Fix Psalm nits

composer.json

@@ -56,6 +56,9 @@
   "require-dev": {
     "phpunit/phpunit": "^3|^4|^5|^6|^7|^8|^9"
   },
+  "scripts": {
+    "test": "phpunit"
+  },
   "suggest": {
     "ext-libsodium": "PHP < 7.0: Better performance, password hashing (Argon2i), secure memory management (memzero), and better security.",
     "ext-sodium": "PHP >= 7.0: Better performance, password hashing (Argon2i), secure memory management (memzero), and better security."

psalm-above-3.xml

@@ -49,6 +49,8 @@
         -->
 
         <RedundantCast errorLevel="info" />
+        <UnnecessaryVarAnnotation errorLevel="suppress" />
+        <UnusedVariable errorLevel="info" />
 
     </issueHandlers>
 </psalm>

src/Compat.php

@@ -3062,7 +3062,8 @@ public static function crypto_stream_keygen()
      *
      * @param int $len Number of bytes desired
      * @param string $nonce Number to be used Once; must be 24 bytes
-     * @param string $key XSalsa20 key
+     * @param string $key XChaCha20 key
+     * @param bool $dontFallback
      * @return string       Pseudorandom stream that can be XORed with messages
      *                      to provide encryption (but not authentication; see
      *                      Poly1305 or crypto_auth() for that, which is not

src/File.php

@@ -597,7 +597,7 @@ public static function sign($filePath, $secretKey)
         $az[31] = self::intToChr((self::chrToInt($az[31]) & 63) | 64);
 
         $hs = hash_init('sha512');
-        hash_update($hs, self::substr($az, 32, 32));
+        self::hash_update($hs, self::substr($az, 32, 32));
         /** @var resource $hs */
         $hs = self::updateHashWithFile($hs, $fp, $size);
 
@@ -616,8 +616,8 @@ public static function sign($filePath, $secretKey)
         );
 
         $hs = hash_init('sha512');
-        hash_update($hs, self::substr($sig, 0, 32));
-        hash_update($hs, self::substr($pk, 0, 32));
+        self::hash_update($hs, self::substr($sig, 0, 32));
+        self::hash_update($hs, self::substr($pk, 0, 32));
         /** @var resource $hs */
         $hs = self::updateHashWithFile($hs, $fp, $size);
 
@@ -728,8 +728,8 @@ public static function verify($sig, $filePath, $publicKey)
         $A = ParagonIE_Sodium_Core_Ed25519::ge_frombytes_negate_vartime($publicKey);
 
         $hs = hash_init('sha512');
-        hash_update($hs, self::substr($sig, 0, 32));
-        hash_update($hs, self::substr($publicKey, 0, 32));
+        self::hash_update($hs, self::substr($sig, 0, 32));
+        self::hash_update($hs, self::substr($publicKey, 0, 32));
         /** @var resource $hs */
         $hs = self::updateHashWithFile($hs, $fp, $size);
         /** @var string $hDigest */
@@ -1083,7 +1083,7 @@ protected static function onetimeauth_verify(
      * Update a hash context with the contents of a file, without
      * loading the entire file into memory.
      *
-     * @param resource|object $hash
+     * @param resource|HashContext $hash
      * @param resource $fp
      * @param int $size
      * @return resource|object Resource on PHP < 7.2, HashContext object on PHP >= 7.2
@@ -1133,7 +1133,7 @@ public static function updateHashWithFile($hash, $fp, $size = 0)
             }
             /** @var string $message */
             /** @psalm-suppress InvalidArgument */
-            hash_update($hash, $message);
+            self::hash_update($hash, $message);
         }
         // Reset file pointer's position
         fseek($fp, $originalPosition, SEEK_SET);
@@ -1175,7 +1175,7 @@ private static function sign_core32($filePath, $secretKey)
         $az[31] = self::intToChr((self::chrToInt($az[31]) & 63) | 64);
 
         $hs = hash_init('sha512');
-        hash_update($hs, self::substr($az, 32, 32));
+        self::hash_update($hs, self::substr($az, 32, 32));
         /** @var resource $hs */
         $hs = self::updateHashWithFile($hs, $fp, $size);
 
@@ -1194,8 +1194,8 @@ private static function sign_core32($filePath, $secretKey)
         );
 
         $hs = hash_init('sha512');
-        hash_update($hs, self::substr($sig, 0, 32));
-        hash_update($hs, self::substr($pk, 0, 32));
+        self::hash_update($hs, self::substr($sig, 0, 32));
+        self::hash_update($hs, self::substr($pk, 0, 32));
         /** @var resource $hs */
         $hs = self::updateHashWithFile($hs, $fp, $size);
 
@@ -1278,8 +1278,8 @@ public static function verify_core32($sig, $filePath, $publicKey)
         $A = ParagonIE_Sodium_Core32_Ed25519::ge_frombytes_negate_vartime($publicKey);
 
         $hs = hash_init('sha512');
-        hash_update($hs, self::substr($sig, 0, 32));
-        hash_update($hs, self::substr($publicKey, 0, 32));
+        self::hash_update($hs, self::substr($sig, 0, 32));
+        self::hash_update($hs, self::substr($publicKey, 0, 32));
         /** @var resource $hs */
         $hs = self::updateHashWithFile($hs, $fp, $size);
         /** @var string $hDigest */
@@ -1527,12 +1527,6 @@ protected static function onetimeauth_verify_core32(
         /** @var int $pos */
         $pos = self::ftell($ifp);
 
-        /** @var int $iter */
-        $iter = 1;
-
-        /** @var int $incr */
-        $incr = self::BUFFER_SIZE >> 6;
-
         while ($mlen > 0) {
             $blockSize = $mlen > self::BUFFER_SIZE
                 ? self::BUFFER_SIZE
@@ -1543,7 +1537,6 @@ protected static function onetimeauth_verify_core32(
             }
             $state->update($ciphertext);
             $mlen -= $blockSize;
-            $iter += $incr;
         }
         $res = ParagonIE_Sodium_Core32_Util::verify_16($tag, $state->finish());
 
@@ -1564,4 +1557,20 @@ private static function ftell($resource)
         }
         return (int) $return;
     }
+
+    /**
+     * Catch hash_update() failures and throw instead of silently proceding
+     *
+     * @param HashContext|resource &$hs
+     * @param string $data
+     * @return void
+     * @throws SodiumException
+     * @psalm-suppress PossiblyInvalidArgument
+     */
+    private static function hash_update(&$hs, $data)
+    {
+        if (!hash_update($hs, $data)) {
+            throw new SodiumException('hash_update() failed');
+        }
+    }
 }