From fe7bfd664683289b1b664debb31903b1cac6c5a3 Mon Sep 17 00:00:00 2001 From: jkim Date: Fri, 20 Mar 2015 21:54:45 +0000 Subject: MFC: r280297 Merge OpenSSL 1.0.1m. Relnotes: yes --- crypto/openssl/crypto/sha/sha.c | 106 ++-- crypto/openssl/crypto/sha/sha.h | 208 +++---- crypto/openssl/crypto/sha/sha1.c | 106 ++-- crypto/openssl/crypto/sha/sha1_one.c | 35 +- crypto/openssl/crypto/sha/sha1dgst.c | 23 +- crypto/openssl/crypto/sha/sha1test.c | 206 +++---- crypto/openssl/crypto/sha/sha256.c | 583 +++++++++++------- crypto/openssl/crypto/sha/sha256t.c | 241 ++++---- crypto/openssl/crypto/sha/sha512.c | 1131 ++++++++++++++++++---------------- crypto/openssl/crypto/sha/sha512t.c | 312 +++++----- crypto/openssl/crypto/sha/sha_dgst.c | 23 +- crypto/openssl/crypto/sha/sha_locl.h | 703 +++++++++++---------- crypto/openssl/crypto/sha/sha_one.c | 35 +- crypto/openssl/crypto/sha/shatest.c | 206 +++---- 14 files changed, 2076 insertions(+), 1842 deletions(-) (limited to 'crypto/openssl/crypto/sha') diff --git a/crypto/openssl/crypto/sha/sha.c b/crypto/openssl/crypto/sha/sha.c index 4212655..cfc12f3 100644 --- a/crypto/openssl/crypto/sha/sha.c +++ b/crypto/openssl/crypto/sha/sha.c @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -60,65 +60,59 @@ #include #include -#define BUFSIZE 1024*16 +#define BUFSIZE 1024*16 void do_fp(FILE *f); void pt(unsigned char *md); int read(int, void *, unsigned int); int main(int argc, char **argv) - { - int i,err=0; - FILE *IN; +{ + int i, err = 0; + FILE *IN; - if (argc == 1) - { - do_fp(stdin); - } - else - { - for (i=1; i -#include +# include +# include #ifdef __cplusplus extern "C" { #endif -#if defined(OPENSSL_NO_SHA) || (defined(OPENSSL_NO_SHA0) && defined(OPENSSL_NO_SHA1)) -#error SHA is disabled. -#endif +# if defined(OPENSSL_NO_SHA) || (defined(OPENSSL_NO_SHA0) && defined(OPENSSL_NO_SHA1)) +# error SHA is disabled. +# endif -#if defined(OPENSSL_FIPS) -#define FIPS_SHA_SIZE_T size_t -#endif +# if defined(OPENSSL_FIPS) +# define FIPS_SHA_SIZE_T size_t +# endif -/* +/*- * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! * ! SHA_LONG has to be at least 32 bits wide. If it's wider, then ! * ! SHA_LONG_LOG2 has to be defined along. ! * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! */ -#if defined(__LP32__) -#define SHA_LONG unsigned long -#elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__) -#define SHA_LONG unsigned long -#define SHA_LONG_LOG2 3 -#else -#define SHA_LONG unsigned int -#endif - -#define SHA_LBLOCK 16 -#define SHA_CBLOCK (SHA_LBLOCK*4) /* SHA treats input data as a - * contiguous array of 32 bit - * wide big-endian values. */ -#define SHA_LAST_BLOCK (SHA_CBLOCK-8) -#define SHA_DIGEST_LENGTH 20 - -typedef struct SHAstate_st - { - SHA_LONG h0,h1,h2,h3,h4; - SHA_LONG Nl,Nh; - SHA_LONG data[SHA_LBLOCK]; - unsigned int num; - } SHA_CTX; - -#ifndef OPENSSL_NO_SHA0 -#ifdef OPENSSL_FIPS +# if defined(__LP32__) +# define SHA_LONG unsigned long +# elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__) +# define SHA_LONG unsigned long +# define SHA_LONG_LOG2 3 +# else +# define SHA_LONG unsigned int +# endif + +# define SHA_LBLOCK 16 +# define SHA_CBLOCK (SHA_LBLOCK*4)/* SHA treats input data as a + * contiguous array of 32 bit wide + * big-endian values. */ +# define SHA_LAST_BLOCK (SHA_CBLOCK-8) +# define SHA_DIGEST_LENGTH 20 + +typedef struct SHAstate_st { + SHA_LONG h0, h1, h2, h3, h4; + SHA_LONG Nl, Nh; + SHA_LONG data[SHA_LBLOCK]; + unsigned int num; +} SHA_CTX; + +# ifndef OPENSSL_NO_SHA0 +# ifdef OPENSSL_FIPS int private_SHA_Init(SHA_CTX *c); -#endif +# endif int SHA_Init(SHA_CTX *c); int SHA_Update(SHA_CTX *c, const void *data, size_t len); int SHA_Final(unsigned char *md, SHA_CTX *c); unsigned char *SHA(const unsigned char *d, size_t n, unsigned char *md); void SHA_Transform(SHA_CTX *c, const unsigned char *data); -#endif -#ifndef OPENSSL_NO_SHA1 -#ifdef OPENSSL_FIPS +# endif +# ifndef OPENSSL_NO_SHA1 +# ifdef OPENSSL_FIPS int private_SHA1_Init(SHA_CTX *c); -#endif +# endif int SHA1_Init(SHA_CTX *c); int SHA1_Update(SHA_CTX *c, const void *data, size_t len); int SHA1_Final(unsigned char *md, SHA_CTX *c); unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md); void SHA1_Transform(SHA_CTX *c, const unsigned char *data); -#endif - -#define SHA256_CBLOCK (SHA_LBLOCK*4) /* SHA-256 treats input data as a - * contiguous array of 32 bit - * wide big-endian values. */ -#define SHA224_DIGEST_LENGTH 28 -#define SHA256_DIGEST_LENGTH 32 - -typedef struct SHA256state_st - { - SHA_LONG h[8]; - SHA_LONG Nl,Nh; - SHA_LONG data[SHA_LBLOCK]; - unsigned int num,md_len; - } SHA256_CTX; - -#ifndef OPENSSL_NO_SHA256 -#ifdef OPENSSL_FIPS +# endif + +# define SHA256_CBLOCK (SHA_LBLOCK*4)/* SHA-256 treats input data as a + * contiguous array of 32 bit wide + * big-endian values. */ +# define SHA224_DIGEST_LENGTH 28 +# define SHA256_DIGEST_LENGTH 32 + +typedef struct SHA256state_st { + SHA_LONG h[8]; + SHA_LONG Nl, Nh; + SHA_LONG data[SHA_LBLOCK]; + unsigned int num, md_len; +} SHA256_CTX; + +# ifndef OPENSSL_NO_SHA256 +# ifdef OPENSSL_FIPS int private_SHA224_Init(SHA256_CTX *c); int private_SHA256_Init(SHA256_CTX *c); -#endif +# endif int SHA224_Init(SHA256_CTX *c); int SHA224_Update(SHA256_CTX *c, const void *data, size_t len); int SHA224_Final(unsigned char *md, SHA256_CTX *c); -unsigned char *SHA224(const unsigned char *d, size_t n,unsigned char *md); +unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md); int SHA256_Init(SHA256_CTX *c); int SHA256_Update(SHA256_CTX *c, const void *data, size_t len); int SHA256_Final(unsigned char *md, SHA256_CTX *c); -unsigned char *SHA256(const unsigned char *d, size_t n,unsigned char *md); +unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md); void SHA256_Transform(SHA256_CTX *c, const unsigned char *data); -#endif +# endif -#define SHA384_DIGEST_LENGTH 48 -#define SHA512_DIGEST_LENGTH 64 +# define SHA384_DIGEST_LENGTH 48 +# define SHA512_DIGEST_LENGTH 64 -#ifndef OPENSSL_NO_SHA512 +# ifndef OPENSSL_NO_SHA512 /* * Unlike 32-bit digest algorithms, SHA-512 *relies* on SHA_LONG64 * being exactly 64-bit wide. See Implementation Notes in sha512.c * for further details. */ -#define SHA512_CBLOCK (SHA_LBLOCK*8) /* SHA-512 treats input data as a - * contiguous array of 64 bit - * wide big-endian values. */ -#if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__) -#define SHA_LONG64 unsigned __int64 -#define U64(C) C##UI64 -#elif defined(__arch64__) -#define SHA_LONG64 unsigned long -#define U64(C) C##UL -#else -#define SHA_LONG64 unsigned long long -#define U64(C) C##ULL -#endif - -typedef struct SHA512state_st - { - SHA_LONG64 h[8]; - SHA_LONG64 Nl,Nh; - union { - SHA_LONG64 d[SHA_LBLOCK]; - unsigned char p[SHA512_CBLOCK]; - } u; - unsigned int num,md_len; - } SHA512_CTX; -#endif - -#ifndef OPENSSL_NO_SHA512 -#ifdef OPENSSL_FIPS +/* + * SHA-512 treats input data as a + * contiguous array of 64 bit + * wide big-endian values. + */ +# define SHA512_CBLOCK (SHA_LBLOCK*8) +# if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__) +# define SHA_LONG64 unsigned __int64 +# define U64(C) C##UI64 +# elif defined(__arch64__) +# define SHA_LONG64 unsigned long +# define U64(C) C##UL +# else +# define SHA_LONG64 unsigned long long +# define U64(C) C##ULL +# endif + +typedef struct SHA512state_st { + SHA_LONG64 h[8]; + SHA_LONG64 Nl, Nh; + union { + SHA_LONG64 d[SHA_LBLOCK]; + unsigned char p[SHA512_CBLOCK]; + } u; + unsigned int num, md_len; +} SHA512_CTX; +# endif + +# ifndef OPENSSL_NO_SHA512 +# ifdef OPENSSL_FIPS int private_SHA384_Init(SHA512_CTX *c); int private_SHA512_Init(SHA512_CTX *c); -#endif +# endif int SHA384_Init(SHA512_CTX *c); int SHA384_Update(SHA512_CTX *c, const void *data, size_t len); int SHA384_Final(unsigned char *md, SHA512_CTX *c); -unsigned char *SHA384(const unsigned char *d, size_t n,unsigned char *md); +unsigned char *SHA384(const unsigned char *d, size_t n, unsigned char *md); int SHA512_Init(SHA512_CTX *c); int SHA512_Update(SHA512_CTX *c, const void *data, size_t len); int SHA512_Final(unsigned char *md, SHA512_CTX *c); -unsigned char *SHA512(const unsigned char *d, size_t n,unsigned char *md); +unsigned char *SHA512(const unsigned char *d, size_t n, unsigned char *md); void SHA512_Transform(SHA512_CTX *c, const unsigned char *data); -#endif +# endif #ifdef __cplusplus } diff --git a/crypto/openssl/crypto/sha/sha1.c b/crypto/openssl/crypto/sha/sha1.c index d350c88..8dd1943 100644 --- a/crypto/openssl/crypto/sha/sha1.c +++ b/crypto/openssl/crypto/sha/sha1.c @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -60,7 +60,7 @@ #include #include -#define BUFSIZE 1024*16 +#define BUFSIZE 1024*16 void do_fp(FILE *f); void pt(unsigned char *md); @@ -69,59 +69,53 @@ int read(int, void *, unsigned int); #endif int main(int argc, char **argv) - { - int i,err=0; - FILE *IN; +{ + int i, err = 0; + FILE *IN; - if (argc == 1) - { - do_fp(stdin); - } - else - { - for (i=1; i #if !defined(OPENSSL_NO_SHA1) && !defined(OPENSSL_NO_SHA) -#undef SHA_0 -#define SHA_1 +# undef SHA_0 +# define SHA_1 -#include +# include -const char SHA1_version[]="SHA1" OPENSSL_VERSION_PTEXT; +const char SHA1_version[] = "SHA1" OPENSSL_VERSION_PTEXT; /* The implementation is in ../md32_common.h */ -#include "sha_locl.h" +# include "sha_locl.h" #endif - diff --git a/crypto/openssl/crypto/sha/sha1test.c b/crypto/openssl/crypto/sha/sha1test.c index 6feb396..0052a95 100644 --- a/crypto/openssl/crypto/sha/sha1test.c +++ b/crypto/openssl/crypto/sha/sha1test.c @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -66,113 +66,109 @@ int main(int argc, char *argv[]) { printf("No SHA support\n"); - return(0); + return (0); } #else -#include -#include +# include +# include -#ifdef CHARSET_EBCDIC -#include -#endif +# ifdef CHARSET_EBCDIC +# include +# endif -#undef SHA_0 /* FIPS 180 */ -#define SHA_1 /* FIPS 180-1 */ - -static char *test[]={ - "abc", - "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", - NULL, - }; - -#ifdef SHA_0 -static char *ret[]={ - "0164b8a914cd2a5e74c4f7ff082c4d97f1edf880", - "d2516ee1acfa5baf33dfc1c471e438449ef134c8", - }; -static char *bigret= - "3232affa48628a26653b5aaa44541fd90d690603"; -#endif -#ifdef SHA_1 -static char *ret[]={ - "a9993e364706816aba3e25717850c26c9cd0d89d", - "84983e441c3bd26ebaae4aa1f95129e5e54670f1", - }; -static char *bigret= - "34aa973cd4c4daa4f61eeb2bdbad27316534016f"; -#endif +# undef SHA_0 /* FIPS 180 */ +# define SHA_1 /* FIPS 180-1 */ + +static char *test[] = { + "abc", + "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", + NULL, +}; + +# ifdef SHA_0 +static char *ret[] = { + "0164b8a914cd2a5e74c4f7ff082c4d97f1edf880", + "d2516ee1acfa5baf33dfc1c471e438449ef134c8", +}; + +static char *bigret = "3232affa48628a26653b5aaa44541fd90d690603"; +# endif +# ifdef SHA_1 +static char *ret[] = { + "a9993e364706816aba3e25717850c26c9cd0d89d", + "84983e441c3bd26ebaae4aa1f95129e5e54670f1", +}; + +static char *bigret = "34aa973cd4c4daa4f61eeb2bdbad27316534016f"; +# endif static char *pt(unsigned char *md); int main(int argc, char *argv[]) - { - int i,err=0; - char **P,**R; - static unsigned char buf[1000]; - char *p,*r; - EVP_MD_CTX c; - unsigned char md[SHA_DIGEST_LENGTH]; - -#ifdef CHARSET_EBCDIC - ebcdic2ascii(test[0], test[0], strlen(test[0])); - ebcdic2ascii(test[1], test[1], strlen(test[1])); -#endif +{ + int i, err = 0; + char **P, **R; + static unsigned char buf[1000]; + char *p, *r; + EVP_MD_CTX c; + unsigned char md[SHA_DIGEST_LENGTH]; - EVP_MD_CTX_init(&c); - P=test; - R=ret; - i=1; - while (*P != NULL) - { - EVP_Digest(*P,strlen((char *)*P),md,NULL,EVP_sha1(), NULL); - p=pt(md); - if (strcmp(p,(char *)*R) != 0) - { - printf("error calculating SHA1 on '%s'\n",*P); - printf("got %s instead of %s\n",p,*R); - err++; - } - else - printf("test %d ok\n",i); - i++; - R++; - P++; - } - - memset(buf,'a',1000); -#ifdef CHARSET_EBCDIC - ebcdic2ascii(buf, buf, 1000); -#endif /*CHARSET_EBCDIC*/ - EVP_DigestInit_ex(&c,EVP_sha1(), NULL); - for (i=0; i<1000; i++) - EVP_DigestUpdate(&c,buf,1000); - EVP_DigestFinal_ex(&c,md,NULL); - p=pt(md); - - r=bigret; - if (strcmp(p,r) != 0) - { - printf("error calculating SHA1 on 'a' * 1000\n"); - printf("got %s instead of %s\n",p,r); - err++; - } - else - printf("test 3 ok\n"); - -#ifdef OPENSSL_SYS_NETWARE - if (err) printf("ERROR: %d\n", err); -#endif - EXIT(err); - EVP_MD_CTX_cleanup(&c); - return(0); - } +# ifdef CHARSET_EBCDIC + ebcdic2ascii(test[0], test[0], strlen(test[0])); + ebcdic2ascii(test[1], test[1], strlen(test[1])); +# endif + + EVP_MD_CTX_init(&c); + P = test; + R = ret; + i = 1; + while (*P != NULL) { + EVP_Digest(*P, strlen((char *)*P), md, NULL, EVP_sha1(), NULL); + p = pt(md); + if (strcmp(p, (char *)*R) != 0) { + printf("error calculating SHA1 on '%s'\n", *P); + printf("got %s instead of %s\n", p, *R); + err++; + } else + printf("test %d ok\n", i); + i++; + R++; + P++; + } + + memset(buf, 'a', 1000); +# ifdef CHARSET_EBCDIC + ebcdic2ascii(buf, buf, 1000); +# endif /* CHARSET_EBCDIC */ + EVP_DigestInit_ex(&c, EVP_sha1(), NULL); + for (i = 0; i < 1000; i++) + EVP_DigestUpdate(&c, buf, 1000); + EVP_DigestFinal_ex(&c, md, NULL); + p = pt(md); + + r = bigret; + if (strcmp(p, r) != 0) { + printf("error calculating SHA1 on 'a' * 1000\n"); + printf("got %s instead of %s\n", p, r); + err++; + } else + printf("test 3 ok\n"); + +# ifdef OPENSSL_SYS_NETWARE + if (err) + printf("ERROR: %d\n", err); +# endif + EXIT(err); + EVP_MD_CTX_cleanup(&c); + return (0); +} static char *pt(unsigned char *md) - { - int i; - static char buf[80]; - - for (i=0; i #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA256) -#include -#include +# include +# include -#include -#include -#include +# include +# include +# include -const char SHA256_version[]="SHA-256" OPENSSL_VERSION_PTEXT; +const char SHA256_version[] = "SHA-256" OPENSSL_VERSION_PTEXT; fips_md_init_ctx(SHA224, SHA256) - { - memset (c,0,sizeof(*c)); - c->h[0]=0xc1059ed8UL; c->h[1]=0x367cd507UL; - c->h[2]=0x3070dd17UL; c->h[3]=0xf70e5939UL; - c->h[4]=0xffc00b31UL; c->h[5]=0x68581511UL; - c->h[6]=0x64f98fa7UL; c->h[7]=0xbefa4fa4UL; - c->md_len=SHA224_DIGEST_LENGTH; - return 1; - } +{ + memset(c, 0, sizeof(*c)); + c->h[0] = 0xc1059ed8UL; + c->h[1] = 0x367cd507UL; + c->h[2] = 0x3070dd17UL; + c->h[3] = 0xf70e5939UL; + c->h[4] = 0xffc00b31UL; + c->h[5] = 0x68581511UL; + c->h[6] = 0x64f98fa7UL; + c->h[7] = 0xbefa4fa4UL; + c->md_len = SHA224_DIGEST_LENGTH; + return 1; +} fips_md_init(SHA256) - { - memset (c,0,sizeof(*c)); - c->h[0]=0x6a09e667UL; c->h[1]=0xbb67ae85UL; - c->h[2]=0x3c6ef372UL; c->h[3]=0xa54ff53aUL; - c->h[4]=0x510e527fUL; c->h[5]=0x9b05688cUL; - c->h[6]=0x1f83d9abUL; c->h[7]=0x5be0cd19UL; - c->md_len=SHA256_DIGEST_LENGTH; - return 1; - } +{ + memset(c, 0, sizeof(*c)); + c->h[0] = 0x6a09e667UL; + c->h[1] = 0xbb67ae85UL; + c->h[2] = 0x3c6ef372UL; + c->h[3] = 0xa54ff53aUL; + c->h[4] = 0x510e527fUL; + c->h[5] = 0x9b05688cUL; + c->h[6] = 0x1f83d9abUL; + c->h[7] = 0x5be0cd19UL; + c->md_len = SHA256_DIGEST_LENGTH; + return 1; +} unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md) - { - SHA256_CTX c; - static unsigned char m[SHA224_DIGEST_LENGTH]; - - if (md == NULL) md=m; - SHA224_Init(&c); - SHA256_Update(&c,d,n); - SHA256_Final(md,&c); - OPENSSL_cleanse(&c,sizeof(c)); - return(md); - } +{ + SHA256_CTX c; + static unsigned char m[SHA224_DIGEST_LENGTH]; + + if (md == NULL) + md = m; + SHA224_Init(&c); + SHA256_Update(&c, d, n); + SHA256_Final(md, &c); + OPENSSL_cleanse(&c, sizeof(c)); + return (md); +} unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md) - { - SHA256_CTX c; - static unsigned char m[SHA256_DIGEST_LENGTH]; - - if (md == NULL) md=m; - SHA256_Init(&c); - SHA256_Update(&c,d,n); - SHA256_Final(md,&c); - OPENSSL_cleanse(&c,sizeof(c)); - return(md); - } +{ + SHA256_CTX c; + static unsigned char m[SHA256_DIGEST_LENGTH]; + + if (md == NULL) + md = m; + SHA256_Init(&c); + SHA256_Update(&c, d, n); + SHA256_Final(md, &c); + OPENSSL_cleanse(&c, sizeof(c)); + return (md); +} int SHA224_Update(SHA256_CTX *c, const void *data, size_t len) -{ return SHA256_Update (c,data,len); } -int SHA224_Final (unsigned char *md, SHA256_CTX *c) -{ return SHA256_Final (md,c); } +{ + return SHA256_Update(c, data, len); +} -#define DATA_ORDER_IS_BIG_ENDIAN +int SHA224_Final(unsigned char *md, SHA256_CTX *c) +{ + return SHA256_Final(md, c); +} + +# define DATA_ORDER_IS_BIG_ENDIAN -#define HASH_LONG SHA_LONG -#define HASH_CTX SHA256_CTX -#define HASH_CBLOCK SHA_CBLOCK +# define HASH_LONG SHA_LONG +# define HASH_CTX SHA256_CTX +# define HASH_CBLOCK SHA_CBLOCK /* * Note that FIPS180-2 discusses "Truncation of the Hash Function Output." * default: case below covers for it. It's not clear however if it's @@ -82,201 +97,291 @@ int SHA224_Final (unsigned char *md, SHA256_CTX *c) * Idea behind separate cases for pre-defined lenghts is to let the * compiler decide if it's appropriate to unroll small loops. */ -#define HASH_MAKE_STRING(c,s) do { \ - unsigned long ll; \ - unsigned int nn; \ - switch ((c)->md_len) \ - { case SHA224_DIGEST_LENGTH: \ - for (nn=0;nnh[nn]; (void)HOST_l2c(ll,(s)); } \ - break; \ - case SHA256_DIGEST_LENGTH: \ - for (nn=0;nnh[nn]; (void)HOST_l2c(ll,(s)); } \ - break; \ - default: \ - if ((c)->md_len > SHA256_DIGEST_LENGTH) \ - return 0; \ - for (nn=0;nn<(c)->md_len/4;nn++) \ - { ll=(c)->h[nn]; (void)HOST_l2c(ll,(s)); } \ - break; \ - } \ - } while (0) - -#define HASH_UPDATE SHA256_Update -#define HASH_TRANSFORM SHA256_Transform -#define HASH_FINAL SHA256_Final -#define HASH_BLOCK_DATA_ORDER sha256_block_data_order -#ifndef SHA256_ASM +# define HASH_MAKE_STRING(c,s) do { \ + unsigned long ll; \ + unsigned int nn; \ + switch ((c)->md_len) \ + { case SHA224_DIGEST_LENGTH: \ + for (nn=0;nnh[nn]; (void)HOST_l2c(ll,(s)); } \ + break; \ + case SHA256_DIGEST_LENGTH: \ + for (nn=0;nnh[nn]; (void)HOST_l2c(ll,(s)); } \ + break; \ + default: \ + if ((c)->md_len > SHA256_DIGEST_LENGTH) \ + return 0; \ + for (nn=0;nn<(c)->md_len/4;nn++) \ + { ll=(c)->h[nn]; (void)HOST_l2c(ll,(s)); } \ + break; \ + } \ + } while (0) + +# define HASH_UPDATE SHA256_Update +# define HASH_TRANSFORM SHA256_Transform +# define HASH_FINAL SHA256_Final +# define HASH_BLOCK_DATA_ORDER sha256_block_data_order +# ifndef SHA256_ASM static -#endif -void sha256_block_data_order (SHA256_CTX *ctx, const void *in, size_t num); +# endif +void sha256_block_data_order(SHA256_CTX *ctx, const void *in, size_t num); -#include "md32_common.h" +# include "md32_common.h" -#ifndef SHA256_ASM +# ifndef SHA256_ASM static const SHA_LONG K256[64] = { - 0x428a2f98UL,0x71374491UL,0xb5c0fbcfUL,0xe9b5dba5UL, - 0x3956c25bUL,0x59f111f1UL,0x923f82a4UL,0xab1c5ed5UL, - 0xd807aa98UL,0x12835b01UL,0x243185beUL,0x550c7dc3UL, - 0x72be5d74UL,0x80deb1feUL,0x9bdc06a7UL,0xc19bf174UL, - 0xe49b69c1UL,0xefbe4786UL,0x0fc19dc6UL,0x240ca1ccUL, - 0x2de92c6fUL,0x4a7484aaUL,0x5cb0a9dcUL,0x76f988daUL, - 0x983e5152UL,0xa831c66dUL,0xb00327c8UL,0xbf597fc7UL, - 0xc6e00bf3UL,0xd5a79147UL,0x06ca6351UL,0x14292967UL, - 0x27b70a85UL,0x2e1b2138UL,0x4d2c6dfcUL,0x53380d13UL, - 0x650a7354UL,0x766a0abbUL,0x81c2c92eUL,0x92722c85UL, - 0xa2bfe8a1UL,0xa81a664bUL,0xc24b8b70UL,0xc76c51a3UL, - 0xd192e819UL,0xd6990624UL,0xf40e3585UL,0x106aa070UL, - 0x19a4c116UL,0x1e376c08UL,0x2748774cUL,0x34b0bcb5UL, - 0x391c0cb3UL,0x4ed8aa4aUL,0x5b9cca4fUL,0x682e6ff3UL, - 0x748f82eeUL,0x78a5636fUL,0x84c87814UL,0x8cc70208UL, - 0x90befffaUL,0xa4506cebUL,0xbef9a3f7UL,0xc67178f2UL }; + 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL, + 0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL, + 0xd807aa98UL, 0x12835b01UL, 0x243185beUL, 0x550c7dc3UL, + 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, 0xc19bf174UL, + 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL, + 0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL, + 0x983e5152UL, 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL, + 0xc6e00bf3UL, 0xd5a79147UL, 0x06ca6351UL, 0x14292967UL, + 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, 0x53380d13UL, + 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL, + 0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL, + 0xd192e819UL, 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL, + 0x19a4c116UL, 0x1e376c08UL, 0x2748774cUL, 0x34b0bcb5UL, + 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, 0x682e6ff3UL, + 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL, + 0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL +}; /* * FIPS specification refers to right rotations, while our ROTATE macro * is left one. This is why you might notice that rotation coefficients * differ from those observed in FIPS document by 32-N... */ -#define Sigma0(x) (ROTATE((x),30) ^ ROTATE((x),19) ^ ROTATE((x),10)) -#define Sigma1(x) (ROTATE((x),26) ^ ROTATE((x),21) ^ ROTATE((x),7)) -#define sigma0(x) (ROTATE((x),25) ^ ROTATE((x),14) ^ ((x)>>3)) -#define sigma1(x) (ROTATE((x),15) ^ ROTATE((x),13) ^ ((x)>>10)) - -#define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) -#define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) - -#ifdef OPENSSL_SMALL_FOOTPRINT - -static void sha256_block_data_order (SHA256_CTX *ctx, const void *in, size_t num) - { - unsigned MD32_REG_T a,b,c,d,e,f,g,h,s0,s1,T1,T2; - SHA_LONG X[16],l; - int i; - const unsigned char *data=in; - - while (num--) { - - a = ctx->h[0]; b = ctx->h[1]; c = ctx->h[2]; d = ctx->h[3]; - e = ctx->h[4]; f = ctx->h[5]; g = ctx->h[6]; h = ctx->h[7]; - - for (i=0;i<16;i++) - { - HOST_c2l(data,l); T1 = X[i] = l; - T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i]; - T2 = Sigma0(a) + Maj(a,b,c); - h = g; g = f; f = e; e = d + T1; - d = c; c = b; b = a; a = T1 + T2; - } - - for (;i<64;i++) - { - s0 = X[(i+1)&0x0f]; s0 = sigma0(s0); - s1 = X[(i+14)&0x0f]; s1 = sigma1(s1); - - T1 = X[i&0xf] += s0 + s1 + X[(i+9)&0xf]; - T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i]; - T2 = Sigma0(a) + Maj(a,b,c); - h = g; g = f; f = e; e = d + T1; - d = c; c = b; b = a; a = T1 + T2; - } - - ctx->h[0] += a; ctx->h[1] += b; ctx->h[2] += c; ctx->h[3] += d; - ctx->h[4] += e; ctx->h[5] += f; ctx->h[6] += g; ctx->h[7] += h; - - } +# define Sigma0(x) (ROTATE((x),30) ^ ROTATE((x),19) ^ ROTATE((x),10)) +# define Sigma1(x) (ROTATE((x),26) ^ ROTATE((x),21) ^ ROTATE((x),7)) +# define sigma0(x) (ROTATE((x),25) ^ ROTATE((x),14) ^ ((x)>>3)) +# define sigma1(x) (ROTATE((x),15) ^ ROTATE((x),13) ^ ((x)>>10)) + +# define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) +# define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) + +# ifdef OPENSSL_SMALL_FOOTPRINT + +static void sha256_block_data_order(SHA256_CTX *ctx, const void *in, + size_t num) +{ + unsigned MD32_REG_T a, b, c, d, e, f, g, h, s0, s1, T1, T2; + SHA_LONG X[16], l; + int i; + const unsigned char *data = in; + + while (num--) { + + a = ctx->h[0]; + b = ctx->h[1]; + c = ctx->h[2]; + d = ctx->h[3]; + e = ctx->h[4]; + f = ctx->h[5]; + g = ctx->h[6]; + h = ctx->h[7]; + + for (i = 0; i < 16; i++) { + HOST_c2l(data, l); + T1 = X[i] = l; + T1 += h + Sigma1(e) + Ch(e, f, g) + K256[i]; + T2 = Sigma0(a) + Maj(a, b, c); + h = g; + g = f; + f = e; + e = d + T1; + d = c; + c = b; + b = a; + a = T1 + T2; + } + + for (; i < 64; i++) { + s0 = X[(i + 1) & 0x0f]; + s0 = sigma0(s0); + s1 = X[(i + 14) & 0x0f]; + s1 = sigma1(s1); + + T1 = X[i & 0xf] += s0 + s1 + X[(i + 9) & 0xf]; + T1 += h + Sigma1(e) + Ch(e, f, g) + K256[i]; + T2 = Sigma0(a) + Maj(a, b, c); + h = g; + g = f; + f = e; + e = d + T1; + d = c; + c = b; + b = a; + a = T1 + T2; + } + + ctx->h[0] += a; + ctx->h[1] += b; + ctx->h[2] += c; + ctx->h[3] += d; + ctx->h[4] += e; + ctx->h[5] += f; + ctx->h[6] += g; + ctx->h[7] += h; + + } } -#else - -#define ROUND_00_15(i,a,b,c,d,e,f,g,h) do { \ - T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i]; \ - h = Sigma0(a) + Maj(a,b,c); \ - d += T1; h += T1; } while (0) - -#define ROUND_16_63(i,a,b,c,d,e,f,g,h,X) do { \ - s0 = X[(i+1)&0x0f]; s0 = sigma0(s0); \ - s1 = X[(i+14)&0x0f]; s1 = sigma1(s1); \ - T1 = X[(i)&0x0f] += s0 + s1 + X[(i+9)&0x0f]; \ - ROUND_00_15(i,a,b,c,d,e,f,g,h); } while (0) - -static void sha256_block_data_order (SHA256_CTX *ctx, const void *in, size_t num) - { - unsigned MD32_REG_T a,b,c,d,e,f,g,h,s0,s1,T1; - SHA_LONG X[16]; - int i; - const unsigned char *data=in; - const union { long one; char little; } is_endian = {1}; - - while (num--) { - - a = ctx->h[0]; b = ctx->h[1]; c = ctx->h[2]; d = ctx->h[3]; - e = ctx->h[4]; f = ctx->h[5]; g = ctx->h[6]; h = ctx->h[7]; - - if (!is_endian.little && sizeof(SHA_LONG)==4 && ((size_t)in%4)==0) - { - const SHA_LONG *W=(const SHA_LONG *)data; - - T1 = X[0] = W[0]; ROUND_00_15(0,a,b,c,d,e,f,g,h); - T1 = X[1] = W[1]; ROUND_00_15(1,h,a,b,c,d,e,f,g); - T1 = X[2] = W[2]; ROUND_00_15(2,g,h,a,b,c,d,e,f); - T1 = X[3] = W[3]; ROUND_00_15(3,f,g,h,a,b,c,d,e); - T1 = X[4] = W[4]; ROUND_00_15(4,e,f,g,h,a,b,c,d); - T1 = X[5] = W[5]; ROUND_00_15(5,d,e,f,g,h,a,b,c); - T1 = X[6] = W[6]; ROUND_00_15(6,c,d,e,f,g,h,a,b); - T1 = X[7] = W[7]; ROUND_00_15(7,b,c,d,e,f,g,h,a); - T1 = X[8] = W[8]; ROUND_00_15(8,a,b,c,d,e,f,g,h); - T1 = X[9] = W[9]; ROUND_00_15(9,h,a,b,c,d,e,f,g); - T1 = X[10] = W[10]; ROUND_00_15(10,g,h,a,b,c,d,e,f); - T1 = X[11] = W[11]; ROUND_00_15(11,f,g,h,a,b,c,d,e); - T1 = X[12] = W[12]; ROUND_00_15(12,e,f,g,h,a,b,c,d); - T1 = X[13] = W[13]; ROUND_00_15(13,d,e,f,g,h,a,b,c); - T1 = X[14] = W[14]; ROUND_00_15(14,c,d,e,f,g,h,a,b); - T1 = X[15] = W[15]; ROUND_00_15(15,b,c,d,e,f,g,h,a); - - data += SHA256_CBLOCK; - } - else - { - SHA_LONG l; - - HOST_c2l(data,l); T1 = X[0] = l; ROUND_00_15(0,a,b,c,d,e,f,g,h); - HOST_c2l(data,l); T1 = X[1] = l; ROUND_00_15(1,h,a,b,c,d,e,f,g); - HOST_c2l(data,l); T1 = X[2] = l; ROUND_00_15(2,g,h,a,b,c,d,e,f); - HOST_c2l(data,l); T1 = X[3] = l; ROUND_00_15(3,f,g,h,a,b,c,d,e); - HOST_c2l(data,l); T1 = X[4] = l; ROUND_00_15(4,e,f,g,h,a,b,c,d); - HOST_c2l(data,l); T1 = X[5] = l; ROUND_00_15(5,d,e,f,g,h,a,b,c); - HOST_c2l(data,l); T1 = X[6] = l; ROUND_00_15(6,c,d,e,f,g,h,a,b); - HOST_c2l(data,l); T1 = X[7] = l; ROUND_00_15(7,b,c,d,e,f,g,h,a); - HOST_c2l(data,l); T1 = X[8] = l; ROUND_00_15(8,a,b,c,d,e,f,g,h); - HOST_c2l(data,l); T1 = X[9] = l; ROUND_00_15(9,h,a,b,c,d,e,f,g); - HOST_c2l(data,l); T1 = X[10] = l; ROUND_00_15(10,g,h,a,b,c,d,e,f); - HOST_c2l(data,l); T1 = X[11] = l; ROUND_00_15(11,f,g,h,a,b,c,d,e); - HOST_c2l(data,l); T1 = X[12] = l; ROUND_00_15(12,e,f,g,h,a,b,c,d); - HOST_c2l(data,l); T1 = X[13] = l; ROUND_00_15(13,d,e,f,g,h,a,b,c); - HOST_c2l(data,l); T1 = X[14] = l; ROUND_00_15(14,c,d,e,f,g,h,a,b); - HOST_c2l(data,l); T1 = X[15] = l; ROUND_00_15(15,b,c,d,e,f,g,h,a); - } - - for (i=16;i<64;i+=8) - { - ROUND_16_63(i+0,a,b,c,d,e,f,g,h,X); - ROUND_16_63(i+1,h,a,b,c,d,e,f,g,X); - ROUND_16_63(i+2,g,h,a,b,c,d,e,f,X); - ROUND_16_63(i+3,f,g,h,a,b,c,d,e,X); - ROUND_16_63(i+4,e,f,g,h,a,b,c,d,X); - ROUND_16_63(i+5,d,e,f,g,h,a,b,c,X); - ROUND_16_63(i+6,c,d,e,f,g,h,a,b,X); - ROUND_16_63(i+7,b,c,d,e,f,g,h,a,X); - } - - ctx->h[0] += a; ctx->h[1] += b; ctx->h[2] += c; ctx->h[3] += d; - ctx->h[4] += e; ctx->h[5] += f; ctx->h[6] += g; ctx->h[7] += h; - - } - } - -#endif -#endif /* SHA256_ASM */ - -#endif /* OPENSSL_NO_SHA256 */ +# else + +# define ROUND_00_15(i,a,b,c,d,e,f,g,h) do { \ + T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i]; \ + h = Sigma0(a) + Maj(a,b,c); \ + d += T1; h += T1; } while (0) + +# define ROUND_16_63(i,a,b,c,d,e,f,g,h,X) do { \ + s0 = X[(i+1)&0x0f]; s0 = sigma0(s0); \ + s1 = X[(i+14)&0x0f]; s1 = sigma1(s1); \ + T1 = X[(i)&0x0f] += s0 + s1 + X[(i+9)&0x0f]; \ + ROUND_00_15(i,a,b,c,d,e,f,g,h); } while (0) + +static void sha256_block_data_order(SHA256_CTX *ctx, const void *in, + size_t num) +{ + unsigned MD32_REG_T a, b, c, d, e, f, g, h, s0, s1, T1; + SHA_LONG X[16]; + int i; + const unsigned char *data = in; + const union { + long one; + char little; + } is_endian = { + 1 + }; + + while (num--) { + + a = ctx->h[0]; + b = ctx->h[1]; + c = ctx->h[2]; + d = ctx->h[3]; + e = ctx->h[4]; + f = ctx->h[5]; + g = ctx->h[6]; + h = ctx->h[7]; + + if (!is_endian.little && sizeof(SHA_LONG) == 4 + && ((size_t)in % 4) == 0) { + const SHA_LONG *W = (const SHA_LONG *)data; + + T1 = X[0] = W[0]; + ROUND_00_15(0, a, b, c, d, e, f, g, h); + T1 = X[1] = W[1]; + ROUND_00_15(1, h, a, b, c, d, e, f, g); + T1 = X[2] = W[2]; + ROUND_00_15(2, g, h, a, b, c, d, e, f); + T1 = X[3] = W[3]; + ROUND_00_15(3, f, g, h, a, b, c, d, e); + T1 = X[4] = W[4]; + ROUND_00_15(4, e, f, g, h, a, b, c, d); + T1 = X[5] = W[5]; + ROUND_00_15(5, d, e, f, g, h, a, b, c); + T1 = X[6] = W[6]; + ROUND_00_15(6, c, d, e, f, g, h, a, b); + T1 = X[7] = W[7]; + ROUND_00_15(7, b, c, d, e, f, g, h, a); + T1 = X[8] = W[8]; + ROUND_00_15(8, a, b, c, d, e, f, g, h); + T1 = X[9] = W[9]; + ROUND_00_15(9, h, a, b, c, d, e, f, g); + T1 = X[10] = W[10]; + ROUND_00_15(10, g, h, a, b, c, d, e, f); + T1 = X[11] = W[11]; + ROUND_00_15(11, f, g, h, a, b, c, d, e); + T1 = X[12] = W[12]; + ROUND_00_15(12, e, f, g, h, a, b, c, d); + T1 = X[13] = W[13]; + ROUND_00_15(13, d, e, f, g, h, a, b, c); + T1 = X[14] = W[14]; + ROUND_00_15(14, c, d, e, f, g, h, a, b); + T1 = X[15] = W[15]; + ROUND_00_15(15, b, c, d, e, f, g, h, a); + + data += SHA256_CBLOCK; + } else { + SHA_LONG l; + + HOST_c2l(data, l); + T1 = X[0] = l; + ROUND_00_15(0, a, b, c, d, e, f, g, h); + HOST_c2l(data, l); + T1 = X[1] = l; + ROUND_00_15(1, h, a, b, c, d, e, f, g); + HOST_c2l(data, l); + T1 = X[2] = l; + ROUND_00_15(2, g, h, a, b, c, d, e, f); + HOST_c2l(data, l); + T1 = X[3] = l; + ROUND_00_15(3, f, g, h, a, b, c, d, e); + HOST_c2l(data, l); + T1 = X[4] = l; + ROUND_00_15(4, e, f, g, h, a, b, c, d); + HOST_c2l(data, l); + T1 = X[5] = l; + ROUND_00_15(5, d, e, f, g, h, a, b, c); + HOST_c2l(data, l); + T1 = X[6] = l; + ROUND_00_15(6, c, d, e, f, g, h, a, b); + HOST_c2l(data, l); + T1 = X[7] = l; + ROUND_00_15(7, b, c, d, e, f, g, h, a); + HOST_c2l(data, l); + T1 = X[8] = l; + ROUND_00_15(8, a, b, c, d, e, f, g, h); + HOST_c2l(data, l); + T1 = X[9] = l; + ROUND_00_15(9, h, a, b, c, d, e, f, g); + HOST_c2l(data, l); + T1 = X[10] = l; + ROUND_00_15(10, g, h, a, b, c, d, e, f); + HOST_c2l(data, l); + T1 = X[11] = l; + ROUND_00_15(11, f, g, h, a, b, c, d, e); + HOST_c2l(data, l); + T1 = X[12] = l; + ROUND_00_15(12, e, f, g, h, a, b, c, d); + HOST_c2l(data, l); + T1 = X[13] = l; + ROUND_00_15(13, d, e, f, g, h, a, b, c); + HOST_c2l(data, l); + T1 = X[14] = l; + ROUND_00_15(14, c, d, e, f, g, h, a, b); + HOST_c2l(data, l); + T1 = X[15] = l; + ROUND_00_15(15, b, c, d, e, f, g, h, a); + } + + for (i = 16; i < 64; i += 8) { + ROUND_16_63(i + 0, a, b, c, d, e, f, g, h, X); + ROUND_16_63(i + 1, h, a, b, c, d, e, f, g, X); + ROUND_16_63(i + 2, g, h, a, b, c, d, e, f, X); + ROUND_16_63(i + 3, f, g, h, a, b, c, d, e, X); + ROUND_16_63(i + 4, e, f, g, h, a, b, c, d, X); + ROUND_16_63(i + 5, d, e, f, g, h, a, b, c, X); + ROUND_16_63(i + 6, c, d, e, f, g, h, a, b, X); + ROUND_16_63(i + 7, b, c, d, e, f, g, h, a, X); + } + + ctx->h[0] += a; + ctx->h[1] += b; + ctx->h[2] += c; + ctx->h[3] += d; + ctx->h[4] += e; + ctx->h[5] += f; + ctx->h[6] += g; + ctx->h[7] += h; + + } +} + +# endif +# endif /* SHA256_ASM */ + +#endif /* OPENSSL_NO_SHA256 */ diff --git a/crypto/openssl/crypto/sha/sha256t.c b/crypto/openssl/crypto/sha/sha256t.c index 6b4a3bd..35dbbc2 100644 --- a/crypto/openssl/crypto/sha/sha256t.c +++ b/crypto/openssl/crypto/sha/sha256t.c @@ -14,134 +14,145 @@ int main(int argc, char *argv[]) { printf("No SHA256 support\n"); - return(0); + return (0); } #else unsigned char app_b1[SHA256_DIGEST_LENGTH] = { - 0xba,0x78,0x16,0xbf,0x8f,0x01,0xcf,0xea, - 0x41,0x41,0x40,0xde,0x5d,0xae,0x22,0x23, - 0xb0,0x03,0x61,0xa3,0x96,0x17,0x7a,0x9c, - 0xb4,0x10,0xff,0x61,0xf2,0x00,0x15,0xad }; + 0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, + 0x41, 0x41, 0x40, 0xde, 0x5d, 0xae, 0x22, 0x23, + 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c, + 0xb4, 0x10, 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad +}; unsigned char app_b2[SHA256_DIGEST_LENGTH] = { - 0x24,0x8d,0x6a,0x61,0xd2,0x06,0x38,0xb8, - 0xe5,0xc0,0x26,0x93,0x0c,0x3e,0x60,0x39, - 0xa3,0x3c,0xe4,0x59,0x64,0xff,0x21,0x67, - 0xf6,0xec,0xed,0xd4,0x19,0xdb,0x06,0xc1 }; + 0x24, 0x8d, 0x6a, 0x61, 0xd2, 0x06, 0x38, 0xb8, + 0xe5, 0xc0, 0x26, 0x93, 0x0c, 0x3e, 0x60, 0x39, + 0xa3, 0x3c, 0xe4, 0x59, 0x64, 0xff, 0x21, 0x67, + 0xf6, 0xec, 0xed, 0xd4, 0x19, 0xdb, 0x06, 0xc1 +}; unsigned char app_b3[SHA256_DIGEST_LENGTH] = { - 0xcd,0xc7,0x6e,0x5c,0x99,0x14,0xfb,0x92, - 0x81,0xa1,0xc7,0xe2,0x84,0xd7,0x3e,0x67, - 0xf1,0x80,0x9a,0x48,0xa4,0x97,0x20,0x0e, - 0x04,0x6d,0x39,0xcc,0xc7,0x11,0x2c,0xd0 }; + 0xcd, 0xc7, 0x6e, 0x5c, 0x99, 0x14, 0xfb, 0x92, + 0x81, 0xa1, 0xc7, 0xe2, 0x84, 0xd7, 0x3e, 0x67, + 0xf1, 0x80, 0x9a, 0x48, 0xa4, 0x97, 0x20, 0x0e, + 0x04, 0x6d, 0x39, 0xcc, 0xc7, 0x11, 0x2c, 0xd0 +}; unsigned char addenum_1[SHA224_DIGEST_LENGTH] = { - 0x23,0x09,0x7d,0x22,0x34,0x05,0xd8,0x22, - 0x86,0x42,0xa4,0x77,0xbd,0xa2,0x55,0xb3, - 0x2a,0xad,0xbc,0xe4,0xbd,0xa0,0xb3,0xf7, - 0xe3,0x6c,0x9d,0xa7 }; + 0x23, 0x09, 0x7d, 0x22, 0x34, 0x05, 0xd8, 0x22, + 0x86, 0x42, 0xa4, 0x77, 0xbd, 0xa2, 0x55, 0xb3, + 0x2a, 0xad, 0xbc, 0xe4, 0xbd, 0xa0, 0xb3, 0xf7, + 0xe3, 0x6c, 0x9d, 0xa7 +}; unsigned char addenum_2[SHA224_DIGEST_LENGTH] = { - 0x75,0x38,0x8b,0x16,0x51,0x27,0x76,0xcc, - 0x5d,0xba,0x5d,0xa1,0xfd,0x89,0x01,0x50, - 0xb0,0xc6,0x45,0x5c,0xb4,0xf5,0x8b,0x19, - 0x52,0x52,0x25,0x25 }; + 0x75, 0x38, 0x8b, 0x16, 0x51, 0x27, 0x76, 0xcc, + 0x5d, 0xba, 0x5d, 0xa1, 0xfd, 0x89, 0x01, 0x50, + 0xb0, 0xc6, 0x45, 0x5c, 0xb4, 0xf5, 0x8b, 0x19, + 0x52, 0x52, 0x25, 0x25 +}; unsigned char addenum_3[SHA224_DIGEST_LENGTH] = { - 0x20,0x79,0x46,0x55,0x98,0x0c,0x91,0xd8, - 0xbb,0xb4,0xc1,0xea,0x97,0x61,0x8a,0x4b, - 0xf0,0x3f,0x42,0x58,0x19,0x48,0xb2,0xee, - 0x4e,0xe7,0xad,0x67 }; - -int main (int argc,char **argv) -{ unsigned char md[SHA256_DIGEST_LENGTH]; - int i; - EVP_MD_CTX evp; - - fprintf(stdout,"Testing SHA-256 "); - - EVP_Digest ("abc",3,md,NULL,EVP_sha256(),NULL); - if (memcmp(md,app_b1,sizeof(app_b1))) - { fflush(stdout); - fprintf(stderr,"\nTEST 1 of 3 failed.\n"); - return 1; - } - else - fprintf(stdout,"."); fflush(stdout); - - EVP_Digest ("abcdbcde""cdefdefg""efghfghi""ghijhijk" - "ijkljklm""klmnlmno""mnopnopq",56,md,NULL,EVP_sha256(),NULL); - if (memcmp(md,app_b2,sizeof(app_b2))) - { fflush(stdout); - fprintf(stderr,"\nTEST 2 of 3 failed.\n"); - return 1; - } - else - fprintf(stdout,"."); fflush(stdout); - - EVP_MD_CTX_init (&evp); - EVP_DigestInit_ex (&evp,EVP_sha256(),NULL); - for (i=0;i<1000000;i+=160) - EVP_DigestUpdate (&evp, "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa" - "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa" - "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa" - "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa" - "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa", - (1000000-i)<160?1000000-i:160); - EVP_DigestFinal_ex (&evp,md,NULL); - EVP_MD_CTX_cleanup (&evp); - - if (memcmp(md,app_b3,sizeof(app_b3))) - { fflush(stdout); - fprintf(stderr,"\nTEST 3 of 3 failed.\n"); - return 1; - } - else - fprintf(stdout,"."); fflush(stdout); - - fprintf(stdout," passed.\n"); fflush(stdout); - - fprintf(stdout,"Testing SHA-224 "); - - EVP_Digest ("abc",3,md,NULL,EVP_sha224(),NULL); - if (memcmp(md,addenum_1,sizeof(addenum_1))) - { fflush(stdout); - fprintf(stderr,"\nTEST 1 of 3 failed.\n"); - return 1; - } - else - fprintf(stdout,"."); fflush(stdout); - - EVP_Digest ("abcdbcde""cdefdefg""efghfghi""ghijhijk" - "ijkljklm""klmnlmno""mnopnopq",56,md,NULL,EVP_sha224(),NULL); - if (memcmp(md,addenum_2,sizeof(addenum_2))) - { fflush(stdout); - fprintf(stderr,"\nTEST 2 of 3 failed.\n"); - return 1; - } - else - fprintf(stdout,"."); fflush(stdout); - - EVP_MD_CTX_init (&evp); - EVP_DigestInit_ex (&evp,EVP_sha224(),NULL); - for (i=0;i<1000000;i+=64) - EVP_DigestUpdate (&evp, "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa" - "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa", - (1000000-i)<64?1000000-i:64); - EVP_DigestFinal_ex (&evp,md,NULL); - EVP_MD_CTX_cleanup (&evp); - - if (memcmp(md,addenum_3,sizeof(addenum_3))) - { fflush(stdout); - fprintf(stderr,"\nTEST 3 of 3 failed.\n"); - return 1; - } - else - fprintf(stdout,"."); fflush(stdout); - - fprintf(stdout," passed.\n"); fflush(stdout); - - return 0; + 0x20, 0x79, 0x46, 0x55, 0x98, 0x0c, 0x91, 0xd8, + 0xbb, 0xb4, 0xc1, 0xea, 0x97, 0x61, 0x8a, 0x4b, + 0xf0, 0x3f, 0x42, 0x58, 0x19, 0x48, 0xb2, 0xee, + 0x4e, 0xe7, 0xad, 0x67 +}; + +int main(int argc, char **argv) +{ + unsigned char md[SHA256_DIGEST_LENGTH]; + int i; + EVP_MD_CTX evp; + + fprintf(stdout, "Testing SHA-256 "); + + EVP_Digest("abc", 3, md, NULL, EVP_sha256(), NULL); + if (memcmp(md, app_b1, sizeof(app_b1))) { + fflush(stdout); + fprintf(stderr, "\nTEST 1 of 3 failed.\n"); + return 1; + } else + fprintf(stdout, "."); + fflush(stdout); + + EVP_Digest("abcdbcde" "cdefdefg" "efghfghi" "ghijhijk" + "ijkljklm" "klmnlmno" "mnopnopq", 56, md, NULL, EVP_sha256(), + NULL); + if (memcmp(md, app_b2, sizeof(app_b2))) { + fflush(stdout); + fprintf(stderr, "\nTEST 2 of 3 failed.\n"); + return 1; + } else + fprintf(stdout, "."); + fflush(stdout); + + EVP_MD_CTX_init(&evp); + EVP_DigestInit_ex(&evp, EVP_sha256(), NULL); + for (i = 0; i < 1000000; i += 160) + EVP_DigestUpdate(&evp, "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" + "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" + "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" + "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" + "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa", + (1000000 - i) < 160 ? 1000000 - i : 160); + EVP_DigestFinal_ex(&evp, md, NULL); + EVP_MD_CTX_cleanup(&evp); + + if (memcmp(md, app_b3, sizeof(app_b3))) { + fflush(stdout); + fprintf(stderr, "\nTEST 3 of 3 failed.\n"); + return 1; + } else + fprintf(stdout, "."); + fflush(stdout); + + fprintf(stdout, " passed.\n"); + fflush(stdout); + + fprintf(stdout, "Testing SHA-224 "); + + EVP_Digest("abc", 3, md, NULL, EVP_sha224(), NULL); + if (memcmp(md, addenum_1, sizeof(addenum_1))) { + fflush(stdout); + fprintf(stderr, "\nTEST 1 of 3 failed.\n"); + return 1; + } else + fprintf(stdout, "."); + fflush(stdout); + + EVP_Digest("abcdbcde" "cdefdefg" "efghfghi" "ghijhijk" + "ijkljklm" "klmnlmno" "mnopnopq", 56, md, NULL, EVP_sha224(), + NULL); + if (memcmp(md, addenum_2, sizeof(addenum_2))) { + fflush(stdout); + fprintf(stderr, "\nTEST 2 of 3 failed.\n"); + return 1; + } else + fprintf(stdout, "."); + fflush(stdout); + + EVP_MD_CTX_init(&evp); + EVP_DigestInit_ex(&evp, EVP_sha224(), NULL); + for (i = 0; i < 1000000; i += 64) + EVP_DigestUpdate(&evp, "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" + "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa", + (1000000 - i) < 64 ? 1000000 - i : 64); + EVP_DigestFinal_ex(&evp, md, NULL); + EVP_MD_CTX_cleanup(&evp); + + if (memcmp(md, addenum_3, sizeof(addenum_3))) { + fflush(stdout); + fprintf(stderr, "\nTEST 3 of 3 failed.\n"); + return 1; + } else + fprintf(stdout, "."); + fflush(stdout); + + fprintf(stdout, " passed.\n"); + fflush(stdout); + + return 0; } #endif diff --git a/crypto/openssl/crypto/sha/sha512.c b/crypto/openssl/crypto/sha/sha512.c index 50c229d..de0aad8 100644 --- a/crypto/openssl/crypto/sha/sha512.c +++ b/crypto/openssl/crypto/sha/sha512.c @@ -6,7 +6,7 @@ */ #include #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA512) -/* +/*- * IMPLEMENTATION NOTES. * * As you might have noticed 32-bit hash algorithms: @@ -39,566 +39,633 @@ * As this implementation relies on 64-bit integer type, it's totally * inappropriate for platforms which don't support it, most notably * 16-bit platforms. - * + * */ -#include -#include +# include +# include -#include -#include -#include +# include +# include +# include -#include "cryptlib.h" +# include "cryptlib.h" -const char SHA512_version[]="SHA-512" OPENSSL_VERSION_PTEXT; +const char SHA512_version[] = "SHA-512" OPENSSL_VERSION_PTEXT; -#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ +# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ defined(__x86_64) || defined(_M_AMD64) || defined(_M_X64) || \ defined(__s390__) || defined(__s390x__) || \ defined(SHA512_ASM) -#define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA -#endif +# define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA +# endif fips_md_init_ctx(SHA384, SHA512) - { - c->h[0]=U64(0xcbbb9d5dc1059ed8); - c->h[1]=U64(0x629a292a367cd507); - c->h[2]=U64(0x9159015a3070dd17); - c->h[3]=U64(0x152fecd8f70e5939); - c->h[4]=U64(0x67332667ffc00b31); - c->h[5]=U64(0x8eb44a8768581511); - c->h[6]=U64(0xdb0c2e0d64f98fa7); - c->h[7]=U64(0x47b5481dbefa4fa4); - - c->Nl=0; c->Nh=0; - c->num=0; c->md_len=SHA384_DIGEST_LENGTH; - return 1; - } +{ + c->h[0] = U64(0xcbbb9d5dc1059ed8); + c->h[1] = U64(0x629a292a367cd507); + c->h[2] = U64(0x9159015a3070dd17); + c->h[3] = U64(0x152fecd8f70e5939); + c->h[4] = U64(0x67332667ffc00b31); + c->h[5] = U64(0x8eb44a8768581511); + c->h[6] = U64(0xdb0c2e0d64f98fa7); + c->h[7] = U64(0x47b5481dbefa4fa4); + + c->Nl = 0; + c->Nh = 0; + c->num = 0; + c->md_len = SHA384_DIGEST_LENGTH; + return 1; +} fips_md_init(SHA512) - { - c->h[0]=U64(0x6a09e667f3bcc908); - c->h[1]=U64(0xbb67ae8584caa73b); - c->h[2]=U64(0x3c6ef372fe94f82b); - c->h[3]=U64(0xa54ff53a5f1d36f1); - c->h[4]=U64(0x510e527fade682d1); - c->h[5]=U64(0x9b05688c2b3e6c1f); - c->h[6]=U64(0x1f83d9abfb41bd6b); - c->h[7]=U64(0x5be0cd19137e2179); - - c->Nl=0; c->Nh=0; - c->num=0; c->md_len=SHA512_DIGEST_LENGTH; +{ + c->h[0] = U64(0x6a09e667f3bcc908); + c->h[1] = U64(0xbb67ae8584caa73b); + c->h[2] = U64(0x3c6ef372fe94f82b); + c->h[3] = U64(0xa54ff53a5f1d36f1); + c->h[4] = U64(0x510e527fade682d1); + c->h[5] = U64(0x9b05688c2b3e6c1f); + c->h[6] = U64(0x1f83d9abfb41bd6b); + c->h[7] = U64(0x5be0cd19137e2179); + + c->Nl = 0; + c->Nh = 0; + c->num = 0; + c->md_len = SHA512_DIGEST_LENGTH; + return 1; +} + +# ifndef SHA512_ASM +static +# endif +void sha512_block_data_order(SHA512_CTX *ctx, const void *in, size_t num); + +int SHA512_Final(unsigned char *md, SHA512_CTX *c) +{ + unsigned char *p = (unsigned char *)c->u.p; + size_t n = c->num; + + p[n] = 0x80; /* There always is a room for one */ + n++; + if (n > (sizeof(c->u) - 16)) + memset(p + n, 0, sizeof(c->u) - n), n = 0, + sha512_block_data_order(c, p, 1); + + memset(p + n, 0, sizeof(c->u) - 16 - n); +# ifdef B_ENDIAN + c->u.d[SHA_LBLOCK - 2] = c->Nh; + c->u.d[SHA_LBLOCK - 1] = c->Nl; +# else + p[sizeof(c->u) - 1] = (unsigned char)(c->Nl); + p[sizeof(c->u) - 2] = (unsigned char)(c->Nl >> 8); + p[sizeof(c->u) - 3] = (unsigned char)(c->Nl >> 16); + p[sizeof(c->u) - 4] = (unsigned char)(c->Nl >> 24); + p[sizeof(c->u) - 5] = (unsigned char)(c->Nl >> 32); + p[sizeof(c->u) - 6] = (unsigned char)(c->Nl >> 40); + p[sizeof(c->u) - 