Bug Summary

File:libs/apr/random/unix/sha2.c
Location:line 497, column 9
Description:Value stored to 'usedspace' is never read

Annotated Source Code

1/* Licensed to the Apache Software Foundation (ASF) under one or more
2 * contributor license agreements. See the NOTICE file distributed with
3 * this work for additional information regarding copyright ownership.
4 * The ASF licenses this file to You under the Apache License, Version 2.0
5 * (the "License"); you may not use this file except in compliance with
6 * the License. You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16/*
17 * FILE: sha2.c
18 * AUTHOR: Aaron D. Gifford <me@aarongifford.com>
19 *
20 * A licence was granted to the ASF by Aaron on 4 November 2003.
21 */
22
23#include <string.h> /* memcpy()/memset() or bcopy()/bzero() */
24#include <assert.h> /* assert() */
25#include "sha2.h"
26
27/*
28 * ASSERT NOTE:
29 * Some sanity checking code is included using assert(). On my FreeBSD
30 * system, this additional code can be removed by compiling with NDEBUG
31 * defined. Check your own systems manpage on assert() to see how to
32 * compile WITHOUT the sanity checking code on your system.
33 *
34 * UNROLLED TRANSFORM LOOP NOTE:
35 * You can define SHA2_UNROLL_TRANSFORM to use the unrolled transform
36 * loop version for the hash transform rounds (defined using macros
37 * later in this file). Either define on the command line, for example:
38 *
39 * cc -DSHA2_UNROLL_TRANSFORM -o sha2 sha2.c sha2prog.c
40 *
41 * or define below:
42 *
43 * #define SHA2_UNROLL_TRANSFORM
44 *
45 */
46
47/*** SHA-256/384/512 Machine Architecture Definitions *****************/
48typedef apr_byte_t sha2_byte; /* Exactly 1 byte */
49typedef apr_uint32_t sha2_word32; /* Exactly 4 bytes */
50typedef apr_uint64_t sha2_word64; /* Exactly 8 bytes */
51
52/*** SHA-256/384/512 Various Length Definitions ***********************/
53/* NOTE: Most of these are in sha2.h */
54#define SHA256_SHORT_BLOCK_LENGTH(64 - 8) (SHA256_BLOCK_LENGTH64 - 8)
55#define SHA384_SHORT_BLOCK_LENGTH(128 - 16) (SHA384_BLOCK_LENGTH128 - 16)
56#define SHA512_SHORT_BLOCK_LENGTH(128 - 16) (SHA512_BLOCK_LENGTH128 - 16)
57
58
59/*** ENDIAN REVERSAL MACROS *******************************************/
60#if !APR_IS_BIGENDIAN0
61#define REVERSE32(w,x){ sha2_word32 tmp = (w); tmp = (tmp >> 16) | (tmp <<
16); (x) = ((tmp & 0xff00ff00UL) >> 8) | ((tmp &
0x00ff00ffUL) << 8); }
{ \
62 sha2_word32 tmp = (w); \
63 tmp = (tmp >> 16) | (tmp << 16); \
64 (x) = ((tmp & 0xff00ff00UL) >> 8) | ((tmp & 0x00ff00ffUL) << 8); \
65}
66#define REVERSE64(w,x){ sha2_word64 tmp = (w); tmp = (tmp >> 32) | (tmp <<
32); tmp = ((tmp & 0xff00ff00ff00ff00UL) >> 8) | (
(tmp & 0x00ff00ff00ff00ffUL) << 8); (x) = ((tmp &
0xffff0000ffff0000UL) >> 16) | ((tmp & 0x0000ffff0000ffffUL
) << 16); }
{ \
67 sha2_word64 tmp = (w); \
68 tmp = (tmp >> 32) | (tmp << 32); \
69 tmp = ((tmp & APR_UINT64_C(0xff00ff00ff00ff00)0xff00ff00ff00ff00UL) >> 8) | \
70 ((tmp & APR_UINT64_C(0x00ff00ff00ff00ff)0x00ff00ff00ff00ffUL) << 8); \
71 (x) = ((tmp & APR_UINT64_C(0xffff0000ffff0000)0xffff0000ffff0000UL) >> 16) | \
72 ((tmp & APR_UINT64_C(0x0000ffff0000ffff)0x0000ffff0000ffffUL) << 16); \
73}
74#endif /* !APR_IS_BIGENDIAN */
75
76/*
77 * Macro for incrementally adding the unsigned 64-bit integer n to the
78 * unsigned 128-bit integer (represented using a two-element array of
79 * 64-bit words):
80 */
81#define ADDINC128(w,n){ (w)[0] += (sha2_word64)(n); if ((w)[0] < (n)) { (w)[1]++
; } }
{ \
82 (w)[0] += (sha2_word64)(n); \
83 if ((w)[0] < (n)) { \
84 (w)[1]++; \
85 } \
86}
87
88/*
89 * Macros for copying blocks of memory and for zeroing out ranges
90 * of memory. Using these macros makes it easy to switch from
91 * using memset()/memcpy() and using bzero()/bcopy().
92 *
93 * Please define either SHA2_USE_MEMSET_MEMCPY or define
94 * SHA2_USE_BZERO_BCOPY depending on which function set you
95 * choose to use:
96 */
97#if !defined(SHA2_USE_MEMSET_MEMCPY1) && !defined(SHA2_USE_BZERO_BCOPY)
98/* Default to memset()/memcpy() if no option is specified */
99#define SHA2_USE_MEMSET_MEMCPY1 1
100#endif
101#if defined(SHA2_USE_MEMSET_MEMCPY1) && defined(SHA2_USE_BZERO_BCOPY)
102/* Abort with an error if BOTH options are defined */
103#error Define either SHA2_USE_MEMSET_MEMCPY1 or SHA2_USE_BZERO_BCOPY, not both!
104#endif
105
106#ifdef SHA2_USE_MEMSET_MEMCPY1
107#define MEMSET_BZERO(p,l)memset((p), 0, (l)) memset((p), 0, (l))
108#define MEMCPY_BCOPY(d,s,l)memcpy((d), (s), (l)) memcpy((d), (s), (l))
109#endif
110#ifdef SHA2_USE_BZERO_BCOPY
111#define MEMSET_BZERO(p,l)memset((p), 0, (l)) bzero((p), (l))
112#define MEMCPY_BCOPY(d,s,l)memcpy((d), (s), (l)) bcopy((s), (d), (l))
113#endif
114
115
116/*** THE SIX LOGICAL FUNCTIONS ****************************************/
117/*
118 * Bit shifting and rotation (used by the six SHA-XYZ logical functions:
119 *
120 * NOTE: The naming of R and S appears backwards here (R is a SHIFT and
121 * S is a ROTATION) because the SHA-256/384/512 description document
122 * (see http://csrc.nist.gov/cryptval/shs/sha256-384-512.pdf) uses this
123 * same "backwards" definition.
124 */
125/* Shift-right (used in SHA-256, SHA-384, and SHA-512): */
126#define R(b,x)((x) >> (b)) ((x) >> (b))
127/* 32-bit Rotate-right (used in SHA-256): */
128#define S32(b,x)(((x) >> (b)) | ((x) << (32 - (b)))) (((x) >> (b)) | ((x) << (32 - (b))))
129/* 64-bit Rotate-right (used in SHA-384 and SHA-512): */
130#define S64(b,x)(((x) >> (b)) | ((x) << (64 - (b)))) (((x) >> (b)) | ((x) << (64 - (b))))
131
132/* Two of six logical functions used in SHA-256, SHA-384, and SHA-512: */
133#define Ch(x,y,z)(((x) & (y)) ^ ((~(x)) & (z))) (((x) & (y)) ^ ((~(x)) & (z)))
134#define Maj(x,y,z)(((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
135
136/* Four of six logical functions used in SHA-256: */
137#define Sigma0_256(x)(((((x)) >> (2)) | (((x)) << (32 - (2)))) ^ ((((x
)) >> (13)) | (((x)) << (32 - (13)))) ^ ((((x)) >>
(22)) | (((x)) << (32 - (22)))))
(S32(2, (x))((((x)) >> (2)) | (((x)) << (32 - (2)))) ^ S32(13, (x))((((x)) >> (13)) | (((x)) << (32 - (13)))) ^ S32(22, (x))((((x)) >> (22)) | (((x)) << (32 - (22)))))
138#define Sigma1_256(x)(((((x)) >> (6)) | (((x)) << (32 - (6)))) ^ ((((x
)) >> (11)) | (((x)) << (32 - (11)))) ^ ((((x)) >>
(25)) | (((x)) << (32 - (25)))))
(S32(6, (x))((((x)) >> (6)) | (((x)) << (32 - (6)))) ^ S32(11, (x))((((x)) >> (11)) | (((x)) << (32 - (11)))) ^ S32(25, (x))((((x)) >> (25)) | (((x)) << (32 - (25)))))
139#define sigma0_256(x)(((((x)) >> (7)) | (((x)) << (32 - (7)))) ^ ((((x
)) >> (18)) | (((x)) << (32 - (18)))) ^ (((x)) >>
(3)))
(S32(7, (x))((((x)) >> (7)) | (((x)) << (32 - (7)))) ^ S32(18, (x))((((x)) >> (18)) | (((x)) << (32 - (18)))) ^ R(3 , (x))(((x)) >> (3)))
140#define sigma1_256(x)(((((x)) >> (17)) | (((x)) << (32 - (17)))) ^ (((
(x)) >> (19)) | (((x)) << (32 - (19)))) ^ (((x)) >>
(10)))
(S32(17, (x))((((x)) >> (17)) | (((x)) << (32 - (17)))) ^ S32(19, (x))((((x)) >> (19)) | (((x)) << (32 - (19)))) ^ R(10, (x))(((x)) >> (10)))
141
142/* Four of six logical functions used in SHA-384 and SHA-512: */
143#define Sigma0_512(x)(((((x)) >> (28)) | (((x)) << (64 - (28)))) ^ (((
(x)) >> (34)) | (((x)) << (64 - (34)))) ^ ((((x))
>> (39)) | (((x)) << (64 - (39)))))
(S64(28, (x))((((x)) >> (28)) | (((x)) << (64 - (28)))) ^ S64(34, (x))((((x)) >> (34)) | (((x)) << (64 - (34)))) ^ S64(39, (x))((((x)) >> (39)) | (((x)) << (64 - (39)))))
144#define Sigma1_512(x)(((((x)) >> (14)) | (((x)) << (64 - (14)))) ^ (((
(x)) >> (18)) | (((x)) << (64 - (18)))) ^ ((((x))
>> (41)) | (((x)) << (64 - (41)))))
(S64(14, (x))((((x)) >> (14)) | (((x)) << (64 - (14)))) ^ S64(18, (x))((((x)) >> (18)) | (((x)) << (64 - (18)))) ^ S64(41, (x))((((x)) >> (41)) | (((x)) << (64 - (41)))))
145#define sigma0_512(x)(((((x)) >> (1)) | (((x)) << (64 - (1)))) ^ ((((x
)) >> (8)) | (((x)) << (64 - (8)))) ^ (((x)) >>
(7)))
(S64( 1, (x))((((x)) >> (1)) | (((x)) << (64 - (1)))) ^ S64( 8, (x))((((x)) >> (8)) | (((x)) << (64 - (8)))) ^ R( 7, (x))(((x)) >> (7)))
146#define sigma1_512(x)(((((x)) >> (19)) | (((x)) << (64 - (19)))) ^ (((
(x)) >> (61)) | (((x)) << (64 - (61)))) ^ (((x)) >>
(6)))
(S64(19, (x))((((x)) >> (19)) | (((x)) << (64 - (19)))) ^ S64(61, (x))((((x)) >> (61)) | (((x)) << (64 - (61)))) ^ R( 6, (x))(((x)) >> (6)))
147
148/*** INTERNAL FUNCTION PROTOTYPES *************************************/
149/* NOTE: These should not be accessed directly from outside this
150 * library -- they are intended for private internal visibility/use
151 * only.
152 */
153void apr__SHA512_Last(SHA512_CTX*);
154void apr__SHA256_Transform(SHA256_CTX*, const sha2_word32*);
155void apr__SHA512_Transform(SHA512_CTX*, const sha2_word64*);
156
157
158/*** SHA-XYZ INITIAL HASH VALUES AND CONSTANTS ************************/
159/* Hash constant words K for SHA-256: */
160const static sha2_word32 K256[64] = {
161 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL,
162 0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL,
163 0xd807aa98UL, 0x12835b01UL, 0x243185beUL, 0x550c7dc3UL,
164 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, 0xc19bf174UL,
165 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL,
166 0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL,
167 0x983e5152UL, 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL,
168 0xc6e00bf3UL, 0xd5a79147UL, 0x06ca6351UL, 0x14292967UL,
169 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, 0x53380d13UL,
170 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL,
171 0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL,
172 0xd192e819UL, 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL,
173 0x19a4c116UL, 0x1e376c08UL, 0x2748774cUL, 0x34b0bcb5UL,
174 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, 0x682e6ff3UL,
175 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL,
176 0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL
177};
178
179/* Initial hash value H for SHA-256: */
180const static sha2_word32 sha256_initial_hash_value[8] = {
181 0x6a09e667UL,
182 0xbb67ae85UL,
183 0x3c6ef372UL,
184 0xa54ff53aUL,
185 0x510e527fUL,
186 0x9b05688cUL,
187 0x1f83d9abUL,
188 0x5be0cd19UL
189};
190
191/* Hash constant words K for SHA-384 and SHA-512: */
192const static sha2_word64 K512[80] = {
193 APR_UINT64_C(0x428a2f98d728ae22)0x428a2f98d728ae22UL, APR_UINT64_C(0x7137449123ef65cd)0x7137449123ef65cdUL,
194 APR_UINT64_C(0xb5c0fbcfec4d3b2f)0xb5c0fbcfec4d3b2fUL, APR_UINT64_C(0xe9b5dba58189dbbc)0xe9b5dba58189dbbcUL,
195 APR_UINT64_C(0x3956c25bf348b538)0x3956c25bf348b538UL, APR_UINT64_C(0x59f111f1b605d019)0x59f111f1b605d019UL,
196 APR_UINT64_C(0x923f82a4af194f9b)0x923f82a4af194f9bUL, APR_UINT64_C(0xab1c5ed5da6d8118)0xab1c5ed5da6d8118UL,
197 APR_UINT64_C(0xd807aa98a3030242)0xd807aa98a3030242UL, APR_UINT64_C(0x12835b0145706fbe)0x12835b0145706fbeUL,
198 APR_UINT64_C(0x243185be4ee4b28c)0x243185be4ee4b28cUL, APR_UINT64_C(0x550c7dc3d5ffb4e2)0x550c7dc3d5ffb4e2UL,
199 APR_UINT64_C(0x72be5d74f27b896f)0x72be5d74f27b896fUL, APR_UINT64_C(0x80deb1fe3b1696b1)0x80deb1fe3b1696b1UL,
200 APR_UINT64_C(0x9bdc06a725c71235)0x9bdc06a725c71235UL, APR_UINT64_C(0xc19bf174cf692694)0xc19bf174cf692694UL,
201 APR_UINT64_C(0xe49b69c19ef14ad2)0xe49b69c19ef14ad2UL, APR_UINT64_C(0xefbe4786384f25e3)0xefbe4786384f25e3UL,
202 APR_UINT64_C(0x0fc19dc68b8cd5b5)0x0fc19dc68b8cd5b5UL, APR_UINT64_C(0x240ca1cc77ac9c65)0x240ca1cc77ac9c65UL,
203 APR_UINT64_C(0x2de92c6f592b0275)0x2de92c6f592b0275UL, APR_UINT64_C(0x4a7484aa6ea6e483)0x4a7484aa6ea6e483UL,
204 APR_UINT64_C(0x5cb0a9dcbd41fbd4)0x5cb0a9dcbd41fbd4UL, APR_UINT64_C(0x76f988da831153b5)0x76f988da831153b5UL,
205 APR_UINT64_C(0x983e5152ee66dfab)0x983e5152ee66dfabUL, APR_UINT64_C(0xa831c66d2db43210)0xa831c66d2db43210UL,
206 APR_UINT64_C(0xb00327c898fb213f)0xb00327c898fb213fUL, APR_UINT64_C(0xbf597fc7beef0ee4)0xbf597fc7beef0ee4UL,
207 APR_UINT64_C(0xc6e00bf33da88fc2)0xc6e00bf33da88fc2UL, APR_UINT64_C(0xd5a79147930aa725)0xd5a79147930aa725UL,
208 APR_UINT64_C(0x06ca6351e003826f)0x06ca6351e003826fUL, APR_UINT64_C(0x142929670a0e6e70)0x142929670a0e6e70UL,
209 APR_UINT64_C(0x27b70a8546d22ffc)0x27b70a8546d22ffcUL, APR_UINT64_C(0x2e1b21385c26c926)0x2e1b21385c26c926UL,
210 APR_UINT64_C(0x4d2c6dfc5ac42aed)0x4d2c6dfc5ac42aedUL, APR_UINT64_C(0x53380d139d95b3df)0x53380d139d95b3dfUL,
211 APR_UINT64_C(0x650a73548baf63de)0x650a73548baf63deUL, APR_UINT64_C(0x766a0abb3c77b2a8)0x766a0abb3c77b2a8UL,
212 APR_UINT64_C(0x81c2c92e47edaee6)0x81c2c92e47edaee6UL, APR_UINT64_C(0x92722c851482353b)0x92722c851482353bUL,
213 APR_UINT64_C(0xa2bfe8a14cf10364)0xa2bfe8a14cf10364UL, APR_UINT64_C(0xa81a664bbc423001)0xa81a664bbc423001UL,
214 APR_UINT64_C(0xc24b8b70d0f89791)0xc24b8b70d0f89791UL, APR_UINT64_C(0xc76c51a30654be30)0xc76c51a30654be30UL,
215 APR_UINT64_C(0xd192e819d6ef5218)0xd192e819d6ef5218UL, APR_UINT64_C(0xd69906245565a910)0xd69906245565a910UL,
216 APR_UINT64_C(0xf40e35855771202a)0xf40e35855771202aUL, APR_UINT64_C(0x106aa07032bbd1b8)0x106aa07032bbd1b8UL,
217 APR_UINT64_C(0x19a4c116b8d2d0c8)0x19a4c116b8d2d0c8UL, APR_UINT64_C(0x1e376c085141ab53)0x1e376c085141ab53UL,
218 APR_UINT64_C(0x2748774cdf8eeb99)0x2748774cdf8eeb99UL, APR_UINT64_C(0x34b0bcb5e19b48a8)0x34b0bcb5e19b48a8UL,
219 APR_UINT64_C(0x391c0cb3c5c95a63)0x391c0cb3c5c95a63UL, APR_UINT64_C(0x4ed8aa4ae3418acb)0x4ed8aa4ae3418acbUL,
220 APR_UINT64_C(0x5b9cca4f7763e373)0x5b9cca4f7763e373UL, APR_UINT64_C(0x682e6ff3d6b2b8a3)0x682e6ff3d6b2b8a3UL,
221 APR_UINT64_C(0x748f82ee5defb2fc)0x748f82ee5defb2fcUL, APR_UINT64_C(0x78a5636f43172f60)0x78a5636f43172f60UL,
222 APR_UINT64_C(0x84c87814a1f0ab72)0x84c87814a1f0ab72UL, APR_UINT64_C(0x8cc702081a6439ec)0x8cc702081a6439ecUL,
223 APR_UINT64_C(0x90befffa23631e28)0x90befffa23631e28UL, APR_UINT64_C(0xa4506cebde82bde9)0xa4506cebde82bde9UL,
224 APR_UINT64_C(0xbef9a3f7b2c67915)0xbef9a3f7b2c67915UL, APR_UINT64_C(0xc67178f2e372532b)0xc67178f2e372532bUL,
225 APR_UINT64_C(0xca273eceea26619c)0xca273eceea26619cUL, APR_UINT64_C(0xd186b8c721c0c207)0xd186b8c721c0c207UL,
226 APR_UINT64_C(0xeada7dd6cde0eb1e)0xeada7dd6cde0eb1eUL, APR_UINT64_C(0xf57d4f7fee6ed178)0xf57d4f7fee6ed178UL,
227 APR_UINT64_C(0x06f067aa72176fba)0x06f067aa72176fbaUL, APR_UINT64_C(0x0a637dc5a2c898a6)0x0a637dc5a2c898a6UL,
228 APR_UINT64_C(0x113f9804bef90dae)0x113f9804bef90daeUL, APR_UINT64_C(0x1b710b35131c471b)0x1b710b35131c471bUL,
229 APR_UINT64_C(0x28db77f523047d84)0x28db77f523047d84UL, APR_UINT64_C(0x32caab7b40c72493)0x32caab7b40c72493UL,
230 APR_UINT64_C(0x3c9ebe0a15c9bebc)0x3c9ebe0a15c9bebcUL, APR_UINT64_C(0x431d67c49c100d4c)0x431d67c49c100d4cUL,
231 APR_UINT64_C(0x4cc5d4becb3e42b6)0x4cc5d4becb3e42b6UL, APR_UINT64_C(0x597f299cfc657e2a)0x597f299cfc657e2aUL,
232 APR_UINT64_C(0x5fcb6fab3ad6faec)0x5fcb6fab3ad6faecUL, APR_UINT64_C(0x6c44198c4a475817)0x6c44198c4a475817UL
233};
234
235/* Initial hash value H for SHA-384 */
236const static sha2_word64 sha384_initial_hash_value[8] = {
237 APR_UINT64_C(0xcbbb9d5dc1059ed8)0xcbbb9d5dc1059ed8UL,
238 APR_UINT64_C(0x629a292a367cd507)0x629a292a367cd507UL,
239 APR_UINT64_C(0x9159015a3070dd17)0x9159015a3070dd17UL,
240 APR_UINT64_C(0x152fecd8f70e5939)0x152fecd8f70e5939UL,
241 APR_UINT64_C(0x67332667ffc00b31)0x67332667ffc00b31UL,
242 APR_UINT64_C(0x8eb44a8768581511)0x8eb44a8768581511UL,
243 APR_UINT64_C(0xdb0c2e0d64f98fa7)0xdb0c2e0d64f98fa7UL,
244 APR_UINT64_C(0x47b5481dbefa4fa4)0x47b5481dbefa4fa4UL
245};
246
247/* Initial hash value H for SHA-512 */
248const static sha2_word64 sha512_initial_hash_value[8] = {
249 APR_UINT64_C(0x6a09e667f3bcc908)0x6a09e667f3bcc908UL,
250 APR_UINT64_C(0xbb67ae8584caa73b)0xbb67ae8584caa73bUL,
251 APR_UINT64_C(0x3c6ef372fe94f82b)0x3c6ef372fe94f82bUL,
252 APR_UINT64_C(0xa54ff53a5f1d36f1)0xa54ff53a5f1d36f1UL,
253 APR_UINT64_C(0x510e527fade682d1)0x510e527fade682d1UL,
254 APR_UINT64_C(0x9b05688c2b3e6c1f)0x9b05688c2b3e6c1fUL,
255 APR_UINT64_C(0x1f83d9abfb41bd6b)0x1f83d9abfb41bd6bUL,
256 APR_UINT64_C(0x5be0cd19137e2179)0x5be0cd19137e2179UL
257};
258
259/*
260 * Constant used by SHA256/384/512_End() functions for converting the
261 * digest to a readable hexadecimal character string:
262 */
263static const char *sha2_hex_digits = "0123456789abcdef";
264
265
266/*** SHA-256: *********************************************************/
267void apr__SHA256_Init(SHA256_CTX* context) {
268 if (context == (SHA256_CTX*)0) {
269 return;
270 }
271 MEMCPY_BCOPY(context->state, sha256_initial_hash_value, SHA256_DIGEST_LENGTH)memcpy((context->state), (sha256_initial_hash_value), (32)
)
;
272 MEMSET_BZERO(context->buffer, SHA256_BLOCK_LENGTH)memset((context->buffer), 0, (64));
273 context->bitcount = 0;
274}
275
276#ifdef SHA2_UNROLL_TRANSFORM
277
278/* Unrolled SHA-256 round macros: */
279
280#if !APR_IS_BIGENDIAN0
281
282#define ROUND256_0_TO_15(a,b,c,d,e,f,g,h) \
283 REVERSE32(*data++, W256[j]){ sha2_word32 tmp = (*data++); tmp = (tmp >> 16) | (tmp
<< 16); (W256[j]) = ((tmp & 0xff00ff00UL) >>
8) | ((tmp & 0x00ff00ffUL) << 8); }
; \
284 T1 = (h) + Sigma1_256(e)(((((e)) >> (6)) | (((e)) << (32 - (6)))) ^ ((((e
)) >> (11)) | (((e)) << (32 - (11)))) ^ ((((e)) >>
(25)) | (((e)) << (32 - (25)))))
+ Ch((e), (f), (g))((((e)) & ((f))) ^ ((~((e))) & ((g)))) + \
285 K256[j] + W256[j]; \
286 (d) += T1; \
287 (h) = T1 + Sigma0_256(a)(((((a)) >> (2)) | (((a)) << (32 - (2)))) ^ ((((a
)) >> (13)) | (((a)) << (32 - (13)))) ^ ((((a)) >>
(22)) | (((a)) << (32 - (22)))))
