commit: d79efc11894c98b7c9604bfaf3577499c9f66347 Author: Sam James <sam <AT> gentoo <DOT> org> AuthorDate: Thu Nov 20 20:16:48 2025 +0000 Commit: Sam James <sam <AT> gentoo <DOT> org> CommitDate: Mon Feb 23 20:00:22 2026 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d79efc11
dev-libs/leancrypto: new package, add 1.6.0 I see some test failures with (just) GCC 16, not debugged that yet, but don't want to put off pushing this longer because of that. Bug: https://github.com/hughsie/libjcat/issues/195 Signed-off-by: Sam James <sam <AT> gentoo.org> dev-libs/leancrypto/Manifest | 2 + .../files/leancrypto-1.6.0-avoid-accel-crash.patch | 172 +++++++++++++++++++++ .../files/leancrypto-1.6.0-no-force-lto.patch | 24 +++ .../files/leancrypto-1.6.0-use-init.patch | 89 +++++++++++ dev-libs/leancrypto/leancrypto-1.6.0.ebuild | 56 +++++++ dev-libs/leancrypto/metadata.xml | 10 ++ 6 files changed, 353 insertions(+) diff --git a/dev-libs/leancrypto/Manifest b/dev-libs/leancrypto/Manifest new file mode 100644 index 000000000000..fec8ca2f32f5 --- /dev/null +++ b/dev-libs/leancrypto/Manifest @@ -0,0 +1,2 @@ +DIST leancrypto-1.6.0.tar.xz 40197212 BLAKE2B a7674e8111a633e2abeeb125d7fcba3bca8f4cd8beb9812675f08ab71b1277c2e8dc39500d1d44cf618c1eb65bd0a03e42f32a6ef9767688c0724f51fc54836d SHA512 b1b677ef005497d513b72ced2f4186d97cad12f82817d7bc82d09bbc0e8c0f54ad9496ff95374d61dd3d677ca3bfadc55c29885d04421d20ff58dcab3fc01347 +DIST leancrypto-1.6.0.tar.xz.asc 265 BLAKE2B ed584471cec94f348d51b4f54f21b93758dbe0d70d31f37086ef074cc5eea19b95fdd8e5be436783e41367939fbcc82f6366d2b5fa16a5f6213781dd14795801 SHA512 3e1357e65e9781be8f36f7d83bb25cb20a3bd404351a2dda8aefd8eccb7b49b4e36d743bb5ce168ac012be3f089c2ceaf15d3d5405d206f5050cc5368ce0e188 diff --git a/dev-libs/leancrypto/files/leancrypto-1.6.0-avoid-accel-crash.patch b/dev-libs/leancrypto/files/leancrypto-1.6.0-avoid-accel-crash.patch new file mode 100644 index 000000000000..5241aedb0d6b --- /dev/null +++ b/dev-libs/leancrypto/files/leancrypto-1.6.0-avoid-accel-crash.patch @@ -0,0 +1,172 @@ +https://github.com/smuellerDD/leancrypto/commit/eb0ba53f220bc4fcc435c16da60e0892933af656 + +From eb0ba53f220bc4fcc435c16da60e0892933af656 Mon Sep 17 00:00:00 2001 +From: Stephan Mueller <[email protected]> +Date: Thu, 27 Nov 2025 23:12:03 +0100 +Subject: [PATCH] Curve25519/448: Compile API code as pure C + +Considering that the API functions are invoked without checking for +accelerations, they MUST be compiled without any accelerated options. + +This prevents a SIGILL when the respective option is not available +on the target platform + +Reported-by: Alexander Sosedkin +Signed-off-by: Stephan Mueller <[email protected]> +--- + curve25519/src/armv7/curve25519_armv7.c | 4 ++-- + curve25519/src/armv7/meson.build | 1 - + curve25519/src/armv8/curve25519_armv8.c | 2 +- + curve25519/src/armv8/meson.build | 1 - + curve25519/src/avx/curve25519_avx.c | 4 ++-- + curve25519/src/avx/meson.build | 1 - + curve25519/src/meson.build | 9 +++++++++ + curve448/src/avx2/curve448_scalarmult_avx2.c | 4 ++-- + curve448/src/avx2/meson.build | 1 - + curve448/src/meson.build | 3 +++ + 10 files changed, 19 insertions(+), 11 deletions(-) + +diff --git a/curve25519/src/armv7/curve25519_armv7.c b/curve25519/src/armv7/curve25519_armv7.c +index 5d03bfec..c988f6fc 100644 +--- a/curve25519/src/armv7/curve25519_armv7.c ++++ b/curve25519/src/armv7/curve25519_armv7.c +@@ -19,8 +19,8 @@ + + #include "cpufeatures.h" + #include "curve25519_armv7.h" +-#include "x25519_scalarmult.h" +-#include "x25519_scalarmult_c.h" ++#include "../x25519_scalarmult.h" ++#include "../x25519_scalarmult_c.h" + + int crypto_scalarmult_curve25519(unsigned char *q, const unsigned char *n, + const unsigned char *p) +diff --git a/curve25519/src/armv7/meson.build b/curve25519/src/armv7/meson.build +index 5768d836..d06c9212 100644 +--- a/curve25519/src/armv7/meson.build ++++ b/curve25519/src/armv7/meson.build +@@ -1,7 +1,6 @@ + # for i in $(ls *.c | sort); do echo "'$i',"; done + + curve25519_armv7 = files([ +- 'curve25519_armv7.c', + 'x25519-cortex-m4-gcc.S', + ]) + +diff --git a/curve25519/src/armv8/curve25519_armv8.c b/curve25519/src/armv8/curve25519_armv8.c +index 892ca053..a74bbcdd 100644 +--- a/curve25519/src/armv8/curve25519_armv8.c ++++ b/curve25519/src/armv8/curve25519_armv8.c +@@ -21,7 +21,7 @@ + #include "cpufeatures.h" + #include "curve25519_armv8.h" + #include "lc_memset_secure.h" +-#include "x25519_scalarmult.h" ++#include "../x25519_scalarmult.h" + + int crypto_scalarmult_curve25519(unsigned char *q, const unsigned char *n, + const unsigned char *p) +diff --git a/curve25519/src/armv8/meson.build b/curve25519/src/armv8/meson.build +index bc3610e4..508d44e5 100644 +--- a/curve25519/src/armv8/meson.build ++++ b/curve25519/src/armv8/meson.build +@@ -1,7 +1,6 @@ + # for i in $(ls *.c | sort); do echo "'$i',"; done + + curve25519_armv8 = files([ +- 'curve25519_armv8.c', + 'X25519-AArch64.S', + ]) + +diff --git a/curve25519/src/avx/curve25519_avx.c b/curve25519/src/avx/curve25519_avx.c +index ef605d54..9430d6d4 100644 +--- a/curve25519/src/avx/curve25519_avx.c ++++ b/curve25519/src/avx/curve25519_avx.c +@@ -40,8 +40,8 @@ + #include "fe51.h" + #include "ladder.h" + #include "lc_memset_secure.h" +-#include "x25519_scalarmult.h" +-#include "x25519_scalarmult_c.h" ++#include "../x25519_scalarmult.h" ++#include "../x25519_scalarmult_c.h" + + #define x1 var[0] + #define x2 var[1] +diff --git a/curve25519/src/avx/meson.build b/curve25519/src/avx/meson.build +index ecf7706c..dde3e1ce 100644 +--- a/curve25519/src/avx/meson.build ++++ b/curve25519/src/avx/meson.build +@@ -1,7 +1,6 @@ + # for i in $(ls *.c | sort); do echo "'$i',"; done + + curve25519_avx = files([ +- 'curve25519_avx.c', + 'curve25519_avx_asm.S', + 'fe51_invert.c', + 'fe_frombytes_avx.c', +diff --git a/curve25519/src/meson.build b/curve25519/src/meson.build +index c5930bb6..8fa85dee 100644 +--- a/curve25519/src/meson.build ++++ b/curve25519/src/meson.build +@@ -12,10 +12,19 @@ if get_option('kyber_x25519').enabled() + + if (x86_64_asm) + subdir('avx') ++ src += files([ ++ 'avx/curve25519_avx.c', ++ ]) + elif (arm64_asm) + subdir('armv8') ++ src += files([ ++ 'armv8/curve25519_armv8.c', ++ ]) + elif (arm32_neon_asm) + subdir('armv7') ++ src += files([ ++ 'armv7/curve25519_armv7.c', ++ ]) + else + src += files([ + 'x25519_scalarmult.c', +diff --git a/curve448/src/avx2/curve448_scalarmult_avx2.c b/curve448/src/avx2/curve448_scalarmult_avx2.c +index 1c94662e..2d180b37 100644 +--- a/curve448/src/avx2/curve448_scalarmult_avx2.c ++++ b/curve448/src/avx2/curve448_scalarmult_avx2.c +@@ -65,8 +65,8 @@ + #include "lc_memset_secure.h" + #include "lc_x448.h" + #include "small_stack_support.h" +-#include "x448_scalarmult.h" +-#include "x448_scalarmult_c.h" ++#include "../x448_scalarmult.h" ++#include "../x448_scalarmult_c.h" + + static const uint8_t curve448_base_point[LC_X448_PUBLICKEYBYTES] = { 5 }; + +diff --git a/curve448/src/avx2/meson.build b/curve448/src/avx2/meson.build +index 1fb2dffc..9fa2f827 100644 +--- a/curve448/src/avx2/meson.build ++++ b/curve448/src/avx2/meson.build +@@ -1,7 +1,6 @@ + # for i in $(ls *.c | sort); do echo "'$i',"; done + + curve448_avx2 = files([ +- 'curve448_scalarmult_avx2.c', + 'gf_p4482241_inv.c', + 'curve448_scalarmult_avx2_asm.S', + 'gf_p4482241_pack.c', +diff --git a/curve448/src/meson.build b/curve448/src/meson.build +index cc49b878..88c792b0 100644 +--- a/curve448/src/meson.build ++++ b/curve448/src/meson.build +@@ -22,6 +22,9 @@ if get_option('kyber_x448').enabled() + + if (x86_64_asm) + subdir('avx2') ++ src += files([ ++ 'avx2/curve448_scalarmult_avx2.c', ++ ]) + else + src += files([ + 'x448_scalarmult.c', diff --git a/dev-libs/leancrypto/files/leancrypto-1.6.0-no-force-lto.patch b/dev-libs/leancrypto/files/leancrypto-1.6.0-no-force-lto.patch new file mode 100644 index 000000000000..8feead35e776 --- /dev/null +++ b/dev-libs/leancrypto/files/leancrypto-1.6.0-no-force-lto.patch @@ -0,0 +1,24 @@ +--- a/meson.build ++++ b/meson.build +@@ -81,21 +81,6 @@ if cc.has_argument('-mbranch-protection=standard') + add_global_arguments([ '-mbranch-protection=standard' ], language: 'c') + endif + +-# MINGW64 cannot handle lto properly at the moment +-if (cc.has_argument('-flto') and +- host_machine.system() != 'windows' and +- get_option('efi').disabled()) +- add_global_arguments([ '-flto=auto' ], language: 'c') +- add_project_link_arguments('-flto=auto', language : 'c') +-endif +- +-if (cc.has_argument('-ffat-lto-objects') and +- host_machine.system() != 'windows' and +- host_machine.system() != 'darwin' and +- get_option('efi').disabled()) +- add_global_arguments([ '-ffat-lto-objects' ], language: 'c') +-endif +- + if get_option('optimization') == '0' + add_global_arguments([ '-DDEBUG' ], language: 'c') + elif get_option('efi').disabled() diff --git a/dev-libs/leancrypto/files/leancrypto-1.6.0-use-init.patch b/dev-libs/leancrypto/files/leancrypto-1.6.0-use-init.patch new file mode 100644 index 000000000000..b7666335f68c --- /dev/null +++ b/dev-libs/leancrypto/files/leancrypto-1.6.0-use-init.patch @@ -0,0 +1,89 @@ +https://github.com/smuellerDD/leancrypto/commit/64cb452a19cda415e2f00b31b681a9cc03989588 + +From 64cb452a19cda415e2f00b31b681a9cc03989588 Mon Sep 17 00:00:00 2001 +From: Stephan Mueller <[email protected]> +Date: Wed, 26 Nov 2025 11:46:56 +0100 +Subject: [PATCH] Tests: use lc_init when linking with static libarary + +When linking with the static library, the constructors are not adopted +for the application. Therefore, the init function setting the accelerations +is not completed which implies that the test status display was showing wrong +acceleration support. + +Signed-off-by: Stephan Mueller <[email protected]> +--- + ml-dsa/tests/dilithium_tester.c | 8 ++++++++ + ml-kem/tests/kyber_kem_tester.c | 8 ++++++++ + slh-dsa/tests/sphincs_tester.c | 8 ++++++++ + 3 files changed, 24 insertions(+) + +diff --git a/ml-dsa/tests/dilithium_tester.c b/ml-dsa/tests/dilithium_tester.c +index e2edead5..4a1470e4 100644 +--- a/ml-dsa/tests/dilithium_tester.c ++++ b/ml-dsa/tests/dilithium_tester.c +@@ -32,6 +32,7 @@ + #include "dilithium_tester.h" + #include "ext_headers_internal.h" + #include "lc_hash.h" ++#include "lc_init.h" + #include "lc_sha3.h" + #include "ret_checkers.h" + #include "selftest_rng.h" +@@ -472,3 +473,10 @@ int _dilithium_init_update_final_tester( + return ret; + #endif + } ++ ++#ifndef LINUX_KERNEL ++LC_CONSTRUCTOR(kyber_kem_init, 101) ++{ ++ lc_init(0); ++} ++#endif +diff --git a/ml-kem/tests/kyber_kem_tester.c b/ml-kem/tests/kyber_kem_tester.c +index b6b1813b..bb9bfd1f 100644 +--- a/ml-kem/tests/kyber_kem_tester.c ++++ b/ml-kem/tests/kyber_kem_tester.c +@@ -28,6 +28,7 @@ + #include "ext_headers_internal.h" + #include "kyber_type.h" + #include "kyber_kem_tester.h" ++#include "lc_init.h" + #include "lc_sha3.h" + #include "ret_checkers.h" + #include "small_stack_support.h" +@@ -505,3 +506,10 @@ int _kyber_kem_kdf_tester( + LC_RELEASE_MEM(ws); + return ret; + } ++ ++#ifndef LINUX_KERNEL ++LC_CONSTRUCTOR(kyber_kem_init, 101) ++{ ++ lc_init(0); ++} ++#endif +diff --git a/slh-dsa/tests/sphincs_tester.c b/slh-dsa/tests/sphincs_tester.c +index 34b9e0e4..1cf12106 100644 +--- a/slh-dsa/tests/sphincs_tester.c ++++ b/slh-dsa/tests/sphincs_tester.c +@@ -19,6 +19,7 @@ + + #include "compare.h" + #include "cpufeatures.h" ++#include "lc_init.h" + #include "small_stack_support.h" + #include "sphincs_type.h" + #include "static_rng.h" +@@ -181,3 +182,10 @@ LC_TEST_FUNC(int, main, int argc, char *argv[]) + lc_cpu_feature_enable(); + return ret; + } ++ ++#ifndef LINUX_KERNEL ++LC_CONSTRUCTOR(kyber_kem_init, 101) ++{ ++ lc_init(0); ++} ++#endif + diff --git a/dev-libs/leancrypto/leancrypto-1.6.0.ebuild b/dev-libs/leancrypto/leancrypto-1.6.0.ebuild new file mode 100644 index 000000000000..4048fbb955bd --- /dev/null +++ b/dev-libs/leancrypto/leancrypto-1.6.0.ebuild @@ -0,0 +1,56 @@ +# Copyright 2025-2026 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/leancrypto.asc +inherit dot-a meson-multilib verify-sig + +DESCRIPTION="Lean cryptographic library usable for bare-metal environments " +HOMEPAGE="https://leancrypto.org/"; +SRC_URI=" + https://leancrypto.org/leancrypto/releases/${P}/${P}.tar.xz + verify-sig? ( https://leancrypto.org/leancrypto/releases/${P}/${P}.tar.xz.asc ) +" + +LICENSE="|| ( GPL-2 BSD-2 )" +SLOT="0/1" +KEYWORDS="~amd64" +IUSE="asm test tools" +RESTRICT="!test? ( test )" + +BDEPEND=" + verify-sig? ( sec-keys/openpgp-keys-leancrypto ) +" + +PATCHES=( + "${FILESDIR}"/${P}-use-init.patch + "${FILESDIR}"/${P}-avoid-accel-crash.patch + "${FILESDIR}"/${PN}-1.6.0-no-force-lto.patch +) + +src_configure() { + lto-guarantee-fat + meson-multilib_src_configure +} + +multilib_src_configure() { + local emesonargs=( + -Dstrip=false + $(meson_use !asm disable-asm) + $(meson_feature test tests) + $(meson_native_use_feature tools apps) + ) + + meson_src_configure +} + +multilib_src_test() { + # Only run the regression tests rather than the performance ones + meson_src_test --timeout-multiplier=16 --suite=regression +} + +multilib_src_install_all() { + strip-lto-bytecode + einstalldocs +} diff --git a/dev-libs/leancrypto/metadata.xml b/dev-libs/leancrypto/metadata.xml new file mode 100644 index 000000000000..1961e6bfce83 --- /dev/null +++ b/dev-libs/leancrypto/metadata.xml @@ -0,0 +1,10 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd";> +<pkgmetadata> + <maintainer type="project"> + <email>[email protected]</email> + </maintainer> + <upstream> + <remote-id type="github">smuellerDD/leancrypto</remote-id> + </upstream> +</pkgmetadata>
