diff options
-rw-r--r-- | openbsd-compat/sha2.c | 321 | ||||
-rw-r--r-- | openbsd-compat/sha2.h | 134 |
2 files changed, 274 insertions, 181 deletions
diff --git a/openbsd-compat/sha2.c b/openbsd-compat/sha2.c index b55ea30ac..f16cf9cd0 100644 --- a/openbsd-compat/sha2.c +++ b/openbsd-compat/sha2.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sha2.c,v 1.11 2005/08/08 08:05:35 espie Exp */ | 1 | /* $OpenBSD: sha2.c,v 1.27 2019/06/07 22:56:36 dtucker Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * FILE: sha2.c | 4 | * FILE: sha2.c |
@@ -34,22 +34,10 @@ | |||
34 | * $From: sha2.c,v 1.1 2001/11/08 00:01:51 adg Exp adg $ | 34 | * $From: sha2.c,v 1.1 2001/11/08 00:01:51 adg Exp adg $ |
35 | */ | 35 | */ |
36 | 36 | ||
37 | /* OPENBSD ORIGINAL: lib/libc/hash/sha2.c */ | 37 | #include <sys/types.h> |
38 | |||
39 | #include "includes.h" | ||
40 | |||
41 | #ifdef WITH_OPENSSL | ||
42 | # include <openssl/opensslv.h> | ||
43 | # if !defined(HAVE_EVP_SHA256) && (OPENSSL_VERSION_NUMBER >= 0x00907000L) | ||
44 | # define _NEED_SHA2 1 | ||
45 | # endif | ||
46 | #else | ||
47 | # define _NEED_SHA2 1 | ||
48 | #endif | ||
49 | |||
50 | #if defined(_NEED_SHA2) && !defined(HAVE_SHA256_UPDATE) | ||
51 | 38 | ||
52 | #include <string.h> | 39 | #include <string.h> |
40 | #include <sha2.h> | ||
53 | 41 | ||
54 | /* | 42 | /* |
55 | * UNROLLED TRANSFORM LOOP NOTE: | 43 | * UNROLLED TRANSFORM LOOP NOTE: |
@@ -64,15 +52,20 @@ | |||
64 | * #define SHA2_UNROLL_TRANSFORM | 52 | * #define SHA2_UNROLL_TRANSFORM |
65 | * | 53 | * |
66 | */ | 54 | */ |
55 | #ifndef SHA2_SMALL | ||
56 | #if defined(__amd64__) || defined(__i386__) | ||
57 | #define SHA2_UNROLL_TRANSFORM | ||
58 | #endif | ||
59 | #endif | ||
67 | 60 | ||
68 | /*** SHA-256/384/512 Machine Architecture Definitions *****************/ | 61 | /*** SHA-224/256/384/512 Machine Architecture Definitions *****************/ |
69 | /* | 62 | /* |
70 | * BYTE_ORDER NOTE: | 63 | * BYTE_ORDER NOTE: |
71 | * | 64 | * |
72 | * Please make sure that your system defines BYTE_ORDER. If your | 65 | * Please make sure that your system defines BYTE_ORDER. If your |
73 | * architecture is little-endian, make sure it also defines | 66 | * architecture is little-endian, make sure it also defines |
74 | * LITTLE_ENDIAN and that the two (BYTE_ORDER and LITTLE_ENDIAN) are | 67 | * LITTLE_ENDIAN and that the two (BYTE_ORDER and LITTLE_ENDIAN) are |
75 | * equivalent. | 68 | * equivilent. |
76 | * | 69 | * |
77 | * If your system does not define the above, then you can do so by | 70 | * If your system does not define the above, then you can do so by |
78 | * hand like this: | 71 | * hand like this: |
@@ -98,8 +91,9 @@ | |||
98 | #endif | 91 | #endif |
99 | 92 | ||
100 | 93 | ||
101 | /*** SHA-256/384/512 Various Length Definitions ***********************/ | 94 | /*** SHA-224/256/384/512 Various Length Definitions ***********************/ |
102 | /* NOTE: Most of these are in sha2.h */ | 95 | /* NOTE: Most of these are in sha2.h */ |
96 | #define SHA224_SHORT_BLOCK_LENGTH (SHA224_BLOCK_LENGTH - 8) | ||
103 | #define SHA256_SHORT_BLOCK_LENGTH (SHA256_BLOCK_LENGTH - 8) | 97 | #define SHA256_SHORT_BLOCK_LENGTH (SHA256_BLOCK_LENGTH - 8) |
104 | #define SHA384_SHORT_BLOCK_LENGTH (SHA384_BLOCK_LENGTH - 16) | 98 | #define SHA384_SHORT_BLOCK_LENGTH (SHA384_BLOCK_LENGTH - 16) |
105 | #define SHA512_SHORT_BLOCK_LENGTH (SHA512_BLOCK_LENGTH - 16) | 99 | #define SHA512_SHORT_BLOCK_LENGTH (SHA512_BLOCK_LENGTH - 16) |
@@ -152,22 +146,22 @@ | |||
152 | * Bit shifting and rotation (used by the six SHA-XYZ logical functions: | 146 | * Bit shifting and rotation (used by the six SHA-XYZ logical functions: |
153 | * | 147 | * |
154 | * NOTE: The naming of R and S appears backwards here (R is a SHIFT and | 148 | * NOTE: The naming of R and S appears backwards here (R is a SHIFT and |
155 | * S is a ROTATION) because the SHA-256/384/512 description document | 149 | * S is a ROTATION) because the SHA-224/256/384/512 description document |
156 | * (see http://csrc.nist.gov/cryptval/shs/sha256-384-512.pdf) uses this | 150 | * (see http://csrc.nist.gov/cryptval/shs/sha256-384-512.pdf) uses this |
157 | * same "backwards" definition. | 151 | * same "backwards" definition. |
158 | */ | 152 | */ |
159 | /* Shift-right (used in SHA-256, SHA-384, and SHA-512): */ | 153 | /* Shift-right (used in SHA-224, SHA-256, SHA-384, and SHA-512): */ |
160 | #define R(b,x) ((x) >> (b)) | 154 | #define R(b,x) ((x) >> (b)) |
161 | /* 32-bit Rotate-right (used in SHA-256): */ | 155 | /* 32-bit Rotate-right (used in SHA-224 and SHA-256): */ |
162 | #define S32(b,x) (((x) >> (b)) | ((x) << (32 - (b)))) | 156 | #define S32(b,x) (((x) >> (b)) | ((x) << (32 - (b)))) |
163 | /* 64-bit Rotate-right (used in SHA-384 and SHA-512): */ | 157 | /* 64-bit Rotate-right (used in SHA-384 and SHA-512): */ |
164 | #define S64(b,x) (((x) >> (b)) | ((x) << (64 - (b)))) | 158 | #define S64(b,x) (((x) >> (b)) | ((x) << (64 - (b)))) |
165 | 159 | ||
166 | /* Two of six logical functions used in SHA-256, SHA-384, and SHA-512: */ | 160 | /* Two of six logical functions used in SHA-224, SHA-256, SHA-384, and SHA-512: */ |
167 | #define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) | 161 | #define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) |
168 | #define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) | 162 | #define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) |