+ Maj((a), (b), (c))((((a)) & ((b))) ^ (((a)) & ((c))) ^ (((b)) & ((c
))))
; \
288 j++
289
290
291#else /* APR_IS_BIGENDIAN */
292
293#define ROUND256_0_TO_15(a,b,c,d,e,f,g,h) \
294 T1 = (h) + Sigma1_256(e)(((((e)) >> (6)) | (((e)) << (32 - (6)))) ^ ((((e
)) >> (11)) | (((e)) << (32 - (11)))) ^ ((((e)) >>
(25)) | (((e)) << (32 - (25)))))
+ Ch((e), (f), (g))((((e)) & ((f))) ^ ((~((e))) & ((g)))) + \
295 K256[j] + (W256[j] = *data++); \
296 (d) += T1; \
297 (h) = T1 + Sigma0_256(a)(((((a)) >> (2)) | (((a)) << (32 - (2)))) ^ ((((a
)) >> (13)) | (((a)) << (32 - (13)))) ^ ((((a)) >>
(22)) | (((a)) << (32 - (22)))))
+ Maj((a), (b), (c))((((a)) & ((b))) ^ (((a)) & ((c))) ^ (((b)) & ((c
))))
; \
298 j++
299
300#endif /* APR_IS_BIGENDIAN */
301
302#define ROUND256(a,b,c,d,e,f,g,h) \
303 s0 = W256[(j+1)&0x0f]; \
304 s0 = sigma0_256(s0)(((((s0)) >> (7)) | (((s0)) << (32 - (7)))) ^ (((
(s0)) >> (18)) | (((s0)) << (32 - (18)))) ^ (((s0
)) >> (3)))
; \
305 s1 = W256[(j+14)&0x0f]; \
306 s1 = sigma1_256(s1)(((((s1)) >> (17)) | (((s1)) << (32 - (17)))) ^ (
(((s1)) >> (19)) | (((s1)) << (32 - (19)))) ^ (((
s1)) >> (10)))
; \
307 T1 = (h) + Sigma1_256(e)(((((e)) >> (6)) | (((e)) << (32 - (6)))) ^ ((((e
)) >> (11)) | (((e)) << (32 - (11)))) ^ ((((e)) >>
(25)) | (((e)) << (32 - (25)))))
+ Ch((e), (f), (g))((((e)) & ((f))) ^ ((~((e))) & ((g)))) + K256[j] + \
308 (W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0); \
309 (d) += T1; \
310 (h) = T1 + Sigma0_256(a)(((((a)) >> (2)) | (((a)) << (32 - (2)))) ^ ((((a
)) >> (13)) | (((a)) << (32 - (13)))) ^ ((((a)) >>
(22)) | (((a)) << (32 - (22)))))
+ Maj((a), (b), (c))((((a)) & ((b))) ^ (((a)) & ((c))) ^ (((b)) & ((c
))))
; \
311 j++
312
313void apr__SHA256_Transform(SHA256_CTX* context, const sha2_word32* data) {
314 sha2_word32 a, b, c, d, e, f, g, h, s0, s1;
315 sha2_word32 T1, *W256;
316 int j;
317
318 W256 = (sha2_word32*)context->buffer;
319
320 /* Initialize registers with the prev. intermediate value */
321 a = context->state[0];
322 b = context->state[1];
323 c = context->state[2];
324 d = context->state[3];
325 e = context->state[4];
326 f = context->state[5];
327 g = context->state[6];
328 h = context->state[7];
329
330 j = 0;
331 do {
332 /* Rounds 0 to 15 (unrolled): */
333 ROUND256_0_TO_15(a,b,c,d,e,f,g,h);
334 ROUND256_0_TO_15(h,a,b,c,d,e,f,g);
335 ROUND256_0_TO_15(g,h,a,b,c,d,e,f);
336 ROUND256_0_TO_15(f,g,h,a,b,c,d,e);
337 ROUND256_0_TO_15(e,f,g,h,a,b,c,d);
338 ROUND256_0_TO_15(d,e,f,g,h,a,b,c);
339 ROUND256_0_TO_15(c,d,e,f,g,h,a,b);
340 ROUND256_0_TO_15(b,c,d,e,f,g,h,a);
341 } while (j < 16);
342
343 /* Now for the remaining rounds to 64: */
344 do {
345 ROUND256(a,b,c,d,e,f,g,h);
346 ROUND256(h,a,b,c,d,e,f,g);
347 ROUND256(g,h,a,b,c,d,e,f);
348 ROUND256(f,g,h,a,b,c,d,e);
349 ROUND256(e,f,g,h,a,b,c,d);
350 ROUND256(d,e,f,g,h,a,b,c);
351 ROUND256(c,d,e,f,g,h,a,b);
352 ROUND256(b,c,d,e,f,g,h,a);
353 } while (j < 64);
354
355 /* Compute the current intermediate hash value */
356 context->state[0] += a;
357 context->state[1] += b;
358 context->state[2] += c;
359 context->state[3] += d;
360 context->state[4] += e;
361 context->state[5] += f;
362 context->state[6] += g;
363 context->state[7] += h;
364
365 /* Clean up */
366 a = b = c = d = e = f = g = h = T1 = 0;
367}
368
369#else /* SHA2_UNROLL_TRANSFORM */
370
371void apr__SHA256_Transform(SHA256_CTX* context, const sha2_word32* data) {
372 sha2_word32 a, b, c, d, e, f, g, h, s0, s1;
373 sha2_word32 T1, T2, *W256;
374 int j;
375
376 W256 = (sha2_word32*)context->buffer;
377
378 /* Initialize registers with the prev. intermediate value */
379 a = context->state[0];
380 b = context->state[1];
381 c = context->state[2];
382 d = context->state[3];
383 e = context->state[4];
384 f = context->state[5];
385 g = context->state[6];
386 h = context->state[7];
387
388 j = 0;
389 do {
390#if !APR_IS_BIGENDIAN0
391 /* Copy data while converting to host byte order */
392 REVERSE32(*data++,W256[j]){ sha2_word32 tmp = (*data++); tmp = (tmp >> 16) | (tmp
<< 16); (W256[j]) = ((tmp & 0xff00ff00UL) >>
8) | ((tmp & 0x00ff00ffUL) << 8); }
;
393 /* Apply the SHA-256 compression function to update a..h */
394 T1 = h + Sigma1_256(e)(((((e)) >> (6)) | (((e)) << (32 - (6)))) ^ ((((e
)) >> (11)) | (((e)) << (32 - (11)))) ^ ((((e)) >>
(25)) | (((e)) << (32 - (25)))))
+ Ch(e, f, g)(((e) & (f)) ^ ((~(e)) & (g))) + K256[j] + W256[j];
395#else /* APR_IS_BIGENDIAN */
396 /* Apply the SHA-256 compression function to update a..h with copy */
397 T1 = h + Sigma1_256(e)(((((e)) >> (6)) | (((e)) << (32 - (6)))) ^ ((((e
)) >> (11)) | (((e)) << (32 - (11)))) ^ ((((e)) >>
(25)) | (((e)) << (32 - (25)))))
+ Ch(e, f, g)(((e) & (f)) ^ ((~(e)) & (g))) + K256[j] + (W256[j] = *data++);
398#endif /* APR_IS_BIGENDIAN */
399 T2 = Sigma0_256(a)(((((a)) >> (2)) | (((a)) << (32 - (2)))) ^ ((((a
)) >> (13)) | (((a)) << (32 - (13)))) ^ ((((a)) >>
(22)) | (((a)) << (32 - (22)))))
+ Maj(a, b, c)(((a) & (b)) ^ ((a) & (c)) ^ ((b) & (c)));
400 h = g;
401 g = f;
402 f = e;
403 e = d + T1;
404 d = c;
405 c = b;
406 b = a;
407 a = T1 + T2;
408
409 j++;
410 } while (j < 16);
411
412 do {
413 /* Part of the message block expansion: */
414 s0 = W256[(j+1)&0x0f];
415 s0 = sigma0_256(s0)(((((s0)) >> (7)) | (((s0)) << (32 - (7)))) ^ (((
(s0)) >> (18)) | (((s0)) << (32 - (18)))) ^ (((s0
)) >> (3)))
;
416 s1 = W256[(j+14)&0x0f];
417 s1 = sigma1_256(s1)(((((s1)) >> (17)) | (((s1)) << (32 - (17)))) ^ (
(((s1)) >> (19)) | (((s1)) << (32 - (19)))) ^ (((
s1)) >> (10)))
;
418
419 /* Apply the SHA-256 compression function to update a..h */
420 T1 = h + Sigma1_256(e)(((((e)) >> (6)) | (((e)) << (32 - (6)))) ^ ((((e
)) >> (11)) | (((e)) << (32 - (11)))) ^ ((((e)) >>
(25)) | (((e)) << (32 - (25)))))
+ Ch(e, f, g)(((e) & (f)) ^ ((~(e)) & (g))) + K256[j] +
421 (W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0);
422 T2 = Sigma0_256(a)(((((a)) >> (2)) | (((a)) << (32 - (2)))) ^ ((((a
)) >> (13)) | (((a)) << (32 - (13)))) ^ ((((a)) >>
(22)) | (((a)) << (32 - (22)))))
+ Maj(a, b, c)(((a) & (b)) ^ ((a) & (c)) ^ ((b) & (c)));
423 h = g;
424 g = f;
425 f = e;
426 e = d + T1;
427 d = c;
428 c = b;
429 b = a;
430 a = T1 + T2;
431
432 j++;
433 } while (j < 64);
434
435 /* Compute the current intermediate hash value */
436 context->state[0] += a;
437 context->state[1] += b;
438 context->state[2] += c;
439 context->state[3] += d;
440 context->state[4] += e;
441 context->state[5] += f;
442 context->state[6] += g;
443 context->state[7] += h;
444
445 /* Clean up */
446 a = b = c = d = e = f = g = h = T1 = T2 = 0;
447}
448
449#endif /* SHA2_UNROLL_TRANSFORM */
450
451void apr__SHA256_Update(SHA256_CTX* context, const sha2_byte *data, size_t len) {
452 unsigned int freespace, usedspace;
453
454 if (len == 0) {
455 /* Calling with no data is valid - we do nothing */
456 return;
457 }
458
459 /* Sanity check: */
460 assert(context != (SHA256_CTX*)0 && data != (sha2_byte*)0)((context != (SHA256_CTX*)0 && data != (sha2_byte*)0)
? (void) (0) : __assert_fail ("context != (SHA256_CTX*)0 && data != (sha2_byte*)0"
, "random/unix/sha2.c", 460, __PRETTY_FUNCTION__))
;
461
462 usedspace = (unsigned int)((context->bitcount >> 3)
463 % SHA256_BLOCK_LENGTH64);
464 if (usedspace > 0) {
465 /* Calculate how much free space is available in the buffer */
466 freespace = SHA256_BLOCK_LENGTH64 - usedspace;
467
468 if (len >= freespace) {
469 /* Fill the buffer completely and process it */
470 MEMCPY_BCOPY(&context->buffer[usedspace], data, freespace)memcpy((&context->buffer[usedspace]), (data), (freespace
))
;
471 context->bitcount += freespace << 3;
472 len -= freespace;
473 data += freespace;
474 apr__SHA256_Transform(context, (sha2_word32*)context->buffer);
475 } else {
476 /* The buffer is not yet full */
477 MEMCPY_BCOPY(&context->buffer[usedspace], data, len)memcpy((&context->buffer[usedspace]), (data), (len));
478 context->bitcount += len << 3;
479 /* Clean up: */
480 usedspace = freespace = 0;
481 return;
482 }
483 }
484 while (len >= SHA256_BLOCK_LENGTH64) {
485 /* Process as many complete blocks as we can */
486 apr__SHA256_Transform(context, (sha2_word32*)data);
487 context->bitcount += SHA256_BLOCK_LENGTH64 << 3;
488 len -= SHA256_BLOCK_LENGTH64;
489 data += SHA256_BLOCK_LENGTH64;
490 }
491 if (len > 0) {
492 /* There's left-overs, so save 'em */
493 MEMCPY_BCOPY(context->buffer, data, len)memcpy((context->buffer), (data), (len));
494 context->bitcount += len << 3;
495 }
496 /* Clean up: */
497 usedspace = freespace = 0;
Value stored to 'usedspace' is never read
498}
499
500void apr__SHA256_Final(sha2_byte digest[], SHA256_CTX* context) {
501 sha2_word32 *d = (sha2_word32*)digest;
502 unsigned int usedspace;
503
504 /* Sanity check: */
505 assert(context != (SHA256_CTX*)0)((context != (SHA256_CTX*)0) ? (void) (0) : __assert_fail ("context != (SHA256_CTX*)0"
, "random/unix/sha2.c", 505, __PRETTY_FUNCTION__))
;
506
507 /* If no digest buffer is passed, we don't bother doing this: */
508 if (digest != (sha2_byte*)0) {
509 usedspace = (unsigned int)((context->bitcount >> 3)
510 % SHA256_BLOCK_LENGTH64);
511#if !APR_IS_BIGENDIAN0
512 /* Convert FROM host byte order */
513 REVERSE64(context->bitcount,context->bitcount){ sha2_word64 tmp = (context->bitcount); tmp = (tmp >>
32) | (tmp << 32); tmp = ((tmp & 0xff00ff00ff00ff00UL
) >> 8) | ((tmp & 0x00ff00ff00ff00ffUL) << 8)
; (context->bitcount) = ((tmp & 0xffff0000ffff0000UL) >>
16) | ((tmp & 0x0000ffff0000ffffUL) << 16); }
;
514#endif
515 if (usedspace > 0) {
516 /* Begin padding with a 1 bit: */
517 context->buffer[usedspace++] = 0x80;
518
519 if (usedspace <= SHA256_SHORT_BLOCK_LENGTH(64 - 8)) {
520 /* Set-up for the last transform: */
521 MEMSET_BZERO(&context->buffer[usedspace], SHA256_SHORT_BLOCK_LENGTH - usedspace)memset((&context->buffer[usedspace]), 0, ((64 - 8) - usedspace
))
;
522 } else {
523 if (usedspace < SHA256_BLOCK_LENGTH64) {
524 MEMSET_BZERO(&context->buffer[usedspace], SHA256_BLOCK_LENGTH - usedspace)memset((&context->buffer[usedspace]), 0, (64 - usedspace
))
;
525 }
526 /* Do second-to-last transform: */
527 apr__SHA256_Transform(context, (sha2_word32*)context->buffer);
528
529 /* And set-up for the last transform: */
530 MEMSET_BZERO(context->buffer, SHA256_SHORT_BLOCK_LENGTH)memset((context->buffer), 0, ((64 - 8)));
531 }
532 } else {
533 /* Set-up for the last transform: */
534 MEMSET_BZERO(context->buffer, SHA256_SHORT_BLOCK_LENGTH)memset((context->buffer), 0, ((64 - 8)));
535
536 /* Begin padding with a 1 bit: */
537 *context->buffer = 0x80;
538 }
539 /* Set the bit count: */
540 *(sha2_word64*)&context->buffer[SHA256_SHORT_BLOCK_LENGTH(64 - 8)] = context->bitcount;
541
542 /* Final transform: */
543 apr__SHA256_Transform(context, (sha2_word32*)context->buffer);
544
545#if !APR_IS_BIGENDIAN0
546 {
547 /* Convert TO host byte order */
548 int j;
549 for (j = 0; j < 8; j++) {
550 REVERSE32(context->state[j],context->state[j]){ sha2_word32 tmp = (context->state[j]); tmp = (tmp >>
16) | (tmp << 16); (context->state[j]) = ((tmp &
0xff00ff00UL) >> 8) | ((tmp & 0x00ff00ffUL) <<
8); }
;
551 *d++ = context->state[j];
552 }
553 }
554#else
555 MEMCPY_BCOPY(d, context->state, SHA256_DIGEST_LENGTH)memcpy((d), (context->state), (32));
556#endif
557 }
558
559 /* Clean up state data: */
560 MEMSET_BZERO(context, sizeof(*context))memset((context), 0, (sizeof(*context)));
561 usedspace = 0;
562}
563
564char *apr__SHA256_End(SHA256_CTX* context, char buffer[]) {
565 sha2_byte digest[SHA256_DIGEST_LENGTH32], *d = digest;
566 int i;
567
568 /* Sanity check: */
569 assert(context != (SHA256_CTX*)0)((context != (SHA256_CTX*)0) ? (void) (0) : __assert_fail ("context != (SHA256_CTX*)0"
, "random/unix/sha2.c", 569, __PRETTY_FUNCTION__))
;
570
571 if (buffer != (char*)0) {
572 apr__SHA256_Final(digest, context);
573
574 for (i = 0; i < SHA256_DIGEST_LENGTH32; i++) {
575 *buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4];
576 *buffer++ = sha2_hex_digits[*d & 0x0f];
577 d++;
578 }
579 *buffer = (char)0;
580 } else {
581 MEMSET_BZERO(context, sizeof(*context))memset((context), 0, (sizeof(*context)));
582 }
583 MEMSET_BZERO(digest, SHA256_DIGEST_LENGTH)memset((digest), 0, (32));
584 return buffer;
585}
586
