Attachment #166552 for bug #206919

Lines 2-12 Link Here

(-)security/libgcrypt/Makefile (-2 / +2 lines)
2		2
3	PORTNAME= libgcrypt	3	PORTNAME= libgcrypt
4	PORTVERSION= 1.6.4	4	PORTVERSION= 1.6.4
5	PORTREVISION= 3	5	PORTREVISION= 4
6	CATEGORIES= security	6	CATEGORIES= security
7	MASTER_SITES= GNUPG	7	MASTER_SITES= GNUPG
8		8
9	MAINTAINER= cpm@fbsd.es	9	MAINTAINER= cpm@FreeBSD.org
10	COMMENT= General purpose crypto library based on code used in GnuPG	10	COMMENT= General purpose crypto library based on code used in GnuPG
11		11
12	LICENSE= GPLv2 LGPL21	12	LICENSE= GPLv2 LGPL21




--- cipher/Makefile.in.orig	2015-09-08 06:32:11 UTC
+++ cipher/Makefile.in
@@ -818,13 +818,19 @@ uninstall-am:
 	tags tags-am uninstall uninstall-am
 
 
-# We need to lower the optimization for this module.
+# We need to lower the optimization for these modules.
 tiger.o: $(srcdir)/tiger.c
 	`echo $(COMPILE) -c $(srcdir)/tiger.c | $(o_flag_munging) `
 
 tiger.lo: $(srcdir)/tiger.c
 	`echo $(LTCOMPILE) -c $(srcdir)/tiger.c | $(o_flag_munging) `
 
+salsa20.o: $(srcdir)/salsa20.c
+	`echo $(COMPILE) -c $(srcdir)/salsa20.c | $(o_flag_munging) `
+
+salsa20.lo: $(srcdir)/salsa20.c
+	`echo $(LTCOMPILE) -c $(srcdir)/salsa20.c | $(o_flag_munging) `
+
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
 # Otherwise a system limit (for SysV at least) may be exceeded.
 .NOEXPORT:




--- cipher/salsa20.c.orig	2016-02-03 17:12:14 UTC
+++ cipher/salsa20.c
@@ -485,7 +485,8 @@ salsa20r12_encrypt_stream (void *context
 static const char*
 selftest (void)
 {
-  SALSA20_context_t ctx;
+  byte ctxbuf[sizeof(SALSA20_context_t) + 15];
+  SALSA20_context_t *ctx;
   byte scratch[8+1];
   byte buf[256+64+4];
   int i;
@@ -502,32 +503,35 @@ selftest (void)
   static const byte ciphertext_1[] =
     { 0xE3, 0xBE, 0x8F, 0xDD, 0x8B, 0xEC, 0xA2, 0xE3};
 
-  salsa20_setkey (&ctx, key_1, sizeof key_1);
-  salsa20_setiv  (&ctx, nonce_1, sizeof nonce_1);
+  /* 16-byte alignment required for amd64 implementation. */
+  ctx = (SALSA20_context_t *)((uintptr_t)(ctxbuf + 15) & ~(uintptr_t)15);
+
+  salsa20_setkey (ctx, key_1, sizeof key_1);
+  salsa20_setiv  (ctx, nonce_1, sizeof nonce_1);
   scratch[8] = 0;
-  salsa20_encrypt_stream (&ctx, scratch, plaintext_1, sizeof plaintext_1);
+  salsa20_encrypt_stream (ctx, scratch, plaintext_1, sizeof plaintext_1);
   if (memcmp (scratch, ciphertext_1, sizeof ciphertext_1))
     return "Salsa20 encryption test 1 failed.";
   if (scratch[8])
     return "Salsa20 wrote too much.";
-  salsa20_setkey( &ctx, key_1, sizeof(key_1));
-  salsa20_setiv  (&ctx, nonce_1, sizeof nonce_1);
-  salsa20_encrypt_stream (&ctx, scratch, scratch, sizeof plaintext_1);
+  salsa20_setkey (ctx, key_1, sizeof(key_1));
+  salsa20_setiv  (ctx, nonce_1, sizeof nonce_1);
+  salsa20_encrypt_stream (ctx, scratch, scratch, sizeof plaintext_1);
   if (memcmp (scratch, plaintext_1, sizeof plaintext_1))
     return "Salsa20 decryption test 1 failed.";
 
