src/lib/md4.c

e8a59a1671127f87e2d22f42e84c572f28299d81Timo Sirainen/*
e8a59a1671127f87e2d22f42e84c572f28299d81Timo Sirainen * MD4 (RFC-1320) message digest.
e8a59a1671127f87e2d22f42e84c572f28299d81Timo Sirainen * Modified from MD5 code by Andrey Panin <pazke@donpac.ru>
dbb1fb1c51727e2050792f8c333b212e22a36d69Timo Sirainen *
6789ed17e7ca4021713507baf0dcf6979bb42e0cTimo Sirainen * Written by Solar Designer <solar@openwall.com> in 2001, and placed in
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen * the public domain.  There's absolutely no warranty.
dbb1fb1c51727e2050792f8c333b212e22a36d69Timo Sirainen *
e015e2f7e7f48874495f9df8b0dd192b7ffcb5ccTimo Sirainen * This differs from Colin Plumb's older public domain implementation in
e015e2f7e7f48874495f9df8b0dd192b7ffcb5ccTimo Sirainen * that no 32-bit integer data type is required, there's no compile-time
e667602217af55105d44d8d9b75f09a8a9ac2f14Timo Sirainen * endianness configuration, and the function prototypes match OpenSSL's.
e015e2f7e7f48874495f9df8b0dd192b7ffcb5ccTimo Sirainen * The primary goals are portability and ease of use.
e015e2f7e7f48874495f9df8b0dd192b7ffcb5ccTimo Sirainen *
90adcaa0a00eba29b7fbd50ca66be11c8d086d6aTimo Sirainen * This implementation is meant to be fast, but not as fast as possible.
e015e2f7e7f48874495f9df8b0dd192b7ffcb5ccTimo Sirainen * Some known optimizations are not included to reduce source code size
d67fde1a8ebc1d85704c5986d8f93aae97eccef3Timo Sirainen * and avoid compile-time configuration.
e015e2f7e7f48874495f9df8b0dd192b7ffcb5ccTimo Sirainen */
e015e2f7e7f48874495f9df8b0dd192b7ffcb5ccTimo Sirainen
55773f17bccf6361d6599ffcbe072d7c9fe205bfTimo Sirainen#include "lib.h"
55773f17bccf6361d6599ffcbe072d7c9fe205bfTimo Sirainen#include "safe-memset.h"
55773f17bccf6361d6599ffcbe072d7c9fe205bfTimo Sirainen#include "md4.h"
bb6a0eeab27569790d58a036f67dcd2a965fc539Timo Sirainen
e015e2f7e7f48874495f9df8b0dd192b7ffcb5ccTimo Sirainen/*
31be5ed1551c98cddeb2295a594f010aaf4b76bcTimo Sirainen * The basic MD4 functions.
e015e2f7e7f48874495f9df8b0dd192b7ffcb5ccTimo Sirainen */
31be5ed1551c98cddeb2295a594f010aaf4b76bcTimo Sirainen#define F(x, y, z)  ((z) ^ ((x) & ((y) ^ (z))))
31be5ed1551c98cddeb2295a594f010aaf4b76bcTimo Sirainen#define G(x, y, z)  (((x) & (y)) | ((x) & (z)) | ((y) & (z)))
e015e2f7e7f48874495f9df8b0dd192b7ffcb5ccTimo Sirainen#define H(x, y, z)  ((x) ^ (y) ^ (z))
1b4441e3e6f9e78ebeae8218de971959cd55bf60Timo Sirainen
1b4441e3e6f9e78ebeae8218de971959cd55bf60Timo Sirainen/*
1b4441e3e6f9e78ebeae8218de971959cd55bf60Timo Sirainen * The MD4 transformation for all four rounds.
e015e2f7e7f48874495f9df8b0dd192b7ffcb5ccTimo Sirainen */
e015e2f7e7f48874495f9df8b0dd192b7ffcb5ccTimo Sirainen#define STEP(f, a, b, c, d, x, s) \
e015e2f7e7f48874495f9df8b0dd192b7ffcb5ccTimo Sirainen    (a) += f((b), (c), (d)) + (x);   \
e015e2f7e7f48874495f9df8b0dd192b7ffcb5ccTimo Sirainen    (a) = ((a) << (s)) | ((a) >> (32 - (s)))
e015e2f7e7f48874495f9df8b0dd192b7ffcb5ccTimo Sirainen
e667602217af55105d44d8d9b75f09a8a9ac2f14Timo Sirainen
e667602217af55105d44d8d9b75f09a8a9ac2f14Timo Sirainen/*
e015e2f7e7f48874495f9df8b0dd192b7ffcb5ccTimo Sirainen * SET reads 4 input bytes in little-endian byte order and stores them
e015e2f7e7f48874495f9df8b0dd192b7ffcb5ccTimo Sirainen * in a properly aligned word in host byte order.
e667602217af55105d44d8d9b75f09a8a9ac2f14Timo Sirainen *
e015e2f7e7f48874495f9df8b0dd192b7ffcb5ccTimo Sirainen * The check for little-endian architectures which tolerate unaligned
1b4441e3e6f9e78ebeae8218de971959cd55bf60Timo Sirainen * memory accesses is just an optimization.  Nothing will break if it
1b4441e3e6f9e78ebeae8218de971959cd55bf60Timo Sirainen * doesn't work.
1b4441e3e6f9e78ebeae8218de971959cd55bf60Timo Sirainen */
1b4441e3e6f9e78ebeae8218de971959cd55bf60Timo Sirainen#if defined(__i386__) || defined(__x86_64__) || defined(__vax__)
1b4441e3e6f9e78ebeae8218de971959cd55bf60Timo Sirainen/* uint_fast32_t might be 64 bit, and thus may read 4 more bytes
e015e2f7e7f48874495f9df8b0dd192b7ffcb5ccTimo Sirainen * beyond the end of the buffer. So only read precisely 32 bits
e015e2f7e7f48874495f9df8b0dd192b7ffcb5ccTimo Sirainen */
55773f17bccf6361d6599ffcbe072d7c9fe205bfTimo Sirainen#define SET(n)              \
55773f17bccf6361d6599ffcbe072d7c9fe205bfTimo Sirainen    (*(const uint32_t *)&ptr[(n) * 4])
55773f17bccf6361d6599ffcbe072d7c9fe205bfTimo Sirainen#define GET(n) \
55773f17bccf6361d6599ffcbe072d7c9fe205bfTimo Sirainen    SET(n)
55773f17bccf6361d6599ffcbe072d7c9fe205bfTimo Sirainen#else
55773f17bccf6361d6599ffcbe072d7c9fe205bfTimo Sirainen#define SET(n) \
55773f17bccf6361d6599ffcbe072d7c9fe205bfTimo Sirainen    (ctx->block[(n)] = \
e015e2f7e7f48874495f9df8b0dd192b7ffcb5ccTimo Sirainen    (uint_fast32_t)ptr[(n) * 4] | \
e192a3b1ca8ae857e7d87298ea507d32977ba570Timo Sirainen    ((uint_fast32_t)ptr[(n) * 4 + 1] << 8) | \
e015e2f7e7f48874495f9df8b0dd192b7ffcb5ccTimo Sirainen    ((uint_fast32_t)ptr[(n) * 4 + 2] << 16) | \
e015e2f7e7f48874495f9df8b0dd192b7ffcb5ccTimo Sirainen    ((uint_fast32_t)ptr[(n) * 4 + 3] << 24))
e015e2f7e7f48874495f9df8b0dd192b7ffcb5ccTimo Sirainen#define GET(n) \
e015e2f7e7f48874495f9df8b0dd192b7ffcb5ccTimo Sirainen    (ctx->block[(n)])
e015e2f7e7f48874495f9df8b0dd192b7ffcb5ccTimo Sirainen#endif
e015e2f7e7f48874495f9df8b0dd192b7ffcb5ccTimo Sirainen
e015e2f7e7f48874495f9df8b0dd192b7ffcb5ccTimo Sirainen/*
e015e2f7e7f48874495f9df8b0dd192b7ffcb5ccTimo Sirainen * This processes one or more 64-byte data blocks, but does NOT update
e015e2f7e7f48874495f9df8b0dd192b7ffcb5ccTimo Sirainen * the bit counters.  There're no alignment requirements.
e015e2f7e7f48874495f9df8b0dd192b7ffcb5ccTimo Sirainen */
dbb1fb1c51727e2050792f8c333b212e22a36d69Timo Sirainenstatic const void * ATTR_NOWARN_UNUSED_RESULT ATTR_UNSIGNED_WRAPS
dbb1fb1c51727e2050792f8c333b212e22a36d69Timo Sirainenbody(struct md4_context *ctx, const void *data, size_t size)
e8a59a1671127f87e2d22f42e84c572f28299d81Timo Sirainen{
16c89b1260c9d07c01c83a9219424d3727069b2eTimo Sirainen    const unsigned char *ptr;
90adcaa0a00eba29b7fbd50ca66be11c8d086d6aTimo Sirainen    uint32_t a, b, c, d;
d67fde1a8ebc1d85704c5986d8f93aae97eccef3Timo Sirainen    uint32_t saved_a, saved_b, saved_c, saved_d;
e8a59a1671127f87e2d22f42e84c572f28299d81Timo Sirainen
6789ed17e7ca4021713507baf0dcf6979bb42e0cTimo Sirainen    ptr = data;
e015e2f7e7f48874495f9df8b0dd192b7ffcb5ccTimo Sirainen
e015e2f7e7f48874495f9df8b0dd192b7ffcb5ccTimo Sirainen    a = ctx->a;
6789ed17e7ca4021713507baf0dcf6979bb42e0cTimo Sirainen    b = ctx->b;
e8a59a1671127f87e2d22f42e84c572f28299d81Timo Sirainen    c = ctx->c;
33d63688ed8b26dc333e3c2edbfb2fe6e412604dTimo Sirainen    d = ctx->d;
645f258ea29afaf09b673fc65d1bd788dfec8db8Timo Sirainen
e8a59a1671127f87e2d22f42e84c572f28299d81Timo Sirainen    do {
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen        saved_a = a;
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen        saved_b = b;
e667602217af55105d44d8d9b75f09a8a9ac2f14Timo Sirainen        saved_c = c;
55773f17bccf6361d6599ffcbe072d7c9fe205bfTimo Sirainen        saved_d = d;
6389aeec8c26b585e583c364b48ad12adf741898Timo Sirainen
e015e2f7e7f48874495f9df8b0dd192b7ffcb5ccTimo Sirainen/* Round 1 */
96541d31299bb40b5a6efdbf9b4cb3d4f4b4a069Timo Sirainen        STEP(F, a, b, c, d, SET( 0),  3);
96541d31299bb40b5a6efdbf9b4cb3d4f4b4a069Timo Sirainen        STEP(F, d, a, b, c, SET( 1),  7);
644268f7848a7c4221146d0b11feb8ed5bbed233Timo Sirainen        STEP(F, c, d, a, b, SET( 2), 11);
8d80659e504ffb34bb0c6a633184fece35751b18Timo Sirainen        STEP(F, b, c, d, a, SET( 3), 19);
e8a59a1671127f87e2d22f42e84c572f28299d81Timo Sirainen
1bdda5c0c30463160c47151537e6bb2c6c994841Timo Sirainen        STEP(F, a, b, c, d, SET( 4),  3);
55773f17bccf6361d6599ffcbe072d7c9fe205bfTimo Sirainen        STEP(F, d, a, b, c, SET( 5),  7);
e015e2f7e7f48874495f9df8b0dd192b7ffcb5ccTimo Sirainen        STEP(F, c, d, a, b, SET( 6), 11);
e015e2f7e7f48874495f9df8b0dd192b7ffcb5ccTimo Sirainen        STEP(F, b, c, d, a, SET( 7), 19);
bb6a0eeab27569790d58a036f67dcd2a965fc539Timo Sirainen
a58e4aec412a30352d9d45e63726cac044aa6aa5Timo Sirainen        STEP(F, a, b, c, d, SET( 8),  3);
e8a59a1671127f87e2d22f42e84c572f28299d81Timo Sirainen        STEP(F, d, a, b, c, SET( 9),  7);
e8a59a1671127f87e2d22f42e84c572f28299d81Timo Sirainen        STEP(F, c, d, a, b, SET(10), 11);
1b4441e3e6f9e78ebeae8218de971959cd55bf60Timo Sirainen        STEP(F, b, c, d, a, SET(11), 19);
2ebeb22b9a8a8bb7fbe2f2e2908478a220792b87Timo Sirainen
e8a59a1671127f87e2d22f42e84c572f28299d81Timo Sirainen        STEP(F, a, b, c, d, SET(12),  3);
e8a59a1671127f87e2d22f42e84c572f28299d81Timo Sirainen        STEP(F, d, a, b, c, SET(13),  7);
e8a59a1671127f87e2d22f42e84c572f28299d81Timo Sirainen        STEP(F, c, d, a, b, SET(14), 11);
fdc557286bc9f92c5f3bb49096ff6e2bcec0ea79Timo Sirainen        STEP(F, b, c, d, a, SET(15), 19);
e8a59a1671127f87e2d22f42e84c572f28299d81Timo Sirainen/* Round 2 */
e8a59a1671127f87e2d22f42e84c572f28299d81Timo Sirainen        STEP(G, a, b, c, d, GET( 0) + 0x5A827999,  3);
fdc557286bc9f92c5f3bb49096ff6e2bcec0ea79Timo Sirainen        STEP(G, d, a, b, c, GET( 4) + 0x5A827999,  5);
e8a59a1671127f87e2d22f42e84c572f28299d81Timo Sirainen        STEP(G, c, d, a, b, GET( 8) + 0x5A827999,  9);
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen        STEP(G, b, c, d, a, GET(12) + 0x5A827999, 13);
33d63688ed8b26dc333e3c2edbfb2fe6e412604dTimo Sirainen
e8a59a1671127f87e2d22f42e84c572f28299d81Timo Sirainen        STEP(G, a, b, c, d, GET( 1) + 0x5A827999,  3);
e8a59a1671127f87e2d22f42e84c572f28299d81Timo Sirainen        STEP(G, d, a, b, c, GET( 5) + 0x5A827999,  5);
e015e2f7e7f48874495f9df8b0dd192b7ffcb5ccTimo Sirainen        STEP(G, c, d, a, b, GET( 9) + 0x5A827999,  9);
e015e2f7e7f48874495f9df8b0dd192b7ffcb5ccTimo Sirainen        STEP(G, b, c, d, a, GET(13) + 0x5A827999, 13);
c36ec256c1bd1abe1c12e792cf64f0b7e3b3135aTimo Sirainen
c36ec256c1bd1abe1c12e792cf64f0b7e3b3135aTimo Sirainen        STEP(G, a, b, c, d, GET( 2) + 0x5A827999,  3);
e015e2f7e7f48874495f9df8b0dd192b7ffcb5ccTimo Sirainen        STEP(G, d, a, b, c, GET( 6) + 0x5A827999,  5);
98dd8e6e81f11f1e6040ca72f4916242d246c863Timo Sirainen        STEP(G, c, d, a, b, GET(10) + 0x5A827999,  9);
e015e2f7e7f48874495f9df8b0dd192b7ffcb5ccTimo Sirainen        STEP(G, b, c, d, a, GET(14) + 0x5A827999, 13);
8d80659e504ffb34bb0c6a633184fece35751b18Timo Sirainen
8d80659e504ffb34bb0c6a633184fece35751b18Timo Sirainen        STEP(G, a, b, c, d, GET( 3) + 0x5A827999,  3);
8d80659e504ffb34bb0c6a633184fece35751b18Timo Sirainen        STEP(G, d, a, b, c, GET( 7) + 0x5A827999,  5);
e015e2f7e7f48874495f9df8b0dd192b7ffcb5ccTimo Sirainen        STEP(G, c, d, a, b, GET(11) + 0x5A827999,  9);
c36ec256c1bd1abe1c12e792cf64f0b7e3b3135aTimo Sirainen        STEP(G, b, c, d, a, GET(15) + 0x5A827999, 13);
c36ec256c1bd1abe1c12e792cf64f0b7e3b3135aTimo Sirainen/* Round 3 */
e8a59a1671127f87e2d22f42e84c572f28299d81Timo Sirainen        STEP(H, a, b, c, d, GET( 0) + 0x6ED9EBA1,  3);
e8a59a1671127f87e2d22f42e84c572f28299d81Timo Sirainen        STEP(H, d, a, b, c, GET( 8) + 0x6ED9EBA1,  9);
fdc557286bc9f92c5f3bb49096ff6e2bcec0ea79Timo Sirainen        STEP(H, c, d, a, b, GET( 4) + 0x6ED9EBA1, 11);
fdc557286bc9f92c5f3bb49096ff6e2bcec0ea79Timo Sirainen        STEP(H, b, c, d, a, GET(12) + 0x6ED9EBA1, 15);
fdc557286bc9f92c5f3bb49096ff6e2bcec0ea79Timo Sirainen
fdc557286bc9f92c5f3bb49096ff6e2bcec0ea79Timo Sirainen        STEP(H, a, b, c, d, GET( 2) + 0x6ED9EBA1,  3);
fdc557286bc9f92c5f3bb49096ff6e2bcec0ea79Timo Sirainen        STEP(H, d, a, b, c, GET(10) + 0x6ED9EBA1,  9);
a12399903f415a7e14c2816cffa2f7a09dcbb097Timo Sirainen        STEP(H, c, d, a, b, GET( 6) + 0x6ED9EBA1, 11);
fdc557286bc9f92c5f3bb49096ff6e2bcec0ea79Timo Sirainen        STEP(H, b, c, d, a, GET(14) + 0x6ED9EBA1, 15);
e8a59a1671127f87e2d22f42e84c572f28299d81Timo Sirainen
77af0bd168cf3e3ddc3ae68abc82bfad7e9b5ff4Timo Sirainen        STEP(H, a, b, c, d, GET( 1) + 0x6ED9EBA1,  3);
6789ed17e7ca4021713507baf0dcf6979bb42e0cTimo Sirainen        STEP(H, d, a, b, c, GET( 9) + 0x6ED9EBA1,  9);
e015e2f7e7f48874495f9df8b0dd192b7ffcb5ccTimo Sirainen        STEP(H, c, d, a, b, GET( 5) + 0x6ED9EBA1, 11);
d2b94d25f842cd1b7acaf4dd7de858f7c6a821c9Timo Sirainen        STEP(H, b, c, d, a, GET(13) + 0x6ED9EBA1, 15);
d2b94d25f842cd1b7acaf4dd7de858f7c6a821c9Timo Sirainen
d2b94d25f842cd1b7acaf4dd7de858f7c6a821c9Timo Sirainen        STEP(H, a, b, c, d, GET( 3) + 0x6ED9EBA1,  3);
2aecf7be5834e7f6520f8deaad683a6fa1de4d61Timo Sirainen        STEP(H, d, a, b, c, GET(11) + 0x6ED9EBA1,  9);
2aecf7be5834e7f6520f8deaad683a6fa1de4d61Timo Sirainen        STEP(H, c, d, a, b, GET( 7) + 0x6ED9EBA1, 11);
e015e2f7e7f48874495f9df8b0dd192b7ffcb5ccTimo Sirainen        STEP(H, b, c, d, a, GET(15) + 0x6ED9EBA1, 15);
1bdda5c0c30463160c47151537e6bb2c6c994841Timo Sirainen
