From owner-svn-src-stable@freebsd.org Mon Feb 27 08:27:41 2017 Return-Path: Delivered-To: svn-src-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5CDFACEF883; Mon, 27 Feb 2017 08:27:41 +0000 (UTC) (envelope-from avg@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 213488CF; Mon, 27 Feb 2017 08:27:41 +0000 (UTC) (envelope-from avg@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v1R8ReZd066415; Mon, 27 Feb 2017 08:27:40 GMT (envelope-from avg@FreeBSD.org) Received: (from avg@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id v1R8Rcx0066394; Mon, 27 Feb 2017 08:27:38 GMT (envelope-from avg@FreeBSD.org) Message-Id: <201702270827.v1R8Rcx0066394@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: avg set sender to avg@FreeBSD.org using -f From: Andriy Gapon Date: Mon, 27 Feb 2017 08:27:38 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r314327 - in stable/10: lib/libcrypt lib/libmd sbin/gbde sbin/geom/class/eli sbin/md5 sys/cddl/contrib/opensolaris/uts/common/fs/zfs sys/conf sys/crypto/sha2 sys/dev/random sys/geom/bde... X-SVN-Group: stable-10 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for all the -stable branches of the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Feb 2017 08:27:41 -0000 Author: avg Date: Mon Feb 27 08:27:38 2017 New Revision: 314327 URL: https://svnweb.freebsd.org/changeset/base/314327 Log: MFC r292782: Replace sys/crypto/sha2/sha2.c with lib/libmd/sha512c.c cperciva's libmd implementation is 5-30% faster The same was done for SHA256 previously in r263218 Approved by: secteam Added: stable/10/sys/crypto/sha2/sha384.h - copied unchanged from r292782, head/sys/crypto/sha2/sha384.h stable/10/sys/crypto/sha2/sha512.h - copied unchanged from r292782, head/sys/crypto/sha2/sha512.h stable/10/sys/crypto/sha2/sha512c.c - copied unchanged from r292782, head/sys/crypto/sha2/sha512c.c Deleted: stable/10/lib/libmd/sha512.h stable/10/lib/libmd/sha512c.c stable/10/sys/crypto/sha2/sha2.c stable/10/sys/crypto/sha2/sha2.h Modified: stable/10/lib/libcrypt/Makefile stable/10/lib/libmd/Makefile stable/10/lib/libmd/sha512.3 stable/10/lib/libmd/shadriver.c stable/10/sbin/gbde/Makefile stable/10/sbin/gbde/gbde.c stable/10/sbin/geom/class/eli/Makefile stable/10/sbin/md5/Makefile stable/10/sbin/md5/md5.1 stable/10/sbin/md5/md5.c stable/10/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/sha256.c stable/10/sys/conf/files stable/10/sys/crypto/sha2/sha256.h stable/10/sys/dev/random/hash.c stable/10/sys/dev/random/yarrow.c stable/10/sys/geom/bde/g_bde.c stable/10/sys/geom/bde/g_bde_crypt.c stable/10/sys/geom/bde/g_bde_lock.c stable/10/sys/geom/bde/g_bde_work.c stable/10/sys/geom/eli/g_eli.h stable/10/sys/modules/crypto/Makefile stable/10/sys/modules/geom/geom_bde/Makefile stable/10/sys/modules/zfs/Makefile stable/10/sys/netinet/sctp_os_bsd.h stable/10/sys/opencrypto/xform.h Directory Properties: stable/10/ (props changed) Modified: stable/10/lib/libcrypt/Makefile ============================================================================== --- stable/10/lib/libcrypt/Makefile Mon Feb 27 08:20:28 2017 (r314326) +++ stable/10/lib/libcrypt/Makefile Mon Feb 27 08:27:38 2017 (r314327) @@ -29,6 +29,7 @@ CFLAGS+= -I${.CURDIR} -DHAS_DES -DHAS_BL .for sym in MD4Init MD4Final MD4Update MD4Pad \ MD5Init MD5Final MD5Update MD5Pad \ SHA256_Init SHA256_Final SHA256_Update \ + SHA384_Init SHA384_Final SHA384_Update \ SHA512_Init SHA512_Final SHA512_Update CFLAGS+= -D${sym}=__${sym} .endfor Modified: stable/10/lib/libmd/Makefile ============================================================================== --- stable/10/lib/libmd/Makefile Mon Feb 27 08:20:28 2017 (r314326) +++ stable/10/lib/libmd/Makefile Mon Feb 27 08:27:38 2017 (r314327) @@ -7,8 +7,9 @@ SRCS= md4c.c md5c.c md4hl.c md5hl.c \ rmd160c.c rmd160hl.c \ sha0c.c sha0hl.c sha1c.c sha1hl.c \ sha256c.c sha256hl.c \ + sha384hl.c \ sha512c.c sha512hl.c -INCS= md4.h md5.h ripemd.h sha.h sha256.h sha512.h +INCS= md4.h md5.h ripemd.h sha.h sha256.h sha384.h sha512.h WARNS?