/src/boringssl/crypto/md5/md5.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
2 | | * All rights reserved. |
3 | | * |
4 | | * This package is an SSL implementation written |
5 | | * by Eric Young (eay@cryptsoft.com). |
6 | | * The implementation was written so as to conform with Netscapes SSL. |
7 | | * |
8 | | * This library is free for commercial and non-commercial use as long as |
9 | | * the following conditions are aheared to. The following conditions |
10 | | * apply to all code found in this distribution, be it the RC4, RSA, |
11 | | * lhash, DES, etc., code; not just the SSL code. The SSL documentation |
12 | | * included with this distribution is covered by the same copyright terms |
13 | | * except that the holder is Tim Hudson (tjh@cryptsoft.com). |
14 | | * |
15 | | * Copyright remains Eric Young's, and as such any Copyright notices in |
16 | | * the code are not to be removed. |
17 | | * If this package is used in a product, Eric Young should be given attribution |
18 | | * as the author of the parts of the library used. |
19 | | * This can be in the form of a textual message at program startup or |
20 | | * in documentation (online or textual) provided with the package. |
21 | | * |
22 | | * Redistribution and use in source and binary forms, with or without |
23 | | * modification, are permitted provided that the following conditions |
24 | | * are met: |
25 | | * 1. Redistributions of source code must retain the copyright |
26 | | * notice, this list of conditions and the following disclaimer. |
27 | | * 2. Redistributions in binary form must reproduce the above copyright |
28 | | * notice, this list of conditions and the following disclaimer in the |
29 | | * documentation and/or other materials provided with the distribution. |
30 | | * 3. All advertising materials mentioning features or use of this software |
31 | | * must display the following acknowledgement: |
32 | | * "This product includes cryptographic software written by |
33 | | * Eric Young (eay@cryptsoft.com)" |
34 | | * The word 'cryptographic' can be left out if the rouines from the library |
35 | | * being used are not cryptographic related :-). |
36 | | * 4. If you include any Windows specific code (or a derivative thereof) from |
37 | | * the apps directory (application code) you must include an acknowledgement: |
38 | | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" |
39 | | * |
40 | | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND |
41 | | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
42 | | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
43 | | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE |
44 | | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
45 | | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
46 | | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