dce5a2719df4fc64a8762d2aa94ba98dcf9cd6feTimo Sirainen        a += saved_a;
dce5a2719df4fc64a8762d2aa94ba98dcf9cd6feTimo Sirainen        b += saved_b;
87460b08cb97b31cde640d4975a6aa2c1d0e7226Timo Sirainen        c += saved_c;
dce5a2719df4fc64a8762d2aa94ba98dcf9cd6feTimo Sirainen        d += saved_d;
dce5a2719df4fc64a8762d2aa94ba98dcf9cd6feTimo Sirainen
e015e2f7e7f48874495f9df8b0dd192b7ffcb5ccTimo Sirainen        ptr += 64;
87460b08cb97b31cde640d4975a6aa2c1d0e7226Timo Sirainen    } while ((size -= 64) != 0);
87460b08cb97b31cde640d4975a6aa2c1d0e7226Timo Sirainen
1bdda5c0c30463160c47151537e6bb2c6c994841Timo Sirainen    ctx->a = a;
16c89b1260c9d07c01c83a9219424d3727069b2eTimo Sirainen    ctx->b = b;
16c89b1260c9d07c01c83a9219424d3727069b2eTimo Sirainen    ctx->c = c;
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    ctx->d = d;
8fcff4c5b52f24d9c681805fdf06b486f1d0fcbeTimo Sirainen
90adcaa0a00eba29b7fbd50ca66be11c8d086d6aTimo Sirainen    return ptr;
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen}
d67fde1a8ebc1d85704c5986d8f93aae97eccef3Timo Sirainen
d67fde1a8ebc1d85704c5986d8f93aae97eccef3Timo Sirainenvoid md4_init(struct md4_context *ctx)
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen{
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    ctx->a = 0x67452301;
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    ctx->b = 0xefcdab89;
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    ctx->c = 0x98badcfe;
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    ctx->d = 0x10325476;
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
16c89b1260c9d07c01c83a9219424d3727069b2eTimo Sirainen    ctx->lo = 0;
16c89b1260c9d07c01c83a9219424d3727069b2eTimo Sirainen    ctx->hi = 0;
16c89b1260c9d07c01c83a9219424d3727069b2eTimo Sirainen}
41e1c7380edda701719d8ce1fb4d465d2ec4c84dTimo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainenvoid md4_update(struct md4_context *ctx, const void *data, size_t size)
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen{
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    /* @UNSAFE */
e015e2f7e7f48874495f9df8b0dd192b7ffcb5ccTimo Sirainen    uint_fast32_t saved_lo;
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    unsigned long used, free;
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
5cda0bfea032000c4a51134c748d9efe6614870bTimo Sirainen    saved_lo = ctx->lo;
97511ac4d7607e1ba64ce151eda3d9b5f9775519Timo Sirainen    if ((ctx->lo = (saved_lo + size) & 0x1fffffff) < saved_lo)
5cda0bfea032000c4a51134c748d9efe6614870bTimo Sirainen        ctx->hi++;
5cda0bfea032000c4a51134c748d9efe6614870bTimo Sirainen    ctx->hi += size >> 29;
97511ac4d7607e1ba64ce151eda3d9b5f9775519Timo Sirainen
e54512a5189192fe72d1e2c53927c98c5ac920b4Timo Sirainen    used = saved_lo & 0x3f;
e54512a5189192fe72d1e2c53927c98c5ac920b4Timo Sirainen
2ebeb22b9a8a8bb7fbe2f2e2908478a220792b87Timo Sirainen    if (used != 0) {
7a54d58280aad8a64f266c61273ea1e8dff511a3Timo Sirainen        free = 64 - used;
2ebeb22b9a8a8bb7fbe2f2e2908478a220792b87Timo Sirainen
e8a59a1671127f87e2d22f42e84c572f28299d81Timo Sirainen        if (size < free) {
            memcpy(&ctx->buffer[used], data, size);
            return;
        }

