![[BACK]](/icons/back.gif){kind=icon}
Up to [cvs.NetBSD.org] / pkgsrc / security / nettle
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.28 / (download) - annotate - [select for diffs], Tue Jun 6 05:12:06 2023 UTC (10 months, 1 week ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2024Q1-base,
pkgsrc-2024Q1,
pkgsrc-2023Q4-base,
pkgsrc-2023Q4,
pkgsrc-2023Q3-base,
pkgsrc-2023Q3,
pkgsrc-2023Q2-base,
pkgsrc-2023Q2,
HEAD
Changes since 1.27: +4 -4
lines
Diff to previous 1.27 (colored) to selected 1.20 (colored)
nettle: updated to 3.9.1 Nettle 3.9.1 release This is a bugfix release, fixing a few bugs reported for Nettle-3.9. The bug in the new OCB code may be exploitable for denial of service or worse, since triggering it leads to memory corruption. Upgrading from Nettle-3.9 to the new version is strongly recommended. The new version is intended to be fully source and binary compatible with Nettle-3.6. The shared library names are libnettle.so.8.8 and libhogweed.so.6.8, with sonames libnettle.so.8 and libhogweed.so.6. Bug fixes: * Fix OCB loop for processing messages of size 272 bytes or larger. Reported and fixed by Jussi Kivilinna. * Fix alignment bug in the new x86_64 non-pclmul assembly implementation of ghash. Reported by Henrik Grubbström. * Fix build-time memory leak in eccdata. Reported by Noah Watkins.
Revision 1.27 / (download) - annotate - [select for diffs], Tue May 23 13:25:32 2023 UTC (10 months, 3 weeks ago) by wiz
Branch: MAIN
Changes since 1.26: +5 -5
lines
Diff to previous 1.26 (colored) to selected 1.20 (colored)
nettle: update to 3.9.
NEWS for the Nettle 3.9 release
This release includes bug fixes, several new features, a few
performance improvements, and one performance regression
affecting GCM on certain platforms.
The new version is intended to be fully source and binary
compatible with Nettle-3.6. The shared library names are
libnettle.so.8.7 and libhogweed.so.6.7, with sonames
libnettle.so.8 and libhogweed.so.6.
This release includes a rewrite of the C implementation of
GHASH (dating from 2011), as well as the plain x86_64 assembly
version, to use precomputed tables in a different way, with
tables always accessed in the same sequential manner.
This should make Nettle's GHASH implementation side-channel
silent on all platforms, but considerably slower on platforms
without carry-less mul instructions. E.g., benchmarks of the C
implementation on x86_64 showed a slowdown of 3 times.
Bug fixes:
* Fix bug in ecdsa and gostdsa signature verify operation, for
the unlikely corner case that point addition really is point
duplication.
* Fix for chacha on Power7, nettle's assembly used an
instruction only available on later processors. Fixed by
Mamone Tarsha.
* GHASH implementation should now be side-channel silent on
all architectures.
* A few portability fixes for *BSD.
New features:
* Support for the SM4 block cipher, contributed by Tianjia
Zhang.
* Support for the Balloon password hash, contributed by Zoltan
Fridrich.
* Support for SIV-GCM authenticated encryption mode,
contributed by Daiki Ueno.
* Support for OCB authenticated encryption mode.
* New exported functions md5_compress, sha1_compress,
sha256_compress, sha512_compress, based on patches from
Corentin Labbe.
Optimizations:
* Improved sha256 performance, in particular for x86_64 and
s390x.
* Use GMP's mpn_sec_tabselect, which is implemented in
assembly on many platforms, and delete the similar nettle
function. Gives a modest speedup to all ecc operations.
* Faster poly1305 for x86_64 and ppc64. New ppc code
contributed by Mamone Tarsha.
Miscellaneous:
* New ASM_FLAGS variable recognized by configure.
* Delete all arcfour assembly code. Affects 32-bit x86, 32-bit
and 64-bit sparc.
Known issues:
* Version 6.2.1 of GNU GMP (the most recent GMP release as of
this writing) has a known issue for MacOS on 64-bit ARM: GMP
assembly files use the reserved x18 register. On this
platform it is recommended to use a GMP snapshot where this
bug is fixed, and upgrade to a later GMP release when one
becomes available.
* Also on MacOS, Nettle's testsuite may still break due to
DYLD_LIBRARY_PATH being discarded under some circumstances.
As a workaround, use
make check EMULATOR='env DYLD_LIBRARY_PATH=$(TEST_SHLIB_DIR)'
Revision 1.26 / (download) - annotate - [select for diffs], Mon Aug 1 10:08:09 2022 UTC (20 months, 2 weeks ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2023Q1-base,
pkgsrc-2023Q1,
pkgsrc-2022Q4-base,
pkgsrc-2022Q4,
pkgsrc-2022Q3-base,
pkgsrc-2022Q3
Changes since 1.25: +4 -4
lines
Diff to previous 1.25 (colored) to selected 1.20 (colored)
nettle: updated to 3.8.1 Nettle 3.8.1 release This is a bugfix release, fixing a few portability issues reported for Nettle-3.8. Bug fixes: * Avoid non-posix m4 argument references in the chacha implementation for arm64, powerpc64 and s390x. Reported by Christian Weisgerber, fix contributed by Mamone Tarsha. * Use explicit .machine pseudo-ops where needed in s390x assembly files. Bug report by Andreas K. Huettel, fix contributed by Mamone Tarsha. Optimizations: * Implemented runtime detection of cpu features for OpenBSD on arm64. Contributed by Christian Weisgerber. The new version is intended to be fully source and binary compatible with Nettle-3.6. The shared library names are libnettle.so.8.6 and libhogweed.so.6.6, with sonames libnettle.so.8 and libhogweed.so.6.
Revision 1.25 / (download) - annotate - [select for diffs], Sun Jul 3 09:46:45 2022 UTC (21 months, 2 weeks ago) by wiz
Branch: MAIN
Changes since 1.24: +5 -5
lines
Diff to previous 1.24 (colored) to selected 1.20 (colored)
nettle: update to 3.8.
NEWS for the Nettle 3.8 release
This release includes a couple of new features, and many
performance improvements. It adds assembly code for two more
architectures: ARM64 and S390x.
The new version is intended to be fully source and binary
compatible with Nettle-3.6. The shared library names are
libnettle.so.8.5 and libhogweed.so.6.5, with sonames
libnettle.so.8 and libhogweed.so.6.
New features:
* AES keywrap (RFC 3394), contributed by Nicolas Mora.
* SM3 hash function, contributed by Tianjia Zhang.
