summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorjsing <>2023-03-26 16:40:07 +0000
committerjsing <>2023-03-26 16:40:07 +0000
commitdd18b449a3319354b78eca80ca0110b74cad6ede (patch)
tree5916d5c58a22035a582cd5fc06980797fadf530a /src
parent554631fc725f289c8c65c4b7ee7ddcf395a4906c (diff)
downloadopenbsd-dd18b449a3319354b78eca80ca0110b74cad6ede.tar.gz
openbsd-dd18b449a3319354b78eca80ca0110b74cad6ede.tar.bz2
openbsd-dd18b449a3319354b78eca80ca0110b74cad6ede.zip
Whack sha with a style(9) stick.
No change in generated assembly.
Diffstat (limited to 'src')
-rw-r--r--src/lib/libcrypto/sha/sha1_one.c32
-rw-r--r--src/lib/libcrypto/sha/sha1dgst.c15
-rw-r--r--src/lib/libcrypto/sha/sha256.c416
-rw-r--r--src/lib/libcrypto/sha/sha512.c748
4 files changed, 706 insertions, 505 deletions
diff --git a/src/lib/libcrypto/sha/sha1_one.c b/src/lib/libcrypto/sha/sha1_one.c
index 91602ee503..085c1db23e 100644
--- a/src/lib/libcrypto/sha/sha1_one.c
+++ b/src/lib/libcrypto/sha/sha1_one.c
@@ -1,25 +1,25 @@
1/* $OpenBSD: sha1_one.c,v 1.12 2015/09/10 15:56:26 jsing Exp $ */ 1/* $OpenBSD: sha1_one.c,v 1.13 2023/03/26 16:40:07 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -65,17 +65,19 @@
65#include <openssl/sha.h> 65#include <openssl/sha.h>
66 66
67#ifndef OPENSSL_NO_SHA1 67#ifndef OPENSSL_NO_SHA1
68unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md) 68unsigned char *
69 { 69SHA1(const unsigned char *d, size_t n, unsigned char *md)
70{
70 SHA_CTX c; 71 SHA_CTX c;
71 static unsigned char m[SHA_DIGEST_LENGTH]; 72 static unsigned char m[SHA_DIGEST_LENGTH];
72 73
73 if (md == NULL) md=m; 74 if (md == NULL)
75 md = m;
74 if (!SHA1_Init(&c)) 76 if (!SHA1_Init(&c))
75 return NULL; 77 return NULL;
76 SHA1_Update(&c,d,n); 78 SHA1_Update(&c, d, n);
77 SHA1_Final(md,&c); 79 SHA1_Final(md, &c);
78 explicit_bzero(&c,sizeof(c)); 80 explicit_bzero(&c, sizeof(c));
79 return(md); 81 return (md);
80 } 82}
81#endif 83#endif
diff --git a/src/lib/libcrypto/sha/sha1dgst.c b/src/lib/libcrypto/sha/sha1dgst.c
index 16580dcbdd..4fb449d763 100644
--- a/src/lib/libcrypto/sha/sha1dgst.c
+++ b/src/lib/libcrypto/sha/sha1dgst.c
@@ -1,25 +1,25 @@
1/* $OpenBSD: sha1dgst.c,v 1.15 2022/11/26 16:08:54 tb Exp $ */ 1/* $OpenBSD: sha1dgst.c,v 1.16 2023/03/26 16:40:07 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -69,4 +69,3 @@
69#include "sha_local.h" 69#include "sha_local.h"
70 70
71#endif 71#endif
72
diff --git a/src/lib/libcrypto/sha/sha256.c b/src/lib/libcrypto/sha/sha256.c
index e826ca9e19..86c7f6c61a 100644
--- a/src/lib/libcrypto/sha/sha256.c
+++ b/src/lib/libcrypto/sha/sha256.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sha256.c,v 1.11 2021/11/09 18:40:21 bcook Exp $ */ 1/* $OpenBSD: sha256.c,v 1.12 2023/03/26 16:40:07 jsing Exp $ */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 2004 The OpenSSL Project. All rights reserved 3 * Copyright (c) 2004 The OpenSSL Project. All rights reserved
4 * according to the OpenSSL license [found in ../../LICENSE]. 4 * according to the OpenSSL license [found in ../../LICENSE].
@@ -17,58 +17,79 @@
17#include <openssl/sha.h> 17#include <openssl/sha.h>
18#include <openssl/opensslv.h> 18#include <openssl/opensslv.h>
19 19
20int SHA224_Init(SHA256_CTX *c) 20int
21 { 21SHA224_Init(SHA256_CTX *c)
22 memset (c,0,sizeof(*c)); 22{
23 c->h[0]=0xc1059ed8UL; c->h[1]=0x367cd507UL; 23 memset (c, 0, sizeof(*c));
24 c->h[2]=0x3070dd17UL; c->h[3]=0xf70e5939UL; 24 c->h[0] = 0xc1059ed8UL;
25 c->h[4]=0xffc00b31UL; c->h[5]=0x68581511UL; 25 c->h[1] = 0x367cd507UL;
26 c->h[6]=0x64f98fa7UL; c->h[7]=0xbefa4fa4UL; 26 c->h[2] = 0x3070dd17UL;
27 c->md_len=SHA224_DIGEST_LENGTH; 27 c->h[3] = 0xf70e5939UL;
28 c->h[4] = 0xffc00b31UL;
29 c->h[5] = 0x68581511UL;
30 c->h[6] = 0x64f98fa7UL;
31 c->h[7] = 0xbefa4fa4UL;
32 c->md_len = SHA224_DIGEST_LENGTH;
28 return 1; 33 return 1;
29 } 34}
30 35
31int SHA256_Init(SHA256_CTX *c) 36int
32 { 37SHA256_Init(SHA256_CTX *c)
33 memset (c,0,sizeof(*c)); 38{
34 c->h[0]=0x6a09e667UL; c->h[1]=0xbb67ae85UL; 39 memset (c, 0, sizeof(*c));
35 c->h[2]=0x3c6ef372UL; c->h[3]=0xa54ff53aUL; 40 c->h[0] = 0x6a09e667UL;
36 c->h[4]=0x510e527fUL; c->h[5]=0x9b05688cUL; 41 c->h[1] = 0xbb67ae85UL;
37 c->h[6]=0x1f83d9abUL; c->h[7]=0x5be0cd19UL; 42 c->h[2] = 0x3c6ef372UL;
38 c->md_len=SHA256_DIGEST_LENGTH; 43 c->h[3] = 0xa54ff53aUL;
44 c->h[4] = 0x510e527fUL;
45 c->h[5] = 0x9b05688cUL;
46 c->h[6] = 0x1f83d9abUL;
47 c->h[7] = 0x5be0cd19UL;
48 c->md_len = SHA256_DIGEST_LENGTH;
39 return 1; 49 return 1;
40 } 50}
41 51
42unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md) 52unsigned char *
43 { 53SHA224(const unsigned char *d, size_t n, unsigned char *md)
54{
44 SHA256_CTX c; 55 SHA256_CTX c;
45 static unsigned char m[SHA224_DIGEST_LENGTH]; 56 static unsigned char m[SHA224_DIGEST_LENGTH];
46 57
47 if (md == NULL) md=m; 58 if (md == NULL)
59 md = m;
48 SHA224_Init(&c); 60 SHA224_Init(&c);
49 SHA256_Update(&c,d,n); 61 SHA256_Update(&c, d, n);
50 SHA256_Final(md,&c); 62 SHA256_Final(md, &c);
51 explicit_bzero(&c,sizeof(c)); 63 explicit_bzero(&c, sizeof(c));
52 return(md); 64 return (md);
53 } 65}
54 66
55unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md) 67unsigned char *
56 { 68SHA256(const unsigned char *d, size_t n, unsigned char *md)
69{
57 SHA256_CTX c; 70 SHA256_CTX c;
58 static unsigned char m[SHA256_DIGEST_LENGTH]; 71 static unsigned char m[SHA256_DIGEST_LENGTH];
59 72
60 if (md == NULL) md=m; 73 if (md == NULL)
74 md = m;
61 SHA256_Init(&c); 75 SHA256_Init(&c);
62 SHA256_Update(&c,d,n); 76 SHA256_Update(&c, d, n);
63 SHA256_Final(md,&c); 77 SHA256_Final(md, &c);
64 explicit_bzero(&c,sizeof(c)); 78 explicit_bzero(&c, sizeof(c));
65 return(md); 79 return (md);
66 } 80}
67 81
68int SHA224_Update(SHA256_CTX *c, const void *data, size_t len) 82int
69{ return SHA256_Update (c,data,len); } 83SHA224_Update(SHA256_CTX *c, const void *data, size_t len)
70int SHA224_Final (unsigned char *md, SHA256_CTX *c) 84{
71{ return SHA256_Final (md,c); } 85 return SHA256_Update(c, data, len);
86}
87
88int
89SHA224_Final(unsigned char *md, SHA256_CTX *c)
90{
91 return SHA256_Final(md, c);
92}
72 93
73#define DATA_ORDER_IS_BIG_ENDIAN 94#define DATA_ORDER_IS_BIG_ENDIAN
74 95
@@ -109,30 +130,31 @@ int SHA224_Final (unsigned char *md, SHA256_CTX *c)
109#define HASH_FINAL SHA256_Final 130#define HASH_FINAL SHA256_Final
110#define HASH_BLOCK_DATA_ORDER sha256_block_data_order 131#define HASH_BLOCK_DATA_ORDER sha256_block_data_order
111#ifndef SHA256_ASM 132#ifndef SHA256_ASM
112static 133 static
113#endif 134#endif
114void sha256_block_data_order (SHA256_CTX *ctx, const void *in, size_t num); 135 void sha256_block_data_order (SHA256_CTX *ctx, const void *in, size_t num);
115 136
116#include "md32_common.h" 137#include "md32_common.h"
117 138
118#ifndef SHA256_ASM 139#ifndef SHA256_ASM
119static const SHA_LONG K256[64] = { 140static const SHA_LONG K256[64] = {
120 0x428a2f98UL,0x71374491UL,0xb5c0fbcfUL,0xe9b5dba5UL, 141 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL,
121 0x3956c25bUL,0x59f111f1UL,0x923f82a4UL,0xab1c5ed5UL, 142 0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL,
122 0xd807aa98UL,0x12835b01UL,0x243185beUL,0x550c7dc3UL, 143 0xd807aa98UL, 0x12835b01UL, 0x243185beUL, 0x550c7dc3UL,
123 0x72be5d74UL,0x80deb1feUL,0x9bdc06a7UL,0xc19bf174UL, 144 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, 0xc19bf174UL,
124 0xe49b69c1UL,0xefbe4786UL,0x0fc19dc6UL,0x240ca1ccUL, 145 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL,
125 0x2de92c6fUL,0x4a7484aaUL,0x5cb0a9dcUL,0x76f988daUL, 146 0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL,
126 0x983e5152UL,0xa831c66dUL,0xb00327c8UL,0xbf597fc7UL, 147 0x983e5152UL, 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL,
127 0xc6e00bf3UL,0xd5a79147UL,0x06ca6351UL,0x14292967UL, 148 0xc6e00bf3UL, 0xd5a79147UL, 0x06ca6351UL, 0x14292967UL,
128 0x27b70a85UL,0x2e1b2138UL,0x4d2c6dfcUL,0x53380d13UL, 149 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, 0x53380d13UL,
129 0x650a7354UL,0x766a0abbUL,0x81c2c92eUL,0x92722c85UL, 150 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL,
130 0xa2bfe8a1UL,0xa81a664bUL,0xc24b8b70UL,0xc76c51a3UL, 151 0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL,
131 0xd192e819UL,0xd6990624UL,0xf40e3585UL,0x106aa070UL, 152 0xd192e819UL, 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL,
132 0x19a4c116UL,0x1e376c08UL,0x2748774cUL,0x34b0bcb5UL, 153 0x19a4c116UL, 0x1e376c08UL, 0x2748774cUL, 0x34b0bcb5UL,
133 0x391c0cb3UL,0x4ed8aa4aUL,0x5b9cca4fUL,0x682e6ff3UL, 154 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, 0x682e6ff3UL,
134 0x748f82eeUL,0x78a5636fUL,0x84c87814UL,0x8cc70208UL, 155 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL,
135 0x90befffaUL,0xa4506cebUL,0xbef9a3f7UL,0xc67178f2UL }; 156 0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL,
157};
136 158
137/* 159/*
138 * FIPS specification refers to right rotations, while our ROTATE macro 160 * FIPS specification refers to right rotations, while our ROTATE macro
@@ -149,43 +171,69 @@ static const SHA_LONG K256[64] = {
149 171
150#ifdef OPENSSL_SMALL_FOOTPRINT 172#ifdef OPENSSL_SMALL_FOOTPRINT
151 173
152static void sha256_block_data_order (SHA256_CTX *ctx, const void *in, size_t num) 174static void
153 { 175sha256_block_data_order(SHA256_CTX *ctx, const void *in, size_t num)
154 unsigned MD32_REG_T a,b,c,d,e,f,g,h,s0,s1,T1,T2; 176{
155 SHA_LONG X[16],l; 177 unsigned MD32_REG_T a, b,c, d,e, f,g, h,s0, s1, T1, T2;
178 SHA_LONG X[16], l;
156 int i; 179 int i;
157 const unsigned char *data=in; 180 const unsigned char *data = in;
158 181
159 while (num--) { 182 while (num--) {
160 183
161 a = ctx->h[0]; b = ctx->h[1]; c = ctx->h[2]; d = ctx->h[3]; 184 a = ctx->h[0];
162 e = ctx->h[4]; f = ctx->h[5]; g = ctx->h[6]; h = ctx->h[7]; 185 b = ctx->h[1];
163 186 c = ctx->h[2];
164 for (i=0;i<16;i++) 187 d = ctx->h[3];
165 { 188 e = ctx->h[4];
166 HOST_c2l(data,l); T1 = X[i] = l; 189 f = ctx->h[5];
167 T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i]; 190 g = ctx->h[6];
168 T2 = Sigma0(a) + Maj(a,b,c); 191 h = ctx->h[7];
169 h = g; g = f; f = e; e = d + T1; 192
170 d = c; c = b; b = a; a = T1 + T2; 193 for (i = 0; i < 16; i++) {
194 HOST_c2l(data, l);
195 T1 = X[i] = l;
196 T1 += h + Sigma1(e) + Ch(e, f, g) + K256[i];
197 T2 = Sigma0(a) + Maj(a, b, c);
198 h = g;
199 g = f;
200 f = e;
201 e = d + T1;
202 d = c;
203 c = b;
204 b = a;
205 a = T1 + T2;
171 } 206 }
172 207
173 for (;i<64;i++) 208 for (; i < 64; i++) {
174 { 209 s0 = X[(i + 1)&0x0f];
175 s0 = X[(i+1)&0x0f]; s0 = sigma0(s0); 210 s0 = sigma0(s0);
176 s1 = X[(i+14)&0x0f]; s1 = sigma1(s1); 211 s1 = X[(i + 14)&0x0f];
177 212 s1 = sigma1(s1);
178 T1 = X[i&0xf] += s0 + s1 + X[(i+9)&0xf]; 213
179 T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i]; 214 T1 = X[i&0xf] += s0 + s1 + X[(i + 9)&0xf];
180 T2 = Sigma0(a) + Maj(a,b,c); 215 T1 += h + Sigma1(e) + Ch(e, f, g) + K256[i];
181 h = g; g = f; f = e; e = d + T1; 216 T2 = Sigma0(a) + Maj(a, b, c);
182 d = c; c = b; b = a; a = T1 + T2; 217 h = g;
218 g = f;
219 f = e;
220 e = d + T1;
221 d = c;
222 c = b;
223 b = a;
224 a = T1 + T2;
183 } 225 }
184 226
185 ctx->h[0] += a; ctx->h[1] += b; ctx->h[2] += c; ctx->h[3] += d; 227 ctx->h[0] += a;
186 ctx->h[4] += e; ctx->h[5] += f; ctx->h[6] += g; ctx->h[7] += h; 228 ctx->h[1] += b;
229 ctx->h[2] += c;
230 ctx->h[3] += d;
231 ctx->h[4] += e;
232 ctx->h[5] += f;
233 ctx->h[6] += g;
234 ctx->h[7] += h;
187 235
188 } 236 }
189} 237}
190 238
191#else 239#else
@@ -201,81 +249,137 @@ static void sha256_block_data_order (SHA256_CTX *ctx, const void *in, size_t num
201 T1 = X[(i)&0x0f] += s0 + s1 + X[(i+9)&0x0f]; \ 249 T1 = X[(i)&0x0f] += s0 + s1 + X[(i+9)&0x0f]; \
202 ROUND_00_15(i,a,b,c,d,e,f,g,h); } while (0) 250 ROUND_00_15(i,a,b,c,d,e,f,g,h); } while (0)
203 251
204static void sha256_block_data_order (SHA256_CTX *ctx, const void *in, size_t num) 252static void
205 { 253sha256_block_data_order(SHA256_CTX *ctx, const void *in, size_t num)
206 unsigned MD32_REG_T a,b,c,d,e,f,g,h,s0,s1,T1; 254{
255 unsigned MD32_REG_T a, b,c, d,e, f,g, h,s0, s1, T1;
207 SHA_LONG X[16]; 256 SHA_LONG X[16];
208 int i; 257 int i;
209 const unsigned char *data=in; 258 const unsigned char *data = in;
210 259
211 while (num--) { 260 while (num--) {
212 261
213 a = ctx->h[0]; b = ctx->h[1]; c = ctx->h[2]; d = ctx->h[3]; 262 a = ctx->h[0];
214 e = ctx->h[4]; f = ctx->h[5]; g = ctx->h[6]; h = ctx->h[7]; 263 b = ctx->h[1];
215 264 c = ctx->h[2];
216 if (BYTE_ORDER != LITTLE_ENDIAN && 265 d = ctx->h[3];
217 sizeof(SHA_LONG)==4 && ((size_t)in%4)==0) 266 e = ctx->h[4];
218 { 267 f = ctx->h[5];
219 const SHA_LONG *W=(const SHA_LONG *)data; 268 g = ctx->h[6];
220 269 h = ctx->h[7];
221 T1 = X[0] = W[0]; ROUND_00_15(0,a,b,c,d,e,f,g,h); 270
