Hi,
I think this 16 bytes string assignment has boundary issue.
static const char sigma[16] = "expand 32-byte k";
I found this when I tried to build libressl-portable with MSVC on Windows.
These 4 files have the same code above.
lib/libc/crypt/chacha_private.h
lib/libcrypto/chacha/chacha-merged.c
sys/crypto/chacha_private.h
usr.bin/ssh/chacha.c
I would like to suggest the fixing way of boringssl.
https://boringssl.googlesource.com/boringssl/+/master/crypto/chacha/chacha.c#73
ok ?
Index: lib/libc/crypt/chacha_private.h
===================================================================
RCS file: /cvs/src/lib/libc/crypt/chacha_private.h,v
retrieving revision 1.2
diff -u -p -r1.2 chacha_private.h
--- lib/libc/crypt/chacha_private.h 4 Oct 2013 07:02:27 -0000 1.2
+++ lib/libc/crypt/chacha_private.h 7 Oct 2016 16:42:14 -0000
@@ -48,8 +48,10 @@ typedef struct
a = PLUS(a,b); d = ROTATE(XOR(d,a), 8); \
c = PLUS(c,d); b = ROTATE(XOR(b,c), 7);
-static const char sigma[16] = "expand 32-byte k";
-static const char tau[16] = "expand 16-byte k";
+static const char sigma[16] = { 'e', 'x', 'p', 'a', 'n', 'd', ' ', '3',
+ '2', '-', 'b', 'y', 't', 'e', ' ', 'k' };
+static const char tau[16] = { 'e', 'x', 'p', 'a', 'n', 'd', ' ', '1',
+ '6', '-', 'b', 'y', 't', 'e', ' ', 'k' };
static void
chacha_keysetup(chacha_ctx *x,const u8 *k,u32 kbits,u32 ivbits)
Index: lib/libcrypto/chacha/chacha-merged.c
===================================================================
RCS file: /cvs/src/lib/libcrypto/chacha/chacha-merged.c,v
retrieving revision 1.7
diff -u -p -r1.7 chacha-merged.c
--- lib/libcrypto/chacha/chacha-merged.c 11 Jul 2014 08:47:47 -0000
1.7
+++ lib/libcrypto/chacha/chacha-merged.c 7 Oct 2016 16:42:14 -0000
@@ -72,8 +72,10 @@ typedef struct chacha_ctx chacha_ctx;
a = PLUS(a,b); d = ROTATE(XOR(d,a), 8); \
c = PLUS(c,d); b = ROTATE(XOR(b,c), 7);
-static const char sigma[16] = "expand 32-byte k";
-static const char tau[16] = "expand 16-byte k";
+static const char sigma[16] = { 'e', 'x', 'p', 'a', 'n', 'd', ' ', '3',
+ '2', '-', 'b', 'y', 't', 'e', ' ', 'k' };
+static const char tau[16] = { 'e', 'x', 'p', 'a', 'n', 'd', ' ', '1',
+ '6', '-', 'b', 'y', 't', 'e', ' ', 'k' };
static inline void
chacha_keysetup(chacha_ctx *x, const u8 *k, u32 kbits)
Index: sys/crypto/chacha_private.h
===================================================================
RCS file: /cvs/src/sys/crypto/chacha_private.h,v
retrieving revision 1.2
diff -u -p -r1.2 chacha_private.h
--- sys/crypto/chacha_private.h 27 Oct 2015 11:13:06 -0000 1.2
+++ sys/crypto/chacha_private.h 7 Oct 2016 16:42:14 -0000
@@ -46,8 +46,10 @@ typedef struct
a = PLUS(a,b); d = ROTATE(XOR(d,a), 8); \
c = PLUS(c,d); b = ROTATE(XOR(b,c), 7);
-static const char sigma[16] = "expand 32-byte k";
-static const char tau[16] = "expand 16-byte k";
+static const char sigma[16] = { 'e', 'x', 'p', 'a', 'n', 'd', ' ', '3',
+ '2', '-', 'b', 'y', 't', 'e', ' ', 'k' };
+static const char tau[16] = { 'e', 'x', 'p', 'a', 'n', 'd', ' ', '1',
+ '6', '-', 'b', 'y', 't', 'e', ' ', 'k' };
static void
chacha_keysetup(chacha_ctx *x,const u8 *k,u32 kbits)
Index: usr.bin/ssh/chacha.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/chacha.c,v
retrieving revision 1.1
diff -u -p -r1.1 chacha.c
--- usr.bin/ssh/chacha.c 21 Nov 2013 00:45:44 -0000 1.1
+++ usr.bin/ssh/chacha.c 7 Oct 2016 16:42:14 -0000
@@ -47,8 +47,10 @@ typedef struct chacha_ctx chacha_ctx;
a = PLUS(a,b); d = ROTATE(XOR(d,a), 8); \
c = PLUS(c,d); b = ROTATE(XOR(b,c), 7);
-static const char sigma[16] = "expand 32-byte k";
-static const char tau[16] = "expand 16-byte k";
+static const char sigma[16] = { 'e', 'x', 'p', 'a', 'n', 'd', ' ', '3',
+ '2', '-', 'b', 'y', 't', 'e', ' ', 'k' };
+static const char tau[16] = { 'e', 'x', 'p', 'a', 'n', 'd', ' ', '1',
+ '6', '-', 'b', 'y', 't', 'e', ' ', 'k' };
void
chacha_keysetup(chacha_ctx *x,const u8 *k,u32 kbits)
