Re-apply portability changes to current sha2.{c,h}.
Rather than attempt to apply 14 years' worth of changes to OpenBSD's sha2 I imported the current versions directly then re-applied the portability changes. This also allowed re-syncing digest-libc.c against upstream.
This commit is contained in:
parent
09159594a3
commit
11cba2a452
16
configure.ac
16
configure.ac
|
@ -1699,6 +1699,9 @@ AC_CHECK_FUNCS([ \
|
|||
Blowfish_expandstate \
|
||||
Blowfish_expand0state \
|
||||
Blowfish_stream2word \
|
||||
SHA256Update \
|
||||
SHA384Update \
|
||||
SHA512Update \
|
||||
asprintf \
|
||||
b64_ntop \
|
||||
__b64_ntop \
|
||||
|
@ -2849,16 +2852,9 @@ if test "x$openssl" = "xyes" ; then
|
|||
fi
|
||||
AC_CHECK_FUNCS([crypt DES_crypt])
|
||||
|
||||
# Search for SHA256 support in libc and/or OpenSSL
|
||||
AC_CHECK_FUNCS([SHA256_Update EVP_sha256], ,
|
||||
[unsupported_algorithms="$unsupported_algorithms \
|
||||
hmac-sha2-256 \
|
||||
hmac-sha2-512 \
|
||||
diffie-hellman-group-exchange-sha256 \
|
||||
hmac-sha2-256-etm@openssh.com \
|
||||
hmac-sha2-512-etm@openssh.com"
|
||||
]
|
||||
)
|
||||
# Check for SHA256, SHA384 and SHA512 support in OpenSSL
|
||||
AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512])
|
||||
|
||||
# Search for RIPE-MD support in OpenSSL
|
||||
AC_CHECK_FUNCS([EVP_ripemd160], ,
|
||||
[unsupported_algorithms="$unsupported_algorithms \
|
||||
|
|
|
@ -28,7 +28,11 @@
|
|||
#if 0
|
||||
#include <md5.h>
|
||||
#include <rmd160.h>
|
||||
#endif
|
||||
#ifdef HAVE_SHA1_H
|
||||
#include <sha1.h>
|
||||
#endif
|
||||
#ifdef HAVE_SHA2_H
|
||||
#include <sha2.h>
|
||||
#endif
|
||||
|
||||
|
@ -83,30 +87,30 @@ const struct ssh_digest digests[SSH_DIGEST_MAX] = {
|
|||
"SHA256",
|
||||
SHA256_BLOCK_LENGTH,
|
||||
SHA256_DIGEST_LENGTH,
|
||||
sizeof(SHA256_CTX),
|
||||
(md_init_fn *) SHA256_Init,
|
||||
(md_update_fn *) SHA256_Update,
|
||||
(md_final_fn *) SHA256_Final
|
||||
sizeof(SHA2_CTX),
|
||||
(md_init_fn *) SHA256Init,
|
||||
(md_update_fn *) SHA256Update,
|
||||
(md_final_fn *) SHA256Final
|
||||
},
|
||||
{
|
||||
SSH_DIGEST_SHA384,
|
||||
"SHA384",
|
||||
SHA384_BLOCK_LENGTH,
|
||||
SHA384_DIGEST_LENGTH,
|
||||
sizeof(SHA384_CTX),
|
||||
(md_init_fn *) SHA384_Init,
|
||||
(md_update_fn *) SHA384_Update,
|
||||
(md_final_fn *) SHA384_Final
|
||||
sizeof(SHA2_CTX),
|
||||
(md_init_fn *) SHA384Init,
|
||||
(md_update_fn *) SHA384Update,
|
||||
(md_final_fn *) SHA384Final
|
||||
},
|
||||
{
|
||||
SSH_DIGEST_SHA512,
|
||||
"SHA512",
|
||||
SHA512_BLOCK_LENGTH,
|
||||
SHA512_DIGEST_LENGTH,
|
||||
sizeof(SHA512_CTX),
|
||||
(md_init_fn *) SHA512_Init,
|
||||
(md_update_fn *) SHA512_Update,
|
||||
(md_final_fn *) SHA512_Final
|
||||
sizeof(SHA2_CTX),
|
||||
(md_init_fn *) SHA512Init,
|
||||
(md_update_fn *) SHA512Update,
|
||||
(md_final_fn *) SHA512Final
|
||||
}
|
||||
};
|
||||
|
||||
|
|
|
@ -34,12 +34,16 @@
|
|||
|
||||
#ifndef HAVE_EVP_RIPEMD160
|
||||
# define EVP_ripemd160 NULL
|
||||
#endif /* HAVE_EVP_RIPEMD160 */
|
||||
#endif
|
||||
#ifndef HAVE_EVP_SHA256
|
||||
# define EVP_sha256 NULL
|
||||
#endif
|
||||
#ifndef HAVE_EVP_SHA384
|
||||
# define EVP_sha384 NULL
|
||||
#endif
|
||||
#ifndef HAVE_EVP_SHA512
|
||||
# define EVP_sha512 NULL
|
||||
#endif /* HAVE_EVP_SHA256 */
|
||||
#endif
|
||||
|
||||
struct ssh_digest_ctx {
|
||||
int alg;
|
||||
|
|
4
mac.c
4
mac.c
|
@ -58,10 +58,8 @@ static const struct macalg macs[] = {
|
|||
/* Encrypt-and-MAC (encrypt-and-authenticate) variants */
|
||||
{ "hmac-sha1", SSH_DIGEST, SSH_DIGEST_SHA1, 0, 0, 0, 0 },
|
||||
{ "hmac-sha1-96", SSH_DIGEST, SSH_DIGEST_SHA1, 96, 0, 0, 0 },
|
||||
#ifdef HAVE_EVP_SHA256
|
||||
{ "hmac-sha2-256", SSH_DIGEST, SSH_DIGEST_SHA256, 0, 0, 0, 0 },
|
||||
{ "hmac-sha2-512", SSH_DIGEST, SSH_DIGEST_SHA512, 0, 0, 0, 0 },
|
||||
#endif
|
||||
{ "hmac-md5", SSH_DIGEST, SSH_DIGEST_MD5, 0, 0, 0, 0 },
|
||||
{ "hmac-md5-96", SSH_DIGEST, SSH_DIGEST_MD5, 96, 0, 0, 0 },
|
||||
{ "umac-64@openssh.com", SSH_UMAC, 0, 0, 128, 64, 0 },
|
||||
|
@ -70,10 +68,8 @@ static const struct macalg macs[] = {
|
|||
/* Encrypt-then-MAC variants */
|
||||
{ "hmac-sha1-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_SHA1, 0, 0, 0, 1 },
|
||||
{ "hmac-sha1-96-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_SHA1, 96, 0, 0, 1 },
|
||||
#ifdef HAVE_EVP_SHA256
|
||||
{ "hmac-sha2-256-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_SHA256, 0, 0, 0, 1 },
|
||||
{ "hmac-sha2-512-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_SHA512, 0, 0, 0, 1 },
|
||||
#endif
|
||||
{ "hmac-md5-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_MD5, 0, 0, 0, 1 },
|
||||
{ "hmac-md5-96-etm@openssh.com", SSH_DIGEST, SSH_DIGEST_MD5, 96, 0, 0, 1 },
|
||||
{ "umac-64-etm@openssh.com", SSH_UMAC, 0, 0, 128, 64, 1 },
|
||||
|
|
|
@ -34,7 +34,14 @@
|
|||
* $From: sha2.c,v 1.1 2001/11/08 00:01:51 adg Exp adg $
|
||||
*/
|
||||
|
||||
#include <sys/types.h>
|
||||
/* OPENBSD ORIGINAL: lib/libc/hash/sha2.c */
|
||||
|
||||
#include "includes.h"
|
||||
|
||||
#if !defined(HAVE_SHA256UPDATE) || !defined(HAVE_SHA384UPDATE) || \
|
||||
!defined(HAVE_SHA512UPDATE)
|
||||
|
||||
#define MAKE_CLONE(x, y) /* no-op out */
|
||||
|
||||
#include <string.h>
|
||||
#include <sha2.h>
|
||||
|
@ -264,6 +271,7 @@ static const u_int64_t sha512_initial_hash_value[8] = {
|
|||
};
|
||||
|
||||
#if !defined(SHA2_SMALL)
|
||||
#if 0
|
||||
/* Initial hash value H for SHA-224: */
|
||||
static const u_int32_t sha224_initial_hash_value[8] = {
|
||||
0xc1059ed8UL,
|
||||
|
@ -275,6 +283,7 @@ static const u_int32_t sha224_initial_hash_value[8] = {
|
|||
0x64f98fa7UL,
|
||||
0xbefa4fa4UL
|
||||
};
|
||||
#endif /* 0 */
|
||||
|
||||
/* Initial hash value H for SHA-384 */
|
||||
static const u_int64_t sha384_initial_hash_value[8] = {
|
||||
|
@ -288,6 +297,7 @@ static const u_int64_t sha384_initial_hash_value[8] = {
|
|||
0x47b5481dbefa4fa4ULL
|
||||
};
|
||||
|
||||
#if 0
|
||||
/* Initial hash value H for SHA-512-256 */
|
||||
static const u_int64_t sha512_256_initial_hash_value[8] = {
|
||||
0x22312194fc2bf72cULL,
|
||||
|
@ -336,6 +346,7 @@ SHA224Final(u_int8_t digest[SHA224_DIGEST_LENGTH], SHA2_CTX *context)
|
|||
}
|
||||
DEF_WEAK(SHA224Final);
|
||||
#endif /* !defined(SHA2_SMALL) */
|
||||
#endif /* 0 */
|
||||
|
||||
/*** SHA-256: *********************************************************/
|
||||
void
|
||||
|
@ -917,6 +928,25 @@ DEF_WEAK(SHA384Transform);
|
|||
DEF_WEAK(SHA384Update);
|
||||
DEF_WEAK(SHA384Pad);
|
||||
|
||||
/* Equivalent of MAKE_CLONE (which is a no-op) for SHA384 funcs */
|
||||
void
|
||||
SHA384Transform(u_int64_t state[8], const u_int8_t data[SHA512_BLOCK_LENGTH])
|
||||
{
|
||||
return SHA512Transform(state, data);
|
||||
}
|
||||
|
||||
void
|
||||
SHA384Update(SHA2_CTX *context, const u_int8_t *data, size_t len)
|
||||
{
|
||||
SHA512Update(context, data, len);
|
||||
}
|
||||
|
||||
void
|
||||
SHA384Pad(SHA2_CTX *context)
|
||||
{
|
||||
SHA512Pad(context);
|
||||
}
|
||||
|
||||
void
|
||||
SHA384Final(u_int8_t digest[SHA384_DIGEST_LENGTH], SHA2_CTX *context)
|
||||
{
|
||||
|
@ -936,6 +966,7 @@ SHA384Final(u_int8_t digest[SHA384_DIGEST_LENGTH], SHA2_CTX *context)
|
|||
}
|
||||
DEF_WEAK(SHA384Final);
|
||||
|
||||
#if 0
|
||||
/*** SHA-512/256: *********************************************************/
|
||||
void
|
||||
SHA512_256Init(SHA2_CTX *context)
|
||||
|
@ -973,3 +1004,6 @@ SHA512_256Final(u_int8_t digest[SHA512_256_DIGEST_LENGTH], SHA2_CTX *context)
|
|||
}
|
||||
DEF_WEAK(SHA512_256Final);
|
||||
#endif /* !defined(SHA2_SMALL) */
|
||||
#endif /* 0 */
|
||||
|
||||
#endif /* HAVE_SHA{256,384,512}UPDATE */
|
||||
|
|
|
@ -34,9 +34,16 @@
|
|||
* $From: sha2.h,v 1.1 2001/11/08 00:02:01 adg Exp adg $
|
||||
*/
|
||||
|
||||
#ifndef _SHA2_H
|
||||
#define _SHA2_H
|
||||
/* OPENBSD ORIGINAL: include/sha2.h */
|
||||
|
||||
#ifndef _SSHSHA2_H
|
||||
#define _SSHSHA2_H
|
||||
|
||||
#include "includes.h"
|
||||
#include <sys/cdefs.h>
|
||||
|
||||
#if !defined(HAVE_SHA256UPDATE) || !defined(HAVE_SHA384UPDATE) || \
|
||||
!defined(HAVE_SHA512UPDATE)
|
||||
|
||||
/*** SHA-256/384/512 Various Length Definitions ***********************/
|
||||
#define SHA224_BLOCK_LENGTH 64
|
||||
|
@ -66,6 +73,7 @@ typedef struct _SHA2_CTX {
|
|||
u_int8_t buffer[SHA512_BLOCK_LENGTH];
|
||||
} SHA2_CTX;
|
||||
|
||||
#if 0
|
||||
__BEGIN_DECLS
|
||||
void SHA224Init(SHA2_CTX *);
|
||||
void SHA224Transform(u_int32_t state[8], const u_int8_t [SHA224_BLOCK_LENGTH]);
|
||||
|
@ -83,7 +91,9 @@ char *SHA224FileChunk(const char *, char *, off_t, off_t)
|
|||
char *SHA224Data(const u_int8_t *, size_t, char *)
|
||||
__attribute__((__bounded__(__string__,1,2)))
|
||||
__attribute__((__bounded__(__minbytes__,3,SHA224_DIGEST_STRING_LENGTH)));
|
||||
#endif /* 0 */
|
||||
|
||||
#ifndef HAVE_SHA256UPDATE
|
||||
void SHA256Init(SHA2_CTX *);
|
||||
void SHA256Transform(u_int32_t state[8], const u_int8_t [SHA256_BLOCK_LENGTH]);
|
||||
void SHA256Update(SHA2_CTX *, const u_int8_t *, size_t)
|
||||
|
@ -100,7 +110,9 @@ char *SHA256FileChunk(const char *, char *, off_t, off_t)
|
|||
char *SHA256Data(const u_int8_t *, size_t, char *)
|
||||
__attribute__((__bounded__(__string__,1,2)))
|
||||
__attribute__((__bounded__(__minbytes__,3,SHA256_DIGEST_STRING_LENGTH)));
|
||||
#endif /* HAVE_SHA256UPDATE */
|
||||
|
||||
#ifndef HAVE_SHA384UPDATE
|
||||
void SHA384Init(SHA2_CTX *);
|
||||
void SHA384Transform(u_int64_t state[8], const u_int8_t [SHA384_BLOCK_LENGTH]);
|
||||
void SHA384Update(SHA2_CTX *, const u_int8_t *, size_t)
|
||||
|
@ -117,7 +129,9 @@ char *SHA384FileChunk(const char *, char *, off_t, off_t)
|
|||
char *SHA384Data(const u_int8_t *, size_t, char *)
|
||||
__attribute__((__bounded__(__string__,1,2)))
|
||||
__attribute__((__bounded__(__minbytes__,3,SHA384_DIGEST_STRING_LENGTH)));
|
||||
#endif /* HAVE_SHA384UPDATE */
|
||||
|
||||
#ifndef HAVE_SHA512UPDATE
|
||||
void SHA512Init(SHA2_CTX *);
|
||||
void SHA512Transform(u_int64_t state[8], const u_int8_t [SHA512_BLOCK_LENGTH]);
|
||||
void SHA512Update(SHA2_CTX *, const u_int8_t *, size_t)
|
||||
|
@ -134,7 +148,9 @@ char *SHA512FileChunk(const char *, char *, off_t, off_t)
|
|||
char *SHA512Data(const u_int8_t *, size_t, char *)
|
||||
__attribute__((__bounded__(__string__,1,2)))
|
||||
__attribute__((__bounded__(__minbytes__,3,SHA512_DIGEST_STRING_LENGTH)));
|
||||
#endif /* HAVE_SHA512UPDATE */
|
||||
|
||||
#if 0
|
||||
void SHA512_256Init(SHA2_CTX *);
|
||||
void SHA512_256Transform(u_int64_t state[8], const u_int8_t [SHA512_256_BLOCK_LENGTH]);
|
||||
void SHA512_256Update(SHA2_CTX *, const u_int8_t *, size_t)
|
||||
|
@ -152,5 +168,8 @@ char *SHA512_256Data(const u_int8_t *, size_t, char *)
|
|||
__attribute__((__bounded__(__string__,1,2)))
|
||||
__attribute__((__bounded__(__minbytes__,3,SHA512_256_DIGEST_STRING_LENGTH)));
|
||||
__END_DECLS
|
||||
#endif /* 0 */
|
||||
|
||||
#endif /* _SHA2_H */
|
||||
#endif /* HAVE_SHA{256,384,512}UPDATE */
|
||||
|
||||
#endif /* _SSHSHA2_H */
|
||||
|
|
Loading…
Reference in New Issue