* New functions cbc_aes128_encrypt, cbc_aes192_encrypt,
cbc_aes256_encrypt.
On processors where AES is fast enough, e.g., x86_64 with
aesni instructions, the overhead of using Nettle's general
cbc_encrypt can be significant. The new functions can be
implemented in assembly, to do multiple blocks with reduced
per-block overhead.
Note that there's no corresponding new decrypt functions,
since the general cbc_decrypt doesn't suffer from the same
performance problem.
Bug fixes:
* Fix fat builds for x86_64 windows, these appear to never
have worked.
Optimizations:
* New ARM64 implementation of AES, GCM, Chacha, SHA1 and
SHA256, for processors supporting crypto extensions. Great
speedups, and fat builds are supported. Contributed by
Mamone Tarsha.
* New s390x implementation of AES, GCM, Chacha, memxor, SHA1,
SHA256, SHA512 and SHA3. Great speedups, and fat builds are
supported. Contributed by Mamone Tarsha.
* New PPC64 assembly for ecc modulo/redc operations,
contributed by Amitay Isaacs, Martin Schwenke and Alastair
D´Silva.
* The x86_64 AES implementation using aesni instructions has
been reorganized with one separate function per key size,
each interleaving the processing of two blocks at a time
(when the caller processes multiple blocks with each call).
This gives a modest performance improvement on some
processors.
* Rewritten and faster x86_64 poly1305 assembly.
Known issues:
* Nettle's testsuite doesn't work out-of-the-box on recent
MacOS, due to /bin/sh discarding the DYLD_LIBRARY_PATH
environment variable. Nettle's test scripts handle this in
some cases, but currently fails the test cases that are
themselves written as /bin/sh scripts. As a workaround, use
make check EMULATOR='env DYLD_LIBRARY_PATH=$(TEST_SHLIB_DIR)'
Miscellaneous:
* Updated manual to current makeinfo conventions, with no
explicit node pointers. Generate pdf version with texi2pdf,
to get working hyper links.
* Added square root functions for NIST ecc curves, as a
preparation for supporting compact point representation.
* Reworked internal GCM/ghash interfaces, simplifying assembly
implementations. Deleted unused GCM C implementation
variants with less than 8-bit lookup table.
Revision 1.24 / (download) - annotate - [select for diffs], Tue Oct 26 11:17:20 2021 UTC (2 years, 5 months ago) by nia
Branch: MAIN
CVS Tags: pkgsrc-2022Q2-base,
pkgsrc-2022Q2,
pkgsrc-2022Q1-base,
pkgsrc-2022Q1,
pkgsrc-2021Q4-base,
pkgsrc-2021Q4
Changes since 1.23: +2 -2
lines
Diff to previous 1.23 (colored) to selected 1.20 (colored)
security: Replace RMD160 checksums with BLAKE2s checksums All checksums have been double-checked against existing RMD160 and SHA512 hashes Unfetchable distfiles (fetched conditionally?): ./security/cyrus-sasl/distinfo cyrus-sasl-dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d.patch.v2
Revision 1.23 / (download) - annotate - [select for diffs], Thu Oct 7 14:54:04 2021 UTC (2 years, 6 months ago) by nia
Branch: MAIN
Changes since 1.22: +1 -2
lines
Diff to previous 1.22 (colored) to selected 1.20 (colored)
security: Remove SHA1 hashes for distfiles
Revision 1.22 / (download) - annotate - [select for diffs], Mon Jun 7 18:57:58 2021 UTC (2 years, 10 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2021Q3-base,
pkgsrc-2021Q3,
pkgsrc-2021Q2-base,
pkgsrc-2021Q2
Changes since 1.21: +5 -5
lines
Diff to previous 1.21 (colored) to selected 1.20 (colored)
nettle: updated to 3.7.3 NEWS for the Nettle 3.7.3 release This is bugfix release, fixing bugs that could make the RSA decryption functions crash on invalid inputs. Upgrading to the new version is strongly recommended. For applications that want to support older versions of Nettle, the bug can be worked around by adding a check that the RSA ciphertext is in the range 0 < ciphertext < n, before attempting to decrypt it. Thanks to Paul Schaub and Justus Winter for reporting these problems. The new version is intended to be fully source and binary compatible with Nettle-3.6. The shared library names are libnettle.so.8.4 and libhogweed.so.6.4, with sonames libnettle.so.8 and libhogweed.so.6. Bug fixes: * Fix crash for zero input to rsa_sec_decrypt and rsa_decrypt_tr. Potential denial of service vector. * Ensure that all of rsa_decrypt_tr and rsa_sec_decrypt return failure for out of range inputs, instead of either crashing, or silently reducing input modulo n. Potential denial of service vector. * Ensure that rsa_decrypt returns failure for out of range inputs, instead of silently reducing input modulo n. * Ensure that rsa_sec_decrypt returns failure if the message size is too large for the given key. Unlike the other bugs, this would typically be triggered by invalid local configuration, rather than by processing untrusted remote data.
Revision 1.21 / (download) - annotate - [select for diffs], Sun Mar 21 20:03:09 2021 UTC (3 years ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2021Q1-base,
pkgsrc-2021Q1
Changes since 1.20: +5 -5
lines
Diff to previous 1.20 (colored)
nettle: updated to 3.7.2 NEWS for the Nettle 3.7.2 release This is a bugfix release, fixing a bug in ECDSA signature verification that could lead to a denial of service attack (via an assertion failure) or possibly incorrect results. It also fixes a few related problems where scalars are required to be canonically reduced modulo the ECC group order, but in fact may be slightly larger. Upgrading to the new version is strongly recommended. Even when no assert is triggered in ecdsa_verify, ECC point multiplication may get invalid intermediate values as input, and produce incorrect results. It's trivial to construct alleged signatures that result in invalid intermediate values. It appears difficult to construct an alleged signature that makes the function misbehave in such a way that an invalid signature is accepted as valid, but such attacks can't be ruled out without further analysis. Thanks to Guido Vranken for setting up the fuzzer tests that uncovered this problem. The new version is intended to be fully source and binary compatible with Nettle-3.6. The shared library names are libnettle.so.8.3 and libhogweed.so.6.3, with sonames libnettle.so.8 and libhogweed.so.6. Bug fixes: * Fixed bug in ecdsa_verify, and added a corresponding test case. * Similar fixes to ecc_gostdsa_verify and gostdsa_vko. * Similar fixes to eddsa signatures. The problem is less severe for these curves, because (i) the potentially out or range value is derived from output of a hash function, making it harder for the attacker to to hit the narrow range of problematic values, and (ii) the ecc operations are inherently more robust, and my current understanding is that unless the corresponding assert is hit, the verify operation should complete with a correct result. * Fix to ecdsa_sign, which with a very low probability could return out of range signature values, which would be rejected immediately by a verifier.
