From eb3e8383b5a3ed95ddf04605c48818bfb995bf51 Mon Sep 17 00:00:00 2001
From: christos <christos@NetBSD.org>
Date: Wed, 29 Jun 2016 21:40:20 +0000
Subject: [PATCH] use sha1 from libc

---
 usr.sbin/npf/npfctl/npfctl.c | 22 ++++++++++++++++------
 1 file changed, 16 insertions(+), 6 deletions(-)

diff --git a/usr.sbin/npf/npfctl/npfctl.c b/usr.sbin/npf/npfctl/npfctl.c
index 2d9668acfe17..88bd5108c6ed 100644
--- a/usr.sbin/npf/npfctl/npfctl.c
+++ b/usr.sbin/npf/npfctl/npfctl.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: npfctl.c,v 1.46 2015/01/04 20:02:15 christos Exp $	*/
+/*	$NetBSD: npfctl.c,v 1.47 2016/06/29 21:40:20 christos Exp $	*/
 
 /*-
  * Copyright (c) 2009-2014 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
  */
 
 #include <sys/cdefs.h>
-__RCSID("$NetBSD: npfctl.c,v 1.46 2015/01/04 20:02:15 christos Exp $");
+__RCSID("$NetBSD: npfctl.c,v 1.47 2016/06/29 21:40:20 christos Exp $");
 
 #include <sys/ioctl.h>
 #include <sys/stat.h>
@@ -44,8 +44,7 @@ __RCSID("$NetBSD: npfctl.c,v 1.46 2015/01/04 20:02:15 christos Exp $");
 #include <fcntl.h>
 #include <unistd.h>
 #include <errno.h>
-
-#include <openssl/sha.h>
+#include <sha1.h>
 
 #include "npfctl.h"
 
@@ -385,6 +384,17 @@ npfctl_parse_rule(int argc, char **argv)
 	return rl;
 }
 
+static void
+SHA1(const uint8_t *d, unsigned int n, uint8_t *md)
+{
+    SHA1_CTX c;
+
+    SHA1Init(&c);
+    SHA1Update(&c, d, n);
+    SHA1Final(md, &c);
+    memset(&c, 0, sizeof(c));
+}
+
 static void
 npfctl_generate_key(nl_rule_t *rl, void *key)
 {
@@ -394,9 +404,9 @@ npfctl_generate_key(nl_rule_t *rl, void *key)
 	if ((meta = npf_rule_export(rl, &len)) == NULL) {
 		errx(EXIT_FAILURE, "error generating rule key");
 	}
-	__CTASSERT(NPF_RULE_MAXKEYLEN >= SHA_DIGEST_LENGTH);
+	__CTASSERT(NPF_RULE_MAXKEYLEN >= SHA1_DIGEST_LENGTH);
 	memset(key, 0, NPF_RULE_MAXKEYLEN);
-	SHA1(meta, len, key);
+	SHA1(meta, (unsigned int)len, key);
 	free(meta);
 }