Commit graph

160 commits

Author SHA1 Message Date
nros
a7aa4588a6 Add missing pkg-config override for libgcrypt 2022-09-18 08:50:59 +00:00
nros
f487c1324e Fix usage of -O and -Oz compiling options
The sed options that clear out optimization
options for rndjent.c, that must be compiled
without optimization, did not take away -O
as reported by Jason Bacon on pkgsrc-users.
While here also make it take away the -Oz
optimization option supported by gcc 12
and later.
2022-09-18 08:42:45 +00:00
adam
c263e4a444 libgcrypt: updated to 1.10.1
Noteworthy changes in version 1.10.1 (2022-03-28)
-------------------------------------------------

 * Bug fixes:
   - Fix minor memory leaks in FIPS mode.
   - Build fixes for MUSL libc.

 * Other:
   - More portable integrity check in FIPS mode.
   - Add X9.62 OIDs to sha256 and sha512 modules.
2022-03-29 07:16:00 +00:00
wiz
86c2d4dc08 libgcrypt: update to 1.10.0.
Noteworthy changes in version 1.10.0 (2022-02-01)  [C24/A4/R0]
-------------------------------------------------

 * New and extended interfaces:

   - New control codes to check for FIPS 140-3 approved algorithms.

   - New control code to switch into non-FIPS mode.

   - New cipher modes SIV and GCM-SIV as specified by RFC-5297.

   - Extended cipher mode AESWRAP with padding as specified by
     RFC-5649.  [T5752]

   - New set of KDF functions.

   - New KDF modes Argon2 and Balloon.

   - New functions for combining hashing and signing/verification.  [T4894]

 * Performance:

   - Improved support for PowerPC architectures.

   - Improved ECC performance on zSeries/s390x by using accelerated
     scalar multiplication.

   - Many more assembler performance improvements for several
     architectures.

 * Bug fixes:

   - Fix Elgamal encryption for other implementations.
     [R5328,CVE-2021-40528]

   - Fix alignment problem on macOS.  [T5440]

   - Check the input length of the point in ECDH.  [T5423]

   - Fix an abort in gcry_pk_get_param for "Curve25519".  [T5490]

 * Other features:

   - The control code GCRYCTL_SET_ENFORCED_FIPS_FLAG is ignored
     because it is useless with the FIPS 140-3 related changes.

   - Update of the jitter entropy RNG code.  [T5523]

   - Simplification of the entropy gatherer when using the getentropy
     system call.
2022-02-15 09:30:16 +00:00
nia
3df0f20e22 security: Replace RMD160 checksums with BLAKE2s checksums
All checksums have been double-checked against existing RMD160 and
SHA512 hashes

Unfetchable distfiles (fetched conditionally?):
./security/cyrus-sasl/distinfo cyrus-sasl-dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d.patch.v2
2021-10-26 11:16:56 +00:00
nia
fa4b2904a6 security: Remove SHA1 hashes for distfiles 2021-10-07 14:53:40 +00:00
wiz
1c7d4d020b libgcrypt: update to 1.9.4.
Noteworthy changes in version 1.9.4 (2021-08-22)  [C23/A3/R4]
------------------------------------------------

 * Bug fixes:

   - Fix Elgamal encryption for other implementations.
     [#5328,CVE-2021-33560]

   - Fix alignment problem on macOS.  [#5440]

   - Check the input length of the point in ECDH.  [#5423]

   - Fix an abort in gcry_pk_get_param for "Curve25519".  [#5490]

 * Other features:

   - Add GCM and CCM to OID mapping table for AES. [a83fb13a3b]
2021-08-30 15:53:43 +00:00
spz
7e9ac86133 build fix for NetBSD-8/m68k which calls itself netbsdelf 2021-06-19 11:17:53 +00:00
adam
ff1b1666ef libgcrypt: updated to 1.9.3
Noteworthy changes in version 1.9.3 (2021-04-19)
------------------------------------------------

 * Bug fixes:
   - Fix build problems on i386 using gcc-4.7.
   - Fix checksum calculation in OCB decryption for AES on s390.
   - Fix a regression in gcry_mpi_ec_add related to certain usages of
     curve 25519.
   - Fix a symbol not found problem on Apple M1.
   - Fix for Apple iOS getentropy peculiarity.
   - Make keygrip computation work for compressed points.

* Performance:
   - Add x86_64 VAES/AVX2 accelerated implementation of Camellia.
   - Add x86_64 VAES/AVX2 accelerated implementation of AES.
   - Add VPMSUMD acceleration for GCM mode on PPC.

 * Internal changes.
   - Harden MPI conditional code against EM leakage.
   - Harden Elgamal by introducing exponent blinding.
   - Fix memory leaks in the error code paths of EdDSA.
2021-04-21 08:28:31 +00:00
dholland
c40b549999 PR pkg/56100: security/libgcrypt fails on NetBSD/m68k
Extend the m68k assembler syntax probe to recognize NetBSD targets.
2021-04-13 17:38:12 +00:00
adam
f249304fe3 libgcrypt: updated to 1.9.2
Noteworthy changes in version 1.9.2 (2021-02-17)
------------------------------------------------
 * Bug fixes:
   - Fix build problem for macOS in the random code.
   - Fix building with --disable-asm on x86.
   - Check public key for ECDSA verify operation.
   - Make sure gcry_get_config (NULL) returns a nul-terminated string.
   - Fix a memory leak in the ECDH code.
   - Fix a reading beyond end of input buffer in SHA2-avx2.

