./security/libsodium, Library for build higher-level cryptographic tools

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 1.0.17, Package name: libsodium-1.0.17, Maintainer: pkgsrc-users

libsodium is a library for network communication, encryption,
decryption, signatures, etc.

libsodium is a portable, cross-compilable, installable,
packageable, API-compatible version for NaCl.

Required to build:

Master sites:

SHA1: 3ff06c4aa33eb0a9c9d83481a00383b0c81d4a80
RMD160: 331ec1d752070e342553597c1f69d0c570f0983f
Filesize: 1867.1 KB

Version history: (Expand)

CVS history: (Expand)

   2019-01-07 09:36:03 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
libsodium: updated to 1.0.17

Version 1.0.17
- Bug fix: sodium_pad() didn't properly support block sizes >= 256 bytes.
- JS/WebAssembly: some old iOS versions can't instantiate the WebAssembly
module; fall back to Javascript on these.
- JS/WebAssembly: compatibility with newer Emscripten versions.
- Bug fix: crypto_pwhash_scryptsalsa208sha256_str_verify() and
crypto_pwhash_scryptsalsa208sha256_str_needs_rehash() didn't return
EINVAL on input strings with a short length, unlike their high-level
- Added a workaround for Visual Studio 2010 bug causing CPU features
not to be detected.
- Portability improvements.
- Test vectors from Project Wycheproof have been added.
- New low-level APIs for arithmetic mod the order of the prime order group:
crypto_core_ed25519_scalar_random(), crypto_core_ed25519_scalar_reduce(),
crypto_core_ed25519_scalar_invert(), crypto_core_ed25519_scalar_negate(),
crypto_core_ed25519_scalar_complement(), crypto_core_ed25519_scalar_add()
and crypto_core_ed25519_scalar_sub().
- New low-level APIs for scalar multiplication without clamping:
crypto_scalarmult_ed25519_base_noclamp() and
crypto_scalarmult_ed25519_noclamp(). These new APIs are especially useful
for blinding.
- sodium_sub() has been implemented.
- Support for WatchOS has been added.
- getrandom(2) is now used on FreeBSD 12+.
- The nonnull attribute has been added to all relevant prototypes.
- More reliable AVX512 detection.
- Javascript/Webassembly builds now use dynamic memory growth.
   2018-11-12 15:40:22 by Jonathan Perkin | Files touched by this commit (19)
Log message:
*: Add CTF_SUPPORTED/CTF_FILES_SKIP where necessary.
   2017-12-14 09:39:09 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
libsodium: updated to 1.0.16

Version 1.0.16
 - Signatures computations and verifications are now way faster on
64-bit platforms with compilers supporting 128-bit arithmetic (gcc,
clang, icc). This includes the WebAssembly target.
 - New low-level APIs for computations over edwards25519:
`crypto_scalarmult_ed25519()`, `crypto_scalarmult_ed25519_base()`,
`crypto_core_ed25519_is_valid_point()`, `crypto_core_ed25519_add()`,
`crypto_core_ed25519_sub()` and `crypto_core_ed25519_from_uniform()`
(elligator representative to point).
 - `crypto_sign_open()`, `crypto_sign_verify_detached() and
`crypto_sign_edwards25519sha512batch_open` now reject public keys in
non-canonical form in addition to low-order points.
 - The library can be built with `ED25519_NONDETERMINISTIC` defined in
order to use synthetic nonces for EdDSA. This is disabled by default.
 - Webassembly: `crypto_pwhash_*()` functions are now included in
non-sumo builds.
 - `sodium_stackzero()` was added to wipe content off the stack.
 - Android: support new SDKs where unified headers have become the
 - The Salsa20-based PRNG example is now thread-safe on platforms with
support for thread-local storage, optionally mixes bits from RDRAND.
 - CMAKE: static library detection on Unix systems has been improved
 - Argon2 and scrypt are slightly faster on Linux.
   2017-10-12 14:08:39 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
libsodium: update to 1.0.15

Version 1.0.15
 - The default password hashing algorithm is now Argon2id. The
`pwhash_str_verify()` function can still verify Argon2i hashes
without any changes, and `pwhash()` can still compute Argon2i hashes
as well.
 - The aes128ctr primitive was removed. It was slow, non-standard, not
authenticated, and didn't seem to be used by any opensource project.
 - Argon2id required at least 3 passes like Argon2i, despite a minimum
of `1` as defined by the `OPSLIMIT_MIN` constant. This has been fixed.
 - The secretstream construction was slightly changed to be consistent
with forthcoming variants.
 - The Javascript and Webassembly versions have been merged, and the
module now returns a `.ready` promise that will resolve after the
Webassembly code is loaded and compiled.
 - Note that due to these incompatible changes, the library version
major was bumped up.
   2017-08-13 19:09:34 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
Version 1.0.13
- Javascript: the sumo builds now include all symbols. They were
previously limited to symbols defined in minimal builds.
- The public `crypto_pwhash_argon2i_MEMLIMIT_MAX` constant was
incorrectly defined on 32-bit platforms. This has been fixed.
- Version 1.0.12 didn't compile on OpenBSD/i386 using the base gcc
compiler. This has been fixed.
- The Android compilation scripts have been updated for NDK r14b.
- armv7s-optimized code was re-added to iOS builds.
- An AVX2 optimized implementation of the Argon2 round function was
- The Argon2id variant of Argon2 has been implemented. The
high-level `crypto_pwhash_str_verify()` function automatically detects
the algorithm and can verify both Argon2i and Argon2id hashed passwords.
The default algorithm for newly hashed passwords remains Argon2i in
this version to avoid breaking compatibility with verifiers running
libsodium <= 1.0.12.
- A `crypto_box_curve25519xchacha20poly1305_seal*()` function set was
- scrypt was removed from minimal builds.
- libsodium is now available on Nuget.
   2016-02-07 11:59:18 by Adam Ciarcinski | Files touched by this commit (3)
Log message:
Version 1.0.8
- Handle the case where the CPU supports AVX, but we are running
on an hypervisor with AVX disabled/not supported.
- Faster (2x) scalarmult_base() when using the ref10 implementation
   2015-11-21 10:21:40 by Thomas Klausner | Files touched by this commit (3) | Package updated
Log message:
Update libsodium to 1.0.6.