Revision 1.20 / (download) - annotate - [selected], Thu Feb 18 10:59:09 2021 UTC (3 years, 1 month ago) by adam
Branch: MAIN
Changes since 1.19: +6 -6
lines
Diff to previous 1.19 (colored)
nettle: updated to 3.7.1 NEWS for the Nettle 3.7.1 release This is primarily a bug fix release, fixing a couple of problems found in Nettle-3.7. The new version is intended to be fully source and binary compatible with Nettle-3.6. The shared library names are libnettle.so.8.2 and libhogweed.so.6.2, with sonames libnettle.so.8 and libhogweed.so.6. Bug fixes: * Fix bug in chacha counter update logic. The problem affected ppc64 and ppc64el, with the new altivec assembly code enabled. Reported by Andreas Metzler, after breakage in GnuTLS tests on ppc64. * Support for big-endian ARM platforms has been restored. Fixes contributed by Michael Weiser. * Fix build problem on OpenBSD/powerpc64, reported by Jasper Lievisse Adriaanse. * Fix corner case bug in ECDSA verify, it would produce incorrect result in the unlikely case of an all-zero message hash. Reported by Guido Vranken. New features: * Support for pbkdf2_hmac_sha384 and pbkdf2_hmac_sha512, contributed by Nicolas Mora. Miscellaneous: * Poorly performing ARM Neon code for doing single-block Salsa20 and Chacha has been deleted. The code to do two or three blocks in parallel, introduced in Nettle-3.7, is unchanged. NEWS for the Nettle 3.7 release This release adds one new feature, the bcrypt password hashing function, and lots of optimizations. There's also one important change to how Nettle is configured: Fat builds are now on by default. The release adds PowerPC64 assembly for a few algorithms, resulting in great speedups. Benchmarked on a Power9 machine, speedup was 13 times for AES256-CTR and AES256-GCM, and 3.5 times for Chacha. For fat builds (now the default), the new code is used automatically, on processors supporting the needed instruction set extensions. The new version is intended to be fully source and binary compatible with Nettle-3.6. The shared library names are libnettle.so.8.1 and libhogweed.so.6.1, with sonames libnettle.so.8 and libhogweed.so.6. New features: * Support for bcrypt, contributed by Stephen R. van den Berg. Optimizations: * Much faster AES and GCM on PowerPC64 processors supporting the corresponding crypto extensions. Contributed by Mamone Tarsha. * Speed of Chacha improved on PowerPC64, x86_64 and ARM Neon. * Speed of Salsa20 improved on x86_64 and ARM Neon. * Overhaul of some elliptic curve primitives, improving ECDSA signature speed. Configure: * Fat builds are enabled by default on the architectures where it is supported (x86_64, arm and powerpc64). To disable runtime selection, and instead specify the processor flavor at configure time, you need to pass --disable-fat to the configure script. Known issues: * The ARM assembly code in this release doesn't work correctly on big-endian ARM systems. This will hopefully be fixed in a later release. Miscellaneous: * Use a few more gmp-6.1 functions: mpn_cnd_add_n, mpn_cnd_sub_n, mpn_cnd_swap. Delete corresponding internal Nettle functions. * Convert all assembly files to use the default m4 quote characters.
Revision 1.19 / (download) - annotate - [select for diffs], Fri May 22 08:01:51 2020 UTC (3 years, 10 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2020Q4-base,
pkgsrc-2020Q4,
pkgsrc-2020Q3-base,
pkgsrc-2020Q3,
pkgsrc-2020Q2-base,
pkgsrc-2020Q2
Changes since 1.18: +7 -7
lines
Diff to previous 1.18 (colored) to selected 1.20 (colored)
nettle: updated to 3.6 Nettle 3.6: This release adds a couple of new features, most notable being support for ED448 signatures. It is not binary compatible with earlier releases. The shared library names are libnettle.so.8.0 and libhogweed.so.6.0, with sonames nibnettle.so.8 and libhogweed.so.6. The changed sonames are mainly to avoid upgrade problems with recent GnuTLS versions, that depend on Nettle internals outside of the advertised ABI. But also because of the removal of internal poly1305 functions which were undocumented but declared in an installed header file, see Interface changes below. New features: * Support for Curve448 and ED448 signatures. Contributed by Daiki Ueno. * Support for SHAKE256 (SHA3 variant with arbitrary output size). Contributed by Daiki Ueno. * Support for SIV-CMAC (Synthetic Initialization Vector) mode, contributed by Nikos Mavrogiannopoulos. * Support for CMAC64, contributed by Dmitry Baryshkov. * Support for the "CryptoPro" variant of the GOST hash function, as gosthash94cp. Contributed by Dmitry Baryshkov. * Support for GOST DSA signatures, including GOST curves gc256b and gc512a. Contributed by Dmitry Baryshkov. * Support for Intel CET in x86 and x86_64 assembly files, if enabled via CFLAGS (gcc --fcf-protection=full). Contributed by H.J. Lu and Simo Sorce. * A few new functions to improve support for the Chacha variant with 96-bit nonce and 32-bit block counter (the existing functions use nonce and counter of 64-bit each), and functions to set the counter. Contributed by Daiki Ueno. * New interface, struct nettle_mac, for MAC (message authentication code) algorithms. This abstraction is only for MACs that don't require a per-message nonce. For HMAC, the key size is fixed, and equal the digest size of the underlying hash function. Bug fixes: * Fix bug in cfb8_decrypt. Previously, the IV was not updated correctly in the case of input data shorter than the block size. Reported by Stephan Mueller, fixed by Daiki Ueno. * Fix configure check for __builtin_bswap64, the incorrect check would result in link errors on platforms missing this function. Patch contributed by George Koehler. * All use of old-fashioned suffix rules in the Makefiles have been replaced with %-pattern rules. Nettle's use of suffix rules in earlier versions depended on undocumented GNU make behavior, which is being deprecated in GNU make 4.3. Building with other make programs than GNU make is untested and unsupported. (Building with BSD make or Solaris make used to work years ago, but has not been tested recently). Interface changes: * Declarations of internal poly1305.h functions have been removed from the header file poly1305.h, to make it clear that they are not part of the advertised API or ABI. Miscellaneous: * Building the public key support of nettle now requires GMP version 6.1.0 or later (unless --enable-mini-gmp is used). * A fair amount of changes to ECC internals, with a few deleted and a few new fields in the internal struct ecc_curve. Files and functions have been renamed to more consistently match the curve name, e.g., ecc-256.c has been renamed to ecc-secp256r1.c. * Documentation for chacha-poly1305 updated. It is no longer experimental. The implementation was updated to follow RFC 8439 in Nettle-3.1, but that was not documented or announced at the time.
Revision 1.18 / (download) - annotate - [select for diffs], Sat Jul 20 22:01:57 2019 UTC (4 years, 8 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2020Q1-base,
pkgsrc-2020Q1,
pkgsrc-2019Q4-base,
pkgsrc-2019Q4,
pkgsrc-2019Q3-base,
pkgsrc-2019Q3
Changes since 1.17: +6 -6
lines
Diff to previous 1.17 (colored) to selected 1.20 (colored)
nettle: update to 3.5.1. NEWS for the Nettle 3.5.1 release The Nettle-3.5.1 corrects a packaging mistake in Nettle-3.5. The new directory x86_64/sha_ni were missing in the tar file, breaking x86_64 builds with --enable-fat, and producing worse performance than promised for builds with --enable-x86-sha-ni. Also a few unused in-progress assembly files were accidentally included in the tar file. These problems are corrected in Nettle-3.5.1. There are no other changes, and also the library version numbers are unchanged. NEWS for the Nettle 3.5 release This release adds a couple of new features and optimizations, and deletes or deprecates a few obsolete features. It is *not* binary (ABI) compatible with earlier versions. Except for deprecations listed below, it is intended to be fully source-level (API) compatible with Nettle-3.4.1. The shared library names are libnettle.so.7.0 and libhogweed.so.5.0, with sonames libnettle.so.7 and libhogweed.so.5. Changes in behavior: * Nettle's gcm_crypt will now call the underlying block cipher to process more than one block at a time. This is not a change to the documented behavior, but unfortunately breaks assumptions accidentally made in GnuTLS, up to and including version 3.6.1. New features: * Support for CFB8 (Cipher Feedback Mode, processing a single octet per block cipher operation), contributed by Dmitry Eremin-Solenikov. * Support for CMAC (RFC 4493), contributed by Nikos Mavrogiannopoulos. * Support for XTS mode, contributed by Simo Sorce. Optimizations: * Improved performance of the x86_64 AES implementation using the aesni instructions. Gives a large speedup for operations processing multiple blocks at a time (including CTR mode, GCM mode, and CBC decrypt, but *not* CBC encrypt). * Improved performance for CTR mode, for the common case of 16-byte block size. Pass more data at a time to underlying block cipher, and fill the counter blocks more efficiently. Extension to also handle GCM mode efficiently contributed by Nikos Mavrogiannopoulos. * New x86_64 implementation of sha1 and sha256, for processors supporting the sha_ni instructions. Speedup of 3-5 times on affected processors. * Improved parameters for the precomputation of tables used for ecc signatures. Roughly 10%-15% speedup of the ecdsa sign operation using the secp_256r1, secp_384r1 and secp_521r1 curves, and 25% speedup of ed25519 sign operation, benchmarked on x86_64. Table sizes unchanged, around 16 KB per curve. * In ARM fat builds, automatically select Neon implementation of Chacha, where possible. Contributed by Yuriy M. Kaminskiy. Deleted features: * The header file des-compat.h and everything declared therein has been deleted, as announced earlier. This file provided a subset of the old libdes/ssleay/openssl interface for DES and triple-DES. DES is still supported, via the functions declared in des.h. * Functions using the old struct aes_ctx have been marked as deprecated. Use the fixed key size interface instead, e.g., struct aes256_ctx, introduced in Nettle-3.0. * The header file nettle-stdint.h, and corresponding autoconf tests, have been deleted. Nettle now requires that the compiler/libc provides <stdint.h>. Miscellaneous: * Support for big-endian ARM systems, contributed by Michael Weiser. * The programs aesdata, desdata, twofishdata, shadata and gcmdata are no longer built by default. Makefile improvements contributed by Jay Foad. * The "example" program examples/eratosthenes.c has been deleted. * The contents of hash context structs, and the deprecated aes_ctx struct, have been reorganized, to enable later optimizations. The shared library names are libnettle.so.7.0 and libhogweed.so.5.0.
Revision 1.17 / (download) - annotate - [select for diffs], Sun Dec 9 20:11:40 2018 UTC (5 years, 4 months ago) by leot
Branch: MAIN
CVS Tags: pkgsrc-2019Q2-base,
pkgsrc-2019Q2,
pkgsrc-2019Q1-base,
pkgsrc-2019Q1,
pkgsrc-2018Q4-base,
pkgsrc-2018Q4
Changes since 1.16: +5 -5
lines
Diff to previous 1.16 (colored) to selected 1.20 (colored)
nettle: Update security/nettle to 3.4.1 Changes: 3.4.1 ----- This release fixes a few bugs, and makes the RSA private key operations side channel silent. The RSA improvements are contributed by Simo Sorce and Red Hat, and include one new public function, rsa_sec_decrypt, see below. All functions using RSA private keys are now side-channel silent, meaning that they try hard to avoid any branches or memory accesses depending on secret data. This applies both to the bignum calculations, which now use GMP's mpn_sec_* family of functions, and the processing of PKCS#1 padding needed for RSA decryption. Nettle's ECC functions were already side-channel silent, while the DSA functions still aren't. There's also one caveat regarding the improved RSA functions: due to small table lookups in relevant mpn_sec_* functions in GMP-6.1.2, the lowest and highest few bits of the secret factors p and q may still leak. I'm not aware of any attacks on RSA where knowing a few bits of the factors makes a significant difference. This leak will likely be plugged in later GMP versions. Changes in behavior: * The functions rsa_decrypt and rsa_decrypt_tr may now clobber all of the provided message buffer, independent of the actual message length. They are side-channel silent, in that branches and memory accesses don't depend on the validity or length of the message. Side-channel leakage from the caller's use of length and return value may still provide an oracle useable for a Bleichenbacher-style chosen ciphertext attack. Which is why the new function rsa_sec_decrypt is recommended. New features: * A new function rsa_sec_decrypt. It differs from rsa_decrypt_tr in that the length of the decrypted message is given a priori, and PKCS#1 padding indicating a different length is treated as an error. For applications that may be subject to chosen ciphertext attacks, it is recommended to initialize the message area with random data, call this function, and ignore the return value. This applies in particular to RSA-based key exchange in the TLS protocol. Bug fixes: * Fix bug in pkcs1-conv, missing break statements in the parsing of PEM input files. * Fix link error on the pss-mgf1-test test, affecting builds without public key support. Performance regression: * All RSA private key operations employing RSA blinding, i.e., rsa_decrypt_tr, rsa_*_sign_tr, the new rsa_sec_decrypt, and rsa_compute_root_tr, are significantly slower. This is because (i) RSA blinding now use side-channel silent operations, (ii) blinding includes a modular inversion, and (iii) side-channel silent modular inversion, implemented as mpn_sec_invert, is very expensive. A 60% slowdown for 2048-bit RSA keys have been measured. Miscellaneous: * Building the public key support of nettle now requires GMP version 6.0 or later (unless --enable-mini-gmp is used). The shared library names are libnettle.so.6.5 and libhogweed.so.4.5, with sonames still libnettle.so.6 and libhogweed.so.4. It is intended to be fully binary compatible with nettle-3.1.
