mirror of
https://github.com/opnsense/src.git
synced 2026-02-18 18:20:26 -05:00
secure: hook up libecc as libpkgecc
libecc is not intended to be general use, other applications should really be using openssl. pkg(7) uses libecc to align with the pkg(8) project and its goals. This will be used in the upcoming support for ECC in pkg(7). Reviewed by: emaste (cherry picked from commit 05427f4639bcf2703329a9be9d25ec09bb782742)
This commit is contained in:
parent
539736e08c
commit
616156f8e6
4 changed files with 164 additions and 1 deletions
|
|
@ -1,7 +1,7 @@
|
|||
|
||||
.include <src.opts.mk>
|
||||
|
||||
SUBDIR=
|
||||
SUBDIR= libpkgecc
|
||||
.if ${MK_OPENSSL} != "no"
|
||||
SUBDIR+=libcrypto libssl
|
||||
.if ${MK_OPENSSH} != "no"
|
||||
|
|
|
|||
137
secure/lib/libpkgecc/Makefile
Normal file
137
secure/lib/libpkgecc/Makefile
Normal file
|
|
@ -0,0 +1,137 @@
|
|||
|
||||
# STOP - This is not a general purpose library and is only for use by pkg(7)
|
||||
# to align with the implementation in pkg(8).
|
||||
LIB= pkgecc
|
||||
INTERNALLIB=
|
||||
|
||||
.PATH: $(SRCTOP)/crypto/libecc
|
||||
SRCS+= pkg_libecc_rand.c
|
||||
|
||||
# curves_mod_src
|
||||
.PATH: $(SRCTOP)/crypto/libecc/src/curves
|
||||
SRCS+= aff_pt.c \
|
||||
aff_pt_montgomery.c \
|
||||
ec_edwards.c \
|
||||
ec_montgomery.c \
|
||||
ec_params.c \
|
||||
ec_shortw.c \
|
||||
aff_pt_edwards.c \
|
||||
curves.c \
|
||||
prj_pt.c
|
||||
|
||||
# utils_ec_src
|
||||
.PATH: $(SRCTOP)/crypto/libecc/src/utils
|
||||
SRCS+= print_curves.c
|
||||
|
||||
# fp_mod_src
|
||||
.PATH: $(SRCTOP)/crypto/libecc/src/fp
|
||||
SRCS+= fp_add.c \
|
||||
fp.c \
|
||||
fp_montgomery.c \
|
||||
fp_mul.c \
|
||||
fp_mul_redc1.c \
|
||||
fp_pow.c \
|
||||
fp_rand.c \
|
||||
fp_sqrt.c
|
||||
|
||||
# nn_mod_src
|
||||
.PATH: $(SRCTOP)/crypto/libecc/src/nn
|
||||
SRCS+= nn_add.c \
|
||||
nn.c \
|
||||
nn_div.c \
|
||||
nn_logical.c \
|
||||
nn_modinv.c \
|
||||
nn_mod_pow.c \
|
||||
nn_mul.c \
|
||||
nn_mul_redc1.c \
|
||||
nn_rand.c
|
||||
|
||||
# utils_arith_src
|
||||
SRCS+= utils.c \
|
||||
utils_rand.c \
|
||||
print_buf.c \
|
||||
print_fp.c \
|
||||
print_nn.c
|
||||
|
||||
## libsign bits
|
||||
# hash_mod_src
|
||||
.PATH: $(SRCTOP)/crypto/libecc/src/hash
|
||||
SRCS+= hash_algs.c \
|
||||
sm3.c \
|
||||
streebog.c \
|
||||
ripemd160.c \
|
||||
belt-hash.c \
|
||||
hmac.c \
|
||||
bash224.c \
|
||||
bash256.c \
|
||||
bash384.c \
|
||||
bash512.c \
|
||||
bash.c \
|
||||
sha224.c \
|
||||
sha256.c \
|
||||
sha3-224.c \
|
||||
sha3-256.c \
|
||||
sha3-384.c \
|
||||
sha3-512.c \
|
||||
sha384.c \
|
||||
sha3.c \
|
||||
sha512-224.c \
|
||||
sha512-256.c \
|
||||
sha512.c \
|
||||
sha512_core.c \
|
||||
shake256.c \
|
||||
shake.c
|
||||
|
||||
# sig_mod_src
|
||||
.PATH: $(SRCTOP)/crypto/libecc/src/sig
|
||||
SRCS+= decdsa.c \
|
||||
ecdsa.c \
|
||||
ecfsdsa.c \
|
||||
ecgdsa.c \
|
||||
eckcdsa.c \
|
||||
ecosdsa.c \
|
||||
ecrdsa.c \
|
||||
ecsdsa.c \
|
||||
eddsa.c \
|
||||
fuzzing_ecdsa.c \
|
||||
fuzzing_ecgdsa.c \
|
||||
fuzzing_ecrdsa.c \
|
||||
ecdsa_common.c \
|
||||
ecsdsa_common.c \
|
||||
sig_algs.c \
|
||||
sm2.c \
|
||||
bign_common.c \
|
||||
bign.c \
|
||||
dbign.c \
|
||||
bip0340.c
|
||||
|
||||
# key_mod_src
|
||||
SRCS+= ec_key.c
|
||||
|
||||
# utils_sign_src
|
||||
.PATH: $(SRCTOP)/crypto/libecc/src/sig
|
||||
SRCS+= print_keys.c
|
||||
|
||||
# ecdh_mod_src
|
||||
.PATH: $(SRCTOP)/crypto/libecc/src/ecdh
|
||||
SRCS+= ecccdh.c \
|
||||
x25519_448.c
|
||||
|
||||
# external_deps
|
||||
.PATH: $(SRCTOP)/crypto/libecc/src/external_deps
|
||||
SRCS+= print.c
|
||||
|
||||
CONFLICTS= -Dsha256_init=_libecc_sha256_init \
|
||||
-Dsha256_update=_libecc_sha256_update \
|
||||
-Dsha256_final=_libecc_sha256_final \
|
||||
-Dsha512_224_init=_libecc_sha512_224_init \
|
||||
-Dsha512_256_init=_libecc_sha512_256_init
|
||||
|
||||
CFLAGS= -I$(SRCTOP)/crypto/libecc/include \
|
||||
-ffreestanding \
|
||||
-fno-builtin \
|
||||
-DUSE_WARN_UNUSED_RET \
|
||||
-DWITH_STDLIB \
|
||||
$(CONFLICTS)
|
||||
|
||||
.include <bsd.lib.mk>
|
||||
22
secure/lib/libpkgecc/pkg_libecc_rand.c
Normal file
22
secure/lib/libpkgecc/pkg_libecc_rand.c
Normal file
|
|
@ -0,0 +1,22 @@
|
|||
/* SPDX-License-Identifier: Unlicense */
|
||||
#include <sys/types.h>
|
||||
#include <stdlib.h>
|
||||
|
||||
#include <libecc/external_deps/rand.h>
|
||||
|
||||
int
|
||||
get_random(unsigned char *buf, uint16_t len)
|
||||
{
|
||||
|
||||
/*
|
||||
* We need random numbers even in a sandbox, so we can't use
|
||||
* /dev/urandom as the external_deps version of get_random() does on
|
||||
* FreeBSD. arc4random_buf() is a better choice because it uses the
|
||||
* underlying getrandom(2) instead of needing to open a device handle.
|
||||
*
|
||||
* We don't have any guarantees that this won't open a device on other
|
||||
* platforms, but we also don't do any sandboxing on those platforms.
|
||||
*/
|
||||
arc4random_buf(buf, len);
|
||||
return 0;
|
||||
}
|
||||
|
|
@ -61,6 +61,7 @@ _INTERNALLIBS= \
|
|||
parse \
|
||||
pe \
|
||||
pfctl \
|
||||
pkgecc \
|
||||
pmcstat \
|
||||
sl \
|
||||
sm \
|
||||
|
|
@ -616,6 +617,9 @@ LIBBSNMPTOOLS?= ${LIBBSNMPTOOLSDIR}/libbsnmptools${PIE_SUFFIX}.a
|
|||
|
||||
LIBBE?= ${LIBBEDIR}/libbe${PIE_SUFFIX}.a
|
||||
|
||||
LIBPKGECCDIR= ${_LIB_OBJTOP}/secure/lib/libpkgecc
|
||||
LIBPKGECC?= ${LIBPKGECCDIR}/libpkgecc${PIE_SUFFIX}.a
|
||||
|
||||
LIBPMCSTATDIR= ${_LIB_OBJTOP}/lib/libpmcstat
|
||||
LIBPMCSTAT?= ${LIBPMCSTATDIR}/libpmcstat${PIE_SUFFIX}.a
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue