| blob | efdf4cd2a31ef6242ff89e1ebce46448a2f5370a |
1 /*
2 * This is an OpenSSL-compatible implementation of the RSA Data Security, Inc.
3 * MD5 Message-Digest Algorithm (RFC 1321).
4 *
5 * Homepage:
6 * http://openwall.info/wiki/people/solar/software/public-domain-source-code/md5
7 *
8 * Author:
9 * Alexander Peslyak, better known as Solar Designer <solar at openwall.com>
10 *
11 * This software was written by Alexander Peslyak in 2001. No copyright is
12 * claimed, and the software is hereby placed in the public domain.
13 * In case this attempt to disclaim copyright and place the software in the
14 * public domain is deemed null and void, then the software is
15 * Copyright (c) 2001 Alexander Peslyak and it is hereby released to the
16 * general public under the following terms:
17 *
18 * Redistribution and use in source and binary forms, with or without
19 * modification, are permitted.
20 *
21 * There's ABSOLUTELY NO WARRANTY, express or implied.
22 *
23 * (This is a heavily cut-down "BSD license".)
24 *
25 * This differs from Colin Plumb's older public domain implementation in that
26 * no exactly 32-bit integer data type is required (any 32-bit or wider
27 * unsigned integer data type will do), there's no compile-time endianness
28 * configuration, and the function prototypes match OpenSSL's. No code from
29 * Colin Plumb's implementation has been reused; this comment merely compares
30 * the properties of the two independent implementations.
31 *
32 * The primary goals of this implementation are portability and ease of use.
33 * It is meant to be fast, but not as fast as possible. Some known
34 * optimizations are not included to reduce source code size and avoid
35 * compile-time configuration.
36 */
41 #include <string.h>
44 /*
45 * The basic MD5 functions.
46 *
47 * F and G are optimized compared to their RFC 1321 definitions for
48 * architectures that lack an AND-NOT instruction, just like in Colin Plumb's
49 * implementation.
50 */
51 #define F(x, y, z) ((z) ^ ((x) & ((y) ^ (z))))
52 #define G(x, y, z) ((y) ^ ((z) & ((x) ^ (y))))
53 #define H(x, y, z) ((x) ^ (y) ^ (z))
54 #define I(x, y, z) ((y) ^ ((x) | ~(z)))
56 /*
57 * The MD5 transformation for all four rounds.
58 */
59 #define STEP(f, a, b, c, d, x, t, s) \
60 (a) += f((b), (c), (d)) + (x) + (t); \
61 (a) = (((a) << (s)) | (((a) & 0xffffffff) >> (32 - (s)))); \
62 (a) += (b);
64 /*
65 * SET reads 4 input bytes in little-endian byte order and stores them
66 * in a properly aligned word in host byte order.
67 *
68 * The check for little-endian architectures that tolerate unaligned
69 * memory accesses is just an optimization. Nothing will break if it
70 * doesn't work.
71 */
72 #if defined(__i386__) || defined(__x86_64__) || defined(__vax__)
73 #define SET(n) \
74 (*(MD5_u32plus *)&ptr[(n) * 4])
75 #define GET(n) \
76 SET(n)
77 #else
78 #define SET(n) \
79 (ctx->block[(n)] = \
80 (MD5_u32plus)ptr[(n) * 4] | \
81 ((MD5_u32plus)ptr[(n) * 4 + 1] << 8) | \
82 ((MD5_u32plus)ptr[(n) * 4 + 2] << 16) | \
83 ((MD5_u32plus)ptr[(n) * 4 + 3] << 24))
84 #define GET(n) \
85 (ctx->block[(n)])
86 #endif
88 /*
89 * This processes one or more 64-byte data blocks, but does NOT update
90 * the bit counters. There are no alignment requirements.
91 */
93 {
111 /* Round 1 */
129 /* Round 2 */
147 /* Round 3 */
165 /* Round 4 */
197 }
200 {
208 }
211 {
212 MD5_u32plus saved_lo;
228 }
234 }
239 }
242 }
245 {
259 }
293 }