New relese?

[kloczek]

Is it possible to make new release soon?
I'm asking because lat latest perl CryptX seems is using featires which are not included in 1.18.2 and are only available in commits added after last release.
Here is build fail log on building perl CryptX against libtomcrypt 1.18.2.

/usr/bin/gcc -c   -D_REENTRANT -D_GNU_SOURCE -O2 -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -fdata-sections -ffunction-sections -flto=auto -flto-partition=none -fwrapv -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -Wl,-z,relro -Wl,--as-needed -Wl,--gc-sections -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -flto=auto -flto-partition=none -fuse-linker-plugin   -DVERSION=\"0.071\" -DXS_VERSION=\"0.071\" -fPIC "-I/usr/lib64/perl5/CORE"   CryptX.c
CryptX.xs:35:9: error: unknown type name 'salsa20_state'
   35 | typedef salsa20_state           *Crypt__Stream__Salsa20;
      |         ^~~~~~~~~~~~~
CryptX.xs:36:9: error: unknown type name 'sosemanuk_state'
   36 | typedef sosemanuk_state         *Crypt__Stream__Sosemanuk;
      |         ^~~~~~~~~~~~~~~
CryptX.xs:37:9: error: unknown type name 'rabbit_state'
   37 | typedef rabbit_state            *Crypt__Stream__Rabbit;
      |         ^~~~~~~~~~~~
CryptX.xs:154:3: error: unknown type name 'curve25519_key'
  154 |   curve25519_key key;
      |   ^~~~~~~~~~~~~~
CryptX.xs:161:3: error: unknown type name 'curve25519_key'
  161 |   curve25519_key key;
      |   ^~~~~~~~~~~~~~
CryptX.xs: In function 'mp_tohex_with_leading_zero':
CryptX.xs:173:3: warning: 'mp_toradix_n' is deprecated: replaced by mp_to_radix [-Wdeprecated-declarations]
  173 |   rv = mp_toradix_n(a, str, 16, maxlen);
      |   ^~
In file included from CryptX.xs:23:
/usr/include/tommath.h:751:35: note: declared here
  751 | MP_DEPRECATED(mp_to_radix) mp_err mp_toradix_n(const mp_int *a, char *str, int radix, int maxlen) MP_WUR;
      |                                   ^~~~~~~~~~~~
CryptX.xs: In function '_ecc_oid_lookup':
CryptX.xs:260:10: error: unknown type name 'ltc_ecc_curve'
  260 |    const ltc_ecc_curve *cu;
      |          ^~~~~~~~~~~~~
CryptX.xs:262:11: error: 'key->dp' is a pointer; did you mean to use '->'?
  262 |    key->dp.oidlen = 0;
      |           ^
      |           ->
CryptX.xs:264:14: error: 'ltc_ecc_curves' undeclared (first use in this function)
  264 |    for (cu = ltc_ecc_curves; cu->prime != NULL; cu++) {
      |              ^~~~~~~~~~~~~~
CryptX.xs:264:14: note: each undeclared identifier is reported only once for each function it appears in
CryptX.xs:264:32: error: request for member 'prime' in something not a structure or union
  264 |    for (cu = ltc_ecc_curves; cu->prime != NULL; cu++) {
      |                                ^~
CryptX.xs:265:39: error: request for member 'prime' in something not a structure or union
  265 |       if ((err = mp_read_radix(tmp, cu->prime, 16)) != CRYPT_OK) continue;
      |                                       ^~
CryptX.xs:266:31: error: 'key->dp' is a pointer; did you mean to use '->'?
  266 |       if ((mp_cmp(tmp, key->dp.prime) != LTC_MP_EQ))             continue;
      |                               ^
      |                               ->
CryptX.xs:267:39: error: request for member 'order' in something not a structure or union
  267 |       if ((err = mp_read_radix(tmp, cu->order, 16)) != CRYPT_OK) continue;
      |                                       ^~
CryptX.xs:268:31: error: 'key->dp' is a pointer; did you mean to use '->'?
  268 |       if ((mp_cmp(tmp, key->dp.order) != LTC_MP_EQ))             continue;
      |                               ^
      |                               ->
CryptX.xs:269:39: error: request for member 'A' in something not a structure or union
  269 |       if ((err = mp_read_radix(tmp, cu->A,     16)) != CRYPT_OK) continue;
      |                                       ^~
CryptX.xs:270:31: error: 'key->dp' is a pointer; did you mean to use '->'?
  270 |       if ((mp_cmp(tmp, key->dp.A) != LTC_MP_EQ))                 continue;
      |                               ^
      |                               ->
CryptX.xs:271:39: error: request for member 'B' in something not a structure or union