Revision 1.16 / (download) - annotate - [select for diffs], Tue Nov 28 14:06:12 2017 UTC (6 years, 4 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2018Q3-base,
pkgsrc-2018Q3,
pkgsrc-2018Q2-base,
pkgsrc-2018Q2,
pkgsrc-2018Q1-base,
pkgsrc-2018Q1,
pkgsrc-2017Q4-base,
pkgsrc-2017Q4
Changes since 1.15: +5 -5
lines
Diff to previous 1.15 (colored) to selected 1.20 (colored)
nettle: update to 3.4. NEWS for the Nettle 3.4 release This release fixes bugs and adds a few new features. It also addresses an ABI compatibility issue affecting Nettle-3.1 and later, see below. Bug fixes: * Fixed an improper use of GMP mpn_mul, breaking curve2559 and eddsa on certain platforms. Reported by Sergei Trofimovich. * Fixed memory leak when handling invalid signatures in ecdsa_verify. Fix contributed by Nikos Mavrogiannopoulos. * Fix compilation error with --enable-fat om ARM. Fix contributed by Andreas Schneider. * Reorganized the way certain data items are made available. Short version: Nettle header files now define the symbols nettle_hashes, nettle_ciphers, and nettle_aeads, as preprocessor macros invoking a corresponding accessor function. For backwards ABI compatibility, the symbols are still present in the compiled libraries, and with the same sizes as in nettle-3.3. New features: * Support for RSA-PSS signatures, contributed by Daiki Ueno. * Support for the HKDF key derivation function, defined by RFC 5869. Contributed by Nikos Mavrogiannopoulos. * Support for the Cipher Feedback Mode (CFB), contributed by Dmitry Eremin-Solenikov. * New accessor functions: nettle_get_hashes, nettle_get_ciphers, nettle_get_aeads, nettle_get_secp_192r1, nettle_get_secp_224r1, nettle_get_secp_256r1, nettle_get_secp_384r1, nettle_get_secp_521r1. For source-level compatibility with future versions, applications are encouraged to migrate to using these functions instead of referring to the corresponding data items directly. Miscellaneous: * The base16 and base64 functions now use the type char * for ascii data, rather than uint8_t *. This eliminates the last pointer-signedness warnings when building Nettle. This is a minor API change, and applications may need to be adjusted, but the ABI is unaffected on all platforms I'm aware of. * The contents of the header file nettle/version.h is now architecture independent, except in --enable-mini-gmp configurations. ABI issue: Since the breakage was a bit subtle, let me document it here. The nettle and hogweed libraries export a couple of data symbols, and for some of these, the size was never intended to be part of the ABI. E.g., extern const struct nettle_hash * const nettle_hashes[]; which is an NULL-terminated array. It turns out the sizes nevertheless may leak into the ABI, and that increasing the sizes can break old executables linked with a newer version of the library. When linking a classic non-PIE executable with a shared library, we get ELF relocations of type R_X86_64_COPY for references to data items. These mean that the linker allocates space for the data item in the data segment of executable, at a fixed address determined at link-time, and with size extracted from the version of the .so-file seen when linking. At load time, the run time linker then copies the contents of the symbol from the .so file to that location, and uses the copy instead of the version loaded with the .so-file. And if the data item in the .so file used at load time is larger than the data item seen at link time, it is silently truncated in the process. So when SHA3 hashes were was added to the nettle_hashes array in the nettle-3.3 release, this way of linking produces a truncated array at load time, no longer NULL-terminated. We will get similar problems for planned extensions of the internal struct ecc_curve, and exported data items like extern const struct ecc_curve nettle_secp_256r1; where the ecc_curve struct is only forward declared in the public headers. To prepare, applications should migrate to using the new function nettle_get_secp_256r1, and similarly for the other curves. In some future version, the plan is to add a leading underscore to the name of the actual data items. E.g., nettle_hashes --> _nettle_hashes, breaking the ABI, while keeping the nettle_get_hashes function and the nettle_hashes macro as the supported ways to access it. We will also rename nettle_secp_256r1 --> _nettle_secp_256r1, breaking both ABI and API. Note that data items like nettle_sha256 are *not* affected, since the size and layout of this struct is considered part of the ABI, and R_X86_64_COPY-relocations then work fine.
Revision 1.15 / (download) - annotate - [select for diffs], Mon Oct 3 12:28:19 2016 UTC (7 years, 6 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2017Q3-base,
pkgsrc-2017Q3,
pkgsrc-2017Q2-base,
pkgsrc-2017Q2,
pkgsrc-2017Q1-base,
pkgsrc-2017Q1,
pkgsrc-2016Q4-base,
pkgsrc-2016Q4
Changes since 1.14: +5 -5
lines
Diff to previous 1.14 (colored) to selected 1.20 (colored)
Updated nettle to 3.3. NEWS for the Nettle 3.3 release This release fixes a couple of bugs, and improves resistance to side-channel attacks on RSA and DSA private key operations. Changes in behavoir: * Invalid private RSA keys, with an even modulo, are now rejected by rsa_private_key_prepare. (Earlier versions allowed such keys, even if results of using them were bogus). Nettle applications are required to call rsa_private_key_prepare and check the return value, before using any other RSA private key functions; failing to do so may result in crashes for invalid private keys. As a workaround for versions of Gnutls which don't use rsa_private_key_prepare, additional checks for even moduli are added to the rsa_*_tr functions which are used by all recent versions of Gnutls. * Ignore bit 255 of the x coordinate of the input point to curve25519_mul, as required by RFC 7748. To differentiate at compile time, curve25519.h defines the constant NETTLE_CURVE25519_RFC7748. Security: * RSA and DSA now use side-channel silent modular exponentiation, to defend against attacks on the private key from evil processes sharing the same processor cache. This attack scenario is of particular relevance when running an HTTPS server on a virtual machine, where you don't know who you share the cache hardware with. (Private key operations on elliptic curves were already side-channel silent). Bug fixes: * Fix sexp-conv crashes on invalid input. Reported by Hanno Böck. * Fix out-of-bounds read in des_weak_p. Fixed by Nikos Mavrogiannopoulos. * Fix a couple of formally undefined shift operations, reported by Nikos Mavrogiannopoulos. * Fix compilation with c89. Reported by Henrik Grubbström. New features: * New function memeql_sec, for side-channel silent comparison of two memory areas. Miscellaneous: * Building the public key support of nettle now requires GMP version 5.0 or later (unless --enable-mini-gmp is used). * Filenames of windows DLL libraries now include major number only. So the dll names change at the same time as the corresponding soname on ELF platforms. Fixed by Nikos Mavrogiannopoulos. * Eliminate most pointer-signedness warnings. In the process, the strings representing expression type for sexp_interator functions were changed from const uint8_t * to const char *. These functions are undocumented, and it doesn't change the ABI on any platform I'm aware of. The shared library names are libnettle.so.6.3 and libhogweed.so.4.3, with sonames still libnettle.so.6 and libhogweed.so.4. It is intended to be fully binary compatible with nettle-3.1.
