diff --git a/.argon2.metadata b/.argon2.metadata new file mode 100644 index 0000000..32a3a2f --- /dev/null +++ b/.argon2.metadata @@ -0,0 +1 @@ +13bc02284b3ac92a3a1f7ab6a98baad25708ccc7 SOURCES/phc-winner-argon2-20171227-670229c.tar.gz diff --git a/SOURCES/README.md b/SOURCES/README.md new file mode 100644 index 0000000..6537591 --- /dev/null +++ b/SOURCES/README.md @@ -0,0 +1,3 @@ +# argon2 + +The password-hashing tools \ No newline at end of file diff --git a/SOURCES/argon2-Use-explicit_bzero-on-recent-glibc-versions.patch b/SOURCES/argon2-Use-explicit_bzero-on-recent-glibc-versions.patch new file mode 100644 index 0000000..e6265da --- /dev/null +++ b/SOURCES/argon2-Use-explicit_bzero-on-recent-glibc-versions.patch @@ -0,0 +1,51 @@ +From fea3943adadf6527d1e839a2953e9591896e628d Mon Sep 17 00:00:00 2001 +From: "Maciej S. Szmigiero" +Date: Tue, 5 Mar 2019 14:30:22 +0100 +Subject: [PATCH] Use explicit_bzero() on recent glibc versions + +glibc 2.25+ has explicit_bzero(), so we can use it to securely wipe memory +instead of hacking our own memset-based replacement, just like we already +do on OpenBSD. +--- + src/core.c | 13 ++++++++++++- + 1 file changed, 12 insertions(+), 1 deletion(-) + +diff --git a/src/core.c b/src/core.c +index 8781852..8361175 100644 +--- a/src/core.c ++++ b/src/core.c +@@ -25,6 +25,9 @@ + #endif + #define VC_GE_2005(version) (version >= 1400) + ++/* for explicit_bzero() on glibc */ ++#define _DEFAULT_SOURCE ++ + #include + #include + #include +@@ -120,12 +123,20 @@ void free_memory(const argon2_context *context, uint8_t *memory, + } + } + ++#if defined(__OpenBSD__) ++#define HAVE_EXPLICIT_BZERO 1 ++#elif defined(__GLIBC__) && defined(__GLIBC_PREREQ) ++#if __GLIBC_PREREQ(2,25) ++#define HAVE_EXPLICIT_BZERO 1 ++#endif ++#endif ++ + void NOT_OPTIMIZED secure_wipe_memory(void *v, size_t n) { + #if defined(_MSC_VER) && VC_GE_2005(_MSC_VER) + SecureZeroMemory(v, n); + #elif defined memset_s + memset_s(v, n, 0, n); +-#elif defined(__OpenBSD__) ++#elif defined(HAVE_EXPLICIT_BZERO) + explicit_bzero(v, n); + #else + static void *(*const volatile memset_sec)(void *, int, size_t) = &memset; +-- +2.20.1 + diff --git a/SOURCES/argon2-Wait-for-already-running-threads-if-a-thread-creatio.patch b/SOURCES/argon2-Wait-for-already-running-threads-if-a-thread-creatio.patch new file mode 100644 index 0000000..d814fc6 --- /dev/null +++ b/SOURCES/argon2-Wait-for-already-running-threads-if-a-thread-creatio.patch @@ -0,0 +1,42 @@ +From cfa4385e728116989ad88b4be7c23b4868422778 Mon Sep 17 00:00:00 2001 +From: Milan Broz +Date: Mon, 11 Mar 2019 21:21:57 +0100 +Subject: [PATCH] Wait for already running threads if a thread creation + failed. + +On memory-constrained systems (like cgroups limited processes) +thread creation often fails. + +The code needs to wait for already running threads on error path; +otherwise these threads can access deallocated memory +(and cause a segfault or another crash). +--- + src/core.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/src/core.c b/src/core.c +index 8361175..65f0537 100644 +--- a/src/core.c ++++ b/src/core.c +@@ -310,7 +310,7 @@ static int fill_memory_blocks_mt(argon2_instance_t *instance) { + + for (r = 0; r < instance->passes; ++r) { + for (s = 0; s < ARGON2_SYNC_POINTS; ++s) { +- uint32_t l; ++ uint32_t l, ll; + + /* 2. Calling threads */ + for (l = 0; l < instance->lanes; ++l) { +@@ -335,6 +335,9 @@ static int fill_memory_blocks_mt(argon2_instance_t *instance) { + sizeof(argon2_position_t)); + if (argon2_thread_create(&thread[l], &fill_segment_thr, + (void *)&thr_data[l])) { ++ /* Wait for already running threads */ ++ for (ll = 0; ll < l; ++ll) ++ argon2_thread_join(thread[ll]); + rc = ARGON2_THREAD_FAIL; + goto fail; + } +-- +2.20.1 + diff --git a/SPECS/argon2.spec b/SPECS/argon2.spec new file mode 100644 index 0000000..0ebebdb --- /dev/null +++ b/SPECS/argon2.spec @@ -0,0 +1,180 @@ +# remirepo/fedora spec file for argon2 +# +# Copyright (c) 2017-2018 Remi Collet +# License: CC-BY-SA +# http://creativecommons.org/licenses/by-sa/4.0/ +# +# Please, preserve the changelog entries +# +%global libname libargon2 +%global gh_commit 670229c849b9fe882583688b74eb7dfdc846f9f6 +%global gh_short %(c=%{gh_commit}; echo ${c:0:7}) +%global gh_owner P-H-C +%global gh_project phc-winner-argon2 +%global soname 1 + +%global upstream_version 20171227 +#global upstream_prever RC1 + +Name: argon2 +Version: %{upstream_version}%{?upstream_prever:~%{upstream_prever}} +Release: 7%{?dist} +Summary: The password-hashing tools + +License: Public Domain or ASL 2.0 +URL: https://github.com/%{gh_owner}/%{gh_project} +Source0: https://github.com/%{gh_owner}/%{gh_project}/archive/%{gh_commit}/%{gh_project}-%{upstream_version}%{?upstream_prever}-%{gh_short}.tar.gz +Patch0: argon2-Use-explicit_bzero-on-recent-glibc-versions.patch +Patch1: argon2-Wait-for-already-running-threads-if-a-thread-creatio.patch + +BuildRequires: gcc +BuildRequires: make +Requires: %{libname}%{?