Path to this page:
Subject: CVS commit: pkgsrc/security/botan3
From: Niclas Rosenvik
Date: 2024-11-01 08:22:45
Message id: 20241101072245.9B321FC7E@cvs.NetBSD.org
Log Message:
Update botan3 and its python binding to version 3.6.1
This version includes the patch to fix build on non-vsx
powerpc cpus by he.
Changes from release notes:
Version 3.6.1, 2024-10-26
* Fix a bug in x86 CPUID detection introduced in 3.6.0 which would
cause crashes on systems which have BMI1 but not BMI2.
(GH #4402 #4401)
* Fix a bug in SLH-DSA signing, which did not default to the FIPS
required randomized variant. (GH #4398)
* Modify how elliptic curve blinding is performed, reducing the number
of self-additions that may occur during multiplication. (GH #4408)
* In speed command line utility, also iterate keygen several times.
(GH #4381)
Version 3.6.0, 2024-10-21
* Fully integrate and further optimize the new ECC library first
introduced in 3.5.0. For common curves, operations are 2 to 3
times faster. This also introduces a new API for low level EC
operations, such a point multiplication, using EC_Scalar and
EC_AffinePoint types.
(GH #4042 #4113 #4147 #4190 #4191 #4113 #4143 #4171 #4203 #4205 #4207
#4209 #4210 #4211 #4212 #4213 #4215 #4217 #4218 #4221 #4225 #4226
#4235 #4237 #4240 #4242 #4256 #4257 #4261 #4264 #4276 #4284 #4300)
* Add support for FIPS 203 ML-KEM, the NIST standardized version of
Kyber (GH #3893)
* Add support for FIPS 204 ML-DSA, the NIST standardized version of
Dilithium (GH #4270)
* Add support for FIPS 205 SLH-DSA, the NIST standardized version of
SPHINCS+ (GH #4291)
* Add support for TPM2 hardware (GH #4337 #4357 #4361)
* Add support for jitterentropy RNG (GH #4325)
* Constant time programming improvements including CT::Option
(GH #4175 #4197 #4198 #4204 #4207 #4254 #4260)
* Improve performance of hex (GH #4275) and base64 (GH #4271)
* In ECDSA blind the constant time inversion of the nonce, as an extra
precaution against side channel attacks. (GH #4259)
* Add support for AVX2-VAES instructions (GH #4286 #4287)
* Add GFNI-AVX2 acceleration for SM4 (GH #4289)
* Add support for elliptic curve numsp512d1 (GH #4251)
* Apply const-time checking annotations to Dilithium and Kyber
(GH #4223), X448/Ed448 (GH #4204), FrodoKEM (GH #4198),
LMS (GH #4272)
* Refactor internals of Dilithium and Kyber to share common elements
(GH #4024)
* Add a test suite for validating the const-time annotations (GH #4182)
* Internal refactorings of public key encryption to improve memory
safety and side channel resistance. (GH #4238 #4239)
* Cache the DER encoding of the OID format of an elliptic curve
(GH #4193)
* Correct inconsistencies with use of BOTAN_CLEAR_CPUID where dependent
instruction sets were not always disabled. (GH #4290)
* Deprecate the x25519/Kyber-512-r3 TLS ciphersuite. (GH #4347)
* Add CI nightly test using Intel SDE to test AVX-512 (GH #4296)
* Fix armv7/aarch64 CPU feature detection on FreeBSD (GH #4315)
* Add support for armv7/aarch64/ppc64 CPU feature detection on OpenBSD,
using a new API added in OpenBSD 7.6 (GH #4312)
* Fix a bug in the speed cli utility which caused it to report
incorrect values, especially for ciphers/hashes with small input
sizes. (GH #4311)
* Fix a bug where CMake and pkg-config files might be installed to the
wrong path (GH #4236 #4231)
* Fix certificate validation when the trust root is a self-signed MD2
cert. (GH #4247 #4248)
* Internal "strong types" improvments (GH #4170)
* Refactor the speed cli utility (GH #4364 #4367 #4369)
* Fix a test that was somewhat brittle and would fail if a specific
certificate was not in the system trust root store. (GH #4280)
* Update some documentation comments (GH #4185)
* In Argon2, avoid instantiating a thread pool when p == 1
(GH #4195 #4199)
* Disable the thread pool by default on Emscripten target
(GH #4195 #4199)
* Add compile time option to disable all use of inline assembly
(GH #4273 #4265)
Version 3.5.0, 2024-07-08
* CVE-2024-34702: Fix a DoS caused by excessive name constraints.
(GH #4186)
* CVE-2024-39312: Fix a name constraint processing error, where if
permitted and excluded rules both applied to a certificate, only
the permitted rules would be checked.
* Add a new much faster elliptic curve implementation. In this release,
this implementation is only used for hash2curve. (GH #3979)
* Add support for LMS hash based signatures (GH #3716 #4059)
* Add support for SSLKEYLOGFILE logging (GH #4043)
* Optimize processing in FFI botan_cipher_update (GH #3951)
* Add Public_Key::raw_public_key_bits (GH #3985)
* Optimize XTS mode (GH #4047)
* Optimize name constraint processing (GH #4047)
* Optimize FrodoKEM-AES (GH #4176 #4174 #4173)
* The build system now distinguishes between LLVM Clang and XCodes
Clang fork. For the latter, use compiler target xcode. (GH #4010)
* Fix a bug in scrypt autotune where, if it was called with a nominal
maximum memory limit of zero (meant to indicate no limit) would only
ever return parameters using 1 MB.
