cleanup: Remove NaCl support.

We now depend on libsodium unconditionally. Future work will require functions from libsodium, and nobody we're aware of uses the nacl build for anything other than making sure it still works on CI.
2024-03-22 13:30:51 +08:00 · 2023-12-25 00:28:36 +00:00 · 2023-12-25 00:28:36 +00:00 · 895a6af122
commit 895a6af122
parent 41dfb1c1c0
41 changed files with 131 additions and 405 deletions
--- a/.github/scripts/autotools-linux
+++ b/.github/scripts/autotools-linux
@ -11,10 +11,7 @@ add_ld_flag -Wl,-z,defs
 # Make compilation error on a warning
 add_flag -Werror
 add_config_flag --with-nacl-libs="$CACHEDIR/lib/amd64"
 add_config_flag --with-nacl-headers="$CACHEDIR/include/amd64"
 add_config_flag --disable-ipv6
 add_config_flag --enable-nacl
 add_config_flag --enable-daemon
 add_config_flag --with-log-level=TRACE
--- a/.github/settings.yml
+++ b/.github/settings.yml
@ -16,9 +16,9 @@ branches:
          - "bazel-opt"
          - "build-alpine-s390x"
          - "build-android"
          - "build-autotools"
          - "build-compcert"
          - "build-macos"
          - "build-nacl"
          - "build-tcc"
          - "build-win32"
          - "build-win64"
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -60,7 +60,7 @@ jobs:
        with:
          file: other/docker/misra/Dockerfile
-  build-nacl:
+  build-autotools:
    runs-on: ubuntu-latest
    steps:
      - name: Set up Docker Buildx
--- a/INSTALL.md
+++ b/INSTALL.md
@ -32,14 +32,14 @@ These instructions will guide you through the process of building and installing
 This repository, although called `toxcore`, in fact contains several libraries besides `toxcore` which complement it, as well as several executables. However, note that although these are separate libraries, at the moment, when building the libraries, they are all merged into a single `toxcore` library. Here is the full list of the main components that can be built using the CMake, their dependencies and descriptions.
-| Name             | Type       | Dependencies                                  | Platform       | Description                                                                |
+| Name             | Type       | Dependencies                       | Platform       | Description                                                                |
-|------------------|------------|-----------------------------------------------|----------------|----------------------------------------------------------------------------|
+|------------------|------------|------------------------------------|----------------|----------------------------------------------------------------------------|
-| `toxcore`        | Library    | libnacl or libsodium, libm, libpthread, librt | Cross-platform | The main Tox library that provides the messenger functionality.            |
+| `toxcore`        | Library    | libsodium, libm, libpthread, librt | Cross-platform | The main Tox library that provides the messenger functionality.            |
-| `toxav`          | Library    | libtoxcore, libopus, libvpx                   | Cross-platform | Provides audio/video functionality.                                        |
+| `toxav`          | Library    | libtoxcore, libopus, libvpx        | Cross-platform | Provides audio/video functionality.                                        |
-| `toxencryptsave` | Library    | libtoxcore, libnacl or libsodium              | Cross-platform | Provides encryption of Tox profiles (savedata), as well as arbitrary data. |
+| `toxencryptsave` | Library    | libtoxcore, libsodium              | Cross-platform | Provides encryption of Tox profiles (savedata), as well as arbitrary data. |
-| `DHT_bootstrap`  | Executable | libtoxcore                                    | Cross-platform | A simple DHT bootstrap node.                                               |
+| `DHT_bootstrap`  | Executable | libtoxcore                         | Cross-platform | A simple DHT bootstrap node.                                               |
-| `tox-bootstrapd` | Executable | libtoxcore, libconfig                         | Unix-like      | Highly configurable DHT bootstrap node daemon (systemd, SysVinit, Docker). |
+| `tox-bootstrapd` | Executable | libtoxcore, libconfig              | Unix-like      | Highly configurable DHT bootstrap node daemon (systemd, SysVinit, Docker). |
-| `cmp`            | Library    |                                               | Cross-platform | C implementation of the MessagePack serialization format. [https://github.com/camgunz/cmp](https://github.com/camgunz/cmp) |
+| `cmp`            | Library    |                                    | Cross-platform | C implementation of the MessagePack serialization format. [https://github.com/camgunz/cmp](https://github.com/camgunz/cmp) |
 #### Secondary
@ -83,7 +83,7 @@ Useful for generating Tox profiles from the output of the vanity key generators,
 Library dependencies are listed in the [components](#components) table. The dependencies need to be satisfied for the components to be built. Note that if you don't have a dependency for some component, e.g. you don't have `libopus` installed required for building `toxav` component, building of that component is silently disabled.
-Be advised that due to the addition of `cmp` as a submodule, you now also need to initialize the git submodules required by toxcore. This can be done by cloning the repo with the addition of `--recurse-submodules` or by running `git submodule update --init` in the root directory of the repo. 
+Be advised that due to the addition of `cmp` as a submodule, you now also need to initialize the git submodules required by toxcore. This can be done by cloning the repo with the addition of `--recurse-submodules` or by running `git submodule update --init` in the root directory of the repo.
 #### Compiler requirements
--- a/README.md
+++ b/README.md
@ -8,7 +8,8 @@
 Tox is a peer to peer (serverless) instant messenger aimed at making security
 and privacy easy to obtain for regular users. It uses
-[NaCl](https://nacl.cr.yp.to/) for its encryption and authentication.
+[libsodium](https://doc.libsodium.org/) (based on
 [NaCl](https://nacl.cr.yp.to/)) for its encryption and authentication.
 ## IMPORTANT!
@ -18,12 +19,12 @@ This is an **experimental** cryptographic network library. It has not been
 formally audited by an independent third party that specializes in
 cryptography or cryptanalysis. **Use this library at your own risk.**
-The underlying crypto library [NaCl](https://nacl.cr.yp.to/install.html)
+The underlying crypto library [libsodium](https://doc.libsodium.org/) provides
-provides reliable encryption, but the security model has not yet been fully
+reliable encryption, but the security model has not yet been fully specified.
-specified. See [issue 210](https://github.com/TokTok/c-toxcore/issues/210) for
+See [issue 210](https://github.com/TokTok/c-toxcore/issues/210) for a
-a discussion on developing a threat model. See other issues for known
+discussion on developing a threat model. See other issues for known weaknesses
-weaknesses (e.g. [issue 426](https://github.com/TokTok/c-toxcore/issues/426)
+(e.g. [issue 426](https://github.com/TokTok/c-toxcore/issues/426) describes
-describes what can happen if your secret key is stolen).
+what can happen if your secret key is stolen).
