1*9cb04522Stb /* $OpenBSD: ripemd.c,v 1.19 2024/06/01 07:36:16 tb Exp $ */
271471113Sjsing /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
371471113Sjsing * All rights reserved.
471471113Sjsing *
571471113Sjsing * This package is an SSL implementation written
671471113Sjsing * by Eric Young (eay@cryptsoft.com).
771471113Sjsing * The implementation was written so as to conform with Netscapes SSL.
871471113Sjsing *
971471113Sjsing * This library is free for commercial and non-commercial use as long as
1071471113Sjsing * the following conditions are aheared to. The following conditions
1171471113Sjsing * apply to all code found in this distribution, be it the RC4, RSA,
1271471113Sjsing * lhash, DES, etc., code; not just the SSL code. The SSL documentation
1371471113Sjsing * included with this distribution is covered by the same copyright terms
1471471113Sjsing * except that the holder is Tim Hudson (tjh@cryptsoft.com).
1571471113Sjsing *
1671471113Sjsing * Copyright remains Eric Young's, and as such any Copyright notices in
1771471113Sjsing * the code are not to be removed.
1871471113Sjsing * If this package is used in a product, Eric Young should be given attribution
1971471113Sjsing * as the author of the parts of the library used.
2071471113Sjsing * This can be in the form of a textual message at program startup or
2171471113Sjsing * in documentation (online or textual) provided with the package.
2271471113Sjsing *
2371471113Sjsing * Redistribution and use in source and binary forms, with or without
2471471113Sjsing * modification, are permitted provided that the following conditions
2571471113Sjsing * are met:
2671471113Sjsing * 1. Redistributions of source code must retain the copyright
2771471113Sjsing * notice, this list of conditions and the following disclaimer.
2871471113Sjsing * 2. Redistributions in binary form must reproduce the above copyright
2971471113Sjsing * notice, this list of conditions and the following disclaimer in the
3071471113Sjsing * documentation and/or other materials provided with the distribution.
3171471113Sjsing * 3. All advertising materials mentioning features or use of this software
3271471113Sjsing * must display the following acknowledgement:
3371471113Sjsing * "This product includes cryptographic software written by
3471471113Sjsing * Eric Young (eay@cryptsoft.com)"
3571471113Sjsing * The word 'cryptographic' can be left out if the rouines from the library
3671471113Sjsing * being used are not cryptographic related :-).
3771471113Sjsing * 4. If you include any Windows specific code (or a derivative thereof) from
3871471113Sjsing * the apps directory (application code) you must include an acknowledgement:
3971471113Sjsing * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
4071471113Sjsing *
4171471113Sjsing * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
4271471113Sjsing * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
4371471113Sjsing * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
4471471113Sjsing * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
4571471113Sjsing * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
4671471113Sjsing * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
4771471113Sjsing * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
4871471113Sjsing * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
4971471113Sjsing * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
5071471113Sjsing * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
5171471113Sjsing * SUCH DAMAGE.
5271471113Sjsing *
5371471113Sjsing * The licence and distribution terms for any publically available version or
5471471113Sjsing * derivative of this code cannot be changed. i.e. this code cannot simply be
5571471113Sjsing * copied and put under another distribution licence
5671471113Sjsing * [including the GNU Public Licence.]
5771471113Sjsing */
5871471113Sjsing
5971471113Sjsing #include <stdio.h>
6071471113Sjsing #include <stdlib.h>
6171471113Sjsing #include <string.h>
622646ee00Sjsing
6371471113Sjsing #include <openssl/opensslconf.h>
642646ee00Sjsing
652646ee00Sjsing #include <openssl/crypto.h>
6671471113Sjsing #include <openssl/ripemd.h>
6771471113Sjsing
68792546e7Sjsing #include "crypto_internal.h"
69792546e7Sjsing
70792546e7Sjsing /* Ensure that SHA_LONG and uint32_t are equivalent sizes. */
71792546e7Sjsing CTASSERT(sizeof(RIPEMD160_LONG) == sizeof(uint32_t));
72792546e7Sjsing
7371471113Sjsing #if 0
7471471113Sjsing #define F1(x,y,z) ((x)^(y)^(z))
7571471113Sjsing #define F2(x,y,z) (((x)&(y))|((~x)&z))
7671471113Sjsing #define F3(x,y,z) (((x)|(~y))^(z))
7771471113Sjsing #define F4(x,y,z) (((x)&(z))|((y)&(~(z))))
7871471113Sjsing #define F5(x,y,z) ((x)^((y)|(~(z))))
7971471113Sjsing #else
8071471113Sjsing /*
8171471113Sjsing * Transformed F2 and F4 are courtesy of Wei Dai <weidai@eskimo.com>
8271471113Sjsing */
8371471113Sjsing #define F1(x,y,z) ((x) ^ (y) ^ (z))
8471471113Sjsing #define F2(x,y,z) ((((y) ^ (z)) & (x)) ^ (z))
8571471113Sjsing #define F3(x,y,z) (((~(y)) | (x)) ^ (z))
8671471113Sjsing #define F4(x,y,z) ((((x) ^ (y)) & (z)) ^ (y))
8771471113Sjsing #define F5(x,y,z) (((~(z)) | (y)) ^ (x))
8871471113Sjsing #endif
8971471113Sjsing
900428e55cSjsing #define KL0 0x00000000L
910428e55cSjsing #define KL1 0x5A827999L
920428e55cSjsing #define KL2 0x6ED9EBA1L
930428e55cSjsing #define KL3 0x8F1BBCDCL
940428e55cSjsing #define KL4 0xA953FD4EL
950428e55cSjsing
960428e55cSjsing #define KR0 0x50A28BE6L
970428e55cSjsing #define KR1 0x5C4DD124L
980428e55cSjsing #define KR2 0x6D703EF3L
990428e55cSjsing #define KR3 0x7A6D76E9L
1000428e55cSjsing #define KR4 0x00000000L
10171471113Sjsing
10271471113Sjsing #define RIP1(a,b,c,d,e,w,s) { \
10366354b7bSjsing a+=F1(b,c,d)+w; \
104792546e7Sjsing a=crypto_rol_u32(a,s)+e; \
105792546e7Sjsing c=crypto_rol_u32(c,10); }
10671471113Sjsing
10771471113Sjsing #define RIP2(a,b,c,d,e,w,s,K) { \
10866354b7bSjsing a+=F2(b,c,d)+w+K; \
109792546e7Sjsing a=crypto_rol_u32(a,s)+e; \
110792546e7Sjsing c=crypto_rol_u32(c,10); }
11171471113Sjsing
11271471113Sjsing #define RIP3(a,b,c,d,e,w,s,K) { \
11366354b7bSjsing a+=F3(b,c,d)+w+K; \
114792546e7Sjsing a=crypto_rol_u32(a,s)+e; \
115792546e7Sjsing c=crypto_rol_u32(c,10); }
11671471113Sjsing
11771471113Sjsing #define RIP4(a,b,c,d,e,w,s,K) { \
11866354b7bSjsing a+=F4(b,c,d)+w+K; \
119792546e7Sjsing a=crypto_rol_u32(a,s)+e; \
120792546e7Sjsing c=crypto_rol_u32(c,10); }
12171471113Sjsing
12271471113Sjsing #define RIP5(a,b,c,d,e,w,s,K) { \
12366354b7bSjsing a+=F5(b,c,d)+w+K; \
124792546e7Sjsing a=crypto_rol_u32(a,s)+e; \
125792546e7Sjsing c=crypto_rol_u32(c,10); }
12671471113Sjsing
12792feb87fSjsing static void
ripemd160_block_data_order(RIPEMD160_CTX * ctx,const void * _in,size_t num)128d7368aa8Sjsing ripemd160_block_data_order(RIPEMD160_CTX *ctx, const void *_in, size_t num)
12971471113Sjsing {
130d7368aa8Sjsing const uint8_t *in = _in;
131d7368aa8Sjsing const RIPEMD160_LONG *in32;
132cd67cc31Sjsing unsigned int A, B, C, D, E;
133d7368aa8Sjsing unsigned int a, b, c, d, e;
134390c0236Sjsing unsigned int X0, X1, X2, X3, X4, X5, X6, X7,
135390c0236Sjsing X8, X9, X10, X11, X12, X13, X14, X15;
13671471113Sjsing
13771471113Sjsing for (; num--; ) {
13871471113Sjsing A = ctx->A;
13971471113Sjsing B = ctx->B;
14071471113Sjsing C = ctx->C;
14171471113Sjsing D = ctx->D;
14271471113Sjsing E = ctx->E;
14371471113Sjsing
144d7368aa8Sjsing if ((uintptr_t)in % 4 == 0) {
145d7368aa8Sjsing /* Input is 32 bit aligned. */
146d7368aa8Sjsing in32 = (const RIPEMD160_LONG *)in;
147d7368aa8Sjsing X0 = le32toh(in32[0]);
148d7368aa8Sjsing X1 = le32toh(in32[1]);
149d7368aa8Sjsing X2 = le32toh(in32[2]);
150d7368aa8Sjsing X3 = le32toh(in32[3]);
151d7368aa8Sjsing X4 = le32toh(in32[4]);
152d7368aa8Sjsing X5 = le32toh(in32[5]);
153d7368aa8Sjsing X6 = le32toh(in32[6]);
154d7368aa8Sjsing X7 = le32toh(in32[7]);
155d7368aa8Sjsing X8 = le32toh(in32[8]);
156d7368aa8Sjsing X9 = le32toh(in32[9]);
157d7368aa8Sjsing X10 = le32toh(in32[10]);
158d7368aa8Sjsing X11 = le32toh(in32[11]);
159d7368aa8Sjsing X12 = le32toh(in32[12]);
160d7368aa8Sjsing X13 = le32toh(in32[13]);
161d7368aa8Sjsing X14 = le32toh(in32[14]);
162d7368aa8Sjsing X15 = le32toh(in32[15]);
163d7368aa8Sjsing } else {
164d7368aa8Sjsing /* Input is not 32 bit aligned. */
165d7368aa8Sjsing X0 = crypto_load_le32toh(&in[0 * 4]);
166d7368aa8Sjsing X1 = crypto_load_le32toh(&in[1 * 4]);
167d7368aa8Sjsing X2 = crypto_load_le32toh(&in[2 * 4]);
168d7368aa8Sjsing X3 = crypto_load_le32toh(&in[3 * 4]);
169d7368aa8Sjsing X4 = crypto_load_le32toh(&in[4 * 4]);
170d7368aa8Sjsing X5 = crypto_load_le32toh(&in[5 * 4]);
171d7368aa8Sjsing X6 = crypto_load_le32toh(&in[6 * 4]);
172d7368aa8Sjsing X7 = crypto_load_le32toh(&in[7 * 4]);
173d7368aa8Sjsing X8 = crypto_load_le32toh(&in[8 * 4]);
174d7368aa8Sjsing X9 = crypto_load_le32toh(&in[9 * 4]);
175d7368aa8Sjsing X10 = crypto_load_le32toh(&in[10 * 4]);
176d7368aa8Sjsing X11 = crypto_load_le32toh(&in[11 * 4]);
177d7368aa8Sjsing X12 = crypto_load_le32toh(&in[12 * 4]);
178d7368aa8Sjsing X13 = crypto_load_le32toh(&in[13 * 4]);
179d7368aa8Sjsing X14 = crypto_load_le32toh(&in[14 * 4]);
180d7368aa8Sjsing X15 = crypto_load_le32toh(&in[15 * 4]);
181d7368aa8Sjsing }
182d7368aa8Sjsing in += RIPEMD160_CBLOCK;
183d7368aa8Sjsing
184390c0236Sjsing RIP1(A, B, C, D, E, X0, 11);
185390c0236Sjsing RIP1(E, A, B, C, D, X1, 14);
186390c0236Sjsing RIP1(D, E, A, B, C, X2, 15);
187390c0236Sjsing RIP1(C, D, E, A, B, X3, 12);
188390c0236Sjsing RIP1(B, C, D, E, A, X4, 5);
189390c0236Sjsing RIP1(A, B, C, D, E, X5, 8);
190390c0236Sjsing RIP1(E, A, B, C, D, X6, 7);
191390c0236Sjsing RIP1(D, E, A, B, C, X7, 9);
192390c0236Sjsing RIP1(C, D, E, A, B, X8, 11);
193390c0236Sjsing RIP1(B, C, D, E, A, X9, 13);
194390c0236Sjsing RIP1(A, B, C, D, E, X10, 14);
195390c0236Sjsing RIP1(E, A, B, C, D, X11, 15);
196390c0236Sjsing RIP1(D, E, A, B, C, X12, 6);
197390c0236Sjsing RIP1(C, D, E, A, B, X13, 7);
198390c0236Sjsing RIP1(B, C, D, E, A, X14, 9);
199390c0236Sjsing RIP1(A, B, C, D, E, X15, 8);
20071471113Sjsing
201390c0236Sjsing RIP2(E, A, B, C, D, X7, 7, KL1);
202390c0236Sjsing RIP2(D, E, A, B, C, X4, 6, KL1);
203390c0236Sjsing RIP2(C, D, E, A, B, X13, 8, KL1);
204390c0236Sjsing RIP2(B, C, D, E, A, X1, 13, KL1);
205390c0236Sjsing RIP2(A, B, C, D, E, X10, 11, KL1);
206390c0236Sjsing RIP2(E, A, B, C, D, X6, 9, KL1);
207390c0236Sjsing RIP2(D, E, A, B, C, X15, 7, KL1);
208390c0236Sjsing RIP2(C, D, E, A, B, X3, 15, KL1);
209390c0236Sjsing RIP2(B, C, D, E, A, X12, 7, KL1);
210390c0236Sjsing RIP2(A, B, C, D, E, X0, 12, KL1);
211390c0236Sjsing RIP2(E, A, B, C, D, X9, 15, KL1);
212390c0236Sjsing RIP2(D, E, A, B, C, X5, 9, KL1);
213390c0236Sjsing RIP2(C, D, E, A, B, X2, 11, KL1);
214390c0236Sjsing RIP2(B, C, D, E, A, X14, 7, KL1);
215390c0236Sjsing RIP2(A, B, C, D, E, X11, 13, KL1);
216390c0236Sjsing RIP2(E, A, B, C, D, X8, 12, KL1);
21771471113Sjsing
218390c0236Sjsing RIP3(D, E, A, B, C, X3, 11, KL2);
219390c0236Sjsing RIP3(C, D, E, A, B, X10, 13, KL2);
220390c0236Sjsing RIP3(B, C, D, E, A, X14, 6, KL2);
221390c0236Sjsing RIP3(A, B, C, D, E, X4, 7, KL2);
222390c0236Sjsing RIP3(E, A, B, C, D, X9, 14, KL2);
223390c0236Sjsing RIP3(D, E, A, B, C, X15, 9, KL2);
224390c0236Sjsing RIP3(C, D, E, A, B, X8, 13, KL2);
225390c0236Sjsing RIP3(B, C, D, E, A, X1, 15, KL2);
226390c0236Sjsing RIP3(A, B, C, D, E, X2, 14, KL2);
227390c0236Sjsing RIP3(E, A, B, C, D, X7, 8, KL2);
228390c0236Sjsing RIP3(D, E, A, B, C, X0, 13, KL2);
229390c0236Sjsing RIP3(C, D, E, A, B, X6, 6, KL2);
230390c0236Sjsing RIP3(B, C, D, E, A, X13, 5, KL2);
231390c0236Sjsing RIP3(A, B, C, D, E, X11, 12, KL2);
232390c0236Sjsing RIP3(E, A, B, C, D, X5, 7, KL2);
233390c0236Sjsing RIP3(D, E, A, B, C, X12, 5, KL2);
23471471113Sjsing
235390c0236Sjsing RIP4(C, D, E, A, B, X1, 11, KL3);
236390c0236Sjsing RIP4(B, C, D, E, A, X9, 12, KL3);
237390c0236Sjsing RIP4(A, B, C, D, E, X11, 14, KL3);
238390c0236Sjsing RIP4(E, A, B, C, D, X10, 15, KL3);
239390c0236Sjsing RIP4(D, E, A, B, C, X0, 14, KL3);
240390c0236Sjsing RIP4(C, D, E, A, B, X8, 15, KL3);
241390c0236Sjsing RIP4(B, C, D, E, A, X12, 9, KL3);
242390c0236Sjsing RIP4(A, B, C, D, E, X4, 8, KL3);
243390c0236Sjsing RIP4(E, A, B, C, D, X13, 9, KL3);
244390c0236Sjsing RIP4(D, E, A, B, C, X3, 14, KL3);
245390c0236Sjsing RIP4(C, D, E, A, B, X7, 5, KL3);
246390c0236Sjsing RIP4(B, C, D, E, A, X15, 6, KL3);
247390c0236Sjsing RIP4(A, B, C, D, E, X14, 8, KL3);
248390c0236Sjsing RIP4(E, A, B, C, D, X5, 6, KL3);
249390c0236Sjsing RIP4(D, E, A, B, C, X6, 5, KL3);
250390c0236Sjsing RIP4(C, D, E, A, B, X2, 12, KL3);
25171471113Sjsing
252390c0236Sjsing RIP5(B, C, D, E, A, X4, 9, KL4);
253390c0236Sjsing RIP5(A, B, C, D, E, X0, 15, KL4);
254390c0236Sjsing RIP5(E, A, B, C, D, X5, 5, KL4);
255390c0236Sjsing RIP5(D, E, A, B, C, X9, 11, KL4);
256390c0236Sjsing RIP5(C, D, E, A, B, X7, 6, KL4);
257390c0236Sjsing RIP5(B, C, D, E, A, X12, 8, KL4);
258390c0236Sjsing RIP5(A, B, C, D, E, X2, 13, KL4);
259390c0236Sjsing RIP5(E, A, B, C, D, X10, 12, KL4);
260390c0236Sjsing RIP5(D, E, A, B, C, X14, 5, KL4);
261390c0236Sjsing RIP5(C, D, E, A, B, X1, 12, KL4);
262390c0236Sjsing RIP5(B, C, D, E, A, X3, 13, KL4);
263390c0236Sjsing RIP5(A, B, C, D, E, X8, 14, KL4);
264390c0236Sjsing RIP5(E, A, B, C, D, X11, 11, KL4);
265390c0236Sjsing RIP5(D, E, A, B, C, X6, 8, KL4);
266390c0236Sjsing RIP5(C, D, E, A, B, X15, 5, KL4);
267390c0236Sjsing RIP5(B, C, D, E, A, X13, 6, KL4);
26871471113Sjsing
26971471113Sjsing a = A;
27071471113Sjsing b = B;
27171471113Sjsing c = C;
27271471113Sjsing d = D;
27371471113Sjsing e = E;
27471471113Sjsing /* Do other half */
27571471113Sjsing A = ctx->A;
27671471113Sjsing B = ctx->B;
27771471113Sjsing C = ctx->C;
27871471113Sjsing D = ctx->D;
27971471113Sjsing E = ctx->E;
28071471113Sjsing
281390c0236Sjsing RIP5(A, B, C, D, E, X5, 8, KR0);
282390c0236Sjsing RIP5(E, A, B, C, D, X14, 9, KR0);
283390c0236Sjsing RIP5(D, E, A, B, C, X7, 9, KR0);
284390c0236Sjsing RIP5(C, D, E, A, B, X0, 11, KR0);
285390c0236Sjsing RIP5(B, C, D, E, A, X9, 13, KR0);
286390c0236Sjsing RIP5(A, B, C, D, E, X2, 15, KR0);
287390c0236Sjsing RIP5(E, A, B, C, D, X11, 15, KR0);
288390c0236Sjsing RIP5(D, E, A, B, C, X4, 5, KR0);
289390c0236Sjsing RIP5(C, D, E, A, B, X13, 7, KR0);
290390c0236Sjsing RIP5(B, C, D, E, A, X6, 7, KR0);
291390c0236Sjsing RIP5(A, B, C, D, E, X15, 8, KR0);
292390c0236Sjsing RIP5(E, A, B, C, D, X8, 11, KR0);
293390c0236Sjsing RIP5(D, E, A, B, C, X1, 14, KR0);
294390c0236Sjsing RIP5(C, D, E, A, B, X10, 14, KR0);
295390c0236Sjsing RIP5(B, C, D, E, A, X3, 12, KR0);
296390c0236Sjsing RIP5(A, B, C, D, E, X12, 6, KR0);
29771471113Sjsing
298390c0236Sjsing RIP4(E, A, B, C, D, X6, 9, KR1);
299390c0236Sjsing RIP4(D, E, A, B, C, X11, 13, KR1);
300390c0236Sjsing RIP4(C, D, E, A, B, X3, 15, KR1);
301390c0236Sjsing RIP4(B, C, D, E, A, X7, 7, KR1);
302390c0236Sjsing RIP4(A, B, C, D, E, X0, 12, KR1);
303390c0236Sjsing RIP4(E, A, B, C, D, X13, 8, KR1);
304390c0236Sjsing RIP4(D, E, A, B, C, X5, 9, KR1);
305390c0236Sjsing RIP4(C, D, E, A, B, X10, 11, KR1);
306390c0236Sjsing RIP4(B, C, D, E, A, X14, 7, KR1);
307390c0236Sjsing RIP4(A, B, C, D, E, X15, 7, KR1);
308390c0236Sjsing RIP4(E, A, B, C, D, X8, 12, KR1);
309390c0236Sjsing RIP4(D, E, A, B, C, X12, 7, KR1);
310390c0236Sjsing RIP4(C, D, E, A, B, X4, 6, KR1);
311390c0236Sjsing RIP4(B, C, D, E, A, X9, 15, KR1);
312390c0236Sjsing RIP4(A, B, C, D, E, X1, 13, KR1);
313390c0236Sjsing RIP4(E, A, B, C, D, X2, 11, KR1);
31471471113Sjsing
315390c0236Sjsing RIP3(D, E, A, B, C, X15, 9, KR2);
316390c0236Sjsing RIP3(C, D, E, A, B, X5, 7, KR2);
317390c0236Sjsing RIP3(B, C, D, E, A, X1, 15, KR2);
318390c0236Sjsing RIP3(A, B, C, D, E, X3, 11, KR2);
319390c0236Sjsing RIP3(E, A, B, C, D, X7, 8, KR2);
320390c0236Sjsing RIP3(D, E, A, B, C, X14, 6, KR2);
321390c0236Sjsing RIP3(C, D, E, A, B, X6, 6, KR2);
322390c0236Sjsing RIP3(B, C, D, E, A, X9, 14, KR2);
323390c0236Sjsing RIP3(A, B, C, D, E, X11, 12, KR2);
324390c0236Sjsing RIP3(E, A, B, C, D, X8, 13, KR2);
325390c0236Sjsing RIP3(D, E, A, B, C, X12, 5, KR2);
326390c0236Sjsing RIP3(C, D, E, A, B, X2, 14, KR2);
327390c0236Sjsing RIP3(B, C, D, E, A, X10, 13, KR2);
328390c0236Sjsing RIP3(A, B, C, D, E, X0, 13, KR2);
329390c0236Sjsing RIP3(E, A, B, C, D, X4, 7, KR2);
330390c0236Sjsing RIP3(D, E, A, B, C, X13, 5, KR2);
33171471113Sjsing
332390c0236Sjsing RIP2(C, D, E, A, B, X8, 15, KR3);
333390c0236Sjsing RIP2(B, C, D, E, A, X6, 5, KR3);
334390c0236Sjsing RIP2(A, B, C, D, E, X4, 8, KR3);
335390c0236Sjsing RIP2(E, A, B, C, D, X1, 11, KR3);
336390c0236Sjsing RIP2(D, E, A, B, C, X3, 14, KR3);
337390c0236Sjsing RIP2(C, D, E, A, B, X11, 14, KR3);
338390c0236Sjsing RIP2(B, C, D, E, A, X15, 6, KR3);
339390c0236Sjsing RIP2(A, B, C, D, E, X0, 14, KR3);
340390c0236Sjsing RIP2(E, A, B, C, D, X5, 6, KR3);
341390c0236Sjsing RIP2(D, E, A, B, C, X12, 9, KR3);
342390c0236Sjsing RIP2(C, D, E, A, B, X2, 12, KR3);
343390c0236Sjsing RIP2(B, C, D, E, A, X13, 9, KR3);
344390c0236Sjsing RIP2(A, B, C, D, E, X9, 12, KR3);
345390c0236Sjsing RIP2(E, A, B, C, D, X7, 5, KR3);
346390c0236Sjsing RIP2(D, E, A, B, C, X10, 15, KR3);
347390c0236Sjsing RIP2(C, D, E, A, B, X14, 8, KR3);
34871471113Sjsing
349390c0236Sjsing RIP1(B, C, D, E, A, X12, 8);
350390c0236Sjsing RIP1(A, B, C, D, E, X15, 5);
351390c0236Sjsing RIP1(E, A, B, C, D, X10, 12);
352390c0236Sjsing RIP1(D, E, A, B, C, X4, 9);
353390c0236Sjsing RIP1(C, D, E, A, B, X1, 12);
354390c0236Sjsing RIP1(B, C, D, E, A, X5, 5);
355390c0236Sjsing RIP1(A, B, C, D, E, X8, 14);
356390c0236Sjsing RIP1(E, A, B, C, D, X7, 6);
357390c0236Sjsing RIP1(D, E, A, B, C, X6, 8);
358390c0236Sjsing RIP1(C, D, E, A, B, X2, 13);
359390c0236Sjsing RIP1(B, C, D, E, A, X13, 6);
360390c0236Sjsing RIP1(A, B, C, D, E, X14, 5);
