OLD | NEW |
1 /* crypto/sha/sha512.c */ | 1 /* crypto/sha/sha512.c */ |
2 /* ==================================================================== | 2 /* ==================================================================== |
3 * Copyright (c) 2004 The OpenSSL Project. All rights reserved | 3 * Copyright (c) 2004 The OpenSSL Project. All rights reserved |
4 * according to the OpenSSL license [found in ../../LICENSE]. | 4 * according to the OpenSSL license [found in ../../LICENSE]. |
5 * ==================================================================== | 5 * ==================================================================== |
6 */ | 6 */ |
7 #include <openssl/opensslconf.h> | 7 #include <openssl/opensslconf.h> |
8 #ifdef OPENSSL_FIPS | |
9 #include <openssl/fips.h> | |
10 #endif | |
11 | |
12 #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA512) | 8 #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA512) |
13 /* | 9 /* |
14 * IMPLEMENTATION NOTES. | 10 * IMPLEMENTATION NOTES. |
15 * | 11 * |
16 * As you might have noticed 32-bit hash algorithms: | 12 * As you might have noticed 32-bit hash algorithms: |
17 * | 13 * |
18 * - permit SHA_LONG to be wider than 32-bit (case on CRAY); | 14 * - permit SHA_LONG to be wider than 32-bit (case on CRAY); |
19 * - optimized versions implement two transform functions: one operating | 15 * - optimized versions implement two transform functions: one operating |
20 * on [aligned] data in host byte order and one - on data in input | 16 * on [aligned] data in host byte order and one - on data in input |
21 * stream byte order; | 17 * stream byte order; |
(...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
58 | 54 |
59 #if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ | 55 #if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ |
60 defined(__x86_64) || defined(_M_AMD64) || defined(_M_X64) || \ | 56 defined(__x86_64) || defined(_M_AMD64) || defined(_M_X64) || \ |
61 defined(__s390__) || defined(__s390x__) || \ | 57 defined(__s390__) || defined(__s390x__) || \ |
62 defined(SHA512_ASM) | 58 defined(SHA512_ASM) |
63 #define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA | 59 #define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA |
64 #endif | 60 #endif |
65 | 61 |
66 int SHA384_Init (SHA512_CTX *c) | 62 int SHA384_Init (SHA512_CTX *c) |
67 { | 63 { |
68 #ifdef OPENSSL_FIPS | 64 #if defined(SHA512_ASM) && (defined(__arm__) || defined(__arm)) |
69 » FIPS_selftest_check(); | 65 » /* maintain dword order required by assembler module */ |
70 #endif | 66 » unsigned int *h = (unsigned int *)c->h; |
| 67 |
| 68 » h[0] = 0xcbbb9d5d; h[1] = 0xc1059ed8; |
| 69 » h[2] = 0x629a292a; h[3] = 0x367cd507; |
| 70 » h[4] = 0x9159015a; h[5] = 0x3070dd17; |
| 71 » h[6] = 0x152fecd8; h[7] = 0xf70e5939; |
| 72 » h[8] = 0x67332667; h[9] = 0xffc00b31; |
| 73 » h[10] = 0x8eb44a87; h[11] = 0x68581511; |
