diff --git a/lib/libmd/Symbol.map b/lib/libmd/Symbol.map index 9ac73e5bb5fd..86523a5933a1 100644 --- a/lib/libmd/Symbol.map +++ b/lib/libmd/Symbol.map @@ -1,272 +1,261 @@ FBSD_1.7 { MD4Data; MD4End; MD4Fd; MD4FdChunk; MD4File; MD4FileChunk; MD4Final; MD4Init; MD4Pad; MD4Update; MD5Data; MD5End; MD5Fd; MD5FdChunk; MD5File; MD5FileChunk; MD5Final; MD5Init; - MD5Transform; MD5Update; RIPEMD160_Data; RIPEMD160_End; RIPEMD160_Fd; RIPEMD160_FdChunk; RIPEMD160_File; RIPEMD160_FileChunk; RIPEMD160_Final; RIPEMD160_Init; - RIPEMD160_Transform; RIPEMD160_Update; RMD160_version; SHA1_Data; SHA1_End; SHA1_Fd; SHA1_FdChunk; SHA1_File; SHA1_FileChunk; SHA1_Final; SHA1_Init; - SHA1_Transform; SHA1_Update; SHA1_version; SHA224_Data; SHA224_End; SHA224_Fd; SHA224_FdChunk; SHA224_File; SHA224_FileChunk; SHA224_Final; SHA224_Init; SHA224_Update; SHA256_Data; SHA256_End; SHA256_Fd; SHA256_FdChunk; SHA256_File; SHA256_FileChunk; SHA256_Final; SHA256_Init; - SHA256_Transform; SHA256_Update; SHA384_Data; SHA384_End; SHA384_Fd; SHA384_FdChunk; SHA384_File; SHA384_FileChunk; SHA384_Final; SHA384_Init; SHA384_Update; SHA512_224_Data; SHA512_224_End; SHA512_224_Fd; SHA512_224_FdChunk; SHA512_224_File; SHA512_224_FileChunk; SHA512_224_Final; SHA512_224_Init; SHA512_224_Update; SHA512_256_Data; SHA512_256_End; SHA512_256_Fd; SHA512_256_FdChunk; SHA512_256_File; SHA512_256_FileChunk; SHA512_256_Final; SHA512_256_Init; SHA512_256_Update; SHA512_Data; SHA512_End; SHA512_Fd; SHA512_FdChunk; SHA512_File; SHA512_FileChunk; SHA512_Final; SHA512_Init; - SHA512_Transform; SHA512_Update; SHA_Data; SHA_End; SHA_Fd; SHA_FdChunk; SHA_File; SHA_FileChunk; SKEIN1024_Data; SKEIN1024_End; SKEIN1024_Fd; SKEIN1024_FdChunk; SKEIN1024_File; SKEIN1024_FileChunk; SKEIN1024_Final; SKEIN1024_Init; SKEIN1024_Update; SKEIN256_Data; SKEIN256_End; SKEIN256_Fd; SKEIN256_FdChunk; SKEIN256_File; SKEIN256_FileChunk; SKEIN256_Final; SKEIN256_Init; SKEIN256_Update; SKEIN512_Data; SKEIN512_End; SKEIN512_Fd; SKEIN512_FdChunk; SKEIN512_File; SKEIN512_FileChunk; SKEIN512_Final; SKEIN512_Init; SKEIN512_Update; }; FBSDprivate_1.0 { _libmd_MD4Data; _libmd_MD4End; _libmd_MD4Fd; _libmd_MD4FdChunk; _libmd_MD4File; _libmd_MD4FileChunk; _libmd_MD4Final; _libmd_MD4Init; _libmd_MD4Pad; _libmd_MD4Update; _libmd_MD5Data; _libmd_MD5End; _libmd_MD5Fd; _libmd_MD5FdChunk; _libmd_MD5File; _libmd_MD5FileChunk; _libmd_MD5Final; _libmd_MD5Init; - _libmd_MD5Transform; _libmd_MD5Update; _libmd_RIPEMD160_Data; _libmd_RIPEMD160_End; _libmd_RIPEMD160_Fd; _libmd_RIPEMD160_FdChunk; _libmd_RIPEMD160_File; _libmd_RIPEMD160_FileChunk; _libmd_RIPEMD160_Final; _libmd_RIPEMD160_Init; - _libmd_RIPEMD160_Transform; _libmd_RIPEMD160_Update; _libmd_RMD160_version; _libmd_SHA1_Data; _libmd_SHA1_End; _libmd_SHA1_Fd; _libmd_SHA1_FdChunk; _libmd_SHA1_File; _libmd_SHA1_FileChunk; _libmd_SHA1_Final; _libmd_SHA1_Init; - _libmd_SHA1_Transform; _libmd_SHA1_Update; _libmd_SHA1_version; _libmd_SHA224_Data; _libmd_SHA224_End; _libmd_SHA224_Fd; _libmd_SHA224_FdChunk; _libmd_SHA224_File; _libmd_SHA224_FileChunk; _libmd_SHA224_Final; _libmd_SHA224_Init; _libmd_SHA224_Update; _libmd_SHA256_Data; _libmd_SHA256_End; _libmd_SHA256_Fd; _libmd_SHA256_FdChunk; _libmd_SHA256_File; _libmd_SHA256_FileChunk; _libmd_SHA256_Final; _libmd_SHA256_Init; - _libmd_SHA256_Transform; _libmd_SHA256_Update; _libmd_SHA384_Data; _libmd_SHA384_End; _libmd_SHA384_Fd; _libmd_SHA384_FdChunk; _libmd_SHA384_File; _libmd_SHA384_FileChunk; _libmd_SHA384_Final; _libmd_SHA384_Init; _libmd_SHA384_Update; _libmd_SHA512_224_Data; _libmd_SHA512_224_End; _libmd_SHA512_224_Fd; _libmd_SHA512_224_FdChunk; _libmd_SHA512_224_File; _libmd_SHA512_224_FileChunk; _libmd_SHA512_224_Final; _libmd_SHA512_224_Init; _libmd_SHA512_224_Update; _libmd_SHA512_256_Data; _libmd_SHA512_256_End; _libmd_SHA512_256_Fd; _libmd_SHA512_256_FdChunk; _libmd_SHA512_256_File; _libmd_SHA512_256_FileChunk; _libmd_SHA512_256_Final; _libmd_SHA512_256_Init; _libmd_SHA512_256_Update; _libmd_SHA512_Data; _libmd_SHA512_End; _libmd_SHA512_Fd; _libmd_SHA512_FdChunk; _libmd_SHA512_File; _libmd_SHA512_FileChunk; _libmd_SHA512_Final; _libmd_SHA512_Init; - _libmd_SHA512_Transform; _libmd_SHA512_Update; _libmd_SHA_Data; _libmd_SHA_End; _libmd_SHA_Fd; _libmd_SHA_FdChunk; _libmd_SHA_File; _libmd_SHA_FileChunk; _libmd_SHA_Final; _libmd_SHA_Init; - _libmd_SHA_Transform; _libmd_SHA_Update; _libmd_SHA_version; _libmd_SKEIN1024_Data; _libmd_SKEIN1024_End; _libmd_SKEIN1024_Fd; _libmd_SKEIN1024_FdChunk; _libmd_SKEIN1024_File; _libmd_SKEIN1024_FileChunk; _libmd_SKEIN1024_Final; _libmd_SKEIN1024_Init; _libmd_SKEIN1024_Update; _libmd_SKEIN256_Data; _libmd_SKEIN256_End; _libmd_SKEIN256_Fd; _libmd_SKEIN256_FdChunk; _libmd_SKEIN256_File; _libmd_SKEIN256_FileChunk; _libmd_SKEIN256_Final; _libmd_SKEIN256_Init; _libmd_SKEIN256_Update; _libmd_SKEIN512_Data; _libmd_SKEIN512_End; _libmd_SKEIN512_Fd; _libmd_SKEIN512_FdChunk; _libmd_SKEIN512_File; _libmd_SKEIN512_FileChunk; _libmd_SKEIN512_Final; _libmd_SKEIN512_Init; _libmd_SKEIN512_Update; }; diff --git a/lib/libmd/ripemd.h b/lib/libmd/ripemd.h index fa9f513ebfd8..7f82a54a5176 100644 --- a/lib/libmd/ripemd.h +++ b/lib/libmd/ripemd.h @@ -1,135 +1,132 @@ /* crypto/ripemd/ripemd.h */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * "This product includes cryptographic software written by * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the routines from the library * being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ /* */ #ifndef HEADER_RIPEMD_H #define HEADER_RIPEMD_H #include /* XXX switch to machine/ansi.h and __ types */ #define RIPEMD160_CBLOCK 64 #define RIPEMD160_LBLOCK 16 #define RIPEMD160_BLOCK 16 #define RIPEMD160_LAST_BLOCK 56 #define RIPEMD160_LENGTH_BLOCK 8 #define RIPEMD160_DIGEST_LENGTH 20 typedef struct RIPEMD160state_st { u_int32_t A,B,C,D,E; u_int32_t Nl,Nh; u_int32_t data[RIPEMD160_LBLOCK]; int num; } RIPEMD160_CTX; __BEGIN_DECLS /* Ensure libmd symbols do not clash with libcrypto */ #ifndef RIPEMD160_Init #define RIPEMD160_Init _libmd_RIPEMD160_Init #endif #ifndef RIPEMD160_Update #define RIPEMD160_Update _libmd_RIPEMD160_Update #endif #ifndef RIPEMD160_Final #define RIPEMD160_Final _libmd_RIPEMD160_Final #endif #ifndef RIPEMD160_End #define RIPEMD160_End _libmd_RIPEMD160_End #endif #ifndef RIPEMD160_Fd #define RIPEMD160_Fd _libmd_RIPEMD160_Fd #endif #ifndef RIPEMD160_FdChunk #define RIPEMD160_FdChunk _libmd_RIPEMD160_FdChunk #endif #ifndef RIPEMD160_File #define RIPEMD160_File _libmd_RIPEMD160_File #endif #ifndef RIPEMD160_FileChunk #define RIPEMD160_FileChunk _libmd_RIPEMD160_FileChunk #endif #ifndef RIPEMD160_Data #define RIPEMD160_Data _libmd_RIPEMD160_Data #endif -#ifndef RIPEMD160_Transform -#define RIPEMD160_Transform _libmd_RIPEMD160_Transform -#endif #ifndef RMD160_version #define RMD160_version _libmd_RMD160_version #endif #ifndef ripemd160_block #define ripemd160_block _libmd_ripemd160_block #endif void RIPEMD160_Init(RIPEMD160_CTX *c); void RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, size_t len); void RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c); char *RIPEMD160_End(RIPEMD160_CTX *, char *); char *RIPEMD160_Fd(int, char *); char *RIPEMD160_FdChunk(int, char *, off_t, off_t); char *RIPEMD160_File(const char *, char *); char *RIPEMD160_FileChunk(const char *, char *, off_t, off_t); char *RIPEMD160_Data(const void *, unsigned int, char *); __END_DECLS #endif diff --git a/lib/libmd/rmd160c.c b/lib/libmd/rmd160c.c index afc20545dd3d..5642a9a29a1c 100644 --- a/lib/libmd/rmd160c.c +++ b/lib/libmd/rmd160c.c @@ -1,547 +1,545 @@ /* crypto/ripemd/rmd_dgst.c */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * "This product includes cryptographic software written by * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the routines from the library * being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ #include #include #include #if 0 #include /* we use the __ variants of bit-sized types */ #endif #include #include "rmd_locl.h" /* * The assembly-language code is not position-independent, so don't * try to use it in a shared library. */ #ifdef PIC #undef RMD160_ASM #endif char *RMD160_version="RIPEMD160 part of SSLeay 0.9.0b 11-Oct-1998"; #ifdef RMD160_ASM void ripemd160_block_x86(RIPEMD160_CTX *c, const u_int32_t *p,int num); #define ripemd160_block ripemd160_block_x86 #else void ripemd160_block(RIPEMD160_CTX *c, const u_int32_t *p,int num); #endif void RIPEMD160_Init(RIPEMD160_CTX *c) { c->A=RIPEMD160_A; c->B=RIPEMD160_B; c->C=RIPEMD160_C; c->D=RIPEMD160_D; c->E=RIPEMD160_E; c->Nl=0; c->Nh=0; c->num=0; } void RIPEMD160_Update(RIPEMD160_CTX *c, const void *in, size_t len) { u_int32_t *p; int sw,sc; u_int32_t l; const unsigned char *data = in; if (len == 0) return; l=(c->Nl+(len<<3))&0xffffffffL; if (l < c->Nl) /* overflow */ c->Nh++; c->Nh+=(len>>29); c->Nl=l; if (c->num != 0) { p=c->data; sw=c->num>>2; sc=c->num&0x03; if ((c->num+len) >= RIPEMD160_CBLOCK) { l= p[sw]; p_c2l(data,l,sc); p[sw++]=l; for (; swnum); ripemd160_block(c,p,64); c->num=0; /* drop through and do the rest */ } else { int ew,ec; c->num+=(int)len; if ((sc+len) < 4) /* ugly, add char's to a word */ { l= p[sw]; p_c2l_p(data,l,sc,len); p[sw]=l; } else { ew=(c->num>>2); ec=(c->num&0x03); l= p[sw]; p_c2l(data,l,sc); p[sw++]=l; for (; sw < ew; sw++) { c2l(data,l); p[sw]=l; } if (ec) { c2l_p(data,l,ec); p[sw]=l; } } return; } } /* we now can process the input data in blocks of RIPEMD160_CBLOCK * chars and save the leftovers to c->data. */ #if BYTE_ORDER == LITTLE_ENDIAN if ((((unsigned long)data)%sizeof(u_int32_t)) == 0) { sw=(int)len/RIPEMD160_CBLOCK; if (sw > 0) { sw*=RIPEMD160_CBLOCK; ripemd160_block(c,(u_int32_t *)data,sw); data+=sw; len-=sw; } } #endif