| OLD | NEW |
|---|
| 1 /* crypto/sha/sha512.c */ | 1 /* crypto/sha/sha512.c */ |
| 2 /* ==================================================================== | 2 /* ==================================================================== |
| 3 * Copyright (c) 2004 The OpenSSL Project. All rights reserved | 3 * Copyright (c) 2004 The OpenSSL Project. All rights reserved |
| 4 * according to the OpenSSL license [found in ../../LICENSE]. | 4 * according to the OpenSSL license [found in ../../LICENSE]. |
| 5 * ==================================================================== | 5 * ==================================================================== |
| 6 */ | 6 */ |
| 7 #include <openssl/opensslconf.h> | 7 #include <openssl/opensslconf.h> |
| 8 #ifdef OPENSSL_FIPS | |
| 9 #include <openssl/fips.h> | |
| 10 #endif | |
| 11 | |
| 12 #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA512) | 8 #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA512) |
| 13 /* | 9 /* |
| 14 * IMPLEMENTATION NOTES. | 10 * IMPLEMENTATION NOTES. |
| 15 * | 11 * |
| 16 * As you might have noticed 32-bit hash algorithms: | 12 * As you might have noticed 32-bit hash algorithms: |
| 17 * | 13 * |
| 18 * - permit SHA_LONG to be wider than 32-bit (case on CRAY); | 14 * - permit SHA_LONG to be wider than 32-bit (case on CRAY); |
| 19 * - optimized versions implement two transform functions: one operating | 15 * - optimized versions implement two transform functions: one operating |
| 20 * on [aligned] data in host byte order and one - on data in input | 16 * on [aligned] data in host byte order and one - on data in input |
| 21 * stream byte order; | 17 * stream byte order; |
| (...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 58 | 54 |
| 59 #if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ | 55 #if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ |
| 60 defined(__x86_64) || defined(_M_AMD64) || defined(_M_X64) || \ | 56 defined(__x86_64) || defined(_M_AMD64) || defined(_M_X64) || \ |
| 61 defined(__s390__) || defined(__s390x__) || \ | 57 defined(__s390__) || defined(__s390x__) || \ |
| 62 defined(SHA512_ASM) | 58 defined(SHA512_ASM) |
| 63 #define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA | 59 #define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA |
| 64 #endif | 60 #endif |
| 65 | 61 |
| 66 int SHA384_Init (SHA512_CTX *c) | 62 int SHA384_Init (SHA512_CTX *c) |
| 67 { | 63 { |
| 68 #ifdef OPENSSL_FIPS | 64 #if defined(SHA512_ASM) && (defined(__arm__) || defined(__arm)) |
| 69 » FIPS_selftest_check(); | 65 » /* maintain dword order required by assembler module */ |
| 70 #endif | 66 » unsigned int *h = (unsigned int *)c->h; |
| 67 |
| 68 » h[0] = 0xcbbb9d5d; h[1] = 0xc1059ed8; |
| 69 » h[2] = 0x629a292a; h[3] = 0x367cd507; |
| 70 » h[4] = 0x9159015a; h[5] = 0x3070dd17; |
| 71 » h[6] = 0x152fecd8; h[7] = 0xf70e5939; |
| 72 » h[8] = 0x67332667; h[9] = 0xffc00b31; |
| 73 » h[10] = 0x8eb44a87; h[11] = 0x68581511; |
| 74 » h[12] = 0xdb0c2e0d; h[13] = 0x64f98fa7; |
| 75 » h[14] = 0x47b5481d; h[15] = 0xbefa4fa4; |
| 76 #else |
| 71 c->h[0]=U64(0xcbbb9d5dc1059ed8); | 77 c->h[0]=U64(0xcbbb9d5dc1059ed8); |
