/src/openssl/include/crypto/md32_common.h

Source (jump to first uncovered line)
/*
 * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

/*-
 * This is a generic 32 bit "collector" for message digest algorithms.
 * Whenever needed it collects input character stream into chunks of
 * 32 bit values and invokes a block function that performs actual hash
 * calculations.
 *
 * Porting guide.
 *
 * Obligatory macros:
 *
 * DATA_ORDER_IS_BIG_ENDIAN or DATA_ORDER_IS_LITTLE_ENDIAN
 *      this macro defines byte order of input stream.
 * HASH_CBLOCK
 *      size of a unit chunk HASH_BLOCK operates on.
 * HASH_LONG
 *      has to be at least 32 bit wide.
 * HASH_CTX
 *      context structure that at least contains following
 *      members:
 *              typedef struct {
 *                      ...
 *                      HASH_LONG       Nl,Nh;
 *                      either {
 *                      HASH_LONG       data[HASH_LBLOCK];
 *                      unsigned char   data[HASH_CBLOCK];
 *                      };
 *                      unsigned int    num;
 *                      ...
 *                      } HASH_CTX;
 *      data[] vector is expected to be zeroed upon first call to
 *      HASH_UPDATE.
 * HASH_UPDATE
 *      name of "Update" function, implemented here.
 * HASH_TRANSFORM
 *      name of "Transform" function, implemented here.
 * HASH_FINAL
 *      name of "Final" function, implemented here.
 * HASH_BLOCK_DATA_ORDER
 *      name of "block" function capable of treating *unaligned* input
 *      message in original (data) byte order, implemented externally.
 * HASH_MAKE_STRING
 *      macro converting context variables to an ASCII hash string.
 *
 * MD5 example:
 *
 *      #define DATA_ORDER_IS_LITTLE_ENDIAN
 *
 *      #define HASH_LONG               MD5_LONG
 *      #define HASH_CTX                MD5_CTX
 *      #define HASH_CBLOCK             MD5_CBLOCK
 *      #define HASH_UPDATE             MD5_Update
 *      #define HASH_TRANSFORM          MD5_Transform
 *      #define HASH_FINAL              MD5_Final
 *      #define HASH_BLOCK_DATA_ORDER   md5_block_data_order
 */

#ifndef OSSL_CRYPTO_MD32_COMMON_H
# define OSSL_CRYPTO_MD32_COMMON_H
# pragma once

# include <openssl/crypto.h>

# if !defined(DATA_ORDER_IS_BIG_ENDIAN) && !defined(DATA_ORDER_IS_LITTLE_ENDIAN)
#  error "DATA_ORDER must be defined!"
# endif

# ifndef HASH_CBLOCK
#  error "HASH_CBLOCK must be defined!"
# endif
# ifndef HASH_LONG
#  error "HASH_LONG must be defined!"
# endif
# ifndef HASH_CTX
#  error "HASH_CTX must be defined!"
# endif

# ifndef HASH_UPDATE
#  error "HASH_UPDATE must be defined!"
# endif
# ifndef HASH_TRANSFORM
#  error "HASH_TRANSFORM must be defined!"
# endif
# ifndef HASH_FINAL
#  error "HASH_FINAL must be defined!"
# endif

# ifndef HASH_BLOCK_DATA_ORDER
#  error "HASH_BLOCK_DATA_ORDER must be defined!"
# endif

# define ROTATE(a,n)     (((a)<<(n))|(((a)&0xffffffff)>>(32-(n))))

#ifndef PEDANTIC
# if defined(__GNUC__) && __GNUC__>=2 && \
     !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
#  if defined(__riscv_zbb) || defined(__riscv_zbkb)
#   if __riscv_xlen == 64
#   undef ROTATE
#   define ROTATE(x, n) ({ MD32_REG_T ret;            \
                       asm ("roriw %0, %1, %2"        \
                       : "=r"(ret)                    \
                       : "r"(x), "i"(32 - (n))); ret;})
#   endif
#   if __riscv_xlen == 32
#   undef ROTATE
#   define ROTATE(x, n) ({ MD32_REG_T ret;            \
                       asm ("rori %0, %1, %2"         \
                       : "=r"(ret)                    \
                       : "r"(x), "i"(32 - (n))); ret;})
#   endif
#  endif
# endif
#endif

