summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/sha
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/sha')
-rw-r--r--src/lib/libcrypto/sha/Makefile139
-rw-r--r--src/lib/libcrypto/sha/asm/README1
-rw-r--r--src/lib/libcrypto/sha/asm/sha1-586.pl219
-rw-r--r--src/lib/libcrypto/sha/asm/sha1-ia64.pl305
-rwxr-xr-xsrc/lib/libcrypto/sha/asm/sha1-x86_64.pl242
-rwxr-xr-xsrc/lib/libcrypto/sha/asm/sha512-ia64.pl672
-rw-r--r--src/lib/libcrypto/sha/asm/sha512-sse2.pl404
-rwxr-xr-xsrc/lib/libcrypto/sha/asm/sha512-x86_64.pl344
-rw-r--r--src/lib/libcrypto/sha/sha.c124
-rw-r--r--src/lib/libcrypto/sha/sha.h200
-rw-r--r--src/lib/libcrypto/sha/sha1.c127
-rw-r--r--src/lib/libcrypto/sha/sha1_one.c78
-rw-r--r--src/lib/libcrypto/sha/sha1dgst.c74
-rw-r--r--src/lib/libcrypto/sha/sha1s.cpp82
-rw-r--r--src/lib/libcrypto/sha/sha1test.c178
-rw-r--r--src/lib/libcrypto/sha/sha256.c282
-rw-r--r--src/lib/libcrypto/sha/sha512.c537
-rw-r--r--src/lib/libcrypto/sha/sha_dgst.c74
-rw-r--r--src/lib/libcrypto/sha/sha_locl.h439
-rw-r--r--src/lib/libcrypto/sha/sha_one.c78
-rw-r--r--src/lib/libcrypto/sha/shatest.c178
21 files changed, 4777 insertions, 0 deletions
diff --git a/src/lib/libcrypto/sha/Makefile b/src/lib/libcrypto/sha/Makefile
new file mode 100644
index 0000000000..ac64fb61d3
--- /dev/null
+++ b/src/lib/libcrypto/sha/Makefile
@@ -0,0 +1,139 @@
1#
2# OpenSSL/crypto/sha/Makefile
3#
4
5DIR= sha
6TOP= ../..
7CC= cc
8CPP= $(CC) -E
9INCLUDES=
10CFLAG=-g
11MAKEFILE= Makefile
12AR= ar r
13
14SHA1_ASM_OBJ=
15
16CFLAGS= $(INCLUDES) $(CFLAG)
17ASFLAGS= $(INCLUDES) $(ASFLAG)
18AFLAGS= $(ASFLAGS)
19
20GENERAL=Makefile
21TEST=shatest.c sha1test.c sha256t.c sha512t.c
22APPS=
23
24LIB=$(TOP)/libcrypto.a
25LIBSRC=sha_dgst.c sha1dgst.c sha_one.c sha1_one.c sha256.c sha512.c
26LIBOBJ=sha_dgst.o sha1dgst.o sha_one.o sha1_one.o sha256.o sha512.o $(SHA1_ASM_OBJ)
27
28SRC= $(LIBSRC)
29
30EXHEADER= sha.h
31HEADER= sha_locl.h $(EXHEADER)
32
33ALL= $(GENERAL) $(SRC) $(HEADER)
34
35top:
36 (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
37
38all: lib
39
40lib: $(LIBOBJ)
41 $(AR) $(LIB) $(LIBOBJ)
42 $(RANLIB) $(LIB) || echo Never mind.
43 @touch lib
44
45# ELF
46sx86-elf.s: asm/sha1-586.pl ../perlasm/x86asm.pl
47 (cd asm; $(PERL) sha1-586.pl elf $(CFLAGS) $(PROCESSOR) > ../$@)
48s512sse2-elf.s: asm/sha512-sse2.pl ../perlasm/x86asm.pl
49 (cd asm; $(PERL) sha512-sse2.pl elf $(CFLAGS) $(PROCESSOR) > ../$@)
50# COFF
51sx86-cof.s: asm/sha1-586.pl ../perlasm/x86asm.pl
52 (cd asm; $(PERL) sha1-586.pl coff $(CFLAGS) $(PROCESSOR) > ../$@)
53s512sse2-cof.s: asm/sha512-sse2.pl ../perlasm/x86asm.pl
54 (cd asm; $(PERL) sha512-sse2.pl coff $(CFLAGS) $(PROCESSOR) > ../$@)
55# a.out
56sx86-out.s: asm/sha1-586.pl ../perlasm/x86asm.pl
57 (cd asm; $(PERL) sha1-586.pl a.out $(CFLAGS) $(PROCESSOR) > ../$@)
58s512sse2-out.s: asm/sha512-sse2.pl ../perlasm/x86asm.pl
59 (cd asm; $(PERL) sha512-sse2.pl a.out $(CFLAGS) $(PROCESSOR) > ../$@)
60
61sha1-ia64.s: asm/sha1-ia64.pl
62 (cd asm; $(PERL) sha1-ia64.pl $(CFLAGS) ) > $@
63sha256-ia64.s: asm/sha512-ia64.pl
64 (cd asm; $(PERL) sha512-ia64.pl ../$@ $(CFLAGS))
65sha512-ia64.s: asm/sha512-ia64.pl
66 (cd asm; $(PERL) sha512-ia64.pl ../$@ $(CFLAGS))
67
68# Solaris make has to be explicitly told
69sha1-x86_64.s: asm/sha1-x86_64.pl; $(PERL) asm/sha1-x86_64.pl $@
70sha256-x86_64.s:asm/sha512-x86_64.pl; $(PERL) asm/sha512-x86_64.pl $@
71sha512-x86_64.s:asm/sha512-x86_64.pl; $(PERL) asm/sha512-x86_64.pl $@
72
73files:
74 $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
75
76links:
77 @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
78 @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
79 @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
80
81install:
82 @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
83 @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
84 do \
85 (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
86 chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
87 done;
88
89tags:
90 ctags $(SRC)
91
92tests:
93
94lint:
95 lint -DLINT $(INCLUDES) $(SRC)>fluff
96
97depend:
98 @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
99 $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
100
101dclean:
102 $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
103 mv -f Makefile.new $(MAKEFILE)
104
105clean:
106 rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
107
108# DO NOT DELETE THIS LINE -- make depend depends on it.
109
110sha1_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
111sha1_one.o: ../../include/openssl/opensslconf.h
112sha1_one.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
113sha1_one.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
114sha1_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
115sha1_one.o: sha1_one.c
116sha1dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
117sha1dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/sha.h
118sha1dgst.o: ../md32_common.h sha1dgst.c sha_locl.h
119sha256.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
120sha256.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
121sha256.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
122sha256.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
123sha256.o: ../../include/openssl/symhacks.h ../md32_common.h sha256.c
124sha512.o: ../../e_os.h ../../include/openssl/bio.h
125sha512.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
126sha512.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
127sha512.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
128sha512.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
129sha512.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
130sha512.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
131sha512.o: ../cryptlib.h sha512.c
132sha_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
133sha_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/sha.h
134sha_dgst.o: ../md32_common.h sha_dgst.c sha_locl.h
135sha_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
136sha_one.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
137sha_one.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
138sha_one.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
139sha_one.o: ../../include/openssl/symhacks.h sha_one.c
diff --git a/src/lib/libcrypto/sha/asm/README b/src/lib/libcrypto/sha/asm/README
new file mode 100644
index 0000000000..b7e755765f
--- /dev/null
+++ b/src/lib/libcrypto/sha/asm/README
@@ -0,0 +1 @@
C2.pl works
diff --git a/src/lib/libcrypto/sha/asm/sha1-586.pl b/src/lib/libcrypto/sha/asm/sha1-586.pl
new file mode 100644
index 0000000000..a787dd37da
--- /dev/null
+++ b/src/lib/libcrypto/sha/asm/sha1-586.pl
@@ -0,0 +1,219 @@
1#!/usr/bin/env perl
2
3# ====================================================================
4# [Re]written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
5# project. The module is, however, dual licensed under OpenSSL and
6# CRYPTOGAMS licenses depending on where you obtain it. For further
7# details see http://www.openssl.org/~appro/cryptogams/.
8# ====================================================================
9
10# "[Re]written" was achieved in two major overhauls. In 2004 BODY_*
11# functions were re-implemented to address P4 performance issue [see
12# commentary below], and in 2006 the rest was rewritten in order to
13# gain freedom to liberate licensing terms.
14
15# It was noted that Intel IA-32 C compiler generates code which
16# performs ~30% *faster* on P4 CPU than original *hand-coded*
17# SHA1 assembler implementation. To address this problem (and
18# prove that humans are still better than machines:-), the
19# original code was overhauled, which resulted in following
20# performance changes:
21#
22# compared with original compared with Intel cc
23# assembler impl. generated code
24# Pentium -16% +48%
25# PIII/AMD +8% +16%
26# P4 +85%(!) +45%
27#
28# As you can see Pentium came out as looser:-( Yet I reckoned that
29# improvement on P4 outweights the loss and incorporate this
30# re-tuned code to 0.9.7 and later.
31# ----------------------------------------------------------------
32# <appro@fy.chalmers.se>
33
34$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
35push(@INC,"${dir}","${dir}../../perlasm");
36require "x86asm.pl";
37
38&asm_init($ARGV[0],"sha1-586.pl",$ARGV[$#ARGV] eq "386");
39
40$A="eax";
41$B="ebx";
42$C="ecx";
43$D="edx";
44$E="edi";
45$T="esi";
46$tmp1="ebp";
47
48@V=($A,$B,$C,$D,$E,$T);
49
50sub BODY_00_15
51 {
52 local($n,$a,$b,$c,$d,$e,$f)=@_;
53
54 &comment("00_15 $n");
55
56 &mov($f,$c); # f to hold F_00_19(b,c,d)
57 if ($n==0) { &mov($tmp1,$a); }
58 else { &mov($a,$tmp1); }
59 &rotl($tmp1,5); # tmp1=ROTATE(a,5)
60 &xor($f,$d);
61 &add($tmp1,$e); # tmp1+=e;
62 &and($f,$b);
63 &mov($e,&swtmp($n%16)); # e becomes volatile and is loaded
64 # with xi, also note that e becomes
65 # f in next round...
66 &xor($f,$d); # f holds F_00_19(b,c,d)
67 &rotr($b,2); # b=ROTATE(b,30)
68 &lea($tmp1,&DWP(0x5a827999,$tmp1,$e)); # tmp1+=K_00_19+xi
69
70 if ($n==15) { &add($f,$tmp1); } # f+=tmp1
71 else { &add($tmp1,$f); } # f becomes a in next round
72 }
73
74sub BODY_16_19
75 {
76 local($n,$a,$b,$c,$d,$e,$f)=@_;
77
78 &comment("16_19 $n");
79
80 &mov($f,&swtmp($n%16)); # f to hold Xupdate(xi,xa,xb,xc,xd)
81 &mov($tmp1,$c); # tmp1 to hold F_00_19(b,c,d)
82 &xor($f,&swtmp(($n+2)%16));
83 &xor($tmp1,$d);
84 &xor($f,&swtmp(($n+8)%16));
85 &and($tmp1,$b); # tmp1 holds F_00_19(b,c,d)
86 &rotr($b,2); # b=ROTATE(b,30)
87 &xor($f,&swtmp(($n+13)%16)); # f holds xa^xb^xc^xd
88 &rotl($f,1); # f=ROTATE(f,1)
89 &xor($tmp1,$d); # tmp1=F_00_19(b,c,d)
90 &mov(&swtmp($n%16),$f); # xi=f
91 &lea($f,&DWP(0x5a827999,$f,$e));# f+=K_00_19+e
92 &mov($e,$a); # e becomes volatile
93 &rotl($e,5); # e=ROTATE(a,5)
94 &add($f,$tmp1); # f+=F_00_19(b,c,d)
95 &add($f,$e); # f+=ROTATE(a,5)
96 }
97
98sub BODY_20_39
99 {
100 local($n,$a,$b,$c,$d,$e,$f)=@_;
101 local $K=($n<40)?0x6ed9eba1:0xca62c1d6;
102
103 &comment("20_39 $n");
104
105 &mov($tmp1,$b); # tmp1 to hold F_20_39(b,c,d)
106 &mov($f,&swtmp($n%16)); # f to hold Xupdate(xi,xa,xb,xc,xd)
107 &rotr($b,2); # b=ROTATE(b,30)
108 &xor($f,&swtmp(($n+2)%16));
109 &xor($tmp1,$c);
110 &xor($f,&swtmp(($n+8)%16));
111 &xor($tmp1,$d); # tmp1 holds F_20_39(b,c,d)
112 &xor($f,&swtmp(($n+13)%16)); # f holds xa^xb^xc^xd
113 &rotl($f,1); # f=ROTATE(f,1)
114 &add($tmp1,$e);
115 &mov(&swtmp($n%16),$f); # xi=f
116 &mov($e,$a); # e becomes volatile
117 &rotl($e,5); # e=ROTATE(a,5)
118 &lea($f,&DWP($K,$f,$tmp1)); # f+=K_20_39+e
119 &add($f,$e); # f+=ROTATE(a,5)
120 }
121
122sub BODY_40_59
123 {
124 local($n,$a,$b,$c,$d,$e,$f)=@_;
125
126 &comment("40_59 $n");
127
128 &mov($f,&swtmp($n%16)); # f to hold Xupdate(xi,xa,xb,xc,xd)
129 &mov($tmp1,&swtmp(($n+2)%16));
130 &xor($f,$tmp1);
131 &mov($tmp1,&swtmp(($n+8)%16));
132 &xor($f,$tmp1);
133 &mov($tmp1,&swtmp(($n+13)%16));
134 &xor($f,$tmp1); # f holds xa^xb^xc^xd
135 &mov($tmp1,$b); # tmp1 to hold F_40_59(b,c,d)
136 &rotl($f,1); # f=ROTATE(f,1)
137 &or($tmp1,$c);
138 &mov(&swtmp($n%16),$f); # xi=f
139 &and($tmp1,$d);
140 &lea($f,&DWP(0x8f1bbcdc,$f,$e));# f+=K_40_59+e
141 &mov($e,$b); # e becomes volatile and is used
142 # to calculate F_40_59(b,c,d)
143 &rotr($b,2); # b=ROTATE(b,30)
144 &and($e,$c);
145 &or($tmp1,$e); # tmp1 holds F_40_59(b,c,d)
146 &mov($e,$a);
147 &rotl($e,5); # e=ROTATE(a,5)
148 &add($f,$tmp1); # f+=tmp1;
149 &add($f,$e); # f+=ROTATE(a,5)
150 }
151
152&function_begin("sha1_block_data_order");
153 &mov($tmp1,&wparam(0)); # SHA_CTX *c
154 &mov($T,&wparam(1)); # const void *input
155 &mov($A,&wparam(2)); # size_t num
156 &stack_push(16); # allocate X[16]
157 &shl($A,6);
158 &add($A,$T);
159 &mov(&wparam(2),$A); # pointer beyond the end of input
160 &mov($E,&DWP(16,$tmp1));# pre-load E
161
162 &set_label("loop",16);
163
164 # copy input chunk to X, but reversing byte order!
165 for ($i=0; $i<16; $i+=4)
166 {
167 &mov($A,&DWP(4*($i+0),$T));
168 &mov($B,&DWP(4*($i+1),$T));
169 &mov($C,&DWP(4*($i+2),$T));
170 &mov($D,&DWP(4*($i+3),$T));
171 &bswap($A);
172 &bswap($B);
173 &bswap($C);
174 &bswap($D);
175 &mov(&swtmp($i+0),$A);
176 &mov(&swtmp($i+1),$B);
177 &mov(&swtmp($i+2),$C);
178 &mov(&swtmp($i+3),$D);
179 }
180 &mov(&wparam(1),$T); # redundant in 1st spin
181
182 &mov($A,&DWP(0,$tmp1)); # load SHA_CTX
183 &mov($B,&DWP(4,$tmp1));
184 &mov($C,&DWP(8,$tmp1));
185 &mov($D,&DWP(12,$tmp1));
186 # E is pre-loaded
187
188 for($i=0;$i<16;$i++) { &BODY_00_15($i,@V); unshift(@V,pop(@V)); }
189 for(;$i<20;$i++) { &BODY_16_19($i,@V); unshift(@V,pop(@V)); }
190 for(;$i<40;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
191 for(;$i<60;$i++) { &BODY_40_59($i,@V); unshift(@V,pop(@V)); }
192 for(;$i<80;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
193
194 (($V[5] eq $D) and ($V[0] eq $E)) or die; # double-check
195
196 &mov($tmp1,&wparam(0)); # re-load SHA_CTX*
197 &mov($D,&wparam(1)); # D is last "T" and is discarded
198
199 &add($E,&DWP(0,$tmp1)); # E is last "A"...
200 &add($T,&DWP(4,$tmp1));
201 &add($A,&DWP(8,$tmp1));
202 &add($B,&DWP(12,$tmp1));
203 &add($C,&DWP(16,$tmp1));
204
205 &mov(&DWP(0,$tmp1),$E); # update SHA_CTX
206 &add($D,64); # advance input pointer
207 &mov(&DWP(4,$tmp1),$T);
208 &cmp($D,&wparam(2)); # have we reached the end yet?
209 &mov(&DWP(8,$tmp1),$A);
210 &mov($E,$C); # C is last "E" which needs to be "pre-loaded"
211 &mov(&DWP(12,$tmp1),$B);
212 &mov($T,$D); # input pointer
213 &mov(&DWP(16,$tmp1),$C);
214 &jb(&label("loop"));
215
216 &stack_pop(16);
217&function_end("sha1_block_data_order");
218
219&asm_finish();
diff --git a/src/lib/libcrypto/sha/asm/sha1-ia64.pl b/src/lib/libcrypto/sha/asm/sha1-ia64.pl
new file mode 100644
index 0000000000..aa18c1089b
--- /dev/null
+++ b/src/lib/libcrypto/sha/asm/sha1-ia64.pl
@@ -0,0 +1,305 @@
1#!/usr/bin/env perl
2#
3# ====================================================================
4# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
5# project. The module is, however, dual licensed under OpenSSL and
6# CRYPTOGAMS licenses depending on where you obtain it. For further
7# details see http://www.openssl.org/~appro/cryptogams/.
8# ====================================================================
9#
10# Eternal question is what's wrong with compiler generated code? The
11# trick is that it's possible to reduce the number of shifts required
12# to perform rotations by maintaining copy of 32-bit value in upper
13# bits of 64-bit register. Just follow mux2 and shrp instructions...
14# Performance under big-endian OS such as HP-UX is 179MBps*1GHz, which
15# is >50% better than HP C and >2x better than gcc.
16
17$code=<<___;
18.ident \"sha1-ia64.s, version 1.2\"
19.ident \"IA-64 ISA artwork by Andy Polyakov <appro\@fy.chalmers.se>\"
20.explicit
21
22___
23
24
25if ($^O eq "hpux") {
26 $ADDP="addp4";
27 for (@ARGV) { $ADDP="add" if (/[\+DD|\-mlp]64/); }
28} else { $ADDP="add"; }
29for (@ARGV) { $big_endian=1 if (/\-DB_ENDIAN/);
30 $big_endian=0 if (/\-DL_ENDIAN/); }
31if (!defined($big_endian))
32 { $big_endian=(unpack('L',pack('N',1))==1); }
33
34#$human=1;
35if ($human) { # useful for visual code auditing...
36 ($A,$B,$C,$D,$E,$T) = ("A","B","C","D","E","T");
37 ($h0,$h1,$h2,$h3,$h4) = ("h0","h1","h2","h3","h4");
38 ($K_00_19, $K_20_39, $K_40_59, $K_60_79) =
39 ( "K_00_19","K_20_39","K_40_59","K_60_79" );
40 @X= ( "X0", "X1", "X2", "X3", "X4", "X5", "X6", "X7",
41 "X8", "X9","X10","X11","X12","X13","X14","X15" );
42}
43else {
44 ($A,$B,$C,$D,$E,$T) = ("loc0","loc1","loc2","loc3","loc4","loc5");
45 ($h0,$h1,$h2,$h3,$h4) = ("loc6","loc7","loc8","loc9","loc10");
46 ($K_00_19, $K_20_39, $K_40_59, $K_60_79) =
47 ( "r14", "r15", "loc11", "loc12" );
48 @X= ( "r16", "r17", "r18", "r19", "r20", "r21", "r22", "r23",
49 "r24", "r25", "r26", "r27", "r28", "r29", "r30", "r31" );
50}
51
52sub BODY_00_15 {
53local *code=shift;
54local ($i,$a,$b,$c,$d,$e,$f)=@_;
55
56$code.=<<___ if ($i==0);
57{ .mmi; ld1 $X[$i&0xf]=[inp],2 // MSB
58 ld1 tmp2=[tmp3],2 };;
59{ .mmi; ld1 tmp0=[inp],2
60 ld1 tmp4=[tmp3],2 // LSB
61 dep $X[$i&0xf]=$X[$i&0xf],tmp2,8,8 };;
62___
63if ($i<15) {
64 $code.=<<___;
65{ .mmi; ld1 $X[($i+1)&0xf]=[inp],2 // +1
66 dep tmp1=tmp0,tmp4,8,8 };;
67{ .mmi; ld1 tmp2=[tmp3],2 // +1
68 and tmp4=$c,$b
69 dep $X[$i&0xf]=$X[$i&0xf],tmp1,16,16 } //;;
70{ .mmi; andcm tmp1=$d,$b
71 add tmp0=$e,$K_00_19
72 dep.z tmp5=$a,5,27 };; // a<<5
73{ .mmi; or tmp4=tmp4,tmp1 // F_00_19(b,c,d)=(b&c)|(~b&d)
74 add $f=tmp0,$X[$i&0xf] // f=xi+e+K_00_19
75 extr.u tmp1=$a,27,5 };; // a>>27
76{ .mmi; ld1 tmp0=[inp],2 // +1
77 add $f=$f,tmp4 // f+=F_00_19(b,c,d)
78 shrp $b=tmp6,tmp6,2 } // b=ROTATE(b,30)
79{ .mmi; ld1 tmp4=[tmp3],2 // +1
80 or tmp5=tmp1,tmp5 // ROTATE(a,5)
81 mux2 tmp6=$a,0x44 };; // see b in next iteration
82{ .mii; add $f=$f,tmp5 // f+=ROTATE(a,5)
83 dep $X[($i+1)&0xf]=$X[($i+1)&0xf],tmp2,8,8 // +1
84 mux2 $X[$i&0xf]=$X[$i&0xf],0x44 } //;;
85
86___
87 }
88else {
89 $code.=<<___;
90{ .mii; and tmp3=$c,$b
91 dep tmp1=tmp0,tmp4,8,8;;
92 dep $X[$i&0xf]=$X[$i&0xf],tmp1,16,16 } //;;
93{ .mmi; andcm tmp1=$d,$b
94 add tmp0=$e,$K_00_19
95 dep.z tmp5=$a,5,27 };; // a<<5
96{ .mmi; or tmp4=tmp3,tmp1 // F_00_19(b,c,d)=(b&c)|(~b&d)
97 add $f=tmp0,$X[$i&0xf] // f=xi+e+K_00_19
98 extr.u tmp1=$a,27,5 } // a>>27
99{ .mmi; xor tmp2=$X[($i+0+1)&0xf],$X[($i+2+1)&0xf] // +1
100 xor tmp3=$X[($i+8+1)&0xf],$X[($i+13+1)&0xf] // +1
101 nop.i 0 };;
102{ .mmi; add $f=$f,tmp4 // f+=F_00_19(b,c,d)
103 xor tmp2=tmp2,tmp3 // +1
104 shrp $b=tmp6,tmp6,2 } // b=ROTATE(b,30)
105{ .mmi; or tmp1=tmp1,tmp5 // ROTATE(a,5)
106 mux2 tmp6=$a,0x44 };; // see b in next iteration
107{ .mii; add $f=$f,tmp1 // f+=ROTATE(a,5)
108 shrp $e=tmp2,tmp2,31 // f+1=ROTATE(x[0]^x[2]^x[8]^x[13],1)
109 mux2 $X[$i&0xf]=$X[$i&0xf],0x44 };;
110
111___
112 }
113}
114
115sub BODY_16_19 {
116local *code=shift;
117local ($i,$a,$b,$c,$d,$e,$f)=@_;
118
119$code.=<<___;
120{ .mmi; mov $X[$i&0xf]=$f // Xupdate
121 and tmp0=$c,$b
122 dep.z tmp5=$a,5,27 } // a<<5
123{ .mmi; andcm tmp1=$d,$b
124 add tmp4=$e,$K_00_19 };;
125{ .mmi; or tmp0=tmp0,tmp1 // F_00_19(b,c,d)=(b&c)|(~b&d)
126 add $f=$f,tmp4 // f+=e+K_00_19
127 extr.u tmp1=$a,27,5 } // a>>27
128{ .mmi; xor tmp2=$X[($i+0+1)&0xf],$X[($i+2+1)&0xf] // +1
129 xor tmp3=$X[($i+8+1)&0xf],$X[($i+13+1)&0xf] // +1
130 nop.i 0 };;
131{ .mmi; add $f=$f,tmp0 // f+=F_00_19(b,c,d)
132 xor tmp2=tmp2,tmp3 // +1
133 shrp $b=tmp6,tmp6,2 } // b=ROTATE(b,30)
134{ .mmi; or tmp1=tmp1,tmp5 // ROTATE(a,5)
135 mux2 tmp6=$a,0x44 };; // see b in next iteration
136{ .mii; add $f=$f,tmp1 // f+=ROTATE(a,5)
137 shrp $e=tmp2,tmp2,31 // f+1=ROTATE(x[0]^x[2]^x[8]^x[13],1)
138 nop.i 0 };;
139
140___
141}
142
143sub BODY_20_39 {
144local *code=shift;
145local ($i,$a,$b,$c,$d,$e,$f,$Konst)=@_;
146 $Konst = $K_20_39 if (!defined($Konst));
147
148if ($i<79) {
149$code.=<<___;
150{ .mib; mov $X[$i&0xf]=$f // Xupdate
151 dep.z tmp5=$a,5,27 } // a<<5
152{ .mib; xor tmp0=$c,$b
153 add tmp4=$e,$Konst };;
154{ .mmi; xor tmp0=tmp0,$d // F_20_39(b,c,d)=b^c^d
155 add $f=$f,tmp4 // f+=e+K_20_39
156 extr.u tmp1=$a,27,5 } // a>>27
157{ .mmi; xor tmp2=$X[($i+0+1)&0xf],$X[($i+2+1)&0xf] // +1
158 xor tmp3=$X[($i+8+1)&0xf],$X[($i+13+1)&0xf] // +1
159 nop.i 0 };;
160{ .mmi; add $f=$f,tmp0 // f+=F_20_39(b,c,d)
161 xor tmp2=tmp2,tmp3 // +1
162 shrp $b=tmp6,tmp6,2 } // b=ROTATE(b,30)
163{ .mmi; or tmp1=tmp1,tmp5 // ROTATE(a,5)
164 mux2 tmp6=$a,0x44 };; // see b in next iteration
165{ .mii; add $f=$f,tmp1 // f+=ROTATE(a,5)
166 shrp $e=tmp2,tmp2,31 // f+1=ROTATE(x[0]^x[2]^x[8]^x[13],1)
167 nop.i 0 };;
168
169___
170}
171else {
172$code.=<<___;
173{ .mib; mov $X[$i&0xf]=$f // Xupdate
174 dep.z tmp5=$a,5,27 } // a<<5
175{ .mib; xor tmp0=$c,$b
176 add tmp4=$e,$Konst };;
177{ .mib; xor tmp0=tmp0,$d // F_20_39(b,c,d)=b^c^d
178 extr.u tmp1=$a,27,5 } // a>>27
179{ .mib; add $f=$f,tmp4 // f+=e+K_20_39
180 add $h1=$h1,$a };; // wrap up
181{ .mmi; add $f=$f,tmp0 // f+=F_20_39(b,c,d)
182 shrp $b=tmp6,tmp6,2 } // b=ROTATE(b,30) ;;?