| 72 c->h[1]=U64(0x629a292a367cd507); | 78 c->h[1]=U64(0x629a292a367cd507); |
| 73 c->h[2]=U64(0x9159015a3070dd17); | 79 c->h[2]=U64(0x9159015a3070dd17); |
| 74 c->h[3]=U64(0x152fecd8f70e5939); | 80 c->h[3]=U64(0x152fecd8f70e5939); |
| 75 c->h[4]=U64(0x67332667ffc00b31); | 81 c->h[4]=U64(0x67332667ffc00b31); |
| 76 c->h[5]=U64(0x8eb44a8768581511); | 82 c->h[5]=U64(0x8eb44a8768581511); |
| 77 c->h[6]=U64(0xdb0c2e0d64f98fa7); | 83 c->h[6]=U64(0xdb0c2e0d64f98fa7); |
| 78 c->h[7]=U64(0x47b5481dbefa4fa4); | 84 c->h[7]=U64(0x47b5481dbefa4fa4); |
| 85 #endif |
| 79 c->Nl=0; c->Nh=0; | 86 c->Nl=0; c->Nh=0; |
| 80 c->num=0; c->md_len=SHA384_DIGEST_LENGTH; | 87 c->num=0; c->md_len=SHA384_DIGEST_LENGTH; |
| 81 return 1; | 88 return 1; |
| 82 } | 89 } |
| 83 | 90 |
| 84 int SHA512_Init (SHA512_CTX *c) | 91 int SHA512_Init (SHA512_CTX *c) |
| 85 { | 92 { |
| 86 #ifdef OPENSSL_FIPS | 93 #if defined(SHA512_ASM) && (defined(__arm__) || defined(__arm)) |
| 87 » FIPS_selftest_check(); | 94 » /* maintain dword order required by assembler module */ |
| 88 #endif | 95 » unsigned int *h = (unsigned int *)c->h; |
| 96 |
| 97 » h[0] = 0x6a09e667; h[1] = 0xf3bcc908; |
| 98 » h[2] = 0xbb67ae85; h[3] = 0x84caa73b; |
| 99 » h[4] = 0x3c6ef372; h[5] = 0xfe94f82b; |
| 100 » h[6] = 0xa54ff53a; h[7] = 0x5f1d36f1; |
| 101 » h[8] = 0x510e527f; h[9] = 0xade682d1; |
| 102 » h[10] = 0x9b05688c; h[11] = 0x2b3e6c1f; |
| 103 » h[12] = 0x1f83d9ab; h[13] = 0xfb41bd6b; |
| 104 » h[14] = 0x5be0cd19; h[15] = 0x137e2179; |
| 105 #else |
| 89 c->h[0]=U64(0x6a09e667f3bcc908); | 106 c->h[0]=U64(0x6a09e667f3bcc908); |
| 90 c->h[1]=U64(0xbb67ae8584caa73b); | 107 c->h[1]=U64(0xbb67ae8584caa73b); |
| 91 c->h[2]=U64(0x3c6ef372fe94f82b); | 108 c->h[2]=U64(0x3c6ef372fe94f82b); |
| 92 c->h[3]=U64(0xa54ff53a5f1d36f1); | 109 c->h[3]=U64(0xa54ff53a5f1d36f1); |
| 93 c->h[4]=U64(0x510e527fade682d1); | 110 c->h[4]=U64(0x510e527fade682d1); |
| 94 c->h[5]=U64(0x9b05688c2b3e6c1f); | 111 c->h[5]=U64(0x9b05688c2b3e6c1f); |
| 95 c->h[6]=U64(0x1f83d9abfb41bd6b); | 112 c->h[6]=U64(0x1f83d9abfb41bd6b); |
| 96 c->h[7]=U64(0x5be0cd19137e2179); | 113 c->h[7]=U64(0x5be0cd19137e2179); |
| 114 #endif |
| 97 c->Nl=0; c->Nh=0; | 115 c->Nl=0; c->Nh=0; |
| 98 c->num=0; c->md_len=SHA512_DIGEST_LENGTH; | 116 c->num=0; c->md_len=SHA512_DIGEST_LENGTH; |
| 99 return 1; | 117 return 1; |
| 100 } | 118 } |
| 101 | 119 |
| 102 #ifndef SHA512_ASM | 120 #ifndef SHA512_ASM |
| 103 static | 121 static |
| 104 #endif | 122 #endif |
| 105 void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num); | 123 void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num); |
| 106 | 124 |
| (...skipping 28 matching lines...) Expand all Loading... |
| 135 p[sizeof(c->u)-13] = (unsigned char)(c->Nh>>32); | 153 p[sizeof(c->u)-13] = (unsigned char)(c->Nh>>32); |
| 136 p[sizeof(c->u)-14] = (unsigned char)(c->Nh>>40); | 154 p[sizeof(c->u)-14] = (unsigned char)(c->Nh>>40); |
| 137 p[sizeof(c->u)-15] = (unsigned char)(c->Nh>>48); | 155 p[sizeof(c->u)-15] = (unsigned char)(c->Nh>>48); |
| 138 p[sizeof(c->u)-16] = (unsigned char)(c->Nh>>56); | 156 p[sizeof(c->u)-16] = (unsigned char)(c->Nh>>56); |
