Consolidate whirlpool into a single C file.

Buy a vowel at the same time, since we're no longer limited to 8.3 file names. Discussed with tb@
author: jsing <> 2024-03-29 02:41:49 +0000
committer: jsing <> 2024-03-29 02:41:49 +0000
commit: 203be6bbb69ba30845cd753c14dbc11d40254691 (patch)
tree: 77a583322675eb9a97bd63095439784c2477e1ac
parent: 3c8b40f90af27ee45a8c5e731b4dfcf7babc402c (diff)
download: openbsd-203be6bbb69ba30845cd753c14dbc11d40254691.tar.gz
openbsd-203be6bbb69ba30845cd753c14dbc11d40254691.tar.bz2
openbsd-203be6bbb69ba30845cd753c14dbc11d40254691.zip
4 files changed, 229 insertions, 284 deletions
diff --git a/src/lib/libcrypto/Makefile b/src/lib/libcrypto/Makefile
index d3533412fd..b763757ebf 100644
--- a/src/lib/libcrypto/Makefile
+++ b/src/lib/libcrypto/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.186 2024/03/29 02:33:44 jsing Exp $
+# $OpenBSD: Makefile,v 1.187 2024/03/29 02:41:49 jsing Exp $
 LIB=    crypto
 LIBREBUILD=y
@@ -557,8 +557,7 @@ SRCS+= ui_openssl.c
 SRCS+= ui_util.c
 # whrlpool/
-SRCS+= wp_block.c
+SRCS+= whirlpool.c
-SRCS+= wp_dgst.c
 # x509/
 SRCS+= by_dir.c
diff --git a/src/lib/libcrypto/whrlpool/wp_block.c b/src/lib/libcrypto/whrlpool/whirlpool.c
index ad814a3463..217c5a919b 100644
--- a/src/lib/libcrypto/whrlpool/wp_block.c
+++ b/src/lib/libcrypto/whrlpool/whirlpool.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: wp_block.c,v 1.15 2022/11/26 16:08:54 tb Exp $ */
+/* $OpenBSD: whirlpool.c,v 1.1 2024/03/29 02:41:49 jsing Exp $ */
 /**
 * The Whirlpool hashing function.
 *
@@ -36,11 +36,27 @@
 *
 */
+/*
+ * OpenSSL-specific implementation notes.
+ *
+ * WHIRLPOOL_Update as well as one-stroke WHIRLPOOL both expect
+ * number of *bytes* as input length argument. Bit-oriented routine
+ * as specified by authors is called WHIRLPOOL_BitUpdate[!] and
+ * does not have one-stroke counterpart.
+ *
+ * WHIRLPOOL_BitUpdate implements byte-oriented loop, essentially
+ * to serve WHIRLPOOL_Update. This is done for performance.
+ *
+ * Unlike authors' reference implementation, block processing
+ * routine whirlpool_block is designed to operate on multi-block
+ * input. This is done for performance.
+ */
 #include <endian.h>
 #include <string.h>
-#include <openssl/crypto.h>
-#include "wp_local.h"
+#include <openssl/crypto.h>
+#include <openssl/whrlpool.h>
 typedef unsigned char           u8;
 #if defined(_LP64)
@@ -627,3 +643,211 @@ void whirlpool_block(WHIRLPOOL_CTX *ctx,const void *inp,size_t n)
                                                        p += 64;
                                                        } while(--n);
        }
+int
+WHIRLPOOL_Init(WHIRLPOOL_CTX *c)
+{
+        memset (c, 0, sizeof(*c));
+        return (1);
+}
+int
+WHIRLPOOL_Update(WHIRLPOOL_CTX *c, const void *_inp, size_t bytes)
+{
+        /* Well, largest suitable chunk size actually is
+         * (1<<(sizeof(size_t)*8-3))-64, but below number
+         * is large enough for not to care about excessive
+         * calls to WHIRLPOOL_BitUpdate... */
+        size_t chunk = ((size_t)1) << (sizeof(size_t)*8 - 4);
+        const unsigned char *inp = _inp;
+        while (bytes >= chunk) {
+                WHIRLPOOL_BitUpdate(c, inp, chunk*8);
+                bytes -= chunk;
+                inp += chunk;
+        }
+        if (bytes)
+                WHIRLPOOL_BitUpdate(c, inp, bytes*8);
+        return (1);
+}
+void
+WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c, const void *_inp, size_t bits)
+{
+        size_t          n;
+        unsigned int    bitoff = c->bitoff,
+            bitrem = bitoff % 8,
+            inpgap = (8 - (unsigned int)bits % 8)&7;
+        const unsigned char *inp = _inp;
+        /* This 256-bit increment procedure relies on the size_t
+         * being natural size of CPU register, so that we don't
+         * have to mask the value in order to detect overflows. */
+        c->bitlen[0] += bits;
+        if (c->bitlen[0] < bits)        /* overflow */
+        {
+                n = 1;
+                do {
+                        c->bitlen[n]++;
+                } while (c->bitlen[n]==0 &&
+                    ++n < (WHIRLPOOL_COUNTER/sizeof(size_t)));
+        }
+#ifndef OPENSSL_SMALL_FOOTPRINT
+reconsider:
+        if (inpgap==0 && bitrem==0)     /* byte-oriented loop */
+        {
+                while (bits) {
+                        if (bitoff == 0 && (n = bits/WHIRLPOOL_BBLOCK)) {
+                                whirlpool_block(c, inp, n);
+                                inp += n*WHIRLPOOL_BBLOCK/8;
+                                bits %= WHIRLPOOL_BBLOCK;
+                        } else {
+                                unsigned int byteoff = bitoff/8;
+                                bitrem = WHIRLPOOL_BBLOCK - bitoff;/* re-use bitrem */
+                                if (bits >= bitrem) {
+                                        bits -= bitrem;
+                                        bitrem /= 8;
+                                        memcpy(c->data + byteoff, inp, bitrem);
+                                        inp += bitrem;
+                                        whirlpool_block(c, c->data, 1);
+                                        bitoff = 0;
+                                } else {
+                                        memcpy(c->data + byteoff, inp, bits/8);
+                                        bitoff += (unsigned int)bits;
+                                        bits = 0;
+                                }
+                                c->bitoff = bitoff;
+                        }
+                }
+        }
