1 files changed, 227 insertions, 3 deletions
diff --git a/src/lib/libcrypto/whrlpool/wp_block.c b/src/lib/libcrypto/whrlpool/whirlpool.c
index ad814a3463..217c5a919b 100644
--- a/src/lib/libcrypto/whrlpool/wp_block.c
+++ b/src/lib/libcrypto/whrlpool/whirlpool.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: wp_block.c,v 1.15 2022/11/26 16:08:54 tb Exp $ */
+/* $OpenBSD: whirlpool.c,v 1.1 2024/03/29 02:41:49 jsing Exp $ */
 /**
 * The Whirlpool hashing function.
 *
@@ -36,11 +36,27 @@
 *
 */
+/*
+ * OpenSSL-specific implementation notes.
+ *
+ * WHIRLPOOL_Update as well as one-stroke WHIRLPOOL both expect
+ * number of *bytes* as input length argument. Bit-oriented routine
+ * as specified by authors is called WHIRLPOOL_BitUpdate[!] and
+ * does not have one-stroke counterpart.
+ *
+ * WHIRLPOOL_BitUpdate implements byte-oriented loop, essentially
+ * to serve WHIRLPOOL_Update. This is done for performance.
+ *
+ * Unlike authors' reference implementation, block processing
+ * routine whirlpool_block is designed to operate on multi-block
+ * input. This is done for performance.
+ */
 #include <endian.h>
 #include <string.h>
-#include <openssl/crypto.h>
-#include "wp_local.h"
+#include <openssl/crypto.h>
+#include <openssl/whrlpool.h>
 typedef unsigned char           u8;
 #if defined(_LP64)
@@ -627,3 +643,211 @@ void whirlpool_block(WHIRLPOOL_CTX *ctx,const void *inp,size_t n)
                                                        p += 64;
                                                        } while(--n);
        }
+int
+WHIRLPOOL_Init(WHIRLPOOL_CTX *c)
+{
+        memset (c, 0, sizeof(*c));
+        return (1);
+}
+int
+WHIRLPOOL_Update(WHIRLPOOL_CTX *c, const void *_inp, size_t bytes)
+{
+        /* Well, largest suitable chunk size actually is
+         * (1<<(sizeof(size_t)*8-3))-64, but below number
+         * is large enough for not to care about excessive
+         * calls to WHIRLPOOL_BitUpdate... */
+        size_t chunk = ((size_t)1) << (sizeof(size_t)*8 - 4);
+        const unsigned char *inp = _inp;
+        while (bytes >= chunk) {
+                WHIRLPOOL_BitUpdate(c, inp, chunk*8);
+                bytes -= chunk;
+                inp += chunk;
+        }
+        if (bytes)
+                WHIRLPOOL_BitUpdate(c, inp, bytes*8);
+        return (1);
+}
+void
+WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c, const void *_inp, size_t bits)
+{
+        size_t          n;
+        unsigned int    bitoff = c->bitoff,
+            bitrem = bitoff % 8,
+            inpgap = (8 - (unsigned int)bits % 8)&7;
+        const unsigned char *inp = _inp;
+        /* This 256-bit increment procedure relies on the size_t
+         * being natural size of CPU register, so that we don't
+         * have to mask the value in order to detect overflows. */
+        c->bitlen[0] += bits;
+        if (c->bitlen[0] < bits)        /* overflow */
+        {
+                n = 1;
+                do {
+                        c->bitlen[n]++;
+                } while (c->bitlen[n]==0 &&
+                    ++n < (WHIRLPOOL_COUNTER/sizeof(size_t)));
+        }
+#ifndef OPENSSL_SMALL_FOOTPRINT
+reconsider:
+        if (inpgap==0 && bitrem==0)     /* byte-oriented loop */
+        {
+                while (bits) {
+                        if (bitoff == 0 && (n = bits/WHIRLPOOL_BBLOCK)) {
+                                whirlpool_block(c, inp, n);
+                                inp += n*WHIRLPOOL_BBLOCK/8;
+                                bits %= WHIRLPOOL_BBLOCK;
+                        } else {
+                                unsigned int byteoff = bitoff/8;
