/src/openssl/crypto/sha/sha_local.h

Line	Count	Source
1		/*
2		* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
3		*
4		* Licensed under the Apache License 2.0 (the "License"). You may not use
5		* this file except in compliance with the License. You can obtain a copy
6		* in the file LICENSE in the source distribution or at
7		* https://www.openssl.org/source/license.html
8		*/
9
10		#include <stdlib.h>
11		#include <string.h>
12
13		#include <openssl/opensslconf.h>
14		#include <openssl/sha.h>
15		#include "internal/endian.h"
16
17		#define DATA_ORDER_IS_BIG_ENDIAN
18
19	182	#define HASH_LONG SHA_LONG
20		#define HASH_CTX SHA_CTX
21	845	#define HASH_CBLOCK SHA_CBLOCK
22		#define HASH_MAKE_STRING(c, s) \
23	91	do { \
24	91	unsigned long ll; \
25	91	ll = (c)->h0; \
26	91	(void)HOST_l2c(ll, (s)); \
27	91	ll = (c)->h1; \
28	91	(void)HOST_l2c(ll, (s)); \
29	91	ll = (c)->h2; \
30	91	(void)HOST_l2c(ll, (s)); \
31	91	ll = (c)->h3; \
32	91	(void)HOST_l2c(ll, (s)); \
33	91	ll = (c)->h4; \
34	91	(void)HOST_l2c(ll, (s)); \
35	91	} while (0)
36
37		#define HASH_UPDATE SHA1_Update
38		#define HASH_TRANSFORM SHA1_Transform
39		#define HASH_FINAL SHA1_Final
40		#define HASH_INIT SHA1_Init
41	299	#define HASH_BLOCK_DATA_ORDER sha1_block_data_order
42	133M	#define Xupdate(a, ix, ia, ib, ic, id) ((a) = (ia ^ ib ^ ic ^ id), \
43	133M	ix = (a) = ROTATE((a), 1))
44
45		#ifndef SHA1_ASM
46		static void sha1_block_data_order(SHA_CTX c, const void p, size_t num);
47		#else
48		void sha1_block_data_order(SHA_CTX c, const void p, size_t num);
49		#endif
50
51		#include "crypto/md32_common.h"
52
53	182	#define INIT_DATA_h0 0x67452301UL
54	182	#define INIT_DATA_h1 0xefcdab89UL
55	182	#define INIT_DATA_h2 0x98badcfeUL
56	182	#define INIT_DATA_h3 0x10325476UL
57	182	#define INIT_DATA_h4 0xc3d2e1f0UL
58
59		int HASH_INIT(SHA_CTX *c)
60	182	{
61	182	memset(c, 0, sizeof(*c));
62	182	c->h0 = INIT_DATA_h0;
63	182	c->h1 = INIT_DATA_h1;
64	182	c->h2 = INIT_DATA_h2;
65	182	c->h3 = INIT_DATA_h3;
66	182	c->h4 = INIT_DATA_h4;
67	182	return 1;
68	182	}
69
70	41.6M	#define K_00_19 0x5a827999UL
71	41.6M	#define K_20_39 0x6ed9eba1UL
72	41.6M	#define K_40_59 0x8f1bbcdcUL
73	41.6M	#define K_60_79 0xca62c1d6UL
74
75		/*
76		* As pointed out by Wei Dai, F() below can be simplified to the code in
77		* F_00_19. Wei attributes these optimizations to Peter Gutmann's SHS code,
78		* and he attributes it to Rich Schroeppel.
