1
/* crypto/md32_common.h */
2
/* ====================================================================
3
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
5
* Redistribution and use in source and binary forms, with or without
6
* modification, are permitted provided that the following conditions
9
* 1. Redistributions of source code must retain the above copyright
10
* notice, this list of conditions and the following disclaimer.
12
* 2. Redistributions in binary form must reproduce the above copyright
13
* notice, this list of conditions and the following disclaimer in
14
* the documentation and/or other materials provided with the
17
* 3. All advertising materials mentioning features or use of this
18
* software must display the following acknowledgment:
19
* "This product includes software developed by the OpenSSL Project
20
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
22
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23
* endorse or promote products derived from this software without
24
* prior written permission. For written permission, please contact
25
* licensing@OpenSSL.org.
27
* 5. Products derived from this software may not be called "OpenSSL"
28
* nor may "OpenSSL" appear in their names without prior written
29
* permission of the OpenSSL Project.
31
* 6. Redistributions of any form whatsoever must retain the following
33
* "This product includes software developed by the OpenSSL Project
34
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
36
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47
* OF THE POSSIBILITY OF SUCH DAMAGE.
48
* ====================================================================
50
* This product includes cryptographic software written by Eric Young
51
* (eay@cryptsoft.com). This product includes software written by Tim
52
* Hudson (tjh@cryptsoft.com).
57
* This is a generic 32 bit "collector" for message digest algorithms.
58
* Whenever needed it collects input character stream into chunks of
59
* 32 bit values and invokes a block function that performs actual hash
66
* DATA_ORDER_IS_BIG_ENDIAN or DATA_ORDER_IS_LITTLE_ENDIAN
67
* this macro defines byte order of input stream.
69
* size of a unit chunk HASH_BLOCK operates on.
71
* has to be at lest 32 bit wide, if it's wider, then
72
* HASH_LONG_LOG2 *has to* be defined along
74
* context structure that at least contains following
79
* HASH_LONG data[HASH_LBLOCK];
84
* name of "Update" function, implemented here.
86
* name of "Transform" function, implemented here.
88
* name of "Final" function, implemented here.
89
* HASH_BLOCK_HOST_ORDER
90
* name of "block" function treating *aligned* input message
91
* in host byte order, implemented externally.
92
* HASH_BLOCK_DATA_ORDER
93
* name of "block" function treating *unaligned* input message
94
* in original (data) byte order, implemented externally (it
95
* actually is optional if data and host are of the same
98
* macro convering context variables to an ASCII hash string.
102
* B_ENDIAN or L_ENDIAN
103
* defines host byte-order.
105
* defaults to 2 if not states otherwise.
107
* assumed to be HASH_CBLOCK/4 if not stated otherwise.
108
* HASH_BLOCK_DATA_ORDER_ALIGNED
109
* alternative "block" function capable of treating
110
* aligned input message in original (data) order,
111
* implemented externally.
115
* #define DATA_ORDER_IS_LITTLE_ENDIAN
117
* #define HASH_LONG MD5_LONG
118
* #define HASH_LONG_LOG2 MD5_LONG_LOG2
119
* #define HASH_CTX MD5_CTX
120
* #define HASH_CBLOCK MD5_CBLOCK
121
* #define HASH_LBLOCK MD5_LBLOCK
122
* #define HASH_UPDATE MD5_Update
123
* #define HASH_TRANSFORM MD5_Transform
124
* #define HASH_FINAL MD5_Final
125
* #define HASH_BLOCK_HOST_ORDER md5_block_host_order
126
* #define HASH_BLOCK_DATA_ORDER md5_block_data_order
128
* <appro@fy.chalmers.se>
131
#if !defined(DATA_ORDER_IS_BIG_ENDIAN) && !defined(DATA_ORDER_IS_LITTLE_ENDIAN)
132
#error "DATA_ORDER must be defined!"
136
#error "HASH_CBLOCK must be defined!"
139
#error "HASH_LONG must be defined!"
142
#error "HASH_CTX must be defined!"
146
#error "HASH_UPDATE must be defined!"
148
#ifndef HASH_TRANSFORM
149
#error "HASH_TRANSFORM must be defined!"
152
#error "HASH_FINAL must be defined!"
155
#ifndef HASH_BLOCK_HOST_ORDER
156
#error "HASH_BLOCK_HOST_ORDER must be defined!"
161
* Moved below as it's required only if HASH_BLOCK_DATA_ORDER_ALIGNED
164
#ifndef HASH_BLOCK_DATA_ORDER
165
#error "HASH_BLOCK_DATA_ORDER must be defined!"