7] = (unsigned char)(c->Nl >> 48); + p[sizeof(c->u) - 8] = (unsigned char)(c->Nl >> 56); + p[sizeof(c->u) - 9] = (unsigned char)(c->Nh); + p[sizeof(c->u) - 10] = (unsigned char)(c->Nh >> 8); + p[sizeof(c->u) - 11] = (unsigned char)(c->Nh >> 16); + p[sizeof(c->u) - 12] = (unsigned char)(c->Nh >> 24); + p[sizeof(c->u) - 13] = (unsigned char)(c->Nh >> 32); + p[sizeof(c->u) - 14] = (unsigned char)(c->Nh >> 40); + p[sizeof(c->u) - 15] = (unsigned char)(c->Nh >> 48); + p[sizeof(c->u) - 16] = (unsigned char)(c->Nh >> 56); +# endif + + sha512_block_data_order(c, p, 1); + + if (md == 0) + return 0; + + switch (c->md_len) { + /* Let compiler decide if it's appropriate to unroll... */ + case SHA384_DIGEST_LENGTH: + for (n = 0; n < SHA384_DIGEST_LENGTH / 8; n++) { + SHA_LONG64 t = c->h[n]; + + *(md++) = (unsigned char)(t >> 56); + *(md++) = (unsigned char)(t >> 48); + *(md++) = (unsigned char)(t >> 40); + *(md++) = (unsigned char)(t >> 32); + *(md++) = (unsigned char)(t >> 24); + *(md++) = (unsigned char)(t >> 16); + *(md++) = (unsigned char)(t >> 8); + *(md++) = (unsigned char)(t); + } + break; + case SHA512_DIGEST_LENGTH: + for (n = 0; n < SHA512_DIGEST_LENGTH / 8; n++) { + SHA_LONG64 t = c->h[n]; + + *(md++) = (unsigned char)(t >> 56); + *(md++) = (unsigned char)(t >> 48); + *(md++) = (unsigned char)(t >> 40); + *(md++) = (unsigned char)(t >> 32); + *(md++) = (unsigned char)(t >> 24); + *(md++) = (unsigned char)(t >> 16); + *(md++) = (unsigned char)(t >> 8); + *(md++) = (unsigned char)(t); + } + break; + /* ... as well as make sure md_len is not abused. */ + default: + return 0; + } + + return 1; +} + +int SHA384_Final(unsigned char *md, SHA512_CTX *c) +{ + return SHA512_Final(md, c); +} + +int SHA512_Update(SHA512_CTX *c, const void *_data, size_t len) +{ + SHA_LONG64 l; + unsigned char *p = c->u.p; + const unsigned char *data = (const unsigned char *)_data; + + if (len == 0) return 1; - } -#ifndef SHA512_ASM -static -#endif -void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num); - -int SHA512_Final (unsigned char *md, SHA512_CTX *c) - { - unsigned char *p=(unsigned char *)c->u.p; - size_t n=c->num; - - p[n]=0x80; /* There always is a room for one */ - n++; - if (n > (sizeof(c->u)-16)) - memset (p+n,0,sizeof(c->u)-n), n=0, - sha512_block_data_order (c,p,1); - - memset (p+n,0,sizeof(c->u)-16-n); -#ifdef B_ENDIAN - c->u.d[SHA_LBLOCK-2] = c->Nh; - c->u.d[SHA_LBLOCK-1] = c->Nl; -#else - p[sizeof(c->u)-1] = (unsigned char)(c->Nl); - p[sizeof(c->u)-2] = (unsigned char)(c->Nl>>8); - p[sizeof(c->u)-3] = (unsigned char)(c->Nl>>16); - p[sizeof(c->u)-4] = (unsigned char)(c->Nl>>24); - p[sizeof(c->u)-5] = (unsigned char)(c->Nl>>32); - p[sizeof(c->u)-6] = (unsigned char)(c->Nl>>40); - p[sizeof(c->u)-7] = (unsigned char)(c->Nl>>48); - p[sizeof(c->u)-8] = (unsigned char)(c->Nl>>56); - p[sizeof(c->u)-9] = (unsigned char)(c->Nh); - p[sizeof(c->u)-10] = (unsigned char)(c->Nh>>8); - p[sizeof(c->u)-11] = (unsigned char)(c->Nh>>16); - p[sizeof(c->u)-12] = (unsigned char)(c->Nh>>24); - p[sizeof(c->u)-13] = (unsigned char)(c->Nh>>32); - p[sizeof(c->u)-14] = (unsigned char)(c->Nh>>40); - p[sizeof(c->u)-15] = (unsigned char)(c->Nh>>48); - p[sizeof(c->u)-16] = (unsigned char)(c->Nh>>56); -#endif - - sha512_block_data_order (c,p,1); - - if (md==0) return 0; - - switch (c->md_len) - { - /* Let compiler decide if it's appropriate to unroll... */ - case SHA384_DIGEST_LENGTH: - for (n=0;nh[n]; - - *(md++) = (unsigned char)(t>>56); - *(md++) = (unsigned char)(t>>48); - *(md++) = (unsigned char)(t>>40); - *(md++) = (unsigned char)(t>>32); - *(md++) = (unsigned char)(t>>24); - *(md++) = (unsigned char)(t>>16); - *(md++) = (unsigned char)(t>>8); - *(md++) = (unsigned char)(t); - } - break; - case SHA512_DIGEST_LENGTH: - for (n=0;nh[n]; - - *(md++) = (unsigned char)(t>>56); - *(md++) = (unsigned char)(t>>48); - *(md++) = (unsigned char)(t>>40); - *(md++) = (unsigned char)(t>>32); - *(md++) = (unsigned char)(t>>24); - *(md++) = (unsigned char)(t>>16); - *(md++) = (unsigned char)(t>>8); - *(md++) = (unsigned char)(t); - } - break; - /* ... as well as make sure md_len is not abused. */ - default: return 0; - } - - return 1; - } - -int SHA384_Final (unsigned char *md,SHA512_CTX *c) -{ return SHA512_Final (md,c); } - -int SHA512_Update (SHA512_CTX *c, const void *_data, size_t len) - { - SHA_LONG64 l; - unsigned char *p=c->u.p; - const unsigned char *data=(const unsigned char *)_data; - - if (len==0) return 1; - - l = (c->Nl+(((SHA_LONG64)len)<<3))&U64(0xffffffffffffffff); - if (l < c->Nl) c->Nh++; - if (sizeof(len)>=8) c->Nh+=(((SHA_LONG64)len)>>61); - c->Nl=l; - - if (c->num != 0) - { - size_t n = sizeof(c->u) - c->num; - - if (len < n) - { - memcpy (p+c->num,data,len), c->num += (unsigned int)len; - return 1; - } - else { - memcpy (p+c->num,data,n), c->num = 0; - len-=n, data+=n; - sha512_block_data_order (c,p,1); - } - } - - if (len >= sizeof(c->u)) - { -#ifndef SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA - if ((size_t)data%sizeof(c->u.d[0]) != 0) - while (len >= sizeof(c->u)) - memcpy (p,data,sizeof(c->u)), - sha512_block_data_order (c,p,1), - len -= sizeof(c->u), - data += sizeof(c->u); - else -#endif - sha512_block_data_order (c,data,len/sizeof(c->u)), - data += len, - len %= sizeof(c->u), - data -= len; - } - - if (len != 0) memcpy (p,data,len), c->num = (int)len; - - return 1; - } - -int SHA384_Update (SHA512_CTX *c, const void *data, size_t len) -{ return SHA512_Update (c,data,len); } - -void SHA512_Transform (SHA512_CTX *c, const unsigned char *data) - { -#ifndef SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA - if ((size_t)data%sizeof(c->u.d[0]) != 0) - memcpy(c->u.p,data,sizeof(c->u.p)), - data = c->u.p; -#endif - sha512_block_data_order (c,data,1); - } + l = (c->Nl + (((SHA_LONG64) len) << 3)) & U64(0xffffffffffffffff); + if (l < c->Nl) + c->Nh++; + if (sizeof(len) >= 8) + c->Nh += (((SHA_LONG64) len) >> 61); + c->Nl = l; + + if (c->num != 0) { + size_t n = sizeof(c->u) - c->num; + + if (len < n) { + memcpy(p + c->num, data, len), c->num += (unsigned int)len; + return 1; + } else { + memcpy(p + c->num, data, n), c->num = 0; + len -= n, data += n; + sha512_block_data_order(c, p, 1); + } + } + + if (len >= sizeof(c->u)) { +# ifndef SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA + if ((size_t)data % sizeof(c->u.d[0]) != 0) + while (len >= sizeof(c->u)) + memcpy(p, data, sizeof(c->u)), + sha512_block_data_order(c, p, 1), + len -= sizeof(c->u), data += sizeof(c->u); + else +# endif + sha512_block_data_order(c, data, len / sizeof(c->u)), + data += len, len %= sizeof(c->u), data -= len; + } + + if (len != 0) + memcpy(p, data, len), c->num = (int)len; + + return 1; +} + +int SHA384_Update(SHA512_CTX *c, const void *data, size_t len) +{ + return SHA512_Update(c, data, len); +} + +void SHA512_Transform(SHA512_CTX *c, const unsigned char *data) +{ +# ifndef SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA + if ((size_t)data % sizeof(c->u.d[0]) != 0) + memcpy(c->u.p, data, sizeof(c->u.p)), data = c->u.p; +# endif + sha512_block_data_order(c, data, 1); +} unsigned char *SHA384(const unsigned char *d, size_t n, unsigned char *md) - { - SHA512_CTX c; - static unsigned char m[SHA384_DIGEST_LENGTH]; - - if (md == NULL) md=m; - SHA384_Init(&c); - SHA512_Update(&c,d,n); - SHA512_Final(md,&c); - OPENSSL_cleanse(&c,sizeof(c)); - return(md); - } +{ + SHA512_CTX c; + static unsigned char m[SHA384_DIGEST_LENGTH]; + + if (md == NULL) + md = m; + SHA384_Init(&c); + SHA512_Update(&c, d, n); + SHA512_Final(md, &c); + OPENSSL_cleanse(&c, sizeof(c)); + return (md); +} unsigned char *SHA512(const unsigned char *d, size_t n, unsigned char *md) - { - SHA512_CTX c; - static unsigned char m[SHA512_DIGEST_LENGTH]; - - if (md == NULL) md=m; - SHA512_Init(&c); - SHA512_Update(&c,d,n); - SHA512_Final(md,&c); - OPENSSL_cleanse(&c,sizeof(c)); - return(md); - } - -#ifndef SHA512_ASM +{ + SHA512_CTX c; + static unsigned char m[SHA512_DIGEST_LENGTH]; + + if (md == NULL) + md = m; + SHA512_Init(&c); + SHA512_Update(&c, d, n); + SHA512_Final(md, &c); + OPENSSL_cleanse(&c, sizeof(c)); + return (md); +} + +# ifndef SHA512_ASM static const SHA_LONG64 K512[80] = { - U64(0x428a2f98d728ae22),U64(0x7137449123ef65cd), - U64(0xb5c0fbcfec4d3b2f),U64(0xe9b5dba58189dbbc), - U64(0x3956c25bf348b538),U64(0x59f111f1b605d019), - U64(0x923f82a4af194f9b),U64(0xab1c5ed5da6d8118), - U64(0xd807aa98a3030242),U64(0x12835b0145706fbe), - U64(0x243185be4ee4b28c),U64(0x550c7dc3d5ffb4e2), - U64(0x72be5d74f27b896f),U64(0x80deb1fe3b1696b1), - U64(0x9bdc06a725c71235),U64(0xc19bf174cf692694), - U64(0xe49b69c19ef14ad2),U64(0xefbe4786384f25e3), - U64(0x0fc19dc68b8cd5b5),U64(0x240ca1cc77ac9c65), - U64(0x2de92c6f592b0275),U64(0x4a7484aa6ea6e483), - U64(0x5cb0a9dcbd41fbd4),U64(0x76f988da831153b5), - U64(0x983e5152ee66dfab),U64(0xa831c66d2db43210), - U64(0xb00327c898fb213f),U64(0xbf597fc7beef0ee4), - U64(0xc6e00bf33da88fc2),U64(0xd5a79147930aa725), - U64(0x06ca6351e003826f),U64(0x142929670a0e6e70), - U64(0x27b70a8546d22ffc),U64(0x2e1b21385c26c926), - U64(0x4d2c6dfc5ac42aed),U64(0x53380d139d95b3df), - U64(0x650a73548baf63de),U64(0x766a0abb3c77b2a8), - U64(0x81c2c92e47edaee6),U64(0x92722c851482353b), - U64(0xa2bfe8a14cf10364),U64(0xa81a664bbc423001), - U64(0xc24b8b70d0f89791),U64(0xc76c51a30654be30), - U64(0xd192e819d6ef5218),U64(0xd69906245565a910), - U64(0xf40e35855771202a),U64(0x106aa07032bbd1b8), - U64(0x19a4c116b8d2d0c8),U64(0x1e376c085141ab53), - U64(0x2748774cdf8eeb99),U64(0x34b0bcb5e19b48a8), - U64(0x391c0cb3c5c95a63),U64(0x4ed8aa4ae3418acb), - U64(0x5b9cca4f7763e373),U64(0x682e6ff3d6b2b8a3), - U64(0x748f82ee5defb2fc),U64(0x78a5636f43172f60), - U64(0x84c87814a1f0ab72),U64(0x8cc702081a6439ec), - U64(0x90befffa23631e28),U64(0xa4506cebde82bde9), - U64(0xbef9a3f7b2c67915),U64(0xc67178f2e372532b), - U64(0xca273eceea26619c),U64(0xd186b8c721c0c207), - U64(0xeada7dd6cde0eb1e),U64(0xf57d4f7fee6ed178), - U64(0x06f067aa72176fba),U64(0x0a637dc5a2c898a6), - U64(0x113f9804bef90dae),U64(0x1b710b35131c471b), - U64(0x28db77f523047d84),U64(0x32caab7b40c72493), - U64(0x3c9ebe0a15c9bebc),U64(0x431d67c49c100d4c), - U64(0x4cc5d4becb3e42b6),U64(0x597f299cfc657e2a), - U64(0x5fcb6fab3ad6faec),U64(0x6c44198c4a475817) }; - -#ifndef PEDANTIC -# if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) -# if defined(__x86_64) || defined(__x86_64__) -# define ROTR(a,n) ({ SHA_LONG64 ret; \ - asm ("rorq %1,%0" \ - : "=r"(ret) \ - : "J"(n),"0"(a) \ - : "cc"); ret; }) -# if !defined(B_ENDIAN) -# define PULL64(x) ({ SHA_LONG64 ret=*((const SHA_LONG64 *)(&(x))); \ - asm ("bswapq %0" \ - : "=r"(ret) \ - : "0"(ret)); ret; }) -# endif -# elif (defined(__i386) || defined(__i386__)) && !defined(B_ENDIAN) -# if defined(I386_ONLY) -# define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\ - unsigned int hi=p[0],lo=p[1]; \ - asm("xchgb %%ah,%%al;xchgb %%dh,%%dl;"\ - "roll $16,%%eax; roll $16,%%edx; "\ - "xchgb %%ah,%%al;xchgb %%dh,%%dl;" \ - : "=a"(lo),"=d"(hi) \ - : "0"(lo),"1"(hi) : "cc"); \ - ((SHA_LONG64)hi)<<32|lo; }) -# else -# define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\ - unsigned int hi=p[0],lo=p[1]; \ - asm ("bswapl %0; bswapl %1;" \ - : "=r"(lo),"=r"(hi) \ - : "0"(lo),"1"(hi)); \ - ((SHA_LONG64)hi)<<32|lo; }) + U64(0x428a2f98d728ae22), U64(0x7137449123ef65cd), + U64(0xb5c0fbcfec4d3b2f), U64(0xe9b5dba58189dbbc), + U64(0x3956c25bf348b538), U64(0x59f111f1b605d019), + U64(0x923f82a4af194f9b), U64(0xab1c5ed5da6d8118), + U64(0xd807aa98a3030242), U64(0x12835b0145706fbe), + U64(0x243185be4ee4b28c), U64(0x550c7dc3d5ffb4e2), + U64(0x72be5d74f27b896f), U64(0x80deb1fe3b1696b1), + U64(0x9bdc06a725c71235), U64(0xc19bf174cf692694), + U64(0xe49b69c19ef14ad2), U64(0xefbe4786384f25e3), + U64(0x0fc19dc68b8cd5b5), U64(0x240ca1cc77ac9c65), + U64(0x2de92c6f592b0275), U64(0x4a7484aa6ea6e483), + U64(0x5cb0a9dcbd41fbd4), U64(0x76f988da831153b5), + U64(0x983e5152ee66dfab), U64(0xa831c66d2db43210), + U64(0xb00327c898fb213f), U64(0xbf597fc7beef0ee4), + U64(0xc6e00bf33da88fc2), U64(0xd5a79147930aa725), + U64(0x06ca6351e003826f), U64(0x142929670a0e6e70), + U64(0x27b70a8546d22ffc), U64(0x2e1b21385c26c926), + U64(0x4d2c6dfc5ac42aed), U64(0x53380d139d95b3df), + U64(0x650a73548baf63de), U64(0x766a0abb3c77b2a8), + U64(0x81c2c92e47edaee6), U64(0x92722c851482353b), + U64(0xa2bfe8a14cf10364), U64(0xa81a664bbc423001), + U64(0xc24b8b70d0f89791), U64(0xc76c51a30654be30), + U64(0xd192e819d6ef5218), U64(0xd69906245565a910), + U64(0xf40e35855771202a), U64(0x106aa07032bbd1b8), + U64(0x19a4c116b8d2d0c8), U64(0x1e376c085141ab53), + U64(0x2748774cdf8eeb99), U64(0x34b0bcb5e19b48a8), + U64(0x391c0cb3c5c95a63), U64(0x4ed8aa4ae3418acb), + U64(0x5b9cca4f7763e373), U64(0x682e6ff3d6b2b8a3), + U64(0x748f82ee5defb2fc), U64(0x78a5636f43172f60), + U64(0x84c87814a1f0ab72), U64(0x8cc702081a6439ec), + U64(0x90befffa23631e28), U64(0xa4506cebde82bde9), + U64(0xbef9a3f7b2c67915), U64(0xc67178f2e372532b), + U64(0xca273eceea26619c), U64(0xd186b8c721c0c207), + U64(0xeada7dd6cde0eb1e), U64(0xf57d4f7fee6ed178), + U64(0x06f067aa72176fba), U64(0x0a637dc5a2c898a6), + U64(0x113f9804bef90dae), U64(0x1b710b35131c471b), + U64(0x28db77f523047d84), U64(0x32caab7b40c72493), + U64(0x3c9ebe0a15c9bebc), U64(0x431d67c49c100d4c), + U64(0x4cc5d4becb3e42b6), U64(0x597f299cfc657e2a), + U64(0x5fcb6fab3ad6faec), U64(0x6c44198c4a475817) +}; + +# ifndef PEDANTIC +# if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) +# if defined(__x86_64) || defined(__x86_64__) +# define ROTR(a,n) ({ SHA_LONG64 ret; \ + asm ("rorq %1,%0" \ + : "=r"(ret) \ + : "J"(n),"0"(a) \ + : "cc"); ret; }) +# if !defined(B_ENDIAN) +# define PULL64(x) ({ SHA_LONG64 ret=*((const SHA_LONG64 *)(&(x))); \ + asm ("bswapq %0" \ + : "=r"(ret) \ + : "0"(ret)); ret; }) +# endif +# elif (defined(__i386) || defined(__i386__)) && !defined(B_ENDIAN) +# if defined(I386_ONLY) +# define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\ + unsigned int hi=p[0],lo=p[1]; \ + asm("xchgb %%ah,%%al;xchgb %%dh,%%dl;"\ + "roll $16,%%eax; roll $16,%%edx; "\ + "xchgb %%ah,%%al;xchgb %%dh,%%dl;" \ + : "=a"(lo),"=d"(hi) \ + : "0"(lo),"1"(hi) : "cc"); \ + ((SHA_LONG64)hi)<<32|lo; }) +# else +# define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\ + unsigned int