1 /*
2 * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /*-
11 * This is a generic 32 bit "collector" for message digest algorithms.
12 * Whenever needed it collects input character stream into chunks of
13 * 32 bit values and invokes a block function that performs actual hash
14 * calculations.
15 *
16 * Porting guide.
17 *
18 * Obligatory macros:
19 *
20 * DATA_ORDER_IS_BIG_ENDIAN or DATA_ORDER_IS_LITTLE_ENDIAN
21 * this macro defines byte order of input stream.
22 * HASH_CBLOCK
23 * size of a unit chunk HASH_BLOCK operates on.
24 * HASH_LONG
25 * has to be at least 32 bit wide.
26 * HASH_CTX
27 * context structure that at least contains following
28 * members:
29 * typedef struct {
30 * ...
31 * HASH_LONG Nl,Nh;
32 * either {
33 * HASH_LONG data[HASH_LBLOCK];
34 * unsigned char data[HASH_CBLOCK];
35 * };
36 * unsigned int num;
37 * ...
38 * } HASH_CTX;
39 * data[] vector is expected to be zeroed upon first call to
40 * HASH_UPDATE.
41 * HASH_UPDATE
42 * name of "Update" function, implemented here.
43 * HASH_TRANSFORM
44 * name of "Transform" function, implemented here.
45 * HASH_FINAL
46 * name of "Final" function, implemented here.
47 * HASH_BLOCK_DATA_ORDER
48 * name of "block" function capable of treating *unaligned* input
49 * message in original (data) byte order, implemented externally.
50 * HASH_MAKE_STRING
51 * macro converting context variables to an ASCII hash string.
52 *
53 * MD5 example:
54 *
55 * #define DATA_ORDER_IS_LITTLE_ENDIAN
56 *
57 * #define HASH_LONG MD5_LONG
58 * #define HASH_CTX MD5_CTX
59 * #define HASH_CBLOCK MD5_CBLOCK
60 * #define HASH_UPDATE MD5_Update
61 * #define HASH_TRANSFORM MD5_Transform
62 * #define HASH_FINAL MD5_Final
63 * #define HASH_BLOCK_DATA_ORDER md5_block_data_order
64 */
65
66 #include <openssl/crypto.h>
67
68 #if !defined(DATA_ORDER_IS_BIG_ENDIAN) && !defined(DATA_ORDER_IS_LITTLE_ENDIAN)
69 # error "DATA_ORDER must be defined!"
70 #endif
71
72 #ifndef HASH_CBLOCK
73 # error "HASH_CBLOCK must be defined!"
74 #endif
75 #ifndef HASH_LONG
76 # error "HASH_LONG must be defined!"
77 #endif
78 #ifndef HASH_CTX
79 # error "HASH_CTX must be defined!"
80 #endif
81
82 #ifndef HASH_UPDATE
83 # error "HASH_UPDATE must be defined!"
84 #endif
85 #ifndef HASH_TRANSFORM
86 # error "HASH_TRANSFORM must be defined!"
87 #endif
88 #ifndef HASH_FINAL
89 # error "HASH_FINAL must be defined!"
90 #endif
91
92 #ifndef HASH_BLOCK_DATA_ORDER
93 # error "HASH_BLOCK_DATA_ORDER must be defined!"
94 #endif
95
96 #define ROTATE(a,n) (((a)<<(n))|(((a)&0xffffffff)>>(32-(n))))
97
98 #if defined(DATA_ORDER_IS_BIG_ENDIAN)
99
100 # define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++)))<<24), \
101 l|=(((unsigned long)(*((c)++)))<<16), \
102 l|=(((unsigned long)(*((c)++)))<< 8), \
103 l|=(((unsigned long)(*((c)++))) ) )
104 # define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \
105 *((c)++)=(unsigned char)(((l)>>16)&0xff), \
106 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
107 *((c)++)=(unsigned char)(((l) )&0xff), \
108 l)
109
110 #elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
111
112 # define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++))) ), \
113 l|=(((unsigned long)(*((c)++)))<< 8), \
114 l|=(((unsigned long)(*((c)++)))<<16), \
115 l|=(((unsigned long)(*((c)++)))<<24) )
116 # define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \
117 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
118 *((c)++)=(unsigned char)(((l)>>16)&0xff), \
119 *((c)++)=(unsigned char)(((l)>>24)&0xff), \
120 l)
121
122 #endif
123
124 /*
125 * Time for some action :-)
126 */
127
HASH_UPDATE(HASH_CTX * c,const void * data_,size_t len)128 int HASH_UPDATE(HASH_CTX *c, const void *data_, size_t len)
129 {
130 const unsigned char *data = data_;
131 unsigned char *p;
132 HASH_LONG l;
133 size_t n;
134
135 if (len == 0)
136 return 1;
137
138 l = (c->Nl + (((HASH_LONG) len) << 3)) & 0xffffffffUL;
139 if (l < c->Nl) /* overflow */
140 c->Nh++;
141 c->Nh += (HASH_LONG) (len >> 29); /* might cause compiler warning on
142 * 16-bit */
143 c->Nl = l;
144
145 n = c->num;
146 if (n != 0) {
147 p = (unsigned char *)c->data;
148
149 if (len >= HASH_CBLOCK || len + n >= HASH_CBLOCK) {
150 memcpy(p + n, data, HASH_CBLOCK - n);
151 HASH_BLOCK_DATA_ORDER(c, p, 1);
152 n = HASH_CBLOCK - n;
153 data += n;
154 len -= n;
155 c->num = 0;
156 /*
157 * We use memset rather than OPENSSL_cleanse() here deliberately.
