rpms/libxcrypt
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Drop patches applied in upstream tarball

Browse Source
This commit is contained in:
Björn Esser 2018-12-07 00:19:13 +01:00
parent 75a14f7ca3
commit 710a9da1de
No known key found for this signature in database
GPG Key ID: F52E98007594C21D
8 changed files with 0 additions and 738 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

359
libxcrypt-4.4.0-buildflags_-fno-plt.patch
View File

@ -1,359 +0,0 @@
From 4b4aaa2241aa8b8d52e78cbf486acb0d8cb1e67d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= <besser82@fedoraproject.org>
Date: Sun, 2 Dec 2018 13:37:03 +0100
Subject: [PATCH] Add -fno-plt to the compiler flags, if supported. (#71)
Do not use the PLT for external function calls in position-independent
code. Instead, load the callee address at call sites from the GOT and
branch to it. This leads to more efficient code by eliminating PLT
stubs and exposing GOT loads to optimizations.
Since we are already using -Wl,-z,now to disable lazy binding, the only
downside (on x86-64) is that call instructions targeting C library
functions are now six bytes each, instead of five bytes.
Closes: #71
---
LICENSING | 9 ++++++
Makefile.am | 2 +-
configure.ac | 7 +++++
m4/ax_append_compile_flags.m4 | 46 ++++++++++++++++++++++++++++++
m4/ax_append_flag.m4 | 50 +++++++++++++++++++++++++++++++++
m4/ax_check_compile_flag.m4 | 53 +++++++++++++++++++++++++++++++++++
m4/ax_require_defined.m4 | 37 ++++++++++++++++++++++++
m4/zw_simple_warnings.m4 | 44 ++---------------------------
8 files changed, 205 insertions(+), 43 deletions(-)
create mode 100644 m4/ax_append_compile_flags.m4
create mode 100644 m4/ax_append_flag.m4
create mode 100644 m4/ax_check_compile_flag.m4
create mode 100644 m4/ax_require_defined.m4
diff --git a/LICENSING b/LICENSING
index 152ed4c..51155ee 100644
--- a/LICENSING
+++ b/LICENSING
@@ -88,6 +88,15 @@ source tree. For specific licensing terms consult the files themselves.
* Copyright Kevin Cernekee; BSD alike:
m4/ax_check_vscript.m4
+ * Copyright Maarten Bosmans; BSD alike:
+ m4/ax_append_compile_flags.m4
+
+ * Copyright Guido U. Draheim, Maarten Bosmans; BSD alike:
+ m4/ax_append_flag.m4, m4/ax_check_compile_flag.m4
+
+ * Copyright Mike Frysinger; BSD alike:
+ m4/ax_require_defined.m4
+
* Copyright Scott James Remnant, Dan Nicholson;
GPL (v2 or later), with Autoconf exception:
m4/pkg_installdir_compat.m4
diff --git a/Makefile.am b/Makefile.am
index 72dfb33..1bfb457 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -9,7 +9,7 @@ AUTOMAKE_OPTIONS = \
ACLOCAL_AMFLAGS = -I m4
-AM_CFLAGS = $(WARN_CFLAGS)
+AM_CFLAGS = $(WARN_CFLAGS) $(OPTI_FLAGS)
@VALGRIND_CHECK_RULES@
diff --git a/configure.ac b/configure.ac
index 063126a..a99f7b6 100644
--- a/configure.ac
+++ b/configure.ac
@@ -168,6 +168,13 @@ if test "x$ac_cv_ld_no_textrel" != xunknown; then
fi
AC_SUBST([TEXT_RELOC_FLAG])
+# FIXME: This only checks whether the compiler accepts -fno-plt.
+# It doesn't check that the switch actually does what we want it to do.
+AX_APPEND_COMPILE_FLAGS([-fno-plt], [OPTI_FLAGS])
+
+# Export compiler flags for optimization.
+AC_SUBST([OPTI_FLAGS])
+
