[PATCH 09/10] mceliece6688128f: update generation script to apply changes as patch set
Jussi Kivilinna
jussi.kivilinna at iki.fi
Sat Sep 27 09:54:18 CEST 2025
* cipher/mceliece6688128f-patches: New.
* cipher/mceliece6688128f.sh: Apply patches from
'cipher/mceliece6688128f-patches/*'.
--
Signed-off-by: Jussi Kivilinna <jussi.kivilinna at iki.fi>
---
...ece6688128f-fix-UBSAN-runtime-errors.patch | 135 +++++++++++++
...-harden-mask-generation-against-bran.patch | 179 ++++++++++++++++++
...-use-const-time-helper-for-memory-co.patch | 36 ++++
...-fix-stack-overflow-crash-on-win64-w.patch | 71 +++++++
cipher/mceliece6688128f.sh | 19 ++
5 files changed, 440 insertions(+)
create mode 100644 cipher/mceliece6688128f-patches/0001-mceliece6688128f-fix-UBSAN-runtime-errors.patch
create mode 100644 cipher/mceliece6688128f-patches/0002-mceliece6688128f-harden-mask-generation-against-bran.patch
create mode 100644 cipher/mceliece6688128f-patches/0003-mceliece6688128f-use-const-time-helper-for-memory-co.patch
create mode 100644 cipher/mceliece6688128f-patches/0004-mceliece6688128f-fix-stack-overflow-crash-on-win64-w.patch
diff --git a/cipher/mceliece6688128f-patches/0001-mceliece6688128f-fix-UBSAN-runtime-errors.patch b/cipher/mceliece6688128f-patches/0001-mceliece6688128f-fix-UBSAN-runtime-errors.patch
new file mode 100644
index 00000000..581da04c
--- /dev/null
+++ b/cipher/mceliece6688128f-patches/0001-mceliece6688128f-fix-UBSAN-runtime-errors.patch
@@ -0,0 +1,135 @@
+From a786e3b6bf8cdc29aaa209b6528cf9b455677e1a Mon Sep 17 00:00:00 2001
+From: Jussi Kivilinna <jussi.kivilinna at iki.fi>
+Date: Mon, 22 Sep 2025 08:34:50 +0300
+Subject: [PATCH] mceliece6688128f: fix UBSAN runtime errors
+
+* cipher/mceliece6688128f.c (cbrecursion): Fix left shift of signed integer
+by too many places, by casting to unsigned integer before shift.
+(syndrome): Fix misaligned memory loads by using 'bufhelp.h'.
+--
+
+There was multiple undefined behaviour sanitizer warnings with mceliece668128f
+which have been fixed by this commit:
+
+ $ tests/t-kem
+ ../../cipher/mceliece6688128f.c:1766:37: runtime error: left shift of 73010 by 16 places cannot be represented in type 'int'
+ ../../cipher/mceliece6688128f.c:1769:37: runtime error: left shift of 71034 by 16 places cannot be represented in type 'int'
+ ../../cipher/mceliece6688128f.c:1792:39: runtime error: left shift of 72996 by 16 places cannot be represented in type 'int'
+ ../../cipher/mceliece6688128f.c:1800:41: runtime error: left shift of 71344 by 16 places cannot be represented in type 'int'
+ ../../cipher/mceliece6688128f.c:1807:43: runtime error: left shift of 68334 by 16 places cannot be represented in type 'int'
