8 files changed, 85 insertions, 82 deletions
diff --git a/src/libsodium/include/Makefile.am b/src/libsodium/include/Makefile.am
index 45a82d7..894c371 100644
--- a/src/libsodium/include/Makefile.am
+++ b/src/libsodium/include/Makefile.am
@@ -32,7 +32,6 @@ SODIUM_EXPORT = \
 	sodium/crypto_sign_edwards25519sha512batch.h \
 	sodium/crypto_stream.h \
 	sodium/crypto_stream_aes128ctr.h \
-	sodium/crypto_stream_aes256estream.h \
 	sodium/crypto_stream_chacha20.h \
 	sodium/crypto_stream_salsa20.h \
 	sodium/crypto_stream_salsa2012.h \
diff --git a/src/libsodium/include/sodium.h b/src/libsodium/include/sodium.h
index dcb6b45..4a57108 100644
--- a/src/libsodium/include/sodium.h
+++ b/src/libsodium/include/sodium.h
@@ -32,7 +32,6 @@
 #include <sodium/crypto_sign_ed25519.h>
 #include <sodium/crypto_stream.h>
 #include <sodium/crypto_stream_aes128ctr.h>
-#include <sodium/crypto_stream_aes256estream.h>
 #include <sodium/crypto_stream_chacha20.h>
 #include <sodium/crypto_stream_salsa20.h>
 #include <sodium/crypto_stream_salsa2012.h>
diff --git a/src/libsodium/include/sodium/crypto_onetimeauth_poly1305.h b/src/libsodium/include/sodium/crypto_onetimeauth_poly1305.h
index 54f4a73..fb6eb49 100644
--- a/src/libsodium/include/sodium/crypto_onetimeauth_poly1305.h
+++ b/src/libsodium/include/sodium/crypto_onetimeauth_poly1305.h
@@ -54,9 +54,8 @@ const char *crypto_onetimeauth_poly1305_implementation_name(void);
 SODIUM_EXPORT
 int crypto_onetimeauth_poly1305_set_implementation(crypto_onetimeauth_poly1305_implementation *impl);
 
-SODIUM_EXPORT
 crypto_onetimeauth_poly1305_implementation *
-        crypto_onetimeauth_pick_best_implementation(void);
+crypto_onetimeauth_pick_best_implementation(void);
 
 SODIUM_EXPORT
 int crypto_onetimeauth_poly1305(unsigned char *out,
diff --git a/src/libsodium/include/sodium/crypto_pwhash_scryptsalsa208sha256.h b/src/libsodium/include/sodium/crypto_pwhash_scryptsalsa208sha256.h
index 7de8395..a83233b 100644
--- a/src/libsodium/include/sodium/crypto_pwhash_scryptsalsa208sha256.h
+++ b/src/libsodium/include/sodium/crypto_pwhash_scryptsalsa208sha256.h
@@ -2,6 +2,7 @@
 #define crypto_pwhash_scryptsalsa208sha256_H
 
 #include <stddef.h>
+#include <stdint.h>
 
 #include "export.h"
 
@@ -20,6 +21,10 @@ size_t crypto_pwhash_scryptsalsa208sha256_saltbytes(void);
 SODIUM_EXPORT
 size_t crypto_pwhash_scryptsalsa208sha256_strbytes(void);
 
+#define crypto_pwhash_scryptsalsa208sha256_STRPREFIX "$7$"
+SODIUM_EXPORT
+const char *crypto_pwhash_scryptsalsa208sha256_strprefix(void);
+
 #define crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_INTERACTIVE 524288ULL
 SODIUM_EXPORT
 size_t crypto_pwhash_scryptsalsa208sha256_opslimit_interactive(void);
diff --git a/src/libsodium/include/sodium/crypto_sign_ed25519.h b/src/libsodium/include/sodium/crypto_sign_ed25519.h
index 101b6c9..0194c39 100644
--- a/src/libsodium/include/sodium/crypto_sign_ed25519.h
+++ b/src/libsodium/include/sodium/crypto_sign_ed25519.h
@@ -57,6 +57,21 @@ SODIUM_EXPORT
 int crypto_sign_ed25519_seed_keypair(unsigned char *pk, unsigned char *sk,
                                      const unsigned char *seed);
 
