GCC Code Coverage Report
Directory: ./ Exec Total Coverage
File: lib/libcrypto/crypto/../../libssl/src/crypto/md32_common.h Lines: 56 58 96.6 %
Date: 2016-12-06 Branches: 21 27 77.8 %

Line Branch Exec Source
1
/* $OpenBSD: md32_common.h,v 1.20 2014/11/09 19:08:24 miod Exp $ */
2
/* ====================================================================
3
 * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
4
 *
5
 * Redistribution and use in source and binary forms, with or without
6
 * modification, are permitted provided that the following conditions
7
 * are met:
8
 *
9
 * 1. Redistributions of source code must retain the above copyright
10
 *    notice, this list of conditions and the following disclaimer.
11
 *
12
 * 2. Redistributions in binary form must reproduce the above copyright
13
 *    notice, this list of conditions and the following disclaimer in
14
 *    the documentation and/or other materials provided with the
15
 *    distribution.
16
 *
17
 * 3. All advertising materials mentioning features or use of this
18
 *    software must display the following acknowledgment:
19
 *    "This product includes software developed by the OpenSSL Project
20
 *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21
 *
22
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23
 *    endorse or promote products derived from this software without
24
 *    prior written permission. For written permission, please contact
25
 *    licensing@OpenSSL.org.
26
 *
27
 * 5. Products derived from this software may not be called "OpenSSL"
28
 *    nor may "OpenSSL" appear in their names without prior written
29
 *    permission of the OpenSSL Project.
30
 *
31
 * 6. Redistributions of any form whatsoever must retain the following
32
 *    acknowledgment:
33
 *    "This product includes software developed by the OpenSSL Project
34
 *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35
 *
36
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
40
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47
 * OF THE POSSIBILITY OF SUCH DAMAGE.
48
 * ====================================================================
49
 *
50
 */
51
52
/*
53
 * This is a generic 32 bit "collector" for message digest algorithms.
54
 * Whenever needed it collects input character stream into chunks of
55
 * 32 bit values and invokes a block function that performs actual hash
56
 * calculations.
57
 *
58
 * Porting guide.
59
 *
60
 * Obligatory macros:
61
 *
62
 * DATA_ORDER_IS_BIG_ENDIAN or DATA_ORDER_IS_LITTLE_ENDIAN
63
 *	this macro defines byte order of input stream.
64
 * HASH_CBLOCK
65
 *	size of a unit chunk HASH_BLOCK operates on.
66
 * HASH_LONG
67
 *	has to be at least 32 bit wide.
68
 * HASH_CTX
69
 *	context structure that at least contains following
70
 *	members:
71
 *		typedef struct {
72
 *			...
73
 *			HASH_LONG	Nl,Nh;
74
 *			either {
75
 *			HASH_LONG	data[HASH_LBLOCK];
76
 *			unsigned char	data[HASH_CBLOCK];
77
 *			};
78
 *			unsigned int	num;
79
 *			...
80
 *			} HASH_CTX;
81
 *	data[] vector is expected to be zeroed upon first call to
82
 *	HASH_UPDATE.
83
 * HASH_UPDATE
84
 *	name of "Update" function, implemented here.
85
 * HASH_TRANSFORM
86
 *	name of "Transform" function, implemented here.
87
 * HASH_FINAL
88
 *	name of "Final" function, implemented here.
89
 * HASH_BLOCK_DATA_ORDER
90
 *	name of "block" function capable of treating *unaligned* input
91
 *	message in original (data) byte order, implemented externally.
92
 * HASH_MAKE_STRING
93
 *	macro convering context variables to an ASCII hash string.
94
 *
95
 * MD5 example:
96
 *
97
 *	#define DATA_ORDER_IS_LITTLE_ENDIAN
98
 *
99
 *	#define HASH_LONG		MD5_LONG
100
 *	#define HASH_CTX		MD5_CTX
101
 *	#define HASH_CBLOCK		MD5_CBLOCK
102
 *	#define HASH_UPDATE		MD5_Update
103
 *	#define HASH_TRANSFORM		MD5_Transform
104
 *	#define HASH_FINAL		MD5_Final
105
 *	#define HASH_BLOCK_DATA_ORDER	md5_block_data_order
106
 *
107
 *					<appro@fy.chalmers.se>
108
 */
109
110
#include <stdint.h>
111
112
#include <openssl/opensslconf.h>
113
114
#if !defined(DATA_ORDER_IS_BIG_ENDIAN) && !defined(DATA_ORDER_IS_LITTLE_ENDIAN)
115
#error "DATA_ORDER must be defined!"
116
#endif
117
118
#ifndef HASH_CBLOCK
119
#error "HASH_CBLOCK must be defined!"
120
#endif
121
#ifndef HASH_LONG
122
#error "HASH_LONG must be defined!"
123
#endif
124
#ifndef HASH_CTX
125
#error "HASH_CTX must be defined!"
126
#endif
127
128
#ifndef HASH_UPDATE
129
#error "HASH_UPDATE must be defined!"