47 | | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
48 | | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
49 | | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
50 | | * SUCH DAMAGE. |
51 | | * |
52 | | * The licence and distribution terms for any publically available version or |
53 | | * derivative of this code cannot be changed. i.e. this code cannot simply be |
54 | | * copied and put under another distribution licence |
55 | | * [including the GNU Public Licence.] */ |
56 | | |
57 | | #include <openssl/md5.h> |
58 | | |
59 | | #include <string.h> |
60 | | |
61 | | #include <openssl/mem.h> |
62 | | |
63 | | #include "../internal.h" |
64 | | #include "../fipsmodule/digest/md32_common.h" |
65 | | #include "internal.h" |
66 | | |
67 | | |
68 | 0 | uint8_t *MD5(const uint8_t *data, size_t len, uint8_t out[MD5_DIGEST_LENGTH]) { |
69 | 0 | MD5_CTX ctx; |
70 | 0 | MD5_Init(&ctx); |
71 | 0 | MD5_Update(&ctx, data, len); |
72 | 0 | MD5_Final(out, &ctx); |
73 | |
|
74 | 0 | return out; |
75 | 0 | } |
76 | | |
77 | 2.55k | int MD5_Init(MD5_CTX *md5) { |
78 | 2.55k | OPENSSL_memset(md5, 0, sizeof(MD5_CTX)); |
79 | 2.55k | md5->h[0] = 0x67452301UL; |
80 | 2.55k | md5->h[1] = 0xefcdab89UL; |
81 | 2.55k | md5->h[2] = 0x98badcfeUL; |
82 | 2.55k | md5->h[3] = 0x10325476UL; |
83 | 2.55k | return 1; |
84 | 2.55k | } |
85 | | |
86 | | #if defined(MD5_ASM) |
87 | 20.1k | #define md5_block_data_order md5_block_asm_data_order |
88 | | #else |
89 | | static void md5_block_data_order(uint32_t *state, const uint8_t *data, |
90 | | size_t num); |
91 | | #endif |
92 | | |
93 | 0 | void MD5_Transform(MD5_CTX *c, const uint8_t data[MD5_CBLOCK]) { |
94 | 0 | md5_block_data_order(c->h, data, 1); |
95 | 0 | } Unexecuted instantiation: MD5_Transform Unexecuted instantiation: MD5_Transform |
96 | | |
97 | 30.2k | int MD5_Update(MD5_CTX *c, const void *data, size_t len) { |
98 | 30.2k | crypto_md32_update(&md5_block_data_order, c->h, c->data, MD5_CBLOCK, &c->num, |
99 | 30.2k | &c->Nh, &c->Nl, data, len); |
100 | 30.2k | return 1; |
101 | 30.2k | } Line | Count | Source | 97 | 15.1k | int MD5_Update(MD5_CTX *c, const void *data, size_t len) { | 98 | 15.1k | crypto_md32_update(&md5_block_data_order, c->h, c->data, MD5_CBLOCK, &c->num, | 99 | 15.1k | &c->Nh, &c->Nl, data, len); | 100 | 15.1k | return 1; | 101 | 15.1k | } |
Line | Count | Source | 97 | 15.1k | int MD5_Update(MD5_CTX *c, const void *data, size_t len) { | 98 | 15.1k | crypto_md32_update(&md5_block_data_order, c->h, c->data, MD5_CBLOCK, &c->num, | 99 | 15.1k | &c->Nh, &c->Nl, data, len); | 100 | 15.1k | return 1; | 101 | 15.1k | } |
|
102 | | |
103 | 10.0k | int MD5_Final(uint8_t out[MD5_DIGEST_LENGTH], MD5_CTX *c) { |
104 | 10.0k | crypto_md32_final(&md5_block_data_order, c->h, c->data, MD5_CBLOCK, &c->num, |
