23 files changed, 384 insertions, 361 deletions
diff --git a/lib/libc/string/Makefile.inc b/lib/libc/string/Makefile.inc
index cc25c25..4efe764 100644
--- a/lib/libc/string/Makefile.inc
+++ b/lib/libc/string/Makefile.inc
@@ -6,7 +6,8 @@
 CFLAGS+= -I${.CURDIR}/locale
 
 # machine-independent string sources
-MISRCS+=bcmp.c bcopy.c bzero.c ffs.c ffsl.c ffsll.c fls.c flsl.c flsll.c \
+MISRCS+=bcmp.c bcopy.c bzero.c explicit_bzero.c \
+	ffs.c ffsl.c ffsll.c fls.c flsl.c flsll.c \
 	memccpy.c memchr.c memrchr.c memcmp.c \
 	memcpy.c memmem.c memmove.c memset.c \
 	stpcpy.c stpncpy.c strcasecmp.c \
diff --git a/lib/libc/string/Symbol.map b/lib/libc/string/Symbol.map
index 8e80165..c876e76 100644
--- a/lib/libc/string/Symbol.map
+++ b/lib/libc/string/Symbol.map
@@ -92,6 +92,7 @@ FBSD_1.1 {
 };
 
 FBSD_1.3 {
+	explicit_bzero;
 	strcasecmp_l;
 	strcasestr_l;
 	strchrnul;
diff --git a/lib/libc/string/bzero.3 b/lib/libc/string/bzero.3
index 029644a..ea572be 100644
--- a/lib/libc/string/bzero.3
+++ b/lib/libc/string/bzero.3
@@ -35,7 +35,8 @@
 .Dt BZERO 3
 .Os
 .Sh NAME
-.Nm bzero
+.Nm bzero ,
+.Nm explicit_bzero
 .Nd write zeroes to a byte string
 .Sh LIBRARY
 .Lb libc
@@ -43,6 +44,8 @@
 .In strings.h
 .Ft void
 .Fn bzero "void *b" "size_t len"
+.Ft void
+.Fn explicit_bzero "void *b" "size_t len"
 .Sh DESCRIPTION
 The
 .Fn bzero
@@ -56,6 +59,12 @@ If
 is zero,
 .Fn bzero
 does nothing.
+.Pp
+The
+.Fn explicit_bzero
+variant behaves the same, but will not be removed by a compiler's dead store
+optimization pass, making it useful for clearing sensitive memory such as a
+password.
 .Sh SEE ALSO
 .Xr memset 3 ,
 .Xr swab 3
@@ -72,3 +81,10 @@ before it was moved to
 for
 .St -p1003.1-2001
 compliance.
+.Pp
+The
+.Fn explicit_bzero
+function first appeared in
+.Ox 5.5
+and
+.Fx 11.0 .
diff --git a/lib/libc/string/explicit_bzero.c b/lib/libc/string/explicit_bzero.c
new file mode 100644
index 0000000..a7811b0
--- /dev/null
+++ b/lib/libc/string/explicit_bzero.c
@@ -0,0 +1,22 @@
+/*	$OpenBSD: explicit_bzero.c,v 1.3 2014/06/21 02:34:26 matthew Exp $ */
+/*
+ * Public domain.
+ * Written by Matthew Dempsky.
+ */
+
+#include <sys/cdefs.h>
+__FBSDID("$FreeBSD$");
+
+#include <string.h>
+
+__attribute__((weak)) void
+__explicit_bzero_hook(void *buf, size_t len)
+{
+}
+
+void
+explicit_bzero(void *buf, size_t len)
+{
+	memset(buf, 0, len);
+	__explicit_bzero_hook(buf, len);
+}
diff --git a/lib/libcrypt/Makefile b/lib/libcrypt/Makefile
index 798b4b6..aca24d8 100644
--- a/lib/libcrypt/Makefile
+++ b/lib/libcrypt/Makefile
@@ -9,7 +9,7 @@ SHLIBDIR?=	/lib
 SHLIB_MAJOR=	5
 LIB=		crypt
 
-.PATH:		${.CURDIR}/../libmd
+.PATH:		${.CURDIR}/../libmd ${.CURDIR}/../../sys/crypto/sha2
 SRCS=		crypt.c misc.c \
 		crypt-md5.c md5c.c \
 		crypt-nthash.c md4c.c \
diff --git a/lib/libipsec/pfkey_dump.c b/lib/libipsec/pfkey_dump.c
index 068ad0e..872aa43 100644
--- a/lib/libipsec/pfkey_dump.c
+++ b/lib/libipsec/pfkey_dump.c
@@ -187,6 +187,9 @@ static struct val2str str_alg_enc[] = {
 #ifdef SADB_X_EALG_AESCTR
 	{ SADB_X_EALG_AESCTR, "aes-ctr", },
 #endif
+#ifdef SADB_X_EALG_AESGCM16
+	{ SADB_X_EALG_AESGCM16, "aes-gcm-16", },
+#endif
 #ifdef SADB_X_EALG_CAMELLIACBC
 	{ SADB_X_EALG_CAMELLIACBC, "camellia-cbc", },
 #endif
diff --git a/lib/libmd/Makefile b/lib/libmd/Makefile
index d0fe705..c1f6eb9 100644
--- a/lib/libmd/Makefile
+++ b/lib/libmd/Makefile
@@ -42,8 +42,15 @@ CLEANFILES+=	md[245]hl.c md[245].ref md[245].3 mddriver \
 		sha0.ref sha0hl.c sha1.ref sha1hl.c shadriver \
 		sha256.ref sha256hl.c sha512.ref sha512hl.c
 
