svn commit: r314332 - in stable/10: lib/libcrypt lib/libmd sbin/md5 sys/crypto/sha2

Mon Feb 27 10:40:42 UTC 2017

Author: avg
Date: Mon Feb 27 10:40:39 2017
New Revision: 314332
URL: https://svnweb.freebsd.org/changeset/base/314332

Log:
  MFC r300903: Implement SHA-512 truncated (224 and 256 bits)

Added:
  stable/10/sys/crypto/sha2/sha512t.h
     - copied unchanged from r300903, head/sys/crypto/sha2/sha512t.h
Modified:
  stable/10/lib/libcrypt/Makefile
  stable/10/lib/libmd/Makefile
  stable/10/lib/libmd/sha512.3
  stable/10/lib/libmd/shadriver.c
  stable/10/sbin/md5/Makefile
  stable/10/sbin/md5/md5.1
  stable/10/sbin/md5/md5.c
  stable/10/sys/crypto/sha2/sha512c.c
Directory Properties:
  stable/10/   (props changed)

Modified: stable/10/lib/libcrypt/Makefile
==============================================================================

--- stable/10/lib/libcrypt/Makefile	Mon Feb 27 10:22:16 2017	(r314331)
+++ stable/10/lib/libcrypt/Makefile	Mon Feb 27 10:40:39 2017	(r314332)
@@ -29,6 +29,8 @@ CFLAGS+=	-I${.CURDIR} -DHAS_DES -DHAS_BL
 .for sym in MD4Init MD4Final MD4Update MD4Pad \
 	    MD5Init MD5Final MD5Update MD5Pad \
 	    SHA256_Init SHA256_Final SHA256_Update \
+	    SHA512_224_Init SHA512_224_Final SHA512_224_Update \
+	    SHA512_256_Init SHA512_256_Final SHA512_256_Update \
 	    SHA384_Init SHA384_Final SHA384_Update \
 	    SHA512_Init SHA512_Final SHA512_Update
 CFLAGS+=	-D${sym}=__${sym}

Modified: stable/10/lib/libmd/Makefile
==============================================================================
--- stable/10/lib/libmd/Makefile	Mon Feb 27 10:22:16 2017	(r314331)
+++ stable/10/lib/libmd/Makefile	Mon Feb 27 10:40:39 2017	(r314332)
@@ -8,8 +8,8 @@ SRCS=	md4c.c md5c.c md4hl.c md5hl.c \
 	sha0c.c sha0hl.c sha1c.c sha1hl.c \
 	sha256c.c sha256hl.c \
 	sha384hl.c \
-	sha512c.c sha512hl.c
-INCS=	md4.h md5.h ripemd.h sha.h sha256.h sha384.h sha512.h
+	sha512c.c sha512hl.c sha512thl.c
+INCS=	md4.h md5.h ripemd.h sha.h sha256.h sha384.h sha512.h sha512t.h
 
 WARNS?=	0
 
@@ -42,11 +42,15 @@ MLINKS+=sha512.3 SHA512_Init.3  sha512.3
 MLINKS+=sha512.3 SHA512_Final.3 sha512.3 SHA512_End.3
 MLINKS+=sha512.3 SHA512_File.3  sha512.3 SHA512_FileChunk.3
 MLINKS+=sha512.3 SHA512_Data.3
+MLINKS+=sha512.3 SHA512_256_Init.3  sha512.3 SHA512_256_Update.3
+MLINKS+=sha512.3 SHA512_256_Final.3 sha512.3 SHA512_256_End.3
+MLINKS+=sha512.3 SHA512_256_File.3  sha512.3 SHA512_256_FileChunk.3
+MLINKS+=sha512.3 SHA512_256_Data.3
 CLEANFILES+=	md[245]hl.c md[245].ref md[245].3 mddriver \
 		rmd160.ref rmd160hl.c rmddriver \
 		sha0.ref sha0hl.c sha1.ref sha1hl.c shadriver \
 		sha256.ref sha256hl.c sha384hl.c sha384.ref \
-		sha512.ref sha512hl.c
+		sha512.ref sha512hl.c sha512t256.ref sha512thl.c
 
 # Define WEAK_REFS to provide weak aliases for libmd symbols
 #
@@ -106,6 +110,13 @@ sha512hl.c: mdXhl.c
 			-e  's/SHA512__/SHA512_/g' \
 		${.ALLSRC}) > ${.TARGET}
 
+sha512thl.c: mdXhl.c
+	(echo '#define LENGTH 32'; \
+		sed -e 's/mdX/sha512t/g' -e 's/MDX/SHA512_256_/g'	\
+			-e  's/SHA512_256__/SHA512_256_/g' \
+			-e 's/SHA512_256_CTX/SHA512_CTX/g' \
+		${.ALLSRC}) > ${.TARGET}
+
 rmd160hl.c: mdXhl.c
 	(echo '#define LENGTH 20'; \
 		sed -e 's/mdX/ripemd/g' -e 's/MDX/RIPEMD160_/g' \
@@ -210,6 +221,21 @@ sha512.ref:
 	@echo 'SHA-512 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") =' \
 		'72ec1ef1124a45b047e8b7c75a932195135bb61de24ec0d1914042246e0aec3a2354e093d76f3048b456764346900cb130d2a4fd5dd16abb5e30bcb850dee843' >> ${.TARGET}
 
+sha512t256.ref:
+	echo 'SHA-512256 test suite:' > ${.TARGET}
+	@echo 'SHA-512256 ("") =' \
+		'c672b8d1ef56ed28ab87c3622c5114069bdd3ad7b8f9737498d0c01ecef0967a' >> ${.TARGET}
+	@echo 'SHA-512256 ("abc") =' \
+		'53048e2681941ef99b2e29b76b4c7dabe4c2d0c634fc6d46e0e2f13107e7af23' >> ${.TARGET}
+	@echo 'SHA-512256 ("message digest") =' \
+		'0cf471fd17ed69d990daf3433c89b16d63dec1bb9cb42a6094604ee5d7b4e9fb' >> ${.TARGET}
+	@echo 'SHA-512256 ("abcdefghijklmnopqrstuvwxyz") =' \
+		'fc3189443f9c268f626aea08a756abe7b726b05f701cb08222312ccfd6710a26' >> ${.TARGET}
+	@echo 'SHA-512256 ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") =' \
+		'cdf1cc0effe26ecc0c13758f7b4a48e000615df241284185c39eb05d355bb9c8' >> ${.TARGET}
+	@echo 'SHA-512256 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") =' \
+		'2c9fdbc0c90bdd87612ee8455474f9044850241dc105b1e8b94b8ddf5fac9148' >> ${.TARGET}
+
 rmd160.ref:
 	echo 'RIPEMD160 test suite:' > ${.TARGET}
 	@echo 'RIPEMD160 ("") = 9c1185a5c5e9fc54612808977ee8f548b2258d31' >> ${.TARGET}
@@ -224,7 +250,7 @@ rmd160.ref:
 		'9b752e45573d4b39f4dbd3323cab82bf63326bfb' >> ${.TARGET}
 
 test:	md4.ref md5.ref sha0.ref rmd160.ref sha1.ref sha256.ref sha384.ref \
-		sha512.ref
+		sha512.ref sha512t256.ref
 	@${ECHO} if any of these test fail, the code produces wrong results
 	@${ECHO} and should NOT be used.
 	${CC} ${CFLAGS} ${LDFLAGS} -DMD=4 -o mddriver ${.CURDIR}/mddriver.c libmd.a
@@ -253,6 +279,9 @@ test:	md4.ref md5.ref sha0.ref rmd160.re
 	${CC} ${CFLAGS} ${LDFLAGS} -DSHA=512 -o shadriver ${.CURDIR}/shadriver.c libmd.a
 	./shadriver | cmp sha512.ref -
 	@${ECHO} SHA-512 passed test
+	${CC} ${CFLAGS} ${LDFLAGS} -DSHA=512256 -o shadriver ${.CURDIR}/shadriver.c libmd.a
+	./shadriver | cmp sha512t256.ref -
+	@${ECHO} SHA-512t256 passed test
 	-rm -f shadriver
 
 .include <bsd.lib.mk>

Modified: stable/10/lib/libmd/sha512.3
==============================================================================
--- stable/10/lib/libmd/sha512.3	Mon Feb 27 10:22:16 2017	(r314331)
+++ stable/10/lib/libmd/sha512.3	Mon Feb 27 10:40:39 2017	(r314332)
@@ -9,7 +9,7 @@
 .\" 	From: Id: mdX.3,v 1.14 1999/02/11 20:31:49 wollman Exp
 .\" $FreeBSD$
 .\"
-.Dd October 17, 2015
+.Dd April 22, 2016
 .Dt SHA512 3
 .Os
 .Sh NAME
@@ -26,7 +26,14 @@
 .Nm SHA384_End ,
 .Nm SHA384_File ,
 .Nm SHA384_FileChunk ,
-.Nm SHA384_Data
+.Nm SHA384_Data,
+.Nm SHA512_256_Init ,
+.Nm SHA512_256_Update ,
+.Nm SHA512_256_Final ,
+.Nm SHA512_256_End ,
+.Nm SHA512_256_File ,
+.Nm SHA512_256_FileChunk ,
+.Nm SHA512_256_Data
 .Nd calculate the FIPS 180-4 ``SHA-512'' family of message digests
 .Sh LIBRARY
 .Lb libmd
@@ -47,6 +54,7 @@
 .Fn SHA512_FileChunk "const char *filename" "char *buf" "off_t offset" "off_t length"
 .Ft "char *"
 .Fn SHA512_Data "const unsigned char *data" "unsigned int len" "char *buf"
+.In sha384.h
 .Ft void
 .Fn SHA384_Init "SHA384_CTX *context"
 .Ft void
@@ -61,6 +69,21 @@
 .Fn SHA384_FileChunk "const char *filename" "char *buf" "off_t offset" "off_t length"
 .Ft "char *"
 .Fn SHA384_Data "const unsigned char *data" "unsigned int len" "char *buf"
+.In sha512t.h
+.Ft void
+.Fn SHA512_256_Init "SHA512_CTX *context"
+.Ft void
+.Fn SHA512_256_Update "SHA512_CTX *context" "const unsigned char *data" "size_t len"
+.Ft void
+.Fn SHA512_256_Final "unsigned char digest[32]" "SHA512_CTX *context"
+.Ft "char *"
+.Fn SHA512_256_End "SHA512_CTX *context" "char *buf"
+.Ft "char *"
+.Fn SHA512_256_File "const char *filename" "char *buf"
+.Ft "char *"
+.Fn SHA512_256_FileChunk "const char *filename" "char *buf" "off_t offset" "off_t length"
+.Ft "char *"
+.Fn SHA512_256_Data "const unsigned char *data" "unsigned int len" "char *buf"
 .Sh DESCRIPTION
 The
 .Li SHA512_
@@ -92,7 +115,7 @@ and finally extract the result using
 .Fn SHA512_End
 is a wrapper for
 .Fn SHA512_Final
-which converts the return value to a 65-character
+which converts the return value to a 129-character
 (including the terminating '\e0')
 .Tn ASCII
 string which represents the 512 bits in hexadecimal.
@@ -139,22 +162,32 @@ and subsequently must be explicitly deal
 after use.
 If the
 .Fa buf
-argument is non-null it must point to at least 65 characters of buffer space.
+argument is non-null it must point to at least 129 characters of buffer space.
 .Pp
 The
 .Li SHA384_
+and
+.Li SHA512_256_
 functions are identical to the
 .Li SHA512_
 functions except they use a different initial hash value and the output is
-truncated to 384 bits.
+truncated to 384 bits and 256 bits respectively.
 .Pp
 .Fn SHA384_End
 is a wrapper for
 .Fn SHA384_Final
-which converts the return value to a 49-character
+which converts the return value to a 97-character
 (including the terminating '\e0')
 .Tn ASCII
 string which represents the 384 bits in hexadecimal.
+.Pp
+.Fn SHA512_256_End
+is a wrapper for
+.Fn SHA512_Final
+which converts the return value to a 65-character
+(including the terminating '\e0')
+.Tn ASCII
+string which represents the 256 bits in hexadecimal.
 .Sh SEE ALSO
 .Xr md4 3 ,
 .Xr md5 3 ,

Modified: stable/10/lib/libmd/shadriver.c
==============================================================================
--- stable/10/lib/libmd/shadriver.c	Mon Feb 27 10:22:16 2017	(r314331)
+++ stable/10/lib/libmd/shadriver.c	Mon Feb 27 10:40:39 2017	(r314332)
@@ -24,6 +24,7 @@ __FBSDID("$FreeBSD$");
 #include "sha256.h"
 #include "sha384.h"
 #include "sha512.h"
+#include "sha512t.h"
 