+                                bitrem = WHIRLPOOL_BBLOCK - bitoff;/* re-use bitrem */
+                                if (bits >= bitrem) {
+                                        bits -= bitrem;
+                                        bitrem /= 8;
+                                        memcpy(c->data + byteoff, inp, bitrem);
+                                        inp += bitrem;
+                                        whirlpool_block(c, c->data, 1);
+                                        bitoff = 0;
+                                } else {
+                                        memcpy(c->data + byteoff, inp, bits/8);
+                                        bitoff += (unsigned int)bits;
+                                        bits = 0;
+                                }
+                                c->bitoff = bitoff;
+                        }
+                }
+        }
+        else                            /* bit-oriented loop */
+#endif
+        {
+                /*
+                           inp
+                           |
+                           +-------+-------+-------
+                              |||||||||||||||||||||
+                           +-------+-------+-------
+                +-------+-------+-------+-------+-------
+                ||||||||||||||                          c->data
+                +-------+-------+-------+-------+-------
+                        |
+                        c->bitoff/8
+                */
+                while (bits) {
+                        unsigned int    byteoff = bitoff/8;
+                        unsigned char   b;
+#ifndef OPENSSL_SMALL_FOOTPRINT
+                        if (bitrem == inpgap) {
+                                c->data[byteoff++] |= inp[0] & (0xff >> inpgap);
+                                inpgap = 8 - inpgap;
+                                bitoff += inpgap;  bitrem = 0;  /* bitoff%8 */
+                                bits   -= inpgap;  inpgap = 0;  /* bits%8   */
+                                inp++;
+                                if (bitoff == WHIRLPOOL_BBLOCK) {
+                                        whirlpool_block(c, c->data, 1);
+                                        bitoff = 0;
+                                }
+                                c->bitoff = bitoff;
+                                goto reconsider;
+                        } else
+#endif
+                        if (bits >= 8) {
+                                b = ((inp[0]<<inpgap) | (inp[1]>>(8 - inpgap)));
+                                b &= 0xff;
+                                if (bitrem)
+                                        c->data[byteoff++] |= b >> bitrem;
+                                else
+                                        c->data[byteoff++] = b;
+                                bitoff += 8;
+                                bits -= 8;
+                                inp++;
+                                if (bitoff >= WHIRLPOOL_BBLOCK) {
+                                        whirlpool_block(c, c->data, 1);
+                                        byteoff = 0;
+                                        bitoff  %= WHIRLPOOL_BBLOCK;
+                                }
+                                if (bitrem)
+                                        c->data[byteoff] = b << (8 - bitrem);
+                        }
+                        else    /* remaining less than 8 bits */
+                        {
+                                b = (inp[0]<<inpgap)&0xff;
+                                if (bitrem)
+                                        c->data[byteoff++] |= b >> bitrem;
+                                else
+                                        c->data[byteoff++] = b;
+                                bitoff += (unsigned int)bits;
+                                if (bitoff == WHIRLPOOL_BBLOCK) {
+                                        whirlpool_block(c, c->data, 1);
+                                        byteoff = 0;
+                                        bitoff  %= WHIRLPOOL_BBLOCK;
+                                }
+                                if (bitrem)
+                                        c->data[byteoff] = b << (8 - bitrem);
+                                bits = 0;
+                        }
+                        c->bitoff = bitoff;
+                }
+        }
+}
+int
+WHIRLPOOL_Final(unsigned char *md, WHIRLPOOL_CTX *c)
+{
+        unsigned int    bitoff = c->bitoff,
+            byteoff = bitoff/8;
+        size_t          i, j, v;
+        unsigned char  *p;
+        bitoff %= 8;
+        if (bitoff)
+                c->data[byteoff] |= 0x80 >> bitoff;
+        else
+                c->data[byteoff] = 0x80;
+        byteoff++;
+        /* pad with zeros */
+        if (byteoff > (WHIRLPOOL_BBLOCK/8 - WHIRLPOOL_COUNTER)) {
+                if (byteoff < WHIRLPOOL_BBLOCK/8)
+                        memset(&c->data[byteoff], 0, WHIRLPOOL_BBLOCK/8 - byteoff);
+                whirlpool_block(c, c->data, 1);
+                byteoff = 0;
+        }
+        if (byteoff < (WHIRLPOOL_BBLOCK/8 - WHIRLPOOL_COUNTER))
+                memset(&c->data[byteoff], 0,
+                    (WHIRLPOOL_BBLOCK/8 - WHIRLPOOL_COUNTER) - byteoff);
+        /* smash 256-bit c->bitlen in big-endian order */
+        p = &c->data[WHIRLPOOL_BBLOCK/8-1];     /* last byte in c->data */
+        for (i = 0; i < WHIRLPOOL_COUNTER/sizeof(size_t); i++)
+                for (v = c->bitlen[i], j = 0; j < sizeof(size_t); j++, v >>= 8)
+                        *p-- = (unsigned char)(v&0xff);
+        whirlpool_block(c, c->data, 1);
+        if (md) {
+                memcpy(md, c->H.c, WHIRLPOOL_DIGEST_LENGTH);
+                memset(c, 0, sizeof(*c));
+                return (1);
+        }
+        return (0);
+}
+unsigned char *
+WHIRLPOOL(const void *inp, size_t bytes, unsigned char *md)
+{
+        WHIRLPOOL_CTX ctx;
+        static unsigned char m[WHIRLPOOL_DIGEST_LENGTH];
+        if (md == NULL)
+                md = m;
+        WHIRLPOOL_Init(&ctx);
+        WHIRLPOOL_Update(&ctx, inp, bytes);
+        WHIRLPOOL_Final(md, &ctx);
+        return (md);
+}

diff --git a/src/lib/libcrypto/whrlpool/wp_block.c b/src/lib/libcrypto/whrlpool/whirlpool.c index ad814a3463..217c5a919b 100644 --- a/src/lib/libcrypto/whrlpool/wp_block.c +++ b/src/lib/libcrypto/whrlpool/whirlpool.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: wp_block.c,v 1.15 2022/11/26 16:08:54 tb Exp $ */	1	/* $OpenBSD: whirlpool.c,v 1.1 2024/03/29 02:41:49 jsing Exp $ */
2	/**	2	/**
3	* The Whirlpool hashing function.	3	* The Whirlpool hashing function.
4	*	4	*
@@ -36,11 +36,27 @@
36	*	36	*
37	*/	37	*/
38		38
		39	/*
		40	* OpenSSL-specific implementation notes.
		41	*
		42	* WHIRLPOOL_Update as well as one-stroke WHIRLPOOL both expect
		43	* number of bytes as input length argument. Bit-oriented routine
		44	* as specified by authors is called WHIRLPOOL_BitUpdate[!] and
		45	* does not have one-stroke counterpart.
		46	*
		47	* WHIRLPOOL_BitUpdate implements byte-oriented loop, essentially
		48	* to serve WHIRLPOOL_Update. This is done for performance.
		49	*
		50	* Unlike authors' reference implementation, block processing
		51	* routine whirlpool_block is designed to operate on multi-block
		52	* input. This is done for performance.
