Clean up SHA-512 input handling and round macros.

Avoid reach around and initialisation outside of the macro, cleaning up the call sites to remove the initialisation. Use a T2 variable to more closely follow the documented algorithm and remove the gorgeous compound statement X = Y += A + B + C. There is no change to the clang generated assembly on aarch64. ok tb@
author: jsing <> 2023-05-16 07:04:57 +0000
committer: jsing <> 2023-05-16 07:04:57 +0000
commit: 3ea05589a10a373b7fdef94f8262460dbfffa8fc (patch)
tree: 102080b2fe0c0a04e2a92d62b81970545817878f /src/lib
parent: 9037f6734c65246c06fe4e9d15ead755e103101d (diff)
download: openbsd-3ea05589a10a373b7fdef94f8262460dbfffa8fc.tar.gz
openbsd-3ea05589a10a373b7fdef94f8262460dbfffa8fc.tar.bz2
openbsd-3ea05589a10a373b7fdef94f8262460dbfffa8fc.zip
1 files changed, 49 insertions, 47 deletions
diff --git a/src/lib/libcrypto/sha/sha512.c b/src/lib/libcrypto/sha/sha512.c
index 2840fa9446..c0752bd2c7 100644
--- a/src/lib/libcrypto/sha/sha512.c
+++ b/src/lib/libcrypto/sha/sha512.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sha512.c,v 1.35 2023/05/12 10:10:55 jsing Exp $ */
+/* $OpenBSD: sha512.c,v 1.36 2023/05/16 07:04:57 jsing Exp $ */
 /* ====================================================================
 * Copyright (c) 1998-2011 The OpenSSL Project.  All rights reserved.
 *
@@ -153,27 +153,29 @@ static const SHA_LONG64 K512[80] = {
 #define Ch(x, y, z)     (((x) & (y)) ^ ((~(x)) & (z)))
 #define Maj(x, y, z)    (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
-#define ROUND_00_15(i, a, b, c, d, e, f, g, h)          do {    \
+#define ROUND_00_15(i, a, b, c, d, e, f, g, h, Wt)              do {    \
-        T1 += h + Sigma1(e) + Ch(e, f, g) + K512[i];    \
+        T1 = h + Sigma1(e) + Ch(e, f, g) + K512[i] + Wt;                \
-        h = Sigma0(a) + Maj(a, b, c);                   \
+        T2 = Sigma0(a) + Maj(a, b, c);                                  \
-        d += T1;        h += T1;                        } while (0)
+        d += T1;                                                        \
+        h = T1 + T2;                                                    \
+                                                                } while (0)
-#define ROUND_16_80(i, j, a, b, c, d, e, f, g, h, X)    do {    \
+#define ROUND_16_80(i, j, a, b, c, d, e, f, g, h, X)            do {    \
-        s0 = X[(j+1)&0x0f];     s0 = sigma0(s0);        \
+        s0 = sigma0(X[(j + 1) & 0x0f]);                                 \
-        s1 = X[(j+14)&0x0f];    s1 = sigma1(s1);        \
+        s1 = sigma1(X[(j + 14) & 0x0f]);                                \
-        T1 = X[(j)&0x0f] += s0 + s1 + X[(j+9)&0x0f];    \
+        X[(j) & 0x0f] += s0 + s1 + X[(j + 9) & 0x0f];                   \
-        ROUND_00_15(i+j, a, b, c, d, e, f, g, h);       } while (0)
+        ROUND_00_15(i + j, a, b, c, d, e, f, g, h, X[(j) & 0x0f]);      \
+                                                                } while (0)
 static void
-sha512_block_data_order(SHA512_CTX *ctx, const void *in, size_t num)
+sha512_block_data_order(SHA512_CTX *ctx, const void *_in, size_t num)
 {
-        const SHA_LONG64 *W = in;
+        const SHA_LONG64 *in = _in;
-        SHA_LONG64 a, b, c, d, e, f, g, h, s0, s1, T1;
+        SHA_LONG64 a, b, c, d, e, f, g, h, s0, s1, T1, T2;
        SHA_LONG64 X[16];
        int i;
        while (num--) {
                a = ctx->h[0];
                b = ctx->h[1];
                c = ctx->h[2];
@@ -183,38 +185,38 @@ sha512_block_data_order(SHA512_CTX *ctx, const void *in, size_t num)
                g = ctx->h[6];
                h = ctx->h[7];
-                T1 = X[0] = PULL64(W[0]);
+                X[0] = PULL64(in[0]);
-                ROUND_00_15(0, a, b, c, d, e, f, g, h);
+                ROUND_00_15(0, a, b, c, d, e, f, g, h, X[0]);
-                T1 = X[1] = PULL64(W[1]);
+                X[1] = PULL64(in[1]);
-                ROUND_00_15(1, h, a, b, c, d, e, f, g);
+                ROUND_00_15(1, h, a, b, c, d, e, f, g, X[1]);
-                T1 = X[2] = PULL64(W[2]);
+                X[2] = PULL64(in[2]);
-                ROUND_00_15(2, g, h, a, b, c, d, e, f);
+                ROUND_00_15(2, g, h, a, b, c, d, e, f, X[2]);
-                T1 = X[3] = PULL64(W[3]);
+                X[3] = PULL64(in[3]);
-                ROUND_00_15(3, f, g, h, a, b, c, d, e);
+                ROUND_00_15(3, f, g, h, a, b, c, d, e, X[3]);
-                T1 = X[4] = PULL64(W[4]);
+                X[4] = PULL64(in[4]);
-                ROUND_00_15(4, e, f, g, h, a, b, c, d);
+                ROUND_00_15(4, e, f, g, h, a, b, c, d, X[4]);
-                T1 = X[5] = PULL64(W[5]);
+                X[5] = PULL64(in[5]);
-                ROUND_00_15(5, d, e, f, g, h, a, b, c);
+                ROUND_00_15(5, d, e, f, g, h, a, b, c, X[5]);
-                T1 = X[6] = PULL64(W[6]);
+                X[6] = PULL64(in[6]);
-                ROUND_00_15(6, c, d, e, f, g, h, a, b);
+                ROUND_00_15(6, c, d, e, f, g, h, a, b, X[6]);
-                T1 = X[7] = PULL64(W[7]);
+                X[7] = PULL64(in[7]);
-                ROUND_00_15(7, b, c, d, e, f, g, h, a);
+                ROUND_00_15(7, b, c, d, e, f, g, h, a, X[7]);
-                T1 = X[8] = PULL64(W[8]);
+                X[8] = PULL64(in[8]);
-                ROUND_00_15(8, a, b, c, d, e, f, g, h);
+                ROUND_00_15(8, a, b, c, d, e, f, g, h, X[8]);
-                T1 = X[9] = PULL64(W[9]);
+                X[9] = PULL64(in[9]);
-                ROUND_00_15(9, h, a, b, c, d, e, f, g);
+                ROUND_00_15(9, h, a, b, c, d, e, f, g, X[9]);
-                T1 = X[10] = PULL64(W[10]);
+                X[10] = PULL64(in[10]);
-                ROUND_00_15(10, g, h, a, b, c, d, e, f);
+                ROUND_00_15(10, g, h, a, b, c, d, e, f, X[10]);
-                T1 = X[11] = PULL64(W[11]);
+                X[11] = PULL64(in[11]);
-                ROUND_00_15(11, f, g, h, a, b, c, d, e);
+                ROUND_00_15(11, f, g, h, a, b, c, d, e, X[11]);
-                T1 = X[12] = PULL64(W[12]);
+                X[12] = PULL64(in[12]);
-                ROUND_00_15(12, e, f, g, h, a, b, c, d);
+                ROUND_00_15(12, e, f, g, h, a, b, c, d, X[12]);
-                T1 = X[13] = PULL64(W[13]);
+                X[13] = PULL64(in[13]);
-                ROUND_00_15(13, d, e, f, g, h, a, b, c);
+                ROUND_00_15(13, d, e, f, g, h, a, b, c, X[13]);
-                T1 = X[14] = PULL64(W[14]);
+                X[14] = PULL64(in[14]);
-                ROUND_00_15(14, c, d, e, f, g, h, a, b);
+                ROUND_00_15(14, c, d, e, f, g, h, a, b, X[14]);
-                T1 = X[15] = PULL64(W[15]);
+                X[15] = PULL64(in[15]);
-                ROUND_00_15(15, b, c, d, e, f, g, h, a);
+                ROUND_00_15(15, b, c, d, e, f, g, h, a, X[15]);
                for (i = 16; i < 80; i += 16) {
                        ROUND_16_80(i, 0, a, b, c, d, e, f, g, h, X);
@@ -244,7 +246,7 @@ sha512_block_data_order(SHA512_CTX *ctx, const void *in, size_t num)
                ctx->h[6] += g;
                ctx->h[7] += h;
-                W += SHA_LBLOCK;
+                in += SHA_LBLOCK;
        }
 }
author	jsing <>	2023-05-16 07:04:57 +0000
committer	jsing <>	2023-05-16 07:04:57 +0000
commit	3ea05589a10a373b7fdef94f8262460dbfffa8fc (patch)
tree	102080b2fe0c0a04e2a92d62b81970545817878f /src/lib
parent	9037f6734c65246c06fe4e9d15ead755e103101d (diff)
download	openbsd-3ea05589a10a373b7fdef94f8262460dbfffa8fc.tar.gz openbsd-3ea05589a10a373b7fdef94f8262460dbfffa8fc.tar.bz2 openbsd-3ea05589a10a373b7fdef94f8262460dbfffa8fc.zip

diff --git a/src/lib/libcrypto/sha/sha512.c b/src/lib/libcrypto/sha/sha512.c index 2840fa9446..c0752bd2c7 100644 --- a/src/lib/libcrypto/sha/sha512.c +++ b/src/lib/libcrypto/sha/sha512.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: sha512.c,v 1.35 2023/05/12 10:10:55 jsing Exp $ */	1	/* $OpenBSD: sha512.c,v 1.36 2023/05/16 07:04:57 jsing Exp $ */
2	/* ====================================================================	2	/* ====================================================================
3	* Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved.	3	* Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved.
4	*	4	*
@@ -153,27 +153,29 @@ static const SHA_LONG64 K512[80] = {
153	#define Ch(x, y, z) (((x) & (y)) ^ ((~(x)) & (z)))	153	#define Ch(x, y, z) (((x) & (y)) ^ ((~(x)) & (z)))
154	#define Maj(x, y, z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))	154	#define Maj(x, y, z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
155		155
156	#define ROUND_00_15(i, a, b, c, d, e, f, g, h) do { \	156	#define ROUND_00_15(i, a, b, c, d, e, f, g, h, Wt) do { \
157	T1 += h + Sigma1(e) + Ch(e, f, g) + K512[i]; \	157	T1 = h + Sigma1(e) + Ch(e, f, g) + K512[i] + Wt; \
158	h = Sigma0(a) + Maj(a, b, c); \	158	T2 = Sigma0(a) + Maj(a, b, c); \
159	d += T1; h += T1; } while (0)	159	d += T1; \
		160	h = T1 + T2; \
		161	} while (0)
160		162
161	#define ROUND_16_80(i, j, a, b, c, d, e, f, g, h, X) do { \	163	#define ROUND_16_80(i, j, a, b, c, d, e, f, g, h, X) do { \
162	s0 = X[(j+1)&0x0f]; s0 = sigma0(s0); \	164	s0 = sigma0(X[(j + 1) & 0x0f]); \
163	s1 = X[(j+14)&0x0f]; s1 = sigma1(s1); \	165	s1 = sigma1(X[(j + 14) & 0x0f]); \
164	T1 = X[(j)&0x0f] += s0 + s1 + X[(j+9)&0x0f]; \	166	X[(j) & 0x0f] += s0 + s1 + X[(j + 9) & 0x0f]; \
165	ROUND_00_15(i+j, a, b, c, d, e, f, g, h); } while (0)	167	ROUND_00_15(i + j, a, b, c, d, e, f, g, h, X[(j) & 0x0f]); \
		168	} while (0)
166		169
167	static void	170	static void
168	sha512_block_data_order(SHA512_CTX ctx, const void in, size_t num)	171	sha512_block_data_order(SHA512_CTX ctx, const void _in, size_t num)
169	{	172	{
170	const SHA_LONG64 *W = in;	173	const SHA_LONG64 *in = _in;
171	SHA_LONG64 a, b, c, d, e, f, g, h, s0, s1, T1;	174	SHA_LONG64 a, b, c, d, e, f, g, h, s0, s1, T1, T2;
172	SHA_LONG64 X[16];	175	SHA_LONG64 X[16];
173	int i;	176	int i;
174		177
175	while (num--) {	178	while (num--) {
176
177	a = ctx->h[0];	179	a = ctx->h[0];
178	b = ctx->h[1];	180	b = ctx->h[1];
179	c = ctx->h[2];	181	c = ctx->h[2];
@@ -183,38 +185,38 @@ sha512_block_data_order(SHA512_CTX ctx, const void in, size_t num)
183	g = ctx->h[6];	185	g = ctx->h[6];
184	h = ctx->h[7];	186	h = ctx->h[7];
185		187
186	T1 = X[0] = PULL64(W[0]);	188	X[0] = PULL64(in[0]);
187	ROUND_00_15(0, a, b, c, d, e, f, g, h);	189	ROUND_00_15(0, a, b, c, d, e, f, g, h, X[0]);
188	T1 = X[1] = PULL64(W[1]);	190	X[1] = PULL64(in[1]);
189	ROUND_00_15(1, h, a, b, c, d, e, f, g);	191	ROUND_00_15(1, h, a, b, c, d, e, f, g, X[1]);
190	T1 = X[2] = PULL64(W[2]);	192	X[2] = PULL64(in[2]);
191	ROUND_00_15(2, g, h, a, b, c, d, e, f);	193	ROUND_00_15(2, g, h, a, b, c, d, e, f, X[2]);
