Annotation of embedaddon/sudo/plugins/sudoers/sha2.c, revision 1.1.1.2
1.1 misho 1: /*
2: * Copyright (c) 2013 Todd C. Miller <Todd.Miller@courtesan.com>
3: *
4: * Permission to use, copy, modify, and distribute this software for any
5: * purpose with or without fee is hereby granted, provided that the above
6: * copyright notice and this permission notice appear in all copies.
7: *
8: * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9: * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10: * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11: * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12: * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13: * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14: * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15: */
16:
17: /*
18: * Implementation of SHA-224, SHA-256, SHA-384 and SHA-512
19: * as per FIPS 180-4: Secure Hash Standard (SHS)
20: * http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf
21: *
22: * Derived from the public domain SHA-1 and SHA-2 implementations
23: * by Steve Reid and Wei Dai respectively.
24: */
25:
26: #include <config.h>
27:
28: #include <stdio.h>
29: #ifdef STDC_HEADERS
30: # include <stdlib.h>
31: # include <stddef.h>
32: #else
33: # ifdef HAVE_STDLIB_H
34: # include <stdlib.h>
35: # endif
36: #endif /* STDC_HEADERS */
37: #ifdef HAVE_STRING_H
38: # if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS)
39: # include <memory.h>
40: # endif
41: # include <string.h>
42: #endif /* HAVE_STRING_H */
43: #ifdef HAVE_STRINGS_H
44: # include <strings.h>
45: #endif /* HAVE_STRINGS_H */
46: #if defined(HAVE_STDINT_H)
47: # include <stdint.h>
48: #elif defined(HAVE_INTTYPES_H)
49: # include <inttypes.h>
50: #endif
51: #if defined(HAVE_ENDIAN_H)
52: # include <endian.h>
53: #elif defined(HAVE_SYS_ENDIAN_H)
54: # include <sys/endian.h>
55: #elif defined(HAVE_MACHINE_ENDIAN_H)
56: # include <machine/endian.h>
57: #else
58: # include "compat/endian.h"
59: #endif
60:
1.1.1.2 ! misho 61: #include "missing.h"
1.1 misho 62: #include "sha2.h"
63:
64: /*
65: * SHA-2 operates on 32-bit and 64-bit words in big endian byte order.
66: * The following macros convert between character arrays and big endian words.
67: */
68: #define BE8TO32(x, y) do { \
69: (x) = (((uint32_t)((y)[0] & 255) << 24) | \
70: ((uint32_t)((y)[1] & 255) << 16) | \
71: ((uint32_t)((y)[2] & 255) << 8) | \
72: ((uint32_t)((y)[3] & 255))); \
73: } while (0)
74:
75: #define BE8TO64(x, y) do { \
76: (x) = (((uint64_t)((y)[0] & 255) << 56) | \
77: ((uint64_t)((y)[1] & 255) << 48) | \
78: ((uint64_t)((y)[2] & 255) << 40) | \
79: ((uint64_t)((y)[3] & 255) << 32) | \
80: ((uint64_t)((y)[4] & 255) << 24) | \
81: ((uint64_t)((y)[5] & 255) << 16) | \
82: ((uint64_t)((y)[6] & 255) << 8) | \
83: ((uint64_t)((y)[7] & 255))); \
84: } while (0)
85:
86: #define BE32TO8(x, y) do { \
87: (x)[0] = (uint8_t)(((y) >> 24) & 255); \
88: (x)[1] = (uint8_t)(((y) >> 16) & 255); \
89: (x)[2] = (uint8_t)(((y) >> 8) & 255); \
90: (x)[3] = (uint8_t)((y) & 255); \
91: } while (0)
92:
93: #define BE64TO8(x, y) do { \
94: (x)[0] = (uint8_t)(((y) >> 56) & 255); \
95: (x)[1] = (uint8_t)(((y) >> 48) & 255); \
96: (x)[2] = (uint8_t)(((y) >> 40) & 255); \
97: (x)[3] = (uint8_t)(((y) >> 32) & 255); \
98: (x)[4] = (uint8_t)(((y) >> 24) & 255); \
99: (x)[5] = (uint8_t)(((y) >> 16) & 255); \
100: (x)[6] = (uint8_t)(((y) >> 8) & 255); \
101: (x)[7] = (uint8_t)((y) & 255); \
102: } while (0)
103:
104: #define rotrFixed(x,y) (y ? ((x>>y) | (x<<(sizeof(x)*8-y))) : x)
105:
106: #define blk0(i) (W[i])
107: #define blk2(i) (W[i&15]+=s1(W[(i-2)&15])+W[(i-7)&15]+s0(W[(i-15)&15]))
108:
109: #define Ch(x,y,z) (z^(x&(y^z)))
110: #define Maj(x,y,z) (y^((x^y)&(y^z)))
111:
112: #define a(i) T[(0-i)&7]
113: #define b(i) T[(1-i)&7]
114: #define c(i) T[(2-i)&7]
115: #define d(i) T[(3-i)&7]
116: #define e(i) T[(4-i)&7]
117: #define f(i) T[(5-i)&7]
118: #define g(i) T[(6-i)&7]
119: #define h(i) T[(7-i)&7]
120:
121: void
122: SHA224Init(SHA2_CTX *ctx)
123: {
124: memset(ctx, 0, sizeof(*ctx));
125: ctx->state.st32[0] = 0xc1059ed8UL;
126: ctx->state.st32[1] = 0x367cd507UL;
127: ctx->state.st32[2] = 0x3070dd17UL;
128: ctx->state.st32[3] = 0xf70e5939UL;
129: ctx->state.st32[4] = 0xffc00b31UL;
130: ctx->state.st32[5] = 0x68581511UL;
131: ctx->state.st32[6] = 0x64f98fa7UL;
132: ctx->state.st32[7] = 0xbefa4fa4UL;
133: }
134:
135: void
136: SHA224Transform(uint32_t state[8], const uint8_t buffer[SHA224_BLOCK_LENGTH])
137: {
138: SHA256Transform(state, buffer);
139: }
140:
141: void
142: SHA224Update(SHA2_CTX *ctx, const uint8_t *data, size_t len)
143: {
144: SHA256Update(ctx, data, len);
145: }
146:
147: void
148: SHA224Pad(SHA2_CTX *ctx)
149: {
150: SHA256Pad(ctx);
151: }
152:
153: void
154: SHA224Final(uint8_t digest[SHA224_DIGEST_LENGTH], SHA2_CTX *ctx)
155: {
156: SHA256Pad(ctx);
157: if (digest != NULL) {
158: #if BYTE_ORDER == BIG_ENDIAN
159: memcpy(digest, ctx->state.st32, SHA224_DIGEST_LENGTH);
160: #else
161: unsigned int i;
162:
163: for (i = 0; i < 7; i++)
164: BE32TO8(digest + (i * 4), ctx->state.st32[i]);
165: #endif
166: memset(ctx, 0, sizeof(*ctx));
167: }
168: }
169:
170: static const uint32_t SHA256_K[64] = {
171: 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL,
172: 0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL,
173: 0xd807aa98UL, 0x12835b01UL, 0x243185beUL, 0x550c7dc3UL,
174: 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, 0xc19bf174UL,
175: 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL,
176: 0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL,
177: 0x983e5152UL, 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL,
178: 0xc6e00bf3UL, 0xd5a79147UL, 0x06ca6351UL, 0x14292967UL,
179: 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, 0x53380d13UL,
180: 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL,
181: 0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL,
182: 0xd192e819UL, 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL,
183: 0x19a4c116UL, 0x1e376c08UL, 0x2748774cUL, 0x34b0bcb5UL,
184: 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, 0x682e6ff3UL,
185: 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL,
186: 0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL
187: };
188:
189: void
190: SHA256Init(SHA2_CTX *ctx)
191: {
192: memset(ctx, 0, sizeof(*ctx));
193: ctx->state.st32[0] = 0x6a09e667UL;
194: ctx->state.st32[1] = 0xbb67ae85UL;
195: ctx->state.st32[2] = 0x3c6ef372UL;
196: ctx->state.st32[3] = 0xa54ff53aUL;
197: ctx->state.st32[4] = 0x510e527fUL;
198: ctx->state.st32[5] = 0x9b05688cUL;
199: ctx->state.st32[6] = 0x1f83d9abUL;
200: ctx->state.st32[7] = 0x5be0cd19UL;
201: }
202:
203: /* Round macros for SHA256 */
204: #define R(i) do { \
205: h(i)+=S1(e(i))+Ch(e(i),f(i),g(i))+SHA256_K[i+j]+(j?blk2(i):blk0(i)); \
206: d(i)+=h(i); \
207: h(i)+=S0(a(i))+Maj(a(i),b(i),c(i)); \
208: } while (0)
209:
210: #define S0(x) (rotrFixed(x,2)^rotrFixed(x,13)^rotrFixed(x,22))
211: #define S1(x) (rotrFixed(x,6)^rotrFixed(x,11)^rotrFixed(x,25))
212: #define s0(x) (rotrFixed(x,7)^rotrFixed(x,18)^(x>>3))
213: #define s1(x) (rotrFixed(x,17)^rotrFixed(x,19)^(x>>10))
214:
215: void
216: SHA256Transform(uint32_t state[8], const uint8_t data[SHA256_BLOCK_LENGTH])
217: {
218: uint32_t W[16];
219: uint32_t T[8];
220: unsigned int j;
221:
222: /* Copy context state to working vars. */
223: memcpy(T, state, sizeof(T));
224: /* Copy data to W in big endian format. */
225: #if BYTE_ORDER == BIG_ENDIAN
226: memcpy(W, data, sizeof(W));
227: #else
228: for (j = 0; j < 16; j++) {
229: BE8TO32(W[j], data);
230: data += 4;
231: }
232: #endif
233: /* 64 operations, partially loop unrolled. */
234: for (j = 0; j < 64; j += 16)
235: {
236: R( 0); R( 1); R( 2); R( 3);
237: R( 4); R( 5); R( 6); R( 7);
238: R( 8); R( 9); R(10); R(11);
239: R(12); R(13); R(14); R(15);
240: }
241: /* Add the working vars back into context state. */
242: state[0] += a(0);
243: state[1] += b(0);
244: state[2] += c(0);
245: state[3] += d(0);
246: state[4] += e(0);
247: state[5] += f(0);
248: state[6] += g(0);
249: state[7] += h(0);
250: /* Cleanup */
1.1.1.2 ! misho 251: memset_s(T, sizeof(T), 0, sizeof(T));
! 252: memset_s(W, sizeof(W), 0, sizeof(W));
1.1 misho 253: }
254:
255: #undef S0
256: #undef S1
257: #undef s0
258: #undef s1
259: #undef R
260:
261: void
262: SHA256Update(SHA2_CTX *ctx, const uint8_t *data, size_t len)
263: {
264: size_t i = 0, j;
265:
266: j = (size_t)((ctx->count[0] >> 3) & (SHA256_BLOCK_LENGTH - 1));
267: ctx->count[0] += (len << 3);
268: if ((j + len) > SHA256_BLOCK_LENGTH - 1) {
269: memcpy(&ctx->buffer[j], data, (i = SHA256_BLOCK_LENGTH - j));
270: SHA256Transform(ctx->state.st32, ctx->buffer);
271: for ( ; i + SHA256_BLOCK_LENGTH - 1 < len; i += SHA256_BLOCK_LENGTH)
272: SHA256Transform(ctx->state.st32, (uint8_t *)&data[i]);
273: j = 0;
274: }
275: memcpy(&ctx->buffer[j], &data[i], len - i);
276: }
277:
278: void
279: SHA256Pad(SHA2_CTX *ctx)
280: {
281: uint8_t finalcount[8];
282:
283: /* Store unpadded message length in bits in big endian format. */
284: BE64TO8(finalcount, ctx->count[0]);
285:
286: /* Append a '1' bit (0x80) to the message. */
287: SHA256Update(ctx, (uint8_t *)"\200", 1);
288:
289: /* Pad message such that the resulting length modulo 512 is 448. */
290: while ((ctx->count[0] & 504) != 448)
291: SHA256Update(ctx, (uint8_t *)"\0", 1);
292:
293: /* Append length of message in bits and do final SHA256Transform(). */
294: SHA256Update(ctx, finalcount, sizeof(finalcount));
295: }
296:
297: void
298: SHA256Final(uint8_t digest[SHA256_DIGEST_LENGTH], SHA2_CTX *ctx)
299: {
300: SHA256Pad(ctx);
301: if (digest != NULL) {
302: #if BYTE_ORDER == BIG_ENDIAN
303: memcpy(digest, ctx->state.st32, SHA256_DIGEST_LENGTH);
304: #else
305: unsigned int i;
306:
307: for (i = 0; i < 8; i++)
308: BE32TO8(digest + (i * 4), ctx->state.st32[i]);
309: #endif
310: memset(ctx, 0, sizeof(*ctx));
311: }
312: }
313:
314: void
315: SHA384Init(SHA2_CTX *ctx)
316: {
317: memset(ctx, 0, sizeof(*ctx));
318: ctx->state.st64[0] = 0xcbbb9d5dc1059ed8ULL;
319: ctx->state.st64[1] = 0x629a292a367cd507ULL;
320: ctx->state.st64[2] = 0x9159015a3070dd17ULL;
321: ctx->state.st64[3] = 0x152fecd8f70e5939ULL;
322: ctx->state.st64[4] = 0x67332667ffc00b31ULL;
323: ctx->state.st64[5] = 0x8eb44a8768581511ULL;
324: ctx->state.st64[6] = 0xdb0c2e0d64f98fa7ULL;
325: ctx->state.st64[7] = 0x47b5481dbefa4fa4ULL;
326: }
327:
328: void
329: SHA384Transform(uint64_t state[8], const uint8_t data[SHA384_BLOCK_LENGTH])
330: {
331: SHA512Transform(state, data);
332: }
333:
334: void
335: SHA384Update(SHA2_CTX *ctx, const uint8_t *data, size_t len)
336: {
337: SHA512Update(ctx, data, len);
338: }
339:
340: void
341: SHA384Pad(SHA2_CTX *ctx)
342: {
343: SHA512Pad(ctx);
344: }
345:
346: void
347: SHA384Final(uint8_t digest[SHA384_DIGEST_LENGTH], SHA2_CTX *ctx)
348: {
349: SHA384Pad(ctx);
350: if (digest != NULL) {
351: #if BYTE_ORDER == BIG_ENDIAN
352: memcpy(digest, ctx->state.st64, SHA384_DIGEST_LENGTH);
353: #else
354: unsigned int i;
355:
356: for (i = 0; i < 6; i++)
357: BE64TO8(digest + (i * 8), ctx->state.st64[i]);
358: #endif
359: memset(ctx, 0, sizeof(*ctx));
360: }
361: }
362:
363: static const uint64_t SHA512_K[80] = {
364: 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL,
365: 0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL,
366: 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL,
367: 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL,
368: 0xd807aa98a3030242ULL, 0x12835b0145706fbeULL,
369: 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL,
370: 0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL,
371: 0x9bdc06a725c71235ULL, 0xc19bf174cf692694ULL,
372: 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL,
373: 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL,
374: 0x2de92c6f592b0275ULL, 0x4a7484aa6ea6e483ULL,
375: 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL,
376: 0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL,
377: 0xb00327c898fb213fULL, 0xbf597fc7beef0ee4ULL,
378: 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL,
379: 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL,
380: 0x27b70a8546d22ffcULL, 0x2e1b21385c26c926ULL,
381: 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL,
382: 0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL,
383: 0x81c2c92e47edaee6ULL, 0x92722c851482353bULL,
384: 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL,
385: 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL,
386: 0xd192e819d6ef5218ULL, 0xd69906245565a910ULL,
387: 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL,
388: 0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL,
389: 0x2748774cdf8eeb99ULL, 0x34b0bcb5e19b48a8ULL,
390: 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL,
391: 0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL,
392: 0x748f82ee5defb2fcULL, 0x78a5636f43172f60ULL,
393: 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL,
394: 0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL,
395: 0xbef9a3f7b2c67915ULL, 0xc67178f2e372532bULL,
396: 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL,
397: 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL,
398: 0x06f067aa72176fbaULL, 0x0a637dc5a2c898a6ULL,
399: 0x113f9804bef90daeULL, 0x1b710b35131c471bULL,
400: 0x28db77f523047d84ULL, 0x32caab7b40c72493ULL,
401: 0x3c9ebe0a15c9bebcULL, 0x431d67c49c100d4cULL,
402: 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL,
403: 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL
404: };
405:
406: void
407: SHA512Init(SHA2_CTX *ctx)
408: {
409: memset(ctx, 0, sizeof(*ctx));
410: ctx->state.st64[0] = 0x6a09e667f3bcc908ULL;
411: ctx->state.st64[1] = 0xbb67ae8584caa73bULL;
412: ctx->state.st64[2] = 0x3c6ef372fe94f82bULL;
413: ctx->state.st64[3] = 0xa54ff53a5f1d36f1ULL;
414: ctx->state.st64[4] = 0x510e527fade682d1ULL;
415: ctx->state.st64[5] = 0x9b05688c2b3e6c1fULL;
416: ctx->state.st64[6] = 0x1f83d9abfb41bd6bULL;
417: ctx->state.st64[7] = 0x5be0cd19137e2179ULL;
418: }
419:
420: /* Round macros for SHA512 */
421: #define R(i) do { \
422: h(i)+=S1(e(i))+Ch(e(i),f(i),g(i))+SHA512_K[i+j]+(j?blk2(i):blk0(i)); \
423: d(i)+=h(i); \
424: h(i)+=S0(a(i))+Maj(a(i),b(i),c(i)); \
425: } while (0)
426:
427: #define S0(x) (rotrFixed(x,28)^rotrFixed(x,34)^rotrFixed(x,39))
428: #define S1(x) (rotrFixed(x,14)^rotrFixed(x,18)^rotrFixed(x,41))
429: #define s0(x) (rotrFixed(x,1)^rotrFixed(x,8)^(x>>7))
430: #define s1(x) (rotrFixed(x,19)^rotrFixed(x,61)^(x>>6))
431:
432: void
433: SHA512Transform(uint64_t state[8], const uint8_t data[SHA512_BLOCK_LENGTH])
434: {
435: uint64_t W[16];
436: uint64_t T[8];
437: unsigned int j;
438:
439: /* Copy context state to working vars. */
440: memcpy(T, state, sizeof(T));
441: /* Copy data to W in big endian format. */
442: #if BYTE_ORDER == BIG_ENDIAN
443: memcpy(W, data, sizeof(W));
444: #else
445: for (j = 0; j < 16; j++) {
446: BE8TO64(W[j], data);
447: data += 8;
448: }
449: #endif
450: /* 80 operations, partially loop unrolled. */
451: for (j = 0; j < 80; j += 16)
452: {
453: R( 0); R( 1); R( 2); R( 3);
454: R( 4); R( 5); R( 6); R( 7);
455: R( 8); R( 9); R(10); R(11);
456: R(12); R(13); R(14); R(15);
457: }
458: /* Add the working vars back into context state. */
459: state[0] += a(0);
460: state[1] += b(0);
461: state[2] += c(0);
462: state[3] += d(0);
463: state[4] += e(0);
464: state[5] += f(0);
465: state[6] += g(0);
466: state[7] += h(0);
467: /* Cleanup. */
1.1.1.2 ! misho 468: memset_s(T, sizeof(T), 0, sizeof(T));
! 469: memset_s(W, sizeof(W), 0, sizeof(W));
1.1 misho 470: }
471:
472: void
473: SHA512Update(SHA2_CTX *ctx, const uint8_t *data, size_t len)
474: {
475: size_t i = 0, j;
476:
477: j = (size_t)((ctx->count[0] >> 3) & (SHA512_BLOCK_LENGTH - 1));
478: ctx->count[0] += (len << 3);
479: if (ctx->count[0] < (len << 3))
480: ctx->count[1]++;
481: if ((j + len) > SHA512_BLOCK_LENGTH - 1) {
482: memcpy(&ctx->buffer[j], data, (i = SHA512_BLOCK_LENGTH - j));
483: SHA512Transform(ctx->state.st64, ctx->buffer);
484: for ( ; i + SHA512_BLOCK_LENGTH - 1 < len; i += SHA512_BLOCK_LENGTH)
485: SHA512Transform(ctx->state.st64, (uint8_t *)&data[i]);
486: j = 0;
487: }
488: memcpy(&ctx->buffer[j], &data[i], len - i);
489: }
490:
491: void
492: SHA512Pad(SHA2_CTX *ctx)
493: {
494: uint8_t finalcount[16];
495:
496: /* Store unpadded message length in bits in big endian format. */
497: BE64TO8(finalcount, ctx->count[1]);
498: BE64TO8(finalcount + 8, ctx->count[0]);
499:
500: /* Append a '1' bit (0x80) to the message. */
501: SHA512Update(ctx, (uint8_t *)"\200", 1);
502:
503: /* Pad message such that the resulting length modulo 1024 is 896. */
504: while ((ctx->count[0] & 1008) != 896)
505: SHA512Update(ctx, (uint8_t *)"\0", 1);
506:
507: /* Append length of message in bits and do final SHA512Transform(). */
508: SHA512Update(ctx, finalcount, sizeof(finalcount));
509: }
510:
511: void
512: SHA512Final(uint8_t digest[SHA512_DIGEST_LENGTH], SHA2_CTX *ctx)
513: {
514: SHA512Pad(ctx);
515: if (digest != NULL) {
516: #if BYTE_ORDER == BIG_ENDIAN
517: memcpy(digest, ctx->state.st64, SHA512_DIGEST_LENGTH);
518: #else
519: unsigned int i;
520:
521: for (i = 0; i < 8; i++)
522: BE64TO8(digest + (i * 8), ctx->state.st64[i]);
523: #endif
524: memset(ctx, 0, sizeof(*ctx));
525: }
526: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to sha2.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / sudo / plugins / sudoers