summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/sha/sha512.c
diff options
context:
space:
mode:
authorjsing <>2023-03-26 16:40:07 +0000
committerjsing <>2023-03-26 16:40:07 +0000
commitdd18b449a3319354b78eca80ca0110b74cad6ede (patch)
tree5916d5c58a22035a582cd5fc06980797fadf530a /src/lib/libcrypto/sha/sha512.c
parent554631fc725f289c8c65c4b7ee7ddcf395a4906c (diff)
downloadopenbsd-dd18b449a3319354b78eca80ca0110b74cad6ede.tar.gz
openbsd-dd18b449a3319354b78eca80ca0110b74cad6ede.tar.bz2
openbsd-dd18b449a3319354b78eca80ca0110b74cad6ede.zip
Whack sha with a style(9) stick.
No change in generated assembly.
Diffstat (limited to 'src/lib/libcrypto/sha/sha512.c')
-rw-r--r--src/lib/libcrypto/sha/sha512.c748
1 files changed, 422 insertions, 326 deletions
diff --git a/src/lib/libcrypto/sha/sha512.c b/src/lib/libcrypto/sha/sha512.c
index 56a207f7d0..7c76c42b5b 100644
--- a/src/lib/libcrypto/sha/sha512.c
+++ b/src/lib/libcrypto/sha/sha512.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sha512.c,v 1.16 2021/11/09 18:40:21 bcook Exp $ */ 1/* $OpenBSD: sha512.c,v 1.17 2023/03/26 16:40:07 jsing Exp $ */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 2004 The OpenSSL Project. All rights reserved 3 * Copyright (c) 2004 The OpenSSL Project. All rights reserved
4 * according to the OpenSSL license [found in ../../LICENSE]. 4 * according to the OpenSSL license [found in ../../LICENSE].
@@ -56,256 +56,276 @@
56#define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA 56#define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA
57#endif 57#endif
58 58
59int SHA384_Init(SHA512_CTX *c) 59int
60 { 60SHA384_Init(SHA512_CTX *c)
61 c->h[0]=U64(0xcbbb9d5dc1059ed8); 61{
62 c->h[1]=U64(0x629a292a367cd507); 62 c->h[0] = U64(0xcbbb9d5dc1059ed8);
63 c->h[2]=U64(0x9159015a3070dd17); 63 c->h[1] = U64(0x629a292a367cd507);
64 c->h[3]=U64(0x152fecd8f70e5939); 64 c->h[2] = U64(0x9159015a3070dd17);
65 c->h[4]=U64(0x67332667ffc00b31); 65 c->h[3] = U64(0x152fecd8f70e5939);
66 c->h[5]=U64(0x8eb44a8768581511); 66 c->h[4] = U64(0x67332667ffc00b31);
67 c->h[6]=U64(0xdb0c2e0d64f98fa7); 67 c->h[5] = U64(0x8eb44a8768581511);
68 c->h[7]=U64(0x47b5481dbefa4fa4); 68 c->h[6] = U64(0xdb0c2e0d64f98fa7);
69 69 c->h[7] = U64(0x47b5481dbefa4fa4);
70 c->Nl=0; c->Nh=0; 70
71 c->num=0; c->md_len=SHA384_DIGEST_LENGTH; 71 c->Nl = 0;
72 return 1; 72 c->Nh = 0;
73 } 73 c->num = 0;
74 74 c->md_len = SHA384_DIGEST_LENGTH;
75int SHA512_Init(SHA512_CTX *c) 75 return 1;
76 { 76}
77 c->h[0]=U64(0x6a09e667f3bcc908); 77
78 c->h[1]=U64(0xbb67ae8584caa73b); 78int
79 c->h[2]=U64(0x3c6ef372fe94f82b); 79SHA512_Init(SHA512_CTX *c)
80 c->h[3]=U64(0xa54ff53a5f1d36f1); 80{
81 c->h[4]=U64(0x510e527fade682d1); 81 c->h[0] = U64(0x6a09e667f3bcc908);
82 c->h[5]=U64(0x9b05688c2b3e6c1f); 82 c->h[1] = U64(0xbb67ae8584caa73b);
83 c->h[6]=U64(0x1f83d9abfb41bd6b); 83 c->h[2] = U64(0x3c6ef372fe94f82b);
84 c->h[7]=U64(0x5be0cd19137e2179); 84 c->h[3] = U64(0xa54ff53a5f1d36f1);
85 85 c->h[4] = U64(0x510e527fade682d1);
86 c->Nl=0; c->Nh=0; 86 c->h[5] = U64(0x9b05688c2b3e6c1f);
87 c->num=0; c->md_len=SHA512_DIGEST_LENGTH; 87 c->h[6] = U64(0x1f83d9abfb41bd6b);
88 return 1; 88 c->h[7] = U64(0x5be0cd19137e2179);
89 } 89
90 c->Nl = 0;
91 c->Nh = 0;
92 c->num = 0;
93 c->md_len = SHA512_DIGEST_LENGTH;
94 return 1;
95}
90 96
91#ifndef SHA512_ASM 97#ifndef SHA512_ASM
92static 98static
93#endif 99#endif
94void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num); 100void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num);
95 101
96int SHA512_Final (unsigned char *md, SHA512_CTX *c) 102int
97 { 103SHA512_Final(unsigned char *md, SHA512_CTX *c)
98 unsigned char *p=(unsigned char *)c->u.p; 104{
99 size_t n=c->num; 105 unsigned char *p = (unsigned char *)c->u.p;
106 size_t n = c->num;
