RubyGems - grpc - Versions diffs - 1.37.0.pre1 → 1.39.0.pre1 - Mend

grpc 1.37.0.pre1 → 1.39.0.pre1

Potentially problematic release.

This version of grpc might be problematic. Click here for more details.

Files changed (636) hide show

data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519.c CHANGED Viewed

@@ -820,7 +820,7 @@ static void table_select(ge_precomp *t, int pos, signed char b) {
 //
 // Preconditions:
 //   a[31] <= 127
-void x25519_ge_scalarmult_base(ge_p3 *h, const uint8_t *a) {
+void x25519_ge_scalarmult_base(ge_p3 *h, const uint8_t a[32]) {
   signed char e[64];
   signed char carry;
   ge_p1p1 r;

data/third_party/boringssl-with-bazel/src/crypto/curve25519/internal.h CHANGED Viewed

@@ -106,7 +106,7 @@ typedef struct {
 } ge_cached;
 void x25519_ge_tobytes(uint8_t s[32], const ge_p2 *h);
-int x25519_ge_frombytes_vartime(ge_p3 *h, const uint8_t *s);
+int x25519_ge_frombytes_vartime(ge_p3 *h, const uint8_t s[32]);
 void x25519_ge_p3_to_cached(ge_cached *r, const ge_p3 *p);
 void x25519_ge_p1p1_to_p2(ge_p2 *r, const ge_p1p1 *p);
 void x25519_ge_p1p1_to_p3(ge_p3 *r, const ge_p1p1 *p);

