diff --git a/add-sm3-crypt-support.patch b/add-sm3-crypt-support.patch index fee7698ca51992793df937af2666e914184d0ce9..a1f90f37f2a403114b98c2e007c949f96cc8ed27 100644 --- a/add-sm3-crypt-support.patch +++ b/add-sm3-crypt-support.patch @@ -1,44 +1,43 @@ -From 8355e6e90c12051e0f44857db71d40aef00f9af9 Mon Sep 17 00:00:00 2001 +From cd29b303d2590b8377cb2a38539efdf838e8c59c Mon Sep 17 00:00:00 2001 From: houmingyong -Date: Mon, 27 Dec 2021 16:01:26 +0800 +Date: Mon, 20 Dec 2021 16:19:09 +0800 Subject: [PATCH] add sm3 crypt support --- Makefile.am | 7 + README.md | 4 +- doc/crypt.5 | 8 + - lib/alg-sm3.c | 408 +++++++++++++++++++++++++++++++++++++++ + lib/alg-sm3.c | 419 +++++++++++++++++++++++++++++++++++++++ lib/alg-sm3.h | 62 ++++++ lib/crypt-port.h | 9 +- - lib/crypt-sm3.c | 357 ++++++++++++++++++++++++++++++++++ + lib/crypt-sm3.c | 358 +++++++++++++++++++++++++++++++++ lib/hashes.conf | 1 + libxcrypt.spec.rpkg | 2 +- test/alg-sm3.c | 124 ++++++++++++ - test/badsalt.c | 12 ++ test/badsetting.c | 9 + test/checksalt.c | 5 + test/crypt-badargs.c | 4 + test/gensalt-extradata.c | 3 + test/gensalt.c | 38 +++- - 16 files changed, 1048 insertions(+), 5 deletions(-) + 15 files changed, 1048 insertions(+), 5 deletions(-) create mode 100644 lib/alg-sm3.c create mode 100644 lib/alg-sm3.h create mode 100644 lib/crypt-sm3.c create mode 100644 test/alg-sm3.c diff --git a/Makefile.am b/Makefile.am -index 430115a..936e0c1 100644 +index c1f91d4..571473f 100644 --- a/Makefile.am +++ b/Makefile.am -@@ -74,6 +74,7 @@ noinst_HEADERS = \ +@@ -79,6 +79,7 @@ noinst_HEADERS = \ lib/alg-md5.h \ lib/alg-sha1.h \ lib/alg-sha256.h \ + lib/alg-sm3.h \ lib/alg-sha512.h \ - lib/alg-yescrypt-sysendian.h \ lib/alg-yescrypt.h \ -@@ -106,6 +107,7 @@ libcrypt_la_SOURCES = \ + lib/byteorder.h \ +@@ -107,6 +108,7 @@ libcrypt_la_SOURCES = \ lib/alg-md5.c \ lib/alg-sha1.c \ lib/alg-sha256.c \ @@ -46,7 +45,7 @@ index 430115a..936e0c1 100644 lib/alg-sha512.c \ lib/alg-yescrypt-common.c \ lib/alg-yescrypt-opt.c \ -@@ -120,6 +122,7 @@ libcrypt_la_SOURCES = \ +@@ -119,6 +121,7 @@ libcrypt_la_SOURCES = \ lib/crypt-pbkdf1-sha1.c \ lib/crypt-scrypt.c \ lib/crypt-sha256.c \ @@ -54,7 +53,7 @@ index 430115a..936e0c1 100644 lib/crypt-sha512.c \ lib/crypt-static.c \ lib/crypt-sunmd5.c \ -@@ -329,6 +332,7 @@ check_PROGRAMS = \ +@@ -362,6 +365,7 @@ check_PROGRAMS = \ test/alg-pbkdf-hmac-sha256 \ test/alg-sha1 \ test/alg-sha256 \ @@ -62,21 +61,21 @@ index 430115a..936e0c1 100644 test/alg-sha512 \ test/alg-yescrypt \ test/badsalt \ -@@ -520,6 +524,9 @@ test_crypt_gost_yescrypt_LDADD = \ - lib/libcrypt_la-alg-yescrypt-opt.lo \ - lib/libcrypt_la-crypt-yescrypt.lo \ +@@ -574,6 +578,9 @@ test_crypt_gost_yescrypt_LDADD = \ + lib/libcrypt_la-util-xbzero.lo \ + lib/libcrypt_la-util-xstrcpy.lo \ $(COMMON_TEST_OBJECTS) +test_alg_sm3_LDADD = \ + lib/libcrypt_la-alg-sm3.lo \ + $(COMMON_TEST_OBJECTS) - test_getrandom_interface_LDADD = \ - lib/libcrypt_la-randombytes.lo \ + test_explicit_bzero_LDADD = \ + lib/libcrypt_la-util-xbzero.lo diff --git a/README.md b/README.md -index d0197a0..cf11e86 100644 +index 45b7f02..8a9abfd 100644 --- a/README.md +++ b/README.md -@@ -9,7 +9,7 @@ README for libxcrypt +@@ -11,7 +11,7 @@ README for libxcrypt libxcrypt is a modern library for one-way hashing of passwords. It supports a wide variety of both modern and historical hashing methods: @@ -85,7 +84,7 @@ index d0197a0..cf11e86 100644 md5crypt, SunMD5, sha1crypt, NT, bsdicrypt, bigcrypt, and descrypt. It provides the traditional Unix `crypt` and `crypt_r` interfaces, as well as a set of extended interfaces pioneered by Openwall Linux, -@@ -163,7 +163,7 @@ returns `$3$`. +@@ -164,7 +164,7 @@ returns `$3$`. glibc’s libcrypt could optionally be configured to use Mozilla’s NSS library’s implementations of the cryptographic primitives md5crypt, @@ -95,7 +94,7 @@ index d0197a0..cf11e86 100644 option. The stated rationale for the option was to source all cryptographic primitives from a library that has undergone FIPS diff --git a/doc/crypt.5 b/doc/crypt.5 -index 6aaf937..dce9c3f 100644 +index 0b81c10..326969e 100644 --- a/doc/crypt.5 +++ b/doc/crypt.5 @@ -218,6 +218,14 @@ Acceptable for new hashes. @@ -115,10 +114,10 @@ index 6aaf937..dce9c3f 100644 Originally developed by Simon Gerraty for NetBSD. diff --git a/lib/alg-sm3.c b/lib/alg-sm3.c new file mode 100644 -index 0000000..68d9f7c +index 0000000..5347e11 --- /dev/null +++ b/lib/alg-sm3.c -@@ -0,0 +1,408 @@ +@@ -0,0 +1,419 @@ +/*- + * Copyright(C) 2017-2021. Huawei Technologies Co.,Ltd. All Rights Reserved. + * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. @@ -132,13 +131,13 @@ index 0000000..68d9f7c + */ + +#include "crypt-port.h" -+#include "alg-yescrypt-sysendian.h" + +#if INCLUDE_sm3crypt + -+#define insecure_memzero XCRYPT_SECURE_MEMSET ++#define insecure_memzero explicit_bzero + +#include "alg-sm3.h" ++#include "byteorder.h" + +#define ROTATE(a,n) (((a)<<(n))|(((a)&0xffffffff)>>(32-(n)))) + @@ -172,13 +171,16 @@ index 0000000..68d9f7c + +#define R2(A,B,C,D,E,F,G,H,TJ,Wi,Wj) \ + RND(A,B,C,D,E,F,G,H,TJ,Wi,Wj,FF1,GG1) ++ +/* + * Encode a length len*2 vector of (uint32_t) into a length len*8 vector of + * (uint8_t) in big-endian form. + */ +static void -+be32enc_vect(uint8_t * dst, const uint32_t * src, size_t len) ++sm3_be32enc_vect(uint8_t * dst, const uint32_t * src, size_t len) +{ ++ ++ /* Encode vector, two words at a time. */ + do { + be32enc(&dst[0], src[0]); + be32enc(&dst[4], src[1]); @@ -192,8 +194,10 @@ index 0000000..68d9f7c + * len*2 vector of (uint32_t). + */ +static void -+be32dec_vect(uint32_t * dst, const uint8_t * src, size_t len) ++sm3_be32dec_vect(uint32_t * dst, const uint8_t * src, size_t len) +{ ++ ++ /* Decode vector, two words at a time. */ + do { + dst[0] = be32dec(&src[0]); + dst[1] = be32dec(&src[4]); @@ -212,7 +216,7 @@ index 0000000..68d9f7c + W08, W09, W10, W11, W12, W13, W14, W15; + + /* 1. Prepare the first part of the message schedule W. */ -+ be32dec_vect(W, block, 8); ++ sm3_be32dec_vect(W, block, 8); + + A = state[0]; + B = state[1]; @@ -377,8 +381,10 @@ index 0000000..68d9f7c + * SM3_Init(ctx): + * Initialize the SM3 context ${ctx}. + */ -+void SM3_Init(SM3_CTX * ctx) ++void ++SM3_Init(SM3_CTX * ctx) +{ ++ + /* Zero bits processed so far. */ + ctx->count = 0; + @@ -386,11 +392,13 @@ index 0000000..68d9f7c + memcpy(ctx->state, initial_state, sizeof(initial_state)); +} + ++ +/** + * SM3_Update(ctx, in, len): + * Input ${len} bytes from ${in} into the SM3 context ${ctx}. + */ -+static void _SM3_Update(SM3_CTX * ctx, const void * in, size_t len, ++static void ++_SM3_Update(SM3_CTX * ctx, const void * in, size_t len, + uint32_t tmp32[static restrict 72]) +{ + uint32_t r; @@ -486,10 +494,12 @@ index 0000000..68d9f7c +_SM3_Final(uint8_t digest[32], SM3_CTX * ctx, + uint32_t tmp32[static restrict 72]) +{ ++ + /* Add padding. */ + SM3_Pad(ctx, tmp32); ++ + /* Write the hash. */ -+ be32enc_vect(digest, ctx->state, 4); ++ sm3_be32enc_vect(digest, ctx->state, 4); +} + +/* Wrapper function for intermediate-values sanitization. */ @@ -596,10 +606,10 @@ index 0000000..5c76e6b + +#endif /* !_SM3_H_ */ diff --git a/lib/crypt-port.h b/lib/crypt-port.h -index bec36ac..33534fa 100644 +index 307b526..7ad44b0 100644 --- a/lib/crypt-port.h +++ b/lib/crypt-port.h -@@ -306,7 +306,7 @@ _crypt_strcpy_or_abort (void *, const size_t, const void *); +@@ -357,7 +357,7 @@ extern size_t strcpy_or_abort (void *dst, size_t d_size, const void *src); #define libcperciva_SHA512_Buf _crypt_SHA512_Buf #endif @@ -608,7 +618,7 @@ index bec36ac..33534fa 100644 #define gensalt_sha_rn _crypt_gensalt_sha_rn #endif -@@ -341,6 +341,13 @@ _crypt_strcpy_or_abort (void *, const size_t, const void *); +@@ -392,6 +392,13 @@ extern size_t strcpy_or_abort (void *dst, size_t d_size, const void *src); #define libcperciva_SHA256_Buf _crypt_SHA256_Buf #endif @@ -624,10 +634,10 @@ index bec36ac..33534fa 100644 #define GOST34112012Update _crypt_GOST34112012_Update diff --git a/lib/crypt-sm3.c b/lib/crypt-sm3.c new file mode 100644 -index 0000000..b79d670 +index 0000000..1a817cd --- /dev/null +++ b/lib/crypt-sm3.c -@@ -0,0 +1,357 @@ +@@ -0,0 +1,358 @@ +/* One way encryption based on the SM3-based Unix crypt implementation. + * + * Written by Ulrich Drepper in 2007 [1]. @@ -743,7 +753,8 @@ index 0000000..b79d670 + /* Skip salt prefix. */ + salt += sizeof (sm3_salt_prefix) - 1; + -+ if (strncmp (salt, sm3_rounds_prefix, sizeof (sm3_rounds_prefix) - 1) == 0) ++ if (strncmp (salt, sm3_rounds_prefix, sizeof (sm3_rounds_prefix) - 1) ++ == 0) + { + const char *num = salt + sizeof (sm3_rounds_prefix) - 1; + /* Do not allow an explicit setting of zero rounds, nor of the @@ -986,7 +997,7 @@ index 0000000..b79d670 + +#endif diff --git a/lib/hashes.conf b/lib/hashes.conf -index 99ed116..d5d05b2 100644 +index 094f7cc..2676c24 100644 --- a/lib/hashes.conf +++ b/lib/hashes.conf @@ -48,6 +48,7 @@ bcrypt_a $2a$ 16 STRONG,ALT,FREEBSD,NETBSD,OPENBSD,OWL,SOLARIS, @@ -998,10 +1009,10 @@ index 99ed116..d5d05b2 100644 sunmd5 $md5 8 SOLARIS md5crypt $1$ 9 GLIBC,FREEBSD,NETBSD,OPENBSD,SOLARIS diff --git a/libxcrypt.spec.rpkg b/libxcrypt.spec.rpkg -index 12216a6..dc3bd8e 100644 +index 8d3fd06..7e86b99 100644 --- a/libxcrypt.spec.rpkg +++ b/libxcrypt.spec.rpkg -@@ -173,7 +173,7 @@ Recommends: mkpasswd +@@ -170,7 +170,7 @@ Recommends: mkpasswd %description libxcrypt is a modern library for one-way hashing of passwords. It supports a wide variety of both modern and historical hashing methods: @@ -1140,29 +1151,6 @@ index 0000000..910a7dd +} + +#endif -diff --git a/test/badsalt.c b/test/badsalt.c -index 803b575..39e3529 100644 ---- a/test/badsalt.c -+++ b/test/badsalt.c -@@ -155,6 +155,18 @@ static const struct testcase testcases[] = - { "*SHA-256 (rounds) invalid rounds 6", 32, "$5$rounds=0100$MJHnaAkegEVYHsFK$" }, - { "*SHA-256 (rounds) invalid rounds 7", 38, "$5$rounds=4294967295$MJHnaAkegEVYHsFK$" }, - #endif -+#if INCLUDE_sm3crypt -+ { "SM3 (plain)", 22, "$sm3$MJHnaAkegEVYHsFK$" }, -+ { "*SM3 (plain) invalid char", 22, "$sm3$:JHnaAkegEVYHsFK$" }, -+ { "SM3 (rounds)", 34, "$sm3$rounds=1000$MJHnaAkegEVYHsFK$" }, -+ { "*SM3 (rounds) invalid rounds 1", 34, "$sm3$rounds=:000$MJHnaAkegEVYHsFK$" }, -+ { "*SM3 (rounds) invalid rounds 2", 34, "$sm3$rounds=100:$MJHnaAkegEVYHsFK$" }, -+ { "*SM3 (rounds) invalid rounds 3", 34, "$sm3$rounds:1000$MJHnaAkegEVYHsFK$" }, -+ { "*SM3 (rounds) invalid rounds 4", 30, "$sm3$rounds=$MJHnaAkegEVYHsFK$" }, -+ { "*SM3 (rounds) invalid rounds 5", 31, "$sm3$rounds=0$MJHnaAkegEVYHsFK$" }, -+ { "*SM3 (rounds) invalid rounds 6", 33, "$sm3$rounds=0100$MJHnaAkegEVYHsFK$" }, -+ { "*SM3 (rounds) invalid rounds 7", 40, "$sm3$rounds=4294967295$MJHnaAkegEVYHsFK$" }, -+#endif - #if INCLUDE_sha512crypt - { "SHA-512 (plain)", 20, "$6$MJHnaAkegEVYHsFK$" }, - { "*SHA-512 (plain) invalid char", 20, "$6$:JHnaAkegEVYHsFK$" }, diff --git a/test/badsetting.c b/test/badsetting.c index 4af151a..0cfc6c5 100644 --- a/test/badsetting.c @@ -1184,12 +1172,12 @@ index 4af151a..0cfc6c5 100644 #if INCLUDE_sha512crypt { "$6", 0, 0, 0 }, // truncated