1 files changed, 460 insertions, 0 deletions
diff --git a/src/lib/libcrypto/sha/sha1.c b/src/lib/libcrypto/sha/sha1.c
new file mode 100644
index 0000000000..25c87e9bc3
--- /dev/null
+++ b/src/lib/libcrypto/sha/sha1.c
@@ -0,0 +1,460 @@
+/* $OpenBSD: sha1.c,v 1.5 2023/04/11 10:39:50 jsing Exp $ */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/opensslconf.h>
+#include <openssl/crypto.h>
+#include <openssl/sha.h>
+#if !defined(OPENSSL_NO_SHA1) && !defined(OPENSSL_NO_SHA)
+#define DATA_ORDER_IS_BIG_ENDIAN
+#define HASH_LONG               SHA_LONG
+#define HASH_CTX                SHA_CTX
+#define HASH_CBLOCK             SHA_CBLOCK
+#define HASH_MAKE_STRING(c, s)   do {   \
+        unsigned long ll;               \
+        ll=(c)->h0; HOST_l2c(ll,(s));   \
+        ll=(c)->h1; HOST_l2c(ll,(s));   \
+        ll=(c)->h2; HOST_l2c(ll,(s));   \
+        ll=(c)->h3; HOST_l2c(ll,(s));   \
+        ll=(c)->h4; HOST_l2c(ll,(s));   \
+        } while (0)
+#define HASH_UPDATE                     SHA1_Update
+#define HASH_TRANSFORM                  SHA1_Transform
+#define HASH_FINAL                      SHA1_Final
+#define HASH_INIT                       SHA1_Init
+#define HASH_BLOCK_DATA_ORDER           sha1_block_data_order
+#define Xupdate(a, ix, ia, ib, ic, id)  ( (a)=(ia^ib^ic^id),    \
+                                          ix=(a)=ROTATE((a),1)  \
+                                        )
+#ifndef SHA1_ASM
+static
+#endif
+void sha1_block_data_order(SHA_CTX *c, const void *p, size_t num);
+#include "md32_common.h"
+int
+SHA1_Init(SHA_CTX *c)
+{
+        memset(c, 0, sizeof(*c));
+        c->h0 = 0x67452301UL;
+        c->h1 = 0xefcdab89UL;
+        c->h2 = 0x98badcfeUL;
+        c->h3 = 0x10325476UL;
+        c->h4 = 0xc3d2e1f0UL;
+        return 1;
+}
+#define K_00_19 0x5a827999UL
+#define K_20_39 0x6ed9eba1UL
+#define K_40_59 0x8f1bbcdcUL
+#define K_60_79 0xca62c1d6UL
+/* As  pointed out by Wei Dai <weidai@eskimo.com>, F() below can be
+ * simplified to the code in F_00_19.  Wei attributes these optimisations
+ * to Peter Gutmann's SHS code, and he attributes it to Rich Schroeppel.
+ * #define F(x,y,z) (((x) & (y))  |  ((~(x)) & (z)))
+ * I've just become aware of another tweak to be made, again from Wei Dai,
+ * in F_40_59, (x&a)|(y&a) -> (x|y)&a
+ */
+#define F_00_19(b, c, d)        ((((c) ^ (d)) & (b)) ^ (d))
+#define F_20_39(b, c, d)        ((b) ^ (c) ^ (d))
+#define F_40_59(b, c, d)        (((b) & (c)) | (((b)|(c)) & (d)))
+#define F_60_79(b, c, d)        F_20_39(b, c, d)
+#ifndef OPENSSL_SMALL_FOOTPRINT
+#define BODY_00_15(i, a, b, c, d, e, f, xi) \
+        (f)=xi+(e)+K_00_19+ROTATE((a),5)+F_00_19((b),(c),(d)); \
+        (b)=ROTATE((b),30);
+#define BODY_16_19(i, a, b, c, d, e, f, xi, xa, xb, xc, xd) \
+        Xupdate(f, xi, xa, xb, xc, xd); \
+        (f)+=(e)+K_00_19+ROTATE((a),5)+F_00_19((b),(c),(d)); \
+        (b)=ROTATE((b),30);
+#define BODY_20_31(i, a, b, c, d, e, f, xi, xa, xb, xc, xd) \
+        Xupdate(f, xi, xa, xb, xc, xd); \
+        (f)+=(e)+K_20_39+ROTATE((a),5)+F_20_39((b),(c),(d)); \
+        (b)=ROTATE((b),30);
+#define BODY_32_39(i, a, b, c, d, e, f, xa, xb, xc, xd) \
+        Xupdate(f, xa, xa, xb, xc, xd); \
+        (f)+=(e)+K_20_39+ROTATE((a),5)+F_20_39((b),(c),(d)); \
+        (b)=ROTATE((b),30);
+#define BODY_40_59(i, a, b, c, d, e, f, xa, xb, xc, xd) \
+        Xupdate(f, xa, xa, xb, xc, xd); \
+        (f)+=(e)+K_40_59+ROTATE((a),5)+F_40_59((b),(c),(d)); \
+        (b)=ROTATE((b),30);
+#define BODY_60_79(i, a, b, c, d, e, f, xa, xb, xc, xd) \
+        Xupdate(f, xa, xa, xb, xc, xd); \
+        (f)=xa+(e)+K_60_79+ROTATE((a),5)+F_60_79((b),(c),(d)); \
+        (b)=ROTATE((b),30);
+#if !defined(SHA1_ASM)
+#include <endian.h>
+static void
+sha1_block_data_order(SHA_CTX *c, const void *p, size_t num)
+{
+        const unsigned char *data = p;
+        unsigned MD32_REG_T A, B, C, D, E, T, l;
+        unsigned MD32_REG_T X0, X1, X2, X3, X4, X5, X6, X7,
+            X8, X9, X10, X11, X12, X13, X14, X15;
+        A = c->h0;
+        B = c->h1;
+        C = c->h2;
+        D = c->h3;
+        E = c->h4;
+        for (;;) {
+                if (BYTE_ORDER != LITTLE_ENDIAN &&
+                    sizeof(SHA_LONG) == 4 && ((size_t)p % 4) == 0) {
+                        const SHA_LONG *W = (const SHA_LONG *)data;
+                        X0 = W[0];
+                        X1 = W[1];
+                        BODY_00_15( 0, A, B, C, D, E, T, X0);
+                        X2 = W[2];