 /* The following makes SHA default to SHA-1 if it has not already been
  * defined with C compiler flags. */
@@ -43,6 +44,9 @@ __FBSDID("$FreeBSD$");
 #elif SHA == 512
 #undef SHA_Data
 #define SHA_Data SHA512_Data
+#elif SHA == 512256
+#undef SHA_Data
+#define SHA_Data SHA512_256_Data
 #endif
 
 /* Digests a string and prints the result. */

Modified: stable/10/sbin/md5/Makefile
==============================================================================
--- stable/10/sbin/md5/Makefile	Mon Feb 27 10:22:16 2017	(r314331)
+++ stable/10/sbin/md5/Makefile	Mon Feb 27 10:40:39 2017	(r314332)
@@ -7,13 +7,15 @@ LINKS=	${BINDIR}/md5 ${BINDIR}/rmd160 \
 	${BINDIR}/md5 ${BINDIR}/sha1 \
 	${BINDIR}/md5 ${BINDIR}/sha256 \
 	${BINDIR}/md5 ${BINDIR}/sha384 \
-	${BINDIR}/md5 ${BINDIR}/sha512
+	${BINDIR}/md5 ${BINDIR}/sha512 \
+	${BINDIR}/md5 ${BINDIR}/sha512t256
 
 MLINKS=	md5.1 rmd160.1 \
 	md5.1 sha1.1 \
 	md5.1 sha256.1 \
 	md5.1 sha384.1 \
-	md5.1 sha512.1
+	md5.1 sha512.1 \
+	md5.1 sha512t256.1
 
 DPADD=	${LIBMD}
 LDADD=	-lmd

Modified: stable/10/sbin/md5/md5.1
==============================================================================
--- stable/10/sbin/md5/md5.1	Mon Feb 27 10:22:16 2017	(r314331)
+++ stable/10/sbin/md5/md5.1	Mon Feb 27 10:40:39 2017	(r314332)
@@ -1,9 +1,9 @@
 .\" $FreeBSD$
-.Dd October 17, 2015
+.Dd April 22, 2016
 .Dt MD5 1
 .Os
 .Sh NAME
-.Nm md5 , sha1 , sha256 , sha384 , sha512, rmd160
+.Nm md5 , sha1 , sha256 , sha384 , sha512, sha512t256, rmd160
 .Nd calculate a message-digest fingerprint (checksum) for a file
 .Sh SYNOPSIS
 .Nm md5
@@ -31,6 +31,11 @@
 .Op Fl c Ar string
 .Op Fl s Ar string
 .Op Ar
+.Nm sha512t256
+.Op Fl pqrtx
+.Op Fl c Ar string
+.Op Fl s Ar string
+.Op Ar
 .Nm rmd160
 .Op Fl pqrtx
 .Op Fl c Ar string
@@ -38,7 +43,7 @@
 .Op Ar
 .Sh DESCRIPTION
 The
-.Nm md5 , sha1 , sha256 , sha384 , sha512
+.Nm md5 , sha1 , sha256 , sha384 , sha512, sha512t256
 and
 .Nm rmd160
 utilities take as input a message of arbitrary length and produce as
@@ -78,8 +83,17 @@ found which is faster than a brute-force
 .Tn SHA-1
 in doubt.
 .Pp
-It is recommended that all new applications use
+.Tn SHA-512t256
+is a version of
+.Tn SHA-512
+truncated to only 256 bits.
+On 64-bit hardware, this algorithm is approximately 50% faster than
 .Tn SHA-256
+but with the same level of security.
+The hashes are not interchangeable.
+.Pp
+It is recommended that all new applications use
+.Tn SHA-512
 instead of one of the other hash functions.
 .Pp
 The following options may be used in any combination and must
@@ -114,7 +128,7 @@ Run a built-in test script.
 .El
 .Sh EXIT STATUS
 The
-.Nm md5 , sha1 , sha256 , sha512
+.Nm md5 , sha1 , sha256 , sha512, sha512t256
 and
 .Nm rmd160
 utilities exit 0 on success,

