[OPEN-ILS-DEV] Routines for SHA1 and MD5 digests
Scott McKellar
mck9 at swbell.net
Sun Dec 27 23:47:20 EST 2009
In trunk I just committed the files osrf_digest.h and osrf_digest.c.
These files contain functions to construct SHA1 and MD5 digests, They
are designed ultimately to replace the existing functions shahash() and
md5sum().
They are not, however, drop-in replacements. Each places the result in
a buffer supplied by the calling code. For example, for SHA1:
typedef struct {
unsigned char binary[ 20 ];
char hex[ 41 ];
} osrfSHA1Buffer;
A similar struct is used for MD5.
Each routine places a binary copy of the resulting digest in the "binary"
member, and a hexadecimal representation of the same value in the "hex"
member as a nul-terminated string (with lower-case letters). This
interface design accomplishes several things, compared to other
possibilities:
1. We avoid having to dynamically allocate and free memory, as the
current md5sum() function does.
2. We avoid the pitfalls of returning a pointer to an internal buffer,
as the current shahash() function does.
3. We don't have to worry that the calling code will accidentally not
provide enough memory for the output. It's still possible, but only
through the perverse use of painfully ugly casts.
4. The calling code can use either the binary or the hex version of the
resulting digest. Currently we don't use the binary versions for
anything, but it's no extra trouble to make them available, so we might
as well do so.
For each of SHA1 and MD5 there are two functions: one works directly
from an input string, and the other works from a printf-style format
string plus a variable number of additional arguments.
I tested with several hundred randomly generated input strings. In
every case, the old and new functions return identical results.
For SHA1 I also tested performance. For 30-character input strings,
the new routine is a little faster, by maybe 10 - 15%. For input
strings 3000 characters long, the new routine is 6 - 7 times as fast.
------------
The new functions are wrappers around underlying routines from the
gnutls package, which in turn is based on the gcrypt11 package. These
will need to be added to the list of prerequisites for OSRF, with
corresponding changes to the Makefile.install script (if I understand
matters correctly).
I don't trust myself to make any changes to the Makefiles or autoconf
stuff, so someone else will have to do that part. Then I can start
changing other files so as to use the new functions. At some point
the need for the gnutls package will break your build, unless you
already have gnutls anyway. You can either run the Makefile.install
script (assuming it has been changed as needed) or apply the package by
other means.
-----------
These new functions build on the contribution of Jason Stephenson, for
which much thanks.
Scott McKellar
More information about the Open-ils-dev
mailing list