[nacl] Initial import (#837050)
Jaroslav Škarvada
jskarvad at fedoraproject.org
Tue Sep 4 12:01:40 UTC 2012
commit 6c5d6e41e35011090aea2ee9e570794495a6f132
Author: Jaroslav Škarvada <jskarvad at redhat.com>
Date: Tue Sep 4 12:18:07 2012 +0200
Initial import (#837050)
.gitignore | 1 +
curvecpclient.1 | 115 ++++++++++++
curvecpmakekey.1 | 40 +++++
curvecpmessage.1 | 70 ++++++++
curvecpprintkey.1 | 40 +++++
curvecpserver.1 | 115 ++++++++++++
nacl-20110221-build-dir.patch | 12 ++
nacl-20110221-dist-flags.patch | 32 ++++
nacl-20110221-noexec-stack.patch | 360 ++++++++++++++++++++++++++++++++++++++
nacl-sha256.1 | 35 ++++
nacl-sha512.1 | 35 ++++
nacl.spec | 69 ++++++++
sources | 1 +
13 files changed, 925 insertions(+), 0 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index e69de29..61cc166 100644
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1 @@
+nacl-*.tar.bz2
diff --git a/curvecpclient.1 b/curvecpclient.1
new file mode 100644
index 0000000..31fecb2
--- /dev/null
+++ b/curvecpclient.1
@@ -0,0 +1,115 @@
+.TH "NaCl" "1"
+.SH "NAME"
+CurveCP \(em Message-handling programs
+.SH "SYNOPSIS"
+.PP
+\fBcurvecpclient\fR [\fB-q \fI(optional)\fR\fP] [\fB-Q \fI(optional)\fR\fP] [\fB-v \fI(optional)\fR\fP] [\fB-c keydir\fI(optional)\fR\fP] [sname] [pk] [ip] [port] [ext] [prog]
+.SH "DESCRIPTION"
+.PP
+This manual page documents briefly the
+\fBCurveCP\fR commands.
+.PP
+A traditional UNIX-style server such as ftpd handles just
+one network connection, reading input from stdin and writing output
+to stdout. A "superserver" such as inetd or tcpserver listens for
+network connections and starts a separate server process for
+each connection.
+.PP
+The \fBCurveCP\fR command-line tools have
+an extra level of modularity. The \fBcurvecpserver\fR superserver listens for network connections. For each connection,
+\fBcurvecpserver\fR starts the
+\fBcurvecpmessage\fR message handler;
+\fBcurvecpmessage\fR then starts a server such as ftpd.
+Then ftpd sends a stream of data to \fBcurvecpmessage\fR,
+which in turn sends messages to \fBcurvecpserver\fR,
+which encrypts and authenticates the messages and sends them inside
+network packets. At the same time \fBcurvecpclient\fR receives network packets, verifies and decrypts messages inside the
+packets, and passes the messages to \fBcurvecpmessage\fR;
+\fBcurvecpmessage\fR sends a stream of data to ftpd.
+The same curvecpmessage tool is also used by
+\fBcurvecpclient\fR.
+.PP
+\fBcurvecpserver\fR and
+\fBcurvecpclient\fR can use programs other than
+\fBcurvecpmessage\fR. Those programs can directly
+generate messages in the CurveCP message format without talking to
+separate tools such as ftpd; or they can support a completely
+different protocol that reuses CurveCP's cryptographic layer
+but transmits different kinds of messages.
+.PP
+This page explains what programmers have to do to write
+\fBcurvecpmessage\fR replacements that talk to
+\fBcurvecpserver\fR and
+\fBcurvecpclient.\fR
+.SH "Incoming messagess"
+.PP
+File descriptor 8 is a pipe. Read from this pipe a length
+byte n, between 1 and 68, and a 16*n-byte message. Repeat.
+The pipe is set to non-blocking mode; be prepared for EAGAIN
+and EWOULDBLOCK, even in the middle of a message.
+.PP
+This pipe reading must always be active. The
+\fBcurvecpclient\fR and
+\fBcurvecpserver\fR programs assume that every
+message is read immediately. If you can't handle a message
+immediately, read it and put it onto a queue. If you don't
+have queue space, throw the message away; this shouldn't cause
+trouble, since you have to be able to handle missing
+messages in any case.
+.SH "Outgoing messagess"
+.PP
+File descriptor 9 is a pipe. Write to this pipe a length
+byte n, between 1 and 68, and a 16*n-byte message. Repeat.
+The pipe is set to non-blocking mode; be prepared for EAGAIN
+and EWOULDBLOCK, even in the middle of a message.
+.PP
+As a client, do not use length bytes above 40 until a message
+has arrived from the server. (The messages inside CurveCP
+Initiate packets are limited to 640 bytes.)
+.PP
+The CurveCP server does not start until it has received
+a message from the client. Furthermore, the CurveCP server
+must receive this message within 60 seconds of the client
+starting up. (The CurveCP Initiate packet is valid for only
+60 seconds after the corresponding CurveCP Cookie packet.)
+This does not mean that the client must start sending
+messages immediately, but it does mean that waiting for
+more than a second to send a message is a bad idea.
+.SH "OPTIONS"
+.PP
+How to use \fBcurvecpclient\fR:
+.IP "\fB-q\fP \fBoptional\fP " 10
+no error messages
+.IP "\fB-Q\fP \fBoptional\fP " 10
+print error messages (default)
+.IP "\fB-v\fP \fBoptional\fP " 10
+print extra information
+.IP "\fB-c keydir\fP \fBoptional\fP " 10
+use this public-key directory
+.IP "\fBsname\fP " 10
+server's name
+.IP "\fBpk\fP " 10
+server's public key
+.IP "\fBip\fP " 10
+server's IP address
+.IP "\fBport\fP " 10
+server's UDP port
+.IP "\fBext\fP " 10
+server's extension
+.IP "\fBprog\fP " 10
+run this client
+.SH "SEE ALSO"
+.PP
+curvecpserver (1), curvecpmessage (1), inetd (8), tcpserver (1).
+.SH "AUTHOR"
+.PP
+This manual page was written by Sergiusz Pawlowicz debian at pawlowicz.name for
+the \fBDebian\fP system (and may be used by others). The source
+of this page is a webpage http://curvecp.org/messageapi.html .
+Permission is granted to copy, distribute and/or modify this
+document under public domain.
+
+.PP
+This manual page was rewritten for the \fBDebian\fP distribution
+because the original program does not have a manual page.
+.\" created by instant / docbook-to-man, Sat 14 Jan 2012, 02:59
diff --git a/curvecpmakekey.1 b/curvecpmakekey.1
new file mode 100644
index 0000000..7684d68
--- /dev/null
+++ b/curvecpmakekey.1
@@ -0,0 +1,40 @@
+.TH "NaCl" "1"
+.SH "NAME"
+CurveCP \(em Message-handling programs
+.SH "SYNOPSIS"
+.PP
+\fBcurvecpmakekey\fR [\fBkeydir\fP]
+.SH "DESCRIPTION"
+.PP
+This manual page documents briefly the
+\fBCurveCP\fR commands.
+.PP
+A traditional UNIX-style server such as ftpd handles just
+one network connection, reading input from stdin and writing output
+to stdout. A "superserver" such as inetd or tcpserver listens for
+network connections and starts a separate server process for
+each connection.
+.PP
+\fBcurvecpmakekey\fR creates keys needed for
+\fBcurvecpclient\fR can use programs other than
+\fBcurvecpserver\fR.
+.SH "OPTIONS"
+.PP
+How to use \fBcurvecpmakekey\fR:
+.IP "\fBkeydir\fP " 10
+a directory where \fBCurveCP\fR keys are going to be created. The direcoty must not exists before keys creation.
+.SH "SEE ALSO"
+.PP
+curvecpserver (1), curvecpclient (1), curvecpprintkey (1), inetd (8), tcpserver (1).
+.SH "AUTHOR"
+.PP
+This manual page was written by Sergiusz Pawlowicz debian at pawlowicz.name for
+the \fBDebian\fP system (and may be used by others). The source
+of this page is a webpage http://curvecp.org/ .
+Permission is granted to copy, distribute and/or modify this
+document under public domain.
+
+.PP
+This manual page was rewritten for the \fBDebian\fP distribution
+because the original program does not have a manual page.
+.\" created by instant / docbook-to-man, Sat 14 Jan 2012, 02:59
diff --git a/curvecpmessage.1 b/curvecpmessage.1
new file mode 100644
index 0000000..465366f
--- /dev/null
+++ b/curvecpmessage.1
@@ -0,0 +1,70 @@
+.TH "NaCl" "1"
+.SH "NAME"
+CurveCP \(em Message-handling programs
+.SH "SYNOPSIS"
+.PP
+\fBcurvecpmessage\fR [\fB-q \fI(optional)\fR\fP] [\fB-Q \fI(optional)\fR\fP] [\fB-v \fI(optional)\fR\fP] [\fB-c \fI(optional)\fR\fP] [\fB-C \fI(optional)\fR\fP] [\fB-s \fI(optional)\fR\fP] [prog]
+.SH "DESCRIPTION"
+.PP
+This manual page documents briefly the
+\fBCurveCP\fR commands.
+.PP
+A traditional UNIX-style server such as ftpd handles just
+one network connection, reading input from stdin and writing output
+to stdout. A "superserver" such as inetd or tcpserver listens for
+network connections and starts a separate server process for
+each connection.
+.PP
+The \fBCurveCP\fR command-line tools have
+an extra level of modularity. The \fBcurvecpserver\fR superserver listens for network connections. For each connection,
+\fBcurvecpserver\fR starts the
+\fBcurvecpmessage\fR message handler;
+\fBcurvecpmessage\fR then starts a server such as ftpd.
+Then ftpd sends a stream of data to \fBcurvecpmessage\fR,
+which in turn sends messages to \fBcurvecpserver\fR,
+which encrypts and authenticates the messages and sends them inside
+network packets. At the same time \fBcurvecpclient\fR receives network packets, verifies and decrypts messages inside the
+packets, and passes the messages to \fBcurvecpmessage\fR;
+\fBcurvecpmessage\fR sends a stream of data to ftpd.
+The same curvecpmessage tool is also used by
+\fBcurvecpclient\fR.
+.PP
+\fBcurvecpserver\fR and
+\fBcurvecpclient\fR can use programs other than
+\fBcurvecpmessage\fR. Those programs can directly
+generate messages in the CurveCP message format without talking to
+separate tools such as ftpd; or they can support a completely
+different protocol that reuses CurveCP's cryptographic layer
+but transmits different kinds of messages.
+.SH "OPTIONS"
+.PP
+How to use \fBcurvecpmessage\fR:
+.IP "\fB-q\fP \fBoptional\fP " 10
+no error messages
+.IP "\fB-Q\fP \fBoptional\fP " 10
+print error messages (default)
+.IP "\fB-v\fP \fBoptional\fP " 10
+print extra information
+.IP "\fB-c\fP \fBoptional\fP " 10
+program is a client; server starts first
+.IP "\fB-C\fP \fBoptional\fP " 10
+program is a client that starts first
+.IP "\fB-s\fP \fBoptional\fP " 10
+program is a server (default)
+.IP "\fBprog\fP " 10
+run this server
+.SH "SEE ALSO"
+.PP
+curvecpserver (1), curvecpclient (1), inetd (8), tcpserver (1).
+.SH "AUTHOR"
+.PP
+This manual page was written by Sergiusz Pawlowicz debian at pawlowicz.name for
+the \fBDebian\fP system (and may be used by others). The source
+of this page is a webpage http://curvecp.org/messageapi.html .
+Permission is granted to copy, distribute and/or modify this
+document under public domain.
+
+.PP
+This manual page was rewritten for the \fBDebian\fP distribution
+because the original program does not have a manual page.
