core/crypto: Use `panic_contextless` instead of `intrinsics.trap`

core/crypto/_aes/ct64/ct64.odin

@@ -22,8 +22,6 @@
 
 package aes_ct64
 
-import "base:intrinsics"
-
 // Bitsliced AES for 64-bit general purpose (integer) registers.  Each
 // invocation will process up to 4 blocks at a time.  This implementation
 // is derived from the BearSSL ct64 code, and distributed under a 1-clause
@@ -214,7 +212,7 @@ orthogonalize :: proc "contextless" (q: ^[8]u64) {
 @(require_results)
 interleave_in :: proc "contextless" (w: []u32) -> (q0, q1: u64) #no_bounds_check {
 	if len(w) < 4 {
-		intrinsics.trap()
+		panic_contextless("aes/ct64: invalid input size")
 	}
 	x0, x1, x2, x3 := u64(w[0]), u64(w[1]), u64(w[2]), u64(w[3])
 	x0 |= (x0 << 16)

core/crypto/_aes/ct64/ct64_enc.odin

@@ -22,11 +22,9 @@
 
 package aes_ct64
 
-import "base:intrinsics"
-
 add_round_key :: proc "contextless" (q: ^[8]u64, sk: []u64) #no_bounds_check {
 	if len(sk) < 8 {
-		intrinsics.trap()
+		panic_contextless("aes/ct64: invalid round key size")
 	}
 
 	q[0] ~= sk[0]

core/crypto/_aes/ct64/ct64_keysched.odin

@@ -22,7 +22,6 @@
 
 package aes_ct64
 
-import "base:intrinsics"
 import "core:crypto/_aes"
 import "core:encoding/endian"
 import "core:mem"
@@ -126,7 +125,7 @@ skey_expand :: proc "contextless" (skey, comp_skey: []u64, num_rounds: int) {
 
 orthogonalize_roundkey :: proc "contextless" (qq: []u64, key: []byte) {
 	if len(qq) < 8 || len(key) != 16 {
-		intrinsics.trap()
+		panic_contextless("aes/ct64: invalid round key size")
 	}
 
 	skey: [4]u32 = ---

core/crypto/_aes/ct64/ghash.odin

@@ -22,7 +22,6 @@
 
 package aes_ct64
 
-import "base:intrinsics"
 import "core:crypto/_aes"
 import "core:encoding/endian"
 
@@ -65,7 +64,7 @@ rev64 :: proc "contextless" (x: u64) -> u64 {
 // of GCM.
 ghash :: proc "contextless" (dst, key, data: []byte) {
 	if len(dst) != _aes.GHASH_BLOCK_SIZE || len(key) != _aes.GHASH_BLOCK_SIZE {
-		intrinsics.trap()
+		panic_contextless("aes/ghash: invalid dst or key size")
 	}
 
 	buf := data

core/crypto/_aes/ct64/helpers.odin

@@ -1,12 +1,11 @@
 package aes_ct64
 
-import "base:intrinsics"
 import "core:crypto/_aes"
 import "core:encoding/endian"
 
 load_blockx1 :: proc "contextless" (q: ^[8]u64, src: []byte) {
 	if len(src) != _aes.BLOCK_SIZE {
-		intrinsics.trap()
+		panic_contextless("aes/ct64: invalid block size")
 	}
 
 	w: [4]u32 = ---
@@ -20,7 +19,7 @@ load_blockx1 :: proc "contextless" (q: ^[8]u64, src: []byte) {
 
 store_blockx1 :: proc "contextless" (dst: []byte, q: ^[8]u64) {
 	if len(dst) != _aes.BLOCK_SIZE {
-		intrinsics.trap()
+		panic_contextless("aes/ct64: invalid block size")
 	}
 
 	orthogonalize(q)
@@ -33,13 +32,13 @@ store_blockx1 :: proc "contextless" (dst: []byte, q: ^[8]u64) {
 
