summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/lib/libcrypto/Makefile5
-rw-r--r--src/lib/libcrypto/whrlpool/whirlpool.c (renamed from src/lib/libcrypto/whrlpool/wp_block.c)230
-rw-r--r--src/lib/libcrypto/whrlpool/wp_dgst.c267
-rw-r--r--src/lib/libcrypto/whrlpool/wp_local.h11
4 files changed, 229 insertions, 284 deletions
diff --git a/src/lib/libcrypto/Makefile b/src/lib/libcrypto/Makefile
index d3533412fd..b763757ebf 100644
--- a/src/lib/libcrypto/Makefile
+++ b/src/lib/libcrypto/Makefile
@@ -1,4 +1,4 @@
1# $OpenBSD: Makefile,v 1.186 2024/03/29 02:33:44 jsing Exp $ 1# $OpenBSD: Makefile,v 1.187 2024/03/29 02:41:49 jsing Exp $
2 2
3LIB= crypto 3LIB= crypto
4LIBREBUILD=y 4LIBREBUILD=y
@@ -557,8 +557,7 @@ SRCS+= ui_openssl.c
557SRCS+= ui_util.c 557SRCS+= ui_util.c
558 558
559# whrlpool/ 559# whrlpool/
560SRCS+= wp_block.c 560SRCS+= whirlpool.c
561SRCS+= wp_dgst.c
562 561
563# x509/ 562# x509/
564SRCS+= by_dir.c 563SRCS+= by_dir.c
diff --git a/src/lib/libcrypto/whrlpool/wp_block.c b/src/lib/libcrypto/whrlpool/whirlpool.c
index ad814a3463..217c5a919b 100644
--- a/src/lib/libcrypto/whrlpool/wp_block.c
+++ b/src/lib/libcrypto/whrlpool/whirlpool.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: wp_block.c,v 1.15 2022/11/26 16:08:54 tb Exp $ */ 1/* $OpenBSD: whirlpool.c,v 1.1 2024/03/29 02:41:49 jsing Exp $ */
2/** 2/**
3 * The Whirlpool hashing function. 3 * The Whirlpool hashing function.
4 * 4 *
@@ -36,11 +36,27 @@
36 * 36 *
37 */ 37 */
38 38
39/*
40 * OpenSSL-specific implementation notes.
41 *
42 * WHIRLPOOL_Update as well as one-stroke WHIRLPOOL both expect
43 * number of *bytes* as input length argument. Bit-oriented routine
44 * as specified by authors is called WHIRLPOOL_BitUpdate[!] and
45 * does not have one-stroke counterpart.
46 *
47 * WHIRLPOOL_BitUpdate implements byte-oriented loop, essentially
48 * to serve WHIRLPOOL_Update. This is done for performance.
49 *
50 * Unlike authors' reference implementation, block processing
51 * routine whirlpool_block is designed to operate on multi-block
52 * input. This is done for performance.
53 */
54
39#include <endian.h> 55#include <endian.h>
40#include <string.h> 56#include <string.h>
41#include <openssl/crypto.h>
42 57
43#include "wp_local.h" 58#include <openssl/crypto.h>
59#include <openssl/whrlpool.h>
44 60
45typedef unsigned char u8; 61typedef unsigned char u8;
46#if defined(_LP64) 62#if defined(_LP64)
@@ -627,3 +643,211 @@ void whirlpool_block(WHIRLPOOL_CTX *ctx,const void *inp,size_t n)
627 p += 64; 643 p += 64;
628 } while(--n); 644 } while(--n);
629 } 645 }
646
647int
648WHIRLPOOL_Init(WHIRLPOOL_CTX *c)
649{
650 memset (c, 0, sizeof(*c));
651 return (1);
652}
653
654int
655WHIRLPOOL_Update(WHIRLPOOL_CTX *c, const void *_inp, size_t bytes)
656{
657 /* Well, largest suitable chunk size actually is
658 * (1<<(sizeof(size_t)*8-3))-64, but below number
659 * is large enough for not to care about excessive
660 * calls to WHIRLPOOL_BitUpdate... */
661 size_t chunk = ((size_t)1) << (sizeof(size_t)*8 - 4);
662 const unsigned char *inp = _inp;
663
664 while (bytes >= chunk) {
665 WHIRLPOOL_BitUpdate(c, inp, chunk*8);
666 bytes -= chunk;
667 inp += chunk;
668 }
669 if (bytes)
670 WHIRLPOOL_BitUpdate(c, inp, bytes*8);
671
672 return (1);
673}
674
675void
676WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c, const void *_inp, size_t bits)
677{
678 size_t n;
679 unsigned int bitoff = c->bitoff,
680 bitrem = bitoff % 8,
681 inpgap = (8 - (unsigned int)bits % 8)&7;
682 const unsigned char *inp = _inp;
683
684 /* This 256-bit increment procedure relies on the size_t
685 * being natural size of CPU register, so that we don't
686 * have to mask the value in order to detect overflows. */
687 c->bitlen[0] += bits;
688 if (c->bitlen[0] < bits) /* overflow */
689 {
690 n = 1;
691 do {
692 c->bitlen[n]++;
693 } while (c->bitlen[n]==0 &&
694 ++n < (WHIRLPOOL_COUNTER/sizeof(size_t)));
695 }
696
697#ifndef OPENSSL_SMALL_FOOTPRINT
698reconsider:
699 if (inpgap==0 && bitrem==0) /* byte-oriented loop */
700 {
701 while (bits) {
702 if (bitoff == 0 && (n = bits/WHIRLPOOL_BBLOCK)) {
703 whirlpool_block(c, inp, n);
704 inp += n*WHIRLPOOL_BBLOCK/8;
705 bits %= WHIRLPOOL_BBLOCK;
706 } else {
707 unsigned int byteoff = bitoff/8;
708
709 bitrem = WHIRLPOOL_BBLOCK - bitoff;/* re-use bitrem */
710 if (bits >= bitrem) {
711 bits -= bitrem;
712 bitrem /= 8;
713 memcpy(c->data + byteoff, inp, bitrem);
714 inp += bitrem;
715 whirlpool_block(c, c->data, 1);
716 bitoff = 0;
717 } else {
718 memcpy(c->data + byteoff, inp, bits/8);
719 bitoff += (unsigned int)bits;
720 bits = 0;
721 }
722 c->bitoff = bitoff;
723 }
724 }
725 }
726 else /* bit-oriented loop */
727#endif
728 {
729 /*
730 inp
731 |
732 +-------+-------+-------
733 |||||||||||||||||||||
734 +-------+-------+-------
735 +-------+-------+-------+-------+-------
736 |||||||||||||| c->data
737 +-------+-------+-------+-------+-------
738 |
739 c->bitoff/8
740 */
741 while (bits) {
742 unsigned int byteoff = bitoff/8;
743 unsigned char b;
744
745#ifndef OPENSSL_SMALL_FOOTPRINT
746 if (bitrem == inpgap) {
747 c->data[byteoff++] |= inp[0] & (0xff >> inpgap);
748 inpgap = 8 - inpgap;
749 bitoff += inpgap; bitrem = 0; /* bitoff%8 */
750 bits -= inpgap; inpgap = 0; /* bits%8 */
751 inp++;
752 if (bitoff == WHIRLPOOL_BBLOCK) {
753 whirlpool_block(c, c->data, 1);
754 bitoff = 0;
755 }
756 c->bitoff = bitoff;
757 goto reconsider;
758 } else
759#endif
760 if (bits >= 8) {
761 b = ((inp[0]<<inpgap) | (inp[1]>>(8 - inpgap)));
762 b &= 0xff;
763 if (bitrem)
764 c->data[byteoff++] |= b >> bitrem;
765 else
766 c->data[byteoff++] = b;
767 bitoff += 8;
768 bits -= 8;
769 inp++;
770 if (bitoff >= WHIRLPOOL_BBLOCK) {
771 whirlpool_block(c, c->data, 1);
772 byteoff = 0;
773 bitoff %= WHIRLPOOL_BBLOCK;
774 }
775 if (bitrem)
776 c->data[byteoff] = b << (8 - bitrem);
777 }
778 else /* remaining less than 8 bits */
779 {
780 b = (inp[0]<<inpgap)&0xff;
781 if (bitrem)
782 c->data[byteoff++] |= b >> bitrem;
783 else
784 c->data[byteoff++] = b;
785 bitoff += (unsigned int)bits;
786 if (bitoff == WHIRLPOOL_BBLOCK) {
787 whirlpool_block(c, c->data, 1);
788 byteoff = 0;
789 bitoff %= WHIRLPOOL_BBLOCK;
790 }
791 if (bitrem)
792 c->data[byteoff] = b << (8 - bitrem);
793 bits = 0;
794 }
795 c->bitoff = bitoff;
796 }
797 }
798}
799
800int
801WHIRLPOOL_Final(unsigned char *md, WHIRLPOOL_CTX *c)
802{
803 unsigned int bitoff = c->bitoff,
804 byteoff = bitoff/8;
805 size_t i, j, v;
806 unsigned char *p;
807
808 bitoff %= 8;
809 if (bitoff)
810 c->data[byteoff] |= 0x80 >> bitoff;
811 else
812 c->data[byteoff] = 0x80;
813 byteoff++;
814
815 /* pad with zeros */
816 if (byteoff > (WHIRLPOOL_BBLOCK/8 - WHIRLPOOL_COUNTER)) {
817 if (byteoff < WHIRLPOOL_BBLOCK/8)
818 memset(&c->data[byteoff], 0, WHIRLPOOL_BBLOCK/8 - byteoff);
819 whirlpool_block(c, c->data, 1);
820 byteoff = 0;
821 }
822 if (byteoff < (WHIRLPOOL_BBLOCK/8 - WHIRLPOOL_COUNTER))
823 memset(&c->data[byteoff], 0,
824 (WHIRLPOOL_BBLOCK/8 - WHIRLPOOL_COUNTER) - byteoff);
825 /* smash 256-bit c->bitlen in big-endian order */
826 p = &c->data[WHIRLPOOL_BBLOCK/8-1]; /* last byte in c->data */
827 for (i = 0; i < WHIRLPOOL_COUNTER/sizeof(size_t); i++)
828 for (v = c->bitlen[i], j = 0; j < sizeof(size_t); j++, v >>= 8)
829 *p-- = (unsigned char)(v&0xff);
830
831 whirlpool_block(c, c->data, 1);
832
833 if (md) {
834 memcpy(md, c->H.c, WHIRLPOOL_DIGEST_LENGTH);
835 memset(c, 0, sizeof(*c));
836 return (1);
837 }
838 return (0);
839}
840
841unsigned char *
842WHIRLPOOL(const void *inp, size_t bytes, unsigned char *md)
843{
844 WHIRLPOOL_CTX ctx;
845 static unsigned char m[WHIRLPOOL_DIGEST_LENGTH];
846
847 if (md == NULL)
848 md = m;
849 WHIRLPOOL_Init(&ctx);
850 WHIRLPOOL_Update(&ctx, inp, bytes);
851 WHIRLPOOL_Final(md, &ctx);
852 return (md);
853}
diff --git a/src/lib/libcrypto/whrlpool/wp_dgst.c b/src/lib/libcrypto/whrlpool/wp_dgst.c
deleted file mode 100644
index 0e7c9c56d9..0000000000
--- a/src/lib/libcrypto/whrlpool/wp_dgst.c
+++ /dev/null
@@ -1,267 +0,0 @@
1/* $OpenBSD: wp_dgst.c,v 1.8 2024/03/29 00:16:22 jsing Exp $ */
2/**
3 * The Whirlpool hashing function.
4 *
5 * <P>
6 * <b>References</b>
7 *
8 * <P>
9 * The Whirlpool algorithm was developed by
10 * <a href="mailto:pbarreto@scopus.com.br">Paulo S. L. M. Barreto</a> and
11 * <a href="mailto:vincent.rijmen@cryptomathic.com">Vincent Rijmen</a>.
12 *
13 * See
14 * P.S.L.M. Barreto, V. Rijmen,
15 * ``The Whirlpool hashing function,''
16 * NESSIE submission, 2000 (tweaked version, 2001),
17 * <https://www.cosic.esat.kuleuven.ac.be/nessie/workshop/submissions/whirlpool.zip>
18 *
19 * Based on "@version 3.0 (2003.03.12)" by Paulo S.L.M. Barreto and
20 * Vincent Rijmen. Lookup "reference implementations" on
21 * <http://planeta.terra.com.br/informatica/paulobarreto/>
22 *
23 * =============================================================================
24 *
25 * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS
26 * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
27 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
28 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE
29 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
30 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
31 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
32 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
33 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
34 * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
35 * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36 *
37 */
38
39/*
40 * OpenSSL-specific implementation notes.
41 *
42 * WHIRLPOOL_Update as well as one-stroke WHIRLPOOL both expect
43 * number of *bytes* as input length argument. Bit-oriented routine
44 * as specified by authors is called WHIRLPOOL_BitUpdate[!] and
45 * does not have one-stroke counterpart.
46 *
47 * WHIRLPOOL_BitUpdate implements byte-oriented loop, essentially
48 * to serve WHIRLPOOL_Update. This is done for performance.
49 *
50 * Unlike authors' reference implementation, block processing
51 * routine whirlpool_block is designed to operate on multi-block
52 * input. This is done for performance.
53 */
54
55#include <string.h>
56
57#include <openssl/crypto.h>
58
59#include "wp_local.h"
60
61int
62WHIRLPOOL_Init(WHIRLPOOL_CTX *c)
63{
64 memset (c, 0, sizeof(*c));
65 return (1);
66}
67
68int
69WHIRLPOOL_Update(WHIRLPOOL_CTX *c, const void *_inp, size_t bytes)
70{
71 /* Well, largest suitable chunk size actually is
72 * (1<<(sizeof(size_t)*8-3))-64, but below number
73 * is large enough for not to care about excessive
74 * calls to WHIRLPOOL_BitUpdate... */
75 size_t chunk = ((size_t)1) << (sizeof(size_t)*8 - 4);
76 const unsigned char *inp = _inp;
77
78 while (bytes >= chunk) {
79 WHIRLPOOL_BitUpdate(c, inp, chunk*8);
80 bytes -= chunk;
81 inp += chunk;
82 }
83 if (bytes)
84 WHIRLPOOL_BitUpdate(c, inp, bytes*8);
85
86 return (1);
87}
88
89void
90WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c, const void *_inp, size_t bits)
91{
92 size_t n;
93 unsigned int bitoff = c->bitoff,
94 bitrem = bitoff % 8,
95 inpgap = (8 - (unsigned int)bits % 8)&7;
96 const unsigned char *inp = _inp;
97
98 /* This 256-bit increment procedure relies on the size_t
99 * being natural size of CPU register, so that we don't
100 * have to mask the value in order to detect overflows. */
101 c->bitlen[0] += bits;
102 if (c->bitlen[0] < bits) /* overflow */
103 {
104 n = 1;
105 do {
106 c->bitlen[n]++;
107 } while (c->bitlen[n]==0 &&
108 ++n < (WHIRLPOOL_COUNTER/sizeof(size_t)));
109 }
110
111#ifndef OPENSSL_SMALL_FOOTPRINT
112reconsider:
113 if (inpgap==0 && bitrem==0) /* byte-oriented loop */
114 {
115 while (bits) {
116 if (bitoff == 0 && (n = bits/WHIRLPOOL_BBLOCK)) {
117 whirlpool_block(c, inp, n);
118 inp += n*WHIRLPOOL_BBLOCK/8;
119 bits %= WHIRLPOOL_BBLOCK;
120 } else {
121 unsigned int byteoff = bitoff/8;
122
123 bitrem = WHIRLPOOL_BBLOCK - bitoff;/* re-use bitrem */
124 if (bits >= bitrem) {
125 bits -= bitrem;
126 bitrem /= 8;
127 memcpy(c->data + byteoff, inp, bitrem);
128 inp += bitrem;
129 whirlpool_block(c, c->data, 1);
130 bitoff = 0;
131 } else {
132 memcpy(c->data + byteoff, inp, bits/8);
133 bitoff += (unsigned int)bits;
134 bits = 0;
135 }
136 c->bitoff = bitoff;
137 }
138 }
139 }
140 else /* bit-oriented loop */
141#endif
142 {
143 /*
144 inp
145 |
146 +-------+-------+-------
147 |||||||||||||||||||||
148 +-------+-------+-------
149 +-------+-------+-------+-------+-------
150 |||||||||||||| c->data
151 +-------+-------+-------+-------+-------
152 |
153 c->bitoff/8
154 */
155 while (bits) {
156 unsigned int byteoff = bitoff/8;
157 unsigned char b;
158
159#ifndef OPENSSL_SMALL_FOOTPRINT
160 if (bitrem == inpgap) {
161 c->data[byteoff++] |= inp[0] & (0xff >> inpgap);
162 inpgap = 8 - inpgap;
163 bitoff += inpgap; bitrem = 0; /* bitoff%8 */
164 bits -= inpgap; inpgap = 0; /* bits%8 */