100 107
101 p[n]=0x80; /* There always is a room for one */ 108 p[n]=0x80; /* There always is a room for one */
102 n++; 109 n++;
103 if (n > (sizeof(c->u)-16)) 110 if (n > (sizeof(c->u) - 16))
104 memset (p+n,0,sizeof(c->u)-n), n=0, 111 memset (p + n, 0, sizeof(c->u) - n), n = 0,
105 sha512_block_data_order (c,p,1); 112 sha512_block_data_order (c, p, 1);
106 113
107 memset (p+n,0,sizeof(c->u)-16-n); 114 memset (p + n, 0, sizeof(c->u) - 16 - n);
108#if BYTE_ORDER == BIG_ENDIAN 115#if BYTE_ORDER == BIG_ENDIAN
109 c->u.d[SHA_LBLOCK-2] = c->Nh; 116 c->u.d[SHA_LBLOCK - 2] = c->Nh;
110 c->u.d[SHA_LBLOCK-1] = c->Nl; 117 c->u.d[SHA_LBLOCK - 1] = c->Nl;
111#else 118#else
112 p[sizeof(c->u)-1] = (unsigned char)(c->Nl); 119 p[sizeof(c->u) - 1] = (unsigned char)(c->Nl);
113 p[sizeof(c->u)-2] = (unsigned char)(c->Nl>>8); 120 p[sizeof(c->u) - 2] = (unsigned char)(c->Nl >> 8);
114 p[sizeof(c->u)-3] = (unsigned char)(c->Nl>>16); 121 p[sizeof(c->u) - 3] = (unsigned char)(c->Nl >> 16);
115 p[sizeof(c->u)-4] = (unsigned char)(c->Nl>>24); 122 p[sizeof(c->u) - 4] = (unsigned char)(c->Nl >> 24);
116 p[sizeof(c->u)-5] = (unsigned char)(c->Nl>>32); 123 p[sizeof(c->u) - 5] = (unsigned char)(c->Nl >> 32);
117 p[sizeof(c->u)-6] = (unsigned char)(c->Nl>>40); 124 p[sizeof(c->u) - 6] = (unsigned char)(c->Nl >> 40);
118 p[sizeof(c->u)-7] = (unsigned char)(c->Nl>>48); 125 p[sizeof(c->u) - 7] = (unsigned char)(c->Nl >> 48);
119 p[sizeof(c->u)-8] = (unsigned char)(c->Nl>>56); 126 p[sizeof(c->u) - 8] = (unsigned char)(c->Nl >> 56);
120 p[sizeof(c->u)-9] = (unsigned char)(c->Nh); 127 p[sizeof(c->u) - 9] = (unsigned char)(c->Nh);
121 p[sizeof(c->u)-10] = (unsigned char)(c->Nh>>8); 128 p[sizeof(c->u) - 10] = (unsigned char)(c->Nh >> 8);
122 p[sizeof(c->u)-11] = (unsigned char)(c->Nh>>16); 129 p[sizeof(c->u) - 11] = (unsigned char)(c->Nh >> 16);
123 p[sizeof(c->u)-12] = (unsigned char)(c->Nh>>24); 130 p[sizeof(c->u) - 12] = (unsigned char)(c->Nh >> 24);
124 p[sizeof(c->u)-13] = (unsigned char)(c->Nh>>32); 131 p[sizeof(c->u) - 13] = (unsigned char)(c->Nh >> 32);
125 p[sizeof(c->u)-14] = (unsigned char)(c->Nh>>40); 132 p[sizeof(c->u) - 14] = (unsigned char)(c->Nh >> 40);
126 p[sizeof(c->u)-15] = (unsigned char)(c->Nh>>48); 133 p[sizeof(c->u) - 15] = (unsigned char)(c->Nh >> 48);
127 p[sizeof(c->u)-16] = (unsigned char)(c->Nh>>56); 134 p[sizeof(c->u) - 16] = (unsigned char)(c->Nh >> 56);
128#endif 135#endif
129 136
130 sha512_block_data_order (c,p,1); 137 sha512_block_data_order (c, p, 1);
131 138
132 if (md==0) return 0; 139 if (md == 0)
140 return 0;
133 141
134 switch (c->md_len) 142 switch (c->md_len) {
135 {
136 /* Let compiler decide if it's appropriate to unroll... */ 143 /* Let compiler decide if it's appropriate to unroll... */
137 case SHA384_DIGEST_LENGTH: 144 case SHA384_DIGEST_LENGTH:
138 for (n=0;n<SHA384_DIGEST_LENGTH/8;n++) 145 for (n = 0; n < SHA384_DIGEST_LENGTH/8; n++) {
139 { 146 SHA_LONG64 t = c->h[n];
140 SHA_LONG64 t = c->h[n]; 147
141 148 *(md++) = (unsigned char)(t >> 56);
142 *(md++) = (unsigned char)(t>>56); 149 *(md++) = (unsigned char)(t >> 48);
143 *(md++) = (unsigned char)(t>>48); 150 *(md++) = (unsigned char)(t >> 40);
144 *(md++) = (unsigned char)(t>>40); 151 *(md++) = (unsigned char)(t >> 32);
145 *(md++) = (unsigned char)(t>>32); 152 *(md++) = (unsigned char)(t >> 24);
146 *(md++) = (unsigned char)(t>>24); 153 *(md++) = (unsigned char)(t >> 16);
147 *(md++) = (unsigned char)(t>>16); 154 *(md++) = (unsigned char)(t >> 8);
148 *(md++) = (unsigned char)(t>>8); 155 *(md++) = (unsigned char)(t);
149 *(md++) = (unsigned char)(t); 156 }
150 } 157 break;
151 break; 158 case SHA512_DIGEST_LENGTH:
152 case SHA512_DIGEST_LENGTH: 159 for (n = 0; n < SHA512_DIGEST_LENGTH/8; n++) {
153 for (n=0;n<SHA512_DIGEST_LENGTH/8;n++) 160 SHA_LONG64 t = c->h[n];
