Coverage Report

Created: 2024-11-21 07:03

/src/boringssl/crypto/md5/md5.c
Line
Count
Source (jump to first uncovered line)
1
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
2
 * All rights reserved.
3
 *
4
 * This package is an SSL implementation written
5
 * by Eric Young (eay@cryptsoft.com).
6
 * The implementation was written so as to conform with Netscapes SSL.
7
 *
8
 * This library is free for commercial and non-commercial use as long as
9
 * the following conditions are aheared to.  The following conditions
10
 * apply to all code found in this distribution, be it the RC4, RSA,
11
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
12
 * included with this distribution is covered by the same copyright terms
13
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
14
 *
15
 * Copyright remains Eric Young's, and as such any Copyright notices in
16
 * the code are not to be removed.
17
 * If this package is used in a product, Eric Young should be given attribution
18
 * as the author of the parts of the library used.
19
 * This can be in the form of a textual message at program startup or
20
 * in documentation (online or textual) provided with the package.
21
 *
22
 * Redistribution and use in source and binary forms, with or without
23
 * modification, are permitted provided that the following conditions
24
 * are met:
25
 * 1. Redistributions of source code must retain the copyright
26
 *    notice, this list of conditions and the following disclaimer.
27
 * 2. Redistributions in binary form must reproduce the above copyright
28
 *    notice, this list of conditions and the following disclaimer in the
29
 *    documentation and/or other materials provided with the distribution.
30
 * 3. All advertising materials mentioning features or use of this software
31
 *    must display the following acknowledgement:
32
 *    "This product includes cryptographic software written by
33
 *     Eric Young (eay@cryptsoft.com)"
34
 *    The word 'cryptographic' can be left out if the rouines from the library
35
 *    being used are not cryptographic related :-).
36
 * 4. If you include any Windows specific code (or a derivative thereof) from
37
 *    the apps directory (application code) you must include an acknowledgement:
38
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
39
 *
40
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50
 * SUCH DAMAGE.
51
 *
52
 * The licence and distribution terms for any publically available version or
53
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
54
 * copied and put under another distribution licence
55
 * [including the GNU Public Licence.] */
56
57
#include <openssl/md5.h>
58
59
#include <string.h>
60
61
#include <openssl/mem.h>
62
63
#include "../internal.h"
64
#include "../fipsmodule/digest/md32_common.h"
65
#include "internal.h"
66
67
68
0
uint8_t *MD5(const uint8_t *data, size_t len, uint8_t out[MD5_DIGEST_LENGTH]) {
69
0
  MD5_CTX ctx;
70
0
  MD5_Init(&ctx);
71
0
  MD5_Update(&ctx, data, len);
72
0
  MD5_Final(out, &ctx);
73
74
0
  return out;
75
0
}
76
77
2.55k
int MD5_Init(MD5_CTX *md5) {
78
2.55k
  OPENSSL_memset(md5, 0, sizeof(MD5_CTX));
79
2.55k
  md5->h[0] = 0x67452301UL;
80
2.55k
  md5->h[1] = 0xefcdab89UL;
81
2.55k
