On 2018-10-27, Charlene Wendling <[email protected]> wrote:
> The patch i propose here builds and works on sparc64 and amd64, and
> simply reverts poly1305.c as it is in OpenSSH, but there are 2
> concerns:
>
> 1) Security implications, as the context is different than OpenSSH
> itself.
>
> 2) It "reintroduces" the warning, and it appears it's overriding
> Perl's own definition of the U8TO32_LE macro:
It's tragicomical. Both Perl's internal hv_func.h and poly1305.c
have a macro U8TO32_LE(). Both versions do the same thing. However,
the one in hv_func.h that is chosen on sparc64 is poorly written:
#define U8TO32_LE(ptr) (ptr[0]|ptr[1]<<8|ptr[2]<<16|ptr[3]<<24)
It fails to parenthesize its argument, so U8TO32_LE(key+0) produces
key+0[0] etc., which causes the syntax error. It also lacks casts
to uint32_t, so the arithmetic is performed as int and we're shifting
into the sign bit, which is undefined in C.
Your patch is fine. Alternatively you could do #undef U8TO32_LE.
I see that perl 5.28 has fixed U8TO32_LE(), so once we get a newer
perl this patch could go away. This should be mentioned in the
comment.
--
Christian "naddy" Weisgerber [email protected]