105 | 10.0k | c->Nh, c->Nl, /*is_big_endian=*/0); |
106 | | |
107 | 10.0k | CRYPTO_store_u32_le(out, c->h[0]); |
108 | 10.0k | CRYPTO_store_u32_le(out + 4, c->h[1]); |
109 | 10.0k | CRYPTO_store_u32_le(out + 8, c->h[2]); |
110 | 10.0k | CRYPTO_store_u32_le(out + 12, c->h[3]); |
111 | 10.0k | return 1; |
112 | 10.0k | } Line | Count | Source | 103 | 5.01k | int MD5_Final(uint8_t out[MD5_DIGEST_LENGTH], MD5_CTX *c) { | 104 | 5.01k | crypto_md32_final(&md5_block_data_order, c->h, c->data, MD5_CBLOCK, &c->num, | 105 | 5.01k | c->Nh, c->Nl, /*is_big_endian=*/0); | 106 | | | 107 | 5.01k | CRYPTO_store_u32_le(out, c->h[0]); | 108 | 5.01k | CRYPTO_store_u32_le(out + 4, c->h[1]); | 109 | 5.01k | CRYPTO_store_u32_le(out + 8, c->h[2]); | 110 | 5.01k | CRYPTO_store_u32_le(out + 12, c->h[3]); | 111 | 5.01k | return 1; | 112 | 5.01k | } |
Line | Count | Source | 103 | 5.01k | int MD5_Final(uint8_t out[MD5_DIGEST_LENGTH], MD5_CTX *c) { | 104 | 5.01k | crypto_md32_final(&md5_block_data_order, c->h, c->data, MD5_CBLOCK, &c->num, | 105 | 5.01k | c->Nh, c->Nl, /*is_big_endian=*/0); | 106 | | | 107 | 5.01k | CRYPTO_store_u32_le(out, c->h[0]); | 108 | 5.01k | CRYPTO_store_u32_le(out + 4, c->h[1]); | 109 | 5.01k | CRYPTO_store_u32_le(out + 8, c->h[2]); | 110 | 5.01k | CRYPTO_store_u32_le(out + 12, c->h[3]); | 111 | 5.01k | return 1; | 112 | 5.01k | } |
|
113 | | |
114 | | // As pointed out by Wei Dai <weidai@eskimo.com>, the above can be |
115 | | // simplified to the code below. Wei attributes these optimizations |
116 | | // to Peter Gutmann's SHS code, and he attributes it to Rich Schroeppel. |
117 | 2.30M | #define F(b, c, d) ((((c) ^ (d)) & (b)) ^ (d)) |
118 | 2.30M | #define G(b, c, d) ((((b) ^ (c)) & (d)) ^ (c)) |
119 | 2.30M | #define H(b, c, d) ((b) ^ (c) ^ (d)) |
120 | 2.30M | #define I(b, c, d) (((~(d)) | (b)) ^ (c)) |
121 | | |
122 | | #define R0(a, b, c, d, k, s, t) \ |
123 | 2.30M | do { \ |
124 | 2.30M | (a) += ((k) + (t) + F((b), (c), (d))); \ |
125 | 2.30M | (a) = CRYPTO_rotl_u32(a, s); \ |
126 | 2.30M | (a) += (b); \ |
127 | 2.30M | } while (0) |
128 | | |
129 | | #define R1(a, b, c, d, k, s, t) \ |
130 | 2.30M | do { \ |
131 | 2.30M | (a) += ((k) + (t) + G((b), (c), (d))); \ |
132 | 2.30M | (a) = CRYPTO_rotl_u32(a, s); \ |
133 | 2.30M | (a) += (b); \ |
134 | 2.30M | } while (0) |
135 | | |
136 | | #define R2(a, b, c, d, k, s, t) \ |
137 | 2.30M | do { \ |
138 | 2.30M | (a) += ((k) + (t) + H((b), (c), (d))); \ |
139 | 2.30M | (a) = CRYPTO_rotl_u32(a, s); \ |
140 | 2.30M | (a) += (b); \ |
141 | 2.30M | } while (0) |
142 | | |
143 | | #define R3(a, b, c, d, k, s, t) \ |
144 | 2.30M | do { \ |
145 | 2.30M | (a) += ((k) + (t) + I((b), (c), (d))); \ |
146 | 2.30M | (a) = CRYPTO_rotl_u32(a, s); \ |
147 | 2.30M | (a) += (b); \ |
148 | 2.30M | } while (0) |
149 | | |
150 | | #ifndef MD5_ASM |