 load_blocks :: proc "contextless" (q: ^[8]u64, src: [][]byte) {
 	if n := len(src); n > STRIDE || n == 0 {
-		intrinsics.trap()
+		panic_contextless("aes/ct64: invalid block(s) size")
 	}
 
 	w: [4]u32 = ---
 	for s, i in src {
 		if len(s) != _aes.BLOCK_SIZE {
-			intrinsics.trap()
+			panic_contextless("aes/ct64: invalid block size")
 		}
 
 		w[0] = endian.unchecked_get_u32le(s[0:])
@@ -53,7 +52,7 @@ load_blocks :: proc "contextless" (q: ^[8]u64, src: [][]byte) {
 
 store_blocks :: proc "contextless" (dst: [][]byte, q: ^[8]u64) {
 	if n := len(dst); n > STRIDE || n == 0 {
-		intrinsics.trap()
+		panic_contextless("aes/ct64: invalid block(s) size")
 	}
 
 	orthogonalize(q)
@@ -63,7 +62,7 @@ store_blocks :: proc "contextless" (dst: [][]byte, q: ^[8]u64) {
 			break
 		}
 		if len(d) != _aes.BLOCK_SIZE {
-			intrinsics.trap()
+			panic_contextless("aes/ct64: invalid block size")
 		}
 
 		w0, w1, w2, w3 := interleave_out(q[i], q[i + 4])

core/crypto/_aes/hw_intel/ghash.odin

@@ -155,7 +155,7 @@ square_f128 :: #force_inline proc "contextless" (kw: x86.__m128i) -> (x86.__m128
 @(enable_target_feature = "sse2,ssse3,pclmul")
 ghash :: proc "contextless" (dst, key, data: []byte) #no_bounds_check {
 	if len(dst) != _aes.GHASH_BLOCK_SIZE || len(key) != _aes.GHASH_BLOCK_SIZE {
-		intrinsics.trap()
+		panic_contextless("aes/ghash: invalid dst or key size")
 	}
 
 	// Note: BearSSL opts to copy the remainder into a zero-filled

core/crypto/_chacha20/chacha20.odin

@@ -1,6 +1,5 @@
 package _chacha20
 
-import "base:intrinsics"
 import "core:encoding/endian"
 import "core:math/bits"
 import "core:mem"
@@ -47,7 +46,7 @@ Context :: struct {
 // HChaCha call can be suitably accelerated.
 init :: proc "contextless" (ctx: ^Context, key, iv: []byte, is_xchacha: bool) {
 	if len(key) != KEY_SIZE || len(iv) != IV_SIZE {
-		intrinsics.trap()
+		panic_contextless("chacha20: invalid key or IV size")
 	}
 
 	k, n := key, iv

core/crypto/_chacha20/simd256/chacha20_simd256_stub.odin

@@ -13,5 +13,5 @@ stream_blocks :: proc(ctx: ^_chacha20.Context, dst, src: []byte, nr_blocks: int)
 }
 
 hchacha20 :: proc "contextless" (dst, key, iv: []byte) {
-	intrinsics.trap()
+	panic_contextless("crypto/chacha20: simd256 implementation unsupported")
 }

core/crypto/_edwards25519/edwards25519.odin

@@ -11,7 +11,6 @@ See:
 - https://www.hyperelliptic.org/EFD/g1p/auto-twisted-extended-1.html
 */
 
-import "base:intrinsics"
 import "core:crypto"
 import field "core:crypto/_fiat/field_curve25519"
 import "core:mem"
@@ -108,7 +107,7 @@ ge_set :: proc "contextless" (ge, a: ^Group_Element) {
 @(require_results)
 ge_set_bytes :: proc "contextless" (ge: ^Group_Element, b: []byte) -> bool {
 	if len(b) != 32 {
-		intrinsics.trap()
+		panic_contextless("edwards25519: invalid group element size")
 	}
 	b_ := (^[32]byte)(raw_data(b))
 