data/third_party/boringssl-with-bazel/src/crypto/err/err.c CHANGED Viewed

@@ -368,84 +368,6 @@ void ERR_clear_system_error(void) {
   errno = 0;
 }
-char *ERR_error_string(uint32_t packed_error, char *ret) {
-  static char buf[ERR_ERROR_STRING_BUF_LEN];
-  if (ret == NULL) {
-    // TODO(fork): remove this.
-    ret = buf;
-  }
-#if !defined(NDEBUG)
-  // This is aimed to help catch callers who don't provide
-  // |ERR_ERROR_STRING_BUF_LEN| bytes of space.
-  OPENSSL_memset(ret, 0, ERR_ERROR_STRING_BUF_LEN);
-#endif
-  return ERR_error_string_n(packed_error, ret, ERR_ERROR_STRING_BUF_LEN);
-}
-char *ERR_error_string_n(uint32_t packed_error, char *buf, size_t len) {
-  char lib_buf[64], reason_buf[64];
-  const char *lib_str, *reason_str;
-  unsigned lib, reason;
-  if (len == 0) {
-    return NULL;
-  }
-  lib = ERR_GET_LIB(packed_error);
-  reason = ERR_GET_REASON(packed_error);
-  lib_str = ERR_lib_error_string(packed_error);
-  reason_str = ERR_reason_error_string(packed_error);
-  if (lib_str == NULL) {
-    BIO_snprintf(lib_buf, sizeof(lib_buf), "lib(%u)", lib);
-    lib_str = lib_buf;
-  }
- if (reason_str == NULL) {
-    BIO_snprintf(reason_buf, sizeof(reason_buf), "reason(%u)", reason);
-    reason_str = reason_buf;
-  }
-  BIO_snprintf(buf, len, "error:%08" PRIx32 ":%s:OPENSSL_internal:%s",
-               packed_error, lib_str, reason_str);
-  if (strlen(buf) == len - 1) {
-    // output may be truncated; make sure we always have 5 colon-separated
-    // fields, i.e. 4 colons.
-    static const unsigned num_colons = 4;
-    unsigned i;
-    char *s = buf;
-    if (len <= num_colons) {
-      // In this situation it's not possible to ensure that the correct number
-      // of colons are included in the output.
-      return buf;
-    }
-    for (i = 0; i < num_colons; i++) {
-      char *colon = strchr(s, ':');
-      char *last_pos = &buf[len - 1] - num_colons + i;
-      if (colon == NULL || colon > last_pos) {
-        // set colon |i| at last possible position (buf[len-1] is the
-        // terminating 0). If we're setting this colon, then all whole of the
-        // rest of the string must be colons in order to have the correct
-        // number.
-        OPENSSL_memset(last_pos, ':', num_colons - i);
-        break;
-      }
-      s = colon + 1;
-    }
-  }
-  return buf;
-}
 // err_string_cmp is a compare function for searching error values with
 // |bsearch| in |err_string_lookup|.
 static int err_string_cmp(const void *a, const void *b) {
@@ -530,7 +452,7 @@ static const char *const kLibraryNames[ERR_NUM_LIBS] = {
     "User defined functions",       // ERR_LIB_USER
 };
-const char *ERR_lib_error_string(uint32_t packed_error) {
+static const char *err_lib_error_string(uint32_t packed_error) {
   const uint32_t lib = ERR_GET_LIB(packed_error);
   if (lib >= ERR_NUM_LIBS) {
@@ -539,11 +461,16 @@ const char *ERR_lib_error_string(uint32_t packed_error) {
   return kLibraryNames[lib];
 }
+const char *ERR_lib_error_string(uint32_t packed_error) {
+  const char *ret = err_lib_error_string(packed_error);
+  return ret == NULL ? "unknown library" : ret;
+}
 const char *ERR_func_error_string(uint32_t packed_error) {
   return "OPENSSL_internal";
 }
-const char *ERR_reason_error_string(uint32_t packed_error) {
+static const char *err_reason_error_string(uint32_t packed_error) {
   const uint32_t lib = ERR_GET_LIB(packed_error);
   const uint32_t reason = ERR_GET_REASON(packed_error);
@@ -579,6 +506,86 @@ const char *ERR_reason_error_string(uint32_t packed_error) {
                            kOpenSSLReasonValuesLen, kOpenSSLReasonStringData);
 }
+const char *ERR_reason_error_string(uint32_t packed_error) {
+  const char *ret = err_reason_error_string(packed_error);
+  return ret == NULL ? "unknown error" : ret;
+}
+char *ERR_error_string(uint32_t packed_error, char *ret) {
+  static char buf[ERR_ERROR_STRING_BUF_LEN];
+  if (ret == NULL) {
+    // TODO(fork): remove this.
+    ret = buf;
+  }
+#if !defined(NDEBUG)
+  // This is aimed to help catch callers who don't provide
+  // |ERR_ERROR_STRING_BUF_LEN| bytes of space.
+  OPENSSL_memset(ret, 0, ERR_ERROR_STRING_BUF_LEN);
+#endif
+  return ERR_error_string_n(packed_error, ret, ERR_ERROR_STRING_BUF_LEN);
+}
+char *ERR_error_string_n(uint32_t packed_error, char *buf, size_t len) {
+  if (len == 0) {
+    return NULL;
+  }
+  unsigned lib = ERR_GET_LIB(packed_error);
+  unsigned reason = ERR_GET_REASON(packed_error);
+  const char *lib_str = err_lib_error_string(packed_error);
+  const char *reason_str = err_reason_error_string(packed_error);
+  char lib_buf[64], reason_buf[64];
+  if (lib_str == NULL) {
+    BIO_snprintf(lib_buf, sizeof(lib_buf), "lib(%u)", lib);
+    lib_str = lib_buf;
+  }
+ if (reason_str == NULL) {
+    BIO_snprintf(reason_buf, sizeof(reason_buf), "reason(%u)", reason);
+    reason_str = reason_buf;
+  }
+  BIO_snprintf(buf, len, "error:%08" PRIx32 ":%s:OPENSSL_internal:%s",
+               packed_error, lib_str, reason_str);
+  if (strlen(buf) == len - 1) {
+    // output may be truncated; make sure we always have 5 colon-separated
+    // fields, i.e. 4 colons.
+    static const unsigned num_colons = 4;
+    unsigned i;
+    char *s = buf;
+    if (len <= num_colons) {
+      // In this situation it's not possible to ensure that the correct number
+      // of colons are included in the output.
+      return buf;
+    }
+    for (i = 0; i < num_colons; i++) {
+      char *colon = strchr(s, ':');
+      char *last_pos = &buf[len - 1] - num_colons + i;
+      if (colon == NULL || colon > last_pos) {
+        // set colon |i| at last possible position (buf[len-1] is the
+        // terminating 0). If we're setting this colon, then all whole of the
+        // rest of the string must be colons in order to have the correct
+        // number.
+        OPENSSL_memset(last_pos, ':', num_colons - i);
+        break;
+      }
+      s = colon + 1;
+    }
+  }
+  return buf;
+}
 void ERR_print_errors_cb(ERR_print_errors_callback_t callback, void *ctx) {
   char buf[ERR_ERROR_STRING_BUF_LEN];
   char buf2[1024];

