diff options
| author | jsing <> | 2024-03-26 05:21:35 +0000 |
|---|---|---|
| committer | jsing <> | 2024-03-26 05:21:35 +0000 |
| commit | ea3a276277c0115eeedb4d04f7cf7a430445de02 (patch) | |
| tree | d200f9ecb8d57b94c38e6f06e679fc6035b87aa7 /src/lib | |
| parent | f44d969948e579847edde9b8e70862e0c5a3638d (diff) | |
| download | openbsd-ea3a276277c0115eeedb4d04f7cf7a430445de02.tar.gz openbsd-ea3a276277c0115eeedb4d04f7cf7a430445de02.tar.bz2 openbsd-ea3a276277c0115eeedb4d04f7cf7a430445de02.zip | |
Demacro MD5 and improve data loading.
Use static inline functions instead of macros and improve handling of
aligned data. Also number rounds as per RFC 1321.
ok tb@
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/libcrypto/md5/md5.c | 270 |
1 files changed, 154 insertions, 116 deletions
diff --git a/src/lib/libcrypto/md5/md5.c b/src/lib/libcrypto/md5/md5.c index c2ee2958df..cb1a9a3a09 100644 --- a/src/lib/libcrypto/md5/md5.c +++ b/src/lib/libcrypto/md5/md5.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: md5.c,v 1.18 2023/08/15 08:39:27 jsing Exp $ */ | 1 | /* $OpenBSD: md5.c,v 1.19 2024/03/26 05:21:35 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -90,47 +90,64 @@ void md5_block_asm_data_order(MD5_CTX *c, const void *p, size_t num); | |||
| 90 | 90 | ||
| 91 | #include "md32_common.h" | 91 | #include "md32_common.h" |
| 92 | 92 | ||
| 93 | /* | 93 | #ifndef MD5_ASM |
| 94 | #define F(x,y,z) (((x) & (y)) | ((~(x)) & (z))) | 94 | static inline uint32_t |
| 95 | #define G(x,y,z) (((x) & (z)) | ((y) & (~(z)))) | 95 | md5_F(uint32_t x, uint32_t y, uint32_t z) |
| 96 | */ | 96 | { |
| 97 | return (x & y) | (~x & z); | ||
| 98 | } | ||
| 97 | 99 | ||
| 98 | /* As pointed out by Wei Dai <weidai@eskimo.com>, the above can be | 100 | static inline uint32_t |
| 99 | * simplified to the code below. Wei attributes these optimizations | 101 | md5_G(uint32_t x, uint32_t y, uint32_t z) |
| 100 | * to Peter Gutmann's SHS code, and he attributes it to Rich Schroeppel. | 102 | { |
| 101 | */ | 103 | return (x & z) | (y & ~z); |
| 102 | #define F(b,c,d) ((((c) ^ (d)) & (b)) ^ (d)) | 104 | } |
| 103 | #define G(b,c,d) ((((b) ^ (c)) & (d)) ^ (c)) | ||
| 104 | #define H(b,c,d) ((b) ^ (c) ^ (d)) | ||
| 105 | #define I(b,c,d) (((~(d)) | (b)) ^ (c)) | ||
| 106 | 105 | ||
| 107 | #define R0(a,b,c,d,k,s,t) { \ | 106 | static inline uint32_t |
| 108 | a+=((k)+(t)+F((b),(c),(d))); \ | 107 | md5_H(uint32_t x, uint32_t y, uint32_t z) |
| 109 | a=ROTATE(a,s); \ | 108 | { |
| 110 | a+=b; };\ | 109 | return x ^ y ^ z; |
| 110 | } | ||
| 111 | |||
| 112 | static inline uint32_t | ||
| 113 | md5_I(uint32_t x, uint32_t y, uint32_t z) | ||
| 114 | { | ||
| 115 | return y ^ (x | ~z); | ||
| 116 | } | ||
| 111 | 117 | ||
| 112 | #define R1(a,b,c,d,k,s,t) { \ | 118 | static inline void |