154 { 161
155 SHA_LONG64 t = c->h[n]; 162 *(md++) = (unsigned char)(t >> 56);
156 163 *(md++) = (unsigned char)(t >> 48);
157 *(md++) = (unsigned char)(t>>56); 164 *(md++) = (unsigned char)(t >> 40);
158 *(md++) = (unsigned char)(t>>48); 165 *(md++) = (unsigned char)(t >> 32);
159 *(md++) = (unsigned char)(t>>40); 166 *(md++) = (unsigned char)(t >> 24);
160 *(md++) = (unsigned char)(t>>32); 167 *(md++) = (unsigned char)(t >> 16);
161 *(md++) = (unsigned char)(t>>24); 168 *(md++) = (unsigned char)(t >> 8);
162 *(md++) = (unsigned char)(t>>16); 169 *(md++) = (unsigned char)(t);
163 *(md++) = (unsigned char)(t>>8);
164 *(md++) = (unsigned char)(t);
165 }
166 break;
167 /* ... as well as make sure md_len is not abused. */
168 default: return 0;
169 } 170 }
171 break;
172 /* ... as well as make sure md_len is not abused. */
173 default:
174 return 0;
175 }
170 176
171 return 1; 177 return 1;
172 } 178}
173 179
174int SHA384_Final (unsigned char *md,SHA512_CTX *c) 180int
175{ return SHA512_Final (md,c); } 181SHA384_Final(unsigned char *md, SHA512_CTX *c)
182{
183 return SHA512_Final(md, c);
184}
176 185
177int SHA512_Update (SHA512_CTX *c, const void *_data, size_t len) 186int
178 { 187SHA512_Update(SHA512_CTX *c, const void *_data, size_t len)
188{
179 SHA_LONG64 l; 189 SHA_LONG64 l;
180 unsigned char *p=c->u.p; 190 unsigned char *p = c->u.p;
181 const unsigned char *data=(const unsigned char *)_data; 191 const unsigned char *data = (const unsigned char *)_data;
182 192
183 if (len==0) return 1; 193 if (len == 0)
194 return 1;
184 195
185 l = (c->Nl+(((SHA_LONG64)len)<<3))&U64(0xffffffffffffffff); 196 l = (c->Nl + (((SHA_LONG64)len) << 3))&U64(0xffffffffffffffff);
186 if (l < c->Nl) c->Nh++; 197 if (l < c->Nl)
187 if (sizeof(len)>=8) c->Nh+=(((SHA_LONG64)len)>>61); 198 c->Nh++;
188 c->Nl=l; 199 if (sizeof(len) >= 8)
200 c->Nh += (((SHA_LONG64)len) >> 61);
201 c->Nl = l;
189 202
190 if (c->num != 0) 203 if (c->num != 0) {
191 {
192 size_t n = sizeof(c->u) - c->num; 204 size_t n = sizeof(c->u) - c->num;
193 205
194 if (len < n) 206 if (len < n) {
195 { 207 memcpy (p + c->num, data, len), c->num += (unsigned int)len;
196 memcpy (p+c->num,data,len), c->num += (unsigned int)len;
197 return 1; 208 return 1;
198 } 209 }
199 else { 210 else {
200 memcpy (p+c->num,data,n), c->num = 0; 211 memcpy (p + c->num, data, n), c->num = 0;
201 len-=n, data+=n; 212 len -= n, data += n;
202 sha512_block_data_order (c,p,1); 213 sha512_block_data_order (c, p, 1);
203 }
204 } 214 }
215 }
205 216
206 if (len >= sizeof(c->u)) 217 if (len >= sizeof(c->u)) {
207 {
208#ifndef SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA 218#ifndef SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA
209 if ((size_t)data%sizeof(c->u.d[0]) != 0) 219 if ((size_t)data % sizeof(c->u.d[0]) != 0)
210 while (len >= sizeof(c->u)) 220 while (len >= sizeof(c->u))
211 memcpy (p,data,sizeof(c->u)), 221 memcpy (p, data, sizeof(c->u)),
212 sha512_block_data_order (c,p,1), 222 sha512_block_data_order (c, p, 1),
213 len -= sizeof(c->u), 223 len -= sizeof(c->u),
214 data += sizeof(c->u); 224 data += sizeof(c->u);
215 else 225 else
216#endif 226#endif
217 sha512_block_data_order (c,data,len/sizeof(c->u)), 227 sha512_block_data_order (c, data, len/sizeof(c->u)),
218 data += len, 228 data += len,
219 len %= sizeof(c->u), 229 len %= sizeof(c->u),
220 data -= len; 230 data -= len;
221 } 231 }
222 232
223 if (len != 0) memcpy (p,data,len), c->num = (int)len; 233 if (len != 0)
234 memcpy (p, data, len), c->num = (int)len;
224 235
225 return 1; 236 return 1;
226 } 237}
227 238
228int SHA384_Update (SHA512_CTX *c, const void *data, size_t len) 239int
229{ return SHA512_Update (c,data,len); } 240SHA384_Update(SHA512_CTX *c, const void *data, size_t len)
