[thirdparty/openssl.git] / crypto / md32_common.h

/* crypto/md32_common.h */
/* ====================================================================
 * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    licensing@OpenSSL.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 */

/*-
 * This is a generic 32 bit "collector" for message digest algorithms.
 * Whenever needed it collects input character stream into chunks of
 * 32 bit values and invokes a block function that performs actual hash
 * calculations.
 *
 * Porting guide.
 *
 * Obligatory macros:
 *
 * DATA_ORDER_IS_BIG_ENDIAN or DATA_ORDER_IS_LITTLE_ENDIAN
 *      this macro defines byte order of input stream.
 * HASH_CBLOCK
 *      size of a unit chunk HASH_BLOCK operates on.
 * HASH_LONG
 *      has to be at lest 32 bit wide, if it's wider, then
 *      HASH_LONG_LOG2 *has to* be defined along
 * HASH_CTX
 *      context structure that at least contains following
 *      members:
 *              typedef struct {
 *                      ...
 *                      HASH_LONG       Nl,Nh;
 *                      either {
 *                      HASH_LONG       data[HASH_LBLOCK];
 *                      unsigned char   data[HASH_CBLOCK];
 *                      };
 *                      unsigned int    num;
 *                      ...
 *                      } HASH_CTX;
 *      data[] vector is expected to be zeroed upon first call to
 *      HASH_UPDATE.
 * HASH_UPDATE
 *      name of "Update" function, implemented here.
 * HASH_TRANSFORM
 *      name of "Transform" function, implemented here.
 * HASH_FINAL
 *      name of "Final" function, implemented here.
 * HASH_BLOCK_DATA_ORDER
 *      name of "block" function capable of treating *unaligned* input
 *      message in original (data) byte order, implemented externally.
 * HASH_MAKE_STRING
 *      macro convering context variables to an ASCII hash string.
 *
 * MD5 example:
 *
 *      #define DATA_ORDER_IS_LITTLE_ENDIAN
 *
 *      #define HASH_LONG               MD5_LONG
 *      #define HASH_LONG_LOG2          MD5_LONG_LOG2
 *      #define HASH_CTX                MD5_CTX
 *      #define HASH_CBLOCK             MD5_CBLOCK
 *      #define HASH_UPDATE             MD5_Update
 *      #define HASH_TRANSFORM          MD5_Transform
 *      #define HASH_FINAL              MD5_Final
 *      #define HASH_BLOCK_DATA_ORDER   md5_block_data_order
 *
 *                                      <appro@fy.chalmers.se>
 */

#include <openssl/crypto.h>

#if !defined(DATA_ORDER_IS_BIG_ENDIAN) && !defined(DATA_ORDER_IS_LITTLE_ENDIAN)
# error "DATA_ORDER must be defined!"
#endif

#ifndef HASH_CBLOCK
# error "HASH_CBLOCK must be defined!"
#endif
#ifndef HASH_LONG
# error "HASH_LONG must be defined!"
#endif
#ifndef HASH_CTX
# error "HASH_CTX must be defined!"
#endif

#ifndef HASH_UPDATE
# error "HASH_UPDATE must be defined!"
#endif
#ifndef HASH_TRANSFORM
# error "HASH_TRANSFORM must be defined!"
#endif
#ifndef HASH_FINAL
# error "HASH_FINAL must be defined!"
#endif

#ifndef HASH_BLOCK_DATA_ORDER
# error "HASH_BLOCK_DATA_ORDER must be defined!"
#endif

/*
 * Engage compiler specific rotate intrinsic function if available.
 */
#undef ROTATE
#ifndef PEDANTIC
# if defined(_MSC_VER)
#  define ROTATE(a,n)   _lrotl(a,n)
# elif defined(__ICC)
#  define ROTATE(a,n)   _rotl(a,n)
# elif defined(__MWERKS__)
#  if defined(__POWERPC__)
#   define ROTATE(a,n)  __rlwinm(a,n,0,31)
#  elif defined(__MC68K__)
    /* Motorola specific tweak. <appro@fy.chalmers.se> */
#   define ROTATE(a,n)  ( n<24 ? __rol(a,n) : __ror(a,32-n) )
#  else
#   define ROTATE(a,n)  __rol(a,n)
#  endif
# elif defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
  /*
   * Some GNU C inline assembler templates. Note that these are
   * rotates by *constant* number of bits! But that's exactly
   * what we need here...
   *                                    <appro@fy.chalmers.se>
   */
#  if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)
#   define ROTATE(a,n)  ({ register unsigned int ret;   \
                                asm (                   \
                                "roll %1,%0"            \
                                : "=r"(ret)             \
                                : "I"(n), "0"((unsigned int)(a))        \
                                : "cc");                \
                           ret;                         \
                        })
#  elif defined(_ARCH_PPC) || defined(_ARCH_PPC64) || \
        defined(__powerpc) || defined(__ppc__) || defined(__powerpc64__)
#   define ROTATE(a,n)  ({ register unsigned int ret;   \
                                asm (                   \
                                "rlwinm %0,%1,%2,0,31"  \
                                : "=r"(ret)             \
                                : "r"(a), "I"(n));      \
                           ret;                         \
                        })
#  elif defined(__s390x__)
#   define ROTATE(a,n) ({ register unsigned int ret;    \
                                asm ("rll %0,%1,%2"     \
                                : "=r"(ret)             \
                                : "r"(a), "I"(n));      \
                          ret;                          \
                        })
#  endif
# endif
#endif                          /* PEDANTIC */

