summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/sha/sha256.c
diff options
context:
space:
mode:
authorjsing <>2023-07-07 15:03:55 +0000
committerjsing <>2023-07-07 15:03:55 +0000
commit44be04de359e261a9500ecf15cdd8379adbbbb9c (patch)
tree7455d9e25fbe4938a0fd828191e21189655a49ba /src/lib/libcrypto/sha/sha256.c
parent94d3e66bc0e7a75b697c3f80aa4dc9abb31d00dd (diff)
downloadopenbsd-44be04de359e261a9500ecf15cdd8379adbbbb9c.tar.gz
openbsd-44be04de359e261a9500ecf15cdd8379adbbbb9c.tar.bz2
openbsd-44be04de359e261a9500ecf15cdd8379adbbbb9c.zip
Clean up SHA-256 input handling and round macros.
Avoid reach around and initialisation outside of the macro, cleaning up the call sites to remove the initialisation. ok beck@
Diffstat (limited to '')
-rw-r--r--src/lib/libcrypto/sha/sha256.c130
1 files changed, 58 insertions, 72 deletions
diff --git a/src/lib/libcrypto/sha/sha256.c b/src/lib/libcrypto/sha/sha256.c
index a8c8aa3e26..eaa9364998 100644
--- a/src/lib/libcrypto/sha/sha256.c
+++ b/src/lib/libcrypto/sha/sha256.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sha256.c,v 1.24 2023/07/07 14:32:41 jsing Exp $ */ 1/* $OpenBSD: sha256.c,v 1.25 2023/07/07 15:03:55 jsing Exp $ */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved.
4 * 4 *
@@ -120,16 +120,16 @@ static const SHA_LONG K256[64] = {
120#define Ch(x, y, z) (((x) & (y)) ^ ((~(x)) & (z))) 120#define Ch(x, y, z) (((x) & (y)) ^ ((~(x)) & (z)))
121#define Maj(x, y, z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) 121#define Maj(x, y, z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
122 122
123#define ROUND_00_15(i, a, b, c, d, e, f, g, h) do { \ 123#define ROUND_00_15(x, i, a, b, c, d, e, f, g, h) do { \
124 T1 += h + Sigma1(e) + Ch(e, f, g) + K256[i]; \ 124 T1 = x + h + Sigma1(e) + Ch(e, f, g) + K256[i]; \
125 h = Sigma0(a) + Maj(a, b, c); \ 125 h = Sigma0(a) + Maj(a, b, c); \
126 d += T1; h += T1; } while (0) 126 d += T1; h += T1; } while (0)
127 127
128#define ROUND_16_63(i, a, b, c, d, e, f, g, h, X) do { \ 128#define ROUND_16_63(i, a, b, c, d, e, f, g, h, X) do { \
129 s0 = X[(i+1)&0x0f]; s0 = sigma0(s0); \ 129 s0 = X[(i+1)&0x0f]; s0 = sigma0(s0); \
130 s1 = X[(i+14)&0x0f]; s1 = sigma1(s1); \ 130 s1 = X[(i+14)&0x0f]; s1 = sigma1(s1); \
131 T1 = X[(i)&0x0f] += s0 + s1 + X[(i+9)&0x0f]; \ 131 T1 = X[(i)&0x0f] += s0 + s1 + X[(i+9)&0x0f]; \
132 ROUND_00_15(i, a, b, c, d, e, f, g, h); } while (0) 132 ROUND_00_15(T1, i, a, b, c, d, e, f, g, h); } while (0)
133 133
134static void 134static void