= 0 @@ -33,6 +34,10 @@ MLINKS+=sha256.3 SHA256_Init.3 sha256.3 MLINKS+=sha256.3 SHA256_Final.3 sha256.3 SHA256_End.3 MLINKS+=sha256.3 SHA256_File.3 sha256.3 SHA256_FileChunk.3 MLINKS+=sha256.3 SHA256_Data.3 +MLINKS+=sha512.3 SHA384_Init.3 sha512.3 SHA384_Update.3 +MLINKS+=sha512.3 SHA384_Final.3 sha512.3 SHA384_End.3 +MLINKS+=sha512.3 SHA384_File.3 sha512.3 SHA384_FileChunk.3 +MLINKS+=sha512.3 SHA384_Data.3 sha512.3 sha384.3 MLINKS+=sha512.3 SHA512_Init.3 sha512.3 SHA512_Update.3 MLINKS+=sha512.3 SHA512_Final.3 sha512.3 SHA512_End.3 MLINKS+=sha512.3 SHA512_File.3 sha512.3 SHA512_FileChunk.3 @@ -40,7 +45,8 @@ MLINKS+=sha512.3 SHA512_Data.3 CLEANFILES+= md[245]hl.c md[245].ref md[245].3 mddriver \ rmd160.ref rmd160hl.c rmddriver \ sha0.ref sha0hl.c sha1.ref sha1hl.c shadriver \ - sha256.ref sha256hl.c sha512.ref sha512hl.c + sha256.ref sha256hl.c sha384hl.c sha384.ref \ + sha512.ref sha512hl.c # Define WEAK_REFS to provide weak aliases for libmd symbols # @@ -87,6 +93,12 @@ sha256hl.c: mdXhl.c -e 's/SHA256__/SHA256_/g' \ ${.ALLSRC}) > ${.TARGET} +sha384hl.c: mdXhl.c + (echo '#define LENGTH 48'; \ + sed -e 's/mdX/sha384/g' -e 's/MDX/SHA384_/g' \ + -e 's/SHA384__/SHA384_/g' \ + ${.ALLSRC}) > ${.TARGET} + sha512hl.c: mdXhl.c (echo '#define LENGTH 64'; \ sed -e 's/mdX/sha512/g' -e 's/MDX/SHA512_/g' \ @@ -167,6 +179,21 @@ sha256.ref: @echo 'SHA-256 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") =' \ 'f371bc4a311f2b009eef952dd83ca80e2b60026c8e935592d0f9c308453c813e' >> ${.TARGET} +sha384.ref: + echo 'SHA-384 test suite:' > ${.TARGET} + @echo 'SHA-384 ("") =' \ + '38b060a751ac96384cd9327eb1b1e36a21fdb71114be07434c0cc7bf63f6e1da274edebfe76f65fbd51ad2f14898b95b' >> ${.TARGET} + @echo 'SHA-384 ("abc") =' \ + 'cb00753f45a35e8bb5a03d699ac65007272c32ab0eded1631a8b605a43ff5bed8086072ba1e7cc2358baeca134c825a7' >> ${.TARGET} + @echo 'SHA-384 ("message digest") =' \ + '473ed35167ec1f5d8e550368a3db39be54639f828868e9454c239fc8b52e3c61dbd0d8b4de1390c256dcbb5d5fd99cd5' >> ${.TARGET} + @echo 'SHA-384 ("abcdefghijklmnopqrstuvwxyz") =' \ + 'feb67349df3db6f5924815d6c3dc133f091809213731fe5c7b5f4999e463479ff2877f5f2936fa63bb43784b12f3ebb4' >> ${.TARGET} + @echo 'SHA-384 ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") =' \ + '1761336e3f7cbfe51deb137f026f89e01a448e3b1fafa64039c1464ee8732f11a5341a6f41e0c202294736ed64db1a84' >> ${.TARGET} + @echo 'SHA-384 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") =' \ + 'b12932b0627d1c060942f5447764155655bd4da0c9afa6dd9b9ef53129af1b8fb0195996d2de9ca0df9d821ffee67026' >> ${.TARGET} + sha512.ref: echo 'SHA-512 test suite:' > ${.TARGET} @echo 'SHA-512 ("") =' \ @@ -195,7 +222,8 @@ rmd160.ref: @echo 'RIPEMD160 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") =' \ '9b752e45573d4b39f4dbd3323cab82bf63326bfb' >> ${.TARGET} -test: md4.ref md5.ref sha0.ref rmd160.ref sha1.ref sha256.ref sha512.ref +test: md4.ref md5.ref sha0.ref rmd160.ref sha1.ref sha256.ref sha384.ref \ + sha512.ref @${ECHO} if any of these test fail, the code produces wrong results @${ECHO} and should NOT be used. ${CC} ${CFLAGS} ${LDFLAGS} -DMD=4 -o mddriver ${.CURDIR}/mddriver.c libmd.a @@ -218,6 +246,9 @@ test: md4.ref md5.ref sha0.ref rmd160.re ${CC} ${CFLAGS} ${LDFLAGS} -DSHA=256 -o shadriver ${.CURDIR}/shadriver.c libmd.a ./shadriver | cmp sha256.ref - @${ECHO} SHA-256 passed test + ${CC} ${CFLAGS} ${LDFLAGS} -DSHA=384 -o shadriver ${.CURDIR}/shadriver.c libmd.a + ./shadriver | cmp sha384.ref - + @${ECHO} SHA-384 passed test ${CC} ${CFLAGS} ${LDFLAGS} -DSHA=512 -o shadriver ${.CURDIR}/shadriver.c libmd.a ./shadriver | cmp sha512.ref - @${ECHO} SHA-512 passed test Modified: stable/10/lib/libmd/sha512.3 ============================================================================== --- stable/10/lib/libmd/sha512.3 Mon Feb 27 08:20:28 2017 (r314326) +++ stable/10/lib/libmd/sha512.3 Mon Feb 27 08:27:38 2017 (r314327) @@ -9,7 +9,7 @@ .\" From: Id: mdX.3,v 1.14 1999/02/11 20:31:49 wollman Exp .\" $FreeBSD$ .