 ## Toxcore Development Roadmap
--- a/auto_tests/Makefile.inc
+++ b/auto_tests/Makefile.inc
@ -5,7 +5,7 @@ libauto_test_support_la_SOURCES = ../auto_tests/auto_test_support.c ../auto_test
 libauto_test_support_la_LIBADD = libmisc_tools.la libtoxcore.la
 TESTS = \
-        announce_test \
+    announce_test \
 	conference_double_invite_test \
 	conference_invite_merge_test \
 	conference_peer_nick_test \
@ -13,6 +13,8 @@ TESTS = \
 	conference_test \
 	conference_two_test \
 	crypto_test \
 	encryptsave_test \
 	file_saving_test \
 	file_transfer_test \
 	forwarding_test \
 	friend_connection_test \
@ -34,34 +36,24 @@ TESTS = \
 	set_name_test \
 	set_status_message_test \
 	TCP_test \
 	tox_events_test \
 	tox_dispatch_test \
 	tox_events_test \
 	tox_many_tcp_test \
 	tox_many_test \
 	tox_strncasecmp_test \
 	typing_test \
 	version_test
 if !WITH_NACL
 TESTS += \
 	encryptsave_test \
 	file_saving_test
 endif
 AUTOTEST_CFLAGS = \
-	$(LIBSODIUM_CFLAGS) \
+	$(LIBSODIUM_CFLAGS)
 	$(NACL_CFLAGS)
 AUTOTEST_LDADD = \
 	$(LIBSODIUM_LDFLAGS) \
 	$(NACL_LDFLAGS) \
 	libmisc_tools.la \
 	libauto_test_support.la \
 	libtoxcore.la \
 	libtoxencryptsave.la \
-	$(LIBSODIUM_LIBS) \
+	$(LIBSODIUM_LIBS)
 	$(NACL_OBJECTS) \
 	$(NACL_LIBS)
 if BUILD_AV
--- a/auto_tests/encryptsave_test.c
+++ b/auto_tests/encryptsave_test.c
@ -3,7 +3,6 @@
 #include <string.h>
 #include <sys/types.h>
 #ifndef VANILLA_NACL
 #include <sodium.h>
 #include "../testing/misc_tools.h"
@ -232,9 +231,3 @@ int main(void)
    return 0;
 }
 #else  // VANILLA_NACL
 int main(void)
 {
    return 0;
 }
 #endif
--- a/auto_tests/group_general_test.c
+++ b/auto_tests/group_general_test.c
@ -259,7 +259,6 @@ static void group_peer_status_handler(Tox *tox, uint32_t groupnumber, uint32_t p
 static void group_announce_test(AutoTox *autotoxes)
 {
 #ifndef VANILLA_NACL
    ck_assert_msg(NUM_GROUP_TOXES == 2, "NUM_GROUP_TOXES needs to be 2");
    Tox *tox0 = autotoxes[0].tox;
@ -436,7 +435,6 @@ static void group_announce_test(AutoTox *autotoxes)
    ck_assert(num_groups1 == num_groups2 && num_groups2 == 0);
    printf("All tests passed!\n");
 #endif  // VANILLA_NACL
 }
 int main(void)
--- a/auto_tests/group_invite_test.c
+++ b/auto_tests/group_invite_test.c
@ -102,7 +102,6 @@ static void group_peer_join_handler(Tox *tox, uint32_t group_number, uint32_t pe
 static void group_invite_test(AutoTox *autotoxes)
 {
 #ifndef VANILLA_NACL
    ck_assert_msg(NUM_GROUP_TOXES > 7, "NUM_GROUP_TOXES is too small: %d", NUM_GROUP_TOXES);
    for (size_t i = 0; i < NUM_GROUP_TOXES; ++i) {
@ -260,8 +259,6 @@ static void group_invite_test(AutoTox *autotoxes)
    }
    printf("All tests passed!\n");
 #endif // VANILLA_NACL
 }
 int main(void)
--- a/auto_tests/group_message_test.c
+++ b/auto_tests/group_message_test.c
@ -350,7 +350,6 @@ static void group_message_handler_wraparound_test(Tox *tox, uint32_t groupnumber
 static void group_message_test(AutoTox *autotoxes)
 {
 #ifndef VANILLA_NACL
    ck_assert_msg(NUM_GROUP_TOXES >= 2, "NUM_GROUP_TOXES is too small: %d", NUM_GROUP_TOXES);
    const Random *rng = system_random();
@ -544,7 +543,6 @@ static void group_message_test(AutoTox *autotoxes)
    }
    fprintf(stderr, "All tests passed!\n");
 #endif  // VANILLA_NACL
 }
 int main(void)
--- a/auto_tests/group_moderation_test.c
+++ b/auto_tests/group_moderation_test.c
@ -432,7 +432,6 @@ static void check_voice_state(AutoTox *autotoxes, uint32_t num_toxes)
 static void group_moderation_test(AutoTox *autotoxes)
 {
 #ifndef VANILLA_NACL
    ck_assert_msg(NUM_GROUP_TOXES >= 4, "NUM_GROUP_TOXES is too small: %d", NUM_GROUP_TOXES);
    ck_assert_msg(NUM_GROUP_TOXES < 10, "NUM_GROUP_TOXES is too big: %d", NUM_GROUP_TOXES);
@ -634,7 +633,6 @@ static void group_moderation_test(AutoTox *autotoxes)
    }
    fprintf(stderr, "All tests passed!\n");
 #endif  // VANILLA_NACL
 }
 int main(void)
--- a/auto_tests/group_save_test.c
+++ b/auto_tests/group_save_test.c
@ -148,7 +148,6 @@ static int has_correct_self_state(const Tox *tox, uint32_t group_number, const u
 static void group_save_test(AutoTox *autotoxes)
 {
 #ifndef VANILLA_NACL
    ck_assert_msg(NUM_GROUP_TOXES > 1, "NUM_GROUP_TOXES is too small: %d", NUM_GROUP_TOXES);
    for (size_t i = 0; i < NUM_GROUP_TOXES; ++i) {
@ -270,8 +269,6 @@ static void group_save_test(AutoTox *autotoxes)
    tox_kill(new_tox);
    printf("All tests passed!\n");
 #endif  // VANILLA_NACL
 }
 int main(void)
--- a/auto_tests/group_state_test.c
+++ b/auto_tests/group_state_test.c
@ -238,7 +238,6 @@ static void set_group_state(Tox *tox, uint32_t groupnumber, uint32_t peer_limit,
 static void group_state_test(AutoTox *autotoxes)
 {
 #ifndef VANILLA_NACL
    ck_assert_msg(NUM_GROUP_TOXES >= 3, "NUM_GROUP_TOXES is too small: %d", NUM_GROUP_TOXES);
    for (size_t i = 0; i < NUM_GROUP_TOXES; ++i) {
@ -318,8 +317,6 @@ static void group_state_test(AutoTox *autotoxes)
    }
    fprintf(stderr, "All tests passed!\n");
 #endif /* VANILLA_NACL */
 }
 int main(void)
--- a/auto_tests/group_sync_test.c
+++ b/auto_tests/group_sync_test.c
@ -330,7 +330,6 @@ static void topic_spam(const Random *rng, AutoTox *autotoxes, uint32_t num_peers
 static void group_sync_test(AutoTox *autotoxes)
 {
 #ifndef VANILLA_NACL
    ck_assert(NUM_GROUP_TOXES >= 5);
    const Random *rng = system_random();
    ck_assert(rng != nullptr);
@ -443,8 +442,6 @@ static void group_sync_test(AutoTox *autotoxes)
    }
    fprintf(stderr, "All tests passed!\n");
 #endif  // VANILLA_NACL
 }
 int main(void)
--- a/auto_tests/group_tcp_test.c
+++ b/auto_tests/group_tcp_test.c
@ -127,7 +127,6 @@ static bool all_peers_got_code(AutoTox *autotoxes)
 static void group_tcp_test(AutoTox *autotoxes)
 {
 #ifndef VANILLA_NACL
    ck_assert(NUM_GROUP_TOXES >= 2);
    State *state0 = (State *)autotoxes[0].state;
@ -220,8 +219,6 @@ static void group_tcp_test(AutoTox *autotoxes)
    }
    printf("Test passed!\n");
 #endif // VANILLA_NACL
 }
 int main(int argc, char **argv)
--- a/auto_tests/group_topic_test.c
+++ b/auto_tests/group_topic_test.c
@ -203,7 +203,6 @@ static uint32_t set_topic_all_peers(const Random *rng, AutoTox *autotoxes, size_
 static void group_topic_test(AutoTox *autotoxes)
 {
 #ifndef VANILLA_NACL
    ck_assert_msg(NUM_GROUP_TOXES >= 3, "NUM_GROUP_TOXES is too small: %d", NUM_GROUP_TOXES);
    const Random *rng = system_random();
@ -318,8 +317,6 @@ static void group_topic_test(AutoTox *autotoxes)
    }
    fprintf(stderr, "All tests passed!\n");
 #endif /* VANILLA_NACL */
 }
 int main(void)
--- a/configure.ac
+++ b/configure.ac
@ -22,8 +22,6 @@ BUILD_AV="yes"
 BUILD_TESTING="yes"
 LIBCONFIG_FOUND="no"
 WANT_NACL="no"
 ADD_NACL_OBJECTS_TO_PKGCONFIG="yes"
 SET_SO_VERSION="yes"
 AC_ARG_ENABLE([soname-versions],
@ -38,26 +36,11 @@ AC_ARG_ENABLE([soname-versions],
 )
 AM_CONDITIONAL(SET_SO_VERSION, test "x$SET_SO_VERSION" = "xyes")
 AC_ARG_ENABLE([nacl],
    [AC_HELP_STRING([--enable-nacl], [use nacl instead of libsodium (default: disabled)]) ],
    [
        if test "x$enableval" = "xno"; then
            WANT_NACL="no"
        elif test "x$enableval" = "xyes"; then
            WANT_NACL="yes"
        fi
    ]
 )
 AC_ARG_ENABLE([randombytes-stir],
    [AC_HELP_STRING([--enable-randombytes-stir], [use randombytes_stir() instead of sodium_init() for faster startup on android (default: disabled)]) ],
    [
        if test "x$enableval" = "xyes"; then
-            if test "x$WANT_NACL" = "xyes"; then
+            AC_DEFINE([USE_RANDOMBYTES_STIR], [1], [randombytes_stir() instead of sodium_init()])
                AC_MSG_WARN([randombytes_stir() is not available with NaCl library])
            else
                AC_DEFINE([USE_RANDOMBYTES_STIR], [1], [randombytes_stir() instead of sodium_init()])
            fi
        fi
    ]
 )
@ -187,8 +170,6 @@ fi
 DEPSEARCH=
 LIBSODIUM_SEARCH_HEADERS=
 LIBSODIUM_SEARCH_LIBS=
 NACL_SEARCH_HEADERS=
 NACL_SEARCH_LIBS=
 AC_ARG_WITH(dependency-search,
    AC_HELP_STRING([--with-dependency-search=DIR],
@ -206,24 +187,6 @@ if test -n "$DEPSEARCH"; then
    export PKG_CONFIG_PATH=$PKG_CONFIG_PATH:$DEPSEARCH/lib/pkgconfig
 fi
 AC_ARG_WITH(nacl-headers,
        AC_HELP_STRING([--with-nacl-headers=DIR],
                       [search for nacl<F2> header files in DIR]),
        [
            NACL_SEARCH_HEADERS="$withval"
            AC_MSG_NOTICE([will search for nacl header files in $withval])
        ]
 )
 AC_ARG_WITH(nacl-libs,
        AC_HELP_STRING([--with-nacl-libs=DIR],
                       [search for nacl libraries in DIR]),
        [
            NACL_SEARCH_LIBS="$withval"
            AC_MSG_NOTICE([will search for nacl libraries in $withval])
        ]
 )
 AC_ARG_WITH(libsodium-headers,
        AC_HELP_STRING([--with-libsodium-headers=DIR],
                       [search for libsodium header files in DIR]),
@ -242,11 +205,6 @@ AC_ARG_WITH(libsodium-libs,
        ]
 )