# Checks for library functions.
AC_CHECK_FUNCS_ONCE([
arc4random_buf
diff --git a/m4/ax_append_compile_flags.m4 b/m4/ax_append_compile_flags.m4
new file mode 100644
index 0000000..9c85635
--- /dev/null
+++ b/m4/ax_append_compile_flags.m4
@@ -0,0 +1,46 @@
+# ============================================================================
+# https://www.gnu.org/software/autoconf-archive/ax_append_compile_flags.html
+# ============================================================================
+#
+# SYNOPSIS
+#
+# AX_APPEND_COMPILE_FLAGS([FLAG1 FLAG2 ...], [FLAGS-VARIABLE], [EXTRA-FLAGS], [INPUT])
+#
+# DESCRIPTION
+#
+# For every FLAG1, FLAG2 it is checked whether the compiler works with the
+# flag. If it does, the flag is added FLAGS-VARIABLE
+#
+# If FLAGS-VARIABLE is not specified, the current language's flags (e.g.
+# CFLAGS) is used. During the check the flag is always added to the
+# current language's flags.
+#
+# If EXTRA-FLAGS is defined, it is added to the current language's default
+# flags (e.g. CFLAGS) when the check is done. The check is thus made with
+# the flags: "CFLAGS EXTRA-FLAGS FLAG". This can for example be used to
+# force the compiler to issue an error when a bad flag is given.
+#
+# INPUT gives an alternative input source to AC_COMPILE_IFELSE.
+#
+# NOTE: This macro depends on the AX_APPEND_FLAG and
+# AX_CHECK_COMPILE_FLAG. Please keep this macro in sync with
+# AX_APPEND_LINK_FLAGS.
+#
+# LICENSE
+#
+# Copyright (c) 2011 Maarten Bosmans <mkbosmans@gmail.com>
+#
+# Copying and distribution of this file, with or without modification, are
+# permitted in any medium without royalty provided the copyright notice
+# and this notice are preserved. This file is offered as-is, without any
+# warranty.
+
+#serial 7
+
+AC_DEFUN([AX_APPEND_COMPILE_FLAGS],
+[AX_REQUIRE_DEFINED([AX_CHECK_COMPILE_FLAG])
+AX_REQUIRE_DEFINED([AX_APPEND_FLAG])
+for flag in $1; do
+ AX_CHECK_COMPILE_FLAG([$flag], [AX_APPEND_FLAG([$flag], [$2])], [], [$3], [$4])
+done
+])dnl AX_APPEND_COMPILE_FLAGS
diff --git a/m4/ax_append_flag.m4 b/m4/ax_append_flag.m4
new file mode 100644
index 0000000..dd6d8b6
--- /dev/null
+++ b/m4/ax_append_flag.m4
@@ -0,0 +1,50 @@
+# ===========================================================================
+# https://www.gnu.org/software/autoconf-archive/ax_append_flag.html
+# ===========================================================================
+#
+# SYNOPSIS
+#
+# AX_APPEND_FLAG(FLAG, [FLAGS-VARIABLE])
+#
+# DESCRIPTION
+#
+# FLAG is appended to the FLAGS-VARIABLE shell variable, with a space
+# added in between.
+#
+# If FLAGS-VARIABLE is not specified, the current language's flags (e.g.
+# CFLAGS) is used. FLAGS-VARIABLE is not changed if it already contains
+# FLAG. If FLAGS-VARIABLE is unset in the shell, it is set to exactly
+# FLAG.
+#
+# NOTE: Implementation based on AX_CFLAGS_GCC_OPTION.
+#
+# LICENSE
+#
+# Copyright (c) 2008 Guido U. Draheim <guidod@gmx.de>
+# Copyright (c) 2011 Maarten Bosmans <mkbosmans@gmail.com>
+#
+# Copying and distribution of this file, with or without modification, are
+# permitted in any medium without royalty provided the copyright notice