151 | | #ifdef X |
152 | | #undef X |
153 | | #endif |
154 | | static void md5_block_data_order(uint32_t *state, const uint8_t *data, |
155 | 6.23k | size_t num) { |
156 | 6.23k | uint32_t A, B, C, D; |
157 | 6.23k | uint32_t XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, XX8, XX9, XX10, XX11, XX12, |
158 | 6.23k | XX13, XX14, XX15; |
159 | 2.30M | #define X(i) XX##i |
160 | | |
161 | 6.23k | A = state[0]; |
162 | 6.23k | B = state[1]; |
163 | 6.23k | C = state[2]; |
164 | 6.23k | D = state[3]; |
165 | | |
166 | 150k | for (; num--;) { |
167 | 144k | X(0) = CRYPTO_load_u32_le(data); |
168 | 144k | data += 4; |
169 | 144k | X(1) = CRYPTO_load_u32_le(data); |
170 | 144k | data += 4; |
171 | | // Round 0 |
172 | 144k | R0(A, B, C, D, X(0), 7, 0xd76aa478L); |
173 | 144k | X(2) = CRYPTO_load_u32_le(data); |
174 | 144k | data += 4; |
175 | 144k | R0(D, A, B, C, X(1), 12, 0xe8c7b756L); |
176 | 144k | X(3) = CRYPTO_load_u32_le(data); |
177 | 144k | data += 4; |
178 | 144k | R0(C, D, A, B, X(2), 17, 0x242070dbL); |
179 | 144k | X(4) = CRYPTO_load_u32_le(data); |
180 | 144k | data += 4; |
181 | 144k | R0(B, C, D, A, X(3), 22, 0xc1bdceeeL); |
182 | 144k | X(5) = CRYPTO_load_u32_le(data); |
183 | 144k | data += 4; |
184 | 144k | R0(A, B, C, D, X(4), 7, 0xf57c0fafL); |
185 | 144k | X(6) = CRYPTO_load_u32_le(data); |
186 | 144k | data += 4; |
187 | 144k | R0(D, A, B, C, X(5), 12, 0x4787c62aL); |
188 | 144k | X(7) = CRYPTO_load_u32_le(data); |
189 | 144k | data += 4; |
190 | 144k | R0(C, D, A, B, X(6), 17, 0xa8304613L); |
191 | 144k | X(8) = CRYPTO_load_u32_le(data); |
192 | 144k | data += 4; |
193 | 144k | R0(B, C, D, A, X(7), 22, 0xfd469501L); |
194 | 144k | X(9) = CRYPTO_load_u32_le(data); |
195 | 144k | data += 4; |
196 | 144k | R0(A, B, C, D, X(8), 7, 0x698098d8L); |
197 | 144k | X(10) = CRYPTO_load_u32_le(data); |
198 | 144k | data += 4; |
199 | 144k | R0(D, A, B, C, X(9), 12, 0x8b44f7afL); |
200 | 144k | X(11) = CRYPTO_load_u32_le(data); |
201 | 144k | data += 4; |
202 | 144k | R0(C, D, A, B, X(10), 17, 0xffff5bb1L); |
203 | 144k | X(12) = CRYPTO_load_u32_le(data); |
204 | 144k | data += 4; |
205 | 144k | R0(B, C, D, A, X(11), 22, 0x895cd7beL); |
206 | 144k | X(13) = CRYPTO_load_u32_le(data); |
207 | 144k | data += 4; |
208 | 144k | R0(A, B, C, D, X(12), 7, 0x6b901122L); |
209 | 144k | X(14) = CRYPTO_load_u32_le(data); |
210 | 144k | data += 4; |
211 | 144k | R0(D, A, B, C, X(13), 12, 0xfd987193L); |
212 | 144k | X(15) = CRYPTO_load_u32_le(data); |
213 | 144k | data += 4; |
214 | 144k | R0(C, D, A, B, X(14), 17, 0xa679438eL); |
215 | 144k | R0(B, C, D, A, X(15), 22, 0x49b40821L); |
216 | | // Round 1 |
217 | 144k | R1(A, B, C, D, X(1), 5, 0xf61e2562L); |
218 | 144k | R1(D, A, B, C, X(6), 9, 0xc040b340L); |
219 | 144k | R1(C, D, A, B, X(11), 14, 0x265e5a51L); |