#ifndef ROTATE
# define ROTATE(a,n)     (((a)<<(n))|(((a)&0xffffffff)>>(32-(n))))
#endif

#if defined(DATA_ORDER_IS_BIG_ENDIAN)

# ifndef PEDANTIC
#  if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
#   if ((defined(__i386) || defined(__i386__)) && !defined(I386_ONLY)) || \
      (defined(__x86_64) || defined(__x86_64__))
#    if !defined(B_ENDIAN)
    /*
     * This gives ~30-40% performance improvement in SHA-256 compiled
     * with gcc [on P4]. Well, first macro to be frank. We can pull
     * this trick on x86* platforms only, because these CPUs can fetch
     * unaligned data without raising an exception.
     */
#     define HOST_c2l(c,l)        ({ unsigned int r=*((const unsigned int *)(c)); \
                                   asm ("bswapl %0":"=r"(r):"0"(r));    \
                                   (c)+=4; (l)=r;                       })
#     define HOST_l2c(l,c)        ({ unsigned int r=(l);                  \
                                   asm ("bswapl %0":"=r"(r):"0"(r));    \
                                   *((unsigned int *)(c))=r; (c)+=4; r; })
#    endif
#   elif defined(__aarch64__)
#    if defined(__BYTE_ORDER__)
#     if defined(__ORDER_LITTLE_ENDIAN__) && __BYTE_ORDER__==__ORDER_LITTLE_ENDIAN__
#      define HOST_c2l(c,l)      ({ unsigned int r;              \
                                   asm ("rev    %w0,%w1"        \
                                        :"=r"(r)                \
                                        :"r"(*((const unsigned int *)(c))));\
                                   (c)+=4; (l)=r;               })
#      define HOST_l2c(l,c)      ({ unsigned int r;              \
                                   asm ("rev    %w0,%w1"        \
                                        :"=r"(r)                \
                                        :"r"((unsigned int)(l)));\
                                   *((unsigned int *)(c))=r; (c)+=4; r; })
#     elif defined(__ORDER_BIG_ENDIAN__) && __BYTE_ORDER__==__ORDER_BIG_ENDIAN__
#      define HOST_c2l(c,l)      ((l)=*((const unsigned int *)(c)), (c)+=4, (l))
#      define HOST_l2c(l,c)      (*((unsigned int *)(c))=(l), (c)+=4, (l))
#     endif
#    endif
#   endif
#  endif
#  if defined(__s390__) || defined(__s390x__)
#   define HOST_c2l(c,l) ((l)=*((const unsigned int *)(c)), (c)+=4, (l))
#   define HOST_l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4, (l))
#  endif
# endif

# ifndef HOST_c2l
#  define HOST_c2l(c,l)   (l =(((unsigned long)(*((c)++)))<<24),          \
                         l|=(((unsigned long)(*((c)++)))<<16),          \
                         l|=(((unsigned long)(*((c)++)))<< 8),          \
                         l|=(((unsigned long)(*((c)++)))    )           )
# endif
# ifndef HOST_l2c
#  define HOST_l2c(l,c)   (*((c)++)=(unsigned char)(((l)>>24)&0xff),      \
                         *((c)++)=(unsigned char)(((l)>>16)&0xff),      \
                         *((c)++)=(unsigned char)(((l)>> 8)&0xff),      \
                         *((c)++)=(unsigned char)(((l)    )&0xff),      \
                         l)
# endif

#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)

# ifndef PEDANTIC
#  if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
#   if defined(__s390x__)
#    define HOST_c2l(c,l)        ({ asm ("lrv    %0,%1"                  \
                                   :"=d"(l) :"m"(*(const unsigned int *)(c)));\
                                   (c)+=4; (l);                         })
#    define HOST_l2c(l,c)        ({ asm ("strv   %1,%0"                  \
                                   :"=m"(*(unsigned int *)(c)) :"d"(l));\
                                   (c)+=4; (l);                         })
#   endif
#  endif
#  if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)
#   ifndef B_ENDIAN
    /* See comment in DATA_ORDER_IS_BIG_ENDIAN section. */
#    define HOST_c2l(c,l)        ((l)=*((const unsigned int *)(c)), (c)+=4, l)
#    define HOST_l2c(l,c)        (*((unsigned int *)(c))=(l), (c)+=4, l)
#   endif
#  endif
# endif

# ifndef HOST_c2l
#  define HOST_c2l(c,l)   (l =(((unsigned long)(*((c)++)))    ),          \
                         l|=(((unsigned long)(*((c)++)))<< 8),          \
                         l|=(((unsigned long)(*((c)++)))<<16),          \
                         l|=(((unsigned long)(*((c)++)))<<24)           )
# endif
# ifndef HOST_l2c
#  define HOST_l2c(l,c)   (*((c)++)=(unsigned char)(((l)    )&0xff),      \
                         *((c)++)=(unsigned char)(((l)>> 8)&0xff),      \
                         *((c)++)=(unsigned char)(((l)>>16)&0xff),      \
                         *((c)++)=(unsigned char)(((l)>>24)&0xff),      \
                         l)
# endif

#endif

/*
 * Time for some action:-)
 */

int HASH_UPDATE(HASH_CTX *c, const void *data_, size_t len)
{
    const unsigned char *data = data_;
    unsigned char *p;
    HASH_LONG l;
    size_t n;

    if (len == 0)
        return 1;

    l = (c->Nl + (((HASH_LONG) len) << 3)) & 0xffffffffUL;
    /*
     * 95-05-24 eay Fixed a bug with the overflow handling, thanks to Wei Dai
     * <weidai@eskimo.com> for pointing it out.
     */
    if (l < c->Nl)              /* overflow */
        c->Nh++;
    c->Nh += (HASH_LONG) (len >> 29); /* might cause compiler warning on
                                       * 16-bit */
    c->Nl = l;

    n = c->num;
    if (n != 0) {
        p = (unsigned char *)c->data;

        if (len >= HASH_CBLOCK || len + n >= HASH_CBLOCK) {
            memcpy(p + n, data, HASH_CBLOCK - n);
            HASH_BLOCK_DATA_ORDER(c, p, 1);
            n = HASH_CBLOCK - n;
            data += n;
            len -= n;
            c->num = 0;
            /*
             * We use memset rather than OPENSSL_cleanse() here deliberately.
             * Using OPENSSL_cleanse() here could be a performance issue. It
             * will get properly cleansed on finalisation so this isn't a
             * security problem.
             */
            memset(p, 0, HASH_CBLOCK); /* keep it zeroed */
        } else {
            memcpy(p + n, data, len);
            c->num += (unsigned int)len;
            return 1;
        }
    }

    n = len / HASH_CBLOCK;
    if (n > 0) {
        HASH_BLOCK_DATA_ORDER(c, data, n);
        n *= HASH_CBLOCK;
        data += n;
        len -= n;
    }

    if (len != 0) {
        p = (unsigned char *)c->data;
        c->num = (unsigned int)len;
        memcpy(p, data, len);
    }
    return 1;
}

void HASH_TRANSFORM(HASH_CTX *c, const unsigned char *data)
{
    HASH_BLOCK_DATA_ORDER(c, data, 1);
}

int HASH_FINAL(unsigned char *md, HASH_CTX *c)
{
    unsigned char *p = (unsigned char *)c->data;
    size_t n = c->num;

    p[n] = 0x80;                /* there is always room for one */
    n++;

    if (n > (HASH_CBLOCK - 8)) {
        memset(p + n, 0, HASH_CBLOCK - n);
        n = 0;
        HASH_BLOCK_DATA_ORDER(c, p, 1);
    }
    memset(p + n, 0, HASH_CBLOCK - 8 - n);

    p += HASH_CBLOCK - 8;
#if   defined(DATA_ORDER_IS_BIG_ENDIAN)
    (void)HOST_l2c(c->Nh, p);
    (void)HOST_l2c(c->Nl, p);
#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
    (void)HOST_l2c(c->Nl, p);
    (void)HOST_l2c(c->Nh, p);
#endif
    p -= HASH_CBLOCK;
    HASH_BLOCK_DATA_ORDER(c, p, 1);
    c->num = 0;
    OPENSSL_cleanse(p, HASH_CBLOCK);