+.\" created by instant / docbook-to-man, Sat 14 Jan 2012, 02:59
diff --git a/curvecpprintkey.1 b/curvecpprintkey.1
new file mode 100644
index 0000000..42de225
--- /dev/null
+++ b/curvecpprintkey.1
@@ -0,0 +1,40 @@
+.TH "NaCl" "1"
+.SH "NAME"
+CurveCP \(em Message-handling programs
+.SH "SYNOPSIS"
+.PP
+\fBcurvecpmakekey\fR [\fBkeydir\fP]
+.SH "DESCRIPTION"
+.PP
+This manual page documents briefly the
+\fBCurveCP\fR commands.
+.PP
+A traditional UNIX-style server such as ftpd handles just
+one network connection, reading input from stdin and writing output
+to stdout. A "superserver" such as inetd or tcpserver listens for
+network connections and starts a separate server process for
+each connection.
+.PP
+\fBcurvecpprintkey\fR prints ascii version of binary
+keys needed for \fBcurvecpclient\fR and \fBcurvecpserver\fR and created using
+\fBcurvecpmakekey\fR command before.
+.SH "OPTIONS"
+.PP
+How to use \fBcurvecpprintkey\fR:
+.IP "\fBkeydir\fP " 10
+a directory where \fBCurveCP\fR binary keys were created.
+.SH "SEE ALSO"
+.PP
+curvecpserver (1), curvecpclient (1), curvecpmakekey (1), inetd (8), tcpserver (1).
+.SH "AUTHOR"
+.PP
+This manual page was written by Sergiusz Pawlowicz debian at pawlowicz.name for
+the \fBDebian\fP system (and may be used by others). The source
+of this page is a webpage http://curvecp.org/ .
+Permission is granted to copy, distribute and/or modify this
+document under public domain.
+
+.PP
+This manual page was rewritten for the \fBDebian\fP distribution
+because the original program does not have a manual page.
+.\" created by instant / docbook-to-man, Sat 14 Jan 2012, 02:59
diff --git a/curvecpserver.1 b/curvecpserver.1
new file mode 100644
index 0000000..e1f93b8
--- /dev/null
+++ b/curvecpserver.1
@@ -0,0 +1,115 @@
+.TH "NaCl" "1"
+.SH "NAME"
+CurveCP \(em Message-handling programs
+.SH "SYNOPSIS"
+.PP
+\fBcurvecpserver\fR [\fB-q \fI(optional)\fR\fP] [\fB-Q \fI(optional)\fR\fP] [\fB-v \fI(optional)\fR\fP] [\fB-c n\fI(optional)\fR\fP] [sname] [keydir] [ip] [port] [ext] [prog]
+.SH "DESCRIPTION"
+.PP
+This manual page documents briefly the
+\fBCurveCP\fR commands.
+.PP
+A traditional UNIX-style server such as ftpd handles just
+one network connection, reading input from stdin and writing output
+to stdout. A "superserver" such as inetd or tcpserver listens for
+network connections and starts a separate server process for
+each connection.
+.PP
+The \fBCurveCP\fR command-line tools have
+an extra level of modularity. The \fBcurvecpserver\fR superserver listens for network connections. For each connection,
+\fBcurvecpserver\fR starts the
+\fBcurvecpmessage\fR message handler;
+\fBcurvecpmessage\fR then starts a server such as ftpd.
+Then ftpd sends a stream of data to \fBcurvecpmessage\fR,
+which in turn sends messages to \fBcurvecpserver\fR,
+which encrypts and authenticates the messages and sends them inside
+network packets. At the same time \fBcurvecpclient\fR receives network packets, verifies and decrypts messages inside the
+packets, and passes the messages to \fBcurvecpmessage\fR;
+\fBcurvecpmessage\fR sends a stream of data to ftpd.
+The same curvecpmessage tool is also used by
+\fBcurvecpclient\fR.
+.PP
+\fBcurvecpserver\fR and
+\fBcurvecpclient\fR can use programs other than
+\fBcurvecpmessage\fR. Those programs can directly
+generate messages in the CurveCP message format without talking to
+separate tools such as ftpd; or they can support a completely
+different protocol that reuses CurveCP's cryptographic layer
+but transmits different kinds of messages.
+.PP
+This page explains what programmers have to do to write
+\fBcurvecpmessage\fR replacements that talk to
+\fBcurvecpserver\fR and
+\fBcurvecpclient.\fR
+.SH "Incoming messagess"
+.PP
+File descriptor 8 is a pipe. Read from this pipe a length
+byte n, between 1 and 68, and a 16*n-byte message. Repeat.
+The pipe is set to non-blocking mode; be prepared for EAGAIN
+and EWOULDBLOCK, even in the middle of a message.
+.PP
+This pipe reading must always be active. The
+\fBcurvecpclient\fR and
+\fBcurvecpserver\fR programs assume that every
+message is read immediately. If you can't handle a message
+immediately, read it and put it onto a queue. If you don't
+have queue space, throw the message away; this shouldn't cause
+trouble, since you have to be able to handle missing
+messages in any case.
+.SH "Outgoing messagess"
+.PP
+File descriptor 9 is a pipe. Write to this pipe a length
+byte n, between 1 and 68, and a 16*n-byte message. Repeat.
+The pipe is set to non-blocking mode; be prepared for EAGAIN
+and EWOULDBLOCK, even in the middle of a message.
+.PP
+As a client, do not use length bytes above 40 until a message
+has arrived from the server. (The messages inside CurveCP
+Initiate packets are limited to 640 bytes.)
+.PP
+The CurveCP server does not start until it has received
+a message from the client. Furthermore, the CurveCP server
+must receive this message within 60 seconds of the client
+starting up. (The CurveCP Initiate packet is valid for only
+60 seconds after the corresponding CurveCP Cookie packet.)
+This does not mean that the client must start sending
+messages immediately, but it does mean that waiting for
+more than a second to send a message is a bad idea.