        memcpy(&ctx->buffer[used], data, free);
        data = (const unsigned char *) data + free;
        size -= free;
        body(ctx, ctx->buffer, 64);
    }

    if (size >= 64) {
        data = body(ctx, data, size & ~(unsigned long)0x3f);
        size &= 0x3f;
    }

    memcpy(ctx->buffer, data, size);
}

void md4_final(struct md4_context *ctx, unsigned char result[STATIC_ARRAY MD4_RESULTLEN])
{
    /* @UNSAFE */
    unsigned long used, free;

    used = ctx->lo & 0x3f;

    ctx->buffer[used++] = 0x80;

    free = 64 - used;

    if (free < 8) {
        memset(&ctx->buffer[used], 0, free);
        body(ctx, ctx->buffer, 64);
        used = 0;
        free = 64;
    }

    memset(&ctx->buffer[used], 0, free - 8);

    ctx->lo <<= 3;
    ctx->buffer[56] = ctx->lo;
    ctx->buffer[57] = ctx->lo >> 8;
    ctx->buffer[58] = ctx->lo >> 16;
    ctx->buffer[59] = ctx->lo >> 24;
    ctx->buffer[60] = ctx->hi;
    ctx->buffer[61] = ctx->hi >> 8;
    ctx->buffer[62] = ctx->hi >> 16;
    ctx->buffer[63] = ctx->hi >> 24;

    body(ctx, ctx->buffer, 64);

    result[0] = ctx->a;
    result[1] = ctx->a >> 8;
    result[2] = ctx->a >> 16;
    result[3] = ctx->a >> 24;
    result[4] = ctx->b;
    result[5] = ctx->b >> 8;
    result[6] = ctx->b >> 16;
    result[7] = ctx->b >> 24;
    result[8] = ctx->c;
    result[9] = ctx->c >> 8;
    result[10] = ctx->c >> 16;
    result[11] = ctx->c >> 24;
    result[12] = ctx->d;
    result[13] = ctx->d >> 8;
    result[14] = ctx->d >> 16;
    result[15] = ctx->d >> 24;

    i_zero_safe(ctx);
}

void md4_get_digest(const void *data, size_t size,
            unsigned char result[STATIC_ARRAY MD4_RESULTLEN])
{
    struct md4_context ctx;

    md4_init(&ctx);
    md4_update(&ctx, data, size);
    md4_final(&ctx, result);
}

static void hash_method_init_md4(void *context)
{
    md4_init(context);
}
static void hash_method_loop_md4(void *context, const void *data, size_t size)
{
    md4_update(context, data, size);
}

static void hash_method_result_md4(void *context, unsigned char *result_r)
{
    md4_final(context, result_r);
}

const struct hash_method hash_method_md4 = {
    "md4",
    sizeof(struct md4_context),
    MD4_RESULTLEN,

    hash_method_init_md4,
    hash_method_loop_md4,
    hash_method_result_md4
};