libsodium-x64-v120-mt-sgd-0_6_0_1.ltcg.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <AdditionalDependencies>libsodium-x64-v120-mt-sgd-0_7_0_0.ltcg.lib;%(AdditionalDependencies)</AdditionalDependencies>
     </Link>
   </ItemDefinitionGroup>
   
   <!-- dynamic import libraries -->
   <ItemDefinitionGroup Condition="'$(Platform)' == 'Win32' And ('$(PlatformToolset)' == 'v120' Or '$(PlatformToolset)' == 'CTP_Nov2013') And '$(Linkage-libsodium)' == 'dynamic' And $(Configuration.IndexOf('Release')) != -1">
     <Link>
-      <AdditionalDependencies>libsodium-x86-v120-mt-0_6_0_1.imp.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <AdditionalDependencies>libsodium-x86-v120-mt-0_7_0_0.imp.lib;%(AdditionalDependencies)</AdditionalDependencies>
     </Link>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Platform)' == 'Win32' And ('$(PlatformToolset)' == 'v120' Or '$(PlatformToolset)' == 'CTP_Nov2013') And '$(Linkage-libsodium)' == 'dynamic' And $(Configuration.IndexOf('Debug')) != -1">
     <Link>
-      <AdditionalDependencies>libsodium-x86-v120-mt-gd-0_6_0_1.imp.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <AdditionalDependencies>libsodium-x86-v120-mt-gd-0_7_0_0.imp.lib;%(AdditionalDependencies)</AdditionalDependencies>
     </Link>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Platform)' == 'x64' And ('$(PlatformToolset)' == 'v120' Or '$(PlatformToolset)' == 'CTP_Nov2013') And '$(Linkage-libsodium)' == 'dynamic' And $(Configuration.IndexOf('Release')) != -1">
     <Link>
-      <AdditionalDependencies>libsodium-x64-v120-mt-0_6_0_1.imp.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <AdditionalDependencies>libsodium-x64-v120-mt-0_7_0_0.imp.lib;%(AdditionalDependencies)</AdditionalDependencies>
     </Link>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Platform)' == 'x64' And ('$(PlatformToolset)' == 'v120' Or '$(PlatformToolset)' == 'CTP_Nov2013') And '$(Linkage-libsodium)' == 'dynamic' And $(Configuration.IndexOf('Debug')) != -1">
     <Link>
-      <AdditionalDependencies>libsodium-x64-v120-mt-gd-0_6_0_1.imp.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <AdditionalDependencies>libsodium-x64-v120-mt-gd-0_7_0_0.imp.lib;%(AdditionalDependencies)</AdditionalDependencies>
     </Link>
   </ItemDefinitionGroup>
 
@@ -98,26 +98,26 @@
   <Target Name="libsodium_AfterBuild_Win32_v120_Dynamic_Release"
           Condition="'$(Platform)' == 'Win32' And ('$(PlatformToolset)' == 'v120' Or '$(PlatformToolset)' == 'CTP_Nov2013') And '$(Linkage-libsodium)' == 'dynamic' And $(Configuration.IndexOf('Release')) != -1"
           AfterTargets="libsodium_AfterBuild">
-    <Copy SourceFiles="$(MSBuildThisFileDirectory)bin\libsodium-x86-v120-mt-0_6_0_1.dll" DestinationFiles="$(TargetDir)libsodium.dll" SkipUnchangedFiles="true" />
-    <!--<Copy SourceFiles="$(MSBuildThisFileDirectory)bin\libsodium-x86-v120-mt-0_6_0_1.pdb" DestinationFiles="$(TargetDir)libsodium.pdb" SkipUnchangedFiles="true" />-->
+    <Copy SourceFiles="$(MSBuildThisFileDirectory)bin\libsodium-x86-v120-mt-0_7_0_0.dll" DestinationFiles="$(TargetDir)libsodium.dll" SkipUnchangedFiles="true" />
+    <!--<Copy SourceFiles="$(MSBuildThisFileDirectory)bin\libsodium-x86-v120-mt-0_7_0_0.pdb" DestinationFiles="$(TargetDir)libsodium.pdb" SkipUnchangedFiles="true" />-->
   </Target>
   <Target Name="libsodium_AfterBuild_Win32_v120_Dynamic_Debug"
           Condition="'$(Platform)' == 'Win32' And ('$(PlatformToolset)' == 'v120' Or '$(PlatformToolset)' == 'CTP_Nov2013') And '$(Linkage-libsodium)' == 'dynamic' And $(Configuration.IndexOf('Debug')) != -1"
           AfterTargets="libsodium_AfterBuild">
-    <Copy SourceFiles="$(MSBuildThisFileDirectory)bin\libsodium-x86-v120-mt-gd-0_6_0_1.dll" DestinationFiles="$(TargetDir)libsodium.dll" SkipUnchangedFiles="true" />
-    <Copy SourceFiles="$(MSBuildThisFileDirectory)bin\libsodium-x86-v120-mt-gd-0_6_0_1.pdb" DestinationFiles="$(TargetDir)libsodium.pdb" SkipUnchangedFiles="true" />
+    <Copy SourceFiles="$(MSBuildThisFileDirectory)bin\libsodium-x86-v120-mt-gd-0_7_0_0.dll" DestinationFiles="$(TargetDir)libsodium.dll" SkipUnchangedFiles="true" />
+    <Copy SourceFiles="$(MSBuildThisFileDirectory)bin\libsodium-x86-v120-mt-gd-0_7_0_0.pdb" DestinationFiles="$(TargetDir)libsodium.pdb" SkipUnchangedFiles="true" />
   </Target>
   <Target Name="libsodium_AfterBuild_x64_v120_Dynamic_Release"
           Condition="'$(Platform)' == 'x64' And ('$(PlatformToolset)' == 'v120' Or '$(PlatformToolset)' == 'CTP_Nov2013') And '$(Linkage-libsodium)' == 'dynamic' And $(Configuration.IndexOf('Release')) != -1"
           AfterTargets="libsodium_AfterBuild">
-    <Copy SourceFiles="$(MSBuildThisFileDirectory)bin\libsodium-x64-v120-mt-0_6_0_1.dll" DestinationFiles="$(TargetDir)libsodium.dll" SkipUnchangedFiles="true" />
-    <!--<Copy SourceFiles="$(MSBuildThisFileDirectory)bin\libsodium-x64-v120-mt-0_6_0_1.pdb" DestinationFiles="$(TargetDir)libsodium.pdb" SkipUnchangedFiles="true" />-->
+    <Copy SourceFiles="$(MSBuildThisFileDirectory)bin\libsodium-x64-v120-mt-0_7_0_0.dll" DestinationFiles="$(TargetDir)libsodium.dll" SkipUnchangedFiles="true" />
+    <!--<Copy SourceFiles="$(MSBuildThisFileDirectory)bin\libsodium-x64-v120-mt-0_7_0_0.pdb" DestinationFiles="$(TargetDir)libsodium.pdb" SkipUnchangedFiles="true" />-->
   </Target>
   <Target Name="libsodium_AfterBuild_x64_v120_Dynamic_Debug"
           Condition="'$(Platform)' == 'x64' And ('$(PlatformToolset)' == 'v120' Or '$(PlatformToolset)' == 'CTP_Nov2013') And '$(Linkage-libsodium)' == 'dynamic' And $(Configuration.IndexOf('Debug')) != -1"
           AfterTargets="libsodium_AfterBuild">
-    <Copy SourceFiles="$(MSBuildThisFileDirectory)bin\libsodium-x64-v120-mt-gd-0_6_0_1.dll" DestinationFiles="$(TargetDir)libsodium.dll" SkipUnchangedFiles="true" />
-    <Copy SourceFiles="$(MSBuildThisFileDirectory)bin\libsodium-x64-v120-mt-gd-0_6_0_1.pdb" DestinationFiles="$(TargetDir)libsodium.pdb" SkipUnchangedFiles="true" />
+    <Copy SourceFiles="$(MSBuildThisFileDirectory)bin\libsodium-x64-v120-mt-gd-0_7_0_0.dll" DestinationFiles="$(TargetDir)libsodium.dll" SkipUnchangedFiles="true" />
+    <Copy SourceFiles="$(MSBuildThisFileDirectory)bin\libsodium-x64-v120-mt-gd-0_7_0_0.pdb" DestinationFiles="$(TargetDir)libsodium.pdb" SkipUnchangedFiles="true" />
   </Target>
 
 <!--
diff --git a/src/libsodium/Makefile.am b/src/libsodium/Makefile.am
index 4c6260a..869c439 100644
--- a/src/libsodium/Makefile.am
+++ b/src/libsodium/Makefile.am
@@ -224,14 +224,6 @@ libsodium_la_SOURCES += \
 	crypto_stream/aes128ctr/portable/stream_aes128ctr.c \
 	crypto_stream/aes128ctr/portable/types.h \
 	crypto_stream/aes128ctr/portable/xor_afternm_aes128ctr.c \
-	crypto_stream/aes256estream/hongjun/aes-table.h \
-	crypto_stream/aes256estream/hongjun/aes-table-be.h \
-	crypto_stream/aes256estream/hongjun/aes-table-le.h \
-	crypto_stream/aes256estream/hongjun/aes256-ctr.c \
-	crypto_stream/aes256estream/hongjun/aes256.h \
-	crypto_stream/aes256estream/stream_aes256estream_api.c \
-	crypto_stream/aes256estream/hongjun/api.h \
-	crypto_stream/aes256estream/hongjun/ecrypt-sync.h \
 	crypto_stream/salsa2012/stream_salsa2012_api.c \
 	crypto_stream/salsa2012/ref/api.h \
 	crypto_stream/salsa2012/ref/stream_salsa2012.c \
@@ -239,8 +231,7 @@ libsodium_la_SOURCES += \
 	crypto_stream/salsa208/stream_salsa208_api.c \
 	crypto_stream/salsa208/ref/api.h \
 	crypto_stream/salsa208/ref/stream_salsa208.c \
-	crypto_stream/salsa208/ref/xor_salsa208.c \
-	sodium/compat.c
+	crypto_stream/salsa208/ref/xor_salsa208.c
 endif
 
 libsodium_la_LDFLAGS = \
diff --git a/src/libsodium/crypto_aead/chacha20poly1305/sodium/aead_chacha20poly1305.c b/src/libsodium/crypto_aead/chacha20poly1305/sodium/aead_chacha20poly1305.c
index 3439cb3..945efe3 100644
--- a/src/libsodium/crypto_aead/chacha20poly1305/sodium/aead_chacha20poly1305.c
+++ b/src/libsodium/crypto_aead/chacha20poly1305/sodium/aead_chacha20poly1305.c
@@ -37,6 +37,7 @@ crypto_aead_chacha20poly1305_encrypt(unsigned char *c,
     unsigned char                     slen[8U];
 
     (void) nsec;
+/* LCOV_EXCL_START */
 #ifdef ULONG_LONG_MAX
     if (mlen > ULONG_LONG_MAX - crypto_aead_chacha20poly1305_ABYTES) {
         if (clen != NULL) {
@@ -45,6 +46,7 @@ crypto_aead_chacha20poly1305_encrypt(unsigned char *c,
         return -1;
     }
 #endif
+/* LCOV_EXCL_STOP */
 
     crypto_stream_chacha20(block0, sizeof block0, npub, k);
     crypto_onetimeauth_poly1305_init(&state, block0);
diff --git a/src/libsodium/crypto_auth/hmacsha256/cp/verify_hmacsha256.c b/src/libsodium/crypto_auth/hmacsha256/cp/verify_hmacsha256.c
index b6cf489..be9d34f 100644
--- a/src/libsodium/crypto_auth/hmacsha256/cp/verify_hmacsha256.c
+++ b/src/libsodium/crypto_auth/hmacsha256/cp/verify_hmacsha256.c
@@ -1,9 +1,11 @@
 #include "api.h"
 #include "crypto_verify_32.h"
+#include "utils.h"
 
 int crypto_auth_verify(const unsigned char *h,const unsigned char *in,unsigned long long inlen,const unsigned char *k)
 {
   unsigned char correct[32];
   crypto_auth(correct,in,inlen,k);
-  return crypto_verify_32(h,correct);
+  return crypto_verify_32(h,correct) | (-(h - correct == 0)) |
+         sodium_memcmp(correct,h,32);
 }
diff --git a/src/libsodium/crypto_auth/hmacsha512/cp/verify_hmacsha512.c b/src/libsodium/crypto_auth/hmacsha512/cp/verify_hmacsha512.c
index fccdc1a..28e0dfb 100644
--- a/src/libsodium/crypto_auth/hmacsha512/cp/verify_hmacsha512.c
+++ b/src/libsodium/crypto_auth/hmacsha512/cp/verify_hmacsha512.c
@@ -1,10 +1,12 @@
 #include "api.h"
 #include "crypto_verify_64.h"
+#include "utils.h"
 
 int crypto_auth_verify(const unsigned char *h, const unsigned char *in,
                        unsigned long long inlen, const unsigned char *k)
 {
   unsigned char correct[64];
   crypto_auth(correct,in,inlen,k);
-  return crypto_verify_64(h,correct);
+  return crypto_verify_64(h,correct) | (-(h - correct == 0)) |
+         sodium_memcmp(correct,h,64);
 }
diff --git a/src/libsodium/crypto_auth/hmacsha512256/cp/verify_hmacsha512256.c b/src/libsodium/crypto_auth/hmacsha512256/cp/verify_hmacsha512256.c
index 1e6e18d..6c263f3 100644
--- a/src/libsodium/crypto_auth/hmacsha512256/cp/verify_hmacsha512256.c
+++ b/src/libsodium/crypto_auth/hmacsha512256/cp/verify_hmacsha512256.c
@@ -1,10 +1,12 @@
 #include "api.h"
 #include "crypto_verify_32.h"
+#include "utils.h"
 
 int crypto_auth_verify(const unsigned char *h, const unsigned char *in,
                        unsigned long long inlen, const unsigned char *k)
 {
   unsigned char correct[32];
   crypto_auth(correct,in,inlen,k);
-  return crypto_verify_32(h,correct);
+  return crypto_verify_32(h,correct) | (-(h - correct == 0)) |
+         sodium_memcmp(correct,h,32);
 }
diff --git a/src/libsodium/crypto_auth/try.c b/src/libsodium/crypto_auth/try.c
deleted file mode 100644
index c2f2c80..0000000
--- a/src/libsodium/crypto_auth/try.c
+++ /dev/null
@@ -1,119 +0,0 @@
-/*
- * crypto_auth/try.c version 20090118
- * D. J. Bernstein
- * Public domain.
- */
-
-#include <stdlib.h>
-#include "crypto_hash_sha256.h"
-#include "crypto_auth.h"
-#include "utils.h"
-#include "windows/windows-quirks.h"
-
-extern unsigned char *alignedcalloc(unsigned long long);
-
-const char *primitiveimplementation = crypto_auth_IMPLEMENTATION;
-
-#define MAXTEST_BYTES 10000
-#define CHECKSUM_BYTES 4096
-#define TUNE_BYTES 1536
-
-static unsigned char *h;
-static unsigned char *m;
-static unsigned char *k;
-static unsigned char *h2;
-static unsigned char *m2;
-static unsigned char *k2;
-
-void preallocate(void)
-{
-}
-
-void allocate(void)
-{
-  h = alignedcalloc(crypto_auth_BYTES);
-  m = alignedcalloc(MAXTEST_BYTES);
-  k = alignedcalloc(crypto_auth_KEYBYTES);
-  h2 = alignedcalloc(crypto_auth_BYTES);
-  m2 = alignedcalloc(MAXTEST_BYTES + crypto_auth_BYTES);
-  k2 = alignedcalloc(crypto_auth_KEYBYTES + crypto_auth_BYTES);
-}
-
-void predoit(void)
-{
-}
-
-void doit(void)
-{
-  crypto_auth(h,m,TUNE_BYTES,k);
-  crypto_auth_verify(h,m,TUNE_BYTES,k);
-}
-
-char checksum[crypto_auth_BYTES * 2 + 1];
-
-const char *checksum_compute(void)
-{
-  long long i;
-  long long j;
-
-  for (i = 0;i < CHECKSUM_BYTES;++i) {
-    long long mlen = i;
-    long long klen = crypto_auth_KEYBYTES;
-    long long hlen = crypto_auth_BYTES;
-
-    for (j = -16;j < 0;++j) h[j] = rand();
-    for (j = -16;j < 0;++j) k[j] = rand();
-    for (j = -16;j < 0;++j) m[j] = rand();
-    for (j = hlen;j < hlen + 16;++j) h[j] = rand();
-    for (j = klen;j < klen + 16;++j) k[j] = rand();
-    for (j = mlen;j < mlen + 16;++j) m[j] = rand();
-    for (j = -16;j < hlen + 16;++j) h2[j] = h[j];
-    for (j = -16;j < klen + 16;++j) k2[j] = k[j];
-    for (j = -16;j < mlen + 16;++j) m2[j] = m[j];
-
-    if (crypto_auth(h,m,mlen,k) != 0) return "crypto_auth returns nonzero";
-
-    for (j = -16;j < klen + 16;++j) if (k[j] != k2[j]) return "crypto_auth overwrites k";
-    for (j = -16;j < mlen + 16;++j) if (m[j] != m2[j]) return "crypto_auth overwrites m";
-    for (j = -16;j < 0;++j) if (h[j] != h2[j]) return "crypto_auth writes before output";
-    for (j = hlen;j < hlen + 16;++j) if (h[j] != h2[j]) return "crypto_auth writes after output";
-
-    for (j = -16;j < 0;++j) h[j] = rand();
-    for (j = -16;j < 0;++j) k[j] = rand();
-    for (j = -16;j < 0;++j) m[j] = rand();
-    for (j = hlen;j < hlen + 16;++j) h[j] = rand();
-    for (j = klen;j < klen + 16;++j) k[j] = rand();
-    for (j = mlen;j < mlen + 16;++j) m[j] = rand();
-    for (j = -16;j < hlen + 16;++j) h2[j] = h[j];
-    for (j = -16;j < klen + 16;++j) k2[j] = k[j];
-    for (j = -16;j < mlen + 16;++j) m2[j] = m[j];
-
-    if (crypto_auth(m2,m2,mlen,k) != 0) return "crypto_auth returns nonzero";
-    for (j = 0;j < hlen;++j) if (m2[j] != h[j]) return "crypto_auth does not handle m overlap";
-    for (j = 0;j < hlen;++j) m2[j] = m[j];
-    if (crypto_auth(k2,m2,mlen,k2) != 0) return "crypto_auth returns nonzero";
-    for (j = 0;j < hlen;++j) if (k2[j] != h[j]) return "crypto_auth does not handle k overlap";
-    for (j = 0;j < hlen;++j) k2[j] = k[j];
-
-    if (crypto_auth_verify(h,m,mlen,k) != 0) return "crypto_auth_verify returns nonzero";
-
-    for (j = -16;j < hlen + 16;++j) if (h[j] != h2[j]) return "crypto_auth overwrites h";
-    for (j = -16;j < klen + 16;++j) if (k[j] != k2[j]) return "crypto_auth overwrites k";
-    for (j = -16;j < mlen + 16;++j) if (m[j] != m2[j]) return "crypto_auth overwrites m";
-
-    crypto_hash_sha256(h2,h,hlen);
-    for (j = 0;j < klen;++j) k[j] ^= h2[j % 32];
-    if (crypto_auth(h,m,mlen,k) != 0) return "crypto_auth returns nonzero";
-    if (crypto_auth_verify(h,m,mlen,k) != 0) return "crypto_auth_verify returns nonzero";
-
-    crypto_hash_sha256(h2,h,hlen);
-    for (j = 0;j < mlen;++j) m[j] ^= h2[j % 32];
-    m[mlen] = h2[0];
-  }
-  if (crypto_auth(h,m,CHECKSUM_BYTES,k) != 0) return "crypto_auth returns nonzero";
-  if (crypto_auth_verify(h,m,CHECKSUM_BYTES,k) != 0) return "crypto_auth_verify returns nonzero";
-
-  sodium_bin2hex(checksum, sizeof checksum, h, crypto_auth_BYTES);
-
-  return 0;
-}
diff --git a/src/libsodium/crypto_box/crypto_box_easy.c b/src/libsodium/crypto_box/crypto_box_easy.c
index 7224f24..7f39e22 100644
--- a/src/libsodium/crypto_box/crypto_box_easy.c
+++ b/src/libsodium/crypto_box/crypto_box_easy.c
@@ -1,4 +1,8 @@
 
+#include <limits.h>
+#include <stdint.h>
+#include <stdlib.h>
+
 #include "crypto_box.h"
 #include "crypto_secretbox.h"
 #include "utils.h"
@@ -26,6 +30,9 @@ crypto_box_easy(unsigned char *c, const unsigned char *m,
                 unsigned long long mlen, const unsigned char *n,
                 const unsigned char *pk, const unsigned char *sk)
 {
+    if (mlen > SIZE_MAX - crypto_box_MACBYTES) {
+        return -1;
+    }
     return crypto_box_detached(c + crypto_box_MACBYTES, c, m, mlen, n,
                                pk, sk);
 }
diff --git a/src/libsodium/crypto_box/curve25519xsalsa20poly1305/ref/keypair_curve25519xsalsa20poly1305.c b/src/libsodium/crypto_box/curve25519xsalsa20poly1305/ref/keypair_curve25519xsalsa20poly1305.c
index 88183ea..e2a03fa 100644
--- a/src/libsodium/crypto_box/curve25519xsalsa20poly1305/ref/keypair_curve25519xsalsa20poly1305.c
+++ b/src/libsodium/crypto_box/curve25519xsalsa20poly1305/ref/keypair_curve25519xsalsa20poly1305.c
@@ -22,6 +22,6 @@ int crypto_box_keypair(
   unsigned char *sk
 )
 {
-  randombytes(sk,32);
+  randombytes_buf(sk,32);
   return crypto_scalarmult_curve25519_base(pk,sk);
 }
diff --git a/src/libsodium/crypto_box/try.c b/src/libsodium/crypto_box/try.c
deleted file mode 100644
index 5f4b7cb..0000000
--- a/src/libsodium/crypto_box/try.c
+++ /dev/null
@@ -1,195 +0,0 @@
-/*
- * crypto_box/try.c version 20090118
- * D. J. Bernstein
- * Public domain.
- */
-
-#include <stdlib.h>
-#include "crypto_box.h"
-#include "utils.h"
-#include "windows/windows-quirks.h"
-
-extern unsigned char *alignedcalloc(unsigned long long);
-
-const char *primitiveimplementation = crypto_box_IMPLEMENTATION;
-
-#define MAXTEST_BYTES 10000
-#define CHECKSUM_BYTES 4096
-#define TUNE_BYTES 1536
-
-static unsigned char *ska;
-static unsigned char *pka;
-static unsigned char *skb;
-static unsigned char *pkb;
-static unsigned char *s;
-static unsigned char *n;
-static unsigned char *m;
-static unsigned char *c;
-static unsigned char *t;
-static unsigned char *ska2;
-static unsigned char *pka2;
-static unsigned char *skb2;
-static unsigned char *pkb2;
-static unsigned char *s2;
-static unsigned char *n2;
-static unsigned char *m2;
-static unsigned char *c2;
-static unsigned char *t2;
-
-#define sklen crypto_box_SECRETKEYBYTES
-#define pklen crypto_box_PUBLICKEYBYTES
-#define nlen crypto_box_NONCEBYTES
-#define slen crypto_box_BEFORENMBYTES
-
-void preallocate(void)
-{
-}
-
-void allocate(void)
-{
-  ska = alignedcalloc(sklen);
-  pka = alignedcalloc(pklen);
-  skb = alignedcalloc(sklen);
-  pkb = alignedcalloc(pklen);
-  n = alignedcalloc(nlen);
-  m = alignedcalloc(MAXTEST_BYTES + crypto_box_ZEROBYTES);
-  c = alignedcalloc(MAXTEST_BYTES + crypto_box_ZEROBYTES);
-  t = alignedcalloc(MAXTEST_BYTES + crypto_box_ZEROBYTES);
-  s = alignedcalloc(slen);
-  ska2 = alignedcalloc(sklen);
-  pka2 = alignedcalloc(pklen);
-  skb2 = alignedcalloc(sklen);
-  pkb2 = alignedcalloc(pklen);
-  n2 = alignedcalloc(nlen);
-  m2 = alignedcalloc(MAXTEST_BYTES + crypto_box_ZEROBYTES);
-  c2 = alignedcalloc(MAXTEST_BYTES + crypto_box_ZEROBYTES);
-  t2 = alignedcalloc(MAXTEST_BYTES + crypto_box_ZEROBYTES);
-  s2 = alignedcalloc(slen);
-}
-
-void predoit(void)
-{
-}
-
-void doit(void)
-{
-  crypto_box(c,m,TUNE_BYTES + crypto_box_ZEROBYTES,n,pka,skb);
-  crypto_box_open(t,c,TUNE_BYTES + crypto_box_ZEROBYTES,n,pkb,ska);
-}
-
-char checksum[nlen * 2 + 1];
-
-const char *checksum_compute(void)
-{
-  long long i;
-  long long j;
-
-  if (crypto_box_keypair(pka,ska) != 0) return "crypto_box_keypair returns nonzero";
-  if (crypto_box_keypair(pkb,skb) != 0) return "crypto_box_keypair returns nonzero";
-
-  for (j = 0;j < crypto_box_ZEROBYTES;++j) m[j] = 0;
-
-  for (i = 0;i < CHECKSUM_BYTES;++i) {
-    long long mlen = i + crypto_box_ZEROBYTES;
-    long long tlen = i + crypto_box_ZEROBYTES;
-    long long clen = i + crypto_box_ZEROBYTES;
-
-    for (j = -16;j < 0;++j) ska[j] = rand();
-    for (j = -16;j < 0;++j) skb[j] = rand();
-    for (j = -16;j < 0;++j) pka[j] = rand();
-    for (j = -16;j < 0;++j) pkb[j] = rand();
-    for (j = -16;j < 0;++j) m[j] = rand();
-    for (j = -16;j < 0;++j) n[j] = rand();
-
-    for (j = sklen;j < sklen + 16;++j) ska[j] = rand();
-    for (j = sklen;j < sklen + 16;++j) skb[j] = rand();
-    for (j = pklen;j < pklen + 16;++j) pka[j] = rand();
-    for (j = pklen;j < pklen + 16;++j) pkb[j] = rand();
-    for (j = mlen;j < mlen + 16;++j) m[j] = rand();
-    for (j = nlen;j < nlen + 16;++j) n[j] = rand();
-
-    for (j = -16;j < sklen + 16;++j) ska2[j] = ska[j];
-    for (j = -16;j < sklen + 16;++j) skb2[j] = skb[j];
-    for (j = -16;j < pklen + 16;++j) pka2[j] = pka[j];
-    for (j = -16;j < pklen + 16;++j) pkb2[j] = pkb[j];
-    for (j = -16;j < mlen + 16;++j) m2[j] = m[j];
-    for (j = -16;j < nlen + 16;++j) n2[j] = n[j];
-    for (j = -16;j < clen + 16;++j) c2[j] = c[j] = rand();
-
-    if (crypto_box(c,m,mlen,n,pkb,ska) != 0) return "crypto_box returns nonzero";
-
-    for (j = -16;j < mlen + 16;++j) if (m2[j] != m[j]) return "crypto_box overwrites m";
-    for (j = -16;j < nlen + 16;++j) if (n2[j] != n[j]) return "crypto_box overwrites n";
-    for (j = -16;j < 0;++j) if (c2[j] != c[j]) return "crypto_box writes before output";
-    for (j = clen;j < clen + 16;++j) if (c2[j] != c[j]) return "crypto_box writes after output";
-    for (j = 0;j < crypto_box_BOXZEROBYTES;++j)
-      if (c[j] != 0) return "crypto_box does not clear extra bytes";
-
-    for (j = -16;j < sklen + 16;++j) if (ska2[j] != ska[j]) return "crypto_box overwrites ska";
-    for (j = -16;j < sklen + 16;++j) if (skb2[j] != skb[j]) return "crypto_box overwrites skb";
-    for (j = -16;j < pklen + 16;++j) if (pka2[j] != pka[j]) return "crypto_box overwrites pka";
-    for (j = -16;j < pklen + 16;++j) if (pkb2[j] != pkb[j]) return "crypto_box overwrites pkb";
-
-    for (j = -16;j < 0;++j) c[j] = rand();
-    for (j = clen;j < clen + 16;++j) c[j] = rand();
-    for (j = -16;j < clen + 16;++j) c2[j] = c[j];
-    for (j = -16;j < tlen + 16;++j) t2[j] = t[j] = rand();
-
-    if (crypto_box_open(t,c,clen,n,pka,skb) != 0) return "crypto_box_open returns nonzero";
-
-    for (j = -16;j < clen + 16;++j) if (c2[j] != c[j]) return "crypto_box_open overwrites c";
-    for (j = -16;j < nlen + 16;++j) if (n2[j] != n[j]) return "crypto_box_open overwrites n";
-    for (j = -16;j < 0;++j) if (t2[j] != t[j]) return "crypto_box_open writes before output";
-    for (j = tlen;j < tlen + 16;++j) if (t2[j] != t[j]) return "crypto_box_open writes after output";
-    for (j = 0;j < crypto_box_ZEROBYTES;++j)
-      if (t[j] != 0) return "crypto_box_open does not clear extra bytes";
-
-    for (j = -16;j < sklen + 16;++j) if (ska2[j] != ska[j]) return "crypto_box_open overwrites ska";
-    for (j = -16;j < sklen + 16;++j) if (skb2[j] != skb[j]) return "crypto_box_open overwrites skb";
-    for (j = -16;j < pklen + 16;++j) if (pka2[j] != pka[j]) return "crypto_box_open overwrites pka";
-    for (j = -16;j < pklen + 16;++j) if (pkb2[j] != pkb[j]) return "crypto_box_open overwrites pkb";
-
-    for (j = 0;j < mlen;++j) if (t[j] != m[j]) return "plaintext does not match";
-
-    for (j = -16;j < slen + 16;++j) s2[j] = s[j] = rand();
-    if (crypto_box_beforenm(s,pkb,ska) != 0) return "crypto_box_beforenm returns nonzero";
-    for (j = -16;j < pklen + 16;++j) if (pka2[j] != pka[j]) return "crypto_box_open overwrites pk";
-    for (j = -16;j < sklen + 16;++j) if (skb2[j] != skb[j]) return "crypto_box_open overwrites sk";
-    for (j = -16;j < 0;++j) if (s2[j] != s[j]) return "crypto_box_beforenm writes before output";
-    for (j = slen;j < slen + 16;++j) if (s2[j] != s[j]) return "crypto_box_beforenm writes after output";
-
-    for (j = -16;j < slen + 16;++j) s2[j] = s[j];
-    for (j = -16;j < tlen + 16;++j) t2[j] = t[j] = rand();
-    if (crypto_box_afternm(t,m,mlen,n,s) != 0) return "crypto_box_afternm returns nonzero";
-    for (j = -16;j < slen + 16;++j) if (s2[j] != s[j]) return "crypto_box_afternm overwrites s";
-    for (j = -16;j < mlen + 16;++j) if (m2[j] != m[j]) return "crypto_box_afternm overwrites m";
-    for (j = -16;j < nlen + 16;++j) if (n2[j] != n[j]) return "crypto_box_afternm overwrites n";
-    for (j = -16;j < 0;++j) if (t2[j] != t[j]) return "crypto_box_afternm writes before output";
-    for (j = tlen;j < tlen + 16;++j) if (t2[j] != t[j]) return "crypto_box_afternm writes after output";
-    for (j = 0;j < crypto_box_BOXZEROBYTES;++j)
-      if (t[j] != 0) return "crypto_box_afternm does not clear extra bytes";
-    for (j = 0;j < mlen;++j) if (t[j] != c[j]) return "crypto_box_afternm does not match crypto_box";
-
-    if (crypto_box_beforenm(s,pka,skb) != 0) return "crypto_box_beforenm returns nonzero";
-
-    for (j = -16;j < tlen + 16;++j) t2[j] = t[j] = rand();
-    if (crypto_box_open_afternm(t,c,clen,n,s) != 0) return "crypto_box_open_afternm returns nonzero";
-    for (j = -16;j < slen + 16;++j) if (s2[j] != s[j]) return "crypto_box_open_afternm overwrites s";
-    for (j = -16;j < mlen + 16;++j) if (m2[j] != m[j]) return "crypto_box_open_afternm overwrites m";
-    for (j = -16;j < nlen + 16;++j) if (n2[j] != n[j]) return "crypto_box_open_afternm overwrites n";
-    for (j = -16;j < 0;++j) if (t2[j] != t[j]) return "crypto_box_open_afternm writes before output";
-    for (j = tlen;j < tlen + 16;++j) if (t2[j] != t[j]) return "crypto_box_open_afternm writes after output";
-    for (j = 0;j < crypto_box_ZEROBYTES;++j)
-      if (t[j] != 0) return "crypto_box_open_afternm does not clear extra bytes";
-    for (j = 0;j < mlen;++j) if (t[j] != m[j]) return "crypto_box_open_afternm does not match crypto_box_open";
-
-    for (j = 0;j < i;++j) n[j % nlen] ^= c[j + crypto_box_BOXZEROBYTES];
-    if (i == 0) m[crypto_box_ZEROBYTES] = 0;
-    m[i + crypto_box_ZEROBYTES] = m[crypto_box_ZEROBYTES];
-    for (j = 0;j < i;++j) m[j + crypto_box_ZEROBYTES] ^= c[j + crypto_box_BOXZEROBYTES];
-  }
-
-  sodium_bin2hex(checksum, sizeof checksum, n, nlen);
-
-  return 0;
-}
diff --git a/src/libsodium/crypto_generichash/blake2/ref/blake2-impl.h b/src/libsodium/crypto_generichash/blake2/ref/blake2-impl.h
index 276d305..1838bff 100644
--- a/src/libsodium/crypto_generichash/blake2/ref/blake2-impl.h
+++ b/src/libsodium/crypto_generichash/blake2/ref/blake2-impl.h
@@ -15,13 +15,16 @@
 #define __BLAKE2_IMPL_H__
 
 #include <stdint.h>
+#include <string.h>
 
 #include "utils.h"
 
 static inline uint32_t load32( const void *src )
 {
 #if defined(NATIVE_LITTLE_ENDIAN)
-  return *( uint32_t * )( src );
+  uint32_t w;
+  memcpy(&w, src, sizeof w);
+  return w;
 #else
   const uint8_t *p = ( const uint8_t * )src;
   uint32_t w = *p++;
@@ -35,7 +38,9 @@ static inline uint32_t load32( const void *src )
 static inline uint64_t load64( const void *src )
 {
 #if defined(NATIVE_LITTLE_ENDIAN)
-  return *( uint64_t * )( src );
+  uint64_t w;
+  memcpy(&w, src, sizeof w);
+  return w;
 #else
   const uint8_t *p = ( const uint8_t * )src;
   uint64_t w = *p++;
@@ -53,7 +58,7 @@ static inline uint64_t load64( const void *src )
 static inline void store32( void *dst, uint32_t w )
 {
 #if defined(NATIVE_LITTLE_ENDIAN)
-  *( uint32_t * )( dst ) = w;
+  memcpy(dst, &w, sizeof w);
 #else
   uint8_t *p = ( uint8_t * )dst;
   *p++ = ( uint8_t )w; w >>= 8;
@@ -66,7 +71,7 @@ static inline void store32( void *dst, uint32_t w )
 static inline void store64( void *dst, uint64_t w )
 {
 #if defined(NATIVE_LITTLE_ENDIAN)
-  *( uint64_t * )( dst ) = w;
+  memcpy(dst, &w, sizeof w);
 #else
   uint8_t *p = ( uint8_t * )dst;
   *p++ = ( uint8_t )w; w >>= 8;
diff --git a/src/libsodium/crypto_generichash/blake2/ref/blake2b-ref.c b/src/libsodium/crypto_generichash/blake2/ref/blake2b-ref.c
index 9cc7ede..2610477 100644
--- a/src/libsodium/crypto_generichash/blake2/ref/blake2b-ref.c
+++ b/src/libsodium/crypto_generichash/blake2/ref/blake2b-ref.c
@@ -43,11 +43,13 @@ static const uint8_t blake2b_sigma[12][16] =
 };
 
 
+/* LCOV_EXCL_START */
 static inline int blake2b_set_lastnode( blake2b_state *S )
 {
   S->f[1] = ~0ULL;
   return 0;
 }
+/* LCOV_EXCL_STOP */
 #if 0
 static inline int blake2b_clear_lastnode( blake2b_state *S )
 {
@@ -387,12 +389,15 @@ int blake2b_final( blake2b_state *S, uint8_t *out, uint8_t outlen )
   uint8_t buffer[BLAKE2B_OUTBYTES];
   int     i;
 
+  if( outlen > BLAKE2B_OUTBYTES ) {
+    return -1;
+  }
   if( S->buflen > BLAKE2B_BLOCKBYTES )
   {
     blake2b_increment_counter( S, BLAKE2B_BLOCKBYTES );
     blake2b_compress( S, S->buf );
     S->buflen -= BLAKE2B_BLOCKBYTES;
-    memcpy( S->buf, S->buf + BLAKE2B_BLOCKBYTES, S->buflen );
+    memmove( S->buf, S->buf + BLAKE2B_BLOCKBYTES, S->buflen );
   }
 
   blake2b_increment_counter( S, S->buflen );
diff --git a/src/libsodium/crypto_generichash/blake2/ref/blake2s-ref.c b/src/libsodium/crypto_generichash/blake2/ref/blake2s-ref.c
deleted file mode 100644
index 0e79aa5..0000000
--- a/src/libsodium/crypto_generichash/blake2/ref/blake2s-ref.c
+++ /dev/null
@@ -1,356 +0,0 @@
-/*
-   BLAKE2 reference source code package - reference C implementations
-
-   Written in 2012 by Samuel Neves <sneves@dei.uc.pt>
-
-   To the extent possible under law, the author(s) have dedicated all copyright
-   and related and neighboring rights to this software to the public domain
-   worldwide. This software is distributed without any warranty.
-
-   You should have received a copy of the CC0 Public Domain Dedication along with
-   this software. If not, see <http://creativecommons.org/publicdomain/zero/1.0/>.
-*/
-
-#include <stdint.h>
-#include <string.h>
-#include <stdio.h>
-
-#include "crypto_generichash_blake2b.h"
-#include "blake2.h"
-#include "blake2-impl.h"
-
-static const uint32_t blake2s_IV[8] =
-{
-  0x6A09E667UL, 0xBB67AE85UL, 0x3C6EF372UL, 0xA54FF53AUL,
-  0x510E527FUL, 0x9B05688CUL, 0x1F83D9ABUL, 0x5BE0CD19UL
-};
-
-static const uint8_t blake2s_sigma[10][16] =
-{
-  {  0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15 } ,
-  { 14, 10,  4,  8,  9, 15, 13,  6,  1, 12,  0,  2, 11,  7,  5,  3 } ,
-  { 11,  8, 12,  0,  5,  2, 15, 13, 10, 14,  3,  6,  7,  1,  9,  4 } ,
-  {  7,  9,  3,  1, 13, 12, 11, 14,  2,  6,  5, 10,  4,  0, 15,  8 } ,
-  {  9,  0,  5,  7,  2,  4, 10, 15, 14,  1, 11, 12,  6,  8,  3, 13 } ,
-  {  2, 12,  6, 10,  0, 11,  8,  3,  4, 13,  7,  5, 15, 14,  1,  9 } ,
-  { 12,  5,  1, 15, 14, 13,  4, 10,  0,  7,  6,  3,  9,  2,  8, 11 } ,
-  { 13, 11,  7, 14, 12,  1,  3,  9,  5,  0, 15,  4,  8,  6,  2, 10 } ,
-  {  6, 15, 14,  9, 11,  3,  0,  8, 12,  2, 13,  7,  1,  4, 10,  5 } ,
-  { 10,  2,  8,  4,  7,  6,  1,  5, 15, 11,  9, 14,  3, 12, 13 , 0 } ,
-};
-
-static inline int blake2s_set_lastnode( blake2s_state *S )
-{
-  S->f[1] = ~0U;
-  return 0;
-}
-#if 0
-static inline int blake2s_clear_lastnode( blake2s_state *S )
-{
-  S->f[1] = 0U;
-  return 0;
-}
-#endif
-/* Some helper functions, not necessarily useful */
-static inline int blake2s_set_lastblock( blake2s_state *S )
-{
-  if( S->last_node ) blake2s_set_lastnode( S );
-
-  S->f[0] = ~0U;
-  return 0;
-}
-#if 0
-static inline int blake2s_clear_lastblock( blake2s_state *S )
-{
-  if( S->last_node ) blake2s_clear_lastnode( S );
-
-  S->f[0] = 0U;
-  return 0;
-}
-#endif
-static inline int blake2s_increment_counter( blake2s_state *S, const uint32_t inc )
-{
-  S->t[0] += inc;
-  S->t[1] += ( S->t[0] < inc );
-  return 0;
-}
-
-// Parameter-related functions
-#if 0
-static inline int blake2s_param_set_digest_length( blake2s_param *P, const uint8_t digest_length )
-{
-  P->digest_length = digest_length;
-  return 0;
-}
-
-static inline int blake2s_param_set_fanout( blake2s_param *P, const uint8_t fanout )
-{
-  P->fanout = fanout;
-  return 0;
-}
-
-static inline int blake2s_param_set_max_depth( blake2s_param *P, const uint8_t depth )
-{
-  P->depth = depth;
-  return 0;
-}
-
-static inline int blake2s_param_set_leaf_length( blake2s_param *P, const uint32_t leaf_length )
-{
-  store32( &P->leaf_length, leaf_length );
-  return 0;
-}
-
-static inline int blake2s_param_set_node_offset( blake2s_param *P, const uint64_t node_offset )
-{
-  store48( P->node_offset, node_offset );
-  return 0;
-}
-
-static inline int blake2s_param_set_node_depth( blake2s_param *P, const uint8_t node_depth )
-{
-  P->node_depth = node_depth;
-  return 0;
-}
-
-static inline int blake2s_param_set_inner_length( blake2s_param *P, const uint8_t inner_length )
-{
-  P->inner_length = inner_length;
-  return 0;
-}
-#endif
-static inline int blake2s_param_set_salt( blake2s_param *P, const uint8_t salt[BLAKE2S_SALTBYTES] )
-{
-  memcpy( P->salt, salt, BLAKE2S_SALTBYTES );
-  return 0;
-}
-
-static inline int blake2s_param_set_personal( blake2s_param *P, const uint8_t personal[BLAKE2S_PERSONALBYTES] )
-{
-  memcpy( P->personal, personal, BLAKE2S_PERSONALBYTES );
-  return 0;
-}
-
-static inline int blake2s_init0( blake2s_state *S )
-{
-  int i;
-
-  memset( S, 0, sizeof( blake2s_state ) );
-
-  for( i = 0; i < 8; ++i ) S->h[i] = blake2s_IV[i];
-
-  return 0;
-}
-
-/* init2 xors IV with input parameter block */
-int blake2s_init_param( blake2s_state *S, const blake2s_param *P )
-{
-  size_t i;
-  uint32_t *p;
-
-  blake2s_init0( S );
-  p = ( uint32_t * )( P );
-
-  /* IV XOR ParamBlock */
-  for( i = 0; i < 8; ++i )
-    S->h[i] ^= load32( &p[i] );
-
-  return 0;
-}
-
-
-// Sequential blake2s initialization
-int blake2s_init( blake2s_state *S, const uint8_t outlen )
-{
-  blake2s_param P[1];
-
-  /* Move interval verification here? */
-  if ( ( !outlen ) || ( outlen > BLAKE2S_OUTBYTES ) ) return -1;
-
-  P->digest_length = outlen;
-  P->key_length    = 0;
-  P->fanout        = 1;
-  P->depth         = 1;
-  store32( &P->leaf_length, 0 );
-  store48( &P->node_offset, 0 );
-  P->node_depth    = 0;
-  P->inner_length  = 0;
-  // memset(P->reserved, 0, sizeof(P->reserved) );
-  memset( P->salt,     0, sizeof( P->salt ) );
-  memset( P->personal, 0, sizeof( P->personal ) );
-  return blake2s_init_param( S, P );
-}
-
-int blake2s_init_key( blake2s_state *S, const uint8_t outlen, const void *key, const uint8_t keylen )
-{
-  blake2s_param P[1];
-
-  if ( ( !outlen ) || ( outlen > BLAKE2S_OUTBYTES ) ) return -1;
-
-  if ( !key || !keylen || keylen > BLAKE2S_KEYBYTES ) return -1;
-
-  P->digest_length = outlen;
-  P->key_length    = keylen;
-  P->fanout        = 1;
-  P->depth         = 1;
-  store32( &P->leaf_length, 0 );
-  store48( &P->node_offset, 0 );
-  P->node_depth    = 0;
-  P->inner_length  = 0;
-  // memset(P->reserved, 0, sizeof(P->reserved) );
-  memset( P->salt,     0, sizeof( P->salt ) );
-  memset( P->personal, 0, sizeof( P->personal ) );
-
-  if( blake2s_init_param( S, P ) < 0 ) return -1;
-
-  {
-    uint8_t block[BLAKE2S_BLOCKBYTES];
-    memset( block, 0, BLAKE2S_BLOCKBYTES );
-    memcpy( block, key, keylen );
-    blake2s_update( S, block, BLAKE2S_BLOCKBYTES );
-    secure_zero_memory( block, BLAKE2S_BLOCKBYTES ); /* Burn the key from stack */
-  }
-  return 0;
-}
-
-static int blake2s_compress( blake2s_state *S, const uint8_t block[BLAKE2S_BLOCKBYTES] )
-{
-  uint32_t m[16];
-  uint32_t v[16];
-  size_t   i;
-
-  for( i = 0; i < 16; ++i )
-    m[i] = load32( block + i * sizeof( m[i] ) );
-
-  for( i = 0; i < 8; ++i )
-    v[i] = S->h[i];
-
-  v[ 8] = blake2s_IV[0];
-  v[ 9] = blake2s_IV[1];
-  v[10] = blake2s_IV[2];
-  v[11] = blake2s_IV[3];
-  v[12] = S->t[0] ^ blake2s_IV[4];
-  v[13] = S->t[1] ^ blake2s_IV[5];
-  v[14] = S->f[0] ^ blake2s_IV[6];
-  v[15] = S->f[1] ^ blake2s_IV[7];
-#define G(r,i,a,b,c,d) \
-  do { \
-    a = a + b + m[blake2s_sigma[r][2*i+0]]; \
-    d = rotr32(d ^ a, 16); \
-    c = c + d; \
-    b = rotr32(b ^ c, 12); \
-    a = a + b + m[blake2s_sigma[r][2*i+1]]; \
-    d = rotr32(d ^ a, 8); \
-    c = c + d; \
-    b = rotr32(b ^ c, 7); \
-  } while(0)
-#define ROUND(r)  \
-  do { \
-    G(r,0,v[ 0],v[ 4],v[ 8],v[12]); \
-    G(r,1,v[ 1],v[ 5],v[ 9],v[13]); \
-    G(r,2,v[ 2],v[ 6],v[10],v[14]); \
-    G(r,3,v[ 3],v[ 7],v[11],v[15]); \
-    G(r,4,v[ 0],v[ 5],v[10],v[15]); \
-    G(r,5,v[ 1],v[ 6],v[11],v[12]); \
-    G(r,6,v[ 2],v[ 7],v[ 8],v[13]); \
-    G(r,7,v[ 3],v[ 4],v[ 9],v[14]); \
-  } while(0)
-  ROUND( 0 );
-  ROUND( 1 );
-  ROUND( 2 );
-  ROUND( 3 );
-  ROUND( 4 );
-  ROUND( 5 );
-  ROUND( 6 );
-  ROUND( 7 );
-  ROUND( 8 );
-  ROUND( 9 );
-
-  for( i = 0; i < 8; ++i )
-    S->h[i] = S->h[i] ^ v[i] ^ v[i + 8];
-
-#undef G
-#undef ROUND
-  return 0;
-}
-
-
-int blake2s_update( blake2s_state *S, const uint8_t *in, uint64_t inlen )
-{
-  while( inlen > 0 )
-  {
-    size_t left = S->buflen;
-    size_t fill = 2 * BLAKE2S_BLOCKBYTES - left;
-
-    if( inlen > fill )
-    {
-      memcpy( S->buf + left, in, fill ); // Fill buffer
-      S->buflen += fill;
-      blake2s_increment_counter( S, BLAKE2S_BLOCKBYTES );
-      blake2s_compress( S, S->buf ); // Compress
-      memcpy( S->buf, S->buf + BLAKE2S_BLOCKBYTES, BLAKE2S_BLOCKBYTES ); // Shift buffer left
-      S->buflen -= BLAKE2S_BLOCKBYTES;
-      in += fill;
-      inlen -= fill;
-    }
-    else // inlen <= fill
-    {
-      memcpy( S->buf + left, in, inlen );
-      S->buflen += inlen; // Be lazy, do not compress
-      in += inlen;
-      inlen -= inlen;
-    }
-  }
-
-  return 0;
-}
-
-int blake2s_final( blake2s_state *S, uint8_t *out, uint8_t outlen )
-{
-  uint8_t buffer[BLAKE2S_OUTBYTES];
-  int     i;
-
-  if( S->buflen > BLAKE2S_BLOCKBYTES )
-  {
-    blake2s_increment_counter( S, BLAKE2S_BLOCKBYTES );
-    blake2s_compress( S, S->buf );
-    S->buflen -= BLAKE2S_BLOCKBYTES;
-    memcpy( S->buf, S->buf + BLAKE2S_BLOCKBYTES, S->buflen );
-  }
-
-  blake2s_increment_counter( S, ( uint32_t )S->buflen );
-  blake2s_set_lastblock( S );
-  memset( S->buf + S->buflen, 0, 2 * BLAKE2S_BLOCKBYTES - S->buflen ); /* Padding */
-  blake2s_compress( S, S->buf );
-
-  for( i = 0; i < 8; ++i ) /* Output full hash to temp buffer */
-    store32( buffer + sizeof( S->h[i] ) * i, S->h[i] );
-
-  memcpy( out, buffer, outlen );
-  return 0;
-}
-
-int blake2s( uint8_t *out, const void *in, const void *key, const uint8_t outlen, const uint64_t inlen, uint8_t keylen )
-{
-  blake2s_state S[1];
-
-  /* Verify parameters */
-  if ( NULL == in ) return -1;
-
-  if ( NULL == out ) return -1;
-
-  if ( NULL == key ) keylen = 0; /* Fail here instead if keylen != 0 and key == NULL? */
-
-  if( keylen > 0 )
-  {
-    if( blake2s_init_key( S, outlen, key, keylen ) < 0 ) return -1;
-  }
-  else
-  {
-    if( blake2s_init( S, outlen ) < 0 ) return -1;
-  }
-
-  blake2s_update( S, ( uint8_t * )in, inlen );
-  blake2s_final( S, out, outlen );
-  return 0;
-}
diff --git a/src/libsodium/crypto_generichash/blake2/ref/generichash_blake2b.c b/src/libsodium/crypto_generichash/blake2/ref/generichash_blake2b.c
index 6a637ec..7253cbf 100644
--- a/src/libsodium/crypto_generichash/blake2/ref/generichash_blake2b.c
+++ b/src/libsodium/crypto_generichash/blake2/ref/generichash_blake2b.c
@@ -54,11 +54,11 @@ crypto_generichash_blake2b_init(crypto_generichash_blake2b_state *state,
     assert(keylen <= UINT8_MAX);
     if (key == NULL || keylen <= 0U) {
         if (blake2b_init(state, (uint8_t) outlen) != 0) {
-            return -1;
+            return -1; /* LCOV_EXCL_LINE */
         }
     } else if (blake2b_init_key(state, (uint8_t) outlen, key,
                                 (uint8_t) keylen) != 0) {
-        return -1;
+        return -1; /* LCOV_EXCL_LINE */
     }
     return 0;
 }
@@ -79,13 +79,13 @@ crypto_generichash_blake2b_init_salt_personal(crypto_generichash_blake2b_state *
     if (key == NULL || keylen <= 0U) {
         if (blake2b_init_salt_personal(state, (uint8_t) outlen,
                                        salt, personal) != 0) {
-            return -1;
+            return -1; /* LCOV_EXCL_LINE */
         }
     } else if (blake2b_init_key_salt_personal(state,
                                               (uint8_t) outlen, key,
                                               (uint8_t) keylen,
                                               salt, personal) != 0) {
-        return -1;
+        return -1; /* LCOV_EXCL_LINE */
     }
     return 0;
 }
diff --git a/src/libsodium/crypto_hash/sha256/cp/hash_sha256.c b/src/libsodium/crypto_hash/sha256/cp/hash_sha256.c
index 721bbe9..738794a 100644
--- a/src/libsodium/crypto_hash/sha256/cp/hash_sha256.c
+++ b/src/libsodium/crypto_hash/sha256/cp/hash_sha256.c
@@ -245,9 +245,11 @@ crypto_hash_sha256_update(crypto_hash_sha256_state *state,
     bitlen[1] = ((uint32_t)inlen) << 3;
     bitlen[0] = (uint32_t)(inlen >> 29);
 
+    /* LCOV_EXCL_START */
     if ((state->count[1] += bitlen[1]) < bitlen[1]) {
         state->count[0]++;
     }
+    /* LCOV_EXCL_STOP */
     state->count[0] += bitlen[0];
 
     if (inlen < 64 - r) {
diff --git a/src/libsodium/crypto_hash/sha512/cp/hash_sha512.c b/src/libsodium/crypto_hash/sha512/cp/hash_sha512.c
index a740770..e85be74 100644
--- a/src/libsodium/crypto_hash/sha512/cp/hash_sha512.c
+++ b/src/libsodium/crypto_hash/sha512/cp/hash_sha512.c
@@ -272,9 +272,11 @@ crypto_hash_sha512_update(crypto_hash_sha512_state *state,
     bitlen[1] = ((uint64_t)inlen) << 3;
     bitlen[0] = ((uint64_t)inlen) >> 61;
 
+    /* LCOV_EXCL_START */
     if ((state->count[1] += bitlen[1]) < bitlen[1]) {
         state->count[0]++;
     }
+    /* LCOV_EXCL_STOP */
     state->count[0] += bitlen[0];
 
     if (inlen < 128 - r) {
diff --git a/src/libsodium/crypto_hash/try.c b/src/libsodium/crypto_hash/try.c
deleted file mode 100644
index 5e8b569..0000000
--- a/src/libsodium/crypto_hash/try.c
+++ /dev/null
@@ -1,76 +0,0 @@
-/*
- * crypto_hash/try.c version 20090118
- * D. J. Bernstein
- * Public domain.
- */
-
-#include <stdlib.h>
-#include "crypto_hash.h"
-#include "utils.h"
-#include "windows/windows-quirks.h"
-
-extern unsigned char *alignedcalloc(unsigned long long);
-
-const char *primitiveimplementation = crypto_hash_IMPLEMENTATION;
-
-#define MAXTEST_BYTES (10000 + crypto_hash_BYTES)
-#define CHECKSUM_BYTES 4096
-#define TUNE_BYTES 1536
-
-static unsigned char *h;
-static unsigned char *h2;
-static unsigned char *m;
-static unsigned char *m2;
-
-void preallocate(void)
-{
-}
-
-void allocate(void)
-{
-  h = alignedcalloc(crypto_hash_BYTES);
-  h2 = alignedcalloc(crypto_hash_BYTES);
-  m = alignedcalloc(MAXTEST_BYTES);
-  m2 = alignedcalloc(MAXTEST_BYTES);
-}
-
-void predoit(void)
-{
-}
-
-void doit(void)
-{
-  crypto_hash(h,m,TUNE_BYTES);
-}
-
-char checksum[crypto_hash_BYTES * 2 + 1];
-
-const char *checksum_compute(void)
-{
-  long long i;
-  long long j;
-
-  for (i = 0;i < CHECKSUM_BYTES;++i) {
-    long long hlen = crypto_hash_BYTES;
-    long long mlen = i;
-    for (j = -16;j < 0;++j) h[j] = rand();
-    for (j = hlen;j < hlen + 16;++j) h[j] = rand();
-    for (j = -16;j < hlen + 16;++j) h2[j] = h[j];
-    for (j = -16;j < 0;++j) m[j] = rand();
-    for (j = mlen;j < mlen + 16;++j) m[j] = rand();
-    for (j = -16;j < mlen + 16;++j) m2[j] = m[j];
-    if (crypto_hash(h,m,mlen) != 0) return "crypto_hash returns nonzero";
-    for (j = -16;j < mlen + 16;++j) if (m2[j] != m[j]) return "crypto_hash writes to input";
-    for (j = -16;j < 0;++j) if (h2[j] != h[j]) return "crypto_hash writes before output";
-    for (j = hlen;j < hlen + 16;++j) if (h2[j] != h[j]) return "crypto_hash writes after output";
-    if (crypto_hash(m2,m2,mlen) != 0) return "crypto_hash returns nonzero";
-    for (j = 0;j < hlen;++j) if (m2[j] != h[j]) return "crypto_hash does not handle overlap";
-    for (j = 0;j < mlen;++j) m[j] ^= h[j % hlen];
-    m[mlen] = h[0];
-  }
-  if (crypto_hash(h,m,CHECKSUM_BYTES) != 0) return "crypto_hash returns nonzero";
-
-  sodium_bin2hex(checksum, sizeof checksum, h, crypto_hash_BYTES);
-
-  return 0;
-}
diff --git a/src/libsodium/crypto_onetimeauth/poly1305/donna/auth_poly1305_donna.c b/src/libsodium/crypto_onetimeauth/poly1305/donna/auth_poly1305_donna.c
index acd04c0..eb05e02 100644
--- a/src/libsodium/crypto_onetimeauth/poly1305/donna/auth_poly1305_donna.c
+++ b/src/libsodium/crypto_onetimeauth/poly1305/donna/auth_poly1305_donna.c
@@ -86,12 +86,13 @@ crypto_onetimeauth_poly1305_donna_final(crypto_onetimeauth_poly1305_state *state
     return 0;
 }
 
-
+/* LCOV_EXCL_START */
 const char *
 crypto_onetimeauth_poly1305_donna_implementation_name(void)
 {
     return POLY1305_IMPLEMENTATION_NAME;
 }
+/* LCOV_EXCL_STOP */
 
 struct crypto_onetimeauth_poly1305_implementation
 crypto_onetimeauth_poly1305_donna_implementation = {
diff --git a/src/libsodium/crypto_onetimeauth/poly1305/onetimeauth_poly1305.c b/src/libsodium/crypto_onetimeauth/poly1305/onetimeauth_poly1305.c
index 3eb28e5..14253b7 100644
--- a/src/libsodium/crypto_onetimeauth/poly1305/onetimeauth_poly1305.c
+++ b/src/libsodium/crypto_onetimeauth/poly1305/onetimeauth_poly1305.c
@@ -2,6 +2,7 @@
 #include "crypto_onetimeauth_poly1305.h"
 #include "donna/poly1305_donna.h"
 
+/* LCOV_EXCL_START */
 static const crypto_onetimeauth_poly1305_implementation *implementation =
     &crypto_onetimeauth_poly1305_donna_implementation;
 
@@ -18,6 +19,7 @@ crypto_onetimeauth_poly1305_implementation_name(void)
 {
     return implementation->implementation_name();
 }
+/* LCOV_EXCL_STOP */
 
 int
 crypto_onetimeauth_poly1305(unsigned char *out, const unsigned char *in,
diff --git a/src/libsodium/crypto_pwhash/scryptsalsa208sha256/crypto_scrypt-common.c b/src/libsodium/crypto_pwhash/scryptsalsa208sha256/crypto_scrypt-common.c
index 837ce3f..01a1e09 100644
--- a/src/libsodium/crypto_pwhash/scryptsalsa208sha256/crypto_scrypt-common.c
+++ b/src/libsodium/crypto_pwhash/scryptsalsa208sha256/crypto_scrypt-common.c
@@ -36,7 +36,7 @@ encode64_uint32(uint8_t * dst, size_t dstlen, uint32_t src, uint32_t srcbits)
 
     for (bit = 0; bit < srcbits; bit += 6) {
         if (dstlen < 1) {
-            return NULL;
+            return NULL; /* LCOV_EXCL_LINE */
         }
         *dst++ = itoa64[src & 0x3f];
         dstlen--;
@@ -60,7 +60,7 @@ encode64(uint8_t * dst, size_t dstlen, const uint8_t * src, size_t srclen)
         } while (bits < 24 && i < srclen);
         dnext = encode64_uint32(dst, dstlen, value, bits);
         if (!dnext) {
-            return NULL;
+            return NULL; /* LCOV_EXCL_LINE */
         }
         dstlen -= dnext - dst;
         dst = dnext;
@@ -171,8 +171,8 @@ escrypt_r(escrypt_local_t * local, const uint8_t * passwd, size_t passwdlen,
 
     dst = encode64(dst, buflen - (dst - buf), hash, sizeof(hash));
     sodium_memzero(hash, sizeof hash);
-    if (!dst || dst >= buf + buflen) { /* Can't happen */
-        return NULL;
+    if (!dst || dst >= buf + buflen) {
+        return NULL; /* Can't happen LCOV_EXCL_LINE */
     }
     *dst = 0; /* NUL termination */
 
@@ -192,7 +192,7 @@ escrypt_gensalt_r(uint32_t N_log2, uint32_t r, uint32_t p,
 
     need = prefixlen + saltlen + 1;
     if (need > buflen || need < saltlen || saltlen < srclen) {
-        return NULL;
+        return NULL; /* LCOV_EXCL_LINE */
     }
     if (N_log2 > 63 || ((uint64_t)r * (uint64_t)p >= (1U << 30))) {
         return NULL;
@@ -205,16 +205,16 @@ escrypt_gensalt_r(uint32_t N_log2, uint32_t r, uint32_t p,
     *dst++ = itoa64[N_log2];
 
     dst = encode64_uint32(dst, buflen - (dst - buf), r, 30);
-    if (!dst) { /* Can't happen */
-        return NULL;
+    if (!dst) {
+        return NULL; /* Can't happen LCOV_EXCL_LINE */
     }
     dst = encode64_uint32(dst, buflen - (dst - buf), p, 30);
-    if (!dst) { /* Can't happen */
-        return NULL;
+    if (!dst) {
+        return NULL; /* Can't happen LCOV_EXCL_LINE */
     }
     dst = encode64(dst, buflen - (dst - buf), src, srclen);
-    if (!dst || dst >= buf + buflen) { /* Can't happen */
-        return NULL;
+    if (!dst || dst >= buf + buflen) {
+        return NULL; /* Can't happen LCOV_EXCL_LINE */
     }
     *dst = 0; /* NUL termination */
 
@@ -232,7 +232,7 @@ crypto_pwhash_scryptsalsa208sha256_ll(const uint8_t * passwd, size_t passwdlen,
     int             retval;
 
     if (escrypt_init_local(&local)) {
-        return -1;
+        return -1; /* LCOV_EXCL_LINE */
     }
 #if defined(HAVE_EMMINTRIN_H) || defined(_MSC_VER)
     escrypt_kdf =
@@ -244,7 +244,7 @@ crypto_pwhash_scryptsalsa208sha256_ll(const uint8_t * passwd, size_t passwdlen,
                          passwd, passwdlen, salt, saltlen,
                          N, r, p, buf, buflen);
     if (escrypt_free_local(&local)) {
-        return -1;
+        return -1; /* LCOV_EXCL_LINE */
     }
     return retval;
 }
diff --git a/src/libsodium/crypto_pwhash/scryptsalsa208sha256/pbkdf2-sha256.c b/src/libsodium/crypto_pwhash/scryptsalsa208sha256/pbkdf2-sha256.c
index ac426d3..9b585a2 100644
--- a/src/libsodium/crypto_pwhash/scryptsalsa208sha256/pbkdf2-sha256.c
+++ b/src/libsodium/crypto_pwhash/scryptsalsa208sha256/pbkdf2-sha256.c
@@ -44,41 +44,42 @@ void
 PBKDF2_SHA256(const uint8_t * passwd, size_t passwdlen, const uint8_t * salt,
               size_t saltlen, uint64_t c, uint8_t * buf, size_t dkLen)
 {
-        crypto_auth_hmacsha256_state PShctx, hctx;
-        size_t          i;
-        uint8_t         ivec[4];
-        uint8_t         U[32];
-        uint8_t         T[32];
-        uint64_t        j;
-        int             k;
-        size_t          clen;
+    crypto_auth_hmacsha256_state PShctx, hctx;
+    size_t          i;
+    uint8_t         ivec[4];
+    uint8_t         U[32];
+    uint8_t         T[32];
+    uint64_t        j;
+    int             k;
+    size_t          clen;
 
     crypto_auth_hmacsha256_init(&PShctx, passwd, passwdlen);
     crypto_auth_hmacsha256_update(&PShctx, salt, saltlen);
 
-        for (i = 0; i * 32 < dkLen; i++) {
-                be32enc(ivec, (uint32_t)(i + 1));
-                memcpy(&hctx, &PShctx, sizeof(crypto_auth_hmacsha256_state));
-                crypto_auth_hmacsha256_update(&hctx, ivec, 4);
-                crypto_auth_hmacsha256_final(&hctx, U);
+    for (i = 0; i * 32 < dkLen; i++) {
+        be32enc(ivec, (uint32_t)(i + 1));
+        memcpy(&hctx, &PShctx, sizeof(crypto_auth_hmacsha256_state));
+        crypto_auth_hmacsha256_update(&hctx, ivec, 4);
+        crypto_auth_hmacsha256_final(&hctx, U);
 
-                memcpy(T, U, 32);
+        memcpy(T, U, 32);
+        /* LCOV_EXCL_START */
+        for (j = 2; j <= c; j++) {
+            crypto_auth_hmacsha256_init(&hctx, passwd, passwdlen);
+            crypto_auth_hmacsha256_update(&hctx, U, 32);
+            crypto_auth_hmacsha256_final(&hctx, U);
 
-                for (j = 2; j <= c; j++) {
-                        crypto_auth_hmacsha256_init(&hctx, passwd, passwdlen);
-                        crypto_auth_hmacsha256_update(&hctx, U, 32);
-                        crypto_auth_hmacsha256_final(&hctx, U);
-
-                        for (k = 0; k < 32; k++) {
-                                T[k] ^= U[k];
+            for (k = 0; k < 32; k++) {
+                T[k] ^= U[k];
             }
-                }
-
-                clen = dkLen - i * 32;
-                if (clen > 32) {
-                        clen = 32;
         }
-                memcpy(&buf[i * 32], T, clen);
+        /* LCOV_EXCL_STOP */
+
+        clen = dkLen - i * 32;
+        if (clen > 32) {
+            clen = 32;
         }
+        memcpy(&buf[i * 32], T, clen);
+    }
     sodium_memzero((void *) &PShctx, sizeof PShctx);
 }
diff --git a/src/libsodium/crypto_pwhash/scryptsalsa208sha256/pwhash_scryptsalsa208sha256.c b/src/libsodium/crypto_pwhash/scryptsalsa208sha256/pwhash_scryptsalsa208sha256.c
index b4e64a5..e7962cc 100644
--- a/src/libsodium/crypto_pwhash/scryptsalsa208sha256/pwhash_scryptsalsa208sha256.c
+++ b/src/libsodium/crypto_pwhash/scryptsalsa208sha256/pwhash_scryptsalsa208sha256.c
@@ -41,9 +41,11 @@ pickparams(unsigned long long opslimit, const size_t memlimit,
             }
         }
         maxrp = (opslimit / 4) / ((uint64_t) (1) << *N_log2);
+        /* LCOV_EXCL_START */
         if (maxrp > 0x3fffffff) {
             maxrp = 0x3fffffff;
         }
+        /* LCOV_EXCL_STOP */
         *p = (uint32_t) (maxrp) / *r;
     }
     return 0;
@@ -61,6 +63,12 @@ crypto_pwhash_scryptsalsa208sha256_strbytes(void)
     return crypto_pwhash_scryptsalsa208sha256_STRBYTES;
 }
 