222 T1 = X[1] = W[1]; ROUND_00_15(1,h,a,b,c,d,e,f,g); 271 if (BYTE_ORDER != LITTLE_ENDIAN &&
223 T1 = X[2] = W[2]; ROUND_00_15(2,g,h,a,b,c,d,e,f); 272 sizeof(SHA_LONG) == 4 && ((size_t)in % 4) == 0) {
224 T1 = X[3] = W[3]; ROUND_00_15(3,f,g,h,a,b,c,d,e); 273 const SHA_LONG *W = (const SHA_LONG *)data;
225 T1 = X[4] = W[4]; ROUND_00_15(4,e,f,g,h,a,b,c,d); 274
226 T1 = X[5] = W[5]; ROUND_00_15(5,d,e,f,g,h,a,b,c); 275 T1 = X[0] = W[0];
227 T1 = X[6] = W[6]; ROUND_00_15(6,c,d,e,f,g,h,a,b); 276 ROUND_00_15(0, a,b, c,d, e,f, g, h);
228 T1 = X[7] = W[7]; ROUND_00_15(7,b,c,d,e,f,g,h,a); 277 T1 = X[1] = W[1];
229 T1 = X[8] = W[8]; ROUND_00_15(8,a,b,c,d,e,f,g,h); 278 ROUND_00_15(1, h,a, b,c, d,e, f, g);
230 T1 = X[9] = W[9]; ROUND_00_15(9,h,a,b,c,d,e,f,g); 279 T1 = X[2] = W[2];
231 T1 = X[10] = W[10]; ROUND_00_15(10,g,h,a,b,c,d,e,f); 280 ROUND_00_15(2, g,h, a,b, c,d, e, f);
232 T1 = X[11] = W[11]; ROUND_00_15(11,f,g,h,a,b,c,d,e); 281 T1 = X[3] = W[3];
233 T1 = X[12] = W[12]; ROUND_00_15(12,e,f,g,h,a,b,c,d); 282 ROUND_00_15(3, f,g, h,a, b,c, d, e);
234 T1 = X[13] = W[13]; ROUND_00_15(13,d,e,f,g,h,a,b,c); 283 T1 = X[4] = W[4];
235 T1 = X[14] = W[14]; ROUND_00_15(14,c,d,e,f,g,h,a,b); 284 ROUND_00_15(4, e,f, g,h, a,b, c, d);
236 T1 = X[15] = W[15]; ROUND_00_15(15,b,c,d,e,f,g,h,a); 285 T1 = X[5] = W[5];
237 286 ROUND_00_15(5, d,e, f,g, h,a, b, c);
238 data += SHA256_CBLOCK; 287 T1 = X[6] = W[6];
239 } 288 ROUND_00_15(6, c,d, e,f, g,h, a, b);
240 else 289 T1 = X[7] = W[7];
241 { 290 ROUND_00_15(7, b,c, d,e, f,g, h, a);
242 SHA_LONG l; 291 T1 = X[8] = W[8];
243 292 ROUND_00_15(8, a,b, c,d, e,f, g, h);
244 HOST_c2l(data,l); T1 = X[0] = l; ROUND_00_15(0,a,b,c,d,e,f,g,h); 293 T1 = X[9] = W[9];
245 HOST_c2l(data,l); T1 = X[1] = l; ROUND_00_15(1,h,a,b,c,d,e,f,g); 294 ROUND_00_15(9, h,a, b,c, d,e, f, g);
246 HOST_c2l(data,l); T1 = X[2] = l; ROUND_00_15(2,g,h,a,b,c,d,e,f); 295 T1 = X[10] = W[10];
247 HOST_c2l(data,l); T1 = X[3] = l; ROUND_00_15(3,f,g,h,a,b,c,d,e); 296 ROUND_00_15(10, g,h, a,b, c,d, e, f);
248 HOST_c2l(data,l); T1 = X[4] = l; ROUND_00_15(4,e,f,g,h,a,b,c,d); 297 T1 = X[11] = W[11];
249 HOST_c2l(data,l); T1 = X[5] = l; ROUND_00_15(5,d,e,f,g,h,a,b,c); 298 ROUND_00_15(11, f,g, h,a, b,c, d, e);
250 HOST_c2l(data,l); T1 = X[6] = l; ROUND_00_15(6,c,d,e,f,g,h,a,b); 299 T1 = X[12] = W[12];
251 HOST_c2l(data,l); T1 = X[7] = l; ROUND_00_15(7,b,c,d,e,f,g,h,a); 300 ROUND_00_15(12, e,f, g,h, a,b, c, d);
252 HOST_c2l(data,l); T1 = X[8] = l; ROUND_00_15(8,a,b,c,d,e,f,g,h); 301 T1 = X[13] = W[13];
253 HOST_c2l(data,l); T1 = X[9] = l; ROUND_00_15(9,h,a,b,c,d,e,f,g); 302 ROUND_00_15(13, d,e, f,g, h,a, b, c);
254 HOST_c2l(data,l); T1 = X[10] = l; ROUND_00_15(10,g,h,a,b,c,d,e,f); 303 T1 = X[14] = W[14];
255 HOST_c2l(data,l); T1 = X[11] = l; ROUND_00_15(11,f,g,h,a,b,c,d,e); 304 ROUND_00_15(14, c,d, e,f, g,h, a, b);
256 HOST_c2l(data,l); T1 = X[12] = l; ROUND_00_15(12,e,f,g,h,a,b,c,d); 305 T1 = X[15] = W[15];
257 HOST_c2l(data,l); T1 = X[13] = l; ROUND_00_15(13,d,e,f,g,h,a,b,c); 306 ROUND_00_15(15, b,c, d,e, f,g, h, a);
258 HOST_c2l(data,l); T1 = X[14] = l; ROUND_00_15(14,c,d,e,f,g,h,a,b); 307
259 HOST_c2l(data,l); T1 = X[15] = l; ROUND_00_15(15,b,c,d,e,f,g,h,a); 308 data += SHA256_CBLOCK;
309 } else {
310 SHA_LONG l;
311
312 HOST_c2l(data, l);
313 T1 = X[0] = l;
314 ROUND_00_15(0, a,b, c,d, e,f, g, h);
315 HOST_c2l(data, l);
316 T1 = X[1] = l;
317 ROUND_00_15(1, h,a, b,c, d,e, f, g);
318 HOST_c2l(data, l);
319 T1 = X[2] = l;
320 ROUND_00_15(2, g,h, a,b, c,d, e, f);
321 HOST_c2l(data, l);
322 T1 = X[3] = l;
323 ROUND_00_15(3, f,g, h,a, b,c, d, e);
324 HOST_c2l(data, l);
325 T1 = X[4] = l;
326 ROUND_00_15(4, e,f, g,h, a,b, c, d);
327 HOST_c2l(data, l);
328 T1 = X[5] = l;
329 ROUND_00_15(5, d,e, f,g, h,a, b, c);
330 HOST_c2l(data, l);
331 T1 = X[6] = l;
332 ROUND_00_15(6, c,d, e,f, g,h, a, b);
333 HOST_c2l(data, l);
334 T1 = X[7] = l;
335 ROUND_00_15(7, b,c, d,e, f,g, h, a);
336 HOST_c2l(data, l);
337 T1 = X[8] = l;
338 ROUND_00_15(8, a,b, c,d, e,f, g, h);
339 HOST_c2l(data, l);
340 T1 = X[9] = l;
341 ROUND_00_15(9, h,a, b,c, d,e, f, g);
342 HOST_c2l(data, l);
343 T1 = X[10] = l;
344 ROUND_00_15(10, g,h, a,b, c,d, e, f);
345 HOST_c2l(data, l);
346 T1 = X[11] = l;
347 ROUND_00_15(11, f,g, h,a, b,c, d, e);
348 HOST_c2l(data, l);
349 T1 = X[12] = l;
350 ROUND_00_15(12, e,f, g,h, a,b, c, d);
351 HOST_c2l(data, l);
352 T1 = X[13] = l;
353 ROUND_00_15(13, d,e, f,g, h,a, b, c);
354 HOST_c2l(data, l);
355 T1 = X[14] = l;
356 ROUND_00_15(14, c,d, e,f, g,h, a, b);
357 HOST_c2l(data, l);
358 T1 = X[15] = l;
359 ROUND_00_15(15, b,c, d,e, f,g, h, a);
260 } 360 }
261 361
262 for (i=16;i<64;i+=8) 362 for (i = 16; i < 64; i += 8) {
263 { 363 ROUND_16_63(i + 0, a,b, c,d, e,f, g,h, X);
264 ROUND_16_63(i+0,a,b,c,d,e,f,g,h,X); 364 ROUND_16_63(i + 1, h,a, b,c, d,e, f,g, X);
265 ROUND_16_63(i+1,h,a,b,c,d,e,f,g,X); 365 ROUND_16_63(i + 2, g,h, a,b, c,d, e,f, X);
266 ROUND_16_63(i+2,g,h,a,b,c,d,e,f,X); 366 ROUND_16_63(i + 3, f,g, h,a, b,c, d,e, X);
267 ROUND_16_63(i+3,f,g,h,a,b,c,d,e,X); 367 ROUND_16_63(i + 4, e,f, g,h, a,b, c,d, X);
268 ROUND_16_63(i+4,e,f,g,h,a,b,c,d,X); 368 ROUND_16_63(i + 5, d,e, f,g, h,a, b,c, X);
269 ROUND_16_63(i+5,d,e,f,g,h,a,b,c,X); 369 ROUND_16_63(i + 6, c,d, e,f, g,h, a,b, X);
270 ROUND_16_63(i+6,c,d,e,f,g,h,a,b,X); 370 ROUND_16_63(i + 7, b,c, d,e, f,g, h,a, X);
271 ROUND_16_63(i+7,b,c,d,e,f,g,h,a,X);
272 } 371 }
273 372
274 ctx->h[0] += a; ctx->h[1] += b; ctx->h[2] += c; ctx->h[3] += d; 373 ctx->h[0] += a;
275 ctx->h[4] += e; ctx->h[5] += f; ctx->h[6] += g; ctx->h[7] += h; 374 ctx->h[1] += b;
276 375 ctx->h[2] += c;
277 } 376 ctx->h[3] += d;
377 ctx->h[4] += e;
378 ctx->h[5] += f;
379 ctx->h[6] += g;
380 ctx->h[7] += h;
278 } 381 }
382}
279 383
280#endif 384#endif
281#endif /* SHA256_ASM */ 385#endif /* SHA256_ASM */
diff --git a/src/lib/libcrypto/sha/sha512.c b/src/lib/libcrypto/sha/sha512.c
index 56a207f7d0..7c76c42b5b 100644
--- a/src/lib/libcrypto/sha/sha512.c
+++ b/src/lib/libcrypto/sha/sha512.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sha512.c,v 1.16 2021/11/09 18:40:21 bcook Exp $ */ 1/* $OpenBSD: sha512.c,v 1.17 2023/03/26 16:40:07 jsing Exp $ */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 2004 The OpenSSL Project. All rights reserved 3 * Copyright (c) 2004 The OpenSSL Project. All rights reserved
4 * according to the OpenSSL license [found in ../../LICENSE]. 4 * according to the OpenSSL license [found in ../../LICENSE].
@@ -56,256 +56,276 @@
56#define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA 56#define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA
57#endif 57#endif
58 58
59int SHA384_Init(SHA512_CTX *c) 59int
60 { 60SHA384_Init(SHA512_CTX *c)
61 c->h[0]=U64(0xcbbb9d5dc1059ed8); 61{
62 c->h[1]=U64(0x629a292a367cd507); 62 c->h[0] = U64(0xcbbb9d5dc1059ed8);
63 c->h[2]=U64(0x9159015a3070dd17); 63 c->h[1] = U64(0x629a292a367cd507);
64 c->h[3]=U64(0x152fecd8f70e5939); 64 c->h[2] = U64(0x9159015a3070dd17);
65 c->h[4]=U64(0x67332667ffc00b31); 65 c->h[3] = U64(0x152fecd8f70e5939);
66 c->h[5]=U64(0x8eb44a8768581511); 66 c->h[4] = U64(0x67332667ffc00b31);
67 c->h[6]=U64(0xdb0c2e0d64f98fa7); 67 c->h[5] = U64(0x8eb44a8768581511);
68 c->h[7]=U64(0x47b5481dbefa4fa4); 68 c->h[6] = U64(0xdb0c2e0d64f98fa7);
69 69 c->h[7] = U64(0x47b5481dbefa4fa4);
70 c->Nl=0; c->Nh=0; 70
71 c->num=0; c->md_len=SHA384_DIGEST_LENGTH; 71 c->Nl = 0;
72 return 1; 72 c->Nh = 0;
73 } 73 c->num = 0;
74 74 c->md_len = SHA384_DIGEST_LENGTH;
75int SHA512_Init(SHA512_CTX *c) 75 return 1;
76 { 76}
77 c->h[0]=U64(0x6a09e667f3bcc908); 77
78 c->h[1]=U64(0xbb67ae8584caa73b); 78int
79 c->h[2]=U64(0x3c6ef372fe94f82b); 79SHA512_Init(SHA512_CTX *c)
80 c->h[3]=U64(0xa54ff53a5f1d36f1); 80{
81 c->h[4]=U64(0x510e527fade682d1); 81 c->h[0] = U64(0x6a09e667f3bcc908);
82 c->h[5]=U64(0x9b05688c2b3e6c1f); 82 c->h[1] = U64(0xbb67ae8584caa73b);
83 c->h[6]=U64(0x1f83d9abfb41bd6b); 83 c->h[2] = U64(0x3c6ef372fe94f82b);
84 c->h[7]=U64(0x5be0cd19137e2179); 84 c->h[3] = U64(0xa54ff53a5f1d36f1);
85 85 c->h[4] = U64(0x510e527fade682d1);
86 c->Nl=0; c->Nh=0; 86 c->h[5] = U64(0x9b05688c2b3e6c1f);
87 c->num=0; c->md_len=SHA512_DIGEST_LENGTH; 87 c->h[6] = U64(0x1f83d9abfb41bd6b);
88 return 1; 88 c->h[7] = U64(0x5be0cd19137e2179);
89 } 89
90 c->Nl = 0;
91 c->Nh = 0;
92 c->num = 0;
93 c->md_len = SHA512_DIGEST_LENGTH;
94 return 1;
95}
90 96
91#ifndef SHA512_ASM 97#ifndef SHA512_ASM
92static 98static
93#endif 99#endif
94void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num); 100void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num);
95 101
96int SHA512_Final (unsigned char *md, SHA512_CTX *c) 102int
97 { 103SHA512_Final(unsigned char *md, SHA512_CTX *c)
98 unsigned char *p=(unsigned char *)c->u.p; 104{
99 size_t n=c->num; 105 unsigned char *p = (unsigned char *)c->u.p;
106 size_t n = c->num;
100 107
101 p[n]=0x80; /* There always is a room for one */ 108 p[n]=0x80; /* There always is a room for one */
102 n++; 109 n++;
103 if (n > (sizeof(c->u)-16)) 110 if (n > (sizeof(c->u) - 16))
104 memset (p+n,0,sizeof(c->u)-n), n=0, 111 memset (p + n, 0, sizeof(c->u) - n), n = 0,
105 sha512_block_data_order (c,p,1); 112 sha512_block_data_order (c, p, 1);
106 113
107 memset (p+n,0,sizeof(c->u)-16-n); 114 memset (p + n, 0, sizeof(c->u) - 16 - n);
108#if BYTE_ORDER == BIG_ENDIAN 115#if BYTE_ORDER == BIG_ENDIAN
109 c->u.d[SHA_LBLOCK-2] = c->Nh; 116 c->u.d[SHA_LBLOCK - 2] = c->Nh;
110 c->u.d[SHA_LBLOCK-1] = c->Nl; 117 c->u.d[SHA_LBLOCK - 1] = c->Nl;
111#else 118#else
112 p[sizeof(c->u)-1] = (unsigned char)(c->Nl); 119 p[sizeof(c->u) - 1] = (unsigned char)(c->Nl);
113 p[sizeof(c->u)-2] = (unsigned char)(c->Nl>>8); 120 p[sizeof(c->u) - 2] = (unsigned char)(c->Nl >> 8);
114 p[sizeof(c->u)-3] = (unsigned char)(c->Nl>>16); 121 p[sizeof(c->u) - 3] = (unsigned char)(c->Nl >> 16);
115 p[sizeof(c->u)-4] = (unsigned char)(c->Nl>>24); 122 p[sizeof(c->u) - 4] = (unsigned char)(c->Nl >> 24);
116 p[sizeof(c->u)-5] = (unsigned char)(c->Nl>>32); 123 p[sizeof(c->u) - 5] = (unsigned char)(c->Nl >> 32);
117 p[sizeof(c->u)-6] = (unsigned char)(c->Nl>>40); 124 p[sizeof(c->u) - 6] = (unsigned char)(c->Nl >> 40);
118 p[sizeof(c->u)-7] = (unsigned char)(c->Nl>>48); 125 p[sizeof(c->u) - 7] = (unsigned char)(c->Nl >> 48);
119 p[sizeof(c->u)-8] = (unsigned char)(c->Nl>>56); 126 p[sizeof(c->u) - 8] = (unsigned char)(c->Nl >> 56);
120 p[sizeof(c->u)-9] = (unsigned char)(c->Nh); 127 p[sizeof(c->u) - 9] = (unsigned char)(c->Nh);
121 p[sizeof(c->u)-10] = (unsigned char)(c->Nh>>8); 128 p[sizeof(c->u) - 10] = (unsigned char)(c->Nh >> 8);
122 p[sizeof(c->u)-11] = (unsigned char)(c->Nh>>16); 129 p[sizeof(c->u) - 11] = (unsigned char)(c->Nh >> 16);
123 p[sizeof(c->u)-12] = (unsigned char)(c->Nh>>24); 130 p[sizeof(c->u) - 12] = (unsigned char)(c->Nh >> 24);
124 p[sizeof(c->u)-13] = (unsigned char)(c->Nh>>32); 131 p[sizeof(c->u) - 13] = (unsigned char)(c->Nh >> 32);
125 p[sizeof(c->u)-14] = (unsigned char)(c->Nh>>40); 132 p[sizeof(c->u) - 14] = (unsigned char)(c->Nh >> 40);
126 p[sizeof(c->u)-15] = (unsigned char)(c->Nh>>48); 133 p[sizeof(c->u) - 15] = (unsigned char)(c->Nh >> 48);
127 p[sizeof(c->u)-16] = (unsigned char)(c->Nh>>56); 134 p[sizeof(c->u) - 16] = (unsigned char)(c->Nh >> 56);
128#endif 135#endif
129 136
130 sha512_block_data_order (c,p,1); 137 sha512_block_data_order (c, p, 1);
131 138
132 if (md==0) return 0; 139 if (md == 0)
140 return 0;
133 141
134 switch (c->md_len) 142 switch (c->md_len) {
135 {
136 /* Let compiler decide if it's appropriate to unroll... */ 143 /* Let compiler decide if it's appropriate to unroll... */
137 case SHA384_DIGEST_LENGTH: 144 case SHA384_DIGEST_LENGTH:
138 for (n=0;n<SHA384_DIGEST_LENGTH/8;n++) 145 for (n = 0; n < SHA384_DIGEST_LENGTH/8; n++) {
139 { 146 SHA_LONG64 t = c->h[n];
140 SHA_LONG64 t = c->h[n]; 147
141 148 *(md++) = (unsigned char)(t >> 56);
142 *(md++) = (unsigned char)(t>>56); 149 *(md++) = (unsigned char)(t >> 48);
143 *(md++) = (unsigned char)(t>>48); 150 *(md++) = (unsigned char)(t >> 40);
144 *(md++) = (unsigned char)(t>>40); 151 *(md++) = (unsigned char)(t >> 32);