130
#endif
131
#ifndef HASH_TRANSFORM
132
#error "HASH_TRANSFORM must be defined!"
133
#endif
134
#if !defined(HASH_FINAL) && !defined(HASH_NO_FINAL)
135
#error "HASH_FINAL or HASH_NO_FINAL must be defined!"
136
#endif
137
138
#ifndef HASH_BLOCK_DATA_ORDER
139
#error "HASH_BLOCK_DATA_ORDER must be defined!"
140
#endif
141
142
/*
143
 * This common idiom is recognized by the compiler and turned into a
144
 * CPU-specific intrinsic as appropriate.
145
 * e.g. GCC optimizes to roll on amd64 at -O0
146
 */
147
static inline uint32_t ROTATE(uint32_t a, uint32_t n)
148
3952
{
149
3952
	return (a<<n)|(a>>(32-n));
150
}
151
152
#if defined(DATA_ORDER_IS_BIG_ENDIAN)
153
154
#if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
155
# if ((defined(__i386) || defined(__i386__)) && !defined(I386_ONLY)) || \
156
      (defined(__x86_64) || defined(__x86_64__))
157
    /*
158
     * This gives ~30-40% performance improvement in SHA-256 compiled
159
     * with gcc [on P4]. Well, first macro to be frank. We can pull
160
     * this trick on x86* platforms only, because these CPUs can fetch
161
     * unaligned data without raising an exception.
162
     */
163
#  define HOST_c2l(c,l)	({ unsigned int r=*((const unsigned int *)(c));	\
164
				   asm ("bswapl %0":"=r"(r):"0"(r));	\
165
				   (c)+=4; (l)=r;			})
166
#  define HOST_l2c(l,c)	({ unsigned int r=(l);			\
167
				   asm ("bswapl %0":"=r"(r):"0"(r));	\
168
				   *((unsigned int *)(c))=r; (c)+=4;	})
169
# endif
170
#endif
171
#if defined(__s390__) || defined(__s390x__)
172
# define HOST_c2l(c,l) ((l)=*((const unsigned int *)(c)), (c)+=4)
173
# define HOST_l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4)
174
#endif
175
176
#ifndef HOST_c2l
177
#define HOST_c2l(c,l) do {l =(((unsigned long)(*((c)++)))<<24);	\
178
			  l|=(((unsigned long)(*((c)++)))<<16);	\
179
			  l|=(((unsigned long)(*((c)++)))<< 8);	\
180
			  l|=(((unsigned long)(*((c)++)))    );	\
181
		      } while (0)
182
#endif
183
#ifndef HOST_l2c
184
#define HOST_l2c(l,c) do {*((c)++)=(unsigned char)(((l)>>24)&0xff);	\
185
			  *((c)++)=(unsigned char)(((l)>>16)&0xff);	\
186
			  *((c)++)=(unsigned char)(((l)>> 8)&0xff);	\
187
			  *((c)++)=(unsigned char)(((l)    )&0xff);	\
188
		      } while (0)
189
#endif
190
191
#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
192
193
#if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
194
# if defined(__s390x__)
195
#  define HOST_c2l(c,l)	({ asm ("lrv	%0,%1"			\
196
				   :"=d"(l) :"m"(*(const unsigned int *)(c)));\
197
				   (c)+=4; 				})
198
#  define HOST_l2c(l,c)	({ asm ("strv	%1,%0"			\
199
				   :"=m"(*(unsigned int *)(c)) :"d"(l));\
200
				   (c)+=4; 				})
201
# endif
202
#endif
203
#if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)
204
#  define HOST_c2l(c,l)	((l)=*((const unsigned int *)(c)), (c)+=4)
205
#  define HOST_l2c(l,c)	(*((unsigned int *)(c))=(l), (c)+=4)
206
#endif
207
208
#ifndef HOST_c2l
209
#define HOST_c2l(c,l) do {l =(((unsigned long)(*((c)++)))    );	\
210
			  l|=(((unsigned long)(*((c)++)))<< 8);	\
211
			  l|=(((unsigned long)(*((c)++)))<<16);	\
212
			  l|=(((unsigned long)(*((c)++)))<<24);	\
213
		      } while (0)
214
#endif
215
#ifndef HOST_l2c
216
#define HOST_l2c(l,c) do {*((c)++)=(unsigned char)(((l)    )&0xff);	\
217
			  *((c)++)=(unsigned char)(((l)>> 8)&0xff);	\
218
			  *((c)++)=(unsigned char)(((l)>>16)&0xff);	\
219
			  *((c)++)=(unsigned char)(((l)>>24)&0xff);	\
220
		      } while (0)
221
#endif
222
223
#endif
224
225
/*
226
 * Time for some action:-)
227
 */
228
229
int
230
HASH_UPDATE(HASH_CTX *c, const void *data_, size_t len)
231
92249
{
232
92249
	const unsigned char *data = data_;
233
	unsigned char *p;
234
	HASH_LONG l;
235
	size_t n;
236
237
92249
	if (len == 0)
238
6
		return 1;
239
240
92243
