diff --git a/libsodium/CMakeLists.txt b/libsodium/CMakeLists.txt index a8fb24a1d4..11102e634c 100644 --- a/libsodium/CMakeLists.txt +++ b/libsodium/CMakeLists.txt @@ -40,10 +40,15 @@ set(srcs "${SRC}/crypto_hash/crypto_hash.c" "${SRC}/crypto_hash/sha256/hash_sha256.c" "${SRC}/crypto_hash/sha512/hash_sha512.c" + "${SRC}/crypto_hash/sha3/hash_sha3.c" "${SRC}/crypto_kdf/blake2b/kdf_blake2b.c" "${SRC}/crypto_kdf/crypto_kdf.c" "${SRC}/crypto_kdf/hkdf/kdf_hkdf_sha256.c" "${SRC}/crypto_kdf/hkdf/kdf_hkdf_sha512.c" + "${SRC}/crypto_kem/crypto_kem.c" + "${SRC}/crypto_kem/mlkem768/kem_mlkem768.c" + "${SRC}/crypto_kem/mlkem768/ref/kem_mlkem768_ref.c" + "${SRC}/crypto_kem/xwing/kem_xwing.c" "${SRC}/crypto_kx/crypto_kx.c" "${SRC}/crypto_onetimeauth/crypto_onetimeauth.c" "${SRC}/crypto_onetimeauth/poly1305/donna/poly1305_donna.c" @@ -153,6 +158,7 @@ target_compile_definitions(${COMPONENT_LIB} PRIVATE HAVE_WEAK_SYMBOLS __STDC_LIMIT_MACROS __STDC_CONSTANT_MACROS + __STDC_WANT_LIB_EXT1__=0 ) # patch around warnings in third-party files @@ -183,6 +189,16 @@ set_source_files_properties( -Wno-implicit-fallthrough ) +# Upstream libsodium 1.0.22 KEM sources define parameters as plain pointers +# while their headers declare them as fixed-size arrays, which trips +# -Werror=array-parameter on GCC >= 11. Suppress until fixed upstream. +set_source_files_properties( + ${SRC}/crypto_kem/mlkem768/kem_mlkem768.c + ${SRC}/crypto_kem/xwing/kem_xwing.c + PROPERTIES COMPILE_FLAGS + -Wno-array-parameter + ) + set_source_files_properties( ${SRC}/randombytes/randombytes.c PROPERTIES COMPILE_FLAGS diff --git a/libsodium/idf_component.yml b/libsodium/idf_component.yml index 01e2686673..e80067b20b 100644 --- a/libsodium/idf_component.yml +++ b/libsodium/idf_component.yml @@ -1,4 +1,4 @@ -version: "1.0.21" +version: "1.0.22" description: libsodium port to ESP url: https://github.com/espressif/idf-extra-components/tree/master/libsodium dependencies: diff --git a/libsodium/libsodium b/libsodium/libsodium index d24faf5621..77e1ce5d6d 160000 --- a/libsodium/libsodium +++ b/libsodium/libsodium @@ -1 +1 @@ -Subproject commit d24faf56214469b354b01c8ba36257e04737101e +Subproject commit 77e1ce5d6dee871c49ef211222ba18ef0c486bda diff --git a/libsodium/sbom_libsodium.yml b/libsodium/sbom_libsodium.yml index 52f91d7be7..f60c268364 100644 --- a/libsodium/sbom_libsodium.yml +++ b/libsodium/sbom_libsodium.yml @@ -1,10 +1,10 @@ name: libsodium -version: "1.0.21" +version: "1.0.22" cpe: cpe:2.3:a:jedisct1:libsodium:{}:*:*:*:*:*:*:* supplier: 'Person: Frank Denis (jedisct1)' description: A modern, portable, easy to use crypto library url: https://github.com/jedisct1/libsodium -hash: d24faf56214469b354b01c8ba36257e04737101e +hash: 77e1ce5d6dee871c49ef211222ba18ef0c486bda cve-exclude-list: - cve: CVE-2025-69277 reason: Resolved in version 1.0.21 with commit f2da4cd8cb26 diff --git a/libsodium/test_apps/main/CMakeLists.txt b/libsodium/test_apps/main/CMakeLists.txt index 1a48f036cf..fb0b09fd75 100644 --- a/libsodium/test_apps/main/CMakeLists.txt +++ b/libsodium/test_apps/main/CMakeLists.txt @@ -1,6 +1,6 @@ get_filename_component(LS_TESTDIR "${CMAKE_CURRENT_LIST_DIR}/../../libsodium/test/default" ABSOLUTE) -set(TEST_CASES "aead_aegis128l;aead_aegis256;chacha20;aead_chacha20poly1305;box;box2;ed25519_convert;sign;hash") +set(TEST_CASES "aead_aegis128l;aead_aegis256;chacha20;aead_chacha20poly1305;box;box2;ed25519_convert;sign;hash;kem;kem_mlkem768;kem_xwing") foreach(test_case ${TEST_CASES}) file(GLOB test_case_file "${LS_TESTDIR}/${test_case}.c") diff --git a/libsodium/test_apps/main/test_sodium.c b/libsodium/test_apps/main/test_sodium.c index 4d9ab37685..9f9e59ec26 100644 --- a/libsodium/test_apps/main/test_sodium.c +++ b/libsodium/test_apps/main/test_sodium.c @@ -58,6 +58,9 @@ LIBSODIUM_TEST(box2) LIBSODIUM_TEST(ed25519_convert) LIBSODIUM_TEST(hash) LIBSODIUM_TEST(sign) +LIBSODIUM_TEST(kem) +LIBSODIUM_TEST(kem_mlkem768) +LIBSODIUM_TEST(kem_xwing) TEST_CASE("sha256 sanity check", "[libsodium]")