+# and this notice are preserved. This file is offered as-is, without any
+# warranty.
+
+#serial 8
+
+AC_DEFUN([AX_APPEND_FLAG],
+[dnl
+AC_PREREQ(2.64)dnl for _AC_LANG_PREFIX and AS_VAR_SET_IF
+AS_VAR_PUSHDEF([FLAGS], [m4_default($2,_AC_LANG_PREFIX[FLAGS])])
+AS_VAR_SET_IF(FLAGS,[
+ AS_CASE([" AS_VAR_GET(FLAGS) "],
+ [*" $1 "*], [AC_RUN_LOG([: FLAGS already contains $1])],
+ [
+ AS_VAR_APPEND(FLAGS,[" $1"])
+ AC_RUN_LOG([: FLAGS="$FLAGS"])
+ ])
+ ],
+ [
+ AS_VAR_SET(FLAGS,[$1])
+ AC_RUN_LOG([: FLAGS="$FLAGS"])
+ ])
+AS_VAR_POPDEF([FLAGS])dnl
+])dnl AX_APPEND_FLAG
diff --git a/m4/ax_check_compile_flag.m4 b/m4/ax_check_compile_flag.m4
new file mode 100644
index 0000000..bd753b3
--- /dev/null
+++ b/m4/ax_check_compile_flag.m4
@@ -0,0 +1,53 @@
+# ===========================================================================
+# https://www.gnu.org/software/autoconf-archive/ax_check_compile_flag.html
+# ===========================================================================
+#
+# SYNOPSIS
+#
+# AX_CHECK_COMPILE_FLAG(FLAG, [ACTION-SUCCESS], [ACTION-FAILURE], [EXTRA-FLAGS], [INPUT])
+#
+# DESCRIPTION
+#
+# Check whether the given FLAG works with the current language's compiler
+# or gives an error. (Warnings, however, are ignored)
+#
+# ACTION-SUCCESS/ACTION-FAILURE are shell commands to execute on
+# success/failure.
+#
+# If EXTRA-FLAGS is defined, it is added to the current language's default
+# flags (e.g. CFLAGS) when the check is done. The check is thus made with
+# the flags: "CFLAGS EXTRA-FLAGS FLAG". This can for example be used to
+# force the compiler to issue an error when a bad flag is given.
+#
+# INPUT gives an alternative input source to AC_COMPILE_IFELSE.
+#
+# NOTE: Implementation based on AX_CFLAGS_GCC_OPTION. Please keep this
+# macro in sync with AX_CHECK_{PREPROC,LINK}_FLAG.
+#
+# LICENSE
+#
+# Copyright (c) 2008 Guido U. Draheim <guidod@gmx.de>
+# Copyright (c) 2011 Maarten Bosmans <mkbosmans@gmail.com>
+#
+# Copying and distribution of this file, with or without modification, are
+# permitted in any medium without royalty provided the copyright notice
+# and this notice are preserved. This file is offered as-is, without any
+# warranty.
+
+#serial 6
+
+AC_DEFUN([AX_CHECK_COMPILE_FLAG],
+[AC_PREREQ(2.64)dnl for _AC_LANG_PREFIX and AS_VAR_IF
+AS_VAR_PUSHDEF([CACHEVAR],[ax_cv_check_[]_AC_LANG_ABBREV[]flags_$4_$1])dnl
+AC_CACHE_CHECK([whether _AC_LANG compiler accepts $1], CACHEVAR, [
+ ax_check_save_flags=$[]_AC_LANG_PREFIX[]FLAGS
+ _AC_LANG_PREFIX[]FLAGS="$[]_AC_LANG_PREFIX[]FLAGS $4 $1"
+ AC_COMPILE_IFELSE([m4_default([$5],[AC_LANG_PROGRAM()])],
+ [AS_VAR_SET(CACHEVAR,[yes])],
+ [AS_VAR_SET(CACHEVAR,[no])])
+ _AC_LANG_PREFIX[]FLAGS=$ax_check_save_flags])
+AS_VAR_IF(CACHEVAR,yes,
+ [m4_default([$2], :)],
+ [m4_default([$3], :)])
+AS_VAR_POPDEF([CACHEVAR])dnl
+])dnl AX_CHECK_COMPILE_FLAGS
diff --git a/m4/ax_require_defined.m4 b/m4/ax_require_defined.m4
new file mode 100644
index 0000000..17c3eab
--- /dev/null
+++ b/m4/ax_require_defined.m4
@@ -0,0 +1,37 @@
+# ===========================================================================
+# https://www.gnu.org/software/autoconf-archive/ax_require_defined.html