\" -.Dd March 28, 2014 +.Dd October 17, 2015 .Dt SHA512 3 .Os .Sh NAME @@ -19,8 +19,15 @@ .Nm SHA512_End , .Nm SHA512_File , .Nm SHA512_FileChunk , -.Nm SHA512_Data -.Nd calculate the FIPS 180-2 ``SHA-512'' message digest +.Nm SHA512_Data , +.Nm SHA384_Init , +.Nm SHA384_Update , +.Nm SHA384_Final , +.Nm SHA384_End , +.Nm SHA384_File , +.Nm SHA384_FileChunk , +.Nm SHA384_Data +.Nd calculate the FIPS 180-4 ``SHA-512'' family of message digests .Sh LIBRARY .Lb libmd .Sh SYNOPSIS @@ -40,6 +47,20 @@ .Fn SHA512_FileChunk "const char *filename" "char *buf" "off_t offset" "off_t length" .Ft "char *" .Fn SHA512_Data "const unsigned char *data" "unsigned int len" "char *buf" +.Ft void +.Fn SHA384_Init "SHA384_CTX *context" +.Ft void +.Fn SHA384_Update "SHA384_CTX *context" "const unsigned char *data" "size_t len" +.Ft void +.Fn SHA384_Final "unsigned char digest[48]" "SHA384_CTX *context" +.Ft "char *" +.Fn SHA384_End "SHA384_CTX *context" "char *buf" +.Ft "char *" +.Fn SHA384_File "const char *filename" "char *buf" +.Ft "char *" +.Fn SHA384_FileChunk "const char *filename" "char *buf" "off_t offset" "off_t length" +.Ft "char *" +.Fn SHA384_Data "const unsigned char *data" "unsigned int len" "char *buf" .Sh DESCRIPTION The .Li SHA512_ @@ -119,6 +140,21 @@ after use. If the .Fa buf argument is non-null it must point to at least 65 characters of buffer space. +.Pp +The +.Li SHA384_ +functions are identical to the +.Li SHA512_ +functions except they use a different initial hash value and the output is +truncated to 384 bits. +.Pp +.Fn SHA384_End +is a wrapper for +.Fn SHA384_Final +which converts the return value to a 49-character +(including the terminating '\e0') +.Tn ASCII +string which represents the 384 bits in hexadecimal. .Sh SEE ALSO .Xr md4 3 , .Xr md5 3 , Modified: stable/10/lib/libmd/shadriver.c ============================================================================== --- stable/10/lib/libmd/shadriver.c Mon Feb 27 08:20:28 2017 (r314326) +++ stable/10/lib/libmd/shadriver.c Mon Feb 27 08:27:38 2017 (r314327) @@ -22,6 +22,7 @@ __FBSDID("$FreeBSD$"); #include "sha.h" #include "sha256.h" +#include "sha384.h" #include "sha512.h" /* The following makes SHA default to SHA-1 if it has not already been @@ -36,6 +37,9 @@ __FBSDID("$FreeBSD$"); #elif SHA == 256 #undef SHA_Data #define SHA_Data SHA256_Data +#elif SHA == 384 +#undef SHA_Data +#define SHA_Data SHA384_Data #elif SHA == 512 #undef SHA_Data #define SHA_Data SHA512_Data Modified: stable/10/sbin/gbde/Makefile ============================================================================== --- stable/10/sbin/gbde/Makefile Mon Feb 27 08:20:28 2017 (r314326) +++ stable/10/sbin/gbde/Makefile Mon Feb 27 08:27:38 2017 (r314327) @@ -4,7 +4,7 @@ PROG= gbde SRCS= gbde.c template.c SRCS+= rijndael-alg-fst.c SRCS+= rijndael-api-fst.c -SRCS+= sha2.c +SRCS+= sha512c.c SRCS+= g_bde_lock.c # rijndael-fst.c does evil casting things which can results in warnings, Modified: stable/10/sbin/gbde/gbde.c ============================================================================== --- stable/10/sbin/gbde/gbde.c Mon Feb 27 08:20:28 2017 (r314326) +++ stable/10/sbin/gbde/gbde.c Mon Feb 27 08:27:38 2017 (r314327) @@ -84,7 +84,7 @@ #include #include #include -#include +#include #include #include Modified: stable/10/sbin/geom/class/eli/Makefile ============================================================================== --- stable/10/sbin/geom/class/eli/Makefile Mon Feb 27 08:20:28 2017 (r314326) +++ stable/10/sbin/geom/class/eli/Makefile Mon Feb 27 08:27:38 2017 (r314327) @@ -6,7 +6,8 @@ GEOM_CLASS= eli SRCS= g_eli_crypto.c SRCS+= g_eli_key.c SRCS+= pkcs5v2.c -SRCS+= sha2.c +SRCS+= sha256c.c +SRCS+= sha512c.c DPADD= ${LIBMD} ${LIBCRYPTO} LDADD= -lmd -lcrypto Modified: stable/10/sbin/md5/Makefile ============================================================================== --- stable/10/sbin/md5/Makefile Mon Feb 27 08:20:28 2017 (r314326) +++ stable/10/sbin/md5/Makefile Mon Feb 27 08:27:38 2017 (r314327) @@ -6,11 +6,13 @@ PROG= md5 LINKS= ${BINDIR}/md5 ${BINDIR}/rmd160 \ ${BINDIR}/md5 ${BINDIR}/sha1 \ ${BINDIR}/md5 ${BINDIR}/sha256 \ + ${BINDIR}/md5 ${BINDIR}/sha384 \ ${BINDIR}/md5 ${BINDIR}/sha512 MLINKS= md5.1 rmd160.1 \ md5.1 sha1.1 \ md5.1 sha256.1 \ + md5.1 sha384.1 \ md5.1 sha512.1 DPADD= ${LIBMD} Modified: stable/10/sbin/md5/md5.1 ============================================================================== --- stable/10/sbin/md5/md5.1 Mon Feb 27 08:20:28 2017 (r314326) +++ stable/10/sbin/md5/md5.1 Mon Feb 27 08:27:38 2017 (r314327) @@ -1,9 +1,9 @@ .