  271 |       if ((err = mp_read_radix(tmp, cu->B,     16)) != CRYPT_OK) continue;
      |                                       ^~
CryptX.xs:272:31: error: 'key->dp' is a pointer; did you mean to use '->'?
  272 |       if ((mp_cmp(tmp, key->dp.B) != LTC_MP_EQ))                 continue;
      |                               ^
      |                               ->
CryptX.xs:273:39: error: request for member 'Gx' in something not a structure or union
  273 |       if ((err = mp_read_radix(tmp, cu->Gx,    16)) != CRYPT_OK) continue;
      |                                       ^~
CryptX.xs:274:31: error: 'key->dp' is a pointer; did you mean to use '->'?
  274 |       if ((mp_cmp(tmp, key->dp.base.x) != LTC_MP_EQ))            continue;
      |                               ^
      |                               ->
CryptX.xs:275:39: error: request for member 'Gy' in something not a structure or union
  275 |       if ((err = mp_read_radix(tmp, cu->Gy,    16)) != CRYPT_OK) continue;
      |                                       ^~
CryptX.xs:276:31: error: 'key->dp' is a pointer; did you mean to use '->'?
  276 |       if ((mp_cmp(tmp, key->dp.base.y) != LTC_MP_EQ))            continue;
      |                               ^
      |                               ->
CryptX.xs:277:18: error: 'key->dp' is a pointer; did you mean to use '->'?
  277 |       if (key->dp.cofactor != cu->cofactor)                      continue;
      |                  ^
      |                  ->
CryptX.xs:277:33: error: request for member 'cofactor' in something not a structure or union
  277 |       if (key->dp.cofactor != cu->cofactor)                      continue;
      |                                 ^~
CryptX.xs:281:10: error: request for member 'prime' in something not a structure or union
  281 |    if (cu->prime && cu->OID) {
      |          ^~
CryptX.xs:281:23: error: request for member 'OID' in something not a structure or union
  281 |    if (cu->prime && cu->OID) {
      |                       ^~
CryptX.xs:282:38: error: 'key->dp' is a pointer; did you mean to use '->'?
  282 |      for (i = 0; i < 16; i++) key->dp.oid[i] = 0;
      |                                      ^
      |                                      ->
CryptX.xs:283:38: error: request for member 'OID' in something not a structure or union
  283 |      for (i = 0, j = 0; i < strlen(cu->OID); i++) {
      |                                      ^~
CryptX.xs:284:14: error: request for member 'OID' in something not a structure or union
  284 |        if (cu->OID[i] == '.') {
      |              ^~
CryptX.xs:287:18: error: request for member 'OID' in something not a structure or union
  287 |        else if(cu->OID[i] >= '0' && cu->OID[i] <= '9') {
      |                  ^~
CryptX.xs:287:39: error: request for member 'OID' in something not a structure or union
  287 |        else if(cu->OID[i] >= '0' && cu->OID[i] <= '9') {
      |                                       ^~
CryptX.xs:288:17: error: 'key->dp' is a pointer; did you mean to use '->'?
  288 |          key->dp.oid[j] = key->dp.oid[j] * 10 + (cu->OID[i] - '0');
      |                 ^
      |                 ->
CryptX.xs:288:34: error: 'key->dp' is a pointer; did you mean to use '->'?
  288 |          key->dp.oid[j] = key->dp.oid[j] * 10 + (cu->OID[i] - '0');
      |                                  ^
      |                                  ->
CryptX.xs:288:52: error: request for member 'OID' in something not a structure or union
  288 |          key->dp.oid[j] = key->dp.oid[j] * 10 + (cu->OID[i] - '0');
      |                                                    ^~
CryptX.xs:294:13: error: 'key->dp' is a pointer; did you mean to use '->'?
  294 |      key->dp.oidlen = j + 1;
      |             ^
      |             ->
CryptX.xs: In function '_ecc_set_curve_from_SV':
CryptX.xs:332:11: error: unknown type name 'ltc_ecc_curve'
  332 |     const ltc_ecc_curve *cu;
      |           ^~~~~~~~~~~~~
CryptX.xs:334:9: warning: implicit declaration of function 'ecc_find_curve' [-Wimplicit-function-declaration]