* Constant time programming improvements including CT::value_barrier
and CT::Choice (GH #4154 #4115 #4096 #4108)
* Refactor and optimize AlternativeName. This includes a new API.
The old API is retained but deprecated. (GH #4034)
* Kyber internals refactoring (GH #3887)
* Generate Kuznyechik tables at compile time instead of hard coding
them. (GH #4017)
* Enable using sysctlbyname on iOS (GH #4018)
* Previously Curve25519 was used to refer to key exchange over the
Montgomery curve modulo 2**255-19. This is now called X25519 in all
cases. Typedefs and a deprecated header are retained for
compatibility with older versions. (GH #4012)
* Fix several bugs related to encoding and decoding ASN.1 object
identifiers when the second arc is larger than 40. (GH #4063 #4023)
* Avoid sending IP addresses in the Server Name Indicator TLS extension,
if an IP address is used to initialize the TLS_Server_Info struct.
(GH #4059)
* During X.509 certificate verification, first verify the entire
sequence of signatures, then do other validation. (GH #4045)
* In DTLS fix a bug affecting retransmission of client hellos. (GH #4037)
* Fix a number of bugs related to name constraint processing. (GH #4074)
* Add support for parsing TNAuthList (secure telephony identity
credentials extension) from RFC 8226. (GH #4116)
* Add One-Step KDF from SP 800-56C (GH #4121)
* Fix a bug in RFC 6979 mode ECDSA. This only caused problems when
testing with certain curves and does not have any security or interop
implications. (GH #4040)
* Previously elliptic curve private keys could be of any size, with the
effective key reduced modulo the group order. Now during decoding the
private key must be in the specified bound. (GH #4040)
* Elliptic curve groups now verify that the prime and group order are
related in the manner expected. (GH #4039 #4041)
* Add a script to run the Limbo X.509 path validation test suite.
* Update the BoGo TLS test suite (GH #4078)
* Deprecate various low level BigInt and elliptic curve interfaces
(GH #4038 #4056)
* In 3.3.0, support for application specific curves in EC_Group with
parameters larger than 521 bits was deprecated. This release expands
that deprecation to further restrict future use of application
specific curves (see deprecated.rst for details). Add a new EC_Group
constructor which enforces these restrictions. (GH #4038)
* Fix a bug when creating a PKCS10 request or X.509 self signed
certificate when SubjectAlternativeName was included in the provided
extensions. If this occurred, any other values (eg opts.dns) would
be ignored. (GH #4032)
* Various low level multi precision integer refactorings and
improvements. (GH #4156 #4149 #4007 #4008 #3989 #3987)
* Increase the maximum supported key length of KMAC to 192 bytes
(GH #4109)
* Improve the utilities for checked (overflow safe) addition and
multiplication. (GH #3999)
* Optimize parsing of IPv4 dotted quad strings (GH #4058)
* A system for marking modules as deprecated was introduced in 3.4.0,
but it did not mark any modules as deprecated. This has now been
applied to various modules, which will then be disabled if
--disable-deprecated-features option is used at build time.
(GH #4050)
* Fix a bug in configure.py that caused --with-stack-protector to not
work. (GH #3996)
* Upgrade CI to use XCode 15.2 on x86-64 and XCode 15.3 on aarch64.
(GH #4005)
* Update most CI builds to run on Ubuntu 24.04 (GH #4098)
* Various clang-tidy fixes (GH #4070 #4075)
* Fixes for GCC 14 (GH #4046)
* Fix Roughtime to not reference a deprecated Cloudflare server.
(GH #4002 #3937)
Version 3.4.0, 2024-04-08
* Add Ed448 signatures and X448 key exchange (GH #3933)
* X.509 certificate verification now can optionally ignore the
expiration date of root certificates. (GH #3938)
* Support for hybrid EC point encoding is now deprecated. (GH #3981)
* Support for creating EC_Group objects with parameters larger than
521 bits is now deprecated (GH #3980)
* Add new build options to disable deprecated features, and to enable
experimental features. (GH #3910)
* Fix a bug affecting use of SIV and CCM ciphers in the FFI interface.
(GH #3971)
* Add new FFI interface botan_cipher_requires_entire_message (GH #3969)
* Internal refactorings of the mp layer to support a new elliptic curve
library. (GH #3973 #3977 #3962 #3957 #3964 #3956 #3961 #3950)
* Use a new method for constant time division in Kyber to avoid a
possible side channel where the compiler inserts use of a variable
time division. (GH #3959)
* Refactor test RNG usage to improve reproducibility. (GH #3920)
* Add std::span interfaces to BigInt (GH #3866)
* Refactorings and improvements to low level load/store utility
functions. (GH #3869)
* Fix the amalgamation build on ARM64 (GH #3931)
* Add Mac ARM based CI build (GH #3931)
* Fix a thread serialization bug that caused sporadic test failures.
(GH #3922)
* Update GH Actions to v4 (GH #3923)
* Add examples of password based encryption and HTTPS+ASIO client.
(GH #3935 #3910)
Files: