diff options
| author | Michael Forney <mforney@mforney.org> | 2017-05-27 19:51:08 -0700 |
|---|---|---|
| committer | Michael Forney <mforney@mforney.org> | 2017-05-27 19:51:08 -0700 |
| commit | 4c2436940b29ee6fc13f717c8670a0d071039476 (patch) | |
| tree | c19b1d0fc28a4bf5ef9e89fab0baf9c84e20e83c /pkg/openbsd | |
| parent | 550a8b4db26f91afe74fe384a8117408595772ce (diff) | |
openbsd: Allow using BearSSL for SHA512
Diffstat (limited to 'pkg/openbsd')
| -rw-r--r-- | pkg/openbsd/gen.rc | 20 | ||||
| -rw-r--r-- | pkg/openbsd/patch/0018-getentropy-Support-BearSSL-SHA512-implementation.patch | 107 | ||||
| -rw-r--r-- | pkg/openbsd/rev | 2 |
3 files changed, 125 insertions, 4 deletions
diff --git a/pkg/openbsd/gen.rc b/pkg/openbsd/gen.rc index 315f329c..edb3b553 100644 --- a/pkg/openbsd/gen.rc +++ b/pkg/openbsd/gen.rc @@ -1,9 +1,22 @@ -cflags\ +cflags=(\ -D '''DEF_WEAK(n)=''' \ -isystem '$builddir'/pkg/libressl/include\ -I '$dir'/include\ -idirafter '$srcdir'/include\ - -idirafter '$srcdir'/sys + -idirafter '$srcdir'/sys\ +) +libs=() + +switch($config_tls) { +case libressl '' + cflags=($cflags -D USE_OPENSSL -isystem '$builddir'/pkg/libressl/include) + libs=($libs '$builddir'/pkg/libressl/libcrypto.a) +case bearssl + cflags=($cflags -D USE_BEARSSL -isystem pkg/bearssl/src/inc) + libs=($libs '$builddir'/pkg/bearssl/libbearssl.a) +} + +cflags $cflags # Link arc4random.c to '$outdir' so that it doesn't include the local # arc4random.h @@ -19,7 +32,8 @@ lib libbsd.a -d pkg/libressl/headers\ stdlib/^(reallocarray.c recallocarray.c strtonum.c)\ string/^(explicit_bzero.c strmode.c timingsafe_memcmp.c)\ )\ - lib/libcrypto/arc4random/getentropy_linux.c + lib/libcrypto/arc4random/getentropy_linux.c\ + $libs # diff exe diff usr.bin/diff/^(diff.c diffdir.c diffreg.c xmalloc.c) libbsd.a diff --git a/pkg/openbsd/patch/0018-getentropy-Support-BearSSL-SHA512-implementation.patch b/pkg/openbsd/patch/0018-getentropy-Support-BearSSL-SHA512-implementation.patch new file mode 100644 index 00000000..c50984ac --- /dev/null +++ b/pkg/openbsd/patch/0018-getentropy-Support-BearSSL-SHA512-implementation.patch @@ -0,0 +1,107 @@ +From 2b0e36df23d26fe09ce3f21cff2ed6a4600aeb54 Mon Sep 17 00:00:00 2001 +From: Michael Forney <mforney@mforney.org> +Date: Sat, 27 May 2017 18:49:33 -0700 +Subject: [PATCH] getentropy: Support BearSSL SHA512 implementation + +--- + lib/libcrypto/arc4random/getentropy_linux.c | 33 ++++++++++++++++++++++++++++- + 1 file changed, 32 insertions(+), 1 deletion(-) + +diff --git a/lib/libcrypto/arc4random/getentropy_linux.c b/lib/libcrypto/arc4random/getentropy_linux.c +index ac97658efe3..0a684ebd29f 100644 +--- a/lib/libcrypto/arc4random/getentropy_linux.c ++++ b/lib/libcrypto/arc4random/getentropy_linux.c +@@ -47,7 +47,13 @@ + #include <errno.h> + #include <unistd.h> + #include <time.h> ++#if defined(USE_OPENSSL) + #include <openssl/sha.h> ++#elif defined(USE_BEARSSL) ++#include <bearssl.h> ++#else ++#error "missing SHA512 implementation" ++#endif + + #include <linux/types.h> + #include <linux/random.h> +@@ -67,9 +73,15 @@ + HD(b); \ + } while (0) + ++#if defined(USE_OPENSSL) + #define HR(x, l) (SHA512_Update(&ctx, (char *)(x), (l))) + #define HD(x) (SHA512_Update(&ctx, (char *)&(x), sizeof (x))) + #define HF(x) (SHA512_Update(&ctx, (char *)&(x), sizeof (void*))) ++#elif defined(USE_BEARSSL) ++#define HR(x, l) (br_sha512_update(&ctx, (char *)(x), (l))) ++#define HD(x) (br_sha512_update(&ctx, (char *)&(x), sizeof (x))) ++#define HF(x) (br_sha512_update(&ctx, (char *)&(x), sizeof (void*))) ++#endif + + int getentropy(void *buf, size_t len); + +@@ -327,16 +339,28 @@ static const int cl[] = { + static int + getentropy_phdr(struct dl_phdr_info *info, size_t size, void *data) + { ++#if defined(USE_OPENSSL) + SHA512_CTX *ctx = data; + + SHA512_Update(ctx, &info->dlpi_addr, sizeof (info->dlpi_addr)); ++#elif defined(USE_BEARSSL) ++ br_sha512_context *ctx = data; ++ ++ br_sha512_update(ctx, &info->dlpi_addr, sizeof (info->dlpi_addr)); ++#endif + return (0); + } + + static int + getentropy_fallback(void *buf, size_t len) + { ++#if defined(USE_OPENSSL) + uint8_t results[SHA512_DIGEST_LENGTH]; ++ SHA512_CTX ctx; ++#elif defined(USE_BEARSSL) ++ uint8_t results[br_sha512_SIZE]; ++ br_sha512_context ctx; ++#endif + int save_errno = errno, e, pgs = getpagesize(), faster = 0, repeat; + static int cnt; + struct timespec ts; +@@ -344,7 +368,6 @@ getentropy_fallback(void *buf, size_t len) + struct rusage ru; + sigset_t sigset; + struct stat st; +- SHA512_CTX ctx; + static pid_t lastpid; + pid_t pid; + size_t i, ii, m; +@@ -361,7 +384,11 @@ getentropy_fallback(void *buf, size_t len) + } + for (i = 0; i < len; ) { + int j; ++#if defined(USE_OPENSSL) + SHA512_Init(&ctx); ++#elif defined(USE_BEARSSL) ++ br_sha512_init(&ctx); ++#endif + for (j = 0; j < repeat; j++) { + HX((e = gettimeofday(&tv, NULL)) == -1, tv); + if (e != -1) { +@@ -532,7 +559,11 @@ getentropy_fallback(void *buf, size_t len) + #endif + #endif + ++#if defined(USE_OPENSSL) + SHA512_Final(results, &ctx); ++#elif defined(USE_BEARSSL) ++ br_sha512_out(&ctx, results); ++#endif + memcpy((char *)buf + i, results, min(sizeof(results), len - i)); + i += min(sizeof(results), len - i); + } +-- +2.13.0 + diff --git a/pkg/openbsd/rev b/pkg/openbsd/rev index b1bd38b6..8351c193 100644 --- a/pkg/openbsd/rev +++ b/pkg/openbsd/rev @@ -1 +1 @@ -13 +14 |