From owner-freebsd-security@FreeBSD.ORG Tue Jun 12 11:56:50 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 041B8106566B for ; Tue, 12 Jun 2012 11:56:50 +0000 (UTC) (envelope-from des@des.no) Received: from smtp.des.no (smtp.des.no [194.63.250.102]) by mx1.freebsd.org (Postfix) with ESMTP id 535E18FC08 for ; Tue, 12 Jun 2012 11:56:49 +0000 (UTC) Received: from ds4.des.no (smtp.des.no [194.63.250.102]) by smtp.des.no (Postfix) with ESMTP id 988A66C55; Tue, 12 Jun 2012 11:56:42 +0000 (UTC) Received: by ds4.des.no (Postfix, from userid 1001) id 3A9888052; Tue, 12 Jun 2012 13:56:42 +0200 (CEST) From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= To: Mike Tancsa References: <86r4tqotjo.fsf@ds4.des.no> <4FD334BE.4020900@sentex.net> <86ipeyp73q.fsf@ds4.des.no> <4FD5CF47.7070800@sentex.net> <867gvene35.fsf@ds4.des.no> <4FD5FCB3.80000@sentex.net> <863961opy0.fsf@ds4.des.no> Date: Tue, 12 Jun 2012 13:56:41 +0200 In-Reply-To: <863961opy0.fsf@ds4.des.no> ("Dag-Erling =?utf-8?Q?Sm=C3=B8rg?= =?utf-8?Q?rav=22's?= message of "Mon, 11 Jun 2012 16:58:47 +0200") Message-ID: <86zk88lp52.fsf@ds4.des.no> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.3 (berkeley-unix) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" Cc: freebsd-security@freebsd.org Subject: Re: Default password hash X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Jun 2012 11:56:50 -0000 --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable The attached patch backports support for sha256 and sha512 hashes to stable/7. It is not an exact MFH because the sha code in head uses stpncpy(), which is not present in stable/7's libc. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no --=-=-= Content-Type: text/x-patch Content-Disposition: attachment; filename=sha2-stable7.diff Index: lib/libcrypt =================================================================== --- lib/libcrypt (revision 236892) +++ lib/libcrypt (working copy) Property changes on: lib/libcrypt ___________________________________________________________________ Added: svn:mergeinfo Merged /head/gnu/libcrypt:r183242 Merged /head/lib/libcrypt:r179308,183242,213738,213814,213903,216591,220497-220498,221142,221471,227006,234132 Index: lib/libcrypt/crypt.c =================================================================== --- lib/libcrypt/crypt.c (revision 236892) +++ lib/libcrypt/crypt.c (working copy) @@ -63,6 +63,16 @@ "$3$" }, { + "sha256", + crypt_sha256, + "$5$" + }, + { + "sha512", + crypt_sha512, + "$6$" + }, + { NULL, NULL, NULL Index: lib/libcrypt/crypt-sha512.c =================================================================== --- lib/libcrypt/crypt-sha512.c (working copy) +++ lib/libcrypt/crypt-sha512.c (working copy) @@ -60,7 +60,7 @@ #define ROUNDS_MAX 999999999 static char * -sha512_crypt_r(const char *key, const char *salt, char *buffer, int buflen) +crypt_sha512_r(const char *key, const char *salt, char *buffer, int buflen) { u_long srounds; int n; @@ -210,7 +210,9 @@ /* Now we can construct the result string. It consists of three * parts. */ - cp = stpncpy(buffer, sha512_salt_prefix, MAX(0, buflen)); + cp = buffer; + strncpy(buffer, sha512_salt_prefix, MAX(0, buflen)); + cp += sizeof(sha512_salt_prefix) - 1; buflen -= sizeof(sha512_salt_prefix) - 1; if (rounds_custom) { @@ -221,7 +223,8 @@ buflen -= n; } - cp = stpncpy(cp, salt, MIN((size_t)MAX(0, buflen), salt_len)); + strncpy(cp, salt, MIN((size_t)MAX(0, buflen), salt_len)); + cp += MIN((size_t)MAX(0, buflen), salt_len); buflen -= MIN((size_t)MAX(0, buflen), salt_len); if (buflen > 0) { @@ -280,12 +283,12 @@ /* This entry point is equivalent to crypt(3). */ char * -sha512_crypt(const char *key, const char *salt) +crypt_sha512(const char *key, const char *salt) { /* We don't want to have an arbitrary limit in the size of the * password. We can compute an upper bound for the size of the * result in advance and so we can prepare the buffer we pass to - * `sha512_crypt_r'. */ + * `crypt_sha512_r'. */ static char *buffer; static int buflen; int needed; @@ -305,7 +308,7 @@ buflen = needed; } - return sha512_crypt_r(key, salt, buffer, buflen); + return crypt_sha512_r(key, salt, buffer, buflen); } #ifdef TEST @@ -482,7 +485,7 @@ } for (cnt = 0; cnt < ntests2; ++cnt) { - char *cp = sha512_crypt(tests2[cnt].input, tests2[cnt].salt); + char *cp = crypt_sha512(tests2[cnt].input, tests2[cnt].salt); if (strcmp(cp, tests2[cnt].expected) != 0) { printf("test %d: expected \"%s\", got \"%s\"\n", Index: lib/libcrypt/crypt.h =================================================================== --- lib/libcrypt/crypt.h (revision 236892) +++ lib/libcrypt/crypt.h (working copy) @@ -36,5 +36,8 @@ char *crypt_md5(const char *pw, const char *salt); char *crypt_nthash(const char *pw, const char *salt); char *crypt_blowfish(const char *pw, const char *salt); +char *crypt_sha256 (const char *pw, const char *salt); +char *crypt_sha512 (const char *pw, const char *salt); extern void _crypt_to64(char *s, u_long v, int n); +extern void b64_from_24bit(uint8_t B2, uint8_t B1, uint8_t B0, int n, int *buflen, char **cp); Index: lib/libcrypt/crypt-sha256.c =================================================================== --- lib/libcrypt/crypt-sha256.c (working copy) +++ lib/libcrypt/crypt-sha256.c (working copy) @@ -60,7 +60,7 @@ #define ROUNDS_MAX 999999999 static char * -sha256_crypt_r(const char *key, const char *salt, char *buffer, int buflen) +crypt_sha256_r(const char *key, const char *salt, char *buffer, int buflen) { u_long srounds; int n; @@ -210,7 +210,9 @@ /* Now we can construct the result string. It consists of three * parts. */ - cp = stpncpy(buffer, sha256_salt_prefix, MAX(0, buflen)); + cp = buffer; + strncpy(buffer, sha256_salt_prefix, MAX(0, buflen)); + cp += sizeof(sha256_salt_prefix) - 1; buflen -= sizeof(sha256_salt_prefix) - 1; if (rounds_custom) { @@ -221,7 +223,8 @@ buflen -= n; } - cp = stpncpy(cp, salt, MIN((size_t)MAX(0, buflen), salt_len)); + strncpy(cp, salt, MIN((size_t)MAX(0, buflen), salt_len)); + cp += MIN((size_t)MAX(0, buflen), salt_len); buflen -= MIN((size_t)MAX(0, buflen), salt_len); if (buflen > 0) { @@ -268,12 +271,12 @@ /* This entry point is equivalent to crypt(3). */ char * -sha256_crypt(const char *key, const char *salt) +crypt_sha256(const char *key, const char *salt) { /* We don't want to have an arbitrary limit in the size of the * password. We can compute an upper bound for the size of the * result in advance and so we can prepare the buffer we pass to - * `sha256_crypt_r'. */ + * `crypt_sha256_r'. */ static char *buffer; static int buflen; int needed; @@ -293,7 +296,7 @@ buflen = needed; } - return sha256_crypt_r(key, salt, buffer, buflen); + return crypt_sha256_r(key, salt, buffer, buflen); } #ifdef TEST @@ -459,7 +462,7 @@ } for (cnt = 0; cnt < ntests2; ++cnt) { - char *cp = sha256_crypt(tests2[cnt].input, tests2[cnt].salt); + char *cp = crypt_sha256(tests2[cnt].input, tests2[cnt].salt); if (strcmp(cp, tests2[cnt].expected) != 0) { printf("test %d: expected \"%s\", got \"%s\"\n", Index: lib/libcrypt/crypt.3 =================================================================== --- lib/libcrypt/crypt.3 (revision 236892) +++ lib/libcrypt/crypt.3 (working copy) @@ -29,7 +29,7 @@ .\" .\" $FreeBSD$ .\" -.Dd January 19, 1997 +.Dd April 9, 2011 .Dt CRYPT 3 .Os .Sh NAME @@ -188,6 +188,12 @@ Blowfish .It NT-Hash +.It +(unused) +.It +SHA-256 +.It +SHA-512 .El .Pp Other crypt formats may be easily added. @@ -226,7 +232,9 @@ .\" .Ql des , .Ql blf , -.Ql md5 +.Ql md5 , +.Ql sha256 , +.Ql sha512 and .Ql nth . .Pp Index: lib/libcrypt/misc.c =================================================================== --- lib/libcrypt/misc.c (revision 236892) +++ lib/libcrypt/misc.c (working copy) @@ -45,3 +45,19 @@ v >>= 6; } } + +void +b64_from_24bit(uint8_t B2, uint8_t B1, uint8_t B0, int n, int *buflen, char **cp) +{ + uint32_t w; + int i; + + w = (B2 << 16) | (B1 << 8) | B0; + for (i = 0; i < n; i++) { + **cp = itoa64[w&0x3f]; + (*cp)++; + if ((*buflen)-- < 0) + break; + w >>= 6; + } +} Index: lib/libcrypt/Makefile =================================================================== --- lib/libcrypt/Makefile (revision 236892) +++ lib/libcrypt/Makefile (working copy) @@ -12,7 +12,9 @@ .PATH: ${.CURDIR}/../libmd SRCS= crypt.c misc.c \ crypt-md5.c md5c.c \ - crypt-nthash.c md4c.c + crypt-nthash.c md4c.c \ + crypt-sha256.c sha256c.c \ + crypt-sha512.c sha512c.c MAN= crypt.3 MLINKS= crypt.3 crypt_get_format.3 crypt.3 crypt_set_format.3 CFLAGS+= -I${.CURDIR}/../libmd -I${.CURDIR}/../libutil @@ -29,7 +31,9 @@ SRCS+= auth.c property.c .for sym in auth_getval property_find properties_read properties_free \ MD4Init MD4Final MD4Update MD4Pad \ - MD5Init MD5Final MD5Update MD5Pad + MD5Init MD5Final MD5Update MD5Pad \ + SHA256_Init SHA256_Final SHA256_Update \ + SHA512_Init SHA512_Final SHA512_Update CFLAGS+= -D${sym}=__${sym} .endfor Index: lib/libmd =================================================================== --- lib/libmd (revision 236892) +++ lib/libmd (working copy) Property changes on: lib/libmd ___________________________________________________________________ Added: svn:mergeinfo Merged /head/gnu/libmd:r183242 Merged /head/lib/libmd:r179308,183242,213738,213814,213903,216591,220496,223582,227006 Index: lib/libmd/sha512.3 =================================================================== --- lib/libmd/sha512.3 (working copy) +++ lib/libmd/sha512.3 (working copy) @@ -127,7 +127,7 @@ .Xr sha 3 .Sh HISTORY These functions appeared in -.Fx 4.0 . +.Fx 9.0 . .Sh AUTHORS The core hash routines were implemented by Colin Percival based on the published Index: lib/libmd/sha256.3 =================================================================== --- lib/libmd/sha256.3 (revision 236892) +++ lib/libmd/sha256.3 (working copy) @@ -127,7 +127,7 @@ .Xr sha 3 .Sh HISTORY These functions appeared in -.Fx 4.0 . +.Fx 6.0 . .Sh AUTHORS The core hash routines were implemented by Colin Percival based on the published Index: lib/libmd/Makefile =================================================================== --- lib/libmd/Makefile (revision 236892) +++ lib/libmd/Makefile (working copy) @@ -5,10 +5,11 @@ SRCS= md2c.c md4c.c md5c.c md2hl.c md4hl.c md5hl.c \ rmd160c.c rmd160hl.c \ sha0c.c sha0hl.c sha1c.c sha1hl.c \ - sha256c.c sha256hl.c -INCS= md2.h md4.h md5.h ripemd.h sha.h sha256.h + sha256c.c sha256hl.c \ + sha512c.c sha512hl.c +INCS= md2.h md4.h md5.h ripemd.h sha.h sha256.h sha512.h -MAN+= md2.3 md4.3 md5.3 ripemd.3 sha.3 sha256.3 +MAN+= md2.3 md4.3 md5.3 ripemd.3 sha.3 sha256.3 sha512.3 MLINKS+=md2.3 MD2Init.3 md2.3 MD2Update.3 md2.3 MD2Final.3 MLINKS+=md2.3 MD2End.3 md2.3 MD2File.3 md2.3 MD2FileChunk.3 MLINKS+=md2.3 MD2Data.3 @@ -32,10 +33,15 @@ MLINKS+=sha256.3 SHA256_Final.3 sha256.3 SHA256_End.3 MLINKS+=sha256.3 SHA256_File.3 sha256.3 SHA256_FileChunk.3 MLINKS+=sha256.3 SHA256_Data.3 +MLINKS+=sha512.3 SHA512_Init.3 sha512.3 SHA512_Update.3 +MLINKS+=sha512.3 SHA512_Final.3 sha512.3 SHA512_End.3 +MLINKS+=sha512.3 SHA512_File.3 sha512.3 SHA512_FileChunk.3 +MLINKS+=sha512.3 SHA512_Data.3 CLEANFILES+= md[245]hl.c md[245].ref md[245].3 mddriver \ rmd160.ref rmd160hl.c rmddriver \ sha0.ref sha0hl.c sha1.ref sha1hl.c shadriver \ - sha256.ref sha256hl.c + sha256.ref sha256hl.c sha512.ref sha512hl.c + CFLAGS+= -I${.CURDIR} .PATH: ${.CURDIR}/${MACHINE_ARCH} @@ -76,6 +82,12 @@ -e 's/SHA256__/SHA256_/g' \ ${.ALLSRC}) > ${.TARGET} +sha512hl.c: mdXhl.c + (echo '#define LENGTH 64'; \ + sed -e 's/mdX/sha512/g' -e 's/MDX/SHA512_/g' \ + -e 's/SHA512__/SHA512_/g' \ + ${.ALLSRC}) > ${.TARGET} + rmd160hl.c: mdXhl.c (echo '#define LENGTH 20'; \ sed -e 's/mdX/ripemd/g' -e 's/MDX/RIPEMD160_/g' \ @@ -105,8 +117,10 @@ @echo 'MD4 ("abc") = a448017aaf21d8525fc10ae87aa6729d' >> ${.TARGET} @echo 'MD4 ("message digest") = d9130a8164549fe818874806e1c7014b' >> ${.TARGET} @echo 'MD4 ("abcdefghijklmnopqrstuvwxyz") = d79e1c308aa5bbcdeea8ed63df412da9' >> ${.TARGET} - @echo 'MD4 ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") = 043f8582f241db351ce627e153e7f0e4' >> ${.TARGET} - @echo 'MD4 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") = e33b4ddc9c38f2199c3e7b164fcc0536' >> ${.TARGET} + @echo 'MD4 ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") =' \ + '043f8582f241db351ce627e153e7f0e4' >> ${.TARGET} + @echo 'MD4 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") =' \ + 'e33b4ddc9c38f2199c3e7b164fcc0536' >> ${.TARGET} md5.ref: echo 'MD5 test suite:' > ${.TARGET} @@ -119,54 +133,74 @@ @echo 'MD5 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") = 57edf4a22be3c955ac49da2e2107b67a' >> ${.TARGET} sha0.ref: - (echo 'SHA-0 test suite:'; \ - echo 'SHA-0 ("") = f96cea198ad1dd5617ac084a3d92c6107708c0ef'; \ - echo 'SHA-0 ("abc") = 0164b8a914cd2a5e74c4f7ff082c4d97f1edf880'; \ - echo 'SHA-0 ("message digest") =' \ - 'c1b0f222d150ebb9aa36a40cafdc8bcbed830b14'; \ - echo 'SHA-0 ("abcdefghijklmnopqrstuvwxyz") =' \ - 'b40ce07a430cfd3c033039b9fe9afec95dc1bdcd'; \ - echo 'SHA-0 ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") =' \ - '79e966f7a3a990df33e40e3d7f8f18d2caebadfa'; \ - echo 'SHA-0 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") =' \ - '4aa29d14d171522ece47bee8957e35a41f3e9cff' ) > ${.TARGET} + echo 'SHA-0 test suite:' > ${.TARGET} + @echo 'SHA-0 ("") = f96cea198ad1dd5617ac084a3d92c6107708c0ef' >> ${.TARGET} + @echo 'SHA-0 ("abc") = 0164b8a914cd2a5e74c4f7ff082c4d97f1edf880' >> ${.TARGET} + @echo 'SHA-0 ("message digest") =' \ + 'c1b0f222d150ebb9aa36a40cafdc8bcbed830b14' >> ${.TARGET} + @echo 'SHA-0 ("abcdefghijklmnopqrstuvwxyz") =' \ + 'b40ce07a430cfd3c033039b9fe9afec95dc1bdcd' >> ${.TARGET} + @echo 'SHA-0 ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") =' \ + '79e966f7a3a990df33e40e3d7f8f18d2caebadfa' >> ${.TARGET} + @echo 'SHA-0 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") =' \ + '4aa29d14d171522ece47bee8957e35a41f3e9cff' >> ${.TARGET} sha1.ref: - (echo 'SHA-1 test suite:'; \ - echo 'SHA-1 ("") = da39a3ee5e6b4b0d3255bfef95601890afd80709'; \ - echo 'SHA-1 ("abc") = a9993e364706816aba3e25717850c26c9cd0d89d'; \ - echo 'SHA-1 ("message digest") =' \ - 'c12252ceda8be8994d5fa0290a47231c1d16aae3'; \ - echo 'SHA-1 ("abcdefghijklmnopqrstuvwxyz") =' \ - '32d10c7b8cf96570ca04ce37f2a19d84240d3a89'; \ - echo 'SHA-1 ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") =' \ - '761c457bf73b14d27e9e9265c46f4b4dda11f940'; \ - echo 'SHA-1 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") =' \ - '50abf5706a150990a08b2c5ea40fa0e585554732' ) > ${.TARGET} + echo 'SHA-1 test suite:' > ${.TARGET} + @echo 'SHA-1 ("") = da39a3ee5e6b4b0d3255bfef95601890afd80709' >> ${.TARGET} + @echo 'SHA-1 ("abc") = a9993e364706816aba3e25717850c26c9cd0d89d' >> ${.TARGET} + @echo 'SHA-1 ("message digest") =' \ + 'c12252ceda8be8994d5fa0290a47231c1d16aae3' >> ${.TARGET} + @echo 'SHA-1 ("abcdefghijklmnopqrstuvwxyz") =' \ + '32d10c7b8cf96570ca04ce37f2a19d84240d3a89' >> ${.TARGET} + @echo 'SHA-1 ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") =' \ + '761c457bf73b14d27e9e9265c46f4b4dda11f940' >> ${.TARGET} + @echo 'SHA-1 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") =' \ + '50abf5706a150990a08b2c5ea40fa0e585554732' >> ${.TARGET} sha256.ref: echo 'SHA-256 test suite:' > ${.TARGET} @echo 'SHA-256 ("") = e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855' >> ${.TARGET} - @echo 'SHA-256 ("abc") = ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad' >> ${.TARGET} - @echo 'SHA-256 ("message digest") = f7846f55cf23e14eebeab5b4e1550cad5b509e3348fbc4efa3a1413d393cb650' >> ${.TARGET} - @echo 'SHA-256 ("abcdefghijklmnopqrstuvwxyz") = 71c480df93d6ae2f1efad1447c66c9525e316218cf51fc8d9ed832f2daf18b73' >> ${.TARGET} - @echo 'SHA-256 ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") = db4bfcbd4da0cd85a60c3c37d3fbd8805c77f15fc6b1fdfe614ee0a7c8fdb4c0' >> ${.TARGET} - @echo 'SHA-256 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") = f371bc4a311f2b009eef952dd83ca80e2b60026c8e935592d0f9c308453c813e' >> ${.TARGET} + @echo 'SHA-256 ("abc") =' \ + 'ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad' >> ${.TARGET} + @echo 'SHA-256 ("message digest") =' \ + 'f7846f55cf23e14eebeab5b4e1550cad5b509e3348fbc4efa3a1413d393cb650' >> ${.TARGET} + @echo 'SHA-256 ("abcdefghijklmnopqrstuvwxyz") =' \ + '71c480df93d6ae2f1efad1447c66c9525e316218cf51fc8d9ed832f2daf18b73' >> ${.TARGET} + @echo 'SHA-256 ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") =' \ + 'db4bfcbd4da0cd85a60c3c37d3fbd8805c77f15fc6b1fdfe614ee0a7c8fdb4c0' >> ${.TARGET} + @echo 'SHA-256 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") =' \ + 'f371bc4a311f2b009eef952dd83ca80e2b60026c8e935592d0f9c308453c813e' >> ${.TARGET} +sha512.ref: + echo 'SHA-512 test suite:' > ${.TARGET} + @echo 'SHA-512 ("") =' \ + 'cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e' >> ${.TARGET} + @echo 'SHA-512 ("abc") =' \ + 'ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f' >> ${.TARGET} + @echo 'SHA-512 ("message digest") =' \ + '107dbf389d9e9f71a3a95f6c055b9251bc5268c2be16d6c13492ea45b0199f3309e16455ab1e96118e8a905d5597b72038ddb372a89826046de66687bb420e7c' >> ${.TARGET} + @echo 'SHA-512 ("abcdefghijklmnopqrstuvwxyz") =' \ + '4dbff86cc2ca1bae1e16468a05cb9881c97f1753bce3619034898faa1aabe429955a1bf8ec483d7421fe3c1646613a59ed5441fb0f321389f77f48a879c7b1f1' >> ${.TARGET} + @echo 'SHA-512 ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") =' \ + '1e07be23c26a86ea37ea810c8ec7809352515a970e9253c26f536cfc7a9996c45c8370583e0a78fa4a90041d71a4ceab7423f19c71b9d5a3e01249f0bebd5894' >> ${.TARGET} + @echo 'SHA-512 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") =' \ + '72ec1ef1124a45b047e8b7c75a932195135bb61de24ec0d1914042246e0aec3a2354e093d76f3048b456764346900cb130d2a4fd5dd16abb5e30bcb850dee843' >> ${.TARGET} + rmd160.ref: - (echo 'RIPEMD160 test suite:'; \ - echo 'RIPEMD160 ("") = 9c1185a5c5e9fc54612808977ee8f548b2258d31'; \ - echo 'RIPEMD160 ("abc") = 8eb208f7e05d987a9b044a8e98c6b087f15a0bfc'; \ - echo 'RIPEMD160 ("message digest") =' \ - '5d0689ef49d2fae572b881b123a85ffa21595f36'; \ - echo 'RIPEMD160 ("abcdefghijklmnopqrstuvwxyz") =' \ - 'f71c27109c692c1b56bbdceb5b9d2865b3708dbc'; \ - echo 'RIPEMD160 ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") =' \ - 'b0e20b6e3116640286ed3a87a5713079b21f5189'; \ - echo 'RIPEMD160 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") =' \ - '9b752e45573d4b39f4dbd3323cab82bf63326bfb' ) > ${.TARGET} + echo 'RIPEMD160 test suite:' > ${.TARGET} + @echo 'RIPEMD160 ("") = 9c1185a5c5e9fc54612808977ee8f548b2258d31' >> ${.TARGET} + @echo 'RIPEMD160 ("abc") = 8eb208f7e05d987a9b044a8e98c6b087f15a0bfc' >> ${.TARGET} + @echo 'RIPEMD160 ("message digest") =' \ + '5d0689ef49d2fae572b881b123a85ffa21595f36' >> ${.TARGET} + @echo 'RIPEMD160 ("abcdefghijklmnopqrstuvwxyz") =' \ + 'f71c27109c692c1b56bbdceb5b9d2865b3708dbc' >> ${.TARGET} + @echo 'RIPEMD160 ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") =' \ + 'b0e20b6e3116640286ed3a87a5713079b21f5189' >> ${.TARGET} + @echo 'RIPEMD160 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") =' \ + '9b752e45573d4b39f4dbd3323cab82bf63326bfb' >> ${.TARGET} -test: md2.ref md4.ref md5.ref sha0.ref rmd160.ref sha1.ref sha256.ref +test: md2.ref md4.ref md5.ref sha0.ref rmd160.ref sha1.ref sha256.ref sha512.ref @${ECHO} if any of these test fail, the code produces wrong results @${ECHO} and should NOT be used. ${CC} ${CFLAGS} ${LDFLAGS} -DMD=2 -o mddriver ${.CURDIR}/mddriver.c -L. -lmd @@ -192,6 +226,9 @@ ${CC} ${CFLAGS} ${LDFLAGS} -DSHA=256 -o shadriver ${.CURDIR}/shadriver.c -L. -lmd ./shadriver | cmp sha256.ref - @${ECHO} SHA-256 passed test + ${CC} ${CFLAGS} ${LDFLAGS} -DSHA=512 -o shadriver ${.CURDIR}/shadriver.c libmd.a + ./shadriver | cmp sha512.ref - + @${ECHO} SHA-512 passed test -rm -f shadriver .include Index: lib/libmd/rmddriver.c =================================================================== --- lib/libmd/rmddriver.c (revision 236892) +++ lib/libmd/rmddriver.c (working copy) @@ -1,53 +1,51 @@ -/* RIPEMD160DRIVER.C - test driver for RIPEMD160 - */ +/* RIPEMD160DRIVER.C - test driver for RIPEMD160 */ +/* Copyright (C) 1990-2, RSA Data Security, Inc. Created 1990. All rights + * reserved. + * + * RSA Data Security, Inc. makes no representations concerning either the + * merchantability of this software or the suitability of this software for + * any particular purpose. It is provided "as is" without express or implied + * warranty of any kind. + * + * These notices must be retained in any copies of any part of this + * documentation and/or software. */ + #include __FBSDID("$FreeBSD$"); -/* Copyright (C) 1990-2, RSA Data Security, Inc. Created 1990. All - rights reserved. - - RSA Data Security, Inc. makes no representations concerning either - the merchantability of this software or the suitability of this - software for any particular purpose. It is provided "as is" - without express or implied warranty of any kind. - - These notices must be retained in any copies of any part of this - documentation and/or software. - */ - #include #include #include #include + #include "ripemd.h" -/* Digests a string and prints the result. - */ -static void RIPEMD160String (string) -char *string; +/* Digests a string and prints the result. */ +static void +RIPEMD160String(char *string) { - char buf[2*20+1]; + char buf[2*20 + 1]; - printf ("RIPEMD160 (\"%s\") = %s\n", - string, RIPEMD160_Data(string,strlen(string),buf)); + printf("RIPEMD160 (\"%s\") = %s\n", + string, RIPEMD160_Data(string, strlen(string), buf)); } -/* Digests a reference suite of strings and prints the results. - */ -main() +/* Digests a reference suite of strings and prints the results. */ +int +main(void) { - printf ("RIPEMD160 test suite:\n"); + printf("RIPEMD160 test suite:\n"); - RIPEMD160String (""); - RIPEMD160String ("abc"); - RIPEMD160String ("message digest"); - RIPEMD160String ("abcdefghijklmnopqrstuvwxyz"); - RIPEMD160String - ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"); - RIPEMD160String - ("1234567890123456789012345678901234567890\ -1234567890123456789012345678901234567890"); - return 0; + RIPEMD160String(""); + RIPEMD160String("abc"); + RIPEMD160String("message digest"); + RIPEMD160String("abcdefghijklmnopqrstuvwxyz"); + RIPEMD160String("ABCDEFGHIJKLMNOPQRSTUVWXYZ" + "abcdefghijklmnopqrstuvwxyz0123456789"); + RIPEMD160String("1234567890123456789012345678901234567890" + "1234567890123456789012345678901234567890"); + + return 0; } Index: lib/libmd/mddriver.c =================================================================== --- lib/libmd/mddriver.c (revision 236892) +++ lib/libmd/mddriver.c (working copy) @@ -1,33 +1,31 @@ -/* MDDRIVER.C - test driver for MD2, MD4 and MD5 - */ +/* MDDRIVER.C - test driver for MD2, MD4 and MD5 */ +/* Copyright (C) 1990-2, RSA Data Security, Inc. Created 1990. All rights + * reserved. + * + * RSA Data Security, Inc. makes no representations concerning either the + * merchantability of this software or the suitability of this software for + * any particular purpose. It is provided "as is" without express or implied + * warranty of any kind. + * + * These notices must be retained in any copies of any part of this + * documentation and/or software. */ + #include __FBSDID("$FreeBSD$"); -/* Copyright (C) 1990-2, RSA Data Security, Inc. Created 1990. All - rights reserved. +#include - RSA Data Security, Inc. makes no representations concerning either - the merchantability of this software or the suitability of this - software for any particular purpose. It is provided "as is" - without express or implied warranty of any kind. +#include +#include +#include - These notices must be retained in any copies of any part of this - documentation and/or software. - */ - -/* The following makes MD default to MD5 if it has not already been - defined with C compiler flags. - */ +/* The following makes MD default to MD5 if it has not already been defined + * with C compiler flags. */ #ifndef MD #define MD 5 #endif -#include - -#include -#include -#include #if MD == 2 #include "md2.h" #define MDData MD2Data @@ -41,32 +39,31 @@ #define MDData MD5Data #endif -/* Digests a string and prints the result. - */ -static void MDString (string) -char *string; +/* Digests a string and prints the result. */ +static void +MDString(char *string) { - char buf[33]; + char buf[33]; - printf ("MD%d (\"%s\") = %s\n", - MD, string, MDData(string,strlen(string),buf)); + printf("MD%d (\"%s\") = %s\n", + MD, string, MDData(string, strlen(string), buf)); } -/* Digests a reference suite of strings and prints the results. - */ -main() +/* Digests a reference suite of strings and prints the results. */ +int +main(void) { - printf ("MD%d test suite:\n", MD); + printf("MD%d test suite:\n", MD); - MDString (""); - MDString ("a"); - MDString ("abc"); - MDString ("message digest"); - MDString ("abcdefghijklmnopqrstuvwxyz"); - MDString - ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"); - MDString - ("1234567890123456789012345678901234567890\ -1234567890123456789012345678901234567890"); - return 0; + MDString(""); + MDString("a"); + MDString("abc"); + MDString("message digest"); + MDString("abcdefghijklmnopqrstuvwxyz"); + MDString("ABCDEFGHIJKLMNOPQRSTUVWXYZ" + "abcdefghijklmnopqrstuvwxyz0123456789"); + MDString("1234567890123456789012345678901234567890" + "1234567890123456789012345678901234567890"); + + return 0; } Index: lib/libmd/shadriver.c =================================================================== --- lib/libmd/shadriver.c (revision 236892) +++ lib/libmd/shadriver.c (working copy) @@ -1,66 +1,67 @@ -/* SHADRIVER.C - test driver for SHA-1 (and SHA-0) - */ +/* SHADRIVER.C - test driver for SHA-1 (and SHA-2) */ +/* Copyright (C) 1990-2, RSA Data Security, Inc. Created 1990. All rights + * reserved. + * + * RSA Data Security, Inc. makes no representations concerning either the + * merchantability of this software or the suitability of this software for + * any particular purpose. It is provided "as is" without express or implied + * warranty of any kind. + * + * These notices must be retained in any copies of any part of this + * documentation and/or software. */ + #include __FBSDID("$FreeBSD$"); -/* Copyright (C) 1990-2, RSA Data Security, Inc. Created 1990. All - rights reserved. +#include - RSA Data Security, Inc. makes no representations concerning either - the merchantability of this software or the suitability of this - software for any particular purpose. It is provided "as is" - without express or implied warranty of any kind. +#include +#include +#include - These notices must be retained in any copies of any part of this - documentation and/or software. - */ +#include "sha.h" +#include "sha256.h" +#include "sha512.h" /* The following makes SHA default to SHA-1 if it has not already been - defined with C compiler flags. - */ + * defined with C compiler flags. */ #ifndef SHA #define SHA 1 #endif -#include - -#include -#include -#include -#include "sha.h" -#include "sha256.h" #if SHA == 1 #define SHA_Data SHA1_Data #elif SHA == 256 #define SHA_Data SHA256_Data +#elif SHA == 512 +#define SHA_Data SHA512_Data #endif -/* Digests a string and prints the result. - */ -static void SHAString (string) -char *string; +/* Digests a string and prints the result. */ +static void +SHAString(char *string) { - char buf[2*32+1]; + char buf[2*64 + 1]; - printf ("SHA-%d (\"%s\") = %s\n", - SHA, string, SHA_Data(string,strlen(string),buf)); + printf("SHA-%d (\"%s\") = %s\n", + SHA, string, SHA_Data(string, strlen(string), buf)); } -/* Digests a reference suite of strings and prints the results. - */ -main() +/* Digests a reference suite of strings and prints the results. */ +int +main(void) { - printf ("SHA-%d test suite:\n", SHA); + printf("SHA-%d test suite:\n", SHA); - SHAString (""); - SHAString ("abc"); - SHAString ("message digest"); - SHAString ("abcdefghijklmnopqrstuvwxyz"); - SHAString - ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"); - SHAString - ("1234567890123456789012345678901234567890\ -1234567890123456789012345678901234567890"); - return 0; + SHAString(""); + SHAString("abc"); + SHAString("message digest"); + SHAString("abcdefghijklmnopqrstuvwxyz"); + SHAString("ABCDEFGHIJKLMNOPQRSTUVWXYZ" + "abcdefghijklmnopqrstuvwxyz0123456789"); + SHAString("1234567890123456789012345678901234567890" + "1234567890123456789012345678901234567890"); + + return 0; } --=-=-=--