From patchwork Sun Apr 26 11:44:14 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 9729 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519) (Client CN "mail01.haj.ipfire.org", Issuer "R12" (not verified)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4g3PyH0d7Dz3xNH for ; Sun, 26 Apr 2026 11:45:11 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519) (Client CN "mail02.haj.ipfire.org", Issuer "E8" (not verified)) by mail01.ipfire.org (Postfix) with ESMTPS id 4g3PyG5Ctwz6fS for ; Sun, 26 Apr 2026 11:45:10 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [IPv6:::1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4g3Pxy3fwcz379J for ; Sun, 26 Apr 2026 11:44:54 +0000 (UTC) X-Original-To: development@lists.ipfire.org Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519) (Client CN "mail01.haj.ipfire.org", Issuer "R12" (not verified)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4g3Pxp01Fbz34Tt for ; Sun, 26 Apr 2026 11:44:45 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4g3Pxn4S7Cz78g; Sun, 26 Apr 2026 11:44:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1777203885; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=51mB1qsixUqDXBFDrM1yIOl7n4GiHjsc1E24Ea9PW3U=; b=Liyi8WJhoOuKV/E0HI+Ku9qgnJwhZhyrvfIKiJD2VgiUgFDR0e7w86spofTKChc4yTiyII AIZZed73o8CtuKFkuV/gAdEOy8szT3LSeBwWqlH/5itY8j49ZpxdirooJ4DQSNRjJAAk9M gXpeofa7M/1lLiMiA49LzeLYRn/2Ty5U8wuRMoL/9Y4gjEbln5YUa1REZJiyp3JOdtKtfH JrfSpmu3x7An5QhXYi2CPzj+a8IgYs9vlftVK2A4FjRYohCZHZ6TPmptA+XeEzc/cbyILA RwPudWknM7MsFHS50omluUnqm3+l8imYWqsq3yuWyjSvv+yKibFOCI9LOZ4V+g== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1777203885; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=51mB1qsixUqDXBFDrM1yIOl7n4GiHjsc1E24Ea9PW3U=; b=aikxRYAKmEjqdwiuUcC/kPzJBx2MqxSij4978SIuEDKbW6tI6pd5qloUtLGcnPEKSImmcP EKsOiBx/5NqIdiCg== From: Adolf Belka To: development@lists.ipfire.org Cc: Adolf Belka Subject: [PATCH] libsodium: Update to version 1.0.22 Date: Sun, 26 Apr 2026 13:44:14 +0200 Message-ID: <20260426114418.122889-25-adolf.belka@ipfire.org> In-Reply-To: <20260426114418.122889-1-adolf.belka@ipfire.org> References: <20260426114418.122889-1-adolf.belka@ipfire.org> Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: MIME-Version: 1.0 - Update from version 1.0.21 to 1.0.22 - Update of rootfile - Patch fix for arm build has been integrated into the tarball in this version - Changelog 1.0.22 - Post-quantum key encapsulation is now available. ML-KEM768, the NIST-standardized lattice-based KEM, is accessible through the `crypto_kem_mlkem768_*()` functions. - X-Wing, a hybrid KEM combining ML-KEM768 with X25519 for protection against both classical and quantum adversaries, is available through the `crypto_kem_*()` functions. X-Wing is the recommended KEM for most applications. - SHA-3 hash functions are now available as `crypto_hash_sha3256_*()` and `crypto_hash_sha3512_*()`, with both one-shot and streaming APIs. 1.0.21-stable - Performance: NEON optimizations for Argon2 on ARM platforms. - Performance: SHA3 (Keccak1600) now leverages ARM SHA3 instructions when available on ARM platforms. - Performance: WebAssembly SIMD implementations of Argon2 have been added. - Emscripten: LTO is now disabled. With Emscripten 4, LTO produced WebAssembly modules with functions that ran significantly slower than without it. - Emscripten: a new option allows compilation with SIMD support. - Emscripten: native ESM module generation is now supported. - JavaScript sumo builds now allow up to 80 MiB memory usage, so that `crypto_pwhash` with the interactive settings can be used in pure JavaScript, not just WebAssembly. - XOF state alignment has been relaxed. - `crypto_core_keccak1600_state` has been added. - Export missing `crypto_ipcrypt_nd_keygen()` helper function. - `crypto_auth_hmacsha256_init` and `crypto_auth_hmacsha512_init` now accept NULL key pointers (with a zero key length), for consistency with other `_init` functions. - apple-xcframework: headers are now in a Clibsodium subdirectory to prevent module.modulemap collisions with other xcframeworks. - Fixed compilation with GCC on aarch64 and gcc 4.x. - On aarch64, aes256-gcm is now enabled even when not using clang, including MSVC. - Added compatibility