+ ../../cipher/mceliece6688128f.c:1834:23: runtime error: left shift of 72247 by 16 places cannot be represented in type 'int'
+ ../../cipher/mceliece6688128f.c:1833:19: runtime error: left shift of 136871 by 16 places cannot be represented in type 'int'
+ ../../cipher/mceliece6688128f.c:1781:41: runtime error: left shift of 66551 by 20 places cannot be represented in type 'int'
+ ../../cipher/mceliece6688128f.c:2261:15: runtime error: load of misaligned address 0x7ffd13d3ad84 for type 'const uint64_t', which requires 8 byte alignment
+ 0x7ffd13d3ad84: note: pointer points here
+ d8 7f e7 3c 61 1d b1 60 68 9b ff 4e 95 da 54 31 4b ca b9 7f e2 3b 06 a5 51 e3 7f 74 14 99 81 44
+ ^
+t-kem: 70 tests done
+
+Signed-off-by: Jussi Kivilinna <jussi.kivilinna at iki.fi>
+---
+ cipher/mceliece6688128f.c | 27 ++++++++++++++-------------
+ 1 file changed, 14 insertions(+), 13 deletions(-)
+
+diff --git a/cipher/mceliece6688128f.c b/cipher/mceliece6688128f.c
+index 6ad3eecb..ca1952b5 100644
+--- a/cipher/mceliece6688128f.c
++++ b/cipher/mceliece6688128f.c
+@@ -131,6 +131,7 @@
+ #endif
+
+ #include "g10lib.h"
++#include "bufhelp.h"
+ #include "mceliece6688128f.h"
+
+ static void
+@@ -1763,10 +1764,10 @@ static void cbrecursion(unsigned char *out,long long pos,long long step,const in
+ }
+ /* B = (p<<16)+c */
+
+- for (x = 0;x < n;++x) A[x] = (A[x]<<16)|x; /* A = (pibar<<16)+id */
++ for (x = 0;x < n;++x) A[x] = ((u32)A[x]<<16)|x; /* A = (pibar<<16)+id */
+ int32_sort(A,n); /* A = (id<<16)+pibar^-1 */
+
+- for (x = 0;x < n;++x) A[x] = (A[x]<<16)+(B[x]>>16); /* A = (pibar^(-1)<<16)+pibar */
++ for (x = 0;x < n;++x) A[x] = ((u32)A[x]<<16)+(B[x]>>16); /* A = (pibar^(-1)<<16)+pibar */
+ int32_sort(A,n); /* A = (id<<16)+pibar^2 */
+
+ if (w <= 10) {
+@@ -1778,7 +1779,7 @@ static void cbrecursion(unsigned char *out,long long pos,long long step,const in
+ for (x = 0;x < n;++x) A[x] = ((B[x]&~0x3ff)<<6)|x; /* A = (p<<16)+id */
+ int32_sort(A,n); /* A = (id<<16)+p^{-1} */
+
+- for (x = 0;x < n;++x) A[x] = (A[x]<<20)|B[x]; /* A = (p^{-1}<<20)+(p<<10)+c */
++ for (x = 0;x < n;++x) A[x] = ((u32)A[x]<<20)|B[x]; /* A = (p^{-1}<<20)+(p<<10)+c */
+ int32_sort(A,n); /* A = (id<<20)+(pp<<10)+cp */
+
+ for (x = 0;x < n;++x) {
+@@ -1789,7 +1790,7 @@ static void cbrecursion(unsigned char *out,long long pos,long long step,const in
+ }
+ for (x = 0;x < n;++x) B[x] &= 0x3ff;
+ } else {
+- for (x = 0;x < n;++x) B[x] = (A[x]<<16)|(B[x]&0xffff);
++ for (x = 0;x < n;++x) B[x] = ((u32)A[x]<<16)|(B[x]&0xffff);
+
+ for (i = 1;i < w-1;++i) {
+ /* B = (p<<16)+c */
+@@ -1797,14 +1798,14 @@ static void cbrecursion(unsigned char *out,long long pos,long long step,const in
+ for (x = 0;x < n;++x) A[x] = (B[x]&~0xffff)|x;