165 inp++;
166 if (bitoff == WHIRLPOOL_BBLOCK) {
167 whirlpool_block(c, c->data, 1);
168 bitoff = 0;
169 }
170 c->bitoff = bitoff;
171 goto reconsider;
172 } else
173#endif
174 if (bits >= 8) {
175 b = ((inp[0]<<inpgap) | (inp[1]>>(8 - inpgap)));
176 b &= 0xff;
177 if (bitrem)
178 c->data[byteoff++] |= b >> bitrem;
179 else
180 c->data[byteoff++] = b;
181 bitoff += 8;
182 bits -= 8;
183 inp++;
184 if (bitoff >= WHIRLPOOL_BBLOCK) {
185 whirlpool_block(c, c->data, 1);
186 byteoff = 0;
187 bitoff %= WHIRLPOOL_BBLOCK;
188 }
189 if (bitrem)
190 c->data[byteoff] = b << (8 - bitrem);
191 }
192 else /* remaining less than 8 bits */
193 {
194 b = (inp[0]<<inpgap)&0xff;
195 if (bitrem)
196 c->data[byteoff++] |= b >> bitrem;
197 else
198 c->data[byteoff++] = b;
199 bitoff += (unsigned int)bits;
200 if (bitoff == WHIRLPOOL_BBLOCK) {
201 whirlpool_block(c, c->data, 1);
202 byteoff = 0;
203 bitoff %= WHIRLPOOL_BBLOCK;
204 }
205 if (bitrem)
206 c->data[byteoff] = b << (8 - bitrem);
207 bits = 0;
208 }
209 c->bitoff = bitoff;
210 }
211 }
212}
213
214int
215WHIRLPOOL_Final(unsigned char *md, WHIRLPOOL_CTX *c)
216{
217 unsigned int bitoff = c->bitoff,
218 byteoff = bitoff/8;
219 size_t i, j, v;
220 unsigned char *p;
221
222 bitoff %= 8;
223 if (bitoff)
224 c->data[byteoff] |= 0x80 >> bitoff;
225 else
226 c->data[byteoff] = 0x80;
227 byteoff++;
228
229 /* pad with zeros */
230 if (byteoff > (WHIRLPOOL_BBLOCK/8 - WHIRLPOOL_COUNTER)) {
231 if (byteoff < WHIRLPOOL_BBLOCK/8)
232 memset(&c->data[byteoff], 0, WHIRLPOOL_BBLOCK/8 - byteoff);
233 whirlpool_block(c, c->data, 1);
234 byteoff = 0;
235 }
236 if (byteoff < (WHIRLPOOL_BBLOCK/8 - WHIRLPOOL_COUNTER))
237 memset(&c->data[byteoff], 0,
238 (WHIRLPOOL_BBLOCK/8 - WHIRLPOOL_COUNTER) - byteoff);
239 /* smash 256-bit c->bitlen in big-endian order */
240 p = &c->data[WHIRLPOOL_BBLOCK/8-1]; /* last byte in c->data */
241 for (i = 0; i < WHIRLPOOL_COUNTER/sizeof(size_t); i++)
242 for (v = c->bitlen[i], j = 0; j < sizeof(size_t); j++, v >>= 8)
243 *p-- = (unsigned char)(v&0xff);
244
245 whirlpool_block(c, c->data, 1);
246
247 if (md) {
248 memcpy(md, c->H.c, WHIRLPOOL_DIGEST_LENGTH);
249 memset(c, 0, sizeof(*c));
250 return (1);
251 }
252 return (0);
253}
254
255unsigned char *
256WHIRLPOOL(const void *inp, size_t bytes, unsigned char *md)
257{
258 WHIRLPOOL_CTX ctx;
259 static unsigned char m[WHIRLPOOL_DIGEST_LENGTH];
260
261 if (md == NULL)
262 md = m;
263 WHIRLPOOL_Init(&ctx);
264 WHIRLPOOL_Update(&ctx, inp, bytes);
265 WHIRLPOOL_Final(md, &ctx);
266 return (md);
267}
diff --git a/src/lib/libcrypto/whrlpool/wp_local.h b/src/lib/libcrypto/whrlpool/wp_local.h
deleted file mode 100644
index 892dce23b6..0000000000
--- a/src/lib/libcrypto/whrlpool/wp_local.h
+++ /dev/null
@@ -1,11 +0,0 @@
1/* $OpenBSD: wp_local.h,v 1.2 2023/09/04 08:43:41 tb Exp $ */
2
3#include <sys/types.h>
4
5#include <openssl/whrlpool.h>
6
7__BEGIN_HIDDEN_DECLS
8
9void whirlpool_block(WHIRLPOOL_CTX *,const void *,size_t);
10
11__END_HIDDEN_DECLS
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-21 18:05:22 +0000