183{ .mmi; or tmp1=tmp1,tmp5 // ROTATE(a,5)
184 add $h3=$h3,$c };; // wrap up
185{ .mib; add tmp3=1,inp // used in unaligned codepath
186 add $f=$f,tmp1 } // f+=ROTATE(a,5)
187{ .mib; add $h2=$h2,$b // wrap up
188 add $h4=$h4,$d };; // wrap up
189
190___
191}
192}
193
194sub BODY_40_59 {
195local *code=shift;
196local ($i,$a,$b,$c,$d,$e,$f)=@_;
197
198$code.=<<___;
199{ .mmi; mov $X[$i&0xf]=$f // Xupdate
200 and tmp0=$c,$b
201 dep.z tmp5=$a,5,27 } // a<<5
202{ .mmi; and tmp1=$d,$b
203 add tmp4=$e,$K_40_59 };;
204{ .mmi; or tmp0=tmp0,tmp1 // (b&c)|(b&d)
205 add $f=$f,tmp4 // f+=e+K_40_59
206 extr.u tmp1=$a,27,5 } // a>>27
207{ .mmi; and tmp4=$c,$d
208 xor tmp2=$X[($i+0+1)&0xf],$X[($i+2+1)&0xf] // +1
209 xor tmp3=$X[($i+8+1)&0xf],$X[($i+13+1)&0xf] // +1
210 };;
211{ .mmi; or tmp1=tmp1,tmp5 // ROTATE(a,5)
212 xor tmp2=tmp2,tmp3 // +1
213 shrp $b=tmp6,tmp6,2 } // b=ROTATE(b,30)
214{ .mmi; or tmp0=tmp0,tmp4 // F_40_59(b,c,d)=(b&c)|(b&d)|(c&d)
215 mux2 tmp6=$a,0x44 };; // see b in next iteration
216{ .mii; add $f=$f,tmp0 // f+=F_40_59(b,c,d)
217 shrp $e=tmp2,tmp2,31;; // f+1=ROTATE(x[0]^x[2]^x[8]^x[13],1)
218 add $f=$f,tmp1 };; // f+=ROTATE(a,5)
219
220___
221}
222sub BODY_60_79 { &BODY_20_39(@_,$K_60_79); }
223
224$code.=<<___;
225.text
226
227tmp0=r8;
228tmp1=r9;
229tmp2=r10;
230tmp3=r11;
231ctx=r32; // in0
232inp=r33; // in1
233
234// void sha1_block_data_order(SHA_CTX *c,const void *p,size_t num);
235.global sha1_block_data_order#
236.proc sha1_block_data_order#
237.align 32
238sha1_block_data_order:
239 .prologue
240{ .mmi; alloc tmp1=ar.pfs,3,15,0,0
241 $ADDP tmp0=4,ctx
242 .save ar.lc,r3
243 mov r3=ar.lc }
244{ .mmi; $ADDP ctx=0,ctx
245 $ADDP inp=0,inp
246 mov r2=pr };;
247tmp4=in2;
248tmp5=loc13;
249tmp6=loc14;
250 .body
251{ .mlx; ld4 $h0=[ctx],8
252 movl $K_00_19=0x5a827999 }
253{ .mlx; ld4 $h1=[tmp0],8
254 movl $K_20_39=0x6ed9eba1 };;
255{ .mlx; ld4 $h2=[ctx],8
256 movl $K_40_59=0x8f1bbcdc }
257{ .mlx; ld4 $h3=[tmp0]
258 movl $K_60_79=0xca62c1d6 };;
259{ .mmi; ld4 $h4=[ctx],-16
260 add in2=-1,in2 // adjust num for ar.lc
261 mov ar.ec=1 };;
262{ .mmi; nop.m 0
263 add tmp3=1,inp
264 mov ar.lc=in2 };; // brp.loop.imp: too far
265
266.Ldtop:
267{ .mmi; mov $A=$h0
268 mov $B=$h1
269 mux2 tmp6=$h1,0x44 }
270{ .mmi; mov $C=$h2
271 mov $D=$h3
272 mov $E=$h4 };;
273
274___
275
276{ my $i,@V=($A,$B,$C,$D,$E,$T);
277
278 for($i=0;$i<16;$i++) { &BODY_00_15(\$code,$i,@V); unshift(@V,pop(@V)); }
279 for(;$i<20;$i++) { &BODY_16_19(\$code,$i,@V); unshift(@V,pop(@V)); }
280 for(;$i<40;$i++) { &BODY_20_39(\$code,$i,@V); unshift(@V,pop(@V)); }
281 for(;$i<60;$i++) { &BODY_40_59(\$code,$i,@V); unshift(@V,pop(@V)); }
282 for(;$i<80;$i++) { &BODY_60_79(\$code,$i,@V); unshift(@V,pop(@V)); }
283
284 (($V[5] eq $D) and ($V[0] eq $E)) or die; # double-check
285}
286
287$code.=<<___;
288{ .mmb; add $h0=$h0,$E
289 nop.m 0
290 br.ctop.dptk.many .Ldtop };;
291.Ldend:
292{ .mmi; add tmp0=4,ctx
293 mov ar.lc=r3 };;
294{ .mmi; st4 [ctx]=$h0,8
295 st4 [tmp0]=$h1,8 };;
296{ .mmi; st4 [ctx]=$h2,8
297 st4 [tmp0]=$h3 };;
298{ .mib; st4 [ctx]=$h4,-16
299 mov pr=r2,0x1ffff
300 br.ret.sptk.many b0 };;
301.endp sha1_block_data_order#
302stringz "SHA1 block transform for IA64, CRYPTOGAMS by <appro\@openssl.org>"
303___
304
305print $code;
diff --git a/src/lib/libcrypto/sha/asm/sha1-x86_64.pl b/src/lib/libcrypto/sha/asm/sha1-x86_64.pl
new file mode 100755
index 0000000000..f7ed67a726
--- /dev/null
+++ b/src/lib/libcrypto/sha/asm/sha1-x86_64.pl
@@ -0,0 +1,242 @@
1#!/usr/bin/env perl
2#
3# ====================================================================
4# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
5# project. The module is, however, dual licensed under OpenSSL and
6# CRYPTOGAMS licenses depending on where you obtain it. For further
7# details see http://www.openssl.org/~appro/cryptogams/.
8# ====================================================================
9#
10# sha1_block procedure for x86_64.
11#
12# It was brought to my attention that on EM64T compiler-generated code
13# was far behind 32-bit assembler implementation. This is unlike on
14# Opteron where compiler-generated code was only 15% behind 32-bit
15# assembler, which originally made it hard to motivate the effort.
16# There was suggestion to mechanically translate 32-bit code, but I
17# dismissed it, reasoning that x86_64 offers enough register bank
18# capacity to fully utilize SHA-1 parallelism. Therefore this fresh
19# implementation:-) However! While 64-bit code does performs better
20# on Opteron, I failed to beat 32-bit assembler on EM64T core. Well,
21# x86_64 does offer larger *addressable* bank, but out-of-order core
22# reaches for even more registers through dynamic aliasing, and EM64T
23# core must have managed to run-time optimize even 32-bit code just as
24# good as 64-bit one. Performance improvement is summarized in the
25# following table:
26#
27# gcc 3.4 32-bit asm cycles/byte
28# Opteron +45% +20% 6.8
29# Xeon P4 +65% +0% 9.9
30# Core2 +60% +10% 7.0
31
32$output=shift;
33
34$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
35( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
36( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
37die "can't locate x86_64-xlate.pl";
38
39open STDOUT,"| $^X $xlate $output";
40
41$ctx="%rdi"; # 1st arg
42$inp="%rsi"; # 2nd arg
43$num="%rdx"; # 3rd arg
44
45# reassign arguments in order to produce more compact code
46$ctx="%r8";
47$inp="%r9";
48$num="%r10";
49
50$xi="%eax";
51$t0="%ebx";
52$t1="%ecx";
53$A="%edx";
54$B="%esi";
55$C="%edi";
56$D="%ebp";
57$E="%r11d";
58$T="%r12d";
59
60@V=($A,$B,$C,$D,$E,$T);
61
62sub PROLOGUE {
63my $func=shift;
64$code.=<<___;
65.globl $func
66.type $func,\@function,3
67.align 16
68$func:
69 push %rbx
70 push %rbp
71 push %r12
72 mov %rsp,%rax
73 mov %rdi,$ctx # reassigned argument
74 sub \$`8+16*4`,%rsp
75 mov %rsi,$inp # reassigned argument
76 and \$-64,%rsp
77 mov %rdx,$num # reassigned argument
78 mov %rax,`16*4`(%rsp)
79
80 mov 0($ctx),$A
81 mov 4($ctx),$B
82 mov 8($ctx),$C
83 mov 12($ctx),$D
84 mov 16($ctx),$E
85___
86}
87
88sub EPILOGUE {
89my $func=shift;
90$code.=<<___;
91 mov `16*4`(%rsp),%rsp
92 pop %r12
93 pop %rbp
94 pop %rbx
95 ret
96.size $func,.-$func
97___
98}
99
100sub BODY_00_19 {
101my ($i,$a,$b,$c,$d,$e,$f,$host)=@_;
102my $j=$i+1;
103$code.=<<___ if ($i==0);
104 mov `4*$i`($inp),$xi
105 `"bswap $xi" if(!defined($host))`
106 mov $xi,`4*$i`(%rsp)
107___
108$code.=<<___ if ($i<15);
109 lea 0x5a827999($xi,$e),$f
110 mov $c,$t0
111 mov `4*$j`($inp),$xi
112 mov $a,$e
113 xor $d,$t0
114 `"bswap $xi" if(!defined($host))`
115 rol \$5,$e
116 and $b,$t0
117 mov $xi,`4*$j`(%rsp)
118 add $e,$f
119 xor $d,$t0
120 rol \$30,$b
121 add $t0,$f
122___
123$code.=<<___ if ($i>=15);
124 lea 0x5a827999($xi,$e),$f
125 mov `4*($j%16)`(%rsp),$xi
126 mov $c,$t0
127 mov $a,$e
128 xor `4*(($j+2)%16)`(%rsp),$xi
129 xor $d,$t0
130 rol \$5,$e
131 xor `4*(($j+8)%16)`(%rsp),$xi
132 and $b,$t0
133 add $e,$f
134 xor `4*(($j+13)%16)`(%rsp),$xi
135 xor $d,$t0
136 rol \$30,$b
137 add $t0,$f
138 rol \$1,$xi
139 mov $xi,`4*($j%16)`(%rsp)
140___
141}
142
143sub BODY_20_39 {
144my ($i,$a,$b,$c,$d,$e,$f)=@_;
145my $j=$i+1;
146my $K=($i<40)?0x6ed9eba1:0xca62c1d6;
147$code.=<<___ if ($i<79);
148 lea $K($xi,$e),$f
149 mov `4*($j%16)`(%rsp),$xi
150 mov $c,$t0
151 mov $a,$e
152 xor `4*(($j+2)%16)`(%rsp),$xi
153 xor $b,$t0
154 rol \$5,$e
155 xor `4*(($j+8)%16)`(%rsp),$xi
156 xor $d,$t0
157 add $e,$f
158 xor `4*(($j+13)%16)`(%rsp),$xi
159 rol \$30,$b
160 add $t0,$f
161 rol \$1,$xi
162___
163$code.=<<___ if ($i<76);
164 mov $xi,`4*($j%16)`(%rsp)
165___
166$code.=<<___ if ($i==79);
167 lea $K($xi,$e),$f
168 mov $c,$t0
169 mov $a,$e
170 xor $b,$t0
171 rol \$5,$e
172 xor $d,$t0
173 add $e,$f
174 rol \$30,$b
175 add $t0,$f
176___
177}
178
179sub BODY_40_59 {
180my ($i,$a,$b,$c,$d,$e,$f)=@_;
181my $j=$i+1;
182$code.=<<___;
183 lea 0x8f1bbcdc($xi,$e),$f
184 mov `4*($j%16)`(%rsp),$xi
185 mov $b,$t0
186 mov $b,$t1
187 xor `4*(($j+2)%16)`(%rsp),$xi
188 mov $a,$e
189 and $c,$t0
190 xor `4*(($j+8)%16)`(%rsp),$xi
191 or $c,$t1
192 rol \$5,$e
193 xor `4*(($j+13)%16)`(%rsp),$xi
194 and $d,$t1
195 add $e,$f
196 rol \$1,$xi
197 or $t1,$t0
198 rol \$30,$b
199 mov $xi,`4*($j%16)`(%rsp)
200 add $t0,$f
201___
202}
203
204$code=".text\n";
205
206&PROLOGUE("sha1_block_data_order");
207$code.=".align 4\n.Lloop:\n";
208for($i=0;$i<20;$i++) { &BODY_00_19($i,@V); unshift(@V,pop(@V)); }
209for(;$i<40;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
210for(;$i<60;$i++) { &BODY_40_59($i,@V); unshift(@V,pop(@V)); }
211for(;$i<80;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
212$code.=<<___;
213 add 0($ctx),$E
214 add 4($ctx),$T
215 add 8($ctx),$A
216 add 12($ctx),$B
217 add 16($ctx),$C
218 mov $E,0($ctx)
219 mov $T,4($ctx)
220 mov $A,8($ctx)
221 mov $B,12($ctx)
222 mov $C,16($ctx)
223
224 xchg $E,$A # mov $E,$A
225 xchg $T,$B # mov $T,$B
226 xchg $E,$C # mov $A,$C
227 xchg $T,$D # mov $B,$D
228 # mov $C,$E
229 lea `16*4`($inp),$inp
230 sub \$1,$num
231 jnz .Lloop
232___
233&EPILOGUE("sha1_block_data_order");
234$code.=<<___;
235.asciz "SHA1 block transform for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
236___
237
238####################################################################
239
240$code =~ s/\`([^\`]*)\`/eval $1/gem;
241print $code;
242close STDOUT;
diff --git a/src/lib/libcrypto/sha/asm/sha512-ia64.pl b/src/lib/libcrypto/sha/asm/sha512-ia64.pl
new file mode 100755
index 0000000000..1c6ce56522
--- /dev/null
+++ b/src/lib/libcrypto/sha/asm/sha512-ia64.pl
@@ -0,0 +1,672 @@
1#!/usr/bin/env perl
2#
3# ====================================================================
4# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
5# project. The module is, however, dual licensed under OpenSSL and
6# CRYPTOGAMS licenses depending on where you obtain it. For further
7# details see http://www.openssl.org/~appro/cryptogams/.
8# ====================================================================
9#
10# SHA256/512_Transform for Itanium.
11#
12# sha512_block runs in 1003 cycles on Itanium 2, which is almost 50%
13# faster than gcc and >60%(!) faster than code generated by HP-UX
14# compiler (yes, HP-UX is generating slower code, because unlike gcc,
15# it failed to deploy "shift right pair," 'shrp' instruction, which
16# substitutes for 64-bit rotate).
17#
18# 924 cycles long sha256_block outperforms gcc by over factor of 2(!)
19# and HP-UX compiler - by >40% (yes, gcc won sha512_block, but lost
20# this one big time). Note that "formally" 924 is about 100 cycles
21# too much. I mean it's 64 32-bit rounds vs. 80 virtually identical
22# 64-bit ones and 1003*64/80 gives 802. Extra cycles, 2 per round,
23# are spent on extra work to provide for 32-bit rotations. 32-bit
24# rotations are still handled by 'shrp' instruction and for this
25# reason lower 32 bits are deposited to upper half of 64-bit register
26# prior 'shrp' issue. And in order to minimize the amount of such
27# operations, X[16] values are *maintained* with copies of lower
28# halves in upper halves, which is why you'll spot such instructions
29# as custom 'mux2', "parallel 32-bit add," 'padd4' and "parallel
30# 32-bit unsigned right shift," 'pshr4.u' instructions here.
31#
32# Rules of engagement.
33#
34# There is only one integer shifter meaning that if I have two rotate,
35# deposit or extract instructions in adjacent bundles, they shall
36# split [at run-time if they have to]. But note that variable and
37# parallel shifts are performed by multi-media ALU and *are* pairable
38# with rotates [and alike]. On the backside MMALU is rather slow: it
39# takes 2 extra cycles before the result of integer operation is
40# available *to* MMALU and 2(*) extra cycles before the result of MM
41# operation is available "back" *to* integer ALU, not to mention that
42# MMALU itself has 2 cycles latency. However! I explicitly scheduled
43# these MM instructions to avoid MM stalls, so that all these extra
44# latencies get "hidden" in instruction-level parallelism.
45#
46# (*) 2 cycles on Itanium 1 and 1 cycle on Itanium 2. But I schedule
47# for 2 in order to provide for best *overall* performance,
48# because on Itanium 1 stall on MM result is accompanied by
49# pipeline flush, which takes 6 cycles:-(
50#
51# Resulting performance numbers for 900MHz Itanium 2 system:
52#
53# The 'numbers' are in 1000s of bytes per second processed.
54# type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
55# sha1(*) 6210.14k 20376.30k 52447.83k 85870.05k 105478.12k
56# sha256 7476.45k 20572.05k 41538.34k 56062.29k 62093.18k
57# sha512 4996.56k 20026.28k 47597.20k 85278.79k 111501.31k
58#
59# (*) SHA1 numbers are for HP-UX compiler and are presented purely
60# for reference purposes. I bet it can improved too...
61#
62# To generate code, pass the file name with either 256 or 512 in its
63# name and compiler flags.
64
65$output=shift;
66
67if ($output =~ /512.*\.[s|asm]/) {
68 $SZ=8;
69 $BITS=8*$SZ;
70 $LDW="ld8";
71 $STW="st8";
72 $ADD="add";
73 $SHRU="shr.u";
74 $TABLE="K512";
75 $func="sha512_block_data_order";
76 @Sigma0=(28,34,39);
77 @Sigma1=(14,18,41);
78 @sigma0=(1, 8, 7);
79 @sigma1=(19,61, 6);
80 $rounds=80;
81} elsif ($output =~ /256.*\.[s|asm]/) {
82 $SZ=4;
83 $BITS=8*$SZ;
84 $LDW="ld4";
85 $STW="st4";
86 $ADD="padd4";
87 $SHRU="pshr4.u";
88 $TABLE="K256";
89 $func="sha256_block_data_order";
90 @Sigma0=( 2,13,22);
91 @Sigma1=( 6,11,25);
92 @sigma0=( 7,18, 3);
93 @sigma1=(17,19,10);
94 $rounds=64;
95} else { die "nonsense $output"; }
96
97open STDOUT,">$output" || die "can't open $output: $!";
98
99if ($^O eq "hpux") {
100 $ADDP="addp4";
101 for (@ARGV) { $ADDP="add" if (/[\+DD|\-mlp]64/); }
102} else { $ADDP="add"; }
103for (@ARGV) { $big_endian=1 if (/\-DB_ENDIAN/);
104 $big_endian=0 if (/\-DL_ENDIAN/); }
105if (!defined($big_endian))
106 { $big_endian=(unpack('L',pack('N',1))==1); }
107
108$code=<<___;
109.ident \"$output, version 1.1\"
110.ident \"IA-64 ISA artwork by Andy Polyakov <appro\@fy.chalmers.se>\"
111.explicit
112.text
113
114pfssave=r2;
115lcsave=r3;
116prsave=r14;
117K=r15;
118A=r16; B=r17; C=r18; D=r19;
119E=r20; F=r21; G=r22; H=r23;
120T1=r24; T2=r25;
121s0=r26; s1=r27; t0=r28; t1=r29;
122Ktbl=r30;
123ctx=r31; // 1st arg
124input=r48; // 2nd arg
125num=r49; // 3rd arg
126sgm0=r50; sgm1=r51; // small constants
127A_=r54; B_=r55; C_=r56; D_=r57;
128E_=r58; F_=r59; G_=r60; H_=r61;
129
130// void $func (SHA_CTX *ctx, const void *in,size_t num[,int host])
131.global $func#
132.proc $func#
133.align 32
134$func:
135 .prologue
136 .save ar.pfs,pfssave
137{ .mmi; alloc pfssave=ar.pfs,3,27,0,16
138 $ADDP ctx=0,r32 // 1st arg
139 .save ar.lc,lcsave
140 mov lcsave=ar.lc }
141{ .mmi; $ADDP input=0,r33 // 2nd arg
142 mov num=r34 // 3rd arg
143 .save pr,prsave
144 mov prsave=pr };;
145
146 .body
147{ .mib; add r8=0*$SZ,ctx
148 add r9=1*$SZ,ctx
149 brp.loop.imp .L_first16,.L_first16_end-16 }
150{ .mib; add r10=2*$SZ,ctx
151 add r11=3*$SZ,ctx
152 brp.loop.imp .L_rest,.L_rest_end-16 };;
153
154// load A-H
155.Lpic_point:
156{ .mmi; $LDW A_=[r8],4*$SZ
157 $LDW B_=[r9],4*$SZ
158 mov Ktbl=ip }
159{ .mmi; $LDW C_=[r10],4*$SZ
160 $LDW D_=[r11],4*$SZ
161 mov sgm0=$sigma0[2] };;
162{ .mmi; $LDW E_=[r8]
163 $LDW F_=[r9]
164 add Ktbl=($TABLE#-.Lpic_point),Ktbl }
165{ .mmi; $LDW G_=[r10]
166 $LDW H_=[r11]
167 cmp.ne p0,p16=0,r0 };; // used in sha256_block
168___
169$code.=<<___ if ($BITS==64);
170{ .mii; and r8=7,input
171 and input=~7,input;;
172 cmp.eq p9,p0=1,r8 }
173{ .mmi; cmp.eq p10,p0=2,r8
174 cmp.eq p11,p0=3,r8
175 cmp.eq p12,p0=4,r8 }
176{ .mmi; cmp.eq p13,p0=5,r8
177 cmp.eq p14,p0=6,r8
178 cmp.eq p15,p0=7,r8 };;
179___
180$code.=<<___;
181.L_outer:
182.rotr X[16]
183{ .mmi; mov A=A_
184 mov B=B_
185 mov ar.lc=14 }
186{ .mmi; mov C=C_
187 mov D=D_
188 mov E=E_ }
189{ .mmi; mov F=F_
190 mov G=G_
191 mov ar.ec=2 }
192{ .mmi; ld1 X[15]=[input],$SZ // eliminated in 64-bit
193 mov H=H_
194 mov sgm1=$sigma1[2] };;
195
196___
197$t0="t0", $t1="t1", $code.=<<___ if ($BITS==32);
198.align 32
199.L_first16:
200{ .mmi; add r9=1-$SZ,input
201 add r10=2-$SZ,input
202 add r11=3-$SZ,input };;
203{ .mmi; ld1 r9=[r9]
204 ld1 r10=[r10]
205 dep.z $t1=E,32,32 }
206{ .mmi; $LDW K=[Ktbl],$SZ
207 ld1 r11=[r11]
208 zxt4 E=E };;
209{ .mii; or $t1=$t1,E
210 dep X[15]=X[15],r9,8,8
211 dep r11=r10,r11,8,8 };;
212{ .mmi; and T1=F,E
213 and T2=A,B
214 dep X[15]=X[15],r11,16,16 }
215{ .mmi; andcm r8=G,E
216 and r9=A,C
217 mux2 $t0=A,0x44 };; // copy lower half to upper
218{ .mmi; (p16) ld1 X[15-1]=[input],$SZ // prefetch
219 xor T1=T1,r8 // T1=((e & f) ^ (~e & g))
220 _rotr r11=$t1,$Sigma1[0] } // ROTR(e,14)
221{ .mib; and r10=B,C
222 xor T2=T2,r9 };;
223___
224$t0="A", $t1="E", $code.=<<___ if ($BITS==64);
225// in 64-bit mode I load whole X[16] at once and take care of alignment...
226{ .mmi; add r8=1*$SZ,input
227 add r9=2*$SZ,input
228 add r10=3*$SZ,input };;
229{ .mmb; $LDW X[15]=[input],4*$SZ
230 $LDW X[14]=[r8],4*$SZ
231(p9) br.cond.dpnt.many .L1byte };;
232{ .mmb; $LDW X[13]=[r9],4*$SZ
233 $LDW X[12]=[r10],4*$SZ
234(p10) br.cond.dpnt.many .L2byte };;
235{ .mmb; $LDW X[11]=[input],4*$SZ
236 $LDW X[10]=[r8],4*$SZ
237(p11) br.cond.dpnt.many .L3byte };;
238{ .mmb; $LDW X[ 9]=[r9],4*$SZ
239 $LDW X[ 8]=[r10],4*$SZ
240(p12) br.cond.dpnt.many .L4byte };;
241{ .mmb; $LDW X[ 7]=[input],4*$SZ
242 $LDW X[ 6]=[r8],4*$SZ
243(p13) br.cond.dpnt.many .L5byte };;
244{ .mmb; $LDW X[ 5]=[r9],4*$SZ
245 $LDW X[ 4]=[r10],4*$SZ
246(p14) br.cond.dpnt.many .L6byte };;
247{ .mmb; $LDW X[ 3]=[input],4*$SZ
248 $LDW X[ 2]=[r8],4*$SZ
249(p15) br.cond.dpnt.many .L7byte };;
250{ .mmb; $LDW X[ 1]=[r9],4*$SZ
251 $LDW X[ 0]=[r10],4*$SZ
252 br.many .L_first16 };;
253.L1byte:
254{ .mmi; $LDW X[13]=[r9],4*$SZ
255 $LDW X[12]=[r10],4*$SZ
256 shrp X[15]=X[15],X[14],56 };;
257{ .mmi; $LDW X[11]=[input],4*$SZ
258 $LDW X[10]=[r8],4*$SZ
259 shrp X[14]=X[14],X[13],56 }
260{ .mmi; $LDW X[ 9]=[r9],4*$SZ
261 $LDW X[ 8]=[r10],4*$SZ
262 shrp X[13]=X[13],X[12],56 };;
263{ .mmi; $LDW X[ 7]=[input],4*$SZ
264 $LDW X[ 6]=[r8],4*$SZ
265 shrp X[12]=X[12],X[11],56 }
266{ .mmi; $LDW X[ 5]=[r9],4*$SZ
267 $LDW X[ 4]=[r10],4*$SZ
268 shrp X[11]=X[11],X[10],56 };;
269{ .mmi; $LDW X[ 3]=[input],4*$SZ
270 $LDW X[ 2]=[r8],4*$SZ
271 shrp X[10]=X[10],X[ 9],56 }
272{ .mmi; $LDW X[ 1]=[r9],4*$SZ
273 $LDW X[ 0]=[r10],4*$SZ
274 shrp X[ 9]=X[ 9],X[ 8],56 };;
275{ .mii; $LDW T1=[input]
276 shrp X[ 8]=X[ 8],X[ 7],56
277 shrp X[ 7]=X[ 7],X[ 6],56 }
278{ .mii; shrp X[ 6]=X[ 6],X[ 5],56
279 shrp X[ 5]=X[ 5],X[ 4],56 };;
280{ .mii; shrp X[ 4]=X[ 4],X[ 3],56
281 shrp X[ 3]=X[ 3],X[ 2],56 }
282{ .mii; shrp X[ 2]=X[ 2],X[ 1],56
283 shrp X[ 1]=X[ 1],X[ 0],56 }
284{ .mib; shrp X[ 0]=X[ 0],T1,56
285 br.many .L_first16 };;
286.L2byte:
287{ .mmi; $LDW X[11]=[input],4*$SZ
288 $LDW X[10]=[r8],4*$SZ
289 shrp X[15]=X[15],X[14],48 }
290{ .mmi; $LDW X[ 9]=[r9],4*$SZ
291 $LDW X[ 8]=[r10],4*$SZ
292 shrp X[14]=X[14],X[13],48 };;
293{ .mmi; $LDW X[ 7]=[input],4*$SZ
294 $LDW X[ 6]=[r8],4*$SZ
295 shrp X[13]=X[13],X[12],48 }
296{ .mmi; $LDW X[ 5]=[r9],4*$SZ
297 $LDW X[ 4]=[r10],4*$SZ
298 shrp X[12]=X[12],X[11],48 };;
299{ .mmi; $LDW X[ 3]=[input],4*$SZ
300 $LDW X[ 2]=[r8],4*$SZ
301 shrp X[11]=X[11],X[10],48 }
302{ .mmi; $LDW X[ 1]=[r9],4*$SZ
303 $LDW X[ 0]=[r10],4*$SZ
304 shrp X[10]=X[10],X[ 9],48 };;
305{ .mii; $LDW T1=[input]
306 shrp X[ 9]=X[ 9],X[ 8],48
307 shrp X[ 8]=X[ 8],X[ 7],48 }
308{ .mii; shrp X[ 7]=X[ 7],X[ 6],48
309 shrp X[ 6]=X[ 6],X[ 5],48 };;
310{ .mii; shrp X[ 5]=X[ 5],X[ 4],48
311 shrp X[ 4]=X[ 4],X[ 3],48 }
312{ .mii; shrp X[ 3]=X[ 3],X[ 2],48
313 shrp X[ 2]=X[ 2],X[ 1],48 }
314{ .mii; shrp X[ 1]=X[ 1],X[ 0],48
315 shrp X[ 0]=X[ 0],T1,48 }
316{ .mfb; br.many .L_first16 };;
317.L3byte:
318{ .mmi; $LDW X[ 9]=[r9],4*$SZ
319 $LDW X[ 8]=[r10],4*$SZ
320 shrp X[15]=X[15],X[14],40 };;
321{ .mmi; $LDW X[ 7]=[input],4*$SZ
322 $LDW X[ 6]=[r8],4*$SZ
323 shrp X[14]=X[14],X[13],40 }
324{ .mmi; $LDW X[ 5]=[r9],4*$SZ
325 $LDW X[ 4]=[r10],4*$SZ
326 shrp X[13]=X[13],X[12],40 };;
327{ .mmi; $LDW X[ 3]=[input],4*$SZ
328 $LDW X[ 2]=[r8],4*$SZ
329 shrp X[12]=X[12],X[11],40 }
330{ .mmi; $LDW X[ 1]=[r9],4*$SZ
331 $LDW X[ 0]=[r10],4*$SZ
332 shrp X[11]=X[11],X[10],40 };;
333{ .mii; $LDW T1=[input]
334 shrp X[10]=X[10],X[ 9],40
335 shrp X[ 9]=X[ 9],X[ 8],40 }
336{ .mii; shrp X[ 8]=X[ 8],X[ 7],40
337 shrp X[ 7]=X[ 7],X[ 6],40 };;
338{ .mii; shrp X[ 6]=X[ 6],X[ 5],40
339 shrp X[ 5]=X[ 5],X[ 4],40 }
340{ .mii; shrp X[ 4]=X[ 4],X[ 3],40
341 shrp X[ 3]=X[ 3],X[ 2],40 }
342{ .mii; shrp X[ 2]=X[ 2],X[ 1],40
343 shrp X[ 1]=X[ 1],X[ 0],40 }
344{ .mib; shrp X[ 0]=X[ 0],T1,40
345 br.many .L_first16 };;
346.L4byte:
347{ .mmi; $LDW X[ 7]=[input],4*$SZ
348 $LDW X[ 6]=[r8],4*$SZ
349 shrp X[15]=X[15],X[14],32 }
350{ .mmi; $LDW X[ 5]=[r9],4*$SZ
351 $LDW X[ 4]=[r10],4*$SZ
352 shrp X[14]=X[14],X[13],32 };;
353{ .mmi; $LDW X[ 3]=[input],4*$SZ
354 $LDW X[ 2]=[r8],4*$SZ
355 shrp X[13]=X[13],X[12],32 }
356{ .mmi; $LDW X[ 1]=[r9],4*$SZ
357 $LDW X[ 0]=[r10],4*$SZ
358 shrp X[12]=X[12],X[11],32 };;
359{ .mii; $LDW T1=[input]
360 shrp X[11]=X[11],X[10],32
361 shrp X[10]=X[10],X[ 9],32 }
362{ .mii; shrp X[ 9]=X[ 9],X[ 8],32
363 shrp X[ 8]=X[ 8],X[ 7],32 };;
364{ .mii; shrp X[ 7]=X[ 7],X[ 6],32
365 shrp X[ 6]=X[ 6],X[ 5],32 }
366{ .mii; shrp X[ 5]=X[ 5],X[ 4],32
367 shrp X[ 4]=X[ 4],X[ 3],32 }
368{ .mii; shrp X[ 3]=X[ 3],X[ 2],32
369 shrp X[ 2]=X[ 2],X[ 1],32 }
370{ .mii; shrp X[ 1]=X[ 1],X[ 0],32
371 shrp X[ 0]=X[ 0],T1,32 }
372{ .mfb; br.many .L_first16 };;
373.L5byte:
374{ .mmi; $LDW X[ 5]=[r9],4*$SZ
375 $LDW X[ 4]=[r10],4*$SZ
376 shrp X[15]=X[15],X[14],24 };;
377{ .mmi; $LDW X[ 3]=[input],4*$SZ
378 $LDW X[ 2]=[r8],4*$SZ
379 shrp X[14]=X[14],X[13],24 }
380{ .mmi; $LDW X[ 1]=[r9],4*$SZ
381 $LDW X[ 0]=[r10],4*$SZ
382 shrp X[13]=X[13],X[12],24 };;
383{ .mii; $LDW T1=[input]
384 shrp X[12]=X[12],X[11],24
385 shrp X[11]=X[11],X[10],24 }
386{ .mii; shrp X[10]=X[10],X[ 9],24
387 shrp X[ 9]=X[ 9],X[ 8],24 };;
388{ .mii; shrp X[ 8]=X[ 8],X[ 7],24
389 shrp X[ 7]=X[ 7],X[ 6],24 }
390{ .mii; shrp X[ 6]=X[ 6],X[ 5],24
391 shrp X[ 5]=X[ 5],X[ 4],24 }
392{ .mii; shrp X[ 4]=X[ 4],X[ 3],24
393 shrp X[ 3]=X[ 3],X[ 2],24 }
394{ .mii; shrp X[ 2]=X[ 2],X[ 1],24
395 shrp X[ 1]=X[ 1],X[ 0],24 }
396{ .mib; shrp X[ 0]=X[ 0],T1,24
397 br.many .L_first16 };;
398.L6byte:
399{ .mmi; $LDW X[ 3]=[input],4*$SZ
400 $LDW X[ 2]=[r8],4*$SZ
401 shrp X[15]=X[15],X[14],16 }
402{ .mmi; $LDW X[ 1]=[r9],4*$SZ
403 $LDW X[ 0]=[r10],4*$SZ
404 shrp X[14]=X[14],X[13],16 };;
405{ .mii; $LDW T1=[input]
406 shrp X[13]=X[13],X[12],16
407 shrp X[12]=X[12],X[11],16 }
408{ .mii; shrp X[11]=X[11],X[10],16
409 shrp X[10]=X[10],X[ 9],16 };;
410{ .mii; shrp X[ 9]=X[ 9],X[ 8],16
411 shrp X[ 8]=X[ 8],X[ 7],16 }
412{ .mii; shrp X[ 7]=X[ 7],X[ 6],16
413 shrp X[ 6]=X[ 6],X[ 5],16 }
414{ .mii; shrp X[ 5]=X[ 5],X[ 4],16
415 shrp X[ 4]=X[ 4],X[ 3],16 }
416{ .mii; shrp X[ 3]=X[ 3],X[ 2],16
417 shrp X[ 2]=X[ 2],X[ 1],16 }
418{ .mii; shrp X[ 1]=X[ 1],X[ 0],16
419 shrp X[ 0]=X[ 0],T1,16 }
420{ .mfb; br.many .L_first16 };;
421.L7byte:
422{ .mmi; $LDW X[ 1]=[r9],4*$SZ
423 $LDW X[ 0]=[r10],4*$SZ
424 shrp X[15]=X[15],X[14],8 };;
425{ .mii; $LDW T1=[input]
426 shrp X[14]=X[14],X[13],8
427 shrp X[13]=X[13],X[12],8 }
428{ .mii; shrp X[12]=X[12],X[11],8
429 shrp X[11]=X[11],X[10],8 };;
430{ .mii; shrp X[10]=X[10],X[ 9],8
431 shrp X[ 9]=X[ 9],X[ 8],8 }
432{ .mii; shrp X[ 8]=X[ 8],X[ 7],8
433 shrp X[ 7]=X[ 7],X[ 6],8 }
434{ .mii; shrp X[ 6]=X[ 6],X[ 5],8
435 shrp X[ 5]=X[ 5],X[ 4],8 }
436{ .mii; shrp X[ 4]=X[ 4],X[ 3],8
437 shrp X[ 3]=X[ 3],X[ 2],8 }
438{ .mii; shrp X[ 2]=X[ 2],X[ 1],8
439 shrp X[ 1]=X[ 1],X[ 0],8 }
440{ .mib; shrp X[ 0]=X[ 0],T1,8
441 br.many .L_first16 };;
442
443.align 32
444.L_first16:
445{ .mmi; $LDW K=[Ktbl],$SZ
446 and T1=F,E
447 and T2=A,B }
448{ .mmi; //$LDW X[15]=[input],$SZ // X[i]=*input++
449 andcm r8=G,E
450 and r9=A,C };;
451{ .mmi; xor T1=T1,r8 //T1=((e & f) ^ (~e & g))
452 and r10=B,C
453 _rotr r11=$t1,$Sigma1[0] } // ROTR(e,14)
454{ .mmi; xor T2=T2,r9
455 mux1 X[15]=X[15],\@rev };; // eliminated in big-endian
456___
457$code.=<<___;
458{ .mib; add T1=T1,H // T1=Ch(e,f,g)+h
459 _rotr r8=$t1,$Sigma1[1] } // ROTR(e,18)
460{ .mib; xor T2=T2,r10 // T2=((a & b) ^ (a & c) ^ (b & c))
461 mov H=G };;
462{ .mib; xor r11=r8,r11
463 _rotr r9=$t1,$Sigma1[2] } // ROTR(e,41)
464{ .mib; mov G=F
465 mov F=E };;
466{ .mib; xor r9=r9,r11 // r9=Sigma1(e)
467 _rotr r10=$t0,$Sigma0[0] } // ROTR(a,28)
468{ .mib; add T1=T1,K // T1=Ch(e,f,g)+h+K512[i]
469 mov E=D };;
470{ .mib; add T1=T1,r9 // T1+=Sigma1(e)
471 _rotr r11=$t0,$Sigma0[1] } // ROTR(a,34)
472{ .mib; mov D=C
473 mov C=B };;
474{ .mib; add T1=T1,X[15] // T1+=X[i]
475 _rotr r8=$t0,$Sigma0[2] } // ROTR(a,39)
476{ .mib; xor r10=r10,r11
477 mux2 X[15]=X[15],0x44 };; // eliminated in 64-bit
478{ .mmi; xor r10=r8,r10 // r10=Sigma0(a)
479 mov B=A
480 add A=T1,T2 };;
481{ .mib; add E=E,T1
482 add A=A,r10 // T2=Maj(a,b,c)+Sigma0(a)
483 br.ctop.sptk .L_first16 };;
484.L_first16_end:
485
486{ .mii; mov ar.lc=$rounds-17
487 mov ar.ec=1 };;
488
489.align 32
490.L_rest:
491.rotr X[16]
492{ .mib; $LDW K=[Ktbl],$SZ
493 _rotr r8=X[15-1],$sigma0[0] } // ROTR(s0,1)
494{ .mib; $ADD X[15]=X[15],X[15-9] // X[i&0xF]+=X[(i+9)&0xF]
495 $SHRU s0=X[15-1],sgm0 };; // s0=X[(i+1)&0xF]>>7
496{ .mib; and T1=F,E
497 _rotr r9=X[15-1],$sigma0[1] } // ROTR(s0,8)
498{ .mib; andcm r10=G,E
499 $SHRU s1=X[15-14],sgm1 };; // s1=X[(i+14)&0xF]>>6
500{ .mmi; xor T1=T1,r10 // T1=((e & f) ^ (~e & g))
501 xor r9=r8,r9
502 _rotr r10=X[15-14],$sigma1[0] };;// ROTR(s1,19)
503{ .mib; and T2=A,B
504 _rotr r11=X[15-14],$sigma1[1] }// ROTR(s1,61)
505{ .mib; and r8=A,C };;
506___
507$t0="t0", $t1="t1", $code.=<<___ if ($BITS==32);
508// I adhere to mmi; in order to hold Itanium 1 back and avoid 6 cycle
509// pipeline flush in last bundle. Note that even on Itanium2 the
510// latter stalls for one clock cycle...
511{ .mmi; xor s0=s0,r9 // s0=sigma0(X[(i+1)&0xF])
512 dep.z $t1=E,32,32 }
513{ .mmi; xor r10=r11,r10
514 zxt4 E=E };;
515{ .mmi; or $t1=$t1,E
516 xor s1=s1,r10 // s1=sigma1(X[(i+14)&0xF])
517 mux2 $t0=A,0x44 };; // copy lower half to upper
518{ .mmi; xor T2=T2,r8
519 _rotr r9=$t1,$Sigma1[0] } // ROTR(e,14)
520{ .mmi; and r10=B,C
521 add T1=T1,H // T1=Ch(e,f,g)+h
522 $ADD X[15]=X[15],s0 };; // X[i&0xF]+=sigma0(X[(i+1)&0xF])
523___
524$t0="A", $t1="E", $code.=<<___ if ($BITS==64);
525{ .mib; xor s0=s0,r9 // s0=sigma0(X[(i+1)&0xF])
526 _rotr r9=$t1,$Sigma1[0] } // ROTR(e,14)
527{ .mib; xor r10=r11,r10
528 xor T2=T2,r8 };;
529{ .mib; xor s1=s1,r10 // s1=sigma1(X[(i+14)&0xF])
530 add T1=T1,H }
531{ .mib; and r10=B,C
532 $ADD X[15]=X[15],s0 };; // X[i&0xF]+=sigma0(X[(i+1)&0xF])
533___
534$code.=<<___;
535{ .mmi; xor T2=T2,r10 // T2=((a & b) ^ (a & c) ^ (b & c))
536 mov H=G
537 _rotr r8=$t1,$Sigma1[1] };; // ROTR(e,18)
538{ .mmi; xor r11=r8,r9
539 $ADD X[15]=X[15],s1 // X[i&0xF]+=sigma1(X[(i+14)&0xF])
540 _rotr r9=$t1,$Sigma1[2] } // ROTR(e,41)
541{ .mmi; mov G=F
542 mov F=E };;
543{ .mib; xor r9=r9,r11 // r9=Sigma1(e)
544 _rotr r10=$t0,$Sigma0[0] } // ROTR(a,28)
545{ .mib; add T1=T1,K // T1=Ch(e,f,g)+h+K512[i]
546 mov E=D };;
547{ .mib; add T1=T1,r9 // T1+=Sigma1(e)
548 _rotr r11=$t0,$Sigma0[1] } // ROTR(a,34)
549{ .mib; mov D=C
550 mov C=B };;
551{ .mmi; add T1=T1,X[15] // T1+=X[i]
552 xor r10=r10,r11
553 _rotr r8=$t0,$Sigma0[2] };; // ROTR(a,39)
554{ .mmi; xor r10=r8,r10 // r10=Sigma0(a)
555 mov B=A
556 add A=T1,T2 };;
557{ .mib; add E=E,T1
558 add A=A,r10 // T2=Maj(a,b,c)+Sigma0(a)
559 br.ctop.sptk .L_rest };;
560.L_rest_end:
561
562{ .mmi; add A_=A_,A
563 add B_=B_,B
564 add C_=C_,C }
565{ .mmi; add D_=D_,D
566 add E_=E_,E
567 cmp.ltu p16,p0=1,num };;
568{ .mmi; add F_=F_,F
569 add G_=G_,G
570 add H_=H_,H }
571{ .mmb; add Ktbl=-$SZ*$rounds,Ktbl
572(p16) add num=-1,num
573(p16) br.dptk.many .L_outer };;
574
575{ .mib; add r8=0*$SZ,ctx
576 add r9=1*$SZ,ctx }
577{ .mib; add r10=2*$SZ,ctx
578 add r11=3*$SZ,ctx };;
579{ .mmi; $STW [r8]=A_,4*$SZ
580 $STW [r9]=B_,4*$SZ
581 mov ar.lc=lcsave }
582{ .mmi; $STW [r10]=C_,4*$SZ
583 $STW [r11]=D_,4*$SZ
584 mov pr=prsave,0x1ffff };;
585{ .mmb; $STW [r8]=E_
586 $STW [r9]=F_ }
587{ .mmb; $STW [r10]=G_
588 $STW [r11]=H_
589 br.ret.sptk.many b0 };;
590.endp $func#
591___
592
593$code =~ s/\`([^\`]*)\`/eval $1/gem;
594$code =~ s/_rotr(\s+)([^=]+)=([^,]+),([0-9]+)/shrp$1$2=$3,$3,$4/gm;
595if ($BITS==64) {
596 $code =~ s/mux2(\s+)\S+/nop.i$1 0x0/gm;
597 $code =~ s/mux1(\s+)\S+/nop.i$1 0x0/gm if ($big_endian);
598 $code =~ s/(shrp\s+X\[[^=]+)=([^,]+),([^,]+),([1-9]+)/$1=$3,$2,64-$4/gm
599 if (!$big_endian);
600 $code =~ s/ld1(\s+)X\[\S+/nop.m$1 0x0/gm;
601}
602
603print $code;
604
605print<<___ if ($BITS==32);
606.align 64
607.type K256#,\@object
608K256: data4 0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5
609 data4 0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5
610 data4 0xd807aa98,0x12835b01,0x243185be,0x550c7dc3
611 data4 0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174
612 data4 0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc
613 data4 0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da
614 data4 0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7
615 data4 0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967
616 data4 0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13
617 data4 0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85
618 data4 0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3
619 data4 0xd192e819,0xd6990624,0xf40e3585,0x106aa070
620 data4 0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5
621 data4 0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3
622 data4 0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208
623 data4 0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2
624.size K256#,$SZ*$rounds
625stringz "SHA256 block transform for IA64, CRYPTOGAMS by <appro\@openssl.org>"
626___
627print<<___ if ($BITS==64);
628.align 64
629.type K512#,\@object
630K512: data8 0x428a2f98d728ae22,0x7137449123ef65cd
631 data8 0xb5c0fbcfec4d3b2f,0xe9b5dba58189dbbc
632 data8 0x3956c25bf348b538,0x59f111f1b605d019
633 data8 0x923f82a4af194f9b,0xab1c5ed5da6d8118
634 data8 0xd807aa98a3030242,0x12835b0145706fbe
635 data8 0x243185be4ee4b28c,0x550c7dc3d5ffb4e2
636 data8 0x72be5d74f27b896f,0x80deb1fe3b1696b1
637 data8 0x9bdc06a725c71235,0xc19bf174cf692694
638 data8 0xe49b69c19ef14ad2,0xefbe4786384f25e3
639 data8 0x0fc19dc68b8cd5b5,0x240ca1cc77ac9c65
640 data8 0x2de92c6f592b0275,0x4a7484aa6ea6e483
641 data8 0x5cb0a9dcbd41fbd4,0x76f988da831153b5
642 data8 0x983e5152ee66dfab,0xa831c66d2db43210
643 data8 0xb00327c898fb213f,0xbf597fc7beef0ee4
644 data8 0xc6e00bf33da88fc2,0xd5a79147930aa725
645 data8 0x06ca6351e003826f,0x142929670a0e6e70
646 data8 0x27b70a8546d22ffc,0x2e1b21385c26c926
647 data8 0x4d2c6dfc5ac42aed,0x53380d139d95b3df
648 data8 0x650a73548baf63de,0x766a0abb3c77b2a8
649 data8 0x81c2c92e47edaee6,0x92722c851482353b
650 data8 0xa2bfe8a14cf10364,0xa81a664bbc423001
651 data8 0xc24b8b70d0f89791,0xc76c51a30654be30
652 data8 0xd192e819d6ef5218,0xd69906245565a910
653 data8 0xf40e35855771202a,0x106aa07032bbd1b8
654 data8 0x19a4c116b8d2d0c8,0x1e376c085141ab53
655 data8 0x2748774cdf8eeb99,0x34b0bcb5e19b48a8
656 data8 0x391c0cb3c5c95a63,0x4ed8aa4ae3418acb
657 data8 0x5b9cca4f7763e373,0x682e6ff3d6b2b8a3
658 data8 0x748f82ee5defb2fc,0x78a5636f43172f60
659 data8 0x84c87814a1f0ab72,0x8cc702081a6439ec
660 data8 0x90befffa23631e28,0xa4506cebde82bde9
661 data8 0xbef9a3f7b2c67915,0xc67178f2e372532b
662 data8 0xca273eceea26619c,0xd186b8c721c0c207
663 data8 0xeada7dd6cde0eb1e,0xf57d4f7fee6ed178
664 data8 0x06f067aa72176fba,0x0a637dc5a2c898a6
665 data8 0x113f9804bef90dae,0x1b710b35131c471b
666 data8 0x28db77f523047d84,0x32caab7b40c72493
667 data8 0x3c9ebe0a15c9bebc,0x431d67c49c100d4c
668 data8 0x4cc5d4becb3e42b6,0x597f299cfc657e2a
669 data8 0x5fcb6fab3ad6faec,0x6c44198c4a475817
670.size K512#,$SZ*$rounds
671stringz "SHA512 block transform for IA64, CRYPTOGAMS by <appro\@openssl.org>"
672___
diff --git a/src/lib/libcrypto/sha/asm/sha512-sse2.pl b/src/lib/libcrypto/sha/asm/sha512-sse2.pl
new file mode 100644
index 0000000000..10902bf673
--- /dev/null
+++ b/src/lib/libcrypto/sha/asm/sha512-sse2.pl
@@ -0,0 +1,404 @@
1#!/usr/bin/env perl
2#
3# ====================================================================
4# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
5# project. Rights for redistribution and usage in source and binary
6# forms are granted according to the OpenSSL license.
7# ====================================================================
8#
9# SHA512_Transform_SSE2.
10#
11# As the name suggests, this is an IA-32 SSE2 implementation of
12# SHA512_Transform. Motivating factor for the undertaken effort was that
13# SHA512 was observed to *consistently* perform *significantly* poorer
14# than SHA256 [2x and slower is common] on 32-bit platforms. On 64-bit
15# platforms on the other hand SHA512 tend to outperform SHA256 [~50%
16# seem to be common improvement factor]. All this is perfectly natural,
17# as SHA512 is a 64-bit algorithm. But isn't IA-32 SSE2 essentially
18# a 64-bit instruction set? Is it rich enough to implement SHA512?
19# If answer was "no," then you wouldn't have been reading this...
20#
21# Throughput performance in MBps (larger is better):
22#
23# 2.4GHz P4 1.4GHz AMD32 1.4GHz AMD64(*)
24# SHA256/gcc(*) 54 43 59
25# SHA512/gcc 17 23 92
26# SHA512/sse2 61(**) 57(**)
27# SHA512/icc 26 28
28# SHA256/icc(*) 65 54
29#
30# (*) AMD64 and SHA256 numbers are presented mostly for amusement or
31# reference purposes.
32# (**) I.e. it gives ~2-3x speed-up if compared with compiler generated
33# code. One can argue that hand-coded *non*-SSE2 implementation
34# would perform better than compiler generated one as well, and
35# that comparison is therefore not exactly fair. Well, as SHA512
36# puts enormous pressure on IA-32 GP register bank, I reckon that
37# hand-coded version wouldn't perform significantly better than
38# one compiled with icc, ~20% perhaps... So that this code would
39# still outperform it with distinguishing marginal. But feel free
40# to prove me wrong:-)
41# <appro@fy.chalmers.se>
42push(@INC,"perlasm","../../perlasm");
43require "x86asm.pl";
44
45&asm_init($ARGV[0],"sha512-sse2.pl",$ARGV[$#ARGV] eq "386");
46
47$K512="esi"; # K512[80] table, found at the end...
48#$W512="esp"; # $W512 is not just W512[16]: it comprises *two* copies
49 # of W512[16] and a copy of A-H variables...
50$W512_SZ=8*(16+16+8); # see above...
51#$Kidx="ebx"; # index in K512 table, advances from 0 to 80...
52$Widx="edx"; # index in W512, wraps around at 16...
53$data="edi"; # 16 qwords of input data...
54$A="mm0"; # B-D and
55$E="mm1"; # F-H are allocated dynamically...
56$Aoff=256+0; # A-H offsets relative to $W512...
57$Boff=256+8;
58$Coff=256+16;
59$Doff=256+24;
60$Eoff=256+32;
61$Foff=256+40;
62$Goff=256+48;
63$Hoff=256+56;
64
65sub SHA2_ROUND()
66{ local ($kidx,$widx)=@_;
67
68 # One can argue that one could reorder instructions for better
69 # performance. Well, I tried and it doesn't seem to make any
70 # noticeable difference. Modern out-of-order execution cores
71 # reorder instructions to their liking in either case and they
72 # apparently do decent job. So we can keep the code more
73 # readable/regular/comprehensible:-)
74
75 # I adhere to 64-bit %mmX registers in order to avoid/not care
76 # about #GP exceptions on misaligned 128-bit access, most
77 # notably in paddq with memory operand. Not to mention that
78 # SSE2 intructions operating on %mmX can be scheduled every
79 # cycle [and not every second one if operating on %xmmN].
80
81 &movq ("mm4",&QWP($Foff,$W512)); # load f
82 &movq ("mm5",&QWP($Goff,$W512)); # load g
83 &movq ("mm6",&QWP($Hoff,$W512)); # load h
84
85 &movq ("mm2",$E); # %mm2 is sliding right
86 &movq ("mm3",$E); # %mm3 is sliding left
87 &psrlq ("mm2",14);
88 &psllq ("mm3",23);
89 &movq ("mm7","mm2"); # %mm7 is T1
90 &pxor ("mm7","mm3");
91 &psrlq ("mm2",4);
92 &psllq ("mm3",23);
93 &pxor ("mm7","mm2");
94 &pxor ("mm7","mm3");
95 &psrlq ("mm2",23);
96 &psllq ("mm3",4);
97 &pxor ("mm7","mm2");
98 &pxor ("mm7","mm3"); # T1=Sigma1_512(e)
99
100 &movq (&QWP($Foff,$W512),$E); # f = e
101 &movq (&QWP($Goff,$W512),"mm4"); # g = f
102 &movq (&QWP($Hoff,$W512),"mm5"); # h = g
103
104 &pxor ("mm4","mm5"); # f^=g
105 &pand ("mm4",$E); # f&=e
106 &pxor ("mm4","mm5"); # f^=g
107 &paddq ("mm7","mm4"); # T1+=Ch(e,f,g)
108
109 &movq ("mm2",&QWP($Boff,$W512)); # load b
110 &movq ("mm3",&QWP($Coff,$W512)); # load c
111 &movq ($E,&QWP($Doff,$W512)); # e = d
112
113 &paddq ("mm7","mm6"); # T1+=h
114 &paddq ("mm7",&QWP(0,$K512,$kidx,8)); # T1+=K512[i]
115 &paddq ("mm7",&QWP(0,$W512,$widx,8)); # T1+=W512[i]
116 &paddq ($E,"mm7"); # e += T1
117
118 &movq ("mm4",$A); # %mm4 is sliding right
119 &movq ("mm5",$A); # %mm5 is sliding left
120 &psrlq ("mm4",28);
121 &psllq ("mm5",25);
122 &movq ("mm6","mm4"); # %mm6 is T2
123 &pxor ("mm6","mm5");
124 &psrlq ("mm4",6);
125 &psllq ("mm5",5);
126 &pxor ("mm6","mm4");
127 &pxor ("mm6","mm5");
128 &psrlq ("mm4",5);
129 &psllq ("mm5",6);
130 &pxor ("mm6","mm4");
131 &pxor ("mm6","mm5"); # T2=Sigma0_512(a)
132
133 &movq (&QWP($Boff,$W512),$A); # b = a
134 &movq (&QWP($Coff,$W512),"mm2"); # c = b
135 &movq (&QWP($Doff,$W512),"mm3"); # d = c
136
137 &movq ("mm4",$A); # %mm4=a
138 &por ($A,"mm3"); # a=a|c
139 &pand ("mm4","mm3"); # %mm4=a&c
140 &pand ($A,"mm2"); # a=(a|c)&b
141 &por ("mm4",$A); # %mm4=(a&c)|((a|c)&b)
142 &paddq ("mm6","mm4"); # T2+=Maj(a,b,c)
143
144 &movq ($A,"mm7"); # a=T1
145 &paddq ($A,"mm6"); # a+=T2
146}
147
148$func="sha512_block_sse2";
149
150&function_begin_B($func);
151 if (0) {# Caller is expected to check if it's appropriate to
152 # call this routine. Below 3 lines are retained for
153 # debugging purposes...
154 &picmeup("eax","OPENSSL_ia32cap");
155 &bt (&DWP(0,"eax"),26);
156 &jnc ("SHA512_Transform");
157 }
158
159 &push ("ebp");
160 &mov ("ebp","esp");
161 &push ("ebx");
162 &push ("esi");
163 &push ("edi");
164
165 &mov ($Widx,&DWP(8,"ebp")); # A-H state, 1st arg
166 &mov ($data,&DWP(12,"ebp")); # input data, 2nd arg
167 &call (&label("pic_point")); # make it PIC!
168&set_label("pic_point");
169 &blindpop($K512);
170 &lea ($K512,&DWP(&label("K512")."-".&label("pic_point"),$K512));
171
172 $W512 = "esp"; # start using %esp as W512
173 &sub ($W512,$W512_SZ);
174 &and ($W512,-16); # ensure 128-bit alignment
175
176 # make private copy of A-H
177 # v assume the worst and stick to unaligned load
178 &movdqu ("xmm0",&QWP(0,$Widx));
179 &movdqu ("xmm1",&QWP(16,$Widx));
180 &movdqu ("xmm2",&QWP(32,$Widx));
181 &movdqu ("xmm3",&QWP(48,$Widx));
182
183&align(8);
184&set_label("_chunk_loop");
185
186 &movdqa (&QWP($Aoff,$W512),"xmm0"); # a,b
187 &movdqa (&QWP($Coff,$W512),"xmm1"); # c,d
188 &movdqa (&QWP($Eoff,$W512),"xmm2"); # e,f
189 &movdqa (&QWP($Goff,$W512),"xmm3"); # g,h
190
191 &xor ($Widx,$Widx);
192
193 &movdq2q($A,"xmm0"); # load a
194 &movdq2q($E,"xmm2"); # load e
195
196 # Why aren't loops unrolled? It makes sense to unroll if
197 # execution time for loop body is comparable with branch
198 # penalties and/or if whole data-set resides in register bank.
199 # Neither is case here... Well, it would be possible to
200 # eliminate few store operations, but it would hardly affect
201 # so to say stop-watch performance, as there is a lot of
202 # available memory slots to fill. It will only relieve some
203 # pressure off memory bus...
204
205 # flip input stream byte order...
206 &mov ("eax",&DWP(0,$data,$Widx,8));
207 &mov ("ebx",&DWP(4,$data,$Widx,8));
208 &bswap ("eax");
209 &bswap ("ebx");
210 &mov (&DWP(0,$W512,$Widx,8),"ebx"); # W512[i]
211 &mov (&DWP(4,$W512,$Widx,8),"eax");
212 &mov (&DWP(128+0,$W512,$Widx,8),"ebx"); # copy of W512[i]
213 &mov (&DWP(128+4,$W512,$Widx,8),"eax");
214
215&align(8);
216&set_label("_1st_loop"); # 0-15
217 # flip input stream byte order...
218 &mov ("eax",&DWP(0+8,$data,$Widx,8));
219 &mov ("ebx",&DWP(4+8,$data,$Widx,8));
220 &bswap ("eax");
221 &bswap ("ebx");
222 &mov (&DWP(0+8,$W512,$Widx,8),"ebx"); # W512[i]
223 &mov (&DWP(4+8,$W512,$Widx,8),"eax");
224 &mov (&DWP(128+0+8,$W512,$Widx,8),"ebx"); # copy of W512[i]
225 &mov (&DWP(128+4+8,$W512,$Widx,8),"eax");
226&set_label("_1st_looplet");
227 &SHA2_ROUND($Widx,$Widx); &inc($Widx);
228
229&cmp ($Widx,15)
230&jl (&label("_1st_loop"));
231&je (&label("_1st_looplet")); # playing similar trick on 2nd loop
232 # does not improve performance...
233
234 $Kidx = "ebx"; # start using %ebx as Kidx
235 &mov ($Kidx,$Widx);
236
237&align(8);
238&set_label("_2nd_loop"); # 16-79
239 &and($Widx,0xf);
240
241 # 128-bit fragment! I update W512[i] and W512[i+1] in
242 # parallel:-) Note that I refer to W512[(i&0xf)+N] and not to
243 # W512[(i+N)&0xf]! This is exactly what I maintain the second
244 # copy of W512[16] for...
245 &movdqu ("xmm0",&QWP(8*1,$W512,$Widx,8)); # s0=W512[i+1]
246 &movdqa ("xmm2","xmm0"); # %xmm2 is sliding right
247 &movdqa ("xmm3","xmm0"); # %xmm3 is sliding left
248 &psrlq ("xmm2",1);
249 &psllq ("xmm3",56);
250 &movdqa ("xmm0","xmm2");
251 &pxor ("xmm0","xmm3");
252 &psrlq ("xmm2",6);
253 &psllq ("xmm3",7);
254 &pxor ("xmm0","xmm2");
255 &pxor ("xmm0","xmm3");
256 &psrlq ("xmm2",1);
257 &pxor ("xmm0","xmm2"); # s0 = sigma0_512(s0);
258
259 &movdqa ("xmm1",&QWP(8*14,$W512,$Widx,8)); # s1=W512[i+14]
260 &movdqa ("xmm4","xmm1"); # %xmm4 is sliding right
261 &movdqa ("xmm5","xmm1"); # %xmm5 is sliding left
262 &psrlq ("xmm4",6);
263 &psllq ("xmm5",3);
264 &movdqa ("xmm1","xmm4");
265 &pxor ("xmm1","xmm5");
266 &psrlq ("xmm4",13);
267 &psllq ("xmm5",42);
268 &pxor ("xmm1","xmm4");
269 &pxor ("xmm1","xmm5");
270 &psrlq ("xmm4",42);
271 &pxor ("xmm1","xmm4"); # s1 = sigma1_512(s1);
272
273 # + have to explictly load W512[i+9] as it's not 128-bit
274 # v aligned and paddq would throw an exception...
275 &movdqu ("xmm6",&QWP(8*9,$W512,$Widx,8));
276 &paddq ("xmm0","xmm1"); # s0 += s1
277 &paddq ("xmm0","xmm6"); # s0 += W512[i+9]
278 &paddq ("xmm0",&QWP(0,$W512,$Widx,8)); # s0 += W512[i]
279
280 &movdqa (&QWP(0,$W512,$Widx,8),"xmm0"); # W512[i] = s0
281 &movdqa (&QWP(16*8,$W512,$Widx,8),"xmm0"); # copy of W512[i]
282
283 # as the above fragment was 128-bit, we "owe" 2 rounds...
284 &SHA2_ROUND($Kidx,$Widx); &inc($Kidx); &inc($Widx);
285 &SHA2_ROUND($Kidx,$Widx); &inc($Kidx); &inc($Widx);
286
287&cmp ($Kidx,80);
288&jl (&label("_2nd_loop"));
289
290 # update A-H state
291 &mov ($Widx,&DWP(8,"ebp")); # A-H state, 1st arg
292 &movq (&QWP($Aoff,$W512),$A); # write out a
293 &movq (&QWP($Eoff,$W512),$E); # write out e
294 &movdqu ("xmm0",&QWP(0,$Widx));
295 &movdqu ("xmm1",&QWP(16,$Widx));
296 &movdqu ("xmm2",&QWP(32,$Widx));
297 &movdqu ("xmm3",&QWP(48,$Widx));
298 &paddq ("xmm0",&QWP($Aoff,$W512)); # 128-bit additions...
299 &paddq ("xmm1",&QWP($Coff,$W512));
300 &paddq ("xmm2",&QWP($Eoff,$W512));
301 &paddq ("xmm3",&QWP($Goff,$W512));
302 &movdqu (&QWP(0,$Widx),"xmm0");
303 &movdqu (&QWP(16,$Widx),"xmm1");
304 &movdqu (&QWP(32,$Widx),"xmm2");
305 &movdqu (&QWP(48,$Widx),"xmm3");
306
307&add ($data,16*8); # advance input data pointer
308&dec (&DWP(16,"ebp")); # decrement 3rd arg
309&jnz (&label("_chunk_loop"));
310
311 # epilogue
312 &emms (); # required for at least ELF and Win32 ABIs
313 &mov ("edi",&DWP(-12,"ebp"));
314 &mov ("esi",&DWP(-8,"ebp"));
315 &mov ("ebx",&DWP(-4,"ebp"));
316 &leave ();
317&ret ();
318
319&align(64);
320&set_label("K512"); # Yes! I keep it in the code segment!
321 &data_word(0xd728ae22,0x428a2f98); # u64
322 &data_word(0x23ef65cd,0x71374491); # u64
323 &data_word(0xec4d3b2f,0xb5c0fbcf); # u64
324 &data_word(0x8189dbbc,0xe9b5dba5); # u64
325 &data_word(0xf348b538,0x3956c25b); # u64
326 &data_word(0xb605d019,0x59f111f1); # u64
327 &data_word(0xaf194f9b,0x923f82a4); # u64
328 &data_word(0xda6d8118,0xab1c5ed5); # u64
329 &data_word(0xa3030242,0xd807aa98); # u64
330 &data_word(0x45706fbe,0x12835b01); # u64
331 &data_word(0x4ee4b28c,0x243185be); # u64
332 &data_word(0xd5ffb4e2,0x550c7dc3); # u64
333 &data_word(0xf27b896f,0x72be5d74); # u64
334 &data_word(0x3b1696b1,0x80deb1fe); # u64
335 &data_word(0x25c71235,0x9bdc06a7); # u64
336 &data_word(0xcf692694,0xc19bf174); # u64
337 &data_word(0x9ef14ad2,0xe49b69c1); # u64
338 &data_word(0x384f25e3,0xefbe4786); # u64
339 &data_word(0x8b8cd5b5,0x0fc19dc6); # u64
340 &data_word(0x77ac9c65,0x240ca1cc); # u64
341 &data_word(0x592b0275,0x2de92c6f); # u64
342 &data_word(0x6ea6e483,0x4a7484aa); # u64
343 &data_word(0xbd41fbd4,0x5cb0a9dc); # u64
344 &data_word(0x831153b5,0x76f988da); # u64
345 &data_word(0xee66dfab,0x983e5152); # u64
346 &data_word(0x2db43210,0xa831c66d); # u64
347 &data_word(0x98fb213f,0xb00327c8); # u64
348 &data_word(0xbeef0ee4,0xbf597fc7); # u64
349 &data_word(0x3da88fc2,0xc6e00bf3); # u64
350 &data_word(0x930aa725,0xd5a79147); # u64
351 &data_word(0xe003826f,0x06ca6351); # u64
352 &data_word(0x0a0e6e70,0x14292967); # u64
353 &data_word(0x46d22ffc,0x27b70a85); # u64
354 &data_word(0x5c26c926,0x2e1b2138); # u64
355 &data_word(0x5ac42aed,0x4d2c6dfc); # u64
356 &data_word(0x9d95b3df,0x53380d13); # u64
357 &data_word(0x8baf63de,0x650a7354); # u64
358 &data_word(0x3c77b2a8,0x766a0abb); # u64
359 &data_word(0x47edaee6,0x81c2c92e); # u64
360 &data_word(0x1482353b,0x92722c85); # u64
361 &data_word(0x4cf10364,0xa2bfe8a1); # u64
362 &data_word(0xbc423001,0xa81a664b); # u64
363 &data_word(0xd0f89791,0xc24b8b70); # u64
364 &data_word(0x0654be30,0xc76c51a3); # u64
365 &data_word(0xd6ef5218,0xd192e819); # u64
366 &data_word(0x5565a910,0xd6990624); # u64
367 &data_word(0x5771202a,0xf40e3585); # u64
368 &data_word(0x32bbd1b8,0x106aa070); # u64
369 &data_word(0xb8d2d0c8,0x19a4c116); # u64
370 &data_word(0x5141ab53,0x1e376c08); # u64
371 &data_word(0xdf8eeb99,0x2748774c); # u64
372 &data_word(0xe19b48a8,0x34b0bcb5); # u64
373 &data_word(0xc5c95a63,0x391c0cb3); # u64
374 &data_word(0xe3418acb,0x4ed8aa4a); # u64
375 &data_word(0x7763e373,0x5b9cca4f); # u64
376 &data_word(0xd6b2b8a3,0x682e6ff3); # u64
377 &data_word(0x5defb2fc,0x748f82ee); # u64
378 &data_word(0x43172f60,0x78a5636f); # u64
379 &data_word(0xa1f0ab72,0x84c87814); # u64
380 &data_word(0x1a6439ec,0x8cc70208); # u64
381 &data_word(0x23631e28,0x90befffa); # u64
382 &data_word(0xde82bde9,0xa4506ceb); # u64
383 &data_word(0xb2c67915,0xbef9a3f7); # u64
384 &data_word(0xe372532b,0xc67178f2); # u64
385 &data_word(0xea26619c,0xca273ece); # u64
386 &data_word(0x21c0c207,0xd186b8c7); # u64
387 &data_word(0xcde0eb1e,0xeada7dd6); # u64
388 &data_word(0xee6ed178,0xf57d4f7f); # u64
389 &data_word(0x72176fba,0x06f067aa); # u64
390 &data_word(0xa2c898a6,0x0a637dc5); # u64
391 &data_word(0xbef90dae,0x113f9804); # u64
392 &data_word(0x131c471b,0x1b710b35); # u64
393 &data_word(0x23047d84,0x28db77f5); # u64
394 &data_word(0x40c72493,0x32caab7b); # u64
395 &data_word(0x15c9bebc,0x3c9ebe0a); # u64
396 &data_word(0x9c100d4c,0x431d67c4); # u64
397 &data_word(0xcb3e42b6,0x4cc5d4be); # u64
398 &data_word(0xfc657e2a,0x597f299c); # u64
399 &data_word(0x3ad6faec,0x5fcb6fab); # u64
400 &data_word(0x4a475817,0x6c44198c); # u64
401
402&function_end_B($func);
403
404&asm_finish();
diff --git a/src/lib/libcrypto/sha/asm/sha512-x86_64.pl b/src/lib/libcrypto/sha/asm/sha512-x86_64.pl
new file mode 100755
index 0000000000..b6252d31ec
--- /dev/null
+++ b/src/lib/libcrypto/sha/asm/sha512-x86_64.pl
@@ -0,0 +1,344 @@
1#!/usr/bin/env perl
2#
3# ====================================================================
4# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
5# project. Rights for redistribution and usage in source and binary
6# forms are granted according to the OpenSSL license.
7# ====================================================================
8#
9# sha256/512_block procedure for x86_64.
10#
11# 40% improvement over compiler-generated code on Opteron. On EM64T
12# sha256 was observed to run >80% faster and sha512 - >40%. No magical
13# tricks, just straight implementation... I really wonder why gcc
14# [being armed with inline assembler] fails to generate as fast code.
15# The only thing which is cool about this module is that it's very
16# same instruction sequence used for both SHA-256 and SHA-512. In
17# former case the instructions operate on 32-bit operands, while in
18# latter - on 64-bit ones. All I had to do is to get one flavor right,
19# the other one passed the test right away:-)
20#
21# sha256_block runs in ~1005 cycles on Opteron, which gives you
22# asymptotic performance of 64*1000/1005=63.7MBps times CPU clock
23# frequency in GHz. sha512_block runs in ~1275 cycles, which results
24# in 128*1000/1275=100MBps per GHz. Is there room for improvement?
25# Well, if you compare it to IA-64 implementation, which maintains
26# X[16] in register bank[!], tends to 4 instructions per CPU clock
27# cycle and runs in 1003 cycles, 1275 is very good result for 3-way
28# issue Opteron pipeline and X[16] maintained in memory. So that *if*
29# there is a way to improve it, *then* the only way would be to try to
30# offload X[16] updates to SSE unit, but that would require "deeper"
31# loop unroll, which in turn would naturally cause size blow-up, not
32# to mention increased complexity! And once again, only *if* it's
33# actually possible to noticeably improve overall ILP, instruction
34# level parallelism, on a given CPU implementation in this case.
35#
36# Special note on Intel EM64T. While Opteron CPU exhibits perfect
37# perfromance ratio of 1.5 between 64- and 32-bit flavors [see above],
38# [currently available] EM64T CPUs apparently are far from it. On the
39# contrary, 64-bit version, sha512_block, is ~30% *slower* than 32-bit
40# sha256_block:-( This is presumably because 64-bit shifts/rotates
41# apparently are not atomic instructions, but implemented in microcode.
42
43$output=shift;
44
45$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
46( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
47( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
48die "can't locate x86_64-xlate.pl";
49
50open STDOUT,"| $^X $xlate $output";
51
52if ($output =~ /512/) {
53 $func="sha512_block_data_order";
54 $TABLE="K512";
55 $SZ=8;
56 @ROT=($A,$B,$C,$D,$E,$F,$G,$H)=("%rax","%rbx","%rcx","%rdx",
57 "%r8", "%r9", "%r10","%r11");
58 ($T1,$a0,$a1,$a2)=("%r12","%r13","%r14","%r15");
59 @Sigma0=(28,34,39);
60 @Sigma1=(14,18,41);
61 @sigma0=(1, 8, 7);
62 @sigma1=(19,61, 6);
63 $rounds=80;
64} else {
65 $func="sha256_block_data_order";
66 $TABLE="K256";
67 $SZ=4;
68 @ROT=($A,$B,$C,$D,$E,$F,$G,$H)=("%eax","%ebx","%ecx","%edx",
69 "%r8d","%r9d","%r10d","%r11d");
70 ($T1,$a0,$a1,$a2)=("%r12d","%r13d","%r14d","%r15d");
71 @Sigma0=( 2,13,22);
72 @Sigma1=( 6,11,25);
73 @sigma0=( 7,18, 3);
74 @sigma1=(17,19,10);
75 $rounds=64;
76}
77
78$ctx="%rdi"; # 1st arg
79$round="%rdi"; # zaps $ctx
80$inp="%rsi"; # 2nd arg
81$Tbl="%rbp";
82
83$_ctx="16*$SZ+0*8(%rsp)";
84$_inp="16*$SZ+1*8(%rsp)";
85$_end="16*$SZ+2*8(%rsp)";
86$_rsp="16*$SZ+3*8(%rsp)";
87$framesz="16*$SZ+4*8";
88
89
90sub ROUND_00_15()
91{ my ($i,$a,$b,$c,$d,$e,$f,$g,$h) = @_;
92
93$code.=<<___;
94 mov $e,$a0
95 mov $e,$a1
96 mov $f,$a2
97
98 ror \$$Sigma1[0],$a0
99 ror \$$Sigma1[1],$a1
100 xor $g,$a2 # f^g
101
102 xor $a1,$a0
103 ror \$`$Sigma1[2]-$Sigma1[1]`,$a1
104 and $e,$a2 # (f^g)&e
105 mov $T1,`$SZ*($i&0xf)`(%rsp)
106
107 xor $a1,$a0 # Sigma1(e)
108 xor $g,$a2 # Ch(e,f,g)=((f^g)&e)^g
109 add $h,$T1 # T1+=h
110
111 mov $a,$h
112 add $a0,$T1 # T1+=Sigma1(e)
113
114 add $a2,$T1 # T1+=Ch(e,f,g)
115 mov $a,$a0
116 mov $a,$a1
117
118 ror \$$Sigma0[0],$h
119 ror \$$Sigma0[1],$a0
120 mov $a,$a2
121 add ($Tbl,$round,$SZ),$T1 # T1+=K[round]
122
123 xor $a0,$h
124 ror \$`$Sigma0[2]-$Sigma0[1]`,$a0
125 or $c,$a1 # a|c
126
127 xor $a0,$h # h=Sigma0(a)
128 and $c,$a2 # a&c
129 add $T1,$d # d+=T1
130
131 and $b,$a1 # (a|c)&b
132 add $T1,$h # h+=T1
133
134 or $a2,$a1 # Maj(a,b,c)=((a|c)&b)|(a&c)
135 lea 1($round),$round # round++
136
137 add $a1,$h # h+=Maj(a,b,c)
138___
139}
140
141sub ROUND_16_XX()
142{ my ($i,$a,$b,$c,$d,$e,$f,$g,$h) = @_;
143
144$code.=<<___;
145 mov `$SZ*(($i+1)&0xf)`(%rsp),$a0
146 mov `$SZ*(($i+14)&0xf)`(%rsp),$T1
147
148 mov $a0,$a2
149
150 shr \$$sigma0[2],$a0
151 ror \$$sigma0[0],$a2
152
153 xor $a2,$a0
154 ror \$`$sigma0[1]-$sigma0[0]`,$a2
155
156 xor $a2,$a0 # sigma0(X[(i+1)&0xf])
157 mov $T1,$a1
158
159 shr \$$sigma1[2],$T1
160 ror \$$sigma1[0],$a1
161
162 xor $a1,$T1
163 ror \$`$sigma1[1]-$sigma1[0]`,$a1
164
165 xor $a1,$T1 # sigma1(X[(i+14)&0xf])
166
167 add $a0,$T1
168
169 add `$SZ*(($i+9)&0xf)`(%rsp),$T1
170
171 add `$SZ*($i&0xf)`(%rsp),$T1
172___
173 &ROUND_00_15(@_);
174}
175
176$code=<<___;
177.text
178
179.globl $func
180.type $func,\@function,4
181.align 16
182$func:
183 push %rbx
184 push %rbp
185 push %r12
186 push %r13
187 push %r14
188 push %r15
189 mov %rsp,%rbp # copy %rsp
190 shl \$4,%rdx # num*16
191 sub \$$framesz,%rsp
192 lea ($inp,%rdx,$SZ),%rdx # inp+num*16*$SZ
193 and \$-64,%rsp # align stack frame
194 mov $ctx,$_ctx # save ctx, 1st arg
195 mov $inp,$_inp # save inp, 2nd arh
196 mov %rdx,$_end # save end pointer, "3rd" arg
197 mov %rbp,$_rsp # save copy of %rsp
198
199 .picmeup $Tbl
200 lea $TABLE-.($Tbl),$Tbl
201
202 mov $SZ*0($ctx),$A
203 mov $SZ*1($ctx),$B
204 mov $SZ*2($ctx),$C
205 mov $SZ*3($ctx),$D
206 mov $SZ*4($ctx),$E
207 mov $SZ*5($ctx),$F
208 mov $SZ*6($ctx),$G
209 mov $SZ*7($ctx),$H
210 jmp .Lloop
211
212.align 16
213.Lloop:
214 xor $round,$round
215___
216 for($i=0;$i<16;$i++) {
217 $code.=" mov $SZ*$i($inp),$T1\n";
218 $code.=" bswap $T1\n";
219 &ROUND_00_15($i,@ROT);
220 unshift(@ROT,pop(@ROT));
221 }
222$code.=<<___;
223 jmp .Lrounds_16_xx
224.align 16
225.Lrounds_16_xx:
226___
227 for(;$i<32;$i++) {
228 &ROUND_16_XX($i,@ROT);
229 unshift(@ROT,pop(@ROT));
230 }
231
232$code.=<<___;
233 cmp \$$rounds,$round
234 jb .Lrounds_16_xx
235
236 mov $_ctx,$ctx
237 lea 16*$SZ($inp),$inp
238
239 add $SZ*0($ctx),$A
240 add $SZ*1($ctx),$B
241 add $SZ*2($ctx),$C
242 add $SZ*3($ctx),$D
243 add $SZ*4($ctx),$E
244 add $SZ*5($ctx),$F
245 add $SZ*6($ctx),$G
246 add $SZ*7($ctx),$H
247
248 cmp $_end,$inp
249
250 mov $A,$SZ*0($ctx)
251 mov $B,$SZ*1($ctx)
252 mov $C,$SZ*2($ctx)
253 mov $D,$SZ*3($ctx)
254 mov $E,$SZ*4($ctx)
255 mov $F,$SZ*5($ctx)
256 mov $G,$SZ*6($ctx)
257 mov $H,$SZ*7($ctx)
258 jb .Lloop
259
260 mov $_rsp,%rsp
261 pop %r15
262 pop %r14
263 pop %r13
264 pop %r12
265 pop %rbp
266 pop %rbx
267
268 ret
269.size $func,.-$func
270___
271
272if ($SZ==4) {
273$code.=<<___;
274.align 64
275.type $TABLE,\@object
276$TABLE:
277 .long 0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5
278 .long 0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5
279 .long 0xd807aa98,0x12835b01,0x243185be,0x550c7dc3
280 .long 0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174
281 .long 0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc
282 .long 0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da
283 .long 0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7
284 .long 0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967
285 .long 0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13
286 .long 0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85
287 .long 0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3
288 .long 0xd192e819,0xd6990624,0xf40e3585,0x106aa070
289 .long 0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5
290 .long 0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3
291 .long 0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208
292 .long 0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2
293___
294} else {
295$code.=<<___;
296.align 64
297.type $TABLE,\@object
298$TABLE:
299 .quad 0x428a2f98d728ae22,0x7137449123ef65cd
300 .quad 0xb5c0fbcfec4d3b2f,0xe9b5dba58189dbbc
301 .quad 0x3956c25bf348b538,0x59f111f1b605d019
302 .quad 0x923f82a4af194f9b,0xab1c5ed5da6d8118
303 .quad 0xd807aa98a3030242,0x12835b0145706fbe
304 .quad 0x243185be4ee4b28c,0x550c7dc3d5ffb4e2
305 .quad 0x72be5d74f27b896f,0x80deb1fe3b1696b1
306 .quad 0x9bdc06a725c71235,0xc19bf174cf692694
307 .quad 0xe49b69c19ef14ad2,0xefbe4786384f25e3
308 .quad 0x0fc19dc68b8cd5b5,0x240ca1cc77ac9c65
309 .quad 0x2de92c6f592b0275,0x4a7484aa6ea6e483
310 .quad 0x5cb0a9dcbd41fbd4,0x76f988da831153b5
311 .quad 0x983e5152ee66dfab,0xa831c66d2db43210
312 .quad 0xb00327c898fb213f,0xbf597fc7beef0ee4
313 .quad 0xc6e00bf33da88fc2,0xd5a79147930aa725
314 .quad 0x06ca6351e003826f,0x142929670a0e6e70
315 .quad 0x27b70a8546d22ffc,0x2e1b21385c26c926
316 .quad 0x4d2c6dfc5ac42aed,0x53380d139d95b3df
317 .quad 0x650a73548baf63de,0x766a0abb3c77b2a8
318 .quad 0x81c2c92e47edaee6,0x92722c851482353b
319 .quad 0xa2bfe8a14cf10364,0xa81a664bbc423001
320 .quad 0xc24b8b70d0f89791,0xc76c51a30654be30
321 .quad 0xd192e819d6ef5218,0xd69906245565a910
322 .quad 0xf40e35855771202a,0x106aa07032bbd1b8
323 .quad 0x19a4c116b8d2d0c8,0x1e376c085141ab53
324 .quad 0x2748774cdf8eeb99,0x34b0bcb5e19b48a8
325 .quad 0x391c0cb3c5c95a63,0x4ed8aa4ae3418acb
326 .quad 0x5b9cca4f7763e373,0x682e6ff3d6b2b8a3
327 .quad 0x748f82ee5defb2fc,0x78a5636f43172f60
328 .quad 0x84c87814a1f0ab72,0x8cc702081a6439ec
329 .quad 0x90befffa23631e28,0xa4506cebde82bde9
330 .quad 0xbef9a3f7b2c67915,0xc67178f2e372532b
331 .quad 0xca273eceea26619c,0xd186b8c721c0c207
332 .quad 0xeada7dd6cde0eb1e,0xf57d4f7fee6ed178
333 .quad 0x06f067aa72176fba,0x0a637dc5a2c898a6
334 .quad 0x113f9804bef90dae,0x1b710b35131c471b
335 .quad 0x28db77f523047d84,0x32caab7b40c72493
336 .quad 0x3c9ebe0a15c9bebc,0x431d67c49c100d4c
337 .quad 0x4cc5d4becb3e42b6,0x597f299cfc657e2a
338 .quad 0x5fcb6fab3ad6faec,0x6c44198c4a475817
339___
340}
341
342$code =~ s/\`([^\`]*)\`/eval $1/gem;
343print $code;
344close STDOUT;
diff --git a/src/lib/libcrypto/sha/sha.c b/src/lib/libcrypto/sha/sha.c
new file mode 100644
index 0000000000..42126551d1
--- /dev/null
+++ b/src/lib/libcrypto/sha/sha.c
@@ -0,0 +1,124 @@
1/* crypto/sha/sha.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <stdlib.h>
61#include <openssl/sha.h>
62
63#define BUFSIZE 1024*16
64
65void do_fp(FILE *f);
66void pt(unsigned char *md);
67int read(int, void *, unsigned int);
68int main(int argc, char **argv)
69 {
70 int i,err=0;
71 FILE *IN;
72
73 if (argc == 1)
74 {
75 do_fp(stdin);
76 }
77 else
78 {
79 for (i=1; i<argc; i++)
80 {
81 IN=fopen(argv[i],"r");
82 if (IN == NULL)
83 {
84 perror(argv[i]);
85 err++;
86 continue;
87 }
88 printf("SHA(%s)= ",argv[i]);
89 do_fp(IN);
90 fclose(IN);
91 }
92 }
93 exit(err);
94 }
95
96void do_fp(FILE *f)
97 {
98 SHA_CTX c;
99 unsigned char md[SHA_DIGEST_LENGTH];
100 int fd;
101 int i;
102 unsigned char buf[BUFSIZE];
103
104 fd=fileno(f);
105 SHA_Init(&c);
106 for (;;)
107 {
108 i=read(fd,buf,BUFSIZE);
109 if (i <= 0) break;
110 SHA_Update(&c,buf,(unsigned long)i);
111 }
112 SHA_Final(&(md[0]),&c);
113 pt(md);
114 }
115
116void pt(unsigned char *md)
117 {
118 int i;
119
120 for (i=0; i<SHA_DIGEST_LENGTH; i++)
121 printf("%02x",md[i]);
122 printf("\n");
123 }
124
diff --git a/src/lib/libcrypto/sha/sha.h b/src/lib/libcrypto/sha/sha.h
new file mode 100644
index 0000000000..eed44d7f94
--- /dev/null
+++ b/src/lib/libcrypto/sha/sha.h
@@ -0,0 +1,200 @@
1/* crypto/sha/sha.h */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#ifndef HEADER_SHA_H
60#define HEADER_SHA_H
61
62#include <openssl/e_os2.h>
63#include <stddef.h>
64
65#ifdef __cplusplus
66extern "C" {
67#endif
68
69#if defined(OPENSSL_NO_SHA) || (defined(OPENSSL_NO_SHA0) && defined(OPENSSL_NO_SHA1))
70#error SHA is disabled.
71#endif
72
73#if defined(OPENSSL_FIPS)
74#define FIPS_SHA_SIZE_T size_t
75#endif
76
77/*
78 * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
79 * ! SHA_LONG has to be at least 32 bits wide. If it's wider, then !
80 * ! SHA_LONG_LOG2 has to be defined along. !
81 * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
82 */
83
84#if defined(OPENSSL_SYS_WIN16) || defined(__LP32__)
85#define SHA_LONG unsigned long
86#elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__)
87#define SHA_LONG unsigned long
88#define SHA_LONG_LOG2 3
89#else
90#define SHA_LONG unsigned int
91#endif
92
93#define SHA_LBLOCK 16
94#define SHA_CBLOCK (SHA_LBLOCK*4) /* SHA treats input data as a
95 * contiguous array of 32 bit
96 * wide big-endian values. */
97#define SHA_LAST_BLOCK (SHA_CBLOCK-8)
98#define SHA_DIGEST_LENGTH 20
99
100typedef struct SHAstate_st
101 {
102 SHA_LONG h0,h1,h2,h3,h4;
103 SHA_LONG Nl,Nh;
104 SHA_LONG data[SHA_LBLOCK];
105 unsigned int num;
106 } SHA_CTX;
107
108#ifndef OPENSSL_NO_SHA0
109int SHA_Init(SHA_CTX *c);
110int SHA_Update(SHA_CTX *c, const void *data, size_t len);
111int SHA_Final(unsigned char *md, SHA_CTX *c);
112unsigned char *SHA(const unsigned char *d, size_t n, unsigned char *md);
113void SHA_Transform(SHA_CTX *c, const unsigned char *data);
114#endif
115#ifndef OPENSSL_NO_SHA1
116int SHA1_Init(SHA_CTX *c);
117int SHA1_Update(SHA_CTX *c, const void *data, size_t len);
118int SHA1_Final(unsigned char *md, SHA_CTX *c);
119unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md);
120void SHA1_Transform(SHA_CTX *c, const unsigned char *data);
121#endif
122
123#define SHA256_CBLOCK (SHA_LBLOCK*4) /* SHA-256 treats input data as a
124 * contiguous array of 32 bit
125 * wide big-endian values. */
126#define SHA224_DIGEST_LENGTH 28
127#define SHA256_DIGEST_LENGTH 32
128
129typedef struct SHA256state_st
130 {
131 SHA_LONG h[8];
132 SHA_LONG Nl,Nh;
133 SHA_LONG data[SHA_LBLOCK];
134 unsigned int num,md_len;
135 } SHA256_CTX;
136
137#ifndef OPENSSL_NO_SHA256
138int SHA224_Init(SHA256_CTX *c);
139int SHA224_Update(SHA256_CTX *c, const void *data, size_t len);
140int SHA224_Final(unsigned char *md, SHA256_CTX *c);
141unsigned char *SHA224(const unsigned char *d, size_t n,unsigned char *md);
142int SHA256_Init(SHA256_CTX *c);
143int SHA256_Update(SHA256_CTX *c, const void *data, size_t len);
144int SHA256_Final(unsigned char *md, SHA256_CTX *c);
145unsigned char *SHA256(const unsigned char *d, size_t n,unsigned char *md);
146void SHA256_Transform(SHA256_CTX *c, const unsigned char *data);
147#endif
148
149#define SHA384_DIGEST_LENGTH 48
150#define SHA512_DIGEST_LENGTH 64
151
152#ifndef OPENSSL_NO_SHA512
153/*
154 * Unlike 32-bit digest algorithms, SHA-512 *relies* on SHA_LONG64
155 * being exactly 64-bit wide. See Implementation Notes in sha512.c
156 * for further details.
157 */
158#define SHA512_CBLOCK (SHA_LBLOCK*8) /* SHA-512 treats input data as a
159 * contiguous array of 64 bit
160 * wide big-endian values. */
161#if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__)
162#define SHA_LONG64 unsigned __int64
163#define U64(C) C##UI64
164#elif defined(__arch64__)
165#define SHA_LONG64 unsigned long
166#define U64(C) C##UL
167#else
168#define SHA_LONG64 unsigned long long
169#define U64(C) C##ULL
170#endif
171
172typedef struct SHA512state_st
173 {
174 SHA_LONG64 h[8];
175 SHA_LONG64 Nl,Nh;
176 union {
177 SHA_LONG64 d[SHA_LBLOCK];
178 unsigned char p[SHA512_CBLOCK];
179 } u;
180 unsigned int num,md_len;
181 } SHA512_CTX;
182#endif
183
184#ifndef OPENSSL_NO_SHA512
185int SHA384_Init(SHA512_CTX *c);
186int SHA384_Update(SHA512_CTX *c, const void *data, size_t len);
187int SHA384_Final(unsigned char *md, SHA512_CTX *c);
188unsigned char *SHA384(const unsigned char *d, size_t n,unsigned char *md);
189int SHA512_Init(SHA512_CTX *c);
190int SHA512_Update(SHA512_CTX *c, const void *data, size_t len);
191int SHA512_Final(unsigned char *md, SHA512_CTX *c);
192unsigned char *SHA512(const unsigned char *d, size_t n,unsigned char *md);
193void SHA512_Transform(SHA512_CTX *c, const unsigned char *data);
194#endif
195
196#ifdef __cplusplus
197}
198#endif
199
200#endif
diff --git a/src/lib/libcrypto/sha/sha1.c b/src/lib/libcrypto/sha/sha1.c
new file mode 100644
index 0000000000..d350c88ee4
--- /dev/null
+++ b/src/lib/libcrypto/sha/sha1.c
@@ -0,0 +1,127 @@
1/* crypto/sha/sha1.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <stdlib.h>
61#include <openssl/sha.h>
62
63#define BUFSIZE 1024*16
64
65void do_fp(FILE *f);
66void pt(unsigned char *md);
67#ifndef _OSD_POSIX
68int read(int, void *, unsigned int);
69#endif
70
71int main(int argc, char **argv)
72 {
73 int i,err=0;
74 FILE *IN;
75
76 if (argc == 1)
77 {
78 do_fp(stdin);
79 }
80 else
81 {
82 for (i=1; i<argc; i++)
83 {
84 IN=fopen(argv[i],"r");
85 if (IN == NULL)
86 {
87 perror(argv[i]);
88 err++;
89 continue;
90 }
91 printf("SHA1(%s)= ",argv[i]);
92 do_fp(IN);
93 fclose(IN);
94 }
95 }
96 exit(err);
97 }
98
99void do_fp(FILE *f)
100 {
101 SHA_CTX c;
102 unsigned char md[SHA_DIGEST_LENGTH];
103 int fd;
104 int i;
105 unsigned char buf[BUFSIZE];
106
107 fd=fileno(f);
108 SHA1_Init(&c);
109 for (;;)
110 {
111 i=read(fd,buf,BUFSIZE);
112 if (i <= 0) break;
113 SHA1_Update(&c,buf,(unsigned long)i);
114 }
115 SHA1_Final(&(md[0]),&c);
116 pt(md);
117 }
118
119void pt(unsigned char *md)
120 {
121 int i;
122
123 for (i=0; i<SHA_DIGEST_LENGTH; i++)
124 printf("%02x",md[i]);
125 printf("\n");
126 }
127
diff --git a/src/lib/libcrypto/sha/sha1_one.c b/src/lib/libcrypto/sha/sha1_one.c
new file mode 100644
index 0000000000..7c65b60276
--- /dev/null
+++ b/src/lib/libcrypto/sha/sha1_one.c
@@ -0,0 +1,78 @@
1/* crypto/sha/sha1_one.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <string.h>
61#include <openssl/sha.h>
62#include <openssl/crypto.h>
63
64#ifndef OPENSSL_NO_SHA1
65unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md)
66 {
67 SHA_CTX c;
68 static unsigned char m[SHA_DIGEST_LENGTH];
69
70 if (md == NULL) md=m;
71 if (!SHA1_Init(&c))
72 return NULL;
73 SHA1_Update(&c,d,n);
74 SHA1_Final(md,&c);
75 OPENSSL_cleanse(&c,sizeof(c));
76 return(md);
77 }
78#endif
diff --git a/src/lib/libcrypto/sha/sha1dgst.c b/src/lib/libcrypto/sha/sha1dgst.c
new file mode 100644
index 0000000000..50d1925cde
--- /dev/null
+++ b/src/lib/libcrypto/sha/sha1dgst.c
@@ -0,0 +1,74 @@
1/* crypto/sha/sha1dgst.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <openssl/opensslconf.h>
60#if !defined(OPENSSL_NO_SHA1) && !defined(OPENSSL_NO_SHA)
61
62#undef SHA_0
63#define SHA_1
64
65#include <openssl/opensslv.h>
66
67const char SHA1_version[]="SHA1" OPENSSL_VERSION_PTEXT;
68
69/* The implementation is in ../md32_common.h */
70
71#include "sha_locl.h"
72
73#endif
74
diff --git a/src/lib/libcrypto/sha/sha1s.cpp b/src/lib/libcrypto/sha/sha1s.cpp
new file mode 100644
index 0000000000..af23d1e0f2
--- /dev/null
+++ b/src/lib/libcrypto/sha/sha1s.cpp
@@ -0,0 +1,82 @@
1//
2// gettsc.inl
3//
4// gives access to the Pentium's (secret) cycle counter
5//
6// This software was written by Leonard Janke (janke@unixg.ubc.ca)
7// in 1996-7 and is entered, by him, into the public domain.
