svn commit: r344564 - in head: contrib/bearssl contrib/bearssl/tools lib/libbearssl

Tue Feb 26 05:59:25 UTC 2019

Author: sjg
Date: Tue Feb 26 05:59:22 2019
New Revision: 344564
URL: https://svnweb.freebsd.org/changeset/base/344564

Log:
  Add libbearssl
  
  Disabled by default, used by loader and sbin/veriexec
  
  Reviewed by:	emaste
  Sponsored by:	Juniper Networks
  Differential Revision: D16334

Added:
  head/contrib/bearssl/
     - copied from r343285, vendor/bearssl/dist/
  head/lib/libbearssl/
  head/lib/libbearssl/Makefile   (contents, props changed)
  head/lib/libbearssl/Makefile.depend   (contents, props changed)
  head/lib/libbearssl/Makefile.inc   (contents, props changed)
  head/lib/libbearssl/Makefile.libsa.inc   (contents, props changed)
Modified:
  head/contrib/bearssl/tools/brssl.h
  head/contrib/bearssl/tools/xmem.c

Modified: head/contrib/bearssl/tools/brssl.h
==============================================================================

--- vendor/bearssl/dist/tools/brssl.h	Mon Jan 21 20:58:33 2019	(r343285)
+++ head/contrib/bearssl/tools/brssl.h	Tue Feb 26 05:59:22 2019	(r344564)
@@ -25,10 +25,15 @@
 #ifndef BRSSL_H__
 #define BRSSL_H__
 
+#ifndef _STANDALONE
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <stdint.h>
+
+#elif !defined(STAND_H) 
+#include <stand.h> 
+#endif 
 
 #include "bearssl.h"
 

Modified: head/contrib/bearssl/tools/xmem.c
==============================================================================
--- vendor/bearssl/dist/tools/xmem.c	Mon Jan 21 20:58:33 2019	(r343285)
+++ head/contrib/bearssl/tools/xmem.c	Tue Feb 26 05:59:22 2019	(r344564)
@@ -35,9 +35,13 @@ xmalloc(size_t len)
 	}
 	buf = malloc(len);
 	if (buf == NULL) {
+#ifndef _STANDALONE
 		fprintf(stderr, "ERROR: could not allocate %lu byte(s)\n",
 			(unsigned long)len);
 		exit(EXIT_FAILURE);
+#else 
+; 
+#endif
 	}
 	return buf;
 }
@@ -90,9 +94,13 @@ xpkeydup(const br_x509_pkey *pk)
 		pk2->key.ec.qlen = pk->key.ec.qlen;
 		break;
 	default:
+#ifndef _STANDALONE
 		fprintf(stderr, "Unknown public key type: %u\n",
 			(unsigned)pk->key_type);
 		exit(EXIT_FAILURE);
+#else 
+; 
+#endif
 	}
 	return pk2;
 }
@@ -111,9 +119,13 @@ xfreepkey(br_x509_pkey *pk)
 			xfree(pk->key.ec.q);
 			break;
 		default:
+#ifndef _STANDALONE
 			fprintf(stderr, "Unknown public key type: %u\n",
 				(unsigned)pk->key_type);
 			exit(EXIT_FAILURE);
+#else 
+; 
+#endif
 		}
 		xfree(pk);
 	}

Added: head/lib/libbearssl/Makefile
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/lib/libbearssl/Makefile	Tue Feb 26 05:59:22 2019	(r344564)
@@ -0,0 +1,277 @@
+# $FreeBSD$
+
+# This is a reach over build of BearSSL (www.BearSSL.org)
+
+.include <src.opts.mk>
+
+LIB= bearssl
+
+# pick up SRCS used by libsa
+.include "Makefile.libsa.inc"
+
+SRCS+= \
+	codec/dec16be.c \
+	codec/dec16le.c \
+	codec/dec32le.c \
+	codec/dec64le.c \
+	codec/enc16be.c \
+	codec/enc16le.c \
+	codec/enc32le.c \
+	codec/enc64le.c \
+	codec/pemenc.c \
+	ec/ec_all_m15.c \
+	ec/ec_c25519_i15.c \
+	ec/ec_c25519_i31.c \
+	ec/ec_c25519_m15.c \
+	ec/ec_curve25519.c \
+	ec/ec_keygen.c \
+	ec/ec_p256_m15.c \
+	ec/ec_prime_i15.c \
+	ec/ecdsa_default_sign_asn1.c \
+	ec/ecdsa_default_sign_raw.c \
+	ec/ecdsa_default_vrfy_raw.c \
+	ec/ecdsa_i15_bits.c \
+	ec/ecdsa_i15_sign_asn1.c \
+	ec/ecdsa_i15_sign_raw.c \
+	ec/ecdsa_i15_vrfy_asn1.c \
+	ec/ecdsa_i15_vrfy_raw.c \
+	ec/ecdsa_i31_sign_asn1.c \
+	ec/ecdsa_i31_sign_raw.c \
+	ec/ecdsa_rta.c \
+	hash/dig_oid.c \
+	hash/dig_size.c \
+	hash/ghash_ctmul.c \
+	hash/ghash_ctmul32.c \
+	hash/ghash_ctmul64.c \
+	hash/ghash_pwr8.c \
+	hash/md5.c \
+	hash/md5sha1.c \
+
+
+# this one does not compile for amd64
+# we do not need it
+#	hash/ghash_pclmul.c \
+
+SRCS+= \
+	int/i15_add.c \
+	int/i15_bitlen.c \
+	int/i15_decmod.c \
+	int/i15_decode.c \
+	int/i15_decred.c \
+	int/i15_encode.c \
+	int/i15_fmont.c \
+	int/i15_iszero.c \
+	int/i15_moddiv.c \
+	int/i15_modpow.c \
+	int/i15_modpow2.c \
+	int/i15_montmul.c \
+	int/i15_mulacc.c \
+	int/i15_muladd.c \
+	int/i15_ninv15.c \
+	int/i15_reduce.c \
+	int/i15_rshift.c \
+	int/i15_sub.c \
+	int/i15_tmont.c \
+	int/i31_decred.c \
+	int/i31_mulacc.c \
+	int/i31_reduce.c \
+	int/i32_add.c \
+	int/i32_bitlen.c \
+	int/i32_decmod.c \
+	int/i32_decode.c \
+	int/i32_decred.c \
+	int/i32_encode.c \
+	int/i32_fmont.c \
+	int/i32_iszero.c \
+	int/i32_modpow.c \
+	int/i32_montmul.c \
+	int/i32_mulacc.c \
+	int/i32_muladd.c \
+	int/i32_ninv32.c \
+	int/i32_reduce.c \
+	int/i32_sub.c \
+	int/i32_tmont.c \
+
+SRCS+= \
+	kdf/hkdf.c \
+	kdf/shake.c \
+
+SRCS+= \
+	rsa/rsa_default_keygen.c \
+	rsa/rsa_default_modulus.c \
+	rsa/rsa_default_pkcs1_sign.c \
+	rsa/rsa_default_priv.c \
+	rsa/rsa_default_privexp.c \
+	rsa/rsa_default_pss_sign.c \
+	rsa/rsa_default_pss_vrfy.c \
+	rsa/rsa_default_pub.c \
+	rsa/rsa_default_pubexp.c \
+	rsa/rsa_i15_keygen.c \
+	rsa/rsa_i15_modulus.c \
+	rsa/rsa_i15_pkcs1_sign.c \
+	rsa/rsa_i15_pkcs1_vrfy.c \
+	rsa/rsa_i15_priv.c \
+	rsa/rsa_i15_privexp.c \
+	rsa/rsa_i15_pss_sign.c \
+	rsa/rsa_i15_pss_vrfy.c \
+	rsa/rsa_i15_pub.c \
+	rsa/rsa_i15_pubexp.c \
+	rsa/rsa_i31_keygen.c \
+	rsa/rsa_i31_keygen_inner.c \
+	rsa/rsa_i31_modulus.c \
+	rsa/rsa_i31_pkcs1_sign.c \
+	rsa/rsa_i31_priv.c \
+	rsa/rsa_i31_privexp.c \
+	rsa/rsa_i31_pss_sign.c \
+	rsa/rsa_i31_pss_vrfy.c \
+	rsa/rsa_i31_pubexp.c \
+	rsa/rsa_i32_pkcs1_sign.c \
+	rsa/rsa_i32_pkcs1_vrfy.c \
+	rsa/rsa_i32_priv.c \
+	rsa/rsa_i32_pss_sign.c \
+	rsa/rsa_i32_pss_vrfy.c \
+	rsa/rsa_i32_pub.c \
+	rsa/rsa_i62_keygen.c \
+	rsa/rsa_i62_pkcs1_sign.c \
+	rsa/rsa_i62_priv.c \
+	rsa/rsa_i62_pss_sign.c \
+	rsa/rsa_i62_pss_vrfy.c \
+	rsa/rsa_pkcs1_sig_pad.c \
+	rsa/rsa_pss_sig_pad.c \
+	rsa/rsa_pss_sig_unpad.c \
+	rsa/rsa_ssl_decrypt.c \
+
+SRCS+= \
+	x509/encode_ec_pk8der.c \
+	x509/encode_ec_rawder.c \
+	x509/encode_rsa_pk8der.c \
+	x509/encode_rsa_rawder.c \
+	x509/skey_decoder.c \
+	x509/x509_knownkey.c \
+	x509/x509_minimal_full.c \
+
+INCS= \
+	inc/bearssl.h \
+	inc/bearssl_aead.h \
+	inc/bearssl_block.h \
+	inc/bearssl_ec.h \
+	inc/bearssl_hash.h \
+	inc/bearssl_hmac.h \
+	inc/bearssl_kdf.h \
+	inc/bearssl_pem.h \
+	inc/bearssl_prf.h \
+	inc/bearssl_rand.h \
+	inc/bearssl_rsa.h \
+	inc/bearssl_ssl.h \
+	inc/bearssl_x509.h \
+
+INCS:= ${INCS:S,^,${BEARSSL}/,}
+
+
+.if ${MK_BEARSSL_SSL:Uno} == "yes"
+SRCS+= \
+	mac/hmac.c \
+	mac/hmac_ct.c \
+	rand/hmac_drbg.c \
+	ssl/prf.c \
+	ssl/prf_md5sha1.c \
+	ssl/prf_sha256.c \
+	ssl/prf_sha384.c \
+	ssl/ssl_ccert_single_ec.c \
+	ssl/ssl_ccert_single_rsa.c \
+	ssl/ssl_client.c \
+	ssl/ssl_client_default_rsapub.c \
+	ssl/ssl_client_full.c \
+	ssl/ssl_engine.c \
+	ssl/ssl_engine_default_aescbc.c \
+	ssl/ssl_engine_default_aesccm.c \
+	ssl/ssl_engine_default_aesgcm.c \
+	ssl/ssl_engine_default_chapol.c \
+	ssl/ssl_engine_default_descbc.c \
+	ssl/ssl_engine_default_ec.c \
+	ssl/ssl_engine_default_ecdsa.c \
+	ssl/ssl_engine_default_rsavrfy.c \
