aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDenis Vlasenko <vda.linux@googlemail.com>2009-03-11 21:15:51 +0000
committerDenis Vlasenko <vda.linux@googlemail.com>2009-03-11 21:15:51 +0000
commit98c87f75755c1b53c8bd84f487e4bc7cba359b3e (patch)
tree7850459b7323f2f6cf338f0022009eea7c43748f
parent54ac03a61885c714b4ef606b0a09129b27f72626 (diff)
downloadbusybox-w32-98c87f75755c1b53c8bd84f487e4bc7cba359b3e.tar.gz
busybox-w32-98c87f75755c1b53c8bd84f487e4bc7cba359b3e.tar.bz2
busybox-w32-98c87f75755c1b53c8bd84f487e4bc7cba359b3e.zip
sha256/512: code shrink. Run-tested.
function old new delta sha512_process_block128 - 1444 +1444 sha1_process_block64 - 542 +542 sha256_process_block64 - 529 +529 K512_lo - 320 +320 K256 - 320 +320 init512_lo - 32 +32 init256 - 32 +32 sha1_hash 99 128 +29 sha256_end 160 135 -25 sha1_end 189 160 -29 sha512_end 237 204 -33 sha256_begin 77 44 -33 sha512_begin 154 88 -66 sha256_hash 338 259 -79 sha512_hash 358 262 -96 sha1_compile 542 - -542 sha256_process_block 594 - -594 static.K 896 - -896 sha512_process_block 1861 - -1861 ------------------------------------------------------------------------------ (add/remove: 7/4 grow/shrink: 1/7 up/down: 3248/-4254) Total: -1006 bytes text data bss dec hex filename 808013 468 7856 816337 c74d1 busybox_old 807007 468 7856 815331 c70e3 busybox_unstripped
Diffstat
-rw-r--r--include/libbb.h16
-rw-r--r--libbb/sha1.c537
2 files changed, 261 insertions, 292 deletions
diff --git a/include/libbb.h b/include/libbb.h
index 80a1c912c..4c9901027 100644
--- a/include/libbb.h
+++ b/include/libbb.h
@@ -1321,27 +1321,27 @@ extern const char bb_uuenc_tbl_std[];
1321void bb_uuencode(char *store, const void *s, int length, const char *tbl) FAST_FUNC; 1321void bb_uuencode(char *store, const void *s, int length, const char *tbl) FAST_FUNC;
1322 1322
1323typedef struct sha1_ctx_t { 1323typedef struct sha1_ctx_t {
1324 uint32_t count[2]; 1324 uint64_t total64;
1325 uint32_t wbuffer[16]; /* NB: always correctly aligned for uint64_t */
1325 uint32_t hash[5]; 1326 uint32_t hash[5];
1326 uint32_t wbuf[16];
1327} sha1_ctx_t; 1327} sha1_ctx_t;
1328void sha1_begin(sha1_ctx_t *ctx) FAST_FUNC; 1328void sha1_begin(sha1_ctx_t *ctx) FAST_FUNC;
1329void sha1_hash(const void *data, size_t length, sha1_ctx_t *ctx) FAST_FUNC; 1329void sha1_hash(const void *data, size_t length, sha1_ctx_t *ctx) FAST_FUNC;
1330void sha1_end(void *resbuf, sha1_ctx_t *ctx) FAST_FUNC; 1330void sha1_end(void *resbuf, sha1_ctx_t *ctx) FAST_FUNC;
1331typedef struct sha256_ctx_t { 1331typedef struct sha256_ctx_t {
1332 unsigned wbuflen;
1332 uint32_t H[8]; 1333 uint32_t H[8];
1333 uint32_t total[2]; /* rename to "count"? */ 1334 uint64_t total64;
1334 uint32_t buflen; 1335 char wbuffer[64*2]; /* NB: always correctly aligned for uint64_t */
1335 char buffer[128]; /* NB: always correctly aligned for uint32_t */
1336} sha256_ctx_t; 1336} sha256_ctx_t;
1337void sha256_begin(sha256_ctx_t *ctx) FAST_FUNC; 1337void sha256_begin(sha256_ctx_t *ctx) FAST_FUNC;
1338void sha256_hash(const void *buffer, size_t len, sha256_ctx_t *ctx) FAST_FUNC; 1338void sha256_hash(const void *buffer, size_t len, sha256_ctx_t *ctx) FAST_FUNC;
1339void sha256_end(void *resbuf, sha256_ctx_t *ctx) FAST_FUNC; 1339void sha256_end(void *resbuf, sha256_ctx_t *ctx) FAST_FUNC;
1340typedef struct sha512_ctx_t { 1340typedef struct sha512_ctx_t {
1341 unsigned wbuflen;
1341 uint64_t H[8]; 1342 uint64_t H[8];
1342 uint64_t total[2]; 1343 uint64_t total64[2];
1343 uint64_t buflen; 1344 char wbuffer[128*2]; /* NB: always correctly aligned for uint64_t */
1344 char buffer[256]; /* NB: always correctly aligned for uint64_t */
1345} sha512_ctx_t; 1345} sha512_ctx_t;
1346void sha512_begin(sha512_ctx_t *ctx) FAST_FUNC; 1346void sha512_begin(sha512_ctx_t *ctx) FAST_FUNC;
1347void sha512_hash(const void *buffer, size_t len, sha512_ctx_t *ctx) FAST_FUNC; 1347void sha512_hash(const void *buffer, size_t len, sha512_ctx_t *ctx) FAST_FUNC;
diff --git a/libbb/sha1.c b/libbb/sha1.c
index 76d5c8fbb..5fc312393 100644
--- a/libbb/sha1.c
+++ b/libbb/sha1.c
@@ -52,7 +52,7 @@ static inline uint64_t hton64(uint64_t v)
52#define SHA1_HASH_SIZE SHA1_DIGEST_SIZE 52#define SHA1_HASH_SIZE SHA1_DIGEST_SIZE
53#define SHA1_MASK (SHA1_BLOCK_SIZE - 1) 53#define SHA1_MASK (SHA1_BLOCK_SIZE - 1)
54 54
55static void sha1_compile(sha1_ctx_t *ctx) 55static void sha1_process_block64(sha1_ctx_t *ctx)
56{ 56{
57 uint32_t w[80], i, a, b, c, d, e, t; 57 uint32_t w[80], i, a, b, c, d, e, t;
58 58
@@ -60,7 +60,7 @@ static void sha1_compile(sha1_ctx_t *ctx)
60 /* words in big-endian order so an order reversal is needed */ 60 /* words in big-endian order so an order reversal is needed */
61 /* here on little endian machines */ 61 /* here on little endian machines */
62 for (i = 0; i < SHA1_BLOCK_SIZE / 4; ++i) 62 for (i = 0; i < SHA1_BLOCK_SIZE / 4; ++i)
63 w[i] = ntohl(ctx->wbuf[i]); 63 w[i] = ntohl(ctx->wbuffer[i]);
64 64
65 for (/*i = SHA1_BLOCK_SIZE / 4*/; i < 80; ++i) { 65 for (/*i = SHA1_BLOCK_SIZE / 4*/; i < 80; ++i) {
66 t = w[i - 3] ^ w[i - 8] ^ w[i - 14] ^ w[i - 16]; 66 t = w[i - 3] ^ w[i - 8] ^ w[i - 14] ^ w[i - 16];
@@ -108,31 +108,98 @@ static void sha1_compile(sha1_ctx_t *ctx)
108 ctx->hash[4] += e; 108 ctx->hash[4] += e;
109} 109}
110 110
111/* Constants for SHA256 from FIPS 180-2:4.2.2. */
112static const uint32_t K256[80] = {
113 0x428a2f98, 0x71374491,
114 0xb5c0fbcf, 0xe9b5dba5,
115 0x3956c25b, 0x59f111f1,
116 0x923f82a4, 0xab1c5ed5,
117 0xd807aa98, 0x12835b01,
118 0x243185be, 0x550c7dc3,
119 0x72be5d74, 0x80deb1fe,
120 0x9bdc06a7, 0xc19bf174,
121 0xe49b69c1, 0xefbe4786,
122 0x0fc19dc6, 0x240ca1cc,
123 0x2de92c6f, 0x4a7484aa,
124 0x5cb0a9dc, 0x76f988da,
125 0x983e5152, 0xa831c66d,
126 0xb00327c8, 0xbf597fc7,
127 0xc6e00bf3, 0xd5a79147,
128 0x06ca6351, 0x14292967,
129 0x27b70a85, 0x2e1b2138,
130 0x4d2c6dfc, 0x53380d13,
131 0x650a7354, 0x766a0abb,
132 0x81c2c92e, 0x92722c85,
133 0xa2bfe8a1, 0xa81a664b,
134 0xc24b8b70, 0xc76c51a3,
135 0xd192e819, 0xd6990624,
136 0xf40e3585, 0x106aa070,
137 0x19a4c116, 0x1e376c08,
138 0x2748774c, 0x34b0bcb5,
139 0x391c0cb3, 0x4ed8aa4a,
140 0x5b9cca4f, 0x682e6ff3,
141 0x748f82ee, 0x78a5636f,
142 0x84c87814, 0x8cc70208,
143 0x90befffa, 0xa4506ceb,
144 0xbef9a3f7, 0xc67178f2,
145 0xca273ece, 0xd186b8c7, /* [64]+ are used for sha512 only */
146 0xeada7dd6, 0xf57d4f7f,
147 0x06f067aa, 0x0a637dc5,
148 0x113f9804, 0x1b710b35,
149 0x28db77f5, 0x32caab7b,
150 0x3c9ebe0a, 0x431d67c4,
151 0x4cc5d4be, 0x597f299c,
152 0x5fcb6fab, 0x6c44198c
153};
154/* Constants for SHA512 from FIPS 180-2:4.2.3. */
155static const uint32_t K512_lo[80] = {
156 0xd728ae22, 0x23ef65cd,
157 0xec4d3b2f, 0x8189dbbc,
158 0xf348b538, 0xb605d019,
159 0xaf194f9b, 0xda6d8118,
160 0xa3030242, 0x45706fbe,
161 0x4ee4b28c, 0xd5ffb4e2,
162 0xf27b896f, 0x3b1696b1,
163 0x25c71235, 0xcf692694,
164 0x9ef14ad2, 0x384f25e3,
165 0x8b8cd5b5, 0x77ac9c65,
166 0x592b0275, 0x6ea6e483,
167 0xbd41fbd4, 0x831153b5,
168 0xee66dfab, 0x2db43210,
169 0x98fb213f, 0xbeef0ee4,
170 0x3da88fc2, 0x930aa725,
171 0xe003826f, 0x0a0e6e70,
172 0x46d22ffc, 0x5c26c926,
173 0x5ac42aed, 0x9d95b3df,
174 0x8baf63de, 0x3c77b2a8,
175 0x47edaee6, 0x1482353b,
176 0x4cf10364, 0xbc423001,
177 0xd0f89791, 0x0654be30,
178 0xd6ef5218, 0x5565a910,
179 0x5771202a, 0x32bbd1b8,
180 0xb8d2d0c8, 0x5141ab53,
181 0xdf8eeb99, 0xe19b48a8,
182 0xc5c95a63, 0xe3418acb,
183 0x7763e373, 0xd6b2b8a3,
184 0x5defb2fc, 0x43172f60,
185 0xa1f0ab72, 0x1a6439ec,
186 0x23631e28, 0xde82bde9,
187 0xb2c67915, 0xe372532b,
188 0xea26619c, 0x21c0c207,
189 0xcde0eb1e, 0xee6ed178,
190 0x72176fba, 0xa2c898a6,
191 0xbef90dae, 0x131c471b,
192 0x23047d84, 0x40c72493,
193 0x15c9bebc, 0x9c100d4c,
194 0xcb3e42b6, 0xfc657e2a,
195 0x3ad6faec, 0x4a475817
196};
197
111/* Process LEN bytes of BUFFER, accumulating context into CTX. 198/* Process LEN bytes of BUFFER, accumulating context into CTX.
112 It is assumed that LEN % 64 == 0. */ 199 LEN is rounded _down_ to 64. */
113static void sha256_process_block(const void *buffer, size_t len, sha256_ctx_t *ctx) 200static void sha256_process_block64(const void *buffer, size_t len, sha256_ctx_t *ctx)
114{ 201{
115 /* Constants for SHA256 from FIPS 180-2:4.2.2. */
116 static const uint32_t K[64] = {
117 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,
118 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
119 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
120 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
121 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc,
122 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
123 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7,
124 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
125 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,
126 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
127 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3,
128 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
129 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5,
130 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
131 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,
132 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
133 };
134 const uint32_t *words = buffer; 202 const uint32_t *words = buffer;
135 size_t nwords = len / sizeof(uint32_t);
136 uint32_t a = ctx->H[0]; 203 uint32_t a = ctx->H[0];
137 uint32_t b = ctx->H[1]; 204 uint32_t b = ctx->H[1];
138 uint32_t c = ctx->H[2]; 205 uint32_t c = ctx->H[2];
@@ -143,24 +210,17 @@ static void sha256_process_block(const void *buffer, size_t len, sha256_ctx_t *c
143 uint32_t h = ctx->H[7]; 210 uint32_t h = ctx->H[7];
144 211
145 /* First increment the byte count. FIPS 180-2 specifies the possible 212 /* First increment the byte count. FIPS 180-2 specifies the possible
146 length of the file up to 2^64 bits. Here we only compute the 213 length of the file up to 2^64 _bits_.
147 number of bytes. Do a double word increment. */ 214 We compute the number of _bytes_ and convert to bits later. */
148 ctx->total[0] += len; 215 len &= ~(size_t)(sizeof(uint32_t) * 16 - 1);
149 if (ctx->total[0] < len) 216 ctx->total64 += len;
150 ctx->total[1]++;
151 217
152 /* Process all bytes in the buffer with 64 bytes in each round of 218 /* Process all bytes in the buffer with 64 bytes in each round of
153 the loop. */ 219 the loop. */
154 while (nwords > 0) { 220 len /= (sizeof(uint32_t) * 16);
221 while (len) {
222 unsigned t;
155 uint32_t W[64]; 223 uint32_t W[64];
156 uint32_t a_save = a;
157 uint32_t b_save = b;
158 uint32_t c_save = c;
159 uint32_t d_save = d;
160 uint32_t e_save = e;
161 uint32_t f_save = f;
162 uint32_t g_save = g;
163 uint32_t h_save = h;
164 224
165 /* Operators defined in FIPS 180-2:4.1.2. */ 225 /* Operators defined in FIPS 180-2:4.1.2. */
166#define Ch(x, y, z) ((x & y) ^ (~x & z)) 226#define Ch(x, y, z) ((x & y) ^ (~x & z))
@@ -171,16 +231,17 @@ static void sha256_process_block(const void *buffer, size_t len, sha256_ctx_t *c
171#define R1(x) (rotr32(x, 17) ^ rotr32(x, 19) ^ (x >> 10)) 231#define R1(x) (rotr32(x, 17) ^ rotr32(x, 19) ^ (x >> 10))
172 232
173 /* Compute the message schedule according to FIPS 180-2:6.2.2 step 2. */ 233 /* Compute the message schedule according to FIPS 180-2:6.2.2 step 2. */
174 for (unsigned t = 0; t < 16; ++t) { 234 for (t = 0; t < 16; ++t) {
175 W[t] = ntohl(*words); 235 W[t] = ntohl(*words);
176 ++words; 236 ++words;
177 } 237 }
178 for (unsigned t = 16; t < 64; ++t) 238
239 for (/*t = 16*/; t < 64; ++t)
179 W[t] = R1(W[t - 2]) + W[t - 7] + R0(W[t - 15]) + W[t - 16]; 240 W[t] = R1(W[t - 2]) + W[t - 7] + R0(W[t - 15]) + W[t - 16];
180 241
181 /* The actual computation according to FIPS 180-2:6.2.2 step 3. */ 242 /* The actual computation according to FIPS 180-2:6.2.2 step 3. */
182 for (unsigned t = 0; t < 64; ++t) { 243 for (t = 0; t < 64; ++t) {
183 uint32_t T1 = h + S1(e) + Ch(e, f, g) + K[t] + W[t]; 244 uint32_t T1 = h + S1(e) + Ch(e, f, g) + K256[t] + W[t];
184 uint32_t T2 = S0(a) + Maj(a, b, c); 245 uint32_t T2 = S0(a) + Maj(a, b, c);
185 h = g; 246 h = g;
186 g = f; 247 g = f;
@@ -199,79 +260,24 @@ static void sha256_process_block(const void *buffer, size_t len, sha256_ctx_t *c
199#undef R1 260#undef R1
200 /* Add the starting values of the context according to FIPS 180-2:6.2.2 261 /* Add the starting values of the context according to FIPS 180-2:6.2.2
201 step 4. */ 262 step 4. */
202 a += a_save; 263 ctx->H[0] = a += ctx->H[0];
203 b += b_save; 264 ctx->H[1] = b += ctx->H[1];
204 c += c_save; 265 ctx->H[2] = c += ctx->H[2];
205 d += d_save; 266 ctx->H[3] = d += ctx->H[3];
206 e += e_save; 267 ctx->H[4] = e += ctx->H[4];
207 f += f_save; 268 ctx->H[5] = f += ctx->H[5];
208 g += g_save; 269 ctx->H[6] = g += ctx->H[6];
209 h += h_save; 270 ctx->H[7] = h += ctx->H[7];
210 271
211 /* Prepare for the next round. */ 272 /* Prepare for the next round. */
212 nwords -= 16; 273 len--;
213 } 274 }
214
215 /* Put checksum in context given as argument. */
216 ctx->H[0] = a;
217 ctx->H[1] = b;
218 ctx->H[2] = c;
219 ctx->H[3] = d;
220 ctx->H[4] = e;
221 ctx->H[5] = f;
222 ctx->H[6] = g;
223 ctx->H[7] = h;
224} 275}
225
226/* Process LEN bytes of BUFFER, accumulating context into CTX. 276/* Process LEN bytes of BUFFER, accumulating context into CTX.
227 It is assumed that LEN % 128 == 0. */ 277 LEN is rounded _down_ to 128. */
228static void sha512_process_block(const void *buffer, size_t len, sha512_ctx_t *ctx) 278static void sha512_process_block128(const void *buffer, size_t len, sha512_ctx_t *ctx)
229{ 279{
230 /* Constants for SHA512 from FIPS 180-2:4.2.3. */
231 static const uint64_t K[80] = {
232 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL,
233 0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL,
234 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL,
235 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL,
236 0xd807aa98a3030242ULL, 0x12835b0145706fbeULL,
237 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL,
238 0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL,
239 0x9bdc06a725c71235ULL, 0xc19bf174cf692694ULL,
240 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL,
241 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL,
242 0x2de92c6f592b0275ULL, 0x4a7484aa6ea6e483ULL,
243 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL,
244 0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL,
245 0xb00327c898fb213fULL, 0xbf597fc7beef0ee4ULL,
246 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL,
247 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL,
248 0x27b70a8546d22ffcULL, 0x2e1b21385c26c926ULL,
249 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL,
250 0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL,
251 0x81c2c92e47edaee6ULL, 0x92722c851482353bULL,
252 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL,
253 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL,
254 0xd192e819d6ef5218ULL, 0xd69906245565a910ULL,
255 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL,
256 0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL,
257 0x2748774cdf8eeb99ULL, 0x34b0bcb5e19b48a8ULL,
258 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL,
259 0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL,
260 0x748f82ee5defb2fcULL, 0x78a5636f43172f60ULL,
261 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL,
262 0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL,
263 0xbef9a3f7b2c67915ULL, 0xc67178f2e372532bULL,
264 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL,
265 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL,
266 0x06f067aa72176fbaULL, 0x0a637dc5a2c898a6ULL,
267 0x113f9804bef90daeULL, 0x1b710b35131c471bULL,
268 0x28db77f523047d84ULL, 0x32caab7b40c72493ULL,
269 0x3c9ebe0a15c9bebcULL, 0x431d67c49c100d4cULL,
270 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL,
271 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL,
272 };
273 const uint64_t *words = buffer; 280 const uint64_t *words = buffer;
274 size_t nwords = len / sizeof(uint64_t);
275 uint64_t a = ctx->H[0]; 281 uint64_t a = ctx->H[0];
276 uint64_t b = ctx->H[1]; 282 uint64_t b = ctx->H[1];
277 uint64_t c = ctx->H[2]; 283 uint64_t c = ctx->H[2];
@@ -282,24 +288,17 @@ static void sha512_process_block(const void *buffer, size_t len, sha512_ctx_t *c
282 uint64_t h = ctx->H[7]; 288 uint64_t h = ctx->H[7];
283 289
284 /* First increment the byte count. FIPS 180-2 specifies the possible 290 /* First increment the byte count. FIPS 180-2 specifies the possible
285 length of the file up to 2^128 bits. Here we only compute the 291 length of the file up to 2^128 _bits_.
286 number of bytes. Do a double word increment. */ 292 We compute the number of _bytes_ and convert to bits later. */
287 ctx->total[0] += len; 293 len &= ~(size_t)(sizeof(uint64_t) * 16 - 1);
288 if (ctx->total[0] < len) 294 ctx->total64[0] += len;
289 ctx->total[1]++; 295 if (ctx->total64[0] < len)
290 296 ctx->total64[1]++;
291 /* Process all bytes in the buffer with 128 bytes in each round of 297
292 the loop. */ 298 len /= (sizeof(uint64_t) * 16);
293 while (nwords > 0) { 299 while (len) {
300 unsigned t;
294 uint64_t W[80]; 301 uint64_t W[80];
295 uint64_t a_save = a;
296 uint64_t b_save = b;
297 uint64_t c_save = c;
298 uint64_t d_save = d;
299 uint64_t e_save = e;
300 uint64_t f_save = f;
301 uint64_t g_save = g;
302 uint64_t h_save = h;
303 302
304 /* Operators defined in FIPS 180-2:4.1.2. */ 303 /* Operators defined in FIPS 180-2:4.1.2. */
305#define Ch(x, y, z) ((x & y) ^ (~x & z)) 304#define Ch(x, y, z) ((x & y) ^ (~x & z))
@@ -310,16 +309,17 @@ static void sha512_process_block(const void *buffer, size_t len, sha512_ctx_t *c
310#define R1(x) (rotr64(x, 19) ^ rotr64(x, 61) ^ (x >> 6)) 309#define R1(x) (rotr64(x, 19) ^ rotr64(x, 61) ^ (x >> 6))
311 310
312 /* Compute the message schedule according to FIPS 180-2:6.3.2 step 2. */ 311 /* Compute the message schedule according to FIPS 180-2:6.3.2 step 2. */
313 for (unsigned t = 0; t < 16; ++t) { 312 for (t = 0; t < 16; ++t) {
314 W[t] = ntoh64(*words); 313 W[t] = ntoh64(*words);
315 ++words; 314 ++words;
316 } 315 }
317 for (unsigned t = 16; t < 80; ++t) 316 for (/*t = 16*/; t < 80; ++t)
318 W[t] = R1(W[t - 2]) + W[t - 7] + R0(W[t - 15]) + W[t - 16]; 317 W[t] = R1(W[t - 2]) + W[t - 7] + R0(W[t - 15]) + W[t - 16];
319 318
320 /* The actual computation according to FIPS 180-2:6.3.2 step 3. */ 319 /* The actual computation according to FIPS 180-2:6.3.2 step 3. */
321 for (unsigned t = 0; t < 80; ++t) { 320 for (t = 0; t < 80; ++t) {
322 uint64_t T1 = h + S1(e) + Ch(e, f, g) + K[t] + W[t]; 321 uint64_t K512_t = ((uint64_t)(K256[t]) << 32) + K512_lo[t];
322 uint64_t T1 = h + S1(e) + Ch(e, f, g) + K512_t + W[t];
323 uint64_t T2 = S0(a) + Maj(a, b, c); 323 uint64_t T2 = S0(a) + Maj(a, b, c);
324 h = g; 324 h = g;
325 g = f; 325 g = f;
@@ -338,34 +338,23 @@ static void sha512_process_block(const void *buffer, size_t len, sha512_ctx_t *c
338#undef R1 338#undef R1
339 /* Add the starting values of the context according to FIPS 180-2:6.3.2 339 /* Add the starting values of the context according to FIPS 180-2:6.3.2
340 step 4. */ 340 step 4. */
341 a += a_save; 341 ctx->H[0] = a += ctx->H[0];
342 b += b_save; 342 ctx->H[1] = b += ctx->H[1];
343 c += c_save; 343 ctx->H[2] = c += ctx->H[2];
344 d += d_save; 344 ctx->H[3] = d += ctx->H[3];
345 e += e_save; 345 ctx->H[4] = e += ctx->H[4];
346 f += f_save; 346 ctx->H[5] = f += ctx->H[5];
347 g += g_save; 347 ctx->H[6] = g += ctx->H[6];
348 h += h_save; 348 ctx->H[7] = h += ctx->H[7];
349 349
350 /* Prepare for the next round. */ 350 len--;
351 nwords -= 16;
352 } 351 }
353
354 /* Put checksum in context given as argument. */
355 ctx->H[0] = a;
356 ctx->H[1] = b;
357 ctx->H[2] = c;
358 ctx->H[3] = d;
359 ctx->H[4] = e;
360 ctx->H[5] = f;
361 ctx->H[6] = g;
362 ctx->H[7] = h;
363} 352}
364 353
365 354
366void FAST_FUNC sha1_begin(sha1_ctx_t *ctx) 355void FAST_FUNC sha1_begin(sha1_ctx_t *ctx)
367{ 356{
368 ctx->count[0] = ctx->count[1] = 0; 357 ctx->total64 = 0;
369 ctx->hash[0] = 0x67452301; 358 ctx->hash[0] = 0x67452301;
370 ctx->hash[1] = 0xefcdab89; 359 ctx->hash[1] = 0xefcdab89;
371 ctx->hash[2] = 0x98badcfe; 360 ctx->hash[2] = 0x98badcfe;
@@ -373,84 +362,92 @@ void FAST_FUNC sha1_begin(sha1_ctx_t *ctx)
373 ctx->hash[4] = 0xc3d2e1f0; 362 ctx->hash[4] = 0xc3d2e1f0;
374} 363}
375 364
365static const uint32_t init256[] = {
366 0x6a09e667,
367 0xbb67ae85,
368 0x3c6ef372,
369 0xa54ff53a,
370 0x510e527f,
371 0x9b05688c,
372 0x1f83d9ab,
373 0x5be0cd19
374};
375static const uint32_t init512_lo[] = {
376 0xf3bcc908,
377 0x84caa73b,
378 0xfe94f82b,
379 0x5f1d36f1,
380 0xade682d1,
381 0x2b3e6c1f,
382 0xfb41bd6b,
383 0x137e2179
384};
376/* Initialize structure containing state of computation. 385/* Initialize structure containing state of computation.
377 (FIPS 180-2:5.3.2) */ 386 (FIPS 180-2:5.3.2) */
378void FAST_FUNC sha256_begin(sha256_ctx_t *ctx) 387void FAST_FUNC sha256_begin(sha256_ctx_t *ctx)
379{ 388{
380 ctx->H[0] = 0x6a09e667; 389 memcpy(ctx->H, init256, sizeof(init256));
381 ctx->H[1] = 0xbb67ae85; 390 ctx->total64 = 0;
382 ctx->H[2] = 0x3c6ef372; 391 ctx->wbuflen = 0;
383 ctx->H[3] = 0xa54ff53a;
384 ctx->H[4] = 0x510e527f;
385 ctx->H[5] = 0x9b05688c;
386 ctx->H[6] = 0x1f83d9ab;
387 ctx->H[7] = 0x5be0cd19;
388 ctx->total[0] = ctx->total[1] = 0;
389 ctx->buflen = 0;
390} 392}
391
392/* Initialize structure containing state of computation. 393/* Initialize structure containing state of computation.
393 (FIPS 180-2:5.3.3) */ 394 (FIPS 180-2:5.3.3) */
394void FAST_FUNC sha512_begin(sha512_ctx_t *ctx) 395void FAST_FUNC sha512_begin(sha512_ctx_t *ctx)
395{ 396{
396 ctx->H[0] = 0x6a09e667f3bcc908ULL; 397 int i;
397 ctx->H[1] = 0xbb67ae8584caa73bULL; 398 for (i = 0; i < 8; i++)
398 ctx->H[2] = 0x3c6ef372fe94f82bULL; 399 ctx->H[i] = ((uint64_t)(init256[i]) << 32) + init512_lo[i];
399 ctx->H[3] = 0xa54ff53a5f1d36f1ULL; 400 ctx->total64[0] = ctx->total64[1] = 0;
400 ctx->H[4] = 0x510e527fade682d1ULL; 401 ctx->wbuflen = 0;
401 ctx->H[5] = 0x9b05688c2b3e6c1fULL;
402 ctx->H[6] = 0x1f83d9abfb41bd6bULL;
403 ctx->H[7] = 0x5be0cd19137e2179ULL;
404 ctx->total[0] = ctx->total[1] = 0;
405 ctx->buflen = 0;
406} 402}
407 403
408 404
409/* SHA1 hash data in an array of bytes into hash buffer and call the */ 405/* SHA1 hash data in an array of bytes into hash buffer and call the */
410/* hash_compile function as required. */ 406/* hash_compile function as required. */
411void FAST_FUNC sha1_hash(const void *data, size_t length, sha1_ctx_t *ctx) 407void FAST_FUNC sha1_hash(const void *buffer, size_t len, sha1_ctx_t *ctx)
412{ 408{
413 uint32_t pos = (uint32_t) (ctx->count[0] & SHA1_MASK); 409 uint32_t pos = (uint32_t) (ctx->total64 & SHA1_MASK);
414 uint32_t freeb = SHA1_BLOCK_SIZE - pos; 410 uint32_t freeb = SHA1_BLOCK_SIZE - pos;
415 const unsigned char *sp = data; 411 const unsigned char *sp = buffer;
416 412
417 ctx->count[0] += length; 413 ctx->total64 += len;
418 if (ctx->count[0] < length)
419 ctx->count[1]++;
420 414
421 while (length >= freeb) { /* transfer whole blocks while possible */ 415 while (len >= freeb) { /* transfer whole blocks while possible */
422 memcpy(((unsigned char *) ctx->wbuf) + pos, sp, freeb); 416 memcpy(((unsigned char *) ctx->wbuffer) + pos, sp, freeb);
423 sp += freeb; 417 sp += freeb;
424 length -= freeb; 418 len -= freeb;
425 freeb = SHA1_BLOCK_SIZE; 419 freeb = SHA1_BLOCK_SIZE;
426 pos = 0; 420 pos = 0;
427 sha1_compile(ctx); 421 sha1_process_block64(ctx);
428 } 422 }
429 423
430 memcpy(((unsigned char *) ctx->wbuf) + pos, sp, length); 424 memcpy(((unsigned char *) ctx->wbuffer) + pos, sp, len);
431} 425}
432 426
433void FAST_FUNC sha256_hash(const void *buffer, size_t len, sha256_ctx_t *ctx) 427void FAST_FUNC sha256_hash(const void *buffer, size_t len, sha256_ctx_t *ctx)
434{ 428{
435 /* When we already have some bits in our internal buffer concatenate 429 /* When we already have some bits in our internal buffer concatenate
436 both inputs first. */ 430 both inputs first. */
437 if (ctx->buflen != 0) { 431 if (ctx->wbuflen != 0) {
438 size_t left_over = ctx->buflen; 432 unsigned add;
439 size_t add = 128 - left_over > len ? len : 128 - left_over; 433
440 434 /* NB: 1/2 of wbuffer is used only in sha256_end
441 memcpy(&ctx->buffer[left_over], buffer, add); 435 * when length field is added and hashed.
442 ctx->buflen += add; 436 * With buffer twice as small, it may happen that
443 437 * we have it almost full and can't add length field. */
444 if (ctx->buflen > 64) { 438
445 sha256_process_block(ctx->buffer, ctx->buflen & ~63, ctx); 439 add = sizeof(ctx->wbuffer)/2 - ctx->wbuflen;
446 440 if (add > len)
447 ctx->buflen &= 63; 441 add = len;
448 /* The regions in the following copy operation cannot overlap. */ 442 memcpy(&ctx->wbuffer[ctx->wbuflen], buffer, add);
449 memcpy(ctx->buffer, 443 ctx->wbuflen += add;
450 &ctx->buffer[(left_over + add) & ~63], 444
451 ctx->buflen); 445 /* If we still didn't collect full wbuffer, bail out */
452 } 446 if (ctx->wbuflen < sizeof(ctx->wbuffer)/2)
453 447 return;
448
449 sha256_process_block64(ctx->wbuffer, 64, ctx);
450 ctx->wbuflen = 0;
454 buffer = (const char *)buffer + add; 451 buffer = (const char *)buffer + add;
455 len -= add; 452 len -= add;
456 } 453 }
@@ -459,13 +456,12 @@ void FAST_FUNC sha256_hash(const void *buffer, size_t len, sha256_ctx_t *ctx)
459 if (len >= 64) { 456 if (len >= 64) {
460 if (UNALIGNED_P(buffer, uint32_t)) { 457 if (UNALIGNED_P(buffer, uint32_t)) {
461 while (len > 64) { 458 while (len > 64) {
462 sha256_process_block(memcpy(ctx->buffer, buffer, 64), 459 sha256_process_block64(memcpy(ctx->wbuffer, buffer, 64), 64, ctx);
463 64, ctx);
464 buffer = (const char *)buffer + 64; 460 buffer = (const char *)buffer + 64;
465 len -= 64; 461 len -= 64;
466 } 462 }
467 } else { 463 } else {
468 sha256_process_block(buffer, len & ~63, ctx); 464 sha256_process_block64(buffer, len /*& ~63*/, ctx);
469 buffer = (const char *)buffer + (len & ~63); 465 buffer = (const char *)buffer + (len & ~63);
470 len &= 63; 466 len &= 63;
471 } 467 }
@@ -473,75 +469,48 @@ void FAST_FUNC sha256_hash(const void *buffer, size_t len, sha256_ctx_t *ctx)
473 469
474 /* Move remaining bytes into internal buffer. */ 470 /* Move remaining bytes into internal buffer. */
475 if (len > 0) { 471 if (len > 0) {
476 size_t left_over = ctx->buflen; 472 memcpy(ctx->wbuffer, buffer, len);
477 473 ctx->wbuflen = len;
478 memcpy(&ctx->buffer[left_over], buffer, len);
479 left_over += len;
480 if (left_over >= 64) {
481 sha256_process_block(ctx->buffer, 64, ctx);
482 left_over -= 64;
483 memcpy(ctx->buffer, &ctx->buffer[64], left_over);
484 }
485 ctx->buflen = left_over;
486 } 474 }
487} 475}
488 476
489void FAST_FUNC sha512_hash(const void *buffer, size_t len, sha512_ctx_t *ctx) 477void FAST_FUNC sha512_hash(const void *buffer, size_t len, sha512_ctx_t *ctx)
490{ 478{
491 /* When we already have some bits in our internal buffer concatenate 479 if (ctx->wbuflen != 0) {
492 both inputs first. */ 480 unsigned add;
493 if (ctx->buflen != 0) {
494 size_t left_over = ctx->buflen;
495 size_t add = 256 - left_over > len ? len : 256 - left_over;
496 481
