digest: add the BLAKE2b digest.

BLAKE2 is a further development of the SHA-3 finalist BLAKE by its original
authors that improves its performance. BLAKE2b is the variant optimized for
64-bit systems.

ok riastradh

10 files changed, 552 insertions, 10 deletions

diff --git a/pkgtools/digest/DESCR b/pkgtools/digest/DESCR
index 316f6a050fb..5a12ffacd74 100644
--- a/pkgtools/digest/DESCR
+++ b/pkgtools/digest/DESCR
@@ -8,5 +8,6 @@ This utility is a wrapper for the
 	+ sha512
 	+ tiger
 	+ whirlpool
+	+ blake2b
 
 message digest routines.
diff --git a/pkgtools/digest/files/DESCR b/pkgtools/digest/files/DESCR
index 3adfb61977e..24cbc837a19 100644
--- a/pkgtools/digest/files/DESCR
+++ b/pkgtools/digest/files/DESCR
@@ -1,2 +1,2 @@
 This utility is a wrapper for the md5(3), rmd160(3), and sha1, sha256,
-sha384 and sha512 routines.
+sha384, sha512, and blake2b routines.
diff --git a/pkgtools/digest/files/Makefile.in b/pkgtools/digest/files/Makefile.in
index cb11e762c5b..d843477f291 100644
--- a/pkgtools/digest/files/Makefile.in
+++ b/pkgtools/digest/files/Makefile.in
@@ -1,4 +1,4 @@
-# $Id: Makefile.in,v 1.6 2016/03/03 22:11:07 agc Exp $
+# $Id: Makefile.in,v 1.7 2018/10/06 14:32:45 nia Exp $
 
 @SET_MAKE@
 SHELL = @SHELL@
@@ -44,12 +44,12 @@ COMPILE= $(CC) $(DEFS) $(CPPFLAGS) $(CFLAGS)
 
 digest_OBJS = digest.o keccak.o md5c.o md5hl.o rmd160.o \
 rmd160hl.o sha1.o sha1hl.o sha2.o sha2hl.o sha3.o sha3hl.o \
-tiger.o whirlpool.o
+tiger.o whirlpool.o blake2b.o blake2b-hl.o
 
 SRCS= digest.c keccak.c md5c.c md5hl.c rmd160.c \
 rmd160hl.c sha1.c sha1hl.c sha2.c sha2hl.c sha3.c sha3hl.c \
-tiger.c whirlpool.c \
-md5.h rmd160.h sha1.h sha2.h sha3.h tiger.h whirlpool.h
+tiger.c whirlpool.c blake2b.c blake2b-hl.c \
+md5.h rmd160.h sha1.h sha2.h sha3.h tiger.h whirlpool.h blake2.h
 