| 113 | a+=((k)+(t)+G((b),(c),(d))); \ | 119 | md5_round1(uint32_t *a, uint32_t b, uint32_t c, uint32_t d, uint32_t x, |
| 114 | a=ROTATE(a,s); \ | 120 | uint32_t t, uint32_t s) |
| 115 | a+=b; }; | 121 | { |
| 122 | *a = b + crypto_rol_u32(*a + md5_F(b, c, d) + x + t, s); | ||
| 123 | } | ||
| 116 | 124 | ||
| 117 | #define R2(a,b,c,d,k,s,t) { \ | 125 | static inline void |
| 118 | a+=((k)+(t)+H((b),(c),(d))); \ | 126 | md5_round2(uint32_t *a, uint32_t b, uint32_t c, uint32_t d, uint32_t x, |
| 119 | a=ROTATE(a,s); \ | 127 | uint32_t t, uint32_t s) |
| 120 | a+=b; }; | 128 | { |
| 129 | *a = b + crypto_rol_u32(*a + md5_G(b, c, d) + x + t, s); | ||
| 130 | } | ||
| 121 | 131 | ||
| 122 | #define R3(a,b,c,d,k,s,t) { \ | 132 | static inline void |
| 123 | a+=((k)+(t)+I((b),(c),(d))); \ | 133 | md5_round3(uint32_t *a, uint32_t b, uint32_t c, uint32_t d, uint32_t x, |
| 124 | a=ROTATE(a,s); \ | 134 | uint32_t t, uint32_t s) |
| 125 | a+=b; }; | 135 | { |
| 136 | *a = b + crypto_rol_u32(*a + md5_H(b, c, d) + x + t, s); | ||
| 137 | } | ||
| 126 | 138 | ||
| 127 | /* Implemented from RFC1321 The MD5 Message-Digest Algorithm. */ | 139 | static inline void |
| 140 | md5_round4(uint32_t *a, uint32_t b, uint32_t c, uint32_t d, uint32_t x, | ||
| 141 | uint32_t t, uint32_t s) | ||
| 142 | { | ||
| 143 | *a = b + crypto_rol_u32(*a + md5_I(b, c, d) + x + t, s); | ||
| 144 | } | ||
| 128 | 145 | ||
| 129 | #ifndef MD5_ASM | ||
| 130 | static void | 146 | static void |
| 131 | md5_block_data_order(MD5_CTX *c, const void *_in, size_t num) | 147 | md5_block_data_order(MD5_CTX *c, const void *_in, size_t num) |
| 132 | { | 148 | { |
| 133 | const uint8_t *in = _in; | 149 | const uint8_t *in = _in; |
| 150 | const MD5_LONG *in32; | ||
| 134 | MD5_LONG A, B, C, D; | 151 | MD5_LONG A, B, C, D; |
| 135 | MD5_LONG X0, X1, X2, X3, X4, X5, X6, X7, | 152 | MD5_LONG X0, X1, X2, X3, X4, X5, X6, X7, |
| 136 | X8, X9, X10, X11, X12, X13, X14, X15; | 153 | X8, X9, X10, X11, X12, X13, X14, X15; |
| @@ -140,93 +157,114 @@ md5_block_data_order(MD5_CTX *c, const void *_in, size_t num) | |||
| 140 | C = c->C; | 157 | C = c->C; |
| 141 | D = c->D; | 158 | D = c->D; |
| 142 | 159 | ||
| 143 | for (; num--; ) { | 160 | while (num-- > 0) { |
| 144 | X0 = crypto_load_le32toh(&in[0 * 4]); | 161 | if ((uintptr_t)in % 4 == 0) { |
| 145 | X1 = crypto_load_le32toh(&in[1 * 4]); | 162 | /* Input is 32 bit aligned. */ |
| 146 | X2 = crypto_load_le32toh(&in[2 * 4]); | 163 | in32 = (const MD5_LONG *)in; |
| 147 | X3 = crypto_load_le32toh(&in[3 * 4]); | 164 | X0 = le32toh(in32[0]); |
| 148 | X4 = crypto_load_le32toh(&in[4 * 4]); | 165 | X1 = le32toh(in32[1]); |
| 149 | X5 = crypto_load_le32toh(&in[5 * 4]); | 166 | X2 = le32toh(in32[2]); |
| 150 | X6 = crypto_load_le32toh(&in[6 * 4]); | 167 | X3 = le32toh(in32[3]); |