8
9#if defined(__WATCOMC__)
10void GetTSC(unsigned long&);
11#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
12#elif defined(__GNUC__)
13inline
14void GetTSC(unsigned long& tsc)
15{
16 asm volatile(".byte 15, 49\n\t"
17 : "=eax" (tsc)
18 :
19 : "%edx", "%eax");
20}
21#elif defined(_MSC_VER)
22inline
23void GetTSC(unsigned long& tsc)
24{
25 unsigned long a;
26 __asm _emit 0fh
27 __asm _emit 31h
28 __asm mov a, eax;
29 tsc=a;
30}
31#endif
32
33#include <stdio.h>
34#include <stdlib.h>
35#include <openssl/sha.h>
36
37#define sha1_block_x86 sha1_block_asm_data_order
38extern "C" {
39void sha1_block_x86(SHA_CTX *ctx, unsigned char *buffer,int num);
40}
41
42void main(int argc,char *argv[])
43 {
44 unsigned char buffer[64*256];
45 SHA_CTX ctx;
46 unsigned long s1,s2,e1,e2;
47 unsigned char k[16];
48 unsigned long data[2];
49 unsigned char iv[8];
50 int i,num=0,numm;
51 int j=0;
52
53 if (argc >= 2)
54 num=atoi(argv[1]);
55
56 if (num == 0) num=16;
57 if (num > 250) num=16;
58 numm=num+2;
59#if 0
60 num*=64;
61 numm*=64;
62#endif
63
64 for (j=0; j<6; j++)
65 {
66 for (i=0; i<10; i++) /**/
67 {
68 sha1_block_x86(&ctx,buffer,numm);
69 GetTSC(s1);
70 sha1_block_x86(&ctx,buffer,numm);
71 GetTSC(e1);
72 GetTSC(s2);
73 sha1_block_x86(&ctx,buffer,num);
74 GetTSC(e2);
75 sha1_block_x86(&ctx,buffer,num);
76 }
77
78 printf("sha1 (%d bytes) %d %d (%.2f)\n",num*64,
79 e1-s1,e2-s2,(double)((e1-s1)-(e2-s2))/2);
80 }
81 }
82
diff --git a/src/lib/libcrypto/sha/sha1test.c b/src/lib/libcrypto/sha/sha1test.c
new file mode 100644
index 0000000000..6feb3964c7
--- /dev/null
+++ b/src/lib/libcrypto/sha/sha1test.c
@@ -0,0 +1,178 @@
1/* crypto/sha/sha1test.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <string.h>
61#include <stdlib.h>
62
63#include "../e_os.h"
64
65#ifdef OPENSSL_NO_SHA
66int main(int argc, char *argv[])
67{
68 printf("No SHA support\n");
69 return(0);
70}
71#else
72#include <openssl/evp.h>
73#include <openssl/sha.h>
74
75#ifdef CHARSET_EBCDIC
76#include <openssl/ebcdic.h>
77#endif
78
79#undef SHA_0 /* FIPS 180 */
80#define SHA_1 /* FIPS 180-1 */
81
82static char *test[]={
83 "abc",
84 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
85 NULL,
86 };
87
88#ifdef SHA_0
89static char *ret[]={
90 "0164b8a914cd2a5e74c4f7ff082c4d97f1edf880",
91 "d2516ee1acfa5baf33dfc1c471e438449ef134c8",
92 };
93static char *bigret=
94 "3232affa48628a26653b5aaa44541fd90d690603";
95#endif
96#ifdef SHA_1
97static char *ret[]={
98 "a9993e364706816aba3e25717850c26c9cd0d89d",
99 "84983e441c3bd26ebaae4aa1f95129e5e54670f1",
100 };
101static char *bigret=
102 "34aa973cd4c4daa4f61eeb2bdbad27316534016f";
103#endif
104
105static char *pt(unsigned char *md);
106int main(int argc, char *argv[])
107 {
108 int i,err=0;
109 char **P,**R;
110 static unsigned char buf[1000];
111 char *p,*r;
112 EVP_MD_CTX c;
113 unsigned char md[SHA_DIGEST_LENGTH];
114
115#ifdef CHARSET_EBCDIC
116 ebcdic2ascii(test[0], test[0], strlen(test[0]));
117 ebcdic2ascii(test[1], test[1], strlen(test[1]));
118#endif
119
120 EVP_MD_CTX_init(&c);
121 P=test;
122 R=ret;
123 i=1;
124 while (*P != NULL)
125 {
126 EVP_Digest(*P,strlen((char *)*P),md,NULL,EVP_sha1(), NULL);
127 p=pt(md);
128 if (strcmp(p,(char *)*R) != 0)
129 {
130 printf("error calculating SHA1 on '%s'\n",*P);
131 printf("got %s instead of %s\n",p,*R);
132 err++;
133 }
134 else
135 printf("test %d ok\n",i);
136 i++;
137 R++;
138 P++;
139 }
140
141 memset(buf,'a',1000);
142#ifdef CHARSET_EBCDIC
143 ebcdic2ascii(buf, buf, 1000);
144#endif /*CHARSET_EBCDIC*/
145 EVP_DigestInit_ex(&c,EVP_sha1(), NULL);
146 for (i=0; i<1000; i++)
147 EVP_DigestUpdate(&c,buf,1000);
148 EVP_DigestFinal_ex(&c,md,NULL);
149 p=pt(md);
150
151 r=bigret;
152 if (strcmp(p,r) != 0)
153 {
154 printf("error calculating SHA1 on 'a' * 1000\n");
155 printf("got %s instead of %s\n",p,r);
156 err++;
157 }
158 else
159 printf("test 3 ok\n");
160
161#ifdef OPENSSL_SYS_NETWARE
162 if (err) printf("ERROR: %d\n", err);
163#endif
164 EXIT(err);
165 EVP_MD_CTX_cleanup(&c);
166 return(0);
167 }
168
169static char *pt(unsigned char *md)
170 {
171 int i;
172 static char buf[80];
173
174 for (i=0; i<SHA_DIGEST_LENGTH; i++)
175 sprintf(&(buf[i*2]),"%02x",md[i]);
176 return(buf);
177 }
178#endif
diff --git a/src/lib/libcrypto/sha/sha256.c b/src/lib/libcrypto/sha/sha256.c
new file mode 100644
index 0000000000..867f90cc97
--- /dev/null
+++ b/src/lib/libcrypto/sha/sha256.c
@@ -0,0 +1,282 @@
1/* crypto/sha/sha256.c */
2/* ====================================================================
3 * Copyright (c) 2004 The OpenSSL Project. All rights reserved
4 * according to the OpenSSL license [found in ../../LICENSE].
5 * ====================================================================
6 */
7#include <openssl/opensslconf.h>
8#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA256)
9
10#include <stdlib.h>
11#include <string.h>
12
13#include <openssl/crypto.h>
14#include <openssl/sha.h>
15#include <openssl/opensslv.h>
16
17const char SHA256_version[]="SHA-256" OPENSSL_VERSION_PTEXT;
18
19int SHA224_Init (SHA256_CTX *c)
20 {
21 c->h[0]=0xc1059ed8UL; c->h[1]=0x367cd507UL;
22 c->h[2]=0x3070dd17UL; c->h[3]=0xf70e5939UL;
23 c->h[4]=0xffc00b31UL; c->h[5]=0x68581511UL;
24 c->h[6]=0x64f98fa7UL; c->h[7]=0xbefa4fa4UL;
25 c->Nl=0; c->Nh=0;
26 c->num=0; c->md_len=SHA224_DIGEST_LENGTH;
27 return 1;
28 }
29
30int SHA256_Init (SHA256_CTX *c)
31 {
32 c->h[0]=0x6a09e667UL; c->h[1]=0xbb67ae85UL;
33 c->h[2]=0x3c6ef372UL; c->h[3]=0xa54ff53aUL;
34 c->h[4]=0x510e527fUL; c->h[5]=0x9b05688cUL;
35 c->h[6]=0x1f83d9abUL; c->h[7]=0x5be0cd19UL;
36 c->Nl=0; c->Nh=0;
37 c->num=0; c->md_len=SHA256_DIGEST_LENGTH;
38 return 1;
39 }
40
41unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md)
42 {
43 SHA256_CTX c;
44 static unsigned char m[SHA224_DIGEST_LENGTH];
45
46 if (md == NULL) md=m;
47 SHA224_Init(&c);
48 SHA256_Update(&c,d,n);
49 SHA256_Final(md,&c);
50 OPENSSL_cleanse(&c,sizeof(c));
51 return(md);
52 }
53
54unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md)
55 {
56 SHA256_CTX c;
57 static unsigned char m[SHA256_DIGEST_LENGTH];
58
59 if (md == NULL) md=m;
60 SHA256_Init(&c);
61 SHA256_Update(&c,d,n);
62 SHA256_Final(md,&c);
63 OPENSSL_cleanse(&c,sizeof(c));
64 return(md);
65 }
66
67int SHA224_Update(SHA256_CTX *c, const void *data, size_t len)
68{ return SHA256_Update (c,data,len); }
69int SHA224_Final (unsigned char *md, SHA256_CTX *c)
70{ return SHA256_Final (md,c); }
71
72#define DATA_ORDER_IS_BIG_ENDIAN
73
74#define HASH_LONG SHA_LONG
75#define HASH_CTX SHA256_CTX
76#define HASH_CBLOCK SHA_CBLOCK
77/*
78 * Note that FIPS180-2 discusses "Truncation of the Hash Function Output."
79 * default: case below covers for it. It's not clear however if it's
80 * permitted to truncate to amount of bytes not divisible by 4. I bet not,
81 * but if it is, then default: case shall be extended. For reference.
82 * Idea behind separate cases for pre-defined lenghts is to let the
83 * compiler decide if it's appropriate to unroll small loops.
84 */
85#define HASH_MAKE_STRING(c,s) do { \
86 unsigned long ll; \
87 unsigned int xn; \
88 switch ((c)->md_len) \
89 { case SHA224_DIGEST_LENGTH: \
90 for (xn=0;xn<SHA224_DIGEST_LENGTH/4;xn++) \
91 { ll=(c)->h[xn]; HOST_l2c(ll,(s)); } \
92 break; \
93 case SHA256_DIGEST_LENGTH: \
94 for (xn=0;xn<SHA256_DIGEST_LENGTH/4;xn++) \
95 { ll=(c)->h[xn]; HOST_l2c(ll,(s)); } \
96 break; \
97 default: \
98 if ((c)->md_len > SHA256_DIGEST_LENGTH) \
99 return 0; \
100 for (xn=0;xn<(c)->md_len/4;xn++) \
101 { ll=(c)->h[xn]; HOST_l2c(ll,(s)); } \
102 break; \
103 } \
104 } while (0)
105
106#define HASH_UPDATE SHA256_Update
107#define HASH_TRANSFORM SHA256_Transform
108#define HASH_FINAL SHA256_Final
109#define HASH_BLOCK_DATA_ORDER sha256_block_data_order
110#ifndef SHA256_ASM
111static
112#endif
113void sha256_block_data_order (SHA256_CTX *ctx, const void *in, size_t num);
114
115#include "md32_common.h"
116
117#ifndef SHA256_ASM
118static const SHA_LONG K256[64] = {
119 0x428a2f98UL,0x71374491UL,0xb5c0fbcfUL,0xe9b5dba5UL,
120 0x3956c25bUL,0x59f111f1UL,0x923f82a4UL,0xab1c5ed5UL,
121 0xd807aa98UL,0x12835b01UL,0x243185beUL,0x550c7dc3UL,
122 0x72be5d74UL,0x80deb1feUL,0x9bdc06a7UL,0xc19bf174UL,
123 0xe49b69c1UL,0xefbe4786UL,0x0fc19dc6UL,0x240ca1ccUL,
124 0x2de92c6fUL,0x4a7484aaUL,0x5cb0a9dcUL,0x76f988daUL,
125 0x983e5152UL,0xa831c66dUL,0xb00327c8UL,0xbf597fc7UL,
126 0xc6e00bf3UL,0xd5a79147UL,0x06ca6351UL,0x14292967UL,
127 0x27b70a85UL,0x2e1b2138UL,0x4d2c6dfcUL,0x53380d13UL,
128 0x650a7354UL,0x766a0abbUL,0x81c2c92eUL,0x92722c85UL,
129 0xa2bfe8a1UL,0xa81a664bUL,0xc24b8b70UL,0xc76c51a3UL,
130 0xd192e819UL,0xd6990624UL,0xf40e3585UL,0x106aa070UL,
131 0x19a4c116UL,0x1e376c08UL,0x2748774cUL,0x34b0bcb5UL,
132 0x391c0cb3UL,0x4ed8aa4aUL,0x5b9cca4fUL,0x682e6ff3UL,
133 0x748f82eeUL,0x78a5636fUL,0x84c87814UL,0x8cc70208UL,
134 0x90befffaUL,0xa4506cebUL,0xbef9a3f7UL,0xc67178f2UL };
135
136/*
137 * FIPS specification refers to right rotations, while our ROTATE macro
138 * is left one. This is why you might notice that rotation coefficients
139 * differ from those observed in FIPS document by 32-N...
140 */
141#define Sigma0(x) (ROTATE((x),30) ^ ROTATE((x),19) ^ ROTATE((x),10))
142#define Sigma1(x) (ROTATE((x),26) ^ ROTATE((x),21) ^ ROTATE((x),7))
143#define sigma0(x) (ROTATE((x),25) ^ ROTATE((x),14) ^ ((x)>>3))
144#define sigma1(x) (ROTATE((x),15) ^ ROTATE((x),13) ^ ((x)>>10))
145
146#define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z)))
147#define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
148
149#ifdef OPENSSL_SMALL_FOOTPRINT
150
151static void sha256_block_data_order (SHA256_CTX *ctx, const void *in, size_t num)
152 {
153 unsigned MD32_REG_T a,b,c,d,e,f,g,h,s0,s1,T1,T2;
154 SHA_LONG X[16],l;
155 int i;
156 const unsigned char *data=in;
157
158 while (num--) {
159
160 a = ctx->h[0]; b = ctx->h[1]; c = ctx->h[2]; d = ctx->h[3];
161 e = ctx->h[4]; f = ctx->h[5]; g = ctx->h[6]; h = ctx->h[7];
162
163 for (i=0;i<16;i++)
164 {
165 HOST_c2l(data,l); T1 = X[i] = l;
166 T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i];
167 T2 = Sigma0(a) + Maj(a,b,c);
168 h = g; g = f; f = e; e = d + T1;
169 d = c; c = b; b = a; a = T1 + T2;
170 }
171
172 for (;i<64;i++)
173 {
174 s0 = X[(i+1)&0x0f]; s0 = sigma0(s0);
175 s1 = X[(i+14)&0x0f]; s1 = sigma1(s1);
176
177 T1 = X[i&0xf] += s0 + s1 + X[(i+9)&0xf];
178 T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i];
179 T2 = Sigma0(a) + Maj(a,b,c);
180 h = g; g = f; f = e; e = d + T1;
181 d = c; c = b; b = a; a = T1 + T2;
182 }
183
184 ctx->h[0] += a; ctx->h[1] += b; ctx->h[2] += c; ctx->h[3] += d;
185 ctx->h[4] += e; ctx->h[5] += f; ctx->h[6] += g; ctx->h[7] += h;
186
187 }
188}
189
190#else
191
192#define ROUND_00_15(i,a,b,c,d,e,f,g,h) do { \
193 T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i]; \
194 h = Sigma0(a) + Maj(a,b,c); \
195 d += T1; h += T1; } while (0)
196
197#define ROUND_16_63(i,a,b,c,d,e,f,g,h,X) do { \
198 s0 = X[(i+1)&0x0f]; s0 = sigma0(s0); \
199 s1 = X[(i+14)&0x0f]; s1 = sigma1(s1); \
200 T1 = X[(i)&0x0f] += s0 + s1 + X[(i+9)&0x0f]; \
201 ROUND_00_15(i,a,b,c,d,e,f,g,h); } while (0)
202
203static void sha256_block_data_order (SHA256_CTX *ctx, const void *in, size_t num)
204 {
205 unsigned MD32_REG_T a,b,c,d,e,f,g,h,s0,s1,T1;
206 SHA_LONG X[16];
207 int i;
208 const unsigned char *data=in;
209 const union { long one; char little; } is_endian = {1};
210
211 while (num--) {
212
213 a = ctx->h[0]; b = ctx->h[1]; c = ctx->h[2]; d = ctx->h[3];
214 e = ctx->h[4]; f = ctx->h[5]; g = ctx->h[6]; h = ctx->h[7];
215
216 if (!is_endian.little && sizeof(SHA_LONG)==4 && ((size_t)in%4)==0)
217 {
218 const SHA_LONG *W=(const SHA_LONG *)data;
219
220 T1 = X[0] = W[0]; ROUND_00_15(0,a,b,c,d,e,f,g,h);
221 T1 = X[1] = W[1]; ROUND_00_15(1,h,a,b,c,d,e,f,g);
222 T1 = X[2] = W[2]; ROUND_00_15(2,g,h,a,b,c,d,e,f);
223 T1 = X[3] = W[3]; ROUND_00_15(3,f,g,h,a,b,c,d,e);
224 T1 = X[4] = W[4]; ROUND_00_15(4,e,f,g,h,a,b,c,d);
225 T1 = X[5] = W[5]; ROUND_00_15(5,d,e,f,g,h,a,b,c);
226 T1 = X[6] = W[6]; ROUND_00_15(6,c,d,e,f,g,h,a,b);
227 T1 = X[7] = W[7]; ROUND_00_15(7,b,c,d,e,f,g,h,a);
228 T1 = X[8] = W[8]; ROUND_00_15(8,a,b,c,d,e,f,g,h);
229 T1 = X[9] = W[9]; ROUND_00_15(9,h,a,b,c,d,e,f,g);
230 T1 = X[10] = W[10]; ROUND_00_15(10,g,h,a,b,c,d,e,f);
231 T1 = X[11] = W[11]; ROUND_00_15(11,f,g,h,a,b,c,d,e);
232 T1 = X[12] = W[12]; ROUND_00_15(12,e,f,g,h,a,b,c,d);
233 T1 = X[13] = W[13]; ROUND_00_15(13,d,e,f,g,h,a,b,c);
234 T1 = X[14] = W[14]; ROUND_00_15(14,c,d,e,f,g,h,a,b);
235 T1 = X[15] = W[15]; ROUND_00_15(15,b,c,d,e,f,g,h,a);
236
237 data += SHA256_CBLOCK;
238 }
239 else
240 {
241 SHA_LONG l;
242
243 HOST_c2l(data,l); T1 = X[0] = l; ROUND_00_15(0,a,b,c,d,e,f,g,h);
244 HOST_c2l(data,l); T1 = X[1] = l; ROUND_00_15(1,h,a,b,c,d,e,f,g);
245 HOST_c2l(data,l); T1 = X[2] = l; ROUND_00_15(2,g,h,a,b,c,d,e,f);
246 HOST_c2l(data,l); T1 = X[3] = l; ROUND_00_15(3,f,g,h,a,b,c,d,e);
247 HOST_c2l(data,l); T1 = X[4] = l; ROUND_00_15(4,e,f,g,h,a,b,c,d);
248 HOST_c2l(data,l); T1 = X[5] = l; ROUND_00_15(5,d,e,f,g,h,a,b,c);
249 HOST_c2l(data,l); T1 = X[6] = l; ROUND_00_15(6,c,d,e,f,g,h,a,b);
250 HOST_c2l(data,l); T1 = X[7] = l; ROUND_00_15(7,b,c,d,e,f,g,h,a);
251 HOST_c2l(data,l); T1 = X[8] = l; ROUND_00_15(8,a,b,c,d,e,f,g,h);
252 HOST_c2l(data,l); T1 = X[9] = l; ROUND_00_15(9,h,a,b,c,d,e,f,g);
253 HOST_c2l(data,l); T1 = X[10] = l; ROUND_00_15(10,g,h,a,b,c,d,e,f);
254 HOST_c2l(data,l); T1 = X[11] = l; ROUND_00_15(11,f,g,h,a,b,c,d,e);
255 HOST_c2l(data,l); T1 = X[12] = l; ROUND_00_15(12,e,f,g,h,a,b,c,d);
256 HOST_c2l(data,l); T1 = X[13] = l; ROUND_00_15(13,d,e,f,g,h,a,b,c);
257 HOST_c2l(data,l); T1 = X[14] = l; ROUND_00_15(14,c,d,e,f,g,h,a,b);
258 HOST_c2l(data,l); T1 = X[15] = l; ROUND_00_15(15,b,c,d,e,f,g,h,a);
259 }
260
261 for (i=16;i<64;i+=8)
262 {
263 ROUND_16_63(i+0,a,b,c,d,e,f,g,h,X);
264 ROUND_16_63(i+1,h,a,b,c,d,e,f,g,X);
265 ROUND_16_63(i+2,g,h,a,b,c,d,e,f,X);
266 ROUND_16_63(i+3,f,g,h,a,b,c,d,e,X);
267 ROUND_16_63(i+4,e,f,g,h,a,b,c,d,X);
268 ROUND_16_63(i+5,d,e,f,g,h,a,b,c,X);
269 ROUND_16_63(i+6,c,d,e,f,g,h,a,b,X);
270 ROUND_16_63(i+7,b,c,d,e,f,g,h,a,X);
271 }
272
273 ctx->h[0] += a; ctx->h[1] += b; ctx->h[2] += c; ctx->h[3] += d;
274 ctx->h[4] += e; ctx->h[5] += f; ctx->h[6] += g; ctx->h[7] += h;
275
276 }
277 }
278
279#endif
280#endif /* SHA256_ASM */
281
282#endif /* OPENSSL_NO_SHA256 */
diff --git a/src/lib/libcrypto/sha/sha512.c b/src/lib/libcrypto/sha/sha512.c
new file mode 100644
index 0000000000..987fc07c99
--- /dev/null
+++ b/src/lib/libcrypto/sha/sha512.c
@@ -0,0 +1,537 @@
1/* crypto/sha/sha512.c */
2/* ====================================================================
3 * Copyright (c) 2004 The OpenSSL Project. All rights reserved
4 * according to the OpenSSL license [found in ../../LICENSE].
5 * ====================================================================
6 */
7#include <openssl/opensslconf.h>
8#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA512)
9/*
10 * IMPLEMENTATION NOTES.
11 *
12 * As you might have noticed 32-bit hash algorithms:
13 *
14 * - permit SHA_LONG to be wider than 32-bit (case on CRAY);
15 * - optimized versions implement two transform functions: one operating
16 * on [aligned] data in host byte order and one - on data in input
17 * stream byte order;
18 * - share common byte-order neutral collector and padding function
19 * implementations, ../md32_common.h;
20 *
21 * Neither of the above applies to this SHA-512 implementations. Reasons
22 * [in reverse order] are:
23 *
24 * - it's the only 64-bit hash algorithm for the moment of this writing,
25 * there is no need for common collector/padding implementation [yet];
26 * - by supporting only one transform function [which operates on
27 * *aligned* data in input stream byte order, big-endian in this case]
28 * we minimize burden of maintenance in two ways: a) collector/padding
29 * function is simpler; b) only one transform function to stare at;
30 * - SHA_LONG64 is required to be exactly 64-bit in order to be able to
31 * apply a number of optimizations to mitigate potential performance
32 * penalties caused by previous design decision;
33 *
34 * Caveat lector.
35 *
36 * Implementation relies on the fact that "long long" is 64-bit on
37 * both 32- and 64-bit platforms. If some compiler vendor comes up
38 * with 128-bit long long, adjustment to sha.h would be required.
39 * As this implementation relies on 64-bit integer type, it's totally
40 * inappropriate for platforms which don't support it, most notably
41 * 16-bit platforms.
