Update libgcrypt to 1.7.0.

Noteworthy changes in version 1.7.0 (2016-04-15)  [C21/A1/R0]
------------------------------------------------

 * New algorithms and modes:

   - SHA3-224, SHA3-256, SHA3-384, SHA3-512, and MD2 hash algorithms.

   - SHAKE128 and SHAKE256 extendable-output hash algorithms.

   - ChaCha20 stream cipher.

   - Poly1305 message authentication algorithm

   - ChaCha20-Poly1305 Authenticated Encryption with Associated Data
     mode.

   - OCB mode.

   - HMAC-MD2 for use by legacy applications.

 * New curves for ECC:

   - Curve25519.

   - sec256k1.

   - GOST R 34.10-2001 and GOST R 34.10-2012.

 * Performance:

   - Improved performance of KDF functions.

   - Assembler optimized implementations of Blowfish and Serpent on
     ARM.

   - Assembler optimized implementation of 3DES on x86.

   - Improved AES using the SSSE3 based vector permutation method by
     Mike Hamburg.

   - AVX/BMI is used for SHA-1 and SHA-256 on x86.  This is for SHA-1
     about 20% faster than SSSE3 and more than 100% faster than the
     generic C implementation.

   - 40% speedup for SHA-512 and 72% for SHA-1 on ARM Cortex-A8.

   - 60-90% speedup for Whirlpool on x86.

   - 300% speedup for RIPE MD-160.

   - Up to 11 times speedup for CRC functions on x86.

 * Other features:

   - Improved ECDSA and FIPS 186-4 compliance.

   - Support for Montgomery curves.

   - gcry_cipher_set_sbox to tweak S-boxes of the gost28147 cipher
     algorithm.

   - gcry_mpi_ec_sub to subtract two points on a curve.

   - gcry_mpi_ec_decode_point to decode an MPI into a point object.

   - Emulation for broken Whirlpool code prior to 1.6.0.  [from 1.6.1]

   - Flag "pkcs1-raw" to enable PCKS#1 padding with a user supplied
     hash part.

   - Parameter "saltlen" to set a non-default salt length for RSA PSS.

   - A SP800-90A conforming DRNG replaces the former X9.31 alternative
     random number generator.

   - Map deprecated RSA algo number to the RSA algo number for better
     backward compatibility. [from 1.6.2]

   - Use ciphertext blinding for Elgamal decryption [CVE-2014-3591].
     See http://www.cs.tau.ac.il/~tromer/radioexp/ for details.
     [from 1.6.3]

   - Fixed data-dependent timing variations in modular exponentiation
     [related to CVE-2015-0837, Last-Level Cache Side-Channel Attacks
      are Practical]. [from 1.6.3]

   - Flag "no-keytest" for ECC key generation.  Due to a bug in
     the parser that flag will also be accepted but ignored by older
     version of Libgcrypt. [from 1.6.4]

   - Speed up the random number generator by requiring less extra
     seeding. [from 1.6.4]

   - Always verify a created RSA signature to avoid private key leaks
     due to hardware failures. [from 1.6.4]

   - Mitigate side-channel attack on ECDH with Weierstrass curves
     [CVE-2015-7511].  See http://www.cs.tau.ac.IL/~tromer/ecdh/ for
     details. [from 1.6.5]

 * Internal changes:

   - Moved locking out to libgpg-error.

   - Support of the SYSROOT envvar in the build system.

   - Refactor some code.

   - The availability of a 64 bit integer type is now mandatory.

 * Bug fixes:

   - Fixed message digest lookup by OID (regression in 1.6.0).

   - Fixed a build problem on NetBSD

   - Fixed memory leaks in ECC code.

   - Fixed some asm build problems and feature detection bugs.

 * Interface changes relative to the 1.6.0 release:
   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   gcry_cipher_final               NEW macro.
   GCRY_CIPHER_MODE_CFB8           NEW constant.
   GCRY_CIPHER_MODE_OCB            NEW.
   GCRY_CIPHER_MODE_POLY1305       NEW.
   gcry_cipher_set_sbox            NEW macro.
   gcry_mac_get_algo               NEW.
   GCRY_MAC_HMAC_MD2               NEW.
   GCRY_MAC_HMAC_SHA3_224          NEW.
   GCRY_MAC_HMAC_SHA3_256          NEW.
   GCRY_MAC_HMAC_SHA3_384          NEW.
   GCRY_MAC_HMAC_SHA3_512          NEW.
   GCRY_MAC_POLY1305               NEW.
   GCRY_MAC_POLY1305_AES           NEW.
   GCRY_MAC_POLY1305_CAMELLIA      NEW.
   GCRY_MAC_POLY1305_SEED          NEW.
   GCRY_MAC_POLY1305_SERPENT       NEW.
   GCRY_MAC_POLY1305_TWOFISH       NEW.
   gcry_md_extract                 NEW.
   GCRY_MD_FLAG_BUGEMU1            NEW [from 1.6.1].
   GCRY_MD_GOSTR3411_CP            NEW.
   GCRY_MD_SHA3_224                NEW.
   GCRY_MD_SHA3_256                NEW.
   GCRY_MD_SHA3_384                NEW.
   GCRY_MD_SHA3_512                NEW.
   GCRY_MD_SHAKE128                NEW.
   GCRY_MD_SHAKE256                NEW.
   gcry_mpi_ec_decode_point        NEW.
   gcry_mpi_ec_sub                 NEW.
   GCRY_PK_EDDSA                   NEW constant.
   GCRYCTL_GET_TAGLEN              NEW.
   GCRYCTL_SET_SBOX                NEW.
   GCRYCTL_SET_TAGLEN              NEW.

