From ff886b82a2b65758950bdb4687cf5a1238f697a1 Mon Sep 17 00:00:00 2001 From: Ulrich Drepper Date: Thu, 2 Apr 2009 17:00:46 +0000 Subject: * configure.in: Recognize --enable-nss-crypt. * config.make.in: Add nss-crypt entry. * crypt/Makefile: If nss-crypt==yes, don't build md5.c, sha256.c, sha512.c. Don't run md5test, sha256test, sha512test. Pass -DUSE_NSS and include path for NSS directory to compiler for md5-crypt, sha256-crypt, sha512-crypt. Link libcrypt.so with -lfreebl3. * crypt/md5-crypt.c: If USE_NSS is defined, don't use local hash function implementation, use NSS. Introduce wrappers around the hash function calls. Little code size optimization. * crypt/sha256-crypt.c: Likewise. * crypt/sha512-crypt.c: Likewise. * scripts/check-local-headers.sh: Ignore nss3 directory. * configure.in: Rename pic_default to libc_cv_pic_default. * config.make.in: Likewise. --- crypt/sha512-crypt.c | 149 ++++++++++++++++++++++++++++++++++++--------------- 1 file changed, 106 insertions(+), 43 deletions(-) (limited to 'crypt/sha512-crypt.c') diff --git a/crypt/sha512-crypt.c b/crypt/sha512-crypt.c index ea96e525fb..523659e0cc 100644 --- a/crypt/sha512-crypt.c +++ b/crypt/sha512-crypt.c @@ -1,5 +1,5 @@ /* One way encryption based on SHA512 sum. - Copyright (C) 2007 Free Software Foundation, Inc. + Copyright (C) 2007, 2009 Free Software Foundation, Inc. This file is part of the GNU C Library. Contributed by Ulrich Drepper , 2007. @@ -28,6 +28,52 @@ #include "sha512.h" +#ifdef USE_NSS +typedef int PRBool; +# include +# include + +# define sha512_init_ctx(ctxp, nss_ctxp) \ + do \ + { \ + if (((nss_ctxp = NSSLOWHASH_NewContext (nss_ictx, HASH_AlgSHA512)) \ + == NULL)) \ + { \ + if (nss_ctx != NULL) \ + NSSLOWHASH_Destroy (nss_ctx); \ + if (nss_alt_ctx != NULL) \ + NSSLOWHASH_Destroy (nss_alt_ctx); \ + return NULL; \ + } \ + NSSLOWHASH_Begin (nss_ctxp); \ + } \ + while (0) + +# define sha512_process_bytes(buf, len, ctxp, nss_ctxp) \ + NSSLOWHASH_Update (nss_ctxp, (const unsigned char *) buf, len) + +# define sha512_finish_ctx(ctxp, nss_ctxp, result) \ + do \ + { \ + unsigned int ret; \ + NSSLOWHASH_End (nss_ctxp, result, &ret, sizeof (result)); \ + assert (ret == sizeof (result)); \ + NSSLOWHASH_Destroy (nss_ctxp); \ + nss_ctxp = NULL; \ + } \ + while (0) +#else +# define sha512_init_ctx(ctxp, nss_ctxp) \ + __sha512_init_ctx (ctxp) + +# define sha512_process_bytes(buf, len, ctxp, nss_ctxp) \ + __sha512_process_bytes(buf, len, ctxp) + +# define sha512_finish_ctx(ctxp, nss_ctxp, result) \ + __sha512_finish_ctx (ctxp, result) +#endif + + /* Define our magic string to mark salt for SHA512 "encryption" replacement. */ static const char sha512_salt_prefix[] = "$6$"; @@ -66,8 +112,6 @@ __sha512_crypt_r (key, salt, buffer, buflen) __attribute__ ((__aligned__ (__alignof__ (uint64_t)))); unsigned char temp_result[64] __attribute__ ((__aligned__ (__alignof__ (uint64_t)))); - struct sha512_ctx ctx; - struct sha512_ctx alt_ctx; size_t salt_len; size_t key_len; size_t cnt; @@ -123,59 +167,71 @@ __sha512_crypt_r (key, salt, buffer, buflen) assert ((salt - (char *) 0) % __alignof__ (uint64_t) == 0); } +#ifdef USE_NSS + /* Initialize libfreebl3. */ + NSSLOWInitContext *nss_ictx = NSSLOW_Init (); + if (nss_ictx == NULL) + return NULL; + NSSLOWHASHContext *nss_ctx = NULL; + NSSLOWHASHContext *nss_alt_ctx = NULL; +#else + struct sha512_ctx ctx; + struct sha512_ctx alt_ctx; +#endif + /* Prepare for the real work. */ - __sha512_init_ctx (&ctx); + sha512_init_ctx (&ctx, nss_ctx); /* Add the key string. */ - __sha512_process_bytes (key, key_len, &ctx); + sha512_process_bytes (key, key_len, &ctx, nss_ctx); /* The last part is the salt string. This must be at most 16 characters and it ends at the first `$' character. */ - __sha512_process_bytes (salt, salt_len, &ctx); + sha512_process_bytes (salt, salt_len, &ctx, nss_ctx); /* Compute alternate SHA512 sum with input KEY, SALT, and KEY. The final result will be added to the first context. */ - __sha512_init_ctx (&alt_ctx); + sha512_init_ctx (&alt_ctx, nss_alt_ctx); /* Add key. */ - __sha512_process_bytes (key, key_len, &alt_ctx); + sha512_process_bytes (key, key_len, &alt_ctx, nss_alt_ctx); /* Add salt. */ - __sha512_process_bytes (salt, salt_len, &alt_ctx); + sha512_process_bytes (salt, salt_len, &alt_ctx, nss_alt_ctx); /* Add key again. */ - __sha512_process_bytes (key, key_len, &alt_ctx); + sha512_process_bytes (key, key_len, &alt_ctx, nss_alt_ctx); /* Now get result of this (64 bytes) and add it to the other context. */ - __sha512_finish_ctx (&alt_ctx, alt_result); + sha512_finish_ctx (&alt_ctx, nss_alt_ctx, alt_result); /* Add for any character in the key one byte of the alternate sum. */ for (cnt = key_len; cnt > 64; cnt -= 64) - __sha512_process_bytes (alt_result, 64, &ctx); - __sha512_process_bytes (alt_result, cnt, &ctx); + sha512_process_bytes (alt_result, 64, &ctx, nss_ctx); + sha512_process_bytes (alt_result, cnt, &ctx, nss_ctx); /* Take the binary representation of the length of the key and for every 1 add the alternate sum, for every 0 the key. */ for (cnt = key_len; cnt > 0; cnt >>= 1) if ((cnt & 1) != 0) - __sha512_process_bytes (alt_result, 64, &ctx); + sha512_process_bytes (alt_result, 64, &ctx, nss_ctx); else - __sha512_process_bytes (key, key_len, &ctx); + sha512_process_bytes (key, key_len, &ctx, nss_ctx); /* Create intermediate result. */ - __sha512_finish_ctx (&ctx, alt_result); + sha512_finish_ctx (&ctx, nss_ctx, alt_result); /* Start computation of P byte sequence. */ - __sha512_init_ctx (&alt_ctx); + sha512_init_ctx (&alt_ctx, nss_alt_ctx); /* For every character in the password add the entire password. */ for (cnt = 0; cnt < key_len; ++cnt) - __sha512_process_bytes (key, key_len, &alt_ctx); + sha512_process_bytes (key, key_len, &alt_ctx, nss_alt_ctx); /* Finish the digest. */ - __sha512_finish_ctx (&alt_ctx, temp_result); + sha512_finish_ctx (&alt_ctx, nss_alt_ctx, temp_result); /* Create byte sequence P. */ cp = p_bytes = alloca (key_len); @@ -184,14 +240,14 @@ __sha512_crypt_r (key, salt, buffer, buflen) memcpy (cp, temp_result, cnt); /* Start computation of S byte sequence. */ - __sha512_init_ctx (&alt_ctx); + sha512_init_ctx (&alt_ctx, nss_alt_ctx); /* For every character in the password add the entire password. */ for (cnt = 0; cnt < 16 + alt_result[0]; ++cnt) - __sha512_process_bytes (salt, salt_len, &alt_ctx); + sha512_process_bytes (salt, salt_len, &alt_ctx, nss_alt_ctx); /* Finish the digest. */ - __sha512_finish_ctx (&alt_ctx, temp_result); + sha512_finish_ctx (&alt_ctx, nss_alt_ctx, temp_result); /* Create byte sequence S. */ cp = s_bytes = alloca (salt_len); @@ -204,32 +260,37 @@ __sha512_crypt_r (key, salt, buffer, buflen) for (cnt = 0; cnt < rounds; ++cnt) { /* New context. */ - __sha512_init_ctx (&ctx); + sha512_init_ctx (&ctx, nss_ctx); /* Add key or last result. */ if ((cnt & 1) != 0) - __sha512_process_bytes (p_bytes, key_len, &ctx); + sha512_process_bytes (p_bytes, key_len, &ctx, nss_ctx); else - __sha512_process_bytes (alt_result, 64, &ctx); + sha512_process_bytes (alt_result, 64, &ctx, nss_ctx); /* Add salt for numbers not divisible by 3. */ if (cnt % 3 != 0) - __sha512_process_bytes (s_bytes, salt_len, &ctx); + sha512_process_bytes (s_bytes, salt_len, &ctx, nss_ctx); /* Add key for numbers not divisible by 7. */ if (cnt % 7 != 0) - __sha512_process_bytes (p_bytes, key_len, &ctx); + sha512_process_bytes (p_bytes, key_len, &ctx, nss_ctx); /* Add key or last result. */ if ((cnt & 1) != 0) - __sha512_process_bytes (alt_result, 64, &ctx); + sha512_process_bytes (alt_result, 64, &ctx, nss_ctx); else - __sha512_process_bytes (p_bytes, key_len, &ctx); + sha512_process_bytes (p_bytes, key_len, &ctx, nss_ctx); /* Create intermediate result. */ - __sha512_finish_ctx (&ctx, alt_result); + sha512_finish_ctx (&ctx, nss_ctx, alt_result); } +#ifdef USE_NSS + /* Free libfreebl3 resources. */ + NSSLOW_Shutdown (nss_ictx); +#endif + /* Now we can construct the result string. It consists of three parts. */ cp = __stpncpy (buffer, sha512_salt_prefix, MAX (0, buflen)); @@ -252,17 +313,17 @@ __sha512_crypt_r (key, salt, buffer, buflen) --buflen; } -#define b64_from_24bit(B2, B1, B0, N) \ - do { \ - unsigned int w = ((B2) << 16) | ((B1) << 8) | (B0); \ - int n = (N); \ - while (n-- > 0 && buflen > 0) \ - { \ - *cp++ = b64t[w & 0x3f]; \ - --buflen; \ - w >>= 6; \ - } \ - } while (0) + void b64_from_24bit (unsigned int b2, unsigned int b1, unsigned int b0, + int n) + { + unsigned int w = (b2 << 16) | (b1 << 8) | b0; + while (n-- > 0 && buflen > 0) + { + *cp++ = b64t[w & 0x3f]; + --buflen; + w >>= 6; + } + } b64_from_24bit (alt_result[0], alt_result[21], alt_result[42], 4); b64_from_24bit (alt_result[22], alt_result[43], alt_result[1], 4); @@ -299,13 +360,15 @@ __sha512_crypt_r (key, salt, buffer, buflen) attaching to processes or reading core dumps cannot get any information. We do it in this way to clear correct_words[] inside the SHA512 implementation as well. */ +#ifndef USE_NSS __sha512_init_ctx (&ctx); __sha512_finish_ctx (&ctx, alt_result); + memset (&ctx, '\0', sizeof (ctx)); + memset (&alt_ctx, '\0', sizeof (alt_ctx)); +#endif memset (temp_result, '\0', sizeof (temp_result)); memset (p_bytes, '\0', key_len); memset (s_bytes, '\0', salt_len); - memset (&ctx, '\0', sizeof (ctx)); - memset (&alt_ctx, '\0', sizeof (alt_ctx)); if (copied_key != NULL) memset (copied_key, '\0', key_len); if (copied_salt != NULL) -- cgit v1.2.3