| 139 #endif | 157 #endif |
| 140 | 158 |
| 141 sha512_block_data_order (c,p,1); | 159 sha512_block_data_order (c,p,1); |
| 142 | 160 |
| 143 if (md==0) return 0; | 161 if (md==0) return 0; |
| 144 | 162 |
| 163 #if defined(SHA512_ASM) && (defined(__arm__) || defined(__arm)) |
| 164 /* recall assembler dword order... */ |
| 165 n = c->md_len; |
| 166 if (n == SHA384_DIGEST_LENGTH || n == SHA512_DIGEST_LENGTH) |
| 167 { |
| 168 unsigned int *h = (unsigned int *)c->h, t; |
| 169 |
| 170 for (n/=4;n;n--) |
| 171 { |
| 172 t = *(h++); |
| 173 *(md++) = (unsigned char)(t>>24); |
| 174 *(md++) = (unsigned char)(t>>16); |
| 175 *(md++) = (unsigned char)(t>>8); |
| 176 *(md++) = (unsigned char)(t); |
| 177 } |
| 178 } |
| 179 else return 0; |
| 180 #else |
| 145 switch (c->md_len) | 181 switch (c->md_len) |
| 146 { | 182 { |
| 147 /* Let compiler decide if it's appropriate to unroll... */ | 183 /* Let compiler decide if it's appropriate to unroll... */ |
| 148 case SHA384_DIGEST_LENGTH: | 184 case SHA384_DIGEST_LENGTH: |
| 149 for (n=0;n<SHA384_DIGEST_LENGTH/8;n++) | 185 for (n=0;n<SHA384_DIGEST_LENGTH/8;n++) |
| 150 { | 186 { |
| 151 SHA_LONG64 t = c->h[n]; | 187 SHA_LONG64 t = c->h[n]; |
| 152 | 188 |
| 153 *(md++) = (unsigned char)(t>>56); | 189 *(md++) = (unsigned char)(t>>56); |
| 154 *(md++) = (unsigned char)(t>>48); | 190 *(md++) = (unsigned char)(t>>48); |
| (...skipping 16 matching lines...) Expand all Loading... |
| 171 *(md++) = (unsigned char)(t>>32); | 207 *(md++) = (unsigned char)(t>>32); |
| 172 *(md++) = (unsigned char)(t>>24); | 208 *(md++) = (unsigned char)(t>>24); |
| 173 *(md++) = (unsigned char)(t>>16); | 209 *(md++) = (unsigned char)(t>>16); |
| 174 *(md++) = (unsigned char)(t>>8); | 210 *(md++) = (unsigned char)(t>>8); |
| 175 *(md++) = (unsigned char)(t); | 211 *(md++) = (unsigned char)(t); |
| 176 } | 212 } |
| 177 break; | 213 break; |
| 178 /* ... as well as make sure md_len is not abused. */ | 214 /* ... as well as make sure md_len is not abused. */ |
| 179 default: return 0; | 215 default: return 0; |
| 180 } | 216 } |
| 181 | 217 #endif |
| 182 return 1; | 218 return 1; |
| 183 } | 219 } |
| 184 | 220 |
| 185 int SHA384_Final (unsigned char *md,SHA512_CTX *c) | 221 int SHA384_Final (unsigned char *md,SHA512_CTX *c) |
| 186 { return SHA512_Final (md,c); } | 222 { return SHA512_Final (md,c); } |
| 187 | 223 |
| 188 int SHA512_Update (SHA512_CTX *c, const void *_data, size_t len) | 224 int SHA512_Update (SHA512_CTX *c, const void *_data, size_t len) |
| 189 { | 225 { |
| 190 SHA_LONG64 l; | 226 SHA_LONG64 l; |
| 191 unsigned char *p=c->u.p; | 227 unsigned char *p=c->u.p; |
| 192 const unsigned char *data=(const unsigned char *)_data; | 228 const unsigned char *data=(const unsigned char *)_data; |
| 193 | 229 |
| 194 if (len==0) return 1; | 230 if (len==0) return 1; |
| 195 | 231 |
| 196 l = (c->Nl+(((SHA_LONG64)len)<<3))&U64(0xffffffffffffffff); | 232 l = (c->Nl+(((SHA_LONG64)len)<<3))&U64(0xffffffffffffffff); |
| 197 if (l < c->Nl) c->Nh++; | 233 if (l < c->Nl) c->Nh++; |
| 198 if (sizeof(len)>=8) c->Nh+=(((SHA_LONG64)len)>>61); | 234 if (sizeof(len)>=8) c->Nh+=(((SHA_LONG64)len)>>61); |
| 199 c->Nl=l; | 235 c->Nl=l; |
| 200 | 236 |
| 201 if (c->num != 0) | 237 if (c->num != 0) |
| 202 { | 238 { |
| 203 size_t n = sizeof(c->u) - c->num; | 239 size_t n = sizeof(c->u) - c->num; |
| 204 | 240 |
| 205 if (len < n) | 241 if (len < n) |
| 206 { | 242 { |
| 207 » » » memcpy (p+c->num,data,len), c->num += len; | 243 » » » memcpy (p+c->num,data,len), c->num += (unsigned int)len; |
| 208 return 1; | 244 return 1; |
| 209 } | 245 } |
| 210 else { | 246 else { |
| 211 memcpy (p+c->num,data,n), c->num = 0; | 247 memcpy (p+c->num,data,n), c->num = 0; |
| 212 len-=n, data+=n; | 248 len-=n, data+=n; |
| 213 sha512_block_data_order (c,p,1); | 249 sha512_block_data_order (c,p,1); |
| 214 } | 250 } |
| 215 } | 251 } |
| 216 | 252 |
| 217 if (len >= sizeof(c->u)) | 253 if (len >= sizeof(c->u)) |
| (...skipping 89 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 307 U64(0x06f067aa72176fba),U64(0x0a637dc5a2c898a6), | 343 U64(0x06f067aa72176fba),U64(0x0a637dc5a2c898a6), |
| 308 U64(0x113f9804bef90dae),U64(0x1b710b35131c471b), | 344 U64(0x113f9804bef90dae),U64(0x1b710b35131c471b), |
| 309 U64(0x28db77f523047d84),U64(0x32caab7b40c72493), | 345 U64(0x28db77f523047d84),U64(0x32caab7b40c72493), |
| 310 U64(0x3c9ebe0a15c9bebc),U64(0x431d67c49c100d4c), | 346 U64(0x3c9ebe0a15c9bebc),U64(0x431d67c49c100d4c), |
| 311 U64(0x4cc5d4becb3e42b6),U64(0x597f299cfc657e2a), | 347 U64(0x4cc5d4becb3e42b6),U64(0x597f299cfc657e2a), |
| 312 U64(0x5fcb6fab3ad6faec),U64(0x6c44198c4a475817) }; | 348 U64(0x5fcb6fab3ad6faec),U64(0x6c44198c4a475817) }; |
| 313 | 349 |
| 314 #ifndef PEDANTIC | 350 #ifndef PEDANTIC |
| 315 # if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OP
ENSSL_NO_INLINE_ASM) | 351 # if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OP
ENSSL_NO_INLINE_ASM) |
| 316 # if defined(__x86_64) || defined(__x86_64__) | 352 # if defined(__x86_64) || defined(__x86_64__) |
| 317 # define ROTR(a,n)» ({ unsigned long ret;» » \ | 353 # define ROTR(a,n)» ({ SHA_LONG64 ret;» » \ |
| 318 asm ("rorq %1,%0" \ | 354 asm ("rorq %1,%0" \ |
| 319 : "=r"(ret) \ | 355 : "=r"(ret) \ |
| 320 : "J"(n),"0"(a) \ | 356 : "J"(n),"0"(a) \ |
| 321 : "cc"); ret; }) | 357 : "cc"); ret; }) |
| 322 # if !defined(B_ENDIAN) | 358 # if !defined(B_ENDIAN) |
| 323 # define PULL64(x) ({ SHA_LONG64 ret=*((const SHA_LONG64 *)(&(x))); \ | 359 # define PULL64(x) ({ SHA_LONG64 ret=*((const SHA_LONG64 *)(&(x))); \ |
| 324 asm ("bswapq %0" \ | 360 asm ("bswapq %0" \ |
| 325 : "=r"(ret) \ | 361 : "=r"(ret) \ |
| 326 : "0"(ret)); ret; }) | 362 : "0"(ret)); ret; }) |
| 327 # endif | 363 # endif |
| 328 # elif (defined(__i386) || defined(__i386__)) && !defined(B_ENDIAN) | 364 # elif (defined(__i386) || defined(__i386__)) && !defined(B_ENDIAN) |
| 329 # if defined(I386_ONLY) | 365 # if defined(I386_ONLY) |
| 330 # define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\ | 366 # define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\ |
| 331 unsigned int hi=p[0],lo=p[1]; \ | 367 unsigned int hi=p[0],lo=p[1]; \ |
| 332 asm("xchgb %%ah,%%al;xchgb %%dh,%%dl;"\ | 368 asm("xchgb %%ah,%%al;xchgb %%dh,%%dl;"\ |
| 333 "roll $16,%%eax; roll $16,%%edx; "\ | 369 "roll $16,%%eax; roll $16,%%edx; "\ |