hi=p[0],lo=p[1]; \ + asm ("bswapl %0; bswapl %1;" \ + : "=r"(lo),"=r"(hi) \ + : "0"(lo),"1"(hi)); \ + ((SHA_LONG64)hi)<<32|lo; }) +# endif +# elif (defined(_ARCH_PPC) && defined(__64BIT__)) || defined(_ARCH_PPC64) +# define ROTR(a,n) ({ SHA_LONG64 ret; \ + asm ("rotrdi %0,%1,%2" \ + : "=r"(ret) \ + : "r"(a),"K"(n)); ret; }) +# endif +# elif defined(_MSC_VER) +# if defined(_WIN64) /* applies to both IA-64 and AMD64 */ +# pragma intrinsic(_rotr64) +# define ROTR(a,n) _rotr64((a),n) +# endif +# if defined(_M_IX86) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) +# if defined(I386_ONLY) +static SHA_LONG64 __fastcall __pull64be(const void *x) +{ + _asm mov edx,[ecx + 0] + _asm mov eax,[ecx + 4] +_asm xchg dh, dl + _asm xchg ah, al + _asm rol edx, 16 _asm rol eax, 16 _asm xchg dh, dl _asm xchg ah, al} +# else +static SHA_LONG64 __fastcall __pull64be(const void *x) +{ + _asm mov edx,[ecx + 0] + _asm mov eax,[ecx + 4] +_asm bswap edx _asm bswap eax} +# endif +# define PULL64(x) __pull64be(&(x)) +# if _MSC_VER<=1200 +# pragma inline_depth(0) +# endif +# endif # endif -# elif (defined(_ARCH_PPC) && defined(__64BIT__)) || defined(_ARCH_PPC64) -# define ROTR(a,n) ({ SHA_LONG64 ret; \ - asm ("rotrdi %0,%1,%2" \ - : "=r"(ret) \ - : "r"(a),"K"(n)); ret; }) # endif -# elif defined(_MSC_VER) -# if defined(_WIN64) /* applies to both IA-64 and AMD64 */ -# pragma intrinsic(_rotr64) -# define ROTR(a,n) _rotr64((a),n) +# ifndef PULL64 +# define B(x,j) (((SHA_LONG64)(*(((const unsigned char *)(&x))+j)))<<((7-j)*8)) +# define PULL64(x) (B(x,0)|B(x,1)|B(x,2)|B(x,3)|B(x,4)|B(x,5)|B(x,6)|B(x,7)) # endif -# if defined(_M_IX86) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) -# if defined(I386_ONLY) - static SHA_LONG64 __fastcall __pull64be(const void *x) - { _asm mov edx, [ecx + 0] - _asm mov eax, [ecx + 4] - _asm xchg dh,dl - _asm xchg ah,al - _asm rol edx,16 - _asm rol eax,16 - _asm xchg dh,dl - _asm xchg ah,al - } +# ifndef ROTR +# define ROTR(x,s) (((x)>>s) | (x)<<(64-s)) +# endif +# define Sigma0(x) (ROTR((x),28) ^ ROTR((x),34) ^ ROTR((x),39)) +# define Sigma1(x) (ROTR((x),14) ^ ROTR((x),18) ^ ROTR((x),41)) +# define sigma0(x) (ROTR((x),1) ^ ROTR((x),8) ^ ((x)>>7)) +# define sigma1(x) (ROTR((x),19) ^ ROTR((x),61) ^ ((x)>>6)) +# define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) +# define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) +# if defined(__i386) || defined(__i386__) || defined(_M_IX86) +/* + * This code should give better results on 32-bit CPU with less than + * ~24 registers, both size and performance wise... + */ static void sha512_block_data_order(SHA512_CTX *ctx, const void *in, + size_t num) +{ + const SHA_LONG64 *W = in; + SHA_LONG64 A, E, T; + SHA_LONG64 X[9 + 80], *F; + int i; + + while (num--) { + + F = X + 80; + A = ctx->h[0]; + F[1] = ctx->h[1]; + F[2] = ctx->h[2]; + F[3] = ctx->h[3]; + E = ctx->h[4]; + F[5] = ctx->h[5]; + F[6] = ctx->h[6]; + F[7] = ctx->h[7]; + + for (i = 0; i < 16; i++, F--) { +# ifdef B_ENDIAN + T = W[i]; # else - static SHA_LONG64 __fastcall __pull64be(const void *x) - { _asm mov edx, [ecx + 0] - _asm mov eax, [ecx + 4] - _asm bswap edx - _asm bswap eax + T = PULL64(W[i]); +# endif + F[0] = A; + F[4] = E; + F[8] = T; + T += F[7] + Sigma1(E) + Ch(E, F[5], F[6]) + K512[i]; + E = F[3] + T; + A = T + Sigma0(A) + Maj(A, F[1], F[2]); + } + + for (; i < 80; i++, F--) { + T = sigma0(F[8 + 16 - 1]); + T += sigma1(F[8 + 16 - 14]); + T += F[8 + 16] + F[8 + 16 - 9]; + + F[0] = A; + F[4] = E; + F[8] = T; + T += F[7] + Sigma1(E) + Ch(E, F[5], F[6]) + K512[i]; + E = F[3] + T; + A = T + Sigma0(A) + Maj(A, F[1], F[2]); + } + + ctx->h[0] += A; + ctx->h[1] += F[1]; + ctx->h[2] += F[2]; + ctx->h[3] += F[3]; + ctx->h[4] += E; + ctx->h[5] += F[5]; + ctx->h[6] += F[6]; + ctx->h[7] += F[7]; + + W += SHA_LBLOCK; } +} + +# elif defined(OPENSSL_SMALL_FOOTPRINT) +static void sha512_block_data_order(SHA512_CTX *ctx, const void *in, + size_t num) +{ + const SHA_LONG64 *W = in; + SHA_LONG64 a, b, c, d, e, f, g, h, s0, s1, T1, T2; + SHA_LONG64 X[16]; + int i; + + while (num--) { + + a = ctx->h[0]; + b = ctx->h[1]; + c = ctx->h[2]; + d = ctx->h[3]; + e = ctx->h[4]; + f = ctx->h[5]; + g = ctx->h[6]; + h = ctx->h[7]; + + for (i = 0; i < 16; i++) { +# ifdef B_ENDIAN + T1 = X[i] = W[i]; +# else + T1 = X[i] = PULL64(W[i]); # endif -# define PULL64(x) __pull64be(&(x)) -# if _MSC_VER<=1200 -# pragma inline_depth(0) + T1 += h + Sigma1(e) + Ch(e, f, g) + K512[i]; + T2 = Sigma0(a) + Maj(a, b, c); + h = g; + g = f; + f = e; + e = d + T1; + d = c; + c = b; + b = a; + a = T1 + T2; + } + + for (; i < 80; i++) { + s0 = X[(i + 1) & 0x0f]; + s0 = sigma0(s0); + s1 = X[(i + 14) & 0x0f]; + s1 = sigma1(s1); + + T1 = X[i & 0xf] += s0 + s1 + X[(i + 9) & 0xf]; + T1 += h + Sigma1(e) + Ch(e, f, g) + K512[i]; + T2 = Sigma0(a) + Maj(a, b, c); + h = g; + g = f; + f = e; + e = d + T1; + d = c; + c = b; + b = a; + a = T1 + T2; + } + + ctx->h[0] += a; + ctx->h[1] += b; + ctx->h[2] += c; + ctx->h[3] += d; + ctx->h[4] += e; + ctx->h[5] += f; + ctx->h[6] += g; + ctx->h[7] += h; + + W += SHA_LBLOCK; + } +} + +# else +# define ROUND_00_15(i,a,b,c,d,e,f,g,h) do { \ + T1 += h + Sigma1(e) + Ch(e,f,g) + K512[i]; \ + h = Sigma0(a) + Maj(a,b,c); \ + d += T1; h += T1; } while (0) +# define ROUND_16_80(i,j,a,b,c,d,e,f,g,h,X) do { \ + s0 = X[(j+1)&0x0f]; s0 = sigma0(s0); \ + s1 = X[(j+14)&0x0f]; s1 = sigma1(s1); \ + T1 = X[(j)&0x0f] += s0 + s1 + X[(j+9)&0x0f]; \ + ROUND_00_15(i+j,a,b,c,d,e,f,g,h); } while (0) +static void sha512_block_data_order(SHA512_CTX *ctx, const void *in, + size_t num) +{ + const SHA_LONG64 *W = in; + SHA_LONG64 a, b, c, d, e, f, g, h, s0, s1, T1; + SHA_LONG64 X[16]; + int i; + + while (num--) { + + a = ctx->h[0]; + b = ctx->h[1]; + c = ctx->h[2]; + d = ctx->h[3]; + e = ctx->h[4]; + f = ctx->h[5]; + g = ctx->h[6]; + h = ctx->h[7]; + +# ifdef B_ENDIAN + T1 = X[0] = W[0]; + ROUND_00_15(0, a, b, c, d, e, f, g, h); + T1 = X[1] = W[1]; + ROUND_00_15(1, h, a, b, c, d, e, f, g); + T1 = X[2] = W[2]; + ROUND_00_15(2, g, h, a, b, c, d, e, f); + T1 = X[3] = W[3]; + ROUND_00_15(3, f, g, h, a, b, c, d, e); + T1 = X[4] = W[4]; + ROUND_00_15(4, e, f, g, h, a, b, c, d); + T1 = X[5] = W[5]; + ROUND_00_15(5, d, e, f, g, h, a, b, c); + T1 = X[6] = W[6]; + ROUND_00_15(6, c, d, e, f, g, h, a, b); + T1 = X[7] = W[7]; + ROUND_00_15(7, b, c, d, e, f, g, h, a); + T1 = X[8] = W[8]; + ROUND_00_15(8, a, b, c, d, e, f, g, h); + T1 = X[9] = W[9]; + ROUND_00_15(9, h, a, b, c, d, e, f, g); + T1 = X[10] = W[10]; + ROUND_00_15(10, g, h, a, b, c, d, e, f); + T1 = X[11] = W[11]; + ROUND_00_15(11, f, g, h, a, b, c, d, e); + T1 = X[12] = W[12]; + ROUND_00_15(12, e, f, g, h, a, b, c, d); + T1 = X[13] = W[13]; + ROUND_00_15(13, d, e, f, g, h, a, b, c); + T1 = X[14] = W[14]; + ROUND_00_15(14, c, d, e, f, g, h, a, b); + T1 = X[15] = W[15]; + ROUND_00_15(15, b, c, d, e, f, g, h, a); +# else + T1 = X[0] = PULL64(W[0]); + ROUND_00_15(0, a, b, c, d, e, f, g, h); + T1 = X[1] = PULL64(W[1]); + ROUND_00_15(1, h, a, b, c, d, e, f, g); + T1 = X[2] = PULL64(W[2]); + ROUND_00_15(2, g, h, a, b, c, d, e, f); + T1 = X[3] = PULL64(W[3]); + ROUND_00_15(3, f, g, h, a, b, c, d, e); + T1 = X[4] = PULL64(W[4]); + ROUND_00_15(4, e, f, g, h, a, b, c, d); + T1 = X[5] = PULL64(W[5]); + ROUND_00_15(5, d, e, f, g, h, a, b, c); + T1 = X[6] = PULL64(W[6]); + ROUND_00_15(6, c, d, e, f, g, h, a, b); + T1 = X[7] = PULL64(W[7]); + ROUND_00_15(7, b, c, d, e, f, g, h, a); + T1 = X[8] = PULL64(W[8]); + ROUND_00_15(8, a, b, c, d, e, f, g, h); + T1 = X[9] = PULL64(W[9]); + ROUND_00_15(9, h, a, b, c, d, e, f, g); + T1 = X[10] = PULL64(W[10]); + ROUND_00_15(10, g, h, a, b, c, d, e, f); + T1 = X[11] = PULL64(W[11]); + ROUND_00_15(11, f, g, h, a, b, c, d, e); + T1 = X[12] = PULL64(W[12]); + ROUND_00_15(12, e, f, g, h, a, b, c, d); + T1 = X[13] = PULL64(W[13]); + ROUND_00_15(13, d, e, f, g, h, a, b, c); + T1 = X[14] = PULL64(W[14]); + ROUND_00_15(14, c, d, e, f, g, h, a, b); + T1 = X[15] = PULL64(W[15]); + ROUND_00_15(15, b, c, d, e, f, g, h, a); # endif -# endif -# endif -#endif -#ifndef PULL64 -#define B(x,j) (((SHA_LONG64)(*(((const unsigned char *)(&x))+j)))<<((7-j)*8)) -#define PULL64(x) (B(x,0)|B(x,1)|B(x,2)|B(x,3)|B(x,4)|B(x,5)|B(x,6)|B(x,7)) -#endif + for (i = 16; i < 80; i += 16) { + ROUND_16_80(i, 0, a, b, c, d, e, f, g, h, X); + ROUND_16_80(i, 1, h, a, b, c, d, e, f, g, X); + ROUND_16_80(i, 2, g, h, a, b, c, d, e, f, X); + ROUND_16_80(i, 3, f, g, h, a, b, c, d, e, X); + ROUND_16_80(i, 4, e, f, g, h, a, b, c, d, X); + ROUND_16_80(i, 5, d, e, f, g, h, a, b, c, X); + ROUND_16_80(i, 6, c, d, e, f, g, h, a, b, X); + ROUND_16_80(i, 7, b, c, d, e, f, g, h, a, X); + ROUND_16_80(i, 8, a, b, c, d, e, f, g, h, X); + ROUND_16_80(i, 9, h, a, b, c, d, e, f, g, X); + ROUND_16_80(i, 10, g, h, a, b, c, d, e, f, X); + ROUND_16_80(i, 11, f, g, h, a, b, c, d, e, X); + ROUND_16_80(i, 12, e, f, g, h, a, b, c, d, X); + ROUND_16_80(i, 13, d, e, f, g, h, a, b, c, X); + ROUND_16_80(i, 14, c, d, e, f, g, h, a, b, X); + ROUND_16_80(i, 15, b, c, d, e, f, g, h, a, X); + } + + ctx->h[0] += a; + ctx->h[1] += b; + ctx->h[2] += c; + ctx->h[3] += d; + ctx->h[4] += e; + ctx->h[5] += f; + ctx->h[6] += g; + ctx->h[7] += h; + + W += SHA_LBLOCK; + } +} -#ifndef ROTR -#define ROTR(x,s) (((x)>>s) | (x)<<(64-s)) -#endif +# endif -#define Sigma0(x) (ROTR((x),28) ^ ROTR((x),34) ^ ROTR((x),39)) -#define Sigma1(x) (ROTR((x),14) ^ ROTR((x),18) ^ ROTR((x),41)) -#define sigma0(x) (ROTR((x),1) ^ ROTR((x),8) ^ ((x)>>7)) -#define sigma1(x) (ROTR((x),19) ^ ROTR((x),61) ^ ((x)>>6)) +# endif /* SHA512_ASM */ -#define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) -#define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) +#else /* !OPENSSL_NO_SHA512 */ +# if defined(PEDANTIC) || defined(__DECC) || defined(OPENSSL_SYS_MACOSX) +static void *dummy = &dummy; +# endif -#if defined(__i386) || defined(__i386__) || defined(_M_IX86) -/* - * This code should give better results on 32-bit CPU with less than - * ~24 registers, both size and performance wise... - */ -static void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num) - { - const SHA_LONG64 *W=in; - SHA_LONG64 A,E,T; - SHA_LONG64 X[9+80],*F; - int i; - - while (num--) { - - F = X+80; - A = ctx->h[0]; F[1] = ctx->h[1]; - F[2] = ctx->h[2]; F[3] = ctx->h[3]; - E = ctx->h[4]; F[5] = ctx->h[5]; - F[6] = ctx->h[6]; F[7] = ctx->h[7]; - - for (i=0;i<16;i++,F--) - { -#ifdef B_ENDIAN - T = W[i]; -#else - T = PULL64(W[i]); -#endif - F[0] = A; - F[4] = E; - F[8] = T; - T += F[7] + Sigma1(E) + Ch(E,F[5],F[6]) + K512[i]; - E = F[3] + T; - A = T + Sigma0(A) + Maj(A,F[1],F[2]); - } - - for (;i<80;i++,F--) - { - T = sigma0(F[8+16-1]); - T += sigma1(F[8+16-14]); - T += F[8+16] + F[8+16-9]; - - F[0] = A; - F[4] = E; - F[8] = T; - T += F[7] + Sigma1(E) + Ch(E,F[5],F[6]) + K512[i]; - E = F[3] + T; - A = T + Sigma0(A) + Maj(A,F[1],F[2]); - } - - ctx->h[0] += A; ctx->h[1] += F[1]; - ctx->h[2] += F[2]; ctx->h[3] += F[3]; - ctx->h[4] += E; ctx->h[5] += F[5]; - ctx->h[6] += F[6]; ctx->h[7] += F[7]; - - W+=SHA_LBLOCK; - } - } - -#elif defined(OPENSSL_SMALL_FOOTPRINT) - -static void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num) - { - const SHA_LONG64 *W=in; - SHA_LONG64 a,b,c,d,e,f,g,h,s0,s1,T1,T2; - SHA_LONG64 X[16]; - int i; - - while (num--) { - - a = ctx->h[0]; b = ctx->h[1]; c = ctx->h[2]; d = ctx->h[3]; - e = ctx->h[4]; f = ctx->h[5]; g = ctx->h[6]; h = ctx->h[7]; - - for (i=0;i<16;i++) - { -#ifdef B_ENDIAN - T1 = X[i] = W[i]; -#else - T1 = X[i] = PULL64(W[i]); -#endif - T1 += h + Sigma1(e) + Ch(e,f,g) + K512[i]; - T2 = Sigma0(a) + Maj(a,b,c); - h = g; g = f; f = e; e = d + T1; - d = c; c = b; b = a; a = T1 + T2; - } - - for (;i<80;i++) - { - s0 = X[(i+1)&0x0f]; s0 = sigma0(s0); - s1 = X[(i+14)&0x0f]; s1 = sigma1(s1); - - T1 = X[i&0xf] += s0 + s1 + X[(i+9)&0xf]; - T1 += h + Sigma1(e) + Ch(e,f,g) + K512[i]; - T2 = Sigma0(a) + Maj(a,b,c); - h = g; g = f; f = e; e = d + T1; - d = c; c = b; b = a; a = T1 + T2; - } - - ctx->h[0] += a; ctx->h[1] += b; ctx->h[2] += c; ctx->h[3] += d; - ctx->h[4] += e; ctx->h[5] += f; ctx->h[6] += g; ctx->h[7] += h; - - W+=SHA_LBLOCK; - } - } - -#else - -#define ROUND_00_15(i,a,b,c,d,e,f,g,h) do { \ - T1 += h + Sigma1(e) + Ch(e,f,g) + K512[i]; \ - h = Sigma0(a) + Maj(a,b,c); \ - d += T1; h += T1; } while (0) - -#define ROUND_16_80(i,j,a,b,c,d,e,f,g,h,X) do { \ - s0 = X[(j+1)&0x0f]; s0 = sigma0(s0); \ - s1 = X[(j+14)&0x0f]; s1 = sigma1(s1); \ - T1 = X[(j)&0x0f] += s0 + s1 + X[(j+9)&0x0f]; \ - ROUND_00_15(i+j,a,b,c,d,e,f,g,h); } while (0) - -static void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num) - { - const SHA_LONG64 *W=in; - SHA_LONG64 a,b,c,d,e,f,g,h,s0,s1,T1; - SHA_LONG64 X[16]; - int i; - - while (num--) { - - a = ctx->h[0]; b = ctx->h[1]; c = ctx->h[2]; d = ctx->h[3]; - e = ctx->h[4]; f = ctx->h[5]; g = ctx->h[6]; h = ctx->h[7]; - -#ifdef B_ENDIAN - T1 = X[0] = W[0]; ROUND_00_15(0,a,b,c,d,e,f,g,h); - T1 = X[1] = W[1]; ROUND_00_15(1,h,a,b,c,d,e,f,g); - T1 = X[2] = W[2]; ROUND_00_15(2,g,h,a,b,c,d,e,f); - T1 = X[3] = W[3]; ROUND_00_15(3,f,g,h,a,b,c,d,e); - T1 = X[4] = W[4]; ROUND_00_15(4,e,f,g,h,a,b,c,d); - T1 = X[5] = W[5]; ROUND_00_15(5,d,e,f,g,h,a,b,c); - T1 = X[6] = W[6]; ROUND_00_15(6,c,d,e,f,g,h,a,b); - T1 = X[7] = W[7]; ROUND_00_15(7,b,c,d,e,f,g,h,a); - T1 = X[8] = W[8]; ROUND_00_15(8,a,b,c,d,e,f,g,h); - T1 = X[9] = W[9]; ROUND_00_15(9,h,a,b,c,d,e,f,g); - T1 = X[10] = W[10]; ROUND_00_15(10,g,h,a,b,c,d,e,f); - T1 = X[11] = W[11]; ROUND_00_15(11,f,g,h,a,b,c,d,e); - T1 = X[12] = W[12]; ROUND_00_15(12,e,f,g,h,a,b,c,d); - T1 = X[13] = W[13]; ROUND_00_15(13,d,e,f,g,h,a,b,c); - T1 = X[14] = W[14]; ROUND_00_15(14,c,d,e,f,g,h,a,b); - T1 = X[15] = W[15]; ROUND_00_15(15,b,c,d,e,f,g,h,a); -#else - T1 = X[0] = PULL64(W[0]); ROUND_00_15(0,a,b,c,d,e,f,g,h); - T1 = X[1] = PULL64(W[1]); ROUND_00_15(1,h,a,b,c,d,e,f,g); - T1 = X[2] = PULL64(W[2]); ROUND_00_15(2,g,h,a,b,c,d,e,f); - T1 = X[3] = PULL64(W[3]); ROUND_00_15(3,f,g,h,a,b,c,d,e); - T1 = X[4] = PULL64(W[4]); ROUND_00_15(4,e,f,g,h,a,b,c,d); - T1 = X[5] = PULL64(W[5]); ROUND_00_15(5,d,e,f,g,h,a,b,c); - T1 = X[6] = PULL64(W[6]); ROUND_00_15(6,c,d,e,f,g,h,a,b); - T1 = X[7] = PULL64(W[7]); ROUND_00_15(7,b,c,d,e,f,g,h,a); - T1 = X[8] = PULL64(W[8]); ROUND_00_15(8,a,b,c,d,e,f,g,h); - T1 = X[9] = PULL64(W[9]); ROUND_00_15(9,h,a,b,c,d,e,f,g); - T1 = X[10] = PULL64(W[10]); ROUND_00_15(10,g,h,a,b,c,d,e,f); - T1 = X[11] = PULL64(W[11]); ROUND_00_15(11,f,g,h,a,b,c,d,e); - T1 = X[12] = PULL64(W[12]); ROUND_00_15(12,e,f,g,h,a,b,c,d); - T1 = X[13] = PULL64(W[13]); ROUND_00_15(13,d,e,f,g,h,a,b,c); - T1 = X[14] = PULL64(W[14]); ROUND_00_15(14,c,d,e,f,g,h,a,b); - T1 = X[15] = PULL64(W[15]); ROUND_00_15(15,b,c,d,e,f,g,h,a); -#endif - - for (i=16;i<80;i+=16) - { - ROUND_16_80(i, 0,a,b,c,d,e,f,g,h,X); - ROUND_16_80(i, 1,h,a,b,c,d,e,f,g,X); - ROUND_16_80(i, 2,g,h,a,b,c,d,e,f,X); - ROUND_16_80(i, 3,f,g,h,a,b,c,d,e,X); - ROUND_16_80(i, 4,e,f,g,h,a,b,c,d,X); - ROUND_16_80(i, 5,d,e,f,g,h,a,b,c,X); - ROUND_16_80(i, 6,c,d,e,f,g,h,a,b,X); - ROUND_16_80(i, 7,b,c,d,e,f,g,h,a,X); - ROUND_16_80(i, 8,a,b,c,d,e,f,g,h,X); - ROUND_16_80(i, 9,h,a,b,c,d,e,f,g,X); - ROUND_16_80(i,10,g,h,a,b,c,d,e,f,X); - ROUND_16_80(i,11,f,g,h,a,b,c,d,e,X); - ROUND_16_80(i,12,e,f,g,h,a,b,c,d,X); - ROUND_16_80(i,13,d,e,f,g,h,a,b,c,X); - ROUND_16_80(i,14,c,d,e,f,g,h,a,b,X); - ROUND_16_80(i,15,b,c,d,e,f,g,h,a,X); - } - - ctx->h[0] += a; ctx->h[1] += b; ctx->h[2] += c; ctx->h[3] += d; - ctx->h[4] += e; ctx->h[5] += f; ctx->h[6] += g; ctx->h[7] += h; - - W+=SHA_LBLOCK; - } - } - -#endif - -#endif /* SHA512_ASM */ - -#else /* !OPENSSL_NO_SHA512 */ - -#if defined(PEDANTIC) || defined(__DECC) || defined(OPENSSL_SYS_MACOSX) -static void *dummy=&dummy; -#endif - -#endif /* !OPENSSL_NO_SHA512 */ +#endif /* !OPENSSL_NO_SHA512 */ diff --git a/crypto/openssl/crypto/sha/sha512t.c b/crypto/openssl/crypto/sha/sha512t.c index 210041d..178882f 100644 --- a/crypto/openssl/crypto/sha/sha512t.c +++ b/crypto/openssl/crypto/sha/sha512t.c @@ -15,170 +15,182 @@ int main(int argc, char *argv[]) { printf("No SHA512 support\n"); - return(0); + return (0); } #else unsigned char app_c1[SHA512_DIGEST_LENGTH] = { - 0xdd,0xaf,0x35,0xa1,0x93,0x61,0x7a,0xba, - 0xcc,0x41,0x73,0x49,0xae,0x20,0x41,0x31, - 0x12,0xe6,0xfa,0x4e,0x89,0xa9,0x7e,0xa2, - 0x0a,0x9e,0xee,0xe6,0x4b,0x55,0xd3,0x9a, - 0x21,0x92,0x99,0x2a,0x27,0x4f,0xc1,0xa8, - 0x36,0xba,0x3c,0x23,0xa3,0xfe,0xeb,0xbd, - 0x45,0x4d,0x44,0x23,0x64,0x3c,0xe8,0x0e, - 0x2a,0x9a,0xc9,0x4f,0xa5,0x4c,0xa4,0x9f }; + 0xdd, 0xaf, 0x35, 0xa1, 0x93, 0x61, 0x7a, 0xba, + 0xcc, 0x41, 0x73, 0x49, 0xae, 0x20, 0x41, 0x31, + 0x12, 0xe6, 0xfa, 0x4e, 0x89, 0xa9, 0x7e, 0xa2, + 0x0a, 0x9e, 0xee, 0xe6, 0x4b, 0x55, 0xd3, 0x9a, + 0x21, 0x92, 0x99, 0x2a, 0x27, 0x4f, 0xc1, 0xa8, + 0x36, 0xba, 0x3c, 0x23, 0xa3, 0xfe, 0xeb, 0xbd, + 0x45, 0x4d, 0x44, 0x23, 0x64, 0x3c, 0xe8, 0x0e, + 0x2a, 0x9a, 0xc9, 0x4f, 0xa5, 0x4c, 0xa4, 0x9f +}; unsigned char app_c2[SHA512_DIGEST_LENGTH] = { - 0x8e,0x95,0x9b,0x75,0xda,0xe3,0x13,0xda, - 0x8c,0xf4,0xf7,0x28,0x14,0xfc,0x14,0x3f, - 0x8f,0x77,0x79,0xc6,0xeb,0x9f,0x7f,0xa1, - 0x72,0x99,0xae,0xad,0xb6,0x88,0x90,0x18, - 0x50,0x1d,0x28,0x9e,0x49,0x00,0xf7,0xe4, - 0x33,0x1b,0x99,0xde,0xc4,0xb5,0x43,0x3a, - 0xc7,0xd3,0x29,0xee,0xb6,0xdd,0x26,0x54, - 0x5e,0x96,0xe5,0x5b,0x87,0x4b,0xe9,0x09 }; + 0x8e, 0x95, 0x9b, 0x75, 0xda, 0xe3, 0x13, 0xda, + 0x8c, 0xf4, 0xf7, 0x28, 0x14, 0xfc, 0x14, 0x3f, + 0x8f, 0x77, 0x79, 0xc6, 0xeb, 0x9f, 0x7f, 0xa1, + 0x72, 0x99, 0xae, 0xad, 0xb6, 0x88, 0x90, 0x18, + 0x50, 0x1d, 0x28, 0x9e, 0x49, 0x00, 0xf7, 0xe4, + 0x33, 0x1b, 0x99, 0xde, 0xc4, 0xb5, 0x43, 0x3a, + 0xc7, 0xd3, 0x29, 0xee, 0xb6, 0xdd, 0x26, 0x54, + 0x5e, 0x96, 0xe5, 0x5b, 0x87, 0x4b, 0xe9, 0x09 +}; unsigned char app_c3[SHA512_DIGEST_LENGTH] = { - 0xe7,0x18,0x48,0x3d,0x0c,0xe7,0x69,0x64, - 0x4e,0x2e,0x42,0xc7,0xbc,0x15,0xb4,0x63, - 0x8e,0x1f,0x98,0xb1,0x3b,0x20,0x44,0x28, - 0x56,0x32,0xa8,0x03,0xaf,0xa9,0x73,0xeb, - 0xde,0x0f,0xf2,0x44,0x87,0x7e,0xa6,0x0a, - 0x4c,0xb0,0x43,0x2c,0xe5,0x77,0xc3,0x1b, - 0xeb,0x00,0x9c,0x5c,0x2c,0x49,0xaa,0x2e, - 0x4e,0xad,0xb2,0x17,0xad,0x8c,0xc0,0x9b }; + 0xe7, 0x18, 0x48, 0x3d, 0x0c, 0xe7, 0x69, 0x64, + 0x4e, 0x2e, 0x42, 0xc7, 0xbc, 0x15, 0xb4, 0x63, + 0x8e, 0x1f, 0x98, 0xb1, 0x3b, 0x20, 0x44, 0x28, + 0x56, 0x32, 0xa8, 0x03, 0xaf, 0xa9, 0x73, 0xeb, + 0xde, 0x0f, 0xf2, 0x44, 0x87, 0x7e, 0xa6, 0x0a, + 0x4c, 0xb0, 0x43, 0x2c, 0xe5, 0x77, 0xc3, 0x1b, + 0xeb, 0x00, 0x9c, 0x5c, 0x2c, 0x49, 0xaa, 0x2e, + 0x4e, 0xad, 0xb2, 0x17, 0xad, 0x8c, 0xc0, 0x9b +}; unsigned char app_d1[SHA384_DIGEST_LENGTH] = { - 0xcb,0x00,0x75,0x3f,0x45,0xa3,0x5e,0x8b, - 0xb5,0xa0,0x3d,0x69,0x9a,0xc6,0x50,0x07, - 0x27,0x2c,0x32,0xab,0x0e,0xde,0xd1,0x63, - 0x1a,0x8b,0x60,0x5a,0x43,0xff,0x5b,0xed, - 0x80,0x86,0x07,0x2b,0xa1,0xe7,0xcc,0x23, - 0x58,0xba,0xec,0xa1,0x34,0xc8,0x25,0xa7 }; + 0xcb, 0x00, 0x75, 0x3f, 0x45, 0xa3, 0x5e, 0x8b, + 0xb5, 0xa0, 0x3d, 0x69, 0x9a, 0xc6, 0x50, 0x07, + 0x27, 0x2c, 0x32, 0xab, 0x0e, 0xde, 0xd1, 0x63, + 0x1a, 0x8b, 0x60, 0x5a, 0x43, 0xff, 0x5b, 0xed, + 0x80, 0x86, 0x07, 0x2b, 0xa1, 0xe7, 0xcc, 0x23, + 0x58, 0xba, 0xec, 0xa1, 0x34, 0xc8, 0x25, 0xa7 +}; unsigned char app_d2[SHA384_DIGEST_LENGTH] = { - 0x09,0x33,0x0c,0x33,0xf7,0x11,0x47,0xe8, - 0x3d,0x19,0x2f,0xc7,0x82,0xcd,0x1b,0x47, - 0x53,0x11,0x1b,0x17,0x3b,0x3b,0x05,0xd2, - 0x2f,0xa0,0x80,0x86,0xe3,0xb0,0xf7,0x12, - 0xfc,0xc7,0xc7,0x1a,0x55,0x7e,0x2d,0xb9, - 0x66,0xc3,0xe9,0xfa,0x91,0x74,0x60,0x39 }; + 0x09, 0x33, 0x0c, 0x33, 0xf7, 0x11, 0x47, 0xe8, + 0x3d, 0x19, 0x2f, 0xc7, 0x82, 0xcd, 0x1b, 0x47, + 0x53, 0x11, 0x1b, 0x17, 0x3b, 0x3b, 0x05, 0xd2, + 0x2f, 0xa0, 0x80, 0x86, 0xe3, 0xb0, 0xf7, 0x12, + 0xfc, 0xc7, 0xc7, 0x1a, 0x55, 0x7e, 0x2d, 0xb9, + 0x66, 0xc3, 0xe9, 0xfa, 0x91, 0x74, 0x60, 0x39 +}; unsigned char app_d3[SHA384_DIGEST_LENGTH] = { - 0x9d,0x0e,0x18,0x09,0x71,0x64,0x74,0xcb, - 0x08,0x6e,0x83,0x4e,0x31,0x0a,0x4a,0x1c, - 0xed,0x14,0x9e,0x9c,0x00,0xf2,0x48,0x52, - 0x79,0x72,0xce,0xc5,0x70,0x4c,0x2a,0x5b, - 0x07,0xb8,0xb3,0xdc,0x38,0xec,0xc4,0xeb, - 0xae,0x97,0xdd,0xd8,0x7f,0x3d,0x89,0x85 }; - -int main (int argc,char **argv) -{ unsigned char md[SHA512_DIGEST_LENGTH]; - int i; - EVP_MD_CTX evp; - -#ifdef OPENSSL_IA32_SSE2 - /* Alternative to this is to call OpenSSL_add_all_algorithms... - * The below code is retained exclusively for debugging purposes. */ - { char *env; - - if ((env=getenv("OPENSSL_ia32cap"))) - OPENSSL_ia32cap = strtoul (env,NULL,0); - } -#endif - - fprintf(stdout,"Testing SHA-512 "); - - EVP_Digest ("abc",3,md,NULL,EVP_sha512(),NULL); - if (memcmp(md,app_c1,sizeof(app_c1))) - { fflush(stdout); - fprintf(stderr,"\nTEST 1 of 3 failed.\n"); - return 1; - } - else - fprintf(stdout,"."); fflush(stdout); - - EVP_Digest ("abcdefgh""bcdefghi""cdefghij""defghijk" - "efghijkl""fghijklm""ghijklmn""hijklmno" - "ijklmnop""jklmnopq""klmnopqr""lmnopqrs" - "mnopqrst""nopqrstu",112,md,NULL,EVP_sha512(),NULL); - if (memcmp(md,app_c2,sizeof(app_c2))) - { fflush(stdout); - fprintf(stderr,"\nTEST 2 of 3 failed.\n"); - return 1; - } - else - fprintf(stdout,"."); fflush(stdout); - - EVP_MD_CTX_init (&evp); - EVP_DigestInit_ex (&evp,EVP_sha512(),NULL); - for (i=0;i<1000000;i+=288) - EVP_DigestUpdate (&evp, "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa" - "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa" - "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa" - "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa" - "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa" - "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa" - "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa" - "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa" - "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa", - (1000000-i)<288?1000000-i:288); - EVP_DigestFinal_ex (&evp,md,NULL); - EVP_MD_CTX_cleanup (&evp); - - if (memcmp(md,app_c3,sizeof(app_c3))) - { fflush(stdout); - fprintf(stderr,"\nTEST 3 of 3 failed.\n"); - return 1; - } - else - fprintf(stdout,"."); fflush(stdout); - - fprintf(stdout," passed.\n"); fflush(stdout); - - fprintf(stdout,"Testing SHA-384 "); - - EVP_Digest ("abc",3,md,NULL,EVP_sha384(),NULL); - if (memcmp(md,app_d1,sizeof(app_d1))) - { fflush(stdout); - fprintf(stderr,"\nTEST 1 of 3 failed.\n"); - return 1; - } - else - fprintf(stdout,"."); fflush(stdout); - - EVP_Digest ("abcdefgh""bcdefghi""cdefghij""defghijk" - "efghijkl""fghijklm""ghijklmn""hijklmno" - "ijklmnop""jklmnopq""klmnopqr""lmnopqrs" - "mnopqrst""nopqrstu",112,md,NULL,EVP_sha384(),NULL); - if (memcmp(md,app_d2,sizeof(app_d2))) - { fflush(stdout); - fprintf(stderr,"\nTEST 2 of 3 failed.\n"); - return 1; - } - else - fprintf(stdout,"."); fflush(stdout); - - EVP_MD_CTX_init (&evp); - EVP_DigestInit_ex (&evp,EVP_sha384(),NULL); - for (i=0;i<1000000;i+=64) - EVP_DigestUpdate (&evp, "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa" - "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa", - (1000000-i)<64?1000000-i:64); - EVP_DigestFinal_ex (&evp,md,NULL); - EVP_MD_CTX_cleanup (&evp); - - if (memcmp(md,app_d3,sizeof(app_d3))) - { fflush(stdout); - fprintf(stderr,"\nTEST 3 of 3 failed.\n"); - return 1; + 0x9d, 0x0e, 0x18, 0x09, 0x71, 0x64, 0x74, 0xcb, + 0x08, 0x6e, 0x83, 0x4e, 0x31, 0x0a, 0x4a, 0x1c, + 0xed, 0x14, 0x9e, 0x9c, 0x00, 0xf2, 0x48, 0x52, + 0x79, 0x72, 0xce, 0xc5, 0x70, 0x4c, 0x2a, 0x5b, + 0x07, 0xb8, 0xb3, 0xdc, 0x38, 0xec, 0xc4, 0xeb, + 0xae, 0x97, 0xdd, 0xd8, 0x7f, 0x3d, 0x89, 0x85 +}; + +int main(int argc, char **argv) +{ + unsigned char md[SHA512_DIGEST_LENGTH]; + int i; + EVP_MD_CTX evp; + +# ifdef OPENSSL_IA32_SSE2 + /* + * Alternative to this is to call OpenSSL_add_all_algorithms... The below + * code is retained exclusively for debugging purposes. + */ + { + char *env; + + if ((env = getenv("OPENSSL_ia32cap"))) + OPENSSL_ia32cap = strtoul(env, NULL, 0); } - else - fprintf(stdout,"."); fflush(stdout); - - fprintf(stdout," passed.\n"); fflush(stdout); - - return 0; +# endif + + fprintf(stdout, "Testing SHA-512 "); + + EVP_Digest("abc", 3, md, NULL, EVP_sha512(), NULL); + if (memcmp(md, app_c1, sizeof(app_c1))) { + fflush(stdout); + fprintf(stderr, "\nTEST 1 of 3 failed.\n"); + return 1; + } else + fprintf(stdout, "."); + fflush(stdout); + + EVP_Digest("abcdefgh" "bcdefghi" "cdefghij" "defghijk" + "efghijkl" "fghijklm" "ghijklmn" "hijklmno" + "ijklmnop" "jklmnopq" "klmnopqr" "lmnopqrs" + "mnopqrst" "nopqrstu", 112, md, NULL, EVP_sha512(), NULL); + if (memcmp(md, app_c2, sizeof(app_c2))) { + fflush(stdout); + fprintf(stderr, "\nTEST 2 of 3 failed.\n"); + return 1; + } else + fprintf(stdout, "."); + fflush(stdout); + + EVP_MD_CTX_init(&evp); + EVP_DigestInit_ex(&evp, EVP_sha512(), NULL); + for (i = 0; i < 1000000; i += 288) + EVP_DigestUpdate(&evp, "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" + "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" + "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" + "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" + "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" + "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" + "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" + "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" + "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa", + (1000000 - i) < 288 ? 1000000 - i : 288); + EVP_DigestFinal_ex(&evp, md, NULL); + EVP_MD_CTX_cleanup(&evp); + + if (memcmp(md, app_c3, sizeof(app_c3))) { + fflush(stdout); + fprintf(stderr, "\nTEST 3 of 3 failed.\n"); + return 1; + } else + fprintf(stdout, "."); + fflush(stdout); + + fprintf(stdout, " passed.\n"); + fflush(stdout); + + fprintf(stdout, "Testing SHA-384 "); + + EVP_Digest("abc", 3, md, NULL, EVP_sha384(), NULL); + if (memcmp(md, app_d1, sizeof(app_d1))) { + fflush(stdout); + fprintf(stderr, "\nTEST 1 of 3 failed.\n"); + return 1; + } else + fprintf(stdout, "."); + fflush(stdout); + + EVP_Digest("abcdefgh" "bcdefghi" "cdefghij" "defghijk" + "efghijkl" "fghijklm" "ghijklmn" "hijklmno" + "ijklmnop" "jklmnopq" "klmnopqr" "lmnopqrs" + "mnopqrst" "nopqrstu", 112, md, NULL, EVP_sha384(), NULL); + if (memcmp(md, app_d2, sizeof(app_d2))) { + fflush(stdout); + fprintf(stderr, "\nTEST 2 of 3 failed.\n"); + return 1; + } else + fprintf(stdout, "."); + fflush(stdout); + + EVP_MD_CTX_init(&evp); + EVP_DigestInit_ex(&evp, EVP_sha384(), NULL); + for (i = 0; i < 1000000; i += 64) + EVP_DigestUpdate(&evp, "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" + "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa", + (1000000 - i) < 64 ? 1000000 - i : 64); + EVP_DigestFinal_ex(&evp, md, NULL); + EVP_MD_CTX_cleanup(&evp); + + if (memcmp(md, app_d3, sizeof(app_d3))) { + fflush(stdout); + fprintf(stderr, "\nTEST 3 of 3 failed.\n"); + return 1; + } else + fprintf(stdout, "."); + fflush(stdout); + + fprintf(stdout, " passed.