head 1.6; access; symbols pkgsrc-2026Q1:1.5.0.28 pkgsrc-2026Q1-base:1.5 pkgsrc-2025Q4:1.5.0.26 pkgsrc-2025Q4-base:1.5 pkgsrc-2025Q3:1.5.0.24 pkgsrc-2025Q3-base:1.5 pkgsrc-2025Q2:1.5.0.22 pkgsrc-2025Q2-base:1.5 pkgsrc-2025Q1:1.5.0.20 pkgsrc-2025Q1-base:1.5 pkgsrc-2024Q4:1.5.0.18 pkgsrc-2024Q4-base:1.5 pkgsrc-2024Q3:1.5.0.16 pkgsrc-2024Q3-base:1.5 pkgsrc-2024Q2:1.5.0.14 pkgsrc-2024Q2-base:1.5 pkgsrc-2024Q1:1.5.0.12 pkgsrc-2024Q1-base:1.5 pkgsrc-2023Q4:1.5.0.10 pkgsrc-2023Q4-base:1.5 pkgsrc-2023Q3:1.5.0.8 pkgsrc-2023Q3-base:1.5 pkgsrc-2023Q2:1.5.0.6 pkgsrc-2023Q2-base:1.5 pkgsrc-2023Q1:1.5.0.4 pkgsrc-2023Q1-base:1.5 pkgsrc-2022Q4:1.5.0.2 pkgsrc-2022Q4-base:1.5 pkgsrc-2022Q3:1.4.0.8 pkgsrc-2022Q3-base:1.4 pkgsrc-2022Q2:1.4.0.6 pkgsrc-2022Q2-base:1.4 pkgsrc-2022Q1:1.4.0.4 pkgsrc-2022Q1-base:1.4 pkgsrc-2021Q4:1.4.0.2 pkgsrc-2021Q4-base:1.4 pkgsrc-2021Q3:1.2.0.6 pkgsrc-2021Q3-base:1.2 pkgsrc-2021Q2:1.2.0.4 pkgsrc-2021Q2-base:1.2 pkgsrc-2021Q1:1.2.0.2 pkgsrc-2021Q1-base:1.2 pkgsrc-2020Q4:1.1.0.12 pkgsrc-2020Q4-base:1.1 pkgsrc-2020Q3:1.1.0.10 pkgsrc-2020Q3-base:1.1 pkgsrc-2020Q2:1.1.0.8 pkgsrc-2020Q2-base:1.1 pkgsrc-2020Q1:1.1.0.4 pkgsrc-2020Q1-base:1.1 pkgsrc-2019Q4:1.1.0.6 pkgsrc-2019Q4-base:1.1 pkgsrc-2019Q3:1.1.0.2 pkgsrc-2019Q3-base:1.1; locks; strict; comment @# @; 1.6 date 2026.05.01.10.56.38; author fox; state Exp; branches; next 1.5; commitid q5OlHspste6ej6EG; 1.5 date 2022.11.12.15.19.03; author fox; state Exp; branches; next 1.4; commitid arXMcpxlWG6gsq1E; 1.4 date 2021.10.26.11.17.12; author nia; state Exp; branches; next 1.3; commitid PNswNV9GDLZeojeD; 1.3 date 2021.10.07.14.53.56; author nia; state Exp; branches; next 1.2; commitid nfjKlj1wTplMcTbD; 1.2 date 2021.03.12.23.01.07; author fox; state Exp; branches; next 1.1; commitid Xc9aY2CIl7W1C4LC; 1.1 date 2019.08.11.16.47.52; author fox; state Exp; branches; next ; commitid V4meXQEh6cwL9DyB; desc @@ 1.6 log @security/libdecaf: Update to v1.0.3 Changes since v1.0.2: No upstream release notes; changes derived from commit log. * Allow long scalars to be null, mostly so that you can deserialize a zero-length null scalar without causing UB. * Signature context can be null. * Fix runtime errors. * Fix C++ test build with recent compilers. * CMake improvements and add enable sanitizer option. * Add SER_BYTES to gf_serialize prototype. * Adjust comments in ristretto.sage. * Indicate that x86 word_is_zero affects the carry flag. * Test for subgroup membership in ed448 (sage). * Document how to run tests. @ text @$NetBSD: distinfo,v 1.5 2022/11/12 15:19:03 fox Exp $ BLAKE2s (libdecaf-1.0.3.tgz) = 5789f5491c94fa423487428c36d7721506374a6d639f41add1ed7583ef0c56ff SHA512 (libdecaf-1.0.3.tgz) = 30db1f889497413d88267a8ca3f751c7c52651e6aaa9ad008b01da66695dbecc6a75a553aed8abd3c5d5b174f87f0b32ad62e6ca53acc36f750eb4c746885c17 Size (libdecaf-1.0.3.tgz) = 237326 bytes SHA1 (patch-CMakeLists.txt) = 6fc8aaa1afd412d1a759c1345e238c79513715de SHA1 (patch-src_CMakeLists.txt) = f9ddfd9e6d3e334d310bfed9f2542477ba2cf9a6 @ 1.5 log @security/libdecaf: Update to v1.0.2 Changes since v1.0.1: July 13, 2022: Fix a security bug and an issue. Point::steg_encode was leaving the 24 high bits of the buffer as zero. It also ignored the size parameter. The size parameter has now been removed, the zeros fixed and a test added to make sure that it is fixed. Per https://github.com/MystenLabs/ed25519-unsafe-libs, deprecate eddsa signing with separate pubkey and privkey input. Instead decaf_ed*_keypair_sign. Release v1.0.2. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.4 2021/10/26 11:17:12 nia Exp $ d3 4 a6 4 BLAKE2s (ed448goldilocks-code-da2f2f9b2ab1bce9a2bb77e4f37037ee135fdd72.zip) = 2aa571960f926183744850ab8cf9dfbbd679680081b666f40152e66eaf264c92 SHA512 (ed448goldilocks-code-da2f2f9b2ab1bce9a2bb77e4f37037ee135fdd72.zip) = a98e43f3efbc2b69c48786353fa1ebd7d008813f547f683d9e544b90d8e29a43ff4cf9490ca9f308b87e4bc135b560186941cea57851d6ec117213cb5ba20c48 Size (ed448goldilocks-code-da2f2f9b2ab1bce9a2bb77e4f37037ee135fdd72.zip) = 288423 bytes SHA1 (patch-CMakeLists.txt) = 66a8818bd34c91da92253af54ba33f051387e3b7 a7 1 SHA1 (patch-src_per__curve_eddsa.tmpl.h) = dc7c715b29fe077d8ae5c41385af7245f1f21817 @ 1.4 log @security: Replace RMD160 checksums with BLAKE2s checksums All checksums have been double-checked against existing RMD160 and SHA512 hashes Unfetchable distfiles (fetched conditionally?): ./security/cyrus-sasl/distinfo cyrus-sasl-dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d.patch.v2 @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.3 2021/10/07 14:53:56 nia Exp $ d3 3 a5 3 BLAKE2s (ed448goldilocks-code-0324a955696d3235b5700046a487f8a2086baf1f.zip) = 6b47cee9a39db0ba52d45fc69fc3b50a752ffe0824136aef2525ac7bff7e07e4 SHA512 (ed448goldilocks-code-0324a955696d3235b5700046a487f8a2086baf1f.zip) = 5ce7417aeb79445ae43ec7bc9d58603732c3f79ca30920581179dbfec3922de989119dd7e9fe4e778567dccfebe2391940bc093200e50b3f89e4c221095c9fe6 Size (ed448goldilocks-code-0324a955696d3235b5700046a487f8a2086baf1f.zip) = 290123 bytes d8 1 @ 1.3 log @security: Remove SHA1 hashes for distfiles @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.2 2021/03/12 23:01:07 fox Exp $ d3 1 a3 1 RMD160 (ed448goldilocks-code-0324a955696d3235b5700046a487f8a2086baf1f.zip) = c6ef698b28caa10ce6a81da0afc62c97d17cc228 @ 1.2 log @security/libdecaf: Updates to v1.0.1 - Build scripts now depend on the sourceforce git repository directly. Changes since v1.0.0: October 10, 2020: A paper by Konstantinos Chalkias, François Garillot, and Valeria Nikolaenko, to be found at: https://eprint.iacr.org/2020/1244.pdf discusses malleability in EdDSA implementations. Their test vectors reveal unintentional malleability in libdecaf's version of EdDSA verify, in violation of RFC 8032. With this malleability, an attacker could modify an existing valid signature to create a new signature that is still valid, but only for the same message. Releave v1.0.1, correcting this flaw. Additional changes generated from git commit logs: - (tag: v1.0.1) Fix bug in ristretto elligator: it should be able to take improper field elements as input - Fix malleability bug from https://eprint.iacr.org/2020/1244.pdf and add test vectors - Optimize s^2 -> s2 - Dont double generator for Ed448RistrettoPoint - Update ristretto.sage for python3. Also add Ed448RistrettoPoint for reference - Add safer version of EdDSA signing API - Fix issues when compiling on GCC 9.1 - Also remove X_SER_BYTES while were at it - Remove gf_hibit, since it was a relic from p521 days - Adds errno.eexist, remove hardcoded error value - Tweak generated code message - Fix flaky Python generator - Add full RFC 8032 test vectors - Change test scripts to avoid GCC warnings - Minor changes. Bump version number in CMakeLists.txt @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.1 2019/08/11 16:47:52 fox Exp $ a2 1 SHA1 (ed448goldilocks-code-0324a955696d3235b5700046a487f8a2086baf1f.zip) = 064381d845a45250093942fe6010ea16290ec756 @ 1.1 log @Import of libdecaf 1.0.0 as security/libdecaf Implementation of elliptic curve cryptography using the Montgomery and Edwards curves Curve25519, Ed25519, Ed448-Goldilocks and Curve448, using the Decaf / Ristretto encoding. @ text @d1 1 a1 1 $NetBSD$ d3 5 a7 4 SHA1 (libdecaf-1.0.0.tgz) = c36a3b392763d6ddae4304a7e4c48353d8f1f474 RMD160 (libdecaf-1.0.0.tgz) = 1ff710c56f2e0682547ed78dc427893b40604c06 SHA512 (libdecaf-1.0.0.tgz) = 0a962fe01e73655db98c98692938794d6ec4cee5656f9a6172ab24e385882229f9163d09212b2a13bff874623c18befb6aaa2f0ed65aa638e1a3c56dd3e124c0 Size (libdecaf-1.0.0.tgz) = 614589 bytes @