# if defined(DATA_ORDER_IS_BIG_ENDIAN)

#  define HOST_c2l(c,l)  (l =(((unsigned long)(*((c)++)))<<24),          \
                         l|=(((unsigned long)(*((c)++)))<<16),          \
                         l|=(((unsigned long)(*((c)++)))<< 8),          \
                         l|=(((unsigned long)(*((c)++)))    )           )
#  define HOST_l2c(l,c)  (*((c)++)=(unsigned char)(((l)>>24)&0xff),      \
                         *((c)++)=(unsigned char)(((l)>>16)&0xff),      \
                         *((c)++)=(unsigned char)(((l)>> 8)&0xff),      \
                         *((c)++)=(unsigned char)(((l)    )&0xff),      \
                         l)

# elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)

#  define HOST_c2l(c,l)  (l =(((unsigned long)(*((c)++)))    ),          \
                         l|=(((unsigned long)(*((c)++)))<< 8),          \
                         l|=(((unsigned long)(*((c)++)))<<16),          \
                         l|=(((unsigned long)(*((c)++)))<<24)           )
#  define HOST_l2c(l,c)  (*((c)++)=(unsigned char)(((l)    )&0xff),      \
                         *((c)++)=(unsigned char)(((l)>> 8)&0xff),      \
                         *((c)++)=(unsigned char)(((l)>>16)&0xff),      \
                         *((c)++)=(unsigned char)(((l)>>24)&0xff),      \
                         l)

# endif

/*
 * Time for some action :-)
 */

int HASH_UPDATE(HASH_CTX *c, const void *data_, size_t len)
{
    const unsigned char *data = data_;
    unsigned char *p;
    HASH_LONG l;
    size_t n;

    if (len == 0)
        return 1;

    l = (c->Nl + (((HASH_LONG) len) << 3)) & 0xffffffffUL;
    if (l < c->Nl)              /* overflow */
        c->Nh++;
    c->Nh += (HASH_LONG) (len >> 29); /* might cause compiler warning on
                                       * 16-bit */
    c->Nl = l;

    n = c->num;
    if (n != 0) {
        p = (unsigned char *)c->data;

        if (len >= HASH_CBLOCK || len + n >= HASH_CBLOCK) {
            memcpy(p + n, data, HASH_CBLOCK - n);
            HASH_BLOCK_DATA_ORDER(c, p, 1);
            n = HASH_CBLOCK - n;
            data += n;
            len -= n;
            c->num = 0;
            /*
             * We use memset rather than OPENSSL_cleanse() here deliberately.
             * Using OPENSSL_cleanse() here could be a performance issue. It
             * will get properly cleansed on finalisation so this isn't a
             * security problem.
             */
            memset(p, 0, HASH_CBLOCK); /* keep it zeroed */
        } else {
            memcpy(p + n, data, len);
            c->num += (unsigned int)len;
            return 1;
        }
    }

    n = len / HASH_CBLOCK;
    if (n > 0) {
        HASH_BLOCK_DATA_ORDER(c, data, n);
        n *= HASH_CBLOCK;
        data += n;
        len -= n;
    }

    if (len != 0) {
        p = (unsigned char *)c->data;
        c->num = (unsigned int)len;
        memcpy(p, data, len);
    }
    return 1;
}

void HASH_TRANSFORM(HASH_CTX *c, const unsigned char *data)
{
    HASH_BLOCK_DATA_ORDER(c, data, 1);
}

int HASH_FINAL(unsigned char *md, HASH_CTX *c)
{
    unsigned char *p = (unsigned char *)c->data;
    size_t n = c->num;

    p[n] = 0x80;                /* there is always room for one */
    n++;

    if (n > (HASH_CBLOCK - 8)) {
        memset(p + n, 0, HASH_CBLOCK - n);
        n = 0;
        HASH_BLOCK_DATA_ORDER(c, p, 1);
    }
    memset(p + n, 0, HASH_CBLOCK - 8 - n);

    p += HASH_CBLOCK - 8;
# if   defined(DATA_ORDER_IS_BIG_ENDIAN)
    (void)HOST_l2c(c->Nh, p);
    (void)HOST_l2c(c->Nl, p);
# elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
    (void)HOST_l2c(c->Nl, p);
    (void)HOST_l2c(c->Nh, p);
# endif
    p -= HASH_CBLOCK;
    HASH_BLOCK_DATA_ORDER(c, p, 1);
    c->num = 0;
    OPENSSL_cleanse(p, HASH_CBLOCK);

# ifndef HASH_MAKE_STRING
#  error "HASH_MAKE_STRING must be defined!"
# else
    HASH_MAKE_STRING(c, md);
# endif

    return 1;
}

# ifndef MD32_REG_T
#  if defined(__alpha) || defined(__sparcv9) || defined(__mips)
#   define MD32_REG_T long
/*
 * This comment was originally written for MD5, which is why it
 * discusses A-D. But it basically applies to all 32-bit digests,
 * which is why it was moved to common header file.
 *
 * In case you wonder why A-D are declared as long and not
 * as MD5_LONG. Doing so results in slight performance
 * boost on LP64 architectures. The catch is we don't
 * really care if 32 MSBs of a 64-bit register get polluted
 * with eventual overflows as we *save* only 32 LSBs in
 * *either* case. Now declaring 'em long excuses the compiler
 * from keeping 32 MSBs zeroed resulting in 13% performance
 * improvement under SPARC Solaris7/64 and 5% under AlphaLinux.
 * Well, to be honest it should say that this *prevents*
 * performance degradation.
 */
#  else
/*
 * Above is not absolute and there are LP64 compilers that
 * generate better code if MD32_REG_T is defined int. The above
 * pre-processor condition reflects the circumstances under which
 * the conclusion was made and is subject to further extension.
 */
#   define MD32_REG_T int
#  endif
# endif

