X-Git-Url: http://erislabs.net/gitweb/?a=blobdiff_plain;f=lib%2Fsha256.c;h=9d6912cdc79e51ef33071d0c73745bbc17a7bebb;hb=8e0f64e4cd12f7779113bc438afd106dad3e1f1a;hp=4a632c9fbdc7d192a0412b7356868e1124aab690;hpb=c0e92a8bc2db0f1ea4df59b1d6812323b0e58233;p=gnulib.git diff --git a/lib/sha256.c b/lib/sha256.c index 4a632c9fb..9d6912cdc 100644 --- a/lib/sha256.c +++ b/lib/sha256.c @@ -1,7 +1,7 @@ /* sha256.c - Functions to compute SHA256 and SHA224 message digest of files or memory blocks according to the NIST specification FIPS-180-2. - Copyright (C) 2005, 2006, 2008 Free Software Foundation, Inc. + Copyright (C) 2005-2006, 2008-2013 Free Software Foundation, Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -22,9 +22,14 @@ #include +#if HAVE_OPENSSL_SHA256 +# define GL_OPENSSL_INLINE _GL_EXTERN_INLINE +#endif #include "sha256.h" -#include +#include +#include +#include #include #if USE_UNLOCKED_IO @@ -38,11 +43,12 @@ (((n) << 24) | (((n) & 0xff00) << 8) | (((n) >> 8) & 0xff00) | ((n) >> 24)) #endif -#define BLOCKSIZE 4096 +#define BLOCKSIZE 32768 #if BLOCKSIZE % 64 != 0 # error "invalid BLOCKSIZE" #endif +#if ! HAVE_OPENSSL_SHA256 /* This array contains the bytes used to pad the buffer to the next 64-byte boundary. */ static const unsigned char fillbuf[64] = { 0x80, 0 /* , 0, 0, ... */ }; @@ -50,7 +56,7 @@ static const unsigned char fillbuf[64] = { 0x80, 0 /* , 0, 0, ... */ }; /* Takes a pointer to a 256 bit block of data (eight 32 bit ints) and - intializes it to the start constants of the SHA256 algorithm. This + initializes it to the start constants of the SHA256 algorithm. This must be called before using hash in the call to sha256_hash */ void @@ -88,7 +94,7 @@ sha224_init_ctx (struct sha256_ctx *ctx) /* Copy the value from v into the memory location pointed to by *cp, If your architecture allows unaligned access this is equivalent to * (uint32_t *) cp = v */ -static inline void +static void set_uint32 (char *cp, uint32_t v) { memcpy (cp, &v, sizeof v); @@ -126,7 +132,7 @@ static void sha256_conclude_ctx (struct sha256_ctx *ctx) { /* Take yet unprocessed bytes into account. */ - uint32_t bytes = ctx->buflen; + size_t bytes = ctx->buflen; size_t size = (bytes < 56) ? 64 / 4 : 64 * 2 / 4; /* Now count remaining bytes. */ @@ -134,9 +140,13 @@ sha256_conclude_ctx (struct sha256_ctx *ctx) if (ctx->total[0] < bytes) ++ctx->total[1]; - /* Put the 64-bit file length in *bits* at the end of the buffer. */ - ctx->buffer[size - 2] = SWAP ((ctx->total[1] << 3) | (ctx->total[0] >> 29)); - ctx->buffer[size - 1] = SWAP (ctx->total[0] << 3); + /* Put the 64-bit file length in *bits* at the end of the buffer. + Use set_uint32 rather than a simple assignment, to avoid risk of + unaligned access. */ + set_uint32 ((char *) &ctx->buffer[size - 2], + SWAP ((ctx->total[1] << 3) | (ctx->total[0] >> 29))); + set_uint32 ((char *) &ctx->buffer[size - 1], + SWAP (ctx->total[0] << 3)); memcpy (&((char *) ctx->buffer)[bytes], fillbuf, (size - 2) * 4 - bytes); @@ -157,6 +167,7 @@ sha224_finish_ctx (struct sha256_ctx *ctx, void *resbuf) sha256_conclude_ctx (ctx); return sha224_read_ctx (ctx, resbuf); } +#endif /* Compute SHA256 message digest for bytes read from STREAM. The resulting message digest number will be written into the 32 bytes @@ -165,9 +176,12 @@ int sha256_stream (FILE *stream, void *resblock) { struct sha256_ctx ctx; - char buffer[BLOCKSIZE + 72]; size_t sum; + char *buffer = malloc (BLOCKSIZE + 72); + if (!buffer) + return 1; + /* Initialize the computation context. */ sha256_init_ctx (&ctx); @@ -175,40 +189,43 @@ sha256_stream (FILE *stream, void *resblock) while (1) { /* We read the file in blocks of BLOCKSIZE bytes. One call of the - computation function processes the whole buffer so that with the - next round of the loop another block can be read. */ + computation function processes the whole buffer so that with the + next round of the loop another block can be read. */ size_t n; sum = 0; /* Read block. Take care for partial reads. */ while (1) - { - n = fread (buffer + sum, 1, BLOCKSIZE - sum, stream); - - sum += n; - - if (sum == BLOCKSIZE) - break; - - if (n == 0) - { - /* Check for the error flag IFF N == 0, so that we don't - exit the loop after a partial read due to e.g., EAGAIN - or EWOULDBLOCK. */ - if (ferror (stream)) - return 1; - goto process_partial_block; - } - - /* We've read at least one byte, so ignore errors. But always - check for EOF, since feof may be true even though N > 0. - Otherwise, we could end up calling fread after EOF. */ - if (feof (stream)) - goto process_partial_block; - } + { + n = fread (buffer + sum, 1, BLOCKSIZE - sum, stream); + + sum += n; + + if (sum == BLOCKSIZE) + break; + + if (n == 0) + { + /* Check for the error flag IFF N == 0, so that we don't + exit the loop after a partial read due to e.g., EAGAIN + or EWOULDBLOCK. */ + if (ferror (stream)) + { + free (buffer); + return 1; + } + goto process_partial_block; + } + + /* We've read at least one byte, so ignore errors. But always + check for EOF, since feof may be true even though N > 0. + Otherwise, we could end up calling fread after EOF. */ + if (feof (stream)) + goto process_partial_block; + } /* Process buffer with BLOCKSIZE bytes. Note that - BLOCKSIZE % 64 == 0 + BLOCKSIZE % 64 == 0 */ sha256_process_block (buffer, BLOCKSIZE, &ctx); } @@ -221,6 +238,7 @@ sha256_stream (FILE *stream, void *resblock) /* Construct result in desired memory. */ sha256_finish_ctx (&ctx, resblock); + free (buffer); return 0; } @@ -229,9 +247,12 @@ int sha224_stream (FILE *stream, void *resblock) { struct sha256_ctx ctx; - char buffer[BLOCKSIZE + 72]; size_t sum; + char *buffer = malloc (BLOCKSIZE + 72); + if (!buffer) + return 1; + /* Initialize the computation context. */ sha224_init_ctx (&ctx); @@ -239,40 +260,43 @@ sha224_stream (FILE *stream, void *resblock) while (1) { /* We read the file in blocks of BLOCKSIZE bytes. One call of the - computation function processes the whole buffer so that with the - next round of the loop another block can be read. */ + computation function processes the whole buffer so that with the + next round of the loop another block can be read. */ size_t n; sum = 0; /* Read block. Take care for partial reads. */ while (1) - { - n = fread (buffer + sum, 1, BLOCKSIZE - sum, stream); - - sum += n; - - if (sum == BLOCKSIZE) - break; - - if (n == 0) - { - /* Check for the error flag IFF N == 0, so that we don't - exit the loop after a partial read due to e.g., EAGAIN - or EWOULDBLOCK. */ - if (ferror (stream)) - return 1; - goto process_partial_block; - } - - /* We've read at least one byte, so ignore errors. But always - check for EOF, since feof may be true even though N > 0. - Otherwise, we could end up calling fread after EOF. */ - if (feof (stream)) - goto process_partial_block; - } + { + n = fread (buffer + sum, 1, BLOCKSIZE - sum, stream); + + sum += n; + + if (sum == BLOCKSIZE) + break; + + if (n == 0) + { + /* Check for the error flag IFF N == 0, so that we don't + exit the loop after a partial read due to e.g., EAGAIN + or EWOULDBLOCK. */ + if (ferror (stream)) + { + free (buffer); + return 1; + } + goto process_partial_block; + } + + /* We've read at least one byte, so ignore errors. But always + check for EOF, since feof may be true even though N > 0. + Otherwise, we could end up calling fread after EOF. */ + if (feof (stream)) + goto process_partial_block; + } /* Process buffer with BLOCKSIZE bytes. Note that - BLOCKSIZE % 64 == 0 + BLOCKSIZE % 64 == 0 */ sha256_process_block (buffer, BLOCKSIZE, &ctx); } @@ -285,9 +309,11 @@ sha224_stream (FILE *stream, void *resblock) /* Construct result in desired memory. */ sha224_finish_ctx (&ctx, resblock); + free (buffer); return 0; } +#if ! HAVE_OPENSSL_SHA256 /* Compute SHA512 message digest for LEN bytes beginning at BUFFER. The result is always in little endian byte order, so that a byte-wise output yields to the wanted ASCII representation of the message @@ -336,15 +362,15 @@ sha256_process_bytes (const void *buffer, size_t len, struct sha256_ctx *ctx) ctx->buflen += add; if (ctx->buflen > 64) - { - sha256_process_block (ctx->buffer, ctx->buflen & ~63, ctx); + { + sha256_process_block (ctx->buffer, ctx->buflen & ~63, ctx); - ctx->buflen &= 63; - /* The regions in the following copy operation cannot overlap. */ - memcpy (ctx->buffer, - &((char *) ctx->buffer)[(left_over + add) & ~63], - ctx->buflen); - } + ctx->buflen &= 63; + /* The regions in the following copy operation cannot overlap. */ + memcpy (ctx->buffer, + &((char *) ctx->buffer)[(left_over + add) & ~63], + ctx->buflen); + } buffer = (const char *) buffer + add; len -= add; @@ -354,22 +380,21 @@ sha256_process_bytes (const void *buffer, size_t len, struct sha256_ctx *ctx) if (len >= 64) { #if !_STRING_ARCH_unaligned -# define alignof(type) offsetof (struct { char c; type x; }, x) -# define UNALIGNED_P(p) (((size_t) p) % alignof (uint32_t) != 0) +# define UNALIGNED_P(p) ((uintptr_t) (p) % alignof (uint32_t) != 0) if (UNALIGNED_P (buffer)) - while (len > 64) - { - sha256_process_block (memcpy (ctx->buffer, buffer, 64), 64, ctx); - buffer = (const char *) buffer + 64; - len -= 64; - } + while (len > 64) + { + sha256_process_block (memcpy (ctx->buffer, buffer, 64), 64, ctx); + buffer = (const char *) buffer + 64; + len -= 64; + } else #endif - { - sha256_process_block (buffer, len & ~63, ctx); - buffer = (const char *) buffer + (len & ~63); - len &= 63; - } + { + sha256_process_block (buffer, len & ~63, ctx); + buffer = (const char *) buffer + (len & ~63); + len &= 63; + } } /* Move remaining bytes in internal buffer. */ @@ -380,11 +405,11 @@ sha256_process_bytes (const void *buffer, size_t len, struct sha256_ctx *ctx) memcpy (&((char *) ctx->buffer)[left_over], buffer, len); left_over += len; if (left_over >= 64) - { - sha256_process_block (ctx->buffer, 64, ctx); - left_over -= 64; - memcpy (ctx->buffer, &ctx->buffer[16], left_over); - } + { + sha256_process_block (ctx->buffer, 64, ctx); + left_over -= 64; + memcpy (ctx->buffer, &ctx->buffer[16], left_over); + } ctx->buflen = left_over; } } @@ -435,13 +460,13 @@ sha256_process_block (const void *buffer, size_t len, struct sha256_ctx *ctx) uint32_t f = ctx->state[5]; uint32_t g = ctx->state[6]; uint32_t h = ctx->state[7]; + uint32_t lolen = len; /* First increment the byte count. FIPS PUB 180-2 specifies the possible length of the file up to 2^64 bits. Here we only compute the number of bytes. Do a double word increment. */ - ctx->total[0] += len; - if (ctx->total[0] < len) - ++ctx->total[1]; + ctx->total[0] += lolen; + ctx->total[1] += (len >> 31 >> 1) + (ctx->total[0] < lolen); #define rol(x, n) (((x) << (n)) | ((x) >> (32 - (n)))) #define S0(x) (rol(x,25)^rol(x,14)^(x>>3)) @@ -450,16 +475,16 @@ sha256_process_block (const void *buffer, size_t len, struct sha256_ctx *ctx) #define SS1(x) (rol(x,26)^rol(x,21)^rol(x,7)) #define M(I) ( tm = S1(x[(I-2)&0x0f]) + x[(I-7)&0x0f] \ - + S0(x[(I-15)&0x0f]) + x[I&0x0f] \ - , x[I&0x0f] = tm ) + + S0(x[(I-15)&0x0f]) + x[I&0x0f] \ + , x[I&0x0f] = tm ) #define R(A,B,C,D,E,F,G,H,K,M) do { t0 = SS0(A) + F2(A,B,C); \ t1 = H + SS1(E) \ + F1(E,F,G) \ - + K \ - + M; \ - D += t1; H = t0 + t1; \ - } while(0) + + K \ + + M; \ + D += t1; H = t0 + t1; \ + } while(0) while (words < endp) { @@ -468,10 +493,10 @@ sha256_process_block (const void *buffer, size_t len, struct sha256_ctx *ctx) int t; /* FIXME: see sha1.c for a better implementation. */ for (t = 0; t < 16; t++) - { - x[t] = SWAP (*words); - words++; - } + { + x[t] = SWAP (*words); + words++; + } R( a, b, c, d, e, f, g, h, K( 0), x[ 0] ); R( h, a, b, c, d, e, f, g, K( 1), x[ 1] ); @@ -548,3 +573,4 @@ sha256_process_block (const void *buffer, size_t len, struct sha256_ctx *ctx) h = ctx->state[7] += h; } } +#endif