aboutsummaryrefslogtreecommitdiff
path: root/libbb
diff options
context:
space:
mode:
authorNguyễn Thái Ngọc Duy <pclouds@gmail.com>2011-01-04 19:52:10 +0700
committerNguyễn Thái Ngọc Duy <pclouds@gmail.com>2011-01-04 19:52:10 +0700
commit8cef222175855ae08f3768a5586b00650240403d (patch)
tree224364dc08e460fea425df95fc45e1cbc9bbbd96 /libbb
parent9fab97cbb70312170739e29a5fbbbe072f07bb78 (diff)
parentcbfeaac7afe31323d46c52da3b98a949232d708e (diff)
downloadbusybox-w32-8cef222175855ae08f3768a5586b00650240403d.tar.gz
busybox-w32-8cef222175855ae08f3768a5586b00650240403d.tar.bz2
busybox-w32-8cef222175855ae08f3768a5586b00650240403d.zip
Merge commit '6722737ece4b8db3e30b53aef8f981f53db1621e^'
Diffstat (limited to 'libbb')
-rw-r--r--libbb/hash_md5_sha.c957
-rw-r--r--libbb/safe_strncpy.c11
2 files changed, 456 insertions, 512 deletions
diff --git a/libbb/hash_md5_sha.c b/libbb/hash_md5_sha.c
index 3e708ef7e..aeacddef8 100644
--- a/libbb/hash_md5_sha.c
+++ b/libbb/hash_md5_sha.c
@@ -1,31 +1,10 @@
1/* vi: set sw=4 ts=4: */ 1/* vi: set sw=4 ts=4: */
2/* 2/*
3 * Based on shasum from http://www.netsw.org/crypto/hash/ 3 * Utility routines.
4 * Majorly hacked up to use Dr Brian Gladman's sha1 code
5 * 4 *
6 * Copyright (C) 2002 Dr Brian Gladman <brg@gladman.me.uk>, Worcester, UK. 5 * Copyright (C) 2010 Denys Vlasenko
7 * Copyright (C) 2003 Glenn L. McGrath
8 * Copyright (C) 2003 Erik Andersen
9 * 6 *
10 * Licensed under GPLv2 or later, see file LICENSE in this source tree. 7 * Licensed under GPLv2 or later, see file LICENSE in this source tree.
11 *
12 * ---------------------------------------------------------------------------
13 * Issue Date: 10/11/2002
14 *
15 * This is a byte oriented version of SHA1 that operates on arrays of bytes
16 * stored in memory. It runs at 22 cycles per byte on a Pentium P4 processor
17 *
18 * ---------------------------------------------------------------------------
19 *
20 * SHA256 and SHA512 parts are:
21 * Released into the Public Domain by Ulrich Drepper <drepper@redhat.com>.
22 * Shrank by Denys Vlasenko.
23 *
24 * ---------------------------------------------------------------------------
25 *
26 * The best way to test random blocksizes is to go to coreutils/md5_sha1_sum.c
27 * and replace "4096" with something like "2000 + time(NULL) % 2097",
28 * then rebuild and compare "shaNNNsum bigfile" results.
29 */ 8 */
30 9
31#include "libbb.h" 10#include "libbb.h"
@@ -53,332 +32,18 @@ static ALWAYS_INLINE uint64_t rotr64(uint64_t x, unsigned n)
53} 32}
54 33
55 34
56static void FAST_FUNC sha1_process_block64(sha1_ctx_t *ctx) 35/* Feed data through a temporary buffer.
57{ 36 * The internal buffer remembers previous data until it has 64
58 unsigned t; 37 * bytes worth to pass on.
59 uint32_t W[80], a, b, c, d, e;
60 const uint32_t *words = (uint32_t*) ctx->wbuffer;
61
62 for (t = 0; t < 16; ++t)
63 W[t] = SWAP_BE32(words[t]);
64 for (/*t = 16*/; t < 80; ++t) {
65 uint32_t T = W[t - 3] ^ W[t - 8] ^ W[t - 14] ^ W[t - 16];
66 W[t] = rotl32(T, 1);
67 }
68
69 a = ctx->hash[0];
70 b = ctx->hash[1];
71 c = ctx->hash[2];
72 d = ctx->hash[3];
73 e = ctx->hash[4];
74
75#undef ch
76#undef parity
77#undef maj
78#undef rnd
79#define ch(x,y,z) ((z) ^ ((x) & ((y) ^ (z))))
80#define parity(x,y,z) ((x) ^ (y) ^ (z))
81#define maj(x,y,z) (((x) & (y)) | ((z) & ((x) | (y))))
82/* A normal version as set out in the FIPS. */
83#define rnd(f,k) \
84 do { \
85 uint32_t T = a; \
86 a = rotl32(a, 5) + f(b, c, d) + e + k + W[t]; \
87 e = d; \
88 d = c; \
89 c = rotl32(b, 30); \
90 b = T; \
91 } while (0)
92
93 for (t = 0; t < 20; ++t)
94 rnd(ch, 0x5a827999);
95
96 for (/*t = 20*/; t < 40; ++t)
97 rnd(parity, 0x6ed9eba1);
98
99 for (/*t = 40*/; t < 60; ++t)
100 rnd(maj, 0x8f1bbcdc);
101
102 for (/*t = 60*/; t < 80; ++t)
103 rnd(parity, 0xca62c1d6);
104#undef ch
105#undef parity
106#undef maj
107#undef rnd
108
109 ctx->hash[0] += a;
110 ctx->hash[1] += b;
111 ctx->hash[2] += c;
112 ctx->hash[3] += d;
113 ctx->hash[4] += e;
114}
115
116/* Constants for SHA512 from FIPS 180-2:4.2.3.
117 * SHA256 constants from FIPS 180-2:4.2.2
118 * are the most significant half of first 64 elements
119 * of the same array.
120 */ 38 */
121static const uint64_t sha_K[80] = { 39static void FAST_FUNC common64_hash(md5_ctx_t *ctx, const void *buffer, size_t len)
122 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL,
123 0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL,
124 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL,
125 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL,
126 0xd807aa98a3030242ULL, 0x12835b0145706fbeULL,
127 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL,
128 0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL,
129 0x9bdc06a725c71235ULL, 0xc19bf174cf692694ULL,
130 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL,
131 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL,
132 0x2de92c6f592b0275ULL, 0x4a7484aa6ea6e483ULL,
133 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL,
134 0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL,
135 0xb00327c898fb213fULL, 0xbf597fc7beef0ee4ULL,
136 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL,
137 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL,
138 0x27b70a8546d22ffcULL, 0x2e1b21385c26c926ULL,
139 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL,
140 0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL,
141 0x81c2c92e47edaee6ULL, 0x92722c851482353bULL,
142 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL,
143 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL,
144 0xd192e819d6ef5218ULL, 0xd69906245565a910ULL,
145 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL,
146 0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL,
147 0x2748774cdf8eeb99ULL, 0x34b0bcb5e19b48a8ULL,
148 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL,
149 0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL,
150 0x748f82ee5defb2fcULL, 0x78a5636f43172f60ULL,
151 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL,
152 0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL,
153 0xbef9a3f7b2c67915ULL, 0xc67178f2e372532bULL,
154 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL, /* [64]+ are used for sha512 only */
155 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL,
156 0x06f067aa72176fbaULL, 0x0a637dc5a2c898a6ULL,
157 0x113f9804bef90daeULL, 0x1b710b35131c471bULL,
158 0x28db77f523047d84ULL, 0x32caab7b40c72493ULL,
159 0x3c9ebe0a15c9bebcULL, 0x431d67c49c100d4cULL,
160 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL,
161 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL
162};
163
164#undef Ch
165#undef Maj
166#undef S0
167#undef S1
168#undef R0
169#undef R1
170
171static void FAST_FUNC sha256_process_block64(sha256_ctx_t *ctx)
172{
173 unsigned t;
174 uint32_t W[64], a, b, c, d, e, f, g, h;
175 const uint32_t *words = (uint32_t*) ctx->wbuffer;
176
177 /* Operators defined in FIPS 180-2:4.1.2. */
178#define Ch(x, y, z) ((x & y) ^ (~x & z))
179#define Maj(x, y, z) ((x & y) ^ (x & z) ^ (y & z))
180#define S0(x) (rotr32(x, 2) ^ rotr32(x, 13) ^ rotr32(x, 22))
181#define S1(x) (rotr32(x, 6) ^ rotr32(x, 11) ^ rotr32(x, 25))
182#define R0(x) (rotr32(x, 7) ^ rotr32(x, 18) ^ (x >> 3))
183#define R1(x) (rotr32(x, 17) ^ rotr32(x, 19) ^ (x >> 10))
184
185 /* Compute the message schedule according to FIPS 180-2:6.2.2 step 2. */
186 for (t = 0; t < 16; ++t)
187 W[t] = SWAP_BE32(words[t]);
188 for (/*t = 16*/; t < 64; ++t)
189 W[t] = R1(W[t - 2]) + W[t - 7] + R0(W[t - 15]) + W[t - 16];
190
191 a = ctx->hash[0];
192 b = ctx->hash[1];
193 c = ctx->hash[2];
194 d = ctx->hash[3];
195 e = ctx->hash[4];
196 f = ctx->hash[5];
197 g = ctx->hash[6];
198 h = ctx->hash[7];
199
200 /* The actual computation according to FIPS 180-2:6.2.2 step 3. */
201 for (t = 0; t < 64; ++t) {
202 /* Need to fetch upper half of sha_K[t]
203 * (I hope compiler is clever enough to just fetch
204 * upper half)
205 */
206 uint32_t K_t = sha_K[t] >> 32;
207 uint32_t T1 = h + S1(e) + Ch(e, f, g) + K_t + W[t];
208 uint32_t T2 = S0(a) + Maj(a, b, c);
209 h = g;
210 g = f;
211 f = e;
212 e = d + T1;
213 d = c;
214 c = b;
215 b = a;
216 a = T1 + T2;
217 }
218#undef Ch
219#undef Maj
220#undef S0
221#undef S1
222#undef R0
223#undef R1
224 /* Add the starting values of the context according to FIPS 180-2:6.2.2
225 step 4. */
226 ctx->hash[0] += a;
227 ctx->hash[1] += b;
228 ctx->hash[2] += c;
229 ctx->hash[3] += d;
230 ctx->hash[4] += e;
231 ctx->hash[5] += f;
232 ctx->hash[6] += g;
233 ctx->hash[7] += h;
234}
235
236static void FAST_FUNC sha512_process_block128(sha512_ctx_t *ctx)
237{
238 unsigned t;
239 uint64_t W[80];
240 /* On i386, having assignments here (not later as sha256 does)
241 * produces 99 bytes smaller code with gcc 4.3.1
242 */
243 uint64_t a = ctx->hash[0];
244 uint64_t b = ctx->hash[1];
245 uint64_t c = ctx->hash[2];
246 uint64_t d = ctx->hash[3];
247 uint64_t e = ctx->hash[4];
248 uint64_t f = ctx->hash[5];
249 uint64_t g = ctx->hash[6];
250 uint64_t h = ctx->hash[7];
251 const uint64_t *words = (uint64_t*) ctx->wbuffer;
252
253 /* Operators defined in FIPS 180-2:4.1.2. */
254#define Ch(x, y, z) ((x & y) ^ (~x & z))
255#define Maj(x, y, z) ((x & y) ^ (x & z) ^ (y & z))
256#define S0(x) (rotr64(x, 28) ^ rotr64(x, 34) ^ rotr64(x, 39))
257#define S1(x) (rotr64(x, 14) ^ rotr64(x, 18) ^ rotr64(x, 41))
258#define R0(x) (rotr64(x, 1) ^ rotr64(x, 8) ^ (x >> 7))
259#define R1(x) (rotr64(x, 19) ^ rotr64(x, 61) ^ (x >> 6))
260
261 /* Compute the message schedule according to FIPS 180-2:6.3.2 step 2. */
262 for (t = 0; t < 16; ++t)
263 W[t] = SWAP_BE64(words[t]);
264 for (/*t = 16*/; t < 80; ++t)
265 W[t] = R1(W[t - 2]) + W[t - 7] + R0(W[t - 15]) + W[t - 16];
266
267 /* The actual computation according to FIPS 180-2:6.3.2 step 3. */
268 for (t = 0; t < 80; ++t) {
269 uint64_t T1 = h + S1(e) + Ch(e, f, g) + sha_K[t] + W[t];
270 uint64_t T2 = S0(a) + Maj(a, b, c);
271 h = g;
272 g = f;
273 f = e;
274 e = d + T1;
275 d = c;
276 c = b;
277 b = a;
278 a = T1 + T2;
279 }
280#undef Ch
281#undef Maj
282#undef S0
283#undef S1
284#undef R0
285#undef R1
286 /* Add the starting values of the context according to FIPS 180-2:6.3.2
287 step 4. */
288 ctx->hash[0] += a;
289 ctx->hash[1] += b;
290 ctx->hash[2] += c;
291 ctx->hash[3] += d;
292 ctx->hash[4] += e;
293 ctx->hash[5] += f;
294 ctx->hash[6] += g;
295 ctx->hash[7] += h;
296}
297
298
299void FAST_FUNC sha1_begin(sha1_ctx_t *ctx)
300{
301 ctx->hash[0] = 0x67452301;
302 ctx->hash[1] = 0xefcdab89;
303 ctx->hash[2] = 0x98badcfe;
304 ctx->hash[3] = 0x10325476;
305 ctx->hash[4] = 0xc3d2e1f0;
306 ctx->total64 = 0;
307 ctx->process_block = sha1_process_block64;
308}
309
310static const uint32_t init256[] = {
311 0x6a09e667,
312 0xbb67ae85,
313 0x3c6ef372,
314 0xa54ff53a,
315 0x510e527f,
316 0x9b05688c,
317 0x1f83d9ab,
318 0x5be0cd19,
319 0,
320 0,
321};
322static const uint32_t init512_lo[] = {
323 0xf3bcc908,
324 0x84caa73b,
325 0xfe94f82b,
326 0x5f1d36f1,
327 0xade682d1,
328 0x2b3e6c1f,
329 0xfb41bd6b,
330 0x137e2179,
331 0,
332 0,
333};
334
335/* Initialize structure containing state of computation.
336 (FIPS 180-2:5.3.2) */
337void FAST_FUNC sha256_begin(sha256_ctx_t *ctx)
338{
339 memcpy(ctx->hash, init256, sizeof(init256));
340 /*ctx->total64 = 0; - done by extending init256 with two 32-bit zeros */
341 ctx->process_block = sha256_process_block64;
342}
343
344/* Initialize structure containing state of computation.
345 (FIPS 180-2:5.3.3) */
346void FAST_FUNC sha512_begin(sha512_ctx_t *ctx)
347{
348 int i;
349 /* Two extra iterations zero out ctx->total64[] */
350 for (i = 0; i < 8+2; i++)
351 ctx->hash[i] = ((uint64_t)(init256[i]) << 32) + init512_lo[i];
352 /*ctx->total64[0] = ctx->total64[1] = 0; - already done */
353}
354
355
356/* Used also for sha256 */
357void FAST_FUNC sha1_hash(sha1_ctx_t *ctx, const void *buffer, size_t len)
358{ 40{
359 unsigned bufpos = ctx->total64 & 63; 41 unsigned bufpos = ctx->total64 & 63;
360 unsigned remaining;
361 42
362 ctx->total64 += len; 43 ctx->total64 += len;
363#if 0
364 remaining = 64 - bufpos;
365
366 /* Hash whole blocks */
367 while (len >= remaining) {
368 memcpy(ctx->wbuffer + bufpos, buffer, remaining);
369 buffer = (const char *)buffer + remaining;
370 len -= remaining;
371 remaining = 64;
372 bufpos = 0;
373 ctx->process_block(ctx);
374 }
375 44
376 /* Save last, partial blosk */
377 memcpy(ctx->wbuffer + bufpos, buffer, len);
378#else
379 /* Tiny bit smaller code */
380 while (1) { 45 while (1) {
381 remaining = 64 - bufpos; 46 unsigned remaining = 64 - bufpos;
382 if (remaining > len) 47 if (remaining > len)
383 remaining = len; 48 remaining = len;
384 /* Copy data into aligned buffer */ 49 /* Copy data into aligned buffer */
@@ -394,62 +59,12 @@ void FAST_FUNC sha1_hash(sha1_ctx_t *ctx, const void *buffer, size_t len)
394 ctx->process_block(ctx); 59 ctx->process_block(ctx);
395 /*bufpos = 0; - already is */ 60 /*bufpos = 0; - already is */
396 } 61 }
397#endif
398} 62}
399 63
400void FAST_FUNC sha512_hash(sha512_ctx_t *ctx, const void *buffer, size_t len) 64/* Process the remaining bytes in the buffer */
401{ 65static void FAST_FUNC common64_end(md5_ctx_t *ctx, int swap_needed)
402 unsigned bufpos = ctx->total64[0] & 127;
403 unsigned remaining;
404
405 /* First increment the byte count. FIPS 180-2 specifies the possible
406 length of the file up to 2^128 _bits_.
407 We compute the number of _bytes_ and convert to bits later. */
408 ctx->total64[0] += len;
409 if (ctx->total64[0] < len)
410 ctx->total64[1]++;
411#if 0
412 remaining = 128 - bufpos;
413
414 /* Hash whole blocks */
415 while (len >= remaining) {
416 memcpy(ctx->wbuffer + bufpos, buffer, remaining);
417 buffer = (const char *)buffer + remaining;
418 len -= remaining;
419 remaining = 128;
420 bufpos = 0;
421 sha512_process_block128(ctx);
422 }
423
424 /* Save last, partial blosk */
425 memcpy(ctx->wbuffer + bufpos, buffer, len);
426#else
427 while (1) {
428 remaining = 128 - bufpos;
429 if (remaining > len)
430 remaining = len;
431 /* Copy data into aligned buffer */
432 memcpy(ctx->wbuffer + bufpos, buffer, remaining);
433 len -= remaining;
434 buffer = (const char *)buffer + remaining;
435 bufpos += remaining;
436 /* clever way to do "if (bufpos != 128) break; ... ; bufpos = 0;" */
437 bufpos -= 128;
438 if (bufpos != 0)
439 break;
440 /* Buffer is filled up, process it */
441 sha512_process_block128(ctx);
442 /*bufpos = 0; - already is */
443 }
444#endif
445}
446
447
448/* Used also for sha256 */
449void FAST_FUNC sha1_end(sha1_ctx_t *ctx, void *resbuf)
450{ 66{
451 unsigned bufpos = ctx->total64 & 63; 67 unsigned bufpos = ctx->total64 & 63;
452
453 /* Pad the buffer to the next 64-byte boundary with 0x80,0,0,0... */ 68 /* Pad the buffer to the next 64-byte boundary with 0x80,0,0,0... */
454 ctx->wbuffer[bufpos++] = 0x80; 69 ctx->wbuffer[bufpos++] = 0x80;
455 70
@@ -459,9 +74,10 @@ void FAST_FUNC sha1_end(sha1_ctx_t *ctx, void *resbuf)
459 memset(ctx->wbuffer + bufpos, 0, remaining); 74 memset(ctx->wbuffer + bufpos, 0, remaining);
460 /* Do we have enough space for the length count? */ 75 /* Do we have enough space for the length count? */
461 if (remaining >= 8) { 76 if (remaining >= 8) {
462 /* Store the 64-bit counter of bits in the buffer in BE format */ 77 /* Store the 64-bit counter of bits in the buffer */
463 uint64_t t = ctx->total64 << 3; 78 uint64_t t = ctx->total64 << 3;
464 t = SWAP_BE64(t); 79 if (swap_needed)
80 t = bb_bswap_64(t);
465 /* wbuffer is suitably aligned for this */ 81 /* wbuffer is suitably aligned for this */
466 *(uint64_t *) (&ctx->wbuffer[64 - 8]) = t; 82 *(uint64_t *) (&ctx->wbuffer[64 - 8]) = t;
467 } 83 }
@@ -470,49 +86,6 @@ void FAST_FUNC sha1_end(sha1_ctx_t *ctx, void *resbuf)
470 break; 86 break;
471 bufpos = 0; 87 bufpos = 0;
472 } 88 }
473
474 bufpos = (ctx->process_block == sha1_process_block64) ? 5 : 8;
475 /* This way we do not impose alignment constraints on resbuf: */
476 if (BB_LITTLE_ENDIAN) {
477 unsigned i;
478 for (i = 0; i < bufpos; ++i)
479 ctx->hash[i] = SWAP_BE32(ctx->hash[i]);
480 }
481 memcpy(resbuf, ctx->hash, sizeof(ctx->hash[0]) * bufpos);
482}
483
484void FAST_FUNC sha512_end(sha512_ctx_t *ctx, void *resbuf)
485{
486 unsigned bufpos = ctx->total64[0] & 127;
487
488 /* Pad the buffer to the next 128-byte boundary with 0x80,0,0,0... */
489 ctx->wbuffer[bufpos++] = 0x80;
490
491 while (1) {
492 unsigned remaining = 128 - bufpos;
493 memset(ctx->wbuffer + bufpos, 0, remaining);
494 if (remaining >= 16) {
495 /* Store the 128-bit counter of bits in the buffer in BE format */
496 uint64_t t;
497 t = ctx->total64[0] << 3;
498 t = SWAP_BE64(t);
499 *(uint64_t *) (&ctx->wbuffer[128 - 8]) = t;
500 t = (ctx->total64[1] << 3) | (ctx->total64[0] >> 61);
501 t = SWAP_BE64(t);
502 *(uint64_t *) (&ctx->wbuffer[128 - 16]) = t;
503 }
504 sha512_process_block128(ctx);
505 if (remaining >= 16)
506 break;
507 bufpos = 0;
508 }
509
510 if (BB_LITTLE_ENDIAN) {
511 unsigned i;
512 for (i = 0; i < ARRAY_SIZE(ctx->hash); ++i)
513 ctx->hash[i] = SWAP_BE64(ctx->hash[i]);
514 }
515 memcpy(resbuf, ctx->hash, sizeof(ctx->hash));
516} 89}
517 90
518 91
@@ -539,18 +112,6 @@ void FAST_FUNC sha512_end(sha512_ctx_t *ctx, void *resbuf)
539# define MD5_SIZE_VS_SPEED CONFIG_MD5_SIZE_VS_SPEED 112# define MD5_SIZE_VS_SPEED CONFIG_MD5_SIZE_VS_SPEED
540#endif 113#endif
541 114
542/* Initialize structure containing state of computation.
543 * (RFC 1321, 3.3: Step 3)
544 */
545void FAST_FUNC md5_begin(md5_ctx_t *ctx)
546{
547 ctx->A = 0x67452301;
548 ctx->B = 0xefcdab89;
549 ctx->C = 0x98badcfe;
550 ctx->D = 0x10325476;
551 ctx->total64 = 0;
552}
553
554/* These are the four functions used in the four steps of the MD5 algorithm 115/* These are the four functions used in the four steps of the MD5 algorithm
555 * and defined in the RFC 1321. The first function is a little bit optimized 116 * and defined in the RFC 1321. The first function is a little bit optimized
556 * (as found in Colin Plumbs public domain implementation). 117 * (as found in Colin Plumbs public domain implementation).
@@ -566,7 +127,7 @@ void FAST_FUNC md5_begin(md5_ctx_t *ctx)
566#define FI(b, c, d) (c ^ (b | ~d)) 127#define FI(b, c, d) (c ^ (b | ~d))
567 128
568/* Hash a single block, 64 bytes long and 4-byte aligned */ 129/* Hash a single block, 64 bytes long and 4-byte aligned */
569static void md5_process_block64(md5_ctx_t *ctx) 130static void FAST_FUNC md5_process_block64(md5_ctx_t *ctx)
570{ 131{
571#if MD5_SIZE_VS_SPEED > 0 132#if MD5_SIZE_VS_SPEED > 0
572 /* Before we start, one word to the strange constants. 133 /* Before we start, one word to the strange constants.
@@ -605,10 +166,10 @@ static void md5_process_block64(md5_ctx_t *ctx)
605 }; 166 };
606#endif 167#endif
607 uint32_t *words = (void*) ctx->wbuffer; 168 uint32_t *words = (void*) ctx->wbuffer;
608 uint32_t A = ctx->A; 169 uint32_t A = ctx->hash[0];
609 uint32_t B = ctx->B; 170 uint32_t B = ctx->hash[1];
610 uint32_t C = ctx->C; 171 uint32_t C = ctx->hash[2];
611 uint32_t D = ctx->D; 172 uint32_t D = ctx->hash[3];
612 173
613#if MD5_SIZE_VS_SPEED >= 2 /* 2 or 3 */ 174#if MD5_SIZE_VS_SPEED >= 2 /* 2 or 3 */
614 175
@@ -705,10 +266,10 @@ static void md5_process_block64(md5_ctx_t *ctx)
705 } 266 }
706# endif 267# endif
707 /* Add checksum to the starting values */ 268 /* Add checksum to the starting values */
708 ctx->A += A; 269 ctx->hash[0] += A;
709 ctx->B += B; 270 ctx->hash[1] += B;
710 ctx->C += C; 271 ctx->hash[2] += C;
711 ctx->D += D; 272 ctx->hash[3] += D;
712 273
713#else /* MD5_SIZE_VS_SPEED == 0 or 1 */ 274#else /* MD5_SIZE_VS_SPEED == 0 or 1 */
714 275
@@ -860,10 +421,10 @@ static void md5_process_block64(md5_ctx_t *ctx)
860# undef OP 421# undef OP
861# endif 422# endif
862 /* Add checksum to the starting values */ 423 /* Add checksum to the starting values */
863 ctx->A = A_save + A; 424 ctx->hash[0] = A_save + A;
864 ctx->B = B_save + B; 425 ctx->hash[1] = B_save + B;
865 ctx->C = C_save + C; 426 ctx->hash[2] = C_save + C;
866 ctx->D = D_save + D; 427 ctx->hash[3] = D_save + D;
867#endif 428#endif
868} 429}
869#undef FF 430#undef FF
@@ -871,37 +432,404 @@ static void md5_process_block64(md5_ctx_t *ctx)
871#undef FH 432#undef FH
872#undef FI 433#undef FI
873 434
874/* Feed data through a temporary buffer to call md5_hash_aligned_block() 435/* Initialize structure containing state of computation.
875 * with chunks of data that are 4-byte aligned and a multiple of 64 bytes. 436 * (RFC 1321, 3.3: Step 3)
876 * This function's internal buffer remembers previous data until it has 64 437 */
877 * bytes worth to pass on. Call md5_end() to flush this buffer. */ 438void FAST_FUNC md5_begin(md5_ctx_t *ctx)
439{
440 ctx->hash[0] = 0x67452301;
441 ctx->hash[1] = 0xefcdab89;
442 ctx->hash[2] = 0x98badcfe;
443 ctx->hash[3] = 0x10325476;
444 ctx->total64 = 0;
445 ctx->process_block = md5_process_block64;
446}
447
448/* Used also for sha1 and sha256 */
878void FAST_FUNC md5_hash(md5_ctx_t *ctx, const void *buffer, size_t len) 449void FAST_FUNC md5_hash(md5_ctx_t *ctx, const void *buffer, size_t len)
879{ 450{
880 unsigned bufpos = ctx->total64 & 63; 451 common64_hash(ctx, buffer, len);
452}
453
454/* Process the remaining bytes in the buffer and put result from CTX
455 * in first 16 bytes following RESBUF. The result is always in little
456 * endian byte order, so that a byte-wise output yields to the wanted
457 * ASCII representation of the message digest.
458 */
459void FAST_FUNC md5_end(md5_ctx_t *ctx, void *resbuf)
460{
461 /* MD5 stores total in LE, need to swap on BE arches: */
462 common64_end(ctx, /*swap_needed:*/ BB_BIG_ENDIAN);
463
464 /* The MD5 result is in little endian byte order */
465#if BB_BIG_ENDIAN
466 ctx->hash[0] = SWAP_LE32(ctx->hash[0]);
467 ctx->hash[1] = SWAP_LE32(ctx->hash[1]);
468 ctx->hash[2] = SWAP_LE32(ctx->hash[2]);
469 ctx->hash[3] = SWAP_LE32(ctx->hash[3]);
470#endif
471 memcpy(resbuf, ctx->hash, sizeof(ctx->hash[0]) * 4);
472}
473
474
475/*
476 * Based on shasum from http://www.netsw.org/crypto/hash/
477 * Majorly hacked up to use Dr Brian Gladman's sha1 code
478 *
479 * Copyright (C) 2002 Dr Brian Gladman <brg@gladman.me.uk>, Worcester, UK.
480 * Copyright (C) 2003 Glenn L. McGrath
481 * Copyright (C) 2003 Erik Andersen
482 *
483 * Licensed under GPLv2 or later, see file LICENSE in this source tree.
484 *
485 * ---------------------------------------------------------------------------
486 * Issue Date: 10/11/2002
487 *
488 * This is a byte oriented version of SHA1 that operates on arrays of bytes
489 * stored in memory. It runs at 22 cycles per byte on a Pentium P4 processor
490 *
491 * ---------------------------------------------------------------------------
492 *
493 * SHA256 and SHA512 parts are:
494 * Released into the Public Domain by Ulrich Drepper <drepper@redhat.com>.
495 * Shrank by Denys Vlasenko.
496 *
497 * ---------------------------------------------------------------------------
498 *
499 * The best way to test random blocksizes is to go to coreutils/md5_sha1_sum.c
500 * and replace "4096" with something like "2000 + time(NULL) % 2097",
501 * then rebuild and compare "shaNNNsum bigfile" results.
502 */
503
504static void FAST_FUNC sha1_process_block64(sha1_ctx_t *ctx)
505{
506 unsigned t;
507 uint32_t W[80], a, b, c, d, e;
508 const uint32_t *words = (uint32_t*) ctx->wbuffer;
509
510 for (t = 0; t < 16; ++t)
511 W[t] = SWAP_BE32(words[t]);
512 for (/*t = 16*/; t < 80; ++t) {
513 uint32_t T = W[t - 3] ^ W[t - 8] ^ W[t - 14] ^ W[t - 16];
514 W[t] = rotl32(T, 1);
515 }
516
517 a = ctx->hash[0];
518 b = ctx->hash[1];
519 c = ctx->hash[2];
520 d = ctx->hash[3];
521 e = ctx->hash[4];
522
523#undef ch
524#undef parity
525#undef maj
526#undef rnd
527#define ch(x,y,z) ((z) ^ ((x) & ((y) ^ (z))))
528#define parity(x,y,z) ((x) ^ (y) ^ (z))
529#define maj(x,y,z) (((x) & (y)) | ((z) & ((x) | (y))))
530/* A normal version as set out in the FIPS. */
531#define rnd(f,k) \
532 do { \
533 uint32_t T = a; \
534 a = rotl32(a, 5) + f(b, c, d) + e + k + W[t]; \
535 e = d; \
536 d = c; \
537 c = rotl32(b, 30); \
538 b = T; \
539 } while (0)
540
541 for (t = 0; t < 20; ++t)
542 rnd(ch, 0x5a827999);
543
544 for (/*t = 20*/; t < 40; ++t)
545 rnd(parity, 0x6ed9eba1);
546
547 for (/*t = 40*/; t < 60; ++t)
548 rnd(maj, 0x8f1bbcdc);
549
550 for (/*t = 60*/; t < 80; ++t)
551 rnd(parity, 0xca62c1d6);
552#undef ch
553#undef parity
554#undef maj
555#undef rnd
556
557 ctx->hash[0] += a;
558 ctx->hash[1] += b;
559 ctx->hash[2] += c;
560 ctx->hash[3] += d;
561 ctx->hash[4] += e;
562}
563
564/* Constants for SHA512 from FIPS 180-2:4.2.3.
565 * SHA256 constants from FIPS 180-2:4.2.2
566 * are the most significant half of first 64 elements
567 * of the same array.
568 */
569static const uint64_t sha_K[80] = {
570 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL,
571 0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL,
572 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL,
573 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL,
574 0xd807aa98a3030242ULL, 0x12835b0145706fbeULL,
575 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL,
576 0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL,
577 0x9bdc06a725c71235ULL, 0xc19bf174cf692694ULL,
578 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL,
579 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL,
580 0x2de92c6f592b0275ULL, 0x4a7484aa6ea6e483ULL,
581 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL,
582 0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL,
583 0xb00327c898fb213fULL, 0xbf597fc7beef0ee4ULL,
584 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL,
585 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL,
586 0x27b70a8546d22ffcULL, 0x2e1b21385c26c926ULL,
587 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL,
588 0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL,
589 0x81c2c92e47edaee6ULL, 0x92722c851482353bULL,
590 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL,
591 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL,
592 0xd192e819d6ef5218ULL, 0xd69906245565a910ULL,
593 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL,
594 0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL,
595 0x2748774cdf8eeb99ULL, 0x34b0bcb5e19b48a8ULL,
596 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL,
597 0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL,
598 0x748f82ee5defb2fcULL, 0x78a5636f43172f60ULL,
599 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL,
600 0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL,
601 0xbef9a3f7b2c67915ULL, 0xc67178f2e372532bULL,
602 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL, /* [64]+ are used for sha512 only */
603 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL,
604 0x06f067aa72176fbaULL, 0x0a637dc5a2c898a6ULL,
605 0x113f9804bef90daeULL, 0x1b710b35131c471bULL,
606 0x28db77f523047d84ULL, 0x32caab7b40c72493ULL,
607 0x3c9ebe0a15c9bebcULL, 0x431d67c49c100d4cULL,
608 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL,
609 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL
610};
611
612#undef Ch
613#undef Maj
614#undef S0
615#undef S1
616#undef R0
617#undef R1
618
619static void FAST_FUNC sha256_process_block64(sha256_ctx_t *ctx)
620{
621 unsigned t;
622 uint32_t W[64], a, b, c, d, e, f, g, h;
623 const uint32_t *words = (uint32_t*) ctx->wbuffer;
624
625 /* Operators defined in FIPS 180-2:4.1.2. */
626#define Ch(x, y, z) ((x & y) ^ (~x & z))
627#define Maj(x, y, z) ((x & y) ^ (x & z) ^ (y & z))
628#define S0(x) (rotr32(x, 2) ^ rotr32(x, 13) ^ rotr32(x, 22))
629#define S1(x) (rotr32(x, 6) ^ rotr32(x, 11) ^ rotr32(x, 25))
630#define R0(x) (rotr32(x, 7) ^ rotr32(x, 18) ^ (x >> 3))
631#define R1(x) (rotr32(x, 17) ^ rotr32(x, 19) ^ (x >> 10))
632
633 /* Compute the message schedule according to FIPS 180-2:6.2.2 step 2. */
634 for (t = 0; t < 16; ++t)
635 W[t] = SWAP_BE32(words[t]);
636 for (/*t = 16*/; t < 64; ++t)
637 W[t] = R1(W[t - 2]) + W[t - 7] + R0(W[t - 15]) + W[t - 16];
638
639 a = ctx->hash[0];
640 b = ctx->hash[1];
641 c = ctx->hash[2];
642 d = ctx->hash[3];
643 e = ctx->hash[4];
644 f = ctx->hash[5];
645 g = ctx->hash[6];
646 h = ctx->hash[7];
647
648 /* The actual computation according to FIPS 180-2:6.2.2 step 3. */
649 for (t = 0; t < 64; ++t) {
650 /* Need to fetch upper half of sha_K[t]
651 * (I hope compiler is clever enough to just fetch
652 * upper half)
653 */
654 uint32_t K_t = sha_K[t] >> 32;
655 uint32_t T1 = h + S1(e) + Ch(e, f, g) + K_t + W[t];
656 uint32_t T2 = S0(a) + Maj(a, b, c);
657 h = g;
658 g = f;
659 f = e;
660 e = d + T1;
661 d = c;
662 c = b;
663 b = a;
664 a = T1 + T2;
665 }
666#undef Ch
667#undef Maj
668#undef S0
669#undef S1
670#undef R0
671#undef R1
672 /* Add the starting values of the context according to FIPS 180-2:6.2.2
673 step 4. */
674 ctx->hash[0] += a;
675 ctx->hash[1] += b;
676 ctx->hash[2] += c;
677 ctx->hash[3] += d;
678 ctx->hash[4] += e;
679 ctx->hash[5] += f;
680 ctx->hash[6] += g;
681 ctx->hash[7] += h;
682}
683
684static void FAST_FUNC sha512_process_block128(sha512_ctx_t *ctx)
685{
686 unsigned t;
687 uint64_t W[80];
688 /* On i386, having assignments here (not later as sha256 does)
689 * produces 99 bytes smaller code with gcc 4.3.1
690 */
691 uint64_t a = ctx->hash[0];
692 uint64_t b = ctx->hash[1];
693 uint64_t c = ctx->hash[2];
694 uint64_t d = ctx->hash[3];
695 uint64_t e = ctx->hash[4];
696 uint64_t f = ctx->hash[5];
697 uint64_t g = ctx->hash[6];
698 uint64_t h = ctx->hash[7];
699 const uint64_t *words = (uint64_t*) ctx->wbuffer;
700
701 /* Operators defined in FIPS 180-2:4.1.2. */
702#define Ch(x, y, z) ((x & y) ^ (~x & z))
703#define Maj(x, y, z) ((x & y) ^ (x & z) ^ (y & z))
704#define S0(x) (rotr64(x, 28) ^ rotr64(x, 34) ^ rotr64(x, 39))
705#define S1(x) (rotr64(x, 14) ^ rotr64(x, 18) ^ rotr64(x, 41))
706#define R0(x) (rotr64(x, 1) ^ rotr64(x, 8) ^ (x >> 7))
707#define R1(x) (rotr64(x, 19) ^ rotr64(x, 61) ^ (x >> 6))
708
709 /* Compute the message schedule according to FIPS 180-2:6.3.2 step 2. */
710 for (t = 0; t < 16; ++t)
711 W[t] = SWAP_BE64(words[t]);
712 for (/*t = 16*/; t < 80; ++t)
713 W[t] = R1(W[t - 2]) + W[t - 7] + R0(W[t - 15]) + W[t - 16];
714
715 /* The actual computation according to FIPS 180-2:6.3.2 step 3. */
716 for (t = 0; t < 80; ++t) {
717 uint64_t T1 = h + S1(e) + Ch(e, f, g) + sha_K[t] + W[t];
718 uint64_t T2 = S0(a) + Maj(a, b, c);
719 h = g;
720 g = f;
721 f = e;
722 e = d + T1;
723 d = c;
724 c = b;
725 b = a;
726 a = T1 + T2;
727 }
728#undef Ch
729#undef Maj
730#undef S0
731#undef S1
732#undef R0
733#undef R1
734 /* Add the starting values of the context according to FIPS 180-2:6.3.2
735 step 4. */
736 ctx->hash[0] += a;
737 ctx->hash[1] += b;
738 ctx->hash[2] += c;
739 ctx->hash[3] += d;
740 ctx->hash[4] += e;
741 ctx->hash[5] += f;
742 ctx->hash[6] += g;
743 ctx->hash[7] += h;
744}
745
746
747void FAST_FUNC sha1_begin(sha1_ctx_t *ctx)
748{
749 ctx->hash[0] = 0x67452301;
750 ctx->hash[1] = 0xefcdab89;
751 ctx->hash[2] = 0x98badcfe;
752 ctx->hash[3] = 0x10325476;
753 ctx->hash[4] = 0xc3d2e1f0;
754 ctx->total64 = 0;
755 ctx->process_block = sha1_process_block64;
756}
757
758static const uint32_t init256[] = {
759 0,
760 0,
761 0x6a09e667,
762 0xbb67ae85,
763 0x3c6ef372,
764 0xa54ff53a,
765 0x510e527f,
766 0x9b05688c,
767 0x1f83d9ab,
768 0x5be0cd19,
769};
770static const uint32_t init512_lo[] = {
771 0,
772 0,
773 0xf3bcc908,
774 0x84caa73b,
775 0xfe94f82b,
776 0x5f1d36f1,
777 0xade682d1,
778 0x2b3e6c1f,
779 0xfb41bd6b,
780 0x137e2179,
781};
782
783/* Initialize structure containing state of computation.
784 (FIPS 180-2:5.3.2) */
785void FAST_FUNC sha256_begin(sha256_ctx_t *ctx)
786{
787 memcpy(&ctx->total64, init256, sizeof(init256));
788 /*ctx->total64 = 0; - done by prepending two 32-bit zeros to init256 */
789 ctx->process_block = sha256_process_block64;
790}
791
792/* Initialize structure containing state of computation.
793 (FIPS 180-2:5.3.3) */
794void FAST_FUNC sha512_begin(sha512_ctx_t *ctx)
795{
796 int i;
797 /* Two extra iterations zero out ctx->total64[2] */
798 uint64_t *tp = ctx->total64;
799 for (i = 0; i < 2+8; i++)
800 tp[i] = ((uint64_t)(init256[i]) << 32) + init512_lo[i];
801 /*ctx->total64[0] = ctx->total64[1] = 0; - already done */
802}
803
804void FAST_FUNC sha512_hash(sha512_ctx_t *ctx, const void *buffer, size_t len)
805{
806 unsigned bufpos = ctx->total64[0] & 127;
881 unsigned remaining; 807 unsigned remaining;
882 808
883 /* RFC 1321 specifies the possible length of the file up to 2^64 bits. 809 /* First increment the byte count. FIPS 180-2 specifies the possible
884 * Here we only track the number of bytes. */ 810 length of the file up to 2^128 _bits_.
885 ctx->total64 += len; 811 We compute the number of _bytes_ and convert to bits later. */
812 ctx->total64[0] += len;
813 if (ctx->total64[0] < len)
814 ctx->total64[1]++;
886#if 0 815#if 0
887 remaining = 64 - bufpos; 816 remaining = 128 - bufpos;
888 817
889 /* Hash whole blocks */ 818 /* Hash whole blocks */
890 while (len >= remaining) { 819 while (len >= remaining) {
891 memcpy(ctx->wbuffer + bufpos, buffer, remaining); 820 memcpy(ctx->wbuffer + bufpos, buffer, remaining);
892 buffer = (const char *)buffer + remaining; 821 buffer = (const char *)buffer + remaining;
893 len -= remaining; 822 len -= remaining;
894 remaining = 64; 823 remaining = 128;
895 bufpos = 0; 824 bufpos = 0;
896 md5_process_block64(ctx); 825 sha512_process_block128(ctx);
897 } 826 }
898 827
899 /* Save last, partial blosk */ 828 /* Save last, partial blosk */
900 memcpy(ctx->wbuffer + bufpos, buffer, len); 829 memcpy(ctx->wbuffer + bufpos, buffer, len);
901#else 830#else
902 /* Tiny bit smaller code */
903 while (1) { 831 while (1) {
904 remaining = 64 - bufpos; 832 remaining = 128 - bufpos;
905 if (remaining > len) 833 if (remaining > len)
906 remaining = len; 834 remaining = len;
907 /* Copy data into aligned buffer */ 835 /* Copy data into aligned buffer */
@@ -909,54 +837,65 @@ void FAST_FUNC md5_hash(md5_ctx_t *ctx, const void *buffer, size_t len)
909 len -= remaining; 837 len -= remaining;
910 buffer = (const char *)buffer + remaining; 838 buffer = (const char *)buffer + remaining;
911 bufpos += remaining; 839 bufpos += remaining;
912 /* clever way to do "if (bufpos != 64) break; ... ; bufpos = 0;" */ 840 /* clever way to do "if (bufpos != 128) break; ... ; bufpos = 0;" */
913 bufpos -= 64; 841 bufpos -= 128;
914 if (bufpos != 0) 842 if (bufpos != 0)
915 break; 843 break;
916 /* Buffer is filled up, process it */ 844 /* Buffer is filled up, process it */
917 md5_process_block64(ctx); 845 sha512_process_block128(ctx);
918 /*bufpos = 0; - already is */ 846 /*bufpos = 0; - already is */
919 } 847 }
920#endif 848#endif
921} 849}
922 850
923/* Process the remaining bytes in the buffer and put result from CTX 851/* Used also for sha256 */
924 * in first 16 bytes following RESBUF. The result is always in little 852void FAST_FUNC sha1_end(sha1_ctx_t *ctx, void *resbuf)
925 * endian byte order, so that a byte-wise output yields to the wanted
926 * ASCII representation of the message digest.
927 */
928void FAST_FUNC md5_end(md5_ctx_t *ctx, void *resbuf)
929{ 853{
930 unsigned bufpos = ctx->total64 & 63; 854 unsigned hash_size;
931 /* Pad the buffer to the next 64-byte boundary with 0x80,0,0,0... */ 855
856 /* SHA stores total in BE, need to swap on LE arches: */
857 common64_end(ctx, /*swap_needed:*/ BB_LITTLE_ENDIAN);
858
859 hash_size = (ctx->process_block == sha1_process_block64) ? 5 : 8;
860 /* This way we do not impose alignment constraints on resbuf: */
861 if (BB_LITTLE_ENDIAN) {
862 unsigned i;
863 for (i = 0; i < hash_size; ++i)
864 ctx->hash[i] = SWAP_BE32(ctx->hash[i]);
865 }
866 memcpy(resbuf, ctx->hash, sizeof(ctx->hash[0]) * hash_size);
867}
868
869void FAST_FUNC sha512_end(sha512_ctx_t *ctx, void *resbuf)
870{
871 unsigned bufpos = ctx->total64[0] & 127;
872
873 /* Pad the buffer to the next 128-byte boundary with 0x80,0,0,0... */
932 ctx->wbuffer[bufpos++] = 0x80; 874 ctx->wbuffer[bufpos++] = 0x80;
933 875
934 /* This loop iterates either once or twice, no more, no less */
935 while (1) { 876 while (1) {
936 unsigned remaining = 64 - bufpos; 877 unsigned remaining = 128 - bufpos;
937 memset(ctx->wbuffer + bufpos, 0, remaining); 878 memset(ctx->wbuffer + bufpos, 0, remaining);
938 /* Do we have enough space for the length count? */ 879 if (remaining >= 16) {
939 if (remaining >= 8) { 880 /* Store the 128-bit counter of bits in the buffer in BE format */
940 /* Store the 64-bit counter of bits in the buffer in LE format */ 881 uint64_t t;
941 uint64_t t = ctx->total64 << 3; 882 t = ctx->total64[0] << 3;
942 t = SWAP_LE64(t); 883 t = SWAP_BE64(t);
943 /* wbuffer is suitably aligned for this */ 884 *(uint64_t *) (&ctx->wbuffer[128 - 8]) = t;
944 *(uint64_t *) (&ctx->wbuffer[64 - 8]) = t; 885 t = (ctx->total64[1] << 3) | (ctx->total64[0] >> 61);
886 t = SWAP_BE64(t);
887 *(uint64_t *) (&ctx->wbuffer[128 - 16]) = t;
945 } 888 }
946 md5_process_block64(ctx); 889 sha512_process_block128(ctx);
947 if (remaining >= 8) 890 if (remaining >= 16)
948 break; 891 break;
949 bufpos = 0; 892 bufpos = 0;
950 } 893 }
951 894
952 /* The MD5 result is in little endian byte order. 895 if (BB_LITTLE_ENDIAN) {
953 * We (ab)use the fact that A-D are consecutive in memory. 896 unsigned i;
954 */ 897 for (i = 0; i < ARRAY_SIZE(ctx->hash); ++i)
955#if BB_BIG_ENDIAN 898 ctx->hash[i] = SWAP_BE64(ctx->hash[i]);
956 ctx->A = SWAP_LE32(ctx->A); 899 }
957 ctx->B = SWAP_LE32(ctx->B); 900 memcpy(resbuf, ctx->hash, sizeof(ctx->hash));
958 ctx->C = SWAP_LE32(ctx->C);
959 ctx->D = SWAP_LE32(ctx->D);
960#endif
961 memcpy(resbuf, &ctx->A, sizeof(ctx->A) * 4);
962} 901}
diff --git a/libbb/safe_strncpy.c b/libbb/safe_strncpy.c
index 8eb6a014f..5eb0db0bd 100644
--- a/libbb/safe_strncpy.c
+++ b/libbb/safe_strncpy.c
@@ -20,8 +20,13 @@ char* FAST_FUNC safe_strncpy(char *dst, const char *src, size_t size)
20/* Like strcpy but can copy overlapping strings. */ 20/* Like strcpy but can copy overlapping strings. */
21void FAST_FUNC overlapping_strcpy(char *dst, const char *src) 21void FAST_FUNC overlapping_strcpy(char *dst, const char *src)
22{ 22{
23 while ((*dst = *src) != '\0') { 23 /* Cheap optimization for dst == src case -
24 dst++; 24 * better to have it here than in many callers.
25 src++; 25 */
26 if (dst != src) {
27 while ((*dst = *src) != '\0') {
28 dst++;
29 src++;
30 }
26 } 31 }
27} 32}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-27 04:13:22 +0000