 * Other features:
   - New test driver to allow for standalone regression
     tests.
2021-02-18 10:58:08 +00:00
wiz
655be9015a libgcrypt: update to 1.9.1.
Comment out some old workarounds for configure script/compiler issues,
and trust the upstream configure script again until proven wrong.

Remove hacks.mk, the grep does not match anything any longer.

Noteworthy changes in version 1.9.1 (2021-01-29)  [C23/A3/R1]
------------------------------------------------

 * Bug fixes:

   - Fix exploitable bug in hash functions introduced with 1.9.0.
     [#5275]

   - Return an error if a negative MPI is used with sexp scan
     functions.  [#4964]

   - Check for operational FIPS in the random and KDF functions.
     [#5243]

   - Fix compile error on ARMv7 with NEON disabled.  [#5251]

   - Fix self-test in KDF module.  [#5254]

   - Improve assembler checks for better LTO support.  [#5255]

   - Fix assember problem on macOS running on M1.  [#5157]

   - Support older macOS without posix_spawn. [#5159]

   - Fix 32-bit cross build on x86.  [#5257]

   - Fix non-NEON ARM assembly implementation for SHA512.  [#5263]

   - Fix build problems with the cipher_bulk_ops_t typedef.  [#5264]

   - Fix Ed25519 private key handling for preceding ZEROs. [#5267]

   - Fix overflow in modular inverse implementation.  [#5269]

   - Fix register access for AVX/AVX2 implementations of Blake2.
     [#5271].

 * Performance:

   - Add optimized cipher and hash functions for s390x/zSeries.

   - Use hardware bit counting functionx when available.

 * Internal changes:

   - The macOS getentropy syscall is used when available.  [#5268]

   - Update DSA functions to match FIPS 186-3.  [30ed9593f6]

   - New self-tests for CMACs and KDFs.  [385a89e35b,7a0da24925]

   - Add bulk cipher functions for OFB and GCM modes.
     [f12b6788f2,f4e63e92dc]

 Release-info: https://dev.gnupg.org/T5259
2021-01-29 12:10:03 +00:00
wiz
105b217d85 libgcrypt: update to 1.9.0.
Noteworthy changes in version 1.9.0 (2021-01-19)  [C23/A3/R0]
------------------------------------------------

 * New and extended interfaces:

   - New curves Ed448, X448, and SM2.

   - New cipher mode EAX.

   - New cipher algo SM4.

   - New hash algo SM3.

   - New hash algo variants SHA512/224 and SHA512/256.

   - New MAC algos for Blake-2 algorithms, the new SHA512 variants,
     SM3, SM4 and for a GOST variant.

   - New convenience function gcry_mpi_get_ui.

   - gcry_sexp_extract_param understands new format specifiers to
     directly store to integers and strings.

   - New function gcry_ecc_mul_point and curve constants for Curve448
     and Curve25519.  [#4293]

   - New function gcry_ecc_get_algo_keylen.

   - New control code GCRYCTL_AUTO_EXPAND_SECMEM to allow growing the
     secure memory area.  Also in 1.8.2 as an undocumented feature.

 * Performance:

   - Optimized implementations for Aarch64.

   - Faster implementations for Poly1305 and ChaCha.  Also for
     PowerPC.  [b9a471ccf5,172ad09cbe,#4460]

   - Optimized implementations of AES and SHA-256 on PowerPC.
     [#4529,#4530]

   - Improved use of AES-NI to speed up AES-XTS (6 times faster).
     [a00c5b2988]

   - Improved use of AES-NI for OCB.  [eacbd59b13,e924ce456d]

   - Speedup AES-XTS on ARMv8/CE (2.5 times faster).  [93503c127a]

   - New AVX and AVX2 implementations for Blake-2 (1.3/1.4 times
     faster).  [af7fc732f9, da58a62ac1]

   - Use Intel SHA extension for SHA-1 and SHA-256 (4.0/3.7 times
     faster).  [d02958bd30, 0b3ec359e2]

   - Use ARMv7/NEON accelerated GCM implementation (3 times faster).
     [2445cf7431]

   - Use of i386/SSSE3 for SHA-512 (4.5 times faster on Ryzen 7).
     [b52dde8609]

   - Use 64 bit ARMv8/CE PMULL for CRC (7 times faster).  [14c8a593ed]

   - Improve CAST5 (40% to 70% faster).  [4ec566b368]

   - Improve Blowfish (60% to 80% faster).  [ced7508c85]

 * Bug fixes:

   - Fix infinite loop due to applications using fork the wrong
     way.  [#3491][also in 1.8.4]

   - Fix possible leak of a few bits of secret primes to pageable
     memory.  [#3848][also in 1.8.4]

   - Fix possible hang in the RNG (1.8.3 only).  [#4034][also in 1.8.4]

   - Several minor fixes.  [#4102,#4208,#4209,#4210,#4211,#4212]
     [also in 1.8.4]