   for (i = 0; i < sizeof buf; i++)
     buf[i] = i;
-  salsa20_setkey (&ctx, key_1, sizeof key_1);
-  salsa20_setiv (&ctx, nonce_1, sizeof nonce_1);
+  salsa20_setkey (ctx, key_1, sizeof key_1);
+  salsa20_setiv (ctx, nonce_1, sizeof nonce_1);
   /*encrypt*/
   salsa20_encrypt_stream (&ctx, buf, buf, sizeof buf);
   /*decrypt*/
-  salsa20_setkey (&ctx, key_1, sizeof key_1);
-  salsa20_setiv (&ctx, nonce_1, sizeof nonce_1);
-  salsa20_encrypt_stream (&ctx, buf, buf, 1);
-  salsa20_encrypt_stream (&ctx, buf+1, buf+1, (sizeof buf)-1-1);
-  salsa20_encrypt_stream (&ctx, buf+(sizeof buf)-1, buf+(sizeof buf)-1, 1);
+  salsa20_setkey (ctx, key_1, sizeof key_1);
+  salsa20_setiv (ctx, nonce_1, sizeof nonce_1);
+  salsa20_encrypt_stream (ctx, buf, buf, 1);
+  salsa20_encrypt_stream (ctx, buf+1, buf+1, (sizeof buf)-1-1);
+  salsa20_encrypt_stream (ctx, buf+(sizeof buf)-1, buf+(sizeof buf)-1, 1);
   for (i = 0; i < sizeof buf; i++)
     if (buf[i] != (byte)i)
       return "Salsa20 encryption test 2 failed.";




Fixes at least devel/ccrtp's build:
  In file included from ccrtp/crypto/gcrypt/gcrypthmac.cpp:23:
  /usr/local/include/gcrypt.h:509: error: comma at end of enumerator list
  /usr/local/include/gcrypt.h:1346: error: comma at end of enumerator list

From: Werner Koch <wk@gnupg.org>
Date: Thu, 19 Mar 2015 09:43:55 +0000 (+0100)
Subject: Fix two pedantic warnings.
X-Git-Url: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commitdiff_plain;h=f5832285b0e420d77be1b8da10a1e1d86583b414

Fix two pedantic warnings.

* src/gcrypt.h.in (gcry_mpi_flag, gcry_mac_algos): Remove trailing
comma.
--

Reported-by: Opal Raava <opalraava@hushmail.com>
Signed-off-by: Werner Koch <wk@gnupg.org>
---

--- src/gcrypt.h.in
+++ src/gcrypt.h.in
@@ -511,7 +511,7 @@ enum gcry_mpi_flag
     GCRYMPI_FLAG_USER1 = 0x0100,/* User flag 1.  */
     GCRYMPI_FLAG_USER2 = 0x0200,/* User flag 2.  */
     GCRYMPI_FLAG_USER3 = 0x0400,/* User flag 3.  */
-    GCRYMPI_FLAG_USER4 = 0x0800,/* User flag 4.  */
+    GCRYMPI_FLAG_USER4 = 0x0800 /* User flag 4.  */
   };
 
 
@@ -1372,7 +1372,7 @@ enum gcry_mac_algos
 /* Flags used with the open function.  */
 enum gcry_mac_flags
   {
-    GCRY_MAC_FLAG_SECURE = 1,  /* Allocate all buffers in "secure" memory.  */
+    GCRY_MAC_FLAG_SECURE = 1   /* Allocate all buffers in "secure" memory.  */
   };
 
 /* Create a MAC handle for algorithm ALGO.  FLAGS may be given as an bitwise OR




Fixes at least devel/ccrtp's build:
  In file included from ccrtp/crypto/gcrypt/gcrypthmac.cpp:23:
  /usr/local/include/gcrypt.h:509: error: comma at end of enumerator list
  /usr/local/include/gcrypt.h:1346: error: comma at end of enumerator list

From: Werner Koch <wk@gnupg.org>
Date: Thu, 19 Mar 2015 09:43:55 +0000 (+0100)
Subject: Fix two pedantic warnings.
X-Git-Url: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commitdiff_plain;h=f5832285b0e420d77be1b8da10a1e1d86583b414

Fix two pedantic warnings.