+const char *
+crypto_pwhash_scryptsalsa208sha256_strprefix(void)
+{
+    return crypto_pwhash_scryptsalsa208sha256_STRPREFIX;
+}
+
 size_t
 crypto_pwhash_scryptsalsa208sha256_opslimit_interactive(void)
 {
@@ -100,12 +108,12 @@ crypto_pwhash_scryptsalsa208sha256(unsigned char * const out,
 
     memset(out, 0, outlen);
     if (passwdlen > SIZE_MAX || outlen > SIZE_MAX) {
-        errno = EFBIG;
-        return -1;
+        errno = EFBIG; /* LCOV_EXCL_LINE */
+        return -1; /* LCOV_EXCL_LINE */
     }
     if (pickparams(opslimit, memlimit, &N_log2, &p, &r) != 0) {
-        errno = EINVAL;
-        return -1;
+        errno = EINVAL; /* LCOV_EXCL_LINE */
+        return -1; /* LCOV_EXCL_LINE */
     }
     return crypto_pwhash_scryptsalsa208sha256_ll((const uint8_t *) passwd,
                                                  (size_t) passwdlen,
@@ -131,28 +139,30 @@ crypto_pwhash_scryptsalsa208sha256_str(char out[crypto_pwhash_scryptsalsa208sha2
 
     memset(out, 0, crypto_pwhash_scryptsalsa208sha256_STRBYTES);
     if (passwdlen > SIZE_MAX) {
-        errno = EFBIG;
-        return -1;
+        errno = EFBIG; /* LCOV_EXCL_LINE */
+        return -1; /* LCOV_EXCL_LINE */
     }
     if (pickparams(opslimit, memlimit, &N_log2, &p, &r) != 0) {
-        errno = EINVAL;
-        return -1;
+        errno = EINVAL; /* LCOV_EXCL_LINE */
+        return -1; /* LCOV_EXCL_LINE */
     }
     randombytes_buf(salt, sizeof salt);
     if (escrypt_gensalt_r(N_log2, r, p, salt, sizeof salt,
                           (uint8_t *) setting, sizeof setting) == NULL) {
-        errno = EINVAL;
-        return -1;
+        errno = EINVAL; /* LCOV_EXCL_LINE */
+        return -1; /* LCOV_EXCL_LINE */
     }
     if (escrypt_init_local(&escrypt_local) != 0) {
-        return -1;
+        return -1; /* LCOV_EXCL_LINE */
     }
     if (escrypt_r(&escrypt_local, (const uint8_t *) passwd, (size_t) passwdlen,
                   (const uint8_t *) setting, (uint8_t *) out,
                   crypto_pwhash_scryptsalsa208sha256_STRBYTES) == NULL) {
+        /* LCOV_EXCL_START */
         escrypt_free_local(&escrypt_local);
         errno = EINVAL;
         return -1;
+        /* LCOV_EXCL_STOP */
     }
     escrypt_free_local(&escrypt_local);
 
@@ -181,7 +191,7 @@ crypto_pwhash_scryptsalsa208sha256_str_verify(const char str[crypto_pwhash_scryp
         return -1;
     }
     if (escrypt_init_local(&escrypt_local) != 0) {
-        return -1;
+        return -1; /* LCOV_EXCL_LINE */
     }
     if (escrypt_r(&escrypt_local, (const uint8_t *) passwd, (size_t) passwdlen,
                   (const uint8_t *) str, (uint8_t *) wanted,
diff --git a/src/libsodium/crypto_pwhash/scryptsalsa208sha256/scrypt_platform.c b/src/libsodium/crypto_pwhash/scryptsalsa208sha256/scrypt_platform.c
index cddf964..da8b433 100644
--- a/src/libsodium/crypto_pwhash/scryptsalsa208sha256/scrypt_platform.c
+++ b/src/libsodium/crypto_pwhash/scryptsalsa208sha256/scrypt_platform.c
@@ -43,7 +43,7 @@ alloc_region(escrypt_region_t * region, size_t size)
 	    MAP_ANON | MAP_PRIVATE,
 #endif
 	    -1, 0)) == MAP_FAILED)
-		base = NULL;
+		base = NULL; /* LCOV_EXCL_LINE */
 	aligned = base;
 #elif defined(HAVE_POSIX_MEMALIGN)
 	if ((errno = posix_memalign((void **) &base, 64, size)) != 0)
@@ -77,7 +77,7 @@ free_region(escrypt_region_t * region)
 	if (region->base) {
 #ifdef MAP_ANON
 		if (munmap(region->base, region->size))
-			return -1;
+			return -1; /* LCOV_EXCL_LINE */
 #else
 		free(region->base);
 #endif
diff --git a/src/libsodium/crypto_pwhash/scryptsalsa208sha256/sse/pwhash_scryptsalsa208sha256_sse.c b/src/libsodium/crypto_pwhash/scryptsalsa208sha256/sse/pwhash_scryptsalsa208sha256_sse.c
index d340dd0..15d4a14 100644
--- a/src/libsodium/crypto_pwhash/scryptsalsa208sha256/sse/pwhash_scryptsalsa208sha256_sse.c
+++ b/src/libsodium/crypto_pwhash/scryptsalsa208sha256/sse/pwhash_scryptsalsa208sha256_sse.c
@@ -365,9 +365,9 @@ escrypt_kdf_sse(escrypt_local_t * local,
 	}
 	if (local->size < need) {
 		if (free_region(local))
-			return -1;
+			return -1; /* LCOV_EXCL_LINE */
 		if (!alloc_region(local, need))
-			return -1;
+			return -1; /* LCOV_EXCL_LINE */
 	}
 	B = (uint8_t *)local->aligned;
 	V = (uint32_t *)((uint8_t *)B + B_size);
diff --git a/src/libsodium/crypto_scalarmult/curve25519/ref10/pow225521.h b/src/libsodium/crypto_scalarmult/curve25519/ref10/pow225521.h
index 109df77..8397222 100644
--- a/src/libsodium/crypto_scalarmult/curve25519/ref10/pow225521.h
+++ b/src/libsodium/crypto_scalarmult/curve25519/ref10/pow225521.h
@@ -50,7 +50,7 @@
 /* qhasm: z2 = z1^2^1 */
 /* asm 1: fe_sq(>z2=fe#1,<z1=fe#11); for (i = 1;i < 1;++i) fe_sq(>z2=fe#1,>z2=fe#1); */
 /* asm 2: fe_sq(>z2=t0,<z1=z); for (i = 1;i < 1;++i) fe_sq(>z2=t0,>z2=t0); */
-fe_sq(t0,z); for (i = 1;i < 1;++i) fe_sq(t0,t0);
+fe_sq(t0,z); /* for (i = 1;i < 1;++i) fe_sq(t0,t0); */
 
 /* qhasm: z8 = z2^2^2 */
 /* asm 1: fe_sq(>z8=fe#2,<z2=fe#1); for (i = 1;i < 2;++i) fe_sq(>z8=fe#2,>z8=fe#2); */
@@ -70,7 +70,7 @@ fe_mul(t0,t0,t1);
 /* qhasm: z22 = z11^2^1 */
 /* asm 1: fe_sq(>z22=fe#3,<z11=fe#1); for (i = 1;i < 1;++i) fe_sq(>z22=fe#3,>z22=fe#3); */
 /* asm 2: fe_sq(>z22=t2,<z11=t0); for (i = 1;i < 1;++i) fe_sq(>z22=t2,>z22=t2); */
-fe_sq(t2,t0); for (i = 1;i < 1;++i) fe_sq(t2,t2);
+fe_sq(t2,t0); /* for (i = 1;i < 1;++i) fe_sq(t2,t2); */
 
 /* qhasm: z_5_0 = z9*z22 */
 /* asm 1: fe_mul(>z_5_0=fe#2,<z9=fe#2,<z22=fe#3); */
diff --git a/src/libsodium/crypto_scalarmult/try.c b/src/libsodium/crypto_scalarmult/try.c
deleted file mode 100644
index 1f75ab7..0000000
--- a/src/libsodium/crypto_scalarmult/try.c
+++ /dev/null
@@ -1,125 +0,0 @@
-/*
- * crypto_scalarmult/try.c version 20090118
- * D. J. Bernstein
- * Public domain.
- */
-
-#include <stdlib.h>
-#include "crypto_scalarmult.h"
-#include "utils.h"
-#include "windows/windows-quirks.h"
-
-extern unsigned char *alignedcalloc(unsigned long long);
-
-const char *primitiveimplementation = crypto_scalarmult_IMPLEMENTATION;
-
-#define mlen crypto_scalarmult_SCALARBYTES
-#define nlen crypto_scalarmult_SCALARBYTES
-#define plen crypto_scalarmult_BYTES
-#define qlen crypto_scalarmult_BYTES
-#define rlen crypto_scalarmult_BYTES
-
-static unsigned char *m;
-static unsigned char *n;
-static unsigned char *p;
-static unsigned char *q;
-static unsigned char *r;
-
-static unsigned char *m2;
-static unsigned char *n2;
-static unsigned char *p2;
-static unsigned char *q2;
-static unsigned char *r2;
-
-void preallocate(void)
-{
-}
-
-void allocate(void)
-{
-  m = alignedcalloc(mlen);
-  n = alignedcalloc(nlen);
-  p = alignedcalloc(plen);
-  q = alignedcalloc(qlen);
-  r = alignedcalloc(rlen);
-  m2 = alignedcalloc(mlen + crypto_scalarmult_BYTES);
-  n2 = alignedcalloc(nlen + crypto_scalarmult_BYTES);
-  p2 = alignedcalloc(plen + crypto_scalarmult_BYTES);
-  q2 = alignedcalloc(qlen + crypto_scalarmult_BYTES);
-  r2 = alignedcalloc(rlen + crypto_scalarmult_BYTES);
-}
-
-void predoit(void)
-{
-}
-
-void doit(void)
-{
-  crypto_scalarmult(q,n,p);
-  crypto_scalarmult_base(r,n);
-}
-
-char checksum[crypto_scalarmult_BYTES * 2 + 1];
-
-const char *checksum_compute(void)
-{
-  long long i;
-  long long j;
-  long long tests;
-
-  for (i = 0;i < mlen;++i) m[i] = i;
-  for (i = 0;i < nlen;++i) n[i] = i + 1;
-  for (i = 0;i < plen;++i) p[i] = i + 2;
-  for (i = 0;i < qlen;++i) q[i] = i + 3;
-  for (i = 0;i < rlen;++i) r[i] = i + 4;
-
-  for (i = -16;i < 0;++i) p[i] = rand();
-  for (i = -16;i < 0;++i) n[i] = rand();
-  for (i = plen;i < plen + 16;++i) p[i] = rand();
-  for (i = nlen;i < nlen + 16;++i) n[i] = rand();
-  for (i = -16;i < plen + 16;++i) p2[i] = p[i];
-  for (i = -16;i < nlen + 16;++i) n2[i] = n[i];
-
-  if (crypto_scalarmult_base(p,n) != 0) return "crypto_scalarmult_base returns nonzero";
-
-  for (i = -16;i < nlen + 16;++i) if (n2[i] != n[i]) return "crypto_scalarmult_base overwrites input";
-  for (i = -16;i < 0;++i) if (p2[i] != p[i]) return "crypto_scalarmult_base writes before output";
-  for (i = plen;i < plen + 16;++i) if (p2[i] != p[i]) return "crypto_scalarmult_base writes after output";
-
-  for (tests = 0;tests < 100;++tests) {
-    for (i = -16;i < 0;++i) q[i] = rand();
-    for (i = -16;i < 0;++i) p[i] = rand();
-    for (i = -16;i < 0;++i) m[i] = rand();
-    for (i = qlen;i < qlen + 16;++i) q[i] = rand();
-    for (i = plen;i < plen + 16;++i) p[i] = rand();
-    for (i = mlen;i < mlen + 16;++i) m[i] = rand();
-    for (i = -16;i < qlen + 16;++i) q2[i] = q[i];
-    for (i = -16;i < plen + 16;++i) p2[i] = p[i];
-    for (i = -16;i < mlen + 16;++i) m2[i] = m[i];
-
-    if (crypto_scalarmult(q,m,p) != 0) return "crypto_scalarmult returns nonzero";
-
-    for (i = -16;i < mlen + 16;++i) if (m2[i] != m[i]) return "crypto_scalarmult overwrites n input";
-    for (i = -16;i < plen + 16;++i) if (p2[i] != p[i]) return "crypto_scalarmult overwrites p input";
-    for (i = -16;i < 0;++i) if (q2[i] != q[i]) return "crypto_scalarmult writes before output";
-    for (i = qlen;i < qlen + 16;++i) if (q2[i] != q[i]) return "crypto_scalarmult writes after output";
-
-    if (crypto_scalarmult(m2,m2,p) != 0) return "crypto_scalarmult returns nonzero";
-    for (i = 0;i < qlen;++i) if (q[i] != m2[i]) return "crypto_scalarmult does not handle n overlap";
-    for (i = 0;i < qlen;++i) m2[i] = m[i];
-
-    if (crypto_scalarmult(p2,m2,p2) != 0) return "crypto_scalarmult returns nonzero";
-    for (i = 0;i < qlen;++i) if (q[i] != p2[i]) return "crypto_scalarmult does not handle p overlap";
-
-    if (crypto_scalarmult(r,n,q) != 0) return "crypto_scalarmult returns nonzero";
-    if (crypto_scalarmult(q,n,p) != 0) return "crypto_scalarmult returns nonzero";
-    if (crypto_scalarmult(p,m,q) != 0) return "crypto_scalarmult returns nonzero";
-    for (j = 0;j < plen;++j) if (p[j] != r[j]) return "crypto_scalarmult not associative";
-    for (j = 0;j < mlen;++j) m[j] ^= q[j % qlen];
-    for (j = 0;j < nlen;++j) n[j] ^= p[j % plen];
-  }
-
-  sodium_bin2hex(checksum, sizeof checksum, p, crypto_scalarmult_BYTES);
-
-  return 0;
-}
diff --git a/src/libsodium/crypto_secretbox/crypto_secretbox_easy.c b/src/libsodium/crypto_secretbox/crypto_secretbox_easy.c
index 08de096..5000a05 100644
--- a/src/libsodium/crypto_secretbox/crypto_secretbox_easy.c
+++ b/src/libsodium/crypto_secretbox/crypto_secretbox_easy.c
@@ -27,9 +27,6 @@ crypto_secretbox_detached(unsigned char *c, unsigned char *mac,
     unsigned long long                i;
     unsigned long long                mlen0;
 
-    if (mlen > SIZE_MAX - crypto_secretbox_MACBYTES) {
-        return -1;
-    }
     crypto_core_hsalsa20(subkey, n, k, sigma);
 
     memset(block0, 0U, crypto_secretbox_ZEROBYTES);
@@ -68,6 +65,9 @@ crypto_secretbox_easy(unsigned char *c, const unsigned char *m,
                       unsigned long long mlen, const unsigned char *n,
                       const unsigned char *k)
 {
+    if (mlen > SIZE_MAX - crypto_secretbox_MACBYTES) {
+        return -1;
+    }
     return crypto_secretbox_detached(c + crypto_secretbox_MACBYTES,
                                      c, m, mlen, n, k);
 }
diff --git a/src/libsodium/crypto_secretbox/try.c b/src/libsodium/crypto_secretbox/try.c
deleted file mode 100644
index 9478187..0000000
--- a/src/libsodium/crypto_secretbox/try.c
+++ /dev/null
@@ -1,129 +0,0 @@
-/*
- * crypto_secretbox/try.c version 20090118
- * D. J. Bernstein
- * Public domain.
- */
-
-#include <stdlib.h>
-#include "crypto_secretbox.h"
-#include "utils.h"
-#include "windows/windows-quirks.h"
-
-extern unsigned char *alignedcalloc(unsigned long long);
-
-const char *primitiveimplementation = crypto_secretbox_IMPLEMENTATION;
-
-#define MAXTEST_BYTES 10000
-#define CHECKSUM_BYTES 4096
-#define TUNE_BYTES 1536
-
-static unsigned char *k;
-static unsigned char *n;
-static unsigned char *m;
-static unsigned char *c;
-static unsigned char *t;
-static unsigned char *k2;
-static unsigned char *n2;
-static unsigned char *m2;
-static unsigned char *c2;
-static unsigned char *t2;
-
-#define klen crypto_secretbox_KEYBYTES
-#define nlen crypto_secretbox_NONCEBYTES
-
-void preallocate(void)
-{
-}
-
-void allocate(void)
-{
-  k = alignedcalloc(klen);
-  n = alignedcalloc(nlen);
-  m = alignedcalloc(MAXTEST_BYTES + crypto_secretbox_ZEROBYTES);
-  c = alignedcalloc(MAXTEST_BYTES + crypto_secretbox_ZEROBYTES);
-  t = alignedcalloc(MAXTEST_BYTES + crypto_secretbox_ZEROBYTES);
-  k2 = alignedcalloc(klen);
-  n2 = alignedcalloc(nlen);
-  m2 = alignedcalloc(MAXTEST_BYTES + crypto_secretbox_ZEROBYTES);
-  c2 = alignedcalloc(MAXTEST_BYTES + crypto_secretbox_ZEROBYTES);
-  t2 = alignedcalloc(MAXTEST_BYTES + crypto_secretbox_ZEROBYTES);
-}
-
-void predoit(void)
-{
-}
-
-void doit(void)
-{
-  crypto_secretbox(c,m,TUNE_BYTES + crypto_secretbox_ZEROBYTES,n,k);
-  crypto_secretbox_open(t,c,TUNE_BYTES + crypto_secretbox_ZEROBYTES,n,k);
-}
-
-char checksum[klen * 2 + 1];
-
-const char *checksum_compute(void)
-{
-  long long i;
-  long long j;
-
-  for (j = 0;j < crypto_secretbox_ZEROBYTES;++j) m[j] = 0;
-
-  for (i = 0;i < CHECKSUM_BYTES;++i) {
-    long long mlen = i + crypto_secretbox_ZEROBYTES;
-    long long tlen = i + crypto_secretbox_ZEROBYTES;
-    long long clen = i + crypto_secretbox_ZEROBYTES;
-
-    for (j = -16;j < 0;++j) k[j] = rand();
-    for (j = -16;j < 0;++j) n[j] = rand();
-    for (j = -16;j < 0;++j) m[j] = rand();
-    for (j = klen;j < klen + 16;++j) k[j] = rand();
-    for (j = nlen;j < nlen + 16;++j) n[j] = rand();
-    for (j = mlen;j < mlen + 16;++j) m[j] = rand();
-    for (j = -16;j < klen + 16;++j) k2[j] = k[j];
-    for (j = -16;j < nlen + 16;++j) n2[j] = n[j];
-    for (j = -16;j < mlen + 16;++j) m2[j] = m[j];
-    for (j = -16;j < clen + 16;++j) c2[j] = c[j] = rand();
-
-    if (crypto_secretbox(c,m,mlen,n,k) != 0) return "crypto_secretbox returns nonzero";
-
-    for (j = -16;j < mlen + 16;++j) if (m2[j] != m[j]) return "crypto_secretbox overwrites m";
-    for (j = -16;j < nlen + 16;++j) if (n2[j] != n[j]) return "crypto_secretbox overwrites n";
-    for (j = -16;j < klen + 16;++j) if (k2[j] != k[j]) return "crypto_secretbox overwrites k";
-    for (j = -16;j < 0;++j) if (c2[j] != c[j]) return "crypto_secretbox writes before output";
-    for (j = clen;j < clen + 16;++j) if (c2[j] != c[j]) return "crypto_secretbox writes after output";
-    for (j = 0;j < crypto_secretbox_BOXZEROBYTES;++j)
-      if (c[j] != 0) return "crypto_secretbox does not clear extra bytes";
-
-    for (j = -16;j < 0;++j) c[j] = rand();
-    for (j = clen;j < clen + 16;++j) c[j] = rand();
-    for (j = -16;j < clen + 16;++j) c2[j] = c[j];
-    for (j = -16;j < tlen + 16;++j) t2[j] = t[j] = rand();
-
-    if (crypto_secretbox_open(t,c,clen,n,k) != 0) return "crypto_secretbox_open returns nonzero";
-
-    for (j = -16;j < clen + 16;++j) if (c2[j] != c[j]) return "crypto_secretbox_open overwrites c";
-    for (j = -16;j < nlen + 16;++j) if (n2[j] != n[j]) return "crypto_secretbox_open overwrites n";
-    for (j = -16;j < klen + 16;++j) if (k2[j] != k[j]) return "crypto_secretbox_open overwrites k";
-    for (j = -16;j < 0;++j) if (t2[j] != t[j]) return "crypto_secretbox_open writes before output";
-    for (j = tlen;j < tlen + 16;++j) if (t2[j] != t[j]) return "crypto_secretbox_open writes after output";
-    for (j = 0;j < crypto_secretbox_ZEROBYTES;++j)
-      if (t[j] != 0) return "crypto_secretbox_open does not clear extra bytes";
-
-    for (j = 0;j < i;++j) if (t[j] != m[j]) return "plaintext does not match";
-
-    for (j = 0;j < i;++j)
-      k[j % klen] ^= c[j + crypto_secretbox_BOXZEROBYTES];
-    crypto_secretbox(c,m,mlen,n,k);
-    for (j = 0;j < i;++j)
-      n[j % nlen] ^= c[j + crypto_secretbox_BOXZEROBYTES];
-    crypto_secretbox(c,m,mlen,n,k);
-    if (i == 0) m[crypto_secretbox_ZEROBYTES + 0] = 0;
-    m[crypto_secretbox_ZEROBYTES + i] = m[crypto_secretbox_ZEROBYTES + 0];
-    for (j = 0;j < i;++j)
-      m[j + crypto_secretbox_ZEROBYTES] ^= c[j + crypto_secretbox_BOXZEROBYTES];
-  }
-
-  sodium_bin2hex(checksum, sizeof checksum, k, klen);
-
-  return 0;
-}
diff --git a/src/libsodium/crypto_sign/ed25519/ref10/keypair.c b/src/libsodium/crypto_sign/ed25519/ref10/keypair.c
index 7955647..2268cd6 100644
--- a/src/libsodium/crypto_sign/ed25519/ref10/keypair.c
+++ b/src/libsodium/crypto_sign/ed25519/ref10/keypair.c
@@ -2,8 +2,11 @@
 #include <string.h>
 
 #include "api.h"
-#include "randombytes.h"
 #include "crypto_hash_sha512.h"
+#include "crypto_scalarmult_curve25519.h"
+#include "randombytes.h"
+#include "utils.h"
+#include "fe.h"
 #include "ge.h"
 
 int crypto_sign_seed_keypair(unsigned char *pk, unsigned char *sk,
@@ -27,7 +30,47 @@ int crypto_sign_seed_keypair(unsigned char *pk, unsigned char *sk,
 int crypto_sign_keypair(unsigned char *pk, unsigned char *sk)
 {
     unsigned char seed[32];
+    int           ret;
+
+    randombytes_buf(seed, sizeof seed);
+    ret = crypto_sign_seed_keypair(pk, sk, seed);
+    sodium_memzero(seed, sizeof seed);
+
+    return ret;
+}
+
+int crypto_sign_ed25519_pk_to_curve25519(unsigned char *curve25519_pk,
+                                         const unsigned char *ed25519_pk)
+{
+    ge_p3 A;
+    fe    x;
+    fe    one_minus_y;
 
-    randombytes(seed,32);
-    return crypto_sign_seed_keypair(pk,sk,seed);
+    ge_frombytes_negate_vartime(&A, ed25519_pk);
+    fe_1(one_minus_y);
+    fe_sub(one_minus_y, one_minus_y, A.Y);
+    fe_invert(one_minus_y, one_minus_y);
+    fe_1(x);
+    fe_add(x, x, A.Y);
+    fe_mul(x, x, one_minus_y);
+    fe_tobytes(curve25519_pk, x);
+
+    return 0;
+}
+
+int crypto_sign_ed25519_sk_to_curve25519(unsigned char *curve25519_sk,
+                                         const unsigned char *ed25519_sk)
+{
+    unsigned char h[crypto_hash_sha512_BYTES];
+
+    crypto_hash_sha512(h, ed25519_sk,
+                       crypto_sign_ed25519_SECRETKEYBYTES -
+                       crypto_sign_ed25519_PUBLICKEYBYTES);
+    h[0] &= 248;
+    h[31] &= 127;
+    h[31] |= 64;
+    memcpy(curve25519_sk, h, crypto_scalarmult_curve25519_BYTES);
+    sodium_memzero(h, sizeof h);
+
+    return 0;
 }
diff --git a/src/libsodium/crypto_sign/ed25519/ref10/open.c b/src/libsodium/crypto_sign/ed25519/ref10/open.c
index 36eb084..488333e 100644
--- a/src/libsodium/crypto_sign/ed25519/ref10/open.c
+++ b/src/libsodium/crypto_sign/ed25519/ref10/open.c
@@ -43,16 +43,8 @@ crypto_sign_verify_detached(const unsigned char *sig, const unsigned char *m,
     ge_double_scalarmult_vartime(&R, h, &A, sig + 32);
     ge_tobytes(rcheck, &R);
 
-    if (crypto_verify_32(rcheck, sig) != 0) {
-        return -1;
-    }
-    if (sig == rcheck) {
-        return -1;
-    }
-    if (sodium_memcmp(sig, rcheck, 32) != 0) {
-        return -1;
-    }
-    return 0;
+    return crypto_verify_32(rcheck, sig) | (-(rcheck - sig == 0)) |
+           sodium_memcmp(sig, rcheck, 32);
 }
 
 int
diff --git a/src/libsodium/crypto_sign/ed25519/ref10/sign.c b/src/libsodium/crypto_sign/ed25519/ref10/sign.c
index 88f4710..1ee5d6c 100644
--- a/src/libsodium/crypto_sign/ed25519/ref10/sign.c
+++ b/src/libsodium/crypto_sign/ed25519/ref10/sign.c
@@ -5,6 +5,7 @@
 #include "crypto_hash_sha512.h"
 #include "ge.h"
 #include "sc.h"
+#include "utils.h"
 
 int
 crypto_sign_detached(unsigned char *sig, unsigned long long *siglen,
@@ -44,6 +45,9 @@ crypto_sign_detached(unsigned char *sig, unsigned long long *siglen,
     sc_reduce(hram);
     sc_muladd(sig + 32, hram, az, nonce);
 
+    sodium_memzero(az, sizeof az);
+    sodium_memzero(nonce, sizeof nonce);
+
     if (siglen != NULL) {
         *siglen = 64U;
     }
@@ -57,13 +61,19 @@ crypto_sign(unsigned char *sm, unsigned long long *smlen,
 {
     unsigned long long siglen;
 
-    if (crypto_sign_detached(sm, &siglen, m, mlen, sk) != 0 ||
-        siglen > crypto_sign_ed25519_BYTES) {
-        *smlen = 0;
+    memmove(sm + crypto_sign_ed25519_BYTES, m, mlen);
+/* LCOV_EXCL_START */
+    if (crypto_sign_detached(sm, &siglen, sm + crypto_sign_ed25519_BYTES,
+                             mlen, sk) != 0 ||
+        siglen != crypto_sign_ed25519_BYTES) {
+        if (smlen != NULL) {
+            *smlen = 0;
+        }
         memset(sm, 0, mlen + crypto_sign_ed25519_BYTES);
         return -1;
     }
-    memmove(sm + siglen, m, mlen);
+/* LCOV_EXCL_STOP */
+
     if (smlen != NULL) {
         *smlen = mlen + siglen;
     }
diff --git a/src/libsodium/crypto_sign/ed25519/sign_ed25519_api.c b/src/libsodium/crypto_sign/ed25519/sign_ed25519_api.c
index 9f999d2..7ba6b4c 100644
--- a/src/libsodium/crypto_sign/ed25519/sign_ed25519_api.c
+++ b/src/libsodium/crypto_sign/ed25519/sign_ed25519_api.c
@@ -1,3 +1,6 @@
+
+#include <string.h>
+
 #include "crypto_sign_ed25519.h"
 
 size_t
@@ -19,3 +22,18 @@ size_t
 crypto_sign_ed25519_secretkeybytes(void) {
     return crypto_sign_ed25519_SECRETKEYBYTES;
 }
+
+int
+crypto_sign_ed25519_sk_to_seed(unsigned char *seed, const unsigned char *sk)
+{
+    memmove(seed, sk, crypto_sign_ed25519_SEEDBYTES);
+    return 0;
+}
+
+int
+crypto_sign_ed25519_sk_to_pk(unsigned char *pk, const unsigned char *sk)
+{
+    memmove(pk, sk + crypto_sign_ed25519_SEEDBYTES,
+            crypto_sign_ed25519_PUBLICKEYBYTES);
+    return 0;
+}
diff --git a/src/libsodium/crypto_sign/edwards25519sha512batch/ref/sign_edwards25519sha512batch.c b/src/libsodium/crypto_sign/edwards25519sha512batch/ref/sign_edwards25519sha512batch.c
index 885d7b1..9c548dc 100644
--- a/src/libsodium/crypto_sign/edwards25519sha512batch/ref/sign_edwards25519sha512batch.c
+++ b/src/libsodium/crypto_sign/edwards25519sha512batch/ref/sign_edwards25519sha512batch.c
@@ -13,7 +13,7 @@ int crypto_sign_keypair(
   sc25519 scsk;
   ge25519 gepk;
 
-  randombytes(sk, 32);
+  randombytes_buf(sk, 32);
   crypto_hash_sha512(sk, sk, 32);
   sk[0] &= 248;
   sk[31] &= 127;
diff --git a/src/libsodium/crypto_sign/try.c b/src/libsodium/crypto_sign/try.c
deleted file mode 100644
index 8ea81b6..0000000
--- a/src/libsodium/crypto_sign/try.c
+++ /dev/null
@@ -1,87 +0,0 @@
-/*
- * crypto_sign/try.c version 20090118
- * D. J. Bernstein
- * Public domain.
- */
-
-#include <stdlib.h>
-#include "randombytes.h"
-#include "crypto_sign.h"
-#include "windows/windows-quirks.h"
-
-#define MAXTEST_BYTES 10000
-#define TUNE_BYTES 1536
-
-extern unsigned char *alignedcalloc(unsigned long long);
-
-const char *primitiveimplementation = crypto_sign_IMPLEMENTATION;
-
-static unsigned char *pk;
-static unsigned char *sk;
-static unsigned char *m; unsigned long long mlen;
-static unsigned char *sm; unsigned long long smlen;
-static unsigned char *t; unsigned long long tlen;
-
-void preallocate(void)
-{
-#ifdef RAND_R_PRNG_NOT_SEEDED
-  RAND_status();
-#endif
-}
-
-void allocate(void)
-{
-  pk = alignedcalloc(crypto_sign_PUBLICKEYBYTES);
-  sk = alignedcalloc(crypto_sign_SECRETKEYBYTES);
-  m = alignedcalloc(MAXTEST_BYTES + crypto_sign_BYTES);
-  sm = alignedcalloc(MAXTEST_BYTES + crypto_sign_BYTES);
-  t = alignedcalloc(MAXTEST_BYTES + crypto_sign_BYTES);
-}
-
-void predoit(void)
-{
-  crypto_sign_keypair(pk,sk);
-  mlen = TUNE_BYTES;
-  smlen = 0;
-  randombytes(m,mlen);
-  crypto_sign(sm,&smlen,m,mlen,sk);
-}
-
-void doit(void)
-{
-  crypto_sign_open(t,&tlen,sm,smlen,pk);
-}
-
-char checksum[crypto_sign_BYTES * 2 + 1];
-
-const char *checksum_compute(void)
-{
-  long long mlen;
-  long long i;
-  long long j;
-
-  if (crypto_sign_keypair(pk,sk) != 0) return "crypto_sign_keypair returns nonzero";
-  for (mlen = 0;mlen < MAXTEST_BYTES;mlen += 1 + (mlen / 16)) {
-    if (crypto_sign(sm,&smlen,m,mlen,sk) != 0) return "crypto_sign returns nonzero";
-    if (crypto_sign_open(t,&tlen,sm,smlen,pk) != 0) return "crypto_sign_open returns nonzero";
-    if (tlen != mlen) return "crypto_sign_open does not match length";
-    for (i = 0;i < tlen;++i)
-      if (t[i] != m[i])
-        return "crypto_sign_open does not match contents";
-
-    j = rand() % smlen;
-    sm[j] ^= 1;
-    if (crypto_sign_open(t,&tlen,sm,smlen,pk) == 0) {
-      if (tlen != mlen) return "crypto_sign_open allows trivial forgery of length";
-      for (i = 0;i < tlen;++i)
-        if (t[i] != m[i])
-          return "crypto_sign_open allows trivial forgery of contents";
-    }
-    sm[j] ^= 1;
-
-  }
-
-  /* do some long-term checksum */
-  checksum[0] = 0;
-  return 0;
-}
diff --git a/src/libsodium/crypto_stream/aes256estream/hongjun/aes-table-be.h b/src/libsodium/crypto_stream/aes256estream/hongjun/aes-table-be.h
deleted file mode 100644
index 8a4a49c..0000000
--- a/src/libsodium/crypto_stream/aes256estream/hongjun/aes-table-be.h
+++ /dev/null
@@ -1,273 +0,0 @@
-
-#ifndef __AES_TABLE_BE_H__
-#define __AES_TABLE_BE_H__
-
-ALIGN(64) static unsigned int T0[256] = {
-    0xc66363a5, 0xf87c7c84, 0xee777799, 0xf67b7b8d,
-    0xfff2f20d, 0xd66b6bbd, 0xde6f6fb1, 0x91c5c554,
-    0x60303050, 0x02010103, 0xce6767a9, 0x562b2b7d,
-    0xe7fefe19, 0xb5d7d762, 0x4dababe6, 0xec76769a,
-    0x8fcaca45, 0x1f82829d, 0x89c9c940, 0xfa7d7d87,
-    0xeffafa15, 0xb25959eb, 0x8e4747c9, 0xfbf0f00b,
-    0x41adadec, 0xb3d4d467, 0x5fa2a2fd, 0x45afafea,
-    0x239c9cbf, 0x53a4a4f7, 0xe4727296, 0x9bc0c05b,
-    0x75b7b7c2, 0xe1fdfd1c, 0x3d9393ae, 0x4c26266a,
-    0x6c36365a, 0x7e3f3f41, 0xf5f7f702, 0x83cccc4f,
-    0x6834345c, 0x51a5a5f4, 0xd1e5e534, 0xf9f1f108,
-    0xe2717193, 0xabd8d873, 0x62313153, 0x2a15153f,
-    0x0804040c, 0x95c7c752, 0x46232365, 0x9dc3c35e,
-    0x30181828, 0x379696a1, 0x0a05050f, 0x2f9a9ab5,
-    0x0e070709, 0x24121236, 0x1b80809b, 0xdfe2e23d,
-    0xcdebeb26, 0x4e272769, 0x7fb2b2cd, 0xea75759f,
-    0x1209091b, 0x1d83839e, 0x582c2c74, 0x341a1a2e,
-    0x361b1b2d, 0xdc6e6eb2, 0xb45a5aee, 0x5ba0a0fb,
-    0xa45252f6, 0x763b3b4d, 0xb7d6d661, 0x7db3b3ce,
-    0x5229297b, 0xdde3e33e, 0x5e2f2f71, 0x13848497,
-    0xa65353f5, 0xb9d1d168, 0x00000000, 0xc1eded2c,
-    0x40202060, 0xe3fcfc1f, 0x79b1b1c8, 0xb65b5bed,
-    0xd46a6abe, 0x8dcbcb46, 0x67bebed9, 0x7239394b,
-    0x944a4ade, 0x984c4cd4, 0xb05858e8, 0x85cfcf4a,
-    0xbbd0d06b, 0xc5efef2a, 0x4faaaae5, 0xedfbfb16,
-    0x864343c5, 0x9a4d4dd7, 0x66333355, 0x11858594,
-    0x8a4545cf, 0xe9f9f910, 0x04020206, 0xfe7f7f81,
-    0xa05050f0, 0x783c3c44, 0x259f9fba, 0x4ba8a8e3,
-    0xa25151f3, 0x5da3a3fe, 0x804040c0, 0x058f8f8a,
-    0x3f9292ad, 0x219d9dbc, 0x70383848, 0xf1f5f504,
-    0x63bcbcdf, 0x77b6b6c1, 0xafdada75, 0x42212163,
-    0x20101030, 0xe5ffff1a, 0xfdf3f30e, 0xbfd2d26d,
-    0x81cdcd4c, 0x180c0c14, 0x26131335, 0xc3ecec2f,
-    0xbe5f5fe1, 0x359797a2, 0x884444cc, 0x2e171739,
-    0x93c4c457, 0x55a7a7f2, 0xfc7e7e82, 0x7a3d3d47,
-    0xc86464ac, 0xba5d5de7, 0x3219192b, 0xe6737395,
-    0xc06060a0, 0x19818198, 0x9e4f4fd1, 0xa3dcdc7f,
-    0x44222266, 0x542a2a7e, 0x3b9090ab, 0x0b888883,
-    0x8c4646ca, 0xc7eeee29, 0x6bb8b8d3, 0x2814143c,
-    0xa7dede79, 0xbc5e5ee2, 0x160b0b1d, 0xaddbdb76,
-    0xdbe0e03b, 0x64323256, 0x743a3a4e, 0x140a0a1e,
-    0x924949db, 0x0c06060a, 0x4824246c, 0xb85c5ce4,
-    0x9fc2c25d, 0xbdd3d36e, 0x43acacef, 0xc46262a6,
-    0x399191a8, 0x319595a4, 0xd3e4e437, 0xf279798b,
-    0xd5e7e732, 0x8bc8c843, 0x6e373759, 0xda6d6db7,
-    0x018d8d8c, 0xb1d5d564, 0x9c4e4ed2, 0x49a9a9e0,
-    0xd86c6cb4, 0xac5656fa, 0xf3f4f407, 0xcfeaea25,
-    0xca6565af, 0xf47a7a8e, 0x47aeaee9, 0x10080818,
-    0x6fbabad5, 0xf0787888, 0x4a25256f, 0x5c2e2e72,
-    0x381c1c24, 0x57a6a6f1, 0x73b4b4c7, 0x97c6c651,
-    0xcbe8e823, 0xa1dddd7c, 0xe874749c, 0x3e1f1f21,
-    0x964b4bdd, 0x61bdbddc, 0x0d8b8b86, 0x0f8a8a85,
-    0xe0707090, 0x7c3e3e42, 0x71b5b5c4, 0xcc6666aa,
-    0x904848d8, 0x06030305, 0xf7f6f601, 0x1c0e0e12,
-    0xc26161a3, 0x6a35355f, 0xae5757f9, 0x69b9b9d0,
-    0x17868691, 0x99c1c158, 0x3a1d1d27, 0x279e9eb9,
-    0xd9e1e138, 0xebf8f813, 0x2b9898b3, 0x22111133,
-    0xd26969bb, 0xa9d9d970, 0x078e8e89, 0x339494a7,
-    0x2d9b9bb6, 0x3c1e1e22, 0x15878792, 0xc9e9e920,
-    0x87cece49, 0xaa5555ff, 0x50282878, 0xa5dfdf7a,
-    0x038c8c8f, 0x59a1a1f8, 0x09898980, 0x1a0d0d17,
-    0x65bfbfda, 0xd7e6e631, 0x844242c6, 0xd06868b8,
-    0x824141c3, 0x299999b0, 0x5a2d2d77, 0x1e0f0f11,
-    0x7bb0b0cb, 0xa85454fc, 0x6dbbbbd6, 0x2c16163a
-};
-
-ALIGN(64) static unsigned int T1[256] = {
-    0xa5c66363, 0x84f87c7c, 0x99ee7777, 0x8df67b7b,
-    0x0dfff2f2, 0xbdd66b6b, 0xb1de6f6f, 0x5491c5c5,
-    0x50603030, 0x03020101, 0xa9ce6767, 0x7d562b2b,
-    0x19e7fefe, 0x62b5d7d7, 0xe64dabab, 0x9aec7676,
-    0x458fcaca, 0x9d1f8282, 0x4089c9c9, 0x87fa7d7d,
-    0x15effafa, 0xebb25959, 0xc98e4747, 0x0bfbf0f0,
-    0xec41adad, 0x67b3d4d4, 0xfd5fa2a2, 0xea45afaf,
-    0xbf239c9c, 0xf753a4a4, 0x96e47272, 0x5b9bc0c0,
-    0xc275b7b7, 0x1ce1fdfd, 0xae3d9393, 0x6a4c2626,
-    0x5a6c3636, 0x417e3f3f, 0x02f5f7f7, 0x4f83cccc,
-    0x5c683434, 0xf451a5a5, 0x34d1e5e5, 0x08f9f1f1,
-    0x93e27171, 0x73abd8d8, 0x53623131, 0x3f2a1515,
-    0x0c080404, 0x5295c7c7, 0x65462323, 0x5e9dc3c3,
-    0x28301818, 0xa1379696, 0x0f0a0505, 0xb52f9a9a,
-    0x090e0707, 0x36241212, 0x9b1b8080, 0x3ddfe2e2,
-    0x26cdebeb, 0x694e2727, 0xcd7fb2b2, 0x9fea7575,
-    0x1b120909, 0x9e1d8383, 0x74582c2c, 0x2e341a1a,
-    0x2d361b1b, 0xb2dc6e6e, 0xeeb45a5a, 0xfb5ba0a0,
-    0xf6a45252, 0x4d763b3b, 0x61b7d6d6, 0xce7db3b3,
-    0x7b522929, 0x3edde3e3, 0x715e2f2f, 0x97138484,
-    0xf5a65353, 0x68b9d1d1, 0x00000000, 0x2cc1eded,
-    0x60402020, 0x1fe3fcfc, 0xc879b1b1, 0xedb65b5b,
-    0xbed46a6a, 0x468dcbcb, 0xd967bebe, 0x4b723939,
-    0xde944a4a, 0xd4984c4c, 0xe8b05858, 0x4a85cfcf,
-    0x6bbbd0d0, 0x2ac5efef, 0xe54faaaa, 0x16edfbfb,
-    0xc5864343, 0xd79a4d4d, 0x55663333, 0x94118585,
-    0xcf8a4545, 0x10e9f9f9, 0x06040202, 0x81fe7f7f,
-    0xf0a05050, 0x44783c3c, 0xba259f9f, 0xe34ba8a8,
-    0xf3a25151, 0xfe5da3a3, 0xc0804040, 0x8a058f8f,
-    0xad3f9292, 0xbc219d9d, 0x48703838, 0x04f1f5f5,
-    0xdf63bcbc, 0xc177b6b6, 0x75afdada, 0x63422121,
-    0x30201010, 0x1ae5ffff, 0x0efdf3f3, 0x6dbfd2d2,
-    0x4c81cdcd, 0x14180c0c, 0x35261313, 0x2fc3ecec,
-    0xe1be5f5f, 0xa2359797, 0xcc884444, 0x392e1717,
-    0x5793c4c4, 0xf255a7a7, 0x82fc7e7e, 0x477a3d3d,
-    0xacc86464, 0xe7ba5d5d, 0x2b321919, 0x95e67373,
-    0xa0c06060, 0x98198181, 0xd19e4f4f, 0x7fa3dcdc,
-    0x66442222, 0x7e542a2a, 0xab3b9090, 0x830b8888,
-    0xca8c4646, 0x29c7eeee, 0xd36bb8b8, 0x3c281414,
-    0x79a7dede, 0xe2bc5e5e, 0x1d160b0b, 0x76addbdb,
-    0x3bdbe0e0, 0x56643232, 0x4e743a3a, 0x1e140a0a,
-    0xdb924949, 0x0a0c0606, 0x6c482424, 0xe4b85c5c,
-    0x5d9fc2c2, 0x6ebdd3d3, 0xef43acac, 0xa6c46262,
-    0xa8399191, 0xa4319595, 0x37d3e4e4, 0x8bf27979,
-    0x32d5e7e7, 0x438bc8c8, 0x596e3737, 0xb7da6d6d,
-    0x8c018d8d, 0x64b1d5d5, 0xd29c4e4e, 0xe049a9a9,
-    0xb4d86c6c, 0xfaac5656, 0x07f3f4f4, 0x25cfeaea,
-    0xafca6565, 0x8ef47a7a, 0xe947aeae, 0x18100808,
-    0xd56fbaba, 0x88f07878, 0x6f4a2525, 0x725c2e2e,
-    0x24381c1c, 0xf157a6a6, 0xc773b4b4, 0x5197c6c6,
-    0x23cbe8e8, 0x7ca1dddd, 0x9ce87474, 0x213e1f1f,
-    0xdd964b4b, 0xdc61bdbd, 0x860d8b8b, 0x850f8a8a,
-    0x90e07070, 0x427c3e3e, 0xc471b5b5, 0xaacc6666,
-    0xd8904848, 0x05060303, 0x01f7f6f6, 0x121c0e0e,
-    0xa3c26161, 0x5f6a3535, 0xf9ae5757, 0xd069b9b9,
-    0x91178686, 0x5899c1c1, 0x273a1d1d, 0xb9279e9e,
-    0x38d9e1e1, 0x13ebf8f8, 0xb32b9898, 0x33221111,
-    0xbbd26969, 0x70a9d9d9, 0x89078e8e, 0xa7339494,
-    0xb62d9b9b, 0x223c1e1e, 0x92158787, 0x20c9e9e9,
-    0x4987cece, 0xffaa5555, 0x78502828, 0x7aa5dfdf,
-    0x8f038c8c, 0xf859a1a1, 0x80098989, 0x171a0d0d,
-    0xda65bfbf, 0x31d7e6e6, 0xc6844242, 0xb8d06868,
-    0xc3824141, 0xb0299999, 0x775a2d2d, 0x111e0f0f,
-    0xcb7bb0b0, 0xfca85454, 0xd66dbbbb, 0x3a2c1616
-};
-
-ALIGN(64) static unsigned int T2[256] = {
-    0x63a5c663, 0x7c84f87c, 0x7799ee77, 0x7b8df67b,
-    0xf20dfff2, 0x6bbdd66b, 0x6fb1de6f, 0xc55491c5,
-    0x30506030, 0x01030201, 0x67a9ce67, 0x2b7d562b,
-    0xfe19e7fe, 0xd762b5d7, 0xabe64dab, 0x769aec76,
-    0xca458fca, 0x829d1f82, 0xc94089c9, 0x7d87fa7d,
-    0xfa15effa, 0x59ebb259, 0x47c98e47, 0xf00bfbf0,
-    0xadec41ad, 0xd467b3d4, 0xa2fd5fa2, 0xafea45af,
-    0x9cbf239c, 0xa4f753a4, 0x7296e472, 0xc05b9bc0,
-    0xb7c275b7, 0xfd1ce1fd, 0x93ae3d93, 0x266a4c26,
-    0x365a6c36, 0x3f417e3f, 0xf702f5f7, 0xcc4f83cc,
-    0x345c6834, 0xa5f451a5, 0xe534d1e5, 0xf108f9f1,
-    0x7193e271, 0xd873abd8, 0x31536231, 0x153f2a15,
-    0x040c0804, 0xc75295c7, 0x23654623, 0xc35e9dc3,
-    0x18283018, 0x96a13796, 0x050f0a05, 0x9ab52f9a,
-    0x07090e07, 0x12362412, 0x809b1b80, 0xe23ddfe2,
-    0xeb26cdeb, 0x27694e27, 0xb2cd7fb2, 0x759fea75,
-    0x091b1209, 0x839e1d83, 0x2c74582c, 0x1a2e341a,
-    0x1b2d361b, 0x6eb2dc6e, 0x5aeeb45a, 0xa0fb5ba0,
-    0x52f6a452, 0x3b4d763b, 0xd661b7d6, 0xb3ce7db3,
-    0x297b5229, 0xe33edde3, 0x2f715e2f, 0x84971384,
-    0x53f5a653, 0xd168b9d1, 0x00000000, 0xed2cc1ed,
-    0x20604020, 0xfc1fe3fc, 0xb1c879b1, 0x5bedb65b,
-    0x6abed46a, 0xcb468dcb, 0xbed967be, 0x394b7239,
-    0x4ade944a, 0x4cd4984c, 0x58e8b058, 0xcf4a85cf,
-    0xd06bbbd0, 0xef2ac5ef, 0xaae54faa, 0xfb16edfb,
-    0x43c58643, 0x4dd79a4d, 0x33556633, 0x85941185,
-    0x45cf8a45, 0xf910e9f9, 0x02060402, 0x7f81fe7f,
-    0x50f0a050, 0x3c44783c, 0x9fba259f, 0xa8e34ba8,
-    0x51f3a251, 0xa3fe5da3, 0x40c08040, 0x8f8a058f,
-    0x92ad3f92, 0x9dbc219d, 0x38487038, 0xf504f1f5,
-    0xbcdf63bc, 0xb6c177b6, 0xda75afda, 0x21634221,
-    0x10302010, 0xff1ae5ff, 0xf30efdf3, 0xd26dbfd2,
-    0xcd4c81cd, 0x0c14180c, 0x13352613, 0xec2fc3ec,
-    0x5fe1be5f, 0x97a23597, 0x44cc8844, 0x17392e17,
-    0xc45793c4, 0xa7f255a7, 0x7e82fc7e, 0x3d477a3d,
-    0x64acc864, 0x5de7ba5d, 0x192b3219, 0x7395e673,
-    0x60a0c060, 0x81981981, 0x4fd19e4f, 0xdc7fa3dc,
-    0x22664422, 0x2a7e542a, 0x90ab3b90, 0x88830b88,
-    0x46ca8c46, 0xee29c7ee, 0xb8d36bb8, 0x143c2814,
-    0xde79a7de, 0x5ee2bc5e, 0x0b1d160b, 0xdb76addb,
-    0xe03bdbe0, 0x32566432, 0x3a4e743a, 0x0a1e140a,
-    0x49db9249, 0x060a0c06, 0x246c4824, 0x5ce4b85c,
-    0xc25d9fc2, 0xd36ebdd3, 0xacef43ac, 0x62a6c462,
-    0x91a83991, 0x95a43195, 0xe437d3e4, 0x798bf279,
-    0xe732d5e7, 0xc8438bc8, 0x37596e37, 0x6db7da6d,
-    0x8d8c018d, 0xd564b1d5, 0x4ed29c4e, 0xa9e049a9,
-    0x6cb4d86c, 0x56faac56, 0xf407f3f4, 0xea25cfea,
-    0x65afca65, 0x7a8ef47a, 0xaee947ae, 0x08181008,
-    0xbad56fba, 0x7888f078, 0x256f4a25, 0x2e725c2e,
-    0x1c24381c, 0xa6f157a6, 0xb4c773b4, 0xc65197c6,
-    0xe823cbe8, 0xdd7ca1dd, 0x749ce874, 0x1f213e1f,
-    0x4bdd964b, 0xbddc61bd, 0x8b860d8b, 0x8a850f8a,
-    0x7090e070, 0x3e427c3e, 0xb5c471b5, 0x66aacc66,
-    0x48d89048, 0x03050603, 0xf601f7f6, 0x0e121c0e,
-    0x61a3c261, 0x355f6a35, 0x57f9ae57, 0xb9d069b9,
-    0x86911786, 0xc15899c1, 0x1d273a1d, 0x9eb9279e,
-    0xe138d9e1, 0xf813ebf8, 0x98b32b98, 0x11332211,
-    0x69bbd269, 0xd970a9d9, 0x8e89078e, 0x94a73394,
-    0x9bb62d9b, 0x1e223c1e, 0x87921587, 0xe920c9e9,
-    0xce4987ce, 0x55ffaa55, 0x28785028, 0xdf7aa5df,
-    0x8c8f038c, 0xa1f859a1, 0x89800989, 0x0d171a0d,
-    0xbfda65bf, 0xe631d7e6, 0x42c68442, 0x68b8d068,
-    0x41c38241, 0x99b02999, 0x2d775a2d, 0x0f111e0f,
-    0xb0cb7bb0, 0x54fca854, 0xbbd66dbb, 0x163a2c16
-};
-
-ALIGN(64) static unsigned int T3[256] = {
-    0x6363a5c6, 0x7c7c84f8, 0x777799ee, 0x7b7b8df6,
-    0xf2f20dff, 0x6b6bbdd6, 0x6f6fb1de, 0xc5c55491,
-    0x30305060, 0x01010302, 0x6767a9ce, 0x2b2b7d56,
-    0xfefe19e7, 0xd7d762b5, 0xababe64d, 0x76769aec,
-    0xcaca458f, 0x82829d1f, 0xc9c94089, 0x7d7d87fa,
-    0xfafa15ef, 0x5959ebb2, 0x4747c98e, 0xf0f00bfb,
-    0xadadec41, 0xd4d467b3, 0xa2a2fd5f, 0xafafea45,
-    0x9c9cbf23, 0xa4a4f753, 0x727296e4, 0xc0c05b9b,
-    0xb7b7c275, 0xfdfd1ce1, 0x9393ae3d, 0x26266a4c,
-    0x36365a6c, 0x3f3f417e, 0xf7f702f5, 0xcccc4f83,
-    0x34345c68, 0xa5a5f451, 0xe5e534d1, 0xf1f108f9,
-    0x717193e2, 0xd8d873ab, 0x31315362, 0x15153f2a,
-    0x04040c08, 0xc7c75295, 0x23236546, 0xc3c35e9d,
-    0x18182830, 0x9696a137, 0x05050f0a, 0x9a9ab52f,
-    0x0707090e, 0x12123624, 0x80809b1b, 0xe2e23ddf,
-    0xebeb26cd, 0x2727694e, 0xb2b2cd7f, 0x75759fea,
-    0x09091b12, 0x83839e1d, 0x2c2c7458, 0x1a1a2e34,
-    0x1b1b2d36, 0x6e6eb2dc, 0x5a5aeeb4, 0xa0a0fb5b,
-    0x5252f6a4, 0x3b3b4d76, 0xd6d661b7, 0xb3b3ce7d,
-    0x29297b52, 0xe3e33edd, 0x2f2f715e, 0x84849713,
-    0x5353f5a6, 0xd1d168b9, 0x00000000, 0xeded2cc1,
-    0x20206040, 0xfcfc1fe3, 0xb1b1c879, 0x5b5bedb6,
-    0x6a6abed4, 0xcbcb468d, 0xbebed967, 0x39394b72,
-    0x4a4ade94, 0x4c4cd498, 0x5858e8b0, 0xcfcf4a85,
-    0xd0d06bbb, 0xefef2ac5, 0xaaaae54f, 0xfbfb16ed,
-    0x4343c586, 0x4d4dd79a, 0x33335566, 0x85859411,
-    0x4545cf8a, 0xf9f910e9, 0x02020604, 0x7f7f81fe,
-    0x5050f0a0, 0x3c3c4478, 0x9f9fba25, 0xa8a8e34b,
-    0x5151f3a2, 0xa3a3fe5d, 0x4040c080, 0x8f8f8a05,
-    0x9292ad3f, 0x9d9dbc21, 0x38384870, 0xf5f504f1,
-    0xbcbcdf63, 0xb6b6c177, 0xdada75af, 0x21216342,
-    0x10103020, 0xffff1ae5, 0xf3f30efd, 0xd2d26dbf,
-    0xcdcd4c81, 0x0c0c1418, 0x13133526, 0xecec2fc3,
-    0x5f5fe1be, 0x9797a235, 0x4444cc88, 0x1717392e,
-    0xc4c45793, 0xa7a7f255, 0x7e7e82fc, 0x3d3d477a,
-    0x6464acc8, 0x5d5de7ba, 0x19192b32, 0x737395e6,
-    0x6060a0c0, 0x81819819, 0x4f4fd19e, 0xdcdc7fa3,
-    0x22226644, 0x2a2a7e54, 0x9090ab3b, 0x8888830b,
-    0x4646ca8c, 0xeeee29c7, 0xb8b8d36b, 0x14143c28,
-    0xdede79a7, 0x5e5ee2bc, 0x0b0b1d16, 0xdbdb76ad,
-    0xe0e03bdb, 0x32325664, 0x3a3a4e74, 0x0a0a1e14,
-    0x4949db92, 0x06060a0c, 0x24246c48, 0x5c5ce4b8,
-    0xc2c25d9f, 0xd3d36ebd, 0xacacef43, 0x6262a6c4,
-    0x9191a839, 0x9595a431, 0xe4e437d3, 0x79798bf2,
-    0xe7e732d5, 0xc8c8438b, 0x3737596e, 0x6d6db7da,
-    0x8d8d8c01, 0xd5d564b1, 0x4e4ed29c, 0xa9a9e049,
-    0x6c6cb4d8, 0x5656faac, 0xf4f407f3, 0xeaea25cf,
-    0x6565afca, 0x7a7a8ef4, 0xaeaee947, 0x08081810,
-    0xbabad56f, 0x787888f0, 0x25256f4a, 0x2e2e725c,
-    0x1c1c2438, 0xa6a6f157, 0xb4b4c773, 0xc6c65197,
-    0xe8e823cb, 0xdddd7ca1, 0x74749ce8, 0x1f1f213e,
-    0x4b4bdd96, 0xbdbddc61, 0x8b8b860d, 0x8a8a850f,
-    0x707090e0, 0x3e3e427c, 0xb5b5c471, 0x6666aacc,
-    0x4848d890, 0x03030506, 0xf6f601f7, 0x0e0e121c,
-    0x6161a3c2, 0x35355f6a, 0x5757f9ae, 0xb9b9d069,
-    0x86869117, 0xc1c15899, 0x1d1d273a, 0x9e9eb927,
-    0xe1e138d9, 0xf8f813eb, 0x9898b32b, 0x11113322,
-    0x6969bbd2, 0xd9d970a9, 0x8e8e8907, 0x9494a733,
-    0x9b9bb62d, 0x1e1e223c, 0x87879215, 0xe9e920c9,
-    0xcece4987, 0x5555ffaa, 0x28287850, 0xdfdf7aa5,
-    0x8c8c8f03, 0xa1a1f859, 0x89898009, 0x0d0d171a,
-    0xbfbfda65, 0xe6e631d7, 0x4242c684, 0x6868b8d0,
-    0x4141c382, 0x9999b029, 0x2d2d775a, 0x0f0f111e,
-    0xb0b0cb7b, 0x5454fca8, 0xbbbbd66d, 0x16163a2c
-};
-
-#endif
diff --git a/src/libsodium/crypto_stream/aes256estream/hongjun/aes-table-le.h b/src/libsodium/crypto_stream/aes256estream/hongjun/aes-table-le.h
deleted file mode 100644
index 9d61039..0000000
--- a/src/libsodium/crypto_stream/aes256estream/hongjun/aes-table-le.h
+++ /dev/null
@@ -1,274 +0,0 @@
-
-#ifndef __AES_TABLE_LE_H__
-#define __AES_TABLE_LE_H__
-
-ALIGN(64) static unsigned int T0[256] = {
-    0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6,
-    0x0df2f2ff, 0xbd6b6bd6, 0xb16f6fde, 0x54c5c591,
-    0x50303060, 0x03010102, 0xa96767ce, 0x7d2b2b56,
-    0x19fefee7, 0x62d7d7b5, 0xe6abab4d, 0x9a7676ec,
-    0x45caca8f, 0x9d82821f, 0x40c9c989, 0x877d7dfa,
-    0x15fafaef, 0xeb5959b2, 0xc947478e, 0x0bf0f0fb,
-    0xecadad41, 0x67d4d4b3, 0xfda2a25f, 0xeaafaf45,
-    0xbf9c9c23, 0xf7a4a453, 0x967272e4, 0x5bc0c09b,
-    0xc2b7b775, 0x1cfdfde1, 0xae93933d, 0x6a26264c,
-    0x5a36366c, 0x413f3f7e, 0x02f7f7f5, 0x4fcccc83,
-    0x5c343468, 0xf4a5a551, 0x34e5e5d1, 0x08f1f1f9,
-    0x937171e2, 0x73d8d8ab, 0x53313162, 0x3f15152a,
-    0x0c040408, 0x52c7c795, 0x65232346, 0x5ec3c39d,
-    0x28181830, 0xa1969637, 0x0f05050a, 0xb59a9a2f,
-    0x0907070e, 0x36121224, 0x9b80801b, 0x3de2e2df,
-    0x26ebebcd, 0x6927274e, 0xcdb2b27f, 0x9f7575ea,
-    0x1b090912, 0x9e83831d, 0x742c2c58, 0x2e1a1a34,
-    0x2d1b1b36, 0xb26e6edc, 0xee5a5ab4, 0xfba0a05b,
-    0xf65252a4, 0x4d3b3b76, 0x61d6d6b7, 0xceb3b37d,
-    0x7b292952, 0x3ee3e3dd, 0x712f2f5e, 0x97848413,
-    0xf55353a6, 0x68d1d1b9, 0x00000000, 0x2cededc1,
-    0x60202040, 0x1ffcfce3, 0xc8b1b179, 0xed5b5bb6,
-    0xbe6a6ad4, 0x46cbcb8d, 0xd9bebe67, 0x4b393972,
-    0xde4a4a94, 0xd44c4c98, 0xe85858b0, 0x4acfcf85,
-    0x6bd0d0bb, 0x2aefefc5, 0xe5aaaa4f, 0x16fbfbed,
-    0xc5434386, 0xd74d4d9a, 0x55333366, 0x94858511,
-    0xcf45458a, 0x10f9f9e9, 0x06020204, 0x817f7ffe,
-    0xf05050a0, 0x443c3c78, 0xba9f9f25, 0xe3a8a84b,
-    0xf35151a2, 0xfea3a35d, 0xc0404080, 0x8a8f8f05,
-    0xad92923f, 0xbc9d9d21, 0x48383870, 0x04f5f5f1,
-    0xdfbcbc63, 0xc1b6b677, 0x75dadaaf, 0x63212142,
-    0x30101020, 0x1affffe5, 0x0ef3f3fd, 0x6dd2d2bf,
-    0x4ccdcd81, 0x140c0c18, 0x35131326, 0x2fececc3,
-    0xe15f5fbe, 0xa2979735, 0xcc444488, 0x3917172e,
-    0x57c4c493, 0xf2a7a755, 0x827e7efc, 0x473d3d7a,
-    0xac6464c8, 0xe75d5dba, 0x2b191932, 0x957373e6,
-    0xa06060c0, 0x98818119, 0xd14f4f9e, 0x7fdcdca3,
-    0x66222244, 0x7e2a2a54, 0xab90903b, 0x8388880b,
-    0xca46468c, 0x29eeeec7, 0xd3b8b86b, 0x3c141428,
-    0x79dedea7, 0xe25e5ebc, 0x1d0b0b16, 0x76dbdbad,
-    0x3be0e0db, 0x56323264, 0x4e3a3a74, 0x1e0a0a14,
-    0xdb494992, 0x0a06060c, 0x6c242448, 0xe45c5cb8,
-    0x5dc2c29f, 0x6ed3d3bd, 0xefacac43, 0xa66262c4,
-    0xa8919139, 0xa4959531, 0x37e4e4d3, 0x8b7979f2,
-    0x32e7e7d5, 0x43c8c88b, 0x5937376e, 0xb76d6dda,
-    0x8c8d8d01, 0x64d5d5b1, 0xd24e4e9c, 0xe0a9a949,
-    0xb46c6cd8, 0xfa5656ac, 0x07f4f4f3, 0x25eaeacf,
-    0xaf6565ca, 0x8e7a7af4, 0xe9aeae47, 0x18080810,
-    0xd5baba6f, 0x887878f0, 0x6f25254a, 0x722e2e5c,
-    0x241c1c38, 0xf1a6a657, 0xc7b4b473, 0x51c6c697,
-    0x23e8e8cb, 0x7cdddda1, 0x9c7474e8, 0x211f1f3e,
-    0xdd4b4b96, 0xdcbdbd61, 0x868b8b0d, 0x858a8a0f,
-    0x907070e0, 0x423e3e7c, 0xc4b5b571, 0xaa6666cc,
-    0xd8484890, 0x05030306, 0x01f6f6f7, 0x120e0e1c,
-    0xa36161c2, 0x5f35356a, 0xf95757ae, 0xd0b9b969,
-    0x91868617, 0x58c1c199, 0x271d1d3a, 0xb99e9e27,
-    0x38e1e1d9, 0x13f8f8eb, 0xb398982b, 0x33111122,
-    0xbb6969d2, 0x70d9d9a9, 0x898e8e07, 0xa7949433,
-    0xb69b9b2d, 0x221e1e3c, 0x92878715, 0x20e9e9c9,
-    0x49cece87, 0xff5555aa, 0x78282850, 0x7adfdfa5,
-    0x8f8c8c03, 0xf8a1a159, 0x80898909, 0x170d0d1a,
-    0xdabfbf65, 0x31e6e6d7, 0xc6424284, 0xb86868d0,
-    0xc3414182, 0xb0999929, 0x772d2d5a, 0x110f0f1e,
-    0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, 0x3a16162c
-};
-
-
-ALIGN(64) static unsigned int T1[256] = {
-    0x6363c6a5, 0x7c7cf884, 0x7777ee99, 0x7b7bf68d,
-    0xf2f2ff0d, 0x6b6bd6bd, 0x6f6fdeb1, 0xc5c59154,
-    0x30306050, 0x01010203, 0x6767cea9, 0x2b2b567d,
-    0xfefee719, 0xd7d7b562, 0xabab4de6, 0x7676ec9a,
-    0xcaca8f45, 0x82821f9d, 0xc9c98940, 0x7d7dfa87,
-    0xfafaef15, 0x5959b2eb, 0x47478ec9, 0xf0f0fb0b,
-    0xadad41ec, 0xd4d4b367, 0xa2a25ffd, 0xafaf45ea,
-    0x9c9c23bf, 0xa4a453f7, 0x7272e496, 0xc0c09b5b,
-    0xb7b775c2, 0xfdfde11c, 0x93933dae, 0x26264c6a,
-    0x36366c5a, 0x3f3f7e41, 0xf7f7f502, 0xcccc834f,
-    0x3434685c, 0xa5a551f4, 0xe5e5d134, 0xf1f1f908,
-    0x7171e293, 0xd8d8ab73, 0x31316253, 0x15152a3f,
-    0x0404080c, 0xc7c79552, 0x23234665, 0xc3c39d5e,
-    0x18183028, 0x969637a1, 0x05050a0f, 0x9a9a2fb5,
-    0x07070e09, 0x12122436, 0x80801b9b, 0xe2e2df3d,
-    0xebebcd26, 0x27274e69, 0xb2b27fcd, 0x7575ea9f,
-    0x0909121b, 0x83831d9e, 0x2c2c5874, 0x1a1a342e,
-    0x1b1b362d, 0x6e6edcb2, 0x5a5ab4ee, 0xa0a05bfb,
-    0x5252a4f6, 0x3b3b764d, 0xd6d6b761, 0xb3b37dce,
-    0x2929527b, 0xe3e3dd3e, 0x2f2f5e71, 0x84841397,
-    0x5353a6f5, 0xd1d1b968, 0x00000000, 0xededc12c,
-    0x20204060, 0xfcfce31f, 0xb1b179c8, 0x5b5bb6ed,
-    0x6a6ad4be, 0xcbcb8d46, 0xbebe67d9, 0x3939724b,
-    0x4a4a94de, 0x4c4c98d4, 0x5858b0e8, 0xcfcf854a,
-    0xd0d0bb6b, 0xefefc52a, 0xaaaa4fe5, 0xfbfbed16,
-    0x434386c5, 0x4d4d9ad7, 0x33336655, 0x85851194,
-    0x45458acf, 0xf9f9e910, 0x02020406, 0x7f7ffe81,
-    0x5050a0f0, 0x3c3c7844, 0x9f9f25ba, 0xa8a84be3,
-    0x5151a2f3, 0xa3a35dfe, 0x404080c0, 0x8f8f058a,
-    0x92923fad, 0x9d9d21bc, 0x38387048, 0xf5f5f104,
-    0xbcbc63df, 0xb6b677c1, 0xdadaaf75, 0x21214263,
-    0x10102030, 0xffffe51a, 0xf3f3fd0e, 0xd2d2bf6d,
-    0xcdcd814c, 0x0c0c1814, 0x13132635, 0xececc32f,
-    0x5f5fbee1, 0x979735a2, 0x444488cc, 0x17172e39,
-    0xc4c49357, 0xa7a755f2, 0x7e7efc82, 0x3d3d7a47,
-    0x6464c8ac, 0x5d5dbae7, 0x1919322b, 0x7373e695,
-    0x6060c0a0, 0x81811998, 0x4f4f9ed1, 0xdcdca37f,
-    0x22224466, 0x2a2a547e, 0x90903bab, 0x88880b83,
-    0x46468cca, 0xeeeec729, 0xb8b86bd3, 0x1414283c,
-    0xdedea779, 0x5e5ebce2, 0x0b0b161d, 0xdbdbad76,
-    0xe0e0db3b, 0x32326456, 0x3a3a744e, 0x0a0a141e,
-    0x494992db, 0x06060c0a, 0x2424486c, 0x5c5cb8e4,
-    0xc2c29f5d, 0xd3d3bd6e, 0xacac43ef, 0x6262c4a6,
-    0x919139a8, 0x959531a4, 0xe4e4d337, 0x7979f28b,
-    0xe7e7d532, 0xc8c88b43, 0x37376e59, 0x6d6ddab7,
-    0x8d8d018c, 0xd5d5b164, 0x4e4e9cd2, 0xa9a949e0,
-    0x6c6cd8b4, 0x5656acfa, 0xf4f4f307, 0xeaeacf25,
-    0x6565caaf, 0x7a7af48e, 0xaeae47e9, 0x08081018,
-    0xbaba6fd5, 0x7878f088, 0x25254a6f, 0x2e2e5c72,
-    0x1c1c3824, 0xa6a657f1, 0xb4b473c7, 0xc6c69751,
-    0xe8e8cb23, 0xdddda17c, 0x7474e89c, 0x1f1f3e21,
-    0x4b4b96dd, 0xbdbd61dc, 0x8b8b0d86, 0x8a8a0f85,
-    0x7070e090, 0x3e3e7c42, 0xb5b571c4, 0x6666ccaa,
-    0x484890d8, 0x03030605, 0xf6f6f701, 0x0e0e1c12,
-    0x6161c2a3, 0x35356a5f, 0x5757aef9, 0xb9b969d0,
-    0x86861791, 0xc1c19958, 0x1d1d3a27, 0x9e9e27b9,
-    0xe1e1d938, 0xf8f8eb13, 0x98982bb3, 0x11112233,
-    0x6969d2bb, 0xd9d9a970, 0x8e8e0789, 0x949433a7,
-    0x9b9b2db6, 0x1e1e3c22, 0x87871592, 0xe9e9c920,
-    0xcece8749, 0x5555aaff, 0x28285078, 0xdfdfa57a,
-    0x8c8c038f, 0xa1a159f8, 0x89890980, 0x0d0d1a17,
-    0xbfbf65da, 0xe6e6d731, 0x424284c6, 0x6868d0b8,
-    0x414182c3, 0x999929b0, 0x2d2d5a77, 0x0f0f1e11,
-    0xb0b07bcb, 0x5454a8fc, 0xbbbb6dd6, 0x16162c3a
-};
-
-ALIGN(64) static unsigned int T2[256] = {
-    0x63c6a563, 0x7cf8847c, 0x77ee9977, 0x7bf68d7b,
-    0xf2ff0df2, 0x6bd6bd6b, 0x6fdeb16f, 0xc59154c5,
-    0x30605030, 0x01020301, 0x67cea967, 0x2b567d2b,
-    0xfee719fe, 0xd7b562d7, 0xab4de6ab, 0x76ec9a76,
-    0xca8f45ca, 0x821f9d82, 0xc98940c9, 0x7dfa877d,
-    0xfaef15fa, 0x59b2eb59, 0x478ec947, 0xf0fb0bf0,
-    0xad41ecad, 0xd4b367d4, 0xa25ffda2, 0xaf45eaaf,
-    0x9c23bf9c, 0xa453f7a4, 0x72e49672, 0xc09b5bc0,
-    0xb775c2b7, 0xfde11cfd, 0x933dae93, 0x264c6a26,
-    0x366c5a36, 0x3f7e413f, 0xf7f502f7, 0xcc834fcc,
-    0x34685c34, 0xa551f4a5, 0xe5d134e5, 0xf1f908f1,
-    0x71e29371, 0xd8ab73d8, 0x31625331, 0x152a3f15,
-    0x04080c04, 0xc79552c7, 0x23466523, 0xc39d5ec3,
-    0x18302818, 0x9637a196, 0x050a0f05, 0x9a2fb59a,
-    0x070e0907, 0x12243612, 0x801b9b80, 0xe2df3de2,
-    0xebcd26eb, 0x274e6927, 0xb27fcdb2, 0x75ea9f75,
-    0x09121b09, 0x831d9e83, 0x2c58742c, 0x1a342e1a,
-    0x1b362d1b, 0x6edcb26e, 0x5ab4ee5a, 0xa05bfba0,
-    0x52a4f652, 0x3b764d3b, 0xd6b761d6, 0xb37dceb3,
-    0x29527b29, 0xe3dd3ee3, 0x2f5e712f, 0x84139784,
-    0x53a6f553, 0xd1b968d1, 0x00000000, 0xedc12ced,
-    0x20406020, 0xfce31ffc, 0xb179c8b1, 0x5bb6ed5b,
-    0x6ad4be6a, 0xcb8d46cb, 0xbe67d9be, 0x39724b39,
-    0x4a94de4a, 0x4c98d44c, 0x58b0e858, 0xcf854acf,
-    0xd0bb6bd0, 0xefc52aef, 0xaa4fe5aa, 0xfbed16fb,
-    0x4386c543, 0x4d9ad74d, 0x33665533, 0x85119485,
-    0x458acf45, 0xf9e910f9, 0x02040602, 0x7ffe817f,
-    0x50a0f050, 0x3c78443c, 0x9f25ba9f, 0xa84be3a8,
-    0x51a2f351, 0xa35dfea3, 0x4080c040, 0x8f058a8f,
-    0x923fad92, 0x9d21bc9d, 0x38704838, 0xf5f104f5,
-    0xbc63dfbc, 0xb677c1b6, 0xdaaf75da, 0x21426321,
-    0x10203010, 0xffe51aff, 0xf3fd0ef3, 0xd2bf6dd2,
-    0xcd814ccd, 0x0c18140c, 0x13263513, 0xecc32fec,
-    0x5fbee15f, 0x9735a297, 0x4488cc44, 0x172e3917,
-    0xc49357c4, 0xa755f2a7, 0x7efc827e, 0x3d7a473d,
-    0x64c8ac64, 0x5dbae75d, 0x19322b19, 0x73e69573,
-    0x60c0a060, 0x81199881, 0x4f9ed14f, 0xdca37fdc,
-    0x22446622, 0x2a547e2a, 0x903bab90, 0x880b8388,
-    0x468cca46, 0xeec729ee, 0xb86bd3b8, 0x14283c14,
-    0xdea779de, 0x5ebce25e, 0x0b161d0b, 0xdbad76db,
-    0xe0db3be0, 0x32645632, 0x3a744e3a, 0x0a141e0a,
-    0x4992db49, 0x060c0a06, 0x24486c24, 0x5cb8e45c,
-    0xc29f5dc2, 0xd3bd6ed3, 0xac43efac, 0x62c4a662,
-    0x9139a891, 0x9531a495, 0xe4d337e4, 0x79f28b79,
-    0xe7d532e7, 0xc88b43c8, 0x376e5937, 0x6ddab76d,
-    0x8d018c8d, 0xd5b164d5, 0x4e9cd24e, 0xa949e0a9,
-    0x6cd8b46c, 0x56acfa56, 0xf4f307f4, 0xeacf25ea,
-    0x65caaf65, 0x7af48e7a, 0xae47e9ae, 0x08101808,
-    0xba6fd5ba, 0x78f08878, 0x254a6f25, 0x2e5c722e,
-    0x1c38241c, 0xa657f1a6, 0xb473c7b4, 0xc69751c6,
-    0xe8cb23e8, 0xdda17cdd, 0x74e89c74, 0x1f3e211f,
-    0x4b96dd4b, 0xbd61dcbd, 0x8b0d868b, 0x8a0f858a,
-    0x70e09070, 0x3e7c423e, 0xb571c4b5, 0x66ccaa66,
-    0x4890d848, 0x03060503, 0xf6f701f6, 0x0e1c120e,
-    0x61c2a361, 0x356a5f35, 0x57aef957, 0xb969d0b9,
-    0x86179186, 0xc19958c1, 0x1d3a271d, 0x9e27b99e,
-    0xe1d938e1, 0xf8eb13f8, 0x982bb398, 0x11223311,
-    0x69d2bb69, 0xd9a970d9, 0x8e07898e, 0x9433a794,
-    0x9b2db69b, 0x1e3c221e, 0x87159287, 0xe9c920e9,
-    0xce8749ce, 0x55aaff55, 0x28507828, 0xdfa57adf,
-    0x8c038f8c, 0xa159f8a1, 0x89098089, 0x0d1a170d,
-    0xbf65dabf, 0xe6d731e6, 0x4284c642, 0x68d0b868,
-    0x4182c341, 0x9929b099, 0x2d5a772d, 0x0f1e110f,
-    0xb07bcbb0, 0x54a8fc54, 0xbb6dd6bb, 0x162c3a16
-};
-
-ALIGN(64) static unsigned int T3[256] = {
-    0xc6a56363, 0xf8847c7c, 0xee997777, 0xf68d7b7b,
-    0xff0df2f2, 0xd6bd6b6b, 0xdeb16f6f, 0x9154c5c5,
-    0x60503030, 0x02030101, 0xcea96767, 0x567d2b2b,
-    0xe719fefe, 0xb562d7d7, 0x4de6abab, 0xec9a7676,
-    0x8f45caca, 0x1f9d8282, 0x8940c9c9, 0xfa877d7d,
-    0xef15fafa, 0xb2eb5959, 0x8ec94747, 0xfb0bf0f0,
-    0x41ecadad, 0xb367d4d4, 0x5ffda2a2, 0x45eaafaf,
-    0x23bf9c9c, 0x53f7a4a4, 0xe4967272, 0x9b5bc0c0,
-    0x75c2b7b7, 0xe11cfdfd, 0x3dae9393, 0x4c6a2626,
-    0x6c5a3636, 0x7e413f3f, 0xf502f7f7, 0x834fcccc,
-    0x685c3434, 0x51f4a5a5, 0xd134e5e5, 0xf908f1f1,
-    0xe2937171, 0xab73d8d8, 0x62533131, 0x2a3f1515,
-    0x080c0404, 0x9552c7c7, 0x46652323, 0x9d5ec3c3,
-    0x30281818, 0x37a19696, 0x0a0f0505, 0x2fb59a9a,
-    0x0e090707, 0x24361212, 0x1b9b8080, 0xdf3de2e2,
-    0xcd26ebeb, 0x4e692727, 0x7fcdb2b2, 0xea9f7575,
-    0x121b0909, 0x1d9e8383, 0x58742c2c, 0x342e1a1a,
-    0x362d1b1b, 0xdcb26e6e, 0xb4ee5a5a, 0x5bfba0a0,
-    0xa4f65252, 0x764d3b3b, 0xb761d6d6, 0x7dceb3b3,
-    0x527b2929, 0xdd3ee3e3, 0x5e712f2f, 0x13978484,
-    0xa6f55353, 0xb968d1d1, 0x00000000, 0xc12ceded,
-    0x40602020, 0xe31ffcfc, 0x79c8b1b1, 0xb6ed5b5b,
-    0xd4be6a6a, 0x8d46cbcb, 0x67d9bebe, 0x724b3939,
-    0x94de4a4a, 0x98d44c4c, 0xb0e85858, 0x854acfcf,
-    0xbb6bd0d0, 0xc52aefef, 0x4fe5aaaa, 0xed16fbfb,
-    0x86c54343, 0x9ad74d4d, 0x66553333, 0x11948585,
-    0x8acf4545, 0xe910f9f9, 0x04060202, 0xfe817f7f,
-    0xa0f05050, 0x78443c3c, 0x25ba9f9f, 0x4be3a8a8,
-    0xa2f35151, 0x5dfea3a3, 0x80c04040, 0x058a8f8f,
-    0x3fad9292, 0x21bc9d9d, 0x70483838, 0xf104f5f5,
-    0x63dfbcbc, 0x77c1b6b6, 0xaf75dada, 0x42632121,
-    0x20301010, 0xe51affff, 0xfd0ef3f3, 0xbf6dd2d2,
-    0x814ccdcd, 0x18140c0c, 0x26351313, 0xc32fecec,
-    0xbee15f5f, 0x35a29797, 0x88cc4444, 0x2e391717,
-    0x9357c4c4, 0x55f2a7a7, 0xfc827e7e, 0x7a473d3d,
-    0xc8ac6464, 0xbae75d5d, 0x322b1919, 0xe6957373,
-    0xc0a06060, 0x19988181, 0x9ed14f4f, 0xa37fdcdc,
-    0x44662222, 0x547e2a2a, 0x3bab9090, 0x0b838888,
-    0x8cca4646, 0xc729eeee, 0x6bd3b8b8, 0x283c1414,
-    0xa779dede, 0xbce25e5e, 0x161d0b0b, 0xad76dbdb,
-    0xdb3be0e0, 0x64563232, 0x744e3a3a, 0x141e0a0a,
-    0x92db4949, 0x0c0a0606, 0x486c2424, 0xb8e45c5c,
-    0x9f5dc2c2, 0xbd6ed3d3, 0x43efacac, 0xc4a66262,
-    0x39a89191, 0x31a49595, 0xd337e4e4, 0xf28b7979,
-    0xd532e7e7, 0x8b43c8c8, 0x6e593737, 0xdab76d6d,
-    0x018c8d8d, 0xb164d5d5, 0x9cd24e4e, 0x49e0a9a9,
-    0xd8b46c6c, 0xacfa5656, 0xf307f4f4, 0xcf25eaea,
-    0xcaaf6565, 0xf48e7a7a, 0x47e9aeae, 0x10180808,
-    0x6fd5baba, 0xf0887878, 0x4a6f2525, 0x5c722e2e,
-    0x38241c1c, 0x57f1a6a6, 0x73c7b4b4, 0x9751c6c6,
-    0xcb23e8e8, 0xa17cdddd, 0xe89c7474, 0x3e211f1f,
-    0x96dd4b4b, 0x61dcbdbd, 0x0d868b8b, 0x0f858a8a,
-    0xe0907070, 0x7c423e3e, 0x71c4b5b5, 0xccaa6666,
-    0x90d84848, 0x06050303, 0xf701f6f6, 0x1c120e0e,
-    0xc2a36161, 0x6a5f3535, 0xaef95757, 0x69d0b9b9,
-    0x17918686, 0x9958c1c1, 0x3a271d1d, 0x27b99e9e,
-    0xd938e1e1, 0xeb13f8f8, 0x2bb39898, 0x22331111,
-    0xd2bb6969, 0xa970d9d9, 0x07898e8e, 0x33a79494,
-    0x2db69b9b, 0x3c221e1e, 0x15928787, 0xc920e9e9,
-    0x8749cece, 0xaaff5555, 0x50782828, 0xa57adfdf,
-    0x038f8c8c, 0x59f8a1a1, 0x09808989, 0x1a170d0d,
-    0x65dabfbf, 0xd731e6e6, 0x84c64242, 0xd0b86868,
-    0x82c34141, 0x29b09999, 0x5a772d2d, 0x1e110f0f,
-    0x7bcbb0b0, 0xa8fc5454, 0x6dd6bbbb, 0x2c3a1616
-};
-
-#endif
diff --git a/src/libsodium/crypto_stream/aes256estream/hongjun/aes-table.h b/src/libsodium/crypto_stream/aes256estream/hongjun/aes-table.h
deleted file mode 100644
index 89839e5..0000000
--- a/src/libsodium/crypto_stream/aes256estream/hongjun/aes-table.h
+++ /dev/null
@@ -1,62 +0,0 @@
-
-#ifndef __AES_TABLE_H__
-#define __AES_TABLE_H__
-
-#if defined(_MSC_VER)
-# define ALIGN(x) __declspec(align(x))
-#else
-# define ALIGN(x) __attribute__((aligned(x)))
-#endif
-
-#ifdef NATIVE_LITTLE_ENDIAN
-# include "aes-table-le.h"
-#elif defined(NATIVE_BIG_ENDIAN)
-# include "aes-table-be.h"
-#else
-# error Unsupported byte ordering
-#endif
-
-static const unsigned char Rcon[31] =
-{
-        0x0, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20,
-        0x40, 0x80, 0x1b, 0x36, 0x6c, 0xc0,
-        0xab, 0x4d, 0x9a, 0x2f, 0x5e, 0xbc,
-        0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4,
-        0xb3, 0x7d, 0xfa, 0xef, 0xc5, 0x91
-};
-
-
-ALIGN(64) static const unsigned char Sbox[256] = {
-        0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5,
-        0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76,
-        0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0,
-        0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0,
-        0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc,
-        0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15,
-        0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a,
-        0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75,
-        0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0,
-        0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84,
-        0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b,
-        0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf,
-        0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85,
-        0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8,
-        0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5,
-        0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2,
-        0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17,
-        0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73,
-        0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88,
-        0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb,
-        0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c,
-        0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79,
-        0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9,
-        0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08,
-        0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6,
-        0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a,
-        0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e,
-        0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e,
-        0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94,
-        0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf,
-        0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68,
-        0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16};
-#endif
diff --git a/src/libsodium/crypto_stream/aes256estream/hongjun/aes256-ctr.c b/src/libsodium/crypto_stream/aes256estream/hongjun/aes256-ctr.c
deleted file mode 100644
index c35e310..0000000
--- a/src/libsodium/crypto_stream/aes256estream/hongjun/aes256-ctr.c
+++ /dev/null
@@ -1,239 +0,0 @@
-/* aes-ctr.c               */
-/* AES in CTR mode.        */
-
-/* Hongjun Wu, January 2007*/
-
-
-/* ------------------------------------------------------------------------- */
-
-#include "api.h"
-#include "aes256.h"
-
-#include <string.h>
-
-/* ------------------------------------------------------------------------- */
-/* key setup for AES-256*/
-static void
-ECRYPT_keysetup(ECRYPT_ctx* ctx, const u8* key, u32 keysize, u32 ivsize)
-{
-    unsigned int w[Nk*(Nr+1)], temp;
-    int i, j;
-
-    (void) keysize;
-    (void) ivsize;
-    (void) sizeof(char[sizeof *ctx == crypto_stream_BEFORENMBYTES ? 1 : -1]);
-
-    for( i = 0; i < Nk; i++ ) {
-        w[i] =  key[(i << 2)];
-        w[i] |= key[(i << 2)+1] << 8;
-        w[i] |= key[(i << 2)+2] << 16;
-        w[i] |= (unsigned int) key[(i << 2)+3] << 24;
-    }
-
-    i = Nk;
-
-    while( i < Nb*(Nr+1) ) {
-        temp = w[i-1];
-
-        temp = (unsigned int) Sbox[temp & 0xFF] << 24 ^
-            Sbox[(temp >> 8) & 0xFF]  ^
-            (Sbox[(temp >> 16) & 0xFF] << 8 ) ^
-            (Sbox[(temp >> 24) & 0xFF] << 16) ^
-            Rcon[i/Nk];
-        w[i] = w[i-Nk] ^ temp;
-        i++;
-
-        temp = w[i-1];
-        w[i] = w[i-Nk] ^ temp;
-        i++;
-
-        temp = w[i-1];
-        w[i] = w[i-Nk] ^ temp;
-        i++;
-
-        temp = w[i-1];
-        w[i] = w[i-Nk] ^ temp;
-        i++;
-
-        temp = w[i-1];
-        temp = Sbox[temp & 0xFF] ^
-            Sbox[(temp >> 8) & 0xFF] << 8 ^
-            (Sbox[(temp >> 16) & 0xFF] << 16) ^
-            ((unsigned int) Sbox[(temp >> 24) & 0xFF] << 24);
-        w[i] = w[i-Nk] ^ temp;
-        i++;
-
-        temp = w[i-1];
-        w[i] = w[i-Nk] ^ temp;
-        i++;
-
-        temp = w[i-1];
-        w[i] = w[i-Nk] ^ temp;
-        i++;
-
-        temp = w[i-1];
-        w[i] = w[i-Nk] ^ temp;
-        i++;
-    }
-
-    for (i = 0; i <= Nr; i++) {
-        for (j = 0; j < Nb; j++) {
-            ctx->round_key[i][j] = SWP32(w[(i<<2)+j]);
-        }
-    }
-}
-
-/* ------------------------------------------------------------------------- */
-
-static void
-ECRYPT_ivsetup(ECRYPT_ctx* ctx, const u8* iv)
-{
-    (void) sizeof(char[(sizeof ctx->counter) == crypto_stream_NONCEBYTES ? 1 : -1]);
-    memcpy(ctx->counter, iv, crypto_stream_NONCEBYTES);
-}
-
-/* ------------------------------------------------------------------------- */
-
-/*compute the intermediate values for the first two rounds*/
-static void
-partial_precompute_tworounds(ECRYPT_ctx* ctx)
-{
-  u32 x0,x1,x2,x3,y0,y1,y2,y3;
-
-  x0 = ctx->counter[0] ^ ctx->round_key[0][0];
-  x1 = ctx->counter[1] ^ ctx->round_key[0][1];
-  x2 = ctx->counter[2] ^ ctx->round_key[0][2];
-  x3 = ctx->counter[3] ^ ctx->round_key[0][3];
-  x0 &= SWP32(0xffffff00);
-  round(ctx,x0,x1,x2,x3,y0,y1,y2,y3,1);
-  ctx->first_round_output_x0 = y0 ^ T0[0];
-  y0 = 0;
-  round(ctx,y0,y1,y2,y3,x0,x1,x2,x3,2);
-  ctx->second_round_output[0] = x0 ^ T0[0];
-  ctx->second_round_output[1] = x1 ^ T3[0];
-  ctx->second_round_output[2] = x2 ^ T2[0];
-  ctx->second_round_output[3] = x3 ^ T1[0];
-}
-
-/* ------------------------------------------------------------------------- */
-
-#ifndef CPU_ALIGNED_ACCESS_REQUIRED
-# define UNALIGNED_U32_READ(P, I) (((const u32 *)(const void *) (P))[(I)])
-#else
-static inline uint32_t
-UNALIGNED_U32_READ(const u8 * const p, const size_t i)
-{
-    uint32_t t;
-    (void) sizeof(int[sizeof(*p) == sizeof(char) ? 1 : -1]);
-    memcpy(&t, p + i * (sizeof t / sizeof *p), sizeof t);
-    return t;
-}
-#endif
-
-/* ------------------------------------------------------------------------- */
-
-static void
-ECRYPT_process_bytes(int action, ECRYPT_ctx* ctx, const u8* input, u8* output,
-                     u32 msglen)
-{
-    __attribute__((aligned(32))) u8 keystream[16];
-    u32 i;
-
-    (void) action;
-    memset(keystream, 0, sizeof keystream);
-    partial_precompute_tworounds(ctx);
-
-    for ( ; msglen >= 16; msglen -= 16, input += 16, output += 16) {
-        aes256_enc_block(ctx->counter, keystream, ctx);
-
-        ((u32*)output)[0] = UNALIGNED_U32_READ(input, 0) ^ ((u32*)keystream)[0] ^ ctx->round_key[Nr][0];
-        ((u32*)output)[1] = UNALIGNED_U32_READ(input, 1) ^ ((u32*)keystream)[1] ^ ctx->round_key[Nr][1];
-        ((u32*)output)[2] = UNALIGNED_U32_READ(input, 2) ^ ((u32*)keystream)[2] ^ ctx->round_key[Nr][2];
-        ((u32*)output)[3] = UNALIGNED_U32_READ(input, 3) ^ ((u32*)keystream)[3] ^ ctx->round_key[Nr][3];
-
-        ctx->counter[0] = SWP32(SWP32(ctx->counter[0]) + 1);
-
-        if ((ctx->counter[0] & SWP32(0xff))== 0) {
-            partial_precompute_tworounds(ctx);
-        }
-    }
-
-    if (msglen > 0) {
-        aes256_enc_block(ctx->counter, keystream, ctx);
-        ((u32*)keystream)[0] ^= ctx->round_key[Nr][0];
-        ((u32*)keystream)[1] ^= ctx->round_key[Nr][1];
-        ((u32*)keystream)[2] ^= ctx->round_key[Nr][2];
-        ((u32*)keystream)[3] ^= ctx->round_key[Nr][3];
-
-        for (i = 0; i < msglen; i ++) {
-            output[i] = input[i] ^ keystream[i];
-        }
-    }
-}
-
-/* ------------------------------------------------------------------------- */
-
-#include "ecrypt-sync.h"
-
-int
-crypto_stream_beforenm(unsigned char *c, const unsigned char *k)
-{
-    ECRYPT_ctx * const ctx = (ECRYPT_ctx *) c;
-
-    ECRYPT_keysetup(ctx, k, crypto_stream_KEYBYTES * 8,
-                    crypto_stream_NONCEBYTES * 8);
-    return 0;
-}
-
-int
-crypto_stream_afternm(unsigned char *out, unsigned long long len,
-                      const unsigned char *nonce, const unsigned char *c)
-{
-    ECRYPT_ctx * const ctx = (ECRYPT_ctx *) c;
-    unsigned long long i;
-
-    ECRYPT_ivsetup(ctx, nonce);
-    for (i = 0U; i < len; ++i) {
-        out[i] = 0U;
-    }
-    ECRYPT_encrypt_bytes(ctx, (u8 *) out, (u8 *) out, len);
-
-    return 0;
-}
-
-int
-crypto_stream_xor_afternm(unsigned char *out, const unsigned char *in,
-                          unsigned long long len, const unsigned char *nonce,
-                          const unsigned char *c)
-{
-    ECRYPT_ctx * const ctx = (ECRYPT_ctx *) c;
-
-    ECRYPT_ivsetup(ctx, nonce);
-    ECRYPT_encrypt_bytes(ctx, (const u8 *) in, (u8 *) out, len);
-
-    return 0;
-}
-
-int
-crypto_stream(unsigned char *out, unsigned long long outlen,
-              const unsigned char *n, const unsigned char *k)
-{
-    unsigned char d[crypto_stream_BEFORENMBYTES];
-
-    crypto_stream_beforenm(d, k);
-    crypto_stream_afternm(out, outlen, n, d);
-
-    return 0;
-}
-
-int crypto_stream_xor(unsigned char *out, const unsigned char *in,
-                      unsigned long long inlen, const unsigned char *n,
-                      const unsigned char *k)
-{
-    unsigned char d[crypto_stream_BEFORENMBYTES];
-
-    crypto_stream_beforenm(d, k);
-    crypto_stream_xor_afternm(out, in, inlen, n, d);
-
-    return 0;
-}
diff --git a/src/libsodium/crypto_stream/aes256estream/hongjun/aes256.h b/src/libsodium/crypto_stream/aes256estream/hongjun/aes256.h
deleted file mode 100644
index d562b1d..0000000
--- a/src/libsodium/crypto_stream/aes256estream/hongjun/aes256.h
+++ /dev/null
@@ -1,171 +0,0 @@
-/* aes256.h */
-/* Hongjun Wu, January 2007*/
-
-
-#include "ecrypt-sync.h"
-#include "aes-table.h"
-
-#include <stdio.h>
-
-#ifdef NATIVE_LITTLE_ENDIAN
-# define LEROT(X, S) ((uint8_t) ((uint32_t)(X) >> (S)))
-# define SWP32(X)    (X)
-#elif defined(NATIVE_BIG_ENDIAN)
-# define LEROT(X, S) ((uint8_t) ((uint32_t)(X) >> (24 - (S))))
-# define SWP32(X)    ((uint32_t)((((uint32_t)(X) & 0xff000000) >> 24) | \
-                                 (((uint32_t)(X) & 0x00ff0000) >>  8) | \
-                                 (((uint32_t)(X) & 0x0000ff00) <<  8) | \
-                                 (((uint32_t)(X) & 0x000000ff) << 24)))
-#else
-# error Unsupported byte ordering
-#endif
-
-#define first_round(ctx,x0,y0) { \
-        u32 z0,t0,tem0;              \
-        z0 = (x0) ^ ctx->round_key[0][0];        \
-        t0 = LEROT(z0, 0);                       \
-        tem0 = T0[t0];               \
-        (y0) = tem0 ^ ctx->first_round_output_x0;       \
-}
-
-#define second_round(ctx,x0,y0,y1,y2,y3) { \
-        u32 t0,t7,t10,t13; \
-        u32 tem0,tem7,tem10,tem13;    \
-        t0 = LEROT(x0, 0);            \
-        tem0 = T0[t0];      \
-        (y0) = tem0 ^ ctx->second_round_output[0];   \
-        t7 = LEROT(x0, 24);                          \
-        tem7 = T3[t7];    \
-        (y1) = tem7 ^ ctx->second_round_output[1];   \
-        t10 = LEROT(x0, 16);                 \
-        tem10 = T2[t10]; \
-        (y2) = tem10 ^ ctx->second_round_output[2];  \
-        t13 = LEROT(x0, 8);                  \
-        tem13 = T1[t13];\
-        (y3) = tem13 ^ ctx->second_round_output[3];  \
-}
-
-#define round(ctx,x0,x1,x2,x3,y0,y1,y2,y3,r) { \
-        u32 t0,t1,t2,t3;    \
-        u32 t4,t5,t6,t7;    \
-        u32 t8,t9,t10,t11;  \
-        u32 t12,t13,t14,t15;\
-        u32 tem0,tem1,tem2,tem3;    \
-        u32 tem4,tem5,tem6,tem7;    \
-        u32 tem8,tem9,tem10,tem11;  \
-        u32 tem12,tem13,tem14,tem15;\
-        \
-        t0 = LEROT(x0, 0);                      \
-        tem0 = T0[t0];      \
-        t1 = LEROT(x1, 8);       \
-        tem1 = tem0 ^ T1[t1];    \
-        t2 = LEROT(x2, 16);      \
-        tem2 = tem1 ^ T2[t2];    \
-        t3 = LEROT(x3, 24);      \
-        tem3 = tem2 ^ T3[t3];    \
-        (y0) = tem3 ^ ctx->round_key[r][0];   \
-        \
-        t4 = LEROT(x1, 0);                      \
-        tem4 = T0[t4];      \
-        t5 = LEROT(x2, 8);       \
-        tem5 = tem4 ^ T1[t5];    \
-        t6 = LEROT(x3, 16);      \
-        tem6 = tem5 ^ T2[t6];    \
-        t7 = LEROT(x0, 24);      \
-        tem7 = tem6 ^ T3[t7];    \
-        (y1) = tem7 ^ ctx->round_key[r][1];   \
-        \
-        t8 = LEROT(x2, 0);      \
-        tem8 = T0[t8];          \
-        t9 = LEROT(x3, 8);      \
-        tem9 = tem8 ^ T1[t9];   \
-        t10 = LEROT(x0, 16);            \
-        tem10 = tem9 ^ T2[t10]; \
-        t11 = LEROT(x1, 24);            \
-        tem11 = tem10 ^ T3[t11];\
-        (y2) = tem11 ^ ctx->round_key[r][2]; \
-        \
-        t12 = LEROT(x3, 0);     \
-        tem12 = T0[t12];        \
-        t13 = LEROT(x0, 8);                     \
-        tem13 = tem12 ^ T1[t13];\
-        t14 = LEROT(x1, 16);            \
-        tem14 = tem13 ^ T2[t14];\
-        t15 = LEROT(x2, 24);            \
-        tem15 = tem14 ^ T3[t15];\
-        (y3) = tem15 ^ ctx->round_key[r][3]; \
-}
-
-/* 22.14 cycles/byte*/
-#define last_round(ctx,x0,x1,x2,x3,output,r) { \
-        u32 t0,t1,t2,t3;    \
-        u32 t4,t5,t6,t7;    \
-        u32 t8,t9,t10,t11;  \
-        u32 t12,t13,t14,t15;\
-        \
-        t0 = LEROT(x0, 0); \
-        output[0] = Sbox[t0]; \
-        t7 = LEROT(x0, 24);                     \
-        output[7] = Sbox[t7]; \
-        t10 = LEROT(x0, 16);            \
-        output[10] = Sbox[t10]; \
-        t13 = LEROT(x0, 8);     \
-        output[13] = Sbox[t13]; \
-        \
-        t1 = LEROT(x1, 8);                      \
-        output[1] = Sbox[t1]; \
-        t4 = LEROT(x1, 0); \
-        output[4] = Sbox[t4]; \
-        t11 = LEROT(x1, 24);            \
-        output[11] = Sbox[t11]; \
-        t14 = LEROT(x1, 16);            \
-        output[14] = Sbox[t14]; \
-        \
-        t2 = LEROT(x2, 16);                     \
-        output[2] = Sbox[t2]; \
-        t5 = LEROT(x2, 8);                      \
-        output[5] = Sbox[t5]; \
-        t8 = LEROT(x2, 0);              \
-        output[8] = Sbox[t8]; \
-        t15 = LEROT(x2, 24);            \
-        output[15] = Sbox[t15]; \
-      \
-        t3 = LEROT(x3, 24);                     \
-        output[3] = Sbox[t3]; \
-        t6 = LEROT(x3, 16);                     \
-        output[6] = Sbox[t6]; \
-        t9 = LEROT(x3, 8);        \
-        output[9] = Sbox[t9];     \
-        t12 = LEROT(x3, 0);       \
-        output[12] = Sbox[t12];   \
-}
-
-#define aes256_enc_block(x,output,ctx) {\
-      u32 y0;\
-      u32 z0,z1,z2,z3;\
-      u32 a0,a1,a2,a3;\
-      u32 b0,b1,b2,b3;\
-      u32 c0,c1,c2,c3;\
-      u32 d0,d1,d2,d3;\
-      u32 e0,e1,e2,e3;\
-      u32 f0,f1,f2,f3;\
-      u32 g0,g1,g2,g3;\
-      u32 h0,h1,h2,h3;\
-      u32 i0,i1,i2,i3;\
-      u32 j0,j1,j2,j3;\
-      u32 k0,k1,k2,k3;\
-      first_round(ctx,x[0],y0);\
-      second_round(ctx,y0,z0,z1,z2,z3);\
-      round(ctx,z0,z1,z2,z3,a0,a1,a2,a3,3);\
-      round(ctx,a0,a1,a2,a3,b0,b1,b2,b3,4);\
-      round(ctx,b0,b1,b2,b3,c0,c1,c2,c3,5);\
-      round(ctx,c0,c1,c2,c3,d0,d1,d2,d3,6);\
-      round(ctx,d0,d1,d2,d3,e0,e1,e2,e3,7);\
-      round(ctx,e0,e1,e2,e3,f0,f1,f2,f3,8);\
-      round(ctx,f0,f1,f2,f3,g0,g1,g2,g3,9);\
-      round(ctx,g0,g1,g2,g3,h0,h1,h2,h3,10);\
-      round(ctx,h0,h1,h2,h3,i0,i1,i2,i3,11);\
-      round(ctx,i0,i1,i2,i3,j0,j1,j2,j3,12);\
-      round(ctx,j0,j1,j2,j3,k0,k1,k2,k3,13);\
-      last_round(ctx,k0,k1,k2,k3,(output),14);\
-}
diff --git a/src/libsodium/crypto_stream/aes256estream/hongjun/api.h b/src/libsodium/crypto_stream/aes256estream/hongjun/api.h
deleted file mode 100644
index 017babe..0000000
--- a/src/libsodium/crypto_stream/aes256estream/hongjun/api.h
+++ /dev/null
@@ -1,13 +0,0 @@
-
-#include "crypto_stream_aes256estream.h"
-
-#define crypto_stream crypto_stream_aes256estream
-#define crypto_stream_xor crypto_stream_aes256estream_xor
-#define crypto_stream_beforenm crypto_stream_aes256estream_beforenm
-#define crypto_stream_afternm crypto_stream_aes256estream_afternm
-#define crypto_stream_xor_afternm crypto_stream_aes256estream_xor_afternm
-#define crypto_stream_KEYBYTES crypto_stream_aes256estream_KEYBYTES
-#define crypto_stream_NONCEBYTES crypto_stream_aes256estream_NONCEBYTES
-#define crypto_stream_BEFORENMBYTES crypto_stream_aes256estream_BEFORENMBYTES
-#define crypto_stream_IMPLEMENTATION crypto_stream_aes256estream_IMPLEMENTATION
-#define crypto_stream_VERSION crypto_stream_aes256estream_VERSION
diff --git a/src/libsodium/crypto_stream/aes256estream/hongjun/ecrypt-sync.h b/src/libsodium/crypto_stream/aes256estream/hongjun/ecrypt-sync.h
deleted file mode 100644
index 23f2aee..0000000
--- a/src/libsodium/crypto_stream/aes256estream/hongjun/ecrypt-sync.h
+++ /dev/null
@@ -1,27 +0,0 @@
-
-#ifndef __ECRYPT_SYNC__
-#define __ECRYPT_SYNC__
-
-#include <stdint.h>
-
-typedef uint8_t  u8;
-typedef uint32_t u32;
-
-#define Nr 14
-#define Nk 8
-#define Nb 4
-
-#pragma pack(push, 1)
-typedef struct ECRYPT_ctx
-{
-  u32 round_key[Nr+1][4];
-  u32 counter[4];
-  u32 first_round_output_x0;
-  u32 second_round_output[4];
-} ECRYPT_ctx;
-#pragma pack(pop)
-
-#define ECRYPT_encrypt_bytes(ctx, plaintext, ciphertext, msglen)   \
-  ECRYPT_process_bytes(0, ctx, plaintext, ciphertext, msglen)
-
-#endif
diff --git a/src/libsodium/crypto_stream/aes256estream/stream_aes256estream_api.c b/src/libsodium/crypto_stream/aes256estream/stream_aes256estream_api.c
deleted file mode 100644
index 2d3d1cb..0000000
--- a/src/libsodium/crypto_stream/aes256estream/stream_aes256estream_api.c
+++ /dev/null
@@ -1,16 +0,0 @@
-#include "crypto_stream_aes256estream.h"
-
-size_t
-crypto_stream_aes256estream_keybytes(void) {
-    return crypto_stream_aes256estream_KEYBYTES;
-}
-
-size_t
-crypto_stream_aes256estream_noncebytes(void) {
-    return crypto_stream_aes256estream_NONCEBYTES;
-}
-
-size_t
-crypto_stream_aes256estream_beforenmbytes(void) {
-    return crypto_stream_aes256estream_BEFORENMBYTES;
-}
diff --git a/src/libsodium/crypto_stream/chacha20/ref/stream_chacha20_ref.c b/src/libsodium/crypto_stream/chacha20/ref/stream_chacha20_ref.c
index 7c7d1a5..d6d943e 100644
--- a/src/libsodium/crypto_stream/chacha20/ref/stream_chacha20_ref.c
+++ b/src/libsodium/crypto_stream/chacha20/ref/stream_chacha20_ref.c
@@ -101,7 +101,7 @@ chacha_encrypt_bytes(chacha_ctx *x, const u8 *m, u8 *c, unsigned long long bytes
     unsigned long long i;
 