  334 |     if (ecc_find_curve(ptr_crv, &cu) != CRYPT_OK) croak("FATAL: ecparams: unknown curve '%s'", ptr_crv);
      |         ^~~~~~~~~~~~~~
CryptX.xs:335:12: warning: implicit declaration of function 'ecc_set_curve' [-Wimplicit-function-declaration]
  335 |     return ecc_set_curve(cu, key);
      |            ^~~~~~~~~~~~~
CryptX.xs:339:5: error: unknown type name 'ltc_ecc_curve'
  339 |     ltc_ecc_curve cu = { 0 };
      |     ^~~~~~~~~~~~~
CryptX.xs:360:7: error: request for member 'OID' in something not a structure or union
  360 |     cu.OID = (sv_oid && SvOK(*sv_oid)) ? SvPV_nolen(*sv_oid) : NULL;
      |       ^
CryptX.xs:362:7: error: request for member 'prime' in something not a structure or union
  362 |     cu.prime    = SvPV_nolen(*sv_prime);
      |       ^
CryptX.xs:363:7: error: request for member 'A' in something not a structure or union
  363 |     cu.A        = SvPV_nolen(*sv_A);
      |       ^
CryptX.xs:364:7: error: request for member 'B' in something not a structure or union
  364 |     cu.B        = SvPV_nolen(*sv_B);
      |       ^
CryptX.xs:365:7: error: request for member 'order' in something not a structure or union
  365 |     cu.order    = SvPV_nolen(*sv_order);
      |       ^
CryptX.xs:366:7: error: request for member 'Gx' in something not a structure or union
  366 |     cu.Gx       = SvPV_nolen(*sv_Gx);
      |       ^
CryptX.xs:367:7: error: request for member 'Gy' in something not a structure or union
  367 |     cu.Gy       = SvPV_nolen(*sv_Gy);
      |       ^
CryptX.xs:368:7: error: request for member 'cofactor' in something not a structure or union
  368 |     cu.cofactor = (unsigned long)SvUV(*sv_cofactor);
      |       ^
CryptX.xs:371:16: error: 'key->dp' is a pointer; did you mean to use '->'?
  371 |     if (key->dp.oidlen == 0) _ecc_oid_lookup(key);
      |                ^
      |                ->
CryptX.xs: In function 'XS_Crypt__Misc__radix_to_bin':
CryptX.xs:425:11: warning: 'mp_unsigned_bin_size' is deprecated: replaced by mp_ubin_size [-Wdeprecated-declarations]
  425 |           len = mp_unsigned_bin_size(&mpi);
      |           ^~~
In file included from CryptX.xs:23:
/usr/include/tommath.h:731:33: note: declared here
  731 | MP_DEPRECATED(mp_ubin_size) int mp_unsigned_bin_size(const mp_int *a) MP_WUR;
      |                                 ^~~~~~~~~~~~~~~~~~~~
CryptX.xs:434:13: warning: 'mp_to_unsigned_bin' is deprecated: replaced by mp_to_ubin [-Wdeprecated-declarations]
  434 |             if (mp_to_unsigned_bin(&mpi, out_data) != MP_OKAY) {
      |             ^~
In file included from CryptX.xs:23:
/usr/include/tommath.h:733:34: note: declared here
  733 | MP_DEPRECATED(mp_to_ubin) mp_err mp_to_unsigned_bin(const mp_int *a, unsigned char *b) MP_WUR;
      |                                  ^~~~~~~~~~~~~~~~~~
CryptX.xs: In function 'XS_Crypt__Misc__bin_to_radix':
CryptX.xs:467:11: warning: 'mp_read_unsigned_bin' is deprecated: replaced by mp_from_ubin [-Wdeprecated-declarations]
  467 |           if (mp_read_unsigned_bin(&mpi, in_data, (unsigned long)len) == CRYPT_OK) {
      |           ^~
In file included from CryptX.xs:23:
/usr/include/tommath.h:732:36: note: declared here
  732 | MP_DEPRECATED(mp_from_ubin) mp_err mp_read_unsigned_bin(mp_int *a, const unsigned char *b, int c) MP_WUR;
      |                                    ^~~~~~~~~~~~~~~~~~~~
CryptX.xs:483:15: warning: 'mp_toradix' is deprecated: replaced by mp_to_radix [-Wdeprecated-declarations]
  483 |               if (mp_toradix(&mpi, out_data, radix) == MP_OKAY) {
      |               ^~
In file included from CryptX.xs:23:
/usr/include/tommath.h:750:35: note: declared here
  750 | MP_DEPRECATED(mp_to_radix) mp_err mp_toradix(const mp_int *a, char *str, int radix) MP_WUR;
      |                                   ^~~~~~~~~~
CryptX.xs: In function 'XS_Crypt__Misc_encode_b64':
CryptX.xs:524:67: warning: pointer targets in passing argument 3 of 'base64url_encode' differ in signedness [-Wpointer-sign]
  524 |             rv = base64url_encode(in_data, (unsigned long)in_len, out_data, &out_len);
      |                                                                   ^~~~~~~~
