Update to FreeBSD head 2018-09-17

Git mirror commit 6c2192b1ef8c50788c751f878552526800b1e319. Update #3472.
author: Sebastian Huber <sebastian.huber@embedded-brains.de> 2018-08-22 14:59:50 +0200
committer: Sebastian Huber <sebastian.huber@embedded-brains.de> 2018-09-21 10:29:41 +0200
commit: 3489e3b6396ee9944a6a2e19e675ca54c36993b4 (patch)
tree: cd55cfac1c96ff4b888a9606fd6a0d8eb65bb446 /freebsd/sys/crypto
parent: ck: Define CK_MD_PPC32_LWSYNC if available (diff)
download: rtems-libbsd-3489e3b6396ee9944a6a2e19e675ca54c36993b4.tar.bz2
7 files changed, 194 insertions, 12 deletions
diff --git a/freebsd/sys/crypto/chacha20/chacha.c b/freebsd/sys/crypto/chacha20/chacha.c
index 74d7fe02..3ce5310a 100644
--- a/freebsd/sys/crypto/chacha20/chacha.c
+++ b/freebsd/sys/crypto/chacha20/chacha.c
@@ -16,7 +16,6 @@ __FBSDID("$FreeBSD$");
 
 #include <crypto/chacha20/chacha.h>
 
-
 typedef uint8_t u8;
 typedef uint32_t u32;
 
@@ -59,7 +58,7 @@ typedef struct chacha_ctx chacha_ctx;
 static const char sigma[16] = "expand 32-byte k";
 static const char tau[16] = "expand 16-byte k";
 
-void
+LOCAL void
 #ifndef __rtems__
 chacha_keysetup(chacha_ctx *x,const u8 *k,u32 kbits)
 #else /* __rtems__ */
@@ -88,7 +87,7 @@ chacha_keysetup(chacha_ctx *x,const u8 *k,u_int kbits)
   x->input[3] = U8TO32_LITTLE(constants + 12);
 }
 
-void
+LOCAL void
 chacha_ivsetup(chacha_ctx *x, const u8 *iv, const u8 *counter)
 {
   x->input[12] = counter == NULL ? 0 : U8TO32_LITTLE(counter + 0);
@@ -97,7 +96,7 @@ chacha_ivsetup(chacha_ctx *x, const u8 *iv, const u8 *counter)
   x->input[15] = U8TO32_LITTLE(iv + 4);
 }
 
-void
+LOCAL void
 #ifndef __rtems__
 chacha_encrypt_bytes(chacha_ctx *x,const u8 *m,u8 *c,u32 bytes)
 #else /* __rtems__ */
@@ -179,6 +178,7 @@ chacha_encrypt_bytes(chacha_ctx *x,const u8 *m,u8 *c,u_int bytes)
     x14 = PLUS(x14,j14);
     x15 = PLUS(x15,j15);
 
+#ifndef KEYSTREAM_ONLY
     x0 = XOR(x0,U8TO32_LITTLE(m + 0));
     x1 = XOR(x1,U8TO32_LITTLE(m + 4));
     x2 = XOR(x2,U8TO32_LITTLE(m + 8));
@@ -195,6 +195,7 @@ chacha_encrypt_bytes(chacha_ctx *x,const u8 *m,u8 *c,u_int bytes)
     x13 = XOR(x13,U8TO32_LITTLE(m + 52));
     x14 = XOR(x14,U8TO32_LITTLE(m + 56));
     x15 = XOR(x15,U8TO32_LITTLE(m + 60));
+#endif
 
     j12 = PLUSONE(j12);
     if (!j12) {
@@ -229,6 +230,8 @@ chacha_encrypt_bytes(chacha_ctx *x,const u8 *m,u8 *c,u_int bytes)
     }
     bytes -= 64;
     c += 64;
+#ifndef KEYSTREAM_ONLY
     m += 64;
+#endif
   }
 }
diff --git a/freebsd/sys/crypto/chacha20/chacha.h b/freebsd/sys/crypto/chacha20/chacha.h
index 02106eaa..e67cc812 100644
--- a/freebsd/sys/crypto/chacha20/chacha.h
+++ b/freebsd/sys/crypto/chacha20/chacha.h
@@ -23,9 +23,15 @@ struct chacha_ctx {
 #define CHACHA_STATELEN		(CHACHA_NONCELEN+CHACHA_CTRLEN)
 #define CHACHA_BLOCKLEN		64
 