241{
242 return SHA512_Update (c, data, len);
243}
230 244
231void SHA512_Transform (SHA512_CTX *c, const unsigned char *data) 245void
232 { 246SHA512_Transform(SHA512_CTX *c, const unsigned char *data)
247{
233#ifndef SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA 248#ifndef SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA
234 if ((size_t)data%sizeof(c->u.d[0]) != 0) 249 if ((size_t)data % sizeof(c->u.d[0]) != 0)
235 memcpy(c->u.p,data,sizeof(c->u.p)), 250 memcpy(c->u.p, data, sizeof(c->u.p)),
236 data = c->u.p; 251 data = c->u.p;
237#endif 252#endif
238 sha512_block_data_order (c,data,1); 253 sha512_block_data_order (c, data, 1);
239 } 254}
240 255
241unsigned char *SHA384(const unsigned char *d, size_t n, unsigned char *md) 256unsigned char *
242 { 257SHA384(const unsigned char *d, size_t n, unsigned char *md)
258{
243 SHA512_CTX c; 259 SHA512_CTX c;
244 static unsigned char m[SHA384_DIGEST_LENGTH]; 260 static unsigned char m[SHA384_DIGEST_LENGTH];
245 261
246 if (md == NULL) md=m; 262 if (md == NULL)
263 md = m;
247 SHA384_Init(&c); 264 SHA384_Init(&c);
248 SHA512_Update(&c,d,n); 265 SHA512_Update(&c, d, n);
249 SHA512_Final(md,&c); 266 SHA512_Final(md, &c);
250 explicit_bzero(&c,sizeof(c)); 267 explicit_bzero(&c, sizeof(c));
251 return(md); 268 return (md);
252 } 269}
253 270
254unsigned char *SHA512(const unsigned char *d, size_t n, unsigned char *md) 271unsigned char *
255 { 272SHA512(const unsigned char *d, size_t n, unsigned char *md)
273{
256 SHA512_CTX c; 274 SHA512_CTX c;
257 static unsigned char m[SHA512_DIGEST_LENGTH]; 275 static unsigned char m[SHA512_DIGEST_LENGTH];
258 276
259 if (md == NULL) md=m; 277 if (md == NULL)
278 md = m;
260 SHA512_Init(&c); 279 SHA512_Init(&c);
261 SHA512_Update(&c,d,n); 280 SHA512_Update(&c, d, n);
262 SHA512_Final(md,&c); 281 SHA512_Final(md, &c);
263 explicit_bzero(&c,sizeof(c)); 282 explicit_bzero(&c, sizeof(c));
264 return(md); 283 return (md);
265 } 284}
266 285
267#ifndef SHA512_ASM 286#ifndef SHA512_ASM
268static const SHA_LONG64 K512[80] = { 287static const SHA_LONG64 K512[80] = {
269 U64(0x428a2f98d728ae22),U64(0x7137449123ef65cd), 288 U64(0x428a2f98d728ae22), U64(0x7137449123ef65cd),
270 U64(0xb5c0fbcfec4d3b2f),U64(0xe9b5dba58189dbbc), 289 U64(0xb5c0fbcfec4d3b2f), U64(0xe9b5dba58189dbbc),
271 U64(0x3956c25bf348b538),U64(0x59f111f1b605d019), 290 U64(0x3956c25bf348b538), U64(0x59f111f1b605d019),
272 U64(0x923f82a4af194f9b),U64(0xab1c5ed5da6d8118), 291 U64(0x923f82a4af194f9b), U64(0xab1c5ed5da6d8118),
273 U64(0xd807aa98a3030242),U64(0x12835b0145706fbe), 292 U64(0xd807aa98a3030242), U64(0x12835b0145706fbe),
274 U64(0x243185be4ee4b28c),U64(0x550c7dc3d5ffb4e2), 293 U64(0x243185be4ee4b28c), U64(0x550c7dc3d5ffb4e2),
275 U64(0x72be5d74f27b896f),U64(0x80deb1fe3b1696b1), 294 U64(0x72be5d74f27b896f), U64(0x80deb1fe3b1696b1),
276 U64(0x9bdc06a725c71235),U64(0xc19bf174cf692694), 295 U64(0x9bdc06a725c71235), U64(0xc19bf174cf692694),
277 U64(0xe49b69c19ef14ad2),U64(0xefbe4786384f25e3), 296 U64(0xe49b69c19ef14ad2), U64(0xefbe4786384f25e3),
278 U64(0x0fc19dc68b8cd5b5),U64(0x240ca1cc77ac9c65), 297 U64(0x0fc19dc68b8cd5b5), U64(0x240ca1cc77ac9c65),
279 U64(0x2de92c6f592b0275),U64(0x4a7484aa6ea6e483), 298 U64(0x2de92c6f592b0275), U64(0x4a7484aa6ea6e483),
280 U64(0x5cb0a9dcbd41fbd4),U64(0x76f988da831153b5), 299 U64(0x5cb0a9dcbd41fbd4), U64(0x76f988da831153b5),
281 U64(0x983e5152ee66dfab),U64(0xa831c66d2db43210), 300 U64(0x983e5152ee66dfab), U64(0xa831c66d2db43210),
282 U64(0xb00327c898fb213f),U64(0xbf597fc7beef0ee4), 301 U64(0xb00327c898fb213f), U64(0xbf597fc7beef0ee4),
283 U64(0xc6e00bf33da88fc2),U64(0xd5a79147930aa725), 302 U64(0xc6e00bf33da88fc2), U64(0xd5a79147930aa725),
284 U64(0x06ca6351e003826f),U64(0x142929670a0e6e70), 303 U64(0x06ca6351e003826f), U64(0x142929670a0e6e70),