* src/gcrypt.h.in (gcry_mpi_flag, gcry_mac_algos): Remove trailing
comma.
--

Reported-by: Opal Raava <opalraava@hushmail.com>
Signed-off-by: Werner Koch <wk@gnupg.org>
--- src/gcrypt.h.in.orig	2015-09-07 12:05:57 UTC
+++ src/gcrypt.h.in
@@ -506,7 +506,7 @@ enum gcry_mpi_flag
     GCRYMPI_FLAG_USER1 = 0x0100,/* User flag 1.  */
     GCRYMPI_FLAG_USER2 = 0x0200,/* User flag 2.  */
     GCRYMPI_FLAG_USER3 = 0x0400,/* User flag 3.  */
-    GCRYMPI_FLAG_USER4 = 0x0800,/* User flag 4.  */
+    GCRYMPI_FLAG_USER4 = 0x0800 /* User flag 4.  */
   };
 
 
@@ -1343,7 +1343,7 @@ enum gcry_mac_algos
 /* Flags used with the open function.  */
 enum gcry_mac_flags
   {
-    GCRY_MAC_FLAG_SECURE = 1,  /* Allocate all buffers in "secure" memory.  */
+    GCRY_MAC_FLAG_SECURE = 1   /* Allocate all buffers in "secure" memory.  */
   };
 
 /* Create a MAC handle for algorithm ALGO.  FLAGS may be given as an bitwise OR

Return to bug 206919

Lines 1-23 Link Here

(-)security/libgcrypt/files/patch-cipher-Makefile.in (-23 lines)
1	--- cipher/Makefile.in.orig 2015-09-08 06:32:11 UTC
2	+++ cipher/Makefile.in
3	@@ -818,13 +818,19 @@ uninstall-am:
4	tags tags-am uninstall uninstall-am
5
6
7	-# We need to lower the optimization for this module.
8	+# We need to lower the optimization for these modules.
9	tiger.o: $(srcdir)/tiger.c
10	`echo $(COMPILE) -c $(srcdir)/tiger.c \| $(o_flag_munging) `
11
12	tiger.lo: $(srcdir)/tiger.c
13	`echo $(LTCOMPILE) -c $(srcdir)/tiger.c \| $(o_flag_munging) `
14
15	+salsa20.o: $(srcdir)/salsa20.c
16	+ `echo $(COMPILE) -c $(srcdir)/salsa20.c \| $(o_flag_munging) `
17	+
18	+salsa20.lo: $(srcdir)/salsa20.c
19	+ `echo $(LTCOMPILE) -c $(srcdir)/salsa20.c \| $(o_flag_munging) `
20	+
21	# Tell versions [3.59,3.63) of GNU make to not export all variables.
22	# Otherwise a system limit (for SysV at least) may be exceeded.
23	.NOEXPORT:

Line 0 Link Here

(-)security/libgcrypt/files/patch-cipher_salsa20.c (+61 lines)
	1	--- cipher/salsa20.c.orig 2016-02-03 17:12:14 UTC
	2	+++ cipher/salsa20.c
	3	@@ -485,7 +485,8 @@ salsa20r12_encrypt_stream (void *context
	4	static const char*
	5	selftest (void)
	6	{
	7	- SALSA20_context_t ctx;
	8	+ byte ctxbuf[sizeof(SALSA20_context_t) + 15];
	9	+ SALSA20_context_t *ctx;
	10	byte scratch[8+1];
	11	byte buf[256+64+4];
	12	int i;
	13	@@ -502,32 +503,35 @@ selftest (void)
	14	static const byte ciphertext_1[] =
	15	{ 0xE3, 0xBE, 0x8F, 0xDD, 0x8B, 0xEC, 0xA2, 0xE3};
	16
	17	- salsa20_setkey (&ctx, key_1, sizeof key_1);
	18	- salsa20_setiv (&ctx, nonce_1, sizeof nonce_1);
	19	+ /* 16-byte alignment required for amd64 implementation. */
	20	+ ctx = (SALSA20_context_t *)((uintptr_t)(ctxbuf + 15) & ~(uintptr_t)15);
	21	+
	22	+ salsa20_setkey (ctx, key_1, sizeof key_1);
	23	+ salsa20_setiv (ctx, nonce_1, sizeof nonce_1);
	24	scratch[8] = 0;
	25	- salsa20_encrypt_stream (&ctx, scratch, plaintext_1, sizeof plaintext_1);
	26	+ salsa20_encrypt_stream (ctx, scratch, plaintext_1, sizeof plaintext_1);
	27	if (memcmp (scratch, ciphertext_1, sizeof ciphertext_1))
	28	return "Salsa20 encryption test 1 failed.";
	29	if (scratch[8])
	30	return "Salsa20 wrote too much.";
	31	- salsa20_setkey( &ctx, key_1, sizeof(key_1));
	32	- salsa20_setiv (&ctx, nonce_1, sizeof nonce_1);
	33	- salsa20_encrypt_stream (&ctx, scratch, scratch, sizeof plaintext_1);
	34	+ salsa20_setkey (ctx, key_1, sizeof(key_1));
	35	+ salsa20_setiv (ctx, nonce_1, sizeof nonce_1);
	36	+ salsa20_encrypt_stream (ctx, scratch, scratch, sizeof plaintext_1);
	37	if (memcmp (scratch, plaintext_1, sizeof plaintext_1))
	38	return "Salsa20 decryption test 1 failed.";
	39
	40	for (i = 0; i < sizeof buf; i++)
	41	buf[i] = i;
	42	- salsa20_setkey (&ctx, key_1, sizeof key_1);
	43	- salsa20_setiv (&ctx, nonce_1, sizeof nonce_1);
	44	+ salsa20_setkey (ctx, key_1, sizeof key_1);
	45	+ salsa20_setiv (ctx, nonce_1, sizeof nonce_1);
	46	/encrypt/
	47	salsa20_encrypt_stream (&ctx, buf, buf, sizeof buf);
	48	/decrypt/
	49	- salsa20_setkey (&ctx, key_1, sizeof key_1);
	50	- salsa20_setiv (&ctx, nonce_1, sizeof nonce_1);
	51	- salsa20_encrypt_stream (&ctx, buf, buf, 1);
	52	- salsa20_encrypt_stream (&ctx, buf+1, buf+1, (sizeof buf)-1-1);
	53	- salsa20_encrypt_stream (&ctx, buf+(sizeof buf)-1, buf+(sizeof buf)-1, 1);
	54	+ salsa20_setkey (ctx, key_1, sizeof key_1);
	55	+ salsa20_setiv (ctx, nonce_1, sizeof nonce_1);
	56	+ salsa20_encrypt_stream (ctx, buf, buf, 1);
	57	+ salsa20_encrypt_stream (ctx, buf+1, buf+1, (sizeof buf)-1-1);
	58	+ salsa20_encrypt_stream (ctx, buf+(sizeof buf)-1, buf+(sizeof buf)-1, 1);
	59	for (i = 0; i < sizeof buf; i++)
	60	if (buf[i] != (byte)i)
	61	return "Salsa20 encryption test 2 failed.";

