./security/libgcrypt, GNU cryptographic library

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 1.8.3, Package name: libgcrypt-1.8.3, Maintainer: pkgsrc-users

This is a general purpose cryptographic library based on the code from GnuPG.
It provides functions for all cryptograhic building blocks: symmetric ciphers
(AES, DES, Blowfish, CAST5, Twofish, Arcfour), hash algorithms (MD4, MD5,
RIPE-MD160, SHA-1, TIGER-192), MACs (HMAC for all hash algorithms), public key
algorithms (RSA, ElGamal, DSA), large integer functions, random numbers and a
lot of supporting functions.


Required to run:
[security/libgpg-error]

Required to build:
[pkgtools/cwrappers]

Master sites:

SHA1: 13bd2ce69e59ab538e959911dfae80ea309636e3
RMD160: 3cf9040b3fa0860b07075df2373a71617aff34ec
Filesize: 2919.107 KB

Version history: (Expand)


CVS history: (Expand)


   2018-06-20 08:18:53 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
libgcrypt: updated to 1.8.3

version 1.8.3:
Bug fixes:
- Use blinding for ECDSA signing to mitigate a novel side-channel
  attack.
- Fix incorrect counter overflow handling for GCM when using an IV
  size other than 96 bit.
- Fix incorrect output of AES-keywrap mode for in-place encryption
  on some platforms.
- Fix the gcry_mpi_ec_curve_point point validation function.
- Fix rare assertion failure in gcry_prime_check.
   2018-05-11 21:20:11 by Kamil Rytarowski | Files touched by this commit (2)
Log message:
libgcrypt: Fix build with Clang

Port code that disables optimization on GCC to Clang/LLVM.
   2018-04-21 15:38:07 by Thomas Klausner | Files touched by this commit (28)
Log message:
*: gd.tuwien.ac.at/ftp.tuwien.ac.at is gone, remove it from various mastersites
   2017-12-14 09:49:55 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
libgcrypt: updated to 1.8.2

Noteworthy changes in version 1.8.2:

 * Bug fixes:
   - Do not use /dev/srandom on OpenBSD.
   - Fix test suite failure on systems with large pages.
   - Fix test suite to not use mmap on Windows.
   - Fix fatal out of secure memory status in the s-expression parser
     on heavy loaded systems.

 * Other:
   - Backport the auto expand secmem feature from master for use by
     the forthcoming GnuPG 2.2.4.
   2017-08-27 14:38:36 by Adam Ciarcinski | Files touched by this commit (2)
Log message:
version 1.8.1:

Bug fixes:
   - Mitigate a local side-channel attack on Curve25519 dubbed "May
     the Fourth be With You".  [CVE-2017-0379] [also in 1.7.9]
   - Add more extra bytes to the pool after reading a seed file.
   - Add the OID SHA384WithECDSA from RFC-7427 to SHA-384.
   - Fix build problems with the Jitter RNG
   - Fix assembler code build problems on Rasbian (ARMv8/AArch32-CE).
   2017-07-23 19:27:52 by Adam Ciarcinski | Files touched by this commit (2)
Log message:
version 1.8.0:

 * New interfaces:
   - New cipher mode XTS
   - New hash function Blake-2
   - New function gcry_mpi_point_copy.
   - New function gcry_get_config.
   - GCRYCTL_REINIT_SYSCALL_CLAMP allows to init nPth after Libgcrypt.
   - New gobal configuration file /etc/gcrypt/random.conf.

 * Extended interfaces:
   - GCRYCTL_PRINT_CONFIG does now also print build information for
     libgpg-error and the used compiler version.
   - GCRY_CIPHER_MODE_CFB8 is now supported.
   - Add Stribog OIDs.

 * Performance:
   - A jitter based entropy collector is now used in addition to the
     other entropy collectors.
   - Optimized gcry_md_hash_buffers for SHA-256 and SHA-512.
   - More ARMv8/AArch32 improvements for AES, GCM, SHA-256, and SHA-1.
   - Add ARMv8/AArch32 assembly implementation for Twofish and
     Camellia.
   - Add bulk processing implementation for ARMv8/AArch32.
   - Improve the DRBG performance and sync the code with the Linux
     version.

 * Internal changes:
   - Libgpg-error 1.25 is now required.  This avoids stalling of nPth
     threads due to contention on internal Libgcrypt locks (e.g. the
     random pool lock).
   - The system call clamp of libgpg-error is now used to wrap the
     blocking read of /dev/random.  This allows other nPth threads to
     run while Libgcrypt is gathering entropy.
   - When secure memory is requested by the MPI functions or by
     gcry_xmalloc_secure, they do not anymore lead to a fatal error if
     the secure memory pool is used up.  Instead new pools are
     allocated as needed.  These new pools are not protected against
     being swapped out (mlock can't be used).  However, these days
     this is considered a minor issue and can easily be mitigated by
     using encrypted swap space.

 * Bug fixes:
   - Fix AES CTR self-check detected failure in the SSSE3 based
     implementation.
   - Remove gratuitous select before the getrandom syscall.
   - Fix regression in mlock detection.
   - Fix GOST 28147 CryptoPro-B S-box.
   - Fix error code handling of mlock calls.
   - Fix possible timing attack on EdDSA session key.
   - Fix long standing bug in secure memory implementation which could
     lead to a segv on free.
   - Mitigate a flush+reload side-channel attack on RSA secret keys
     dubbed "Sliding right into disaster".
   2017-07-04 08:55:53 by Adam Ciarcinski | Files touched by this commit (2)
Log message:
changes in version 1.7.8:
Bug fixes:
- Mitigate a flush+reload side-channel attack on RSA secret keys
  dubbed "Sliding right into disaster".  For details see
  <https://eprint.iacr.org/2017/627>.  [CVE-2017-7526]
   2017-06-14 22:18:27 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
Updated libgcrypt to 1.7.7.

Noteworthy changes in version 1.7.7 (2017-06-02)  [C21/A1/R7]
------------------------------------------------

 * Bug fixes:

   - Fix possible timing attack on EdDSA session key.

   - Fix long standing bug in secure memory implementation which could
     lead to a segv on free. [bug#3027]