169 | 163 | ||
170 | /* Four of six logical functions used in SHA-256: */ | 164 | /* Four of six logical functions used in SHA-224 and SHA-256: */ |
171 | #define Sigma0_256(x) (S32(2, (x)) ^ S32(13, (x)) ^ S32(22, (x))) | 165 | #define Sigma0_256(x) (S32(2, (x)) ^ S32(13, (x)) ^ S32(22, (x))) |
172 | #define Sigma1_256(x) (S32(6, (x)) ^ S32(11, (x)) ^ S32(25, (x))) | 166 | #define Sigma1_256(x) (S32(6, (x)) ^ S32(11, (x)) ^ S32(25, (x))) |
173 | #define sigma0_256(x) (S32(7, (x)) ^ S32(18, (x)) ^ R(3 , (x))) | 167 | #define sigma0_256(x) (S32(7, (x)) ^ S32(18, (x)) ^ R(3 , (x))) |
@@ -181,8 +175,8 @@ | |||
181 | 175 | ||
182 | 176 | ||
183 | /*** SHA-XYZ INITIAL HASH VALUES AND CONSTANTS ************************/ | 177 | /*** SHA-XYZ INITIAL HASH VALUES AND CONSTANTS ************************/ |
184 | /* Hash constant words K for SHA-256: */ | 178 | /* Hash constant words K for SHA-224 and SHA-256: */ |
185 | const static u_int32_t K256[64] = { | 179 | static const u_int32_t K256[64] = { |
186 | 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL, | 180 | 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL, |
187 | 0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL, | 181 | 0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL, |
188 | 0xd807aa98UL, 0x12835b01UL, 0x243185beUL, 0x550c7dc3UL, | 182 | 0xd807aa98UL, 0x12835b01UL, 0x243185beUL, 0x550c7dc3UL, |
@@ -202,7 +196,7 @@ const static u_int32_t K256[64] = { | |||
202 | }; | 196 | }; |
203 | 197 | ||
204 | /* Initial hash value H for SHA-256: */ | 198 | /* Initial hash value H for SHA-256: */ |
205 | const static u_int32_t sha256_initial_hash_value[8] = { | 199 | static const u_int32_t sha256_initial_hash_value[8] = { |
206 | 0x6a09e667UL, | 200 | 0x6a09e667UL, |
207 | 0xbb67ae85UL, | 201 | 0xbb67ae85UL, |
208 | 0x3c6ef372UL, | 202 | 0x3c6ef372UL, |
@@ -214,7 +208,7 @@ const static u_int32_t sha256_initial_hash_value[8] = { | |||
214 | }; | 208 | }; |
215 | 209 | ||
216 | /* Hash constant words K for SHA-384 and SHA-512: */ | 210 | /* Hash constant words K for SHA-384 and SHA-512: */ |
217 | const static u_int64_t K512[80] = { | 211 | static const u_int64_t K512[80] = { |
218 | 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL, | 212 | 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL, |
219 | 0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL, | 213 | 0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL, |
220 | 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL, | 214 | 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL, |
@@ -257,8 +251,33 @@ const static u_int64_t K512[80] = { | |||
257 | 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL | 251 | 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL |
258 | }; | 252 | }; |
259 | 253 | ||
254 | /* Initial hash value H for SHA-512 */ | ||
255 | static const u_int64_t sha512_initial_hash_value[8] = { | ||
256 | 0x6a09e667f3bcc908ULL, | ||
257 | 0xbb67ae8584caa73bULL, | ||
258 | 0x3c6ef372fe94f82bULL, | ||
259 | 0xa54ff53a5f1d36f1ULL, | ||
260 | 0x510e527fade682d1ULL, | ||
261 | 0x9b05688c2b3e6c1fULL, | ||
262 | 0x1f83d9abfb41bd6bULL, | ||
263 | 0x5be0cd19137e2179ULL | ||
264 | }; | ||
265 | |||
266 | #if !defined(SHA2_SMALL) | ||
267 | /* Initial hash value H for SHA-224: */ | ||
268 | static const u_int32_t sha224_initial_hash_value[8] = { | ||
269 | 0xc1059ed8UL, | ||
270 | 0x367cd507UL, | ||
271 | 0x3070dd17UL, | ||
272 | 0xf70e5939UL, | ||
273 | 0xffc00b31UL, | ||
274 | 0x68581511UL, | ||
275 | 0x64f98fa7UL, | ||
276 | 0xbefa4fa4UL | ||
277 | }; | ||
278 | |||
260 | /* Initial hash value H for SHA-384 */ | 279 | /* Initial hash value H for SHA-384 */ |
261 | const static u_int64_t sha384_initial_hash_value[8] = { | 280 | static const u_int64_t sha384_initial_hash_value[8] = { |
262 | 0xcbbb9d5dc1059ed8ULL, | 281 | 0xcbbb9d5dc1059ed8ULL, |
263 | 0x629a292a367cd507ULL, | 282 | 0x629a292a367cd507ULL, |
264 | 0x9159015a3070dd17ULL, | 283 | 0x9159015a3070dd17ULL, |
@@ -269,30 +288,65 @@ const static u_int64_t sha384_initial_hash_value[8] = { | |||
269 | 0x47b5481dbefa4fa4ULL | 288 | 0x47b5481dbefa4fa4ULL |
270 | }; | 289 | }; |
271 | 290 | ||
272 | /* Initial hash value H for SHA-512 */ | 291 | /* Initial hash value H for SHA-512-256 */ |
273 | const static u_int64_t sha512_initial_hash_value[8] = { | 292 | static const u_int64_t sha512_256_initial_hash_value[8] = { |
274 | 0x6a09e667f3bcc908ULL, | 293 | 0x22312194fc2bf72cULL, |
275 | 0xbb67ae8584caa73bULL, | 294 | 0x9f555fa3c84c64c2ULL, |
276 | 0x3c6ef372fe94f82bULL, | 295 | 0x2393b86b6f53b151ULL, |
277 | 0xa54ff53a5f1d36f1ULL, | 296 | 0x963877195940eabdULL, |
278 | 0x510e527fade682d1ULL, | 297 | 0x96283ee2a88effe3ULL, |
279 | 0x9b05688c2b3e6c1fULL, | 298 | 0xbe5e1e2553863992ULL, |
280 | 0x1f83d9abfb41bd6bULL, | 299 | 0x2b0199fc2c85b8aaULL, |
281 | 0x5be0cd19137e2179ULL | 300 | 0x0eb72ddc81c52ca2ULL |
282 | }; | 301 | }; |
283 | 302 | ||
303 | /*** SHA-224: *********************************************************/ | ||
304 | void | ||
305 | SHA224Init(SHA2_CTX *context) | ||
306 | { | ||
307 | memcpy(context->state.st32, sha224_initial_hash_value, | ||
308 | sizeof(sha224_initial_hash_value)); | ||
309 | memset(context->buffer, 0, sizeof(context->buffer)); | ||
310 | context->bitcount[0] = 0; | ||
311 | } | ||
312 | DEF_WEAK(SHA224Init); | ||
313 | |||
314 | MAKE_CLONE(SHA224Transform, SHA256Transform); | ||
315 | MAKE_CLONE(SHA224Update, SHA256Update); | ||
316 | MAKE_CLONE(SHA224Pad, SHA256Pad); | ||
317 | DEF_WEAK(SHA224Transform); | ||
318 | DEF_WEAK(SHA224Update); | ||
319 | DEF_WEAK(SHA224Pad); | ||
320 | |||
321 | void | ||
322 | SHA224Final(u_int8_t digest[SHA224_DIGEST_LENGTH], SHA2_CTX *context) | ||
323 | { | ||
324 | SHA224Pad(context); | ||
325 | |||
326 | #if BYTE_ORDER == LITTLE_ENDIAN | ||
327 | int i; | ||
328 | |||
329 | /* Convert TO host byte order */ | ||
330 | for (i = 0; i < 7; i++) | ||
331 | BE_32_TO_8(digest + i * 4, context->state.st32[i]); | ||
332 | #else | ||
333 | memcpy(digest, context->state.st32, SHA224_DIGEST_LENGTH); | ||
334 | #endif | ||
335 | explicit_bzero(context, sizeof(*context)); | ||
336 | } | ||
337 | DEF_WEAK(SHA224Final); | ||
338 | #endif /* !defined(SHA2_SMALL) */ | ||
284 | 339 | ||
285 | /*** SHA-256: *********************************************************/ | 340 | /*** SHA-256: *********************************************************/ |
286 | void | 341 | void |
287 | SHA256_Init(SHA256_CTX *context) | 342 | SHA256Init(SHA2_CTX *context) |
288 | { | 343 | { |
289 | if (context == NULL) | 344 | memcpy(context->state.st32, sha256_initial_hash_value, |
290 | return; | ||
291 | memcpy(context->state, sha256_initial_hash_value, | ||
292 | sizeof(sha256_initial_hash_value)); | 345 | sizeof(sha256_initial_hash_value)); |
293 | memset(context->buffer, 0, sizeof(context->buffer)); | 346 | memset(context->buffer, 0, sizeof(context->buffer)); |
294 | context->bitcount = 0; | 347 | context->bitcount[0] = 0; |
295 | } | 348 | } |
349 | DEF_WEAK(SHA256Init); | ||
296 | 350 | ||
297 | #ifdef SHA2_UNROLL_TRANSFORM | 351 | #ifdef SHA2_UNROLL_TRANSFORM |
298 | 352 | ||
@@ -320,7 +374,7 @@ SHA256_Init(SHA256_CTX *context) | |||
320 | } while(0) | 374 | } while(0) |
321 | 375 | ||
322 | void | 376 | void |
323 | SHA256_Transform(u_int32_t state[8], const u_int8_t data[SHA256_BLOCK_LENGTH]) | 377 | SHA256Transform(u_int32_t state[8], const u_int8_t data[SHA256_BLOCK_LENGTH]) |
324 | { | 378 | { |
325 | u_int32_t a, b, c, d, e, f, g, h, s0, s1; | 379 | u_int32_t a, b, c, d, e, f, g, h, s0, s1; |
326 | u_int32_t T1, W256[16]; | 380 | u_int32_t T1, W256[16]; |
@@ -378,7 +432,7 @@ SHA256_Transform(u_int32_t state[8], const u_int8_t data[SHA256_BLOCK_LENGTH]) | |||
378 | #else /* SHA2_UNROLL_TRANSFORM */ | 432 | #else /* SHA2_UNROLL_TRANSFORM */ |
379 | 433 | ||
380 | void | 434 | void |
381 | SHA256_Transform(u_int32_t state[8], const u_int8_t data[SHA256_BLOCK_LENGTH]) | 435 | SHA256Transform(u_int32_t state[8], const u_int8_t data[SHA256_BLOCK_LENGTH]) |
382 | { | 436 | { |
383 | u_int32_t a, b, c, d, e, f, g, h, s0, s1; | 437 | u_int32_t a, b, c, d, e, f, g, h, s0, s1; |
384 | u_int32_t T1, T2, W256[16]; | 438 | u_int32_t T1, T2, W256[16]; |
@@ -451,17 +505,18 @@ SHA256_Transform(u_int32_t state[8], const u_int8_t data[SHA256_BLOCK_LENGTH]) | |||
451 | } | 505 | } |
452 | 506 | ||
453 | #endif /* SHA2_UNROLL_TRANSFORM */ | 507 | #endif /* SHA2_UNROLL_TRANSFORM */ |
508 | DEF_WEAK(SHA256Transform); | ||
454 | 509 | ||
455 | void | 510 | void |
456 | SHA256_Update(SHA256_CTX *context, const u_int8_t *data, size_t len) | 511 | SHA256Update(SHA2_CTX *context, const u_int8_t *data, size_t len) |
457 | { | 512 | { |
458 | size_t freespace, usedspace; | 513 | u_int64_t freespace, usedspace; |
459 | 514 | ||
460 | /* Calling with no data is valid (we do nothing) */ | 515 | /* Calling with no data is valid (we do nothing) */ |
461 | if (len == 0) | 516 | if (len == 0) |
462 | return; | 517 | return; |
463 | 518 | ||
464 | usedspace = (context->bitcount >> 3) % SHA256_BLOCK_LENGTH; | 519 | usedspace = (context->bitcount[0] >> 3) % SHA256_BLOCK_LENGTH; |
465 | if (usedspace > 0) { | 520 | if (usedspace > 0) { |
466 | /* Calculate how much free space is available in the buffer */ | 521 | /* Calculate how much free space is available in the buffer */ |
467 | freespace = SHA256_BLOCK_LENGTH - usedspace; | 522 | freespace = SHA256_BLOCK_LENGTH - usedspace; |
@@ -469,14 +524,14 @@ SHA256_Update(SHA256_CTX *context, const u_int8_t *data, size_t len) | |||
469 | if (len >= freespace) { | 524 | if (len >= freespace) { |
470 | /* Fill the buffer completely and process it */ | 525 | /* Fill the buffer completely and process it */ |
471 | memcpy(&context->buffer[usedspace], data, freespace); | 526 | memcpy(&context->buffer[usedspace], data, freespace); |
472 | context->bitcount += freespace << 3; | 527 | context->bitcount[0] += freespace << 3; |
473 | len -= freespace; | 528 | len -= freespace; |
474 | data += freespace; | 529 | data += freespace; |
475 | SHA256_Transform(context->state, context->buffer); | 530 | SHA256Transform(context->state.st32, context->buffer); |
476 | } else { | 531 | } else { |
477 | /* The buffer is not yet full */ | 532 | /* The buffer is not yet full */ |
478 | memcpy(&context->buffer[usedspace], data, len); | 533 | memcpy(&context->buffer[usedspace], data, len); |
479 | context->bitcount += len << 3; | 534 | context->bitcount[0] += (u_int64_t)len << 3; |
480 | /* Clean up: */ | 535 | /* Clean up: */ |
481 | usedspace = freespace = 0; | 536 | usedspace = freespace = 0; |
482 | return; | 537 | return; |
@@ -484,26 +539,27 @@ SHA256_Update(SHA256_CTX *context, const u_int8_t *data, size_t len) | |||
484 | } | 539 | } |
485 | while (len >= SHA256_BLOCK_LENGTH) { | 540 | while (len >= SHA256_BLOCK_LENGTH) { |
486 | /* Process as many complete blocks as we can */ | 541 | /* Process as many complete blocks as we can */ |
487 | SHA256_Transform(context->state, data); | 542 | SHA256Transform(context->state.st32, data); |
488 | context->bitcount += SHA256_BLOCK_LENGTH << 3; | 543 | context->bitcount[0] += SHA256_BLOCK_LENGTH << 3; |
489 | len -= SHA256_BLOCK_LENGTH; | 544 | len -= SHA256_BLOCK_LENGTH; |
490 | data += SHA256_BLOCK_LENGTH; | 545 | data += SHA256_BLOCK_LENGTH; |
491 | } | 546 | } |
492 | if (len > 0) { | 547 | if (len > 0) { |
493 | /* There's left-overs, so save 'em */ | 548 | /* There's left-overs, so save 'em */ |
494 | memcpy(context->buffer, data, len); | 549 | memcpy(context->buffer, data, len); |
495 | context->bitcount += len << 3; | 550 | context->bitcount[0] += len << 3; |
496 | } | 551 | } |
497 | /* Clean up: */ | 552 | /* Clean up: */ |
498 | usedspace = freespace = 0; | 553 | usedspace = freespace = 0; |
499 | } | 554 | } |
555 | DEF_WEAK(SHA256Update); | ||
500 | 556 | ||
501 | void | 557 | void |
502 | SHA256_Pad(SHA256_CTX *context) | 558 | SHA256Pad(SHA2_CTX *context) |
503 | { | 559 | { |
504 | unsigned int usedspace; | 560 | unsigned int usedspace; |
505 | 561 | ||
506 | usedspace = (context->bitcount >> 3) % SHA256_BLOCK_LENGTH; | 562 | usedspace = (context->bitcount[0] >> 3) % SHA256_BLOCK_LENGTH; |
507 | if (usedspace > 0) { | 563 | if (usedspace > 0) { |
508 | /* Begin padding with a 1 bit: */ | 564 | /* Begin padding with a 1 bit: */ |
509 | context->buffer[usedspace++] = 0x80; | 565 | context->buffer[usedspace++] = 0x80; |
@@ -518,7 +574,7 @@ SHA256_Pad(SHA256_CTX *context) | |||
518 | SHA256_BLOCK_LENGTH - usedspace); | 574 | SHA256_BLOCK_LENGTH - usedspace); |
519 | } | 575 | } |
520 | /* Do second-to-last transform: */ | 576 | /* Do second-to-last transform: */ |
521 | SHA256_Transform(context->state, context->buffer); | 577 | SHA256Transform(context->state.st32, context->buffer); |
522 | 578 | ||
523 | /* Prepare for last transform: */ | 579 | /* Prepare for last transform: */ |
524 | memset(context->buffer, 0, SHA256_SHORT_BLOCK_LENGTH); | 580 | memset(context->buffer, 0, SHA256_SHORT_BLOCK_LENGTH); |
@@ -532,47 +588,45 @@ SHA256_Pad(SHA256_CTX *context) | |||
532 | } | 588 | } |
533 | /* Store the length of input data (in bits) in big endian format: */ | 589 | /* Store the length of input data (in bits) in big endian format: */ |
534 | BE_64_TO_8(&context->buffer[SHA256_SHORT_BLOCK_LENGTH], | 590 | BE_64_TO_8(&context->buffer[SHA256_SHORT_BLOCK_LENGTH], |
535 | context->bitcount); | 591 | context->bitcount[0]); |
536 | 592 | ||
537 | /* Final transform: */ | 593 | /* Final transform: */ |
538 | SHA256_Transform(context->state, context->buffer); | 594 | SHA256Transform(context->state.st32, context->buffer); |
539 | 595 | ||
540 | /* Clean up: */ | 596 | /* Clean up: */ |
541 | usedspace = 0; | 597 | usedspace = 0; |
542 | } | 598 | } |
599 | DEF_WEAK(SHA256Pad); | ||
543 | 600 | ||
544 | void | 601 | void |
545 | SHA256_Final(u_int8_t digest[SHA256_DIGEST_LENGTH], SHA256_CTX *context) | 602 | SHA256Final(u_int8_t digest[SHA256_DIGEST_LENGTH], SHA2_CTX *context) |
546 | { | 603 | { |
547 | SHA256_Pad(context); | 604 | SHA256Pad(context); |
548 | 605 | ||
549 | /* If no digest buffer is passed, we don't bother doing this: */ | ||
550 | if (digest != NULL) { | ||
551 | #if BYTE_ORDER == LITTLE_ENDIAN | 606 | #if BYTE_ORDER == LITTLE_ENDIAN |
552 | int i; | 607 | int i; |
553 | 608 | ||
554 | /* Convert TO host byte order */ | 609 | /* Convert TO host byte order */ |
555 | for (i = 0; i < 8; i++) | 610 | for (i = 0; i < 8; i++) |
556 | BE_32_TO_8(digest + i * 4, context->state[i]); | 611 | BE_32_TO_8(digest + i * 4, context->state.st32[i]); |
557 | #else | 612 | #else |
558 | memcpy(digest, context->state, SHA256_DIGEST_LENGTH); | 613 | memcpy(digest, context->state.st32, SHA256_DIGEST_LENGTH); |
559 | #endif | 614 | #endif |
560 | memset(context, 0, sizeof(*context)); | 615 | explicit_bzero(context, sizeof(*context)); |
561 | } | ||
562 | } | 616 | } |
617 | DEF_WEAK(SHA256Final); | ||
563 | 618 | ||
564 | 619 | ||
565 | /*** SHA-512: *********************************************************/ | 620 | /*** SHA-512: *********************************************************/ |
566 | void | 621 | void |
567 | SHA512_Init(SHA512_CTX *context) | 622 | SHA512Init(SHA2_CTX *context) |
568 | { | 623 | { |
569 | if (context == NULL) | 624 | memcpy(context->state.st64, sha512_initial_hash_value, |
570 | return; | ||
571 | memcpy(context->state, sha512_initial_hash_value, | ||
572 | sizeof(sha512_initial_hash_value)); | 625 | sizeof(sha512_initial_hash_value)); |
573 | memset(context->buffer, 0, sizeof(context->buffer)); | 626 | memset(context->buffer, 0, sizeof(context->buffer)); |
574 | context->bitcount[0] = context->bitcount[1] = 0; | 627 | context->bitcount[0] = context->bitcount[1] = 0; |
575 | } | 628 | } |
629 | DEF_WEAK(SHA512Init); | ||
576 | 630 | ||
577 | #ifdef SHA2_UNROLL_TRANSFORM | 631 | #ifdef SHA2_UNROLL_TRANSFORM |
578 | 632 | ||
@@ -601,7 +655,7 @@ SHA512_Init(SHA512_CTX *context) | |||
601 | } while(0) | 655 | } while(0) |
602 | 656 | ||
603 | void | 657 | void |
604 | SHA512_Transform(u_int64_t state[8], const u_int8_t data[SHA512_BLOCK_LENGTH]) | 658 | SHA512Transform(u_int64_t state[8], const u_int8_t data[SHA512_BLOCK_LENGTH]) |