#ifndef HASH_MAKE_STRING
# error "HASH_MAKE_STRING must be defined!"
#else
    HASH_MAKE_STRING(c, md);
#endif

    return 1;
}

#ifndef MD32_REG_T
# if defined(__alpha) || defined(__sparcv9) || defined(__mips)
#  define MD32_REG_T long
/*
 * This comment was originaly written for MD5, which is why it
 * discusses A-D. But it basically applies to all 32-bit digests,
 * which is why it was moved to common header file.
 *
 * In case you wonder why A-D are declared as long and not
 * as MD5_LONG. Doing so results in slight performance
 * boost on LP64 architectures. The catch is we don't
 * really care if 32 MSBs of a 64-bit register get polluted
 * with eventual overflows as we *save* only 32 LSBs in
 * *either* case. Now declaring 'em long excuses the compiler
 * from keeping 32 MSBs zeroed resulting in 13% performance
 * improvement under SPARC Solaris7/64 and 5% under AlphaLinux.
 * Well, to be honest it should say that this *prevents*
 * performance degradation.
 *                              <appro@fy.chalmers.se>
 */
# else
/*
 * Above is not absolute and there are LP64 compilers that
 * generate better code if MD32_REG_T is defined int. The above
 * pre-processor condition reflects the circumstances under which
 * the conclusion was made and is subject to further extension.
 *                              <appro@fy.chalmers.se>
 */
#  define MD32_REG_T int
# endif
#endif
Commit	Line	Data
bd3576d2 UM	1	/* crypto/md32_common.h */
bd3576d2 UM	2	/* ====================================================================
20f7563f	3	* Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
bd3576d2 UM	4	*
	5	* Redistribution and use in source and binary forms, with or without
	6	* modification, are permitted provided that the following conditions
	7	* are met:
	8	*
	9	* 1. Redistributions of source code must retain the above copyright
ae5c8664	10	* notice, this list of conditions and the following disclaimer.
bd3576d2 UM	11	*
	12	* 2. Redistributions in binary form must reproduce the above copyright
	13	* notice, this list of conditions and the following disclaimer in
	14	* the documentation and/or other materials provided with the
	15	* distribution.
	16	*
	17	* 3. All advertising materials mentioning features or use of this
	18	* software must display the following acknowledgment:
	19	* "This product includes software developed by the OpenSSL Project
	20	* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
	21	*
	22	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
	23	* endorse or promote products derived from this software without
	24	* prior written permission. For written permission, please contact
	25	* licensing@OpenSSL.org.
	26	*
	27	* 5. Products derived from this software may not be called "OpenSSL"
	28	* nor may "OpenSSL" appear in their names without prior written
	29	* permission of the OpenSSL Project.
	30	*
	31	* 6. Redistributions of any form whatsoever must retain the following
	32	* acknowledgment:
	33	* "This product includes software developed by the OpenSSL Project
	34	* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
	35	*
	36	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
	37	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	38	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
	39	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
	40	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
	41	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
	42	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
