0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews * Copyright (C) 2005-2007, 2009, 2011, 2012, 2014, 2016-2018 Internet Systems Consortium, Inc. ("ISC")
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews * This Source Code Form is subject to the terms of the Mozilla Public
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews * License, v. 2.0. If a copy of the MPL was not distributed with this
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews * file, You can obtain one at http://mozilla.org/MPL/2.0/.
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein/* $FreeBSD: src/sys/crypto/sha2/sha2.c,v 1.2.2.2 2002/03/05 08:36:47 ume Exp $ */
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence/* $KAME: sha2.c,v 1.8 2001/11/08 01:07:52 itojun Exp $ */
3759f10fc543747668b1ca4b4671f35b0dea8445Francis Dupont * Version 1.0.0beta1
643168599fc9fe58ae1779ac93e435b3fa934eeeMark Andrews * Written by Aaron D. Gifford <me@aarongifford.com>
643168599fc9fe58ae1779ac93e435b3fa934eeeMark Andrews * Copyright 2000 Aaron D. Gifford. All rights reserved.
643168599fc9fe58ae1779ac93e435b3fa934eeeMark Andrews * Redistribution and use in source and binary forms, with or without
643168599fc9fe58ae1779ac93e435b3fa934eeeMark Andrews * modification, are permitted provided that the following conditions
643168599fc9fe58ae1779ac93e435b3fa934eeeMark Andrews * 1. Redistributions of source code must retain the above copyright
643168599fc9fe58ae1779ac93e435b3fa934eeeMark Andrews * notice, this list of conditions and the following disclaimer.
643168599fc9fe58ae1779ac93e435b3fa934eeeMark Andrews * 2. Redistributions in binary form must reproduce the above copyright
643168599fc9fe58ae1779ac93e435b3fa934eeeMark Andrews * notice, this list of conditions and the following disclaimer in the
643168599fc9fe58ae1779ac93e435b3fa934eeeMark Andrews * documentation and/or other materials provided with the distribution.
643168599fc9fe58ae1779ac93e435b3fa934eeeMark Andrews * 3. Neither the name of the copyright holder nor the names of contributors
643168599fc9fe58ae1779ac93e435b3fa934eeeMark Andrews * may be used to endorse or promote products derived from this software
643168599fc9fe58ae1779ac93e435b3fa934eeeMark Andrews * without specific prior written permission.
643168599fc9fe58ae1779ac93e435b3fa934eeeMark Andrews * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) AND CONTRIBUTOR(S) ``AS IS'' AND
643168599fc9fe58ae1779ac93e435b3fa934eeeMark Andrews * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
643168599fc9fe58ae1779ac93e435b3fa934eeeMark Andrews * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
643168599fc9fe58ae1779ac93e435b3fa934eeeMark Andrews * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR(S) OR CONTRIBUTOR(S) BE LIABLE
643168599fc9fe58ae1779ac93e435b3fa934eeeMark Andrews * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
643168599fc9fe58ae1779ac93e435b3fa934eeeMark Andrews * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
643168599fc9fe58ae1779ac93e435b3fa934eeeMark Andrews * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
91cd0f93ad34d23e8b09dca337120f64fbe8f0a1Andreas Gustafsson * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
643168599fc9fe58ae1779ac93e435b3fa934eeeMark Andrews * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
643168599fc9fe58ae1779ac93e435b3fa934eeeMark Andrews * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
643168599fc9fe58ae1779ac93e435b3fa934eeeMark Andrews * SUCH DAMAGE.
76942b0fed33963e6ed1c404ef8d0f9b7aee104dMark Andrews#if defined(ISC_PLATFORM_OPENSSLHASH) && !defined(LIBRESSL_VERSION_NUMBER)
9618b7e8c2c9897ee2f505bfef91662c2c56261dMark Andrews#define EVP_MD_CTX_free(ptr) EVP_MD_CTX_cleanup(ptr)
9618b7e8c2c9897ee2f505bfef91662c2c56261dMark Andrews#define EVP_MD_CTX_reset(c) EVP_MD_CTX_cleanup(c)
643168599fc9fe58ae1779ac93e435b3fa934eeeMark Andrews if (EVP_DigestInit(context->ctx, EVP_sha224()) != 1) {
if (len == 0U) {
if (len == 0U) {
if (len == 0U) {
if (len == 0U) {
if (len == 0U) {
&len));
if (len == 0U) {
&len));
if (len == 0U) {
&len));
if (len == 0U) {
&len));
* cc -DISC_SHA2_UNROLL_TRANSFORM -o sha2 sha2.c sha2prog.c
#ifndef BYTE_ORDER
#ifndef BIG_ENDIAN
#ifndef LITTLE_ENDIAN
#ifdef WORDS_BIGENDIAN
/* NOTE: Most of these are in sha2.h */
#ifdef WIN32
(w)[0] += (isc_uint64_t)(n); \
* (see http://csrc.nist.gov/cryptval/shs/sha256-384-512.pdf) uses this
* library -- they are intended for private internal visibility/use
#ifdef WIN32
#ifdef ISC_SHA2_UNROLL_TRANSFORM
(d) += T1; \
(d) += T1; \
(d) += T1; \
ROUND256_0_TO_15(a,b,c,d,e,f,g,h);
ROUND256_0_TO_15(h,a,b,c,d,e,f,g);
ROUND256_0_TO_15(g,h,a,b,c,d,e,f);
ROUND256_0_TO_15(f,g,h,a,b,c,d,e);
ROUND256_0_TO_15(e,f,g,h,a,b,c,d);
ROUND256_0_TO_15(d,e,f,g,h,a,b,c);
ROUND256_0_TO_15(c,d,e,f,g,h,a,b);
ROUND256_0_TO_15(b,c,d,e,f,g,h,a);
ROUND256(a,b,c,d,e,f,g,h);
ROUND256(h,a,b,c,d,e,f,g);
ROUND256(g,h,a,b,c,d,e,f);
ROUND256(f,g,h,a,b,c,d,e);
ROUND256(e,f,g,h,a,b,c,d);
ROUND256(d,e,f,g,h,a,b,c);
ROUND256(c,d,e,f,g,h,a,b);
ROUND256(b,c,d,e,f,g,h,a);
a = b = c = d = e = f = g = h = T1 = 0;
/* Apply the SHA-256 compression function to update a..h */
/* Apply the SHA-256 compression function to update a..h with copy */
e = d + T1;
/* Apply the SHA-256 compression function to update a..h */
e = d + T1;
if (len == 0U) {
if (usedspace > 0) {
if (len > 0U) {
if (usedspace > 0) {
usedspace = 0;
#ifdef ISC_SHA2_UNROLL_TRANSFORM
(d) += T1, \
(d) += T1; \
(d) += T1; \
ROUND512_0_TO_15(a,b,c,d,e,f,g,h);
ROUND512_0_TO_15(h,a,b,c,d,e,f,g);
ROUND512_0_TO_15(g,h,a,b,c,d,e,f);
ROUND512_0_TO_15(f,g,h,a,b,c,d,e);
ROUND512_0_TO_15(e,f,g,h,a,b,c,d);
ROUND512_0_TO_15(d,e,f,g,h,a,b,c);
ROUND512_0_TO_15(c,d,e,f,g,h,a,b);
ROUND512_0_TO_15(b,c,d,e,f,g,h,a);
ROUND512(a,b,c,d,e,f,g,h);
ROUND512(h,a,b,c,d,e,f,g);
ROUND512(g,h,a,b,c,d,e,f);
ROUND512(f,g,h,a,b,c,d,e);
ROUND512(e,f,g,h,a,b,c,d);
ROUND512(d,e,f,g,h,a,b,c);
ROUND512(c,d,e,f,g,h,a,b);
ROUND512(b,c,d,e,f,g,h,a);
a = b = c = d = e = f = g = h = T1 = 0;
/* Apply the SHA-512 compression function to update a..h */
/* Apply the SHA-512 compression function to update a..h with copy */
e = d + T1;
/* Apply the SHA-512 compression function to update a..h */
e = d + T1;
if (len == 0U) {
if (usedspace > 0) {
if (len > 0U) {
if (usedspace > 0) {
if (buffer != (char*)0) {
for (i = 0; i < ISC_SHA224_DIGESTLENGTH; i++) {
*buffer = (char)0;
return buffer;
if (buffer != (char*)0) {
for (i = 0; i < ISC_SHA256_DIGESTLENGTH; i++) {
*buffer = (char)0;
return buffer;
if (buffer != (char*)0) {
for (i = 0; i < ISC_SHA512_DIGESTLENGTH; i++) {
*buffer = (char)0;
return buffer;
if (buffer != (char*)0) {
for (i = 0; i < ISC_SHA384_DIGESTLENGTH; i++) {
*buffer = (char)0;
return buffer;