diff options
Diffstat (limited to 'lib/sha256.c')
| -rw-r--r-- | lib/sha256.c | 268 |
1 files changed, 149 insertions, 119 deletions
diff --git a/lib/sha256.c b/lib/sha256.c index d23c509..0be8fd2 100644 --- a/lib/sha256.c +++ b/lib/sha256.c @@ -1,12 +1,12 @@ /* sha256.c - Functions to compute SHA256 and SHA224 message digest of files or memory blocks according to the NIST specification FIPS-180-2. - Copyright (C) 2005, 2006 Free Software Foundation, Inc. + Copyright (C) 2005-2006, 2008-2016 Free Software Foundation, Inc. - This program is free software; you can redistribute it and/or modify it - under the terms of the GNU General Public License as published by the - Free Software Foundation; either version 2, or (at your option) any - later version. + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of @@ -14,8 +14,7 @@ GNU General Public License for more details. You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software Foundation, - Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ + along with this program. If not, see <http://www.gnu.org/licenses/>. */ /* Written by David Madore, considerably copypasting from Scott G. Miller's sha1.c @@ -23,9 +22,14 @@ #include <config.h> +#if HAVE_OPENSSL_SHA256 +# define GL_OPENSSL_INLINE _GL_EXTERN_INLINE +#endif #include "sha256.h" -#include <stddef.h> +#include <stdalign.h> +#include <stdint.h> +#include <stdlib.h> #include <string.h> #if USE_UNLOCKED_IO @@ -39,11 +43,12 @@ (((n) << 24) | (((n) & 0xff00) << 8) | (((n) >> 8) & 0xff00) | ((n) >> 24)) #endif -#define BLOCKSIZE 4096 +#define BLOCKSIZE 32768 #if BLOCKSIZE % 64 != 0 # error "invalid BLOCKSIZE" #endif +#if ! HAVE_OPENSSL_SHA256 /* This array contains the bytes used to pad the buffer to the next 64-byte boundary. */ static const unsigned char fillbuf[64] = { 0x80, 0 /* , 0, 0, ... */ }; @@ -51,7 +56,7 @@ static const unsigned char fillbuf[64] = { 0x80, 0 /* , 0, 0, ... */ }; /* Takes a pointer to a 256 bit block of data (eight 32 bit ints) and - intializes it to the start constants of the SHA256 algorithm. This + initializes it to the start constants of the SHA256 algorithm. This must be called before using hash in the call to sha256_hash */ void @@ -86,18 +91,25 @@ sha224_init_ctx (struct sha256_ctx *ctx) ctx->buflen = 0; } -/* Put result from CTX in first 32 bytes following RESBUF. The result - must be in little endian byte order. +/* Copy the value from v into the memory location pointed to by *cp, + If your architecture allows unaligned access this is equivalent to + * (uint32_t *) cp = v */ +static void +set_uint32 (char *cp, uint32_t v) +{ + memcpy (cp, &v, sizeof v); +} - IMPORTANT: On some systems it is required that RESBUF is correctly - aligned for a 32-bit value. */ +/* Put result from CTX in first 32 bytes following RESBUF. The result + must be in little endian byte order. */ void * sha256_read_ctx (const struct sha256_ctx *ctx, void *resbuf) { int i; + char *r = resbuf; for (i = 0; i < 8; i++) - ((uint32_t *) resbuf)[i] = SWAP (ctx->state[i]); + set_uint32 (r + i * sizeof ctx->state[0], SWAP (ctx->state[i])); return resbuf; } @@ -106,23 +118,21 @@ void * sha224_read_ctx (const struct sha256_ctx *ctx, void *resbuf) { int i; + char *r = resbuf; for (i = 0; i < 7; i++) - ((uint32_t *) resbuf)[i] = SWAP (ctx->state[i]); + set_uint32 (r + i * sizeof ctx->state[0], SWAP (ctx->state[i])); return resbuf; } /* Process the remaining bytes in the internal buffer and the usual - prolog according to the standard and write the result to RESBUF. - - IMPORTANT: On some systems it is required that RESBUF is correctly - aligned for a 32-bit value. */ + prolog according to the standard and write the result to RESBUF. */ static void sha256_conclude_ctx (struct sha256_ctx *ctx) { /* Take yet unprocessed bytes into account. */ - uint32_t bytes = ctx->buflen; + size_t bytes = ctx->buflen; size_t size = (bytes < 56) ? 64 / 4 : 64 * 2 / 4; /* Now count remaining bytes. */ @@ -130,9 +140,13 @@ sha256_conclude_ctx (struct sha256_ctx *ctx) if (ctx->total[0] < bytes) ++ctx->total[1]; - /* Put the 64-bit file length in *bits* at the end of the buffer. */ - ctx->buffer[size - 2] = SWAP ((ctx->total[1] << 3) | (ctx->total[0] >> 29)); - ctx->buffer[size - 1] = SWAP (ctx->total[0] << 3); + /* Put the 64-bit file length in *bits* at the end of the buffer. + Use set_uint32 rather than a simple assignment, to avoid risk of + unaligned access. */ + set_uint32 ((char *) &ctx->buffer[size - 2], + SWAP ((ctx->total[1] << 3) | (ctx->total[0] >> 29))); + set_uint32 ((char *) &ctx->buffer[size - 1], + SWAP (ctx->total[0] << 3)); memcpy (&((char *) ctx->buffer)[bytes], fillbuf, (size - 2) * 4 - bytes); @@ -153,6 +167,7 @@ sha224_finish_ctx (struct sha256_ctx *ctx, void *resbuf) sha256_conclude_ctx (ctx); return sha224_read_ctx (ctx, resbuf); } +#endif /* Compute SHA256 message digest for bytes read from STREAM. The resulting message digest number will be written into the 32 bytes @@ -161,9 +176,12 @@ int sha256_stream (FILE *stream, void *resblock) { struct sha256_ctx ctx; - char buffer[BLOCKSIZE + 72]; size_t sum; + char *buffer = malloc (BLOCKSIZE + 72); + if (!buffer) + return 1; + /* Initialize the computation context. */ sha256_init_ctx (&ctx); @@ -171,40 +189,43 @@ sha256_stream (FILE *stream, void *resblock) while (1) { /* We read the file in blocks of BLOCKSIZE bytes. One call of the - computation function processes the whole buffer so that with the - next round of the loop another block can be read. */ + computation function processes the whole buffer so that with the + next round of the loop another block can be read. */ size_t n; sum = 0; /* Read block. Take care for partial reads. */ while (1) - { - n = fread (buffer + sum, 1, BLOCKSIZE - sum, stream); - - sum += n; - - if (sum == BLOCKSIZE) - break; - - if (n == 0) - { - /* Check for the error flag IFF N == 0, so that we don't - exit the loop after a partial read due to e.g., EAGAIN - or EWOULDBLOCK. */ - if (ferror (stream)) - return 1; - goto process_partial_block; - } - - /* We've read at least one byte, so ignore errors. But always - check for EOF, since feof may be true even though N > 0. - Otherwise, we could end up calling fread after EOF. */ - if (feof (stream)) - goto process_partial_block; - } + { + n = fread (buffer + sum, 1, BLOCKSIZE - sum, stream); + + sum += n; + + if (sum == BLOCKSIZE) + break; + + if (n == 0) + { + /* Check for the error flag IFF N == 0, so that we don't + exit the loop after a partial read due to e.g., EAGAIN + or EWOULDBLOCK. */ + if (ferror (stream)) + { + free (buffer); + return 1; + } + goto process_partial_block; + } + + /* We've read at least one byte, so ignore errors. But always + check for EOF, since feof may be true even though N > 0. + Otherwise, we could end up calling fread after EOF. */ + if (feof (stream)) + goto process_partial_block; + } /* Process buffer with BLOCKSIZE bytes. Note that - BLOCKSIZE % 64 == 0 + BLOCKSIZE % 64 == 0 */ sha256_process_block (buffer, BLOCKSIZE, &ctx); } @@ -217,6 +238,7 @@ sha256_stream (FILE *stream, void *resblock) /* Construct result in desired memory. */ sha256_finish_ctx (&ctx, resblock); + free (buffer); return 0; } @@ -225,9 +247,12 @@ int sha224_stream (FILE *stream, void *resblock) { struct sha256_ctx ctx; - char buffer[BLOCKSIZE + 72]; size_t sum; + char *buffer = malloc (BLOCKSIZE + 72); + if (!buffer) + return 1; + /* Initialize the computation context. */ sha224_init_ctx (&ctx); @@ -235,40 +260,43 @@ sha224_stream (FILE *stream, void *resblock) while (1) { /* We read the file in blocks of BLOCKSIZE bytes. One call of the - computation function processes the whole buffer so that with the - next round of the loop another block can be read. */ + computation function processes the whole buffer so that with the + next round of the loop another block can be read. */ size_t n; sum = 0; /* Read block. Take care for partial reads. */ while (1) - { - n = fread (buffer + sum, 1, BLOCKSIZE - sum, stream); - - sum += n; - - if (sum == BLOCKSIZE) - break; - - if (n == 0) - { - /* Check for the error flag IFF N == 0, so that we don't - exit the loop after a partial read due to e.g., EAGAIN - or EWOULDBLOCK. */ - if (ferror (stream)) - return 1; - goto process_partial_block; - } - - /* We've read at least one byte, so ignore errors. But always - check for EOF, since feof may be true even though N > 0. - Otherwise, we could end up calling fread after EOF. */ - if (feof (stream)) - goto process_partial_block; - } + { + n = fread (buffer + sum, 1, BLOCKSIZE - sum, stream); + + sum += n; + + if (sum == BLOCKSIZE) + break; + + if (n == 0) + { + /* Check for the error flag IFF N == 0, so that we don't + exit the loop after a partial read due to e.g., EAGAIN + or EWOULDBLOCK. */ + if (ferror (stream)) + { + free (buffer); + return 1; + } + goto process_partial_block; + } + + /* We've read at least one byte, so ignore errors. But always + check for EOF, since feof may be true even though N > 0. + Otherwise, we could end up calling fread after EOF. */ + if (feof (stream)) + goto process_partial_block; + } /* Process buffer with BLOCKSIZE bytes. Note that - BLOCKSIZE % 64 == 0 + BLOCKSIZE % 64 == 0 */ sha256_process_block (buffer, BLOCKSIZE, &ctx); } @@ -281,9 +309,11 @@ sha224_stream (FILE *stream, void *resblock) /* Construct result in desired memory. */ sha224_finish_ctx (&ctx, resblock); + free (buffer); return 0; } +#if ! HAVE_OPENSSL_SHA256 /* Compute SHA512 message digest for LEN bytes beginning at BUFFER. The result is always in little endian byte order, so that a byte-wise output yields to the wanted ASCII representation of the message @@ -332,15 +362,15 @@ sha256_process_bytes (const void *buffer, size_t len, struct sha256_ctx *ctx) ctx->buflen += add; if (ctx->buflen > 64) - { - sha256_process_block (ctx->buffer, ctx->buflen & ~63, ctx); + { + sha256_process_block (ctx->buffer, ctx->buflen & ~63, ctx); - ctx->buflen &= 63; - /* The regions in the following copy operation cannot overlap. */ - memcpy (ctx->buffer, - &((char *) ctx->buffer)[(left_over + add) & ~63], - ctx->buflen); - } + ctx->buflen &= 63; + /* The regions in the following copy operation cannot overlap. */ + memcpy (ctx->buffer, + &((char *) ctx->buffer)[(left_over + add) & ~63], + ctx->buflen); + } buffer = (const char *) buffer + add; len -= add; @@ -350,22 +380,21 @@ sha256_process_bytes (const void *buffer, size_t len, struct sha256_ctx *ctx) if (len >= 64) { #if !