Clean up alignment handling for SHA-256.

If input data is 32 bit aligned use be32toh() directly, otherwise use crypto_load_be32toh(), cleaning up all of the HOST_c2l() usage. ok beck@
author: jsing <> 2023-07-07 15:06:50 +0000
committer: jsing <> 2023-07-07 15:06:50 +0000
commit: 8f94354b3d028c101be3492aee5742c619a27d12 (patch)
tree: 7d7945376eba5488469cff2b8e5b222283e171ee /src
parent: 663b156eda8cd8200146681abd67be699d667ac3 (diff)
download: openbsd-8f94354b3d028c101be3492aee5742c619a27d12.tar.gz
openbsd-8f94354b3d028c101be3492aee5742c619a27d12.tar.bz2
openbsd-8f94354b3d028c101be3492aee5742c619a27d12.zip
1 files changed, 43 insertions, 63 deletions
diff --git a/src/lib/libcrypto/sha/sha256.c b/src/lib/libcrypto/sha/sha256.c
index eaa9364998..80578f9ab6 100644
--- a/src/lib/libcrypto/sha/sha256.c
+++ b/src/lib/libcrypto/sha/sha256.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sha256.c,v 1.25 2023/07/07 15:03:55 jsing Exp $ */
+/* $OpenBSD: sha256.c,v 1.26 2023/07/07 15:06:50 jsing Exp $ */
 /* ====================================================================
 * Copyright (c) 1998-2011 The OpenSSL Project.  All rights reserved.
 *
@@ -76,10 +76,9 @@ CTASSERT(sizeof(SHA_LONG) == sizeof(uint32_t));
 #define HASH_BLOCK_DATA_ORDER   sha256_block_data_order
-#ifndef SHA256_ASM
+#ifdef SHA256_ASM
-static
+void sha256_block_data_order(SHA256_CTX *ctx, const void *_in, size_t num);
 #endif
-void sha256_block_data_order(SHA256_CTX *ctx, const void *in, size_t num);
 #define HASH_NO_UPDATE
 #define HASH_NO_TRANSFORM
@@ -132,15 +131,15 @@ static const SHA_LONG K256[64] = {
        ROUND_00_15(T1, i, a, b, c, d, e, f, g, h);     } while (0)
 static void
-sha256_block_data_order(SHA256_CTX *ctx, const void *in, size_t num)
+sha256_block_data_order(SHA256_CTX *ctx, const void *_in, size_t num)
 {
+        const uint8_t *in = _in;
+        const SHA_LONG *in32;
        unsigned MD32_REG_T a, b, c, d, e, f, g, h, s0, s1, T1;
        SHA_LONG X[16];
        int i;
-        const unsigned char *data = in;
        while (num--) {
                a = ctx->h[0];
                b = ctx->h[1];
                c = ctx->h[2];
@@ -150,64 +149,45 @@ sha256_block_data_order(SHA256_CTX *ctx, const void *in, size_t num)
                g = ctx->h[6];
                h = ctx->h[7];
-                if (BYTE_ORDER != LITTLE_ENDIAN &&
+                if ((size_t)in % 4 == 0) {
-                    sizeof(SHA_LONG) == 4 && ((size_t)in % 4) == 0) {
+                        /* Input is 32 bit aligned. */
-                        const SHA_LONG *W = (const SHA_LONG *)data;
+                        in32 = (const SHA_LONG *)in;
+                        X[0] = be32toh(in32[0]);
-                        X[0] = W[0];
+                        X[1] = be32toh(in32[1]);
-                        X[1] = W[1];
+                        X[2] = be32toh(in32[2]);
-                        X[2] = W[2];
+                        X[3] = be32toh(in32[3]);
-                        X[3] = W[3];
+                        X[4] = be32toh(in32[4]);
-                        X[4] = W[4];
+                        X[5] = be32toh(in32[5]);
-                        X[5] = W[5];
+                        X[6] = be32toh(in32[6]);
-                        X[6] = W[6];
+                        X[7] = be32toh(in32[7]);
-                        X[7] = W[7];
+                        X[8] = be32toh(in32[8]);
-                        X[8] = W[8];
+                        X[9] = be32toh(in32[9]);
-                        X[9] = W[9];
+                        X[10] = be32toh(in32[10]);
-                        X[10] = W[10];
+                        X[11] = be32toh(in32[11]);
-                        X[11] = W[11];
+                        X[12] = be32toh(in32[12]);
-                        X[12] = W[12];
+                        X[13] = be32toh(in32[13]);
-                        X[13] = W[13];
+                        X[14] = be32toh(in32[14]);
-                        X[14] = W[14];
+                        X[15] = be32toh(in32[15]);
-                        X[15] = W[15];
-                        data += SHA256_CBLOCK;
                } else {
-                        SHA_LONG l;
+                        /* Input is not 32 bit aligned. */
+                        X[0] = crypto_load_be32toh(&in[0 * 4]);
-                        HOST_c2l(data, l);
+                        X[1] = crypto_load_be32toh(&in[1 * 4]);
-                        X[0] = l;
+                        X[2] = crypto_load_be32toh(&in[2 * 4]);
-                        HOST_c2l(data, l);
+                        X[3] = crypto_load_be32toh(&in[3 * 4]);
-                        X[1] = l;
+                        X[4] = crypto_load_be32toh(&in[4 * 4]);
-                        HOST_c2l(data, l);
+                        X[5] = crypto_load_be32toh(&in[5 * 4]);
-                        X[2] = l;
+                        X[6] = crypto_load_be32toh(&in[6 * 4]);
-                        HOST_c2l(data, l);
+                        X[7] = crypto_load_be32toh(&in[7 * 4]);
-                        X[3] = l;
+                        X[8] = crypto_load_be32toh(&in[8 * 4]);
-                        HOST_c2l(data, l);
+                        X[9] = crypto_load_be32toh(&in[9 * 4]);
-                        X[4] = l;
+                        X[10] = crypto_load_be32toh(&in[10 * 4]);
-                        HOST_c2l(data, l);
+                        X[11] = crypto_load_be32toh(&in[11 * 4]);
-                        X[5] = l;
+                        X[12] = crypto_load_be32toh(&in[12 * 4]);
-                        HOST_c2l(data, l);
+                        X[13] = crypto_load_be32toh(&in[13 * 4]);
-                        X[6] = l;
+                        X[14] = crypto_load_be32toh(&in[14 * 4]);
-                        HOST_c2l(data, l);
+                        X[15] = crypto_load_be32toh(&in[15 * 4]);
-                        X[7] = l;
-                        HOST_c2l(data, l);
-                        X[8] = l;
-                        HOST_c2l(data, l);
-                        X[9] = l;
-                        HOST_c2l(data, l);
-                        X[10] = l;
-                        HOST_c2l(data, l);
-                        X[11] = l;
-                        HOST_c2l(data, l);
-                        X[12] = l;
-                        HOST_c2l(data, l);
-                        X[13] = l;
-                        HOST_c2l(data, l);
-                        X[14] = l;
-                        HOST_c2l(data, l);
-                        X[15] = l;
                }
+                in += SHA256_CBLOCK;
                ROUND_00_15(X[0], 0, a, b, c, d, e, f, g, h);
                ROUND_00_15(X[1], 1, h, a, b, c, d, e, f, g);
author	jsing <>	2023-07-07 15:06:50 +0000
committer	jsing <>	2023-07-07 15:06:50 +0000
commit	8f94354b3d028c101be3492aee5742c619a27d12 (patch)
tree	7d7945376eba5488469cff2b8e5b222283e171ee /src
parent	663b156eda8cd8200146681abd67be699d667ac3 (diff)
download	openbsd-8f94354b3d028c101be3492aee5742c619a27d12.tar.gz openbsd-8f94354b3d028c101be3492aee5742c619a27d12.tar.bz2 openbsd-8f94354b3d028c101be3492aee5742c619a27d12.zip

diff --git a/src/lib/libcrypto/sha/sha256.c b/src/lib/libcrypto/sha/sha256.c index eaa9364998..80578f9ab6 100644 --- a/src/lib/libcrypto/sha/sha256.c +++ b/src/lib/libcrypto/sha/sha256.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: sha256.c,v 1.25 2023/07/07 15:03:55 jsing Exp $ */	1	/* $OpenBSD: sha256.c,v 1.26 2023/07/07 15:06:50 jsing Exp $ */
2	/* ====================================================================	2	/* ====================================================================
3	* Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved.	3	* Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved.
4	*	4	*
@@ -76,10 +76,9 @@ CTASSERT(sizeof(SHA_LONG) == sizeof(uint32_t));
76		76
77	#define HASH_BLOCK_DATA_ORDER sha256_block_data_order	77	#define HASH_BLOCK_DATA_ORDER sha256_block_data_order
78		78