192	T1 = X[3] = PULL64(W[3]);	194	X[3] = PULL64(in[3]);
193	ROUND_00_15(3, f, g, h, a, b, c, d, e);	195	ROUND_00_15(3, f, g, h, a, b, c, d, e, X[3]);
194	T1 = X[4] = PULL64(W[4]);	196	X[4] = PULL64(in[4]);
195	ROUND_00_15(4, e, f, g, h, a, b, c, d);	197	ROUND_00_15(4, e, f, g, h, a, b, c, d, X[4]);
196	T1 = X[5] = PULL64(W[5]);	198	X[5] = PULL64(in[5]);
197	ROUND_00_15(5, d, e, f, g, h, a, b, c);	199	ROUND_00_15(5, d, e, f, g, h, a, b, c, X[5]);
198	T1 = X[6] = PULL64(W[6]);	200	X[6] = PULL64(in[6]);
199	ROUND_00_15(6, c, d, e, f, g, h, a, b);	201	ROUND_00_15(6, c, d, e, f, g, h, a, b, X[6]);
200	T1 = X[7] = PULL64(W[7]);	202	X[7] = PULL64(in[7]);
201	ROUND_00_15(7, b, c, d, e, f, g, h, a);	203	ROUND_00_15(7, b, c, d, e, f, g, h, a, X[7]);
202	T1 = X[8] = PULL64(W[8]);	204	X[8] = PULL64(in[8]);
203	ROUND_00_15(8, a, b, c, d, e, f, g, h);	205	ROUND_00_15(8, a, b, c, d, e, f, g, h, X[8]);
204	T1 = X[9] = PULL64(W[9]);	206	X[9] = PULL64(in[9]);
205	ROUND_00_15(9, h, a, b, c, d, e, f, g);	207	ROUND_00_15(9, h, a, b, c, d, e, f, g, X[9]);
206	T1 = X[10] = PULL64(W[10]);	208	X[10] = PULL64(in[10]);
207	ROUND_00_15(10, g, h, a, b, c, d, e, f);	209	ROUND_00_15(10, g, h, a, b, c, d, e, f, X[10]);
208	T1 = X[11] = PULL64(W[11]);	210	X[11] = PULL64(in[11]);
209	ROUND_00_15(11, f, g, h, a, b, c, d, e);	211	ROUND_00_15(11, f, g, h, a, b, c, d, e, X[11]);
210	T1 = X[12] = PULL64(W[12]);	212	X[12] = PULL64(in[12]);
211	ROUND_00_15(12, e, f, g, h, a, b, c, d);	213	ROUND_00_15(12, e, f, g, h, a, b, c, d, X[12]);
212	T1 = X[13] = PULL64(W[13]);	214	X[13] = PULL64(in[13]);
213	ROUND_00_15(13, d, e, f, g, h, a, b, c);	215	ROUND_00_15(13, d, e, f, g, h, a, b, c, X[13]);
214	T1 = X[14] = PULL64(W[14]);	216	X[14] = PULL64(in[14]);
215	ROUND_00_15(14, c, d, e, f, g, h, a, b);	217	ROUND_00_15(14, c, d, e, f, g, h, a, b, X[14]);
216	T1 = X[15] = PULL64(W[15]);	218	X[15] = PULL64(in[15]);
217	ROUND_00_15(15, b, c, d, e, f, g, h, a);	219	ROUND_00_15(15, b, c, d, e, f, g, h, a, X[15]);
218		220
219	for (i = 16; i < 80; i += 16) {	221	for (i = 16; i < 80; i += 16) {
220	ROUND_16_80(i, 0, a, b, c, d, e, f, g, h, X);	222	ROUND_16_80(i, 0, a, b, c, d, e, f, g, h, X);
@@ -244,7 +246,7 @@ sha512_block_data_order(SHA512_CTX ctx, const void in, size_t num)
244	ctx->h[6] += g;	246	ctx->h[6] += g;
245	ctx->h[7] += h;	247	ctx->h[7] += h;
246		248
247	W += SHA_LBLOCK;	249	in += SHA_LBLOCK;
248	}	250	}
249	}	251	}
250		252