+        else                            /* bit-oriented loop */
+#endif
+        {
+                /*
+                           inp
+                           |
+                           +-------+-------+-------
+                              |||||||||||||||||||||
+                           +-------+-------+-------
+                +-------+-------+-------+-------+-------
+                ||||||||||||||                          c->data
+                +-------+-------+-------+-------+-------
+                        |
+                        c->bitoff/8
+                */
+                while (bits) {
+                        unsigned int    byteoff = bitoff/8;
+                        unsigned char   b;
+#ifndef OPENSSL_SMALL_FOOTPRINT
+                        if (bitrem == inpgap) {
+                                c->data[byteoff++] |= inp[0] & (0xff >> inpgap);
+                                inpgap = 8 - inpgap;
+                                bitoff += inpgap;  bitrem = 0;  /* bitoff%8 */
+                                bits   -= inpgap;  inpgap = 0;  /* bits%8   */
+                                inp++;
+                                if (bitoff == WHIRLPOOL_BBLOCK) {
+                                        whirlpool_block(c, c->data, 1);
+                                        bitoff = 0;
+                                }
+                                c->bitoff = bitoff;
+                                goto reconsider;
+                        } else
+#endif
+                        if (bits >= 8) {
+                                b = ((inp[0]<<inpgap) | (inp[1]>>(8 - inpgap)));
+                                b &= 0xff;
+                                if (bitrem)
+                                        c->data[byteoff++] |= b >> bitrem;
+                                else
+                                        c->data[byteoff++] = b;
+                                bitoff += 8;
+                                bits -= 8;
+                                inp++;
+                                if (bitoff >= WHIRLPOOL_BBLOCK) {
+                                        whirlpool_block(c, c->data, 1);
+                                        byteoff = 0;
+                                        bitoff  %= WHIRLPOOL_BBLOCK;
+                                }
+                                if (bitrem)
+                                        c->data[byteoff] = b << (8 - bitrem);
+                        }
+                        else    /* remaining less than 8 bits */
+                        {
+                                b = (inp[0]<<inpgap)&0xff;
+                                if (bitrem)
+                                        c->data[byteoff++] |= b >> bitrem;
+                                else
+                                        c->data[byteoff++] = b;
+                                bitoff += (unsigned int)bits;
+                                if (bitoff == WHIRLPOOL_BBLOCK) {
+                                        whirlpool_block(c, c->data, 1);
+                                        byteoff = 0;
+                                        bitoff  %= WHIRLPOOL_BBLOCK;
+                                }
+                                if (bitrem)
+                                        c->data[byteoff] = b << (8 - bitrem);
+                                bits = 0;
+                        }
+                        c->bitoff = bitoff;
+                }
+        }
+}
+int
+WHIRLPOOL_Final(unsigned char *md, WHIRLPOOL_CTX *c)
+{
+        unsigned int    bitoff = c->bitoff,
+            byteoff = bitoff/8;
+        size_t          i, j, v;
+        unsigned char  *p;
+        bitoff %= 8;
+        if (bitoff)
+                c->data[byteoff] |= 0x80 >> bitoff;
+        else
+                c->data[byteoff] = 0x80;
+        byteoff++;
+        /* pad with zeros */
+        if (byteoff > (WHIRLPOOL_BBLOCK/8 - WHIRLPOOL_COUNTER)) {
+                if (byteoff < WHIRLPOOL_BBLOCK/8)
+                        memset(&c->data[byteoff], 0, WHIRLPOOL_BBLOCK/8 - byteoff);
+                whirlpool_block(c, c->data, 1);
+                byteoff = 0;
+        }
+        if (byteoff < (WHIRLPOOL_BBLOCK/8 - WHIRLPOOL_COUNTER))
+                memset(&c->data[byteoff], 0,
+                    (WHIRLPOOL_BBLOCK/8 - WHIRLPOOL_COUNTER) - byteoff);
+        /* smash 256-bit c->bitlen in big-endian order */
+        p = &c->data[WHIRLPOOL_BBLOCK/8-1];     /* last byte in c->data */
+        for (i = 0; i < WHIRLPOOL_COUNTER/sizeof(size_t); i++)
+                for (v = c->bitlen[i], j = 0; j < sizeof(size_t); j++, v >>= 8)
+                        *p-- = (unsigned char)(v&0xff);
+        whirlpool_block(c, c->data, 1);
+        if (md) {
+                memcpy(md, c->H.c, WHIRLPOOL_DIGEST_LENGTH);
+                memset(c, 0, sizeof(*c));
+                return (1);
+        }
+        return (0);
+}
+unsigned char *
+WHIRLPOOL(const void *inp, size_t bytes, unsigned char *md)
+{
+        WHIRLPOOL_CTX ctx;
+        static unsigned char m[WHIRLPOOL_DIGEST_LENGTH];
+        if (md == NULL)
+                md = m;
+        WHIRLPOOL_Init(&ctx);
+        WHIRLPOOL_Update(&ctx, inp, bytes);
+        WHIRLPOOL_Final(md, &ctx);
+        return (md);
+}
diff --git a/src/lib/libcrypto/whrlpool/wp_dgst.c b/src/lib/libcrypto/whrlpool/wp_dgst.c
deleted file mode 100644
index 0e7c9c56d9..0000000000
--- a/src/lib/libcrypto/whrlpool/wp_dgst.c
+++ /dev/null
@@ -1,267 +0,0 @@
-/* $OpenBSD: wp_dgst.c,v 1.8 2024/03/29 00:16:22 jsing Exp $ */
-/**
- * The Whirlpool hashing function.