| 74 » h[12] = 0xdb0c2e0d; h[13] = 0x64f98fa7; |
| 75 » h[14] = 0x47b5481d; h[15] = 0xbefa4fa4; |
| 76 #else |
71 c->h[0]=U64(0xcbbb9d5dc1059ed8); | 77 c->h[0]=U64(0xcbbb9d5dc1059ed8); |
72 c->h[1]=U64(0x629a292a367cd507); | 78 c->h[1]=U64(0x629a292a367cd507); |
73 c->h[2]=U64(0x9159015a3070dd17); | 79 c->h[2]=U64(0x9159015a3070dd17); |
74 c->h[3]=U64(0x152fecd8f70e5939); | 80 c->h[3]=U64(0x152fecd8f70e5939); |
75 c->h[4]=U64(0x67332667ffc00b31); | 81 c->h[4]=U64(0x67332667ffc00b31); |
76 c->h[5]=U64(0x8eb44a8768581511); | 82 c->h[5]=U64(0x8eb44a8768581511); |
77 c->h[6]=U64(0xdb0c2e0d64f98fa7); | 83 c->h[6]=U64(0xdb0c2e0d64f98fa7); |
78 c->h[7]=U64(0x47b5481dbefa4fa4); | 84 c->h[7]=U64(0x47b5481dbefa4fa4); |
| 85 #endif |
79 c->Nl=0; c->Nh=0; | 86 c->Nl=0; c->Nh=0; |
80 c->num=0; c->md_len=SHA384_DIGEST_LENGTH; | 87 c->num=0; c->md_len=SHA384_DIGEST_LENGTH; |
81 return 1; | 88 return 1; |
82 } | 89 } |
83 | 90 |
84 int SHA512_Init (SHA512_CTX *c) | 91 int SHA512_Init (SHA512_CTX *c) |
85 { | 92 { |
86 #ifdef OPENSSL_FIPS | 93 #if defined(SHA512_ASM) && (defined(__arm__) || defined(__arm)) |
87 » FIPS_selftest_check(); | 94 » /* maintain dword order required by assembler module */ |
88 #endif | 95 » unsigned int *h = (unsigned int *)c->h; |
| 96 |
| 97 » h[0] = 0x6a09e667; h[1] = 0xf3bcc908; |
| 98 » h[2] = 0xbb67ae85; h[3] = 0x84caa73b; |
| 99 » h[4] = 0x3c6ef372; h[5] = 0xfe94f82b; |
| 100 » h[6] = 0xa54ff53a; h[7] = 0x5f1d36f1; |
| 101 » h[8] = 0x510e527f; h[9] = 0xade682d1; |
| 102 » h[10] = 0x9b05688c; h[11] = 0x2b3e6c1f; |
| 103 » h[12] = 0x1f83d9ab; h[13] = 0xfb41bd6b; |
| 104 » h[14] = 0x5be0cd19; h[15] = 0x137e2179; |
| 105 #else |
89 c->h[0]=U64(0x6a09e667f3bcc908); | 106 c->h[0]=U64(0x6a09e667f3bcc908); |
90 c->h[1]=U64(0xbb67ae8584caa73b); | 107 c->h[1]=U64(0xbb67ae8584caa73b); |
91 c->h[2]=U64(0x3c6ef372fe94f82b); | 108 c->h[2]=U64(0x3c6ef372fe94f82b); |
92 c->h[3]=U64(0xa54ff53a5f1d36f1); | 109 c->h[3]=U64(0xa54ff53a5f1d36f1); |
93 c->h[4]=U64(0x510e527fade682d1); | 110 c->h[4]=U64(0x510e527fade682d1); |
94 c->h[5]=U64(0x9b05688c2b3e6c1f); | 111 c->h[5]=U64(0x9b05688c2b3e6c1f); |
95 c->h[6]=U64(0x1f83d9abfb41bd6b); | 112 c->h[6]=U64(0x1f83d9abfb41bd6b); |
96 c->h[7]=U64(0x5be0cd19137e2179); | 113 c->h[7]=U64(0x5be0cd19137e2179); |
| 114 #endif |
97 c->Nl=0; c->Nh=0; | 115 c->Nl=0; c->Nh=0; |
98 c->num=0; c->md_len=SHA512_DIGEST_LENGTH; | 116 c->num=0; c->md_len=SHA512_DIGEST_LENGTH; |
99 return 1; | 117 return 1; |
100 } | 118 } |
101 | 119 |
102 #ifndef SHA512_ASM | 120 #ifndef SHA512_ASM |
103 static | 121 static |
104 #endif | 122 #endif |
105 void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num); | 123 void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num); |
106 | 124 |
(...skipping 28 matching lines...) Expand all Loading... |
