On Sun, 28 Oct 2018 12:22:52 -0000 (UTC)
Christian Weisgerber wrote:
> On 2018-10-27, Charlene Wendling <juliana...@posteo.jp> wrote:
>
> > The patch i propose here builds and works on sparc64 and amd64, and
> > simply reverts poly1305.c as it is in OpenSSH, but there are 2
> > concerns:
> >
> > 1) Security implications, as the context is different than OpenSSH
> > itself.
> >
> > 2) It "reintroduces" the warning, and it appears it's overriding
> > Perl's own definition of the U8TO32_LE macro:
>
> It's tragicomical. Both Perl's internal hv_func.h and poly1305.c
> have a macro U8TO32_LE(). Both versions do the same thing. However,
> the one in hv_func.h that is chosen on sparc64 is poorly written:
>
> #define U8TO32_LE(ptr) (ptr[0]|ptr[1]<<8|ptr[2]<<16|ptr[3]<<24)
>
> It fails to parenthesize its argument, so U8TO32_LE(key+0) produces
> key+0[0] etc., which causes the syntax error. It also lacks casts
> to uint32_t, so the arithmetic is performed as int and we're shifting
> into the sign bit, which is undefined in C.
>
> Your patch is fine. Alternatively you could do #undef U8TO32_LE.
>
> I see that perl 5.28 has fixed U8TO32_LE(), so once we get a newer
> perl this patch could go away. This should be mentioned in the
> comment.
>
> --
> Christian "naddy" Weisgerber
> na...@mips.inka.de
>
Thanks a lot for the explanation! I modified the patch with a more
meaningful comment.
Charlène.
Index: Makefile
===================================================================
RCS file: /cvs/ports/net/p5-Net-SSH-Perl/Makefile,v
retrieving revision 1.21
diff -u -p -u -p -r1.21 Makefile
--- Makefile 10 Sep 2018 18:37:09 -0000 1.21
+++ Makefile 29 Oct 2018 21:34:18 -0000
@@ -4,6 +4,7 @@ COMMENT = perl implementation of the SSH
MODULES = cpan
DISTNAME = Net-SSH-Perl-2.14
+REVISION = 0
CATEGORIES = net security
# perl
Index: patches/patch-src_chacha_poly1305_c
===================================================================
RCS file: patches/patch-src_chacha_poly1305_c
diff -N patches/patch-src_chacha_poly1305_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_chacha_poly1305_c 29 Oct 2018 21:34:18 -0000
@@ -0,0 +1,22 @@
+$OpenBSD$
+Sync with vanilla OpenSSH code (/usr/src/usr.bin/ssh/poly1305.c)
+Perl's U8TO32_LE macro fails to parenthesize its argument on sparc64 in
+hv_func.h, leading to a build failure. This patch could be removed once we
+ship Perl>=5.28.
+Index: src/chacha/poly1305.c
+--- src/chacha/poly1305.c.orig
++++ src/chacha/poly1305.c
+@@ -11,13 +11,11 @@
+
+ #define mul32x32_64(a,b) ((uint64_t)(a) * (b))
+
+-#ifndef U8TO32_LE
+ #define U8TO32_LE(p) \
+ (((uint32_t)((p)[0])) | \
+ ((uint32_t)((p)[1]) << 8) | \
+ ((uint32_t)((p)[2]) << 16) | \
+ ((uint32_t)((p)[3]) << 24))
+-#endif
+
+ #define U32TO8_LE(p, v) \
+ do { \
