[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#771520: marked as done (unblock: libsodium/1.0.1-1)

Your message dated Tue, 17 Feb 2015 23:38:25 +0100
with message-id <956dd58fcde051d86488c21bc082111e@dogguy.org>
and subject line Re: Bug#771520: unblock: libsodium/1.0.1-1
has caused the Debian Bug report #771520,
regarding unblock: libsodium/1.0.1-1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
771520: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771520
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Hi Release Team,

Please consider unblocking libsodium/1.0.1-1 despite being a new,
bugfix only upstream release. Its changelog[1] says:
-- cut --
      * DLL_EXPORT was renamed SODIUM_DLL_EXPORT in order to avoid
        collisions with similar macros defined by other libraries.
      * sodium_bin2hex() is now constant-time.
      * crypto_secretbox_detached() now supports overlapping input and
        output regions.
      * NaCl's donna_c64 implementation of curve25519 was reading an
        extra byte past the end of the buffer containing the base point.
        This has been fixed.
-- cut --

The first one is not to clash with Wine and others. Constant time
function prevents an attacker to get a closer idea what the input was in
a normal use call. Third is to prevent memory corruptions if input and
output regions overlap. The last one is clearly a buffer over-read
security fix.
As libsodium is a network communication cryptography and signaturing
library, I think these fixes are a should have for Jessie.

Source diff is attached.

Thanks,
Laszlo/GCS

unblock libsodium/1.0.1-1

[1] https://github.com/jedisct1/libsodium/releases/tag/1.0.1

diff -Nur libsodium-1.0.0/src/libsodium/crypto_generichash/blake2/ref/blake2.h libsodium-1.0.1/src/libsodium/crypto_generichash/blake2/ref/blake2.h
--- libsodium-1.0.0/src/libsodium/crypto_generichash/blake2/ref/blake2.h	2014-09-30 18:35:31.000000000 +0000
+++ libsodium-1.0.1/src/libsodium/crypto_generichash/blake2/ref/blake2.h	2014-10-11 02:22:04.000000000 +0000
@@ -11,8 +11,8 @@
    this software. If not, see <http://creativecommons.org/publicdomain/zero/1.0/>.
 */
 
-#ifndef __BLAKE2_H__
-#define __BLAKE2_H__
+#ifndef blake2_H
+#define blake2_H
 
 #include <stddef.h>
 #include <stdint.h>
@@ -58,7 +58,7 @@
   };
 
 #pragma pack(push, 1)
-  typedef struct __blake2s_param
+  typedef struct blake2s_param_
   {
     uint8_t  digest_length; // 1
     uint8_t  key_length;    // 2
@@ -73,7 +73,7 @@
     uint8_t  personal[BLAKE2S_PERSONALBYTES];  // 32
   } blake2s_param;
 
-  ALIGN( 64 ) typedef struct __blake2s_state
+  ALIGN( 64 ) typedef struct blake2s_state_
   {
     uint32_t h[8];
     uint32_t t[2];
@@ -83,7 +83,7 @@
     uint8_t  last_node;
   } blake2s_state ;
 
-  typedef struct __blake2b_param
+  typedef struct blake2b_param_
   {
     uint8_t  digest_length; // 1
     uint8_t  key_length;    // 2
@@ -101,7 +101,7 @@
 #ifndef DEFINE_BLAKE2B_STATE
 typedef crypto_generichash_blake2b_state blake2b_state;
 #else
-  ALIGN( 64 ) typedef struct __blake2b_state
+  ALIGN( 64 ) typedef struct blake2b_state_
   {
     uint64_t h[8];
     uint64_t t[2];
@@ -112,7 +112,7 @@
   } blake2b_state;
 #endif
 
-  typedef struct __blake2sp_state
+  typedef struct blake2sp_state_
   {
     blake2s_state S[8][1];
     blake2s_state R[1];
@@ -120,7 +120,7 @@
     size_t  buflen;
   } blake2sp_state;
 
-  typedef struct __blake2bp_state
+  typedef struct blake2bp_state_
   {
     blake2b_state S[4][1];
     blake2b_state R[1];
diff -Nur libsodium-1.0.0/src/libsodium/crypto_generichash/blake2/ref/blake2-impl.h libsodium-1.0.1/src/libsodium/crypto_generichash/blake2/ref/blake2-impl.h
--- libsodium-1.0.0/src/libsodium/crypto_generichash/blake2/ref/blake2-impl.h	2014-09-30 18:35:31.000000000 +0000
+++ libsodium-1.0.1/src/libsodium/crypto_generichash/blake2/ref/blake2-impl.h	2014-10-11 02:22:04.000000000 +0000
@@ -11,8 +11,8 @@
    this software. If not, see <http://creativecommons.org/publicdomain/zero/1.0/>.
 */
 
-#ifndef __BLAKE2_IMPL_H__
-#define __BLAKE2_IMPL_H__
+#ifndef blake2_impl_H
+#define blake2_impl_H
 