- *
- * <P>
- * <b>References</b>
- *
- * <P>
- * The Whirlpool algorithm was developed by
- * <a href="mailto:pbarreto@scopus.com.br">Paulo S. L. M. Barreto</a> and
- * <a href="mailto:vincent.rijmen@cryptomathic.com">Vincent Rijmen</a>.
- *
- * See
- *      P.S.L.M. Barreto, V. Rijmen,
- *      ``The Whirlpool hashing function,''
- *      NESSIE submission, 2000 (tweaked version, 2001),
- *      <https://www.cosic.esat.kuleuven.ac.be/nessie/workshop/submissions/whirlpool.zip>
- *
- * Based on "@version 3.0 (2003.03.12)" by Paulo S.L.M. Barreto and
- * Vincent Rijmen. Lookup "reference implementations" on
- * <http://planeta.terra.com.br/informatica/paulobarreto/>
- *
- * =============================================================================
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS
- * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
- * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
- * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
- * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-/*
- * OpenSSL-specific implementation notes.
- *
- * WHIRLPOOL_Update as well as one-stroke WHIRLPOOL both expect
- * number of *bytes* as input length argument. Bit-oriented routine
- * as specified by authors is called WHIRLPOOL_BitUpdate[!] and
- * does not have one-stroke counterpart.
- *
- * WHIRLPOOL_BitUpdate implements byte-oriented loop, essentially
- * to serve WHIRLPOOL_Update. This is done for performance.
- *
- * Unlike authors' reference implementation, block processing
- * routine whirlpool_block is designed to operate on multi-block
- * input. This is done for performance.
- */
-#include <string.h>
-#include <openssl/crypto.h>
-#include "wp_local.h"
-int
-WHIRLPOOL_Init(WHIRLPOOL_CTX *c)
-{
-        memset (c, 0, sizeof(*c));
-        return (1);
-}
-int
-WHIRLPOOL_Update(WHIRLPOOL_CTX *c, const void *_inp, size_t bytes)
-{
-        /* Well, largest suitable chunk size actually is
-         * (1<<(sizeof(size_t)*8-3))-64, but below number
-         * is large enough for not to care about excessive
-         * calls to WHIRLPOOL_BitUpdate... */
-        size_t chunk = ((size_t)1) << (sizeof(size_t)*8 - 4);
-        const unsigned char *inp = _inp;
-        while (bytes >= chunk) {
-                WHIRLPOOL_BitUpdate(c, inp, chunk*8);
-                bytes -= chunk;
-                inp += chunk;
-        }
-        if (bytes)
-                WHIRLPOOL_BitUpdate(c, inp, bytes*8);
-        return (1);
-}
-void
-WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c, const void *_inp, size_t bits)
-{
-        size_t          n;
-        unsigned int    bitoff = c->bitoff,
-            bitrem = bitoff % 8,
-            inpgap = (8 - (unsigned int)bits % 8)&7;
-        const unsigned char *inp = _inp;
-        /* This 256-bit increment procedure relies on the size_t
-         * being natural size of CPU register, so that we don't
-         * have to mask the value in order to detect overflows. */
-        c->bitlen[0] += bits;
-        if (c->bitlen[0] < bits)        /* overflow */
-        {
-                n = 1;
-                do {
-                        c->bitlen[n]++;
-                } while (c->bitlen[n]==0 &&
-                    ++n < (WHIRLPOOL_COUNTER/sizeof(size_t)));
-        }
-#ifndef OPENSSL_SMALL_FOOTPRINT
-reconsider:
-        if (inpgap==0 && bitrem==0)     /* byte-oriented loop */
-        {
-                while (bits) {
-                        if (bitoff == 0 && (n = bits/WHIRLPOOL_BBLOCK)) {
-                                whirlpool_block(c, inp, n);
-                                inp += n*WHIRLPOOL_BBLOCK/8;
-                                bits %= WHIRLPOOL_BBLOCK;
-                        } else {
-                                unsigned int byteoff = bitoff/8;
-                                bitrem = WHIRLPOOL_BBLOCK - bitoff;/* re-use bitrem */
-                                if (bits >= bitrem) {
-                                        bits -= bitrem;
-                                        bitrem /= 8;
-                                        memcpy(c->data + byteoff, inp, bitrem);
-                                        inp += bitrem;
-                                        whirlpool_block(c, c->data, 1);
-                                        bitoff = 0;
-                                } else {
-                                        memcpy(c->data + byteoff, inp, bits/8);
-                                        bitoff += (unsigned int)bits;
-                                        bits = 0;
-                                }
-                                c->bitoff = bitoff;
-                        }
-                }
-        }
-        else                            /* bit-oriented loop */
-#endif
-        {
-                /*
-                           inp
-                           |
-                           +-------+-------+-------
-                              |||||||||||||||||||||
-                           +-------+-------+-------
-                +-------+-------+-------+-------+-------
-                ||||||||||||||                          c->data
-                +-------+-------+-------+-------+-------
-                        |
-                        c->bitoff/8
-                */
-                while (bits) {
-                        unsigned int    byteoff = bitoff/8;
-                        unsigned char   b;
-#ifndef OPENSSL_SMALL_FOOTPRINT
-                        if (bitrem == inpgap) {
-                                c->data[byteoff++] |= inp[0] & (0xff >> inpgap);
-                                inpgap = 8 - inpgap;
-                                bitoff += inpgap;  bitrem = 0;  /* bitoff%8 */
-                                bits   -= inpgap;  inpgap = 0;  /* bits%8   */
-                                inp++;
-                                if (bitoff == WHIRLPOOL_BBLOCK) {
-                                        whirlpool_block(c, c->data, 1);
-                                        bitoff = 0;
-                                }
-                                c->bitoff = bitoff;
-                                goto reconsider;
-                        } else
-#endif
-                        if (bits >= 8) {
-                                b = ((inp[0]<<inpgap) | (inp[1]>>(8 - inpgap)));
-                                b &= 0xff;
-                                if (bitrem)
-                                        c->data[byteoff++] |= b >> bitrem;
-                                else
-                                        c->data[byteoff++] = b;
-                                bitoff += 8;
-                                bits -= 8;
-                                inp++;
-                                if (bitoff >= WHIRLPOOL_BBLOCK) {
-                                        whirlpool_block(c, c->data, 1);
-                                        byteoff = 0;
-                                        bitoff  %= WHIRLPOOL_BBLOCK;
-                                }
-                                if (bitrem)
-                                        c->data[byteoff] = b << (8 - bitrem);
-                        }
-                        else    /* remaining less than 8 bits */
-                        {
-                                b = (inp[0]<<inpgap)&0xff;
-                                if (bitrem)
-                                        c->data[byteoff++] |= b >> bitrem;
-                                else
-                                        c->data[byteoff++] = b;
-                                bitoff += (unsigned int)bits;
-                                if (bitoff == WHIRLPOOL_BBLOCK) {
-                                        whirlpool_block(c, c->data, 1);
-                                        byteoff = 0;
-                                        bitoff  %= WHIRLPOOL_BBLOCK;
-                                }
-                                if (bitrem)
-                                        c->data[byteoff] = b << (8 - bitrem);
-                                bits = 0;
-                        }
-                        c->bitoff = bitoff;
-                }
-        }
-}
-int
-WHIRLPOOL_Final(unsigned char *md, WHIRLPOOL_CTX *c)
-{
-        unsigned int    bitoff = c->bitoff,
-            byteoff = bitoff/8;
-        size_t          i, j, v;
-        unsigned char  *p;
-        bitoff %= 8;
-        if (bitoff)
-                c->data[byteoff] |= 0x80 >> bitoff;
-        else
-                c->data[byteoff] = 0x80;
-        byteoff++;
-        /* pad with zeros */
-        if (byteoff > (WHIRLPOOL_BBLOCK/8 - WHIRLPOOL_COUNTER)) {
-                if (byteoff < WHIRLPOOL_BBLOCK/8)
-                        memset(&c->data[byteoff], 0, WHIRLPOOL_BBLOCK/8 - byteoff);
-                whirlpool_block(c, c->data, 1);
-                byteoff = 0;
-        }
-        if (byteoff < (WHIRLPOOL_BBLOCK/8 - WHIRLPOOL_COUNTER))
-                memset(&c->data[byteoff], 0,
-                    (WHIRLPOOL_BBLOCK/8 - WHIRLPOOL_COUNTER) - byteoff);
-        /* smash 256-bit c->bitlen in big-endian order */
-        p = &c->data[WHIRLPOOL_BBLOCK/8-1];     /* last byte in c->data */
-        for (i = 0; i < WHIRLPOOL_COUNTER/sizeof(size_t); i++)
-                for (v = c->bitlen[i], j = 0; j < sizeof(size_t); j++, v >>= 8)
-                        *p-- = (unsigned char)(v&0xff);
-        whirlpool_block(c, c->data, 1);
-        if (md) {
-                memcpy(md, c->H.c, WHIRLPOOL_DIGEST_LENGTH);
-                memset(c, 0, sizeof(*c));
-                return (1);