| 334 "xchgb %%ah,%%al;xchgb %%dh,%%dl;" \ | 370 "xchgb %%ah,%%al;xchgb %%dh,%%dl;" \ |
| 335 : "=a"(lo),"=d"(hi) \ | 371 : "=a"(lo),"=d"(hi) \ |
| 336 : "0"(lo),"1"(hi) : "cc"); \ | 372 : "0"(lo),"1"(hi) : "cc"); \ |
| 337 ((SHA_LONG64)hi)<<32|lo; }) | 373 ((SHA_LONG64)hi)<<32|lo; }) |
| 338 # else | 374 # else |
| 339 # define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\ | 375 # define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\ |
| 340 » » » unsigned int hi=p[0],lo=p[1];» » » \ | 376 » » » unsigned int hi=p[0],lo=p[1];» » \ |
| 341 asm ("bswapl %0; bswapl %1;" \ | 377 asm ("bswapl %0; bswapl %1;" \ |
| 342 : "=r"(lo),"=r"(hi) \ | 378 : "=r"(lo),"=r"(hi) \ |
| 343 : "0"(lo),"1"(hi)); \ | 379 : "0"(lo),"1"(hi)); \ |
| 344 ((SHA_LONG64)hi)<<32|lo; }) | 380 ((SHA_LONG64)hi)<<32|lo; }) |
| 345 # endif | 381 # endif |
| 346 # elif (defined(_ARCH_PPC) && defined(__64BIT__)) || defined(_ARCH_PPC64) | 382 # elif (defined(_ARCH_PPC) && defined(__64BIT__)) || defined(_ARCH_PPC64) |
| 347 # define ROTR(a,n)» ({ unsigned long ret;» » \ | 383 # define ROTR(a,n)» ({ SHA_LONG64 ret;» » \ |
| 348 asm ("rotrdi %0,%1,%2" \ | 384 asm ("rotrdi %0,%1,%2" \ |
| 349 : "=r"(ret) \ | 385 : "=r"(ret) \ |
| 350 : "r"(a),"K"(n)); ret; }) | 386 : "r"(a),"K"(n)); ret; }) |
| 351 # endif | 387 # endif |
| 352 # elif defined(_MSC_VER) | 388 # elif defined(_MSC_VER) |
| 353 # if defined(_WIN64) /* applies to both IA-64 and AMD64 */ | 389 # if defined(_WIN64) /* applies to both IA-64 and AMD64 */ |
| 390 # pragma intrinsic(_rotr64) |
| 354 # define ROTR(a,n) _rotr64((a),n) | 391 # define ROTR(a,n) _rotr64((a),n) |
| 355 # endif | 392 # endif |
| 356 # if defined(_M_IX86) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE
_ASM) | 393 # if defined(_M_IX86) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE
_ASM) |
| 357 # if defined(I386_ONLY) | 394 # if defined(I386_ONLY) |
| 358 static SHA_LONG64 __fastcall __pull64be(const void *x) | 395 static SHA_LONG64 __fastcall __pull64be(const void *x) |
| 359 { _asm mov edx, [ecx + 0] | 396 { _asm mov edx, [ecx + 0] |
| 360 _asm mov eax, [ecx + 4] | 397 _asm mov eax, [ecx + 4] |
| 361 _asm xchg dh,dl | 398 _asm xchg dh,dl |
| 362 _asm xchg ah,al | 399 _asm xchg ah,al |
| 363 _asm rol edx,16 | 400 _asm rol edx,16 |
| (...skipping 27 matching lines...) Expand all Loading... |
| 391 #endif | 428 #endif |
| 392 | 429 |
| 393 #define Sigma0(x) (ROTR((x),28) ^ ROTR((x),34) ^ ROTR((x),39)) | 430 #define Sigma0(x) (ROTR((x),28) ^ ROTR((x),34) ^ ROTR((x),39)) |
| 394 #define Sigma1(x) (ROTR((x),14) ^ ROTR((x),18) ^ ROTR((x),41)) | 431 #define Sigma1(x) (ROTR((x),14) ^ ROTR((x),18) ^ ROTR((x),41)) |
| 395 #define sigma0(x) (ROTR((x),1) ^ ROTR((x),8) ^ ((x)>>7)) | 432 #define sigma0(x) (ROTR((x),1) ^ ROTR((x),8) ^ ((x)>>7)) |
| 396 #define sigma1(x) (ROTR((x),19) ^ ROTR((x),61) ^ ((x)>>6)) | 433 #define sigma1(x) (ROTR((x),19) ^ ROTR((x),61) ^ ((x)>>6)) |
| 397 | 434 |
| 398 #define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) | 435 #define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) |