	43	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	44	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
	45	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	46	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
	47	* OF THE POSSIBILITY OF SUCH DAMAGE.
	48	* ====================================================================
	49	*
bd3576d2 UM	50	*/
bd3576d2 UM	51
6977c7e2	52	/*-
bd3576d2 UM	53	* This is a generic 32 bit "collector" for message digest algorithms.
	54	* Whenever needed it collects input character stream into chunks of
	55	* 32 bit values and invokes a block function that performs actual hash
	56	* calculations.
	57	*
	58	* Porting guide.
	59	*
	60	* Obligatory macros:
	61	*
	62	* DATA_ORDER_IS_BIG_ENDIAN or DATA_ORDER_IS_LITTLE_ENDIAN
ae5c8664	63	* this macro defines byte order of input stream.
bd3576d2	64	* HASH_CBLOCK
ae5c8664	65	* size of a unit chunk HASH_BLOCK operates on.
bd3576d2	66	* HASH_LONG
ae5c8664 MC	67	* has to be at lest 32 bit wide, if it's wider, then
ae5c8664 MC	68	* HASH_LONG_LOG2 has to be defined along
bd3576d2	69	* HASH_CTX
ae5c8664 MC	70	* context structure that at least contains following
	71	* members:
	72	* typedef struct {
	73	* ...
	74	* HASH_LONG Nl,Nh;
	75	* either {
	76	* HASH_LONG data[HASH_LBLOCK];
	77	* unsigned char data[HASH_CBLOCK];
	78	* };
	79	* unsigned int num;
	80	* ...
	81	* } HASH_CTX;
	82	* data[] vector is expected to be zeroed upon first call to
	83	* HASH_UPDATE.
bd3576d2	84	* HASH_UPDATE
ae5c8664	85	* name of "Update" function, implemented here.
bd3576d2	86	* HASH_TRANSFORM
ae5c8664	87	* name of "Transform" function, implemented here.
bd3576d2	88	* HASH_FINAL
ae5c8664	89	* name of "Final" function, implemented here.
bd3576d2	90	* HASH_BLOCK_DATA_ORDER
ae5c8664 MC	91	* name of "block" function capable of treating unaligned input
ae5c8664 MC	92	* message in original (data) byte order, implemented externally.
1cbde6e4	93	* HASH_MAKE_STRING
ae5c8664	94	* macro convering context variables to an ASCII hash string.
bd3576d2	95	*
bd3576d2 UM	96	* MD5 example:
bd3576d2 UM	97	*
ae5c8664	98	* #define DATA_ORDER_IS_LITTLE_ENDIAN
bd3576d2	99	*
ae5c8664 MC	100	* #define HASH_LONG MD5_LONG
	101	* #define HASH_LONG_LOG2 MD5_LONG_LOG2
	102	* #define HASH_CTX MD5_CTX
	103	* #define HASH_CBLOCK MD5_CBLOCK
	104	* #define HASH_UPDATE MD5_Update
	105	* #define HASH_TRANSFORM MD5_Transform
	106	* #define HASH_FINAL MD5_Final
	107	* #define HASH_BLOCK_DATA_ORDER md5_block_data_order
bd3576d2	108	*
ae5c8664	109	* <appro@fy.chalmers.se>
bd3576d2 UM	110	*/
bd3576d2 UM	111
cb5ebf96 MC	112	#include <openssl/crypto.h>
cb5ebf96 MC	113
bd3576d2	114	#if !defined(DATA_ORDER_IS_BIG_ENDIAN) && !defined(DATA_ORDER_IS_LITTLE_ENDIAN)
ae5c8664	115	# error "DATA_ORDER must be defined!"
bd3576d2 UM	116	#endif
	117
	118	#ifndef HASH_CBLOCK
ae5c8664	119	# error "HASH_CBLOCK must be defined!"
bd3576d2 UM	120	#endif
bd3576d2 UM	121	#ifndef HASH_LONG
ae5c8664	122	# error "HASH_LONG must be defined!"
bd3576d2 UM	123	#endif
bd3576d2 UM	124	#ifndef HASH_CTX
ae5c8664	125	# error "HASH_CTX must be defined!"
bd3576d2 UM	126	#endif
	127
	128	#ifndef HASH_UPDATE
ae5c8664	129	# error "HASH_UPDATE must be defined!"
bd3576d2 UM	130	#endif
bd3576d2 UM	131	#ifndef HASH_TRANSFORM
ae5c8664	132	# error "HASH_TRANSFORM must be defined!"
bd3576d2 UM	133	#endif
bd3576d2 UM	134	#ifndef HASH_FINAL
ae5c8664	135	# error "HASH_FINAL must be defined!"
bd3576d2 UM	136	#endif
bd3576d2 UM	137
bd3576d2	138	#ifndef HASH_BLOCK_DATA_ORDER