+# ===========================================================================
+#
+# SYNOPSIS
+#
+# AX_REQUIRE_DEFINED(MACRO)
+#
+# DESCRIPTION
+#
+# AX_REQUIRE_DEFINED is a simple helper for making sure other macros have
+# been defined and thus are available for use. This avoids random issues
+# where a macro isn't expanded. Instead the configure script emits a
+# non-fatal:
+#
+# ./configure: line 1673: AX_CFLAGS_WARN_ALL: command not found
+#
+# It's like AC_REQUIRE except it doesn't expand the required macro.
+#
+# Here's an example:
+#
+# AX_REQUIRE_DEFINED([AX_CHECK_LINK_FLAG])
+#
+# LICENSE
+#
+# Copyright (c) 2014 Mike Frysinger <vapier@gentoo.org>
+#
+# Copying and distribution of this file, with or without modification, are
+# permitted in any medium without royalty provided the copyright notice
+# and this notice are preserved. This file is offered as-is, without any
+# warranty.
+
+#serial 2
+
+AC_DEFUN([AX_REQUIRE_DEFINED], [dnl
+ m4_ifndef([$1], [m4_fatal([macro ]$1[ is not defined; is a m4 file missing?])])
+])dnl AX_REQUIRE_DEFINED
diff --git a/m4/zw_simple_warnings.m4 b/m4/zw_simple_warnings.m4
index 75ca300..cfdf9e9 100644
--- a/m4/zw_simple_warnings.m4
+++ b/m4/zw_simple_warnings.m4
@@ -26,51 +26,10 @@ dnl This is a cut-down version of the elaborate thing in the extras
dnl archive, which we do not need nearly all of.
dnl
dnl Partly based on:
-dnl https://www.gnu.org/software/autoconf-archive/ax_append_flag.html
-dnl https://www.gnu.org/software/autoconf-archive/ax_check_compile_flag.html
-dnl https://www.gnu.org/software/autoconf-archive/ax_append_compile_flags.html
dnl https://www.gnu.org/software/autoconf-archive/ax_compiler_flags_cflags.html
AC_PREREQ(2.64)dnl for _AC_LANG_PREFIX and AS_VAR_IF
-AC_DEFUN([AX_CHECK_COMPILE_FLAG],
-[AS_VAR_PUSHDEF([CACHEVAR],[ax_cv_[]_AC_LANG_ABBREV[]_flags_$4_$1])dnl
-AC_CACHE_CHECK([whether _AC_LANG compiler accepts $1], CACHEVAR, [
- ax_check_save_flags=$[]_AC_LANG_PREFIX[]FLAGS
- _AC_LANG_PREFIX[]FLAGS="$[]_AC_LANG_PREFIX[]FLAGS $4 $1"
- AC_COMPILE_IFELSE([m4_default([$5],[AC_LANG_PROGRAM()])],
- [AS_VAR_SET(CACHEVAR,[yes])],
- [AS_VAR_SET(CACHEVAR,[no])])
- _AC_LANG_PREFIX[]FLAGS=$ax_check_save_flags])
-AS_VAR_IF(CACHEVAR,yes,
- [m4_default([$2], :)],
- [m4_default([$3], :)])
-AS_VAR_POPDEF([CACHEVAR])])
-
-AC_DEFUN([AX_APPEND_FLAG],
-[AS_VAR_PUSHDEF([FLAGS], [m4_default($2,_AC_LANG_PREFIX[FLAGS])])
-AS_VAR_SET_IF(FLAGS,[
- AS_CASE([" AS_VAR_GET(FLAGS) "],
- [*" $1 "*], [AC_RUN_LOG([: FLAGS already contains $1])],
- [
- AS_VAR_APPEND(FLAGS,[" $1"])
- AC_RUN_LOG([: FLAGS="$FLAGS"])
- ])
- ],
- [
- AS_VAR_SET(FLAGS,[$1])
- AC_RUN_LOG([: FLAGS="$FLAGS"])
- ])
-AS_VAR_POPDEF([FLAGS])dnl
-])dnl AX_APPEND_FLAG
-
-AC_DEFUN([AX_APPEND_COMPILE_FLAGS],
-[for flag in $1; do
- AX_CHECK_COMPILE_FLAG([$flag],
- [AX_APPEND_FLAG([$flag], [$2])], [], [$3], [$4])
-done
-])
-
AC_DEFUN([zw_SIMPLE_ENABLE_WARNINGS],
[
AC_ARG_ENABLE(
@@ -170,9 +129,10 @@ AC_ARG_ENABLE(
[$ax_candidate_warnings], [WARN_CFLAGS_FOR_BUILD],
[$ax_compiler_flags_test])
-
popdef([_AC_LANG_ABBREV])
+ AC_SUBST(WARN_CFLAGS_FOR_BUILD)
+
cross_compiling=$save_cross_compiling
ac_tool_prefix=$save_ac_tool_prefix
CC="$save_CC"