     if (!bytes) {
-        return;
+        return; /* LCOV_EXCL_LINE */
     }
     j0 = x->input[0];
     j1 = x->input[1];
@@ -190,10 +190,11 @@ chacha_encrypt_bytes(chacha_ctx *x, const u8 *m, u8 *c, unsigned long long bytes
         x15 = XOR(x15, U8TO32_LITTLE(m + 60));
 
         j12 = PLUSONE(j12);
+        /* LCOV_EXCL_START */
         if (!j12) {
             j13 = PLUSONE(j13);
-            /* stopping at 2^70 bytes per nonce is user's responsibility */
         }
+        /* LCOV_EXCL_STOP */
 
         U32TO8_LITTLE(c + 0, x0);
         U32TO8_LITTLE(c + 4, x1);
diff --git a/src/libsodium/crypto_stream/try.c b/src/libsodium/crypto_stream/try.c
deleted file mode 100644
index 61bf8ab..0000000
--- a/src/libsodium/crypto_stream/try.c
+++ /dev/null
@@ -1,122 +0,0 @@
-/*
- * crypto_stream/try.c version 20090118
- * D. J. Bernstein
- * Public domain.
- */
-
-#include <stdlib.h>
-#include "crypto_stream.h"
-#include "utils.h"
-#include "windows/windows-quirks.h"
-
-extern unsigned char *alignedcalloc(unsigned long long);
-
-const char *primitiveimplementation = crypto_stream_IMPLEMENTATION;
-
-#define MAXTEST_BYTES 10000
-#define CHECKSUM_BYTES 4096
-#define TUNE_BYTES 1536
-
-static unsigned char *k;
-static unsigned char *n;
-static unsigned char *m;
-static unsigned char *c;
-static unsigned char *s;
-static unsigned char *k2;
-static unsigned char *n2;
-static unsigned char *m2;
-static unsigned char *c2;
-static unsigned char *s2;
-
-void preallocate(void)
-{
-}
-
-void allocate(void)
-{
-  k = alignedcalloc(crypto_stream_KEYBYTES);
-  n = alignedcalloc(crypto_stream_NONCEBYTES);
-  m = alignedcalloc(MAXTEST_BYTES);
-  c = alignedcalloc(MAXTEST_BYTES);
-  s = alignedcalloc(MAXTEST_BYTES);
-  k2 = alignedcalloc(crypto_stream_KEYBYTES);
-  n2 = alignedcalloc(crypto_stream_NONCEBYTES);
-  m2 = alignedcalloc(MAXTEST_BYTES);
-  c2 = alignedcalloc(MAXTEST_BYTES);
-  s2 = alignedcalloc(MAXTEST_BYTES);
-}
-
-void predoit(void)
-{
-}
-
-void doit(void)
-{
-  crypto_stream_xor(c,m,TUNE_BYTES,n,k);
-}
-
-char checksum[crypto_stream_KEYBYTES * 2 + 1];
-
-const char *checksum_compute(void)
-{
-  long long i;
-  long long j;
-
-  for (i = 0;i < CHECKSUM_BYTES;++i) {
-    long long mlen = i;
-    long long clen = i;
-    long long slen = i;
-    long long klen = crypto_stream_KEYBYTES;
-    long long nlen = crypto_stream_NONCEBYTES;
-    for (j = -16;j < 0;++j) m[j] = rand();
-    for (j = -16;j < 0;++j) c[j] = rand();
-    for (j = -16;j < 0;++j) s[j] = rand();
-    for (j = -16;j < 0;++j) n[j] = rand();
-    for (j = -16;j < 0;++j) k[j] = rand();
-    for (j = mlen;j < mlen + 16;++j) m[j] = rand();
-    for (j = clen;j < clen + 16;++j) c[j] = rand();
-    for (j = slen;j < slen + 16;++j) s[j] = rand();
-    for (j = nlen;j < nlen + 16;++j) n[j] = rand();
-    for (j = klen;j < klen + 16;++j) k[j] = rand();
-    for (j = -16;j < mlen + 16;++j) m2[j] = m[j];
-    for (j = -16;j < clen + 16;++j) c2[j] = c[j];
-    for (j = -16;j < slen + 16;++j) s2[j] = s[j];
-    for (j = -16;j < nlen + 16;++j) n2[j] = n[j];
-    for (j = -16;j < klen + 16;++j) k2[j] = k[j];
-
-    crypto_stream_xor(c,m,mlen,n,k);
-
-    for (j = -16;j < mlen + 16;++j) if (m[j] != m2[j]) return "crypto_stream_xor overwrites m";
-    for (j = -16;j < slen + 16;++j) if (s[j] != s2[j]) return "crypto_stream_xor overwrites s";
-    for (j = -16;j < nlen + 16;++j) if (n[j] != n2[j]) return "crypto_stream_xor overwrites n";
-    for (j = -16;j < klen + 16;++j) if (k[j] != k2[j]) return "crypto_stream_xor overwrites k";
-    for (j = -16;j < 0;++j) if (c[j] != c2[j]) return "crypto_stream_xor writes before output";
-    for (j = clen;j < clen + 16;++j) if (c[j] != c2[j]) return "crypto_stream_xor writes after output";
-
-    for (j = -16;j < clen + 16;++j) c2[j] = c[j];
-
-    crypto_stream(s,slen,n,k);
-
-    for (j = -16;j < mlen + 16;++j) if (m[j] != m2[j]) return "crypto_stream overwrites m";
-    for (j = -16;j < clen + 16;++j) if (c[j] != c2[j]) return "crypto_stream overwrites c";
-    for (j = -16;j < nlen + 16;++j) if (n[j] != n2[j]) return "crypto_stream overwrites n";
-    for (j = -16;j < klen + 16;++j) if (k[j] != k2[j]) return "crypto_stream overwrites k";
-    for (j = -16;j < 0;++j) if (s[j] != s2[j]) return "crypto_stream writes before output";
-    for (j = slen;j < slen + 16;++j) if (s[j] != s2[j]) return "crypto_stream writes after output";
-
-    for (j = 0;j < mlen;++j)
-      if ((s[j] ^ m[j]) != c[j]) return "crypto_stream_xor does not match crypto_stream";
-
-    for (j = 0;j < clen;++j) k[j % klen] ^= c[j];
-    crypto_stream_xor(m,c,clen,n,k);
-    crypto_stream(s,slen,n,k);
-    for (j = 0;j < mlen;++j)
-      if ((s[j] ^ m[j]) != c[j]) return "crypto_stream_xor does not match crypto_stream";
-    for (j = 0;j < mlen;++j) n[j % nlen] ^= m[j];
-    m[mlen] = 0;
-  }
-
-  sodium_bin2hex(checksum, sizeof checksum, k, crypto_stream_KEYBYTES);
-
-  return 0;
-}
diff --git a/src/libsodium/crypto_verify/try.c b/src/libsodium/crypto_verify/try.c
deleted file mode 100644
index 06684e7..0000000
--- a/src/libsodium/crypto_verify/try.c
+++ /dev/null
@@ -1,76 +0,0 @@
-/*
- * crypto_verify/try.c version 20090118
- * D. J. Bernstein
- * Public domain.
- */
-
-#include <stdlib.h>
-#include "crypto_verify.h"
-#include "windows/windows-quirks.h"
-
-extern unsigned char *alignedcalloc(unsigned long long);
-
-const char *primitiveimplementation = crypto_verify_IMPLEMENTATION;
-
-static unsigned char *x;
-static unsigned char *y;
-
-void preallocate(void)
-{
-}
-
-void allocate(void)
-{
-  x = alignedcalloc(crypto_verify_BYTES);
-  y = alignedcalloc(crypto_verify_BYTES);
-}
-
-void predoit(void)
-{
-}
-
-void doit(void)
-{
-  crypto_verify(x,y);
-}
-
-static const char *check(void)
-{
-  int r = crypto_verify(x,y);
-  if (r == 0) {
-    if (memcmp(x,y,crypto_verify_BYTES)) return "different strings pass verify";
-  } else if (r == -1) {
-    if (!memcmp(x,y,crypto_verify_BYTES)) return "equal strings fail verify";
-  } else {
-    return "weird return value from verify";
-  }
-  return 0;
-}
-
-char checksum[2];
-
-const char *checksum_compute(void)
-{
-  long long tests;
-  long long i;
-  long long j;
-  const char *c;
-
-  for (tests = 0;tests < 100000;++tests) {
-    for (i = 0;i < crypto_verify_BYTES;++i) x[i] = rand();
-    for (i = 0;i < crypto_verify_BYTES;++i) y[i] = rand();
-    c = check(); if (c) return c;
-    for (i = 0;i < crypto_verify_BYTES;++i) y[i] = x[i];
-    c = check(); if (c) return c;
-    y[rand() % crypto_verify_BYTES] = rand();
-    c = check(); if (c) return c;
-    y[rand() % crypto_verify_BYTES] = rand();
-    c = check(); if (c) return c;
-    y[rand() % crypto_verify_BYTES] = rand();
-    c = check(); if (c) return c;
-  }
-
-  checksum[0] = '0';
-  checksum[1] = 0;
-  return 0;
-}
diff --git a/src/libsodium/include/Makefile.am b/src/libsodium/include/Makefile.am
index 45a82d7..894c371 100644
--- a/src/libsodium/include/Makefile.am
+++ b/src/libsodium/include/Makefile.am
@@ -32,7 +32,6 @@ SODIUM_EXPORT = \
 	sodium/crypto_sign_edwards25519sha512batch.h \
 	sodium/crypto_stream.h \
 	sodium/crypto_stream_aes128ctr.h \
-	sodium/crypto_stream_aes256estream.h \
 	sodium/crypto_stream_chacha20.h \
 	sodium/crypto_stream_salsa20.h \
 	sodium/crypto_stream_salsa2012.h \
diff --git a/src/libsodium/include/sodium.h b/src/libsodium/include/sodium.h
index dcb6b45..4a57108 100644
--- a/src/libsodium/include/sodium.h
+++ b/src/libsodium/include/sodium.h
@@ -32,7 +32,6 @@
 #include <sodium/crypto_sign_ed25519.h>
 #include <sodium/crypto_stream.h>
 #include <sodium/crypto_stream_aes128ctr.h>
-#include <sodium/crypto_stream_aes256estream.h>
 #include <sodium/crypto_stream_chacha20.h>
 #include <sodium/crypto_stream_salsa20.h>
 #include <sodium/crypto_stream_salsa2012.h>
diff --git a/src/libsodium/include/sodium/crypto_onetimeauth_poly1305.h b/src/libsodium/include/sodium/crypto_onetimeauth_poly1305.h
index 54f4a73..fb6eb49 100644
--- a/src/libsodium/include/sodium/crypto_onetimeauth_poly1305.h
+++ b/src/libsodium/include/sodium/crypto_onetimeauth_poly1305.h
@@ -54,9 +54,8 @@ const char *crypto_onetimeauth_poly1305_implementation_name(void);
 SODIUM_EXPORT
 int crypto_onetimeauth_poly1305_set_implementation(crypto_onetimeauth_poly1305_implementation *impl);
 
-SODIUM_EXPORT
 crypto_onetimeauth_poly1305_implementation *
-        crypto_onetimeauth_pick_best_implementation(void);
+crypto_onetimeauth_pick_best_implementation(void);
 
 SODIUM_EXPORT
 int crypto_onetimeauth_poly1305(unsigned char *out,
diff --git a/src/libsodium/include/sodium/crypto_pwhash_scryptsalsa208sha256.h b/src/libsodium/include/sodium/crypto_pwhash_scryptsalsa208sha256.h
index 7de8395..a83233b 100644
--- a/src/libsodium/include/sodium/crypto_pwhash_scryptsalsa208sha256.h
+++ b/src/libsodium/include/sodium/crypto_pwhash_scryptsalsa208sha256.h
@@ -2,6 +2,7 @@
 #define crypto_pwhash_scryptsalsa208sha256_H
 
 #include <stddef.h>
+#include <stdint.h>
 
 #include "export.h"
 
@@ -20,6 +21,10 @@ size_t crypto_pwhash_scryptsalsa208sha256_saltbytes(void);
 SODIUM_EXPORT
 size_t crypto_pwhash_scryptsalsa208sha256_strbytes(void);
 
+#define crypto_pwhash_scryptsalsa208sha256_STRPREFIX "$7$"
+SODIUM_EXPORT
+const char *crypto_pwhash_scryptsalsa208sha256_strprefix(void);
+
 #define crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_INTERACTIVE 524288ULL
 SODIUM_EXPORT
 size_t crypto_pwhash_scryptsalsa208sha256_opslimit_interactive(void);
diff --git a/src/libsodium/include/sodium/crypto_sign_ed25519.h b/src/libsodium/include/sodium/crypto_sign_ed25519.h
index 101b6c9..0194c39 100644
--- a/src/libsodium/include/sodium/crypto_sign_ed25519.h
+++ b/src/libsodium/include/sodium/crypto_sign_ed25519.h
@@ -57,6 +57,21 @@ SODIUM_EXPORT
 int crypto_sign_ed25519_seed_keypair(unsigned char *pk, unsigned char *sk,
                                      const unsigned char *seed);
 
+SODIUM_EXPORT
+int crypto_sign_ed25519_pk_to_curve25519(unsigned char *curve25519_pk,
+                                         const unsigned char *ed25519_pk);
+
+SODIUM_EXPORT
+int crypto_sign_ed25519_sk_to_curve25519(unsigned char *curve25519_sk,
+                                         const unsigned char *ed25519_sk);
+
+SODIUM_EXPORT
+int crypto_sign_ed25519_sk_to_seed(unsigned char *seed,
+                                   const unsigned char *sk);
+
+SODIUM_EXPORT
+int crypto_sign_ed25519_sk_to_pk(unsigned char *pk, const unsigned char *sk);
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/src/libsodium/include/sodium/crypto_stream_aes256estream.h b/src/libsodium/include/sodium/crypto_stream_aes256estream.h
deleted file mode 100644
index d497834..0000000
--- a/src/libsodium/include/sodium/crypto_stream_aes256estream.h
+++ /dev/null
@@ -1,67 +0,0 @@
-#ifndef crypto_stream_aes256estream_H
-#define crypto_stream_aes256estream_H
-
-/*
- * WARNING: This is just a stream cipher. It is NOT authenticated encryption.
- * While it provides some protection against eavesdropping, it does NOT
- * provide any security against active attacks.
- * Furthermore, this implementation was not part of NaCl.
- * 
- * If you are looking for a stream cipher, you might consider
- * crypto_stream_aes128ctr, crypto_stream_chacha20 or crypto_stream_(x)salsa20
- * which are timing-attack resistant.
- * 
- * But unless you know what you're doing, what you are looking for is probably
- * the crypto_box or crypto_secretbox functions.
- */
-
-#include <stddef.h>
-#include "export.h"
-
-#ifdef __cplusplus
-# if __GNUC__
-#  pragma GCC diagnostic ignored "-Wlong-long"
-# endif
-extern "C" {
-#endif
-
-#define crypto_stream_aes256estream_KEYBYTES 32U
-SODIUM_EXPORT
-size_t crypto_stream_aes256estream_keybytes(void);
-
-#define crypto_stream_aes256estream_NONCEBYTES 16U
-SODIUM_EXPORT
-size_t crypto_stream_aes256estream_noncebytes(void);
-
-#define crypto_stream_aes256estream_BEFORENMBYTES 276U
-SODIUM_EXPORT
-size_t crypto_stream_aes256estream_beforenmbytes(void);
-
-SODIUM_EXPORT
-int crypto_stream_aes256estream(unsigned char *out, unsigned long long len,
-                                const unsigned char *nonce, const unsigned char *c);
-
-SODIUM_EXPORT
-int crypto_stream_aes256estream_xor(unsigned char *out, const unsigned char *in,
-                                    unsigned long long inlen, const unsigned char *n,
-                                    const unsigned char *k);
-
-SODIUM_EXPORT
-int crypto_stream_aes256estream_beforenm(unsigned char *c, const unsigned char *k);
-
-SODIUM_EXPORT
-int crypto_stream_aes256estream_afternm(unsigned char *out, unsigned long long len,
-                                        const unsigned char *nonce,
-                                        const unsigned char *c);
-
-SODIUM_EXPORT
-int crypto_stream_aes256estream_xor_afternm(unsigned char *out, const unsigned char *in,
-                                            unsigned long long len,
-                                            const unsigned char *nonce,
-                                            const unsigned char *c);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
diff --git a/src/libsodium/include/sodium/randombytes.h b/src/libsodium/include/sodium/randombytes.h
index c5175b2..4d07cd5 100644
--- a/src/libsodium/include/sodium/randombytes.h
+++ b/src/libsodium/include/sodium/randombytes.h
@@ -26,28 +26,30 @@ typedef struct randombytes_implementation {
 } randombytes_implementation;
 
 SODIUM_EXPORT
-int randombytes_set_implementation(randombytes_implementation *impl);
+void randombytes_buf(void * const buf, const size_t size);
 
 SODIUM_EXPORT
-void randombytes(unsigned char * const buf, const unsigned long long buf_len);
+uint32_t randombytes_random(void);
 
 SODIUM_EXPORT
-const char *randombytes_implementation_name(void);
+uint32_t randombytes_uniform(const uint32_t upper_bound);
 
 SODIUM_EXPORT
-uint32_t randombytes_random(void);
+void randombytes_stir(void);
 
 SODIUM_EXPORT
-void randombytes_stir(void);
+int randombytes_close(void);
 
 SODIUM_EXPORT
-uint32_t randombytes_uniform(const uint32_t upper_bound);
+int randombytes_set_implementation(randombytes_implementation *impl);
 
 SODIUM_EXPORT
-void randombytes_buf(void * const buf, const size_t size);
+const char *randombytes_implementation_name(void);
+
+/* -- Compatibility layer with NaCl -- */
 
 SODIUM_EXPORT
-int randombytes_close(void);
+void randombytes(unsigned char * const buf, const unsigned long long buf_len);
 
 #ifdef __cplusplus
 }
diff --git a/src/libsodium/include/sodium/utils.h b/src/libsodium/include/sodium/utils.h
index 817919b..1ac78eb 100644
--- a/src/libsodium/include/sodium/utils.h
+++ b/src/libsodium/include/sodium/utils.h
@@ -16,12 +16,14 @@ extern "C" {
 # define _SODIUM_C99(X) X
 #endif
 
-unsigned char *_sodium_alignedcalloc(unsigned char ** const unaligned_p,
-                                     const size_t len);
-
 SODIUM_EXPORT
 void sodium_memzero(void * const pnt, const size_t len);
 
+/* WARNING: sodium_memcmp() must be used to verify if two secret keys
+ * are equal, in constant time.
+ * It returns 0 if the keys are equal, and -1 if they differ.
+ * This function is not designed for lexicographical comparisons.
+ */
 SODIUM_EXPORT
 int sodium_memcmp(const void * const b1_, const void * const b2_, size_t len);
 
@@ -41,6 +43,55 @@ int sodium_mlock(void * const addr, const size_t len);
 SODIUM_EXPORT
 int sodium_munlock(void * const addr, const size_t len);
 
+/* WARNING: sodium_malloc() and sodium_allocarray() are not general-purpose
+ * allocation functions.
+ *
+ * They return a pointer to a region filled with 0xd0 bytes, immediately
+ * followed by a guard page.
+ * As a result, accessing a single byte after the requested allocation size
+ * will intentionally trigger a segmentation fault.
+ *
+ * A canary and an additional guard page placed before the beginning of the
+ * region may also kill the process if a buffer underflow is detected.
+ *
+ * The memory layout is:
+ * [unprotected region size (read only)][guard page (no access)][unprotected pages (read/write)][guard page (no access)]
+ * With the layout of the unprotected pages being:
+ * [optional padding][16-bytes canary][user region]
+ *
+ * However:
+ * - These functions are significantly slower than standard functions
+ * - Each allocation requires 3 or 4 additional pages
+ * - The returned address will not be aligned if the allocation size is not
+ *   a multiple of the required alignment. For this reason, these functions
+ *   are designed to store data, such as secret keys and messages.
+ *   They should not be used to store pointers mixed with other types
+ *   in portable code unless extreme care is taken to ensure correct
+ *   pointers alignment.
+ */
+
+SODIUM_EXPORT
+void *sodium_malloc(const size_t size);
+
+SODIUM_EXPORT
+void *sodium_allocarray(size_t count, size_t size);
+
+SODIUM_EXPORT
+void sodium_free(void *ptr);
+
+SODIUM_EXPORT
+int sodium_mprotect_noaccess(void *ptr);
+
+SODIUM_EXPORT
+int sodium_mprotect_readonly(void *ptr);
+
+SODIUM_EXPORT
+int sodium_mprotect_readwrite(void *ptr);
+
+/* -------- */
+
+int _sodium_alloc_init(void);
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/src/libsodium/randombytes/salsa20/randombytes_salsa20_random.c b/src/libsodium/randombytes/salsa20/randombytes_salsa20_random.c
index 374ff4d..2b44469 100644
--- a/src/libsodium/randombytes/salsa20/randombytes_salsa20_random.c
+++ b/src/libsodium/randombytes/salsa20/randombytes_salsa20_random.c
@@ -41,7 +41,7 @@ BOOLEAN NTAPI RtlGenRandom(PVOID RandomBuffer, ULONG RandomBufferLength);
 
 typedef struct Salsa20Random_ {
     unsigned char key[crypto_stream_salsa20_KEYBYTES];
-    unsigned char rnd32[SALSA20_RANDOM_BLOCK_SIZE];
+    unsigned char rnd32[16U * SALSA20_RANDOM_BLOCK_SIZE];
     uint64_t      nonce;
     size_t        rnd32_outleft;
 #ifndef _MSC_VER
@@ -67,7 +67,10 @@ sodium_hrtime(void)
 #ifdef _WIN32
     struct _timeb tb;
 
+# pragma warning(push)
+# pragma warning(disable: 4996)
     _ftime(&tb);
+# pragma warning(pop)
     tv.tv_sec = (long) tb.time;
     tv.tv_usec = ((int) tb.millitm) * 1000;
     ret = 0;
@@ -91,12 +94,12 @@ safe_read(const int fd, void * const buf_, size_t count)
     assert(count > (size_t) 0U);
     do {
         while ((readnb = read(fd, buf, count)) < (ssize_t) 0 &&
-               errno == EINTR);
+               errno == EINTR);  /* LCOV_EXCL_LINE */
         if (readnb < (ssize_t) 0) {
-            return readnb;
+            return readnb; /* LCOV_EXCL_LINE */
         }
         if (readnb == (ssize_t) 0) {
-            break;
+            break; /* LCOV_EXCL_LINE */
         }
         count -= (size_t) readnb;
         buf += readnb;
@@ -110,6 +113,7 @@ safe_read(const int fd, void * const buf_, size_t count)
 static int
 randombytes_salsa20_random_random_dev_open(void)
 {
+/* LCOV_EXCL_START */
     struct stat       st;
     static const char *devices[] = {
 # ifndef USE_BLOCKING_RANDOM
@@ -131,6 +135,7 @@ randombytes_salsa20_random_random_dev_open(void)
     } while (*device != NULL);
 
     return -1;
+/* LCOV_EXCL_STOP */
 }
 
 static void
@@ -143,7 +148,7 @@ randombytes_salsa20_random_init(void)
 
     if ((stream.random_data_source_fd =
          randombytes_salsa20_random_random_dev_open()) == -1) {
-        abort();
+        abort(); /* LCOV_EXCL_LINE */
     }
     errno = errno_save;
 }
@@ -181,11 +186,11 @@ randombytes_salsa20_random_stir(void)
 #ifndef _WIN32
     if (safe_read(stream.random_data_source_fd, m0,
                   sizeof m0) != (ssize_t) sizeof m0) {
-        abort();
+        abort(); /* LCOV_EXCL_LINE */
     }
 #else /* _WIN32 */
     if (! RtlGenRandom((PVOID) m0, (ULONG) sizeof m0)) {
-        abort();
+        abort(); /* LCOV_EXCL_LINE */
     }
 #endif
     COMPILER_ASSERT(sizeof stream.key == crypto_auth_hmacsha512256_BYTES);
@@ -214,14 +219,26 @@ randombytes_salsa20_random_stir_if_needed(void)
 #endif
 }
 
+static void
+randombytes_salsa20_random_rekey(const unsigned char * const mix)
+{
+    unsigned char *key = stream.key;
+    size_t         i;
+
+    for (i = (size_t) 0U; i < sizeof stream.key; i++) {
+        key[i] ^= mix[i];
+    }
+}
+
 static uint32_t
 randombytes_salsa20_random_getword(void)
 {
     uint32_t val;
     int      ret;
 
-    COMPILER_ASSERT(sizeof stream.rnd32 >= sizeof val);
-    COMPILER_ASSERT(sizeof stream.rnd32 % sizeof val == (size_t) 0U);
+    COMPILER_ASSERT(sizeof stream.rnd32 >= (sizeof stream.key) + (sizeof val));
+    COMPILER_ASSERT(((sizeof stream.rnd32) - (sizeof stream.key))
+                    % sizeof val == (size_t) 0U);
     if (stream.rnd32_outleft <= (size_t) 0U) {
         randombytes_salsa20_random_stir_if_needed();
         COMPILER_ASSERT(sizeof stream.nonce == crypto_stream_salsa20_NONCEBYTES);
@@ -230,11 +247,13 @@ randombytes_salsa20_random_getword(void)
                                     (unsigned char *) &stream.nonce,
                                     stream.key);
         assert(ret == 0);
+        stream.rnd32_outleft = (sizeof stream.rnd32) - (sizeof stream.key);
+        randombytes_salsa20_random_rekey(&stream.rnd32[stream.rnd32_outleft]);
         stream.nonce++;
-        stream.rnd32_outleft = sizeof stream.rnd32;
     }
     stream.rnd32_outleft -= sizeof val;
     memcpy(&val, &stream.rnd32[stream.rnd32_outleft], sizeof val);
+    memset(&stream.rnd32[stream.rnd32_outleft], 0, sizeof val);
 
     return val;
 }
@@ -278,10 +297,11 @@ randombytes_salsa20_random_buf(void * const buf, const size_t size)
     assert(size <= ULONG_LONG_MAX);
 #endif
     ret = crypto_stream_salsa20((unsigned char *) buf, (unsigned long long) size,
-                                (unsigned char *) &stream.nonce,
-                                stream.key);
+                                (unsigned char *) &stream.nonce, stream.key);
     assert(ret == 0);
     stream.nonce++;
+    crypto_stream_salsa20_xor(stream.key, stream.key, sizeof stream.key,
+                              (unsigned char *) &stream.nonce, stream.key);
 }
 