\" $FreeBSD$ -.Dd May 17, 2014 +.Dd October 17, 2015 .Dt MD5 1 .Os .Sh NAME -.Nm md5 , sha1 , sha256 , sha512, rmd160 +.Nm md5 , sha1 , sha256 , sha384 , sha512, rmd160 .Nd calculate a message-digest fingerprint (checksum) for a file .Sh SYNOPSIS .Nm md5 @@ -21,6 +21,11 @@ .Op Fl c Ar string .Op Fl s Ar string .Op Ar +.Nm sha384 +.Op Fl pqrtx +.Op Fl c Ar string +.Op Fl s Ar string +.Op Ar .Nm sha512 .Op Fl pqrtx .Op Fl c Ar string @@ -33,7 +38,7 @@ .Op Ar .Sh DESCRIPTION The -.Nm md5 , sha1 , sha256 , sha512 +.Nm md5 , sha1 , sha256 , sha384 , sha512 and .Nm rmd160 utilities take as input a message of arbitrary length and produce as @@ -46,7 +51,7 @@ It is conjectured that it is computation produce two messages having the same message digest, or to produce any message having a given prespecified target message digest. The -.Tn MD5 , SHA-1 , SHA-256 , SHA-512 +.Tn MD5 , SHA-1 , SHA-256 , SHA-384 , SHA-512 and .Tn RIPEMD-160 algorithms are intended for digital signature applications, where a @@ -123,6 +128,7 @@ option. .Xr ripemd 3 , .Xr sha 3 , .Xr sha256 3 , +.Xr sha384 3 , .Xr sha512 3 .Rs .%A R. Rivest Modified: stable/10/sbin/md5/md5.c ============================================================================== --- stable/10/sbin/md5/md5.c Mon Feb 27 08:20:28 2017 (r314326) +++ stable/10/sbin/md5/md5.c Mon Feb 27 08:27:38 2017 (r314327) @@ -28,6 +28,7 @@ __FBSDID("$FreeBSD$"); #include #include #include +#include #include #include #include @@ -55,6 +56,7 @@ typedef char *(DIGEST_End)(void *, char extern const char *MD5TestOutput[MDTESTCOUNT]; extern const char *SHA1_TestOutput[MDTESTCOUNT]; extern const char *SHA256_TestOutput[MDTESTCOUNT]; +extern const char *SHA384_TestOutput[MDTESTCOUNT]; extern const char *SHA512_TestOutput[MDTESTCOUNT]; extern const char *RIPEMD160_TestOutput[MDTESTCOUNT]; @@ -80,6 +82,7 @@ typedef union { MD5_CTX md5; SHA1_CTX sha1; SHA256_CTX sha256; + SHA384_CTX sha384; SHA512_CTX sha512; RIPEMD160_CTX ripemd160; } DIGEST_CTX; @@ -101,6 +104,9 @@ static const struct Algorithm_t Algorith { "sha256", "SHA256", &SHA256_TestOutput, (DIGEST_Init*)&SHA256_Init, (DIGEST_Update*)&SHA256_Update, (DIGEST_End*)&SHA256_End, &SHA256_Data, &SHA256_File }, + { "sha384", "SHA384", &SHA384_TestOutput, (DIGEST_Init*)&SHA384_Init, + (DIGEST_Update*)&SHA384_Update, (DIGEST_End*)&SHA384_End, + &SHA384_Data, &SHA384_File }, { "sha512", "SHA512", &SHA512_TestOutput, (DIGEST_Init*)&SHA512_Init, (DIGEST_Update*)&SHA512_Update, (DIGEST_End*)&SHA512_End, &SHA512_Data, &SHA512_File }, @@ -327,6 +333,17 @@ const char *SHA256_TestOutput[MDTESTCOUN "e6eae09f10ad4122a0e2a4075761d185a272ebd9f5aa489e998ff2f09cbfdd9f" }; +const char *SHA384_TestOutput[MDTESTCOUNT] = { + "38b060a751ac96384cd9327eb1b1e36a21fdb71114be07434c0cc7bf63f6e1da274edebfe76f65fbd51ad2f14898b95b", + "54a59b9f22b0b80880d8427e548b7c23abd873486e1f035dce9cd697e85175033caa88e6d57bc35efae0b5afd3145f31", + "cb00753f45a35e8bb5a03d699ac65007272c32ab0eded1631a8b605a43ff5bed8086072ba1e7cc2358baeca134c825a7", + "473ed35167ec1f5d8e550368a3db39be54639f828868e9454c239fc8b52e3c61dbd0d8b4de1390c256dcbb5d5fd99cd5", + "feb67349df3db6f5924815d6c3dc133f091809213731fe5c7b5f4999e463479ff2877f5f2936fa63bb43784b12f3ebb4", + "1761336e3f7cbfe51deb137f026f89e01a448e3b1fafa64039c1464ee8732f11a5341a6f41e0c202294736ed64db1a84", + "b12932b0627d1c060942f5447764155655bd4da0c9afa6dd9b9ef53129af1b8fb0195996d2de9ca0df9d821ffee67026", + "99428d401bf4abcd4ee0695248c9858b7503853acfae21a9cffa7855f46d1395ef38596fcd06d5a8c32d41a839cc5dfb" +}; + const char *SHA512_TestOutput[MDTESTCOUNT] = { "cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e", "1f40fc92da241694750979ee6cf582f2d5d7d28e18335de05abc54d0560e0f5302860c652bf08d560252aa5e74210546f369fbbbce8c12cfc7957b2652fe9a75", Modified: stable/10/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/sha256.c ============================================================================== --- stable/10/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/sha256.c Mon Feb 27 08:20:28 2017 (r314326) +++ stable/10/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/sha256.c Mon Feb 27 08:27:38 2017 (r314327) @@ -28,7 +28,7 @@ #include #include #ifdef _KERNEL -#include +#include #else #include #endif Modified: stable/10/sys/conf/files ============================================================================== --- stable/10/sys/conf/files Mon Feb 27 08:20:28 2017 (r314326) +++ stable/10/sys/conf/files Mon Feb 27 08:27:38 2017 (r314327) @@ -543,10 +543,9 @@ crypto/rijndael/rijndael-api-fst.c optio crypto/rijndael/rijndael-api.c optional