170
#define HASH_LBLOCK (HASH_CBLOCK/4)
173
#ifndef HASH_LONG_LOG2
174
#define HASH_LONG_LOG2 2
178
* Engage compiler specific rotate intrinsic function if available.
182
# if defined(_MSC_VER)
183
# define ROTATE(a,n) _lrotl(a,n)
184
# elif defined(__MWERKS__)
185
# if defined(__POWERPC__)
186
# define ROTATE(a,n) __rlwinm(a,n,0,31)
187
# elif defined(__MC68K__)
188
/* Motorola specific tweak. <appro@fy.chalmers.se> */
189
# define ROTATE(a,n) ( n<24 ? __rol(a,n) : __ror(a,32-n) )
191
# define ROTATE(a,n) __rol(a,n)
193
# elif defined(__GNUC__) && __GNUC__>=2 && !defined(NO_ASM) && !defined(NO_INLINE_ASM)
195
* Some GNU C inline assembler templates. Note that these are
196
* rotates by *constant* number of bits! But that's exactly
197
* what we need here...
199
* <appro@fy.chalmers.se>
202
# define ROTATE(a,n) ({ register unsigned int ret; \
210
# elif defined(__powerpc) || defined(__ppc)
211
# define ROTATE(a,n) ({ register unsigned int ret; \
213
"rlwinm %0,%1,%2,0,31" \
222
* Engage compiler specific "fetch in reverse byte order"
223
* intrinsic function if available.
225
# if defined(__GNUC__) && __GNUC__>=2 && !defined(NO_ASM) && !defined(NO_INLINE_ASM)
226
/* some GNU C inline assembler templates by <appro@fy.chalmers.se> */
227
# if defined(__i386) && !defined(I386_ONLY)
228
# define BE_FETCH32(a) ({ register unsigned int l=(a);\
231
: "=r"(l) : "0"(l)); \
234
# elif defined(__powerpc)
235
# define LE_FETCH32(a) ({ register unsigned int l; \
243
# elif defined(__sparc) && defined(ULTRASPARC)
244
# define LE_FETCH32(a) ({ register unsigned int l; \
246
"lda [%1]#ASI_PRIMARY_LITTLE,%0"\
253
#endif /* PEDANTIC */
255
#if HASH_LONG_LOG2==2 /* Engage only if sizeof(HASH_LONG)== 4 */
256
/* A nice byte order reversal from Wei Dai <weidai@eskimo.com> */
258
/* 5 instructions with rotate instruction, else 9 */
259
#define REVERSE_FETCH32(a,l) ( \
260
l=*(const HASH_LONG *)(a), \
261
((ROTATE(l,8)&0x00FF00FF)|(ROTATE((l&0x00FF00FF),24))) \
264
/* 6 instructions with rotate instruction, else 8 */
265
#define REVERSE_FETCH32(a,l) ( \
266
l=*(const HASH_LONG *)(a), \
267
l=(((l>>8)&0x00FF00FF)|((l&0x00FF00FF)<<8)), \
271
* Originally the middle line started with l=(((l&0xFF00FF00)>>8)|...
272
* It's rewritten as above for two reasons:
273
* - RISCs aren't good at long constants and have to explicitely
274
* compose 'em with several (well, usually 2) instructions in a
275
* register before performing the actual operation and (as you
276
* already realized:-) having same constant should inspire the
277
* compiler to permanently allocate the only register for it;
278
* - most modern CPUs have two ALUs, but usually only one has
279
* circuitry for shifts:-( this minor tweak inspires compiler
280
* to schedule shift instructions in a better way...
282
* <appro@fy.chalmers.se>
288
#define ROTATE(a,n) (((a)<<(n))|(((a)&0xffffffff)>>(32-(n))))
292
* Make some obvious choices. E.g., HASH_BLOCK_DATA_ORDER_ALIGNED
293
* and HASH_BLOCK_HOST_ORDER ought to be the same if input data
294
* and host are of the same "endianess". It's possible to mask
295
* this with blank #define HASH_BLOCK_DATA_ORDER though...
