Re-apply portability changes to current sha2.{c,h}.

Rather than attempt to apply 14 years' worth of changes to OpenBSD's sha2 I imported the current versions directly then re-applied the portability changes. This also allowed re-syncing digest-libc.c against upstream.
2019-07-23 21:51:22 +10:00 · 2019-07-23 21:51:22 +10:00 · 11cba2a452
--- a/configure.ac
+++ b/configure.ac
@ -1699,6 +1699,9 @@ AC_CHECK_FUNCS([ \
 	Blowfish_expandstate \
 	Blowfish_expand0state \
 	Blowfish_stream2word \
+	SHA256Update \
+	SHA384Update \
+	SHA512Update \
 	asprintf \
 	b64_ntop \
 	__b64_ntop \
@ -2849,16 +2852,9 @@ if test "x$openssl" = "xyes" ; then
 	fi
 	AC_CHECK_FUNCS([crypt DES_crypt])

-	# Search for SHA256 support in libc and/or OpenSSL
-	AC_CHECK_FUNCS([SHA256_Update EVP_sha256], ,
-	    [unsupported_algorithms="$unsupported_algorithms \
-		hmac-sha2-256 \
-		hmac-sha2-512 \
-		diffie-hellman-group-exchange-sha256 \
-		hmac-sha2-256-etm@openssh.com \
-		hmac-sha2-512-etm@openssh.com"
-	     ]
-	)
+	# Check for SHA256, SHA384 and SHA512 support in OpenSSL
+	AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512])
+
 	# Search for RIPE-MD support in OpenSSL
 	AC_CHECK_FUNCS([EVP_ripemd160], ,
 	    [unsupported_algorithms="$unsupported_algorithms \
--- a/digest-libc.c
+++ b/digest-libc.c
@ -28,7 +28,11 @@
 #if 0
 #include <md5.h>
 #include <rmd160.h>
+#endif
+#ifdef HAVE_SHA1_H
 #include <sha1.h>
+#endif
+#ifdef HAVE_SHA2_H
 #include <sha2.h>
 #endif

@ -83,30 +87,30 @@ const struct ssh_digest digests[SSH_DIGEST_MAX] = {
 		"SHA256",
 		SHA256_BLOCK_LENGTH,
 		SHA256_DIGEST_LENGTH,
-		sizeof(SHA256_CTX),
-		(md_init_fn *) SHA256_Init,
-		(md_update_fn *) SHA256_Update,
-		(md_final_fn *) SHA256_Final
+		sizeof(SHA2_CTX),
+		(md_init_fn *) SHA256Init,
+		(md_update_fn *) SHA256Update,
+		(md_final_fn *) SHA256Final
 	},
 	{
 		SSH_DIGEST_SHA384,
 		"SHA384",
 		SHA384_BLOCK_LENGTH,
 		SHA384_DIGEST_LENGTH,
-		sizeof(SHA384_CTX),
-		(md_init_fn *) SHA384_Init,
-		(md_update_fn *) SHA384_Update,
-		(md_final_fn *) SHA384_Final
+		sizeof(SHA2_CTX),
+		(md_init_fn *) SHA384Init,
+		(md_update_fn *) SHA384Update,
+		(md_final_fn *) SHA384Final
 	},
 	{
 		SSH_DIGEST_SHA512,
 		"SHA512",
 		SHA512_BLOCK_LENGTH,
 		SHA512_DIGEST_LENGTH,
-		sizeof(SHA512_CTX),
-		(md_init_fn *) SHA512_Init,
-		(md_update_fn *) SHA512_Update,
-		(md_final_fn *) SHA512_Final
+		sizeof(SHA2_CTX),
+		(md_init_fn *) SHA512Init,
+		(md_update_fn *) SHA512Update,
+		(md_final_fn *) SHA512Final
 	}
 };

--- a/digest-openssl.c
+++ b/digest-openssl.c
@ -34,12 +34,16 @@

 #ifndef HAVE_EVP_RIPEMD160
 # define EVP_ripemd160 NULL
-#endif /* HAVE_EVP_RIPEMD160 */
+#endif
 #ifndef HAVE_EVP_SHA256
 # define EVP_sha256 NULL
+#endif
+#ifndef HAVE_EVP_SHA384
 # define EVP_sha384 NULL
+#endif
+#ifndef HAVE_EVP_SHA512
 # define EVP_sha512 NULL
-#endif /* HAVE_EVP_SHA256 */
+#endif

 struct ssh_digest_ctx {
 	int alg;
--- a/mac.c
+++ b/mac.c
@ -58,10 +58,8 @@ static const struct macalg macs[] = {
 	/* Encrypt-and-MAC (encrypt-and-authenticate) variants */
 	{ "hmac-sha1",				SSH_DIGEST, SSH_DIGEST_SHA1, 0, 0, 0, 0 },
 	{ "hmac-sha1-96",			SSH_DIGEST, SSH_DIGEST_SHA1, 96, 0, 0, 0 },
-#ifdef HAVE_EVP_SHA256
 	{ "hmac-sha2-256",			SSH_DIGEST, SSH_DIGEST_SHA256, 0, 0, 0, 0 },
 	{ "hmac-sha2-512",			SSH_DIGEST, SSH_DIGEST_SHA512, 0, 0, 0, 0 },
-#endif
 	{ "hmac-md5",				SSH_DIGEST, SSH_DIGEST_MD5, 0, 0, 0, 0 },
 	{ "hmac-md5-96",			SSH_DIGEST, SSH_DIGEST_MD5, 96, 0, 0, 0 },
 	{ "umac-64@openssh.com",		SSH_UMAC, 0, 0, 128, 64, 0 },
@ -70,10 +68,8 @@ static const struct macalg macs[] = {
 	/* Encrypt-then-MAC variants */
 	{ "hmac-sha1-etm@openssh.com",		SSH_DIGEST, SSH_DIGEST_SHA1, 0, 0, 0, 1 },
 	{ "hmac-sha1-96-etm@openssh.com",	SSH_DIGEST, SSH_DIGEST_SHA1, 96, 0, 0, 1 },
-#ifdef HAVE_EVP_SHA256
 	{ "hmac-sha2-256-etm@openssh.com",	SSH_DIGEST, SSH_DIGEST_SHA256, 0, 0, 0, 1 },
 	{ "hmac-sha2-512-etm@openssh.com",	SSH_DIGEST, SSH_DIGEST_SHA512, 0, 0, 0, 1 },
-#endif
 	{ "hmac-md5-etm@openssh.com",		SSH_DIGEST, SSH_DIGEST_MD5, 0, 0, 0, 1 },
 	{ "hmac-md5-96-etm@openssh.com",	SSH_DIGEST, SSH_DIGEST_MD5, 96, 0, 0, 1 },
 	{ "umac-64-etm@openssh.com",		SSH_UMAC, 0, 0, 128, 64, 1 },
--- a/openbsd-compat/sha2.c
+++ b/openbsd-compat/sha2.c
@ -34,7 +34,14 @@
 * $From: sha2.c,v 1.1 2001/11/08 00:01:51 adg Exp adg $
 */

-#include <sys/types.h>
+/* OPENBSD ORIGINAL: lib/libc/hash/sha2.c */
+
+#include "includes.h"
+
+#if !defined(HAVE_SHA256UPDATE) || !defined(HAVE_SHA384UPDATE) || \
+    !defined(HAVE_SHA512UPDATE)
+
+#define MAKE_CLONE(x, y)	/* no-op out */

 #include <string.h>
 #include <sha2.h>
@ -264,6 +271,7 @@ static const u_int64_t sha512_initial_hash_value[8] = {
 };

 #if !defined(SHA2_SMALL)
+#if 0
 /* Initial hash value H for SHA-224: */
 static const u_int32_t sha224_initial_hash_value[8] = {
 	0xc1059ed8UL,
@ -275,6 +283,7 @@ static const u_int32_t sha224_initial_hash_value[8] = {
 	0x64f98fa7UL,
 	0xbefa4fa4UL
 };
+#endif /* 0 */

 /* Initial hash value H for SHA-384 */
 static const u_int64_t sha384_initial_hash_value[8] = {
@ -288,6 +297,7 @@ static const u_int64_t sha384_initial_hash_value[8] = {
 	0x47b5481dbefa4fa4ULL
 };

+#if 0
 /* Initial hash value H for SHA-512-256 */
 static const u_int64_t sha512_256_initial_hash_value[8] = {
 	0x22312194fc2bf72cULL,
@ -336,6 +346,7 @@ SHA224Final(u_int8_t digest[SHA224_DIGEST_LENGTH], SHA2_CTX *context)
 }
 DEF_WEAK(SHA224Final);
 #endif /* !defined(SHA2_SMALL) */
+#endif /* 0 */

 /*** SHA-256: *********************************************************/
 void
@ -917,6 +928,25 @@ DEF_WEAK(SHA384Transform);
 DEF_WEAK(SHA384Update);
 DEF_WEAK(SHA384Pad);

+/* Equivalent of MAKE_CLONE (which is a no-op) for SHA384 funcs */
+void
+SHA384Transform(u_int64_t state[8], const u_int8_t data[SHA512_BLOCK_LENGTH])
+{
+	return SHA512Transform(state, data);
+}
+
+void
+SHA384Update(SHA2_CTX *context, const u_int8_t *data, size_t len)
+{
+	SHA512Update(context, data, len);
+}
+
+void
+SHA384Pad(SHA2_CTX *context)
+{
+	SHA512Pad(context);
+}
+
 void
 SHA384Final(u_int8_t digest[SHA384_DIGEST_LENGTH], SHA2_CTX *context)
 {
@ -936,6 +966,7 @@ SHA384Final(u_int8_t digest[SHA384_DIGEST_LENGTH], SHA2_CTX *context)
 }
 DEF_WEAK(SHA384Final);

+#if 0
 /*** SHA-512/256: *********************************************************/
 void
 SHA512_256Init(SHA2_CTX *context)
@ -973,3 +1004,6 @@ SHA512_256Final(u_int8_t digest[SHA512_256_DIGEST_LENGTH], SHA2_CTX *context)
 }
 DEF_WEAK(SHA512_256Final);
 #endif /* !defined(SHA2_SMALL) */
+#endif /* 0 */
+
+#endif /* HAVE_SHA{256,384,512}UPDATE */
--- a/openbsd-compat/sha2.h
+++ b/openbsd-compat/sha2.h
@ -34,9 +34,16 @@
 * $From: sha2.h,v 1.1 2001/11/08 00:02:01 adg Exp adg $
 */

-#ifndef _SHA2_H
-#define _SHA2_H
+/* OPENBSD ORIGINAL: include/sha2.h */

+#ifndef _SSHSHA2_H
+#define _SSHSHA2_H
+
+#include "includes.h"
+#include <sys/cdefs.h>
+
+#if !defined(HAVE_SHA256UPDATE) || !defined(HAVE_SHA384UPDATE) || \
+    !defined(HAVE_SHA512UPDATE)

 /*** SHA-256/384/512 Various Length Definitions ***********************/
 #define SHA224_BLOCK_LENGTH		64
@ -66,6 +73,7 @@ typedef struct _SHA2_CTX {
 	u_int8_t	buffer[SHA512_BLOCK_LENGTH];
 } SHA2_CTX;

+#if 0
 __BEGIN_DECLS
 void SHA224Init(SHA2_CTX *);
 void SHA224Transform(u_int32_t state[8], const u_int8_t [SHA224_BLOCK_LENGTH]);
@ -83,7 +91,9 @@ char *SHA224FileChunk(const char *, char *, off_t, off_t)
 char *SHA224Data(const u_int8_t *, size_t, char *)
 	__attribute__((__bounded__(__string__,1,2)))
 	__attribute__((__bounded__(__minbytes__,3,SHA224_DIGEST_STRING_LENGTH)));
+#endif /* 0 */

+#ifndef HAVE_SHA256UPDATE
 void SHA256Init(SHA2_CTX *);
 void SHA256Transform(u_int32_t state[8], const u_int8_t [SHA256_BLOCK_LENGTH]);
 void SHA256Update(SHA2_CTX *, const u_int8_t *, size_t)
@ -100,7 +110,9 @@ char *SHA256FileChunk(const char *, char *, off_t, off_t)
 char *SHA256Data(const u_int8_t *, size_t, char *)
 	__attribute__((__bounded__(__string__,1,2)))
 	__attribute__((__bounded__(__minbytes__,3,SHA256_DIGEST_STRING_LENGTH)));
+#endif /* HAVE_SHA256UPDATE */

+#ifndef HAVE_SHA384UPDATE
 void SHA384Init(SHA2_CTX *);
 void SHA384Transform(u_int64_t state[8], const u_int8_t [SHA384_BLOCK_LENGTH]);
 void SHA384Update(SHA2_CTX *, const u_int8_t *, size_t)
@ -117,7 +129,9 @@ char *SHA384FileChunk(const char *, char *, off_t, off_t)
 char *SHA384Data(const u_int8_t *, size_t, char *)
 	__attribute__((__bounded__(__string__,1,2)))
 	__attribute__((__bounded__(__minbytes__,3,SHA384_DIGEST_STRING_LENGTH)));
+#endif /* HAVE_SHA384UPDATE */

+#ifndef HAVE_SHA512UPDATE
 void SHA512Init(SHA2_CTX *);
 void SHA512Transform(u_int64_t state[8], const u_int8_t [SHA512_BLOCK_LENGTH]);
 void SHA512Update(SHA2_CTX *, const u_int8_t *, size_t)
@ -134,7 +148,9 @@ char *SHA512FileChunk(const char *, char *, off_t, off_t)
 char *SHA512Data(const u_int8_t *, size_t, char *)
 	__attribute__((__bounded__(__string__,1,2)))
 	__attribute__((__bounded__(__minbytes__,3,SHA512_DIGEST_STRING_LENGTH)));
+#endif /* HAVE_SHA512UPDATE */

+#if 0
 void SHA512_256Init(SHA2_CTX *);
 void SHA512_256Transform(u_int64_t state[8], const u_int8_t [SHA512_256_BLOCK_LENGTH]);
 void SHA512_256Update(SHA2_CTX *, const u_int8_t *, size_t)
@ -152,5 +168,8 @@ char *SHA512_256Data(const u_int8_t *, size_t, char *)
 	__attribute__((__bounded__(__string__,1,2)))
 	__attribute__((__bounded__(__minbytes__,3,SHA512_256_DIGEST_STRING_LENGTH)));
 __END_DECLS
+#endif /* 0 */

-#endif /* _SHA2_H */
+#endif /* HAVE_SHA{256,384,512}UPDATE */
+
+#endif /* _SSHSHA2_H */