+ int32_sort(A,n); /* A = (id<<16)+p^(-1) */
+
+- for (x = 0;x < n;++x) A[x] = (A[x]<<16)|(B[x]&0xffff);
++ for (x = 0;x < n;++x) A[x] = ((u32)A[x]<<16)|(B[x]&0xffff);
+ /* A = p^(-1)<<16+c */
+
+ if (i < w-2) {
+ for (x = 0;x < n;++x) B[x] = (A[x]&~0xffff)|(B[x]>>16);
+ /* B = (p^(-1)<<16)+p */
+ int32_sort(B,n); /* B = (id<<16)+p^(-2) */
+- for (x = 0;x < n;++x) B[x] = (B[x]<<16)|(A[x]&0xffff);
++ for (x = 0;x < n;++x) B[x] = ((u32)B[x]<<16)|(A[x]&0xffff);
+ /* B = (p^(-2)<<16)+c */
+ }
+
+@@ -1830,8 +1831,8 @@ static void cbrecursion(unsigned char *out,long long pos,long long step,const in
+ out[pos>>3] ^= fj<<(pos&7);
+ pos += step;
+
+- B[lx] = (A[lx]<<16)|Fx;
+- B[lx+1] = (A[lx+1]<<16)|Fx1;
++ B[lx] = ((u32)A[lx]<<16)|Fx;
++ B[lx+1] = ((u32)A[lx+1]<<16)|Fx1;
+ }
+ /* B = (pi^(-1)<<16)+F */
+
+@@ -2242,8 +2243,8 @@ static void syndrome(unsigned char *s, const unsigned char *pk, unsigned char *e
+ {
+ uint64_t b;
+
+- const uint64_t *pk_ptr;
+- const uint64_t *e_ptr = ((uint64_t *) (e + SYND_BYTES));
++ const unsigned char *pk_ptr;
++ const unsigned char *e_ptr = (e + SYND_BYTES);
+
+ int i, j;
+
+@@ -2254,13 +2255,13 @@ static void syndrome(unsigned char *s, const unsigned char *pk, unsigned char *e
+
+ for (i = 0; i < PK_NROWS; i++)
+ {
+- pk_ptr = ((uint64_t *) (pk + PK_ROW_BYTES * i));
++ pk_ptr = (pk + PK_ROW_BYTES * i);
+
+ b = 0;
+ for (j = 0; j < PK_NCOLS/64; j++)
+- b ^= pk_ptr[j] & e_ptr[j];
++ b ^= buf_get_he64(&pk_ptr[j*8]) & buf_get_he64(&e_ptr[j*8]);
+
+- b ^= ((uint32_t *) &pk_ptr[j])[0] & ((uint32_t *) &e_ptr[j])[0];
++ b ^= buf_get_he32(&pk_ptr[j*8]) & buf_get_he32(&e_ptr[j*8]);
+
+ b ^= b >> 32;
+ b ^= b >> 16;
+--
+2.48.1
+
diff --git a/cipher/mceliece6688128f-patches/0002-mceliece6688128f-harden-mask-generation-against-bran.patch b/cipher/mceliece6688128f-patches/0002-mceliece6688128f-harden-mask-generation-against-bran.patch
new file mode 100644
index 00000000..67a66d8b
--- /dev/null
+++ b/cipher/mceliece6688128f-patches/0002-mceliece6688128f-harden-mask-generation-against-bran.patch
@@ -0,0 +1,179 @@
+From 414bd67219b96481bfa62673c98a650de313bca4 Mon Sep 17 00:00:00 2001
+From: Jussi Kivilinna <jussi.kivilinna at iki.fi>
+Date: Wed, 17 Sep 2025 19:14:02 +0300
+Subject: [PATCH] mceliece6688128f: harden mask generation against branch
+ optimization
+
+* cipher/mceliece6688128f.c (crypto_int64_negative_mask)
+(crypto_int16_negative_mask, crypto_int32_negative_mask)
+(crypto_uint64_signed_negative_mask, crypto_uint16_signed_negative_mask)
+(crypto_uint32_signed_negative_mask, mask_nonzero, mask_leq, vec_cmov)
+(layer, gen_e, gf_mul, same_mask, pk_gen): Generate masks with const-time
+helper function.