+.SH "OPTIONS"
+.PP
+How to use \fBcurvecpserver\fR:
+.IP "\fB-q\fP \fBoptional\fP " 10
+no error messages
+.IP "\fB-Q\fP \fBoptional\fP " 10
+print error messages (default)
+.IP "\fB-v\fP \fBoptional\fP " 10
+print extra information
+.IP "\fB-c n\fP \fBoptional\fP " 10
+allow at most n clients at once (default 100)
+.IP "\fBsname\fP " 10
+server's name
+.IP "\fBkeydir\fP " 10
+use this public-key directory
+.IP "\fBip\fP " 10
+server's IP address
+.IP "\fBport\fP " 10
+server's UDP port
+.IP "\fBext\fP " 10
+server's extension
+.IP "\fBprog\fP " 10
+run this server
+.SH "SEE ALSO"
+.PP
+curvecpmessage (1), curvecpclient (1), inetd (8), tcpserver (1).
+.SH "AUTHOR"
+.PP
+This manual page was written by Sergiusz Pawlowicz debian at pawlowicz.name for
+the \fBDebian\fP system (and may be used by others). The source
+of this page is a webpage http://curvecp.org/messageapi.html .
+Permission is granted to copy, distribute and/or modify this
+document under public domain.
+
+.PP
+This manual page was rewritten for the \fBDebian\fP distribution
+because the original program does not have a manual page.
+.\" created by instant / docbook-to-man, Sat 14 Jan 2012, 02:59
diff --git a/nacl-20110221-build-dir.patch b/nacl-20110221-build-dir.patch
new file mode 100644
index 0000000..e031411
--- /dev/null
+++ b/nacl-20110221-build-dir.patch
@@ -0,0 +1,12 @@
+diff -up nacl-20110221/do.orig2 nacl-20110221/do
+--- nacl-20110221/do.orig2 2011-02-21 02:49:34.000000000 +0100
++++ nacl-20110221/do 2012-07-02 12:12:30.625713153 +0200
+@@ -6,7 +6,7 @@
+
+ version=`cat version`
+ project=nacl
+-shorthostname=`hostname | sed 's/\..*//' | tr -cd '[a-z][A-Z][0-9]'`
++shorthostname=fedora
+
+ top="`pwd`/build/$shorthostname"
+ bin="$top/bin"
diff --git a/nacl-20110221-dist-flags.patch b/nacl-20110221-dist-flags.patch
new file mode 100644
index 0000000..12fb822
--- /dev/null
+++ b/nacl-20110221-dist-flags.patch
@@ -0,0 +1,32 @@
+diff -up nacl-20110221/okcompilers/archivers.orig nacl-20110221/okcompilers/archivers
+--- nacl-20110221/okcompilers/archivers.orig 2011-02-21 02:49:34.000000000 +0100
++++ nacl-20110221/okcompilers/archivers 2012-07-02 10:56:30.929832263 +0200
+@@ -1,2 +1 @@
+ ar
+-ar -X64
+diff -up nacl-20110221/okcompilers/c.orig nacl-20110221/okcompilers/c
+--- nacl-20110221/okcompilers/c.orig 2011-02-21 02:49:34.000000000 +0100
++++ nacl-20110221/okcompilers/c 2012-07-02 10:56:52.064814922 +0200
+@@ -1,8 +1 @@
+-gcc -m64 -O3 -fomit-frame-pointer -funroll-loops
+-gcc -m64 -O -fomit-frame-pointer
+-gcc -m64 -fomit-frame-pointer
+-gcc -m32 -O3 -fomit-frame-pointer -funroll-loops
+-gcc -m32 -O -fomit-frame-pointer
+-gcc -m32 -fomit-frame-pointer
+-spu-gcc -mstdmain -march=cell -O3 -funroll-loops -fomit-frame-pointer -Drandom=rand -Dsrandom=srand
+-spu-gcc -mstdmain -march=cell -O -fomit-frame-pointer -Drandom=rand -Dsrandom=srand
++gcc ${CFLAGS}
+diff -up nacl-20110221/okcompilers/cpp.orig nacl-20110221/okcompilers/cpp
+--- nacl-20110221/okcompilers/cpp.orig 2011-02-21 02:49:34.000000000 +0100
++++ nacl-20110221/okcompilers/cpp 2012-07-02 10:57:14.194797612 +0200
+@@ -1,8 +1 @@
+-g++ -m64 -O3 -fomit-frame-pointer -funroll-loops
+-g++ -m64 -O -fomit-frame-pointer
+-g++ -m64 -fomit-frame-pointer
+-g++ -m32 -O3 -fomit-frame-pointer -funroll-loops
+-g++ -m32 -O -fomit-frame-pointer
+-g++ -m32 -fomit-frame-pointer
+-spu-g++ -mstdmain -march=cell -O3 -funroll-loops -fomit-frame-pointer -Drandom=rand -Dsrandom=srand
+-spu-g++ -mstdmain -march=cell -O -fomit-frame-pointer -Drandom=rand -Dsrandom=srand
++g++ -${CFLAGS}
diff --git a/nacl-20110221-noexec-stack.patch b/nacl-20110221-noexec-stack.patch
new file mode 100644
index 0000000..b7efa5c
--- /dev/null
+++ b/nacl-20110221-noexec-stack.patch
@@ -0,0 +1,360 @@
+diff --git a/crypto_onetimeauth/poly1305/amd64/auth.s b/crypto_onetimeauth/poly1305/amd64/auth.s
+index 5212a3e..c44d60f 100644
+--- a/crypto_onetimeauth/poly1305/amd64/auth.s
++++ b/crypto_onetimeauth/poly1305/amd64/auth.s
+@@ -2785,3 +2785,13 @@ add %r11,%rsp
+ xor %rax,%rax
+ xor %rdx,%rdx
+ ret
++
++%ifidn __OUTPUT_FORMAT__,elf
++section .note.GNU-stack noalloc noexec nowrite progbits
++%endif
++%ifidn __OUTPUT_FORMAT__,elf32