\n"); + fflush(stdout); + + return 0; } #endif diff --git a/crypto/openssl/crypto/sha/sha_dgst.c b/crypto/openssl/crypto/sha/sha_dgst.c index fb63b17..f77cf5e 100644 --- a/crypto/openssl/crypto/sha/sha_dgst.c +++ b/crypto/openssl/crypto/sha/sha_dgst.c @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -60,16 +60,15 @@ #include #if !defined(OPENSSL_NO_SHA0) && !defined(OPENSSL_NO_SHA) -#undef SHA_1 -#define SHA_0 +# undef SHA_1 +# define SHA_0 -#include +# include -const char SHA_version[]="SHA" OPENSSL_VERSION_PTEXT; +const char SHA_version[] = "SHA" OPENSSL_VERSION_PTEXT; /* The implementation is in ../md32_common.h */ -#include "sha_locl.h" +# include "sha_locl.h" #endif - diff --git a/crypto/openssl/crypto/sha/sha_locl.h b/crypto/openssl/crypto/sha/sha_locl.h index d673255..03bd411 100644 --- a/crypto/openssl/crypto/sha/sha_locl.h +++ b/crypto/openssl/crypto/sha/sha_locl.h @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -67,48 +67,48 @@ #define HASH_LONG SHA_LONG #define HASH_CTX SHA_CTX #define HASH_CBLOCK SHA_CBLOCK -#define HASH_MAKE_STRING(c,s) do { \ - unsigned long ll; \ - ll=(c)->h0; (void)HOST_l2c(ll,(s)); \ - ll=(c)->h1; (void)HOST_l2c(ll,(s)); \ - ll=(c)->h2; (void)HOST_l2c(ll,(s)); \ - ll=(c)->h3; (void)HOST_l2c(ll,(s)); \ - ll=(c)->h4; (void)HOST_l2c(ll,(s)); \ - } while (0) +#define HASH_MAKE_STRING(c,s) do { \ + unsigned long ll; \ + ll=(c)->h0; (void)HOST_l2c(ll,(s)); \ + ll=(c)->h1; (void)HOST_l2c(ll,(s)); \ + ll=(c)->h2; (void)HOST_l2c(ll,(s)); \ + ll=(c)->h3; (void)HOST_l2c(ll,(s)); \ + ll=(c)->h4; (void)HOST_l2c(ll,(s)); \ + } while (0) #if defined(SHA_0) -# define HASH_UPDATE SHA_Update -# define HASH_TRANSFORM SHA_Transform -# define HASH_FINAL SHA_Final -# define HASH_INIT SHA_Init -# define HASH_BLOCK_DATA_ORDER sha_block_data_order -# define Xupdate(a,ix,ia,ib,ic,id) (ix=(a)=(ia^ib^ic^id)) +# define HASH_UPDATE SHA_Update +# define HASH_TRANSFORM SHA_Transform +# define HASH_FINAL SHA_Final +# define HASH_INIT SHA_Init +# define HASH_BLOCK_DATA_ORDER sha_block_data_order +# define Xupdate(a,ix,ia,ib,ic,id) (ix=(a)=(ia^ib^ic^id)) -static void sha_block_data_order (SHA_CTX *c, const void *p,size_t num); +static void sha_block_data_order(SHA_CTX *c, const void *p, size_t num); #elif defined(SHA_1) -# define HASH_UPDATE SHA1_Update -# define HASH_TRANSFORM SHA1_Transform -# define HASH_FINAL SHA1_Final -# define HASH_INIT SHA1_Init -# define HASH_BLOCK_DATA_ORDER sha1_block_data_order +# define HASH_UPDATE SHA1_Update +# define HASH_TRANSFORM SHA1_Transform +# define HASH_FINAL SHA1_Final +# define HASH_INIT SHA1_Init +# define HASH_BLOCK_DATA_ORDER sha1_block_data_order # if defined(__MWERKS__) && defined(__MC68K__) /* Metrowerks for Motorola fails otherwise:-( */ -# define Xupdate(a,ix,ia,ib,ic,id) do { (a)=(ia^ib^ic^id); \ - ix=(a)=ROTATE((a),1); \ - } while (0) +# define Xupdate(a,ix,ia,ib,ic,id) do { (a)=(ia^ib^ic^id); \ + ix=(a)=ROTATE((a),1); \ + } while (0) # else -# define Xupdate(a,ix,ia,ib,ic,id) ( (a)=(ia^ib^ic^id), \ - ix=(a)=ROTATE((a),1) \ - ) +# define Xupdate(a,ix,ia,ib,ic,id) ( (a)=(ia^ib^ic^id), \ + ix=(a)=ROTATE((a),1) \ + ) # endif -#ifndef SHA1_ASM +# ifndef SHA1_ASM static -#endif -void sha1_block_data_order (SHA_CTX *c, const void *p,size_t num); +# endif +void sha1_block_data_order(SHA_CTX *c, const void *p, size_t num); #else # error "Either SHA_0 or SHA_1 must be defined." @@ -127,68 +127,68 @@ fips_md_init(SHA) #else fips_md_init_ctx(SHA1, SHA) #endif - { - memset (c,0,sizeof(*c)); - c->h0=INIT_DATA_h0; - c->h1=INIT_DATA_h1; - c->h2=INIT_DATA_h2; - c->h3=INIT_DATA_h3; - c->h4=INIT_DATA_h4; - return 1; - } - -#define K_00_19 0x5a827999UL +{ + memset(c, 0, sizeof(*c)); + c->h0 = INIT_DATA_h0; + c->h1 = INIT_DATA_h1; + c->h2 = INIT_DATA_h2; + c->h3 = INIT_DATA_h3; + c->h4 = INIT_DATA_h4; + return 1; +} + +#define K_00_19 0x5a827999UL #define K_20_39 0x6ed9eba1UL #define K_40_59 0x8f1bbcdcUL #define K_60_79 0xca62c1d6UL -/* As pointed out by Wei Dai , F() below can be - * simplified to the code in F_00_19. Wei attributes these optimisations - * to Peter Gutmann's SHS code, and he attributes it to Rich Schroeppel. - * #define F(x,y,z) (((x) & (y)) | ((~(x)) & (z))) - * I've just become aware of another tweak to be made, again from Wei Dai, - * in F_40_59, (x&a)|(y&a) -> (x|y)&a +/* + * As pointed out by Wei Dai , F() below can be simplified + * to the code in F_00_19. Wei attributes these optimisations to Peter + * Gutmann's SHS code, and he attributes it to Rich Schroeppel. #define + * F(x,y,z) (((x) & (y)) | ((~(x)) & (z))) I've just become aware of another + * tweak to be made, again from Wei Dai, in F_40_59, (x&a)|(y&a) -> (x|y)&a */ -#define F_00_19(b,c,d) ((((c) ^ (d)) & (b)) ^ (d)) -#define F_20_39(b,c,d) ((b) ^ (c) ^ (d)) -#define F_40_59(b,c,d) (((b) & (c)) | (((b)|(c)) & (d))) -#define F_60_79(b,c,d) F_20_39(b,c,d) +#define F_00_19(b,c,d) ((((c) ^ (d)) & (b)) ^ (d)) +#define F_20_39(b,c,d) ((b) ^ (c) ^ (d)) +#define F_40_59(b,c,d) (((b) & (c)) | (((b)|(c)) & (d))) +#define F_60_79(b,c,d) F_20_39(b,c,d) #ifndef OPENSSL_SMALL_FOOTPRINT -#define BODY_00_15(i,a,b,c,d,e,f,xi) \ - (f)=xi+(e)+K_00_19+ROTATE((a),5)+F_00_19((b),(c),(d)); \ - (b)=ROTATE((b),30); - -#define BODY_16_19(i,a,b,c,d,e,f,xi,xa,xb,xc,xd) \ - Xupdate(f,xi,xa,xb,xc,xd); \ - (f)+=(e)+K_00_19+ROTATE((a),5)+F_00_19((b),(c),(d)); \ - (b)=ROTATE((b),30); - -#define BODY_20_31(i,a,b,c,d,e,f,xi,xa,xb,xc,xd) \ - Xupdate(f,xi,xa,xb,xc,xd); \ - (f)+=(e)+K_20_39+ROTATE((a),5)+F_20_39((b),(c),(d)); \ - (b)=ROTATE((b),30); - -#define BODY_32_39(i,a,b,c,d,e,f,xa,xb,xc,xd) \ - Xupdate(f,xa,xa,xb,xc,xd); \ - (f)+=(e)+K_20_39+ROTATE((a),5)+F_20_39((b),(c),(d)); \ - (b)=ROTATE((b),30); - -#define BODY_40_59(i,a,b,c,d,e,f,xa,xb,xc,xd) \ - Xupdate(f,xa,xa,xb,xc,xd); \ - (f)+=(e)+K_40_59+ROTATE((a),5)+F_40_59((b),(c),(d)); \ - (b)=ROTATE((b),30); - -#define BODY_60_79(i,a,b,c,d,e,f,xa,xb,xc,xd) \ - Xupdate(f,xa,xa,xb,xc,xd); \ - (f)=xa+(e)+K_60_79+ROTATE((a),5)+F_60_79((b),(c),(d)); \ - (b)=ROTATE((b),30); - -#ifdef X -#undef X -#endif -#ifndef MD32_XARRAY +# define BODY_00_15(i,a,b,c,d,e,f,xi) \ + (f)=xi+(e)+K_00_19+ROTATE((a),5)+F_00_19((b),(c),(d)); \ + (b)=ROTATE((b),30); + +# define BODY_16_19(i,a,b,c,d,e,f,xi,xa,xb,xc,xd) \ + Xupdate(f,xi,xa,xb,xc,xd); \ + (f)+=(e)+K_00_19+ROTATE((a),5)+F_00_19((b),(c),(d)); \ + (b)=ROTATE((b),30); + +# define BODY_20_31(i,a,b,c,d,e,f,xi,xa,xb,xc,xd) \ + Xupdate(f,xi,xa,xb,xc,xd); \ + (f)+=(e)+K_20_39+ROTATE((a),5)+F_20_39((b),(c),(d)); \ + (b)=ROTATE((b),30); + +# define BODY_32_39(i,a,b,c,d,e,f,xa,xb,xc,xd) \ + Xupdate(f,xa,xa,xb,xc,xd); \ + (f)+=(e)+K_20_39+ROTATE((a),5)+F_20_39((b),(c),(d)); \ + (b)=ROTATE((b),30); + +# define BODY_40_59(i,a,b,c,d,e,f,xa,xb,xc,xd) \ + Xupdate(f,xa,xa,xb,xc,xd); \ + (f)+=(e)+K_40_59+ROTATE((a),5)+F_40_59((b),(c),(d)); \ + (b)=ROTATE((b),30); + +# define BODY_60_79(i,a,b,c,d,e,f,xa,xb,xc,xd) \ + Xupdate(f,xa,xa,xb,xc,xd); \ + (f)=xa+(e)+K_60_79+ROTATE((a),5)+F_60_79((b),(c),(d)); \ + (b)=ROTATE((b),30); + +# ifdef X +# undef X +# endif +# ifndef MD32_XARRAY /* * Originally X was an array. As it's automatic it's natural * to expect RISC compiler to accomodate at least part of it in @@ -196,246 +196,305 @@ fips_md_init_ctx(SHA1, SHA) * "find" this expectation reasonable:-( On order to make such * compilers generate better code I replace X[] with a bunch of * X0, X1, etc. See the function body below... - * + * */ -# define X(i) XX##i -#else +# define X(i) XX##i +# else /* * However! Some compilers (most notably HP C) get overwhelmed by * that many local variables so that we have to have the way to * fall down to the original behavior. */ -# define X(i) XX[i] -#endif - -#if !defined(SHA_1) || !defined(SHA1_ASM) -static void HASH_BLOCK_DATA_ORDER (SHA_CTX *c, const void *p, size_t num) - { - const unsigned char *data=p; - register unsigned MD32_REG_T A,B,C,D,E,T,l; -#ifndef MD32_XARRAY - unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, - XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15; -#else - SHA_LONG XX[16]; -#endif +# define X(i) XX[i] +# endif - A=c->h0; - B=c->h1; - C=c->h2; - D=c->h3; - E=c->h4; - - for (;;) - { - const union { long one; char little; } is_endian = {1}; - - if (!is_endian.little && sizeof(SHA_LONG)==4 && ((size_t)p%4)==0) - { - const SHA_LONG *W=(const SHA_LONG *)data; - - X( 0) = W[0]; X( 1) = W[ 1]; - BODY_00_15( 0,A,B,C,D,E,T,X( 0)); X( 2) = W[ 2]; - BODY_00_15( 1,T,A,B,C,D,E,X( 1)); X( 3) = W[ 3]; - BODY_00_15( 2,E,T,A,B,C,D,X( 2)); X( 4) = W[ 4]; - BODY_00_15( 3,D,E,T,A,B,C,X( 3)); X( 5) = W[ 5]; - BODY_00_15( 4,C,D,E,T,A,B,X( 4)); X( 6) = W[ 6]; - BODY_00_15( 5,B,C,D,E,T,A,X( 5)); X( 7) = W[ 7]; - BODY_00_15( 6,A,B,C,D,E,T,X( 6)); X( 8) = W[ 8]; - BODY_00_15( 7,T,A,B,C,D,E,X( 7)); X( 9) = W[ 9]; - BODY_00_15( 8,E,T,A,B,C,D,X( 8)); X(10) = W[10]; - BODY_00_15( 9,D,E,T,A,B,C,X( 9)); X(11) = W[11]; - BODY_00_15(10,C,D,E,T,A,B,X(10)); X(12) = W[12]; - BODY_00_15(11,B,C,D,E,T,A,X(11)); X(13) = W[13]; - BODY_00_15(12,A,B,C,D,E,T,X(12)); X(14) = W[14]; - BODY_00_15(13,T,A,B,C,D,E,X(13)); X(15) = W[15]; - BODY_00_15(14,E,T,A,B,C,D,X(14)); - BODY_00_15(15,D,E,T,A,B,C,X(15)); - - data += SHA_CBLOCK; - } - else - { - (void)HOST_c2l(data,l); X( 0)=l; (void)HOST_c2l(data,l); X( 1)=l; - BODY_00_15( 0,A,B,C,D,E,T,X( 0)); (void)HOST_c2l(data,l); X( 2)=l; - BODY_00_15( 1,T,A,B,C,D,E,X( 1)); (void)HOST_c2l(data,l); X( 3)=l; - BODY_00_15( 2,E,T,A,B,C,D,X( 2)); (void)HOST_c2l(data,l); X( 4)=l; - BODY_00_15( 3,D,E,T,A,B,C,X( 3)); (void)HOST_c2l(data,l); X( 5)=l; - BODY_00_15( 4,C,D,E,T,A,B,X( 4)); (void)HOST_c2l(data,l); X( 6)=l; - BODY_00_15( 5,B,C,D,E,T,A,X( 5)); (void)HOST_c2l(data,l); X( 7)=l; - BODY_00_15( 6,A,B,C,D,E,T,X( 6)); (void)HOST_c2l(data,l); X( 8)=l; - BODY_00_15( 7,T,A,B,C,D,E,X( 7)); (void)HOST_c2l(data,l); X( 9)=l; - BODY_00_15( 8,E,T,A,B,C,D,X( 8)); (void)HOST_c2l(data,l); X(10)=l; - BODY_00_15( 9,D,E,T,A,B,C,X( 9)); (void)HOST_c2l(data,l); X(11)=l; - BODY_00_15(10,C,D,E,T,A,B,X(10)); (void)HOST_c2l(data,l); X(12)=l; - BODY_00_15(11,B,C,D,E,T,A,X(11)); (void)HOST_c2l(data,l); X(13)=l; - BODY_00_15(12,A,B,C,D,E,T,X(12)); (void)HOST_c2l(data,l); X(14)=l; - BODY_00_15(13,T,A,B,C,D,E,X(13)); (void)HOST_c2l(data,l); X(15)=l; - BODY_00_15(14,E,T,A,B,C,D,X(14)); - BODY_00_15(15,D,E,T,A,B,C,X(15)); - } - - BODY_16_19(16,C,D,E,T,A,B,X( 0),X( 0),X( 2),X( 8),X(13)); - BODY_16_19(17,B,C,D,E,T,A,X( 1),X( 1),X( 3),X( 9),X(14)); - BODY_16_19(18,A,B,C,D,E,T,X( 2),X( 2),X( 4),X(10),X(15)); - BODY_16_19(19,T,A,B,C,D,E,X( 3),X( 3),X( 5),X(11),X( 0)); - - BODY_20_31(20,E,T,A,B,C,D,X( 4),X( 4),X( 6),X(12),X( 1)); - BODY_20_31(21,D,E,T,A,B,C,X( 5),X( 5),X( 7),X(13),X( 2)); - BODY_20_31(22,C,D,E,T,A,B,X( 6),X( 6),X( 8),X(14),X( 3)); - BODY_20_31(23,B,C,D,E,T,A,X( 7),X( 7),X( 9),X(15),X( 4)); - BODY_20_31(24,A,B,C,D,E,T,X( 8),X( 8),X(10),X( 0),X( 5)); - BODY_20_31(25,T,A,B,C,D,E,X( 9),X( 9),X(11),X( 1),X( 6)); - BODY_20_31(26,E,T,A,B,C,D,X(10),X(10),X(12),X( 2),X( 7)); - BODY_20_31(27,D,E,T,A,B,C,X(11),X(11),X(13),X( 3),X( 8)); - BODY_20_31(28,C,D,E,T,A,B,X(12),X(12),X(14),X( 4),X( 9)); - BODY_20_31(29,B,C,D,E,T,A,X(13),X(13),X(15),X( 5),X(10)); - BODY_20_31(30,A,B,C,D,E,T,X(14),X(14),X( 0),X( 6),X(11)); - BODY_20_31(31,T,A,B,C,D,E,X(15),X(15),X( 1),X( 7),X(12)); - - BODY_32_39(32,E,T,A,B,C,D,X( 0),X( 2),X( 8),X(13)); - BODY_32_39(33,D,E,T,A,B,C,X( 1),X( 3),X( 9),X(14)); - BODY_32_39(34,C,D,E,T,A,B,X( 2),X( 4),X(10),X(15)); - BODY_32_39(35,B,C,D,E,T,A,X( 3),X( 5),X(11),X( 0)); - BODY_32_39(36,A,B,C,D,E,T,X( 4),X( 6),X(12),X( 1)); - BODY_32_39(37,T,A,B,C,D,E,X( 5),X( 7),X(13),X( 2)); - BODY_32_39(38,E,T,A,B,C,D,X( 6),X( 8),X(14),X( 3)); - BODY_32_39(39,D,E,T,A,B,C,X( 7),X( 9),X(15),X( 4)); - - BODY_40_59(40,C,D,E,T,A,B,X( 8),X(10),X( 0),X( 5)); - BODY_40_59(41,B,C,D,E,T,A,X( 9),X(11),X( 1),X( 6)); - BODY_40_59(42,A,B,C,D,E,T,X(10),X(12),X( 2),X( 7)); - BODY_40_59(43,T,A,B,C,D,E,X(11),X(13),X( 3),X( 8)); - BODY_40_59(44,E,T,A,B,C,D,X(12),X(14),X( 4),X( 9)); - BODY_40_59(45,D,E,T,A,B,C,X(13),X(15),X( 5),X(10)); - BODY_40_59(46,C,D,E,T,A,B,X(14),X( 0),X( 6),X(11)); - BODY_40_59(47,B,C,D,E,T,A,X(15),X( 1),X( 7),X(12)); - BODY_40_59(48,A,B,C,D,E,T,X( 0),X( 2),X( 8),X(13)); - BODY_40_59(49,T,A,B,C,D,E,X( 1),X( 3),X( 9),X(14)); - BODY_40_59(50,E,T,A,B,C,D,X( 2),X( 4),X(10),X(15)); - BODY_40_59(51,D,E,T,A,B,C,X( 3),X( 5),X(11),X( 0)); - BODY_40_59(52,C,D,E,T,A,B,X( 4),X( 6),X(12),X( 1)); - BODY_40_59(53,B,C,D,E,T,A,X( 5),X( 7),X(13),X( 2)); - BODY_40_59(54,A,B,C,D,E,T,X( 6),X( 8),X(14),X( 3)); - BODY_40_59(55,T,A,B,C,D,E,X( 7),X( 9),X(15),X( 4)); - BODY_40_59(56,E,T,A,B,C,D,X( 8),X(10),X( 0),X( 5)); - BODY_40_59(57,D,E,T,A,B,C,X( 9),X(11),X( 1),X( 6)); - BODY_40_59(58,C,D,E,T,A,B,X(10),X(12),X( 2),X( 7)); - BODY_40_59(59,B,C,D,E,T,A,X(11),X(13),X( 3),X( 8)); - - BODY_60_79(60,A,B,C,D,E,T,X(12),X(14),X( 4),X( 9)); - BODY_60_79(61,T,A,B,C,D,E,X(13),X(15),X( 5),X(10)); - BODY_60_79(62,E,T,A,B,C,D,X(14),X( 0),X( 6),X(11)); - BODY_60_79(63,D,E,T,A,B,C,X(15),X( 1),X( 7),X(12)); - BODY_60_79(64,C,D,E,T,A,B,X( 0),X( 2),X( 8),X(13)); - BODY_60_79(65,B,C,D,E,T,A,X( 1),X( 3),X( 9),X(14)); - BODY_60_79(66,A,B,C,D,E,T,X( 2),X( 4),X(10),X(15)); - BODY_60_79(67,T,A,B,C,D,E,X( 3),X( 5),X(11),X( 0)); - BODY_60_79(68,E,T,A,B,C,D,X( 4),X( 6),X(12),X( 1)); - BODY_60_79(69,D,E,T,A,B,C,X( 5),X( 7),X(13),X( 2)); - BODY_60_79(70,C,D,E,T,A,B,X( 6),X( 8),X(14),X( 3)); - BODY_60_79(71,B,C,D,E,T,A,X( 7),X( 9),X(15),X( 4)); - BODY_60_79(72,A,B,C,D,E,T,X( 8),X(10),X( 0),X( 5)); - BODY_60_79(73,T,A,B,C,D,E,X( 9),X(11),X( 1),X( 6)); - BODY_60_79(74,E,T,A,B,C,D,X(10),X(12),X( 2),X( 7)); - BODY_60_79(75,D,E,T,A,B,C,X(11),X(13),X( 3),X( 8)); - BODY_60_79(76,C,D,E,T,A,B,X(12),X(14),X( 4),X( 9)); - BODY_60_79(77,B,C,D,E,T,A,X(13),X(15),X( 5),X(10)); - BODY_60_79(78,A,B,C,D,E,T,X(14),X( 0),X( 6),X(11)); - BODY_60_79(79,T,A,B,C,D,E,X(15),X( 1),X( 7),X(12)); - - c->h0=(c->h0+E)&0xffffffffL; - c->h1=(c->h1+T)&0xffffffffL; - c->h2=(c->h2+A)&0xffffffffL; - c->h3=(c->h3+B)&0xffffffffL; - c->h4=(c->h4+C)&0xffffffffL; - - if (--num == 0) break; - - A=c->h0; - B=c->h1; - C=c->h2; - D=c->h3; - E=c->h4; - - } - } -#endif +# if !defined(SHA_1) || !defined(SHA1_ASM) +static void HASH_BLOCK_DATA_ORDER(SHA_CTX *c, const void *p, size_t num) +{ + const unsigned char *data = p; + register unsigned MD32_REG_T A, B, C, D, E, T, l; +# ifndef MD32_XARRAY + unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, + XX8, XX9, XX10, XX11, XX12, XX13, XX14, XX15; +# else + SHA_LONG XX[16]; +# endif + + A = c->h0; + B = c->h1; + C = c->h2; + D = c->h3; + E = c->h4; + + for (;;) { + const union { + long one; + char little; + } is_endian = { + 1 + }; + + if (!is_endian.little && sizeof(SHA_LONG) == 4 + && ((size_t)p % 4) == 0) { + const SHA_LONG *W = (const SHA_LONG *)data; + + X(0) = W[0]; + X(1) = W[1]; + BODY_00_15(0, A, B, C, D, E, T, X(0)); + X(2) = W[2]; + BODY_00_15(1, T, A, B, C, D, E, X(1)); + X(3) = W[3]; + BODY_00_15(2, E, T, A, B, C, D, X(2)); + X(4) = W[4]; + BODY_00_15(3, D, E, T, A, B, C, X(3)); + X(5) = W[5]; + BODY_00_15(4, C, D, E, T, A, B, X(4)); + X(6) = W[6]; + BODY_00_15(5, B, C, D, E, T, A, X(5)); + X(7) = W[7]; + BODY_00_15(6, A, B, C, D, E, T, X(6)); + X(8) = W[8]; + BODY_00_15(7, T, A, B, C, D, E, X(7)); + X(9) = W[9]; + BODY_00_15(8, E, T, A, B, C, D, X(8)); + X(10) = W[10]; + BODY_00_15(9, D, E, T, A, B, C, X(9)); + X(11) = W[11]; + BODY_00_15(10, C, D, E, T, A, B, X(10)); + X(12) = W[12]; + BODY_00_15(11, B, C, D, E, T, A, X(11)); + X(13) = W[13]; + BODY_00_15(12, A, B, C, D, E, T, X(12)); + X(14) = W[14]; + BODY_00_15(13, T, A, B, C, D, E, X(13)); + X(15) = W[15]; + BODY_00_15(14, E, T, A, B, C, D, X(14)); + BODY_00_15(15, D, E, T, A, B, C, X(15)); + + data += SHA_CBLOCK; + } else { + (void)HOST_c2l(data, l); + X(0) = l; + (void)HOST_c2l(data, l); + X(1) = l; + BODY_00_15(0, A, B, C, D, E, T, X(0)); + (void)HOST_c2l(data, l); + X(2) = l; + BODY_00_15(1, T, A, B, C, D, E, X(1)); + (void)HOST_c2l(data, l); + X(3) = l; + BODY_00_15(2, E, T, A, B, C, D, X(2)); + (void)HOST_c2l(data, l); + X(4) = l; + BODY_00_15(3, D, E, T, A, B, C, X(3)); + (void)HOST_c2l(data, l); + X(5) = l; + BODY_00_15(4, C, D, E, T, A, B, X(4)); + (void)HOST_c2l(data, l); + X(6) = l; + BODY_00_15(5, B, C, D, E, T, A, X(5)); + (void)HOST_c2l(data, l); + X(7) = l; + BODY_00_15(6, A, B, C, D, E, T, X(6)); + (void)HOST_c2l(data, l); + X(8) = l; + BODY_00_15(7, T, A, B, C, D, E, X(7)); + (void)HOST_c2l(data, l); + X(9) = l; + BODY_00_15(8, E, T, A, B, C, D, X(8)); + (void)HOST_c2l(data, l); + X(10) = l; + BODY_00_15(9, D, E, T, A, B, C, X(9)); + (void)HOST_c2l(data, l); + X(11) = l; + BODY_00_15(10, C, D, E, T, A, B, X(10)); + (void)HOST_c2l(data, l); + X(12) = l; + BODY_00_15(11, B, C, D, E, T, A, X(11)); + (void)HOST_c2l(data, l); + X(13) = l; + BODY_00_15(12, A, B, C, D, E, T, X(12)); + (void)HOST_c2l(data, l); + X(14) = l; + BODY_00_15(13, T, A, B, C, D, E, X(13)); + (void)HOST_c2l(data, l); + X(15) = l; + BODY_00_15(14, E, T, A, B, C, D, X(14)); + BODY_00_15(15, D, E, T, A, B, C, X(15)); + } + + BODY_16_19(16, C, D, E, T, A, B, X(0), X(0), X(2), X(8), X(13)); + BODY_16_19(17, B, C, D, E, T, A, X(1), X(1), X(3), X(9), X(14)); + BODY_16_19(18, A, B, C, D, E, T, X(2), X(2), X(4), X(10), X(15)); + BODY_16_19(19, T, A, B, C, D, E, X(3), X(3), X(5), X(11), X(0)); + + BODY_20_31(20, E, T, A, B, C, D, X(4), X(4), X(6), X(12), X(1)); + BODY_20_31(21, D, E, T, A, B, C, X(5), X(5), X(7), X(13), X(2)); + BODY_20_31(22, C, D, E, T, A, B, X(6), X(6), X(8), X(14), X(3)); + BODY_20_31(23, B, C, D, E, T, A, X(7), X(7), X(9), X(15), X(4)); + BODY_20_31(24, A, B, C, D, E, T, X(8), X(8), X(10), X(0), X(5)); + BODY_20_31(25, T, A, B, C, D, E, X(9), X(9), X(11), X(1), X(6)); + BODY_20_31(26, E, T, A, B, C, D, X(10), X(10), X(12), X(2), X(7)); + BODY_20_31(27, D, E, T, A, B, C, X(11), X(11), X(13), X(3), X(8)); + BODY_20_31(28, C, D, E, T, A, B, X(12), X(12), X(14), X(4), X(9)); + BODY_20_31(29, B, C, D, E, T, A, X(13), X(13), X(15), X(5), X(10)); + BODY_20_31(30, A, B, C, D, E, T, X(14), X(14), X(0), X(6), X(11)); + BODY_20_31(31, T, A, B, C, D, E, X(15), X(15), X(1), X(7), X(12)); + + BODY_32_39(32, E, T, A, B, C, D, X(0), X(2), X(8), X(13)); + BODY_32_39(33, D, E, T, A, B, C, X(1), X(3), X(9), X(14)); + BODY_32_39(34, C, D, E, T, A, B, X(2), X(4), X(10), X(15)); + BODY_32_39(35, B, C, D, E, T, A, X(3), X(5), X(11), X(0)); + BODY_32_39(36, A, B, C, D, E, T, X(4), X(6), X(12), X(1)); + BODY_32_39(37, T, A, B, C, D, E, X(5), X(7), X(13), X(2)); + BODY_32_39(38, E, T, A, B, C, D, X(6), X(8), X(14), X(3)); + BODY_32_39(39, D, E, T, A, B, C, X(7), X(9), X(15), X(4)); + + BODY_40_59(40, C, D, E, T, A, B, X(8), X(10), X(0), X(5)); + BODY_40_59(41, B, C, D, E, T, A, X(9), X(11), X(1), X(6)); + BODY_40_59(42, A, B, C, D, E, T, X(10), X(12), X(2), X(7)); + BODY_40_59(43, T, A, B, C, D, E, X(11), X(13), X(3), X(8)); + BODY_40_59(44, E, T, A, B, C, D, X(12), X(14), X(4), X(9)); + BODY_40_59(45, D, E, T, A, B, C, X(13), X(15), X(5), X(10)); + BODY_40_59(46, C, D, E, T, A, B, X(14), X(0), X(6), X(11)); + BODY_40_59(47, B, C, D, E, T, A, X(15), X(1), X(7), X(12)); + BODY_40_59(48, A, B, C, D, E, T, X(0), X(2), X(8), X(13)); + BODY_40_59(49, T, A, B, C, D, E, X(1), X(3), X(9), X(14)); + BODY_40_59(50, E, T, A, B, C, D, X(2), X(4), X(10), X(15)); + BODY_40_59(51, D, E, T, A, B, C, X(3), X(5), X(11), X(0)); + BODY_40_59(52, C, D, E, T, A, B, X(4), X(6), X(12), X(1)); + BODY_40_59(53, B, C, D, E, T, A, X(5), X(7), X(13), X(2)); + BODY_40_59(54, A, B, C, D, E, T, X(6), X(8), X(14), X(3)); + BODY_40_59(55, T, A, B, C, D, E, X(7), X(9), X(15), X(4)); + BODY_40_59(56, E, T, A, B, C, D, X(8), X(10), X(0), X(5)); + BODY_40_59(57, D, E, T, A, B, C, X(9), X(11), X(1), X(6)); + BODY_40_59(58, C, D, E, T, A, B, X(10), X(12), X(2), X(7)); + BODY_40_59(59, B, C, D, E, T, A, X(11), X(13), X(3), X(8)); + + BODY_60_79(60, A, B, C, D, E, T, X(12), X(14), X(4), X(9)); + BODY_60_79(61, T, A, B, C, D, E, X(13), X(15), X(5), X(10)); + BODY_60_79(62, E, T, A, B, C, D, X(14), X(0), X(6), X(11)); + BODY_60_79(63, D, E, T, A, B, C, X(15), X(1), X(7), X(12)); + BODY_60_79(64, C, D, E, T, A, B, X(0), X(2), X(8), X(13)); + BODY_60_79(65, B, C, D, E, T, A, X(1), X(3), X(9), X(14)); + BODY_60_79(66, A, B, C, D, E, T, X(2), X(4), X(10), X(15)); + BODY_60_79(67, T, A, B, C, D, E, X(3), X(5), X(11), X(0)); + BODY_60_79(68, E, T, A, B, C, D, X(4), X(6), X(12), X(1)); + BODY_60_79(69, D, E, T, A, B, C, X(5), X(7), X(13), X(2)); + BODY_60_79(70, C, D, E, T, A, B, X(6), X(8), X(14), X(3)); + BODY_60_79(71, B, C, D, E, T, A, X(7), X(9), X(15), X(4)); + BODY_60_79(72, A, B, C, D, E, T, X(8), X(10), X(0), X(5)); + BODY_60_79(73, T, A, B, C, D, E, X(9), X(11), X(1), X(6)); + BODY_60_79(74, E, T, A, B, C, D, X(10), X(12), X(2), X(7)); + BODY_60_79(75, D, E, T, A, B, C, X(11), X(13), X(3), X(8)); + BODY_60_79(76, C, D, E, T, A, B, X(12), X(14), X(4), X(9)); + BODY_60_79(77, B, C, D, E, T, A, X(13), X(15), X(5), X(10)); + BODY_60_79(78, A, B, C, D, E, T, X(14), X(0), X(6), X(11)); + BODY_60_79(79, T, A, B, C, D, E, X(15), X(1), X(7), X(12)); + + c->h0 = (c->h0 + E) & 0xffffffffL; + c->h1 = (c->h1 + T) & 0xffffffffL; + c->h2 = (c->h2 + A) & 0xffffffffL; + c->h3 = (c->h3 + B) & 0xffffffffL; + c->h4 = (c->h4 + C) & 0xffffffffL; + + if (--num == 0) + break; + + A = c->h0; + B = c->h1; + C = c->h2; + D = c->h3; + E = c->h4; + + } +} +# endif -#else /* OPENSSL_SMALL_FOOTPRINT */ - -#define BODY_00_15(xi) do { \ - T=E+K_00_19+F_00_19(B,C,D); \ - E=D, D=C, C=ROTATE(B,30), B=A; \ - A=ROTATE(A,5)+T+xi; } while(0) - -#define BODY_16_19(xa,xb,xc,xd) do { \ - Xupdate(T,xa,xa,xb,xc,xd); \ - T+=E+K_00_19+F_00_19(B,C,D); \ - E=D, D=C, C=ROTATE(B,30), B=A; \ - A=ROTATE(A,5)+T; } while(0) - -#define BODY_20_39(xa,xb,xc,xd) do { \ - Xupdate(T,xa,xa,xb,xc,xd); \ - T+=E+K_20_39+F_20_39(B,C,D); \ - E=D, D=C, C=ROTATE(B,30), B=A; \ - A=ROTATE(A,5)+T; } while(0) - -#define BODY_40_59(xa,xb,xc,xd) do { \ - Xupdate(T,xa,xa,xb,xc,xd); \ - T+=E+K_40_59+F_40_59(B,C,D); \ - E=D, D=C, C=ROTATE(B,30), B=A; \ - A=ROTATE(A,5)+T; } while(0) - -#define BODY_60_79(xa,xb,xc,xd) do { \ - Xupdate(T,xa,xa,xb,xc,xd); \ - T=E+K_60_79+F_60_79(B,C,D); \ - E=D, D=C, C=ROTATE(B,30), B=A; \ - A=ROTATE(A,5)+T+xa; } while(0) - -#if !defined(SHA_1) || !defined(SHA1_ASM) -static void HASH_BLOCK_DATA_ORDER (SHA_CTX *c, const void *p, size_t num) - { - const unsigned char *data=p; - register unsigned MD32_REG_T A,B,C,D,E,T,l; - int i; - SHA_LONG X[16]; - - A=c->h0; - B=c->h1; - C=c->h2; - D=c->h3; - E=c->h4; - - for (;;) - { - for (i=0;i<16;i++) - { HOST_c2l(data,l); X[i]=l; BODY_00_15(X[i]); } - for (i=0;i<4;i++) - { BODY_16_19(X[i], X[i+2], X[i+8], X[(i+13)&15]); } - for (;i<24;i++) - { BODY_20_39(X[i&15], X[(i+2)&15], X[(i+8)&15],X[(i+13)&15]); } - for (i=0;i<20;i++) - { BODY_40_59(X[(i+8)&15],X[(i+10)&15],X[i&15], X[(i+5)&15]); } - for (i=4;i<24;i++) - { BODY_60_79(X[(i+8)&15],X[(i+10)&15],X[i&15], X[(i+5)&15]); } - - c->h0=(c->h0+A)&0xffffffffL; - c->h1=(c->h1+B)&0xffffffffL; - c->h2=(c->h2+C)&0xffffffffL; - c->h3=(c->h3+D)&0xffffffffL; - c->h4=(c->h4+E)&0xffffffffL; - - if (--num == 0) break; - - A=c->h0; - B=c->h1; - C=c->h2; - D=c->h3; - E=c->h4; - - } - } -#endif +#else /* OPENSSL_SMALL_FOOTPRINT */ + +# define BODY_00_15(xi) do { \ + T=E+K_00_19+F_00_19(B,C,D); \ + E=D, D=C, C=ROTATE(B,30), B=A; \ + A=ROTATE(A,5)+T+xi; } while(0) + +# define BODY_16_19(xa,xb,xc,xd) do { \ + Xupdate(T,xa,xa,xb,xc,xd); \ + T+=E+K_00_19+F_00_19(B,C,D); \ + E=D, D=C, C=ROTATE(B,30), B=A; \ + A=ROTATE(A,5)+T; } while(0) + +# define BODY_20_39(xa,xb,xc,xd) do { \ + Xupdate(T,xa,xa,xb,xc,xd); \ + T+=E+K_20_39+F_20_39(B,C,D); \ + E=D, D=C, C=ROTATE(B,30), B=A; \ + A=ROTATE(A,5)+T; } while(0) + +# define BODY_40_59(xa,xb,xc,xd) do { \ + Xupdate(T,xa,xa,xb,xc,xd); \ + T+=E+K_40_59+F_40_59(B,C,D); \ + E=D, D=C, C=ROTATE(B,30), B=A; \ + A=ROTATE(A,5)+T; } while(0) + +# define BODY_60_79(xa,xb,xc,xd) do { \ + Xupdate(T,xa,xa,xb,xc,xd); \ + T=E+K_60_79+F_60_79(B,C,D); \ + E=D, D=C, C=ROTATE(B,30), B=A; \ + A=ROTATE(A,5)+T+xa; } while(0) + +# if !defined(SHA_1) || !defined(SHA1_ASM) +static void HASH_BLOCK_DATA_ORDER(SHA_CTX *c, const void *p, size_t num) +{ + const unsigned char *data = p; + register unsigned MD32_REG_T A, B, C, D, E, T, l; + int i; + SHA_LONG X[16]; + + A = c->h0; + B = c->h1; + C = c->h2; + D = c->h3; + E = c->h4; + + for (;;) { + for (i = 0; i < 16; i++) { + HOST_c2l(data, l); + X[i] = l; + BODY_00_15(X[i]); + } + for (i = 0; i < 4; i++) { + BODY_16_19(X[i], X[i + 2], X[i + 8], X[(i + 13) & 15]); + } + for (; i < 24; i++) { + BODY_20_39(X[i & 15], X[(i + 2) & 15], X[(i + 8) & 15], + X[(i + 13) & 15]); + } + for (i = 0; i < 20; i++) { + BODY_40_59(X[(i + 8) & 15], X[(i + 10) & 15], X[i & 15], + X[(i + 5) & 15]); + } + for (i = 4; i < 24; i++) { + BODY_60_79(X[(i + 8) & 15], X[(i + 10) & 15], X[i & 15], + X[(i + 5) & 15]); + } + + c->h0 = (c->h0 + A) & 0xffffffffL; + c->h1 = (c->h1 + B) & 0xffffffffL; + c->h2 = (c->h2 + C) & 0xffffffffL; + c->h3 = (c->h3 + D) & 0xffffffffL; + c->h4 = (c->h4 + E) & 0xffffffffL; + + if (--num == 0) + break; + + A = c->h0; + B = c->h1; + C = c->h2; + D = c->h3; + E = c->h4; + + } +} +# endif #endif diff --git a/crypto/openssl/crypto/sha/sha_one.c b/crypto/openssl/crypto/sha/sha_one.c index 3bae623..0930b98 100644 --- a/crypto/openssl/crypto/sha/sha_one.c +++ b/crypto/openssl/crypto/sha/sha_one.c @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -63,16 +63,17 @@ #ifndef OPENSSL_NO_SHA0 unsigned char *SHA(const unsigned char *d, size_t n, unsigned char *md) - { - SHA_CTX c; - static unsigned char m[SHA_DIGEST_LENGTH]; +{ + SHA_CTX c; + static unsigned char m[SHA_DIGEST_LENGTH]; - if (md == NULL) md=m; - if (!SHA_Init(&c)) - return NULL; - SHA_Update(&c,d,n); - SHA_Final(md,&c); - OPENSSL_cleanse(&c,sizeof(c)); - return(md); - } + if (md == NULL) + md = m; + if (!SHA_Init(&c)) + return NULL; + SHA_Update(&c, d, n); + SHA_Final(md, &c); + OPENSSL_cleanse(&c, sizeof(c)); + return (md); +} #endif diff --git a/crypto/openssl/crypto/sha/shatest.c b/crypto/openssl/crypto/sha/shatest.c index 2761464..105060a 100644 --- a/crypto/openssl/crypto/sha/shatest.c +++ b/crypto/openssl/crypto/sha/shatest.c @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -66,113 +66,109 @@ int main(int argc, char *argv[]) { printf("No SHA0 support\n"); - return(0); + return (0); } #else -#include -#include +# include +# include -#ifdef CHARSET_EBCDIC -#include -#endif +# ifdef CHARSET_EBCDIC +# include +# endif -#define SHA_0 /* FIPS 180 */ -#undef SHA_1 /* FIPS 180-1 */ - -static char *test[]={ - "abc", - "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", - NULL, - }; - -#ifdef SHA_0 -static char *ret[]={ - "0164b8a914cd2a5e74c4f7ff082c4d97f1edf880", - "d2516ee1acfa5baf33dfc1c471e438449ef134c8", - }; -static char *bigret= - "3232affa48628a26653b5aaa44541fd90d690603"; -#endif -#ifdef SHA_1 -static char *ret[]={ - "a9993e364706816aba3e25717850c26c9cd0d89d", - "84983e441c3bd26ebaae4aa1f95129e5e54670f1", - }; -static char *bigret= - "34aa973cd4c4daa4f61eeb2bdbad27316534016f"; -#endif +# define SHA_0 /* FIPS 180 */ +# undef SHA_1 /* FIPS 180-1 */ + +static char *test[] = { + "abc", + "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", + NULL, +}; + +# ifdef SHA_0 +static char *ret[] = { + "0164b8a914cd2a5e74c4f7ff082c4d97f1edf880", + "d2516ee1acfa5baf33dfc1c471e438449ef134c8", +}; + +static char *bigret = "3232affa48628a26653b5aaa44541fd90d690603"; +# endif +# ifdef SHA_1 +static char *ret[] = { + "a9993e364706816aba3e25717850c26c9cd0d89d", + "84983e441c3bd26ebaae4aa1f95129e5e54670f1", +}; + +static char *bigret = "34aa973cd4c4daa4f61eeb2bdbad27316534016f"; +# endif static char *pt(unsigned char *md); int main(int argc, char *argv[]) - { - int i,err=0; - char **P,**R; - static unsigned char buf[1000]; - char *p,*r; - EVP_MD_CTX c; - unsigned char md[SHA_DIGEST_LENGTH]; - -#ifdef CHARSET_EBCDIC - ebcdic2ascii(test[0], test[0], strlen(test[0])); - ebcdic2ascii(test[1], test[1], strlen(test[1])); -#endif +{ + int i, err = 0; + char **P, **R; + static unsigned char buf[1000]; + char *p, *r; + EVP_MD_CTX c; + unsigned char md[SHA_DIGEST_LENGTH]; - EVP_MD_CTX_init(&c); - P=test; - R=ret; - i=1; - while (*P != NULL) - { - EVP_Digest(*P,strlen(*P),md,NULL,EVP_sha(), NULL); - p=pt(md); - if (strcmp(p,*R) != 0) - { - printf("error calculating SHA on '%s'\n",*P); - printf("got %s instead of %s\n",p,*R); - err++; - } - else - printf("test %d ok\n",i); - i++; - R++; - P++; - } - - memset(buf,'a',1000); -#ifdef CHARSET_EBCDIC - ebcdic2ascii(buf, buf, 1000); -#endif /*CHARSET_EBCDIC*/ - EVP_DigestInit_ex(&c,EVP_sha(), NULL); - for (i=0; i<1000; i++) - EVP_DigestUpdate(&c,buf,1000); - EVP_DigestFinal_ex(&c,md,NULL); - p=pt(md); - - r=bigret; - if (strcmp(p,r) != 0) - { - printf("error calculating SHA on '%s'\n",p); - printf("got %s instead of %s\n",p,r); - err++; - } - else - printf("test 3 ok\n"); - -#ifdef OPENSSL_SYS_NETWARE - if (err) printf("ERROR: %d\n", err); -#endif - EVP_MD_CTX_cleanup(&c); - EXIT(err); - return(0); - } +# ifdef CHARSET_EBCDIC + ebcdic2ascii(test[0], test[0], strlen(test[0])); + ebcdic2ascii(test[1], test[1], strlen(test[1])); +# endif + + EVP_MD_CTX_init(&c); + P = test; + R = ret; + i = 1; + while (*P != NULL) { + EVP_Digest(*P, strlen(*P), md, NULL, EVP_sha(), NULL); + p = pt(md); + if (strcmp(p, *R) != 0) { + printf("error calculating SHA on '%s'\n", *P); + printf("got %s instead of %s\n", p, *R); + err++; + } else + printf("test %d ok\n", i); + i++; + R++; + P++; + } + + memset(buf, 'a', 1000); +# ifdef CHARSET_EBCDIC + ebcdic2ascii(buf, buf, 1000); +# endif /* CHARSET_EBCDIC */ + EVP_DigestInit_ex(&c, EVP_sha(), NULL); + for (i = 0; i < 1000; i++) + EVP_DigestUpdate(&c, buf, 1000); + EVP_DigestFinal_ex(&c, md, NULL); + p = pt(md); + + r = bigret; + if (strcmp(p, r) != 0) { + printf("error calculating SHA on '%s'\n", p); + printf("got %s instead of %s\n", p, r); + err++; + } else + printf("test 3 ok\n"); + +# ifdef OPENSSL_SYS_NETWARE + if (err) + printf("ERROR: %d\n", err); +# endif + EVP_MD_CTX_cleanup(&c); + EXIT(err); + return (0); +} static char *pt(unsigned char *md) - { - int i; - static char buf[80]; - - for (i=0; i