./security/libsodium, Library for build higher-level cryptographic tools

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 1.0.15, Package name: libsodium-1.0.15, Maintainer: pkgsrc-users

libsodium is a library for network communication, encryption,
decryption, signatures, etc.

libsodium is a portable, cross-compilable, installable,
packageable, API-compatible version for NaCl.

Required to build:

Master sites:

SHA1: 0597479c842300a3b060898f1acfe09ca032736a
RMD160: 84791d8341181225acfa3bba5d1168460e73684a
Filesize: 1822.321 KB

Version history: (Expand)

CVS history: (Expand)

   2017-10-12 14:08:39 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
libsodium: update to 1.0.15

Version 1.0.15
 - The default password hashing algorithm is now Argon2id. The
`pwhash_str_verify()` function can still verify Argon2i hashes
without any changes, and `pwhash()` can still compute Argon2i hashes
as well.
 - The aes128ctr primitive was removed. It was slow, non-standard, not
authenticated, and didn't seem to be used by any opensource project.
 - Argon2id required at least 3 passes like Argon2i, despite a minimum
of `1` as defined by the `OPSLIMIT_MIN` constant. This has been fixed.
 - The secretstream construction was slightly changed to be consistent
with forthcoming variants.
 - The Javascript and Webassembly versions have been merged, and the
module now returns a `.ready` promise that will resolve after the
Webassembly code is loaded and compiled.
 - Note that due to these incompatible changes, the library version
major was bumped up.
   2017-08-13 19:09:34 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
Version 1.0.13
- Javascript: the sumo builds now include all symbols. They were
previously limited to symbols defined in minimal builds.
- The public `crypto_pwhash_argon2i_MEMLIMIT_MAX` constant was
incorrectly defined on 32-bit platforms. This has been fixed.
- Version 1.0.12 didn't compile on OpenBSD/i386 using the base gcc
compiler. This has been fixed.
- The Android compilation scripts have been updated for NDK r14b.
- armv7s-optimized code was re-added to iOS builds.
- An AVX2 optimized implementation of the Argon2 round function was
- The Argon2id variant of Argon2 has been implemented. The
high-level `crypto_pwhash_str_verify()` function automatically detects
the algorithm and can verify both Argon2i and Argon2id hashed passwords.
The default algorithm for newly hashed passwords remains Argon2i in
this version to avoid breaking compatibility with verifiers running
libsodium <= 1.0.12.
- A `crypto_box_curve25519xchacha20poly1305_seal*()` function set was
- scrypt was removed from minimal builds.
- libsodium is now available on Nuget.
   2016-02-07 11:59:18 by Adam Ciarcinski | Files touched by this commit (3)
Log message:
Version 1.0.8
- Handle the case where the CPU supports AVX, but we are running
on an hypervisor with AVX disabled/not supported.
- Faster (2x) scalarmult_base() when using the ref10 implementation
   2015-11-21 10:21:40 by Thomas Klausner | Files touched by this commit (3) | Package updated
Log message:
Update libsodium to 1.0.6.

Provided by csosstudy in PR 50455.

Version 1.0.6

    Optimized implementations of Blake2 have been added for modern Intel \ 
platforms. crypto_generichash() is now faster than MD5 and SHA1 implementations \ 
while being far more secure.
    Functions for which the return value should be checked have been tagged with \ 
__attribute__ ((warn_unused_result)). This will intentionally break code \ 
compiled with -Werror that didn't bother checking critical return values.
    The crypto_sign_edwards25519sha512batch_*() functions have been tagged as \ 
    Undocumented symbols that were exported, but were only useful for internal \ 
purposes have been removed or made private: sodium_runtime_get_cpu_features(), \ 
the implementation-specific crypto_onetimeauth_poly1305_donna() symbols, \ 
crypto_onetimeauth_poly1305_set_implementation(), \ 
crypto_onetimeauth_poly1305_implementation_name() and \ 
    sodium_compare() now works as documented, and compares numbers in \ 
little-endian format instead of behaving like memcmp().
    The previous changes should not break actual applications, but to be safe, \ 
the library version major was incremented.
    sodium_runtime_has_ssse3() and sodium_runtime_has_sse41() have been added.
    The library can now be compiled with the CompCert compiler.

Version 1.0.5

This release only fixes compilation issues on some platforms.

If 1.0.4 compiled and installed fine on your system, upgrading to this version \ 
is not required.
There are no functional changes.

    Compilation issues on some platforms were fixed: missing alignment \ 
directives were added (required at least on RHEL-6/i386), a workaround for a VRP \ 
bug on gcc/armv7 was added, and the library can now be compiled with the SunPro \ 

    Javascript target: io.js is not supported any more. Use nodejs.