135 p[sizeof(c->u)-13] = (unsigned char)(c->Nh>>32); | 153 p[sizeof(c->u)-13] = (unsigned char)(c->Nh>>32); |
136 p[sizeof(c->u)-14] = (unsigned char)(c->Nh>>40); | 154 p[sizeof(c->u)-14] = (unsigned char)(c->Nh>>40); |
137 p[sizeof(c->u)-15] = (unsigned char)(c->Nh>>48); | 155 p[sizeof(c->u)-15] = (unsigned char)(c->Nh>>48); |
138 p[sizeof(c->u)-16] = (unsigned char)(c->Nh>>56); | 156 p[sizeof(c->u)-16] = (unsigned char)(c->Nh>>56); |
139 #endif | 157 #endif |
140 | 158 |
141 sha512_block_data_order (c,p,1); | 159 sha512_block_data_order (c,p,1); |
142 | 160 |
143 if (md==0) return 0; | 161 if (md==0) return 0; |
144 | 162 |
| 163 #if defined(SHA512_ASM) && (defined(__arm__) || defined(__arm)) |
| 164 /* recall assembler dword order... */ |
| 165 n = c->md_len; |
| 166 if (n == SHA384_DIGEST_LENGTH || n == SHA512_DIGEST_LENGTH) |
| 167 { |
| 168 unsigned int *h = (unsigned int *)c->h, t; |
| 169 |
| 170 for (n/=4;n;n--) |
| 171 { |
| 172 t = *(h++); |
| 173 *(md++) = (unsigned char)(t>>24); |
| 174 *(md++) = (unsigned char)(t>>16); |
| 175 *(md++) = (unsigned char)(t>>8); |
| 176 *(md++) = (unsigned char)(t); |
| 177 } |
| 178 } |
| 179 else return 0; |
| 180 #else |
145 switch (c->md_len) | 181 switch (c->md_len) |
146 { | 182 { |
147 /* Let compiler decide if it's appropriate to unroll... */ | 183 /* Let compiler decide if it's appropriate to unroll... */ |
148 case SHA384_DIGEST_LENGTH: | 184 case SHA384_DIGEST_LENGTH: |
149 for (n=0;n<SHA384_DIGEST_LENGTH/8;n++) | 185 for (n=0;n<SHA384_DIGEST_LENGTH/8;n++) |
150 { | 186 { |
151 SHA_LONG64 t = c->h[n]; | 187 SHA_LONG64 t = c->h[n]; |
152 | 188 |
153 *(md++) = (unsigned char)(t>>56); | 189 *(md++) = (unsigned char)(t>>56); |
154 *(md++) = (unsigned char)(t>>48); | 190 *(md++) = (unsigned char)(t>>48); |
(...skipping 16 matching lines...) Expand all Loading... |
171 *(md++) = (unsigned char)(t>>32); | 207 *(md++) = (unsigned char)(t>>32); |
172 *(md++) = (unsigned char)(t>>24); | 208 *(md++) = (unsigned char)(t>>24); |
173 *(md++) = (unsigned char)(t>>16); | 209 *(md++) = (unsigned char)(t>>16); |
174 *(md++) = (unsigned char)(t>>8); | 210 *(md++) = (unsigned char)(t>>8); |
175 *(md++) = (unsigned char)(t); | 211 *(md++) = (unsigned char)(t); |
176 } | 212 } |
177 break; | 213 break; |
178 /* ... as well as make sure md_len is not abused. */ | 214 /* ... as well as make sure md_len is not abused. */ |
179 default: return 0; | 215 default: return 0; |
180 } | 216 } |
181 | 217 #endif |
182 return 1; | 218 return 1; |
183 } | 219 } |
184 | 220 |
185 int SHA384_Final (unsigned char *md,SHA512_CTX *c) | 221 int SHA384_Final (unsigned char *md,SHA512_CTX *c) |
186 { return SHA512_Final (md,c); } | 222 { return SHA512_Final (md,c); } |
187 | 223 |
188 int SHA512_Update (SHA512_CTX *c, const void *_data, size_t len) | 224 int SHA512_Update (SHA512_CTX *c, const void *_data, size_t len) |
189 { | 225 { |
190 SHA_LONG64 l; | 226 SHA_LONG64 l; |