497 memcpy(&ctx->buffer[left_over], buffer, add); 482 add = sizeof(ctx->wbuffer)/2 - ctx->wbuflen;
498 ctx->buflen += add; 483 if (add > len)
484 add = len;
485 memcpy(&ctx->wbuffer[ctx->wbuflen], buffer, add);
486 ctx->wbuflen += add;
499 487
500 if (ctx->buflen > 128) { 488 if (ctx->wbuflen < sizeof(ctx->wbuffer)/2)
501 sha512_process_block(ctx->buffer, ctx->buflen & ~127, ctx); 489 return;
502
503 ctx->buflen &= 127;
504 /* The regions in the following copy operation cannot overlap. */
505 memcpy(ctx->buffer,
506 &ctx->buffer[(left_over + add) & ~127],
507 ctx->buflen);
508 }
509 490
491 sha512_process_block128(ctx->wbuffer, 128, ctx);
492 ctx->wbuflen = 0;
510 buffer = (const char *)buffer + add; 493 buffer = (const char *)buffer + add;
511 len -= add; 494 len -= add;
512 } 495 }
513 496
514 /* Process available complete blocks. */
515 if (len >= 128) { 497 if (len >= 128) {
516// #if BB_ARCH_REQUIRES_ALIGNMENT
517 if (UNALIGNED_P(buffer, uint64_t)) { 498 if (UNALIGNED_P(buffer, uint64_t)) {
518 while (len > 128) { 499 while (len > 128) {
519 sha512_process_block(memcpy(ctx->buffer, buffer, 128), 500 sha512_process_block128(memcpy(ctx->wbuffer, buffer, 128), 128, ctx);
520 128, ctx);
521 buffer = (const char *)buffer + 128; 501 buffer = (const char *)buffer + 128;
522 len -= 128; 502 len -= 128;
523 } 503 }
524 } else 504 } else {
525// #endif 505 sha512_process_block128(buffer, len /*& ~127*/, ctx);
526 {
527 sha512_process_block(buffer, len & ~127, ctx);
528 buffer = (const char *)buffer + (len & ~127); 506 buffer = (const char *)buffer + (len & ~127);
529 len &= 127; 507 len &= 127;
530 } 508 }
531 } 509 }
532 510
533 /* Move remaining bytes into internal buffer. */
534 if (len > 0) { 511 if (len > 0) {
535 size_t left_over = ctx->buflen; 512 memcpy(ctx->wbuffer, buffer, len);
536 513 ctx->wbuflen = len;
537 memcpy(&ctx->buffer[left_over], buffer, len);
538 left_over += len;
539 if (left_over >= 128) {
540 sha512_process_block(ctx->buffer, 128, ctx);
541 left_over -= 128;
542 memcpy(ctx->buffer, &ctx->buffer[128], left_over);
543 }
544 ctx->buflen = left_over;
545 } 514 }
546} 515}
547 516
@@ -558,36 +527,40 @@ void FAST_FUNC sha1_end(void *resbuf, sha1_ctx_t *ctx)
558#endif 527#endif
559 528
560 uint8_t *hval = resbuf; 529 uint8_t *hval = resbuf;
561 uint32_t i, cnt = (uint32_t) (ctx->count[0] & SHA1_MASK); 530 uint32_t i, cnt = (uint32_t) (ctx->total64 & SHA1_MASK);
562 531
563 /* mask out the rest of any partial 32-bit word and then set */ 532 /* mask out the rest of any partial 32-bit word and then set */
564 /* the next byte to 0x80. On big-endian machines any bytes in */ 533 /* the next byte to 0x80. On big-endian machines any bytes in */
565 /* the buffer will be at the top end of 32 bit words, on little */ 534 /* the buffer will be at the top end of 32 bit words, on little */
566 /* endian machines they will be at the bottom. Hence the AND */ 535 /* endian machines they will be at the bottom. Hence the AND */
567 /* and OR masks above are reversed for little endian systems */ 536 /* and OR masks above are reversed for little endian systems */
568 ctx->wbuf[cnt >> 2] = 537 ctx->wbuffer[cnt >> 2] =
569 (ctx->wbuf[cnt >> 2] & mask[cnt & 3]) | bits[cnt & 3]; 538 (ctx->wbuffer[cnt >> 2] & mask[cnt & 3]) | bits[cnt & 3];
570 539
571 /* we need 9 or more empty positions, one for the padding byte */ 540 /* we need 9 or more empty positions, one for the padding byte */
572 /* (above) and eight for the length count. If there is not */ 541 /* (above) and eight for the length count. If there is not */
573 /* enough space pad and empty the buffer */ 542 /* enough space pad and empty the buffer */
574 if (cnt > SHA1_BLOCK_SIZE - 9) { 543 if (cnt > SHA1_BLOCK_SIZE - 9) {
575 if (cnt < 60) 544 if (cnt < 60)
576 ctx->wbuf[15] = 0; 545 ctx->wbuffer[15] = 0;
577 sha1_compile(ctx); 546 sha1_process_block64(ctx);
578 cnt = 0; 547 cnt = 0;
579 } else /* compute a word index for the empty buffer positions */ 548 } else /* compute a word index for the empty buffer positions */
580 cnt = (cnt >> 2) + 1; 549 cnt = (cnt >> 2) + 1;
581 550
582 while (cnt < 14) /* and zero pad all but last two positions */ 551 while (cnt < 14) /* and zero pad all but last two positions */
583 ctx->wbuf[cnt++] = 0; 552 ctx->wbuffer[cnt++] = 0;
584 553
585 /* assemble the eight byte counter in the buffer in big-endian */ 554 /* assemble the 64-bit counter of bits in the buffer in BE */
586 /* format */ 555 /* format */
587 ctx->wbuf[14] = htonl((ctx->count[1] << 3) | (ctx->count[0] >> 29)); 556 {
588 ctx->wbuf[15] = htonl(ctx->count[0] << 3); 557 uint64_t t = ctx->total64 << 3;
558 t = hton64(t);
559 /* wbuffer is suitably aligned for this */
560 *(uint64_t *) &ctx->wbuffer[14] = t;
561 }
589 562
590 sha1_compile(ctx); 563 sha1_process_block64(ctx);
591 564
592 /* extract the hash value as bytes in case the hash buffer is */ 565 /* extract the hash value as bytes in case the hash buffer is */
593 /* misaligned for 32-bit words */ 566 /* misaligned for 32-bit words */
@@ -604,28 +577,29 @@ void FAST_FUNC sha1_end(void *resbuf, sha1_ctx_t *ctx)
604void FAST_FUNC sha256_end(void *resbuf, sha256_ctx_t *ctx) 577void FAST_FUNC sha256_end(void *resbuf, sha256_ctx_t *ctx)
605{ 578{
606 /* Take yet unprocessed bytes into account. */ 579 /* Take yet unprocessed bytes into account. */
607 uint32_t bytes = ctx->buflen; 580 unsigned bytes = ctx->wbuflen;
608 size_t pad; 581 unsigned pad;
609 582
610 /* Now count remaining bytes. */ 583 /* Now count remaining bytes. */
611 ctx->total[0] += bytes; 584 ctx->total64 += bytes;
612 if (ctx->total[0] < bytes)
613 ctx->total[1]++;
614 585
615 /* Pad the buffer to the next 64-byte boundary with 0x80,0,0,0... 586 /* Pad the buffer to the next 64-byte boundary with 0x80,0,0,0...