@@ -167,7 +166,7 @@ ge_set_bytes :: proc "contextless" (ge: ^Group_Element, b: []byte) -> bool {
 
 ge_bytes :: proc "contextless" (ge: ^Group_Element, dst: []byte) {
 	if len(dst) != 32 {
-		intrinsics.trap()
+		panic_contextless("edwards25519: invalid group element size")
 	}
 	dst_ := (^[32]byte)(raw_data(dst))
 

core/crypto/_edwards25519/edwards25519_scalar.odin

@@ -1,6 +1,5 @@
 package _edwards25519
 
-import "base:intrinsics"
 import field "core:crypto/_fiat/field_scalar25519"
 import "core:mem"
 
@@ -26,7 +25,7 @@ sc_set_u64 :: proc "contextless" (sc: ^Scalar, i: u64) {
 @(require_results)
 sc_set_bytes :: proc "contextless" (sc: ^Scalar, b: []byte) -> bool {
 	if len(b) != 32 {
-		intrinsics.trap()
+		panic_contextless("edwards25519: invalid scalar size")
 	}
 	b_ := (^[32]byte)(raw_data(b))
 	return field.fe_from_bytes(sc, b_)
@@ -34,7 +33,7 @@ sc_set_bytes :: proc "contextless" (sc: ^Scalar, b: []byte) -> bool {
 
 sc_set_bytes_rfc8032 :: proc "contextless" (sc: ^Scalar, b: []byte) {
 	if len(b) != 32 {
-		intrinsics.trap()
+		panic_contextless("edwards25519: invalid scalar size")
 	}
 	b_ := (^[32]byte)(raw_data(b))
 	field.fe_from_bytes_rfc8032(sc, b_)

core/crypto/_fiat/field_poly1305/field.odin

@@ -1,6 +1,5 @@
 package field_poly1305
 
-import "base:intrinsics"
 import "core:encoding/endian"
 import "core:mem"
 
@@ -30,7 +29,7 @@ fe_from_bytes :: #force_inline proc "contextless" (
 	// neater.
 
 	if len(arg1) != 16 {
-		intrinsics.trap()
+		panic_contextless("poly1305: invalid field element size")
 	}
 
 	// While it may be unwise to do deserialization here on our

core/crypto/_fiat/field_scalar25519/field.odin

@@ -1,6 +1,5 @@
 package field_scalar25519
 
-import "base:intrinsics"
 import "core:encoding/endian"
 import "core:math/bits"
 import "core:mem"
@@ -96,7 +95,7 @@ fe_from_bytes_wide :: proc "contextless" (
 _fe_from_bytes_short :: proc "contextless" (out1: ^Montgomery_Domain_Field_Element, arg1: []byte) {
 	// INVARIANT: len(arg1) < 32.
 	if len(arg1) >= 32 {
-		intrinsics.trap()
+		panic_contextless("edwards25519: oversized short scalar")
 	}
 	tmp: [32]byte
 	copy(tmp[:], arg1)
@@ -107,7 +106,7 @@ _fe_from_bytes_short :: proc "contextless" (out1: ^Montgomery_Domain_Field_Eleme
 
 fe_to_bytes :: proc "contextless" (out1: []byte, arg1: ^Montgomery_Domain_Field_Element) {
 	if len(out1) != 32 {
-		intrinsics.trap()
+		panic_contextless("edwards25519: oversized scalar output buffer")
 	}
 
 	tmp: Non_Montgomery_Domain_Field_Element

core/crypto/aead/aead.odin

@@ -16,7 +16,7 @@ seal_oneshot :: proc(algo: Algorithm, dst, tag, key, iv, aad, plaintext: []byte,
 // returning true iff the authentication was successful.  If authentication
 // fails, the destination buffer will be zeroed.
 //
-// dst and plaintext MUST alias exactly or not at all.
+// dst and ciphertext MUST alias exactly or not at all.
 @(require_results)
 open_oneshot :: proc(algo: Algorithm, dst, key, iv, aad, ciphertext, tag: []byte, impl: Implementation = nil) -> bool {
 	ctx: Context