crypto | ipsec | wlan_ccmp crypto/sha1.c optional carp | crypto | ipsec | \ netgraph_mppc_encryption | sctp -crypto/sha2/sha2.c optional crypto | geom_bde | ipsec | random | \ - sctp | zfs crypto/sha2/sha256c.c optional crypto | geom_bde | ipsec | random | \ sctp | zfs +crypto/sha2/sha512c.c optional crypto | geom_bde | ipsec | zfs crypto/siphash/siphash.c optional inet | inet6 crypto/siphash/siphash_test.c optional inet | inet6 ddb/db_access.c optional ddb Modified: stable/10/sys/crypto/sha2/sha256.h ============================================================================== --- stable/10/sys/crypto/sha2/sha256.h Mon Feb 27 08:20:28 2017 (r314326) +++ stable/10/sys/crypto/sha2/sha256.h Mon Feb 27 08:27:38 2017 (r314327) @@ -33,10 +33,14 @@ #include #endif +#define SHA256_BLOCK_LENGTH 64 +#define SHA256_DIGEST_LENGTH 32 +#define SHA256_DIGEST_STRING_LENGTH (SHA256_DIGEST_LENGTH * 2 + 1) + typedef struct SHA256Context { uint32_t state[8]; uint64_t count; - uint8_t buf[64]; + uint8_t buf[SHA256_BLOCK_LENGTH]; } SHA256_CTX; __BEGIN_DECLS @@ -74,10 +78,10 @@ __BEGIN_DECLS void SHA256_Init(SHA256_CTX *); void SHA256_Update(SHA256_CTX *, const void *, size_t); -void SHA256_Final(unsigned char [32], SHA256_CTX *); +void SHA256_Final(unsigned char [SHA256_DIGEST_LENGTH], SHA256_CTX *); +#ifndef _KERNEL char *SHA256_End(SHA256_CTX *, char *); char *SHA256_Data(const void *, unsigned int, char *); -#ifndef _KERNEL char *SHA256_File(const char *, char *); char *SHA256_FileChunk(const char *, char *, off_t, off_t); #endif Copied: stable/10/sys/crypto/sha2/sha384.h (from r292782, head/sys/crypto/sha2/sha384.h) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ stable/10/sys/crypto/sha2/sha384.h Mon Feb 27 08:27:38 2017 (r314327, copy of r292782, head/sys/crypto/sha2/sha384.h) @@ -0,0 +1,87 @@ +/*- + * Copyright 2005 Colin Percival + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD$ + */ + +#ifndef _SHA384_H_ +#define _SHA384_H_ + +#ifndef _KERNEL +#include +#endif + +#define SHA384_BLOCK_LENGTH 128 +#define SHA384_DIGEST_LENGTH 48 +#define SHA384_DIGEST_STRING_LENGTH (SHA384_DIGEST_LENGTH * 2 + 1) + +typedef struct SHA384Context { + uint64_t state[8]; + uint64_t count[2]; + uint8_t buf[SHA384_BLOCK_LENGTH]; +} SHA384_CTX; + +__BEGIN_DECLS + +/* Ensure libmd symbols do not clash with libcrypto */ +#ifndef SHA384_Init +#define SHA384_Init _libmd_SHA384_Init +#endif +#ifndef SHA384_Update +#define SHA384_Update _libmd_SHA384_Update +#endif +#ifndef SHA384_Final +#define SHA384_Final _libmd_SHA384_Final +#endif +#ifndef SHA384_End +#define SHA384_End _libmd_SHA384_End +#endif +#ifndef SHA384_File +#define SHA384_File _libmd_SHA384_File +#endif +#ifndef SHA384_FileChunk +#define SHA384_FileChunk _libmd_SHA384_FileChunk +#endif +#ifndef SHA384_Data +#define SHA384_Data _libmd_SHA384_Data +#endif + +#ifndef SHA384_version +#define SHA384_version _libmd_SHA384_version +#endif + +void SHA384_Init(SHA384_CTX *); +void SHA384_Update(SHA384_CTX *, const void *, size_t); +void SHA384_Final(unsigned char [SHA384_DIGEST_LENGTH], SHA384_CTX *); +#ifndef _KERNEL +char *SHA384_End(SHA384_CTX *, char *); +char *SHA384_Data(const void *, unsigned int, char *); +char *SHA384_File(const char *, char *); +char *SHA384_FileChunk(const char *, char *, off_t, off_t); +#endif + +__END_DECLS + +#endif /* !_SHA384_H_ */ Copied: stable/10/sys/crypto/sha2/sha512.h (from r292782, head/sys/crypto/sha2/sha512.h) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ stable/10/sys/crypto/sha2/sha512.h Mon Feb 27 08:27:38 2017 (r314327, copy of r292782, head/sys/crypto/sha2/sha512.h) @@ -0,0 +1,90 @@ +/*- + * Copyright 2005 Colin Percival + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD$ + */ + +#ifndef _SHA512_H_ +#define _SHA512_H_ + +#ifndef _KERNEL +#include +#endif + +#define SHA512_BLOCK_LENGTH 128 +#define SHA512_DIGEST_LENGTH 64 +#define SHA512_DIGEST_STRING_LENGTH (SHA512_DIGEST_LENGTH * 2 + 1) + +typedef struct SHA512Context { + uint64_t state[8]; + uint64_t count[2]; + uint8_t buf[SHA512_BLOCK_LENGTH]; +} SHA512_CTX; + +__BEGIN_DECLS + +/* Ensure libmd symbols do not clash with libcrypto */ +#ifndef SHA512_Init +#define SHA512_Init _libmd_SHA512_Init +#endif +#ifndef SHA512_Update +#define SHA512_Update _libmd_SHA512_Update +#endif +#ifndef SHA512_Final +#define SHA512_Final _libmd_SHA512_Final +#endif +#ifndef SHA512_End +#define SHA512_End _libmd_SHA512_End +#endif +#ifndef SHA512_File +#define SHA512_File _libmd_SHA512_File +#endif +#ifndef SHA512_FileChunk +#define SHA512_FileChunk _libmd_SHA512_FileChunk +#endif +#ifndef SHA512_Data +#define SHA512_Data _libmd_SHA512_Data +#endif + +#ifndef SHA512_Transform +#define SHA512_Transform _libmd_SHA512_Transform +#endif +#ifndef SHA512_version +#define SHA512_version _libmd_SHA512_version +#endif + +void SHA512_Init(SHA512_CTX *); +void SHA512_Update(SHA512_CTX *, const void *, size_t); +void SHA512_Final(unsigned char [SHA512_DIGEST_LENGTH], SHA512_CTX *); +#ifndef _KERNEL +char *SHA512_End(SHA512_CTX *, char *); +char *SHA512_Data(const void *, unsigned int, char *); +char *SHA512_File(const char *, char *); +char *SHA512_FileChunk(const char *, char *, off_t, off_t); +#endif + +__END_DECLS + +#endif /* !_SHA512_H_ */ Copied: stable/10/sys/crypto/sha2/sha512c.c (from r292782, head/sys/crypto/sha2/sha512c.c) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ stable/10/sys/crypto/sha2/sha512c.c Mon Feb 27 08:27:38 2017 (r314327, copy of r292782, head/sys/crypto/sha2/sha512c.c) @@ -0,0 +1,397 @@ +/*- + * Copyright 2005 Colin Percival + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include +__FBSDID("$FreeBSD$"); + +#include +#include + +#ifdef _KERNEL +#include +#else +#include +#endif + +#include "sha512.h" +#include "sha384.h" + +#if BYTE_ORDER == BIG_ENDIAN + +/* Copy a vector of big-endian uint64_t into a vector of bytes */ +#define be64enc_vect(dst, src, len) \ + memcpy((void *)dst, (const void *)src, (size_t)len) + +/* Copy a vector of bytes into a vector of big-endian uint64_t */ +#define be64dec_vect(dst, src, len) \ + memcpy((void *)dst, (const void *)src, (size_t)len) + +#else /* BYTE_ORDER != BIG_ENDIAN */ + +/* + * Encode a length len/4 vector of (uint64_t) into a length len vector of + * (unsigned char) in big-endian form. Assumes len is a multiple of 8. + */ +static void +be64enc_vect(unsigned char *dst, const uint64_t *src, size_t len) +{ + size_t i; + + for (i = 0; i < len / 8; i++) + be64enc(dst + i * 8, src[i]); +} + +/* + * Decode a big-endian length len vector of (unsigned char) into a length + * len/4 vector of (uint64_t). Assumes len is a multiple of 8. + */ +static void +be64dec_vect(uint64_t *dst, const unsigned char *src, size_t len) +{ + size_t i; + + for (i = 0; i < len / 8; i++) + dst[i] = be64dec(src + i * 8); +} + +#endif /* BYTE_ORDER != BIG_ENDIAN */ + +/* Elementary functions used by SHA512 */ +#define Ch(x, y, z) ((x & (y ^ z)) ^ z) +#define Maj(x, y, z) ((x & (y | z)) | (y & z)) +#define SHR(x, n) (x >> n) +#define ROTR(x, n) ((x >> n) | (x << (64 - n))) +#define S0(x) (ROTR(x, 28) ^ ROTR(x, 34) ^ ROTR(x, 39)) +#define S1(x) (ROTR(x, 14) ^ ROTR(x, 18) ^ ROTR(x, 41)) +#define s0(x) (ROTR(x, 1) ^ ROTR(x, 8) ^ SHR(x, 7)) +#define s1(x) (ROTR(x, 19) ^ ROTR(x, 61) ^ SHR(x, 6)) + +/* SHA512 round function */ +#define RND(a, b, c, d, e, f, g, h, k) \ + t0 = h + S1(e) + Ch(e, f, g) + k; \ + t1 = S0(a) + Maj(a, b, c); \ + d += t0; \ + h = t0 + t1; + +/* Adjusted round function for rotating state */ +#define RNDr(S, W, i, k) \ + RND(S[(80 - i) % 8], S[(81 - i) % 8], \ + S[(82 - i) % 8], S[(83 - i) % 8], \ + S[(84 - i) % 8], S[(85 - i) % 8], \ + S[(86 - i) % 8], S[(87 - i) % 8], \ + W[i] + k) + +/* + * SHA512 block compression function. The 512-bit state is transformed via + * the 512-bit input block to produce a new state. + */ +static void +SHA512_Transform(uint64_t * state, const unsigned char block[SHA512_BLOCK_LENGTH]) +{ + uint64_t W[80]; + uint64_t S[8]; + uint64_t t0, t1; + int i; + + /* 1. Prepare message schedule W. */ + be64dec_vect(W, block, SHA512_BLOCK_LENGTH); + for (i = 16; i < 80; i++) + W[i] = s1(W[i - 2]) + W[i - 7] + s0(W[i - 15]) + W[i - 16]; + + /* 2. Initialize working variables. */ + memcpy(S, state, SHA512_DIGEST_LENGTH); + + /* 3. Mix. */ + RNDr(S, W, 0, 0x428a2f98d728ae22ULL); + RNDr(S, W, 1, 0x7137449123ef65cdULL); + RNDr(S, W, 2, 0xb5c0fbcfec4d3b2fULL); + RNDr(S, W, 3, 0xe9b5dba58189dbbcULL); + RNDr(S, W, 4, 0x3956c25bf348b538ULL); + RNDr(S, W, 5, 0x59f111f1b605d019ULL); + RNDr(S, W, 6, 0x923f82a4af194f9bULL); + RNDr(S, W, 7, 