Lines 1-40 Link Here

(-)security/libgcrypt/files/patch-git_f5832285 (-40 lines)
1	Fixes at least devel/ccrtp's build:
2	In file included from ccrtp/crypto/gcrypt/gcrypthmac.cpp:23:
3	/usr/local/include/gcrypt.h:509: error: comma at end of enumerator list
4	/usr/local/include/gcrypt.h:1346: error: comma at end of enumerator list
5
6	From: Werner Koch <wk@gnupg.org>
7	Date: Thu, 19 Mar 2015 09:43:55 +0000 (+0100)
8	Subject: Fix two pedantic warnings.
9	X-Git-Url: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commitdiff_plain;h=f5832285b0e420d77be1b8da10a1e1d86583b414
10
11	Fix two pedantic warnings.
12
13	* src/gcrypt.h.in (gcry_mpi_flag, gcry_mac_algos): Remove trailing
14	comma.
15	--
16
17	Reported-by: Opal Raava <opalraava@hushmail.com>
18	Signed-off-by: Werner Koch <wk@gnupg.org>
19	---
20
21	--- src/gcrypt.h.in
22	+++ src/gcrypt.h.in
23	@@ -511,7 +511,7 @@ enum gcry_mpi_flag
24	GCRYMPI_FLAG_USER1 = 0x0100,/* User flag 1. */
25	GCRYMPI_FLAG_USER2 = 0x0200,/* User flag 2. */
26	GCRYMPI_FLAG_USER3 = 0x0400,/* User flag 3. */
27	- GCRYMPI_FLAG_USER4 = 0x0800,/* User flag 4. */
28	+ GCRYMPI_FLAG_USER4 = 0x0800 /* User flag 4. */
29	};
30
31
32	@@ -1372,7 +1372,7 @@ enum gcry_mac_algos
33	/* Flags used with the open function. */
34	enum gcry_mac_flags
35	{
36	- GCRY_MAC_FLAG_SECURE = 1, /* Allocate all buffers in "secure" memory. */
37	+ GCRY_MAC_FLAG_SECURE = 1 /* Allocate all buffers in "secure" memory. */
38	};
39
40	/* Create a MAC handle for algorithm ALGO. FLAGS may be given as an bitwise OR

Line 0 Link Here

(-)security/libgcrypt/files/patch-src_gcrypt.h.in (+38 lines)
	1	Fixes at least devel/ccrtp's build:
	2	In file included from ccrtp/crypto/gcrypt/gcrypthmac.cpp:23:
	3	/usr/local/include/gcrypt.h:509: error: comma at end of enumerator list
	4	/usr/local/include/gcrypt.h:1346: error: comma at end of enumerator list
	5
	6	From: Werner Koch <wk@gnupg.org>
	7	Date: Thu, 19 Mar 2015 09:43:55 +0000 (+0100)
	8	Subject: Fix two pedantic warnings.
	9	X-Git-Url: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commitdiff_plain;h=f5832285b0e420d77be1b8da10a1e1d86583b414
	10
	11	Fix two pedantic warnings.
	12
	13	* src/gcrypt.h.in (gcry_mpi_flag, gcry_mac_algos): Remove trailing
	14	comma.
	15	--
	16
	17	Reported-by: Opal Raava <opalraava@hushmail.com>
	18	Signed-off-by: Werner Koch <wk@gnupg.org>
	19	--- src/gcrypt.h.in.orig 2015-09-07 12:05:57 UTC
	20	+++ src/gcrypt.h.in
	21	@@ -506,7 +506,7 @@ enum gcry_mpi_flag
	22	GCRYMPI_FLAG_USER1 = 0x0100,/* User flag 1. */
	23	GCRYMPI_FLAG_USER2 = 0x0200,/* User flag 2. */
	24	GCRYMPI_FLAG_USER3 = 0x0400,/* User flag 3. */
	25	- GCRYMPI_FLAG_USER4 = 0x0800,/* User flag 4. */
	26	+ GCRYMPI_FLAG_USER4 = 0x0800 /* User flag 4. */
	27	};
	28
	29
	30	@@ -1343,7 +1343,7 @@ enum gcry_mac_algos
	31	/* Flags used with the open function. */
	32	enum gcry_mac_flags
	33	{
	34	- GCRY_MAC_FLAG_SECURE = 1, /* Allocate all buffers in "secure" memory. */
	35	+ GCRY_MAC_FLAG_SECURE = 1 /* Allocate all buffers in "secure" memory. */
	36	};
	37
	38	/* Create a MAC handle for algorithm ALGO. FLAGS may be given as an bitwise OR