 #include <stdint.h>
 #include <string.h>
diff -Nur libsodium-1.0.0/src/libsodium/crypto_onetimeauth/poly1305/donna/auth_poly1305_donna.c libsodium-1.0.1/src/libsodium/crypto_onetimeauth/poly1305/donna/auth_poly1305_donna.c
--- libsodium-1.0.0/src/libsodium/crypto_onetimeauth/poly1305/donna/auth_poly1305_donna.c	2014-09-30 18:35:31.000000000 +0000
+++ libsodium-1.0.1/src/libsodium/crypto_onetimeauth/poly1305/donna/auth_poly1305_donna.c	2014-10-11 02:22:04.000000000 +0000
@@ -96,10 +96,10 @@
 
 struct crypto_onetimeauth_poly1305_implementation
 crypto_onetimeauth_poly1305_donna_implementation = {
-    _SODIUM_C99(.implementation_name =) crypto_onetimeauth_poly1305_donna_implementation_name,
-    _SODIUM_C99(.onetimeauth =) crypto_onetimeauth_poly1305_donna,
-    _SODIUM_C99(.onetimeauth_verify =) crypto_onetimeauth_poly1305_donna_verify,
-    _SODIUM_C99(.onetimeauth_init =) crypto_onetimeauth_poly1305_donna_init,
-    _SODIUM_C99(.onetimeauth_update =) crypto_onetimeauth_poly1305_donna_update,
-    _SODIUM_C99(.onetimeauth_final =) crypto_onetimeauth_poly1305_donna_final
+    SODIUM_C99(.implementation_name =) crypto_onetimeauth_poly1305_donna_implementation_name,
+    SODIUM_C99(.onetimeauth =) crypto_onetimeauth_poly1305_donna,
+    SODIUM_C99(.onetimeauth_verify =) crypto_onetimeauth_poly1305_donna_verify,
+    SODIUM_C99(.onetimeauth_init =) crypto_onetimeauth_poly1305_donna_init,
+    SODIUM_C99(.onetimeauth_update =) crypto_onetimeauth_poly1305_donna_update,
+    SODIUM_C99(.onetimeauth_final =) crypto_onetimeauth_poly1305_donna_final
 };
diff -Nur libsodium-1.0.0/src/libsodium/crypto_onetimeauth/poly1305/donna/poly1305_donna.h libsodium-1.0.1/src/libsodium/crypto_onetimeauth/poly1305/donna/poly1305_donna.h
--- libsodium-1.0.0/src/libsodium/crypto_onetimeauth/poly1305/donna/poly1305_donna.h	2014-09-30 18:35:31.000000000 +0000
+++ libsodium-1.0.1/src/libsodium/crypto_onetimeauth/poly1305/donna/poly1305_donna.h	2014-10-11 02:22:04.000000000 +0000
@@ -1,5 +1,5 @@
-#ifndef __POLY1305_DONNA_H__
-#define __POLY1305_DONNA_H__
+#ifndef poly1305_donna_H
+#define poly1305_donna_H
 
 #include <stddef.h>
 
diff -Nur libsodium-1.0.0/src/libsodium/crypto_pwhash/scryptsalsa208sha256/crypto_scrypt-common.c libsodium-1.0.1/src/libsodium/crypto_pwhash/scryptsalsa208sha256/crypto_scrypt-common.c
--- libsodium-1.0.0/src/libsodium/crypto_pwhash/scryptsalsa208sha256/crypto_scrypt-common.c	2014-09-30 18:35:31.000000000 +0000
+++ libsodium-1.0.1/src/libsodium/crypto_pwhash/scryptsalsa208sha256/crypto_scrypt-common.c	2014-10-29 15:38:00.000000000 +0000
@@ -75,7 +75,7 @@
     const char *ptr = strchr(itoa64, src);
 
     if (ptr) {
-        *dst = ptr - itoa64;
+        *dst = (uint32_t) (ptr - itoa64);
         return 0;
     }
     *dst = 0;
diff -Nur libsodium-1.0.0/src/libsodium/crypto_pwhash/scryptsalsa208sha256/crypto_scrypt.h libsodium-1.0.1/src/libsodium/crypto_pwhash/scryptsalsa208sha256/crypto_scrypt.h
--- libsodium-1.0.0/src/libsodium/crypto_pwhash/scryptsalsa208sha256/crypto_scrypt.h	2014-09-30 18:35:31.000000000 +0000
+++ libsodium-1.0.1/src/libsodium/crypto_pwhash/scryptsalsa208sha256/crypto_scrypt.h	2014-10-11 02:22:04.000000000 +0000
@@ -27,8 +27,8 @@
  * This file was originally written by Colin Percival as part of the Tarsnap
  * online backup system.
  */
-#ifndef _CRYPTO_SCRYPT_H_
-#define _CRYPTO_SCRYPT_H_
+#ifndef crypto_scrypt_H
+#define crypto_scrypt_H
 
 #include <stdint.h>
 
diff -Nur libsodium-1.0.0/src/libsodium/crypto_pwhash/scryptsalsa208sha256/pbkdf2-sha256.h libsodium-1.0.1/src/libsodium/crypto_pwhash/scryptsalsa208sha256/pbkdf2-sha256.h
--- libsodium-1.0.0/src/libsodium/crypto_pwhash/scryptsalsa208sha256/pbkdf2-sha256.h	2014-09-30 18:35:31.000000000 +0000
+++ libsodium-1.0.1/src/libsodium/crypto_pwhash/scryptsalsa208sha256/pbkdf2-sha256.h	2014-10-11 02:22:04.000000000 +0000
@@ -25,8 +25,8 @@
  *
  */
 