79		* #define F(x,y,z) (((x) & (y)) \| ((~(x)) & (z)))
80		* I've just become aware of another tweak to be made, again from Wei Dai,
81		* in F_40_59, (x&a)\|(y&a) -> (x\|y)&a
82		*/
83	41.6M	#define F_00_19(b, c, d) ((((c) ^ (d)) & (b)) ^ (d))
84	83.2M	#define F_20_39(b, c, d) ((b) ^ (c) ^ (d))
85	41.6M	#define F_40_59(b, c, d) (((b) & (c)) \| (((b) \| (c)) & (d)))
86	41.6M	#define F_60_79(b, c, d) F_20_39(b, c, d)
87
88		#ifndef OPENSSL_SMALL_FOOTPRINT
89
90		#define BODY_00_15(i, a, b, c, d, e, f, xi) \
91	33.2M	(f) = xi + (e) + K_00_19 + ROTATE((a), 5) + F_00_19((b), (c), (d)); \
92	33.2M	(b) = ROTATE((b), 30);
93
94		#define BODY_16_19(i, a, b, c, d, e, f, xi, xa, xb, xc, xd) \
95	8.32M	Xupdate(f, xi, xa, xb, xc, xd); \
96	8.32M	(f) += (e) + K_00_19 + ROTATE((a), 5) + F_00_19((b), (c), (d)); \
97	8.32M	(b) = ROTATE((b), 30);
98
99		#define BODY_20_31(i, a, b, c, d, e, f, xi, xa, xb, xc, xd) \
100	24.9M	Xupdate(f, xi, xa, xb, xc, xd); \
101	24.9M	(f) += (e) + K_20_39 + ROTATE((a), 5) + F_20_39((b), (c), (d)); \
102	24.9M	(b) = ROTATE((b), 30);
103
104		#define BODY_32_39(i, a, b, c, d, e, f, xa, xb, xc, xd) \
105	16.6M	Xupdate(f, xa, xa, xb, xc, xd); \
106	16.6M	(f) += (e) + K_20_39 + ROTATE((a), 5) + F_20_39((b), (c), (d)); \
107	16.6M	(b) = ROTATE((b), 30);
108
109		#define BODY_40_59(i, a, b, c, d, e, f, xa, xb, xc, xd) \
110	41.6M	Xupdate(f, xa, xa, xb, xc, xd); \
111	41.6M	(f) += (e) + K_40_59 + ROTATE((a), 5) + F_40_59((b), (c), (d)); \
112	41.6M	(b) = ROTATE((b), 30);
113
114		#define BODY_60_79(i, a, b, c, d, e, f, xa, xb, xc, xd) \
115	41.6M	Xupdate(f, xa, xa, xb, xc, xd); \
116	41.6M	(f) = xa + (e) + K_60_79 + ROTATE((a), 5) + F_60_79((b), (c), (d)); \
117	41.6M	(b) = ROTATE((b), 30);
118
119		#ifdef X
120		#undef X
121		#endif
122		#ifndef MD32_XARRAY
123		/*
124		* Originally X was an array. As it's automatic it's natural
125		* to expect RISC compiler to accommodate at least part of it in
126		* the register bank, isn't it? Unfortunately not all compilers
127		* "find" this expectation reasonable:-( On order to make such
128		* compilers generate better code I replace X[] with a bunch of
129		* X0, X1, etc. See the function body below...
130		*/
131	33.2M	#define X(i) XX##i
132		#else
133		/*
134		* However! Some compilers (most notably HP C) get overwhelmed by
135		* that many local variables so that we have to have the way to
136		* fall down to the original behavior.
137		*/
138		#define X(i) XX[i]
139		#endif
140
141		#if !defined(SHA1_ASM)
142		static void HASH_BLOCK_DATA_ORDER(SHA_CTX c, const void p, size_t num)
143	299	{
144	299	const unsigned char *data = p;
145	299	register unsigned MD32_REG_T A, B, C, D, E, T, l;