 DISTFILES= $(SRCS) AUTHORS COPYING DESCR INSTALL Makefile.in NEWS aclocal.m4 \
 config.guess config.h.in config.sub configure configure.ac install-sh \
diff --git a/pkgtools/digest/files/README b/pkgtools/digest/files/README
index 2da2579e3b7..3d8d650195c 100644
--- a/pkgtools/digest/files/README
+++ b/pkgtools/digest/files/README
@@ -1,2 +1,2 @@
-The digest utility is a wrapper for the md5, sha1, sha256, sha384, sha512 and
-rmd160 message digest algorithms. It first appeared in NetBSD 1.6.
+The digest utility is a wrapper for the blake2b, md5, sha1, sha256, sha384,
+sha512 and rmd160 message digest algorithms. It first appeared in NetBSD 1.6.
diff --git a/pkgtools/digest/files/blake2b-hl.c b/pkgtools/digest/files/blake2b-hl.c
new file mode 100644
index 00000000000..fe47c04e7c7
--- /dev/null
+++ b/pkgtools/digest/files/blake2b-hl.c
@@ -0,0 +1,128 @@
+/* $NetBSD: blake2b-hl.c,v 1.1 2018/10/06 14:32:45 nia Exp $	*/
+
+/*
+ * blake2b-hl.c
+ * This code is derived from sha2hl.c, hence the following licence
+ * reproduction.
+ *
+ * This code is not a verbatim copy, since some routines have been added,
+ * and some bugs have been fixed.
+ *
+ * Version 1.0.0beta1
+ *
+ * Written by Aaron D. Gifford <me@aarongifford.com>
+ *
+ * Copyright 2000 Aaron D. Gifford.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the copyright holder nor the names of contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) AND CONTRIBUTOR(S) ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR(S) OR CONTRIBUTOR(S) BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ */
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#ifdef HAVE_ERRNO_H
+#include <errno.h>
+#endif
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+#include <assert.h>
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+#include "blake2b.h"
+
+static const char blake2_hex_digits[] = "0123456789abcdef";
+
+#ifndef MEMSET_BZERO
+#define MEMSET_BZERO(p,l)	memset((p), 0, (l))
+#endif
+
+#ifndef _DIAGASSERT
+#define _DIAGASSERT(cond)	assert(cond)
+#endif
+
+void
+BLAKE2b_Init(struct blake2b *ctx)
+{
+	blake2b_init(ctx, BLAKE2B_MAX_DIGEST, NULL, 0);
+}
+
+void
+BLAKE2b_Update(struct blake2b *ctx, const uint8_t *input, size_t len)
+{
+	blake2b_update(ctx, input, len);
+}
+
+char *
+BLAKE2b_File(char *filename, char *buf)
+{
+	unsigned char	buffer[BUFSIZ * 20];
+	struct blake2b	ctx;
+	int		fd, num, oerrno;
+
+	_DIAGASSERT(filename != NULL);
+	/* XXX: buf may be NULL ? */
+
+	BLAKE2b_Init(&ctx);
+
+	if ((fd = open(filename, O_RDONLY)) < 0)
+		return (0);
+
+	while ((num = read(fd, buffer, sizeof(buffer))) > 0)
+		blake2b_update(&ctx, buffer, (size_t) num);
+
+	oerrno = errno;
+	close(fd);
+	errno = oerrno;
+	BLAKE2b_End(&ctx, buf);
+	return (num < 0 ? 0 : buf);
+}
+
+char *
+BLAKE2b_End(struct blake2b *ctx, char buffer[])
+{
+	unsigned char digest[BLAKE2B_MAX_DIGEST], *d = digest;
+	unsigned char *ret;
+	int i;
+
+	assert(ctx != NULL);
+
+	if ((ret = buffer) != NULL) {
