gh0s7/Lucina3DS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

First Commit

Browse Source
This commit is contained in:
CGH0S7
2025-02-06 22:24:29 +08:00
parent ed7df4c81e
commit 7539e6a53c
18116 changed files with 6181499 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

455
externals/libressl/crypto/sha/sha1-elf-armv4.S vendored Normal file
View File

@@ -0,0 +1,455 @@
#include "arm_arch.h"
.text
.global sha1_block_data_order
.type sha1_block_data_order,%function
.align 2
sha1_block_data_order:
stmdb sp!,{r4-r12,lr}
add r2,r1,r2,lsl#6 @ r2 to point at the end of r1
ldmia r0,{r3,r4,r5,r6,r7}
.Lloop:
ldr r8,.LK_00_19
mov r14,sp
sub sp,sp,#15*4
mov r5,r5,ror#30
mov r6,r6,ror#30
mov r7,r7,ror#30 @ [6]
.L_00_15:
#if __ARM_ARCH__<7 || defined(__STRICT_ALIGNMENT)
ldrb r10,[r1,#2]
ldrb r9,[r1,#3]
ldrb r11,[r1,#1]
add r7,r8,r7,ror#2 @ E+=K_00_19
ldrb r12,[r1],#4
orr r9,r9,r10,lsl#8
eor r10,r5,r6 @ F_xx_xx
orr r9,r9,r11,lsl#16
add r7,r7,r3,ror#27 @ E+=ROR(A,27)
orr r9,r9,r12,lsl#24
#else
ldr r9,[r1],#4 @ handles unaligned
add r7,r8,r7,ror#2 @ E+=K_00_19
eor r10,r5,r6 @ F_xx_xx
add r7,r7,r3,ror#27 @ E+=ROR(A,27)
#ifdef __ARMEL__
rev r9,r9 @ byte swap
#endif
#endif
and r10,r4,r10,ror#2
add r7,r7,r9 @ E+=X[i]
eor r10,r10,r6,ror#2 @ F_00_19(B,C,D)
str r9,[r14,#-4]!
add r7,r7,r10 @ E+=F_00_19(B,C,D)
#if __ARM_ARCH__<7 || defined(__STRICT_ALIGNMENT)
ldrb r10,[r1,#2]
ldrb r9,[r1,#3]
ldrb r11,[r1,#1]
add r6,r8,r6,ror#2 @ E+=K_00_19
ldrb r12,[r1],#4
orr r9,r9,r10,lsl#8
eor r10,r4,r5 @ F_xx_xx
orr r9,r9,r11,lsl#16
add r6,r6,r7,ror#27 @ E+=ROR(A,27)
orr r9,r9,r12,lsl#24
#else
ldr r9,[r1],#4 @ handles unaligned
add r6,r8,r6,ror#2 @ E+=K_00_19
eor r10,r4,r5 @ F_xx_xx
add r6,r6,r7,ror#27 @ E+=ROR(A,27)
#ifdef __ARMEL__
rev r9,r9 @ byte swap
#endif
#endif
and r10,r3,r10,ror#2
add r6,r6,r9 @ E+=X[i]
eor r10,r10,r5,ror#2 @ F_00_19(B,C,D)
str r9,[r14,#-4]!
add r6,r6,r10 @ E+=F_00_19(B,C,D)
#if __ARM_ARCH__<7 || defined(__STRICT_ALIGNMENT)
ldrb r10,[r1,#2]
ldrb r9,[r1,#3]
ldrb r11,[r1,#1]
add r5,r8,r5,ror#2 @ E+=K_00_19
ldrb r12,[r1],#4
orr r9,r9,r10,lsl#8
eor r10,r3,r4 @ F_xx_xx
orr r9,r9,r11,lsl#16
add r5,r5,r6,ror#27 @ E+=ROR(A,27)
orr r9,r9,r12,lsl#24
#else
ldr r9,[r1],#4 @ handles unaligned
add r5,r8,r5,ror#2 @ E+=K_00_19
eor r10,r3,r4 @ F_xx_xx
add r5,r5,r6,ror#27 @ E+=ROR(A,27)
#ifdef __ARMEL__
rev r9,r9 @ byte swap
#endif
#endif
and r10,r7,r10,ror#2
add r5,r5,r9 @ E+=X[i]
eor r10,r10,r4,ror#2 @ F_00_19(B,C,D)
str r9,[r14,#-4]!
add r5,r5,r10 @ E+=F_00_19(B,C,D)
#if __ARM_ARCH__<7 || defined(__STRICT_ALIGNMENT)
ldrb r10,[r1,#2]
ldrb r9,[r1,#3]
ldrb r11,[r1,#1]
add r4,r8,r4,ror#2 @ E+=K_00_19
ldrb r12,[r1],#4
orr r9,r9,r10,lsl#8
eor r10,r7,r3 @ F_xx_xx
orr r9,r9,r11,lsl#16
add r4,r4,r5,ror#27 @ E+=ROR(A,27)
orr r9,r9,r12,lsl#24
#else
ldr r9,[r1],#4 @ handles unaligned
add r4,r8,r4,ror#2 @ E+=K_00_19
eor r10,r7,r3 @ F_xx_xx
add r4,r4,r5,ror#27 @ E+=ROR(A,27)
#ifdef __ARMEL__
rev r9,r9 @ byte swap
#endif
#endif
and r10,r6,r10,ror#2
add r4,r4,r9 @ E+=X[i]
eor r10,r10,r3,ror#2 @ F_00_19(B,C,D)
str r9,[r14,#-4]!
add r4,r4,r10 @ E+=F_00_19(B,C,D)
#if __ARM_ARCH__<7 || defined(__STRICT_ALIGNMENT)
ldrb r10,[r1,#2]
ldrb r9,[r1,#3]
ldrb r11,[r1,#1]
add r3,r8,r3,ror#2 @ E+=K_00_19
ldrb r12,[r1],#4
orr r9,r9,r10,lsl#8
eor r10,r6,r7 @ F_xx_xx
orr r9,r9,r11,lsl#16
add r3,r3,r4,ror#27 @ E+=ROR(A,27)
orr r9,r9,r12,lsl#24
#else
ldr r9,[r1],#4 @ handles unaligned
add r3,r8,r3,ror#2 @ E+=K_00_19
eor r10,r6,r7 @ F_xx_xx
add r3,r3,r4,ror#27 @ E+=ROR(A,27)
#ifdef __ARMEL__
rev r9,r9 @ byte swap
#endif
#endif
and r10,r5,r10,ror#2
add r3,r3,r9 @ E+=X[i]
eor r10,r10,r7,ror#2 @ F_00_19(B,C,D)
str r9,[r14,#-4]!
add r3,r3,r10 @ E+=F_00_19(B,C,D)
teq r14,sp
bne .L_00_15 @ [((11+4)*5+2)*3]
sub sp,sp,#25*4
#if __ARM_ARCH__<7 || defined(__STRICT_ALIGNMENT)
ldrb r10,[r1,#2]
ldrb r9,[r1,#3]
ldrb r11,[r1,#1]
add r7,r8,r7,ror#2 @ E+=K_00_19
ldrb r12,[r1],#4
orr r9,r9,r10,lsl#8
eor r10,r5,r6 @ F_xx_xx
orr r9,r9,r11,lsl#16
add r7,r7,r3,ror#27 @ E+=ROR(A,27)
orr r9,r9,r12,lsl#24
#else
ldr r9,[r1],#4 @ handles unaligned
add r7,r8,r7,ror#2 @ E+=K_00_19
eor r10,r5,r6 @ F_xx_xx
add r7,r7,r3,ror#27 @ E+=ROR(A,27)
#ifdef __ARMEL__
rev r9,r9 @ byte swap
#endif
#endif
and r10,r4,r10,ror#2
add r7,r7,r9 @ E+=X[i]
eor r10,r10,r6,ror#2 @ F_00_19(B,C,D)
str r9,[r14,#-4]!
add r7,r7,r10 @ E+=F_00_19(B,C,D)
ldr r9,[r14,#15*4]
ldr r10,[r14,#13*4]
ldr r11,[r14,#7*4]
add r6,r8,r6,ror#2 @ E+=K_xx_xx
ldr r12,[r14,#2*4]
eor r9,r9,r10
eor r11,r11,r12 @ 1 cycle stall
eor r10,r4,r5 @ F_xx_xx
mov r9,r9,ror#31
add r6,r6,r7,ror#27 @ E+=ROR(A,27)
eor r9,r9,r11,ror#31
str r9,[r14,#-4]!
and r10,r3,r10,ror#2 @ F_xx_xx
@ F_xx_xx
add r6,r6,r9 @ E+=X[i]
eor r10,r10,r5,ror#2 @ F_00_19(B,C,D)
add r6,r6,r10 @ E+=F_00_19(B,C,D)
ldr r9,[r14,#15*4]
ldr r10,[r14,#13*4]
ldr r11,[r14,#7*4]
add r5,r8,r5,ror#2 @ E+=K_xx_xx
ldr r12,[r14,#2*4]
eor r9,r9,r10
eor r11,r11,r12 @ 1 cycle stall
eor r10,r3,r4 @ F_xx_xx
mov r9,r9,ror#31
add r5,r5,r6,ror#27 @ E+=ROR(A,27)
eor r9,r9,r11,ror#31
str r9,[r14,#-4]!
and r10,r7,r10,ror#2 @ F_xx_xx
@ F_xx_xx
add r5,r5,r9 @ E+=X[i]
eor r10,r10,r4,ror#2 @ F_00_19(B,C,D)
add r5,r5,r10 @ E+=F_00_19(B,C,D)
ldr r9,[r14,#15*4]
ldr r10,[r14,#13*4]
ldr r11,[r14,#7*4]
add r4,r8,r4,ror#2 @ E+=K_xx_xx
ldr r12,[r14,#2*4]
eor r9,r9,r10
eor r11,r11,r12 @ 1 cycle stall
eor r10,r7,r3 @ F_xx_xx
mov r9,r9,ror#31
add r4,r4,r5,ror#27 @ E+=ROR(A,27)
eor r9,r9,r11,ror#31
str r9,[r14,#-4]!
and r10,r6,r10,ror#2 @ F_xx_xx
@ F_xx_xx
add r4,r4,r9 @ E+=X[i]
eor r10,r10,r3,ror#2 @ F_00_19(B,C,D)
add r4,r4,r10 @ E+=F_00_19(B,C,D)
ldr r9,[r14,#15*4]
ldr r10,[r14,#13*4]
ldr r11,[r14,#7*4]
add r3,r8,r3,ror#2 @ E+=K_xx_xx
ldr r12,[r14,#2*4]
eor r9,r9,r10
eor r11,r11,r12 @ 1 cycle stall
eor r10,r6,r7 @ F_xx_xx
mov r9,r9,ror#31
add r3,r3,r4,ror#27 @ E+=ROR(A,27)
eor r9,r9,r11,ror#31
str r9,[r14,#-4]!
and r10,r5,r10,ror#2 @ F_xx_xx
@ F_xx_xx
add r3,r3,r9 @ E+=X[i]
eor r10,r10,r7,ror#2 @ F_00_19(B,C,D)
add r3,r3,r10 @ E+=F_00_19(B,C,D)
ldr r8,.LK_20_39 @ [+15+16*4]
cmn sp,#0 @ [+3], clear carry to denote 20_39
.L_20_39_or_60_79:
ldr r9,[r14,#15*4]
ldr r10,[r14,#13*4]
ldr r11,[r14,#7*4]
add r7,r8,r7,ror#2 @ E+=K_xx_xx
ldr r12,[r14,#2*4]
eor r9,r9,r10
eor r11,r11,r12 @ 1 cycle stall
eor r10,r5,r6 @ F_xx_xx
mov r9,r9,ror#31
add r7,r7,r3,ror#27 @ E+=ROR(A,27)
eor r9,r9,r11,ror#31
str r9,[r14,#-4]!
eor r10,r4,r10,ror#2 @ F_xx_xx
@ F_xx_xx
add r7,r7,r9 @ E+=X[i]
add r7,r7,r10 @ E+=F_20_39(B,C,D)
ldr r9,[r14,#15*4]
ldr r10,[r14,#13*4]
ldr r11,[r14,#7*4]
add r6,r8,r6,ror#2 @ E+=K_xx_xx
ldr r12,[r14,#2*4]
eor r9,r9,r10
eor r11,r11,r12 @ 1 cycle stall
eor r10,r4,r5 @ F_xx_xx
mov r9,r9,ror#31
add r6,r6,r7,ror#27 @ E+=ROR(A,27)
eor r9,r9,r11,ror#31
str r9,[r14,#-4]!
eor r10,r3,r10,ror#2 @ F_xx_xx
@ F_xx_xx
add r6,r6,r9 @ E+=X[i]
add r6,r6,r10 @ E+=F_20_39(B,C,D)
ldr r9,[r14,#15*4]
ldr r10,[r14,#13*4]
ldr r11,[r14,#7*4]
add r5,r8,r5,ror#2 @ E+=K_xx_xx
ldr r12,[r14,#2*4]
eor r9,r9,r10
eor r11,r11,r12 @ 1 cycle stall
eor r10,r3,r4 @ F_xx_xx
mov r9,r9,ror#31
add r5,r5,r6,ror#27 @ E+=ROR(A,27)
eor r9,r9,r11,ror#31
str r9,[r14,#-4]!
eor r10,r7,r10,ror#2 @ F_xx_xx
@ F_xx_xx
add r5,r5,r9 @ E+=X[i]
add r5,r5,r10 @ E+=F_20_39(B,C,D)
ldr r9,[r14,#15*4]
ldr r10,[r14,#13*4]
ldr r11,[r14,#7*4]
add r4,r8,r4,ror#2 @ E+=K_xx_xx
ldr r12,[r14,#2*4]
eor r9,r9,r10
eor r11,r11,r12 @ 1 cycle stall
eor r10,r7,r3 @ F_xx_xx
mov r9,r9,ror#31
add r4,r4,r5,ror#27 @ E+=ROR(A,27)
eor r9,r9,r11,ror#31
str r9,[r14,#-4]!
eor r10,r6,r10,ror#2 @ F_xx_xx
@ F_xx_xx
add r4,r4,r9 @ E+=X[i]
add r4,r4,r10 @ E+=F_20_39(B,C,D)
ldr r9,[r14,#15*4]
ldr r10,[r14,#13*4]
ldr r11,[r14,#7*4]
add r3,r8,r3,ror#2 @ E+=K_xx_xx
ldr r12,[r14,#2*4]
eor r9,r9,r10
eor r11,r11,r12 @ 1 cycle stall
eor r10,r6,r7 @ F_xx_xx
mov r9,r9,ror#31
add r3,r3,r4,ror#27 @ E+=ROR(A,27)
eor r9,r9,r11,ror#31
str r9,[r14,#-4]!
eor r10,r5,r10,ror#2 @ F_xx_xx
@ F_xx_xx
add r3,r3,r9 @ E+=X[i]
add r3,r3,r10 @ E+=F_20_39(B,C,D)
teq r14,sp @ preserve carry
bne .L_20_39_or_60_79 @ [+((12+3)*5+2)*4]
bcs .L_done @ [+((12+3)*5+2)*4], spare 300 bytes
ldr r8,.LK_40_59
sub sp,sp,#20*4 @ [+2]
.L_40_59:
ldr r9,[r14,#15*4]
ldr r10,[r14,#13*4]
ldr r11,[r14,#7*4]
add r7,r8,r7,ror#2 @ E+=K_xx_xx
ldr r12,[r14,#2*4]
eor r9,r9,r10
eor r11,r11,r12 @ 1 cycle stall
eor r10,r5,r6 @ F_xx_xx
mov r9,r9,ror#31
add r7,r7,r3,ror#27 @ E+=ROR(A,27)
eor r9,r9,r11,ror#31
str r9,[r14,#-4]!
and r10,r4,r10,ror#2 @ F_xx_xx
and r11,r5,r6 @ F_xx_xx
add r7,r7,r9 @ E+=X[i]
add r7,r7,r10 @ E+=F_40_59(B,C,D)
add r7,r7,r11,ror#2
ldr r9,[r14,#15*4]
ldr r10,[r14,#13*4]
ldr r11,[r14,#7*4]
add r6,r8,r6,ror#2 @ E+=K_xx_xx
ldr r12,[r14,#2*4]
eor r9,r9,r10
eor r11,r11,r12 @ 1 cycle stall
eor r10,r4,r5 @ F_xx_xx
mov r9,r9,ror#31
add r6,r6,r7,ror#27 @ E+=ROR(A,27)
eor r9,r9,r11,ror#31
str r9,[r14,#-4]!
and r10,r3,r10,ror#2 @ F_xx_xx
and r11,r4,r5 @ F_xx_xx
add r6,r6,r9 @ E+=X[i]
add r6,r6,r10 @ E+=F_40_59(B,C,D)
add r6,r6,r11,ror#2
ldr r9,[r14,#15*4]
ldr r10,[r14,#13*4]
ldr r11,[r14,#7*4]
add r5,r8,r5,ror#2 @ E+=K_xx_xx
ldr r12,[r14,#2*4]
eor r9,r9,r10
eor r11,r11,r12 @ 1 cycle stall
eor r10,r3,r4 @ F_xx_xx
mov r9,r9,ror#31
add r5,r5,r6,ror#27 @ E+=ROR(A,27)
eor r9,r9,r11,ror#31
str r9,[r14,#-4]!
and r10,r7,r10,ror#2 @ F_xx_xx
and r11,r3,r4 @ F_xx_xx
add r5,r5,r9 @ E+=X[i]
add r5,r5,r10 @ E+=F_40_59(B,C,D)
add r5,r5,r11,ror#2
ldr r9,[r14,#15*4]
ldr r10,[r14,#13*4]
ldr r11,[r14,#7*4]
add r4,r8,r4,ror#2 @ E+=K_xx_xx
ldr r12,[r14,#2*4]
eor r9,r9,r10
eor r11,r11,r12 @ 1 cycle stall
eor r10,r7,r3 @ F_xx_xx
mov r9,r9,ror#31
add r4,r4,r5,ror#27 @ E+=ROR(A,27)
eor r9,r9,r11,ror#31
str r9,[r14,#-4]!
and r10,r6,r10,ror#2 @ F_xx_xx
and r11,r7,r3 @ F_xx_xx
add r4,r4,r9 @ E+=X[i]
add r4,r4,r10 @ E+=F_40_59(B,C,D)
add r4,r4,r11,ror#2
ldr r9,[r14,#15*4]
ldr r10,[r14,#13*4]
ldr r11,[r14,#7*4]
add r3,r8,r3,ror#2 @ E+=K_xx_xx
ldr r12,[r14,#2*4]
eor r9,r9,r10
eor r11,r11,r12 @ 1 cycle stall
eor r10,r6,r7 @ F_xx_xx
mov r9,r9,ror#31
add r3,r3,r4,ror#27 @ E+=ROR(A,27)
eor r9,r9,r11,ror#31
str r9,[r14,#-4]!
and r10,r5,r10,ror#2 @ F_xx_xx
and r11,r6,r7 @ F_xx_xx
add r3,r3,r9 @ E+=X[i]
add r3,r3,r10 @ E+=F_40_59(B,C,D)
add r3,r3,r11,ror#2
teq r14,sp
bne .L_40_59 @ [+((12+5)*5+2)*4]
ldr r8,.LK_60_79
sub sp,sp,#20*4
cmp sp,#0 @ set carry to denote 60_79
b .L_20_39_or_60_79 @ [+4], spare 300 bytes
.L_done:
add sp,sp,#80*4 @ "deallocate" stack frame
ldmia r0,{r8,r9,r10,r11,r12}
add r3,r8,r3
add r4,r9,r4
add r5,r10,r5,ror#2
add r6,r11,r6,ror#2
add r7,r12,r7,ror#2
stmia r0,{r3,r4,r5,r6,r7}
teq r1,r2
bne .Lloop @ [+18], total 1307
#if __ARM_ARCH__>=5
ldmia sp!,{r4-r12,pc}
#else
ldmia sp!,{r4-r12,lr}
tst lr,#1
moveq pc,lr @ be binary compatible with V4, yet
.word 0xe12fff1e @ interoperable with Thumb ISA:-)
#endif
.align 2
.LK_00_19: .word 0x5a827999
.LK_20_39: .word 0x6ed9eba1
.LK_40_59: .word 0x8f1bbcdc
.LK_60_79: .word 0xca62c1d6
.size sha1_block_data_order,.-sha1_block_data_order
.asciz "SHA1 block transform for ARMv4, CRYPTOGAMS by <appro@openssl.org>"
.align 2
#if defined(HAVE_GNU_STACK)
.section .note.GNU-stack,"",%progbits
#endif

2494
externals/libressl/crypto/sha/sha1-elf-x86_64.S vendored Normal file
View File

File diff suppressed because it is too large Load Diff

2491
externals/libressl/crypto/sha/sha1-macosx-x86_64.S vendored Normal file
View File

File diff suppressed because it is too large Load Diff

2748
externals/libressl/crypto/sha/sha1-masm-x86_64.S vendored Normal file
View File

File diff suppressed because it is too large Load Diff

2668
externals/libressl/crypto/sha/sha1-mingw64-x86_64.S vendored Normal file
View File

File diff suppressed because it is too large Load Diff

1663
externals/libressl/crypto/sha/sha1-mips.S vendored Normal file
View File

File diff suppressed because it is too large Load Diff

460
externals/libressl/crypto/sha/sha1.c vendored Normal file
View File

@@ -0,0 +1,460 @@
/* $OpenBSD: sha1.c,v 1.5 2023/04/11 10:39:50 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#include <stdlib.h>
#include <string.h>
#include <openssl/opensslconf.h>
#include <openssl/crypto.h>
#include <openssl/sha.h>
#if !defined(OPENSSL_NO_SHA1) && !defined(OPENSSL_NO_SHA)
#define DATA_ORDER_IS_BIG_ENDIAN
#define HASH_LONG SHA_LONG
#define HASH_CTX SHA_CTX
#define HASH_CBLOCK SHA_CBLOCK
#define HASH_MAKE_STRING(c, s) do { \
unsigned long ll; \
ll=(c)->h0; HOST_l2c(ll,(s)); \
ll=(c)->h1; HOST_l2c(ll,(s)); \
ll=(c)->h2; HOST_l2c(ll,(s)); \
ll=(c)->h3; HOST_l2c(ll,(s)); \
ll=(c)->h4; HOST_l2c(ll,(s)); \
} while (0)
#define HASH_UPDATE SHA1_Update
#define HASH_TRANSFORM SHA1_Transform
#define HASH_FINAL SHA1_Final
#define HASH_INIT SHA1_Init
#define HASH_BLOCK_DATA_ORDER sha1_block_data_order
#define Xupdate(a, ix, ia, ib, ic, id) ( (a)=(ia^ib^ic^id), \
ix=(a)=ROTATE((a),1) \
)
#ifndef SHA1_ASM
static
#endif
void sha1_block_data_order(SHA_CTX *c, const void *p, size_t num);
#include "md32_common.h"
int
SHA1_Init(SHA_CTX *c)
{
memset(c, 0, sizeof(*c));
c->h0 = 0x67452301UL;
c->h1 = 0xefcdab89UL;
c->h2 = 0x98badcfeUL;
c->h3 = 0x10325476UL;
c->h4 = 0xc3d2e1f0UL;
return 1;
}
#define K_00_19 0x5a827999UL
#define K_20_39 0x6ed9eba1UL
#define K_40_59 0x8f1bbcdcUL
#define K_60_79 0xca62c1d6UL
/* As pointed out by Wei Dai <weidai@eskimo.com>, F() below can be
* simplified to the code in F_00_19. Wei attributes these optimisations
* to Peter Gutmann's SHS code, and he attributes it to Rich Schroeppel.
* #define F(x,y,z) (((x) & (y)) | ((~(x)) & (z)))
* I've just become aware of another tweak to be made, again from Wei Dai,
* in F_40_59, (x&a)|(y&a) -> (x|y)&a
*/
#define F_00_19(b, c, d) ((((c) ^ (d)) & (b)) ^ (d))
#define F_20_39(b, c, d) ((b) ^ (c) ^ (d))
#define F_40_59(b, c, d) (((b) & (c)) | (((b)|(c)) & (d)))
#define F_60_79(b, c, d) F_20_39(b, c, d)
#ifndef OPENSSL_SMALL_FOOTPRINT
#define BODY_00_15(i, a, b, c, d, e, f, xi) \
(f)=xi+(e)+K_00_19+ROTATE((a),5)+F_00_19((b),(c),(d)); \
(b)=ROTATE((b),30);
#define BODY_16_19(i, a, b, c, d, e, f, xi, xa, xb, xc, xd) \
Xupdate(f, xi, xa, xb, xc, xd); \
(f)+=(e)+K_00_19+ROTATE((a),5)+F_00_19((b),(c),(d)); \
(b)=ROTATE((b),30);
#define BODY_20_31(i, a, b, c, d, e, f, xi, xa, xb, xc, xd) \
Xupdate(f, xi, xa, xb, xc, xd); \
(f)+=(e)+K_20_39+ROTATE((a),5)+F_20_39((b),(c),(d)); \
(b)=ROTATE((b),30);
#define BODY_32_39(i, a, b, c, d, e, f, xa, xb, xc, xd) \
Xupdate(f, xa, xa, xb, xc, xd); \
(f)+=(e)+K_20_39+ROTATE((a),5)+F_20_39((b),(c),(d)); \
(b)=ROTATE((b),30);
#define BODY_40_59(i, a, b, c, d, e, f, xa, xb, xc, xd) \
Xupdate(f, xa, xa, xb, xc, xd); \
(f)+=(e)+K_40_59+ROTATE((a),5)+F_40_59((b),(c),(d)); \
(b)=ROTATE((b),30);
#define BODY_60_79(i, a, b, c, d, e, f, xa, xb, xc, xd) \
Xupdate(f, xa, xa, xb, xc, xd); \
(f)=xa+(e)+K_60_79+ROTATE((a),5)+F_60_79((b),(c),(d)); \
(b)=ROTATE((b),30);
#if !defined(SHA1_ASM)
#include <endian.h>
static void
sha1_block_data_order(SHA_CTX *c, const void *p, size_t num)
{
const unsigned char *data = p;
unsigned MD32_REG_T A, B, C, D, E, T, l;
unsigned MD32_REG_T X0, X1, X2, X3, X4, X5, X6, X7,
X8, X9, X10, X11, X12, X13, X14, X15;
A = c->h0;
B = c->h1;
C = c->h2;
D = c->h3;
E = c->h4;
for (;;) {
if (BYTE_ORDER != LITTLE_ENDIAN &&
sizeof(SHA_LONG) == 4 && ((size_t)p % 4) == 0) {
const SHA_LONG *W = (const SHA_LONG *)data;
X0 = W[0];
X1 = W[1];
BODY_00_15( 0, A, B, C, D, E, T, X0);
X2 = W[2];
BODY_00_15( 1, T, A, B, C, D, E, X1);
X3 = W[3];
BODY_00_15( 2, E, T, A, B, C, D, X2);
X4 = W[4];
BODY_00_15( 3, D, E, T, A, B, C, X3);
X5 = W[5];
BODY_00_15( 4, C, D, E, T, A, B, X4);
X6 = W[6];
BODY_00_15( 5, B, C, D, E, T, A, X5);
X7 = W[7];
BODY_00_15( 6, A, B, C, D, E, T, X6);
X8 = W[8];
BODY_00_15( 7, T, A, B, C, D, E, X7);
X9 = W[9];
BODY_00_15( 8, E, T, A, B, C, D, X8);
X10 = W[10];
BODY_00_15( 9, D, E, T, A, B, C, X9);
X11 = W[11];
BODY_00_15(10, C, D, E, T, A, B, X10);
X12 = W[12];
BODY_00_15(11, B, C, D, E, T, A, X11);
X13 = W[13];
BODY_00_15(12, A, B, C, D, E, T, X12);
X14 = W[14];
BODY_00_15(13, T, A, B, C, D, E, X13);
X15 = W[15];
BODY_00_15(14, E, T, A, B, C, D, X14);
BODY_00_15(15, D, E, T, A, B, C, X15);
data += SHA_CBLOCK;
} else {
HOST_c2l(data, l);
X0 = l;
HOST_c2l(data, l);
X1 = l;
BODY_00_15( 0, A, B, C, D, E, T, X0);
HOST_c2l(data, l);
X2 = l;
BODY_00_15( 1, T, A, B, C, D, E, X1);
HOST_c2l(data, l);
X3 = l;
BODY_00_15( 2, E, T, A, B, C, D, X2);
HOST_c2l(data, l);
X4 = l;
BODY_00_15( 3, D, E, T, A, B, C, X3);
HOST_c2l(data, l);
X5 = l;
BODY_00_15( 4, C, D, E, T, A, B, X4);
HOST_c2l(data, l);
X6 = l;
BODY_00_15( 5, B, C, D, E, T, A, X5);
HOST_c2l(data, l);
X7 = l;
BODY_00_15( 6, A, B, C, D, E, T, X6);
HOST_c2l(data, l);
X8 = l;
BODY_00_15( 7, T, A, B, C, D, E, X7);
HOST_c2l(data, l);
X9 = l;
BODY_00_15( 8, E, T, A, B, C, D, X8);
HOST_c2l(data, l);
X10 = l;
BODY_00_15( 9, D, E, T, A, B, C, X9);
HOST_c2l(data, l);
X11 = l;
BODY_00_15(10, C, D, E, T, A, B, X10);
HOST_c2l(data, l);
X12 = l;
BODY_00_15(11, B, C, D, E, T, A, X11);
HOST_c2l(data, l);
X13 = l;
BODY_00_15(12, A, B, C, D, E, T, X12);
HOST_c2l(data, l);
X14 = l;
BODY_00_15(13, T, A, B, C, D, E, X13);
HOST_c2l(data, l);
X15 = l;
BODY_00_15(14, E, T, A, B, C, D, X14);
BODY_00_15(15, D, E, T, A, B, C, X15);
}
BODY_16_19(16, C, D, E, T, A, B, X0, X0, X2, X8, X13);
BODY_16_19(17, B, C, D, E, T, A, X1, X1, X3, X9, X14);
BODY_16_19(18, A, B, C, D, E, T, X2, X2, X4, X10, X15);
BODY_16_19(19, T, A, B, C, D, E, X3, X3, X5, X11, X0);
BODY_20_31(20, E, T, A, B, C, D, X4, X4, X6, X12, X1);
BODY_20_31(21, D, E, T, A, B, C, X5, X5, X7, X13, X2);
BODY_20_31(22, C, D, E, T, A, B, X6, X6, X8, X14, X3);
BODY_20_31(23, B, C, D, E, T, A, X7, X7, X9, X15, X4);
BODY_20_31(24, A, B, C, D, E, T, X8, X8, X10, X0, X5);
BODY_20_31(25, T, A, B, C, D, E, X9, X9, X11, X1, X6);
BODY_20_31(26, E, T, A, B, C, D, X10, X10, X12, X2, X7);
BODY_20_31(27, D, E, T, A, B, C, X11, X11, X13, X3, X8);
BODY_20_31(28, C, D, E, T, A, B, X12, X12, X14, X4, X9);
BODY_20_31(29, B, C, D, E, T, A, X13, X13, X15, X5, X10);
BODY_20_31(30, A, B, C, D, E, T, X14, X14, X0, X6, X11);
BODY_20_31(31, T, A, B, C, D, E, X15, X15, X1, X7, X12);
BODY_32_39(32, E, T, A, B, C, D, X0, X2, X8, X13);
BODY_32_39(33, D, E, T, A, B, C, X1, X3, X9, X14);
BODY_32_39(34, C, D, E, T, A, B, X2, X4, X10, X15);
BODY_32_39(35, B, C, D, E, T, A, X3, X5, X11, X0);
BODY_32_39(36, A, B, C, D, E, T, X4, X6, X12, X1);
BODY_32_39(37, T, A, B, C, D, E, X5, X7, X13, X2);
BODY_32_39(38, E, T, A, B, C, D, X6, X8, X14, X3);
BODY_32_39(39, D, E, T, A, B, C, X7, X9, X15, X4);
BODY_40_59(40, C, D, E, T, A, B, X8, X10, X0, X5);
BODY_40_59(41, B, C, D, E, T, A, X9, X11, X1, X6);
BODY_40_59(42, A, B, C, D, E, T, X10, X12, X2, X7);
BODY_40_59(43, T, A, B, C, D, E, X11, X13, X3, X8);
BODY_40_59(44, E, T, A, B, C, D, X12, X14, X4, X9);
BODY_40_59(45, D, E, T, A, B, C, X13, X15, X5, X10);
BODY_40_59(46, C, D, E, T, A, B, X14, X0, X6, X11);
BODY_40_59(47, B, C, D, E, T, A, X15, X1, X7, X12);
BODY_40_59(48, A, B, C, D, E, T, X0, X2, X8, X13);
BODY_40_59(49, T, A, B, C, D, E, X1, X3, X9, X14);
BODY_40_59(50, E, T, A, B, C, D, X2, X4, X10, X15);
BODY_40_59(51, D, E, T, A, B, C, X3, X5, X11, X0);
BODY_40_59(52, C, D, E, T, A, B, X4, X6, X12, X1);
BODY_40_59(53, B, C, D, E, T, A, X5, X7, X13, X2);
BODY_40_59(54, A, B, C, D, E, T, X6, X8, X14, X3);
BODY_40_59(55, T, A, B, C, D, E, X7, X9, X15, X4);
BODY_40_59(56, E, T, A, B, C, D, X8, X10, X0, X5);
BODY_40_59(57, D, E, T, A, B, C, X9, X11, X1, X6);
BODY_40_59(58, C, D, E, T, A, B, X10, X12, X2, X7);
BODY_40_59(59, B, C, D, E, T, A, X11, X13, X3, X8);
BODY_60_79(60, A, B, C, D, E, T, X12, X14, X4, X9);
BODY_60_79(61, T, A, B, C, D, E, X13, X15, X5, X10);
BODY_60_79(62, E, T, A, B, C, D, X14, X0, X6, X11);
BODY_60_79(63, D, E, T, A, B, C, X15, X1, X7, X12);
BODY_60_79(64, C, D, E, T, A, B, X0, X2, X8, X13);
BODY_60_79(65, B, C, D, E, T, A, X1, X3, X9, X14);
BODY_60_79(66, A, B, C, D, E, T, X2, X4, X10, X15);
BODY_60_79(67, T, A, B, C, D, E, X3, X5, X11, X0);
BODY_60_79(68, E, T, A, B, C, D, X4, X6, X12, X1);
BODY_60_79(69, D, E, T, A, B, C, X5, X7, X13, X2);
BODY_60_79(70, C, D, E, T, A, B, X6, X8, X14, X3);
BODY_60_79(71, B, C, D, E, T, A, X7, X9, X15, X4);
BODY_60_79(72, A, B, C, D, E, T, X8, X10, X0, X5);
BODY_60_79(73, T, A, B, C, D, E, X9, X11, X1, X6);
BODY_60_79(74, E, T, A, B, C, D, X10, X12, X2, X7);
BODY_60_79(75, D, E, T, A, B, C, X11, X13, X3, X8);
BODY_60_79(76, C, D, E, T, A, B, X12, X14, X4, X9);
BODY_60_79(77, B, C, D, E, T, A, X13, X15, X5, X10);
BODY_60_79(78, A, B, C, D, E, T, X14, X0, X6, X11);
BODY_60_79(79, T, A, B, C, D, E, X15, X1, X7, X12);
c->h0 = (c->h0 + E)&0xffffffffL;
c->h1 = (c->h1 + T)&0xffffffffL;
c->h2 = (c->h2 + A)&0xffffffffL;
c->h3 = (c->h3 + B)&0xffffffffL;
c->h4 = (c->h4 + C)&0xffffffffL;
if (--num == 0)
break;
A = c->h0;
B = c->h1;
C = c->h2;
D = c->h3;
E = c->h4;
}
}
#endif
#else /* OPENSSL_SMALL_FOOTPRINT */
#define BODY_00_15(xi) do { \
T=E+K_00_19+F_00_19(B, C, D); \
E=D, D=C, C=ROTATE(B,30), B=A; \
A=ROTATE(A,5)+T+xi; } while(0)
#define BODY_16_19(xa, xb, xc, xd) do { \
Xupdate(T, xa, xa, xb, xc, xd); \
T+=E+K_00_19+F_00_19(B, C, D); \
E=D, D=C, C=ROTATE(B,30), B=A; \
A=ROTATE(A,5)+T; } while(0)
#define BODY_20_39(xa, xb, xc, xd) do { \
Xupdate(T, xa, xa, xb, xc, xd); \
T+=E+K_20_39+F_20_39(B, C, D); \
E=D, D=C, C=ROTATE(B,30), B=A; \
A=ROTATE(A,5)+T; } while(0)
#define BODY_40_59(xa, xb, xc, xd) do { \
Xupdate(T, xa, xa, xb, xc, xd); \
T+=E+K_40_59+F_40_59(B, C, D); \
E=D, D=C, C=ROTATE(B,30), B=A; \
A=ROTATE(A,5)+T; } while(0)
#define BODY_60_79(xa, xb, xc, xd) do { \
Xupdate(T, xa, xa, xb, xc, xd); \
T=E+K_60_79+F_60_79(B, C, D); \
E=D, D=C, C=ROTATE(B,30), B=A; \
A=ROTATE(A,5)+T+xa; } while(0)
#if !defined(SHA1_ASM)
static void
sha1_block_data_order(SHA_CTX *c, const void *p, size_t num)
{
const unsigned char *data = p;
unsigned MD32_REG_T A, B, C, D, E, T, l;
int i;
SHA_LONG X[16];
A = c->h0;
B = c->h1;
C = c->h2;
D = c->h3;
E = c->h4;
for (;;) {
for (i = 0; i < 16; i++) {
HOST_c2l(data, l);
X[i] = l;
BODY_00_15(X[i]);
}
for (i = 0; i < 4; i++) {
BODY_16_19(X[i], X[i + 2], X[i + 8], X[(i + 13)&15]);
}
for (; i < 24; i++) {
BODY_20_39(X[i&15], X[(i + 2)&15], X[(i + 8)&15], X[(i + 13)&15]);
}
for (i = 0; i < 20; i++) {
BODY_40_59(X[(i + 8)&15], X[(i + 10)&15], X[i&15], X[(i + 5)&15]);
}
for (i = 4; i < 24; i++) {
BODY_60_79(X[(i + 8)&15], X[(i + 10)&15], X[i&15], X[(i + 5)&15]);
}
c->h0 = (c->h0 + A)&0xffffffffL;
c->h1 = (c->h1 + B)&0xffffffffL;
c->h2 = (c->h2 + C)&0xffffffffL;
c->h3 = (c->h3 + D)&0xffffffffL;
c->h4 = (c->h4 + E)&0xffffffffL;
if (--num == 0)
break;
A = c->h0;
B = c->h1;
C = c->h2;
D = c->h3;
E = c->h4;
}
}
#endif
#endif
unsigned char *
SHA1(const unsigned char *d, size_t n, unsigned char *md)
{
SHA_CTX c;
static unsigned char m[SHA_DIGEST_LENGTH];
if (md == NULL)
md = m;
if (!SHA1_Init(&c))
return NULL;
SHA1_Update(&c, d, n);
SHA1_Final(md, &c);
explicit_bzero(&c, sizeof(c));
return (md);
}
#endif

1520
externals/libressl/crypto/sha/sha256-elf-armv4.S vendored Normal file
View File

File diff suppressed because it is too large Load Diff

1785
externals/libressl/crypto/sha/sha256-elf-x86_64.S vendored Normal file
View File

File diff suppressed because it is too large Load Diff

1782
externals/libressl/crypto/sha/sha256-macosx-x86_64.S vendored Normal file
View File

File diff suppressed because it is too large Load Diff

1869
externals/libressl/crypto/sha/sha256-masm-x86_64.S vendored Normal file
View File

File diff suppressed because it is too large Load Diff

1793
externals/libressl/crypto/sha/sha256-mingw64-x86_64.S vendored Normal file
View File

File diff suppressed because it is too large Load Diff

1997
externals/libressl/crypto/sha/sha256-mips.S vendored Normal file
View File

File diff suppressed because it is too large Load Diff

445
externals/libressl/crypto/sha/sha256.c vendored Normal file
View File

@@ -0,0 +1,445 @@
/* $OpenBSD: sha256.c,v 1.15 2023/03/29 05:34:01 jsing Exp $ */
/* ====================================================================
* Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*/
#include <openssl/opensslconf.h>
#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA256)
#include <endian.h>
#include <stdlib.h>
#include <string.h>
#include <openssl/crypto.h>
#include <openssl/sha.h>
#include <openssl/opensslv.h>
int
SHA224_Init(SHA256_CTX *c)
{
memset (c, 0, sizeof(*c));
c->h[0] = 0xc1059ed8UL;
c->h[1] = 0x367cd507UL;
c->h[2] = 0x3070dd17UL;
c->h[3] = 0xf70e5939UL;
c->h[4] = 0xffc00b31UL;
c->h[5] = 0x68581511UL;
c->h[6] = 0x64f98fa7UL;
c->h[7] = 0xbefa4fa4UL;
c->md_len = SHA224_DIGEST_LENGTH;
return 1;
}
int
SHA256_Init(SHA256_CTX *c)
{
memset (c, 0, sizeof(*c));
c->h[0] = 0x6a09e667UL;
c->h[1] = 0xbb67ae85UL;
c->h[2] = 0x3c6ef372UL;
c->h[3] = 0xa54ff53aUL;
c->h[4] = 0x510e527fUL;
c->h[5] = 0x9b05688cUL;
c->h[6] = 0x1f83d9abUL;
c->h[7] = 0x5be0cd19UL;
c->md_len = SHA256_DIGEST_LENGTH;
return 1;
}
unsigned char *
SHA224(const unsigned char *d, size_t n, unsigned char *md)
{
SHA256_CTX c;
static unsigned char m[SHA224_DIGEST_LENGTH];
if (md == NULL)
md = m;
SHA224_Init(&c);
SHA256_Update(&c, d, n);
SHA256_Final(md, &c);
explicit_bzero(&c, sizeof(c));
return (md);
}
unsigned char *
SHA256(const unsigned char *d, size_t n, unsigned char *md)
{
SHA256_CTX c;
static unsigned char m[SHA256_DIGEST_LENGTH];
if (md == NULL)
md = m;
SHA256_Init(&c);
SHA256_Update(&c, d, n);
SHA256_Final(md, &c);
explicit_bzero(&c, sizeof(c));
return (md);
}
int
SHA224_Update(SHA256_CTX *c, const void *data, size_t len)
{
return SHA256_Update(c, data, len);
}
int
SHA224_Final(unsigned char *md, SHA256_CTX *c)
{
return SHA256_Final(md, c);
}
#define DATA_ORDER_IS_BIG_ENDIAN
#define HASH_LONG SHA_LONG
#define HASH_CTX SHA256_CTX
#define HASH_CBLOCK SHA_CBLOCK
/*
* Note that FIPS180-2 discusses "Truncation of the Hash Function Output."
* default: case below covers for it. It's not clear however if it's
* permitted to truncate to amount of bytes not divisible by 4. I bet not,
* but if it is, then default: case shall be extended. For reference.
* Idea behind separate cases for pre-defined lengths is to let the
* compiler decide if it's appropriate to unroll small loops.
*/
#define HASH_MAKE_STRING(c, s) do { \
unsigned long ll; \
unsigned int nn; \
switch ((c)->md_len) \
{ case SHA224_DIGEST_LENGTH: \
for (nn=0;nn<SHA224_DIGEST_LENGTH/4;nn++) \
{ ll=(c)->h[nn]; HOST_l2c(ll,(s)); } \
break; \
case SHA256_DIGEST_LENGTH: \
for (nn=0;nn<SHA256_DIGEST_LENGTH/4;nn++) \
{ ll=(c)->h[nn]; HOST_l2c(ll,(s)); } \
break; \
default: \
if ((c)->md_len > SHA256_DIGEST_LENGTH) \
return 0; \
for (nn=0;nn<(c)->md_len/4;nn++) \
{ ll=(c)->h[nn]; HOST_l2c(ll,(s)); } \
break; \
} \
} while (0)
#define HASH_UPDATE SHA256_Update
#define HASH_TRANSFORM SHA256_Transform
#define HASH_FINAL SHA256_Final
#define HASH_BLOCK_DATA_ORDER sha256_block_data_order
#ifndef SHA256_ASM
static
#endif
void sha256_block_data_order (SHA256_CTX *ctx, const void *in, size_t num);
#include "md32_common.h"
#ifndef SHA256_ASM
static const SHA_LONG K256[64] = {
0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL,
0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL,
0xd807aa98UL, 0x12835b01UL, 0x243185beUL, 0x550c7dc3UL,
0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, 0xc19bf174UL,
0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL,
0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL,
0x983e5152UL, 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL,
0xc6e00bf3UL, 0xd5a79147UL, 0x06ca6351UL, 0x14292967UL,
0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, 0x53380d13UL,
0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL,
0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL,
0xd192e819UL, 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL,
0x19a4c116UL, 0x1e376c08UL, 0x2748774cUL, 0x34b0bcb5UL,
0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, 0x682e6ff3UL,
0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL,
0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL,
};
/*
* FIPS specification refers to right rotations, while our ROTATE macro
* is left one. This is why you might notice that rotation coefficients
* differ from those observed in FIPS document by 32-N...
*/
#define Sigma0(x) (ROTATE((x),30) ^ ROTATE((x),19) ^ ROTATE((x),10))
#define Sigma1(x) (ROTATE((x),26) ^ ROTATE((x),21) ^ ROTATE((x),7))
#define sigma0(x) (ROTATE((x),25) ^ ROTATE((x),14) ^ ((x)>>3))
#define sigma1(x) (ROTATE((x),15) ^ ROTATE((x),13) ^ ((x)>>10))
#define Ch(x, y, z) (((x) & (y)) ^ ((~(x)) & (z)))
#define Maj(x, y, z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
#ifdef OPENSSL_SMALL_FOOTPRINT
static void
sha256_block_data_order(SHA256_CTX *ctx, const void *in, size_t num)
{
unsigned MD32_REG_T a, b, c, d, e, f, g, h, s0, s1, T1, T2;
SHA_LONG X[16], l;
int i;
const unsigned char *data = in;
while (num--) {
a = ctx->h[0];
b = ctx->h[1];
c = ctx->h[2];
d = ctx->h[3];
e = ctx->h[4];
f = ctx->h[5];
g = ctx->h[6];
h = ctx->h[7];
for (i = 0; i < 16; i++) {
HOST_c2l(data, l);
T1 = X[i] = l;
T1 += h + Sigma1(e) + Ch(e, f, g) + K256[i];
T2 = Sigma0(a) + Maj(a, b, c);
h = g;
g = f;
f = e;
e = d + T1;
d = c;
c = b;
b = a;
a = T1 + T2;
}
for (; i < 64; i++) {
s0 = X[(i + 1)&0x0f];
s0 = sigma0(s0);
s1 = X[(i + 14)&0x0f];
s1 = sigma1(s1);
T1 = X[i&0xf] += s0 + s1 + X[(i + 9)&0xf];
T1 += h + Sigma1(e) + Ch(e, f, g) + K256[i];
T2 = Sigma0(a) + Maj(a, b, c);
h = g;
g = f;
f = e;
e = d + T1;
d = c;
c = b;
b = a;
a = T1 + T2;
}
ctx->h[0] += a;
ctx->h[1] += b;
ctx->h[2] += c;
ctx->h[3] += d;
ctx->h[4] += e;
ctx->h[5] += f;
ctx->h[6] += g;
ctx->h[7] += h;
}
}
#else
#define ROUND_00_15(i, a, b, c, d, e, f, g, h) do { \
T1 += h + Sigma1(e) + Ch(e, f, g) + K256[i]; \
h = Sigma0(a) + Maj(a, b, c); \
d += T1; h += T1; } while (0)
#define ROUND_16_63(i, a, b, c, d, e, f, g, h, X) do { \
s0 = X[(i+1)&0x0f]; s0 = sigma0(s0); \
s1 = X[(i+14)&0x0f]; s1 = sigma1(s1); \
T1 = X[(i)&0x0f] += s0 + s1 + X[(i+9)&0x0f]; \
ROUND_00_15(i, a, b, c, d, e, f, g, h); } while (0)
static void
sha256_block_data_order(SHA256_CTX *ctx, const void *in, size_t num)
{
unsigned MD32_REG_T a, b, c, d, e, f, g, h, s0, s1, T1;
SHA_LONG X[16];
int i;
const unsigned char *data = in;
while (num--) {
a = ctx->h[0];
b = ctx->h[1];
c = ctx->h[2];
d = ctx->h[3];
e = ctx->h[4];
f = ctx->h[5];
g = ctx->h[6];
h = ctx->h[7];
if (BYTE_ORDER != LITTLE_ENDIAN &&
sizeof(SHA_LONG) == 4 && ((size_t)in % 4) == 0) {
const SHA_LONG *W = (const SHA_LONG *)data;
T1 = X[0] = W[0];
ROUND_00_15(0, a, b, c, d, e, f, g, h);
T1 = X[1] = W[1];
ROUND_00_15(1, h, a, b, c, d, e, f, g);
T1 = X[2] = W[2];
ROUND_00_15(2, g, h, a, b, c, d, e, f);
T1 = X[3] = W[3];
ROUND_00_15(3, f, g, h, a, b, c, d, e);
T1 = X[4] = W[4];
ROUND_00_15(4, e, f, g, h, a, b, c, d);
T1 = X[5] = W[5];
ROUND_00_15(5, d, e, f, g, h, a, b, c);
T1 = X[6] = W[6];
ROUND_00_15(6, c, d, e, f, g, h, a, b);
T1 = X[7] = W[7];
ROUND_00_15(7, b, c, d, e, f, g, h, a);
T1 = X[8] = W[8];
ROUND_00_15(8, a, b, c, d, e, f, g, h);
T1 = X[9] = W[9];
ROUND_00_15(9, h, a, b, c, d, e, f, g);
T1 = X[10] = W[10];
ROUND_00_15(10, g, h, a, b, c, d, e, f);
T1 = X[11] = W[11];
ROUND_00_15(11, f, g, h, a, b, c, d, e);
T1 = X[12] = W[12];
ROUND_00_15(12, e, f, g, h, a, b, c, d);
T1 = X[13] = W[13];
ROUND_00_15(13, d, e, f, g, h, a, b, c);
T1 = X[14] = W[14];
ROUND_00_15(14, c, d, e, f, g, h, a, b);
T1 = X[15] = W[15];
ROUND_00_15(15, b, c, d, e, f, g, h, a);
data += SHA256_CBLOCK;
} else {
SHA_LONG l;
HOST_c2l(data, l);
T1 = X[0] = l;
ROUND_00_15(0, a, b, c, d, e, f, g, h);
HOST_c2l(data, l);
T1 = X[1] = l;
ROUND_00_15(1, h, a, b, c, d, e, f, g);
HOST_c2l(data, l);
T1 = X[2] = l;
ROUND_00_15(2, g, h, a, b, c, d, e, f);
HOST_c2l(data, l);
T1 = X[3] = l;
ROUND_00_15(3, f, g, h, a, b, c, d, e);
HOST_c2l(data, l);
T1 = X[4] = l;
ROUND_00_15(4, e, f, g, h, a, b, c, d);
HOST_c2l(data, l);
T1 = X[5] = l;
ROUND_00_15(5, d, e, f, g, h, a, b, c);
HOST_c2l(data, l);
T1 = X[6] = l;
ROUND_00_15(6, c, d, e, f, g, h, a, b);
HOST_c2l(data, l);
T1 = X[7] = l;
ROUND_00_15(7, b, c, d, e, f, g, h, a);
HOST_c2l(data, l);
T1 = X[8] = l;
ROUND_00_15(8, a, b, c, d, e, f, g, h);
HOST_c2l(data, l);
T1 = X[9] = l;
ROUND_00_15(9, h, a, b, c, d, e, f, g);
HOST_c2l(data, l);
T1 = X[10] = l;
ROUND_00_15(10, g, h, a, b, c, d, e, f);
HOST_c2l(data, l);
T1 = X[11] = l;
ROUND_00_15(11, f, g, h, a, b, c, d, e);
HOST_c2l(data, l);
T1 = X[12] = l;
ROUND_00_15(12, e, f, g, h, a, b, c, d);
HOST_c2l(data, l);
T1 = X[13] = l;
ROUND_00_15(13, d, e, f, g, h, a, b, c);
HOST_c2l(data, l);
T1 = X[14] = l;
ROUND_00_15(14, c, d, e, f, g, h, a, b);
HOST_c2l(data, l);
T1 = X[15] = l;
ROUND_00_15(15, b, c, d, e, f, g, h, a);
}
for (i = 16; i < 64; i += 8) {
ROUND_16_63(i + 0, a, b, c, d, e, f, g, h, X);
ROUND_16_63(i + 1, h, a, b, c, d, e, f, g, X);
ROUND_16_63(i + 2, g, h, a, b, c, d, e, f, X);
ROUND_16_63(i + 3, f, g, h, a, b, c, d, e, X);
ROUND_16_63(i + 4, e, f, g, h, a, b, c, d, X);
ROUND_16_63(i + 5, d, e, f, g, h, a, b, c, X);
ROUND_16_63(i + 6, c, d, e, f, g, h, a, b, X);
ROUND_16_63(i + 7, b, c, d, e, f, g, h, a, X);
}
ctx->h[0] += a;
ctx->h[1] += b;
ctx->h[2] += c;
ctx->h[3] += d;
ctx->h[4] += e;
ctx->h[5] += f;
ctx->h[6] += g;
ctx->h[7] += h;
}
}
#endif
#endif /* SHA256_ASM */
#endif /* OPENSSL_NO_SHA256 */

193
externals/libressl/crypto/sha/sha3.c vendored Normal file
View File

@@ -0,0 +1,193 @@
/* $OpenBSD: sha3.c,v 1.15 2023/04/16 15:32:16 jsing Exp $ */
/*
* The MIT License (MIT)
*
* Copyright (c) 2015 Markku-Juhani O. Saarinen
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
#include <endian.h>
#include <string.h>
#include "sha3_internal.h"
#define KECCAKF_ROUNDS 24
#define ROTL64(x, y) (((x) << (y)) | ((x) >> (64 - (y))))
static const uint64_t sha3_keccakf_rndc[24] = {
0x0000000000000001, 0x0000000000008082, 0x800000000000808a,
0x8000000080008000, 0x000000000000808b, 0x0000000080000001,
0x8000000080008081, 0x8000000000008009, 0x000000000000008a,
0x0000000000000088, 0x0000000080008009, 0x000000008000000a,
0x000000008000808b, 0x800000000000008b, 0x8000000000008089,
0x8000000000008003, 0x8000000000008002, 0x8000000000000080,
0x000000000000800a, 0x800000008000000a, 0x8000000080008081,
0x8000000000008080, 0x0000000080000001, 0x8000000080008008
};
static const int sha3_keccakf_rotc[24] = {
1, 3, 6, 10, 15, 21, 28, 36, 45, 55, 2, 14,
27, 41, 56, 8, 25, 43, 62, 18, 39, 61, 20, 44
};
static const int sha3_keccakf_piln[24] = {
10, 7, 11, 17, 18, 3, 5, 16, 8, 21, 24, 4,
15, 23, 19, 13, 12, 2, 20, 14, 22, 9, 6, 1
};
static void
sha3_keccakf(uint64_t st[25])
{
uint64_t t, bc[5];
int i, j, r;
#if BYTE_ORDER != LITTLE_ENDIAN
uint8_t *v;
for (i = 0; i < 25; i++) {
v = (uint8_t *) &st[i];
st[i] = ((uint64_t) v[0]) | (((uint64_t) v[1]) << 8) |
(((uint64_t) v[2]) << 16) | (((uint64_t) v[3]) << 24) |
(((uint64_t) v[4]) << 32) | (((uint64_t) v[5]) << 40) |
(((uint64_t) v[6]) << 48) | (((uint64_t) v[7]) << 56);
}
#endif
for (r = 0; r < KECCAKF_ROUNDS; r++) {
/* Theta */
for (i = 0; i < 5; i++)
bc[i] = st[i] ^ st[i + 5] ^ st[i + 10] ^ st[i + 15] ^ st[i + 20];
for (i = 0; i < 5; i++) {
t = bc[(i + 4) % 5] ^ ROTL64(bc[(i + 1) % 5], 1);
for (j = 0; j < 25; j += 5)
st[j + i] ^= t;
}
/* Rho Pi */
t = st[1];
for (i = 0; i < 24; i++) {
j = sha3_keccakf_piln[i];
bc[0] = st[j];
st[j] = ROTL64(t, sha3_keccakf_rotc[i]);
t = bc[0];
}
/* Chi */
for (j = 0; j < 25; j += 5) {
for (i = 0; i < 5; i++)
bc[i] = st[j + i];
for (i = 0; i < 5; i++)
st[j + i] ^= (~bc[(i + 1) % 5]) & bc[(i + 2) % 5];
}
/* Iota */
st[0] ^= sha3_keccakf_rndc[r];
}
#if BYTE_ORDER != LITTLE_ENDIAN
for (i = 0; i < 25; i++) {
v = (uint8_t *) &st[i];
t = st[i];
v[0] = t & 0xFF;
v[1] = (t >> 8) & 0xFF;
v[2] = (t >> 16) & 0xFF;
v[3] = (t >> 24) & 0xFF;
v[4] = (t >> 32) & 0xFF;
v[5] = (t >> 40) & 0xFF;
v[6] = (t >> 48) & 0xFF;
v[7] = (t >> 56) & 0xFF;
}
#endif
}
int
sha3_init(sha3_ctx *c, int mdlen)
{
if (mdlen < 0 || mdlen >= KECCAK_BYTE_WIDTH / 2)
return 0;
memset(c, 0, sizeof(*c));
c->mdlen = mdlen;
c->rsize = KECCAK_BYTE_WIDTH - 2 * mdlen;
return 1;
}
int
sha3_update(sha3_ctx *c, const void *data, size_t len)
{
size_t i, j;
j = c->pt;
for (i = 0; i < len; i++) {
c->state.b[j++] ^= ((const uint8_t *) data)[i];
if (j >= c->rsize) {
sha3_keccakf(c->state.q);
j = 0;
}
}
c->pt = j;
return 1;
}
int
sha3_final(void *md, sha3_ctx *c)
{
int i;
c->state.b[c->pt] ^= 0x06;
c->state.b[c->rsize - 1] ^= 0x80;
sha3_keccakf(c->state.q);
for (i = 0; i < c->mdlen; i++) {
((uint8_t *) md)[i] = c->state.b[i];
}
return 1;
}
/* SHAKE128 and SHAKE256 extensible-output functionality. */
void
shake_xof(sha3_ctx *c)
{
c->state.b[c->pt] ^= 0x1F;
c->state.b[c->rsize - 1] ^= 0x80;
sha3_keccakf(c->state.q);
c->pt = 0;
}
void
shake_out(sha3_ctx *c, void *out, size_t len)
{
size_t i, j;
j = c->pt;
for (i = 0; i < len; i++) {
if (j >= c->rsize) {
sha3_keccakf(c->state.q);
j = 0;
}
((uint8_t *) out)[i] = c->state.b[j++];
}
c->pt = j;
}

81
externals/libressl/crypto/sha/sha3_internal.h vendored Normal file
View File

@@ -0,0 +1,81 @@
/* $OpenBSD: sha3_internal.h,v 1.15 2023/04/25 19:32:19 tb Exp $ */
/*
* The MIT License (MIT)
*
* Copyright (c) 2015 Markku-Juhani O. Saarinen
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
#include <stddef.h>
#include <stdint.h>
#ifndef HEADER_SHA3_INTERNAL_H
#define HEADER_SHA3_INTERNAL_H
#define KECCAK_BIT_WIDTH 1600
#define KECCAK_BYTE_WIDTH (KECCAK_BIT_WIDTH / 8)
#define SHA3_224_BIT_LENGTH 224
#define SHA3_224_BITRATE (2 * SHA3_224_BIT_LENGTH)
#define SHA3_224_CAPACITY (KECCAK_BIT_WIDTH - SHA3_224_BITRATE)
#define SHA3_224_BLOCK_SIZE (SHA3_224_CAPACITY / 8)
#define SHA3_224_DIGEST_LENGTH (SHA3_224_BIT_LENGTH / 8)
#define SHA3_256_BIT_LENGTH 256
#define SHA3_256_BITRATE (2 * SHA3_256_BIT_LENGTH)
#define SHA3_256_CAPACITY (KECCAK_BIT_WIDTH - SHA3_256_BITRATE)
#define SHA3_256_BLOCK_SIZE (SHA3_256_CAPACITY / 8)
#define SHA3_256_DIGEST_LENGTH (SHA3_256_BIT_LENGTH / 8)
#define SHA3_384_BIT_LENGTH 384
#define SHA3_384_BITRATE (2 * SHA3_384_BIT_LENGTH)
#define SHA3_384_CAPACITY (KECCAK_BIT_WIDTH - SHA3_384_BITRATE)
#define SHA3_384_BLOCK_SIZE (SHA3_384_CAPACITY / 8)
#define SHA3_384_DIGEST_LENGTH (SHA3_384_BIT_LENGTH / 8)
#define SHA3_512_BIT_LENGTH 512
#define SHA3_512_BITRATE (2 * SHA3_512_BIT_LENGTH)
#define SHA3_512_CAPACITY (KECCAK_BIT_WIDTH - SHA3_512_BITRATE)
#define SHA3_512_BLOCK_SIZE (SHA3_512_CAPACITY / 8)
#define SHA3_512_DIGEST_LENGTH (SHA3_512_BIT_LENGTH / 8)
typedef struct sha3_ctx_st {
union {
uint8_t b[200]; /* State as 8 bit bytes. */
uint64_t q[25]; /* State as 64 bit words. */
} state;
size_t pt;
size_t rsize;
size_t mdlen;
} sha3_ctx;
int sha3_init(sha3_ctx *c, int mdlen);
int sha3_update(sha3_ctx *c, const void *data, size_t len);
int sha3_final(void *md, sha3_ctx *c);
/* SHAKE128 and SHAKE256 extensible-output functions. */
#define shake128_init(c) sha3_init(c, 16)
#define shake256_init(c) sha3_init(c, 32)
#define shake_update sha3_update
void shake_xof(sha3_ctx *c);
void shake_out(sha3_ctx *c, void *out, size_t len);
#endif

1786
externals/libressl/crypto/sha/sha512-elf-armv4.S vendored Normal file
View File

File diff suppressed because it is too large Load Diff

1809
externals/libressl/crypto/sha/sha512-elf-x86_64.S vendored Normal file
View File

File diff suppressed because it is too large Load Diff

1806
externals/libressl/crypto/sha/sha512-macosx-x86_64.S vendored Normal file
View File

File diff suppressed because it is too large Load Diff

1893
externals/libressl/crypto/sha/sha512-masm-x86_64.S vendored Normal file
View File

File diff suppressed because it is too large Load Diff

1817
externals/libressl/crypto/sha/sha512-mingw64-x86_64.S vendored Normal file
View File

File diff suppressed because it is too large Load Diff

2165
externals/libressl/crypto/sha/sha512-mips.S vendored Normal file
View File

File diff suppressed because it is too large Load Diff

534
externals/libressl/crypto/sha/sha512.c vendored Normal file
View File

@@ -0,0 +1,534 @@
/* $OpenBSD: sha512.c,v 1.38 2023/05/19 00:54:28 deraadt Exp $ */
/* ====================================================================
* Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*/
#include <endian.h>
#include <stdlib.h>
#include <string.h>
#include <openssl/opensslconf.h>
#include <openssl/crypto.h>
#include <openssl/sha.h>
#include "crypto_internal.h"
#include "sha_internal.h"
#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA512)
#if !defined(__STRICT_ALIGNMENT) || defined(SHA512_ASM)
#define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA
#endif
#ifdef SHA512_ASM
void sha512_block_data_order(SHA512_CTX *ctx, const void *in, size_t num);
#endif
#ifndef SHA512_ASM
static const SHA_LONG64 K512[80] = {
U64(0x428a2f98d728ae22), U64(0x7137449123ef65cd),
U64(0xb5c0fbcfec4d3b2f), U64(0xe9b5dba58189dbbc),
U64(0x3956c25bf348b538), U64(0x59f111f1b605d019),
U64(0x923f82a4af194f9b), U64(0xab1c5ed5da6d8118),
U64(0xd807aa98a3030242), U64(0x12835b0145706fbe),
U64(0x243185be4ee4b28c), U64(0x550c7dc3d5ffb4e2),
U64(0x72be5d74f27b896f), U64(0x80deb1fe3b1696b1),
U64(0x9bdc06a725c71235), U64(0xc19bf174cf692694),
U64(0xe49b69c19ef14ad2), U64(0xefbe4786384f25e3),
U64(0x0fc19dc68b8cd5b5), U64(0x240ca1cc77ac9c65),
U64(0x2de92c6f592b0275), U64(0x4a7484aa6ea6e483),
U64(0x5cb0a9dcbd41fbd4), U64(0x76f988da831153b5),
U64(0x983e5152ee66dfab), U64(0xa831c66d2db43210),
U64(0xb00327c898fb213f), U64(0xbf597fc7beef0ee4),
U64(0xc6e00bf33da88fc2), U64(0xd5a79147930aa725),
U64(0x06ca6351e003826f), U64(0x142929670a0e6e70),
U64(0x27b70a8546d22ffc), U64(0x2e1b21385c26c926),
U64(0x4d2c6dfc5ac42aed), U64(0x53380d139d95b3df),
U64(0x650a73548baf63de), U64(0x766a0abb3c77b2a8),
U64(0x81c2c92e47edaee6), U64(0x92722c851482353b),
U64(0xa2bfe8a14cf10364), U64(0xa81a664bbc423001),
U64(0xc24b8b70d0f89791), U64(0xc76c51a30654be30),
U64(0xd192e819d6ef5218), U64(0xd69906245565a910),
U64(0xf40e35855771202a), U64(0x106aa07032bbd1b8),
U64(0x19a4c116b8d2d0c8), U64(0x1e376c085141ab53),
U64(0x2748774cdf8eeb99), U64(0x34b0bcb5e19b48a8),
U64(0x391c0cb3c5c95a63), U64(0x4ed8aa4ae3418acb),
U64(0x5b9cca4f7763e373), U64(0x682e6ff3d6b2b8a3),
U64(0x748f82ee5defb2fc), U64(0x78a5636f43172f60),
U64(0x84c87814a1f0ab72), U64(0x8cc702081a6439ec),
U64(0x90befffa23631e28), U64(0xa4506cebde82bde9),
U64(0xbef9a3f7b2c67915), U64(0xc67178f2e372532b),
U64(0xca273eceea26619c), U64(0xd186b8c721c0c207),
U64(0xeada7dd6cde0eb1e), U64(0xf57d4f7fee6ed178),
U64(0x06f067aa72176fba), U64(0x0a637dc5a2c898a6),
U64(0x113f9804bef90dae), U64(0x1b710b35131c471b),
U64(0x28db77f523047d84), U64(0x32caab7b40c72493),
U64(0x3c9ebe0a15c9bebc), U64(0x431d67c49c100d4c),
U64(0x4cc5d4becb3e42b6), U64(0x597f299cfc657e2a),
U64(0x5fcb6fab3ad6faec), U64(0x6c44198c4a475817),
};
#if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
# if defined(__x86_64) || defined(__x86_64__)
# define PULL64(x) ({ SHA_LONG64 ret=*((const SHA_LONG64 *)(&(x))); \
asm ("bswapq %0" \
: "=r"(ret) \
: "0"(ret)); ret; })
# elif (defined(__i386) || defined(__i386__))
# define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\
unsigned int hi=p[0],lo=p[1]; \
asm ("bswapl %0; bswapl %1;" \
: "=r"(lo),"=r"(hi) \
: "0"(lo),"1"(hi)); \
((SHA_LONG64)hi)<<32|lo; })
# endif
#endif
#ifndef PULL64
#if BYTE_ORDER == BIG_ENDIAN
#define PULL64(x) (x)
#else
#define B(x, j) (((SHA_LONG64)(*(((const unsigned char *)(&x))+j)))<<((7-j)*8))
#define PULL64(x) (B(x,0)|B(x,1)|B(x,2)|B(x,3)|B(x,4)|B(x,5)|B(x,6)|B(x,7))
#endif
#endif
#define ROTR(x, s) crypto_ror_u64(x, s)
#define Sigma0(x) (ROTR((x),28) ^ ROTR((x),34) ^ ROTR((x),39))
#define Sigma1(x) (ROTR((x),14) ^ ROTR((x),18) ^ ROTR((x),41))
#define sigma0(x) (ROTR((x),1) ^ ROTR((x),8) ^ ((x)>>7))
#define sigma1(x) (ROTR((x),19) ^ ROTR((x),61) ^ ((x)>>6))
#define Ch(x, y, z) (((x) & (y)) ^ ((~(x)) & (z)))
#define Maj(x, y, z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
#define ROUND_00_15(i, a, b, c, d, e, f, g, h, Wt) do { \
T1 = h + Sigma1(e) + Ch(e, f, g) + K512[i] + Wt; \
T2 = Sigma0(a) + Maj(a, b, c); \
d += T1; \
h = T1 + T2; \
} while (0)
#define ROUND_16_80(i, j, a, b, c, d, e, f, g, h, X) do { \
s0 = sigma0(X[(j + 1) & 0x0f]); \
s1 = sigma1(X[(j + 14) & 0x0f]); \
X[(j) & 0x0f] += s0 + s1 + X[(j + 9) & 0x0f]; \
ROUND_00_15(i + j, a, b, c, d, e, f, g, h, X[(j) & 0x0f]); \
} while (0)
static void
sha512_block_data_order(SHA512_CTX *ctx, const void *_in, size_t num)
{
const SHA_LONG64 *in = _in;
SHA_LONG64 a, b, c, d, e, f, g, h, s0, s1, T1, T2;
SHA_LONG64 X[16];
int i;
while (num--) {
a = ctx->h[0];
b = ctx->h[1];
c = ctx->h[2];
d = ctx->h[3];
e = ctx->h[4];
f = ctx->h[5];
g = ctx->h[6];
h = ctx->h[7];
X[0] = PULL64(in[0]);
ROUND_00_15(0, a, b, c, d, e, f, g, h, X[0]);
X[1] = PULL64(in[1]);
ROUND_00_15(1, h, a, b, c, d, e, f, g, X[1]);
X[2] = PULL64(in[2]);
ROUND_00_15(2, g, h, a, b, c, d, e, f, X[2]);
X[3] = PULL64(in[3]);
ROUND_00_15(3, f, g, h, a, b, c, d, e, X[3]);
X[4] = PULL64(in[4]);
ROUND_00_15(4, e, f, g, h, a, b, c, d, X[4]);
X[5] = PULL64(in[5]);
ROUND_00_15(5, d, e, f, g, h, a, b, c, X[5]);
X[6] = PULL64(in[6]);
ROUND_00_15(6, c, d, e, f, g, h, a, b, X[6]);
X[7] = PULL64(in[7]);
ROUND_00_15(7, b, c, d, e, f, g, h, a, X[7]);
X[8] = PULL64(in[8]);
ROUND_00_15(8, a, b, c, d, e, f, g, h, X[8]);
X[9] = PULL64(in[9]);
ROUND_00_15(9, h, a, b, c, d, e, f, g, X[9]);
X[10] = PULL64(in[10]);
ROUND_00_15(10, g, h, a, b, c, d, e, f, X[10]);
X[11] = PULL64(in[11]);
ROUND_00_15(11, f, g, h, a, b, c, d, e, X[11]);
X[12] = PULL64(in[12]);
ROUND_00_15(12, e, f, g, h, a, b, c, d, X[12]);
X[13] = PULL64(in[13]);
ROUND_00_15(13, d, e, f, g, h, a, b, c, X[13]);
X[14] = PULL64(in[14]);
ROUND_00_15(14, c, d, e, f, g, h, a, b, X[14]);
X[15] = PULL64(in[15]);
ROUND_00_15(15, b, c, d, e, f, g, h, a, X[15]);
for (i = 16; i < 80; i += 16) {
ROUND_16_80(i, 0, a, b, c, d, e, f, g, h, X);
ROUND_16_80(i, 1, h, a, b, c, d, e, f, g, X);
ROUND_16_80(i, 2, g, h, a, b, c, d, e, f, X);
ROUND_16_80(i, 3, f, g, h, a, b, c, d, e, X);
ROUND_16_80(i, 4, e, f, g, h, a, b, c, d, X);
ROUND_16_80(i, 5, d, e, f, g, h, a, b, c, X);
ROUND_16_80(i, 6, c, d, e, f, g, h, a, b, X);
ROUND_16_80(i, 7, b, c, d, e, f, g, h, a, X);
ROUND_16_80(i, 8, a, b, c, d, e, f, g, h, X);
ROUND_16_80(i, 9, h, a, b, c, d, e, f, g, X);
ROUND_16_80(i, 10, g, h, a, b, c, d, e, f, X);
ROUND_16_80(i, 11, f, g, h, a, b, c, d, e, X);
ROUND_16_80(i, 12, e, f, g, h, a, b, c, d, X);
ROUND_16_80(i, 13, d, e, f, g, h, a, b, c, X);
ROUND_16_80(i, 14, c, d, e, f, g, h, a, b, X);
ROUND_16_80(i, 15, b, c, d, e, f, g, h, a, X);
}
ctx->h[0] += a;
ctx->h[1] += b;
ctx->h[2] += c;
ctx->h[3] += d;
ctx->h[4] += e;
ctx->h[5] += f;
ctx->h[6] += g;
ctx->h[7] += h;
in += SHA_LBLOCK;
}
}
#endif /* SHA512_ASM */
int
SHA384_Init(SHA512_CTX *c)
{
memset(c, 0, sizeof(*c));
c->h[0] = U64(0xcbbb9d5dc1059ed8);
c->h[1] = U64(0x629a292a367cd507);
c->h[2] = U64(0x9159015a3070dd17);
c->h[3] = U64(0x152fecd8f70e5939);
c->h[4] = U64(0x67332667ffc00b31);
c->h[5] = U64(0x8eb44a8768581511);
c->h[6] = U64(0xdb0c2e0d64f98fa7);
c->h[7] = U64(0x47b5481dbefa4fa4);
c->md_len = SHA384_DIGEST_LENGTH;
return 1;
}
int
SHA384_Update(SHA512_CTX *c, const void *data, size_t len)
{
return SHA512_Update(c, data, len);
}
int
SHA384_Final(unsigned char *md, SHA512_CTX *c)
{
return SHA512_Final(md, c);
}
unsigned char *
SHA384(const unsigned char *d, size_t n, unsigned char *md)
{
SHA512_CTX c;
static unsigned char m[SHA384_DIGEST_LENGTH];
if (md == NULL)
md = m;
SHA384_Init(&c);
SHA512_Update(&c, d, n);
SHA512_Final(md, &c);
explicit_bzero(&c, sizeof(c));
return (md);
}
int
SHA512_Init(SHA512_CTX *c)
{
memset(c, 0, sizeof(*c));
c->h[0] = U64(0x6a09e667f3bcc908);
c->h[1] = U64(0xbb67ae8584caa73b);
c->h[2] = U64(0x3c6ef372fe94f82b);
c->h[3] = U64(0xa54ff53a5f1d36f1);
c->h[4] = U64(0x510e527fade682d1);
c->h[5] = U64(0x9b05688c2b3e6c1f);
c->h[6] = U64(0x1f83d9abfb41bd6b);
c->h[7] = U64(0x5be0cd19137e2179);
c->md_len = SHA512_DIGEST_LENGTH;
return 1;
}
void
SHA512_Transform(SHA512_CTX *c, const unsigned char *data)
{
#ifndef SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA
if ((size_t)data % sizeof(c->u.d[0]) != 0) {
memcpy(c->u.p, data, sizeof(c->u.p));
data = c->u.p;
}
#endif
sha512_block_data_order(c, data, 1);
}
int
SHA512_Update(SHA512_CTX *c, const void *_data, size_t len)
{
SHA_LONG64 l;
unsigned char *p = c->u.p;
const unsigned char *data = (const unsigned char *)_data;
if (len == 0)
return 1;
l = (c->Nl + (((SHA_LONG64)len) << 3))&U64(0xffffffffffffffff);
if (l < c->Nl)
c->Nh++;
if (sizeof(len) >= 8)
c->Nh += (((SHA_LONG64)len) >> 61);
c->Nl = l;
if (c->num != 0) {
size_t n = sizeof(c->u) - c->num;
if (len < n) {
memcpy(p + c->num, data, len);
c->num += (unsigned int)len;
return 1;
} else{
memcpy(p + c->num, data, n);
c->num = 0;
len -= n;
data += n;
sha512_block_data_order(c, p, 1);
}
}
if (len >= sizeof(c->u)) {
#ifndef SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA
if ((size_t)data % sizeof(c->u.d[0]) != 0) {
while (len >= sizeof(c->u)) {
memcpy(p, data, sizeof(c->u));
sha512_block_data_order(c, p, 1);
len -= sizeof(c->u);
data += sizeof(c->u);
}
} else
#endif
{
sha512_block_data_order(c, data, len/sizeof(c->u));
data += len;
len %= sizeof(c->u);
data -= len;
}
}
if (len != 0) {
memcpy(p, data, len);
c->num = (int)len;
}
return 1;
}
int
SHA512_Final(unsigned char *md, SHA512_CTX *c)
{
unsigned char *p = (unsigned char *)c->u.p;
size_t n = c->num;
p[n]=0x80; /* There always is a room for one */
n++;
if (n > (sizeof(c->u) - 16)) {
memset(p + n, 0, sizeof(c->u) - n);
n = 0;
sha512_block_data_order(c, p, 1);
}
memset(p + n, 0, sizeof(c->u) - 16 - n);
c->u.d[SHA_LBLOCK - 2] = htobe64(c->Nh);
c->u.d[SHA_LBLOCK - 1] = htobe64(c->Nl);
sha512_block_data_order(c, p, 1);
if (md == NULL)
return 0;
/* Let compiler decide if it's appropriate to unroll... */
switch (c->md_len) {
case SHA512_224_DIGEST_LENGTH:
for (n = 0; n < SHA512_224_DIGEST_LENGTH/8; n++) {
crypto_store_htobe64(md, c->h[n]);
md += 8;
}
crypto_store_htobe32(md, c->h[n] >> 32);
break;
case SHA512_256_DIGEST_LENGTH:
for (n = 0; n < SHA512_256_DIGEST_LENGTH/8; n++) {
crypto_store_htobe64(md, c->h[n]);
md += 8;
}
break;
case SHA384_DIGEST_LENGTH:
for (n = 0; n < SHA384_DIGEST_LENGTH/8; n++) {
crypto_store_htobe64(md, c->h[n]);
md += 8;
}
break;
case SHA512_DIGEST_LENGTH:
for (n = 0; n < SHA512_DIGEST_LENGTH/8; n++) {
crypto_store_htobe64(md, c->h[n]);
md += 8;
}
break;
default:
return 0;
}
return 1;
}
unsigned char *
SHA512(const unsigned char *d, size_t n, unsigned char *md)
{
SHA512_CTX c;
static unsigned char m[SHA512_DIGEST_LENGTH];
if (md == NULL)
md = m;
SHA512_Init(&c);
SHA512_Update(&c, d, n);
SHA512_Final(md, &c);
explicit_bzero(&c, sizeof(c));
return (md);
}
int
SHA512_224_Init(SHA512_CTX *c)
{
memset(c, 0, sizeof(*c));
/* FIPS 180-4 section 5.3.6.1. */
c->h[0] = U64(0x8c3d37c819544da2);
c->h[1] = U64(0x73e1996689dcd4d6);
c->h[2] = U64(0x1dfab7ae32ff9c82);
c->h[3] = U64(0x679dd514582f9fcf);
c->h[4] = U64(0x0f6d2b697bd44da8);
c->h[5] = U64(0x77e36f7304c48942);
c->h[6] = U64(0x3f9d85a86a1d36c8);
c->h[7] = U64(0x1112e6ad91d692a1);
c->md_len = SHA512_224_DIGEST_LENGTH;
return 1;
}
int
SHA512_224_Update(SHA512_CTX *c, const void *data, size_t len)
{
return SHA512_Update(c, data, len);
}
int
SHA512_224_Final(unsigned char *md, SHA512_CTX *c)
{
return SHA512_Final(md, c);
}
int
SHA512_256_Init(SHA512_CTX *c)
{
memset(c, 0, sizeof(*c));
/* FIPS 180-4 section 5.3.6.2. */
c->h[0] = U64(0x22312194fc2bf72c);
c->h[1] = U64(0x9f555fa3c84c64c2);
c->h[2] = U64(0x2393b86b6f53b151);
c->h[3] = U64(0x963877195940eabd);
c->h[4] = U64(0x96283ee2a88effe3);
c->h[5] = U64(0xbe5e1e2553863992);
c->h[6] = U64(0x2b0199fc2c85b8aa);
c->h[7] = U64(0x0eb72ddc81c52ca2);
c->md_len = SHA512_256_DIGEST_LENGTH;
return 1;
}
int
SHA512_256_Update(SHA512_CTX *c, const void *data, size_t len)
{
return SHA512_Update(c, data, len);
}
int
SHA512_256_Final(unsigned char *md, SHA512_CTX *c)
{
return SHA512_Final(md, c);
}
#endif /* !OPENSSL_NO_SHA512 */

36
externals/libressl/crypto/sha/sha_internal.h vendored Normal file
View File

@@ -0,0 +1,36 @@
/* $OpenBSD: sha_internal.h,v 1.3 2023/04/25 15:47:29 tb Exp $ */
/*
* Copyright (c) 2023 Joel Sing <jsing@openbsd.org>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include <openssl/sha.h>
#ifndef HEADER_SHA_INTERNAL_H
#define HEADER_SHA_INTERNAL_H
#define SHA512_224_DIGEST_LENGTH 28
#define SHA512_256_DIGEST_LENGTH 32
int SHA512_224_Init(SHA512_CTX *c);
int SHA512_224_Update(SHA512_CTX *c, const void *data, size_t len)
__attribute__ ((__bounded__(__buffer__,2,3)));
int SHA512_224_Final(unsigned char *md, SHA512_CTX *c);
int SHA512_256_Init(SHA512_CTX *c);
int SHA512_256_Update(SHA512_CTX *c, const void *data, size_t len)
__attribute__ ((__bounded__(__buffer__,2,3)));
int SHA512_256_Final(unsigned char *md, SHA512_CTX *c);
#endif