587char* apr__SHA256_Data(const sha2_byte* data, size_t len, char digest[SHA256_DIGEST_STRING_LENGTH(32 * 2 + 1)]) {
588 SHA256_CTX context;
589
590 apr__SHA256_Init(&context);
591 apr__SHA256_Update(&context, data, len);
592 return apr__SHA256_End(&context, digest);
593}
594
595
596/*** SHA-512: *********************************************************/
597void apr__SHA512_Init(SHA512_CTX* context) {
598 if (context == (SHA512_CTX*)0) {
599 return;
600 }
601 MEMCPY_BCOPY(context->state, sha512_initial_hash_value, SHA512_DIGEST_LENGTH)memcpy((context->state), (sha512_initial_hash_value), (64)
)
;
602 MEMSET_BZERO(context->buffer, SHA512_BLOCK_LENGTH)memset((context->buffer), 0, (128));
603 context->bitcount[0] = context->bitcount[1] = 0;
604}
605
606#ifdef SHA2_UNROLL_TRANSFORM
607
608/* Unrolled SHA-512 round macros: */
609#if !APR_IS_BIGENDIAN0
610
611#define ROUND512_0_TO_15(a,b,c,d,e,f,g,h) \
612 REVERSE64(*data++, W512[j]){ sha2_word64 tmp = (*data++); tmp = (tmp >> 32) | (tmp
<< 32); tmp = ((tmp & 0xff00ff00ff00ff00UL) >>
8) | ((tmp & 0x00ff00ff00ff00ffUL) << 8); (W512[j]
) = ((tmp & 0xffff0000ffff0000UL) >> 16) | ((tmp &
0x0000ffff0000ffffUL) << 16); }
; \
613 T1 = (h) + Sigma1_512(e)(((((e)) >> (14)) | (((e)) << (64 - (14)))) ^ (((
(e)) >> (18)) | (((e)) << (64 - (18)))) ^ ((((e))
>> (41)) | (((e)) << (64 - (41)))))
+ Ch((e), (f), (g))((((e)) & ((f))) ^ ((~((e))) & ((g)))) + \
614 K512[j] + W512[j]; \
615 (d) += T1, \
616 (h) = T1 + Sigma0_512(a)(((((a)) >> (28)) | (((a)) << (64 - (28)))) ^ (((
(a)) >> (34)) | (((a)) << (64 - (34)))) ^ ((((a))
>> (39)) | (((a)) << (64 - (39)))))
+ Maj((a), (b), (c))((((a)) & ((b))) ^ (((a)) & ((c))) ^ (((b)) & ((c
))))
, \
617 j++
618
619
620#else /* APR_IS_BIGENDIAN */
621
622#define ROUND512_0_TO_15(a,b,c,d,e,f,g,h) \
623 T1 = (h) + Sigma1_512(e)(((((e)) >> (14)) | (((e)) << (64 - (14)))) ^ (((
(e)) >> (18)) | (((e)) << (64 - (18)))) ^ ((((e))
>> (41)) | (((e)) << (64 - (41)))))
+ Ch((e), (f), (g))((((e)) & ((f))) ^ ((~((e))) & ((g)))) + \
624 K512[j] + (W512[j] = *data++); \
625 (d) += T1; \
626 (h) = T1 + Sigma0_512(a)(((((a)) >> (28)) | (((a)) << (64 - (28)))) ^ (((
(a)) >> (34)) | (((a)) << (64 - (34)))) ^ ((((a))
>> (39)) | (((a)) << (64 - (39)))))
+ Maj((a), (b), (c))((((a)) & ((b))) ^ (((a)) & ((c))) ^ (((b)) & ((c
))))
; \
627 j++
628
629#endif /* APR_IS_BIGENDIAN */
630
631#define ROUND512(a,b,c,d,e,f,g,h) \
632 s0 = W512[(j+1)&0x0f]; \
633 s0 = sigma0_512(s0)(((((s0)) >> (1)) | (((s0)) << (64 - (1)))) ^ (((
(s0)) >> (8)) | (((s0)) << (64 - (8)))) ^ (((s0))
>> (7)))
; \
634 s1 = W512[(j+14)&0x0f]; \
635 s1 = sigma1_512(s1)(((((s1)) >> (19)) | (((s1)) << (64 - (19)))) ^ (
(((s1)) >> (61)) | (((s1)) << (64 - (61)))) ^ (((
s1)) >> (6)))
; \
636 T1 = (h) + Sigma1_512(e)(((((e)) >> (14)) | (((e)) << (64 - (14)))) ^ (((
(e)) >> (18)) | (((e)) << (64 - (18)))) ^ ((((e))
>> (41)) | (((e)) << (64 - (41)))))
+ Ch((e), (f), (g))((((e)) & ((f))) ^ ((~((e))) & ((g)))) + K512[j] + \
637 (W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0); \
638 (d) += T1; \
639 (h) = T1 + Sigma0_512(a)(((((a)) >> (28)) | (((a)) << (64 - (28)))) ^ (((
(a)) >> (34)) | (((a)) << (64 - (34)))) ^ ((((a))
>> (39)) | (((a)) << (64 - (39)))))
+ Maj((a), (b), (c))((((a)) & ((b))) ^ (((a)) & ((c))) ^ (((b)) & ((c
))))
; \
640 j++
641
642void apr__SHA512_Transform(SHA512_CTX* context, const sha2_word64* data) {
643 sha2_word64 a, b, c, d, e, f, g, h, s0, s1;
644 sha2_word64 T1, *W512 = (sha2_word64*)context->buffer;
645 int j;
646
647 /* Initialize registers with the prev. intermediate value */
648 a = context->state[0];
649 b = context->state[1];
650 c = context->state[2];
651 d = context->state[3];
652 e = context->state[4];
653 f = context->state[5];
654 g = context->state[6];
655 h = context->state[7];
656
657 j = 0;
658 do {
659 ROUND512_0_TO_15(a,b,c,d,e,f,g,h);
660 ROUND512_0_TO_15(h,a,b,c,d,e,f,g);
661 ROUND512_0_TO_15(g,h,a,b,c,d,e,f);
662 ROUND512_0_TO_15(f,g,h,a,b,c,d,e);
663 ROUND512_0_TO_15(e,f,g,h,a,b,c,d);
664 ROUND512_0_TO_15(d,e,f,g,h,a,b,c);
665 ROUND512_0_TO_15(c,d,e,f,g,h,a,b);
666 ROUND512_0_TO_15(b,c,d,e,f,g,h,a);
667 } while (j < 16);
668
669 /* Now for the remaining rounds up to 79: */
670 do {
671 ROUND512(a,b,c,d,e,f,g,h);
672 ROUND512(h,a,b,c,d,e,f,g);
673 ROUND512(g,h,a,b,c,d,e,f);
674 ROUND512(f,g,h,a,b,c,d,e);
675 ROUND512(e,f,g,h,a,b,c,d);
676 ROUND512(d,e,f,g,h,a,b,c);
677 ROUND512(c,d,e,f,g,h,a,b);
678 ROUND512(b,c,d,e,f,g,h,a);
679 } while (j < 80);
680
681 /* Compute the current intermediate hash value */
682 context->state[0] += a;
683 context->state[1] += b;
684 context->state[2] += c;
685 context->state[3] += d;
686 context->state[4] += e;
687 context->state[5] += f;
688 context->state[6] += g;
689 context->state[7] += h;
690
691 /* Clean up */
692 a = b = c = d = e = f = g = h = T1 = 0;
693}
694
695#else /* SHA2_UNROLL_TRANSFORM */
696
697void apr__SHA512_Transform(SHA512_CTX* context, const sha2_word64* data) {
698 sha2_word64 a, b, c, d, e, f, g, h, s0, s1;
699 sha2_word64 T1, T2, *W512 = (sha2_word64*)context->buffer;
700 int j;
701
702 /* Initialize registers with the prev. intermediate value */
703 a = context->state[0];
704 b = context->state[1];
705 c = context->state[2];
706 d = context->state[3];
707 e = context->state[4];
708 f = context->state[5];
709 g = context->state[6];
710 h = context->state[7];
711
712 j = 0;
713 do {
714#if !APR_IS_BIGENDIAN0
715 /* Convert TO host byte order */
716 REVERSE64(*data++, W512[j]){ sha2_word64 tmp = (*data++); tmp = (tmp >> 32) | (tmp
<< 32); tmp = ((tmp & 0xff00ff00ff00ff00UL) >>
8) | ((tmp & 0x00ff00ff00ff00ffUL) << 8); (W512[j]
) = ((tmp & 0xffff0000ffff0000UL) >> 16) | ((tmp &
0x0000ffff0000ffffUL) << 16); }
;
717 /* Apply the SHA-512 compression function to update a..h */
718 T1 = h + Sigma1_512(e)(((((e)) >> (14)) | (((e)) << (64 - (14)))) ^ (((
(e)) >> (18)) | (((e)) << (64 - (18)))) ^ ((((e))
>> (41)) | (((e)) << (64 - (41)))))
+ Ch(e, f, g)(((e) & (f)) ^ ((~(e)) & (g))) + K512[j] + W512[j];
719#else /* APR_IS_BIGENDIAN */
720 /* Apply the SHA-512 compression function to update a..h with copy */
721 T1 = h + Sigma1_512(e)(((((e)) >> (14)) | (((e)) << (64 - (14)))) ^ (((
(e)) >> (18)) | (((e)) << (64 - (18)))) ^ ((((e))
>> (41)) | (((e)) << (64 - (41)))))
+ Ch(e, f, g)(((e) & (f)) ^ ((~(e)) & (g))) + K512[j] + (W512[j] = *data++);
722#endif /* APR_IS_BIGENDIAN */
723 T2 = Sigma0_512(a)(((((a)) >> (28)) | (((a)) << (64 - (28)))) ^ (((
(a)) >> (34)) | (((a)) << (64 - (34)))) ^ ((((a))
>> (39)) | (((a)) << (64 - (39)))))
+ Maj(a, b, c)(((a) & (b)) ^ ((a) & (c)) ^ ((b) & (c)));
724 h = g;
725 g = f;
726 f = e;
727 e = d + T1;
728 d = c;
729 c = b;
730 b = a;
731 a = T1 + T2;
732
733 j++;
734 } while (j < 16);
735
736 do {
737 /* Part of the message block expansion: */
738 s0 = W512[(j+1)&0x0f];
739 s0 = sigma0_512(s0)(((((s0)) >> (1)) | (((s0)) << (64 - (1)))) ^ (((
(s0)) >> (8)) | (((s0)) << (64 - (8)))) ^ (((s0))
>> (7)))
;
740 s1 = W512[(j+14)&0x0f];
741 s1 = sigma1_512(s1)(((((s1)) >> (19)) | (((s1)) << (64 - (19)))) ^ (
(((s1)) >> (61)) | (((s1)) << (64 - (61)))) ^ (((
s1)) >> (6)))
;
742
743 /* Apply the SHA-512 compression function to update a..h */
744 T1 = h + Sigma1_512(e)(((((e)) >> (14)) | (((e)) << (64 - (14)))) ^ (((
(e)) >> (18)) | (((e)) << (64 - (18)))) ^ ((((e))
>> (41)) | (((e)) << (64 - (41)))))
+ Ch(e, f, g)(((e) & (f)) ^ ((~(e)) & (g))) + K512[j] +
745 (W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0);
746 T2 = Sigma0_512(a)(((((a)) >> (28)) | (((a)) << (64 - (28)))) ^ (((
(a)) >> (34)) | (((a)) << (64 - (34)))) ^ ((((a))
>> (39)) | (((a)) << (64 - (39)))))
+ Maj(a, b, c)(((a) & (b)) ^ ((a) & (c)) ^ ((b) & (c)));
747 h = g;
748 g = f;
749 f = e;
750 e = d + T1;
751 d = c;
752 c = b;
753 b = a;
754 a = T1 + T2;
755
756 j++;
757 } while (j < 80);
758
759 /* Compute the current intermediate hash value */
760 context->state[0] += a;
761 context->state[1] += b;
762 context->state[2] += c;
763 context->state[3] += d;
764 context->state[4] += e;
765 context->state[5] += f;
766 context->state[6] += g;
767 context->state[7] += h;
768
769 /* Clean up */
770 a = b = c = d = e = f = g = h = T1 = T2 = 0;
771}
772
773#endif /* SHA2_UNROLL_TRANSFORM */
774
775void apr__SHA512_Update(SHA512_CTX* context, const sha2_byte *data, size_t len) {
776 unsigned int freespace, usedspace;
777
778 if (len == 0) {
779 /* Calling with no data is valid - we do nothing */
780 return;
781 }
782
783 /* Sanity check: */
784 assert(context != (SHA512_CTX*)0 && data != (sha2_byte*)0)((context != (SHA512_CTX*)0 && data != (sha2_byte*)0)
? (void) (0) : __assert_fail ("context != (SHA512_CTX*)0 && data != (sha2_byte*)0"
, "random/unix/sha2.c", 784, __PRETTY_FUNCTION__))
;
785
786 usedspace = (unsigned int)((context->bitcount[0] >> 3)
787 % SHA512_BLOCK_LENGTH128);
788 if (usedspace > 0) {
789 /* Calculate how much free space is available in the buffer */
790 freespace = SHA512_BLOCK_LENGTH128 - usedspace;
791
792 if (len >= freespace) {
793 /* Fill the buffer completely and process it */
794 MEMCPY_BCOPY(&context->buffer[usedspace], data, freespace)memcpy((&context->buffer[usedspace]), (data), (freespace
))
;
795 ADDINC128(context->bitcount, freespace << 3){ (context->bitcount)[0] += (sha2_word64)(freespace <<
3); if ((context->bitcount)[0] < (freespace << 3
)) { (context->bitcount)[1]++; } }
;
796 len -= freespace;
797 data += freespace;
798 apr__SHA512_Transform(context, (sha2_word64*)context->buffer);
799 } else {
800 /* The buffer is not yet full */
801 MEMCPY_BCOPY(&context->buffer[usedspace], data, len)memcpy((&context->buffer[usedspace]), (data), (len));
802 ADDINC128(context->bitcount, len << 3){ (context->bitcount)[0] += (sha2_word64)(len << 3);
if ((context->bitcount)[0] < (len << 3)) { (context
->bitcount)[1]++; } }
;
803 /* Clean up: */
804 usedspace = freespace = 0;
805 return;
806 }
807 }
808 while (len >= SHA512_BLOCK_LENGTH128) {
809 /* Process as many complete blocks as we can */
810 apr__SHA512_Transform(context, (sha2_word64*)data);
811 ADDINC128(context->bitcount, SHA512_BLOCK_LENGTH << 3){ (context->bitcount)[0] += (sha2_word64)(128 << 3);
if ((context->bitcount)[0] < (128 << 3)) { (context
->bitcount)[1]++; } }
;
812 len -= SHA512_BLOCK_LENGTH128;
813 data += SHA512_BLOCK_LENGTH128;
814 }
815 if (len > 0) {
816 /* There's left-overs, so save 'em */
817 MEMCPY_BCOPY(context->buffer, data, len)memcpy((context->buffer), (data), (len));
818 ADDINC128(context->bitcount, len << 3){ (context->bitcount)[0] += (sha2_word64)(len << 3);
if ((context->bitcount)[0] < (len << 3)) { (context
->bitcount)[1]++; } }
;
819 }
820 /* Clean up: */
821 usedspace = freespace = 0;
822}
823
824void apr__SHA512_Last(SHA512_CTX* context) {
825 unsigned int usedspace;
826
827 usedspace = (unsigned int)((context->bitcount[0] >> 3)
828 % SHA512_BLOCK_LENGTH128);
829#if !APR_IS_BIGENDIAN0
830 /* Convert FROM host byte order */
831 REVERSE64(context->bitcount[0],context->bitcount[0]){ sha2_word64 tmp = (context->bitcount[0]); tmp = (tmp >>
32) | (tmp << 32); tmp = ((tmp & 0xff00ff00ff00ff00UL
) >> 8) | ((tmp & 0x00ff00ff00ff00ffUL) << 8)
; (context->bitcount[0]) = ((tmp & 0xffff0000ffff0000UL
) >> 16) | ((tmp & 0x0000ffff0000ffffUL) << 16
); }
;
832 REVERSE64(context->bitcount[1],context->bitcount[1]){ sha2_word64 tmp = (context->bitcount[1]); tmp = (tmp >>
32) | (tmp << 32); tmp = ((tmp & 0xff00ff00ff00ff00UL
) >> 8) | ((tmp & 0x00ff00ff00ff00ffUL) << 8)
; (context->bitcount[1]) = ((tmp & 0xffff0000ffff0000UL
) >> 16) | ((tmp & 0x0000ffff0000ffffUL) << 16
); }
;
833#endif
834 if (usedspace > 0) {
835 /* Begin padding with a 1 bit: */
836 context->buffer[usedspace++] = 0x80;
837
838 if (usedspace <= SHA512_SHORT_BLOCK_LENGTH(128 - 16)) {
839 /* Set-up for the last transform: */
840 MEMSET_BZERO(&context->buffer[usedspace], SHA512_SHORT_BLOCK_LENGTH - usedspace)memset((&context->buffer[usedspace]), 0, ((128 - 16) -
usedspace))
;
841 } else {
842 if (usedspace < SHA512_BLOCK_LENGTH128) {
843 MEMSET_BZERO(&context->buffer[usedspace], SHA512_BLOCK_LENGTH - usedspace)memset((&context->buffer[usedspace]), 0, (128 - usedspace
))
;
844 }
845 /* Do second-to-last transform: */
846 apr__SHA512_Transform(context, (sha2_word64*)context->buffer);
847
848 /* And set-up for the last transform: */
849 MEMSET_BZERO(context->buffer, SHA512_BLOCK_LENGTH - 2)memset((context->buffer), 0, (128 - 2));
850 }
851 } else {
852 /* Prepare for final transform: */
853 MEMSET_BZERO(context->buffer, SHA512_SHORT_BLOCK_LENGTH)memset((context->buffer), 0, ((128 - 16)));
854
855 /* Begin padding with a 1 bit: */
856 *context->buffer = 0x80;
857 }
858 /* Store the length of input data (in bits): */
859 *(sha2_word64*)&context->buffer[SHA512_SHORT_BLOCK_LENGTH(128 - 16)] = context->bitcount[1];
860 *(sha2_word64*)&context->buffer[SHA512_SHORT_BLOCK_LENGTH(128 - 16)+8] = context->bitcount[0];
861
862 /* Final transform: */
863 apr__SHA512_Transform(context, (sha2_word64*)context->buffer);
864}
865
866void apr__SHA512_Final(sha2_byte digest[], SHA512_CTX* context) {
867 sha2_word64 *d = (sha2_word64*)digest;
868
869 /* Sanity check: */
870 assert(context != (SHA512_CTX*)0)((context != (SHA512_CTX*)0) ? (void) (0) : __assert_fail ("context != (SHA512_CTX*)0"
, "random/unix/sha2.c", 870, __PRETTY_FUNCTION__))
;
871
872 /* If no digest buffer is passed, we don't bother doing this: */
873 if (digest != (sha2_byte*)0) {
874 apr__SHA512_Last(context);
875
876 /* Save the hash data for output: */
877#if !APR_IS_BIGENDIAN0
878 {
879 /* Convert TO host byte order */
880 int j;
881 for (j = 0; j < 8; j++) {
882 REVERSE64(context->state[j],context->state[j]){ sha2_word64 tmp = (context->state[j]); tmp = (tmp >>
32) | (tmp << 32); tmp = ((tmp & 0xff00ff00ff00ff00UL
) >> 8) | ((tmp & 0x00ff00ff00ff00ffUL) << 8)
; (context->state[j]) = ((tmp & 0xffff0000ffff0000UL) >>
16) | ((tmp & 0x0000ffff0000ffffUL) << 16); }
;
883 *d++ = context->state[j];
884 }
885 }
886#else /* APR_IS_BIGENDIAN */
887 MEMCPY_BCOPY(d, context->state, SHA512_DIGEST_LENGTH)memcpy((d), (context->state), (64));
888#endif /* APR_IS_BIGENDIAN */
889 }
890
891 /* Zero out state data */
892 MEMSET_BZERO(context, sizeof(*context))memset((context), 0, (sizeof(*context)));
893}
894
895char *apr__SHA512_End(SHA512_CTX* context, char buffer[]) {
896 sha2_byte digest[SHA512_DIGEST_LENGTH64], *d = digest;
897 int i;
898
899 /* Sanity check: */
900 assert(context != (SHA512_CTX*)0)((context != (SHA512_CTX*)0) ? (void) (0) : __assert_fail ("context != (SHA512_CTX*)0"
, "random/unix/sha2.c", 900, __PRETTY_FUNCTION__))
;
901
902 if (buffer != (char*)0) {
903 apr__SHA512_Final(digest, context);
904
905 for (i = 0; i < SHA512_DIGEST_LENGTH64; i++) {
906 *buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4];
907 *buffer++ = sha2_hex_digits[*d & 0x0f];
908 d++;
909 }
910 *buffer = (char)0;
911 } else {
912 MEMSET_BZERO(context, sizeof(*context))memset((context), 0, (sizeof(*context)));
913 }
914 MEMSET_BZERO(digest, SHA512_DIGEST_LENGTH)memset((digest), 0, (64));
915 return buffer;
916}
917
918char* apr__SHA512_Data(const sha2_byte* data, size_t len, char digest[SHA512_DIGEST_STRING_LENGTH(64 * 2 + 1)]) {
919 SHA512_CTX context;
920
921 apr__SHA512_Init(&context);
922 apr__SHA512_Update(&context, data, len);
923 return apr__SHA512_End(&context, digest);
924}
925
926
927/*** SHA-384: *********************************************************/
928void apr__SHA384_Init(SHA384_CTX* context) {
929 if (context == (SHA384_CTX*)0) {
930 return;
931 }
932 MEMCPY_BCOPY(context->state, sha384_initial_hash_value, SHA512_DIGEST_LENGTH)memcpy((context->state), (sha384_initial_hash_value), (64)
)
;
933 MEMSET_BZERO(context->buffer, SHA384_BLOCK_LENGTH)memset((context->buffer), 0, (128));
934 context->bitcount[0] = context->bitcount[1] = 0;
935}
936
937void apr__SHA384_Update(SHA384_CTX* context, const sha2_byte* data, size_t len) {
938 apr__SHA512_Update((SHA512_CTX*)context, data, len);
939}
940
941void apr__SHA384_Final(sha2_byte digest[], SHA384_CTX* context) {
942 sha2_word64 *d = (sha2_word64*)digest;
943
944 /* Sanity check: */
945 assert(context != (SHA384_CTX*)0)((context != (SHA384_CTX*)0) ? (void) (0) : __assert_fail ("context != (SHA384_CTX*)0"
, "random/unix/sha2.c", 945, __PRETTY_FUNCTION__))
;
946
947 /* If no digest buffer is passed, we don't bother doing this: */
948 if (digest != (sha2_byte*)0) {
949 apr__SHA512_Last((SHA512_CTX*)context);
950
951 /* Save the hash data for output: */
952#if !APR_IS_BIGENDIAN0
953 {
954 /* Convert TO host byte order */
955 int j;
956 for (j = 0; j < 6; j++) {
957 REVERSE64(context->state[j],context->state[j]){ sha2_word64 tmp = (context->state[j]); tmp = (tmp >>
32) | (tmp << 32); tmp = ((tmp & 0xff00ff00ff00ff00UL
) >> 8) | ((tmp & 0x00ff00ff00ff00ffUL) << 8)
; (context->state[j]) = ((tmp & 0xffff0000ffff0000UL) >>
16) | ((tmp & 0x0000ffff0000ffffUL) << 16); }
;
958 *d++ = context->state[j];
959 }
960 }
961#else /* APR_IS_BIGENDIAN */
962 MEMCPY_BCOPY(d, context->state, SHA384_DIGEST_LENGTH)memcpy((d), (context->state), (48));
963#endif /* APR_IS_BIGENDIAN */
964 }
965
966 /* Zero out state data */
967 MEMSET_BZERO(context, sizeof(*context))memset((context), 0, (sizeof(*context)));
968}
969
970char *apr__SHA384_End(SHA384_CTX* context, char buffer[]) {
971 sha2_byte digest[SHA384_DIGEST_LENGTH48], *d = digest;
972 int i;
973
974 /* Sanity check: */
975 assert(context != (SHA384_CTX*)0)((context != (SHA384_CTX*)0) ? (void) (0) : __assert_fail ("context != (SHA384_CTX*)0"
, "random/unix/sha2.c", 975, __PRETTY_FUNCTION__))
;
976
977 if (buffer != (char*)0) {
978 apr__SHA384_Final(digest, context);
979
980 for (i = 0; i < SHA384_DIGEST_LENGTH48; i++) {
981 *buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4];
982 *buffer++ = sha2_hex_digits[*d & 0x0f];
983 d++;
984 }
985 *buffer = (char)0;
986 } else {
987 MEMSET_BZERO(context, sizeof(*context))memset((context), 0, (sizeof(*context)));
988 }
989 MEMSET_BZERO(digest, SHA384_DIGEST_LENGTH)memset((digest), 0, (48));
990 return buffer;
991}
992
993char* apr__SHA384_Data(const sha2_byte* data, size_t len, char digest[SHA384_DIGEST_STRING_LENGTH(48 * 2 + 1)]) {
994 SHA384_CTX context;
995
996 apr__SHA384_Init(&context);
997 apr__SHA384_Update(&context, data, len);
998 return apr__SHA384_End(&context, digest);
999}
1000