42 * <appro@fy.chalmers.se>
43 */
44#include <stdlib.h>
45#include <string.h>
46
47#include <openssl/crypto.h>
48#include <openssl/sha.h>
49#include <openssl/opensslv.h>
50
51#include "cryptlib.h"
52
53const char SHA512_version[]="SHA-512" OPENSSL_VERSION_PTEXT;
54
55#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \
56 defined(__x86_64) || defined(_M_AMD64) || defined(_M_X64) || \
57 defined(__s390__) || defined(__s390x__) || \
58 defined(SHA512_ASM)
59#define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA
60#endif
61
62int SHA384_Init (SHA512_CTX *c)
63 {
64 c->h[0]=U64(0xcbbb9d5dc1059ed8);
65 c->h[1]=U64(0x629a292a367cd507);
66 c->h[2]=U64(0x9159015a3070dd17);
67 c->h[3]=U64(0x152fecd8f70e5939);
68 c->h[4]=U64(0x67332667ffc00b31);
69 c->h[5]=U64(0x8eb44a8768581511);
70 c->h[6]=U64(0xdb0c2e0d64f98fa7);
71 c->h[7]=U64(0x47b5481dbefa4fa4);
72 c->Nl=0; c->Nh=0;
73 c->num=0; c->md_len=SHA384_DIGEST_LENGTH;
74 return 1;
75 }
76
77int SHA512_Init (SHA512_CTX *c)
78 {
79 c->h[0]=U64(0x6a09e667f3bcc908);
80 c->h[1]=U64(0xbb67ae8584caa73b);
81 c->h[2]=U64(0x3c6ef372fe94f82b);
82 c->h[3]=U64(0xa54ff53a5f1d36f1);
83 c->h[4]=U64(0x510e527fade682d1);
84 c->h[5]=U64(0x9b05688c2b3e6c1f);
85 c->h[6]=U64(0x1f83d9abfb41bd6b);
86 c->h[7]=U64(0x5be0cd19137e2179);
87 c->Nl=0; c->Nh=0;
88 c->num=0; c->md_len=SHA512_DIGEST_LENGTH;
89 return 1;
90 }
91
92#ifndef SHA512_ASM
93static
94#endif
95void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num);
96
97int SHA512_Final (unsigned char *md, SHA512_CTX *c)
98 {
99 unsigned char *p=(unsigned char *)c->u.p;
100 size_t n=c->num;
101
102 p[n]=0x80; /* There always is a room for one */
103 n++;
104 if (n > (sizeof(c->u)-16))
105 memset (p+n,0,sizeof(c->u)-n), n=0,
106 sha512_block_data_order (c,p,1);
107
108 memset (p+n,0,sizeof(c->u)-16-n);
109#ifdef B_ENDIAN
110 c->u.d[SHA_LBLOCK-2] = c->Nh;
111 c->u.d[SHA_LBLOCK-1] = c->Nl;
112#else
113 p[sizeof(c->u)-1] = (unsigned char)(c->Nl);
114 p[sizeof(c->u)-2] = (unsigned char)(c->Nl>>8);
115 p[sizeof(c->u)-3] = (unsigned char)(c->Nl>>16);
116 p[sizeof(c->u)-4] = (unsigned char)(c->Nl>>24);
117 p[sizeof(c->u)-5] = (unsigned char)(c->Nl>>32);
118 p[sizeof(c->u)-6] = (unsigned char)(c->Nl>>40);
119 p[sizeof(c->u)-7] = (unsigned char)(c->Nl>>48);
120 p[sizeof(c->u)-8] = (unsigned char)(c->Nl>>56);
121 p[sizeof(c->u)-9] = (unsigned char)(c->Nh);
122 p[sizeof(c->u)-10] = (unsigned char)(c->Nh>>8);
123 p[sizeof(c->u)-11] = (unsigned char)(c->Nh>>16);
124 p[sizeof(c->u)-12] = (unsigned char)(c->Nh>>24);
125 p[sizeof(c->u)-13] = (unsigned char)(c->Nh>>32);
126 p[sizeof(c->u)-14] = (unsigned char)(c->Nh>>40);
127 p[sizeof(c->u)-15] = (unsigned char)(c->Nh>>48);
128 p[sizeof(c->u)-16] = (unsigned char)(c->Nh>>56);
129#endif
130
131 sha512_block_data_order (c,p,1);
132
133 if (md==0) return 0;
134
135 switch (c->md_len)
136 {
137 /* Let compiler decide if it's appropriate to unroll... */
138 case SHA384_DIGEST_LENGTH:
139 for (n=0;n<SHA384_DIGEST_LENGTH/8;n++)
140 {
141 SHA_LONG64 t = c->h[n];
142
143 *(md++) = (unsigned char)(t>>56);
144 *(md++) = (unsigned char)(t>>48);
145 *(md++) = (unsigned char)(t>>40);
146 *(md++) = (unsigned char)(t>>32);
147 *(md++) = (unsigned char)(t>>24);
148 *(md++) = (unsigned char)(t>>16);
149 *(md++) = (unsigned char)(t>>8);
150 *(md++) = (unsigned char)(t);
151 }
152 break;
153 case SHA512_DIGEST_LENGTH:
154 for (n=0;n<SHA512_DIGEST_LENGTH/8;n++)
155 {
156 SHA_LONG64 t = c->h[n];
157
158 *(md++) = (unsigned char)(t>>56);
159 *(md++) = (unsigned char)(t>>48);
160 *(md++) = (unsigned char)(t>>40);
161 *(md++) = (unsigned char)(t>>32);
162 *(md++) = (unsigned char)(t>>24);
163 *(md++) = (unsigned char)(t>>16);
164 *(md++) = (unsigned char)(t>>8);
165 *(md++) = (unsigned char)(t);
166 }
167 break;
168 /* ... as well as make sure md_len is not abused. */
169 default: return 0;
170 }
171
172 return 1;
173 }
174
175int SHA384_Final (unsigned char *md,SHA512_CTX *c)
176{ return SHA512_Final (md,c); }
177
178int SHA512_Update (SHA512_CTX *c, const void *_data, size_t len)
179 {
180 SHA_LONG64 l;
181 unsigned char *p=c->u.p;
182 const unsigned char *data=(const unsigned char *)_data;
183
184 if (len==0) return 1;
185
186 l = (c->Nl+(((SHA_LONG64)len)<<3))&U64(0xffffffffffffffff);
187 if (l < c->Nl) c->Nh++;
188 if (sizeof(len)>=8) c->Nh+=(((SHA_LONG64)len)>>61);
189 c->Nl=l;
190
191 if (c->num != 0)
192 {
193 size_t n = sizeof(c->u) - c->num;
194
195 if (len < n)
196 {
197 memcpy (p+c->num,data,len), c->num += len;
198 return 1;
199 }
200 else {
201 memcpy (p+c->num,data,n), c->num = 0;
202 len-=n, data+=n;
203 sha512_block_data_order (c,p,1);
204 }
205 }
206
207 if (len >= sizeof(c->u))
208 {
209#ifndef SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA
210 if ((size_t)data%sizeof(c->u.d[0]) != 0)
211 while (len >= sizeof(c->u))
212 memcpy (p,data,sizeof(c->u)),
213 sha512_block_data_order (c,p,1),
214 len -= sizeof(c->u),
215 data += sizeof(c->u);
216 else
217#endif
218 sha512_block_data_order (c,data,len/sizeof(c->u)),
219 data += len,
220 len %= sizeof(c->u),
221 data -= len;
222 }
223
224 if (len != 0) memcpy (p,data,len), c->num = (int)len;
225
226 return 1;
227 }
228
229int SHA384_Update (SHA512_CTX *c, const void *data, size_t len)
230{ return SHA512_Update (c,data,len); }
231
232void SHA512_Transform (SHA512_CTX *c, const unsigned char *data)
233{ sha512_block_data_order (c,data,1); }
234
235unsigned char *SHA384(const unsigned char *d, size_t n, unsigned char *md)
236 {
237 SHA512_CTX c;
238 static unsigned char m[SHA384_DIGEST_LENGTH];
239
240 if (md == NULL) md=m;
241 SHA384_Init(&c);
242 SHA512_Update(&c,d,n);
243 SHA512_Final(md,&c);
244 OPENSSL_cleanse(&c,sizeof(c));
245 return(md);
246 }
247
248unsigned char *SHA512(const unsigned char *d, size_t n, unsigned char *md)
249 {
250 SHA512_CTX c;
251 static unsigned char m[SHA512_DIGEST_LENGTH];
252
253 if (md == NULL) md=m;
254 SHA512_Init(&c);
255 SHA512_Update(&c,d,n);
256 SHA512_Final(md,&c);
257 OPENSSL_cleanse(&c,sizeof(c));
258 return(md);
259 }
260
261#ifndef SHA512_ASM
262static const SHA_LONG64 K512[80] = {
263 U64(0x428a2f98d728ae22),U64(0x7137449123ef65cd),
264 U64(0xb5c0fbcfec4d3b2f),U64(0xe9b5dba58189dbbc),
265 U64(0x3956c25bf348b538),U64(0x59f111f1b605d019),
266 U64(0x923f82a4af194f9b),U64(0xab1c5ed5da6d8118),
267 U64(0xd807aa98a3030242),U64(0x12835b0145706fbe),
268 U64(0x243185be4ee4b28c),U64(0x550c7dc3d5ffb4e2),
269 U64(0x72be5d74f27b896f),U64(0x80deb1fe3b1696b1),
270 U64(0x9bdc06a725c71235),U64(0xc19bf174cf692694),
271 U64(0xe49b69c19ef14ad2),U64(0xefbe4786384f25e3),
272 U64(0x0fc19dc68b8cd5b5),U64(0x240ca1cc77ac9c65),
273 U64(0x2de92c6f592b0275),U64(0x4a7484aa6ea6e483),
274 U64(0x5cb0a9dcbd41fbd4),U64(0x76f988da831153b5),
275 U64(0x983e5152ee66dfab),U64(0xa831c66d2db43210),
276 U64(0xb00327c898fb213f),U64(0xbf597fc7beef0ee4),
277 U64(0xc6e00bf33da88fc2),U64(0xd5a79147930aa725),
278 U64(0x06ca6351e003826f),U64(0x142929670a0e6e70),
279 U64(0x27b70a8546d22ffc),U64(0x2e1b21385c26c926),
280 U64(0x4d2c6dfc5ac42aed),U64(0x53380d139d95b3df),
281 U64(0x650a73548baf63de),U64(0x766a0abb3c77b2a8),
282 U64(0x81c2c92e47edaee6),U64(0x92722c851482353b),
283 U64(0xa2bfe8a14cf10364),U64(0xa81a664bbc423001),
284 U64(0xc24b8b70d0f89791),U64(0xc76c51a30654be30),
285 U64(0xd192e819d6ef5218),U64(0xd69906245565a910),
286 U64(0xf40e35855771202a),U64(0x106aa07032bbd1b8),
287 U64(0x19a4c116b8d2d0c8),U64(0x1e376c085141ab53),
288 U64(0x2748774cdf8eeb99),U64(0x34b0bcb5e19b48a8),
289 U64(0x391c0cb3c5c95a63),U64(0x4ed8aa4ae3418acb),
290 U64(0x5b9cca4f7763e373),U64(0x682e6ff3d6b2b8a3),
291 U64(0x748f82ee5defb2fc),U64(0x78a5636f43172f60),
292 U64(0x84c87814a1f0ab72),U64(0x8cc702081a6439ec),
293 U64(0x90befffa23631e28),U64(0xa4506cebde82bde9),
294 U64(0xbef9a3f7b2c67915),U64(0xc67178f2e372532b),
295 U64(0xca273eceea26619c),U64(0xd186b8c721c0c207),
296 U64(0xeada7dd6cde0eb1e),U64(0xf57d4f7fee6ed178),
297 U64(0x06f067aa72176fba),U64(0x0a637dc5a2c898a6),
298 U64(0x113f9804bef90dae),U64(0x1b710b35131c471b),
299 U64(0x28db77f523047d84),U64(0x32caab7b40c72493),
300 U64(0x3c9ebe0a15c9bebc),U64(0x431d67c49c100d4c),
301 U64(0x4cc5d4becb3e42b6),U64(0x597f299cfc657e2a),
302 U64(0x5fcb6fab3ad6faec),U64(0x6c44198c4a475817) };
303
304#ifndef PEDANTIC
305# if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
306# if defined(__x86_64) || defined(__x86_64__)
307# define ROTR(a,n) ({ unsigned long ret; \
308 asm ("rorq %1,%0" \
309 : "=r"(ret) \
310 : "J"(n),"0"(a) \
311 : "cc"); ret; })
312# if !defined(B_ENDIAN)
313# define PULL64(x) ({ SHA_LONG64 ret=*((const SHA_LONG64 *)(&(x))); \
314 asm ("bswapq %0" \
315 : "=r"(ret) \
316 : "0"(ret)); ret; })
317# endif
318# elif (defined(__i386) || defined(__i386__)) && !defined(B_ENDIAN)
319# if defined(I386_ONLY)
320# define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\
321 unsigned int hi=p[0],lo=p[1]; \
322 asm("xchgb %%ah,%%al;xchgb %%dh,%%dl;"\
323 "roll $16,%%eax; roll $16,%%edx; "\
324 "xchgb %%ah,%%al;xchgb %%dh,%%dl;" \
325 : "=a"(lo),"=d"(hi) \
326 : "0"(lo),"1"(hi) : "cc"); \
327 ((SHA_LONG64)hi)<<32|lo; })
328# else
329# define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\
330 unsigned int hi=p[0],lo=p[1]; \
331 asm ("bswapl %0; bswapl %1;" \
332 : "=r"(lo),"=r"(hi) \
333 : "0"(lo),"1"(hi)); \
334 ((SHA_LONG64)hi)<<32|lo; })
335# endif
336# elif (defined(_ARCH_PPC) && defined(__64BIT__)) || defined(_ARCH_PPC64)
337# define ROTR(a,n) ({ unsigned long ret; \
338 asm ("rotrdi %0,%1,%2" \
339 : "=r"(ret) \
340 : "r"(a),"K"(n)); ret; })
341# endif
342# elif defined(_MSC_VER)
343# if defined(_WIN64) /* applies to both IA-64 and AMD64 */
344# define ROTR(a,n) _rotr64((a),n)
345# endif
346# if defined(_M_IX86) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
347# if defined(I386_ONLY)
348 static SHA_LONG64 __fastcall __pull64be(const void *x)
349 { _asm mov edx, [ecx + 0]
350 _asm mov eax, [ecx + 4]
351 _asm xchg dh,dl
352 _asm xchg ah,al
353 _asm rol edx,16
354 _asm rol eax,16
355 _asm xchg dh,dl
356 _asm xchg ah,al
357 }
358# else
359 static SHA_LONG64 __fastcall __pull64be(const void *x)
360 { _asm mov edx, [ecx + 0]
361 _asm mov eax, [ecx + 4]
362 _asm bswap edx
363 _asm bswap eax
364 }
365# endif
366# define PULL64(x) __pull64be(&(x))
367# if _MSC_VER<=1200
368# pragma inline_depth(0)
369# endif
370# endif
371# endif
372#endif
373
374#ifndef PULL64
375#define B(x,j) (((SHA_LONG64)(*(((const unsigned char *)(&x))+j)))<<((7-j)*8))
376#define PULL64(x) (B(x,0)|B(x,1)|B(x,2)|B(x,3)|B(x,4)|B(x,5)|B(x,6)|B(x,7))
377#endif
378
379#ifndef ROTR
380#define ROTR(x,s) (((x)>>s) | (x)<<(64-s))
381#endif
382
383#define Sigma0(x) (ROTR((x),28) ^ ROTR((x),34) ^ ROTR((x),39))
384#define Sigma1(x) (ROTR((x),14) ^ ROTR((x),18) ^ ROTR((x),41))
385#define sigma0(x) (ROTR((x),1) ^ ROTR((x),8) ^ ((x)>>7))
386#define sigma1(x) (ROTR((x),19) ^ ROTR((x),61) ^ ((x)>>6))
387
388#define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z)))
389#define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
390
391#if defined(OPENSSL_IA32_SSE2) && !defined(OPENSSL_NO_ASM) && !defined(I386_ONLY)
392#define GO_FOR_SSE2(ctx,in,num) do { \
393 void sha512_block_sse2(void *,const void *,size_t); \
394 if (!(OPENSSL_ia32cap_P & (1<<26))) break; \
395 sha512_block_sse2(ctx->h,in,num); return; \
396 } while (0)
397#endif
398
399#ifdef OPENSSL_SMALL_FOOTPRINT
400
401static void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num)
402 {
403 const SHA_LONG64 *W=in;
404 SHA_LONG64 a,b,c,d,e,f,g,h,s0,s1,T1,T2;
405 SHA_LONG64 X[16];
406 int i;
407
408#ifdef GO_FOR_SSE2
409 GO_FOR_SSE2(ctx,in,num);
410#endif
411
412 while (num--) {
413
414 a = ctx->h[0]; b = ctx->h[1]; c = ctx->h[2]; d = ctx->h[3];
415 e = ctx->h[4]; f = ctx->h[5]; g = ctx->h[6]; h = ctx->h[7];
416
417 for (i=0;i<16;i++)
418 {
419#ifdef B_ENDIAN
420 T1 = X[i] = W[i];
421#else
422 T1 = X[i] = PULL64(W[i]);
423#endif
424 T1 += h + Sigma1(e) + Ch(e,f,g) + K512[i];
425 T2 = Sigma0(a) + Maj(a,b,c);
426 h = g; g = f; f = e; e = d + T1;
427 d = c; c = b; b = a; a = T1 + T2;
428 }
429
430 for (;i<80;i++)
431 {
432 s0 = X[(i+1)&0x0f]; s0 = sigma0(s0);
433 s1 = X[(i+14)&0x0f]; s1 = sigma1(s1);
434
435 T1 = X[i&0xf] += s0 + s1 + X[(i+9)&0xf];
436 T1 += h + Sigma1(e) + Ch(e,f,g) + K512[i];
437 T2 = Sigma0(a) + Maj(a,b,c);
438 h = g; g = f; f = e; e = d + T1;
439 d = c; c = b; b = a; a = T1 + T2;
440 }
441
442 ctx->h[0] += a; ctx->h[1] += b; ctx->h[2] += c; ctx->h[3] += d;
443 ctx->h[4] += e; ctx->h[5] += f; ctx->h[6] += g; ctx->h[7] += h;
444
445 W+=SHA_LBLOCK;
446 }
447 }
448
449#else
450
451#define ROUND_00_15(i,a,b,c,d,e,f,g,h) do { \
452 T1 += h + Sigma1(e) + Ch(e,f,g) + K512[i]; \
453 h = Sigma0(a) + Maj(a,b,c); \
454 d += T1; h += T1; } while (0)
455
456#define ROUND_16_80(i,a,b,c,d,e,f,g,h,X) do { \
457 s0 = X[(i+1)&0x0f]; s0 = sigma0(s0); \
458 s1 = X[(i+14)&0x0f]; s1 = sigma1(s1); \
459 T1 = X[(i)&0x0f] += s0 + s1 + X[(i+9)&0x0f]; \
460 ROUND_00_15(i,a,b,c,d,e,f,g,h); } while (0)
461
462static void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num)
463 {
464 const SHA_LONG64 *W=in;
465 SHA_LONG64 a,b,c,d,e,f,g,h,s0,s1,T1;
466 SHA_LONG64 X[16];
467 int i;
468
469#ifdef GO_FOR_SSE2
470 GO_FOR_SSE2(ctx,in,num);
471#endif
472
473 while (num--) {
474
475 a = ctx->h[0]; b = ctx->h[1]; c = ctx->h[2]; d = ctx->h[3];
476 e = ctx->h[4]; f = ctx->h[5]; g = ctx->h[6]; h = ctx->h[7];
477
478#ifdef B_ENDIAN
479 T1 = X[0] = W[0]; ROUND_00_15(0,a,b,c,d,e,f,g,h);
480 T1 = X[1] = W[1]; ROUND_00_15(1,h,a,b,c,d,e,f,g);
481 T1 = X[2] = W[2]; ROUND_00_15(2,g,h,a,b,c,d,e,f);
482 T1 = X[3] = W[3]; ROUND_00_15(3,f,g,h,a,b,c,d,e);
483 T1 = X[4] = W[4]; ROUND_00_15(4,e,f,g,h,a,b,c,d);
484 T1 = X[5] = W[5]; ROUND_00_15(5,d,e,f,g,h,a,b,c);
485 T1 = X[6] = W[6]; ROUND_00_15(6,c,d,e,f,g,h,a,b);
486 T1 = X[7] = W[7]; ROUND_00_15(7,b,c,d,e,f,g,h,a);
487 T1 = X[8] = W[8]; ROUND_00_15(8,a,b,c,d,e,f,g,h);
488 T1 = X[9] = W[9]; ROUND_00_15(9,h,a,b,c,d,e,f,g);
489 T1 = X[10] = W[10]; ROUND_00_15(10,g,h,a,b,c,d,e,f);
490 T1 = X[11] = W[11]; ROUND_00_15(11,f,g,h,a,b,c,d,e);
491 T1 = X[12] = W[12]; ROUND_00_15(12,e,f,g,h,a,b,c,d);
492 T1 = X[13] = W[13]; ROUND_00_15(13,d,e,f,g,h,a,b,c);
493 T1 = X[14] = W[14]; ROUND_00_15(14,c,d,e,f,g,h,a,b);
494 T1 = X[15] = W[15]; ROUND_00_15(15,b,c,d,e,f,g,h,a);
495#else
496 T1 = X[0] = PULL64(W[0]); ROUND_00_15(0,a,b,c,d,e,f,g,h);
497 T1 = X[1] = PULL64(W[1]); ROUND_00_15(1,h,a,b,c,d,e,f,g);
498 T1 = X[2] = PULL64(W[2]); ROUND_00_15(2,g,h,a,b,c,d,e,f);
499 T1 = X[3] = PULL64(W[3]); ROUND_00_15(3,f,g,h,a,b,c,d,e);
500 T1 = X[4] = PULL64(W[4]); ROUND_00_15(4,e,f,g,h,a,b,c,d);
501 T1 = X[5] = PULL64(W[5]); ROUND_00_15(5,d,e,f,g,h,a,b,c);
502 T1 = X[6] = PULL64(W[6]); ROUND_00_15(6,c,d,e,f,g,h,a,b);
503 T1 = X[7] = PULL64(W[7]); ROUND_00_15(7,b,c,d,e,f,g,h,a);
504 T1 = X[8] = PULL64(W[8]); ROUND_00_15(8,a,b,c,d,e,f,g,h);
505 T1 = X[9] = PULL64(W[9]); ROUND_00_15(9,h,a,b,c,d,e,f,g);
506 T1 = X[10] = PULL64(W[10]); ROUND_00_15(10,g,h,a,b,c,d,e,f);
507 T1 = X[11] = PULL64(W[11]); ROUND_00_15(11,f,g,h,a,b,c,d,e);
508 T1 = X[12] = PULL64(W[12]); ROUND_00_15(12,e,f,g,h,a,b,c,d);
509 T1 = X[13] = PULL64(W[13]); ROUND_00_15(13,d,e,f,g,h,a,b,c);
510 T1 = X[14] = PULL64(W[14]); ROUND_00_15(14,c,d,e,f,g,h,a,b);
511 T1 = X[15] = PULL64(W[15]); ROUND_00_15(15,b,c,d,e,f,g,h,a);
512#endif
513
514 for (i=16;i<80;i+=8)
515 {
516 ROUND_16_80(i+0,a,b,c,d,e,f,g,h,X);
517 ROUND_16_80(i+1,h,a,b,c,d,e,f,g,X);
518 ROUND_16_80(i+2,g,h,a,b,c,d,e,f,X);
519 ROUND_16_80(i+3,f,g,h,a,b,c,d,e,X);
520 ROUND_16_80(i+4,e,f,g,h,a,b,c,d,X);
521 ROUND_16_80(i+5,d,e,f,g,h,a,b,c,X);
522 ROUND_16_80(i+6,c,d,e,f,g,h,a,b,X);
523 ROUND_16_80(i+7,b,c,d,e,f,g,h,a,X);
524 }
525
526 ctx->h[0] += a; ctx->h[1] += b; ctx->h[2] += c; ctx->h[3] += d;
527 ctx->h[4] += e; ctx->h[5] += f; ctx->h[6] += g; ctx->h[7] += h;
528
529 W+=SHA_LBLOCK;
530 }
531 }
532
533#endif
534
535#endif /* SHA512_ASM */
536
537#endif /* OPENSSL_NO_SHA512 */
diff --git a/src/lib/libcrypto/sha/sha_dgst.c b/src/lib/libcrypto/sha/sha_dgst.c
new file mode 100644
index 0000000000..70eb56032c
--- /dev/null
+++ b/src/lib/libcrypto/sha/sha_dgst.c
@@ -0,0 +1,74 @@
1/* crypto/sha/sha1dgst.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <openssl/opensslconf.h>
60#if !defined(OPENSSL_NO_SHA0) && !defined(OPENSSL_NO_SHA)
61
62#undef SHA_1
63#define SHA_0
64
65#include <openssl/opensslv.h>
66
67const char SHA_version[]="SHA" OPENSSL_VERSION_PTEXT;
68
69/* The implementation is in ../md32_common.h */
70
71#include "sha_locl.h"
72
73#endif
74
diff --git a/src/lib/libcrypto/sha/sha_locl.h b/src/lib/libcrypto/sha/sha_locl.h
new file mode 100644
index 0000000000..e37e5726e3
--- /dev/null
+++ b/src/lib/libcrypto/sha/sha_locl.h
@@ -0,0 +1,439 @@
1/* crypto/sha/sha_locl.h */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdlib.h>
60#include <string.h>
61
62#include <openssl/opensslconf.h>
63#include <openssl/sha.h>
64
65#define DATA_ORDER_IS_BIG_ENDIAN
66
67#define HASH_LONG SHA_LONG
68#define HASH_CTX SHA_CTX
69#define HASH_CBLOCK SHA_CBLOCK
70#define HASH_MAKE_STRING(c,s) do { \
71 unsigned long ll; \
72 ll=(c)->h0; HOST_l2c(ll,(s)); \
73 ll=(c)->h1; HOST_l2c(ll,(s)); \
74 ll=(c)->h2; HOST_l2c(ll,(s)); \
75 ll=(c)->h3; HOST_l2c(ll,(s)); \
76 ll=(c)->h4; HOST_l2c(ll,(s)); \
77 } while (0)
78
79#if defined(SHA_0)
80
81# define HASH_UPDATE SHA_Update
82# define HASH_TRANSFORM SHA_Transform
83# define HASH_FINAL SHA_Final
84# define HASH_INIT SHA_Init
85# define HASH_BLOCK_DATA_ORDER sha_block_data_order
86# define Xupdate(a,ix,ia,ib,ic,id) (ix=(a)=(ia^ib^ic^id))
87
88static void sha_block_data_order (SHA_CTX *c, const void *p,size_t num);
89
90#elif defined(SHA_1)
91
92# define HASH_UPDATE SHA1_Update
93# define HASH_TRANSFORM SHA1_Transform
94# define HASH_FINAL SHA1_Final
95# define HASH_INIT SHA1_Init
96# define HASH_BLOCK_DATA_ORDER sha1_block_data_order
97# if defined(__MWERKS__) && defined(__MC68K__)
98 /* Metrowerks for Motorola fails otherwise:-( <appro@fy.chalmers.se> */
99# define Xupdate(a,ix,ia,ib,ic,id) do { (a)=(ia^ib^ic^id); \
100 ix=(a)=ROTATE((a),1); \
101 } while (0)
102# else
103# define Xupdate(a,ix,ia,ib,ic,id) ( (a)=(ia^ib^ic^id), \
104 ix=(a)=ROTATE((a),1) \
105 )
106# endif
107
108#ifndef SHA1_ASM
109static
110#endif
111void sha1_block_data_order (SHA_CTX *c, const void *p,size_t num);
112
113#else
114# error "Either SHA_0 or SHA_1 must be defined."