135sha256_block_data_order(SHA256_CTX *ctx, const void *in, size_t num) 135sha256_block_data_order(SHA256_CTX *ctx, const void *in, size_t num)
@@ -154,93 +154,79 @@ sha256_block_data_order(SHA256_CTX *ctx, const void *in, size_t num)
154 sizeof(SHA_LONG) == 4 && ((size_t)in % 4) == 0) { 154 sizeof(SHA_LONG) == 4 && ((size_t)in % 4) == 0) {
155 const SHA_LONG *W = (const SHA_LONG *)data; 155 const SHA_LONG *W = (const SHA_LONG *)data;
156 156
157 T1 = X[0] = W[0]; 157 X[0] = W[0];
158 ROUND_00_15(0, a, b, c, d, e, f, g, h); 158 X[1] = W[1];
159 T1 = X[1] = W[1]; 159 X[2] = W[2];
160 ROUND_00_15(1, h, a, b, c, d, e, f, g); 160 X[3] = W[3];
161 T1 = X[2] = W[2]; 161 X[4] = W[4];
162 ROUND_00_15(2, g, h, a, b, c, d, e, f); 162 X[5] = W[5];
163 T1 = X[3] = W[3]; 163 X[6] = W[6];
164 ROUND_00_15(3, f, g, h, a, b, c, d, e); 164 X[7] = W[7];
165 T1 = X[4] = W[4]; 165 X[8] = W[8];
166 ROUND_00_15(4, e, f, g, h, a, b, c, d); 166 X[9] = W[9];
167 T1 = X[5] = W[5]; 167 X[10] = W[10];
168 ROUND_00_15(5, d, e, f, g, h, a, b, c); 168 X[11] = W[11];
169 T1 = X[6] = W[6]; 169 X[12] = W[12];
170 ROUND_00_15(6, c, d, e, f, g, h, a, b); 170 X[13] = W[13];
171 T1 = X[7] = W[7]; 171 X[14] = W[14];
172 ROUND_00_15(7, b, c, d, e, f, g, h, a); 172 X[15] = W[15];
173 T1 = X[8] = W[8];
174 ROUND_00_15(8, a, b, c, d, e, f, g, h);
175 T1 = X[9] = W[9];
176 ROUND_00_15(9, h, a, b, c, d, e, f, g);
177 T1 = X[10] = W[10];
178 ROUND_00_15(10, g, h, a, b, c, d, e, f);
179 T1 = X[11] = W[11];
180 ROUND_00_15(11, f, g, h, a, b, c, d, e);
181 T1 = X[12] = W[12];
182 ROUND_00_15(12, e, f, g, h, a, b, c, d);
183 T1 = X[13] = W[13];
184 ROUND_00_15(13, d, e, f, g, h, a, b, c);
185 T1 = X[14] = W[14];
186 ROUND_00_15(14, c, d, e, f, g, h, a, b);
187 T1 = X[15] = W[15];
188 ROUND_00_15(15, b, c, d, e, f, g, h, a);
189 173
190 data += SHA256_CBLOCK; 174 data += SHA256_CBLOCK;
191 } else { 175 } else {
192 SHA_LONG l; 176 SHA_LONG l;
193 177
194 HOST_c2l(data, l); 178 HOST_c2l(data, l);
195 T1 = X[0] = l; 179 X[0] = l;
196 ROUND_00_15(0, a, b, c, d, e, f, g, h);
197 HOST_c2l(data, l); 180 HOST_c2l(data, l);
198 T1 = X[1] = l; 181 X[1] = l;
199 ROUND_00_15(1, h, a, b, c, d, e, f, g);
200 HOST_c2l(data, l); 182 HOST_c2l(data, l);
201 T1 = X[2] = l; 183 X[2] = l;
202 ROUND_00_15(2, g, h, a, b, c, d, e, f);
203 HOST_c2l(data, l); 184 HOST_c2l(data, l);
204 T1 = X[3] = l; 185 X[3] = l;
205 ROUND_00_15(3, f, g, h, a, b, c, d, e);
206 HOST_c2l(data, l); 186 HOST_c2l(data, l);
207 T1 = X[4] = l; 187 X[4] = l;
208 ROUND_00_15(4, e, f, g, h, a, b, c, d);