 if test "x$WANT_NACL" = "xyes"; then
    enable_shared=no
    enable_static=yes
 fi
 # Checks for programs.
 AC_PROG_CC_C99
@ -277,7 +235,6 @@ case $host_os in
        LDFLAGS="$LDFLAGS -L/usr/local/lib"
        CFLAGS="$CFLAGS -I/usr/local/include"
        CPPFLAGS="$CPPFLAGS -I/usr/local/include"
        ADD_NACL_OBJECTS_TO_PKGCONFIG="no"
    ;;
    darwin*)
        MACH=yes
@ -302,50 +259,7 @@ PKG_CHECK_MODULES([LIBSODIUM], [libsodium],
        LIBSODIUM_FOUND="no"
    ])
-if test "x$WANT_NACL" = "xyes"; then
+if test "x$LIBSODIUM_FOUND" = "xno"; then
    NACL_LIBS=
    NACL_LDFLAGS=
    NACL_OBJECTS=
    NACL_OBJECTS_PKGCONFIG=
    LDFLAGS_SAVE="$LDFLAGS"
    if test -n "$NACL_SEARCH_LIBS"; then
        LDFLAGS="-L$NACL_SEARCH_LIBS $LDFLAGS"
        AC_CHECK_LIB(nacl, random,
            [
                NACL_LDFLAGS="-L$NACL_SEARCH_LIBS"
                NACL_LIBS="-lnacl"
            ],
            [
                AC_MSG_ERROR([library nacl was not found in requested location $NACL_SEARCH_LIBS])
            ]
        )
    else
        AC_CHECK_LIB(nacl, random,
            [],
            [
                AC_MSG_ERROR([you enabled nacl support, but library nacl was not found on your system])
            ]
        )
    fi
    if (test -f "$NACL_SEARCH_LIBS/cpucycles.o") &&
       (test -f "$NACL_SEARCH_LIBS/randombytes.o"); then
        NACL_OBJECTS="$NACL_SEARCH_LIBS/cpucycles.o $NACL_SEARCH_LIBS/randombytes.o"
        AC_MSG_NOTICE([found extra NaCl objects: $NACL_OBJECTS])
        if test "x$ADD_NACL_OBJECTS_TO_PKGCONFIG" = "xyes"; then
            AC_MSG_NOTICE([adding extra NaCl objects to pkg-config file])
            NACL_OBJECTS_PKGCONFIG="$NACL_OBJECTS"
        fi
    else
        AC_MSG_ERROR([required NaCl object files cpucycles.o randombytes.o not found, please specify their location using the --with-nacl-libs parameter])
    fi
    LDFLAGS="$LDFLAGS_SAVE"
    AC_SUBST(NACL_LIBS)
    AC_SUBST(NACL_LDFLAGS)
    AC_SUBST(NACL_OBJECTS)
    AC_SUBST(NACL_OBJECTS_PKGCONFIG)
 elif test "x$LIBSODIUM_FOUND" = "xno"; then
    LIBSODIUM_LIBS=
    LIBSODIUM_LDFLAGS=
    LDFLAGS_SAVE="$LDFLAGS"
@ -378,34 +292,7 @@ fi
 AC_CHECK_HEADERS([arpa/inet.h fcntl.h netdb.h netinet/in.h stdint.h stdlib.h string.h sys/socket.h sys/time.h unistd.h])
-if test "x$WANT_NACL" = "xyes"; then
+if test "x$LIBSODIUM_FOUND" = "xno"; then
    NACL_CFLAGS=
    CFLAGS_SAVE="$CFLAGS"
    CPPFLAGS_SAVE="$CPPFLAGS"
    if test -n "$NACL_SEARCH_HEADERS"; then
        CFLAGS="-I$NACL_SEARCH_HEADERS $CFLAGS"
        CPPFLAGS="-I$NACL_SEARCH_HEADERS $CPPFLAGS"
        AC_CHECK_HEADER(crypto_box.h,
            [
                NACL_CFLAGS="-I$NACL_SEARCH_HEADERS"
            ],
            [
                AC_MSG_ERROR([header files for library nacl were not found in requested location $NACL_SEARCH_HEADERS])
            ]
        )
    else
        AC_CHECK_HEADER(crypto_box.h,
            [],
            [
                AC_MSG_ERROR([you enabled nacl support, but nacl header files were not found on your system])
            ]
        )
    fi
    CFLAGS="$CFLAGS_SAVE"
    CPPFLAGS="$CPPFLAGS_SAVE"
    AC_SUBST(NACL_CFLAGS)
    AC_DEFINE([VANILLA_NACL], [1], [use nacl instead of libsodium])
 elif test "x$LIBSODIUM_FOUND" = "xno"; then
    LIBSODIUM_CFLAGS=
    CFLAGS_SAVE="$CFLAGS"
    CPPFLAGS_SAVE="$CPPFLAGS"
@ -545,7 +432,6 @@ AM_CONDITIONAL(BUILD_DHT_BOOTSTRAP, test "x$BUILD_DHT_BOOTSTRAP" = "xyes")
 AM_CONDITIONAL(BUILD_TESTS, test "x$BUILD_TESTS" = "xyes")
 AM_CONDITIONAL(BUILD_AV, test "x$BUILD_AV" = "xyes")
 AM_CONDITIONAL(BUILD_TESTING, test "x$BUILD_TESTING" = "xyes")
 AM_CONDITIONAL(WITH_NACL, test "x$WANT_NACL" = "xyes")
 AM_CONDITIONAL(WIN32, test "x$WIN32" = "xyes")
 AC_CONFIG_FILES([Makefile
--- a/docs/TCP_Network.txt
+++ b/docs/TCP_Network.txt
@ -1,100 +1,100 @@
-It has come to our attention that to achieve decent market penetration Tox 
+It has come to our attention that to achieve decent market penetration Tox
-must work behind ALL internet connections, may they be behind enterprise NATs 
+must work behind ALL internet connections, may they be behind enterprise NATs
-or any other bad network conditions. 
+or any other bad network conditions.
-The people who have issues with the UDP direct connection approach seem to be a 
+The people who have issues with the UDP direct connection approach seem to be a
 small minority though it is hard to estimate how many.
-This means that routing their packets using good nodes on the network will 
+This means that routing their packets using good nodes on the network will
 probably not take a huge toll on the network and will assure that people
 can use Tox regardless of the quality of their internet connection.