  md5->h[2] = 0x98badcfeUL;
82
2.55k
  md5->h[3] = 0x10325476UL;
83
2.55k
  return 1;
84
2.55k
}
85
86
#if defined(MD5_ASM)
87
20.1k
#define md5_block_data_order md5_block_asm_data_order
88
#else
89
static void md5_block_data_order(uint32_t *state, const uint8_t *data,
90
                                 size_t num);
91
#endif
92
93
0
void MD5_Transform(MD5_CTX *c, const uint8_t data[MD5_CBLOCK]) {
94
0
  md5_block_data_order(c->h, data, 1);
95
0
}
Unexecuted instantiation: MD5_Transform
Unexecuted instantiation: MD5_Transform
96
97
30.2k
int MD5_Update(MD5_CTX *c, const void *data, size_t len) {
98
30.2k
  crypto_md32_update(&md5_block_data_order, c->h, c->data, MD5_CBLOCK, &c->num,
99
30.2k
                     &c->Nh, &c->Nl, data, len);
100
30.2k
  return 1;
101
30.2k
}
MD5_Update
Line
Count
Source
97
15.1k
int MD5_Update(MD5_CTX *c, const void *data, size_t len) {
98
15.1k
  crypto_md32_update(&md5_block_data_order, c->h, c->data, MD5_CBLOCK, &c->num,
99
15.1k
                     &c->Nh, &c->Nl, data, len);
100
15.1k
  return 1;
101
15.1k
}
MD5_Update
Line
Count
Source
97
15.1k
int MD5_Update(MD5_CTX *c, const void *data, size_t len) {
98
15.1k
  crypto_md32_update(&md5_block_data_order, c->h, c->data, MD5_CBLOCK, &c->num,
99
15.1k
                     &c->Nh, &c->Nl, data, len);
100
15.1k
  return 1;
101
15.1k
}
102
103
10.0k
int MD5_Final(uint8_t out[MD5_DIGEST_LENGTH], MD5_CTX *c) {
104
10.0k
  crypto_md32_final(&md5_block_data_order, c->h, c->data, MD5_CBLOCK, &c->num,
105
10.0k
                    c->Nh, c->Nl, /*is_big_endian=*/0);
106
107
10.0k
  CRYPTO_store_u32_le(out, c->h[0]);
108
10.0k
  CRYPTO_store_u32_le(out + 4, c->h[1]);
109
10.0k
  CRYPTO_store_u32_le(out + 8, c->h[2]);
110
10.0k
  CRYPTO_store_u32_le(out + 12, c->h[3]);
111
10.0k
  return 1;
112
10.0k
}
MD5_Final
Line
Count
Source
103
5.01k
int MD5_Final(uint8_t out[MD5_DIGEST_LENGTH], MD5_CTX *c) {
104
5.01k
  crypto_md32_final(&md5_block_data_order, c->h, c->data, MD5_CBLOCK, &c->num,
105
5.01k
                    c->Nh, c->Nl, /*is_big_endian=*/0);
106
107
5.01k
  CRYPTO_store_u32_le(out, c->h[0]);
108
5.01k
  CRYPTO_store_u32_le(out + 4, c->h[1]);
109
5.01k
  CRYPTO_store_u32_le(out + 8, c->h[2]);
110
5.01k
  CRYPTO_store_u32_le(out + 12, c->h[3]);
111
5.01k
  return 1;
112
5.01k
}
MD5_Final
Line
Count
Source
103
5.01k
int MD5_Final(uint8_t out[MD5_DIGEST_LENGTH], MD5_CTX *c) {
104
5.01k
  crypto_md32_final(&md5_block_data_order, c->h, c->data, MD5_CBLOCK, &c->num,
105
5.01k
                    c->Nh, c->Nl, /*is_big_endian=*/0);
106
107
5.01k
  CRYPTO_store_u32_le(out, c->h[0]);
108
5.01k
  CRYPTO_store_u32_le(out + 4, c->h[1]);
109
5.01k
  CRYPTO_store_u32_le(out + 8, c->h[2]);
110
5.01k
  CRYPTO_store_u32_le(out + 12, c->h[3]);
111
5.01k
  return 1;
112
5.01k
}
113
114
// As pointed out by Wei Dai <weidai@eskimo.com>, the above can be
115
// simplified to the code below.  Wei attributes these optimizations
116
// to Peter Gutmann's SHS code, and he attributes it to Rich Schroeppel.
117
2.30M
#define F(b, c, d) ((((c) ^ (d)) & (b)) ^ (d))
118
2.30M
#define G(b, c, d) ((((b) ^ (c)) & (d)) ^ (c))
119
2.30M
#define H(b, c, d) ((b) ^ (c) ^ (d))
120
2.30M
#define I(b, c, d) (((~(d)) | (b)) ^ (c))
121
122
#define R0(a, b, c, d, k, s, t)            \