data/third_party/boringssl-with-bazel/src/crypto/evp/evp.c CHANGED Viewed

@@ -429,6 +429,15 @@ int EVP_PKEY_CTX_get_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD **out_md) {
                            0, (void *)out_md);
 }
+void *EVP_PKEY_get0(const EVP_PKEY *pkey) {
+  // Node references, but never calls this function, so for now we return NULL.
+  // If other projects require complete support, call |EVP_PKEY_get0_RSA|, etc.,
+  // rather than reading |pkey->pkey.ptr| directly. This avoids problems if our
+  // internal representation does not match the type the caller expects from
+  // OpenSSL.
+  return NULL;
+}
 void OpenSSL_add_all_algorithms(void) {}
 void OPENSSL_add_all_algorithms_conf(void) {}

data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c CHANGED Viewed

@@ -97,6 +97,7 @@
 #include "rsa/padding.c"
 #include "rsa/rsa.c"
 #include "rsa/rsa_impl.c"
+#include "self_check/fips.c"
 #include "self_check/self_check.c"
 #include "sha/sha1-altivec.c"
 #include "sha/sha1.c"

data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h CHANGED Viewed

@@ -297,7 +297,7 @@ void bn_mul_comba4(BN_ULONG r[8], const BN_ULONG a[4], const BN_ULONG b[4]);
 void bn_mul_comba8(BN_ULONG r[16], const BN_ULONG a[8], const BN_ULONG b[8]);
 // bn_sqr_comba8 sets |r| to |a|^2.
-void bn_sqr_comba8(BN_ULONG r[16], const BN_ULONG a[4]);
+void bn_sqr_comba8(BN_ULONG r[16], const BN_ULONG a[8]);
 // bn_sqr_comba4 sets |r| to |a|^2.
 void bn_sqr_comba4(BN_ULONG r[8], const BN_ULONG a[4]);

data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/prime.c CHANGED Viewed

@@ -115,10 +115,6 @@
 #include "../../internal.h"
-// The quick sieve algorithm approach to weeding out primes is Philip
-// Zimmermann's, as implemented in PGP.  I have had a read of his comments and
-// implemented my own version.
 // kPrimes contains the first 1024 primes.
 static const uint16_t kPrimes[] = {
     2,    3,    5,    7,    11,   13,   17,   19,   23,   29,   31,   37,

data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/cipher.c CHANGED Viewed

@@ -225,7 +225,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
   ctx->buf_len = 0;
   ctx->final_used = 0;
-  ctx->block_mask = ctx->cipher->block_size - 1;
   return 1;
 }
@@ -239,6 +238,15 @@ int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
   return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 0);
 }
+// block_remainder returns the number of bytes to remove from |len| to get a
+// multiple of |ctx|'s block size.
+static int block_remainder(const EVP_CIPHER_CTX *ctx, int len) {
+  // |block_size| must be a power of two.
+  assert(ctx->cipher->block_size != 0);
+  assert((ctx->cipher->block_size & (ctx->cipher->block_size - 1)) == 0);
+  return len & (ctx->cipher->block_size - 1);
+}
 int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, uint8_t *out, int *out_len,
                       const uint8_t *in, int in_len) {
   // Ciphers that use blocks may write up to |bl| extra bytes. Ensure the output
@@ -264,7 +272,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, uint8_t *out, int *out_len,
     return in_len == 0;
   }
-  if (ctx->buf_len == 0 && (in_len & ctx->block_mask) == 0) {
+  if (ctx->buf_len == 0 && block_remainder(ctx, in_len) == 0) {
     if (ctx->cipher->cipher(ctx, out, in, in_len)) {
       *out_len = in_len;
       return 1;
@@ -297,7 +305,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, uint8_t *out, int *out_len,
     *out_len = 0;
   }
-  i = in_len & ctx->block_mask;
+  i = block_remainder(ctx, in_len);
   in_len -= i;
   if (in_len > 0) {
     if (!ctx->cipher->cipher(ctx, out, in, in_len)) {