220 | 144k | R1(B, C, D, A, X(0), 20, 0xe9b6c7aaL); |
221 | 144k | R1(A, B, C, D, X(5), 5, 0xd62f105dL); |
222 | 144k | R1(D, A, B, C, X(10), 9, 0x02441453L); |
223 | 144k | R1(C, D, A, B, X(15), 14, 0xd8a1e681L); |
224 | 144k | R1(B, C, D, A, X(4), 20, 0xe7d3fbc8L); |
225 | 144k | R1(A, B, C, D, X(9), 5, 0x21e1cde6L); |
226 | 144k | R1(D, A, B, C, X(14), 9, 0xc33707d6L); |
227 | 144k | R1(C, D, A, B, X(3), 14, 0xf4d50d87L); |
228 | 144k | R1(B, C, D, A, X(8), 20, 0x455a14edL); |
229 | 144k | R1(A, B, C, D, X(13), 5, 0xa9e3e905L); |
230 | 144k | R1(D, A, B, C, X(2), 9, 0xfcefa3f8L); |
231 | 144k | R1(C, D, A, B, X(7), 14, 0x676f02d9L); |
232 | 144k | R1(B, C, D, A, X(12), 20, 0x8d2a4c8aL); |
233 | | // Round 2 |
234 | 144k | R2(A, B, C, D, X(5), 4, 0xfffa3942L); |
235 | 144k | R2(D, A, B, C, X(8), 11, 0x8771f681L); |
236 | 144k | R2(C, D, A, B, X(11), 16, 0x6d9d6122L); |
237 | 144k | R2(B, C, D, A, X(14), 23, 0xfde5380cL); |
238 | 144k | R2(A, B, C, D, X(1), 4, 0xa4beea44L); |
239 | 144k | R2(D, A, B, C, X(4), 11, 0x4bdecfa9L); |
240 | 144k | R2(C, D, A, B, X(7), 16, 0xf6bb4b60L); |
241 | 144k | R2(B, C, D, A, X(10), 23, 0xbebfbc70L); |
242 | 144k | R2(A, B, C, D, X(13), 4, 0x289b7ec6L); |
243 | 144k | R2(D, A, B, C, X(0), 11, 0xeaa127faL); |
244 | 144k | R2(C, D, A, B, X(3), 16, 0xd4ef3085L); |
245 | 144k | R2(B, C, D, A, X(6), 23, 0x04881d05L); |
246 | 144k | R2(A, B, C, D, X(9), 4, 0xd9d4d039L); |
247 | 144k | R2(D, A, B, C, X(12), 11, 0xe6db99e5L); |
248 | 144k | R2(C, D, A, B, X(15), 16, 0x1fa27cf8L); |
249 | 144k | R2(B, C, D, A, X(2), 23, 0xc4ac5665L); |
250 | | // Round 3 |
251 | 144k | R3(A, B, C, D, X(0), 6, 0xf4292244L); |
252 | 144k | R3(D, A, B, C, X(7), 10, 0x432aff97L); |
253 | 144k | R3(C, D, A, B, X(14), 15, 0xab9423a7L); |
254 | 144k | R3(B, C, D, A, X(5), 21, 0xfc93a039L); |
255 | 144k | R3(A, B, C, D, X(12), 6, 0x655b59c3L); |
256 | 144k | R3(D, A, B, C, X(3), 10, 0x8f0ccc92L); |
257 | 144k | R3(C, D, A, B, X(10), 15, 0xffeff47dL); |
258 | 144k | R3(B, C, D, A, X(1), 21, 0x85845dd1L); |
259 | 144k | R3(A, B, C, D, X(8), 6, 0x6fa87e4fL); |
260 | 144k | R3(D, A, B, C, X(15), 10, 0xfe2ce6e0L); |
261 | 144k | R3(C, D, A, B, X(6), 15, 0xa3014314L); |
262 | 144k | R3(B, C, D, A, X(13), 21, 0x4e0811a1L); |
263 | 144k | R3(A, B, C, D, X(4), 6, 0xf7537e82L); |
264 | 144k | R3(D, A, B, C, X(11), 10, 0xbd3af235L); |
265 | 144k | R3(C, D, A, B, X(2), 15, 0x2ad7d2bbL); |
266 | 144k | R3(B, C, D, A, X(9), 21, 0xeb86d391L); |
267 | | |
268 | 144k | A = state[0] += A; |
269 | 144k | B = state[1] += B; |
270 | 144k | C = state[2] += C; |
271 | 144k | D = state[3] += D; |
272 | 144k | } |
273 | 6.23k | } |
274 | | #undef X |
275 | | #endif |
276 | | |
277 | | #undef F |
278 | | #undef G |
279 | | #undef H |
280 | | #undef I |
281 | | #undef R0 |
282 | | #undef R1 |
283 | | #undef R2 |
284 | | #undef R3 |