++section .note.GNU-stack noalloc noexec nowrite progbits
++%endif
++%ifidn __OUTPUT_FORMAT__,elf64
++section .note.GNU-stack noalloc noexec nowrite progbits
++%endif
+diff --git a/crypto_onetimeauth/poly1305/amd64/constants.s b/crypto_onetimeauth/poly1305/amd64/constants.s
+index 1bfb0be..96d9763 100644
+--- a/crypto_onetimeauth/poly1305/amd64/constants.s
++++ b/crypto_onetimeauth/poly1305/amd64/constants.s
+@@ -83,3 +83,13 @@ crypto_onetimeauth_poly1305_amd64_hoffset3:
+ crypto_onetimeauth_poly1305_amd64_rounding:
+ .byte 0x7f
+ .byte 0x13
++
++%ifidn __OUTPUT_FORMAT__,elf
++section .note.GNU-stack noalloc noexec nowrite progbits
++%endif
++%ifidn __OUTPUT_FORMAT__,elf32
++section .note.GNU-stack noalloc noexec nowrite progbits
++%endif
++%ifidn __OUTPUT_FORMAT__,elf64
++section .note.GNU-stack noalloc noexec nowrite progbits
++%endif
+diff --git a/crypto_onetimeauth/poly1305/x86/auth.s b/crypto_onetimeauth/poly1305/x86/auth.s
+index acb8c51..daecfa1 100644
+--- a/crypto_onetimeauth/poly1305/x86/auth.s
++++ b/crypto_onetimeauth/poly1305/x86/auth.s
+@@ -2777,3 +2777,13 @@ movl 16(%esp),%ebp
+ add %eax,%esp
+ xor %eax,%eax
+ ret
++
++%ifidn __OUTPUT_FORMAT__,elf
++section .note.GNU-stack noalloc noexec nowrite progbits
++%endif
++%ifidn __OUTPUT_FORMAT__,elf32
++section .note.GNU-stack noalloc noexec nowrite progbits
++%endif
++%ifidn __OUTPUT_FORMAT__,elf64
++section .note.GNU-stack noalloc noexec nowrite progbits
++%endif
+diff --git a/crypto_onetimeauth/poly1305/x86/constants.s b/crypto_onetimeauth/poly1305/x86/constants.s
+index ab2456c..84fe79f 100644
+--- a/crypto_onetimeauth/poly1305/x86/constants.s
++++ b/crypto_onetimeauth/poly1305/x86/constants.s
+@@ -83,3 +83,13 @@ crypto_onetimeauth_poly1305_x86_hoffset3:
+ crypto_onetimeauth_poly1305_x86_rounding:
+ .byte 0x7f
+ .byte 0x13
++
++%ifidn __OUTPUT_FORMAT__,elf
++section .note.GNU-stack noalloc noexec nowrite progbits
++%endif
++%ifidn __OUTPUT_FORMAT__,elf32
++section .note.GNU-stack noalloc noexec nowrite progbits
++%endif
++%ifidn __OUTPUT_FORMAT__,elf64
++section .note.GNU-stack noalloc noexec nowrite progbits
++%endif
+diff --git a/crypto_scalarmult/curve25519/athlon/const.s b/crypto_scalarmult/curve25519/athlon/const.s
+index 9042c2f..2ee3e75 100644
+--- a/crypto_scalarmult/curve25519/athlon/const.s
++++ b/crypto_scalarmult/curve25519/athlon/const.s
+@@ -112,3 +112,13 @@ crypto_scalarmult_curve25519_athlon_out9offset:
+ crypto_scalarmult_curve25519_athlon_rounding:
+ .byte 0x7f
+ .byte 0x13
++
++%ifidn __OUTPUT_FORMAT__,elf
++section .note.GNU-stack noalloc noexec nowrite progbits
++%endif
++%ifidn __OUTPUT_FORMAT__,elf32
++section .note.GNU-stack noalloc noexec nowrite progbits
++%endif
++%ifidn __OUTPUT_FORMAT__,elf64
++section .note.GNU-stack noalloc noexec nowrite progbits
++%endif
+diff --git a/crypto_scalarmult/curve25519/athlon/fromdouble.s b/crypto_scalarmult/curve25519/athlon/fromdouble.s
+index 221ca35..5ebbe1b 100644
+--- a/crypto_scalarmult/curve25519/athlon/fromdouble.s
++++ b/crypto_scalarmult/curve25519/athlon/fromdouble.s
+@@ -193,3 +193,13 @@ movl %edx,28(%ecx)
+ movl 0(%esp),%ebp
+ add %eax,%esp
+ ret
++
++%ifidn __OUTPUT_FORMAT__,elf
++section .note.GNU-stack noalloc noexec nowrite progbits
++%endif
++%ifidn __OUTPUT_FORMAT__,elf32
++section .note.GNU-stack noalloc noexec nowrite progbits
++%endif
++%ifidn __OUTPUT_FORMAT__,elf64
++section .note.GNU-stack noalloc noexec nowrite progbits
++%endif
+diff --git a/crypto_scalarmult/curve25519/athlon/init.s b/crypto_scalarmult/curve25519/athlon/init.s
+index edd3c58..bce33ae 100644
+--- a/crypto_scalarmult/curve25519/athlon/init.s
++++ b/crypto_scalarmult/curve25519/athlon/init.s
+@@ -11,3 +11,13 @@ sub %eax,%esp
+ fldcw crypto_scalarmult_curve25519_athlon_rounding
+ add %eax,%esp
+ ret
++
++%ifidn __OUTPUT_FORMAT__,elf
++section .note.GNU-stack noalloc noexec nowrite progbits
++%endif
++%ifidn __OUTPUT_FORMAT__,elf32
++section .note.GNU-stack noalloc noexec nowrite progbits
++%endif
++%ifidn __OUTPUT_FORMAT__,elf64
++section .note.GNU-stack noalloc noexec nowrite progbits
++%endif
+diff --git a/crypto_scalarmult/curve25519/athlon/mainloop.s b/crypto_scalarmult/curve25519/athlon/mainloop.s
