From 7445aed7e7c22eae7ddd865c8c411f93062e2980 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Tue, 11 Apr 2023 10:35:21 +0000
Subject: Simplify handling of big vs little endian.

Rather than sprinkling BYTE_ORDER checks throughout the implementation,
always define PULL64 - on big endian platforms it just becomes a no-op.

ok tb@
---
 src/lib/libcrypto/sha/sha512.c | 45 +++++-------------------------------------
 1 file changed, 5 insertions(+), 40 deletions(-)

(limited to 'src')

diff --git a/src/lib/libcrypto/sha/sha512.c b/src/lib/libcrypto/sha/sha512.c
index 9b4b2cf337..8c78f826c8 100644
--- a/src/lib/libcrypto/sha/sha512.c
+++ b/src/lib/libcrypto/sha/sha512.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sha512.c,v 1.27 2023/04/11 10:32:21 jsing Exp $ */
+/* $OpenBSD: sha512.c,v 1.28 2023/04/11 10:35:21 jsing Exp $ */
 /* ====================================================================
  * Copyright (c) 1998-2011 The OpenSSL Project.  All rights reserved.
  *
@@ -142,9 +142,13 @@ static const SHA_LONG64 K512[80] = {
 #endif
 
 #ifndef PULL64
+#if BYTE_ORDER == BIG_ENDIAN
+#define PULL64(x)	(x)
+#else
 #define B(x, j)		(((SHA_LONG64)(*(((const unsigned char *)(&x))+j)))<<((7-j)*8))
 #define PULL64(x)	(B(x,0)|B(x,1)|B(x,2)|B(x,3)|B(x,4)|B(x,5)|B(x,6)|B(x,7))
 #endif
+#endif
 
 #ifndef ROTR
 #define ROTR(x, s)	(((x)>>s) | (x)<<(64-s))
@@ -242,11 +246,7 @@ sha512_block_data_order(SHA512_CTX *ctx, const void *in, size_t num)
 		h = ctx->h[7];
 
 		for (i = 0; i < 16; i++) {
-#if BYTE_ORDER == BIG_ENDIAN
-			T1 = X[i] = W[i];
-#else
 			T1 = X[i] = PULL64(W[i]);
-#endif
 			T1 += h + Sigma1(e) + Ch(e, f, g) + K512[i];
 			T2 = Sigma0(a) + Maj(a, b, c);
 			h = g;
@@ -323,40 +323,6 @@ sha512_block_data_order(SHA512_CTX *ctx, const void *in, size_t num)
 		g = ctx->h[6];
 		h = ctx->h[7];
 
-#if BYTE_ORDER == BIG_ENDIAN
-		T1 = X[0] = W[0];
-		ROUND_00_15(0, a, b, c, d, e, f, g, h);
-		T1 = X[1] = W[1];
-		ROUND_00_15(1, h, a, b, c, d, e, f, g);
-		T1 = X[2] = W[2];
-		ROUND_00_15(2, g, h, a, b, c, d, e, f);
-		T1 = X[3] = W[3];
-		ROUND_00_15(3, f, g, h, a, b, c, d, e);
-		T1 = X[4] = W[4];
-		ROUND_00_15(4, e, f, g, h, a, b, c, d);
-		T1 = X[5] = W[5];
-		ROUND_00_15(5, d, e, f, g, h, a, b, c);
-		T1 = X[6] = W[6];
-		ROUND_00_15(6, c, d, e, f, g, h, a, b);
-		T1 = X[7] = W[7];
-		ROUND_00_15(7, b, c, d, e, f, g, h, a);
-		T1 = X[8] = W[8];
-		ROUND_00_15(8, a, b, c, d, e, f, g, h);
-		T1 = X[9] = W[9];
-		ROUND_00_15(9, h, a, b, c, d, e, f, g);
-		T1 = X[10] = W[10];
-		ROUND_00_15(10, g, h, a, b, c, d, e, f);
-		T1 = X[11] = W[11];
-		ROUND_00_15(11, f, g, h, a, b, c, d, e);
-		T1 = X[12] = W[12];
-		ROUND_00_15(12, e, f, g, h, a, b, c, d);
-		T1 = X[13] = W[13];
-		ROUND_00_15(13, d, e, f, g, h, a, b, c);
-		T1 = X[14] = W[14];
-		ROUND_00_15(14, c, d, e, f, g, h, a, b);
-		T1 = X[15] = W[15];
-		ROUND_00_15(15, b, c, d, e, f, g, h, a);
-#else
 		T1 = X[0] = PULL64(W[0]);
 		ROUND_00_15(0, a, b, c, d, e, f, g, h);
 		T1 = X[1] = PULL64(W[1]);
@@ -389,7 +355,6 @@ sha512_block_data_order(SHA512_CTX *ctx, const void *in, size_t num)
 		ROUND_00_15(14, c, d, e, f, g, h, a, b);
 		T1 = X[15] = PULL64(W[15]);
 		ROUND_00_15(15, b, c, d, e, f, g, h, a);
-#endif
 
 		for (i = 16; i < 80; i += 16) {
 			ROUND_16_80(i, 0, a, b, c, d, e, f, g, h, X);
-- 
cgit v1.2.3-55-g6feb