-CFLAGS+= -I${.CURDIR}
-.PATH: ${.CURDIR}/${MACHINE_ARCH}
+# Define WEAK_REFS to provide weak aliases for libmd symbols
+#
+# Note that the same sources are also used internally by libcrypt,
+# in which case:
+#   * macros are used to rename symbols to libcrypt internal names
+#   * no weak aliases are generated
+CFLAGS+= -I${.CURDIR} -I${.CURDIR}/../../sys/crypto/sha2
+CFLAGS+= -DWEAK_REFS
+.PATH: ${.CURDIR}/${MACHINE_ARCH} ${.CURDIR}/../../sys/crypto/sha2
 
 .if exists(${MACHINE_ARCH}/sha.S)
 SRCS+=	sha.S
diff --git a/lib/libmd/md4.h b/lib/libmd/md4.h
index 4773513..086a27b 100644
--- a/lib/libmd/md4.h
+++ b/lib/libmd/md4.h
@@ -35,6 +35,34 @@ typedef struct MD4Context {
 #include <sys/cdefs.h>
 
 __BEGIN_DECLS
+
+/* Ensure libmd symbols do not clash with libcrypto */
+
+#ifndef MD4Init
+#define MD4Init		_libmd_MD4Init
+#endif
+#ifndef MD4Update
+#define MD4Update	_libmd_MD4Update
+#endif
+#ifndef MD4Pad
+#define MD4Pad		_libmd_MD4Pad
+#endif
+#ifndef MD4Final
+#define MD4Final	_libmd_MD4Final
+#endif
+#ifndef MD4End
+#define MD4End		_libmd_MD4End
+#endif
+#ifndef MD4File
+#define MD4File		_libmd_MD4File
+#endif
+#ifndef MD4FileChunk
+#define MD4FileChunk	_libmd_MD4FileChunk
+#endif
+#ifndef MD4Data
+#define MD4Data		_libmd_MD4Data
+#endif
+
 void   MD4Init(MD4_CTX *);
 void   MD4Update(MD4_CTX *, const void *, unsigned int);
 void   MD4Pad(MD4_CTX *);
diff --git a/lib/libmd/md4c.c b/lib/libmd/md4c.c
index 1211a98..de1a7b4a 100644
--- a/lib/libmd/md4c.c
+++ b/lib/libmd/md4c.c
@@ -290,3 +290,18 @@ unsigned int len;
     output[i] = ((UINT4)input[j]) | (((UINT4)input[j+1]) << 8) |
       (((UINT4)input[j+2]) << 16) | (((UINT4)input[j+3]) << 24);
 }
+
+#ifdef WEAK_REFS
+/* When building libmd, provide weak references. Note: this is not
+   activated in the context of compiling these sources for internal
+   use in libcrypt.
+ */
+#undef MD4Init
+__weak_reference(_libmd_MD4Init, MD4Init);
+#undef MD4Update
+__weak_reference(_libmd_MD4Update, MD4Update);
+#undef MD4Pad
+__weak_reference(_libmd_MD4Pad, MD4Pad);
+#undef MD4Final
+__weak_reference(_libmd_MD4Final, MD4Final);
+#endif
diff --git a/lib/libmd/md5.h b/lib/libmd/md5.h
index 803a88f..5ab3b14 100644
--- a/lib/libmd/md5.h
+++ b/lib/libmd/md5.h
@@ -1,4 +1,41 @@
+/* $FreeBSD$ */
+
 #ifndef _MD5_H_
 #define _MD5_H_
+
+#ifndef _KERNEL
+
+/* Ensure libmd symbols do not clash with libcrypto */
+
+#ifndef MD5Init
+#define MD5Init		_libmd_MD5Init
+#endif
+#ifndef MD5Update
+#define MD5Update	_libmd_MD5Update
+#endif
+#ifndef MD5Pad
+#define MD5Pad		_libmd_MD5Pad
+#endif
+#ifndef MD5Final
+#define MD5Final	_libmd_MD5Final
+#endif
+#ifndef MD5Transform
+#define MD5Transform	_libmd_MD5Transform
+#endif
+#ifndef MD5End
+#define MD5End		_libmd_MD5End
+#endif
+#ifndef MD5File
+#define MD5File		_libmd_MD5File
+#endif
+#ifndef MD5FileChunk
+#define MD5FileChunk	_libmd_MD5FileChunk
+#endif
+#ifndef MD5Data
+#define MD5Data		_libmd_MD5Data
+#endif
+
+#endif
+
 #include <sys/md5.h>
 #endif /* _MD5_H_ */
diff --git a/lib/libmd/md5c.c b/lib/libmd/md5c.c
index d097390..6b50464 100644
--- a/lib/libmd/md5c.c
+++ b/lib/libmd/md5c.c
@@ -39,7 +39,7 @@ __FBSDID("$FreeBSD$");
 
