boringssl/crypto/digest/md32_common.h
David Benjamin 17cf2cb1d2 Work around language and compiler bug in memcpy, etc.
Most C standard library functions are undefined if passed NULL, even
when the corresponding length is zero. This gives them (and, in turn,
all functions which call them) surprising behavior on empty arrays.
Some compilers will miscompile code due to this rule. See also
https://www.imperialviolet.org/2016/06/26/nonnull.html

Add OPENSSL_memcpy, etc., wrappers which avoid this problem.

BUG=23

Change-Id: I95f42b23e92945af0e681264fffaf578e7f8465e
Reviewed-on: https://boringssl-review.googlesource.com/12928
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>
2016-12-21 20:34:47 +00:00

275 lines
8.7 KiB
C

/* ====================================================================
* Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ==================================================================== */
#ifndef OPENSSL_HEADER_MD32_COMMON_H
#define OPENSSL_HEADER_MD32_COMMON_H
#include <openssl/base.h>
#include <assert.h>
#include "../internal.h"
#if defined(__cplusplus)
extern "C" {
#endif
/* This is a generic 32-bit "collector" for message digest algorithms. It
* collects input character stream into chunks of 32-bit values and invokes the
* block function that performs the actual hash calculations. To make use of
* this mechanism, the following macros must be defined before including
* md32_common.h.
*
* One of |DATA_ORDER_IS_BIG_ENDIAN| or |DATA_ORDER_IS_LITTLE_ENDIAN| must be
* defined to specify the byte order of the input stream.
*
* |HASH_CBLOCK| must be defined as the integer block size, in bytes.
*
* |HASH_CTX| must be defined as the name of the context structure, which must
* have at least the following members:
*
* typedef struct <name>_state_st {
* uint32_t h[<chaining length> / sizeof(uint32_t)];
* uint32_t Nl, Nh;
* uint8_t data[HASH_CBLOCK];
* unsigned num;
* ...
* } <NAME>_CTX;
*
* <chaining length> is the output length of the hash in bytes, before
* any truncation (e.g. 64 for SHA-224 and SHA-256, 128 for SHA-384 and
* SHA-512).
*
* |HASH_UPDATE| must be defined as the name of the "Update" function to
* generate.
*
* |HASH_TRANSFORM| must be defined as the the name of the "Transform"
* function to generate.
*
* |HASH_FINAL| must be defined as the name of "Final" function to generate.
*
* |HASH_BLOCK_DATA_ORDER| must be defined as the name of the "Block" function.
* That function must be implemented manually. It must be capable of operating
* on *unaligned* input data in its original (data) byte order. It must have
* this signature:
*
* void HASH_BLOCK_DATA_ORDER(uint32_t *state, const uint8_t *data,
* size_t num);
*
* It must update the hash state |state| with |num| blocks of data from |data|,
* where each block is |HASH_CBLOCK| bytes; i.e. |data| points to a array of
* |HASH_CBLOCK * num| bytes. |state| points to the |h| member of a |HASH_CTX|,
* and so will have |<chaining length> / sizeof(uint32_t)| elements.
*
* |HASH_MAKE_STRING(c, s)| must be defined as a block statement that converts
* the hash state |c->h| into the output byte order, storing the result in |s|.
*/
#if !defined(DATA_ORDER_IS_BIG_ENDIAN) && !defined(DATA_ORDER_IS_LITTLE_ENDIAN)
#error "DATA_ORDER must be defined!"
#endif
#ifndef HASH_CBLOCK
#error "HASH_CBLOCK must be defined!"
