Annotation of embedaddon/sudo/plugins/sudoers/sha2.c, revision 1.1.1.1
1.1 misho 1: /*
2: * Copyright (c) 2013 Todd C. Miller <Todd.Miller@courtesan.com>
3: *
4: * Permission to use, copy, modify, and distribute this software for any
5: * purpose with or without fee is hereby granted, provided that the above
6: * copyright notice and this permission notice appear in all copies.
7: *
8: * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9: * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10: * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11: * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12: * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13: * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14: * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15: */
16:
17: /*
18: * Implementation of SHA-224, SHA-256, SHA-384 and SHA-512
19: * as per FIPS 180-4: Secure Hash Standard (SHS)
20: * http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf
21: *
22: * Derived from the public domain SHA-1 and SHA-2 implementations
23: * by Steve Reid and Wei Dai respectively.
24: */
25:
26: #include <config.h>
27:
28: #include <stdio.h>
29: #ifdef STDC_HEADERS
30: # include <stdlib.h>
31: # include <stddef.h>
32: #else
33: # ifdef HAVE_STDLIB_H
34: # include <stdlib.h>
35: # endif
36: #endif /* STDC_HEADERS */
37: #ifdef HAVE_STRING_H
38: # if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS)
39: # include <memory.h>
40: # endif
41: # include <string.h>
42: #endif /* HAVE_STRING_H */
43: #ifdef HAVE_STRINGS_H
44: # include <strings.h>
45: #endif /* HAVE_STRINGS_H */
46: #if defined(HAVE_STDINT_H)
47: # include <stdint.h>
48: #elif defined(HAVE_INTTYPES_H)
49: # include <inttypes.h>
50: #endif
51: #if defined(HAVE_ENDIAN_H)
52: # include <endian.h>
53: #elif defined(HAVE_SYS_ENDIAN_H)
54: # include <sys/endian.h>
55: #elif defined(HAVE_MACHINE_ENDIAN_H)
56: # include <machine/endian.h>
57: #else
58: # include "compat/endian.h"
59: #endif
60:
61: #include "sha2.h"
62:
63: /*
64: * SHA-2 operates on 32-bit and 64-bit words in big endian byte order.
65: * The following macros convert between character arrays and big endian words.
66: */
67: #define BE8TO32(x, y) do { \
68: (x) = (((uint32_t)((y)[0] & 255) << 24) | \
69: ((uint32_t)((y)[1] & 255) << 16) | \
70: ((uint32_t)((y)[2] & 255) << 8) | \
71: ((uint32_t)((y)[3] & 255))); \
72: } while (0)
73:
74: #define BE8TO64(x, y) do { \
75: (x) = (((uint64_t)((y)[0] & 255) << 56) | \
76: ((uint64_t)((y)[1] & 255) << 48) | \
77: ((uint64_t)((y)[2] & 255) << 40) | \
78: ((uint64_t)((y)[3] & 255) << 32) | \
79: ((uint64_t)((y)[4] & 255) << 24) | \
80: ((uint64_t)((y)[5] & 255) << 16) | \
81: ((uint64_t)((y)[6] & 255) << 8) | \
82: ((uint64_t)((y)[7] & 255))); \
83: } while (0)
84:
85: #define BE32TO8(x, y) do { \
86: (x)[0] = (uint8_t)(((y) >> 24) & 255); \
87: (x)[1] = (uint8_t)(((y) >> 16) & 255); \
88: (x)[2] = (uint8_t)(((y) >> 8) & 255); \
89: (x)[3] = (uint8_t)((y) & 255); \
90: } while (0)
91:
92: #define BE64TO8(x, y) do { \
93: (x)[0] = (uint8_t)(((y) >> 56) & 255); \
94: (x)[1] = (uint8_t)(((y) >> 48) & 255); \
95: (x)[2] = (uint8_t)(((y) >> 40) & 255); \
96: (x)[3] = (uint8_t)(((y) >> 32) & 255); \
97: (x)[4] = (uint8_t)(((y) >> 24) & 255); \
98: (x)[5] = (uint8_t)(((y) >> 16) & 255); \
99: (x)[6] = (uint8_t)(((y) >> 8) & 255); \
100: (x)[7] = (uint8_t)((y) & 255); \
101: } while (0)
102:
103: #define rotrFixed(x,y) (y ? ((x>>y) | (x<<(sizeof(x)*8-y))) : x)
104:
105: #define blk0(i) (W[i])
106: #define blk2(i) (W[i&15]+=s1(W[(i-2)&15])+W[(i-7)&15]+s0(W[(i-15)&15]))
107:
108: #define Ch(x,y,z) (z^(x&(y^z)))
109: #define Maj(x,y,z) (y^((x^y)&(y^z)))
110:
111: #define a(i) T[(0-i)&7]
112: #define b(i) T[(1-i)&7]
113: #define c(i) T[(2-i)&7]
114: #define d(i) T[(3-i)&7]
115: #define e(i) T[(4-i)&7]
116: #define f(i) T[(5-i)&7]
117: #define g(i) T[(6-i)&7]
118: #define h(i) T[(7-i)&7]
119:
120: extern void zero_bytes(volatile void *, size_t);
121:
122: void
123: SHA224Init(SHA2_CTX *ctx)
124: {
125: memset(ctx, 0, sizeof(*ctx));
126: ctx->state.st32[0] = 0xc1059ed8UL;
127: ctx->state.st32[1] = 0x367cd507UL;
128: ctx->state.st32[2] = 0x3070dd17UL;
129: ctx->state.st32[3] = 0xf70e5939UL;
130: ctx->state.st32[4] = 0xffc00b31UL;
131: ctx->state.st32[5] = 0x68581511UL;
132: ctx->state.st32[6] = 0x64f98fa7UL;
133: ctx->state.st32[7] = 0xbefa4fa4UL;
134: }
135:
136: void
137: SHA224Transform(uint32_t state[8], const uint8_t buffer[SHA224_BLOCK_LENGTH])
138: {
139: SHA256Transform(state, buffer);
140: }
141:
142: void
143: SHA224Update(SHA2_CTX *ctx, const uint8_t *data, size_t len)
144: {
145: SHA256Update(ctx, data, len);
146: }
147:
148: void
149: SHA224Pad(SHA2_CTX *ctx)
150: {
151: SHA256Pad(ctx);
152: }
153:
154: void
155: SHA224Final(uint8_t digest[SHA224_DIGEST_LENGTH], SHA2_CTX *ctx)
156: {
157: SHA256Pad(ctx);
158: if (digest != NULL) {
159: #if BYTE_ORDER == BIG_ENDIAN
160: memcpy(digest, ctx->state.st32, SHA224_DIGEST_LENGTH);
161: #else
162: unsigned int i;
163:
164: for (i = 0; i < 7; i++)
165: BE32TO8(digest + (i * 4), ctx->state.st32[i]);
166: #endif
167: memset(ctx, 0, sizeof(*ctx));
168: }
169: }
170:
171: static const uint32_t SHA256_K[64] = {
172: 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL,
173: 0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL,
174: 0xd807aa98UL, 0x12835b01UL, 0x243185beUL, 0x550c7dc3UL,
175: 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, 0xc19bf174UL,
176: 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL,
177: 0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL,
178: 0x983e5152UL, 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL,
179: 0xc6e00bf3UL, 0xd5a79147UL, 0x06ca6351UL, 0x14292967UL,
180: 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, 0x53380d13UL,
181: 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL,
182: 0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL,
183: 0xd192e819UL, 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL,
184: 0x19a4c116UL, 0x1e376c08UL, 0x2748774cUL, 0x34b0bcb5UL,
185: 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, 0x682e6ff3UL,
186: 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL,
187: 0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL
188: };
189:
190: void
191: SHA256Init(SHA2_CTX *ctx)
192: {
193: memset(ctx, 0, sizeof(*ctx));
194: ctx->state.st32[0] = 0x6a09e667UL;
195: ctx->state.st32[1] = 0xbb67ae85UL;
196: ctx->state.st32[2] = 0x3c6ef372UL;
197: ctx->state.st32[3] = 0xa54ff53aUL;
198: ctx->state.st32[4] = 0x510e527fUL;
199: ctx->state.st32[5] = 0x9b05688cUL;
200: ctx->state.st32[6] = 0x1f83d9abUL;
201: ctx->state.st32[7] = 0x5be0cd19UL;
202: }
203:
204: /* Round macros for SHA256 */
205: #define R(i) do { \
206: h(i)+=S1(e(i))+Ch(e(i),f(i),g(i))+SHA256_K[i+j]+(j?blk2(i):blk0(i)); \
207: d(i)+=h(i); \
208: h(i)+=S0(a(i))+Maj(a(i),b(i),c(i)); \
209: } while (0)
210:
211: #define S0(x) (rotrFixed(x,2)^rotrFixed(x,13)^rotrFixed(x,22))
212: #define S1(x) (rotrFixed(x,6)^rotrFixed(x,11)^rotrFixed(x,25))
213: #define s0(x) (rotrFixed(x,7)^rotrFixed(x,18)^(x>>3))
214: #define s1(x) (rotrFixed(x,17)^rotrFixed(x,19)^(x>>10))
215:
216: void
217: SHA256Transform(uint32_t state[8], const uint8_t data[SHA256_BLOCK_LENGTH])
218: {
219: uint32_t W[16];
220: uint32_t T[8];
221: unsigned int j;
222:
223: /* Copy context state to working vars. */
224: memcpy(T, state, sizeof(T));
225: /* Copy data to W in big endian format. */
226: #if BYTE_ORDER == BIG_ENDIAN
227: memcpy(W, data, sizeof(W));
228: #else
229: for (j = 0; j < 16; j++) {
230: BE8TO32(W[j], data);
231: data += 4;
232: }
233: #endif
234: /* 64 operations, partially loop unrolled. */
235: for (j = 0; j < 64; j += 16)
236: {
237: R( 0); R( 1); R( 2); R( 3);
238: R( 4); R( 5); R( 6); R( 7);
239: R( 8); R( 9); R(10); R(11);
240: R(12); R(13); R(14); R(15);
241: }
242: /* Add the working vars back into context state. */
243: state[0] += a(0);
244: state[1] += b(0);
245: state[2] += c(0);
246: state[3] += d(0);
247: state[4] += e(0);
248: state[5] += f(0);
249: state[6] += g(0);
250: state[7] += h(0);
251: /* Cleanup */
252: zero_bytes(T, sizeof(T));
253: zero_bytes(W, sizeof(W));
254: }
255:
256: #undef S0
257: #undef S1
258: #undef s0
259: #undef s1
260: #undef R
261:
262: void
263: SHA256Update(SHA2_CTX *ctx, const uint8_t *data, size_t len)
264: {
265: size_t i = 0, j;
266:
267: j = (size_t)((ctx->count[0] >> 3) & (SHA256_BLOCK_LENGTH - 1));
268: ctx->count[0] += (len << 3);
269: if ((j + len) > SHA256_BLOCK_LENGTH - 1) {
270: memcpy(&ctx->buffer[j], data, (i = SHA256_BLOCK_LENGTH - j));
271: SHA256Transform(ctx->state.st32, ctx->buffer);
272: for ( ; i + SHA256_BLOCK_LENGTH - 1 < len; i += SHA256_BLOCK_LENGTH)
273: SHA256Transform(ctx->state.st32, (uint8_t *)&data[i]);
274: j = 0;
275: }
276: memcpy(&ctx->buffer[j], &data[i], len - i);
277: }
278:
279: void
280: SHA256Pad(SHA2_CTX *ctx)
281: {
282: uint8_t finalcount[8];
283:
284: /* Store unpadded message length in bits in big endian format. */
285: BE64TO8(finalcount, ctx->count[0]);
286:
287: /* Append a '1' bit (0x80) to the message. */
288: SHA256Update(ctx, (uint8_t *)"\200", 1);
289:
290: /* Pad message such that the resulting length modulo 512 is 448. */
291: while ((ctx->count[0] & 504) != 448)
292: SHA256Update(ctx, (uint8_t *)"\0", 1);
293:
294: /* Append length of message in bits and do final SHA256Transform(). */
295: SHA256Update(ctx, finalcount, sizeof(finalcount));
296: }
297:
298: void
299: SHA256Final(uint8_t digest[SHA256_DIGEST_LENGTH], SHA2_CTX *ctx)
300: {
301: SHA256Pad(ctx);
302: if (digest != NULL) {
303: #if BYTE_ORDER == BIG_ENDIAN
304: memcpy(digest, ctx->state.st32, SHA256_DIGEST_LENGTH);
305: #else
306: unsigned int i;
307:
308: for (i = 0; i < 8; i++)
309: BE32TO8(digest + (i * 4), ctx->state.st32[i]);
310: #endif
311: memset(ctx, 0, sizeof(*ctx));
312: }
313: }
314:
315: void
316: SHA384Init(SHA2_CTX *ctx)
317: {
318: memset(ctx, 0, sizeof(*ctx));
319: ctx->state.st64[0] = 0xcbbb9d5dc1059ed8ULL;
320: ctx->state.st64[1] = 0x629a292a367cd507ULL;
321: ctx->state.st64[2] = 0x9159015a3070dd17ULL;
322: ctx->state.st64[3] = 0x152fecd8f70e5939ULL;
323: ctx->state.st64[4] = 0x67332667ffc00b31ULL;
324: ctx->state.st64[5] = 0x8eb44a8768581511ULL;
325: ctx->state.st64[6] = 0xdb0c2e0d64f98fa7ULL;
326: ctx->state.st64[7] = 0x47b5481dbefa4fa4ULL;
327: }
328:
329: void
330: SHA384Transform(uint64_t state[8], const uint8_t data[SHA384_BLOCK_LENGTH])
331: {
332: SHA512Transform(state, data);
333: }
334:
335: void
336: SHA384Update(SHA2_CTX *ctx, const uint8_t *data, size_t len)
337: {
338: SHA512Update(ctx, data, len);
339: }
340:
341: void
342: SHA384Pad(SHA2_CTX *ctx)
343: {
344: SHA512Pad(ctx);
345: }
346:
347: void
348: SHA384Final(uint8_t digest[SHA384_DIGEST_LENGTH], SHA2_CTX *ctx)
349: {
350: SHA384Pad(ctx);
351: if (digest != NULL) {
352: #if BYTE_ORDER == BIG_ENDIAN
353: memcpy(digest, ctx->state.st64, SHA384_DIGEST_LENGTH);
354: #else
355: unsigned int i;
356:
357: for (i = 0; i < 6; i++)
358: BE64TO8(digest + (i * 8), ctx->state.st64[i]);
359: #endif
360: memset(ctx, 0, sizeof(*ctx));
361: }
362: }
363:
364: static const uint64_t SHA512_K[80] = {
365: 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL,
366: 0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL,
367: 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL,
368: 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL,
369: 0xd807aa98a3030242ULL, 0x12835b0145706fbeULL,
370: 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL,
371: 0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL,
372: 0x9bdc06a725c71235ULL, 0xc19bf174cf692694ULL,
373: 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL,
374: 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL,
375: 0x2de92c6f592b0275ULL, 0x4a7484aa6ea6e483ULL,
376: 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL,
377: 0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL,
378: 0xb00327c898fb213fULL, 0xbf597fc7beef0ee4ULL,
379: 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL,
380: 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL,
381: 0x27b70a8546d22ffcULL, 0x2e1b21385c26c926ULL,
382: 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL,
383: 0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL,
384: 0x81c2c92e47edaee6ULL, 0x92722c851482353bULL,
385: 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL,
386: 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL,
387: 0xd192e819d6ef5218ULL, 0xd69906245565a910ULL,
388: 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL,
389: 0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL,
390: 0x2748774cdf8eeb99ULL, 0x34b0bcb5e19b48a8ULL,
391: 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL,
392: 0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL,
393: 0x748f82ee5defb2fcULL, 0x78a5636f43172f60ULL,
394: 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL,
395: 0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL,
396: 0xbef9a3f7b2c67915ULL, 0xc67178f2e372532bULL,
397: 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL,
398: 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL,
399: 0x06f067aa72176fbaULL, 0x0a637dc5a2c898a6ULL,
400: 0x113f9804bef90daeULL, 0x1b710b35131c471bULL,
401: 0x28db77f523047d84ULL, 0x32caab7b40c72493ULL,
402: 0x3c9ebe0a15c9bebcULL, 0x431d67c49c100d4cULL,
403: 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL,
404: 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL
405: };
406:
407: void
408: SHA512Init(SHA2_CTX *ctx)
409: {
410: memset(ctx, 0, sizeof(*ctx));
411: ctx->state.st64[0] = 0x6a09e667f3bcc908ULL;
412: ctx->state.st64[1] = 0xbb67ae8584caa73bULL;
413: ctx->state.st64[2] = 0x3c6ef372fe94f82bULL;
414: ctx->state.st64[3] = 0xa54ff53a5f1d36f1ULL;
415: ctx->state.st64[4] = 0x510e527fade682d1ULL;
416: ctx->state.st64[5] = 0x9b05688c2b3e6c1fULL;
417: ctx->state.st64[6] = 0x1f83d9abfb41bd6bULL;
418: ctx->state.st64[7] = 0x5be0cd19137e2179ULL;
419: }
420:
421: /* Round macros for SHA512 */
422: #define R(i) do { \
423: h(i)+=S1(e(i))+Ch(e(i),f(i),g(i))+SHA512_K[i+j]+(j?blk2(i):blk0(i)); \
424: d(i)+=h(i); \
425: h(i)+=S0(a(i))+Maj(a(i),b(i),c(i)); \
426: } while (0)
427:
428: #define S0(x) (rotrFixed(x,28)^rotrFixed(x,34)^rotrFixed(x,39))
429: #define S1(x) (rotrFixed(x,14)^rotrFixed(x,18)^rotrFixed(x,41))
430: #define s0(x) (rotrFixed(x,1)^rotrFixed(x,8)^(x>>7))
431: #define s1(x) (rotrFixed(x,19)^rotrFixed(x,61)^(x>>6))
432:
433: void
434: SHA512Transform(uint64_t state[8], const uint8_t data[SHA512_BLOCK_LENGTH])
435: {
436: uint64_t W[16];
437: uint64_t T[8];
438: unsigned int j;
439:
440: /* Copy context state to working vars. */
441: memcpy(T, state, sizeof(T));
442: /* Copy data to W in big endian format. */
443: #if BYTE_ORDER == BIG_ENDIAN
444: memcpy(W, data, sizeof(W));
445: #else
446: for (j = 0; j < 16; j++) {
447: BE8TO64(W[j], data);
448: data += 8;
449: }
450: #endif
451: /* 80 operations, partially loop unrolled. */
452: for (j = 0; j < 80; j += 16)
453: {
454: R( 0); R( 1); R( 2); R( 3);
455: R( 4); R( 5); R( 6); R( 7);
456: R( 8); R( 9); R(10); R(11);
457: R(12); R(13); R(14); R(15);
458: }
459: /* Add the working vars back into context state. */
460: state[0] += a(0);
461: state[1] += b(0);
462: state[2] += c(0);
463: state[3] += d(0);
464: state[4] += e(0);
465: state[5] += f(0);
466: state[6] += g(0);
467: state[7] += h(0);
468: /* Cleanup. */
469: zero_bytes(T, sizeof(T));
470: zero_bytes(W, sizeof(W));
471: }
472:
473: void
474: SHA512Update(SHA2_CTX *ctx, const uint8_t *data, size_t len)
475: {
476: size_t i = 0, j;
477:
478: j = (size_t)((ctx->count[0] >> 3) & (SHA512_BLOCK_LENGTH - 1));
479: ctx->count[0] += (len << 3);
480: if (ctx->count[0] < (len << 3))
481: ctx->count[1]++;
482: if ((j + len) > SHA512_BLOCK_LENGTH - 1) {
483: memcpy(&ctx->buffer[j], data, (i = SHA512_BLOCK_LENGTH - j));
484: SHA512Transform(ctx->state.st64, ctx->buffer);
485: for ( ; i + SHA512_BLOCK_LENGTH - 1 < len; i += SHA512_BLOCK_LENGTH)
486: SHA512Transform(ctx->state.st64, (uint8_t *)&data[i]);
487: j = 0;
488: }
489: memcpy(&ctx->buffer[j], &data[i], len - i);
490: }
491:
492: void
493: SHA512Pad(SHA2_CTX *ctx)
494: {
495: uint8_t finalcount[16];
496:
497: /* Store unpadded message length in bits in big endian format. */
498: BE64TO8(finalcount, ctx->count[1]);
499: BE64TO8(finalcount + 8, ctx->count[0]);
500:
501: /* Append a '1' bit (0x80) to the message. */
502: SHA512Update(ctx, (uint8_t *)"\200", 1);
503:
504: /* Pad message such that the resulting length modulo 1024 is 896. */
505: while ((ctx->count[0] & 1008) != 896)
506: SHA512Update(ctx, (uint8_t *)"\0", 1);
507:
508: /* Append length of message in bits and do final SHA512Transform(). */
509: SHA512Update(ctx, finalcount, sizeof(finalcount));
510: }
511:
512: void
513: SHA512Final(uint8_t digest[SHA512_DIGEST_LENGTH], SHA2_CTX *ctx)
514: {
515: SHA512Pad(ctx);
516: if (digest != NULL) {
517: #if BYTE_ORDER == BIG_ENDIAN
518: memcpy(digest, ctx->state.st64, SHA512_DIGEST_LENGTH);
519: #else
520: unsigned int i;
521:
522: for (i = 0; i < 8; i++)
523: BE64TO8(digest + (i * 8), ctx->state.st64[i]);
524: #endif
525: memset(ctx, 0, sizeof(*ctx));
526: }
527: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to sha2.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / sudo / plugins / sudoers