Attachment #167055 for bug #207107




# $FreeBSD: head/security/libgcrypt/Makefile 408514 2016-02-08 20:54:10Z cpm $

PORTNAME=	libgcrypt
PORTVERSION=	1.6.5
PORTREVISION=	4
CATEGORIES=	security
MASTER_SITES=	GNUPG

MAINTAINER=	cpm@FreeBSD.org
COMMENT=	General purpose crypto library based on code used in GnuPG

LICENSE=	GPLv2+ LGPL21+
LICENSE_COMB=	multi

BUILD_DEPENDS=	libgpg-error>=1.8:${PORTSDIR}/security/libgpg-error

Lines 1-2 Link Here

(-)/usr/ports/security/libgcrypt/distinfo (-2 / +2 lines)
1	SHA256 (libgcrypt-1.6.4.tar.bz2) = c9bc2c7fe2e5f4ea13b0c74f9d24bcbb1ad889bb39297d8082aebf23f4336026	1	SHA256 (libgcrypt-1.6.5.tar.bz2) = f49ebc5842d455ae7019def33eb5a014a0f07a2a8353dc3aa50a76fd1dafa924
2	SIZE (libgcrypt-1.6.4.tar.bz2) = 2549820	2	SIZE (libgcrypt-1.6.5.tar.bz2) = 2549601




--- cipher/Makefile.in.orig	2015-09-08 06:32:11 UTC
+++ cipher/Makefile.in
@@ -818,13 +818,19 @@ uninstall-am:
 	tags tags-am uninstall uninstall-am
 
 
-# We need to lower the optimization for this module.
+# We need to lower the optimization for these modules.
 tiger.o: $(srcdir)/tiger.c
 	`echo $(COMPILE) -c $(srcdir)/tiger.c | $(o_flag_munging) `
 
 tiger.lo: $(srcdir)/tiger.c
 	`echo $(LTCOMPILE) -c $(srcdir)/tiger.c | $(o_flag_munging) `
 
+salsa20.o: $(srcdir)/salsa20.c
+	`echo $(COMPILE) -c $(srcdir)/salsa20.c | $(o_flag_munging) `
+
+salsa20.lo: $(srcdir)/salsa20.c
+	`echo $(LTCOMPILE) -c $(srcdir)/salsa20.c | $(o_flag_munging) `
+
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
 # Otherwise a system limit (for SysV at least) may be exceeded.
 .NOEXPORT:




--- cipher/salsa20.c.orig	2016-02-03 17:12:14 UTC
+++ cipher/salsa20.c
@@ -485,7 +485,8 @@ salsa20r12_encrypt_stream (void *context
 static const char*
 selftest (void)
 {
-  SALSA20_context_t ctx;
+  byte ctxbuf[sizeof(SALSA20_context_t) + 15];
+  SALSA20_context_t *ctx;
   byte scratch[8+1];
   byte buf[256+64+4];
   int i;
@@ -502,32 +503,35 @@ selftest (void)
   static const byte ciphertext_1[] =
     { 0xE3, 0xBE, 0x8F, 0xDD, 0x8B, 0xEC, 0xA2, 0xE3};
 
-  salsa20_setkey (&ctx, key_1, sizeof key_1);
-  salsa20_setiv  (&ctx, nonce_1, sizeof nonce_1);
+  /* 16-byte alignment required for amd64 implementation. */
+  ctx = (SALSA20_context_t *)((uintptr_t)(ctxbuf + 15) & ~(uintptr_t)15);
+
+  salsa20_setkey (ctx, key_1, sizeof key_1);
+  salsa20_setiv  (ctx, nonce_1, sizeof nonce_1);
   scratch[8] = 0;
-  salsa20_encrypt_stream (&ctx, scratch, plaintext_1, sizeof plaintext_1);
+  salsa20_encrypt_stream (ctx, scratch, plaintext_1, sizeof plaintext_1);
   if (memcmp (scratch, ciphertext_1, sizeof ciphertext_1))
     return "Salsa20 encryption test 1 failed.";
   if (scratch[8])
     return "Salsa20 wrote too much.";
-  salsa20_setkey( &ctx, key_1, sizeof(key_1));
-  salsa20_setiv  (&ctx, nonce_1, sizeof nonce_1);
-  salsa20_encrypt_stream (&ctx, scratch, scratch, sizeof plaintext_1);
+  salsa20_setkey (ctx, key_1, sizeof(key_1));
+  salsa20_setiv  (ctx, nonce_1, sizeof nonce_1);
+  salsa20_encrypt_stream (ctx, scratch, scratch, sizeof plaintext_1);
   if (memcmp (scratch, plaintext_1, sizeof plaintext_1))
     return "Salsa20 decryption test 1 failed.";
 