_isa} = %{version}-%{release} + + +%description +Argon2 is a password-hashing function that summarizes the state of the art +in the design of memory-hard functions and can be used to hash passwords +for credential storage, key derivation, or other applications. + +It has a simple design aimed at the highest memory filling rate and +effective use of multiple computing units, while still providing defense +against tradeoff attacks (by exploiting the cache and memory organization +of the recent processors). + +Argon2 has three variants: Argon2i, Argon2d, and Argon2id. + +* Argon2d is faster and uses data-depending memory access, which makes it + highly resistant against GPU cracking attacks and suitable for applications + with no threats from side-channel timing attacks (eg. cryptocurrencies). +* Argon2i instead uses data-independent memory access, which is preferred for + password hashing and password-based key derivation, but it is slower as it + makes more passes over the memory to protect from tradeoff attacks. +* Argon2id is a hybrid of Argon2i and Argon2d, using a combination of + data-depending and data-independent memory accesses, which gives some of + Argon2i's resistance to side-channel cache timing attacks and much of + Argon2d's resistance to GPU cracking attacks. + + +%package -n %{libname} +Summary: The password-hashing library + +%description -n %{libname} +Argon2 is a password-hashing function that summarizes the state of the art +in the design of memory-hard functions and can be used to hash passwords +for credential storage, key derivation, or other applications. + + +%package -n %{libname}-devel +Summary: Development files for %{libname} +Requires: %{libname}%{?_isa} = %{version}-%{release} + +%description -n %{libname}-devel +The %{libname}-devel package contains libraries and header files for +developing applications that use %{libname}. + + +%prep +%setup -qn %{gh_project}-%{gh_commit} +%patch0 -p1 +%patch1 -p1 + +if ! grep -q 'ABI_VERSION = %{soname}' Makefile; then + : soname have changed + grep soname Makefile + exit 1 +fi + +# Fix pkgconfig file +sed -e 's:lib/@HOST_MULTIARCH@:%{_lib}:;s/@UPSTREAM_VER@/%{version}/' -i %{libname}.pc + +# Honours default RPM build options and library path, do not use -march=native +sed -e '/^CFLAGS/s:^CFLAGS:LDFLAGS=%{build_ldflags}\nCFLAGS:' \ + -e 's:-O3 -Wall:%{optflags}:' \ + -e '/^LIBRARY_REL/s:lib:%{_lib}:' \ + -e 's:-march=\$(OPTTARGET) :${CFLAGS} :' \ + -e 's:CFLAGS += -march=\$(OPTTARGET)::' \ + -i Makefile + +%build +# parallel build is not supported +make -j1 + + +%install +make install DESTDIR=%{buildroot} + +# Drop static library +rm %{buildroot}%{_libdir}/%{libname}.a + +# pkgconfig file +install -Dpm 644 %{libname}.pc %{buildroot}%{_libdir}/pkgconfig/%{libname}.pc + +# Fix perms +chmod -x %{buildroot}%{_includedir}/%{name}.h + + +%check +make test + + +%files +%{_bindir}/%{name} + +%files -n %{libname} +%{!?_licensedir:%global license %%doc} +%license LICENSE +%{_libdir}/%{libname}.so.%{soname} + + +%files -n %{libname}-devel +%doc *md +%{_includedir}/%{name}.h +%{_libdir}/%{libname}.so +%{_libdir}/pkgconfig/%{libname}.pc + + +%changelog +* Wed Jul 21 2021 Fedora Release Engineering - 20171227-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + +* Tue Jan 26 2021 Fedora Release Engineering - 20171227-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Mon Jul 27 2020 Fedora Release Engineering - 20171227-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Tue Jan 28 2020 Fedora Release Engineering - 20171227-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Wed Jul 24 2019 Fedora Release Engineering - 20171227-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Mon Mar 18 2019 Milan Broz - 20171227-2 +- Rebuilt to remove old library. + +* Mon Mar 18 2019 Milan Broz - 20171227-1 +- Update to version 20171227 (soname increase). +- Temporarily keep libargon2.so.0. +- Fix a crash if running under memory pressure. + +* Thu Jan 31 2019 Fedora Release Engineering - 20161029-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Thu Jul 12 2018 Fedora Release Engineering - 20161029-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Thu Feb 15 2018 Remi Collet - 20161029-5 +- honours all build flags #1558128 + +* Thu Feb 15 2018 Remi Collet - 20161029-4 +- drop ldconfig scriptlets + +* Wed Feb 07 2018 Fedora Release Engineering - 20161029-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Thu Nov 16 2017 Milan Broz - 20161029-2 +- Do not use -march=native in build, use system flags (rh #1512845). + +* Wed Oct 18 2017 Remi Collet - 20161029-1 +- initial package