605 | { | 659 | { |
606 | u_int64_t a, b, c, d, e, f, g, h, s0, s1; | 660 | u_int64_t a, b, c, d, e, f, g, h, s0, s1; |
607 | u_int64_t T1, W512[16]; | 661 | u_int64_t T1, W512[16]; |
@@ -659,7 +713,7 @@ SHA512_Transform(u_int64_t state[8], const u_int8_t data[SHA512_BLOCK_LENGTH]) | |||
659 | #else /* SHA2_UNROLL_TRANSFORM */ | 713 | #else /* SHA2_UNROLL_TRANSFORM */ |
660 | 714 | ||
661 | void | 715 | void |
662 | SHA512_Transform(u_int64_t state[8], const u_int8_t data[SHA512_BLOCK_LENGTH]) | 716 | SHA512Transform(u_int64_t state[8], const u_int8_t data[SHA512_BLOCK_LENGTH]) |
663 | { | 717 | { |
664 | u_int64_t a, b, c, d, e, f, g, h, s0, s1; | 718 | u_int64_t a, b, c, d, e, f, g, h, s0, s1; |
665 | u_int64_t T1, T2, W512[16]; | 719 | u_int64_t T1, T2, W512[16]; |
@@ -732,9 +786,10 @@ SHA512_Transform(u_int64_t state[8], const u_int8_t data[SHA512_BLOCK_LENGTH]) | |||
732 | } | 786 | } |
733 | 787 | ||
734 | #endif /* SHA2_UNROLL_TRANSFORM */ | 788 | #endif /* SHA2_UNROLL_TRANSFORM */ |
789 | DEF_WEAK(SHA512Transform); | ||
735 | 790 | ||
736 | void | 791 | void |
737 | SHA512_Update(SHA512_CTX *context, const u_int8_t *data, size_t len) | 792 | SHA512Update(SHA2_CTX *context, const u_int8_t *data, size_t len) |
738 | { | 793 | { |
739 | size_t freespace, usedspace; | 794 | size_t freespace, usedspace; |
740 | 795 | ||
@@ -753,7 +808,7 @@ SHA512_Update(SHA512_CTX *context, const u_int8_t *data, size_t len) | |||
753 | ADDINC128(context->bitcount, freespace << 3); | 808 | ADDINC128(context->bitcount, freespace << 3); |
754 | len -= freespace; | 809 | len -= freespace; |
755 | data += freespace; | 810 | data += freespace; |
756 | SHA512_Transform(context->state, context->buffer); | 811 | SHA512Transform(context->state.st64, context->buffer); |
757 | } else { | 812 | } else { |
758 | /* The buffer is not yet full */ | 813 | /* The buffer is not yet full */ |
759 | memcpy(&context->buffer[usedspace], data, len); | 814 | memcpy(&context->buffer[usedspace], data, len); |
@@ -765,7 +820,7 @@ SHA512_Update(SHA512_CTX *context, const u_int8_t *data, size_t len) | |||
765 | } | 820 | } |
766 | while (len >= SHA512_BLOCK_LENGTH) { | 821 | while (len >= SHA512_BLOCK_LENGTH) { |
767 | /* Process as many complete blocks as we can */ | 822 | /* Process as many complete blocks as we can */ |
768 | SHA512_Transform(context->state, data); | 823 | SHA512Transform(context->state.st64, data); |
769 | ADDINC128(context->bitcount, SHA512_BLOCK_LENGTH << 3); | 824 | ADDINC128(context->bitcount, SHA512_BLOCK_LENGTH << 3); |
770 | len -= SHA512_BLOCK_LENGTH; | 825 | len -= SHA512_BLOCK_LENGTH; |
771 | data += SHA512_BLOCK_LENGTH; | 826 | data += SHA512_BLOCK_LENGTH; |
@@ -778,9 +833,10 @@ SHA512_Update(SHA512_CTX *context, const u_int8_t *data, size_t len) | |||
778 | /* Clean up: */ | 833 | /* Clean up: */ |
779 | usedspace = freespace = 0; | 834 | usedspace = freespace = 0; |
780 | } | 835 | } |
836 | DEF_WEAK(SHA512Update); | ||
781 | 837 | ||
782 | void | 838 | void |
783 | SHA512_Pad(SHA512_CTX *context) | 839 | SHA512Pad(SHA2_CTX *context) |
784 | { | 840 | { |
785 | unsigned int usedspace; | 841 | unsigned int usedspace; |
786 | 842 | ||
@@ -797,7 +853,7 @@ SHA512_Pad(SHA512_CTX *context) | |||
797 | memset(&context->buffer[usedspace], 0, SHA512_BLOCK_LENGTH - usedspace); | 853 | memset(&context->buffer[usedspace], 0, SHA512_BLOCK_LENGTH - usedspace); |
798 | } | 854 | } |
799 | /* Do second-to-last transform: */ | 855 | /* Do second-to-last transform: */ |
800 | SHA512_Transform(context->state, context->buffer); | 856 | SHA512Transform(context->state.st64, context->buffer); |
801 | 857 | ||
802 | /* And set-up for the last transform: */ | 858 | /* And set-up for the last transform: */ |
803 | memset(context->buffer, 0, SHA512_BLOCK_LENGTH - 2); | 859 | memset(context->buffer, 0, SHA512_BLOCK_LENGTH - 2); |
@@ -816,89 +872,104 @@ SHA512_Pad(SHA512_CTX *context) | |||
816 | context->bitcount[0]); | 872 | context->bitcount[0]); |
817 | 873 | ||
818 | /* Final transform: */ | 874 | /* Final transform: */ |
819 | SHA512_Transform(context->state, context->buffer); | 875 | SHA512Transform(context->state.st64, context->buffer); |
820 | 876 | ||
821 | /* Clean up: */ | 877 | /* Clean up: */ |
822 | usedspace = 0; | 878 | usedspace = 0; |
823 | } | 879 | } |
880 | DEF_WEAK(SHA512Pad); | ||
824 | 881 | ||
825 | void | 882 | void |
826 | SHA512_Final(u_int8_t digest[SHA512_DIGEST_LENGTH], SHA512_CTX *context) | 883 | SHA512Final(u_int8_t digest[SHA512_DIGEST_LENGTH], SHA2_CTX *context) |
827 | { | 884 | { |
828 | SHA512_Pad(context); | 885 | SHA512Pad(context); |
829 | 886 | ||
830 | /* If no digest buffer is passed, we don't bother doing this: */ | ||
831 | if (digest != NULL) { | ||
832 | #if BYTE_ORDER == LITTLE_ENDIAN | 887 | #if BYTE_ORDER == LITTLE_ENDIAN |
833 | int i; | 888 | int i; |
834 | 889 | ||
835 | /* Convert TO host byte order */ | 890 | /* Convert TO host byte order */ |
836 | for (i = 0; i < 8; i++) | 891 | for (i = 0; i < 8; i++) |
837 | BE_64_TO_8(digest + i * 8, context->state[i]); | 892 | BE_64_TO_8(digest + i * 8, context->state.st64[i]); |
838 | #else | 893 | #else |
839 | memcpy(digest, context->state, SHA512_DIGEST_LENGTH); | 894 | memcpy(digest, context->state.st64, SHA512_DIGEST_LENGTH); |
840 | #endif | 895 | #endif |
841 | memset(context, 0, sizeof(*context)); | 896 | explicit_bzero(context, sizeof(*context)); |