p=c->data; while (len >= RIPEMD160_CBLOCK) { #if BYTE_ORDER == LITTLE_ENDIAN || BYTE_ORDER == BIG_ENDIAN if (p != (u_int32_t *)data) memcpy(p,data,RIPEMD160_CBLOCK); data+=RIPEMD160_CBLOCK; #if BYTE_ORDER == BIG_ENDIAN for (sw=(RIPEMD160_LBLOCK/4); sw; sw--) { Endian_Reverse32(p[0]); Endian_Reverse32(p[1]); Endian_Reverse32(p[2]); Endian_Reverse32(p[3]); p+=4; } #endif #else for (sw=(RIPEMD160_LBLOCK/4); sw; sw--) { c2l(data,l); *(p++)=l; c2l(data,l); *(p++)=l; c2l(data,l); *(p++)=l; c2l(data,l); *(p++)=l; } #endif p=c->data; ripemd160_block(c,p,64); len-=RIPEMD160_CBLOCK; } sc=(int)len; c->num=sc; if (sc) { sw=sc>>2; /* words to copy */ #if BYTE_ORDER == LITTLE_ENDIAN p[sw]=0; memcpy(p,data,sc); #else sc&=0x03; for ( ; sw; sw--) { c2l(data,l); *(p++)=l; } c2l_p(data,l,sc); *p=l; #endif } } -void RIPEMD160_Transform(RIPEMD160_CTX *c, unsigned char *b) +static void RIPEMD160_Transform(RIPEMD160_CTX *c, unsigned char *b) { u_int32_t p[16]; #if BYTE_ORDER != LITTLE_ENDIAN u_int32_t *q; int i; #endif #if BYTE_ORDER == BIG_ENDIAN || BYTE_ORDER == LITTLE_ENDIAN memcpy(p,b,64); #if BYTE_ORDER == BIG_ENDIAN q=p; for (i=(RIPEMD160_LBLOCK/4); i; i--) { Endian_Reverse32(q[0]); Endian_Reverse32(q[1]); Endian_Reverse32(q[2]); Endian_Reverse32(q[3]); q+=4; } #endif #else q=p; for (i=(RIPEMD160_LBLOCK/4); i; i--) { u_int32_t l; c2l(b,l); *(q++)=l; c2l(b,l); *(q++)=l; c2l(b,l); *(q++)=l; c2l(b,l); *(q++)=l; } #endif ripemd160_block(c,p,64); } #ifndef RMD160_ASM void ripemd160_block(RIPEMD160_CTX *ctx, const u_int32_t *X, int num) { u_int32_t A,B,C,D,E; u_int32_t a,b,c,d,e; for (;;) { A=ctx->A; B=ctx->B; C=ctx->C; D=ctx->D; E=ctx->E; RIP1(A,B,C,D,E,WL00,SL00); RIP1(E,A,B,C,D,WL01,SL01); RIP1(D,E,A,B,C,WL02,SL02); RIP1(C,D,E,A,B,WL03,SL03); RIP1(B,C,D,E,A,WL04,SL04); RIP1(A,B,C,D,E,WL05,SL05); RIP1(E,A,B,C,D,WL06,SL06); RIP1(D,E,A,B,C,WL07,SL07); RIP1(C,D,E,A,B,WL08,SL08); RIP1(B,C,D,E,A,WL09,SL09); RIP1(A,B,C,D,E,WL10,SL10); RIP1(E,A,B,C,D,WL11,SL11); RIP1(D,E,A,B,C,WL12,SL12); RIP1(C,D,E,A,B,WL13,SL13); RIP1(B,C,D,E,A,WL14,SL14); RIP1(A,B,C,D,E,WL15,SL15); RIP2(E,A,B,C,D,WL16,SL16,KL1); RIP2(D,E,A,B,C,WL17,SL17,KL1); RIP2(C,D,E,A,B,WL18,SL18,KL1); RIP2(B,C,D,E,A,WL19,SL19,KL1); RIP2(A,B,C,D,E,WL20,SL20,KL1); RIP2(E,A,B,C,D,WL21,SL21,KL1); RIP2(D,E,A,B,C,WL22,SL22,KL1); RIP2(C,D,E,A,B,WL23,SL23,KL1); RIP2(B,C,D,E,A,WL24,SL24,KL1); RIP2(A,B,C,D,E,WL25,SL25,KL1); RIP2(E,A,B,C,D,WL26,SL26,KL1); RIP2(D,E,A,B,C,WL27,SL27,KL1); RIP2(C,D,E,A,B,WL28,SL28,KL1); RIP2(B,C,D,E,A,WL29,SL29,KL1); RIP2(A,B,C,D,E,WL30,SL30,KL1); RIP2(E,A,B,C,D,WL31,SL31,KL1); RIP3(D,E,A,B,C,WL32,SL32,KL2); RIP3(C,D,E,A,B,WL33,SL33,KL2); RIP3(B,C,D,E,A,WL34,SL34,KL2); RIP3(A,B,C,D,E,WL35,SL35,KL2); RIP3(E,A,B,C,D,WL36,SL36,KL2); RIP3(D,E,A,B,C,WL37,SL37,KL2); RIP3(C,D,E,A,B,WL38,SL38,KL2); RIP3(B,C,D,E,A,WL39,SL39,KL2); RIP3(A,B,C,D,E,WL40,SL40,KL2); RIP3(E,A,B,C,D,WL41,SL41,KL2); RIP3(D,E,A,B,C,WL42,SL42,KL2); RIP3(C,D,E,A,B,WL43,SL43,KL2); RIP3(B,C,D,E,A,WL44,SL44,KL2); RIP3(A,B,C,D,E,WL45,SL45,KL2); RIP3(E,A,B,C,D,WL46,SL46,KL2); RIP3(D,E,A,B,C,WL47,SL47,KL2); RIP4(C,D,E,A,B,WL48,SL48,KL3); RIP4(B,C,D,E,A,WL49,SL49,KL3); RIP4(A,B,C,D,E,WL50,SL50,KL3); RIP4(E,A,B,C,D,WL51,SL51,KL3); RIP4(D,E,A,B,C,WL52,SL52,KL3); RIP4(C,D,E,A,B,WL53,SL53,KL3); RIP4(B,C,D,E,A,WL54,SL54,KL3); RIP4(A,B,C,D,E,WL55,SL55,KL3); RIP4(E,A,B,C,D,WL56,SL56,KL3); RIP4(D,E,A,B,C,WL57,SL57,KL3); RIP4(C,D,E,A,B,WL58,SL58,KL3); RIP4(B,C,D,E,A,WL59,SL59,KL3); RIP4(A,B,C,D,E,WL60,SL60,KL3); RIP4(E,A,B,C,D,WL61,SL61,KL3); RIP4(D,E,A,B,C,WL62,SL62,KL3); RIP4(C,D,E,A,B,WL63,SL63,KL3); RIP5(B,C,D,E,A,WL64,SL64,KL4); RIP5(A,B,C,D,E,WL65,SL65,KL4); RIP5(E,A,B,C,D,WL66,SL66,KL4); RIP5(D,E,A,B,C,WL67,SL67,KL4); RIP5(C,D,E,A,B,WL68,SL68,KL4); RIP5(B,C,D,E,A,WL69,SL69,KL4); RIP5(A,B,C,D,E,WL70,SL70,KL4); RIP5(E,A,B,C,D,WL71,SL71,KL4); RIP5(D,E,A,B,C,WL72,SL72,KL4); RIP5(C,D,E,A,B,WL73,SL73,KL4); RIP5(B,C,D,E,A,WL74,SL74,KL4); RIP5(A,B,C,D,E,WL75,SL75,KL4); RIP5(E,A,B,C,D,WL76,SL76,KL4); RIP5(D,E,A,B,C,WL77,SL77,KL4); RIP5(C,D,E,A,B,WL78,SL78,KL4); RIP5(B,C,D,E,A,WL79,SL79,KL4); a=A; b=B; c=C; d=D; e=E; /* Do other half */ A=ctx->A; B=ctx->B; C=ctx->C; D=ctx->D; E=ctx->E; RIP5(A,B,C,D,E,WR00,SR00,KR0); RIP5(E,A,B,C,D,WR01,SR01,KR0); RIP5(D,E,A,B,C,WR02,SR02,KR0); RIP5(C,D,E,A,B,WR03,SR03,KR0); RIP5(B,C,D,E,A,WR04,SR04,KR0); RIP5(A,B,C,D,E,WR05,SR05,KR0); RIP5(E,A,B,C,D,WR06,SR06,KR0); RIP5(D,E,A,B,C,WR07,SR07,KR0); RIP5(C,D,E,A,B,WR08,SR08,KR0); RIP5(B,C,D,E,A,WR09,SR09,KR0); RIP5(A,B,C,D,E,WR10,SR10,KR0); RIP5(E,A,B,C,D,WR11,SR11,KR0); RIP5(D,E,A,B,C,WR12,SR12,KR0); RIP5(C,D,E,A,B,WR13,SR13,KR0); RIP5(B,C,D,E,A,WR14,SR14,KR0); RIP5(A,B,C,D,E,WR15,SR15,KR0); RIP4(E,A,B,C,D,WR16,SR16,KR1); RIP4(D,E,A,B,C,WR17,SR17,KR1); RIP4(C,D,E,A,B,WR18,SR18,KR1); RIP4(B,C,D,E,A,WR19,SR19,KR1); RIP4(A,B,C,D,E,WR20,SR20,KR1); RIP4(E,A,B,C,D,WR21,SR21,KR1); RIP4(D,E,A,B,C,WR22,SR22,KR1); RIP4(C,D,E,A,B,WR23,SR23,KR1); RIP4(B,C,D,E,A,WR24,SR24,KR1); RIP4(A,B,C,D,E,WR25,SR25,KR1); RIP4(E,A,B,C,D,WR26,SR26,KR1); RIP4(D,E,A,B,C,WR27,SR27,KR1); RIP4(C,D,E,A,B,WR28,SR28,KR1); RIP4(B,C,D,E,A,WR29,SR29,KR1); RIP4(A,B,C,D,E,WR30,SR30,KR1); RIP4(E,A,B,C,D,WR31,SR31,KR1); RIP3(D,E,A,B,C,WR32,SR32,KR2); RIP3(C,D,E,A,B,WR33,SR33,KR2); RIP3(B,C,D,E,A,WR34,SR34,KR2); RIP3(A,B,C,D,E,WR35,SR35,KR2); RIP3(E,A,B,C,D,WR36,SR36,KR2); RIP3(D,E,A,B,C,WR37,SR37,KR2); RIP3(C,D,E,A,B,WR38,SR38,KR2); RIP3(B,C,D,E,A,WR39,SR39,KR2); RIP3(A,B,C,D,E,WR40,SR40,KR2); RIP3(E,A,B,C,D,WR41,SR41,KR2); RIP3(D,E,A,B,C,WR42,SR42,KR2); RIP3(C,D,E,A,B,WR43,SR43,KR2); RIP3(B,C,D,E,A,WR44,SR44,KR2); RIP3(A,B,C,D,E,WR45,SR45,KR2); RIP3(E,A,B,C,D,WR46,SR46,KR2); RIP3(D,E,A,B,C,WR47,SR47,KR2); RIP2(C,D,E,A,B,WR48,SR48,KR3); RIP2(B,C,D,E,A,WR49,SR49,KR3); RIP2(A,B,C,D,E,WR50,SR50,KR3); RIP2(E,A,B,C,D,WR51,SR51,KR3); RIP2(D,E,A,B,C,WR52,SR52,KR3); RIP2(C,D,E,A,B,WR53,SR53,KR3); RIP2(B,C,D,E,A,WR54,SR54,KR3); RIP2(A,B,C,D,E,WR55,SR55,KR3); RIP2(E,A,B,C,D,WR56,SR56,KR3); RIP2(D,E,A,B,C,WR57,SR57,KR3); RIP2(C,D,E,A,B,WR58,SR58,KR3); RIP2(B,C,D,E,A,WR59,SR59,KR3); RIP2(A,B,C,D,E,WR60,SR60,KR3); RIP2(E,A,B,C,D,WR61,SR61,KR3); RIP2(D,E,A,B,C,WR62,SR62,KR3); RIP2(C,D,E,A,B,WR63,SR63,KR3); RIP1(B,C,D,E,A,WR64,SR64); RIP1(A,B,C,D,E,WR65,SR65); RIP1(E,A,B,C,D,WR66,SR66); RIP1(D,E,A,B,C,WR67,SR67); RIP1(C,D,E,A,B,WR68,SR68); RIP1(B,C,D,E,A,WR69,SR69); RIP1(A,B,C,D,E,WR70,SR70); RIP1(E,A,B,C,D,WR71,SR71); RIP1(D,E,A,B,C,WR72,SR72); RIP1(C,D,E,A,B,WR73,SR73); RIP1(B,C,D,E,A,WR74,SR74); RIP1(A,B,C,D,E,WR75,SR75); RIP1(E,A,B,C,D,WR76,SR76); RIP1(D,E,A,B,C,WR77,SR77); RIP1(C,D,E,A,B,WR78,SR78); RIP1(B,C,D,E,A,WR79,SR79); D =ctx->B+c+D; ctx->B=ctx->C+d+E; ctx->C=ctx->D+e+A; ctx->D=ctx->E+a+B; ctx->E=ctx->A+b+C; ctx->A=D; X+=16; num-=64; if (num <= 0) break; } } #endif void RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c) { int i,j; u_int32_t l; u_int32_t *p; static unsigned char end[4]={0x80,0x00,0x00,0x00}; unsigned char *cp=end; /* c->num should definitly have room for at least one more byte. */ p=c->data; j=c->num; i=j>>2; /* purify often complains about the following line as an * Uninitialized Memory Read. While this can be true, the * following p_c2l macro will reset l when that case is true. * This is because j&0x03 contains the number of 'valid' bytes * already in p[i]. If and only if j&0x03 == 0, the UMR will * occur but this is also the only time p_c2l will do * l= *(cp++) instead of l|= *(cp++) * Many thanks to Alex Tang for pickup this * 'potential bug' */ #ifdef PURIFY if ((j&0x03) == 0) p[i]=0; #endif l=p[i]; p_c2l(cp,l,j&0x03); p[i]=l; i++; /* i is the next 'undefined word' */ if (c->num >= RIPEMD160_LAST_BLOCK) { for (; iNl; p[RIPEMD160_LBLOCK-1]=c->Nh; ripemd160_block(c,p,64); cp=md; l=c->A; l2c(l,cp); l=c->B; l2c(l,cp); l=c->C; l2c(l,cp); l=c->D; l2c(l,cp); l=c->E; l2c(l,cp); /* Clear the context state */ explicit_bzero(&c, sizeof(c)); } #ifdef undef int printit(unsigned long *l) { int i,ii; for (i=0; i<2; i++) { for (ii=0; ii<8; ii++) { fprintf(stderr,"%08lx ",l[i*8+ii]); } fprintf(stderr,"\n"); } } #endif #ifdef WEAK_REFS /* When building libmd, provide weak references. Note: this is not activated in the context of compiling these sources for internal use in libcrypt. */ #undef RIPEMD160_Init __weak_reference(_libmd_RIPEMD160_Init, RIPEMD160_Init); #undef RIPEMD160_Update __weak_reference(_libmd_RIPEMD160_Update, RIPEMD160_Update); #undef RIPEMD160_Final __weak_reference(_libmd_RIPEMD160_Final, RIPEMD160_Final); -#undef RIPEMD160_Transform -__weak_reference(_libmd_RIPEMD160_Transform, RIPEMD160_Transform); #undef RMD160_version __weak_reference(_libmd_RMD160_version, RMD160_version); #endif diff --git a/lib/libmd/sha.h b/lib/libmd/sha.h index 6c7b0c0c30b3..49f65d91bfda 100644 --- a/lib/libmd/sha.h +++ b/lib/libmd/sha.h @@ -1,179 +1,173 @@ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * "This product includes cryptographic software written by * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the routines from the library * being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ #ifndef _SHA_H_ #define _SHA_H_ 1 #include /* XXX switch to machine/ansi.h and __ types */ #define SHA_CBLOCK 64 #define SHA_LBLOCK 16 #define SHA_BLOCK 16 #define SHA_LAST_BLOCK 56 #define SHA_LENGTH_BLOCK 8 #define SHA_DIGEST_LENGTH 20 typedef struct SHAstate_st { u_int32_t h0, h1, h2, h3, h4; u_int32_t Nl, Nh; u_int32_t data[SHA_LBLOCK]; int num; } SHA_CTX; #define SHA1_CTX SHA_CTX __BEGIN_DECLS /* Ensure libmd symbols do not clash with libcrypto */ #ifndef SHA_Init #define SHA_Init _libmd_SHA_Init #endif #ifndef SHA_Update #define SHA_Update _libmd_SHA_Update #endif #ifndef SHA_Final #define SHA_Final _libmd_SHA_Final #endif #ifndef SHA_End #define SHA_End _libmd_SHA_End #endif #ifndef SHA_Fd #define SHA_Fd _libmd_SHA_Fd #endif #ifndef SHA_FdChunk #define SHA_FdChunk _libmd_SHA_FdChunk #endif #ifndef SHA_File #define SHA_File _libmd_SHA_File #endif #ifndef SHA_FileChunk #define SHA_FileChunk _libmd_SHA_FileChunk #endif #ifndef SHA_Data #define SHA_Data _libmd_SHA_Data #endif -#ifndef SHA_Transform -#define SHA_Transform _libmd_SHA_Transform -#endif #ifndef SHA_version #define SHA_version _libmd_SHA_version #endif #ifndef sha_block #define sha_block _libmd_sha_block #endif #ifndef SHA1_Init #define SHA1_Init _libmd_SHA1_Init #endif #ifndef SHA1_Update #define SHA1_Update _libmd_SHA1_Update #endif #ifndef SHA1_Final #define SHA1_Final _libmd_SHA1_Final #endif #ifndef SHA1_End #define SHA1_End _libmd_SHA1_End #endif #ifndef SHA1_Fd #define SHA1_Fd _libmd_SHA1_Fd #endif #ifndef SHA1_FdChunk #define SHA1_FdChunk _libmd_SHA1_FdChunk #endif #ifndef SHA1_File #define SHA1_File _libmd_SHA1_File #endif #ifndef SHA1_FileChunk #define SHA1_FileChunk _libmd_SHA1_FileChunk #endif #ifndef SHA1_Data #define SHA1_Data _libmd_SHA1_Data #endif -#ifndef SHA1_Transform -#define SHA1_Transform _libmd_SHA1_Transform -#endif #ifndef SHA1_version #define SHA1_version _libmd_SHA1_version #endif #ifndef sha1_block #define sha1_block _libmd_sha1_block #endif void SHA_Init(SHA_CTX *c); void SHA_Update(SHA_CTX *c, const void *data, size_t len); void SHA_Final(unsigned char *md, SHA_CTX *c); char *SHA_End(SHA_CTX *, char *); char *SHA_Fd(int, char *); char *SHA_FdChunk(int, char *, off_t, off_t); char *SHA_File(const char *, char *); char *SHA_FileChunk(const char *, char *, off_t, off_t); char *SHA_Data(const void *, unsigned int, char *); void SHA1_Init(SHA_CTX *c); void SHA1_Update(SHA_CTX *c, const void *data, size_t len); void SHA1_Final(unsigned char *md, SHA_CTX *c); char *SHA1_End(SHA_CTX *, char *); char *SHA1_Fd(int, char *); char *SHA1_FdChunk(int, char *, off_t, off_t); char *SHA1_File(const char *, char *); char *SHA1_FileChunk(const char *, char *, off_t, off_t); char *SHA1_Data(const void *, unsigned int, char *); __END_DECLS #endif /* !_SHA_H_ */ diff --git a/lib/libmd/sha0c.c b/lib/libmd/sha0c.c index 4c39ed842ea9..a36617b6ca60 100644 --- a/lib/libmd/sha0c.c +++ b/lib/libmd/sha0c.c @@ -1,438 +1,438 @@ /* crypto/sha/sha_dgst.c */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * "This product includes cryptographic software written by * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the routines from the library * being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ #include #include #include #if 0 #include /* we use the __ variants of bit-sized types */ #endif #include #define SHA_0 #undef SHA_1 #include "sha.h" #include "sha_locl.h" char *SHA_version="SHA part of SSLeay 0.9.0b 11-Oct-1998"; /* Implemented from SHA-0 document - The Secure Hash Algorithm */ #define INIT_DATA_h0 (unsigned long)0x67452301L #define INIT_DATA_h1 (unsigned long)0xefcdab89L #define INIT_DATA_h2 (unsigned long)0x98badcfeL #define INIT_DATA_h3 (unsigned long)0x10325476L #define INIT_DATA_h4 (unsigned long)0xc3d2e1f0L #define K_00_19 0x5a827999L #define K_20_39 0x6ed9eba1L #define K_40_59 0x8f1bbcdcL #define K_60_79 0xca62c1d6L #ifndef NOPROTO void sha_block(SHA_CTX *c, const u_int32_t *p, int num); #else void sha_block(); #endif #define M_c2nl c2nl #define M_p_c2nl p_c2nl #define M_c2nl_p c2nl_p #define M_p_c2nl_p p_c2nl_p #define M_nl2c nl2c void SHA_Init(SHA_CTX *c) { c->h0=INIT_DATA_h0; c->h1=INIT_DATA_h1; c->h2=INIT_DATA_h2; c->h3=INIT_DATA_h3; c->h4=INIT_DATA_h4; c->Nl=0; c->Nh=0; c->num=0; } void SHA_Update(SHA_CTX *c, const void *in, size_t len) { u_int32_t *p; int ew,ec,sw,sc; u_int32_t l; const unsigned char *data = in; if (len == 0) return; l=(c->Nl+(len<<3))&0xffffffffL; if (l < c->Nl) /* overflow */ c->Nh++; c->Nh+=(len>>29); c->Nl=l; if (c->num != 0) { p=c->data; sw=c->num>>2; sc=c->num&0x03; if ((c->num+len) >= SHA_CBLOCK) { l= p[sw]; M_p_c2nl(data,l,sc); p[sw++]=l; for (; swnum); sha_block(c,p,64); c->num=0; /* drop through and do the rest */ } else { c->num+=(int)len; if ((sc+len) < 4) /* ugly, add char's to a word */ { l= p[sw]; M_p_c2nl_p(data,l,sc,len); p[sw]=l; } else { ew=(c->num>>2); ec=(c->num&0x03); l= p[sw]; M_p_c2nl(data,l,sc); p[sw++]=l; for (; sw < ew; sw++) { M_c2nl(data,l); p[sw]=l; } if (ec) { M_c2nl_p(data,l,ec); p[sw]=l; } } return; } } /* We can only do the following code for assember, the reason * being that the sha_block 'C' version changes the values * in the 'data' array. The assember code avoids this and * copies it to a local array. I should be able to do this for * the C version as well.... */ #if 1 #if BYTE_ORDER == BIG_ENDIAN || defined(SHA_ASM) if ((((unsigned int)data)%sizeof(u_int32_t)) == 0) { sw=len/SHA_CBLOCK; if (sw) { sw*=SHA_CBLOCK; sha_block(c,(u_int32_t *)data,sw); data+=sw; len-=sw; } } #endif #endif /* we now can process the input data in blocks of SHA_CBLOCK * chars and save the leftovers to c->data. */ p=c->data; while (len >= SHA_CBLOCK) { #if BYTE_ORDER == BIG_ENDIAN || BYTE_ORDER == LITTLE_ENDIAN if (p != (u_int32_t *)data) memcpy(p,data,SHA_CBLOCK); data+=SHA_CBLOCK; # if BYTE_ORDER == LITTLE_ENDIAN # ifndef SHA_ASM /* Will not happen */ for (sw=(SHA_LBLOCK/4); sw; sw--) { Endian_Reverse32(p[0]); Endian_Reverse32(p[1]); Endian_Reverse32(p[2]); Endian_Reverse32(p[3]); p+=4; } p=c->data; # endif # endif #else for (sw=(SHA_BLOCK/4); sw; sw--) { M_c2nl(data,l); *(p++)=l; M_c2nl(data,l); *(p++)=l; M_c2nl(data,l); *(p++)=l; M_c2nl(data,l); *(p++)=l; } p=c->data; #endif sha_block(c,p,64); len-=SHA_CBLOCK; } ec=(int)len; c->num=ec; ew=(ec>>2); ec&=0x03; for (sw=0; sw < ew; sw++) { M_c2nl(data,l); p[sw]=l; } M_c2nl_p(data,l,ec); p[sw]=l; } -void SHA_Transform(SHA_CTX *c, unsigned char *b) +static void SHA_Transform(SHA_CTX *c, unsigned char *b) { u_int32_t p[16]; #if BYTE_ORDER == LITTLE_ENDIAN u_int32_t *q; int i; #endif #if BYTE_ORDER == BIG_ENDIAN || BYTE_ORDER == LITTLE_ENDIAN memcpy(p,b,64); #if BYTE_ORDER == LITTLE_ENDIAN q=p; for (i=(SHA_LBLOCK/4); i; i--) { Endian_Reverse32(q[0]); Endian_Reverse32(q[1]); Endian_Reverse32(q[2]); Endian_Reverse32(q[3]); q+=4; } #endif #else q=p; for (i=(SHA_LBLOCK/4); i; i--) { u_int32_t l; c2nl(b,l); *(q++)=l; c2nl(b,l); *(q++)=l; c2nl(b,l); *(q++)=l; c2nl(b,l); *(q++)=l; } #endif sha_block(c,p,64); } void sha_block(SHA_CTX *c, const u_int32_t *W, int num) { u_int32_t A,B,C,D,E,T; u_int32_t X[16]; A=c->h0; B=c->h1; C=c->h2; D=c->h3; E=c->h4; for (;;) { BODY_00_15( 0,A,B,C,D,E,T,W); BODY_00_15( 1,T,A,B,C,D,E,W); BODY_00_15( 2,E,T,A,B,C,D,W); BODY_00_15( 3,D,E,T,A,B,C,W); BODY_00_15( 4,C,D,E,T,A,B,W); BODY_00_15( 5,B,C,D,E,T,A,W); BODY_00_15( 6,A,B,C,D,E,T,W); BODY_00_15( 7,T,A,B,C,D,E,W); BODY_00_15( 8,E,T,A,B,C,D,W); BODY_00_15( 9,D,E,T,A,B,C,W); BODY_00_15(10,C,D,E,T,A,B,W); BODY_00_15(11,B,C,D,E,T,A,W); BODY_00_15(12,A,B,C,D,E,T,W); BODY_00_15(13,T,A,B,C,D,E,W); BODY_00_15(14,E,T,A,B,C,D,W); BODY_00_15(15,D,E,T,A,B,C,W); BODY_16_19(16,C,D,E,T,A,B,W,W,W,W); BODY_16_19(17,B,C,D,E,T,A,W,W,W,W); BODY_16_19(18,A,B,C,D,E,T,W,W,W,W); BODY_16_19(19,T,A,B,C,D,E,W,W,W,X); BODY_20_31(20,E,T,A,B,C,D,W,W,W,X); BODY_20_31(21,D,E,T,A,B,C,W,W,W,X); BODY_20_31(22,C,D,E,T,A,B,W,W,W,X); BODY_20_31(23,B,C,D,E,T,A,W,W,W,X); BODY_20_31(24,A,B,C,D,E,T,W,W,X,X); BODY_20_31(25,T,A,B,C,D,E,W,W,X,X); BODY_20_31(26,E,T,A,B,C,D,W,W,X,X); BODY_20_31(27,D,E,T,A,B,C,W,W,X,X); BODY_20_31(28,C,D,E,T,A,B,W,W,X,X); BODY_20_31(29,B,C,D,E,T,A,W,W,X,X); BODY_20_31(30,A,B,C,D,E,T,W,X,X,X); BODY_20_31(31,T,A,B,C,D,E,W,X,X,X); BODY_32_39(32,E,T,A,B,C,D,X); BODY_32_39(33,D,E,T,A,B,C,X); BODY_32_39(34,C,D,E,T,A,B,X); BODY_32_39(35,B,C,D,E,T,A,X); BODY_32_39(36,A,B,C,D,E,T,X); BODY_32_39(37,T,A,B,C,D,E,X); BODY_32_39(38,E,T,A,B,C,D,X); BODY_32_39(39,D,E,T,A,B,C,X); BODY_40_59(40,C,D,E,T,A,B,X); BODY_40_59(41,B,C,D,E,T,A,X); BODY_40_59(42,A,B,C,D,E,T,X); BODY_40_59(43,T,A,B,C,D,E,X); BODY_40_59(44,E,T,A,B,C,D,X); BODY_40_59(45,D,E,T,A,B,C,X); BODY_40_59(46,C,D,E,T,A,B,X); BODY_40_59(47,B,C,D,E,T,A,X); BODY_40_59(48,A,B,C,D,E,T,X); BODY_40_59(49,T,A,B,C,D,E,X); BODY_40_59(50,E,T,A,B,C,D,X); BODY_40_59(51,D,E,T,A,B,C,X); BODY_40_59(52,C,D,E,T,A,B,X); BODY_40_59(53,B,C,D,E,T,A,X); BODY_40_59(54,A,B,C,D,E,T,X); BODY_40_59(55,T,A,B,C,D,E,X); BODY_40_59(56,E,T,A,B,C,D,X); BODY_40_59(57,D,E,T,A,B,C,X); BODY_40_59(58,C,D,E,T,A,B,X); BODY_40_59(59,B,C,D,E,T,A,X); BODY_60_79(60,A,B,C,D,E,T,X); BODY_60_79(61,T,A,B,C,D,E,X); BODY_60_79(62,E,T,A,B,C,D,X); BODY_60_79(63,D,E,T,A,B,C,X); BODY_60_79(64,C,D,E,T,A,B,X); BODY_60_79(65,B,C,D,E,T,A,X); BODY_60_79(66,A,B,C,D,E,T,X); BODY_60_79(67,T,A,B,C,D,E,X); BODY_60_79(68,E,T,A,B,C,D,X); BODY_60_79(69,D,E,T,A,B,C,X); BODY_60_79(70,C,D,E,T,A,B,X); BODY_60_79(71,B,C,D,E,T,A,X); BODY_60_79(72,A,B,C,D,E,T,X); BODY_60_79(73,T,A,B,C,D,E,X); BODY_60_79(74,E,T,A,B,C,D,X); BODY_60_79(75,D,E,T,A,B,C,X); BODY_60_79(76,C,D,E,T,A,B,X); BODY_60_79(77,B,C,D,E,T,A,X); BODY_60_79(78,A,B,C,D,E,T,X); BODY_60_79(79,T,A,B,C,D,E,X); c->h0=(c->h0+E)&0xffffffffL; c->h1=(c->h1+T)&0xffffffffL; c->h2=(c->h2+A)&0xffffffffL; c->h3=(c->h3+B)&0xffffffffL; c->h4=(c->h4+C)&0xffffffffL; num-=64; if (num <= 0) break; A=c->h0; B=c->h1; C=c->h2; D=c->h3; E=c->h4; W+=16; } } void SHA_Final(unsigned char *md, SHA_CTX *c) { int i,j; u_int32_t l; u_int32_t *p; static unsigned char end[4]={0x80,0x00,0x00,0x00}; unsigned char *cp=end; /* c->num should definitly have room for at least one more byte. */ p=c->data; j=c->num; i=j>>2; #ifdef PURIFY if ((j&0x03) == 0) p[i]=0; #endif l=p[i]; M_p_c2nl(cp,l,j&0x03); p[i]=l; i++; /* i is the next 'undefined word' */ if (c->num >= SHA_LAST_BLOCK) { for (; iNh; p[SHA_LBLOCK-1]=c->Nl; sha_block(c,p,64); cp=md; l=c->h0; nl2c(l,cp); l=c->h1; nl2c(l,cp); l=c->h2; nl2c(l,cp); l=c->h3; nl2c(l,cp); l=c->h4; nl2c(l,cp); /* Clear the context state */ explicit_bzero(&c, sizeof(c)); } diff --git a/lib/libmd/sha1c.c b/lib/libmd/sha1c.c index 42b554c83ed1..6e80407e4ec0 100644 --- a/lib/libmd/sha1c.c +++ b/lib/libmd/sha1c.c @@ -1,500 +1,496 @@ /* crypto/sha/sha1dgst.c */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * "This product includes cryptographic software written by * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the routines from the library * being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ #include #include #include #if 0 #include /* we use the __ variants of bit-sized types */ #endif #include #undef SHA_0 #define SHA_1 #include "sha.h" #include "sha_locl.h" /* * The assembly-language code is not position-independent, so don't * try to use it in a shared library. */ #ifdef PIC #undef SHA1_ASM #endif char *SHA1_version="SHA1 part of SSLeay 0.9.0b 11-Oct-1998"; /* Implemented from SHA-1 document - The Secure Hash Algorithm */ #define INIT_DATA_h0 (unsigned long)0x67452301L #define INIT_DATA_h1 (unsigned long)0xefcdab89L #define INIT_DATA_h2 (unsigned long)0x98badcfeL #define INIT_DATA_h3 (unsigned long)0x10325476L #define INIT_DATA_h4 (unsigned long)0xc3d2e1f0L #define K_00_19 0x5a827999L #define K_20_39 0x6ed9eba1L #define K_40_59 0x8f1bbcdcL #define K_60_79 0xca62c1d6L #ifndef NOPROTO # ifdef SHA1_ASM void sha1_block_x86(SHA_CTX *c, const u_int32_t *p, int num); # define sha1_block sha1_block_x86 # else void sha1_block(SHA_CTX *c, const u_int32_t *p, int num); # endif #else # ifdef SHA1_ASM void sha1_block_x86(); # define sha1_block sha1_block_x86 # else void sha1_block(); # endif #endif #if BYTE_ORDER == LITTLE_ENDIAN && defined(SHA1_ASM) # define M_c2nl c2l # define M_p_c2nl p_c2l # define M_c2nl_p c2l_p # define M_p_c2nl_p p_c2l_p # define M_nl2c l2c #else # define M_c2nl c2nl # define M_p_c2nl p_c2nl # define M_c2nl_p c2nl_p # define M_p_c2nl_p p_c2nl_p # define M_nl2c nl2c #endif void SHA1_Init(SHA_CTX *c) { c->h0=INIT_DATA_h0; c->h1=INIT_DATA_h1; c->h2=INIT_DATA_h2; c->h3=INIT_DATA_h3; c->h4=INIT_DATA_h4; c->Nl=0; c->Nh=0; c->num=0; } void SHA1_Update(SHA_CTX *c, const void *in, size_t len) { u_int32_t *p; int ew,ec,sw,sc; u_int32_t l; const unsigned char *data = in; if (len == 0) return; l=(c->Nl+(len<<3))&0xffffffffL; if (l < c->Nl) /* overflow */ c->Nh++; c->Nh+=(len>>29); c->Nl=l; if (c->num != 0) { p=c->data; sw=c->num>>2; sc=c->num&0x03; if ((c->num+len) >= SHA_CBLOCK) { l= p[sw]; M_p_c2nl(data,l,sc); p[sw++]=l; for (; swnum); sha1_block(c,p,64); c->num=0; /* drop through and do the rest */ } else { c->num+=(int)len; if ((sc+len) < 4) /* ugly, add char's to a word */ { l= p[sw]; M_p_c2nl_p(data,l,sc,len); p[sw]=l; } else { ew=(c->num>>2); ec=(c->num&0x03); l= p[sw]; M_p_c2nl(data,l,sc); p[sw++]=l; for (; sw < ew; sw++) { M_c2nl(data,l); p[sw]=l; } if (ec) { M_c2nl_p(data,l,ec); p[sw]=l; } } return; } } /* We can only do the following code for assember, the reason * being that the sha1_block 'C' version changes the values * in the 'data' array. The assember code avoids this and * copies it to a local array. I should be able to do this for * the C version as well.... */ #if 1 #if BYTE_ORDER == BIG_ENDIAN || defined(SHA1_ASM) if ((((unsigned int)data)%sizeof(u_int32_t)) == 0) { sw=len/SHA_CBLOCK; if (sw) { sw*=SHA_CBLOCK; sha1_block(c,(u_int32_t *)data,sw); data+=sw; len-=sw; } } #endif #endif /* we now can process the input data in blocks of SHA_CBLOCK * chars and save the leftovers to c->data. */ p=c->data; while (len >= SHA_CBLOCK) { #if BYTE_ORDER == BIG_ENDIAN || BYTE_ORDER == LITTLE_ENDIAN if (p != (u_int32_t *)data) memcpy(p,data,SHA_CBLOCK); data+=SHA_CBLOCK; # if BYTE_ORDER == LITTLE_ENDIAN # ifndef SHA1_ASM /* Will not happen */ for (sw=(SHA_LBLOCK/4); sw; sw--) { Endian_Reverse32(p[0]); Endian_Reverse32(p[1]); Endian_Reverse32(p[2]); Endian_Reverse32(p[3]); p+=4; } p=c->data; # endif # endif #else for (sw=(SHA_BLOCK/4); sw; sw--) { M_c2nl(data,l); *(p++)=l; M_c2nl(data,l); *(p++)=l; M_c2nl(data,l); *(p++)=l; M_c2nl(data,l); *(p++)=l; } p=c->data; #endif sha1_block(c,p,64); len-=SHA_CBLOCK; } ec=(int)len; c->num=ec; ew=(ec>>2); ec&=0x03; for (sw=0; sw < ew; sw++) { M_c2nl(data,l); p[sw]=l; } M_c2nl_p(data,l,ec); p[sw]=l; } -void SHA1_Transform(SHA_CTX *c, unsigned char *b) +static void SHA1_Transform(SHA_CTX *c, unsigned char *b) { u_int32_t p[16]; #if BYTE_ORDER != BIG_ENDIAN u_int32_t *q; int i; #endif #if BYTE_ORDER == BIG_ENDIAN || BYTE_ORDER == LITTLE_ENDIAN memcpy(p,b,64); #if BYTE_ORDER == LITTLE_ENDIAN q=p; for (i=(SHA_LBLOCK/4); i; i--) { Endian_Reverse32(q[0]); Endian_Reverse32(q[1]); Endian_Reverse32(q[2]); Endian_Reverse32(q[3]); q+=4; } #endif #else q=p; for (i=(SHA_LBLOCK/4); i; i--) { u_int32_t l; c2nl(b,l); *(q++)=l; c2nl(b,l); *(q++)=l; c2nl(b,l); *(q++)=l; c2nl(b,l); *(q++)=l; } #endif sha1_block(c,p,64); } #ifndef SHA1_ASM void sha1_block(SHA_CTX *c, const u_int32_t *W, int num) { u_int32_t A,B,C,D,E,T; u_int32_t X[16]; A=c->h0; B=c->h1; C=c->h2; D=c->h3; E=c->h4; for (;;) { BODY_00_15( 0,A,B,C,D,E,T,W); BODY_00_15( 1,T,A,B,C,D,E,W); BODY_00_15( 2,E,T,A,B,C,D,W); BODY_00_15( 3,D,E,T,A,B,C,W); BODY_00_15( 4,C,D,E,T,A,B,W); BODY_00_15( 5,B,C,D,E,T,A,W); BODY_00_15( 6,A,B,C,D,E,T,W); BODY_00_15( 7,T,A,B,C,D,E,W); BODY_00_15( 8,E,T,A,B,C,D,W); BODY_00_15( 9,D,E,T,A,B,C,W); BODY_00_15(10,C,D,E,T,A,B,W); BODY_00_15(11,B,C,D,E,T,A,W); BODY_00_15(12,A,B,C,D,E,T,W); BODY_00_15(13,T,A,B,C,D,E,W); BODY_00_15(14,E,T,A,B,C,D,W); BODY_00_15(15,D,E,T,A,B,C,W); BODY_16_19(16,C,D,E,T,A,B,W,W,W,W); BODY_16_19(17,B,C,D,E,T,A,W,W,W,W); BODY_16_19(18,A,B,C,D,E,T,W,W,W,W); BODY_16_19(19,T,A,B,C,D,E,W,W,W,X); BODY_20_31(20,E,T,A,B,C,D,W,W,W,X); BODY_20_31(21,D,E,T,A,B,C,W,W,W,X); BODY_20_31(22,C,D,E,T,A,B,W,W,W,X); BODY_20_31(23,B,C,D,E,T,A,W,W,W,X); BODY_20_31(24,A,B,C,D,E,T,W,W,X,X); BODY_20_31(25,T,A,B,C,D,E,W,W,X,X); BODY_20_31(26,E,T,A,B,C,D,W,W,X,X); BODY_20_31(27,D,E,T,A,B,C,W,W,X,X); BODY_20_31(28,C,D,E,T,A,B,W,W,X,X); BODY_20_31(29,B,C,D,E,T,A,W,W,X,X); BODY_20_31(30,A,B,C,D,E,T,W,X,X,X); BODY_20_31(31,T,A,B,C,D,E,W,X,X,X); BODY_32_39(32,E,T,A,B,C,D,X); BODY_32_39(33,D,E,T,A,B,C,X); BODY_32_39(34,C,D,E,T,A,B,X); BODY_32_39(35,B,C,D,E,T,A,X); BODY_32_39(36,A,B,C,D,E,T,X); BODY_32_39(37,T,A,B,C,D,E,X); BODY_32_39(38,E,T,A,B,C,D,X); BODY_32_39(39,D,E,T,A,B,C,X); BODY_40_59(40,C,D,E,T,A,B,X); BODY_40_59(41,B,C,D,E,T,A,X); BODY_40_59(42,A,B,C,D,E,T,X); BODY_40_59(43,T,A,B,C,D,E,X); BODY_40_59(44,E,T,A,B,C,D,X); BODY_40_59(45,D,E,T,A,B,C,X); BODY_40_59(46,C,D,E,T,A,B,X); BODY_40_59(47,B,C,D,E,T,A,X); BODY_40_59(48,A,B,C,D,E,T,X); BODY_40_59(49,T,A,B,C,D,E,X); BODY_40_59(50,E,T,A,B,C,D,X); BODY_40_59(51,D,E,T,A,B,C,X); BODY_40_59(52,C,D,E,T,A,B,X); BODY_40_59(53,B,C,D,E,T,A,X); BODY_40_59(54,A,B,C,D,E,T,X); BODY_40_59(55,T,A,B,C,D,E,X); BODY_40_59(56,E,T,A,B,C,D,X); BODY_40_59(57,D,E,T,A,B,C,X); BODY_40_59(58,C,D,E,T,A,B,X); BODY_40_59(59,B,C,D,E,T,A,X); BODY_60_79(60,A,B,C,D,E,T,X); BODY_60_79(61,T,A,B,C,D,E,X); BODY_60_79(62,E,T,A,B,C,D,X); BODY_60_79(63,D,E,T,A,B,C,X); BODY_60_79(64,C,D,E,T,A,B,X); BODY_60_79(65,B,C,D,E,T,A,X); BODY_60_79(66,A,B,C,D,E,T,X); BODY_60_79(67,T,A,B,C,D,E,X); BODY_60_79(68,E,T,A,B,C,D,X); BODY_60_79(69,D,E,T,A,B,C,X); BODY_60_79(70,C,D,E,T,A,B,X); BODY_60_79(71,B,C,D,E,T,A,X); BODY_60_79(72,A,B,C,D,E,T,X); BODY_60_79(73,T,A,B,C,D,E,X); BODY_60_79(74,E,T,A,B,C,D,X); BODY_60_79(75,D,E,T,A,B,C,X); BODY_60_79(76,C,D,E,T,A,B,X); BODY_60_79(77,B,C,D,E,T,A,X); BODY_60_79(78,A,B,C,D,E,T,X); BODY_60_79(79,T,A,B,C,D,E,X); c->h0=(c->h0+E)&0xffffffffL; c->h1=(c->h1+T)&0xffffffffL; c->h2=(c->h2+A)&0xffffffffL; c->h3=(c->h3+B)&0xffffffffL; c->h4=(c->h4+C)&0xffffffffL; num-=64; if (num <= 0) break; A=c->h0; B=c->h1; C=c->h2; D=c->h3; E=c->h4; W+=16; } } #endif void SHA1_Final(unsigned char *md, SHA_CTX *c) { int i,j; u_int32_t l; u_int32_t *p; static unsigned char end[4]={0x80,0x00,0x00,0x00}; unsigned char *cp=end; /* c->num should definitly have room for at least one more byte. */ p=c->data; j=c->num; i=j>>2; #ifdef PURIFY if ((j&0x03) == 0) p[i]=0; #endif l=p[i]; M_p_c2nl(cp,l,j&0x03); p[i]=l; i++; /* i is the next 'undefined word' */ if (c->num >= SHA_LAST_BLOCK) { for (; iNh; p[SHA_LBLOCK-1]=c->Nl; #if BYTE_ORDER == LITTLE_ENDIAN && defined(SHA1_ASM) Endian_Reverse32(p[SHA_LBLOCK-2]); Endian_Reverse32(p[SHA_LBLOCK-1]); #endif sha1_block(c,p,64); cp=md; l=c->h0; nl2c(l,cp); l=c->h1; nl2c(l,cp); l=c->h2; nl2c(l,cp); l=c->h3; nl2c(l,cp); l=c->h4; nl2c(l,cp); /* Clear the context state */ explicit_bzero(&c, sizeof(c)); } #ifdef WEAK_REFS /* When building libmd, provide weak references. Note: this is not activated in the context of compiling these sources for internal use in libcrypt. */ #undef SHA_Init __weak_reference(_libmd_SHA_Init, SHA_Init); #undef SHA_Update __weak_reference(_libmd_SHA_Update, SHA_Update); #undef SHA_Final __weak_reference(_libmd_SHA_Final, SHA_Final); -#undef SHA_Transform -__weak_reference(_libmd_SHA_Transform, SHA_Transform); #undef SHA_version __weak_reference(_libmd_SHA_version, SHA_version); #undef SHA1_Init __weak_reference(_libmd_SHA1_Init, SHA1_Init); #undef SHA1_Update __weak_reference(_libmd_SHA1_Update, SHA1_Update); #undef SHA1_Final __weak_reference(_libmd_SHA1_Final, SHA1_Final); -#undef SHA1_Transform -__weak_reference(_libmd_SHA1_Transform, SHA1_Transform); #undef SHA1_version __weak_reference(_libmd_SHA1_version, SHA1_version); #endif diff --git a/sys/crypto/sha2/sha256.h b/sys/crypto/sha2/sha256.h index 60c417e0fb8d..7bee1002c25c 100644 --- a/sys/crypto/sha2/sha256.h +++ b/sys/crypto/sha2/sha256.h @@ -1,97 +1,94 @@ /*- * Copyright 2005 Colin Percival * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #ifndef _SHA256_H_ #define _SHA256_H_ #ifndef _KERNEL #include #endif #define SHA256_BLOCK_LENGTH 64 #define SHA256_DIGEST_LENGTH 32 #define SHA256_DIGEST_STRING_LENGTH (SHA256_DIGEST_LENGTH * 2 + 1) typedef struct SHA256Context { uint32_t state[8]; uint64_t count; uint8_t buf[SHA256_BLOCK_LENGTH]; } SHA256_CTX; __BEGIN_DECLS /* Ensure libmd symbols do not clash with libcrypto */ #ifndef SHA256_Init #define SHA256_Init _libmd_SHA256_Init #endif #ifndef SHA256_Update #define SHA256_Update _libmd_SHA256_Update #endif #ifndef SHA256_Final #define SHA256_Final _libmd_SHA256_Final #endif #ifndef SHA256_End #define SHA256_End _libmd_SHA256_End #endif #ifndef SHA256_Fd #define SHA256_Fd _libmd_SHA256_Fd #endif #ifndef SHA256_FdChunk #define SHA256_FdChunk _libmd_SHA256_FdChunk #endif #ifndef SHA256_File #define SHA256_File _libmd_SHA256_File #endif #ifndef SHA256_FileChunk #define SHA256_FileChunk _libmd_SHA256_FileChunk #endif #ifndef SHA256_Data #define SHA256_Data _libmd_SHA256_Data #endif -#ifndef SHA256_Transform -#define SHA256_Transform _libmd_SHA256_Transform -#endif #ifndef SHA256_version #define SHA256_version _libmd_SHA256_version #endif void SHA256_Init(SHA256_CTX *); void SHA256_Update(SHA256_CTX *, const void *, size_t); void SHA256_Final(unsigned char [__min_size(SHA256_DIGEST_LENGTH)], SHA256_CTX *); #ifndef _KERNEL char *SHA256_End(SHA256_CTX *, char *); char *SHA256_Data(const void *, unsigned int, char *); char *SHA256_Fd(int, char *); char *SHA256_FdChunk(int, char *, off_t, off_t); char *SHA256_File(const char *, char *); char *SHA256_FileChunk(const char *, char *, off_t, off_t); #endif __END_DECLS #endif /* !_SHA256_H_ */ diff --git a/sys/crypto/sha2/sha256c.c b/sys/crypto/sha2/sha256c.c index a3bebc4bee55..b7f7295c5c85 100644 --- a/sys/crypto/sha2/sha256c.c +++ b/sys/crypto/sha2/sha256c.c @@ -1,403 +1,401 @@ /*- * Copyright 2005 Colin Percival * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include #include #include #ifdef _KERNEL #include #else #include #endif #include "sha224.h" #include "sha256.h" #include "sha256c_impl.h" #if defined(ARM64_SHA2) #include #include #endif #if BYTE_ORDER == BIG_ENDIAN /* Copy a vector of big-endian uint32_t into a vector of bytes */ #define be32enc_vect(dst, src, len) \ memcpy((void *)dst, (const void *)src, (size_t)len) /* Copy a vector of bytes into a vector of big-endian uint32_t */ #define be32dec_vect(dst, src, len) \ memcpy((void *)dst, (const void *)src, (size_t)len) #else /* BYTE_ORDER != BIG_ENDIAN */ /* * Encode a length len/4 vector of (uint32_t) into a length len vector of * (unsigned char) in big-endian form. Assumes len is a multiple of 4. */ static void be32enc_vect(unsigned char *dst, const uint32_t *src, size_t len) { size_t i; for (i = 0; i < len / 4; i++) be32enc(dst + i * 4, src[i]); } /* * Decode a big-endian length len vector of (unsigned char) into a length * len/4 vector of (uint32_t). Assumes len is a multiple of 4. */ static void be32dec_vect(uint32_t *dst, const unsigned char *src, size_t len) { size_t i; for (i = 0; i < len / 4; i++) dst[i] = be32dec(src + i * 4); } #endif /* BYTE_ORDER != BIG_ENDIAN */ /* SHA256 round constants. */ static const uint32_t K[64] = { 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967, 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2 }; /* Elementary functions used by SHA256 */ #define Ch(x, y, z) ((x & (y ^ z)) ^ z) #define Maj(x, y, z) ((x & (y | z)) | (y & z)) #define SHR(x, n) (x >> n) #define ROTR(x, n) ((x >> n) | (x << (32 - n))) #define S0(x) (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22)) #define S1(x) (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25)) #define s0(x) (ROTR(x, 7) ^ ROTR(x, 18) ^ SHR(x, 3)) #define s1(x) (ROTR(x, 17) ^ ROTR(x, 19) ^ SHR(x, 10)) /* SHA256 round function */ #define RND(a, b, c, d, e, f, g, h, k) \ h += S1(e) + Ch(e, f, g) + k; \ d += h; \ h += S0(a) + Maj(a, b, c); /* Adjusted round function for rotating state */ #define RNDr(S, W, i, ii) \ RND(S[(64 - i) % 8], S[(65 - i) % 8], \ S[(66 - i) % 8], S[(67 - i) % 8], \ S[(68 - i) % 8], S[(69 - i) % 8], \ S[(70 - i) % 8], S[(71 - i) % 8], \ W[i + ii] + K[i + ii]) /* Message schedule computation */ #define MSCH(W, ii, i) \ W[i + ii + 16] = s1(W[i + ii + 14]) + W[i + ii + 9] + s0(W[i + ii + 1]) + W[i + ii] /* * SHA256 block compression function. The 256-bit state is transformed via * the 512-bit input block to produce a new state. */ static void #if defined(ARM64_SHA2) SHA256_Transform_c(uint32_t * state, const unsigned char block[64]) #else SHA256_Transform(uint32_t * state, const unsigned char block[64]) #endif { uint32_t W[64]; uint32_t S[8]; int i; /* 1. Prepare the first part of the message schedule W. */ be32dec_vect(W, block, 64); /* 2. Initialize working variables. */ memcpy(S, state, 32); /* 3. Mix. */ for (i = 0; i < 64; i += 16) { RNDr(S, W, 0, i); RNDr(S, W, 1, i); RNDr(S, W, 2, i); RNDr(S, W, 3, i); RNDr(S, W, 4, i); RNDr(S, W, 5, i); RNDr(S, W, 6, i); RNDr(S, W, 7, i); RNDr(S, W, 8, i); RNDr(S, W, 9, i); RNDr(S, W, 10, i); RNDr(S, W, 11, i); RNDr(S, W, 12, i); RNDr(S, W, 13, i); RNDr(S, W, 14, i); RNDr(S, W, 15, i); if (i == 48) break; MSCH(W, 0, i); MSCH(W, 1, i); MSCH(W, 2, i); MSCH(W, 3, i); MSCH(W, 4, i); MSCH(W, 5, i); MSCH(W, 6, i); MSCH(W, 7, i); MSCH(W, 8, i); MSCH(W, 9, i); MSCH(W, 10, i); MSCH(W, 11, i); MSCH(W, 12, i); MSCH(W, 13, i); MSCH(W, 14, i); MSCH(W, 15, i); } /* 4. Mix local working variables into global state */ for (i = 0; i < 8; i++) state[i] += S[i]; } #if defined(ARM64_SHA2) static void SHA256_Transform_arm64(uint32_t * state, const unsigned char block[64]) { SHA256_Transform_arm64_impl(state, block, K); } DEFINE_UIFUNC(static, void, SHA256_Transform, (uint32_t * state, const unsigned char block[64])) { u_long hwcap; if (elf_aux_info(AT_HWCAP, &hwcap, sizeof(hwcap)) == 0) { if ((hwcap & HWCAP_SHA2) != 0) return (SHA256_Transform_arm64); } return (SHA256_Transform_c); } #endif static unsigned char PAD[64] = { 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; /* Add padding and terminating bit-count. */ static void SHA256_Pad(SHA256_CTX * ctx) { size_t r; /* Figure out how many bytes we have buffered. */ r = (ctx->count >> 3) & 0x3f; /* Pad to 56 mod 64, transforming if we finish a block en route. */ if (r < 56) { /* Pad to 56 mod 64. */ memcpy(&ctx->buf[r], PAD, 56 - r); } else { /* Finish the current block and mix. */ memcpy(&ctx->buf[r], PAD, 64 - r); SHA256_Transform(ctx->state, ctx->buf); /* The start of the final block is all zeroes. */ memset(&ctx->buf[0], 0, 56); } /* Add the terminating bit-count. */ be64enc(&ctx->buf[56], ctx->count); /* Mix in the final block. */ SHA256_Transform(ctx->state, ctx->buf); } /* SHA-256 initialization. Begins a SHA-256 operation. */ void SHA256_Init(SHA256_CTX * ctx) { /* Zero bits processed so far */ ctx->count = 0; /* Magic initialization constants */ ctx->state[0] = 0x6A09E667; ctx->state[1] = 0xBB67AE85; ctx->state[2] = 0x3C6EF372; ctx->state[3] = 0xA54FF53A; ctx->state[4] = 0x510E527F; ctx->state[5] = 0x9B05688C; ctx->state[6] = 0x1F83D9AB; ctx->state[7] = 0x5BE0CD19; } /* Add bytes into the hash */ void SHA256_Update(SHA256_CTX * ctx, const void *in, size_t len) { uint64_t bitlen; uint32_t r; const unsigned char *src = in; /* Number of bytes left in the buffer from previous updates */ r = (ctx->count >> 3) & 0x3f; /* Convert the length into a number of bits */ bitlen = len << 3; /* Update number of bits */ ctx->count += bitlen; /* Handle the case where we don't need to perform any transforms */ if (len < 64 - r) { memcpy(&ctx->buf[r], src, len); return; } /* Finish the current block */ memcpy(&ctx->buf[r], src, 64 - r); SHA256_Transform(ctx->state, ctx->buf); src += 64 - r; len -= 64 - r; /* Perform complete blocks */ while (len >= 64) { SHA256_Transform(ctx->state, src); src += 64; len -= 64; } /* Copy left over data into buffer */ memcpy(ctx->buf, src, len); } /* * SHA-256 finalization. Pads the input data, exports the hash value, * and clears the context state. */ void SHA256_Final(unsigned char digest[static SHA256_DIGEST_LENGTH], SHA256_CTX *ctx) { /* Add padding */ SHA256_Pad(ctx); /* Write the hash */ be32enc_vect(digest, ctx->state, SHA256_DIGEST_LENGTH); /* Clear the context state */ explicit_bzero(ctx, sizeof(*ctx)); } /*** SHA-224: *********************************************************/ /* * the SHA224 and SHA256 transforms are identical */ /* SHA-224 initialization. Begins a SHA-224 operation. */ void SHA224_Init(SHA224_CTX * ctx) { /* Zero bits processed so far */ ctx->count = 0; /* Magic initialization constants */ ctx->state[0] = 0xC1059ED8; ctx->state[1] = 0x367CD507; ctx->state[2] = 0x3070DD17; ctx->state[3] = 0xF70E5939; ctx->state[4] = 0xFFC00B31; ctx->state[5] = 0x68581511; ctx->state[6] = 0x64f98FA7; ctx->state[7] = 0xBEFA4FA4; } /* Add bytes into the SHA-224 hash */ void SHA224_Update(SHA224_CTX * ctx, const void *in, size_t len) { SHA256_Update((SHA256_CTX *)ctx, in, len); } /* * SHA-224 finalization. Pads the input data, exports the hash value, * and clears the context state. */ void SHA224_Final(unsigned char digest[static SHA224_DIGEST_LENGTH], SHA224_CTX *ctx) { /* Add padding */ SHA256_Pad((SHA256_CTX *)ctx); /* Write the hash */ be32enc_vect(digest, ctx->state, SHA224_DIGEST_LENGTH); /* Clear the context state */ explicit_bzero(ctx, sizeof(*ctx)); } #ifdef WEAK_REFS /* When building libmd, provide weak references. Note: this is not activated in the context of compiling these sources for internal use in libcrypt. */ #undef SHA256_Init __weak_reference(_libmd_SHA256_Init, SHA256_Init); #undef SHA256_Update __weak_reference(_libmd_SHA256_Update, SHA256_Update); #undef SHA256_Final __weak_reference(_libmd_SHA256_Final, SHA256_Final); -#undef SHA256_Transform -__weak_reference(_libmd_SHA256_Transform, SHA256_Transform); #undef SHA224_Init __weak_reference(_libmd_SHA224_Init, SHA224_Init); #undef SHA224_Update __weak_reference(_libmd_SHA224_Update, SHA224_Update); #undef SHA224_Final __weak_reference(_libmd_SHA224_Final, SHA224_Final); #endif diff --git a/sys/crypto/sha2/sha512.h b/sys/crypto/sha2/sha512.h index a119af36276a..4a3e2cadf022 100644 --- a/sys/crypto/sha2/sha512.h +++ b/sys/crypto/sha2/sha512.h @@ -1,97 +1,94 @@ /*- * Copyright 2005 Colin Percival * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #ifndef _SHA512_H_ #define _SHA512_H_ #ifndef _KERNEL #include #endif #define SHA512_BLOCK_LENGTH 128 #define SHA512_DIGEST_LENGTH 64 #define SHA512_DIGEST_STRING_LENGTH (SHA512_DIGEST_LENGTH * 2 + 1) typedef struct SHA512Context { uint64_t state[8]; uint64_t count[2]; uint8_t buf[SHA512_BLOCK_LENGTH]; } SHA512_CTX; __BEGIN_DECLS /* Ensure libmd symbols do not clash with libcrypto */ #ifndef SHA512_Init #define SHA512_Init _libmd_SHA512_Init #endif #ifndef SHA512_Update #define SHA512_Update _libmd_SHA512_Update #endif #ifndef SHA512_Final #define SHA512_Final _libmd_SHA512_Final #endif #ifndef SHA512_End #define SHA512_End _libmd_SHA512_End #endif #ifndef SHA512_Fd #define SHA512_Fd _libmd_SHA512_Fd #endif #ifndef SHA512_FdChunk #define SHA512_FdChunk _libmd_SHA512_FdChunk #endif #ifndef SHA512_File #define SHA512_File _libmd_SHA512_File #endif #ifndef SHA512_FileChunk #define SHA512_FileChunk _libmd_SHA512_FileChunk #endif #ifndef SHA512_Data #define SHA512_Data _libmd_SHA512_Data #endif -#ifndef SHA512_Transform -#define SHA512_Transform _libmd_SHA512_Transform -#endif #ifndef SHA512_version #define SHA512_version _libmd_SHA512_version #endif void SHA512_Init(SHA512_CTX *); void SHA512_Update(SHA512_CTX *, const void *, size_t); void SHA512_Final(unsigned char [__min_size(SHA512_DIGEST_LENGTH)], SHA512_CTX *); #ifndef _KERNEL char *SHA512_End(SHA512_CTX *, char *); char *SHA512_Data(const void *, unsigned int, char *); char *SHA512_Fd(int, char *); char *SHA512_FdChunk(int, char *, off_t, off_t); char *SHA512_File(const char *, char *); char *SHA512_FileChunk(const char *, char *, off_t, off_t); #endif __END_DECLS #endif /* !_SHA512_H_ */ diff --git a/sys/crypto/sha2/sha512c.c b/sys/crypto/sha2/sha512c.c index 8eda238870e8..076cb30a1dfa 100644 --- a/sys/crypto/sha2/sha512c.c +++ b/sys/crypto/sha2/sha512c.c @@ -1,537 +1,535 @@ /*- * Copyright 2005 Colin Percival * Copyright (c) 2015 Allan Jude * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include #include #include #ifdef _KERNEL #include #else #include #endif #include "sha512.h" #include "sha512t.h" #include "sha384.h" #include "sha512c_impl.h" #if defined(ARM64_SHA512) #include #include #endif #if BYTE_ORDER == BIG_ENDIAN /* Copy a vector of big-endian uint64_t into a vector of bytes */ #define be64enc_vect(dst, src, len) \ memcpy((void *)dst, (const void *)src, (size_t)len) /* Copy a vector of bytes into a vector of big-endian uint64_t */ #define be64dec_vect(dst, src, len) \ memcpy((void *)dst, (const void *)src, (size_t)len) #else /* BYTE_ORDER != BIG_ENDIAN */ /* * Encode a length (len + 7) / 8 vector of (uint64_t) into a length len * vector of (unsigned char) in big-endian form. Assumes len is a * multiple of 4. */ static inline void be64enc_vect(unsigned char *dst, const uint64_t *src, size_t len) { size_t i; for (i = 0; i < len / 8; i++) be64enc(dst + i * 8, src[i]); if (len % 8 == 4) be32enc(dst + i * 8, src[i] >> 32); } /* * Decode a big-endian length len vector of (unsigned char) into a length * len/8 vector of (uint64_t). Assumes len is a multiple of 8. */ static inline void be64dec_vect(uint64_t *dst, const unsigned char *src, size_t len) { size_t i; for (i = 0; i < len / 8; i++) dst[i] = be64dec(src + i * 8); } #endif /* BYTE_ORDER != BIG_ENDIAN */ /* SHA512 round constants. */ static const uint64_t K[80] = { 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL, 0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL, 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL, 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL, 0xd807aa98a3030242ULL, 0x12835b0145706fbeULL, 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL, 0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL, 0x9bdc06a725c71235ULL, 0xc19bf174cf692694ULL, 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL, 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL, 0x2de92c6f592b0275ULL, 0x4a7484aa6ea6e483ULL, 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL, 0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL, 0xb00327c898fb213fULL, 0xbf597fc7beef0ee4ULL, 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL, 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL, 0x27b70a8546d22ffcULL, 0x2e1b21385c26c926ULL, 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL, 0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL, 0x81c2c92e47edaee6ULL, 0x92722c851482353bULL, 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL, 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL, 0xd192e819d6ef5218ULL, 0xd69906245565a910ULL, 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL, 0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL, 0x2748774cdf8eeb99ULL, 0x34b0bcb5e19b48a8ULL, 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL, 0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL, 0x748f82ee5defb2fcULL, 0x78a5636f43172f60ULL, 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL, 0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL, 0xbef9a3f7b2c67915ULL, 0xc67178f2e372532bULL, 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL, 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL, 0x06f067aa72176fbaULL, 0x0a637dc5a2c898a6ULL, 0x113f9804bef90daeULL, 0x1b710b35131c471bULL, 0x28db77f523047d84ULL, 0x32caab7b40c72493ULL, 0x3c9ebe0a15c9bebcULL, 0x431d67c49c100d4cULL, 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL, 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL }; /* Elementary functions used by SHA512 */ #define Ch(x, y, z) ((x & (y ^ z)) ^ z) #define Maj(x, y, z) ((x & (y | z)) | (y & z)) #define SHR(x, n) (x >> n) #define ROTR(x, n) ((x >> n) | (x << (64 - n))) #define S0(x) (ROTR(x, 28) ^ ROTR(x, 34) ^ ROTR(x, 39)) #define S1(x) (ROTR(x, 14) ^ ROTR(x, 18) ^ ROTR(x, 41)) #define s0(x) (ROTR(x, 1) ^ ROTR(x, 8) ^ SHR(x, 7)) #define s1(x) (ROTR(x, 19) ^ ROTR(x, 61) ^ SHR(x, 6)) /* SHA512 round function */ #define RND(a, b, c, d, e, f, g, h, k) \ h += S1(e) + Ch(e, f, g) + k; \ d += h; \ h += S0(a) + Maj(a, b, c); /* Adjusted round function for rotating state */ #define RNDr(S, W, i, ii) \ RND(S[(80 - i) % 8], S[(81 - i) % 8], \ S[(82 - i) % 8], S[(83 - i) % 8], \ S[(84 - i) % 8], S[(85 - i) % 8], \ S[(86 - i) % 8], S[(87 - i) % 8], \ W[i + ii] + K[i + ii]) /* Message schedule computation */ #define MSCH(W, ii, i) \ W[i + ii + 16] = s1(W[i + ii + 14]) + W[i + ii + 9] + s0(W[i + ii + 1]) + W[i + ii] /* * SHA512 block compression function. The 512-bit state is transformed via * the 512-bit input block to produce a new state. */ static void #if defined(ARM64_SHA512) SHA512_Transform_c(uint64_t * state, const unsigned char block[SHA512_BLOCK_LENGTH]) #else SHA512_Transform(uint64_t * state, const unsigned char block[SHA512_BLOCK_LENGTH]) #endif { uint64_t W[80]; uint64_t S[8]; int i; /* 1. Prepare the first part of the message schedule W. */ be64dec_vect(W, block, SHA512_BLOCK_LENGTH); /* 2. Initialize working variables. */ memcpy(S, state, SHA512_DIGEST_LENGTH); /* 3. Mix. */ for (i = 0; i < 80; i += 16) { RNDr(S, W, 0, i); RNDr(S, W, 1, i); RNDr(S, W, 2, i); RNDr(S, W, 3, i); RNDr(S, W, 4, i); RNDr(S, W, 5, i); RNDr(S, W, 6, i); RNDr(S, W, 7, i); RNDr(S, W, 8, i); RNDr(S, W, 9, i); RNDr(S, W, 10, i); RNDr(S, W, 11, i); RNDr(S, W, 12, i); RNDr(S, W, 13, i); RNDr(S, W, 14, i); RNDr(S, W, 15, i); if (i == 64) break; MSCH(W, 0, i); MSCH(W, 1, i); MSCH(W, 2, i); MSCH(W, 3, i); MSCH(W, 4, i); MSCH(W, 5, i); MSCH(W, 6, i); MSCH(W, 7, i); MSCH(W, 8, i); MSCH(W, 9, i); MSCH(W, 10, i); MSCH(W, 11, i); MSCH(W, 12, i); MSCH(W, 13, i); MSCH(W, 14, i); MSCH(W, 15, i); } /* 4. Mix local working variables into global state */ for (i = 0; i < 8; i++) state[i] += S[i]; } #if defined(ARM64_SHA512) static void SHA512_Transform_arm64(uint64_t * state, const unsigned char block[SHA512_BLOCK_LENGTH]) { SHA512_Transform_arm64_impl(state, block, K); } DEFINE_UIFUNC(static, void, SHA512_Transform, (uint64_t * state, const unsigned char block[SHA512_BLOCK_LENGTH])) { u_long hwcap; if (elf_aux_info(AT_HWCAP, &hwcap, sizeof(hwcap)) == 0) { if ((hwcap & HWCAP_SHA512) != 0) { return (SHA512_Transform_arm64); } } return (SHA512_Transform_c); } #endif static unsigned char PAD[SHA512_BLOCK_LENGTH] = { 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; /* Add padding and terminating bit-count. */ static void SHA512_Pad(SHA512_CTX * ctx) { size_t r; /* Figure out how many bytes we have buffered. */ r = (ctx->count[1] >> 3) & 0x7f; /* Pad to 112 mod 128, transforming if we finish a block en route. */ if (r < 112) { /* Pad to 112 mod 128. */ memcpy(&ctx->buf[r], PAD, 112 - r); } else { /* Finish the current block and mix. */ memcpy(&ctx->buf[r], PAD, 128 - r); SHA512_Transform(ctx->state, ctx->buf); /* The start of the final block is all zeroes. */ memset(&ctx->buf[0], 0, 112); } /* Add the terminating bit-count. */ be64enc_vect(&ctx->buf[112], ctx->count, 16); /* Mix in the final block. */ SHA512_Transform(ctx->state, ctx->buf); } /* SHA-512 initialization. Begins a SHA-512 