22
libxcrypt-4.4.0-fix_manual-page-warning_list-type-stack0.patch
View File

@ -1,22 +0,0 @@
From a60130b2211c6666bee69051b2b76413af2d679f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= <besser82@fedoraproject.org>
Date: Tue, 20 Nov 2018 10:51:10 +0100
Subject: [PATCH] Fix manual-page-warning: macro `list-type-stack0' not
defined.
---
crypt_preferred_method.3 | 1 -
1 file changed, 1 deletion(-)
diff --git a/crypt_preferred_method.3 b/crypt_preferred_method.3
index 71f494c..b26656a 100644
--- a/crypt_preferred_method.3
+++ b/crypt_preferred_method.3
@@ -37,7 +37,6 @@ safe to pass the string returned by
directly to
.Nm crypt_gensalt
without prior string-sanitizing nor NULL-pointer checks.
-.El
.Sh FEATURE TEST MACROS
.In crypt.h
will define the macro

22
libxcrypt-4.4.0-set_minimum_rbytes_for_NT_to_2.patch
View File

@ -1,22 +0,0 @@
From f6fe5e6faf4a681984e5bb9d830c8006bba8dab7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= <besser82@fedoraproject.org>
Date: Wed, 21 Nov 2018 19:05:16 +0100
Subject: [PATCH] Set minimum rbytes for NT to 2.
---
hashes.lst | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hashes.lst b/hashes.lst
index eb46e14..d8e2ccc 100644
--- a/hashes.lst
+++ b/hashes.lst
@@ -51,7 +51,7 @@ sha256crypt $5$ 15 GLIBC,FREEBSD,SOLARIS
sha1crypt $sha1 20 NETBSD
sunmd5 $md5 8 SOLARIS
md5crypt $1$ 9 GLIBC,FREEBSD,NETBSD,OPENBSD,SOLARIS
-nt $3$ 7 FREEBSD
+nt $3$ 2 FREEBSD
bsdicrypt _ 3 FREEBSD,NETBSD,OPENBSD,OSX
bigcrypt : 2 :
descrypt : 2 GLIBC,FREEBSD,NETBSD,OPENBSD,SOLARIS,OSX

80
libxcrypt-4.4.0-test-crypt-gost-yescrypt_fix_static_pointer_memory_leak.patch
View File

@ -1,80 +0,0 @@
From 176151db6c456c41be12f7d3a6338559d767cf9b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= <besser82@fedoraproject.org>
Date: Tue, 4 Dec 2018 15:33:04 +0100
Subject: [PATCH] Fix memory leak from static pointer in
test-crypt-gost-yescrypt.c.
---
test-crypt-gost-yescrypt.c | 29 +++++++++++++++++++----------
1 file changed, 19 insertions(+), 10 deletions(-)
diff --git a/test-crypt-gost-yescrypt.c b/test-crypt-gost-yescrypt.c
index c3263d5..39e03e1 100644
--- a/test-crypt-gost-yescrypt.c
+++ b/test-crypt-gost-yescrypt.c
@@ -74,7 +74,7 @@ test_crypt (const char *p, const char *s, const char *m)
}
static int
-test_crypt_raw (int m, int p, int s)
+test_crypt_raw (int m, int p, int s, char **a, size_t *a_size)
{
char output[CRYPT_OUTPUT_SIZE];
char pass[CRYPT_MAX_PASSPHRASE_SIZE];
@@ -101,18 +101,16 @@ test_crypt_raw (int m, int p, int s)
return 1;
}
char *h = strrchr (output, '$') + 1;
- static char *a = NULL;
- static size_t a_size = 0;
- if (a && strstr (a, h))
+ if (*a && strstr (*a, h))
{
fprintf (stderr, "ERROR: duplicated hash %s\n", output);
return 1;
}
size_t len = strlen(h);
- a = realloc (a, a_size + len + 1);
- strcpy (a + a_size, h);
- a_size += len;
- a[a_size] = '\0';
+ *a = realloc (*a, *a_size + len + 1);
+ strcpy (*a + *a_size, h);
+ *a_size += len;
+ (*a)[*a_size] = '\0';
return 0;
}
@@ -163,12 +161,19 @@ main (void)
int m, pp, ss;
int etest = 0;
+ char **a = malloc (sizeof (char*));
+ size_t *a_size = malloc (sizeof (size_t));
+
+ *a = malloc (sizeof (char));
+ (*a)[0] = '\0';
+ *a_size = 0;
+
for (m = 1; m < 3; m++)
{
for (pp = 0; pp < 22; pp++)
- etest |= test_crypt_raw (m, pp, 0);
+ etest |= test_crypt_raw (m, pp, 0, a, a_size);
for (ss = 0; ss < 22; ss++)
- etest |= test_crypt_raw (m, pp, ss);
+ etest |= test_crypt_raw (m, pp, ss, a, a_size);
}
fprintf (stderr, "\n");
if (etest)
@@ -177,6 +182,10 @@ main (void)
fprintf (stderr, " ok: entropy test\n");
result |= etest;
+ free (*a);
+ free (a);
+ free (a_size);
+
return result;
}