| 151 | X7 = crypto_load_le32toh(&in[7 * 4]); | 168 | X4 = le32toh(in32[4]); |
| 152 | X8 = crypto_load_le32toh(&in[8 * 4]); | 169 | X5 = le32toh(in32[5]); |
| 153 | X9 = crypto_load_le32toh(&in[9 * 4]); | 170 | X6 = le32toh(in32[6]); |
| 154 | X10 = crypto_load_le32toh(&in[10 * 4]); | 171 | X7 = le32toh(in32[7]); |
| 155 | X11 = crypto_load_le32toh(&in[11 * 4]); | 172 | X8 = le32toh(in32[8]); |
| 156 | X12 = crypto_load_le32toh(&in[12 * 4]); | 173 | X9 = le32toh(in32[9]); |
| 157 | X13 = crypto_load_le32toh(&in[13 * 4]); | 174 | X10 = le32toh(in32[10]); |
| 158 | X14 = crypto_load_le32toh(&in[14 * 4]); | 175 | X11 = le32toh(in32[11]); |
| 159 | X15 = crypto_load_le32toh(&in[15 * 4]); | 176 | X12 = le32toh(in32[12]); |
| 177 | X13 = le32toh(in32[13]); | ||
| 178 | X14 = le32toh(in32[14]); | ||
| 179 | X15 = le32toh(in32[15]); | ||
| 180 | } else { | ||
| 181 | /* Input is not 32 bit aligned. */ | ||
| 182 | X0 = crypto_load_le32toh(&in[0 * 4]); | ||
| 183 | X1 = crypto_load_le32toh(&in[1 * 4]); | ||
| 184 | X2 = crypto_load_le32toh(&in[2 * 4]); | ||
| 185 | X3 = crypto_load_le32toh(&in[3 * 4]); | ||
| 186 | X4 = crypto_load_le32toh(&in[4 * 4]); | ||
| 187 | X5 = crypto_load_le32toh(&in[5 * 4]); | ||
| 188 | X6 = crypto_load_le32toh(&in[6 * 4]); | ||
| 189 | X7 = crypto_load_le32toh(&in[7 * 4]); | ||
| 190 | X8 = crypto_load_le32toh(&in[8 * 4]); | ||
| 191 | X9 = crypto_load_le32toh(&in[9 * 4]); | ||
| 192 | X10 = crypto_load_le32toh(&in[10 * 4]); | ||
| 193 | X11 = crypto_load_le32toh(&in[11 * 4]); | ||
| 194 | X12 = crypto_load_le32toh(&in[12 * 4]); | ||
| 195 | X13 = crypto_load_le32toh(&in[13 * 4]); | ||
| 196 | X14 = crypto_load_le32toh(&in[14 * 4]); | ||
| 197 | X15 = crypto_load_le32toh(&in[15 * 4]); | ||
| 198 | } | ||
| 160 | in += MD5_CBLOCK; | 199 | in += MD5_CBLOCK; |
| 161 | 200 | ||
| 162 | /* Round 0 */ | 201 | md5_round1(&A, B, C, D, X0, 0xd76aa478L, 7); |
| 163 | R0(A, B, C, D, X0, 7, 0xd76aa478L); | 202 | md5_round1(&D, A, B, C, X1, 0xe8c7b756L, 12); |
| 164 | R0(D, A, B, C, X1, 12, 0xe8c7b756L); | 203 | md5_round1(&C, D, A, B, X2, 0x242070dbL, 17); |
| 165 | R0(C, D, A, B, X2, 17, 0x242070dbL); | 204 | md5_round1(&B, C, D, A, X3, 0xc1bdceeeL, 22); |
| 166 | R0(B, C, D, A, X3, 22, 0xc1bdceeeL); | 205 | md5_round1(&A, B, C, D, X4, 0xf57c0fafL, 7); |
| 167 | R0(A, B, C, D, X4, 7, 0xf57c0fafL); | 206 | md5_round1(&D, A, B, C, X5, 0x4787c62aL, 12); |
| 168 | R0(D, A, B, C, X5, 12, 0x4787c62aL); | 207 | md5_round1(&C, D, A, B, X6, 0xa8304613L, 17); |
| 169 | R0(C, D, A, B, X6, 17, 0xa8304613L); | 208 | md5_round1(&B, C, D, A, X7, 0xfd469501L, 22); |
| 170 | R0(B, C, D, A, X7, 22, 0xfd469501L); | 209 | md5_round1(&A, B, C, D, X8, 0x698098d8L, 7); |
| 171 | R0(A, B, C, D, X8, 7, 0x698098d8L); | 210 | md5_round1(&D, A, B, C, X9, 0x8b44f7afL, 12); |
| 172 | R0(D, A, B, C, X9, 12, 0x8b44f7afL); | 211 | md5_round1(&C, D, A, B, X10, 0xffff5bb1L, 17); |