-#ifndef _SHA256_H_
-#define _SHA256_H_
+#ifndef pbkdf2_sha256_H
+#define pbkdf2_sha256_H
 
 #include <sys/types.h>
 
diff -Nur libsodium-1.0.0/src/libsodium/crypto_pwhash/scryptsalsa208sha256/pwhash_scryptsalsa208sha256.c libsodium-1.0.1/src/libsodium/crypto_pwhash/scryptsalsa208sha256/pwhash_scryptsalsa208sha256.c
--- libsodium-1.0.0/src/libsodium/crypto_pwhash/scryptsalsa208sha256/pwhash_scryptsalsa208sha256.c	2014-09-30 18:35:31.000000000 +0000
+++ libsodium-1.0.1/src/libsodium/crypto_pwhash/scryptsalsa208sha256/pwhash_scryptsalsa208sha256.c	2014-11-20 21:24:16.000000000 +0000
@@ -34,7 +34,7 @@
             }
         }
     } else {
-        maxN = memlimit / (*r * 128);
+        maxN = memlimit / ((size_t) *r * 128);
         for (*N_log2 = 1; *N_log2 < 63; *N_log2 += 1) {
             if ((uint64_t) (1) << *N_log2 > maxN / 2) {
                 break;
diff -Nur libsodium-1.0.0/src/libsodium/crypto_pwhash/scryptsalsa208sha256/sse/pwhash_scryptsalsa208sha256_sse.c libsodium-1.0.1/src/libsodium/crypto_pwhash/scryptsalsa208sha256/sse/pwhash_scryptsalsa208sha256_sse.c
--- libsodium-1.0.0/src/libsodium/crypto_pwhash/scryptsalsa208sha256/sse/pwhash_scryptsalsa208sha256_sse.c	2014-09-30 18:35:31.000000000 +0000
+++ libsodium-1.0.1/src/libsodium/crypto_pwhash/scryptsalsa208sha256/sse/pwhash_scryptsalsa208sha256_sse.c	2014-10-29 15:38:00.000000000 +0000
@@ -379,7 +379,7 @@
 	/* 2: for i = 0 to p - 1 do */
 	for (i = 0; i < p; i++) {
 		/* 3: B_i <-- MF(B_i, N) */
-		smix(&B[(size_t)128 * i * r], r, N, V, XY);
+		smix(&B[(size_t)128 * i * r], r, (uint32_t) N, V, XY);
 	}
 
 	/* 5: DK <-- PBKDF2(P, B, 1, dkLen) */
diff -Nur libsodium-1.0.0/src/libsodium/crypto_pwhash/scryptsalsa208sha256/sysendian.h libsodium-1.0.1/src/libsodium/crypto_pwhash/scryptsalsa208sha256/sysendian.h
--- libsodium-1.0.0/src/libsodium/crypto_pwhash/scryptsalsa208sha256/sysendian.h	2014-09-30 18:35:31.000000000 +0000
+++ libsodium-1.0.1/src/libsodium/crypto_pwhash/scryptsalsa208sha256/sysendian.h	2014-10-11 02:22:04.000000000 +0000
@@ -1,5 +1,5 @@
-#ifndef _SYSENDIAN_H_
-#define _SYSENDIAN_H_
+#ifndef sysendian_H
+#define sysendian_H
 
 #include <stdint.h>
 
diff -Nur libsodium-1.0.0/src/libsodium/crypto_scalarmult/curve25519/donna_c64/smult_curve25519_donna_c64.c libsodium-1.0.1/src/libsodium/crypto_scalarmult/curve25519/donna_c64/smult_curve25519_donna_c64.c
--- libsodium-1.0.0/src/libsodium/crypto_scalarmult/curve25519/donna_c64/smult_curve25519_donna_c64.c	2014-09-30 18:35:31.000000000 +0000
+++ libsodium-1.0.1/src/libsodium/crypto_scalarmult/curve25519/donna_c64/smult_curve25519_donna_c64.c	2014-11-20 19:48:54.000000000 +0000
@@ -36,10 +36,10 @@
 typedef unsigned uint128_t __attribute__((mode(TI)));
 
 #undef force_inline
-#define force_inline inline __attribute__((always_inline))
+#define force_inline __attribute__((always_inline))
 
 /* Sum two numbers: output += in */
-static force_inline void
+static inline void force_inline
 fsum(limb *output, const limb *in) {
   output[0] += in[0];
   output[1] += in[1];
@@ -54,7 +54,7 @@
  * Assumes that out[i] < 2**52
  * On return, out[i] < 2**55
  */
-static force_inline void
+static inline void force_inline
 fdifference_backwards(felem out, const felem in) {
   /* 152 is 19 << 3 */
   static const limb two54m152 = (((limb)1) << 54) - 152;
@@ -68,7 +68,7 @@
 }
 
 /* Multiply a number by a scalar: output = in * scalar */
-static force_inline void
+static inline void force_inline
 fscalar_product(felem output, const felem in, const limb scalar) {
   uint128_t a;
 
@@ -98,7 +98,7 @@
  * Assumes that in[i] < 2**55 and likewise for in2.
  * On return, output[i] < 2**52
  */
-static force_inline void
+static inline void force_inline
 fmul(felem output, const felem in2, const felem in) {
   uint128_t t[5];
   limb r0,r1,r2,r3,r4,s0,s1,s2,s3,s4,c;
@@ -147,7 +147,7 @@
   output[4] = r4;
 }
 