with Visual Studio 2026 when toolsets do not define PlatformToolsetVersion. - Libsodium can be directly used as a dependency in a Zig project. - Performance of MSVC builds has been improved. Signed-off-by: Adolf Belka --- config/rootfiles/common/libsodium | 6 +++- lfs/libsodium | 7 ++-- ..._fix_compilation_with_GCC_on_aarch64.patch | 33 ------------------- 3 files changed, 8 insertions(+), 38 deletions(-) delete mode 100644 src/patches/libsodium-1.0.21_fix_compilation_with_GCC_on_aarch64.patch diff --git a/config/rootfiles/common/libsodium b/config/rootfiles/common/libsodium index 423fabba1..02501408d 100644 --- a/config/rootfiles/common/libsodium +++ b/config/rootfiles/common/libsodium @@ -25,12 +25,16 @@ #usr/include/sodium/crypto_generichash_blake2b.h #usr/include/sodium/crypto_hash.h #usr/include/sodium/crypto_hash_sha256.h +#usr/include/sodium/crypto_hash_sha3.h #usr/include/sodium/crypto_hash_sha512.h #usr/include/sodium/crypto_ipcrypt.h #usr/include/sodium/crypto_kdf.h #usr/include/sodium/crypto_kdf_blake2b.h #usr/include/sodium/crypto_kdf_hkdf_sha256.h #usr/include/sodium/crypto_kdf_hkdf_sha512.h +#usr/include/sodium/crypto_kem.h +#usr/include/sodium/crypto_kem_mlkem768.h +#usr/include/sodium/crypto_kem_xwing.h #usr/include/sodium/crypto_kx.h #usr/include/sodium/crypto_onetimeauth.h #usr/include/sodium/crypto_onetimeauth_poly1305.h @@ -75,5 +79,5 @@ #usr/lib/libsodium.la #usr/lib/libsodium.so usr/lib/libsodium.so.26 -usr/lib/libsodium.so.26.3.0 +usr/lib/libsodium.so.26.4.0 #usr/lib/pkgconfig/libsodium.pc diff --git a/lfs/libsodium b/lfs/libsodium index 8f6605643..31604274d 100644 --- a/lfs/libsodium +++ b/lfs/libsodium @@ -24,10 +24,10 @@ include Config -VER = 1.0.21 +VER = 1.0.22 THISAPP = libsodium-$(VER) -DL_FILE = $(THISAPP).tar.gz +DL_FILE = $(THISAPP).tar.bz2 DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = df68159bbf0b5198ab185e93857b4f07af1d4aa7ffd178b7cb78ff5b020b6ee93ab5c3e71f59812b79906ff4df19e42845435c2bc22bbe8b0a0804076b0ddd05 +$(DL_FILE)_BLAKE2 = 054878d42c67a5bb0e65adea6746668cd768e3650a164e3b33b8d68361a824fa37f7cadd8cce60f4ba5a25921f4910380b8ea95992c2b4c34160937005277cd4 install : $(TARGET) @@ -73,7 +73,6 @@ $(subst %,%_BLAKE2,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/libsodium-1.0.21_fix_compilation_with_GCC_on_aarch64.patch cd $(DIR_APP) && ./configure \ --prefix=/usr \ --disable-static diff --git a/src/patches/libsodium-1.0.21_fix_compilation_with_GCC_on_aarch64.patch b/src/patches/libsodium-1.0.21_fix_compilation_with_GCC_on_aarch64.patch deleted file mode 100644 index 1ffdbd088..000000000 --- a/src/patches/libsodium-1.0.21_fix_compilation_with_GCC_on_aarch64.patch +++ /dev/null @@ -1,33 +0,0 @@ -diff --git a/src/libsodium/crypto_ipcrypt/ipcrypt_armcrypto.c b/src/libsodium/crypto_ipcrypt/ipcrypt_armcrypto.c -index c5a27e92ec..bad4ce3898 100644 ---- a/src/libsodium/crypto_ipcrypt/ipcrypt_armcrypto.c -+++ b/src/libsodium/crypto_ipcrypt/ipcrypt_armcrypto.c -@@ -37,7 +37,7 @@ typedef uint64x2_t BlockVec; - # define XOR128_3(a, b, c) veorq_u64(veorq_u64((a), (b)), (c)) - # define SET64x2(a, b) vsetq_lane_u64((uint64_t) (a), vmovq_n_u64((uint64_t) (b)), 1) - # define BYTESHL128(a, b) \ -- vreinterpretq_u64_u8(vextq_s8(vdupq_n_s8(0), vreinterpretq_s8_u64(a), 16 - (b))) -+ vreinterpretq_u64_u8(vextq_u8(vdupq_n_u8(0), vreinterpretq_u8_u64(a), 16 - (b))) - - # define AES_XENCRYPT(block_vec, rkey) \ - vreinterpretq_u64_u8( \ -@@ -348,12 +348,12 @@ pfx_set_bit(uint8_t ip16[16], const unsigned int bit_index, const uint8_t bit_va - static void - pfx_shift_left(uint8_t ip16[16]) - { -- BlockVec v = LOAD128(ip16); -- const BlockVec shl = vshlq_n_u8(vreinterpretq_u8_u64(v), 1); -- const BlockVec msb = vshrq_n_u8(vreinterpretq_u8_u64(v), 7); -- const BlockVec zero = vdupq_n_u8(0); -- const BlockVec carries = vextq_u8(vreinterpretq_u8_u64(msb), zero, 1); -- v = vreinterpretq_u64_u8(vorrq_u8(shl, carries)); -+ BlockVec v = LOAD128(ip16); -+ const uint8x16_t shl = vshlq_n_u8(vreinterpretq_u8_u64(v), 1); -+ const uint8x16_t msb = vshrq_n_u8(vreinterpretq_u8_u64(v), 7); -+ const uint8x16_t zero = vdupq_n_u8(0); -+ const uint8x16_t carries = vextq_u8(msb, zero, 1); -+ v = vreinterpretq_u64_u8(vorrq_u8(shl, carries)); - STORE128(ip16, v); - } - -