prefix diff --git a/test/checksalt.c b/test/checksalt.c -index 7575dfd..dab255c 100644 +index e220bb3..f97296c 100644 --- a/test/checksalt.c +++ b/test/checksalt.c @@ -68,6 +68,11 @@ static const struct testcase testcases[] = #else - { "$5$", CRYPT_SALT_INVALID, CRYPT_SALT_INVALID, CRYPT_SALT_INVALID }, + { "$5$", CRYPT_SALT_INVALID, CRYPT_SALT_INVALID, CRYPT_SALT_INVALID }, #endif +#if INCLUDE_sm3crypt + { "$sm3$", CRYPT_SALT_OK, CRYPT_SALT_OK, CRYPT_SALT_OK }, @@ -1197,13 +1185,13 @@ index 7575dfd..dab255c 100644 + { "$sm3$", CRYPT_SALT_INVALID, CRYPT_SALT_INVALID, CRYPT_SALT_INVALID }, +#endif #if INCLUDE_sha512crypt - { "$6$", CRYPT_SALT_OK, CRYPT_SALT_OK, CRYPT_SALT_OK }, + { "$6$", CRYPT_SALT_OK, CRYPT_SALT_OK, CRYPT_SALT_OK }, #else diff --git a/test/crypt-badargs.c b/test/crypt-badargs.c -index 59c6690..658e85b 100644 +index 8b743f6..3d081b7 100644 --- a/test/crypt-badargs.c +++ b/test/crypt-badargs.c -@@ -51,6 +51,10 @@ static const char *settings[] = +@@ -50,6 +50,10 @@ static const char *settings[] = "$5$MJHnaAkegEVYHsFK", "$5$rounds=10191$MJHnaAkegEVYHsFK", #endif @@ -1229,7 +1217,7 @@ index 9df2e9f..3e492e5 100644 { "$6$", 7019, 1120211 }, #endif diff --git a/test/gensalt.c b/test/gensalt.c -index 2d590a9..6dbbaf6 100644 +index 834ccf5..e4c9624 100644 --- a/test/gensalt.c +++ b/test/gensalt.c @@ -140,6 +140,36 @@ static const char *const sha256_expected_output_h[] = diff --git a/libxcrypt.spec b/libxcrypt.spec index 6fca83f2b1a105342314396b85e576f2b8bca718..534dfe0986d4daeae89734557ba2933d7113e669 100644 --- a/libxcrypt.spec +++ b/libxcrypt.spec @@ -1,7 +1,7 @@ %define libdir /lib64 Name: libxcrypt -Version: 4.4.17 -Release: 3 +Version: 4.4.26 +Release: 1 Summary: Extended crypt library for DES, MD5, Blowfish and others License: LGPLv2+ and BSD and Public Domain URL: https://github.com/besser82/%{name} @@ -9,6 +9,7 @@ Source0: https://github.com/besser82/%{name}/archive/v%{version}.tar.gz Patch9000: add-sm3-crypt-support.patch +BuildRequires: perl >= 5.14.0 BuildRequires: autoconf libtool fipscheck Obsoletes: %{name}-common < %{version}-%{release} Provides: %{name}-common%{?_isa} = %{version}-%{release} %{name}%{?_isa} = %{version}-%{release} @@ -100,6 +101,9 @@ make check %changelog +* Thu Dec 30 2021 yixiangzhike - 4.4.26-1 +- update to 4.4.26 + * Tue Dec 28 2021 houmingyong - 4.4.17-3 - add sm3 DT test case diff --git a/v4.4.17.tar.gz b/v4.4.17.tar.gz deleted file mode 100644 index 07f91859747683b9853df0dc6a69af6446a5f003..0000000000000000000000000000000000000000 Binary files a/v4.4.17.tar.gz and /dev/null differ diff --git a/v4.4.26.tar.gz b/v4.4.26.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..f82c6020935d24a255b35c7b74e52df6132732e0 Binary files /dev/null and b/v4.4.26.tar.gz differ