44
libxcrypt-4.4.0-test_hmac-sha256_incremental_computation.patch
View File

@ -1,44 +0,0 @@
From 580a15e118ee86676ddc1b4456ae6a3f14d86296 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= <besser82@fedoraproject.org>
Date: Thu, 22 Nov 2018 22:20:57 +0100
Subject: [PATCH] Test hmac-sha256 incremental computation, too.
The main purpose of this additional test is for coverage.
---
test-alg-pbkdf-hmac-sha256.c | 15 ++++++++++++++-
1 file changed, 14 insertions(+), 1 deletion(-)
diff --git a/test-alg-pbkdf-hmac-sha256.c b/test-alg-pbkdf-hmac-sha256.c
index 21c90a5..df22979 100644
--- a/test-alg-pbkdf-hmac-sha256.c
+++ b/test-alg-pbkdf-hmac-sha256.c
@@ -179,7 +179,9 @@ static int
test_hmac_sha256 (void)
{
uint8_t output[32];
+ HMAC_SHA256_CTX ctx;
int status = 0;
+ size_t j;
for (size_t i = 0; i < ARRAY_SIZE (hmac_sha256_tests); i++)
{
const struct hmac_sha256_test *t = &hmac_sha256_tests[i];
@@ -188,7 +190,18 @@ test_hmac_sha256 (void)
output);
if (memcmp (output, t->digest, 32))
{
- report_failure ("HMAC-SHA256", i, 32, t->digest, output);
+ report_failure ("HMAC-SHA256 (one shot)",
+ i, 32, t->digest, output);
+ status = 1;
+ }
+ HMAC_SHA256_Init(&ctx, t->key, strlen (t->key));
+ for (j = 0; t->message[j] != '\0'; j++)
+ HMAC_SHA256_Update(&ctx, &t->message[j], 1);
+ HMAC_SHA256_Final(output, &ctx);
+ if (memcmp (output, t->digest, 32))
+ {
+ report_failure ("HMAC-SHA256 (incremental)",
+ i, 32, t->digest, output);
status = 1;
}
}

35
libxcrypt-4.4.0-use_XCRYPT_STRCPY_OR_ABORT_in_crypt_nt_rn.patch
View File

@ -1,35 +0,0 @@
From 664bfda5a51dbaa75904b29a7cd3c51888db6bd9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= <besser82@fedoraproject.org>
Date: Wed, 21 Nov 2018 18:27:51 +0100
Subject: [PATCH] Use XCRYPT_STRCPY_OR_ABORT in crypt_nt_rn.
---
crypt-nthash.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/crypt-nthash.c b/crypt-nthash.c
index bb7c1ff..83c45ea 100644
--- a/crypt-nthash.c
+++ b/crypt-nthash.c
@@ -49,9 +49,9 @@
void
crypt_nt_rn (const char *phrase, size_t ARG_UNUSED (phr_size),
- const char *setting, size_t ARG_UNUSED (set_size),
- uint8_t *output, size_t out_size,
- void *scratch, size_t scr_size)
+ const char *setting, size_t ARG_UNUSED (set_size),
+ uint8_t *output, size_t out_size,
+ void *scratch, size_t scr_size)
{
size_t unipwLen;
int i;
@@ -86,7 +86,7 @@ crypt_nt_rn (const char *phrase, size_t ARG_UNUSED (phr_size),
MD4_Update (ctx, unipw, unipwLen*sizeof(uint16_t));
MD4_Final (hash, ctx);
- output = (uint8_t *)stpcpy ((char *)output, magic);
+ output += XCRYPT_STRCPY_OR_ABORT (output, out_size, magic);
*output++ = '$';
for (i = 0; i < 16; i++)
{