 /*
@@ -304,7 +324,7 @@ randombytes_salsa20_random_uniform(const uint32_t upper_bound)
         if (r >= min) {
             break;
         }
-    }
+    } /* LCOV_EXCL_LINE */
     return r % upper_bound;
 }
 
diff --git a/src/libsodium/randombytes/sysrandom/randombytes_sysrandom.c b/src/libsodium/randombytes/sysrandom/randombytes_sysrandom.c
index 0ffcc2e..2979ef3 100644
--- a/src/libsodium/randombytes/sysrandom/randombytes_sysrandom.c
+++ b/src/libsodium/randombytes/sysrandom/randombytes_sysrandom.c
@@ -83,12 +83,12 @@ safe_read(const int fd, void * const buf_, size_t count)
     assert(count > (size_t) 0U);
     do {
         while ((readnb = read(fd, buf, count)) < (ssize_t) 0 &&
-               errno == EINTR);
+               errno == EINTR); /* LCOV_EXCL_LINE */
         if (readnb < (ssize_t) 0) {
-            return readnb;
+            return readnb; /* LCOV_EXCL_LINE */
         }
         if (readnb == (ssize_t) 0) {
-            break;
+            break; /* LCOV_EXCL_LINE */
         }
         count -= (size_t) readnb;
         buf += readnb;
@@ -102,6 +102,7 @@ safe_read(const int fd, void * const buf_, size_t count)
 static int
 randombytes_sysrandom_random_dev_open(void)
 {
+/* LCOV_EXCL_START */
     struct stat        st;
     static const char *devices[] = {
 # ifndef USE_BLOCKING_RANDOM
@@ -123,6 +124,7 @@ randombytes_sysrandom_random_dev_open(void)
     } while (*device != NULL);
 
     return -1;
+/* LCOV_EXCL_STOP */
 }
 
 static void
@@ -132,7 +134,7 @@ randombytes_sysrandom_init(void)
 
     if ((stream.random_data_source_fd =
          randombytes_sysrandom_random_dev_open()) == -1) {
-        abort();
+        abort(); /* LCOV_EXCL_LINE */
     }
     errno = errno_save;
 }
@@ -203,14 +205,14 @@ randombytes_sysrandom_buf(void * const buf, const size_t size)
 #endif
 #ifndef _WIN32
     if (safe_read(stream.random_data_source_fd, buf, size) != (ssize_t) size) {
-        abort();
+        abort(); /* LCOV_EXCL_LINE */
     }
 #else
     if (size > 0xffffffff) {
-        abort();
+        abort(); /* LCOV_EXCL_LINE */
     }
     if (! RtlGenRandom((PVOID) buf, (ULONG) size)) {
-        abort();
+        abort(); /* LCOV_EXCL_LINE */
     }
 #endif
 }
@@ -235,7 +237,7 @@ randombytes_sysrandom_uniform(const uint32_t upper_bound)
         if (r >= min) {
             break;
         }
-    }
+    } /* LCOV_EXCL_LINE */
     return r % upper_bound;
 }
 
diff --git a/src/libsodium/sodium/compat.c b/src/libsodium/sodium/compat.c
deleted file mode 100644
index ece2dbc..0000000
--- a/src/libsodium/sodium/compat.c
+++ /dev/null
@@ -1,361 +0,0 @@
-
-#include "crypto_auth_hmacsha256.h"
-#include "crypto_auth_hmacsha512256.h"
-#include "crypto_box_curve25519xsalsa20poly1305.h"
-#include "crypto_hash_sha256.h"
-#include "crypto_hash_sha512.h"
-#include "crypto_onetimeauth_poly1305.h"
-#include "crypto_pwhash_scryptsalsa208sha256.h"
-#include "crypto_scalarmult_curve25519.h"
-#include "crypto_secretbox_xsalsa20poly1305.h"
-#include "crypto_sign_ed25519.h"
-#include "crypto_stream_salsa20.h"
-#include "crypto_stream_xsalsa20.h"
-#include "crypto_verify_16.h"
-#include "crypto_verify_32.h"
-#include "export.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#undef crypto_pwhash_scryptxsalsa208sha256_saltbytes
-SODIUM_EXPORT size_t
-crypto_pwhash_scryptxsalsa208sha256_saltbytes(void)
-{
-    return crypto_pwhash_scryptsalsa208sha256_saltbytes();
-}
-
-#undef crypto_pwhash_scryptxsalsa208sha256_strbytes
-SODIUM_EXPORT size_t
-crypto_pwhash_scryptxsalsa208sha256_strbytes(void)
-{
-    return crypto_pwhash_scryptsalsa208sha256_strbytes();
-}
-
-#undef crypto_pwhash_scryptxsalsa208sha256
-SODIUM_EXPORT int
-crypto_pwhash_scryptxsalsa208sha256(unsigned char * const out,
-                                    unsigned long long outlen,
-                                    const char * const passwd,
-                                    unsigned long long passwdlen,
-                                    const unsigned char * const salt,
-                                    unsigned long long opslimit,
-                                    size_t memlimit)
-{
-    return crypto_pwhash_scryptsalsa208sha256(out, outlen, passwd, passwdlen,
-                                              salt, opslimit, memlimit);
-}
-
-#undef crypto_pwhash_scryptxsalsa208sha256_str
-SODIUM_EXPORT int
-crypto_pwhash_scryptxsalsa208sha256_str(char out[crypto_pwhash_scryptsalsa208sha256_STRBYTES],
-                                        const char * const passwd,
-                                        unsigned long long passwdlen,
-                                        unsigned long long opslimit,
-                                        size_t memlimit)
-{
-    return crypto_pwhash_scryptsalsa208sha256_str(out, passwd, passwdlen,
-                                                  opslimit, memlimit);
-}
-
-#undef crypto_pwhash_scryptxsalsa208sha256_str_verify
-SODIUM_EXPORT int
-crypto_pwhash_scryptxsalsa208sha256_str_verify(const char str[crypto_pwhash_scryptsalsa208sha256_STRBYTES],
-                                               const char * const passwd,
-                                               unsigned long long passwdlen)
-{
-    return crypto_pwhash_scryptsalsa208sha256_str_verify(str,
-                                                         passwd, passwdlen);
-}
-
-#ifdef EXPORT_ORIGINAL_IMPLEMENTATIONS
-
-#undef crypto_hash_sha256_ref
-SODIUM_EXPORT int
-crypto_hash_sha256_ref(unsigned char *out, const unsigned char *in,
-                       unsigned long long inlen)
-{
-    return crypto_hash_sha256(out, in, inlen);
-}
-
-#undef crypto_hash_sha512_ref
-SODIUM_EXPORT int
-crypto_hash_sha512_ref(unsigned char *out, const unsigned char *in,
-                       unsigned long long inlen)
-{
-    return crypto_hash_sha512(out, in, inlen);
-}
-
-#undef crypto_auth_hmacsha256_ref
-SODIUM_EXPORT int
-crypto_auth_hmacsha256_ref(unsigned char *out, const unsigned char *in,
-                           unsigned long long inlen, const unsigned char *k)
-{
-    return crypto_auth_hmacsha256(out, in, inlen, k);
-}
-
-#undef crypto_auth_hmacsha256_ref_verify
-SODIUM_EXPORT int
-crypto_auth_hmacsha256_ref_verify(const unsigned char *h,
-                                  const unsigned char *in,
-                                  unsigned long long inlen,
-                                  const unsigned char *k)
-{
-    return crypto_auth_hmacsha256_verify(h, in, inlen, k);
-}
-
-#undef crypto_auth_hmacsha512256_ref
-SODIUM_EXPORT int
-crypto_auth_hmacsha512256_ref(unsigned char *out, const unsigned char *in,
-                              unsigned long long inlen, const unsigned char *k)
-{
-    return crypto_auth_hmacsha512256(out, in, inlen, k);
-}
-
-#undef crypto_auth_hmacsha512256_ref_verify
-SODIUM_EXPORT int
-crypto_auth_hmacsha512256_ref_verify(const unsigned char *h,
-                                     const unsigned char *in,
-                                     unsigned long long inlen,
-                                     const unsigned char *k)
-{
-    return crypto_auth_hmacsha512256_verify(h, in, inlen, k);
-}
-
-#undef crypto_box_curve25519xsalsa20poly1305_ref_keypair
-SODIUM_EXPORT int
-crypto_box_curve25519xsalsa20poly1305_ref_keypair(unsigned char *pk,
-                                                  unsigned char *sk)
-{
-    return crypto_box_curve25519xsalsa20poly1305_keypair(pk, sk);
-}
-
-#undef crypto_box_curve25519xsalsa20poly1305_ref_beforenm
-SODIUM_EXPORT int
-crypto_box_curve25519xsalsa20poly1305_ref_beforenm(unsigned char *k,
-                                                   const unsigned char *pk,
-                                                   const unsigned char *sk)
-{
-    return crypto_box_curve25519xsalsa20poly1305_beforenm(k, pk, sk);
-}
-
-#undef crypto_box_curve25519xsalsa20poly1305_ref_afternm
-SODIUM_EXPORT int
-crypto_box_curve25519xsalsa20poly1305_ref_afternm(unsigned char *c,
-                                                  const unsigned char *m,
-                                                  unsigned long long mlen,
-                                                  const unsigned char *n,
-                                                  const unsigned char *k)
-{
-    return crypto_box_curve25519xsalsa20poly1305_afternm(c, m, mlen, n, k);
-}
-
-#undef crypto_box_curve25519xsalsa20poly1305_ref_open_afternm
-SODIUM_EXPORT int
-crypto_box_curve25519xsalsa20poly1305_ref_open_afternm(unsigned char *m,
-                                                       const unsigned char *c,
-                                                       unsigned long long clen,
-                                                       const unsigned char *n,
-                                                       const unsigned char *k)
-{
-    return crypto_box_curve25519xsalsa20poly1305_open_afternm(m, c, clen, n, k);
-}
-
-#undef crypto_box_curve25519xsalsa20poly1305_ref
-SODIUM_EXPORT int
-crypto_box_curve25519xsalsa20poly1305_ref(unsigned char *c,
-                                          const unsigned char *m,
-                                          unsigned long long mlen,
-                                          const unsigned char *n,
-                                          const unsigned char *pk,
-                                          const unsigned char *sk)
-{
-    return crypto_box_curve25519xsalsa20poly1305(c, m, mlen, n, pk, sk);
-}
-
-#undef crypto_box_curve25519xsalsa20poly1305_ref_open
-SODIUM_EXPORT int
-crypto_box_curve25519xsalsa20poly1305_ref_open(unsigned char *m,
-                                               const unsigned char *c,
-                                               unsigned long long clen,
-                                               const unsigned char *n,
-                                               const unsigned char *pk,
-                                               const unsigned char *sk)
-{
-    return crypto_box_curve25519xsalsa20poly1305_open(m, c, clen, n, pk, sk);
-}
-
-#undef crypto_scalarmult_curve25519_ref_base
-SODIUM_EXPORT int
-crypto_scalarmult_curve25519_ref_base(unsigned char *q, const unsigned char *n)
-{
-    return crypto_scalarmult_curve25519_base(q, n);
-}
-
-#undef crypto_scalarmult_curve25519_ref
-SODIUM_EXPORT int
-crypto_scalarmult_curve25519_ref(unsigned char *q, const unsigned char *n,
-                                 const unsigned char *p)
-{
-    return crypto_scalarmult_curve25519(q, n, p);
-}
-
-#undef crypto_scalarmult_curve25519_donna_c64_base
-SODIUM_EXPORT int
-crypto_scalarmult_curve25519_donna_c64_base(unsigned char *q, const unsigned char *n)
-{
-    return crypto_scalarmult_curve25519_base(q, n);
-}
-
-#undef crypto_scalarmult_curve25519_donna_c64
-SODIUM_EXPORT int
-crypto_scalarmult_curve25519_donna_c64(unsigned char *q, const unsigned char *n,
-                                       const unsigned char *p)
-{
-    return crypto_scalarmult_curve25519(q, n, p);
-}
-
-#undef crypto_secretbox_xsalsa20poly1305_ref
-SODIUM_EXPORT int
-crypto_secretbox_xsalsa20poly1305_ref(unsigned char *c,
-                                      const unsigned char *m,
-                                      unsigned long long mlen,
-                                      const unsigned char *n,
-                                      const unsigned char *k)
-{
-    return crypto_secretbox_xsalsa20poly1305(c, m, mlen, n, k);
-}
-
-#undef crypto_secretbox_xsalsa20poly1305_ref_open
-SODIUM_EXPORT int
-crypto_secretbox_xsalsa20poly1305_ref_open(unsigned char *m,
-                                           const unsigned char *c,
-                                           unsigned long long clen,
-                                           const unsigned char *n,
-                                           const unsigned char *k)
-{
-    return crypto_secretbox_xsalsa20poly1305_open(m, c, clen, n, k);
-}
-
-#undef crypto_sign_ed25519_ref_seed_keypair
-SODIUM_EXPORT int
-crypto_sign_ed25519_ref_seed_keypair(unsigned char *pk, unsigned char *sk,
-                                     const unsigned char *seed)
-{
-    return crypto_sign_ed25519_seed_keypair(pk, sk, seed);
-}
-
-#undef crypto_sign_ed25519_ref_keypair
-SODIUM_EXPORT int
-crypto_sign_ed25519_ref_keypair(unsigned char *pk, unsigned char *sk)
-{
-    return crypto_sign_ed25519_keypair(pk, sk);
-}
-
-#undef crypto_sign_ed25519_ref
-SODIUM_EXPORT int
-crypto_sign_ed25519_ref(unsigned char *sm, unsigned long long *smlen,
-                        const unsigned char *m, unsigned long long mlen,
-                        const unsigned char *sk)
-{
-    return crypto_sign_ed25519(sm, smlen, m, mlen, sk);
-}
-
-#undef crypto_sign_ed25519_ref_open
-SODIUM_EXPORT int
-crypto_sign_ed25519_ref_open(unsigned char *m, unsigned long long *mlen,
-                             const unsigned char *sm, unsigned long long smlen,
-                             const unsigned char *pk)
-{
-    return crypto_sign_ed25519_open(m, mlen, sm, smlen, pk);
-}
-
-#undef crypto_stream_xsalsa20_ref
-SODIUM_EXPORT int
-crypto_stream_xsalsa20_ref(unsigned char *c, unsigned long long clen,
-                           const unsigned char *n, const unsigned char *k)
-{
-    return crypto_stream_xsalsa20(c, clen, n, k);
-}
-
-#undef crypto_stream_xsalsa20_ref_xor
-SODIUM_EXPORT int
-crypto_stream_xsalsa20_ref_xor(unsigned char *c, const unsigned char *m,
-                               unsigned long long mlen, const unsigned char *n,
-                               const unsigned char *k)
-{
-    return crypto_stream_xsalsa20_xor(c, m, mlen, n, k);
-}
-
-#undef crypto_verify_16_ref
-SODIUM_EXPORT int
-crypto_verify_16_ref(const unsigned char *x, const unsigned char *y)
-{
-    return crypto_verify_16(x, y);
-}
-
-#undef crypto_verify_32_ref
-SODIUM_EXPORT int
-crypto_verify_32_ref(const unsigned char *x, const unsigned char *y)
-{
-    return crypto_verify_32(x, y);
-}
-
-#undef crypto_onetimeauth_poly1305_ref
-SODIUM_EXPORT int
-crypto_onetimeauth_poly1305_ref(unsigned char *out,
-                                const unsigned char *in,
-                                unsigned long long inlen,
-                                const unsigned char *k)
-{
-    return crypto_onetimeauth_poly1305(out, in, inlen, k);
-}
-
-#undef crypto_stream_salsa20_amd64_xmm6
-SODIUM_EXPORT int
-crypto_stream_salsa20_amd64_xmm6(unsigned char *c,
-                                 unsigned long long clen,
-                                 const unsigned char *n,
-                                 const unsigned char *k)
-{
-    return crypto_stream_salsa20(c, clen, n, k);
-}
-
-#undef crypto_stream_salsa20_ref
-SODIUM_EXPORT int
-crypto_stream_salsa20_ref(unsigned char *c,
-                          unsigned long long clen,
-                          const unsigned char *n,
-                          const unsigned char *k)
-{
-    return crypto_stream_salsa20(c, clen, n, k);
-}
-
-#undef crypto_stream_salsa20_amd64_xmm6_xor
-SODIUM_EXPORT int
-crypto_stream_salsa20_amd64_xmm6_xor(unsigned char *c,
-                                     const unsigned char *m,
-                                     unsigned long long mlen,
-                                     const unsigned char *n,
-                                     const unsigned char *k)
-{
-    return crypto_stream_salsa20_xor(c, m, mlen, n, k);
-}
-
-#undef crypto_stream_salsa20_ref_xor
-SODIUM_EXPORT int
-crypto_stream_salsa20_ref_xor(unsigned char *c,
-                              const unsigned char *m,
-                              unsigned long long mlen,
-                              const unsigned char *n,
-                              const unsigned char *k)
-{
-    return crypto_stream_salsa20_xor(c, m, mlen, n, k);
-}
-
-#endif
-
-#ifdef __cplusplus
-}
-#endif
diff --git a/src/libsodium/sodium/core.c b/src/libsodium/sodium/core.c
index 652f31e..367f275 100644
--- a/src/libsodium/sodium/core.c
+++ b/src/libsodium/sodium/core.c
@@ -3,6 +3,7 @@
 #include "crypto_onetimeauth.h"
 #include "randombytes.h"
 #include "runtime.h"
+#include "utils.h"
 
 static int initialized;
 
@@ -14,9 +15,10 @@ sodium_init(void)
     }
     sodium_runtime_get_cpu_features();
     if (crypto_onetimeauth_pick_best_implementation() == NULL) {
-        return -1;
+        return -1; /* LCOV_EXCL_LINE */
     }
     randombytes_stir();
+    _sodium_alloc_init();
     initialized = 1;
 
     return 0;
diff --git a/src/libsodium/sodium/runtime.c b/src/libsodium/sodium/runtime.c
index 52b3707..3e424a0 100644
--- a/src/libsodium/sodium/runtime.c
+++ b/src/libsodium/sodium/runtime.c
@@ -44,7 +44,7 @@ static void
 _cpuid(unsigned int cpu_info[4U], const unsigned int cpu_info_type)
 {
 #ifdef _MSC_VER
-    __cpuidex((int *) cpu_info, cpu_info_type, 0);
+    __cpuid((int *) cpu_info, cpu_info_type);
 #elif defined(HAVE_CPUID)
     cpu_info[0] = cpu_info[1] = cpu_info[2] = cpu_info[3] = 0;
 # ifdef __i386__
@@ -56,7 +56,7 @@ _cpuid(unsigned int cpu_info[4U], const unsigned int cpu_info_type)
                           "=&r" (cpu_info[0]), "=&r" (cpu_info[1]) :
                           "i" (0x200000));
     if (((cpu_info[0] ^ cpu_info[1]) & 0x200000) == 0x0) {
-        return;
+        return; /* LCOV_EXCL_LINE */
     }
 # endif
 # ifdef __i386__
@@ -88,7 +88,7 @@ _sodium_runtime_intel_cpu_features(CPUFeatures * const cpu_features)
 
     _cpuid(cpu_info, 0x0);
     if ((id = cpu_info[0]) == 0U) {
-        return -1;
+        return -1; /* LCOV_EXCL_LINE */
     }
     _cpuid(cpu_info, 0x00000001);
 #ifndef HAVE_EMMINTRIN_H
diff --git a/src/libsodium/sodium/utils.c b/src/libsodium/sodium/utils.c
index eff9d0c..e51ae6b 100644
--- a/src/libsodium/sodium/utils.c
+++ b/src/libsodium/sodium/utils.c
@@ -1,8 +1,10 @@
 #ifndef __STDC_WANT_LIB_EXT1__
 # define __STDC_WANT_LIB_EXT1__ 1
 #endif
+#include <assert.h>
 #include <errno.h>
 #include <limits.h>
+#include <signal.h>
 #include <stddef.h>
 #include <stdint.h>
 #include <stdlib.h>
@@ -17,8 +19,32 @@
 #ifdef _WIN32
 # include <windows.h>
 # include <wincrypt.h>
+#else
+# include <unistd.h>
+#endif
+
+#define CANARY_SIZE 16U
+#define GARBAGE_VALUE 0xd0
+
+#ifndef MAP_NOCORE
+# define MAP_NOCORE 0
+#endif
+#if !defined(MAP_ANON) && defined(MAP_ANONYMOUS)
+# define MAP_ANON MAP_ANONYMOUS
+#endif
+#if defined(_WIN32) || defined(MAP_ANON) || defined(HAVE_POSIX_MEMALIGN)
+# define HAVE_ALIGNED_MALLOC
+#endif
+#if defined(HAVE_MPROTECT) && !(defined(PROT_NONE) && defined(PROT_READ) && defined(PROT_WRITE))
+# undef HAVE_MPROTECT
+#endif
+#if defined(HAVE_ALIGNED_MALLOC) && (defined(_WIN32) || defined(HAVE_MPROTECT))
+# define HAVE_PAGE_PROTECTION
 #endif
 
+static size_t page_size;
+static unsigned char canary[CANARY_SIZE];
+
 #ifdef HAVE_WEAK_SYMBOLS
 __attribute__((weak)) void
 __sodium_dummy_symbol_to_prevent_lto(void * const pnt, const size_t len)
@@ -31,11 +57,11 @@ __sodium_dummy_symbol_to_prevent_lto(void * const pnt, const size_t len)
 void
 sodium_memzero(void * const pnt, const size_t len)
 {
-#ifdef HAVE_SECUREZEROMEMORY
+#ifdef _WIN32
     SecureZeroMemory(pnt, len);
 #elif defined(HAVE_MEMSET_S)
     if (memset_s(pnt, (rsize_t) len, 0, (rsize_t) len) != 0) {
-        abort();
+        abort(); /* LCOV_EXCL_LINE */
     }
 #elif defined(HAVE_EXPLICIT_BZERO)
     explicit_bzero(pnt, len);
@@ -66,34 +92,6 @@ sodium_memcmp(const void * const b1_, const void * const b2_, size_t len)
     return (int) ((1 & ((d - 1) >> 8)) - 1);
 }
 
-unsigned char *
-_sodium_alignedcalloc(unsigned char ** const unaligned_p, const size_t len)
-{
-    unsigned char *aligned;
-    unsigned char *unaligned;
-    size_t         i;
-
-    if (SIZE_MAX - (size_t) 256U < len ||
-        (unaligned = (unsigned char *) malloc(len + (size_t) 256U)) == NULL) {
-        *unaligned_p = NULL;
-        return NULL;
-    }
-    *unaligned_p = unaligned;
-#ifdef HAVE_ARC4RANDOM_BUF
-    (void) i;
-    arc4random_buf(unaligned, len + (size_t) 256U);
-#else
-    for (i = (size_t) 0U; i < len + (size_t) 256U; ++i) {
-        unaligned[i] = (unsigned char) rand();
-    }
-#endif
-    aligned = unaligned + 64;
-    aligned += (ptrdiff_t) 63 & (-(ptrdiff_t) aligned);
-    memset(aligned, 0, len);
-
-    return aligned;
-}
-
 char *
 sodium_bin2hex(char * const hex, const size_t hex_maxlen,
                const unsigned char * const bin, const size_t bin_len)
@@ -106,7 +104,7 @@ sodium_bin2hex(char * const hex, const size_t hex_maxlen,
     size_t            j = (size_t) 0U;
 
     if (bin_len >= SIZE_MAX / 2 || hex_maxlen < bin_len * 2U) {
-        abort();
+        abort(); /* LCOV_EXCL_LINE */
     }
     while (i < bin_len) {
         hex[j++] = hexdigits[bin[i] >> 4];
@@ -178,7 +176,7 @@ sodium_mlock(void * const addr, const size_t len)
 #endif
 #ifdef HAVE_MLOCK
     return mlock(addr, len);
-#elif defined(HAVE_VIRTUALLOCK)
+#elif defined(_WIN32)
     return -(VirtualLock(addr, len) == 0);
 #else
     errno = ENOSYS;
@@ -195,10 +193,286 @@ sodium_munlock(void * const addr, const size_t len)
 #endif
 #ifdef HAVE_MLOCK
     return munlock(addr, len);
-#elif defined(HAVE_VIRTUALLOCK)
+#elif defined(_WIN32)
     return -(VirtualUnlock(addr, len) == 0);
 #else
     errno = ENOSYS;
     return -1;
 #endif
 }
+
+int
+_sodium_alloc_init(void)
+{
+#if defined(_SC_PAGESIZE)
+    long page_size_ = sysconf(_SC_PAGESIZE);
+    if (page_size_ > 0L) {
+        page_size = (size_t) page_size_;
+    }
+#elif defined(_WIN32)
+    SYSTEM_INFO si;
+    GetSystemInfo(&si);
+    page_size = (size_t) si.dwPageSize;
+#endif
+    if (page_size < CANARY_SIZE) {
+        abort(); /* LCOV_EXCL_LINE */
+    }
+    randombytes_buf(canary, sizeof canary);
+
+    return 0;
+}
+
+static inline size_t
+_page_round(const size_t size)
+{
+    const size_t page_mask = page_size - 1U;
+
+    return (size + page_mask) & ~page_mask;
+}
+
+static int
+_mprotect_noaccess(void *ptr, size_t size)
+{
+#if defined(HAVE_MPROTECT) && defined(HAVE_PAGE_PROTECTION)
+    return mprotect(ptr, size, PROT_NONE);
+#elif defined(_WIN32)
+    {
+        DWORD old;
+        return -(VirtualProtect(ptr, size, PAGE_NOACCESS, &old) == 0);
+    }
+#else
+    errno = ENOSYS;
+    return -1;
+#endif
+}
+
+static int
+_mprotect_readonly(void *ptr, size_t size)
+{
+#if defined(HAVE_MPROTECT) && defined(HAVE_PAGE_PROTECTION)
+    return mprotect(ptr, size, PROT_READ);
+#elif defined(_WIN32)
+    {
+        DWORD old;
+        return -(VirtualProtect(ptr, size, PAGE_READONLY, &old) == 0);
+    }
+#else
+    errno = ENOSYS;
+    return -1;
+#endif
+}
+
+static int
+_mprotect_readwrite(void *ptr, size_t size)
+{
+#if defined(HAVE_MPROTECT) && defined(HAVE_PAGE_PROTECTION)
+    return mprotect(ptr, size, PROT_READ | PROT_WRITE);
+#elif defined(_WIN32)
+    {
+        DWORD old;
+        return -(VirtualProtect(ptr, size, PAGE_READWRITE, &old) == 0);
+    }
+#else
+    errno = ENOSYS;
+    return -1;
+#endif
+}
+
+static void
+_out_of_bounds(void)
+{
+#ifdef SIGSEGV
+    raise(SIGSEGV);
+#elif defined(SIGKILL)
+    raise(SIGKILL);
+#endif
+    abort();
+}  /* LCOV_EXCL_LINE */
+
+static __attribute__((malloc)) unsigned char *
+_alloc_aligned(const size_t size)
+{
+    void *ptr;
+
+#ifdef MAP_ANON
+    if ((ptr = mmap(NULL, size, PROT_READ | PROT_WRITE,
+                    MAP_ANON | MAP_PRIVATE | MAP_NOCORE, -1, 0)) == MAP_FAILED) {
+        ptr = NULL; /* LCOV_EXCL_LINE */
+    } /* LCOV_EXCL_LINE */
+#elif defined(HAVE_POSIX_MEMALIGN)
+    if (posix_memalign(&ptr, page_size, size) != 0) {
+        ptr = NULL; /* LCOV_EXCL_LINE */
+    } /* LCOV_EXCL_LINE */
+#elif defined(_WIN32)
+    ptr = VirtualAlloc(NULL, size, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
+#elif !defined(HAVE_ALIGNED_MALLOC)
+    ptr = malloc(size);
+#else
+# error Bug
+#endif
+    return (unsigned char *) ptr;
+}
+
+static void
+_free_aligned(unsigned char * const ptr, const size_t size)
+{
+#ifdef MAP_ANON
+    (void) munmap(ptr, size);
+#elif defined(HAVE_POSIX_MEMALIGN)
+    free(ptr);
+#elif defined(_WIN32)
+    VirtualFree(ptr, 0U, MEM_RELEASE);
+#else
+    free(ptr);
+#endif
+}
+
+static unsigned char *
+_unprotected_ptr_from_user_ptr(const void *ptr)
+{
+    uintptr_t      unprotected_ptr_u;
+    unsigned char *canary_ptr;
+    size_t         page_mask;
+
+    canary_ptr = ((unsigned char *) ptr) - sizeof canary;
+    page_mask = page_size - 1U;
+    unprotected_ptr_u = ((uintptr_t) canary_ptr & (uintptr_t) ~page_mask);
+    if (unprotected_ptr_u <= page_size * 2U) {
+        abort(); /* LCOV_EXCL_LINE */
+    }
+    return (unsigned char *) unprotected_ptr_u;
+}
+
+static __attribute__((malloc)) void *
+_sodium_malloc(const size_t size)
+{
+    void          *user_ptr;
+    unsigned char *base_ptr;
+    unsigned char *canary_ptr;
+    unsigned char *unprotected_ptr;
+    size_t         page_mask;
+    size_t         size_with_canary;
+    size_t         total_size;
+    size_t         unprotected_size;
+
+    if (size >= SIZE_MAX - page_size * 4U) {
+        errno = ENOMEM;
+        return NULL;
+    }
+    if (page_size <= sizeof canary || page_size < sizeof unprotected_size) {
+        abort(); /* LCOV_EXCL_LINE */
+    }
+    size_with_canary = (sizeof canary) + size;
+    unprotected_size = _page_round(size_with_canary);
+    total_size = page_size + page_size + unprotected_size + page_size;
+    if ((base_ptr = _alloc_aligned(total_size)) == NULL) {
+        return NULL; /* LCOV_EXCL_LINE */
+    }
+    unprotected_ptr = base_ptr + page_size * 2U;
+    _mprotect_noaccess(base_ptr + page_size, page_size);
+#ifndef HAVE_PAGE_PROTECTION
+    memcpy(unprotected_ptr + unprotected_size, canary, sizeof canary);
+#endif
+    _mprotect_noaccess(unprotected_ptr + unprotected_size, page_size);
+    sodium_mlock(unprotected_ptr, unprotected_size);
+    page_mask = page_size - 1U;
+    canary_ptr = unprotected_ptr + _page_round(size_with_canary) -
+        size_with_canary;
+    user_ptr = canary_ptr + sizeof canary;
+    memcpy(canary_ptr, canary, sizeof canary);
+    memcpy(base_ptr, &unprotected_size, sizeof unprotected_size);
+    _mprotect_readonly(base_ptr, page_size);
+    assert(_unprotected_ptr_from_user_ptr(user_ptr) == unprotected_ptr);
+
+    return user_ptr;
+}
+
+__attribute__((malloc)) void *
+sodium_malloc(const size_t size)
+{
+    void *ptr;
+
+    if ((ptr = _sodium_malloc(size)) == NULL) {
+        return NULL; /* LCOV_EXCL_LINE */
+    }
+    memset(ptr, (int) GARBAGE_VALUE, size);
+
+    return ptr;
+}
+
+__attribute__((malloc)) void *
+sodium_allocarray(size_t count, size_t size)
+{
+    size_t total_size;
+
+    if (size >= SIZE_MAX / count) {
+        errno = ENOMEM;
+        return NULL;
+    }
+    total_size = count * size;
+
+    return sodium_malloc(total_size);
+}
+
+void
+sodium_free(void *ptr)
+{
+    unsigned char *base_ptr;
+    unsigned char *canary_ptr;
+    unsigned char *unprotected_ptr;
+    size_t         total_size;
+    size_t         unprotected_size;
+
+    if (ptr == NULL) {
+        return;
+    }
+    canary_ptr = ((unsigned char *) ptr) - sizeof canary;
+    if (sodium_memcmp(canary_ptr, canary, sizeof canary) != 0) {
+        _out_of_bounds();
+    }
+    unprotected_ptr = _unprotected_ptr_from_user_ptr(ptr);
+    base_ptr = unprotected_ptr - page_size * 2U;
+    memcpy(&unprotected_size, base_ptr, sizeof unprotected_size);
+    total_size = page_size + page_size + unprotected_size + page_size;
+    _mprotect_readwrite(base_ptr, total_size);
+#ifndef HAVE_PAGE_PROTECTION
+    if (sodium_memcmp(unprotected_ptr + unprotected_size,
+                      canary, sizeof canary) != 0) {
+        _out_of_bounds();
+    }
+#endif
+    sodium_munlock(unprotected_ptr, unprotected_size);
+    _free_aligned(base_ptr, total_size);
+}
+
+static int
+_sodium_mprotect(void *ptr, int (*cb)(void *ptr, size_t size))
+{
+    unsigned char *base_ptr;
+    unsigned char *unprotected_ptr;
+    size_t         unprotected_size;
+
+    unprotected_ptr = _unprotected_ptr_from_user_ptr(ptr);
+    base_ptr = unprotected_ptr - page_size * 2U;
+    memcpy(&unprotected_size, base_ptr, sizeof unprotected_size);
+
+    return cb(unprotected_ptr, unprotected_size);
+}
+
+int
+sodium_mprotect_noaccess(void *ptr)
+{
+    return _sodium_mprotect(ptr, _mprotect_noaccess);
+}
+
+int
+sodium_mprotect_readonly(void *ptr)
+{
+    return _sodium_mprotect(ptr, _mprotect_readonly);
+}
+
+int
+sodium_mprotect_readwrite(void *ptr)
+{
+    return _sodium_mprotect(ptr, _mprotect_readwrite);
+}
diff --git a/test/default/Makefile.am b/test/default/Makefile.am
index 8ad3c1f..11d76e0 100644
--- a/test/default/Makefile.am
+++ b/test/default/Makefile.am
@@ -23,6 +23,7 @@ EXTRA_DIST = \
 	core4.exp \
 	core5.exp \
 	core6.exp \
+	ed25519_convert.exp \
 	generichash.exp \
 	generichash2.exp \
 	generichash3.exp \
@@ -34,10 +35,12 @@ EXTRA_DIST = \
 	onetimeauth7.exp \
 	pwhash.exp \
 	pwhash_scrypt_ll.exp \
+	randombytes.exp \
 	scalarmult.exp \
 	scalarmult2.exp \
 	scalarmult5.exp \
 	scalarmult6.exp \
+	scalarmult7.exp \
 	secretbox.exp \
 	secretbox2.exp \
 	secretbox7.exp \
@@ -48,13 +51,13 @@ EXTRA_DIST = \
 	sign.exp \
 	sodium_core.exp \
 	sodium_utils.exp \
+	sodium_utils2.exp \
+	sodium_utils3.exp \
 	sodium_version.exp \
 	stream.exp \
 	stream2.exp \
 	stream3.exp \
 	stream4.exp \
-	stream5.exp \
-	stream6.exp \
 	verify1.exp
 
 DISTCLEANFILES = \
@@ -79,6 +82,7 @@ DISTCLEANFILES = \
 	core4.res \
 	core5.res \
 	core6.res \
+	ed25519_convert.res \
 	generichash.res \
 	generichash2.res \
 	generichash3.res \
@@ -90,10 +94,12 @@ DISTCLEANFILES = \
 	onetimeauth7.res \
 	pwhash.res \
 	pwhash_scrypt_ll.res \
+	randombytes.res \
 	scalarmult.res \
 	scalarmult2.res \
 	scalarmult5.res \
 	scalarmult6.res \
+	scalarmult7.res \
 	secretbox.res \
 	secretbox2.res \
 	secretbox7.res \
@@ -104,13 +110,13 @@ DISTCLEANFILES = \
 	sign.res \
 	sodium_core.res \
 	sodium_utils.res \
+	sodium_utils2.res \
+	sodium_utils3.res \
 	sodium_version.res \
 	stream.res \
 	stream2.res \
 	stream3.res \
 	stream4.res \
-	stream5.res \
-	stream6.res \
 	verify1.res
 
 AM_CPPFLAGS = \
@@ -143,6 +149,7 @@ TESTS_TARGETS = \
 	core4 \
 	core5 \
 	core6 \
+	ed25519_convert \
 	generichash \
 	generichash2 \
 	generichash3 \
@@ -158,6 +165,7 @@ TESTS_TARGETS = \
 	scalarmult2 \
 	scalarmult5 \
 	scalarmult6 \
+	scalarmult7 \
 	secretbox \
 	secretbox2 \
 	secretbox7 \
@@ -168,6 +176,8 @@ TESTS_TARGETS = \
 	sign \
 	sodium_core \
 	sodium_utils \
+	sodium_utils2 \
+	sodium_utils3 \
 	sodium_version \
 	stream \
 	stream2 \
@@ -175,12 +185,6 @@ TESTS_TARGETS = \
 	stream4 \
 	verify1
 
-if !MINIMAL
-TESTS_TARGETS += \
-	stream5 \
-	stream6
-endif
-
 check_PROGRAMS = $(TESTS_TARGETS)
 
 TESTS = $(TESTS_TARGETS)
@@ -251,6 +255,9 @@ core5_LDADD               = $(TESTS_LDADD)
 core6_SOURCE              = cmptest.h core6.c
 core6_LDADD               = $(TESTS_LDADD)
 
+ed25519_convert_SOURCE    = cmptest.h ed25519_convert.c
+ed25519_convert_LDADD     = $(TESTS_LDADD)
+
 generichash_SOURCE        = cmptest.h generichash.c
 generichash_LDADD         = $(TESTS_LDADD)
 
@@ -281,7 +288,7 @@ pwhash_LDADD              = $(TESTS_LDADD)
 pwhash_scrypt_ll_SOURCE   = cmptest.h pwhash_scrypt_ll.c
 pwhash_scrypt_ll_LDADD    = $(TESTS_LDADD)
 
-randombytes_SOURCE        = randombytes.c
+randombytes_SOURCE        = cmptest.h randombytes.c
 randombytes_LDADD         = $(TESTS_LDADD)
 
 scalarmult_SOURCE         = cmptest.h scalarmult.c
@@ -296,6 +303,9 @@ scalarmult5_LDADD         = $(TESTS_LDADD)
 scalarmult6_SOURCE        = cmptest.h scalarmult6.c
 scalarmult6_LDADD         = $(TESTS_LDADD)
 
+scalarmult7_SOURCE        = cmptest.h scalarmult7.c
+scalarmult7_LDADD         = $(TESTS_LDADD)
+
 secretbox_SOURCE          = cmptest.h secretbox.c
 secretbox_LDADD           = $(TESTS_LDADD)
 
@@ -326,6 +336,12 @@ sodium_core_LDADD         = $(TESTS_LDADD)
 sodium_utils_SOURCE       = cmptest.h sodium_utils.c
 sodium_utils_LDADD        = $(TESTS_LDADD)
 
+sodium_utils2_SOURCE      = cmptest.h sodium_utils2.c
+sodium_utils2_LDADD       = $(TESTS_LDADD)
+
+sodium_utils3_SOURCE      = cmptest.h sodium_utils3.c
+sodium_utils3_LDADD       = $(TESTS_LDADD)
+
 sodium_version_SOURCE     = cmptest.h sodium_version.c
 sodium_version_LDADD      = $(TESTS_LDADD)
 
@@ -341,12 +357,6 @@ stream3_LDADD             = $(TESTS_LDADD)
 stream4_SOURCE            = cmptest.h stream4.c
 stream4_LDADD             = $(TESTS_LDADD)
 
-stream5_SOURCE            = cmptest.h stream5.c
-stream5_LDADD             = $(TESTS_LDADD)
-
-stream6_SOURCE            = cmptest.h stream6.c
-stream6_LDADD             = $(TESTS_LDADD)
-
 verify1_SOURCE            = cmptest.h verify1.c
 verify1_LDADD             = $(TESTS_LDADD)
 
diff --git a/test/default/aead_chacha20poly1305.c b/test/default/aead_chacha20poly1305.c
index 036d001..c587e96 100644
--- a/test/default/aead_chacha20poly1305.c
+++ b/test/default/aead_chacha20poly1305.c
@@ -1,36 +1,29 @@
-#include <stdio.h>
-#include <string.h>
 
 #define TEST_NAME "aead_chacha20poly1305"
 #include "cmptest.h"
 
-static unsigned char firstkey[crypto_aead_chacha20poly1305_KEYBYTES] = {
-    0x42, 0x90, 0xbc, 0xb1, 0x54, 0x17, 0x35, 0x31,
-    0xf3, 0x14, 0xaf, 0x57, 0xf3, 0xbe, 0x3b, 0x50,
-    0x06, 0xda, 0x37, 0x1e, 0xce, 0x27, 0x2a, 0xfa,
-    0x1b, 0x5d, 0xbd, 0xd1, 0x10, 0x0a, 0x10, 0x07
-};
+static unsigned char firstkey[crypto_aead_chacha20poly1305_KEYBYTES]
+    = { 0x42, 0x90, 0xbc, 0xb1, 0x54, 0x17, 0x35, 0x31, 0xf3, 0x14, 0xaf,
+        0x57, 0xf3, 0xbe, 0x3b, 0x50, 0x06, 0xda, 0x37, 0x1e, 0xce, 0x27,
+        0x2a, 0xfa, 0x1b, 0x5d, 0xbd, 0xd1, 0x10, 0x0a, 0x10, 0x07 };
 
-static unsigned char m[10U] = {
-    0x86, 0xd0, 0x99, 0x74, 0x84, 0x0b, 0xde, 0xd2, 0xa5, 0xca
-};
+static unsigned char m[10U]
+    = { 0x86, 0xd0, 0x99, 0x74, 0x84, 0x0b, 0xde, 0xd2, 0xa5, 0xca };
 
-static unsigned char nonce[crypto_aead_chacha20poly1305_NPUBBYTES] = {
-    0xcd, 0x7c, 0xf6, 0x7b, 0xe3, 0x9c, 0x79, 0x4a
-};
+static unsigned char nonce[crypto_aead_chacha20poly1305_NPUBBYTES]
+    = { 0xcd, 0x7c, 0xf6, 0x7b, 0xe3, 0x9c, 0x79, 0x4a };
 
-static unsigned char ad[10U] = {
-    0x87, 0xe2, 0x29, 0xd4, 0x50, 0x08, 0x45, 0xa0, 0x79, 0xc0
-};
+static unsigned char ad[10U]
+    = { 0x87, 0xe2, 0x29, 0xd4, 0x50, 0x08, 0x45, 0xa0, 0x79, 0xc0 };
 
 static unsigned char c[10U + crypto_aead_chacha20poly1305_ABYTES];
 
 int main(void)
 {
-    unsigned char      m2[10U];
+    unsigned char m2[10U];
     unsigned long long clen;
     unsigned long long m2len;
-    size_t             i;
+    size_t i;
 
     crypto_aead_chacha20poly1305_encrypt(c, &clen, m, sizeof m, ad, sizeof ad,
                                          NULL, nonce, firstkey);
@@ -38,16 +31,15 @@ int main(void)
         printf("clen is not properly set\n");
     }
     for (i = 0U; i < sizeof c; ++i) {
-        printf(",0x%02x", (unsigned int) c[i]);
+        printf(",0x%02x", (unsigned int)c[i]);
         if (i % 8 == 7) {
             printf("\n");
         }
     }
     printf("\n");
 
-    if (crypto_aead_chacha20poly1305_decrypt(m2, &m2len, NULL, c, sizeof c,
-                                             ad, sizeof ad,
-                                             nonce, firstkey) != 0) {
+    if (crypto_aead_chacha20poly1305_decrypt(m2, &m2len, NULL, c, sizeof c, ad,
+                                             sizeof ad, nonce, firstkey) != 0) {
         printf("crypto_aead_chacha20poly1305_decrypt() failed\n");
     }
     if (m2len != sizeof c - crypto_aead_chacha20poly1305_abytes()) {
@@ -60,21 +52,20 @@ int main(void)
     for (i = 0U; i < sizeof c; i++) {
         c[i] ^= (i + 1U);
         if (crypto_aead_chacha20poly1305_decrypt(m2, NULL, NULL, c, sizeof c,
-                                                 ad, sizeof ad,
-                                                 nonce, firstkey) == 0 ||
-            memcmp(m, m2, sizeof m) == 0) {
+                                                 ad, sizeof ad, nonce, firstkey)
+            == 0 || memcmp(m, m2, sizeof m) == 0) {
             printf("message can be forged\n");
         }
         c[i] ^= (i + 1U);
     }
 
-    crypto_aead_chacha20poly1305_encrypt(c, &clen, m, sizeof m, NULL, 0U,
-                                         NULL, nonce, firstkey);
+    crypto_aead_chacha20poly1305_encrypt(c, &clen, m, sizeof m, NULL, 0U, NULL,
+                                         nonce, firstkey);
     if (clen != sizeof m + crypto_aead_chacha20poly1305_abytes()) {
         printf("clen is not properly set (adlen=0)\n");
     }
     for (i = 0U; i < sizeof c; ++i) {
-        printf(",0x%02x", (unsigned int) c[i]);
+        printf(",0x%02x", (unsigned int)c[i]);
         if (i % 8 == 7) {
             printf("\n");
         }
@@ -82,8 +73,7 @@ int main(void)
     printf("\n");
 
     if (crypto_aead_chacha20poly1305_decrypt(m2, &m2len, NULL, c, sizeof c,
-                                             NULL, 0U,
-                                             nonce, firstkey) != 0) {
+                                             NULL, 0U, nonce, firstkey) != 0) {
         printf("crypto_aead_chacha20poly1305_decrypt() failed (adlen=0)\n");
     }
     if (m2len != sizeof c - crypto_aead_chacha20poly1305_abytes()) {
@@ -93,5 +83,21 @@ int main(void)
         printf("m != m2 (adlen=0)\n");
     }
 
+    if (crypto_aead_chacha20poly1305_decrypt(
+            m2, &m2len, NULL, c, crypto_aead_chacha20poly1305_ABYTES / 2, NULL,
+            0U, nonce, firstkey) != -1) {
+        printf("crypto_aead_chacha20poly1305_decrypt() worked with a short "
+               "ciphertext\n");
+    }
+    if (crypto_aead_chacha20poly1305_decrypt(m2, &m2len, NULL, c, 0U, NULL, 0U,
+                                             nonce, firstkey) != -1) {
+        printf("crypto_aead_chacha20poly1305_decrypt() worked with an empty "
+               "ciphertext\n");
+    }
+
+    assert(crypto_aead_chacha20poly1305_keybytes() > 0U);
+    assert(crypto_aead_chacha20poly1305_npubbytes() > 0U);
+    assert(crypto_aead_chacha20poly1305_nsecbytes() == 0U);
+
     return 0;
 }
diff --git a/test/default/aead_chacha20poly1305.exp b/test/default/aead_chacha20poly1305.exp
new file mode 100644
index 0000000..14355fa
--- /dev/null
+++ b/test/default/aead_chacha20poly1305.exp
@@ -0,0 +1,8 @@
+,0xe3,0xe4,0x46,0xf7,0xed,0xe9,0xa1,0x9b
+,0x62,0xa4,0x67,0x7d,0xab,0xf4,0xe3,0xd2
+,0x4b,0x87,0x6b,0xb2,0x84,0x75,0x38,0x96
+,0xe1,0xd6
+,0xe3,0xe4,0x46,0xf7,0xed,0xe9,0xa1,0x9b
+,0x62,0xa4,0x69,0xe7,0x78,0x9b,0xcd,0x95
+,0x4e,0x65,0x8e,0xd3,0x84,0x23,0xe2,0x31
+,0x61,0xdc
diff --git a/test/default/auth.c b/test/default/auth.c
index 88c8207..913ada4 100644
--- a/test/default/auth.c
+++ b/test/default/auth.c
@@ -1,4 +1,3 @@
-#include <stdio.h>
 
 #define TEST_NAME "auth"
 #include "cmptest.h"
@@ -7,15 +6,55 @@
 unsigned char key[32] = "Jefe";
 unsigned char c[] = "what do ya want for nothing?";
 
-unsigned char a[32];
+/* Hacker manifesto */
+unsigned char key2[] = "Another one got caught today, it's all over the papers. \"Teenager Arrested in Computer Crime Scandal\", \"Hacker Arrested after Bank Tampering\"... Damn kids. They're all alike.";
+
+unsigned char a[crypto_auth_BYTES];
+unsigned char a2[crypto_auth_hmacsha512_BYTES];
 
 int main(void)
 {
-  int i;
-  crypto_auth_hmacsha512256(a,c,sizeof c - 1U,key);
-  for (i = 0;i < 32;++i) {
-    printf(",0x%02x",(unsigned int) a[i]);
-    if (i % 8 == 7) printf("\n");
-  }
-  return 0;
+    crypto_auth_hmacsha512_state st;
+    int i;
+
+    crypto_auth(a, c, sizeof c - 1U, key);
+    for (i = 0; i < sizeof a; ++i) {
+        printf(",0x%02x", (unsigned int)a[i]);
+        if (i % 8 == 7)
+            printf("\n");
+    }
+    printf("\n");
+
+    crypto_auth_hmacsha512_init(&st, key, sizeof key);
+    crypto_auth_hmacsha512_update(&st, c, 1U);
+    crypto_auth_hmacsha512_update(&st, c, sizeof c - 2U);
+    crypto_auth_hmacsha512_final(&st, a2);
+    for (i = 0; i < sizeof a2; ++i) {
+        printf(",0x%02x", (unsigned int)a2[i]);
+        if (i % 8 == 7)
+            printf("\n");
+    }
+    printf("\n");
+
+    crypto_auth_hmacsha512_init(&st, key2, sizeof key2);
+    crypto_auth_hmacsha512_update(&st, c, 1U);
+    crypto_auth_hmacsha512_update(&st, c, sizeof c - 2U);
+    crypto_auth_hmacsha512_final(&st, a2);
+    for (i = 0; i < sizeof a2; ++i) {
+        printf(",0x%02x", (unsigned int)a2[i]);
+        if (i % 8 == 7)
+            printf("\n");
+    }
+
+    assert(crypto_auth_bytes() > 0U);
+    assert(crypto_auth_keybytes() > 0U);
+    assert(strcmp(crypto_auth_primitive(), "hmacsha512256") == 0);
+    assert(crypto_auth_hmacsha256_bytes() > 0U);
+    assert(crypto_auth_hmacsha256_keybytes() > 0U);
+    assert(crypto_auth_hmacsha512_bytes() > 0U);
+    assert(crypto_auth_hmacsha512_keybytes() > 0U);
+    assert(crypto_auth_hmacsha512256_bytes() == crypto_auth_bytes());
+    assert(crypto_auth_hmacsha512256_keybytes() == crypto_auth_keybytes());
+
+    return 0;
 }
diff --git a/test/default/auth.exp b/test/default/auth.exp
new file mode 100644
index 0000000..b18278c
--- /dev/null
+++ b/test/default/auth.exp
@@ -0,0 +1,22 @@
+,0x16,0x4b,0x7a,0x7b,0xfc,0xf8,0x19,0xe2
+,0xe3,0x95,0xfb,0xe7,0x3b,0x56,0xe0,0xa3
+,0x87,0xbd,0x64,0x22,0x2e,0x83,0x1f,0xd6
+,0x10,0x27,0x0c,0xd7,0xea,0x25,0x05,0x54
+
+,0x7b,0x9d,0x83,0x38,0xeb,0x1e,0x3d,0xdd
+,0xba,0x8a,0x9a,0x35,0x08,0xd0,0x34,0xa1
+,0xec,0xbe,0x75,0x11,0x37,0xfa,0x1b,0xcb
+,0xa0,0xf9,0x2a,0x3e,0x6d,0xfc,0x79,0x80
+,0xb8,0x81,0xa8,0x64,0x5f,0x92,0x67,0x22
+,0x74,0x37,0x96,0x4b,0xf3,0x07,0x0b,0xe2
+,0xb3,0x36,0xb3,0xa3,0x20,0xf8,0x25,0xce
+,0xc9,0x87,0x2d,0xb2,0x50,0x4b,0xf3,0x6d
+
+,0x73,0xe0,0x0d,0xcb,0xf4,0xf8,0xa3,0x33
+,0x30,0xac,0x52,0xed,0x2c,0xc9,0xd1,0xb2
+,0xef,0xb1,0x77,0x13,0xd3,0xec,0xe3,0x96
+,0x14,0x9f,0x37,0x65,0x3c,0xfe,0x70,0xe7
+,0x1f,0x2c,0x6f,0x9a,0x62,0xc3,0xc5,0x3a
+,0x31,0x8a,0x9a,0x0b,0x3b,0x78,0x60,0xa4
+,0x31,0x6f,0x72,0x9b,0x8d,0x30,0x0f,0x15
+,0x9b,0x2f,0x60,0x93,0xa8,0x60,0xc1,0xed
diff --git a/test/default/auth2.c b/test/default/auth2.c
index b3301cf..ffab022 100644
--- a/test/default/auth2.c
+++ b/test/default/auth2.c
@@ -1,36 +1,31 @@
 /* "Test Case AUTH256-4" from RFC 4868 */
 
-#include <stdio.h>
-
 #define TEST_NAME "auth2"
 #include "cmptest.h"
 
-unsigned char key[32] = {
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
-,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0x10
-,0x11,0x12,0x13,0x14,0x15,0x16,0x17,0x18
-,0x19,0x1a,0x1b,0x1c,0x1d,0x1e,0x1f,0x20
-} ;
+unsigned char key[32]
+    = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
+        0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16,
+        0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20 };
 
-unsigned char c[50] = {
- 0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd
-,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd
-,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd
-,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd
-,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd
-,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd
-,0xcd,0xcd
-} ;
+unsigned char c[50]
+    = { 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
+        0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
+        0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
+        0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
+        0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd };
 
 unsigned char a[32];
 
 int main(void)
 {
-  int i;
-  crypto_auth_hmacsha256(a,c,sizeof c,key);
-  for (i = 0;i < 32;++i) {
-    printf(",0x%02x",(unsigned int) a[i]);
-    if (i % 8 == 7) printf("\n");
-  }
-  return 0;
+    int i;
+
+    crypto_auth_hmacsha256(a, c, sizeof c, key);
+    for (i = 0; i < 32; ++i) {
+        printf(",0x%02x", (unsigned int)a[i]);
+        if (i % 8 == 7)
+            printf("\n");
+    }
+    return 0;
 }
diff --git a/test/default/auth2.exp b/test/default/auth2.exp
new file mode 100644
index 0000000..955951a
--- /dev/null
+++ b/test/default/auth2.exp
@@ -0,0 +1,4 @@
+,0x37,0x2e,0xfc,0xf9,0xb4,0x0b,0x35,0xc2
+,0x11,0x5b,0x13,0x46,0x90,0x3d,0x2e,0xf4
+,0x2f,0xce,0xd4,0x6f,0x08,0x46,0xe7,0x25
+,0x7b,0xb1,0x56,0xd3,0xd7,0xb3,0x0d,0x3f
diff --git a/test/default/auth3.c b/test/default/auth3.c
index 08e275a..3a299da 100644
--- a/test/default/auth3.c
+++ b/test/default/auth3.c
@@ -1,36 +1,28 @@
 /* "Test Case AUTH256-4" from RFC 4868 */
 
-#include <stdio.h>
-
 #define TEST_NAME "auth3"
 #include "cmptest.h"
 
-unsigned char key[32] = {
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
-,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0x10
-,0x11,0x12,0x13,0x14,0x15,0x16,0x17,0x18
-,0x19,0x1a,0x1b,0x1c,0x1d,0x1e,0x1f,0x20
-} ;
+unsigned char key[32]
+    = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
+        0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16,
+        0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20 };
 
-unsigned char c[50] = {
- 0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd
-,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd
-,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd
-,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd
-,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd
-,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd
-,0xcd,0xcd
-} ;
+unsigned char c[50]
+    = { 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
+        0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
+        0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
+        0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
+        0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd };
 
-unsigned char a[32] = {
- 0x37,0x2e,0xfc,0xf9,0xb4,0x0b,0x35,0xc2
-,0x11,0x5b,0x13,0x46,0x90,0x3d,0x2e,0xf4
-,0x2f,0xce,0xd4,0x6f,0x08,0x46,0xe7,0x25
-,0x7b,0xb1,0x56,0xd3,0xd7,0xb3,0x0d,0x3f
-} ;
+unsigned char a[32]
+    = { 0x37, 0x2e, 0xfc, 0xf9, 0xb4, 0x0b, 0x35, 0xc2, 0x11, 0x5b, 0x13,
+        0x46, 0x90, 0x3d, 0x2e, 0xf4, 0x2f, 0xce, 0xd4, 0x6f, 0x08, 0x46,
+        0xe7, 0x25, 0x7b, 0xb1, 0x56, 0xd3, 0xd7, 0xb3, 0x0d, 0x3f };
 
 int main(void)
 {
-  printf("%d\n",crypto_auth_hmacsha256_verify(a,c,sizeof c,key));
-  return 0;
+    printf("%d\n", crypto_auth_hmacsha256_verify(a, c, sizeof c, key));
+
+    return 0;
 }
diff --git a/test/default/auth3.exp b/test/default/auth3.exp
new file mode 100644
index 0000000..573541a
--- /dev/null
+++ b/test/default/auth3.exp
@@ -0,0 +1 @@
+0
diff --git a/test/default/auth5.c b/test/default/auth5.c
index ded9489..7557bd7 100644
--- a/test/default/auth5.c
+++ b/test/default/auth5.c
@@ -1,5 +1,4 @@
-#include <stdio.h>
-#include <stdlib.h>
+
 #include "windows/windows-quirks.h"
 
 #define TEST_NAME "auth5"
@@ -11,27 +10,28 @@ unsigned char a[32];
 
 int main(void)
 {
-  int clen;
-  for (clen = 0;clen < 10000;++clen) {
-    randombytes(key,sizeof key);
-    randombytes(c,clen);
-    crypto_auth_hmacsha512256(a,c,clen,key);
-    if (crypto_auth_hmacsha512256_verify(a,c,clen,key) != 0) {
-      printf("fail %d\n",clen);
-      return 100;
-    }
-    if (clen > 0) {
-      c[rand() % clen] += 1 + (rand() % 255);
-      if (crypto_auth_hmacsha512256_verify(a,c,clen,key) == 0) {
-        printf("forgery %d\n",clen);
-        return 100;
-      }
-      a[rand() % sizeof a] += 1 + (rand() % 255);
-      if (crypto_auth_hmacsha512256_verify(a,c,clen,key) == 0) {
-        printf("forgery %d\n",clen);
-        return 100;
-      }
+    size_t clen;
+
+    for (clen = 0; clen < 10000; ++clen) {
+        randombytes_buf(key, sizeof key);
+        randombytes_buf(c, clen);
+        crypto_auth(a, c, clen, key);
+        if (crypto_auth_verify(a, c, clen, key) != 0) {
+            printf("fail %u\n", (unsigned int) clen);
+            return 100;
+        }
+        if (clen > 0) {
+            c[rand() % clen] += 1 + (rand() % 255);
+            if (crypto_auth_verify(a, c, clen, key) == 0) {
+                printf("forgery %u\n", (unsigned int) clen);
+                return 100;
+            }
+            a[rand() % sizeof a] += 1 + (rand() % 255);
+            if (crypto_auth_verify(a, c, clen, key) == 0) {
+                printf("forgery %u\n", (unsigned int) clen);
+                return 100;
+            }
+        }
     }
-  }
-  return 0;
+    return 0;
 }
diff --git a/test/default/auth5.exp b/test/default/auth5.exp
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/test/default/auth5.exp
diff --git a/test/default/auth6.c b/test/default/auth6.c
index 5bf0500..9e7b671 100644
--- a/test/default/auth6.c
+++ b/test/default/auth6.c
@@ -1,4 +1,3 @@
-#include <stdio.h>
 
 #define TEST_NAME "auth6"
 #include "cmptest.h"
@@ -11,11 +10,13 @@ unsigned char a[64];
 
 int main(void)
 {
-  int i;
-  crypto_auth_hmacsha512(a,c,sizeof c - 1U,key);
-  for (i = 0;i < 64;++i) {
-    printf(",0x%02x",(unsigned int) a[i]);
-    if (i % 8 == 7) printf("\n");
-  }
-  return 0;
+    int i;
+
+    crypto_auth_hmacsha512(a, c, sizeof c - 1U, key);
+    for (i = 0; i < 64; ++i) {
+        printf(",0x%02x", (unsigned int)a[i]);
+        if (i % 8 == 7)
+            printf("\n");
+    }
+    return 0;
 }
diff --git a/test/default/auth6.exp b/test/default/auth6.exp
new file mode 100644
index 0000000..da0c528
--- /dev/null
+++ b/test/default/auth6.exp
@@ -0,0 +1,8 @@
+,0x16,0x4b,0x7a,0x7b,0xfc,0xf8,0x19,0xe2
+,0xe3,0x95,0xfb,0xe7,0x3b,0x56,0xe0,0xa3
+,0x87,0xbd,0x64,0x22,0x2e,0x83,0x1f,0xd6
+,0x10,0x27,0x0c,0xd7,0xea,0x25,0x05,0x54
+,0x97,0x58,0xbf,0x75,0xc0,0x5a,0x99,0x4a
+,0x6d,0x03,0x4f,0x65,0xf8,0xf0,0xe6,0xfd
+,0xca,0xea,0xb1,0xa3,0x4d,0x4a,0x6b,0x4b
+,0x63,0x6e,0x07,0x0a,0x38,0xbc,0xe7,0x37
diff --git a/test/default/auth7.c b/test/default/auth7.c
index be67312..9a1e90c 100644
--- a/test/default/auth7.c
+++ b/test/default/auth7.c
@@ -1,5 +1,4 @@
-#include <stdio.h>
-#include <stdlib.h>
+
 #include "windows/windows-quirks.h"
 
 #define TEST_NAME "auth7"
@@ -11,27 +10,28 @@ unsigned char a[64];
 
 int main(void)
 {
-  int clen;
-  for (clen = 0;clen < 10000;++clen) {
-    randombytes(key,sizeof key);
-    randombytes(c,clen);
-    crypto_auth_hmacsha512(a,c,clen,key);
-    if (crypto_auth_hmacsha512_verify(a,c,clen,key) != 0) {
-      printf("fail %d\n",clen);
-      return 100;
-    }
-    if (clen > 0) {
-      c[rand() % clen] += 1 + (rand() % 255);
-      if (crypto_auth_hmacsha512_verify(a,c,clen,key) == 0) {
-        printf("forgery %d\n",clen);
-        return 100;
-      }
-      a[rand() % sizeof a] += 1 + (rand() % 255);
-      if (crypto_auth_hmacsha512_verify(a,c,clen,key) == 0) {
-        printf("forgery %d\n",clen);
-        return 100;
-      }
+    int clen;
+
+    for (clen = 0; clen < 10000; ++clen) {
+        randombytes_buf(key, sizeof key);
+        randombytes_buf(c, clen);
+        crypto_auth_hmacsha512(a, c, clen, key);
+        if (crypto_auth_hmacsha512_verify(a, c, clen, key) != 0) {
+            printf("fail %d\n", clen);
+            return 100;
+        }
+        if (clen > 0) {
+            c[rand() % clen] += 1 + (rand() % 255);
+            if (crypto_auth_hmacsha512_verify(a, c, clen, key) == 0) {
+                printf("forgery %d\n", clen);
+                return 100;
+            }
+            a[rand() % sizeof a] += 1 + (rand() % 255);
+            if (crypto_auth_hmacsha512_verify(a, c, clen, key) == 0) {
+                printf("forgery %d\n", clen);
+                return 100;
+            }
+        }
     }
-  }
-  return 0;
+    return 0;
 }
diff --git a/test/default/auth7.exp b/test/default/auth7.exp
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/test/default/auth7.exp
diff --git a/test/default/box.c b/test/default/box.c
index d9f2629..b9ba1cc 100644
--- a/test/default/box.c
+++ b/test/default/box.c
@@ -1,65 +1,88 @@
-#include <stdio.h>
 
 #define TEST_NAME "box"
 #include "cmptest.h"
 
-unsigned char alicesk[32] = {
- 0x77,0x07,0x6d,0x0a,0x73,0x18,0xa5,0x7d
-,0x3c,0x16,0xc1,0x72,0x51,0xb2,0x66,0x45
-,0xdf,0x4c,0x2f,0x87,0xeb,0xc0,0x99,0x2a
-,0xb1,0x77,0xfb,0xa5,0x1d,0xb9,0x2c,0x2a
-} ;
+unsigned char alicesk[32]
+    = { 0x77, 0x07, 0x6d, 0x0a, 0x73, 0x18, 0xa5, 0x7d, 0x3c, 0x16, 0xc1,
+        0x72, 0x51, 0xb2, 0x66, 0x45, 0xdf, 0x4c, 0x2f, 0x87, 0xeb, 0xc0,
+        0x99, 0x2a, 0xb1, 0x77, 0xfb, 0xa5, 0x1d, 0xb9, 0x2c, 0x2a };
 
-unsigned char bobpk[32] = {
- 0xde,0x9e,0xdb,0x7d,0x7b,0x7d,0xc1,0xb4
-,0xd3,0x5b,0x61,0xc2,0xec,0xe4,0x35,0x37
-,0x3f,0x83,0x43,0xc8,0x5b,0x78,0x67,0x4d
-,0xad,0xfc,0x7e,0x14,0x6f,0x88,0x2b,0x4f
-} ;
+unsigned char bobpk[32]
+    = { 0xde, 0x9e, 0xdb, 0x7d, 0x7b, 0x7d, 0xc1, 0xb4, 0xd3, 0x5b, 0x61,
+        0xc2, 0xec, 0xe4, 0x35, 0x37, 0x3f, 0x83, 0x43, 0xc8, 0x5b, 0x78,
+        0x67, 0x4d, 0xad, 0xfc, 0x7e, 0x14, 0x6f, 0x88, 0x2b, 0x4f };
 
-unsigned char nonce[24] = {
- 0x69,0x69,0x6e,0xe9,0x55,0xb6,0x2b,0x73
-,0xcd,0x62,0xbd,0xa8,0x75,0xfc,0x73,0xd6
-,0x82,0x19,0xe0,0x03,0x6b,0x7a,0x0b,0x37
-} ;
+unsigned char nonce[24] = { 0x69, 0x69, 0x6e, 0xe9, 0x55, 0xb6, 0x2b, 0x73,
+                            0xcd, 0x62, 0xbd, 0xa8, 0x75, 0xfc, 0x73, 0xd6,
+                            0x82, 0x19, 0xe0, 0x03, 0x6b, 0x7a, 0x0b, 0x37 };
 
 // API requires first 32 bytes to be 0
-unsigned char m[163] = {
-    0,   0,   0,   0,   0,   0,   0,   0
-,   0,   0,   0,   0,   0,   0,   0,   0
-,   0,   0,   0,   0,   0,   0,   0,   0
-,   0,   0,   0,   0,   0,   0,   0,   0
-,0xbe,0x07,0x5f,0xc5,0x3c,0x81,0xf2,0xd5
-,0xcf,0x14,0x13,0x16,0xeb,0xeb,0x0c,0x7b
-,0x52,0x28,0xc5,0x2a,0x4c,0x62,0xcb,0xd4
-,0x4b,0x66,0x84,0x9b,0x64,0x24,0x4f,0xfc
-,0xe5,0xec,0xba,0xaf,0x33,0xbd,0x75,0x1a
-,0x1a,0xc7,0x28,0xd4,0x5e,0x6c,0x61,0x29
-,0x6c,0xdc,0x3c,0x01,0x23,0x35,0x61,0xf4
-,0x1d,0xb6,0x6c,0xce,0x31,0x4a,0xdb,0x31
-,0x0e,0x3b,0xe8,0x25,0x0c,0x46,0xf0,0x6d
-,0xce,0xea,0x3a,0x7f,0xa1,0x34,0x80,0x57
-,0xe2,0xf6,0x55,0x6a,0xd6,0xb1,0x31,0x8a
-,0x02,0x4a,0x83,0x8f,0x21,0xaf,0x1f,0xde
-,0x04,0x89,0x77,0xeb,0x48,0xf5,0x9f,0xfd
-,0x49,0x24,0xca,0x1c,0x60,0x90,0x2e,0x52
-,0xf0,0xa0,0x89,0xbc,0x76,0x89,0x70,0x40
-,0xe0,0x82,0xf9,0x37,0x76,0x38,0x48,0x64
-,0x5e,0x07,0x05
-} ;
+unsigned char m[163]
+    = { 0,    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+        0,    0,    0,    0,    0,    0,    0,    0,    0xbe, 0x07, 0x5f, 0xc5,
+        0x3c, 0x81, 0xf2, 0xd5, 0xcf, 0x14, 0x13, 0x16, 0xeb, 0xeb, 0x0c, 0x7b,
+        0x52, 0x28, 0xc5, 0x2a, 0x4c, 0x62, 0xcb, 0xd4, 0x4b, 0x66, 0x84, 0x9b,
+        0x64, 0x24, 0x4f, 0xfc, 0xe5, 0xec, 0xba, 0xaf, 0x33, 0xbd, 0x75, 0x1a,
+        0x1a, 0xc7, 0x28, 0xd4, 0x5e, 0x6c, 0x61, 0x29, 0x6c, 0xdc, 0x3c, 0x01,
+        0x23, 0x35, 0x61, 0xf4, 0x1d, 0xb6, 0x6c, 0xce, 0x31, 0x4a, 0xdb, 0x31,
+        0x0e, 0x3b, 0xe8, 0x25, 0x0c, 0x46, 0xf0, 0x6d, 0xce, 0xea, 0x3a, 0x7f,
+        0xa1, 0x34, 0x80, 0x57, 0xe2, 0xf6, 0x55, 0x6a, 0xd6, 0xb1, 0x31, 0x8a,
+        0x02, 0x4a, 0x83, 0x8f, 0x21, 0xaf, 0x1f, 0xde, 0x04, 0x89, 0x77, 0xeb,
+        0x48, 0xf5, 0x9f, 0xfd, 0x49, 0x24, 0xca, 0x1c, 0x60, 0x90, 0x2e, 0x52,
+        0xf0, 0xa0, 0x89, 0xbc, 0x76, 0x89, 0x70, 0x40, 0xe0, 0x82, 0xf9, 0x37,
+        0x76, 0x38, 0x48, 0x64, 0x5e, 0x07, 0x05 };
 
 unsigned char c[163];
 
 int main(void)
 {
-  int i;
-  crypto_box_curve25519xsalsa20poly1305(
-    c,m,163,nonce,bobpk,alicesk
-  );
-  for (i = 16;i < 163;++i) {
-    printf(",0x%02x",(unsigned int) c[i]);
-    if (i % 8 == 7) printf("\n");
-  }
-  printf("\n");
-  return 0;
+    unsigned char k[crypto_box_BEFORENMBYTES];
+    int i;
+
+    crypto_box(c, m, 163, nonce, bobpk, alicesk);
+    for (i = 16; i < 163; ++i) {
+        printf(",0x%02x", (unsigned int)c[i]);
+        if (i % 8 == 7)
+            printf("\n");
+    }
+    printf("\n");
+
+    memset(c, 0, sizeof c);
+    crypto_box_beforenm(k, bobpk, alicesk);
+    crypto_box_afternm(c, m, 163, nonce, k);
+    for (i = 16; i < 163; ++i) {
+        printf(",0x%02x", (unsigned int)c[i]);
+        if (i % 8 == 7)
+            printf("\n");
+    }
+    printf("\n");
+
+    assert(crypto_box_seedbytes() > 0U);
+    assert(crypto_box_publickeybytes() > 0U);
+    assert(crypto_box_secretkeybytes() > 0U);
+    assert(crypto_box_beforenmbytes() > 0U);
+    assert(crypto_box_noncebytes() > 0U);
+    assert(crypto_box_zerobytes() > 0U);
+    assert(crypto_box_boxzerobytes() > 0U);
+    assert(crypto_box_macbytes() > 0U);
+    assert(strcmp(crypto_box_primitive(), "curve25519xsalsa20poly1305") == 0);
+    assert(crypto_box_curve25519xsalsa20poly1305_seedbytes()
+           == crypto_box_seedbytes());
+    assert(crypto_box_curve25519xsalsa20poly1305_publickeybytes()
+           == crypto_box_publickeybytes());
+    assert(crypto_box_curve25519xsalsa20poly1305_secretkeybytes()
+           == crypto_box_secretkeybytes());
+    assert(crypto_box_curve25519xsalsa20poly1305_beforenmbytes()
+           == crypto_box_beforenmbytes());
+    assert(crypto_box_curve25519xsalsa20poly1305_noncebytes()
+           == crypto_box_noncebytes());
+    assert(crypto_box_curve25519xsalsa20poly1305_zerobytes()
+           == crypto_box_zerobytes());
+    assert(crypto_box_curve25519xsalsa20poly1305_boxzerobytes()
+           == crypto_box_boxzerobytes());
+    assert(crypto_box_curve25519xsalsa20poly1305_macbytes()
+           == crypto_box_macbytes());
+
+    return 0;
 }
diff --git a/test/default/box.exp b/test/default/box.exp
new file mode 100644
index 0000000..25db669
--- /dev/null
+++ b/test/default/box.exp
@@ -0,0 +1,38 @@
+,0xf3,0xff,0xc7,0x70,0x3f,0x94,0x00,0xe5
+,0x2a,0x7d,0xfb,0x4b,0x3d,0x33,0x05,0xd9
+,0x8e,0x99,0x3b,0x9f,0x48,0x68,0x12,0x73
+,0xc2,0x96,0x50,0xba,0x32,0xfc,0x76,0xce
+,0x48,0x33,0x2e,0xa7,0x16,0x4d,0x96,0xa4
+,0x47,0x6f,0xb8,0xc5,0x31,0xa1,0x18,0x6a
+,0xc0,0xdf,0xc1,0x7c,0x98,0xdc,0xe8,0x7b
+,0x4d,0xa7,0xf0,0x11,0xec,0x48,0xc9,0x72
+,0x71,0xd2,0xc2,0x0f,0x9b,0x92,0x8f,0xe2
+,0x27,0x0d,0x6f,0xb8,0x63,0xd5,0x17,0x38
+,0xb4,0x8e,0xee,0xe3,0x14,0xa7,0xcc,0x8a
+,0xb9,0x32,0x16,0x45,0x48,0xe5,0x26,0xae
+,0x90,0x22,0x43,0x68,0x51,0x7a,0xcf,0xea
+,0xbd,0x6b,0xb3,0x73,0x2b,0xc0,0xe9,0xda
+,0x99,0x83,0x2b,0x61,0xca,0x01,0xb6,0xde
+,0x56,0x24,0x4a,0x9e,0x88,0xd5,0xf9,0xb3
+,0x79,0x73,0xf6,0x22,0xa4,0x3d,0x14,0xa6
+,0x59,0x9b,0x1f,0x65,0x4c,0xb4,0x5a,0x74
+,0xe3,0x55,0xa5
+,0xf3,0xff,0xc7,0x70,0x3f,0x94,0x00,0xe5
+,0x2a,0x7d,0xfb,0x4b,0x3d,0x33,0x05,0xd9
+,0x8e,0x99,0x3b,0x9f,0x48,0x68,0x12,0x73
+,0xc2,0x96,0x50,0xba,0x32,0xfc,0x76,0xce
+,0x48,0x33,0x2e,0xa7,0x16,0x4d,0x96,0xa4
+,0x47,0x6f,0xb8,0xc5,0x31,0xa1,0x18,0x6a
+,0xc0,0xdf,0xc1,0x7c,0x98,0xdc,0xe8,0x7b
+,0x4d,0xa7,0xf0,0x11,0xec,0x48,0xc9,0x72
+,0x71,0xd2,0xc2,0x0f,0x9b,0x92,0x8f,0xe2
+,0x27,0x0d,0x6f,0xb8,0x63,0xd5,0x17,0x38
+,0xb4,0x8e,0xee,0xe3,0x14,0xa7,0xcc,0x8a
+,0xb9,0x32,0x16,0x45,0x48,0xe5,0x26,0xae
+,0x90,0x22,0x43,0x68,0x51,0x7a,0xcf,0xea
+,0xbd,0x6b,0xb3,0x73,0x2b,0xc0,0xe9,0xda
+,0x99,0x83,0x2b,0x61,0xca,0x01,0xb6,0xde
+,0x56,0x24,0x4a,0x9e,0x88,0xd5,0xf9,0xb3
+,0x79,0x73,0xf6,0x22,0xa4,0x3d,0x14,0xa6
+,0x59,0x9b,0x1f,0x65,0x4c,0xb4,0x5a,0x74
+,0xe3,0x55,0xa5
diff --git a/test/default/box2.c b/test/default/box2.c
index 7af2f58..93785f8 100644
--- a/test/default/box2.c
+++ b/test/default/box2.c
@@ -1,66 +1,63 @@
-#include <stdio.h>
 
