From: Andy Polyakov Date: Thu, 26 May 2005 21:29:10 +0000 (+0000) Subject: Rename fips/sha1 to fips/sha. X-Git-Tag: FIPS_TEST_9~42 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=e609c04994957410dce1bf34bab1543cce70d81d;p=oweals%2Fopenssl.git Rename fips/sha1 to fips/sha. --- diff --git a/Makefile.org b/Makefile.org index 09a7b53db4..676e0aa23b 100644 --- a/Makefile.org +++ b/Makefile.org @@ -187,7 +187,7 @@ SDIRS= objects \ buffer bio stack lhash rand err \ evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 -FDIRS= sha1 rand des aes dsa rsa dh hmac +FDIRS= sha rand des aes dsa rsa dh hmac # tests to perform. "alltests" is a special word indicating that all tests # should be performed. @@ -230,7 +230,7 @@ sigs: $(SIGS) libcrypto.a.sha1: libcrypto.a @if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \ $(RANLIB) libcrypto.a; \ - fips/sha1/fips_standalone_sha1 libcrypto.a > libcrypto.a.sha1; \ + fips/sha/fips_standalone_sha1 libcrypto.a > libcrypto.a.sha1; \ fi sub_all: diff --git a/fips/Makefile b/fips/Makefile index d1d4561e01..67254f24fc 100644 --- a/fips/Makefile +++ b/fips/Makefile @@ -25,7 +25,7 @@ CFLAGS= $(INCLUDE) $(CFLAG) LIBS= -FDIRS=sha1 rand des aes dsa rsa dh hmac +FDIRS=sha rand des aes dsa rsa dh hmac GENERAL=Makefile README fips-lib.com install.com @@ -115,7 +115,7 @@ fips_test_suite: fips_test_suite.o $(TOP)/libcrypto.a fips_test: top top_fips_test_suite cd testvectors && perl -p -i -e 's/COUNT=/COUNT = /' des[23]/req/*.req - @for i in dsa sha1 aes des hmac rand rsa; \ + @for i in dsa sha aes des hmac rand rsa; \ do \ (cd $$i && echo "making fips_test in fips/$$i..." && $(MAKE) fips_test) \ done; diff --git a/fips/fipshashes.c b/fips/fipshashes.c index 4b087f7f4e..e97575e22b 100644 --- a/fips/fipshashes.c +++ b/fips/fipshashes.c @@ -24,15 +24,15 @@ const char * const FIPS_source_hashes[] = { "HMAC-SHA1(rsa/fips_rsa_eay.c)= 2596773a7af8f037427217b79f56858296961d66", "HMAC-SHA1(rsa/fips_rsa_gen.c)= af83b857d2be13d59e7f1516e6b1a25edd6369c3", "HMAC-SHA1(rsa/fips_rsa_selftest.c)= a9dc47bd1001f795d1565111d26433c300101e06", -"HMAC-SHA1(sha1/fips_sha1dgst.c)= 26e529d630b5e754b4a29bd1bb697e991e7fdc04", -"HMAC-SHA1(sha1/fips_standalone_sha1.c)= faae95bc36cc80f5be6a0cde02ebab0f63d4fd97", -"HMAC-SHA1(sha1/fips_sha1_selftest.c)= a08f9c1e2c0f63b9aa96b927c0333a03b020749f", -"HMAC-SHA1(sha1/asm/fips-sx86-elf.s)= ae66fb23ab8e1a2287e87a0a2dd30a4b9039fe63", -"HMAC-SHA1(sha1/fips_sha_locl.h)= 30b6d6bdbdc9db0d66dc89010c1f4fe1c7b60574", -"HMAC-SHA1(sha1/fips_md32_common.h)= c34d8b7785d3194ff968cf6d3efdd2bfcaec1fad", -"HMAC-SHA1(sha1/fips_sha.h)= cbe98c211cff1684adfa3fe6e6225e92a0a25f6c", -"HMAC-SHA1(sha1/fips_sha256.c)= 826e768677e67b7c87dfc9e084245b619804d01c", -"HMAC-SHA1(sha1/fips_sha512.c)= 27e16912ff196982425c00fe266fa84ef4f48fcd", +"HMAC-SHA1(sha/fips_sha1dgst.c)= 26e529d630b5e754b4a29bd1bb697e991e7fdc04", +"HMAC-SHA1(sha/fips_standalone_sha1.c)= faae95bc36cc80f5be6a0cde02ebab0f63d4fd97", +"HMAC-SHA1(sha/fips_sha1_selftest.c)= a08f9c1e2c0f63b9aa96b927c0333a03b020749f", +"HMAC-SHA1(sha/asm/fips-sx86-elf.s)= ae66fb23ab8e1a2287e87a0a2dd30a4b9039fe63", +"HMAC-SHA1(sha/fips_sha_locl.h)= 30b6d6bdbdc9db0d66dc89010c1f4fe1c7b60574", +"HMAC-SHA1(sha/fips_md32_common.h)= c34d8b7785d3194ff968cf6d3efdd2bfcaec1fad", +"HMAC-SHA1(sha/fips_sha.h)= cbe98c211cff1684adfa3fe6e6225e92a0a25f6c", +"HMAC-SHA1(sha/fips_sha256.c)= 826e768677e67b7c87dfc9e084245b619804d01c", +"HMAC-SHA1(sha/fips_sha512.c)= 27e16912ff196982425c00fe266fa84ef4f48fcd", "HMAC-SHA1(hmac/fips_hmac.c)= a477cec1da76c0092979c4a875b6469339bff7ef", "HMAC-SHA1(hmac/fips_hmac_selftest.c)= ebb32b205babf4300017de767fd6e3f1879765c9", }; diff --git a/fips/sha/.cvsignore b/fips/sha/.cvsignore new file mode 100644 index 0000000000..78ace06571 --- /dev/null +++ b/fips/sha/.cvsignore @@ -0,0 +1,5 @@ +fips_standalone_sha1 +lib +Makefile.save +*.flc +semantic.cache diff --git a/fips/sha/Makefile b/fips/sha/Makefile new file mode 100644 index 0000000000..ad852b7c1c --- /dev/null +++ b/fips/sha/Makefile @@ -0,0 +1,173 @@ +# +# SSLeay/fips/sha1/Makefile +# + +DIR= sha +TOP= ../.. +CC= cc +INCLUDES= +CFLAG=-g +INSTALL_PREFIX= +OPENSSLDIR= /usr/local/ssl +INSTALLTOP=/usr/local/ssl +MAKEDEPPROG= makedepend +MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) +MAKEFILE= Makefile +AR= ar r +EXE_EXT= + +CFLAGS= $(INCLUDES) $(CFLAG) + +GENERAL=Makefile +TEST= fips_sha1test.c +TESTDATA= sha1vectors.txt sha1hashes.txt +APPS= +EXE= fips_standalone_sha1$(EXE_EXT) + +LIB=$(TOP)/libcrypto.a +LIBSRC=fips_sha1dgst.c fips_sha1_selftest.c asm/fips-sx86-elf.s \ + fips_sha256.c fips_sha512.c +LIBOBJ=fips_sha1dgst.o fips_sha1_selftest.o $(FIPS_SHA1_ASM_OBJ) \ + fips_sha256.o fips_sha512.o + +SRC= $(LIBSRC) fips_standalone_sha1.c + +EXHEADER=fips_sha.h +HEADER= $(EXHEADER) fips_sha_locl.h fips_md32_common.h + +ALL= $(GENERAL) $(SRC) $(HEADER) + +top: + (cd $(TOP); $(MAKE) DIRS=fips SDIRS=$(DIR) sub_all) + +all: fips_standalone_sha1$(EXE_EXT) lib + +lib: $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) + $(RANLIB) $(LIB) || echo Never mind. + @sleep 2; touch lib + +fips_standalone_sha1$(EXE_EXT): fips_standalone_sha1.o fips_sha1dgst.o $(FIPS_SHA1_ASM_OBJ) + $(CC) -o fips_standalone_sha1$(EXE_EXT) $(CFLAGS) \ + fips_standalone_sha1.o fips_sha1dgst.o $(FIPS_SHA1_ASM_OBJ) + +files: + $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO + +links: + @$(PERL) $(TOP)/util/mklink.pl $(TOP)/include/openssl $(EXHEADER) + @$(PERL) $(TOP)/util/mklink.pl $(TOP)/test $(TEST) + cp $(TESTDATA) $(TOP)/test + @$(PERL) $(TOP)/util/mklink.pl $(TOP)/apps $(APPS) + +install: + @headerlist="$(EXHEADER)"; for i in $$headerlist; \ + do \ + (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done + +tags: + ctags $(SRC) + +tests: + +top_fips_sha1test: + (cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) TARGET=fips_sha1test sub_target) + +fips_sha1test: fips_sha1test.o $(TOP)/libcrypto.a + $(CC) $(CFLAGS) -o fips_sha1test fips_sha1test.o $(PEX_LIBS) $(TOP)/libcrypto.a $(EX_LIBS) + TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a fips_sha1test + +fips_test: top_fips_sha1test + -rm -rf ../testvectors/sha1/rsp + mkdir ../testvectors/sha1/rsp + ./fips_sha1test ../testvectors/sha1/req/sha.req > ../testvectors/sha1/rsp/sha.rsp + +lint: + lint -DLINT $(INCLUDES) $(SRC)>fluff + +depend: + $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(SRC) $(TEST) + +dclean: + $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new + mv -f Makefile.new $(MAKEFILE) + +clean: + rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE) + +# DO NOT DELETE THIS LINE -- make depend depends on it. + +fips_sha1_selftest.o: ../../include/openssl/bio.h +fips_sha1_selftest.o: ../../include/openssl/crypto.h +fips_sha1_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +fips_sha1_selftest.o: ../../include/openssl/fips.h +fips_sha1_selftest.o: ../../include/openssl/fips_sha.h +fips_sha1_selftest.o: ../../include/openssl/lhash.h +fips_sha1_selftest.o: ../../include/openssl/opensslconf.h +fips_sha1_selftest.o: ../../include/openssl/opensslv.h +fips_sha1_selftest.o: ../../include/openssl/safestack.h +fips_sha1_selftest.o: ../../include/openssl/stack.h +fips_sha1_selftest.o: ../../include/openssl/symhacks.h fips_sha1_selftest.c +fips_sha1dgst.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +fips_sha1dgst.o: ../../include/openssl/opensslconf.h +fips_sha1dgst.o: ../../include/openssl/opensslv.h +fips_sha1dgst.o: ../../include/openssl/safestack.h +fips_sha1dgst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +fips_sha1dgst.o: fips_sha1dgst.c +fips_sha1test.o: ../../e_os.h ../../include/openssl/bio.h +fips_sha1test.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +fips_sha1test.o: ../../include/openssl/err.h ../../include/openssl/fips.h +fips_sha1test.o: ../../include/openssl/fips_sha.h ../../include/openssl/lhash.h +fips_sha1test.o: ../../include/openssl/opensslconf.h +fips_sha1test.o: ../../include/openssl/opensslv.h +fips_sha1test.o: ../../include/openssl/safestack.h +fips_sha1test.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +fips_sha1test.o: fips_sha1test.c +fips_sha256.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +fips_sha256.o: ../../include/openssl/fips.h ../../include/openssl/fips_sha.h +fips_sha256.o: ../../include/openssl/opensslconf.h +fips_sha256.o: ../../include/openssl/opensslv.h +fips_sha256.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +fips_sha256.o: ../../include/openssl/symhacks.h fips_md32_common.h +fips_sha256.o: fips_sha256.c +fips_sha512.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +fips_sha512.o: ../../include/openssl/fips.h ../../include/openssl/fips_sha.h +fips_sha512.o: ../../include/openssl/opensslconf.h +fips_sha512.o: ../../include/openssl/opensslv.h +fips_sha512.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +fips_sha512.o: ../../include/openssl/symhacks.h fips_sha512.c +fips_standalone_sha1.o: ../../include/openssl/aes.h +fips_standalone_sha1.o: ../../include/openssl/asn1.h +fips_standalone_sha1.o: ../../include/openssl/bio.h +fips_standalone_sha1.o: ../../include/openssl/blowfish.h +fips_standalone_sha1.o: ../../include/openssl/bn.h ../../include/openssl/cast.h +fips_standalone_sha1.o: ../../include/openssl/crypto.h +fips_standalone_sha1.o: ../../include/openssl/des.h +fips_standalone_sha1.o: ../../include/openssl/des_old.h +fips_standalone_sha1.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +fips_standalone_sha1.o: ../../include/openssl/e_os2.h +fips_standalone_sha1.o: ../../include/openssl/evp.h +fips_standalone_sha1.o: ../../include/openssl/fips_sha.h +fips_standalone_sha1.o: ../../include/openssl/hmac.h +fips_standalone_sha1.o: ../../include/openssl/idea.h +fips_standalone_sha1.o: ../../include/openssl/md2.h ../../include/openssl/md4.h +fips_standalone_sha1.o: ../../include/openssl/md5.h +fips_standalone_sha1.o: ../../include/openssl/mdc2.h +fips_standalone_sha1.o: ../../include/openssl/obj_mac.h +fips_standalone_sha1.o: ../../include/openssl/objects.h +fips_standalone_sha1.o: ../../include/openssl/opensslconf.h +fips_standalone_sha1.o: ../../include/openssl/opensslv.h +fips_standalone_sha1.o: ../../include/openssl/ossl_typ.h +fips_standalone_sha1.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h +fips_standalone_sha1.o: ../../include/openssl/rc5.h +fips_standalone_sha1.o: ../../include/openssl/ripemd.h +fips_standalone_sha1.o: ../../include/openssl/rsa.h +fips_standalone_sha1.o: ../../include/openssl/safestack.h +fips_standalone_sha1.o: ../../include/openssl/sha.h +fips_standalone_sha1.o: ../../include/openssl/stack.h +fips_standalone_sha1.o: ../../include/openssl/symhacks.h +fips_standalone_sha1.o: ../../include/openssl/ui.h +fips_standalone_sha1.o: ../../include/openssl/ui_compat.h +fips_standalone_sha1.o: fips_standalone_sha1.c diff --git a/fips/sha/asm/fips-sx86-elf.s b/fips/sha/asm/fips-sx86-elf.s new file mode 100644 index 0000000000..2a4d98791d --- /dev/null +++ b/fips/sha/asm/fips-sx86-elf.s @@ -0,0 +1,1568 @@ + + + + + + + .file "sha1-586.s" + .version "01.01" +gcc2_compiled.: +.text + .align 16 +.globl sha1_block_asm_data_order + .type sha1_block_asm_data_order,@function +sha1_block_asm_data_order: + movl 12(%esp), %ecx + pushl %esi + sall $6, %ecx + movl 12(%esp), %esi + pushl %ebp + addl %esi, %ecx + pushl %ebx + movl 16(%esp), %ebp + pushl %edi + movl 12(%ebp), %edx + subl $108, %esp + movl 16(%ebp), %edi + movl 8(%ebp), %ebx + movl %ecx, 68(%esp) + +.L000start: + + movl (%esi), %eax + movl 4(%esi), %ecx + + xchgb %al, %ah + rorl $16, %eax + xchgb %al, %ah + + xchgb %cl, %ch + rorl $16, %ecx + xchgb %cl, %ch + movl %eax, (%esp) + movl %ecx, 4(%esp) + movl 8(%esi), %eax + movl 12(%esi), %ecx + + xchgb %al, %ah + rorl $16, %eax + xchgb %al, %ah + + xchgb %cl, %ch + rorl $16, %ecx + xchgb %cl, %ch + movl %eax, 8(%esp) + movl %ecx, 12(%esp) + movl 16(%esi), %eax + movl 20(%esi), %ecx + + xchgb %al, %ah + rorl $16, %eax + xchgb %al, %ah + + xchgb %cl, %ch + rorl $16, %ecx + xchgb %cl, %ch + movl %eax, 16(%esp) + movl %ecx, 20(%esp) + movl 24(%esi), %eax + movl 28(%esi), %ecx + + xchgb %al, %ah + rorl $16, %eax + xchgb %al, %ah + + xchgb %cl, %ch + rorl $16, %ecx + xchgb %cl, %ch + movl %eax, 24(%esp) + movl %ecx, 28(%esp) + movl 32(%esi), %eax + movl 36(%esi), %ecx + + xchgb %al, %ah + rorl $16, %eax + xchgb %al, %ah + + xchgb %cl, %ch + rorl $16, %ecx + xchgb %cl, %ch + movl %eax, 32(%esp) + movl %ecx, 36(%esp) + movl 40(%esi), %eax + movl 44(%esi), %ecx + + xchgb %al, %ah + rorl $16, %eax + xchgb %al, %ah + + xchgb %cl, %ch + rorl $16, %ecx + xchgb %cl, %ch + movl %eax, 40(%esp) + movl %ecx, 44(%esp) + movl 48(%esi), %eax + movl 52(%esi), %ecx + + xchgb %al, %ah + rorl $16, %eax + xchgb %al, %ah + + xchgb %cl, %ch + rorl $16, %ecx + xchgb %cl, %ch + movl %eax, 48(%esp) + movl %ecx, 52(%esp) + movl 56(%esi), %eax + movl 60(%esi), %ecx + + xchgb %al, %ah + rorl $16, %eax + xchgb %al, %ah + + xchgb %cl, %ch + rorl $16, %ecx + xchgb %cl, %ch + movl %eax, 56(%esp) + movl %ecx, 60(%esp) + + + movl %esi, 132(%esp) +.L001shortcut: + + + movl (%ebp), %eax + movl 4(%ebp), %ecx + + movl %eax, %ebp + movl %ebx, %esi + roll $5, %ebp + xorl %edx, %esi + andl %ecx, %esi + rorl $2, %ecx + addl %edi, %ebp + movl (%esp), %edi + xorl %edx, %esi + leal 1518500249(%ebp,%edi,1),%ebp + addl %ebp, %esi + + movl %esi, %ebp + movl %ecx, %edi + roll $5, %ebp + xorl %ebx, %edi + andl %eax, %edi + rorl $2, %eax + addl %edx, %ebp + movl 4(%esp), %edx + xorl %ebx, %edi + leal 1518500249(%ebp,%edx,1),%ebp + addl %ebp, %edi + + movl %edi, %ebp + movl %eax, %edx + roll $5, %ebp + xorl %ecx, %edx + andl %esi, %edx + rorl $2, %esi + addl %ebx, %ebp + movl 8(%esp), %ebx + xorl %ecx, %edx + leal 1518500249(%ebp,%ebx,1),%ebp + addl %ebp, %edx + + movl %edx, %ebp + movl %esi, %ebx + roll $5, %ebp + xorl %eax, %ebx + andl %edi, %ebx + rorl $2, %edi + addl %ecx, %ebp + movl 12(%esp), %ecx + xorl %eax, %ebx + leal 1518500249(%ebp,%ecx,1),%ebp + addl %ebp, %ebx + + movl %ebx, %ebp + movl %edi, %ecx + roll $5, %ebp + xorl %esi, %ecx + andl %edx, %ecx + rorl $2, %edx + addl %eax, %ebp + movl 16(%esp), %eax + xorl %esi, %ecx + leal 1518500249(%ebp,%eax,1),%ebp + addl %ebp, %ecx + + movl %ecx, %ebp + movl %edx, %eax + roll $5, %ebp + xorl %edi, %eax + andl %ebx, %eax + rorl $2, %ebx + addl %esi, %ebp + movl 20(%esp), %esi + xorl %edi, %eax + leal 1518500249(%ebp,%esi,1),%ebp + addl %ebp, %eax + + movl %eax, %ebp + movl %ebx, %esi + roll $5, %ebp + xorl %edx, %esi + andl %ecx, %esi + rorl $2, %ecx + addl %edi, %ebp + movl 24(%esp), %edi + xorl %edx, %esi + leal 1518500249(%ebp,%edi,1),%ebp + addl %ebp, %esi + + movl %esi, %ebp + movl %ecx, %edi + roll $5, %ebp + xorl %ebx, %edi + andl %eax, %edi + rorl $2, %eax + addl %edx, %ebp + movl 28(%esp), %edx + xorl %ebx, %edi + leal 1518500249(%ebp,%edx,1),%ebp + addl %ebp, %edi + + movl %edi, %ebp + movl %eax, %edx + roll $5, %ebp + xorl %ecx, %edx + andl %esi, %edx + rorl $2, %esi + addl %ebx, %ebp + movl 32(%esp), %ebx + xorl %ecx, %edx + leal 1518500249(%ebp,%ebx,1),%ebp + addl %ebp, %edx + + movl %edx, %ebp + movl %esi, %ebx + roll $5, %ebp + xorl %eax, %ebx + andl %edi, %ebx + rorl $2, %edi + addl %ecx, %ebp + movl 36(%esp), %ecx + xorl %eax, %ebx + leal 1518500249(%ebp,%ecx,1),%ebp + addl %ebp, %ebx + + movl %ebx, %ebp + movl %edi, %ecx + roll $5, %ebp + xorl %esi, %ecx + andl %edx, %ecx + rorl $2, %edx + addl %eax, %ebp + movl 40(%esp), %eax + xorl %esi, %ecx + leal 1518500249(%ebp,%eax,1),%ebp + addl %ebp, %ecx + + movl %ecx, %ebp + movl %edx, %eax + roll $5, %ebp + xorl %edi, %eax + andl %ebx, %eax + rorl $2, %ebx + addl %esi, %ebp + movl 44(%esp), %esi + xorl %edi, %eax + leal 1518500249(%ebp,%esi,1),%ebp + addl %ebp, %eax + + movl %eax, %ebp + movl %ebx, %esi + roll $5, %ebp + xorl %edx, %esi + andl %ecx, %esi + rorl $2, %ecx + addl %edi, %ebp + movl 48(%esp), %edi + xorl %edx, %esi + leal 1518500249(%ebp,%edi,1),%ebp + addl %ebp, %esi + + movl %esi, %ebp + movl %ecx, %edi + roll $5, %ebp + xorl %ebx, %edi + andl %eax, %edi + rorl $2, %eax + addl %edx, %ebp + movl 52(%esp), %edx + xorl %ebx, %edi + leal 1518500249(%ebp,%edx,1),%ebp + addl %ebp, %edi + + movl %edi, %ebp + movl %eax, %edx + roll $5, %ebp + xorl %ecx, %edx + andl %esi, %edx + rorl $2, %esi + addl %ebx, %ebp + movl 56(%esp), %ebx + xorl %ecx, %edx + leal 1518500249(%ebp,%ebx,1),%ebp + addl %ebp, %edx + + movl %edx, %ebp + movl %esi, %ebx + roll $5, %ebp + xorl %eax, %ebx + andl %edi, %ebx + rorl $2, %edi + addl %ecx, %ebp + movl 60(%esp), %ecx + xorl %eax, %ebx + leal 1518500249(%ebp,%ecx,1),%ebp + addl %ebp, %ebx + + movl 8(%esp), %ecx + movl %edi, %ebp + xorl (%esp), %ecx + xorl %esi, %ebp + xorl 32(%esp), %ecx + andl %edx, %ebp + xorl 52(%esp), %ecx + rorl $2, %edx + xorl %esi, %ebp +.byte 209 +.byte 193 + movl %ecx, (%esp) + leal 1518500249(%ecx,%eax,1),%ecx + movl %ebx, %eax + addl %ebp, %ecx + roll $5, %eax + addl %eax, %ecx + + movl 12(%esp), %eax + movl %edx, %ebp + xorl 4(%esp), %eax + xorl %edi, %ebp + xorl 36(%esp), %eax + andl %ebx, %ebp + xorl 56(%esp), %eax + rorl $2, %ebx + xorl %edi, %ebp +.byte 209 +.byte 192 + movl %eax, 4(%esp) + leal 1518500249(%eax,%esi,1),%eax + movl %ecx, %esi + addl %ebp, %eax + roll $5, %esi + addl %esi, %eax + + movl 16(%esp), %esi + movl %ebx, %ebp + xorl 8(%esp), %esi + xorl %edx, %ebp + xorl 40(%esp), %esi + andl %ecx, %ebp + xorl 60(%esp), %esi + rorl $2, %ecx + xorl %edx, %ebp +.byte 209 +.byte 198 + movl %esi, 8(%esp) + leal 1518500249(%esi,%edi,1),%esi + movl %eax, %edi + addl %ebp, %esi + roll $5, %edi + addl %edi, %esi + + movl 20(%esp), %edi + movl %ecx, %ebp + xorl 12(%esp), %edi + xorl %ebx, %ebp + xorl 44(%esp), %edi + andl %eax, %ebp + xorl (%esp), %edi + rorl $2, %eax + xorl %ebx, %ebp +.byte 209 +.byte 199 + movl %edi, 12(%esp) + leal 1518500249(%edi,%edx,1),%edi + movl %esi, %edx + addl %ebp, %edi + roll $5, %edx + addl %edx, %edi + + movl 16(%esp), %edx + movl %esi, %ebp + xorl 24(%esp), %edx + rorl $2, %esi + xorl 48(%esp), %edx + xorl %eax, %ebp + xorl 4(%esp), %edx + xorl %ecx, %ebp +.byte 209 +.byte 194 + movl %edx, 16(%esp) + leal 1859775393(%edx,%ebx,1),%edx + movl %edi, %ebx + roll $5, %ebx + addl %ebp, %edx + addl %ebx, %edx + + movl 20(%esp), %ebx + movl %edi, %ebp + xorl 28(%esp), %ebx + rorl $2, %edi + xorl 52(%esp), %ebx + xorl %esi, %ebp + xorl 8(%esp), %ebx + xorl %eax, %ebp +.byte 209 +.byte 195 + movl %ebx, 20(%esp) + leal 1859775393(%ebx,%ecx,1),%ebx + movl %edx, %ecx + roll $5, %ecx + addl %ebp, %ebx + addl %ecx, %ebx + + movl 24(%esp), %ecx + movl %edx, %ebp + xorl 32(%esp), %ecx + rorl $2, %edx + xorl 56(%esp), %ecx + xorl %edi, %ebp + xorl 12(%esp), %ecx + xorl %esi, %ebp +.byte 209 +.byte 193 + movl %ecx, 24(%esp) + leal 1859775393(%ecx,%eax,1),%ecx + movl %ebx, %eax + roll $5, %eax + addl %ebp, %ecx + addl %eax, %ecx + + movl 28(%esp), %eax + movl %ebx, %ebp + xorl 36(%esp), %eax + rorl $2, %ebx + xorl 60(%esp), %eax + xorl %edx, %ebp + xorl 16(%esp), %eax + xorl %edi, %ebp +.byte 209 +.byte 192 + movl %eax, 28(%esp) + leal 1859775393(%eax,%esi,1),%eax + movl %ecx, %esi + roll $5, %esi + addl %ebp, %eax + addl %esi, %eax + + movl 32(%esp), %esi + movl %ecx, %ebp + xorl 40(%esp), %esi + rorl $2, %ecx + xorl (%esp), %esi + xorl %ebx, %ebp + xorl 20(%esp), %esi + xorl %edx, %ebp +.byte 209 +.byte 198 + movl %esi, 32(%esp) + leal 1859775393(%esi,%edi,1),%esi + movl %eax, %edi + roll $5, %edi + addl %ebp, %esi + addl %edi, %esi + + movl 36(%esp), %edi + movl %eax, %ebp + xorl 44(%esp), %edi + rorl $2, %eax + xorl 4(%esp), %edi + xorl %ecx, %ebp + xorl 24(%esp), %edi + xorl %ebx, %ebp +.byte 209 +.byte 199 + movl %edi, 36(%esp) + leal 1859775393(%edi,%edx,1),%edi + movl %esi, %edx + roll $5, %edx + addl %ebp, %edi + addl %edx, %edi + + movl 40(%esp), %edx + movl %esi, %ebp + xorl 48(%esp), %edx + rorl $2, %esi + xorl 8(%esp), %edx + xorl %eax, %ebp + xorl 28(%esp), %edx + xorl %ecx, %ebp +.byte 209 +.byte 194 + movl %edx, 40(%esp) + leal 1859775393(%edx,%ebx,1),%edx + movl %edi, %ebx + roll $5, %ebx + addl %ebp, %edx + addl %ebx, %edx + + movl 44(%esp), %ebx + movl %edi, %ebp + xorl 52(%esp), %ebx + rorl $2, %edi + xorl 12(%esp), %ebx + xorl %esi, %ebp + xorl 32(%esp), %ebx + xorl %eax, %ebp +.byte 209 +.byte 195 + movl %ebx, 44(%esp) + leal 1859775393(%ebx,%ecx,1),%ebx + movl %edx, %ecx + roll $5, %ecx + addl %ebp, %ebx + addl %ecx, %ebx + + movl 48(%esp), %ecx + movl %edx, %ebp + xorl 56(%esp), %ecx + rorl $2, %edx + xorl 16(%esp), %ecx + xorl %edi, %ebp + xorl 36(%esp), %ecx + xorl %esi, %ebp +.byte 209 +.byte 193 + movl %ecx, 48(%esp) + leal 1859775393(%ecx,%eax,1),%ecx + movl %ebx, %eax + roll $5, %eax + addl %ebp, %ecx + addl %eax, %ecx + + movl 52(%esp), %eax + movl %ebx, %ebp + xorl 60(%esp), %eax + rorl $2, %ebx + xorl 20(%esp), %eax + xorl %edx, %ebp + xorl 40(%esp), %eax + xorl %edi, %ebp +.byte 209 +.byte 192 + movl %eax, 52(%esp) + leal 1859775393(%eax,%esi,1),%eax + movl %ecx, %esi + roll $5, %esi + addl %ebp, %eax + addl %esi, %eax + + movl 56(%esp), %esi + movl %ecx, %ebp + xorl (%esp), %esi + rorl $2, %ecx + xorl 24(%esp), %esi + xorl %ebx, %ebp + xorl 44(%esp), %esi + xorl %edx, %ebp +.byte 209 +.byte 198 + movl %esi, 56(%esp) + leal 1859775393(%esi,%edi,1),%esi + movl %eax, %edi + roll $5, %edi + addl %ebp, %esi + addl %edi, %esi + + movl 60(%esp), %edi + movl %eax, %ebp + xorl 4(%esp), %edi + rorl $2, %eax + xorl 28(%esp), %edi + xorl %ecx, %ebp + xorl 48(%esp), %edi + xorl %ebx, %ebp +.byte 209 +.byte 199 + movl %edi, 60(%esp) + leal 1859775393(%edi,%edx,1),%edi + movl %esi, %edx + roll $5, %edx + addl %ebp, %edi + addl %edx, %edi + + movl (%esp), %edx + movl %esi, %ebp + xorl 8(%esp), %edx + rorl $2, %esi + xorl 32(%esp), %edx + xorl %eax, %ebp + xorl 52(%esp), %edx + xorl %ecx, %ebp +.byte 209 +.byte 194 + movl %edx, (%esp) + leal 1859775393(%edx,%ebx,1),%edx + movl %edi, %ebx + roll $5, %ebx + addl %ebp, %edx + addl %ebx, %edx + + movl 4(%esp), %ebx + movl %edi, %ebp + xorl 12(%esp), %ebx + rorl $2, %edi + xorl 36(%esp), %ebx + xorl %esi, %ebp + xorl 56(%esp), %ebx + xorl %eax, %ebp +.byte 209 +.byte 195 + movl %ebx, 4(%esp) + leal 1859775393(%ebx,%ecx,1),%ebx + movl %edx, %ecx + roll $5, %ecx + addl %ebp, %ebx + addl %ecx, %ebx + + movl 8(%esp), %ecx + movl %edx, %ebp + xorl 16(%esp), %ecx + rorl $2, %edx + xorl 40(%esp), %ecx + xorl %edi, %ebp + xorl 60(%esp), %ecx + xorl %esi, %ebp +.byte 209 +.byte 193 + movl %ecx, 8(%esp) + leal 1859775393(%ecx,%eax,1),%ecx + movl %ebx, %eax + roll $5, %eax + addl %ebp, %ecx + addl %eax, %ecx + + movl 12(%esp), %eax + movl %ebx, %ebp + xorl 20(%esp), %eax + rorl $2, %ebx + xorl 44(%esp), %eax + xorl %edx, %ebp + xorl (%esp), %eax + xorl %edi, %ebp +.byte 209 +.byte 192 + movl %eax, 12(%esp) + leal 1859775393(%eax,%esi,1),%eax + movl %ecx, %esi + roll $5, %esi + addl %ebp, %eax + addl %esi, %eax + + movl 16(%esp), %esi + movl %ecx, %ebp + xorl 24(%esp), %esi + rorl $2, %ecx + xorl 48(%esp), %esi + xorl %ebx, %ebp + xorl 4(%esp), %esi + xorl %edx, %ebp +.byte 209 +.byte 198 + movl %esi, 16(%esp) + leal 1859775393(%esi,%edi,1),%esi + movl %eax, %edi + roll $5, %edi + addl %ebp, %esi + addl %edi, %esi + + movl 20(%esp), %edi + movl %eax, %ebp + xorl 28(%esp), %edi + rorl $2, %eax + xorl 52(%esp), %edi + xorl %ecx, %ebp + xorl 8(%esp), %edi + xorl %ebx, %ebp +.byte 209 +.byte 199 + movl %edi, 20(%esp) + leal 1859775393(%edi,%edx,1),%edi + movl %esi, %edx + roll $5, %edx + addl %ebp, %edi + addl %edx, %edi + + movl 24(%esp), %edx + movl %esi, %ebp + xorl 32(%esp), %edx + rorl $2, %esi + xorl 56(%esp), %edx + xorl %eax, %ebp + xorl 12(%esp), %edx + xorl %ecx, %ebp +.byte 209 +.byte 194 + movl %edx, 24(%esp) + leal 1859775393(%edx,%ebx,1),%edx + movl %edi, %ebx + roll $5, %ebx + addl %ebp, %edx + addl %ebx, %edx + + movl 28(%esp), %ebx + movl %edi, %ebp + xorl 36(%esp), %ebx + rorl $2, %edi + xorl 60(%esp), %ebx + xorl %esi, %ebp + xorl 16(%esp), %ebx + xorl %eax, %ebp +.byte 209 +.byte 195 + movl %ebx, 28(%esp) + leal 1859775393(%ebx,%ecx,1),%ebx + movl %edx, %ecx + roll $5, %ecx + addl %ebp, %ebx + addl %ecx, %ebx + + movl 32(%esp), %ecx + movl %edx, %ebp + xorl 40(%esp), %ecx + orl %edi, %ebp + xorl (%esp), %ecx + andl %esi, %ebp + xorl 20(%esp), %ecx +.byte 209 +.byte 193 + movl %ecx, 32(%esp) + leal 2400959708(%ecx,%eax,1),%ecx + movl %edx, %eax + rorl $2, %edx + andl %edi, %eax + orl %eax, %ebp + movl %ebx, %eax + roll $5, %eax + addl %eax, %ebp + addl %ebp, %ecx + + movl 36(%esp), %eax + movl %ebx, %ebp + xorl 44(%esp), %eax + orl %edx, %ebp + xorl 4(%esp), %eax + andl %edi, %ebp + xorl 24(%esp), %eax +.byte 209 +.byte 192 + movl %eax, 36(%esp) + leal 2400959708(%eax,%esi,1),%eax + movl %ebx, %esi + rorl $2, %ebx + andl %edx, %esi + orl %esi, %ebp + movl %ecx, %esi + roll $5, %esi + addl %esi, %ebp + addl %ebp, %eax + + movl 40(%esp), %esi + movl %ecx, %ebp + xorl 48(%esp), %esi + orl %ebx, %ebp + xorl 8(%esp), %esi + andl %edx, %ebp + xorl 28(%esp), %esi +.byte 209 +.byte 198 + movl %esi, 40(%esp) + leal 2400959708(%esi,%edi,1),%esi + movl %ecx, %edi + rorl $2, %ecx + andl %ebx, %edi + orl %edi, %ebp + movl %eax, %edi + roll $5, %edi + addl %edi, %ebp + addl %ebp, %esi + + movl 44(%esp), %edi + movl %eax, %ebp + xorl 52(%esp), %edi + orl %ecx, %ebp + xorl 12(%esp), %edi + andl %ebx, %ebp + xorl 32(%esp), %edi +.byte 209 +.byte 199 + movl %edi, 44(%esp) + leal 2400959708(%edi,%edx,1),%edi + movl %eax, %edx + rorl $2, %eax + andl %ecx, %edx + orl %edx, %ebp + movl %esi, %edx + roll $5, %edx + addl %edx, %ebp + addl %ebp, %edi + + movl 48(%esp), %edx + movl %esi, %ebp + xorl 56(%esp), %edx + orl %eax, %ebp + xorl 16(%esp), %edx + andl %ecx, %ebp + xorl 36(%esp), %edx +.byte 209 +.byte 194 + movl %edx, 48(%esp) + leal 2400959708(%edx,%ebx,1),%edx + movl %esi, %ebx + rorl $2, %esi + andl %eax, %ebx + orl %ebx, %ebp + movl %edi, %ebx + roll $5, %ebx + addl %ebx, %ebp + addl %ebp, %edx + + movl 52(%esp), %ebx + movl %edi, %ebp + xorl 60(%esp), %ebx + orl %esi, %ebp + xorl 20(%esp), %ebx + andl %eax, %ebp + xorl 40(%esp), %ebx +.byte 209 +.byte 195 + movl %ebx, 52(%esp) + leal 2400959708(%ebx,%ecx,1),%ebx + movl %edi, %ecx + rorl $2, %edi + andl %esi, %ecx + orl %ecx, %ebp + movl %edx, %ecx + roll $5, %ecx + addl %ecx, %ebp + addl %ebp, %ebx + + movl 56(%esp), %ecx + movl %edx, %ebp + xorl (%esp), %ecx + orl %edi, %ebp + xorl 24(%esp), %ecx + andl %esi, %ebp + xorl 44(%esp), %ecx +.byte 209 +.byte 193 + movl %ecx, 56(%esp) + leal 2400959708(%ecx,%eax,1),%ecx + movl %edx, %eax + rorl $2, %edx + andl %edi, %eax + orl %eax, %ebp + movl %ebx, %eax + roll $5, %eax + addl %eax, %ebp + addl %ebp, %ecx + + movl 60(%esp), %eax + movl %ebx, %ebp + xorl 4(%esp), %eax + orl %edx, %ebp + xorl 28(%esp), %eax + andl %edi, %ebp + xorl 48(%esp), %eax +.byte 209 +.byte 192 + movl %eax, 60(%esp) + leal 2400959708(%eax,%esi,1),%eax + movl %ebx, %esi + rorl $2, %ebx + andl %edx, %esi + orl %esi, %ebp + movl %ecx, %esi + roll $5, %esi + addl %esi, %ebp + addl %ebp, %eax + + movl (%esp), %esi + movl %ecx, %ebp + xorl 8(%esp), %esi + orl %ebx, %ebp + xorl 32(%esp), %esi + andl %edx, %ebp + xorl 52(%esp), %esi +.byte 209 +.byte 198 + movl %esi, (%esp) + leal 2400959708(%esi,%edi,1),%esi + movl %ecx, %edi + rorl $2, %ecx + andl %ebx, %edi + orl %edi, %ebp + movl %eax, %edi + roll $5, %edi + addl %edi, %ebp + addl %ebp, %esi + + movl 4(%esp), %edi + movl %eax, %ebp + xorl 12(%esp), %edi + orl %ecx, %ebp + xorl 36(%esp), %edi + andl %ebx, %ebp + xorl 56(%esp), %edi +.byte 209 +.byte 199 + movl %edi, 4(%esp) + leal 2400959708(%edi,%edx,1),%edi + movl %eax, %edx + rorl $2, %eax + andl %ecx, %edx + orl %edx, %ebp + movl %esi, %edx + roll $5, %edx + addl %edx, %ebp + addl %ebp, %edi + + movl 8(%esp), %edx + movl %esi, %ebp + xorl 16(%esp), %edx + orl %eax, %ebp + xorl 40(%esp), %edx + andl %ecx, %ebp + xorl 60(%esp), %edx +.byte 209 +.byte 194 + movl %edx, 8(%esp) + leal 2400959708(%edx,%ebx,1),%edx + movl %esi, %ebx + rorl $2, %esi + andl %eax, %ebx + orl %ebx, %ebp + movl %edi, %ebx + roll $5, %ebx + addl %ebx, %ebp + addl %ebp, %edx + + movl 12(%esp), %ebx + movl %edi, %ebp + xorl 20(%esp), %ebx + orl %esi, %ebp + xorl 44(%esp), %ebx + andl %eax, %ebp + xorl (%esp), %ebx +.byte 209 +.byte 195 + movl %ebx, 12(%esp) + leal 2400959708(%ebx,%ecx,1),%ebx + movl %edi, %ecx + rorl $2, %edi + andl %esi, %ecx + orl %ecx, %ebp + movl %edx, %ecx + roll $5, %ecx + addl %ecx, %ebp + addl %ebp, %ebx + + movl 16(%esp), %ecx + movl %edx, %ebp + xorl 24(%esp), %ecx + orl %edi, %ebp + xorl 48(%esp), %ecx + andl %esi, %ebp + xorl 4(%esp), %ecx +.byte 209 +.byte 193 + movl %ecx, 16(%esp) + leal 2400959708(%ecx,%eax,1),%ecx + movl %edx, %eax + rorl $2, %edx + andl %edi, %eax + orl %eax, %ebp + movl %ebx, %eax + roll $5, %eax + addl %eax, %ebp + addl %ebp, %ecx + + movl 20(%esp), %eax + movl %ebx, %ebp + xorl 28(%esp), %eax + orl %edx, %ebp + xorl 52(%esp), %eax + andl %edi, %ebp + xorl 8(%esp), %eax +.byte 209 +.byte 192 + movl %eax, 20(%esp) + leal 2400959708(%eax,%esi,1),%eax + movl %ebx, %esi + rorl $2, %ebx + andl %edx, %esi + orl %esi, %ebp + movl %ecx, %esi + roll $5, %esi + addl %esi, %ebp + addl %ebp, %eax + + movl 24(%esp), %esi + movl %ecx, %ebp + xorl 32(%esp), %esi + orl %ebx, %ebp + xorl 56(%esp), %esi + andl %edx, %ebp + xorl 12(%esp), %esi +.byte 209 +.byte 198 + movl %esi, 24(%esp) + leal 2400959708(%esi,%edi,1),%esi + movl %ecx, %edi + rorl $2, %ecx + andl %ebx, %edi + orl %edi, %ebp + movl %eax, %edi + roll $5, %edi + addl %edi, %ebp + addl %ebp, %esi + + movl 28(%esp), %edi + movl %eax, %ebp + xorl 36(%esp), %edi + orl %ecx, %ebp + xorl 60(%esp), %edi + andl %ebx, %ebp + xorl 16(%esp), %edi +.byte 209 +.byte 199 + movl %edi, 28(%esp) + leal 2400959708(%edi,%edx,1),%edi + movl %eax, %edx + rorl $2, %eax + andl %ecx, %edx + orl %edx, %ebp + movl %esi, %edx + roll $5, %edx + addl %edx, %ebp + addl %ebp, %edi + + movl 32(%esp), %edx + movl %esi, %ebp + xorl 40(%esp), %edx + orl %eax, %ebp + xorl (%esp), %edx + andl %ecx, %ebp + xorl 20(%esp), %edx +.byte 209 +.byte 194 + movl %edx, 32(%esp) + leal 2400959708(%edx,%ebx,1),%edx + movl %esi, %ebx + rorl $2, %esi + andl %eax, %ebx + orl %ebx, %ebp + movl %edi, %ebx + roll $5, %ebx + addl %ebx, %ebp + addl %ebp, %edx + + movl 36(%esp), %ebx + movl %edi, %ebp + xorl 44(%esp), %ebx + orl %esi, %ebp + xorl 4(%esp), %ebx + andl %eax, %ebp + xorl 24(%esp), %ebx +.byte 209 +.byte 195 + movl %ebx, 36(%esp) + leal 2400959708(%ebx,%ecx,1),%ebx + movl %edi, %ecx + rorl $2, %edi + andl %esi, %ecx + orl %ecx, %ebp + movl %edx, %ecx + roll $5, %ecx + addl %ecx, %ebp + addl %ebp, %ebx + + movl 40(%esp), %ecx + movl %edx, %ebp + xorl 48(%esp), %ecx + orl %edi, %ebp + xorl 8(%esp), %ecx + andl %esi, %ebp + xorl 28(%esp), %ecx +.byte 209 +.byte 193 + movl %ecx, 40(%esp) + leal 2400959708(%ecx,%eax,1),%ecx + movl %edx, %eax + rorl $2, %edx + andl %edi, %eax + orl %eax, %ebp + movl %ebx, %eax + roll $5, %eax + addl %eax, %ebp + addl %ebp, %ecx + + movl 44(%esp), %eax + movl %ebx, %ebp + xorl 52(%esp), %eax + orl %edx, %ebp + xorl 12(%esp), %eax + andl %edi, %ebp + xorl 32(%esp), %eax +.byte 209 +.byte 192 + movl %eax, 44(%esp) + leal 2400959708(%eax,%esi,1),%eax + movl %ebx, %esi + rorl $2, %ebx + andl %edx, %esi + orl %esi, %ebp + movl %ecx, %esi + roll $5, %esi + addl %esi, %ebp + addl %ebp, %eax + + movl 48(%esp), %esi + movl %ecx, %ebp + xorl 56(%esp), %esi + rorl $2, %ecx + xorl 16(%esp), %esi + xorl %ebx, %ebp + xorl 36(%esp), %esi + xorl %edx, %ebp +.byte 209 +.byte 198 + movl %esi, 48(%esp) + leal 3395469782(%esi,%edi,1),%esi + movl %eax, %edi + roll $5, %edi + addl %ebp, %esi + addl %edi, %esi + + movl 52(%esp), %edi + movl %eax, %ebp + xorl 60(%esp), %edi + rorl $2, %eax + xorl 20(%esp), %edi + xorl %ecx, %ebp + xorl 40(%esp), %edi + xorl %ebx, %ebp +.byte 209 +.byte 199 + movl %edi, 52(%esp) + leal 3395469782(%edi,%edx,1),%edi + movl %esi, %edx + roll $5, %edx + addl %ebp, %edi + addl %edx, %edi + + movl 56(%esp), %edx + movl %esi, %ebp + xorl (%esp), %edx + rorl $2, %esi + xorl 24(%esp), %edx + xorl %eax, %ebp + xorl 44(%esp), %edx + xorl %ecx, %ebp +.byte 209 +.byte 194 + movl %edx, 56(%esp) + leal 3395469782(%edx,%ebx,1),%edx + movl %edi, %ebx + roll $5, %ebx + addl %ebp, %edx + addl %ebx, %edx + + movl 60(%esp), %ebx + movl %edi, %ebp + xorl 4(%esp), %ebx + rorl $2, %edi + xorl 28(%esp), %ebx + xorl %esi, %ebp + xorl 48(%esp), %ebx + xorl %eax, %ebp +.byte 209 +.byte 195 + movl %ebx, 60(%esp) + leal 3395469782(%ebx,%ecx,1),%ebx + movl %edx, %ecx + roll $5, %ecx + addl %ebp, %ebx + addl %ecx, %ebx + + movl (%esp), %ecx + movl %edx, %ebp + xorl 8(%esp), %ecx + rorl $2, %edx + xorl 32(%esp), %ecx + xorl %edi, %ebp + xorl 52(%esp), %ecx + xorl %esi, %ebp +.byte 209 +.byte 193 + movl %ecx, (%esp) + leal 3395469782(%ecx,%eax,1),%ecx + movl %ebx, %eax + roll $5, %eax + addl %ebp, %ecx + addl %eax, %ecx + + movl 4(%esp), %eax + movl %ebx, %ebp + xorl 12(%esp), %eax + rorl $2, %ebx + xorl 36(%esp), %eax + xorl %edx, %ebp + xorl 56(%esp), %eax + xorl %edi, %ebp +.byte 209 +.byte 192 + movl %eax, 4(%esp) + leal 3395469782(%eax,%esi,1),%eax + movl %ecx, %esi + roll $5, %esi + addl %ebp, %eax + addl %esi, %eax + + movl 8(%esp), %esi + movl %ecx, %ebp + xorl 16(%esp), %esi + rorl $2, %ecx + xorl 40(%esp), %esi + xorl %ebx, %ebp + xorl 60(%esp), %esi + xorl %edx, %ebp +.byte 209 +.byte 198 + movl %esi, 8(%esp) + leal 3395469782(%esi,%edi,1),%esi + movl %eax, %edi + roll $5, %edi + addl %ebp, %esi + addl %edi, %esi + + movl 12(%esp), %edi + movl %eax, %ebp + xorl 20(%esp), %edi + rorl $2, %eax + xorl 44(%esp), %edi + xorl %ecx, %ebp + xorl (%esp), %edi + xorl %ebx, %ebp +.byte 209 +.byte 199 + movl %edi, 12(%esp) + leal 3395469782(%edi,%edx,1),%edi + movl %esi, %edx + roll $5, %edx + addl %ebp, %edi + addl %edx, %edi + + movl 16(%esp), %edx + movl %esi, %ebp + xorl 24(%esp), %edx + rorl $2, %esi + xorl 48(%esp), %edx + xorl %eax, %ebp + xorl 4(%esp), %edx + xorl %ecx, %ebp +.byte 209 +.byte 194 + movl %edx, 16(%esp) + leal 3395469782(%edx,%ebx,1),%edx + movl %edi, %ebx + roll $5, %ebx + addl %ebp, %edx + addl %ebx, %edx + + movl 20(%esp), %ebx + movl %edi, %ebp + xorl 28(%esp), %ebx + rorl $2, %edi + xorl 52(%esp), %ebx + xorl %esi, %ebp + xorl 8(%esp), %ebx + xorl %eax, %ebp +.byte 209 +.byte 195 + movl %ebx, 20(%esp) + leal 3395469782(%ebx,%ecx,1),%ebx + movl %edx, %ecx + roll $5, %ecx + addl %ebp, %ebx + addl %ecx, %ebx + + movl 24(%esp), %ecx + movl %edx, %ebp + xorl 32(%esp), %ecx + rorl $2, %edx + xorl 56(%esp), %ecx + xorl %edi, %ebp + xorl 12(%esp), %ecx + xorl %esi, %ebp +.byte 209 +.byte 193 + movl %ecx, 24(%esp) + leal 3395469782(%ecx,%eax,1),%ecx + movl %ebx, %eax + roll $5, %eax + addl %ebp, %ecx + addl %eax, %ecx + + movl 28(%esp), %eax + movl %ebx, %ebp + xorl 36(%esp), %eax + rorl $2, %ebx + xorl 60(%esp), %eax + xorl %edx, %ebp + xorl 16(%esp), %eax + xorl %edi, %ebp +.byte 209 +.byte 192 + movl %eax, 28(%esp) + leal 3395469782(%eax,%esi,1),%eax + movl %ecx, %esi + roll $5, %esi + addl %ebp, %eax + addl %esi, %eax + + movl 32(%esp), %esi + movl %ecx, %ebp + xorl 40(%esp), %esi + rorl $2, %ecx + xorl (%esp), %esi + xorl %ebx, %ebp + xorl 20(%esp), %esi + xorl %edx, %ebp +.byte 209 +.byte 198 + movl %esi, 32(%esp) + leal 3395469782(%esi,%edi,1),%esi + movl %eax, %edi + roll $5, %edi + addl %ebp, %esi + addl %edi, %esi + + movl 36(%esp), %edi + movl %eax, %ebp + xorl 44(%esp), %edi + rorl $2, %eax + xorl 4(%esp), %edi + xorl %ecx, %ebp + xorl 24(%esp), %edi + xorl %ebx, %ebp +.byte 209 +.byte 199 + movl %edi, 36(%esp) + leal 3395469782(%edi,%edx,1),%edi + movl %esi, %edx + roll $5, %edx + addl %ebp, %edi + addl %edx, %edi + + movl 40(%esp), %edx + movl %esi, %ebp + xorl 48(%esp), %edx + rorl $2, %esi + xorl 8(%esp), %edx + xorl %eax, %ebp + xorl 28(%esp), %edx + xorl %ecx, %ebp +.byte 209 +.byte 194 + movl %edx, 40(%esp) + leal 3395469782(%edx,%ebx,1),%edx + movl %edi, %ebx + roll $5, %ebx + addl %ebp, %edx + addl %ebx, %edx + + movl 44(%esp), %ebx + movl %edi, %ebp + xorl 52(%esp), %ebx + rorl $2, %edi + xorl 12(%esp), %ebx + xorl %esi, %ebp + xorl 32(%esp), %ebx + xorl %eax, %ebp +.byte 209 +.byte 195 + movl %ebx, 44(%esp) + leal 3395469782(%ebx,%ecx,1),%ebx + movl %edx, %ecx + roll $5, %ecx + addl %ebp, %ebx + addl %ecx, %ebx + + movl 48(%esp), %ecx + movl %edx, %ebp + xorl 56(%esp), %ecx + rorl $2, %edx + xorl 16(%esp), %ecx + xorl %edi, %ebp + xorl 36(%esp), %ecx + xorl %esi, %ebp +.byte 209 +.byte 193 + movl %ecx, 48(%esp) + leal 3395469782(%ecx,%eax,1),%ecx + movl %ebx, %eax + roll $5, %eax + addl %ebp, %ecx + addl %eax, %ecx + + movl 52(%esp), %eax + movl %ebx, %ebp + xorl 60(%esp), %eax + rorl $2, %ebx + xorl 20(%esp), %eax + xorl %edx, %ebp + xorl 40(%esp), %eax + xorl %edi, %ebp +.byte 209 +.byte 192 + movl %eax, 52(%esp) + leal 3395469782(%eax,%esi,1),%eax + movl %ecx, %esi + roll $5, %esi + addl %ebp, %eax + addl %esi, %eax + + movl 56(%esp), %esi + movl %ecx, %ebp + xorl (%esp), %esi + rorl $2, %ecx + xorl 24(%esp), %esi + xorl %ebx, %ebp + xorl 44(%esp), %esi + xorl %edx, %ebp +.byte 209 +.byte 198 + movl %esi, 56(%esp) + leal 3395469782(%esi,%edi,1),%esi + movl %eax, %edi + roll $5, %edi + addl %ebp, %esi + addl %edi, %esi + + movl 60(%esp), %edi + movl %eax, %ebp + xorl 4(%esp), %edi + rorl $2, %eax + xorl 28(%esp), %edi + xorl %ecx, %ebp + xorl 48(%esp), %edi + xorl %ebx, %ebp +.byte 209 +.byte 199 + movl %edi, 60(%esp) + leal 3395469782(%edi,%edx,1),%edi + movl %esi, %edx + roll $5, %edx + addl %ebp, %edi + addl %edx, %edi + + + movl 128(%esp), %ebp + movl 12(%ebp), %edx + addl %ecx, %edx + movl 4(%ebp), %ecx + addl %esi, %ecx + movl %eax, %esi + movl (%ebp), %eax + movl %edx, 12(%ebp) + addl %edi, %eax + movl 16(%ebp), %edi + addl %ebx, %edi + movl 8(%ebp), %ebx + addl %esi, %ebx + movl %eax, (%ebp) + movl 132(%esp), %esi + movl %ebx, 8(%ebp) + addl $64, %esi + movl 68(%esp), %eax + movl %edi, 16(%ebp) + cmpl %eax, %esi + movl %ecx, 4(%ebp) + jb .L000start + addl $108, %esp + popl %edi + popl %ebx + popl %ebp + popl %esi + ret +.L_sha1_block_asm_data_order_end: + .size sha1_block_asm_data_order,.L_sha1_block_asm_data_order_end-sha1_block_asm_data_order +.ident "desasm.pl" +.text + .align 16 +.globl sha1_block_asm_host_order + .type sha1_block_asm_host_order,@function +sha1_block_asm_host_order: + movl 12(%esp), %ecx + pushl %esi + sall $6, %ecx + movl 12(%esp), %esi + pushl %ebp + addl %esi, %ecx + pushl %ebx + movl 16(%esp), %ebp + pushl %edi + movl 12(%ebp), %edx + subl $108, %esp + movl 16(%ebp), %edi + movl 8(%ebp), %ebx + movl %ecx, 68(%esp) + + movl (%esi), %eax + movl 4(%esi), %ecx + movl %eax, (%esp) + movl %ecx, 4(%esp) + movl 8(%esi), %eax + movl 12(%esi), %ecx + movl %eax, 8(%esp) + movl %ecx, 12(%esp) + movl 16(%esi), %eax + movl 20(%esi), %ecx + movl %eax, 16(%esp) + movl %ecx, 20(%esp) + movl 24(%esi), %eax + movl 28(%esi), %ecx + movl %eax, 24(%esp) + movl %ecx, 28(%esp) + movl 32(%esi), %eax + movl 36(%esi), %ecx + movl %eax, 32(%esp) + movl %ecx, 36(%esp) + movl 40(%esi), %eax + movl 44(%esi), %ecx + movl %eax, 40(%esp) + movl %ecx, 44(%esp) + movl 48(%esi), %eax + movl 52(%esi), %ecx + movl %eax, 48(%esp) + movl %ecx, 52(%esp) + movl 56(%esi), %eax + movl 60(%esi), %ecx + movl %eax, 56(%esp) + movl %ecx, 60(%esp) + jmp .L001shortcut +.L_sha1_block_asm_host_order_end: + .size sha1_block_asm_host_order,.L_sha1_block_asm_host_order_end-sha1_block_asm_host_order +.ident "desasm.pl" diff --git a/fips/sha/fips_md32_common.h b/fips/sha/fips_md32_common.h new file mode 100644 index 0000000000..b5ad231e3a --- /dev/null +++ b/fips/sha/fips_md32_common.h @@ -0,0 +1,623 @@ +/* crypto/md32_common.h */ +/* ==================================================================== + * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +/* + * This is a generic 32 bit "collector" for message digest algorithms. + * Whenever needed it collects input character stream into chunks of + * 32 bit values and invokes a block function that performs actual hash + * calculations. + * + * Porting guide. + * + * Obligatory macros: + * + * DATA_ORDER_IS_BIG_ENDIAN or DATA_ORDER_IS_LITTLE_ENDIAN + * this macro defines byte order of input stream. + * HASH_CBLOCK + * size of a unit chunk HASH_BLOCK operates on. + * HASH_LONG + * has to be at lest 32 bit wide, if it's wider, then + * HASH_LONG_LOG2 *has to* be defined along + * HASH_CTX + * context structure that at least contains following + * members: + * typedef struct { + * ... + * HASH_LONG Nl,Nh; + * HASH_LONG data[HASH_LBLOCK]; + * unsigned int num; + * ... + * } HASH_CTX; + * HASH_UPDATE + * name of "Update" function, implemented here. + * HASH_TRANSFORM + * name of "Transform" function, implemented here. + * HASH_FINAL + * name of "Final" function, implemented here. + * HASH_BLOCK_HOST_ORDER + * name of "block" function treating *aligned* input message + * in host byte order, implemented externally. + * HASH_BLOCK_DATA_ORDER + * name of "block" function treating *unaligned* input message + * in original (data) byte order, implemented externally (it + * actually is optional if data and host are of the same + * "endianess"). + * HASH_MAKE_STRING + * macro convering context variables to an ASCII hash string. + * + * Optional macros: + * + * B_ENDIAN or L_ENDIAN + * defines host byte-order. + * HASH_LONG_LOG2 + * defaults to 2 if not states otherwise. + * HASH_LBLOCK + * assumed to be HASH_CBLOCK/4 if not stated otherwise. + * HASH_BLOCK_DATA_ORDER_ALIGNED + * alternative "block" function capable of treating + * aligned input message in original (data) order, + * implemented externally. + * + * MD5 example: + * + * #define DATA_ORDER_IS_LITTLE_ENDIAN + * + * #define HASH_LONG MD5_LONG + * #define HASH_LONG_LOG2 MD5_LONG_LOG2 + * #define HASH_CTX MD5_CTX + * #define HASH_CBLOCK MD5_CBLOCK + * #define HASH_LBLOCK MD5_LBLOCK + * #define HASH_UPDATE MD5_Update + * #define HASH_TRANSFORM MD5_Transform + * #define HASH_FINAL MD5_Final + * #define HASH_BLOCK_HOST_ORDER md5_block_host_order + * #define HASH_BLOCK_DATA_ORDER md5_block_data_order + * + * + */ + +#if !defined(DATA_ORDER_IS_BIG_ENDIAN) && !defined(DATA_ORDER_IS_LITTLE_ENDIAN) +#error "DATA_ORDER must be defined!" +#endif + +#ifndef HASH_CBLOCK +#error "HASH_CBLOCK must be defined!" +#endif +#ifndef HASH_LONG +#error "HASH_LONG must be defined!" +#endif +#ifndef HASH_CTX +#error "HASH_CTX must be defined!" +#endif + +#ifndef HASH_UPDATE +#error "HASH_UPDATE must be defined!" +#endif +#ifndef HASH_TRANSFORM +#error "HASH_TRANSFORM must be defined!" +#endif +#ifndef HASH_FINAL +#error "HASH_FINAL must be defined!" +#endif + +#ifndef HASH_BLOCK_HOST_ORDER +#error "HASH_BLOCK_HOST_ORDER must be defined!" +#endif + +#if 0 +/* + * Moved below as it's required only if HASH_BLOCK_DATA_ORDER_ALIGNED + * isn't defined. + */ +#ifndef HASH_BLOCK_DATA_ORDER +#error "HASH_BLOCK_DATA_ORDER must be defined!" +#endif +#endif + +#ifndef HASH_LBLOCK +#define HASH_LBLOCK (HASH_CBLOCK/4) +#endif + +#ifndef HASH_LONG_LOG2 +#define HASH_LONG_LOG2 2 +#endif + +/* + * Engage compiler specific rotate intrinsic function if available. + */ +#undef ROTATE +#ifndef PEDANTIC +# if defined(_MSC_VER) || defined(__ICC) +# define ROTATE(a,n) _lrotl(a,n) +# elif defined(__MWERKS__) +# if defined(__POWERPC__) +# define ROTATE(a,n) __rlwinm(a,n,0,31) +# elif defined(__MC68K__) + /* Motorola specific tweak. */ +# define ROTATE(a,n) ( n<24 ? __rol(a,n) : __ror(a,32-n) ) +# else +# define ROTATE(a,n) __rol(a,n) +# endif +# elif defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) + /* + * Some GNU C inline assembler templates. Note that these are + * rotates by *constant* number of bits! But that's exactly + * what we need here... + * + */ +# if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__) +# define ROTATE(a,n) ({ register unsigned int ret; \ + asm ( \ + "roll %1,%0" \ + : "=r"(ret) \ + : "I"(n), "0"(a) \ + : "cc"); \ + ret; \ + }) +# elif defined(__powerpc) || defined(__ppc__) || defined(__powerpc64__) +# define ROTATE(a,n) ({ register unsigned int ret; \ + asm ( \ + "rlwinm %0,%1,%2,0,31" \ + : "=r"(ret) \ + : "r"(a), "I"(n)); \ + ret; \ + }) +# endif +# endif +#endif /* PEDANTIC */ + +#if HASH_LONG_LOG2==2 /* Engage only if sizeof(HASH_LONG)== 4 */ +/* A nice byte order reversal from Wei Dai */ +#ifdef ROTATE +/* 5 instructions with rotate instruction, else 9 */ +#define REVERSE_FETCH32(a,l) ( \ + l=*(const HASH_LONG *)(a), \ + ((ROTATE(l,8)&0x00FF00FF)|(ROTATE((l&0x00FF00FF),24))) \ + ) +#else +/* 6 instructions with rotate instruction, else 8 */ +#define REVERSE_FETCH32(a,l) ( \ + l=*(const HASH_LONG *)(a), \ + l=(((l>>8)&0x00FF00FF)|((l&0x00FF00FF)<<8)), \ + ROTATE(l,16) \ + ) +/* + * Originally the middle line started with l=(((l&0xFF00FF00)>>8)|... + * It's rewritten as above for two reasons: + * - RISCs aren't good at long constants and have to explicitely + * compose 'em with several (well, usually 2) instructions in a + * register before performing the actual operation and (as you + * already realized:-) having same constant should inspire the + * compiler to permanently allocate the only register for it; + * - most modern CPUs have two ALUs, but usually only one has + * circuitry for shifts:-( this minor tweak inspires compiler + * to schedule shift instructions in a better way... + * + * + */ +#endif +#endif + +#ifndef ROTATE +#define ROTATE(a,n) (((a)<<(n))|(((a)&0xffffffff)>>(32-(n)))) +#endif + +/* + * Make some obvious choices. E.g., HASH_BLOCK_DATA_ORDER_ALIGNED + * and HASH_BLOCK_HOST_ORDER ought to be the same if input data + * and host are of the same "endianess". It's possible to mask + * this with blank #define HASH_BLOCK_DATA_ORDER though... + * + * + */ +#if defined(B_ENDIAN) +# if defined(DATA_ORDER_IS_BIG_ENDIAN) +# if !defined(HASH_BLOCK_DATA_ORDER_ALIGNED) && HASH_LONG_LOG2==2 +# define HASH_BLOCK_DATA_ORDER_ALIGNED HASH_BLOCK_HOST_ORDER +# endif +# endif +#elif defined(L_ENDIAN) +# if defined(DATA_ORDER_IS_LITTLE_ENDIAN) +# if !defined(HASH_BLOCK_DATA_ORDER_ALIGNED) && HASH_LONG_LOG2==2 +# define HASH_BLOCK_DATA_ORDER_ALIGNED HASH_BLOCK_HOST_ORDER +# endif +# endif +#endif + +#if !defined(HASH_BLOCK_DATA_ORDER_ALIGNED) +#ifndef HASH_BLOCK_DATA_ORDER +#error "HASH_BLOCK_DATA_ORDER must be defined!" +#endif +#endif + +#if defined(DATA_ORDER_IS_BIG_ENDIAN) + +#ifndef PEDANTIC +# if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) +# if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__) + /* + * This gives ~30-40% performance improvement in SHA-256 compiled + * with gcc [on P4]. Well, first macro to be frank. We can pull + * this trick on x86* platforms only, because these CPUs can fetch + * unaligned data without raising an exception. + */ +# define HOST_c2l(c,l) ({ unsigned int r=*((const unsigned int *)(c)); \ + asm ("bswapl %0":"=r"(r):"0"(r)); \ + (c)+=4; (l)=r; }) +# define HOST_l2c(l,c) ({ unsigned int r=(l); \ + asm ("bswapl %0":"=r"(r):"0"(r)); \ + *((unsigned int *)(c))=r; (c)+=4; r; }) +# endif +# endif +#endif + +#ifndef HOST_c2l +#define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++)))<<24), \ + l|=(((unsigned long)(*((c)++)))<<16), \ + l|=(((unsigned long)(*((c)++)))<< 8), \ + l|=(((unsigned long)(*((c)++))) ), \ + l) +#endif +#define HOST_p_c2l(c,l,n) { \ + switch (n) { \ + case 0: l =((unsigned long)(*((c)++)))<<24; \ + case 1: l|=((unsigned long)(*((c)++)))<<16; \ + case 2: l|=((unsigned long)(*((c)++)))<< 8; \ + case 3: l|=((unsigned long)(*((c)++))); \ + } } +#define HOST_p_c2l_p(c,l,sc,len) { \ + switch (sc) { \ + case 0: l =((unsigned long)(*((c)++)))<<24; \ + if (--len == 0) break; \ + case 1: l|=((unsigned long)(*((c)++)))<<16; \ + if (--len == 0) break; \ + case 2: l|=((unsigned long)(*((c)++)))<< 8; \ + } } +/* NOTE the pointer is not incremented at the end of this */ +#define HOST_c2l_p(c,l,n) { \ + l=0; (c)+=n; \ + switch (n) { \ + case 3: l =((unsigned long)(*(--(c))))<< 8; \ + case 2: l|=((unsigned long)(*(--(c))))<<16; \ + case 1: l|=((unsigned long)(*(--(c))))<<24; \ + } } +#ifndef HOST_l2c +#define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \ + *((c)++)=(unsigned char)(((l)>>16)&0xff), \ + *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ + *((c)++)=(unsigned char)(((l) )&0xff), \ + l) +#endif + +#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN) + +#if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__) + /* See comment in DATA_ORDER_IS_BIG_ENDIAN section. */ +# define HOST_c2l(c,l) ((l)=*((const unsigned int *)(c)), (c)+=4, l) +# define HOST_l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4, l) +#endif + +#ifndef HOST_c2l +#define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++))) ), \ + l|=(((unsigned long)(*((c)++)))<< 8), \ + l|=(((unsigned long)(*((c)++)))<<16), \ + l|=(((unsigned long)(*((c)++)))<<24), \ + l) +#endif +#define HOST_p_c2l(c,l,n) { \ + switch (n) { \ + case 0: l =((unsigned long)(*((c)++))); \ + case 1: l|=((unsigned long)(*((c)++)))<< 8; \ + case 2: l|=((unsigned long)(*((c)++)))<<16; \ + case 3: l|=((unsigned long)(*((c)++)))<<24; \ + } } +#define HOST_p_c2l_p(c,l,sc,len) { \ + switch (sc) { \ + case 0: l =((unsigned long)(*((c)++))); \ + if (--len == 0) break; \ + case 1: l|=((unsigned long)(*((c)++)))<< 8; \ + if (--len == 0) break; \ + case 2: l|=((unsigned long)(*((c)++)))<<16; \ + } } +/* NOTE the pointer is not incremented at the end of this */ +#define HOST_c2l_p(c,l,n) { \ + l=0; (c)+=n; \ + switch (n) { \ + case 3: l =((unsigned long)(*(--(c))))<<16; \ + case 2: l|=((unsigned long)(*(--(c))))<< 8; \ + case 1: l|=((unsigned long)(*(--(c)))); \ + } } +#ifndef HOST_l2c +#define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ + *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ + *((c)++)=(unsigned char)(((l)>>16)&0xff), \ + *((c)++)=(unsigned char)(((l)>>24)&0xff), \ + l) +#endif + +#endif + +/* + * Time for some action:-) + */ + +int HASH_UPDATE (HASH_CTX *c, const void *data_, size_t len) + { + const unsigned char *data=data_; + register HASH_LONG * p; + register HASH_LONG l; + size_t sw,sc,ew,ec; + + if(FIPS_selftest_failed()) + return 0; + + if (len==0) return 1; + + l=(c->Nl+(((HASH_LONG)len)<<3))&0xffffffffUL; + /* 95-05-24 eay Fixed a bug with the overflow handling, thanks to + * Wei Dai for pointing it out. */ + if (l < c->Nl) /* overflow */ + c->Nh++; + c->Nh+=(len>>29); /* might cause compiler warning on 16-bit */ + c->Nl=l; + + if (c->num != 0) + { + p=c->data; + sw=c->num>>2; + sc=c->num&0x03; + + if ((c->num+len) >= HASH_CBLOCK) + { + l=p[sw]; HOST_p_c2l(data,l,sc); p[sw++]=l; + for (; swnum); + c->num=0; + /* drop through and do the rest */ + } + else + { + c->num+=(unsigned int)len; + if ((sc+len) < 4) /* ugly, add char's to a word */ + { + l=p[sw]; HOST_p_c2l_p(data,l,sc,len); p[sw]=l; + } + else + { + ew=(c->num>>2); + ec=(c->num&0x03); + if (sc) + l=p[sw]; + HOST_p_c2l(data,l,sc); + p[sw++]=l; + for (; sw < ew; sw++) + { + HOST_c2l(data,l); p[sw]=l; + } + if (ec) + { + HOST_c2l_p(data,l,ec); p[sw]=l; + } + } + return 1; + } + } + + sw=len/HASH_CBLOCK; + if (sw > 0) + { +#if defined(HASH_BLOCK_DATA_ORDER_ALIGNED) + /* + * Note that HASH_BLOCK_DATA_ORDER_ALIGNED gets defined + * only if sizeof(HASH_LONG)==4. + */ + if ((((size_t)data)%4) == 0) + { + /* data is properly aligned so that we can cast it: */ + HASH_BLOCK_DATA_ORDER_ALIGNED (c,(const HASH_LONG *)data,sw); + sw*=HASH_CBLOCK; + data+=sw; + len-=sw; + } + else +#if !defined(HASH_BLOCK_DATA_ORDER) + while (sw--) + { + memcpy (p=c->data,data,HASH_CBLOCK); + HASH_BLOCK_DATA_ORDER_ALIGNED(c,p,1); + data+=HASH_CBLOCK; + len-=HASH_CBLOCK; + } +#endif +#endif +#if defined(HASH_BLOCK_DATA_ORDER) + { + HASH_BLOCK_DATA_ORDER(c,data,sw); + sw*=HASH_CBLOCK; + data+=sw; + len-=sw; + } +#endif + } + + if (len!=0) + { + p = c->data; + c->num = len; + ew=len>>2; /* words to copy */ + ec=len&0x03; + for (; ew; ew--,p++) + { + HOST_c2l(data,l); *p=l; + } + HOST_c2l_p(data,l,ec); + *p=l; + } + return 1; + } + + +void HASH_TRANSFORM (HASH_CTX *c, const unsigned char *data) + { +#if defined(HASH_BLOCK_DATA_ORDER_ALIGNED) + if ((((size_t)data)%4) == 0) + /* data is properly aligned so that we can cast it: */ + HASH_BLOCK_DATA_ORDER_ALIGNED (c,(const HASH_LONG *)data,1); + else +#if !defined(HASH_BLOCK_DATA_ORDER) + { + memcpy (c->data,data,HASH_CBLOCK); + HASH_BLOCK_DATA_ORDER_ALIGNED (c,c->data,1); + } +#endif +#endif +#if defined(HASH_BLOCK_DATA_ORDER) + HASH_BLOCK_DATA_ORDER (c,data,1); +#endif + } + + +int HASH_FINAL (unsigned char *md, HASH_CTX *c) + { + register HASH_LONG *p; + register unsigned long l; + register int i,j; + static const unsigned char end[4]={0x80,0x00,0x00,0x00}; + const unsigned char *cp=end; + + /* c->num should definitly have room for at least one more byte. */ + p=c->data; + i=c->num>>2; + j=c->num&0x03; + +#if 0 + /* purify often complains about the following line as an + * Uninitialized Memory Read. While this can be true, the + * following p_c2l macro will reset l when that case is true. + * This is because j&0x03 contains the number of 'valid' bytes + * already in p[i]. If and only if j&0x03 == 0, the UMR will + * occur but this is also the only time p_c2l will do + * l= *(cp++) instead of l|= *(cp++) + * Many thanks to Alex Tang for pickup this + * 'potential bug' */ +#ifdef PURIFY + if (j==0) p[i]=0; /* Yeah, but that's not the way to fix it:-) */ +#endif + l=p[i]; +#else + l = (j==0) ? 0 : p[i]; +#endif + HOST_p_c2l(cp,l,j); p[i++]=l; /* i is the next 'undefined word' */ + + if (i>(HASH_LBLOCK-2)) /* save room for Nl and Nh */ + { + if (iNh; + p[HASH_LBLOCK-1]=c->Nl; +#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN) + p[HASH_LBLOCK-2]=c->Nl; + p[HASH_LBLOCK-1]=c->Nh; +#endif + HASH_BLOCK_HOST_ORDER (c,p,1); + +#ifndef HASH_MAKE_STRING +#error "HASH_MAKE_STRING must be defined!" +#else + HASH_MAKE_STRING(c,md); +#endif + + c->num=0; + /* clear stuff, HASH_BLOCK may be leaving some stuff on the stack + * but I'm not worried :-) + OPENSSL_cleanse((void *)c,sizeof(HASH_CTX)); + */ + return 1; + } + +#ifndef MD32_REG_T +#define MD32_REG_T long +/* + * This comment was originaly written for MD5, which is why it + * discusses A-D. But it basically applies to all 32-bit digests, + * which is why it was moved to common header file. + * + * In case you wonder why A-D are declared as long and not + * as MD5_LONG. Doing so results in slight performance + * boost on LP64 architectures. The catch is we don't + * really care if 32 MSBs of a 64-bit register get polluted + * with eventual overflows as we *save* only 32 LSBs in + * *either* case. Now declaring 'em long excuses the compiler + * from keeping 32 MSBs zeroed resulting in 13% performance + * improvement under SPARC Solaris7/64 and 5% under AlphaLinux. + * Well, to be honest it should say that this *prevents* + * performance degradation. + * + * Apparently there're LP64 compilers that generate better + * code if A-D are declared int. Most notably GCC-x86_64 + * generates better code. + * + */ +#endif diff --git a/fips/sha/fips_sha.h b/fips/sha/fips_sha.h new file mode 100644 index 0000000000..4520b06ce1 --- /dev/null +++ b/fips/sha/fips_sha.h @@ -0,0 +1,186 @@ +/* fips/sha1/fips_sha.h */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_SHA_H +#define HEADER_SHA_H + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#if defined(OPENSSL_NO_SHA) || (defined(OPENSSL_NO_SHA0) && defined(OPENSSL_NO_SHA1)) +#error SHA is disabled. +#endif + +/* + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + * ! SHA_LONG has to be at least 32 bits wide. If it's wider, then ! + * ! SHA_LONG_LOG2 has to be defined along. ! + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + */ + +#if defined(OPENSSL_SYS_WIN16) || defined(__LP32__) +#define SHA_LONG unsigned long +#elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__) +#define SHA_LONG unsigned long +#define SHA_LONG_LOG2 3 +#else +#define SHA_LONG unsigned int +#endif + +#define SHA_LBLOCK 16 +#define SHA_CBLOCK (SHA_LBLOCK*4) /* SHA treats input data as a + * contiguous array of 32 bit + * wide big-endian values. */ +#define SHA_LAST_BLOCK (SHA_CBLOCK-8) +#define SHA_DIGEST_LENGTH 20 + +typedef struct SHAstate_st + { + SHA_LONG h0,h1,h2,h3,h4; + SHA_LONG Nl,Nh; + SHA_LONG data[SHA_LBLOCK]; + unsigned int num; + } SHA_CTX; + +#ifndef OPENSSL_NO_SHA1 +int SHA1_Init(SHA_CTX *c); +int SHA1_Update(SHA_CTX *c, const void *data, size_t len); +int SHA1_Final(unsigned char *md, SHA_CTX *c); +unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md); +void SHA1_Transform(SHA_CTX *c, const unsigned char *data); +#endif + +#define SHA256_CBLOCK (SHA_LBLOCK*4) /* SHA-256 treats input data as a + * contiguous array of 32 bit + * wide big-endian values. */ +#define SHA224_DIGEST_LENGTH 28 +#define SHA256_DIGEST_LENGTH 32 + +typedef struct SHA256state_st + { + SHA_LONG h[8]; + SHA_LONG Nl,Nh; + SHA_LONG data[SHA_LBLOCK]; + unsigned int num,md_len; + } SHA256_CTX; + +#ifndef OPENSSL_NO_SHA256 +int SHA224_Init(SHA256_CTX *c); +int SHA224_Update(SHA256_CTX *c, const void *data, size_t len); +int SHA224_Final(unsigned char *md, SHA256_CTX *c); +unsigned char *SHA224(const unsigned char *d, size_t n,unsigned char *md); +int SHA256_Init(SHA256_CTX *c); +int SHA256_Update(SHA256_CTX *c, const void *data, size_t len); +int SHA256_Final(unsigned char *md, SHA256_CTX *c); +unsigned char *SHA256(const unsigned char *d, size_t n,unsigned char *md); +void SHA256_Transform(SHA256_CTX *c, const unsigned char *data); +#endif + +#define SHA384_DIGEST_LENGTH 48 +#define SHA512_DIGEST_LENGTH 64 + +/* + * Unlike 32-bit digest algorithms, SHA-512 *relies* on SHA_LONG64 + * being exactly 64-bit wide. See Implementation Notes in sha512.c + * for further details. + */ +#define SHA512_CBLOCK (SHA_LBLOCK*8) /* SHA-512 treats input data as a + * contiguous array of 64 bit + * wide big-endian values. */ +#if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__) +#define SHA_LONG64 unsigned __int64 +#define U64(C) C##UI64 +#elif defined(__arch64__) +#define SHA_LONG64 unsigned long +#define U64(C) C##UL +#else +#define SHA_LONG64 unsigned long long +#define U64(C) C##ULL +#endif + +typedef struct SHA512state_st + { + SHA_LONG64 h[8]; + SHA_LONG64 Nl,Nh; + union { + SHA_LONG64 d[SHA_LBLOCK]; + unsigned char p[SHA512_CBLOCK]; + } u; + unsigned int num,md_len; + } SHA512_CTX; + +#ifndef OPENSSL_NO_SHA512 +int SHA384_Init(SHA512_CTX *c); +int SHA384_Update(SHA512_CTX *c, const void *data, size_t len); +int SHA384_Final(unsigned char *md, SHA512_CTX *c); +unsigned char *SHA384(const unsigned char *d, size_t n,unsigned char *md); +int SHA512_Init(SHA512_CTX *c); +int SHA512_Update(SHA512_CTX *c, const void *data, size_t len); +int SHA512_Final(unsigned char *md, SHA512_CTX *c); +unsigned char *SHA512(const unsigned char *d, size_t n,unsigned char *md); +void SHA512_Transform(SHA512_CTX *c, const unsigned char *data); +#endif + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/fips/sha/fips_sha1_selftest.c b/fips/sha/fips_sha1_selftest.c new file mode 100644 index 0000000000..73a65cdc06 --- /dev/null +++ b/fips/sha/fips_sha1_selftest.c @@ -0,0 +1,96 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include +#include +#include +#include + +#ifdef OPENSSL_FIPS +static char test[][60]= + { + "", + "abc", + "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" + }; + +static const unsigned char ret[][SHA_DIGEST_LENGTH]= + { + { 0xda,0x39,0xa3,0xee,0x5e,0x6b,0x4b,0x0d,0x32,0x55, + 0xbf,0xef,0x95,0x60,0x18,0x90,0xaf,0xd8,0x07,0x09 }, + { 0xa9,0x99,0x3e,0x36,0x47,0x06,0x81,0x6a,0xba,0x3e, + 0x25,0x71,0x78,0x50,0xc2,0x6c,0x9c,0xd0,0xd8,0x9d }, + { 0x84,0x98,0x3e,0x44,0x1c,0x3b,0xd2,0x6e,0xba,0xae, + 0x4a,0xa1,0xf9,0x51,0x29,0xe5,0xe5,0x46,0x70,0xf1 }, + }; + +void FIPS_corrupt_sha1() + { + test[2][0]++; + } + +int FIPS_selftest_sha1() + { + int n; + + for(n=0 ; n +#include +#include + +#ifdef OPENSSL_FIPS +const char SHA1_version[]="SHA1" OPENSSL_VERSION_PTEXT; + +/* The implementation is in fips_md32_common.h */ +#include "fips_sha_locl.h" + +unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md) + { + SHA_CTX c; + static unsigned char m[SHA_DIGEST_LENGTH]; + + OPENSSL_assert(sizeof(unsigned long)<=sizeof(size_t)); + if (md == NULL) md=m; + if (!SHA1_Init(&c)) + return NULL; + SHA1_Update(&c,d,n); + SHA1_Final(md,&c); + OPENSSL_cleanse(&c,sizeof(c)); + return(md); + } + +#else /* ndef OPENSSL_FIPS */ + +static void *dummy=&dummy; + +#endif /* ndef OPENSSL_FIPS */ + +#endif + diff --git a/fips/sha/fips_sha256.c b/fips/sha/fips_sha256.c new file mode 100644 index 0000000000..203e5594fc --- /dev/null +++ b/fips/sha/fips_sha256.c @@ -0,0 +1,320 @@ +/* crypto/sha/sha256.c */ +/* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved + * according to the OpenSSL license [found in ../../LICENSE]. + * ==================================================================== + */ +#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA256) + +#include +#include + +#include +#include +#include +#include +#include + +const char SHA256_version[]="SHA-256" OPENSSL_VERSION_PTEXT; + +int SHA224_Init (SHA256_CTX *c) + { + c->h[0]=0xc1059ed8UL; c->h[1]=0x367cd507UL; + c->h[2]=0x3070dd17UL; c->h[3]=0xf70e5939UL; + c->h[4]=0xffc00b31UL; c->h[5]=0x68581511UL; + c->h[6]=0x64f98fa7UL; c->h[7]=0xbefa4fa4UL; + c->Nl=0; c->Nh=0; + c->num=0; c->md_len=SHA224_DIGEST_LENGTH; + return 1; + } + +int SHA256_Init (SHA256_CTX *c) + { + c->h[0]=0x6a09e667UL; c->h[1]=0xbb67ae85UL; + c->h[2]=0x3c6ef372UL; c->h[3]=0xa54ff53aUL; + c->h[4]=0x510e527fUL; c->h[5]=0x9b05688cUL; + c->h[6]=0x1f83d9abUL; c->h[7]=0x5be0cd19UL; + c->Nl=0; c->Nh=0; + c->num=0; c->md_len=SHA256_DIGEST_LENGTH; + return 1; + } + +unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md) + { + SHA256_CTX c; + static unsigned char m[SHA224_DIGEST_LENGTH]; + + if (md == NULL) md=m; + SHA224_Init(&c); + SHA256_Update(&c,d,n); + SHA256_Final(md,&c); + OPENSSL_cleanse(&c,sizeof(c)); + return(md); + } + +unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md) + { + SHA256_CTX c; + static unsigned char m[SHA256_DIGEST_LENGTH]; + + if (md == NULL) md=m; + SHA256_Init(&c); + SHA256_Update(&c,d,n); + SHA256_Final(md,&c); + OPENSSL_cleanse(&c,sizeof(c)); + return(md); + } + +int SHA224_Update(SHA256_CTX *c, const void *data, size_t len) +{ return SHA256_Update (c,data,len); } +int SHA224_Final (unsigned char *md, SHA256_CTX *c) +{ return SHA256_Final (md,c); } + +#ifndef SHA_LONG_LOG2 +#define SHA_LONG_LOG2 2 /* default to 32 bits */ +#endif + +#define DATA_ORDER_IS_BIG_ENDIAN + +#define HASH_LONG SHA_LONG +#define HASH_LONG_LOG2 SHA_LONG_LOG2 +#define HASH_CTX SHA256_CTX +#define HASH_CBLOCK SHA_CBLOCK +#define HASH_LBLOCK SHA_LBLOCK +/* + * Note that FIPS180-2 discusses "Truncation of the Hash Function Output." + * default: case below covers for it. It's not clear however if it's + * permitted to truncate to amount of bytes not divisible by 4. I bet not, + * but if it is, then default: case shall be extended. For reference. + * Idea behind separate cases for pre-defined lenghts is to let the + * compiler decide if it's appropriate to unroll small loops. + */ +#define HASH_MAKE_STRING(c,s) do { \ + unsigned long ll; \ + unsigned int n; \ + switch ((c)->md_len) \ + { case SHA224_DIGEST_LENGTH: \ + for (n=0;nh[n]; HOST_l2c(ll,(s)); } \ + break; \ + case SHA256_DIGEST_LENGTH: \ + for (n=0;nh[n]; HOST_l2c(ll,(s)); } \ + break; \ + default: \ + if ((c)->md_len > SHA256_DIGEST_LENGTH) \ + return 0; \ + for (n=0;n<(c)->md_len/4;n++) \ + { ll=(c)->h[n]; HOST_l2c(ll,(s)); } \ + break; \ + } \ + } while (0) + +#define HASH_UPDATE SHA256_Update +#define HASH_TRANSFORM SHA256_Transform +#define HASH_FINAL SHA256_Final +#define HASH_BLOCK_HOST_ORDER sha256_block_host_order +#define HASH_BLOCK_DATA_ORDER sha256_block_data_order +void sha256_block_host_order (SHA256_CTX *ctx, const void *in, size_t num); +void sha256_block_data_order (SHA256_CTX *ctx, const void *in, size_t num); + +#include "fips_md32_common.h" + +#ifdef SHA256_ASM +void sha256_block (SHA256_CTX *ctx, const void *in, size_t num, int host); +#else +static const SHA_LONG K256[64] = { + 0x428a2f98UL,0x71374491UL,0xb5c0fbcfUL,0xe9b5dba5UL, + 0x3956c25bUL,0x59f111f1UL,0x923f82a4UL,0xab1c5ed5UL, + 0xd807aa98UL,0x12835b01UL,0x243185beUL,0x550c7dc3UL, + 0x72be5d74UL,0x80deb1feUL,0x9bdc06a7UL,0xc19bf174UL, + 0xe49b69c1UL,0xefbe4786UL,0x0fc19dc6UL,0x240ca1ccUL, + 0x2de92c6fUL,0x4a7484aaUL,0x5cb0a9dcUL,0x76f988daUL, + 0x983e5152UL,0xa831c66dUL,0xb00327c8UL,0xbf597fc7UL, + 0xc6e00bf3UL,0xd5a79147UL,0x06ca6351UL,0x14292967UL, + 0x27b70a85UL,0x2e1b2138UL,0x4d2c6dfcUL,0x53380d13UL, + 0x650a7354UL,0x766a0abbUL,0x81c2c92eUL,0x92722c85UL, + 0xa2bfe8a1UL,0xa81a664bUL,0xc24b8b70UL,0xc76c51a3UL, + 0xd192e819UL,0xd6990624UL,0xf40e3585UL,0x106aa070UL, + 0x19a4c116UL,0x1e376c08UL,0x2748774cUL,0x34b0bcb5UL, + 0x391c0cb3UL,0x4ed8aa4aUL,0x5b9cca4fUL,0x682e6ff3UL, + 0x748f82eeUL,0x78a5636fUL,0x84c87814UL,0x8cc70208UL, + 0x90befffaUL,0xa4506cebUL,0xbef9a3f7UL,0xc67178f2UL }; + +/* + * FIPS specification refers to right rotations, while our ROTATE macro + * is left one. This is why you might notice that rotation coefficients + * differ from those observed in FIPS document by 32-N... + */ +#define Sigma0(x) (ROTATE((x),30) ^ ROTATE((x),19) ^ ROTATE((x),10)) +#define Sigma1(x) (ROTATE((x),26) ^ ROTATE((x),21) ^ ROTATE((x),7)) +#define sigma0(x) (ROTATE((x),25) ^ ROTATE((x),14) ^ ((x)>>3)) +#define sigma1(x) (ROTATE((x),15) ^ ROTATE((x),13) ^ ((x)>>10)) + +#define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) +#define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) + +#ifdef OPENSSL_SMALL_FOOTPRINT + +static void sha256_block (SHA256_CTX *ctx, const void *in, size_t num, int host) + { + unsigned MD32_REG_T a,b,c,d,e,f,g,h,s0,s1,T1,T2; + SHA_LONG X[16]; + int i; + const unsigned char *data=in; + + while (num--) { + + a = ctx->h[0]; b = ctx->h[1]; c = ctx->h[2]; d = ctx->h[3]; + e = ctx->h[4]; f = ctx->h[5]; g = ctx->h[6]; h = ctx->h[7]; + + if (host) + { + const SHA_LONG *W=(const SHA_LONG *)data; + + for (i=0;i<16;i++) + { + T1 = X[i] = W[i]; + T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i]; + T2 = Sigma0(a) + Maj(a,b,c); + h = g; g = f; f = e; e = d + T1; + d = c; c = b; b = a; a = T1 + T2; + } + + data += SHA256_CBLOCK; + } + else + { + SHA_LONG l; + + for (i=0;i<16;i++) + { + HOST_c2l(data,l); T1 = X[i] = l; + T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i]; + T2 = Sigma0(a) + Maj(a,b,c); + h = g; g = f; f = e; e = d + T1; + d = c; c = b; b = a; a = T1 + T2; + } + } + + for (;i<64;i++) + { + s0 = X[(i+1)&0x0f]; s0 = sigma0(s0); + s1 = X[(i+14)&0x0f]; s1 = sigma1(s1); + + T1 = X[i&0xf] += s0 + s1 + X[(i+9)&0xf]; + T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i]; + T2 = Sigma0(a) + Maj(a,b,c); + h = g; g = f; f = e; e = d + T1; + d = c; c = b; b = a; a = T1 + T2; + } + + ctx->h[0] += a; ctx->h[1] += b; ctx->h[2] += c; ctx->h[3] += d; + ctx->h[4] += e; ctx->h[5] += f; ctx->h[6] += g; ctx->h[7] += h; + + } +} + +#else + +#define ROUND_00_15(i,a,b,c,d,e,f,g,h) do { \ + T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i]; \ + h = Sigma0(a) + Maj(a,b,c); \ + d += T1; h += T1; } while (0) + +#define ROUND_16_63(i,a,b,c,d,e,f,g,h,X) do { \ + s0 = X[(i+1)&0x0f]; s0 = sigma0(s0); \ + s1 = X[(i+14)&0x0f]; s1 = sigma1(s1); \ + T1 = X[(i)&0x0f] += s0 + s1 + X[(i+9)&0x0f]; \ + ROUND_00_15(i,a,b,c,d,e,f,g,h); } while (0) + +static void sha256_block (SHA256_CTX *ctx, const void *in, size_t num, int host) + { + unsigned MD32_REG_T a,b,c,d,e,f,g,h,s0,s1,T1; + SHA_LONG X[16]; + int i; + const unsigned char *data=in; + + while (num--) { + + a = ctx->h[0]; b = ctx->h[1]; c = ctx->h[2]; d = ctx->h[3]; + e = ctx->h[4]; f = ctx->h[5]; g = ctx->h[6]; h = ctx->h[7]; + + if (host) + { + const SHA_LONG *W=(const SHA_LONG *)data; + + T1 = X[0] = W[0]; ROUND_00_15(0,a,b,c,d,e,f,g,h); + T1 = X[1] = W[1]; ROUND_00_15(1,h,a,b,c,d,e,f,g); + T1 = X[2] = W[2]; ROUND_00_15(2,g,h,a,b,c,d,e,f); + T1 = X[3] = W[3]; ROUND_00_15(3,f,g,h,a,b,c,d,e); + T1 = X[4] = W[4]; ROUND_00_15(4,e,f,g,h,a,b,c,d); + T1 = X[5] = W[5]; ROUND_00_15(5,d,e,f,g,h,a,b,c); + T1 = X[6] = W[6]; ROUND_00_15(6,c,d,e,f,g,h,a,b); + T1 = X[7] = W[7]; ROUND_00_15(7,b,c,d,e,f,g,h,a); + T1 = X[8] = W[8]; ROUND_00_15(8,a,b,c,d,e,f,g,h); + T1 = X[9] = W[9]; ROUND_00_15(9,h,a,b,c,d,e,f,g); + T1 = X[10] = W[10]; ROUND_00_15(10,g,h,a,b,c,d,e,f); + T1 = X[11] = W[11]; ROUND_00_15(11,f,g,h,a,b,c,d,e); + T1 = X[12] = W[12]; ROUND_00_15(12,e,f,g,h,a,b,c,d); + T1 = X[13] = W[13]; ROUND_00_15(13,d,e,f,g,h,a,b,c); + T1 = X[14] = W[14]; ROUND_00_15(14,c,d,e,f,g,h,a,b); + T1 = X[15] = W[15]; ROUND_00_15(15,b,c,d,e,f,g,h,a); + + data += SHA256_CBLOCK; + } + else + { + SHA_LONG l; + + HOST_c2l(data,l); T1 = X[0] = l; ROUND_00_15(0,a,b,c,d,e,f,g,h); + HOST_c2l(data,l); T1 = X[1] = l; ROUND_00_15(1,h,a,b,c,d,e,f,g); + HOST_c2l(data,l); T1 = X[2] = l; ROUND_00_15(2,g,h,a,b,c,d,e,f); + HOST_c2l(data,l); T1 = X[3] = l; ROUND_00_15(3,f,g,h,a,b,c,d,e); + HOST_c2l(data,l); T1 = X[4] = l; ROUND_00_15(4,e,f,g,h,a,b,c,d); + HOST_c2l(data,l); T1 = X[5] = l; ROUND_00_15(5,d,e,f,g,h,a,b,c); + HOST_c2l(data,l); T1 = X[6] = l; ROUND_00_15(6,c,d,e,f,g,h,a,b); + HOST_c2l(data,l); T1 = X[7] = l; ROUND_00_15(7,b,c,d,e,f,g,h,a); + HOST_c2l(data,l); T1 = X[8] = l; ROUND_00_15(8,a,b,c,d,e,f,g,h); + HOST_c2l(data,l); T1 = X[9] = l; ROUND_00_15(9,h,a,b,c,d,e,f,g); + HOST_c2l(data,l); T1 = X[10] = l; ROUND_00_15(10,g,h,a,b,c,d,e,f); + HOST_c2l(data,l); T1 = X[11] = l; ROUND_00_15(11,f,g,h,a,b,c,d,e); + HOST_c2l(data,l); T1 = X[12] = l; ROUND_00_15(12,e,f,g,h,a,b,c,d); + HOST_c2l(data,l); T1 = X[13] = l; ROUND_00_15(13,d,e,f,g,h,a,b,c); + HOST_c2l(data,l); T1 = X[14] = l; ROUND_00_15(14,c,d,e,f,g,h,a,b); + HOST_c2l(data,l); T1 = X[15] = l; ROUND_00_15(15,b,c,d,e,f,g,h,a); + } + + for (i=16;i<64;i+=8) + { + ROUND_16_63(i+0,a,b,c,d,e,f,g,h,X); + ROUND_16_63(i+1,h,a,b,c,d,e,f,g,X); + ROUND_16_63(i+2,g,h,a,b,c,d,e,f,X); + ROUND_16_63(i+3,f,g,h,a,b,c,d,e,X); + ROUND_16_63(i+4,e,f,g,h,a,b,c,d,X); + ROUND_16_63(i+5,d,e,f,g,h,a,b,c,X); + ROUND_16_63(i+6,c,d,e,f,g,h,a,b,X); + ROUND_16_63(i+7,b,c,d,e,f,g,h,a,X); + } + + ctx->h[0] += a; ctx->h[1] += b; ctx->h[2] += c; ctx->h[3] += d; + ctx->h[4] += e; ctx->h[5] += f; ctx->h[6] += g; ctx->h[7] += h; + + } + } + +#endif +#endif /* SHA256_ASM */ + +/* + * Idea is to trade couple of cycles for some space. On IA-32 we save + * about 4K in "big footprint" case. In "small footprint" case any gain + * is appreciated:-) + */ +void HASH_BLOCK_HOST_ORDER (SHA256_CTX *ctx, const void *in, size_t num) +{ sha256_block (ctx,in,num,1); } + +void HASH_BLOCK_DATA_ORDER (SHA256_CTX *ctx, const void *in, size_t num) +{ sha256_block (ctx,in,num,0); } + +#endif /* OPENSSL_NO_SHA256 */ diff --git a/fips/sha/fips_sha512.c b/fips/sha/fips_sha512.c new file mode 100644 index 0000000000..7ac75891c3 --- /dev/null +++ b/fips/sha/fips_sha512.c @@ -0,0 +1,482 @@ +/* crypto/sha/sha512.c */ +/* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved + * according to the OpenSSL license [found in ../../LICENSE]. + * ==================================================================== + */ +#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA512) +/* + * IMPLEMENTATION NOTES. + * + * As you might have noticed 32-bit hash algorithms: + * + * - permit SHA_LONG to be wider than 32-bit (case on CRAY); + * - optimized versions implement two transform functions: one operating + * on [aligned] data in host byte order and one - on data in input + * stream byte order; + * - share common byte-order neutral collector and padding function + * implementations, ../md32_common.h; + * + * Neither of the above applies to this SHA-512 implementations. Reasons + * [in reverse order] are: + * + * - it's the only 64-bit hash algorithm for the moment of this writing, + * there is no need for common collector/padding implementation [yet]; + * - by supporting only one transform function [which operates on + * *aligned* data in input stream byte order, big-endian in this case] + * we minimize burden of maintenance in two ways: a) collector/padding + * function is