		53	*/
		54
39	#include <endian.h>	55	#include <endian.h>
40	#include <string.h>	56	#include <string.h>
41	#include <openssl/crypto.h>
42		57
43	#include "wp_local.h"	58	#include <openssl/crypto.h>
		59	#include <openssl/whrlpool.h>
44		60
45	typedef unsigned char u8;	61	typedef unsigned char u8;
46	#if defined(_LP64)	62	#if defined(_LP64)
@@ -627,3 +643,211 @@ void whirlpool_block(WHIRLPOOL_CTX ctx,const void inp,size_t n)
627	p += 64;	643	p += 64;
628	} while(--n);	644	} while(--n);
629	}	645	}
		646
		647	int
		648	WHIRLPOOL_Init(WHIRLPOOL_CTX *c)
		649	{
		650	memset (c, 0, sizeof(*c));
		651	return (1);
		652	}
		653
		654	int
		655	WHIRLPOOL_Update(WHIRLPOOL_CTX c, const void _inp, size_t bytes)
		656	{
		657	/* Well, largest suitable chunk size actually is
		658	* (1<<(sizeof(size_t)*8-3))-64, but below number
		659	* is large enough for not to care about excessive
		660	* calls to WHIRLPOOL_BitUpdate... */
		661	size_t chunk = ((size_t)1) << (sizeof(size_t)*8 - 4);
		662	const unsigned char *inp = _inp;
		663
		664	while (bytes >= chunk) {
		665	WHIRLPOOL_BitUpdate(c, inp, chunk*8);
		666	bytes -= chunk;
		667	inp += chunk;
		668	}
		669	if (bytes)
		670	WHIRLPOOL_BitUpdate(c, inp, bytes*8);
		671
		672	return (1);
		673	}
		674
		675	void
		676	WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX c, const void _inp, size_t bits)
		677	{
		678	size_t n;
		679	unsigned int bitoff = c->bitoff,
		680	bitrem = bitoff % 8,
		681	inpgap = (8 - (unsigned int)bits % 8)&7;
		682	const unsigned char *inp = _inp;
		683
		684	/* This 256-bit increment procedure relies on the size_t
		685	* being natural size of CPU register, so that we don't
		686	* have to mask the value in order to detect overflows. */
		687	c->bitlen[0] += bits;
		688	if (c->bitlen[0] < bits) /* overflow */
		689	{
		690	n = 1;
		691	do {
		692	c->bitlen[n]++;
		693	} while (c->bitlen[n]==0 &&
		694	++n < (WHIRLPOOL_COUNTER/sizeof(size_t)));
		695	}
		696
		697	#ifndef OPENSSL_SMALL_FOOTPRINT
		698	reconsider:
		699	if (inpgap==0 && bitrem==0) /* byte-oriented loop */
		700	{
		701	while (bits) {
		702	if (bitoff == 0 && (n = bits/WHIRLPOOL_BBLOCK)) {
		703	whirlpool_block(c, inp, n);
		704	inp += n*WHIRLPOOL_BBLOCK/8;
		705	bits %= WHIRLPOOL_BBLOCK;
		706	} else {
		707	unsigned int byteoff = bitoff/8;
		708
		709	bitrem = WHIRLPOOL_BBLOCK - bitoff;/* re-use bitrem */
		710	if (bits >= bitrem) {
		711	bits -= bitrem;
		712	bitrem /= 8;
		713	memcpy(c->data + byteoff, inp, bitrem);
		714	inp += bitrem;
		715	whirlpool_block(c, c->data, 1);
		716	bitoff = 0;
		717	} else {
		718	memcpy(c->data + byteoff, inp, bits/8);
		719	bitoff += (unsigned int)bits;
		720	bits = 0;
		721	}
		722	c->bitoff = bitoff;
		723	}
		724	}
		725	}
		726	else /* bit-oriented loop */
		727	#endif
		728	{
		729	/*
		730	inp
		731	\|
		732	+-------+-------+-------
		733	\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|
		734	+-------+-------+-------
		735	+-------+-------+-------+-------+-------
		736	\|\|\|\|\|\|\|\|\|\|\|\|\|\| c->data
		737	+-------+-------+-------+-------+-------
		738	\|