0xab1c5ed5da6d8118ULL); + RNDr(S, W, 8, 0xd807aa98a3030242ULL); + RNDr(S, W, 9, 0x12835b0145706fbeULL); + RNDr(S, W, 10, 0x243185be4ee4b28cULL); + RNDr(S, W, 11, 0x550c7dc3d5ffb4e2ULL); + RNDr(S, W, 12, 0x72be5d74f27b896fULL); + RNDr(S, W, 13, 0x80deb1fe3b1696b1ULL); + RNDr(S, W, 14, 0x9bdc06a725c71235ULL); + RNDr(S, W, 15, 0xc19bf174cf692694ULL); + RNDr(S, W, 16, 0xe49b69c19ef14ad2ULL); + RNDr(S, W, 17, 0xefbe4786384f25e3ULL); + RNDr(S, W, 18, 0x0fc19dc68b8cd5b5ULL); + RNDr(S, W, 19, 0x240ca1cc77ac9c65ULL); + RNDr(S, W, 20, 0x2de92c6f592b0275ULL); + RNDr(S, W, 21, 0x4a7484aa6ea6e483ULL); + RNDr(S, W, 22, 0x5cb0a9dcbd41fbd4ULL); + RNDr(S, W, 23, 0x76f988da831153b5ULL); + RNDr(S, W, 24, 0x983e5152ee66dfabULL); + RNDr(S, W, 25, 0xa831c66d2db43210ULL); + RNDr(S, W, 26, 0xb00327c898fb213fULL); + RNDr(S, W, 27, 0xbf597fc7beef0ee4ULL); + RNDr(S, W, 28, 0xc6e00bf33da88fc2ULL); + RNDr(S, W, 29, 0xd5a79147930aa725ULL); + RNDr(S, W, 30, 0x06ca6351e003826fULL); + RNDr(S, W, 31, 0x142929670a0e6e70ULL); + RNDr(S, W, 32, 0x27b70a8546d22ffcULL); + RNDr(S, W, 33, 0x2e1b21385c26c926ULL); + RNDr(S, W, 34, 0x4d2c6dfc5ac42aedULL); + RNDr(S, W, 35, 0x53380d139d95b3dfULL); + RNDr(S, W, 36, 0x650a73548baf63deULL); + RNDr(S, W, 37, 0x766a0abb3c77b2a8ULL); + RNDr(S, W, 38, 0x81c2c92e47edaee6ULL); + RNDr(S, W, 39, 0x92722c851482353bULL); + RNDr(S, W, 40, 0xa2bfe8a14cf10364ULL); + RNDr(S, W, 41, 0xa81a664bbc423001ULL); + RNDr(S, W, 42, 0xc24b8b70d0f89791ULL); + RNDr(S, W, 43, 0xc76c51a30654be30ULL); + RNDr(S, W, 44, 0xd192e819d6ef5218ULL); + RNDr(S, W, 45, 0xd69906245565a910ULL); + RNDr(S, W, 46, 0xf40e35855771202aULL); + RNDr(S, W, 47, 0x106aa07032bbd1b8ULL); + RNDr(S, W, 48, 0x19a4c116b8d2d0c8ULL); + RNDr(S, W, 49, 0x1e376c085141ab53ULL); + RNDr(S, W, 50, 0x2748774cdf8eeb99ULL); + RNDr(S, W, 51, 0x34b0bcb5e19b48a8ULL); + RNDr(S, W, 52, 0x391c0cb3c5c95a63ULL); + RNDr(S, W, 53, 0x4ed8aa4ae3418acbULL); + RNDr(S, W, 54, 0x5b9cca4f7763e373ULL); + RNDr(S, W, 55, 0x682e6ff3d6b2b8a3ULL); + RNDr(S, W, 56, 0x748f82ee5defb2fcULL); + RNDr(S, W, 57, 0x78a5636f43172f60ULL); + RNDr(S, W, 58, 0x84c87814a1f0ab72ULL); + RNDr(S, W, 59, 0x8cc702081a6439ecULL); + RNDr(S, W, 60, 0x90befffa23631e28ULL); + RNDr(S, W, 61, 0xa4506cebde82bde9ULL); + RNDr(S, W, 62, 0xbef9a3f7b2c67915ULL); + RNDr(S, W, 63, 0xc67178f2e372532bULL); + RNDr(S, W, 64, 0xca273eceea26619cULL); + RNDr(S, W, 65, 0xd186b8c721c0c207ULL); + RNDr(S, W, 66, 0xeada7dd6cde0eb1eULL); + RNDr(S, W, 67, 0xf57d4f7fee6ed178ULL); + RNDr(S, W, 68, 0x06f067aa72176fbaULL); + RNDr(S, W, 69, 0x0a637dc5a2c898a6ULL); + RNDr(S, W, 70, 0x113f9804bef90daeULL); + RNDr(S, W, 71, 0x1b710b35131c471bULL); + RNDr(S, W, 72, 0x28db77f523047d84ULL); + RNDr(S, W, 73, 0x32caab7b40c72493ULL); + RNDr(S, W, 74, 0x3c9ebe0a15c9bebcULL); + RNDr(S, W, 75, 0x431d67c49c100d4cULL); + RNDr(S, W, 76, 0x4cc5d4becb3e42b6ULL); + RNDr(S, W, 77, 0x597f299cfc657e2aULL); + RNDr(S, W, 78, 0x5fcb6fab3ad6faecULL); + RNDr(S, W, 79, 0x6c44198c4a475817ULL); + + /* 4. Mix local working variables into global state */ + for (i = 0; i < 8; i++) + state[i] += S[i]; +} + +static unsigned char PAD[SHA512_BLOCK_LENGTH] = { + 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 +}; + +/* Add padding and terminating bit-count. */ +static void +SHA512_Pad(SHA512_CTX * ctx) +{ + unsigned char len[16]; + uint64_t r, plen; + + /* + * Convert length to a vector of bytes -- we do this now rather + * than later because the length will change after we pad. + */ + be64enc_vect(len, ctx->count, 16); + + /* Add 1--128 bytes so that the resulting length is 112 mod 128 */ + r = (ctx->count[1] >> 3) & 0x7f; + plen = (r < 112) ? (112 - r) : (240 - r); + SHA512_Update(ctx, PAD, (size_t)plen); + + /* Add the terminating bit-count */ + SHA512_Update(ctx, len, 16); +} + +/* SHA-512 initialization. Begins a SHA-512 operation. */ +void +SHA512_Init(SHA512_CTX * ctx) +{ + + /* Zero bits processed so far */ + ctx->count[0] = ctx->count[1] = 0; + + /* Magic initialization constants */ + ctx->state[0] = 0x6a09e667f3bcc908ULL; + ctx->state[1] = 0xbb67ae8584caa73bULL; + ctx->state[2] = 0x3c6ef372fe94f82bULL; + ctx->state[3] = 0xa54ff53a5f1d36f1ULL; + ctx->state[4] = 0x510e527fade682d1ULL; + ctx->state[5] = 0x9b05688c2b3e6c1fULL; + ctx->state[6] = 0x1f83d9abfb41bd6bULL; + ctx->state[7] = 