simpler; b) only one transform function to stare at; + * - SHA_LONG64 is required to be exactly 64-bit in order to be able to + * apply a number of optimizations to mitigate potential performance + * penalties caused by previous design decision; + * + * Caveat lector. + * + * Implementation relies on the fact that "long long" is 64-bit on + * both 32- and 64-bit platforms. If some compiler vendor comes up + * with 128-bit long long, adjustment to sha.h would be required. + * As this implementation relies on 64-bit integer type, it's totally + * inappropriate for platforms which don't support it, most notably + * 16-bit platforms. + * + */ +#include +#include + +#include +#include +#include +#include +#include + +const char SHA512_version[]="SHA-512" OPENSSL_VERSION_PTEXT; + +#if defined(_M_IX86) || defined(_M_AMD64) || defined(__i386) || defined(__x86_64) +#define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA +#endif + +int SHA384_Init (SHA512_CTX *c) + { + c->h[0]=U64(0xcbbb9d5dc1059ed8); + c->h[1]=U64(0x629a292a367cd507); + c->h[2]=U64(0x9159015a3070dd17); + c->h[3]=U64(0x152fecd8f70e5939); + c->h[4]=U64(0x67332667ffc00b31); + c->h[5]=U64(0x8eb44a8768581511); + c->h[6]=U64(0xdb0c2e0d64f98fa7); + c->h[7]=U64(0x47b5481dbefa4fa4); + c->Nl=0; c->Nh=0; + c->num=0; c->md_len=SHA384_DIGEST_LENGTH; + return 1; + } + +int SHA512_Init (SHA512_CTX *c) + { + c->h[0]=U64(0x6a09e667f3bcc908); + c->h[1]=U64(0xbb67ae8584caa73b); + c->h[2]=U64(0x3c6ef372fe94f82b); + c->h[3]=U64(0xa54ff53a5f1d36f1); + c->h[4]=U64(0x510e527fade682d1); + c->h[5]=U64(0x9b05688c2b3e6c1f); + c->h[6]=U64(0x1f83d9abfb41bd6b); + c->h[7]=U64(0x5be0cd19137e2179); + c->Nl=0; c->Nh=0; + c->num=0; c->md_len=SHA512_DIGEST_LENGTH; + return 1; + } + +#ifndef SHA512_ASM +static +#endif +void sha512_block (SHA512_CTX *ctx, const void *in, size_t num); + +int SHA512_Final (unsigned char *md, SHA512_CTX *c) + { + unsigned char *p=(unsigned char *)c->u.p; + size_t n=c->num; + + p[n]=0x80; /* There always is a room for one */ + n++; + if (n > (sizeof(c->u)-16)) + memset (p+n,0,sizeof(c->u)-n), n=0, + sha512_block (c,p,1); + + memset (p+n,0,sizeof(c->u)-16-n); +#ifdef B_ENDIAN + c->u.d[SHA_LBLOCK-2] = c->Nh; + c->u.d[SHA_LBLOCK-1] = c->Nl; +#else + p[sizeof(c->u)-1] = (unsigned char)(c->Nl); + p[sizeof(c->u)-2] = (unsigned char)(c->Nl>>8); + p[sizeof(c->u)-3] = (unsigned char)(c->Nl>>16); + p[sizeof(c->u)-4] = (unsigned char)(c->Nl>>24); + p[sizeof(c->u)-5] = (unsigned char)(c->Nl>>32); + p[sizeof(c->u)-6] = (unsigned char)(c->Nl>>40); + p[sizeof(c->u)-7] = (unsigned char)(c->Nl>>48); + p[sizeof(c->u)-8] = (unsigned char)(c->Nl>>56); + p[sizeof(c->u)-9] = (unsigned char)(c->Nh); + p[sizeof(c->u)-10] = (unsigned char)(c->Nh>>8); + p[sizeof(c->u)-11] = (unsigned char)(c->Nh>>16); + p[sizeof(c->u)-12] = (unsigned char)(c->Nh>>24); + p[sizeof(c->u)-13] = (unsigned char)(c->Nh>>32); + p[sizeof(c->u)-14] = (unsigned char)(c->Nh>>40); + p[sizeof(c->u)-15] = (unsigned char)(c->Nh>>48); + p[sizeof(c->u)-16] = (unsigned char)(c->Nh>>56); +#endif + + sha512_block (c,p,1); + + if (md==0) return 0; + + switch (c->md_len) + { + /* Let compiler decide if it's appropriate to unroll... */ + case SHA384_DIGEST_LENGTH: + for (n=0;nh[n]; + + *(md++) = (unsigned char)(t>>56); + *(md++) = (unsigned char)(t>>48); + *(md++) = (unsigned char)(t>>40); + *(md++) = (unsigned char)(t>>32); + *(md++) = (unsigned char)(t>>24); + *(md++) = (unsigned char)(t>>16); + *(md++) = (unsigned char)(t>>8); + *(md++) = (unsigned char)(t); + } + break; + case SHA512_DIGEST_LENGTH: + for (n=0;nh[n]; + + *(md++) = (unsigned char)(t>>56); + *(md++) = (unsigned char)(t>>48); + *(md++) = (unsigned char)(t>>40); + *(md++) = (unsigned char)(t>>32); + *(md++) = (unsigned char)(t>>24); + *(md++) = (unsigned char)(t>>16); + *(md++) = (unsigned char)(t>>8); + *(md++) = (unsigned char)(t); + } + break; + /* ... as well as make sure md_len is not abused. */ + default: return 0; + } + + return 1; + } + +int SHA384_Final (unsigned char *md,SHA512_CTX *c) +{ return SHA512_Final (md,c); } + +int SHA512_Update (SHA512_CTX *c, const void *_data, size_t len) + { + SHA_LONG64 l; + unsigned char *p=c->u.p; + const unsigned char *data=(const unsigned char *)_data; + + if(FIPS_selftest_failed()) + return 0; + + if (len==0) return 1; + + l = (c->Nl+(((SHA_LONG64)len)<<3))&U64(0xffffffffffffffff); + if (l < c->Nl) c->Nh++; + if (sizeof(len)>=8) c->Nh+=(((SHA_LONG64)len)>>61); + c->Nl=l; + + if (c->num != 0) + { + size_t n = sizeof(c->u) - c->num; + + if (len < n) + { + memcpy (p+c->num,data,len), c->num += len; + return 1; + } + else { + memcpy (p+c->num,data,n), c->num = 0; + len-=n, data+=n; + sha512_block (c,p,1); + } + } + + if (len >= sizeof(c->u)) + { +#ifndef SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA + if ((size_t)data%sizeof(c->u.d[0]) != 0) + while (len >= sizeof(c->u)) + memcpy (p,data,sizeof(c->u)), + sha512_block (c,p,1), + len -= sizeof(c->u), + data += sizeof(c->u); + else +#endif + sha512_block (c,data,len/sizeof(c->u)), + data += len, + len %= sizeof(c->u), + data -= len; + } + + if (len != 0) memcpy (p,data,len), c->num = (int)len; + + return 1; + } + +int SHA384_Update (SHA512_CTX *c, const void *data, size_t len) +{ return SHA512_Update (c,data,len); } + +void SHA512_Transform (SHA512_CTX *c, const unsigned char *data) +{ sha512_block (c,data,1); } + +unsigned char *SHA384(const unsigned char *d, size_t n, unsigned char *md) + { + SHA512_CTX c; + static unsigned char m[SHA384_DIGEST_LENGTH]; + + if (md == NULL) md=m; + SHA384_Init(&c); + SHA512_Update(&c,d,n); + SHA512_Final(md,&c); + OPENSSL_cleanse(&c,sizeof(c)); + return(md); + } + +unsigned char *SHA512(const unsigned char *d, size_t n, unsigned char *md) + { + SHA512_CTX c; + static unsigned char m[SHA512_DIGEST_LENGTH]; + + if (md == NULL) md=m; + SHA512_Init(&c); + SHA512_Update(&c,d,n); + SHA512_Final(md,&c); + OPENSSL_cleanse(&c,sizeof(c)); + return(md); + } + +#ifndef SHA512_ASM +static const SHA_LONG64 K512[80] = { + U64(0x428a2f98d728ae22),U64(0x7137449123ef65cd), + U64(0xb5c0fbcfec4d3b2f),U64(0xe9b5dba58189dbbc), + U64(0x3956c25bf348b538),U64(0x59f111f1b605d019), + U64(0x923f82a4af194f9b),U64(0xab1c5ed5da6d8118), + U64(0xd807aa98a3030242),U64(0x12835b0145706fbe), + U64(0x243185be4ee4b28c),U64(0x550c7dc3d5ffb4e2), + U64(0x72be5d74f27b896f),U64(0x80deb1fe3b1696b1), + U64(0x9bdc06a725c71235),U64(0xc19bf174cf692694), + U64(0xe49b69c19ef14ad2),U64(0xefbe4786384f25e3), + U64(0x0fc19dc68b8cd5b5),U64(0x240ca1cc77ac9c65), + U64(0x2de92c6f592b0275),U64(0x4a7484aa6ea6e483), + U64(0x5cb0a9dcbd41fbd4),U64(0x76f988da831153b5), + U64(0x983e5152ee66dfab),U64(0xa831c66d2db43210), + U64(0xb00327c898fb213f),U64(0xbf597fc7beef0ee4), + U64(0xc6e00bf33da88fc2),U64(0xd5a79147930aa725), + U64(0x06ca6351e003826f),U64(0x142929670a0e6e70), + U64(0x27b70a8546d22ffc),U64(0x2e1b21385c26c926), + U64(0x4d2c6dfc5ac42aed),U64(0x53380d139d95b3df), + U64(0x650a73548baf63de),U64(0x766a0abb3c77b2a8), + U64(0x81c2c92e47edaee6),U64(0x92722c851482353b), + U64(0xa2bfe8a14cf10364),U64(0xa81a664bbc423001), + U64(0xc24b8b70d0f89791),U64(0xc76c51a30654be30), + U64(0xd192e819d6ef5218),U64(0xd69906245565a910), + U64(0xf40e35855771202a),U64(0x106aa07032bbd1b8), + U64(0x19a4c116b8d2d0c8),U64(0x1e376c085141ab53), + U64(0x2748774cdf8eeb99),U64(0x34b0bcb5e19b48a8), + U64(0x391c0cb3c5c95a63),U64(0x4ed8aa4ae3418acb), + U64(0x5b9cca4f7763e373),U64(0x682e6ff3d6b2b8a3), + U64(0x748f82ee5defb2fc),U64(0x78a5636f43172f60), + U64(0x84c87814a1f0ab72),U64(0x8cc702081a6439ec), + U64(0x90befffa23631e28),U64(0xa4506cebde82bde9), + U64(0xbef9a3f7b2c67915),U64(0xc67178f2e372532b), + U64(0xca273eceea26619c),U64(0xd186b8c721c0c207), + U64(0xeada7dd6cde0eb1e),U64(0xf57d4f7fee6ed178), + U64(0x06f067aa72176fba),U64(0x0a637dc5a2c898a6), + U64(0x113f9804bef90dae),U64(0x1b710b35131c471b), + U64(0x28db77f523047d84),U64(0x32caab7b40c72493), + U64(0x3c9ebe0a15c9bebc),U64(0x431d67c49c100d4c), + U64(0x4cc5d4becb3e42b6),U64(0x597f299cfc657e2a), + U64(0x5fcb6fab3ad6faec),U64(0x6c44198c4a475817) }; + +#ifndef PEDANTIC +# if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) +# if defined(__x86_64) || defined(__x86_64__) +# define PULL64(x) ({ SHA_LONG64 ret=*((const SHA_LONG64 *)(&(x))); \ + asm ("bswapq %0" \ + : "=r"(ret) \ + : "0"(ret)); ret; }) +# endif +# endif +#endif + +#ifndef PULL64 +#define B(x,j) (((SHA_LONG64)(*(((const unsigned char *)(&x))+j)))<<((7-j)*8)) +#define PULL64(x) (B(x,0)|B(x,1)|B(x,2)|B(x,3)|B(x,4)|B(x,5)|B(x,6)|B(x,7)) +#endif + +#ifndef PEDANTIC +# if defined(_MSC_VER) +# if defined(_WIN64) /* applies to both IA-64 and AMD64 */ +# define ROTR(a,n) _rotr64((a),n) +# endif +# elif defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) +# if defined(__x86_64) || defined(__x86_64__) +# define ROTR(a,n) ({ unsigned long ret; \ + asm ("rorq %1,%0" \ + : "=r"(ret) \ + : "J"(n),"0"(a) \ + : "cc"); ret; }) +# elif defined(_ARCH_PPC) && defined(__64BIT__) +# define ROTR(a,n) ({ unsigned long ret; \ + asm ("rotrdi %0,%1,%2" \ + : "=r"(ret) \ + : "r"(a),"K"(n)); ret; }) +# endif +# endif +#endif + +#ifndef ROTR +#define ROTR(x,s) (((x)>>s) | (x)<<(64-s)) +#endif + +#define Sigma0(x) (ROTR((x),28) ^ ROTR((x),34) ^ ROTR((x),39)) +#define Sigma1(x) (ROTR((x),14) ^ ROTR((x),18) ^ ROTR((x),41)) +#define sigma0(x) (ROTR((x),1) ^ ROTR((x),8) ^ ((x)>>7)) +#define sigma1(x) (ROTR((x),19) ^ ROTR((x),61) ^ ((x)>>6)) + +#define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) +#define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) + +#ifdef OPENSSL_SMALL_FOOTPRINT + +static void sha512_block (SHA512_CTX *ctx, const void *in, size_t num) + { + const SHA_LONG64 *W=in; + SHA_LONG64 a,b,c,d,e,f,g,h,s0,s1,T1,T2; + SHA_LONG64 X[16]; + int i; + + while (num--) { + + a = ctx->h[0]; b = ctx->h[1]; c = ctx->h[2]; d = ctx->h[3]; + e = ctx->h[4]; f = ctx->h[5]; g = ctx->h[6]; h = ctx->h[7]; + + for (i=0;i<16;i++) + { +#ifdef B_ENDIAN + T1 = X[i] = W[i]; +#else + T1 = X[i] = PULL64(W[i]); +#endif + T1 += h + Sigma1(e) + Ch(e,f,g) + K512[i]; + T2 = Sigma0(a) + Maj(a,b,c); + h = g; g = f; f = e; e = d + T1; + d = c; c = b; b = a; a = T1 + T2; + } + + for (;i<80;i++) + { + s0 = X[(i+1)&0x0f]; s0 = sigma0(s0); + s1 = X[(i+14)&0x0f]; s1 = sigma1(s1); + + T1 = X[i&0xf] += s0 + s1 + X[(i+9)&0xf]; + T1 += h + Sigma1(e) + Ch(e,f,g) + K512[i]; + T2 = Sigma0(a) + Maj(a,b,c); + h = g; g = f; f = e; e = d + T1; + d = c; c = b; b = a; a = T1 + T2; + } + + ctx->h[0] += a; ctx->h[1] += b; ctx->h[2] += c; ctx->h[3] += d; + ctx->h[4] += e; ctx->h[5] += f; ctx->h[6] += g; ctx->h[7] += h; + + W+=SHA_LBLOCK; + } + } + +#else + +#define ROUND_00_15(i,a,b,c,d,e,f,g,h) do { \ + T1 += h + Sigma1(e) + Ch(e,f,g) + K512[i]; \ + h = Sigma0(a) + Maj(a,b,c); \ + d += T1; h += T1; } while (0) + +#define ROUND_16_80(i,a,b,c,d,e,f,g,h,X) do { \ + s0 = X[(i+1)&0x0f]; s0 = sigma0(s0); \ + s1 = X[(i+14)&0x0f]; s1 = sigma1(s1); \ + T1 = X[(i)&0x0f] += s0 + s1 + X[(i+9)&0x0f]; \ + ROUND_00_15(i,a,b,c,d,e,f,g,h); } while (0) + +static void sha512_block (SHA512_CTX *ctx, const void *in, size_t num) + { + const SHA_LONG64 *W=in; + SHA_LONG64 a,b,c,d,e,f,g,h,s0,s1,T1; + SHA_LONG64 X[16]; + int i; + + while (num--) { + + a = ctx->h[0]; b = ctx->h[1]; c = ctx->h[2]; d = ctx->h[3]; + e = ctx->h[4]; f = ctx->h[5]; g = ctx->h[6]; h = ctx->h[7]; + +#ifdef B_ENDIAN + T1 = X[0] = W[0]; ROUND_00_15(0,a,b,c,d,e,f,g,h); + T1 = X[1] = W[1]; ROUND_00_15(1,h,a,b,c,d,e,f,g); + T1 = X[2] = W[2]; ROUND_00_15(2,g,h,a,b,c,d,e,f); + T1 = X[3] = W[3]; ROUND_00_15(3,f,g,h,a,b,c,d,e); + T1 = X[4] = W[4]; ROUND_00_15(4,e,f,g,h,a,b,c,d); + T1 = X[5] = W[5]; ROUND_00_15(5,d,e,f,g,h,a,b,c); + T1 = X[6] = W[6]; ROUND_00_15(6,c,d,e,f,g,h,a,b); + T1 = X[7] = W[7]; ROUND_00_15(7,b,c,d,e,f,g,h,a); + T1 = X[8] = W[8]; ROUND_00_15(8,a,b,c,d,e,f,g,h); + T1 = X[9] = W[9]; ROUND_00_15(9,h,a,b,c,d,e,f,g); + T1 = X[10] = W[10]; ROUND_00_15(10,g,h,a,b,c,d,e,f); + T1 = X[11] = W[11]; ROUND_00_15(11,f,g,h,a,b,c,d,e); + T1 = X[12] = W[12]; ROUND_00_15(12,e,f,g,h,a,b,c,d); + T1 = X[13] = W[13]; ROUND_00_15(13,d,e,f,g,h,a,b,c); + T1 = X[14] = W[14]; ROUND_00_15(14,c,d,e,f,g,h,a,b); + T1 = X[15] = W[15]; ROUND_00_15(15,b,c,d,e,f,g,h,a); +#else + T1 = X[0] = PULL64(W[0]); ROUND_00_15(0,a,b,c,d,e,f,g,h); + T1 = X[1] = PULL64(W[1]); ROUND_00_15(1,h,a,b,c,d,e,f,g); + T1 = X[2] = PULL64(W[2]); ROUND_00_15(2,g,h,a,b,c,d,e,f); + T1 = X[3] = PULL64(W[3]); ROUND_00_15(3,f,g,h,a,b,c,d,e); + T1 = X[4] = PULL64(W[4]); ROUND_00_15(4,e,f,g,h,a,b,c,d); + T1 = X[5] = PULL64(W[5]); ROUND_00_15(5,d,e,f,g,h,a,b,c); + T1 = X[6] = PULL64(W[6]); ROUND_00_15(6,c,d,e,f,g,h,a,b); + T1 = X[7] = PULL64(W[7]); ROUND_00_15(7,b,c,d,e,f,g,h,a); + T1 = X[8] = PULL64(W[8]); ROUND_00_15(8,a,b,c,d,e,f,g,h); + T1 = X[9] = PULL64(W[9]); ROUND_00_15(9,h,a,b,c,d,e,f,g); + T1 = X[10] = PULL64(W[10]); ROUND_00_15(10,g,h,a,b,c,d,e,f); + T1 = X[11] = PULL64(W[11]); ROUND_00_15(11,f,g,h,a,b,c,d,e); + T1 = X[12] = PULL64(W[12]); ROUND_00_15(12,e,f,g,h,a,b,c,d); + T1 = X[13] = PULL64(W[13]); ROUND_00_15(13,d,e,f,g,h,a,b,c); + T1 = X[14] = PULL64(W[14]); ROUND_00_15(14,c,d,e,f,g,h,a,b); + T1 = X[15] = PULL64(W[15]); ROUND_00_15(15,b,c,d,e,f,g,h,a); +#endif + + for (i=16;i<80;i+=8) + { + ROUND_16_80(i+0,a,b,c,d,e,f,g,h,X); + ROUND_16_80(i+1,h,a,b,c,d,e,f,g,X); + ROUND_16_80(i+2,g,h,a,b,c,d,e,f,X); + ROUND_16_80(i+3,f,g,h,a,b,c,d,e,X); + ROUND_16_80(i+4,e,f,g,h,a,b,c,d,X); + ROUND_16_80(i+5,d,e,f,g,h,a,b,c,X); + ROUND_16_80(i+6,c,d,e,f,g,h,a,b,X); + ROUND_16_80(i+7,b,c,d,e,f,g,h,a,X); + } + + ctx->h[0] += a; ctx->h[1] += b; ctx->h[2] += c; ctx->h[3] += d; + ctx->h[4] += e; ctx->h[5] += f; ctx->h[6] += g; ctx->h[7] += h; + + W+=SHA_LBLOCK; + } + } + +#endif + +#endif /* SHA512_ASM */ + +#endif /* OPENSSL_NO_SHA512 */ diff --git a/fips/sha/fips_sha_locl.h b/fips/sha/fips_sha_locl.h new file mode 100644 index 0000000000..bf31d3b845 --- /dev/null +++ b/fips/sha/fips_sha_locl.h @@ -0,0 +1,482 @@ +/* crypto/sha/sha_locl.h */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include + +#include +#include +#include + +#ifndef SHA_LONG_LOG2 +#define SHA_LONG_LOG2 2 /* default to 32 bits */ +#endif + +#define DATA_ORDER_IS_BIG_ENDIAN + +#define HASH_LONG SHA_LONG +#define HASH_LONG_LOG2 SHA_LONG_LOG2 +#define HASH_CTX SHA_CTX +#define HASH_CBLOCK SHA_CBLOCK +#define HASH_LBLOCK SHA_LBLOCK +#define HASH_MAKE_STRING(c,s) do { \ + unsigned long ll; \ + ll=(c)->h0; HOST_l2c(ll,(s)); \ + ll=(c)->h1; HOST_l2c(ll,(s)); \ + ll=(c)->h2; HOST_l2c(ll,(s)); \ + ll=(c)->h3; HOST_l2c(ll,(s)); \ + ll=(c)->h4; HOST_l2c(ll,(s)); \ + } while (0) + +#if defined(SHA_0) + +# define HASH_UPDATE SHA_Update +# define HASH_TRANSFORM SHA_Transform +# define HASH_FINAL SHA_Final +# define HASH_INIT SHA_Init +# define HASH_BLOCK_HOST_ORDER sha_block_host_order +# define HASH_BLOCK_DATA_ORDER sha_block_data_order +# define Xupdate(a,ix,ia,ib,ic,id) (ix=(a)=(ia^ib^ic^id)) + + void sha_block_host_order (SHA_CTX *c, const void *p,size_t num); + void sha_block_data_order (SHA_CTX *c, const void *p,size_t num); + +#elif defined(SHA_1) + +# define HASH_UPDATE SHA1_Update +# define HASH_TRANSFORM SHA1_Transform +# define HASH_FINAL SHA1_Final +# define HASH_INIT SHA1_Init +# define HASH_BLOCK_HOST_ORDER sha1_block_host_order +# define HASH_BLOCK_DATA_ORDER sha1_block_data_order +# if defined(__MWERKS__) && defined(__MC68K__) + /* Metrowerks for Motorola fails otherwise:-( */ +# define Xupdate(a,ix,ia,ib,ic,id) do { (a)=(ia^ib^ic^id); \ + ix=(a)=ROTATE((a),1); \ + } while (0) +# else +# define Xupdate(a,ix,ia,ib,ic,id) ( (a)=(ia^ib^ic^id), \ + ix=(a)=ROTATE((a),1) \ + ) +# endif + +# ifdef SHA1_ASM +# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__) +# define sha1_block_host_order sha1_block_asm_host_order +# define DONT_IMPLEMENT_BLOCK_HOST_ORDER +# define sha1_block_data_order sha1_block_asm_data_order +# define DONT_IMPLEMENT_BLOCK_DATA_ORDER +# define HASH_BLOCK_DATA_ORDER_ALIGNED sha1_block_asm_data_order +# endif +# endif + void sha1_block_host_order (SHA_CTX *c, const void *p,size_t num); + void sha1_block_data_order (SHA_CTX *c, const void *p,size_t num); + +#else +# error "Either SHA_0 or SHA_1 must be defined." +#endif + +#include "fips_md32_common.h" + +#define INIT_DATA_h0 0x67452301UL +#define INIT_DATA_h1 0xefcdab89UL +#define INIT_DATA_h2 0x98badcfeUL +#define INIT_DATA_h3 0x10325476UL +#define INIT_DATA_h4 0xc3d2e1f0UL + +int HASH_INIT (SHA_CTX *c) + { + /* This assert denotes binary compatibility in 0.9.7 context + and commonly optimized away by compiler. */ + OPENSSL_assert(sizeof(unsigned long)<=sizeof(size_t)); + c->h0=INIT_DATA_h0; + c->h1=INIT_DATA_h1; + c->h2=INIT_DATA_h2; + c->h3=INIT_DATA_h3; + c->h4=INIT_DATA_h4; + c->Nl=0; + c->Nh=0; + c->num=0; + return 1; + } + +#define K_00_19 0x5a827999UL +#define K_20_39 0x6ed9eba1UL +#define K_40_59 0x8f1bbcdcUL +#define K_60_79 0xca62c1d6UL + +/* As pointed out by Wei Dai , F() below can be + * simplified to the code in F_00_19. Wei attributes these optimisations + * to Peter Gutmann's SHS code, and he attributes it to Rich Schroeppel. + * #define F(x,y,z) (((x) & (y)) | ((~(x)) & (z))) + * I've just become aware of another tweak to be made, again from Wei Dai, + * in F_40_59, (x&a)|(y&a) -> (x|y)&a + */ +#define F_00_19(b,c,d) ((((c) ^ (d)) & (b)) ^ (d)) +#define F_20_39(b,c,d) ((b) ^ (c) ^ (d)) +#define F_40_59(b,c,d) (((b) & (c)) | (((b)|(c)) & (d))) +#define F_60_79(b,c,d) F_20_39(b,c,d) + +#define BODY_00_15(i,a,b,c,d,e,f,xi) \ + (f)=xi+(e)+K_00_19+ROTATE((a),5)+F_00_19((b),(c),(d)); \ + (b)=ROTATE((b),30); + +#define BODY_16_19(i,a,b,c,d,e,f,xi,xa,xb,xc,xd) \ + Xupdate(f,xi,xa,xb,xc,xd); \ + (f)+=(e)+K_00_19+ROTATE((a),5)+F_00_19((b),(c),(d)); \ + (b)=ROTATE((b),30); + +#define BODY_20_31(i,a,b,c,d,e,f,xi,xa,xb,xc,xd) \ + Xupdate(f,xi,xa,xb,xc,xd); \ + (f)+=(e)+K_20_39+ROTATE((a),5)+F_20_39((b),(c),(d)); \ + (b)=ROTATE((b),30); + +#define BODY_32_39(i,a,b,c,d,e,f,xa,xb,xc,xd) \ + Xupdate(f,xa,xa,xb,xc,xd); \ + (f)+=(e)+K_20_39+ROTATE((a),5)+F_20_39((b),(c),(d)); \ + (b)=ROTATE((b),30); + +#define BODY_40_59(i,a,b,c,d,e,f,xa,xb,xc,xd) \ + Xupdate(f,xa,xa,xb,xc,xd); \ + (f)+=(e)+K_40_59+ROTATE((a),5)+F_40_59((b),(c),(d)); \ + (b)=ROTATE((b),30); + +#define BODY_60_79(i,a,b,c,d,e,f,xa,xb,xc,xd) \ + Xupdate(f,xa,xa,xb,xc,xd); \ + (f)=xa+(e)+K_60_79+ROTATE((a),5)+F_60_79((b),(c),(d)); \ + (b)=ROTATE((b),30); + +#ifdef X +#undef X +#endif +#ifndef MD32_XARRAY + /* + * Originally X was an array. As it's automatic it's natural + * to expect RISC compiler to accomodate at least part of it in + * the register bank, isn't it? Unfortunately not all compilers + * "find" this expectation reasonable:-( On order to make such + * compilers generate better code I replace X[] with a bunch of + * X0, X1, etc. See the function body below... + * + */ +# define X(i) XX##i +#else + /* + * However! Some compilers (most notably HP C) get overwhelmed by + * that many local variables so that we have to have the way to + * fall down to the original behavior. + */ +# define X(i) XX[i] +#endif + +#ifndef DONT_IMPLEMENT_BLOCK_HOST_ORDER +void HASH_BLOCK_HOST_ORDER (SHA_CTX *c, const void *d, size_t num) + { + const SHA_LONG *W=d; + register unsigned MD32_REG_T A,B,C,D,E,T; +#ifndef MD32_XARRAY + unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, + XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15; +#else + SHA_LONG XX[16]; +#endif + + if(FIPS_selftest_failed()) + return; + + A=c->h0; + B=c->h1; + C=c->h2; + D=c->h3; + E=c->h4; + + for (;;) + { + BODY_00_15( 0,A,B,C,D,E,T,W[ 0]); + BODY_00_15( 1,T,A,B,C,D,E,W[ 1]); + BODY_00_15( 2,E,T,A,B,C,D,W[ 2]); + BODY_00_15( 3,D,E,T,A,B,C,W[ 3]); + BODY_00_15( 4,C,D,E,T,A,B,W[ 4]); + BODY_00_15( 5,B,C,D,E,T,A,W[ 5]); + BODY_00_15( 6,A,B,C,D,E,T,W[ 6]); + BODY_00_15( 7,T,A,B,C,D,E,W[ 7]); + BODY_00_15( 8,E,T,A,B,C,D,W[ 8]); + BODY_00_15( 9,D,E,T,A,B,C,W[ 9]); + BODY_00_15(10,C,D,E,T,A,B,W[10]); + BODY_00_15(11,B,C,D,E,T,A,W[11]); + BODY_00_15(12,A,B,C,D,E,T,W[12]); + BODY_00_15(13,T,A,B,C,D,E,W[13]); + BODY_00_15(14,E,T,A,B,C,D,W[14]); + BODY_00_15(15,D,E,T,A,B,C,W[15]); + + BODY_16_19(16,C,D,E,T,A,B,X( 0),W[ 0],W[ 2],W[ 8],W[13]); + BODY_16_19(17,B,C,D,E,T,A,X( 1),W[ 1],W[ 3],W[ 9],W[14]); + BODY_16_19(18,A,B,C,D,E,T,X( 2),W[ 2],W[ 4],W[10],W[15]); + BODY_16_19(19,T,A,B,C,D,E,X( 3),W[ 3],W[ 5],W[11],X( 0)); + + BODY_20_31(20,E,T,A,B,C,D,X( 4),W[ 4],W[ 6],W[12],X( 1)); + BODY_20_31(21,D,E,T,A,B,C,X( 5),W[ 5],W[ 7],W[13],X( 2)); + BODY_20_31(22,C,D,E,T,A,B,X( 6),W[ 6],W[ 8],W[14],X( 3)); + BODY_20_31(23,B,C,D,E,T,A,X( 7),W[ 7],W[ 9],W[15],X( 4)); + BODY_20_31(24,A,B,C,D,E,T,X( 8),W[ 8],W[10],X( 0),X( 5)); + BODY_20_31(25,T,A,B,C,D,E,X( 9),W[ 9],W[11],X( 1),X( 6)); + BODY_20_31(26,E,T,A,B,C,D,X(10),W[10],W[12],X( 2),X( 7)); + BODY_20_31(27,D,E,T,A,B,C,X(11),W[11],W[13],X( 3),X( 8)); + BODY_20_31(28,C,D,E,T,A,B,X(12),W[12],W[14],X( 4),X( 9)); + BODY_20_31(29,B,C,D,E,T,A,X(13),W[13],W[15],X( 5),X(10)); + BODY_20_31(30,A,B,C,D,E,T,X(14),W[14],X( 0),X( 6),X(11)); + BODY_20_31(31,T,A,B,C,D,E,X(15),W[15],X( 1),X( 7),X(12)); + + BODY_32_39(32,E,T,A,B,C,D,X( 0),X( 2),X( 8),X(13)); + BODY_32_39(33,D,E,T,A,B,C,X( 1),X( 3),X( 9),X(14)); + BODY_32_39(34,C,D,E,T,A,B,X( 2),X( 4),X(10),X(15)); + BODY_32_39(35,B,C,D,E,T,A,X( 3),X( 5),X(11),X( 0)); + BODY_32_39(36,A,B,C,D,E,T,X( 4),X( 6),X(12),X( 1)); + BODY_32_39(37,T,A,B,C,D,E,X( 5),X( 7),X(13),X( 2)); + BODY_32_39(38,E,T,A,B,C,D,X( 6),X( 8),X(14),X( 3)); + BODY_32_39(39,D,E,T,A,B,C,X( 7),X( 9),X(15),X( 4)); + + BODY_40_59(40,C,D,E,T,A,B,X( 8),X(10),X( 0),X( 5)); + BODY_40_59(41,B,C,D,E,T,A,X( 9),X(11),X( 1),X( 6)); + BODY_40_59(42,A,B,C,D,E,T,X(10),X(12),X( 2),X( 7)); + BODY_40_59(43,T,A,B,C,D,E,X(11),X(13),X( 3),X( 8)); + BODY_40_59(44,E,T,A,B,C,D,X(12),X(14),X( 4),X( 9)); + BODY_40_59(45,D,E,T,A,B,C,X(13),X(15),X( 5),X(10)); + BODY_40_59(46,C,D,E,T,A,B,X(14),X( 0),X( 6),X(11)); + BODY_40_59(47,B,C,D,E,T,A,X(15),X( 1),X( 7),X(12)); + BODY_40_59(48,A,B,C,D,E,T,X( 0),X( 2),X( 8),X(13)); + BODY_40_59(49,T,A,B,C,D,E,X( 1),X( 3),X( 9),X(14)); + BODY_40_59(50,E,T,A,B,C,D,X( 2),X( 4),X(10),X(15)); + BODY_40_59(51,D,E,T,A,B,C,X( 3),X( 5),X(11),X( 0)); + BODY_40_59(52,C,D,E,T,A,B,X( 4),X( 6),X(12),X( 1)); + BODY_40_59(53,B,C,D,E,T,A,X( 5),X( 7),X(13),X( 2)); + BODY_40_59(54,A,B,C,D,E,T,X( 6),X( 8),X(14),X( 3)); + BODY_40_59(55,T,A,B,C,D,E,X( 7),X( 9),X(15),X( 4)); + BODY_40_59(56,E,T,A,B,C,D,X( 8),X(10),X( 0),X( 5)); + BODY_40_59(57,D,E,T,A,B,C,X( 9),X(11),X( 1),X( 6)); + BODY_40_59(58,C,D,E,T,A,B,X(10),X(12),X( 2),X( 7)); + BODY_40_59(59,B,C,D,E,T,A,X(11),X(13),X( 3),X( 8)); + + BODY_60_79(60,A,B,C,D,E,T,X(12),X(14),X( 4),X( 9)); + BODY_60_79(61,T,A,B,C,D,E,X(13),X(15),X( 5),X(10)); + BODY_60_79(62,E,T,A,B,C,D,X(14),X( 0),X( 6),X(11)); + BODY_60_79(63,D,E,T,A,B,C,X(15),X( 1),X( 7),X(12)); + BODY_60_79(64,C,D,E,T,A,B,X( 0),X( 2),X( 8),X(13)); + BODY_60_79(65,B,C,D,E,T,A,X( 1),X( 3),X( 9),X(14)); + BODY_60_79(66,A,B,C,D,E,T,X( 2),X( 4),X(10),X(15)); + BODY_60_79(67,T,A,B,C,D,E,X( 3),X( 5),X(11),X( 0)); + BODY_60_79(68,E,T,A,B,C,D,X( 4),X( 6),X(12),X( 1)); + BODY_60_79(69,D,E,T,A,B,C,X( 5),X( 7),X(13),X( 2)); + BODY_60_79(70,C,D,E,T,A,B,X( 6),X( 8),X(14),X( 3)); + BODY_60_79(71,B,C,D,E,T,A,X( 7),X( 9),X(15),X( 4)); + BODY_60_79(72,A,B,C,D,E,T,X( 8),X(10),X( 0),X( 5)); + BODY_60_79(73,T,A,B,C,D,E,X( 9),X(11),X( 1),X( 6)); + BODY_60_79(74,E,T,A,B,C,D,X(10),X(12),X( 2),X( 7)); + BODY_60_79(75,D,E,T,A,B,C,X(11),X(13),X( 3),X( 8)); + BODY_60_79(76,C,D,E,T,A,B,X(12),X(14),X( 4),X( 9)); + BODY_60_79(77,B,C,D,E,T,A,X(13),X(15),X( 5),X(10)); + BODY_60_79(78,A,B,C,D,E,T,X(14),X( 0),X( 6),X(11)); + BODY_60_79(79,T,A,B,C,D,E,X(15),X( 1),X( 7),X(12)); + + c->h0=(c->h0+E)&0xffffffffL; + c->h1=(c->h1+T)&0xffffffffL; + c->h2=(c->h2+A)&0xffffffffL; + c->h3=(c->h3+B)&0xffffffffL; + c->h4=(c->h4+C)&0xffffffffL; + + if (--num == 0) break; + + A=c->h0; + B=c->h1; + C=c->h2; + D=c->h3; + E=c->h4; + + W+=SHA_LBLOCK; + } + } +#endif + +#ifndef DONT_IMPLEMENT_BLOCK_DATA_ORDER +void HASH_BLOCK_DATA_ORDER (SHA_CTX *c, const void *p, size_t num) + { + const unsigned char *data=p; + register unsigned MD32_REG_T A,B,C,D,E,T,l; +#ifndef MD32_XARRAY + unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, + XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15; +#else + SHA_LONG XX[16]; +#endif + + if(FIPS_selftest_failed()) + return; + + A=c->h0; + B=c->h1; + C=c->h2; + D=c->h3; + E=c->h4; + + for (;;) + { + + HOST_c2l(data,l); X( 0)=l; HOST_c2l(data,l); X( 1)=l; + BODY_00_15( 0,A,B,C,D,E,T,X( 0)); HOST_c2l(data,l); X( 2)=l; + BODY_00_15( 1,T,A,B,C,D,E,X( 1)); HOST_c2l(data,l); X( 3)=l; + BODY_00_15( 2,E,T,A,B,C,D,X( 2)); HOST_c2l(data,l); X( 4)=l; + BODY_00_15( 3,D,E,T,A,B,C,X( 3)); HOST_c2l(data,l); X( 5)=l; + BODY_00_15( 4,C,D,E,T,A,B,X( 4)); HOST_c2l(data,l); X( 6)=l; + BODY_00_15( 5,B,C,D,E,T,A,X( 5)); HOST_c2l(data,l); X( 7)=l; + BODY_00_15( 6,A,B,C,D,E,T,X( 6)); HOST_c2l(data,l); X( 8)=l; + BODY_00_15( 7,T,A,B,C,D,E,X( 7)); HOST_c2l(data,l); X( 9)=l; + BODY_00_15( 8,E,T,A,B,C,D,X( 8)); HOST_c2l(data,l); X(10)=l; + BODY_00_15( 9,D,E,T,A,B,C,X( 9)); HOST_c2l(data,l); X(11)=l; + BODY_00_15(10,C,D,E,T,A,B,X(10)); HOST_c2l(data,l); X(12)=l; + BODY_00_15(11,B,C,D,E,T,A,X(11)); HOST_c2l(data,l); X(13)=l; + BODY_00_15(12,A,B,C,D,E,T,X(12)); HOST_c2l(data,l); X(14)=l; + BODY_00_15(13,T,A,B,C,D,E,X(13)); HOST_c2l(data,l); X(15)=l; + BODY_00_15(14,E,T,A,B,C,D,X(14)); + BODY_00_15(15,D,E,T,A,B,C,X(15)); + + BODY_16_19(16,C,D,E,T,A,B,X( 0),X( 0),X( 2),X( 8),X(13)); + BODY_16_19(17,B,C,D,E,T,A,X( 1),X( 1),X( 3),X( 9),X(14)); + BODY_16_19(18,A,B,C,D,E,T,X( 2),X( 2),X( 4),X(10),X(15)); + BODY_16_19(19,T,A,B,C,D,E,X( 3),X( 3),X( 5),X(11),X( 0)); + + BODY_20_31(20,E,T,A,B,C,D,X( 4),X( 4),X( 6),X(12),X( 1)); + BODY_20_31(21,D,E,T,A,B,C,X( 5),X( 5),X( 7),X(13),X( 2)); + BODY_20_31(22,C,D,E,T,A,B,X( 6),X( 6),X( 8),X(14),X( 3)); + BODY_20_31(23,B,C,D,E,T,A,X( 7),X( 7),X( 9),X(15),X( 4)); + BODY_20_31(24,A,B,C,D,E,T,X( 8),X( 8),X(10),X( 0),X( 5)); + BODY_20_31(25,T,A,B,C,D,E,X( 9),X( 9),X(11),X( 1),X( 6)); + BODY_20_31(26,E,T,A,B,C,D,X(10),X(10),X(12),X( 2),X( 7)); + BODY_20_31(27,D,E,T,A,B,C,X(11),X(11),X(13),X( 3),X( 8)); + BODY_20_31(28,C,D,E,T,A,B,X(12),X(12),X(14),X( 4),X( 9)); + BODY_20_31(29,B,C,D,E,T,A,X(13),X(13),X(15),X( 5),X(10)); + BODY_20_31(30,A,B,C,D,E,T,X(14),X(14),X( 0),X( 6),X(11)); + BODY_20_31(31,T,A,B,C,D,E,X(15),X(15),X( 1),X( 7),X(12)); + + BODY_32_39(32,E,T,A,B,C,D,X( 0),X( 2),X( 8),X(13)); + BODY_32_39(33,D,E,T,A,B,C,X( 1),X( 3),X( 9),X(14)); + BODY_32_39(34,C,D,E,T,A,B,X( 2),X( 4),X(10),X(15)); + BODY_32_39(35,B,C,D,E,T,A,X( 3),X( 5),X(11),X( 0)); + BODY_32_39(36,A,B,C,D,E,T,X( 4),X( 6),X(12),X( 1)); + BODY_32_39(37,T,A,B,C,D,E,X( 5),X( 7),X(13),X( 2)); + BODY_32_39(38,E,T,A,B,C,D,X( 6),X( 8),X(14),X( 3)); + BODY_32_39(39,D,E,T,A,B,C,X( 7),X( 9),X(15),X( 4)); + + BODY_40_59(40,C,D,E,T,A,B,X( 8),X(10),X( 0),X( 5)); + BODY_40_59(41,B,C,D,E,T,A,X( 9),X(11),X( 1),X( 6)); + BODY_40_59(42,A,B,C,D,E,T,X(10),X(12),X( 2),X( 7)); + BODY_40_59(43,T,A,B,C,D,E,X(11),X(13),X( 3),X( 8)); + BODY_40_59(44,E,T,A,B,C,D,X(12),X(14),X( 4),X( 9)); + BODY_40_59(45,D,E,T,A,B,C,X(13),X(15),X( 5),X(10)); + BODY_40_59(46,C,D,E,T,A,B,X(14),X( 0),X( 6),X(11)); + BODY_40_59(47,B,C,D,E,T,A,X(15),X( 1),X( 7),X(12)); + BODY_40_59(48,A,B,C,D,E,T,X( 0),X( 2),X( 8),X(13)); + BODY_40_59(49,T,A,B,C,D,E,X( 1),X( 3),X( 9),X(14)); + BODY_40_59(50,E,T,A,B,C,D,X( 2),X( 4),X(10),X(15)); + BODY_40_59(51,D,E,T,A,B,C,X( 3),X( 5),X(11),X( 0)); + BODY_40_59(52,C,D,E,T,A,B,X( 4),X( 6),X(12),X( 1)); + BODY_40_59(53,B,C,D,E,T,A,X( 5),X( 7),X(13),X( 2)); + BODY_40_59(54,A,B,C,D,E,T,X( 6),X( 8),X(14),X( 3)); + BODY_40_59(55,T,A,B,C,D,E,X( 7),X( 9),X(15),X( 4)); + BODY_40_59(56,E,T,A,B,C,D,X( 8),X(10),X( 0),X( 5)); + BODY_40_59(57,D,E,T,A,B,C,X( 9),X(11),X( 1),X( 6)); + BODY_40_59(58,C,D,E,T,A,B,X(10),X(12),X( 2),X( 7)); + BODY_40_59(59,B,C,D,E,T,A,X(11),X(13),X( 3),X( 8)); + + BODY_60_79(60,A,B,C,D,E,T,X(12),X(14),X( 4),X( 9)); + BODY_60_79(61,T,A,B,C,D,E,X(13),X(15),X( 5),X(10)); + BODY_60_79(62,E,T,A,B,C,D,X(14),X( 0),X( 6),X(11)); + BODY_60_79(63,D,E,T,A,B,C,X(15),X( 1),X( 7),X(12)); + BODY_60_79(64,C,D,E,T,A,B,X( 0),X( 2),X( 8),X(13)); + BODY_60_79(65,B,C,D,E,T,A,X( 1),X( 3),X( 9),X(14)); + BODY_60_79(66,A,B,C,D,E,T,X( 2),X( 4),X(10),X(15)); + BODY_60_79(67,T,A,B,C,D,E,X( 3),X( 5),X(11),X( 0)); + BODY_60_79(68,E,T,A,B,C,D,X( 4),X( 6),X(12),X( 1)); + BODY_60_79(69,D,E,T,A,B,C,X( 5),X( 7),X(13),X( 2)); + BODY_60_79(70,C,D,E,T,A,B,X( 6),X( 8),X(14),X( 3)); + BODY_60_79(71,B,C,D,E,T,A,X( 7),X( 9),X(15),X( 4)); + BODY_60_79(72,A,B,C,D,E,T,X( 8),X(10),X( 0),X( 5)); + BODY_60_79(73,T,A,B,C,D,E,X( 9),X(11),X( 1),X( 6)); + BODY_60_79(74,E,T,A,B,C,D,X(10),X(12),X( 2),X( 7)); + BODY_60_79(75,D,E,T,A,B,C,X(11),X(13),X( 3),X( 8)); + BODY_60_79(76,C,D,E,T,A,B,X(12),X(14),X( 4),X( 9)); + BODY_60_79(77,B,C,D,E,T,A,X(13),X(15),X( 