285 U64(0x27b70a8546d22ffc),U64(0x2e1b21385c26c926), 304 U64(0x27b70a8546d22ffc), U64(0x2e1b21385c26c926),
286 U64(0x4d2c6dfc5ac42aed),U64(0x53380d139d95b3df), 305 U64(0x4d2c6dfc5ac42aed), U64(0x53380d139d95b3df),
287 U64(0x650a73548baf63de),U64(0x766a0abb3c77b2a8), 306 U64(0x650a73548baf63de), U64(0x766a0abb3c77b2a8),
288 U64(0x81c2c92e47edaee6),U64(0x92722c851482353b), 307 U64(0x81c2c92e47edaee6), U64(0x92722c851482353b),
289 U64(0xa2bfe8a14cf10364),U64(0xa81a664bbc423001), 308 U64(0xa2bfe8a14cf10364), U64(0xa81a664bbc423001),
290 U64(0xc24b8b70d0f89791),U64(0xc76c51a30654be30), 309 U64(0xc24b8b70d0f89791), U64(0xc76c51a30654be30),
291 U64(0xd192e819d6ef5218),U64(0xd69906245565a910), 310 U64(0xd192e819d6ef5218), U64(0xd69906245565a910),
292 U64(0xf40e35855771202a),U64(0x106aa07032bbd1b8), 311 U64(0xf40e35855771202a), U64(0x106aa07032bbd1b8),
293 U64(0x19a4c116b8d2d0c8),U64(0x1e376c085141ab53), 312 U64(0x19a4c116b8d2d0c8), U64(0x1e376c085141ab53),
294 U64(0x2748774cdf8eeb99),U64(0x34b0bcb5e19b48a8), 313 U64(0x2748774cdf8eeb99), U64(0x34b0bcb5e19b48a8),
295 U64(0x391c0cb3c5c95a63),U64(0x4ed8aa4ae3418acb), 314 U64(0x391c0cb3c5c95a63), U64(0x4ed8aa4ae3418acb),
296 U64(0x5b9cca4f7763e373),U64(0x682e6ff3d6b2b8a3), 315 U64(0x5b9cca4f7763e373), U64(0x682e6ff3d6b2b8a3),
297 U64(0x748f82ee5defb2fc),U64(0x78a5636f43172f60), 316 U64(0x748f82ee5defb2fc), U64(0x78a5636f43172f60),
298 U64(0x84c87814a1f0ab72),U64(0x8cc702081a6439ec), 317 U64(0x84c87814a1f0ab72), U64(0x8cc702081a6439ec),
299 U64(0x90befffa23631e28),U64(0xa4506cebde82bde9), 318 U64(0x90befffa23631e28), U64(0xa4506cebde82bde9),
300 U64(0xbef9a3f7b2c67915),U64(0xc67178f2e372532b), 319 U64(0xbef9a3f7b2c67915), U64(0xc67178f2e372532b),
301 U64(0xca273eceea26619c),U64(0xd186b8c721c0c207), 320 U64(0xca273eceea26619c), U64(0xd186b8c721c0c207),
302 U64(0xeada7dd6cde0eb1e),U64(0xf57d4f7fee6ed178), 321 U64(0xeada7dd6cde0eb1e), U64(0xf57d4f7fee6ed178),
303 U64(0x06f067aa72176fba),U64(0x0a637dc5a2c898a6), 322 U64(0x06f067aa72176fba), U64(0x0a637dc5a2c898a6),
304 U64(0x113f9804bef90dae),U64(0x1b710b35131c471b), 323 U64(0x113f9804bef90dae), U64(0x1b710b35131c471b),
305 U64(0x28db77f523047d84),U64(0x32caab7b40c72493), 324 U64(0x28db77f523047d84), U64(0x32caab7b40c72493),
306 U64(0x3c9ebe0a15c9bebc),U64(0x431d67c49c100d4c), 325 U64(0x3c9ebe0a15c9bebc), U64(0x431d67c49c100d4c),
307 U64(0x4cc5d4becb3e42b6),U64(0x597f299cfc657e2a), 326 U64(0x4cc5d4becb3e42b6), U64(0x597f299cfc657e2a),
308 U64(0x5fcb6fab3ad6faec),U64(0x6c44198c4a475817) }; 327 U64(0x5fcb6fab3ad6faec), U64(0x6c44198c4a475817),
328};
309 329
310#if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) 330#if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
311# if defined(__x86_64) || defined(__x86_64__) 331# if defined(__x86_64) || defined(__x86_64__)
@@ -356,100 +376,132 @@ static const SHA_LONG64 K512[80] = {
356 * This code should give better results on 32-bit CPU with less than 376 * This code should give better results on 32-bit CPU with less than
357 * ~24 registers, both size and performance wise... 377 * ~24 registers, both size and performance wise...
358 */ 378 */
359static void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num) 379static void
360 { 380sha512_block_data_order(SHA512_CTX *ctx, const void *in, size_t num)
361 const SHA_LONG64 *W=in; 381{
362 SHA_LONG64 A,E,T; 382 const SHA_LONG64 *W = in;
363 SHA_LONG64 X[9+80],*F; 383 SHA_LONG64 A, E, T;
384 SHA_LONG64 X[9 + 80], *F;
364 int i; 385 int i;
365 386
366 while (num--) { 387 while (num--) {
367 388
368 F = X+80; 389 F = X + 80;
369 A = ctx->h[0]; F[1] = ctx->h[1]; 390 A = ctx->h[0];
370 F[2] = ctx->h[2]; F[3] = ctx->h[3]; 391 F[1] = ctx->h[1];
371 E = ctx->h[4]; F[5] = ctx->h[5]; 392 F[2] = ctx->h[2];