#endif
#ifndef HASH_CTX
#error "HASH_CTX must be defined!"
#endif
#ifndef HASH_UPDATE
#error "HASH_UPDATE must be defined!"
#endif
#ifndef HASH_TRANSFORM
#error "HASH_TRANSFORM must be defined!"
#endif
#ifndef HASH_FINAL
#error "HASH_FINAL must be defined!"
#endif
#ifndef HASH_BLOCK_DATA_ORDER
#error "HASH_BLOCK_DATA_ORDER must be defined!"
#endif
#ifndef HASH_MAKE_STRING
#error "HASH_MAKE_STRING must be defined!"
#endif
#if defined(DATA_ORDER_IS_BIG_ENDIAN)
#define HOST_c2l(c, l) \
do { \
(l) = (((uint32_t)(*((c)++))) << 24); \
(l) |= (((uint32_t)(*((c)++))) << 16); \
(l) |= (((uint32_t)(*((c)++))) << 8); \
(l) |= (((uint32_t)(*((c)++)))); \
} while (0)
#define HOST_l2c(l, c) \
do { \
*((c)++) = (uint8_t)(((l) >> 24) & 0xff); \
*((c)++) = (uint8_t)(((l) >> 16) & 0xff); \
*((c)++) = (uint8_t)(((l) >> 8) & 0xff); \
*((c)++) = (uint8_t)(((l)) & 0xff); \
} while (0)
#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
#define HOST_c2l(c, l) \
do { \
(l) = (((uint32_t)(*((c)++)))); \
(l) |= (((uint32_t)(*((c)++))) << 8); \
(l) |= (((uint32_t)(*((c)++))) << 16); \
(l) |= (((uint32_t)(*((c)++))) << 24); \
} while (0)
#define HOST_l2c(l, c) \
do { \
*((c)++) = (uint8_t)(((l)) & 0xff); \
*((c)++) = (uint8_t)(((l) >> 8) & 0xff); \
*((c)++) = (uint8_t)(((l) >> 16) & 0xff); \
*((c)++) = (uint8_t)(((l) >> 24) & 0xff); \
} while (0)
#endif /* DATA_ORDER */
int HASH_UPDATE(HASH_CTX *c, const void *data_, size_t len) {
const uint8_t *data = data_;
if (len == 0) {
return 1;
}
uint32_t l = c->Nl + (((uint32_t)len) << 3);
if (l < c->Nl) {
/* Handle carries. */
c->Nh++;
}
c->Nh += (uint32_t)(len >> 29);
c->Nl = l;
size_t n = c->num;
if (n != 0) {
if (len >= HASH_CBLOCK || len + n >= HASH_CBLOCK) {
OPENSSL_memcpy(c->data + n, data, HASH_CBLOCK - n);
HASH_BLOCK_DATA_ORDER(c->h, c->data, 1);
n = HASH_CBLOCK - n;
data += n;
len -= n;
c->num = 0;
/* Keep |c->data| zeroed when unused. */
OPENSSL_memset(c->data, 0, HASH_CBLOCK);
} else {
OPENSSL_memcpy(c->data + n, data, len);
c->num += (unsigned)len;
return 1;
}
}
n = len / HASH_CBLOCK;
if (n > 0) {
HASH_BLOCK_DATA_ORDER(c->h, data, n);
n *= HASH_CBLOCK;
data += n;
len -= n;
}
if (len != 0) {
c->num = (unsigned)len;
OPENSSL_memcpy(c->data, data, len);
}
return 1;
}
void HASH_TRANSFORM(HASH_CTX *c, const uint8_t *data) {
HASH_BLOCK_DATA_ORDER(c->h, data, 1);
}
int HASH_FINAL(uint8_t *md, HASH_CTX *c) {
/* |c->data| always has room for at least one byte. A full block would have
* been consumed. */
size_t n = c->num;
assert(n < HASH_CBLOCK);
c->data[n] = 0x80;
n++;
/* Fill the block with zeros if there isn't room for a 64-bit length. */
if (n > (HASH_CBLOCK - 8)) {
OPENSSL_memset(c->data + n, 0, HASH_CBLOCK - n);
n = 0;
HASH_BLOCK_DATA_ORDER(c->h, c->data, 1);
}
OPENSSL_memset(c->data + n, 0, HASH_CBLOCK - 8 - n);
/* Append a 64-bit length to the block and process it. */
uint8_t *p = c->data + HASH_CBLOCK - 8;
#if defined(DATA_ORDER_IS_BIG_ENDIAN)
HOST_l2c(c->Nh, p);
HOST_l2c(c->Nl, p);
#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
HOST_l2c(c->Nl, p);
HOST_l2c(c->Nh, p);
#endif
assert(p == c->data + HASH_CBLOCK);
HASH_BLOCK_DATA_ORDER(c->h, c->data, 1);
c->num = 0;
OPENSSL_memset(c->data, 0, HASH_CBLOCK);
HASH_MAKE_STRING(c, md);
return 1;
}
#if defined(__cplusplus)
} /* extern C */
#endif
#endif /* OPENSSL_HEADER_MD32_COMMON_H */