 How it's going to work:
-1. Alice, a Tox client on a TCP only network generates a temporary public key 
+1. Alice, a Tox client on a TCP only network generates a temporary public key
 and connects to a bootstrap node.
-2. Using the bootstrap node she finds and connects to a couple (exact number 
+2. Using the bootstrap node she finds and connects to a couple (exact number
 to be determined later) number of random nodes that have TCP relay support.
-3. She uses the onion through the TCP relay connections to send friend requests 
+3. She uses the onion through the TCP relay connections to send friend requests
-or tell online friends which TCP nodes she is connected to and her temporary 
+or tell online friends which TCP nodes she is connected to and her temporary
 public key.
-4. Bob receives an onion packet from Alice telling him which nodes she is 
+4. Bob receives an onion packet from Alice telling him which nodes she is
-connected to. Bob connects to these nodes and establishes a routed connection 
+connected to. Bob connects to these nodes and establishes a routed connection
 with Alice using that temporary public key.
-5. That connection is used by both to transmit encrypted Messenger and A/V 
+5. That connection is used by both to transmit encrypted Messenger and A/V
 packets.
-6. If one of the nodes shuts down while it is currently routing traffic, Alice 
+6. If one of the nodes shuts down while it is currently routing traffic, Alice
 and bob just switch to one of the other nodes they are both connected to.
 Detailed implementation details:
-There are two distinct parts for TCP relays, the client part and the server 
+There are two distinct parts for TCP relays, the client part and the server
 part.
-The server acts as the actual relay. Servers must have fully forwarded TCP 
+The server acts as the actual relay. Servers must have fully forwarded TCP
-ports (NAT-PMP and uPNP can help here). The first port the server will try 
+ports (NAT-PMP and uPNP can help here). The first port the server will try
-binding to is 443 followed by port 3389 and possibly some others. Onion packets 
+binding to is 443 followed by port 3389 and possibly some others. Onion packets
 can be sent/received through the TCP servers.
 Server:
-The public/private key pair the TCP server uses is the same one he uses for the 
+The public/private key pair the TCP server uses is the same one he uses for the
-DHT. 
+DHT.
-all crypto for communication with the server uses the crypto_box() function of 
+all crypto for communication with the server uses the crypto_box() function of
-NaCl.
+libsodium.
-TCP doesn't have packets so what we will refer to as packets are sent this way: 
+TCP doesn't have packets so what we will refer to as packets are sent this way:
 [[uint16_t (length of data)][data]]
 So if you would inspect the TCP stream you would see:
-[[uint16_t (length of data)][data]][[uint16_t (length of 
+[[uint16_t (length of data)][data]][[uint16_t (length of
 data)][data]][[uint16_t (length of data)][data]]
-Note that both handshake packets don't have this format (the length for them is 
+Note that both handshake packets don't have this format (the length for them is
 always the same so we don't need to specify it.)
 When the client connects to the server, he sends this packet:
-[public key of client (32 bytes)][nonce for the encrypted data [24 
+[public key of client (32 bytes)][nonce for the encrypted data [24
-bytes]][encrypted with the private key of the client and public key of the 
+bytes]][encrypted with the private key of the client and public key of the
-server and the nonce:[public key (32 bytes) and][base nonce we want the server 
+server and the nonce:[public key (32 bytes) and][base nonce we want the server
 to use to encrypt the packets sent to us (24 bytes)]]
 The server responds with:
-[nonce for the encrypted data [24 bytes]][encrypted with the public key of the 
+[nonce for the encrypted data [24 bytes]][encrypted with the public key of the
-client and private key of the server and the nonce:[public key (32 bytes) 
+client and private key of the server and the nonce:[public key (32 bytes)
-and][base nonce we want the client to use to encrypt the packets sent to us (24 
+and][base nonce we want the client to use to encrypt the packets sent to us (24
 bytes)]]
-All packets to the server are end to end encrypted with the information 
+All packets to the server are end to end encrypted with the information
-received 
+received
 (and sent) in the handshake.
-(first packet is encrypted with the base nonce the private key for which the 
+(first packet is encrypted with the base nonce the private key for which the
-client sent the server the public key and the public key we sent to the client, 
+client sent the server the public key and the public key we sent to the client,
 the next with base nonce + 1...)
-The connection is set to an unconfirmed state until a packet is received and 
+The connection is set to an unconfirmed state until a packet is received and
 decrypted correctly using the information in the handshake.
-each packet sent to/from the server has an id (the first byte of the plain text 
+each packet sent to/from the server has an id (the first byte of the plain text
 data of the packet.)
-ids 0 to 15 are reserved for special packets, ids 16 to 255 are used to denote 
+ids 0 to 15 are reserved for special packets, ids 16 to 255 are used to denote
 who we want the data to be routed to/who the packet is from.
 special ids and packets:
 0 - Routing request.
 [uint8_t id (0)][public key (32 bytes)]
 1 - Routing request response.
-[uint8_t id (1)][uint8_t (rpid) 0 if refused, packet id if accepted][public key 
+[uint8_t id (1)][uint8_t (rpid) 0 if refused, packet id if accepted][public key
 (32 bytes)]
 2 - Connect notification:
 [uint8_t id (2)][uint8_t (packet id of connection that got connected)]
@ -108,44 +108,44 @@ special ids and packets:
 [uint8_t id (6)][destination public key (32 bytes)][data]
 7 - OOB recv
 [uint8_t id (7)][senders public key (32 bytes)][data]
-8 - onion packet (same format as initial onion packet (See: Prevent 
+8 - onion packet (same format as initial onion packet (See: Prevent
 tracking.txt) but packet id is 8 instead of 128)
-9 - onion packet response (same format as onion packet with id 142 but id is 9 
+9 - onion packet response (same format as onion packet with id 142 but id is 9
 instead.)
 The rest of the special ids are reserved for possible future usage.
-If the server receives a routing request he stores server side that the client 
+If the server receives a routing request he stores server side that the client
-wants to connect to the person with that public key and sends back a Routing 
+wants to connect to the person with that public key and sends back a Routing
 request response with the rpid along with the public key sent in the request.
-If for some reason the server must refuse the routing request (too many) he 
+If for some reason the server must refuse the routing request (too many) he
 sends the response with a rpid of 0.
-If the person who the client wants to connect to is also online and wants to 
+If the person who the client wants to connect to is also online and wants to
-connect to the client a connect notification is sent to both with the 
+connect to the client a connect notification is sent to both with the
 appropriate packet id.
-If either one disconnects, a disconnect notification is sent to the other with 
+If either one disconnects, a disconnect notification is sent to the other with
 appropriate packet id.
-If a client sends a disconnect notification, the entry on the server for that 
+If a client sends a disconnect notification, the entry on the server for that
-routed connection is cleared and a disconnect notification is sent to the peer 
+routed connection is cleared and a disconnect notification is sent to the peer
 (if he was online)
-If the server receives an onion packet he handles it the same as he would if it 
+If the server receives an onion packet he handles it the same as he would if it
-was one received normally via UDP, he must also assure himself that any 
+was one received normally via UDP, he must also assure himself that any
 responses must be sent to the proper client.
 Ping responses must have the same ping_id as the request.
 If the server receives a ping packet he must respond with a ping response.
-The server will send a ping packet to clients every 30 seconds, they have 30 
+The server will send a ping packet to clients every 30 seconds, they have 30
 seconds to respond, if they don't the connection is deleted.
-OOB send packets will be sent to the peer connected to the TCP server with the 
+OOB send packets will be sent to the peer connected to the TCP server with the
-destination public key as a OOB recv packet. The client sending this packet has 
+destination public key as a OOB recv packet. The client sending this packet has
 no way of knowing if the packet reached its destination.
--- a/docs/updates/Crypto.md
+++ b/docs/updates/Crypto.md
@ -1,7 +1,7 @@
-Encryption library used: http://nacl.cr.yp.to/
+Encryption library used: https://doc.libsodium.org/
-When running the program for the first time the crypto_box_keypair() function is used to 
+When running the program for the first time the crypto_box_keypair() function is used to
 generate the users public-private key pair. (32 bytes each)
 The generated public key is set as the client_id of the peer.
@ -9,13 +9,13 @@ The generated public key is set as the client_id of the peer.