169
libxcrypt-4.4.0-use_base64_output_gensalt_nt_rn.patch
View File

@ -1,169 +0,0 @@
From fdeddd908b6c659b281bbef7e535f9060b5b6186 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= <besser82@fedoraproject.org>
Date: Wed, 21 Nov 2018 18:59:21 +0100
Subject: [PATCH] Use base64 encoding for output of gensalt_nt_rn.
---
crypt-nthash.c | 89 ++++++++++++++++++++++++++++++++++++++++----------
test-gensalt.c | 10 +++---
2 files changed, 76 insertions(+), 23 deletions(-)
diff --git a/crypt-nthash.c b/crypt-nthash.c
index 83c45ea..2f47476 100644
--- a/crypt-nthash.c
+++ b/crypt-nthash.c
@@ -43,6 +43,58 @@
#if INCLUDE_nt
+static uint8_t *
+encode64_uint32 (uint8_t * dst, ssize_t dstlen,
+ uint32_t src, uint32_t srcbits)
+{
+ uint32_t bit;
+
+ for (bit = 0; bit < srcbits; bit += 6)
+ {
+ if (dstlen < 1)
+ {
+ errno = ERANGE;
+ return NULL;
+ }
+ *dst++ = ascii64[src & 0x3f];
+ dstlen--;
+ src >>= 6;
+ }
+
+ *dst = '\0';
+ return dst;
+}
+
+static uint8_t *
+encode64 (uint8_t * dst, ssize_t dstlen,
+ const uint8_t * src, size_t srclen)
+{
+ size_t i;
+
+ for (i = 0; i < srclen; )
+ {
+ uint8_t * dnext;
+ uint32_t value = 0, bits = 0;
+ do
+ {
+ value |= (uint32_t) src[i++] << bits;
+ bits += 8;
+ }
+ while (bits < 24 && i < srclen);
+ dnext = encode64_uint32 (dst, dstlen, value, bits);
+ if (!dnext)
+ {
+ errno = ERANGE;
+ return NULL;
+ }
+ dstlen -= (dnext - dst);
+ dst = dnext;
+ }
+
+ *dst = '\0';
+ return dst;
+}
+
/*
* NT HASH = md4(str2unicode(phrase))
*/
@@ -104,48 +156,49 @@ crypt_nt_rn (const char *phrase, size_t ARG_UNUSED (phr_size),
SETTING for the crypt function. */
void
gensalt_nt_rn (unsigned long count,
- const uint8_t *rbytes,
- size_t nrbytes,
- uint8_t *output,
- size_t o_size)
+ const uint8_t *rbytes,
+ size_t nrbytes,
+ uint8_t *output,
+ size_t o_size)
{
- static const char *salt = "$3$__not_used__";
+ const char *salt = "$3$__not_used__";
+ const size_t saltlen = strlen (salt);
MD4_CTX ctx;
unsigned char hashbuf[16];
- char hashstr[14 + 1];
- unsigned long i;
+ size_t i;
/* Minimal O_SIZE to store the fake salt.
At least 1 byte of RBYTES is needed
to calculate the MD4 hash used in the
fake salt. */
- if ((o_size < 30) || (nrbytes < 1))
+ if ((o_size < saltlen + BASE64_LEN (sizeof (hashbuf)) + 1) ||
+ (nrbytes < 2))
{
errno = ERANGE;
return;
}
+
if (count != 0)
{
errno = EINVAL;
return;
}
+ XCRYPT_STRCPY_OR_ABORT (output, o_size, salt);
+
MD4_Init (&ctx);
- for (i = 0; i < 20; i++)
+ for (i = 0; i < saltlen * nrbytes; i++)
{
- MD4_Update (&ctx, salt, (i % 15) + 1);
+ MD4_Update (&ctx, salt, (i % saltlen) + 1);
MD4_Update (&ctx, rbytes, nrbytes);
- MD4_Update (&ctx, salt, 15);
- MD4_Update (&ctx, salt, 15 - (i % 15));
+ MD4_Update (&ctx, rbytes, nrbytes - (i % nrbytes));
+ MD4_Update (&ctx, salt, saltlen);
+ MD4_Update (&ctx, salt, saltlen - (i % saltlen));
}
MD4_Final (hashbuf, &ctx);
- for (i = 0; i < 7; i++)
- sprintf (&(hashstr[i * 2]), "%02x", hashbuf[i]);
- hashstr[14] = '\0';
-
- XCRYPT_STRCPY_OR_ABORT (output, o_size, salt);
- XCRYPT_STRCPY_OR_ABORT (output + 15, o_size - 15, hashstr);
+ encode64 (output + saltlen, (ssize_t) (o_size - saltlen),
+ hashbuf, sizeof (hashbuf));
}
#endif
diff --git a/test-gensalt.c b/test-gensalt.c
index 49873a5..676edf1 100644
--- a/test-gensalt.c
+++ b/test-gensalt.c
@@ -67,10 +67,10 @@ static const char *const md5_expected_output[] =
#if INCLUDE_nt
static const char *const nthash_expected_output[] =
{
- "$3$__not_used__c809a450df09a3",
- "$3$__not_used__30d0d6f834c0c3",
- "$3$__not_used__0eeeebb83d6fe4",
- "$3$__not_used__1c690d6a9ef88c"
+ "$3$__not_used__oTs8adyvc5SpgTxXhllxC/",
+ "$3$__not_used__CPYy.33449S0xlcz6wv2W/",
+ "$3$__not_used__HUo2S2sloOywHZxmgM.wo/",
+ "$3$__not_used__ZL45/aAV4iGWPnlWZamDX0"
};
#endif
#if INCLUDE_sunmd5
@@ -330,7 +330,7 @@ static const struct testcase testcases[] =
// MD5/BSD doesn't have variable round count.
#endif
#if INCLUDE_nt
- { "$3$", nthash_expected_output, 29, 0, 0 },
+ { "$3$", nthash_expected_output, 37, 0, 0 },
// NTHASH doesn't have variable round count.
#endif
#if INCLUDE_sunmd5