-        }
-        return (0);
-}
-unsigned char *
-WHIRLPOOL(const void *inp, size_t bytes, unsigned char *md)
-{
-        WHIRLPOOL_CTX ctx;
-        static unsigned char m[WHIRLPOOL_DIGEST_LENGTH];
-        if (md == NULL)
-                md = m;
-        WHIRLPOOL_Init(&ctx);
-        WHIRLPOOL_Update(&ctx, inp, bytes);
-        WHIRLPOOL_Final(md, &ctx);
-        return (md);
-}
diff --git a/src/lib/libcrypto/whrlpool/wp_local.h b/src/lib/libcrypto/whrlpool/wp_local.h
deleted file mode 100644
index 892dce23b6..0000000000
--- a/src/lib/libcrypto/whrlpool/wp_local.h
+++ /dev/null
@@ -1,11 +0,0 @@
-/* $OpenBSD: wp_local.h,v 1.2 2023/09/04 08:43:41 tb Exp $ */
-#include <sys/types.h>
-#include <openssl/whrlpool.h>
-__BEGIN_HIDDEN_DECLS
-void whirlpool_block(WHIRLPOOL_CTX *,const void *,size_t);
-__END_HIDDEN_DECLS
author	jsing <>	2024-03-29 02:41:49 +0000
committer	jsing <>	2024-03-29 02:41:49 +0000
commit	203be6bbb69ba30845cd753c14dbc11d40254691 (patch)
tree	77a583322675eb9a97bd63095439784c2477e1ac
parent	3c8b40f90af27ee45a8c5e731b4dfcf7babc402c (diff)
download	openbsd-203be6bbb69ba30845cd753c14dbc11d40254691.tar.gz openbsd-203be6bbb69ba30845cd753c14dbc11d40254691.tar.bz2 openbsd-203be6bbb69ba30845cd753c14dbc11d40254691.zip

diff --git a/src/lib/libcrypto/Makefile b/src/lib/libcrypto/Makefile index d3533412fd..b763757ebf 100644 --- a/src/lib/libcrypto/Makefile +++ b/src/lib/libcrypto/Makefile
@@ -1,4 +1,4 @@
1	# $OpenBSD: Makefile,v 1.186 2024/03/29 02:33:44 jsing Exp $	1	# $OpenBSD: Makefile,v 1.187 2024/03/29 02:41:49 jsing Exp $
2		2
3	LIB= crypto	3	LIB= crypto
4	LIBREBUILD=y	4	LIBREBUILD=y
@@ -557,8 +557,7 @@ SRCS+= ui_openssl.c
557	SRCS+= ui_util.c	557	SRCS+= ui_util.c
558		558
559	# whrlpool/	559	# whrlpool/
560	SRCS+= wp_block.c	560	SRCS+= whirlpool.c
561	SRCS+= wp_dgst.c
562		561
563	# x509/	562	# x509/
564	SRCS+= by_dir.c	563	SRCS+= by_dir.c


diff --git a/src/lib/libcrypto/whrlpool/wp_block.c b/src/lib/libcrypto/whrlpool/whirlpool.c index ad814a3463..217c5a919b 100644 --- a/src/lib/libcrypto/whrlpool/wp_block.c +++ b/src/lib/libcrypto/whrlpool/whirlpool.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: wp_block.c,v 1.15 2022/11/26 16:08:54 tb Exp $ */	1	/* $OpenBSD: whirlpool.c,v 1.1 2024/03/29 02:41:49 jsing Exp $ */
2	/**	2	/**
3	* The Whirlpool hashing function.	3	* The Whirlpool hashing function.
4	*	4	*
@@ -36,11 +36,27 @@
36	*	36	*
37	*/	37	*/
38		38
		39	/*
		40	* OpenSSL-specific implementation notes.
		41	*
		42	* WHIRLPOOL_Update as well as one-stroke WHIRLPOOL both expect
		43	* number of bytes as input length argument. Bit-oriented routine
		44	* as specified by authors is called WHIRLPOOL_BitUpdate[!] and
		45	* does not have one-stroke counterpart.
		46	*
		47	* WHIRLPOOL_BitUpdate implements byte-oriented loop, essentially
		48	* to serve WHIRLPOOL_Update. This is done for performance.
		49	*
		50	* Unlike authors' reference implementation, block processing
		51	* routine whirlpool_block is designed to operate on multi-block
		52	* input. This is done for performance.
		53	*/
		54
39	#include <endian.h>	55	#include <endian.h>
40	#include <string.h>	56	#include <string.h>
41	#include <openssl/crypto.h>
42		57
43	#include "wp_local.h"	58	#include <openssl/crypto.h>
		59	#include <openssl/whrlpool.h>
44		60
45	typedef unsigned char u8;	61	typedef unsigned char u8;
46	#if defined(_LP64)	62	#if defined(_LP64)
@@ -627,3 +643,211 @@ void whirlpool_block(WHIRLPOOL_CTX ctx,const void inp,size_t n)
627	p += 64;	643	p += 64;
628	} while(--n);	644	} while(--n);
629	}	645	}
		646
		647	int
		648	WHIRLPOOL_Init(WHIRLPOOL_CTX *c)
		649	{
		650	memset (c, 0, sizeof(*c));
		651	return (1);
		652	}
		653
		654	int
		655	WHIRLPOOL_Update(WHIRLPOOL_CTX c, const void _inp, size_t bytes)
		656	{
		657	/* Well, largest suitable chunk size actually is
		658	* (1<<(sizeof(size_t)*8-3))-64, but below number
		659	* is large enough for not to care about excessive
		660	* calls to WHIRLPOOL_BitUpdate... */
		661	size_t chunk = ((size_t)1) << (sizeof(size_t)*8 - 4);
		662	const unsigned char *inp = _inp;
		663
		664	while (bytes >= chunk) {
		665	WHIRLPOOL_BitUpdate(c, inp, chunk*8);
		666	bytes -= chunk;
		667	inp += chunk;
		668	}
		669	if (bytes)
		670	WHIRLPOOL_BitUpdate(c, inp, bytes*8);
		671
		672	return (1);
		673	}
		674
		675	void
		676	WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX c, const void _inp, size_t bits)
		677	{
		678	size_t n;
		679	unsigned int bitoff = c->bitoff,
		680	bitrem = bitoff % 8,
		681	inpgap = (8 - (unsigned int)bits % 8)&7;
		682	const unsigned char *inp = _inp;
		683
		684	/* This 256-bit increment procedure relies on the size_t
		685	* being natural size of CPU register, so that we don't
		686	* have to mask the value in order to detect overflows. */