| 399 #define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) | 436 #define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) |
| 400 | 437 |
| 401 #if defined(OPENSSL_IA32_SSE2) && !defined(OPENSSL_NO_ASM) && !defined(I386_ONLY
) | 438 |
| 402 #define»GO_FOR_SSE2(ctx,in,num)»» do {» » \ | 439 #if defined(__i386) || defined(__i386__) || defined(_M_IX86) |
| 403 » void» sha512_block_sse2(void *,const void *,size_t);» \ | 440 /* |
| 404 » if (!(OPENSSL_ia32cap_P & (1<<26))) break;» \ | 441 * This code should give better results on 32-bit CPU with less than |
| 405 » sha512_block_sse2(ctx->h,in,num); return;» \ | 442 * ~24 registers, both size and performance wise... |
| 406 » » » » » } while (0) | 443 */ |
| 444 static void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num
) |
| 445 » { |
| 446 » const SHA_LONG64 *W=in; |
| 447 » SHA_LONG64» A,E,T; |
| 448 » SHA_LONG64» X[9+80],*F; |
| 449 » int i; |
| 450 |
| 451 » » » while (num--) { |
| 452 |
| 453 » F = X+80; |
| 454 » A = ctx->h[0];» F[1] = ctx->h[1]; |
| 455 » F[2] = ctx->h[2];» F[3] = ctx->h[3]; |
| 456 » E = ctx->h[4];» F[5] = ctx->h[5]; |
| 457 » F[6] = ctx->h[6];» F[7] = ctx->h[7]; |
| 458 |
| 459 » for (i=0;i<16;i++,F--) |
| 460 » » { |
| 461 #ifdef B_ENDIAN |
| 462 » » T = W[i]; |
| 463 #else |
| 464 » » T = PULL64(W[i]); |
| 407 #endif | 465 #endif |
| 466 F[0] = A; |
| 467 F[4] = E; |
| 468 F[8] = T; |
| 469 T += F[7] + Sigma1(E) + Ch(E,F[5],F[6]) + K512[i]; |
| 470 E = F[3] + T; |
| 471 A = T + Sigma0(A) + Maj(A,F[1],F[2]); |
| 472 } |
| 408 | 473 |
| 409 #ifdef OPENSSL_SMALL_FOOTPRINT | 474 » for (;i<80;i++,F--) |
| 475 » » { |
| 476 » » T = sigma0(F[8+16-1]); |
| 477 » » T += sigma1(F[8+16-14]); |
| 478 » » T += F[8+16] + F[8+16-9]; |
| 479 |
| 480 » » F[0] = A; |
| 481 » » F[4] = E; |
| 482 » » F[8] = T; |
| 483 » » T += F[7] + Sigma1(E) + Ch(E,F[5],F[6]) + K512[i]; |
| 484 » » E = F[3] + T; |
| 485 » » A = T + Sigma0(A) + Maj(A,F[1],F[2]); |
| 486 » » } |
| 487 |
| 488 » ctx->h[0] += A;»» ctx->h[1] += F[1]; |
| 489 » ctx->h[2] += F[2];» ctx->h[3] += F[3]; |
| 490 » ctx->h[4] += E;»» ctx->h[5] += F[5]; |
| 491 » ctx->h[6] += F[6];» ctx->h[7] += F[7]; |
| 492 |
| 493 » » » W+=SHA_LBLOCK; |
| 494 » » » } |
| 495 » } |
| 496 |
| 497 #elif defined(OPENSSL_SMALL_FOOTPRINT) |
| 410 | 498 |
| 411 static void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num
) | 499 static void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num
) |
| 412 { | 500 { |
| 413 const SHA_LONG64 *W=in; | 501 const SHA_LONG64 *W=in; |
| 414 SHA_LONG64 a,b,c,d,e,f,g,h,s0,s1,T1,T2; | 502 SHA_LONG64 a,b,c,d,e,f,g,h,s0,s1,T1,T2; |
| 415 SHA_LONG64 X[16]; | 503 SHA_LONG64 X[16]; |
| 416 int i; | 504 int i; |
| 417 | 505 |
| 418 #ifdef GO_FOR_SSE2 | |
| 419 GO_FOR_SSE2(ctx,in,num); | |
| 420 #endif | |
| 421 | |
| 422 while (num--) { | 506 while (num--) { |
| 423 | 507 |
| 424 a = ctx->h[0]; b = ctx->h[1]; c = ctx->h[2]; d = ctx->h[3]; | 508 a = ctx->h[0]; b = ctx->h[1]; c = ctx->h[2]; d = ctx->h[3]; |
| 425 e = ctx->h[4]; f = ctx->h[5]; g = ctx->h[6]; h = ctx->h[7]; | 509 e = ctx->h[4]; f = ctx->h[5]; g = ctx->h[6]; h = ctx->h[7]; |
| 426 | 510 |
| 427 for (i=0;i<16;i++) | 511 for (i=0;i<16;i++) |