+index 4741290..7f04515 100644
+--- a/crypto_scalarmult/curve25519/athlon/mainloop.s
++++ b/crypto_scalarmult/curve25519/athlon/mainloop.s
+@@ -3988,3 +3988,13 @@ movl 172(%ecx),%edi
+ movl 176(%ecx),%ebp
+ add %eax,%esp
+ ret
++
++%ifidn __OUTPUT_FORMAT__,elf
++section .note.GNU-stack noalloc noexec nowrite progbits
++%endif
++%ifidn __OUTPUT_FORMAT__,elf32
++section .note.GNU-stack noalloc noexec nowrite progbits
++%endif
++%ifidn __OUTPUT_FORMAT__,elf64
++section .note.GNU-stack noalloc noexec nowrite progbits
++%endif
+diff --git a/crypto_scalarmult/curve25519/athlon/mult.s b/crypto_scalarmult/curve25519/athlon/mult.s
+index 16f0e90..64c1644 100644
+--- a/crypto_scalarmult/curve25519/athlon/mult.s
++++ b/crypto_scalarmult/curve25519/athlon/mult.s
+@@ -408,3 +408,13 @@ fstpl 72(%ecx)
+ movl 0(%esp),%ebp
+ add %eax,%esp
+ ret
++
++%ifidn __OUTPUT_FORMAT__,elf
++section .note.GNU-stack noalloc noexec nowrite progbits
++%endif
++%ifidn __OUTPUT_FORMAT__,elf32
++section .note.GNU-stack noalloc noexec nowrite progbits
++%endif
++%ifidn __OUTPUT_FORMAT__,elf64
++section .note.GNU-stack noalloc noexec nowrite progbits
++%endif
+diff --git a/crypto_scalarmult/curve25519/athlon/square.s b/crypto_scalarmult/curve25519/athlon/square.s
+index 754def7..1524a1c 100644
+--- a/crypto_scalarmult/curve25519/athlon/square.s
++++ b/crypto_scalarmult/curve25519/athlon/square.s
+@@ -296,3 +296,13 @@ fstpl 64(%ecx)
+ fstpl 72(%ecx)
+ add %eax,%esp
+ ret
++
++%ifidn __OUTPUT_FORMAT__,elf
++section .note.GNU-stack noalloc noexec nowrite progbits
++%endif
++%ifidn __OUTPUT_FORMAT__,elf32
++section .note.GNU-stack noalloc noexec nowrite progbits
++%endif
++%ifidn __OUTPUT_FORMAT__,elf64
++section .note.GNU-stack noalloc noexec nowrite progbits
++%endif
+diff --git a/crypto_scalarmult/curve25519/athlon/todouble.s b/crypto_scalarmult/curve25519/athlon/todouble.s
+index c37aa44..f43f115 100644
+--- a/crypto_scalarmult/curve25519/athlon/todouble.s
++++ b/crypto_scalarmult/curve25519/athlon/todouble.s
+@@ -142,3 +142,13 @@ faddp %st(0),%st(1)
+ fstpl 72(%ecx)
+ add %eax,%esp
+ ret
++
++%ifidn __OUTPUT_FORMAT__,elf
++section .note.GNU-stack noalloc noexec nowrite progbits
++%endif
++%ifidn __OUTPUT_FORMAT__,elf32
++section .note.GNU-stack noalloc noexec nowrite progbits
++%endif
++%ifidn __OUTPUT_FORMAT__,elf64
++section .note.GNU-stack noalloc noexec nowrite progbits
++%endif
+diff --git a/crypto_stream/aes128ctr/core2/afternm.s b/crypto_stream/aes128ctr/core2/afternm.s
+index c1ba79e..ab1ac5f 100644
+--- a/crypto_stream/aes128ctr/core2/afternm.s
++++ b/crypto_stream/aes128ctr/core2/afternm.s
+@@ -12306,3 +12306,13 @@ mov %rdi,%rax
+ mov %rsi,%rdx
+ xor %rax,%rax
+ ret
++
++%ifidn __OUTPUT_FORMAT__,elf
++section .note.GNU-stack noalloc noexec nowrite progbits
++%endif
++%ifidn __OUTPUT_FORMAT__,elf32
++section .note.GNU-stack noalloc noexec nowrite progbits
++%endif
++%ifidn __OUTPUT_FORMAT__,elf64
++section .note.GNU-stack noalloc noexec nowrite progbits
++%endif
+diff --git a/crypto_stream/aes128ctr/core2/beforenm.s b/crypto_stream/aes128ctr/core2/beforenm.s
+index 689ad8c..1626f51 100644
+--- a/crypto_stream/aes128ctr/core2/beforenm.s
++++ b/crypto_stream/aes128ctr/core2/beforenm.s
+@@ -13692,3 +13692,13 @@ mov %rdi,%rax
+ mov %rsi,%rdx
+ xor %rax,%rax
+ ret
++
++%ifidn __OUTPUT_FORMAT__,elf
++section .note.GNU-stack noalloc noexec nowrite progbits
++%endif
++%ifidn __OUTPUT_FORMAT__,elf32
++section .note.GNU-stack noalloc noexec nowrite progbits
++%endif
++%ifidn __OUTPUT_FORMAT__,elf64
++section .note.GNU-stack noalloc noexec nowrite progbits
++%endif
+diff --git a/crypto_stream/aes128ctr/core2/xor_afternm.s b/crypto_stream/aes128ctr/core2/xor_afternm.s
+index 022691a..2985674 100644
+--- a/crypto_stream/aes128ctr/core2/xor_afternm.s
++++ b/crypto_stream/aes128ctr/core2/xor_afternm.s
+@@ -12405,3 +12405,13 @@ mov %rdi,%rax
+ mov %rsi,%rdx
+ xor %rax,%rax
+ ret
++
++%ifidn __OUTPUT_FORMAT__,elf
++section .note.GNU-stack noalloc noexec nowrite progbits
++%endif
++%ifidn __OUTPUT_FORMAT__,elf32
++section .note.GNU-stack noalloc noexec nowrite progbits
++%endif
++%ifidn __OUTPUT_FORMAT__,elf64
++section .note.GNU-stack noalloc noexec nowrite progbits
