Log Message:
Update libsodium to 1.0.6.

Provided by csosstudy in PR 50455.

Version 1.0.6

    Optimized implementations of Blake2 have been added for modern Intel \ 
platforms. crypto_generichash() is now faster than MD5 and SHA1 implementations \ 
while being far more secure.
    Functions for which the return value should be checked have been tagged with \ 
__attribute__ ((warn_unused_result)). This will intentionally break code \ 
compiled with -Werror that didn't bother checking critical return values.
    The crypto_sign_edwards25519sha512batch_*() functions have been tagged as \ 
deprecated.
    Undocumented symbols that were exported, but were only useful for internal \ 
purposes have been removed or made private: sodium_runtime_get_cpu_features(), \ 
the implementation-specific crypto_onetimeauth_poly1305_donna() symbols, \ 
crypto_onetimeauth_poly1305_set_implementation(), \ 
crypto_onetimeauth_poly1305_implementation_name() and \ 
crypto_onetimeauth_pick_best_implementation().
    sodium_compare() now works as documented, and compares numbers in \ 
little-endian format instead of behaving like memcmp().
    The previous changes should not break actual applications, but to be safe, \ 
the library version major was incremented.
    sodium_runtime_has_ssse3() and sodium_runtime_has_sse41() have been added.
    The library can now be compiled with the CompCert compiler.

Version 1.0.5

This release only fixes compilation issues on some platforms.

If 1.0.4 compiled and installed fine on your system, upgrading to this version \ 
is not required.
There are no functional changes.

    Compilation issues on some platforms were fixed: missing alignment \ 
directives were added (required at least on RHEL-6/i386), a workaround for a VRP \ 
bug on gcc/armv7 was added, and the library can now be compiled with the SunPro \ 
compiler.

    Javascript target: io.js is not supported any more. Use nodejs.

Version 1.0.4

    Support for AES256-GCM has been added. This requires a CPU with the aesni \ 
and pclmul extensions, and is accessible via the crypto_aead_aes256gcm_*() \ 
functions.
    The Javascript target doesn't use eval() any more, so that the library can \ 
be used in Chrome packaged applications.
    QNX and CloudABI are now supported.
    Support for NaCl has finally been added.
    ChaCha20 with an extended (96 bit) nonce and a 32-bit counter has been \ 
implemented as crypto_stream_chacha20_ietf(), crypto_stream_chacha20_ietf_xor() \ 
and crypto_stream_chacha20_ietf_xor_ic(). An IETF-compatible version of \ 
ChaCha20Poly1305 is available as crypto_aead_chacha20poly1305_ietf_npubbytes(), \ 
crypto_aead_chacha20poly1305_ietf_encrypt() and \ 
crypto_aead_chacha20poly1305_ietf_decrypt().
    The sodium_increment() helper function has been added, to increment an \ 
arbitrary large number (such as a nonce).
    The sodium_compare() helper function has been added, to compare arbitrary \ 
large numbers (such as nonces, in order to prevent replay attacks).

Version 1.0.3

    In addition to sodium_bin2hex(), sodium_hex2bin() is now a constant-time \ 
function.
    crypto_stream_xsalsa20_ic() has been added.
    crypto_generichash_statebytes(), crypto_auth_*_statebytes() and \ 
crypto_hash_*_statebytes() have been added in order to retrieve the size of \ 
structures keeping states from foreign languages.
    The JavaScript target doesn't require /dev/urandom or an external \ 
randombytes() implementation any more. Other minor Emscripten-related \ 
improvements have been made in order to support libsodium.js
    Custom randombytes implementations do not need to provide their own \ 
implementation of randombytes_uniform() any more. randombytes_stir() and \ 
randombytes_close() can also be NULL pointers if they are not required.
    On Linux, getrandom(2) is being used instead of directly accessing \ 
/dev/urandom, if the kernel supports this system call.
    crypto_box_seal() and crypto_box_seal_open() have been added.
    A solutions for Visual Studio 2015 was added.