#endif

Coverage Report

Created: 2025-06-13 06:57

Line	Count	Source (jump to first uncovered line)
1		/*
2		* Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved.
3		*
4		* Licensed under the Apache License 2.0 (the "License"). You may not use
5		* this file except in compliance with the License. You can obtain a copy
6		* in the file LICENSE in the source distribution or at
7		* https://www.openssl.org/source/license.html
8		*/
9
10		/*-
11		* This is a generic 32 bit "collector" for message digest algorithms.
12		* Whenever needed it collects input character stream into chunks of
13		* 32 bit values and invokes a block function that performs actual hash
14		* calculations.
15		*
16		* Porting guide.
17		*
18		* Obligatory macros:
19		*
20		* DATA_ORDER_IS_BIG_ENDIAN or DATA_ORDER_IS_LITTLE_ENDIAN
21		* this macro defines byte order of input stream.
22		* HASH_CBLOCK
23		* size of a unit chunk HASH_BLOCK operates on.
24		* HASH_LONG
25		* has to be at least 32 bit wide.
26		* HASH_CTX
27		* context structure that at least contains following
28		* members:
29		* typedef struct {
30		* ...
31		* HASH_LONG Nl,Nh;
32		* either {
33		* HASH_LONG data[HASH_LBLOCK];
34		* unsigned char data[HASH_CBLOCK];
35		* };
36		* unsigned int num;
37		* ...
38		* } HASH_CTX;
39		* data[] vector is expected to be zeroed upon first call to
40		* HASH_UPDATE.
41		* HASH_UPDATE
42		* name of "Update" function, implemented here.
43		* HASH_TRANSFORM
44		* name of "Transform" function, implemented here.
45		* HASH_FINAL
46		* name of "Final" function, implemented here.
47		* HASH_BLOCK_DATA_ORDER
48		* name of "block" function capable of treating unaligned input
49		* message in original (data) byte order, implemented externally.
50		* HASH_MAKE_STRING
51		* macro converting context variables to an ASCII hash string.
52		*
53		* MD5 example:
54		*
55		* #define DATA_ORDER_IS_LITTLE_ENDIAN
56		*
57		* #define HASH_LONG MD5_LONG
58		* #define HASH_CTX MD5_CTX
59		* #define HASH_CBLOCK MD5_CBLOCK
60		* #define HASH_UPDATE MD5_Update
61		* #define HASH_TRANSFORM MD5_Transform
62		* #define HASH_FINAL MD5_Final
63		* #define HASH_BLOCK_DATA_ORDER md5_block_data_order
64		*/
65
66		#ifndef OSSL_CRYPTO_MD32_COMMON_H
67		# define OSSL_CRYPTO_MD32_COMMON_H
68		# pragma once
69
70		# include <openssl/crypto.h>
71
72		# if !defined(DATA_ORDER_IS_BIG_ENDIAN) && !defined(DATA_ORDER_IS_LITTLE_ENDIAN)
73		# error "DATA_ORDER must be defined!"
74		# endif
75
76		# ifndef HASH_CBLOCK
77		# error "HASH_CBLOCK must be defined!"
78		# endif
79		# ifndef HASH_LONG
80		# error "HASH_LONG must be defined!"
81		# endif
82		# ifndef HASH_CTX
83		# error "HASH_CTX must be defined!"
84		# endif
85
86		# ifndef HASH_UPDATE
87		# error "HASH_UPDATE must be defined!"
88		# endif
89		# ifndef HASH_TRANSFORM
90		# error "HASH_TRANSFORM must be defined!"
91		# endif
92		# ifndef HASH_FINAL
93		# error "HASH_FINAL must be defined!"
94		# endif
95
96		# ifndef HASH_BLOCK_DATA_ORDER
97		# error "HASH_BLOCK_DATA_ORDER must be defined!"
98		# endif
99
100	0	# define ROTATE(a,n) (((a)<<(n))\|(((a)&0xffffffff)>>(32-(n))))
101
102		#ifndef PEDANTIC
103		# if defined(__GNUC__) && __GNUC__>=2 && \
104		!defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
105		# if defined(__riscv_zbb) \|\| defined(__riscv_zbkb)
106		# if __riscv_xlen == 64
107		# undef ROTATE
108		# define ROTATE(x, n) ({ MD32_REG_T ret; \
109		asm ("roriw %0, %1, %2" \
110		: "=r"(ret) \
111		: "r"(x), "i"(32 - (n))); ret;})
112		# endif
113		# if __riscv_xlen == 32
114		# undef ROTATE
115		# define ROTATE(x, n) ({ MD32_REG_T ret; \
116		asm ("rori %0, %1, %2" \
117		: "=r"(ret) \
118		: "r"(x), "i"(32 - (n))); ret;})
119		# endif
120		# endif
121		# endif
122		#endif
123
124		# if defined(DATA_ORDER_IS_BIG_ENDIAN)
125
126	0	# define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++)))<<24), \
127	0	l\|=(((unsigned long)(*((c)++)))<<16), \
128	0	l\|=(((unsigned long)(*((c)++)))<< 8), \
129	0	l\|=(((unsigned long)(*((c)++))) ) )
130	0	# define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \
131	0	*((c)++)=(unsigned char)(((l)>>16)&0xff), \
132	0	*((c)++)=(unsigned char)(((l)>> 8)&0xff), \
133	0	*((c)++)=(unsigned char)(((l) )&0xff), \
134	0	l)
135
136		# elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
137
138	0	# define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++))) ), \
139	0	l\|=(((unsigned long)(*((c)++)))<< 8), \
140	0	l\|=(((unsigned long)(*((c)++)))<<16), \
141	0	l\|=(((unsigned long)(*((c)++)))<<24) )
142	0	# define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \
143	0	*((c)++)=(unsigned char)(((l)>> 8)&0xff), \
144	0	*((c)++)=(unsigned char)(((l)>>16)&0xff), \
