Provide and use crypto_ro{l,r}_u{32,64}().

Various code in libcrypto needs bitwise rotation - rather than defining different versions across the code base, provide a common set that can be reused. Any sensible compiler optimises these to a single instruction where the architecture supports it, which means we can ditch the inline assembly. On the chance that we need to provide a platform specific versions, this follows the approach used in BN where a MD crypto_arch.h header could be added in the future, which would then provide more specific versions of these functions. ok tb@
author: jsing <> 2023-04-12 04:54:16 +0000
committer: jsing <> 2023-04-12 04:54:16 +0000
commit: 0639a12b364c61132014c0052e54345f2de59568 (patch)
tree: 71be9c2306d6ac3d5d004e512e05bf07782c26a6 /src/lib
parent: a9c434936ce2a17263afcfb92d37ece5fd9b1220 (diff)
download: openbsd-0639a12b364c61132014c0052e54345f2de59568.tar.gz
openbsd-0639a12b364c61132014c0052e54345f2de59568.tar.bz2
openbsd-0639a12b364c61132014c0052e54345f2de59568.zip
3 files changed, 39 insertions, 25 deletions
diff --git a/src/lib/libcrypto/crypto_internal.h b/src/lib/libcrypto/crypto_internal.h
index af2a87216e..fa1dc504f7 100644
--- a/src/lib/libcrypto/crypto_internal.h
+++ b/src/lib/libcrypto/crypto_internal.h
@@ -1,4 +1,4 @@
-/*      $OpenBSD: crypto_internal.h,v 1.1 2023/04/12 04:40:39 jsing Exp $ */
+/*      $OpenBSD: crypto_internal.h,v 1.2 2023/04/12 04:54:15 jsing Exp $ */
 /*
 * Copyright (c) 2023 Joel Sing <jsing@openbsd.org>
 *
@@ -31,4 +31,36 @@ crypto_store_htobe64(uint8_t *dst, uint64_t v)
 }
 #endif
+#ifndef HAVE_CRYPTO_ROL_U32
+static inline uint32_t
+crypto_rol_u32(uint32_t v, size_t shift)
+{
+        return (v << shift) | (v >> (32 - shift));
+}
+#endif
+#ifndef HAVE_CRYPTO_ROR_U32
+static inline uint32_t
+crypto_ror_u32(uint32_t v, size_t shift)
+{
+        return (v << (32 - shift)) | (v >> shift);
+}
+#endif
+#ifndef HAVE_CRYPTO_ROL_U64
+static inline uint64_t
+crypto_rol_u64(uint64_t v, size_t shift)
+{
+        return (v << shift) | (v >> (64 - shift));
+}
+#endif
+#ifndef HAVE_CRYPTO_ROR_U64
+static inline uint64_t
+crypto_ror_u64(uint64_t v, size_t shift)
+{
+        return (v << (64 - shift)) | (v >> shift);
+}
+#endif
 #endif
diff --git a/src/lib/libcrypto/md32_common.h b/src/lib/libcrypto/md32_common.h
index a8b0d9ab74..cce4cfb0f7 100644
--- a/src/lib/libcrypto/md32_common.h
+++ b/src/lib/libcrypto/md32_common.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: md32_common.h,v 1.23 2022/12/26 07:18:50 jmc Exp $ */
+/* $OpenBSD: md32_common.h,v 1.24 2023/04/12 04:54:15 jsing Exp $ */
 /* ====================================================================
 * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
 *
@@ -111,6 +111,8 @@
 #include <openssl/opensslconf.h>
+#include "crypto_internal.h"
 #if !defined(DATA_ORDER_IS_BIG_ENDIAN) && !defined(DATA_ORDER_IS_LITTLE_ENDIAN)
 #error "DATA_ORDER must be defined!"
 #endif
@@ -139,15 +141,7 @@
 #error "HASH_BLOCK_DATA_ORDER must be defined!"
 #endif
-/*
+#define ROTATE(a, n)    crypto_rol_u32(a, n)
- * This common idiom is recognized by the compiler and turned into a
- * CPU-specific intrinsic as appropriate. 
- * e.g. GCC optimizes to roll on amd64 at -O0
- */
-static inline uint32_t ROTATE(uint32_t a, uint32_t n)
-{
-        return (a<<n)|(a>>(32-n));
-}
 #if defined(DATA_ORDER_IS_BIG_ENDIAN)
diff --git a/src/lib/libcrypto/sha/sha512.c b/src/lib/libcrypto/sha/sha512.c
index 14c4cbd4f3..ff9ca889e0 100644
--- a/src/lib/libcrypto/sha/sha512.c
+++ b/src/lib/libcrypto/sha/sha512.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sha512.c,v 1.31 2023/04/12 04:40:39 jsing Exp $ */
+/* $OpenBSD: sha512.c,v 1.32 2023/04/12 04:54:16 jsing Exp $ */
 /* ====================================================================
 * Copyright (c) 1998-2011 The OpenSSL Project.  All rights reserved.
 *
@@ -119,11 +119,6 @@ static const SHA_LONG64 K512[80] = {
 #if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
 # if defined(__x86_64) || defined(__x86_64__)
-#  define ROTR(a, n)    ({ SHA_LONG64 ret;              \
-                                asm ("rorq %1,%0"       \
-                                : "=r"(ret)             \
-                                : "J"(n),"0"(a)         \
-                                : "cc"); ret;           })
 #   define PULL64(x) ({ SHA_LONG64 ret=*((const SHA_LONG64 *)(&(x)));   \
                                asm ("bswapq    %0"             \
                                : "=r"(ret)                     \
@@ -135,11 +130,6 @@ static const SHA_LONG64 K512[80] = {
                                : "=r"(lo),"=r"(hi)             \
                                : "0"(lo),"1"(hi));             \
                                ((SHA_LONG64)hi)<<32|lo;        })
-# elif (defined(_ARCH_PPC) && defined(__64BIT__)) || defined(_ARCH_PPC64)
-#  define ROTR(a, n)    ({ SHA_LONG64 ret;              \
-                                asm ("rotrdi %0,%1,%2"  \
-                                : "=r"(ret)             \
-                                : "r"(a),"K"(n)); ret;  })
 # endif
 #endif
@@ -152,9 +142,7 @@ static const SHA_LONG64 K512[80] = {
 #endif
 #endif
-#ifndef ROTR
+#define ROTR(x, s)      crypto_ror_u64(x, s)
-#define ROTR(x, s)      (((x)>>s) | (x)<<(64-s))
-#endif
 #define Sigma0(x)       (ROTR((x),28) ^ ROTR((x),34) ^ ROTR((x),39))
 #define Sigma1(x)       (ROTR((x),14) ^ ROTR((x),18) ^ ROTR((x),41))
author	jsing <>	2023-04-12 04:54:16 +0000
committer	jsing <>	2023-04-12 04:54:16 +0000
commit	0639a12b364c61132014c0052e54345f2de59568 (patch)
tree	71be9c2306d6ac3d5d004e512e05bf07782c26a6 /src/lib
parent	a9c434936ce2a17263afcfb92d37ece5fd9b1220 (diff)
download	openbsd-0639a12b364c61132014c0052e54345f2de59568.tar.gz openbsd-0639a12b364c61132014c0052e54345f2de59568.tar.bz2 openbsd-0639a12b364c61132014c0052e54345f2de59568.zip