-static force_inline void
+static inline void force_inline
 fsquare_times(felem output, const felem in, limb count) {
   uint128_t t[5];
   limb r0,r1,r2,r3,r4,c;
@@ -190,43 +190,43 @@
 }
 
 #if !defined(CPU_ALIGNED_ACCESS_REQUIRED) && defined(NATIVE_LITTLE_ENDIAN)
-# define U8TO64(p)    (*((const uint64_t *) (p)))
-# define U64TO8(p, v) (*((uint64_t *) (p)) = (v))
+# define load_limb(p)     (*((const limb *) (p)))
+# define store_limb(p, v) (*((limb *) (p)) = (v))
 #else
-static force_inline uint64_t
-U8TO64(const unsigned char *p) {
-    return
-        (((uint64_t)(p[0] & 0xff)      ) |
-         ((uint64_t)(p[1] & 0xff) <<  8) |
-         ((uint64_t)(p[2] & 0xff) << 16) |
-         ((uint64_t)(p[3] & 0xff) << 24) |
-         ((uint64_t)(p[4] & 0xff) << 32) |
-         ((uint64_t)(p[5] & 0xff) << 40) |
-         ((uint64_t)(p[6] & 0xff) << 48) |
-         ((uint64_t)(p[7] & 0xff) << 56));
-}
-
-static force_inline void
-U64TO8(unsigned char *p, uint64_t v) {
-    p[0] = (v      ) & 0xff;
-    p[1] = (v >>  8) & 0xff;
-    p[2] = (v >> 16) & 0xff;
-    p[3] = (v >> 24) & 0xff;
-    p[4] = (v >> 32) & 0xff;
-    p[5] = (v >> 40) & 0xff;
-    p[6] = (v >> 48) & 0xff;
-    p[7] = (v >> 56) & 0xff;
+static inline limb force_inline
+load_limb(const u8 *in) {
+  return
+    ((limb)in[0]) |
+    (((limb)in[1]) << 8) |
+    (((limb)in[2]) << 16) |
+    (((limb)in[3]) << 24) |
+    (((limb)in[4]) << 32) |
+    (((limb)in[5]) << 40) |
+    (((limb)in[6]) << 48) |
+    (((limb)in[7]) << 56);
+}
+
+static inline void force_inline
+store_limb(u8 *out, limb in) {
+  out[0] = in & 0xff;
+  out[1] = (in >> 8) & 0xff;
+  out[2] = (in >> 16) & 0xff;
+  out[3] = (in >> 24) & 0xff;
+  out[4] = (in >> 32) & 0xff;
+  out[5] = (in >> 40) & 0xff;
+  out[6] = (in >> 48) & 0xff;
+  out[7] = (in >> 56) & 0xff;
 }
 #endif
 
 /* Take a little-endian, 32-byte number and expand it into polynomial form */
 static void
 fexpand(limb *output, const u8 *in) {
-  output[0] = U8TO64(in) & 0x7ffffffffffff;
-  output[1] = (U8TO64(in+6) >> 3) & 0x7ffffffffffff;
-  output[2] = (U8TO64(in+12) >> 6) & 0x7ffffffffffff;
-  output[3] = (U8TO64(in+19) >> 1) & 0x7ffffffffffff;
-  output[4] = (U8TO64(in+25) >> 4) & 0x7ffffffffffff;
+  output[0] = load_limb(in) & 0x7ffffffffffff;
+  output[1] = (load_limb(in+6) >> 3) & 0x7ffffffffffff;
+  output[2] = (load_limb(in+12) >> 6) & 0x7ffffffffffff;
+  output[3] = (load_limb(in+19) >> 1) & 0x7ffffffffffff;
+  output[4] = (load_limb(in+24) >> 12) & 0x7ffffffffffff;
 }
 
 /* Take a fully reduced polynomial form number and contract it into a
@@ -281,10 +281,10 @@
   t[4] += t[3] >> 51; t[3] &= 0x7ffffffffffff;
   t[4] &= 0x7ffffffffffff;
 
-  U64TO8(output, t[0] | (t[1] << 51));
-  U64TO8(output + 8, (t[1] >> 13) | (t[2] << 38));
-  U64TO8(output + 16, (t[2] >> 26) | (t[3] << 25));
-  U64TO8(output + 24, (t[3] >> 39) | (t[4] << 12));
+  store_limb(output, t[0] | (t[1] << 51));
+  store_limb(output + 8, (t[1] >> 13) | (t[2] << 38));
+  store_limb(output + 16, (t[2] >> 26) | (t[3] << 25));
+  store_limb(output + 24, (t[3] >> 39) | (t[4] << 12));
 }
 
 /* Input: Q, Q', Q-Q'
diff -Nur libsodium-1.0.0/src/libsodium/crypto_secretbox/crypto_secretbox_easy.c libsodium-1.0.1/src/libsodium/crypto_secretbox/crypto_secretbox_easy.c
--- libsodium-1.0.0/src/libsodium/crypto_secretbox/crypto_secretbox_easy.c	2014-09-30 18:35:31.000000000 +0000
+++ libsodium-1.0.1/src/libsodium/crypto_secretbox/crypto_secretbox_easy.c	2014-10-11 02:22:04.000000000 +0000
@@ -29,6 +29,10 @@
 
     crypto_core_hsalsa20(subkey, n, k, sigma);
 