   - On Linux always make use of getrandom if possible and then use
     its /dev/urandom behaviour.  [#3894][also in 1.8.4]

   - Use blinding for ECDSA signing to mitigate a novel side-channel
     attack.  [#4011,CVE-2018-0495] [also in 1.8.3, 1.7.10]

   - Fix incorrect counter overflow handling for GCM when using an IV
     size other than 96 bit.  [#3764] [also in 1.8.3, 1.7.10]

   - Fix incorrect output of AES-keywrap mode for in-place encryption
     on some platforms.  [also in 1.8.3, 1.7.10]

   - Fix the gcry_mpi_ec_curve_point point validation function.
     [also in 1.8.3, 1.7.10]

   - Fix rare assertion failure in gcry_prime_check.  [also in 1.8.3]

   - Do not use /dev/srandom on OpenBSD.  [also in 1.8.2]

   - Fix test suite failure on systems with large pages. [#3351]
     [also in 1.8.2]

   - Fix test suite to not use mmap on Windows.  [also in 1.8.2]

   - Fix fatal out of secure memory status in the s-expression parser
     on heavy loaded systems.  [also in 1.8.2]

   - Fix build problems on OpenIndiana et al. [#4818, also in 1.8.6]

   - Fix GCM bug on arm64 which troubles for example OMEMO.  [#4986,
     also in 1.8.6]

   - Detect a div-by-zero in a debug helper tool.  [#4868, also in 1.8.6]

   - Use a constant time mpi_inv and related changes.  [#4869, partly
     also in 1.8.6]

   - Fix mpi_copy to correctly handle flags of opaque MPIs.
     [also in 1.8.6]

   - Fix mpi_cmp to consider +0 and -0 the same.  [also in 1.8.6]

   - Fix extra entropy collection via clock_gettime.  Note that this
     fallback code path is not used on any decent hardware.  [#4966,
     also in 1.8.7]

   - Support opaque MPI with gcry_mpi_print.  [#4872, also in 1.8.7]

   - Allow for a Unicode random seed file on Windows.  [#5098, also in
     1.8.7]

 * Other features:

   - Add OIDs from RFC-8410 as aliases for Ed25519 and Curve25519.
     [also in 1.8.6]

   - Add mitigation against ECC timing attack CVE-2019-13626.  [#4626]

   - Internal cleanup of the ECC implementation.

   - Support reading EC point in compressed format for some curves.
     [#4951]
2021-01-25 09:59:50 +00:00
wiz
b9b559d225 libgcrypt: update to 1.8.7.
Noteworthy changes in version 1.8.7 (2020-10-23)  [C22/A2/R8]
------------------------------------------------

 * Bug fixes:

   - Support opaque MPI with gcry_mpi_print.  [#4872]

   - Fix extra entropy collection via clock_gettime.  Note that this
     fallback code path is not used on any decent hardware.  [#4966]

   - Allow for a Unicode random seed file on Windows.  [#5098]
2020-10-31 13:51:24 +00:00
wiz
a672f57017 libgcrypt: update to 1.8.6.
Noteworthy changes in version 1.8.6 (2020-07-06)  [C22/A2/R6]
------------------------------------------------

 * Bug fixes:

   - Fix build problems on OpenIndiana et al. [#4818]

   - Fix GCM bug on arm64 which troubles for example OMEMO.  [#4986]

   - Fix wrong code execution in Poly1305 ARM/NEON implementation.
     [#4833]

   - Detect a div-by-zero in a debug helper tool.  [#4868]

   - Use a constant time mpi_inv in some cases and change the order
     mpi_invm is called.  [#4869]

   - Fix mpi_copy to correctly handle flags of opaque MPIs.

   - Fix mpi_cmp to consider +0 and -0 the same.

 * Other features:

   - Add OIDs from RFC-8410 as aliases for Ed25519 and Curve25519.
2020-07-17 23:22:49 +00:00
nia
80842acaa1 libgcrypt: Update to 1.8.5
Noteworthy changes in version 1.8.5 (2019-08-29)  [C22/A2/R5]
------------------------------------------------

 * Bug fixes:

   - Add mitigation against an ECDSA timing attack.
     [#4626,CVE-2019-13627]

   - Improve ECDSA unblinding.

 * Other features:

   - Provide a pkg-config file for libgcrypt.

 Release-info: https://dev.gnupg.org/T4683
2019-09-02 12:10:54 +00:00
martin
1a498826a9 Fix patch comment, pointed out by joerg 2019-01-09 14:19:26 +00:00
martin
24eee4f3ae Make this buildable on aarch64. 2019-01-09 13:41:41 +00:00
adam
bb5e878be9 libgcrypt: updated to 1.8.4
Noteworthy changes in version 1.8.4:
* Bug fixes:
  - Fix infinite loop due to applications using fork the wrong
    way.
  - Fix possible leak of a few bits of secret primes to pageable
    memory.
  - Fix possible hang in the RNG (1.8.3 only).
  - Several minor fixes.