+		blake2b_final(ctx, digest);
+
+		for (i = 0; i < BLAKE2B_MAX_DIGEST; i++) {
+			*buffer++ = blake2_hex_digits[(*d & 0xf0) >> 4];
+			*buffer++ = blake2_hex_digits[*d & 0x0f];
+			d++;
+		}
+		*buffer = '\0';
+	} else {
+		(void)MEMSET_BZERO(ctx, sizeof(struct blake2b));
+	}
+	(void)MEMSET_BZERO(digest, BLAKE2B_MAX_DIGEST);
+	return ret;
+}
diff --git a/pkgtools/digest/files/blake2b.c b/pkgtools/digest/files/blake2b.c
new file mode 100644
index 00000000000..7d2fec41054
--- /dev/null
+++ b/pkgtools/digest/files/blake2b.c
@@ -0,0 +1,350 @@
+/*-
+ * Copyright (c) 2015 Taylor R. Campbell
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#define	_POSIX_C_SOURCE	200809L
+
+#include <assert.h>
+#include <stdint.h>
+#include <string.h>
+
+#include "blake2b.h"
+
+void *(*volatile blake2b_explicit_memset_impl)(void *, int, size_t) = &memset;
+static void *
+explicit_memset(void *buf, int c, size_t n)
+{
+
+	return (*blake2b_explicit_memset_impl)(buf, c, n);
+}
+
+static inline uint64_t
+rotr64(uint64_t x, unsigned c)
+{
+
+	return ((x >> c) | (x << (64 - c)));
+}
+
+static inline uint64_t
+le64dec(const void *buf)
+{
+	const uint8_t *p = buf;
+
+	return (((uint64_t)p[0]) |
+	    ((uint64_t)p[1] << 8) |
+	    ((uint64_t)p[2] << 16) |
+	    ((uint64_t)p[3] << 24) |
+	    ((uint64_t)p[4] << 32) |
+	    ((uint64_t)p[5] << 40) |
+	    ((uint64_t)p[6] << 48) |
+	    ((uint64_t)p[7] << 56));
+}
+
+static inline void
+le64enc(void *buf, uint64_t v)
+{
+	uint8_t *p = buf;
+
+	*p++ = v; v >>= 8;
+	*p++ = v; v >>= 8;
+	*p++ = v; v >>= 8;
+	*p++ = v; v >>= 8;
+	*p++ = v; v >>= 8;
+	*p++ = v; v >>= 8;
+	*p++ = v; v >>= 8;
+	*p++ = v;
+}
+
+#define	BLAKE2B_G(VA, VB, VC, VD, X, Y)	do				      \
+{									      \
+	(VA) = (VA) + (VB) + (X);					      \
+	(VD) = rotr64((VD) ^ (VA), 32);					      \
+	(VC) = (VC) + (VD);						      \
+	(VB) = rotr64((VB) ^ (VC), 24);					      \
+	(VA) = (VA) + (VB) + (Y);					      \
+	(VD) = rotr64((VD) ^ (VA), 16);					      \
+	(VC) = (VC) + (VD);						      \
+	(VB) = rotr64((VB) ^ (VC), 63);					      \
+} while (0)
+
+static const uint64_t blake2b_iv[8] = {
+	0x6a09e667f3bcc908ULL, 0xbb67ae8584caa73bULL,
+	0x3c6ef372fe94f82bULL, 0xa54ff53a5f1d36f1ULL,
+	0x510e527fade682d1ULL, 0x9b05688c2b3e6c1fULL,
+	0x1f83d9abfb41bd6bULL, 0x5be0cd19137e2179ULL,
+};
+
+static const uint8_t blake2b_sigma[12][16] = {
+	{  0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15 },
+	{ 14, 10,  4,  8,  9, 15, 13,  6,  1, 12,  0,  2, 11,  7,  5,  3 },
+	{ 11,  8, 12,  0,  5,  2, 15, 13, 10, 14,  3,  6,  7,  1,  9,  4 },
+	{  7,  9,  3,  1, 13, 12, 11, 14,  2,  6,  5, 10,  4,  0, 15,  8 },
+	{  9,  0,  5,  7,  2,  4, 10, 15, 14,  1, 11, 12,  6,  8,  3, 13 },
+	{  2, 12,  6, 10,  0, 11,  8,  3,  4, 13,  7,  5, 15, 14,  1,  9 },
+	{ 12,  5,  1, 15, 14, 13,  4, 10,  0,  7,  6,  3,  9,  2,  8, 11 },
+	{ 13, 11,  7, 14, 12,  1,  3,  9,  5,  0, 15,  4,  8,  6,  2, 10 },
+	{  6, 15, 14,  9, 11,  3,  0,  8, 12,  2, 13,  7,  1,  4, 10,  5 },
