Update to 4.4.26

2021-12-30 11:20:37 +08:00 · 2021-12-30 11:20:37 +08:00 · 2c08b2309e
commit 2c08b2309e
parent b0cf2af87e
4 changed files with 63 additions and 71 deletions
--- a/add-sm3-crypt-support.patch
+++ b/add-sm3-crypt-support.patch
@ -1,44 +1,43 @@
-From 8355e6e90c12051e0f44857db71d40aef00f9af9 Mon Sep 17 00:00:00 2001
+From cd29b303d2590b8377cb2a38539efdf838e8c59c Mon Sep 17 00:00:00 2001
 From: houmingyong <houmingyong@huawei.com>
-Date: Mon, 27 Dec 2021 16:01:26 +0800
+Date: Mon, 20 Dec 2021 16:19:09 +0800
 Subject: [PATCH] add sm3 crypt support

 ---
 Makefile.am              |   7 +
 README.md                |   4 +-
 doc/crypt.5              |   8 +
- lib/alg-sm3.c            | 408 +++++++++++++++++++++++++++++++++++++++
+ lib/alg-sm3.c            | 419 +++++++++++++++++++++++++++++++++++++++
 lib/alg-sm3.h            |  62 ++++++
 lib/crypt-port.h         |   9 +-
- lib/crypt-sm3.c          | 357 ++++++++++++++++++++++++++++++++++
+ lib/crypt-sm3.c          | 358 +++++++++++++++++++++++++++++++++
 lib/hashes.conf          |   1 +
 libxcrypt.spec.rpkg      |   2 +-
 test/alg-sm3.c           | 124 ++++++++++++
- test/badsalt.c           |  12 ++
 test/badsetting.c        |   9 +
 test/checksalt.c         |   5 +
 test/crypt-badargs.c     |   4 +
 test/gensalt-extradata.c |   3 +
 test/gensalt.c           |  38 +++-
- 16 files changed, 1048 insertions(+), 5 deletions(-)
+ 15 files changed, 1048 insertions(+), 5 deletions(-)
 create mode 100644 lib/alg-sm3.c
 create mode 100644 lib/alg-sm3.h
 create mode 100644 lib/crypt-sm3.c
 create mode 100644 test/alg-sm3.c

 diff --git a/Makefile.am b/Makefile.am
-index 430115a..936e0c1 100644
+index c1f91d4..571473f 100644
 --- a/Makefile.am
 +++ b/Makefile.am
-@@ -74,6 +74,7 @@ noinst_HEADERS = \
+@@ -79,6 +79,7 @@ noinst_HEADERS = \
 	lib/alg-md5.h \
 	lib/alg-sha1.h \
 	lib/alg-sha256.h \
 +	lib/alg-sm3.h \
 	lib/alg-sha512.h \
- 	lib/alg-yescrypt-sysendian.h \
 	lib/alg-yescrypt.h \
-@@ -106,6 +107,7 @@ libcrypt_la_SOURCES = \
+ 	lib/byteorder.h \
+@@ -107,6 +108,7 @@ libcrypt_la_SOURCES = \
 	lib/alg-md5.c \
 	lib/alg-sha1.c \
 	lib/alg-sha256.c \
@ -46,7 +45,7 @@ index 430115a..936e0c1 100644
 	lib/alg-sha512.c \
 	lib/alg-yescrypt-common.c \
 	lib/alg-yescrypt-opt.c \
-@@ -120,6 +122,7 @@ libcrypt_la_SOURCES = \
+@@ -119,6 +121,7 @@ libcrypt_la_SOURCES = \
 	lib/crypt-pbkdf1-sha1.c \
 	lib/crypt-scrypt.c \
 	lib/crypt-sha256.c \
@ -54,7 +53,7 @@ index 430115a..936e0c1 100644
 	lib/crypt-sha512.c \
 	lib/crypt-static.c \
 	lib/crypt-sunmd5.c \
-@@ -329,6 +332,7 @@ check_PROGRAMS = \
+@@ -362,6 +365,7 @@ check_PROGRAMS = \
 	test/alg-pbkdf-hmac-sha256 \
 	test/alg-sha1 \
 	test/alg-sha256 \
@ -62,21 +61,21 @@ index 430115a..936e0c1 100644
 	test/alg-sha512 \
 	test/alg-yescrypt \
 	test/badsalt \
-@@ -520,6 +524,9 @@ test_crypt_gost_yescrypt_LDADD = \
- 	lib/libcrypt_la-alg-yescrypt-opt.lo \
- 	lib/libcrypt_la-crypt-yescrypt.lo \
+@@ -574,6 +578,9 @@ test_crypt_gost_yescrypt_LDADD = \
+ 	lib/libcrypt_la-util-xbzero.lo \
+ 	lib/libcrypt_la-util-xstrcpy.lo \
 	$(COMMON_TEST_OBJECTS)
 +test_alg_sm3_LDADD = \
 +	lib/libcrypt_la-alg-sm3.lo \
 +	$(COMMON_TEST_OBJECTS)
 