123
2.30M
  do {                                     \
124
2.30M
    (a) += ((k) + (t) + F((b), (c), (d))); \
125
2.30M
    (a) = CRYPTO_rotl_u32(a, s);           \
126
2.30M
    (a) += (b);                            \
127
2.30M
  } while (0)
128
129
#define R1(a, b, c, d, k, s, t)            \
130
2.30M
  do {                                     \
131
2.30M
    (a) += ((k) + (t) + G((b), (c), (d))); \
132
2.30M
    (a) = CRYPTO_rotl_u32(a, s);           \
133
2.30M
    (a) += (b);                            \
134
2.30M
  } while (0)
135
136
#define R2(a, b, c, d, k, s, t)            \
137
2.30M
  do {                                     \
138
2.30M
    (a) += ((k) + (t) + H((b), (c), (d))); \
139
2.30M
    (a) = CRYPTO_rotl_u32(a, s);           \
140
2.30M
    (a) += (b);                            \
141
2.30M
  } while (0)
142
143
#define R3(a, b, c, d, k, s, t)            \
144
2.30M
  do {                                     \
145
2.30M
    (a) += ((k) + (t) + I((b), (c), (d))); \
146
2.30M
    (a) = CRYPTO_rotl_u32(a, s);           \
147
2.30M
    (a) += (b);                            \
148
2.30M
  } while (0)
149
150
#ifndef MD5_ASM
151
#ifdef X
152
#undef X
153
#endif
154
static void md5_block_data_order(uint32_t *state, const uint8_t *data,
155
6.23k
                                 size_t num) {
156
6.23k
  uint32_t A, B, C, D;
157
6.23k
  uint32_t XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, XX8, XX9, XX10, XX11, XX12,
158
6.23k
      XX13, XX14, XX15;
159
2.30M
#define X(i) XX##i
160
161
6.23k
  A = state[0];
162
6.23k
  B = state[1];
163
6.23k
  C = state[2];
164
6.23k
  D = state[3];
165
166
150k
  for (; num--;) {
167
144k
    X(0) = CRYPTO_load_u32_le(data);
168
144k
    data += 4;
169
144k
    X(1) = CRYPTO_load_u32_le(data);
170
144k
    data += 4;
171
    // Round 0
172
144k
    R0(A, B, C, D, X(0), 7, 0xd76aa478L);
173
144k
    X(2) = CRYPTO_load_u32_le(data);
174
144k
    data += 4;
175
144k
    R0(D, A, B, C, X(1), 12, 0xe8c7b756L);
176
144k
    X(3) = CRYPTO_load_u32_le(data);
177
144k
    data += 4;
178
144k
    R0(C, D, A, B, X(2), 17, 0x242070dbL);
179
144k
    X(4) = CRYPTO_load_u32_le(data);
180
144k
    data += 4;
181
144k
    R0(B, C, D, A, X(3), 22, 0xc1bdceeeL);
182
144k
    X(5) = CRYPTO_load_u32_le(data);
183
144k
    data += 4;
184
144k
    R0(A, B, C, D, X(4), 7, 0xf57c0fafL);
185
144k
    X(6) = CRYPTO_load_u32_le(data);
186
144k
    data += 4;
187
144k
    R0(D, A, B, C, X(5), 12, 0x4787c62aL);
188
144k
    X(7) = CRYPTO_load_u32_le(data);
189
144k
    data += 4;
190
144k
    R0(C, D, A, B, X(6), 17, 0xa8304613L);
191
144k
    X(8) = CRYPTO_load_u32_le(data);
192
144k
    data += 4;
193
144k
    R0(B, C, D, A, X(7), 22, 0xfd469501L);
194
144k
    X(9) = CRYPTO_load_u32_le(data);
195
144k
    data += 4;
196
144k
    R0(A, B, C, D, X(8), 7, 0x698098d8L);
197
144k
    X(10) = CRYPTO_load_u32_le(data);
198
144k
    data += 4;
199
144k
    R0(D, A, B, C, X(9), 12, 0x8b44f7afL);
200
144k
    X(11) = CRYPTO_load_u32_le(data);
201
144k
    data += 4;
202
144k
    R0(C, D, A, B, X(10), 17, 0xffff5bb1L);
203
144k
    X(12) = CRYPTO_load_u32_le(data);
204
144k
    data += 4;
205
144k
    R0(B, C, D, A, X(11), 22, 0x895cd7beL);
206
144k