+	{ 10,  2,  8,  4,  7,  6,  1,  5, 15, 11,  9, 14,  3, 12, 13,  0 },
+	{  0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15 },
+	{ 14, 10,  4,  8,  9, 15, 13,  6,  1, 12,  0,  2, 11,  7,  5,  3 },
+};
+
+static void
+blake2b_compress(uint64_t h[8], uint64_t c, uint64_t last,
+    const uint8_t in[128])
+{
+	uint64_t v0,v1,v2,v3,v4,v5,v6,v7,v8,v9,v10,v11,v12,v13,v14,v15;
+	uint64_t m[16];
+	unsigned i;
+
+	/* Load the variables: first 8 from state, next 8 from IV.  */
+	v0 = h[0];
+	v1 = h[1];
+	v2 = h[2];
+	v3 = h[3];
+	v4 = h[4];
+	v5 = h[5];
+	v6 = h[6];
+	v7 = h[7];
+	v8 = blake2b_iv[0];
+	v9 = blake2b_iv[1];
+	v10 = blake2b_iv[2];
+	v11 = blake2b_iv[3];
+	v12 = blake2b_iv[4];
+	v13 = blake2b_iv[5];
+	v14 = blake2b_iv[6];
+	v15 = blake2b_iv[7];
+
+	/* Incorporate the block counter and whether this is last.  */
+	v12 ^= c;
+	v14 ^= last;
+
+	/* Load the message block.  */
+	for (i = 0; i < 16; i++)
+		m[i] = le64dec(in + 8*i);
+
+	/* Transform the variables.  */
+	for (i = 0; i < 12; i++) {
+		const uint8_t *sigma = blake2b_sigma[i];
+
+		BLAKE2B_G(v0, v4,  v8, v12, m[sigma[ 0]], m[sigma[ 1]]);
+		BLAKE2B_G(v1, v5,  v9, v13, m[sigma[ 2]], m[sigma[ 3]]);
+		BLAKE2B_G(v2, v6, v10, v14, m[sigma[ 4]], m[sigma[ 5]]);
+		BLAKE2B_G(v3, v7, v11, v15, m[sigma[ 6]], m[sigma[ 7]]);
+		BLAKE2B_G(v0, v5, v10, v15, m[sigma[ 8]], m[sigma[ 9]]);
+		BLAKE2B_G(v1, v6, v11, v12, m[sigma[10]], m[sigma[11]]);
+		BLAKE2B_G(v2, v7,  v8, v13, m[sigma[12]], m[sigma[13]]);
+		BLAKE2B_G(v3, v4,  v9, v14, m[sigma[14]], m[sigma[15]]);
+	}
+
+	/* Update the state.  */
+	h[0] ^= v0 ^ v8;
+	h[1] ^= v1 ^ v9;
+	h[2] ^= v2 ^ v10;
+	h[3] ^= v3 ^ v11;
+	h[4] ^= v4 ^ v12;
+	h[5] ^= v5 ^ v13;
+	h[6] ^= v6 ^ v14;
+	h[7] ^= v7 ^ v15;
+
+	(void)explicit_memset(m, 0, sizeof m);
+}
+
+void
+blake2b_init(struct blake2b *B, size_t dlen, const void *key, size_t keylen)
+{
+	uint64_t param0;
+	unsigned i;
+
+	assert(0 < dlen);
+	assert(dlen <= 64);
+	assert(keylen <= 64);
+
+	/* Record the digest length.  */
+	B->dlen = dlen;
+
+	/* Initialize the buffer.  */
+	B->nb = 0;
+
+	/* Initialize the state.  */
+	B->c = 0;
+	for (i = 0; i < 8; i++)
+		B->h[i] = blake2b_iv[i];
+
+	/*
+	 * Set the parameters.  We support only variable digest and key
+	 * lengths: no tree hashing, no salt, no personalization.
+	 */
+	param0 = 0;
+	param0 |= (uint64_t)dlen << 0;
+	param0 |= (uint64_t)keylen << 8;
+	param0 |= (uint64_t)1 << 16; /* tree fanout = 1 */
+	param0 |= (uint64_t)1 << 24; /* tree depth = 1 */
+	B->h[0] ^= param0;
+
+	/* If there's a key, compress it as the first message block.  */
+	if (keylen) {
+		static const uint8_t zero_block[128];
+
+		blake2b_update(B, key, keylen);
+		blake2b_update(B, zero_block, 128 - keylen);
+	}
+}
+
+void
+blake2b_update(struct blake2b *B, const void *buf, size_t len)
+{
+	const uint8_t *p = buf;
+	size_t n = len;
+
+	/* Check the current state of the buffer.  */
+	if (n <= 128u - B->nb) {
+		/* Can at most exactly fill the buffer.  */
+		(void)memcpy(&B->b[B->nb], p, n);