+SODIUM_EXPORT
+int crypto_sign_ed25519_pk_to_curve25519(unsigned char *curve25519_pk,
+                                         const unsigned char *ed25519_pk);
+
+SODIUM_EXPORT
+int crypto_sign_ed25519_sk_to_curve25519(unsigned char *curve25519_sk,
+                                         const unsigned char *ed25519_sk);
+
+SODIUM_EXPORT
+int crypto_sign_ed25519_sk_to_seed(unsigned char *seed,
+                                   const unsigned char *sk);
+
+SODIUM_EXPORT
+int crypto_sign_ed25519_sk_to_pk(unsigned char *pk, const unsigned char *sk);
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/src/libsodium/include/sodium/crypto_stream_aes256estream.h b/src/libsodium/include/sodium/crypto_stream_aes256estream.h
deleted file mode 100644
index d497834..0000000
--- a/src/libsodium/include/sodium/crypto_stream_aes256estream.h
+++ /dev/null
@@ -1,67 +0,0 @@
-#ifndef crypto_stream_aes256estream_H
-#define crypto_stream_aes256estream_H
-
-/*
- * WARNING: This is just a stream cipher. It is NOT authenticated encryption.
- * While it provides some protection against eavesdropping, it does NOT
- * provide any security against active attacks.
- * Furthermore, this implementation was not part of NaCl.
- * 
- * If you are looking for a stream cipher, you might consider
- * crypto_stream_aes128ctr, crypto_stream_chacha20 or crypto_stream_(x)salsa20
- * which are timing-attack resistant.
- * 
- * But unless you know what you're doing, what you are looking for is probably
- * the crypto_box or crypto_secretbox functions.
- */
-
-#include <stddef.h>
-#include "export.h"
-
-#ifdef __cplusplus
-# if __GNUC__
-#  pragma GCC diagnostic ignored "-Wlong-long"
-# endif
-extern "C" {
-#endif
-
-#define crypto_stream_aes256estream_KEYBYTES 32U
-SODIUM_EXPORT
-size_t crypto_stream_aes256estream_keybytes(void);
-
-#define crypto_stream_aes256estream_NONCEBYTES 16U
-SODIUM_EXPORT
-size_t crypto_stream_aes256estream_noncebytes(void);
-
-#define crypto_stream_aes256estream_BEFORENMBYTES 276U
-SODIUM_EXPORT
-size_t crypto_stream_aes256estream_beforenmbytes(void);
-
-SODIUM_EXPORT
-int crypto_stream_aes256estream(unsigned char *out, unsigned long long len,
-                                const unsigned char *nonce, const unsigned char *c);
-
-SODIUM_EXPORT
-int crypto_stream_aes256estream_xor(unsigned char *out, const unsigned char *in,
-                                    unsigned long long inlen, const unsigned char *n,
-                                    const unsigned char *k);
-
-SODIUM_EXPORT
-int crypto_stream_aes256estream_beforenm(unsigned char *c, const unsigned char *k);
-
-SODIUM_EXPORT
-int crypto_stream_aes256estream_afternm(unsigned char *out, unsigned long long len,
-                                        const unsigned char *nonce,
-                                        const unsigned char *c);
-
-SODIUM_EXPORT
-int crypto_stream_aes256estream_xor_afternm(unsigned char *out, const unsigned char *in,
-                                            unsigned long long len,
-                                            const unsigned char *nonce,
-                                            const unsigned char *c);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
diff --git a/src/libsodium/include/sodium/randombytes.h b/src/libsodium/include/sodium/randombytes.h
index c5175b2..4d07cd5 100644
--- a/src/libsodium/include/sodium/randombytes.h
+++ b/src/libsodium/include/sodium/randombytes.h
@@ -26,28 +26,30 @@ typedef struct randombytes_implementation {
 } randombytes_implementation;
 
 SODIUM_EXPORT
-int randombytes_set_implementation(randombytes_implementation *impl);
+void randombytes_buf(void * const buf, const size_t size);
 