+                        BODY_00_15( 1, T, A, B, C, D, E, X1);
+                        X3 = W[3];
+                        BODY_00_15( 2, E, T, A, B, C, D, X2);
+                        X4 = W[4];
+                        BODY_00_15( 3, D, E, T, A, B, C, X3);
+                        X5 = W[5];
+                        BODY_00_15( 4, C, D, E, T, A, B, X4);
+                        X6 = W[6];
+                        BODY_00_15( 5, B, C, D, E, T, A, X5);
+                        X7 = W[7];
+                        BODY_00_15( 6, A, B, C, D, E, T, X6);
+                        X8 = W[8];
+                        BODY_00_15( 7, T, A, B, C, D, E, X7);
+                        X9 = W[9];
+                        BODY_00_15( 8, E, T, A, B, C, D, X8);
+                        X10 = W[10];
+                        BODY_00_15( 9, D, E, T, A, B, C, X9);
+                        X11 = W[11];
+                        BODY_00_15(10, C, D, E, T, A, B, X10);
+                        X12 = W[12];
+                        BODY_00_15(11, B, C, D, E, T, A, X11);
+                        X13 = W[13];
+                        BODY_00_15(12, A, B, C, D, E, T, X12);
+                        X14 = W[14];
+                        BODY_00_15(13, T, A, B, C, D, E, X13);
+                        X15 = W[15];
+                        BODY_00_15(14, E, T, A, B, C, D, X14);
+                        BODY_00_15(15, D, E, T, A, B, C, X15);
+                        data += SHA_CBLOCK;
+                } else {
+                        HOST_c2l(data, l);
+                        X0 = l;
+                        HOST_c2l(data, l);
+                        X1 = l;
+                        BODY_00_15( 0, A, B, C, D, E, T, X0);
+                        HOST_c2l(data, l);
+                        X2 = l;
+                        BODY_00_15( 1, T, A, B, C, D, E, X1);
+                        HOST_c2l(data, l);
+                        X3 = l;
+                        BODY_00_15( 2, E, T, A, B, C, D, X2);
+                        HOST_c2l(data, l);
+                        X4 = l;
+                        BODY_00_15( 3, D, E, T, A, B, C, X3);
+                        HOST_c2l(data, l);
+                        X5 = l;
+                        BODY_00_15( 4, C, D, E, T, A, B, X4);
+                        HOST_c2l(data, l);
+                        X6 = l;
+                        BODY_00_15( 5, B, C, D, E, T, A, X5);
+                        HOST_c2l(data, l);
+                        X7 = l;
+                        BODY_00_15( 6, A, B, C, D, E, T, X6);
+                        HOST_c2l(data, l);
+                        X8 = l;
+                        BODY_00_15( 7, T, A, B, C, D, E, X7);
+                        HOST_c2l(data, l);
+                        X9 = l;
+                        BODY_00_15( 8, E, T, A, B, C, D, X8);
+                        HOST_c2l(data, l);
+                        X10 = l;
+                        BODY_00_15( 9, D, E, T, A, B, C, X9);
+                        HOST_c2l(data, l);
+                        X11 = l;
+                        BODY_00_15(10, C, D, E, T, A, B, X10);
+                        HOST_c2l(data, l);
+                        X12 = l;
+                        BODY_00_15(11, B, C, D, E, T, A, X11);
+                        HOST_c2l(data, l);
+                        X13 = l;
+                        BODY_00_15(12, A, B, C, D, E, T, X12);
+                        HOST_c2l(data, l);
+                        X14 = l;
+                        BODY_00_15(13, T, A, B, C, D, E, X13);
+                        HOST_c2l(data, l);
+                        X15 = l;
+                        BODY_00_15(14, E, T, A, B, C, D, X14);
+                        BODY_00_15(15, D, E, T, A, B, C, X15);
+                }
+                BODY_16_19(16, C, D, E, T, A, B, X0, X0, X2, X8, X13);
+                BODY_16_19(17, B, C, D, E, T, A, X1, X1, X3, X9, X14);
+                BODY_16_19(18, A, B, C, D, E, T, X2, X2, X4, X10, X15);
+                BODY_16_19(19, T, A, B, C, D, E, X3, X3, X5, X11, X0);
+                BODY_20_31(20, E, T, A, B, C, D, X4, X4, X6, X12, X1);
+                BODY_20_31(21, D, E, T, A, B, C, X5, X5, X7, X13, X2);
+                BODY_20_31(22, C, D, E, T, A, B, X6, X6, X8, X14, X3);
+                BODY_20_31(23, B, C, D, E, T, A, X7, X7, X9, X15, X4);
+                BODY_20_31(24, A, B, C, D, E, T, X8, X8, X10, X0, X5);
+                BODY_20_31(25, T, A, B, C, D, E, X9, X9, X11, X1, X6);
+                BODY_20_31(26, E, T, A, B, C, D, X10, X10, X12, X2, X7);
+                BODY_20_31(27, D, E, T, A, B, C, X11, X11, X13, X3, X8);
+                BODY_20_31(28, C, D, E, T, A, B, X12, X12, X14, X4, X9);
+                BODY_20_31(29, B, C, D, E, T, A, X13, X13, X15, X5, X10);
+                BODY_20_31(30, A, B, C, D, E, T, X14, X14, X0, X6, X11);
+                BODY_20_31(31, T, A, B, C, D, E, X15, X15, X1, X7, X12);
+                BODY_32_39(32, E, T, A, B, C, D, X0, X2, X8, X13);
+                BODY_32_39(33, D, E, T, A, B, C, X1, X3, X9, X14);
+                BODY_32_39(34, C, D, E, T, A, B, X2, X4, X10, X15);
+                BODY_32_39(35, B, C, D, E, T, A, X3, X5, X11, X0);
+                BODY_32_39(36, A, B, C, D, E, T, X4, X6, X12, X1);
+                BODY_32_39(37, T, A, B, C, D, E, X5, X7, X13, X2);
+                BODY_32_39(38, E, T, A, B, C, D, X6, X8, X14, X3);
+                BODY_32_39(39, D, E, T, A, B, C, X7, X9, X15, X4);
+                BODY_40_59(40, C, D, E, T, A, B, X8, X10, X0, X5);
+                BODY_40_59(41, B, C, D, E, T, A, X9, X11, X1, X6);
+                BODY_40_59(42, A, B, C, D, E, T, X10, X12, X2, X7);
+                BODY_40_59(43, T, A, B, C, D, E, X11, X13, X3, X8);
+                BODY_40_59(44, E, T, A, B, C, D, X12, X14, X4, X9);
+                BODY_40_59(45, D, E, T, A, B, C, X13, X15, X5, X10);
+                BODY_40_59(46, C, D, E, T, A, B, X14, X0, X6, X11);
+                BODY_40_59(47, B, C, D, E, T, A, X15, X1, X7, X12);
+                BODY_40_59(48, A, B, C, D, E, T, X0, X2, X8, X13);
+                BODY_40_59(49, T, A, B, C, D, E, X1, X3, X9, X14);
+                BODY_40_59(50, E, T, A, B, C, D, X2, X4, X10, X15);
+                BODY_40_59(51, D, E, T, A, B, C, X3, X5, X11, X0);
+                BODY_40_59(52, C, D, E, T, A, B, X4, X6, X12, X1);
+                BODY_40_59(53, B, C, D, E, T, A, X5, X7, X13, X2);
+                BODY_40_59(54, A, B, C, D, E, T, X6, X8, X14, X3);
+                BODY_40_59(55, T, A, B, C, D, E, X7, X9, X15, X4);
+                BODY_40_59(56, E, T, A, B, C, D, X8, X10, X0, X5);
+                BODY_40_59(57, D, E, T, A, B, C, X9, X11, X1, X6);
+                BODY_40_59(58, C, D, E, T, A, B, X10, X12, X2, X7);
+                BODY_40_59(59, B, C, D, E, T, A, X11, X13, X3, X8);
+                BODY_60_79(60, A, B, C, D, E, T, X12, X14, X4, X9);
+                BODY_60_79(61, T, A, B, C, D, E, X13, X15, X5, X10);
+                BODY_60_79(62, E, T, A, B, C, D, X14, X0, X6, X11);
+                BODY_60_79(63, D, E, T, A, B, C, X15, X1, X7, X12);
+                BODY_60_79(64, C, D, E, T, A, B, X0, X2, X8, X13);
+                BODY_60_79(65, B, C, D, E, T, A, X1, X3, X9, X14);
+                BODY_60_79(66, A, B, C, D, E, T, X2, X4, X10, X15);
+                BODY_60_79(67, T, A, B, C, D, E, X3, X5, X11, X0);
+                BODY_60_79(68, E, T, A, B, C, D, X4, X6, X12, X1);
+                BODY_60_79(69, D, E, T, A, B, C, X5, X7, X13, X2);
+                BODY_60_79(70, C, D, E, T, A, B, X6, X8, X14, X3);
+                BODY_60_79(71, B, C, D, E, T, A, X7, X9, X15, X4);
+                BODY_60_79(72, A, B, C, D, E, T, X8, X10, X0, X5);
+                BODY_60_79(73, T, A, B, C, D, E, X9, X11, X1, X6);
+                BODY_60_79(74, E, T, A, B, C, D, X10, X12, X2, X7);
+                BODY_60_79(75, D, E, T, A, B, C, X11, X13, X3, X8);
+                BODY_60_79(76, C, D, E, T, A, B, X12, X14, X4, X9);
+                BODY_60_79(77, B, C, D, E, T, A, X13, X15, X5, X10);
+                BODY_60_79(78, A, B, C, D, E, T, X14, X0, X6, X11);
+                BODY_60_79(79, T, A, B, C, D, E, X15, X1, X7, X12);
+                c->h0 = (c->h0 + E)&0xffffffffL;
+                c->h1 = (c->h1 + T)&0xffffffffL;
+                c->h2 = (c->h2 + A)&0xffffffffL;
+                c->h3 = (c->h3 + B)&0xffffffffL;
+                c->h4 = (c->h4 + C)&0xffffffffL;
+                if (--num == 0)
+                        break;
+                A = c->h0;
+                B = c->h1;
+                C = c->h2;
+                D = c->h3;
+                E = c->h4;
+        }
+}
+#endif
+#else   /* OPENSSL_SMALL_FOOTPRINT */
+#define BODY_00_15(xi)           do {   \
+        T=E+K_00_19+F_00_19(B, C, D);   \
+        E=D, D=C, C=ROTATE(B,30), B=A;  \
+        A=ROTATE(A,5)+T+xi;         } while(0)
+#define BODY_16_19(xa, xb, xc, xd)       do {   \
+        Xupdate(T, xa, xa, xb, xc, xd); \
+        T+=E+K_00_19+F_00_19(B, C, D);  \
+        E=D, D=C, C=ROTATE(B,30), B=A;  \
+        A=ROTATE(A,5)+T;            } while(0)
+#define BODY_20_39(xa, xb, xc, xd)       do {   \
+        Xupdate(T, xa, xa, xb, xc, xd); \
+        T+=E+K_20_39+F_20_39(B, C, D);  \
+        E=D, D=C, C=ROTATE(B,30), B=A;  \
+        A=ROTATE(A,5)+T;            } while(0)
+#define BODY_40_59(xa, xb, xc, xd)       do {   \
+        Xupdate(T, xa, xa, xb, xc, xd); \
+        T+=E+K_40_59+F_40_59(B, C, D);  \
+        E=D, D=C, C=ROTATE(B,30), B=A;  \
+        A=ROTATE(A,5)+T;            } while(0)
+#define BODY_60_79(xa, xb, xc, xd)       do {   \
+        Xupdate(T, xa, xa, xb, xc, xd); \
+        T=E+K_60_79+F_60_79(B, C, D);   \
+        E=D, D=C, C=ROTATE(B,30), B=A;  \
+        A=ROTATE(A,5)+T+xa;         } while(0)
+#if !defined(SHA1_ASM)
+static void
+sha1_block_data_order(SHA_CTX *c, const void *p, size_t num)
+{
+        const unsigned char *data = p;
+        unsigned MD32_REG_T A, B, C, D, E, T, l;
+        int i;
+        SHA_LONG        X[16];
+        A = c->h0;
+        B = c->h1;
+        C = c->h2;
+        D = c->h3;
+        E = c->h4;
+        for (;;) {
+                for (i = 0; i < 16; i++) {
+                        HOST_c2l(data, l);
+                        X[i] = l;
+                        BODY_00_15(X[i]);
+                }
+                for (i = 0; i < 4; i++) {
+                        BODY_16_19(X[i], X[i + 2], X[i + 8], X[(i + 13)&15]);
+                }
+                for (; i < 24; i++) {
+                        BODY_20_39(X[i&15], X[(i + 2)&15], X[(i + 8)&15], X[(i + 13)&15]);
+                }
+                for (i = 0; i < 20; i++) {
+                        BODY_40_59(X[(i + 8)&15], X[(i + 10)&15], X[i&15], X[(i + 5)&15]);
+                }
+                for (i = 4; i < 24; i++) {
+                        BODY_60_79(X[(i + 8)&15], X[(i + 10)&15], X[i&15], X[(i + 5)&15]);
+                }
+                c->h0 = (c->h0 + A)&0xffffffffL;
+                c->h1 = (c->h1 + B)&0xffffffffL;
+                c->h2 = (c->h2 + C)&0xffffffffL;
+                c->h3 = (c->h3 + D)&0xffffffffL;
+                c->h4 = (c->h4 + E)&0xffffffffL;
+                if (--num == 0)
+                        break;
+                A = c->h0;
+                B = c->h1;
+                C = c->h2;
+                D = c->h3;
+                E = c->h4;
+        }
+}
+#endif
+#endif
+unsigned char *
+SHA1(const unsigned char *d, size_t n, unsigned char *md)
+{
+        SHA_CTX c;
+        static unsigned char m[SHA_DIGEST_LENGTH];
+        if (md == NULL)
+                md = m;
+        if (!SHA1_Init(&c))
+                return NULL;
+        SHA1_Update(&c, d, n);
+        SHA1_Final(md, &c);
+        explicit_bzero(&c, sizeof(c));
+        return (md);
+}
+#endif

diff --git a/src/lib/libcrypto/sha/sha1.c b/src/lib/libcrypto/sha/sha1.c new file mode 100644 index 0000000000..25c87e9bc3 --- /dev/null +++ b/src/lib/libcrypto/sha/sha1.c
@@ -0,0 +1,460 @@
	1	/* $OpenBSD: sha1.c,v 1.5 2023/04/11 10:39:50 jsing Exp $ */
	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
	3	* All rights reserved.
	4	*
	5	* This package is an SSL implementation written
	6	* by Eric Young (eay@cryptsoft.com).
	7	* The implementation was written so as to conform with Netscapes SSL.
	8	*
	9	* This library is free for commercial and non-commercial use as long as
	10	* the following conditions are aheared to. The following conditions
	11	* apply to all code found in this distribution, be it the RC4, RSA,
	12	* lhash, DES, etc., code; not just the SSL code. The SSL documentation
	13	* included with this distribution is covered by the same copyright terms
	14	* except that the holder is Tim Hudson (tjh@cryptsoft.com).
	15	*
	16	* Copyright remains Eric Young's, and as such any Copyright notices in
	17	* the code are not to be removed.
	18	* If this package is used in a product, Eric Young should be given attribution
	19	* as the author of the parts of the library used.
	20	* This can be in the form of a textual message at program startup or
	21	* in documentation (online or textual) provided with the package.
	22	*
	23	* Redistribution and use in source and binary forms, with or without
	24	* modification, are permitted provided that the following conditions
	25	* are met:
	26	* 1. Redistributions of source code must retain the copyright
	27	* notice, this list of conditions and the following disclaimer.
	28	* 2. Redistributions in binary form must reproduce the above copyright
	29	* notice, this list of conditions and the following disclaimer in the
	30	* documentation and/or other materials provided with the distribution.
	31	* 3. All advertising materials mentioning features or use of this software
	32	* must display the following acknowledgement:
	33	* "This product includes cryptographic software written by
	34	* Eric Young (eay@cryptsoft.com)"
	35	* The word 'cryptographic' can be left out if the rouines from the library
	36	* being used are not cryptographic related :-).
	37	* 4. If you include any Windows specific code (or a derivative thereof) from
	38	* the apps directory (application code) you must include an acknowledgement:
	39	* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
	40	*
	41	* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
	42	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	43	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
	44	* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
	45	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
	46	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
	47	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	48	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
	49	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
	50	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
	51	* SUCH DAMAGE.
	52	*
	53	* The licence and distribution terms for any publically available version or
	54	* derivative of this code cannot be changed. i.e. this code cannot simply be
	55	* copied and put under another distribution licence
	56	* [including the GNU Public Licence.]
	57	*/
	58
	59	#include <stdlib.h>
	60	#include <string.h>
	61
	62	#include <openssl/opensslconf.h>
	63
	64	#include <openssl/crypto.h>
	65	#include <openssl/sha.h>
	66
	67	#if !defined(OPENSSL_NO_SHA1) && !defined(OPENSSL_NO_SHA)
	68
	69	#define DATA_ORDER_IS_BIG_ENDIAN
	70
	71	#define HASH_LONG SHA_LONG
	72	#define HASH_CTX SHA_CTX
	73	#define HASH_CBLOCK SHA_CBLOCK
	74	#define HASH_MAKE_STRING(c, s) do { \
	75	unsigned long ll; \
	76	ll=(c)->h0; HOST_l2c(ll,(s)); \
	77	ll=(c)->h1; HOST_l2c(ll,(s)); \
	78	ll=(c)->h2; HOST_l2c(ll,(s)); \
	79	ll=(c)->h3; HOST_l2c(ll,(s)); \
	80	ll=(c)->h4; HOST_l2c(ll,(s)); \
	81	} while (0)
	82
	83	#define HASH_UPDATE SHA1_Update
	84	#define HASH_TRANSFORM SHA1_Transform
	85	#define HASH_FINAL SHA1_Final
	86	#define HASH_INIT SHA1_Init
	87	#define HASH_BLOCK_DATA_ORDER sha1_block_data_order
	88	#define Xupdate(a, ix, ia, ib, ic, id) ( (a)=(ia^ib^ic^id), \
	89	ix=(a)=ROTATE((a),1) \
	90	)
	91
	92	#ifndef SHA1_ASM
	93	static
	94	#endif
	95	void sha1_block_data_order(SHA_CTX c, const void p, size_t num);
	96
	97	#include "md32_common.h"
	98
	99	int
	100	SHA1_Init(SHA_CTX *c)
	101	{
	102	memset(c, 0, sizeof(*c));
	103
	104	c->h0 = 0x67452301UL;
	105	c->h1 = 0xefcdab89UL;
	106	c->h2 = 0x98badcfeUL;
	107	c->h3 = 0x10325476UL;
	108	c->h4 = 0xc3d2e1f0UL;
	109
	110	return 1;
	111	}
	112
	113	#define K_00_19 0x5a827999UL
	114	#define K_20_39 0x6ed9eba1UL
	115	#define K_40_59 0x8f1bbcdcUL
	116	#define K_60_79 0xca62c1d6UL
	117
	118	/* As pointed out by Wei Dai <weidai@eskimo.com>, F() below can be
	119	* simplified to the code in F_00_19. Wei attributes these optimisations
	120	* to Peter Gutmann's SHS code, and he attributes it to Rich Schroeppel.
	121	* #define F(x,y,z) (((x) & (y)) \| ((~(x)) & (z)))
	122	* I've just become aware of another tweak to be made, again from Wei Dai,
	123	* in F_40_59, (x&a)\|(y&a) -> (x\|y)&a
	124	*/
	125	#define F_00_19(b, c, d) ((((c) ^ (d)) & (b)) ^ (d))
	126	#define F_20_39(b, c, d) ((b) ^ (c) ^ (d))
	127	#define F_40_59(b, c, d) (((b) & (c)) \| (((b)\|(c)) & (d)))
	128	#define F_60_79(b, c, d) F_20_39(b, c, d)
	129
	130	#ifndef OPENSSL_SMALL_FOOTPRINT
	131
	132	#define BODY_00_15(i, a, b, c, d, e, f, xi) \
	133	(f)=xi+(e)+K_00_19+ROTATE((a),5)+F_00_19((b),(c),(d)); \
	134	(b)=ROTATE((b),30);
	135
	136	#define BODY_16_19(i, a, b, c, d, e, f, xi, xa, xb, xc, xd) \
	137	Xupdate(f, xi, xa, xb, xc, xd); \
	138	(f)+=(e)+K_00_19+ROTATE((a),5)+F_00_19((b),(c),(d)); \
	139	(b)=ROTATE((b),30);
	140
	141	#define BODY_20_31(i, a, b, c, d, e, f, xi, xa, xb, xc, xd) \
	142	Xupdate(f, xi, xa, xb, xc, xd); \
	143	(f)+=(e)+K_20_39+ROTATE((a),5)+F_20_39((b),(c),(d)); \
	144	(b)=ROTATE((b),30);
	145
	146	#define BODY_32_39(i, a, b, c, d, e, f, xa, xb, xc, xd) \
	147	Xupdate(f, xa, xa, xb, xc, xd); \
	148	(f)+=(e)+K_20_39+ROTATE((a),5)+F_20_39((b),(c),(d)); \
	149	(b)=ROTATE((b),30);
	150
	151	#define BODY_40_59(i, a, b, c, d, e, f, xa, xb, xc, xd) \
	152	Xupdate(f, xa, xa, xb, xc, xd); \
	153	(f)+=(e)+K_40_59+ROTATE((a),5)+F_40_59((b),(c),(d)); \
	154	(b)=ROTATE((b),30);
	155
	156	#define BODY_60_79(i, a, b, c, d, e, f, xa, xb, xc, xd) \
	157	Xupdate(f, xa, xa, xb, xc, xd); \
	158	(f)=xa+(e)+K_60_79+ROTATE((a),5)+F_60_79((b),(c),(d)); \
	159	(b)=ROTATE((b),30);
	160
	161	#if !defined(SHA1_ASM)
	162	#include <endian.h>
	163	static void
	164	sha1_block_data_order(SHA_CTX c, const void p, size_t num)
	165	{
	166	const unsigned char *data = p;
	167	unsigned MD32_REG_T A, B, C, D, E, T, l;
	168	unsigned MD32_REG_T X0, X1, X2, X3, X4, X5, X6, X7,
	169	X8, X9, X10, X11, X12, X13, X14, X15;
	170
	171	A = c->h0;
	172	B = c->h1;
	173	C = c->h2;
	174	D = c->h3;
	175	E = c->h4;
	176
	177	for (;;) {
	178
	179	if (BYTE_ORDER != LITTLE_ENDIAN &&
	180	sizeof(SHA_LONG) == 4 && ((size_t)p % 4) == 0) {
	181	const SHA_LONG W = (const SHA_LONG )data;
	182
	183	X0 = W[0];
	184	X1 = W[1];
	185	BODY_00_15( 0, A, B, C, D, E, T, X0);
	186	X2 = W[2];
	187	BODY_00_15( 1, T, A, B, C, D, E, X1);
	188	X3 = W[3];
	189	BODY_00_15( 2, E, T, A, B, C, D, X2);
	190	X4 = W[4];
	191	BODY_00_15( 3, D, E, T, A, B, C, X3);
	192	X5 = W[5];
	193	BODY_00_15( 4, C, D, E, T, A, B, X4);
	194	X6 = W[6];
	195	BODY_00_15( 5, B, C, D, E, T, A, X5);
	196	X7 = W[7];
	197	BODY_00_15( 6, A, B, C, D, E, T, X6);
	198	X8 = W[8];
	199	BODY_00_15( 7, T, A, B, C, D, E, X7);
	200	X9 = W[9];
	201	BODY_00_15( 8, E, T, A, B, C, D, X8);
	202	X10 = W[10];
	203	BODY_00_15( 9, D, E, T, A, B, C, X9);
	204	X11 = W[11];
	205	BODY_00_15(10, C, D, E, T, A, B, X10);
	206	X12 = W[12];
	207	BODY_00_15(11, B, C, D, E, T, A, X11);
	208	X13 = W[13];
	209	BODY_00_15(12, A, B, C, D, E, T, X12);
	210	X14 = W[14];
	211	BODY_00_15(13, T, A, B, C, D, E, X13);
	212	X15 = W[15];
	213	BODY_00_15(14, E, T, A, B, C, D, X14);
	214	BODY_00_15(15, D, E, T, A, B, C, X15);
	215
	216	data += SHA_CBLOCK;
	217	} else {
	218	HOST_c2l(data, l);
	219	X0 = l;
	220	HOST_c2l(data, l);
	221	X1 = l;
	222	BODY_00_15( 0, A, B, C, D, E, T, X0);
	223	HOST_c2l(data, l);
	224	X2 = l;
	225	BODY_00_15( 1, T, A, B, C, D, E, X1);
	226	HOST_c2l(data, l);
	227	X3 = l;
	228	BODY_00_15( 2, E, T, A, B, C, D, X2);
	229	HOST_c2l(data, l);
	230	X4 = l;
	231	BODY_00_15( 3, D, E, T, A, B, C, X3);
	232	HOST_c2l(data, l);
	233	X5 = l;
	234	BODY_00_15( 4, C, D, E, T, A, B, X4);
	235	HOST_c2l(data, l);
	236	X6 = l;
	237	BODY_00_15( 5, B, C, D, E, T, A, X5);
	238	HOST_c2l(data, l);
	239	X7 = l;
	240	BODY_00_15( 6, A, B, C, D, E, T, X6);
	241	HOST_c2l(data, l);
	242	X8 = l;
	243	BODY_00_15( 7, T, A, B, C, D, E, X7);
	244	HOST_c2l(data, l);
	245	X9 = l;
	246	BODY_00_15( 8, E, T, A, B, C, D, X8);
	247	HOST_c2l(data, l);
	248	X10 = l;
	249	BODY_00_15( 9, D, E, T, A, B, C, X9);
	250	HOST_c2l(data, l);
	251	X11 = l;
	252	BODY_00_15(10, C, D, E, T, A, B, X10);
	253	HOST_c2l(data, l);
	254	X12 = l;
	255	BODY_00_15(11, B, C, D, E, T, A, X11);
	256	HOST_c2l(data, l);
	257	X13 = l;
	258	BODY_00_15(12, A, B, C, D, E, T, X12);
	259	HOST_c2l(data, l);
	260	X14 = l;
	261	BODY_00_15(13, T, A, B, C, D, E, X13);
	262	HOST_c2l(data, l);
	263	X15 = l;
	264	BODY_00_15(14, E, T, A, B, C, D, X14);
	265	BODY_00_15(15, D, E, T, A, B, C, X15);
	266	}
	267
	268	BODY_16_19(16, C, D, E, T, A, B, X0, X0, X2, X8, X13);
	269	BODY_16_19(17, B, C, D, E, T, A, X1, X1, X3, X9, X14);
	270	BODY_16_19(18, A, B, C, D, E, T, X2, X2, X4, X10, X15);
	271	BODY_16_19(19, T, A, B, C, D, E, X3, X3, X5, X11, X0);
	272
	273	BODY_20_31(20, E, T, A, B, C, D, X4, X4, X6, X12, X1);
	274	BODY_20_31(21, D, E, T, A, B, C, X5, X5, X7, X13, X2);
	275	BODY_20_31(22, C, D, E, T, A, B, X6, X6, X8, X14, X3);
	276	BODY_20_31(23, B, C, D, E, T, A, X7, X7, X9, X15, X4);
	277	BODY_20_31(24, A, B, C, D, E, T, X8, X8, X10, X0, X5);
	278	BODY_20_31(25, T, A, B, C, D, E, X9, X9, X11, X1, X6);
	279	BODY_20_31(26, E, T, A, B, C, D, X10, X10, X12, X2, X7);
	280	BODY_20_31(27, D, E, T, A, B, C, X11, X11, X13, X3, X8);
	281	BODY_20_31(28, C, D, E, T, A, B, X12, X12, X14, X4, X9);
	282	BODY_20_31(29, B, C, D, E, T, A, X13, X13, X15, X5, X10);
	283	BODY_20_31(30, A, B, C, D, E, T, X14, X14, X0, X6, X11);
	284	BODY_20_31(31, T, A, B, C, D, E, X15, X15, X1, X7, X12);
	285
	286	BODY_32_39(32, E, T, A, B, C, D, X0, X2, X8, X13);
	287	BODY_32_39(33, D, E, T, A, B, C, X1, X3, X9, X14);
	288	BODY_32_39(34, C, D, E, T, A, B, X2, X4, X10, X15);
	289	BODY_32_39(35, B, C, D, E, T, A, X3, X5, X11, X0);
	290	BODY_32_39(36, A, B, C, D, E, T, X4, X6, X12, X1);
	291	BODY_32_39(37, T, A, B, C, D, E, X5, X7, X13, X2);
	292	BODY_32_39(38, E, T, A, B, C, D, X6, X8, X14, X3);
	293	BODY_32_39(39, D, E, T, A, B, C, X7, X9, X15, X4);
	294
	295	BODY_40_59(40, C, D, E, T, A, B, X8, X10, X0, X5);
	296	BODY_40_59(41, B, C, D, E, T, A, X9, X11, X1, X6);
	297	BODY_40_59(42, A, B, C, D, E, T, X10, X12, X2, X7);
	298	BODY_40_59(43, T, A, B, C, D, E, X11, X13, X3, X8);
	299	BODY_40_59(44, E, T, A, B, C, D, X12, X14, X4, X9);
	300	BODY_40_59(45, D, E, T, A, B, C, X13, X15, X5, X10);
	301	BODY_40_59(46, C, D, E, T, A, B, X14, X0, X6, X11);
	302	BODY_40_59(47, B, C, D, E, T, A, X15, X1, X7, X12);
	303	BODY_40_59(48, A, B, C, D, E, T, X0, X2, X8, X13);
	304	BODY_40_59(49, T, A, B, C, D, E, X1, X3, X9, X14);
	305	BODY_40_59(50, E, T, A, B, C, D, X2, X4, X10, X15);
	306	BODY_40_59(51, D, E, T, A, B, C, X3, X5, X11, X0);
	307	BODY_40_59(52, C, D, E, T, A, B, X4, X6, X12, X1);
	308	BODY_40_59(53, B, C, D, E, T, A, X5, X7, X13, X2);
	309	BODY_40_59(54, A, B, C, D, E, T, X6, X8, X14, X3);
	310	BODY_40_59(55, T, A, B, C, D, E, X7, X9, X15, X4);
	311	BODY_40_59(56, E, T, A, B, C, D, X8, X10, X0, X5);
	312	BODY_40_59(57, D, E, T, A, B, C, X9, X11, X1, X6);
	313	BODY_40_59(58, C, D, E, T, A, B, X10, X12, X2, X7);
	314	BODY_40_59(59, B, C, D, E, T, A, X11, X13, X3, X8);
	315
	316	BODY_60_79(60, A, B, C, D, E, T, X12, X14, X4, X9);
	317	BODY_60_79(61, T, A, B, C, D, E, X13, X15, X5, X10);
	318	BODY_60_79(62, E, T, A, B, C, D, X14, X0, X6, X11);
	319	BODY_60_79(63, D, E, T, A, B, C, X15, X1, X7, X12);
	320	BODY_60_79(64, C, D, E, T, A, B, X0, X2, X8, X13);
	321	BODY_60_79(65, B, C, D, E, T, A, X1, X3, X9, X14);
	322	BODY_60_79(66, A, B, C, D, E, T, X2, X4, X10, X15);
	323	BODY_60_79(67, T, A, B, C, D, E, X3, X5, X11, X0);
	324	BODY_60_79(68, E, T, A, B, C, D, X4, X6, X12, X1);
	325	BODY_60_79(69, D, E, T, A, B, C, X5, X7, X13, X2);
	326	BODY_60_79(70, C, D, E, T, A, B, X6, X8, X14, X3);
	327	BODY_60_79(71, B, C, D, E, T, A, X7, X9, X15, X4);
	328	BODY_60_79(72, A, B, C, D, E, T, X8, X10, X0, X5);
	329	BODY_60_79(73, T, A, B, C, D, E, X9, X11, X1, X6);
	330	BODY_60_79(74, E, T, A, B, C, D, X10, X12, X2, X7);
	331	BODY_60_79(75, D, E, T, A, B, C, X11, X13, X3, X8);
	332	BODY_60_79(76, C, D, E, T, A, B, X12, X14, X4, X9);
	333	BODY_60_79(77, B, C, D, E, T, A, X13, X15, X5, X10);
	334	BODY_60_79(78, A, B, C, D, E, T, X14, X0, X6, X11);
	335	BODY_60_79(79, T, A, B, C, D, E, X15, X1, X7, X12);
	336
	337	c->h0 = (c->h0 + E)&0xffffffffL;
	338	c->h1 = (c->h1 + T)&0xffffffffL;
	339	c->h2 = (c->h2 + A)&0xffffffffL;
	340	c->h3 = (c->h3 + B)&0xffffffffL;
	341	c->h4 = (c->h4 + C)&0xffffffffL;
	342
	343	if (--num == 0)
	344	break;
	345
	346	A = c->h0;
	347	B = c->h1;
	348	C = c->h2;
	349	D = c->h3;
	350	E = c->h4;
	351
	352	}
	353	}
	354	#endif
	355
	356	#else /* OPENSSL_SMALL_FOOTPRINT */
	357
	358	#define BODY_00_15(xi) do { \
	359	T=E+K_00_19+F_00_19(B, C, D); \
	360	E=D, D=C, C=ROTATE(B,30), B=A; \
	361	A=ROTATE(A,5)+T+xi; } while(0)
	362
	363	#define BODY_16_19(xa, xb, xc, xd) do { \
	364	Xupdate(T, xa, xa, xb, xc, xd); \
	365	T+=E+K_00_19+F_00_19(B, C, D); \
	366	E=D, D=C, C=ROTATE(B,30), B=A; \
	367	A=ROTATE(A,5)+T; } while(0)
	368
	369	#define BODY_20_39(xa, xb, xc, xd) do { \
	370	Xupdate(T, xa, xa, xb, xc, xd); \
	371	T+=E+K_20_39+F_20_39(B, C, D); \
	372	E=D, D=C, C=ROTATE(B,30), B=A; \
	373	A=ROTATE(A,5)+T; } while(0)
	374
	375	#define BODY_40_59(xa, xb, xc, xd) do { \
	376	Xupdate(T, xa, xa, xb, xc, xd); \
	377	T+=E+K_40_59+F_40_59(B, C, D); \
	378	E=D, D=C, C=ROTATE(B,30), B=A; \
	379	A=ROTATE(A,5)+T; } while(0)
	380
	381	#define BODY_60_79(xa, xb, xc, xd) do { \
	382	Xupdate(T, xa, xa, xb, xc, xd); \
	383	T=E+K_60_79+F_60_79(B, C, D); \
	384	E=D, D=C, C=ROTATE(B,30), B=A; \
	385	A=ROTATE(A,5)+T+xa; } while(0)
	386
	387	#if !defined(SHA1_ASM)
	388	static void
	389	sha1_block_data_order(SHA_CTX c, const void p, size_t num)
	390	{
	391	const unsigned char *data = p;
	392	unsigned MD32_REG_T A, B, C, D, E, T, l;
	393	int i;
	394	SHA_LONG X[16];
	395
	396	A = c->h0;
	397	B = c->h1;
	398	C = c->h2;
	399	D = c->h3;
	400	E = c->h4;
	401
	402	for (;;) {
	403	for (i = 0; i < 16; i++) {
	404	HOST_c2l(data, l);
	405	X[i] = l;
	406	BODY_00_15(X[i]);
	407	}
	408	for (i = 0; i < 4; i++) {
	409	BODY_16_19(X[i], X[i + 2], X[i + 8], X[(i + 13)&15]);
	410	}
	411	for (; i < 24; i++) {
	412	BODY_20_39(X[i&15], X[(i + 2)&15], X[(i + 8)&15], X[(i + 13)&15]);
	413	}
	414	for (i = 0; i < 20; i++) {
	415	BODY_40_59(X[(i + 8)&15], X[(i + 10)&15], X[i&15], X[(i + 5)&15]);
	416	}
	417	for (i = 4; i < 24; i++) {
	418	BODY_60_79(X[(i + 8)&15], X[(i + 10)&15], X[i&15], X[(i + 5)&15]);
	419	}
	420
	421	c->h0 = (c->h0 + A)&0xffffffffL;
	422	c->h1 = (c->h1 + B)&0xffffffffL;
	423	c->h2 = (c->h2 + C)&0xffffffffL;
	424	c->h3 = (c->h3 + D)&0xffffffffL;
	425	c->h4 = (c->h4 + E)&0xffffffffL;
	426
	427	if (--num == 0)
	428	break;
	429
	430	A = c->h0;
	431	B = c->h1;
	432	C = c->h2;
	433	D = c->h3;
	434	E = c->h4;
	435
	436	}
	437	}
	438	#endif
	439	#endif
	440
	441	unsigned char *
	442	SHA1(const unsigned char d, size_t n, unsigned char md)
	443	{
	444	SHA_CTX c;
	445	static unsigned char m[SHA_DIGEST_LENGTH];
	446
	447	if (md == NULL)
	448	md = m;
	449
	450	if (!SHA1_Init(&c))
	451	return NULL;
	452	SHA1_Update(&c, d, n);
	453	SHA1_Final(md, &c);
	454
	455	explicit_bzero(&c, sizeof(c));
	456
	457	return (md);
	458	}
	459
	460	#endif