146	299	#ifndef MD32_XARRAY
147	299	unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7,
148	299	XX8, XX9, XX10, XX11, XX12, XX13, XX14, XX15;
149		#else
150		SHA_LONG XX[16];
151		#endif
152
153	299	A = c->h0;
154	299	B = c->h1;
155	299	C = c->h2;
156	299	D = c->h3;
157	299	E = c->h4;
158
159	2.08M	for (;;) {
160	2.08M	DECLARE_IS_ENDIAN;
161
162	2.08M	if (!IS_LITTLE_ENDIAN && sizeof(SHA_LONG) == 4
163	0	&& ((size_t)p % 4) == 0) {
164	0	const SHA_LONG W = (const SHA_LONG )data;
165
166	0	X(0) = W[0];
167	0	X(1) = W[1];
168	0	BODY_00_15(0, A, B, C, D, E, T, X(0));
169	0	X(2) = W[2];
170	0	BODY_00_15(1, T, A, B, C, D, E, X(1));
171	0	X(3) = W[3];
172	0	BODY_00_15(2, E, T, A, B, C, D, X(2));
173	0	X(4) = W[4];
174	0	BODY_00_15(3, D, E, T, A, B, C, X(3));
175	0	X(5) = W[5];
176	0	BODY_00_15(4, C, D, E, T, A, B, X(4));
177	0	X(6) = W[6];
178	0	BODY_00_15(5, B, C, D, E, T, A, X(5));
179	0	X(7) = W[7];
180	0	BODY_00_15(6, A, B, C, D, E, T, X(6));
181	0	X(8) = W[8];
182	0	BODY_00_15(7, T, A, B, C, D, E, X(7));
183	0	X(9) = W[9];
184	0	BODY_00_15(8, E, T, A, B, C, D, X(8));
185	0	X(10) = W[10];
186	0	BODY_00_15(9, D, E, T, A, B, C, X(9));
187	0	X(11) = W[11];
188	0	BODY_00_15(10, C, D, E, T, A, B, X(10));
189	0	X(12) = W[12];
190	0	BODY_00_15(11, B, C, D, E, T, A, X(11));
191	0	X(13) = W[13];
192	0	BODY_00_15(12, A, B, C, D, E, T, X(12));
193	0	X(14) = W[14];
194	0	BODY_00_15(13, T, A, B, C, D, E, X(13));
195	0	X(15) = W[15];
196	0	BODY_00_15(14, E, T, A, B, C, D, X(14));
197	0	BODY_00_15(15, D, E, T, A, B, C, X(15));
198
199	0	data += SHA_CBLOCK;
200	2.08M	} else {
201	2.08M	(void)HOST_c2l(data, l);
202	2.08M	X(0) = l;
203	2.08M	(void)HOST_c2l(data, l);
204	2.08M	X(1) = l;
205	2.08M	BODY_00_15(0, A, B, C, D, E, T, X(0));
206	2.08M	(void)HOST_c2l(data, l);
207	2.08M	X(2) = l;
208	2.08M	BODY_00_15(1, T, A, B, C, D, E, X(1));
209	2.08M	(void)HOST_c2l(data, l);
210	2.08M	X(3) = l;
211	2.08M	BODY_00_15(2, E, T, A, B, C, D, X(2));
212	2.08M	(void)HOST_c2l(data, l);
213	2.08M	X(4) = l;
214	2.08M	BODY_00_15(3, D, E, T, A, B, C, X(3));
215	2.08M	(void)HOST_c2l(data, l);
216	2.08M	X(5) = l;
217	2.08M	BODY_00_15(4, C, D, E, T, A, B, X(4));
218	2.08M	(void)HOST_c2l(data, l);
219	2.08M	X(6) = l;
220	2.08M	BODY_00_15(5, B, C, D, E, T, A, X(5));
221	2.08M	(void)HOST_c2l(data, l);
222	2.08M	X(7) = l;
223	2.08M	BODY_00_15(6, A, B, C, D, E, T, X(6));
224	2.08M	(void)HOST_c2l(data, l);
225	2.08M	X(8) = l;
226	2.08M	BODY_00_15(7, T, A, B, C, D, E, X(7));
227	2.08M	(void)HOST_c2l(data, l);
228	2.08M	X(9) = l;
229	2.08M	BODY_00_15(8, E, T, A, B, C, D, X(8));
230	2.08M	(void)HOST_c2l(data, l);
231	2.08M	X(10) = l;
232	2.08M	BODY_00_15(9, D, E, T, A, B, C, X(9));