| 428 { | 512 { |
| 429 #ifdef B_ENDIAN | 513 #ifdef B_ENDIAN |
| 430 T1 = X[i] = W[i]; | 514 T1 = X[i] = W[i]; |
| 431 #else | 515 #else |
| (...skipping 24 matching lines...) Expand all Loading... |
| 456 } | 540 } |
| 457 } | 541 } |
| 458 | 542 |
| 459 #else | 543 #else |
| 460 | 544 |
| 461 #define ROUND_00_15(i,a,b,c,d,e,f,g,h) do { \ | 545 #define ROUND_00_15(i,a,b,c,d,e,f,g,h) do { \ |
| 462 T1 += h + Sigma1(e) + Ch(e,f,g) + K512[i]; \ | 546 T1 += h + Sigma1(e) + Ch(e,f,g) + K512[i]; \ |
| 463 h = Sigma0(a) + Maj(a,b,c); \ | 547 h = Sigma0(a) + Maj(a,b,c); \ |
| 464 d += T1; h += T1; } while (0) | 548 d += T1; h += T1; } while (0) |
| 465 | 549 |
| 466 #define»ROUND_16_80(i,a,b,c,d,e,f,g,h,X)» do {» \ | 550 #define»ROUND_16_80(i,j,a,b,c,d,e,f,g,h,X)» do {» \ |
| 467 » s0 = X[(i+1)&0x0f];» s0 = sigma0(s0);» \ | 551 » s0 = X[(j+1)&0x0f];» s0 = sigma0(s0);» \ |
| 468 » s1 = X[(i+14)&0x0f];» s1 = sigma1(s1);» \ | 552 » s1 = X[(j+14)&0x0f];» s1 = sigma1(s1);» \ |
| 469 » T1 = X[(i)&0x0f] += s0 + s1 + X[(i+9)&0x0f];» \ | 553 » T1 = X[(j)&0x0f] += s0 + s1 + X[(j+9)&0x0f];» \ |
| 470 » ROUND_00_15(i,a,b,c,d,e,f,g,h);»» } while (0) | 554 » ROUND_00_15(i+j,a,b,c,d,e,f,g,h);» » } while (0) |
| 471 | 555 |
| 472 static void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num
) | 556 static void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num
) |
| 473 { | 557 { |
| 474 const SHA_LONG64 *W=in; | 558 const SHA_LONG64 *W=in; |
| 475 SHA_LONG64 a,b,c,d,e,f,g,h,s0,s1,T1; | 559 SHA_LONG64 a,b,c,d,e,f,g,h,s0,s1,T1; |
| 476 SHA_LONG64 X[16]; | 560 SHA_LONG64 X[16]; |
| 477 int i; | 561 int i; |
| 478 | 562 |
| 479 #ifdef GO_FOR_SSE2 | |
| 480 GO_FOR_SSE2(ctx,in,num); | |
| 481 #endif | |
| 482 | |
| 483 while (num--) { | 563 while (num--) { |
| 484 | 564 |
| 485 a = ctx->h[0]; b = ctx->h[1]; c = ctx->h[2]; d = ctx->h[3]; | 565 a = ctx->h[0]; b = ctx->h[1]; c = ctx->h[2]; d = ctx->h[3]; |
| 486 e = ctx->h[4]; f = ctx->h[5]; g = ctx->h[6]; h = ctx->h[7]; | 566 e = ctx->h[4]; f = ctx->h[5]; g = ctx->h[6]; h = ctx->h[7]; |
| 487 | 567 |
| 488 #ifdef B_ENDIAN | 568 #ifdef B_ENDIAN |
| 489 T1 = X[0] = W[0]; ROUND_00_15(0,a,b,c,d,e,f,g,h); | 569 T1 = X[0] = W[0]; ROUND_00_15(0,a,b,c,d,e,f,g,h); |
| 490 T1 = X[1] = W[1]; ROUND_00_15(1,h,a,b,c,d,e,f,g); | 570 T1 = X[1] = W[1]; ROUND_00_15(1,h,a,b,c,d,e,f,g); |
| 491 T1 = X[2] = W[2]; ROUND_00_15(2,g,h,a,b,c,d,e,f); | 571 T1 = X[2] = W[2]; ROUND_00_15(2,g,h,a,b,c,d,e,f); |
| 492 T1 = X[3] = W[3]; ROUND_00_15(3,f,g,h,a,b,c,d,e); | 572 T1 = X[3] = W[3]; ROUND_00_15(3,f,g,h,a,b,c,d,e); |
| (...skipping 21 matching lines...) Expand all Loading... |
| 514 T1 = X[8] = PULL64(W[8]); ROUND_00_15(8,a,b,c,d,e,f,g,h); | 594 T1 = X[8] = PULL64(W[8]); ROUND_00_15(8,a,b,c,d,e,f,g,h); |
| 515 T1 = X[9] = PULL64(W[9]); ROUND_00_15(9,h,a,b,c,d,e,f,g); | 595 T1 = X[9] = PULL64(W[9]); ROUND_00_15(9,h,a,b,c,d,e,f,g); |
| 516 T1 = X[10] = PULL64(W[10]); ROUND_00_15(10,g,h,a,b,c,d,e,f); | 596 T1 = X[10] = PULL64(W[10]); ROUND_00_15(10,g,h,a,b,c,d,e,f); |
| 517 T1 = X[11] = PULL64(W[11]); ROUND_00_15(11,f,g,h,a,b,c,d,e); | 597 T1 = X[11] = PULL64(W[11]); ROUND_00_15(11,f,g,h,a,b,c,d,e); |
