cosmopolitan/third_party/mbedtls/sha512.h

#ifndef MBEDTLS_SHA512_H_
#define MBEDTLS_SHA512_H_
#include "third_party/mbedtls/config.h"
#include "third_party/mbedtls/platform.h"
COSMOPOLITAN_C_START_

#define MBEDTLS_ERR_SHA512_HW_ACCEL_FAILED -0x0039  /*< SHA-512 hardware accelerator failed */
#define MBEDTLS_ERR_SHA512_BAD_INPUT_DATA  -0x0075  /*< SHA-512 input data was malformed. */

/**
 * \brief          The SHA-512 context structure.
 *
 *                 The structure is used both for SHA-384 and for SHA-512
 *                 checksum calculations. The choice between these two is
 *                 made in the call to mbedtls_sha512_starts_ret().
 */
typedef struct mbedtls_sha512_context
{
    uint64_t state[8];          /*!< The intermediate digest state. */
    uint64_t total[2];          /*!< The number of Bytes processed. */
    unsigned char buffer[128];  /*!< The data block being processed. */
#if !defined(MBEDTLS_SHA512_NO_SHA384)
    int is384;                  /*!< Determines which function to use:
                                     0: Use SHA-512, or 1: Use SHA-384. */
#endif
}
mbedtls_sha512_context;

void mbedtls_sha512_clone( mbedtls_sha512_context *, const mbedtls_sha512_context * );
int mbedtls_sha512_starts_ret( mbedtls_sha512_context *, int );
int mbedtls_sha512_update_ret( mbedtls_sha512_context *, const unsigned char *, size_t );
int mbedtls_sha512_finish_ret( mbedtls_sha512_context *, unsigned char[64] );
int mbedtls_internal_sha512_process( mbedtls_sha512_context *, const unsigned char[128] );
int mbedtls_sha512_ret( const void *, size_t, unsigned char[64], int );
int mbedtls_sha512_ret_384( const void *, size_t, unsigned char * );
int mbedtls_sha512_ret_512( const void *, size_t, unsigned char * );
int mbedtls_sha512_self_test( int );

/**
 * \brief          This function initializes a SHA-512 context.
 *
 * \param ctx      The SHA-512 context to initialize. This must
 *                 not be \c NULL.
 */
static inline void mbedtls_sha512_init( mbedtls_sha512_context *ctx )
{
    mbedtls_platform_zeroize( ctx, sizeof( mbedtls_sha512_context ) );
}

/**
 * \brief          This function clears a SHA-512 context.
 *
 * \param ctx      The SHA-512 context to clear. This may be \c NULL,
 *                 in which case this function does nothing. If it
 *                 is not \c NULL, it must point to an initialized
 *                 SHA-512 context.
 */
static inline void mbedtls_sha512_free( mbedtls_sha512_context *ctx )
{
    if( !ctx ) return;
    mbedtls_platform_zeroize( ctx, sizeof( mbedtls_sha512_context ) );
}

COSMOPOLITAN_C_END_
#endif /* MBEDTLS_SHA512_H_ */
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt 2021-06-24 19:31:26 +00:00			`#ifndef MBEDTLS_SHA512_H_`
			`#define MBEDTLS_SHA512_H_`
Flatten Mbed TLS directory structure 2021-06-16 03:18:59 +00:00			`#include "third_party/mbedtls/config.h"`
Add SNI support to redbean and improve SSL perf This change makes SSL virtual hosting possible. You can now load multiple certificates for multiple domains and redbean will just figure out which one to use, even if you only have 1 ip address. You can also use a jumbo certificate that lists all your domains in the the subject alternative names. This change also makes performance improvements to MbedTLS. Here are some benchmarks vs. cc1920749eb81f346badaf55fbf79620cb718a55 BEFORE AFTER (microsecs) suite_ssl.com 2512881 191738 13.11x faster suite_pkparse.com 36291 3295 11.01x faster suite_x509parse.com 854669 120293 7.10x faster suite_pkwrite.com 6549 1265 5.18x faster suite_ecdsa.com 53347 18778 2.84x faster suite_pk.com 49051 18717 2.62x faster suite_ecdh.com 19535 9502 2.06x faster suite_shax.com 15848 7965 1.99x faster suite_rsa.com 353257 184828 1.91x faster suite_x509write.com 162646 85733 1.90x faster suite_ecp.com 20503 11050 1.86x faster suite_hmac_drbg.no_reseed.com 19528 11417 1.71x faster suite_hmac_drbg.nopr.com 12460 8010 1.56x faster suite_mpi.com 687124 442661 1.55x faster suite_hmac_drbg.pr.com 11890 7752 1.53x faster There aren't any special tricks to the performance imporvements. It's mostly due to code cleanup, assembly and intel instructions like mulx, adox, and adcx. 2021-07-19 21:55:20 +00:00			`#include "third_party/mbedtls/platform.h"`
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt 2021-06-24 19:31:26 +00:00			`COSMOPOLITAN_C_START_`
Import Mbed TLS v2.26.0 2021-06-15 18:39:36 +00:00
Make it possible to compile redbean with chibicc This cuts build latency down from 5 seconds to 500 milliseconds. 2022-04-22 22:03:32 +00:00			`#define MBEDTLS_ERR_SHA512_HW_ACCEL_FAILED -0x0039 /< SHA-512 hardware accelerator failed /`
			`#define MBEDTLS_ERR_SHA512_BAD_INPUT_DATA -0x0075 /< SHA-512 input data was malformed. /`
Import Mbed TLS v2.26.0 2021-06-15 18:39:36 +00:00
			`/**`
			`* \brief The SHA-512 context structure.`
			`*`
			`* The structure is used both for SHA-384 and for SHA-512`
			`* checksum calculations. The choice between these two is`
			`* made in the call to mbedtls_sha512_starts_ret().`
			`*/`
			`typedef struct mbedtls_sha512_context`
			`{`
			`uint64_t state[8]; /!< The intermediate digest state. /`
Make sha1 / sha256 / sha512 go faster 2021-06-26 07:11:12 +00:00			`uint64_t total[2]; /!< The number of Bytes processed. /`
Import Mbed TLS v2.26.0 2021-06-15 18:39:36 +00:00			`unsigned char buffer[128]; /!< The data block being processed. /`
			`#if !defined(MBEDTLS_SHA512_NO_SHA384)`
			`int is384; /*!< Determines which function to use:`
			`0: Use SHA-512, or 1: Use SHA-384. */`
			`#endif`
			`}`
			`mbedtls_sha512_context;`

Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt 2021-06-24 19:31:26 +00:00			`void mbedtls_sha512_clone( mbedtls_sha512_context , const mbedtls_sha512_context );`
			`int mbedtls_sha512_starts_ret( mbedtls_sha512_context *, int );`
			`int mbedtls_sha512_update_ret( mbedtls_sha512_context , const unsigned char , size_t );`
			`int mbedtls_sha512_finish_ret( mbedtls_sha512_context *, unsigned char[64] );`
			`int mbedtls_internal_sha512_process( mbedtls_sha512_context *, const unsigned char[128] );`
Add more hashing apis to redbean 2021-07-05 01:36:47 +00:00			`int mbedtls_sha512_ret( const void *, size_t, unsigned char[64], int );`
Restore Referer-Policy and wrap up MbedTLS changes redbean will now set Referer-Policy to no-referrer-when-downgrade on text/html responses by default. There's better explanations on the bits of security redbean is offering. In short, it's 128+ for modern clients and 112+ for legacy. If the -B flag is used then it's 192+ for modern and 150+ for non-EC. 2021-08-04 05:42:17 +00:00			`int mbedtls_sha512_ret_384( const void , size_t, unsigned char );`
			`int mbedtls_sha512_ret_512( const void , size_t, unsigned char );`
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt 2021-06-24 19:31:26 +00:00			`int mbedtls_sha512_self_test( int );`

Add SNI support to redbean and improve SSL perf This change makes SSL virtual hosting possible. You can now load multiple certificates for multiple domains and redbean will just figure out which one to use, even if you only have 1 ip address. You can also use a jumbo certificate that lists all your domains in the the subject alternative names. This change also makes performance improvements to MbedTLS. Here are some benchmarks vs. cc1920749eb81f346badaf55fbf79620cb718a55 BEFORE AFTER (microsecs) suite_ssl.com 2512881 191738 13.11x faster suite_pkparse.com 36291 3295 11.01x faster suite_x509parse.com 854669 120293 7.10x faster suite_pkwrite.com 6549 1265 5.18x faster suite_ecdsa.com 53347 18778 2.84x faster suite_pk.com 49051 18717 2.62x faster suite_ecdh.com 19535 9502 2.06x faster suite_shax.com 15848 7965 1.99x faster suite_rsa.com 353257 184828 1.91x faster suite_x509write.com 162646 85733 1.90x faster suite_ecp.com 20503 11050 1.86x faster suite_hmac_drbg.no_reseed.com 19528 11417 1.71x faster suite_hmac_drbg.nopr.com 12460 8010 1.56x faster suite_mpi.com 687124 442661 1.55x faster suite_hmac_drbg.pr.com 11890 7752 1.53x faster There aren't any special tricks to the performance imporvements. It's mostly due to code cleanup, assembly and intel instructions like mulx, adox, and adcx. 2021-07-19 21:55:20 +00:00			`/**`
			`* \brief This function initializes a SHA-512 context.`
			`*`
			`* \param ctx The SHA-512 context to initialize. This must`
			`* not be \c NULL.`
			`*/`
			`static inline void mbedtls_sha512_init( mbedtls_sha512_context *ctx )`
			`{`
			`mbedtls_platform_zeroize( ctx, sizeof( mbedtls_sha512_context ) );`
			`}`

			`/**`
			`* \brief This function clears a SHA-512 context.`
			`*`
			`* \param ctx The SHA-512 context to clear. This may be \c NULL,`
			`* in which case this function does nothing. If it`
			`* is not \c NULL, it must point to an initialized`
			`* SHA-512 context.`
			`*/`
			`static inline void mbedtls_sha512_free( mbedtls_sha512_context *ctx )`
			`{`
			`if( !ctx ) return;`
			`mbedtls_platform_zeroize( ctx, sizeof( mbedtls_sha512_context ) );`
			`}`

Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt 2021-06-24 19:31:26 +00:00			`COSMOPOLITAN_C_END_`
			`#endif /* MBEDTLS_SHA512_H_ */`