233	2.08M	(void)HOST_c2l(data, l);
234	2.08M	X(11) = l;
235	2.08M	BODY_00_15(10, C, D, E, T, A, B, X(10));
236	2.08M	(void)HOST_c2l(data, l);
237	2.08M	X(12) = l;
238	2.08M	BODY_00_15(11, B, C, D, E, T, A, X(11));
239	2.08M	(void)HOST_c2l(data, l);
240	2.08M	X(13) = l;
241	2.08M	BODY_00_15(12, A, B, C, D, E, T, X(12));
242	2.08M	(void)HOST_c2l(data, l);
243	2.08M	X(14) = l;
244	2.08M	BODY_00_15(13, T, A, B, C, D, E, X(13));
245	2.08M	(void)HOST_c2l(data, l);
246	2.08M	X(15) = l;
247	2.08M	BODY_00_15(14, E, T, A, B, C, D, X(14));
248	2.08M	BODY_00_15(15, D, E, T, A, B, C, X(15));
249	2.08M	}
250
251	2.08M	BODY_16_19(16, C, D, E, T, A, B, X(0), X(0), X(2), X(8), X(13));
252	2.08M	BODY_16_19(17, B, C, D, E, T, A, X(1), X(1), X(3), X(9), X(14));
253	2.08M	BODY_16_19(18, A, B, C, D, E, T, X(2), X(2), X(4), X(10), X(15));
254	2.08M	BODY_16_19(19, T, A, B, C, D, E, X(3), X(3), X(5), X(11), X(0));
255
256	2.08M	BODY_20_31(20, E, T, A, B, C, D, X(4), X(4), X(6), X(12), X(1));
257	2.08M	BODY_20_31(21, D, E, T, A, B, C, X(5), X(5), X(7), X(13), X(2));
258	2.08M	BODY_20_31(22, C, D, E, T, A, B, X(6), X(6), X(8), X(14), X(3));
259	2.08M	BODY_20_31(23, B, C, D, E, T, A, X(7), X(7), X(9), X(15), X(4));
260	2.08M	BODY_20_31(24, A, B, C, D, E, T, X(8), X(8), X(10), X(0), X(5));
261	2.08M	BODY_20_31(25, T, A, B, C, D, E, X(9), X(9), X(11), X(1), X(6));
262	2.08M	BODY_20_31(26, E, T, A, B, C, D, X(10), X(10), X(12), X(2), X(7));
263	2.08M	BODY_20_31(27, D, E, T, A, B, C, X(11), X(11), X(13), X(3), X(8));
264	2.08M	BODY_20_31(28, C, D, E, T, A, B, X(12), X(12), X(14), X(4), X(9));
265	2.08M	BODY_20_31(29, B, C, D, E, T, A, X(13), X(13), X(15), X(5), X(10));
266	2.08M	BODY_20_31(30, A, B, C, D, E, T, X(14), X(14), X(0), X(6), X(11));
267	2.08M	BODY_20_31(31, T, A, B, C, D, E, X(15), X(15), X(1), X(7), X(12));
268
269	2.08M	BODY_32_39(32, E, T, A, B, C, D, X(0), X(2), X(8), X(13));
270	2.08M	BODY_32_39(33, D, E, T, A, B, C, X(1), X(3), X(9), X(14));
271	2.08M	BODY_32_39(34, C, D, E, T, A, B, X(2), X(4), X(10), X(15));
272	2.08M	BODY_32_39(35, B, C, D, E, T, A, X(3), X(5), X(11), X(0));
273	2.08M	BODY_32_39(36, A, B, C, D, E, T, X(4), X(6), X(12), X(1));
274	2.08M	BODY_32_39(37, T, A, B, C, D, E, X(5), X(7), X(13), X(2));
275	2.08M	BODY_32_39(38, E, T, A, B, C, D, X(6), X(8), X(14), X(3));
276	2.08M	BODY_32_39(39, D, E, T, A, B, C, X(7), X(9), X(15), X(4));
277
278	2.08M	BODY_40_59(40, C, D, E, T, A, B, X(8), X(10), X(0), X(5));
279	2.08M	BODY_40_59(41, B, C, D, E, T, A, X(9), X(11), X(1), X(6));
280	2.08M	BODY_40_59(42, A, B, C, D, E, T, X(10), X(12), X(2), X(7));
281	2.08M	BODY_40_59(43, T, A, B, C, D, E, X(11), X(13), X(3), X(8));
282	2.08M	BODY_40_59(44, E, T, A, B, C, D, X(12), X(14), X(4), X(9));