		687	c->bitlen[0] += bits;
		688	if (c->bitlen[0] < bits) /* overflow */
		689	{
		690	n = 1;
		691	do {
		692	c->bitlen[n]++;
		693	} while (c->bitlen[n]==0 &&
		694	++n < (WHIRLPOOL_COUNTER/sizeof(size_t)));
		695	}
		696
		697	#ifndef OPENSSL_SMALL_FOOTPRINT
		698	reconsider:
		699	if (inpgap==0 && bitrem==0) /* byte-oriented loop */
		700	{
		701	while (bits) {
		702	if (bitoff == 0 && (n = bits/WHIRLPOOL_BBLOCK)) {
		703	whirlpool_block(c, inp, n);
		704	inp += n*WHIRLPOOL_BBLOCK/8;
		705	bits %= WHIRLPOOL_BBLOCK;
		706	} else {
		707	unsigned int byteoff = bitoff/8;
		708
		709	bitrem = WHIRLPOOL_BBLOCK - bitoff;/* re-use bitrem */
		710	if (bits >= bitrem) {
		711	bits -= bitrem;
		712	bitrem /= 8;
		713	memcpy(c->data + byteoff, inp, bitrem);
		714	inp += bitrem;
		715	whirlpool_block(c, c->data, 1);
		716	bitoff = 0;
		717	} else {
		718	memcpy(c->data + byteoff, inp, bits/8);
		719	bitoff += (unsigned int)bits;
		720	bits = 0;
		721	}
		722	c->bitoff = bitoff;
		723	}
		724	}
		725	}
		726	else /* bit-oriented loop */
		727	#endif
		728	{
		729	/*
		730	inp
		731	\|
		732	+-------+-------+-------
		733	\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|
		734	+-------+-------+-------
		735	+-------+-------+-------+-------+-------
		736	\|\|\|\|\|\|\|\|\|\|\|\|\|\| c->data
		737	+-------+-------+-------+-------+-------
		738	\|
		739	c->bitoff/8
		740	*/
		741	while (bits) {
		742	unsigned int byteoff = bitoff/8;
		743	unsigned char b;
		744
		745	#ifndef OPENSSL_SMALL_FOOTPRINT
		746	if (bitrem == inpgap) {
		747	c->data[byteoff++] \|= inp[0] & (0xff >> inpgap);
		748	inpgap = 8 - inpgap;
		749	bitoff += inpgap; bitrem = 0; /* bitoff%8 */
		750	bits -= inpgap; inpgap = 0; /* bits%8 */
		751	inp++;
		752	if (bitoff == WHIRLPOOL_BBLOCK) {
		753	whirlpool_block(c, c->data, 1);
		754	bitoff = 0;
		755	}
		756	c->bitoff = bitoff;
		757	goto reconsider;
		758	} else
		759	#endif
		760	if (bits >= 8) {
		761	b = ((inp[0]<<inpgap) \| (inp[1]>>(8 - inpgap)));
		762	b &= 0xff;
		763	if (bitrem)
		764	c->data[byteoff++] \|= b >> bitrem;
		765	else
		766	c->data[byteoff++] = b;
		767	bitoff += 8;
		768	bits -= 8;
		769	inp++;
		770	if (bitoff >= WHIRLPOOL_BBLOCK) {
		771	whirlpool_block(c, c->data, 1);
		772	byteoff = 0;
		773	bitoff %= WHIRLPOOL_BBLOCK;
		774	}
		775	if (bitrem)
		776	c->data[byteoff] = b << (8 - bitrem);
		777	}
		778	else /* remaining less than 8 bits */
		779	{
		780	b = (inp[0]<<inpgap)&0xff;
		781	if (bitrem)
		782	c->data[byteoff++] \|= b >> bitrem;
		783	else
		784	c->data[byteoff++] = b;
		785	bitoff += (unsigned int)bits;
		786	if (bitoff == WHIRLPOOL_BBLOCK) {
		787	whirlpool_block(c, c->data, 1);
		788	byteoff = 0;
		789	bitoff %= WHIRLPOOL_BBLOCK;
		790	}
		791	if (bitrem)
		792	c->data[byteoff] = b << (8 - bitrem);
		793	bits = 0;
		794	}
		795	c->bitoff = bitoff;
		796	}
		797	}
		798	}
		799
		800	int
		801	WHIRLPOOL_Final(unsigned char md, WHIRLPOOL_CTX c)
		802	{
		803	unsigned int bitoff = c->bitoff,
		804	byteoff = bitoff/8;
		805	size_t i, j, v;
		806	unsigned char *p;
		807
		808	bitoff %= 8;
		809	if (bitoff)
		810	c->data[byteoff] \|= 0x80 >> bitoff;
		811	else
		812	c->data[byteoff] = 0x80;
		813	byteoff++;
		814
		815	/* pad with zeros */
		816	if (byteoff > (WHIRLPOOL_BBLOCK/8 - WHIRLPOOL_COUNTER)) {
		817	if (byteoff < WHIRLPOOL_BBLOCK/8)
		818	memset(&c->data[byteoff], 0, WHIRLPOOL_BBLOCK/8 - byteoff);
		819	whirlpool_block(c, c->data, 1);
		820	byteoff = 0;
		821	}
		822	if (byteoff < (WHIRLPOOL_BBLOCK/8 - WHIRLPOOL_COUNTER))
		823	memset(&c->data[byteoff], 0,
		824	(WHIRLPOOL_BBLOCK/8 - WHIRLPOOL_COUNTER) - byteoff);
		825	/* smash 256-bit c->bitlen in big-endian order */
		826	p = &c->data[WHIRLPOOL_BBLOCK/8-1]; /* last byte in c->data */
		827	for (i = 0; i < WHIRLPOOL_COUNTER/sizeof(size_t); i++)
		828	for (v = c->bitlen[i], j = 0; j < sizeof(size_t); j++, v >>= 8)
		829	*p-- = (unsigned char)(v&0xff);
		830
		831	whirlpool_block(c, c->data, 1);
		832
		833	if (md) {
		834	memcpy(md, c->H.c, WHIRLPOOL_DIGEST_LENGTH);
		835	memset(c, 0, sizeof(*c));
		836	return (1);
		837	}
		838	return (0);
		839	}
		840
		841	unsigned char *
		842	WHIRLPOOL(const void inp, size_t bytes, unsigned char md)
		843	{
		844	WHIRLPOOL_CTX ctx;
		845	static unsigned char m[WHIRLPOOL_DIGEST_LENGTH];
		846
		847	if (md == NULL)
		848	md = m;
		849	WHIRLPOOL_Init(&ctx);
		850	WHIRLPOOL_Update(&ctx, inp, bytes);
		851	WHIRLPOOL_Final(md, &ctx);
		852	return (md);
		853	}


diff --git a/src/lib/libcrypto/whrlpool/wp_dgst.c b/src/lib/libcrypto/whrlpool/wp_dgst.c deleted file mode 100644 index 0e7c9c56d9..0000000000 --- a/src/lib/libcrypto/whrlpool/wp_dgst.c +++ /dev/null
@@ -1,267 +0,0 @@
1	/* $OpenBSD: wp_dgst.c,v 1.8 2024/03/29 00:16:22 jsing Exp $ */
2	/**
3	* The Whirlpool hashing function.