| 518 T1 = X[12] = PULL64(W[12]); ROUND_00_15(12,e,f,g,h,a,b,c,d); | 598 T1 = X[12] = PULL64(W[12]); ROUND_00_15(12,e,f,g,h,a,b,c,d); |
| 519 T1 = X[13] = PULL64(W[13]); ROUND_00_15(13,d,e,f,g,h,a,b,c); | 599 T1 = X[13] = PULL64(W[13]); ROUND_00_15(13,d,e,f,g,h,a,b,c); |
| 520 T1 = X[14] = PULL64(W[14]); ROUND_00_15(14,c,d,e,f,g,h,a,b); | 600 T1 = X[14] = PULL64(W[14]); ROUND_00_15(14,c,d,e,f,g,h,a,b); |
| 521 T1 = X[15] = PULL64(W[15]); ROUND_00_15(15,b,c,d,e,f,g,h,a); | 601 T1 = X[15] = PULL64(W[15]); ROUND_00_15(15,b,c,d,e,f,g,h,a); |
| 522 #endif | 602 #endif |
| 523 | 603 |
| 524 » for (i=16;i<80;i+=8) | 604 » for (i=16;i<80;i+=16) |
| 525 { | 605 { |
| 526 » » ROUND_16_80(i+0,a,b,c,d,e,f,g,h,X); | 606 » » ROUND_16_80(i, 0,a,b,c,d,e,f,g,h,X); |
| 527 » » ROUND_16_80(i+1,h,a,b,c,d,e,f,g,X); | 607 » » ROUND_16_80(i, 1,h,a,b,c,d,e,f,g,X); |
| 528 » » ROUND_16_80(i+2,g,h,a,b,c,d,e,f,X); | 608 » » ROUND_16_80(i, 2,g,h,a,b,c,d,e,f,X); |
| 529 » » ROUND_16_80(i+3,f,g,h,a,b,c,d,e,X); | 609 » » ROUND_16_80(i, 3,f,g,h,a,b,c,d,e,X); |
| 530 » » ROUND_16_80(i+4,e,f,g,h,a,b,c,d,X); | 610 » » ROUND_16_80(i, 4,e,f,g,h,a,b,c,d,X); |
| 531 » » ROUND_16_80(i+5,d,e,f,g,h,a,b,c,X); | 611 » » ROUND_16_80(i, 5,d,e,f,g,h,a,b,c,X); |
| 532 » » ROUND_16_80(i+6,c,d,e,f,g,h,a,b,X); | 612 » » ROUND_16_80(i, 6,c,d,e,f,g,h,a,b,X); |
| 533 » » ROUND_16_80(i+7,b,c,d,e,f,g,h,a,X); | 613 » » ROUND_16_80(i, 7,b,c,d,e,f,g,h,a,X); |
| 614 » » ROUND_16_80(i, 8,a,b,c,d,e,f,g,h,X); |
| 615 » » ROUND_16_80(i, 9,h,a,b,c,d,e,f,g,X); |
| 616 » » ROUND_16_80(i,10,g,h,a,b,c,d,e,f,X); |
| 617 » » ROUND_16_80(i,11,f,g,h,a,b,c,d,e,X); |
| 618 » » ROUND_16_80(i,12,e,f,g,h,a,b,c,d,X); |
| 619 » » ROUND_16_80(i,13,d,e,f,g,h,a,b,c,X); |
| 620 » » ROUND_16_80(i,14,c,d,e,f,g,h,a,b,X); |
| 621 » » ROUND_16_80(i,15,b,c,d,e,f,g,h,a,X); |
| 534 } | 622 } |
| 535 | 623 |
| 536 ctx->h[0] += a; ctx->h[1] += b; ctx->h[2] += c; ctx->h[3] += d; | 624 ctx->h[0] += a; ctx->h[1] += b; ctx->h[2] += c; ctx->h[3] += d; |
| 537 ctx->h[4] += e; ctx->h[5] += f; ctx->h[6] += g; ctx->h[7] += h; | 625 ctx->h[4] += e; ctx->h[5] += f; ctx->h[6] += g; ctx->h[7] += h; |
| 538 | 626 |
| 539 W+=SHA_LBLOCK; | 627 W+=SHA_LBLOCK; |
| 540 } | 628 } |
| 541 } | 629 } |
| 542 | 630 |
| 543 #endif | 631 #endif |
| 544 | 632 |
| 545 #endif /* SHA512_ASM */ | 633 #endif /* SHA512_ASM */ |
| 546 | 634 |
| 547 #else /* OPENSSL_NO_SHA512 */ | 635 #else /* !OPENSSL_NO_SHA512 */ |
| 548 | 636 |
| 549 /* Sensitive compilers ("Compaq C V6.4-005 on OpenVMS VAX V7.3", for | 637 #if defined(PEDANTIC) || defined(__DECC) || defined(OPENSSL_SYS_MACOSX) |
| 550 * example) dislike a statement-free file, complaining: | 638 static void *dummy=&dummy; |
| 551 * "%CC-W-EMPTYFILE, Source file does not contain any declarations." | 639 #endif |
| 552 */ | |
| 553 | 640 |
| 554 int sha512_dummy(); | 641 #endif /* !OPENSSL_NO_SHA512 */ |
| 555 | |
| 556 #endif /* OPENSSL_NO_SHA512 */ | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 9254031:
Upgrade chrome's OpenSSL to same version Android ships with. (Closed)
Base URL: http://src.chromium.org/svn/trunk/deps/third_party/openssl/