* Performance:
  - On Linux always make use of getrandom if possible and then use
    its /dev/urandom behaviour.
2018-11-02 23:08:29 +00:00
adam
55fe89d3b9 libgcrypt: updated to 1.8.3
version 1.8.3:
Bug fixes:
- Use blinding for ECDSA signing to mitigate a novel side-channel
  attack.
- Fix incorrect counter overflow handling for GCM when using an IV
  size other than 96 bit.
- Fix incorrect output of AES-keywrap mode for in-place encryption
  on some platforms.
- Fix the gcry_mpi_ec_curve_point point validation function.
- Fix rare assertion failure in gcry_prime_check.
2018-06-20 06:18:53 +00:00
kamil
a730c25086 libgcrypt: Fix build with Clang
Port code that disables optimization on GCC to Clang/LLVM.
2018-05-11 19:20:11 +00:00
wiz
f367007762 *: gd.tuwien.ac.at/ftp.tuwien.ac.at is gone, remove it from various mastersites 2018-04-21 13:38:04 +00:00
adam
44d7df9449 libgcrypt: updated to 1.8.2
Noteworthy changes in version 1.8.2:

 * Bug fixes:
   - Do not use /dev/srandom on OpenBSD.
   - Fix test suite failure on systems with large pages.
   - Fix test suite to not use mmap on Windows.
   - Fix fatal out of secure memory status in the s-expression parser
     on heavy loaded systems.

 * Other:
   - Backport the auto expand secmem feature from master for use by
     the forthcoming GnuPG 2.2.4.
2017-12-14 08:49:54 +00:00
adam
85937a5fd5 version 1.8.1:
Bug fixes:
   - Mitigate a local side-channel attack on Curve25519 dubbed "May
     the Fourth be With You".  [CVE-2017-0379] [also in 1.7.9]
   - Add more extra bytes to the pool after reading a seed file.
   - Add the OID SHA384WithECDSA from RFC-7427 to SHA-384.
   - Fix build problems with the Jitter RNG
   - Fix assembler code build problems on Rasbian (ARMv8/AArch32-CE).
2017-08-27 12:38:36 +00:00
adam
6e9f53918a version 1.8.0:
* New interfaces:
   - New cipher mode XTS
   - New hash function Blake-2
   - New function gcry_mpi_point_copy.
   - New function gcry_get_config.
   - GCRYCTL_REINIT_SYSCALL_CLAMP allows to init nPth after Libgcrypt.
   - New gobal configuration file /etc/gcrypt/random.conf.

 * Extended interfaces:
   - GCRYCTL_PRINT_CONFIG does now also print build information for
     libgpg-error and the used compiler version.
   - GCRY_CIPHER_MODE_CFB8 is now supported.
   - Add Stribog OIDs.

 * Performance:
   - A jitter based entropy collector is now used in addition to the
     other entropy collectors.
   - Optimized gcry_md_hash_buffers for SHA-256 and SHA-512.
   - More ARMv8/AArch32 improvements for AES, GCM, SHA-256, and SHA-1.
   - Add ARMv8/AArch32 assembly implementation for Twofish and
     Camellia.
   - Add bulk processing implementation for ARMv8/AArch32.
   - Improve the DRBG performance and sync the code with the Linux
     version.

 * Internal changes:
   - Libgpg-error 1.25 is now required.  This avoids stalling of nPth
     threads due to contention on internal Libgcrypt locks (e.g. the
     random pool lock).
   - The system call clamp of libgpg-error is now used to wrap the
     blocking read of /dev/random.  This allows other nPth threads to
     run while Libgcrypt is gathering entropy.
   - When secure memory is requested by the MPI functions or by
     gcry_xmalloc_secure, they do not anymore lead to a fatal error if
     the secure memory pool is used up.  Instead new pools are
     allocated as needed.  These new pools are not protected against
     being swapped out (mlock can't be used).  However, these days
     this is considered a minor issue and can easily be mitigated by
     using encrypted swap space.

 * Bug fixes:
   - Fix AES CTR self-check detected failure in the SSSE3 based
     implementation.
   - Remove gratuitous select before the getrandom syscall.
   - Fix regression in mlock detection.
   - Fix GOST 28147 CryptoPro-B S-box.
   - Fix error code handling of mlock calls.
   - Fix possible timing attack on EdDSA session key.
   - Fix long standing bug in secure memory implementation which could
     lead to a segv on free.
   - Mitigate a flush+reload side-channel attack on RSA secret keys
     dubbed "Sliding right into disaster".
2017-07-23 17:27:52 +00:00
adam
9fb41c6872 changes in version 1.7.8:
Bug fixes:
- Mitigate a flush+reload side-channel attack on RSA secret keys
  dubbed "Sliding right into disaster".  For details see
  <https://eprint.iacr.org/2017/627>.  [CVE-2017-7526]
2017-07-04 06:55:53 +00:00
wiz
8ac58494d3 Updated libgcrypt to 1.7.7.
Noteworthy changes in version 1.7.7 (2017-06-02)  [C21/A1/R7]
------------------------------------------------

 * Bug fixes:

   - Fix possible timing attack on EdDSA session key.

   - Fix long standing bug in secure memory implementation which could
     lead to a segv on free. [bug#3027]
2017-06-14 20:18:27 +00:00
wiz
9983529039 Updated libgcrypt to 1.7.6.
All tests pass.