145 *(md++) = (unsigned char)(t>>32); 152 *(md++) = (unsigned char)(t >> 24);
146 *(md++) = (unsigned char)(t>>24); 153 *(md++) = (unsigned char)(t >> 16);
147 *(md++) = (unsigned char)(t>>16); 154 *(md++) = (unsigned char)(t >> 8);
148 *(md++) = (unsigned char)(t>>8); 155 *(md++) = (unsigned char)(t);
149 *(md++) = (unsigned char)(t); 156 }
150 } 157 break;
151 break; 158 case SHA512_DIGEST_LENGTH:
152 case SHA512_DIGEST_LENGTH: 159 for (n = 0; n < SHA512_DIGEST_LENGTH/8; n++) {
153 for (n=0;n<SHA512_DIGEST_LENGTH/8;n++) 160 SHA_LONG64 t = c->h[n];
154 { 161
155 SHA_LONG64 t = c->h[n]; 162 *(md++) = (unsigned char)(t >> 56);
156 163 *(md++) = (unsigned char)(t >> 48);
157 *(md++) = (unsigned char)(t>>56); 164 *(md++) = (unsigned char)(t >> 40);
158 *(md++) = (unsigned char)(t>>48); 165 *(md++) = (unsigned char)(t >> 32);
159 *(md++) = (unsigned char)(t>>40); 166 *(md++) = (unsigned char)(t >> 24);
160 *(md++) = (unsigned char)(t>>32); 167 *(md++) = (unsigned char)(t >> 16);
161 *(md++) = (unsigned char)(t>>24); 168 *(md++) = (unsigned char)(t >> 8);
162 *(md++) = (unsigned char)(t>>16); 169 *(md++) = (unsigned char)(t);
163 *(md++) = (unsigned char)(t>>8);
164 *(md++) = (unsigned char)(t);
165 }
166 break;
167 /* ... as well as make sure md_len is not abused. */
168 default: return 0;
169 } 170 }
171 break;
172 /* ... as well as make sure md_len is not abused. */
173 default:
174 return 0;
175 }
170 176
171 return 1; 177 return 1;
172 } 178}
173 179
174int SHA384_Final (unsigned char *md,SHA512_CTX *c) 180int
175{ return SHA512_Final (md,c); } 181SHA384_Final(unsigned char *md, SHA512_CTX *c)
182{
183 return SHA512_Final(md, c);
184}
176 185
177int SHA512_Update (SHA512_CTX *c, const void *_data, size_t len) 186int
178 { 187SHA512_Update(SHA512_CTX *c, const void *_data, size_t len)
188{
179 SHA_LONG64 l; 189 SHA_LONG64 l;
180 unsigned char *p=c->u.p; 190 unsigned char *p = c->u.p;
181 const unsigned char *data=(const unsigned char *)_data; 191 const unsigned char *data = (const unsigned char *)_data;
182 192
183 if (len==0) return 1; 193 if (len == 0)
194 return 1;
184 195
185 l = (c->Nl+(((SHA_LONG64)len)<<3))&U64(0xffffffffffffffff); 196 l = (c->Nl + (((SHA_LONG64)len) << 3))&U64(0xffffffffffffffff);
186 if (l < c->Nl) c->Nh++; 197 if (l < c->Nl)
187 if (sizeof(len)>=8) c->Nh+=(((SHA_LONG64)len)>>61); 198 c->Nh++;
188 c->Nl=l; 199 if (sizeof(len) >= 8)
200 c->Nh += (((SHA_LONG64)len) >> 61);
201 c->Nl = l;
189 202
190 if (c->num != 0) 203 if (c->num != 0) {
191 {
192 size_t n = sizeof(c->u) - c->num; 204 size_t n = sizeof(c->u) - c->num;
193 205
194 if (len < n) 206 if (len < n) {
195 { 207 memcpy (p + c->num, data, len), c->num += (unsigned int)len;
196 memcpy (p+c->num,data,len), c->num += (unsigned int)len;
197 return 1; 208 return 1;
198 } 209 }
199 else { 210 else {
200 memcpy (p+c->num,data,n), c->num = 0; 211 memcpy (p + c->num, data, n), c->num = 0;
201 len-=n, data+=n; 212 len -= n, data += n;
202 sha512_block_data_order (c,p,1); 213 sha512_block_data_order (c, p, 1);
203 }
204 } 214 }
215 }
205 216
206 if (len >= sizeof(c->u)) 217 if (len >= sizeof(c->u)) {
207 {
208#ifndef SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA 218#ifndef SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA
209 if ((size_t)data%sizeof(c->u.d[0]) != 0) 219 if ((size_t)data % sizeof(c->u.d[0]) != 0)
210 while (len >= sizeof(c->u)) 220 while (len >= sizeof(c->u))
211 memcpy (p,data,sizeof(c->u)), 221 memcpy (p, data, sizeof(c->u)),
212 sha512_block_data_order (c,p,1), 222 sha512_block_data_order (c, p, 1),
213 len -= sizeof(c->u), 223 len -= sizeof(c->u),
214 data += sizeof(c->u); 224 data += sizeof(c->u);
215 else 225 else
216#endif 226#endif
217 sha512_block_data_order (c,data,len/sizeof(c->u)), 227 sha512_block_data_order (c, data, len/sizeof(c->u)),
218 data += len, 228 data += len,
219 len %= sizeof(c->u), 229 len %= sizeof(c->u),
220 data -= len; 230 data -= len;
221 } 231 }
222 232
223 if (len != 0) memcpy (p,data,len), c->num = (int)len; 233 if (len != 0)
234 memcpy (p, data, len), c->num = (int)len;
224 235
225 return 1; 236 return 1;
226 } 237}
227 238
228int SHA384_Update (SHA512_CTX *c, const void *data, size_t len) 239int
229{ return SHA512_Update (c,data,len); } 240SHA384_Update(SHA512_CTX *c, const void *data, size_t len)
241{
242 return SHA512_Update (c, data, len);
243}
230 244
231void SHA512_Transform (SHA512_CTX *c, const unsigned char *data) 245void
232 { 246SHA512_Transform(SHA512_CTX *c, const unsigned char *data)
247{
233#ifndef SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA 248#ifndef SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA
234 if ((size_t)data%sizeof(c->u.d[0]) != 0) 249 if ((size_t)data % sizeof(c->u.d[0]) != 0)
235 memcpy(c->u.p,data,sizeof(c->u.p)), 250 memcpy(c->u.p, data, sizeof(c->u.p)),
236 data = c->u.p; 251 data = c->u.p;
237#endif 252#endif
238 sha512_block_data_order (c,data,1); 253 sha512_block_data_order (c, data, 1);
239 } 254}
240 255
241unsigned char *SHA384(const unsigned char *d, size_t n, unsigned char *md) 256unsigned char *
242 { 257SHA384(const unsigned char *d, size_t n, unsigned char *md)
258{
243 SHA512_CTX c; 259 SHA512_CTX c;
244 static unsigned char m[SHA384_DIGEST_LENGTH]; 260 static unsigned char m[SHA384_DIGEST_LENGTH];
245 261
246 if (md == NULL) md=m; 262 if (md == NULL)
263 md = m;
247 SHA384_Init(&c); 264 SHA384_Init(&c);
248 SHA512_Update(&c,d,n); 265 SHA512_Update(&c, d, n);
249 SHA512_Final(md,&c); 266 SHA512_Final(md, &c);
250 explicit_bzero(&c,sizeof(c)); 267 explicit_bzero(&c, sizeof(c));
251 return(md); 268 return (md);
