On Mon, Oct 15, 2018 at 02:18:57AM +0000, brian m. carlson wrote:
> diff --git a/sha256/block/sha256.c b/sha256/block/sha256.c
> new file mode 100644
> index 0000000000..18350c161a
> --- /dev/null
> +++ b/sha256/block/sha256.c
> @@ -0,0 +1,180 @@
> +#include "git-compat-util.h"
> +#include "./sha256.h"
> +
> +#define BLKSIZE blk_SHA256_BLKSIZE
> +
> +void blk_SHA256_Init(blk_SHA256_CTX *ctx)
> +{
> + ctx->offset = 0;
> + ctx->length = 0;
> + ctx->state[0] = 0x6A09E667UL;
> + ctx->state[1] = 0xBB67AE85UL;
> + ctx->state[2] = 0x3C6EF372UL;
> + ctx->state[3] = 0xA54FF53AUL;
> + ctx->state[4] = 0x510E527FUL;
> + ctx->state[5] = 0x9B05688CUL;
> + ctx->state[6] = 0x1F83D9ABUL;
> + ctx->state[7] = 0x5BE0CD19UL;
> +}
> +
> +static inline uint32_t ror(uint32_t x, unsigned n)
> +{
> + return (x >> n) | (x << (32 - n));
> +}
> +
> +#define Ch(x,y,z) (z ^ (x & (y ^ z)))
> +#define Maj(x,y,z) (((x | y) & z) | (x & y))
> +#define S(x, n) ror((x),(n))
> +#define R(x, n) ((x)>>(n))
> +#define Sigma0(x) (S(x, 2) ^ S(x, 13) ^ S(x, 22))
> +#define Sigma1(x) (S(x, 6) ^ S(x, 11) ^ S(x, 25))
> +#define Gamma0(x) (S(x, 7) ^ S(x, 18) ^ R(x, 3))
> +#define Gamma1(x) (S(x, 17) ^ S(x, 19) ^ R(x, 10))
[...]
> +#define RND(a,b,c,d,e,f,g,h,i,ki) \
> + t0 = h + Sigma1(e) + Ch(e, f, g) + ki + W[i]; \
> + t1 = Sigma0(a) + Maj(a, b, c); \
> + d += t0; \
> + h = t0 + t1;
> +
> + RND(S[0],S[1],S[2],S[3],S[4],S[5],S[6],S[7],0,0x428a2f98);
[...]
> +#undef RND
> +
> + for (i = 0; i < 8; i++) {
> + ctx->state[i] = ctx->state[i] + S[i];
> + }
> +}
> +
> +#define MIN(x, y) ((x) < (y) ? (x) : (y))
On macOS there is a MIN macro already defined in the system headers,
resulting in the following error:
CC sha256/block/sha256.o
sha256/block/sha256.c:133:9: error: 'MIN' macro redefined
[-Werror,-Wmacro-redefined]
#define MIN(x, y) ((x) < (y) ? (x) : (y))
^
/usr/include/sys/param.h:215:9: note: previous definition is here
#define MIN(a,b) (((a)<(b))?(a):(b))
^
1 error generated.
make: *** [sha256/block/sha256.o] Error 1
A simple "#undef MIN" solves this issue. However, I wonder whether we
should #undef the other #define directives as well, just to be sure
(and perhaps overly cautious).
> +void blk_SHA256_Update(blk_SHA256_CTX *ctx, const void *data, size_t len)
> +{
> + const unsigned char *in = data;
> + size_t n;
> + ctx->length += len;
> + while (len > 0) {
> + if (!ctx->offset && len >= BLKSIZE) {
> + blk_SHA256_Transform(ctx, in);
> + in += BLKSIZE;
> + len -= BLKSIZE;
> + } else {
> + n = MIN(len, (BLKSIZE - ctx->offset));
> + memcpy(ctx->buf + ctx->offset, in, n);
> + ctx->offset += n;
> + in += n;
> + len -= n;
> + if (ctx->offset == BLKSIZE) {
> + blk_SHA256_Transform(ctx, ctx->buf);
> + ctx->offset = 0;
> + }
> + }
> + }
> +}
> +
> +void blk_SHA256_Final(unsigned char *digest, blk_SHA256_CTX *ctx)
> +{
> + const unsigned trip = BLKSIZE - sizeof(ctx->length);
> + int i;
> +
> + ctx->length <<= 3;
> + ctx->buf[ctx->offset++] = 0x80;
> +
> + if (ctx->offset > trip) {
> + memset(ctx->buf + ctx->offset, 0, BLKSIZE - ctx->offset);
> + blk_SHA256_Transform(ctx, ctx->buf);
> + ctx->offset = 0;
> + }
> +
> + memset(ctx->buf + ctx->offset, 0, BLKSIZE - ctx->offset -
> sizeof(ctx->length));
> +
> + put_be64(ctx->buf + trip, ctx->length);
Some GCC versions (e.g. gcc-4.8 with -O2 -Wall -Werror) complain about
the above line:
CC sha256/block/sha256.o
sha256/block/sha256.c: In function ‘blk_SHA256_Final’:
sha256/block/sha256.c:174:2: error: dereferencing type-punned pointer will
break strict-aliasing rules [-Werror=strict-aliasing]
put_be64(ctx->buf + trip, ctx->length);
^
cc1: all warnings being treated as errors
make: *** [sha256/block/sha256.o] Error 1
Something like this makes it compile:
void *ptr = ctx->buf + trip;
put_be64(ptr, ctx->length);
However, it's not immediately obvious to me why the compiler
complains, or why that intermediate void* variable makes any
difference, but now it's not the time to put on my language lawyer
hat.
Perhaps an old compiler bug? Clang in general, newer GCC versions, or
gcc-4.8 with -Wall -Werror but without -O2 don't seem to be affected.
> + blk_SHA256_Transform(ctx, ctx->buf);
> +
> + /* copy output */
> + for (i = 0; i < 8; i++, digest += sizeof(uint32_t))
> + put_be32(digest, ctx->state[i]);
> +}