361390c0236Sjsing RIP1(E, A, B, C, D, X0, 15);
362390c0236Sjsing RIP1(D, E, A, B, C, X3, 13);
363390c0236Sjsing RIP1(C, D, E, A, B, X9, 11);
364390c0236Sjsing RIP1(B, C, D, E, A, X11, 11);
36571471113Sjsing
36671471113Sjsing D = ctx->B + c + D;
36771471113Sjsing ctx->B = ctx->C + d + E;
36871471113Sjsing ctx->C = ctx->D + e + A;
36971471113Sjsing ctx->D = ctx->E + a + B;
37071471113Sjsing ctx->E = ctx->A + b + C;
37171471113Sjsing ctx->A = D;
37271471113Sjsing }
37371471113Sjsing }
37471471113Sjsing
3753f6e5597Sjsing int
RIPEMD160_Init(RIPEMD160_CTX * c)3763f6e5597Sjsing RIPEMD160_Init(RIPEMD160_CTX *c)
3773f6e5597Sjsing {
3783f6e5597Sjsing memset(c, 0, sizeof(*c));
379b3a1fd4eSjsing
380b3a1fd4eSjsing c->A = 0x67452301UL;
381b3a1fd4eSjsing c->B = 0xEFCDAB89UL;
382b3a1fd4eSjsing c->C = 0x98BADCFEUL;
383b3a1fd4eSjsing c->D = 0x10325476UL;
384b3a1fd4eSjsing c->E = 0xC3D2E1F0UL;
385b3a1fd4eSjsing
3863f6e5597Sjsing return 1;
3873f6e5597Sjsing }
3881abe9018Sjoshua LCRYPTO_ALIAS(RIPEMD160_Init);
3893f6e5597Sjsing
3903f6e5597Sjsing int
RIPEMD160_Update(RIPEMD160_CTX * c,const void * data_,size_t len)3918e0deacdSjsing RIPEMD160_Update(RIPEMD160_CTX *c, const void *data_, size_t len)
3923f6e5597Sjsing {
3933f6e5597Sjsing const unsigned char *data = data_;
3943f6e5597Sjsing unsigned char *p;
3958e0deacdSjsing RIPEMD160_LONG l;
3963f6e5597Sjsing size_t n;
3973f6e5597Sjsing
3983f6e5597Sjsing if (len == 0)
3993f6e5597Sjsing return 1;
4003f6e5597Sjsing
4018e0deacdSjsing l = (c->Nl + (((RIPEMD160_LONG)len) << 3))&0xffffffffUL;
4023f6e5597Sjsing /* 95-05-24 eay Fixed a bug with the overflow handling, thanks to
4033f6e5597Sjsing * Wei Dai <weidai@eskimo.com> for pointing it out. */
4043f6e5597Sjsing if (l < c->Nl) /* overflow */
4053f6e5597Sjsing c->Nh++;
4068e0deacdSjsing c->Nh+=(RIPEMD160_LONG)(len>>29); /* might cause compiler warning on 16-bit */
4073f6e5597Sjsing c->Nl = l;
4083f6e5597Sjsing
4093f6e5597Sjsing n = c->num;
4103f6e5597Sjsing if (n != 0) {
4113f6e5597Sjsing p = (unsigned char *)c->data;
4123f6e5597Sjsing
4138e0deacdSjsing if (len >= RIPEMD160_CBLOCK || len + n >= RIPEMD160_CBLOCK) {
4148e0deacdSjsing memcpy(p + n, data, RIPEMD160_CBLOCK - n);
4158e0deacdSjsing ripemd160_block_data_order(c, p, 1);
4168e0deacdSjsing n = RIPEMD160_CBLOCK - n;
4173f6e5597Sjsing data += n;
4183f6e5597Sjsing len -= n;
4193f6e5597Sjsing c->num = 0;
4208e0deacdSjsing memset(p, 0, RIPEMD160_CBLOCK); /* keep it zeroed */
4213f6e5597Sjsing } else {
4223f6e5597Sjsing memcpy(p + n, data, len);
4233f6e5597Sjsing c->num += (unsigned int)len;
4243f6e5597Sjsing return 1;
4253f6e5597Sjsing }
4263f6e5597Sjsing }
4273f6e5597Sjsing
4288e0deacdSjsing n = len/RIPEMD160_CBLOCK;
4293f6e5597Sjsing if (n > 0) {
4308e0deacdSjsing ripemd160_block_data_order(c, data, n);