+		B->nb += n;
+		return;
+	} else if (0 < B->nb) {
+		/* Can fill the buffer and go on.  */
+		(void)memcpy(&B->b[B->nb], p, 128 - B->nb);
+		B->c += 128;
+		blake2b_compress(B->h, B->c, 0, B->b);
+		p += 128 - B->nb;
+		n -= 128 - B->nb;
+	}
+
+	/* At a block boundary.  Compress straight from the input.  */
+	while (128 < n) {
+		B->c += 128;
+		blake2b_compress(B->h, B->c, 0, p);
+		p += 128;
+		n -= 128;
+	}
+
+	/*
+	 * Put whatever's left in the buffer.  We may fill the buffer,
+	 * but we can't compress in that case until we know whether we
+	 * are compressing the last block or not.
+	 */
+	(void)memcpy(B->b, p, n);
+	B->nb = n;
+}
+
+void
+blake2b_final(struct blake2b *B, void *digest)
+{
+	uint8_t *d = digest;
+	unsigned dlen = B->dlen;
+	unsigned i;
+
+	/* Pad with zeros, and do the last compression.  */
+	B->c += B->nb;
+	for (i = B->nb; i < 128; i++)
+		B->b[i] = 0;
+	blake2b_compress(B->h, B->c, ~(uint64_t)0, B->b);
+
+	/* Reveal the first dlen/8 words of the state.  */
+	for (i = 0; i < dlen/8; i++)
+		le64enc(d + 8*i, B->h[i]);
+	d += 8*i;
+	dlen -= 8*i;
+
+	/* If the caller wants a partial word, reveal that too.  */
+	if (dlen) {
+		uint64_t hi = B->h[i];
+
+		do {
+			*d++ = hi;
+			hi >>= 8;
+		} while (--dlen);
+	}
+
+	/* Erase the state.  */
+	(void)explicit_memset(B, 0, sizeof B);
+}
+
+void
+blake2b(void *digest, size_t dlen, const void *key, size_t keylen,
+    const void *in, size_t inlen)
+{
+	struct blake2b ctx;
+
+	blake2b_init(&ctx, dlen, key, keylen);
+	blake2b_update(&ctx, in, inlen);
+	blake2b_final(&ctx, digest);
+}
+
+static void
+blake2_selftest_prng(void *buf, size_t len, uint32_t seed)
+{
+	uint8_t *p = buf;
+	size_t n = len;
+	uint32_t t, a, b;
+
+	a = 0xdead4bad * seed;
+	b = 1;
+
+	while (n--) {
+		t = a + b;
+		*p++ = t >> 24;
+		a = b;
+		b = t;
+	}
+}
+
+int
+blake2b_selftest(void)
+{
+	const uint8_t d0[32] = {
+		0xc2,0x3a,0x78,0x00,0xd9,0x81,0x23,0xbd,
+		0x10,0xf5,0x06,0xc6,0x1e,0x29,0xda,0x56,
+		0x03,0xd7,0x63,0xb8,0xbb,0xad,0x2e,0x73,
+		0x7f,0x5e,0x76,0x5a,0x7b,0xcc,0xd4,0x75,
+	};
+	const unsigned dlen[4] = { 20, 32, 48, 64 };
+	const unsigned mlen[6] = { 0, 3, 128, 129, 255, 1024 };
+	uint8_t m[1024], d[64], k[64];
+	struct blake2b ctx;
+	unsigned di, mi, i;
+
+	blake2b_init(&ctx, 32, NULL, 0);
+	for (di = 0; di < 4; di++) {
+		for (mi = 0; mi < 6; mi++) {
+			blake2_selftest_prng(m, mlen[mi], mlen[mi]);
+			blake2b(d, dlen[di], NULL, 0, m, mlen[mi]);
+			blake2b_update(&ctx, d, dlen[di]);
+
+			blake2_selftest_prng(k, dlen[di], dlen[di]);
+			blake2b(d, dlen[di], k, dlen[di], m, mlen[mi]);
+			blake2b_update(&ctx, d, dlen[di]);
+		}
+	}
+	blake2b_final(&ctx, d);
+	for (i = 0; i < 32; i++) {
+		if (d[i] != d0[i])
+			return -1;
+	}
+
+	return 0;
+}
diff --git a/pkgtools/digest/files/blake2b.h b/pkgtools/digest/files/blake2b.h
new file mode 100644
index 00000000000..749349d7dd1
--- /dev/null
+++ b/pkgtools/digest/files/blake2b.h
@@ -0,0 +1,55 @@
+/*-