   for (i = 0; i < sizeof buf; i++)
     buf[i] = i;
-  salsa20_setkey (&ctx, key_1, sizeof key_1);
-  salsa20_setiv (&ctx, nonce_1, sizeof nonce_1);
+  salsa20_setkey (ctx, key_1, sizeof key_1);
+  salsa20_setiv (ctx, nonce_1, sizeof nonce_1);
   /*encrypt*/
   salsa20_encrypt_stream (&ctx, buf, buf, sizeof buf);
   /*decrypt*/
-  salsa20_setkey (&ctx, key_1, sizeof key_1);
-  salsa20_setiv (&ctx, nonce_1, sizeof nonce_1);
-  salsa20_encrypt_stream (&ctx, buf, buf, 1);
-  salsa20_encrypt_stream (&ctx, buf+1, buf+1, (sizeof buf)-1-1);
-  salsa20_encrypt_stream (&ctx, buf+(sizeof buf)-1, buf+(sizeof buf)-1, 1);
+  salsa20_setkey (ctx, key_1, sizeof key_1);
+  salsa20_setiv (ctx, nonce_1, sizeof nonce_1);
+  salsa20_encrypt_stream (ctx, buf, buf, 1);
+  salsa20_encrypt_stream (ctx, buf+1, buf+1, (sizeof buf)-1-1);
+  salsa20_encrypt_stream (ctx, buf+(sizeof buf)-1, buf+(sizeof buf)-1, 1);
   for (i = 0; i < sizeof buf; i++)
     if (buf[i] != (byte)i)
       return "Salsa20 encryption test 2 failed.";

Lines 6-11 Link Here

(-)/usr/ports/security/libgcrypt/pkg-plist (-1 / +1 lines)
6	lib/libgcrypt.a	6	lib/libgcrypt.a
7	lib/libgcrypt.so	7	lib/libgcrypt.so
8	lib/libgcrypt.so.20	8	lib/libgcrypt.so.20
9	lib/libgcrypt.so.20.0.4	9	lib/libgcrypt.so.20.0.5
10	man/man1/hmac256.1.gz	10	man/man1/hmac256.1.gz
11	share/aclocal/libgcrypt.m4	11	share/aclocal/libgcrypt.m4

Return to bug 207107

Lines 1-15 Link Here

(-)/usr/ports/security/libgcrypt/Makefile (-3 / +2 lines)
1	# $FreeBSD: head/security/libgcrypt/Makefile 408514 2016-02-08 20:54:10Z cpm $	1	# $FreeBSD: head/security/libgcrypt/Makefile 408514 2016-02-08 20:54:10Z cpm $
2		2
3	PORTNAME= libgcrypt	3	PORTNAME= libgcrypt
4	PORTVERSION= 1.6.4	4	PORTVERSION= 1.6.5
5	PORTREVISION= 4
6	CATEGORIES= security	5	CATEGORIES= security
7	MASTER_SITES= GNUPG	6	MASTER_SITES= GNUPG
8		7
9	MAINTAINER= cpm@FreeBSD.org	8	MAINTAINER= cpm@FreeBSD.org
10	COMMENT= General purpose crypto library based on code used in GnuPG	9	COMMENT= General purpose crypto library based on code used in GnuPG
11		10
12	LICENSE= GPLv2 LGPL21	11	LICENSE= GPLv2+ LGPL21+
13	LICENSE_COMB= multi	12	LICENSE_COMB= multi
14		13
15	BUILD_DEPENDS= libgpg-error>=1.8:${PORTSDIR}/security/libgpg-error	14	BUILD_DEPENDS= libgpg-error>=1.8:${PORTSDIR}/security/libgpg-error

Line 0 Link Here

(-)/usr/ports/security/libgcrypt/files/patch-cipher-Makefile.in (+23 lines)
	1	--- cipher/Makefile.in.orig 2015-09-08 06:32:11 UTC
	2	+++ cipher/Makefile.in
	3	@@ -818,13 +818,19 @@ uninstall-am:
	4	tags tags-am uninstall uninstall-am
	5
	6
	7	-# We need to lower the optimization for this module.
	8	+# We need to lower the optimization for these modules.
	9	tiger.o: $(srcdir)/tiger.c
	10	`echo $(COMPILE) -c $(srcdir)/tiger.c \| $(o_flag_munging) `
	11
	12	tiger.lo: $(srcdir)/tiger.c
	13	`echo $(LTCOMPILE) -c $(srcdir)/tiger.c \| $(o_flag_munging) `
	14
	15	+salsa20.o: $(srcdir)/salsa20.c
	16	+ `echo $(COMPILE) -c $(srcdir)/salsa20.c \| $(o_flag_munging) `
	17	+
	18	+salsa20.lo: $(srcdir)/salsa20.c
	19	+ `echo $(LTCOMPILE) -c $(srcdir)/salsa20.c \| $(o_flag_munging) `
	20	+
	21	# Tell versions [3.59,3.63) of GNU make to not export all variables.
	22	# Otherwise a system limit (for SysV at least) may be exceeded.
	23	.NOEXPORT:

Lines 1-61 Link Here

(-)/usr/ports/security/libgcrypt/files/patch-cipher_salsa20.c (-61 lines)
1	--- cipher/salsa20.c.orig 2016-02-03 17:12:14 UTC
2	+++ cipher/salsa20.c
3	@@ -485,7 +485,8 @@ salsa20r12_encrypt_stream (void *context
4	static const char*
5	selftest (void)
6	{
7	- SALSA20_context_t ctx;
8	+ byte ctxbuf[sizeof(SALSA20_context_t) + 15];
9	+ SALSA20_context_t *ctx;
10	byte scratch[8+1];
11	byte buf[256+64+4];
12	int i;
13	@@ -502,32 +503,35 @@ selftest (void)
14	static const byte ciphertext_1[] =
15	{ 0xE3, 0xBE, 0x8F, 0xDD, 0x8B, 0xEC, 0xA2, 0xE3};
16
17	- salsa20_setkey (&ctx, key_1, sizeof key_1);
18	- salsa20_setiv (&ctx, nonce_1, sizeof nonce_1);
19	+ /* 16-byte alignment required for amd64 implementation. */
20	+ ctx = (SALSA20_context_t *)((uintptr_t)(ctxbuf + 15) & ~(uintptr_t)15);
21	+
22	+ salsa20_setkey (ctx, key_1, sizeof key_1);
23	+ salsa20_setiv (ctx, nonce_1, sizeof nonce_1);
24	scratch[8] = 0;
25	- salsa20_encrypt_stream (&ctx, scratch, plaintext_1, sizeof plaintext_1);
26	+ salsa20_encrypt_stream (ctx, scratch, plaintext_1, sizeof plaintext_1);
27	if (memcmp (scratch, ciphertext_1, sizeof ciphertext_1))
28	return "Salsa20 encryption test 1 failed.";
29	if (scratch[8])
30	return "Salsa20 wrote too much.";
31	- salsa20_setkey( &ctx, key_1, sizeof(key_1));
32	- salsa20_setiv (&ctx, nonce_1, sizeof nonce_1);
33	- salsa20_encrypt_stream (&ctx, scratch, scratch, sizeof plaintext_1);
34	+ salsa20_setkey (ctx, key_1, sizeof(key_1));
35	+ salsa20_setiv (ctx, nonce_1, sizeof nonce_1);
36	+ salsa20_encrypt_stream (ctx, scratch, scratch, sizeof plaintext_1);
37	if (memcmp (scratch, plaintext_1, sizeof plaintext_1))
38	return "Salsa20 decryption test 1 failed.";
39
40	for (i = 0; i < sizeof buf; i++)
41	buf[i] = i;
42	- salsa20_setkey (&ctx, key_1, sizeof key_1);
43	- salsa20_setiv (&ctx, nonce_1, sizeof nonce_1);
44	+ salsa20_setkey (ctx, key_1, sizeof key_1);
45	+ salsa20_setiv (ctx, nonce_1, sizeof nonce_1);
46	/encrypt/
47	salsa20_encrypt_stream (&ctx, buf, buf, sizeof buf);
48	/decrypt/
49	- salsa20_setkey (&ctx, key_1, sizeof key_1);
50	- salsa20_setiv (&ctx, nonce_1, sizeof nonce_1);
51	- salsa20_encrypt_stream (&ctx, buf, buf, 1);
52	- salsa20_encrypt_stream (&ctx, buf+1, buf+1, (sizeof buf)-1-1);
53	- salsa20_encrypt_stream (&ctx, buf+(sizeof buf)-1, buf+(sizeof buf)-1, 1);
54	+ salsa20_setkey (ctx, key_1, sizeof key_1);
55	+ salsa20_setiv (ctx, nonce_1, sizeof nonce_1);
56	+ salsa20_encrypt_stream (ctx, buf, buf, 1);
57	+ salsa20_encrypt_stream (ctx, buf+1, buf+1, (sizeof buf)-1-1);
58	+ salsa20_encrypt_stream (ctx, buf+(sizeof buf)-1, buf+(sizeof buf)-1, 1);
59	for (i = 0; i < sizeof buf; i++)
60	if (buf[i] != (byte)i)
61	return "Salsa20 encryption test 2 failed.";