mirror of
https://github.com/vincentmli/bpfire.git
synced 2026-04-09 18:45:54 +02:00
68b8b5fa81
- Update from version 3.8.1 to 3.9 - Update of rootfile - Changelog NEWS for the Nettle 3.9 release This release includes bug fixes, several new features, a few performance improvements, and one performance regression affecting GCM on certain platforms. The new version is intended to be fully source and binary compatible with Nettle-3.6. The shared library names are libnettle.so.8.7 and libhogweed.so.6.7, with sonames libnettle.so.8 and libhogweed.so.6. This release includes a rewrite of the C implementation of GHASH (dating from 2011), as well as the plain x86_64 assembly version, to use precomputed tables in a different way, with tables always accessed in the same sequential manner. This should make Nettle's GHASH implementation side-channel silent on all platforms, but considerably slower on platforms without carry-less mul instructions. E.g., benchmarks of the C implementation on x86_64 showed a slowdown of 3 times. Bug fixes: * Fix bug in ecdsa and gostdsa signature verify operation, for the unlikely corner case that point addition really is point duplication. * Fix for chacha on Power7, nettle's assembly used an instruction only available on later processors. Fixed by Mamone Tarsha. * GHASH implementation should now be side-channel silent on all architectures. * A few portability fixes for *BSD. New features: * Support for the SM4 block cipher, contributed by Tianjia Zhang. * Support for the Balloon password hash, contributed by Zoltan Fridrich. * Support for SIV-GCM authenticated encryption mode, contributed by Daiki Ueno. * Support for OCB authenticated encryption mode. * New exported functions md5_compress, sha1_compress, sha256_compress, sha512_compress, based on patches from Corentin Labbe. Optimizations: * Improved sha256 performance, in particular for x86_64 and s390x. * Use GMP's mpn_sec_tabselect, which is implemented in assembly on many platforms, and delete the similar nettle function. Gives a modest speedup to all ecc operations. * Faster poly1305 for x86_64 and ppc64. New ppc code contributed by Mamone Tarsha. Miscellaneous: * New ASM_FLAGS variable recognized by configure. * Delete all arcfour assembly code. Affects 32-bit x86, 32-bit and 64-bit sparc. Known issues: * Version 6.2.1 of GNU GMP (the most recent GMP release as of this writing) has a known issue for MacOS on 64-bit ARM: GMP assembly files use the reserved x18 register. On this platform it is recommended to use a GMP snapshot where this bug is fixed, and upgrade to a later GMP release when one becomes available. * Also on MacOS, Nettle's testsuite may still break due to DYLD_LIBRARY_PATH being discarded under some circumstances. As a workaround, use * make check EMULATOR='env DYLD_LIBRARY_PATH=$(TEST_SHLIB_DIR)' Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
IPFire 2.x - The Open Source Firewall
What is IPFire?
IPFire is a hardened, versatile, state-of-the-art Open Source firewall based on Linux. Its ease of use, high performance in any scenario and extensibility make it usable for everyone. For a full list of features have a look here.
This repository contains the source code of IPFire 2.x which is used to build the whole distribution from scratch, since IPFire is not based on any other distribution.
Where can I get IPFire?
Just head over to https://www.ipfire.org/download
How do I use this software?
We have a long and detailed wiki located here which should answers most of your questions.
But I have some questions left. Where can I get support?
You can ask your question at our community located here. A complete list of our support channels can be found here.
How can I contribute?
We have another document for this. Please look here.