+--
+
+Signed-off-by: Jussi Kivilinna <jussi.kivilinna at iki.fi>
+---
+ cipher/mceliece6688128f.c | 34 +++++++++++++++++-----------------
+ 2 files changed, 20 insertions(+), 17 deletions(-)
+
+diff --git a/cipher/mceliece6688128f.c b/cipher/mceliece6688128f.c
+index ca1952b5..7cd04f3b 100644
+--- a/cipher/mceliece6688128f.c
++++ b/cipher/mceliece6688128f.c
+@@ -132,6 +132,7 @@
+
+ #include "g10lib.h"
+ #include "bufhelp.h"
++#include "const-time.h"
+ #include "mceliece6688128f.h"
+
+ static void
+@@ -195,7 +196,7 @@ static void crypto_declassify(void *crypto_declassify_v,long long crypto_declass
+ GCC_ATTR_UNUSED
+ static crypto_int64 crypto_int64_negative_mask(crypto_int64 crypto_int64_x)
+ {
+- return crypto_int64_x >> (64-1);
++ return ct_u64_gen_mask((u64)crypto_int64_x >> (64-1));
+ }
+
+ GCC_ATTR_UNUSED
+@@ -287,7 +288,7 @@ static void crypto_int64_minmax(crypto_int64 *crypto_int64_a,crypto_int64 *crypt
+ GCC_ATTR_UNUSED
+ static crypto_int16 crypto_int16_negative_mask(crypto_int16 crypto_int16_x)
+ {
+- return crypto_int16_x >> (16-1);
++ return ct_ulong_gen_mask((u16)crypto_int16_x >> (16-1));
+ }
+
+ GCC_ATTR_UNUSED
+@@ -379,7 +380,7 @@ static void crypto_int16_minmax(crypto_int16 *crypto_int16_a,crypto_int16 *crypt
+ GCC_ATTR_UNUSED
+ static crypto_int32 crypto_int32_negative_mask(crypto_int32 crypto_int32_x)
+ {
+- return crypto_int32_x >> (32-1);
++ return ct_ulong_gen_mask((u32)crypto_int32_x >> (32-1));
+ }
+
+ GCC_ATTR_UNUSED
+@@ -472,7 +473,7 @@ static void crypto_int32_minmax(crypto_int32 *crypto_int32_a,crypto_int32 *crypt
+ GCC_ATTR_UNUSED
+ static crypto_uint64_signed crypto_uint64_signed_negative_mask(crypto_uint64_signed crypto_uint64_signed_x)
+ {
+- return crypto_uint64_signed_x >> (64-1);
++ return ct_u64_gen_mask((u64)crypto_uint64_signed_x >> (64-1));
+ }
+
+ GCC_ATTR_UNUSED
+@@ -557,7 +558,7 @@ static void crypto_uint64_minmax(crypto_uint64 *crypto_uint64_a,crypto_uint64 *c
+ GCC_ATTR_UNUSED
+ static crypto_uint16_signed crypto_uint16_signed_negative_mask(crypto_uint16_signed crypto_uint16_signed_x)
+ {
+- return crypto_uint16_signed_x >> (16-1);
++ return ct_ulong_gen_mask((crypto_uint16)crypto_uint16_signed_x >> (16-1));
+ }
+
+ GCC_ATTR_UNUSED
+@@ -642,7 +643,7 @@ static void crypto_uint16_minmax(crypto_uint16 *crypto_uint16_a,crypto_uint16 *c
+ GCC_ATTR_UNUSED
+ static crypto_uint32_signed crypto_uint32_signed_negative_mask(crypto_uint32_signed crypto_uint32_signed_x)
+ {
+- return crypto_uint32_signed_x >> (32-1);
++ return ct_ulong_gen_mask((crypto_uint32)crypto_uint32_signed_x >> (32-1));
+ }
+
+ GCC_ATTR_UNUSED
+@@ -1484,7 +1485,7 @@ static inline uint16_t mask_nonzero(gf a)
+
+ ret -= 1;
+ ret >>= 31;
+- ret -= 1;
++ ret = ct_ulong_gen_inv_mask(ret);
+
+ return ret;
+ }
+@@ -1496,7 +1497,7 @@ static inline uint16_t mask_leq(uint16_t a, uint16_t b)