3 files changed, 7 insertions, 27 deletions

diff --git a/security/libgcrypt/Makefile b/security/libgcrypt/Makefile
index 46f512269bc..2f584e05778 100644
--- a/security/libgcrypt/Makefile
+++ b/security/libgcrypt/Makefile
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.74 2016/02/11 13:36:37 wiz Exp $
+# $NetBSD: Makefile,v 1.75 2016/04/18 06:19:57 wiz Exp $
 
-DISTNAME=	libgcrypt-1.6.5
+DISTNAME=	libgcrypt-1.7.0
 CATEGORIES=	security
 MASTER_SITES=	ftp://ftp.gnupg.org/gcrypt/libgcrypt/ \
 		http://gd.tuwien.ac.at/privacy/gnupg/libgcrypt/
diff --git a/security/libgcrypt/distinfo b/security/libgcrypt/distinfo
index e290df8e789..c224aa54c8d 100644
--- a/security/libgcrypt/distinfo
+++ b/security/libgcrypt/distinfo
@@ -1,9 +1,8 @@
-$NetBSD: distinfo,v 1.62 2016/02/11 13:36:37 wiz Exp $
+$NetBSD: distinfo,v 1.63 2016/04/18 06:19:57 wiz Exp $
 
-SHA1 (libgcrypt-1.6.5.tar.bz2) = c3a5a13e717f7b3e3895650afc1b6e0d3fe9c726
-RMD160 (libgcrypt-1.6.5.tar.bz2) = 7ffba16503b355c7e274d7c043f2bee4eb56e150
-SHA512 (libgcrypt-1.6.5.tar.bz2) = 1b76640a68514369da3b6be51d66e7040b64d03eba68d6b0d1b1ba88336c9da3ef41b21170a9eb641dae5a36a7c53cb167e15c8da964a5a6793aec947afe91f4
-Size (libgcrypt-1.6.5.tar.bz2) = 2549601 bytes
+SHA1 (libgcrypt-1.7.0.tar.bz2) = f840b737faafded451a084ae143285ad68bbfb01
+RMD160 (libgcrypt-1.7.0.tar.bz2) = a3dd720acd67977bf0e2158b8a61bbe384c27356
+SHA512 (libgcrypt-1.7.0.tar.bz2) = 658eca9161d104b81c249dc47d9e4f2df58f26c63bd28ee9ad7a642fd84f09faddbde51e070bc923bfd54fb5785acf8ff2f0da244e6b497b57407f5f67c3574b
+Size (libgcrypt-1.7.0.tar.bz2) = 2840453 bytes
 SHA1 (patch-aa) = 3dd44b8745128a6788d24f9eb00002624a5fc52b
-SHA1 (patch-configure) = 69eff7ec09dbd7e90a408d68b3234e7dd2b31b4a
 SHA1 (patch-src_visibility.h) = 8cbbf6803ab34b4b7dda832aa8ee18247aa89518
diff --git a/security/libgcrypt/patches/patch-configure b/security/libgcrypt/patches/patch-configure
deleted file mode 100644
index b1d2baf3c4e..00000000000
--- a/security/libgcrypt/patches/patch-configure
+++ /dev/null
@@ -1,19 +0,0 @@
-$NetBSD: patch-configure,v 1.6 2015/09/14 14:58:49 wiz Exp $
-
-Fix build on Solaris 11.
-https://bugs.gnupg.org/gnupg/issue2102
-
---- configure.orig	2014-08-21 13:14:09.000000000 +0000
-+++ configure
-@@ -16481,6 +16531,11 @@ __asm__(
- 		"asmfunc:\n\t"
-                 ".size asmfunc,.-asmfunc;\n\t"
-                 ".type asmfunc,@function;\n\t"
-+                /* Test if assembler allows use of '/' for constant division
-+                 * (Solaris/x86 issue). If previous constant division check
-+                 * and "-Wa,--divide" workaround failed, this causes assembly
-+                 * to be disable on this machine. */
-+                 "xorl \$(123456789/12345678), %ebp;\n\t"
-             );
- _ACEOF
- if ac_fn_c_try_compile "$LINENO"; then :