| 173 | R0(C, D, A, B, X10, 17, 0xffff5bb1L); | 212 | md5_round1(&B, C, D, A, X11, 0x895cd7beL, 22); |
| 174 | R0(B, C, D, A, X11, 22, 0x895cd7beL); | 213 | md5_round1(&A, B, C, D, X12, 0x6b901122L, 7); |
| 175 | R0(A, B, C, D, X12, 7, 0x6b901122L); | 214 | md5_round1(&D, A, B, C, X13, 0xfd987193L, 12); |
| 176 | R0(D, A, B, C, X13, 12, 0xfd987193L); | 215 | md5_round1(&C, D, A, B, X14, 0xa679438eL, 17); |
| 177 | R0(C, D, A, B, X14, 17, 0xa679438eL); | 216 | md5_round1(&B, C, D, A, X15, 0x49b40821L, 22); |
| 178 | R0(B, C, D, A, X15, 22, 0x49b40821L); | 217 | |
| 179 | /* Round 1 */ | 218 | md5_round2(&A, B, C, D, X1, 0xf61e2562L, 5); |
| 180 | R1(A, B, C, D, X1, 5, 0xf61e2562L); | 219 | md5_round2(&D, A, B, C, X6, 0xc040b340L, 9); |
| 181 | R1(D, A, B, C, X6, 9, 0xc040b340L); | 220 | md5_round2(&C, D, A, B, X11, 0x265e5a51L, 14); |
| 182 | R1(C, D, A, B, X11, 14, 0x265e5a51L); | 221 | md5_round2(&B, C, D, A, X0, 0xe9b6c7aaL, 20); |
| 183 | R1(B, C, D, A, X0, 20, 0xe9b6c7aaL); | 222 | md5_round2(&A, B, C, D, X5, 0xd62f105dL, 5); |
| 184 | R1(A, B, C, D, X5, 5, 0xd62f105dL); | 223 | md5_round2(&D, A, B, C, X10, 0x02441453L, 9); |
| 185 | R1(D, A, B, C, X10, 9, 0x02441453L); | 224 | md5_round2(&C, D, A, B, X15, 0xd8a1e681L, 14); |
| 186 | R1(C, D, A, B, X15, 14, 0xd8a1e681L); | 225 | md5_round2(&B, C, D, A, X4, 0xe7d3fbc8L, 20); |
| 187 | R1(B, C, D, A, X4, 20, 0xe7d3fbc8L); | 226 | md5_round2(&A, B, C, D, X9, 0x21e1cde6L, 5); |
| 188 | R1(A, B, C, D, X9, 5, 0x21e1cde6L); | 227 | md5_round2(&D, A, B, C, X14, 0xc33707d6L, 9); |
| 189 | R1(D, A, B, C, X14, 9, 0xc33707d6L); | 228 | md5_round2(&C, D, A, B, X3, 0xf4d50d87L, 14); |
| 190 | R1(C, D, A, B, X3, 14, 0xf4d50d87L); | 229 | md5_round2(&B, C, D, A, X8, 0x455a14edL, 20); |
| 191 | R1(B, C, D, A, X8, 20, 0x455a14edL); | 230 | md5_round2(&A, B, C, D, X13, 0xa9e3e905L, 5); |
| 192 | R1(A, B, C, D, X13, 5, 0xa9e3e905L); | 231 | md5_round2(&D, A, B, C, X2, 0xfcefa3f8L, 9); |
| 193 | R1(D, A, B, C, X2, 9, 0xfcefa3f8L); | 232 | md5_round2(&C, D, A, B, X7, 0x676f02d9L, 14); |
| 194 | R1(C, D, A, B, X7, 14, 0x676f02d9L); | 233 | md5_round2(&B, C, D, A, X12, 0x8d2a4c8aL, 20); |
| 195 | R1(B, C, D, A, X12, 20, 0x8d2a4c8aL); | 234 | |
| 196 | /* Round 2 */ | 235 | md5_round3(&A, B, C, D, X5, 0xfffa3942L, 4); |
| 197 | R2(A, B, C, D, X5, 4, 0xfffa3942L); | 236 | md5_round3(&D, A, B, C, X8, 0x8771f681L, 11); |
| 198 | R2(D, A, B, C, X8, 11, 0x8771f681L); | 237 | md5_round3(&C, D, A, B, X11, 0x6d9d6122L, 16); |
| 199 | R2(C, D, A, B, X11, 16, 0x6d9d6122L); | 238 | md5_round3(&B, C, D, A, X14, 0xfde5380cL, 23); |
| 200 | R2(B, C, D, A, X14, 23, 0xfde5380cL); | 239 | md5_round3(&A, B, C, D, X1, 0xa4beea44L, 4); |
| 201 | R2(A, B, C, D, X1, 4, 0xa4beea44L); | 240 | md5_round3(&D, A, B, C, X4, 0x4bdecfa9L, 11); |