data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/e_aes.c CHANGED Viewed

@@ -141,10 +141,22 @@ typedef struct {
 static int aes_init_key(EVP_CIPHER_CTX *ctx, const uint8_t *key,
                         const uint8_t *iv, int enc) {
-  int ret, mode;
+  int ret;
   EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
+  const int mode = ctx->cipher->flags & EVP_CIPH_MODE_MASK;
+  if (mode == EVP_CIPH_CTR_MODE) {
+    switch (ctx->key_len) {
+      case 16:
+        boringssl_fips_inc_counter(fips_counter_evp_aes_128_ctr);
+        break;
+      case 32:
+        boringssl_fips_inc_counter(fips_counter_evp_aes_256_ctr);
+        break;
+    }
+  }
-  mode = ctx->cipher->flags & EVP_CIPH_MODE_MASK;
   if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE) && !enc) {
     if (hwaes_capable()) {
       ret = aes_hw_set_decrypt_key(key, ctx->key_len * 8, &dat->ks.ks);
@@ -353,6 +365,17 @@ static int aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const uint8_t *key,
   if (!iv && !key) {
     return 1;
   }
+  switch (ctx->key_len) {
+    case 16:
+      boringssl_fips_inc_counter(fips_counter_evp_aes_128_gcm);
+      break;
+    case 32:
+      boringssl_fips_inc_counter(fips_counter_evp_aes_256_gcm);
+      break;
+  }
   if (key) {
     OPENSSL_memset(&gctx->gcm, 0, sizeof(gctx->gcm));
     gctx->ctr = aes_ctr_set_key(&gctx->ks.ks, &gctx->gcm.gcm_key, NULL, key,

data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digest.c CHANGED Viewed

@@ -177,6 +177,13 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) {
   return 1;
 }
+void EVP_MD_CTX_move(EVP_MD_CTX *out, EVP_MD_CTX *in) {
+  EVP_MD_CTX_cleanup(out);
+  // While not guaranteed, |EVP_MD_CTX| is currently safe to move with |memcpy|.
+  OPENSSL_memcpy(out, in, sizeof(EVP_MD_CTX));
+  EVP_MD_CTX_init(in);
+}
 int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in) {
   EVP_MD_CTX_init(out);
   return EVP_MD_CTX_copy_ex(out, in);

data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digests.c CHANGED Viewed

@@ -247,13 +247,21 @@ static void sha512_256_init(EVP_MD_CTX *ctx) {
   CHECK(SHA512_256_Init(ctx->md_data));
 }
+static void sha512_256_update(EVP_MD_CTX *ctx, const void *data, size_t count) {
+  CHECK(SHA512_256_Update(ctx->md_data, data, count));
+}
+static void sha512_256_final(EVP_MD_CTX *ctx, uint8_t *md) {
+  CHECK(SHA512_256_Final(md, ctx->md_data));
+}
 DEFINE_METHOD_FUNCTION(EVP_MD, EVP_sha512_256) {
   out->type = NID_sha512_256;
   out->md_size = SHA512_256_DIGEST_LENGTH;
   out->flags = 0;
   out->init = sha512_256_init;
-  out->update = sha512_update;
-  out->final = sha512_final;
+  out->update = sha512_256_update;
+  out->final = sha512_256_final;
   out->block_size = 128;
   out->ctx_size = sizeof(SHA512_CTX);
 }

data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/md32_common.h CHANGED Viewed