4318e0deacdSjsing n *= RIPEMD160_CBLOCK;
4323f6e5597Sjsing data += n;
4333f6e5597Sjsing len -= n;
4343f6e5597Sjsing }
4353f6e5597Sjsing
4363f6e5597Sjsing if (len != 0) {
4373f6e5597Sjsing p = (unsigned char *)c->data;
4383f6e5597Sjsing c->num = (unsigned int)len;
4393f6e5597Sjsing memcpy(p, data, len);
4403f6e5597Sjsing }
4413f6e5597Sjsing return 1;
4423f6e5597Sjsing }
4431abe9018Sjoshua LCRYPTO_ALIAS(RIPEMD160_Update);
4443f6e5597Sjsing
4458e0deacdSjsing void
RIPEMD160_Transform(RIPEMD160_CTX * c,const unsigned char * data)4468e0deacdSjsing RIPEMD160_Transform(RIPEMD160_CTX *c, const unsigned char *data)
4473f6e5597Sjsing {
4488e0deacdSjsing ripemd160_block_data_order(c, data, 1);
4493f6e5597Sjsing }
4501abe9018Sjoshua LCRYPTO_ALIAS(RIPEMD160_Transform);
4513f6e5597Sjsing
4528e0deacdSjsing int
RIPEMD160_Final(unsigned char * md,RIPEMD160_CTX * c)4538e0deacdSjsing RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c)
4543f6e5597Sjsing {
4553f6e5597Sjsing unsigned char *p = (unsigned char *)c->data;
4563f6e5597Sjsing size_t n = c->num;
4573f6e5597Sjsing
4583f6e5597Sjsing p[n] = 0x80; /* there is always room for one */
4593f6e5597Sjsing n++;
4603f6e5597Sjsing
4618e0deacdSjsing if (n > (RIPEMD160_CBLOCK - 8)) {
4628e0deacdSjsing memset(p + n, 0, RIPEMD160_CBLOCK - n);
4633f6e5597Sjsing n = 0;
4648e0deacdSjsing ripemd160_block_data_order(c, p, 1);
4653f6e5597Sjsing }
4663f6e5597Sjsing
467d7368aa8Sjsing memset(p + n, 0, RIPEMD160_CBLOCK - 8 - n);
468d7368aa8Sjsing c->data[RIPEMD160_LBLOCK - 2] = htole32(c->Nl);
469d7368aa8Sjsing c->data[RIPEMD160_LBLOCK - 1] = htole32(c->Nh);
470d7368aa8Sjsing
4718e0deacdSjsing ripemd160_block_data_order(c, p, 1);
4723f6e5597Sjsing c->num = 0;
4738e0deacdSjsing memset(p, 0, RIPEMD160_CBLOCK);
4743f6e5597Sjsing
475d7368aa8Sjsing crypto_store_htole32(&md[0 * 4], c->A);
476d7368aa8Sjsing crypto_store_htole32(&md[1 * 4], c->B);
477d7368aa8Sjsing crypto_store_htole32(&md[2 * 4], c->C);
478d7368aa8Sjsing crypto_store_htole32(&md[3 * 4], c->D);
479d7368aa8Sjsing crypto_store_htole32(&md[4 * 4], c->E);
4803f6e5597Sjsing
4813f6e5597Sjsing return 1;
4823f6e5597Sjsing }
4831abe9018Sjoshua LCRYPTO_ALIAS(RIPEMD160_Final);
4843f6e5597Sjsing
48571471113Sjsing unsigned char *
RIPEMD160(const unsigned char * d,size_t n,unsigned char * md)486*9cb04522Stb RIPEMD160(const unsigned char *d, size_t n, unsigned char *md)
48771471113Sjsing {
48871471113Sjsing RIPEMD160_CTX c;
48971471113Sjsing
49071471113Sjsing if (!RIPEMD160_Init(&c))
49171471113Sjsing return NULL;
49271471113Sjsing RIPEMD160_Update(&c, d, n);
49371471113Sjsing RIPEMD160_Final(md, &c);
49471471113Sjsing explicit_bzero(&c, sizeof(c));
49571471113Sjsing return (md);
49671471113Sjsing }
4971abe9018Sjoshua LCRYPTO_ALIAS(RIPEMD160);
498