842 | } | ||
843 | } | 897 | } |
898 | DEF_WEAK(SHA512Final); | ||
844 | 899 | ||
900 | #if !defined(SHA2_SMALL) | ||
845 | 901 | ||
846 | /*** SHA-384: *********************************************************/ | 902 | /*** SHA-384: *********************************************************/ |
847 | void | 903 | void |
848 | SHA384_Init(SHA384_CTX *context) | 904 | SHA384Init(SHA2_CTX *context) |
849 | { | 905 | { |
850 | if (context == NULL) | 906 | memcpy(context->state.st64, sha384_initial_hash_value, |
851 | return; | ||
852 | memcpy(context->state, sha384_initial_hash_value, | ||
853 | sizeof(sha384_initial_hash_value)); | 907 | sizeof(sha384_initial_hash_value)); |
854 | memset(context->buffer, 0, sizeof(context->buffer)); | 908 | memset(context->buffer, 0, sizeof(context->buffer)); |
855 | context->bitcount[0] = context->bitcount[1] = 0; | 909 | context->bitcount[0] = context->bitcount[1] = 0; |
856 | } | 910 | } |
911 | DEF_WEAK(SHA384Init); | ||
857 | 912 | ||
858 | #if 0 | 913 | MAKE_CLONE(SHA384Transform, SHA512Transform); |
859 | __weak_alias(SHA384_Transform, SHA512_Transform); | 914 | MAKE_CLONE(SHA384Update, SHA512Update); |
860 | __weak_alias(SHA384_Update, SHA512_Update); | 915 | MAKE_CLONE(SHA384Pad, SHA512Pad); |
861 | __weak_alias(SHA384_Pad, SHA512_Pad); | 916 | DEF_WEAK(SHA384Transform); |
862 | #endif | 917 | DEF_WEAK(SHA384Update); |
918 | DEF_WEAK(SHA384Pad); | ||
863 | 919 | ||
864 | void | 920 | void |
865 | SHA384_Transform(u_int64_t state[8], const u_int8_t data[SHA512_BLOCK_LENGTH]) | 921 | SHA384Final(u_int8_t digest[SHA384_DIGEST_LENGTH], SHA2_CTX *context) |
866 | { | 922 | { |
867 | return SHA512_Transform(state, data); | 923 | SHA384Pad(context); |
868 | } | ||
869 | 924 | ||
870 | void | 925 | #if BYTE_ORDER == LITTLE_ENDIAN |
871 | SHA384_Update(SHA512_CTX *context, const u_int8_t *data, size_t len) | 926 | int i; |
872 | { | 927 | |
873 | SHA512_Update(context, data, len); | 928 | /* Convert TO host byte order */ |
929 | for (i = 0; i < 6; i++) | ||
930 | BE_64_TO_8(digest + i * 8, context->state.st64[i]); | ||
931 | #else | ||
932 | memcpy(digest, context->state.st64, SHA384_DIGEST_LENGTH); | ||
933 | #endif | ||
934 | /* Zero out state data */ | ||
935 | explicit_bzero(context, sizeof(*context)); | ||
874 | } | 936 | } |
937 | DEF_WEAK(SHA384Final); | ||
875 | 938 | ||
939 | /*** SHA-512/256: *********************************************************/ | ||
876 | void | 940 | void |
877 | SHA384_Pad(SHA512_CTX *context) | 941 | SHA512_256Init(SHA2_CTX *context) |
878 | { | 942 | { |
879 | SHA512_Pad(context); | 943 | memcpy(context->state.st64, sha512_256_initial_hash_value, |
944 | sizeof(sha512_256_initial_hash_value)); | ||
945 | memset(context->buffer, 0, sizeof(context->buffer)); | ||
946 | context->bitcount[0] = context->bitcount[1] = 0; | ||
880 | } | 947 | } |
948 | DEF_WEAK(SHA512_256Init); | ||
949 | |||
950 | MAKE_CLONE(SHA512_256Transform, SHA512Transform); | ||
951 | MAKE_CLONE(SHA512_256Update, SHA512Update); | ||
952 | MAKE_CLONE(SHA512_256Pad, SHA512Pad); | ||
953 | DEF_WEAK(SHA512_256Transform); | ||
954 | DEF_WEAK(SHA512_256Update); | ||
955 | DEF_WEAK(SHA512_256Pad); | ||
881 | 956 | ||
882 | void | 957 | void |
883 | SHA384_Final(u_int8_t digest[SHA384_DIGEST_LENGTH], SHA384_CTX *context) | 958 | SHA512_256Final(u_int8_t digest[SHA512_256_DIGEST_LENGTH], SHA2_CTX *context) |
884 | { | 959 | { |
885 | SHA384_Pad(context); | 960 | SHA512_256Pad(context); |
886 | 961 | ||
887 | /* If no digest buffer is passed, we don't bother doing this: */ | ||
888 | if (digest != NULL) { | ||
889 | #if BYTE_ORDER == LITTLE_ENDIAN | 962 | #if BYTE_ORDER == LITTLE_ENDIAN |
890 | int i; | 963 | int i; |
891 | 964 | ||
892 | /* Convert TO host byte order */ | 965 | /* Convert TO host byte order */ |
893 | for (i = 0; i < 6; i++) | 966 | for (i = 0; i < 4; i++) |
894 | BE_64_TO_8(digest + i * 8, context->state[i]); | 967 | BE_64_TO_8(digest + i * 8, context->state.st64[i]); |
895 | #else | 968 | #else |
896 | memcpy(digest, context->state, SHA384_DIGEST_LENGTH); | 969 | memcpy(digest, context->state.st64, SHA512_256_DIGEST_LENGTH); |
897 | #endif | 970 | #endif |
898 | } | ||
899 | |||
900 | /* Zero out state data */ | 971 | /* Zero out state data */ |
901 | memset(context, 0, sizeof(*context)); | 972 | explicit_bzero(context, sizeof(*context)); |
902 | } | 973 | } |
903 | 974 | DEF_WEAK(SHA512_256Final); | |
904 | #endif /* defined(_NEED_SHA2) && !defined(HAVE_SHA256_UPDATE) */ | 975 | #endif /* !defined(SHA2_SMALL) */ |
diff --git a/openbsd-compat/sha2.h b/openbsd-compat/sha2.h index c6e6c97a5..52ddb3f79 100644 --- a/openbsd-compat/sha2.h +++ b/openbsd-compat/sha2.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sha2.h,v 1.6 2004/06/22 01:57:30 jfb Exp */ | 1 | /* $OpenBSD: sha2.h,v 1.10 2016/09/03 17:00:29 tedu Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * FILE: sha2.h | 4 | * FILE: sha2.h |
@@ -34,25 +34,14 @@ | |||
34 | * $From: sha2.h,v 1.1 2001/11/08 00:02:01 adg Exp adg $ | 34 | * $From: sha2.h,v 1.1 2001/11/08 00:02:01 adg Exp adg $ |
35 | */ | 35 | */ |
36 | 36 | ||
37 | /* OPENBSD ORIGINAL: include/sha2.h */ | 37 | #ifndef _SHA2_H |
38 | #define _SHA2_H | ||
38 | 39 | ||
39 | #ifndef _SSHSHA2_H | ||
40 | #define _SSHSHA2_H | ||
41 | |||
42 | #include "includes.h" | ||
43 | |||
44 | #ifdef WITH_OPENSSL | ||