Version 1.0.4

    Support for AES256-GCM has been added. This requires a CPU with the aesni \ 
and pclmul extensions, and is accessible via the crypto_aead_aes256gcm_*() \ 
    The Javascript target doesn't use eval() any more, so that the library can \ 
be used in Chrome packaged applications.
    QNX and CloudABI are now supported.
    Support for NaCl has finally been added.
    ChaCha20 with an extended (96 bit) nonce and a 32-bit counter has been \ 
implemented as crypto_stream_chacha20_ietf(), crypto_stream_chacha20_ietf_xor() \ 
and crypto_stream_chacha20_ietf_xor_ic(). An IETF-compatible version of \ 
ChaCha20Poly1305 is available as crypto_aead_chacha20poly1305_ietf_npubbytes(), \ 
crypto_aead_chacha20poly1305_ietf_encrypt() and \ 
    The sodium_increment() helper function has been added, to increment an \ 
arbitrary large number (such as a nonce).
    The sodium_compare() helper function has been added, to compare arbitrary \ 
large numbers (such as nonces, in order to prevent replay attacks).

Version 1.0.3

    In addition to sodium_bin2hex(), sodium_hex2bin() is now a constant-time \ 
    crypto_stream_xsalsa20_ic() has been added.
    crypto_generichash_statebytes(), crypto_auth_*_statebytes() and \ 
crypto_hash_*_statebytes() have been added in order to retrieve the size of \ 
structures keeping states from foreign languages.
    The JavaScript target doesn't require /dev/urandom or an external \ 
randombytes() implementation any more. Other minor Emscripten-related \ 
improvements have been made in order to support libsodium.js
    Custom randombytes implementations do not need to provide their own \ 
implementation of randombytes_uniform() any more. randombytes_stir() and \ 
randombytes_close() can also be NULL pointers if they are not required.
    On Linux, getrandom(2) is being used instead of directly accessing \ 
/dev/urandom, if the kernel supports this system call.
    crypto_box_seal() and crypto_box_seal_open() have been added.
    A solutions for Visual Studio 2015 was added.
   2015-11-04 02:18:12 by Alistair G. Crooks | Files touched by this commit (434)
Log message:
Add SHA512 digests for distfiles for security category

Problems found locating distfiles:
	Package f-prot-antivirus6-fs-bin: missing distfile fp-NetBSD.x86.32-fs-6.2.3.tar.gz
	Package f-prot-antivirus6-ws-bin: missing distfile fp-NetBSD.x86.32-ws-6.2.3.tar.gz
	Package libidea: missing distfile libidea-0.8.2b.tar.gz
	Package openssh: missing distfile openssh-7.1p1-hpn-20150822.diff.bz2
	Package uvscan: missing distfile vlp4510e.tar.Z

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.
   2015-01-16 12:39:32 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
Update to 1.0.1:

* Version 1.0.1
 - DLL_EXPORT was renamed SODIUM_DLL_EXPORT in order to avoid
collisions with similar macros defined by other libraries.
 - sodium_bin2hex() is now constant-time.
 - crypto_secretbox_detached() now supports overlapping input and output
 - NaCl's donna_c64 implementation of curve25519 was reading an extra byte
past the end of the buffer containing the base point. This has been
   2014-10-04 14:59:02 by Thomas Klausner | Files touched by this commit (3) | Package updated
Log message:
Update to 1.0.0, from maintainer csosstudy in PR 49251.
While here, add rpath to pkgconfig file.

* Version 1.0.0
 - The API and ABI are now stable. New features will be added, but
backward-compatibility is guaranteed through all the 1.x.y releases.
 - crypto_sign() properly works with overlapping regions again. Thanks
to @pysiak for reporting this regression introduced in version 0.6.1.
 - The test suite has been extended.

* Version 0.7.1 (1.0 RC2)
 - This is the second release candidate of Sodium 1.0. Minor
compilation, readability and portability changes have been made and the
test suite was improved, but the API is the same as the previous release

* Version 0.7.0 (1.0 RC1)
 - Allocating memory to store sensitive data can now be done using
sodium_malloc() and sodium_allocarray(). These functions add guard
pages around the protected data to make it less likely to be
accessible in a heartbleed-like scenario. In addition, the protection
for memory regions allocated that way can be changed using
sodium_mprotect_noaccess(), sodium_mprotect_readonly() and
 - ed25519 keys can be converted to curve25519 keys with
crypto_sign_ed25519_pk_to_curve25519() and
crypto_sign_ed25519_sk_to_curve25519(). This allows using the same
keys for signature and encryption.
 - The seed and the public key can be extracted from an ed25519 key
using crypto_sign_ed25519_sk_to_seed() and crypto_sign_ed25519_sk_to_pk().
 - aes256 was removed. A timing-attack resistant implementation might
be added later, but not before version 1.0 is tagged.
 - The crypto_pwhash_scryptxsalsa208sha256_* compatibility layer was
removed. Use crypto_pwhash_scryptsalsa208sha256_*.
 - The compatibility layer for implementation-specific functions was
 - Compilation issues with Mingw64 on MSYS (not MSYS2) were fixed.
 - crypto_pwhash_scryptsalsa208sha256_STRPREFIX was added: it contains
the prefix produced by crypto_pwhash_scryptsalsa208sha256_str()