ae5c8664	139	# error "HASH_BLOCK_DATA_ORDER must be defined!"
bd3576d2	140	#endif
bd3576d2 UM	141
	142	/*
	143	* Engage compiler specific rotate intrinsic function if available.
	144	*/
	145	#undef ROTATE
	146	#ifndef PEDANTIC
ad00a52f	147	# if defined(_MSC_VER)
ae5c8664	148	# define ROTATE(a,n) _lrotl(a,n)
ad00a52f	149	# elif defined(__ICC)
ae5c8664	150	# define ROTATE(a,n) _rotl(a,n)
1cbde6e4	151	# elif defined(__MWERKS__)
1eab9a1f	152	# if defined(__POWERPC__)
ae5c8664	153	# define ROTATE(a,n) __rlwinm(a,n,0,31)
1eab9a1f AP	154	# elif defined(__MC68K__)
1eab9a1f AP	155	/* Motorola specific tweak. <appro@fy.chalmers.se> */
ae5c8664	156	# define ROTATE(a,n) ( n<24 ? __rol(a,n) : __ror(a,32-n) )
9a1e34e5	157	# else
ae5c8664	158	# define ROTATE(a,n) __rol(a,n)
9a1e34e5	159	# endif
cf1b7d96	160	# elif defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
bd3576d2 UM	161	/*
	162	* Some GNU C inline assembler templates. Note that these are
	163	* rotates by constant number of bits! But that's exactly
	164	* what we need here...
ae5c8664	165	* <appro@fy.chalmers.se>
bd3576d2	166	*/
2f98abbc	167	# if defined(__i386) \|\| defined(__i386__) \|\| defined(__x86_64) \|\| defined(__x86_64__)
ae5c8664 MC	168	# define ROTATE(a,n) ({ register unsigned int ret; \
	169	asm ( \
	170	"roll %1,%0" \
	171	: "=r"(ret) \
	172	: "I"(n), "0"((unsigned int)(a)) \
	173	: "cc"); \
	174	ret; \
	175	})
a9c32ace	176	# elif defined(_ARCH_PPC) \|\| defined(_ARCH_PPC64) \|\| \
ae5c8664 MC	177	defined(__powerpc) \|\| defined(__ppc__) \|\| defined(__powerpc64__)
	178	# define ROTATE(a,n) ({ register unsigned int ret; \
	179	asm ( \
	180	"rlwinm %0,%1,%2,0,31" \
	181	: "=r"(ret) \
	182	: "r"(a), "I"(n)); \
	183	ret; \
	184	})
70831126	185	# elif defined(__s390x__)
ae5c8664 MC	186	# define ROTATE(a,n) ({ register unsigned int ret; \
	187	asm ("rll %0,%1,%2" \
	188	: "=r"(ret) \
	189	: "r"(a), "I"(n)); \
	190	ret; \
	191	})
bd3576d2 UM	192	# endif
bd3576d2 UM	193	# endif
ae5c8664	194	#endif /* PEDANTIC */
bd3576d2	195
bd3576d2	196	#ifndef ROTATE
ae5c8664	197	# define ROTATE(a,n) (((a)<<(n))\|(((a)&0xffffffff)>>(32-(n))))
bd3576d2 UM	198	#endif
bd3576d2 UM	199
bd3576d2 UM	200	#if defined(DATA_ORDER_IS_BIG_ENDIAN)
bd3576d2 UM	201
ae5c8664 MC	202	# ifndef PEDANTIC
	203	# if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
	204	# if ((defined(__i386) \|\| defined(__i386__)) && !defined(I386_ONLY)) \|\| \
af2c2823	205	(defined(__x86_64) \|\| defined(__x86_64__))
ae5c8664	206	# if !defined(B_ENDIAN)
a2eb9688 AP	207	/*
	208	* This gives ~30-40% performance improvement in SHA-256 compiled
	209	* with gcc [on P4]. Well, first macro to be frank. We can pull
	210	* this trick on x86* platforms only, because these CPUs can fetch
	211	* unaligned data without raising an exception.
	212	*/
ae5c8664 MC	213	# define HOST_c2l(c,l) ({ unsigned int r=((const unsigned int )(c)); \
	214	asm ("bswapl %0":"=r"(r):"0"(r)); \
	215	(c)+=4; (l)=r; })
	216	# define HOST_l2c(l,c) ({ unsigned int r=(l); \
	217	asm ("bswapl %0":"=r"(r):"0"(r)); \
	218	((unsigned int )(c))=r; (c)+=4; r; })
	219	# endif
	220	# elif defined(__aarch64__)
	221	# if defined(__BYTE_ORDER__)
	222	# if defined(__ORDER_LITTLE_ENDIAN__) && __BYTE_ORDER__==__ORDER_LITTLE_ENDIAN__
	223	# define HOST_c2l(c,l) ({ unsigned int r; \
	224	asm ("rev %w0,%w1" \
	225	:"=r"(r) \
	226	:"r"(((const unsigned int )(c))));\
	227	(c)+=4; (l)=r; })
	228	# define HOST_l2c(l,c) ({ unsigned int r; \
	229	asm ("rev %w0,%w1" \
	230	:"=r"(r) \