++%endif
+diff --git a/crypto_stream/salsa20/amd64_xmm6/stream.s b/crypto_stream/salsa20/amd64_xmm6/stream.s
+index 82a897f..5da3bc6 100644
+--- a/crypto_stream/salsa20/amd64_xmm6/stream.s
++++ b/crypto_stream/salsa20/amd64_xmm6/stream.s
+@@ -4821,3 +4821,13 @@ add $64,%rsi
+
+ # qhasm: goto bytesbetween1and255
+ jmp ._bytesbetween1and255
++
++%ifidn __OUTPUT_FORMAT__,elf
++section .note.GNU-stack noalloc noexec nowrite progbits
++%endif
++%ifidn __OUTPUT_FORMAT__,elf32
++section .note.GNU-stack noalloc noexec nowrite progbits
++%endif
++%ifidn __OUTPUT_FORMAT__,elf64
++section .note.GNU-stack noalloc noexec nowrite progbits
++%endif
+diff --git a/crypto_stream/salsa20/x86_xmm5/stream.s b/crypto_stream/salsa20/x86_xmm5/stream.s
+index 9e32ea4..da9229c 100644
+--- a/crypto_stream/salsa20/x86_xmm5/stream.s
++++ b/crypto_stream/salsa20/x86_xmm5/stream.s
+@@ -5076,3 +5076,13 @@ add $64,%esi
+
+ # qhasm: goto bytesbetween1and255
+ jmp ._bytesbetween1and255
++
++%ifidn __OUTPUT_FORMAT__,elf
++section .note.GNU-stack noalloc noexec nowrite progbits
++%endif
++%ifidn __OUTPUT_FORMAT__,elf32
++section .note.GNU-stack noalloc noexec nowrite progbits
++%endif
++%ifidn __OUTPUT_FORMAT__,elf64
++section .note.GNU-stack noalloc noexec nowrite progbits
++%endif
+diff --git a/crypto_stream/salsa2012/amd64_xmm6/stream.s b/crypto_stream/salsa2012/amd64_xmm6/stream.s
+index 0e26dc9..bb5395a 100644
+--- a/crypto_stream/salsa2012/amd64_xmm6/stream.s
++++ b/crypto_stream/salsa2012/amd64_xmm6/stream.s
+@@ -4821,3 +4821,13 @@ add $64,%rsi
+
+ # qhasm: goto bytesbetween1and255
+ jmp ._bytesbetween1and255
++
++%ifidn __OUTPUT_FORMAT__,elf
++section .note.GNU-stack noalloc noexec nowrite progbits
++%endif
++%ifidn __OUTPUT_FORMAT__,elf32
++section .note.GNU-stack noalloc noexec nowrite progbits
++%endif
++%ifidn __OUTPUT_FORMAT__,elf64
++section .note.GNU-stack noalloc noexec nowrite progbits
++%endif
+diff --git a/crypto_stream/salsa2012/x86_xmm5/stream.s b/crypto_stream/salsa2012/x86_xmm5/stream.s
+index c511b0d..c838a7b 100644
+--- a/crypto_stream/salsa2012/x86_xmm5/stream.s
++++ b/crypto_stream/salsa2012/x86_xmm5/stream.s
+@@ -5076,3 +5076,13 @@ add $64,%esi
+
+ # qhasm: goto bytesbetween1and255
+ jmp ._bytesbetween1and255
++
++%ifidn __OUTPUT_FORMAT__,elf
++section .note.GNU-stack noalloc noexec nowrite progbits
++%endif
++%ifidn __OUTPUT_FORMAT__,elf32
++section .note.GNU-stack noalloc noexec nowrite progbits
++%endif
++%ifidn __OUTPUT_FORMAT__,elf64
++section .note.GNU-stack noalloc noexec nowrite progbits
++%endif
+diff --git a/crypto_stream/salsa208/amd64_xmm6/stream.s b/crypto_stream/salsa208/amd64_xmm6/stream.s
+index f27411f..90d70a9 100644
+--- a/crypto_stream/salsa208/amd64_xmm6/stream.s
++++ b/crypto_stream/salsa208/amd64_xmm6/stream.s
+@@ -4821,3 +4821,13 @@ add $64,%rsi
+
+ # qhasm: goto bytesbetween1and255
+ jmp ._bytesbetween1and255
++
++%ifidn __OUTPUT_FORMAT__,elf
++section .note.GNU-stack noalloc noexec nowrite progbits
++%endif
++%ifidn __OUTPUT_FORMAT__,elf32
++section .note.GNU-stack noalloc noexec nowrite progbits
++%endif
++%ifidn __OUTPUT_FORMAT__,elf64
++section .note.GNU-stack noalloc noexec nowrite progbits
++%endif
+diff --git a/crypto_stream/salsa208/x86_xmm5/stream.s b/crypto_stream/salsa208/x86_xmm5/stream.s
+index 065253a..4a02437 100644
+--- a/crypto_stream/salsa208/x86_xmm5/stream.s
++++ b/crypto_stream/salsa208/x86_xmm5/stream.s
+@@ -5076,3 +5076,13 @@ add $64,%esi
+
+ # qhasm: goto bytesbetween1and255
+ jmp ._bytesbetween1and255
++
++%ifidn __OUTPUT_FORMAT__,elf
++section .note.GNU-stack noalloc noexec nowrite progbits
++%endif
++%ifidn __OUTPUT_FORMAT__,elf32
++section .note.GNU-stack noalloc noexec nowrite progbits
++%endif
++%ifidn __OUTPUT_FORMAT__,elf64
++section .note.GNU-stack noalloc noexec nowrite progbits
++%endif
diff --git a/nacl-sha256.1 b/nacl-sha256.1
new file mode 100644
index 0000000..2648e9d
--- /dev/null
+++ b/nacl-sha256.1
@@ -0,0 +1,35 @@
+.TH "NaCl" "1"
+.SH "NAME"
+nacl-sha256 \(em program to calculate the sha256 hash
+.SH "SYNOPSIS"
+.PP
+\fBnacl-sha256\fR
+.SH "DESCRIPTION"
+.PP
+This manual page documents briefly the
+\fBnacl-sha256\fR command.
