From 292856273c8fded86ec2ebc7e6b213cc66ba6bc6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= <besser82@fedoraproject.org>
Date: Tue, 8 Nov 2022 08:40:40 +0100
Subject: [PATCH] Backport some upstream patches for fixes and optimizations

---
 ...-warning-about-truncating-conversion.patch | 29 +++++++++
 ...-2-Maj-optimization-proposed-by-Wei-.patch | 63 +++++++++++++++++++
 ...allback.c-Fix-OVERRUN-found-by-Covsc.patch | 56 +++++++++++++++++
 libxcrypt.spec                                |  8 ++-
 4 files changed, 155 insertions(+), 1 deletion(-)
 create mode 100644 0002-Fix-warning-about-truncating-conversion.patch
 create mode 100644 0003-alg-sha256.c-SHA-2-Maj-optimization-proposed-by-Wei-.patch
 create mode 100644 0004-test-getrandom-fallback.c-Fix-OVERRUN-found-by-Covsc.patch

diff --git a/0002-Fix-warning-about-truncating-conversion.patch b/0002-Fix-warning-about-truncating-conversion.patch
new file mode 100644
index 0000000..10c2e03
--- /dev/null
+++ b/0002-Fix-warning-about-truncating-conversion.patch
@@ -0,0 +1,29 @@
+From 239664bf18fc2bc093d8dbaa1fb0a0307651897f Mon Sep 17 00:00:00 2001
+From: Moinak Bhattacharyya <moinakb001@gmail.com>
+Date: Mon, 7 Nov 2022 03:40:23 -0600
+Subject: [PATCH 2/4] Fix warning about truncating conversion
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Signed-off-by: Björn Esser <besser82@fedoraproject.org>
+---
+ lib/alg-yescrypt-opt.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/alg-yescrypt-opt.c b/lib/alg-yescrypt-opt.c
+index 60a6ccd..dacc73b 100644
+--- a/lib/alg-yescrypt-opt.c
++++ b/lib/alg-yescrypt-opt.c
+@@ -514,7 +514,7 @@ static volatile uint64_t Smask2var = Smask2;
+ #define PWXFORM_SIMD(X) { \
+ 	uint64_t x; \
+ 	FORCE_REGALLOC_1 \
+-	uint32_t lo = x = EXTRACT64(X) & Smask2reg; \
++	uint32_t lo = (uint32_t)(x = EXTRACT64(X) & Smask2reg); \
+ 	FORCE_REGALLOC_2 \
+ 	uint32_t hi = x >> 32; \
+ 	X = _mm_mul_epu32(HI32(X), X); \
+-- 
+2.38.1
+
diff --git a/0003-alg-sha256.c-SHA-2-Maj-optimization-proposed-by-Wei-.patch b/0003-alg-sha256.c-SHA-2-Maj-optimization-proposed-by-Wei-.patch
new file mode 100644
index 0000000..7b5a0ba
--- /dev/null
+++ b/0003-alg-sha256.c-SHA-2-Maj-optimization-proposed-by-Wei-.patch
@@ -0,0 +1,63 @@
+From bb1721800932268a537c804a4b7655af8c62d5e8 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= <besser82@fedoraproject.org>
+Date: Mon, 7 Nov 2022 11:32:38 +0100
+Subject: [PATCH 3/4] alg-sha256.c: SHA-2 Maj() optimization proposed by Wei
+ Dai.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This patch has been cherry-picked from:
+https://github.com/openwall/yescrypt/commit/9edf51061b45
+
+Signed-off-by: Björn Esser <besser82@fedoraproject.org>
+---
+ lib/alg-sha256.c | 12 +++++++++---
+ 1 file changed, 9 insertions(+), 3 deletions(-)
+
+diff --git a/lib/alg-sha256.c b/lib/alg-sha256.c
+index f448e4f..f83a4e1 100644
+--- a/lib/alg-sha256.c
++++ b/lib/alg-sha256.c
+@@ -1,6 +1,6 @@
+ /*-
+  * Copyright 2005-2016 Colin Percival
+- * Copyright 2016-2018 Alexander Peslyak
++ * Copyright 2016-2018,2021 Alexander Peslyak
+  * All rights reserved.
+  *
+  * Redistribution and use in source and binary forms, with or without
+@@ -65,7 +65,11 @@ static const uint32_t Krnd[64] = {
+ 
+ /* Elementary functions used by SHA256 */
+ #define Ch(x, y, z)	((x & (y ^ z)) ^ z)
+-#define Maj(x, y, z)	((x & (y | z)) | (y & z))
++#if 1 /* Explicit caching/reuse of common subexpression between rounds */
++#define Maj(x, y, z)	(y ^ ((x_xor_y = x ^ y) & y_xor_z))
++#else /* Let the compiler cache/reuse or not */
++#define Maj(x, y, z)	(y ^ ((x ^ y) & (y ^ z)))
++#endif
+ #define SHR(x, n)	(x >> n)
+ #define ROTR(x, n)	((x >> n) | (x << (32 - n)))
+ #define S0(x)		(ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22))
+@@ -77,7 +81,8 @@ static const uint32_t Krnd[64] = {
+ #define RND(a, b, c, d, e, f, g, h, k)			\
+ 	h += S1(e) + Ch(e, f, g) + k;			\