191 unsigned char *p=c->u.p; | 227 unsigned char *p=c->u.p; |
192 const unsigned char *data=(const unsigned char *)_data; | 228 const unsigned char *data=(const unsigned char *)_data; |
193 | 229 |
194 if (len==0) return 1; | 230 if (len==0) return 1; |
195 | 231 |
196 l = (c->Nl+(((SHA_LONG64)len)<<3))&U64(0xffffffffffffffff); | 232 l = (c->Nl+(((SHA_LONG64)len)<<3))&U64(0xffffffffffffffff); |
197 if (l < c->Nl) c->Nh++; | 233 if (l < c->Nl) c->Nh++; |
198 if (sizeof(len)>=8) c->Nh+=(((SHA_LONG64)len)>>61); | 234 if (sizeof(len)>=8) c->Nh+=(((SHA_LONG64)len)>>61); |
199 c->Nl=l; | 235 c->Nl=l; |
200 | 236 |
201 if (c->num != 0) | 237 if (c->num != 0) |
202 { | 238 { |
203 size_t n = sizeof(c->u) - c->num; | 239 size_t n = sizeof(c->u) - c->num; |
204 | 240 |
205 if (len < n) | 241 if (len < n) |
206 { | 242 { |
207 » » » memcpy (p+c->num,data,len), c->num += len; | 243 » » » memcpy (p+c->num,data,len), c->num += (unsigned int)len; |
208 return 1; | 244 return 1; |
209 } | 245 } |
210 else { | 246 else { |
211 memcpy (p+c->num,data,n), c->num = 0; | 247 memcpy (p+c->num,data,n), c->num = 0; |
212 len-=n, data+=n; | 248 len-=n, data+=n; |
213 sha512_block_data_order (c,p,1); | 249 sha512_block_data_order (c,p,1); |
214 } | 250 } |
215 } | 251 } |
216 | 252 |
217 if (len >= sizeof(c->u)) | 253 if (len >= sizeof(c->u)) |
(...skipping 89 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
307 U64(0x06f067aa72176fba),U64(0x0a637dc5a2c898a6), | 343 U64(0x06f067aa72176fba),U64(0x0a637dc5a2c898a6), |
308 U64(0x113f9804bef90dae),U64(0x1b710b35131c471b), | 344 U64(0x113f9804bef90dae),U64(0x1b710b35131c471b), |
309 U64(0x28db77f523047d84),U64(0x32caab7b40c72493), | 345 U64(0x28db77f523047d84),U64(0x32caab7b40c72493), |
310 U64(0x3c9ebe0a15c9bebc),U64(0x431d67c49c100d4c), | 346 U64(0x3c9ebe0a15c9bebc),U64(0x431d67c49c100d4c), |
311 U64(0x4cc5d4becb3e42b6),U64(0x597f299cfc657e2a), | 347 U64(0x4cc5d4becb3e42b6),U64(0x597f299cfc657e2a), |
312 U64(0x5fcb6fab3ad6faec),U64(0x6c44198c4a475817) }; | 348 U64(0x5fcb6fab3ad6faec),U64(0x6c44198c4a475817) }; |
313 | 349 |
314 #ifndef PEDANTIC | 350 #ifndef PEDANTIC |
315 # if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OP
ENSSL_NO_INLINE_ASM) | 351 # if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OP
ENSSL_NO_INLINE_ASM) |
316 # if defined(__x86_64) || defined(__x86_64__) | 352 # if defined(__x86_64) || defined(__x86_64__) |
317 # define ROTR(a,n)» ({ unsigned long ret;» » \ | 353 # define ROTR(a,n)» ({ SHA_LONG64 ret;» » \ |
318 asm ("rorq %1,%0" \ | 354 asm ("rorq %1,%0" \ |
319 : "=r"(ret) \ | 355 : "=r"(ret) \ |
320 : "J"(n),"0"(a) \ | 356 : "J"(n),"0"(a) \ |
321 : "cc"); ret; }) | 357 : "cc"); ret; }) |
322 # if !defined(B_ENDIAN) | 358 # if !defined(B_ENDIAN) |
323 # define PULL64(x) ({ SHA_LONG64 ret=*((const SHA_LONG64 *)(&(x))); \ | 359 # define PULL64(x) ({ SHA_LONG64 ret=*((const SHA_LONG64 *)(&(x))); \ |
324 asm ("bswapq %0" \ | 360 asm ("bswapq %0" \ |
325 : "=r"(ret) \ | 361 : "=r"(ret) \ |
326 : "0"(ret)); ret; }) | 362 : "0"(ret)); ret; }) |
327 # endif | 363 # endif |
328 # elif (defined(__i386) || defined(__i386__)) && !defined(B_ENDIAN) | 364 # elif (defined(__i386) || defined(__i386__)) && !defined(B_ENDIAN) |
329 # if defined(I386_ONLY) | 365 # if defined(I386_ONLY) |
330 # define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\ | 366 # define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\ |
331 unsigned int hi=p[0],lo=p[1]; \ | 367 unsigned int hi=p[0],lo=p[1]; \ |
332 asm("xchgb %%ah,%%al;xchgb %%dh,%%dl;"\ | 368 asm("xchgb %%ah,%%al;xchgb %%dh,%%dl;"\ |
333 "roll $16,%%eax; roll $16,%%edx; "\ | 369 "roll $16,%%eax; roll $16,%%edx; "\ |
334 "xchgb %%ah,%%al;xchgb %%dh,%%dl;" \ | 370 "xchgb %%ah,%%al;xchgb %%dh,%%dl;" \ |
335 : "=a"(lo),"=d"(hi) \ | 371 : "=a"(lo),"=d"(hi) \ |
336 : "0"(lo),"1"(hi) : "cc"); \ | 372 : "0"(lo),"1"(hi) : "cc"); \ |
337 ((SHA_LONG64)hi)<<32|lo; }) | 373 ((SHA_LONG64)hi)<<32|lo; }) |
338 # else | 374 # else |
339 # define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\ | 375 # define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\ |
340 » » » unsigned int hi=p[0],lo=p[1];» » » \ | 376 » » » unsigned int hi=p[0],lo=p[1];» » \ |
341 asm ("bswapl %0; bswapl %1;" \ | 377 asm ("bswapl %0; bswapl %1;" \ |
342 : "=r"(lo),"=r"(hi) \ | 378 : "=r"(lo),"=r"(hi) \ |
343 : "0"(lo),"1"(hi)); \ | 379 : "0"(lo),"1"(hi)); \ |
344 ((SHA_LONG64)hi)<<32|lo; }) | 380 ((SHA_LONG64)hi)<<32|lo; }) |
345 # endif | 381 # endif |
346 # elif (defined(_ARCH_PPC) && defined(__64BIT__)) || defined(_ARCH_PPC64) | 382 # elif (defined(_ARCH_PPC) && defined(__64BIT__)) || defined(_ARCH_PPC64) |
347 # define ROTR(a,n)» ({ unsigned long ret;» » \ | 383 # define ROTR(a,n)» ({ SHA_LONG64 ret;» » \ |
348 asm ("rotrdi %0,%1,%2" \ | 384 asm ("rotrdi %0,%1,%2" \ |
349 : "=r"(ret) \ | 385 : "=r"(ret) \ |
350 : "r"(a),"K"(n)); ret; }) | 386 : "r"(a),"K"(n)); ret; }) |
351 # endif | 387 # endif |
352 # elif defined(_MSC_VER) | 388 # elif defined(_MSC_VER) |
353 # if defined(_WIN64) /* applies to both IA-64 and AMD64 */ | 389 # if defined(_WIN64) /* applies to both IA-64 and AMD64 */ |
| 390 # pragma intrinsic(_rotr64) |
354 # define ROTR(a,n) _rotr64((a),n) | 391 # define ROTR(a,n) _rotr64((a),n) |
355 # endif | 392 # endif |
356 # if defined(_M_IX86) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE
_ASM) | 393 # if defined(_M_IX86) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE
_ASM) |
357 # if defined(I386_ONLY) | 394 # if defined(I386_ONLY) |
358 static SHA_LONG64 __fastcall __pull64be(const void *x) | 395 static SHA_LONG64 __fastcall __pull64be(const void *x) |
359 { _asm mov edx, [ecx + 0] | 396 { _asm mov edx, [ecx + 0] |
