X-Git-Url: http://erislabs.net/gitweb/?a=blobdiff_plain;f=lib%2Fsha512.c;h=5c0b2ed181bca632873ca67ee1f23d9b238d9065;hb=d1fb15ba12436afdd742eaff1ec46f75ee397bda;hp=66cfaa9bfc18a9465fce6cd7999661593770e2ca;hpb=49c2c800d98967210cdae5122c15f03891964da7;p=gnulib.git diff --git a/lib/sha512.c b/lib/sha512.c index 66cfaa9bf..5c0b2ed18 100644 --- a/lib/sha512.c +++ b/lib/sha512.c @@ -1,7 +1,7 @@ /* sha512.c - Functions to compute SHA512 and SHA384 message digest of files or memory blocks according to the NIST specification FIPS-180-2. - Copyright (C) 2005, 2006, 2008 Free Software Foundation, Inc. + Copyright (C) 2005, 2006, 2008, 2009, 2010 Free Software Foundation, Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -25,6 +25,7 @@ #include "sha512.h" #include +#include #include #if USE_UNLOCKED_IO @@ -35,17 +36,17 @@ # define SWAP(n) (n) #else # define SWAP(n) \ - u64or (u64or (u64or (u64shl (n, 56), \ - u64shl (u64and (n, u64lo (0x0000ff00)), 40)), \ - u64or (u64shl (u64and (n, u64lo (0x00ff0000)), 24), \ - u64shl (u64and (n, u64lo (0xff000000)), 8))), \ - u64or (u64or (u64and (u64shr (n, 8), u64lo (0xff000000)), \ - u64and (u64shr (n, 24), u64lo (0x00ff0000))), \ - u64or (u64and (u64shr (n, 40), u64lo (0x0000ff00)), \ - u64shr (n, 56)))) + u64or (u64or (u64or (u64shl (n, 56), \ + u64shl (u64and (n, u64lo (0x0000ff00)), 40)), \ + u64or (u64shl (u64and (n, u64lo (0x00ff0000)), 24), \ + u64shl (u64and (n, u64lo (0xff000000)), 8))), \ + u64or (u64or (u64and (u64shr (n, 8), u64lo (0xff000000)), \ + u64and (u64shr (n, 24), u64lo (0x00ff0000))), \ + u64or (u64and (u64shr (n, 40), u64lo (0x0000ff00)), \ + u64shr (n, 56)))) #endif -#define BLOCKSIZE 4096 +#define BLOCKSIZE 32768 #if BLOCKSIZE % 128 != 0 # error "invalid BLOCKSIZE" #endif @@ -141,10 +142,14 @@ sha512_conclude_ctx (struct sha512_ctx *ctx) if (u64lt (ctx->total[0], u64lo (bytes))) ctx->total[1] = u64plus (ctx->total[1], u64lo (1)); - /* Put the 128-bit file length in *bits* at the end of the buffer. */ - ctx->buffer[size - 2] = SWAP (u64or (u64shl (ctx->total[1], 3), - u64shr (ctx->total[0], 61))); - ctx->buffer[size - 1] = SWAP (u64shl (ctx->total[0], 3)); + /* Put the 128-bit file length in *bits* at the end of the buffer. + Use set_uint64 rather than a simple assignment, to avoid risk of + unaligned access. */ + set_uint64 ((char *) &ctx->buffer[size - 2], + SWAP (u64or (u64shl (ctx->total[1], 3), + u64shr (ctx->total[0], 61)))); + set_uint64 ((char *) &ctx->buffer[size - 1], + SWAP (u64shl (ctx->total[0], 3))); memcpy (&((char *) ctx->buffer)[bytes], fillbuf, (size - 2) * 8 - bytes); @@ -173,9 +178,12 @@ int sha512_stream (FILE *stream, void *resblock) { struct sha512_ctx ctx; - char buffer[BLOCKSIZE + 72]; size_t sum; + char *buffer = malloc (BLOCKSIZE + 72); + if (!buffer) + return 1; + /* Initialize the computation context. */ sha512_init_ctx (&ctx); @@ -183,40 +191,43 @@ sha512_stream (FILE *stream, void *resblock) while (1) { /* We read the file in blocks of BLOCKSIZE bytes. One call of the - computation function processes the whole buffer so that with the - next round of the loop another block can be read. */ + computation function processes the whole buffer so that with the + next round of the loop another block can be read. */ size_t n; sum = 0; /* Read block. Take care for partial reads. */ while (1) - { - n = fread (buffer + sum, 1, BLOCKSIZE - sum, stream); - - sum += n; - - if (sum == BLOCKSIZE) - break; - - if (n == 0) - { - /* Check for the error flag IFF N == 0, so that we don't - exit