Subject: CVS commit: pkgsrc/security/libdecaf
From: Santhosh Raju
Date: 2021-03-13 00:01:07
Message id: 20210312230107.7EE94FA95@cvs.NetBSD.org

Log Message:
security/libdecaf: Updates to v1.0.1

- Build scripts now depend on the sourceforce git repository directly.

Changes since v1.0.0:

October 10, 2020:
    A paper by Konstantinos Chalkias, François Garillot, and Valeria
    Nikolaenko, to be found at:

    https://eprint.iacr.org/2020/1244.pdf

    discusses malleability in EdDSA implementations.  Their test
    vectors reveal unintentional malleability in libdecaf's version
    of EdDSA verify, in violation of RFC 8032.  With this malleability,
    an attacker could modify an existing valid signature to create a
    new signature that is still valid, but only for the same message.

    Releave v1.0.1, correcting this flaw.

Additional changes generated from git commit logs:

- (tag: v1.0.1) Fix bug in ristretto elligator: it should be able to take \ 
improper field elements as input
- Fix malleability bug from https://eprint.iacr.org/2020/1244.pdf and add test \ 
vectors
- Optimize s^2 -> s2
- Dont double generator for Ed448RistrettoPoint
- Update ristretto.sage for python3. Also add Ed448RistrettoPoint for reference
- Add safer version of EdDSA signing API
- Fix issues when compiling on GCC 9.1
- Also remove X_SER_BYTES while were at it
- Remove gf_hibit, since it was a relic from p521 days
- Adds errno.eexist, remove hardcoded error value
- Tweak generated code message
- Fix flaky Python generator
- Add full RFC 8032 test vectors
- Change test scripts to avoid GCC warnings
- Minor changes. Bump version number in CMakeLists.txt

Files:
RevisionActionfile
1.4modifypkgsrc/security/libdecaf/Makefile
1.2modifypkgsrc/security/libdecaf/distinfo
1.1addpkgsrc/security/libdecaf/patches/patch-CMakeLists.txt