360 _asm mov eax, [ecx + 4] | 397 _asm mov eax, [ecx + 4] |
361 _asm xchg dh,dl | 398 _asm xchg dh,dl |
362 _asm xchg ah,al | 399 _asm xchg ah,al |
363 _asm rol edx,16 | 400 _asm rol edx,16 |
(...skipping 27 matching lines...) Expand all Loading... |
391 #endif | 428 #endif |
392 | 429 |
393 #define Sigma0(x) (ROTR((x),28) ^ ROTR((x),34) ^ ROTR((x),39)) | 430 #define Sigma0(x) (ROTR((x),28) ^ ROTR((x),34) ^ ROTR((x),39)) |
394 #define Sigma1(x) (ROTR((x),14) ^ ROTR((x),18) ^ ROTR((x),41)) | 431 #define Sigma1(x) (ROTR((x),14) ^ ROTR((x),18) ^ ROTR((x),41)) |
395 #define sigma0(x) (ROTR((x),1) ^ ROTR((x),8) ^ ((x)>>7)) | 432 #define sigma0(x) (ROTR((x),1) ^ ROTR((x),8) ^ ((x)>>7)) |
396 #define sigma1(x) (ROTR((x),19) ^ ROTR((x),61) ^ ((x)>>6)) | 433 #define sigma1(x) (ROTR((x),19) ^ ROTR((x),61) ^ ((x)>>6)) |
397 | 434 |
398 #define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) | 435 #define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) |
399 #define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) | 436 #define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) |
400 | 437 |
401 #if defined(OPENSSL_IA32_SSE2) && !defined(OPENSSL_NO_ASM) && !defined(I386_ONLY
) | 438 |
402 #define»GO_FOR_SSE2(ctx,in,num)»» do {» » \ | 439 #if defined(__i386) || defined(__i386__) || defined(_M_IX86) |
403 » void» sha512_block_sse2(void *,const void *,size_t);» \ | 440 /* |
404 » if (!(OPENSSL_ia32cap_P & (1<<26))) break;» \ | 441 * This code should give better results on 32-bit CPU with less than |
405 » sha512_block_sse2(ctx->h,in,num); return;» \ | 442 * ~24 registers, both size and performance wise... |
406 » » » » » } while (0) | 443 */ |
| 444 static void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num
) |
| 445 » { |
| 446 » const SHA_LONG64 *W=in; |
| 447 » SHA_LONG64» A,E,T; |
| 448 » SHA_LONG64» X[9+80],*F; |
| 449 » int i; |
| 450 |
| 451 » » » while (num--) { |
| 452 |
| 453 » F = X+80; |
| 454 » A = ctx->h[0];» F[1] = ctx->h[1]; |
| 455 » F[2] = ctx->h[2];» F[3] = ctx->h[3]; |
| 456 » E = ctx->h[4];» F[5] = ctx->h[5]; |
| 457 » F[6] = ctx->h[6];» F[7] = ctx->h[7]; |
| 458 |
| 459 » for (i=0;i<16;i++,F--) |
| 460 » » { |
| 461 #ifdef B_ENDIAN |
| 462 » » T = W[i]; |
| 463 #else |
| 464 » » T = PULL64(W[i]); |
407 #endif | 465 #endif |
| 466 F[0] = A; |
| 467 F[4] = E; |
| 468 F[8] = T; |
| 469 T += F[7] + Sigma1(E) + Ch(E,F[5],F[6]) + K512[i]; |
| 470 E = F[3] + T; |
| 471 A = T + Sigma0(A) + Maj(A,F[1],F[2]); |
| 472 } |
408 | 473 |
409 #ifdef OPENSSL_SMALL_FOOTPRINT | 474 » for (;i<80;i++,F--) |
| 475 » » { |
| 476 » » T = sigma0(F[8+16-1]); |
| 477 » » T += sigma1(F[8+16-14]); |
| 478 » » T += F[8+16] + F[8+16-9]; |
| 479 |
| 480 » » F[0] = A; |
| 481 » » F[4] = E; |
| 482 » » F[8] = T; |
| 483 » » T += F[7] + Sigma1(E) + Ch(E,F[5],F[6]) + K512[i]; |
| 484 » » E = F[3] + T; |
| 485 » » A = T + Sigma0(A) + Maj(A,F[1],F[2]); |
