Document the maximum number of bytes for crypto_stream_aes256estream*()

abort() if these functions are misused.

src/libsodium/crypto_stream/aes256estream/hongjun/ecrypt-sync.h

@@ -3,6 +3,7 @@
 #define __ECRYPT_SYNC__
 
 #include <stdint.h>
+#include <stdlib.h>
 
 typedef uint8_t  u8;
 typedef uint32_t u32;
@@ -22,6 +23,11 @@ typedef struct ECRYPT_ctx
 #pragma pack(pop)
 
 #define ECRYPT_encrypt_bytes(ctx, plaintext, ciphertext, msglen)   \
-  ECRYPT_process_bytes(0, ctx, plaintext, ciphertext, msglen)
+  do { \
+      if (msglen > 0xffffffff) { \
+          abort(); \
+      } \
+      ECRYPT_process_bytes(0, ctx, plaintext, ciphertext, msglen); \
+  } while(0)
 
 #endif

src/libsodium/include/sodium/crypto_stream_aes256estream.h

@@ -7,11 +7,13 @@
  * provide any security against active attacks.
  * Furthermore, this implementation was not part of NaCl.
  * 
- * If you are looking for a stream cipher, you might consider crypto_stream_chacha20
+ * If you are looking for a stream cipher, you should consider crypto_stream_chacha20
- * or crypto_stream_(x)salsa20 which are timing-attack resistant instead.
+ * or crypto_stream_(x)salsa20, which are timing-attacks resistant.
  * 
- * But unless you know what you're doing, what you are looking for is probably
+ * And unless you know what you're doing, what you are looking for is probably
  * the crypto_box or crypto_secretbox functions.
+ * 
+ * The maximum number of bytes these functions can generate/encrypt is 2^32 - 1.
  */
 
 #include <stddef.h>