2 * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 * This is a generic 32 bit "collector" for message digest algorithms.
12 * Whenever needed it collects input character stream into chunks of
13 * 32 bit values and invokes a block function that performs actual hash
20 * DATA_ORDER_IS_BIG_ENDIAN or DATA_ORDER_IS_LITTLE_ENDIAN
21 * this macro defines byte order of input stream.
23 * size of a unit chunk HASH_BLOCK operates on.
25 * has to be at least 32 bit wide.
27 * context structure that at least contains following
33 * HASH_LONG data[HASH_LBLOCK];
34 * unsigned char data[HASH_CBLOCK];
39 * data[] vector is expected to be zeroed upon first call to
42 * name of "Update" function, implemented here.
44 * name of "Transform" function, implemented here.
46 * name of "Final" function, implemented here.
47 * HASH_BLOCK_DATA_ORDER
48 * name of "block" function capable of treating *unaligned* input
49 * message in original (data) byte order, implemented externally.
51 * macro converting context variables to an ASCII hash string.
55 * #define DATA_ORDER_IS_LITTLE_ENDIAN
57 * #define HASH_LONG MD5_LONG
58 * #define HASH_CTX MD5_CTX
59 * #define HASH_CBLOCK MD5_CBLOCK
60 * #define HASH_UPDATE MD5_Update
61 * #define HASH_TRANSFORM MD5_Transform
62 * #define HASH_FINAL MD5_Final
63 * #define HASH_BLOCK_DATA_ORDER md5_block_data_order
66 #include <openssl/crypto.h>
68 #if !defined(DATA_ORDER_IS_BIG_ENDIAN) && !defined(DATA_ORDER_IS_LITTLE_ENDIAN)
69 # error "DATA_ORDER must be defined!"
73 # error "HASH_CBLOCK must be defined!"
76 # error "HASH_LONG must be defined!"
79 # error "HASH_CTX must be defined!"
83 # error "HASH_UPDATE must be defined!"
85 #ifndef HASH_TRANSFORM
86 # error "HASH_TRANSFORM must be defined!"
89 # error "HASH_FINAL must be defined!"
92 #ifndef HASH_BLOCK_DATA_ORDER
93 # error "HASH_BLOCK_DATA_ORDER must be defined!"
96 #define ROTATE(a,n) (((a)<<(n))|(((a)&0xffffffff)>>(32-(n))))
98 #if defined(DATA_ORDER_IS_BIG_ENDIAN)
100 # define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++)))<<24), \
101 l|=(((unsigned long)(*((c)++)))<<16), \
102 l|=(((unsigned long)(*((c)++)))<< 8), \
103 l|=(((unsigned long)(*((c)++))) ) )
104 # define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \
105 *((c)++)=(unsigned char)(((l)>>16)&0xff), \
106 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
107 *((c)++)=(unsigned char)(((l) )&0xff), \
110 #elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
112 # define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++))) ), \
113 l|=(((unsigned long)(*((c)++)))<< 8), \
114 l|=(((unsigned long)(*((c)++)))<<16), \
115 l|=(((unsigned long)(*((c)++)))<<24) )
116 # define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \
117 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
118 *((c)++)=(unsigned char)(((l)>>16)&0xff), \
119 *((c)++)=(unsigned char)(((l)>>24)&0xff), \
125 * Time for some action :-)
128 int HASH_UPDATE(HASH_CTX *c, const void *data_, size_t len)
130 const unsigned char *data = data_;
138 l = (c->Nl + (((HASH_LONG) len) << 3)) & 0xffffffffUL;
139 if (l < c->Nl) /* overflow */
141 c->Nh += (HASH_LONG) (len >> 29); /* might cause compiler warning on
147 p = (unsigned char *)c->data;
149 if (len >= HASH_CBLOCK || len + n >= HASH_CBLOCK) {
150 memcpy(p + n, data, HASH_CBLOCK - n);
151 HASH_BLOCK_DATA_ORDER(c, p, 1);
157 * We use memset rather than OPENSSL_cleanse() here deliberately.
158 * Using OPENSSL_cleanse() here could be a performance issue. It
159 * will get properly cleansed on finalisation so this isn't a
162 memset(p, 0, HASH_CBLOCK); /* keep it zeroed */
164 memcpy(p + n, data, len);
165 c->num += (unsigned int)len;
170 n = len / HASH_CBLOCK;
172 HASH_BLOCK_DATA_ORDER(c, data, n);
179 p = (unsigned char *)c->data;
180 c->num = (unsigned int)len;
181 memcpy(p, data, len);
186 void HASH_TRANSFORM(HASH_CTX *c, const unsigned char *data)
188 HASH_BLOCK_DATA_ORDER(c, data, 1);
191 int HASH_FINAL(unsigned char *md, HASH_CTX *c)
193 unsigned char *p = (unsigned char *)c->data;
196 p[n] = 0x80; /* there is always room for one */
199 if (n > (HASH_CBLOCK - 8)) {
200 memset(p + n, 0, HASH_CBLOCK - n);
202 HASH_BLOCK_DATA_ORDER(c, p, 1);
204 memset(p + n, 0, HASH_CBLOCK - 8 - n);
206 p += HASH_CBLOCK - 8;
207 #if defined(DATA_ORDER_IS_BIG_ENDIAN)
208 (void)HOST_l2c(c->Nh, p);
209 (void)HOST_l2c(c->Nl, p);
210 #elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
211 (void)HOST_l2c(c->Nl, p);
212 (void)HOST_l2c(c->Nh, p);
215 HASH_BLOCK_DATA_ORDER(c, p, 1);
217 OPENSSL_cleanse(p, HASH_CBLOCK);
219 #ifndef HASH_MAKE_STRING
220 # error "HASH_MAKE_STRING must be defined!"
222 HASH_MAKE_STRING(c, md);
229 # if defined(__alpha) || defined(__sparcv9) || defined(__mips)
230 # define MD32_REG_T long
232 * This comment was originally written for MD5, which is why it
233 * discusses A-D. But it basically applies to all 32-bit digests,
234 * which is why it was moved to common header file.
236 * In case you wonder why A-D are declared as long and not
237 * as MD5_LONG. Doing so results in slight performance
238 * boost on LP64 architectures. The catch is we don't
239 * really care if 32 MSBs of a 64-bit register get polluted
240 * with eventual overflows as we *save* only 32 LSBs in
241 * *either* case. Now declaring 'em long excuses the compiler
242 * from keeping 32 MSBs zeroed resulting in 13% performance
243 * improvement under SPARC Solaris7/64 and 5% under AlphaLinux.
244 * Well, to be honest it should say that this *prevents*
245 * performance degradation.
249 * Above is not absolute and there are LP64 compilers that
250 * generate better code if MD32_REG_T is defined int. The above
251 * pre-processor condition reflects the circumstances under which
252 * the conclusion was made and is subject to further extension.
254 # define MD32_REG_T int