 Adding a friend
 ---------------
-Alice adds Bob to her friend list by adding his 32 byte public key (client_id) to her friend list.  
+Alice adds Bob to her friend list by adding his 32 byte public key (client_id) to her friend list.
-2 cases:  
+2 cases:
-case 1: Alice adds the public key of Bob, then Bob waits for Alice to attempt to connect to him.  
+case 1: Alice adds the public key of Bob, then Bob waits for Alice to attempt to connect to him.
-case 2: Bob and Alice add their respective public keys to their friend lists at the same time.  
+case 2: Bob and Alice add their respective public keys to their friend lists at the same time.
-    
+
-case 1:  
+case 1:
-Alice sends an onion data (see: Prevent_tracking.txt) packet to Bob with the encrypted part containing the friend request like so:  
+Alice sends an onion data (see: Prevent_tracking.txt) packet to Bob with the encrypted part containing the friend request like so:
 ```
 [char with a value of 32][nospam number (4 bytes)][Message]
 ```
@ -23,15 +23,15 @@ Alice sends an onion data (see: Prevent_tracking.txt) packet to Bob with the enc
 Ex message: hello Bob it's me Alice -_- add me pl0x.
 For more info on the nospam see: Spam_Prevention.txt
 Bob receives the request and decrypts the message using the function crypto_box_open()
 If the message decrypts successfully:   
 If Alice is already in Bob's friend list: case 2  
 If Alice is not in Bob's friend list and the nospam is good: Bob is prompt to add Alice and is shown the message from her.  
 If Bob accepts Alice friend request he adds her public key to his friend list.  
-case 2:  
+Bob receives the request and decrypts the message using the function crypto_box_open()
 If the message decrypts successfully:
 If Alice is already in Bob's friend list: case 2
 If Alice is not in Bob's friend list and the nospam is good: Bob is prompt to add Alice and is shown the message from her.
 If Bob accepts Alice friend request he adds her public key to his friend list.
 case 2:
 Bob and Alice both have the others public key in their friend list, they are ready for the next step:   Connecting to an already added friend
 In the next step only crypto_box() is used for encryption and only crypto_box_open() for decryption (just like in the last step.)
--- a/libtoxcore.pc.in
+++ b/libtoxcore.pc.in
@ -7,5 +7,5 @@ Name: libtoxcore
 Description: Tox protocol library
 Requires:
 Version: @PACKAGE_VERSION@
-Libs: @NACL_OBJECTS_PKGCONFIG@ -L${libdir} -ltoxcore @NACL_LDFLAGS@ -ltoxencryptsave @NACL_LIBS@ @LIBS@ @MATH_LDFLAGS@ @PTHREAD_LDFLAGS@
+Libs: -L${libdir} -ltoxcore -ltoxencryptsave @LIBS@ @MATH_LDFLAGS@ @PTHREAD_LDFLAGS@
 Cflags: -I${includedir}
--- a/other/Makefile.inc
+++ b/other/Makefile.inc
@ -9,16 +9,12 @@ DHT_bootstrap_SOURCES = ../other/DHT_bootstrap.c \
                        ../other/bootstrap_node_packets.c
 DHT_bootstrap_CFLAGS = -I$(top_srcdir)/other \
-                        $(LIBSODIUM_CFLAGS) \
+                        $(LIBSODIUM_CFLAGS)
                        $(NACL_CFLAGS)
 DHT_bootstrap_LDADD =   $(LIBSODIUM_LDFLAGS) \
                        $(NACL_LDFLAGS) \
                        libmisc_tools.la \
                        libtoxcore.la \
                        $(LIBSODIUM_LIBS) \
                        $(NACL_OBJECTS) \
                        $(NACL_LIBS) \
                        $(WINSOCK2_LIBS)
 endif
--- a/other/bootstrap_daemon/docker/tox-bootstrapd.sha256
+++ b/other/bootstrap_daemon/docker/tox-bootstrapd.sha256
@ -1 +1 @@
-269d2d95028f192bbf65a01b938068b8fc9e798bbe1d5ecaf67cae124e45c2a9  /usr/local/bin/tox-bootstrapd
+1550b285e7d2f85a340fbde449dfbab3d49958794c918aebdb486ffc1b77c68c  /usr/local/bin/tox-bootstrapd
--- a/other/bootstrap_daemon/src/Makefile.inc
+++ b/other/bootstrap_daemon/src/Makefile.inc
@ -24,17 +24,13 @@ tox_bootstrapd_SOURCES = \
 tox_bootstrapd_CFLAGS = \
                        -I$(top_srcdir)/other/bootstrap_daemon \
                        $(LIBSODIUM_CFLAGS) \
                        $(NACL_CFLAGS) \
                        $(LIBCONFIG_CFLAGS)
 tox_bootstrapd_LDADD = \
                        $(LIBSODIUM_LDFLAGS) \
                        $(NACL_LDFLAGS) \
                        libtoxcore.la \
                        $(LIBCONFIG_LIBS) \
-                        $(LIBSODIUM_LIBS) \
+                        $(LIBSODIUM_LIBS)
                        $(NACL_OBJECTS) \
                        $(NACL_LIBS)
 bashcompdir = $(datarootdir)/bash-completion/completions
 dist_bashcomp_DATA = $(top_builddir)/other/bootstrap_daemon/bash-completion/completions/tox-bootstrapd
--- a/other/docker/autotools/Dockerfile
+++ b/other/docker/autotools/Dockerfile
@ -1,6 +1,27 @@
 ################################################
 # autotools-linux
-FROM toxchat/nacl:latest
+FROM ubuntu:22.04
 RUN apt-get update && apt-get install --no-install-recommends -y \
 autoconf \
 automake \
 ca-certificates \
 curl \
 libconfig-dev \
 libopus-dev \
 libsodium-dev \
 libtool \
 libvpx-dev \
 make \
 pkg-config \
 && apt-get clean \
 && rm -rf /var/lib/apt/lists/*
 RUN groupadd -r -g 1000 builder \
 && useradd -m --no-log-init -r -g builder -u 1000 builder
 USER builder
 WORKDIR /home/builder
 # Copy the sources and run the build.
 COPY --chown=builder:builder . /home/builder/c-toxcore/
--- a/other/fun/strkey.c
+++ b/other/fun/strkey.c
@ -2,7 +2,7 @@
 *
 * Generates Tox's key pairs, checking if a certain string is in the public key.
 *
- * Requires sodium or nacl library.
+ * Requires sodium library.
 *
 * There seem to be some problems with the code working on Windows -- it works
 * when built in debug mode with MinGW 4.8, but it doesn't work correctly when
--- a/testing/Makefile.inc
+++ b/testing/Makefile.inc
@ -19,16 +19,12 @@ noinst_PROGRAMS +=      Messenger_test
 Messenger_test_SOURCES = \
                        ../testing/Messenger_test.c
-Messenger_test_CFLAGS = $(LIBSODIUM_CFLAGS) \
+Messenger_test_CFLAGS = $(LIBSODIUM_CFLAGS)
                        $(NACL_CFLAGS)
 Messenger_test_LDADD =  $(LIBSODIUM_LDFLAGS) \
                        $(NACL_LDFLAGS) \
                        libmisc_tools.la \
                        libtoxcore.la \
                        $(LIBSODIUM_LIBS) \
                        $(NACL_OBJECTS) \
                        $(NACL_LIBS) \
                        $(WINSOCK2_LIBS)
 endif
--- a/testing/Messenger_test.c
+++ b/testing/Messenger_test.c
@ -12,7 +12,7 @@
 * If it receives a message from a friend it replies back.
 *
 *
- * This is how I compile it: gcc -O2 -Wall -D VANILLA_NACL -o test ../core/Lossless_UDP.c ../core/network.c ../core/net_crypto.c ../core/Messenger.c ../core/DHT.c ../nacl/build/${HOSTNAME%.*}/lib/amd64/{cpucycles.o,libnacl.a,randombytes.o} Messenger_test.c
+ * This is how I compile it: gcc -O2 -Wall -o test ../core/Lossless_UDP.c ../core/network.c ../core/net_crypto.c ../core/Messenger.c ../core/DHT.c Messenger_test.c -lsodium
 *
 *
 * Command line arguments are the ip, port and public_key of a node (for bootstrapping).