616 (FIPS 180-2:5.1.1) */ 587 (FIPS 180-2:5.1.1) */
617 pad = (bytes >= 56 ? 64 + 56 - bytes : 56 - bytes); 588 pad = (bytes >= 56 ? 64 + 56 - bytes : 56 - bytes);
618 memset(&ctx->buffer[bytes], 0, pad); 589 memset(&ctx->wbuffer[bytes], 0, pad);
619 ctx->buffer[bytes] = 0x80; 590 ctx->wbuffer[bytes] = 0x80;
620 591
621 /* Put the 64-bit file length in *bits* at the end of the buffer. */ 592 /* Put the 64-bit file length in *bits* at the end of the buffer. */
622 *(uint32_t *) &ctx->buffer[bytes + pad + 4] = ntohl(ctx->total[0] << 3); 593 {
623 *(uint32_t *) &ctx->buffer[bytes + pad] = ntohl((ctx->total[1] << 3) | (ctx->total[0] >> 29)); 594 uint64_t t = ctx->total64 << 3;
595 t = hton64(t);
596 /* wbuffer is suitably aligned for this */
597 *(uint64_t *) &ctx->wbuffer[bytes + pad] = t;
598 }
624 599
625 /* Process last bytes. */ 600 /* Process last bytes. */
626 sha256_process_block(ctx->buffer, bytes + pad + 8, ctx); 601 sha256_process_block64(ctx->wbuffer, bytes + pad + 8, ctx);
627 602
628 /* Put result from CTX in first 32 bytes following RESBUF. */
629 for (unsigned i = 0; i < 8; ++i) 603 for (unsigned i = 0; i < 8; ++i)
630 ((uint32_t *) resbuf)[i] = ntohl(ctx->H[i]); 604 ((uint32_t *) resbuf)[i] = ntohl(ctx->H[i]);
631} 605}
@@ -637,29 +611,24 @@ void FAST_FUNC sha256_end(void *resbuf, sha256_ctx_t *ctx)
637 aligned for a 64 bits value. */ 611 aligned for a 64 bits value. */
638void FAST_FUNC sha512_end(void *resbuf, sha512_ctx_t *ctx) 612void FAST_FUNC sha512_end(void *resbuf, sha512_ctx_t *ctx)
639{ 613{
640 /* Take yet unprocessed bytes into account. */ 614 unsigned bytes = ctx->wbuflen;
641 uint64_t bytes = ctx->buflen; 615 unsigned pad;
642 size_t pad;
643 616
644 /* Now count remaining bytes. */ 617 ctx->total64[0] += bytes;
645 ctx->total[0] += bytes; 618 if (ctx->total64[0] < bytes)
646 if (ctx->total[0] < bytes) 619 ctx->total64[1]++;
647 ctx->total[1]++;
648 620
649 /* Pad the buffer to the next 128-byte boundary with 0x80,0,0,0... 621 /* Pad the buffer to the next 128-byte boundary with 0x80,0,0,0...
650 (FIPS 180-2:5.1.2) */ 622 (FIPS 180-2:5.1.2) */
651 pad = bytes >= 112 ? 128 + 112 - bytes : 112 - bytes; 623 pad = bytes >= 112 ? 128 + 112 - bytes : 112 - bytes;
652 memset(&ctx->buffer[bytes], 0, pad); 624 memset(&ctx->wbuffer[bytes], 0, pad);
653 ctx->buffer[bytes] = 0x80; 625 ctx->wbuffer[bytes] = 0x80;
654 626
655 /* Put the 128-bit file length in *bits* at the end of the buffer. */ 627 *(uint64_t *) &ctx->wbuffer[bytes + pad + 8] = hton64(ctx->total64[0] << 3);
656 *(uint64_t *) &ctx->buffer[bytes + pad + 8] = hton64(ctx->total[0] << 3); 628 *(uint64_t *) &ctx->wbuffer[bytes + pad] = hton64((ctx->total64[1] << 3) | (ctx->total64[0] >> 61));
657 *(uint64_t *) &ctx->buffer[bytes + pad] = hton64((ctx->total[1] << 3) | (ctx->total[0] >> 61));
658 629
659 /* Process last bytes. */ 630 sha512_process_block128(ctx->wbuffer, bytes + pad + 16, ctx);
660 sha512_process_block(ctx->buffer, bytes + pad + 16, ctx);
661 631
662 /* Put result from CTX in first 64 bytes following RESBUF. */
663 for (unsigned i = 0; i < 8; ++i) 632 for (unsigned i = 0; i < 8; ++i)
664 ((uint64_t *) resbuf)[i] = hton64(ctx->H[i]); 633 ((uint64_t *) resbuf)[i] = hton64(ctx->H[i]);
665} 634}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2026-01-17 04:08:18 +0000