 #define TEST_NAME "box2"
 #include "cmptest.h"
 
-unsigned char bobsk[32] = {
- 0x5d,0xab,0x08,0x7e,0x62,0x4a,0x8a,0x4b
-,0x79,0xe1,0x7f,0x8b,0x83,0x80,0x0e,0xe6
-,0x6f,0x3b,0xb1,0x29,0x26,0x18,0xb6,0xfd
-,0x1c,0x2f,0x8b,0x27,0xff,0x88,0xe0,0xeb
-} ;
+unsigned char bobsk[32]
+    = { 0x5d, 0xab, 0x08, 0x7e, 0x62, 0x4a, 0x8a, 0x4b, 0x79, 0xe1, 0x7f,
+        0x8b, 0x83, 0x80, 0x0e, 0xe6, 0x6f, 0x3b, 0xb1, 0x29, 0x26, 0x18,
+        0xb6, 0xfd, 0x1c, 0x2f, 0x8b, 0x27, 0xff, 0x88, 0xe0, 0xeb };
 
-unsigned char alicepk[32] = {
- 0x85,0x20,0xf0,0x09,0x89,0x30,0xa7,0x54
-,0x74,0x8b,0x7d,0xdc,0xb4,0x3e,0xf7,0x5a
-,0x0d,0xbf,0x3a,0x0d,0x26,0x38,0x1a,0xf4
-,0xeb,0xa4,0xa9,0x8e,0xaa,0x9b,0x4e,0x6a
-} ;
+unsigned char alicepk[32]
+    = { 0x85, 0x20, 0xf0, 0x09, 0x89, 0x30, 0xa7, 0x54, 0x74, 0x8b, 0x7d,
+        0xdc, 0xb4, 0x3e, 0xf7, 0x5a, 0x0d, 0xbf, 0x3a, 0x0d, 0x26, 0x38,
+        0x1a, 0xf4, 0xeb, 0xa4, 0xa9, 0x8e, 0xaa, 0x9b, 0x4e, 0x6a };
 
-unsigned char nonce[24] = {
- 0x69,0x69,0x6e,0xe9,0x55,0xb6,0x2b,0x73
-,0xcd,0x62,0xbd,0xa8,0x75,0xfc,0x73,0xd6
-,0x82,0x19,0xe0,0x03,0x6b,0x7a,0x0b,0x37
-} ;
+unsigned char nonce[24] = { 0x69, 0x69, 0x6e, 0xe9, 0x55, 0xb6, 0x2b, 0x73,
+                            0xcd, 0x62, 0xbd, 0xa8, 0x75, 0xfc, 0x73, 0xd6,
+                            0x82, 0x19, 0xe0, 0x03, 0x6b, 0x7a, 0x0b, 0x37 };
 
 // API requires first 16 bytes to be 0
-unsigned char c[163] = {
-    0,   0,   0,   0,   0,   0,   0,   0
-,   0,   0,   0,   0,   0,   0,   0,   0
-,0xf3,0xff,0xc7,0x70,0x3f,0x94,0x00,0xe5
-,0x2a,0x7d,0xfb,0x4b,0x3d,0x33,0x05,0xd9
-,0x8e,0x99,0x3b,0x9f,0x48,0x68,0x12,0x73
-,0xc2,0x96,0x50,0xba,0x32,0xfc,0x76,0xce
-,0x48,0x33,0x2e,0xa7,0x16,0x4d,0x96,0xa4
-,0x47,0x6f,0xb8,0xc5,0x31,0xa1,0x18,0x6a
-,0xc0,0xdf,0xc1,0x7c,0x98,0xdc,0xe8,0x7b
-,0x4d,0xa7,0xf0,0x11,0xec,0x48,0xc9,0x72
-,0x71,0xd2,0xc2,0x0f,0x9b,0x92,0x8f,0xe2
-,0x27,0x0d,0x6f,0xb8,0x63,0xd5,0x17,0x38
-,0xb4,0x8e,0xee,0xe3,0x14,0xa7,0xcc,0x8a
-,0xb9,0x32,0x16,0x45,0x48,0xe5,0x26,0xae
-,0x90,0x22,0x43,0x68,0x51,0x7a,0xcf,0xea
-,0xbd,0x6b,0xb3,0x73,0x2b,0xc0,0xe9,0xda
-,0x99,0x83,0x2b,0x61,0xca,0x01,0xb6,0xde
-,0x56,0x24,0x4a,0x9e,0x88,0xd5,0xf9,0xb3
-,0x79,0x73,0xf6,0x22,0xa4,0x3d,0x14,0xa6
-,0x59,0x9b,0x1f,0x65,0x4c,0xb4,0x5a,0x74
-,0xe3,0x55,0xa5
-} ;
+unsigned char c[163]
+    = { 0,    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+        0,    0,    0,    0,    0xf3, 0xff, 0xc7, 0x70, 0x3f, 0x94, 0x00, 0xe5,
+        0x2a, 0x7d, 0xfb, 0x4b, 0x3d, 0x33, 0x05, 0xd9, 0x8e, 0x99, 0x3b, 0x9f,
+        0x48, 0x68, 0x12, 0x73, 0xc2, 0x96, 0x50, 0xba, 0x32, 0xfc, 0x76, 0xce,
+        0x48, 0x33, 0x2e, 0xa7, 0x16, 0x4d, 0x96, 0xa4, 0x47, 0x6f, 0xb8, 0xc5,
+        0x31, 0xa1, 0x18, 0x6a, 0xc0, 0xdf, 0xc1, 0x7c, 0x98, 0xdc, 0xe8, 0x7b,
+        0x4d, 0xa7, 0xf0, 0x11, 0xec, 0x48, 0xc9, 0x72, 0x71, 0xd2, 0xc2, 0x0f,
+        0x9b, 0x92, 0x8f, 0xe2, 0x27, 0x0d, 0x6f, 0xb8, 0x63, 0xd5, 0x17, 0x38,
+        0xb4, 0x8e, 0xee, 0xe3, 0x14, 0xa7, 0xcc, 0x8a, 0xb9, 0x32, 0x16, 0x45,
+        0x48, 0xe5, 0x26, 0xae, 0x90, 0x22, 0x43, 0x68, 0x51, 0x7a, 0xcf, 0xea,
+        0xbd, 0x6b, 0xb3, 0x73, 0x2b, 0xc0, 0xe9, 0xda, 0x99, 0x83, 0x2b, 0x61,
+        0xca, 0x01, 0xb6, 0xde, 0x56, 0x24, 0x4a, 0x9e, 0x88, 0xd5, 0xf9, 0xb3,
+        0x79, 0x73, 0xf6, 0x22, 0xa4, 0x3d, 0x14, 0xa6, 0x59, 0x9b, 0x1f, 0x65,
+        0x4c, 0xb4, 0x5a, 0x74, 0xe3, 0x55, 0xa5 };
 
 unsigned char m[163];
 
 int main(void)
 {
-  int i;
-  if (crypto_box_curve25519xsalsa20poly1305_open(
-       m,c,163,nonce,alicepk,bobsk
-     ) == 0) {
-    for (i = 32;i < 163;++i) {
-      printf(",0x%02x",(unsigned int) m[i]);
-      if (i % 8 == 7) printf("\n");
+    unsigned char k[crypto_box_BEFORENMBYTES];
+    int i;
+
+    if (crypto_box_open(m, c, 163, nonce, alicepk, bobsk) == 0) {
+        for (i = 32; i < 163; ++i) {
+            printf(",0x%02x", (unsigned int)m[i]);
+            if (i % 8 == 7)
+                printf("\n");
+        }
+        printf("\n");
+    }
+
+    memset(m, 0, sizeof m);
+    crypto_box_beforenm(k, alicepk, bobsk);
+    if (crypto_box_open_afternm(m, c, 163, nonce, k) == 0) {
+        for (i = 32; i < 163; ++i) {
+            printf(",0x%02x", (unsigned int)m[i]);
+            if (i % 8 == 7)
+                printf("\n");
+        }
+        printf("\n");
     }
-    printf("\n");
-  }
-  return 0;
+    return 0;
 }
diff --git a/test/default/box2.exp b/test/default/box2.exp
new file mode 100644
index 0000000..51deccd
--- /dev/null
+++ b/test/default/box2.exp
@@ -0,0 +1,34 @@
+,0xbe,0x07,0x5f,0xc5,0x3c,0x81,0xf2,0xd5
+,0xcf,0x14,0x13,0x16,0xeb,0xeb,0x0c,0x7b
+,0x52,0x28,0xc5,0x2a,0x4c,0x62,0xcb,0xd4
+,0x4b,0x66,0x84,0x9b,0x64,0x24,0x4f,0xfc
+,0xe5,0xec,0xba,0xaf,0x33,0xbd,0x75,0x1a
+,0x1a,0xc7,0x28,0xd4,0x5e,0x6c,0x61,0x29
+,0x6c,0xdc,0x3c,0x01,0x23,0x35,0x61,0xf4
+,0x1d,0xb6,0x6c,0xce,0x31,0x4a,0xdb,0x31
+,0x0e,0x3b,0xe8,0x25,0x0c,0x46,0xf0,0x6d
+,0xce,0xea,0x3a,0x7f,0xa1,0x34,0x80,0x57
+,0xe2,0xf6,0x55,0x6a,0xd6,0xb1,0x31,0x8a
+,0x02,0x4a,0x83,0x8f,0x21,0xaf,0x1f,0xde
+,0x04,0x89,0x77,0xeb,0x48,0xf5,0x9f,0xfd
+,0x49,0x24,0xca,0x1c,0x60,0x90,0x2e,0x52
+,0xf0,0xa0,0x89,0xbc,0x76,0x89,0x70,0x40
+,0xe0,0x82,0xf9,0x37,0x76,0x38,0x48,0x64
+,0x5e,0x07,0x05
+,0xbe,0x07,0x5f,0xc5,0x3c,0x81,0xf2,0xd5
+,0xcf,0x14,0x13,0x16,0xeb,0xeb,0x0c,0x7b
+,0x52,0x28,0xc5,0x2a,0x4c,0x62,0xcb,0xd4
+,0x4b,0x66,0x84,0x9b,0x64,0x24,0x4f,0xfc
+,0xe5,0xec,0xba,0xaf,0x33,0xbd,0x75,0x1a
+,0x1a,0xc7,0x28,0xd4,0x5e,0x6c,0x61,0x29
+,0x6c,0xdc,0x3c,0x01,0x23,0x35,0x61,0xf4
+,0x1d,0xb6,0x6c,0xce,0x31,0x4a,0xdb,0x31
+,0x0e,0x3b,0xe8,0x25,0x0c,0x46,0xf0,0x6d
+,0xce,0xea,0x3a,0x7f,0xa1,0x34,0x80,0x57
+,0xe2,0xf6,0x55,0x6a,0xd6,0xb1,0x31,0x8a
+,0x02,0x4a,0x83,0x8f,0x21,0xaf,0x1f,0xde
+,0x04,0x89,0x77,0xeb,0x48,0xf5,0x9f,0xfd
+,0x49,0x24,0xca,0x1c,0x60,0x90,0x2e,0x52
+,0xf0,0xa0,0x89,0xbc,0x76,0x89,0x70,0x40
+,0xe0,0x82,0xf9,0x37,0x76,0x38,0x48,0x64
+,0x5e,0x07,0x05
diff --git a/test/default/box7.c b/test/default/box7.c
index ea7b484..e9b1db5 100644
--- a/test/default/box7.c
+++ b/test/default/box7.c
@@ -1,4 +1,3 @@
-#include <stdio.h>
 
 #define TEST_NAME "box7"
 #include "cmptest.h"
@@ -14,24 +13,27 @@ unsigned char m2[10000];
 
 int main(void)
 {
-  size_t mlen;
-  size_t i;
+    size_t mlen;
+    size_t i;
 
-  for (mlen = 0;mlen < 1000 && mlen + crypto_box_ZEROBYTES < sizeof m;++mlen) {
-    crypto_box_keypair(alicepk,alicesk);
-    crypto_box_keypair(bobpk,bobsk);
-    randombytes(n,crypto_box_NONCEBYTES);
-    randombytes(m + crypto_box_ZEROBYTES,mlen);
-    crypto_box(c,m,mlen + crypto_box_ZEROBYTES,n,bobpk,alicesk);
-    if (crypto_box_open(m2,c,mlen + crypto_box_ZEROBYTES,n,alicepk,bobsk) == 0) {
-      for (i = 0;i < mlen + crypto_box_ZEROBYTES;++i)
-        if (m2[i] != m[i]) {
-          printf("bad decryption\n");
-          break;
+    for (mlen = 0; mlen < 1000 && mlen + crypto_box_ZEROBYTES < sizeof m;
+         ++mlen) {
+        crypto_box_keypair(alicepk, alicesk);
+        crypto_box_keypair(bobpk, bobsk);
+        randombytes_buf(n, crypto_box_NONCEBYTES);
+        randombytes_buf(m + crypto_box_ZEROBYTES, mlen);
+        crypto_box(c, m, mlen + crypto_box_ZEROBYTES, n, bobpk, alicesk);
+        if (crypto_box_open(m2, c, mlen + crypto_box_ZEROBYTES, n, alicepk,
+                            bobsk) == 0) {
+            for (i = 0; i < mlen + crypto_box_ZEROBYTES; ++i) {
+                if (m2[i] != m[i]) {
+                    printf("bad decryption\n");
+                    break;
+                }
+            }
+        } else {
+            printf("ciphertext fails verification\n");
         }
-    } else {
-      printf("ciphertext fails verification\n");
     }
-  }
-  return 0;
+    return 0;
 }
diff --git a/test/default/box7.exp b/test/default/box7.exp
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/test/default/box7.exp
diff --git a/test/default/box8.c b/test/default/box8.c
index cc85057..fbfcff8 100644
--- a/test/default/box8.c
+++ b/test/default/box8.c
@@ -1,5 +1,4 @@
-#include <stdio.h>
-#include <stdlib.h>
+
 #include "windows/windows-quirks.h"
 
 #define TEST_NAME "box8"
@@ -16,29 +15,32 @@ unsigned char m2[10000];
 
 int main(void)
 {
-  size_t mlen;
-  size_t i;
-  int caught;
+    size_t mlen;
+    size_t i;
+    int caught;
 
-  for (mlen = 0;mlen < 1000 && mlen + crypto_box_ZEROBYTES < sizeof m;++mlen) {
-    crypto_box_keypair(alicepk,alicesk);
-    crypto_box_keypair(bobpk,bobsk);
-    randombytes(n,crypto_box_NONCEBYTES);
-    randombytes(m + crypto_box_ZEROBYTES,mlen);
-    crypto_box(c,m,mlen + crypto_box_ZEROBYTES,n,bobpk,alicesk);
-    caught = 0;
-    while (caught < 10) {
-      c[rand() % (mlen + crypto_box_ZEROBYTES)] = rand();
-      if (crypto_box_open(m2,c,mlen + crypto_box_ZEROBYTES,n,alicepk,bobsk) == 0) {
-        for (i = 0;i < mlen + crypto_box_ZEROBYTES;++i)
-          if (m2[i] != m[i]) {
-            printf("forgery\n");
-            return 100;
-          }
-      } else {
-        ++caught;
-      }
+    for (mlen = 0; mlen < 1000 && mlen + crypto_box_ZEROBYTES < sizeof m;
+         ++mlen) {
+        crypto_box_keypair(alicepk, alicesk);
+        crypto_box_keypair(bobpk, bobsk);
+        randombytes_buf(n, crypto_box_NONCEBYTES);
+        randombytes_buf(m + crypto_box_ZEROBYTES, mlen);
+        crypto_box(c, m, mlen + crypto_box_ZEROBYTES, n, bobpk, alicesk);
+        caught = 0;
+        while (caught < 10) {
+            c[rand() % (mlen + crypto_box_ZEROBYTES)] = rand();
+            if (crypto_box_open(m2, c, mlen + crypto_box_ZEROBYTES, n, alicepk,
+                                bobsk) == 0) {
+                for (i = 0; i < mlen + crypto_box_ZEROBYTES; ++i) {
+                    if (m2[i] != m[i]) {
+                        printf("forgery\n");
+                        return 100;
+                    }
+                }
+            } else {
+                ++caught;
+            }
+        }
     }
-  }
-  return 0;
+    return 0;
 }
diff --git a/test/default/box8.exp b/test/default/box8.exp
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/test/default/box8.exp
diff --git a/test/default/box_easy.c b/test/default/box_easy.c
index d3b899f..e4ce8a6 100644
--- a/test/default/box_easy.c
+++ b/test/default/box_easy.c
@@ -1,47 +1,33 @@
-#include <stdio.h>
 
 #define TEST_NAME "box_easy"
 #include "cmptest.h"
 
-unsigned char alicesk[32] = {
- 0x77,0x07,0x6d,0x0a,0x73,0x18,0xa5,0x7d
-,0x3c,0x16,0xc1,0x72,0x51,0xb2,0x66,0x45
-,0xdf,0x4c,0x2f,0x87,0xeb,0xc0,0x99,0x2a
-,0xb1,0x77,0xfb,0xa5,0x1d,0xb9,0x2c,0x2a
-} ;
-
-unsigned char bobpk[32] = {
- 0xde,0x9e,0xdb,0x7d,0x7b,0x7d,0xc1,0xb4
-,0xd3,0x5b,0x61,0xc2,0xec,0xe4,0x35,0x37
-,0x3f,0x83,0x43,0xc8,0x5b,0x78,0x67,0x4d
-,0xad,0xfc,0x7e,0x14,0x6f,0x88,0x2b,0x4f
-} ;
-
-unsigned char nonce[24] = {
- 0x69,0x69,0x6e,0xe9,0x55,0xb6,0x2b,0x73
-,0xcd,0x62,0xbd,0xa8,0x75,0xfc,0x73,0xd6
-,0x82,0x19,0xe0,0x03,0x6b,0x7a,0x0b,0x37
-} ;
-
-unsigned char m[131] = {
- 0xbe,0x07,0x5f,0xc5,0x3c,0x81,0xf2,0xd5
-,0xcf,0x14,0x13,0x16,0xeb,0xeb,0x0c,0x7b
-,0x52,0x28,0xc5,0x2a,0x4c,0x62,0xcb,0xd4
-,0x4b,0x66,0x84,0x9b,0x64,0x24,0x4f,0xfc
-,0xe5,0xec,0xba,0xaf,0x33,0xbd,0x75,0x1a
-,0x1a,0xc7,0x28,0xd4,0x5e,0x6c,0x61,0x29
-,0x6c,0xdc,0x3c,0x01,0x23,0x35,0x61,0xf4
-,0x1d,0xb6,0x6c,0xce,0x31,0x4a,0xdb,0x31
-,0x0e,0x3b,0xe8,0x25,0x0c,0x46,0xf0,0x6d
-,0xce,0xea,0x3a,0x7f,0xa1,0x34,0x80,0x57
-,0xe2,0xf6,0x55,0x6a,0xd6,0xb1,0x31,0x8a
-,0x02,0x4a,0x83,0x8f,0x21,0xaf,0x1f,0xde
-,0x04,0x89,0x77,0xeb,0x48,0xf5,0x9f,0xfd
-,0x49,0x24,0xca,0x1c,0x60,0x90,0x2e,0x52
-,0xf0,0xa0,0x89,0xbc,0x76,0x89,0x70,0x40
-,0xe0,0x82,0xf9,0x37,0x76,0x38,0x48,0x64
-,0x5e,0x07,0x05
-} ;
+unsigned char alicesk[32]
+    = { 0x77, 0x07, 0x6d, 0x0a, 0x73, 0x18, 0xa5, 0x7d, 0x3c, 0x16, 0xc1,
+        0x72, 0x51, 0xb2, 0x66, 0x45, 0xdf, 0x4c, 0x2f, 0x87, 0xeb, 0xc0,
+        0x99, 0x2a, 0xb1, 0x77, 0xfb, 0xa5, 0x1d, 0xb9, 0x2c, 0x2a };
+
+unsigned char bobpk[32]
+    = { 0xde, 0x9e, 0xdb, 0x7d, 0x7b, 0x7d, 0xc1, 0xb4, 0xd3, 0x5b, 0x61,
+        0xc2, 0xec, 0xe4, 0x35, 0x37, 0x3f, 0x83, 0x43, 0xc8, 0x5b, 0x78,
+        0x67, 0x4d, 0xad, 0xfc, 0x7e, 0x14, 0x6f, 0x88, 0x2b, 0x4f };
+
+unsigned char nonce[24] = { 0x69, 0x69, 0x6e, 0xe9, 0x55, 0xb6, 0x2b, 0x73,
+                            0xcd, 0x62, 0xbd, 0xa8, 0x75, 0xfc, 0x73, 0xd6,
+                            0x82, 0x19, 0xe0, 0x03, 0x6b, 0x7a, 0x0b, 0x37 };
+
+unsigned char m[131]
+    = { 0xbe, 0x07, 0x5f, 0xc5, 0x3c, 0x81, 0xf2, 0xd5, 0xcf, 0x14, 0x13, 0x16,
+        0xeb, 0xeb, 0x0c, 0x7b, 0x52, 0x28, 0xc5, 0x2a, 0x4c, 0x62, 0xcb, 0xd4,
+        0x4b, 0x66, 0x84, 0x9b, 0x64, 0x24, 0x4f, 0xfc, 0xe5, 0xec, 0xba, 0xaf,
+        0x33, 0xbd, 0x75, 0x1a, 0x1a, 0xc7, 0x28, 0xd4, 0x5e, 0x6c, 0x61, 0x29,
+        0x6c, 0xdc, 0x3c, 0x01, 0x23, 0x35, 0x61, 0xf4, 0x1d, 0xb6, 0x6c, 0xce,
+        0x31, 0x4a, 0xdb, 0x31, 0x0e, 0x3b, 0xe8, 0x25, 0x0c, 0x46, 0xf0, 0x6d,
+        0xce, 0xea, 0x3a, 0x7f, 0xa1, 0x34, 0x80, 0x57, 0xe2, 0xf6, 0x55, 0x6a,
+        0xd6, 0xb1, 0x31, 0x8a, 0x02, 0x4a, 0x83, 0x8f, 0x21, 0xaf, 0x1f, 0xde,
+        0x04, 0x89, 0x77, 0xeb, 0x48, 0xf5, 0x9f, 0xfd, 0x49, 0x24, 0xca, 0x1c,
+        0x60, 0x90, 0x2e, 0x52, 0xf0, 0xa0, 0x89, 0xbc, 0x76, 0x89, 0x70, 0x40,
+        0xe0, 0x82, 0xf9, 0x37, 0x76, 0x38, 0x48, 0x64, 0x5e, 0x07, 0x05 };
 
 unsigned char c[147 + crypto_box_MACBYTES];
 
@@ -51,9 +37,13 @@ int main(void)
 
     crypto_box_easy(c, m, 131, nonce, bobpk, alicesk);
     for (i = 0; i < 131 + crypto_box_MACBYTES; ++i) {
-        printf(",0x%02x",(unsigned int) c[i]);
-        if (i % 8 == 7) printf("\n");
+        printf(",0x%02x", (unsigned int)c[i]);
+        if (i % 8 == 7)
+            printf("\n");
     }
     printf("\n");
+
+    assert(crypto_box_easy(c, m, SIZE_MAX - 1U, nonce, bobpk, alicesk) == -1);
+
     return 0;
 }
diff --git a/test/default/box_easy.exp b/test/default/box_easy.exp
new file mode 100644
index 0000000..2b6c51e
--- /dev/null
+++ b/test/default/box_easy.exp
@@ -0,0 +1,19 @@
+,0xf3,0xff,0xc7,0x70,0x3f,0x94,0x00,0xe5
+,0x2a,0x7d,0xfb,0x4b,0x3d,0x33,0x05,0xd9
+,0x8e,0x99,0x3b,0x9f,0x48,0x68,0x12,0x73
+,0xc2,0x96,0x50,0xba,0x32,0xfc,0x76,0xce
+,0x48,0x33,0x2e,0xa7,0x16,0x4d,0x96,0xa4
+,0x47,0x6f,0xb8,0xc5,0x31,0xa1,0x18,0x6a
+,0xc0,0xdf,0xc1,0x7c,0x98,0xdc,0xe8,0x7b
+,0x4d,0xa7,0xf0,0x11,0xec,0x48,0xc9,0x72
+,0x71,0xd2,0xc2,0x0f,0x9b,0x92,0x8f,0xe2
+,0x27,0x0d,0x6f,0xb8,0x63,0xd5,0x17,0x38
+,0xb4,0x8e,0xee,0xe3,0x14,0xa7,0xcc,0x8a
+,0xb9,0x32,0x16,0x45,0x48,0xe5,0x26,0xae
+,0x90,0x22,0x43,0x68,0x51,0x7a,0xcf,0xea
+,0xbd,0x6b,0xb3,0x73,0x2b,0xc0,0xe9,0xda
+,0x99,0x83,0x2b,0x61,0xca,0x01,0xb6,0xde
+,0x56,0x24,0x4a,0x9e,0x88,0xd5,0xf9,0xb3
+,0x79,0x73,0xf6,0x22,0xa4,0x3d,0x14,0xa6
+,0x59,0x9b,0x1f,0x65,0x4c,0xb4,0x5a,0x74
+,0xe3,0x55,0xa5
diff --git a/test/default/box_easy2.c b/test/default/box_easy2.c
index c8753ee..5e22677 100644
--- a/test/default/box_easy2.c
+++ b/test/default/box_easy2.c
@@ -1,5 +1,3 @@
-#include <stdio.h>
-#include <string.h>
 
 #define TEST_NAME "box_easy2"
 #include "cmptest.h"
@@ -21,12 +19,12 @@ int main(void)
 
     crypto_box_keypair(alicepk, alicesk);
     crypto_box_keypair(bobpk, bobsk);
-    mlen = (unsigned long long) randombytes_uniform((uint32_t) sizeof m);
+    mlen = (unsigned long long)randombytes_uniform((uint32_t)sizeof m);
     randombytes_buf(m, mlen);
     randombytes_buf(nonce, sizeof nonce);
     crypto_box_easy(c, m, mlen, nonce, bobpk, alicesk);
-    if (crypto_box_open_easy(m2, c, mlen + crypto_box_MACBYTES,
-                             nonce, alicepk, bobsk) != 0) {
+    if (crypto_box_open_easy(m2, c, mlen + crypto_box_MACBYTES, nonce, alicepk,
+                             bobsk) != 0) {
         printf("open() failed");
         return 1;
     }
diff --git a/test/default/box_easy2.exp b/test/default/box_easy2.exp
new file mode 100644
index 0000000..aa47d0d
--- /dev/null
+++ b/test/default/box_easy2.exp
@@ -0,0 +1,2 @@
+0
+0
diff --git a/test/default/box_seed.c b/test/default/box_seed.c
index 6533d8c..5af2a50 100644
--- a/test/default/box_seed.c
+++ b/test/default/box_seed.c
@@ -1,28 +1,28 @@
-#include <stdio.h>
 
 #define TEST_NAME "box_seed"
 #include "cmptest.h"
 
-unsigned char seed[32] = {
- 0x77,0x07,0x6d,0x0a,0x73,0x18,0xa5,0x7d
-,0x3c,0x16,0xc1,0x72,0x51,0xb2,0x66,0x45
-,0xdf,0x4c,0x2f,0x87,0xeb,0xc0,0x99,0x2a
-,0xb1,0x77,0xfb,0xa5,0x1d,0xb9,0x2c,0x2a
-};
+unsigned char seed[32]
+    = { 0x77, 0x07, 0x6d, 0x0a, 0x73, 0x18, 0xa5, 0x7d, 0x3c, 0x16, 0xc1,
+        0x72, 0x51, 0xb2, 0x66, 0x45, 0xdf, 0x4c, 0x2f, 0x87, 0xeb, 0xc0,
+        0x99, 0x2a, 0xb1, 0x77, 0xfb, 0xa5, 0x1d, 0xb9, 0x2c, 0x2a };
 
 int main(void)
 {
-  int i;
-  unsigned char sk[32];
-  unsigned char pk[32];
-  crypto_box_curve25519xsalsa20poly1305_seed_keypair(pk, sk, seed);
-  for (i = 0;i < 32;++i) {
-    printf(",0x%02x",(unsigned int) pk[i]);
-    if (i % 8 == 7) printf("\n");
-  }
-  for (i = 0;i < 32;++i) {
-    printf(",0x%02x",(unsigned int) sk[i]);
-    if (i % 8 == 7) printf("\n");
-  }
-  return 0;
+    int i;
+    unsigned char sk[32];
+    unsigned char pk[32];
+
+    crypto_box_seed_keypair(pk, sk, seed);
+    for (i = 0; i < 32; ++i) {
+        printf(",0x%02x", (unsigned int)pk[i]);
+        if (i % 8 == 7)
+            printf("\n");
+    }
+    for (i = 0; i < 32; ++i) {
+        printf(",0x%02x", (unsigned int)sk[i]);
+        if (i % 8 == 7)
+            printf("\n");
+    }
+    return 0;
 }
diff --git a/test/default/box_seed.exp b/test/default/box_seed.exp
new file mode 100644
index 0000000..20e6806
--- /dev/null
+++ b/test/default/box_seed.exp
@@ -0,0 +1,8 @@
+,0xed,0x77,0x49,0xb4,0xd9,0x89,0xf6,0x95
+,0x7f,0x3b,0xfd,0xe6,0xc5,0x67,0x67,0xe9
+,0x88,0xe2,0x1c,0x9f,0x87,0x84,0xd9,0x1d
+,0x61,0x00,0x11,0xcd,0x55,0x3f,0x9b,0x06
+,0xac,0xcd,0x44,0xeb,0x8e,0x93,0x31,0x9c
+,0x05,0x70,0xbc,0x11,0x00,0x5c,0x0e,0x01
+,0x89,0xd3,0x4f,0xf0,0x2f,0x6c,0x17,0x77
+,0x34,0x11,0xad,0x19,0x12,0x93,0xc9,0x8f
diff --git a/test/default/chacha20.c b/test/default/chacha20.c
index 6dbc16c..b4334a8 100644
--- a/test/default/chacha20.c
+++ b/test/default/chacha20.c
@@ -1,7 +1,4 @@
 
-#include <stdio.h>
-#include <string.h>
-
 #define TEST_NAME "chacha20"
 #include "cmptest.h"
 
@@ -10,36 +7,59 @@ static void tv(void)
     static struct {
         const char *key_hex;
         const char *nonce_hex;
-    } tests[] = {
-        {"0000000000000000000000000000000000000000000000000000000000000000","0000000000000000"},
-        {"0000000000000000000000000000000000000000000000000000000000000001","0000000000000000"},
-        {"0000000000000000000000000000000000000000000000000000000000000000","0000000000000001"},
-        {"0000000000000000000000000000000000000000000000000000000000000000","0100000000000000"},
-        {"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f","0001020304050607"}
-    };
+    } tests[]
+      = { { "0000000000000000000000000000000000000000000000000000000000000000",
+            "0000000000000000" },
+          { "0000000000000000000000000000000000000000000000000000000000000001",
+            "0000000000000000" },
+          { "0000000000000000000000000000000000000000000000000000000000000000",
+            "0000000000000001" },
+          { "0000000000000000000000000000000000000000000000000000000000000000",
+            "0100000000000000" },
+          { "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
+            "0001020304050607" } };
     unsigned char key[crypto_stream_chacha20_KEYBYTES];
     unsigned char nonce[crypto_stream_chacha20_NONCEBYTES];
-    unsigned char out[60];
-    char          out_hex[60 * 2 + 1];
-    size_t        i = 0U;
+    unsigned char out[160];
+    char out_hex[160 * 2 + 1];
+    size_t i = 0U;
 
     do {
-        sodium_hex2bin((unsigned char *) key, sizeof key,
-                       tests[i].key_hex, strlen(tests[i].key_hex),
-                       NULL, NULL, NULL);
-        sodium_hex2bin(nonce, sizeof nonce,
-                       tests[i].nonce_hex, strlen(tests[i].nonce_hex),
-                       NULL, NULL, NULL);
+        sodium_hex2bin((unsigned char *)key, sizeof key, tests[i].key_hex,
+                       strlen(tests[i].key_hex), NULL, NULL, NULL);
+        sodium_hex2bin(nonce, sizeof nonce, tests[i].nonce_hex,
+                       strlen(tests[i].nonce_hex), NULL, NULL, NULL);
         crypto_stream_chacha20(out, sizeof out, nonce, key);
         sodium_bin2hex(out_hex, sizeof out_hex, out, sizeof out);
         printf("[%s]\n", out_hex);
     } while (++i < (sizeof tests) / (sizeof tests[0]));
+
+    memset(out, 0x42, sizeof out);
+
+    assert(crypto_stream_chacha20(out, 0U, nonce, key) == 0);
+    assert(crypto_stream_chacha20_xor(out, out, 0U, nonce, key) == 0);
+    assert(crypto_stream_chacha20_xor(out, out, 0U, nonce, key) == 0);
+    assert(crypto_stream_chacha20_xor_ic(out, out, 0U, nonce, 1U, key) == 0);
+
+    crypto_stream_chacha20_xor(out, out, sizeof out, nonce, key);
+    sodium_bin2hex(out_hex, sizeof out_hex, out, sizeof out);
+    printf("[%s]\n", out_hex);
+
+    crypto_stream_chacha20_xor_ic(out, out, sizeof out, nonce, 0U, key);
+    sodium_bin2hex(out_hex, sizeof out_hex, out, sizeof out);
+    printf("[%s]\n", out_hex);
+
+    crypto_stream_chacha20_xor_ic(out, out, sizeof out, nonce, 1U, key);
+    sodium_bin2hex(out_hex, sizeof out_hex, out, sizeof out);
+    printf("[%s]\n", out_hex);
 };
 
 int main(void)
 {
     tv();
 
-    return 0;    
-}
+    assert(crypto_stream_chacha20_keybytes() > 0U);
+    assert(crypto_stream_chacha20_noncebytes() > 0U);
 
+    return 0;
+}
diff --git a/test/default/chacha20.exp b/test/default/chacha20.exp
new file mode 100644
index 0000000..b669430
--- /dev/null
+++ b/test/default/chacha20.exp
@@ -0,0 +1,8 @@
+[76b8e0ada0f13d90405d6ae55386bd28bdd219b8a08ded1aa836efcc8b770dc7da41597c5157488d7724e03fb8d84a376a43b8f41518a11cc387b669b2ee65869f07e7be5551387a98ba977c732d080dcb0f29a048e3656912c6533e32ee7aed29b721769ce64e43d57133b074d839d531ed1f28510afb45ace10a1f4b794d6f2d09a0e663266ce1ae7ed1081968a0758e718e997bd362c6b0c34634a9a0b35d]
+[4540f05a9f1fb296d7736e7b208e3c96eb4fe1834688d2604f450952ed432d41bbe2a0b6ea7566d2a5d1e7e20d42af2c53d792b1c43fea817e9ad275ae5469633aeb5224ecf849929b9d828db1ced4dd832025e8018b8160b82284f3c949aa5a8eca00bbb4a73bdad192b5c42f73f2fd4e273644c8b36125a64addeb006c13a096d68b9ff7b57e7090f880392effd5b297a83bbaf2fbe8cf5d4618965e3dc776]
+[de9cba7bf3d69ef5e786dc63973f653a0b49e015adbff7134fcb7df137821031e85a050278a7084527214f73efc7fa5b5277062eb7a0433e445f41e31afab757283547e3d3d30ee0371c1e6025ff4c91b794a291cf7568d48ff84b37329e2730b12738a072a2b2c7169e326fe4893a7b2421bb910b79599a7ce4fbaee86be427c5ee0e8225eb6f48231fd504939d59eac8bd106cc138779b893c54da8758f62a]
+[ef3fdfd6c61578fbf5cf35bd3dd33b8009631634d21e42ac33960bd138e50d32111e4caf237ee53ca8ad6426194a88545ddc497a0b466e7d6bbdb0041b2f586b5305e5e44aff19b235936144675efbe4409eb7e8e5f1430f5f5836aeb49bb5328b017c4b9dc11f8a03863fa803dc71d5726b2b6b31aa32708afe5af1d6b690584d58792b271e5fdb92c486051c48b79a4d48a109bb2d0477956e74c25e93c3c2]
+[f798a189f195e66982105ffb640bb7757f579da31602fc93ec01ac56f85ac3c134a4547b733b46413042c9440049176905d3be59ea1c53f15916155c2be8241a38008b9a26bc35941e2444177c8ade6689de95264986d95889fb60e84629c9bd9a5acb1cc118be563eb9b3a4a472f82e09a7e778492b562ef7130e88dfe031c79db9d4f7c7a899151b9a475032b63fc385245fe054e3dd5a97a5f576fe064025]
+[b5dae3cbb3d7a42bc0521db92649f5373d15dfe15440bed1ae43ee14ba18818376e616393179040372008b06420b552b4791fc1ba85e11b31b54571e69aa66587a42c9d864fe77d65c6606553ec89c24cb9cd7640bc49b1acbb922aa046b8bffd818895e835afc147cfbf1e6e630ba6c4be5a53a0b69146cb5514cca9da27385dffb96b585eadb5759d8051270f47d81c7661da216a19f18d5e7b734bc440267]
+[42424242424242424242424242424242424242424242424242424242424242424242424242424242424242424242424242424242424242424242424242424242424242424242424242424242424242424242424242424242424242424242424242424242424242424242424242424242424242424242424242424242424242424242424242424242424242424242424242424242424242424242424242424242]
+[7a42c9d864fe77d65c6606553ec89c24cb9cd7640bc49b1acbb922aa046b8bffd818895e835afc147cfbf1e6e630ba6c4be5a53a0b69146cb5514cca9da27385dffb96b585eadb5759d8051270f47d81c7661da216a19f18d5e7b734bc440267918c466e1428f08745f37a99c77c7f2b1b244bd4162e8b86e4a8bf85358202954ced04b52fef7b3ba787744e715554285ecb0ed6e133c528d69d346abc0ce8b0]
diff --git a/test/default/cmptest.h b/test/default/cmptest.h
index ae84e43..156640c 100644
--- a/test/default/cmptest.h
+++ b/test/default/cmptest.h
@@ -2,7 +2,11 @@
 #ifndef __CMPTEST_H__
 #define __CMPTEST_H__
 
+#include <assert.h>
 #include <stdio.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <string.h>
 
 #include "sodium.h"
 
diff --git a/test/default/core1.c b/test/default/core1.c
index 4c9453f..44f90c4 100644
--- a/test/default/core1.c
+++ b/test/default/core1.c
@@ -1,32 +1,39 @@
-#include <stdio.h>
 
 #define TEST_NAME "core1"
 #include "cmptest.h"
 
-unsigned char shared[32] = {
- 0x4a,0x5d,0x9d,0x5b,0xa4,0xce,0x2d,0xe1
-,0x72,0x8e,0x3b,0xf4,0x80,0x35,0x0f,0x25
-,0xe0,0x7e,0x21,0xc9,0x47,0xd1,0x9e,0x33
-,0x76,0xf0,0x9b,0x3c,0x1e,0x16,0x17,0x42
-} ;
+unsigned char shared[32]
+    = { 0x4a, 0x5d, 0x9d, 0x5b, 0xa4, 0xce, 0x2d, 0xe1, 0x72, 0x8e, 0x3b,
+        0xf4, 0x80, 0x35, 0x0f, 0x25, 0xe0, 0x7e, 0x21, 0xc9, 0x47, 0xd1,
+        0x9e, 0x33, 0x76, 0xf0, 0x9b, 0x3c, 0x1e, 0x16, 0x17, 0x42 };
 
 unsigned char zero[32] = { 0 };
 
-unsigned char c[16] = {
- 0x65,0x78,0x70,0x61,0x6e,0x64,0x20,0x33
-,0x32,0x2d,0x62,0x79,0x74,0x65,0x20,0x6b
-} ;
+unsigned char c[16] = { 0x65, 0x78, 0x70, 0x61, 0x6e, 0x64, 0x20, 0x33,
+                        0x32, 0x2d, 0x62, 0x79, 0x74, 0x65, 0x20, 0x6b };
 
 unsigned char firstkey[32];
 
 int main(void)
 {
-  int i;
-  crypto_core_hsalsa20(firstkey,zero,shared,c);
-  for (i = 0;i < 32;++i) {
-    if (i > 0) printf(","); else printf(" ");
-    printf("0x%02x",(unsigned int) firstkey[i]);
-    if (i % 8 == 7) printf("\n");
-  }
-  return 0;
+    int i;
+
+    crypto_core_hsalsa20(firstkey, zero, shared, c);
+    for (i = 0; i < 32; ++i) {
+        if (i > 0) {
+            printf(",");
+        } else {
+            printf(" ");
+        }
+        printf("0x%02x", (unsigned int)firstkey[i]);
+        if (i % 8 == 7) {
+            printf("\n");
+        }
+    }
+    assert(crypto_core_hsalsa20_outputbytes() > 0U);
+    assert(crypto_core_hsalsa20_inputbytes() > 0U);
+    assert(crypto_core_hsalsa20_keybytes() > 0U);
+    assert(crypto_core_hsalsa20_constbytes() > 0U);
+
+    return 0;
 }
diff --git a/test/default/core1.exp b/test/default/core1.exp
new file mode 100644
index 0000000..715a489
--- /dev/null
+++ b/test/default/core1.exp
@@ -0,0 +1,4 @@
+ 0x1b,0x27,0x55,0x64,0x73,0xe9,0x85,0xd4
+,0x62,0xcd,0x51,0x19,0x7a,0x9a,0x46,0xc7
+,0x60,0x09,0x54,0x9e,0xac,0x64,0x74,0xf2
+,0x06,0xc4,0xee,0x08,0x44,0xf6,0x83,0x89
diff --git a/test/default/core2.c b/test/default/core2.c
index b07df8d..6870acb 100644
--- a/test/default/core2.c
+++ b/test/default/core2.c
@@ -1,35 +1,36 @@
-#include <stdio.h>
 
 #define TEST_NAME "core2"
 #include "cmptest.h"
 
-unsigned char firstkey[32] = {
- 0x1b,0x27,0x55,0x64,0x73,0xe9,0x85,0xd4
-,0x62,0xcd,0x51,0x19,0x7a,0x9a,0x46,0xc7
-,0x60,0x09,0x54,0x9e,0xac,0x64,0x74,0xf2
-,0x06,0xc4,0xee,0x08,0x44,0xf6,0x83,0x89
-} ;
+unsigned char firstkey[32]
+    = { 0x1b, 0x27, 0x55, 0x64, 0x73, 0xe9, 0x85, 0xd4, 0x62, 0xcd, 0x51,
+        0x19, 0x7a, 0x9a, 0x46, 0xc7, 0x60, 0x09, 0x54, 0x9e, 0xac, 0x64,
+        0x74, 0xf2, 0x06, 0xc4, 0xee, 0x08, 0x44, 0xf6, 0x83, 0x89 };
 
-unsigned char nonceprefix[16] = {
- 0x69,0x69,0x6e,0xe9,0x55,0xb6,0x2b,0x73
-,0xcd,0x62,0xbd,0xa8,0x75,0xfc,0x73,0xd6
-} ;
+unsigned char nonceprefix[16]
+    = { 0x69, 0x69, 0x6e, 0xe9, 0x55, 0xb6, 0x2b, 0x73,
+        0xcd, 0x62, 0xbd, 0xa8, 0x75, 0xfc, 0x73, 0xd6 };
 
-unsigned char c[16] = {
- 0x65,0x78,0x70,0x61,0x6e,0x64,0x20,0x33
-,0x32,0x2d,0x62,0x79,0x74,0x65,0x20,0x6b
-} ;
+unsigned char c[16] = { 0x65, 0x78, 0x70, 0x61, 0x6e, 0x64, 0x20, 0x33,
+                        0x32, 0x2d, 0x62, 0x79, 0x74, 0x65, 0x20, 0x6b };
 
 unsigned char secondkey[32];
 
 int main(void)
 {
-  int i;
-  crypto_core_hsalsa20(secondkey,nonceprefix,firstkey,c);
-  for (i = 0;i < 32;++i) {
-    if (i > 0) printf(","); else printf(" ");
-    printf("0x%02x",(unsigned int) secondkey[i]);
-    if (i % 8 == 7) printf("\n");
-  }
-  return 0;
+    int i;
+
+    crypto_core_hsalsa20(secondkey, nonceprefix, firstkey, c);
+    for (i = 0; i < 32; ++i) {
+        if (i > 0) {
+            printf(",");
+        } else {
+            printf(" ");
+        }
+        printf("0x%02x", (unsigned int)secondkey[i]);
+        if (i % 8 == 7) {
+            printf("\n");
+        }
+    }
+    return 0;
 }
diff --git a/test/default/core2.exp b/test/default/core2.exp
new file mode 100644
index 0000000..f4682af
--- /dev/null
+++ b/test/default/core2.exp
@@ -0,0 +1,4 @@
+ 0xdc,0x90,0x8d,0xda,0x0b,0x93,0x44,0xa9
+,0x53,0x62,0x9b,0x73,0x38,0x20,0x77,0x88
+,0x80,0xf3,0xce,0xb4,0x21,0xbb,0x61,0xb9
+,0x1c,0xbd,0x4c,0x3e,0x66,0x25,0x6c,0xe4
diff --git a/test/default/core3.c b/test/default/core3.c
index 5d24fdd..210e25c 100644
--- a/test/default/core3.c
+++ b/test/default/core3.c
@@ -1,25 +1,19 @@
-#include <stdio.h>
 
 #define TEST_NAME "core3"
 #include "cmptest.h"
 
-unsigned char secondkey[32] = {
- 0xdc,0x90,0x8d,0xda,0x0b,0x93,0x44,0xa9
-,0x53,0x62,0x9b,0x73,0x38,0x20,0x77,0x88
-,0x80,0xf3,0xce,0xb4,0x21,0xbb,0x61,0xb9
-,0x1c,0xbd,0x4c,0x3e,0x66,0x25,0x6c,0xe4
-} ;
+unsigned char secondkey[32]
+    = { 0xdc, 0x90, 0x8d, 0xda, 0x0b, 0x93, 0x44, 0xa9, 0x53, 0x62, 0x9b,
+        0x73, 0x38, 0x20, 0x77, 0x88, 0x80, 0xf3, 0xce, 0xb4, 0x21, 0xbb,
+        0x61, 0xb9, 0x1c, 0xbd, 0x4c, 0x3e, 0x66, 0x25, 0x6c, 0xe4 };
 
-unsigned char noncesuffix[8] = {
- 0x82,0x19,0xe0,0x03,0x6b,0x7a,0x0b,0x37
-} ;
+unsigned char noncesuffix[8]
+    = { 0x82, 0x19, 0xe0, 0x03, 0x6b, 0x7a, 0x0b, 0x37 };
 
-unsigned char c[16] = {
- 0x65,0x78,0x70,0x61,0x6e,0x64,0x20,0x33
-,0x32,0x2d,0x62,0x79,0x74,0x65,0x20,0x6b
-} ;
+unsigned char c[16] = { 0x65, 0x78, 0x70, 0x61, 0x6e, 0x64, 0x20, 0x33,
+                        0x32, 0x2d, 0x62, 0x79, 0x74, 0x65, 0x20, 0x6b };
 
-unsigned char in[16] = { 0 } ;
+unsigned char in[16] = { 0 };
 
 unsigned char output[64 * 256 * 256];
 
@@ -27,16 +21,26 @@ unsigned char h[32];
 
 int main(void)
 {
-  int i;
-  long long pos = 0;
-  for (i = 0;i < 8;++i) in[i] = noncesuffix[i];
-  do {
+    int i;
+    long long pos = 0;
+
+    for (i = 0; i < 8; ++i)
+        in[i] = noncesuffix[i];
     do {
-      crypto_core_salsa20(output + pos,in,secondkey,c);
-      pos += 64;
-    } while (++in[8]);
-  } while (++in[9]);
-  crypto_hash_sha256(h,output,sizeof output);
-  for (i = 0;i < 32;++i) printf("%02x",h[i]); printf("\n");
-  return 0;
+        do {
+            crypto_core_salsa20(output + pos, in, secondkey, c);
+            pos += 64;
+        } while (++in[8]);
+    } while (++in[9]);
+    crypto_hash_sha256(h, output, sizeof output);
+    for (i = 0; i < 32; ++i) {
+        printf("%02x", h[i]);
+    }
+    printf("\n");
+    assert(crypto_core_salsa20_outputbytes() > 0U);
+    assert(crypto_core_salsa20_inputbytes() > 0U);
+    assert(crypto_core_salsa20_keybytes() > 0U);
+    assert(crypto_core_salsa20_constbytes() > 0U);
+
+    return 0;
 }
diff --git a/test/default/core3.exp b/test/default/core3.exp
new file mode 100644
index 0000000..5fa208c
--- /dev/null
+++ b/test/default/core3.exp
@@ -0,0 +1 @@
+662b9d0e3463029156069b12f918691a98f7dfb2ca0393c96bbfc6b1fbd630a2
diff --git a/test/default/core4.c b/test/default/core4.c
index d818723..611d392 100644
--- a/test/default/core4.c
+++ b/test/default/core4.c
@@ -1,35 +1,34 @@
-#include <stdio.h>
 
 #define TEST_NAME "core4"
 #include "cmptest.h"
 
-unsigned char k[32] = {
-   1,  2,  3,  4,  5,  6,  7,  8
-,  9, 10, 11, 12, 13, 14, 15, 16
-,201,202,203,204,205,206,207,208
-,209,210,211,212,213,214,215,216
-} ;
+unsigned char k[32] = { 1,   2,   3,   4,   5,   6,   7,   8,   9,   10,  11,
+                        12,  13,  14,  15,  16,  201, 202, 203, 204, 205, 206,
+                        207, 208, 209, 210, 211, 212, 213, 214, 215, 216 };
 
-unsigned char in[16] = {
- 101,102,103,104,105,106,107,108
-,109,110,111,112,113,114,115,116
-} ;
+unsigned char in[16] = { 101, 102, 103, 104, 105, 106, 107, 108,
+                         109, 110, 111, 112, 113, 114, 115, 116 };
 
-unsigned char c[16] = {
- 101,120,112, 97,110,100, 32, 51
-, 50, 45, 98,121,116,101, 32,107
-} ;
+unsigned char c[16] = { 101, 120, 112, 97,  110, 100, 32, 51,
+                        50,  45,  98,  121, 116, 101, 32, 107 };
 
 unsigned char out[64];
 
 int main(void)
 {
-  int i;
-  crypto_core_salsa20(out,in,k,c);
-  for (i = 0;i < 64;++i) {
-    if (i > 0) printf(","); else printf(" ");
-    printf("%3d",(unsigned int) out[i]);
-    if (i % 8 == 7) printf("\n");
-  }
-  return 0;
+    int i;
+
+    crypto_core_salsa20(out, in, k, c);
+    for (i = 0; i < 64; ++i) {
+        if (i > 0) {
+            printf(",");
+        } else {
+            printf(" ");
+        }
+        printf("%3d", (unsigned int)out[i]);
+        if (i % 8 == 7) {
+            printf("\n");
+        }
+    }
+    return 0;
 }
diff --git a/test/default/core4.exp b/test/default/core4.exp
new file mode 100644
index 0000000..d04e5b5
--- /dev/null
+++ b/test/default/core4.exp
@@ -0,0 +1,8 @@
+  69, 37, 68, 39, 41, 15,107,193
+,255,139,122,  6,170,233,217, 98
+, 89,144,182,106, 21, 51,200, 65
+,239, 49,222, 34,215,114, 40,126
+,104,197,  7,225,197,153, 31,  2
+,102, 78, 76,176, 84,245,246,184
+,177,160,133,130,  6, 72,149,119
+,192,195,132,236,234,103,246, 74
diff --git a/test/default/core5.c b/test/default/core5.c
index 467b27a..cf37397 100644
--- a/test/default/core5.c
+++ b/test/default/core5.c
@@ -1,34 +1,30 @@
-#include <stdio.h>
 
 #define TEST_NAME "core5"
 #include "cmptest.h"
 
-unsigned char k[32] = {
- 0xee,0x30,0x4f,0xca,0x27,0x00,0x8d,0x8c
-,0x12,0x6f,0x90,0x02,0x79,0x01,0xd8,0x0f
-,0x7f,0x1d,0x8b,0x8d,0xc9,0x36,0xcf,0x3b
-,0x9f,0x81,0x96,0x92,0x82,0x7e,0x57,0x77
-} ;
+unsigned char k[32]
+    = { 0xee, 0x30, 0x4f, 0xca, 0x27, 0x00, 0x8d, 0x8c, 0x12, 0x6f, 0x90,
+        0x02, 0x79, 0x01, 0xd8, 0x0f, 0x7f, 0x1d, 0x8b, 0x8d, 0xc9, 0x36,
+        0xcf, 0x3b, 0x9f, 0x81, 0x96, 0x92, 0x82, 0x7e, 0x57, 0x77 };
 
-unsigned char in[16] = {
- 0x81,0x91,0x8e,0xf2,0xa5,0xe0,0xda,0x9b
-,0x3e,0x90,0x60,0x52,0x1e,0x4b,0xb3,0x52
-} ;
+unsigned char in[16] = { 0x81, 0x91, 0x8e, 0xf2, 0xa5, 0xe0, 0xda, 0x9b,
+                         0x3e, 0x90, 0x60, 0x52, 0x1e, 0x4b, 0xb3, 0x52 };
 
-unsigned char c[16] = {
- 101,120,112, 97,110,100, 32, 51
-, 50, 45, 98,121,116,101, 32,107
-} ;
+unsigned char c[16] = { 101, 120, 112, 97,  110, 100, 32, 51,
+                        50,  45,  98,  121, 116, 101, 32, 107 };
 
 unsigned char out[32];
 
 int main(void)
 {
-  int i;
-  crypto_core_hsalsa20(out,in,k,c);
-  for (i = 0;i < 32;++i) {
-    printf(",0x%02x",(unsigned int) out[i]);
-    if (i % 8 == 7) printf("\n");
-  }
-  return 0;
+    int i;
+
+    crypto_core_hsalsa20(out, in, k, c);
+    for (i = 0; i < 32; ++i) {
+        printf(",0x%02x", (unsigned int)out[i]);
+        if (i % 8 == 7) {
+            printf("\n");
+        }
+    }
+    return 0;
 }
diff --git a/test/default/core5.exp b/test/default/core5.exp
new file mode 100644
index 0000000..562cf71
--- /dev/null
+++ b/test/default/core5.exp
@@ -0,0 +1,4 @@
+,0xbc,0x1b,0x30,0xfc,0x07,0x2c,0xc1,0x40
+,0x75,0xe4,0xba,0xa7,0x31,0xb5,0xa8,0x45
+,0xea,0x9b,0x11,0xe9,0xa5,0x19,0x1f,0x94
+,0xe1,0x8c,0xba,0x8f,0xd8,0x21,0xa7,0xcd
diff --git a/test/default/core6.c b/test/default/core6.c
index 8a98696..67be323 100644
--- a/test/default/core6.c
+++ b/test/default/core6.c
@@ -1,49 +1,48 @@
-#include <stdio.h>
 
 #define TEST_NAME "core6"
 #include "cmptest.h"
 
-unsigned char k[32] = {
- 0xee,0x30,0x4f,0xca,0x27,0x00,0x8d,0x8c
-,0x12,0x6f,0x90,0x02,0x79,0x01,0xd8,0x0f
-,0x7f,0x1d,0x8b,0x8d,0xc9,0x36,0xcf,0x3b
-,0x9f,0x81,0x96,0x92,0x82,0x7e,0x57,0x77
-} ;
+unsigned char k[32]
+    = { 0xee, 0x30, 0x4f, 0xca, 0x27, 0x00, 0x8d, 0x8c, 0x12, 0x6f, 0x90,
+        0x02, 0x79, 0x01, 0xd8, 0x0f, 0x7f, 0x1d, 0x8b, 0x8d, 0xc9, 0x36,
+        0xcf, 0x3b, 0x9f, 0x81, 0x96, 0x92, 0x82, 0x7e, 0x57, 0x77 };
 
-unsigned char in[16] = {
- 0x81,0x91,0x8e,0xf2,0xa5,0xe0,0xda,0x9b
-,0x3e,0x90,0x60,0x52,0x1e,0x4b,0xb3,0x52
-} ;
+unsigned char in[16] = { 0x81, 0x91, 0x8e, 0xf2, 0xa5, 0xe0, 0xda, 0x9b,
+                         0x3e, 0x90, 0x60, 0x52, 0x1e, 0x4b, 0xb3, 0x52 };
 
-unsigned char c[16] = {
- 101,120,112, 97,110,100, 32, 51
-, 50, 45, 98,121,116,101, 32,107
-} ;
+unsigned char c[16] = { 101, 120, 112, 97,  110, 100, 32, 51,
+                        50,  45,  98,  121, 116, 101, 32, 107 };
 
 unsigned char out[64];
 
-void print(unsigned char *x,unsigned char *y)
+void print(unsigned char *x, unsigned char *y)
 {
-  int i;
-  unsigned int borrow = 0;
-  for (i = 0;i < 4;++i) {
-    unsigned int xi = x[i];
-    unsigned int yi = y[i];
-    printf(",0x%02x",255 & (xi - yi - borrow));
-    borrow = (xi < yi + borrow);
-  }
+    int i;
+    unsigned int borrow = 0;
+
+    for (i = 0; i < 4; ++i) {
+        unsigned int xi = x[i];
+        unsigned int yi = y[i];
+        printf(",0x%02x", 255 & (xi - yi - borrow));
+        borrow = (xi < yi + borrow);
+    }
 }
 
 int main(void)
 {
-  crypto_core_salsa20(out,in,k,c);
-  print(out,c);
-  print(out + 20,c + 4); printf("\n");
-  print(out + 40,c + 8);
-  print(out + 60,c + 12); printf("\n");
-  print(out + 24,in);
-  print(out + 28,in + 4); printf("\n");
-  print(out + 32,in + 8);
-  print(out + 36,in + 12); printf("\n");
-  return 0;
+    crypto_core_salsa20(out, in, k, c);
+    print(out, c);
+    print(out + 20, c + 4);
+    printf("\n");
+    print(out + 40, c + 8);
+    print(out + 60, c + 12);
+    printf("\n");
+    print(out + 24, in);
+    print(out + 28, in + 4);
+    printf("\n");
+    print(out + 32, in + 8);
+    print(out + 36, in + 12);
+    printf("\n");
+
+    return 0;
 }
diff --git a/test/default/core6.exp b/test/default/core6.exp
new file mode 100644
index 0000000..562cf71
--- /dev/null
+++ b/test/default/core6.exp
@@ -0,0 +1,4 @@
+,0xbc,0x1b,0x30,0xfc,0x07,0x2c,0xc1,0x40
+,0x75,0xe4,0xba,0xa7,0x31,0xb5,0xa8,0x45
+,0xea,0x9b,0x11,0xe9,0xa5,0x19,0x1f,0x94
+,0xe1,0x8c,0xba,0x8f,0xd8,0x21,0xa7,0xcd
diff --git a/test/default/ed25519_convert.c b/test/default/ed25519_convert.c
new file mode 100644
index 0000000..02c0641
--- /dev/null
+++ b/test/default/ed25519_convert.c
@@ -0,0 +1,44 @@
+
+#define TEST_NAME "ed25519_convert"
+#include "cmptest.h"
+
+static const unsigned char keypair_seed[crypto_sign_ed25519_SEEDBYTES]
+    = { 0x42, 0x11, 0x51, 0xa4, 0x59, 0xfa, 0xea, 0xde, 0x3d, 0x24, 0x71,
+        0x15, 0xf9, 0x4a, 0xed, 0xae, 0x42, 0x31, 0x81, 0x24, 0x09, 0x5a,
+        0xfa, 0xbe, 0x4d, 0x14, 0x51, 0xa5, 0x59, 0xfa, 0xed, 0xee };
+
+int main(void)
+{
+    unsigned char ed25519_pk[crypto_sign_ed25519_PUBLICKEYBYTES];
+    unsigned char ed25519_skpk[crypto_sign_ed25519_SECRETKEYBYTES];
+    unsigned char curve25519_pk[crypto_scalarmult_curve25519_BYTES];
+    unsigned char curve25519_pk2[crypto_scalarmult_curve25519_BYTES];
+    unsigned char curve25519_sk[crypto_scalarmult_curve25519_BYTES];
+    char curve25519_pk_hex[crypto_scalarmult_curve25519_BYTES * 2 + 1];
+    char curve25519_sk_hex[crypto_scalarmult_curve25519_BYTES * 2 + 1];
+    unsigned int i;
+
+    crypto_sign_ed25519_seed_keypair(ed25519_pk, ed25519_skpk, keypair_seed);
+    crypto_sign_ed25519_pk_to_curve25519(curve25519_pk, ed25519_pk);
+    crypto_sign_ed25519_sk_to_curve25519(curve25519_sk, ed25519_skpk);
+    sodium_bin2hex(curve25519_pk_hex, sizeof curve25519_pk_hex, curve25519_pk,
+                   sizeof curve25519_pk);
+    sodium_bin2hex(curve25519_sk_hex, sizeof curve25519_sk_hex, curve25519_sk,
+                   sizeof curve25519_sk);
+
+    printf("curve25519 pk: [%s]\n", curve25519_pk_hex);
+    printf("curve25519 sk: [%s]\n", curve25519_sk_hex);
+
+    for (i = 0U; i < 500U; i++) {
+        crypto_sign_ed25519_keypair(ed25519_pk, ed25519_skpk);
+        crypto_sign_ed25519_pk_to_curve25519(curve25519_pk, ed25519_pk);
+        crypto_sign_ed25519_sk_to_curve25519(curve25519_sk, ed25519_skpk);
+        crypto_scalarmult_curve25519_base(curve25519_pk2, curve25519_sk);
+        if (memcmp(curve25519_pk, curve25519_pk2, sizeof curve25519_pk) != 0) {
+            printf("conversion failed\n");
+        }
+    }
+    printf("ok\n");
+
+    return 0;
+}
diff --git a/test/default/ed25519_convert.exp b/test/default/ed25519_convert.exp
new file mode 100644
index 0000000..cba2b7b
--- /dev/null
+++ b/test/default/ed25519_convert.exp
@@ -0,0 +1,3 @@
+curve25519 pk: [f1814f0e8ff1043d8a44d25babff3cedcae6c22c3edaa48f857ae70de2baae50]
+curve25519 sk: [8052030376d47112be7f73ed7a019293dd12ad910b654455798b4667d73de166]
+ok
diff --git a/test/default/generichash.c b/test/default/generichash.c
index 42a4a39..71c12e4 100644
--- a/test/default/generichash.c
+++ b/test/default/generichash.c
@@ -1,6 +1,3 @@
-#include <stdio.h>
-
-#include "crypto_uint8.h"
 