297
* <appro@fy.chalmers.se>
299
#if defined(B_ENDIAN)
300
# if defined(DATA_ORDER_IS_BIG_ENDIAN)
301
# if !defined(HASH_BLOCK_DATA_ORDER_ALIGNED) && HASH_LONG_LOG2==2
302
# define HASH_BLOCK_DATA_ORDER_ALIGNED HASH_BLOCK_HOST_ORDER
304
# elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
305
# ifndef HOST_FETCH32
307
# define HOST_FETCH32(p,l) LE_FETCH32(p)
308
# elif defined(REVERSE_FETCH32)
309
# define HOST_FETCH32(p,l) REVERSE_FETCH32(p,l)
313
#elif defined(L_ENDIAN)
314
# if defined(DATA_ORDER_IS_LITTLE_ENDIAN)
315
# if !defined(HASH_BLOCK_DATA_ORDER_ALIGNED) && HASH_LONG_LOG2==2
316
# define HASH_BLOCK_DATA_ORDER_ALIGNED HASH_BLOCK_HOST_ORDER
318
# elif defined(DATA_ORDER_IS_BIG_ENDIAN)
319
# ifndef HOST_FETCH32
321
# define HOST_FETCH32(p,l) BE_FETCH32(p)
322
# elif defined(REVERSE_FETCH32)
323
# define HOST_FETCH32(p,l) REVERSE_FETCH32(p,l)
329
#if !defined(HASH_BLOCK_DATA_ORDER_ALIGNED)
330
#ifndef HASH_BLOCK_DATA_ORDER
331
#error "HASH_BLOCK_DATA_ORDER must be defined!"
335
#if defined(DATA_ORDER_IS_BIG_ENDIAN)
337
#define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++)))<<24), \
338
l|=(((unsigned long)(*((c)++)))<<16), \
339
l|=(((unsigned long)(*((c)++)))<< 8), \
340
l|=(((unsigned long)(*((c)++))) ), \
342
#define HOST_p_c2l(c,l,n) { \
344
case 0: l =((unsigned long)(*((c)++)))<<24; \
345
case 1: l|=((unsigned long)(*((c)++)))<<16; \
346
case 2: l|=((unsigned long)(*((c)++)))<< 8; \
347
case 3: l|=((unsigned long)(*((c)++))); \
349
#define HOST_p_c2l_p(c,l,sc,len) { \
351
case 0: l =((unsigned long)(*((c)++)))<<24; \
352
if (--len == 0) break; \
353
case 1: l|=((unsigned long)(*((c)++)))<<16; \
354
if (--len == 0) break; \
355
case 2: l|=((unsigned long)(*((c)++)))<< 8; \
357
/* NOTE the pointer is not incremented at the end of this */
358
#define HOST_c2l_p(c,l,n) { \
361
case 3: l =((unsigned long)(*(--(c))))<< 8; \
362
case 2: l|=((unsigned long)(*(--(c))))<<16; \
363
case 1: l|=((unsigned long)(*(--(c))))<<24; \
365
#define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \
366
*((c)++)=(unsigned char)(((l)>>16)&0xff), \
367
*((c)++)=(unsigned char)(((l)>> 8)&0xff), \
368
*((c)++)=(unsigned char)(((l) )&0xff), \
371
#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
373
#define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++))) ), \
374
l|=(((unsigned long)(*((c)++)))<< 8), \
375
l|=(((unsigned long)(*((c)++)))<<16), \
376
l|=(((unsigned long)(*((c)++)))<<24), \
378
#define HOST_p_c2l(c,l,n) { \
380
case 0: l =((unsigned long)(*((c)++))); \
381
case 1: l|=((unsigned long)(*((c)++)))<< 8; \
382
case 2: l|=((unsigned long)(*((c)++)))<<16; \
383
case 3: l|=((unsigned long)(*((c)++)))<<24; \
385
#define HOST_p_c2l_p(c,l,sc,len) { \
387
case 0: l =((unsigned long)(*((c)++))); \
388
if (--len == 0) break; \
389
case 1: l|=((unsigned long)(*((c)++)))<< 8; \
390
if (--len == 0) break; \
391
case 2: l|=((unsigned long)(*((c)++)))<<16; \
393
/* NOTE the pointer is not incremented at the end of this */
394
#define HOST_c2l_p(c,l,n) { \
397
case 3: l =((unsigned long)(*(--(c))))<<16; \
398
case 2: l|=((unsigned long)(*(--(c))))<< 8; \
399
case 1: l|=((unsigned long)(*(--(c)))); \
401
#define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \
402
*((c)++)=(unsigned char)(((l)>> 8)&0xff), \
403
*((c)++)=(unsigned char)(((l)>>16)&0xff), \
404
*((c)++)=(unsigned char)(((l)>>24)&0xff), \
410
* Time for some action:-)
413
void HASH_UPDATE (HASH_CTX *c, const void *data_, unsigned long len)
415
const unsigned char *data=data_;
416
register HASH_LONG * p;
417
register unsigned long l;
422
l=(c->Nl+(len<<3))&0xffffffffL;
423
/* 95-05-24 eay Fixed a bug with the overflow handling, thanks to
424
* Wei Dai <weidai@eskimo.com> for pointing it out. */
425
if (l < c->Nl) /* overflow */
436
if ((c->num+len) >= HASH_CBLOCK)
438
l=p[sw]; HOST_p_c2l(data,l,sc); p[sw++]=l;
439
for (; sw<HASH_LBLOCK; sw++)
441
HOST_c2l(data,l); p[sw]=l;
443
HASH_BLOCK_HOST_ORDER (c,p,1);
444
len-=(HASH_CBLOCK-c->num);
446
/* drop through and do the rest */
451
if ((sc+len) < 4) /* ugly, add char's to a word */
453
l=p[sw]; HOST_p_c2l_p(data,l,sc,len); p[sw]=l;
459
l=p[sw]; HOST_p_c2l(data,l,sc); p[sw++]=l;
460
for (; sw < ew; sw++)
462
HOST_c2l(data,l); p[sw]=l;
466
HOST_c2l_p(data,l,ec); p[sw]=l;
476
#if defined(HASH_BLOCK_DATA_ORDER_ALIGNED)
478
* Note that HASH_BLOCK_DATA_ORDER_ALIGNED gets defined
479
* only if sizeof(HASH_LONG)==4.