+    if (c - m < mlen || c - m > -mlen) {
+        memmove(c, m, mlen);
+        m = c;
+    }
     memset(block0, 0U, crypto_secretbox_ZEROBYTES);
     (void) sizeof(int[64U >= crypto_secretbox_ZEROBYTES ? 1 : -1]);
     mlen0 = mlen;
@@ -91,6 +95,10 @@
         sodium_memzero(subkey, sizeof subkey);
         return -1;
     }
+    if (m - c < clen || m - c > -clen) {
+        memmove(m, c, clen);
+        c = m;
+    }
     mlen0 = clen;
     if (mlen0 > 64U - crypto_secretbox_ZEROBYTES) {
         mlen0 = 64U - crypto_secretbox_ZEROBYTES;
diff -Nur libsodium-1.0.0/src/libsodium/crypto_sign/ed25519/description libsodium-1.0.1/src/libsodium/crypto_sign/ed25519/description
--- libsodium-1.0.0/src/libsodium/crypto_sign/ed25519/description	2014-09-30 18:35:31.000000000 +0000
+++ libsodium-1.0.1/src/libsodium/crypto_sign/ed25519/description	1970-01-01 00:00:00.000000000 +0000
@@ -1 +0,0 @@
-EdDSA signatures using Curve25519
diff -Nur libsodium-1.0.0/src/libsodium/crypto_sign/ed25519/ref10/fe_frombytes.c libsodium-1.0.1/src/libsodium/crypto_sign/ed25519/ref10/fe_frombytes.c
--- libsodium-1.0.0/src/libsodium/crypto_sign/ed25519/ref10/fe_frombytes.c	2014-09-30 18:35:31.000000000 +0000
+++ libsodium-1.0.1/src/libsodium/crypto_sign/ed25519/ref10/fe_frombytes.c	2014-10-29 15:38:00.000000000 +0000
@@ -60,14 +60,14 @@
   carry6 = (h6 + (crypto_int64) (1<<25)) >> 26; h7 += carry6; h6 -= carry6 << 26;
   carry8 = (h8 + (crypto_int64) (1<<25)) >> 26; h9 += carry8; h8 -= carry8 << 26;
 
-  h[0] = h0;
-  h[1] = h1;
-  h[2] = h2;
-  h[3] = h3;
-  h[4] = h4;
-  h[5] = h5;
-  h[6] = h6;
-  h[7] = h7;
-  h[8] = h8;
-  h[9] = h9;
+  h[0] = (crypto_int32) h0;
+  h[1] = (crypto_int32) h1;
+  h[2] = (crypto_int32) h2;
+  h[3] = (crypto_int32) h3;
+  h[4] = (crypto_int32) h4;
+  h[5] = (crypto_int32) h5;
+  h[6] = (crypto_int32) h6;
+  h[7] = (crypto_int32) h7;
+  h[8] = (crypto_int32) h8;
+  h[9] = (crypto_int32) h9;
 }
diff -Nur libsodium-1.0.0/src/libsodium/crypto_sign/ed25519/ref10/fe_mul.c libsodium-1.0.1/src/libsodium/crypto_sign/ed25519/ref10/fe_mul.c
--- libsodium-1.0.0/src/libsodium/crypto_sign/ed25519/ref10/fe_mul.c	2014-09-30 18:35:31.000000000 +0000
+++ libsodium-1.0.1/src/libsodium/crypto_sign/ed25519/ref10/fe_mul.c	2014-10-29 15:38:00.000000000 +0000
@@ -240,14 +240,14 @@
   /* |h0| <= 2^25; from now on fits into int32 unchanged */
   /* |h1| <= 1.01*2^24 */
 
-  h[0] = h0;
-  h[1] = h1;
-  h[2] = h2;
-  h[3] = h3;
-  h[4] = h4;
-  h[5] = h5;
-  h[6] = h6;
-  h[7] = h7;
-  h[8] = h8;
-  h[9] = h9;
+  h[0] = (crypto_int32) h0;
+  h[1] = (crypto_int32) h1;
+  h[2] = (crypto_int32) h2;
+  h[3] = (crypto_int32) h3;
+  h[4] = (crypto_int32) h4;
+  h[5] = (crypto_int32) h5;
+  h[6] = (crypto_int32) h6;
+  h[7] = (crypto_int32) h7;
+  h[8] = (crypto_int32) h8;
+  h[9] = (crypto_int32) h9;
 }
diff -Nur libsodium-1.0.0/src/libsodium/crypto_sign/ed25519/ref10/fe_sq2.c libsodium-1.0.1/src/libsodium/crypto_sign/ed25519/ref10/fe_sq2.c
--- libsodium-1.0.0/src/libsodium/crypto_sign/ed25519/ref10/fe_sq2.c	2014-09-30 18:35:31.000000000 +0000
+++ libsodium-1.0.1/src/libsodium/crypto_sign/ed25519/ref10/fe_sq2.c	2014-10-29 15:38:00.000000000 +0000
@@ -147,14 +147,14 @@
 
   carry0 = (h0 + (crypto_int64) (1<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26;
 
