libcrypto: Fix buffer overrun in truncated SHA-512 functions.

Further fallout from the libc/openssl sha2 symbol collision.

PR lib/58039

crypto/external/bsd/openssl/dist/crypto/evp/legacy_sha.c

@@ -49,9 +49,9 @@ static int nm##_init(EVP_MD_CTX *ctx)                                          \
 #define sha512_256_Init    sha512_256_init
 
 #define sha512_224_Update  SHA512_Update
-#define sha512_224_Final   SHA512_Final
+#define sha512_224_Final   sha512_224_final /* XXX NetBSD libc sha2 */
 #define sha512_256_Update  SHA512_Update
-#define sha512_256_Final   SHA512_Final
+#define sha512_256_Final   sha512_256_final /* XXX NetBSD libc sha2 */
 
 IMPLEMENT_LEGACY_EVP_MD_METH(sha1, SHA1)
 IMPLEMENT_LEGACY_EVP_MD_METH(sha224, SHA224)

crypto/external/bsd/openssl/dist/include/crypto/sha.h

@@ -16,6 +16,8 @@
 
 int sha512_224_init(SHA512_CTX *);
 int sha512_256_init(SHA512_CTX *);
+int sha512_224_final(unsigned char *, SHA512_CTX *); /* XXX NetBSD libc sha2 */
+int sha512_256_final(unsigned char *, SHA512_CTX *); /* XXX NetBSD libc sha2 */
 int ossl_sha1_ctrl(SHA_CTX *ctx, int cmd, int mslen, void *ms);
 unsigned char *ossl_sha1(const unsigned char *d, size_t n, unsigned char *md);
 

crypto/external/bsd/openssl/dist/providers/implementations/digests/sha2_prov.c

@@ -86,10 +86,12 @@ IMPLEMENT_digest_functions(sha512, SHA512_CTX,
 /* ossl_sha512_224_functions */
 IMPLEMENT_digest_functions(sha512_224, SHA512_CTX,
                            SHA512_CBLOCK, SHA224_DIGEST_LENGTH, SHA2_FLAGS,
-                           sha512_224_init, SHA512_Update, SHA512_Final)
+                           sha512_224_init, SHA512_Update,
+                           /* XXX NetBSD libc sha2 */sha512_224_final)
 
 /* ossl_sha512_256_functions */
 IMPLEMENT_digest_functions(sha512_256, SHA512_CTX,
                            SHA512_CBLOCK, SHA256_DIGEST_LENGTH, SHA2_FLAGS,
-                           sha512_256_init, SHA512_Update, SHA512_Final)
+                           sha512_256_init, SHA512_Update,
+                           /* XXX NetBSD libc sha2 */sha512_256_final)
 

crypto/external/bsd/openssl/lib/libcrypto/libc-sha2xx.c

@@ -46,6 +46,20 @@ sha512_224_init(SHA512_CTX *context)
 
 }
 
+extern int
+sha512_224_final(unsigned char *md, SHA512_CTX *context);
+int
+sha512_224_final(unsigned char *md, SHA512_CTX *context)
+{
+	unsigned char tmp[64];
+
+	SHA512_Final(tmp, context);
+	memcpy(md, tmp, 28);
+	explicit_memset(tmp, 0, sizeof(tmp));
+	return 1;
+
+}
+
 extern int
 sha512_256_init(SHA512_CTX *context);
 int
@@ -61,3 +75,16 @@ sha512_256_init(SHA512_CTX *context)
 
 	return 1;
 }
+
+extern int
+sha512_256_final(unsigned char *md, SHA512_CTX *context);
+int
+sha512_256_final(unsigned char *md, SHA512_CTX *context)
+{
+	unsigned char tmp[64];
+
+	SHA512_Final(tmp, context);
+	memcpy(md, tmp, 32);
+	explicit_memset(tmp, 0, sizeof(tmp));
+	return 1;
+}

tests/crypto/libcrypto/t_sha512trunc.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: t_sha512trunc.c,v 1.1 2024/03/15 15:32:07 riastradh Exp $	*/
+/*	$NetBSD: t_sha512trunc.c,v 1.2 2024/03/15 18:10:37 riastradh Exp $	*/
 
 /*-
  * Copyright (c) 2024 The NetBSD Foundation, Inc.
@@ -27,7 +27,7 @@
  */
 
 #include <sys/cdefs.h>
-__RCSID("$NetBSD: t_sha512trunc.c,v 1.1 2024/03/15 15:32:07 riastradh Exp $");
+__RCSID("$NetBSD: t_sha512trunc.c,v 1.2 2024/03/15 18:10:37 riastradh Exp $");
 
 #include <stddef.h>
 
@@ -123,8 +123,6 @@ ATF_TC_BODY(sha512_224, tc)
 		},
 	};
 
-	atf_tc_expect_fail("PR lib/58039:"
-	    " Buffer overflow when writing a SHA512_224 or SHA512_256 digest");
 	check(C, __arraycount(C), 28, EVP_sha512_224());
 }
 
@@ -159,8 +157,6 @@ ATF_TC_BODY(sha512_256, tc)
 		},
 	};
 
-	atf_tc_expect_fail("PR lib/58039:"
-	    " Buffer overflow when writing a SHA512_224 or SHA512_256 digest");
 	check(C, __arraycount(C), 32, EVP_sha512_256());
 }