4	*
5	* <P>
6	* <b>References</b>
7	*
8	* <P>
9	* The Whirlpool algorithm was developed by
10	* <a href="mailto:pbarreto@scopus.com.br">Paulo S. L. M. Barreto</a> and
11	* <a href="mailto:vincent.rijmen@cryptomathic.com">Vincent Rijmen</a>.
12	*
13	* See
14	* P.S.L.M. Barreto, V. Rijmen,
15	* ``The Whirlpool hashing function,''
16	* NESSIE submission, 2000 (tweaked version, 2001),
17	* <https://www.cosic.esat.kuleuven.ac.be/nessie/workshop/submissions/whirlpool.zip>
18	*
19	* Based on "@version 3.0 (2003.03.12)" by Paulo S.L.M. Barreto and
20	* Vincent Rijmen. Lookup "reference implementations" on
21	* <http://planeta.terra.com.br/informatica/paulobarreto/>
22	*
23	* =============================================================================
24	*
25	* THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS
26	* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
27	* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
28	* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE
29	* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
30	* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
31	* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
32	* BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
33	* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
34	* OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
35	* EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36	*
37	*/
38
39	/*
40	* OpenSSL-specific implementation notes.
41	*
42	* WHIRLPOOL_Update as well as one-stroke WHIRLPOOL both expect
43	* number of bytes as input length argument. Bit-oriented routine
44	* as specified by authors is called WHIRLPOOL_BitUpdate[!] and
45	* does not have one-stroke counterpart.
46	*
47	* WHIRLPOOL_BitUpdate implements byte-oriented loop, essentially
48	* to serve WHIRLPOOL_Update. This is done for performance.
49	*
50	* Unlike authors' reference implementation, block processing
51	* routine whirlpool_block is designed to operate on multi-block
52	* input. This is done for performance.
53	*/
54
55	#include <string.h>
56
57	#include <openssl/crypto.h>
58
59	#include "wp_local.h"
60
61	int
62	WHIRLPOOL_Init(WHIRLPOOL_CTX *c)
63	{
64	memset (c, 0, sizeof(*c));
65	return (1);
66	}
67
68	int
69	WHIRLPOOL_Update(WHIRLPOOL_CTX c, const void _inp, size_t bytes)
70	{
71	/* Well, largest suitable chunk size actually is
72	* (1<<(sizeof(size_t)*8-3))-64, but below number
73	* is large enough for not to care about excessive
74	* calls to WHIRLPOOL_BitUpdate... */
75	size_t chunk = ((size_t)1) << (sizeof(size_t)*8 - 4);
76	const unsigned char *inp = _inp;
77
78	while (bytes >= chunk) {
79	WHIRLPOOL_BitUpdate(c, inp, chunk*8);
80	bytes -= chunk;
81	inp += chunk;
82	}
83	if (bytes)
84	WHIRLPOOL_BitUpdate(c, inp, bytes*8);
85
86	return (1);
87	}
88
89	void
90	WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX c, const void _inp, size_t bits)
91	{
92	size_t n;
93	unsigned int bitoff = c->bitoff,
94	bitrem = bitoff % 8,
95	inpgap = (8 - (unsigned int)bits % 8)&7;
96	const unsigned char *inp = _inp;
97
98	/* This 256-bit increment procedure relies on the size_t
99	* being natural size of CPU register, so that we don't
100	* have to mask the value in order to detect overflows. */
101	c->bitlen[0] += bits;
102	if (c->bitlen[0] < bits) /* overflow */
103	{
104	n = 1;
105	do {
106	c->bitlen[n]++;
107	} while (c->bitlen[n]==0 &&
108	++n < (WHIRLPOOL_COUNTER/sizeof(size_t)));
109	}
110
111	#ifndef OPENSSL_SMALL_FOOTPRINT
112	reconsider:
113	if (inpgap==0 && bitrem==0) /* byte-oriented loop */
114	{
115	while (bits) {
116	if (bitoff == 0 && (n = bits/WHIRLPOOL_BBLOCK)) {
117	whirlpool_block(c, inp, n);
118	inp += n*WHIRLPOOL_BBLOCK/8;
119	bits %= WHIRLPOOL_BBLOCK;
120	} else {
121	unsigned int byteoff = bitoff/8;
122
123	bitrem = WHIRLPOOL_BBLOCK - bitoff;/* re-use bitrem */
124	if (bits >= bitrem) {
125	bits -= bitrem;
126	bitrem /= 8;
