* configure.in: Recognize --enable-nss-crypt.

* config.make.in: Add nss-crypt entry. * crypt/Makefile: If nss-crypt==yes, don't build md5.c, sha256.c, sha512.c. Don't run md5test, sha256test, sha512test. Pass -DUSE_NSS and include path for NSS directory to compiler for md5-crypt, sha256-crypt, sha512-crypt. Link libcrypt.so with -lfreebl3. * crypt/md5-crypt.c: If USE_NSS is defined, don't use local hash function implementation, use NSS. Introduce wrappers around the hash function calls. Little code size optimization. * crypt/sha256-crypt.c: Likewise. * crypt/sha512-crypt.c: Likewise. * scripts/check-local-headers.sh: Ignore nss3 directory. * configure.in: Rename pic_default to libc_cv_pic_default. * config.make.in: Likewise.
2025-07-30 22:43:12 +03:00 · 2009-04-02 17:00:46 +00:00
parent 900d7961d4
commit ff886b82a2
8 changed files with 3213 additions and 2028 deletions
--- a/crypt/sha512-crypt.c
+++ b/crypt/sha512-crypt.c
@ -1,5 +1,5 @@
 /* One way encryption based on SHA512 sum.
-   Copyright (C) 2007 Free Software Foundation, Inc.
+   Copyright (C) 2007, 2009 Free Software Foundation, Inc.
   This file is part of the GNU C Library.
   Contributed by Ulrich Drepper <drepper@redhat.com>, 2007.

@ -28,6 +28,52 @@
 #include "sha512.h"


+#ifdef USE_NSS
+typedef int PRBool;
+# include <hasht.h>
+# include <nsslowhash.h>
+
+# define sha512_init_ctx(ctxp, nss_ctxp) \
+  do									      \
+    {									      \
+      if (((nss_ctxp = NSSLOWHASH_NewContext (nss_ictx, HASH_AlgSHA512))      \
+	   == NULL))							      \
+	{								      \
+	  if (nss_ctx != NULL)						      \
+	    NSSLOWHASH_Destroy (nss_ctx);				      \
+	  if (nss_alt_ctx != NULL)					      \
+	    NSSLOWHASH_Destroy (nss_alt_ctx);				      \
+	  return NULL;							      \
+	}								      \
+      NSSLOWHASH_Begin (nss_ctxp);					      \
+    }									      \
+  while (0)
+
+# define sha512_process_bytes(buf, len, ctxp, nss_ctxp) \
+  NSSLOWHASH_Update (nss_ctxp, (const unsigned char *) buf, len)
+
+# define sha512_finish_ctx(ctxp, nss_ctxp, result) \
+  do									      \
+    {									      \
+      unsigned int ret;							      \
+      NSSLOWHASH_End (nss_ctxp, result, &ret, sizeof (result));		      \
+      assert (ret == sizeof (result));					      \
+      NSSLOWHASH_Destroy (nss_ctxp);					      \
+      nss_ctxp = NULL;							      \
+    }									      \
+  while (0)
+#else
+# define sha512_init_ctx(ctxp, nss_ctxp) \
+  __sha512_init_ctx (ctxp)
+
+# define sha512_process_bytes(buf, len, ctxp, nss_ctxp) \
+  __sha512_process_bytes(buf, len, ctxp)
+
+# define sha512_finish_ctx(ctxp, nss_ctxp, result) \
+  __sha512_finish_ctx (ctxp, result)
+#endif
+
+
 /* Define our magic string to mark salt for SHA512 "encryption"
   replacement.  */
 static const char sha512_salt_prefix[] = "$6$";
@ -66,8 +112,6 @@ __sha512_crypt_r (key, salt, buffer, buflen)
    __attribute__ ((__aligned__ (__alignof__ (uint64_t))));
  unsigned char temp_result[64]
    __attribute__ ((__aligned__ (__alignof__ (uint64_t))));
-  struct sha512_ctx ctx;
-  struct sha512_ctx alt_ctx;
  size_t salt_len;
  size_t key_len;
  size_t cnt;
@ -123,59 +167,71 @@ __sha512_crypt_r (key, salt, buffer, buflen)
      assert ((salt - (char *) 0) % __alignof__ (uint64_t) == 0);
    }