--- a/testing/misc_tools.c
+++ b/testing/misc_tools.c
@ -20,9 +20,7 @@
 #include <stdlib.h>
 #include <string.h>
 #ifndef VANILLA_NACL
 #include <sodium.h>
 #endif
 #if defined(_WIN32) || defined(__WIN32__) || defined(WIN32)
 #include <windows.h>
@ -141,7 +139,6 @@ int cmdline_parsefor_ipv46(int argc, char **argv, bool *ipv6enabled)
 }
 #ifndef VANILLA_NACL
 static const char *test_rng_name(void)
 {
    return "test_rng";
@ -198,11 +195,3 @@ int use_test_rng(uint32_t seed)
    return randombytes_set_implementation(&test_rng);
 }
 #else
 int use_test_rng(uint32_t seed)
 {
    assert(!"libsodium required for use_test_rng");
 }
 #endif
--- a/toxav/Makefile.inc
+++ b/toxav/Makefile.inc
@ -25,19 +25,16 @@ libtoxav_la_SOURCES = ../toxav/rtp.h \
 libtoxav_la_CFLAGS = -I../toxcore \
                    -I../toxav \
                    $(LIBSODIUM_CFLAGS) \
                    $(NACL_CFLAGS) \
                    $(AV_CFLAGS) \
                    $(PTHREAD_CFLAGS)
 libtoxav_la_LDFLAGS = $(LT_LDFLAGS) \
                    $(LIBSODIUM_LDFLAGS) \
                    $(NACL_LDFLAGS) \
                    $(EXTRA_LT_LDFLAGS) \
                    $(WINSOCK2_LIBS)
 libtoxav_la_LIBADD =  libtoxcore.la \
                    $(LIBSODIUM_LIBS) \
                    $(NACL_LIBS) \
                    $(PTHREAD_LIBS) \
                    $(AV_LIBS)
--- a/toxcore/Makefile.inc
+++ b/toxcore/Makefile.inc
@ -123,7 +123,6 @@ libtoxcore_la_SOURCES = ../third_party/cmp/cmp.c \
 libtoxcore_la_CFLAGS =  -I$(top_srcdir) \
                        -I$(top_srcdir)/toxcore \
                        $(LIBSODIUM_CFLAGS) \
                        $(NACL_CFLAGS) \
                        $(MSGPACK_CFLAGS) \
                        $(PTHREAD_CFLAGS) \
                        -DCMP_NO_FLOAT=1
@ -131,15 +130,12 @@ libtoxcore_la_CFLAGS =  -I$(top_srcdir) \
 libtoxcore_la_LDFLAGS = $(LT_LDFLAGS) \
                        $(EXTRA_LT_LDFLAGS) \
                        $(LIBSODIUM_LDFLAGS) \
                        $(NACL_LDFLAGS) \
                        $(MSGPACK_LDFLAGS) \
                        $(MATH_LDFLAGS) \
                        $(RT_LIBS) \
                        $(WINSOCK2_LIBS)
 libtoxcore_la_LIBADD =  $(LIBSODIUM_LIBS) \
                        $(NACL_OBJECTS) \
                        $(NACL_LIBS) \
                        $(MSGPACK_LIBS) \
                        $(PTHREAD_LIBS)
--- a/toxcore/Messenger.c
+++ b/toxcore/Messenger.c
@ -2359,8 +2359,6 @@ static int m_handle_packet_msi(Messenger *m, const int i, const uint8_t *data, c
 non_null(1, 3) nullable(5)
 static int m_handle_packet_invite_groupchat(Messenger *m, const int i, const uint8_t *data, const uint16_t data_length, void *userdata)
 {
 #ifndef VANILLA_NACL
    // first two bytes are messenger packet type and group invite type
    if (data_length < 2 + GC_JOIN_DATA_LENGTH) {
        return 0;
@ -2381,8 +2379,6 @@ static int m_handle_packet_invite_groupchat(Messenger *m, const int i, const uin
        handle_gc_invite_confirmed_packet(m->group_handler, i, join_data, join_data_len);
    }
 #endif // VANILLA_NACL
    return 0;
 }
@ -2563,7 +2559,6 @@ uint32_t messenger_run_interval(const Messenger *m)
 *
 * @retval true if success.
 */
 #ifndef VANILLA_NACL
 non_null()
 static bool self_announce_group(const Messenger *m, GC_Chat *chat, Onion_Friend *onion_friend)
 {
@ -2639,7 +2634,6 @@ static void do_gc_onion_friends(const Messenger *m)
        }
    }
 }
 #endif  // VANILLA_NACL
 /** @brief The main loop that needs to be run at least 20 times per second. */
 void do_messenger(Messenger *m, void *userdata)
@ -2677,11 +2671,9 @@ void do_messenger(Messenger *m, void *userdata)
    do_onion_client(m->onion_c);
    do_friend_connections(m->fr_c, userdata);
    do_friends(m, userdata);
 #ifndef VANILLA_NACL
    do_gc(m->group_handler, userdata);
    do_gca(m->mono_time, m->group_announce);
    do_gc_onion_friends(m);
 #endif
    m_connection_status_callback(m, userdata);
    if (mono_time_get(m->mono_time) > m->lastdump + DUMPING_CLIENTS_FRIENDS_EVERY_N_SECONDS) {
@ -3164,7 +3156,6 @@ static State_Load_Status friends_list_load(Messenger *m, const uint8_t *data, ui
    return STATE_LOAD_STATUS_CONTINUE;
 }
 #ifndef VANILLA_NACL
 non_null()
 static void pack_groupchats(const GC_Session *c, Bin_Pack *bp)
 {
@ -3261,7 +3252,6 @@ static State_Load_Status groups_load(Messenger *m, const uint8_t *data, uint32_t
    return STATE_LOAD_STATUS_CONTINUE;
 }
 #endif /* VANILLA_NACL */
 // name state plugin
 non_null()
@ -3449,9 +3439,7 @@ static void m_register_default_plugins(Messenger *m)
    m_register_state_plugin(m, STATE_TYPE_STATUSMESSAGE, status_message_size, load_status_message,
                            save_status_message);
    m_register_state_plugin(m, STATE_TYPE_STATUS, status_size, load_status, save_status);
 #ifndef VANILLA_NACL
    m_register_state_plugin(m, STATE_TYPE_GROUPS, saved_groups_size, groups_load, groups_save);
 #endif
    m_register_state_plugin(m, STATE_TYPE_TCP_RELAY, tcp_relay_size, load_tcp_relays, save_tcp_relays);
    m_register_state_plugin(m, STATE_TYPE_PATH_NODE, path_node_size, load_path_nodes, save_path_nodes);
 }
@ -3629,7 +3617,6 @@ Messenger *new_messenger(Mono_Time *mono_time, const Memory *mem, const Random *
        return nullptr;
    }
 #ifndef VANILLA_NACL
    m->group_announce = new_gca_list();
    if (m->group_announce == nullptr) {
@ -3644,8 +3631,6 @@ Messenger *new_messenger(Mono_Time *mono_time, const Memory *mem, const Random *
        return nullptr;
    }
 #endif /* VANILLA_NACL */
    if (options->dht_announcements_enabled) {
        m->forwarding = new_forwarding(m->log, m->rng, m->mono_time, m->dht);
        if (m->forwarding != nullptr) {
@ -3672,9 +3657,7 @@ Messenger *new_messenger(Mono_Time *mono_time, const Memory *mem, const Random *
        kill_onion(m->onion);
        kill_onion_announce(m->onion_a);
        kill_onion_client(m->onion_c);
 #ifndef VANILLA_NACL
        kill_gca(m->group_announce);
 #endif /* VANILLA_NACL */
        kill_friend_connections(m->fr_c);
        kill_announcements(m->announce);
        kill_forwarding(m->forwarding);
@ -3687,7 +3670,6 @@ Messenger *new_messenger(Mono_Time *mono_time, const Memory *mem, const Random *
        return nullptr;
    }
 #ifndef VANILLA_NACL
    gca_onion_init(m->group_announce, m->onion_a);
    m->group_handler = new_dht_groupchats(m);
@ -3711,8 +3693,6 @@ Messenger *new_messenger(Mono_Time *mono_time, const Memory *mem, const Random *
        return nullptr;
    }
 #endif /* VANILLA_NACL */
    if (options->tcp_server_port != 0) {
        m->tcp_server = new_tcp_server(m->log, m->mem, m->rng, m->ns, options->ipv6enabled, 1,
                                       &options->tcp_server_port, dht_get_self_secret_key(m->dht),
@ -3723,14 +3703,10 @@ Messenger *new_messenger(Mono_Time *mono_time, const Memory *mem, const Random *
            kill_onion(m->onion);
            kill_onion_announce(m->onion_a);
 #ifndef VANILLA_NACL
            kill_dht_groupchats(m->group_handler);
 #endif
            kill_friend_connections(m->fr_c);
            kill_onion_client(m->onion_c);
 #ifndef VANILLA_NACL
            kill_gca(m->group_announce);
 #endif
            kill_announcements(m->announce);
            kill_forwarding(m->forwarding);
            kill_net_crypto(m->net_crypto);
@ -3782,14 +3758,10 @@ void kill_messenger(Messenger *m)
    kill_onion(m->onion);
    kill_onion_announce(m->onion_a);
 #ifndef VANILLA_NACL
    kill_dht_groupchats(m->group_handler);
 #endif
    kill_friend_connections(m->fr_c);
    kill_onion_client(m->onion_c);
 #ifndef VANILLA_NACL
    kill_gca(m->group_announce);
 #endif
    kill_announcements(m->announce);
    kill_forwarding(m->forwarding);
    kill_net_crypto(m->net_crypto);
--- a/toxcore/crypto_core.c
+++ b/toxcore/crypto_core.c
@ -14,19 +14,7 @@
 #include <stdlib.h>
 #include <string.h>
 #ifndef VANILLA_NACL
 // We use libsodium by default.