@@ -46,6 +46,9 @@
  * OF THE POSSIBILITY OF SUCH DAMAGE.
  * ==================================================================== */
+#ifndef OPENSSL_HEADER_DIGEST_MD32_COMMON_H
+#define OPENSSL_HEADER_DIGEST_MD32_COMMON_H
 #include <openssl/base.h>
 #include <assert.h>
@@ -59,22 +62,15 @@ extern "C" {
 // This is a generic 32-bit "collector" for message digest algorithms. It
 // collects input character stream into chunks of 32-bit values and invokes the
-// block function that performs the actual hash calculations. To make use of
-// this mechanism, the following macros must be defined before including
-// md32_common.h.
-//
-// One of |DATA_ORDER_IS_BIG_ENDIAN| or |DATA_ORDER_IS_LITTLE_ENDIAN| must be
-// defined to specify the byte order of the input stream.
-//
-// |HASH_CBLOCK| must be defined as the integer block size, in bytes.
+// block function that performs the actual hash calculations.
 //
-// |HASH_CTX| must be defined as the name of the context structure, which must
-// have at least the following members:
+// To make use of this mechanism, the hash context should be defined with the
+// following parameters.
 //
 //     typedef struct <name>_state_st {
 //       uint32_t h[<chaining length> / sizeof(uint32_t)];
 //       uint32_t Nl, Nh;
-//       uint8_t data[HASH_CBLOCK];
+//       uint8_t data[<block size>];
 //       unsigned num;
 //       ...
 //     } <NAME>_CTX;
@@ -83,186 +79,117 @@ extern "C" {
 // any truncation (e.g. 64 for SHA-224 and SHA-256, 128 for SHA-384 and
 // SHA-512).
 //
-// |HASH_UPDATE| must be defined as the name of the "Update" function to
-// generate.
-//
-// |HASH_TRANSFORM| must be defined as the  the name of the "Transform"
-// function to generate.
-//
-// |HASH_FINAL| must be defined as the name of "Final" function to generate.
-//
-// |HASH_BLOCK_DATA_ORDER| must be defined as the name of the "Block" function.
-// That function must be implemented manually. It must be capable of operating
-// on *unaligned* input data in its original (data) byte order. It must have
-// this signature:
-//
-//     void HASH_BLOCK_DATA_ORDER(uint32_t *state, const uint8_t *data,
-//                                size_t num);
-//
-// It must update the hash state |state| with |num| blocks of data from |data|,
-// where each block is |HASH_CBLOCK| bytes; i.e. |data| points to a array of
-// |HASH_CBLOCK * num| bytes. |state| points to the |h| member of a |HASH_CTX|,
-// and so will have |<chaining length> / sizeof(uint32_t)| elements.
-//
-// |HASH_MAKE_STRING(c, s)| must be defined as a block statement that converts
-// the hash state |c->h| into the output byte order, storing the result in |s|.
-#if !defined(DATA_ORDER_IS_BIG_ENDIAN) && !defined(DATA_ORDER_IS_LITTLE_ENDIAN)
-#error "DATA_ORDER must be defined!"
-#endif
-#ifndef HASH_CBLOCK
-#error "HASH_CBLOCK must be defined!"
-#endif
-#ifndef HASH_CTX
-#error "HASH_CTX must be defined!"
-#endif
-#ifndef HASH_UPDATE
-#error "HASH_UPDATE must be defined!"
-#endif
-#ifndef HASH_TRANSFORM
-#error "HASH_TRANSFORM must be defined!"
-#endif
-#ifndef HASH_FINAL
-#error "HASH_FINAL must be defined!"
-#endif
-#ifndef HASH_BLOCK_DATA_ORDER
-#error "HASH_BLOCK_DATA_ORDER must be defined!"
-#endif
-#ifndef HASH_MAKE_STRING
-#error "HASH_MAKE_STRING must be defined!"
-#endif
-#if defined(DATA_ORDER_IS_BIG_ENDIAN)
-#define HOST_c2l(c, l)                     \
-  do {                                     \
-    (l) = (((uint32_t)(*((c)++))) << 24);  \
