1/* 2 * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the OpenSSL license (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10/*- 11 * This is a generic 32 bit "collector" for message digest algorithms. 12 * Whenever needed it collects input character stream into chunks of 13 * 32 bit values and invokes a block function that performs actual hash 14 * calculations. 15 * 16 * Porting guide. 17 * 18 * Obligatory macros: 19 * 20 * DATA_ORDER_IS_BIG_ENDIAN or DATA_ORDER_IS_LITTLE_ENDIAN 21 * this macro defines byte order of input stream. 22 * HASH_CBLOCK 23 * size of a unit chunk HASH_BLOCK operates on. 24 * HASH_LONG 25 * has to be at least 32 bit wide. 26 * HASH_CTX 27 * context structure that at least contains following 28 * members: 29 * typedef struct { 30 * ... 31 * HASH_LONG Nl,Nh; 32 * either { 33 * HASH_LONG data[HASH_LBLOCK]; 34 * unsigned char data[HASH_CBLOCK]; 35 * }; 36 * unsigned int num; 37 * ... 38 * } HASH_CTX; 39 * data[] vector is expected to be zeroed upon first call to 40 * HASH_UPDATE. 41 * HASH_UPDATE 42 * name of "Update" function, implemented here. 43 * HASH_TRANSFORM 44 * name of "Transform" function, implemented here. 45 * HASH_FINAL 46 * name of "Final" function, implemented here. 47 * HASH_BLOCK_DATA_ORDER 48 * name of "block" function capable of treating *unaligned* input 49 * message in original (data) byte order, implemented externally. 50 * HASH_MAKE_STRING 51 * macro converting context variables to an ASCII hash string. 52 * 53 * MD5 example: 54 * 55 * #define DATA_ORDER_IS_LITTLE_ENDIAN 56 * 57 * #define HASH_LONG MD5_LONG 58 * #define HASH_CTX MD5_CTX 59 * #define HASH_CBLOCK MD5_CBLOCK 60 * #define HASH_UPDATE MD5_Update 61 * #define HASH_TRANSFORM MD5_Transform 62 * #define HASH_FINAL MD5_Final 63 * #define HASH_BLOCK_DATA_ORDER md5_block_data_order 64 */ 65 66#include <openssl/crypto.h> 67 68#if !defined(DATA_ORDER_IS_BIG_ENDIAN) && !defined(DATA_ORDER_IS_LITTLE_ENDIAN) 69# error "DATA_ORDER must be defined!" 70#endif 71 72#ifndef HASH_CBLOCK 73# error "HASH_CBLOCK must be defined!" 74#endif 75#ifndef HASH_LONG 76# error "HASH_LONG must be defined!" 77#endif 78#ifndef HASH_CTX 79# error "HASH_CTX must be defined!" 80#endif 81 82#ifndef HASH_UPDATE 83# error "HASH_UPDATE must be defined!" 84#endif 85#ifndef HASH_TRANSFORM 86# error "HASH_TRANSFORM must be defined!" 87#endif 88#ifndef HASH_FINAL 89# error "HASH_FINAL must be defined!" 90#endif 91 92#ifndef HASH_BLOCK_DATA_ORDER 93# error "HASH_BLOCK_DATA_ORDER must be defined!" 94#endif 95 96#define ROTATE(a,n) (((a)<<(n))|(((a)&0xffffffff)>>(32-(n)))) 97 98#if defined(DATA_ORDER_IS_BIG_ENDIAN) 99 100# define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++)))<<24), \ 101 l|=(((unsigned long)(*((c)++)))<<16), \ 102 l|=(((unsigned long)(*((c)++)))<< 8), \ 103 l|=(((unsigned long)(*((c)++))) ) ) 104# define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \ 105 *((c)++)=(unsigned char)(((l)>>16)&0xff), \ 106 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ 107 *((c)++)=(unsigned char)(((l) )&0xff), \ 108 l) 109 110#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN) 111 112# define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++))) ), \ 113 l|=(((unsigned long)(*((c)++)))<< 8), \ 114 l|=(((unsigned long)(*((c)++)))<<16), \ 115 l|=(((unsigned long)(*((c)++)))<<24) ) 116# define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ 117 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ 118 *((c)++)=(unsigned char)(((l)>>16)&0xff), \ 119 *((c)++)=(unsigned char)(((l)>>24)&0xff), \ 120 l) 121 122#endif 123 124/* 125 * Time for some action :-) 126 */ 