- test_getrandom_interface_LDADD = \
- 	lib/libcrypt_la-randombytes.lo \
+ test_explicit_bzero_LDADD = \
+ 	lib/libcrypt_la-util-xbzero.lo
 diff --git a/README.md b/README.md
-index d0197a0..cf11e86 100644
+index 45b7f02..8a9abfd 100644
 --- a/README.md
 +++ b/README.md
-@@ -9,7 +9,7 @@ README for libxcrypt
+@@ -11,7 +11,7 @@ README for libxcrypt
 
 libxcrypt is a modern library for one-way hashing of passwords.  It
 supports a wide variety of both modern and historical hashing methods:
@ -85,7 +84,7 @@ index d0197a0..cf11e86 100644
 md5crypt, SunMD5, sha1crypt, NT, bsdicrypt, bigcrypt, and descrypt.
 It provides the traditional Unix `crypt` and `crypt_r` interfaces, as
 well as a set of extended interfaces pioneered by Openwall Linux,
-@@ -163,7 +163,7 @@ returns `$3$`.
+@@ -164,7 +164,7 @@ returns `$3$`.
 
 glibc’s libcrypt could optionally be configured to use Mozilla’s NSS
 library’s implementations of the cryptographic primitives md5crypt,
@ -95,7 +94,7 @@ index d0197a0..cf11e86 100644
 option.  The stated rationale for the option was to source all
 cryptographic primitives from a library that has undergone FIPS
 diff --git a/doc/crypt.5 b/doc/crypt.5
-index 6aaf937..dce9c3f 100644
+index 0b81c10..326969e 100644
 --- a/doc/crypt.5
 +++ b/doc/crypt.5
@@ -218,6 +218,14 @@ Acceptable for new hashes.
@ -115,10 +114,10 @@ index 6aaf937..dce9c3f 100644
 Originally developed by Simon Gerraty for NetBSD.
 diff --git a/lib/alg-sm3.c b/lib/alg-sm3.c
 new file mode 100644
-index 0000000..68d9f7c
+index 0000000..5347e11
 --- /dev/null
 +++ b/lib/alg-sm3.c
-@@ -0,0 +1,408 @@
+@@ -0,0 +1,419 @@
 +/*-
 + * Copyright(C) 2017-2021. Huawei Technologies Co.,Ltd. All Rights Reserved.
 + * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
@ -132,13 +131,13 @@ index 0000000..68d9f7c
 + */
 +
 +#include "crypt-port.h"
-+#include "alg-yescrypt-sysendian.h"
 +
 +#if INCLUDE_sm3crypt
 +
-+#define insecure_memzero XCRYPT_SECURE_MEMSET
+#define insecure_memzero explicit_bzero
 +
 +#include "alg-sm3.h"
+#include "byteorder.h"
 +
 +#define ROTATE(a,n)     (((a)<<(n))|(((a)&0xffffffff)>>(32-(n))))
 +
@ -172,13 +171,16 @@ index 0000000..68d9f7c
 +
 +#define R2(A,B,C,D,E,F,G,H,TJ,Wi,Wj) \
 +   RND(A,B,C,D,E,F,G,H,TJ,Wi,Wj,FF1,GG1)
+
 +/*
 + * Encode a length len*2 vector of (uint32_t) into a length len*8 vector of
 + * (uint8_t) in big-endian form.
 + */
 +static void
-+be32enc_vect(uint8_t * dst, const uint32_t * src, size_t len)
+sm3_be32enc_vect(uint8_t * dst, const uint32_t * src, size_t len)
 +{
+