+#ifdef USE_NSS
+  /* Initialize libfreebl3.  */
+  NSSLOWInitContext *nss_ictx = NSSLOW_Init ();
+  if (nss_ictx == NULL)
+    return NULL;
+  NSSLOWHASHContext *nss_ctx = NULL;
+  NSSLOWHASHContext *nss_alt_ctx = NULL;
+#else
+  struct sha512_ctx ctx;
+  struct sha512_ctx alt_ctx;
+#endif
+
  /* Prepare for the real work.  */
-  __sha512_init_ctx (&ctx);
+  sha512_init_ctx (&ctx, nss_ctx);

  /* Add the key string.  */
-  __sha512_process_bytes (key, key_len, &ctx);
+  sha512_process_bytes (key, key_len, &ctx, nss_ctx);

  /* The last part is the salt string.  This must be at most 16
     characters and it ends at the first `$' character.  */
-  __sha512_process_bytes (salt, salt_len, &ctx);
+  sha512_process_bytes (salt, salt_len, &ctx, nss_ctx);


  /* Compute alternate SHA512 sum with input KEY, SALT, and KEY.  The
     final result will be added to the first context.  */
-  __sha512_init_ctx (&alt_ctx);
+  sha512_init_ctx (&alt_ctx, nss_alt_ctx);

  /* Add key.  */
-  __sha512_process_bytes (key, key_len, &alt_ctx);
+  sha512_process_bytes (key, key_len, &alt_ctx, nss_alt_ctx);

  /* Add salt.  */
-  __sha512_process_bytes (salt, salt_len, &alt_ctx);
+  sha512_process_bytes (salt, salt_len, &alt_ctx, nss_alt_ctx);

  /* Add key again.  */
-  __sha512_process_bytes (key, key_len, &alt_ctx);
+  sha512_process_bytes (key, key_len, &alt_ctx, nss_alt_ctx);

  /* Now get result of this (64 bytes) and add it to the other
     context.  */
-  __sha512_finish_ctx (&alt_ctx, alt_result);
+  sha512_finish_ctx (&alt_ctx, nss_alt_ctx, alt_result);

  /* Add for any character in the key one byte of the alternate sum.  */
  for (cnt = key_len; cnt > 64; cnt -= 64)
-    __sha512_process_bytes (alt_result, 64, &ctx);
-  __sha512_process_bytes (alt_result, cnt, &ctx);
+    sha512_process_bytes (alt_result, 64, &ctx, nss_ctx);
+  sha512_process_bytes (alt_result, cnt, &ctx, nss_ctx);

  /* Take the binary representation of the length of the key and for every
     1 add the alternate sum, for every 0 the key.  */
  for (cnt = key_len; cnt > 0; cnt >>= 1)
    if ((cnt & 1) != 0)
-      __sha512_process_bytes (alt_result, 64, &ctx);
+      sha512_process_bytes (alt_result, 64, &ctx, nss_ctx);
    else
-      __sha512_process_bytes (key, key_len, &ctx);
+      sha512_process_bytes (key, key_len, &ctx, nss_ctx);

  /* Create intermediate result.  */
-  __sha512_finish_ctx (&ctx, alt_result);
+  sha512_finish_ctx (&ctx, nss_ctx, alt_result);

  /* Start computation of P byte sequence.  */
-  __sha512_init_ctx (&alt_ctx);
+  sha512_init_ctx (&alt_ctx, nss_alt_ctx);

  /* For every character in the password add the entire password.  */
  for (cnt = 0; cnt < key_len; ++cnt)
-    __sha512_process_bytes (key, key_len, &alt_ctx);
+    sha512_process_bytes (key, key_len, &alt_ctx, nss_alt_ctx);

  /* Finish the digest.  */
-  __sha512_finish_ctx (&alt_ctx, temp_result);
+  sha512_finish_ctx (&alt_ctx, nss_alt_ctx, temp_result);

  /* Create byte sequence P.  */
  cp = p_bytes = alloca (key_len);
@ -184,14 +240,14 @@ __sha512_crypt_r (key, salt, buffer, buflen)
  memcpy (cp, temp_result, cnt);

  /* Start computation of S byte sequence.  */
-  __sha512_init_ctx (&alt_ctx);
+  sha512_init_ctx (&alt_ctx, nss_alt_ctx);

  /* For every character in the password add the entire password.  */
  for (cnt = 0; cnt < 16 + alt_result[0]; ++cnt)
-    __sha512_process_bytes (salt, salt_len, &alt_ctx);
+    sha512_process_bytes (salt, salt_len, &alt_ctx, nss_alt_ctx);