372 F[6] = ctx->h[6]; F[7] = ctx->h[7]; 393 F[3] = ctx->h[3];
373 394 E = ctx->h[4];
374 for (i=0;i<16;i++,F--) 395 F[5] = ctx->h[5];
375 { 396 F[6] = ctx->h[6];
376 T = PULL64(W[i]); 397 F[7] = ctx->h[7];
377 F[0] = A; 398
378 F[4] = E; 399 for (i = 0; i < 16; i++, F--) {
379 F[8] = T; 400 T = PULL64(W[i]);
380 T += F[7] + Sigma1(E) + Ch(E,F[5],F[6]) + K512[i]; 401 F[0] = A;
381 E = F[3] + T; 402 F[4] = E;
382 A = T + Sigma0(A) + Maj(A,F[1],F[2]); 403 F[8] = T;
404 T += F[7] + Sigma1(E) + Ch(E, F[5], F[6]) + K512[i];
405 E = F[3] + T;
406 A = T + Sigma0(A) + Maj(A, F[1], F[2]);
383 } 407 }
384 408
385 for (;i<80;i++,F--) 409 for (; i < 80; i++, F--) {
386 { 410 T = sigma0(F[8 + 16 - 1]);
387 T = sigma0(F[8+16-1]); 411 T += sigma1(F[8 + 16 - 14]);
388 T += sigma1(F[8+16-14]); 412 T += F[8 + 16] + F[8 + 16 - 9];
389 T += F[8+16] + F[8+16-9]; 413
390 414 F[0] = A;
391 F[0] = A; 415 F[4] = E;
392 F[4] = E; 416 F[8] = T;
393 F[8] = T; 417 T += F[7] + Sigma1(E) + Ch(E, F[5], F[6]) + K512[i];
394 T += F[7] + Sigma1(E) + Ch(E,F[5],F[6]) + K512[i]; 418 E = F[3] + T;
395 E = F[3] + T; 419 A = T + Sigma0(A) + Maj(A, F[1], F[2]);
396 A = T + Sigma0(A) + Maj(A,F[1],F[2]);
397 } 420 }
398 421
399 ctx->h[0] += A; ctx->h[1] += F[1]; 422 ctx->h[0] += A;
400 ctx->h[2] += F[2]; ctx->h[3] += F[3]; 423 ctx->h[1] += F[1];
401 ctx->h[4] += E; ctx->h[5] += F[5]; 424 ctx->h[2] += F[2];
402 ctx->h[6] += F[6]; ctx->h[7] += F[7]; 425 ctx->h[3] += F[3];
426 ctx->h[4] += E;
427 ctx->h[5] += F[5];
428 ctx->h[6] += F[6];
429 ctx->h[7] += F[7];
403 430
404 W+=SHA_LBLOCK; 431 W += SHA_LBLOCK;
405 }
406 } 432 }
433}
407 434
408#elif defined(OPENSSL_SMALL_FOOTPRINT) 435#elif defined(OPENSSL_SMALL_FOOTPRINT)
409 436
410static void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num) 437static void
411 { 438sha512_block_data_order(SHA512_CTX *ctx, const void *in, size_t num)
412 const SHA_LONG64 *W=in; 439{
413 SHA_LONG64 a,b,c,d,e,f,g,h,s0,s1,T1,T2; 440 const SHA_LONG64 *W = in;
441 SHA_LONG64 a, b,c, d,e, f,g, h,s0, s1, T1, T2;
414 SHA_LONG64 X[16]; 442 SHA_LONG64 X[16];
415 int i; 443 int i;
416 444
417 while (num--) { 445 while (num--) {
418 446
419 a = ctx->h[0]; b = ctx->h[1]; c = ctx->h[2]; d = ctx->h[3]; 447 a = ctx->h[0];
420 e = ctx->h[4]; f = ctx->h[5]; g = ctx->h[6]; h = ctx->h[7]; 448 b = ctx->h[1];
449 c = ctx->h[2];
450 d = ctx->h[3];
451 e = ctx->h[4];
452 f = ctx->h[5];
453 g = ctx->h[6];
454 h = ctx->h[7];
421 455
422 for (i=0;i<16;i++) 456 for (i = 0; i < 16; i++) {
423 {
424#if BYTE_ORDER == BIG_ENDIAN 457#if BYTE_ORDER == BIG_ENDIAN
425 T1 = X[i] = W[i]; 458 T1 = X[i] = W[i];
426#else 459#else
427 T1 = X[i] = PULL64(W[i]); 460 T1 = X[i] = PULL64(W[i]);
428#endif 461#endif
429 T1 += h + Sigma1(e) + Ch(e,f,g) + K512[i]; 462 T1 += h + Sigma1(e) + Ch(e, f, g) + K512[i];
430 T2 = Sigma0(a) + Maj(a,b,c); 463 T2 = Sigma0(a) + Maj(a, b, c);
431 h = g; g = f; f = e; e = d + T1; 464 h = g;
432 d = c; c = b; b = a; a = T1 + T2; 465 g = f;
466 f = e;
467 e = d + T1;
468 d = c;
469 c = b;
470 b = a;
471 a = T1 + T2;
433 } 472 }
434 473
435 for (;i<80;i++) 474 for (; i < 80; i++) {
436 { 475 s0 = X[(i + 1)&0x0f];
437 s0 = X[(i+1)&0x0f]; s0 = sigma0(s0); 476 s0 = sigma0(s0);
438 s1 = X[(i+14)&0x0f]; s1 = sigma1(s1); 477 s1 = X[(i + 14)&0x0f];
439 478 s1 = sigma1(s1);
440 T1 = X[i&0xf] += s0 + s1 + X[(i+9)&0xf]; 479
441 T1 += h + Sigma1(e) + Ch(e,f,g) + K512[i]; 480 T1 = X[i&0xf] += s0 + s1 + X[(i + 9)&0xf];
442 T2 = Sigma0(a) + Maj(a,b,c); 481 T1 += h + Sigma1(e) + Ch(e, f, g) + K512[i];
443 h = g; g = f; f = e; e = d + T1; 482 T2 = Sigma0(a) + Maj(a, b, c);
444 d = c; c = b; b = a; a = T1 + T2; 483 h = g;
484 g = f;
485 f = e;
486 e = d + T1;
487 d = c;
488 c = b;
489 b = a;
490 a = T1 + T2;
445 } 491 }
446 492
447 ctx->h[0] += a; ctx->h[1] += b; ctx->h[2] += c; ctx->h[3] += d; 493 ctx->h[0] += a;
448 ctx->h[4] += e; ctx->h[5] += f; ctx->h[6] += g; ctx->h[7] += h; 494 ctx->h[1] += b;
495 ctx->h[2] += c;
496 ctx->h[3] += d;
497 ctx->h[4] += e;
498 ctx->h[5] += f;
499 ctx->h[6] += g;
500 ctx->h[7] += h;
449 501
450 W+=SHA_LBLOCK; 502 W += SHA_LBLOCK;
451 }
452 } 503 }
504}
453 505
454#else 506#else
455 507
@@ -464,80 +516,124 @@ static void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num
464 T1 = X[(j)&0x0f] += s0 + s1 + X[(j+9)&0x0f]; \ 516 T1 = X[(j)&0x0f] += s0 + s1 + X[(j+9)&0x0f]; \
465 ROUND_00_15(i+j,a,b,c,d,e,f,g,h); } while (0) 517 ROUND_00_15(i+j,a,b,c,d,e,f,g,h); } while (0)
466 518
467static void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num) 519static void
468 { 520sha512_block_data_order(SHA512_CTX *ctx, const void *in, size_t num)
469 const SHA_LONG64 *W=in; 521{
470 SHA_LONG64 a,b,c,d,e,f,g,h,s0,s1,T1; 522 const SHA_LONG64 *W = in;
523 SHA_LONG64 a, b,c, d,e, f,g, h,s0, s1, T1;
471 SHA_LONG64 X[16]; 524 SHA_LONG64 X[16];
472 int i; 525 int i;
473 526
474 while (num--) { 527 while (num--) {
475 528
476 a = ctx->h[0]; b = ctx->h[1]; c = ctx->h[2]; d = ctx->h[3]; 529 a = ctx->h[0];
477 e = ctx->h[4]; f = ctx->h[5]; g = ctx->h[6]; h = ctx->h[7]; 530 b = ctx->h[1];
531 c = ctx->h[2];
532 d = ctx->h[3];
533 e = ctx->h[4];
534 f = ctx->h[5];
535 g = ctx->h[6];
536 h = ctx->h[7];
478 537
479#if BYTE_ORDER == BIG_ENDIAN 538#if BYTE_ORDER == BIG_ENDIAN
480 T1 = X[0] = W[0]; ROUND_00_15(0,a,b,c,d,e,f,g,h); 539 T1 = X[0] = W[0];
481 T1 = X[1] = W[1]; ROUND_00_15(1,h,a,b,c,d,e,f,g); 540 ROUND_00_15(0, a,b, c,d, e,f, g, h);
482 T1 = X[2] = W[2]; ROUND_00_15(2,g,h,a,b,c,d,e,f); 541 T1 = X[1] = W[1];
483 T1 = X[3] = W[3]; ROUND_00_15(3,f,g,h,a,b,c,d,e); 542 ROUND_00_15(1, h,a, b,c, d,e, f, g);
484 T1 = X[4] = W[4]; ROUND_00_15(4,e,f,g,h,a,b,c,d); 543 T1 = X[2] = W[2];
485 T1 = X[5] = W[5]; ROUND_00_15(5,d,e,f,g,h,a,b,c); 544 ROUND_00_15(2, g,h, a,b, c,d, e, f);
486 T1 = X[6] = W[6]; ROUND_00_15(6,c,d,e,f,g,h,a,b); 545 T1 = X[3] = W[3];
487 T1 = X[7] = W[7]; ROUND_00_15(7,b,c,d,e,f,g,h,a); 546 ROUND_00_15(3, f,g, h,a, b,c, d, e);
488 T1 = X[8] = W[8]; ROUND_00_15(8,a,b,c,d,e,f,g,h); 547 T1 = X[4] = W[4];
489 T1 = X[9] = W[9]; ROUND_00_15(9,h,a,b,c,d,e,f,g); 548 ROUND_00_15(4, e,f, g,h, a,b, c, d);
490 T1 = X[10] = W[10]; ROUND_00_15(10,g,h,a,b,c,d,e,f); 549 T1 = X[5] = W[5];
491 T1 = X[11] = W[11]; ROUND_00_15(11,f,g,h,a,b,c,d,e); 550 ROUND_00_15(5, d,e, f,g, h,a, b, c);
492 T1 = X[12] = W[12]; ROUND_00_15(12,e,f,g,h,a,b,c,d); 551 T1 = X[6] = W[6];
493 T1 = X[13] = W[13]; ROUND_00_15(13,d,e,f,g,h,a,b,c); 552 ROUND_00_15(6, c,d, e,f, g,h, a, b);
494 T1 = X[14] = W[14]; ROUND_00_15(14,c,d,e,f,g,h,a,b); 553 T1 = X[7] = W[7];
495 T1 = X[15] = W[15]; ROUND_00_15(15,b,c,d,e,f,g,h,a); 554 ROUND_00_15(7, b,c, d,e, f,g, h, a);
555 T1 = X[8] = W[8];
556 ROUND_00_15(8, a,b, c,d, e,f, g, h);
557 T1 = X[9] = W[9];
558 ROUND_00_15(9, h,a, b,c, d,e, f, g);
559 T1 = X[10] = W[10];
560 ROUND_00_15(10, g,h, a,b, c,d, e, f);
561 T1 = X[11] = W[11];
562 ROUND_00_15(11, f,g, h,a, b,c, d, e);
563 T1 = X[12] = W[12];
564 ROUND_00_15(12, e,f, g,h, a,b, c, d);
565 T1 = X[13] = W[13];
566 ROUND_00_15(13, d,e, f,g, h,a, b, c);
567 T1 = X[14] = W[14];
568 ROUND_00_15(14, c,d, e,f, g,h, a, b);
569 T1 = X[15] = W[15];
570 ROUND_00_15(15, b,c, d,e, f,g, h, a);
496#else 571#else
497 T1 = X[0] = PULL64(W[0]); ROUND_00_15(0,a,b,c,d,e,f,g,h); 572 T1 = X[0] = PULL64(W[0]);
498 T1 = X[1] = PULL64(W[1]); ROUND_00_15(1,h,a,b,c,d,e,f,g); 573 ROUND_00_15(0, a,b, c,d, e,f, g, h);
499 T1 = X[2] = PULL64(W[2]); ROUND_00_15(2,g,h,a,b,c,d,e,f); 574 T1 = X[1] = PULL64(W[1]);
500 T1 = X[3] = PULL64(W[3]); ROUND_00_15(3,f,g,h,a,b,c,d,e); 575 ROUND_00_15(1, h,a, b,c, d,e, f, g);
