Historically, the MD5 checksums in our LFS files serve as a protection
against broken downloads, or accidentally corrupted source files.
While the sources are nowadays downloaded via HTTPS, it make sense to
beef up integrity protection for them, since transparently intercepting
TLS is believed to be feasible for more powerful actors, and the state
of the public PKI ecosystem is clearly not helping.
Therefore, this patch switches from MD5 to BLAKE2, updating all LFS
files as well as make.sh to deal with this checksum algorithm. BLAKE2 is
notably faster (and more secure) than SHA2, so the performance penalty
introduced by this patch is negligible, if noticeable at all.
In preparation of this patch, the toolchain files currently used have
been supplied with BLAKE2 checksums as well on
https://source.ipfire.org/.
Cc: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Acked-by: Michael Tremer <michael.tremeripfire.org>
- Update from 3.7.2 to 3.7.3
- Update rootfile
- Changelog
2021-05-22 Niels Möller <nisse@lysator.liu.se>
* configure.ac: Bump package version, to 3.7.3.
(LIBNETTLE_MINOR): Bump minor number, to 8.4.
(LIBHOGWEED_MINOR): Bump minor number, to 6.4.
2021-05-17 Niels Möller <nisse@lysator.liu.se>
* rsa-decrypt-tr.c (rsa_decrypt_tr): Check up-front that input is
in range.
* rsa-sec-decrypt.c (rsa_sec_decrypt): Likewise.
* rsa-decrypt.c (rsa_decrypt): Likewise.
* testsuite/rsa-encrypt-test.c (test_main): Add tests with input > n.
2021-05-14 Niels Möller <nisse@lysator.liu.se>
* rsa-sign-tr.c (rsa_sec_blind): Delete mn argument.
(_rsa_sec_compute_root_tr): Delete mn argument, instead require
that input size matches key size. Rearrange use of temporary
storage, to support in-place operation, x == m. Update all
callers.
* rsa-decrypt-tr.c (rsa_decrypt_tr): Make zero-padded copy of
input, for calling _rsa_sec_compute_root_tr.
* rsa-sec-decrypt.c (rsa_sec_decrypt): Likewise.
* testsuite/rsa-encrypt-test.c (test_main): Test calling all of
rsa_decrypt, rsa_decrypt_tr, and rsa_sec_decrypt with zero input.
2021-05-06 Niels Möller <nisse@lysator.liu.se>
* pkcs1-sec-decrypt.c (_pkcs1_sec_decrypt): Check that message
length is valid, for given key size.
* testsuite/rsa-sec-decrypt-test.c (test_main): Add test cases for
calls to rsa_sec_decrypt specifying a too large message length.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
For details see:
https://lists.gnu.org/archive/html/info-gnu/2021-03/msg00005.html
"This is a bugfix release, fixing a bug in ECDSA signature
verification that could lead to a denial of service attack
(via an assertion failure) or possibly incorrect results. It
also fixes a few related problems where scalars are required
to be canonically reduced modulo the ECC group order, but in
fact may be slightly larger.
Upgrading to the new version is strongly recommended."
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Most of these files still used old dates and/or domain names for contact
mail addresses. This is now replaced by an up-to-date copyright line.
Just some housekeeping... :-)
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
