diff options
author | Adhemerval Zanella <adhemerval.zanella@linaro.org> | 2023-10-02 09:11:49 -0300 |
---|---|---|
committer | Adhemerval Zanella <adhemerval.zanella@linaro.org> | 2023-10-30 13:03:59 -0300 |
commit | e6e3c666880847ad908692087ca6d5015895dffa (patch) | |
tree | d8a728bc0a180334644cb62ce3f83905d5ce4c11 /crypt | |
parent | bb2ff12abd1ee7945957c6fb6f4c9ee091e446ce (diff) | |
download | glibc-e6e3c666880847ad908692087ca6d5015895dffa.tar.gz glibc-e6e3c666880847ad908692087ca6d5015895dffa.tar.xz glibc-e6e3c666880847ad908692087ca6d5015895dffa.zip |
crypt: Remove libcrypt support
All the crypt related functions, cryptographic algorithms, and make requirements are removed, with only the exception of md5 implementation which is moved to locale folder since it is required by localedef for integrity protection (libc's locale-reading code does not check these, but localedef does generate them). Besides thec code itself, both internal documentation and the manual is also adjusted. This allows to remove both --enable-crypt and --enable-nss-crypt configure options. Checked with a build for all affected ABIs. Co-authored-by: Zack Weinberg <zack@owlfolio.org> Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Diffstat (limited to 'crypt')
-rw-r--r-- | crypt/Makefile | 69 | ||||
-rw-r--r-- | crypt/README.ufc-crypt | 135 | ||||
-rw-r--r-- | crypt/Versions | 5 | ||||
-rw-r--r-- | crypt/badsalttest.c | 54 | ||||
-rw-r--r-- | crypt/cert.c | 135 | ||||
-rw-r--r-- | crypt/cert.input | 171 | ||||
-rw-r--r-- | crypt/crypt-entry.c | 183 | ||||
-rw-r--r-- | crypt/crypt-private.h | 76 | ||||
-rw-r--r-- | crypt/crypt.c | 115 | ||||
-rw-r--r-- | crypt/crypt.h | 70 | ||||
-rw-r--r-- | crypt/crypt_util.c | 946 | ||||
-rw-r--r-- | crypt/md5-block.c | 166 | ||||
-rw-r--r-- | crypt/md5-crypt.c | 331 | ||||
-rw-r--r-- | crypt/md5.c | 257 | ||||
-rw-r--r-- | crypt/md5.h | 146 | ||||
-rw-r--r-- | crypt/md5c-test.c | 18 | ||||
-rw-r--r-- | crypt/md5test-giant.c | 137 | ||||
-rw-r--r-- | crypt/md5test.c | 53 | ||||
-rw-r--r-- | crypt/sha256-block.c | 98 | ||||
-rw-r--r-- | crypt/sha256-crypt.c | 423 | ||||
-rw-r--r-- | crypt/sha256.c | 193 | ||||
-rw-r--r-- | crypt/sha256.h | 69 | ||||
-rw-r--r-- | crypt/sha256c-test.c | 61 | ||||
-rw-r--r-- | crypt/sha256test.c | 102 | ||||
-rw-r--r-- | crypt/sha512-block.c | 105 | ||||
-rw-r--r-- | crypt/sha512-crypt.c | 445 | ||||
-rw-r--r-- | crypt/sha512.c | 221 | ||||
-rw-r--r-- | crypt/sha512.h | 72 | ||||
-rw-r--r-- | crypt/sha512c-test.c | 63 | ||||
-rw-r--r-- | crypt/sha512test.c | 113 | ||||
-rw-r--r-- | crypt/speeds.c | 153 | ||||
-rw-r--r-- | crypt/ufc-crypt.h | 28 | ||||
-rw-r--r-- | crypt/ufc.c | 54 |
33 files changed, 0 insertions, 5267 deletions
diff --git a/crypt/Makefile b/crypt/Makefile deleted file mode 100644 index 2254840005..0000000000 --- a/crypt/Makefile +++ /dev/null @@ -1,69 +0,0 @@ -# Copyright (C) 1996-2023 Free Software Foundation, Inc. -# This file is part of the GNU C Library. - -# The GNU C Library is free software; you can redistribute it and/or -# modify it under the terms of the GNU Lesser General Public -# License as published by the Free Software Foundation; either -# version 2.1 of the License, or (at your option) any later version. - -# The GNU C Library is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# Lesser General Public License for more details. - -# You should have received a copy of the GNU Lesser General Public -# License along with the GNU C Library; if not, see -# <https://www.gnu.org/licenses/>. - -# -# Sub-makefile for crypt() portion of the library. -# -subdir := crypt - -include ../Makeconfig - -headers := crypt.h - -extra-libs := libcrypt -extra-libs-others := $(extra-libs) - -libcrypt-routines := crypt-entry md5-crypt sha256-crypt sha512-crypt crypt \ - crypt_util - -tests := cert md5c-test sha256c-test sha512c-test badsalttest - -ifeq ($(nss-crypt),yes) -nss-cpp-flags := -DUSE_NSS \ - -I$(shell nss-config --includedir) -I$(shell nspr-config --includedir) -CPPFLAGS-sha256-crypt.c += $(nss-cpp-flags) -CPPFLAGS-sha512-crypt.c += $(nss-cpp-flags) -CPPFLAGS-md5-crypt.c += $(nss-cpp-flags) -LDLIBS-crypt.so = -lfreebl3 -else -libcrypt-routines += md5 sha256 sha512 - -tests += md5test sha256test sha512test - -# The test md5test-giant uses up to 400 MB of RSS and runs on a fast -# machine over a minute. -xtests = md5test-giant -endif - -include ../Rules - -ifneq ($(nss-crypt),yes) -md5-routines := md5 $(filter md5%,$(libcrypt-sysdep_routines)) -sha256-routines := sha256 $(filter sha256%,$(libcrypt-sysdep_routines)) -sha512-routines := sha512 $(filter sha512%,$(libcrypt-sysdep_routines)) - -$(objpfx)md5test: $(patsubst %, $(objpfx)%.o,$(md5-routines)) -$(objpfx)md5test-giant: $(patsubst %, $(objpfx)%.o,$(md5-routines)) -$(objpfx)sha256test: $(patsubst %, $(objpfx)%.o,$(sha256-routines)) -$(objpfx)sha512test: $(patsubst %, $(objpfx)%.o,$(sha512-routines)) -endif - -ifeq (yes,$(build-shared)) -$(addprefix $(objpfx),$(tests)): $(objpfx)libcrypt.so -else -$(addprefix $(objpfx),$(tests)): $(objpfx)libcrypt.a -endif diff --git a/crypt/README.ufc-crypt b/crypt/README.ufc-crypt deleted file mode 100644 index 74d81dd865..0000000000 --- a/crypt/README.ufc-crypt +++ /dev/null @@ -1,135 +0,0 @@ -The following is the README for UFC-crypt, with those portions deleted -that are known to be incorrect for the implementation used with the -GNU C library. - - - UFC-crypt: ultra fast 'crypt' implementation - ============================================ - - @(#)README 2.27 11 Sep 1996 - -Design goals/non goals: ----------------------- - -- Crypt implementation plugin compatible with crypt(3)/fcrypt. - -- High performance when used for password cracking. - -- Portable to most 32/64 bit machines. - -- Startup time/mixed salt performance not critical. - -Features of the implementation: ------------------------------- - -- On most machines, UFC-crypt runs 30-60 times faster than crypt(3) when - invoked repeated times with the same salt and varying passwords. - -- With mostly constant salts, performance is about two to three times - that of the default fcrypt implementation shipped with Alec - Muffets 'Crack' password cracker. For instructions on how to - plug UFC-crypt into 'Crack', see below. - -- With alternating salts, performance is only about twice - that of crypt(3). - -- Requires 165 kb for tables. - -Author & licensing etc ----------------------- - -UFC-crypt is created by Michael Glad, email: glad@daimi.aau.dk, and has -been donated to the Free Software Foundation, Inc. It is covered by the -GNU library license version 2, see the file 'COPYING.LIB'. - -NOTES FOR USERS OUTSIDE THE US: ------------------------------- - -The US government limits the export of DES based software/hardware. -This software is written in Aarhus, Denmark. It can therefore be retrieved -from ftp sites outside the US without breaking US law. Please do not -ftp it from american sites. - -Benchmark table: ---------------- - -The table shows how many operations per second UFC-crypt can -do on various machines. - -|--------------|-------------------------------------------| -|Machine | SUN* SUN* HP* DecStation HP | -| | 3/50 ELC 9000/425e 3100 9000/720 | -|--------------|-------------------------------------------| -| Crypt(3)/sec | 4.6 30 15 25 57 | -| Ufc/sec | 220 990 780 1015 3500 | -|--------------|-------------------------------------------| -| Speedup | 48 30 52 40 60 | -|--------------|-------------------------------------------| - -*) Compiled using special assembly language support module. - -It seems as if performance is limited by CPU bus and data cache capacity. -This also makes the benchmarks debatable compared to a real test with -UFC-crypt wired into Crack. However, the table gives an outline of -what can be expected. - -Optimizations: -------------- - -Here are the optimizations used relative to an ordinary implementation -such as the one said to be used in crypt(3). - -Major optimizations -******************* - -- Keep data packed as bits in integer variables -- allows for - fast permutations & parallel xor's in CPU hardware. - -- Let adjacent final & initial permutations collapse. - -- Keep working data in 'E expanded' format all the time. - -- Implement DES 'f' function mostly by table lookup - -- Calculate the above function on 12 bit basis rather than 6 - as would be the most natural. - -- Implement setup routines so that performance is limited by the DES - inner loops only. - -- Instead of doing salting in the DES inner loops, modify the above tables - each time a new salt is seen. According to the BSD crypt code this is - ugly :-) - -Minor (dirty) optimizations -*************************** - -- combine iterations of DES inner loop so that DES only loops - 8 times. This saves a lot of variable swapping. - -- Implement key access by a walking pointer rather than coding - as array indexing. - -- As described, the table based f function uses a 3 dimensional array: - - sb ['number of 12 bit segment']['12 bit index']['48 bit half index'] - - Code the routine with 4 (one dimensional) vectors. - -- Design the internal data format & uglify the DES loops so that - the compiler does not need to do bit shifts when indexing vectors. - -Revision history -**************** - -UFC patchlevel 0: base version; released to alt.sources on Sep 24 1991 -UFC patchlevel 1: patch released to alt.sources on Sep 27 1991. - No longer rebuilds sb tables when seeing a new salt. -UFC-crypt pl0: Essentially UFC pl 1. Released to comp.sources.misc - on Oct 22 1991. -UFC-crypt pl1: Released to comp.sources.misc in march 1992 - * setkey/encrypt routines added - * added validation/benchmarking programs - * reworked keyschedule setup code - * memory demands reduced - * 64 bit support added diff --git a/crypt/Versions b/crypt/Versions deleted file mode 100644 index 389e7d544a..0000000000 --- a/crypt/Versions +++ /dev/null @@ -1,5 +0,0 @@ -libcrypt { - GLIBC_2.0 { - crypt; crypt_r; encrypt; encrypt_r; fcrypt; setkey; setkey_r; - } -} diff --git a/crypt/badsalttest.c b/crypt/badsalttest.c deleted file mode 100644 index 5e1c65d5c2..0000000000 --- a/crypt/badsalttest.c +++ /dev/null @@ -1,54 +0,0 @@ -/* Test program for bad DES salt detection in crypt. - Copyright (C) 2012-2023 Free Software Foundation, Inc. - This file is part of the GNU C Library. - - The GNU C Library is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation; either - version 2.1 of the License, or (at your option) any later version. - - The GNU C Library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public - License along with the GNU C Library; if not, see - <https://www.gnu.org/licenses/>. */ - -#include <array_length.h> -#include <stddef.h> -#include <crypt.h> - -#include <support/check.h> - -static const char *tests[][2] = - { - { "no salt", "" }, - { "single char", "/" }, - { "first char bad", "!x" }, - { "second char bad", "Z%" }, - { "both chars bad", ":@" }, - { "unsupported algorithm", "$2$" }, - { "unsupported_algorithm", "_1" }, - }; - -static int -do_test (void) -{ - struct crypt_data cd; - - /* Mark cd as initialized before first call to crypt_r. */ - cd.initialized = 0; - - for (size_t i = 0; i < array_length (tests); i++) - { - TEST_VERIFY (crypt (tests[i][0], tests[i][1]) == NULL); - - TEST_VERIFY (crypt_r (tests[i][0], tests[i][1], &cd) == NULL); - } - - return 0; -} - -#include <support/test-driver.c> diff --git a/crypt/cert.c b/crypt/cert.c deleted file mode 100644 index 5b4277f76d..0000000000 --- a/crypt/cert.c +++ /dev/null @@ -1,135 +0,0 @@ - -/* - * This crypt(3) validation program shipped with UFC-crypt - * is derived from one distributed with Phil Karns PD DES package. - * - * @(#)cert.c 1.8 11 Aug 1996 - */ - -#include <stdio.h> -#include <stdlib.h> -#include "crypt.h" - -/* This file tests the deprecated setkey/encrypt interface. */ -#include <shlib-compat.h> -#if TEST_COMPAT (libcrypt, GLIBC_2_0, GLIBC_2_28) - -#define libcrypt_version_reference(symbol, version) \ - _libcrypt_version_reference (symbol, VERSION_libcrypt_##version) -#define _libcrypt_version_reference(symbol, version) \ - __libcrypt_version_reference (symbol, version) -#define __libcrypt_version_reference(symbol, version) \ - __asm__ (".symver " #symbol ", " #symbol "@" #version) - -extern void setkey (const char *); -extern void encrypt (const char *, int); -libcrypt_version_reference (setkey, GLIBC_2_0); -libcrypt_version_reference (encrypt, GLIBC_2_0); - -int totfails = 0; - -int main (int argc, char *argv[]); -void get8 (char *cp); -void put8 (char *cp); -void good_bye (void) __attribute__ ((noreturn)); - -void -good_bye (void) -{ - if(totfails == 0) { - printf("Passed DES validation suite\n"); - exit(0); - } else { - printf("%d failures during DES validation suite!!!\n", totfails); - exit(1); - } -} - -int -main (int argc, char *argv[]) -{ - char key[64],plain[64],cipher[64],answer[64]; - int i; - int fail; - - for(;!feof(stdin);){ - - get8(key); - printf(" K: "); put8(key); - setkey(key); - - get8(plain); - printf(" P: "); put8(plain); - - get8(answer); - printf(" C: "); put8(answer); - - for(i=0;i<64;i++) - cipher[i] = plain[i]; - encrypt(cipher, 0); - - for(i=0;i<64;i++) - if(cipher[i] != answer[i]) - break; - fail = 0; - if(i != 64){ - printf(" Encrypt FAIL"); - fail++; totfails++; - } - - encrypt(cipher, 1); - - for(i=0;i<64;i++) - if(cipher[i] != plain[i]) - break; - if(i != 64){ - printf(" Decrypt FAIL"); - fail++; totfails++; - } - - if(fail == 0) - printf(" OK"); - printf("\n"); - } - good_bye(); -} -void -get8 (char *cp) -{ - int i,j,t; - - for(i=0;i<8;i++){ - if (scanf("%2x",&t) < 1) - { - if(ferror(stdin)) - totfails++; - } - if(feof(stdin)) - good_bye(); - for(j=0; j<8 ; j++) { - *cp++ = (t & (0x01 << (7-j))) != 0; - } - } -} -void -put8 (char *cp) -{ - int i,j,t; - - for(i=0;i<8;i++){ - t = 0; - for(j = 0; j<8; j++) - t = (t<<1) | *cp++; - printf("%02x", t); - } -} - -#else /* encrypt and setkey are not available. */ - -int -main (void) -{ - return 77; /* UNSUPPORTED */ -} - -#endif diff --git a/crypt/cert.input b/crypt/cert.input deleted file mode 100644 index d843fa8a8d..0000000000 --- a/crypt/cert.input +++ /dev/null @@ -1,171 +0,0 @@ -0101010101010101 95f8a5e5dd31d900 8000000000000000 -0101010101010101 dd7f121ca5015619 4000000000000000 -0101010101010101 2e8653104f3834ea 2000000000000000 -0101010101010101 4bd388ff6cd81d4f 1000000000000000 -0101010101010101 20b9e767b2fb1456 0800000000000000 -0101010101010101 55579380d77138ef 0400000000000000 -0101010101010101 6cc5defaaf04512f 0200000000000000 -0101010101010101 0d9f279ba5d87260 0100000000000000 -0101010101010101 d9031b0271bd5a0a 0080000000000000 -0101010101010101 424250b37c3dd951 0040000000000000 -0101010101010101 b8061b7ecd9a21e5 0020000000000000 -0101010101010101 f15d0f286b65bd28 0010000000000000 -0101010101010101 add0cc8d6e5deba1 0008000000000000 -0101010101010101 e6d5f82752ad63d1 0004000000000000 -0101010101010101 ecbfe3bd3f591a5e 0002000000000000 -0101010101010101 f356834379d165cd 0001000000000000 -0101010101010101 2b9f982f20037fa9 0000800000000000 -0101010101010101 889de068a16f0be6 0000400000000000 -0101010101010101 e19e275d846a1298 0000200000000000 -0101010101010101 329a8ed523d71aec 0000100000000000 -0101010101010101 e7fce22557d23c97 0000080000000000 -0101010101010101 12a9f5817ff2d65d 0000040000000000 -0101010101010101 a484c3ad38dc9c19 0000020000000000 -0101010101010101 fbe00a8a1ef8ad72 0000010000000000 -0101010101010101 750d079407521363 0000008000000000 -0101010101010101 64feed9c724c2faf 0000004000000000 -0101010101010101 f02b263b328e2b60 0000002000000000 -0101010101010101 9d64555a9a10b852 0000001000000000 -0101010101010101 d106ff0bed5255d7 0000000800000000 -0101010101010101 e1652c6b138c64a5 0000000400000000 -0101010101010101 e428581186ec8f46 0000000200000000 -0101010101010101 aeb5f5ede22d1a36 0000000100000000 -0101010101010101 e943d7568aec0c5c 0000000080000000 -0101010101010101 df98c8276f54b04b 0000000040000000 -0101010101010101 b160e4680f6c696f 0000000020000000 -0101010101010101 fa0752b07d9c4ab8 0000000010000000 -0101010101010101 ca3a2b036dbc8502 0000000008000000 -0101010101010101 5e0905517bb59bcf 0000000004000000 -0101010101010101 814eeb3b91d90726 0000000002000000 -0101010101010101 4d49db1532919c9f 0000000001000000 -0101010101010101 25eb5fc3f8cf0621 0000000000800000 -0101010101010101 ab6a20c0620d1c6f 0000000000400000 -0101010101010101 79e90dbc98f92cca 0000000000200000 -0101010101010101 866ecedd8072bb0e 0000000000100000 -0101010101010101 8b54536f2f3e64a8 0000000000080000 -0101010101010101 ea51d3975595b86b 0000000000040000 -0101010101010101 caffc6ac4542de31 0000000000020000 -0101010101010101 8dd45a2ddf90796c 0000000000010000 -0101010101010101 1029d55e880ec2d0 0000000000008000 -0101010101010101 5d86cb23639dbea9 0000000000004000 -0101010101010101 1d1ca853ae7c0c5f 0000000000002000 -0101010101010101 ce332329248f3228 0000000000001000 -0101010101010101 8405d1abe24fb942 0000000000000800 -0101010101010101 e643d78090ca4207 0000000000000400 -0101010101010101 48221b9937748a23 0000000000000200 -0101010101010101 dd7c0bbd61fafd54 0000000000000100 -0101010101010101 2fbc291a570db5c4 0000000000000080 -0101010101010101 e07c30d7e4e26e12 0000000000000040 -0101010101010101 0953e2258e8e90a1 0000000000000020 -0101010101010101 5b711bc4ceebf2ee 0000000000000010 -0101010101010101 cc083f1e6d9e85f6 0000000000000008 -0101010101010101 d2fd8867d50d2dfe 0000000000000004 -0101010101010101 06e7ea22ce92708f 0000000000000002 -0101010101010101 166b40b44aba4bd6 0000000000000001 -8001010101010101 0000000000000000 95a8d72813daa94d -4001010101010101 0000000000000000 0eec1487dd8c26d5 -2001010101010101 0000000000000000 7ad16ffb79c45926 -1001010101010101 0000000000000000 d3746294ca6a6cf3 -0801010101010101 0000000000000000 809f5f873c1fd761 -0401010101010101 0000000000000000 c02faffec989d1fc -0201010101010101 0000000000000000 4615aa1d33e72f10 -0180010101010101 0000000000000000 2055123350c00858 -0140010101010101 0000000000000000 df3b99d6577397c8 -0120010101010101 0000000000000000 31fe17369b5288c9 -0110010101010101 0000000000000000 dfdd3cc64dae1642 -0108010101010101 0000000000000000 178c83ce2b399d94 -0104010101010101 0000000000000000 50f636324a9b7f80 -0102010101010101 0000000000000000 a8468ee3bc18f06d -0101800101010101 0000000000000000 a2dc9e92fd3cde92 -0101400101010101 0000000000000000 cac09f797d031287 -0101200101010101 0000000000000000 90ba680b22aeb525 -0101100101010101 0000000000000000 ce7a24f350e280b6 -0101080101010101 0000000000000000 882bff0aa01a0b87 -0101040101010101 0000000000000000 25610288924511c2 -0101020101010101 0000000000000000 c71516c29c75d170 -0101018001010101 0000000000000000 5199c29a52c9f059 -0101014001010101 0000000000000000 c22f0a294a71f29f -0101012001010101 0000000000000000 ee371483714c02ea -0101011001010101 0000000000000000 a81fbd448f9e522f -0101010801010101 0000000000000000 4f644c92e192dfed -0101010401010101 0000000000000000 1afa9a66a6df92ae -0101010201010101 0000000000000000 b3c1cc715cb879d8 -0101010180010101 0000000000000000 19d032e64ab0bd8b -0101010140010101 0000000000000000 3cfaa7a7dc8720dc -0101010120010101 0000000000000000 b7265f7f447ac6f3 -0101010110010101 0000000000000000 9db73b3c0d163f54 -0101010108010101 0000000000000000 8181b65babf4a975 -0101010104010101 0000000000000000 93c9b64042eaa240 -0101010102010101 0000000000000000 5570530829705592 -0101010101800101 0000000000000000 8638809e878787a0 -0101010101400101 0000000000000000 41b9a79af79ac208 -0101010101200101 0000000000000000 7a9be42f2009a892 -0101010101100101 0000000000000000 29038d56ba6d2745 -0101010101080101 0000000000000000 5495c6abf1e5df51 -0101010101040101 0000000000000000 ae13dbd561488933 -0101010101020101 0000000000000000 024d1ffa8904e389 -0101010101018001 0000000000000000 d1399712f99bf02e -0101010101014001 0000000000000000 14c1d7c1cffec79e -0101010101012001 0000000000000000 1de5279dae3bed6f -0101010101011001 0000000000000000 e941a33f85501303 -0101010101010801 0000000000000000 da99dbbc9a03f379 -0101010101010401 0000000000000000 b7fc92f91d8e92e9 -0101010101010201 0000000000000000 ae8e5caa3ca04e85 -0101010101010180 0000000000000000 9cc62df43b6eed74 -0101010101010140 0000000000000000 d863dbb5c59a91a0 -0101010101010120 0000000000000000 a1ab2190545b91d7 -0101010101010110 0000000000000000 0875041e64c570f7 -0101010101010108 0000000000000000 5a594528bebef1cc -0101010101010104 0000000000000000 fcdb3291de21f0c0 -0101010101010102 0000000000000000 869efd7f9f265a09 -1046913489980131 0000000000000000 88d55e54f54c97b4 -1007103489988020 0000000000000000 0c0cc00c83ea48fd -10071034c8980120 0000000000000000 83bc8ef3a6570183 -1046103489988020 0000000000000000 df725dcad94ea2e9 -1086911519190101 0000000000000000 e652b53b550be8b0 -1086911519580101 0000000000000000 af527120c485cbb0 -5107b01519580101 0000000000000000 0f04ce393db926d5 -1007b01519190101 0000000000000000 c9f00ffc74079067 -3107915498080101 0000000000000000 7cfd82a593252b4e -3107919498080101 0000000000000000 cb49a2f9e91363e3 -10079115b9080140 0000000000000000 00b588be70d23f56 -3107911598080140 0000000000000000 406a9a6ab43399ae -1007d01589980101 0000000000000000 6cb773611dca9ada -9107911589980101 0000000000000000 67fd21c17dbb5d70 -9107d01589190101 0000000000000000 9592cb4110430787 -1007d01598980120 0000000000000000 a6b7ff68a318ddd3 -1007940498190101 0000000000000000 4d102196c914ca16 -0107910491190401 0000000000000000 2dfa9f4573594965 -0107910491190101 0000000000000000 b46604816c0e0774 -0107940491190401 0000000000000000 6e7e6221a4f34e87 -19079210981a0101 0000000000000000 aa85e74643233199 -1007911998190801 0000000000000000 2e5a19db4d1962d6 -10079119981a0801 0000000000000000 23a866a809d30894 -1007921098190101 0000000000000000 d812d961f017d320 -100791159819010b 0000000000000000 055605816e58608f -1004801598190101 0000000000000000 abd88e8b1b7716f1 -1004801598190102 0000000000000000 537ac95be69da1e1 -1004801598190108 0000000000000000 aed0f6ae3c25cdd8 -1002911598100104 0000000000000000 b3e35a5ee53e7b8d -1002911598190104 0000000000000000 61c79c71921a2ef8 -1002911598100201 0000000000000000 e2f5728f0995013c -1002911698100101 0000000000000000 1aeac39a61f0a464 -7ca110454a1a6e57 01a1d6d039776742 690f5b0d9a26939b -0131d9619dc1376e 5cd54ca83def57da 7a389d10354bd271 -07a1133e4a0b2686 0248d43806f67172 868ebb51cab4599a -3849674c2602319e 51454b582ddf440a 7178876e01f19b2a -04b915ba43feb5b6 42fd443059577fa2 af37fb421f8c4095 -0113b970fd34f2ce 059b5e0851cf143a 86a560f10ec6d85b -0170f175468fb5e6 0756d8e0774761d2 0cd3da020021dc09 -43297fad38e373fe 762514b829bf486a ea676b2cb7db2b7a -07a7137045da2a16 3bdd119049372802 dfd64a815caf1a0f -04689104c2fd3b2f 26955f6835af609a 5c513c9c4886c088 -37d06bb516cb7546 164d5e404f275232 0a2aeeae3ff4ab77 -1f08260d1ac2465e 6b056e18759f5cca ef1bf03e5dfa575a -584023641aba6176 004bd6ef09176062 88bf0db6d70dee56 -025816164629b007 480d39006ee762f2 a1f9915541020b56 -49793ebc79b3258f 437540c8698f3cfa 6fbf1cafcffd0556 -4fb05e1515ab73a7 072d43a077075292 2f22e49bab7ca1ac -49e95d6d4ca229bf 02fe55778117f12a 5a6b612cc26cce4a -018310dc409b26d6 1d9d5c5018f728c2 5f4c038ed12b2e41 -1c587f1c13924fef 305532286d6f295a 63fac0d034d9f793 diff --git a/crypt/crypt-entry.c b/crypt/crypt-entry.c deleted file mode 100644 index c24c0110a6..0000000000 --- a/crypt/crypt-entry.c +++ /dev/null @@ -1,183 +0,0 @@ -/* - * UFC-crypt: ultra fast crypt(3) implementation - * - * Copyright (C) 1991-2023 Free Software Foundation, Inc. - * - * The GNU C Library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * The GNU C Library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with the GNU C Library; if not, see - * <https://www.gnu.org/licenses/>. - * - * crypt entry points - * - * @(#)crypt-entry.c 1.2 12/20/96 - * - */ - -#ifdef DEBUG -#include <stdio.h> -#endif -#include <string.h> -#include <errno.h> -#include <fips-private.h> - -#ifndef STATIC -#define STATIC static -#endif - -#include "crypt-private.h" -#include <shlib-compat.h> - -/* Prototypes for local functions. */ -#ifndef __GNU_LIBRARY__ -void _ufc_clearmem (char *start, int cnt); -#else -#define _ufc_clearmem(start, cnt) memset(start, 0, cnt) -#endif -extern char *__md5_crypt_r (const char *key, const char *salt, char *buffer, - int buflen); -extern char *__md5_crypt (const char *key, const char *salt); -extern char *__sha256_crypt_r (const char *key, const char *salt, - char *buffer, int buflen); -extern char *__sha256_crypt (const char *key, const char *salt); -extern char *__sha512_crypt_r (const char *key, const char *salt, - char *buffer, int buflen); -extern char *__sha512_crypt (const char *key, const char *salt); - -/* Define our magic string to mark salt for MD5 encryption - replacement. This is meant to be the same as for other MD5 based - encryption implementations. */ -static const char md5_salt_prefix[] = "$1$"; - -/* Magic string for SHA256 encryption. */ -static const char sha256_salt_prefix[] = "$5$"; - -/* Magic string for SHA512 encryption. */ -static const char sha512_salt_prefix[] = "$6$"; - -/* For use by the old, non-reentrant routines (crypt/encrypt/setkey) */ -extern struct crypt_data _ufc_foobar; - -/* - * UNIX crypt function - */ - -char * -__crypt_r (const char *key, const char *salt, - struct crypt_data * __restrict data) -{ - ufc_long res[4]; - char ktab[9]; - ufc_long xx = 25; /* to cope with GCC long long compiler bugs */ - -#ifdef _LIBC - /* Try to find out whether we have to use MD5 encryption replacement. */ - if (strncmp (md5_salt_prefix, salt, sizeof (md5_salt_prefix) - 1) == 0) - { - /* FIPS rules out MD5 password encryption. */ - if (fips_enabled_p ()) - { - __set_errno (EPERM); - return NULL; - } - return __md5_crypt_r (key, salt, (char *) data, - sizeof (struct crypt_data)); - } - - /* Try to find out whether we have to use SHA256 encryption replacement. */ - if (strncmp (sha256_salt_prefix, salt, sizeof (sha256_salt_prefix) - 1) == 0) - return __sha256_crypt_r (key, salt, (char *) data, - sizeof (struct crypt_data)); - - /* Try to find out whether we have to use SHA512 encryption replacement. */ - if (strncmp (sha512_salt_prefix, salt, sizeof (sha512_salt_prefix) - 1) == 0) - return __sha512_crypt_r (key, salt, (char *) data, - sizeof (struct crypt_data)); -#endif - - /* - * Hack DES tables according to salt - */ - if (!_ufc_setup_salt_r (salt, data)) - { - __set_errno (EINVAL); - return NULL; - } - - /* FIPS rules out DES password encryption. */ - if (fips_enabled_p ()) - { - __set_errno (EPERM); - return NULL; - } - - /* - * Setup key schedule - */ - _ufc_clearmem (ktab, (int) sizeof (ktab)); - (void) strncpy (ktab, key, 8); - _ufc_mk_keytab_r (ktab, data); - - /* - * Go for the 25 DES encryptions - */ - _ufc_clearmem ((char*) res, (int) sizeof (res)); - _ufc_doit_r (xx, data, &res[0]); - - /* - * Do final permutations - */ - _ufc_dofinalperm_r (res, data); - - /* - * And convert back to 6 bit ASCII - */ - _ufc_output_conversion_r (res[0], res[1], salt, data); - - /* - * Erase key-dependent intermediate data. Data dependent only on - * the salt is not considered sensitive. - */ - explicit_bzero (ktab, sizeof (ktab)); - explicit_bzero (data->keysched, sizeof (data->keysched)); - explicit_bzero (res, sizeof (res)); - - return data->crypt_3_buf; -} -weak_alias (__crypt_r, crypt_r) - -char * -crypt (const char *key, const char *salt) -{ -#ifdef _LIBC - /* Try to find out whether we have to use MD5 encryption replacement. */ - if (strncmp (md5_salt_prefix, salt, sizeof (md5_salt_prefix) - 1) == 0 - /* Let __crypt_r deal with the error code if FIPS is enabled. */ - && !fips_enabled_p ()) - return __md5_crypt (key, salt); - - /* Try to find out whether we have to use SHA256 encryption replacement. */ - if (strncmp (sha256_salt_prefix, salt, sizeof (sha256_salt_prefix) - 1) == 0) - return __sha256_crypt (key, salt); - - /* Try to find out whether we have to use SHA512 encryption replacement. */ - if (strncmp (sha512_salt_prefix, salt, sizeof (sha512_salt_prefix) - 1) == 0) - return __sha512_crypt (key, salt); -#endif - - return __crypt_r (key, salt, &_ufc_foobar); -} - -#if SHLIB_COMPAT (libcrypt, GLIBC_2_0, GLIBC_2_28) -weak_alias (crypt, fcrypt) -compat_symbol (libcrypt, fcrypt, fcrypt, GLIBC_2_0); -#endif diff --git a/crypt/crypt-private.h b/crypt/crypt-private.h deleted file mode 100644 index e8067655fb..0000000000 --- a/crypt/crypt-private.h +++ /dev/null @@ -1,76 +0,0 @@ -/* - * UFC-crypt: ultra fast crypt(3) implementation - * - * Copyright (C) 1991-2023 Free Software Foundation, Inc. - * - * The GNU C Library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * The GNU C Library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with the GNU C Library; if not, see - * <https://www.gnu.org/licenses/>. - * - * @(#)crypt-private.h 1.4 12/20/96 - */ - -/* Prototypes for local functions in libcrypt.a. */ - -#ifndef CRYPT_PRIVATE_H -#define CRYPT_PRIVATE_H 1 - -#include <features.h> -#include <stdbool.h> - -#ifndef DOS -#include "ufc-crypt.h" -#else -/* - * Thanks to greg%wind@plains.NoDak.edu (Greg W. Wettstein) - * for DOS patches - */ -#include "pl.h" -#include "ufc.h" -#endif -#include "crypt.h" - -/* crypt.c */ -extern void _ufc_doit_r (ufc_long itr, struct crypt_data * __restrict __data, - ufc_long *res); - - -/* crypt_util.c */ -extern void __init_des_r (struct crypt_data * __restrict __data); -extern void __init_des (void); - -extern bool _ufc_setup_salt_r (const char *s, - struct crypt_data * __restrict __data); -extern void _ufc_mk_keytab_r (const char *key, - struct crypt_data * __restrict __data); -extern void _ufc_dofinalperm_r (ufc_long *res, - struct crypt_data * __restrict __data); -extern void _ufc_output_conversion_r (ufc_long v1, ufc_long v2, - const char *salt, - struct crypt_data * __restrict __data); - -extern void __setkey_r (const char *__key, - struct crypt_data * __restrict __data); -extern void __encrypt_r (char * __restrict __block, int __edflag, - struct crypt_data * __restrict __data); - -/* crypt-entry.c */ -extern char *__crypt_r (const char *__key, const char *__salt, - struct crypt_data * __restrict __data); -extern char *fcrypt (const char *key, const char *salt); - -extern void __b64_from_24bit (char **cp, int *buflen, - unsigned int b2, unsigned int b1, unsigned int b0, - int n); - -#endif /* crypt-private.h */ diff --git a/crypt/crypt.c b/crypt/crypt.c deleted file mode 100644 index f8dc5bea45..0000000000 --- a/crypt/crypt.c +++ /dev/null @@ -1,115 +0,0 @@ -/* - * UFC-crypt: ultra fast crypt(3) implementation - * - * Copyright (C) 1991-2023 Free Software Foundation, Inc. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; see the file COPYING.LIB. If not, - * see <https://www.gnu.org/licenses/>. - * - * @(#)crypt.c 2.25 12/20/96 - * - * Semiportable C version - * - */ - -#include "crypt-private.h" - -#ifdef _UFC_32_ - -/* - * 32 bit version - */ - -#define SBA(sb, v) (*(long32*)((char*)(sb)+(v))) - -void -_ufc_doit_r (ufc_long itr, struct crypt_data * __restrict __data, - ufc_long *res) -{ - int i; - long32 s, *k; - long32 *sb01 = (long32*)__data->sb0; - long32 *sb23 = (long32*)__data->sb2; - long32 l1, l2, r1, r2; - - l1 = (long32)res[0]; l2 = (long32)res[1]; - r1 = (long32)res[2]; r2 = (long32)res[3]; - - while(itr--) { - k = (long32*)__data->keysched; - for(i=8; i--; ) { - s = *k++ ^ r1; - l1 ^= SBA(sb01, s & 0xffff); l2 ^= SBA(sb01, (s & 0xffff)+4); - l1 ^= SBA(sb01, s >>= 16 ); l2 ^= SBA(sb01, (s )+4); - s = *k++ ^ r2; - l1 ^= SBA(sb23, s & 0xffff); l2 ^= SBA(sb23, (s & 0xffff)+4); - l1 ^= SBA(sb23, s >>= 16 ); l2 ^= SBA(sb23, (s )+4); - - s = *k++ ^ l1; - r1 ^= SBA(sb01, s & 0xffff); r2 ^= SBA(sb01, (s & 0xffff)+4); - r1 ^= SBA(sb01, s >>= 16 ); r2 ^= SBA(sb01, (s )+4); - s = *k++ ^ l2; - r1 ^= SBA(sb23, s & 0xffff); r2 ^= SBA(sb23, (s & 0xffff)+4); - r1 ^= SBA(sb23, s >>= 16 ); r2 ^= SBA(sb23, (s )+4); - } - s=l1; l1=r1; r1=s; s=l2; l2=r2; r2=s; - } - res[0] = l1; res[1] = l2; res[2] = r1; res[3] = r2; -} - -#endif - -#ifdef _UFC_64_ - -/* - * 64 bit version - */ - -#define SBA(sb, v) (*(long64*)((char*)(sb)+(v))) - -void -_ufc_doit_r (ufc_long itr, struct crypt_data * __restrict __data, - ufc_long *res) -{ - int i; - long64 l, r, s, *k; - long64 *sb01 = (long64*)__data->sb0; - long64 *sb23 = (long64*)__data->sb2; - - l = (((long64)res[0]) << 32) | ((long64)res[1]); - r = (((long64)res[2]) << 32) | ((long64)res[3]); - - while(itr--) { - k = (long64*)__data->keysched; - for(i=8; i--; ) { - s = *k++ ^ r; - l ^= SBA(sb23, (s ) & 0xffff); - l ^= SBA(sb23, (s >>= 16) & 0xffff); - l ^= SBA(sb01, (s >>= 16) & 0xffff); - l ^= SBA(sb01, (s >>= 16) ); - - s = *k++ ^ l; - r ^= SBA(sb23, (s ) & 0xffff); - r ^= SBA(sb23, (s >>= 16) & 0xffff); - r ^= SBA(sb01, (s >>= 16) & 0xffff); - r ^= SBA(sb01, (s >>= 16) ); - } - s=l; l=r; r=s; - } - - res[0] = l >> 32; res[1] = l & 0xffffffff; - res[2] = r >> 32; res[3] = r & 0xffffffff; -} - -#endif diff --git a/crypt/crypt.h b/crypt/crypt.h deleted file mode 100644 index acc081960f..0000000000 --- a/crypt/crypt.h +++ /dev/null @@ -1,70 +0,0 @@ -/* - * UFC-crypt: ultra fast crypt(3) implementation - * - * Copyright (C) 1991-2023 Free Software Foundation, Inc. - * - * The GNU C Library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * The GNU C Library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with the GNU C Library; if not, see - * <https://www.gnu.org/licenses/>. - * - * @(#)crypt.h 1.5 12/20/96 - * - */ - -#ifndef _CRYPT_H -#define _CRYPT_H 1 - -#include <features.h> - -__BEGIN_DECLS - -/* One-way hash PHRASE, returning a string suitable for storage in the - user database. SALT selects the one-way function to use, and - ensures that no two users' hashes are the same, even if they use - the same passphrase. The return value points to static storage - which will be overwritten by the next call to crypt. */ -extern char *crypt (const char *__phrase, const char *__salt) - __THROW __nonnull ((1, 2)); - -#ifdef __USE_GNU - -/* This structure provides scratch and output buffers for 'crypt_r'. - Its contents should not be accessed directly. */ -struct crypt_data - { - char keysched[16 * 8]; - char sb0[32768]; - char sb1[32768]; - char sb2[32768]; - char sb3[32768]; - /* end-of-aligment-critical-data */ - char crypt_3_buf[14]; - char current_salt[2]; - long int current_saltbits; - int direction, initialized; - }; - -/* Thread-safe version of 'crypt'. - DATA must point to a 'struct crypt_data' allocated by the caller. - Before the first call to 'crypt_r' with a new 'struct crypt_data', - that object must be initialized to all zeroes. The pointer - returned, if not NULL, will point within DATA. (It will still be - overwritten by the next call to 'crypt_r' with the same DATA.) */ -extern char *crypt_r (const char *__phrase, const char *__salt, - struct crypt_data * __restrict __data) - __THROW __nonnull ((1, 2, 3)); -#endif - -__END_DECLS - -#endif /* crypt.h */ diff --git a/crypt/crypt_util.c b/crypt/crypt_util.c deleted file mode 100644 index daca4f72dc..0000000000 --- a/crypt/crypt_util.c +++ /dev/null @@ -1,946 +0,0 @@ -/* - * UFC-crypt: ultra fast crypt(3) implementation - * - * Copyright (C) 1991-2023 Free Software Foundation, Inc. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; see the file COPYING.LIB. If not, - * see <https://www.gnu.org/licenses/>. - * - * @(#)crypt_util.c 2.56 12/20/96 - * - * Support routines - * - */ - -#ifdef DEBUG -#include <stdio.h> -#endif -#include <atomic.h> -#include <string.h> - -#ifndef STATIC -#define STATIC static -#endif - -#include "crypt-private.h" -#include <shlib-compat.h> - -/* Prototypes for local functions. */ -#ifndef __GNU_LIBRARY__ -void _ufc_clearmem (char *start, int cnt); -void _ufc_copymem (char *from, char *to, int cnt); -#endif -#ifdef _UFC_32_ -STATIC void shuffle_sb (long32 *k, ufc_long saltbits); -#else -STATIC void shuffle_sb (long64 *k, ufc_long saltbits); -#endif - - -/* - * Permutation done once on the 56 bit - * key derived from the original 8 byte ASCII key. - */ -static const int pc1[56] = { - 57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18, - 10, 2, 59, 51, 43, 35, 27, 19, 11, 3, 60, 52, 44, 36, - 63, 55, 47, 39, 31, 23, 15, 7, 62, 54, 46, 38, 30, 22, - 14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 28, 20, 12, 4 -}; - -/* - * How much to rotate each 28 bit half of the pc1 permutated - * 56 bit key before using pc2 to give the i' key - */ -static const int rots[16] = { - 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1 -}; - -/* - * Permutation giving the key - * of the i' DES round - */ -static const int pc2[48] = { - 14, 17, 11, 24, 1, 5, 3, 28, 15, 6, 21, 10, - 23, 19, 12, 4, 26, 8, 16, 7, 27, 20, 13, 2, - 41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48, - 44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32 -}; - -/* - * The E expansion table which selects - * bits from the 32 bit intermediate result. - */ -static const int esel[48] = { - 32, 1, 2, 3, 4, 5, 4, 5, 6, 7, 8, 9, - 8, 9, 10, 11, 12, 13, 12, 13, 14, 15, 16, 17, - 16, 17, 18, 19, 20, 21, 20, 21, 22, 23, 24, 25, - 24, 25, 26, 27, 28, 29, 28, 29, 30, 31, 32, 1 -}; - -/* - * Permutation done on the - * result of sbox lookups - */ -static const int perm32[32] = { - 16, 7, 20, 21, 29, 12, 28, 17, 1, 15, 23, 26, 5, 18, 31, 10, - 2, 8, 24, 14, 32, 27, 3, 9, 19, 13, 30, 6, 22, 11, 4, 25 -}; - -/* - * The sboxes - */ -static const int sbox[8][4][16]= { - { { 14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7 }, - { 0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8 }, - { 4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0 }, - { 15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13 } - }, - - { { 15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10 }, - { 3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5 }, - { 0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15 }, - { 13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9 } - }, - - { { 10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8 }, - { 13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1 }, - { 13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7 }, - { 1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12 } - }, - - { { 7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15 }, - { 13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9 }, - { 10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4 }, - { 3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14 } - }, - - { { 2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9 }, - { 14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6 }, - { 4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14 }, - { 11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3 } - }, - - { { 12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11 }, - { 10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8 }, - { 9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6 }, - { 4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13 } - }, - - { { 4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1 }, - { 13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6 }, - { 1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2 }, - { 6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12 } - }, - - { { 13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7 }, - { 1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2 }, - { 7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8 }, - { 2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11 } - } -}; - -#if SHLIB_COMPAT (libcrypt, GLIBC_2_0, GLIBC_2_28) -/* - * This is the initial - * permutation matrix - */ -static const int initial_perm[64] = { - 58, 50, 42, 34, 26, 18, 10, 2, 60, 52, 44, 36, 28, 20, 12, 4, - 62, 54, 46, 38, 30, 22, 14, 6, 64, 56, 48, 40, 32, 24, 16, 8, - 57, 49, 41, 33, 25, 17, 9, 1, 59, 51, 43, 35, 27, 19, 11, 3, - 61, 53, 45, 37, 29, 21, 13, 5, 63, 55, 47, 39, 31, 23, 15, 7 -}; -#endif - -/* - * This is the final - * permutation matrix - */ -static const int final_perm[64] = { - 40, 8, 48, 16, 56, 24, 64, 32, 39, 7, 47, 15, 55, 23, 63, 31, - 38, 6, 46, 14, 54, 22, 62, 30, 37, 5, 45, 13, 53, 21, 61, 29, - 36, 4, 44, 12, 52, 20, 60, 28, 35, 3, 43, 11, 51, 19, 59, 27, - 34, 2, 42, 10, 50, 18, 58, 26, 33, 1, 41, 9, 49, 17, 57, 25 -}; - -#define ascii_to_bin(c) ((c)>='a'?(c-59):(c)>='A'?((c)-53):(c)-'.') -#define bin_to_ascii(c) ((c)>=38?((c)-38+'a'):(c)>=12?((c)-12+'A'):(c)+'.') - -static const ufc_long BITMASK[24] = { - 0x40000000, 0x20000000, 0x10000000, 0x08000000, 0x04000000, 0x02000000, - 0x01000000, 0x00800000, 0x00400000, 0x00200000, 0x00100000, 0x00080000, - 0x00004000, 0x00002000, 0x00001000, 0x00000800, 0x00000400, 0x00000200, - 0x00000100, 0x00000080, 0x00000040, 0x00000020, 0x00000010, 0x00000008 -}; - -static const unsigned char bytemask[8] = { - 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 -}; - -static const ufc_long longmask[32] = { - 0x80000000, 0x40000000, 0x20000000, 0x10000000, - 0x08000000, 0x04000000, 0x02000000, 0x01000000, - 0x00800000, 0x00400000, 0x00200000, 0x00100000, - 0x00080000, 0x00040000, 0x00020000, 0x00010000, - 0x00008000, 0x00004000, 0x00002000, 0x00001000, - 0x00000800, 0x00000400, 0x00000200, 0x00000100, - 0x00000080, 0x00000040, 0x00000020, 0x00000010, - 0x00000008, 0x00000004, 0x00000002, 0x00000001 -}; - -/* - * do_pc1: permform pc1 permutation in the key schedule generation. - * - * The first index is the byte number in the 8 byte ASCII key - * - second - - the two 28 bits halves of the result - * - third - selects the 7 bits actually used of each byte - * - * The result is kept with 28 bit per 32 bit with the 4 most significant - * bits zero. - */ -static ufc_long do_pc1[8][2][128]; - -/* - * do_pc2: permform pc2 permutation in the key schedule generation. - * - * The first index is the septet number in the two 28 bit intermediate values - * - second - - - septet values - * - * Knowledge of the structure of the pc2 permutation is used. - * - * The result is kept with 28 bit per 32 bit with the 4 most significant - * bits zero. - */ -static ufc_long do_pc2[8][128]; - -/* - * eperm32tab: do 32 bit permutation and E selection - * - * The first index is the byte number in the 32 bit value to be permuted - * - second - is the value of this byte - * - third - selects the two 32 bit values - * - * The table is used and generated internally in init_des to speed it up - */ -static ufc_long eperm32tab[4][256][2]; - -/* - * efp: undo an extra e selection and do final - * permutation giving the DES result. - * - * Invoked 6 bit a time on two 48 bit values - * giving two 32 bit longs. - */ -static ufc_long efp[16][64][2]; - -/* Table with characters for base64 transformation. */ -static const char b64t[64] = -"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; - -/* - * For use by the old, non-reentrant routines - * (crypt/encrypt/setkey) - */ -struct crypt_data _ufc_foobar; - -#ifdef __GNU_LIBRARY__ -#include <libc-lock.h> - -__libc_lock_define_initialized (static, _ufc_tables_lock) -#endif - -#ifdef DEBUG - -void -_ufc_prbits (ufc_long *a, int n) -{ - ufc_long i, j, t, tmp; - n /= 8; - for(i = 0; i < n; i++) { - tmp=0; - for(j = 0; j < 8; j++) { - t=8*i+j; - tmp|=(a[t/24] & BITMASK[t % 24])?bytemask[j]:0; - } - (void)printf("%02lx ", tmp); - } - printf(" "); -} - -static void __attribute__ ((unused)) -_ufc_set_bits (ufc_long v, ufc_long *b) -{ - ufc_long i; - *b = 0; - for(i = 0; i < 24; i++) { - if(v & longmask[8 + i]) - *b |= BITMASK[i]; - } -} - -#endif - -#ifndef __GNU_LIBRARY__ -/* - * Silly rewrites of 'bzero'/'memset'. I do so - * because some machines don't have - * bzero and some don't have memset. - */ - -void -_ufc_clearmem (char *start, int cnt) -{ - while(cnt--) - *start++ = '\0'; -} - -void -_ufc_copymem (char *from, char *to, int cnt) -{ - while(cnt--) - *to++ = *from++; -} -#else -#define _ufc_clearmem(start, cnt) memset(start, 0, cnt) -#define _ufc_copymem(from, to, cnt) memcpy(to, from, cnt) -#endif - -/* lookup a 6 bit value in sbox */ - -#define s_lookup(i,s) sbox[(i)][(((s)>>4) & 0x2)|((s) & 0x1)][((s)>>1) & 0xf]; - -/* - * Initialize unit - may be invoked directly - * by fcrypt users. - */ - -void -__init_des_r (struct crypt_data * __restrict __data) -{ - int comes_from_bit; - int bit, sg; - ufc_long j; - ufc_long mask1, mask2; - int e_inverse[64]; - static volatile int small_tables_initialized = 0; - -#ifdef _UFC_32_ - long32 *sb[4]; - sb[0] = (long32*)__data->sb0; sb[1] = (long32*)__data->sb1; - sb[2] = (long32*)__data->sb2; sb[3] = (long32*)__data->sb3; -#endif -#ifdef _UFC_64_ - long64 *sb[4]; - sb[0] = (long64*)__data->sb0; sb[1] = (long64*)__data->sb1; - sb[2] = (long64*)__data->sb2; sb[3] = (long64*)__data->sb3; -#endif - - if(small_tables_initialized == 0) { -#ifdef __GNU_LIBRARY__ - __libc_lock_lock (_ufc_tables_lock); - if(small_tables_initialized) - goto small_tables_done; -#endif - - /* - * Create the do_pc1 table used - * to affect pc1 permutation - * when generating keys - */ - _ufc_clearmem((char*)do_pc1, (int)sizeof(do_pc1)); - for(bit = 0; bit < 56; bit++) { - comes_from_bit = pc1[bit] - 1; - mask1 = bytemask[comes_from_bit % 8 + 1]; - mask2 = longmask[bit % 28 + 4]; - for(j = 0; j < 128; j++) { - if(j & mask1) - do_pc1[comes_from_bit / 8][bit / 28][j] |= mask2; - } - } - - /* - * Create the do_pc2 table used - * to affect pc2 permutation when - * generating keys - */ - _ufc_clearmem((char*)do_pc2, (int)sizeof(do_pc2)); - for(bit = 0; bit < 48; bit++) { - comes_from_bit = pc2[bit] - 1; - mask1 = bytemask[comes_from_bit % 7 + 1]; - mask2 = BITMASK[bit % 24]; - for(j = 0; j < 128; j++) { - if(j & mask1) - do_pc2[comes_from_bit / 7][j] |= mask2; - } - } - - /* - * Now generate the table used to do combined - * 32 bit permutation and e expansion - * - * We use it because we have to permute 16384 32 bit - * longs into 48 bit in order to initialize sb. - * - * Looping 48 rounds per permutation becomes - * just too slow... - * - */ - - _ufc_clearmem((char*)eperm32tab, (int)sizeof(eperm32tab)); - for(bit = 0; bit < 48; bit++) { - ufc_long mask1,comes_from; - comes_from = perm32[esel[bit]-1]-1; - mask1 = bytemask[comes_from % 8]; - for(j = 256; j--;) { - if(j & mask1) - eperm32tab[comes_from / 8][j][bit / 24] |= BITMASK[bit % 24]; - } - } - - /* - * Create an inverse matrix for esel telling - * where to plug out bits if undoing it - */ - for(bit=48; bit--;) { - e_inverse[esel[bit] - 1 ] = bit; - e_inverse[esel[bit] - 1 + 32] = bit + 48; - } - - /* - * create efp: the matrix used to - * undo the E expansion and effect final permutation - */ - _ufc_clearmem((char*)efp, (int)sizeof efp); - for(bit = 0; bit < 64; bit++) { - int o_bit, o_long; - ufc_long word_value, mask1, mask2; - int comes_from_f_bit, comes_from_e_bit; - int comes_from_word, bit_within_word; - - /* See where bit i belongs in the two 32 bit long's */ - o_long = bit / 32; /* 0..1 */ - o_bit = bit % 32; /* 0..31 */ - - /* - * And find a bit in the e permutated value setting this bit. - * - * Note: the e selection may have selected the same bit several - * times. By the initialization of e_inverse, we only look - * for one specific instance. - */ - comes_from_f_bit = final_perm[bit] - 1; /* 0..63 */ - comes_from_e_bit = e_inverse[comes_from_f_bit]; /* 0..95 */ - comes_from_word = comes_from_e_bit / 6; /* 0..15 */ - bit_within_word = comes_from_e_bit % 6; /* 0..5 */ - - mask1 = longmask[bit_within_word + 26]; - mask2 = longmask[o_bit]; - - for(word_value = 64; word_value--;) { - if(word_value & mask1) - efp[comes_from_word][word_value][o_long] |= mask2; - } - } - atomic_write_barrier (); - small_tables_initialized = 1; -#ifdef __GNU_LIBRARY__ -small_tables_done: - __libc_lock_unlock(_ufc_tables_lock); -#endif - } else - atomic_read_barrier (); - - /* - * Create the sb tables: - * - * For each 12 bit segment of an 48 bit intermediate - * result, the sb table precomputes the two 4 bit - * values of the sbox lookups done with the two 6 - * bit halves, shifts them to their proper place, - * sends them through perm32 and finally E expands - * them so that they are ready for the next - * DES round. - * - */ - - if (__data->sb0 + sizeof (__data->sb0) == __data->sb1 - && __data->sb1 + sizeof (__data->sb1) == __data->sb2 - && __data->sb2 + sizeof (__data->sb2) == __data->sb3) - _ufc_clearmem(__data->sb0, - (int)sizeof(__data->sb0) - + (int)sizeof(__data->sb1) - + (int)sizeof(__data->sb2) - + (int)sizeof(__data->sb3)); - else { - _ufc_clearmem(__data->sb0, (int)sizeof(__data->sb0)); - _ufc_clearmem(__data->sb1, (int)sizeof(__data->sb1)); - _ufc_clearmem(__data->sb2, (int)sizeof(__data->sb2)); - _ufc_clearmem(__data->sb3, (int)sizeof(__data->sb3)); - } - - for(sg = 0; sg < 4; sg++) { - int j1, j2; - int s1, s2; - - for(j1 = 0; j1 < 64; j1++) { - s1 = s_lookup(2 * sg, j1); - for(j2 = 0; j2 < 64; j2++) { - ufc_long to_permute, inx; - - s2 = s_lookup(2 * sg + 1, j2); - to_permute = (((ufc_long)s1 << 4) | - (ufc_long)s2) << (24 - 8 * (ufc_long)sg); - -#ifdef _UFC_32_ - inx = ((j1 << 6) | j2) << 1; - sb[sg][inx ] = eperm32tab[0][(to_permute >> 24) & 0xff][0]; - sb[sg][inx+1] = eperm32tab[0][(to_permute >> 24) & 0xff][1]; - sb[sg][inx ] |= eperm32tab[1][(to_permute >> 16) & 0xff][0]; - sb[sg][inx+1] |= eperm32tab[1][(to_permute >> 16) & 0xff][1]; - sb[sg][inx ] |= eperm32tab[2][(to_permute >> 8) & 0xff][0]; - sb[sg][inx+1] |= eperm32tab[2][(to_permute >> 8) & 0xff][1]; - sb[sg][inx ] |= eperm32tab[3][(to_permute) & 0xff][0]; - sb[sg][inx+1] |= eperm32tab[3][(to_permute) & 0xff][1]; -#endif -#ifdef _UFC_64_ - inx = ((j1 << 6) | j2); - sb[sg][inx] = - ((long64)eperm32tab[0][(to_permute >> 24) & 0xff][0] << 32) | - (long64)eperm32tab[0][(to_permute >> 24) & 0xff][1]; - sb[sg][inx] |= - ((long64)eperm32tab[1][(to_permute >> 16) & 0xff][0] << 32) | - (long64)eperm32tab[1][(to_permute >> 16) & 0xff][1]; - sb[sg][inx] |= - ((long64)eperm32tab[2][(to_permute >> 8) & 0xff][0] << 32) | - (long64)eperm32tab[2][(to_permute >> 8) & 0xff][1]; - sb[sg][inx] |= - ((long64)eperm32tab[3][(to_permute) & 0xff][0] << 32) | - (long64)eperm32tab[3][(to_permute) & 0xff][1]; -#endif - } - } - } - - __data->current_saltbits = 0; - __data->current_salt[0] = 0; - __data->current_salt[1] = 0; - __data->initialized++; -} - -void -__init_des (void) -{ - __init_des_r(&_ufc_foobar); -} - -/* - * Process the elements of the sb table permuting the - * bits swapped in the expansion by the current salt. - */ - -#ifdef _UFC_32_ -STATIC void -shuffle_sb (long32 *k, ufc_long saltbits) -{ - ufc_long j; - long32 x; - for(j=4096; j--;) { - x = (k[0] ^ k[1]) & (long32)saltbits; - *k++ ^= x; - *k++ ^= x; - } -} -#endif - -#ifdef _UFC_64_ -STATIC void -shuffle_sb (long64 *k, ufc_long saltbits) -{ - ufc_long j; - long64 x; - for(j=4096; j--;) { - x = ((*k >> 32) ^ *k) & (long64)saltbits; - *k++ ^= (x << 32) | x; - } -} -#endif - -/* - * Return false iff C is in the specified alphabet for crypt salt. - */ - -static bool -bad_for_salt (char c) -{ - switch (c) - { - case '0' ... '9': - case 'A' ... 'Z': - case 'a' ... 'z': - case '.': case '/': - return false; - - default: - return true; - } -} - -/* - * Setup the unit for a new salt - * Hopefully we'll not see a new salt in each crypt call. - * Return false if an unexpected character was found in s[0] or s[1]. - */ - -bool -_ufc_setup_salt_r (const char *s, struct crypt_data * __restrict __data) -{ - ufc_long i, j, saltbits; - char s0, s1; - - if(__data->initialized == 0) - __init_des_r(__data); - - s0 = s[0]; - if(bad_for_salt (s0)) - return false; - - s1 = s[1]; - if(bad_for_salt (s1)) - return false; - - if(s0 == __data->current_salt[0] && s1 == __data->current_salt[1]) - return true; - - __data->current_salt[0] = s0; - __data->current_salt[1] = s1; - - /* - * This is the only crypt change to DES: - * entries are swapped in the expansion table - * according to the bits set in the salt. - */ - saltbits = 0; - for(i = 0; i < 2; i++) { - long c=ascii_to_bin(s[i]); - for(j = 0; j < 6; j++) { - if((c >> j) & 0x1) - saltbits |= BITMASK[6 * i + j]; - } - } - - /* - * Permute the sb table values - * to reflect the changed e - * selection table - */ -#ifdef _UFC_32_ -#define LONGG long32* -#endif -#ifdef _UFC_64_ -#define LONGG long64* -#endif - - shuffle_sb((LONGG)__data->sb0, __data->current_saltbits ^ saltbits); - shuffle_sb((LONGG)__data->sb1, __data->current_saltbits ^ saltbits); - shuffle_sb((LONGG)__data->sb2, __data->current_saltbits ^ saltbits); - shuffle_sb((LONGG)__data->sb3, __data->current_saltbits ^ saltbits); - - __data->current_saltbits = saltbits; - - return true; -} - -void -_ufc_mk_keytab_r (const char *key, struct crypt_data * __restrict __data) -{ - ufc_long v1, v2, *k1; - int i; -#ifdef _UFC_32_ - long32 v, *k2; - k2 = (long32*)__data->keysched; -#endif -#ifdef _UFC_64_ - long64 v, *k2; - k2 = (long64*)__data->keysched; -#endif - - v1 = v2 = 0; k1 = &do_pc1[0][0][0]; - for(i = 8; i--;) { - v1 |= k1[*key & 0x7f]; k1 += 128; - v2 |= k1[*key++ & 0x7f]; k1 += 128; - } - - for(i = 0; i < 16; i++) { - k1 = &do_pc2[0][0]; - - v1 = (v1 << rots[i]) | (v1 >> (28 - rots[i])); - v = k1[(v1 >> 21) & 0x7f]; k1 += 128; - v |= k1[(v1 >> 14) & 0x7f]; k1 += 128; - v |= k1[(v1 >> 7) & 0x7f]; k1 += 128; - v |= k1[(v1 ) & 0x7f]; k1 += 128; - -#ifdef _UFC_32_ - *k2++ = (v | 0x00008000); - v = 0; -#endif -#ifdef _UFC_64_ - v = (v << 32); -#endif - - v2 = (v2 << rots[i]) | (v2 >> (28 - rots[i])); - v |= k1[(v2 >> 21) & 0x7f]; k1 += 128; - v |= k1[(v2 >> 14) & 0x7f]; k1 += 128; - v |= k1[(v2 >> 7) & 0x7f]; k1 += 128; - v |= k1[(v2 ) & 0x7f]; - -#ifdef _UFC_32_ - *k2++ = (v | 0x00008000); -#endif -#ifdef _UFC_64_ - *k2++ = v | 0x0000800000008000l; -#endif - } - - __data->direction = 0; -} - -/* - * Undo an extra E selection and do final permutations - */ - -void -_ufc_dofinalperm_r (ufc_long *res, struct crypt_data * __restrict __data) -{ - ufc_long v1, v2, x; - ufc_long l1,l2,r1,r2; - - l1 = res[0]; l2 = res[1]; - r1 = res[2]; r2 = res[3]; - - x = (l1 ^ l2) & __data->current_saltbits; l1 ^= x; l2 ^= x; - x = (r1 ^ r2) & __data->current_saltbits; r1 ^= x; r2 ^= x; - - v1=v2=0; l1 >>= 3; l2 >>= 3; r1 >>= 3; r2 >>= 3; - - v1 |= efp[15][ r2 & 0x3f][0]; v2 |= efp[15][ r2 & 0x3f][1]; - v1 |= efp[14][(r2 >>= 6) & 0x3f][0]; v2 |= efp[14][ r2 & 0x3f][1]; - v1 |= efp[13][(r2 >>= 10) & 0x3f][0]; v2 |= efp[13][ r2 & 0x3f][1]; - v1 |= efp[12][(r2 >>= 6) & 0x3f][0]; v2 |= efp[12][ r2 & 0x3f][1]; - - v1 |= efp[11][ r1 & 0x3f][0]; v2 |= efp[11][ r1 & 0x3f][1]; - v1 |= efp[10][(r1 >>= 6) & 0x3f][0]; v2 |= efp[10][ r1 & 0x3f][1]; - v1 |= efp[ 9][(r1 >>= 10) & 0x3f][0]; v2 |= efp[ 9][ r1 & 0x3f][1]; - v1 |= efp[ 8][(r1 >>= 6) & 0x3f][0]; v2 |= efp[ 8][ r1 & 0x3f][1]; - - v1 |= efp[ 7][ l2 & 0x3f][0]; v2 |= efp[ 7][ l2 & 0x3f][1]; - v1 |= efp[ 6][(l2 >>= 6) & 0x3f][0]; v2 |= efp[ 6][ l2 & 0x3f][1]; - v1 |= efp[ 5][(l2 >>= 10) & 0x3f][0]; v2 |= efp[ 5][ l2 & 0x3f][1]; - v1 |= efp[ 4][(l2 >>= 6) & 0x3f][0]; v2 |= efp[ 4][ l2 & 0x3f][1]; - - v1 |= efp[ 3][ l1 & 0x3f][0]; v2 |= efp[ 3][ l1 & 0x3f][1]; - v1 |= efp[ 2][(l1 >>= 6) & 0x3f][0]; v2 |= efp[ 2][ l1 & 0x3f][1]; - v1 |= efp[ 1][(l1 >>= 10) & 0x3f][0]; v2 |= efp[ 1][ l1 & 0x3f][1]; - v1 |= efp[ 0][(l1 >>= 6) & 0x3f][0]; v2 |= efp[ 0][ l1 & 0x3f][1]; - - res[0] = v1; res[1] = v2; -} - -/* - * crypt only: convert from 64 bit to 11 bit ASCII - * prefixing with the salt - */ - -void -_ufc_output_conversion_r (ufc_long v1, ufc_long v2, const char *salt, - struct crypt_data * __restrict __data) -{ - int i, s, shf; - - __data->crypt_3_buf[0] = salt[0]; - __data->crypt_3_buf[1] = salt[1] ? salt[1] : salt[0]; - - for(i = 0; i < 5; i++) { - shf = (26 - 6 * i); /* to cope with MSC compiler bug */ - __data->crypt_3_buf[i + 2] = bin_to_ascii((v1 >> shf) & 0x3f); - } - - s = (v2 & 0xf) << 2; - v2 = (v2 >> 2) | ((v1 & 0x3) << 30); - - for(i = 5; i < 10; i++) { - shf = (56 - 6 * i); - __data->crypt_3_buf[i + 2] = bin_to_ascii((v2 >> shf) & 0x3f); - } - - __data->crypt_3_buf[12] = bin_to_ascii(s); - __data->crypt_3_buf[13] = 0; -} - -#if SHLIB_COMPAT (libcrypt, GLIBC_2_0, GLIBC_2_28) - -/* - * UNIX encrypt function. Takes a bitvector - * represented by one byte per bit and - * encrypt/decrypt according to edflag - */ - -void -__encrypt_r (char *__block, int __edflag, - struct crypt_data * __restrict __data) -{ - ufc_long l1, l2, r1, r2, res[4]; - int i; -#ifdef _UFC_32_ - long32 *kt; - kt = (long32*)__data->keysched; -#endif -#ifdef _UFC_64_ - long64 *kt; - kt = (long64*)__data->keysched; -#endif - - /* - * Undo any salt changes to E expansion - */ - _ufc_setup_salt_r("..", __data); - - /* - * Reverse key table if - * changing operation (encrypt/decrypt) - */ - if((__edflag == 0) != (__data->direction == 0)) { - for(i = 0; i < 8; i++) { -#ifdef _UFC_32_ - long32 x; - x = kt[2 * (15-i)]; - kt[2 * (15-i)] = kt[2 * i]; - kt[2 * i] = x; - - x = kt[2 * (15-i) + 1]; - kt[2 * (15-i) + 1] = kt[2 * i + 1]; - kt[2 * i + 1] = x; -#endif -#ifdef _UFC_64_ - long64 x; - x = kt[15-i]; - kt[15-i] = kt[i]; - kt[i] = x; -#endif - } - __data->direction = __edflag; - } - - /* - * Do initial permutation + E expansion - */ - i = 0; - for(l1 = 0; i < 24; i++) { - if(__block[initial_perm[esel[i]-1]-1]) - l1 |= BITMASK[i]; - } - for(l2 = 0; i < 48; i++) { - if(__block[initial_perm[esel[i]-1]-1]) - l2 |= BITMASK[i-24]; - } - - i = 0; - for(r1 = 0; i < 24; i++) { - if(__block[initial_perm[esel[i]-1+32]-1]) - r1 |= BITMASK[i]; - } - for(r2 = 0; i < 48; i++) { - if(__block[initial_perm[esel[i]-1+32]-1]) - r2 |= BITMASK[i-24]; - } - - /* - * Do DES inner loops + final conversion - */ - res[0] = l1; res[1] = l2; - res[2] = r1; res[3] = r2; - _ufc_doit_r((ufc_long)1, __data, &res[0]); - - /* - * Do final permutations - */ - _ufc_dofinalperm_r(res, __data); - - /* - * And convert to bit array - */ - l1 = res[0]; r1 = res[1]; - for(i = 0; i < 32; i++) { - *__block++ = (l1 & longmask[i]) != 0; - } - for(i = 0; i < 32; i++) { - *__block++ = (r1 & longmask[i]) != 0; - } -} -weak_alias (__encrypt_r, encrypt_r) -compat_symbol (libcrypt, encrypt_r, encrypt_r, GLIBC_2_0); - -void -encrypt (char *__block, int __edflag) -{ - __encrypt_r(__block, __edflag, &_ufc_foobar); -} -compat_symbol (libcrypt, encrypt, encrypt, GLIBC_2_0); - - -/* - * UNIX setkey function. Take a 64 bit DES - * key and setup the machinery. - */ - -void -__setkey_r (const char *__key, struct crypt_data * __restrict __data) -{ - int i,j; - unsigned char c; - unsigned char ktab[8]; - - _ufc_setup_salt_r("..", __data); /* be sure we're initialized */ - - for(i = 0; i < 8; i++) { - for(j = 0, c = 0; j < 8; j++) - c = c << 1 | *__key++; - ktab[i] = c >> 1; - } - _ufc_mk_keytab_r((char *) ktab, __data); -} -weak_alias (__setkey_r, setkey_r) -compat_symbol (libcrypt, setkey_r, setkey_r, GLIBC_2_0); - -void -setkey (const char *__key) -{ - __setkey_r(__key, &_ufc_foobar); -} -compat_symbol (libcrypt, setkey, setkey, GLIBC_2_0); -#endif /* SHLIB_COMPAT (libcrypt, GLIBC_2_0, GLIBC_2_28) */ - -void -__b64_from_24bit (char **cp, int *buflen, - unsigned int b2, unsigned int b1, unsigned int b0, - int n) -{ - unsigned int w = (b2 << 16) | (b1 << 8) | b0; - while (n-- > 0 && (*buflen) > 0) - { - *(*cp)++ = b64t[w & 0x3f]; - --(*buflen); - w >>= 6; - } -} diff --git a/crypt/md5-block.c b/crypt/md5-block.c deleted file mode 100644 index 35e99addec..0000000000 --- a/crypt/md5-block.c +++ /dev/null @@ -1,166 +0,0 @@ -/* These are the four functions used in the four steps of the MD5 algorithm - and defined in the RFC 1321. The first function is a little bit optimized - (as found in Colin Plumbs public domain implementation). */ -/* #define FF(b, c, d) ((b & c) | (~b & d)) */ -#define FF(b, c, d) (d ^ (b & (c ^ d))) -#define FG(b, c, d) FF (d, b, c) -#define FH(b, c, d) (b ^ c ^ d) -#define FI(b, c, d) (c ^ (b | ~d)) - -/* Process LEN bytes of BUFFER, accumulating context into CTX. - It is assumed that LEN % 64 == 0. */ - -void -__md5_process_block (const void *buffer, size_t len, struct md5_ctx *ctx) -{ - md5_uint32 correct_words[16]; - const md5_uint32 *words = buffer; - size_t nwords = len / sizeof (md5_uint32); - const md5_uint32 *endp = words + nwords; - md5_uint32 A = ctx->A; - md5_uint32 B = ctx->B; - md5_uint32 C = ctx->C; - md5_uint32 D = ctx->D; - md5_uint32 lolen = len; - - /* First increment the byte count. RFC 1321 specifies the possible - length of the file up to 2^64 bits. Here we only compute the - number of bytes. Do a double word increment. */ - ctx->total[0] += lolen; - ctx->total[1] += (len >> 31 >> 1) + (ctx->total[0] < lolen); - - /* Process all bytes in the buffer with 64 bytes in each round of - the loop. */ - while (words < endp) - { - md5_uint32 *cwp = correct_words; - md5_uint32 A_save = A; - md5_uint32 B_save = B; - md5_uint32 C_save = C; - md5_uint32 D_save = D; - - /* First round: using the given function, the context and a constant - the next context is computed. Because the algorithms processing - unit is a 32-bit word and it is determined to work on words in - little endian byte order we perhaps have to change the byte order - before the computation. To reduce the work for the next steps - we store the swapped words in the array CORRECT_WORDS. */ - -#define OP(a, b, c, d, s, T) \ - do \ - { \ - a += FF (b, c, d) + (*cwp++ = SWAP (*words)) + T; \ - ++words; \ - CYCLIC (a, s); \ - a += b; \ - } \ - while (0) - - /* It is unfortunate that C does not provide an operator for - cyclic rotation. Hope the C compiler is smart enough. */ -#define CYCLIC(w, s) (w = (w << s) | (w >> (32 - s))) - - /* Before we start, one word to the strange constants. - They are defined in RFC 1321 as - - T[i] = (int) (4294967296.0 * fabs (sin (i))), i=1..64 - */ - - /* Round 1. */ - OP (A, B, C, D, 7, 0xd76aa478); - OP (D, A, B, C, 12, 0xe8c7b756); - OP (C, D, A, B, 17, 0x242070db); - OP (B, C, D, A, 22, 0xc1bdceee); - OP (A, B, C, D, 7, 0xf57c0faf); - OP (D, A, B, C, 12, 0x4787c62a); - OP (C, D, A, B, 17, 0xa8304613); - OP (B, C, D, A, 22, 0xfd469501); - OP (A, B, C, D, 7, 0x698098d8); - OP (D, A, B, C, 12, 0x8b44f7af); - OP (C, D, A, B, 17, 0xffff5bb1); - OP (B, C, D, A, 22, 0x895cd7be); - OP (A, B, C, D, 7, 0x6b901122); - OP (D, A, B, C, 12, 0xfd987193); - OP (C, D, A, B, 17, 0xa679438e); - OP (B, C, D, A, 22, 0x49b40821); - - /* For the second to fourth round we have the possibly swapped words - in CORRECT_WORDS. Redefine the macro to take an additional first - argument specifying the function to use. */ -#undef OP -#define OP(f, a, b, c, d, k, s, T) \ - do \ - { \ - a += f (b, c, d) + correct_words[k] + T; \ - CYCLIC (a, s); \ - a += b; \ - } \ - while (0) - - /* Round 2. */ - OP (FG, A, B, C, D, 1, 5, 0xf61e2562); - OP (FG, D, A, B, C, 6, 9, 0xc040b340); - OP (FG, C, D, A, B, 11, 14, 0x265e5a51); - OP (FG, B, C, D, A, 0, 20, 0xe9b6c7aa); - OP (FG, A, B, C, D, 5, 5, 0xd62f105d); - OP (FG, D, A, B, C, 10, 9, 0x02441453); - OP (FG, C, D, A, B, 15, 14, 0xd8a1e681); - OP (FG, B, C, D, A, 4, 20, 0xe7d3fbc8); - OP (FG, A, B, C, D, 9, 5, 0x21e1cde6); - OP (FG, D, A, B, C, 14, 9, 0xc33707d6); - OP (FG, C, D, A, B, 3, 14, 0xf4d50d87); - OP (FG, B, C, D, A, 8, 20, 0x455a14ed); - OP (FG, A, B, C, D, 13, 5, 0xa9e3e905); - OP (FG, D, A, B, C, 2, 9, 0xfcefa3f8); - OP (FG, C, D, A, B, 7, 14, 0x676f02d9); - OP (FG, B, C, D, A, 12, 20, 0x8d2a4c8a); - - /* Round 3. */ - OP (FH, A, B, C, D, 5, 4, 0xfffa3942); - OP (FH, D, A, B, C, 8, 11, 0x8771f681); - OP (FH, C, D, A, B, 11, 16, 0x6d9d6122); - OP (FH, B, C, D, A, 14, 23, 0xfde5380c); - OP (FH, A, B, C, D, 1, 4, 0xa4beea44); - OP (FH, D, A, B, C, 4, 11, 0x4bdecfa9); - OP (FH, C, D, A, B, 7, 16, 0xf6bb4b60); - OP (FH, B, C, D, A, 10, 23, 0xbebfbc70); - OP (FH, A, B, C, D, 13, 4, 0x289b7ec6); - OP (FH, D, A, B, C, 0, 11, 0xeaa127fa); - OP (FH, C, D, A, B, 3, 16, 0xd4ef3085); - OP (FH, B, C, D, A, 6, 23, 0x04881d05); - OP (FH, A, B, C, D, 9, 4, 0xd9d4d039); - OP (FH, D, A, B, C, 12, 11, 0xe6db99e5); - OP (FH, C, D, A, B, 15, 16, 0x1fa27cf8); - OP (FH, B, C, D, A, 2, 23, 0xc4ac5665); - - /* Round 4. */ - OP (FI, A, B, C, D, 0, 6, 0xf4292244); - OP (FI, D, A, B, C, 7, 10, 0x432aff97); - OP (FI, C, D, A, B, 14, 15, 0xab9423a7); - OP (FI, B, C, D, A, 5, 21, 0xfc93a039); - OP (FI, A, B, C, D, 12, 6, 0x655b59c3); - OP (FI, D, A, B, C, 3, 10, 0x8f0ccc92); - OP (FI, C, D, A, B, 10, 15, 0xffeff47d); - OP (FI, B, C, D, A, 1, 21, 0x85845dd1); - OP (FI, A, B, C, D, 8, 6, 0x6fa87e4f); - OP (FI, D, A, B, C, 15, 10, 0xfe2ce6e0); - OP (FI, C, D, A, B, 6, 15, 0xa3014314); - OP (FI, B, C, D, A, 13, 21, 0x4e0811a1); - OP (FI, A, B, C, D, 4, 6, 0xf7537e82); - OP (FI, D, A, B, C, 11, 10, 0xbd3af235); - OP (FI, C, D, A, B, 2, 15, 0x2ad7d2bb); - OP (FI, B, C, D, A, 9, 21, 0xeb86d391); - - /* Add the starting values of the context. */ - A += A_save; - B += B_save; - C += C_save; - D += D_save; - } - - /* Put checksum in context given as argument. */ - ctx->A = A; - ctx->B = B; - ctx->C = C; - ctx->D = D; -} diff --git a/crypt/md5-crypt.c b/crypt/md5-crypt.c deleted file mode 100644 index 4e4760545a..0000000000 --- a/crypt/md5-crypt.c +++ /dev/null @@ -1,331 +0,0 @@ -/* One way encryption based on MD5 sum. - Compatible with the behavior of MD5 crypt introduced in FreeBSD 2.0. - Copyright (C) 1996-2023 Free Software Foundation, Inc. - This file is part of the GNU C Library. - - The GNU C Library is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation; either - version 2.1 of the License, or (at your option) any later version. - - The GNU C Library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public - License along with the GNU C Library; if not, see - <https://www.gnu.org/licenses/>. */ - -#include <assert.h> -#include <errno.h> -#include <stdlib.h> -#include <string.h> -#include <sys/param.h> - -#include "md5.h" -#include "crypt-private.h" - - -#ifdef USE_NSS -typedef int PRBool; -# include <hasht.h> -# include <nsslowhash.h> - -# define md5_init_ctx(ctxp, nss_ctxp) \ - do \ - { \ - if (((nss_ctxp = NSSLOWHASH_NewContext (nss_ictx, HASH_AlgMD5)) \ - == NULL)) \ - { \ - if (nss_ctx != NULL) \ - NSSLOWHASH_Destroy (nss_ctx); \ - if (nss_alt_ctx != NULL) \ - NSSLOWHASH_Destroy (nss_alt_ctx); \ - return NULL; \ - } \ - NSSLOWHASH_Begin (nss_ctxp); \ - } \ - while (0) - -# define md5_process_bytes(buf, len, ctxp, nss_ctxp) \ - NSSLOWHASH_Update (nss_ctxp, (const unsigned char *) buf, len) - -# define md5_finish_ctx(ctxp, nss_ctxp, result) \ - do \ - { \ - unsigned int ret; \ - NSSLOWHASH_End (nss_ctxp, result, &ret, sizeof (result)); \ - assert (ret == sizeof (result)); \ - NSSLOWHASH_Destroy (nss_ctxp); \ - nss_ctxp = NULL; \ - } \ - while (0) -#else -# define md5_init_ctx(ctxp, nss_ctxp) \ - __md5_init_ctx (ctxp) - -# define md5_process_bytes(buf, len, ctxp, nss_ctxp) \ - __md5_process_bytes(buf, len, ctxp) - -# define md5_finish_ctx(ctxp, nss_ctxp, result) \ - __md5_finish_ctx (ctxp, result) -#endif - - -/* Define our magic string to mark salt for MD5 "encryption" - replacement. This is meant to be the same as for other MD5 based - encryption implementations. */ -static const char md5_salt_prefix[] = "$1$"; - - -/* Prototypes for local functions. */ -extern char *__md5_crypt_r (const char *key, const char *salt, - char *buffer, int buflen); -extern char *__md5_crypt (const char *key, const char *salt); - - -/* This entry point is equivalent to the `crypt' function in Unix - libcs. */ -char * -__md5_crypt_r (const char *key, const char *salt, char *buffer, int buflen) -{ - unsigned char alt_result[16] - __attribute__ ((__aligned__ (__alignof__ (md5_uint32)))); - size_t salt_len; - size_t key_len; - size_t cnt; - char *cp; - char *copied_key = NULL; - char *copied_salt = NULL; - char *free_key = NULL; - size_t alloca_used = 0; - - /* Find beginning of salt string. The prefix should normally always - be present. Just in case it is not. */ - if (strncmp (md5_salt_prefix, salt, sizeof (md5_salt_prefix) - 1) == 0) - /* Skip salt prefix. */ - salt += sizeof (md5_salt_prefix) - 1; - - salt_len = MIN (strcspn (salt, "$"), 8); - key_len = strlen (key); - - if (((uintptr_t) key) % __alignof__ (md5_uint32) != 0) - { - char *tmp; - - if (__libc_use_alloca (alloca_used + key_len + __alignof__ (md5_uint32))) - tmp = (char *) alloca (key_len + __alignof__ (md5_uint32)); - else - { - free_key = tmp = (char *) malloc (key_len + __alignof__ (md5_uint32)); - if (tmp == NULL) - return NULL; - } - - key = copied_key = - memcpy (tmp + __alignof__ (md5_uint32) - - ((uintptr_t) tmp) % __alignof__ (md5_uint32), - key, key_len); - assert (((uintptr_t) key) % __alignof__ (md5_uint32) == 0); - } - - if (((uintptr_t) salt) % __alignof__ (md5_uint32) != 0) - { - char *tmp = (char *) alloca (salt_len + __alignof__ (md5_uint32)); - salt = copied_salt = - memcpy (tmp + __alignof__ (md5_uint32) - - ((uintptr_t) tmp) % __alignof__ (md5_uint32), - salt, salt_len); - assert (((uintptr_t) salt) % __alignof__ (md5_uint32) == 0); - } - -#ifdef USE_NSS - /* Initialize libfreebl3. */ - NSSLOWInitContext *nss_ictx = NSSLOW_Init (); - if (nss_ictx == NULL) - { - free (free_key); - return NULL; - } - NSSLOWHASHContext *nss_ctx = NULL; - NSSLOWHASHContext *nss_alt_ctx = NULL; -#else - struct md5_ctx ctx; - struct md5_ctx alt_ctx; -#endif - - /* Prepare for the real work. */ - md5_init_ctx (&ctx, nss_ctx); - - /* Add the key string. */ - md5_process_bytes (key, key_len, &ctx, nss_ctx); - - /* Because the SALT argument need not always have the salt prefix we - add it separately. */ - md5_process_bytes (md5_salt_prefix, sizeof (md5_salt_prefix) - 1, - &ctx, nss_ctx); - - /* The last part is the salt string. This must be at most 8 - characters and it ends at the first `$' character (for - compatibility with existing implementations). */ - md5_process_bytes (salt, salt_len, &ctx, nss_ctx); - - - /* Compute alternate MD5 sum with input KEY, SALT, and KEY. The - final result will be added to the first context. */ - md5_init_ctx (&alt_ctx, nss_alt_ctx); - - /* Add key. */ - md5_process_bytes (key, key_len, &alt_ctx, nss_alt_ctx); - - /* Add salt. */ - md5_process_bytes (salt, salt_len, &alt_ctx, nss_alt_ctx); - - /* Add key again. */ - md5_process_bytes (key, key_len, &alt_ctx, nss_alt_ctx); - - /* Now get result of this (16 bytes) and add it to the other - context. */ - md5_finish_ctx (&alt_ctx, nss_alt_ctx, alt_result); - - /* Add for any character in the key one byte of the alternate sum. */ - for (cnt = key_len; cnt > 16; cnt -= 16) - md5_process_bytes (alt_result, 16, &ctx, nss_ctx); - md5_process_bytes (alt_result, cnt, &ctx, nss_ctx); - - /* For the following code we need a NUL byte. */ - *alt_result = '\0'; - - /* The original implementation now does something weird: for every 1 - bit in the key the first 0 is added to the buffer, for every 0 - bit the first character of the key. This does not seem to be - what was intended but we have to follow this to be compatible. */ - for (cnt = key_len; cnt > 0; cnt >>= 1) - md5_process_bytes ((cnt & 1) != 0 - ? (const void *) alt_result : (const void *) key, 1, - &ctx, nss_ctx); - - /* Create intermediate result. */ - md5_finish_ctx (&ctx, nss_ctx, alt_result); - - /* Now comes another weirdness. In fear of password crackers here - comes a quite long loop which just processes the output of the - previous round again. We cannot ignore this here. */ - for (cnt = 0; cnt < 1000; ++cnt) - { - /* New context. */ - md5_init_ctx (&ctx, nss_ctx); - - /* Add key or last result. */ - if ((cnt & 1) != 0) - md5_process_bytes (key, key_len, &ctx, nss_ctx); - else - md5_process_bytes (alt_result, 16, &ctx, nss_ctx); - - /* Add salt for numbers not divisible by 3. */ - if (cnt % 3 != 0) - md5_process_bytes (salt, salt_len, &ctx, nss_ctx); - - /* Add key for numbers not divisible by 7. */ - if (cnt % 7 != 0) - md5_process_bytes (key, key_len, &ctx, nss_ctx); - - /* Add key or last result. */ - if ((cnt & 1) != 0) - md5_process_bytes (alt_result, 16, &ctx, nss_ctx); - else - md5_process_bytes (key, key_len, &ctx, nss_ctx); - - /* Create intermediate result. */ - md5_finish_ctx (&ctx, nss_ctx, alt_result); - } - -#ifdef USE_NSS - /* Free libfreebl3 resources. */ - NSSLOW_Shutdown (nss_ictx); -#endif - - /* Now we can construct the result string. It consists of three - parts. */ - cp = __stpncpy (buffer, md5_salt_prefix, MAX (0, buflen)); - buflen -= sizeof (md5_salt_prefix) - 1; - - cp = __stpncpy (cp, salt, MIN ((size_t) MAX (0, buflen), salt_len)); - buflen -= MIN ((size_t) MAX (0, buflen), salt_len); - - if (buflen > 0) - { - *cp++ = '$'; - --buflen; - } - - __b64_from_24bit (&cp, &buflen, - alt_result[0], alt_result[6], alt_result[12], 4); - __b64_from_24bit (&cp, &buflen, - alt_result[1], alt_result[7], alt_result[13], 4); - __b64_from_24bit (&cp, &buflen, - alt_result[2], alt_result[8], alt_result[14], 4); - __b64_from_24bit (&cp, &buflen, - alt_result[3], alt_result[9], alt_result[15], 4); - __b64_from_24bit (&cp, &buflen, - alt_result[4], alt_result[10], alt_result[5], 4); - __b64_from_24bit (&cp, &buflen, - 0, 0, alt_result[11], 2); - if (buflen <= 0) - { - __set_errno (ERANGE); - buffer = NULL; - } - else - *cp = '\0'; /* Terminate the string. */ - - /* Clear the buffer for the intermediate result so that people - attaching to processes or reading core dumps cannot get any - information. We do it in this way to clear correct_words[] - inside the MD5 implementation as well. */ -#ifndef USE_NSS - __md5_init_ctx (&ctx); - __md5_finish_ctx (&ctx, alt_result); - explicit_bzero (&ctx, sizeof (ctx)); - explicit_bzero (&alt_ctx, sizeof (alt_ctx)); -#endif - if (copied_key != NULL) - explicit_bzero (copied_key, key_len); - if (copied_salt != NULL) - explicit_bzero (copied_salt, salt_len); - - free (free_key); - return buffer; -} - -static char *buffer; - -char * -__md5_crypt (const char *key, const char *salt) -{ - /* We don't want to have an arbitrary limit in the size of the - password. We can compute the size of the result in advance and - so we can prepare the buffer we pass to `md5_crypt_r'. */ - static int buflen; - int needed = 3 + strlen (salt) + 1 + 26 + 1; - - if (buflen < needed) - { - char *new_buffer = (char *) realloc (buffer, needed); - if (new_buffer == NULL) - return NULL; - - buffer = new_buffer; - buflen = needed; - } - - return __md5_crypt_r (key, salt, buffer, buflen); -} - -static void -__attribute__ ((__destructor__)) -free_mem (void) -{ - free (buffer); -} diff --git a/crypt/md5.c b/crypt/md5.c deleted file mode 100644 index 03240a9a36..0000000000 --- a/crypt/md5.c +++ /dev/null @@ -1,257 +0,0 @@ -/* Functions to compute MD5 message digest of files or memory blocks. - according to the definition of MD5 in RFC 1321 from April 1992. - Copyright (C) 1995-2023 Free Software Foundation, Inc. - This file is part of the GNU C Library. - - The GNU C Library is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation; either - version 2.1 of the License, or (at your option) any later version. - - The GNU C Library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public - License along with the GNU C Library; if not, see - <https://www.gnu.org/licenses/>. */ - -/* Written by Ulrich Drepper <drepper@gnu.ai.mit.edu>, 1995. */ - -#ifdef HAVE_CONFIG_H -# include <config.h> -#endif - -#include <sys/types.h> - -#if STDC_HEADERS || defined _LIBC -# include <stdlib.h> -# include <string.h> -#else -# ifndef HAVE_MEMCPY -# define memcpy(d, s, n) (bcopy ((s), (d), (n)), (d)) -# endif -#endif - -#include "md5.h" - -#ifdef _LIBC -# include <endian.h> -# if __BYTE_ORDER == __BIG_ENDIAN -# define WORDS_BIGENDIAN 1 -# endif -/* We need to keep the namespace clean so define the MD5 function - protected using leading __ . */ -# define md5_init_ctx __md5_init_ctx -# define md5_process_bytes __md5_process_bytes -# define md5_finish_ctx __md5_finish_ctx -# define md5_read_ctx __md5_read_ctx -# define md5_stream __md5_stream -# define md5_buffer __md5_buffer -#endif - -#ifdef WORDS_BIGENDIAN -# define SWAP(n) \ - (((n) << 24) | (((n) & 0xff00) << 8) | (((n) >> 8) & 0xff00) | ((n) >> 24)) -#else -# define SWAP(n) (n) -#endif - - -/* This array contains the bytes used to pad the buffer to the next - 64-byte boundary. (RFC 1321, 3.1: Step 1) */ -static const unsigned char fillbuf[64] = { 0x80, 0 /* , 0, 0, ... */ }; - - -/* Initialize structure containing state of computation. - (RFC 1321, 3.3: Step 3) */ -void -md5_init_ctx (struct md5_ctx *ctx) -{ - ctx->A = 0x67452301; - ctx->B = 0xefcdab89; - ctx->C = 0x98badcfe; - ctx->D = 0x10325476; - - ctx->total[0] = ctx->total[1] = 0; - ctx->buflen = 0; -} - -/* Put result from CTX in first 16 bytes following RESBUF. The result - must be in little endian byte order. - - IMPORTANT: On some systems it is required that RESBUF is correctly - aligned for a 32 bits value. */ -void * -md5_read_ctx (const struct md5_ctx *ctx, void *resbuf) -{ - ((md5_uint32 *) resbuf)[0] = SWAP (ctx->A); - ((md5_uint32 *) resbuf)[1] = SWAP (ctx->B); - ((md5_uint32 *) resbuf)[2] = SWAP (ctx->C); - ((md5_uint32 *) resbuf)[3] = SWAP (ctx->D); - - return resbuf; -} - -/* Process the remaining bytes in the internal buffer and the usual - prolog according to the standard and write the result to RESBUF. - - IMPORTANT: On some systems it is required that RESBUF is correctly - aligned for a 32 bits value. */ -void * -md5_finish_ctx (struct md5_ctx *ctx, void *resbuf) -{ - /* Take yet unprocessed bytes into account. */ - md5_uint32 bytes = ctx->buflen; - size_t pad; - - /* Now count remaining bytes. */ - ctx->total[0] += bytes; - if (ctx->total[0] < bytes) - ++ctx->total[1]; - - pad = bytes >= 56 ? 64 + 56 - bytes : 56 - bytes; - memcpy (&ctx->buffer[bytes], fillbuf, pad); - - /* Put the 64-bit file length in *bits* at the end of the buffer. */ - ctx->buffer32[(bytes + pad) / 4] = SWAP (ctx->total[0] << 3); - ctx->buffer32[(bytes + pad + 4) / 4] = SWAP ((ctx->total[1] << 3) - | (ctx->total[0] >> 29)); - - /* Process last bytes. */ - __md5_process_block (ctx->buffer, bytes + pad + 8, ctx); - - return md5_read_ctx (ctx, resbuf); -} - -/* Compute MD5 message digest for bytes read from STREAM. The - resulting message digest number will be written into the 16 bytes - beginning at RESBLOCK. */ -int -md5_stream (FILE *stream, void *resblock) -{ - /* Important: BLOCKSIZE must be a multiple of 64. */ -#define BLOCKSIZE 4096 - struct md5_ctx ctx; - char buffer[BLOCKSIZE + 72]; - size_t sum; - - /* Initialize the computation context. */ - md5_init_ctx (&ctx); - - /* Iterate over full file contents. */ - while (1) - { - /* We read the file in blocks of BLOCKSIZE bytes. One call of the - computation function processes the whole buffer so that with the - next round of the loop another block can be read. */ - size_t n; - sum = 0; - - /* Read block. Take care for partial reads. */ - do - { - n = fread (buffer + sum, 1, BLOCKSIZE - sum, stream); - - sum += n; - } - while (sum < BLOCKSIZE && n != 0); - if (n == 0 && ferror (stream)) - return 1; - - /* If end of file is reached, end the loop. */ - if (n == 0) - break; - - /* Process buffer with BLOCKSIZE bytes. Note that - BLOCKSIZE % 64 == 0 - */ - __md5_process_block (buffer, BLOCKSIZE, &ctx); - } - - /* Add the last bytes if necessary. */ - if (sum > 0) - md5_process_bytes (buffer, sum, &ctx); - - /* Construct result in desired memory. */ - md5_finish_ctx (&ctx, resblock); - return 0; -} - -/* Compute MD5 message digest for LEN bytes beginning at BUFFER. The - result is always in little endian byte order, so that a byte-wise - output yields to the wanted ASCII representation of the message - digest. */ -void * -md5_buffer (const char *buffer, size_t len, void *resblock) -{ - struct md5_ctx ctx; - - /* Initialize the computation context. */ - md5_init_ctx (&ctx); - - /* Process whole buffer but last len % 64 bytes. */ - md5_process_bytes (buffer, len, &ctx); - - /* Put result in desired memory area. */ - return md5_finish_ctx (&ctx, resblock); -} - - -void -md5_process_bytes (const void *buffer, size_t len, struct md5_ctx *ctx) -{ - /* When we already have some bits in our internal buffer concatenate - both inputs first. */ - if (ctx->buflen != 0) - { - size_t left_over = ctx->buflen; - size_t add = 128 - left_over > len ? len : 128 - left_over; - - memcpy (&ctx->buffer[left_over], buffer, add); - ctx->buflen += add; - - if (ctx->buflen > 64) - { - __md5_process_block (ctx->buffer, ctx->buflen & ~63, ctx); - - ctx->buflen &= 63; - /* The regions in the following copy operation cannot overlap. */ - memcpy (ctx->buffer, &ctx->buffer[(left_over + add) & ~63], - ctx->buflen); - } - - buffer = (const char *) buffer + add; - len -= add; - } - - /* Process available complete blocks. */ - if (len >= 64) - { - while (len > 64) - { - __md5_process_block (memcpy (ctx->buffer, buffer, 64), 64, ctx); - buffer = (const char *) buffer + 64; - len -= 64; - } - } - - /* Move remaining bytes in internal buffer. */ - if (len > 0) - { - size_t left_over = ctx->buflen; - - memcpy (&ctx->buffer[left_over], buffer, len); - left_over += len; - if (left_over >= 64) - { - __md5_process_block (ctx->buffer, 64, ctx); - left_over -= 64; - memcpy (ctx->buffer, &ctx->buffer[64], left_over); - } - ctx->buflen = left_over; - } -} - -#include <md5-block.c> diff --git a/crypt/md5.h b/crypt/md5.h deleted file mode 100644 index 0b43e4a9ae..0000000000 --- a/crypt/md5.h +++ /dev/null @@ -1,146 +0,0 @@ -/* Declaration of functions and data types used for MD5 sum computing - library functions. - Copyright (C) 1995-2023 Free Software Foundation, Inc. - This file is part of the GNU C Library. - - The GNU C Library is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation; either - version 2.1 of the License, or (at your option) any later version. - - The GNU C Library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public - License along with the GNU C Library; if not, see - <https://www.gnu.org/licenses/>. */ - -#ifndef _MD5_H -#define _MD5_H 1 - -#include <stdio.h> - -#if defined HAVE_LIMITS_H || defined _LIBC -# include <limits.h> -#endif - -#define MD5_DIGEST_SIZE 16 -#define MD5_BLOCK_SIZE 64 - -/* The following contortions are an attempt to use the C preprocessor - to determine an unsigned integral type that is 32 bits wide. An - alternative approach is to use autoconf's AC_CHECK_SIZEOF macro, but - doing that would require that the configure script compile and *run* - the resulting executable. Locally running cross-compiled executables - is usually not possible. */ - -#ifdef _LIBC -# include <stdint.h> -typedef uint32_t md5_uint32; -typedef uintptr_t md5_uintptr; -#else -# define UINT_MAX_32_BITS 4294967295U - -/* If UINT_MAX isn't defined, assume it's a 32-bit type. - This should be valid for all systems GNU cares about because - that doesn't include 16-bit systems, and only modern systems - (that certainly have <limits.h>) have 64+-bit integral types. */ - -# ifndef UINT_MAX -# define UINT_MAX UINT_MAX_32_BITS -# endif - -# if UINT_MAX == UINT_MAX_32_BITS - typedef unsigned int md5_uint32; -# else -# if USHRT_MAX == UINT_MAX_32_BITS - typedef unsigned short md5_uint32; -# else -# if ULONG_MAX == UINT_MAX_32_BITS - typedef unsigned long md5_uint32; -# else - /* The following line is intended to evoke an error. - Using #error is not portable enough. */ - "Cannot determine unsigned 32-bit data type." -# endif -# endif -# endif -/* We have to make a guess about the integer type equivalent in size - to pointers which should always be correct. */ -typedef unsigned long int md5_uintptr; -#endif - -/* Structure to save state of computation between the single steps. */ -struct md5_ctx -{ - md5_uint32 A; - md5_uint32 B; - md5_uint32 C; - md5_uint32 D; - - md5_uint32 total[2]; - md5_uint32 buflen; - union - { - char buffer[128]; - md5_uint32 buffer32[32]; - }; -}; - -/* - * The following three functions are build up the low level used in - * the functions `md5_stream' and `md5_buffer'. - */ - -/* Initialize structure containing state of computation. - (RFC 1321, 3.3: Step 3) */ -extern void __md5_init_ctx (struct md5_ctx *ctx) __THROW; - -/* Starting with the result of former calls of this function (or the - initialization function update the context for the next LEN bytes - starting at BUFFER. - It is necessary that LEN is a multiple of 64!!! */ -extern void __md5_process_block (const void *buffer, size_t len, - struct md5_ctx *ctx) __THROW; - -/* Starting with the result of former calls of this function (or the - initialization function update the context for the next LEN bytes - starting at BUFFER. - It is NOT required that LEN is a multiple of 64. */ -extern void __md5_process_bytes (const void *buffer, size_t len, - struct md5_ctx *ctx) __THROW; - -/* Process the remaining bytes in the buffer and put result from CTX - in first 16 bytes following RESBUF. The result is always in little - endian byte order, so that a byte-wise output yields to the wanted - ASCII representation of the message digest. - - IMPORTANT: On some systems it is required that RESBUF is correctly - aligned for a 32 bits value. */ -extern void *__md5_finish_ctx (struct md5_ctx *ctx, void *resbuf) __THROW; - - -/* Put result from CTX in first 16 bytes following RESBUF. The result is - always in little endian byte order, so that a byte-wise output yields - to the wanted ASCII representation of the message digest. - - IMPORTANT: On some systems it is required that RESBUF is correctly - aligned for a 32 bits value. */ -extern void *__md5_read_ctx (const struct md5_ctx *ctx, void *resbuf) __THROW; - - -/* Compute MD5 message digest for bytes read from STREAM. The - resulting message digest number will be written into the 16 bytes - beginning at RESBLOCK. */ -extern int __md5_stream (FILE *stream, void *resblock) __THROW; - -/* Compute MD5 message digest for LEN bytes beginning at BUFFER. The - result is always in little endian byte order, so that a byte-wise - output yields to the wanted ASCII representation of the message - digest. */ -extern void *__md5_buffer (const char *buffer, size_t len, - void *resblock) __THROW; - -#endif /* md5.h */ diff --git a/crypt/md5c-test.c b/crypt/md5c-test.c deleted file mode 100644 index c80e40202d..0000000000 --- a/crypt/md5c-test.c +++ /dev/null @@ -1,18 +0,0 @@ -#include <crypt.h> -#include <string.h> - -int -main (int argc, char *argv[]) -{ - const char salt[] = "$1$saltstring"; - char *cp; - int result = 0; - - cp = crypt ("Hello world!", salt); - - /* MD5 is disabled in FIPS mode. */ - if (cp) - result |= strcmp ("$1$saltstri$YMyguxXMBpd2TEZ.vS/3q1", cp); - - return result; -} diff --git a/crypt/md5test-giant.c b/crypt/md5test-giant.c deleted file mode 100644 index 858e0e556b..0000000000 --- a/crypt/md5test-giant.c +++ /dev/null @@ -1,137 +0,0 @@ -/* Testcase for https://sourceware.org/bugzilla/show_bug.cgi?id=14090. - Copyright (C) 2012-2023 Free Software Foundation, Inc. - This file is part of the GNU C Library. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published - by the Free Software Foundation; version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, see <https://www.gnu.org/licenses/>. */ - -#include <stdint.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <sys/mman.h> - -#include "md5.h" - -/* This test will not work with 32-bit size_t, so let it succeed - there. */ -#if SIZE_MAX <= UINT32_MAX -static int -do_test (void) -{ - return 0; -} -#else - -# define CONST_2G 0x080000000 -# define CONST_10G 0x280000000 - -/* MD5 sum values of zero-filled blocks of specified sizes. */ -static const struct test_data_s -{ - const char ref[16]; - size_t len; -} test_data[] = - { - { "\xd4\x1d\x8c\xd9\x8f\x00\xb2\x04\xe9\x80\x09\x98\xec\xf8\x42\x7e", - 0x000000000 }, - { "\xa9\x81\x13\x0c\xf2\xb7\xe0\x9f\x46\x86\xdc\x27\x3c\xf7\x18\x7e", - 0x080000000 }, - { "\xc9\xa5\xa6\x87\x8d\x97\xb4\x8c\xc9\x65\xc1\xe4\x18\x59\xf0\x34", - 0x100000000 }, - { "\x58\xcf\x63\x8a\x73\x3f\x91\x90\x07\xb4\x28\x7c\xf5\x39\x6d\x0c", - 0x180000000 }, - { "\xb7\x70\x35\x1f\xad\xae\x5a\x96\xbb\xaf\x97\x02\xed\x97\xd2\x8d", - 0x200000000 }, - { "\x2d\xd2\x6c\x4d\x47\x99\xeb\xd2\x9f\xa3\x1e\x48\xd4\x9e\x8e\x53", - 0x280000000 }, -}; - -static int -report (const char *id, const char *md5, size_t len, const char *ref) -{ - if (memcmp (md5, ref, 16)) - { - printf ("test %s with size %zd failed\n", id, len); - return 1; - } - return 0; -} - -/* Test md5 in a single md5_process_bytes call. */ -static int -test_single (void *buf, size_t len, const char *ref) -{ - char sum[16]; - struct md5_ctx ctx; - - __md5_init_ctx (&ctx); - __md5_process_bytes (buf, len, &ctx); - __md5_finish_ctx (&ctx, sum); - - return report ("single", sum, len, ref); -} - -/* Test md5 with two md5_process_bytes calls to trigger a - different path in md5_process_block for sizes > 2 GB. */ -static int -test_double (void *buf, size_t len, const char *ref) -{ - char sum[16]; - struct md5_ctx ctx; - - __md5_init_ctx (&ctx); - if (len >= CONST_2G) - { - __md5_process_bytes (buf, CONST_2G, &ctx); - __md5_process_bytes (buf + CONST_2G, len - CONST_2G, &ctx); - } - else - __md5_process_bytes (buf, len, &ctx); - - __md5_finish_ctx (&ctx, sum); - - return report ("double", sum, len, ref); -} - - -static int -do_test (void) -{ - void *buf; - unsigned int j; - int result = 0; - - buf = mmap64 (0, CONST_10G, PROT_READ, MAP_ANONYMOUS | MAP_PRIVATE, -1, 0); - if (buf == MAP_FAILED) - { - puts ("Could not allocate 10 GB via mmap, skipping test."); - return 0; - } - - for (j = 0; j < sizeof (test_data) / sizeof (struct test_data_s); j++) - { - if (test_single (buf, test_data[j].len, test_data[j].ref)) - result = 1; - if (test_double (buf, test_data[j].len, test_data[j].ref)) - result = 1; - } - - return result; -} -#endif - -/* This needs on a fast machine 90s. */ -#define TIMEOUT 480 -#define TEST_FUNCTION do_test () -#include "../test-skeleton.c" diff --git a/crypt/md5test.c b/crypt/md5test.c deleted file mode 100644 index b57d3cd3fc..0000000000 --- a/crypt/md5test.c +++ /dev/null @@ -1,53 +0,0 @@ -#include <string.h> -#include "md5.h" - -static const struct -{ - const char *input; - const char result[16]; -} tests[] = - { - { "", - "\xd4\x1d\x8c\xd9\x8f\x00\xb2\x04\xe9\x80\x09\x98\xec\xf8\x42\x7e" }, - { "a", - "\x0c\xc1\x75\xb9\xc0\xf1\xb6\xa8\x31\xc3\x99\xe2\x69\x77\x26\x61" }, - { "abc", - "\x90\x01\x50\x98\x3c\xd2\x4f\xb0\xd6\x96\x3f\x7d\x28\xe1\x7f\x72" }, - { "message digest", - "\xf9\x6b\x69\x7d\x7c\xb7\x93\x8d\x52\x5a\x2f\x31\xaa\xf1\x61\xd0" }, - { "abcdefghijklmnopqrstuvwxyz", - "\xc3\xfc\xd3\xd7\x61\x92\xe4\x00\x7d\xfb\x49\x6c\xca\x67\xe1\x3b" }, - { "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", - "\xd1\x74\xab\x98\xd2\x77\xd9\xf5\xa5\x61\x1c\x2c\x9f\x41\x9d\x9f" }, - { "123456789012345678901234567890123456789012345678901234567890" - "12345678901234567890", - "\x57\xed\xf4\xa2\x2b\xe3\xc9\x55\xac\x49\xda\x2e\x21\x07\xb6\x7a" } - }; - - -int -main (int argc, char *argv[]) -{ - struct md5_ctx ctx; - char sum[16]; - int result = 0; - int cnt; - - for (cnt = 0; cnt < (int) (sizeof (tests) / sizeof (tests[0])); ++cnt) - { - int i; - - __md5_init_ctx (&ctx); - __md5_process_bytes (tests[cnt].input, strlen (tests[cnt].input), &ctx); - __md5_finish_ctx (&ctx, sum); - result |= memcmp (tests[cnt].result, sum, 16); - - __md5_init_ctx (&ctx); - for (i = 0; tests[cnt].input[i] != '\0'; ++i) - __md5_process_bytes (&tests[cnt].input[i], 1, &ctx); - __md5_finish_ctx (&ctx, sum); - result |= memcmp (tests[cnt].result, sum, 16); - } - - return result; -} diff --git a/crypt/sha256-block.c b/crypt/sha256-block.c deleted file mode 100644 index a44fe01d5b..0000000000 --- a/crypt/sha256-block.c +++ /dev/null @@ -1,98 +0,0 @@ -#include <stdint.h> - -/* Process LEN bytes of BUFFER, accumulating context into CTX. - It is assumed that LEN % 64 == 0. */ -void -__sha256_process_block (const void *buffer, size_t len, struct sha256_ctx *ctx) -{ - const uint32_t *words = buffer; - size_t nwords = len / sizeof (uint32_t); - uint32_t a = ctx->H[0]; - uint32_t b = ctx->H[1]; - uint32_t c = ctx->H[2]; - uint32_t d = ctx->H[3]; - uint32_t e = ctx->H[4]; - uint32_t f = ctx->H[5]; - uint32_t g = ctx->H[6]; - uint32_t h = ctx->H[7]; - - /* First increment the byte count. FIPS 180-2 specifies the possible - length of the file up to 2^64 bits. Here we only compute the - number of bytes. */ - ctx->total64 += len; - - /* Process all bytes in the buffer with 64 bytes in each round of - the loop. */ - while (nwords > 0) - { - uint32_t W[64]; - uint32_t a_save = a; - uint32_t b_save = b; - uint32_t c_save = c; - uint32_t d_save = d; - uint32_t e_save = e; - uint32_t f_save = f; - uint32_t g_save = g; - uint32_t h_save = h; - - /* Operators defined in FIPS 180-2:4.1.2. */ -#define Ch(x, y, z) ((x & y) ^ (~x & z)) -#define Maj(x, y, z) ((x & y) ^ (x & z) ^ (y & z)) -#define S0(x) (CYCLIC (x, 2) ^ CYCLIC (x, 13) ^ CYCLIC (x, 22)) -#define S1(x) (CYCLIC (x, 6) ^ CYCLIC (x, 11) ^ CYCLIC (x, 25)) -#define R0(x) (CYCLIC (x, 7) ^ CYCLIC (x, 18) ^ (x >> 3)) -#define R1(x) (CYCLIC (x, 17) ^ CYCLIC (x, 19) ^ (x >> 10)) - - /* It is unfortunate that C does not provide an operator for - cyclic rotation. Hope the C compiler is smart enough. */ -#define CYCLIC(w, s) ((w >> s) | (w << (32 - s))) - - /* Compute the message schedule according to FIPS 180-2:6.2.2 step 2. */ - for (unsigned int t = 0; t < 16; ++t) - { - W[t] = SWAP (*words); - ++words; - } - for (unsigned int t = 16; t < 64; ++t) - W[t] = R1 (W[t - 2]) + W[t - 7] + R0 (W[t - 15]) + W[t - 16]; - - /* The actual computation according to FIPS 180-2:6.2.2 step 3. */ - for (unsigned int t = 0; t < 64; ++t) - { - uint32_t T1 = h + S1 (e) + Ch (e, f, g) + K[t] + W[t]; - uint32_t T2 = S0 (a) + Maj (a, b, c); - h = g; - g = f; - f = e; - e = d + T1; - d = c; - c = b; - b = a; - a = T1 + T2; - } - - /* Add the starting values of the context according to FIPS 180-2:6.2.2 - step 4. */ - a += a_save; - b += b_save; - c += c_save; - d += d_save; - e += e_save; - f += f_save; - g += g_save; - h += h_save; - - /* Prepare for the next round. */ - nwords -= 16; - } - - /* Put checksum in context given as argument. */ - ctx->H[0] = a; - ctx->H[1] = b; - ctx->H[2] = c; - ctx->H[3] = d; - ctx->H[4] = e; - ctx->H[5] = f; - ctx->H[6] = g; - ctx->H[7] = h; -} diff --git a/crypt/sha256-crypt.c b/crypt/sha256-crypt.c deleted file mode 100644 index e90eb590bb..0000000000 --- a/crypt/sha256-crypt.c +++ /dev/null @@ -1,423 +0,0 @@ -/* One way encryption based on SHA256 sum. - Copyright (C) 2007-2023 Free Software Foundation, Inc. - This file is part of the GNU C Library. - - The GNU C Library is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation; either - version 2.1 of the License, or (at your option) any later version. - - The GNU C Library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public - License along with the GNU C Library; if not, see - <https://www.gnu.org/licenses/>. */ - -#include <assert.h> -#include <errno.h> -#include <stdbool.h> -#include <stdlib.h> -#include <string.h> -#include <stdint.h> -#include <sys/param.h> - -#include "sha256.h" -#include "crypt-private.h" - - -#ifdef USE_NSS -typedef int PRBool; -# include <hasht.h> -# include <nsslowhash.h> - -# define sha256_init_ctx(ctxp, nss_ctxp) \ - do \ - { \ - if (((nss_ctxp = NSSLOWHASH_NewContext (nss_ictx, HASH_AlgSHA256)) \ - == NULL)) \ - { \ - if (nss_ctx != NULL) \ - NSSLOWHASH_Destroy (nss_ctx); \ - if (nss_alt_ctx != NULL) \ - NSSLOWHASH_Destroy (nss_alt_ctx); \ - return NULL; \ - } \ - NSSLOWHASH_Begin (nss_ctxp); \ - } \ - while (0) - -# define sha256_process_bytes(buf, len, ctxp, nss_ctxp) \ - NSSLOWHASH_Update (nss_ctxp, (const unsigned char *) buf, len) - -# define sha256_finish_ctx(ctxp, nss_ctxp, result) \ - do \ - { \ - unsigned int ret; \ - NSSLOWHASH_End (nss_ctxp, result, &ret, sizeof (result)); \ - assert (ret == sizeof (result)); \ - NSSLOWHASH_Destroy (nss_ctxp); \ - nss_ctxp = NULL; \ - } \ - while (0) -#else -# define sha256_init_ctx(ctxp, nss_ctxp) \ - __sha256_init_ctx (ctxp) - -# define sha256_process_bytes(buf, len, ctxp, nss_ctxp) \ - __sha256_process_bytes(buf, len, ctxp) - -# define sha256_finish_ctx(ctxp, nss_ctxp, result) \ - __sha256_finish_ctx (ctxp, result) -#endif - - -/* Define our magic string to mark salt for SHA256 "encryption" - replacement. */ -static const char sha256_salt_prefix[] = "$5$"; - -/* Prefix for optional rounds specification. */ -static const char sha256_rounds_prefix[] = "rounds="; - -/* Maximum salt string length. */ -#define SALT_LEN_MAX 16 -/* Default number of rounds if not explicitly specified. */ -#define ROUNDS_DEFAULT 5000 -/* Minimum number of rounds. */ -#define ROUNDS_MIN 1000 -/* Maximum number of rounds. */ -#define ROUNDS_MAX 999999999 - - -/* Prototypes for local functions. */ -extern char *__sha256_crypt_r (const char *key, const char *salt, - char *buffer, int buflen); -extern char *__sha256_crypt (const char *key, const char *salt); - - -char * -__sha256_crypt_r (const char *key, const char *salt, char *buffer, int buflen) -{ - unsigned char alt_result[32] - __attribute__ ((__aligned__ (__alignof__ (uint32_t)))); - unsigned char temp_result[32] - __attribute__ ((__aligned__ (__alignof__ (uint32_t)))); - size_t salt_len; - size_t key_len; - size_t cnt; - char *cp; - char *copied_key = NULL; - char *copied_salt = NULL; - char *p_bytes; - char *s_bytes; - /* Default number of rounds. */ - size_t rounds = ROUNDS_DEFAULT; - bool rounds_custom = false; - size_t alloca_used = 0; - char *free_key = NULL; - char *free_pbytes = NULL; - - /* Find beginning of salt string. The prefix should normally always - be present. Just in case it is not. */ - if (strncmp (sha256_salt_prefix, salt, sizeof (sha256_salt_prefix) - 1) == 0) - /* Skip salt prefix. */ - salt += sizeof (sha256_salt_prefix) - 1; - - if (strncmp (salt, sha256_rounds_prefix, sizeof (sha256_rounds_prefix) - 1) - == 0) - { - const char *num = salt + sizeof (sha256_rounds_prefix) - 1; - char *endp; - unsigned long int srounds = strtoul (num, &endp, 10); - if (*endp == '$') - { - salt = endp + 1; - rounds = MAX (ROUNDS_MIN, MIN (srounds, ROUNDS_MAX)); - rounds_custom = true; - } - } - - salt_len = MIN (strcspn (salt, "$"), SALT_LEN_MAX); - key_len = strlen (key); - - if (((uintptr_t) key) % __alignof__ (uint32_t) != 0) - { - char *tmp; - - if (__libc_use_alloca (alloca_used + key_len + __alignof__ (uint32_t))) - tmp = alloca_account (key_len + __alignof__ (uint32_t), alloca_used); - else - { - free_key = tmp = (char *) malloc (key_len + __alignof__ (uint32_t)); - if (tmp == NULL) - return NULL; - } - - key = copied_key = - memcpy (tmp + __alignof__ (uint32_t) - - ((uintptr_t) tmp) % __alignof__ (uint32_t), - key, key_len); - assert (((uintptr_t) key) % __alignof__ (uint32_t) == 0); - } - - if (((uintptr_t) salt) % __alignof__ (uint32_t) != 0) - { - char *tmp = (char *) alloca (salt_len + __alignof__ (uint32_t)); - alloca_used += salt_len + __alignof__ (uint32_t); - salt = copied_salt = - memcpy (tmp + __alignof__ (uint32_t) - - ((uintptr_t) tmp) % __alignof__ (uint32_t), - salt, salt_len); - assert (((uintptr_t) salt) % __alignof__ (uint32_t) == 0); - } - -#ifdef USE_NSS - /* Initialize libfreebl3. */ - NSSLOWInitContext *nss_ictx = NSSLOW_Init (); - if (nss_ictx == NULL) - { - free (free_key); - return NULL; - } - NSSLOWHASHContext *nss_ctx = NULL; - NSSLOWHASHContext *nss_alt_ctx = NULL; -#else - struct sha256_ctx ctx; - struct sha256_ctx alt_ctx; -#endif - - /* Prepare for the real work. */ - sha256_init_ctx (&ctx, nss_ctx); - - /* Add the key string. */ - sha256_process_bytes (key, key_len, &ctx, nss_ctx); - - /* The last part is the salt string. This must be at most 16 - characters and it ends at the first `$' character. */ - sha256_process_bytes (salt, salt_len, &ctx, nss_ctx); - - - /* Compute alternate SHA256 sum with input KEY, SALT, and KEY. The - final result will be added to the first context. */ - sha256_init_ctx (&alt_ctx, nss_alt_ctx); - - /* Add key. */ - sha256_process_bytes (key, key_len, &alt_ctx, nss_alt_ctx); - - /* Add salt. */ - sha256_process_bytes (salt, salt_len, &alt_ctx, nss_alt_ctx); - - /* Add key again. */ - sha256_process_bytes (key, key_len, &alt_ctx, nss_alt_ctx); - - /* Now get result of this (32 bytes) and add it to the other - context. */ - sha256_finish_ctx (&alt_ctx, nss_alt_ctx, alt_result); - - /* Add for any character in the key one byte of the alternate sum. */ - for (cnt = key_len; cnt > 32; cnt -= 32) - sha256_process_bytes (alt_result, 32, &ctx, nss_ctx); - sha256_process_bytes (alt_result, cnt, &ctx, nss_ctx); - - /* Take the binary representation of the length of the key and for every - 1 add the alternate sum, for every 0 the key. */ - for (cnt = key_len; cnt > 0; cnt >>= 1) - if ((cnt & 1) != 0) - sha256_process_bytes (alt_result, 32, &ctx, nss_ctx); - else - sha256_process_bytes (key, key_len, &ctx, nss_ctx); - - /* Create intermediate result. */ - sha256_finish_ctx (&ctx, nss_ctx, alt_result); - - /* Start computation of P byte sequence. */ - sha256_init_ctx (&alt_ctx, nss_alt_ctx); - - /* For every character in the password add the entire password. */ - for (cnt = 0; cnt < key_len; ++cnt) - sha256_process_bytes (key, key_len, &alt_ctx, nss_alt_ctx); - - /* Finish the digest. */ - sha256_finish_ctx (&alt_ctx, nss_alt_ctx, temp_result); - - /* Create byte sequence P. */ - if (__libc_use_alloca (alloca_used + key_len)) - cp = p_bytes = (char *) alloca (key_len); - else - { - free_pbytes = cp = p_bytes = (char *)malloc (key_len); - if (free_pbytes == NULL) - { - free (free_key); - return NULL; - } - } - - for (cnt = key_len; cnt >= 32; cnt -= 32) - cp = mempcpy (cp, temp_result, 32); - memcpy (cp, temp_result, cnt); - - /* Start computation of S byte sequence. */ - sha256_init_ctx (&alt_ctx, nss_alt_ctx); - - /* For every character in the password add the entire password. */ - for (cnt = 0; cnt < 16 + alt_result[0]; ++cnt) - sha256_process_bytes (salt, salt_len, &alt_ctx, nss_alt_ctx); - - /* Finish the digest. */ - sha256_finish_ctx (&alt_ctx, nss_alt_ctx, temp_result); - - /* Create byte sequence S. */ - cp = s_bytes = alloca (salt_len); - for (cnt = salt_len; cnt >= 32; cnt -= 32) - cp = mempcpy (cp, temp_result, 32); - memcpy (cp, temp_result, cnt); - - /* Repeatedly run the collected hash value through SHA256 to burn - CPU cycles. */ - for (cnt = 0; cnt < rounds; ++cnt) - { - /* New context. */ - sha256_init_ctx (&ctx, nss_ctx); - - /* Add key or last result. */ - if ((cnt & 1) != 0) - sha256_process_bytes (p_bytes, key_len, &ctx, nss_ctx); - else - sha256_process_bytes (alt_result, 32, &ctx, nss_ctx); - - /* Add salt for numbers not divisible by 3. */ - if (cnt % 3 != 0) - sha256_process_bytes (s_bytes, salt_len, &ctx, nss_ctx); - - /* Add key for numbers not divisible by 7. */ - if (cnt % 7 != 0) - sha256_process_bytes (p_bytes, key_len, &ctx, nss_ctx); - - /* Add key or last result. */ - if ((cnt & 1) != 0) - sha256_process_bytes (alt_result, 32, &ctx, nss_ctx); - else - sha256_process_bytes (p_bytes, key_len, &ctx, nss_ctx); - - /* Create intermediate result. */ - sha256_finish_ctx (&ctx, nss_ctx, alt_result); - } - -#ifdef USE_NSS - /* Free libfreebl3 resources. */ - NSSLOW_Shutdown (nss_ictx); -#endif - - /* Now we can construct the result string. It consists of three - parts. */ - cp = __stpncpy (buffer, sha256_salt_prefix, MAX (0, buflen)); - buflen -= sizeof (sha256_salt_prefix) - 1; - - if (rounds_custom) - { - int n = __snprintf (cp, MAX (0, buflen), "%s%zu$", - sha256_rounds_prefix, rounds); - cp += n; - buflen -= n; - } - - cp = __stpncpy (cp, salt, MIN ((size_t) MAX (0, buflen), salt_len)); - buflen -= MIN ((size_t) MAX (0, buflen), salt_len); - - if (buflen > 0) - { - *cp++ = '$'; - --buflen; - } - - __b64_from_24bit (&cp, &buflen, - alt_result[0], alt_result[10], alt_result[20], 4); - __b64_from_24bit (&cp, &buflen, - alt_result[21], alt_result[1], alt_result[11], 4); - __b64_from_24bit (&cp, &buflen, - alt_result[12], alt_result[22], alt_result[2], 4); - __b64_from_24bit (&cp, &buflen, - alt_result[3], alt_result[13], alt_result[23], 4); - __b64_from_24bit (&cp, &buflen, - alt_result[24], alt_result[4], alt_result[14], 4); - __b64_from_24bit (&cp, &buflen, - alt_result[15], alt_result[25], alt_result[5], 4); - __b64_from_24bit (&cp, &buflen, - alt_result[6], alt_result[16], alt_result[26], 4); - __b64_from_24bit (&cp, &buflen, - alt_result[27], alt_result[7], alt_result[17], 4); - __b64_from_24bit (&cp, &buflen, - alt_result[18], alt_result[28], alt_result[8], 4); - __b64_from_24bit (&cp, &buflen, - alt_result[9], alt_result[19], alt_result[29], 4); - __b64_from_24bit (&cp, &buflen, - 0, alt_result[31], alt_result[30], 3); - if (buflen <= 0) - { - __set_errno (ERANGE); - buffer = NULL; - } - else - *cp = '\0'; /* Terminate the string. */ - - /* Clear the buffer for the intermediate result so that people - attaching to processes or reading core dumps cannot get any - information. We do it in this way to clear correct_words[] - inside the SHA256 implementation as well. */ -#ifndef USE_NSS - __sha256_init_ctx (&ctx); - __sha256_finish_ctx (&ctx, alt_result); - explicit_bzero (&ctx, sizeof (ctx)); - explicit_bzero (&alt_ctx, sizeof (alt_ctx)); -#endif - explicit_bzero (temp_result, sizeof (temp_result)); - explicit_bzero (p_bytes, key_len); - explicit_bzero (s_bytes, salt_len); - if (copied_key != NULL) - explicit_bzero (copied_key, key_len); - if (copied_salt != NULL) - explicit_bzero (copied_salt, salt_len); - - free (free_key); - free (free_pbytes); - return buffer; -} - -static char *buffer; - -/* This entry point is equivalent to the `crypt' function in Unix - libcs. */ -char * -__sha256_crypt (const char *key, const char *salt) -{ - /* We don't want to have an arbitrary limit in the size of the - password. We can compute an upper bound for the size of the - result in advance and so we can prepare the buffer we pass to - `sha256_crypt_r'. */ - static int buflen; - int needed = (sizeof (sha256_salt_prefix) - 1 - + sizeof (sha256_rounds_prefix) + 9 + 1 - + strlen (salt) + 1 + 43 + 1); - - if (buflen < needed) - { - char *new_buffer = (char *) realloc (buffer, needed); - if (new_buffer == NULL) - return NULL; - - buffer = new_buffer; - buflen = needed; - } - - return __sha256_crypt_r (key, salt, buffer, buflen); -} - -static void -__attribute__ ((__destructor__)) -free_mem (void) -{ - free (buffer); -} diff --git a/crypt/sha256.c b/crypt/sha256.c deleted file mode 100644 index 96153d67dc..0000000000 --- a/crypt/sha256.c +++ /dev/null @@ -1,193 +0,0 @@ -/* Functions to compute SHA256 message digest of files or memory blocks. - according to the definition of SHA256 in FIPS 180-2. - Copyright (C) 2007-2023 Free Software Foundation, Inc. - This file is part of the GNU C Library. - - The GNU C Library is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation; either - version 2.1 of the License, or (at your option) any later version. - - The GNU C Library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public - License along with the GNU C Library; if not, see - <https://www.gnu.org/licenses/>. */ - - -#ifdef HAVE_CONFIG_H -# include <config.h> -#endif - -#include <endian.h> -#include <stdlib.h> -#include <string.h> -#include <stdint.h> -#include <sys/types.h> - -#include "sha256.h" - -#if __BYTE_ORDER == __LITTLE_ENDIAN -# ifdef _LIBC -# include <byteswap.h> -# define SWAP(n) bswap_32 (n) -# define SWAP64(n) bswap_64 (n) -# else -# define SWAP(n) \ - (((n) << 24) | (((n) & 0xff00) << 8) | (((n) >> 8) & 0xff00) | ((n) >> 24)) -# define SWAP64(n) \ - (((n) << 56) \ - | (((n) & 0xff00) << 40) \ - | (((n) & 0xff0000) << 24) \ - | (((n) & 0xff000000) << 8) \ - | (((n) >> 8) & 0xff000000) \ - | (((n) >> 24) & 0xff0000) \ - | (((n) >> 40) & 0xff00) \ - | ((n) >> 56)) -# endif -#else -# define SWAP(n) (n) -# define SWAP64(n) (n) -#endif - - -/* This array contains the bytes used to pad the buffer to the next - 64-byte boundary. (FIPS 180-2:5.1.1) */ -static const unsigned char fillbuf[64] = { 0x80, 0 /* , 0, 0, ... */ }; - - -/* Constants for SHA256 from FIPS 180-2:4.2.2. */ -static const uint32_t K[64] = - { - 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, - 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, - 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, - 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, - 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, - 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, - 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, - 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967, - 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, - 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, - 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, - 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, - 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, - 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, - 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, - 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2 - }; - -void __sha256_process_block (const void *, size_t, struct sha256_ctx *); - -/* Initialize structure containing state of computation. - (FIPS 180-2:5.3.2) */ -void -__sha256_init_ctx (struct sha256_ctx *ctx) -{ - ctx->H[0] = 0x6a09e667; - ctx->H[1] = 0xbb67ae85; - ctx->H[2] = 0x3c6ef372; - ctx->H[3] = 0xa54ff53a; - ctx->H[4] = 0x510e527f; - ctx->H[5] = 0x9b05688c; - ctx->H[6] = 0x1f83d9ab; - ctx->H[7] = 0x5be0cd19; - - ctx->total64 = 0; - ctx->buflen = 0; -} - - -/* Process the remaining bytes in the internal buffer and the usual - prolog according to the standard and write the result to RESBUF. - - IMPORTANT: On some systems it is required that RESBUF is correctly - aligned for a 32 bits value. */ -void * -__sha256_finish_ctx (struct sha256_ctx *ctx, void *resbuf) -{ - /* Take yet unprocessed bytes into account. */ - uint32_t bytes = ctx->buflen; - size_t pad; - - /* Now count remaining bytes. */ - ctx->total64 += bytes; - - pad = bytes >= 56 ? 64 + 56 - bytes : 56 - bytes; - memcpy (&ctx->buffer[bytes], fillbuf, pad); - - /* Put the 64-bit file length in *bits* at the end of the buffer. */ - ctx->buffer32[(bytes + pad + 4) / 4] = SWAP (ctx->total[TOTAL64_low] << 3); - ctx->buffer32[(bytes + pad) / 4] = SWAP ((ctx->total[TOTAL64_high] << 3) - | (ctx->total[TOTAL64_low] >> 29)); - - /* Process last bytes. */ - __sha256_process_block (ctx->buffer, bytes + pad + 8, ctx); - - /* Put result from CTX in first 32 bytes following RESBUF. */ - for (unsigned int i = 0; i < 8; ++i) - ((uint32_t *) resbuf)[i] = SWAP (ctx->H[i]); - - return resbuf; -} - - -void -__sha256_process_bytes (const void *buffer, size_t len, struct sha256_ctx *ctx) -{ - /* When we already have some bits in our internal buffer concatenate - both inputs first. */ - if (ctx->buflen != 0) - { - size_t left_over = ctx->buflen; - size_t add = 128 - left_over > len ? len : 128 - left_over; - - memcpy (&ctx->buffer[left_over], buffer, add); - ctx->buflen += add; - - if (ctx->buflen > 64) - { - __sha256_process_block (ctx->buffer, ctx->buflen & ~63, ctx); - - ctx->buflen &= 63; - /* The regions in the following copy operation cannot overlap. */ - memcpy (ctx->buffer, &ctx->buffer[(left_over + add) & ~63], - ctx->buflen); - } - - buffer = (const char *) buffer + add; - len -= add; - } - - /* Process available complete blocks. */ - if (len >= 64) - { - while (len > 64) - { - __sha256_process_block (memcpy (ctx->buffer, buffer, 64), 64, ctx); - buffer = (const char *) buffer + 64; - len -= 64; - } - } - - /* Move remaining bytes into internal buffer. */ - if (len > 0) - { - size_t left_over = ctx->buflen; - - memcpy (&ctx->buffer[left_over], buffer, len); - left_over += len; - if (left_over >= 64) - { - __sha256_process_block (ctx->buffer, 64, ctx); - left_over -= 64; - memcpy (ctx->buffer, &ctx->buffer[64], left_over); - } - ctx->buflen = left_over; - } -} - -#include <sha256-block.c> diff --git a/crypt/sha256.h b/crypt/sha256.h deleted file mode 100644 index 94b2130ad6..0000000000 --- a/crypt/sha256.h +++ /dev/null @@ -1,69 +0,0 @@ -/* Declaration of functions and data types used for SHA256 sum computing - library functions. - Copyright (C) 2007-2023 Free Software Foundation, Inc. - This file is part of the GNU C Library. - - The GNU C Library is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation; either - version 2.1 of the License, or (at your option) any later version. - - The GNU C Library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public - License along with the GNU C Library; if not, see - <https://www.gnu.org/licenses/>. */ - -#ifndef _SHA256_H -#define _SHA256_H 1 - -#include <limits.h> -#include <stdint.h> -#include <stdio.h> -#include <endian.h> - - -/* Structure to save state of computation between the single steps. */ -struct sha256_ctx -{ - uint32_t H[8]; - - union - { - uint64_t total64; -#define TOTAL64_low (1 - (BYTE_ORDER == LITTLE_ENDIAN)) -#define TOTAL64_high (BYTE_ORDER == LITTLE_ENDIAN) - uint32_t total[2]; - }; - uint32_t buflen; - union - { - char buffer[128]; - uint32_t buffer32[32]; - uint64_t buffer64[16]; - }; -}; - -/* Initialize structure containing state of computation. - (FIPS 180-2: 5.3.2) */ -extern void __sha256_init_ctx (struct sha256_ctx *ctx) __THROW; - -/* Starting with the result of former calls of this function (or the - initialization function update the context for the next LEN bytes - starting at BUFFER. - It is NOT required that LEN is a multiple of 64. */ -extern void __sha256_process_bytes (const void *buffer, size_t len, - struct sha256_ctx *ctx) __THROW; - -/* Process the remaining bytes in the buffer and put result from CTX - in first 32 bytes following RESBUF. - - IMPORTANT: On some systems it is required that RESBUF is correctly - aligned for a 32 bits value. */ -extern void *__sha256_finish_ctx (struct sha256_ctx *ctx, void *resbuf) - __THROW; - -#endif /* sha256.h */ diff --git a/crypt/sha256c-test.c b/crypt/sha256c-test.c deleted file mode 100644 index 58aec07dae..0000000000 --- a/crypt/sha256c-test.c +++ /dev/null @@ -1,61 +0,0 @@ -#include <crypt.h> -#include <stdio.h> -#include <string.h> - -static const struct -{ - const char *salt; - const char *input; - const char *expected; -} tests[] = -{ - { "$5$saltstring", "Hello world!", - "$5$saltstring$5B8vYYiY.CVt1RlTTf8KbXBH3hsxY/GNooZaBBGWEc5" }, - { "$5$rounds=10000$saltstringsaltstring", "Hello world!", - "$5$rounds=10000$saltstringsaltst$3xv.VbSHBb41AL9AvLeujZkZRBAwqFMz2." - "opqey6IcA" }, - { "$5$rounds=5000$toolongsaltstring", "This is just a test", - "$5$rounds=5000$toolongsaltstrin$Un/5jzAHMgOGZ5.mWJpuVolil07guHPvOW8" - "mGRcvxa5" }, - { "$5$rounds=1400$anotherlongsaltstring", - "a very much longer text to encrypt. This one even stretches over more" - "than one line.", - "$5$rounds=1400$anotherlongsalts$Rx.j8H.h8HjEDGomFU8bDkXm3XIUnzyxf12" - "oP84Bnq1" }, - { "$5$rounds=77777$short", - "we have a short salt string but not a short password", - "$5$rounds=77777$short$JiO1O3ZpDAxGJeaDIuqCoEFysAe1mZNJRs3pw0KQRd/" }, - { "$5$rounds=123456$asaltof16chars..", "a short string", - "$5$rounds=123456$asaltof16chars..$gP3VQ/6X7UUEW3HkBn2w1/Ptq2jxPyzV/" - "cZKmF/wJvD" }, - { "$5$rounds=10$roundstoolow", "the minimum number is still observed", - "$5$rounds=1000$roundstoolow$yfvwcWrQ8l/K0DAWyuPMDNHpIVlTQebY9l/gL97" - "2bIC" }, -}; -#define ntests (sizeof (tests) / sizeof (tests[0])) - - - -static int -do_test (void) -{ - int result = 0; - int i; - - for (i = 0; i < ntests; ++i) - { - char *cp = crypt (tests[i].input, tests[i].salt); - - if (strcmp (cp, tests[i].expected) != 0) - { - printf ("test %d: expected \"%s\", got \"%s\"\n", - i, tests[i].expected, cp); - result = 1; - } - } - - return result; -} - -#define TEST_FUNCTION do_test () -#include "../test-skeleton.c" diff --git a/crypt/sha256test.c b/crypt/sha256test.c deleted file mode 100644 index 39e80307c7..0000000000 --- a/crypt/sha256test.c +++ /dev/null @@ -1,102 +0,0 @@ -#include <string.h> -#include "sha256.h" - -static const struct -{ - const char *input; - const char result[32]; -} tests[] = - { - /* Test vectors from FIPS 180-2: appendix B.1. */ - { "abc", - "\xba\x78\x16\xbf\x8f\x01\xcf\xea\x41\x41\x40\xde\x5d\xae\x22\x23" - "\xb0\x03\x61\xa3\x96\x17\x7a\x9c\xb4\x10\xff\x61\xf2\x00\x15\xad" }, - /* Test vectors from FIPS 180-2: appendix B.2. */ - { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", - "\x24\x8d\x6a\x61\xd2\x06\x38\xb8\xe5\xc0\x26\x93\x0c\x3e\x60\x39" - "\xa3\x3c\xe4\x59\x64\xff\x21\x67\xf6\xec\xed\xd4\x19\xdb\x06\xc1" }, - /* Test vectors from the NESSIE project. */ - { "", - "\xe3\xb0\xc4\x42\x98\xfc\x1c\x14\x9a\xfb\xf4\xc8\x99\x6f\xb9\x24" - "\x27\xae\x41\xe4\x64\x9b\x93\x4c\xa4\x95\x99\x1b\x78\x52\xb8\x55" }, - { "a", - "\xca\x97\x81\x12\xca\x1b\xbd\xca\xfa\xc2\x31\xb3\x9a\x23\xdc\x4d" - "\xa7\x86\xef\xf8\x14\x7c\x4e\x72\xb9\x80\x77\x85\xaf\xee\x48\xbb" }, - { "message digest", - "\xf7\x84\x6f\x55\xcf\x23\xe1\x4e\xeb\xea\xb5\xb4\xe1\x55\x0c\xad" - "\x5b\x50\x9e\x33\x48\xfb\xc4\xef\xa3\xa1\x41\x3d\x39\x3c\xb6\x50" }, - { "abcdefghijklmnopqrstuvwxyz", - "\x71\xc4\x80\xdf\x93\xd6\xae\x2f\x1e\xfa\xd1\x44\x7c\x66\xc9\x52" - "\x5e\x31\x62\x18\xcf\x51\xfc\x8d\x9e\xd8\x32\xf2\xda\xf1\x8b\x73" }, - { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", - "\x24\x8d\x6a\x61\xd2\x06\x38\xb8\xe5\xc0\x26\x93\x0c\x3e\x60\x39" - "\xa3\x3c\xe4\x59\x64\xff\x21\x67\xf6\xec\xed\xd4\x19\xdb\x06\xc1" }, - { "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", - "\xdb\x4b\xfc\xbd\x4d\xa0\xcd\x85\xa6\x0c\x3c\x37\xd3\xfb\xd8\x80" - "\x5c\x77\xf1\x5f\xc6\xb1\xfd\xfe\x61\x4e\xe0\xa7\xc8\xfd\xb4\xc0" }, - { "123456789012345678901234567890123456789012345678901234567890" - "12345678901234567890", - "\xf3\x71\xbc\x4a\x31\x1f\x2b\x00\x9e\xef\x95\x2d\xd8\x3c\xa8\x0e" - "\x2b\x60\x02\x6c\x8e\x93\x55\x92\xd0\xf9\xc3\x08\x45\x3c\x81\x3e" } - }; - - -int -main (void) -{ - struct sha256_ctx ctx; - char sum[32]; - int result = 0; - int cnt; - - for (cnt = 0; cnt < (int) (sizeof (tests) / sizeof (tests[0])); ++cnt) - { - __sha256_init_ctx (&ctx); - __sha256_process_bytes (tests[cnt].input, strlen (tests[cnt].input), - &ctx); - __sha256_finish_ctx (&ctx, sum); - if (memcmp (tests[cnt].result, sum, 32) != 0) - { - printf ("test %d run %d failed\n", cnt, 1); - result = 1; - } - - __sha256_init_ctx (&ctx); - for (int i = 0; tests[cnt].input[i] != '\0'; ++i) - __sha256_process_bytes (&tests[cnt].input[i], 1, &ctx); - __sha256_finish_ctx (&ctx, sum); - if (memcmp (tests[cnt].result, sum, 32) != 0) - { - printf ("test %d run %d failed\n", cnt, 2); - result = 1; - } - } - - /* Test vector from FIPS 180-2: appendix B.3. */ - char buf[1000]; - memset (buf, 'a', sizeof (buf)); - __sha256_init_ctx (&ctx); - for (int i = 0; i < 1000; ++i) - __sha256_process_bytes (buf, sizeof (buf), &ctx); - __sha256_finish_ctx (&ctx, sum); - static const char expected[32] = - "\xcd\xc7\x6e\x5c\x99\x14\xfb\x92\x81\xa1\xc7\xe2\x84\xd7\x3e\x67" - "\xf1\x80\x9a\x48\xa4\x97\x20\x0e\x04\x6d\x39\xcc\xc7\x11\x2c\xd0"; - if (memcmp (expected, sum, 32) != 0) - { - printf ("test %d failed\n", cnt++); - result = 1; - } - - __sha256_init_ctx (&ctx); - for (int i = 0; i < 100000; ++i) - __sha256_process_bytes (buf, 10, &ctx); - __sha256_finish_ctx (&ctx, sum); - if (memcmp (expected, sum, 32) != 0) - { - printf ("test %d failed\n", cnt++); - result = 1; - } - - return result; -} diff --git a/crypt/sha512-block.c b/crypt/sha512-block.c deleted file mode 100644 index 577839fe5c..0000000000 --- a/crypt/sha512-block.c +++ /dev/null @@ -1,105 +0,0 @@ -#include <stdint.h> - -/* Process LEN bytes of BUFFER, accumulating context into CTX. - It is assumed that LEN % 128 == 0. */ -void -__sha512_process_block (const void *buffer, size_t len, struct sha512_ctx *ctx) -{ - const uint64_t *words = buffer; - size_t nwords = len / sizeof (uint64_t); - uint64_t a = ctx->H[0]; - uint64_t b = ctx->H[1]; - uint64_t c = ctx->H[2]; - uint64_t d = ctx->H[3]; - uint64_t e = ctx->H[4]; - uint64_t f = ctx->H[5]; - uint64_t g = ctx->H[6]; - uint64_t h = ctx->H[7]; - - /* First increment the byte count. FIPS 180-2 specifies the possible - length of the file up to 2^128 bits. Here we only compute the - number of bytes. Do a double word increment. */ -#ifdef USE_TOTAL128 - ctx->total128 += len; -#else - uint64_t lolen = len; - ctx->total[TOTAL128_low] += lolen; - ctx->total[TOTAL128_high] += ((len >> 31 >> 31 >> 2) - + (ctx->total[TOTAL128_low] < lolen)); -#endif - - /* Process all bytes in the buffer with 128 bytes in each round of - the loop. */ - while (nwords > 0) - { - uint64_t W[80]; - uint64_t a_save = a; - uint64_t b_save = b; - uint64_t c_save = c; - uint64_t d_save = d; - uint64_t e_save = e; - uint64_t f_save = f; - uint64_t g_save = g; - uint64_t h_save = h; - - /* Operators defined in FIPS 180-2:4.1.2. */ -#define Ch(x, y, z) ((x & y) ^ (~x & z)) -#define Maj(x, y, z) ((x & y) ^ (x & z) ^ (y & z)) -#define S0(x) (CYCLIC (x, 28) ^ CYCLIC (x, 34) ^ CYCLIC (x, 39)) -#define S1(x) (CYCLIC (x, 14) ^ CYCLIC (x, 18) ^ CYCLIC (x, 41)) -#define R0(x) (CYCLIC (x, 1) ^ CYCLIC (x, 8) ^ (x >> 7)) -#define R1(x) (CYCLIC (x, 19) ^ CYCLIC (x, 61) ^ (x >> 6)) - - /* It is unfortunate that C does not provide an operator for - cyclic rotation. Hope the C compiler is smart enough. */ -#define CYCLIC(w, s) ((w >> s) | (w << (64 - s))) - - /* Compute the message schedule according to FIPS 180-2:6.3.2 step 2. */ - for (unsigned int t = 0; t < 16; ++t) - { - W[t] = SWAP (*words); - ++words; - } - for (unsigned int t = 16; t < 80; ++t) - W[t] = R1 (W[t - 2]) + W[t - 7] + R0 (W[t - 15]) + W[t - 16]; - - /* The actual computation according to FIPS 180-2:6.3.2 step 3. */ - for (unsigned int t = 0; t < 80; ++t) - { - uint64_t T1 = h + S1 (e) + Ch (e, f, g) + K[t] + W[t]; - uint64_t T2 = S0 (a) + Maj (a, b, c); - h = g; - g = f; - f = e; - e = d + T1; - d = c; - c = b; - b = a; - a = T1 + T2; - } - - /* Add the starting values of the context according to FIPS 180-2:6.3.2 - step 4. */ - a += a_save; - b += b_save; - c += c_save; - d += d_save; - e += e_save; - f += f_save; - g += g_save; - h += h_save; - - /* Prepare for the next round. */ - nwords -= 16; - } - - /* Put checksum in context given as argument. */ - ctx->H[0] = a; - ctx->H[1] = b; - ctx->H[2] = c; - ctx->H[3] = d; - ctx->H[4] = e; - ctx->H[5] = f; - ctx->H[6] = g; - ctx->H[7] = h; -} diff --git a/crypt/sha512-crypt.c b/crypt/sha512-crypt.c deleted file mode 100644 index d9c0de14d2..0000000000 --- a/crypt/sha512-crypt.c +++ /dev/null @@ -1,445 +0,0 @@ -/* One way encryption based on SHA512 sum. - Copyright (C) 2007-2023 Free Software Foundation, Inc. - This file is part of the GNU C Library. - - The GNU C Library is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation; either - version 2.1 of the License, or (at your option) any later version. - - The GNU C Library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public - License along with the GNU C Library; if not, see - <https://www.gnu.org/licenses/>. */ - -#include <assert.h> -#include <errno.h> -#include <stdbool.h> -#include <stdlib.h> -#include <string.h> -#include <stdint.h> -#include <sys/param.h> - -#include "sha512.h" -#include "crypt-private.h" - - -#ifdef USE_NSS -typedef int PRBool; -# include <hasht.h> -# include <nsslowhash.h> - -# define sha512_init_ctx(ctxp, nss_ctxp) \ - do \ - { \ - if (((nss_ctxp = NSSLOWHASH_NewContext (nss_ictx, HASH_AlgSHA512)) \ - == NULL)) \ - { \ - if (nss_ctx != NULL) \ - NSSLOWHASH_Destroy (nss_ctx); \ - if (nss_alt_ctx != NULL) \ - NSSLOWHASH_Destroy (nss_alt_ctx); \ - return NULL; \ - } \ - NSSLOWHASH_Begin (nss_ctxp); \ - } \ - while (0) - -# define sha512_process_bytes(buf, len, ctxp, nss_ctxp) \ - NSSLOWHASH_Update (nss_ctxp, (const unsigned char *) buf, len) - -# define sha512_finish_ctx(ctxp, nss_ctxp, result) \ - do \ - { \ - unsigned int ret; \ - NSSLOWHASH_End (nss_ctxp, result, &ret, sizeof (result)); \ - assert (ret == sizeof (result)); \ - NSSLOWHASH_Destroy (nss_ctxp); \ - nss_ctxp = NULL; \ - } \ - while (0) -#else -# define sha512_init_ctx(ctxp, nss_ctxp) \ - __sha512_init_ctx (ctxp) - -# define sha512_process_bytes(buf, len, ctxp, nss_ctxp) \ - __sha512_process_bytes(buf, len, ctxp) - -# define sha512_finish_ctx(ctxp, nss_ctxp, result) \ - __sha512_finish_ctx (ctxp, result) -#endif - - -/* Define our magic string to mark salt for SHA512 "encryption" - replacement. */ -static const char sha512_salt_prefix[] = "$6$"; - -/* Prefix for optional rounds specification. */ -static const char sha512_rounds_prefix[] = "rounds="; - -/* Maximum salt string length. */ -#define SALT_LEN_MAX 16 -/* Default number of rounds if not explicitly specified. */ -#define ROUNDS_DEFAULT 5000 -/* Minimum number of rounds. */ -#define ROUNDS_MIN 1000 -/* Maximum number of rounds. */ -#define ROUNDS_MAX 999999999 - - -/* Prototypes for local functions. */ -extern char *__sha512_crypt_r (const char *key, const char *salt, - char *buffer, int buflen); -extern char *__sha512_crypt (const char *key, const char *salt); - - -char * -__sha512_crypt_r (const char *key, const char *salt, char *buffer, int buflen) -{ - unsigned char alt_result[64] - __attribute__ ((__aligned__ (__alignof__ (uint64_t)))); - unsigned char temp_result[64] - __attribute__ ((__aligned__ (__alignof__ (uint64_t)))); - size_t salt_len; - size_t key_len; - size_t cnt; - char *cp; - char *copied_key = NULL; - char *copied_salt = NULL; - char *p_bytes; - char *s_bytes; - /* Default number of rounds. */ - size_t rounds = ROUNDS_DEFAULT; - bool rounds_custom = false; - size_t alloca_used = 0; - char *free_key = NULL; - char *free_pbytes = NULL; - - /* Find beginning of salt string. The prefix should normally always - be present. Just in case it is not. */ - if (strncmp (sha512_salt_prefix, salt, sizeof (sha512_salt_prefix) - 1) == 0) - /* Skip salt prefix. */ - salt += sizeof (sha512_salt_prefix) - 1; - - if (strncmp (salt, sha512_rounds_prefix, sizeof (sha512_rounds_prefix) - 1) - == 0) - { - const char *num = salt + sizeof (sha512_rounds_prefix) - 1; - char *endp; - unsigned long int srounds = strtoul (num, &endp, 10); - if (*endp == '$') - { - salt = endp + 1; - rounds = MAX (ROUNDS_MIN, MIN (srounds, ROUNDS_MAX)); - rounds_custom = true; - } - } - - salt_len = MIN (strcspn (salt, "$"), SALT_LEN_MAX); - key_len = strlen (key); - - if (((uintptr_t) key) % __alignof__ (uint64_t) != 0) - { - char *tmp; - - if (__libc_use_alloca (alloca_used + key_len + __alignof__ (uint64_t))) - tmp = alloca_account (key_len + __alignof__ (uint64_t), alloca_used); - else - { - free_key = tmp = (char *) malloc (key_len + __alignof__ (uint64_t)); - if (tmp == NULL) - return NULL; - } - - key = copied_key = - memcpy (tmp + __alignof__ (uint64_t) - - ((uintptr_t) tmp) % __alignof__ (uint64_t), - key, key_len); - assert (((uintptr_t) key) % __alignof__ (uint64_t) == 0); - } - - if (((uintptr_t) salt) % __alignof__ (uint64_t) != 0) - { - char *tmp = (char *) alloca (salt_len + __alignof__ (uint64_t)); - salt = copied_salt = - memcpy (tmp + __alignof__ (uint64_t) - - ((uintptr_t) tmp) % __alignof__ (uint64_t), - salt, salt_len); - assert (((uintptr_t) salt) % __alignof__ (uint64_t) == 0); - } - -#ifdef USE_NSS - /* Initialize libfreebl3. */ - NSSLOWInitContext *nss_ictx = NSSLOW_Init (); - if (nss_ictx == NULL) - { - free (free_key); - return NULL; - } - NSSLOWHASHContext *nss_ctx = NULL; - NSSLOWHASHContext *nss_alt_ctx = NULL; -#else - struct sha512_ctx ctx; - struct sha512_ctx alt_ctx; -#endif - - /* Prepare for the real work. */ - sha512_init_ctx (&ctx, nss_ctx); - - /* Add the key string. */ - sha512_process_bytes (key, key_len, &ctx, nss_ctx); - - /* The last part is the salt string. This must be at most 16 - characters and it ends at the first `$' character. */ - sha512_process_bytes (salt, salt_len, &ctx, nss_ctx); - - - /* Compute alternate SHA512 sum with input KEY, SALT, and KEY. The - final result will be added to the first context. */ - sha512_init_ctx (&alt_ctx, nss_alt_ctx); - - /* Add key. */ - sha512_process_bytes (key, key_len, &alt_ctx, nss_alt_ctx); - - /* Add salt. */ - sha512_process_bytes (salt, salt_len, &alt_ctx, nss_alt_ctx); - - /* Add key again. */ - sha512_process_bytes (key, key_len, &alt_ctx, nss_alt_ctx); - - /* Now get result of this (64 bytes) and add it to the other - context. */ - sha512_finish_ctx (&alt_ctx, nss_alt_ctx, alt_result); - - /* Add for any character in the key one byte of the alternate sum. */ - for (cnt = key_len; cnt > 64; cnt -= 64) - sha512_process_bytes (alt_result, 64, &ctx, nss_ctx); - sha512_process_bytes (alt_result, cnt, &ctx, nss_ctx); - - /* Take the binary representation of the length of the key and for every - 1 add the alternate sum, for every 0 the key. */ - for (cnt = key_len; cnt > 0; cnt >>= 1) - if ((cnt & 1) != 0) - sha512_process_bytes (alt_result, 64, &ctx, nss_ctx); - else - sha512_process_bytes (key, key_len, &ctx, nss_ctx); - - /* Create intermediate result. */ - sha512_finish_ctx (&ctx, nss_ctx, alt_result); - - /* Start computation of P byte sequence. */ - sha512_init_ctx (&alt_ctx, nss_alt_ctx); - - /* For every character in the password add the entire password. */ - for (cnt = 0; cnt < key_len; ++cnt) - sha512_process_bytes (key, key_len, &alt_ctx, nss_alt_ctx); - - /* Finish the digest. */ - sha512_finish_ctx (&alt_ctx, nss_alt_ctx, temp_result); - - /* Create byte sequence P. */ - if (__libc_use_alloca (alloca_used + key_len)) - cp = p_bytes = (char *) alloca (key_len); - else - { - free_pbytes = cp = p_bytes = (char *)malloc (key_len); - if (free_pbytes == NULL) - { - free (free_key); - return NULL; - } - } - - for (cnt = key_len; cnt >= 64; cnt -= 64) - cp = mempcpy (cp, temp_result, 64); - memcpy (cp, temp_result, cnt); - - /* Start computation of S byte sequence. */ - sha512_init_ctx (&alt_ctx, nss_alt_ctx); - - /* For every character in the password add the entire password. */ - for (cnt = 0; cnt < 16 + alt_result[0]; ++cnt) - sha512_process_bytes (salt, salt_len, &alt_ctx, nss_alt_ctx); - - /* Finish the digest. */ - sha512_finish_ctx (&alt_ctx, nss_alt_ctx, temp_result); - - /* Create byte sequence S. */ - cp = s_bytes = alloca (salt_len); - for (cnt = salt_len; cnt >= 64; cnt -= 64) - cp = mempcpy (cp, temp_result, 64); - memcpy (cp, temp_result, cnt); - - /* Repeatedly run the collected hash value through SHA512 to burn - CPU cycles. */ - for (cnt = 0; cnt < rounds; ++cnt) - { - /* New context. */ - sha512_init_ctx (&ctx, nss_ctx); - - /* Add key or last result. */ - if ((cnt & 1) != 0) - sha512_process_bytes (p_bytes, key_len, &ctx, nss_ctx); - else - sha512_process_bytes (alt_result, 64, &ctx, nss_ctx); - - /* Add salt for numbers not divisible by 3. */ - if (cnt % 3 != 0) - sha512_process_bytes (s_bytes, salt_len, &ctx, nss_ctx); - - /* Add key for numbers not divisible by 7. */ - if (cnt % 7 != 0) - sha512_process_bytes (p_bytes, key_len, &ctx, nss_ctx); - - /* Add key or last result. */ - if ((cnt & 1) != 0) - sha512_process_bytes (alt_result, 64, &ctx, nss_ctx); - else - sha512_process_bytes (p_bytes, key_len, &ctx, nss_ctx); - - /* Create intermediate result. */ - sha512_finish_ctx (&ctx, nss_ctx, alt_result); - } - -#ifdef USE_NSS - /* Free libfreebl3 resources. */ - NSSLOW_Shutdown (nss_ictx); -#endif - - /* Now we can construct the result string. It consists of three - parts. */ - cp = __stpncpy (buffer, sha512_salt_prefix, MAX (0, buflen)); - buflen -= sizeof (sha512_salt_prefix) - 1; - - if (rounds_custom) - { - int n = __snprintf (cp, MAX (0, buflen), "%s%zu$", - sha512_rounds_prefix, rounds); - cp += n; - buflen -= n; - } - - cp = __stpncpy (cp, salt, MIN ((size_t) MAX (0, buflen), salt_len)); - buflen -= MIN ((size_t) MAX (0, buflen), salt_len); - - if (buflen > 0) - { - *cp++ = '$'; - --buflen; - } - - __b64_from_24bit (&cp, &buflen, - alt_result[0], alt_result[21], alt_result[42], 4); - __b64_from_24bit (&cp, &buflen, - alt_result[22], alt_result[43], alt_result[1], 4); - __b64_from_24bit (&cp, &buflen, - alt_result[44], alt_result[2], alt_result[23], 4); - __b64_from_24bit (&cp, &buflen, - alt_result[3], alt_result[24], alt_result[45], 4); - __b64_from_24bit (&cp, &buflen, - alt_result[25], alt_result[46], alt_result[4], 4); - __b64_from_24bit (&cp, &buflen, - alt_result[47], alt_result[5], alt_result[26], 4); - __b64_from_24bit (&cp, &buflen, - alt_result[6], alt_result[27], alt_result[48], 4); - __b64_from_24bit (&cp, &buflen, - alt_result[28], alt_result[49], alt_result[7], 4); - __b64_from_24bit (&cp, &buflen, - alt_result[50], alt_result[8], alt_result[29], 4); - __b64_from_24bit (&cp, &buflen, - alt_result[9], alt_result[30], alt_result[51], 4); - __b64_from_24bit (&cp, &buflen, - alt_result[31], alt_result[52], alt_result[10], 4); - __b64_from_24bit (&cp, &buflen, - alt_result[53], alt_result[11], alt_result[32], 4); - __b64_from_24bit (&cp, &buflen, - alt_result[12], alt_result[33], alt_result[54], 4); - __b64_from_24bit (&cp, &buflen, - alt_result[34], alt_result[55], alt_result[13], 4); - __b64_from_24bit (&cp, &buflen, - alt_result[56], alt_result[14], alt_result[35], 4); - __b64_from_24bit (&cp, &buflen, - alt_result[15], alt_result[36], alt_result[57], 4); - __b64_from_24bit (&cp, &buflen, - alt_result[37], alt_result[58], alt_result[16], 4); - __b64_from_24bit (&cp, &buflen, - alt_result[59], alt_result[17], alt_result[38], 4); - __b64_from_24bit (&cp, &buflen, - alt_result[18], alt_result[39], alt_result[60], 4); - __b64_from_24bit (&cp, &buflen, - alt_result[40], alt_result[61], alt_result[19], 4); - __b64_from_24bit (&cp, &buflen, - alt_result[62], alt_result[20], alt_result[41], 4); - __b64_from_24bit (&cp, &buflen, - 0, 0, alt_result[63], 2); - - if (buflen <= 0) - { - __set_errno (ERANGE); - buffer = NULL; - } - else - *cp = '\0'; /* Terminate the string. */ - - /* Clear the buffer for the intermediate result so that people - attaching to processes or reading core dumps cannot get any - information. We do it in this way to clear correct_words[] - inside the SHA512 implementation as well. */ -#ifndef USE_NSS - __sha512_init_ctx (&ctx); - __sha512_finish_ctx (&ctx, alt_result); - explicit_bzero (&ctx, sizeof (ctx)); - explicit_bzero (&alt_ctx, sizeof (alt_ctx)); -#endif - explicit_bzero (temp_result, sizeof (temp_result)); - explicit_bzero (p_bytes, key_len); - explicit_bzero (s_bytes, salt_len); - if (copied_key != NULL) - explicit_bzero (copied_key, key_len); - if (copied_salt != NULL) - explicit_bzero (copied_salt, salt_len); - - free (free_key); - free (free_pbytes); - return buffer; -} - -static char *buffer; - -/* This entry point is equivalent to the `crypt' function in Unix - libcs. */ -char * -__sha512_crypt (const char *key, const char *salt) -{ - /* We don't want to have an arbitrary limit in the size of the - password. We can compute an upper bound for the size of the - result in advance and so we can prepare the buffer we pass to - `sha512_crypt_r'. */ - static int buflen; - int needed = (sizeof (sha512_salt_prefix) - 1 - + sizeof (sha512_rounds_prefix) + 9 + 1 - + strlen (salt) + 1 + 86 + 1); - - if (buflen < needed) - { - char *new_buffer = (char *) realloc (buffer, needed); - if (new_buffer == NULL) - return NULL; - - buffer = new_buffer; - buflen = needed; - } - - return __sha512_crypt_r (key, salt, buffer, buflen); -} - -static void -__attribute__ ((__destructor__)) -free_mem (void) -{ - free (buffer); -} diff --git a/crypt/sha512.c b/crypt/sha512.c deleted file mode 100644 index ceabad1bf7..0000000000 --- a/crypt/sha512.c +++ /dev/null @@ -1,221 +0,0 @@ -/* Functions to compute SHA512 message digest of files or memory blocks. - according to the definition of SHA512 in FIPS 180-2. - Copyright (C) 2007-2023 Free Software Foundation, Inc. - This file is part of the GNU C Library. - - The GNU C Library is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation; either - version 2.1 of the License, or (at your option) any later version. - - The GNU C Library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public - License along with the GNU C Library; if not, see - <https://www.gnu.org/licenses/>. */ - - -#ifdef HAVE_CONFIG_H -# include <config.h> -#endif - -#include <endian.h> -#include <stdlib.h> -#include <string.h> -#include <stdint.h> -#include <sys/types.h> - -#include "sha512.h" - -#if __BYTE_ORDER == __LITTLE_ENDIAN -# ifdef _LIBC -# include <byteswap.h> -# define SWAP(n) bswap_64 (n) -# else -# define SWAP(n) \ - (((n) << 56) \ - | (((n) & 0xff00) << 40) \ - | (((n) & 0xff0000) << 24) \ - | (((n) & 0xff000000) << 8) \ - | (((n) >> 8) & 0xff000000) \ - | (((n) >> 24) & 0xff0000) \ - | (((n) >> 40) & 0xff00) \ - | ((n) >> 56)) -# endif -#else -# define SWAP(n) (n) -#endif - - -/* This array contains the bytes used to pad the buffer to the next - 64-byte boundary. (FIPS 180-2:5.1.2) */ -static const unsigned char fillbuf[128] = { 0x80, 0 /* , 0, 0, ... */ }; - - -/* Constants for SHA512 from FIPS 180-2:4.2.3. */ -static const uint64_t K[80] = - { - UINT64_C (0x428a2f98d728ae22), UINT64_C (0x7137449123ef65cd), - UINT64_C (0xb5c0fbcfec4d3b2f), UINT64_C (0xe9b5dba58189dbbc), - UINT64_C (0x3956c25bf348b538), UINT64_C (0x59f111f1b605d019), - UINT64_C (0x923f82a4af194f9b), UINT64_C (0xab1c5ed5da6d8118), - UINT64_C (0xd807aa98a3030242), UINT64_C (0x12835b0145706fbe), - UINT64_C (0x243185be4ee4b28c), UINT64_C (0x550c7dc3d5ffb4e2), - UINT64_C (0x72be5d74f27b896f), UINT64_C (0x80deb1fe3b1696b1), - UINT64_C (0x9bdc06a725c71235), UINT64_C (0xc19bf174cf692694), - UINT64_C (0xe49b69c19ef14ad2), UINT64_C (0xefbe4786384f25e3), - UINT64_C (0x0fc19dc68b8cd5b5), UINT64_C (0x240ca1cc77ac9c65), - UINT64_C (0x2de92c6f592b0275), UINT64_C (0x4a7484aa6ea6e483), - UINT64_C (0x5cb0a9dcbd41fbd4), UINT64_C (0x76f988da831153b5), - UINT64_C (0x983e5152ee66dfab), UINT64_C (0xa831c66d2db43210), - UINT64_C (0xb00327c898fb213f), UINT64_C (0xbf597fc7beef0ee4), - UINT64_C (0xc6e00bf33da88fc2), UINT64_C (0xd5a79147930aa725), - UINT64_C (0x06ca6351e003826f), UINT64_C (0x142929670a0e6e70), - UINT64_C (0x27b70a8546d22ffc), UINT64_C (0x2e1b21385c26c926), - UINT64_C (0x4d2c6dfc5ac42aed), UINT64_C (0x53380d139d95b3df), - UINT64_C (0x650a73548baf63de), UINT64_C (0x766a0abb3c77b2a8), - UINT64_C (0x81c2c92e47edaee6), UINT64_C (0x92722c851482353b), - UINT64_C (0xa2bfe8a14cf10364), UINT64_C (0xa81a664bbc423001), - UINT64_C (0xc24b8b70d0f89791), UINT64_C (0xc76c51a30654be30), - UINT64_C (0xd192e819d6ef5218), UINT64_C (0xd69906245565a910), - UINT64_C (0xf40e35855771202a), UINT64_C (0x106aa07032bbd1b8), - UINT64_C (0x19a4c116b8d2d0c8), UINT64_C (0x1e376c085141ab53), - UINT64_C (0x2748774cdf8eeb99), UINT64_C (0x34b0bcb5e19b48a8), - UINT64_C (0x391c0cb3c5c95a63), UINT64_C (0x4ed8aa4ae3418acb), - UINT64_C (0x5b9cca4f7763e373), UINT64_C (0x682e6ff3d6b2b8a3), - UINT64_C (0x748f82ee5defb2fc), UINT64_C (0x78a5636f43172f60), - UINT64_C (0x84c87814a1f0ab72), UINT64_C (0x8cc702081a6439ec), - UINT64_C (0x90befffa23631e28), UINT64_C (0xa4506cebde82bde9), - UINT64_C (0xbef9a3f7b2c67915), UINT64_C (0xc67178f2e372532b), - UINT64_C (0xca273eceea26619c), UINT64_C (0xd186b8c721c0c207), - UINT64_C (0xeada7dd6cde0eb1e), UINT64_C (0xf57d4f7fee6ed178), - UINT64_C (0x06f067aa72176fba), UINT64_C (0x0a637dc5a2c898a6), - UINT64_C (0x113f9804bef90dae), UINT64_C (0x1b710b35131c471b), - UINT64_C (0x28db77f523047d84), UINT64_C (0x32caab7b40c72493), - UINT64_C (0x3c9ebe0a15c9bebc), UINT64_C (0x431d67c49c100d4c), - UINT64_C (0x4cc5d4becb3e42b6), UINT64_C (0x597f299cfc657e2a), - UINT64_C (0x5fcb6fab3ad6faec), UINT64_C (0x6c44198c4a475817) - }; - -void __sha512_process_block (const void *buffer, size_t len, - struct sha512_ctx *ctx); - -/* Initialize structure containing state of computation. - (FIPS 180-2:5.3.3) */ -void -__sha512_init_ctx (struct sha512_ctx *ctx) -{ - ctx->H[0] = UINT64_C (0x6a09e667f3bcc908); - ctx->H[1] = UINT64_C (0xbb67ae8584caa73b); - ctx->H[2] = UINT64_C (0x3c6ef372fe94f82b); - ctx->H[3] = UINT64_C (0xa54ff53a5f1d36f1); - ctx->H[4] = UINT64_C (0x510e527fade682d1); - ctx->H[5] = UINT64_C (0x9b05688c2b3e6c1f); - ctx->H[6] = UINT64_C (0x1f83d9abfb41bd6b); - ctx->H[7] = UINT64_C (0x5be0cd19137e2179); - - ctx->total[0] = ctx->total[1] = 0; - ctx->buflen = 0; -} - - -/* Process the remaining bytes in the internal buffer and the usual - prolog according to the standard and write the result to RESBUF. - - IMPORTANT: On some systems it is required that RESBUF is correctly - aligned for a 32 bits value. */ -void * -__sha512_finish_ctx (struct sha512_ctx *ctx, void *resbuf) -{ - /* Take yet unprocessed bytes into account. */ - uint64_t bytes = ctx->buflen; - size_t pad; - - /* Now count remaining bytes. */ -#ifdef USE_TOTAL128 - ctx->total128 += bytes; -#else - ctx->total[TOTAL128_low] += bytes; - if (ctx->total[TOTAL128_low] < bytes) - ++ctx->total[TOTAL128_high]; -#endif - - pad = bytes >= 112 ? 128 + 112 - bytes : 112 - bytes; - memcpy (&ctx->buffer[bytes], fillbuf, pad); - - /* Put the 128-bit file length in *bits* at the end of the buffer. */ - ctx->buffer64[(bytes + pad + 8) / 8] = SWAP (ctx->total[TOTAL128_low] << 3); - ctx->buffer64[(bytes + pad) / 8] = SWAP ((ctx->total[TOTAL128_high] << 3) - | (ctx->total[TOTAL128_low] >> 61)); - - /* Process last bytes. */ - __sha512_process_block (ctx->buffer, bytes + pad + 16, ctx); - - /* Put result from CTX in first 64 bytes following RESBUF. */ - for (unsigned int i = 0; i < 8; ++i) - ((uint64_t *) resbuf)[i] = SWAP (ctx->H[i]); - - return resbuf; -} - - -void -__sha512_process_bytes (const void *buffer, size_t len, struct sha512_ctx *ctx) -{ - /* When we already have some bits in our internal buffer concatenate - both inputs first. */ - if (ctx->buflen != 0) - { - size_t left_over = ctx->buflen; - size_t add = 256 - left_over > len ? len : 256 - left_over; - - memcpy (&ctx->buffer[left_over], buffer, add); - ctx->buflen += add; - - if (ctx->buflen > 128) - { - __sha512_process_block (ctx->buffer, ctx->buflen & ~127, ctx); - - ctx->buflen &= 127; - /* The regions in the following copy operation cannot overlap. */ - memcpy (ctx->buffer, &ctx->buffer[(left_over + add) & ~127], - ctx->buflen); - } - - buffer = (const char *) buffer + add; - len -= add; - } - - /* Process available complete blocks. */ - if (len >= 128) - { - while (len > 128) - { - __sha512_process_block (memcpy (ctx->buffer, buffer, 128), 128, - ctx); - buffer = (const char *) buffer + 128; - len -= 128; - } - } - - /* Move remaining bytes into internal buffer. */ - if (len > 0) - { - size_t left_over = ctx->buflen; - - memcpy (&ctx->buffer[left_over], buffer, len); - left_over += len; - if (left_over >= 128) - { - __sha512_process_block (ctx->buffer, 128, ctx); - left_over -= 128; - memcpy (ctx->buffer, &ctx->buffer[128], left_over); - } - ctx->buflen = left_over; - } -} - -#include <sha512-block.c> diff --git a/crypt/sha512.h b/crypt/sha512.h deleted file mode 100644 index 70fac16b05..0000000000 --- a/crypt/sha512.h +++ /dev/null @@ -1,72 +0,0 @@ -/* Declaration of functions and data types used for SHA512 sum computing - library functions. - Copyright (C) 2007-2023 Free Software Foundation, Inc. - This file is part of the GNU C Library. - - The GNU C Library is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation; either - version 2.1 of the License, or (at your option) any later version. - - The GNU C Library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public - License along with the GNU C Library; if not, see - <https://www.gnu.org/licenses/>. */ - -#ifndef _SHA512_H -#define _SHA512_H 1 - -#include <limits.h> -#include <stdint.h> -#include <stdio.h> -#include <endian.h> -#include <bits/wordsize.h> - - -/* Structure to save state of computation between the single steps. */ -struct sha512_ctx -{ - uint64_t H[8]; - - union - { -#if defined __GNUC__ && __WORDSIZE == 64 -# define USE_TOTAL128 - unsigned int total128 __attribute__ ((__mode__ (TI))); -#endif -#define TOTAL128_low (1 - (BYTE_ORDER == LITTLE_ENDIAN)) -#define TOTAL128_high (BYTE_ORDER == LITTLE_ENDIAN) - uint64_t total[2]; - }; - uint64_t buflen; - union - { - char buffer[256]; - uint64_t buffer64[32]; - }; -}; - -/* Initialize structure containing state of computation. - (FIPS 180-2: 5.3.3) */ -extern void __sha512_init_ctx (struct sha512_ctx *ctx) __THROW; - -/* Starting with the result of former calls of this function (or the - initialization function update the context for the next LEN bytes - starting at BUFFER. - It is NOT required that LEN is a multiple of 128. */ -extern void __sha512_process_bytes (const void *buffer, size_t len, - struct sha512_ctx *ctx) __THROW; - -/* Process the remaining bytes in the buffer and put result from CTX - in first 64 bytes following RESBUF. - - IMPORTANT: On some systems it is required that RESBUF is correctly - aligned for a 64 bits value. */ -extern void *__sha512_finish_ctx (struct sha512_ctx *ctx, void *resbuf) - __THROW; - -#endif /* sha512.h */ diff --git a/crypt/sha512c-test.c b/crypt/sha512c-test.c deleted file mode 100644 index 060e935c3c..0000000000 --- a/crypt/sha512c-test.c +++ /dev/null @@ -1,63 +0,0 @@ -#include <crypt.h> -#include <stdio.h> -#include <string.h> - -static const struct -{ - const char *salt; - const char *input; - const char *expected; -} tests[] = -{ - { "$6$saltstring", "Hello world!", - "$6$saltstring$svn8UoSVapNtMuq1ukKS4tPQd8iKwSMHWjl/O817G3uBnIFNjnQJu" - "esI68u4OTLiBFdcbYEdFCoEOfaS35inz1" }, - { "$6$rounds=10000$saltstringsaltstring", "Hello world!", - "$6$rounds=10000$saltstringsaltst$OW1/O6BYHV6BcXZu8QVeXbDWra3Oeqh0sb" - "HbbMCVNSnCM/UrjmM0Dp8vOuZeHBy/YTBmSK6H9qs/y3RnOaw5v." }, - { "$6$rounds=5000$toolongsaltstring", "This is just a test", - "$6$rounds=5000$toolongsaltstrin$lQ8jolhgVRVhY4b5pZKaysCLi0QBxGoNeKQ" - "zQ3glMhwllF7oGDZxUhx1yxdYcz/e1JSbq3y6JMxxl8audkUEm0" }, - { "$6$rounds=1400$anotherlongsaltstring", - "a very much longer text to encrypt. This one even stretches over more" - "than one line.", - "$6$rounds=1400$anotherlongsalts$POfYwTEok97VWcjxIiSOjiykti.o/pQs.wP" - "vMxQ6Fm7I6IoYN3CmLs66x9t0oSwbtEW7o7UmJEiDwGqd8p4ur1" }, - { "$6$rounds=77777$short", - "we have a short salt string but not a short password", - "$6$rounds=77777$short$WuQyW2YR.hBNpjjRhpYD/ifIw05xdfeEyQoMxIXbkvr0g" - "ge1a1x3yRULJ5CCaUeOxFmtlcGZelFl5CxtgfiAc0" }, - { "$6$rounds=123456$asaltof16chars..", "a short string", - "$6$rounds=123456$asaltof16chars..$BtCwjqMJGx5hrJhZywWvt0RLE8uZ4oPwc" - "elCjmw2kSYu.Ec6ycULevoBK25fs2xXgMNrCzIMVcgEJAstJeonj1" }, - { "$6$rounds=10$roundstoolow", "the minimum number is still observed", - "$6$rounds=1000$roundstoolow$kUMsbe306n21p9R.FRkW3IGn.S9NPN0x50YhH1x" - "hLsPuWGsUSklZt58jaTfF4ZEQpyUNGc0dqbpBYYBaHHrsX." }, -}; -#define ntests (sizeof (tests) / sizeof (tests[0])) - - -static int -do_test (void) -{ - int result = 0; - int i; - - for (i = 0; i < ntests; ++i) - { - char *cp = crypt (tests[i].input, tests[i].salt); - - if (strcmp (cp, tests[i].expected) != 0) - { - printf ("test %d: expected \"%s\", got \"%s\"\n", - i, tests[i].expected, cp); - result = 1; - } - } - - return result; -} - -#define TIMEOUT 32 -#define TEST_FUNCTION do_test () -#include "../test-skeleton.c" diff --git a/crypt/sha512test.c b/crypt/sha512test.c deleted file mode 100644 index 792e9a751a..0000000000 --- a/crypt/sha512test.c +++ /dev/null @@ -1,113 +0,0 @@ -#include <string.h> -#include "sha512.h" - -static const struct -{ - const char *input; - const char result[64]; -} tests[] = - { - /* Test vectors from FIPS 180-2: appendix C.1. */ - { "abc", - "\xdd\xaf\x35\xa1\x93\x61\x7a\xba\xcc\x41\x73\x49\xae\x20\x41\x31" - "\x12\xe6\xfa\x4e\x89\xa9\x7e\xa2\x0a\x9e\xee\xe6\x4b\x55\xd3\x9a" - "\x21\x92\x99\x2a\x27\x4f\xc1\xa8\x36\xba\x3c\x23\xa3\xfe\xeb\xbd" - "\x45\x4d\x44\x23\x64\x3c\xe8\x0e\x2a\x9a\xc9\x4f\xa5\x4c\xa4\x9f" }, - /* Test vectors from FIPS 180-2: appendix C.2. */ - { "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn" - "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu", - "\x8e\x95\x9b\x75\xda\xe3\x13\xda\x8c\xf4\xf7\x28\x14\xfc\x14\x3f" - "\x8f\x77\x79\xc6\xeb\x9f\x7f\xa1\x72\x99\xae\xad\xb6\x88\x90\x18" - "\x50\x1d\x28\x9e\x49\x00\xf7\xe4\x33\x1b\x99\xde\xc4\xb5\x43\x3a" - "\xc7\xd3\x29\xee\xb6\xdd\x26\x54\x5e\x96\xe5\x5b\x87\x4b\xe9\x09" }, - /* Test vectors from the NESSIE project. */ - { "", - "\xcf\x83\xe1\x35\x7e\xef\xb8\xbd\xf1\x54\x28\x50\xd6\x6d\x80\x07" - "\xd6\x20\xe4\x05\x0b\x57\x15\xdc\x83\xf4\xa9\x21\xd3\x6c\xe9\xce" - "\x47\xd0\xd1\x3c\x5d\x85\xf2\xb0\xff\x83\x18\xd2\x87\x7e\xec\x2f" - "\x63\xb9\x31\xbd\x47\x41\x7a\x81\xa5\x38\x32\x7a\xf9\x27\xda\x3e" }, - { "a", - "\x1f\x40\xfc\x92\xda\x24\x16\x94\x75\x09\x79\xee\x6c\xf5\x82\xf2" - "\xd5\xd7\xd2\x8e\x18\x33\x5d\xe0\x5a\xbc\x54\xd0\x56\x0e\x0f\x53" - "\x02\x86\x0c\x65\x2b\xf0\x8d\x56\x02\x52\xaa\x5e\x74\x21\x05\x46" - "\xf3\x69\xfb\xbb\xce\x8c\x12\xcf\xc7\x95\x7b\x26\x52\xfe\x9a\x75" }, - { "message digest", - "\x10\x7d\xbf\x38\x9d\x9e\x9f\x71\xa3\xa9\x5f\x6c\x05\x5b\x92\x51" - "\xbc\x52\x68\xc2\xbe\x16\xd6\xc1\x34\x92\xea\x45\xb0\x19\x9f\x33" - "\x09\xe1\x64\x55\xab\x1e\x96\x11\x8e\x8a\x90\x5d\x55\x97\xb7\x20" - "\x38\xdd\xb3\x72\xa8\x98\x26\x04\x6d\xe6\x66\x87\xbb\x42\x0e\x7c" }, - { "abcdefghijklmnopqrstuvwxyz", - "\x4d\xbf\xf8\x6c\xc2\xca\x1b\xae\x1e\x16\x46\x8a\x05\xcb\x98\x81" - "\xc9\x7f\x17\x53\xbc\xe3\x61\x90\x34\x89\x8f\xaa\x1a\xab\xe4\x29" - "\x95\x5a\x1b\xf8\xec\x48\x3d\x74\x21\xfe\x3c\x16\x46\x61\x3a\x59" - "\xed\x54\x41\xfb\x0f\x32\x13\x89\xf7\x7f\x48\xa8\x79\xc7\xb1\xf1" }, - { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", - "\x20\x4a\x8f\xc6\xdd\xa8\x2f\x0a\x0c\xed\x7b\xeb\x8e\x08\xa4\x16" - "\x57\xc1\x6e\xf4\x68\xb2\x28\xa8\x27\x9b\xe3\x31\xa7\x03\xc3\x35" - "\x96\xfd\x15\xc1\x3b\x1b\x07\xf9\xaa\x1d\x3b\xea\x57\x78\x9c\xa0" - "\x31\xad\x85\xc7\xa7\x1d\xd7\x03\x54\xec\x63\x12\x38\xca\x34\x45" }, - { "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", - "\x1e\x07\xbe\x23\xc2\x6a\x86\xea\x37\xea\x81\x0c\x8e\xc7\x80\x93" - "\x52\x51\x5a\x97\x0e\x92\x53\xc2\x6f\x53\x6c\xfc\x7a\x99\x96\xc4" - "\x5c\x83\x70\x58\x3e\x0a\x78\xfa\x4a\x90\x04\x1d\x71\xa4\xce\xab" - "\x74\x23\xf1\x9c\x71\xb9\xd5\xa3\xe0\x12\x49\xf0\xbe\xbd\x58\x94" }, - { "123456789012345678901234567890123456789012345678901234567890" - "12345678901234567890", - "\x72\xec\x1e\xf1\x12\x4a\x45\xb0\x47\xe8\xb7\xc7\x5a\x93\x21\x95" - "\x13\x5b\xb6\x1d\xe2\x4e\xc0\xd1\x91\x40\x42\x24\x6e\x0a\xec\x3a" - "\x23\x54\xe0\x93\xd7\x6f\x30\x48\xb4\x56\x76\x43\x46\x90\x0c\xb1" - "\x30\xd2\xa4\xfd\x5d\xd1\x6a\xbb\x5e\x30\xbc\xb8\x50\xde\xe8\x43" } - }; - - -int -main (void) -{ - struct sha512_ctx ctx; - char sum[64]; - int result = 0; - int cnt; - - for (cnt = 0; cnt < (int) (sizeof (tests) / sizeof (tests[0])); ++cnt) - { - __sha512_init_ctx (&ctx); - __sha512_process_bytes (tests[cnt].input, strlen (tests[cnt].input), - &ctx); - __sha512_finish_ctx (&ctx, sum); - if (memcmp (tests[cnt].result, sum, 64) != 0) - { - printf ("test %d run %d failed\n", cnt, 1); - result = 1; - } - - __sha512_init_ctx (&ctx); - for (int i = 0; tests[cnt].input[i] != '\0'; ++i) - __sha512_process_bytes (&tests[cnt].input[i], 1, &ctx); - __sha512_finish_ctx (&ctx, sum); - if (memcmp (tests[cnt].result, sum, 64) != 0) - { - printf ("test %d run %d failed\n", cnt, 2); - result = 1; - } - } - - /* Test vector from FIPS 180-2: appendix C.3. */ - char buf[1000]; - memset (buf, 'a', sizeof (buf)); - __sha512_init_ctx (&ctx); - for (int i = 0; i < 1000; ++i) - __sha512_process_bytes (buf, sizeof (buf), &ctx); - __sha512_finish_ctx (&ctx, sum); - static const char expected[64] = - "\xe7\x18\x48\x3d\x0c\xe7\x69\x64\x4e\x2e\x42\xc7\xbc\x15\xb4\x63" - "\x8e\x1f\x98\xb1\x3b\x20\x44\x28\x56\x32\xa8\x03\xaf\xa9\x73\xeb" - "\xde\x0f\xf2\x44\x87\x7e\xa6\x0a\x4c\xb0\x43\x2c\xe5\x77\xc3\x1b" - "\xeb\x00\x9c\x5c\x2c\x49\xaa\x2e\x4e\xad\xb2\x17\xad\x8c\xc0\x9b"; - if (memcmp (expected, sum, 64) != 0) - { - printf ("test %d failed\n", cnt); - result = 1; - } - - return result; -} diff --git a/crypt/speeds.c b/crypt/speeds.c deleted file mode 100644 index 810ecb0b29..0000000000 --- a/crypt/speeds.c +++ /dev/null @@ -1,153 +0,0 @@ -/* - * This fcrypt/crypt speed testing program - * is derived from one floating around in - * the net. It's distributed along with - * UFC-crypt but is not covered by any - * licence. - * - * @(#)speeds.c 1.11 20 Aug 1996 - */ - -#include <signal.h> -#include <stdio.h> - -#ifndef SIGVTALRM -/* - * patch from chip@chinacat.unicom.com (Chip Rosenthal): - * you may enable it if your system does not include - * a setitimer() function. You'll have to ensure the - * existence an environment variable: HZ giving how many - * ticks goes per second. - * If not existing in your default environment 50, 60 - * or even 100 may be the right value. Perhaps you should - * then use 'time ./ufc 10000' instead of guessing. - */ -#define NO_ITIMER -#endif - -#ifdef NO_ITIMER -#include <sys/types.h> -#include <sys/times.h> -#else -#include <sys/time.h> -#endif - -static int cnt; -#ifdef NO_ITIMER -char *hz; -struct tms tstart, tfinish; -#endif -#define ITIME 10 /* Number of seconds to run test. */ - -char *crypt(), *fcrypt(); - -void -Stop (void) -{ - double elapsed; -#ifdef NO_ITIMER - (void) times(&tfinish); - elapsed = ((tfinish.tms_utime + tfinish.tms_stime) - - (tstart.tms_utime + tstart.tms_stime)) / atoi(hz); - printf("elapsed time = %d sec, CPU time = %f sec\n", ITIME, elapsed); -#else - elapsed = ITIME; -#endif - printf ("Did %f %s()s per second.\n", ((float) cnt) / elapsed, -#if defined(FCRYPT) - "fcrypt" -#else - "crypt" -#endif - ); - exit (0); -} - -/* - * Silly rewrite of 'bzero'. I do so - * because some machines don't have - * bzero and some don't have memset. - */ - -static void clearmem(start, cnt) - char *start; - int cnt; - { while(cnt--) - *start++ = '\0'; - } - -main (void) -{ - char *s; -#ifdef NO_ITIMER - extern char *getenv(); -#else - struct itimerval itv; -#endif - -#ifdef NO_ITIMER - if ((hz = getenv("HZ")) == NULL) { - fprintf(stderr, "HZ environment parameter undefined\n"); - exit(1); - } -#endif - -#ifdef FCRYPT - printf("\n"); - printf("Warning: this version of the speed program may run slower when\n"); - printf("benchmarking UFC-crypt than previous versions. This is because it\n"); - printf("stresses the CPU hardware cache in order to get benchmark figures\n"); - printf("that corresponds closer to the performance that can be expected in\n"); - printf("a password cracker.\n\n"); -#endif - - printf ("Running %s for %d seconds of virtual time ...\n", -#ifdef FCRYPT - "UFC-crypt", -#else - "crypt(libc)", -#endif - ITIME); - -#ifdef FCRYPT - init_des (); -#endif - -#ifdef NO_ITIMER - signal(SIGALRM, Stop); - switch (fork()) { - case -1: - perror("fork failed"); - exit(1); - case 0: - sleep(10); - kill(getppid(), SIGALRM); - exit(0); - default: - (void) times(&tstart); - } -#else - clearmem ((char*)&itv, (int)sizeof (itv)); - signal (SIGVTALRM, Stop); - itv.it_value.tv_sec = ITIME; - itv.it_value.tv_usec = 0; - setitimer (ITIMER_VIRTUAL, &itv, NULL); -#endif - - - s = "fredred"; - for (cnt = 0;; cnt++) - { -#ifdef FCRYPT - s = fcrypt (s, "eek"); -#else - s = crypt (s, "eek"); -#endif - } -} - - - - - - diff --git a/crypt/ufc-crypt.h b/crypt/ufc-crypt.h deleted file mode 100644 index a391940e63..0000000000 --- a/crypt/ufc-crypt.h +++ /dev/null @@ -1,28 +0,0 @@ -/* Types for UFC-crypt. - Copyright (C) 1998-2023 Free Software Foundation, Inc. - This file is part of the GNU C Library. - - The GNU C Library is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation; either - version 2.1 of the License, or (at your option) any later version. - - The GNU C Library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public - License along with the GNU C Library; if not, see - <https://www.gnu.org/licenses/>. */ - -#include <stdint.h> - -typedef uint_fast32_t ufc_long; -typedef uint64_t long64; -typedef uint32_t long32; -#if UINT_FAST32_MAX == UINT_FAST64_MAX -# define _UFC_64_ -#else -# define _UFC_32_ -#endif diff --git a/crypt/ufc.c b/crypt/ufc.c deleted file mode 100644 index 8a42c638e0..0000000000 --- a/crypt/ufc.c +++ /dev/null @@ -1,54 +0,0 @@ -/* - * UFC-crypt: ultra fast crypt(3) implementation - * - * Copyright (C) 1991-2023 Free Software Foundation, Inc. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with the GNU C Library; see the file COPYING.LIB. If not, - * see <https://www.gnu.org/licenses/>. - * - * @(#)ufc.c 2.7 9/10/96 - * - * Stub main program for debugging - * and benchmarking. - * - */ - -#include <stdio.h> - -char *crypt(); - -main(argc, argv) - int argc; - char **argv; - { char *s; - unsigned long i,iterations; - - if(argc != 2) { - fprintf(stderr, "usage: ufc iterations\n"); - exit(1); - } - argv++; - iterations = atoi(*argv); - printf("ufc: running %d iterations\n", iterations); - - for(i=0; i<iterations; i++) - s=crypt("foob","ar"); - if(strcmp(s, "arlEKn0OzVJn.") == 0) - printf("OK\n"); - else { - printf("wrong result: %s!!\n", s); - exit(1); - } - exit(0); - } |