252 } 269}
253 270
254unsigned char *SHA512(const unsigned char *d, size_t n, unsigned char *md) 271unsigned char *
255 { 272SHA512(const unsigned char *d, size_t n, unsigned char *md)
273{
256 SHA512_CTX c; 274 SHA512_CTX c;
257 static unsigned char m[SHA512_DIGEST_LENGTH]; 275 static unsigned char m[SHA512_DIGEST_LENGTH];
258 276
259 if (md == NULL) md=m; 277 if (md == NULL)
278 md = m;
260 SHA512_Init(&c); 279 SHA512_Init(&c);
261 SHA512_Update(&c,d,n); 280 SHA512_Update(&c, d, n);
262 SHA512_Final(md,&c); 281 SHA512_Final(md, &c);
263 explicit_bzero(&c,sizeof(c)); 282 explicit_bzero(&c, sizeof(c));
264 return(md); 283 return (md);
265 } 284}
266 285
267#ifndef SHA512_ASM 286#ifndef SHA512_ASM
268static const SHA_LONG64 K512[80] = { 287static const SHA_LONG64 K512[80] = {
269 U64(0x428a2f98d728ae22),U64(0x7137449123ef65cd), 288 U64(0x428a2f98d728ae22), U64(0x7137449123ef65cd),
270 U64(0xb5c0fbcfec4d3b2f),U64(0xe9b5dba58189dbbc), 289 U64(0xb5c0fbcfec4d3b2f), U64(0xe9b5dba58189dbbc),
271 U64(0x3956c25bf348b538),U64(0x59f111f1b605d019), 290 U64(0x3956c25bf348b538), U64(0x59f111f1b605d019),
272 U64(0x923f82a4af194f9b),U64(0xab1c5ed5da6d8118), 291 U64(0x923f82a4af194f9b), U64(0xab1c5ed5da6d8118),
273 U64(0xd807aa98a3030242),U64(0x12835b0145706fbe), 292 U64(0xd807aa98a3030242), U64(0x12835b0145706fbe),
274 U64(0x243185be4ee4b28c),U64(0x550c7dc3d5ffb4e2), 293 U64(0x243185be4ee4b28c), U64(0x550c7dc3d5ffb4e2),
275 U64(0x72be5d74f27b896f),U64(0x80deb1fe3b1696b1), 294 U64(0x72be5d74f27b896f), U64(0x80deb1fe3b1696b1),
276 U64(0x9bdc06a725c71235),U64(0xc19bf174cf692694), 295 U64(0x9bdc06a725c71235), U64(0xc19bf174cf692694),
277 U64(0xe49b69c19ef14ad2),U64(0xefbe4786384f25e3), 296 U64(0xe49b69c19ef14ad2), U64(0xefbe4786384f25e3),
278 U64(0x0fc19dc68b8cd5b5),U64(0x240ca1cc77ac9c65), 297 U64(0x0fc19dc68b8cd5b5), U64(0x240ca1cc77ac9c65),
279 U64(0x2de92c6f592b0275),U64(0x4a7484aa6ea6e483), 298 U64(0x2de92c6f592b0275), U64(0x4a7484aa6ea6e483),
280 U64(0x5cb0a9dcbd41fbd4),U64(0x76f988da831153b5), 299 U64(0x5cb0a9dcbd41fbd4), U64(0x76f988da831153b5),
281 U64(0x983e5152ee66dfab),U64(0xa831c66d2db43210), 300 U64(0x983e5152ee66dfab), U64(0xa831c66d2db43210),
282 U64(0xb00327c898fb213f),U64(0xbf597fc7beef0ee4), 301 U64(0xb00327c898fb213f), U64(0xbf597fc7beef0ee4),
283 U64(0xc6e00bf33da88fc2),U64(0xd5a79147930aa725), 302 U64(0xc6e00bf33da88fc2), U64(0xd5a79147930aa725),
284 U64(0x06ca6351e003826f),U64(0x142929670a0e6e70), 303 U64(0x06ca6351e003826f), U64(0x142929670a0e6e70),
285 U64(0x27b70a8546d22ffc),U64(0x2e1b21385c26c926), 304 U64(0x27b70a8546d22ffc), U64(0x2e1b21385c26c926),
286 U64(0x4d2c6dfc5ac42aed),U64(0x53380d139d95b3df), 305 U64(0x4d2c6dfc5ac42aed), U64(0x53380d139d95b3df),
287 U64(0x650a73548baf63de),U64(0x766a0abb3c77b2a8), 306 U64(0x650a73548baf63de), U64(0x766a0abb3c77b2a8),
288 U64(0x81c2c92e47edaee6),U64(0x92722c851482353b), 307 U64(0x81c2c92e47edaee6), U64(0x92722c851482353b),
289 U64(0xa2bfe8a14cf10364),U64(0xa81a664bbc423001), 308 U64(0xa2bfe8a14cf10364), U64(0xa81a664bbc423001),
290 U64(0xc24b8b70d0f89791),U64(0xc76c51a30654be30), 309 U64(0xc24b8b70d0f89791), U64(0xc76c51a30654be30),
291 U64(0xd192e819d6ef5218),U64(0xd69906245565a910), 310 U64(0xd192e819d6ef5218), U64(0xd69906245565a910),
292 U64(0xf40e35855771202a),U64(0x106aa07032bbd1b8), 311 U64(0xf40e35855771202a), U64(0x106aa07032bbd1b8),
293 U64(0x19a4c116b8d2d0c8),U64(0x1e376c085141ab53), 312 U64(0x19a4c116b8d2d0c8), U64(0x1e376c085141ab53),
294 U64(0x2748774cdf8eeb99),U64(0x34b0bcb5e19b48a8), 313 U64(0x2748774cdf8eeb99), U64(0x34b0bcb5e19b48a8),
295 U64(0x391c0cb3c5c95a63),U64(0x4ed8aa4ae3418acb), 314 U64(0x391c0cb3c5c95a63), U64(0x4ed8aa4ae3418acb),
296 U64(0x5b9cca4f7763e373),U64(0x682e6ff3d6b2b8a3), 315 U64(0x5b9cca4f7763e373), U64(0x682e6ff3d6b2b8a3),
297 U64(0x748f82ee5defb2fc),U64(0x78a5636f43172f60), 316 U64(0x748f82ee5defb2fc), U64(0x78a5636f43172f60),
298 U64(0x84c87814a1f0ab72),U64(0x8cc702081a6439ec), 317 U64(0x84c87814a1f0ab72), U64(0x8cc702081a6439ec),
299 U64(0x90befffa23631e28),U64(0xa4506cebde82bde9), 318 U64(0x90befffa23631e28), U64(0xa4506cebde82bde9),
300 U64(0xbef9a3f7b2c67915),U64(0xc67178f2e372532b), 319 U64(0xbef9a3f7b2c67915), U64(0xc67178f2e372532b),
301 U64(0xca273eceea26619c),U64(0xd186b8c721c0c207), 320 U64(0xca273eceea26619c), U64(0xd186b8c721c0c207),
302 U64(0xeada7dd6cde0eb1e),U64(0xf57d4f7fee6ed178), 321 U64(0xeada7dd6cde0eb1e), U64(0xf57d4f7fee6ed178),
303 U64(0x06f067aa72176fba),U64(0x0a637dc5a2c898a6), 322 U64(0x06f067aa72176fba), U64(0x0a637dc5a2c898a6),
304 U64(0x113f9804bef90dae),U64(0x1b710b35131c471b), 323 U64(0x113f9804bef90dae), U64(0x1b710b35131c471b),
305 U64(0x28db77f523047d84),U64(0x32caab7b40c72493), 324 U64(0x28db77f523047d84), U64(0x32caab7b40c72493),
306 U64(0x3c9ebe0a15c9bebc),U64(0x431d67c49c100d4c), 325 U64(0x3c9ebe0a15c9bebc), U64(0x431d67c49c100d4c),
307 U64(0x4cc5d4becb3e42b6),U64(0x597f299cfc657e2a), 326 U64(0x4cc5d4becb3e42b6), U64(0x597f299cfc657e2a),
308 U64(0x5fcb6fab3ad6faec),U64(0x6c44198c4a475817) }; 327 U64(0x5fcb6fab3ad6faec), U64(0x6c44198c4a475817),
328};
309 329
310#if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) 330#if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
311# if defined(__x86_64) || defined(__x86_64__) 331# if defined(__x86_64) || defined(__x86_64__)
@@ -356,100 +376,132 @@ static const SHA_LONG64 K512[80] = {
356 * This code should give better results on 32-bit CPU with less than 376 * This code should give better results on 32-bit CPU with less than
357 * ~24 registers, both size and performance wise... 377 * ~24 registers, both size and performance wise...
358 */ 378 */
359static void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num) 379static void
360 { 380sha512_block_data_order(SHA512_CTX *ctx, const void *in, size_t num)
361 const SHA_LONG64 *W=in; 381{
362 SHA_LONG64 A,E,T; 382 const SHA_LONG64 *W = in;
363 SHA_LONG64 X[9+80],*F; 383 SHA_LONG64 A, E, T;
384 SHA_LONG64 X[9 + 80], *F;
364 int i; 385 int i;
365 386
366 while (num--) { 387 while (num--) {
367 388
368 F = X+80; 389 F = X + 80;
369 A = ctx->h[0]; F[1] = ctx->h[1]; 390 A = ctx->h[0];
370 F[2] = ctx->h[2]; F[3] = ctx->h[3]; 391 F[1] = ctx->h[1];
371 E = ctx->h[4]; F[5] = ctx->h[5]; 392 F[2] = ctx->h[2];
372 F[6] = ctx->h[6]; F[7] = ctx->h[7]; 393 F[3] = ctx->h[3];
373 394 E = ctx->h[4];
374 for (i=0;i<16;i++,F--) 395 F[5] = ctx->h[5];
375 { 396 F[6] = ctx->h[6];
376 T = PULL64(W[i]); 397 F[7] = ctx->h[7];
377 F[0] = A; 398
378 F[4] = E; 399 for (i = 0; i < 16; i++, F--) {
379 F[8] = T; 400 T = PULL64(W[i]);
380 T += F[7] + Sigma1(E) + Ch(E,F[5],F[6]) + K512[i]; 401 F[0] = A;
381 E = F[3] + T; 402 F[4] = E;
382 A = T + Sigma0(A) + Maj(A,F[1],F[2]); 403 F[8] = T;
404 T += F[7] + Sigma1(E) + Ch(E, F[5], F[6]) + K512[i];
405 E = F[3] + T;
406 A = T + Sigma0(A) + Maj(A, F[1], F[2]);
383 } 407 }
384 408
385 for (;i<80;i++,F--) 409 for (; i < 80; i++, F--) {
386 { 410 T = sigma0(F[8 + 16 - 1]);
387 T = sigma0(F[8+16-1]); 411 T += sigma1(F[8 + 16 - 14]);
388 T += sigma1(F[8+16-14]); 412 T += F[8 + 16] + F[8 + 16 - 9];
389 T += F[8+16] + F[8+16-9]; 413
390 414 F[0] = A;
391 F[0] = A; 415 F[4] = E;
392 F[4] = E; 416 F[8] = T;
393 F[8] = T; 417 T += F[7] + Sigma1(E) + Ch(E, F[5], F[6]) + K512[i];
394 T += F[7] + Sigma1(E) + Ch(E,F[5],F[6]) + K512[i]; 418 E = F[3] + T;
395 E = F[3] + T; 419 A = T + Sigma0(A) + Maj(A, F[1], F[2]);
396 A = T + Sigma0(A) + Maj(A,F[1],F[2]);
397 } 420 }
398 421
399 ctx->h[0] += A; ctx->h[1] += F[1]; 422 ctx->h[0] += A;
400 ctx->h[2] += F[2]; ctx->h[3] += F[3]; 423 ctx->h[1] += F[1];
401 ctx->h[4] += E; ctx->h[5] += F[5]; 424 ctx->h[2] += F[2];
402 ctx->h[6] += F[6]; ctx->h[7] += F[7]; 425 ctx->h[3] += F[3];
426 ctx->h[4] += E;
427 ctx->h[5] += F[5];
428 ctx->h[6] += F[6];
429 ctx->h[7] += F[7];
403 430
404 W+=SHA_LBLOCK; 431 W += SHA_LBLOCK;
405 }
406 } 432 }
433}
407 434
408#elif defined(OPENSSL_SMALL_FOOTPRINT) 435#elif defined(OPENSSL_SMALL_FOOTPRINT)
409 436
410static void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num) 437static void
411 { 438sha512_block_data_order(SHA512_CTX *ctx, const void *in, size_t num)
412 const SHA_LONG64 *W=in; 439{
413 SHA_LONG64 a,b,c,d,e,f,g,h,s0,s1,T1,T2; 440 const SHA_LONG64 *W = in;
441 SHA_LONG64 a, b,c, d,e, f,g, h,s0, s1, T1, T2;
414 SHA_LONG64 X[16]; 442 SHA_LONG64 X[16];
415 int i; 443 int i;
416 444
417 while (num--) { 445 while (num--) {
418 446
419 a = ctx->h[0]; b = ctx->h[1]; c = ctx->h[2]; d = ctx->h[3]; 447 a = ctx->h[0];
420 e = ctx->h[4]; f = ctx->h[5]; g = ctx->h[6]; h = ctx->h[7]; 448 b = ctx->h[1];
449 c = ctx->h[2];
450 d = ctx->h[3];
451 e = ctx->h[4];
452 f = ctx->h[5];
453 g = ctx->h[6];
454 h = ctx->h[7];
421 455
422 for (i=0;i<16;i++) 456 for (i = 0; i < 16; i++) {
423 {
424#if BYTE_ORDER == BIG_ENDIAN 457#if BYTE_ORDER == BIG_ENDIAN
425 T1 = X[i] = W[i]; 458 T1 = X[i] = W[i];
426#else 459#else
427 T1 = X[i] = PULL64(W[i]); 460 T1 = X[i] = PULL64(W[i]);
428#endif 461#endif
429 T1 += h + Sigma1(e) + Ch(e,f,g) + K512[i]; 462 T1 += h + Sigma1(e) + Ch(e, f, g) + K512[i];
430 T2 = Sigma0(a) + Maj(a,b,c); 463 T2 = Sigma0(a) + Maj(a, b, c);
431 h = g; g = f; f = e; e = d + T1; 464 h = g;
432 d = c; c = b; b = a; a = T1 + T2; 465 g = f;
466 f = e;
467 e = d + T1;
468 d = c;
469 c = b;
470 b = a;
471 a = T1 + T2;
433 } 472 }
434 473
435 for (;i<80;i++) 474 for (; i < 80; i++) {
436 { 475 s0 = X[(i + 1)&0x0f];
437 s0 = X[(i+1)&0x0f]; s0 = sigma0(s0); 476 s0 = sigma0(s0);
438 s1 = X[(i+14)&0x0f]; s1 = sigma1(s1); 477 s1 = X[(i + 14)&0x0f];
439 478 s1 = sigma1(s1);
440 T1 = X[i&0xf] += s0 + s1 + X[(i+9)&0xf]; 479
441 T1 += h + Sigma1(e) + Ch(e,f,g) + K512[i]; 480 T1 = X[i&0xf] += s0 + s1 + X[(i + 9)&0xf];
442 T2 = Sigma0(a) + Maj(a,b,c); 481 T1 += h + Sigma1(e) + Ch(e, f, g) + K512[i];
443 h = g; g = f; f = e; e = d + T1; 482 T2 = Sigma0(a) + Maj(a, b, c);
444 d = c; c = b; b = a; a = T1 + T2; 483 h = g;
484 g = f;
485 f = e;
486 e = d + T1;
487 d = c;
488 c = b;
489 b = a;
490 a = T1 + T2;
445 } 491 }
446 492
447 ctx->h[0] += a; ctx->h[1] += b; ctx->h[2] += c; ctx->h[3] += d; 493 ctx->h[0] += a;
448 ctx->h[4] += e; ctx->h[5] += f; ctx->h[6] += g; ctx->h[7] += h; 494 ctx->h[1] += b;
495 ctx->h[2] += c;
496 ctx->h[3] += d;
497 ctx->h[4] += e;
498 ctx->h[5] += f;
499 ctx->h[6] += g;
500 ctx->h[7] += h;
449 501
450 W+=SHA_LBLOCK; 502 W += SHA_LBLOCK;
451 }
452 } 503 }
504}
453 505
454#else 506#else
455 507
@@ -464,80 +516,124 @@ static void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num
464 T1 = X[(j)&0x0f] += s0 + s1 + X[(j+9)&0x0f]; \ 516 T1 = X[(j)&0x0f] += s0 + s1 + X[(j+9)&0x0f]; \
465 ROUND_00_15(i+j,a,b,c,d,e,f,g,h); } while (0) 517 ROUND_00_15(i+j,a,b,c,d,e,f,g,h); } while (0)
466 518
467static void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num) 519static void
468 { 520sha512_block_data_order(SHA512_CTX *ctx, const void *in, size_t num)
469 const SHA_LONG64 *W=in; 521{
470 SHA_LONG64 a,b,c,d,e,f,g,h,s0,s1,T1; 522 const SHA_LONG64 *W = in;
523 SHA_LONG64 a, b,c, d,e, f,g, h,s0, s1, T1;
471 SHA_LONG64 X[16]; 524 SHA_LONG64 X[16];
472 int i; 525 int i;
473 526
474 while (num--) { 527 while (num--) {
475 528
476 a = ctx->h[0]; b = ctx->h[1]; c = ctx->h[2]; d = ctx->h[3]; 529 a = ctx->h[0];
477 e = ctx->h[4]; f = ctx->h[5]; g = ctx->h[6]; h = ctx->h[7]; 530 b = ctx->h[1];
531 c = ctx->h[2];
532 d = ctx->h[3];
533 e = ctx->h[4];
534 f = ctx->h[5];
535 g = ctx->h[6];
536 h = ctx->h[7];
478 537
479#if BYTE_ORDER == BIG_ENDIAN 538#if BYTE_ORDER == BIG_ENDIAN
480 T1 = X[0] = W[0]; ROUND_00_15(0,a,b,c,d,e,f,g,h); 539 T1 = X[0] = W[0];
481 T1 = X[1] = W[1]; ROUND_00_15(1,h,a,b,c,d,e,f,g); 540 ROUND_00_15(0, a,b, c,d, e,f, g, h);
482 T1 = X[2] = W[2]; ROUND_00_15(2,g,h,a,b,c,d,e,f); 541 T1 = X[1] = W[1];
483 T1 = X[3] = W[3]; ROUND_00_15(3,f,g,h,a,b,c,d,e); 542 ROUND_00_15(1, h,a, b,c, d,e, f, g);
484 T1 = X[4] = W[4]; ROUND_00_15(4,e,f,g,h,a,b,c,d); 543 T1 = X[2] = W[2];
485 T1 = X[5] = W[5]; ROUND_00_15(5,d,e,f,g,h,a,b,c); 544 ROUND_00_15(2, g,h, a,b, c,d, e, f);
486 T1 = X[6] = W[6]; ROUND_00_15(6,c,d,e,f,g,h,a,b); 545 T1 = X[3] = W[3];
487 T1 = X[7] = W[7]; ROUND_00_15(7,b,c,d,e,f,g,h,a); 546 ROUND_00_15(3, f,g, h,a, b,c, d, e);
488 T1 = X[8] = W[8]; ROUND_00_15(8,a,b,c,d,e,f,g,h); 547 T1 = X[4] = W[4];
489 T1 = X[9] = W[9]; ROUND_00_15(9,h,a,b,c,d,e,f,g); 548 ROUND_00_15(4, e,f, g,h, a,b, c, d);
490 T1 = X[10] = W[10]; ROUND_00_15(10,g,h,a,b,c,d,e,f); 549 T1 = X[5] = W[5];
491 T1 = X[11] = W[11]; ROUND_00_15(11,f,g,h,a,b,c,d,e); 550 ROUND_00_15(5, d,e, f,g, h,a, b, c);
492 T1 = X[12] = W[12]; ROUND_00_15(12,e,f,g,h,a,b,c,d); 551 T1 = X[6] = W[6];
493 T1 = X[13] = W[13]; ROUND_00_15(13,d,e,f,g,h,a,b,c); 552 ROUND_00_15(6, c,d, e,f, g,h, a, b);
494 T1 = X[14] = W[14]; ROUND_00_15(14,c,d,e,f,g,h,a,b); 553 T1 = X[7] = W[7];
495 T1 = X[15] = W[15]; ROUND_00_15(15,b,c,d,e,f,g,h,a); 554 ROUND_00_15(7, b,c, d,e, f,g, h, a);
555 T1 = X[8] = W[8];
556 ROUND_00_15(8, a,b, c,d, e,f, g, h);
557 T1 = X[9] = W[9];
558 ROUND_00_15(9, h,a, b,c, d,e, f, g);
559 T1 = X[10] = W[10];
560 ROUND_00_15(10, g,h, a,b, c,d, e, f);
561 T1 = X[11] = W[11];
562 ROUND_00_15(11, f,g, h,a, b,c, d, e);
563 T1 = X[12] = W[12];
564 ROUND_00_15(12, e,f, g,h, a,b, c, d);
565 T1 = X[13] = W[13];
566 ROUND_00_15(13, d,e, f,g, h,a, b, c);
567 T1 = X[14] = W[14];
568 ROUND_00_15(14, c,d, e,f, g,h, a, b);
569 T1 = X[15] = W[15];
570 ROUND_00_15(15, b,c, d,e, f,g, h, a);
496#else 571#else
497 T1 = X[0] = PULL64(W[0]); ROUND_00_15(0,a,b,c,d,e,f,g,h); 572 T1 = X[0] = PULL64(W[0]);
498 T1 = X[1] = PULL64(W[1]); ROUND_00_15(1,h,a,b,c,d,e,f,g); 573 ROUND_00_15(0, a,b, c,d, e,f, g, h);
499 T1 = X[2] = PULL64(W[2]); ROUND_00_15(2,g,h,a,b,c,d,e,f); 574 T1 = X[1] = PULL64(W[1]);
500 T1 = X[3] = PULL64(W[3]); ROUND_00_15(3,f,g,h,a,b,c,d,e); 575 ROUND_00_15(1, h,a, b,c, d,e, f, g);
501 T1 = X[4] = PULL64(W[4]); ROUND_00_15(4,e,f,g,h,a,b,c,d); 576 T1 = X[2] = PULL64(W[2]);
502 T1 = X[5] = PULL64(W[5]); ROUND_00_15(5,d,e,f,g,h,a,b,c); 577 ROUND_00_15(2, g,h, a,b, c,d, e, f);
503 T1 = X[6] = PULL64(W[6]); ROUND_00_15(6,c,d,e,f,g,h,a,b); 578 T1 = X[3] = PULL64(W[3]);
504 T1 = X[7] = PULL64(W[7]); ROUND_00_15(7,b,c,d,e,f,g,h,a); 579 ROUND_00_15(3, f,g, h,a, b,c, d, e);
505 T1 = X[8] = PULL64(W[8]); ROUND_00_15(8,a,b,c,d,e,f,g,h); 580 T1 = X[4] = PULL64(W[4]);
506 T1 = X[9] = PULL64(W[9]); ROUND_00_15(9,h,a,b,c,d,e,f,g); 581 ROUND_00_15(4, e,f, g,h, a,b, c, d);
507 T1 = X[10] = PULL64(W[10]); ROUND_00_15(10,g,h,a,b,c,d,e,f); 582 T1 = X[5] = PULL64(W[5]);
508 T1 = X[11] = PULL64(W[11]); ROUND_00_15(11,f,g,h,a,b,c,d,e); 583 ROUND_00_15(5, d,e, f,g, h,a, b, c);
509 T1 = X[12] = PULL64(W[12]); ROUND_00_15(12,e,f,g,h,a,b,c,d); 584 T1 = X[6] = PULL64(W[6]);
510 T1 = X[13] = PULL64(W[13]); ROUND_00_15(13,d,e,f,g,h,a,b,c); 585 ROUND_00_15(6, c,d, e,f, g,h, a, b);
511 T1 = X[14] = PULL64(W[14]); ROUND_00_15(14,c,d,e,f,g,h,a,b); 586 T1 = X[7] = PULL64(W[7]);
512 T1 = X[15] = PULL64(W[15]); ROUND_00_15(15,b,c,d,e,f,g,h,a); 587 ROUND_00_15(7, b,c, d,e, f,g, h, a);
588 T1 = X[8] = PULL64(W[8]);
589 ROUND_00_15(8, a,b, c,d, e,f, g, h);
590 T1 = X[9] = PULL64(W[9]);
591 ROUND_00_15(9, h,a, b,c, d,e, f, g);
592 T1 = X[10] = PULL64(W[10]);
593 ROUND_00_15(10, g,h, a,b, c,d, e, f);
594 T1 = X[11] = PULL64(W[11]);
595 ROUND_00_15(11, f,g, h,a, b,c, d, e);
596 T1 = X[12] = PULL64(W[12]);
597 ROUND_00_15(12, e,f, g,h, a,b, c, d);
598 T1 = X[13] = PULL64(W[13]);
599 ROUND_00_15(13, d,e, f,g, h,a, b, c);
600 T1 = X[14] = PULL64(W[14]);
601 ROUND_00_15(14, c,d, e,f, g,h, a, b);
602 T1 = X[15] = PULL64(W[15]);
603 ROUND_00_15(15, b,c, d,e, f,g, h, a);
513#endif 604#endif
514 605
515 for (i=16;i<80;i+=16) 606 for (i = 16; i < 80; i += 16) {
516 { 607 ROUND_16_80(i, 0, a,b, c,d, e,f, g,h, X);
517 ROUND_16_80(i, 0,a,b,c,d,e,f,g,h,X); 608 ROUND_16_80(i, 1, h,a, b,c, d,e, f,g, X);
518 ROUND_16_80(i, 1,h,a,b,c,d,e,f,g,X); 609 ROUND_16_80(i, 2, g,h, a,b, c,d, e,f, X);
519 ROUND_16_80(i, 2,g,h,a,b,c,d,e,f,X); 610 ROUND_16_80(i, 3, f,g, h,a, b,c, d,e, X);
520 ROUND_16_80(i, 3,f,g,h,a,b,c,d,e,X); 611 ROUND_16_80(i, 4, e,f, g,h, a,b, c,d, X);
521 ROUND_16_80(i, 4,e,f,g,h,a,b,c,d,X); 612 ROUND_16_80(i, 5, d,e, f,g, h,a, b,c, X);
522 ROUND_16_80(i, 5,d,e,f,g,h,a,b,c,X); 613 ROUND_16_80(i, 6, c,d, e,f, g,h, a,b, X);
523 ROUND_16_80(i, 6,c,d,e,f,g,h,a,b,X); 614 ROUND_16_80(i, 7, b,c, d,e, f,g, h,a, X);
524 ROUND_16_80(i, 7,b,c,d,e,f,g,h,a,X); 615 ROUND_16_80(i, 8, a,b, c,d, e,f, g,h, X);
525 ROUND_16_80(i, 8,a,b,c,d,e,f,g,h,X); 616 ROUND_16_80(i, 9, h,a, b,c, d,e, f,g, X);
526 ROUND_16_80(i, 9,h,a,b,c,d,e,f,g,X); 617 ROUND_16_80(i, 10, g,h, a,b, c,d, e,f, X);
527 ROUND_16_80(i,10,g,h,a,b,c,d,e,f,X); 618 ROUND_16_80(i, 11, f,g, h,a, b,c, d,e, X);
528 ROUND_16_80(i,11,f,g,h,a,b,c,d,e,X); 619 ROUND_16_80(i, 12, e,f, g,h, a,b, c,d, X);
529 ROUND_16_80(i,12,e,f,g,h,a,b,c,d,X); 620 ROUND_16_80(i, 13, d,e, f,g, h,a, b,c, X);
530 ROUND_16_80(i,13,d,e,f,g,h,a,b,c,X); 621 ROUND_16_80(i, 14, c,d, e,f, g,h, a,b, X);
531 ROUND_16_80(i,14,c,d,e,f,g,h,a,b,X); 622 ROUND_16_80(i, 15, b,c, d,e, f,g, h,a, X);
532 ROUND_16_80(i,15,b,c,d,e,f,g,h,a,X);
533 } 623 }
534 624
535 ctx->h[0] += a; ctx->h[1] += b; ctx->h[2] += c; ctx->h[3] += d; 625 ctx->h[0] += a;
536 ctx->h[4] += e; ctx->h[5] += f; ctx->h[6] += g; ctx->h[7] += h; 626 ctx->h[1] += b;
627 ctx->h[2] += c;
628 ctx->h[3] += d;
629 ctx->h[4] += e;
630 ctx->h[5] += f;
631 ctx->h[6] += g;
632 ctx->h[7] += h;
537 633
538 W+=SHA_LBLOCK; 634 W += SHA_LBLOCK;
539 }
540 } 635 }
636}
541 637
542#endif 638#endif
543 639
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-25 14:58:13 +0000