 SODIUM_EXPORT
-void randombytes(unsigned char * const buf, const unsigned long long buf_len);
+uint32_t randombytes_random(void);
 
 SODIUM_EXPORT
-const char *randombytes_implementation_name(void);
+uint32_t randombytes_uniform(const uint32_t upper_bound);
 
 SODIUM_EXPORT
-uint32_t randombytes_random(void);
+void randombytes_stir(void);
 
 SODIUM_EXPORT
-void randombytes_stir(void);
+int randombytes_close(void);
 
 SODIUM_EXPORT
-uint32_t randombytes_uniform(const uint32_t upper_bound);
+int randombytes_set_implementation(randombytes_implementation *impl);
 
 SODIUM_EXPORT
-void randombytes_buf(void * const buf, const size_t size);
+const char *randombytes_implementation_name(void);
+
+/* -- Compatibility layer with NaCl -- */
 
 SODIUM_EXPORT
-int randombytes_close(void);
+void randombytes(unsigned char * const buf, const unsigned long long buf_len);
 
 #ifdef __cplusplus
 }
diff --git a/src/libsodium/include/sodium/utils.h b/src/libsodium/include/sodium/utils.h
index 817919b..1ac78eb 100644
--- a/src/libsodium/include/sodium/utils.h
+++ b/src/libsodium/include/sodium/utils.h
@@ -16,12 +16,14 @@ extern "C" {
 # define _SODIUM_C99(X) X
 #endif
 
-unsigned char *_sodium_alignedcalloc(unsigned char ** const unaligned_p,
-                                     const size_t len);
-
 SODIUM_EXPORT
 void sodium_memzero(void * const pnt, const size_t len);
 
+/* WARNING: sodium_memcmp() must be used to verify if two secret keys
+ * are equal, in constant time.
+ * It returns 0 if the keys are equal, and -1 if they differ.
+ * This function is not designed for lexicographical comparisons.
+ */
 SODIUM_EXPORT
 int sodium_memcmp(const void * const b1_, const void * const b2_, size_t len);
 
@@ -41,6 +43,55 @@ int sodium_mlock(void * const addr, const size_t len);
 SODIUM_EXPORT
 int sodium_munlock(void * const addr, const size_t len);
 
+/* WARNING: sodium_malloc() and sodium_allocarray() are not general-purpose
+ * allocation functions.
+ *
+ * They return a pointer to a region filled with 0xd0 bytes, immediately
+ * followed by a guard page.
+ * As a result, accessing a single byte after the requested allocation size
+ * will intentionally trigger a segmentation fault.
+ *
+ * A canary and an additional guard page placed before the beginning of the
+ * region may also kill the process if a buffer underflow is detected.
+ *
+ * The memory layout is:
+ * [unprotected region size (read only)][guard page (no access)][unprotected pages (read/write)][guard page (no access)]
+ * With the layout of the unprotected pages being:
+ * [optional padding][16-bytes canary][user region]
+ *
+ * However:
+ * - These functions are significantly slower than standard functions
+ * - Each allocation requires 3 or 4 additional pages
+ * - The returned address will not be aligned if the allocation size is not
+ *   a multiple of the required alignment. For this reason, these functions
+ *   are designed to store data, such as secret keys and messages.
+ *   They should not be used to store pointers mixed with other types
+ *   in portable code unless extreme care is taken to ensure correct
+ *   pointers alignment.
+ */
+
+SODIUM_EXPORT
+void *sodium_malloc(const size_t size);
+
+SODIUM_EXPORT
+void *sodium_allocarray(size_t count, size_t size);
+
+SODIUM_EXPORT
+void sodium_free(void *ptr);
+
+SODIUM_EXPORT
+int sodium_mprotect_noaccess(void *ptr);
+
+SODIUM_EXPORT
+int sodium_mprotect_readonly(void *ptr);
+
+SODIUM_EXPORT
+int sodium_mprotect_readwrite(void *ptr);
+
+/* -------- */
+
+int _sodium_alloc_init(void);
+
 #ifdef __cplusplus
 }
 #endif