 #include <sodium.h>
 #else
 #include <crypto_auth.h>
 #include <crypto_box.h>
 #include <crypto_hash_sha256.h>
 #include <crypto_hash_sha512.h>
 #include <crypto_scalarmult_curve25519.h>
 #include <crypto_verify_16.h>
 #include <crypto_verify_32.h>
 #include <randombytes.h>
 #endif
 #include "ccompat.h"
@ -34,11 +22,9 @@
 #define crypto_box_MACBYTES (crypto_box_ZEROBYTES - crypto_box_BOXZEROBYTES)
 #endif
 #ifndef VANILLA_NACL
 // Need dht because of ENC_SECRET_KEY_SIZE and ENC_PUBLIC_KEY_SIZE
 #define ENC_PUBLIC_KEY_SIZE CRYPTO_PUBLIC_KEY_SIZE
 #define ENC_SECRET_KEY_SIZE CRYPTO_SECRET_KEY_SIZE
 #endif
 static_assert(CRYPTO_PUBLIC_KEY_SIZE == crypto_box_PUBLICKEYBYTES,
              "CRYPTO_PUBLIC_KEY_SIZE should be equal to crypto_box_PUBLICKEYBYTES");
@ -63,20 +49,15 @@ static_assert(CRYPTO_SHA512_SIZE == crypto_hash_sha512_BYTES,
 static_assert(CRYPTO_PUBLIC_KEY_SIZE == 32,
              "CRYPTO_PUBLIC_KEY_SIZE is required to be 32 bytes for pk_equal to work");
 #ifndef VANILLA_NACL
 static_assert(CRYPTO_SIGNATURE_SIZE == crypto_sign_BYTES,
              "CRYPTO_SIGNATURE_SIZE should be equal to crypto_sign_BYTES");
 static_assert(CRYPTO_SIGN_PUBLIC_KEY_SIZE == crypto_sign_PUBLICKEYBYTES,
              "CRYPTO_SIGN_PUBLIC_KEY_SIZE should be equal to crypto_sign_PUBLICKEYBYTES");
 static_assert(CRYPTO_SIGN_SECRET_KEY_SIZE == crypto_sign_SECRETKEYBYTES,
              "CRYPTO_SIGN_SECRET_KEY_SIZE should be equal to crypto_sign_SECRETKEYBYTES");
 #endif /* VANILLA_NACL */
 bool create_extended_keypair(uint8_t *pk, uint8_t *sk)
 {
 #ifdef VANILLA_NACL
    return false;
 #else
    /* create signature key pair */
    crypto_sign_keypair(pk + ENC_PUBLIC_KEY_SIZE, sk + ENC_SECRET_KEY_SIZE);
@ -87,7 +68,6 @@ bool create_extended_keypair(uint8_t *pk, uint8_t *sk)
    const int res2 = crypto_sign_ed25519_sk_to_curve25519(sk, sk + ENC_SECRET_KEY_SIZE);
    return res1 == 0 && res2 == 0;
 #endif
 }
 const uint8_t *get_enc_key(const uint8_t *key)
@ -141,7 +121,7 @@ static void crypto_free(uint8_t *ptr, size_t bytes)
 void crypto_memzero(void *data, size_t length)
 {
-#if defined(FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION) || defined(VANILLA_NACL)
+#if defined(FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION)
    memset(data, 0, length);
 #else
    sodium_memzero(data, length);
@ -150,7 +130,7 @@ void crypto_memzero(void *data, size_t length)
 bool crypto_memlock(void *data, size_t length)
 {
-#if defined(FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION) || defined(VANILLA_NACL)
+#if defined(FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION)
    return false;
 #else
@ -164,7 +144,7 @@ bool crypto_memlock(void *data, size_t length)
 bool crypto_memunlock(void *data, size_t length)
 {
-#if defined(FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION) || defined(VANILLA_NACL)
+#if defined(FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION)
    return false;
 #else
@ -196,10 +176,6 @@ bool crypto_sha512_eq(const uint8_t *cksum1, const uint8_t *cksum2)
 #if defined(FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION)
    // Hope that this is better for the fuzzer
    return memcmp(cksum1, cksum2, CRYPTO_SHA512_SIZE) == 0;
 #elif defined(VANILLA_NACL)
    const int lo = crypto_verify_32(cksum1, cksum2) == 0 ? 1 : 0;
    const int hi = crypto_verify_32(cksum1 + 8, cksum2 + 8) == 0 ? 1 : 0;
    return (lo & hi) == 1;
 #else
    return crypto_verify_64(cksum1, cksum2) == 0;
 #endif
@ -251,21 +227,13 @@ uint32_t random_range_u32(const Random *rng, uint32_t upper_bound)
 bool crypto_signature_create(uint8_t *signature, const uint8_t *message, uint64_t message_length,
                             const uint8_t *secret_key)
 {
 #ifdef VANILLA_NACL
    return false;
 #else
    return crypto_sign_detached(signature, nullptr, message, message_length, secret_key) == 0;
 #endif // VANILLA_NACL
 }
 bool crypto_signature_verify(const uint8_t *signature, const uint8_t *message, uint64_t message_length,
                             const uint8_t *public_key)
 {
 #ifdef VANILLA_NACL
    return false;
 #else
    return crypto_sign_verify_detached(signature, message, message_length, public_key) == 0;
 #endif
 }
 bool public_key_valid(const uint8_t *public_key)
@ -539,17 +507,7 @@ static void sys_random_bytes(void *obj, uint8_t *bytes, size_t length)
 non_null()
 static uint32_t sys_random_uniform(void *obj, uint32_t upper_bound)
 {
 #ifdef VANILLA_NACL
    if (upper_bound == 0) {
        return 0;
    }
    uint32_t randnum;
    sys_random_bytes(obj, (uint8_t *)&randnum, sizeof(randnum));
    return randnum % upper_bound;
 #else
    return randombytes_uniform(upper_bound);
 #endif
 }
 static const Random_Funcs system_random_funcs = {
@ -566,13 +524,11 @@ const Random *system_random(void)
        return nullptr;
    }
 #endif
 #ifndef VANILLA_NACL
    // It is safe to call this function more than once and from different
    // threads -- subsequent calls won't have any effects.
    if (sodium_init() == -1) {
        return nullptr;
    }
 #endif
    return &system_random_obj;
 }
--- a/toxcore/crypto_core.h
+++ b/toxcore/crypto_core.h
@ -235,8 +235,7 @@ uint64_t random_u64(const Random *rng);
 /**
 * @brief Return a random 32 bit integer between 0 and upper_bound (excluded).
 *
- * On libsodium builds this function guarantees a uniform distribution of possible outputs.
+ * This function guarantees a uniform distribution of possible outputs.
 * On vanilla NACL builds this function is equivalent to `random() % upper_bound`.