501 T1 = X[4] = PULL64(W[4]); ROUND_00_15(4,e,f,g,h,a,b,c,d); 576 T1 = X[2] = PULL64(W[2]);
502 T1 = X[5] = PULL64(W[5]); ROUND_00_15(5,d,e,f,g,h,a,b,c); 577 ROUND_00_15(2, g,h, a,b, c,d, e, f);
503 T1 = X[6] = PULL64(W[6]); ROUND_00_15(6,c,d,e,f,g,h,a,b); 578 T1 = X[3] = PULL64(W[3]);
504 T1 = X[7] = PULL64(W[7]); ROUND_00_15(7,b,c,d,e,f,g,h,a); 579 ROUND_00_15(3, f,g, h,a, b,c, d, e);
505 T1 = X[8] = PULL64(W[8]); ROUND_00_15(8,a,b,c,d,e,f,g,h); 580 T1 = X[4] = PULL64(W[4]);
506 T1 = X[9] = PULL64(W[9]); ROUND_00_15(9,h,a,b,c,d,e,f,g); 581 ROUND_00_15(4, e,f, g,h, a,b, c, d);
507 T1 = X[10] = PULL64(W[10]); ROUND_00_15(10,g,h,a,b,c,d,e,f); 582 T1 = X[5] = PULL64(W[5]);
508 T1 = X[11] = PULL64(W[11]); ROUND_00_15(11,f,g,h,a,b,c,d,e); 583 ROUND_00_15(5, d,e, f,g, h,a, b, c);
509 T1 = X[12] = PULL64(W[12]); ROUND_00_15(12,e,f,g,h,a,b,c,d); 584 T1 = X[6] = PULL64(W[6]);
510 T1 = X[13] = PULL64(W[13]); ROUND_00_15(13,d,e,f,g,h,a,b,c); 585 ROUND_00_15(6, c,d, e,f, g,h, a, b);
511 T1 = X[14] = PULL64(W[14]); ROUND_00_15(14,c,d,e,f,g,h,a,b); 586 T1 = X[7] = PULL64(W[7]);
512 T1 = X[15] = PULL64(W[15]); ROUND_00_15(15,b,c,d,e,f,g,h,a); 587 ROUND_00_15(7, b,c, d,e, f,g, h, a);
588 T1 = X[8] = PULL64(W[8]);
589 ROUND_00_15(8, a,b, c,d, e,f, g, h);
590 T1 = X[9] = PULL64(W[9]);
591 ROUND_00_15(9, h,a, b,c, d,e, f, g);
592 T1 = X[10] = PULL64(W[10]);
593 ROUND_00_15(10, g,h, a,b, c,d, e, f);
594 T1 = X[11] = PULL64(W[11]);
595 ROUND_00_15(11, f,g, h,a, b,c, d, e);
596 T1 = X[12] = PULL64(W[12]);
597 ROUND_00_15(12, e,f, g,h, a,b, c, d);
598 T1 = X[13] = PULL64(W[13]);
599 ROUND_00_15(13, d,e, f,g, h,a, b, c);
600 T1 = X[14] = PULL64(W[14]);
601 ROUND_00_15(14, c,d, e,f, g,h, a, b);
602 T1 = X[15] = PULL64(W[15]);
603 ROUND_00_15(15, b,c, d,e, f,g, h, a);
513#endif 604#endif
514 605
515 for (i=16;i<80;i+=16) 606 for (i = 16; i < 80; i += 16) {
516 { 607 ROUND_16_80(i, 0, a,b, c,d, e,f, g,h, X);
517 ROUND_16_80(i, 0,a,b,c,d,e,f,g,h,X); 608 ROUND_16_80(i, 1, h,a, b,c, d,e, f,g, X);
518 ROUND_16_80(i, 1,h,a,b,c,d,e,f,g,X); 609 ROUND_16_80(i, 2, g,h, a,b, c,d, e,f, X);
519 ROUND_16_80(i, 2,g,h,a,b,c,d,e,f,X); 610 ROUND_16_80(i, 3, f,g, h,a, b,c, d,e, X);
520 ROUND_16_80(i, 3,f,g,h,a,b,c,d,e,X); 611 ROUND_16_80(i, 4, e,f, g,h, a,b, c,d, X);
521 ROUND_16_80(i, 4,e,f,g,h,a,b,c,d,X); 612 ROUND_16_80(i, 5, d,e, f,g, h,a, b,c, X);
522 ROUND_16_80(i, 5,d,e,f,g,h,a,b,c,X); 613 ROUND_16_80(i, 6, c,d, e,f, g,h, a,b, X);
523 ROUND_16_80(i, 6,c,d,e,f,g,h,a,b,X); 614 ROUND_16_80(i, 7, b,c, d,e, f,g, h,a, X);
524 ROUND_16_80(i, 7,b,c,d,e,f,g,h,a,X); 615 ROUND_16_80(i, 8, a,b, c,d, e,f, g,h, X);
525 ROUND_16_80(i, 8,a,b,c,d,e,f,g,h,X); 616 ROUND_16_80(i, 9, h,a, b,c, d,e, f,g, X);
526 ROUND_16_80(i, 9,h,a,b,c,d,e,f,g,X); 617 ROUND_16_80(i, 10, g,h, a,b, c,d, e,f, X);
527 ROUND_16_80(i,10,g,h,a,b,c,d,e,f,X); 618 ROUND_16_80(i, 11, f,g, h,a, b,c, d,e, X);
528 ROUND_16_80(i,11,f,g,h,a,b,c,d,e,X); 619 ROUND_16_80(i, 12, e,f, g,h, a,b, c,d, X);
529 ROUND_16_80(i,12,e,f,g,h,a,b,c,d,X); 620 ROUND_16_80(i, 13, d,e, f,g, h,a, b,c, X);
530 ROUND_16_80(i,13,d,e,f,g,h,a,b,c,X); 621 ROUND_16_80(i, 14, c,d, e,f, g,h, a,b, X);
531 ROUND_16_80(i,14,c,d,e,f,g,h,a,b,X); 622 ROUND_16_80(i, 15, b,c, d,e, f,g, h,a, X);
532 ROUND_16_80(i,15,b,c,d,e,f,g,h,a,X);
533 } 623 }
534 624
535 ctx->h[0] += a; ctx->h[1] += b; ctx->h[2] += c; ctx->h[3] += d; 625 ctx->h[0] += a;
536 ctx->h[4] += e; ctx->h[5] += f; ctx->h[6] += g; ctx->h[7] += h; 626 ctx->h[1] += b;
627 ctx->h[2] += c;
628 ctx->h[3] += d;
629 ctx->h[4] += e;
630 ctx->h[5] += f;
631 ctx->h[6] += g;
632 ctx->h[7] += h;
537 633
538 W+=SHA_LBLOCK; 634 W += SHA_LBLOCK;
539 }
540 } 635 }
636}
541 637
542#endif 638#endif
543 639
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-28 09:33:46 +0000