+	ssl/ssl_hashes.c \
+	ssl/ssl_hs_client.c \
+	ssl/ssl_hs_server.c \
+	ssl/ssl_io.c \
+	ssl/ssl_lru.c \
+	ssl/ssl_rec_cbc.c \
+	ssl/ssl_rec_ccm.c \
+	ssl/ssl_rec_chapol.c \
+	ssl/ssl_rec_gcm.c \
+	ssl/ssl_scert_single_ec.c \
+	ssl/ssl_scert_single_rsa.c \
+	ssl/ssl_server.c \
+	ssl/ssl_server_full_ec.c \
+	ssl/ssl_server_full_rsa.c \
+	ssl/ssl_server_mine2c.c \
+	ssl/ssl_server_mine2g.c \
+	ssl/ssl_server_minf2c.c \
+	ssl/ssl_server_minf2g.c \
+	ssl/ssl_server_minr2g.c \
+	ssl/ssl_server_minu2g.c \
+	ssl/ssl_server_minv2g.c \
+
+SRCS+= \
+	symcipher/aes_big_cbcdec.c \
+	symcipher/aes_big_cbcenc.c \
+	symcipher/aes_big_ctr.c \
+	symcipher/aes_big_dec.c \
+	symcipher/aes_big_enc.c \
+	symcipher/aes_common.c \
+	symcipher/aes_ct.c \
+	symcipher/aes_ct64.c \
+	symcipher/aes_ct64_cbcdec.c \
+	symcipher/aes_ct64_cbcenc.c \
+	symcipher/aes_ct64_ctr.c \
+	symcipher/aes_ct64_dec.c \
+	symcipher/aes_ct64_enc.c \
+	symcipher/aes_ct_cbcdec.c \
+	symcipher/aes_ct_cbcenc.c \
+	symcipher/aes_ct_ctr.c \
+	symcipher/aes_ct_dec.c \
+	symcipher/aes_ct_enc.c \
+	symcipher/aes_pwr8.c \
+	symcipher/aes_pwr8_cbcdec.c \
+	symcipher/aes_pwr8_cbcenc.c \
+	symcipher/aes_pwr8_ctr.c \
+	symcipher/aes_pwr8_ctrcbc.c \
+	symcipher/aes_small_cbcdec.c \
+	symcipher/aes_small_cbcenc.c \
+	symcipher/aes_small_ctr.c \
+	symcipher/aes_small_dec.c \
+	symcipher/aes_small_enc.c \
+	symcipher/aes_x86ni.c \
+	symcipher/aes_x86ni_cbcdec.c \
+	symcipher/aes_x86ni_cbcenc.c \
+	symcipher/aes_x86ni_ctr.c \
+	symcipher/chacha20_ct.c \
+	symcipher/des_ct.c \
+	symcipher/des_ct_cbcdec.c \
+	symcipher/des_ct_cbcenc.c \
+	symcipher/des_support.c \
+	symcipher/des_tab.c \
+	symcipher/des_tab_cbcdec.c \
+	symcipher/des_tab_cbcenc.c \
+	symcipher/poly1305_ctmul.c \
+	symcipher/poly1305_ctmul32.c \
+	symcipher/poly1305_ctmulq.c \
+	symcipher/poly1305_i15.c \
+
+.endif
+
+.include <bsd.lib.mk>
+
+.if ${MACHINE} == "host"
+CWARNFLAGS+= -Wno-error
+.endif
+XCFLAGS.gcc.rsa_i62_keygen+= -Wno-error
+XCFLAGS.i15_moddiv+= -Wno-shadow
+XCFLAGS.i31_moddiv+= -Wno-shadow
+XCFLAGS.i62_modpow2+= -Wno-cast-align
+XCFLAGS.x509_minimal+= -Wno-cast-qual
+
+CFLAGS+= ${XCFLAGS.${.TARGET:T:R}:U} \
+	${XCFLAGS.${COMPILER_TYPE}.${.TARGET:T:R}:U}
+