Noteworthy changes in version 1.7.6 (2017-01-18)  [C21/A1/R6]
------------------------------------------------

 * Bug fixes:

   - Fix AES CTR self-check detected failure in the SSSE3 based
     implementation.

   - Remove gratuitous select before the getrandom syscall.
2017-01-22 12:55:29 +00:00
agc
30b55df38e Convert all occurrences (353 by my count) of
MASTER_SITES= 	site1 \
			site2

style continuation lines to be simple repeated

	MASTER_SITES+= site1
	MASTER_SITES+= site2

lines. As previewed on tech-pkg. With thanks to rillig for fixing pkglint
accordingly.
2017-01-19 18:52:01 +00:00
wiz
8abe98f5fa Updated libgcrypt to 1.7.5.
Noteworthy changes in version 1.7.5 (2016-12-15)  [C21/A1/R5]
------------------------------------------------

 * Bug fixes:

   - Fix regression in mlock detection [bug#2870].
2016-12-30 00:41:35 +00:00
wiz
b2c7181019 Updated libgcrypt to 1.7.4.
Noteworthy changes in version 1.7.4 (2016-12-09)  [C21/A1/R4]
------------------------------------------------

 * Performance:

   - More ARMv8/AArch32 improvements for AES, GCM, SHA-256, and SHA-1.

   - Add ARMv8/AArch32 assembly implementation for Twofish and
     Camellia.

   - Add bulk processing implementation for ARMv8/AArch32.

   - Add Stribog OIDs.

   - Improve the DRBG performance and sync the code with the Linux
     version.

 * Internal changes:

   - When secure memory is requested by the MPI functions or by
     gcry_xmalloc_secure, they do not anymore lead to a fatal error if
     the secure memory pool is used up.  Instead new pools are
     allocated as needed.  These new pools are not protected against
     being swapped out (mlock can't be used).  However, these days
     this is considered a minor issue and can easily be mitigated by
     using encrypted swap space.

 * Bug fixes:

   - Fix GOST 28147 CryptoPro-B S-box.

   - Fix error code handling of mlock calls.
2016-12-12 14:19:39 +00:00
fhajny
497462a78a Use COMPILER_RPATH_FLAG properly. Reconciles libgcrypt-config with
Darwin linker. Fixes joyent/pkgsrc#400. Bump PKGREVISION.
2016-09-01 10:19:30 +00:00
wiz
33dbc26450 Depends on libgpg-error-1.13.
From David H. Gutteridge in PR 51430.
2016-08-20 19:22:37 +00:00
maya
a6fb695cb6 Update libgcrypt to 1.7.3
Changelog:

2016-08-17  Werner Koch  <wk@gnupg.org>

	Release 1.7.3.
	* configure.ac: Set LT version to C21/A1/R3.

	random: Hash continuous areas in the csprng pool.
	* random/random-csprng.c (mix_pool): Store the first hash at the end
	of the pool.

	random: Improve the diagram showing the random mixing.
	* random/random-csprng.c (mix_pool): Use DIGESTLEN instead of 20.

2016-07-19  Jussi Kivilinna  <jussi.kivilinna@iki.fi>

	crc-intel-pclmul: split assembly block to ease register pressure.
	* cipher/crc-intel-pclmul.c (crc32_less_than_16): Split inline
	assembly block handling 4 byte input into multiple blocks.

	rijndael-aesni: split assembly block to ease register pressure.
	* cipher/rijndael-aesni.c (do_aesni_ctr_4): Use single register
	constraint for passing 'bige_addb' to assembly block; split
	first inline assembly block into two parts.

2016-07-14  Jussi Kivilinna  <jussi.kivilinna@iki.fi>

	Add ARMv8/AArch32 Crypto Extension implementation of AES.
	* cipher/Makefile.am: Add 'rijndael-armv8-ce.c' and
	'rijndael-armv-aarch32-ce.S'.
	* cipher/rijndael-armv8-aarch32-ce.S: New.
	* cipher/rijndael-armv8-ce.c: New.
	* cipher/rijndael-internal.h (USE_ARM_CE): New.
	(RIJNDAEL_context_s): Add 'use_arm_ce'.
	* cipher/rijndael.c [USE_ARM_CE] (_gcry_aes_armv8_ce_setkey)
	(_gcry_aes_armv8_ce_prepare_decryption)
	(_gcry_aes_armv8_ce_encrypt, _gcry_aes_armv8_ce_decrypt)
	(_gcry_aes_armv8_ce_cfb_enc, _gcry_aes_armv8_ce_cbc_enc)
	(_gcry_aes_armv8_ce_ctr_enc, _gcry_aes_armv8_ce_cfb_dec)
	(_gcry_aes_armv8_ce_cbc_dec, _gcry_aes_armv8_ce_ocb_crypt)
	(_gcry_aes_armv8_ce_ocb_auth): New.
	(do_setkey) [USE_ARM_CE]: Add ARM CE/AES HW feature check and key
	setup for ARM CE.
	(prepare_decryption, _gcry_aes_cfb_enc, _gcry_aes_cbc_enc)
	(_gcry_aes_ctr_enc, _gcry_aes_cfb_dec, _gcry_aes_cbc_dec)
	(_gcry_aes_ocb_crypt, _gcry_aes_ocb_auth) [USE_ARM_CE]: Add
	ARM CE support.
	* configure.ac: Add 'rijndael-armv8-ce.lo' and
	'rijndael-armv8-aarch32-ce.lo'.