+ uint32_t ret = b_tmp - a_tmp;
+
+ ret >>= 31;
+- ret -= 1;
++ ret = ct_ulong_gen_inv_mask(ret);
+
+ return ret;
+ }
+@@ -1508,7 +1509,7 @@ static inline void vec_cmov(vec * out, vec * in, uint16_t mask)
+ vec m0, m1;
+
+ m0 = vec_set1_16b(mask);
+- m1 = ~m0;
++ m1 = vec_set1_16b((uint16_t)ct_ulong_gen_inv_mask(mask & 1));
+
+ for (i = 0; i < GFBITS; i++)
+ {
+@@ -1884,8 +1885,7 @@ static void layer(int16_t *p, const unsigned char *cb, int s, int n)
+ for (j = 0; j < stride; j++)
+ {
+ d = p[ i+j ] ^ p[ i+j+stride ];
+- m = (cb[ index >> 3 ] >> (index & 7)) & 1;
+- m = -m;
++ m = ct_ulong_gen_mask((cb[ index >> 3 ] >> (index & 7)) & 1);
+ d &= m;
+ p[ i+j ] ^= d;
+ p[ i+j+stride ] ^= d;
+@@ -2224,7 +2224,7 @@ static void gen_e(unsigned char *e)
+ mask = i ^ (ind[j] >> 6);
+ mask -= 1;
+ mask >>= 63;
+- mask = -mask;
++ mask = ct_u64_gen_mask(mask);
+
+ e_int[i] |= val[j] & mask;
+ }
+@@ -2799,7 +2799,7 @@ gf gf_mul(gf in0, gf in1)
+ t0 = in0;
+ t1 = in1;
+
+- tmp = t0 * (t1 & 1);
++ tmp = t0 & ct_u64_gen_mask(t1 & 1);
+
+ for (i = 1; i < GFBITS; i++)
+ tmp ^= (t0 * (t1 & (1 << i)));
+@@ -3241,7 +3241,7 @@ static inline uint64_t same_mask(uint16_t x, uint16_t y)
+ mask = x ^ y;
+ mask -= 1;
+ mask >>= 63;
+- mask = -mask;
++ mask = ct_u64_gen_mask(mask);
+
+ return mask;
+ }
+@@ -3409,7 +3409,7 @@ static int pk_gen(unsigned char * pk, const unsigned char * irr, uint32_t * perm
+ {
+ mask = mat[ row ][ i ] >> j;
+ mask &= 1;
+- mask -= 1;
++ mask = ct_u64_gen_inv_mask(mask);
+
+ for (c = 0; c < nblocks_H; c++)
+ mat[ row ][ c ] ^= mat[ k ][ c ] & mask;
+@@ -3424,7 +3424,7 @@ static int pk_gen(unsigned char * pk, const unsigned char * irr, uint32_t * perm
+ {
+ mask = mat[ k ][ i ] >> j;
+ mask &= 1;
+- mask = -mask;
++ mask = ct_u64_gen_mask(mask);
+
+ for (c = 0; c < nblocks_H; c++)
+ mat[ k ][ c ] ^= mat[ row ][ c ] & mask;
+@@ -3434,7 +3434,7 @@ static int pk_gen(unsigned char * pk, const unsigned char * irr, uint32_t * perm
+ {
+ mask = mat[ k ][ i ] >> j;
+ mask &= 1;
+- mask = -mask;
++ mask = ct_u64_gen_mask(mask);
+
+ for (c = 0; c < nblocks_H; c++)
+ mat[ k ][ c ] ^= mat[ row ][ c ] & mask;
+--
+2.48.1
+
diff --git a/cipher/mceliece6688128f-patches/0003-mceliece6688128f-use-const-time-helper-for-memory-co.patch b/cipher/mceliece6688128f-patches/0003-mceliece6688128f-use-const-time-helper-for-memory-co.patch
new file mode 100644
index 00000000..d254b666
--- /dev/null
+++ b/cipher/mceliece6688128f-patches/0003-mceliece6688128f-use-const-time-helper-for-memory-co.patch
@@ -0,0 +1,36 @@
+From dafc2c4d839d8bc4a52b9c7a46dac9700c88853a Mon Sep 17 00:00:00 2001
+From: Jussi Kivilinna <jussi.kivilinna at iki.fi>
+Date: Wed, 17 Sep 2025 20:11:29 +0300
+Subject: [PATCH] mceliece6688128f: use const-time helper for memory comparison
+
+* cipher/mceliece6688128f.c (sync_cmp): Use const-time helper for comparison.