-    (l) |= (((uint32_t)(*((c)++))) << 16); \
-    (l) |= (((uint32_t)(*((c)++))) << 8);  \
-    (l) |= (((uint32_t)(*((c)++))));       \
-  } while (0)
-#define HOST_l2c(l, c)                        \
-  do {                                        \
-    *((c)++) = (uint8_t)(((l) >> 24) & 0xff); \
-    *((c)++) = (uint8_t)(((l) >> 16) & 0xff); \
-    *((c)++) = (uint8_t)(((l) >> 8) & 0xff);  \
-    *((c)++) = (uint8_t)(((l)) & 0xff);       \
-  } while (0)
-#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
-#define HOST_c2l(c, l)                     \
-  do {                                     \
-    (l) = (((uint32_t)(*((c)++))));        \
-    (l) |= (((uint32_t)(*((c)++))) << 8);  \
-    (l) |= (((uint32_t)(*((c)++))) << 16); \
-    (l) |= (((uint32_t)(*((c)++))) << 24); \
-  } while (0)
-#define HOST_l2c(l, c)                        \
-  do {                                        \
-    *((c)++) = (uint8_t)(((l)) & 0xff);       \
-    *((c)++) = (uint8_t)(((l) >> 8) & 0xff);  \
-    *((c)++) = (uint8_t)(((l) >> 16) & 0xff); \
-    *((c)++) = (uint8_t)(((l) >> 24) & 0xff); \
-  } while (0)
-#endif  // DATA_ORDER
-int HASH_UPDATE(HASH_CTX *c, const void *data_, size_t len) {
-  const uint8_t *data = data_;
+// |h| is the hash state and is updated by a function of type
+// |crypto_md32_block_func|. |data| is the partial unprocessed block and has
+// |num| bytes. |Nl| and |Nh| maintain the number of bits processed so far.
+// A crypto_md32_block_func should incorporate |num_blocks| of input from |data|
+// into |state|. It is assumed the caller has sized |state| and |data| for the
+// hash function.
+typedef void (*crypto_md32_block_func)(uint32_t *state, const uint8_t *data,
+                                       size_t num_blocks);
+// crypto_md32_update adds |len| bytes from |in| to the digest. |data| must be a
+// buffer of length |block_size| with the first |*num| bytes containing a
+// partial block. This function combines the partial block with |in| and
+// incorporates any complete blocks into the digest state |h|. It then updates
+// |data| and |*num| with the new partial block and updates |*Nh| and |*Nl| with
+// the data consumed.
+static inline void crypto_md32_update(crypto_md32_block_func block_func,
+                                      uint32_t *h, uint8_t *data,
+                                      size_t block_size, unsigned *num,
+                                      uint32_t *Nh, uint32_t *Nl,
+                                      const uint8_t *in, size_t len) {
   if (len == 0) {
-    return 1;
+    return;
   }
-  uint32_t l = c->Nl + (((uint32_t)len) << 3);
-  if (l < c->Nl) {
+  uint32_t l = *Nl + (((uint32_t)len) << 3);
+  if (l < *Nl) {
     // Handle carries.
-    c->Nh++;
+    (*Nh)++;
   }
-  c->Nh += (uint32_t)(len >> 29);
-  c->Nl = l;
+  *Nh += (uint32_t)(len >> 29);
+  *Nl = l;
-  size_t n = c->num;
+  size_t n = *num;
   if (n != 0) {
-    if (len >= HASH_CBLOCK || len + n >= HASH_CBLOCK) {
-      OPENSSL_memcpy(c->data + n, data, HASH_CBLOCK - n);
-      HASH_BLOCK_DATA_ORDER(c->h, c->data, 1);
-      n = HASH_CBLOCK - n;
-      data += n;
+    if (len >= block_size || len + n >= block_size) {
+      OPENSSL_memcpy(data + n, in, block_size - n);
+      block_func(h, data, 1);
+      n = block_size - n;
+      in += n;
       len -= n;
-      c->num = 0;
-      // Keep |c->data| zeroed when unused.
-      OPENSSL_memset(c->data, 0, HASH_CBLOCK);