 #include <machine/endian.h>
 #include <sys/endian.h>
-#include <sys/md5.h>
+#include "md5.h"
 
 static void MD5Transform(u_int32_t [4], const unsigned char [64]);
 
@@ -335,3 +335,20 @@ MD5Transform (state, block)
 	/* Zeroize sensitive information. */
 	memset ((void *)x, 0, sizeof (x));
 }
+
+#ifdef WEAK_REFS
+/* When building libmd, provide weak references. Note: this is not
+   activated in the context of compiling these sources for internal
+   use in libcrypt.
+ */
+#undef MD5Init
+__weak_reference(_libmd_MD5Init, MD5Init);
+#undef MD5Update
+__weak_reference(_libmd_MD5Update, MD5Update);
+#undef MD5Pad
+__weak_reference(_libmd_MD5Pad, MD5Pad);
+#undef MD5Final
+__weak_reference(_libmd_MD5Final, MD5Final);
+#undef MD5Transform
+__weak_reference(_libmd_MD5Transform, MD5Transform);
+#endif
diff --git a/lib/libmd/mdXhl.c b/lib/libmd/mdXhl.c
index 2954548..62be235 100644
--- a/lib/libmd/mdXhl.c
+++ b/lib/libmd/mdXhl.c
@@ -96,3 +96,18 @@ MDXData (const void *data, unsigned int len, char *buf)
 	MDXUpdate(&ctx,data,len);
 	return (MDXEnd(&ctx, buf));
 }
+
+#ifdef WEAK_REFS
+/* When building libmd, provide weak references. Note: this is not
+   activated in the context of compiling these sources for internal
+   use in libcrypt.
+ */
+#undef MDXEnd
+__weak_reference(_libmd_MDXEnd, MDXEnd);
+#undef MDXFile
+__weak_reference(_libmd_MDXFile, MDXFile);
+#undef MDXFileChunk
+__weak_reference(_libmd_MDXFileChunk, MDXFileChunk);
+#undef MDXData
+__weak_reference(_libmd_MDXData, MDXData);
+#endif
diff --git a/lib/libmd/ripemd.h b/lib/libmd/ripemd.h
index 2ff35cc..778808f 100644
--- a/lib/libmd/ripemd.h
+++ b/lib/libmd/ripemd.h
@@ -81,6 +81,41 @@ typedef struct RIPEMD160state_st {
 } RIPEMD160_CTX;
 
 __BEGIN_DECLS
+
+/* Ensure libmd symbols do not clash with libcrypto */
+
+#ifndef RIPEMD160_Init
+#define RIPEMD160_Init		_libmd_RIPEMD160_Init
+#endif
+#ifndef RIPEMD160_Update
+#define RIPEMD160_Update	_libmd_RIPEMD160_Update
+#endif
+#ifndef RIPEMD160_Final
+#define RIPEMD160_Final		_libmd_RIPEMD160_Final
+#endif
+#ifndef RIPEMD160_End
+#define RIPEMD160_End		_libmd_RIPEMD160_End
+#endif
+#ifndef RIPEMD160_File
+#define RIPEMD160_File		_libmd_RIPEMD160_File
+#endif
+#ifndef RIPEMD160_FileChunk
+#define RIPEMD160_FileChunk	_libmd_RIPEMD160_FileChunk
+#endif
+#ifndef RIPEMD160_Data
+#define RIPEMD160_Data		_libmd_RIPEMD160_Data
+#endif
+
+#ifndef RIPEMD160_Transform
+#define RIPEMD160_Transform	_libmd_RIPEMD160_Transform
+#endif
+#ifndef RMD160_version
+#define RMD160_version		_libmd_RMD160_version
+#endif
+#ifndef ripemd160_block
+#define ripemd160_block		_libmd_ripemd160_block
+#endif
+
 void	RIPEMD160_Init(RIPEMD160_CTX *c);
 void	RIPEMD160_Update(RIPEMD160_CTX *c, const void *data,
 			 size_t len);
diff --git a/lib/libmd/rmd160c.c b/lib/libmd/rmd160c.c
index e01f1e0..5a3b783 100644
--- a/lib/libmd/rmd160c.c
+++ b/lib/libmd/rmd160c.c
@@ -545,3 +545,22 @@ unsigned long *l;
 		}
 	}
 #endif
+
+#ifdef WEAK_REFS
+/* When building libmd, provide weak references. Note: this is not
+   activated in the context of compiling these sources for internal
+   use in libcrypt.
+ */
+#undef RIPEMD160_Init
+__weak_reference(_libmd_RIPEMD160_Init, RIPEMD160_Init);
+#undef RIPEMD160_Update
+__weak_reference(_libmd_RIPEMD160_Update, RIPEMD160_Update);
+#undef RIPEMD160_Final
+__weak_reference(_libmd_RIPEMD160_Final, RIPEMD160_Final);
+#undef RIPEMD160_Transform
+__weak_reference(_libmd_RIPEMD160_Transform, RIPEMD160_Transform);
+#undef RMD160_version
+__weak_reference(_libmd_RMD160_version, RMD160_version);
+#undef ripemd160_block
+__weak_reference(_libmd_ripemd160_block, ripemd160_block);
+#endif
diff --git a/lib/libmd/sha.h b/lib/libmd/sha.h
index 8a0b7c2..c608c5b 100644
--- a/lib/libmd/sha.h
+++ b/lib/libmd/sha.h
@@ -79,6 +79,73 @@ typedef struct SHAstate_st {
 #define	SHA1_CTX	SHA_CTX
 
 __BEGIN_DECLS
+
+/* Ensure libmd symbols do not clash with libcrypto */
+
+#ifndef SHA_Init
+#define SHA_Init	_libmd_SHA_Init
+#endif
+#ifndef SHA_Update
+#define SHA_Update	_libmd_SHA_Update
+#endif
+#ifndef SHA_Final
+#define SHA_Final	_libmd_SHA_Final
+#endif
+#ifndef SHA_End
+#define SHA_End		_libmd_SHA_End
+#endif
+#ifndef SHA_File
+#define SHA_File	_libmd_SHA_File
+#endif
+#ifndef SHA_FileChunk
+#define SHA_FileChunk	_libmd_SHA_FileChunk
+#endif
+#ifndef SHA_Data
+#define SHA_Data	_libmd_SHA_Data
+#endif
+
+#ifndef SHA_Transform
+#define SHA_Transform	_libmd_SHA_Transform
+#endif
+#ifndef SHA_version
+#define SHA_version	_libmd_SHA_version
+#endif
+#ifndef sha_block
+#define sha_block	_libmd_sha_block
+#endif
+
+#ifndef SHA1_Init
+#define SHA1_Init	_libmd_SHA1_Init
+#endif
+#ifndef SHA1_Update
+#define SHA1_Update	_libmd_SHA1_Update
+#endif
+#ifndef SHA1_Final
+#define SHA1_Final	_libmd_SHA1_Final
+#endif
+#ifndef SHA1_End
+#define SHA1_End	_libmd_SHA1_End
+#endif
+#ifndef SHA1_File
+#define SHA1_File	_libmd_SHA1_File
+#endif
+#ifndef SHA1_FileChunk
+#define SHA1_FileChunk	_libmd_SHA1_FileChunk
+#endif
+#ifndef SHA1_Data
+#define SHA1_Data	_libmd_SHA1_Data
+#endif
+
+#ifndef SHA1_Transform
+#define SHA1_Transform	_libmd_SHA1_Transform
+#endif
+#ifndef SHA1_version
+#define SHA1_version	_libmd_SHA1_version
+#endif
+#ifndef sha1_block
+#define sha1_block	_libmd_sha1_block
+#endif
+
 void	SHA_Init(SHA_CTX *c);
 void	SHA_Update(SHA_CTX *c, const void *data, size_t len);
 void	SHA_Final(unsigned char *md, SHA_CTX *c);
@@ -86,6 +153,7 @@ char   *SHA_End(SHA_CTX *, char *);
 char   *SHA_File(const char *, char *);
 char   *SHA_FileChunk(const char *, char *, off_t, off_t);
 char   *SHA_Data(const void *, unsigned int, char *);
+
 void	SHA1_Init(SHA_CTX *c);
 void	SHA1_Update(SHA_CTX *c, const void *data, size_t len);
 void	SHA1_Final(unsigned char *md, SHA_CTX *c);
diff --git a/lib/libmd/sha1c.c b/lib/libmd/sha1c.c
index ba3278a..93a4ff3 100644
--- a/lib/libmd/sha1c.c
+++ b/lib/libmd/sha1c.c
@@ -488,3 +488,33 @@ SHA_CTX *c;
 /*	memset((char *)&c,0,sizeof(c));*/
 	}
 