79	#ifndef SHA256_ASM	79	#ifdef SHA256_ASM
80	static	80	void sha256_block_data_order(SHA256_CTX ctx, const void _in, size_t num);
81	#endif	81	#endif
82	void sha256_block_data_order(SHA256_CTX ctx, const void in, size_t num);
83		82
84	#define HASH_NO_UPDATE	83	#define HASH_NO_UPDATE
85	#define HASH_NO_TRANSFORM	84	#define HASH_NO_TRANSFORM
@@ -132,15 +131,15 @@ static const SHA_LONG K256[64] = {
132	ROUND_00_15(T1, i, a, b, c, d, e, f, g, h); } while (0)	131	ROUND_00_15(T1, i, a, b, c, d, e, f, g, h); } while (0)
133		132
134	static void	133	static void
135	sha256_block_data_order(SHA256_CTX ctx, const void in, size_t num)	134	sha256_block_data_order(SHA256_CTX ctx, const void _in, size_t num)
136	{	135	{
		136	const uint8_t *in = _in;
		137	const SHA_LONG *in32;
137	unsigned MD32_REG_T a, b, c, d, e, f, g, h, s0, s1, T1;	138	unsigned MD32_REG_T a, b, c, d, e, f, g, h, s0, s1, T1;
138	SHA_LONG X[16];	139	SHA_LONG X[16];
139	int i;	140	int i;
140	const unsigned char *data = in;
141		141
142	while (num--) {	142	while (num--) {
143
144	a = ctx->h[0];	143	a = ctx->h[0];
145	b = ctx->h[1];	144	b = ctx->h[1];
146	c = ctx->h[2];	145	c = ctx->h[2];
@@ -150,64 +149,45 @@ sha256_block_data_order(SHA256_CTX ctx, const void in, size_t num)
150	g = ctx->h[6];	149	g = ctx->h[6];
151	h = ctx->h[7];	150	h = ctx->h[7];
152		151
153	if (BYTE_ORDER != LITTLE_ENDIAN &&	152	if ((size_t)in % 4 == 0) {
154	sizeof(SHA_LONG) == 4 && ((size_t)in % 4) == 0) {	153	/* Input is 32 bit aligned. */
155	const SHA_LONG W = (const SHA_LONG )data;	154	in32 = (const SHA_LONG *)in;
156		155	X[0] = be32toh(in32[0]);
157	X[0] = W[0];	156	X[1] = be32toh(in32[1]);
158	X[1] = W[1];	157	X[2] = be32toh(in32[2]);
159	X[2] = W[2];	158	X[3] = be32toh(in32[3]);
160	X[3] = W[3];	159	X[4] = be32toh(in32[4]);
161	X[4] = W[4];	160	X[5] = be32toh(in32[5]);
162	X[5] = W[5];	161	X[6] = be32toh(in32[6]);
163	X[6] = W[6];	162	X[7] = be32toh(in32[7]);
164	X[7] = W[7];	163	X[8] = be32toh(in32[8]);
165	X[8] = W[8];	164	X[9] = be32toh(in32[9]);
166	X[9] = W[9];	165	X[10] = be32toh(in32[10]);
167	X[10] = W[10];	166	X[11] = be32toh(in32[11]);
168	X[11] = W[11];	167	X[12] = be32toh(in32[12]);
169	X[12] = W[12];	168	X[13] = be32toh(in32[13]);
170	X[13] = W[13];	169	X[14] = be32toh(in32[14]);
171	X[14] = W[14];	170	X[15] = be32toh(in32[15]);
172	X[15] = W[15];
173
174	data += SHA256_CBLOCK;
175	} else {	171	} else {
176	SHA_LONG l;	172	/* Input is not 32 bit aligned. */
177		173	X[0] = crypto_load_be32toh(&in[0 * 4]);
178	HOST_c2l(data, l);	174	X[1] = crypto_load_be32toh(&in[1 * 4]);
179	X[0] = l;	175	X[2] = crypto_load_be32toh(&in[2 * 4]);
180	HOST_c2l(data, l);	176	X[3] = crypto_load_be32toh(&in[3 * 4]);
181	X[1] = l;	177	X[4] = crypto_load_be32toh(&in[4 * 4]);
182	HOST_c2l(data, l);	178	X[5] = crypto_load_be32toh(&in[5 * 4]);
183	X[2] = l;	179	X[6] = crypto_load_be32toh(&in[6 * 4]);
184	HOST_c2l(data, l);	180	X[7] = crypto_load_be32toh(&in[7 * 4]);
185	X[3] = l;	181	X[8] = crypto_load_be32toh(&in[8 * 4]);
186	HOST_c2l(data, l);	182	X[9] = crypto_load_be32toh(&in[9 * 4]);
187	X[4] = l;	183	X[10] = crypto_load_be32toh(&in[10 * 4]);
188	HOST_c2l(data, l);	184	X[11] = crypto_load_be32toh(&in[11 * 4]);
189	X[5] = l;	185	X[12] = crypto_load_be32toh(&in[12 * 4]);
190	HOST_c2l(data, l);	186	X[13] = crypto_load_be32toh(&in[13 * 4]);
191	X[6] = l;	187	X[14] = crypto_load_be32toh(&in[14 * 4]);
192	HOST_c2l(data, l);	188	X[15] = crypto_load_be32toh(&in[15 * 4]);
193	X[7] = l;
194	HOST_c2l(data, l);
195	X[8] = l;
196	HOST_c2l(data, l);
197	X[9] = l;
198	HOST_c2l(data, l);
199	X[10] = l;
200	HOST_c2l(data, l);
201	X[11] = l;
202	HOST_c2l(data, l);
203	X[12] = l;
204	HOST_c2l(data, l);
205	X[13] = l;
206	HOST_c2l(data, l);
207	X[14] = l;
208	HOST_c2l(data, l);
209	X[15] = l;
210	}	189	}
		190	in += SHA256_CBLOCK;
211		191
212	ROUND_00_15(X[0], 0, a, b, c, d, e, f, g, h);	192	ROUND_00_15(X[0], 0, a, b, c, d, e, f, g, h);
213	ROUND_00_15(X[1], 1, h, a, b, c, d, e, f, g);	193	ROUND_00_15(X[1], 1, h, a, b, c, d, e, f, g);