Revision 1.14 / (download) - annotate - [select for diffs], Mon Feb 1 13:27:36 2016 UTC (8 years, 2 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2016Q3-base,
pkgsrc-2016Q3,
pkgsrc-2016Q2-base,
pkgsrc-2016Q2,
pkgsrc-2016Q1-base,
pkgsrc-2016Q1
Changes since 1.13: +5 -5
lines
Diff to previous 1.13 (colored) to selected 1.20 (colored)
Update nettle to 3.2. Fix some pkglint while here. NEWS for the Nettle 3.2 release Bug fixes: * The SHA3 implementation is updated according to the FIPS 202 standard. It is not interoperable with earlier versions of Nettle. Thanks to Nikos Mavrogiannopoulos. To easily differentiate at compile time, sha3.h defines the constant NETTLE_SHA3_FIPS202. * Fix corner-case carry propagation bugs affecting elliptic curve operations on the curves secp_256r1 and secp_384r1 on certain platforms, including x86_64. Reported by Hanno Böck. New features: * New functions for RSA private key operations, identified by the "_tr" suffix, with better resistance to side channel attacks and to hardware or software failures which could break the CRT optimization. See the Nettle manual for details. Initial patch by Nikos Mavrogiannopoulos. * New functions nettle_version_major, nettle_version_minor, as a run-time variant of the compile-time constants NETTLE_VERSION_MAJOR and NETTLE_VERSION_MINOR. Optimizations: * New ARM Neon implementation of the chacha stream cipher. Miscellaneous: * ABI detection on mips, with improved default libdir location. Contributed by Klaus Ziegler. * Fixes for ARM assembly syntax, to work better with the clang assembler. Thanks to Jukka Ukkonen. * Disabled use of ifunc relocations for fat builds, to fix problems most easily triggered by using dlopen RTLD_NOW. The shared library names are libnettle.so.6.2 and libhogweed.so.4.2, with sonames still libnettle.so.6 and libhogweed.so.4. It is intended to be fully binary compatible with nettle-3.1.
Revision 1.13 / (download) - annotate - [select for diffs], Wed Nov 4 01:17:51 2015 UTC (8 years, 5 months ago) by agc
Branch: MAIN
CVS Tags: pkgsrc-2015Q4-base,
pkgsrc-2015Q4
Changes since 1.12: +2 -1
lines
Diff to previous 1.12 (colored) to selected 1.20 (colored)
Add SHA512 digests for distfiles for security category Problems found locating distfiles: Package f-prot-antivirus6-fs-bin: missing distfile fp-NetBSD.x86.32-fs-6.2.3.tar.gz Package f-prot-antivirus6-ws-bin: missing distfile fp-NetBSD.x86.32-ws-6.2.3.tar.gz Package libidea: missing distfile libidea-0.8.2b.tar.gz Package openssh: missing distfile openssh-7.1p1-hpn-20150822.diff.bz2 Package uvscan: missing distfile vlp4510e.tar.Z Otherwise, existing SHA1 digests verified and found to be the same on the machine holding the existing distfiles (morden). All existing SHA1 digests retained for now as an audit trail.
Revision 1.12 / (download) - annotate - [select for diffs], Sun Aug 23 14:22:10 2015 UTC (8 years, 7 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2015Q3-base,
pkgsrc-2015Q3
Changes since 1.11: +7 -8
lines
Diff to previous 1.11 (colored) to selected 1.20 (colored)
Update to 3.1.1, now that gnutls is fixed to build with it.
NEWS for the Nettle 3.1.1 release
This release fixes a couple of non-critical bugs.
Bug fixes:
* By accident, nettle-3.1 disabled the assembly code for the
secp_224r1 and secp_521r1 elliptic curves on all x86_64
configurations, making signature operations on those curves
10%-30% slower. This code is now re-enabled.
* The x86_64 assembly implementation of gcm hashing has been
fixed to work with the Sun/Oracle assembler.
The shared library names are libnettle.so.6.1 and
libhogweed.so.4.1, with sonames still libnettle.so.6 and
libhogweed.so.4. It is intended to be fully binary compatible
with nettle-3.1.
NEWS for the Nettle 3.1 release
This release adds a couple of new features.
The library is mostly source-level compatible with nettle-3.0.
It is however not binary compatible, due to the introduction
of versioned symbols, and extensions to the base64 context
structs. The shared library names are libnettle.so.6.0 and
libhogweed.so.4.0, with sonames libnettle.so.6 and
libhogweed.so.4.
Bug fixes:
* Fixed a missing include of <limits.h>, which made the
camellia implementation fail on all 64-bit non-x86
platforms.
* Eliminate out-of-bounds reads in the C implementation of
memxor (related to valgrind's --partial-loads-ok flag).
Interface changes:
* Declarations of many internal functions are moved from ecc.h
to ecc-internal.h. The functions are undocumented, and
luckily they're apparently also unused by applications, so I
don't expect any problems from this change.
New features:
* Support for curve25519 and for EdDSA25519 signatures.
* Support for "fat builds" on x86_64 and arm, where the
implementation of certain functions is selected at run-time
depending on available cpu features. Configure with
--enable-fat to try this out. If it turns out to work well
enough, it will likely be enabled by default in later
releases.
* Support for building the hogweed library (public key
support) using "mini-gmp", a small but slower implementation
of a subset of the GMP interfaces. Note that builds using
mini-gmp are *not* binary compatible with regular builds,
and more likely to leak side-channel information.
One intended use-case is for small embedded applications
which need to verify digital signatures.
* The shared libraries are now built with versioned symbols.
Should reduce problems in case a program links explicitly to
nettle and/or hogweed, and to gnutls, and the program and
gnutls expect different versions.
* Support for "URL-safe" base64 encoding and decoding, as
specified in RFC 4648. Contributed by Amos Jeffries.
Optimizations:
* New x86_64 implementation of AES, using the "aesni"
instructions. Autodetected in fat builds. In non-fat builds,
it has to be enabled explicitly with --enable-x86-aesni.
Build system:
* Use the same object files for both static and shared
libraries. This eliminates the *.po object files which were
confusing to some tools (as well as humans). Like before,
PIC code is used by default; to build a non-pic static
library, configure with --disable-pic --disable-shared.
Miscellaneous:
* Made type-checking hack in CBC_ENCRYPT and similar macros
stricter, to generate warnings if they are used with
functions which have a length argument smaller than size_t.
Revision 1.11 / (download) - annotate - [select for diffs], Fri Nov 21 14:11:19 2014 UTC (9 years, 4 months ago) by joerg
Branch: MAIN
CVS Tags: pkgsrc-2015Q2-base,
pkgsrc-2015Q2,
pkgsrc-2015Q1-base,
pkgsrc-2015Q1,
pkgsrc-2014Q4-base,
pkgsrc-2014Q4
Changes since 1.10: +2 -1
lines
Diff to previous 1.10 (colored) to selected 1.20 (colored)
Just because GAS accepts something doesn't make it valid syntax.
Revision 1.10 / (download) - annotate - [select for diffs], Tue Nov 26 09:22:19 2013 UTC (10 years, 4 months ago) by martin
Branch: MAIN
CVS Tags: pkgsrc-2014Q3-base,
pkgsrc-2014Q3,
pkgsrc-2014Q2-base,
pkgsrc-2014Q2,
pkgsrc-2014Q1-base,
pkgsrc-2014Q1,
pkgsrc-2013Q4-base,
pkgsrc-2013Q4
Changes since 1.9: +2 -2
lines
Diff to previous 1.9 (colored) to selected 1.20 (colored)
Make it use -fPIC on NetBSD (does not build on at least sparc64 otherwise). Bump rev.
Revision 1.9 / (download) - annotate - [select for diffs], Wed May 29 20:19:28 2013 UTC (10 years, 10 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2013Q3-base,
pkgsrc-2013Q3,
pkgsrc-2013Q2-base,
pkgsrc-2013Q2
Changes since 1.8: +4 -4
lines
Diff to previous 1.8 (colored) to selected 1.20 (colored)
Changes 2.7.1:
This is a bugfix release.
Bug fixes:
* Fixed a bug in the new ECC code. The ecc_j_to_a function
called GMP:s mpn_mul_n (via ecc_modp_mul) with overlapping
input and output arguments, which is not supported.
* The assembly files for SHA1, SHA256 and AES depend on ARMv6
instructions, breaking nettle-2.7 for pre-v6 ARM processors.
The configure script now enables those assembly files only
when building for ARMv6 or later.
* Use a more portable C expression for rotations. The
previous version used the following "standard" expression
for 32-bit rotation:
(x << n) | (x >> (32 - n))
But this gives undefined behavior (according to the C
specification) for n = 0. The rotate expression is replaced
by the more portable:
(x << n) | (x >> ((-n)&31))
This change affects only CAST128, which uses non-constant
rotation counts. Unfortunately, the new expression is poorly
optimized by released versions of gcc, making CAST128 a bit
slower. This is being fixed by the gcc hackers, see
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=57157.
The following problems have been reported, but are *not* fixed
in this release:
* ARM assembly files use instruction syntax which is not
supported by all assemblers. Workaround: Use a current
version of GNU as, or configure with --disable-assembler.
* Configuring with --disable-static doesn't work on windows.
The libraries are intended to be binary compatible with
nettle-2.2 and later. The shared library names are
libnettle.so.4.7 and libhogweed.so.2.5, with sonames still
libnettle.so.4 and libhogweed.so.2.
Revision 1.8 / (download) - annotate - [select for diffs], Mon Apr 29 16:42:24 2013 UTC (10 years, 11 months ago) by adam
Branch: MAIN
Changes since 1.7: +8 -8
lines
Diff to previous 1.7 (colored) to selected 1.20 (colored)
NEWS for the 2.7 release
This release includes an implementation of elliptic curve
cryptography (ECC) and optimizations for the ARM architecture.
This work was done at the offices of South Pole AB, and
generously funded by the .SE Internet Fund.
Bug fixes:
* Fixed a bug in the buffer handling for incremental SHA3
hashing, with a possible buffer overflow. Patch by Edgar
E. Iglesias.
New features:
* Support for ECDSA signatures. Elliptic curve operations over
the following curves: secp192r1, secp224r1, secp256r1,
secp384r1 and secp521r1, including x86_64 and ARM assembly
for the most important primitives.
* Support for UMAC, including x86_64 and ARM assembly.
* Support for 12-round salsa20, "salsa20r12", as specified by
eSTREAM. Contributed by Nikos Mavrogiannopoulos.
Optimizations:
* ARM assembly code for several additional algorithms,
including AES, Salsa20, and the SHA family of hash
functions.
* x86_64 assembly for SHA256, SHA512, and SHA3. (SHA3 assembly
was included in the 2.6 release, but disabled due to poor
performance on some AMD processors. Hopefully, that
performance problem is fixed now).
The ARM code was tested and benchmarked on Cortex-A9. Some of
the functions use "neon" instructions. The configure script
decides if neon instructions can be used, and the command line
options --enable-arm-neon and --disable-arm-neon can be used
to override its choice. Feedback appreciated.
The libraries are intended to be binary compatible with
nettle-2.2 and later. The shared library names are
libnettle.so.4.6 and libhogweed.so.2.4, with sonames still
libnettle.so.4 and libhogweed.so.2.