-  h[0] = h0;
-  h[1] = h1;
-  h[2] = h2;
-  h[3] = h3;
-  h[4] = h4;
-  h[5] = h5;
-  h[6] = h6;
-  h[7] = h7;
-  h[8] = h8;
-  h[9] = h9;
+  h[0] = (crypto_int32) h0;
+  h[1] = (crypto_int32) h1;
+  h[2] = (crypto_int32) h2;
+  h[3] = (crypto_int32) h3;
+  h[4] = (crypto_int32) h4;
+  h[5] = (crypto_int32) h5;
+  h[6] = (crypto_int32) h6;
+  h[7] = (crypto_int32) h7;
+  h[8] = (crypto_int32) h8;
+  h[9] = (crypto_int32) h9;
 }
diff -Nur libsodium-1.0.0/src/libsodium/crypto_sign/ed25519/ref10/fe_sq.c libsodium-1.0.1/src/libsodium/crypto_sign/ed25519/ref10/fe_sq.c
--- libsodium-1.0.0/src/libsodium/crypto_sign/ed25519/ref10/fe_sq.c	2014-09-30 18:35:31.000000000 +0000
+++ libsodium-1.0.1/src/libsodium/crypto_sign/ed25519/ref10/fe_sq.c	2014-10-29 15:38:00.000000000 +0000
@@ -136,14 +136,14 @@
 
   carry0 = (h0 + (crypto_int64) (1<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26;
 
-  h[0] = h0;
-  h[1] = h1;
-  h[2] = h2;
-  h[3] = h3;
-  h[4] = h4;
-  h[5] = h5;
-  h[6] = h6;
-  h[7] = h7;
-  h[8] = h8;
-  h[9] = h9;
+  h[0] = (crypto_int32) h0;
+  h[1] = (crypto_int32) h1;
+  h[2] = (crypto_int32) h2;
+  h[3] = (crypto_int32) h3;
+  h[4] = (crypto_int32) h4;
+  h[5] = (crypto_int32) h5;
+  h[6] = (crypto_int32) h6;
+  h[7] = (crypto_int32) h7;
+  h[8] = (crypto_int32) h8;
+  h[9] = (crypto_int32) h9;
 }
diff -Nur libsodium-1.0.0/src/libsodium/include/sodium/core.h libsodium-1.0.1/src/libsodium/include/sodium/core.h
--- libsodium-1.0.0/src/libsodium/include/sodium/core.h	2014-09-30 18:35:31.000000000 +0000
+++ libsodium-1.0.1/src/libsodium/include/sodium/core.h	2014-10-11 02:22:04.000000000 +0000
@@ -1,6 +1,6 @@
 
-#ifndef __SODIUM_CORE_H__
-#define __SODIUM_CORE_H__
+#ifndef sodium_core_H
+#define sodium_core_H
 
 #include "export.h"
 
diff -Nur libsodium-1.0.0/src/libsodium/include/sodium/export.h libsodium-1.0.1/src/libsodium/include/sodium/export.h
--- libsodium-1.0.0/src/libsodium/include/sodium/export.h	2014-09-30 18:35:31.000000000 +0000
+++ libsodium-1.0.1/src/libsodium/include/sodium/export.h	2014-10-13 19:34:35.000000000 +0000
@@ -1,6 +1,6 @@
 
-#ifndef __SODIUM_EXPORT_H__
-#define __SODIUM_EXPORT_H__
+#ifndef sodium_export_H
+#define sodium_export_H
 
 #ifndef __GNUC__
 # ifdef __attribute__
@@ -13,7 +13,7 @@
 # define SODIUM_EXPORT
 #else
 # if defined(_MSC_VER)
-#  ifdef DLL_EXPORT
+#  ifdef SODIUM_DLL_EXPORT
 #   define SODIUM_EXPORT __declspec(dllexport)
 #  else
 #   define SODIUM_EXPORT __declspec(dllimport)
diff -Nur libsodium-1.0.0/src/libsodium/include/sodium/runtime.h libsodium-1.0.1/src/libsodium/include/sodium/runtime.h
--- libsodium-1.0.0/src/libsodium/include/sodium/runtime.h	2014-09-30 18:35:31.000000000 +0000
+++ libsodium-1.0.1/src/libsodium/include/sodium/runtime.h	2014-10-11 02:22:04.000000000 +0000
@@ -1,6 +1,6 @@
 
-#ifndef __SODIUM_RUNTIME_H__
-#define __SODIUM_RUNTIME_H__ 1
+#ifndef sodium_runtime_H
+#define sodium_runtime_H
 
 #include "export.h"
 
diff -Nur libsodium-1.0.0/src/libsodium/include/sodium/utils.h libsodium-1.0.1/src/libsodium/include/sodium/utils.h
--- libsodium-1.0.0/src/libsodium/include/sodium/utils.h	2014-09-30 18:35:31.000000000 +0000
+++ libsodium-1.0.1/src/libsodium/include/sodium/utils.h	2014-10-11 02:22:04.000000000 +0000
@@ -1,6 +1,6 @@
 
-#ifndef __SODIUM_UTILS_H__
-#define __SODIUM_UTILS_H__
+#ifndef sodium_utils_H
+#define sodium_utils_H
 
 #include <stddef.h>
 
@@ -11,9 +11,9 @@
 #endif
 
 #if defined(__cplusplus) || !defined(__STDC_VERSION__) || __STDC_VERSION__ < 199901L
-# define _SODIUM_C99(X)
+# define SODIUM_C99(X)
 #else
-# define _SODIUM_C99(X) X
+# define SODIUM_C99(X) X
 #endif
 
 SODIUM_EXPORT
diff -Nur libsodium-1.0.0/src/libsodium/include/sodium/version.h.in libsodium-1.0.1/src/libsodium/include/sodium/version.h.in
--- libsodium-1.0.0/src/libsodium/include/sodium/version.h.in	2014-09-30 18:35:31.000000000 +0000
+++ libsodium-1.0.1/src/libsodium/include/sodium/version.h.in	2014-10-11 02:22:04.000000000 +0000
@@ -1,6 +1,6 @@
 
-#ifndef __SODIUM_VERSION_H__
-#define __SODIUM_VERSION_H__
+#ifndef sodium_version_H
+#define sodium_version_H
 
 #include "export.h"
 
diff -Nur libsodium-1.0.0/src/libsodium/include/sodium.h libsodium-1.0.1/src/libsodium/include/sodium.h
--- libsodium-1.0.0/src/libsodium/include/sodium.h	2014-09-30 18:35:31.000000000 +0000
+++ libsodium-1.0.1/src/libsodium/include/sodium.h	2014-10-11 02:22:04.000000000 +0000
@@ -1,6 +1,6 @@
 
-#ifndef __SODIUM_H__
-#define __SODIUM_H__
+#ifndef sodium_H
+#define sodium_H
 
 #include <sodium/core.h>
 #include <sodium/crypto_aead_chacha20poly1305.h>
diff -Nur libsodium-1.0.0/src/libsodium/randombytes/salsa20/randombytes_salsa20_random.c libsodium-1.0.1/src/libsodium/randombytes/salsa20/randombytes_salsa20_random.c
--- libsodium-1.0.0/src/libsodium/randombytes/salsa20/randombytes_salsa20_random.c	2014-09-30 18:35:31.000000000 +0000
+++ libsodium-1.0.1/src/libsodium/randombytes/salsa20/randombytes_salsa20_random.c	2014-10-11 02:22:04.000000000 +0000
@@ -52,9 +52,9 @@
 } Salsa20Random;
 
 static Salsa20Random stream = {
-    _SODIUM_C99(.random_data_source_fd =) -1,
-    _SODIUM_C99(.rnd32_outleft =) (size_t) 0U,
-    _SODIUM_C99(.initialized =) 0
+    SODIUM_C99(.random_data_source_fd =) -1,
+    SODIUM_C99(.rnd32_outleft =) (size_t) 0U,
+    SODIUM_C99(.initialized =) 0
 };
 
 static uint64_t
@@ -335,10 +335,10 @@
 }
 
 struct randombytes_implementation randombytes_salsa20_implementation = {
-    _SODIUM_C99(.implementation_name =) randombytes_salsa20_implementation_name,
-    _SODIUM_C99(.random =) randombytes_salsa20_random,
-    _SODIUM_C99(.stir =) randombytes_salsa20_random_stir,
-    _SODIUM_C99(.uniform =) randombytes_salsa20_random_uniform,
-    _SODIUM_C99(.buf =) randombytes_salsa20_random_buf,
-    _SODIUM_C99(.close =) randombytes_salsa20_random_close
+    SODIUM_C99(.implementation_name =) randombytes_salsa20_implementation_name,
+    SODIUM_C99(.random =) randombytes_salsa20_random,
+    SODIUM_C99(.stir =) randombytes_salsa20_random_stir,
+    SODIUM_C99(.uniform =) randombytes_salsa20_random_uniform,
+    SODIUM_C99(.buf =) randombytes_salsa20_random_buf,
+    SODIUM_C99(.close =) randombytes_salsa20_random_close
 };
diff -Nur libsodium-1.0.0/src/libsodium/randombytes/sysrandom/randombytes_sysrandom.c libsodium-1.0.1/src/libsodium/randombytes/sysrandom/randombytes_sysrandom.c
--- libsodium-1.0.0/src/libsodium/randombytes/sysrandom/randombytes_sysrandom.c	2014-09-30 18:35:31.000000000 +0000
+++ libsodium-1.0.1/src/libsodium/randombytes/sysrandom/randombytes_sysrandom.c	2014-11-20 21:22:45.000000000 +0000
@@ -69,8 +69,8 @@
 } SysRandom;
 
 static SysRandom stream = {
-    _SODIUM_C99(.random_data_source_fd =) -1,
-    _SODIUM_C99(.initialized =) 0
+    SODIUM_C99(.random_data_source_fd =) -1,
+    SODIUM_C99(.initialized =) 0
 };
 