Modified: stable/10/sbin/md5/md5.c
==============================================================================
--- stable/10/sbin/md5/md5.c	Mon Feb 27 10:22:16 2017	(r314331)
+++ stable/10/sbin/md5/md5.c	Mon Feb 27 10:40:39 2017	(r314332)
@@ -30,6 +30,7 @@ __FBSDID("$FreeBSD$");
 #include <sha256.h>
 #include <sha384.h>
 #include <sha512.h>
+#include <sha512t.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -58,6 +59,7 @@ extern const char *SHA1_TestOutput[MDTES
 extern const char *SHA256_TestOutput[MDTESTCOUNT];
 extern const char *SHA384_TestOutput[MDTESTCOUNT];
 extern const char *SHA512_TestOutput[MDTESTCOUNT];
+extern const char *SHA512t256_TestOutput[MDTESTCOUNT];
 extern const char *RIPEMD160_TestOutput[MDTESTCOUNT];
 
 typedef struct Algorithm_t {
@@ -110,6 +112,9 @@ static const struct Algorithm_t Algorith
 	{ "sha512", "SHA512", &SHA512_TestOutput, (DIGEST_Init*)&SHA512_Init,
 		(DIGEST_Update*)&SHA512_Update, (DIGEST_End*)&SHA512_End,
 		&SHA512_Data, &SHA512_File },
+	{ "sha512t256", "SHA512t256", &SHA512t256_TestOutput, (DIGEST_Init*)&SHA512_256_Init,
+		(DIGEST_Update*)&SHA512_256_Update, (DIGEST_End*)&SHA512_256_End,
+		&SHA512_256_Data, &SHA512_256_File },
 	{ "rmd160", "RMD160", &RIPEMD160_TestOutput,
 		(DIGEST_Init*)&RIPEMD160_Init, (DIGEST_Update*)&RIPEMD160_Update,
 		(DIGEST_End*)&RIPEMD160_End, &RIPEMD160_Data, &RIPEMD160_File }
@@ -355,6 +360,17 @@ const char *SHA512_TestOutput[MDTESTCOUN
 	"e8a835195e039708b13d9131e025f4441dbdc521ce625f245a436dcd762f54bf5cb298d96235e6c6a304e087ec8189b9512cbdf6427737ea82793460c367b9c3"
 };
 
+const char *SHA512t256_TestOutput[MDTESTCOUNT] = {
+	"c672b8d1ef56ed28ab87c3622c5114069bdd3ad7b8f9737498d0c01ecef0967a",
+	"455e518824bc0601f9fb858ff5c37d417d67c2f8e0df2babe4808858aea830f8",
+	"53048e2681941ef99b2e29b76b4c7dabe4c2d0c634fc6d46e0e2f13107e7af23",
+	"0cf471fd17ed69d990daf3433c89b16d63dec1bb9cb42a6094604ee5d7b4e9fb",
+	"fc3189443f9c268f626aea08a756abe7b726b05f701cb08222312ccfd6710a26",
+	"cdf1cc0effe26ecc0c13758f7b4a48e000615df241284185c39eb05d355bb9c8",
+	"2c9fdbc0c90bdd87612ee8455474f9044850241dc105b1e8b94b8ddf5fac9148",
+	"dd095fc859b336c30a52548b3dc59fcc0d1be8616ebcf3368fad23107db2d736"
+};
+
 const char *RIPEMD160_TestOutput[MDTESTCOUNT] = {
 	"9c1185a5c5e9fc54612808977ee8f548b2258d31",
 	"0bdc9d2d256b3ee9daae347be6f4dc835a467ffe",

Modified: stable/10/sys/crypto/sha2/sha512c.c
==============================================================================
--- stable/10/sys/crypto/sha2/sha512c.c	Mon Feb 27 10:22:16 2017	(r314331)
+++ stable/10/sys/crypto/sha2/sha512c.c	Mon Feb 27 10:40:39 2017	(r314332)
@@ -1,5 +1,6 @@
 /*-
  * Copyright 2005 Colin Percival
+ * Copyright (c) 2015 Allan Jude <allanjude at FreeBSD.org>
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -37,6 +38,7 @@ __FBSDID("$FreeBSD$");
 #endif
 
 #include "sha512.h"
+#include "sha512t.h"
 #include "sha384.h"
 
 #if BYTE_ORDER == BIG_ENDIAN
@@ -324,6 +326,88 @@ SHA512_Final(unsigned char digest[SHA512
 	memset((void *)ctx, 0, sizeof(*ctx));
 }
 