5),X(10)); + BODY_60_79(78,A,B,C,D,E,T,X(14),X( 0),X( 6),X(11)); + BODY_60_79(79,T,A,B,C,D,E,X(15),X( 1),X( 7),X(12)); + + c->h0=(c->h0+E)&0xffffffffL; + c->h1=(c->h1+T)&0xffffffffL; + c->h2=(c->h2+A)&0xffffffffL; + c->h3=(c->h3+B)&0xffffffffL; + c->h4=(c->h4+C)&0xffffffffL; + + if (--num == 0) break; + + A=c->h0; + B=c->h1; + C=c->h2; + D=c->h3; + E=c->h4; + + } + } +#endif diff --git a/fips/sha/fips_shatest.c b/fips/sha/fips_shatest.c new file mode 100644 index 0000000000..b8af33fadd --- /dev/null +++ b/fips/sha/fips_shatest.c @@ -0,0 +1,399 @@ +/* fips_shatest.c */ +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL + * project 2005. + */ +/* ==================================================================== + * Copyright (c) 2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include +#include +#include +#include +#include +#include + +#ifndef OPENSSL_FIPS + +int main(int argc, char *argv[]) +{ + printf("No FIPS SHAXXX support\n"); + return(0); +} + +#else + +static int dgst_test(BIO *err, BIO *out, BIO *in); +static int print_dgst(BIO *err, const EVP_MD *md, BIO *out, + unsigned char *Msg, int Msglen); +static int print_monte(BIO *err, const EVP_MD *md, BIO *out, + unsigned char *Seed, int SeedLen); + +int main(int argc, char **argv) + { + BIO *in = NULL, *out = NULL, *err = NULL; + + int ret = 1; + + ERR_load_crypto_strings(); + + err = BIO_new_fp(stderr, BIO_NOCLOSE); + + if (!err) + { + fprintf(stderr, "FATAL stderr initialization error\n"); + goto end; + } + + if(!FIPS_mode_set(1,argv[0])) + { + ERR_print_errors(err); + goto end; + } + + if (argc == 1) + in = BIO_new_fp(stdin, BIO_NOCLOSE); + else + in = BIO_new_file(argv[1], "r"); + + if (argc < 2) + out = BIO_new_fp(stdout, BIO_NOCLOSE); + else + out = BIO_new_file(argv[2], "w"); + + if (!in) + { + BIO_printf(err, "FATAL input initialization error\n"); + goto end; + } + + if (!out) + { + fprintf(stderr, "FATAL output initialization error\n"); + goto end; + } + + if (!dgst_test(err, out, in)) + { + fprintf(stderr, "FATAL digest file processing error\n"); + goto end; + } + else + ret = 0; + + end: + + if (ret && err) + ERR_print_errors(err); + + if (in) + BIO_free(in); + if (out) + BIO_free(out); + if (err) + BIO_free(err); + + return ret; + + } + +#define SHA_TEST_MAX_BITS 102400 +#define SHA_TEST_MAXLINELEN (((SHA_TEST_MAX_BITS >> 3) * 2) + 10) + +int dgst_test(BIO *err, BIO *out, BIO *in) + { + const EVP_MD *md = NULL; + char *linebuf, *olinebuf, *p, *q; + char *keyword, *value; + unsigned char *Msg = NULL, *Seed = NULL; + long MsgLen = -1, Len = -1, SeedLen = -1; + int ret = 0; + int lnum = 0; + + olinebuf = OPENSSL_malloc(SHA_TEST_MAXLINELEN); + linebuf = OPENSSL_malloc(SHA_TEST_MAXLINELEN); + + if (!linebuf || !olinebuf) + goto error; + + + while (BIO_gets(in, olinebuf, SHA_TEST_MAXLINELEN) > 0) + { + lnum++; + strcpy(linebuf, olinebuf); + keyword = linebuf; + /* Skip leading space */ + while (isspace((unsigned char)*keyword)) + keyword++; + + /* Look for = sign */ + p = strchr(linebuf, '='); + + /* If no = or starts with [ (for [L=20] line) just copy */ + if (!p) + { + if (!BIO_puts(out, olinebuf)) + goto error; + continue; + } + + q = p - 1; + + /* Remove trailing space */ + while (isspace((unsigned char)*q)) + *q-- = 0; + + *p = 0; + value = p + 1; + + /* Remove leading space from value */ + while (isspace((unsigned char)*value)) + value++; + + /* Remove trailing space from value */ + p = value + strlen(value) - 1; + + while (*p == '\n' || isspace((unsigned char)*p)) + *p-- = 0; + + if (!strcmp(keyword,"[L") && *p==']') + { + switch (atoi(value)) + { + case 20: md=EVP_sha1(); break; + case 28: md=EVP_sha224(); break; + case 32: md=EVP_sha256(); break; + case 48: md=EVP_sha384(); break; + case 64: md=EVP_sha512(); break; + default: goto parse_error; + } + } + else if (!strcmp(keyword, "Len")) + { + if (Len != -1) + goto parse_error; + Len = atoi(value); + if (Len < 0) + goto parse_error; + /* Only handle multiples of 8 bits */ + if (Len & 0x7) + goto parse_error; + if (Len > SHA_TEST_MAX_BITS) + goto parse_error; + MsgLen = Len >> 3; + } + + else if (!strcmp(keyword, "Msg")) + { + long tmplen; + if (strlen(value) & 1) + *(--value) = '0'; + if (Msg) + goto parse_error; + Msg = string_to_hex(value, &tmplen); + if (!Msg) + goto parse_error; + } + else if (!strcmp(keyword, "Seed")) + { + if (strlen(value) & 1) + *(--value) = '0'; + if (Seed) + goto parse_error; + Seed = string_to_hex(value, &SeedLen); + if (!Seed) + goto parse_error; + } + else if (!strcmp(keyword, "MD")) + continue; + else + goto parse_error; + + BIO_puts(out, olinebuf); + + if (md && Msg && (MsgLen >= 0)) + { + if (!print_dgst(err, md, out, Msg, MsgLen)) + goto error; + OPENSSL_free(Msg); + Msg = NULL; + MsgLen = -1; + Len = -1; + } + else if (md && Seed && (SeedLen > 0)) + { + if (!print_monte(err, md, out, Seed, SeedLen)) + goto error; + OPENSSL_free(Seed); + Seed = NULL; + SeedLen = -1; + } + + + } + + + ret = 1; + + + error: + + if (olinebuf) + OPENSSL_free(olinebuf); + if (linebuf) + OPENSSL_free(linebuf); + if (Msg) + OPENSSL_free(Msg); + if (Seed) + OPENSSL_free(Seed); + + return ret; + + parse_error: + + BIO_printf(err, "FATAL parse error processing line %d\n", lnum); + + goto error; + + } + +static int print_dgst(BIO *err, const EVP_MD *emd, BIO *out, + unsigned char *Msg, int Msglen) + { + int i, mdlen; + unsigned char md[EVP_MAX_MD_SIZE]; + if (!EVP_Digest(Msg, Msglen, md, (unsigned int *)&mdlen, emd, NULL)) + { + BIO_puts(err, "Error calculating HASH\n"); + return 0; + } + BIO_puts(out, "MD = "); + for (i = 0; i < mdlen; i++) + BIO_printf(out, "%02x", md[i]); + BIO_puts(out, "\n"); + return 1; + } + +static int print_monte(BIO *err, const EVP_MD *md, BIO *out, + unsigned char *Seed, int SeedLen) + { + int i, j, k; + int ret = 0; + EVP_MD_CTX ctx; + unsigned char *m1, *m2, *m3, *p; + unsigned int mlen, m1len, m2len, m3len; + + EVP_MD_CTX_init(&ctx); + + if (SeedLen > EVP_MAX_MD_SIZE) + mlen = SeedLen; + else + mlen = EVP_MAX_MD_SIZE; + + m1 = OPENSSL_malloc(mlen); + m2 = OPENSSL_malloc(mlen); + m3 = OPENSSL_malloc(mlen); + + if (!m1 || !m2 || !m3) + goto mc_error; + + m1len = m2len = m3len = SeedLen; + memcpy(m1, Seed, SeedLen); + memcpy(m2, Seed, SeedLen); + memcpy(m3, Seed, SeedLen); + + BIO_puts(out, "\n"); + + for (j = 0; j < 100; j++) + { + for (i = 0; i < 1000; i++) + { + EVP_DigestInit_ex(&ctx, md, NULL); + EVP_DigestUpdate(&ctx, m1, m1len); + EVP_DigestUpdate(&ctx, m2, m2len); + EVP_DigestUpdate(&ctx, m3, m3len); + p = m1; + m1 = m2; + m1len = m2len; + m2 = m3; + m2len = m3len; + m3 = p; + EVP_DigestFinal_ex(&ctx, m3, &m3len); + } + BIO_printf(out, "Count = %d\n", j); + BIO_puts(out, "MD = "); + for (k = 0; k < m3len; k++) + BIO_printf(out, "%02x", m3[k]); + BIO_puts(out, "\n\n"); + memcpy(m1, m3, m3len); + memcpy(m2, m3, m3len); + m1len = m2len = m3len; + } + + ret = 1; + + mc_error: + if (m1) + OPENSSL_free(m1); + if (m2) + OPENSSL_free(m2); + if (m3) + OPENSSL_free(m3); + + EVP_MD_CTX_cleanup(&ctx); + + return ret; + } + +#endif diff --git a/fips/sha/fips_standalone_sha1.c b/fips/sha/fips_standalone_sha1.c new file mode 100644 index 0000000000..2ea3a41ce5 --- /dev/null +++ b/fips/sha/fips_standalone_sha1.c @@ -0,0 +1,157 @@ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include +#include +#include +#include +#include +#include + +int FIPS_selftest_failed() { return 0; } +void OPENSSL_cleanse(void *p,size_t len) {} + +#ifdef OPENSSL_FIPS + +static void hmac_init(SHA_CTX *md_ctx,SHA_CTX *o_ctx, + const char *key) + { + int len=strlen(key); + int i; + unsigned char keymd[HMAC_MAX_MD_CBLOCK]; + unsigned char pad[HMAC_MAX_MD_CBLOCK]; + + if (len > SHA_CBLOCK) + { + SHA1_Init(md_ctx); + SHA1_Update(md_ctx,key,len); + SHA1_Final(keymd,md_ctx); + len=20; + } + else + memcpy(keymd,key,len); + memset(&keymd[len],'\0',HMAC_MAX_MD_CBLOCK-len); + + for(i=0 ; i < HMAC_MAX_MD_CBLOCK ; i++) + pad[i]=0x36^keymd[i]; + SHA1_Init(md_ctx); + SHA1_Update(md_ctx,pad,SHA_CBLOCK); + + for(i=0 ; i < HMAC_MAX_MD_CBLOCK ; i++) + pad[i]=0x5c^keymd[i]; + SHA1_Init(o_ctx); + SHA1_Update(o_ctx,pad,SHA_CBLOCK); + } + +static void hmac_final(unsigned char *md,SHA_CTX *md_ctx,SHA_CTX *o_ctx) + { + unsigned char buf[20]; + + SHA1_Final(buf,md_ctx); + SHA1_Update(o_ctx,buf,sizeof buf); + SHA1_Final(md,o_ctx); + } + +#endif + +int main(int argc,char **argv) + { +#ifdef OPENSSL_FIPS + static char key[]="etaonrishdlcupfm"; + int n; + + if(argc < 2) + { + fprintf(stderr,"%s []+\n",argv[0]); + exit(1); + } + + for(n=1 ; n < argc ; ++n) + { + FILE *f=fopen(argv[n],"rb"); + SHA_CTX md_ctx,o_ctx; + unsigned char md[20]; + int i; + + if(!f) + { + perror(argv[n]); + exit(2); + } + + hmac_init(&md_ctx,&o_ctx,key); + for( ; ; ) + { + char buf[1024]; + int l=fread(buf,1,sizeof buf,f); + + if(l == 0) + { + if(ferror(f)) + { + perror(argv[n]); + exit(3); + } + else + break; + } + SHA1_Update(&md_ctx,buf,l); + } + hmac_final(md,&md_ctx,&o_ctx); + + printf("HMAC-SHA1(%s)= ",argv[n]); + for(i=0 ; i < 20 ; ++i) + printf("%02x",md[i]); + printf("\n"); + } +#endif + return 0; + } + + diff --git a/test/Makefile b/test/Makefile index a550a00bc9..c8cf878121 100644 --- a/test/Makefile +++ b/test/Makefile @@ -39,7 +39,7 @@ EXPTEST= exptest IDEATEST= ideatest SHATEST= shatest SHA1TEST= sha1test -FIPS_SHA1TEST= fips_sha1test +FIPS_SHATEST= fips_shatest MDC2TEST= mdc2test RMDTEST= rmdtest MD2TEST= md2test @@ -72,7 +72,7 @@ TESTS= alltests EXE= $(BNTEST)$(EXE_EXT) $(ECTEST)$(EXE_EXT) $(IDEATEST)$(EXE_EXT) $(MD2TEST)$(EXE_EXT) $(MD4TEST)$(EXE_EXT) $(MD5TEST)$(EXE_EXT) $(HMACTEST)$(EXE_EXT) \ $(RC2TEST)$(EXE_EXT) $(RC4TEST)$(EXE_EXT) $(RC5TEST)$(EXE_EXT) \ - $(DESTEST)$(EXE_EXT) $(FIPS_DESTEST)$(EXE_EXT) $(SHATEST)$(EXE_EXT) $(SHA1TEST)$(EXE_EXT) $(FIPS_SHA1TEST)$(EXE_EXT) $(MDC2TEST)$(EXE_EXT) $(RMDTEST)$(EXE_EXT) \ + $(DESTEST)$(EXE_EXT) $(FIPS_DESTEST)$(EXE_EXT) $(SHATEST)$(EXE_EXT) $(SHA1TEST)$(EXE_EXT) $(FIPS_SHATEST)$(EXE_EXT) $(MDC2TEST)$(EXE_EXT) $(RMDTEST)$(EXE_EXT) \ $(RANDTEST)$(EXE_EXT) $(FIPS_RANDTEST)$(EXE_EXT) $(DHTEST)$(EXE_EXT) $(ENGINETEST)$(EXE_EXT) \ $(BFTEST)$(EXE_EXT) $(CASTTEST)$(EXE_EXT) $(SSLTEST)$(EXE_EXT) $(EXPTEST)$(EXE_EXT) $(DSATEST)$(EXE_EXT) $(FIPS_DSATEST)$(EXE_EXT) $(RSATEST)$(EXE_EXT) \ $(EVPTEST)$(EXE_EXT) $(FIPS_AESTEST)$(EXE_EXT) \ @@ -84,7 +84,7 @@ EXE= $(BNTEST)$(EXE_EXT) $(ECTEST)$(EXE_EXT) $(IDEATEST)$(EXE_EXT) $(MD2TEST)$(E OBJ= $(BNTEST).o $(ECTEST).o $(IDEATEST).o $(MD2TEST).o $(MD4TEST).o $(MD5TEST).o \ $(HMACTEST).o \ $(RC2TEST).o $(RC4TEST).o $(RC5TEST).o \ - $(DESTEST).o $(FIPS_DESTEST).o $(SHATEST).o $(SHA1TEST).o $(FIPS_SHA1TEST).o $(MDC2TEST).o $(RMDTEST).o \ + $(DESTEST).o $(FIPS_DESTEST).o $(SHATEST).o $(SHA1TEST).o $(FIPS_SHATEST).o $(MDC2TEST).o $(RMDTEST).o \ $(RANDTEST).o $(FIPS_RANDTEST).o $(DHTEST).o $(ENGINETEST).o $(CASTTEST).o \ $(BFTEST).o $(SSLTEST).o $(DSATEST).o $(FIPS_DSATEST).o $(EXPTEST).o $(RSATEST).o \ $(EVPTEST).o $(FIPS_AESTEST).o $(FIPS_HMACTEST).o $(FIPS_RSAVTEST).o \ @@ -92,7 +92,7 @@ OBJ= $(BNTEST).o $(ECTEST).o $(IDEATEST).o $(MD2TEST).o $(MD4TEST).o $(MD5TEST). SRC= $(BNTEST).c $(ECTEST).c $(IDEATEST).c $(MD2TEST).c $(MD4TEST).c $(MD5TEST).c \ $(HMACTEST).c \ $(RC2TEST).c $(RC4TEST).c $(RC5TEST).c \ - $(DESTEST).c $(FIPS_DESTEST).c $(SHATEST).c $(SHA1TEST).c $(FIPS_SHA1TEST).c $(MDC2TEST).c $(RMDTEST).c \ + $(DESTEST).c $(FIPS_DESTEST).c $(SHATEST).c $(SHA1TEST).c $(FIPS_SHATEST).c $(MDC2TEST).c $(RMDTEST).c \ $(RANDTEST).c $(FIPS_RANDTEST).c $(DHTEST).c $(ENGINETEST).c $(CASTTEST).c \ $(BFTEST).c $(SSLTEST).c $(DSATEST).c $(FIPS_DSATEST).c $(EXPTEST).c $(RSATEST).c \ $(EVPTEST).c $(FIPS_AESTEST).c $(FIPS_HMACTEST).c $(FIPS_RSAVTEST).c \ @@ -160,7 +160,7 @@ test_sha: ../util/shlib_wrap.sh ./$(SHATEST) ../util/shlib_wrap.sh ./$(SHA1TEST) if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \ - ../util/shlib_wrap.sh ./$(FIPS_SHA1TEST) sha1vectors.txt | sed s/Strings/Hashes/ | cmp sha1hashes.txt - ; \ + ../util/shlib_wrap.sh ./$(FIPS_SHATEST) sha1vectors.txt | sed s/Strings/Hashes/ | cmp sha1hashes.txt - ; \ fi test_mdc2: @@ -375,10 +375,10 @@ $(SHATEST)$(EXE_EXT): $(SHATEST).o $(DLIBCRYPTO) $(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO) @target=$(SHA1TEST); $(BUILD_CMD) -$(FIPS_SHA1TEST)$(EXE_EXT): $(FIPS_SHA1TEST).o $(DLIBCRYPTO) - @target=$(FIPS_SHA1TEST); $(BUILD_CMD) +$(FIPS_SHATEST)$(EXE_EXT): $(FIPS_SHATEST).o $(DLIBCRYPTO) + @target=$(FIPS_SHATEST); $(BUILD_CMD) if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \ - TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a $(FIPS_SHA1TEST); \ + TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a $(FIPS_SHATEST); \ fi $(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO) @@ -687,13 +687,13 @@ fips_rsavtest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h fips_rsavtest.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h fips_rsavtest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h fips_rsavtest.o: ../include/openssl/x509v3.h fips_rsavtest.c -fips_sha1test.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/crypto.h -fips_sha1test.o: ../include/openssl/e_os2.h ../include/openssl/err.h -fips_sha1test.o: ../include/openssl/fips.h ../include/openssl/fips_sha.h -fips_sha1test.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h -fips_sha1test.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h -fips_sha1test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -fips_sha1test.o: fips_sha1test.c +fips_shatest.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/crypto.h +fips_shatest.o: ../include/openssl/e_os2.h ../include/openssl/err.h +fips_shatest.o: ../include/openssl/fips.h ../include/openssl/fips_sha.h +fips_shatest.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h +fips_shatest.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h +fips_shatest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +fips_shatest.o: fips_shatest.c hmactest.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h hmactest.o: ../include/openssl/bio.h ../include/openssl/blowfish.h hmactest.o: ../include/openssl/bn.h ../include/openssl/cast.h diff --git a/util/checkhash.pl b/util/checkhash.pl index d263d704a8..c61fa72178 100644 --- a/util/checkhash.pl +++ b/util/checkhash.pl @@ -16,7 +16,7 @@ sub check_hashes my @args = @_; my $change_dir = ""; - my $check_program = "sha1/fips_standalone_sha1"; + my $check_program = "sha/fips_standalone_sha1"; my $verbose = 0; my $badfiles = 0;