From 2bd6f119c41de4e0f1db37f6ad799d0e08e1fbd6 Mon Sep 17 00:00:00 2001
From: Michael Forney <mforney@mforney.org>
Date: Tue, 17 Jan 2023 12:01:13 -0800
Subject: [PATCH] Port to BearSSL

---
 lib/libzfs/libzfs_crypto.c | 52 ++++++++++++++++++++++++++++++--------
 1 file changed, 42 insertions(+), 10 deletions(-)

diff --git a/lib/libzfs/libzfs_crypto.c b/lib/libzfs/libzfs_crypto.c
index 93dfa9cbc..1ee5d3f07 100644
--- a/lib/libzfs/libzfs_crypto.c
+++ b/lib/libzfs/libzfs_crypto.c
@@ -25,7 +25,7 @@
 #include <termios.h>
 #include <signal.h>
 #include <errno.h>
-#include <openssl/evp.h>
+#include <bearssl.h>
 #if LIBFETCH_DYNAMIC
 #include <dlfcn.h>
 #endif
@@ -773,6 +773,44 @@ error:
 	return (ret);
 }
 
+static void
+pbkdf2_hmac_sha1(unsigned char *DK, size_t DKlen, const char *P, size_t Plen, const char *S, size_t Slen, int c)
+{
+	br_hmac_key_context kc;
+	br_hmac_context hmac;
+	unsigned char F[br_sha1_SIZE], U[64];
+	int j, k;
+	unsigned long i;
+
+	assert(Slen <= sizeof U - 4);
+	br_hmac_key_init(&kc, &br_sha1_vtable, P, Plen);
+	for (i = 1;; ++i) {
+		memcpy(U, S, Slen);
+		U[Slen] = i >> 24;
+		U[Slen + 1] = i >> 16;
+		U[Slen + 2] = i >> 8;
+		U[Slen + 3] = i;
+		br_hmac_init(&hmac, &kc, 0);
+		br_hmac_update(&hmac, U, Slen + 4);
+		br_hmac_out(&hmac, U);
+		memcpy(F, U, br_sha1_SIZE);
+		for (j = 1; j < c; ++j) {
+			br_hmac_init(&hmac, &kc, 0);
+			br_hmac_update(&hmac, U, br_sha1_SIZE);
+			br_hmac_out(&hmac, U);
+			for (k = 0; k < br_sha1_SIZE; k++)
+				F[k] ^= U[k];
+		}
+		if (DKlen < sizeof F) {
+			memcpy(DK, F, DKlen);
+			break;
+		}
+		memcpy(DK, F, sizeof F);
+		DK += sizeof F;
+		DKlen -= sizeof F;
+	}
+}
+
 static int
 derive_key(libzfs_handle_t *hdl, zfs_keyformat_t format, uint64_t iters,
     uint8_t *key_material, uint64_t salt,
@@ -801,15 +839,9 @@ derive_key(libzfs_handle_t *hdl, zfs_keyformat_t format, uint64_t iters,
 	case ZFS_KEYFORMAT_PASSPHRASE:
 		salt = LE_64(salt);
 
-		ret = PKCS5_PBKDF2_HMAC_SHA1((char *)key_material,
-		    strlen((char *)key_material), ((uint8_t *)&salt),
-		    sizeof (uint64_t), iters, WRAPPING_KEY_LEN, key);
-		if (ret != 1) {
-			ret = EIO;
-			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
-			    "Failed to generate key from passphrase."));
-			goto error;
-		}
+		pbkdf2_hmac_sha1((unsigned char *)key, WRAPPING_KEY_LEN,
+		    (char *)key_material, strlen((char *)key_material),
+		    (char *)&salt, sizeof salt, iters);
 		break;
 	default:
 		ret = EINVAL;
-- 
2.44.0