  /* Finish the digest.  */
-  __sha512_finish_ctx (&alt_ctx, temp_result);
+  sha512_finish_ctx (&alt_ctx, nss_alt_ctx, temp_result);

  /* Create byte sequence S.  */
  cp = s_bytes = alloca (salt_len);
@ -204,32 +260,37 @@ __sha512_crypt_r (key, salt, buffer, buflen)
  for (cnt = 0; cnt < rounds; ++cnt)
    {
      /* New context.  */
-      __sha512_init_ctx (&ctx);
+      sha512_init_ctx (&ctx, nss_ctx);

      /* Add key or last result.  */
      if ((cnt & 1) != 0)
-	__sha512_process_bytes (p_bytes, key_len, &ctx);
+	sha512_process_bytes (p_bytes, key_len, &ctx, nss_ctx);
      else
-	__sha512_process_bytes (alt_result, 64, &ctx);
+	sha512_process_bytes (alt_result, 64, &ctx, nss_ctx);

      /* Add salt for numbers not divisible by 3.  */
      if (cnt % 3 != 0)
-	__sha512_process_bytes (s_bytes, salt_len, &ctx);
+	sha512_process_bytes (s_bytes, salt_len, &ctx, nss_ctx);

      /* Add key for numbers not divisible by 7.  */
      if (cnt % 7 != 0)
-	__sha512_process_bytes (p_bytes, key_len, &ctx);
+	sha512_process_bytes (p_bytes, key_len, &ctx, nss_ctx);

      /* Add key or last result.  */
      if ((cnt & 1) != 0)
-	__sha512_process_bytes (alt_result, 64, &ctx);
+	sha512_process_bytes (alt_result, 64, &ctx, nss_ctx);
      else
-	__sha512_process_bytes (p_bytes, key_len, &ctx);
+	sha512_process_bytes (p_bytes, key_len, &ctx, nss_ctx);

      /* Create intermediate result.  */
-      __sha512_finish_ctx (&ctx, alt_result);
+      sha512_finish_ctx (&ctx, nss_ctx, alt_result);
    }

+#ifdef USE_NSS
+  /* Free libfreebl3 resources. */
+  NSSLOW_Shutdown (nss_ictx);
+#endif
+
  /* Now we can construct the result string.  It consists of three
     parts.  */
  cp = __stpncpy (buffer, sha512_salt_prefix, MAX (0, buflen));
@ -252,17 +313,17 @@ __sha512_crypt_r (key, salt, buffer, buflen)
      --buflen;
    }

-#define b64_from_24bit(B2, B1, B0, N)					      \
-  do {									      \
-    unsigned int w = ((B2) << 16) | ((B1) << 8) | (B0);			      \
-    int n = (N);							      \
-    while (n-- > 0 && buflen > 0)					      \
-      {									      \
-	*cp++ = b64t[w & 0x3f];						      \
-	--buflen;							      \
-	w >>= 6;							      \
-      }									      \
-  } while (0)
+  void b64_from_24bit (unsigned int b2, unsigned int b1, unsigned int b0,
+		       int n)
+  {
+    unsigned int w = (b2 << 16) | (b1 << 8) | b0;
+    while (n-- > 0 && buflen > 0)
+      {
+	*cp++ = b64t[w & 0x3f];
+	--buflen;
+	w >>= 6;
+      }
+  }

  b64_from_24bit (alt_result[0], alt_result[21], alt_result[42], 4);
  b64_from_24bit (alt_result[22], alt_result[43], alt_result[1], 4);
@ -299,13 +360,15 @@ __sha512_crypt_r (key, salt, buffer, buflen)
     attaching to processes or reading core dumps cannot get any
     information.  We do it in this way to clear correct_words[]
     inside the SHA512 implementation as well.  */
+#ifndef USE_NSS
  __sha512_init_ctx (&ctx);
  __sha512_finish_ctx (&ctx, alt_result);
+  memset (&ctx, '\0', sizeof (ctx));
+  memset (&alt_ctx, '\0', sizeof (alt_ctx));
+#endif
  memset (temp_result, '\0', sizeof (temp_result));
  memset (p_bytes, '\0', key_len);
  memset (s_bytes, '\0', salt_len);
-  memset (&ctx, '\0', sizeof (ctx));
-  memset (&alt_ctx, '\0', sizeof (alt_ctx));
  if (copied_key != NULL)
    memset (copied_key, '\0', key_len);
  if (copied_salt != NULL)