+#ifdef WEAK_REFS
+/* When building libmd, provide weak references. Note: this is not
+   activated in the context of compiling these sources for internal
+   use in libcrypt.
+ */
+#undef SHA_Init
+__weak_reference(_libmd_SHA_Init, SHA_Init);
+#undef SHA_Update
+__weak_reference(_libmd_SHA_Update, SHA_Update);
+#undef SHA_Final
+__weak_reference(_libmd_SHA_Final, SHA_Final);
+#undef SHA_Transform
+__weak_reference(_libmd_SHA_Transform, SHA_Transform);
+#undef SHA_version
+__weak_reference(_libmd_SHA_version, SHA_version);
+#undef sha_block
+__weak_reference(_libmd_sha_block, sha_block);
+#undef SHA1_Init
+__weak_reference(_libmd_SHA1_Init, SHA1_Init);
+#undef SHA1_Update
+__weak_reference(_libmd_SHA1_Update, SHA1_Update);
+#undef SHA1_Final
+__weak_reference(_libmd_SHA1_Final, SHA1_Final);
+#undef SHA1_Transform
+__weak_reference(_libmd_SHA1_Transform, SHA1_Transform);
+#undef SHA1_version
+__weak_reference(_libmd_SHA1_version, SHA1_version);
+#undef sha1_block
+__weak_reference(_libmd_sha1_block, sha1_block);
+#endif
diff --git a/lib/libmd/sha256.h b/lib/libmd/sha256.h
deleted file mode 100644
index ce51787..0000000
--- a/lib/libmd/sha256.h
+++ /dev/null
@@ -1,50 +0,0 @@
-/*-
- * Copyright 2005 Colin Percival
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * $FreeBSD$
- */
-
-#ifndef _SHA256_H_
-#define _SHA256_H_
-
-#include <sys/types.h>
-
-typedef struct SHA256Context {
-	uint32_t state[8];
-	uint32_t count[2];
-	unsigned char buf[64];
-} SHA256_CTX;
-
-__BEGIN_DECLS
-void	SHA256_Init(SHA256_CTX *);
-void	SHA256_Update(SHA256_CTX *, const void *, size_t);
-void	SHA256_Final(unsigned char [32], SHA256_CTX *);
-char   *SHA256_End(SHA256_CTX *, char *);
-char   *SHA256_File(const char *, char *);
-char   *SHA256_FileChunk(const char *, char *, off_t, off_t);
-char   *SHA256_Data(const void *, unsigned int, char *);
-__END_DECLS
-
-#endif /* !_SHA256_H_ */
diff --git a/lib/libmd/sha256c.c b/lib/libmd/sha256c.c
deleted file mode 100644
index c95fd31..0000000
--- a/lib/libmd/sha256c.c
+++ /dev/null
@@ -1,300 +0,0 @@
-/*-
- * Copyright 2005 Colin Percival
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include <sys/cdefs.h>
-__FBSDID("$FreeBSD$");
-
-#include <sys/endian.h>
-#include <sys/types.h>
-
-#include <string.h>
-
-#include "sha256.h"
-
-#if BYTE_ORDER == BIG_ENDIAN
-
-/* Copy a vector of big-endian uint32_t into a vector of bytes */
-#define be32enc_vect(dst, src, len)	\
-	memcpy((void *)dst, (const void *)src, (size_t)len)
-
-/* Copy a vector of bytes into a vector of big-endian uint32_t */
-#define be32dec_vect(dst, src, len)	\
-	memcpy((void *)dst, (const void *)src, (size_t)len)
-
-#else /* BYTE_ORDER != BIG_ENDIAN */
-
-/*
- * Encode a length len/4 vector of (uint32_t) into a length len vector of
- * (unsigned char) in big-endian form.  Assumes len is a multiple of 4.
- */
-static void
-be32enc_vect(unsigned char *dst, const uint32_t *src, size_t len)
-{
-	size_t i;
-
-	for (i = 0; i < len / 4; i++)
-		be32enc(dst + i * 4, src[i]);
-}
-
-/*
- * Decode a big-endian length len vector of (unsigned char) into a length
- * len/4 vector of (uint32_t).  Assumes len is a multiple of 4.
- */
-static void
-be32dec_vect(uint32_t *dst, const unsigned char *src, size_t len)
-{
-	size_t i;
-
-	for (i = 0; i < len / 4; i++)
-		dst[i] = be32dec(src + i * 4);
-}
-
-#endif /* BYTE_ORDER != BIG_ENDIAN */
-
-/* Elementary functions used by SHA256 */
-#define Ch(x, y, z)	((x & (y ^ z)) ^ z)
-#define Maj(x, y, z)	((x & (y | z)) | (y & z))
-#define SHR(x, n)	(x >> n)
-#define ROTR(x, n)	((x >> n) | (x << (32 - n)))
-#define S0(x)		(ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22))
-#define S1(x)		(ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25))
-#define s0(x)		(ROTR(x, 7) ^ ROTR(x, 18) ^ SHR(x, 3))
-#define s1(x)		(ROTR(x, 17) ^ ROTR(x, 19) ^ SHR(x, 10))
-
-/* SHA256 round function */
-#define RND(a, b, c, d, e, f, g, h, k)			\
-	t0 = h + S1(e) + Ch(e, f, g) + k;		\
-	t1 = S0(a) + Maj(a, b, c);			\
-	d += t0;					\
-	h  = t0 + t1;
-
-/* Adjusted round function for rotating state */
-#define RNDr(S, W, i, k)			\
-	RND(S[(64 - i) % 8], S[(65 - i) % 8],	\
-	    S[(66 - i) % 8], S[(67 - i) % 8],	\
-	    S[(68 - i) % 8], S[(69 - i) % 8],	\
-	    S[(70 - i) % 8], S[(71 - i) % 8],	\
-	    W[i] + k)
-
-/*
- * SHA256 block compression function.  The 256-bit state is transformed via
- * the 512-bit input block to produce a new state.
- */
-static void
-SHA256_Transform(uint32_t * state, const unsigned char block[64])
-{
-	uint32_t W[64];
-	uint32_t S[8];
-	uint32_t t0, t1;
-	int i;
-
-	/* 1. Prepare message schedule W. */
-	be32dec_vect(W, block, 64);
-	for (i = 16; i < 64; i++)
-		W[i] = s1(W[i - 2]) + W[i - 7] + s0(W[i - 15]) + W[i - 16];
-
-	/* 2. Initialize working variables. */
-	memcpy(S, state, 32);
-
-	/* 3. Mix. */
-	RNDr(S, W, 0, 0x428a2f98);
-	RNDr(S, W, 1, 0x71374491);
-	RNDr(S, W, 2, 0xb5c0fbcf);
-	RNDr(S, W, 3, 0xe9b5dba5);
-	RNDr(S, W, 4, 0x3956c25b);
-	RNDr(S, W, 5, 0x59f111f1);
-	RNDr(S, W, 6, 0x923f82a4);
-	RNDr(S, W, 7, 0xab1c5ed5);
-	RNDr(S, W, 8, 0xd807aa98);
-	RNDr(S, W, 9, 0x12835b01);
-	RNDr(S, W, 10, 0x243185be);
-	RNDr(S, W, 11, 0x550c7dc3);
-	RNDr(S, W, 12, 0x72be5d74);
-	RNDr(S, W, 13, 0x80deb1fe);
-	RNDr(S, W, 14, 0x9bdc06a7);
-	RNDr(S, W, 15, 0xc19bf174);
-	RNDr(S, W, 16, 0xe49b69c1);
-	RNDr(S, W, 17, 0xefbe4786);
-	RNDr(S, W, 18, 0x0fc19dc6);
-	RNDr(S, W, 19, 0x240ca1cc);
-	RNDr(S, W, 20, 0x2de92c6f);
-	RNDr(S, W, 21, 0x4a7484aa);
-	RNDr(S, W, 22, 0x5cb0a9dc);
-	RNDr(S, W, 23, 0x76f988da);
-	RNDr(S, W, 24, 0x983e5152);
-	RNDr(S, W, 25, 0xa831c66d);
-	RNDr(S, W, 26, 0xb00327c8);
-	RNDr(S, W, 27, 0xbf597fc7);
-	RNDr(S, W, 28, 0xc6e00bf3);
-	RNDr(S, W, 29, 0xd5a79147);
-	RNDr(S, W, 30, 0x06ca6351);
-	RNDr(S, W, 31, 0x14292967);
-	RNDr(S, W, 32, 0x27b70a85);
-	RNDr(S, W, 33, 0x2e1b2138);
-	RNDr(S, W, 34, 0x4d2c6dfc);
-	RNDr(S, W, 35, 0x53380d13);
-	RNDr(S, W, 36, 0x650a7354);
-	RNDr(S, W, 37, 0x766a0abb);
-	RNDr(S, W, 38, 0x81c2c92e);
-	RNDr(S, W, 39, 0x92722c85);
-	RNDr(S, W, 40, 0xa2bfe8a1);
-	RNDr(S, W, 41, 0xa81a664b);
-	RNDr(S, W, 42, 0xc24b8b70);
-	RNDr(S, W, 43, 0xc76c51a3);
-	RNDr(S, W, 44, 0xd192e819);
-	RNDr(S, W, 45, 0xd6990624);
-	RNDr(S, W, 46, 0xf40e3585);
-	RNDr(S, W, 47, 0x106aa070);
-	RNDr(S, W, 48, 0x19a4c116);
-	RNDr(S, W, 49, 0x1e376c08);
-	RNDr(S, W, 50, 0x2748774c);
-	RNDr(S, W, 51, 0x34b0bcb5);
-	RNDr(S, W, 52, 0x391c0cb3);
-	RNDr(S, W, 53, 0x4ed8aa4a);
-	RNDr(S, W, 54, 0x5b9cca4f);
-	RNDr(S, W, 55, 0x682e6ff3);
-	RNDr(S, W, 56, 0x748f82ee);
-	RNDr(S, W, 57, 0x78a5636f);
-	RNDr(S, W, 58, 0x84c87814);
-	RNDr(S, W, 59, 0x8cc70208);
-	RNDr(S, W, 60, 0x90befffa);
-	RNDr(S, W, 61, 0xa4506ceb);
-	RNDr(S, W, 62, 0xbef9a3f7);
-	RNDr(S, W, 63, 0xc67178f2);
-
-	/* 4. Mix local working variables into global state */
-	for (i = 0; i < 8; i++)
-		state[i] += S[i];
-}
-
-static unsigned char PAD[64] = {
-	0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
-};
-
-/* Add padding and terminating bit-count. */
-static void
-SHA256_Pad(SHA256_CTX * ctx)
-{
-	unsigned char len[8];
-	uint32_t r, plen;
-
-	/*
-	 * Convert length to a vector of bytes -- we do this now rather
-	 * than later because the length will change after we pad.
-	 */
-	be32enc_vect(len, ctx->count, 8);
-
-	/* Add 1--64 bytes so that the resulting length is 56 mod 64 */
-	r = (ctx->count[1] >> 3) & 0x3f;
-	plen = (r < 56) ? (56 - r) : (120 - r);
-	SHA256_Update(ctx, PAD, (size_t)plen);
-
-	/* Add the terminating bit-count */
-	SHA256_Update(ctx, len, 8);
-}
-
-/* SHA-256 initialization.  Begins a SHA-256 operation. */
-void
-SHA256_Init(SHA256_CTX * ctx)
-{
-
-	/* Zero bits processed so far */
-	ctx->count[0] = ctx->count[1] = 0;
-
-	/* Magic initialization constants */
-	ctx->state[0] = 0x6A09E667;
-	ctx->state[1] = 0xBB67AE85;
-	ctx->state[2] = 0x3C6EF372;
-	ctx->state[3] = 0xA54FF53A;
-	ctx->state[4] = 0x510E527F;
-	ctx->state[5] = 0x9B05688C;
-	ctx->state[6] = 0x1F83D9AB;
-	ctx->state[7] = 0x5BE0CD19;
-}
-
-/* Add bytes into the hash */
-void
-SHA256_Update(SHA256_CTX * ctx, const void *in, size_t len)
-{
-	uint32_t bitlen[2];
-	uint32_t r;
-	const unsigned char *src = in;
-
-	/* Number of bytes left in the buffer from previous updates */
-	r = (ctx->count[1] >> 3) & 0x3f;
-
-	/* Convert the length into a number of bits */
-	bitlen[1] = ((uint32_t)len) << 3;
-	bitlen[0] = (uint32_t)(len >> 29);
-
-	/* Update number of bits */
-	if ((ctx->count[1] += bitlen[1]) < bitlen[1])
-		ctx->count[0]++;
-	ctx->count[0] += bitlen[0];
-
-	/* Handle the case where we don't need to perform any transforms */
-	if (len < 64 - r) {
-		memcpy(&ctx->buf[r], src, len);
-		return;
-	}
-
-	/* Finish the current block */
-	memcpy(&ctx->buf[r], src, 64 - r);
-	SHA256_Transform(ctx->state, ctx->buf);
-	src += 64 - r;
-	len -= 64 - r;
-
-	/* Perform complete blocks */
-	while (len >= 64) {
-		SHA256_Transform(ctx->state, src);
-		src += 64;
-		len -= 64;
-	}
-
-	/* Copy left over data into buffer */
-	memcpy(ctx->buf, src, len);
-}
-
-/*
- * SHA-256 finalization.  Pads the input data, exports the hash value,
- * and clears the context state.
- */
-void
-SHA256_Final(unsigned char digest[32], SHA256_CTX * ctx)
-{
-
-	/* Add padding */
-	SHA256_Pad(ctx);
-
-	/* Write the hash */
-	be32enc_vect(digest, ctx->state, 32);
-
-	/* Clear the context state */
-	memset((void *)ctx, 0, sizeof(*ctx));
-}
diff --git a/lib/libmd/sha512.h b/lib/libmd/sha512.h
index 8998f4c..b034ca5 100644
--- a/lib/libmd/sha512.h
+++ b/lib/libmd/sha512.h
@@ -38,6 +38,38 @@ typedef struct SHA512Context {
 } SHA512_CTX;
 
 __BEGIN_DECLS
+
+/* Ensure libmd symbols do not clash with libcrypto */
+
+#ifndef SHA512_Init
+#define SHA512_Init		_libmd_SHA512_Init
+#endif
+#ifndef SHA512_Update
+#define SHA512_Update		_libmd_SHA512_Update
+#endif
+#ifndef SHA512_Final
+#define SHA512_Final		_libmd_SHA512_Final
+#endif
+#ifndef SHA512_End
+#define SHA512_End		_libmd_SHA512_End
+#endif
+#ifndef SHA512_File
+#define SHA512_File		_libmd_SHA512_File
+#endif
+#ifndef SHA512_FileChunk
+#define SHA512_FileChunk	_libmd_SHA512_FileChunk
+#endif
+#ifndef SHA512_Data
+#define SHA512_Data		_libmd_SHA512_Data
+#endif
+
+#ifndef SHA512_Transform
+#define SHA512_Transform	_libmd_SHA512_Transform
+#endif
+#ifndef SHA512_version
+#define SHA512_version		_libmd_SHA512_version
+#endif
+
 void	SHA512_Init(SHA512_CTX *);
 void	SHA512_Update(SHA512_CTX *, const void *, size_t);
 void	SHA512_Final(unsigned char [64], SHA512_CTX *);
diff --git a/lib/libmd/sha512c.c b/lib/libmd/sha512c.c
index c2a93be..e5e52a8 100644
--- a/lib/libmd/sha512c.c
+++ b/lib/libmd/sha512c.c
@@ -318,3 +318,18 @@ SHA512_Final(unsigned char digest[64], SHA512_CTX * ctx)
 	/* Clear the context state */
 	memset((void *)ctx, 0, sizeof(*ctx));
 }
+
+#ifdef WEAK_REFS
+/* When building libmd, provide weak references. Note: this is not
+   activated in the context of compiling these sources for internal
+   use in libcrypt.
+ */
+#undef SHA512_Init
+__weak_reference(_libmd_SHA512_Init, SHA512_Init);
+#undef SHA512_Update
+__weak_reference(_libmd_SHA512_Update, SHA512_Update);
+#undef SHA512_Final
+__weak_reference(_libmd_SHA512_Final, SHA512_Final);
+#undef SHA512_Transform
+__weak_reference(_libmd_SHA512_Transform, SHA512_Transform);
+#endif
diff --git a/lib/libmd/shadriver.c b/lib/libmd/shadriver.c
index adaf684..29a3cf0 100644
--- a/lib/libmd/shadriver.c
+++ b/lib/libmd/shadriver.c
@@ -31,10 +31,13 @@ __FBSDID("$FreeBSD$");
 #endif
 