+	/* Encode vector, two words at a time. */
 +	do {
 +		be32enc(&dst[0], src[0]);
 +		be32enc(&dst[4], src[1]);
@ -192,8 +194,10 @@ index 0000000..68d9f7c
 + * len*2 vector of (uint32_t).
 + */
 +static void
-+be32dec_vect(uint32_t * dst, const uint8_t * src, size_t len)
+sm3_be32dec_vect(uint32_t * dst, const uint8_t * src, size_t len)
 +{
+
+	/* Decode vector, two words at a time. */
 +	do {
 +		dst[0] = be32dec(&src[0]);
 +		dst[1] = be32dec(&src[4]);
@ -212,7 +216,7 @@ index 0000000..68d9f7c
 +		 W08, W09, W10, W11, W12, W13, W14, W15;
 +
 +	/* 1. Prepare the first part of the message schedule W. */
-+	be32dec_vect(W, block, 8);
+	sm3_be32dec_vect(W, block, 8);
 +	
 +	A = state[0];
 +	B = state[1];
@ -377,8 +381,10 @@ index 0000000..68d9f7c
 + * SM3_Init(ctx):
 + * Initialize the SM3 context ${ctx}.
 + */
-+void SM3_Init(SM3_CTX * ctx)
+void
+SM3_Init(SM3_CTX * ctx)
 +{
+
 +	/* Zero bits processed so far. */
 +	ctx->count = 0;
 +
@ -386,11 +392,13 @@ index 0000000..68d9f7c
 +	memcpy(ctx->state, initial_state, sizeof(initial_state));
 +}
 +
+
 +/**
 + * SM3_Update(ctx, in, len):
 + * Input ${len} bytes from ${in} into the SM3 context ${ctx}.
 + */
-+static void _SM3_Update(SM3_CTX * ctx, const void * in, size_t len,
+static void
+_SM3_Update(SM3_CTX * ctx, const void * in, size_t len,
 +    uint32_t tmp32[static restrict 72])
 +{
 +	uint32_t r;
@ -486,10 +494,12 @@ index 0000000..68d9f7c
 +_SM3_Final(uint8_t digest[32], SM3_CTX * ctx,
 +    uint32_t tmp32[static restrict 72])
 +{
+
 +	/* Add padding. */
 +	SM3_Pad(ctx, tmp32);
+
 +	/* Write the hash. */
-+	be32enc_vect(digest, ctx->state, 4);
+	sm3_be32enc_vect(digest, ctx->state, 4);
 +}
 +
 +/* Wrapper function for intermediate-values sanitization. */
@ -596,10 +606,10 @@ index 0000000..5c76e6b
 +
 +#endif /* !_SM3_H_ */
 diff --git a/lib/crypt-port.h b/lib/crypt-port.h
-index bec36ac..33534fa 100644
+index 307b526..7ad44b0 100644
 --- a/lib/crypt-port.h
 +++ b/lib/crypt-port.h
-@@ -306,7 +306,7 @@ _crypt_strcpy_or_abort (void *, const size_t, const void *);
+@@ -357,7 +357,7 @@ extern size_t strcpy_or_abort (void *dst, size_t d_size, const void *src);
 #define libcperciva_SHA512_Buf    _crypt_SHA512_Buf
 #endif
 
@ -608,7 +618,7 @@ index bec36ac..33534fa 100644
 #define gensalt_sha_rn           _crypt_gensalt_sha_rn
 #endif
 
-@@ -341,6 +341,13 @@ _crypt_strcpy_or_abort (void *, const size_t, const void *);
+@@ -392,6 +392,13 @@ extern size_t strcpy_or_abort (void *dst, size_t d_size, const void *src);
 #define libcperciva_SHA256_Buf   _crypt_SHA256_Buf
 #endif
 