| 202 | R2(D, A, B, C, X4, 11, 0x4bdecfa9L); | 241 | md5_round3(&C, D, A, B, X7, 0xf6bb4b60L, 16); |
| 203 | R2(C, D, A, B, X7, 16, 0xf6bb4b60L); | 242 | md5_round3(&B, C, D, A, X10, 0xbebfbc70L, 23); |
| 204 | R2(B, C, D, A, X10, 23, 0xbebfbc70L); | 243 | md5_round3(&A, B, C, D, X13, 0x289b7ec6L, 4); |
| 205 | R2(A, B, C, D, X13, 4, 0x289b7ec6L); | 244 | md5_round3(&D, A, B, C, X0, 0xeaa127faL, 11); |
| 206 | R2(D, A, B, C, X0, 11, 0xeaa127faL); | 245 | md5_round3(&C, D, A, B, X3, 0xd4ef3085L, 16); |
| 207 | R2(C, D, A, B, X3, 16, 0xd4ef3085L); | 246 | md5_round3(&B, C, D, A, X6, 0x04881d05L, 23); |
| 208 | R2(B, C, D, A, X6, 23, 0x04881d05L); | 247 | md5_round3(&A, B, C, D, X9, 0xd9d4d039L, 4); |
| 209 | R2(A, B, C, D, X9, 4, 0xd9d4d039L); | 248 | md5_round3(&D, A, B, C, X12, 0xe6db99e5L, 11); |
| 210 | R2(D, A, B, C, X12, 11, 0xe6db99e5L); | 249 | md5_round3(&C, D, A, B, X15, 0x1fa27cf8L, 16); |
| 211 | R2(C, D, A, B, X15, 16, 0x1fa27cf8L); | 250 | md5_round3(&B, C, D, A, X2, 0xc4ac5665L, 23); |
| 212 | R2(B, C, D, A, X2, 23, 0xc4ac5665L); | 251 | |
| 213 | /* Round 3 */ | 252 | md5_round4(&A, B, C, D, X0, 0xf4292244L, 6); |
| 214 | R3(A, B, C, D, X0, 6, 0xf4292244L); | 253 | md5_round4(&D, A, B, C, X7, 0x432aff97L, 10); |
| 215 | R3(D, A, B, C, X7, 10, 0x432aff97L); | 254 | md5_round4(&C, D, A, B, X14, 0xab9423a7L, 15); |
| 216 | R3(C, D, A, B, X14, 15, 0xab9423a7L); | 255 | md5_round4(&B, C, D, A, X5, 0xfc93a039L, 21); |
| 217 | R3(B, C, D, A, X5, 21, 0xfc93a039L); | 256 | md5_round4(&A, B, C, D, X12, 0x655b59c3L, 6); |
| 218 | R3(A, B, C, D, X12, 6, 0x655b59c3L); | 257 | md5_round4(&D, A, B, C, X3, 0x8f0ccc92L, 10); |
| 219 | R3(D, A, B, C, X3, 10, 0x8f0ccc92L); | 258 | md5_round4(&C, D, A, B, X10, 0xffeff47dL, 15); |
| 220 | R3(C, D, A, B, X10, 15, 0xffeff47dL); | 259 | md5_round4(&B, C, D, A, X1, 0x85845dd1L, 21); |
| 221 | R3(B, C, D, A, X1, 21, 0x85845dd1L); | 260 | md5_round4(&A, B, C, D, X8, 0x6fa87e4fL, 6); |
| 222 | R3(A, B, C, D, X8, 6, 0x6fa87e4fL); | 261 | md5_round4(&D, A, B, C, X15, 0xfe2ce6e0L, 10); |
| 223 | R3(D, A, B, C, X15, 10, 0xfe2ce6e0L); | 262 | md5_round4(&C, D, A, B, X6, 0xa3014314L, 15); |
| 224 | R3(C, D, A, B, X6, 15, 0xa3014314L); | 263 | md5_round4(&B, C, D, A, X13, 0x4e0811a1L, 21); |
| 225 | R3(B, C, D, A, X13, 21, 0x4e0811a1L); | 264 | md5_round4(&A, B, C, D, X4, 0xf7537e82L, 6); |
| 226 | R3(A, B, C, D, X4, 6, 0xf7537e82L); | 265 | md5_round4(&D, A, B, C, X11, 0xbd3af235L, 10); |
| 227 | R3(D, A, B, C, X11, 10, 0xbd3af235L); | 266 | md5_round4(&C, D, A, B, X2, 0x2ad7d2bbL, 15); |
| 228 | R3(C, D, A, B, X2, 15, 0x2ad7d2bbL); | 267 | md5_round4(&B, C, D, A, X9, 0xeb86d391L, 21); |
| 229 | R3(B, C, D, A, X9, 21, 0xeb86d391L); | ||
| 230 | 268 | ||
| 231 | A = c->A += A; | 269 | A = c->A += A; |
| 232 | B = c->B += B; | 270 | B = c->B += B; |