signify contains some substantial duplication of existing libc code,
picked up via nacl. we can provide a thin api wrapper around our own
code to make it smaller.
this only affects signify for now, not ssh.
Index: Makefile
===================================================================
RCS file: /cvs/src/usr.bin/signify/Makefile,v
retrieving revision 1.1
diff -u -p -r1.1 Makefile
--- Makefile 31 Dec 2013 03:03:32 -0000 1.1
+++ Makefile 30 Dec 2013 20:44:39 -0000
@@ -5,7 +5,7 @@ CPPFLAGS += -I${.CURDIR}/../ssh
SRCS= signify.c
SRCS+= ed25519.c fe25519.c ge25519.c sc25519.c smult_curve25519_ref.c
-SRCS+= blocks.c hash.c verify.c
+SRCS+= crypto_api.c
PROG= signify
Index: crypto_api.c
===================================================================
RCS file: crypto_api.c
diff -N crypto_api.c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ crypto_api.c 30 Dec 2013 20:45:31 -0000
@@ -0,0 +1,26 @@
+/*
+ * Public domain. Author: Ted Unangst <t...@openbsd.org>
+ * API compatible reimplementation of functions from nacl
+ */
+#include <sys/types.h>
+
+#include <string.h>
+#include <sha2.h>
+
+int
+crypto_hash_sha512(unsigned char *out, const unsigned char *in,
+ unsigned long long inlen)
+{
+ SHA2_CTX ctx;
+
+ SHA512Init(&ctx);
+ SHA512Update(&ctx, in, inlen);
+ SHA512Final(out, &ctx);
+ return 0;
+}
+
+int
+crypto_verify_32(const unsigned char *x, const unsigned char *y)
+{
+ return timingsafe_bcmp(x, y, 32) ? -1 : 0;
+}