127	memcpy(c->data + byteoff, inp, bitrem);
128	inp += bitrem;
129	whirlpool_block(c, c->data, 1);
130	bitoff = 0;
131	} else {
132	memcpy(c->data + byteoff, inp, bits/8);
133	bitoff += (unsigned int)bits;
134	bits = 0;
135	}
136	c->bitoff = bitoff;
137	}
138	}
139	}
140	else /* bit-oriented loop */
141	#endif
142	{
143	/*
144	inp
145	\|
146	+-------+-------+-------
147	\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|
148	+-------+-------+-------
149	+-------+-------+-------+-------+-------
150	\|\|\|\|\|\|\|\|\|\|\|\|\|\| c->data
151	+-------+-------+-------+-------+-------
152	\|
153	c->bitoff/8
154	*/
155	while (bits) {
156	unsigned int byteoff = bitoff/8;
157	unsigned char b;
158
159	#ifndef OPENSSL_SMALL_FOOTPRINT
160	if (bitrem == inpgap) {
161	c->data[byteoff++] \|= inp[0] & (0xff >> inpgap);
162	inpgap = 8 - inpgap;
163	bitoff += inpgap; bitrem = 0; /* bitoff%8 */
164	bits -= inpgap; inpgap = 0; /* bits%8 */
165	inp++;
166	if (bitoff == WHIRLPOOL_BBLOCK) {
167	whirlpool_block(c, c->data, 1);
168	bitoff = 0;
169	}
170	c->bitoff = bitoff;
171	goto reconsider;
172	} else
173	#endif
174	if (bits >= 8) {
175	b = ((inp[0]<<inpgap) \| (inp[1]>>(8 - inpgap)));
176	b &= 0xff;
177	if (bitrem)
178	c->data[byteoff++] \|= b >> bitrem;
179	else
180	c->data[byteoff++] = b;
181	bitoff += 8;
182	bits -= 8;
183	inp++;
184	if (bitoff >= WHIRLPOOL_BBLOCK) {
185	whirlpool_block(c, c->data, 1);
186	byteoff = 0;
187	bitoff %= WHIRLPOOL_BBLOCK;
188	}
189	if (bitrem)
190	c->data[byteoff] = b << (8 - bitrem);
191	}
192	else /* remaining less than 8 bits */
193	{
194	b = (inp[0]<<inpgap)&0xff;
195	if (bitrem)
196	c->data[byteoff++] \|= b >> bitrem;
197	else
198	c->data[byteoff++] = b;
199	bitoff += (unsigned int)bits;
200	if (bitoff == WHIRLPOOL_BBLOCK) {
201	whirlpool_block(c, c->data, 1);
202	byteoff = 0;
203	bitoff %= WHIRLPOOL_BBLOCK;
204	}
205	if (bitrem)
206	c->data[byteoff] = b << (8 - bitrem);
207	bits = 0;
208	}
209	c->bitoff = bitoff;
210	}
211	}
212	}
213
214	int
215	WHIRLPOOL_Final(unsigned char md, WHIRLPOOL_CTX c)
216	{
217	unsigned int bitoff = c->bitoff,
218	byteoff = bitoff/8;
219	size_t i, j, v;
220	unsigned char *p;
221
222	bitoff %= 8;
223	if (bitoff)
224	c->data[byteoff] \|= 0x80 >> bitoff;
225	else
226	c->data[byteoff] = 0x80;
227	byteoff++;
228
229	/* pad with zeros */
230	if (byteoff > (WHIRLPOOL_BBLOCK/8 - WHIRLPOOL_COUNTER)) {
231	if (byteoff < WHIRLPOOL_BBLOCK/8)
232	memset(&c->data[byteoff], 0, WHIRLPOOL_BBLOCK/8 - byteoff);
233	whirlpool_block(c, c->data, 1);
234	byteoff = 0;
235	}
236	if (byteoff < (WHIRLPOOL_BBLOCK/8 - WHIRLPOOL_COUNTER))
237	memset(&c->data[byteoff], 0,
238	(WHIRLPOOL_BBLOCK/8 - WHIRLPOOL_COUNTER) - byteoff);
239	/* smash 256-bit c->bitlen in big-endian order */
240	p = &c->data[WHIRLPOOL_BBLOCK/8-1]; /* last byte in c->data */
241	for (i = 0; i < WHIRLPOOL_COUNTER/sizeof(size_t); i++)
242	for (v = c->bitlen[i], j = 0; j < sizeof(size_t); j++, v >>= 8)
243	*p-- = (unsigned char)(v&0xff);
244
245	whirlpool_block(c, c->data, 1);
246
247	if (md) {
248	memcpy(md, c->H.c, WHIRLPOOL_DIGEST_LENGTH);
249	memset(c, 0, sizeof(*c));
250	return (1);
251	}
252	return (0);
253	}
254
255	unsigned char *
256	WHIRLPOOL(const void inp, size_t bytes, unsigned char md)
257	{
258	WHIRLPOOL_CTX ctx;
259	static unsigned char m[WHIRLPOOL_DIGEST_LENGTH];
260
261	if (md == NULL)
262	md = m;
263	WHIRLPOOL_Init(&ctx);
264	WHIRLPOOL_Update(&ctx, inp, bytes);
265	WHIRLPOOL_Final(md, &ctx);
266	return (md);
267	}


diff --git a/src/lib/libcrypto/whrlpool/wp_local.h b/src/lib/libcrypto/whrlpool/wp_local.h deleted file mode 100644 index 892dce23b6..0000000000 --- a/src/lib/libcrypto/whrlpool/wp_local.h +++ /dev/null
@@ -1,11 +0,0 @@
1	/* $OpenBSD: wp_local.h,v 1.2 2023/09/04 08:43:41 tb Exp $ */
2
3	#include <sys/types.h>
4
5	#include <openssl/whrlpool.h>
6
7	__BEGIN_HIDDEN_DECLS
8
9	void whirlpool_block(WHIRLPOOL_CTX ,const void ,size_t);
10
11	__END_HIDDEN_DECLS