 #define TEST_NAME "generichash"
 #include "cmptest.h"
@@ -8,20 +5,67 @@
 int main(void)
 {
 #define MAXLEN 64
-    crypto_uint8 in[MAXLEN], out[crypto_generichash_BYTES_MAX], k[crypto_generichash_KEYBYTES_MAX];
-    size_t h,i,j;
-
-    for(h = 0; h < crypto_generichash_KEYBYTES_MAX; ++h) k[h] = h;
-
-    for(i = 0; i < MAXLEN; ++i) {
-        in[i]=i;
-        crypto_generichash(out, 1 + i % crypto_generichash_BYTES_MAX,
-                           in, i,
-                           k, 1 + i % crypto_generichash_KEYBYTES_MAX);
-        for (j = 0;j < 1 + i % crypto_generichash_BYTES_MAX;++j) {
-            printf("%02x",(unsigned int) out[j]);
+    unsigned char in[MAXLEN], out[crypto_generichash_BYTES_MAX],
+        k[crypto_generichash_KEYBYTES_MAX];
+    size_t h, i, j;
+
+    for (h = 0; h < crypto_generichash_KEYBYTES_MAX; ++h)
+        k[h] = h;
+
+    for (i = 0; i < MAXLEN; ++i) {
+        in[i] = i;
+        crypto_generichash(out, 1 + i % crypto_generichash_BYTES_MAX, in, i, k,
+                           1 + i % crypto_generichash_KEYBYTES_MAX);
+        for (j = 0; j < 1 + i % crypto_generichash_BYTES_MAX; ++j) {
+            printf("%02x", (unsigned int)out[j]);
         }
         printf("\n");
     }
+
+    memset(out, 0, sizeof out);
+    crypto_generichash(out, crypto_generichash_BYTES_MAX, in, i, k, 0U);
+    for (j = 0; j < crypto_generichash_BYTES_MAX; ++j) {
+        printf("%02x", (unsigned int)out[j]);
+    }
+    printf("\n");
+
+    memset(out, 0, sizeof out);
+    crypto_generichash(out, crypto_generichash_BYTES_MAX, in, i, NULL, 1U);
+    for (j = 0; j < crypto_generichash_BYTES_MAX; ++j) {
+        printf("%02x", (unsigned int)out[j]);
+    }
+    printf("\n");
+
+    assert(crypto_generichash(out, 0U, in, sizeof in, k, sizeof k) == -1);
+    assert(crypto_generichash(out, crypto_generichash_BYTES_MAX + 1U, in, sizeof in,
+                              k, sizeof k) == -1);
+    assert(crypto_generichash(out, sizeof out, in, sizeof in,
+                              k, crypto_generichash_KEYBYTES_MAX + 1U) == -1);
+
+    assert(crypto_generichash_bytes_min() > 0U);
+    assert(crypto_generichash_bytes_max() > 0U);
+    assert(crypto_generichash_bytes() > 0U);
+    assert(crypto_generichash_bytes() >= crypto_generichash_bytes_min());
+    assert(crypto_generichash_bytes() <= crypto_generichash_bytes_max());
+    assert(crypto_generichash_keybytes_min() > 0U);
+    assert(crypto_generichash_keybytes_max() > 0U);
+    assert(crypto_generichash_keybytes() > 0U);
+    assert(crypto_generichash_keybytes() >= crypto_generichash_keybytes_min());
+    assert(crypto_generichash_keybytes() <= crypto_generichash_keybytes_max());
+    assert(strcmp(crypto_generichash_primitive(), "blake2b") == 0);
+    assert(crypto_generichash_bytes_min()
+           == crypto_generichash_blake2b_bytes_min());
+    assert(crypto_generichash_bytes_max()
+           == crypto_generichash_blake2b_bytes_max());
+    assert(crypto_generichash_bytes() == crypto_generichash_blake2b_bytes());
+    assert(crypto_generichash_keybytes_min()
+           == crypto_generichash_blake2b_keybytes_min());
+    assert(crypto_generichash_keybytes_max()
+           == crypto_generichash_blake2b_keybytes_max());
+    assert(crypto_generichash_keybytes()
+           == crypto_generichash_blake2b_keybytes());
+    assert(crypto_generichash_blake2b_saltbytes() > 0U);
+    assert(crypto_generichash_blake2b_personalbytes() > 0U);
+
     return 0;
 }
diff --git a/test/default/generichash.exp b/test/default/generichash.exp
new file mode 100644
index 0000000..4a918f9
--- /dev/null
+++ b/test/default/generichash.exp
@@ -0,0 +1,66 @@
+05
+5d8c
+22221b
+d4974470
+be8492fb36
+edc178279907
+26848f2ae0c2e6
+045cf1235112b9f6
+5110bad569356dfa6c
+1339d95145bc8a33d3aa
+3dbb39b4d57c5566808a88
+22378260939cee01022686a2
+e18b37abcead6cc520e6504dac
+3cbb356604cf862e62ad2f534323
+44c41ba227b191961b475ec5875057
+0c7c9c3922d41a7b2b3b20f92685d560
+8508c01d19709bdd881866aa1f8c63ca06
+f6b2dddfbece6d7d52e114c7e5a97772e18d
+d36b5af9591d0cd3747254e26bc6e1de5b6081
+f7f7ce69149418d7ec33327bd86e14bcca4b8ed7
+2c9aba9a56de21165753c4f3cee9310a9c8fe546b9
+ee5e08cee5fbbcb51900341bb30db6695920faecda6a
+fe9ffb56dc5716b91bc7d77ce7b05e7cc39c31683bec91
+c500ae0f5bff0f1106ce104ae9c291add7207e0d8ebcb1ed
+68e23d12000b387158afd6458d3bcef9c26936ca68b5c0f3d6
+220efa2c09f67dbb02aa623bbc0cb92107a30f53b633e78d4b44
+54df984b47e4bcd489d9c045c488743fac91c9b3e0cbcc37495fac
+b4852cf66c6ce164c002bbb62ded0faeb4a39c39fdffb372ff14dd31
+d79cafb5565e7775616e1c9b09100d61fb71efaf25affcf2d480d2c980
+ae557883145e374adef583ba0550429d5cdd86b254c33bf52d02e070efda
+9f53d28c0df7b327c2eb4c8a12c742829225b7f30fda7baf64135098fdb01b
+a9f51bb7f6a3e9cdb96ce652c07d177962a348a9cced1b92f948187e59b44463
+f2960cf5fd57fc92f549cd5a2803147964f60e7703e1b8897c088cded74c7bd39f
+89981acbb690eb03ed2a67510d1d85a1b4f9d496fdfe134550ae14146bb05fd5fedd
+6d8245383fd7c418b46511339e711b9d4a0d1f5fdf6de45fdd3d0664164b7bf878a124
+1f0b6b083d524e0741710ddef499ce88f51083bb3ad80a1815cc57acf006436e9b6ad72b
+fc35bfe34c915020bb8b44fa0a19933774eaaf61919780fd55564e085bc31646dfc1d426e9
+117d58f1f8cb2c036102686035975be90550795e5a0e3469a8f7a2cba9bc88961852b18c8ae3
+c679c950818729c799bb7f39cef2d89fa80a147817f379a073ef1ccafea5d369815c70373bf5be
+d487ad2143024ee8c645a066c035b74abe3a11f1c9fcd738b154b8ca37134d74fb78c40d1a2274cf
+2d3ee00828b0ccea6812b40f214fab6d4f23f7e74ae228115bcb208ced2d5e1cb9cdff41de912af7a8
+a697b26d4c4475e312288b98ae2ec4954d3c74c8e144c0ab518616ff9f52918a946fd765af75e761178c
+f647bcba2a711f431d6d453aa7d75dcf5bb9ab6f8b83f89117230f633e7580f27c71c4f4c211cadd04f587
+1fc1d6a4db753e2f4fd1456b2b709dd70ad58547eeda9d5a55762b5cd4097a7a1bd73cc633ec27168ee65631
+1cfe0f63ab155379b4a1b5bf694a33635097b8e4b6dbd3b983d62454d36d7bf4550bece301abdd27b2dd76ca9f
+73dee8a0a558e7b6f6eefe411280e253b05ef006d499849fea5d6a95f9141ee160322fff3a3f70e10c84025e02ce
+edf9e706f4acae4f4bed72404f14458ba075d2b9d9a4a1ed46d1f1c5e23113a74cce9f7735432a922a3d8097f22c7a
+95d5cd54c6722ac4335fa0ab38d388c9fd0baea48a9078605e400534ef38f13abb1d770da84b90b0256e1c1b64f54ba9
+fe6b85ee8b5eb7da035264ed46e6dcd948571018d1f6976de4102fcb4bb5f1422e7df1b5aaa5b6b56c5961966db29ead6e
+499ab83c01e4bf74ea5036392f9f810eae8a066fff49e316e4288baccb2001efa24f64cef7bfae70c90f139b198e53ad87f1
+eac6c9d97264241a8adba22ee925438ed9787a547018608a10676a7594bc51c60294bd9159fbcada9022b44880a37c5b07c1b4
+0771e3ae24bbfe424800d4bae776fef3da1607990019e7c4b30bc8140061ebf0b64aad7b018a878d579caa67154b98a04402735e
+d569e5f5fe197387451441911a2be2effa606dad39820af44cea056bd9d1499dde41fa1c6c3a0459d5866c944bec2ac83328953726
+68e523ded865c4d8318d61c312189a59597bbc3995e312e85137611af761a5f73508ac79e359edf729d4508830fc642b432f09185914
+601af664ae596166707244adbb4f704593b355c6a659c844d853c6647fb265cdbcea26ed43657251dec37f2d6453fa0ace55f22d303cb0
+703d8e552236b2090143444545f0a61a809d8ef9843bcf6883f61671fb31c8d6ac9fd373e7f9f79a0c72fa6a37dc655ba1fb01a5f41e36d1
+03896f594afd1bf97acb862106eb05a1d8b54ec08d184812a79f4dc7b287a7486e60927b6c23e5f51fcbc94798648b28fd13438300567bec95
+cc66a891768e95a2717b040c111996f14942f10f2475c33aa5f1c97476e6f8386733d6b21c16102d01ff1f715475f01099e1f19aa763238a38a9
+007aac8eae29e5bf2be1b54857f5fe80c324424a3273b46e55482fbc4ae1033df4a97016b60c81a5344abd6366f56d8cee2c2e94619418293990de
+50c81e92605a6111ea4c7c602acfb3945d4c2631c8c08fa4b594134577f5c2ffcca90d48604162cfdb2a0bb40416ff9134a275461b829ff1b875f995
+661b7a1c70170aa7559aa82639fa65c1bdcfb5e336cb23b40a9edf5b4f6eeca1a176a9844da705cafb990dd94b9dc6194eb6b2de3eca9dbd255bb267a1
+9ff11c233aaf5e0242b0dbe6e110a42e58b86141ad0ef130fd2bb895700019782de66d435bf0a8d6f5eda5d7d1105e7a6f3ef17a9da8f9c16fc21075431a
+bdd3d0fafe8ba2b29d1ac0b79aa46e249cc9d3a82d0f772d690637bbdd353722356658d00436ff5dd5239ab747979329345eb8c7ed11b7331456ae87350fcf
+bd965bf31e87d70327536f2a341cebc4768eca275fa05ef98f7f1b71a0351298de006fba73fe6733ed01d75801b4a928e54231b38e38c562b2e33ea1284992fa
+2fc6e69fa26a89a5ed269092cb9b2a449a4409a7a44011eecad13d7c4b0456602d402fa5844f1a7a758136ce3d5d8d0e8b86921ffff4f692dd95bdc8e5ff0052
+2fc6e69fa26a89a5ed269092cb9b2a449a4409a7a44011eecad13d7c4b0456602d402fa5844f1a7a758136ce3d5d8d0e8b86921ffff4f692dd95bdc8e5ff0052
diff --git a/test/default/generichash2.c b/test/default/generichash2.c
index 4693a5f..cd9c889 100644
--- a/test/default/generichash2.c
+++ b/test/default/generichash2.c
@@ -1,6 +1,3 @@
-#include <stdio.h>
-
-#include "crypto_uint8.h"
 
 #define TEST_NAME "generichash2"
 #include "cmptest.h"
@@ -9,23 +6,43 @@ int main(void)
 {
 #define MAXLEN 64
     crypto_generichash_state st;
-    crypto_uint8 in[MAXLEN], out[crypto_generichash_BYTES_MAX], k[crypto_generichash_KEYBYTES_MAX];
-    size_t h,i,j;
+    unsigned char in[MAXLEN], out[crypto_generichash_BYTES_MAX],
+        k[crypto_generichash_KEYBYTES_MAX];
+    size_t h, i, j;
 
-    for(h = 0; h < crypto_generichash_KEYBYTES_MAX; ++h) k[h] = h;
+    for (h = 0; h < crypto_generichash_KEYBYTES_MAX; ++h)
+        k[h] = h;
 
-    for(i = 0; i < MAXLEN; ++i) {
-        in[i]=i;
-        crypto_generichash_init(&st, k, 1 + i % crypto_generichash_KEYBYTES_MAX,
-                                1 + i % crypto_generichash_BYTES_MAX);
+    for (i = 0; i < MAXLEN; ++i) {
+        in[i] = i;
+        if (crypto_generichash_init(&st, k,
+                                    1 + i % crypto_generichash_KEYBYTES_MAX,
+                                    1 + i % crypto_generichash_BYTES_MAX) != 0) {
+            printf("crypto_generichash_init()\n");
+            return 1;
+        }
         crypto_generichash_update(&st, in, i);
         crypto_generichash_update(&st, in, i);
         crypto_generichash_update(&st, in, i);
-        crypto_generichash_final(&st, out, 1 + i % crypto_generichash_BYTES_MAX);
-        for (j = 0;j < 1 + i % crypto_generichash_BYTES_MAX;++j) {
-            printf("%02x",(unsigned int) out[j]);
+        crypto_generichash_final(&st, out,
+                                 1 + i % crypto_generichash_BYTES_MAX);
+        for (j = 0; j < 1 + i % crypto_generichash_BYTES_MAX; ++j) {
+            printf("%02x", (unsigned int)out[j]);
         }
         printf("\n");
     }
+
+    assert(crypto_generichash_init(&st, k, sizeof k, 0U) == -1);
+    assert(crypto_generichash_init(&st, k, sizeof k,
+                                   crypto_generichash_BYTES_MAX + 1U) == -1);
+    assert(crypto_generichash_init(&st, k, crypto_generichash_KEYBYTES_MAX + 1U,
+                                   sizeof out) == -1);
+    assert(crypto_generichash_init(&st, k, 0U, sizeof out) == 0);
+    assert(crypto_generichash_init(&st, k, 1U, sizeof out) == 0);
+    assert(crypto_generichash_init(&st, NULL, 1U, 0U) == -1);
+    assert(crypto_generichash_init(&st, NULL, crypto_generichash_KEYBYTES,
+                                   1U) == 0);
+    assert(crypto_generichash_init(&st, NULL, crypto_generichash_KEYBYTES,
+                                   0U) == -1);
     return 0;
 }
diff --git a/test/default/generichash2.exp b/test/default/generichash2.exp
new file mode 100644
index 0000000..5ee6f60
--- /dev/null
+++ b/test/default/generichash2.exp
@@ -0,0 +1,64 @@
+05
+22a8
+287a9d
+d8eeab1c
+d4ce34973f
+584f7ac46f0c
+32c848bb67545b
+8438e21361bca125
+27a6faae998b4fabb4
+508c05a4f2daee150bad
+68c886c97dce370e8c72fa
+d41e90824ace31ba7bf512ac
+6e0d7a1e2b92a68e45ea867895
+1fc5ee8715312db38da9066152a5
+3138504ba58fcd56c62752bc98a6d2
+b689ecd5357cb5276007627fbdf4082e
+afe251881beb8b9dfa3d4f76aafc7b2995
+980eaa215cb0911027c5564db809bb8ac0a1
+56048436883efdfc8feaa239d960fa5ce24d42
+fce905b6d57fd841f58899a77887a4988e6aa2d1
+6f7afd81d24ccf4d98188b71bdbb7e6c637620879b
+50406b4c37b48621505942b35dff30a75f7d2868146b
+32c21792e18e7a79a4a20ef291721d7eab4e4cf99fbe79
+4b9d9ac5dbfb825acd87588667e6683e0fde4cdcd0a532f9
+2b55a3ebb461623e5de4fbacfb8b26819cfa8adeb094c8c13b
+4c7d261780b25a864a008352ad64d1ae7fc21d608317813cf63f
+f0ca06b8e12c48f1511d0991ba562f06dbe6ba6d5e18280224cc6a
+838a5f7056bfbca65a245796dd3510cb07ff1614b44989d91ac650b2
+a58a8da276577160441f8b9e9c52a041b7caf7cd316acc506f620ab0e1
+e03940a7231049ff2b86c47a28e4951f105d2a3aa3421190fe0ed6aa4ad6
+a7af977c0b34294b1a03d0cc2dcf6eb72f9a32721c3f70128384aeb1f56047
+0e5625d74ada70b8a3b23ca76894e9a0f9dee88f5e3e370e27ad25061ea9dd6f
+775fd9257b265997a16557a445985091798af60e68d06e3ae8e2e886d23ed12f6e
+852e8d4208166a990e215ed06b86c708f491e014584ac9b08f97f24d9f08a84c8e83
+fbdca0db9a933fcffcce2ae694d7e16e7571b100564fcb3d69cec82ea42f254a493a32
+50530ae5eb9780f3fafc5d179f7b363a0d69314a8545d68588b5fec28c8e8d1a011857f6
+5eb71553ff1ac4aba3f84faeb70281c738e3428aae68edc9842ebf55ffd7184a015e323445
+39b279c6d9cca89f8052f953abf71041faf3491b2b965cef503d715e8bf339e02a58fd0e0fba
+e315bef5f4918e881dc8d39d3c6b3948c2ea8e21ac00ee7c7ab875a53e194add0c3d9b8bcba5b2
+4e950f0e1da3111d054136fbdf10b4b88b20de6ad0c6bd5024a5e0a8b4cd7059685c0b663a00cbfa
+b1ed8d99fd62a4f504ecdd58a01759a85932a7783f88f314cdca5019e05063dcc1fcb3c39b8c07758e
+e4d78e734b0cb5bbd83e22bc67f97bbc8a3644f789f6c26a3ec2fe72c75b4d48a3bc000e6f2f2f0726fe
+162e01beb796433a2771eab54611fc93677ed12c73a93ea4d75e148bec7ab14b3e31ab7f395456fb2b47ab
+759c30631fd52e80a22f0614125dcd136287db65079908b75fb5b03be1cdf6dd0a1c9de0cc759cdd82c33758
+af2992acdaf0908f03a2025854de6446123c919b1e24db711df6cb070091343b4e6f5b2716c20c2547f50f1fde
+b833064955778a611fe41a9f1a2de730a16fb4e61a7e2fb67425ce199101d4e71dd7b0c731ea4188e9cc30e9bc52
+e546ee327168d9b4e0d73d9a043f9ef03f880bc8aee91b0923704eb7361ac916b00f5c71c872e2f911a77ef76704b5
+83d86f056729fa1a6e1d3fe8c3d2ebe42b327025747f2e6ba923d2b7b893e31571839937222852033844e585b17d462f
+5d70402524fbef569552a3ff6854087e090ff9ac9ea03aba92cf9f33a28845fa6a1631090dca10e05cdd3341b391a15fcf
+64f4d3ebf0717900f7c04512d1e18f9985975991d4254d76c4e2ee02c0edd6f912f715991984731b808b8370be1f201e53bf
+7d45eae6626dfc9ec3591764b8c39c72ca67e6c1893ab590963a75922719937d1d0ff188a510ffbdf9c777a4d565b3683cbf38
+68e007db5067874548c0d12a9ca709221f9bd352e3eb9847fde6c5de4a8550f4b85b67fe4e5aad70626ebb27d71e5b528effb2e6
+b0dc4dc0bd0d41a8ccfa45a127542079bc4e6f63a63863a9ce21f44481d23eff1060ea03851759b9317209405d5b7cc4387cc2759b
+adf6a9df484e93eb3a6113c3fd68a49b2166878fc652833c9cbef3fd8dd281d385ad0374bc25bc865b216ca395e21c30b9eda1d58a8d
+f1df9bc169323da338daa8a94867db96a1a2a6feb26569198fb4591ae602ba6f766a879e745d71e93b6cb8886b914f2bf4aa55d4c48045
+0c7446078a5077f33bba1ebfad60bbf1b1df47aab2eb3f3f3274ce56ead7800cf095af8208b6d570c4c832fe33227bbbc0842a13e1e82ad9
+accd0b4682e56698ecc55a60a8db8b3f950b6bffc5a1d160daf6ca25e13e3b4983ced5903df0bdc21f70c2ec5adb1a2ec9617df645cdd17ac9
+b787bae190ff2608eb383e0299cc10d6b7232de67ab74285e7bfa933d79f91226066537d74a9d40140d7b1683c2d42cd1935f6430cc554db2b69
+d09b717a0c80f581c07b8813e0ae79cec2188f77122f7477954610655a20420f13eb1b68cacde8c1fdf7a9a398efa72f40c85f0122812eaa33aba0
+87fff156d9895917468e92848fdcfacc134ca3bfc7fce484bd6db41c682ee2ee47151df0fa863d5641633d908c0328e6cbe080e80d8293530ffd2c4f
+1b17b2c0e7afcd224ec9bbe9ce9a13a00bd0a336b863f1b4d5304043778244323bd23fb6154a2e1e94aa48f6ff0e12787a50ca09e9e72ece9e038f6218
+23ac1ccd5e7df51b65b284650158d662e7ef51ebae01b879f39cec484b688c792f8e854bd8ca31ffe8796d28f10e49ab402dab47878a21cb95556dc32b0a
+f8f5323ebcc28bf927e72d342b5b70d80ba67794afb4c28debad21b0dae24c7a9252e862eb4b83bea6d9c0bb7c108983c987f13d73f250c7f14483f0454a24
+55b97ca594d68ccf69a0a93fe7fa4004c7e2947a8cac4ca4a44e17ac6876f472e3f221b341a28004cd35a79cfad7fabb9378ce5af03e4c0445ebbe9540943bbd
diff --git a/test/default/generichash3.c b/test/default/generichash3.c
index dcd29e0..dca852d 100644
--- a/test/default/generichash3.c
+++ b/test/default/generichash3.c
@@ -1,6 +1,3 @@
-#include <stdio.h>
-
-#include "crypto_uint8.h"
 
 #define TEST_NAME "generichash3"
 #include "cmptest.h"
@@ -9,28 +6,165 @@ int main(void)
 {
 #define MAXLEN 64
     crypto_generichash_blake2b_state st;
-    crypto_uint8 salt[crypto_generichash_blake2b_SALTBYTES] = {
-        '5', 'b', '6', 'b', '4', '1', 'e', 'd', '9', 'b', '3', '4', '3', 'f', 'e', '0'
-    };
-    crypto_uint8 personal[crypto_generichash_blake2b_PERSONALBYTES] = {
-        '5', '1', '2', '6', 'f', 'b', '2', 'a', '3', '7', '4', '0', '0', 'd', '2', 'a'
-    };    
-    crypto_uint8 in[MAXLEN], out[crypto_generichash_blake2b_BYTES_MAX], k[crypto_generichash_blake2b_KEYBYTES_MAX];
-    size_t h,i,j;
-
-    for(h = 0; h < crypto_generichash_blake2b_KEYBYTES_MAX; ++h) k[h] = h;
-
-    for(i = 0; i < MAXLEN; ++i) {
-        in[i]=i;
-        crypto_generichash_blake2b_init_salt_personal(&st, k, 1 + i % crypto_generichash_blake2b_KEYBYTES_MAX,
-                                                      1 + i % crypto_generichash_blake2b_BYTES_MAX,
-                                                      salt, personal);
+    unsigned char salt[crypto_generichash_blake2b_SALTBYTES]
+        = { '5', 'b', '6', 'b', '4', '1', 'e', 'd',
+            '9', 'b', '3', '4', '3', 'f', 'e', '0' };
+    unsigned char personal[crypto_generichash_blake2b_PERSONALBYTES]
+        = { '5', '1', '2', '6', 'f', 'b', '2', 'a',
+            '3', '7', '4', '0', '0', 'd', '2', 'a' };
+    unsigned char in[MAXLEN], out[crypto_generichash_blake2b_BYTES_MAX],
+        k[crypto_generichash_blake2b_KEYBYTES_MAX];
+    size_t h, i, j;
+
+    for (h = 0; h < crypto_generichash_blake2b_KEYBYTES_MAX; ++h)
+        k[h] = h;
+
+    for (i = 0; i < MAXLEN; ++i) {
+        in[i] = i;
+        crypto_generichash_blake2b_init_salt_personal(
+            &st, k, 1 + i % crypto_generichash_blake2b_KEYBYTES_MAX,
+            1 + i % crypto_generichash_blake2b_BYTES_MAX, salt, personal);
         crypto_generichash_blake2b_update(&st, in, i);
-        crypto_generichash_blake2b_final(&st, out, 1 + i % crypto_generichash_blake2b_BYTES_MAX);
-        for (j = 0;j < 1 + i % crypto_generichash_blake2b_BYTES_MAX;++j) {
-            printf("%02x",(unsigned int) out[j]);
+        crypto_generichash_blake2b_final(
+            &st, out, 1 + i % crypto_generichash_blake2b_BYTES_MAX);
+        for (j = 0; j < 1 + i % crypto_generichash_blake2b_BYTES_MAX; ++j) {
+            printf("%02x", (unsigned int)out[j]);
         }
         printf("\n");
     }
+
+    memset(out, 0, sizeof out);
+    crypto_generichash_blake2b_init_salt_personal(
+        &st, k, 0U, crypto_generichash_blake2b_BYTES_MAX, salt, personal);
+    crypto_generichash_blake2b_update(&st, in, MAXLEN);
+    crypto_generichash_blake2b_final(&st, out,
+                                     crypto_generichash_blake2b_BYTES_MAX);
+    for (j = 0; j < crypto_generichash_blake2b_BYTES_MAX; ++j) {
+        printf("%02x", (unsigned int)out[j]);
+    }
+    printf("\n");
+
+    memset(out, 0, sizeof out);
+    crypto_generichash_blake2b_init_salt_personal(
+        &st, NULL, 1U, crypto_generichash_blake2b_BYTES_MAX, salt, personal);
+    crypto_generichash_blake2b_update(&st, in, MAXLEN);
+    crypto_generichash_blake2b_final(&st, out,
+                                     crypto_generichash_blake2b_BYTES_MAX);
+    for (j = 0; j < crypto_generichash_blake2b_BYTES_MAX; ++j) {
+        printf("%02x", (unsigned int)out[j]);
+    }
+    printf("\n");
+
+    memset(out, 0, sizeof out);
+    crypto_generichash_blake2b_init_salt_personal(
+        &st, k, crypto_generichash_blake2b_KEYBYTES_MAX,
+    crypto_generichash_blake2b_BYTES_MAX, NULL, personal);
+    crypto_generichash_blake2b_update(&st, in, MAXLEN);
+    crypto_generichash_blake2b_final(&st, out,
+                                     crypto_generichash_blake2b_BYTES_MAX);
+    for (j = 0; j < crypto_generichash_blake2b_BYTES_MAX; ++j) {
+        printf("%02x", (unsigned int)out[j]);
+    }
+    printf("\n");
+
+    memset(out, 0, sizeof out);
+    crypto_generichash_blake2b_init_salt_personal(
+        &st, k, crypto_generichash_blake2b_KEYBYTES_MAX,
+        crypto_generichash_blake2b_BYTES_MAX, salt, NULL);
+    crypto_generichash_blake2b_update(&st, in, MAXLEN);
+    assert(crypto_generichash_blake2b_final(
+        &st, out, crypto_generichash_blake2b_BYTES_MAX + 1U) == -1);
+    crypto_generichash_blake2b_final(
+        &st, out, crypto_generichash_blake2b_BYTES_MAX);
+    for (j = 0; j < crypto_generichash_blake2b_BYTES_MAX; ++j) {
+        printf("%02x", (unsigned int)out[j]);
+    }
+    printf("\n");
+
+    memset(out, 0, sizeof out);
+    crypto_generichash_blake2b_salt_personal(
+        out, crypto_generichash_blake2b_BYTES_MAX, in, MAXLEN,
+        k, 0U, salt, personal);
+    for (j = 0; j < crypto_generichash_blake2b_BYTES_MAX; ++j) {
+        printf("%02x", (unsigned int)out[j]);
+    }
+    printf("\n");
+
+    memset(out, 0, sizeof out);
+    crypto_generichash_blake2b_salt_personal(
+        out, crypto_generichash_blake2b_BYTES_MAX, in, MAXLEN,
+        NULL, crypto_generichash_blake2b_KEYBYTES_MAX, salt, personal);
+    for (j = 0; j < crypto_generichash_blake2b_BYTES_MAX; ++j) {
+        printf("%02x", (unsigned int)out[j]);
+    }
+    printf("\n");
+
+    memset(out, 0, sizeof out);
+    crypto_generichash_blake2b_salt_personal(
+        out, crypto_generichash_blake2b_BYTES_MAX, in, MAXLEN,
+        k, crypto_generichash_blake2b_KEYBYTES_MAX, salt, personal);
+    for (j = 0; j < crypto_generichash_blake2b_BYTES_MAX; ++j) {
+        printf("%02x", (unsigned int)out[j]);
+    }
+    printf("\n");
+
+    memset(out, 0, sizeof out);
+    crypto_generichash_blake2b_salt_personal(
+        out, crypto_generichash_blake2b_BYTES_MAX, in, MAXLEN,
+        k, crypto_generichash_blake2b_KEYBYTES_MAX, NULL, personal);
+    for (j = 0; j < crypto_generichash_blake2b_BYTES_MAX; ++j) {
+        printf("%02x", (unsigned int)out[j]);
+    }
+    printf("\n");
+
+    memset(out, 0, sizeof out);
+    crypto_generichash_blake2b_salt_personal(
+        out, crypto_generichash_blake2b_BYTES_MAX, in, MAXLEN,
+        k, crypto_generichash_blake2b_KEYBYTES_MAX, salt, NULL);
+    for (j = 0; j < crypto_generichash_blake2b_BYTES_MAX; ++j) {
+        printf("%02x", (unsigned int)out[j]);
+    }
+    printf("\n");
+
+    crypto_generichash_blake2b_init_salt_personal(&st, NULL, 0U, crypto_generichash_BYTES,
+                                                  NULL, personal);
+    crypto_generichash_blake2b_update(&st, in, MAXLEN);
+    crypto_generichash_blake2b_final(&st, out, crypto_generichash_blake2b_BYTES_MAX);
+    for (j = 0; j < crypto_generichash_blake2b_BYTES_MAX; ++j) {
+        printf("%02x", (unsigned int)out[j]);
+    }
+    printf("\n");
+
+    crypto_generichash_blake2b_init_salt_personal(&st, NULL, 0U, crypto_generichash_BYTES,
+                                                  salt, NULL);
+    crypto_generichash_blake2b_update(&st, in, MAXLEN);
+    crypto_generichash_blake2b_final(&st, out, crypto_generichash_blake2b_BYTES_MAX);
+    for (j = 0; j < crypto_generichash_blake2b_BYTES_MAX; ++j) {
+        printf("%02x", (unsigned int)out[j]);
+    }
+    printf("\n");
+
+    assert(crypto_generichash_blake2b_init_salt_personal(&st, k, sizeof k, 0U,
+                                                         salt, personal) == -1);
+    assert(crypto_generichash_blake2b_init_salt_personal(&st, k, sizeof k,
+                                                         crypto_generichash_BYTES_MAX + 1U,
+                                                         salt, personal) == -1);
+    assert(crypto_generichash_blake2b_init_salt_personal(&st, k,
+                                                         crypto_generichash_KEYBYTES_MAX + 1U,
+                                                         sizeof out, salt, personal) == -1);
+
+    assert(crypto_generichash_blake2b_salt_personal(out, 0U, in, MAXLEN,
+                                                    k, sizeof k,
+                                                    salt, personal) == -1);
+    assert(crypto_generichash_blake2b_salt_personal(out, crypto_generichash_BYTES_MAX + 1U,
+                                                    in, MAXLEN, k, sizeof k,
+                                                    salt, personal) == -1);
+    assert(crypto_generichash_blake2b_salt_personal(out, sizeof out, in, MAXLEN,
+                                                    k, crypto_generichash_KEYBYTES_MAX + 1U,
+                                                    salt, personal) == -1);
+    assert(crypto_generichash_blake2b_init_salt_personal(&st, k, sizeof k, crypto_generichash_BYTES,
+                                                         NULL, personal) == 0);
+    assert(crypto_generichash_blake2b_init_salt_personal(&st, k, sizeof k, crypto_generichash_BYTES,
+                                                         salt, NULL) == 0);
     return 0;
 }
diff --git a/test/default/generichash3.exp b/test/default/generichash3.exp
new file mode 100644
index 0000000..75a62d4
--- /dev/null
+++ b/test/default/generichash3.exp
@@ -0,0 +1,75 @@
+ba
+6139
+3a1666
+5797e9d0
+834a26efe6
+d7e9e862bbce
+40d8b84c374750
+276789189244cf04
+16f73ffe0673cc9992
+b3835bfaf6eb71d94078
+8c624e844d34f4a59f34cc
+e0a394962413ad09975df3cf
+47f043c3aacb501f97e0458ae3
+b4a11f2fb72a7e6f96fdacf98d49
+f434079e9adeb244047cb6855f9854
+5fbe885c4b2d4e0d78dc5905622a277a
+e262ba3e2ab76efdf83513108e3b987d1b
+add93dde78d32e77bc039c34a49043f19d26
+093842ac10e2eb1237ddc9ca9e7990cf397772
+09e7f6a0e2ea4888f1dbf6562effd1561c65029c
+bd33a9ec914f5b81864a49184338e4062d6c6b2b2e
+8dc46295235d94f5881d429a5ad47f9db9e35cf8c6b3
+ba5df554dca7ac1cba4889fa88adf3070fbf4ab5d187b5
+1ff84715e71c66214d271d421395fb6166db97b1d47ed697
+75a0d227c70549f5b0c933b7b21f151355bd47e04b6085c91f
+a32a5c9439a0fa771dcbe7f338b5dcef62a754edc4952614d6f0
+53a87de519cdcc7f64730d58bce6baaf7b44c5c428a4611a208ad4
+5e5ad8f0c4f083f9b7a5154d9c0dfd0f3d2fce94cf54fc215450314a
+9c76b9e63c77e6564b1e5111c2fb140046e1e5a4f900a7cfc2bac3fcfa
+bb919251ca310eb9b994e5d7883bc9fa2144b59b8d5d940677b7130ac777
+faa492a66f08ef0c7adb868fcb7b523aedd35b8ff1414bd1d554794f144474
+9b273ebe335540b87be899abe169389ed61ed262c3a0a16e4998bbf752f0bee3
+1e0070b92429c151b33bdd1bb4430a0e650a3dfc94d404054e93c8568330ecc505
+e3b64149f1b76231686d592d1d4af984ce2826ba03c2224a92f95f9526130ce4eb40
+5f8e378120b73db9eefa65ddcdcdcb4acd8046c31a5e47f298caa400937d5623f1394b
+74c757a4165a1782c933e587353a9fd8f6d7bf26b7f51b52c542747030bfb3d560c2e5c2
+2d5ee85cc238b923806dd98db18919d1924f2340ec88917d4ce1799cbfd5f2cb9df99db2e1
+c93ff727e6f9822efec0a77eed0025c0eff19127bf8746b7c71c2a098f57cef02febb86a1e6c
+adfb6d7ba13779a5dd1bbf268e400f4156f0f5c9d5b670ff539e1d9c1a63373416f3001f338407
+3a6900e58a448887d77c5911e4bdde620e64f25b2d71723fa60f7cb3efa7c320b6153bdbc3287949
+413eb0fd379b32dd88e82242a87cc58ce3e64c72352387a4c70f92ee5c8d23fa7ecd86f6df170a32d2
+92d0d3cacc3e25628caf6f2c4cd50d25d154ac45098f531d690230b859f37cfe089eb169f76bba72a3ff
+92f6ccc11a9a3bee520b17e0cddc4550c0e9cf47ddd9a6161284259ffb161c1d0675b505cb1066872768e8
+a3cd675804e6be7f120138a9eaadcd56bb7763d1c046e87fe0d358c8276b0d24621f46c60b46e397933b75b4
+304a1af53cbdd6486b8419d1ebd5e9528c540d8dc46a10be49067f46a0617229577015d776783f702b2954df43
+d8a6358970446453ac0c82c758644ab68989b5b4f06f9768807ce0c5f2a0dbac1e8450f4e3a02deecf7b54b6a45d
+1264b8dee9ac4aa8de69a43ada95cc95f20230f33836d4a1db8c2466ab38361686e5ac282025ccc2e0f6a1cd98a4dd
+7eed787abaa7f4e8b8aa3090f0676201cfbaaf350899661cdd5216ac0b5cd874443f5c0688ffd7ca1ccbfe1ca7e1a3f5
+8907f0218585167962a8e8213559a643dd03c2bf1a7a5ad3e3bc5f88c0ff1532ee8cd29880e7e0e68da22a5798aef27cc5
+12dea17b0733e5060751b1115e10c3d4b2f4583bcd009d9f1f42ec23d4a6a0df1185d3abbdbe86de08569e70583d6de1c1fe
+8ff75e91f1de547dc3a25472db2f51f5910a290c449603da54207b5e39bd735d240ec913b52df90709b5d29357971d6c341452
+4a3b16b12400f38e74778efc3a4caa52ec6fdf6b0180a5bfac9189e52e162c10e8911a54ab33e2b389ee1949e58edaa119e2b2b9
+c9943e7186fdc9bbfa1d7087fa7086babe6fcf95a6196d1772187854071304e2f1fff39e6e6f48f76addb16d5c00249e0523aac91f
+0297f16fdd34add9cc87b4adf816525b590ba08ac733c43f8d225d194df4f9c83b4dce617be51e25b5f6c80dff249f27c707de20e422
+576bb891eab9930998e2e73b5d0498e3c5f040f8dec9397a8c7a622c17de01fee7cc936e3bd4de1f7fd8b31dea9e70c65462bbb5dc7b50
+9416a57ae7c8c51c6e008f940fe06d8ebc02c350c19a2f71583a6d260b085670d73a95248fef0f4cae5292ba7db1189a7cd9c51122ba7913
+ea644b9051cca5eee8868a553e3f0f4e14739e1555474151156e10578256b288a233870dd43a380765400ea446df7f452c1e03a9e5b6731256
+f99cc1603de221abc1ecb1a7eb4bbf06e99561d1cc5541d8d601bae2b1dd3cbe448ac276667f26de5e269183a09f7deaf35d33174b3cc8ad4aa2
+ee2be1ec57fdac23f89402a534177eca0f4b982a4ed2c2e900b6a79e1f47a2d023eff2e647baf4f4c0da3a28d08a44bc780516974074e2523e6651
+9cda001868949a2bad96c5b3950a8315e6e5214d0b54dcd596280565d351806ef22cf3053f63623da72fcad9afa3896641658632334c9ec4f644c984
+c6d6722a916651a8671383d8260873347d9c248696b4cb3dac4dea9ba57ed971127cb18e44211d7e14177ace248b3c6e0785356ee261ebdc6ef0faf143
+5dd258a3e7505bc6b9776b0df25676a1c19e2c8258c7b5f2e361423523d96299eb6827bc7c27e7bca2d2b59d717c2ebcb05e6dcaa32289d96fae9a4077ef
+19c14de35fe19c92cc0e624280e4136355d4cfa9a0a98b090c4b06f5665021920725852ff1f566b0c8c37157b25fb9f947a2e70b40577a17860a0732c170ac
+5fcdcc02be7714a0dbc77df498bf999ea9225d564adca1c121c9af03af92cac8177b9b4a86bcc47c79aa32aac58a3fef967b2132e9352d4613fe890beed2571b
+1afc8ec818bef0a479d2b4cac81d40a52cafa27f6d80c42fc23cbaf4141882ab59ab1101922fcb6e707ef2f61efd07cce5d09094e6bee420b1b96998c7cee96d
+1afc8ec818bef0a479d2b4cac81d40a52cafa27f6d80c42fc23cbaf4141882ab59ab1101922fcb6e707ef2f61efd07cce5d09094e6bee420b1b96998c7cee96d
+5789f474edd5206ededaccfc35e7dd3ed730748125b5395abf802b2601126b19b109a1db67556945bc79bb25e1ab59610599d155070e0e04354f11a6a5d6f3ac
+e78efc663a5547c089f2b3b08973c974c4bfd365eac18b80c68bdb3b1ba4554b54d6b8465a68a3b9aa0bc020621f16efd5b8dd8c7c01ed9ee3ec5544aae465ff
+1afc8ec818bef0a479d2b4cac81d40a52cafa27f6d80c42fc23cbaf4141882ab59ab1101922fcb6e707ef2f61efd07cce5d09094e6bee420b1b96998c7cee96d
+1afc8ec818bef0a479d2b4cac81d40a52cafa27f6d80c42fc23cbaf4141882ab59ab1101922fcb6e707ef2f61efd07cce5d09094e6bee420b1b96998c7cee96d
+fb4e2ad6b7fe6afd2ba06d5c1d79379c5bf10e336a35c89a1aaf408a805171716e0635a5b1d18190131e15b6888510bcb3e3752b050f892a09dbbde60b051495
+5789f474edd5206ededaccfc35e7dd3ed730748125b5395abf802b2601126b19b109a1db67556945bc79bb25e1ab59610599d155070e0e04354f11a6a5d6f3ac
+e78efc663a5547c089f2b3b08973c974c4bfd365eac18b80c68bdb3b1ba4554b54d6b8465a68a3b9aa0bc020621f16efd5b8dd8c7c01ed9ee3ec5544aae465ff
+4f9875a42ba0da8ae3448d2d62b1ff51be672eb1b8a1b0fa5bcd5334c861eff06b5903d672d318fd04e0ef94ddd37eca6d4ad2051a36a0236dc4cc09a5a44358
+ec9f272db92d1fa99324115f34cda8b4690ad029c1df36986cf9e1f844d8fdeca8e8e8311620ad24cbbfa12eccb676b979565405c8e2e20a2e4f18fb27c93d76
diff --git a/test/default/hash.c b/test/default/hash.c
index c24f9c4..c220bd4 100644
--- a/test/default/hash.c
+++ b/test/default/hash.c
@@ -1,16 +1,41 @@
-#include <stdio.h>
 
 #define TEST_NAME "hash"
 #include "cmptest.h"
 
 unsigned char x[] = "testing\n";
+unsigned char x2[] = "The Conscience of a Hacker is a small essay written January 8, 1986 by a computer security hacker who went by the handle of The Mentor, who belonged to the 2nd generation of Legion of Doom.";
 unsigned char h[crypto_hash_BYTES];
 
 int main(void)
 {
-  size_t i;
-  crypto_hash(h,x,sizeof x - 1U);
-  for (i = 0;i < crypto_hash_BYTES;++i) printf("%02x",(unsigned int) h[i]);
-  printf("\n");
-  return 0;
+    size_t i;
+
+    crypto_hash(h, x, sizeof x - 1U);
+    for (i = 0; i < crypto_hash_BYTES; ++i) {
+        printf("%02x", (unsigned int)h[i]);
+    }
+    printf("\n");
+    crypto_hash(h, x2, sizeof x2 - 1U);
+    for (i = 0; i < crypto_hash_BYTES; ++i) {
+        printf("%02x", (unsigned int)h[i]);
+    }
+    printf("\n");
+    crypto_hash_sha256(h, x, sizeof x - 1U);
+    for (i = 0; i < crypto_hash_sha256_BYTES; ++i) {
+        printf("%02x", (unsigned int)h[i]);
+    }
+    printf("\n");
+    crypto_hash_sha256(h, x2, sizeof x2 - 1U);
+    for (i = 0; i < crypto_hash_sha256_BYTES; ++i) {
+        printf("%02x", (unsigned int)h[i]);
+    }
+    printf("\n");
+
+    assert(crypto_hash_bytes() > 0U);
+    assert(strcmp(crypto_hash_primitive(), "sha512") == 0);
+    assert(crypto_hash_sha256_bytes() > 0U);
+    assert(crypto_hash_sha512_bytes() >= crypto_hash_sha256_bytes());
+    assert(crypto_hash_sha512_bytes() == crypto_hash_bytes());
+
+    return 0;
 }
diff --git a/test/default/hash.exp b/test/default/hash.exp
new file mode 100644
index 0000000..f26c0b0
--- /dev/null
+++ b/test/default/hash.exp
@@ -0,0 +1,4 @@
+24f950aac7b9ea9b3cb728228a0c82b67c39e96b4b344798870d5daee93e3ae5931baae8c7cacfea4b629452c38026a81d138bc7aad1af3ef7bfd5ec646d6c28
+a77abe1ccf8f5497e228fbc0acd73a521ededb21b89726684a6ebbc3baa32361aca5a244daa84f24bf19c68baf78e6907625a659b15479eb7bd426fc62aafa73
+12a61f4e173fb3a11c05d6471f74728f76231b4a5fcd9667cef3af87a3ae4dc2
+71cc8123fef8c236e451d3c3ddf1adae9aa6cd9521e7041769d737024900a03a
diff --git a/test/default/hash2.exp b/test/default/hash2.exp
new file mode 100644
index 0000000..df58217
--- /dev/null
+++ b/test/default/hash2.exp
@@ -0,0 +1 @@
+24f950aac7b9ea9b3cb728228a0c82b67c39e96b4b344798870d5daee93e3ae5931baae8c7cacfea4b629452c38026a81d138bc7aad1af3ef7bfd5ec646d6c28
diff --git a/test/default/hash3.c b/test/default/hash3.c
index a546125..01df6f0 100644
--- a/test/default/hash3.c
+++ b/test/default/hash3.c
@@ -1,16 +1,19 @@
-#include <stdio.h>
 
 #define TEST_NAME "hash3"
 #include "cmptest.h"
 
 unsigned char x[] = "testing\n";
-unsigned char h[crypto_hash_sha512_BYTES];
+unsigned char h[crypto_hash_BYTES];
 
 int main(void)
 {
-  size_t i;
-  crypto_hash_sha512(h,x,sizeof x - 1U);
-  for (i = 0;i < crypto_hash_sha512_BYTES;++i) printf("%02x",(unsigned int) h[i]);
-  printf("\n");
-  return 0;
+    size_t i;
+
+    crypto_hash(h, x, sizeof x - 1U);
+    for (i = 0; i < crypto_hash_BYTES; ++i) {
+        printf("%02x", (unsigned int)h[i]);
+    }
+    printf("\n");
+
+    return 0;
 }
diff --git a/test/default/hash3.exp b/test/default/hash3.exp
new file mode 100644
index 0000000..df58217
--- /dev/null
+++ b/test/default/hash3.exp
@@ -0,0 +1 @@
+24f950aac7b9ea9b3cb728228a0c82b67c39e96b4b344798870d5daee93e3ae5931baae8c7cacfea4b629452c38026a81d138bc7aad1af3ef7bfd5ec646d6c28
diff --git a/test/default/onetimeauth.c b/test/default/onetimeauth.c
index ddeb8ee..9a8b4f5 100644
--- a/test/default/onetimeauth.c
+++ b/test/default/onetimeauth.c
@@ -1,44 +1,56 @@
-#include <stdio.h>
 
 #define TEST_NAME "onetimeauth"
 #include "cmptest.h"
 
-unsigned char rs[32] = {
- 0xee,0xa6,0xa7,0x25,0x1c,0x1e,0x72,0x91
-,0x6d,0x11,0xc2,0xcb,0x21,0x4d,0x3c,0x25
-,0x25,0x39,0x12,0x1d,0x8e,0x23,0x4e,0x65
-,0x2d,0x65,0x1f,0xa4,0xc8,0xcf,0xf8,0x80
-} ;
-
-unsigned char c[131] = {
- 0x8e,0x99,0x3b,0x9f,0x48,0x68,0x12,0x73
-,0xc2,0x96,0x50,0xba,0x32,0xfc,0x76,0xce
-,0x48,0x33,0x2e,0xa7,0x16,0x4d,0x96,0xa4
-,0x47,0x6f,0xb8,0xc5,0x31,0xa1,0x18,0x6a
-,0xc0,0xdf,0xc1,0x7c,0x98,0xdc,0xe8,0x7b
-,0x4d,0xa7,0xf0,0x11,0xec,0x48,0xc9,0x72
-,0x71,0xd2,0xc2,0x0f,0x9b,0x92,0x8f,0xe2
-,0x27,0x0d,0x6f,0xb8,0x63,0xd5,0x17,0x38
-,0xb4,0x8e,0xee,0xe3,0x14,0xa7,0xcc,0x8a
-,0xb9,0x32,0x16,0x45,0x48,0xe5,0x26,0xae
-,0x90,0x22,0x43,0x68,0x51,0x7a,0xcf,0xea
-,0xbd,0x6b,0xb3,0x73,0x2b,0xc0,0xe9,0xda
-,0x99,0x83,0x2b,0x61,0xca,0x01,0xb6,0xde
-,0x56,0x24,0x4a,0x9e,0x88,0xd5,0xf9,0xb3
-,0x79,0x73,0xf6,0x22,0xa4,0x3d,0x14,0xa6
-,0x59,0x9b,0x1f,0x65,0x4c,0xb4,0x5a,0x74
-,0xe3,0x55,0xa5
-} ;
+unsigned char rs[32]
+    = { 0xee, 0xa6, 0xa7, 0x25, 0x1c, 0x1e, 0x72, 0x91, 0x6d, 0x11, 0xc2,
+        0xcb, 0x21, 0x4d, 0x3c, 0x25, 0x25, 0x39, 0x12, 0x1d, 0x8e, 0x23,
+        0x4e, 0x65, 0x2d, 0x65, 0x1f, 0xa4, 0xc8, 0xcf, 0xf8, 0x80 };
+
+unsigned char c[131]
+    = { 0x8e, 0x99, 0x3b, 0x9f, 0x48, 0x68, 0x12, 0x73, 0xc2, 0x96, 0x50, 0xba,
+        0x32, 0xfc, 0x76, 0xce, 0x48, 0x33, 0x2e, 0xa7, 0x16, 0x4d, 0x96, 0xa4,
+        0x47, 0x6f, 0xb8, 0xc5, 0x31, 0xa1, 0x18, 0x6a, 0xc0, 0xdf, 0xc1, 0x7c,
+        0x98, 0xdc, 0xe8, 0x7b, 0x4d, 0xa7, 0xf0, 0x11, 0xec, 0x48, 0xc9, 0x72,
+        0x71, 0xd2, 0xc2, 0x0f, 0x9b, 0x92, 0x8f, 0xe2, 0x27, 0x0d, 0x6f, 0xb8,
+        0x63, 0xd5, 0x17, 0x38, 0xb4, 0x8e, 0xee, 0xe3, 0x14, 0xa7, 0xcc, 0x8a,
+        0xb9, 0x32, 0x16, 0x45, 0x48, 0xe5, 0x26, 0xae, 0x90, 0x22, 0x43, 0x68,
+        0x51, 0x7a, 0xcf, 0xea, 0xbd, 0x6b, 0xb3, 0x73, 0x2b, 0xc0, 0xe9, 0xda,
+        0x99, 0x83, 0x2b, 0x61, 0xca, 0x01, 0xb6, 0xde, 0x56, 0x24, 0x4a, 0x9e,
+        0x88, 0xd5, 0xf9, 0xb3, 0x79, 0x73, 0xf6, 0x22, 0xa4, 0x3d, 0x14, 0xa6,
+        0x59, 0x9b, 0x1f, 0x65, 0x4c, 0xb4, 0x5a, 0x74, 0xe3, 0x55, 0xa5 };
 
 unsigned char a[16];
 
 int main(void)
 {
-  int i;
-  crypto_onetimeauth_poly1305(a,c,131,rs);
-  for (i = 0;i < 16;++i) {
-    printf(",0x%02x",(unsigned int) a[i]);
-    if (i % 8 == 7) printf("\n");
-  }
-  return 0;
+    crypto_onetimeauth_state st;
+    int i;
+
+    crypto_onetimeauth(a, c, 131, rs);
+    for (i = 0; i < 16; ++i) {
+        printf(",0x%02x", (unsigned int)a[i]);
+        if (i % 8 == 7)
+            printf("\n");
+    }
+
+    memset(a, 0, sizeof a);
+    crypto_onetimeauth_init(&st, rs);
+    crypto_onetimeauth_update(&st, c, 100);
+    crypto_onetimeauth_update(&st, c + 100, 31);
+    crypto_onetimeauth_final(&st, a);
+    for (i = 0; i < 16; ++i) {
+        printf(",0x%02x", (unsigned int)a[i]);
+        if (i % 8 == 7)
+            printf("\n");
+    }
+
+    assert(crypto_onetimeauth_bytes() > 0U);
+    assert(crypto_onetimeauth_keybytes() > 0U);
+    assert(strcmp(crypto_onetimeauth_primitive(), "poly1305") == 0);
+    assert(crypto_onetimeauth_poly1305_bytes() == crypto_onetimeauth_bytes());
+    assert(crypto_onetimeauth_poly1305_keybytes()
+           == crypto_onetimeauth_keybytes());
+
+    return 0;
 }
diff --git a/test/default/onetimeauth.exp b/test/default/onetimeauth.exp
new file mode 100644
index 0000000..33973bd
--- /dev/null
+++ b/test/default/onetimeauth.exp
@@ -0,0 +1,4 @@
+,0xf3,0xff,0xc7,0x70,0x3f,0x94,0x00,0xe5
+,0x2a,0x7d,0xfb,0x4b,0x3d,0x33,0x05,0xd9
+,0xf3,0xff,0xc7,0x70,0x3f,0x94,0x00,0xe5
+,0x2a,0x7d,0xfb,0x4b,0x3d,0x33,0x05,0xd9
diff --git a/test/default/onetimeauth2.c b/test/default/onetimeauth2.c
index 2114e29..e33a9fe 100644
--- a/test/default/onetimeauth2.c
+++ b/test/default/onetimeauth2.c
@@ -1,42 +1,30 @@
-#include <stdio.h>
 
 #define TEST_NAME "onetimeauth2"
 #include "cmptest.h"
 
-unsigned char rs[32] = {
- 0xee,0xa6,0xa7,0x25,0x1c,0x1e,0x72,0x91
-,0x6d,0x11,0xc2,0xcb,0x21,0x4d,0x3c,0x25
-,0x25,0x39,0x12,0x1d,0x8e,0x23,0x4e,0x65
-,0x2d,0x65,0x1f,0xa4,0xc8,0xcf,0xf8,0x80
-} ;
+unsigned char rs[32]
+    = { 0xee, 0xa6, 0xa7, 0x25, 0x1c, 0x1e, 0x72, 0x91, 0x6d, 0x11, 0xc2,
+        0xcb, 0x21, 0x4d, 0x3c, 0x25, 0x25, 0x39, 0x12, 0x1d, 0x8e, 0x23,
+        0x4e, 0x65, 0x2d, 0x65, 0x1f, 0xa4, 0xc8, 0xcf, 0xf8, 0x80 };
 
-unsigned char c[131] = {
- 0x8e,0x99,0x3b,0x9f,0x48,0x68,0x12,0x73
-,0xc2,0x96,0x50,0xba,0x32,0xfc,0x76,0xce
-,0x48,0x33,0x2e,0xa7,0x16,0x4d,0x96,0xa4
-,0x47,0x6f,0xb8,0xc5,0x31,0xa1,0x18,0x6a
-,0xc0,0xdf,0xc1,0x7c,0x98,0xdc,0xe8,0x7b
-,0x4d,0xa7,0xf0,0x11,0xec,0x48,0xc9,0x72
-,0x71,0xd2,0xc2,0x0f,0x9b,0x92,0x8f,0xe2
-,0x27,0x0d,0x6f,0xb8,0x63,0xd5,0x17,0x38
-,0xb4,0x8e,0xee,0xe3,0x14,0xa7,0xcc,0x8a
-,0xb9,0x32,0x16,0x45,0x48,0xe5,0x26,0xae
-,0x90,0x22,0x43,0x68,0x51,0x7a,0xcf,0xea
-,0xbd,0x6b,0xb3,0x73,0x2b,0xc0,0xe9,0xda
-,0x99,0x83,0x2b,0x61,0xca,0x01,0xb6,0xde
-,0x56,0x24,0x4a,0x9e,0x88,0xd5,0xf9,0xb3
-,0x79,0x73,0xf6,0x22,0xa4,0x3d,0x14,0xa6
-,0x59,0x9b,0x1f,0x65,0x4c,0xb4,0x5a,0x74
-,0xe3,0x55,0xa5
-} ;
+unsigned char c[131]
+    = { 0x8e, 0x99, 0x3b, 0x9f, 0x48, 0x68, 0x12, 0x73, 0xc2, 0x96, 0x50, 0xba,
+        0x32, 0xfc, 0x76, 0xce, 0x48, 0x33, 0x2e, 0xa7, 0x16, 0x4d, 0x96, 0xa4,
+        0x47, 0x6f, 0xb8, 0xc5, 0x31, 0xa1, 0x18, 0x6a, 0xc0, 0xdf, 0xc1, 0x7c,
+        0x98, 0xdc, 0xe8, 0x7b, 0x4d, 0xa7, 0xf0, 0x11, 0xec, 0x48, 0xc9, 0x72,
+        0x71, 0xd2, 0xc2, 0x0f, 0x9b, 0x92, 0x8f, 0xe2, 0x27, 0x0d, 0x6f, 0xb8,
+        0x63, 0xd5, 0x17, 0x38, 0xb4, 0x8e, 0xee, 0xe3, 0x14, 0xa7, 0xcc, 0x8a,
+        0xb9, 0x32, 0x16, 0x45, 0x48, 0xe5, 0x26, 0xae, 0x90, 0x22, 0x43, 0x68,
+        0x51, 0x7a, 0xcf, 0xea, 0xbd, 0x6b, 0xb3, 0x73, 0x2b, 0xc0, 0xe9, 0xda,
+        0x99, 0x83, 0x2b, 0x61, 0xca, 0x01, 0xb6, 0xde, 0x56, 0x24, 0x4a, 0x9e,
+        0x88, 0xd5, 0xf9, 0xb3, 0x79, 0x73, 0xf6, 0x22, 0xa4, 0x3d, 0x14, 0xa6,
+        0x59, 0x9b, 0x1f, 0x65, 0x4c, 0xb4, 0x5a, 0x74, 0xe3, 0x55, 0xa5 };
 
-unsigned char a[16] = {
- 0xf3,0xff,0xc7,0x70,0x3f,0x94,0x00,0xe5
-,0x2a,0x7d,0xfb,0x4b,0x3d,0x33,0x05,0xd9
-} ;
+unsigned char a[16] = { 0xf3, 0xff, 0xc7, 0x70, 0x3f, 0x94, 0x00, 0xe5,
+                        0x2a, 0x7d, 0xfb, 0x4b, 0x3d, 0x33, 0x05, 0xd9 };
 
 int main(void)
 {
-  printf("%d\n",crypto_onetimeauth_poly1305_verify(a,c,131,rs));
-  return 0;
+    printf("%d\n", crypto_onetimeauth_verify(a, c, 131, rs));
+    return 0;
 }
diff --git a/test/default/onetimeauth2.exp b/test/default/onetimeauth2.exp
new file mode 100644
index 0000000..573541a
--- /dev/null
+++ b/test/default/onetimeauth2.exp
@@ -0,0 +1 @@
+0
diff --git a/test/default/onetimeauth7.c b/test/default/onetimeauth7.c
index 6d99134..18d1186 100644
--- a/test/default/onetimeauth7.c
+++ b/test/default/onetimeauth7.c
@@ -1,5 +1,4 @@
-#include <stdio.h>
-#include <stdlib.h>
+
 #include "windows/windows-quirks.h"
 
 #define TEST_NAME "onetimeauth7"
@@ -11,27 +10,28 @@ unsigned char a[16];
 
 int main(void)
 {
-  int clen;
-  for (clen = 0;clen < 10000;++clen) {
-    randombytes(key,sizeof key);
-    randombytes(c,clen);
-    crypto_onetimeauth_poly1305(a,c,clen,key);
-    if (crypto_onetimeauth_poly1305_verify(a,c,clen,key) != 0) {
-      printf("fail %d\n",clen);
-      return 100;
-    }
-    if (clen > 0) {
-      c[rand() % clen] += 1 + (rand() % 255);
-      if (crypto_onetimeauth_poly1305_verify(a,c,clen,key) == 0) {
-        printf("forgery %d\n",clen);
-        return 100;
-      }
-      a[rand() % sizeof a] += 1 + (rand() % 255);
-      if (crypto_onetimeauth_poly1305_verify(a,c,clen,key) == 0) {
-        printf("forgery %d\n",clen);
-        return 100;
-      }
+    int clen;
+
+    for (clen = 0; clen < 10000; ++clen) {
+        randombytes_buf(key, sizeof key);
+        randombytes_buf(c, clen);
+        crypto_onetimeauth(a, c, clen, key);
+        if (crypto_onetimeauth_verify(a, c, clen, key) != 0) {
+            printf("fail %d\n", clen);
+            return 100;
+        }
+        if (clen > 0) {
+            c[rand() % clen] += 1 + (rand() % 255);
+            if (crypto_onetimeauth_verify(a, c, clen, key) == 0) {
+                printf("forgery %d\n", clen);
+                return 100;
+            }
+            a[rand() % sizeof a] += 1 + (rand() % 255);
+            if (crypto_onetimeauth_verify(a, c, clen, key) == 0) {
+                printf("forgery %d\n", clen);
+                return 100;
+            }
+        }
     }
-  }
-  return 0;
+    return 0;
 }
diff --git a/test/default/onetimeauth7.exp b/test/default/onetimeauth7.exp
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/test/default/onetimeauth7.exp
diff --git a/test/default/pwhash.c b/test/default/pwhash.c
index 7d00902..f61214f 100644
--- a/test/default/pwhash.c
+++ b/test/default/pwhash.c
@@ -1,5 +1,3 @@
-#include <stdio.h>
-#include <string.h>
 
 #define TEST_NAME "pwhash"
 #include "cmptest.h"
@@ -7,42 +5,102 @@
 static void tv(void)
 {
     static struct {
-        const char         *passwd_hex;
-        unsigned long long  passwdlen;
-        const char         *salt_hex;
-        unsigned long long  outlen;
-        unsigned long long  opslimit;
-        size_t              memlimit;
+        const char *passwd_hex;
+        unsigned long long passwdlen;
+        const char *salt_hex;
+        unsigned long long outlen;
+        unsigned long long opslimit;
+        size_t memlimit;
     } tests[] = {
-        {"a347ae92bce9f80f6f595a4480fc9c2fe7e7d7148d371e9487d75f5c23008ffae065577a928febd9b1973a5a95073acdbeb6a030cfc0d79caa2dc5cd011cef02c08da232d76d52dfbca38ca8dcbd665b17d1665f7cf5fe59772ec909733b24de97d6f58d220b20c60d7c07ec1fd93c52c31020300c6c1facd77937a597c7a6", 127, "5541fbc995d5c197ba290346d2c559dedf405cf97e5f95482143202f9e74f5c2", 155, 481326, 7256678},
-        {"e125cee61c8cb7778d9e5ad0a6f5d978ce9f84de213a8556d9ffe202020ab4a6ed9074a4eb3416f9b168f137510f3a30b70b96cbfa219ff99f6c6eaffb15c06b60e00cc2890277f0fd3c622115772f7048adaebed86e", 86, "f1192dd5dc2368b9cd421338b22433455ee0a3699f9379a08b9650ea2c126f0d", 250, 535778, 7849083},
-        {"92263cbf6ac376499f68a4289d3bb59e5a22335eba63a32e6410249155b956b6a3b48d4a44906b18b897127300b375b8f834f1ceffc70880a885f47c33876717e392be57f7da3ae58da4fd1f43daa7e44bb82d3717af4319349c24cd31e46d295856b0441b6b289992a11ced1cc3bf3011604590244a3eb737ff221129215e4e4347f4915d41292b5173d196eb9add693be5319fdadc242906178bb6c0286c9b6ca6012746711f58c8c392016b2fdfc09c64f0f6b6ab7b", 183, "3b840e20e9555e9fb031c4ba1f1747ce25cc1d0ff664be676b9b4a90641ff194", 249, 311757, 7994791},
-        {"027b6d8e8c8c474e9b69c7d9ed4f9971e8e1ce2f6ba95048414c3970f0f09b70e3b6c5ae05872b3d8678705b7d381829c351a5a9c88c233569b35d6b0b809df44b6451a9c273f1150e2ef8a0b5437eb701e373474cd44b97ef0248ebce2ca0400e1b53f3d86221eca3f18eb45b702b9172440f774a82cbf1f6f525df30a6e293c873cce69bb078ed1f0d31e7f9b8062409f37f19f8550aae", 152, "eb2a3056a09ad2d7d7f975bcd707598f24cd32518cde3069f2e403b34bfee8a5", 5, 643464, 1397645},
-        {"4a857e2ee8aa9b6056f2424e84d24a72473378906ee04a46cb05311502d5250b82ad86b83c8f20a23dbb74f6da60b0b6ecffd67134d45946ac8ebfb3064294bc097d43ced68642bfb8bbbdd0f50b30118f5e", 82, "39d82eef32010b8b79cc5ba88ed539fbaba741100f2edbeca7cc171ffeabf258", 190, 758010, 5432947},
-        {"1845e375479537e9dd4f4486d5c91ac72775d66605eeb11a787b78a7745f1fd0052d526c67235dbae1b2a4d575a74cb551c8e9096c593a497aee74ba3047d911358ede57bc27c9ea1829824348daaab606217cc931dcb6627787bd6e4e5854f0e8", 97, "3ee91a805aa62cfbe8dce29a2d9a44373a5006f4a4ce24022aca9cecb29d1473", 212, 233177, 13101817},
-        {"c7b09aec680e7b42fedd7fc792e78b2f6c1bea8f4a884320b648f81e8cf515e8ba9dcfb11d43c4aae114c1734aa69ca82d44998365db9c93744fa28b63fd16000e8261cbbe083e7e2da1e5f696bde0834fe53146d7e0e35e7de9920d041f5a5621aabe02da3e2b09b405b77937efef3197bd5772e41fdb73fb5294478e45208063b5f58e089dbeb6d6342a909c1307b3fff5fe2cf4da56bdae50848f", 156, "039c056d933b475032777edbaffac50f143f64c123329ed9cf59e3b65d3f43b6", 178, 234753, 4886999},
-        {"8f3a06e2fd8711350a517bb12e31f3d3423e8dc0bb14aac8240fca0995938d59bb37bd0a7dfc9c9cc0705684b46612e8c8b1d6655fb0f9887562bb9899791a0250d1320f945eda48cdc20c233f40a5bb0a7e3ac5ad7250ce684f68fc0b8c9633bfd75aad116525af7bdcdbbdb4e00ab163fd4df08f243f12557e", 122, "90631f686a8c3dbc0703ffa353bc1fdf35774568ac62406f98a13ed8f47595fd", 55, 695191, 15738350},
-        {"b540beb016a5366524d4605156493f9874514a5aa58818cd0c6dfffaa9e90205f17b", 34, "44071f6d181561670bda728d43fb79b443bb805afdebaf98622b5165e01b15fb", 231, 78652, 6631659},
-        {"a14975c26c088755a8b715ff2528d647cd343987fcf4aa25e7194a8417fb2b4b3f7268da9f3182b4cfb22d138b2749d673a47ecc7525dd15a0a3c66046971784bb63d7eae24cc84f2631712075a10e10a96b0e0ee67c43e01c423cb9c44e5371017e9c496956b632158da3fe12addecb88912e6759bc37f9af2f45af72c5cae3b179ffb676a697de6ebe45cd4c16d4a9d642d29ddc0186a0a48cb6cd62bfc3dd229d313b301560971e740e2cf1f99a9a090a5b283f35475057e96d7064e2e0fc81984591068d55a3b4169f22cccb0745a2689407ea1901a0a766eb99", 220, "3d968b2752b8838431165059319f3ff8910b7b8ecb54ea01d3f54769e9d98daf", 167, 717248, 10784179},
-    };
-    char          passwd[256];
+          { "a347ae92bce9f80f6f595a4480fc9c2fe7e7d7148d371e9487d75f5c23008ffae0"
+            "65577a928febd9b1973a5a95073acdbeb6a030cfc0d79caa2dc5cd011cef02c08d"
+            "a232d76d52dfbca38ca8dcbd665b17d1665f7cf5fe59772ec909733b24de97d6f5"
+            "8d220b20c60d7c07ec1fd93c52c31020300c6c1facd77937a597c7a6",
+            127,
+            "5541fbc995d5c197ba290346d2c559dedf405cf97e5f95482143202f9e74f5c2",
+            155, 481326, 7256678 },
+          { "e125cee61c8cb7778d9e5ad0a6f5d978ce9f84de213a8556d9ffe202020ab4a6ed"
+            "9074a4eb3416f9b168f137510f3a30b70b96cbfa219ff99f6c6eaffb15c06b60e0"
+            "0cc2890277f0fd3c622115772f7048adaebed86e",
+            86,
+            "f1192dd5dc2368b9cd421338b22433455ee0a3699f9379a08b9650ea2c126f0d",
+            250, 535778, 7849083 },
+          { "92263cbf6ac376499f68a4289d3bb59e5a22335eba63a32e6410249155b956b6a3"
+            "b48d4a44906b18b897127300b375b8f834f1ceffc70880a885f47c33876717e392"
+            "be57f7da3ae58da4fd1f43daa7e44bb82d3717af4319349c24cd31e46d295856b0"
+            "441b6b289992a11ced1cc3bf3011604590244a3eb737ff221129215e4e4347f491"
+            "5d41292b5173d196eb9add693be5319fdadc242906178bb6c0286c9b6ca6012746"
+            "711f58c8c392016b2fdfc09c64f0f6b6ab7b",
+            183,
+            "3b840e20e9555e9fb031c4ba1f1747ce25cc1d0ff664be676b9b4a90641ff194",
+            249, 311757, 7994791 },
+          { "027b6d8e8c8c474e9b69c7d9ed4f9971e8e1ce2f6ba95048414c3970f0f09b70e3"
+            "b6c5ae05872b3d8678705b7d381829c351a5a9c88c233569b35d6b0b809df44b64"
+            "51a9c273f1150e2ef8a0b5437eb701e373474cd44b97ef0248ebce2ca0400e1b53"
+            "f3d86221eca3f18eb45b702b9172440f774a82cbf1f6f525df30a6e293c873cce6"
+            "9bb078ed1f0d31e7f9b8062409f37f19f8550aae",
+            152,
+            "eb2a3056a09ad2d7d7f975bcd707598f24cd32518cde3069f2e403b34bfee8a5",
+            5, 643464, 1397645 },
+          { "4a857e2ee8aa9b6056f2424e84d24a72473378906ee04a46cb05311502d5250b82"
+            "ad86b83c8f20a23dbb74f6da60b0b6ecffd67134d45946ac8ebfb3064294bc097d"
+            "43ced68642bfb8bbbdd0f50b30118f5e",
+            82,
+            "39d82eef32010b8b79cc5ba88ed539fbaba741100f2edbeca7cc171ffeabf258",
+            190, 758010, 5432947 },
+          { "1845e375479537e9dd4f4486d5c91ac72775d66605eeb11a787b78a7745f1fd005"
+            "2d526c67235dbae1b2a4d575a74cb551c8e9096c593a497aee74ba3047d911358e"
+            "de57bc27c9ea1829824348daaab606217cc931dcb6627787bd6e4e5854f0e8",
+            97,
+            "3ee91a805aa62cfbe8dce29a2d9a44373a5006f4a4ce24022aca9cecb29d1473",
+            212, 233177, 13101817 },
+          { "c7b09aec680e7b42fedd7fc792e78b2f6c1bea8f4a884320b648f81e8cf515e8ba"
+            "9dcfb11d43c4aae114c1734aa69ca82d44998365db9c93744fa28b63fd16000e82"
+            "61cbbe083e7e2da1e5f696bde0834fe53146d7e0e35e7de9920d041f5a5621aabe"
+            "02da3e2b09b405b77937efef3197bd5772e41fdb73fb5294478e45208063b5f58e"
+            "089dbeb6d6342a909c1307b3fff5fe2cf4da56bdae50848f",
+            156,
+            "039c056d933b475032777edbaffac50f143f64c123329ed9cf59e3b65d3f43b6",
+            178, 234753, 4886999 },
+          { "8f3a06e2fd8711350a517bb12e31f3d3423e8dc0bb14aac8240fca0995938d59bb"
+            "37bd0a7dfc9c9cc0705684b46612e8c8b1d6655fb0f9887562bb9899791a0250d1"
+            "320f945eda48cdc20c233f40a5bb0a7e3ac5ad7250ce684f68fc0b8c9633bfd75a"
+            "ad116525af7bdcdbbdb4e00ab163fd4df08f243f12557e",
+            122,
+            "90631f686a8c3dbc0703ffa353bc1fdf35774568ac62406f98a13ed8f47595fd",
+            55, 695191, 15738350 },
+          { "b540beb016a5366524d4605156493f9874514a5aa58818cd0c6dfffaa9e90205f1"
+            "7b",
+            34,
+            "44071f6d181561670bda728d43fb79b443bb805afdebaf98622b5165e01b15fb",
+            231, 78652, 6631659 },
+          { "a14975c26c088755a8b715ff2528d647cd343987fcf4aa25e7194a8417fb2b4b3f"
+            "7268da9f3182b4cfb22d138b2749d673a47ecc7525dd15a0a3c66046971784bb63"
+            "d7eae24cc84f2631712075a10e10a96b0e0ee67c43e01c423cb9c44e5371017e9c"
+            "496956b632158da3fe12addecb88912e6759bc37f9af2f45af72c5cae3b179ffb6"
+            "76a697de6ebe45cd4c16d4a9d642d29ddc0186a0a48cb6cd62bfc3dd229d313b30"
+            "1560971e740e2cf1f99a9a090a5b283f35475057e96d7064e2e0fc81984591068d"
+            "55a3b4169f22cccb0745a2689407ea1901a0a766eb99",
+            220,
+            "3d968b2752b8838431165059319f3ff8910b7b8ecb54ea01d3f54769e9d98daf",
+            167, 717248, 10784179 },
+      };
+    char passwd[256];
     unsigned char salt[crypto_pwhash_scryptsalsa208sha256_SALTBYTES];
     unsigned char out[256];
-    char          out_hex[256 * 2 + 1];
-    size_t        i = 0U;
+    char out_hex[256 * 2 + 1];
+    size_t i = 0U;
 