+--
+
+Signed-off-by: Jussi Kivilinna <jussi.kivilinna at iki.fi>
+---
+ cipher/mceliece6688128f.c | 9 +--------
+ 1 file changed, 1 insertion(+), 8 deletions(-)
+
+diff --git a/cipher/mceliece6688128f.c b/cipher/mceliece6688128f.c
+index 7cd04f3b..1add63e0 100644
+--- a/cipher/mceliece6688128f.c
++++ b/cipher/mceliece6688128f.c
+@@ -2053,14 +2053,7 @@ static int weight_check(unsigned char * e, vec * error)
+
+ static uint16_t synd_cmp(vec s0[][ GFBITS ] , vec s1[][ GFBITS ])
+ {
+- int i, j;
+- vec diff = 0;
+-
+- for (i = 0; i < 4; i++)
+- for (j = 0; j < GFBITS; j++)
+- diff |= (s0[i][j] ^ s1[i][j]);
+-
+- return vec_testz(diff);
++ return _gcry_ct_memequal(s0, s1, sizeof(vec) * 4 * GFBITS);
+ }
+
+ /* Niederreiter decryption with the Berlekamp decoder */
+--
+2.48.1
+
diff --git a/cipher/mceliece6688128f-patches/0004-mceliece6688128f-fix-stack-overflow-crash-on-win64-w.patch b/cipher/mceliece6688128f-patches/0004-mceliece6688128f-fix-stack-overflow-crash-on-win64-w.patch
new file mode 100644
index 00000000..c0682596
--- /dev/null
+++ b/cipher/mceliece6688128f-patches/0004-mceliece6688128f-fix-stack-overflow-crash-on-win64-w.patch
@@ -0,0 +1,71 @@
+From afacc908946717332cdd1f1c014559ff72716969 Mon Sep 17 00:00:00 2001
+From: Jussi Kivilinna <jussi.kivilinna at iki.fi>
+Date: Fri, 26 Sep 2025 09:45:49 +0300
+Subject: [PATCH] mceliece6688128f: fix stack overflow crash on win64/wine
+
+* cipher/mceliece6688128f.c (pk_gen): Remove 'mat' array allocation and
+rename function to ...
+(pk_gen_mat): ... this.
+(pk_gen): New wrapper for 'pk_gen_mat' with dynamic allocation of 'mat'
+array.
+--
+
+Huge array allocations from stack are not always guaranteed to work on
+every target platform, so avoid allocating multi-megabyte 'mat' array
+from stack.
+
+v2: zero 'mat' array after use.