@ -624,10 +634,10 @@ index bec36ac..33534fa 100644
 #define GOST34112012Update     _crypt_GOST34112012_Update
 diff --git a/lib/crypt-sm3.c b/lib/crypt-sm3.c
 new file mode 100644
-index 0000000..b79d670
+index 0000000..1a817cd
 --- /dev/null
 +++ b/lib/crypt-sm3.c
-@@ -0,0 +1,357 @@
+@@ -0,0 +1,358 @@
 +/* One way encryption based on the SM3-based Unix crypt implementation.
 + *
 + * Written by Ulrich Drepper <drepper at redhat.com> in 2007 [1].
@ -743,7 +753,8 @@ index 0000000..b79d670
 +    /* Skip salt prefix.  */
 +    salt += sizeof (sm3_salt_prefix) - 1;
 +
-+  if (strncmp (salt, sm3_rounds_prefix, sizeof (sm3_rounds_prefix) - 1) == 0)
+  if (strncmp (salt, sm3_rounds_prefix, sizeof (sm3_rounds_prefix) - 1)
+      == 0)
 +    {
 +      const char *num = salt + sizeof (sm3_rounds_prefix) - 1;
 +      /* Do not allow an explicit setting of zero rounds, nor of the
@ -986,7 +997,7 @@ index 0000000..b79d670
 +
 +#endif
 diff --git a/lib/hashes.conf b/lib/hashes.conf
-index 99ed116..d5d05b2 100644
+index 094f7cc..2676c24 100644
 --- a/lib/hashes.conf
 +++ b/lib/hashes.conf
@@ -48,6 +48,7 @@ bcrypt_a       $2a$      16       STRONG,ALT,FREEBSD,NETBSD,OPENBSD,OWL,SOLARIS,
@ -998,10 +1009,10 @@ index 99ed116..d5d05b2 100644
 sunmd5         $md5      8        SOLARIS
 md5crypt       $1$       9        GLIBC,FREEBSD,NETBSD,OPENBSD,SOLARIS
 diff --git a/libxcrypt.spec.rpkg b/libxcrypt.spec.rpkg
-index 12216a6..dc3bd8e 100644
+index 8d3fd06..7e86b99 100644
 --- a/libxcrypt.spec.rpkg
 +++ b/libxcrypt.spec.rpkg
-@@ -173,7 +173,7 @@ Recommends:     mkpasswd
+@@ -170,7 +170,7 @@ Recommends:     mkpasswd
 %description
 libxcrypt is a modern library for one-way hashing of passwords.  It
 supports a wide variety of both modern and historical hashing methods:
@ -1140,29 +1151,6 @@ index 0000000..910a7dd
 +}
 +
 +#endif
-diff --git a/test/badsalt.c b/test/badsalt.c
-index 803b575..39e3529 100644
--- a/test/badsalt.c
-+++ b/test/badsalt.c
-@@ -155,6 +155,18 @@ static const struct testcase testcases[] =
-   { "*SHA-256 (rounds) invalid rounds 6",  32, "$5$rounds=0100$MJHnaAkegEVYHsFK$" },
-   { "*SHA-256 (rounds) invalid rounds 7",  38, "$5$rounds=4294967295$MJHnaAkegEVYHsFK$" },
- #endif
-+#if INCLUDE_sm3crypt
-+  { "SM3 (plain)",                     22, "$sm3$MJHnaAkegEVYHsFK$"             },
-+  { "*SM3 (plain) invalid char",       22, "$sm3$:JHnaAkegEVYHsFK$"             },
-+  { "SM3 (rounds)",                    34, "$sm3$rounds=1000$MJHnaAkegEVYHsFK$" },
-+  { "*SM3 (rounds) invalid rounds 1",  34, "$sm3$rounds=:000$MJHnaAkegEVYHsFK$" },
-+  { "*SM3 (rounds) invalid rounds 2",  34, "$sm3$rounds=100:$MJHnaAkegEVYHsFK$" },
-+  { "*SM3 (rounds) invalid rounds 3",  34, "$sm3$rounds:1000$MJHnaAkegEVYHsFK$" },
-+  { "*SM3 (rounds) invalid rounds 4",  30, "$sm3$rounds=$MJHnaAkegEVYHsFK$" },
-+  { "*SM3 (rounds) invalid rounds 5",  31, "$sm3$rounds=0$MJHnaAkegEVYHsFK$" },
-+  { "*SM3 (rounds) invalid rounds 6",  33, "$sm3$rounds=0100$MJHnaAkegEVYHsFK$" },
-+  { "*SM3 (rounds) invalid rounds 7",  40, "$sm3$rounds=4294967295$MJHnaAkegEVYHsFK$" },