209 HOST_c2l(data, l); 188 HOST_c2l(data, l);
210 T1 = X[5] = l; 189 X[5] = l;
211 ROUND_00_15(5, d, e, f, g, h, a, b, c);
212 HOST_c2l(data, l); 190 HOST_c2l(data, l);
213 T1 = X[6] = l; 191 X[6] = l;
214 ROUND_00_15(6, c, d, e, f, g, h, a, b);
215 HOST_c2l(data, l); 192 HOST_c2l(data, l);
216 T1 = X[7] = l; 193 X[7] = l;
217 ROUND_00_15(7, b, c, d, e, f, g, h, a);
218 HOST_c2l(data, l); 194 HOST_c2l(data, l);
219 T1 = X[8] = l; 195 X[8] = l;
220 ROUND_00_15(8, a, b, c, d, e, f, g, h);
221 HOST_c2l(data, l); 196 HOST_c2l(data, l);
222 T1 = X[9] = l; 197 X[9] = l;
223 ROUND_00_15(9, h, a, b, c, d, e, f, g);
224 HOST_c2l(data, l); 198 HOST_c2l(data, l);
225 T1 = X[10] = l; 199 X[10] = l;
226 ROUND_00_15(10, g, h, a, b, c, d, e, f);
227 HOST_c2l(data, l); 200 HOST_c2l(data, l);
228 T1 = X[11] = l; 201 X[11] = l;
229 ROUND_00_15(11, f, g, h, a, b, c, d, e);
230 HOST_c2l(data, l); 202 HOST_c2l(data, l);
231 T1 = X[12] = l; 203 X[12] = l;
232 ROUND_00_15(12, e, f, g, h, a, b, c, d);
233 HOST_c2l(data, l); 204 HOST_c2l(data, l);
234 T1 = X[13] = l; 205 X[13] = l;
235 ROUND_00_15(13, d, e, f, g, h, a, b, c);
236 HOST_c2l(data, l); 206 HOST_c2l(data, l);
237 T1 = X[14] = l; 207 X[14] = l;
238 ROUND_00_15(14, c, d, e, f, g, h, a, b);
239 HOST_c2l(data, l); 208 HOST_c2l(data, l);
240 T1 = X[15] = l; 209 X[15] = l;
241 ROUND_00_15(15, b, c, d, e, f, g, h, a);
242 } 210 }
243 211
212 ROUND_00_15(X[0], 0, a, b, c, d, e, f, g, h);
213 ROUND_00_15(X[1], 1, h, a, b, c, d, e, f, g);
214 ROUND_00_15(X[2], 2, g, h, a, b, c, d, e, f);
215 ROUND_00_15(X[3], 3, f, g, h, a, b, c, d, e);
216 ROUND_00_15(X[4], 4, e, f, g, h, a, b, c, d);
217 ROUND_00_15(X[5], 5, d, e, f, g, h, a, b, c);
218 ROUND_00_15(X[6], 6, c, d, e, f, g, h, a, b);
219 ROUND_00_15(X[7], 7, b, c, d, e, f, g, h, a);
220
221 ROUND_00_15(X[8], 8, a, b, c, d, e, f, g, h);
222 ROUND_00_15(X[9], 9, h, a, b, c, d, e, f, g);
223 ROUND_00_15(X[10], 10, g, h, a, b, c, d, e, f);
224 ROUND_00_15(X[11], 11, f, g, h, a, b, c, d, e);
225 ROUND_00_15(X[12], 12, e, f, g, h, a, b, c, d);
226 ROUND_00_15(X[13], 13, d, e, f, g, h, a, b, c);
227 ROUND_00_15(X[14], 14, c, d, e, f, g, h, a, b);
228 ROUND_00_15(X[15], 15, b, c, d, e, f, g, h, a);
229
244 for (i = 16; i < 64; i += 8) { 230 for (i = 16; i < 64; i += 8) {
245 ROUND_16_63(i + 0, a, b, c, d, e, f, g, h, X); 231 ROUND_16_63(i + 0, a, b, c, d, e, f, g, h, X);
246 ROUND_16_63(i + 1, h, a, b, c, d, e, f, g, X); 232 ROUND_16_63(i + 1, h, a, b, c, d, e, f, g, X);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-11-12 03:31:04 +0000