	231	:"r"((unsigned int)(l)));\
	232	((unsigned int )(c))=r; (c)+=4; r; })
	233	# elif defined(__ORDER_BIG_ENDIAN__) && __BYTE_ORDER__==__ORDER_BIG_ENDIAN__
	234	# define HOST_c2l(c,l) ((l)=((const unsigned int )(c)), (c)+=4, (l))
	235	# define HOST_l2c(l,c) (((unsigned int )(c))=(l), (c)+=4, (l))
	236	# endif
958608ca AP	237	# endif
958608ca AP	238	# endif
a2eb9688	239	# endif
ae5c8664 MC	240	# if defined(__s390__) \|\| defined(__s390x__)
	241	# define HOST_c2l(c,l) ((l)=((const unsigned int )(c)), (c)+=4, (l))
	242	# define HOST_l2c(l,c) (((unsigned int )(c))=(l), (c)+=4, (l))
	243	# endif
a2eb9688	244	# endif
a2eb9688	245
ae5c8664 MC	246	# ifndef HOST_c2l
	247	# define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++)))<<24), \
	248	l\|=(((unsigned long)(*((c)++)))<<16), \
	249	l\|=(((unsigned long)(*((c)++)))<< 8), \
	250	l\|=(((unsigned long)(*((c)++))) ) )
	251	# endif
	252	# ifndef HOST_l2c
	253	# define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \
	254	*((c)++)=(unsigned char)(((l)>>16)&0xff), \
	255	*((c)++)=(unsigned char)(((l)>> 8)&0xff), \
	256	*((c)++)=(unsigned char)(((l) )&0xff), \
	257	l)
	258	# endif
bd3576d2 UM	259
	260	#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
	261
ae5c8664 MC	262	# ifndef PEDANTIC
	263	# if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
	264	# if defined(__s390x__)
	265	# define HOST_c2l(c,l) ({ asm ("lrv %0,%1" \
	266	:"=d"(l) :"m"((const unsigned int )(c)));\
	267	(c)+=4; (l); })
	268	# define HOST_l2c(l,c) ({ asm ("strv %1,%0" \
	269	:"=m"((unsigned int )(c)) :"d"(l));\
	270	(c)+=4; (l); })
	271	# endif
b38c0add	272	# endif
ae5c8664 MC	273	# if defined(__i386) \|\| defined(__i386__) \|\| defined(__x86_64) \|\| defined(__x86_64__)
ae5c8664 MC	274	# ifndef B_ENDIAN
2064e2db	275	/* See comment in DATA_ORDER_IS_BIG_ENDIAN section. */
ae5c8664 MC	276	# define HOST_c2l(c,l) ((l)=((const unsigned int )(c)), (c)+=4, l)
	277	# define HOST_l2c(l,c) (((unsigned int )(c))=(l), (c)+=4, l)
	278	# endif
2064e2db	279	# endif
1110cea0	280	# endif
a2eb9688	281
ae5c8664 MC	282	# ifndef HOST_c2l
	283	# define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++))) ), \
	284	l\|=(((unsigned long)(*((c)++)))<< 8), \
	285	l\|=(((unsigned long)(*((c)++)))<<16), \
	286	l\|=(((unsigned long)(*((c)++)))<<24) )
	287	# endif
	288	# ifndef HOST_l2c
	289	# define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \
	290	*((c)++)=(unsigned char)(((l)>> 8)&0xff), \
	291	*((c)++)=(unsigned char)(((l)>>16)&0xff), \
	292	*((c)++)=(unsigned char)(((l)>>24)&0xff), \
	293	l)
	294	# endif
bd3576d2 UM	295
	296	#endif
	297
	298	/*
	299	* Time for some action:-)
	300	*/
	301
ae5c8664 MC	302	int HASH_UPDATE(HASH_CTX c, const void data_, size_t len)
	303	{
	304	const unsigned char *data = data_;
	305	unsigned char *p;
	306	HASH_LONG l;
	307	size_t n;
bd3576d2	308
ae5c8664 MC	309	if (len == 0)
ae5c8664 MC	310	return 1;
bd3576d2	311
ae5c8664 MC	312	l = (c->Nl + (((HASH_LONG) len) << 3)) & 0xffffffffUL;
	313	/*
	314	* 95-05-24 eay Fixed a bug with the overflow handling, thanks to Wei Dai
	315	* <weidai@eskimo.com> for pointing it out.
	316	*/
	317	if (l < c->Nl) /* overflow */
	318	c->Nh++;
	319	c->Nh += (HASH_LONG) (len >> 29); /* might cause compiler warning on
	320	* 16-bit */
	321	c->Nl = l;
	322
	323	n = c->num;
	324	if (n != 0) {
	325	p = (unsigned char *)c->data;
	326
	327	if (len >= HASH_CBLOCK \|\| len + n >= HASH_CBLOCK) {
	328	memcpy(p + n, data, HASH_CBLOCK - n);
	329	HASH_BLOCK_DATA_ORDER(c, p, 1);
	330	n = HASH_CBLOCK - n;