+/*** SHA-512t: *********************************************************/
+/*
+ * the SHA512t transforms are identical to SHA512 so reuse the existing function
+ */
+void
+SHA512_224_Init(SHA512_CTX * ctx)
+{
+
+	/* Zero bits processed so far */
+	ctx->count[0] = ctx->count[1] = 0;
+
+	/* Magic initialization constants */
+	ctx->state[0] = 0x8c3d37c819544da2ULL;
+	ctx->state[1] = 0x73e1996689dcd4d6ULL;
+	ctx->state[2] = 0x1dfab7ae32ff9c82ULL;
+	ctx->state[3] = 0x679dd514582f9fcfULL;
+	ctx->state[4] = 0x0f6d2b697bd44da8ULL;
+	ctx->state[5] = 0x77e36f7304c48942ULL;
+	ctx->state[6] = 0x3f9d85a86a1d36c8ULL;
+	ctx->state[7] = 0x1112e6ad91d692a1ULL;
+}
+
+void
+SHA512_224_Update(SHA512_CTX * ctx, const void *in, size_t len)
+{
+
+	SHA512_Update(ctx, in, len);
+}
+
+void
+SHA512_224_Final(unsigned char digest[static SHA512_224_DIGEST_LENGTH], SHA512_CTX * ctx)
+{
+
+	/* Add padding */
+	SHA512_Pad(ctx);
+
+	/* Write the hash */
+	be64enc_vect(digest, ctx->state, SHA512_224_DIGEST_LENGTH);
+
+	/* Clear the context state */
+	memset(ctx, 0, sizeof(*ctx));
+}
+
+void
+SHA512_256_Init(SHA512_CTX * ctx)
+{
+
+	/* Zero bits processed so far */
+	ctx->count[0] = ctx->count[1] = 0;
+
+	/* Magic initialization constants */
+	ctx->state[0] = 0x22312194fc2bf72cULL;
+	ctx->state[1] = 0x9f555fa3c84c64c2ULL;
+	ctx->state[2] = 0x2393b86b6f53b151ULL;
+	ctx->state[3] = 0x963877195940eabdULL;
+	ctx->state[4] = 0x96283ee2a88effe3ULL;
+	ctx->state[5] = 0xbe5e1e2553863992ULL;
+	ctx->state[6] = 0x2b0199fc2c85b8aaULL;
+	ctx->state[7] = 0x0eb72ddc81c52ca2ULL;
+}
+
+void
+SHA512_256_Update(SHA512_CTX * ctx, const void *in, size_t len)
+{
+
+	SHA512_Update(ctx, in, len);
+}
+
+void
+SHA512_256_Final(unsigned char digest[static SHA512_256_DIGEST_LENGTH], SHA512_CTX * ctx)
+{
+
+	/* Add padding */
+	SHA512_Pad(ctx);
+
+	/* Write the hash */
+	be64enc_vect(digest, ctx->state, SHA512_256_DIGEST_LENGTH);
+
+	/* Clear the context state */
+	memset(ctx, 0, sizeof(*ctx));
+}
+
 /*** SHA-384: *********************************************************/
 /*
  * the SHA384 and SHA512 transforms are identical, so SHA384 is skipped
@@ -388,6 +472,20 @@ __weak_reference(_libmd_SHA512_Final, SH
 #undef SHA512_Transform
 __weak_reference(_libmd_SHA512_Transform, SHA512_Transform);
 
+#undef SHA512_224_Init
+__weak_reference(_libmd_SHA512_224_Init, SHA512_224_Init);
+#undef SHA512_224_Update
+__weak_reference(_libmd_SHA512_224_Update, SHA512_224_Update);
+#undef SHA512_224_Final
+__weak_reference(_libmd_SHA512_224_Final, SHA512_224_Final);
+
+#undef SHA512_256_Init
+__weak_reference(_libmd_SHA512_256_Init, SHA512_256_Init);
+#undef SHA512_256_Update
+__weak_reference(_libmd_SHA512_256_Update, SHA512_256_Update);
+#undef SHA512_256_Final
+__weak_reference(_libmd_SHA512_256_Final, SHA512_256_Final);
+
 #undef SHA384_Init
 __weak_reference(_libmd_SHA384_Init, SHA384_Init);
 #undef SHA384_Update