     do {
-        sodium_hex2bin((unsigned char *) passwd, sizeof passwd,
-                       tests[i].passwd_hex, strlen(tests[i].passwd_hex),
-                       NULL, NULL, NULL);
-        sodium_hex2bin(salt, sizeof salt,
-                       tests[i].salt_hex, strlen(tests[i].salt_hex),
-                       NULL, NULL, NULL);
-        if (crypto_pwhash_scryptsalsa208sha256(out, tests[i].outlen,
-                                                passwd, tests[i].passwdlen,
-                                                (const unsigned char *) salt,
-                                                tests[i].opslimit,
-                                                tests[i].memlimit) != 0) {
+        sodium_hex2bin((unsigned char *)passwd, sizeof passwd,
+                       tests[i].passwd_hex, strlen(tests[i].passwd_hex), NULL,
+                       NULL, NULL);
+        sodium_hex2bin(salt, sizeof salt, tests[i].salt_hex,
+                       strlen(tests[i].salt_hex), NULL, NULL, NULL);
+        if (crypto_pwhash_scryptsalsa208sha256(
+                out, tests[i].outlen, passwd, tests[i].passwdlen,
+                (const unsigned char *)salt, tests[i].opslimit,
+                tests[i].memlimit) != 0) {
             printf("pwhash failure\n");
         }
         sodium_bin2hex(out_hex, sizeof out_hex, out, tests[i].outlen);
@@ -53,28 +111,169 @@ static void tv(void)
 static void tv2(void)
 {
     static struct {
-        const char         *passwd;
-        const char         *out;
+        const char *passwd_hex;
+        unsigned long long passwdlen;
+        const char *salt_hex;
+        unsigned long long outlen;
+        unsigned long long opslimit;
+        size_t memlimit;
     } tests[] = {
-        {"^T5H$JYt39n%K*j:W]!1s?vg!:jGi]Ax?..l7[p0v:1jHTpla9;]bUN;?bWyCbtqg nrDFal+Jxl3,2`#^tFSu%v_+7iYse8-cCkNf!tD=KrW)", "$7$B6....1....75gBMAGwfFWZqBdyF3WdTQnWdUsuTiWjG1fF9c1jiSD$tc8RoB3.Em3/zNgMLWo2u00oGIoTyJv4fl3Fl8Tix72"},
-        {"bl72h6#y<':MFRZ>B IA1=NRkCKS%W8`1I.2uQxJN0g)N N aTt^4K!Iw5r H6;crDsv^a55j9tsk'/GqweZn;cdk6+F_St6:#*=?ZCD_lw>.", "$7$A6....3....Iahc6qM0.UQJHVgE4h9oa1/4OWlWLm9CCtfguvz6bQD$QnXCo3M7nIqtry2WKsUZ5gQ.mY0wAlJu.WUhtE8vF66"},
-        {"Py >e.5b+tLo@rL`dC2k@eJ&4eVl!W=JJ4+k&mAt@gt',FS1JjqKW3aq21:]^kna`mde7kVkN5NrpKUptu)@4*b&?BE_sJMG1=&@`3GBCV]Wg7xwgo7x3El", "$7$96..../....f6bEusKt79kK4wdYN0ki2nw4bJQ7P3rN6k3BSigsK/D$Dsvuw7vXj5xijmrb/NOhdgoyK/OiSIYv88cEtl9Cik7"},
-        {"2vj;Um]FKOL27oam(:Uo8+UmSTvb1FD*h?jk_,S=;RDgF-$Fjk?]9yvfxe@fN^!NN(Cuml?+2Raa", "$7$86....I....7XwIxLtCx4VphmFeUa6OGuGJrFaIaYzDiLNu/tyUPhD$U3q5GCEqCWxMwh.YQHDJrlg7FIZgViv9pcXE3h1vg61"},
-        {"CT=[9uUoGav,J`kU+348tA50ue#sL:ABZ3QgF+r[#vh:tTOiL>s8tv%,Jeo]jH/_4^i(*jD-_ku[9Ko[=86 06V", "$7$A6....2....R3.bjH6YS9wz9z8Jsj.3weGQ3J80ZZElGw2oVux1TP6$i5u6lFzXDHaIgYEICinLD6WNaovbiXP8SnLrDRdKgA9"},
-        {"J#wNn`hDgOpTHNI.w^1a70%f,.9V_m038H_JIJQln`vdWnn/rmILR?9H5g(+`;@H(2VosN9Fgk[WEjaBr'yB9Q19-imNa04[Mk5kvGcSn-TV", "$7$B6....1....Dj1y.4mF1J9XmT/6IDskYdCLaPFJTq9xcCwXQ1DpT92$92/hYfZLRq1nTLyIz.uc/dC6wLqwnsoqpkadrCXusm6"},
-        {"j4BS38Asa;p)[K+9TY!3YDj<LK-`nLVXQw9%*QfM", "$7$B6....1....5Ods8mojVwXJq4AywF/uI9BdMSiJ/zT8hQP/4cB68VC$nk4ExHNXJ802froj51/1wJTrSZvTIyyK7PecOxRRaz0"},
-        {"M.R>Qw+!qJb]>pP :_.9`dxM9k [eR7Y!yL-3)sNs[R,j_/^ TH=5ny'15>6UXWcQW^6D%XCsO[vN[%ReA-`tV1vW(Nt*0KVK#]45P_A", "$7$B6....1....D/eyk8N5y6Z8YVQEsw521cTx.9zzLuK7YDs1KMMh.o4$alfW8ZbsUWnXc.vqon2zoljVk24Tt1.IsCuo2KurvS2"},
-        {"K3S=KyH#)36_?]LxeR8QNKw6X=gFb'ai$C%29V* tyh^Wo$TN-#Q4qkmtTCf0LLb.^E$0uykkP", "$7$B6....1....CuBuU97xgAage8whp/JNKobo0TFbsORGVbfcQIefyP8$aqalP.XofGViB8EPLONqHma8vs1xc9uTIMYh9CgE.S8"},
-        {"Y0!?iQa9M%5ekffW(`", "$7$A6....1....TrXs5Zk6s8sWHpQgWDIXTR8kUU3s6Jc3s.DtdS8M2i4$a4ik5hGDN7foMuHOW.cp.CtX01UyCeO0.JAG.AHPpx5"},
-    };
+          { "a347ae92bce9f80f6f595a4480fc9c2fe7e7d7148d371e9487d75f5c23008ffae0"
+            "65577a928febd9b1973a5a95073acdbeb6a030cfc0d79caa2dc5cd011cef02c08d"
+            "a232d76d52dfbca38ca8dcbd665b17d1665f7cf5fe59772ec909733b24de97d6f5"
+            "8d220b20c60d7c07ec1fd93c52c31020300c6c1facd77937a597c7a6",
+            127,
+            "5541fbc995d5c197ba290346d2c559dedf405cf97e5f95482143202f9e74f5c2",
+            155, 64, 1397645 },
+          { "a347ae92bce9f80f6f595a4480fc9c2fe7e7d7148d371e9487d75f5c23008ffae0"
+            "65577a928febd9b1973a5a95073acdbeb6a030cfc0d79caa2dc5cd011cef02c08d"
+            "a232d76d52dfbca38ca8dcbd665b17d1665f7cf5fe59772ec909733b24de97d6f5"
+            "8d220b20c60d7c07ec1fd93c52c31020300c6c1facd77937a597c7a6",
+            127,
+            "5541fbc995d5c197ba290346d2c559dedf405cf97e5f95482143202f9e74f5c2",
+            155, 32768, 1397645 },
+      };
+    char passwd[256];
+    unsigned char salt[crypto_pwhash_scryptsalsa208sha256_SALTBYTES];
+    unsigned char out[256];
+    char out_hex[256 * 2 + 1];
     size_t i = 0U;
 
     do {
-        if (crypto_pwhash_scryptsalsa208sha256_str_verify(tests[i].out,
-                                                           tests[i].passwd,
-                                                           strlen(tests[i].passwd)) != 0) {
-            printf("pwhash_str failure\n");
+        sodium_hex2bin((unsigned char *)passwd, sizeof passwd,
+                       tests[i].passwd_hex, strlen(tests[i].passwd_hex), NULL,
+                       NULL, NULL);
+        sodium_hex2bin(salt, sizeof salt, tests[i].salt_hex,
+                       strlen(tests[i].salt_hex), NULL, NULL, NULL);
+        if (crypto_pwhash_scryptsalsa208sha256(
+                out, tests[i].outlen, passwd, tests[i].passwdlen,
+                (const unsigned char *)salt, tests[i].opslimit,
+                tests[i].memlimit) != 0) {
+            printf("pwhash failure\n");
         }
+        sodium_bin2hex(out_hex, sizeof out_hex, out, tests[i].outlen);
+        printf("%s\n", out_hex);
+    } while (++i < (sizeof tests) / (sizeof tests[0]));
+}
+
+static void tv3(void)
+{
+    static struct {
+        const char *passwd;
+        const char *out;
+    } tests[] = {
+          { "^T5H$JYt39n%K*j:W]!1s?vg!:jGi]Ax?..l7[p0v:1jHTpla9;]bUN;?bWyCbtqg "
+            "nrDFal+Jxl3,2`#^tFSu%v_+7iYse8-cCkNf!tD=KrW)",
+            "$7$B6....1....75gBMAGwfFWZqBdyF3WdTQnWdUsuTiWjG1fF9c1jiSD$tc8RoB3."
+            "Em3/zNgMLWo2u00oGIoTyJv4fl3Fl8Tix72" },
+          { "bl72h6#y<':MFRZ>B IA1=NRkCKS%W8`1I.2uQxJN0g)N N aTt^4K!Iw5r "
+            "H6;crDsv^a55j9tsk'/GqweZn;cdk6+F_St6:#*=?ZCD_lw>.",
+            "$7$A6....3....Iahc6qM0.UQJHVgE4h9oa1/"
+            "4OWlWLm9CCtfguvz6bQD$QnXCo3M7nIqtry2WKsUZ5gQ.mY0wAlJu."
+            "WUhtE8vF66" },
+          { "Py "
+            ">e.5b+tLo@rL`dC2k@eJ&4eVl!W=JJ4+k&mAt@gt',FS1JjqKW3aq21:]^kna`"
+            "mde7kVkN5NrpKUptu)@4*b&?BE_sJMG1=&@`3GBCV]Wg7xwgo7x3El",
+            "$7$96..../....f6bEusKt79kK4wdYN0ki2nw4bJQ7P3rN6k3BSigsK/"
+            "D$Dsvuw7vXj5xijmrb/NOhdgoyK/OiSIYv88cEtl9Cik7" },
+          { "2vj;Um]FKOL27oam(:Uo8+UmSTvb1FD*h?jk_,S=;RDgF-$Fjk?]9yvfxe@fN^!NN("
+            "Cuml?+2Raa",
+            "$7$86....I....7XwIxLtCx4VphmFeUa6OGuGJrFaIaYzDiLNu/"
+            "tyUPhD$U3q5GCEqCWxMwh.YQHDJrlg7FIZgViv9pcXE3h1vg61" },
+          { "CT=[9uUoGav,J`kU+348tA50ue#sL:ABZ3QgF+r[#vh:tTOiL>s8tv%,Jeo]jH/"
+            "_4^i(*jD-_ku[9Ko[=86 06V",
+            "$7$A6....2....R3.bjH6YS9wz9z8Jsj.3weGQ3J80ZZElGw2oVux1TP6$"
+            "i5u6lFzXDHaIgYEICinLD6WNaovbiXP8SnLrDRdKgA9" },
+          { "J#wNn`hDgOpTHNI.w^1a70%f,.9V_m038H_JIJQln`vdWnn/"
+            "rmILR?9H5g(+`;@H(2VosN9Fgk[WEjaBr'yB9Q19-imNa04[Mk5kvGcSn-TV",
+            "$7$B6....1....Dj1y.4mF1J9XmT/6IDskYdCLaPFJTq9xcCwXQ1DpT92$92/"
+            "hYfZLRq1nTLyIz.uc/dC6wLqwnsoqpkadrCXusm6" },
+          { "j4BS38Asa;p)[K+9TY!3YDj<LK-`nLVXQw9%*QfM",
+            "$7$B6....1....5Ods8mojVwXJq4AywF/uI9BdMSiJ/zT8hQP/"
+            "4cB68VC$nk4ExHNXJ802froj51/1wJTrSZvTIyyK7PecOxRRaz0" },
+          { "M.R>Qw+!qJb]>pP :_.9`dxM9k [eR7Y!yL-3)sNs[R,j_/^ "
+            "TH=5ny'15>6UXWcQW^6D%XCsO[vN[%ReA-`tV1vW(Nt*0KVK#]45P_A",
+            "$7$B6....1....D/"
+            "eyk8N5y6Z8YVQEsw521cTx.9zzLuK7YDs1KMMh.o4$alfW8ZbsUWnXc."
+            "vqon2zoljVk24Tt1.IsCuo2KurvS2" },
+          { "K3S=KyH#)36_?]LxeR8QNKw6X=gFb'ai$C%29V* "
+            "tyh^Wo$TN-#Q4qkmtTCf0LLb.^E$0uykkP",
+            "$7$B6....1....CuBuU97xgAage8whp/"
+            "JNKobo0TFbsORGVbfcQIefyP8$aqalP."
+            "XofGViB8EPLONqHma8vs1xc9uTIMYh9CgE.S8" },
+          { "Y0!?iQa9M%5ekffW(`",
+            "$7$A6....1....TrXs5Zk6s8sWHpQgWDIXTR8kUU3s6Jc3s.DtdS8M2i4$"
+            "a4ik5hGDN7foMuHOW.cp.CtX01UyCeO0.JAG.AHPpx5" },
+
+          /* Invalid pwhash strings */
+
+          { "Y0!?iQa9M%5ekffW(`",
+            "$7$A6....1....$TrXs5Zk6s8sWHpQgWDIXTR8kUU3s6Jc3s.DtdS8M2i4"
+            "a4ik5hGDN7foMuHOW.cp.CtX01UyCeO0.JAG.AHPpx5" },
+          { "Y0!?iQa9M%5ekffW(`",
+            "$7$.6....1....TrXs5Zk6s8sWHpQgWDIXTR8kUU3s6Jc3s.DtdS8M2i4$"
+            "a4ik5hGDN7foMuHOW.cp.CtX01UyCeO0.JAG.AHPpx5" },
+          { "Y0!?iQa9M%5ekffW(`",
+            "$7$A.....1....TrXs5Zk6s8sWHpQgWDIXTR8kUU3s6Jc3s.DtdS8M2i4$"
+            "a4ik5hGDN7foMuHOW.cp.CtX01UyCeO0.JAG.AHPpx5" },
+          { "Y0!?iQa9M%5ekffW(`",
+            "$7$A6.........TrXs5Zk6s8sWHpQgWDIXTR8kUU3s6Jc3s.DtdS8M2i4$"
+            "a4ik5hGDN7foMuHOW.cp.CtX01UyCeO0.JAG.AHPpx5" },
+          { "Y0!?iQa9M%5ekffW(`",
+            "$7$A6....1....TrXs5Zk6s8sWHpQgWDIXTR8kUU3s6Jc3s.DtdS8M2i44269$"
+            "a4ik5hGDN7foMuHOW.cp.CtX01UyCeO0.JAG.AH" },
+          { "Y0!?iQa9M%5ekffW(`",
+            "$7$A6....1....TrXs5Zk6s8sWHpQgWDIXTR8kUU3s6Jc3s.DtdS8M2i4$"
+            "a4ik5hGDN7foMuHOW.cp.CtX01UyCeO0.JAG.AHPpx54269" },
+          { "Y0!?iQa9M%5ekffW(`",
+            "$7^A6....1....TrXs5Zk6s8sWHpQgWDIXTR8kUU3s6Jc3s.DtdS8M2i4$"
+            "a4ik5hGDN7foMuHOW.cp.CtX01UyCeO0.JAG.AHPpx5" },
+          { "Y0!?iQa9M%5ekffW(`",
+            "$7$!6....1....TrXs5Zk6s8sWHpQgWDIXTR8kUU3s6Jc3s.DtdS8M2i4$"
+            "a4ik5hGDN7foMuHOW.cp.CtX01UyCeO0.JAG.AHPpx5" },
+          { "Y0!?iQa9M%5ekffW(`",
+            "$7$A!....1....TrXs5Zk6s8sWHpQgWDIXTR8kUU3s6Jc3s.DtdS8M2i4$"
+            "a4ik5hGDN7foMuHOW.cp.CtX01UyCeO0.JAG.AHPpx5" },
+          { "Y0!?iQa9M%5ekffW(`",
+            "$7$A6....!....TrXs5Zk6s8sWHpQgWDIXTR8kUU3s6Jc3s.DtdS8M2i4$"
+            "a4ik5hGDN7foMuHOW.cp.CtX01UyCeO0.JAG.AHPpx5" },
+          { "",
+            "$7$A6....1....TrXs5Zk6s8sWHpQgWDIXTR8kUU3s6Jc3s.DtdS8M2i4$"
+            "a4ik5hGDN7foMuHOW.cp.CtX01UyCeO0.JAG.AHPpx5" },
+          { "Y0!?iQa9M%5ekffW(`",
+            "$7fA6....1....TrXs5Zk6s8sWHpQgWDIXTR8kUU3s6Jc3s.DtdS8M2i4#"
+            "a4ik5hGDN7foMuHOW.cp.CtX01UyCeO0.JAG.AHPpx5" },
+          { "Y0!?iQa9M%5ekffW(`",
+            "$7$AX....1....TrXs5Zk6s8sWHpQgWDIXTR8kUU3s6Jc3s.DtdS8M2i4$"
+            "a4ik5hGDN7foMuHOW.cp.CtX01UyCeO0.JAG.AHPpx5" },
+          { "Y0!?iQa9M%5ekffW(`",
+            "$7$A6....1!...TrXs5Zk6s8sWHpQgWDIXTR8kUU3s6Jc3s.DtdS8M2i4$"
+            "a4ik5hGDN7foMuHOW.cp.CtX01UyCeO0.JAG.AHPpx5" },
+          { "Y0!?iQa9M%5ekffW(`",
+            "$7$A6....1" },
+          { "Y0!?iQa9M%5ekffW(`",
+            "$7$" },
+          { "Y0!?iQa9M%5ekffW(`",
+            "" },
+          { "Y0!?iQa9M%5ekffW(`",
+            "$7$A6....1....TrXs5Zk6s8sWHpQgWDIXTR8kUU3s6Jc3s.DtdS8M2i4$"
+            "" },
+      };
+    char *out;
+    char *passwd;
+    size_t i = 0U;
+
+    do {
+        out = (char *) sodium_malloc(strlen(tests[i].out) + 1U);
+        memcpy(out, tests[i].out, strlen(tests[i].out) + 1U);
+        passwd = (char *) sodium_malloc(strlen(tests[i].passwd) + 1U);
+        memcpy(passwd, tests[i].passwd, strlen(tests[i].passwd) + 1U);
+        if (crypto_pwhash_scryptsalsa208sha256_str_verify(
+                out, passwd, strlen(passwd)) != 0) {
+            printf("pwhash_str failure: [%u]\n", (unsigned int)i);
+        }
+        sodium_free(out);
+        sodium_free(passwd);
     } while (++i < (sizeof tests) / (sizeof tests[0]));
 }
 
@@ -84,43 +283,52 @@ static void tv2(void)
 
 int main(void)
 {
-    char           str_out[crypto_pwhash_scryptsalsa208sha256_STRBYTES];
-    char           str_out2[crypto_pwhash_scryptsalsa208sha256_STRBYTES];
-    unsigned char  out[OUT_LEN];
-    char           out_hex[OUT_LEN * 2 + 1];
-    const char    *salt = "[<~A 32-bytes salt for scrypt~>]";
-    const char    *passwd = "Correct Horse Battery Staple";
-    size_t         i;
+    char str_out[crypto_pwhash_scryptsalsa208sha256_STRBYTES];
+    char str_out2[crypto_pwhash_scryptsalsa208sha256_STRBYTES];
+    unsigned char out[OUT_LEN];
+    char out_hex[OUT_LEN * 2 + 1];
+    const char *salt = "[<~A 32-bytes salt for scrypt~>]";
+    const char *passwd = "Correct Horse Battery Staple";
+    size_t i;
 
     tv();
     tv2();
+    tv3();
     if (crypto_pwhash_scryptsalsa208sha256_str(str_out, passwd, strlen(passwd),
-                                                OPSLIMIT, MEMLIMIT) != 0) {
+                                               OPSLIMIT, MEMLIMIT) != 0) {
         printf("pwhash_str failure\n");
     }
     if (crypto_pwhash_scryptsalsa208sha256_str(str_out2, passwd, strlen(passwd),
-                                                OPSLIMIT, MEMLIMIT) != 0) {
+                                               OPSLIMIT, MEMLIMIT) != 0) {
         printf("pwhash_str(2) failure\n");
     }
     if (strcmp(str_out, str_out2) == 0) {
         printf("pwhash_str doesn't generate different salts\n");
     }
     if (crypto_pwhash_scryptsalsa208sha256_str_verify(str_out, passwd,
-                                                       strlen(passwd)) != 0) {
+                                                      strlen(passwd)) != 0) {
         printf("pwhash_str_verify failure\n");
     }
     if (crypto_pwhash_scryptsalsa208sha256_str_verify(str_out, passwd,
-                                                       strlen(passwd)) != 0) {
+                                                      strlen(passwd)) != 0) {
         printf("pwhash_str_verify failure\n");
     }
-    for (i = 14U; i < sizeof str_out; i++) {
-        str_out[i]++;
-        if (crypto_pwhash_scryptsalsa208sha256_str_verify(str_out, passwd,
-                                                           strlen(passwd)) == 0) {
-            printf("pwhash_str_verify(2) failure\n");
-        }
-        str_out[i]--;
+    str_out[14]++;
+    if (crypto_pwhash_scryptsalsa208sha256_str_verify(
+        str_out, passwd, strlen(passwd)) == 0) {
+        printf("pwhash_str_verify(2) failure\n");
     }
+    str_out[14]--;
+
+    assert(crypto_pwhash_scryptsalsa208sha256_saltbytes() > 0U);
+    assert(crypto_pwhash_scryptsalsa208sha256_strbytes() > 1U);
+    assert(crypto_pwhash_scryptsalsa208sha256_strbytes() >
+           strlen(crypto_pwhash_scryptsalsa208sha256_strprefix()));
+    assert(crypto_pwhash_scryptsalsa208sha256_opslimit_interactive() > 0U);
+    assert(crypto_pwhash_scryptsalsa208sha256_memlimit_interactive() > 0U);
+    assert(crypto_pwhash_scryptsalsa208sha256_opslimit_sensitive() > 0U);
+    assert(crypto_pwhash_scryptsalsa208sha256_memlimit_sensitive() > 0U);
+
     printf("OK\n");
 
     return 0;
diff --git a/test/default/pwhash.exp b/test/default/pwhash.exp
new file mode 100644
index 0000000..5c58d53
--- /dev/null
+++ b/test/default/pwhash.exp
@@ -0,0 +1,31 @@
+8d40f5f8c6a1791204f03e19a98cd74f918b6e331b39cfc2415e5014d7738b7bb0a83551fb14a035e07fdd4dc0c60c1a6822ac253918979f6324ff0c87cba75d3b91f88f41ca5414a0f152bdc4d636f42ab2250afd058c19ec31a3374d1bd7133289bf21513ff67cbf8482e626aee9864c58fd05f9ea02e508a10182b7d838157119866f072004987ef6c56683ed207705923921af9d76444a331a
+d985d4c278343a46d82af0c4268b7ae6b6d1d2dd289675ef45bfb6d0648bffe5bab8c91228f3a31b091154a9c1142670a07b92e70a298333066de07db9300e046fd7cacc99780804683df7babdfc9d019047178400b2875bde0a1ad824dda7a422d9ed48475af9a3876378dd3a2f206e34984e223afb82c0c1e4644c9a458f4666379fdd3e2d9206d87e3c32c3977f35826a27590baaa1ec1a3bd7d15a92bc84c95dcfc56c14fca7c4c9810162dfdf9dc08a191e79fe40250b7e07d3a9317d9a5cb56e1062c419a6cd6a9b73128e8ad79ab7efffbb3cc52c1f49f86d2ebb46e6e4846aecdb14c2d046f5380517ff8cc794e4a772a58b93083dad
+ee7e9e1369267ec555981f0ea088ff6f93953abfcb767d88ec3c46393d24cfbaba5e4e26e0f35b5d5259647748476d65cd8881c96f8cda049d9c877b2d33d932e67f4c0df2cb434b4b4900e0c49c3f8ba9663795420577e65d0b456201ad9162fbc485c7b44f2b34e6673aa3692c123021ee3b624c3bb22b808b89613d8ecc7b87da47f57152eb3f7b10ad206f6b09cb6935b347b5e42bc3b8c9c9bcd8d7b7c44929b367fc279dec48ea78e6ee3e2620d7459700bd0aedb1c9aa5a323ca94403927f5e5c2b73bda7c5c3287b62fe51874cfeb1dc3151cd886b26d83ece68833229d2d432798c602d85b0505947207d8430febbe901164b12ce
+1828b82997
+bcc5c2fd785e4781d1201ed43d84925537e2a540d3de55f5812f29e9dd0a4a00451a5c8ddbb4862c03d45c75bf91b7fb49265feb667ad5c899fdbf2ca19eac67aa5e48595d5b02f8183ab07f71b1ce0d76e5df54919f63810ad0893ded7d1ca18fc956ec06ffd4c3d1f77a00ed53608947b25eea5df6bea02272be15815f974c321a2a9208674fdf59d1d798c2a12f1889df68b0c222b37ee9ef0d6391fc160b0281ec53073cb3a3706ce1d71c3af2f5237a1b3d8545d99012eecc0b4abb
+82765c040c58c1810f8c053ef5c248556299385476bde44bdd91a0d9a239f24e9b1717fd8b23209ffa45b7aa7937296c601b79e77da99e8d2fda0ea4459be2d0900f5bc5a269b5488d873d4632d1baf75965e509ee24b12501a9ce3bbbd8b7d759987d545a1c221a363195e5802d768b3b9e00ebe5ac0ed8ad2362c1c4157b910a40f94adf2561a2b0d3e65dbb06f244e5ac44d362103df54c9b9175777b3db1cdadb03e977ab8a79baf1e1e18ec9f5d0f25c487ddc53d7e81910f83576b44e9caeece26e2eb376569ad3a8cdccbde8bc355210e
+ca9216d4127e2e4a6ee3584b49be106217bb61cc807016d46d0cfbb1fd722e2bbac33541386bdfeac41a299ead22790993fcaa8e1d23bd1c8426afa5ff4c08e731dc476ef834f142c32dfb2c1be12b9978802e63b2cd6f226b1a8df59f0c79154d7ef4296a68ec654538d987104f9a11aca1b7c83ab2ed8fd69da6b88f0bcbd27d3fea01329cecf10c57ec3ba163d57b38801bd6c3b31ce527b33717bb56a46f78fb96be9f2424a21b3284232388cbba6a74
+2732a7566023c8db90a5fdd08dbe6c1b5e70c046d50c5735c8d86a589ba177f69db12d6cc3596319fa27c9e063ed05b8a31970a07dc905
+d7b1ef464be03ce9050b5108e25f0b8e821299986fe0ff89e17fbae65ba9fad167fbd265866ac03efc86ab0b50d46d6740a59adf5949b44f7f9f3ac3f3d4cc9f128966db9099deb1b6b78505242b2401a193820408eb0780b27162ebafb7c505b0e7c32ce66c6efc0be487008c1201454680498a2fc06e00b454e0b20933906bbb0e43b399b9ee46d882f107df1ebdd1e7cd867c9cdba6015b7e80064ae8b3417d969524bec046e782a13b125f058cd36b5d1ae65886ae7caab45a6d98651ada435b8ee11d5c1224232f5f515df974138dd6cf347b730481d4b073af8ff0394fe9f0b8cdfd99f5
+1839be14287053bfcd4ea60db82777fad1a6e9535c388b770743e61235449e668717199defd516c438b3ebd79b3529eb32482ef414525292ea1bbec09da10790a2330a4399f2fe6dd63d80954e3c547a5f1c619db5a30bde495b23f2214b4fa7572851d75246f2817775f0b521acc6efbc7832c9a76de7465e3c65cade88e86c973f85a882bb54f92b983977c6e937c88f083ba68c70fb49497065b158e2e789809b1d4cc9ec2d
+d54916748076b9d9f72198c8fbef563462dc8c706e1ad38abd1fac570016721acd0a7659ab49a47299a996b43597690c0c947143069f35d83e606273dbf2d622321393949b8ed5a68315362c4f84804384d05e0e0e86bc00e3641233f9f975ab46b60ba185c5e5fe47f78efd207e69fd8f6390730828b93b9b3763ea1283caa03bc36726763715de811915681dd214524f5ad4dd386608cac6c7f2
+d54916748076b9d9f72198c8fbef563462dc8c706e1ad38abd1fac570016721acd0a7659ab49a47299a996b43597690c0c947143069f35d83e606273dbf2d622321393949b8ed5a68315362c4f84804384d05e0e0e86bc00e3641233f9f975ab46b60ba185c5e5fe47f78efd207e69fd8f6390730828b93b9b3763ea1283caa03bc36726763715de811915681dd214524f5ad4dd386608cac6c7f2
+pwhash_str failure: [10]
+pwhash_str failure: [11]
+pwhash_str failure: [12]
+pwhash_str failure: [13]
+pwhash_str failure: [14]
+pwhash_str failure: [15]
+pwhash_str failure: [16]
+pwhash_str failure: [17]
+pwhash_str failure: [18]
+pwhash_str failure: [19]
+pwhash_str failure: [20]
+pwhash_str failure: [21]
+pwhash_str failure: [22]
+pwhash_str failure: [23]
+pwhash_str failure: [24]
+pwhash_str failure: [25]
+pwhash_str failure: [26]
+pwhash_str failure: [27]
+OK
diff --git a/test/default/pwhash_scrypt_ll.c b/test/default/pwhash_scrypt_ll.c
index db72e4e..9b3951a 100644
--- a/test/default/pwhash_scrypt_ll.c
+++ b/test/default/pwhash_scrypt_ll.c
@@ -1,6 +1,3 @@
-#include <stdio.h>
-#include <stdint.h>
-#include <string.h>
 
 #define TEST_NAME "pwhash_scrypt_ll"
 #include "cmptest.h"
@@ -9,47 +6,44 @@
 
 static const char *password1 = "";
 static const char *salt1 = "";
-static uint64_t    N1 = 16U;
-static uint32_t    r1 = 1U;
-static uint32_t    p1 = 1U;
+static uint64_t N1 = 16U;
+static uint32_t r1 = 1U;
+static uint32_t p1 = 1U;
 
 static const char *password2 = "password";
 static const char *salt2 = "NaCl";
-static uint64_t    N2 = 1024U;
-static uint32_t    r2 = 8U;
-static uint32_t    p2 = 16U;
+static uint64_t N2 = 1024U;
+static uint32_t r2 = 8U;
+static uint32_t p2 = 16U;
 
 static const char *password3 = "pleaseletmein";
-static const char *salt3  = "SodiumChloride";
-static uint64_t    N3 = 16384U;
-static uint32_t    r3 = 8U;
-static uint32_t    p3 = 1U;
+static const char *salt3 = "SodiumChloride";
+static uint64_t N3 = 16384U;
+static uint32_t r3 = 8U;
+static uint32_t p3 = 1U;
 
-static void test_vector(const char *password, const char *salt,
-                        uint64_t N, uint32_t r, uint32_t p)
+static void test_vector(const char *password, const char *salt, uint64_t N,
+                        uint32_t r, uint32_t p)
 {
     uint8_t data[64];
-    size_t  i;
-    size_t  olen = (sizeof data / sizeof data[0]);
-    size_t  passwordLength = strlen(password);
-    size_t  saltLenght = strlen(salt);
-    int     lineitems = 0;
-    int     lineitemsLimit = 15;
-
-    if (crypto_pwhash_scryptsalsa208sha256_ll((const uint8_t *) password,
-                                              passwordLength,
-                                              (const uint8_t *) salt,
-                                              saltLenght,
-                                              N, r, p, data, olen) != 0) {
-        printf("pwhash_scryptsalsa208sha256_ll([%s],[%s]) failure\n",
-               password, salt);
+    size_t i;
+    size_t olen = (sizeof data / sizeof data[0]);
+    size_t passwordLength = strlen(password);
+    size_t saltLenght = strlen(salt);
+    int lineitems = 0;
+    int lineitemsLimit = 15;
+
+    if (crypto_pwhash_scryptsalsa208sha256_ll(
+            (const uint8_t *)password, passwordLength, (const uint8_t *)salt,
+            saltLenght, N, r, p, data, olen) != 0) {
+        printf("pwhash_scryptsalsa208sha256_ll([%s],[%s]) failure\n", password,
+               salt);
         return;
     }
 
-    printf("scrypt('%s', '%s', %llu, %lu, %lu, %lu) =\n",
-           password, salt,
-           (unsigned long long) N, (unsigned long) r, (unsigned long) p,
-           (unsigned long) olen);
+    printf("scrypt('%s', '%s', %llu, %lu, %lu, %lu) =\n", password, salt,
+           (unsigned long long)N, (unsigned long)r, (unsigned long)p,
+           (unsigned long)olen);
 
     for (i = 0; i < olen; ++i) {
         printf("%02x%c", data[i], lineitems < lineitemsLimit ? ' ' : '\n');
@@ -59,9 +53,9 @@ static void test_vector(const char *password, const char *salt,
 
 int main(void)
 {
-   test_vector(password1, salt1, N1, r1, p1);
-   test_vector(password2, salt2, N2, r2, p2);
-   test_vector(password3, salt3, N3, r3, p3);
+    test_vector(password1, salt1, N1, r1, p1);
+    test_vector(password2, salt2, N2, r2, p2);
+    test_vector(password3, salt3, N3, r3, p3);
 
-   return 0;
+    return 0;
 }
diff --git a/test/default/pwhash_scrypt_ll.exp b/test/default/pwhash_scrypt_ll.exp
new file mode 100644
index 0000000..9b7f6a7
--- /dev/null
+++ b/test/default/pwhash_scrypt_ll.exp
@@ -0,0 +1,15 @@
+scrypt('', '', 16, 1, 1, 64) =
+77 d6 57 62 38 65 7b 20 3b 19 ca 42 c1 8a 04 97
+f1 6b 48 44 e3 07 4a e8 df df fa 3f ed e2 14 42
+fc d0 06 9d ed 09 48 f8 32 6a 75 3a 0f c8 1f 17
+e8 d3 e0 fb 2e 0d 36 28 cf 35 e2 0c 38 d1 89 06
+scrypt('password', 'NaCl', 1024, 8, 16, 64) =
+fd ba be 1c 9d 34 72 00 78 56 e7 19 0d 01 e9 fe
+7c 6a d7 cb c8 23 78 30 e7 73 76 63 4b 37 31 62
+2e af 30 d9 2e 22 a3 88 6f f1 09 27 9d 98 30 da
+c7 27 af b9 4a 83 ee 6d 83 60 cb df a2 cc 06 40
+scrypt('pleaseletmein', 'SodiumChloride', 16384, 8, 1, 64) =
+70 23 bd cb 3a fd 73 48 46 1c 06 cd 81 fd 38 eb
+fd a8 fb ba 90 4f 8e 3e a9 b5 43 f6 54 5d a1 f2
+d5 43 29 55 61 3f 0f cf 62 d4 97 05 24 2a 9a f9
+e6 1e 85 dc 0d 65 1e 40 df cf 01 7b 45 57 58 87
diff --git a/test/default/randombytes.c b/test/default/randombytes.c
index f805c47..f9f337f 100644
--- a/test/default/randombytes.c
+++ b/test/default/randombytes.c
@@ -1,16 +1,93 @@
-#include "randombytes.h"
+
+#define TEST_NAME "randombytes"
+#include "cmptest.h"
 
 unsigned char x[65536];
 unsigned long long freq[256];
 
-int main(void)
+static int compat_tests(void)
 {
-  unsigned long long i;
+    size_t i;
+
+    memset(x, 0, sizeof x);
+    randombytes(x, sizeof x);
+    for (i = 0; i < 256; ++i) {
+        freq[i] = 0;
+    }
+    for (i = 0; i < sizeof x; ++i) {
+        ++freq[255 & (int)x[i]];
+    }
+    for (i = 0; i < 256; ++i) {
+        if (!freq[i]) {
+            printf("nacl_tests failed\n");
+        }
+    }
+    return 0;
+}
+
+static int randombytes_tests(void)
+{
+    unsigned int i;
+
+    assert(strcmp(randombytes_implementation_name(), "sysrandom") == 0);
 
-  randombytes(x,sizeof x);
-  for (i = 0;i < 256;++i) freq[i] = 0;
-  for (i = 0;i < sizeof x;++i) ++freq[255 & (int) x[i]];
-  for (i = 0;i < 256;++i) if (!freq[i]) return 111;
+    randombytes(x, 1U);
+    randombytes_close();
+
+    for (i = 0; i < 256; ++i) {
+        freq[i] = 0;
+    }
+    for (i = 0; i < 65536; ++i) {
+        ++freq[randombytes_uniform(256)];
+    }
+    for (i = 0; i < 256; ++i) {
+        if (!freq[i]) {
+            printf("randombytes_uniform() test failed\n");
+        }
+    }
+    assert(randombytes_uniform(1U) == 0U);
+    randombytes_close();
+    randombytes_set_implementation(&randombytes_salsa20_implementation);
+    assert(strcmp(randombytes_implementation_name(), "salsa20") == 0);
+    randombytes_stir();
+    for (i = 0; i < 256; ++i) {
+        freq[i] = 0;
+    }
+    for (i = 0; i < 65536; ++i) {
+        ++freq[randombytes_uniform(256)];
+    }
+    for (i = 0; i < 256; ++i) {
+        if (!freq[i]) {
+            printf("randombytes_uniform() test failed\n");
+        }
+    }
+    memset(x, 0, sizeof x);
+    randombytes_buf(x, sizeof x);
+    for (i = 0; i < 256; ++i) {
+        freq[i] = 0;
+    }
+    for (i = 0; i < sizeof x; ++i) {
+        ++freq[255 & (int)x[i]];
+    }
+    for (i = 0; i < 256; ++i) {
+        if (!freq[i]) {
+            printf("randombytes_buf() test failed\n");
+        }
+    }
+    assert(randombytes_uniform(1U) == 0U);
+    randombytes_close();
+
+    randombytes(x, 1U);
+    randombytes_close();
+
+    return 0;
+}
+
+int main(void)
+{
+    compat_tests();
+    randombytes_tests();
+    printf("OK\n");
 
-  return 0;
+    return 0;
 }
diff --git a/test/default/randombytes.exp b/test/default/randombytes.exp
new file mode 100644
index 0000000..d86bac9
--- /dev/null
+++ b/test/default/randombytes.exp
@@ -0,0 +1 @@
+OK
diff --git a/test/default/scalarmult.c b/test/default/scalarmult.c
index 957bc9c..f931555 100644
--- a/test/default/scalarmult.c
+++ b/test/default/scalarmult.c
@@ -1,25 +1,38 @@
-#include <stdio.h>
 
 #define TEST_NAME "scalarmult"
 #include "cmptest.h"
 
-unsigned char alicesk[32] = {
- 0x77,0x07,0x6d,0x0a,0x73,0x18,0xa5,0x7d
-,0x3c,0x16,0xc1,0x72,0x51,0xb2,0x66,0x45
-,0xdf,0x4c,0x2f,0x87,0xeb,0xc0,0x99,0x2a
-,0xb1,0x77,0xfb,0xa5,0x1d,0xb9,0x2c,0x2a
-} ;
+unsigned char alicesk[32]
+    = { 0x77, 0x07, 0x6d, 0x0a, 0x73, 0x18, 0xa5, 0x7d, 0x3c, 0x16, 0xc1,
+        0x72, 0x51, 0xb2, 0x66, 0x45, 0xdf, 0x4c, 0x2f, 0x87, 0xeb, 0xc0,
+        0x99, 0x2a, 0xb1, 0x77, 0xfb, 0xa5, 0x1d, 0xb9, 0x2c, 0x2a };
 
 unsigned char alicepk[32];
 
 int main(void)
 {
-  int i;
-  crypto_scalarmult_curve25519_base(alicepk,alicesk);
-  for (i = 0;i < 32;++i) {
-    if (i > 0) printf(","); else printf(" ");
-    printf("0x%02x",(unsigned int) alicepk[i]);
-    if (i % 8 == 7) printf("\n");
-  }
-  return 0;
+    int i;
+
+    crypto_scalarmult_base(alicepk, alicesk);
+
+    for (i = 0; i < 32; ++i) {
+        if (i > 0) {
+            printf(",");
+        } else {
+            printf(" ");
+        }
+        printf("0x%02x", (unsigned int)alicepk[i]);
+        if (i % 8 == 7) {
+            printf("\n");
+        }
+    }
+    assert(crypto_scalarmult_bytes() > 0U);
+    assert(crypto_scalarmult_scalarbytes() > 0U);
+    assert(strcmp(crypto_scalarmult_primitive(), "curve25519") == 0);
+    assert(crypto_scalarmult_bytes() == crypto_scalarmult_curve25519_bytes());
+    assert(crypto_scalarmult_scalarbytes()
+           == crypto_scalarmult_curve25519_scalarbytes());
+    assert(crypto_scalarmult_bytes() == crypto_scalarmult_scalarbytes());
+
+    return 0;
 }
diff --git a/test/default/scalarmult.exp b/test/default/scalarmult.exp
new file mode 100644
index 0000000..ddd130d
--- /dev/null
+++ b/test/default/scalarmult.exp
@@ -0,0 +1,4 @@
+ 0x85,0x20,0xf0,0x09,0x89,0x30,0xa7,0x54
+,0x74,0x8b,0x7d,0xdc,0xb4,0x3e,0xf7,0x5a
+,0x0d,0xbf,0x3a,0x0d,0x26,0x38,0x1a,0xf4
+,0xeb,0xa4,0xa9,0x8e,0xaa,0x9b,0x4e,0x6a
diff --git a/test/default/scalarmult2.c b/test/default/scalarmult2.c
index 93a37d0..b5593df 100644
--- a/test/default/scalarmult2.c
+++ b/test/default/scalarmult2.c
@@ -1,25 +1,30 @@
-#include <stdio.h>
 
 #define TEST_NAME "scalarmult2"
 #include "cmptest.h"
 
-unsigned char bobsk[32] = {
- 0x5d,0xab,0x08,0x7e,0x62,0x4a,0x8a,0x4b
-,0x79,0xe1,0x7f,0x8b,0x83,0x80,0x0e,0xe6
-,0x6f,0x3b,0xb1,0x29,0x26,0x18,0xb6,0xfd
-,0x1c,0x2f,0x8b,0x27,0xff,0x88,0xe0,0xeb
-} ;
+unsigned char bobsk[32]
+    = { 0x5d, 0xab, 0x08, 0x7e, 0x62, 0x4a, 0x8a, 0x4b, 0x79, 0xe1, 0x7f,
+        0x8b, 0x83, 0x80, 0x0e, 0xe6, 0x6f, 0x3b, 0xb1, 0x29, 0x26, 0x18,
+        0xb6, 0xfd, 0x1c, 0x2f, 0x8b, 0x27, 0xff, 0x88, 0xe0, 0xeb };
 
 unsigned char bobpk[32];
 
 int main(void)
 {
-  int i;
-  crypto_scalarmult_curve25519_base(bobpk,bobsk);
-  for (i = 0;i < 32;++i) {
-    if (i > 0) printf(","); else printf(" ");
-    printf("0x%02x",(unsigned int) bobpk[i]);
-    if (i % 8 == 7) printf("\n");
-  }
-  return 0;
+    int i;
+
+    crypto_scalarmult_base(bobpk, bobsk);
+
+    for (i = 0; i < 32; ++i) {
+        if (i > 0) {
+            printf(",");
+        } else {
+            printf(" ");
+        }
+        printf("0x%02x", (unsigned int)bobpk[i]);
+        if (i % 8 == 7) {
+            printf("\n");
+        }
+    }
+    return 0;
 }
diff --git a/test/default/scalarmult2.exp b/test/default/scalarmult2.exp
new file mode 100644
index 0000000..b539186
--- /dev/null
+++ b/test/default/scalarmult2.exp
@@ -0,0 +1,4 @@
+ 0xde,0x9e,0xdb,0x7d,0x7b,0x7d,0xc1,0xb4
+,0xd3,0x5b,0x61,0xc2,0xec,0xe4,0x35,0x37
+,0x3f,0x83,0x43,0xc8,0x5b,0x78,0x67,0x4d
+,0xad,0xfc,0x7e,0x14,0x6f,0x88,0x2b,0x4f
diff --git a/test/default/scalarmult5.c b/test/default/scalarmult5.c
index b6852a9..3dc6977 100644
--- a/test/default/scalarmult5.c
+++ b/test/default/scalarmult5.c
@@ -1,32 +1,35 @@
-#include <stdio.h>
 
 #define TEST_NAME "scalarmult5"
 #include "cmptest.h"
 
-unsigned char alicesk[32] = {
- 0x77,0x07,0x6d,0x0a,0x73,0x18,0xa5,0x7d
-,0x3c,0x16,0xc1,0x72,0x51,0xb2,0x66,0x45
-,0xdf,0x4c,0x2f,0x87,0xeb,0xc0,0x99,0x2a
-,0xb1,0x77,0xfb,0xa5,0x1d,0xb9,0x2c,0x2a
-} ;
+unsigned char alicesk[32]
+    = { 0x77, 0x07, 0x6d, 0x0a, 0x73, 0x18, 0xa5, 0x7d, 0x3c, 0x16, 0xc1,
+        0x72, 0x51, 0xb2, 0x66, 0x45, 0xdf, 0x4c, 0x2f, 0x87, 0xeb, 0xc0,
+        0x99, 0x2a, 0xb1, 0x77, 0xfb, 0xa5, 0x1d, 0xb9, 0x2c, 0x2a };
 
-unsigned char bobpk[32] = {
- 0xde,0x9e,0xdb,0x7d,0x7b,0x7d,0xc1,0xb4
-,0xd3,0x5b,0x61,0xc2,0xec,0xe4,0x35,0x37
-,0x3f,0x83,0x43,0xc8,0x5b,0x78,0x67,0x4d
-,0xad,0xfc,0x7e,0x14,0x6f,0x88,0x2b,0x4f
-} ;
+unsigned char bobpk[32]
+    = { 0xde, 0x9e, 0xdb, 0x7d, 0x7b, 0x7d, 0xc1, 0xb4, 0xd3, 0x5b, 0x61,
+        0xc2, 0xec, 0xe4, 0x35, 0x37, 0x3f, 0x83, 0x43, 0xc8, 0x5b, 0x78,
+        0x67, 0x4d, 0xad, 0xfc, 0x7e, 0x14, 0x6f, 0x88, 0x2b, 0x4f };
 
 unsigned char k[32];
 
 int main(void)
 {
-  int i;
-  crypto_scalarmult_curve25519(k,alicesk,bobpk);
-  for (i = 0;i < 32;++i) {
-    if (i > 0) printf(","); else printf(" ");
-    printf("0x%02x",(unsigned int) k[i]);
-    if (i % 8 == 7) printf("\n");
-  }
-  return 0;
+    int i;
+
+    crypto_scalarmult(k, alicesk, bobpk);
+
+    for (i = 0; i < 32; ++i) {
+        if (i > 0) {
+            printf(",");
+        } else {
+            printf(" ");
+        }
+        printf("0x%02x", (unsigned int)k[i]);
+        if (i % 8 == 7) {
+            printf("\n");
+        }
+    }
+    return 0;
 }
diff --git a/test/default/scalarmult5.exp b/test/default/scalarmult5.exp
new file mode 100644
index 0000000..bec2113
--- /dev/null
+++ b/test/default/scalarmult5.exp
@@ -0,0 +1,4 @@
+ 0x4a,0x5d,0x9d,0x5b,0xa4,0xce,0x2d,0xe1
+,0x72,0x8e,0x3b,0xf4,0x80,0x35,0x0f,0x25
+,0xe0,0x7e,0x21,0xc9,0x47,0xd1,0x9e,0x33
+,0x76,0xf0,0x9b,0x3c,0x1e,0x16,0x17,0x42
diff --git a/test/default/scalarmult6.c b/test/default/scalarmult6.c
index c1ac885..6b4e576 100644
--- a/test/default/scalarmult6.c
+++ b/test/default/scalarmult6.c
@@ -1,32 +1,35 @@
-#include <stdio.h>
 
 #define TEST_NAME "scalarmult6"
 #include "cmptest.h"
 
-unsigned char bobsk[32] = {
- 0x5d,0xab,0x08,0x7e,0x62,0x4a,0x8a,0x4b
-,0x79,0xe1,0x7f,0x8b,0x83,0x80,0x0e,0xe6
-,0x6f,0x3b,0xb1,0x29,0x26,0x18,0xb6,0xfd
-,0x1c,0x2f,0x8b,0x27,0xff,0x88,0xe0,0xeb
-} ;
+unsigned char bobsk[32]
+    = { 0x5d, 0xab, 0x08, 0x7e, 0x62, 0x4a, 0x8a, 0x4b, 0x79, 0xe1, 0x7f,
+        0x8b, 0x83, 0x80, 0x0e, 0xe6, 0x6f, 0x3b, 0xb1, 0x29, 0x26, 0x18,
+        0xb6, 0xfd, 0x1c, 0x2f, 0x8b, 0x27, 0xff, 0x88, 0xe0, 0xeb };
 
-unsigned char alicepk[32] = {
- 0x85,0x20,0xf0,0x09,0x89,0x30,0xa7,0x54
-,0x74,0x8b,0x7d,0xdc,0xb4,0x3e,0xf7,0x5a
-,0x0d,0xbf,0x3a,0x0d,0x26,0x38,0x1a,0xf4
-,0xeb,0xa4,0xa9,0x8e,0xaa,0x9b,0x4e,0x6a
-} ;
+unsigned char alicepk[32]
+    = { 0x85, 0x20, 0xf0, 0x09, 0x89, 0x30, 0xa7, 0x54, 0x74, 0x8b, 0x7d,
+        0xdc, 0xb4, 0x3e, 0xf7, 0x5a, 0x0d, 0xbf, 0x3a, 0x0d, 0x26, 0x38,
+        0x1a, 0xf4, 0xeb, 0xa4, 0xa9, 0x8e, 0xaa, 0x9b, 0x4e, 0x6a };
 
 unsigned char k[32];
 
 int main(void)
 {
-  int i;
-  crypto_scalarmult_curve25519(k,bobsk,alicepk);
-  for (i = 0;i < 32;++i) {
-    if (i > 0) printf(","); else printf(" ");
-    printf("0x%02x",(unsigned int) k[i]);
-    if (i % 8 == 7) printf("\n");
-  }
-  return 0;
+    int i;
+
+    crypto_scalarmult(k, bobsk, alicepk);
+
+    for (i = 0; i < 32; ++i) {
+        if (i > 0) {
+            printf(",");
+        } else {
+            printf(" ");
+        }
+        printf("0x%02x", (unsigned int)k[i]);
+        if (i % 8 == 7) {
+            printf("\n");
+        }
+    }
+    return 0;
 }
diff --git a/test/default/scalarmult6.exp b/test/default/scalarmult6.exp
new file mode 100644
index 0000000..bec2113
--- /dev/null
+++ b/test/default/scalarmult6.exp
@@ -0,0 +1,4 @@
+ 0x4a,0x5d,0x9d,0x5b,0xa4,0xce,0x2d,0xe1
+,0x72,0x8e,0x3b,0xf4,0x80,0x35,0x0f,0x25
+,0xe0,0x7e,0x21,0xc9,0x47,0xd1,0x9e,0x33
+,0x76,0xf0,0x9b,0x3c,0x1e,0x16,0x17,0x42
diff --git a/test/default/scalarmult7.c b/test/default/scalarmult7.c
new file mode 100644
index 0000000..e83493e
--- /dev/null
+++ b/test/default/scalarmult7.c
@@ -0,0 +1,31 @@
+
+#define TEST_NAME "scalarmult7"
+#include "cmptest.h"
+
+unsigned char p1[32] = {
+    0x72, 0x20, 0xf0, 0x09, 0x89, 0x30, 0xa7, 0x54,
+    0x74, 0x8b, 0x7d, 0xdc, 0xb4, 0x3e, 0xf7, 0x5a,
+    0x0d, 0xbf, 0x3a, 0x0d, 0x26, 0x38, 0x1a, 0xf4,
+    0xeb, 0xa4, 0xa9, 0x8e, 0xaa, 0x9b, 0x4e, 0xea
+};
+
+unsigned char p2[32] = {
+    0x85, 0x20, 0xf0, 0x09, 0x89, 0x30, 0xa7, 0x54,
+    0x74, 0x8b, 0x7d, 0xdc, 0xb4, 0x3e, 0xf7, 0x5a,
+    0x0d, 0xbf, 0x3a, 0x0d, 0x26, 0x38, 0x1a, 0xf4,
+    0xeb, 0xa4, 0xa9, 0x8e, 0xaa, 0x9b, 0x4e, 0x6a
+};
+
+unsigned char scalar[32];
+unsigned char out1[32];
+unsigned char out2[32];
+
+int main(void)
+{
+    scalar[0] = 1U;
+    crypto_scalarmult_curve25519(out1, scalar, p1);
+    crypto_scalarmult_curve25519(out2, scalar, p2);
+    printf("%d\n", !!memcmp(out1, out2, 32));
+
+    return 0;
+}
diff --git a/test/default/scalarmult7.exp b/test/default/scalarmult7.exp
new file mode 100644
index 0000000..d00491f
--- /dev/null
+++ b/test/default/scalarmult7.exp
@@ -0,0 +1 @@
+1
diff --git a/test/default/secretbox.c b/test/default/secretbox.c
index 485a97a..6a06b29 100644
--- a/test/default/secretbox.c
+++ b/test/default/secretbox.c
@@ -1,58 +1,63 @@
-#include <stdio.h>
 
 #define TEST_NAME "secretbox"
 #include "cmptest.h"
 
-unsigned char firstkey[32] = {
- 0x1b,0x27,0x55,0x64,0x73,0xe9,0x85,0xd4
-,0x62,0xcd,0x51,0x19,0x7a,0x9a,0x46,0xc7
-,0x60,0x09,0x54,0x9e,0xac,0x64,0x74,0xf2
-,0x06,0xc4,0xee,0x08,0x44,0xf6,0x83,0x89
-} ;
+unsigned char firstkey[32]
+    = { 0x1b, 0x27, 0x55, 0x64, 0x73, 0xe9, 0x85, 0xd4, 0x62, 0xcd, 0x51,
+        0x19, 0x7a, 0x9a, 0x46, 0xc7, 0x60, 0x09, 0x54, 0x9e, 0xac, 0x64,
+        0x74, 0xf2, 0x06, 0xc4, 0xee, 0x08, 0x44, 0xf6, 0x83, 0x89 };
 
-unsigned char nonce[24] = {
- 0x69,0x69,0x6e,0xe9,0x55,0xb6,0x2b,0x73
-,0xcd,0x62,0xbd,0xa8,0x75,0xfc,0x73,0xd6
-,0x82,0x19,0xe0,0x03,0x6b,0x7a,0x0b,0x37
-} ;
+unsigned char nonce[24] = { 0x69, 0x69, 0x6e, 0xe9, 0x55, 0xb6, 0x2b, 0x73,
+                            0xcd, 0x62, 0xbd, 0xa8, 0x75, 0xfc, 0x73, 0xd6,
+                            0x82, 0x19, 0xe0, 0x03, 0x6b, 0x7a, 0x0b, 0x37 };
 
 // API requires first 32 bytes to be 0
-unsigned char m[163] = {
-    0,   0,   0,   0,   0,   0,   0,   0
-,   0,   0,   0,   0,   0,   0,   0,   0
-,   0,   0,   0,   0,   0,   0,   0,   0
-,   0,   0,   0,   0,   0,   0,   0,   0
-,0xbe,0x07,0x5f,0xc5,0x3c,0x81,0xf2,0xd5
-,0xcf,0x14,0x13,0x16,0xeb,0xeb,0x0c,0x7b
-,0x52,0x28,0xc5,0x2a,0x4c,0x62,0xcb,0xd4
-,0x4b,0x66,0x84,0x9b,0x64,0x24,0x4f,0xfc
-,0xe5,0xec,0xba,0xaf,0x33,0xbd,0x75,0x1a
-,0x1a,0xc7,0x28,0xd4,0x5e,0x6c,0x61,0x29
-,0x6c,0xdc,0x3c,0x01,0x23,0x35,0x61,0xf4
-,0x1d,0xb6,0x6c,0xce,0x31,0x4a,0xdb,0x31
-,0x0e,0x3b,0xe8,0x25,0x0c,0x46,0xf0,0x6d
-,0xce,0xea,0x3a,0x7f,0xa1,0x34,0x80,0x57
-,0xe2,0xf6,0x55,0x6a,0xd6,0xb1,0x31,0x8a
-,0x02,0x4a,0x83,0x8f,0x21,0xaf,0x1f,0xde
-,0x04,0x89,0x77,0xeb,0x48,0xf5,0x9f,0xfd
-,0x49,0x24,0xca,0x1c,0x60,0x90,0x2e,0x52
-,0xf0,0xa0,0x89,0xbc,0x76,0x89,0x70,0x40
-,0xe0,0x82,0xf9,0x37,0x76,0x38,0x48,0x64
-,0x5e,0x07,0x05
-} ;
+unsigned char m[163]
+    = { 0,    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+        0,    0,    0,    0,    0,    0,    0,    0,    0xbe, 0x07, 0x5f, 0xc5,
+        0x3c, 0x81, 0xf2, 0xd5, 0xcf, 0x14, 0x13, 0x16, 0xeb, 0xeb, 0x0c, 0x7b,
+        0x52, 0x28, 0xc5, 0x2a, 0x4c, 0x62, 0xcb, 0xd4, 0x4b, 0x66, 0x84, 0x9b,
+        0x64, 0x24, 0x4f, 0xfc, 0xe5, 0xec, 0xba, 0xaf, 0x33, 0xbd, 0x75, 0x1a,
+        0x1a, 0xc7, 0x28, 0xd4, 0x5e, 0x6c, 0x61, 0x29, 0x6c, 0xdc, 0x3c, 0x01,
+        0x23, 0x35, 0x61, 0xf4, 0x1d, 0xb6, 0x6c, 0xce, 0x31, 0x4a, 0xdb, 0x31,
+        0x0e, 0x3b, 0xe8, 0x25, 0x0c, 0x46, 0xf0, 0x6d, 0xce, 0xea, 0x3a, 0x7f,
+        0xa1, 0x34, 0x80, 0x57, 0xe2, 0xf6, 0x55, 0x6a, 0xd6, 0xb1, 0x31, 0x8a,
+        0x02, 0x4a, 0x83, 0x8f, 0x21, 0xaf, 0x1f, 0xde, 0x04, 0x89, 0x77, 0xeb,
+        0x48, 0xf5, 0x9f, 0xfd, 0x49, 0x24, 0xca, 0x1c, 0x60, 0x90, 0x2e, 0x52,
+        0xf0, 0xa0, 0x89, 0xbc, 0x76, 0x89, 0x70, 0x40, 0xe0, 0x82, 0xf9, 0x37,
+        0x76, 0x38, 0x48, 0x64, 0x5e, 0x07, 0x05 };
 
 unsigned char c[163];
 
 int main(void)
 {
-  int i;
-  crypto_secretbox_xsalsa20poly1305(
-    c,m,163,nonce,firstkey
-  );
-  for (i = 16;i < 163;++i) {
-    printf(",0x%02x",(unsigned int) c[i]);
-    if (i % 8 == 7) printf("\n");
-  }
-  printf("\n");
-  return 0;
+    int i;
+
+    crypto_secretbox(c, m, 163, nonce, firstkey);
+    for (i = 16; i < 163; ++i) {
+        printf(",0x%02x", (unsigned int)c[i]);
+        if (i % 8 == 7)
+            printf("\n");
+    }
+    printf("\n");
+
+    assert(crypto_secretbox_keybytes() > 0U);
+    assert(crypto_secretbox_noncebytes() > 0U);
+    assert(crypto_secretbox_zerobytes() > 0U);
+    assert(crypto_secretbox_boxzerobytes() > 0U);
+    assert(crypto_secretbox_macbytes() > 0U);
+    assert(strcmp(crypto_secretbox_primitive(), "xsalsa20poly1305") == 0);
+    assert(crypto_secretbox_keybytes()
+           == crypto_secretbox_xsalsa20poly1305_keybytes());
+    assert(crypto_secretbox_noncebytes()
+           == crypto_secretbox_xsalsa20poly1305_noncebytes());
+    assert(crypto_secretbox_zerobytes()
+           == crypto_secretbox_xsalsa20poly1305_zerobytes());
+    assert(crypto_secretbox_boxzerobytes()
+           == crypto_secretbox_xsalsa20poly1305_boxzerobytes());
+    assert(crypto_secretbox_macbytes()
+           == crypto_secretbox_xsalsa20poly1305_macbytes());
+
+    return 0;
 }
diff --git a/test/default/secretbox.exp b/test/default/secretbox.exp
new file mode 100644
index 0000000..2b6c51e
--- /dev/null
+++ b/test/default/secretbox.exp
@@ -0,0 +1,19 @@
+,0xf3,0xff,0xc7,0x70,0x3f,0x94,0x00,0xe5
+,0x2a,0x7d,0xfb,0x4b,0x3d,0x33,0x05,0xd9
+,0x8e,0x99,0x3b,0x9f,0x48,0x68,0x12,0x73
+,0xc2,0x96,0x50,0xba,0x32,0xfc,0x76,0xce
+,0x48,0x33,0x2e,0xa7,0x16,0x4d,0x96,0xa4
+,0x47,0x6f,0xb8,0xc5,0x31,0xa1,0x18,0x6a
+,0xc0,0xdf,0xc1,0x7c,0x98,0xdc,0xe8,0x7b
+,0x4d,0xa7,0xf0,0x11,0xec,0x48,0xc9,0x72
+,0x71,0xd2,0xc2,0x0f,0x9b,0x92,0x8f,0xe2
+,0x27,0x0d,0x6f,0xb8,0x63,0xd5,0x17,0x38
+,0xb4,0x8e,0xee,0xe3,0x14,0xa7,0xcc,0x8a
+,0xb9,0x32,0x16,0x45,0x48,0xe5,0x26,0xae
+,0x90,0x22,0x43,0x68,0x51,0x7a,0xcf,0xea
+,0xbd,0x6b,0xb3,0x73,0x2b,0xc0,0xe9,0xda
+,0x99,0x83,0x2b,0x61,0xca,0x01,0xb6,0xde
+,0x56,0x24,0x4a,0x9e,0x88,0xd5,0xf9,0xb3
+,0x79,0x73,0xf6,0x22,0xa4,0x3d,0x14,0xa6
+,0x59,0x9b,0x1f,0x65,0x4c,0xb4,0x5a,0x74
+,0xe3,0x55,0xa5
diff --git a/test/default/secretbox2.c b/test/default/secretbox2.c
index 5af6c41..37fc634 100644
--- a/test/default/secretbox2.c
+++ b/test/default/secretbox2.c
@@ -1,59 +1,46 @@
-#include <stdio.h>
 
 #define TEST_NAME "secretbox2"
 #include "cmptest.h"
 
-unsigned char firstkey[32] = {
- 0x1b,0x27,0x55,0x64,0x73,0xe9,0x85,0xd4
-,0x62,0xcd,0x51,0x19,0x7a,0x9a,0x46,0xc7
-,0x60,0x09,0x54,0x9e,0xac,0x64,0x74,0xf2
-,0x06,0xc4,0xee,0x08,0x44,0xf6,0x83,0x89
-} ;
+unsigned char firstkey[32]
+    = { 0x1b, 0x27, 0x55, 0x64, 0x73, 0xe9, 0x85, 0xd4, 0x62, 0xcd, 0x51,
+        0x19, 0x7a, 0x9a, 0x46, 0xc7, 0x60, 0x09, 0x54, 0x9e, 0xac, 0x64,
+        0x74, 0xf2, 0x06, 0xc4, 0xee, 0x08, 0x44, 0xf6, 0x83, 0x89 };
 
-unsigned char nonce[24] = {
- 0x69,0x69,0x6e,0xe9,0x55,0xb6,0x2b,0x73
-,0xcd,0x62,0xbd,0xa8,0x75,0xfc,0x73,0xd6
-,0x82,0x19,0xe0,0x03,0x6b,0x7a,0x0b,0x37
-} ;
+unsigned char nonce[24] = { 0x69, 0x69, 0x6e, 0xe9, 0x55, 0xb6, 0x2b, 0x73,
+                            0xcd, 0x62, 0xbd, 0xa8, 0x75, 0xfc, 0x73, 0xd6,
+                            0x82, 0x19, 0xe0, 0x03, 0x6b, 0x7a, 0x0b, 0x37 };
 
 // API requires first 16 bytes to be 0
-unsigned char c[163] = {
-    0,   0,   0,   0,   0,   0,   0,   0
-,   0,   0,   0,   0,   0,   0,   0,   0
-,0xf3,0xff,0xc7,0x70,0x3f,0x94,0x00,0xe5
-,0x2a,0x7d,0xfb,0x4b,0x3d,0x33,0x05,0xd9
-,0x8e,0x99,0x3b,0x9f,0x48,0x68,0x12,0x73
-,0xc2,0x96,0x50,0xba,0x32,0xfc,0x76,0xce
-,0x48,0x33,0x2e,0xa7,0x16,0x4d,0x96,0xa4
-,0x47,0x6f,0xb8,0xc5,0x31,0xa1,0x18,0x6a
-,0xc0,0xdf,0xc1,0x7c,0x98,0xdc,0xe8,0x7b
-,0x4d,0xa7,0xf0,0x11,0xec,0x48,0xc9,0x72
-,0x71,0xd2,0xc2,0x0f,0x9b,0x92,0x8f,0xe2
-,0x27,0x0d,0x6f,0xb8,0x63,0xd5,0x17,0x38
-,0xb4,0x8e,0xee,0xe3,0x14,0xa7,0xcc,0x8a
-,0xb9,0x32,0x16,0x45,0x48,0xe5,0x26,0xae
-,0x90,0x22,0x43,0x68,0x51,0x7a,0xcf,0xea
-,0xbd,0x6b,0xb3,0x73,0x2b,0xc0,0xe9,0xda
-,0x99,0x83,0x2b,0x61,0xca,0x01,0xb6,0xde
-,0x56,0x24,0x4a,0x9e,0x88,0xd5,0xf9,0xb3
-,0x79,0x73,0xf6,0x22,0xa4,0x3d,0x14,0xa6
-,0x59,0x9b,0x1f,0x65,0x4c,0xb4,0x5a,0x74
-,0xe3,0x55,0xa5
-} ;
+unsigned char c[163]
+    = { 0,    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+        0,    0,    0,    0,    0xf3, 0xff, 0xc7, 0x70, 0x3f, 0x94, 0x00, 0xe5,
+        0x2a, 0x7d, 0xfb, 0x4b, 0x3d, 0x33, 0x05, 0xd9, 0x8e, 0x99, 0x3b, 0x9f,
+        0x48, 0x68, 0x12, 0x73, 0xc2, 0x96, 0x50, 0xba, 0x32, 0xfc, 0x76, 0xce,
+        0x48, 0x33, 0x2e, 0xa7, 0x16, 0x4d, 0x96, 0xa4, 0x47, 0x6f, 0xb8, 0xc5,
+        0x31, 0xa1, 0x18, 0x6a, 0xc0, 0xdf, 0xc1, 0x7c, 0x98, 0xdc, 0xe8, 0x7b,
+        0x4d, 0xa7, 0xf0, 0x11, 0xec, 0x48, 0xc9, 0x72, 0x71, 0xd2, 0xc2, 0x0f,
+        0x9b, 0x92, 0x8f, 0xe2, 0x27, 0x0d, 0x6f, 0xb8, 0x63, 0xd5, 0x17, 0x38,
+        0xb4, 0x8e, 0xee, 0xe3, 0x14, 0xa7, 0xcc, 0x8a, 0xb9, 0x32, 0x16, 0x45,
+        0x48, 0xe5, 0x26, 0xae, 0x90, 0x22, 0x43, 0x68, 0x51, 0x7a, 0xcf, 0xea,
+        0xbd, 0x6b, 0xb3, 0x73, 0x2b, 0xc0, 0xe9, 0xda, 0x99, 0x83, 0x2b, 0x61,
+        0xca, 0x01, 0xb6, 0xde, 0x56, 0x24, 0x4a, 0x9e, 0x88, 0xd5, 0xf9, 0xb3,
+        0x79, 0x73, 0xf6, 0x22, 0xa4, 0x3d, 0x14, 0xa6, 0x59, 0x9b, 0x1f, 0x65,
+        0x4c, 0xb4, 0x5a, 0x74, 0xe3, 0x55, 0xa5 };
 
 unsigned char m[163];
 
 int main(void)
 {
-  int i;
-  if (crypto_secretbox_xsalsa20poly1305_open(
-       m,c,163,nonce,firstkey
-      ) == 0) {
-    for (i = 32;i < 163;++i) {
-      printf(",0x%02x",(unsigned int) m[i]);
-      if (i % 8 == 7) printf("\n");
+    int i;
+
+    if (crypto_secretbox_open(m, c, 163, nonce, firstkey) == 0) {
+        for (i = 32; i < 163; ++i) {
+            printf(",0x%02x", (unsigned int)m[i]);
+            if (i % 8 == 7)
+                printf("\n");
+        }
+        printf("\n");
     }
-    printf("\n");
-  }
-  return 0;
+    return 0;
 }
diff --git a/test/default/secretbox2.exp b/test/default/secretbox2.exp
new file mode 100644
index 0000000..c61d455
--- /dev/null
+++ b/test/default/secretbox2.exp
@@ -0,0 +1,17 @@
+,0xbe,0x07,0x5f,0xc5,0x3c,0x81,0xf2,0xd5
+,0xcf,0x14,0x13,0x16,0xeb,0xeb,0x0c,0x7b
+,0x52,0x28,0xc5,0x2a,0x4c,0x62,0xcb,0xd4
+,0x4b,0x66,0x84,0x9b,0x64,0x24,0x4f,0xfc
+,0xe5,0xec,0xba,0xaf,0x33,0xbd,0x75,0x1a
+,0x1a,0xc7,0x28,0xd4,0x5e,0x6c,0x61,0x29
+,0x6c,0xdc,0x3c,0x01,0x23,0x35,0x61,0xf4
+,0x1d,0xb6,0x6c,0xce,0x31,0x4a,0xdb,0x31
+,0x0e,0x3b,0xe8,0x25,0x0c,0x46,0xf0,0x6d
+,0xce,0xea,0x3a,0x7f,0xa1,0x34,0x80,0x57
+,0xe2,0xf6,0x55,0x6a,0xd6,0xb1,0x31,0x8a
+,0x02,0x4a,0x83,0x8f,0x21,0xaf,0x1f,0xde
+,0x04,0x89,0x77,0xeb,0x48,0xf5,0x9f,0xfd
+,0x49,0x24,0xca,0x1c,0x60,0x90,0x2e,0x52
+,0xf0,0xa0,0x89,0xbc,0x76,0x89,0x70,0x40
+,0xe0,0x82,0xf9,0x37,0x76,0x38,0x48,0x64
+,0x5e,0x07,0x05
diff --git a/test/default/secretbox7.c b/test/default/secretbox7.c
index 337f081..492dd34 100644
--- a/test/default/secretbox7.c
+++ b/test/default/secretbox7.c
@@ -1,4 +1,3 @@
-#include <stdio.h>
 
