Up to [cvs.NetBSD.org] / pkgsrc / security / nettle
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.9 / (download) - annotate - [select for diffs], Fri May 22 08:01:51 2020 UTC (3 years, 10 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2024Q1-base,
pkgsrc-2024Q1,
pkgsrc-2023Q4-base,
pkgsrc-2023Q4,
pkgsrc-2023Q3-base,
pkgsrc-2023Q3,
pkgsrc-2023Q2-base,
pkgsrc-2023Q2,
pkgsrc-2023Q1-base,
pkgsrc-2023Q1,
pkgsrc-2022Q4-base,
pkgsrc-2022Q4,
pkgsrc-2022Q3-base,
pkgsrc-2022Q3,
pkgsrc-2022Q2-base,
pkgsrc-2022Q2,
pkgsrc-2022Q1-base,
pkgsrc-2022Q1,
pkgsrc-2021Q4-base,
pkgsrc-2021Q4,
pkgsrc-2021Q3-base,
pkgsrc-2021Q3,
pkgsrc-2021Q2-base,
pkgsrc-2021Q2,
pkgsrc-2021Q1-base,
pkgsrc-2021Q1,
pkgsrc-2020Q4-base,
pkgsrc-2020Q4,
pkgsrc-2020Q3-base,
pkgsrc-2020Q3,
pkgsrc-2020Q2-base,
pkgsrc-2020Q2,
HEAD
Changes since 1.8: +2 -2
lines
Diff to previous 1.8 (colored) to selected 1.2 (colored)
nettle: updated to 3.6 Nettle 3.6: This release adds a couple of new features, most notable being support for ED448 signatures. It is not binary compatible with earlier releases. The shared library names are libnettle.so.8.0 and libhogweed.so.6.0, with sonames nibnettle.so.8 and libhogweed.so.6. The changed sonames are mainly to avoid upgrade problems with recent GnuTLS versions, that depend on Nettle internals outside of the advertised ABI. But also because of the removal of internal poly1305 functions which were undocumented but declared in an installed header file, see Interface changes below. New features: * Support for Curve448 and ED448 signatures. Contributed by Daiki Ueno. * Support for SHAKE256 (SHA3 variant with arbitrary output size). Contributed by Daiki Ueno. * Support for SIV-CMAC (Synthetic Initialization Vector) mode, contributed by Nikos Mavrogiannopoulos. * Support for CMAC64, contributed by Dmitry Baryshkov. * Support for the "CryptoPro" variant of the GOST hash function, as gosthash94cp. Contributed by Dmitry Baryshkov. * Support for GOST DSA signatures, including GOST curves gc256b and gc512a. Contributed by Dmitry Baryshkov. * Support for Intel CET in x86 and x86_64 assembly files, if enabled via CFLAGS (gcc --fcf-protection=full). Contributed by H.J. Lu and Simo Sorce. * A few new functions to improve support for the Chacha variant with 96-bit nonce and 32-bit block counter (the existing functions use nonce and counter of 64-bit each), and functions to set the counter. Contributed by Daiki Ueno. * New interface, struct nettle_mac, for MAC (message authentication code) algorithms. This abstraction is only for MACs that don't require a per-message nonce. For HMAC, the key size is fixed, and equal the digest size of the underlying hash function. Bug fixes: * Fix bug in cfb8_decrypt. Previously, the IV was not updated correctly in the case of input data shorter than the block size. Reported by Stephan Mueller, fixed by Daiki Ueno. * Fix configure check for __builtin_bswap64, the incorrect check would result in link errors on platforms missing this function. Patch contributed by George Koehler. * All use of old-fashioned suffix rules in the Makefiles have been replaced with %-pattern rules. Nettle's use of suffix rules in earlier versions depended on undocumented GNU make behavior, which is being deprecated in GNU make 4.3. Building with other make programs than GNU make is untested and unsupported. (Building with BSD make or Solaris make used to work years ago, but has not been tested recently). Interface changes: * Declarations of internal poly1305.h functions have been removed from the header file poly1305.h, to make it clear that they are not part of the advertised API or ABI. Miscellaneous: * Building the public key support of nettle now requires GMP version 6.1.0 or later (unless --enable-mini-gmp is used). * A fair amount of changes to ECC internals, with a few deleted and a few new fields in the internal struct ecc_curve. Files and functions have been renamed to more consistently match the curve name, e.g., ecc-256.c has been renamed to ecc-secp256r1.c. * Documentation for chacha-poly1305 updated. It is no longer experimental. The implementation was updated to follow RFC 8439 in Nettle-3.1, but that was not documented or announced at the time.
Revision 1.8 / (download) - annotate - [select for diffs], Sat Jul 20 22:03:16 2019 UTC (4 years, 9 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2020Q1-base,
pkgsrc-2020Q1,
pkgsrc-2019Q4-base,
pkgsrc-2019Q4,
pkgsrc-2019Q3-base,
pkgsrc-2019Q3
Changes since 1.7: +2 -2
lines
Diff to previous 1.7 (colored) to selected 1.2 (colored)
nettle: bump ABI depends because of shlib major bump
Revision 1.7 / (download) - annotate - [select for diffs], Sun Dec 9 20:11:40 2018 UTC (5 years, 4 months ago) by leot
Branch: MAIN
CVS Tags: pkgsrc-2019Q2-base,
pkgsrc-2019Q2,
pkgsrc-2019Q1-base,
pkgsrc-2019Q1,
pkgsrc-2018Q4-base,
pkgsrc-2018Q4
Changes since 1.6: +3 -2
lines
Diff to previous 1.6 (colored) to selected 1.2 (colored)
nettle: Update security/nettle to 3.4.1 Changes: 3.4.1 ----- This release fixes a few bugs, and makes the RSA private key operations side channel silent. The RSA improvements are contributed by Simo Sorce and Red Hat, and include one new public function, rsa_sec_decrypt, see below. All functions using RSA private keys are now side-channel silent, meaning that they try hard to avoid any branches or memory accesses depending on secret data. This applies both to the bignum calculations, which now use GMP's mpn_sec_* family of functions, and the processing of PKCS#1 padding needed for RSA decryption. Nettle's ECC functions were already side-channel silent, while the DSA functions still aren't. There's also one caveat regarding the improved RSA functions: due to small table lookups in relevant mpn_sec_* functions in GMP-6.1.2, the lowest and highest few bits of the secret factors p and q may still leak. I'm not aware of any attacks on RSA where knowing a few bits of the factors makes a significant difference. This leak will likely be plugged in later GMP versions. Changes in behavior: * The functions rsa_decrypt and rsa_decrypt_tr may now clobber all of the provided message buffer, independent of the actual message length. They are side-channel silent, in that branches and memory accesses don't depend on the validity or length of the message. Side-channel leakage from the caller's use of length and return value may still provide an oracle useable for a Bleichenbacher-style chosen ciphertext attack. Which is why the new function rsa_sec_decrypt is recommended. New features: * A new function rsa_sec_decrypt. It differs from rsa_decrypt_tr in that the length of the decrypted message is given a priori, and PKCS#1 padding indicating a different length is treated as an error. For applications that may be subject to chosen ciphertext attacks, it is recommended to initialize the message area with random data, call this function, and ignore the return value. This applies in particular to RSA-based key exchange in the TLS protocol. Bug fixes: * Fix bug in pkcs1-conv, missing break statements in the parsing of PEM input files. * Fix link error on the pss-mgf1-test test, affecting builds without public key support. Performance regression: * All RSA private key operations employing RSA blinding, i.e., rsa_decrypt_tr, rsa_*_sign_tr, the new rsa_sec_decrypt, and rsa_compute_root_tr, are significantly slower. This is because (i) RSA blinding now use side-channel silent operations, (ii) blinding includes a modular inversion, and (iii) side-channel silent modular inversion, implemented as mpn_sec_invert, is very expensive. A 60% slowdown for 2048-bit RSA keys have been measured. Miscellaneous: * Building the public key support of nettle now requires GMP version 6.0 or later (unless --enable-mini-gmp is used). The shared library names are libnettle.so.6.5 and libhogweed.so.4.5, with sonames still libnettle.so.6 and libhogweed.so.4. It is intended to be fully binary compatible with nettle-3.1.
Revision 1.6 / (download) - annotate - [select for diffs], Sun Jan 7 13:04:29 2018 UTC (6 years, 3 months ago) by rillig
Branch: MAIN
CVS Tags: pkgsrc-2018Q3-base,
pkgsrc-2018Q3,
pkgsrc-2018Q2-base,
pkgsrc-2018Q2,
pkgsrc-2018Q1-base,
pkgsrc-2018Q1
Changes since 1.5: +2 -2
lines
Diff to previous 1.5 (colored) to selected 1.2 (colored)
Fix indentation in buildlink3.mk files. The actual fix as been done by "pkglint -F */*/buildlink3.mk", and was reviewed manually. There are some .include lines that still are indented with zero spaces although the surrounding .if is indented. This is existing practice.
Revision 1.5 / (download) - annotate - [select for diffs], Mon Feb 1 13:27:36 2016 UTC (8 years, 2 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2017Q4-base,
pkgsrc-2017Q4,
pkgsrc-2017Q3-base,
pkgsrc-2017Q3,
pkgsrc-2017Q2-base,
pkgsrc-2017Q2,
pkgsrc-2017Q1-base,
pkgsrc-2017Q1,
pkgsrc-2016Q4-base,
pkgsrc-2016Q4,
pkgsrc-2016Q3-base,
pkgsrc-2016Q3,
pkgsrc-2016Q2-base,
pkgsrc-2016Q2,
pkgsrc-2016Q1-base,
pkgsrc-2016Q1
Changes since 1.4: +9 -9
lines
Diff to previous 1.4 (colored) to selected 1.2 (colored)
Update nettle to 3.2. Fix some pkglint while here. NEWS for the Nettle 3.2 release Bug fixes: * The SHA3 implementation is updated according to the FIPS 202 standard. It is not interoperable with earlier versions of Nettle. Thanks to Nikos Mavrogiannopoulos. To easily differentiate at compile time, sha3.h defines the constant NETTLE_SHA3_FIPS202. * Fix corner-case carry propagation bugs affecting elliptic curve operations on the curves secp_256r1 and secp_384r1 on certain platforms, including x86_64. Reported by Hanno Böck. New features: * New functions for RSA private key operations, identified by the "_tr" suffix, with better resistance to side channel attacks and to hardware or software failures which could break the CRT optimization. See the Nettle manual for details. Initial patch by Nikos Mavrogiannopoulos. * New functions nettle_version_major, nettle_version_minor, as a run-time variant of the compile-time constants NETTLE_VERSION_MAJOR and NETTLE_VERSION_MINOR. Optimizations: * New ARM Neon implementation of the chacha stream cipher. Miscellaneous: * ABI detection on mips, with improved default libdir location. Contributed by Klaus Ziegler. * Fixes for ARM assembly syntax, to work better with the clang assembler. Thanks to Jukka Ukkonen. * Disabled use of ifunc relocations for fat builds, to fix problems most easily triggered by using dlopen RTLD_NOW. The shared library names are libnettle.so.6.2 and libhogweed.so.4.2, with sonames still libnettle.so.6 and libhogweed.so.4. It is intended to be fully binary compatible with nettle-3.1.
Revision 1.4 / (download) - annotate - [select for diffs], Sun Aug 23 14:30:36 2015 UTC (8 years, 7 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2015Q4-base,
pkgsrc-2015Q4,
pkgsrc-2015Q3-base,
pkgsrc-2015Q3
Changes since 1.3: +2 -1
lines
Diff to previous 1.3 (colored) to selected 1.2 (colored)
Bump PKGREVISION for nettle shlib major bump.
Revision 1.3 / (download) - annotate - [select for diffs], Mon Jul 9 04:50:12 2012 UTC (11 years, 9 months ago) by chs
Branch: MAIN
CVS Tags: pkgsrc-2015Q2-base,
pkgsrc-2015Q2,
pkgsrc-2015Q1-base,
pkgsrc-2015Q1,
pkgsrc-2014Q4-base,
pkgsrc-2014Q4,
pkgsrc-2014Q3-base,
pkgsrc-2014Q3,
pkgsrc-2014Q2-base,
pkgsrc-2014Q2,
pkgsrc-2014Q1-base,
pkgsrc-2014Q1,
pkgsrc-2013Q4-base,
pkgsrc-2013Q4,
pkgsrc-2013Q3-base,
pkgsrc-2013Q3,
pkgsrc-2013Q2-base,
pkgsrc-2013Q2,
pkgsrc-2013Q1-base,
pkgsrc-2013Q1,
pkgsrc-2012Q4-base,
pkgsrc-2012Q4,
pkgsrc-2012Q3-base,
pkgsrc-2012Q3
Changes since 1.2: +2 -2
lines
Diff to previous 1.2 (colored)
update required version to 2.4, the new gnutls needs it.
Revision 1.2 / (download) - annotate - [selected], Tue Apr 26 09:54:55 2011 UTC (12 years, 11 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2012Q2-base,
pkgsrc-2012Q2,
pkgsrc-2012Q1-base,
pkgsrc-2012Q1,
pkgsrc-2011Q4-base,
pkgsrc-2011Q4,
pkgsrc-2011Q3-base,
pkgsrc-2011Q3,
pkgsrc-2011Q2-base,
pkgsrc-2011Q2
Changes since 1.1: +3 -1
lines
Diff to previous 1.1 (colored)
buildlink3.mk depends on gmp, even when includes are needed; use MAJOR/MINOR for linking libraries
Revision 1.1.1.1 / (download) - annotate - [select for diffs] (vendor branch), Tue Apr 26 08:59:33 2011 UTC (12 years, 11 months ago) by adam
Branch: TNF
CVS Tags: pkgsrc-base
Changes since 1.1: +0 -0
lines
Diff to previous 1.1 (colored) to selected 1.2 (colored)
Nettle is a cryptographic library that is designed to fit easily in more or less any context: In crypto toolkits for object-oriented languages (C++, Python, Pike, ...), in applications like LSH or GNUPG, or even in kernel space. In most contexts, you need more than the basic cryptographic algorithms, you also need some way to keep track of available algorithms, their properties and variants. You often have some algorithm selection process, often dictated by a protocol you want to implement. And as the requirements of applications differ in subtle and not so subtle ways, an API that fits one application well can be a pain to use in a different context. And that is why there are so many different cryptographic libraries around. Nettle tries to avoid this problem by doing one thing, the low-level crypto stuff, and providing a simple but general interface to it. In particular, Nettle doesn't do algorithm selection. It doesn't do memory allocation. It doesn't do any I/O. The idea is that one can build several application and context specific interfaces on top of Nettle, and share the code, test cases, benchmarks, documentation, etc. Examples are the Nettle module for the Pike language, and LSH, which both use an object-oriented abstraction on top of the library.
Revision 1.1 / (download) - annotate - [select for diffs], Tue Apr 26 08:59:33 2011 UTC (12 years, 11 months ago) by adam
Branch: MAIN
Diff to selected 1.2 (colored)
Initial revision