operation. */ void SHA512_Init(SHA512_CTX * ctx) { /* Zero bits processed so far */ ctx->count[0] = ctx->count[1] = 0; /* Magic initialization constants */ ctx->state[0] = 0x6a09e667f3bcc908ULL; ctx->state[1] = 0xbb67ae8584caa73bULL; ctx->state[2] = 0x3c6ef372fe94f82bULL; ctx->state[3] = 0xa54ff53a5f1d36f1ULL; ctx->state[4] = 0x510e527fade682d1ULL; ctx->state[5] = 0x9b05688c2b3e6c1fULL; ctx->state[6] = 0x1f83d9abfb41bd6bULL; ctx->state[7] = 0x5be0cd19137e2179ULL; } /* Add bytes into the hash */ void SHA512_Update(SHA512_CTX * ctx, const void *in, size_t len) { uint64_t bitlen[2]; uint64_t r; const unsigned char *src = in; /* Number of bytes left in the buffer from previous updates */ r = (ctx->count[1] >> 3) & 0x7f; /* Convert the length into a number of bits */ bitlen[1] = ((uint64_t)len) << 3; bitlen[0] = ((uint64_t)len) >> 61; /* Update number of bits */ if ((ctx->count[1] += bitlen[1]) < bitlen[1]) ctx->count[0]++; ctx->count[0] += bitlen[0]; /* Handle the case where we don't need to perform any transforms */ if (len < SHA512_BLOCK_LENGTH - r) { memcpy(&ctx->buf[r], src, len); return; } /* Finish the current block */ memcpy(&ctx->buf[r], src, SHA512_BLOCK_LENGTH - r); SHA512_Transform(ctx->state, ctx->buf); src += SHA512_BLOCK_LENGTH - r; len -= SHA512_BLOCK_LENGTH - r; /* Perform complete blocks */ while (len >= SHA512_BLOCK_LENGTH) { SHA512_Transform(ctx->state, src); src += SHA512_BLOCK_LENGTH; len -= SHA512_BLOCK_LENGTH; } /* Copy left over data into buffer */ memcpy(ctx->buf, src, len); } /* * SHA-512 finalization. Pads the input data, exports the hash value, * and clears the context state. */ void SHA512_Final(unsigned char digest[static SHA512_DIGEST_LENGTH], SHA512_CTX *ctx) { /* Add padding */ SHA512_Pad(ctx); /* Write the hash */ be64enc_vect(digest, ctx->state, SHA512_DIGEST_LENGTH); /* Clear the context state */ explicit_bzero(ctx, sizeof(*ctx)); } /*** SHA-512t: *********************************************************/ /* * the SHA512t transforms are identical to SHA512 so reuse the existing function */ void SHA512_224_Init(SHA512_CTX * ctx) { /* Zero bits processed so far */ ctx->count[0] = ctx->count[1] = 0; /* Magic initialization constants */ ctx->state[0] = 0x8c3d37c819544da2ULL; ctx->state[1] = 0x73e1996689dcd4d6ULL; ctx->state[2] = 0x1dfab7ae32ff9c82ULL; ctx->state[3] = 0x679dd514582f9fcfULL; ctx->state[4] = 0x0f6d2b697bd44da8ULL; ctx->state[5] = 0x77e36f7304c48942ULL; ctx->state[6] = 0x3f9d85a86a1d36c8ULL; ctx->state[7] = 0x1112e6ad91d692a1ULL; } void SHA512_224_Update(SHA512_CTX * ctx, const void *in, size_t len) { SHA512_Update(ctx, in, len); } void SHA512_224_Final(unsigned char digest[static SHA512_224_DIGEST_LENGTH], SHA512_CTX * ctx) { /* Add padding */ SHA512_Pad(ctx); /* Write the hash */ be64enc_vect(digest, ctx->state, SHA512_224_DIGEST_LENGTH); /* Clear the context state */ explicit_bzero(ctx, sizeof(*ctx)); } void SHA512_256_Init(SHA512_CTX * ctx) { /* Zero bits processed so far */ ctx->count[0] = ctx->count[1] = 0; /* Magic initialization constants */ ctx->state[0] = 0x22312194fc2bf72cULL; ctx->state[1] = 0x9f555fa3c84c64c2ULL; ctx->state[2] = 0x2393b86b6f53b151ULL; ctx->state[3] = 0x963877195940eabdULL; ctx->state[4] = 0x96283ee2a88effe3ULL; ctx->state[5] = 0xbe5e1e2553863992ULL; ctx->state[6] = 0x2b0199fc2c85b8aaULL; ctx->state[7] = 0x0eb72ddc81c52ca2ULL; } void SHA512_256_Update(SHA512_CTX * ctx, const void *in, size_t len) { SHA512_Update(ctx, in, len); } void SHA512_256_Final(unsigned char digest[static SHA512_256_DIGEST_LENGTH], SHA512_CTX * ctx) { /* Add padding */ SHA512_Pad(ctx); /* Write the hash */ be64enc_vect(digest, ctx->state, SHA512_256_DIGEST_LENGTH); /* Clear the context state */ explicit_bzero(ctx, sizeof(*ctx)); } /*** SHA-384: *********************************************************/ /* * the SHA384 and SHA512 transforms are identical, so SHA384 is skipped */ /* SHA-384 initialization. Begins a SHA-384 operation. */ void SHA384_Init(SHA384_CTX * ctx) { /* Zero bits processed so far */ ctx->count[0] = ctx->count[1] = 0; /* Magic initialization constants */ ctx->state[0] = 0xcbbb9d5dc1059ed8ULL; ctx->state[1] = 0x629a292a367cd507ULL; ctx->state[2] = 0x9159015a3070dd17ULL; ctx->state[3] = 0x152fecd8f70e5939ULL; ctx->state[4] = 0x67332667ffc00b31ULL; ctx->state[5] = 0x8eb44a8768581511ULL; ctx->state[6] = 0xdb0c2e0d64f98fa7ULL; ctx->state[7] = 0x47b5481dbefa4fa4ULL; } /* Add bytes into the SHA-384 hash */ void SHA384_Update(SHA384_CTX * ctx, const void *in, size_t len) { SHA512_Update((SHA512_CTX *)ctx, in, len); } /* * SHA-384 finalization. Pads the input data, exports the hash value, * and clears the context state. */ void SHA384_Final(unsigned char digest[static SHA384_DIGEST_LENGTH], SHA384_CTX *ctx) { /* Add padding */ SHA512_Pad((SHA512_CTX *)ctx); /* Write the hash */ be64enc_vect(digest, ctx->state, SHA384_DIGEST_LENGTH); /* Clear the context state */ explicit_bzero(ctx, sizeof(*ctx)); } #ifdef WEAK_REFS /* When building libmd, provide weak references. Note: this is not activated in the context of compiling these sources for internal use in libcrypt. */ #undef SHA512_Init __weak_reference(_libmd_SHA512_Init, SHA512_Init); #undef SHA512_Update __weak_reference(_libmd_SHA512_Update, SHA512_Update); #undef SHA512_Final __weak_reference(_libmd_SHA512_Final, SHA512_Final); -#undef SHA512_Transform -__weak_reference(_libmd_SHA512_Transform, SHA512_Transform); #undef SHA512_224_Init __weak_reference(_libmd_SHA512_224_Init, SHA512_224_Init); #undef SHA512_224_Update __weak_reference(_libmd_SHA512_224_Update, SHA512_224_Update); #undef SHA512_224_Final __weak_reference(_libmd_SHA512_224_Final, SHA512_224_Final); #undef SHA512_256_Init __weak_reference(_libmd_SHA512_256_Init, SHA512_256_Init); #undef SHA512_256_Update __weak_reference(_libmd_SHA512_256_Update, SHA512_256_Update); #undef SHA512_256_Final __weak_reference(_libmd_SHA512_256_Final, SHA512_256_Final); #undef SHA384_Init __weak_reference(_libmd_SHA384_Init, SHA384_Init); #undef SHA384_Update __weak_reference(_libmd_SHA384_Update, SHA384_Update); #undef SHA384_Final __weak_reference(_libmd_SHA384_Final, SHA384_Final); #endif diff --git a/sys/crypto/sha2/sha512t.h b/sys/crypto/sha2/sha512t.h index 51df4e4dfb2e..2274fa2704b9 100644 --- a/sys/crypto/sha2/sha512t.h +++ b/sys/crypto/sha2/sha512t.h @@ -1,141 +1,135 @@ /*- * Copyright (c) 2015 Allan Jude * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #ifndef _SHA512T_H_ #define _SHA512T_H_ #include "sha512.h" #ifndef _KERNEL #include #endif #define SHA512_224_DIGEST_LENGTH 28 #define SHA512_224_DIGEST_STRING_LENGTH (SHA512_224_DIGEST_LENGTH * 2 + 1) #define SHA512_256_DIGEST_LENGTH 32 #define SHA512_256_DIGEST_STRING_LENGTH (SHA512_256_DIGEST_LENGTH * 2 + 1) __BEGIN_DECLS /* Ensure libmd symbols do not clash with libcrypto */ #ifndef SHA512_224_Init #define SHA512_224_Init _libmd_SHA512_224_Init #endif #ifndef SHA512_224_Update #define SHA512_224_Update _libmd_SHA512_224_Update #endif #ifndef SHA512_224_Final #define SHA512_224_Final _libmd_SHA512_224_Final #endif #ifndef SHA512_224_End #define SHA512_224_End _libmd_SHA512_224_End #endif #ifndef SHA512_224_Fd #define SHA512_224_Fd _libmd_SHA512_224_Fd #endif #ifndef SHA512_224_FdChunk #define SHA512_224_FdChunk _libmd_SHA512_224_FdChunk #endif #ifndef SHA512_224_File #define SHA512_224_File _libmd_SHA512_224_File #endif #ifndef SHA512_224_FileChunk #define SHA512_224_FileChunk _libmd_SHA512_224_FileChunk #endif #ifndef SHA512_224_Data #define SHA512_224_Data _libmd_SHA512_224_Data #endif -#ifndef SHA512_224_Transform -#define SHA512_224_Transform _libmd_SHA512_224_Transform -#endif #ifndef SHA512_224_version #define SHA512_224_version _libmd_SHA512_224_version #endif #ifndef SHA512_256_Init #define SHA512_256_Init _libmd_SHA512_256_Init #endif #ifndef SHA512_256_Update #define SHA512_256_Update _libmd_SHA512_256_Update #endif #ifndef SHA512_256_Final #define SHA512_256_Final _libmd_SHA512_256_Final #endif #ifndef SHA512_256_End #define SHA512_256_End _libmd_SHA512_256_End #endif #ifndef SHA512_256_Fd #define SHA512_256_Fd _libmd_SHA512_256_Fd #endif #ifndef SHA512_256_FdChunk #define SHA512_256_FdChunk _libmd_SHA512_256_FdChunk #endif #ifndef SHA512_256_File #define SHA512_256_File _libmd_SHA512_256_File #endif #ifndef SHA512_256_FileChunk #define SHA512_256_FileChunk _libmd_SHA512_256_FileChunk #endif #ifndef SHA512_256_Data #define SHA512_256_Data _libmd_SHA512_256_Data #endif -#ifndef SHA512_256_Transform -#define SHA512_256_Transform _libmd_SHA512_256_Transform -#endif #ifndef SHA512_256_version #define SHA512_256_version _libmd_SHA512_256_version #endif void SHA512_224_Init(SHA512_CTX *); void SHA512_224_Update(SHA512_CTX *, const void *, size_t); void SHA512_224_Final(unsigned char [__min_size(SHA512_224_DIGEST_LENGTH)], SHA512_CTX *); #ifndef _KERNEL char *SHA512_224_End(SHA512_CTX *, char *); char *SHA512_224_Data(const void *, unsigned int, char *); char *SHA512_224_Fd(int, char *); char *SHA512_224_FdChunk(int, char *, off_t, off_t); char *SHA512_224_File(const char *, char *); char *SHA512_224_FileChunk(const char *, char *, off_t, off_t); #endif void SHA512_256_Init(SHA512_CTX *); void SHA512_256_Update(SHA512_CTX *, const void *, size_t); void SHA512_256_Final(unsigned char [__min_size(SHA512_256_DIGEST_LENGTH)], SHA512_CTX *); #ifndef _KERNEL char *SHA512_256_End(SHA512_CTX *, char *); char *SHA512_256_Data(const void *, unsigned int, char *); char *SHA512_256_Fd(int, char *); char *SHA512_256_FdChunk(int, char *, off_t, off_t); char *SHA512_256_File(const char *, char *); char *SHA512_256_FileChunk(const char *, char *, off_t, off_t); #endif __END_DECLS #endif /* !