45 | # include <openssl/opensslv.h> | ||
46 | # if !defined(HAVE_EVP_SHA256) && (OPENSSL_VERSION_NUMBER >= 0x00907000L) | ||
47 | # define _NEED_SHA2 1 | ||
48 | # endif | ||
49 | #else | ||
50 | # define _NEED_SHA2 1 | ||
51 | #endif | ||
52 | |||
53 | #if defined(_NEED_SHA2) && !defined(HAVE_SHA256_UPDATE) | ||
54 | 40 | ||
55 | /*** SHA-256/384/512 Various Length Definitions ***********************/ | 41 | /*** SHA-256/384/512 Various Length Definitions ***********************/ |
42 | #define SHA224_BLOCK_LENGTH 64 | ||
43 | #define SHA224_DIGEST_LENGTH 28 | ||
44 | #define SHA224_DIGEST_STRING_LENGTH (SHA224_DIGEST_LENGTH * 2 + 1) | ||
56 | #define SHA256_BLOCK_LENGTH 64 | 45 | #define SHA256_BLOCK_LENGTH 64 |
57 | #define SHA256_DIGEST_LENGTH 32 | 46 | #define SHA256_DIGEST_LENGTH 32 |
58 | #define SHA256_DIGEST_STRING_LENGTH (SHA256_DIGEST_LENGTH * 2 + 1) | 47 | #define SHA256_DIGEST_STRING_LENGTH (SHA256_DIGEST_LENGTH * 2 + 1) |
@@ -62,73 +51,106 @@ | |||
62 | #define SHA512_BLOCK_LENGTH 128 | 51 | #define SHA512_BLOCK_LENGTH 128 |
63 | #define SHA512_DIGEST_LENGTH 64 | 52 | #define SHA512_DIGEST_LENGTH 64 |
64 | #define SHA512_DIGEST_STRING_LENGTH (SHA512_DIGEST_LENGTH * 2 + 1) | 53 | #define SHA512_DIGEST_STRING_LENGTH (SHA512_DIGEST_LENGTH * 2 + 1) |
54 | #define SHA512_256_BLOCK_LENGTH 128 | ||
55 | #define SHA512_256_DIGEST_LENGTH 32 | ||
56 | #define SHA512_256_DIGEST_STRING_LENGTH (SHA512_256_DIGEST_LENGTH * 2 + 1) | ||
65 | 57 | ||
66 | 58 | ||
67 | /*** SHA-256/384/512 Context Structures *******************************/ | 59 | /*** SHA-224/256/384/512 Context Structure *******************************/ |
68 | typedef struct _SHA256_CTX { | 60 | typedef struct _SHA2_CTX { |
69 | u_int32_t state[8]; | 61 | union { |
70 | u_int64_t bitcount; | 62 | u_int32_t st32[8]; |
71 | u_int8_t buffer[SHA256_BLOCK_LENGTH]; | 63 | u_int64_t st64[8]; |
72 | } SHA256_CTX; | 64 | } state; |
73 | typedef struct _SHA512_CTX { | ||
74 | u_int64_t state[8]; | ||
75 | u_int64_t bitcount[2]; | 65 | u_int64_t bitcount[2]; |
76 | u_int8_t buffer[SHA512_BLOCK_LENGTH]; | 66 | u_int8_t buffer[SHA512_BLOCK_LENGTH]; |
77 | } SHA512_CTX; | 67 | } SHA2_CTX; |
78 | 68 | ||
79 | typedef SHA512_CTX SHA384_CTX; | 69 | __BEGIN_DECLS |
70 | void SHA224Init(SHA2_CTX *); | ||
71 | void SHA224Transform(u_int32_t state[8], const u_int8_t [SHA224_BLOCK_LENGTH]); | ||
72 | void SHA224Update(SHA2_CTX *, const u_int8_t *, size_t) | ||
73 | __attribute__((__bounded__(__string__,2,3))); | ||
74 | void SHA224Pad(SHA2_CTX *); | ||
75 | void SHA224Final(u_int8_t [SHA224_DIGEST_LENGTH], SHA2_CTX *) | ||
76 | __attribute__((__bounded__(__minbytes__,1,SHA224_DIGEST_LENGTH))); | ||
77 | char *SHA224End(SHA2_CTX *, char *) | ||
78 | __attribute__((__bounded__(__minbytes__,2,SHA224_DIGEST_STRING_LENGTH))); | ||
79 | char *SHA224File(const char *, char *) | ||
80 | __attribute__((__bounded__(__minbytes__,2,SHA224_DIGEST_STRING_LENGTH))); | ||
81 | char *SHA224FileChunk(const char *, char *, off_t, off_t) | ||
82 | __attribute__((__bounded__(__minbytes__,2,SHA224_DIGEST_STRING_LENGTH))); | ||
83 | char *SHA224Data(const u_int8_t *, size_t, char *) | ||
84 | __attribute__((__bounded__(__string__,1,2))) | ||
85 | __attribute__((__bounded__(__minbytes__,3,SHA224_DIGEST_STRING_LENGTH))); | ||
80 | 86 | ||
81 | void SHA256_Init(SHA256_CTX *); | 87 | void SHA256Init(SHA2_CTX *); |
82 | void SHA256_Transform(u_int32_t state[8], const u_int8_t [SHA256_BLOCK_LENGTH]); | 88 | void SHA256Transform(u_int32_t state[8], const u_int8_t [SHA256_BLOCK_LENGTH]); |
83 | void SHA256_Update(SHA256_CTX *, const u_int8_t *, size_t) | 89 | void SHA256Update(SHA2_CTX *, const u_int8_t *, size_t) |
84 | __attribute__((__bounded__(__string__,2,3))); | 90 | __attribute__((__bounded__(__string__,2,3))); |
85 | void SHA256_Pad(SHA256_CTX *); | 91 | void SHA256Pad(SHA2_CTX *); |
86 | void SHA256_Final(u_int8_t [SHA256_DIGEST_LENGTH], SHA256_CTX *) | 92 | void SHA256Final(u_int8_t [SHA256_DIGEST_LENGTH], SHA2_CTX *) |
87 | __attribute__((__bounded__(__minbytes__,1,SHA256_DIGEST_LENGTH))); | 93 | __attribute__((__bounded__(__minbytes__,1,SHA256_DIGEST_LENGTH))); |
88 | char *SHA256_End(SHA256_CTX *, char *) | 94 | char *SHA256End(SHA2_CTX *, char *) |
89 | __attribute__((__bounded__(__minbytes__,2,SHA256_DIGEST_STRING_LENGTH))); | 95 | __attribute__((__bounded__(__minbytes__,2,SHA256_DIGEST_STRING_LENGTH))); |
90 | char *SHA256_File(const char *, char *) | 96 | char *SHA256File(const char *, char *) |
91 | __attribute__((__bounded__(__minbytes__,2,SHA256_DIGEST_STRING_LENGTH))); | 97 | __attribute__((__bounded__(__minbytes__,2,SHA256_DIGEST_STRING_LENGTH))); |
92 | char *SHA256_FileChunk(const char *, char *, off_t, off_t) | 98 | char *SHA256FileChunk(const char *, char *, off_t, off_t) |
93 | __attribute__((__bounded__(__minbytes__,2,SHA256_DIGEST_STRING_LENGTH))); | 99 | __attribute__((__bounded__(__minbytes__,2,SHA256_DIGEST_STRING_LENGTH))); |
94 | char *SHA256_Data(const u_int8_t *, size_t, char *) | 100 | char *SHA256Data(const u_int8_t *, size_t, char *) |
95 | __attribute__((__bounded__(__string__,1,2))) | 101 | __attribute__((__bounded__(__string__,1,2))) |
96 | __attribute__((__bounded__(__minbytes__,3,SHA256_DIGEST_STRING_LENGTH))); | 102 | __attribute__((__bounded__(__minbytes__,3,SHA256_DIGEST_STRING_LENGTH))); |
97 | 103 | ||
98 | void SHA384_Init(SHA384_CTX *); | 104 | void SHA384Init(SHA2_CTX *); |