 #if SHA == 1
+#undef SHA_Data
 #define SHA_Data SHA1_Data
 #elif SHA == 256
+#undef SHA_Data
 #define SHA_Data SHA256_Data
 #elif SHA == 512
+#undef SHA_Data
 #define SHA_Data SHA512_Data
 #endif
 
diff --git a/lib/libutil/gr_util.c b/lib/libutil/gr_util.c
index 80d9ee6..1acbadb 100644
--- a/lib/libutil/gr_util.c
+++ b/lib/libutil/gr_util.c
@@ -141,13 +141,13 @@ gr_tmp(int mfd)
 		errno = ENAMETOOLONG;
 		return (-1);
 	}
-	if ((tfd = mkostemp(tempname, O_SYNC)) == -1)
+	if ((tfd = mkstemp(tempname)) == -1)
 		return (-1);
 	if (mfd != -1) {
 		while ((nr = read(mfd, buf, sizeof(buf))) > 0)
 			if (write(tfd, buf, (size_t)nr) != nr)
 				break;
-		if (nr != 0) {
+		if (nr != 0 || fsync(tfd) != 0) {
 			unlink(tempname);
 			*tempname = '\0';
 			close(tfd);
@@ -305,6 +305,8 @@ gr_copy(int ffd, int tfd, const struct group *gr, struct group *old_gr)
  done:
 	if (line != NULL)
 		free(line);
+	if (fsync(tfd) != 0)
+		goto err;
 	return (0);
  err:
 	if (line != NULL)
diff --git a/lib/libutil/pw_util.c b/lib/libutil/pw_util.c
index af749d5..b369035 100644
--- a/lib/libutil/pw_util.c
+++ b/lib/libutil/pw_util.c
@@ -226,13 +226,13 @@ pw_tmp(int mfd)
 		errno = ENAMETOOLONG;
 		return (-1);
 	}
-	if ((tfd = mkostemp(tempname, O_SYNC)) == -1)
+	if ((tfd = mkstemp(tempname)) == -1)
 		return (-1);
 	if (mfd != -1) {
 		while ((nr = read(mfd, buf, sizeof(buf))) > 0)
 			if (write(tfd, buf, (size_t)nr) != nr)
 				break;
-		if (nr != 0) {
+		if (nr != 0 || fsync(tfd) != 0) {
 			unlink(tempname);
 			*tempname = '\0';
 			close(tfd);
@@ -289,7 +289,7 @@ pw_edit(int notsetuid)
 	sigset_t oldsigset, nsigset;
 	struct stat st1, st2;
 	const char *editor;
-	int pstat;
+	int pstat, fd;
 
 	if ((editor = getenv("EDITOR")) == NULL)
 		editor = _PATH_VI;
@@ -344,6 +344,11 @@ pw_edit(int notsetuid)
 	sigprocmask(SIG_SETMASK, &oldsigset, NULL);
 	if (stat(tempname, &st2) == -1)
 		return (-1);
+	if ((fd = open(tempname, O_RDONLY)) == -1 || fsync(fd) == -1) {
+		close(fd);
+		return (-1);
+	}
+	close(fd);
 	return (st1.st_mtim.tv_sec != st2.st_mtim.tv_sec ||
 	    st1.st_mtim.tv_nsec != st2.st_mtim.tv_nsec);
 }
@@ -570,6 +575,8 @@ pw_copy(int ffd, int tfd, const struct passwd *pw, struct passwd *old_pw)
  done:
 	if (line != NULL)
 		free(line);
+	if (fsync(tfd) != 0)
+		goto err;
 	return (0);
  err:
 	if (line != NULL)