127 128int HASH_UPDATE(HASH_CTX *c, const void *data_, size_t len) 129{ 130 const unsigned char *data = data_; 131 unsigned char *p; 132 HASH_LONG l; 133 size_t n; 134 135 if (len == 0) 136 return 1; 137 138 l = (c->Nl + (((HASH_LONG) len) << 3)) & 0xffffffffUL; 139 if (l < c->Nl) /* overflow */ 140 c->Nh++; 141 c->Nh += (HASH_LONG) (len >> 29); /* might cause compiler warning on 142 * 16-bit */ 143 c->Nl = l; 144 145 n = c->num; 146 if (n != 0) { 147 p = (unsigned char *)c->data; 148 149 if (len >= HASH_CBLOCK || len + n >= HASH_CBLOCK) { 150 memcpy(p + n, data, HASH_CBLOCK - n); 151 HASH_BLOCK_DATA_ORDER(c, p, 1); 152 n = HASH_CBLOCK - n; 153 data += n; 154 len -= n; 155 c->num = 0; 156 /* 157 * We use memset rather than OPENSSL_cleanse() here deliberately. 158 * Using OPENSSL_cleanse() here could be a performance issue. It 159 * will get properly cleansed on finalisation so this isn't a 160 * security problem. 161 */ 162 memset(p, 0, HASH_CBLOCK); /* keep it zeroed */ 163 } else { 164 memcpy(p + n, data, len); 165 c->num += (unsigned int)len; 166 return 1; 167 } 168 } 169 170 n = len / HASH_CBLOCK; 171 if (n > 0) { 172 HASH_BLOCK_DATA_ORDER(c, data, n); 173 n *= HASH_CBLOCK; 174 data += n; 175 len -= n; 176 } 177 178 if (len != 0) { 179 p = (unsigned char *)c->data; 180 c->num = (unsigned int)len; 181 memcpy(p, data, len); 182 } 183 return 1; 184} 185 186void HASH_TRANSFORM(HASH_CTX *c, const unsigned char *data) 187{ 188 HASH_BLOCK_DATA_ORDER(c, data, 1); 189} 190 191int HASH_FINAL(unsigned char *md, HASH_CTX *c) 192{ 193 unsigned char *p = (unsigned char *)c->data; 194 size_t n = c->num; 195 196 p[n] = 0x80; /* there is always room for one */ 197 n++; 198 199 if (n > (HASH_CBLOCK - 8)) { 200 memset(p + n, 0, HASH_CBLOCK - n); 201 n = 0; 202 HASH_BLOCK_DATA_ORDER(c, p, 1); 203 } 204 memset(p + n, 0, HASH_CBLOCK - 8 - n); 205 206 p += HASH_CBLOCK - 8; 207#if defined(DATA_ORDER_IS_BIG_ENDIAN) 208 (void)HOST_l2c(c->Nh, p); 209 (void)HOST_l2c(c->Nl, p); 210#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN) 211 (void)HOST_l2c(c->Nl, p); 212 (void)HOST_l2c(c->Nh, p); 213#endif 214 p -= HASH_CBLOCK; 215 HASH_BLOCK_DATA_ORDER(c, p, 1); 216 c->num = 0; 217 OPENSSL_cleanse(p, HASH_CBLOCK); 218 219#ifndef HASH_MAKE_STRING 220# error "HASH_MAKE_STRING must be defined!" 221#else 222 HASH_MAKE_STRING(c, md); 223#endif 224 225 return 1; 226} 227 228#ifndef MD32_REG_T 229# if defined(__alpha) || defined(__sparcv9) || defined(__mips) 230# define MD32_REG_T long 231/* 232 * This comment was originally written for MD5, which is why it 233 * discusses A-D. But it basically applies to all 32-bit digests, 234 * which is why it was moved to common header file. 235 * 236 * In case you wonder why A-D are declared as long and not 237 * as MD5_LONG. Doing so results in slight performance 238 * boost on LP64 architectures. The catch is we don't 239 * really care if 32 MSBs of a 64-bit register get polluted 240 * with eventual overflows as we *save* only 32 LSBs in 241 * *either* case. Now declaring 'em long excuses the compiler 242 * from keeping 32 MSBs zeroed resulting in 13% performance 243 * improvement under SPARC Solaris7/64 and 5% under AlphaLinux. 244 * Well, to be honest it should say that this *prevents* 245 * performance degradation. 246 */ 247# else 248/* 249 * Above is not absolute and there are LP64 compilers that 250 * generate better code if MD32_REG_T is defined int. The above 251 * pre-processor condition reflects the circumstances under which 252 * the conclusion was made and is subject to further extension. 253 */ 254# define MD32_REG_T int 255# endif 256#endif 257