-void chacha_keysetup(struct chacha_ctx *x, const u_char *k, u_int kbits);
-void chacha_ivsetup(struct chacha_ctx *x, const u_char *iv, const u_char *ctr);
-void chacha_encrypt_bytes(struct chacha_ctx *x, const u_char *m,
+#ifdef _KERNEL
+#define LOCAL
+#else
+#define LOCAL static
+#endif
+
+LOCAL void chacha_keysetup(struct chacha_ctx *x, const u_char *k, u_int kbits);
+LOCAL void chacha_ivsetup(struct chacha_ctx *x, const u_char *iv, const u_char *ctr);
+LOCAL void chacha_encrypt_bytes(struct chacha_ctx *x, const u_char *m,
     u_char *c, u_int bytes);
 
 #endif	/* CHACHA_H */
diff --git a/freebsd/sys/crypto/libsodium/utils.c b/freebsd/sys/crypto/libsodium/utils.c
new file mode 100644
index 00000000..8c6dfc36
--- /dev/null
+++ b/freebsd/sys/crypto/libsodium/utils.c
@@ -0,0 +1,16 @@
+#include <machine/rtems-bsd-kernel-space.h>
+
+/* This file is in the public domain. */
+
+#include <sys/cdefs.h>
+__FBSDID("$FreeBSD$");
+#include <sys/types.h>
+#include <sys/systm.h>
+
+#include <sodium/utils.h>
+
+void
+sodium_memzero(void *b, size_t n)
+{
+	explicit_bzero(b, n);
+}
diff --git a/freebsd/sys/crypto/sha2/sha224.h b/freebsd/sys/crypto/sha2/sha224.h
new file mode 100644
index 00000000..c2833543
--- /dev/null
+++ b/freebsd/sys/crypto/sha2/sha224.h
@@ -0,0 +1,96 @@
+/*-
+ * Copyright 2005 Colin Percival
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $FreeBSD$
+ */
+
+#ifndef _SHA224_H_
+#define _SHA224_H_
+
+#ifndef _KERNEL
+#include <sys/types.h>
+#endif
+
+#define SHA224_BLOCK_LENGTH		64
+#define SHA224_DIGEST_LENGTH		28
+#define SHA224_DIGEST_STRING_LENGTH	(SHA224_DIGEST_LENGTH * 2 + 1)
+
+typedef struct SHA224Context {
+	uint32_t state[8];
+	uint64_t count;
+	uint8_t buf[SHA224_BLOCK_LENGTH];
+} SHA224_CTX;
+
+__BEGIN_DECLS
+
+/* Ensure libmd symbols do not clash with libcrypto */
+
+#ifndef SHA224_Init
+#define SHA224_Init		_libmd_SHA224_Init
+#endif
+#ifndef SHA224_Update
+#define SHA224_Update		_libmd_SHA224_Update
+#endif
+#ifndef SHA224_Final
+#define SHA224_Final		_libmd_SHA224_Final
+#endif
+#ifndef SHA224_End
+#define SHA224_End		_libmd_SHA224_End
+#endif
+#ifndef SHA224_Fd
+#define SHA224_Fd		_libmd_SHA224_Fd
+#endif
+#ifndef SHA224_FdChunk
+#define SHA224_FdChunk		_libmd_SHA224_FdChunk
+#endif
+#ifndef SHA224_File
+#define SHA224_File		_libmd_SHA224_File
+#endif
+#ifndef SHA224_FileChunk
+#define SHA224_FileChunk	_libmd_SHA224_FileChunk
+#endif
+#ifndef SHA224_Data
+#define SHA224_Data		_libmd_SHA224_Data
+#endif
+
+#ifndef SHA224_version
+#define SHA224_version		_libmd_SHA224_version
+#endif
+
+void	SHA224_Init(SHA224_CTX *);
+void	SHA224_Update(SHA224_CTX *, const void *, size_t);
+void	SHA224_Final(unsigned char [__min_size(SHA224_DIGEST_LENGTH)],
+    SHA224_CTX *);
+#ifndef _KERNEL
+char   *SHA224_End(SHA224_CTX *, char *);
+char   *SHA224_Data(const void *, unsigned int, char *);
+char   *SHA224_Fd(int, char *);
+char   *SHA224_FdChunk(int, char *, off_t, off_t);
+char   *SHA224_File(const char *, char *);
+char   *SHA224_FileChunk(const char *, char *, off_t, off_t);
+#endif
+__END_DECLS
+
+#endif /* !_SHA224_H_ */
diff --git a/freebsd/sys/crypto/sha2/sha256c.c b/freebsd/sys/crypto/sha2/sha256c.c
index ea389694..dbba6d35 100644
--- a/freebsd/sys/crypto/sha2/sha256c.c
+++ b/freebsd/sys/crypto/sha2/sha256c.c
@@ -38,6 +38,7 @@ __FBSDID("$FreeBSD$");
 #include <string.h>
 #endif
 