Revision 1.7 / (download) - annotate - [select for diffs], Fri Mar 15 18:22:03 2013 UTC (11 years, 1 month ago) by drochner
Branch: MAIN
CVS Tags: pkgsrc-2013Q1-base,
pkgsrc-2013Q1
Changes since 1.6: +8 -8
lines
Diff to previous 1.6 (colored) to selected 1.20 (colored)
update to 2.6 changes: -support for PKCS #5 PBKDF2, SHA3, GOST R 34.11-94 -bugfixes -minor improvements
Revision 1.6 / (download) - annotate - [select for diffs], Thu Sep 8 20:22:13 2011 UTC (12 years, 7 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2012Q4-base,
pkgsrc-2012Q4,
pkgsrc-2012Q3-base,
pkgsrc-2012Q3,
pkgsrc-2012Q2-base,
pkgsrc-2012Q2,
pkgsrc-2012Q1-base,
pkgsrc-2012Q1,
pkgsrc-2011Q4-base,
pkgsrc-2011Q4,
pkgsrc-2011Q3-base,
pkgsrc-2011Q3
Changes since 1.5: +4 -5
lines
Diff to previous 1.5 (colored) to selected 1.20 (colored)
Update to 2.4:
NEWS for the 2.4 release
This is a bugfix release only. It turned out ripemd160 in the
2.3 release was broken on all big-endian systems, due to a
missing include of config.h. nettle-2.4 fixes this.
The library is intended to be binary compatible with
nettle-2.2 and nettle-2.3. The shared library names are
libnettle.so.4.3 and libhogweed.so.2.1, with sonames still
libnettle.so.4 and libhogweed.so.2.
NEWS for the 2.3 release
* Support for the ripemd-160 hash function.
* Generates and installs nettle.pc and hogweed.pc files, for
use with pkg-config. Feedback appreciated. For projects
using autoconf, the traditional non-pkg-config ways of
detecting libraries, and setting LIBS and LDFLAGS, is still
recommended.
* Fixed a bug which made the testsuite fail in the GCM test on
certain platforms. Should not affect any documented features
of the library.
* Reorganization of the code for the various Merkle-Damg
hash functions. Some fields in the context structs for md4,
md5 and sha1 have been renamed, for consistency.
Applications should not peek inside these structs, and the
ABI is unchanged.
* In the manual, fixed mis-placed const in certain function
prototypes.
The library is intended to be binary compatible with
nettle-2.2. The shared library names are libnettle.so.4.2 and
libhogweed.so.2.1, with sonames still libnettle.so.4 and
libhogweed.so.2.
Revision 1.5 / (download) - annotate - [select for diffs], Thu Aug 25 20:17:25 2011 UTC (12 years, 7 months ago) by tron
Branch: MAIN
Changes since 1.4: +2 -1
lines
Diff to previous 1.4 (colored) to selected 1.20 (colored)
Fix linking error under Mac OS X caused by duplicate definition of a bunch of global variables.
Revision 1.4 / (download) - annotate - [select for diffs], Mon Aug 22 15:09:21 2011 UTC (12 years, 7 months ago) by wiz
Branch: MAIN
Changes since 1.3: +7 -7
lines
Diff to previous 1.3 (colored) to selected 1.20 (colored)
Update to 2.2. Update LICENSE (see below).
NEWS for the 2.2 release
Licensing change:
* Relicensed as LGPL v2.1 or later (user's option).
* Replaced blowfish and serpent implementation. New code is
based on the LGPLed code in libgcrypt.
New features:
* Support for Galois/Counter Mode (GCM).
* New interface for enumerating (most) available algorithms,
contributed by Daniel Kahn Gillmor.
* New tool nettle-hash. Can generate hash digests using any
supported hash function, with output compatible with md5sum
and friends from GNU coreutils. Checking (like md5sum -c)
not yet implemented.
Bug fixes:
* The old serpent code had a byte order bug (introduced by
yours truly about ten years ago). New serpent implementation
does not interoperate with earlier versions of nettle.
* Fixed ABI-dependent libdir default for Linux-based systems
which do not follow the Linux File Hierarchy Standard, e.g.,
Debian GNU/Linux.
Optimizations:
* x86_64 implemention of serpent.
* x86_64 implemention of camellia.
* Optimized memxor using word rather than byte operations.
Both generic C and x86_64 assembler.
* Eliminated a memcpy for in-place CBC decrypt.
Miscellaneous:
* In command line tools, no longer support -? for requesting
help, since using it without shell quoting is a dangerous
habit. Use long option --help instead.
The shared library names are libnettle.so.4.1 and
libhogweed.so.2.1, with sonames libnettle.so.4 and
libhogweed.so.2.
Revision 1.3 / (download) - annotate - [select for diffs], Mon May 2 21:27:15 2011 UTC (12 years, 11 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2011Q2-base,
pkgsrc-2011Q2
Changes since 1.2: +2 -1
lines
Diff to previous 1.2 (colored) to selected 1.20 (colored)
Fix building with Clang
Revision 1.2 / (download) - annotate - [select for diffs], Tue Apr 26 09:54:55 2011 UTC (12 years, 11 months ago) by adam
Branch: MAIN
Changes since 1.1: +2 -2
lines
Diff to previous 1.1 (colored) to selected 1.20 (colored)
buildlink3.mk depends on gmp, even when includes are needed; use MAJOR/MINOR for linking libraries
Revision 1.1.1.1 / (download) - annotate - [select for diffs] (vendor branch), Tue Apr 26 08:59:33 2011 UTC (12 years, 11 months ago) by adam
Branch: TNF
CVS Tags: pkgsrc-base
Changes since 1.1: +0 -0
lines
Diff to previous 1.1 (colored) to selected 1.20 (colored)
Nettle is a cryptographic library that is designed to fit easily in more or less any context: In crypto toolkits for object-oriented languages (C++, Python, Pike, ...), in applications like LSH or GNUPG, or even in kernel space. In most contexts, you need more than the basic cryptographic algorithms, you also need some way to keep track of available algorithms, their properties and variants. You often have some algorithm selection process, often dictated by a protocol you want to implement. And as the requirements of applications differ in subtle and not so subtle ways, an API that fits one application well can be a pain to use in a different context. And that is why there are so many different cryptographic libraries around. Nettle tries to avoid this problem by doing one thing, the low-level crypto stuff, and providing a simple but general interface to it. In particular, Nettle doesn't do algorithm selection. It doesn't do memory allocation. It doesn't do any I/O. The idea is that one can build several application and context specific interfaces on top of Nettle, and share the code, test cases, benchmarks, documentation, etc. Examples are the Nettle module for the Pike language, and LSH, which both use an object-oriented abstraction on top of the library.
Revision 1.1 / (download) - annotate - [select for diffs], Tue Apr 26 08:59:33 2011 UTC (12 years, 11 months ago) by adam
Branch: MAIN
Diff to selected 1.20 (colored)
Initial revision