Added: head/lib/libbearssl/Makefile.depend
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/lib/libbearssl/Makefile.depend	Tue Feb 26 05:59:22 2019	(r344564)
@@ -0,0 +1,17 @@
+# $FreeBSD$
+# Autogenerated - do NOT edit!
+
+DIRDEPS = \
+	gnu/lib/csu \
+	include \
+	include/xlocale \
+	lib/${CSU_DIR} \
+	lib/libc \
+	lib/libcompiler_rt \
+
+
+.include <dirdeps.mk>
+
+.if ${DEP_RELDIR} == ${_DEP_RELDIR}
+# local dependencies - needed for -jN in clean tree
+.endif

Added: head/lib/libbearssl/Makefile.inc
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/lib/libbearssl/Makefile.inc	Tue Feb 26 05:59:22 2019	(r344564)
@@ -0,0 +1,7 @@
+# $FreeBSD$
+
+BEARSSL?= ${SRCTOP}/contrib/bearssl
+BEARSSL_SRC= ${BEARSSL}/src
+
+CFLAGS+= -I${BEARSSL}/inc
+

Added: head/lib/libbearssl/Makefile.libsa.inc
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/lib/libbearssl/Makefile.libsa.inc	Tue Feb 26 05:59:22 2019	(r344564)
@@ -0,0 +1,86 @@
+# $FreeBSD$
+
+# This file is included by libsa
+# It contains SRCS needed for loader
+
+.PATH: ${.PARSEDIR}
+
+.include "Makefile.inc"
+
+.PATH: ${BEARSSL_SRC}
+
+CFLAGS+=  -I${BEARSSL_SRC}
+
+# we do not need/want nested objdirs
+OBJS_SRCS_FILTER = T R
+
+# we list only the srcs the loader(s) actually needs
+SRCS+= \
+	codec/ccopy.c \
+	codec/dec32be.c \
+	codec/dec64be.c \
+	codec/enc32be.c \
+	codec/enc64be.c \
+	codec/pemdec.c \
+
+SRCS+= \
+	ec/ec_all_m31.c \
+	ec/ec_c25519_m31.c \
+	ec/ec_c25519_m62.c \
+	ec/ec_c25519_m64.c \
+	ec/ec_default.c \
+	ec/ec_p256_m31.c \
+	ec/ec_p256_m62.c \
+	ec/ec_p256_m64.c \
+	ec/ec_prime_i31.c \
+	ec/ec_pubkey.c \
+	ec/ec_secp256r1.c \
+	ec/ec_secp384r1.c \
+	ec/ec_secp521r1.c \
+	ec/ecdsa_atr.c \
+	ec/ecdsa_default_vrfy_asn1.c \
+	ec/ecdsa_i31_bits.c \
+	ec/ecdsa_i31_vrfy_asn1.c \
+	ec/ecdsa_i31_vrfy_raw.c \
+
+# Note: sha1 is needed for OpenPGP (keyId)
+SRCS+= \
+	hash/multihash.c \
+	hash/sha1.c \
+	hash/sha2big.c \
+	hash/sha2small.c \
+
+SRCS+= \
+	int/i31_add.c \
+	int/i31_bitlen.c \
+	int/i31_decmod.c \
+	int/i31_decode.c \
+	int/i31_encode.c \
+	int/i31_fmont.c \
+	int/i31_iszero.c \
+	int/i31_moddiv.c \
+	int/i31_modpow.c \
+	int/i31_modpow2.c \
+	int/i31_montmul.c \
+	int/i31_muladd.c \
+	int/i31_ninv31.c \
+	int/i31_rshift.c \
+	int/i31_sub.c \
+	int/i31_tmont.c \
+	int/i32_div32.c \
+	int/i62_modpow2.c \
+
+SRCS+= \
+	rsa/rsa_default_pkcs1_vrfy.c \
+	rsa/rsa_i31_pkcs1_vrfy.c \
+	rsa/rsa_i31_pub.c \
+	rsa/rsa_i62_pkcs1_vrfy.c \
+	rsa/rsa_i62_pub.c \
+	rsa/rsa_pkcs1_sig_unpad.c \
+
+
+SRCS+= \
+	x509/asn1enc.c \
+	x509/x509_decoder.c \
+	x509/x509_minimal.c \
+