+
+Signed-off-by: Jussi Kivilinna <jussi.kivilinna at iki.fi>
+---
+ cipher/mceliece6688128f.c | 23 +++++++++++++++++------
+ 1 file changed, 17 insertions(+), 6 deletions(-)
+
+diff --git a/cipher/mceliece6688128f.c b/cipher/mceliece6688128f.c
+index ca1952b5..bdc7f265 100644
+--- a/cipher/mceliece6688128f.c
++++ b/cipher/mceliece6688128f.c
+@@ -3315,16 +3315,15 @@ static int mov_columns(uint64_t mat[][ (SYS_N + 63) / 64 ], int16_t * pi, uint64
+ return 0;
+ }
+
+-static int pk_gen(unsigned char * pk, const unsigned char * irr, uint32_t * perm, int16_t * pi, uint64_t * pivots)
+-{
+- const int nblocks_H = (SYS_N + 63) / 64;
+- const int nblocks_I = (PK_NROWS + 63) / 64;
++#define nblocks_H ((SYS_N + 63) / 64)
++#define nblocks_I ((PK_NROWS + 63) / 64)
+
++static int pk_gen_mat(unsigned char * pk, const unsigned char * irr, uint32_t * perm, int16_t * pi, uint64_t * pivots,
++ uint64_t mat[ PK_NROWS ][ nblocks_H ])
++{
+ int i, j, k;
+ int row, c;
+
+- uint64_t mat[ PK_NROWS ][ nblocks_H ];
+-
+ uint64_t mask;
+
+ vec irr_int[2][ GFBITS ];
+@@ -3460,6 +3459,18 @@ static int pk_gen(unsigned char * pk, const unsigned char * irr, uint32_t * perm
+ }
+
+
++static int pk_gen(unsigned char * pk, const unsigned char * irr, uint32_t * perm, int16_t * pi, uint64_t * pivots)
++{
++ /* Allocate large array from heap to avoid stack overflow crash on Win32/Wine. */
++ unsigned int sizeof_mat = sizeof(uint64_t) * PK_NROWS * nblocks_H;
++ void *mat = xmalloc(sizeof_mat);
++ int ret = pk_gen_mat(pk, irr, perm, pi, pivots, mat);
++ wipememory(mat, sizeof_mat);
++ xfree(mat);
++ return ret;
++}
++
++
+ /* from libmceliece-20230612/crypto_kem/6688128f/vec/sk_gen.c */
+ /*
+ This file is for secret-key generation
+--
+2.48.1
+
diff --git a/cipher/mceliece6688128f.sh b/cipher/mceliece6688128f.sh
index 84245432..724c79bc 100755
--- a/cipher/mceliece6688128f.sh
+++ b/cipher/mceliece6688128f.sh
@@ -77,10 +77,18 @@ FILES=" libmceliece-20230612/include-build/crypto_declassify.h
libmceliece-20230612/crypto_kem/6688128f/vec/wrap_dec.c
libmceliece-20230612/crypto_kem/6688128f/vec/wrap_enc.c
libmceliece-20230612/crypto_kem/6688128f/vec/wrap_keypair.c"
+PATCHES="mceliece6688128f-patches/0001-mceliece6688128f-fix-UBSAN-runtime-errors.patch
+ mceliece6688128f-patches/0002-mceliece6688128f-harden-mask-generation-against-bran.patch
+ mceliece6688128f-patches/0003-mceliece6688128f-use-const-time-helper-for-memory-co.patch
+ mceliece6688128f-patches/0004-mceliece6688128f-fix-stack-overflow-crash-on-win64-w.patch
+ "
+
###
set -e
cd $1
+mkdir -p mceliece6688128f-tmp
+(
echo '/* mceliece6688128f.c - Classic McEliece for libgcrypt'
echo ' * Copyright (C) 2023-2024 Simon Josefsson <simon at josefsson.org>'
echo ' *'
@@ -248,3 +256,14 @@ void mceliece6688128f_keypair(uint8_t *pk,
crypto_kem_keypair((unsigned char*) pk, (unsigned char*) sk);
}
EOF
+
+) > mceliece6688128f-tmp/mceliece6688128f.c
+cd mceliece6688128f-tmp
+for patchfile in $PATCHES; do
+ patch -s -p2 < ../$patchfile
+done
+cd ..
+cat mceliece6688128f-tmp/mceliece6688128f.c
+rm mceliece6688128f-tmp/mceliece6688128f.c.orig
+rm mceliece6688128f-tmp/mceliece6688128f.c
+rmdir mceliece6688128f-tmp
--
2.48.1
More information about the Gcrypt-devel
mailing list