+      *num = 0;
+      // Keep |data| zeroed when unused.
+      OPENSSL_memset(data, 0, block_size);
     } else {
-      OPENSSL_memcpy(c->data + n, data, len);
-      c->num += (unsigned)len;
-      return 1;
+      OPENSSL_memcpy(data + n, in, len);
+      *num += (unsigned)len;
+      return;
     }
   }
-  n = len / HASH_CBLOCK;
+  n = len / block_size;
   if (n > 0) {
-    HASH_BLOCK_DATA_ORDER(c->h, data, n);
-    n *= HASH_CBLOCK;
-    data += n;
+    block_func(h, in, n);
+    n *= block_size;
+    in += n;
     len -= n;
   }
   if (len != 0) {
-    c->num = (unsigned)len;
-    OPENSSL_memcpy(c->data, data, len);
+    *num = (unsigned)len;
+    OPENSSL_memcpy(data, in, len);
   }
-  return 1;
 }
-void HASH_TRANSFORM(HASH_CTX *c, const uint8_t data[HASH_CBLOCK]) {
-  HASH_BLOCK_DATA_ORDER(c->h, data, 1);
-}
-int HASH_FINAL(uint8_t out[HASH_DIGEST_LENGTH], HASH_CTX *c) {
-  // |c->data| always has room for at least one byte. A full block would have
+// crypto_md32_final incorporates the partial block and trailing length into the
+// digest state |h|. The trailing length is encoded in little-endian if
+// |is_big_endian| is zero and big-endian otherwise. |data| must be a buffer of
+// length |block_size| with the first |*num| bytes containing a partial block.
+// |Nh| and |Nl| contain the total number of bits processed. On return, this
+// function clears the partial block in |data| and
+// |*num|.
+//
+// This function does not serialize |h| into a final digest. This is the
+// responsibility of the caller.
+static inline void crypto_md32_final(crypto_md32_block_func block_func,
+                                     uint32_t *h, uint8_t *data,
+                                     size_t block_size, unsigned *num,
+                                     uint32_t Nh, uint32_t Nl,
+                                     int is_big_endian) {
+  // |data| always has room for at least one byte. A full block would have
   // been consumed.
-  size_t n = c->num;
-  assert(n < HASH_CBLOCK);
-  c->data[n] = 0x80;
+  size_t n = *num;
+  assert(n < block_size);
+  data[n] = 0x80;
   n++;
   // Fill the block with zeros if there isn't room for a 64-bit length.
-  if (n > (HASH_CBLOCK - 8)) {
-    OPENSSL_memset(c->data + n, 0, HASH_CBLOCK - n);
+  if (n > block_size - 8) {
+    OPENSSL_memset(data + n, 0, block_size - n);
     n = 0;
-    HASH_BLOCK_DATA_ORDER(c->h, c->data, 1);
+    block_func(h, data, 1);
   }
-  OPENSSL_memset(c->data + n, 0, HASH_CBLOCK - 8 - n);
+  OPENSSL_memset(data + n, 0, block_size - 8 - n);
   // Append a 64-bit length to the block and process it.
-  uint8_t *p = c->data + HASH_CBLOCK - 8;
-#if defined(DATA_ORDER_IS_BIG_ENDIAN)
-  HOST_l2c(c->Nh, p);
-  HOST_l2c(c->Nl, p);
-#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
-  HOST_l2c(c->Nl, p);
-  HOST_l2c(c->Nh, p);
-#endif
-  assert(p == c->data + HASH_CBLOCK);
-  HASH_BLOCK_DATA_ORDER(c->h, c->data, 1);
-  c->num = 0;
-  OPENSSL_memset(c->data, 0, HASH_CBLOCK);
-  HASH_MAKE_STRING(c, out);
-  return 1;
+  if (is_big_endian) {
+    CRYPTO_store_u32_be(data + block_size - 8, Nh);
+    CRYPTO_store_u32_be(data + block_size - 4, Nl);
+  } else {
+    CRYPTO_store_u32_le(data + block_size - 8, Nl);
+    CRYPTO_store_u32_le(data + block_size - 4, Nh);
+  }
+  block_func(h, data, 1);
+  *num = 0;
+  OPENSSL_memset(data, 0, block_size);
 }
 #if defined(__cplusplus)
 }  // extern C
 #endif
+#endif  // OPENSSL_HEADER_DIGEST_MD32_COMMON_H