+#include "sha224.h"
 #include "sha256.h"
 
 #if BYTE_ORDER == BIG_ENDIAN
@@ -299,7 +300,57 @@ SHA256_Final(unsigned char digest[static SHA256_DIGEST_LENGTH], SHA256_CTX *ctx)
 	be32enc_vect(digest, ctx->state, SHA256_DIGEST_LENGTH);
 
 	/* Clear the context state */
-	memset(ctx, 0, sizeof(*ctx));
+	explicit_bzero(ctx, sizeof(*ctx));
+}
+
+/*** SHA-224: *********************************************************/
+/*
+ * the SHA224 and SHA256 transforms are identical
+ */
+
+/* SHA-224 initialization.  Begins a SHA-224 operation. */
+void
+SHA224_Init(SHA224_CTX * ctx)
+{
+
+	/* Zero bits processed so far */
+	ctx->count = 0;
+
+	/* Magic initialization constants */
+	ctx->state[0] = 0xC1059ED8;
+	ctx->state[1] = 0x367CD507;
+	ctx->state[2] = 0x3070DD17;
+	ctx->state[3] = 0xF70E5939;
+	ctx->state[4] = 0xFFC00B31;
+	ctx->state[5] = 0x68581511;
+	ctx->state[6] = 0x64f98FA7;
+	ctx->state[7] = 0xBEFA4FA4;
+}
+
+/* Add bytes into the SHA-224 hash */
+void
+SHA224_Update(SHA224_CTX * ctx, const void *in, size_t len)
+{
+
+	SHA256_Update((SHA256_CTX *)ctx, in, len);
+}
+
+/*
+ * SHA-224 finalization.  Pads the input data, exports the hash value,
+ * and clears the context state.
+ */
+void
+SHA224_Final(unsigned char digest[static SHA224_DIGEST_LENGTH], SHA224_CTX *ctx)
+{
+
+	/* Add padding */
+	SHA256_Pad((SHA256_CTX *)ctx);
+
+	/* Write the hash */
+	be32enc_vect(digest, ctx->state, SHA224_DIGEST_LENGTH);
+
+	/* Clear the context state */
+	explicit_bzero(ctx, sizeof(*ctx));
 }
 
 #ifdef WEAK_REFS
@@ -315,4 +366,11 @@ __weak_reference(_libmd_SHA256_Update, SHA256_Update);
 __weak_reference(_libmd_SHA256_Final, SHA256_Final);
 #undef SHA256_Transform
 __weak_reference(_libmd_SHA256_Transform, SHA256_Transform);
+
+#undef SHA224_Init
+__weak_reference(_libmd_SHA224_Init, SHA224_Init);
+#undef SHA224_Update
+__weak_reference(_libmd_SHA224_Update, SHA224_Update);
+#undef SHA224_Final
+__weak_reference(_libmd_SHA224_Final, SHA224_Final);
 #endif
diff --git a/freebsd/sys/crypto/sha2/sha512c.c b/freebsd/sys/crypto/sha2/sha512c.c
index 7aa4bf52..4e7de3ee 100644
--- a/freebsd/sys/crypto/sha2/sha512c.c
+++ b/freebsd/sys/crypto/sha2/sha512c.c
@@ -333,7 +333,7 @@ SHA512_Final(unsigned char digest[static SHA512_DIGEST_LENGTH], SHA512_CTX *ctx)
 	be64enc_vect(digest, ctx->state, SHA512_DIGEST_LENGTH);
 
 	/* Clear the context state */
-	memset(ctx, 0, sizeof(*ctx));
+	explicit_bzero(ctx, sizeof(*ctx));
 }
 
 /*** SHA-512t: *********************************************************/
@@ -376,7 +376,7 @@ SHA512_224_Final(unsigned char digest[static SHA512_224_DIGEST_LENGTH], SHA512_C
 	be64enc_vect(digest, ctx->state, SHA512_224_DIGEST_LENGTH);
 
 	/* Clear the context state */
-	memset(ctx, 0, sizeof(*ctx));
+	explicit_bzero(ctx, sizeof(*ctx));
 }
 
 void
@@ -415,7 +415,7 @@ SHA512_256_Final(unsigned char digest[static SHA512_256_DIGEST_LENGTH], SHA512_C
 	be64enc_vect(digest, ctx->state, SHA512_256_DIGEST_LENGTH);
 
 	/* Clear the context state */
-	memset(ctx, 0, sizeof(*ctx));
+	explicit_bzero(ctx, sizeof(*ctx));
 }
 
 /*** SHA-384: *********************************************************/
@@ -465,7 +465,7 @@ SHA384_Final(unsigned char digest[static SHA384_DIGEST_LENGTH], SHA384_CTX *ctx)
 	be64enc_vect(digest, ctx->state, SHA384_DIGEST_LENGTH);
 
 	/* Clear the context state */
-	memset(ctx, 0, sizeof(*ctx));
+	explicit_bzero(ctx, sizeof(*ctx));
 }
 
 #ifdef WEAK_REFS
diff --git a/freebsd/sys/crypto/skein/skein.c b/freebsd/sys/crypto/skein/skein.c
index c13f9ad4..e444837a 100644
--- a/freebsd/sys/crypto/skein/skein.c
+++ b/freebsd/sys/crypto/skein/skein.c
@@ -814,6 +814,7 @@ SKEIN256_Final(unsigned char digest[static SKEIN_256_BLOCK_BYTES], SKEIN256_CTX
 {
 
 	Skein_256_Final(ctx, digest);
+	explicit_bzero(ctx, sizeof(*ctx));
 }
 
 void
@@ -821,6 +822,7 @@ SKEIN512_Final(unsigned char digest[static SKEIN_512_BLOCK_BYTES], SKEIN512_CTX
 {
 
 	Skein_512_Final(ctx, digest);
+	explicit_bzero(ctx, sizeof(*ctx));
 }
 
 void
@@ -828,6 +830,7 @@ SKEIN1024_Final(unsigned char digest[static SKEIN1024_BLOCK_BYTES], SKEIN1024_CT
 {
 
 	Skein1024_Final(ctx, digest);
+	explicit_bzero(ctx, sizeof(*ctx));
 }
 
 #ifdef WEAK_REFS
author	Sebastian Huber <sebastian.huber@embedded-brains.de>	2018-08-22 14:59:50 +0200
committer	Sebastian Huber <sebastian.huber@embedded-brains.de>	2018-09-21 10:29:41 +0200
commit	3489e3b6396ee9944a6a2e19e675ca54c36993b4 (patch)
tree	cd55cfac1c96ff4b888a9606fd6a0d8eb65bb446 /freebsd/sys/crypto
parent	ck: Define CK_MD_PPC32_LWSYNC if available (diff)
download	rtems-libbsd-3489e3b6396ee9944a6a2e19e675ca54c36993b4.tar.bz2