 */
 non_null()
 uint32_t random_range_u32(const Random *rng, uint32_t upper_bound);
--- a/toxcore/group_chats.c
+++ b/toxcore/group_chats.c
@ -11,9 +11,7 @@
 #include <assert.h>
 #ifndef VANILLA_NACL
 #include <sodium.h>
 #endif
 #include <string.h>
@ -30,8 +28,6 @@
 #include "network.h"
 #include "util.h"
 #ifndef VANILLA_NACL
 /* The minimum size of a plaintext group handshake packet */
 #define GC_MIN_HS_PACKET_PAYLOAD_SIZE (1 + ENC_PUBLIC_KEY_SIZE + SIG_PUBLIC_KEY_SIZE + 1 + 1)
@ -8496,4 +8492,3 @@ int gc_add_peers_from_announces(GC_Chat *chat, const GC_Announce *announces, uin
    return added_peers;
 }
 #endif  // VANILLA_NACL
--- a/toxcore/group_connection.c
+++ b/toxcore/group_connection.c
@ -22,8 +22,6 @@
 #include "mono_time.h"
 #include "util.h"
 #ifndef VANILLA_NACL
 /** Seconds since last direct UDP packet was received before the connection is considered dead */
 #define GCC_UDP_DIRECT_TIMEOUT (GC_PING_TIMEOUT + 4)
@ -704,5 +702,3 @@ void gcc_cleanup(const GC_Chat *chat)
        gcc_peer_cleanup(gconn);
    }
 }
 #endif // VANILLA_NACL
--- a/toxcore/group_onion_announce.c
+++ b/toxcore/group_onion_announce.c
@ -66,8 +66,6 @@ void gca_onion_init(GC_Announces_List *group_announce, Onion_Announce *onion_a)
                                       group_announce);
 }
 #ifndef VANILLA_NACL
 int create_gca_announce_request(
    const Random *rng, uint8_t *packet, uint16_t max_packet_length, const uint8_t *dest_client_id,
    const uint8_t *public_key, const uint8_t *secret_key, const uint8_t *ping_id,
@ -112,4 +110,3 @@ int create_gca_announce_request(
    return full_length;
 }
 #endif  // VANILLA_NACL
--- a/toxcore/network.c
+++ b/toxcore/network.c
@ -87,11 +87,6 @@
 #include <stdlib.h>
 #include <string.h>
 #ifndef VANILLA_NACL
 // Used for sodium_init()
 #include <sodium.h>
 #endif
 #include "ccompat.h"
 #include "logger.h"
 #include "mono_time.h"
--- a/toxcore/onion_client.c
+++ b/toxcore/onion_client.c
@ -671,7 +671,6 @@ static int client_send_announce_request(Onion_Client *onion_c, uint32_t num, con
                      onion_friend->temp_secret_key, ping_id, onion_friend->real_public_key,
                      zero_ping_id, sendback);
        } else { // contact is a gc
 #ifndef VANILLA_NACL
            onion_friend->is_groupchat = true;
            len = create_gca_announce_request(
@ -679,9 +678,6 @@ static int client_send_announce_request(Onion_Client *onion_c, uint32_t num, con
                      onion_friend->temp_secret_key, ping_id, onion_friend->real_public_key,
                      zero_ping_id, sendback, onion_friend->gc_data,
                      onion_friend->gc_data_length);
 #else
            return -1;
 #endif  // VANILLA_NACL
        }
    }
--- a/toxcore/tox.c
+++ b/toxcore/tox.c
@ -362,7 +362,6 @@ static void tox_friend_lossless_packet_handler(Messenger *m, uint32_t friend_num
    }
 }
 #ifndef VANILLA_NACL
 non_null(1, 4) nullable(6)
 static void tox_group_peer_name_handler(const Messenger *m, uint32_t group_number, uint32_t peer_id,
                                        const uint8_t *name, size_t length, void *user_data)
@ -573,7 +572,6 @@ static void tox_group_moderation_handler(const Messenger *m, uint32_t group_numb
                tox_data->user_data);
    }
 }
 #endif
 bool tox_version_is_compatible(uint32_t major, uint32_t minor, uint32_t patch)
 {
@ -908,7 +906,6 @@ Tox *tox_new(const struct Tox_Options *options, Tox_Err_New *error)
    custom_lossy_packet_registerhandler(tox->m, tox_friend_lossy_packet_handler);
    custom_lossless_packet_registerhandler(tox->m, tox_friend_lossless_packet_handler);
 #ifndef VANILLA_NACL
    m_callback_group_invite(tox->m, tox_group_invite_handler);
    gc_callback_message(tox->m, tox_group_message_handler);
    gc_callback_private_message(tox->m, tox_group_private_message_handler);
@ -927,7 +924,6 @@ Tox *tox_new(const struct Tox_Options *options, Tox_Err_New *error)
    gc_callback_self_join(tox->m, tox_group_self_join_handler);
    gc_callback_rejected(tox->m, tox_group_join_fail_handler);
    gc_callback_voice_state(tox->m, tox_group_voice_state_handler);
 #endif
    tox_unlock(tox);
@ -2845,7 +2841,6 @@ uint16_t tox_self_get_tcp_port(const Tox *tox, Tox_Err_Get_Port *error)
 /* GROUPCHAT FUNCTIONS */
 #ifndef VANILLA_NACL
 void tox_callback_group_invite(Tox *tox, tox_group_invite_cb *callback)
 {
    assert(tox != nullptr);
@ -4597,8 +4592,6 @@ bool tox_group_mod_kick_peer(const Tox *tox, uint32_t group_number, uint32_t pee
    return false;
 }
 #endif /* VANILLA_NACL */
 const Tox_System *tox_get_system(Tox *tox)
 {
    assert(tox != nullptr);
--- a/toxcore/tox_private.c
+++ b/toxcore/tox_private.c
@ -167,7 +167,6 @@ uint16_t tox_dht_get_num_closelist_announce_capable(const Tox *tox){
    return num_cap;
 }
 #ifndef VANILLA_NACL
 size_t tox_group_peer_get_ip_address_size(const Tox *tox, uint32_t group_number, uint32_t peer_id,
                                          Tox_Err_Group_Peer_Query *error)
 {
@ -219,5 +218,3 @@ bool tox_group_peer_get_ip_address(const Tox *tox, uint32_t group_number, uint32
    SET_ERROR_PARAMETER(error, TOX_ERR_GROUP_PEER_QUERY_OK);
    return true;
 }
 #endif  /* VANILLA_NACL */
--- a/toxencryptsave/Makefile.inc
+++ b/toxencryptsave/Makefile.inc
@ -5,7 +5,6 @@ libtoxencryptsave_la_include_HEADERS = \
 libtoxencryptsave_la_includedir = $(includedir)/tox
 if !WITH_NACL
 libtoxencryptsave_la_SOURCES = ../toxencryptsave/toxencryptsave.h \
                        ../toxencryptsave/toxencryptsave.c \
                        ../toxencryptsave/defines.h
@ -13,20 +12,16 @@ libtoxencryptsave_la_SOURCES = ../toxencryptsave/toxencryptsave.h \
 libtoxencryptsave_la_CFLAGS =   -I$(top_srcdir) \
                        -I$(top_srcdir)/toxcore \
                        $(LIBSODIUM_CFLAGS) \
                        $(NACL_CFLAGS) \
                        $(PTHREAD_CFLAGS)
 libtoxencryptsave_la_LDFLAGS =  $(LT_LDFLAGS) \
                        $(EXTRA_LT_LDFLAGS) \
                        $(LIBSODIUM_LDFLAGS) \
                        $(NACL_LDFLAGS) \
                        $(MATH_LDFLAGS) \
                        $(RT_LIBS) \
                        $(WINSOCK2_LIBS)
 libtoxencryptsave_la_LIBADD =   $(LIBSODIUM_LIBS) \
                        $(NACL_OBJECTS) \
                        $(NACL_LIBS) \
                        $(PTHREAD_LIBS) \
                        libtoxcore.la
@ -35,4 +30,3 @@ if SET_SO_VERSION
 EXTRA_libtoxencryptsave_la_DEPENDENCIES = ../so.version
 endif
 endif
`@ -1 +1 @@`
	`269d2d95028f192bbf65a01b938068b8fc9e798bbe1d5ecaf67cae124e45c2a9 /usr/local/bin/tox-bootstrapd`	`1550b285e7d2f85a340fbde449dfbab3d49958794c918aebdb486ffc1b77c68c /usr/local/bin/tox-bootstrapd`