      |                                                                   |
      |                                                                   char *
In file included from /usr/include/tomcrypt.h:92,
                 from CryptX.xs:22:
/usr/include/tomcrypt_misc.h:23:40: note: expected 'unsigned char *' but argument is of type 'char *'
   23 |                         unsigned char *out, unsigned long *outlen);
      |                         ~~~~~~~~~~~~~~~^~~
CryptX.xs:526:64: warning: pointer targets in passing argument 3 of 'base64_encode' differ in signedness [-Wpointer-sign]
  526 |             rv = base64_encode(in_data, (unsigned long)in_len, out_data, &out_len);
      |                                                                ^~~~~~~~
      |                                                                |
      |                                                                char *
In file included from /usr/include/tomcrypt.h:92,
                 from CryptX.xs:22:
/usr/include/tomcrypt_misc.h:13:40: note: expected 'unsigned char *' but argument is of type 'char *'
   13 |                         unsigned char *out, unsigned long *outlen);
      |                         ~~~~~~~~~~~~~~~^~~
CryptX.xs: In function 'XS_Crypt__Misc_decode_b64':
CryptX.xs:560:18: warning: implicit declaration of function 'base64url_sane_decode'; did you mean 'base64url_strict_decode'? [-Wimplicit-function-declaration]
  560 |             rv = base64url_sane_decode(in_data, (unsigned long)in_len, out_data, &out_len);
      |                  ^~~~~~~~~~~~~~~~~~~~~
      |                  base64url_strict_decode
CryptX.xs:562:18: warning: implicit declaration of function 'base64_sane_decode'; did you mean 'base64url_decode'? [-Wimplicit-function-declaration]
  562 |             rv = base64_sane_decode(in_data, (unsigned long)in_len, out_data, &out_len);
      |                  ^~~~~~~~~~~~~~~~~~
      |                  base64url_decode
CryptX.xs: In function 'XS_Crypt__Misc_encode_b32r':
CryptX.xs:588:27: error: 'BASE32_RFC4648' undeclared (first use in this function)
  588 |         if (ix == 0) id = BASE32_RFC4648;
      |                           ^~~~~~~~~~~~~~
CryptX.xs:589:27: error: 'BASE32_BASE32HEX' undeclared (first use in this function)
  589 |         if (ix == 1) id = BASE32_BASE32HEX;
      |                           ^~~~~~~~~~~~~~~~
CryptX.xs:590:27: error: 'BASE32_ZBASE32' undeclared (first use in this function)
  590 |         if (ix == 2) id = BASE32_ZBASE32;
      |                           ^~~~~~~~~~~~~~
CryptX.xs:591:27: error: 'BASE32_CROCKFORD' undeclared (first use in this function)
  591 |         if (ix == 3) id = BASE32_CROCKFORD;
      |                           ^~~~~~~~~~~~~~~~
CryptX.xs:602:17: warning: implicit declaration of function 'base32_encode'; did you mean 'base64_encode'? [-Wimplicit-function-declaration]
  602 |           err = base32_encode(in_data, (unsigned long)in_len, out_data, &out_len, id);
      |                 ^~~~~~~~~~~~~
      |                 base64_encode
CryptX.xs: In function 'XS_Crypt__Misc_decode_b32r':
CryptX.xs:628:27: error: 'BASE32_RFC4648' undeclared (first use in this function)
  628 |         if (ix == 0) id = BASE32_RFC4648;
      |                           ^~~~~~~~~~~~~~
CryptX.xs:629:27: error: 'BASE32_BASE32HEX' undeclared (first use in this function)
  629 |         if (ix == 1) id = BASE32_BASE32HEX;
      |                           ^~~~~~~~~~~~~~~~
CryptX.xs:630:27: error: 'BASE32_ZBASE32' undeclared (first use in this function)
  630 |         if (ix == 2) id = BASE32_ZBASE32;
      |                           ^~~~~~~~~~~~~~
CryptX.xs:631:27: error: 'BASE32_CROCKFORD' undeclared (first use in this function)
  631 |         if (ix == 3) id = BASE32_CROCKFORD;
      |                           ^~~~~~~~~~~~~~~~
CryptX.xs:642:17: warning: implicit declaration of function 'base32_decode'; did you mean 'base64_decode'? [-Wimplicit-function-declaration]
  642 |           err = base32_decode(in_data, (unsigned long)in_len, out_data, &out_len, id);
      |                 ^~~~~~~~~~~~~
      |                 base64_decode