		739	c->bitoff/8
		740	*/
		741	while (bits) {
		742	unsigned int byteoff = bitoff/8;
		743	unsigned char b;
		744
		745	#ifndef OPENSSL_SMALL_FOOTPRINT
		746	if (bitrem == inpgap) {
		747	c->data[byteoff++] \|= inp[0] & (0xff >> inpgap);
		748	inpgap = 8 - inpgap;
		749	bitoff += inpgap; bitrem = 0; /* bitoff%8 */
		750	bits -= inpgap; inpgap = 0; /* bits%8 */
		751	inp++;
		752	if (bitoff == WHIRLPOOL_BBLOCK) {
		753	whirlpool_block(c, c->data, 1);
		754	bitoff = 0;
		755	}
		756	c->bitoff = bitoff;
		757	goto reconsider;
		758	} else
		759	#endif
		760	if (bits >= 8) {
		761	b = ((inp[0]<<inpgap) \| (inp[1]>>(8 - inpgap)));
		762	b &= 0xff;
		763	if (bitrem)
		764	c->data[byteoff++] \|= b >> bitrem;
		765	else
		766	c->data[byteoff++] = b;
		767	bitoff += 8;
		768	bits -= 8;
		769	inp++;
		770	if (bitoff >= WHIRLPOOL_BBLOCK) {
		771	whirlpool_block(c, c->data, 1);
		772	byteoff = 0;
		773	bitoff %= WHIRLPOOL_BBLOCK;
		774	}
		775	if (bitrem)
		776	c->data[byteoff] = b << (8 - bitrem);
		777	}
		778	else /* remaining less than 8 bits */
		779	{
		780	b = (inp[0]<<inpgap)&0xff;
		781	if (bitrem)
		782	c->data[byteoff++] \|= b >> bitrem;
		783	else
		784	c->data[byteoff++] = b;
		785	bitoff += (unsigned int)bits;
		786	if (bitoff == WHIRLPOOL_BBLOCK) {
		787	whirlpool_block(c, c->data, 1);
		788	byteoff = 0;
		789	bitoff %= WHIRLPOOL_BBLOCK;
		790	}
		791	if (bitrem)
		792	c->data[byteoff] = b << (8 - bitrem);
		793	bits = 0;
		794	}
		795	c->bitoff = bitoff;
		796	}
		797	}
		798	}
		799
		800	int
		801	WHIRLPOOL_Final(unsigned char md, WHIRLPOOL_CTX c)
		802	{
		803	unsigned int bitoff = c->bitoff,
		804	byteoff = bitoff/8;
		805	size_t i, j, v;
		806	unsigned char *p;
		807
		808	bitoff %= 8;
		809	if (bitoff)
		810	c->data[byteoff] \|= 0x80 >> bitoff;
		811	else
		812	c->data[byteoff] = 0x80;
		813	byteoff++;
		814
		815	/* pad with zeros */
		816	if (byteoff > (WHIRLPOOL_BBLOCK/8 - WHIRLPOOL_COUNTER)) {
		817	if (byteoff < WHIRLPOOL_BBLOCK/8)
		818	memset(&c->data[byteoff], 0, WHIRLPOOL_BBLOCK/8 - byteoff);
		819	whirlpool_block(c, c->data, 1);
		820	byteoff = 0;
		821	}
		822	if (byteoff < (WHIRLPOOL_BBLOCK/8 - WHIRLPOOL_COUNTER))
		823	memset(&c->data[byteoff], 0,
		824	(WHIRLPOOL_BBLOCK/8 - WHIRLPOOL_COUNTER) - byteoff);
		825	/* smash 256-bit c->bitlen in big-endian order */
		826	p = &c->data[WHIRLPOOL_BBLOCK/8-1]; /* last byte in c->data */
		827	for (i = 0; i < WHIRLPOOL_COUNTER/sizeof(size_t); i++)
		828	for (v = c->bitlen[i], j = 0; j < sizeof(size_t); j++, v >>= 8)
		829	*p-- = (unsigned char)(v&0xff);
		830
		831	whirlpool_block(c, c->data, 1);
		832
		833	if (md) {
		834	memcpy(md, c->H.c, WHIRLPOOL_DIGEST_LENGTH);
		835	memset(c, 0, sizeof(*c));
		836	return (1);
		837	}
		838	return (0);
		839	}
		840
		841	unsigned char *
		842	WHIRLPOOL(const void inp, size_t bytes, unsigned char md)
		843	{
		844	WHIRLPOOL_CTX ctx;
		845	static unsigned char m[WHIRLPOOL_DIGEST_LENGTH];
		846
		847	if (md == NULL)
		848	md = m;
		849	WHIRLPOOL_Init(&ctx);
		850	WHIRLPOOL_Update(&ctx, inp, bytes);
		851	WHIRLPOOL_Final(md, &ctx);
		852	return (md);
		853	}