115#endif
116
117#include "md32_common.h"
118
119#define INIT_DATA_h0 0x67452301UL
120#define INIT_DATA_h1 0xefcdab89UL
121#define INIT_DATA_h2 0x98badcfeUL
122#define INIT_DATA_h3 0x10325476UL
123#define INIT_DATA_h4 0xc3d2e1f0UL
124
125int HASH_INIT (SHA_CTX *c)
126 {
127 c->h0=INIT_DATA_h0;
128 c->h1=INIT_DATA_h1;
129 c->h2=INIT_DATA_h2;
130 c->h3=INIT_DATA_h3;
131 c->h4=INIT_DATA_h4;
132 c->Nl=0;
133 c->Nh=0;
134 c->num=0;
135 return 1;
136 }
137
138#define K_00_19 0x5a827999UL
139#define K_20_39 0x6ed9eba1UL
140#define K_40_59 0x8f1bbcdcUL
141#define K_60_79 0xca62c1d6UL
142
143/* As pointed out by Wei Dai <weidai@eskimo.com>, F() below can be
144 * simplified to the code in F_00_19. Wei attributes these optimisations
145 * to Peter Gutmann's SHS code, and he attributes it to Rich Schroeppel.
146 * #define F(x,y,z) (((x) & (y)) | ((~(x)) & (z)))
147 * I've just become aware of another tweak to be made, again from Wei Dai,
148 * in F_40_59, (x&a)|(y&a) -> (x|y)&a
149 */
150#define F_00_19(b,c,d) ((((c) ^ (d)) & (b)) ^ (d))
151#define F_20_39(b,c,d) ((b) ^ (c) ^ (d))
152#define F_40_59(b,c,d) (((b) & (c)) | (((b)|(c)) & (d)))
153#define F_60_79(b,c,d) F_20_39(b,c,d)
154
155#ifndef OPENSSL_SMALL_FOOTPRINT
156
157#define BODY_00_15(i,a,b,c,d,e,f,xi) \
158 (f)=xi+(e)+K_00_19+ROTATE((a),5)+F_00_19((b),(c),(d)); \
159 (b)=ROTATE((b),30);
160
161#define BODY_16_19(i,a,b,c,d,e,f,xi,xa,xb,xc,xd) \
162 Xupdate(f,xi,xa,xb,xc,xd); \
163 (f)+=(e)+K_00_19+ROTATE((a),5)+F_00_19((b),(c),(d)); \
164 (b)=ROTATE((b),30);
165
166#define BODY_20_31(i,a,b,c,d,e,f,xi,xa,xb,xc,xd) \
167 Xupdate(f,xi,xa,xb,xc,xd); \
168 (f)+=(e)+K_20_39+ROTATE((a),5)+F_20_39((b),(c),(d)); \
169 (b)=ROTATE((b),30);
170
171#define BODY_32_39(i,a,b,c,d,e,f,xa,xb,xc,xd) \
172 Xupdate(f,xa,xa,xb,xc,xd); \
173 (f)+=(e)+K_20_39+ROTATE((a),5)+F_20_39((b),(c),(d)); \
174 (b)=ROTATE((b),30);
175
176#define BODY_40_59(i,a,b,c,d,e,f,xa,xb,xc,xd) \
177 Xupdate(f,xa,xa,xb,xc,xd); \
178 (f)+=(e)+K_40_59+ROTATE((a),5)+F_40_59((b),(c),(d)); \
179 (b)=ROTATE((b),30);
180
181#define BODY_60_79(i,a,b,c,d,e,f,xa,xb,xc,xd) \
182 Xupdate(f,xa,xa,xb,xc,xd); \
183 (f)=xa+(e)+K_60_79+ROTATE((a),5)+F_60_79((b),(c),(d)); \
184 (b)=ROTATE((b),30);
185
186#ifdef X
187#undef X
188#endif
189#ifndef MD32_XARRAY
190 /*
191 * Originally X was an array. As it's automatic it's natural
192 * to expect RISC compiler to accomodate at least part of it in
193 * the register bank, isn't it? Unfortunately not all compilers
194 * "find" this expectation reasonable:-( On order to make such
195 * compilers generate better code I replace X[] with a bunch of
196 * X0, X1, etc. See the function body below...
197 * <appro@fy.chalmers.se>
198 */
199# define X(i) XX##i
200#else
201 /*
202 * However! Some compilers (most notably HP C) get overwhelmed by
203 * that many local variables so that we have to have the way to
204 * fall down to the original behavior.
205 */
206# define X(i) XX[i]
207#endif
208
209#if !defined(SHA_1) || !defined(SHA1_ASM)
210static void HASH_BLOCK_DATA_ORDER (SHA_CTX *c, const void *p, size_t num)
211 {
212 const unsigned char *data=p;
213 register unsigned MD32_REG_T A,B,C,D,E,T,l;
214#ifndef MD32_XARRAY
215 unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7,
216 XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15;
217#else
218 SHA_LONG XX[16];
219#endif
220
221 A=c->h0;
222 B=c->h1;
223 C=c->h2;
224 D=c->h3;
225 E=c->h4;
226
227 for (;;)
228 {
229 const union { long one; char little; } is_endian = {1};
230
231 if (!is_endian.little && sizeof(SHA_LONG)==4 && ((size_t)p%4)==0)
232 {
233 const SHA_LONG *W=(const SHA_LONG *)data;
234
235 X( 0) = W[0]; X( 1) = W[ 1];
236 BODY_00_15( 0,A,B,C,D,E,T,X( 0)); X( 2) = W[ 2];
237 BODY_00_15( 1,T,A,B,C,D,E,X( 1)); X( 3) = W[ 3];
238 BODY_00_15( 2,E,T,A,B,C,D,X( 2)); X( 4) = W[ 4];
239 BODY_00_15( 3,D,E,T,A,B,C,X( 3)); X( 5) = W[ 5];
240 BODY_00_15( 4,C,D,E,T,A,B,X( 4)); X( 6) = W[ 6];
241 BODY_00_15( 5,B,C,D,E,T,A,X( 5)); X( 7) = W[ 7];
242 BODY_00_15( 6,A,B,C,D,E,T,X( 6)); X( 8) = W[ 8];
243 BODY_00_15( 7,T,A,B,C,D,E,X( 7)); X( 9) = W[ 9];
244 BODY_00_15( 8,E,T,A,B,C,D,X( 8)); X(10) = W[10];
245 BODY_00_15( 9,D,E,T,A,B,C,X( 9)); X(11) = W[11];
246 BODY_00_15(10,C,D,E,T,A,B,X(10)); X(12) = W[12];
247 BODY_00_15(11,B,C,D,E,T,A,X(11)); X(13) = W[13];
248 BODY_00_15(12,A,B,C,D,E,T,X(12)); X(14) = W[14];
249 BODY_00_15(13,T,A,B,C,D,E,X(13)); X(15) = W[15];
250 BODY_00_15(14,E,T,A,B,C,D,X(14));
251 BODY_00_15(15,D,E,T,A,B,C,X(15));
252
253 data += SHA_CBLOCK;
254 }
255 else
256 {
257 HOST_c2l(data,l); X( 0)=l; HOST_c2l(data,l); X( 1)=l;
258 BODY_00_15( 0,A,B,C,D,E,T,X( 0)); HOST_c2l(data,l); X( 2)=l;
259 BODY_00_15( 1,T,A,B,C,D,E,X( 1)); HOST_c2l(data,l); X( 3)=l;
260 BODY_00_15( 2,E,T,A,B,C,D,X( 2)); HOST_c2l(data,l); X( 4)=l;
261 BODY_00_15( 3,D,E,T,A,B,C,X( 3)); HOST_c2l(data,l); X( 5)=l;
262 BODY_00_15( 4,C,D,E,T,A,B,X( 4)); HOST_c2l(data,l); X( 6)=l;
263 BODY_00_15( 5,B,C,D,E,T,A,X( 5)); HOST_c2l(data,l); X( 7)=l;
264 BODY_00_15( 6,A,B,C,D,E,T,X( 6)); HOST_c2l(data,l); X( 8)=l;
265 BODY_00_15( 7,T,A,B,C,D,E,X( 7)); HOST_c2l(data,l); X( 9)=l;
266 BODY_00_15( 8,E,T,A,B,C,D,X( 8)); HOST_c2l(data,l); X(10)=l;
267 BODY_00_15( 9,D,E,T,A,B,C,X( 9)); HOST_c2l(data,l); X(11)=l;
268 BODY_00_15(10,C,D,E,T,A,B,X(10)); HOST_c2l(data,l); X(12)=l;
269 BODY_00_15(11,B,C,D,E,T,A,X(11)); HOST_c2l(data,l); X(13)=l;
270 BODY_00_15(12,A,B,C,D,E,T,X(12)); HOST_c2l(data,l); X(14)=l;
271 BODY_00_15(13,T,A,B,C,D,E,X(13)); HOST_c2l(data,l); X(15)=l;
272 BODY_00_15(14,E,T,A,B,C,D,X(14));
273 BODY_00_15(15,D,E,T,A,B,C,X(15));
274 }
275
276 BODY_16_19(16,C,D,E,T,A,B,X( 0),X( 0),X( 2),X( 8),X(13));
277 BODY_16_19(17,B,C,D,E,T,A,X( 1),X( 1),X( 3),X( 9),X(14));
278 BODY_16_19(18,A,B,C,D,E,T,X( 2),X( 2),X( 4),X(10),X(15));
279 BODY_16_19(19,T,A,B,C,D,E,X( 3),X( 3),X( 5),X(11),X( 0));
280
281 BODY_20_31(20,E,T,A,B,C,D,X( 4),X( 4),X( 6),X(12),X( 1));
282 BODY_20_31(21,D,E,T,A,B,C,X( 5),X( 5),X( 7),X(13),X( 2));
283 BODY_20_31(22,C,D,E,T,A,B,X( 6),X( 6),X( 8),X(14),X( 3));
284 BODY_20_31(23,B,C,D,E,T,A,X( 7),X( 7),X( 9),X(15),X( 4));
285 BODY_20_31(24,A,B,C,D,E,T,X( 8),X( 8),X(10),X( 0),X( 5));
286 BODY_20_31(25,T,A,B,C,D,E,X( 9),X( 9),X(11),X( 1),X( 6));
287 BODY_20_31(26,E,T,A,B,C,D,X(10),X(10),X(12),X( 2),X( 7));
288 BODY_20_31(27,D,E,T,A,B,C,X(11),X(11),X(13),X( 3),X( 8));
289 BODY_20_31(28,C,D,E,T,A,B,X(12),X(12),X(14),X( 4),X( 9));
290 BODY_20_31(29,B,C,D,E,T,A,X(13),X(13),X(15),X( 5),X(10));
291 BODY_20_31(30,A,B,C,D,E,T,X(14),X(14),X( 0),X( 6),X(11));
292 BODY_20_31(31,T,A,B,C,D,E,X(15),X(15),X( 1),X( 7),X(12));
293
294 BODY_32_39(32,E,T,A,B,C,D,X( 0),X( 2),X( 8),X(13));
295 BODY_32_39(33,D,E,T,A,B,C,X( 1),X( 3),X( 9),X(14));
296 BODY_32_39(34,C,D,E,T,A,B,X( 2),X( 4),X(10),X(15));
297 BODY_32_39(35,B,C,D,E,T,A,X( 3),X( 5),X(11),X( 0));
298 BODY_32_39(36,A,B,C,D,E,T,X( 4),X( 6),X(12),X( 1));
299 BODY_32_39(37,T,A,B,C,D,E,X( 5),X( 7),X(13),X( 2));
300 BODY_32_39(38,E,T,A,B,C,D,X( 6),X( 8),X(14),X( 3));
301 BODY_32_39(39,D,E,T,A,B,C,X( 7),X( 9),X(15),X( 4));
302
303 BODY_40_59(40,C,D,E,T,A,B,X( 8),X(10),X( 0),X( 5));
304 BODY_40_59(41,B,C,D,E,T,A,X( 9),X(11),X( 1),X( 6));
305 BODY_40_59(42,A,B,C,D,E,T,X(10),X(12),X( 2),X( 7));
306 BODY_40_59(43,T,A,B,C,D,E,X(11),X(13),X( 3),X( 8));
307 BODY_40_59(44,E,T,A,B,C,D,X(12),X(14),X( 4),X( 9));
308 BODY_40_59(45,D,E,T,A,B,C,X(13),X(15),X( 5),X(10));
309 BODY_40_59(46,C,D,E,T,A,B,X(14),X( 0),X( 6),X(11));
310 BODY_40_59(47,B,C,D,E,T,A,X(15),X( 1),X( 7),X(12));
311 BODY_40_59(48,A,B,C,D,E,T,X( 0),X( 2),X( 8),X(13));
312 BODY_40_59(49,T,A,B,C,D,E,X( 1),X( 3),X( 9),X(14));
313 BODY_40_59(50,E,T,A,B,C,D,X( 2),X( 4),X(10),X(15));
314 BODY_40_59(51,D,E,T,A,B,C,X( 3),X( 5),X(11),X( 0));
315 BODY_40_59(52,C,D,E,T,A,B,X( 4),X( 6),X(12),X( 1));
316 BODY_40_59(53,B,C,D,E,T,A,X( 5),X( 7),X(13),X( 2));
317 BODY_40_59(54,A,B,C,D,E,T,X( 6),X( 8),X(14),X( 3));
318 BODY_40_59(55,T,A,B,C,D,E,X( 7),X( 9),X(15),X( 4));
319 BODY_40_59(56,E,T,A,B,C,D,X( 8),X(10),X( 0),X( 5));
320 BODY_40_59(57,D,E,T,A,B,C,X( 9),X(11),X( 1),X( 6));
321 BODY_40_59(58,C,D,E,T,A,B,X(10),X(12),X( 2),X( 7));
322 BODY_40_59(59,B,C,D,E,T,A,X(11),X(13),X( 3),X( 8));
323
324 BODY_60_79(60,A,B,C,D,E,T,X(12),X(14),X( 4),X( 9));
325 BODY_60_79(61,T,A,B,C,D,E,X(13),X(15),X( 5),X(10));
326 BODY_60_79(62,E,T,A,B,C,D,X(14),X( 0),X( 6),X(11));
327 BODY_60_79(63,D,E,T,A,B,C,X(15),X( 1),X( 7),X(12));
328 BODY_60_79(64,C,D,E,T,A,B,X( 0),X( 2),X( 8),X(13));
329 BODY_60_79(65,B,C,D,E,T,A,X( 1),X( 3),X( 9),X(14));
330 BODY_60_79(66,A,B,C,D,E,T,X( 2),X( 4),X(10),X(15));
331 BODY_60_79(67,T,A,B,C,D,E,X( 3),X( 5),X(11),X( 0));
332 BODY_60_79(68,E,T,A,B,C,D,X( 4),X( 6),X(12),X( 1));
333 BODY_60_79(69,D,E,T,A,B,C,X( 5),X( 7),X(13),X( 2));
334 BODY_60_79(70,C,D,E,T,A,B,X( 6),X( 8),X(14),X( 3));
335 BODY_60_79(71,B,C,D,E,T,A,X( 7),X( 9),X(15),X( 4));
336 BODY_60_79(72,A,B,C,D,E,T,X( 8),X(10),X( 0),X( 5));
337 BODY_60_79(73,T,A,B,C,D,E,X( 9),X(11),X( 1),X( 6));
338 BODY_60_79(74,E,T,A,B,C,D,X(10),X(12),X( 2),X( 7));
339 BODY_60_79(75,D,E,T,A,B,C,X(11),X(13),X( 3),X( 8));
340 BODY_60_79(76,C,D,E,T,A,B,X(12),X(14),X( 4),X( 9));
341 BODY_60_79(77,B,C,D,E,T,A,X(13),X(15),X( 5),X(10));
342 BODY_60_79(78,A,B,C,D,E,T,X(14),X( 0),X( 6),X(11));
343 BODY_60_79(79,T,A,B,C,D,E,X(15),X( 1),X( 7),X(12));
344
345 c->h0=(c->h0+E)&0xffffffffL;
346 c->h1=(c->h1+T)&0xffffffffL;
347 c->h2=(c->h2+A)&0xffffffffL;
348 c->h3=(c->h3+B)&0xffffffffL;
349 c->h4=(c->h4+C)&0xffffffffL;
350
351 if (--num == 0) break;
352
353 A=c->h0;
354 B=c->h1;
355 C=c->h2;
356 D=c->h3;
357 E=c->h4;
358
359 }
360 }
361#endif
362
363#else /* OPENSSL_SMALL_FOOTPRINT */
364
365#define BODY_00_15(xi) do { \
366 T=E+K_00_19+F_00_19(B,C,D); \
367 E=D, D=C, C=ROTATE(B,30), B=A; \
368 A=ROTATE(A,5)+T+xi; } while(0)
369
370#define BODY_16_19(xa,xb,xc,xd) do { \
371 Xupdate(T,xa,xa,xb,xc,xd); \
372 T+=E+K_00_19+F_00_19(B,C,D); \
373 E=D, D=C, C=ROTATE(B,30), B=A; \
374 A=ROTATE(A,5)+T; } while(0)
375
376#define BODY_20_39(xa,xb,xc,xd) do { \
377 Xupdate(T,xa,xa,xb,xc,xd); \
378 T+=E+K_20_39+F_20_39(B,C,D); \
379 E=D, D=C, C=ROTATE(B,30), B=A; \
380 A=ROTATE(A,5)+T; } while(0)
381
382#define BODY_40_59(xa,xb,xc,xd) do { \
383 Xupdate(T,xa,xa,xb,xc,xd); \
384 T+=E+K_40_59+F_40_59(B,C,D); \
385 E=D, D=C, C=ROTATE(B,30), B=A; \
386 A=ROTATE(A,5)+T; } while(0)
387
388#define BODY_60_79(xa,xb,xc,xd) do { \
389 Xupdate(T,xa,xa,xb,xc,xd); \
390 T=E+K_60_79+F_60_79(B,C,D); \
391 E=D, D=C, C=ROTATE(B,30), B=A; \
392 A=ROTATE(A,5)+T+xa; } while(0)
393
394#if !defined(SHA_1) || !defined(SHA1_ASM)
395static void HASH_BLOCK_DATA_ORDER (SHA_CTX *c, const void *p, size_t num)
396 {
397 const unsigned char *data=p;
398 register unsigned MD32_REG_T A,B,C,D,E,T,l;
399 int i;
400 SHA_LONG X[16];
401
402 A=c->h0;
403 B=c->h1;
404 C=c->h2;
405 D=c->h3;
406 E=c->h4;
407
408 for (;;)
409 {
410 for (i=0;i<16;i++)
411 { HOST_c2l(data,l); X[i]=l; BODY_00_15(X[i]); }
412 for (i=0;i<4;i++)
413 { BODY_16_19(X[i], X[i+2], X[i+8], X[(i+13)&15]); }
414 for (;i<24;i++)
415 { BODY_20_39(X[i&15], X[(i+2)&15], X[(i+8)&15],X[(i+13)&15]); }
416 for (i=0;i<20;i++)
417 { BODY_40_59(X[(i+8)&15],X[(i+10)&15],X[i&15], X[(i+5)&15]); }
418 for (i=4;i<24;i++)
419 { BODY_60_79(X[(i+8)&15],X[(i+10)&15],X[i&15], X[(i+5)&15]); }
420
421 c->h0=(c->h0+A)&0xffffffffL;
422 c->h1=(c->h1+B)&0xffffffffL;
423 c->h2=(c->h2+C)&0xffffffffL;
424 c->h3=(c->h3+D)&0xffffffffL;
425 c->h4=(c->h4+E)&0xffffffffL;
426
427 if (--num == 0) break;
428
429 A=c->h0;
430 B=c->h1;
431 C=c->h2;
432 D=c->h3;
433 E=c->h4;
434
435 }
436 }
437#endif
438
439#endif
diff --git a/src/lib/libcrypto/sha/sha_one.c b/src/lib/libcrypto/sha/sha_one.c
new file mode 100644
index 0000000000..3bae623ce8
--- /dev/null
+++ b/src/lib/libcrypto/sha/sha_one.c
@@ -0,0 +1,78 @@
1/* crypto/sha/sha_one.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <string.h>
61#include <openssl/sha.h>
62#include <openssl/crypto.h>
63
64#ifndef OPENSSL_NO_SHA0
65unsigned char *SHA(const unsigned char *d, size_t n, unsigned char *md)
66 {
67 SHA_CTX c;
68 static unsigned char m[SHA_DIGEST_LENGTH];
69
70 if (md == NULL) md=m;
71 if (!SHA_Init(&c))
72 return NULL;
73 SHA_Update(&c,d,n);
74 SHA_Final(md,&c);
75 OPENSSL_cleanse(&c,sizeof(c));
76 return(md);
77 }
78#endif
diff --git a/src/lib/libcrypto/sha/shatest.c b/src/lib/libcrypto/sha/shatest.c
new file mode 100644
index 0000000000..ed0fe06a7b
--- /dev/null
+++ b/src/lib/libcrypto/sha/shatest.c
@@ -0,0 +1,178 @@
1/* crypto/sha/shatest.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <string.h>
61#include <stdlib.h>
62
63#include "../e_os.h"
64
65#if defined(OPENSSL_NO_SHA) || defined(OPENSSL_NO_SHA0)
66int main(int argc, char *argv[])
67{
68 printf("No SHA0 support\n");
69 return(0);
70}
71#else
72#include <openssl/evp.h>
73#include <openssl/sha.h>
74
75#ifdef CHARSET_EBCDIC
76#include <openssl/ebcdic.h>
77#endif
78
79#define SHA_0 /* FIPS 180 */
80#undef SHA_1 /* FIPS 180-1 */
81
82static char *test[]={
83 "abc",
84 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
85 NULL,
86 };
87
88#ifdef SHA_0
89static char *ret[]={
90 "0164b8a914cd2a5e74c4f7ff082c4d97f1edf880",
91 "d2516ee1acfa5baf33dfc1c471e438449ef134c8",
92 };
93static char *bigret=
94 "3232affa48628a26653b5aaa44541fd90d690603";
95#endif
96#ifdef SHA_1
97static char *ret[]={
98 "a9993e364706816aba3e25717850c26c9cd0d89d",
99 "84983e441c3bd26ebaae4aa1f95129e5e54670f1",
100 };
101static char *bigret=
102 "34aa973cd4c4daa4f61eeb2bdbad27316534016f";
103#endif
104
105static char *pt(unsigned char *md);
106int main(int argc, char *argv[])
107 {
108 int i,err=0;
109 char **P,**R;
110 static unsigned char buf[1000];
111 char *p,*r;
112 EVP_MD_CTX c;
113 unsigned char md[SHA_DIGEST_LENGTH];
114
115#ifdef CHARSET_EBCDIC
116 ebcdic2ascii(test[0], test[0], strlen(test[0]));
117 ebcdic2ascii(test[1], test[1], strlen(test[1]));
118#endif
119
120 EVP_MD_CTX_init(&c);
121 P=test;
122 R=ret;
123 i=1;
124 while (*P != NULL)
125 {
126 EVP_Digest(*P,strlen((char *)*P),md,NULL,EVP_sha(), NULL);
127 p=pt(md);
128 if (strcmp(p,(char *)*R) != 0)
129 {
130 printf("error calculating SHA on '%s'\n",*P);
131 printf("got %s instead of %s\n",p,*R);
132 err++;
133 }
134 else
135 printf("test %d ok\n",i);
136 i++;
137 R++;
138 P++;
139 }
140
141 memset(buf,'a',1000);
142#ifdef CHARSET_EBCDIC
143 ebcdic2ascii(buf, buf, 1000);
144#endif /*CHARSET_EBCDIC*/
145 EVP_DigestInit_ex(&c,EVP_sha(), NULL);
146 for (i=0; i<1000; i++)
147 EVP_DigestUpdate(&c,buf,1000);
148 EVP_DigestFinal_ex(&c,md,NULL);
149 p=pt(md);
150
151 r=bigret;
152 if (strcmp(p,r) != 0)
153 {
154 printf("error calculating SHA on '%s'\n",p);
155 printf("got %s instead of %s\n",p,r);
156 err++;
157 }
158 else
159 printf("test 3 ok\n");
160
161#ifdef OPENSSL_SYS_NETWARE
162 if (err) printf("ERROR: %d\n", err);
163#endif
164 EVP_MD_CTX_cleanup(&c);
165 EXIT(err);
166 return(0);
167 }
168
169static char *pt(unsigned char *md)
170 {
171 int i;
172 static char buf[80];
173
174 for (i=0; i<SHA_DIGEST_LENGTH; i++)
175 sprintf(&(buf[i*2]),"%02x",md[i]);
176 return(buf);
177 }
178#endif
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-12-10 03:46:12 +0000