[openssh-commits] [openssh] 02/04: Re-apply portability changes to current sha2.{c, h}.
git+noreply at mindrot.org
git+noreply at mindrot.org
Tue Jul 23 22:27:37 AEST 2019
This is an automated email from the git hooks/post-receive script.
dtucker pushed a commit to branch master
in repository openssh.
commit 11cba2a4523fda447e2554ea457484655bedc831
Author: Darren Tucker <dtucker at dtucker.net>
Date: Tue Jul 23 21:51:22 2019 +1000
Re-apply portability changes to current sha2.{c,h}.
Rather than attempt to apply 14 years' worth of changes to OpenBSD's sha2
I imported the current versions directly then re-applied the portability
changes. This also allowed re-syncing digest-libc.c against upstream.
---
configure.ac | 16 ++++++----------
digest-libc.c | 28 ++++++++++++++++------------
digest-openssl.c | 8 ++++++--
mac.c | 4 ----
openbsd-compat/sha2.c | 36 +++++++++++++++++++++++++++++++++++-
openbsd-compat/sha2.h | 25 ++++++++++++++++++++++---
6 files changed, 85 insertions(+), 32 deletions(-)
diff --git a/configure.ac b/configure.ac
index 63e01773..1c35b090 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1699,6 +1699,9 @@ AC_CHECK_FUNCS([ \
Blowfish_expandstate \
Blowfish_expand0state \
Blowfish_stream2word \
+ SHA256Update \
+ SHA384Update \
+ SHA512Update \
asprintf \
b64_ntop \
__b64_ntop \
@@ -2849,16 +2852,9 @@ if test "x$openssl" = "xyes" ; then
fi
AC_CHECK_FUNCS([crypt DES_crypt])
- # Search for SHA256 support in libc and/or OpenSSL
- AC_CHECK_FUNCS([SHA256_Update EVP_sha256], ,
- [unsupported_algorithms="$unsupported_algorithms \
- hmac-sha2-256 \
- hmac-sha2-512 \
- diffie-hellman-group-exchange-sha256 \
- hmac-sha2-256-etm at openssh.com \
- hmac-sha2-512-etm at openssh.com"
- ]
- )
+ # Check for SHA256, SHA384 and SHA512 support in OpenSSL
+ AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512])
+
# Search for RIPE-MD support in OpenSSL
AC_CHECK_FUNCS([EVP_ripemd160], ,
[unsupported_algorithms="$unsupported_algorithms \
diff --git a/digest-libc.c b/digest-libc.c
index c2b0b240..12737e5d 100644
--- a/digest-libc.c
+++ b/digest-libc.c
@@ -28,7 +28,11 @@
#if 0
#include <md5.h>
#include <rmd160.h>
+#endif
+#ifdef HAVE_SHA1_H
#include <sha1.h>
+#endif
+#ifdef HAVE_SHA2_H
#include <sha2.h>
#endif
@@ -83,30 +87,30 @@ const struct ssh_digest digests[SSH_DIGEST_MAX] = {
"SHA256",
SHA256_BLOCK_LENGTH,
SHA256_DIGEST_LENGTH,
- sizeof(SHA256_CTX),
- (md_init_fn *) SHA256_Init,
- (md_update_fn *) SHA256_Update,
- (md_final_fn *) SHA256_Final
+ sizeof(SHA2_CTX),
+ (md_init_fn *) SHA256Init,
+ (md_update_fn *) SHA256Update,
+ (md_final_fn *) SHA256Final
},
{
SSH_DIGEST_SHA384,
"SHA384",
SHA384_BLOCK_LENGTH,
SHA384_DIGEST_LENGTH,
- sizeof(SHA384_CTX),
- (md_init_fn *) SHA384_Init,
- (md_update_fn *) SHA384_Update,
- (md_final_fn *) SHA384_Final
+ sizeof(SHA2_CTX),
+ (md_init_fn *) SHA384Init,
+ (md_update_fn *) SHA384Update,
+ (md_final_fn *) SHA384Final
},
{
SSH_DIGEST_SHA512,
"SHA512",
SHA512_BLOCK_LENGTH,
SHA512_DIGEST_LENGTH,
- sizeof(SHA512_CTX),
- (md_init_fn *) SHA512_Init,
- (md_update_fn *) SHA512_Update,
- (md_final_fn *) SHA512_Final
+ sizeof(SHA2_CTX),
+ (md_init_fn *) SHA512Init,
+ (md_update_fn *) SHA512Update,
+ (md_final_fn *) SHA512Final
}
};
diff --git a/digest-openssl.c b/digest-openssl.c
index da7ed72b..11efbf7c 100644
--- a/digest-openssl.c
+++ b/digest-openssl.c
@@ -34,12 +34,16 @@
#ifndef HAVE_EVP_RIPEMD160
# define EVP_ripemd160 NULL
-#endif /* HAVE_EVP_RIPEMD160 */
+#endif
#ifndef HAVE_EVP_SHA256
# define EVP_sha256 NULL
+#endif
+#ifndef HAVE_EVP_SHA384
# define EVP_sha384 NULL
+#endif
+#ifndef HAVE_EVP_SHA512
# define EVP_sha512 NULL
-#endif /* HAVE_EVP_SHA256 */
+#endif
struct ssh_digest_ctx {
int alg;
diff --git a/mac.c b/mac.c
index 51dc11d7..9a504e89 100644
--- a/mac.c
+++ b/mac.c
@@ -58,10 +58,8 @@ static const struct macalg macs[] = {
/* Encrypt-and-MAC (encrypt-and-authenticate) variants */
{ "hmac-sha1", SSH_DIGEST, SSH_DIGEST_SHA1, 0, 0, 0, 0 },
{ "hmac-sha1-96", SSH_DIGEST, SSH_DIGEST_SHA1, 96, 0, 0, 0 },
-#ifdef HAVE_EVP_SHA256
{ "hmac-sha2-256", SSH_DIGEST, SSH_DIGEST_SHA256, 0, 0, 0, 0 },
{ "hmac-sha2-512", SSH_DIGEST, SSH_DIGEST_SHA512, 0, 0, 0, 0 },
-#endif
{ "hmac-md5", SSH_DIGEST, SSH_DIGEST_MD5, 0, 0, 0, 0 },
{ "hmac-md5-96", SSH_DIGEST, SSH_DIGEST_MD5, 96, 0, 0, 0 },
{ "umac-64 at openssh.com", SSH_UMAC, 0, 0, 128, 64, 0 },
@@ -70,10 +68,8 @@ static const struct macalg macs[] = {
/* Encrypt-then-MAC variants */
{ "hmac-sha1-etm at openssh.com", SSH_DIGEST, SSH_DIGEST_SHA1, 0, 0, 0, 1 },
{ "hmac-sha1-96-etm at openssh.com", SSH_DIGEST, SSH_DIGEST_SHA1, 96, 0, 0, 1 },
-#ifdef HAVE_EVP_SHA256
{ "hmac-sha2-256-etm at openssh.com", SSH_DIGEST, SSH_DIGEST_SHA256, 0, 0, 0, 1 },
{ "hmac-sha2-512-etm at openssh.com", SSH_DIGEST, SSH_DIGEST_SHA512, 0, 0, 0, 1 },
-#endif
{ "hmac-md5-etm at openssh.com", SSH_DIGEST, SSH_DIGEST_MD5, 0, 0, 0, 1 },
{ "hmac-md5-96-etm at openssh.com", SSH_DIGEST, SSH_DIGEST_MD5, 96, 0, 0, 1 },
{ "umac-64-etm at openssh.com", SSH_UMAC, 0, 0, 128, 64, 1 },
diff --git a/openbsd-compat/sha2.c b/openbsd-compat/sha2.c
index f16cf9cd..eca0644c 100644
--- a/openbsd-compat/sha2.c
+++ b/openbsd-compat/sha2.c
@@ -34,7 +34,14 @@
* $From: sha2.c,v 1.1 2001/11/08 00:01:51 adg Exp adg $
*/
-#include <sys/types.h>
+/* OPENBSD ORIGINAL: lib/libc/hash/sha2.c */
+
+#include "includes.h"
+
+#if !defined(HAVE_SHA256UPDATE) || !defined(HAVE_SHA384UPDATE) || \
+ !defined(HAVE_SHA512UPDATE)
+
+#define MAKE_CLONE(x, y) /* no-op out */
#include <string.h>
#include <sha2.h>
@@ -264,6 +271,7 @@ static const u_int64_t sha512_initial_hash_value[8] = {
};
#if !defined(SHA2_SMALL)
+#if 0
/* Initial hash value H for SHA-224: */
static const u_int32_t sha224_initial_hash_value[8] = {
0xc1059ed8UL,
@@ -275,6 +283,7 @@ static const u_int32_t sha224_initial_hash_value[8] = {
0x64f98fa7UL,
0xbefa4fa4UL
};
+#endif /* 0 */
/* Initial hash value H for SHA-384 */
static const u_int64_t sha384_initial_hash_value[8] = {
@@ -288,6 +297,7 @@ static const u_int64_t sha384_initial_hash_value[8] = {
0x47b5481dbefa4fa4ULL
};
+#if 0
/* Initial hash value H for SHA-512-256 */
static const u_int64_t sha512_256_initial_hash_value[8] = {
0x22312194fc2bf72cULL,
@@ -336,6 +346,7 @@ SHA224Final(u_int8_t digest[SHA224_DIGEST_LENGTH], SHA2_CTX *context)
}
DEF_WEAK(SHA224Final);
#endif /* !defined(SHA2_SMALL) */
+#endif /* 0 */
/*** SHA-256: *********************************************************/
void
@@ -917,6 +928,25 @@ DEF_WEAK(SHA384Transform);
DEF_WEAK(SHA384Update);
DEF_WEAK(SHA384Pad);
+/* Equivalent of MAKE_CLONE (which is a no-op) for SHA384 funcs */
+void
+SHA384Transform(u_int64_t state[8], const u_int8_t data[SHA512_BLOCK_LENGTH])
+{
+ return SHA512Transform(state, data);
+}
+
+void
+SHA384Update(SHA2_CTX *context, const u_int8_t *data, size_t len)
+{
+ SHA512Update(context, data, len);
+}
+
+void
+SHA384Pad(SHA2_CTX *context)
+{
+ SHA512Pad(context);
+}
+
void
SHA384Final(u_int8_t digest[SHA384_DIGEST_LENGTH], SHA2_CTX *context)
{
@@ -936,6 +966,7 @@ SHA384Final(u_int8_t digest[SHA384_DIGEST_LENGTH], SHA2_CTX *context)
}
DEF_WEAK(SHA384Final);
+#if 0
/*** SHA-512/256: *********************************************************/
void
SHA512_256Init(SHA2_CTX *context)
@@ -973,3 +1004,6 @@ SHA512_256Final(u_int8_t digest[SHA512_256_DIGEST_LENGTH], SHA2_CTX *context)
}
DEF_WEAK(SHA512_256Final);
#endif /* !defined(SHA2_SMALL) */
+#endif /* 0 */
+
+#endif /* HAVE_SHA{256,384,512}UPDATE */
diff --git a/openbsd-compat/sha2.h b/openbsd-compat/sha2.h
index 52ddb3f7..bf7dafc5 100644
--- a/openbsd-compat/sha2.h
+++ b/openbsd-compat/sha2.h
@@ -34,9 +34,16 @@
* $From: sha2.h,v 1.1 2001/11/08 00:02:01 adg Exp adg $
*/
-#ifndef _SHA2_H
-#define _SHA2_H
+/* OPENBSD ORIGINAL: include/sha2.h */
+#ifndef _SSHSHA2_H
+#define _SSHSHA2_H
+
+#include "includes.h"
+#include <sys/cdefs.h>
+
+#if !defined(HAVE_SHA256UPDATE) || !defined(HAVE_SHA384UPDATE) || \
+ !defined(HAVE_SHA512UPDATE)
/*** SHA-256/384/512 Various Length Definitions ***********************/
#define SHA224_BLOCK_LENGTH 64
@@ -66,6 +73,7 @@ typedef struct _SHA2_CTX {
u_int8_t buffer[SHA512_BLOCK_LENGTH];
} SHA2_CTX;
+#if 0
__BEGIN_DECLS
void SHA224Init(SHA2_CTX *);
void SHA224Transform(u_int32_t state[8], const u_int8_t [SHA224_BLOCK_LENGTH]);
@@ -83,7 +91,9 @@ char *SHA224FileChunk(const char *, char *, off_t, off_t)
char *SHA224Data(const u_int8_t *, size_t, char *)
__attribute__((__bounded__(__string__,1,2)))
__attribute__((__bounded__(__minbytes__,3,SHA224_DIGEST_STRING_LENGTH)));
+#endif /* 0 */
+#ifndef HAVE_SHA256UPDATE
void SHA256Init(SHA2_CTX *);
void SHA256Transform(u_int32_t state[8], const u_int8_t [SHA256_BLOCK_LENGTH]);
void SHA256Update(SHA2_CTX *, const u_int8_t *, size_t)
@@ -100,7 +110,9 @@ char *SHA256FileChunk(const char *, char *, off_t, off_t)
char *SHA256Data(const u_int8_t *, size_t, char *)
__attribute__((__bounded__(__string__,1,2)))
__attribute__((__bounded__(__minbytes__,3,SHA256_DIGEST_STRING_LENGTH)));
+#endif /* HAVE_SHA256UPDATE */
+#ifndef HAVE_SHA384UPDATE
void SHA384Init(SHA2_CTX *);
void SHA384Transform(u_int64_t state[8], const u_int8_t [SHA384_BLOCK_LENGTH]);
void SHA384Update(SHA2_CTX *, const u_int8_t *, size_t)
@@ -117,7 +129,9 @@ char *SHA384FileChunk(const char *, char *, off_t, off_t)
char *SHA384Data(const u_int8_t *, size_t, char *)
__attribute__((__bounded__(__string__,1,2)))
__attribute__((__bounded__(__minbytes__,3,SHA384_DIGEST_STRING_LENGTH)));
+#endif /* HAVE_SHA384UPDATE */
+#ifndef HAVE_SHA512UPDATE
void SHA512Init(SHA2_CTX *);
void SHA512Transform(u_int64_t state[8], const u_int8_t [SHA512_BLOCK_LENGTH]);
void SHA512Update(SHA2_CTX *, const u_int8_t *, size_t)
@@ -134,7 +148,9 @@ char *SHA512FileChunk(const char *, char *, off_t, off_t)
char *SHA512Data(const u_int8_t *, size_t, char *)
__attribute__((__bounded__(__string__,1,2)))
__attribute__((__bounded__(__minbytes__,3,SHA512_DIGEST_STRING_LENGTH)));
+#endif /* HAVE_SHA512UPDATE */
+#if 0
void SHA512_256Init(SHA2_CTX *);
void SHA512_256Transform(u_int64_t state[8], const u_int8_t [SHA512_256_BLOCK_LENGTH]);
void SHA512_256Update(SHA2_CTX *, const u_int8_t *, size_t)
@@ -152,5 +168,8 @@ char *SHA512_256Data(const u_int8_t *, size_t, char *)
__attribute__((__bounded__(__string__,1,2)))
__attribute__((__bounded__(__minbytes__,3,SHA512_256_DIGEST_STRING_LENGTH)));
__END_DECLS
+#endif /* 0 */
+
+#endif /* HAVE_SHA{256,384,512}UPDATE */
-#endif /* _SHA2_H */
+#endif /* _SSHSHA2_H */
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list