_STRING_ARCH_unaligned -# define alignof(type) offsetof (struct { char c; type x; }, x) -# define UNALIGNED_P(p) (((size_t) p) % alignof (uint32_t) != 0) +# define UNALIGNED_P(p) ((uintptr_t) (p) % alignof (uint32_t) != 0) if (UNALIGNED_P (buffer)) - while (len > 64) - { - sha256_process_block (memcpy (ctx->buffer, buffer, 64), 64, ctx); - buffer = (const char *) buffer + 64; - len -= 64; - } + while (len > 64) + { + sha256_process_block (memcpy (ctx->buffer, buffer, 64), 64, ctx); + buffer = (const char *) buffer + 64; + len -= 64; + } else #endif - { - sha256_process_block (buffer, len & ~63, ctx); - buffer = (const char *) buffer + (len & ~63); - len &= 63; - } + { + sha256_process_block (buffer, len & ~63, ctx); + buffer = (const char *) buffer + (len & ~63); + len &= 63; + } } /* Move remaining bytes in internal buffer. */ @@ -376,11 +405,11 @@ sha256_process_bytes (const void *buffer, size_t len, struct sha256_ctx *ctx) memcpy (&((char *) ctx->buffer)[left_over], buffer, len); left_over += len; if (left_over >= 64) - { - sha256_process_block (ctx->buffer, 64, ctx); - left_over -= 64; - memcpy (ctx->buffer, &ctx->buffer[16], left_over); - } + { + sha256_process_block (ctx->buffer, 64, ctx); + left_over -= 64; + memcpy (ctx->buffer, &ctx->buffer[16], left_over); + } ctx->buflen = left_over; } } @@ -431,13 +460,13 @@ sha256_process_block (const void *buffer, size_t len, struct sha256_ctx *ctx) uint32_t f = ctx->state[5]; uint32_t g = ctx->state[6]; uint32_t h = ctx->state[7]; + uint32_t lolen = len; /* First increment the byte count. FIPS PUB 180-2 specifies the possible length of the file up to 2^64 bits. Here we only compute the number of bytes. Do a double word increment. */ - ctx->total[0] += len; - if (ctx->total[0] < len) - ++ctx->total[1]; + ctx->total[0] += lolen; + ctx->total[1] += (len >> 31 >> 1) + (ctx->total[0] < lolen); #define rol(x, n) (((x) << (n)) | ((x) >> (32 - (n)))) #define S0(x) (rol(x,25)^rol(x,14)^(x>>3)) @@ -446,16 +475,16 @@ sha256_process_block (const void *buffer, size_t len, struct sha256_ctx *ctx) #define SS1(x) (rol(x,26)^rol(x,21)^rol(x,7)) #define M(I) ( tm = S1(x[(I-2)&0x0f]) + x[(I-7)&0x0f] \ - + S0(x[(I-15)&0x0f]) + x[I&0x0f] \ - , x[I&0x0f] = tm ) + + S0(x[(I-15)&0x0f]) + x[I&0x0f] \ + , x[I&0x0f] = tm ) #define R(A,B,C,D,E,F,G,H,K,M) do { t0 = SS0(A) + F2(A,B,C); \ t1 = H + SS1(E) \ + F1(E,F,G) \ - + K \ - + M; \ - D += t1; H = t0 + t1; \ - } while(0) + + K \ + + M; \ + D += t1; H = t0 + t1; \ + } while(0) while (words < endp) { @@ -464,10 +493,10 @@ sha256_process_block (const void *buffer, size_t len, struct sha256_ctx *ctx) int t; /* FIXME: see sha1.c for a better implementation. */ for (t = 0; t < 16; t++) - { - x[t] = SWAP (*words); - words++; - } + { + x[t] = SWAP (*words); + words++; + } R( a, b, c, d, e, f, g, h, K( 0), x[ 0] ); R( h, a, b, c, d, e, f, g, K( 1), x[ 1] ); @@ -544,3 +573,4 @@ sha256_process_block (const void *buffer, size_t len, struct sha256_ctx *ctx) h = ctx->state[7] += h; } } +#endif |