99 | void SHA384_Transform(u_int64_t state[8], const u_int8_t [SHA384_BLOCK_LENGTH]); | 105 | void SHA384Transform(u_int64_t state[8], const u_int8_t [SHA384_BLOCK_LENGTH]); |
100 | void SHA384_Update(SHA384_CTX *, const u_int8_t *, size_t) | 106 | void SHA384Update(SHA2_CTX *, const u_int8_t *, size_t) |
101 | __attribute__((__bounded__(__string__,2,3))); | 107 | __attribute__((__bounded__(__string__,2,3))); |
102 | void SHA384_Pad(SHA384_CTX *); | 108 | void SHA384Pad(SHA2_CTX *); |
103 | void SHA384_Final(u_int8_t [SHA384_DIGEST_LENGTH], SHA384_CTX *) | 109 | void SHA384Final(u_int8_t [SHA384_DIGEST_LENGTH], SHA2_CTX *) |
104 | __attribute__((__bounded__(__minbytes__,1,SHA384_DIGEST_LENGTH))); | 110 | __attribute__((__bounded__(__minbytes__,1,SHA384_DIGEST_LENGTH))); |
105 | char *SHA384_End(SHA384_CTX *, char *) | 111 | char *SHA384End(SHA2_CTX *, char *) |
106 | __attribute__((__bounded__(__minbytes__,2,SHA384_DIGEST_STRING_LENGTH))); | 112 | __attribute__((__bounded__(__minbytes__,2,SHA384_DIGEST_STRING_LENGTH))); |
107 | char *SHA384_File(const char *, char *) | 113 | char *SHA384File(const char *, char *) |
108 | __attribute__((__bounded__(__minbytes__,2,SHA384_DIGEST_STRING_LENGTH))); | 114 | __attribute__((__bounded__(__minbytes__,2,SHA384_DIGEST_STRING_LENGTH))); |
109 | char *SHA384_FileChunk(const char *, char *, off_t, off_t) | 115 | char *SHA384FileChunk(const char *, char *, off_t, off_t) |
110 | __attribute__((__bounded__(__minbytes__,2,SHA384_DIGEST_STRING_LENGTH))); | 116 | __attribute__((__bounded__(__minbytes__,2,SHA384_DIGEST_STRING_LENGTH))); |
111 | char *SHA384_Data(const u_int8_t *, size_t, char *) | 117 | char *SHA384Data(const u_int8_t *, size_t, char *) |
112 | __attribute__((__bounded__(__string__,1,2))) | 118 | __attribute__((__bounded__(__string__,1,2))) |
113 | __attribute__((__bounded__(__minbytes__,3,SHA384_DIGEST_STRING_LENGTH))); | 119 | __attribute__((__bounded__(__minbytes__,3,SHA384_DIGEST_STRING_LENGTH))); |
114 | 120 | ||
115 | void SHA512_Init(SHA512_CTX *); | 121 | void SHA512Init(SHA2_CTX *); |
116 | void SHA512_Transform(u_int64_t state[8], const u_int8_t [SHA512_BLOCK_LENGTH]); | 122 | void SHA512Transform(u_int64_t state[8], const u_int8_t [SHA512_BLOCK_LENGTH]); |
117 | void SHA512_Update(SHA512_CTX *, const u_int8_t *, size_t) | 123 | void SHA512Update(SHA2_CTX *, const u_int8_t *, size_t) |
118 | __attribute__((__bounded__(__string__,2,3))); | 124 | __attribute__((__bounded__(__string__,2,3))); |
119 | void SHA512_Pad(SHA512_CTX *); | 125 | void SHA512Pad(SHA2_CTX *); |
120 | void SHA512_Final(u_int8_t [SHA512_DIGEST_LENGTH], SHA512_CTX *) | 126 | void SHA512Final(u_int8_t [SHA512_DIGEST_LENGTH], SHA2_CTX *) |
121 | __attribute__((__bounded__(__minbytes__,1,SHA512_DIGEST_LENGTH))); | 127 | __attribute__((__bounded__(__minbytes__,1,SHA512_DIGEST_LENGTH))); |
122 | char *SHA512_End(SHA512_CTX *, char *) | 128 | char *SHA512End(SHA2_CTX *, char *) |
123 | __attribute__((__bounded__(__minbytes__,2,SHA512_DIGEST_STRING_LENGTH))); | 129 | __attribute__((__bounded__(__minbytes__,2,SHA512_DIGEST_STRING_LENGTH))); |
124 | char *SHA512_File(const char *, char *) | 130 | char *SHA512File(const char *, char *) |
125 | __attribute__((__bounded__(__minbytes__,2,SHA512_DIGEST_STRING_LENGTH))); | 131 | __attribute__((__bounded__(__minbytes__,2,SHA512_DIGEST_STRING_LENGTH))); |
126 | char *SHA512_FileChunk(const char *, char *, off_t, off_t) | 132 | char *SHA512FileChunk(const char *, char *, off_t, off_t) |
127 | __attribute__((__bounded__(__minbytes__,2,SHA512_DIGEST_STRING_LENGTH))); | 133 | __attribute__((__bounded__(__minbytes__,2,SHA512_DIGEST_STRING_LENGTH))); |
128 | char *SHA512_Data(const u_int8_t *, size_t, char *) | 134 | char *SHA512Data(const u_int8_t *, size_t, char *) |
129 | __attribute__((__bounded__(__string__,1,2))) | 135 | __attribute__((__bounded__(__string__,1,2))) |
130 | __attribute__((__bounded__(__minbytes__,3,SHA512_DIGEST_STRING_LENGTH))); | 136 | __attribute__((__bounded__(__minbytes__,3,SHA512_DIGEST_STRING_LENGTH))); |
131 | 137 | ||
132 | #endif /* defined(_NEED_SHA2) && !defined(HAVE_SHA256_UPDATE) */ | 138 | void SHA512_256Init(SHA2_CTX *); |
139 | void SHA512_256Transform(u_int64_t state[8], const u_int8_t [SHA512_256_BLOCK_LENGTH]); | ||
140 | void SHA512_256Update(SHA2_CTX *, const u_int8_t *, size_t) | ||
141 | __attribute__((__bounded__(__string__,2,3))); | ||
142 | void SHA512_256Pad(SHA2_CTX *); | ||
143 | void SHA512_256Final(u_int8_t [SHA512_256_DIGEST_LENGTH], SHA2_CTX *) | ||
144 | __attribute__((__bounded__(__minbytes__,1,SHA512_256_DIGEST_LENGTH))); | ||
145 | char *SHA512_256End(SHA2_CTX *, char *) | ||
146 | __attribute__((__bounded__(__minbytes__,2,SHA512_256_DIGEST_STRING_LENGTH))); | ||
147 | char *SHA512_256File(const char *, char *) | ||
148 | __attribute__((__bounded__(__minbytes__,2,SHA512_256_DIGEST_STRING_LENGTH))); | ||
149 | char *SHA512_256FileChunk(const char *, char *, off_t, off_t) | ||
150 | __attribute__((__bounded__(__minbytes__,2,SHA512_256_DIGEST_STRING_LENGTH))); | ||
151 | char *SHA512_256Data(const u_int8_t *, size_t, char *) | ||
152 | __attribute__((__bounded__(__string__,1,2))) | ||
153 | __attribute__((__bounded__(__minbytes__,3,SHA512_256_DIGEST_STRING_LENGTH))); | ||
154 | __END_DECLS | ||
133 | 155 | ||
134 | #endif /* _SSHSHA2_H */ | 156 | #endif /* _SHA2_H */ |