the loop after a partial read due to e.g., EAGAIN - or EWOULDBLOCK. */ - if (ferror (stream)) - return 1; - goto process_partial_block; - } - - /* We've read at least one byte, so ignore errors. But always - check for EOF, since feof may be true even though N > 0. - Otherwise, we could end up calling fread after EOF. */ - if (feof (stream)) - goto process_partial_block; - } + { + n = fread (buffer + sum, 1, BLOCKSIZE - sum, stream); + + sum += n; + + if (sum == BLOCKSIZE) + break; + + if (n == 0) + { + /* Check for the error flag IFF N == 0, so that we don't + exit the loop after a partial read due to e.g., EAGAIN + or EWOULDBLOCK. */ + if (ferror (stream)) + { + free (buffer); + return 1; + } + goto process_partial_block; + } + + /* We've read at least one byte, so ignore errors. But always + check for EOF, since feof may be true even though N > 0. + Otherwise, we could end up calling fread after EOF. */ + if (feof (stream)) + goto process_partial_block; + } /* Process buffer with BLOCKSIZE bytes. Note that - BLOCKSIZE % 128 == 0 + BLOCKSIZE % 128 == 0 */ sha512_process_block (buffer, BLOCKSIZE, &ctx); } @@ -229,6 +240,7 @@ sha512_stream (FILE *stream, void *resblock) /* Construct result in desired memory. */ sha512_finish_ctx (&ctx, resblock); + free (buffer); return 0; } @@ -237,9 +249,12 @@ int sha384_stream (FILE *stream, void *resblock) { struct sha512_ctx ctx; - char buffer[BLOCKSIZE + 72]; size_t sum; + char *buffer = malloc (BLOCKSIZE + 72); + if (!buffer) + return 1; + /* Initialize the computation context. */ sha384_init_ctx (&ctx); @@ -247,40 +262,43 @@ sha384_stream (FILE *stream, void *resblock) while (1) { /* We read the file in blocks of BLOCKSIZE bytes. One call of the - computation function processes the whole buffer so that with the - next round of the loop another block can be read. */ + computation function processes the whole buffer so that with the + next round of the loop another block can be read. */ size_t n; sum = 0; /* Read block. Take care for partial reads. */ while (1) - { - n = fread (buffer + sum, 1, BLOCKSIZE - sum, stream); - - sum += n; - - if (sum == BLOCKSIZE) - break; - - if (n == 0) - { - /* Check for the error flag IFF N == 0, so that we don't - exit the loop after a partial read due to e.g., EAGAIN - or EWOULDBLOCK. */ - if (ferror (stream)) - return 1; - goto process_partial_block; - } - - /* We've read at least one byte, so ignore errors. But always - check for EOF, since feof may be true even though N > 0. - Otherwise, we could end up calling fread after EOF. */ - if (feof (stream)) - goto process_partial_block; - } + { + n = fread (buffer + sum, 1, BLOCKSIZE - sum, stream); + + sum += n; + + if (sum == BLOCKSIZE) + break; + + if (n == 0) + { + /* Check for the error flag IFF N == 0, so that we don't + exit the loop after a partial read due to e.g., EAGAIN + or EWOULDBLOCK. */ + if (ferror (stream)) + { + free (buffer); + return 1; + } + goto process_partial_block; + } + + /* We've read at least one byte, so ignore errors. But always + check for EOF, since feof may be true even though N > 0. + Otherwise, we could end up calling fread after EOF. */ + if (feof (stream)) + goto process_partial_block; + } /* Process buffer with BLOCKSIZE bytes. Note that - BLOCKSIZE % 128 == 0 + BLOCKSIZE % 128 == 0 */ sha512_process_block (buffer, BLOCKSIZE, &ctx); } @@ -293,6 +311,7 @@ sha384_stream (FILE *stream, void *resblock) /* Construct result in desired memory. */ sha384_finish_ctx (&ctx, resblock); + free (buffer); return 0; } @@ -344,15 +363,15 @@ sha512_process_bytes (const void *buffer, size_t len, struct sha512_ctx *ctx) ctx->buflen += add; if (ctx->buflen > 128) - { - sha512_process_block (ctx->buffer, ctx->buflen & ~127, ctx); + { + sha512_process_block (ctx->buffer, ctx->buflen & ~127, ctx); - ctx->buflen &= 127; - /* The regions in the following copy operation cannot overlap. */ - memcpy (ctx->buffer, - &((char *) ctx->buffer)[(left_over + add) & ~127], - ctx->buflen); - } + ctx->buflen &= 127; + /* The regions in the following copy operation cannot overlap. */ + memcpy (ctx->buffer, + &((char *) ctx->buffer)[(left_over + add) & ~127], + ctx->buflen); + } buffer = (const char *) buffer + add; len -= add; @@ -365,19 +384,19 @@ sha512_process_bytes (const void *buffer, size_t len, struct sha512_ctx *ctx) # define alignof(type) offsetof (struct { char c; type x; }, x) # define UNALIGNED_P(p) (((size_t) p) % alignof (u64) != 0) if (UNALIGNED_P (buffer)) - while (len > 128) - { - sha512_process_block (memcpy (ctx->buffer, buffer, 128), 128, ctx); - buffer = (const char *) buffer + 128; - len -= 128; - } + while (len > 128) + { + sha512_process_block (memcpy (ctx->buffer, buffer, 128), 128, ctx); + buffer = (const char *) buffer + 128; + len -= 128; + } else #endif - { - sha512_process_block (buffer, len & ~127, ctx); - buffer = (const char *) buffer + (len & ~127); - len &= 127; - } + { + sha512_process_block (buffer, len & ~127, ctx); + buffer = (const char *) buffer + (len & ~127); + len &= 127; + } } /* Move remaining bytes in internal buffer. */ @@ -388,11 +407,11 @@ sha512_process_bytes (const void *buffer, size_t len, struct sha512_ctx *ctx) memcpy (&((char *) ctx->buffer)[left_over], buffer, len); left_over += len; if (left_over >= 128) - { - sha512_process_block (ctx->buffer, 128, ctx); - left_over -= 128; - memcpy (ctx->buffer, &ctx->buffer[16], left_over); - } + { + sha512_process_block (ctx->buffer, 128, ctx); + left_over -= 128; + memcpy (ctx->buffer, &ctx->buffer[16], left_over); + } ctx->buflen = left_over; } } @@ -479,22 +498,22 @@ sha512_process_block (const void *buffer, size_t len, struct sha512_ctx *ctx) #define SS0(x) u64xor (u64rol (x, 36), u64xor (u64rol (x, 30), u64rol (x, 25))) #define SS1(x) u64xor (u64rol(x, 50), u64xor (u64rol (x, 46), u64rol (x, 23))) -#define M(I) (x[(I) & 15] \ - = u64plus (x[(I) & 15], \ - u64plus (S1 (x[((I) - 2) & 15]), \ - u64plus (x[((I) - 7) & 15], \ - S0 (x[((I) - 15) & 15]))))) - -#define R(A, B, C, D, E, F, G, H, K, M) \ - do \ - { \ - u64 t0 = u64plus (SS0 (A), F2 (A, B, C)); \ - u64 t1 = \ - u64plus (H, u64plus (SS1 (E), \ - u64plus (F1 (E, F, G), u64plus (K, M)))); \ - D = u64plus (D, t1); \ - H = u64plus (t0, t1); \ - } \ +#define M(I) (x[(I) & 15] \ + = u64plus (x[(I) & 15], \ + u64plus (S1 (x[((I) - 2) & 15]), \ + u64plus (x[((I) - 7) & 15], \ + S0 (x[((I) - 15) & 15]))))) + +#define R(A, B, C, D, E, F, G, H, K, M) \ + do \ + { \ + u64 t0 = u64plus (SS0 (A), F2 (A, B, C)); \ + u64 t1 = \ + u64plus (H, u64plus (SS1 (E), \ + u64plus (F1 (E, F, G), u64plus (K, M)))); \ + D = u64plus (D, t1); \ + H = u64plus (t0, t1); \ + } \ while (0) while (words < endp) @@ -502,10 +521,10 @@ sha512_process_block (const void *buffer, size_t len, struct sha512_ctx *ctx) int t; /* FIXME: see sha1.c for a better implementation. */ for (t = 0; t < 16; t++) - { - x[t] = SWAP (*words); - words++; - } + { + x[t] = SWAP (*words); + words++; + } R( a, b, c, d, e, f, g, h, K( 0), x[ 0] ); R( h, a, b, c, d, e, f, g, K( 1), x[ 1] );