 #ifndef _WIN32
@@ -208,7 +208,7 @@
         abort(); /* LCOV_EXCL_LINE */
     }
 #else
-    if (size > 0xffffffff) {
+    if (size > (size_t) 0xffffffff) {
         abort(); /* LCOV_EXCL_LINE */
     }
     if (! RtlGenRandom((PVOID) buf, (ULONG) size)) {
@@ -250,10 +250,10 @@
 }
 
 struct randombytes_implementation randombytes_sysrandom_implementation = {
-    _SODIUM_C99(.implementation_name =) randombytes_sysrandom_implementation_name,
-    _SODIUM_C99(.random =) randombytes_sysrandom,
-    _SODIUM_C99(.stir =) randombytes_sysrandom_stir,
-    _SODIUM_C99(.uniform =) randombytes_sysrandom_uniform,
-    _SODIUM_C99(.buf =) randombytes_sysrandom_buf,
-    _SODIUM_C99(.close =) randombytes_sysrandom_close
+    SODIUM_C99(.implementation_name =) randombytes_sysrandom_implementation_name,
+    SODIUM_C99(.random =) randombytes_sysrandom,
+    SODIUM_C99(.stir =) randombytes_sysrandom_stir,
+    SODIUM_C99(.uniform =) randombytes_sysrandom_uniform,
+    SODIUM_C99(.buf =) randombytes_sysrandom_buf,
+    SODIUM_C99(.close =) randombytes_sysrandom_close
 };
diff -Nur libsodium-1.0.0/src/libsodium/sodium/utils.c libsodium-1.0.1/src/libsodium/sodium/utils.c
--- libsodium-1.0.0/src/libsodium/sodium/utils.c	2014-09-30 18:35:31.000000000 +0000
+++ libsodium-1.0.1/src/libsodium/sodium/utils.c	2014-11-20 21:22:17.000000000 +0000
@@ -47,7 +47,7 @@
 
 #ifdef HAVE_WEAK_SYMBOLS
 __attribute__((weak)) void
-__sodium_dummy_symbol_to_prevent_lto(void * const pnt, const size_t len)
+_sodium_dummy_symbol_to_prevent_lto(void * const pnt, const size_t len)
 {
     (void) pnt;
     (void) len;
@@ -67,7 +67,7 @@
     explicit_bzero(pnt, len);
 #elif HAVE_WEAK_SYMBOLS
     memset(pnt, 0, len);
-    __sodium_dummy_symbol_to_prevent_lto(pnt, len);
+    _sodium_dummy_symbol_to_prevent_lto(pnt, len);
 #else
     volatile unsigned char *pnt_ = (volatile unsigned char *) pnt;
     size_t                     i = (size_t) 0U;
@@ -92,26 +92,30 @@
     return (int) ((1 & ((d - 1) >> 8)) - 1);
 }
 
+/* Derived from original code by CodesInChaos */
 char *
 sodium_bin2hex(char * const hex, const size_t hex_maxlen,
                const unsigned char * const bin, const size_t bin_len)
 {
-    static const char hexdigits[16] = {
-        '0', '1', '2', '3', '4', '5', '6', '7',
-        '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'
-    };
-    size_t            i = (size_t) 0U;
-    size_t            j = (size_t) 0U;
+    size_t       i = (size_t) 0U;
+    unsigned int x;
+    int          b;
+    int          c;
 
     if (bin_len >= SIZE_MAX / 2 || hex_maxlen < bin_len * 2U) {
         abort(); /* LCOV_EXCL_LINE */
     }
     while (i < bin_len) {
-        hex[j++] = hexdigits[bin[i] >> 4];
-        hex[j++] = hexdigits[bin[i] & 0xf];
+        c = bin[i] & 0xf;
+        b = bin[i] >> 4;
+        x = (unsigned char) (87 + c + (((c - 10) >> 31) & -39)) << 8 |
+            (unsigned char) (87 + b + (((b - 10) >> 31) & -39));
+        hex[i * 2U] = (char) x;
+        x >>= 8;
+        hex[i * 2U + 1U] = (char) x;
         i++;
     }
-    hex[j] = 0;
+    hex[i * 2U] = 0;
 
     return hex;
 }
@@ -350,12 +354,11 @@
     unsigned char *base_ptr;
     unsigned char *canary_ptr;
     unsigned char *unprotected_ptr;
-    size_t         page_mask;
     size_t         size_with_canary;
     size_t         total_size;
     size_t         unprotected_size;
 
-    if (size >= SIZE_MAX - page_size * 4U) {
+    if (size >= (size_t) SIZE_MAX - page_size * 4U) {
         errno = ENOMEM;
         return NULL;
     }
@@ -375,7 +378,6 @@
 #endif
     _mprotect_noaccess(unprotected_ptr + unprotected_size, page_size);
     sodium_mlock(unprotected_ptr, unprotected_size);
-    page_mask = page_size - 1U;
     canary_ptr = unprotected_ptr + _page_round(size_with_canary) -
         size_with_canary;
     user_ptr = canary_ptr + sizeof canary;
@@ -405,7 +407,7 @@
 {
     size_t total_size;
 
-    if (size >= SIZE_MAX / count) {
+    if (size >= (size_t) SIZE_MAX / count) {
         errno = ENOMEM;
         return NULL;
     }

Attachment: signature.asc
Description: This is a digitally signed message part


--- End Message ---
--- Begin Message --- 
Le 2014-12-17 21:03, Jonathan Wiltshire a écrit :


This isn't really a good fit for this stage in the process; I realise
you've been waiting a while but that's probably a reflection on the size of 
the diff.
Unless you can persuade me that any of it is RC, I'm minded to decline this 
one.


Nothing happened. Closing. Feel free to re-open if needed.

Regards,

--
Mehdi

--- End Message ---
Reply to: