Re: [PATCH v2 10/13] Add a base implementation of SHA-256 support

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Oct 15, 2018 at 02:18:57AM +0000, brian m. carlson wrote:
> diff --git a/sha256/block/sha256.c b/sha256/block/sha256.c
> new file mode 100644
> index 0000000000..18350c161a
> --- /dev/null
> +++ b/sha256/block/sha256.c
> @@ -0,0 +1,180 @@
> +#include "git-compat-util.h"
> +#include "./sha256.h"
> +
> +#define BLKSIZE blk_SHA256_BLKSIZE
> +
> +void blk_SHA256_Init(blk_SHA256_CTX *ctx)
> +{
> +	ctx->offset = 0;
> +	ctx->length = 0;
> +	ctx->state[0] = 0x6A09E667UL;
> +	ctx->state[1] = 0xBB67AE85UL;
> +	ctx->state[2] = 0x3C6EF372UL;
> +	ctx->state[3] = 0xA54FF53AUL;
> +	ctx->state[4] = 0x510E527FUL;
> +	ctx->state[5] = 0x9B05688CUL;
> +	ctx->state[6] = 0x1F83D9ABUL;
> +	ctx->state[7] = 0x5BE0CD19UL;
> +}
> +
> +static inline uint32_t ror(uint32_t x, unsigned n)
> +{
> +	return (x >> n) | (x << (32 - n));
> +}
> +
> +#define Ch(x,y,z)       (z ^ (x & (y ^ z)))
> +#define Maj(x,y,z)      (((x | y) & z) | (x & y))
> +#define S(x, n)         ror((x),(n))
> +#define R(x, n)         ((x)>>(n))
> +#define Sigma0(x)       (S(x, 2) ^ S(x, 13) ^ S(x, 22))
> +#define Sigma1(x)       (S(x, 6) ^ S(x, 11) ^ S(x, 25))
> +#define Gamma0(x)       (S(x, 7) ^ S(x, 18) ^ R(x, 3))
> +#define Gamma1(x)       (S(x, 17) ^ S(x, 19) ^ R(x, 10))

[...]

> +#define RND(a,b,c,d,e,f,g,h,i,ki)                    \
> +	t0 = h + Sigma1(e) + Ch(e, f, g) + ki + W[i];   \
> +	t1 = Sigma0(a) + Maj(a, b, c);                  \
> +	d += t0;                                        \
> +	h  = t0 + t1;
> +
> +	RND(S[0],S[1],S[2],S[3],S[4],S[5],S[6],S[7],0,0x428a2f98);

[...]

> +#undef RND
> +
> +	for (i = 0; i < 8; i++) {
> +		ctx->state[i] = ctx->state[i] + S[i];
> +	}
> +}
> +
> +#define MIN(x, y) ((x) < (y) ? (x) : (y))

On macOS there is a MIN macro already defined in the system headers,
resulting in the following error:

      CC sha256/block/sha256.o
  sha256/block/sha256.c:133:9: error: 'MIN' macro redefined [-Werror,-Wmacro-redefined]
  #define MIN(x, y) ((x) < (y) ? (x) : (y))
          ^
  /usr/include/sys/param.h:215:9: note: previous definition is here
  #define MIN(a,b) (((a)<(b))?(a):(b))
          ^
  1 error generated.
  make: *** [sha256/block/sha256.o] Error 1

A simple "#undef MIN" solves this issue.  However, I wonder whether we
should #undef the other #define directives as well, just to be sure
(and perhaps overly cautious).

> +void blk_SHA256_Update(blk_SHA256_CTX *ctx, const void *data, size_t len)
> +{
> +	const unsigned char *in = data;
> +	size_t n;
> +	ctx->length += len;
> +	while (len > 0) {
> +		if (!ctx->offset && len >= BLKSIZE) {
> +			blk_SHA256_Transform(ctx, in);
> +			in += BLKSIZE;
> +			len -= BLKSIZE;
> +		} else {
> +			n = MIN(len, (BLKSIZE - ctx->offset));
> +			memcpy(ctx->buf + ctx->offset, in, n);
> +			ctx->offset += n;
> +			in += n;
> +			len -= n;
> +			if (ctx->offset == BLKSIZE) {
> +				blk_SHA256_Transform(ctx, ctx->buf);
> +				ctx->offset = 0;
> +			}
> +		}
> +	}
> +}
> +
> +void blk_SHA256_Final(unsigned char *digest, blk_SHA256_CTX *ctx)
> +{
> +	const unsigned trip = BLKSIZE - sizeof(ctx->length);
> +	int i;
> +
> +	ctx->length <<= 3;
> +	ctx->buf[ctx->offset++] = 0x80;
> +
> +	if (ctx->offset > trip) {
> +		memset(ctx->buf + ctx->offset, 0, BLKSIZE - ctx->offset);
> +		blk_SHA256_Transform(ctx, ctx->buf);
> +		ctx->offset = 0;
> +	}
> +
> +	memset(ctx->buf + ctx->offset, 0, BLKSIZE - ctx->offset - sizeof(ctx->length));
> +
> +	put_be64(ctx->buf + trip, ctx->length);

Some GCC versions (e.g. gcc-4.8 with -O2 -Wall -Werror) complain about
the above line:

      CC sha256/block/sha256.o
  sha256/block/sha256.c: In function ‘blk_SHA256_Final’:
  sha256/block/sha256.c:174:2: error: dereferencing type-punned pointer will break strict-aliasing rules [-Werror=strict-aliasing]
    put_be64(ctx->buf + trip, ctx->length);
    ^
  cc1: all warnings being treated as errors
  make: *** [sha256/block/sha256.o] Error 1

Something like this makes it compile:

  void *ptr = ctx->buf + trip;
  put_be64(ptr, ctx->length);

However, it's not immediately obvious to me why the compiler
complains, or why that intermediate void* variable makes any
difference, but now it's not the time to put on my language lawyer
hat.

Perhaps an old compiler bug?  Clang in general, newer GCC versions, or
gcc-4.8 with -Wall -Werror but without -O2 don't seem to be affected.


> +	blk_SHA256_Transform(ctx, ctx->buf);
> +
> +	/* copy output */
> +	for (i = 0; i < 8; i++, digest += sizeof(uint32_t))
> +		put_be32(digest, ctx->state[i]);
> +}



[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]

  Powered by Linux