    X(13) = CRYPTO_load_u32_le(data);
207
144k
    data += 4;
208
144k
    R0(A, B, C, D, X(12), 7, 0x6b901122L);
209
144k
    X(14) = CRYPTO_load_u32_le(data);
210
144k
    data += 4;
211
144k
    R0(D, A, B, C, X(13), 12, 0xfd987193L);
212
144k
    X(15) = CRYPTO_load_u32_le(data);
213
144k
    data += 4;
214
144k
    R0(C, D, A, B, X(14), 17, 0xa679438eL);
215
144k
    R0(B, C, D, A, X(15), 22, 0x49b40821L);
216
    // Round 1
217
144k
    R1(A, B, C, D, X(1), 5, 0xf61e2562L);
218
144k
    R1(D, A, B, C, X(6), 9, 0xc040b340L);
219
144k
    R1(C, D, A, B, X(11), 14, 0x265e5a51L);
220
144k
    R1(B, C, D, A, X(0), 20, 0xe9b6c7aaL);
221
144k
    R1(A, B, C, D, X(5), 5, 0xd62f105dL);
222
144k
    R1(D, A, B, C, X(10), 9, 0x02441453L);
223
144k
    R1(C, D, A, B, X(15), 14, 0xd8a1e681L);
224
144k
    R1(B, C, D, A, X(4), 20, 0xe7d3fbc8L);
225
144k
    R1(A, B, C, D, X(9), 5, 0x21e1cde6L);
226
144k
    R1(D, A, B, C, X(14), 9, 0xc33707d6L);
227
144k
    R1(C, D, A, B, X(3), 14, 0xf4d50d87L);
228
144k
    R1(B, C, D, A, X(8), 20, 0x455a14edL);
229
144k
    R1(A, B, C, D, X(13), 5, 0xa9e3e905L);
230
144k
    R1(D, A, B, C, X(2), 9, 0xfcefa3f8L);
231
144k
    R1(C, D, A, B, X(7), 14, 0x676f02d9L);
232
144k
    R1(B, C, D, A, X(12), 20, 0x8d2a4c8aL);
233
    // Round 2
234
144k
    R2(A, B, C, D, X(5), 4, 0xfffa3942L);
235
144k
    R2(D, A, B, C, X(8), 11, 0x8771f681L);
236
144k
    R2(C, D, A, B, X(11), 16, 0x6d9d6122L);
237
144k
    R2(B, C, D, A, X(14), 23, 0xfde5380cL);
238
144k
    R2(A, B, C, D, X(1), 4, 0xa4beea44L);
239
144k
    R2(D, A, B, C, X(4), 11, 0x4bdecfa9L);
240
144k
    R2(C, D, A, B, X(7), 16, 0xf6bb4b60L);
241
144k
    R2(B, C, D, A, X(10), 23, 0xbebfbc70L);
242
144k
    R2(A, B, C, D, X(13), 4, 0x289b7ec6L);
243
144k
    R2(D, A, B, C, X(0), 11, 0xeaa127faL);
244
144k
    R2(C, D, A, B, X(3), 16, 0xd4ef3085L);
245
144k
    R2(B, C, D, A, X(6), 23, 0x04881d05L);
246
144k
    R2(A, B, C, D, X(9), 4, 0xd9d4d039L);
247
144k
    R2(D, A, B, C, X(12), 11, 0xe6db99e5L);
248
144k
    R2(C, D, A, B, X(15), 16, 0x1fa27cf8L);
249
144k
    R2(B, C, D, A, X(2), 23, 0xc4ac5665L);
250
    // Round 3
251
144k
    R3(A, B, C, D, X(0), 6, 0xf4292244L);
252
144k
    R3(D, A, B, C, X(7), 10, 0x432aff97L);
253
144k
    R3(C, D, A, B, X(14), 15, 0xab9423a7L);
254
144k
    R3(B, C, D, A, X(5), 21, 0xfc93a039L);
255
144k
    R3(A, B, C, D, X(12), 6, 0x655b59c3L);
256
144k
    R3(D, A, B, C, X(3), 10, 0x8f0ccc92L);
257
144k
    R3(C, D, A, B, X(10), 15, 0xffeff47dL);
258
144k
    R3(B, C, D, A, X(1), 21, 0x85845dd1L);
259
144k
    R3(A, B, C, D, X(8), 6, 0x6fa87e4fL);
260
144k
    R3(D, A, B, C, X(15), 10, 0xfe2ce6e0L);
261
144k
    R3(C, D, A, B, X(6), 15, 0xa3014314L);
262
144k
    R3(B, C, D, A, X(13), 21, 0x4e0811a1L);
263
144k
    R3(A, B, C, D, X(4), 6, 0xf7537e82L);
264
144k
    R3(D, A, B, C, X(11), 10, 0xbd3af235L);
265
144k
    R3(C, D, A, B, X(2), 15, 0x2ad7d2bbL);
266
144k
    R3(B, C, D, A, X(9), 21, 0xeb86d391L);
267
268
144k
    A = state[0] += A;
269
144k
    B = state[1] += B;
270
144k
    C = state[2] += C;
271
144k
    D = state[3] += D;
272
144k
  }
273
6.23k
}
274
#undef X
275
#endif
276
277
#undef F
278
#undef G
279
#undef H
280
#undef I
281
#undef R0
282
#undef R1
283
#undef R2
284
#undef R3