[..]

[xavierba]

I second this request, for the same reason.
I've been talking with @sjaeckel on irc about this already quite some time ago and afaiu some steps toward a release have been made, but it did not materialized yet.

[zqyzsj]

we also need a new release.

[ahmedibrahim6]

Hello all,

Is there a current development for the library or it stopped by the last release in 2018?
I hope @sjaeckel gives a current status for development. Thanks

[sjaeckel]

@babelouest could you please check whether we could still make it for debian 12 if we tagged either

• develop as it is?
  or
• the https://github.com/libtom/libtomcrypt/tree/add-pem-support branch?

I don't think so, but still asking whether it'd maybe be worth the effort...

[babelouest]

Hello @sjaeckel ,

I've tested both branches master and add-pem-support. They both build and package fine, and the autopkgtests pass too.

In the branch add-pem-support, I have some warnings but they don't make the build to fail since there seem to be the compile flag -Werror -Wall not present.

Both branches are in the salsa repo:

• https://salsa.debian.org/debian/libtomcrypt/-/tree/1.18.3.pem
• https://salsa.debian.org/debian/libtomcrypt/-/tree/1.18.3.dev

Do you want to run other tests with the debian package?

[sjaeckel]

I've tested both branches master and add-pem-support. They both build and package fine, and the autopkgtests pass too.

Cool, thanks.

Could you please check libtom/libtommath#418 (comment) and recreate what @dod38fr did with the two library versions? I'm nearly certain that ltc would also need an ABI major bump, which in turn would also mean that we won't be able to bring it to Bookworm!?

[babelouest]

Indeed, the symbols file will have a huge change, I haven't seen it yesterday. The library will probably need a transition process before migrating to testing.

Due to the timing, I'm not sure the new version will be available in Bookworm though, because it requires a new release, then the new package will need to go through the NEW queue process.

[dod38fr]

And no new transition will be possible after jan 12th due to first stage of freeze.

[mohamed-gradient]

@sjaeckel is there an upcoming release for libtomcrypt in the near future?

[0-wiz-0]

I'm also looking for a new release that includes the fix for CVE-2019-17362
(see #507)

[sjaeckel]

I will have a look next week.

[Neustradamus]

Dear @libtom team,

We are in 2024, the latest release build is 1.18.2 (2018-07-02) - 6 years, 2 moths soon:

• https://github.com/libtom/libtomcrypt/releases

It is time to create a new release build with CVE-2019-17362 fix!

Thanks in advance.

PS: Thanks to @kloczek for this ticket from 2021-04-19 - 3 years, 4 months already.

[sjaeckel]

FTR: even though @kloczek is right and this library should get a new release - I've blocked @Neustradamus from this organisation and all the others I have access to.

A short version of why: sjaeckel/sjaeckel.github.io#1