283	2.08M	BODY_40_59(45, D, E, T, A, B, C, X(13), X(15), X(5), X(10));
284	2.08M	BODY_40_59(46, C, D, E, T, A, B, X(14), X(0), X(6), X(11));
285	2.08M	BODY_40_59(47, B, C, D, E, T, A, X(15), X(1), X(7), X(12));
286	2.08M	BODY_40_59(48, A, B, C, D, E, T, X(0), X(2), X(8), X(13));
287	2.08M	BODY_40_59(49, T, A, B, C, D, E, X(1), X(3), X(9), X(14));
288	2.08M	BODY_40_59(50, E, T, A, B, C, D, X(2), X(4), X(10), X(15));
289	2.08M	BODY_40_59(51, D, E, T, A, B, C, X(3), X(5), X(11), X(0));
290	2.08M	BODY_40_59(52, C, D, E, T, A, B, X(4), X(6), X(12), X(1));
291	2.08M	BODY_40_59(53, B, C, D, E, T, A, X(5), X(7), X(13), X(2));
292	2.08M	BODY_40_59(54, A, B, C, D, E, T, X(6), X(8), X(14), X(3));
293	2.08M	BODY_40_59(55, T, A, B, C, D, E, X(7), X(9), X(15), X(4));
294	2.08M	BODY_40_59(56, E, T, A, B, C, D, X(8), X(10), X(0), X(5));
295	2.08M	BODY_40_59(57, D, E, T, A, B, C, X(9), X(11), X(1), X(6));
296	2.08M	BODY_40_59(58, C, D, E, T, A, B, X(10), X(12), X(2), X(7));
297	2.08M	BODY_40_59(59, B, C, D, E, T, A, X(11), X(13), X(3), X(8));
298
299	2.08M	BODY_60_79(60, A, B, C, D, E, T, X(12), X(14), X(4), X(9));
300	2.08M	BODY_60_79(61, T, A, B, C, D, E, X(13), X(15), X(5), X(10));
301	2.08M	BODY_60_79(62, E, T, A, B, C, D, X(14), X(0), X(6), X(11));
302	2.08M	BODY_60_79(63, D, E, T, A, B, C, X(15), X(1), X(7), X(12));
303	2.08M	BODY_60_79(64, C, D, E, T, A, B, X(0), X(2), X(8), X(13));
304	2.08M	BODY_60_79(65, B, C, D, E, T, A, X(1), X(3), X(9), X(14));
305	2.08M	BODY_60_79(66, A, B, C, D, E, T, X(2), X(4), X(10), X(15));
306	2.08M	BODY_60_79(67, T, A, B, C, D, E, X(3), X(5), X(11), X(0));
307	2.08M	BODY_60_79(68, E, T, A, B, C, D, X(4), X(6), X(12), X(1));
308	2.08M	BODY_60_79(69, D, E, T, A, B, C, X(5), X(7), X(13), X(2));
309	2.08M	BODY_60_79(70, C, D, E, T, A, B, X(6), X(8), X(14), X(3));
310	2.08M	BODY_60_79(71, B, C, D, E, T, A, X(7), X(9), X(15), X(4));
311	2.08M	BODY_60_79(72, A, B, C, D, E, T, X(8), X(10), X(0), X(5));
312	2.08M	BODY_60_79(73, T, A, B, C, D, E, X(9), X(11), X(1), X(6));
313	2.08M	BODY_60_79(74, E, T, A, B, C, D, X(10), X(12), X(2), X(7));
314	2.08M	BODY_60_79(75, D, E, T, A, B, C, X(11), X(13), X(3), X(8));
315	2.08M	BODY_60_79(76, C, D, E, T, A, B, X(12), X(14), X(4), X(9));
316	2.08M	BODY_60_79(77, B, C, D, E, T, A, X(13), X(15), X(5), X(10));
317	2.08M	BODY_60_79(78, A, B, C, D, E, T, X(14), X(0), X(6), X(11));
318	2.08M	BODY_60_79(79, T, A, B, C, D, E, X(15), X(1), X(7), X(12));
319
320	2.08M	c->h0 = (c->h0 + E) & 0xffffffffL;
321	2.08M	c->h1 = (c->h1 + T) & 0xffffffffL;
322	2.08M	c->h2 = (c->h2 + A) & 0xffffffffL;
323	2.08M	c->h3 = (c->h3 + B) & 0xffffffffL;
324	2.08M	c->h4 = (c->h4 + C) & 0xffffffffL;