	Add ARMv8/AArch32 Crypto Extension implementation of GCM.
	* cipher/Makefile.am: Add 'cipher-gcm-armv8-aarch32-ce.S'.
	* cipher/cipher-gcm-armv8-aarch32-ce.S: New.
	* cipher/cipher-gcm.c [GCM_USE_ARM_PMULL]
	(_gcry_ghash_setup_armv8_ce_pmull, _gcry_ghash_armv8_ce_pmull)
	(ghash_setup_armv8_ce_pmull, ghash_armv8_ce_pmull): New.
	(setupM) [GCM_USE_ARM_PMULL]: Enable ARM PMULL implementation if
	HWF_ARM_PULL HW feature flag is enabled.
	* cipher/cipher-gcm.h (GCM_USE_ARM_PMULL): New.

	Add ARMv8/AArch32 Crypto Extension implemenation of SHA-256.
	* cipher/Makefile.am: Add 'sha256-armv8-aarch32-ce.S'.
	* cipher/sha256-armv8-aarch32-ce.S: New.
	* cipher/sha256.c (USE_ARM_CE): New.
	(sha256_init, sha224_init): Check features for HWF_ARM_SHA1.
	[USE_ARM_CE] (_gcry_sha256_transform_armv8_ce): New.
	(transform) [USE_ARM_CE]: Use ARMv8 CE implementation if HW supports.
	(SHA256_CONTEXT): Add 'use_arm_ce'.
	* configure.ac: Add 'sha256-armv8-aarch32-ce.lo'.

	Add ARMv8/AArch32 Crypto Extension implementation of SHA-1.
	* cipher/Makefile.am: Add 'sha1-armv8-aarch32-ce.S'.
	* cipher/sha1-armv7-neon.S (_gcry_sha1_transform_armv7_neon): Add
	missing size.
	* cipher/sha1-armv8-aarch32-ce.S: New.
	* cipher/sha1.c (USE_ARM_CE): New.
	(sha1_init): Check features for HWF_ARM_SHA1.
	[USE_ARM_CE] (_gcry_sha1_transform_armv8_ce): New.
	(transform) [USE_ARM_CE]: Use ARMv8 CE implementation if HW supports
	it.
	* cipher/sha1.h (SHA1_CONTEXT): Add 'use_arm_ce'.
	* configure.ac: Add 'sha1-armv8-aarch32-ce.lo'.

	Add HW feature check for ARMv8 AArch64 and crypto extensions.
	* configure.ac: Add '--disable-arm-crypto-support'; enable hwf-arm
	module on 64-bit ARM.
	(armcryptosupport, gcry_cv_gcc_inline_aarch32_crypto)
	(gcry_cv_inline_asm_aarch64_neon)
	(gcry_cv_gcc_inline_asm_aarch64_crypto): New.
	* src/g10lib.h (HWF_ARM_AES, HWF_ARM_SHA1, HWF_ARM_SHA2)
	(HWF_ARM_PMULL): New.
	* src/hwf-arm.c [__aarch64__]: Enable building in AArch64 mode.
	(feature_map_s): New.
	[__arm__] (AT_HWCAP, AT_HWCAP2, HWCAP2_AES, HWCAP2_PMULL)
	(HWCAP2_SHA1, HWCAP2_SHA2, arm_features): New.
	[__aarch64__] (AT_HWCAP, AT_HWCAP2, HWCAP_ASIMD, HWCAP_AES)
	(HWCAP_PMULL, HWCAP_SHA1, HWCAP_SHA2, arm_features): New.
	(get_hwcap): Add reading of 'AT_HWCAP2'; Change auxv use
	'unsigned long'.
	(detect_arm_at_hwcap): Add mapping of HWCAP/HWCAP2 to HWF flags.
	(detect_arm_proc_cpuinfo): Add mapping of CPU features to HWF flags.
	(_gcry_hwf_detect_arm): Use __ARM_NEON instead of legacy __ARM_NEON__.
	* src/hwfeatures.c (hwflist): Add 'arm-aes', 'arm-sha1', 'arm-sha2'
	and 'arm-pmull'.
2016-08-17 23:13:11 +00:00
wiz
b42c80fa13 Updated libgcrypt to 1.7.2.
Noteworthy changes in version 1.7.2 (2016-07-14)  [C21/A1/R2]
------------------------------------------------

 * Bug fixes:

   - Fix setting of the ECC cofactor if parameters are specified.

   - Fix memory leak in the ECC code.

   - Remove debug message about unsupported getrandom syscall.

   - Fix build problems related to AVX use.

   - Fix bus errors on ARM for Poly1305, ChaCha20, AES, and SHA-512.

 * Internal changes:

   - Improved fatal error message for wrong use of gcry_md_read.

