diff options
author | Niall O'Higgins <niallo@cvs.openbsd.org> | 2005-03-28 14:26:08 +0000 |
---|---|---|
committer | Niall O'Higgins <niallo@cvs.openbsd.org> | 2005-03-28 14:26:08 +0000 |
commit | 6b1935f83949517b1ba5d11d05c8231bf4b568e6 (patch) | |
tree | 2b21615657a2960d95381423c3a86e4ffb02f00e | |
parent | e864e49b4a8543559ea54df2ac83056f13874a76 (diff) |
rip out httpd's homegrown sha-1 implementation and use our own.
ok henning@, mod_ssl verified by me.
From Sergey Smitienk <hunter@comsys.com.ua> via henning@
-rw-r--r-- | usr.sbin/httpd/src/ap/ap_sha1.c | 206 | ||||
-rw-r--r-- | usr.sbin/httpd/src/include/ap_sha1.h | 11 |
2 files changed, 9 insertions, 208 deletions
diff --git a/usr.sbin/httpd/src/ap/ap_sha1.c b/usr.sbin/httpd/src/ap/ap_sha1.c index 6e9124a7b5d..31e3910425b 100644 --- a/usr.sbin/httpd/src/ap/ap_sha1.c +++ b/usr.sbin/httpd/src/ap/ap_sha1.c @@ -93,146 +93,10 @@ #include "ap_sha1.h" #include "ap.h" -/* a bit faster & bigger, if defined */ -#define UNROLL_LOOPS - -/* NIST's proposed modification to SHA, 7/11/94 */ -#define USE_MODIFIED_SHA - -/* SHA f()-functions */ -#define f1(x,y,z) ((x & y) | (~x & z)) -#define f2(x,y,z) (x ^ y ^ z) -#define f3(x,y,z) ((x & y) | (x & z) | (y & z)) -#define f4(x,y,z) (x ^ y ^ z) - -/* SHA constants */ -#define CONST1 0x5a827999L -#define CONST2 0x6ed9eba1L -#define CONST3 0x8f1bbcdcL -#define CONST4 0xca62c1d6L - -/* 32-bit rotate */ - -#define ROT32(x,n) ((x << n) | (x >> (32 - n))) - -#define FUNC(n,i) \ - temp = ROT32(A,5) + f##n(B,C,D) + E + W[i] + CONST##n; \ - E = D; D = C; C = ROT32(B,30); B = A; A = temp - -#define SHA_BLOCKSIZE 64 - -typedef unsigned char AP_BYTE; - -/* do SHA transformation */ -static void sha_transform(AP_SHA1_CTX *sha_info) -{ - int i; - AP_LONG temp, A, B, C, D, E, W[80]; - - for (i = 0; i < 16; ++i) { - W[i] = sha_info->data[i]; - } - for (i = 16; i < 80; ++i) { - W[i] = W[i-3] ^ W[i-8] ^ W[i-14] ^ W[i-16]; -#ifdef USE_MODIFIED_SHA - W[i] = ROT32(W[i], 1); -#endif /* USE_MODIFIED_SHA */ - } - A = sha_info->digest[0]; - B = sha_info->digest[1]; - C = sha_info->digest[2]; - D = sha_info->digest[3]; - E = sha_info->digest[4]; -#ifdef UNROLL_LOOPS - FUNC(1, 0); FUNC(1, 1); FUNC(1, 2); FUNC(1, 3); FUNC(1, 4); - FUNC(1, 5); FUNC(1, 6); FUNC(1, 7); FUNC(1, 8); FUNC(1, 9); - FUNC(1,10); FUNC(1,11); FUNC(1,12); FUNC(1,13); FUNC(1,14); - FUNC(1,15); FUNC(1,16); FUNC(1,17); FUNC(1,18); FUNC(1,19); - - FUNC(2,20); FUNC(2,21); FUNC(2,22); FUNC(2,23); FUNC(2,24); - FUNC(2,25); FUNC(2,26); FUNC(2,27); FUNC(2,28); FUNC(2,29); - FUNC(2,30); FUNC(2,31); FUNC(2,32); FUNC(2,33); FUNC(2,34); - FUNC(2,35); FUNC(2,36); FUNC(2,37); FUNC(2,38); FUNC(2,39); - - FUNC(3,40); FUNC(3,41); FUNC(3,42); FUNC(3,43); FUNC(3,44); - FUNC(3,45); FUNC(3,46); FUNC(3,47); FUNC(3,48); FUNC(3,49); - FUNC(3,50); FUNC(3,51); FUNC(3,52); FUNC(3,53); FUNC(3,54); - FUNC(3,55); FUNC(3,56); FUNC(3,57); FUNC(3,58); FUNC(3,59); - - FUNC(4,60); FUNC(4,61); FUNC(4,62); FUNC(4,63); FUNC(4,64); - FUNC(4,65); FUNC(4,66); FUNC(4,67); FUNC(4,68); FUNC(4,69); - FUNC(4,70); FUNC(4,71); FUNC(4,72); FUNC(4,73); FUNC(4,74); - FUNC(4,75); FUNC(4,76); FUNC(4,77); FUNC(4,78); FUNC(4,79); -#else /* !UNROLL_LOOPS */ - for (i = 0; i < 20; ++i) { - FUNC(1,i); - } - for (i = 20; i < 40; ++i) { - FUNC(2,i); - } - for (i = 40; i < 60; ++i) { - FUNC(3,i); - } - for (i = 60; i < 80; ++i) { - FUNC(4,i); - } -#endif /* !UNROLL_LOOPS */ - sha_info->digest[0] += A; - sha_info->digest[1] += B; - sha_info->digest[2] += C; - sha_info->digest[3] += D; - sha_info->digest[4] += E; -} - -union endianTest { - long Long; - char Char[sizeof(long)]; -}; - -static char isLittleEndian(void) -{ - static union endianTest u; - u.Long = 1; - return (u.Char[0] == 1); -} - -/* change endianness of data */ - -/* count is the number of bytes to do an endian flip */ -static void maybe_byte_reverse(AP_LONG *buffer, int count) -{ - int i; - AP_BYTE ct[4], *cp; - - if (isLittleEndian()) { /* do the swap only if it is little endian */ - count /= sizeof(AP_LONG); - cp = (AP_BYTE *) buffer; - for (i = 0; i < count; ++i) { - ct[0] = cp[0]; - ct[1] = cp[1]; - ct[2] = cp[2]; - ct[3] = cp[3]; - cp[0] = ct[3]; - cp[1] = ct[2]; - cp[2] = ct[1]; - cp[3] = ct[0]; - cp += sizeof(AP_LONG); - } - } -} - -/* initialize the SHA digest */ API_EXPORT(void) ap_SHA1Init(AP_SHA1_CTX *sha_info) { - sha_info->digest[0] = 0x67452301L; - sha_info->digest[1] = 0xefcdab89L; - sha_info->digest[2] = 0x98badcfeL; - sha_info->digest[3] = 0x10325476L; - sha_info->digest[4] = 0xc3d2e1f0L; - sha_info->count_lo = 0L; - sha_info->count_hi = 0L; - sha_info->local = 0; + SHA1Init(sha_info); } /* update the SHA digest */ @@ -241,45 +105,13 @@ API_EXPORT(void) ap_SHA1Update_binary(AP_SHA1_CTX *sha_info, const unsigned char *buffer, unsigned int count) { - unsigned int i; - - if ((sha_info->count_lo + ((AP_LONG) count << 3)) < sha_info->count_lo) { - ++sha_info->count_hi; - } - sha_info->count_lo += (AP_LONG) count << 3; - sha_info->count_hi += (AP_LONG) count >> 29; - if (sha_info->local) { - i = SHA_BLOCKSIZE - sha_info->local; - if (i > count) { - i = count; - } - memcpy(((AP_BYTE *) sha_info->data) + sha_info->local, buffer, i); - count -= i; - buffer += i; - sha_info->local += i; - if (sha_info->local == SHA_BLOCKSIZE) { - maybe_byte_reverse(sha_info->data, SHA_BLOCKSIZE); - sha_transform(sha_info); - } - else { - return; - } - } - while (count >= SHA_BLOCKSIZE) { - memcpy(sha_info->data, buffer, SHA_BLOCKSIZE); - buffer += SHA_BLOCKSIZE; - count -= SHA_BLOCKSIZE; - maybe_byte_reverse(sha_info->data, SHA_BLOCKSIZE); - sha_transform(sha_info); - } - memcpy(sha_info->data, buffer, count); - sha_info->local = count; + SHA1Update(sha_info, buffer, count); } API_EXPORT(void) ap_SHA1Update(AP_SHA1_CTX *sha_info, const char *buf, unsigned int count) { - ap_SHA1Update_binary(sha_info, (const unsigned char *) buf, count); + SHA1Update(sha_info, (const unsigned char *) buf, count); } /* finish computing the SHA digest */ @@ -287,35 +119,7 @@ API_EXPORT(void) ap_SHA1Update(AP_SHA1_CTX *sha_info, const char *buf, API_EXPORT(void) ap_SHA1Final(unsigned char digest[SHA_DIGESTSIZE], AP_SHA1_CTX *sha_info) { - int count, i, j; - AP_LONG lo_bit_count, hi_bit_count, k; - - lo_bit_count = sha_info->count_lo; - hi_bit_count = sha_info->count_hi; - count = (int) ((lo_bit_count >> 3) & 0x3f); - ((AP_BYTE *) sha_info->data)[count++] = 0x80; - if (count > SHA_BLOCKSIZE - 8) { - memset(((AP_BYTE *) sha_info->data) + count, 0, SHA_BLOCKSIZE - count); - maybe_byte_reverse(sha_info->data, SHA_BLOCKSIZE); - sha_transform(sha_info); - memset((AP_BYTE *) sha_info->data, 0, SHA_BLOCKSIZE - 8); - } - else { - memset(((AP_BYTE *) sha_info->data) + count, 0, - SHA_BLOCKSIZE - 8 - count); - } - maybe_byte_reverse(sha_info->data, SHA_BLOCKSIZE); - sha_info->data[14] = hi_bit_count; - sha_info->data[15] = lo_bit_count; - sha_transform(sha_info); - - for (i = 0, j = 0; j < SHA_DIGESTSIZE; i++) { - k = sha_info->digest[i]; - digest[j++] = (unsigned char) ((k >> 24) & 0xff); - digest[j++] = (unsigned char) ((k >> 16) & 0xff); - digest[j++] = (unsigned char) ((k >> 8) & 0xff); - digest[j++] = (unsigned char) (k & 0xff); - } + SHA1Final(digest, sha_info); } @@ -323,7 +127,7 @@ API_EXPORT(void) ap_sha1_base64(const char *clear, int len, char *out) { int l; AP_SHA1_CTX context; - AP_BYTE digest[SHA_DIGESTSIZE]; + unsigned char digest[SHA_DIGESTSIZE]; if (strncmp(clear, AP_SHA1PW_ID, AP_SHA1PW_IDLEN) == 0) { clear += AP_SHA1PW_IDLEN; diff --git a/usr.sbin/httpd/src/include/ap_sha1.h b/usr.sbin/httpd/src/include/ap_sha1.h index bc690ae5509..80e62071346 100644 --- a/usr.sbin/httpd/src/include/ap_sha1.h +++ b/usr.sbin/httpd/src/include/ap_sha1.h @@ -71,7 +71,9 @@ extern "C" { #endif -#define SHA_DIGESTSIZE 20 +#include <sha1.h> + +#define SHA_DIGESTSIZE SHA1_DIGEST_LENGTH /* * Define the Magic String prefix that identifies a password as being @@ -82,12 +84,7 @@ extern "C" { typedef u_int32_t AP_LONG; /* a 32-bit quantity */ -typedef struct { - AP_LONG digest[5]; /* message digest */ - AP_LONG count_lo, count_hi; /* 64-bit bit count */ - AP_LONG data[16]; /* SHA data buffer */ - int local; /* unprocessed amount in data */ -} AP_SHA1_CTX; +#define AP_SHA1_CTX SHA1_CTX API_EXPORT(void) ap_sha1_base64(const char *clear, int len, char *out); API_EXPORT(void) ap_SHA1Init(AP_SHA1_CTX *context); |