158 * Using OPENSSL_cleanse() here could be a performance issue. It
159 * will get properly cleansed on finalisation so this isn't a
160 * security problem.
161 */
162 memset(p, 0, HASH_CBLOCK); /* keep it zeroed */
163 } else {
164 memcpy(p + n, data, len);
165 c->num += (unsigned int)len;
166 return 1;
167 }
168 }
169
170 n = len / HASH_CBLOCK;
171 if (n > 0) {
172 HASH_BLOCK_DATA_ORDER(c, data, n);
173 n *= HASH_CBLOCK;
174 data += n;
175 len -= n;
176 }
177
178 if (len != 0) {
179 p = (unsigned char *)c->data;
180 c->num = (unsigned int)len;
181 memcpy(p, data, len);
182 }
183 return 1;
184 }
185
HASH_TRANSFORM(HASH_CTX * c,const unsigned char * data)186 void HASH_TRANSFORM(HASH_CTX *c, const unsigned char *data)
187 {
188 HASH_BLOCK_DATA_ORDER(c, data, 1);
189 }
190
HASH_FINAL(unsigned char * md,HASH_CTX * c)191 int HASH_FINAL(unsigned char *md, HASH_CTX *c)
192 {
193 unsigned char *p = (unsigned char *)c->data;
194 size_t n = c->num;
195
196 p[n] = 0x80; /* there is always room for one */
197 n++;
198
199 if (n > (HASH_CBLOCK - 8)) {
200 memset(p + n, 0, HASH_CBLOCK - n);
201 n = 0;
202 HASH_BLOCK_DATA_ORDER(c, p, 1);
203 }
204 memset(p + n, 0, HASH_CBLOCK - 8 - n);
205
206 p += HASH_CBLOCK - 8;
207 #if defined(DATA_ORDER_IS_BIG_ENDIAN)
208 (void)HOST_l2c(c->Nh, p);
209 (void)HOST_l2c(c->Nl, p);
210 #elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
211 (void)HOST_l2c(c->Nl, p);
212 (void)HOST_l2c(c->Nh, p);
213 #endif
214 p -= HASH_CBLOCK;
215 HASH_BLOCK_DATA_ORDER(c, p, 1);
216 c->num = 0;
217 OPENSSL_cleanse(p, HASH_CBLOCK);
218
219 #ifndef HASH_MAKE_STRING
220 # error "HASH_MAKE_STRING must be defined!"
221 #else
222 HASH_MAKE_STRING(c, md);
223 #endif
224
225 return 1;
226 }
227
228 #ifndef MD32_REG_T
229 # if defined(__alpha) || defined(__sparcv9) || defined(__mips)
230 # define MD32_REG_T long
231 /*
232 * This comment was originally written for MD5, which is why it
233 * discusses A-D. But it basically applies to all 32-bit digests,
234 * which is why it was moved to common header file.
235 *
236 * In case you wonder why A-D are declared as long and not
237 * as MD5_LONG. Doing so results in slight performance
238 * boost on LP64 architectures. The catch is we don't
239 * really care if 32 MSBs of a 64-bit register get polluted
240 * with eventual overflows as we *save* only 32 LSBs in
241 * *either* case. Now declaring 'em long excuses the compiler
242 * from keeping 32 MSBs zeroed resulting in 13% performance
243 * improvement under SPARC Solaris7/64 and 5% under AlphaLinux.
244 * Well, to be honest it should say that this *prevents*
245 * performance degradation.
246 */
247 # else
248 /*
249 * Above is not absolute and there are LP64 compilers that
250 * generate better code if MD32_REG_T is defined int. The above
251 * pre-processor condition reflects the circumstances under which
252 * the conclusion was made and is subject to further extension.
253 */
254 # define MD32_REG_T int
255 # endif
256 #endif
257