* Version 0.6.1
 - Important bug fix: when crypto_sign_open() was given a signed
message too short to even contain a signature, it was putting an
unlimited amount of zeros into the target buffer instead of
immediately returning -1. The bug was introduced in version 0.5.0.
 - New API: crypto_sign_detached() and crypto_sign_verify_detached()
to produce and verify ed25519 signatures without having to duplicate
the message.
 - New ./configure switch: --enable-minimal, to create a smaller
library, with only the functions required for the high-level API.
Mainly useful for the JavaScript target and embedded systems.
 - All the symbols are now exported by the Emscripten build script.
 - The pkg-config .pc file is now always installed even if the
pkg-config tool is not available during the installation.

* Version 0.6.0
 - The ChaCha20 stream cipher has been added, as crypto_stream_chacha20_*
 - The ChaCha20Poly1305 AEAD construction has been implemented, as
 - The _easy API does not require any heap allocations any more and
does not have any overhead over the NaCl API. With the password
hashing function being an obvious exception, the library doesn't
allocate and will not allocate heap memory ever.
 - crypto_box and crypto_secretbox have a new _detached API to store
the authentication tag and the encrypted message separately.
 - crypto_pwhash_scryptxsalsa208sha256*() functions have been renamed
 - The low-level crypto_pwhash_scryptsalsa208sha256_ll() function
allows setting individual parameters of the scrypt function.
 - New macros and functions for recommended crypto_pwhash_* parameters
have been added.
 - Similarly to crypto_sign_seed_keypair(), crypto_box_seed_keypair()
has been introduced to deterministically generate a key pair from a seed.
 - crypto_onetimeauth() now provides a streaming interface.
 - crypto_stream_chacha20_xor_ic() and crypto_stream_salsa20_xor_ic()
have been added to use a non-zero initial block counter.
 - On Windows, CryptGenRandom() was replaced by RtlGenRandom(), which
doesn't require the Crypt API.
 - The high bit in curve25519 is masked instead of processing the key as
a 256-bit value.
 - The curve25519 ref implementation was replaced by the latest ref10
implementation from Supercop.
 - sodium_mlock() now prevents memory from being included in coredumps
on Linux 3.4+

* Version 0.5.0
 - sodium_mlock()/sodium_munlock() have been introduced to lock pages
in memory before storing sensitive data, and to zero them before
unlocking them.
 - High-level wrappers for crypto_box and crypto_secretbox
(crypto_box_easy and crypto_secretbox_easy) can be used to avoid
dealing with the specific memory layout regular functions depend on.
 - crypto_pwhash_scryptsalsa208sha256* functions have been added
to derive a key from a password, and for password storage.
 - Salsa20 and ed25519 implementations now support overlapping
inputs/keys/outputs (changes imported from supercop-20140505).
 - New build scripts for Visual Studio, Emscripten, different Android
architectures and msys2 are available.
 - The poly1305-53 implementation has been replaced with Floodyberry's
poly1305-donna32 and poly1305-donna64 implementations.
 - sodium_hex2bin() has been added to complement sodium_bin2hex().
 - On OpenBSD and Bitrig, arc4random() is used instead of reading
 - crypto_auth_hmac_sha512() has been implemented.
 - sha256 and sha512 now have a streaming interface.
 - hmacsha256, hmacsha512 and hmacsha512256 now support keys of
arbitrary length, and have a streaming interface.
 - crypto_verify_64() has been implemented.
 - first-class Visual Studio build system, thanks to @evoskuil
 - CPU features are now detected at runtime.
   2013-10-23 19:08:03 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
Update to 0.4.5. From csosstudy in PR 48336.

* Version 0.4.5
 - Restore compatibility with OSX <= 10.6

* Version 0.4.4
 - Visual Studio is officially supported (VC 2010 & VC 2013)
 - mingw64 is now supported
 - big-endian architectures are now supported as well
 - The donna_c64 implementation of curve25519_donna_c64 now handles
non-canonical points like the ref implementation
 - Missing scalarmult_curve25519 and stream_salsa20 constants are now exported
 - A crypto_onetimeauth_poly1305_ref() wrapper has been added