	l = (c->Nl + (((HASH_LONG)len) << 3))&0xffffffffUL;
241
	/* 95-05-24 eay Fixed a bug with the overflow handling, thanks to
242
	 * Wei Dai <weidai@eskimo.com> for pointing it out. */
243
92243
	if (l < c->Nl) /* overflow */
244
		c->Nh++;
245
92243
	c->Nh+=(HASH_LONG)(len>>29);	/* might cause compiler warning on 16-bit */
246
92243
	c->Nl = l;
247
248
92243
	n = c->num;
249
92243
	if (n != 0) {
250
6599
		p = (unsigned char *)c->data;
251
252

13151
		if (len >= HASH_CBLOCK || len + n >= HASH_CBLOCK) {
253
6552
			memcpy (p + n, data, HASH_CBLOCK - n);
254
6552
			HASH_BLOCK_DATA_ORDER (c, p, 1);
255
6552
			n = HASH_CBLOCK - n;
256
6552
			data += n;
257
6552
			len -= n;
258
6552
			c->num = 0;
259
6552
			memset (p,0,HASH_CBLOCK);	/* keep it zeroed */
260
		} else {
261
47
			memcpy (p + n, data, len);
262
47
			c->num += (unsigned int)len;
263
47
			return 1;
264
		}
265
	}
266
267
92196
	n = len/HASH_CBLOCK;
268
92196
	if (n > 0) {
269
25621
		HASH_BLOCK_DATA_ORDER (c, data, n);
270
25621
		n    *= HASH_CBLOCK;
271
25621
		data += n;
272
25621
		len -= n;
273
	}
274
275
92196
	if (len != 0) {
276
73152
		p = (unsigned char *)c->data;
277
73152
		c->num = (unsigned int)len;
278
73152
		memcpy (p, data, len);
279
	}
280
92196
	return 1;
281
}
282
283
284
void HASH_TRANSFORM (HASH_CTX *c, const unsigned char *data)
285
{
286
	HASH_BLOCK_DATA_ORDER (c, data, 1);
287
}
288
289
290
#ifndef HASH_NO_FINAL
291
int HASH_FINAL (unsigned char *md, HASH_CTX *c)
292
66576
{
293
66576
	unsigned char *p = (unsigned char *)c->data;
294
66576
	size_t n = c->num;
295
296
66576
	p[n] = 0x80; /* there is always room for one */
297
66576
	n++;
298
299
66576
	if (n > (HASH_CBLOCK - 8)) {
300
11
		memset (p + n, 0, HASH_CBLOCK - n);
301
11
		n = 0;
302
11
		HASH_BLOCK_DATA_ORDER (c, p, 1);
303
	}
304
66576
	memset (p + n, 0, HASH_CBLOCK - 8 - n);
305
306
66576
	p += HASH_CBLOCK - 8;
307
#if   defined(DATA_ORDER_IS_BIG_ENDIAN)
308
66539
	HOST_l2c(c->Nh, p);
309
66539
	HOST_l2c(c->Nl, p);
310
#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
311
37
	HOST_l2c(c->Nl, p);
312
37
	HOST_l2c(c->Nh, p);
313
#endif
314
66576
	p -= HASH_CBLOCK;
315
66576
	HASH_BLOCK_DATA_ORDER (c, p, 1);
316
66576
	c->num = 0;
317
66576
	memset (p, 0, HASH_CBLOCK);
318
319
#ifndef HASH_MAKE_STRING
320
#error "HASH_MAKE_STRING must be defined!"
321
#else
322


66576
	HASH_MAKE_STRING(c, md);
323
#endif
324
325
66576
	return 1;
326
}
327
#endif
328
329
#ifndef MD32_REG_T
330
#if defined(__alpha) || defined(__sparcv9) || defined(__mips)
331
#define MD32_REG_T long
332
/*
333
 * This comment was originaly written for MD5, which is why it
334
 * discusses A-D. But it basically applies to all 32-bit digests,
335
 * which is why it was moved to common header file.
336
 *
337
 * In case you wonder why A-D are declared as long and not
338
 * as MD5_LONG. Doing so results in slight performance
339
 * boost on LP64 architectures. The catch is we don't
340
 * really care if 32 MSBs of a 64-bit register get polluted
341
 * with eventual overflows as we *save* only 32 LSBs in
342
 * *either* case. Now declaring 'em long excuses the compiler
343
 * from keeping 32 MSBs zeroed resulting in 13% performance
344
 * improvement under SPARC Solaris7/64 and 5% under AlphaLinux.
345
 * Well, to be honest it should say that this *prevents*
346
 * performance degradation.
347
 *				<appro@fy.chalmers.se>
348
 */
349
#else
350
/*
351
 * Above is not absolute and there are LP64 compilers that
352
 * generate better code if MD32_REG_T is defined int. The above
353
 * pre-processor condition reflects the circumstances under which
354
 * the conclusion was made and is subject to further extension.
355
 *				<appro@fy.chalmers.se>
356
 */
357
#define MD32_REG_T int
358
#endif
359
#endif