commit 8d2e954c7b9ef33d7c66d022729aa30d16e2aa84 from: Thomas Adam date: Sat Apr 27 11:01:23 2024 UTC portable: disable SHA384/SHA512 This isn't used in got, so may as well disable from compat. From naddy@ commit - ffc3cf8e5ab3659d8d1cc6fd0cc4e7c4a596db70 commit + 8d2e954c7b9ef33d7c66d022729aa30d16e2aa84 blob - 5abfcc2083f819fbd688a2030771bbb2a9b4db69 blob + 04855bdc6526d0c7753c18ec9baf102b8f8b1ad1 --- compat/sha2.c +++ compat/sha2.c @@ -216,6 +216,7 @@ static const u_int32_t sha256_initial_hash_value[8] = 0x5be0cd19UL }; +#if 0 /* Hash constant words K for SHA-384 and SHA-512: */ static const u_int64_t K512[80] = { 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL, @@ -273,7 +274,6 @@ static const u_int64_t sha512_initial_hash_value[8] = }; #if !defined(SHA2_SMALL) -#if 0 /* Initial hash value H for SHA-224: */ static const u_int32_t sha224_initial_hash_value[8] = { 0xc1059ed8UL, @@ -285,7 +285,6 @@ static const u_int32_t sha224_initial_hash_value[8] = 0x64f98fa7UL, 0xbefa4fa4UL }; -#endif /* 0 */ /* Initial hash value H for SHA-384 */ static const u_int64_t sha384_initial_hash_value[8] = { @@ -299,7 +298,6 @@ static const u_int64_t sha384_initial_hash_value[8] = 0x47b5481dbefa4fa4ULL }; -#if 0 /* Initial hash value H for SHA-512-256 */ static const u_int64_t sha512_256_initial_hash_value[8] = { 0x22312194fc2bf72cULL, @@ -629,7 +627,7 @@ SHA256Final(u_int8_t digest[SHA256_DIGEST_LENGTH], SHA } DEF_WEAK(SHA256Final); - +#if 0 /*** SHA-512: *********************************************************/ void SHA512Init(SHA2_CTX *context) @@ -968,7 +966,7 @@ SHA384Final(u_int8_t digest[SHA384_DIGEST_LENGTH], SHA } DEF_WEAK(SHA384Final); -#if 0 + /*** SHA-512/256: *********************************************************/ void SHA512_256Init(SHA2_CTX *context) blob - ad9b0eb211a9fa66d14bb9d99de451a3821d902d blob + 66378c2e52fef5ed5a06fcebaabf90cd9f8124e7 --- compat/sha2.h +++ compat/sha2.h @@ -39,8 +39,7 @@ #ifndef _SSHSHA2_H #define _SSHSHA2_H -#if !defined(HAVE_SHA256UPDATE) || !defined(HAVE_SHA384UPDATE) || \ - !defined(HAVE_SHA512UPDATE) +#if !defined(HAVE_SHA256UPDATE) /*** SHA-256/384/512 Various Length Definitions ***********************/ #define SHA224_BLOCK_LENGTH 64 @@ -109,7 +108,7 @@ char *SHA256Data(const u_int8_t *, size_t, char *) __attribute__((__bounded__(__minbytes__,3,SHA256_DIGEST_STRING_LENGTH))); #endif /* HAVE_SHA256UPDATE */ -#ifndef HAVE_SHA384UPDATE +#if 0 void SHA384Init(SHA2_CTX *); void SHA384Transform(u_int64_t state[8], const u_int8_t [SHA384_BLOCK_LENGTH]); void SHA384Update(SHA2_CTX *, const u_int8_t *, size_t) @@ -126,9 +125,7 @@ char *SHA384FileChunk(const char *, char *, off_t, off char *SHA384Data(const u_int8_t *, size_t, char *) __attribute__((__bounded__(__string__,1,2))) __attribute__((__bounded__(__minbytes__,3,SHA384_DIGEST_STRING_LENGTH))); -#endif /* HAVE_SHA384UPDATE */ -#ifndef HAVE_SHA512UPDATE void SHA512Init(SHA2_CTX *); void SHA512Transform(u_int64_t state[8], const u_int8_t [SHA512_BLOCK_LENGTH]); void SHA512Update(SHA2_CTX *, const u_int8_t *, size_t) @@ -145,9 +142,7 @@ char *SHA512FileChunk(const char *, char *, off_t, off char *SHA512Data(const u_int8_t *, size_t, char *) __attribute__((__bounded__(__string__,1,2))) __attribute__((__bounded__(__minbytes__,3,SHA512_DIGEST_STRING_LENGTH))); -#endif /* HAVE_SHA512UPDATE */ -#if 0 void SHA512_256Init(SHA2_CTX *); void SHA512_256Transform(u_int64_t state[8], const u_int8_t [SHA512_256_BLOCK_LENGTH]); void SHA512_256Update(SHA2_CTX *, const u_int8_t *, size_t) @@ -167,6 +162,6 @@ char *SHA512_256Data(const u_int8_t *, size_t, char *) __END_DECLS #endif /* 0 */ -#endif /* HAVE_SHA{256,384,512}UPDATE */ +#endif /* HAVE_SHA256UPDATE */ #endif /* _SSHSHA2_H */ blob - f079ec5cd0b62b5e79ab37b88773b35d2222dab9 blob + 85388401d79a99a4c57efd98b3b0248899f82379 --- configure.ac +++ configure.ac @@ -414,11 +414,7 @@ AM_CONDITIONAL([HOST_DRAGONFLYBSD], [test "$PLATFORM" # this way on OpenBSD breaks inclusion. # FIXME: this needs addressing. if test "x$PLATFORM" != "xopenbsd"; then - AC_CHECK_FUNCS([ \ - SHA256Update \ - SHA384Update \ - SHA512Update \ - ]) + AC_CHECK_FUNCS([SHA256Update]) fi # Look for yacc.