 #define TEST_NAME "secretbox7"
 #include "cmptest.h"
@@ -11,23 +10,26 @@ unsigned char m2[10000];
 
 int main(void)
 {
-  size_t mlen;
-  size_t i;
+    size_t mlen;
+    size_t i;
 
-  for (mlen = 0;mlen < 1000 && mlen + crypto_secretbox_ZEROBYTES < sizeof m;++mlen) {
-    randombytes(k,crypto_secretbox_KEYBYTES);
-    randombytes(n,crypto_secretbox_NONCEBYTES);
-    randombytes(m + crypto_secretbox_ZEROBYTES,mlen);
-    crypto_secretbox(c,m,mlen + crypto_secretbox_ZEROBYTES,n,k);
-    if (crypto_secretbox_open(m2,c,mlen + crypto_secretbox_ZEROBYTES,n,k) == 0) {
-      for (i = 0;i < mlen + crypto_secretbox_ZEROBYTES;++i)
-        if (m2[i] != m[i]) {
-          printf("bad decryption\n");
-          break;
+    for (mlen = 0; mlen < 1000 && mlen + crypto_secretbox_ZEROBYTES < sizeof m;
+         ++mlen) {
+        randombytes_buf(k, crypto_secretbox_KEYBYTES);
+        randombytes_buf(n, crypto_secretbox_NONCEBYTES);
+        randombytes_buf(m + crypto_secretbox_ZEROBYTES, mlen);
+        crypto_secretbox(c, m, mlen + crypto_secretbox_ZEROBYTES, n, k);
+        if (crypto_secretbox_open(m2, c, mlen + crypto_secretbox_ZEROBYTES, n,
+                                  k) == 0) {
+            for (i = 0; i < mlen + crypto_secretbox_ZEROBYTES; ++i) {
+                if (m2[i] != m[i]) {
+                    printf("bad decryption\n");
+                    break;
+                }
+            }
+        } else {
+            printf("ciphertext fails verification\n");
         }
-    } else {
-      printf("ciphertext fails verification\n");
     }
-  }
-  return 0;
+    return 0;
 }
diff --git a/test/default/secretbox7.exp b/test/default/secretbox7.exp
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/test/default/secretbox7.exp
diff --git a/test/default/secretbox8.c b/test/default/secretbox8.c
index 94808dc..7fbb811 100644
--- a/test/default/secretbox8.c
+++ b/test/default/secretbox8.c
@@ -1,5 +1,4 @@
-#include <stdio.h>
-#include <stdlib.h>
+
 #include "windows/windows-quirks.h"
 
 #define TEST_NAME "secretbox8"
@@ -13,28 +12,31 @@ unsigned char m2[10000];
 
 int main(void)
 {
-  size_t mlen;
-  size_t i;
-  int caught;
+    size_t mlen;
+    size_t i;
+    int caught;
 
-  for (mlen = 0;mlen < 1000 && mlen + crypto_secretbox_ZEROBYTES < sizeof m;++mlen) {
-    randombytes(k,crypto_secretbox_KEYBYTES);
-    randombytes(n,crypto_secretbox_NONCEBYTES);
-    randombytes(m + crypto_secretbox_ZEROBYTES,mlen);
-    crypto_secretbox(c,m,mlen + crypto_secretbox_ZEROBYTES,n,k);
-    caught = 0;
-    while (caught < 10) {
-      c[rand() % (mlen + crypto_secretbox_ZEROBYTES)] = rand();
-      if (crypto_secretbox_open(m2,c,mlen + crypto_secretbox_ZEROBYTES,n,k) == 0) {
-        for (i = 0;i < mlen + crypto_secretbox_ZEROBYTES;++i)
-          if (m2[i] != m[i]) {
-            printf("forgery\n");
-            return 100;
-          }
-      } else {
-        ++caught;
-      }
+    for (mlen = 0; mlen < 1000 && mlen + crypto_secretbox_ZEROBYTES < sizeof m;
+         ++mlen) {
+        randombytes_buf(k, crypto_secretbox_KEYBYTES);
+        randombytes_buf(n, crypto_secretbox_NONCEBYTES);
+        randombytes_buf(m + crypto_secretbox_ZEROBYTES, mlen);
+        crypto_secretbox(c, m, mlen + crypto_secretbox_ZEROBYTES, n, k);
+        caught = 0;
+        while (caught < 10) {
+            c[rand() % (mlen + crypto_secretbox_ZEROBYTES)] = rand();
+            if (crypto_secretbox_open(m2, c, mlen + crypto_secretbox_ZEROBYTES,
+                                      n, k) == 0) {
+                for (i = 0; i < mlen + crypto_secretbox_ZEROBYTES; ++i) {
+                    if (m2[i] != m[i]) {
+                        printf("forgery\n");
+                        return 100;
+                    }
+                }
+            } else {
+                ++caught;
+            }
+        }
     }
-  }
-  return 0;
+    return 0;
 }
diff --git a/test/default/secretbox8.exp b/test/default/secretbox8.exp
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/test/default/secretbox8.exp
diff --git a/test/default/secretbox_easy.c b/test/default/secretbox_easy.c
index dc3f3bd..df85070 100644
--- a/test/default/secretbox_easy.c
+++ b/test/default/secretbox_easy.c
@@ -1,63 +1,57 @@
-#include <stdio.h>
 
 #define TEST_NAME "secretbox_easy"
 #include "cmptest.h"
 
-unsigned char firstkey[32] = {
- 0x1b,0x27,0x55,0x64,0x73,0xe9,0x85,0xd4
-,0x62,0xcd,0x51,0x19,0x7a,0x9a,0x46,0xc7
-,0x60,0x09,0x54,0x9e,0xac,0x64,0x74,0xf2
-,0x06,0xc4,0xee,0x08,0x44,0xf6,0x83,0x89
-} ;
-
-unsigned char nonce[24] = {
- 0x69,0x69,0x6e,0xe9,0x55,0xb6,0x2b,0x73
-,0xcd,0x62,0xbd,0xa8,0x75,0xfc,0x73,0xd6
-,0x82,0x19,0xe0,0x03,0x6b,0x7a,0x0b,0x37
-} ;
-
-unsigned char m[131] = {
- 0xbe,0x07,0x5f,0xc5,0x3c,0x81,0xf2,0xd5
-,0xcf,0x14,0x13,0x16,0xeb,0xeb,0x0c,0x7b
-,0x52,0x28,0xc5,0x2a,0x4c,0x62,0xcb,0xd4
-,0x4b,0x66,0x84,0x9b,0x64,0x24,0x4f,0xfc
-,0xe5,0xec,0xba,0xaf,0x33,0xbd,0x75,0x1a
-,0x1a,0xc7,0x28,0xd4,0x5e,0x6c,0x61,0x29
-,0x6c,0xdc,0x3c,0x01,0x23,0x35,0x61,0xf4
-,0x1d,0xb6,0x6c,0xce,0x31,0x4a,0xdb,0x31
-,0x0e,0x3b,0xe8,0x25,0x0c,0x46,0xf0,0x6d
-,0xce,0xea,0x3a,0x7f,0xa1,0x34,0x80,0x57
-,0xe2,0xf6,0x55,0x6a,0xd6,0xb1,0x31,0x8a
-,0x02,0x4a,0x83,0x8f,0x21,0xaf,0x1f,0xde
-,0x04,0x89,0x77,0xeb,0x48,0xf5,0x9f,0xfd
-,0x49,0x24,0xca,0x1c,0x60,0x90,0x2e,0x52
-,0xf0,0xa0,0x89,0xbc,0x76,0x89,0x70,0x40
-,0xe0,0x82,0xf9,0x37,0x76,0x38,0x48,0x64
-,0x5e,0x07,0x05
-} ;
+unsigned char firstkey[32]
+    = { 0x1b, 0x27, 0x55, 0x64, 0x73, 0xe9, 0x85, 0xd4, 0x62, 0xcd, 0x51,
+        0x19, 0x7a, 0x9a, 0x46, 0xc7, 0x60, 0x09, 0x54, 0x9e, 0xac, 0x64,
+        0x74, 0xf2, 0x06, 0xc4, 0xee, 0x08, 0x44, 0xf6, 0x83, 0x89 };
+
+unsigned char nonce[24] = { 0x69, 0x69, 0x6e, 0xe9, 0x55, 0xb6, 0x2b, 0x73,
+                            0xcd, 0x62, 0xbd, 0xa8, 0x75, 0xfc, 0x73, 0xd6,
+                            0x82, 0x19, 0xe0, 0x03, 0x6b, 0x7a, 0x0b, 0x37 };
+
+unsigned char m[131]
+    = { 0xbe, 0x07, 0x5f, 0xc5, 0x3c, 0x81, 0xf2, 0xd5, 0xcf, 0x14, 0x13, 0x16,
+        0xeb, 0xeb, 0x0c, 0x7b, 0x52, 0x28, 0xc5, 0x2a, 0x4c, 0x62, 0xcb, 0xd4,
+        0x4b, 0x66, 0x84, 0x9b, 0x64, 0x24, 0x4f, 0xfc, 0xe5, 0xec, 0xba, 0xaf,
+        0x33, 0xbd, 0x75, 0x1a, 0x1a, 0xc7, 0x28, 0xd4, 0x5e, 0x6c, 0x61, 0x29,
+        0x6c, 0xdc, 0x3c, 0x01, 0x23, 0x35, 0x61, 0xf4, 0x1d, 0xb6, 0x6c, 0xce,
+        0x31, 0x4a, 0xdb, 0x31, 0x0e, 0x3b, 0xe8, 0x25, 0x0c, 0x46, 0xf0, 0x6d,
+        0xce, 0xea, 0x3a, 0x7f, 0xa1, 0x34, 0x80, 0x57, 0xe2, 0xf6, 0x55, 0x6a,
+        0xd6, 0xb1, 0x31, 0x8a, 0x02, 0x4a, 0x83, 0x8f, 0x21, 0xaf, 0x1f, 0xde,
+        0x04, 0x89, 0x77, 0xeb, 0x48, 0xf5, 0x9f, 0xfd, 0x49, 0x24, 0xca, 0x1c,
+        0x60, 0x90, 0x2e, 0x52, 0xf0, 0xa0, 0x89, 0xbc, 0x76, 0x89, 0x70, 0x40,
+        0xe0, 0x82, 0xf9, 0x37, 0x76, 0x38, 0x48, 0x64, 0x5e, 0x07, 0x05 };
 
 unsigned char c[147 + crypto_secretbox_MACBYTES];
 unsigned char mac[crypto_secretbox_MACBYTES];
 
 int main(void)
 {
-  size_t i;
-
-  crypto_secretbox_easy(c, m, 131, nonce, firstkey);
-  for (i = 0;i < 131 + crypto_secretbox_MACBYTES; ++i) {
-    printf(",0x%02x",(unsigned int) c[i]);
-    if (i % 8 == 7) printf("\n");
-  }
-  printf("\n");
-
-  crypto_secretbox_detached(c, mac, m, 131, nonce, firstkey);
-  for (i = 0;i < crypto_secretbox_MACBYTES; ++i) {
-    printf(",0x%02x",(unsigned int) mac[i]);
-    if (i % 8 == 7) printf("\n");
-  }
-  for (i = 0;i < 131; ++i) {
-    printf(",0x%02x",(unsigned int) c[i]);
-    if (i % 8 == 7) printf("\n");
-  }
-  return 0;
+    size_t i;
+
+    crypto_secretbox_easy(c, m, 131, nonce, firstkey);
+    for (i = 0; i < 131 + crypto_secretbox_MACBYTES; ++i) {
+        printf(",0x%02x", (unsigned int)c[i]);
+        if (i % 8 == 7)
+            printf("\n");
+    }
+    printf("\n");
+
+    crypto_secretbox_detached(c, mac, m, 131, nonce, firstkey);
+    for (i = 0; i < crypto_secretbox_MACBYTES; ++i) {
+        printf(",0x%02x", (unsigned int)mac[i]);
+        if (i % 8 == 7)
+            printf("\n");
+    }
+    for (i = 0; i < 131; ++i) {
+        printf(",0x%02x", (unsigned int)c[i]);
+        if (i % 8 == 7)
+            printf("\n");
+    }
+
+    assert(crypto_secretbox_easy(c, m, SIZE_MAX - 1U, nonce, firstkey) == -1);
+
+    return 0;
 }
diff --git a/test/default/secretbox_easy.exp b/test/default/secretbox_easy.exp
new file mode 100644
index 0000000..c4b4066
--- /dev/null
+++ b/test/default/secretbox_easy.exp
@@ -0,0 +1,38 @@
+,0xf3,0xff,0xc7,0x70,0x3f,0x94,0x00,0xe5
+,0x2a,0x7d,0xfb,0x4b,0x3d,0x33,0x05,0xd9
+,0x8e,0x99,0x3b,0x9f,0x48,0x68,0x12,0x73
+,0xc2,0x96,0x50,0xba,0x32,0xfc,0x76,0xce
+,0x48,0x33,0x2e,0xa7,0x16,0x4d,0x96,0xa4
+,0x47,0x6f,0xb8,0xc5,0x31,0xa1,0x18,0x6a
+,0xc0,0xdf,0xc1,0x7c,0x98,0xdc,0xe8,0x7b
+,0x4d,0xa7,0xf0,0x11,0xec,0x48,0xc9,0x72
+,0x71,0xd2,0xc2,0x0f,0x9b,0x92,0x8f,0xe2
+,0x27,0x0d,0x6f,0xb8,0x63,0xd5,0x17,0x38
+,0xb4,0x8e,0xee,0xe3,0x14,0xa7,0xcc,0x8a
+,0xb9,0x32,0x16,0x45,0x48,0xe5,0x26,0xae
+,0x90,0x22,0x43,0x68,0x51,0x7a,0xcf,0xea
+,0xbd,0x6b,0xb3,0x73,0x2b,0xc0,0xe9,0xda
+,0x99,0x83,0x2b,0x61,0xca,0x01,0xb6,0xde
+,0x56,0x24,0x4a,0x9e,0x88,0xd5,0xf9,0xb3
+,0x79,0x73,0xf6,0x22,0xa4,0x3d,0x14,0xa6
+,0x59,0x9b,0x1f,0x65,0x4c,0xb4,0x5a,0x74
+,0xe3,0x55,0xa5
+,0xf3,0xff,0xc7,0x70,0x3f,0x94,0x00,0xe5
+,0x2a,0x7d,0xfb,0x4b,0x3d,0x33,0x05,0xd9
+,0x8e,0x99,0x3b,0x9f,0x48,0x68,0x12,0x73
+,0xc2,0x96,0x50,0xba,0x32,0xfc,0x76,0xce
+,0x48,0x33,0x2e,0xa7,0x16,0x4d,0x96,0xa4
+,0x47,0x6f,0xb8,0xc5,0x31,0xa1,0x18,0x6a
+,0xc0,0xdf,0xc1,0x7c,0x98,0xdc,0xe8,0x7b
+,0x4d,0xa7,0xf0,0x11,0xec,0x48,0xc9,0x72
+,0x71,0xd2,0xc2,0x0f,0x9b,0x92,0x8f,0xe2
+,0x27,0x0d,0x6f,0xb8,0x63,0xd5,0x17,0x38
+,0xb4,0x8e,0xee,0xe3,0x14,0xa7,0xcc,0x8a
+,0xb9,0x32,0x16,0x45,0x48,0xe5,0x26,0xae
+,0x90,0x22,0x43,0x68,0x51,0x7a,0xcf,0xea
+,0xbd,0x6b,0xb3,0x73,0x2b,0xc0,0xe9,0xda
+,0x99,0x83,0x2b,0x61,0xca,0x01,0xb6,0xde
+,0x56,0x24,0x4a,0x9e,0x88,0xd5,0xf9,0xb3
+,0x79,0x73,0xf6,0x22,0xa4,0x3d,0x14,0xa6
+,0x59,0x9b,0x1f,0x65,0x4c,0xb4,0x5a,0x74
+,0xe3,0x55,0xa5
+\ No newline at end of file
diff --git a/test/default/secretbox_easy2.c b/test/default/secretbox_easy2.c
index 63105b6..3ad71ce 100644
--- a/test/default/secretbox_easy2.c
+++ b/test/default/secretbox_easy2.c
@@ -1,5 +1,3 @@
-#include <stdio.h>
-#include <string.h>
 
 #define TEST_NAME "secretbox_easy2"
 #include "cmptest.h"
@@ -17,12 +15,12 @@ int main(void)
     unsigned long long i;
 
     randombytes_buf(k, sizeof k);
-    mlen = (unsigned long long) randombytes_uniform((uint32_t) sizeof m);
+    mlen = (unsigned long long)randombytes_uniform((uint32_t)sizeof m);
     randombytes_buf(m, mlen);
     randombytes_buf(nonce, sizeof nonce);
     crypto_secretbox_easy(c, m, mlen, nonce, k);
-    crypto_secretbox_open_easy(m2, c, mlen + crypto_secretbox_MACBYTES,
-                               nonce, k);
+    crypto_secretbox_open_easy(m2, c, mlen + crypto_secretbox_MACBYTES, nonce,
+                               k);
     printf("%d\n", memcmp(m, m2, mlen));
 
     for (i = 0; i < mlen + crypto_secretbox_MACBYTES - 1; i++) {
diff --git a/test/default/secretbox_easy2.exp b/test/default/secretbox_easy2.exp
new file mode 100644
index 0000000..aa47d0d
--- /dev/null
+++ b/test/default/secretbox_easy2.exp
@@ -0,0 +1,2 @@
+0
+0
diff --git a/test/default/shorthash.c b/test/default/shorthash.c
index 6f1d7f3..18081cd 100644
--- a/test/default/shorthash.c
+++ b/test/default/shorthash.c
@@ -1,6 +1,3 @@
-#include <stdio.h>
-
-#include "crypto_uint8.h"
 
 #define TEST_NAME "shorthash"
 #include "cmptest.h"
@@ -8,16 +5,26 @@
 int main(void)
 {
 #define MAXLEN 64
-    crypto_uint8 in[MAXLEN], out[crypto_shorthash_BYTES], k[crypto_shorthash_KEYBYTES];
-    size_t i,j;
+    unsigned char in[MAXLEN], out[crypto_shorthash_BYTES],
+        k[crypto_shorthash_KEYBYTES];
+    size_t i, j;
 
-    for( i = 0; i < crypto_shorthash_KEYBYTES; ++i ) k[i] = i;
+    for (i = 0; i < crypto_shorthash_KEYBYTES; ++i)
+        k[i] = i;
 
-    for(i=0;i<MAXLEN;++i) {
-        in[i]=i;
-        crypto_shorthash( out, in, i, k );
-        for (j = 0;j < crypto_shorthash_BYTES;++j) printf("%02x",(unsigned int) out[j]);
+    for (i = 0; i < MAXLEN; ++i) {
+        in[i] = i;
+        crypto_shorthash(out, in, i, k);
+        for (j = 0; j < crypto_shorthash_BYTES; ++j)
+            printf("%02x", (unsigned int)out[j]);
         printf("\n");
     }
+    assert(crypto_shorthash_bytes() > 0);
+    assert(crypto_shorthash_keybytes() > 0);
+    assert(strcmp(crypto_shorthash_primitive(), "siphash24") == 0);
+    assert(crypto_shorthash_bytes() == crypto_shorthash_siphash24_bytes());
+    assert(crypto_shorthash_keybytes()
+           == crypto_shorthash_siphash24_keybytes());
+
     return 0;
 }
diff --git a/test/default/shorthash.exp b/test/default/shorthash.exp
new file mode 100644
index 0000000..6ec8684
--- /dev/null
+++ b/test/default/shorthash.exp
@@ -0,0 +1,64 @@
+310e0edd47db6f72
+fd67dc93c539f874
+5a4fa9d909806c0d
+2d7efbd796666785
+b7877127e09427cf
+8da699cd64557618
+cee3fe586e46c9cb
+37d1018bf50002ab
+6224939a79f5f593
+b0e4a90bdf82009e
+f3b9dd94c5bb5d7a
+a7ad6b22462fb3f4
+fbe50e86bc8f1e75
+903d84c02756ea14
+eef27a8e90ca23f7
+e545be4961ca29a1
+db9bc2577fcc2a3f
+9447be2cf5e99a69
+9cd38d96f0b3c14b
+bd6179a71dc96dbb
+98eea21af25cd6be
+c7673b2eb0cbf2d0
+883ea3e395675393
+c8ce5ccd8c030ca8
+94af49f6c650adb8
+eab8858ade92e1bc
+f315bb5bb835d817
+adcf6b0763612e2f
+a5c91da7acaa4dde
+716595876650a2a6
+28ef495c53a387ad
+42c341d8fa92d832
+ce7cf2722f512771
+e37859f94623f3a7
+381205bb1ab0e012
+ae97a10fd434e015
+b4a31508beff4d31
+81396229f0907902
+4d0cf49ee5d4dcca
+5c73336a76d8bf9a
+d0a704536ba93e0e
+925958fcd6420cad
+a915c29bc8067318
+952b79f3bc0aa6d4
+f21df2e41d4535f9
+87577519048f53a9
+10a56cf5dfcd9adb
+eb75095ccd986cd0
+51a9cb9ecba312e6
+96afadfc2ce666c7
+72fe52975a4364ee
+5a1645b276d592a1
+b274cb8ebf87870a
+6f9bb4203de7b381
+eaecb2a30b22a87f
+9924a43cc1315724
+bd838d3aafbf8db7
+0b1a2a3265d51aea
+135079a3231ce660
+932b2846e4d70666
+e1915f5cb1eca46c
+f325965ca16d629f
+575ff28e60381be5
+724506eb4c328a95
diff --git a/test/default/sign.c b/test/default/sign.c
index 7267491..99ed085 100644
--- a/test/default/sign.c
+++ b/test/default/sign.c
@@ -1,23 +1,14 @@
-#include <stdio.h>
-#include <string.h>
 
 #define TEST_NAME "sign"
 #include "cmptest.h"
 
-#define KEYPAIR_SEED "1@ABCFGHLOPRSTUWabcdefghiklmnopq"
-
-#define crypto_sign_SECRETKEYBYTES_WITHOUT_PK \
-    (crypto_sign_SECRETKEYBYTES - crypto_sign_PUBLICKEYBYTES)
-
-static const unsigned char keypair_seed[] = {
-    0x42, 0x11, 0x51, 0xa4, 0x59, 0xfa, 0xea, 0xde,
-    0x3d, 0x24, 0x71, 0x15, 0xf9, 0x4a, 0xed, 0xae,
-    0x42, 0x31, 0x81, 0x24, 0x09, 0x5a, 0xfa, 0xbe,
-    0x4d, 0x14, 0x51, 0xa5, 0x59, 0xfa, 0xed, 0xee
-};
+static const unsigned char keypair_seed[]
+    = { 0x42, 0x11, 0x51, 0xa4, 0x59, 0xfa, 0xea, 0xde, 0x3d, 0x24, 0x71,
+        0x15, 0xf9, 0x4a, 0xed, 0xae, 0x42, 0x31, 0x81, 0x24, 0x09, 0x5a,
+        0xfa, 0xbe, 0x4d, 0x14, 0x51, 0xa5, 0x59, 0xfa, 0xed, 0xee };
 
 typedef struct TestData_ {
-    const unsigned char  sk[crypto_sign_SECRETKEYBYTES_WITHOUT_PK];
+    const unsigned char  sk[crypto_sign_SEEDBYTES];
     const unsigned char  pk[crypto_sign_PUBLICKEYBYTES];
     const unsigned char  sig[crypto_sign_BYTES];
     const char          *m;
@@ -1052,26 +1043,29 @@ static TestData test_data[] = {
 
 int main(void)
 {
-    unsigned char      sig[crypto_sign_BYTES];
-    unsigned char      sm[1024 + crypto_sign_BYTES];
-    unsigned char      m[1024];
-    unsigned char      skpk[crypto_sign_SECRETKEYBYTES +
-                            crypto_sign_PUBLICKEYBYTES];
-    unsigned char      pk[crypto_sign_PUBLICKEYBYTES];
-    unsigned char      sk[crypto_sign_SECRETKEYBYTES];
-    char               pk_hex[crypto_sign_PUBLICKEYBYTES * 2 + 1];
-    char               sk_hex[crypto_sign_SECRETKEYBYTES * 2 + 1];
+    unsigned char extracted_seed[crypto_sign_ed25519_SEEDBYTES];
+    unsigned char extracted_pk[crypto_sign_ed25519_PUBLICKEYBYTES];
+    unsigned char sig[crypto_sign_BYTES];
+    unsigned char sm[1024 + crypto_sign_BYTES];
+    unsigned char m[1024];
+    unsigned char skpk[crypto_sign_SECRETKEYBYTES];
+    unsigned char pk[crypto_sign_PUBLICKEYBYTES];
+    unsigned char sk[crypto_sign_SECRETKEYBYTES];
+    char          pk_hex[crypto_sign_PUBLICKEYBYTES * 2 + 1];
+    char          sk_hex[crypto_sign_SECRETKEYBYTES * 2 + 1];
     unsigned long long siglen;
     unsigned long long smlen;
     unsigned long long mlen;
-    unsigned int       i;
+    unsigned int i;
+    unsigned int j;
 
+    memset(sig, 0, sizeof sig);
     for (i = 0U; i < (sizeof test_data) / (sizeof test_data[0]); i++) {
-        memcpy(skpk, test_data[i].sk, crypto_sign_SECRETKEYBYTES_WITHOUT_PK);
-        memcpy(skpk + crypto_sign_SECRETKEYBYTES_WITHOUT_PK,
-               test_data[i].pk, crypto_sign_PUBLICKEYBYTES);
-        if (crypto_sign(sm, &smlen,
-                        (const unsigned char *) test_data[i].m, i, skpk) != 0) {
+        memcpy(skpk, test_data[i].sk, crypto_sign_SEEDBYTES);
+        memcpy(skpk + crypto_sign_SEEDBYTES, test_data[i].pk,
+               crypto_sign_PUBLICKEYBYTES);
+        if (crypto_sign(sm, &smlen, (const unsigned char *)test_data[i].m, i,
+                        skpk) != 0) {
             printf("crypto_sign() failure: [%u]\n", i);
             continue;
         }
@@ -1083,7 +1077,7 @@ int main(void)
             printf("crypto_sign_open() failure: [%u]\n", i);
             continue;
         }
-        if (memcmp(test_data[i].m, m, (size_t) mlen) != 0) {
+        if (memcmp(test_data[i].m, m, (size_t)mlen) != 0) {
             printf("message verification failure: [%u]\n", i);
             continue;
         }
@@ -1095,12 +1089,12 @@ int main(void)
         if (crypto_sign_open(m, &mlen, sm, i % crypto_sign_BYTES,
                              test_data[i].pk) == 0) {
             printf("short signed message verifies: [%u]\n",
-                   i  % crypto_sign_BYTES);
+                   i % crypto_sign_BYTES);
             continue;
         }
         if (crypto_sign_detached(sig, &siglen,
-                                 (const unsigned char *) test_data[i].m, i,
-                                 test_data[i].sk) != 0) {
+                                 (const unsigned char *)test_data[i].m, i, skpk)
+            != 0) {
             printf("detached signature failed: [%u]\n", i);
             continue;
         }
@@ -1113,7 +1107,7 @@ int main(void)
             continue;
         }
         if (crypto_sign_verify_detached(sig,
-                                        (const unsigned char *) test_data[i].m,
+                                        (const unsigned char *)test_data[i].m,
                                         i, test_data[i].pk) != 0) {
             printf("detached signature verification failed: [%u]\n", i);
             continue;
@@ -1121,6 +1115,37 @@ int main(void)
     }
     printf("%u tests\n", i);
 
+    i--;
+
+    memcpy(sm, test_data[i].m, i);
+    if (crypto_sign(sm, &smlen, sm, i, skpk) != 0) {
+        printf("crypto_sign() with overlap failed\n");
+    }
+    if (crypto_sign_open(sm, &mlen, sm, smlen, test_data[i].pk) != 0) {
+        printf("crypto_sign_open() with overlap failed\n");
+    }
+    if (memcmp(test_data[i].m, sm, (size_t)mlen) != 0) {
+        printf("crypto_sign_open() with overlap failed (content)\n");
+    }
+
+    for (j = 1U; j < 8U; j++) {
+        sig[63] ^= (j << 5);
+        if (crypto_sign_verify_detached(sig,
+                                        (const unsigned char *)test_data[i].m,
+                                        i, test_data[i].pk) != -1) {
+            printf("detached signature verification should have failed\n");
+            continue;
+        }
+        sig[63] ^= (j << 5);
+    }
+
+    memset(pk, 0, sizeof pk);
+    if (crypto_sign_verify_detached(sig,
+                                    (const unsigned char *)test_data[i].m,
+                                    i, pk) != -1) {
+        printf("detached signature verification should have failed\n");
+    }
+
     if (crypto_sign_keypair(pk, sk) != 0) {
         printf("crypto_sign_keypair() failure\n");
     }
@@ -1128,11 +1153,32 @@ int main(void)
         printf("crypto_sign_seed_keypair() failure\n");
         return -1;
     }
+    crypto_sign_ed25519_sk_to_seed(extracted_seed, sk);
+    if (memcmp(extracted_seed, keypair_seed, crypto_sign_ed25519_SEEDBYTES)
+        != 0) {
+        printf("crypto_sign_ed25519_sk_to_seed() failure\n");
+    }
+    crypto_sign_ed25519_sk_to_pk(extracted_pk, sk);
+    if (memcmp(extracted_pk, pk, crypto_sign_ed25519_PUBLICKEYBYTES) != 0) {
+        printf("crypto_sign_ed25519_sk_to_pk() failure\n");
+    }
     sodium_bin2hex(pk_hex, sizeof pk_hex, pk, sizeof pk);
     sodium_bin2hex(sk_hex, sizeof sk_hex, sk, sizeof sk);
 
     printf("pk: [%s]\n", pk_hex);
     printf("sk: [%s]\n", sk_hex);
 
+    assert(crypto_sign_bytes() > 0U);
+    assert(crypto_sign_seedbytes() > 0U);
+    assert(crypto_sign_publickeybytes() > 0U);
+    assert(crypto_sign_secretkeybytes() > 0U);
+    assert(strcmp(crypto_sign_primitive(), "ed25519") == 0);
+    assert(crypto_sign_bytes() == crypto_sign_ed25519_bytes());
+    assert(crypto_sign_seedbytes() == crypto_sign_ed25519_seedbytes());
+    assert(crypto_sign_publickeybytes()
+           == crypto_sign_ed25519_publickeybytes());
+    assert(crypto_sign_secretkeybytes()
+           == crypto_sign_ed25519_secretkeybytes());
+
     return 0;
 }
diff --git a/test/default/sign.exp b/test/default/sign.exp
new file mode 100644
index 0000000..04bf653
--- /dev/null
+++ b/test/default/sign.exp
@@ -0,0 +1,3 @@
+1024 tests
+pk: [b5076a8474a832daee4dd5b4040983b6623b5f344aca57d4d6ee4baf3f259e6e]
+sk: [421151a459faeade3d247115f94aedae42318124095afabe4d1451a559faedeeb5076a8474a832daee4dd5b4040983b6623b5f344aca57d4d6ee4baf3f259e6e]
diff --git a/test/default/sodium_core.c b/test/default/sodium_core.c
index 7bdcca8..89599ab 100644
--- a/test/default/sodium_core.c
+++ b/test/default/sodium_core.c
@@ -1,11 +1,14 @@
-#include <stdio.h>
 
 #define TEST_NAME "sodium_core"
 #include "cmptest.h"
 
 int main(void)
 {
-  printf ("%d\n", sodium_init());
+    printf("%d\n", sodium_init());
 
-  return 0;
+    (void)sodium_runtime_has_neon();
+    (void)sodium_runtime_has_sse2();
+    (void)sodium_runtime_has_sse3();
+
+    return 0;
 }
diff --git a/test/default/sodium_core.exp b/test/default/sodium_core.exp
new file mode 100644
index 0000000..d00491f
--- /dev/null
+++ b/test/default/sodium_core.exp
@@ -0,0 +1 @@
+1
diff --git a/test/default/sodium_utils.c b/test/default/sodium_utils.c
index e50de24..89274de 100644
--- a/test/default/sodium_utils.c
+++ b/test/default/sodium_utils.c
@@ -1,35 +1,64 @@
-#include <stdio.h>
-#include <string.h>
 
 #define TEST_NAME "sodium_utils"
 #include "cmptest.h"
 
 int main(void)
 {
-  unsigned char buf1[1000];
-  unsigned char buf2[1000];
-  char          buf3[33];
-  unsigned char buf4[4];
-  const char   *hex;
-  size_t        bin_len;
-
-  randombytes(buf1, sizeof buf1);
-  memcpy(buf2, buf1, sizeof buf2);
-  printf("%d\n", sodium_memcmp(buf1, buf2, sizeof buf1));
-  sodium_memzero(buf1, 0U);
-  printf("%d\n", sodium_memcmp(buf1, buf2, sizeof buf1));
-  sodium_memzero(buf1, sizeof buf1 / 2);
-  printf("%d\n", sodium_memcmp(buf1, buf2, sizeof buf1));
-  printf("%d\n", sodium_memcmp(buf1, buf2, 0U));
-  sodium_memzero(buf2, sizeof buf2 / 2);
-  printf("%d\n", sodium_memcmp(buf1, buf2, sizeof buf1));
-  printf("%s\n", sodium_bin2hex(buf3, 33U,
-                                (const unsigned char *)
-                                "0123456789ABCDEF", 16U));
-  hex = "Cafe : 6942";
-  sodium_hex2bin(buf4, sizeof buf4, hex, strlen(hex), ": ", &bin_len, NULL);
-  printf("%lu:%02x%02x%02x%02x\n", (unsigned long) bin_len,
-         buf4[0], buf4[1], buf4[2], buf4[3]);
-
-  return 0;
+    unsigned char buf1[1000];
+    unsigned char buf2[1000];
+    char buf3[33];
+    unsigned char buf4[4];
+    const char *hex;
+    const char *hex_end;
+    size_t bin_len;
+
+    randombytes_buf(buf1, sizeof buf1);
+    memcpy(buf2, buf1, sizeof buf2);
+    printf("%d\n", sodium_memcmp(buf1, buf2, sizeof buf1));
+    sodium_memzero(buf1, 0U);
+    printf("%d\n", sodium_memcmp(buf1, buf2, sizeof buf1));
+    sodium_memzero(buf1, sizeof buf1 / 2);
+    printf("%d\n", sodium_memcmp(buf1, buf2, sizeof buf1));
+    printf("%d\n", sodium_memcmp(buf1, buf2, 0U));
+    sodium_memzero(buf2, sizeof buf2 / 2);
+    printf("%d\n", sodium_memcmp(buf1, buf2, sizeof buf1));
+    printf("%s\n",
+           sodium_bin2hex(buf3, 33U, (const unsigned char *)"0123456789ABCDEF",
+                          16U));
+    hex = "Cafe : 6942";
+    sodium_hex2bin(buf4, sizeof buf4, hex, strlen(hex), ": ", &bin_len, &hex_end);
+    printf("%lu:%02x%02x%02x%02x\n", (unsigned long)bin_len, buf4[0], buf4[1],
+           buf4[2], buf4[3]);
+    printf("dt1: %ld\n", (long) (hex_end - hex));
+
+    hex = "Cafe : 6942";
+    sodium_hex2bin(buf4, sizeof buf4, hex, strlen(hex), ": ", &bin_len, NULL);
+    printf("%lu:%02x%02x%02x%02x\n", (unsigned long)bin_len, buf4[2], buf4[3],
+           buf4[2], buf4[3]);
+
+    hex = "deadbeef";
+    if (sodium_hex2bin(buf1, 1U, hex, 8U, NULL, &bin_len, &hex_end) != -1) {
+        printf("sodium_hex2bin() overflow not detected\n");
+    }
+    printf("dt2: %ld\n", (long) (hex_end - hex));
+
+    hex = "de:ad:be:eff";
+    if (sodium_hex2bin(buf1, 4U, hex, 12U, ":", &bin_len, &hex_end) != -1) {
+        printf("sodium_hex2bin() with an odd input length and a short output buffer\n");
+    }
+    printf("dt3: %ld\n", (long) (hex_end - hex));
+
+    hex = "de:ad:be:eff";
+    if (sodium_hex2bin(buf1, sizeof buf1, hex, 12U, ":", &bin_len, &hex_end) != 0) {
+        printf("sodium_hex2bin() with an odd input length\n");
+    }
+    printf("dt4: %ld\n", (long) (hex_end - hex));
+
+    hex = "de:ad:be:eff";
+    if (sodium_hex2bin(buf1, sizeof buf1, hex, 13U, ":", &bin_len, &hex_end) != 0) {
+        printf("sodium_hex2bin() with an odd input length\n");
+    }
+    printf("dt5: %ld\n", (long) (hex_end - hex));
+
+    return 0;
 }
diff --git a/test/default/sodium_utils.exp b/test/default/sodium_utils.exp
new file mode 100644
index 0000000..e087a91
--- /dev/null
+++ b/test/default/sodium_utils.exp
@@ -0,0 +1,13 @@
+0
+0
+-1
+0
+0
+30313233343536373839414243444546
+4:cafe6942
+dt1: 11
+4:69426942
+dt2: 2
+dt3: 11
+dt4: 11
+dt5: 11
diff --git a/test/default/sodium_utils2.c b/test/default/sodium_utils2.c
new file mode 100644
index 0000000..11f1df6
--- /dev/null
+++ b/test/default/sodium_utils2.c
@@ -0,0 +1,72 @@
+
+#include <sys/types.h>
+
+#include <limits.h>
+#include <signal.h>
+
+#define TEST_NAME "sodium_utils2"
+#include "cmptest.h"
+
+static void segv_handler(int sig)
+{
+    printf("Intentional segfault / bus error caught\n");
+    printf("OK\n");
+#ifdef SIGSEGV
+    signal(SIGSEGV, SIG_DFL);
+#endif
+#ifdef SIGBUS
+    signal(SIGBUS, SIG_DFL);
+#endif
+#ifdef SIGABRT
+    signal(SIGABRT, SIG_DFL);
+#endif
+    exit(0);
+}
+
+int main(void)
+{
+    void *buf;
+    size_t size;
+    unsigned int i;
+
+    if (sodium_malloc(SIZE_MAX - 1U) != NULL) {
+        return 1;
+    }
+    if (sodium_allocarray(SIZE_MAX / 2U + 1U, SIZE_MAX / 2U) != NULL) {
+        return 1;
+    }
+    buf = sodium_allocarray(1000U, 50U);
+    memset(buf, 0, 50000U);
+    sodium_free(buf);
+
+    sodium_free(sodium_malloc(0U));
+    sodium_free(NULL);
+    for (i = 0U; i < 10000U; i++) {
+        size = randombytes_uniform(100000U);
+        buf = sodium_malloc(size);
+        memset(buf, i, size);
+        sodium_mprotect_readonly(buf);
+        sodium_free(buf);
+    }
+    printf("OK\n");
+
+#ifdef SIGSEGV
+    signal(SIGSEGV, segv_handler);
+#endif
+#ifdef SIGBUS
+    signal(SIGBUS, segv_handler);
+#endif
+#ifdef SIGABRT
+    signal(SIGABRT, segv_handler);
+#endif
+    size = randombytes_uniform(100000U);
+    buf = sodium_malloc(size);
+    sodium_mprotect_readonly(buf);
+    sodium_mprotect_readwrite(buf);
+    sodium_memzero(((unsigned char *)buf) + size, 1U);
+    sodium_mprotect_noaccess(buf);
+    sodium_free(buf);
+    printf("Overflow not caught\n");
+
+    return 0;
+}
diff --git a/test/default/sodium_utils2.exp b/test/default/sodium_utils2.exp
new file mode 100644
index 0000000..f796351
--- /dev/null
+++ b/test/default/sodium_utils2.exp
@@ -0,0 +1,3 @@
+OK
+Intentional segfault / bus error caught
+OK
diff --git a/test/default/sodium_utils3.c b/test/default/sodium_utils3.c
new file mode 100644
index 0000000..f2bcdae
--- /dev/null
+++ b/test/default/sodium_utils3.c
@@ -0,0 +1,50 @@
+
+#include <sys/types.h>
+
+#include <limits.h>
+#include <signal.h>
+
+#define TEST_NAME "sodium_utils3"
+#include "cmptest.h"
+
+static void segv_handler(int sig)
+{
+    printf("Intentional segfault / bus error caught\n");
+    printf("OK\n");
+#ifdef SIGSEGV
+    signal(SIGSEGV, SIG_DFL);
+#endif
+#ifdef SIGBUS
+    signal(SIGBUS, SIG_DFL);
+#endif
+#ifdef SIGABRT
+    signal(SIGABRT, SIG_DFL);
+#endif
+    exit(0);
+}
+
+int main(void)
+{
+    void *buf;
+    size_t size;
+
+#ifdef SIGSEGV
+    signal(SIGSEGV, segv_handler);
+#endif
+#ifdef SIGBUS
+    signal(SIGBUS, segv_handler);
+#endif
+#ifdef SIGABRT
+    signal(SIGABRT, segv_handler);
+#endif
+    size = randombytes_uniform(100000U);
+    buf = sodium_malloc(size);
+    sodium_mprotect_noaccess(buf);
+    sodium_mprotect_readwrite(buf);
+    sodium_memzero(((unsigned char *)buf) - 8, 8U);
+    sodium_mprotect_readonly(buf);
+    sodium_free(buf);
+    printf("Underflow not caught\n");
+
+    return 0;
+}
diff --git a/test/default/sodium_utils3.exp b/test/default/sodium_utils3.exp
new file mode 100644
index 0000000..37e114f
--- /dev/null
+++ b/test/default/sodium_utils3.exp
@@ -0,0 +1,2 @@
+Intentional segfault / bus error caught
+OK
diff --git a/test/default/sodium_version.c b/test/default/sodium_version.c
index 0b63d38..d32fd79 100644
--- a/test/default/sodium_version.c
+++ b/test/default/sodium_version.c
@@ -1,13 +1,12 @@
-#include <stdio.h>
 
 #define TEST_NAME "sodium_version"
 #include "cmptest.h"
 
 int main(void)
 {
-  printf ("%d\n", sodium_version_string() != NULL);
-  printf ("%d\n", sodium_library_version_major() > 0);
-  printf ("%d\n", sodium_library_version_minor() >= 0);
+    printf("%d\n", sodium_version_string() != NULL);
+    printf("%d\n", sodium_library_version_major() > 0);
+    printf("%d\n", sodium_library_version_minor() >= 0);
 
-  return 0;
+    return 0;
 }
diff --git a/test/default/sodium_version.exp b/test/default/sodium_version.exp
new file mode 100644
index 0000000..e8183f0
--- /dev/null
+++ b/test/default/sodium_version.exp
@@ -0,0 +1,3 @@
+1
+1
+1
diff --git a/test/default/stream.c b/test/default/stream.c
index cc6d416..5e3d5dc 100644
--- a/test/default/stream.c
+++ b/test/default/stream.c
@@ -1,20 +1,15 @@
-#include <stdio.h>
 
 #define TEST_NAME "stream"
 #include "cmptest.h"
 
-unsigned char firstkey[32] = {
- 0x1b,0x27,0x55,0x64,0x73,0xe9,0x85,0xd4
-,0x62,0xcd,0x51,0x19,0x7a,0x9a,0x46,0xc7
-,0x60,0x09,0x54,0x9e,0xac,0x64,0x74,0xf2
-,0x06,0xc4,0xee,0x08,0x44,0xf6,0x83,0x89
-} ;
+unsigned char firstkey[32]
+    = { 0x1b, 0x27, 0x55, 0x64, 0x73, 0xe9, 0x85, 0xd4, 0x62, 0xcd, 0x51,
+        0x19, 0x7a, 0x9a, 0x46, 0xc7, 0x60, 0x09, 0x54, 0x9e, 0xac, 0x64,
+        0x74, 0xf2, 0x06, 0xc4, 0xee, 0x08, 0x44, 0xf6, 0x83, 0x89 };
 
-unsigned char nonce[24] = {
- 0x69,0x69,0x6e,0xe9,0x55,0xb6,0x2b,0x73
-,0xcd,0x62,0xbd,0xa8,0x75,0xfc,0x73,0xd6
-,0x82,0x19,0xe0,0x03,0x6b,0x7a,0x0b,0x37
-} ;
+unsigned char nonce[24] = { 0x69, 0x69, 0x6e, 0xe9, 0x55, 0xb6, 0x2b, 0x73,
+                            0xcd, 0x62, 0xbd, 0xa8, 0x75, 0xfc, 0x73, 0xd6,
+                            0x82, 0x19, 0xe0, 0x03, 0x6b, 0x7a, 0x0b, 0x37 };
 
 unsigned char output[4194304];
 
@@ -22,9 +17,20 @@ unsigned char h[32];
 
 int main(void)
 {
-  int i;
-  crypto_stream_xsalsa20(output,4194304,nonce,firstkey);
-  crypto_hash_sha256(h,output,sizeof output);
-  for (i = 0;i < 32;++i) printf("%02x",h[i]); printf("\n");
-  return 0;
+    int i;
+
+    crypto_stream(output, 4194304, nonce, firstkey);
+    crypto_hash_sha256(h, output, sizeof output);
+
+    for (i = 0; i < 32; ++i)
+        printf("%02x", h[i]);
+    printf("\n");
+
+    assert(crypto_stream_keybytes() > 0U);
+    assert(crypto_stream_noncebytes() > 0U);
+    assert(strcmp(crypto_stream_primitive(), "xsalsa20") == 0);
+    assert(crypto_stream_keybytes() == crypto_stream_xsalsa20_keybytes());
+    assert(crypto_stream_noncebytes() == crypto_stream_xsalsa20_noncebytes());
+
+    return 0;
 }
diff --git a/test/default/stream.exp b/test/default/stream.exp
new file mode 100644
index 0000000..5fa208c
--- /dev/null
+++ b/test/default/stream.exp
@@ -0,0 +1 @@
+662b9d0e3463029156069b12f918691a98f7dfb2ca0393c96bbfc6b1fbd630a2
diff --git a/test/default/stream2.c b/test/default/stream2.c
index 25cdb35..b3c5ac5 100644
--- a/test/default/stream2.c
+++ b/test/default/stream2.c
@@ -1,18 +1,14 @@
-#include <stdio.h>
 
 #define TEST_NAME "stream2"
 #include "cmptest.h"
 
-unsigned char secondkey[32] = {
- 0xdc,0x90,0x8d,0xda,0x0b,0x93,0x44,0xa9
-,0x53,0x62,0x9b,0x73,0x38,0x20,0x77,0x88
-,0x80,0xf3,0xce,0xb4,0x21,0xbb,0x61,0xb9
-,0x1c,0xbd,0x4c,0x3e,0x66,0x25,0x6c,0xe4
-} ;
+unsigned char secondkey[32]
+    = { 0xdc, 0x90, 0x8d, 0xda, 0x0b, 0x93, 0x44, 0xa9, 0x53, 0x62, 0x9b,
+        0x73, 0x38, 0x20, 0x77, 0x88, 0x80, 0xf3, 0xce, 0xb4, 0x21, 0xbb,
+        0x61, 0xb9, 0x1c, 0xbd, 0x4c, 0x3e, 0x66, 0x25, 0x6c, 0xe4 };
 
-unsigned char noncesuffix[8] = {
- 0x82,0x19,0xe0,0x03,0x6b,0x7a,0x0b,0x37
-} ;
+unsigned char noncesuffix[8]
+    = { 0x82, 0x19, 0xe0, 0x03, 0x6b, 0x7a, 0x0b, 0x37 };
 
 unsigned char output[4194304];
 
@@ -20,9 +16,15 @@ unsigned char h[32];
 
 int main(void)
 {
-  int i;
-  crypto_stream_salsa20(output,4194304,noncesuffix,secondkey);
-  crypto_hash_sha256(h,output,sizeof output);
-  for (i = 0;i < 32;++i) printf("%02x",h[i]); printf("\n");
-  return 0;
+    int i;
+    crypto_stream_salsa20(output, 4194304, noncesuffix, secondkey);
+    crypto_hash_sha256(h, output, sizeof output);
+    for (i = 0; i < 32; ++i)
+        printf("%02x", h[i]);
+    printf("\n");
+
+    assert(crypto_stream_salsa20_keybytes() > 0U);
+    assert(crypto_stream_salsa20_noncebytes() > 0U);
+
+    return 0;
 }
diff --git a/test/default/stream2.exp b/test/default/stream2.exp
new file mode 100644
index 0000000..5fa208c
--- /dev/null
+++ b/test/default/stream2.exp
@@ -0,0 +1 @@
+662b9d0e3463029156069b12f918691a98f7dfb2ca0393c96bbfc6b1fbd630a2
diff --git a/test/default/stream3.c b/test/default/stream3.c
index 3a1f559..d121228 100644
--- a/test/default/stream3.c
+++ b/test/default/stream3.c
@@ -1,30 +1,28 @@
-#include <stdio.h>
 
 #define TEST_NAME "stream3"
 #include "cmptest.h"
 
-unsigned char firstkey[32] = {
- 0x1b,0x27,0x55,0x64,0x73,0xe9,0x85,0xd4
-,0x62,0xcd,0x51,0x19,0x7a,0x9a,0x46,0xc7
-,0x60,0x09,0x54,0x9e,0xac,0x64,0x74,0xf2
-,0x06,0xc4,0xee,0x08,0x44,0xf6,0x83,0x89
-} ;
+unsigned char firstkey[32]
+    = { 0x1b, 0x27, 0x55, 0x64, 0x73, 0xe9, 0x85, 0xd4, 0x62, 0xcd, 0x51,
+        0x19, 0x7a, 0x9a, 0x46, 0xc7, 0x60, 0x09, 0x54, 0x9e, 0xac, 0x64,
+        0x74, 0xf2, 0x06, 0xc4, 0xee, 0x08, 0x44, 0xf6, 0x83, 0x89 };
 
-unsigned char nonce[24] = {
- 0x69,0x69,0x6e,0xe9,0x55,0xb6,0x2b,0x73
-,0xcd,0x62,0xbd,0xa8,0x75,0xfc,0x73,0xd6
-,0x82,0x19,0xe0,0x03,0x6b,0x7a,0x0b,0x37
-} ;
+unsigned char nonce[24] = { 0x69, 0x69, 0x6e, 0xe9, 0x55, 0xb6, 0x2b, 0x73,
+                            0xcd, 0x62, 0xbd, 0xa8, 0x75, 0xfc, 0x73, 0xd6,
+                            0x82, 0x19, 0xe0, 0x03, 0x6b, 0x7a, 0x0b, 0x37 };
 
 unsigned char rs[32];
 
 int main(void)
 {
-  int i;
-  crypto_stream_xsalsa20(rs,32,nonce,firstkey);
-  for (i = 0;i < 32;++i) {
-    printf(",0x%02x",(unsigned int) rs[i]);
-    if (i % 8 == 7) printf("\n");
-  }
-  return 0;
+    int i;
+
+    crypto_stream(rs, 32, nonce, firstkey);
+
+    for (i = 0; i < 32; ++i) {
+        printf(",0x%02x", (unsigned int)rs[i]);
+        if (i % 8 == 7)
+            printf("\n");
+    }
+    return 0;
 }
diff --git a/test/default/stream3.exp b/test/default/stream3.exp
new file mode 100644
index 0000000..9cd7879
--- /dev/null
+++ b/test/default/stream3.exp
@@ -0,0 +1,4 @@
+,0xee,0xa6,0xa7,0x25,0x1c,0x1e,0x72,0x91
+,0x6d,0x11,0xc2,0xcb,0x21,0x4d,0x3c,0x25
+,0x25,0x39,0x12,0x1d,0x8e,0x23,0x4e,0x65
+,0x2d,0x65,0x1f,0xa4,0xc8,0xcf,0xf8,0x80
diff --git a/test/default/stream4.c b/test/default/stream4.c
index 91c724f..37d8203 100644
--- a/test/default/stream4.c
+++ b/test/default/stream4.c
@@ -1,55 +1,46 @@
-#include <stdio.h>
 
 #define TEST_NAME "stream4"
 #include "cmptest.h"
 
-unsigned char firstkey[32] = {
- 0x1b,0x27,0x55,0x64,0x73,0xe9,0x85,0xd4
-,0x62,0xcd,0x51,0x19,0x7a,0x9a,0x46,0xc7
-,0x60,0x09,0x54,0x9e,0xac,0x64,0x74,0xf2
-,0x06,0xc4,0xee,0x08,0x44,0xf6,0x83,0x89
-} ;
-
-unsigned char nonce[24] = {
- 0x69,0x69,0x6e,0xe9,0x55,0xb6,0x2b,0x73
-,0xcd,0x62,0xbd,0xa8,0x75,0xfc,0x73,0xd6
-,0x82,0x19,0xe0,0x03,0x6b,0x7a,0x0b,0x37
-} ;
-
-unsigned char m[163] = {
-    0,   0,   0,   0,   0,   0,   0,   0
-,   0,   0,   0,   0,   0,   0,   0,   0
-,   0,   0,   0,   0,   0,   0,   0,   0
-,   0,   0,   0,   0,   0,   0,   0,   0
-,0xbe,0x07,0x5f,0xc5,0x3c,0x81,0xf2,0xd5
-,0xcf,0x14,0x13,0x16,0xeb,0xeb,0x0c,0x7b
-,0x52,0x28,0xc5,0x2a,0x4c,0x62,0xcb,0xd4
-,0x4b,0x66,0x84,0x9b,0x64,0x24,0x4f,0xfc
-,0xe5,0xec,0xba,0xaf,0x33,0xbd,0x75,0x1a
-,0x1a,0xc7,0x28,0xd4,0x5e,0x6c,0x61,0x29
-,0x6c,0xdc,0x3c,0x01,0x23,0x35,0x61,0xf4
-,0x1d,0xb6,0x6c,0xce,0x31,0x4a,0xdb,0x31
-,0x0e,0x3b,0xe8,0x25,0x0c,0x46,0xf0,0x6d
-,0xce,0xea,0x3a,0x7f,0xa1,0x34,0x80,0x57
-,0xe2,0xf6,0x55,0x6a,0xd6,0xb1,0x31,0x8a
-,0x02,0x4a,0x83,0x8f,0x21,0xaf,0x1f,0xde
-,0x04,0x89,0x77,0xeb,0x48,0xf5,0x9f,0xfd
-,0x49,0x24,0xca,0x1c,0x60,0x90,0x2e,0x52
-,0xf0,0xa0,0x89,0xbc,0x76,0x89,0x70,0x40
-,0xe0,0x82,0xf9,0x37,0x76,0x38,0x48,0x64
-,0x5e,0x07,0x05
-} ;
+unsigned char firstkey[32]
+    = { 0x1b, 0x27, 0x55, 0x64, 0x73, 0xe9, 0x85, 0xd4, 0x62, 0xcd, 0x51,
+        0x19, 0x7a, 0x9a, 0x46, 0xc7, 0x60, 0x09, 0x54, 0x9e, 0xac, 0x64,
+        0x74, 0xf2, 0x06, 0xc4, 0xee, 0x08, 0x44, 0xf6, 0x83, 0x89 };
+
+unsigned char nonce[24] = { 0x69, 0x69, 0x6e, 0xe9, 0x55, 0xb6, 0x2b, 0x73,
+                            0xcd, 0x62, 0xbd, 0xa8, 0x75, 0xfc, 0x73, 0xd6,
+                            0x82, 0x19, 0xe0, 0x03, 0x6b, 0x7a, 0x0b, 0x37 };
+
+unsigned char m[163]
+    = { 0,    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+        0,    0,    0,    0,    0,    0,    0,    0,    0xbe, 0x07, 0x5f, 0xc5,
+        0x3c, 0x81, 0xf2, 0xd5, 0xcf, 0x14, 0x13, 0x16, 0xeb, 0xeb, 0x0c, 0x7b,
+        0x52, 0x28, 0xc5, 0x2a, 0x4c, 0x62, 0xcb, 0xd4, 0x4b, 0x66, 0x84, 0x9b,
+        0x64, 0x24, 0x4f, 0xfc, 0xe5, 0xec, 0xba, 0xaf, 0x33, 0xbd, 0x75, 0x1a,
+        0x1a, 0xc7, 0x28, 0xd4, 0x5e, 0x6c, 0x61, 0x29, 0x6c, 0xdc, 0x3c, 0x01,
+        0x23, 0x35, 0x61, 0xf4, 0x1d, 0xb6, 0x6c, 0xce, 0x31, 0x4a, 0xdb, 0x31,
+        0x0e, 0x3b, 0xe8, 0x25, 0x0c, 0x46, 0xf0, 0x6d, 0xce, 0xea, 0x3a, 0x7f,
+        0xa1, 0x34, 0x80, 0x57, 0xe2, 0xf6, 0x55, 0x6a, 0xd6, 0xb1, 0x31, 0x8a,
+        0x02, 0x4a, 0x83, 0x8f, 0x21, 0xaf, 0x1f, 0xde, 0x04, 0x89, 0x77, 0xeb,
+        0x48, 0xf5, 0x9f, 0xfd, 0x49, 0x24, 0xca, 0x1c, 0x60, 0x90, 0x2e, 0x52,
+        0xf0, 0xa0, 0x89, 0xbc, 0x76, 0x89, 0x70, 0x40, 0xe0, 0x82, 0xf9, 0x37,
+        0x76, 0x38, 0x48, 0x64, 0x5e, 0x07, 0x05 };
 
 unsigned char c[163];
 
 int main(void)
 {
-  int i;
-  crypto_stream_xsalsa20_xor(c,m,163,nonce,firstkey);
-  for (i = 32;i < 163;++i) {
-    printf(",0x%02x",(unsigned int) c[i]);
-    if (i % 8 == 7) printf("\n");
-  }
-  printf("\n");
-  return 0;
+    int i;
+
+    crypto_stream_xor(c, m, 163, nonce, firstkey);
+
+    for (i = 32; i < 163; ++i) {
+        printf(",0x%02x", (unsigned int)c[i]);
+        if (i % 8 == 7)
+            printf("\n");
+    }
+    printf("\n");
+
+    return 0;
 }
diff --git a/test/default/stream4.exp b/test/default/stream4.exp
new file mode 100644
index 0000000..0d3d8e9
--- /dev/null
+++ b/test/default/stream4.exp
@@ -0,0 +1,17 @@
+,0x8e,0x99,0x3b,0x9f,0x48,0x68,0x12,0x73
+,0xc2,0x96,0x50,0xba,0x32,0xfc,0x76,0xce
+,0x48,0x33,0x2e,0xa7,0x16,0x4d,0x96,0xa4
+,0x47,0x6f,0xb8,0xc5,0x31,0xa1,0x18,0x6a
+,0xc0,0xdf,0xc1,0x7c,0x98,0xdc,0xe8,0x7b
+,0x4d,0xa7,0xf0,0x11,0xec,0x48,0xc9,0x72
+,0x71,0xd2,0xc2,0x0f,0x9b,0x92,0x8f,0xe2
+,0x27,0x0d,0x6f,0xb8,0x63,0xd5,0x17,0x38
+,0xb4,0x8e,0xee,0xe3,0x14,0xa7,0xcc,0x8a
+,0xb9,0x32,0x16,0x45,0x48,0xe5,0x26,0xae
+,0x90,0x22,0x43,0x68,0x51,0x7a,0xcf,0xea
+,0xbd,0x6b,0xb3,0x73,0x2b,0xc0,0xe9,0xda
+,0x99,0x83,0x2b,0x61,0xca,0x01,0xb6,0xde
+,0x56,0x24,0x4a,0x9e,0x88,0xd5,0xf9,0xb3
+,0x79,0x73,0xf6,0x22,0xa4,0x3d,0x14,0xa6
+,0x59,0x9b,0x1f,0x65,0x4c,0xb4,0x5a,0x74
+,0xe3,0x55,0xa5
diff --git a/test/default/stream5.c b/test/default/stream5.c
deleted file mode 100644
index 58aa36f..0000000
--- a/test/default/stream5.c
+++ /dev/null
@@ -1,29 +0,0 @@
-#include <stdio.h>
-
-#define TEST_NAME "stream5"
-#include "cmptest.h"
-
-unsigned char firstkey[32] = {
- 0x1b,0x27,0x55,0x64,0x73,0xe9,0x85,0xd4
-,0x62,0xcd,0x51,0x19,0x7a,0x9a,0x46,0xc7
-,0x60,0x09,0x54,0x9e,0xac,0x64,0x74,0xf2
-,0x06,0xc4,0xee,0x08,0x44,0xf6,0x83,0x89
-} ;
-
-unsigned char nonce[16] = {
- 0x69,0x69,0x6e,0xe9,0x55,0xb6,0x2b,0x73
-,0xcd,0x62,0xbd,0xa8,0x75,0xfc,0x73,0xd6
-} ;
-
-unsigned char output[4194304];
-
-unsigned char h[32];
-
-int main(void)
-{
-  int i;
-  crypto_stream_aes256estream(output,4194304,nonce,firstkey);
-  crypto_hash_sha256(h,output,sizeof output);
-  for (i = 0;i < 32;++i) printf("%02x",h[i]); printf("\n");
-  return 0;
-}
diff --git a/test/default/stream6.c b/test/default/stream6.c
deleted file mode 100644
index 668389f..0000000
--- a/test/default/stream6.c
+++ /dev/null
@@ -1,54 +0,0 @@
-#include <stdio.h>
-
-#define TEST_NAME "stream6"
-#include "cmptest.h"
-
-unsigned char firstkey[32] = {
- 0x1b,0x27,0x55,0x64,0x73,0xe9,0x85,0xd4
-,0x62,0xcd,0x51,0x19,0x7a,0x9a,0x46,0xc7
-,0x60,0x09,0x54,0x9e,0xac,0x64,0x74,0xf2
-,0x06,0xc4,0xee,0x08,0x44,0xf6,0x83,0x89
-} ;
-
-unsigned char nonce[16] = {
- 0x69,0x69,0x6e,0xe9,0x55,0xb6,0x2b,0x73
-,0xcd,0x62,0xbd,0xa8,0x75,0xfc,0x73,0xd6
-} ;
-
-unsigned char m[163] = {
-    0,   0,   0,   0,   0,   0,   0,   0
-,   0,   0,   0,   0,   0,   0,   0,   0
-,   0,   0,   0,   0,   0,   0,   0,   0
-,   0,   0,   0,   0,   0,   0,   0,   0
-,0xbe,0x07,0x5f,0xc5,0x3c,0x81,0xf2,0xd5
-,0xcf,0x14,0x13,0x16,0xeb,0xeb,0x0c,0x7b
-,0x52,0x28,0xc5,0x2a,0x4c,0x62,0xcb,0xd4
-,0x4b,0x66,0x84,0x9b,0x64,0x24,0x4f,0xfc
-,0xe5,0xec,0xba,0xaf,0x33,0xbd,0x75,0x1a
-,0x1a,0xc7,0x28,0xd4,0x5e,0x6c,0x61,0x29
-,0x6c,0xdc,0x3c,0x01,0x23,0x35,0x61,0xf4
-,0x1d,0xb6,0x6c,0xce,0x31,0x4a,0xdb,0x31
-,0x0e,0x3b,0xe8,0x25,0x0c,0x46,0xf0,0x6d
-,0xce,0xea,0x3a,0x7f,0xa1,0x34,0x80,0x57
-,0xe2,0xf6,0x55,0x6a,0xd6,0xb1,0x31,0x8a
-,0x02,0x4a,0x83,0x8f,0x21,0xaf,0x1f,0xde
-,0x04,0x89,0x77,0xeb,0x48,0xf5,0x9f,0xfd
-,0x49,0x24,0xca,0x1c,0x60,0x90,0x2e,0x52
-,0xf0,0xa0,0x89,0xbc,0x76,0x89,0x70,0x40
-,0xe0,0x82,0xf9,0x37,0x76,0x38,0x48,0x64
-,0x5e,0x07,0x05
-} ;
-
-unsigned char c[163];
-
-int main(void)
-{
-  int i;
-  crypto_stream_aes256estream_xor(c,m,163,nonce,firstkey);
-  for (i = 32;i < 163;++i) {
-    printf(",0x%02x",(unsigned int) c[i]);
-    if (i % 8 == 7) printf("\n");
-  }
-  printf("\n");
-  return 0;
-}
diff --git a/test/default/verify1.c b/test/default/verify1.c
index def6421..d3f7e17 100644
--- a/test/default/verify1.c
+++ b/test/default/verify1.c
@@ -1,5 +1,3 @@
-#include <stdio.h>
-#include <string.h>
 
 #define TEST_NAME "verify1"
 #include "cmptest.h"
@@ -10,25 +8,29 @@ unsigned char v64[64], v64x[64];
 
 int main(void)
 {
-  randombytes_buf(v16, sizeof v16);
-  randombytes_buf(v32, sizeof v32);
-  randombytes_buf(v64, sizeof v64);
+    randombytes_buf(v16, sizeof v16);
+    randombytes_buf(v32, sizeof v32);
+    randombytes_buf(v64, sizeof v64);
 
-  memcpy(v16x, v16, sizeof v16);
-  memcpy(v32x, v32, sizeof v32);
-  memcpy(v64x, v64, sizeof v64);
+    memcpy(v16x, v16, sizeof v16);
+    memcpy(v32x, v32, sizeof v32);
+    memcpy(v64x, v64, sizeof v64);
 
-  printf("%d\n", crypto_verify_16(v16, v16x));
-  printf("%d\n", crypto_verify_32(v32, v32x));
-  printf("%d\n", crypto_verify_64(v64, v64x));
+    printf("%d\n", crypto_verify_16(v16, v16x));
+    printf("%d\n", crypto_verify_32(v32, v32x));
+    printf("%d\n", crypto_verify_64(v64, v64x));
 
-  v16x[randombytes_random() & 15U]++;
-  v32x[randombytes_random() & 31U]++;
-  v64x[randombytes_random() & 63U]++;
+    v16x[randombytes_random() & 15U]++;
+    v32x[randombytes_random() & 31U]++;
+    v64x[randombytes_random() & 63U]++;
 
-  printf("%d\n", crypto_verify_16(v16, v16x));
-  printf("%d\n", crypto_verify_32(v32, v32x));
-  printf("%d\n", crypto_verify_64(v64, v64x));
+    printf("%d\n", crypto_verify_16(v16, v16x));
+    printf("%d\n", crypto_verify_32(v32, v32x));
+    printf("%d\n", crypto_verify_64(v64, v64x));
 
-  return 0;
+    assert(crypto_verify_16_bytes() == 16U);
+    assert(crypto_verify_32_bytes() == 32U);
+    assert(crypto_verify_64_bytes() == 64U);
+
+    return 0;
 }
diff --git a/test/default/verify1.exp b/test/default/verify1.exp
new file mode 100644
index 0000000..2b84500
--- /dev/null
+++ b/test/default/verify1.exp
@@ -0,0 +1,6 @@
+0
+0
+0
+-1
+-1
+-1
author	Micah Anderson <micah@riseup.net>	2014-11-11 11:18:18 -0500
committer	Micah Anderson <micah@riseup.net>	2014-11-11 11:18:18 -0500
commit	c73b6c9ba513fea3e18b696e659049df69931171 (patch)
tree	a001cd6acbecead76b9a55f324278e8d077fe3d5
parent	eabdc6e3d62550679476899dd861c23b63937142 (diff)