481
if ((((unsigned long)data)%4) == 0)
483
/* data is properly aligned so that we can cast it: */
484
HASH_BLOCK_DATA_ORDER_ALIGNED (c,(HASH_LONG *)data,sw);
490
#if !defined(HASH_BLOCK_DATA_ORDER)
493
memcpy (p=c->data,data,HASH_CBLOCK);
494
HASH_BLOCK_DATA_ORDER_ALIGNED(c,p,1);
500
#if defined(HASH_BLOCK_DATA_ORDER)
502
HASH_BLOCK_DATA_ORDER(c,data,sw);
514
ew=len>>2; /* words to copy */
518
HOST_c2l(data,l); *p=l;
520
HOST_c2l_p(data,l,ec);
526
void HASH_TRANSFORM (HASH_CTX *c, const unsigned char *data)
528
#if defined(HASH_BLOCK_DATA_ORDER_ALIGNED)
529
if ((((unsigned long)data)%4) == 0)
530
/* data is properly aligned so that we can cast it: */
531
HASH_BLOCK_DATA_ORDER_ALIGNED (c,(HASH_LONG *)data,1);
533
#if !defined(HASH_BLOCK_DATA_ORDER)
535
memcpy (c->data,data,HASH_CBLOCK);
536
HASH_BLOCK_DATA_ORDER_ALIGNED (c,c->data,1);
540
#if defined(HASH_BLOCK_DATA_ORDER)
541
HASH_BLOCK_DATA_ORDER (c,data,1);
546
void HASH_FINAL (unsigned char *md, HASH_CTX *c)
548
register HASH_LONG *p;
549
register unsigned long l;
551
static const unsigned char end[4]={0x80,0x00,0x00,0x00};
552
const unsigned char *cp=end;
554
/* c->num should definitly have room for at least one more byte. */
560
/* purify often complains about the following line as an
561
* Uninitialized Memory Read. While this can be true, the
562
* following p_c2l macro will reset l when that case is true.
563
* This is because j&0x03 contains the number of 'valid' bytes
564
* already in p[i]. If and only if j&0x03 == 0, the UMR will
565
* occur but this is also the only time p_c2l will do
566
* l= *(cp++) instead of l|= *(cp++)
567
* Many thanks to Alex Tang <altitude@cic.net> for pickup this
570
if (j==0) p[i]=0; /* Yeah, but that's not the way to fix it:-) */
574
l = (j==0) ? 0 : p[i];
576
HOST_p_c2l(cp,l,j); p[i++]=l; /* i is the next 'undefined word' */
578
if (i>(HASH_LBLOCK-2)) /* save room for Nl and Nh */
580
if (i<HASH_LBLOCK) p[i]=0;
581
HASH_BLOCK_HOST_ORDER (c,p,1);
584
for (; i<(HASH_LBLOCK-2); i++)
587
#if defined(DATA_ORDER_IS_BIG_ENDIAN)
588
p[HASH_LBLOCK-2]=c->Nh;
589
p[HASH_LBLOCK-1]=c->Nl;
590
#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
591
p[HASH_LBLOCK-2]=c->Nl;
592
p[HASH_LBLOCK-1]=c->Nh;
594
HASH_BLOCK_HOST_ORDER (c,p,1);
596
#ifndef HASH_MAKE_STRING
597
#error "HASH_MAKE_STRING must be defined!"
599
HASH_MAKE_STRING(c,md);
603
/* clear stuff, HASH_BLOCK may be leaving some stuff on the stack
604
* but I'm not worried :-)
605
memset((void *)c,0,sizeof(HASH_CTX));