+ 	d += h;						\
+-	h += S0(a) + Maj(a, b, c);
++	h += S0(a) + Maj(a, b, c);			\
++	y_xor_z = x_xor_y;
+ 
+ /* Adjusted round function for rotating state */
+ #define RNDr(S, W, i, ii)			\
+@@ -110,6 +115,7 @@ SHA256_Transform(uint32_t state[static restrict 8],
+ 
+ 	/* 3. Mix. */
+ 	for (i = 0; i <= 48; i += 16) {
++		uint32_t x_xor_y, y_xor_z = S[(65 - i) % 8] ^ S[(66 - i) % 8];
+ 		RNDr(S, W, 0, i);
+ 		RNDr(S, W, 1, i);
+ 		RNDr(S, W, 2, i);
+-- 
+2.38.1
+
diff --git a/0004-test-getrandom-fallback.c-Fix-OVERRUN-found-by-Covsc.patch b/0004-test-getrandom-fallback.c-Fix-OVERRUN-found-by-Covsc.patch
new file mode 100644
index 0000000..25a354b
--- /dev/null
+++ b/0004-test-getrandom-fallback.c-Fix-OVERRUN-found-by-Covsc.patch
@@ -0,0 +1,56 @@
+From a2dcf74fce24aeba2a7e191a4b294b8f9622a3a8 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= <besser82@fedoraproject.org>
+Date: Tue, 8 Nov 2022 07:41:00 +0100
+Subject: [PATCH 4/4] test/getrandom-fallback.c: Fix 'OVERRUN' found by
+ Covscan.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+CWE-119: Out-of-bounds access to a buffer (OVERRUN)
+
+overrun-buffer-arg: Calling memset with buf and buflen is suspicious
+because of the very large index, 9223372036854775807.  The index may
+be due to a negative parameter being interpreted as unsigned.
+
+Limiting buflen to INT16_MAX is big enough for our purposes.
+
+Signed-off-by: Björn Esser <besser82@fedoraproject.org>
+---
+ test/getrandom-fallbacks.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/test/getrandom-fallbacks.c b/test/getrandom-fallbacks.c
+index bd97667..b124c18 100644
+--- a/test/getrandom-fallbacks.c
++++ b/test/getrandom-fallbacks.c
+@@ -77,7 +77,7 @@ __wrap_getrandom (void *buf, size_t buflen, unsigned int ARG_UNUSED(flags))
+     }
+   else
+     {
+-      buflen = MIN (buflen, SSIZE_MAX);
++      buflen = MIN (buflen, INT16_MAX);
+       memset (buf, MOCK_getrandom, buflen);
+       return (ssize_t)buflen;
+     }
+@@ -130,7 +130,7 @@ __wrap_syscall(long number, ...)
+           va_start (ap, number);
+           void *buf = va_arg (ap, void *);
+           size_t buflen = va_arg (ap, size_t);
+-          buflen = MIN (buflen, SSIZE_MAX);
++          buflen = MIN (buflen, INT16_MAX);
+           va_end (ap);
+           memset (buf, MOCK_sys_getrandom, buflen);
+           return (ssize_t)buflen;
+@@ -205,7 +205,7 @@ __wrap_read (int fd, void *buf, size_t count)
+         }
+       else
+         {
+-          count = MIN (count, SSIZE_MAX);
++          count = MIN (count, INT16_MAX);
+           memset (buf, MOCK_urandom, count);
+           return (ssize_t)count;
+         }
+-- 
+2.38.1
+
diff --git a/libxcrypt.spec b/libxcrypt.spec
index 3f21f34..c5762e7 100644
--- a/libxcrypt.spec
+++ b/libxcrypt.spec
@@ -158,7 +158,7 @@ fi                                          \
 
 Name:           libxcrypt
 Version:        4.4.30
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        Extended crypt library for descrypt, md5crypt, bcrypt, and others
 
 # For explicit license breakdown, see the
@@ -171,6 +171,9 @@ Source2:        %{url}/releases/download/v%{version}/%{name}-gpgkey.gpg
 Source3:        %{url}/releases/download/v%{version}/%{name}-%{version}.tar.xz.sha256sum
 
 # Patch 0000 - 2999: Backported patches from upstream.
+Patch0000:      0002-Fix-warning-about-truncating-conversion.patch
+Patch0001:      0003-alg-sha256.c-SHA-2-Maj-optimization-proposed-by-Wei-.patch
+Patch0002:      0004-test-getrandom-fallback.c-Fix-OVERRUN-found-by-Covsc.patch
 
 # Patch 3000 - 5999: Backported patches from pull requests.
 
@@ -551,6 +554,9 @@ done
 
 
 %changelog
+* Tue Nov 08 2022 Björn Esser <besser82@fedoraproject.org> - 4.4.30-2
+- Backport some upstream patches for fixes and optimizations
+
 * Tue Nov 01 2022 Björn Esser <besser82@fedoraproject.org> - 4.4.30-1
 - New upstream release