145	0	*((c)++)=(unsigned char)(((l)>>24)&0xff), \
146	0	l)
147
148		# endif
149
150		/*
151		* Time for some action :-)
152		*/
153
154		int HASH_UPDATE(HASH_CTX c, const void data_, size_t len)
155	0	{
156	0	const unsigned char *data = data_;
157	0	unsigned char *p;
158	0	HASH_LONG l;
159	0	size_t n;
160
161	0	if (len == 0)
162	0	return 1;
163
164	0	l = (c->Nl + (((HASH_LONG) len) << 3)) & 0xffffffffUL;
165	0	if (l < c->Nl) /* overflow */
166	0	c->Nh++;
167	0	c->Nh += (HASH_LONG) (len >> 29); /* might cause compiler warning on
168		* 16-bit */
169	0	c->Nl = l;
170
171	0	n = c->num;
172	0	if (n != 0) {
173	0	p = (unsigned char *)c->data;
174
175	0	if (len >= HASH_CBLOCK \|\| len + n >= HASH_CBLOCK) {
176	0	memcpy(p + n, data, HASH_CBLOCK - n);
177	0	HASH_BLOCK_DATA_ORDER(c, p, 1);
178	0	n = HASH_CBLOCK - n;
179	0	data += n;
180	0	len -= n;
181	0	c->num = 0;
182		/*
183		* We use memset rather than OPENSSL_cleanse() here deliberately.
184		* Using OPENSSL_cleanse() here could be a performance issue. It
185		* will get properly cleansed on finalisation so this isn't a
186		* security problem.
187		*/
188	0	memset(p, 0, HASH_CBLOCK); /* keep it zeroed */
189	0	} else {
190	0	memcpy(p + n, data, len);
191	0	c->num += (unsigned int)len;
192	0	return 1;
193	0	}
194	0	}
195
196	0	n = len / HASH_CBLOCK;
197	0	if (n > 0) {
198	0	HASH_BLOCK_DATA_ORDER(c, data, n);
199	0	n *= HASH_CBLOCK;
200	0	data += n;
201	0	len -= n;
202	0	}
203
204	0	if (len != 0) {
205	0	p = (unsigned char *)c->data;
206	0	c->num = (unsigned int)len;
207	0	memcpy(p, data, len);
208	0	}
209	0	return 1;
210	0	} Unexecuted instantiation: SHA1_Update Unexecuted instantiation: SHA256_Update Unexecuted instantiation: MD4_Update Unexecuted instantiation: MD5_Update Unexecuted instantiation: RIPEMD160_Update Unexecuted instantiation: ossl_sm3_update
211
212		void HASH_TRANSFORM(HASH_CTX c, const unsigned char data)
213	0	{
214	0	HASH_BLOCK_DATA_ORDER(c, data, 1);
215	0	} Unexecuted instantiation: SHA1_Transform Unexecuted instantiation: SHA256_Transform Unexecuted instantiation: MD4_Transform Unexecuted instantiation: MD5_Transform Unexecuted instantiation: RIPEMD160_Transform Unexecuted instantiation: ossl_sm3_transform
216
217		int HASH_FINAL(unsigned char md, HASH_CTX c)
218	0	{
219	0	unsigned char p = (unsigned char )c->data;
220	0	size_t n = c->num;
221
222	0	p[n] = 0x80; /* there is always room for one */
223	0	n++;
224
225	0	if (n > (HASH_CBLOCK - 8)) {
226	0	memset(p + n, 0, HASH_CBLOCK - n);
227	0	n = 0;
228	0	HASH_BLOCK_DATA_ORDER(c, p, 1);
229	0	}
230	0	memset(p + n, 0, HASH_CBLOCK - 8 - n);
231
232	0	p += HASH_CBLOCK - 8;
233		# if defined(DATA_ORDER_IS_BIG_ENDIAN)
234	0	(void)HOST_l2c(c->Nh, p);
235	0	(void)HOST_l2c(c->Nl, p);
236		# elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
237	0	(void)HOST_l2c(c->Nl, p);
238	0	(void)HOST_l2c(c->Nh, p);
239		# endif
240	0	p -= HASH_CBLOCK;
241	0	HASH_BLOCK_DATA_ORDER(c, p, 1);
242	0	c->num = 0;
243	0	OPENSSL_cleanse(p, HASH_CBLOCK);
244
245		# ifndef HASH_MAKE_STRING
246		# error "HASH_MAKE_STRING must be defined!"
247		# else
248	0	HASH_MAKE_STRING(c, md);
249	0	# endif
250
251	0	return 1;
252	0	} Unexecuted instantiation: SHA1_Final Unexecuted instantiation: SHA256_Final Unexecuted instantiation: MD4_Final Unexecuted instantiation: MD5_Final Unexecuted instantiation: RIPEMD160_Final Unexecuted instantiation: ossl_sm3_final
253
254		# ifndef MD32_REG_T
255		# if defined(__alpha) \|\| defined(__sparcv9) \|\| defined(__mips)
256		# define MD32_REG_T long
257		/*
258		* This comment was originally written for MD5, which is why it
259		* discusses A-D. But it basically applies to all 32-bit digests,
260		* which is why it was moved to common header file.
261		*
262		* In case you wonder why A-D are declared as long and not
263		* as MD5_LONG. Doing so results in slight performance
264		* boost on LP64 architectures. The catch is we don't
265		* really care if 32 MSBs of a 64-bit register get polluted
266		* with eventual overflows as we save only 32 LSBs in
267		* either case. Now declaring 'em long excuses the compiler
268		* from keeping 32 MSBs zeroed resulting in 13% performance
269		* improvement under SPARC Solaris7/64 and 5% under AlphaLinux.
270		* Well, to be honest it should say that this prevents
271		* performance degradation.
272		*/
273		# else
274		/*
275		* Above is not absolute and there are LP64 compilers that
276		* generate better code if MD32_REG_T is defined int. The above
277		* pre-processor condition reflects the circumstances under which
278		* the conclusion was made and is subject to further extension.
279		*/
280		# define MD32_REG_T int
281		# endif
282		# endif
283
284		#endif