Provided by csosstudy in PR 50455.

Version 1.0.6

    Optimized implementations of Blake2 have been added for modern Intel \ 
platforms. crypto_generichash() is now faster than MD5 and SHA1 implementations \ 
while being far more secure.
    Functions for which the return value should be checked have been tagged with \ 
__attribute__ ((warn_unused_result)). This will intentionally break code \ 
compiled with -Werror that didn't bother checking critical return values.
    The crypto_sign_edwards25519sha512batch_*() functions have been tagged as \ 
    Undocumented symbols that were exported, but were only useful for internal \ 
purposes have been removed or made private: sodium_runtime_get_cpu_features(), \ 
the implementation-specific crypto_onetimeauth_poly1305_donna() symbols, \ 
crypto_onetimeauth_poly1305_set_implementation(), \ 
crypto_onetimeauth_poly1305_implementation_name() and \ 
    sodium_compare() now works as documented, and compares numbers in \ 
little-endian format instead of behaving like memcmp().
    The previous changes should not break actual applications, but to be safe, \ 
the library version major was incremented.
    sodium_runtime_has_ssse3() and sodium_runtime_has_sse41() have been added.
    The library can now be compiled with the CompCert compiler.

Version 1.0.5

This release only fixes compilation issues on some platforms.

If 1.0.4 compiled and installed fine on your system, upgrading to this version \ 
is not required.
There are no functional changes.

    Compilation issues on some platforms were fixed: missing alignment \ 
directives were added (required at least on RHEL-6/i386), a workaround for a VRP \ 
bug on gcc/armv7 was added, and the library can now be compiled with the SunPro \ 

    Javascript target: io.js is not supported any more. Use nodejs.

Version 1.0.4

    Support for AES256-GCM has been added. This requires a CPU with the aesni \ 
and pclmul extensions, and is accessible via the crypto_aead_aes256gcm_*() \ 
    The Javascript target doesn't use eval() any more, so that the library can \ 
be used in Chrome packaged applications.
    QNX and CloudABI are now supported.
    Support for NaCl has finally been added.
    ChaCha20 with an extended (96 bit) nonce and a 32-bit counter has been \ 
implemented as crypto_stream_chacha20_ietf(), crypto_stream_chacha20_ietf_xor() \ 
and crypto_stream_chacha20_ietf_xor_ic(). An IETF-compatible version of \ 
ChaCha20Poly1305 is available as crypto_aead_chacha20poly1305_ietf_npubbytes(), \ 
crypto_aead_chacha20poly1305_ietf_encrypt() and \ 
    The sodium_increment() helper function has been added, to increment an \ 
arbitrary large number (such as a nonce).
    The sodium_compare() helper function has been added, to compare arbitrary \ 
large numbers (such as nonces, in order to prevent replay attacks).

Version 1.0.3

    In addition to sodium_bin2hex(), sodium_hex2bin() is now a constant-time \ 
    crypto_stream_xsalsa20_ic() has been added.
    crypto_generichash_statebytes(), crypto_auth_*_statebytes() and \ 
crypto_hash_*_statebytes() have been added in order to retrieve the size of \ 
structures keeping states from foreign languages.
    The JavaScript target doesn't require /dev/urandom or an external \ 
randombytes() implementation any more. Other minor Emscripten-related \ 
improvements have been made in order to support libsodium.js
    Custom randombytes implementations do not need to provide their own \ 
implementation of randombytes_uniform() any more. randombytes_stir() and \ 
randombytes_close() can also be NULL pointers if they are not required.
    On Linux, getrandom(2) is being used instead of directly accessing \ 
/dev/urandom, if the kernel supports this system call.
    crypto_box_seal() and crypto_box_seal_open() have been added.
    A solutions for Visual Studio 2015 was added.
   2015-11-04 02:18:12 by Alistair G. Crooks | Files touched by this commit (434)
Log message:
Add SHA512 digests for distfiles for security category

Problems found locating distfiles:
	Package f-prot-antivirus6-fs-bin: missing distfile fp-NetBSD.x86.32-fs-6.2.3.tar.gz
	Package f-prot-antivirus6-ws-bin: missing distfile fp-NetBSD.x86.32-ws-6.2.3.tar.gz
	Package libidea: missing distfile libidea-0.8.2b.tar.gz
	Package openssh: missing distfile openssh-7.1p1-hpn-20150822.diff.bz2
	Package uvscan: missing distfile vlp4510e.tar.Z

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.