0x5be0cd19137e2179ULL; +} + +/* Add bytes into the hash */ +void +SHA512_Update(SHA512_CTX * ctx, const void *in, size_t len) +{ + uint64_t bitlen[2]; + uint64_t r; + const unsigned char *src = in; + + /* Number of bytes left in the buffer from previous updates */ + r = (ctx->count[1] >> 3) & 0x7f; + + /* Convert the length into a number of bits */ + bitlen[1] = ((uint64_t)len) << 3; + bitlen[0] = ((uint64_t)len) >> 61; + + /* Update number of bits */ + if ((ctx->count[1] += bitlen[1]) < bitlen[1]) + ctx->count[0]++; + ctx->count[0] += bitlen[0]; + + /* Handle the case where we don't need to perform any transforms */ + if (len < SHA512_BLOCK_LENGTH - r) { + memcpy(&ctx->buf[r], src, len); + return; + } + + /* Finish the current block */ + memcpy(&ctx->buf[r], src, SHA512_BLOCK_LENGTH - r); + SHA512_Transform(ctx->state, ctx->buf); + src += SHA512_BLOCK_LENGTH - r; + len -= SHA512_BLOCK_LENGTH - r; + + /* Perform complete blocks */ + while (len >= SHA512_BLOCK_LENGTH) { + SHA512_Transform(ctx->state, src); + src += SHA512_BLOCK_LENGTH; + len -= SHA512_BLOCK_LENGTH; + } + + /* Copy left over data into buffer */ + memcpy(ctx->buf, src, len); +} + +/* + * SHA-512 finalization. Pads the input data, exports the hash value, + * and clears the context state. + */ +void +SHA512_Final(unsigned char digest[SHA512_DIGEST_LENGTH], SHA512_CTX * ctx) +{ + + /* Add padding */ + SHA512_Pad(ctx); + + /* Write the hash */ + be64enc_vect(digest, ctx->state, SHA512_DIGEST_LENGTH); + + /* Clear the context state */ + memset((void *)ctx, 0, sizeof(*ctx)); +} + +/*** SHA-384: *********************************************************/ +/* + * the SHA384 and SHA512 transforms are identical, so SHA384 is skipped + */ + +/* SHA-384 initialization. Begins a SHA-384 operation. */ +void +SHA384_Init(SHA384_CTX * ctx) +{ + + /* Zero bits processed so far */ + ctx->count[0] = ctx->count[1] = 0; + + /* Magic initialization constants */ + ctx->state[0] = 0xcbbb9d5dc1059ed8ULL; + ctx->state[1] = 0x629a292a367cd507ULL; + ctx->state[2] = 0x9159015a3070dd17ULL; + ctx->state[3] = 0x152fecd8f70e5939ULL; + ctx->state[4] = 0x67332667ffc00b31ULL; + ctx->state[5] = 0x8eb44a8768581511ULL; + ctx->state[6] = 0xdb0c2e0d64f98fa7ULL; + ctx->state[7] = 0x47b5481dbefa4fa4ULL; +} + +/* Add bytes into the SHA-384 hash */ +void +SHA384_Update(SHA384_CTX * ctx, const void *in, size_t len) +{ + + SHA512_Update((SHA512_CTX *)ctx, in, len); +} + +/* + * SHA-384 finalization. Pads the input data, exports the hash value, + * and clears the context state. + */ +void +SHA384_Final(unsigned char digest[SHA384_DIGEST_LENGTH], SHA384_CTX * ctx) +{ + + /* Add padding */ + SHA512_Pad((SHA512_CTX *)ctx); + + /* Write the hash */ + be64enc_vect(digest, ctx->state, SHA384_DIGEST_LENGTH); + + /* Clear the context state */ + memset((void *)ctx, 0, sizeof(*ctx)); +} + +#ifdef WEAK_REFS +/* When building libmd, provide weak references. Note: this is not + activated in the context of compiling these sources for internal + use in libcrypt. + */ +#undef SHA512_Init +__weak_reference(_libmd_SHA512_Init, SHA512_Init); +#undef SHA512_Update +__weak_reference(_libmd_SHA512_Update, SHA512_Update); +#undef SHA512_Final +__weak_reference(_libmd_SHA512_Final, SHA512_Final); +#undef SHA512_Transform +__weak_reference(_libmd_SHA512_Transform, SHA512_Transform); + +#undef SHA384_Init +__weak_reference(_libmd_SHA384_Init, SHA384_Init); +#undef SHA384_Update +__weak_reference(_libmd_SHA384_Update, SHA384_Update); +#undef SHA384_Final +__weak_reference(_libmd_SHA384_Final, SHA384_Final); +#endif Modified: stable/10/sys/dev/random/hash.c ============================================================================== --- stable/10/sys/dev/random/hash.c Mon Feb 27 08:20:28 2017 (r314326) +++ stable/10/sys/dev/random/hash.c Mon Feb 27 08:27:38 2017 (r314327) @@ -32,7 +32,7 @@ __FBSDID("$FreeBSD$"); #include #include -#include +#include #include Modified: stable/10/sys/dev/random/yarrow.c ============================================================================== --- stable/10/sys/dev/random/yarrow.c Mon Feb 27 08:20:28 2017 (r314326) +++ stable/10/sys/dev/random/yarrow.c Mon Feb 27 08:27:38 2017 (r314327) @@ -40,7 +40,7 @@ __FBSDID("$FreeBSD$"); *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***