-+#endif
- #if INCLUDE_sha512crypt
-   { "SHA-512 (plain)",                     20, "$6$MJHnaAkegEVYHsFK$"             },
-   { "*SHA-512 (plain) invalid char",       20, "$6$:JHnaAkegEVYHsFK$"             },
 diff --git a/test/badsetting.c b/test/badsetting.c
 index 4af151a..0cfc6c5 100644
 --- a/test/badsetting.c
@ -1184,12 +1172,12 @@ index 4af151a..0cfc6c5 100644
 #if INCLUDE_sha512crypt
   { "$6",  0,          0, 0 },  // truncated prefix
 diff --git a/test/checksalt.c b/test/checksalt.c
-index 7575dfd..dab255c 100644
+index e220bb3..f97296c 100644
 --- a/test/checksalt.c
 +++ b/test/checksalt.c
@@ -68,6 +68,11 @@ static const struct testcase testcases[] =
 #else
-   { "$5$",   CRYPT_SALT_INVALID, CRYPT_SALT_INVALID, CRYPT_SALT_INVALID },
+   { "$5$",   CRYPT_SALT_INVALID,       CRYPT_SALT_INVALID,       CRYPT_SALT_INVALID       },
 #endif
 +#if INCLUDE_sm3crypt
 +  { "$sm3$",   CRYPT_SALT_OK,      CRYPT_SALT_OK,      CRYPT_SALT_OK      },
@ -1197,13 +1185,13 @@ index 7575dfd..dab255c 100644
 +  { "$sm3$",   CRYPT_SALT_INVALID, CRYPT_SALT_INVALID, CRYPT_SALT_INVALID },
 +#endif
 #if INCLUDE_sha512crypt
-   { "$6$",   CRYPT_SALT_OK,      CRYPT_SALT_OK,      CRYPT_SALT_OK      },
+   { "$6$",   CRYPT_SALT_OK,            CRYPT_SALT_OK,            CRYPT_SALT_OK            },
 #else
 diff --git a/test/crypt-badargs.c b/test/crypt-badargs.c
-index 59c6690..658e85b 100644
+index 8b743f6..3d081b7 100644
 --- a/test/crypt-badargs.c
 +++ b/test/crypt-badargs.c
-@@ -51,6 +51,10 @@ static const char *settings[] =
+@@ -50,6 +50,10 @@ static const char *settings[] =
   "$5$MJHnaAkegEVYHsFK",
   "$5$rounds=10191$MJHnaAkegEVYHsFK",
 #endif
@ -1229,7 +1217,7 @@ index 9df2e9f..3e492e5 100644
   { "$6$", 7019, 1120211 },
 #endif
 diff --git a/test/gensalt.c b/test/gensalt.c
-index 2d590a9..6dbbaf6 100644
+index 834ccf5..e4c9624 100644
 --- a/test/gensalt.c
 +++ b/test/gensalt.c
@@ -140,6 +140,36 @@ static const char *const sha256_expected_output_h[] =
--- a/libxcrypt.spec
+++ b/libxcrypt.spec
@ -1,7 +1,7 @@
 %define  libdir /lib64
 Name:           libxcrypt
-Version:        4.4.17
-Release:        3
+Version:        4.4.26
+Release:        1
 Summary:        Extended crypt library for DES, MD5, Blowfish and others
 License:        LGPLv2+ and BSD and Public Domain
 URL:            https://github.com/besser82/%{name}
@ -9,6 +9,7 @@ Source0:        https://github.com/besser82/%{name}/archive/v%{version}.tar.gz

 Patch9000:      add-sm3-crypt-support.patch

+BuildRequires:  perl >= 5.14.0
 BuildRequires:  autoconf libtool fipscheck
 Obsoletes:      %{name}-common < %{version}-%{release}
 Provides:       %{name}-common%{?_isa} = %{version}-%{release} %{name}%{?_isa} = %{version}-%{release}
@ -100,6 +101,9 @@ make check


 %changelog
+* Thu Dec 30 2021 yixiangzhike <yixiangzhike007@163.com> - 4.4.26-1
+- update to 4.4.26
+
 * Tue Dec 28 2021 houmingyong<houmingyong@huawei.com> - 4.4.17-3
 - add sm3 DT test case

--- a/v4.4.17.tar.gz
+++ b/v4.4.17.tar.gz
--- a/v4.4.26.tar.gz
+++ b/v4.4.26.tar.gz