325
326	2.08M	if (--num == 0)
327	299	break;
328
329	2.07M	A = c->h0;
330	2.07M	B = c->h1;
331	2.07M	C = c->h2;
332	2.07M	D = c->h3;
333	2.07M	E = c->h4;
334	2.07M	}
335	299	}
336		#endif
337
338		#else /* OPENSSL_SMALL_FOOTPRINT */
339
340		#define BODY_00_15(xi) \
341		do { \
342		T = E + K_00_19 + F_00_19(B, C, D); \
343		E = D, D = C, C = ROTATE(B, 30), B = A; \
344		A = ROTATE(A, 5) + T + xi; \
345		} while (0)
346
347		#define BODY_16_19(xa, xb, xc, xd) \
348		do { \
349		Xupdate(T, xa, xa, xb, xc, xd); \
350		T += E + K_00_19 + F_00_19(B, C, D); \
351		E = D, D = C, C = ROTATE(B, 30), B = A; \
352		A = ROTATE(A, 5) + T; \
353		} while (0)
354
355		#define BODY_20_39(xa, xb, xc, xd) \
356		do { \
357		Xupdate(T, xa, xa, xb, xc, xd); \
358		T += E + K_20_39 + F_20_39(B, C, D); \
359		E = D, D = C, C = ROTATE(B, 30), B = A; \
360		A = ROTATE(A, 5) + T; \
361		} while (0)
362
363		#define BODY_40_59(xa, xb, xc, xd) \
364		do { \
365		Xupdate(T, xa, xa, xb, xc, xd); \
366		T += E + K_40_59 + F_40_59(B, C, D); \
367		E = D, D = C, C = ROTATE(B, 30), B = A; \
368		A = ROTATE(A, 5) + T; \
369		} while (0)
370
371		#define BODY_60_79(xa, xb, xc, xd) \
372		do { \
373		Xupdate(T, xa, xa, xb, xc, xd); \
374		T = E + K_60_79 + F_60_79(B, C, D); \
375		E = D, D = C, C = ROTATE(B, 30), B = A; \
376		A = ROTATE(A, 5) + T + xa; \
377		} while (0)
378
379		#if !defined(SHA1_ASM)
380		static void HASH_BLOCK_DATA_ORDER(SHA_CTX c, const void p, size_t num)
381		{
382		const unsigned char *data = p;
383		register unsigned MD32_REG_T A, B, C, D, E, T, l;
384		int i;
385		SHA_LONG X[16];
386
387		A = c->h0;
388		B = c->h1;
389		C = c->h2;
390		D = c->h3;
391		E = c->h4;
392
393		for (;;) {
394		for (i = 0; i < 16; i++) {
395		(void)HOST_c2l(data, l);
396		X[i] = l;
397		BODY_00_15(X[i]);
398		}
399		for (i = 0; i < 4; i++) {
400		BODY_16_19(X[i], X[i + 2], X[i + 8], X[(i + 13) & 15]);
401		}
402		for (; i < 24; i++) {
403		BODY_20_39(X[i & 15], X[(i + 2) & 15], X[(i + 8) & 15],
404		X[(i + 13) & 15]);
405		}
406		for (i = 0; i < 20; i++) {
407		BODY_40_59(X[(i + 8) & 15], X[(i + 10) & 15], X[i & 15],
408		X[(i + 5) & 15]);
409		}
410		for (i = 4; i < 24; i++) {
411		BODY_60_79(X[(i + 8) & 15], X[(i + 10) & 15], X[i & 15],
412		X[(i + 5) & 15]);
413		}
414
415		c->h0 = (c->h0 + A) & 0xffffffffL;
416		c->h1 = (c->h1 + B) & 0xffffffffL;
417		c->h2 = (c->h2 + C) & 0xffffffffL;
418		c->h3 = (c->h3 + D) & 0xffffffffL;
419		c->h4 = (c->h4 + E) & 0xffffffffL;
420
421		if (--num == 0)
422		break;
423
424		A = c->h0;
425		B = c->h1;
426		C = c->h2;
427		D = c->h3;
428		E = c->h4;
429		}
430		}
431		#endif
432
433		#endif

Coverage Report

Created: 2025-12-10 06:24