| 486 » » } |
| 487 |
| 488 » ctx->h[0] += A;»» ctx->h[1] += F[1]; |
| 489 » ctx->h[2] += F[2];» ctx->h[3] += F[3]; |
| 490 » ctx->h[4] += E;»» ctx->h[5] += F[5]; |
| 491 » ctx->h[6] += F[6];» ctx->h[7] += F[7]; |
| 492 |
| 493 » » » W+=SHA_LBLOCK; |
| 494 » » » } |
| 495 » } |
| 496 |
| 497 #elif defined(OPENSSL_SMALL_FOOTPRINT) |
410 | 498 |
411 static void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num
) | 499 static void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num
) |
412 { | 500 { |
413 const SHA_LONG64 *W=in; | 501 const SHA_LONG64 *W=in; |
414 SHA_LONG64 a,b,c,d,e,f,g,h,s0,s1,T1,T2; | 502 SHA_LONG64 a,b,c,d,e,f,g,h,s0,s1,T1,T2; |
415 SHA_LONG64 X[16]; | 503 SHA_LONG64 X[16]; |
416 int i; | 504 int i; |
417 | 505 |
418 #ifdef GO_FOR_SSE2 | |
419 GO_FOR_SSE2(ctx,in,num); | |
420 #endif | |
421 | |
422 while (num--) { | 506 while (num--) { |
423 | 507 |
424 a = ctx->h[0]; b = ctx->h[1]; c = ctx->h[2]; d = ctx->h[3]; | 508 a = ctx->h[0]; b = ctx->h[1]; c = ctx->h[2]; d = ctx->h[3]; |
425 e = ctx->h[4]; f = ctx->h[5]; g = ctx->h[6]; h = ctx->h[7]; | 509 e = ctx->h[4]; f = ctx->h[5]; g = ctx->h[6]; h = ctx->h[7]; |
426 | 510 |
427 for (i=0;i<16;i++) | 511 for (i=0;i<16;i++) |
428 { | 512 { |
429 #ifdef B_ENDIAN | 513 #ifdef B_ENDIAN |
430 T1 = X[i] = W[i]; | 514 T1 = X[i] = W[i]; |
431 #else | 515 #else |
(...skipping 24 matching lines...) Expand all Loading... |
456 } | 540 } |
457 } | 541 } |
458 | 542 |
459 #else | 543 #else |
460 | 544 |
461 #define ROUND_00_15(i,a,b,c,d,e,f,g,h) do { \ | 545 #define ROUND_00_15(i,a,b,c,d,e,f,g,h) do { \ |
462 T1 += h + Sigma1(e) + Ch(e,f,g) + K512[i]; \ | 546 T1 += h + Sigma1(e) + Ch(e,f,g) + K512[i]; \ |
463 h = Sigma0(a) + Maj(a,b,c); \ | 547 h = Sigma0(a) + Maj(a,b,c); \ |
464 d += T1; h += T1; } while (0) | 548 d += T1; h += T1; } while (0) |
465 | 549 |
466 #define»ROUND_16_80(i,a,b,c,d,e,f,g,h,X)» do {» \ | 550 #define»ROUND_16_80(i,j,a,b,c,d,e,f,g,h,X)» do {» \ |
467 » s0 = X[(i+1)&0x0f];» s0 = sigma0(s0);» \ | 551 » s0 = X[(j+1)&0x0f];» s0 = sigma0(s0);» \ |
468 » s1 = X[(i+14)&0x0f];» s1 = sigma1(s1);» \ | 552 » s1 = X[(j+14)&0x0f];» s1 = sigma1(s1);» \ |
469 » T1 = X[(i)&0x0f] += s0 + s1 + X[(i+9)&0x0f];» \ | 553 » T1 = X[(j)&0x0f] += s0 + s1 + X[(j+9)&0x0f];» \ |
470 » ROUND_00_15(i,a,b,c,d,e,f,g,h);»» } while (0) | 554 » ROUND_00_15(i+j,a,b,c,d,e,f,g,h);» » } while (0) |
471 | 555 |
472 static void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num
) | 556 static void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num
) |
473 { | 557 { |
474 const SHA_LONG64 *W=in; | 558 const SHA_LONG64 *W=in; |
475 SHA_LONG64 a,b,c,d,e,f,g,h,s0,s1,T1; | 559 SHA_LONG64 a,b,c,d,e,f,g,h,s0,s1,T1; |
476 SHA_LONG64 X[16]; | 560 SHA_LONG64 X[16]; |
477 int i; | 561 int i; |
478 | 562 |
479 #ifdef GO_FOR_SSE2 | |
480 GO_FOR_SSE2(ctx,in,num); | |
481 #endif | |