_SHA512T_H_ */ diff --git a/sys/kern/md5c.c b/sys/kern/md5c.c index b1ceac656cdd..0922d0f8cc61 100644 --- a/sys/kern/md5c.c +++ b/sys/kern/md5c.c @@ -1,343 +1,341 @@ /*- * SPDX-License-Identifier: RSA-MD * * MD5C.C - RSA Data Security, Inc., MD5 message-digest algorithm * * Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All * rights reserved. * * License to copy and use this software is granted provided that it * is identified as the "RSA Data Security, Inc. MD5 Message-Digest * Algorithm" in all material mentioning or referencing this software * or this function. * * License is also granted to make and use derivative works provided * that such works are identified as "derived from the RSA Data * Security, Inc. MD5 Message-Digest Algorithm" in all material * mentioning or referencing the derived work. * * RSA Data Security, Inc. makes no representations concerning either * the merchantability of this software or the suitability of this * software for any particular purpose. It is provided "as is" * without express or implied warranty of any kind. * * These notices must be retained in any copies of any part of this * documentation and/or software. * * This code is the same as the code published by RSA Inc. It has been * edited for clarity and style only. */ #include #ifdef _KERNEL #include #else #include #endif #include #include #include static void MD5Transform(uint32_t [4], const unsigned char [64]); #if (BYTE_ORDER == LITTLE_ENDIAN) #define Encode memcpy #define Decode memcpy #else /* * Encodes input (uint32_t) into output (unsigned char). Assumes len is * a multiple of 4. */ static void Encode (unsigned char *output, uint32_t *input, unsigned int len) { unsigned int i; uint32_t ip; for (i = 0; i < len / 4; i++) { ip = input[i]; *output++ = ip; *output++ = ip >> 8; *output++ = ip >> 16; *output++ = ip >> 24; } } /* * Decodes input (unsigned char) into output (uint32_t). Assumes len is * a multiple of 4. */ static void Decode (uint32_t *output, const unsigned char *input, unsigned int len) { unsigned int i; for (i = 0; i < len; i += 4) { *output++ = input[i] | (input[i+1] << 8) | (input[i+2] << 16) | (input[i+3] << 24); } } #endif static unsigned char PADDING[64] = { 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; /* F, G, H and I are basic MD5 functions. */ #define F(x, y, z) (((x) & (y)) | ((~x) & (z))) #define G(x, y, z) (((x) & (z)) | ((y) & (~z))) #define H(x, y, z) ((x) ^ (y) ^ (z)) #define I(x, y, z) ((y) ^ ((x) | (~z))) /* ROTATE_LEFT rotates x left n bits. */ #define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n)))) /* * FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4. * Rotation is separate from addition to prevent recomputation. */ #define FF(a, b, c, d, x, s, ac) { \ (a) += F ((b), (c), (d)) + (x) + (uint32_t)(ac); \ (a) = ROTATE_LEFT ((a), (s)); \ (a) += (b); \ } #define GG(a, b, c, d, x, s, ac) { \ (a) += G ((b), (c), (d)) + (x) + (uint32_t)(ac); \ (a) = ROTATE_LEFT ((a), (s)); \ (a) += (b); \ } #define HH(a, b, c, d, x, s, ac) { \ (a) += H ((b), (c), (d)) + (x) + (uint32_t)(ac); \ (a) = ROTATE_LEFT ((a), (s)); \ (a) += (b); \ } #define II(a, b, c, d, x, s, ac) { \ (a) += I ((b), (c), (d)) + (x) + (uint32_t)(ac); \ (a) = ROTATE_LEFT ((a), (s)); \ (a) += (b); \ } /* MD5 initialization. Begins an MD5 operation, writing a new context. */ void MD5Init(MD5_CTX *context) { context->count[0] = context->count[1] = 0; /* Load magic initialization constants. */ context->state[0] = 0x67452301; context->state[1] = 0xefcdab89; context->state[2] = 0x98badcfe; context->state[3] = 0x10325476; } /* * MD5 block update operation. Continues an MD5 message-digest * operation, processing another message block, and updating the * context. */ void MD5Update(MD5_CTX *context, const void *in, unsigned int inputLen) { unsigned int i, index, partLen; const unsigned char *input = in; /* Compute number of bytes mod 64 */ index = (unsigned int)((context->count[0] >> 3) & 0x3F); /* Update number of bits */ if ((context->count[0] += ((uint32_t)inputLen << 3)) < ((uint32_t)inputLen << 3)) context->count[1]++; context->count[1] += ((uint32_t)inputLen >> 29); partLen = 64 - index; /* Transform as many times as possible. */ if (inputLen >= partLen) { memcpy((void *)&context->buffer[index], (const void *)input, partLen); MD5Transform (context->state, context->buffer); for (i = partLen; i + 63 < inputLen; i += 64) MD5Transform (context->state, &input[i]); index = 0; } else i = 0; /* Buffer remaining input */ memcpy ((void *)&context->buffer[index], (const void *)&input[i], inputLen-i); } /* * MD5 padding. Adds padding followed by original length. */ static void MD5Pad(MD5_CTX *context) { unsigned char bits[8]; unsigned int index, padLen; /* Save number of bits */ Encode (bits, context->count, 8); /* Pad out to 56 mod 64. */ index = (unsigned int)((context->count[0] >> 3) & 0x3f); padLen = (index < 56) ? (56 - index) : (120 - index); MD5Update (context, PADDING, padLen); /* Append length (before padding) */ MD5Update (context, bits, 8); } /* * MD5 finalization. Ends an MD5 message-digest operation, writing the * the message digest and zeroizing the context. */ void MD5Final(unsigned char digest[static MD5_DIGEST_LENGTH], MD5_CTX *context) { /* Do padding. */ MD5Pad (context); /* Store state in digest */ Encode (digest, context->state, MD5_DIGEST_LENGTH); /* Zeroize sensitive information. */ explicit_bzero (context, sizeof (*context)); } /* MD5 basic transformation. Transforms state based on block. */ static void MD5Transform(uint32_t state[4], const unsigned char block[64]) { uint32_t a = state[0], b = state[1], c = state[2], d = state[3], x[16]; Decode (x, block, 64); /* Round 1 */ #define S11 7 #define S12 12 #define S13 17 #define S14 22 FF (a, b, c, d, x[ 0], S11, 0xd76aa478); /* 1 */ FF (d, a, b, c, x[ 1], S12, 0xe8c7b756); /* 2 */ FF (c, d, a, b, x[ 2], S13, 0x242070db); /* 3 */ FF (b, c, d, a, x[ 3], S14, 0xc1bdceee); /* 4 */ FF (a, b, c, d, x[ 4], S11, 0xf57c0faf); /* 5 */ FF (d, a, b, c, x[ 5], S12, 0x4787c62a); /* 6 */ FF (c, d, a, b, x[ 6], S13, 0xa8304613); /* 7 */ FF (b, c, d, a, x[ 7], S14, 0xfd469501); /* 8 */ FF (a, b, c, d, x[ 8], S11, 0x698098d8); /* 9 */ FF (d, a, b, c, x[ 9], S12, 0x8b44f7af); /* 10 */ FF (c, d, a, b, x[10], S13, 0xffff5bb1); /* 11 */ FF (b, c, d, a, x[11], S14, 0x895cd7be); /* 12 */ FF (a, b, c, d, x[12], S11, 0x6b901122); /* 13 */ FF (d, a, b, c, x[13], S12, 0xfd987193); /* 14 */ FF (c, d, a, b, x[14], S13, 0xa679438e); /* 15 */ FF (b, c, d, a, x[15], S14, 0x49b40821); /* 16 */ /* Round 2 */ #define S21 5 #define S22 9 #define S23 14 #define S24 20 GG (a, b, c, d, x[ 1], S21, 0xf61e2562); /* 17 */ GG (d, a, b, c, x[ 6], S22, 0xc040b340); /* 18 */ GG (c, d, a, b, x[11], S23, 0x265e5a51); /* 19 */ GG (b, c, d, a, x[ 0], S24, 0xe9b6c7aa); /* 20 */ GG (a, b, c, d, x[ 5], S21, 0xd62f105d); /* 21 */ GG (d, a, b, c, x[10], S22, 0x2441453); /* 22 */ GG (c, d, a, b, x[15], S23, 0xd8a1e681); /* 23 */ GG (b, c, d, a, x[ 4], S24, 0xe7d3fbc8); /* 24 */ GG (a, b, c, d, x[ 9], S21, 0x21e1cde6); /* 25 */ GG (d, a, b, c, x[14], S22, 0xc33707d6); /* 26 */ GG (c, d, a, b, x[ 3], S23, 0xf4d50d87); /* 27 */ GG (b, c, d, a, x[ 8], S24, 0x455a14ed); /* 28 */ GG (a, b, c, d, x[13], S21, 0xa9e3e905); /* 29 */ GG (d, a, b, c, x[ 2], S22, 0xfcefa3f8); /* 30 */ GG (c, d, a, b, x[ 7], S23, 0x676f02d9); /* 31 */ GG (b, c, d, a, x[12], S24, 0x8d2a4c8a); /* 32 */ /* Round 3 */ #define S31 4 #define S32 11 #define S33 16 #define S34 23 HH (a, b, c, d, x[ 5], S31, 0xfffa3942); /* 33 */ HH (d, a, b, c, x[ 8], S32, 0x8771f681); /* 34 */ HH (c, d, a, b, x[11], S33, 0x6d9d6122); /* 35 */ HH (b, c, d, a, x[14], S34, 0xfde5380c); /* 36 */ HH (a, b, c, d, x[ 1], S31, 0xa4beea44); /* 37 */ HH (d, a, b, c, x[ 4], S32, 0x4bdecfa9); /* 38 */ HH (c, d, a, b, x[ 7], S33, 0xf6bb4b60); /* 39 */ HH (b, c, d, a, x[10], S34, 0xbebfbc70); /* 40 */ HH (a, b, c, d, x[13], S31, 0x289b7ec6); /* 41 */ HH (d, a, b, c, x[ 0], S32, 0xeaa127fa); /* 42 */ HH (c, d, a, b, x[ 3], S33, 0xd4ef3085); /* 43 */ HH (b, c, d, a, x[ 6], S34, 0x4881d05); /* 44 */ HH (a, b, c, d, x[ 9], S31, 0xd9d4d039); /* 45 */ HH (d, a, b, c, x[12], S32, 0xe6db99e5); /* 46 */ HH (c, d, a, b, x[15], S33, 0x1fa27cf8); /* 47 */ HH (b, c, d, a, x[ 2], S34, 0xc4ac5665); /* 48 */ /* Round 4 */ #define S41 6 #define S42 10 #define S43 15 #define S44 21 II (a, b, c, d, x[ 0], S41, 0xf4292244); /* 49 */ II (d, a, b, c, x[ 7], S42, 0x432aff97); /* 50 */ II (c, d, a, b, x[14], S43, 0xab9423a7); /* 51 */ II (b, c, d, a, x[ 5], S44, 0xfc93a039); /* 52 */ II (a, b, c, d, x[12], S41, 0x655b59c3); /* 53 */ II (d, a, b, c, x[ 3], S42, 0x8f0ccc92); /* 54 */ II (c, d, a, b, x[10], S43, 0xffeff47d); /* 55 */ II (b, c, d, a, x[ 1], S44, 0x85845dd1); /* 56 */ II (a, b, c, d, x[ 8], S41, 0x6fa87e4f); /* 57 */ II (d, a, b, c, x[15], S42, 0xfe2ce6e0); /* 58 */ II (c, d, a, b, x[ 6], S43, 0xa3014314); /* 59 */ II (b, c, d, a, x[13], S44, 0x4e0811a1); /* 60 */ II (a, b, c, d, x[ 4], S41, 0xf7537e82); /* 61 */ II (d, a, b, c, x[11], S42, 0xbd3af235); /* 62 */ II (c, d, a, b, x[ 2], S43, 0x2ad7d2bb); /* 63 */ II (b, c, d, a, x[ 9], S44, 0xeb86d391); /* 64 */ state[0] += a; state[1] += b; state[2] += c; state[3] += d; /* Zeroize sensitive information. */ memset ((void *)x, 0, sizeof (x)); } #ifdef WEAK_REFS /* When building libmd, provide weak references. Note: this is not activated in the context of compiling these sources for internal use in libcrypt. */ #undef MD5Init __weak_reference(_libmd_MD5Init, MD5Init); #undef MD5Update __weak_reference(_libmd_MD5Update, MD5Update); #undef MD5Final __weak_reference(_libmd_MD5Final, MD5Final); -#undef MD5Transform -__weak_reference(_libmd_MD5Transform, MD5Transform); #endif