Copied: stable/10/sys/crypto/sha2/sha512t.h (from r300903, head/sys/crypto/sha2/sha512t.h)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ stable/10/sys/crypto/sha2/sha512t.h	Mon Feb 27 10:40:39 2017	(r314332, copy of r300903, head/sys/crypto/sha2/sha512t.h)
@@ -0,0 +1,125 @@
+/*-
+ * Copyright (c) 2015 Allan Jude <allanjude at FreeBSD.org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $FreeBSD$
+ */
+
+#ifndef _SHA512T_H_
+#define _SHA512T_H_
+
+#include "sha512.h"
+
+#ifndef _KERNEL
+#include <sys/types.h>
+#endif
+
+#define SHA512_224_DIGEST_LENGTH	28
+#define SHA512_224_DIGEST_STRING_LENGTH	(SHA512_224_DIGEST_LENGTH * 2 + 1)
+#define SHA512_256_DIGEST_LENGTH	32
+#define SHA512_256_DIGEST_STRING_LENGTH	(SHA512_256_DIGEST_LENGTH * 2 + 1)
+
+__BEGIN_DECLS
+
+/* Ensure libmd symbols do not clash with libcrypto */
+#ifndef SHA512_224_Init
+#define SHA512_224_Init		_libmd_SHA512_224_Init
+#endif
+#ifndef SHA512_224_Update
+#define SHA512_224_Update	_libmd_SHA512_224_Update
+#endif
+#ifndef SHA512_224_Final
+#define SHA512_224_Final	_libmd_SHA512_224_Final
+#endif
+#ifndef SHA512_224_End
+#define SHA512_224_End		_libmd_SHA512_224_End
+#endif
+#ifndef SHA512_224_File
+#define SHA512_224_File		_libmd_SHA512_224_File
+#endif
+#ifndef SHA512_224_FileChunk
+#define SHA512_224_FileChunk	_libmd_SHA512_224_FileChunk
+#endif
+#ifndef SHA512_224_Data
+#define SHA512_224_Data		_libmd_SHA512_224_Data
+#endif
+
+#ifndef SHA512_224_Transform
+#define SHA512_224_Transform	_libmd_SHA512_224_Transform
+#endif
+#ifndef SHA512_224_version
+#define SHA512_224_version	_libmd_SHA512_224_version
+#endif
+
+#ifndef SHA512_256_Init
+#define SHA512_256_Init		_libmd_SHA512_256_Init
+#endif
+#ifndef SHA512_256_Update
+#define SHA512_256_Update	_libmd_SHA512_256_Update
+#endif
+#ifndef SHA512_256_Final
+#define SHA512_256_Final	_libmd_SHA512_256_Final
+#endif
+#ifndef SHA512_256_End
+#define SHA512_256_End		_libmd_SHA512_256_End
+#endif
+#ifndef SHA512_256_File
+#define SHA512_256_File		_libmd_SHA512_256_File
+#endif
+#ifndef SHA512_256_FileChunk
+#define SHA512_256_FileChunk	_libmd_SHA512_256_FileChunk
+#endif
+#ifndef SHA512_256_Data
+#define SHA512_256_Data		_libmd_SHA512_256_Data
+#endif
+
+#ifndef SHA512_256_Transform
+#define SHA512_256_Transform	_libmd_SHA512_256_Transform
+#endif
+#ifndef SHA512_256_version
+#define SHA512_256_version	_libmd_SHA512_256_version
+#endif
+
+void	SHA512_224_Init(SHA512_CTX *);
+void	SHA512_224_Update(SHA512_CTX *, const void *, size_t);
+void	SHA512_224_Final(unsigned char [static SHA512_224_DIGEST_LENGTH], SHA512_CTX *);
+#ifndef _KERNEL
+char   *SHA512_224_End(SHA512_CTX *, char *);
+char   *SHA512_224_Data(const void *, unsigned int, char *);
+char   *SHA512_224_File(const char *, char *);
+char   *SHA512_224_FileChunk(const char *, char *, off_t, off_t);
+#endif
+void	SHA512_256_Init(SHA512_CTX *);
+void	SHA512_256_Update(SHA512_CTX *, const void *, size_t);
+void	SHA512_256_Final(unsigned char [static SHA512_256_DIGEST_LENGTH], SHA512_CTX *);
+#ifndef _KERNEL
+char   *SHA512_256_End(SHA512_CTX *, char *);
+char   *SHA512_256_Data(const void *, unsigned int, char *);
+char   *SHA512_256_File(const char *, char *);
+char   *SHA512_256_FileChunk(const char *, char *, off_t, off_t);
+#endif
+
+__END_DECLS
+
+#endif /* !_SHA512T_H_ */