7
libxcrypt.spec
View File

@ -99,13 +99,6 @@ URL: https://github.com/besser82/%{name}
Source0: %{url}/archive/v%{version}/%{name}-%{version}.tar.gz
# Patch 0000 - 2999: Backported patches from upstream.
Patch0000: %{url}/commit/a60130b2211c6666bee69051b2b76413af2d679f.patch#/%{name}-4.4.0-fix_manual-page-warning_list-type-stack0.patch
Patch0001: %{url}/commit/664bfda5a51dbaa75904b29a7cd3c51888db6bd9.patch#/%{name}-4.4.0-use_XCRYPT_STRCPY_OR_ABORT_in_crypt_nt_rn.patch
Patch0002: %{url}/commit/fdeddd908b6c659b281bbef7e535f9060b5b6186.patch#/%{name}-4.4.0-use_base64_output_gensalt_nt_rn.patch
Patch0003: %{url}/commit/f6fe5e6faf4a681984e5bb9d830c8006bba8dab7.patch#/%{name}-4.4.0-set_minimum_rbytes_for_NT_to_2.patch
Patch0004: %{url}/commit/580a15e118ee86676ddc1b4456ae6a3f14d86296.patch#/%{name}-4.4.0-test_hmac-sha256_incremental_computation.patch
Patch0005: %{url}/commit/176151db6c456c41be12f7d3a6338559d767cf9b.patch#/%{name}-4.4.0-test-crypt-gost-yescrypt_fix_static_pointer_memory_leak.patch
Patch0006: %{url}/commit/4b4aaa2241aa8b8d52e78cbf486acb0d8cb1e67d.patch#/%{name}-4.4.0-buildflags_-fno-plt.patch
# Patch 3000 - 5999: Backported patches from pull requests.