	331	data += n;
	332	len -= n;
	333	c->num = 0;
cb5ebf96 MC	334	/*
	335	* We use memset rather than OPENSSL_cleanse() here deliberately.
	336	* Using OPENSSL_cleanse() here could be a performance issue. It
	337	* will get properly cleansed on finalisation so this isn't a
	338	* security problem.
	339	*/
ae5c8664 MC	340	memset(p, 0, HASH_CBLOCK); /* keep it zeroed */
	341	} else {
	342	memcpy(p + n, data, len);
	343	c->num += (unsigned int)len;
	344	return 1;
	345	}
	346	}
	347
	348	n = len / HASH_CBLOCK;
	349	if (n > 0) {
	350	HASH_BLOCK_DATA_ORDER(c, data, n);
	351	n *= HASH_CBLOCK;
	352	data += n;
	353	len -= n;
	354	}
	355
	356	if (len != 0) {
	357	p = (unsigned char *)c->data;
	358	c->num = (unsigned int)len;
	359	memcpy(p, data, len);
	360	}
	361	return 1;
	362	}
	363
	364	void HASH_TRANSFORM(HASH_CTX c, const unsigned char data)
	365	{
	366	HASH_BLOCK_DATA_ORDER(c, data, 1);
	367	}
	368
	369	int HASH_FINAL(unsigned char md, HASH_CTX c)
	370	{
	371	unsigned char p = (unsigned char )c->data;
	372	size_t n = c->num;
	373
	374	p[n] = 0x80; /* there is always room for one */
	375	n++;
	376
	377	if (n > (HASH_CBLOCK - 8)) {
	378	memset(p + n, 0, HASH_CBLOCK - n);
	379	n = 0;
	380	HASH_BLOCK_DATA_ORDER(c, p, 1);
	381	}
	382	memset(p + n, 0, HASH_CBLOCK - 8 - n);
	383
	384	p += HASH_CBLOCK - 8;
bd3576d2	385	#if defined(DATA_ORDER_IS_BIG_ENDIAN)
ae5c8664 MC	386	(void)HOST_l2c(c->Nh, p);
ae5c8664 MC	387	(void)HOST_l2c(c->Nl, p);
bd3576d2	388	#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
ae5c8664 MC	389	(void)HOST_l2c(c->Nl, p);
ae5c8664 MC	390	(void)HOST_l2c(c->Nh, p);
bd3576d2	391	#endif
ae5c8664 MC	392	p -= HASH_CBLOCK;
	393	HASH_BLOCK_DATA_ORDER(c, p, 1);
	394	c->num = 0;
cb5ebf96	395	OPENSSL_cleanse(p, HASH_CBLOCK);
bd3576d2	396
1cbde6e4	397	#ifndef HASH_MAKE_STRING
ae5c8664	398	# error "HASH_MAKE_STRING must be defined!"
1cbde6e4	399	#else
ae5c8664	400	HASH_MAKE_STRING(c, md);
1cbde6e4	401	#endif
bd3576d2	402
ae5c8664 MC	403	return 1;
ae5c8664 MC	404	}
2f98abbc AP	405
2f98abbc AP	406	#ifndef MD32_REG_T
ae5c8664 MC	407	# if defined(__alpha) \|\| defined(__sparcv9) \|\| defined(__mips)
ae5c8664 MC	408	# define MD32_REG_T long
2f98abbc AP	409	/*
	410	* This comment was originaly written for MD5, which is why it
	411	* discusses A-D. But it basically applies to all 32-bit digests,
	412	* which is why it was moved to common header file.
	413	*
	414	* In case you wonder why A-D are declared as long and not
	415	* as MD5_LONG. Doing so results in slight performance
	416	* boost on LP64 architectures. The catch is we don't
	417	* really care if 32 MSBs of a 64-bit register get polluted
	418	* with eventual overflows as we save only 32 LSBs in
	419	* either case. Now declaring 'em long excuses the compiler
	420	* from keeping 32 MSBs zeroed resulting in 13% performance
	421	* improvement under SPARC Solaris7/64 and 5% under AlphaLinux.
ae5c8664	422	* Well, to be honest it should say that this prevents
2f98abbc	423	* performance degradation.
ae5c8664	424	* <appro@fy.chalmers.se>
0d25aad9	425	*/
ae5c8664	426	# else
0d25aad9 AP	427	/*
	428	* Above is not absolute and there are LP64 compilers that
	429	* generate better code if MD32_REG_T is defined int. The above
	430	* pre-processor condition reflects the circumstances under which
	431	* the conclusion was made and is subject to further extension.
ae5c8664	432	* <appro@fy.chalmers.se>
2f98abbc	433	*/
ae5c8664 MC	434	# define MD32_REG_T int
ae5c8664 MC	435	# endif
2f98abbc	436	#endif