+ * Copyright (c) 2015 Taylor R. Campbell
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef	BLAKE2B_H
+#define	BLAKE2B_H
+
+#include <stddef.h>
+#include <stdint.h>
+
+struct blake2b {
+	uint8_t		b[128];	/* 128-byte buffer */
+	uint64_t	h[8];	/* 64-byte state */
+	uint64_t	c;	/* 64-bit input byte counter */
+	uint8_t		nb;	/* number of bytes in buffer */
+	uint8_t		dlen;	/* digest length */
+};
+
+#define	BLAKE2B_MAX_DIGEST	64
+#define	BLAKE2B_MAX_KEY		64
+
+void	blake2b_init(struct blake2b *, size_t, const void *, size_t);
+void	blake2b_update(struct blake2b *, const void *, size_t);
+void	blake2b_final(struct blake2b *, void *);
+void	blake2b(void *, size_t, const void *, size_t, const void *, size_t);
+int	blake2b_selftest(void);
+
+void 	BLAKE2b_Init(struct blake2b *ctx);
+void	BLAKE2b_Update(struct blake2b *ctx, const uint8_t *, size_t);
+char 	*BLAKE2b_File(char *filename, char *buf);
+char 	*BLAKE2b_End(struct blake2b *ctx, char buffer[]);
+
+#endif	/* BLAKE2B_H */
diff --git a/pkgtools/digest/files/configure b/pkgtools/digest/files/configure
index 358c6ed8ae3..e1920fc1abb 100755
--- a/pkgtools/digest/files/configure
+++ b/pkgtools/digest/files/configure
@@ -580,7 +580,7 @@ MAKEFLAGS=
 # Identity of this package.
 PACKAGE_NAME='nbsd-digest'
 PACKAGE_TARNAME='nbsd-digest'
-PACKAGE_VERSION='20160304'
+PACKAGE_VERSION='20180917'
 PACKAGE_STRING='nbsd-digest 20160304'
 PACKAGE_BUGREPORT='agc@netbsd.org'
 PACKAGE_URL=''
diff --git a/pkgtools/digest/files/digest.1 b/pkgtools/digest/files/digest.1
index 50674f8c8bd..41e202c77d7 100644
--- a/pkgtools/digest/files/digest.1
+++ b/pkgtools/digest/files/digest.1
@@ -1,4 +1,4 @@
-.\" $NetBSD: digest.1,v 1.8 2016/03/03 22:11:07 agc Exp $
+.\" $NetBSD: digest.1,v 1.9 2018/10/06 14:32:45 nia Exp $
 .\"
 .\" Copyright (c) 2001-2016 Alistair Crooks <agc@NetBSD.org>
 .\" All rights reserved.
@@ -55,6 +55,10 @@ and exits successfully.
 .Pp
 The list of possible algorithms is:
 .Bl -tag -width SHA3_512xxx
+.It blake2b
+the
+blake2b
+algorithm will be used.
 .It md5
 the
 .Xr md5 3
diff --git a/pkgtools/digest/files/digest.c b/pkgtools/digest/files/digest.c
index c2ccf456172..f441f987bab 100644
--- a/pkgtools/digest/files/digest.c
+++ b/pkgtools/digest/files/digest.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: digest.c,v 1.16 2016/03/03 22:11:07 agc Exp $ */
+/*	$NetBSD: digest.c,v 1.17 2018/10/06 14:32:45 nia Exp $ */
 
 /*-
  * Copyright (c) 2001-2016 Alistair Crooks <agc@NetBSD.org>
@@ -34,6 +34,7 @@
 #ifdef HAVE_LOCALE_H
 #include <locale.h>
 #endif
+#include <blake2b.h>
 #include <md5.h>
 #include <rmd160.h>
 #include <sha1.h>
@@ -79,6 +80,9 @@ typedef struct alg_t {
 
 /* list of supported message digest algorithms */
 static alg_t algorithms[] = {
+	{ "BLAKE2B",	64,
+	  (HASH_init) BLAKE2b_Init,	(HASH_update) BLAKE2b_Update,
+	  (HASH_end) BLAKE2b_End,	(HASH_file) BLAKE2b_File },
 	{ "MD5",	16,
 	  (HASH_init) MD5Init,		(HASH_update) MD5Update,
 	  (HASH_end) MD5End,		(HASH_file) MD5File },