   - Disallow symmetric encryption/decryption if key is not set.
2016-07-16 08:35:52 +00:00
wiz
a8a410ac57 Fix assembler problems on ARM.
Patches by Michael Plass <mfpnb@plass-family.net> on tech-pkg/port-arm.

Bump PKGREVISION.
2016-07-02 13:24:17 +00:00
wiz
b3ec4b780b Updated libgcrypt to 1.7.1.
Noteworthy changes in version 1.7.1 (2016-06-15)  [C21/A1/R1]
------------------------------------------------

 * Bug fixes:

   - Fix ecc_verify for cofactor support.

   - Fix portability bug when using gcc with Solaris 9 SPARC.

   - Build fix for OpenBSD/amd64

   - Add OIDs to the Serpent ciphers.

 * Internal changes:

   - Use getrandom system call on Linux if available.

   - Blinding is now also used for RSA signature creation.

   - Changed names of debug envvars
2016-06-17 11:56:13 +00:00
ryoon
cc2e0435ac Fix netbsd-6 build
Patch from nonaka@, thank you.
2016-05-15 07:39:12 +00:00
ryoon
deb6c7a1b7 Fix _gcry_sha1_transform_amd64_avx undefined reference error
under NetBSD/amd64 6 and CentOS 6.

* Explicitly disable AVX and AVX2 for GCC 4.4 and 4.5
2016-05-14 23:16:43 +00:00
jperkin
e8dba3b83a Use --disable-pclmul-support on Linux and SunOS i386, the inline assembly
does not compile on either.
2016-04-22 08:28:46 +00:00
wiz
bb1fab099c Update libgcrypt to 1.7.0.
Noteworthy changes in version 1.7.0 (2016-04-15)  [C21/A1/R0]
------------------------------------------------

 * New algorithms and modes:

   - SHA3-224, SHA3-256, SHA3-384, SHA3-512, and MD2 hash algorithms.

   - SHAKE128 and SHAKE256 extendable-output hash algorithms.

   - ChaCha20 stream cipher.

   - Poly1305 message authentication algorithm

   - ChaCha20-Poly1305 Authenticated Encryption with Associated Data
     mode.

   - OCB mode.

   - HMAC-MD2 for use by legacy applications.

 * New curves for ECC:

   - Curve25519.

   - sec256k1.

   - GOST R 34.10-2001 and GOST R 34.10-2012.

 * Performance:

   - Improved performance of KDF functions.

   - Assembler optimized implementations of Blowfish and Serpent on
     ARM.

   - Assembler optimized implementation of 3DES on x86.

   - Improved AES using the SSSE3 based vector permutation method by
     Mike Hamburg.

   - AVX/BMI is used for SHA-1 and SHA-256 on x86.  This is for SHA-1
     about 20% faster than SSSE3 and more than 100% faster than the
     generic C implementation.

   - 40% speedup for SHA-512 and 72% for SHA-1 on ARM Cortex-A8.

   - 60-90% speedup for Whirlpool on x86.

   - 300% speedup for RIPE MD-160.

   - Up to 11 times speedup for CRC functions on x86.

 * Other features:

   - Improved ECDSA and FIPS 186-4 compliance.

   - Support for Montgomery curves.

   - gcry_cipher_set_sbox to tweak S-boxes of the gost28147 cipher
     algorithm.

   - gcry_mpi_ec_sub to subtract two points on a curve.

   - gcry_mpi_ec_decode_point to decode an MPI into a point object.

   - Emulation for broken Whirlpool code prior to 1.6.0.  [from 1.6.1]

   - Flag "pkcs1-raw" to enable PCKS#1 padding with a user supplied
     hash part.

   - Parameter "saltlen" to set a non-default salt length for RSA PSS.

   - A SP800-90A conforming DRNG replaces the former X9.31 alternative
     random number generator.

   - Map deprecated RSA algo number to the RSA algo number for better
     backward compatibility. [from 1.6.2]

   - Use ciphertext blinding for Elgamal decryption [CVE-2014-3591].
     See http://www.cs.tau.ac.il/~tromer/radioexp/ for details.
     [from 1.6.3]

   - Fixed data-dependent timing variations in modular exponentiation
     [related to CVE-2015-0837, Last-Level Cache Side-Channel Attacks
      are Practical]. [from 1.6.3]

   - Flag "no-keytest" for ECC key generation.  Due to a bug in
     the parser that flag will also be accepted but ignored by older
     version of Libgcrypt. [from 1.6.4]

   - Speed up the random number generator by requiring less extra
     seeding. [from 1.6.4]

   - Always verify a created RSA signature to avoid private key leaks
     due to hardware failures. [from 1.6.4]

   - Mitigate side-channel attack on ECDH with Weierstrass curves
     [CVE-2015-7511].  See http://www.cs.tau.ac.IL/~tromer/ecdh/ for
     details. [from 1.6.5]

 * Internal changes:

   - Moved locking out to libgpg-error.

   - Support of the SYSROOT envvar in the build system.

   - Refactor some code.

   - The availability of a 64 bit integer type is now mandatory.

 * Bug fixes:

   - Fixed message digest lookup by OID (regression in 1.6.0).

   - Fixed a build problem on NetBSD

   - Fixed memory leaks in ECC code.

   - Fixed some asm build problems and feature detection bugs.

 * Interface changes relative to the 1.6.0 release:
   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   gcry_cipher_final               NEW macro.
   GCRY_CIPHER_MODE_CFB8           NEW constant.
   GCRY_CIPHER_MODE_OCB            NEW.
   GCRY_CIPHER_MODE_POLY1305       NEW.
   gcry_cipher_set_sbox            NEW macro.
   gcry_mac_get_algo               NEW.
   GCRY_MAC_HMAC_MD2               NEW.
   GCRY_MAC_HMAC_SHA3_224          NEW.
   GCRY_MAC_HMAC_SHA3_256          NEW.
   GCRY_MAC_HMAC_SHA3_384          NEW.
   GCRY_MAC_HMAC_SHA3_512          NEW.
   GCRY_MAC_POLY1305               NEW.
   GCRY_MAC_POLY1305_AES           NEW.
   GCRY_MAC_POLY1305_CAMELLIA      NEW.
   GCRY_MAC_POLY1305_SEED          NEW.
   GCRY_MAC_POLY1305_SERPENT       NEW.
   GCRY_MAC_POLY1305_TWOFISH       NEW.
   gcry_md_extract                 NEW.
   GCRY_MD_FLAG_BUGEMU1            NEW [from 1.6.1].
   GCRY_MD_GOSTR3411_CP            NEW.
   GCRY_MD_SHA3_224                NEW.
   GCRY_MD_SHA3_256                NEW.
   GCRY_MD_SHA3_384                NEW.
   GCRY_MD_SHA3_512                NEW.
   GCRY_MD_SHAKE128                NEW.
   GCRY_MD_SHAKE256                NEW.
   gcry_mpi_ec_decode_point        NEW.
   gcry_mpi_ec_sub                 NEW.
   GCRY_PK_EDDSA                   NEW constant.
   GCRYCTL_GET_TAGLEN              NEW.
   GCRYCTL_SET_SBOX                NEW.
   GCRYCTL_SET_TAGLEN              NEW.
2016-04-18 06:19:57 +00:00
wiz
219b4ee865 Update libgcrypt to 1.6.5:
Noteworthy changes in version 1.6.5 (2016-02-09) [C20/A0/R5]
------------------------------------------------

 * Mitigate side-channel attack on ECDH with Weierstrass curves
   [CVE-2015-7511].  See http://www.cs.tau.ac.IL/~tromer/ecdh/ for
   details.

 * Fix build problem on Solaris.
2016-02-11 13:36:37 +00:00
agc
5293710fb4 Add SHA512 digests for distfiles for security category
Problems found locating distfiles:
	Package f-prot-antivirus6-fs-bin: missing distfile fp-NetBSD.x86.32-fs-6.2.3.tar.gz
	Package f-prot-antivirus6-ws-bin: missing distfile fp-NetBSD.x86.32-ws-6.2.3.tar.gz
	Package libidea: missing distfile libidea-0.8.2b.tar.gz
	Package openssh: missing distfile openssh-7.1p1-hpn-20150822.diff.bz2
	Package uvscan: missing distfile vlp4510e.tar.Z

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.
2015-11-04 01:17:40 +00:00
wiz
c97b3e7b53 Add upstream bug report URL. 2015-09-14 14:58:49 +00:00
wiz
7ea82ca83b Fix build on Solaris 11 per PR 50242 by Jörn Clausen. 2015-09-14 13:25:39 +00:00
wiz
41479d6e6c Update security/libgcrypt to 1.6.4:
Noteworthy changes in version 1.6.4 (2015-09-08) [C20/A0/R4]
------------------------------------------------

 * Speed up the random number generator by requiring less extra
   seeding.

 * New flag "no-keytest" for ECC key generation.  Due to a bug in the
   parser that flag will also be accepted but ignored by older version
   of Libgcrypt.

 * Always verify a created RSA signature to avoid private key leaks
   due to hardware failures.

 * Fix alignment bug in the AESNI code on Windows > 7.

 * Support FreeBSD 10 and later.

 * Other minor bug fixes.
2015-09-09 18:02:15 +00:00
sevan
5c280a567a Re-introduce previous fix for building on Solaris SPARC, confirmed to resolve
issue on Solaris 10 SPARC.

pkg/26815
https://bugs.g10code.com/gnupg/issue1703

Reviewed by wiz@
2015-04-17 14:36:17 +00:00
wiz
c5ee0b8f37 Fix previous. 2015-03-13 23:00:49 +00:00
gendalia
d192f06246 libgpg-error needs to be >= version 1.11. 2015-03-13 22:38:08 +00:00
wiz
9eaa9bcf84 Update to 1.6.3:
Noteworthy changes in version 1.6.3 (2015-02-27) [C20/A0/R3]
------------------------------------------------

 * Use ciphertext blinding for Elgamal decryption [CVE-2014-3591].
   See http://www.cs.tau.ac.il/~tromer/radioexp/ for details.

 * Fixed data-dependent timing variations in modular exponentiation
   [related to CVE-2015-0837, Last-Level Cache Side-Channel Attacks
   are Practical].

 * Improved asm support for older toolchains.
2015-02-28 00:14:25 +00:00