+.PP
+This manual page was written for the \fBDebian\fP distribution
+because the original program does not have a manual page.
+Instead, it has documentation in the GNU.
+.PP
+\fBnacl-sha256\fR is a program that uses NaCl to calculate the sha256 hash of the first 4096 bytes of input.
+.SH "OPTIONS"
+.PP
+These program expects input on standard input and prints the sha256 hash of the first 4096 bytes on standard output.
+.SH "SEE ALSO"
+.PP
+nacl-sha512 (1).
+.SH "AUTHOR"
+.PP
+This manual page was written by Sergiusz Pawlowicz debian at pawlowicz.name for
+the \fBDebian\fP system (and may be used by others). Permission is
+granted to copy, distribute and/or modify this document under
+the terms of the GNU General Public License, Version 2 any
+later version published by the Free Software Foundation.
+
+.PP
+On Debian systems, the complete text of the GNU General Public
+License can be found in /usr/share/common-licenses/GPL.
+
+.\" created by instant / docbook-to-man, Sat 14 Jan 2012, 02:59
diff --git a/nacl-sha512.1 b/nacl-sha512.1
new file mode 100644
index 0000000..16f5fcf
--- /dev/null
+++ b/nacl-sha512.1
@@ -0,0 +1,35 @@
+.TH "NaCl" "1"
+.SH "NAME"
+nacl-sha512 \(em program to calculate the sha512 hash
+.SH "SYNOPSIS"
+.PP
+\fBnacl-sha512\fR
+.SH "DESCRIPTION"
+.PP
+This manual page documents briefly the
+\fBnacl-sha512\fR command.
+.PP
+This manual page was written for the \fBDebian\fP distribution
+because the original program does not have a manual page.
+Instead, it has documentation in the GNU.
+.PP
+\fBnacl-sha512\fR is a program that uses NaCl to calculate the sha512 hash of the first 4096 bytes of input.
+.SH "OPTIONS"
+.PP
+These program expects input on standard input and prints the sha512 hash of the first 4096 bytes on standard output.
+.SH "SEE ALSO"
+.PP
+nacl-sha256 (1).
+.SH "AUTHOR"
+.PP
+This manual page was written by Sergiusz Pawlowicz debian at pawlowicz.name for
+the \fBDebian\fP system (and may be used by others). Permission is
+granted to copy, distribute and/or modify this document under
+the terms of the GNU General Public License, Version 2 any
+later version published by the Free Software Foundation.
+
+.PP
+On Debian systems, the complete text of the GNU General Public
+License can be found in /usr/share/common-licenses/GPL.
+
+.\" created by instant / docbook-to-man, Sat 14 Jan 2012, 02:59
diff --git a/nacl.spec b/nacl.spec
new file mode 100644
index 0000000..ce1e00b
--- /dev/null
+++ b/nacl.spec
@@ -0,0 +1,69 @@
+Name: nacl
+URL: http://nacl.cr.yp.to/
+Version: 20110221
+Release: 1%{?dist}
+License: Public Domain
+Group: Development/Libraries
+Summary: Networking and Cryptography library
+BuildRequires: lsvpd e2fsprogs
+Source0: http://hyperelliptic.org/nacl/nacl-%{version}.tar.bz2
+Source1: curvecpclient.1
+Source2: curvecpserver.1
+Source3: curvecpmakekey.1
+Source4: curvecpmessage.1
+Source5: curvecpprintkey.1
+Source6: nacl-sha256.1
+Source7: nacl-sha512.1
+Patch0: nacl-20110221-dist-flags.patch
+Patch1: nacl-20110221-build-dir.patch
+Patch2: nacl-20110221-noexec-stack.patch
+
+%package devel
+Summary: Development files
+Group: Development/Libraries
+Provides: nacl-static = %{version}-%{release}
+Requires: %{name} = %{version}-%{release}
+
+%description
+NaCl (pronounced "salt") is a new easy-to-use high-speed software library for
+network communication, encryption, decryption, signatures, etc. NaCl's goal
+is to provide all of the core operations needed to build higher-level
+cryptographic tools.
+
+%description devel
+Include files and devel library.
+
+%prep
+%setup -q
+%patch0 -p1 -b .dist-flags
+%patch1 -p1 -b .build-dir
+%patch2 -p1 -b .noexec-stack
+
+sed -i 's/\${CFLAGS}/%{optflags}/g' okcompilers/c okcompilers/cpp
+
+%build
+./do
+
+%install
+mkdir -p %{buildroot}%{_includedir}/%{name}
+install -m 0644 -t %{buildroot}%{_includedir}/%{name} build/fedora/include/*/*.h
+mkdir -p %{buildroot}%{_libdir}/
+install -m 0644 -t %{buildroot}%{_libdir} build/fedora/lib/*/*.a
+mkdir -p %{buildroot}%{_mandir}/man1
+install -m 0644 -t %{buildroot}%{_mandir}/man1 %{SOURCE1} %{SOURCE2} %{SOURCE3} %{SOURCE4} %{SOURCE5} %{SOURCE6} %{SOURCE7}
+mkdir -p %{buildroot}%{_bindir}
+rm -f build/fedora/bin/ok*
+install -m 0755 -t %{buildroot}%{_bindir} build/fedora/bin/*
+
+%files
+%{_bindir}/*
+%{_mandir}/man1/*
+
+%files devel
+%{_libdir}/*
+%dir %{_includedir}/nacl
+%{_includedir}/nacl/*
+
+%changelog
+* Mon Jul 02 2012 Jaroslav Škarvada <jskarvad at redhat.com> - 20110221-1
+- Initial release
diff --git a/sources b/sources
index e69de29..d5beec6 100644
--- a/sources
+++ b/sources
@@ -0,0 +1 @@
+7efb5715561c3d10dafd3fa97b4f2d20 nacl-20110221.tar.bz2
More information about the scm-commits
mailing list