482 | |
483 while (num--) { | 563 while (num--) { |
484 | 564 |
485 a = ctx->h[0]; b = ctx->h[1]; c = ctx->h[2]; d = ctx->h[3]; | 565 a = ctx->h[0]; b = ctx->h[1]; c = ctx->h[2]; d = ctx->h[3]; |
486 e = ctx->h[4]; f = ctx->h[5]; g = ctx->h[6]; h = ctx->h[7]; | 566 e = ctx->h[4]; f = ctx->h[5]; g = ctx->h[6]; h = ctx->h[7]; |
487 | 567 |
488 #ifdef B_ENDIAN | 568 #ifdef B_ENDIAN |
489 T1 = X[0] = W[0]; ROUND_00_15(0,a,b,c,d,e,f,g,h); | 569 T1 = X[0] = W[0]; ROUND_00_15(0,a,b,c,d,e,f,g,h); |
490 T1 = X[1] = W[1]; ROUND_00_15(1,h,a,b,c,d,e,f,g); | 570 T1 = X[1] = W[1]; ROUND_00_15(1,h,a,b,c,d,e,f,g); |
491 T1 = X[2] = W[2]; ROUND_00_15(2,g,h,a,b,c,d,e,f); | 571 T1 = X[2] = W[2]; ROUND_00_15(2,g,h,a,b,c,d,e,f); |
492 T1 = X[3] = W[3]; ROUND_00_15(3,f,g,h,a,b,c,d,e); | 572 T1 = X[3] = W[3]; ROUND_00_15(3,f,g,h,a,b,c,d,e); |
(...skipping 21 matching lines...) Expand all Loading... |
514 T1 = X[8] = PULL64(W[8]); ROUND_00_15(8,a,b,c,d,e,f,g,h); | 594 T1 = X[8] = PULL64(W[8]); ROUND_00_15(8,a,b,c,d,e,f,g,h); |
515 T1 = X[9] = PULL64(W[9]); ROUND_00_15(9,h,a,b,c,d,e,f,g); | 595 T1 = X[9] = PULL64(W[9]); ROUND_00_15(9,h,a,b,c,d,e,f,g); |
516 T1 = X[10] = PULL64(W[10]); ROUND_00_15(10,g,h,a,b,c,d,e,f); | 596 T1 = X[10] = PULL64(W[10]); ROUND_00_15(10,g,h,a,b,c,d,e,f); |
517 T1 = X[11] = PULL64(W[11]); ROUND_00_15(11,f,g,h,a,b,c,d,e); | 597 T1 = X[11] = PULL64(W[11]); ROUND_00_15(11,f,g,h,a,b,c,d,e); |
518 T1 = X[12] = PULL64(W[12]); ROUND_00_15(12,e,f,g,h,a,b,c,d); | 598 T1 = X[12] = PULL64(W[12]); ROUND_00_15(12,e,f,g,h,a,b,c,d); |
519 T1 = X[13] = PULL64(W[13]); ROUND_00_15(13,d,e,f,g,h,a,b,c); | 599 T1 = X[13] = PULL64(W[13]); ROUND_00_15(13,d,e,f,g,h,a,b,c); |
520 T1 = X[14] = PULL64(W[14]); ROUND_00_15(14,c,d,e,f,g,h,a,b); | 600 T1 = X[14] = PULL64(W[14]); ROUND_00_15(14,c,d,e,f,g,h,a,b); |
521 T1 = X[15] = PULL64(W[15]); ROUND_00_15(15,b,c,d,e,f,g,h,a); | 601 T1 = X[15] = PULL64(W[15]); ROUND_00_15(15,b,c,d,e,f,g,h,a); |
522 #endif | 602 #endif |
523 | 603 |
524 » for (i=16;i<80;i+=8) | 604 » for (i=16;i<80;i+=16) |
525 { | 605 { |
526 » » ROUND_16_80(i+0,a,b,c,d,e,f,g,h,X); | 606 » » ROUND_16_80(i, 0,a,b,c,d,e,f,g,h,X); |
527 » » ROUND_16_80(i+1,h,a,b,c,d,e,f,g,X); | 607 » » ROUND_16_80(i, 1,h,a,b,c,d,e,f,g,X); |
528 » » ROUND_16_80(i+2,g,h,a,b,c,d,e,f,X); | 608 » » ROUND_16_80(i, 2,g,h,a,b,c,d,e,f,X); |
529 » » ROUND_16_80(i+3,f,g,h,a,b,c,d,e,X); | 609 » » ROUND_16_80(i, 3,f,g,h,a,b,c,d,e,X); |
530 » » ROUND_16_80(i+4,e,f,g,h,a,b,c,d,X); | 610 » » ROUND_16_80(i, 4,e,f,g,h,a,b,c,d,X); |
531 » » ROUND_16_80(i+5,d,e,f,g,h,a,b,c,X); | 611 » » ROUND_16_80(i, 5,d,e,f,g,h,a,b,c,X); |
532 » » ROUND_16_80(i+6,c,d,e,f,g,h,a,b,X); | 612 » » ROUND_16_80(i, 6,c,d,e,f,g,h,a,b,X); |
533 » » ROUND_16_80(i+7,b,c,d,e,f,g,h,a,X); | 613 » » ROUND_16_80(i, 7,b,c,d,e,f,g,h,a,X); |
| 614 » » ROUND_16_80(i, 8,a,b,c,d,e,f,g,h,X); |
| 615 » » ROUND_16_80(i, 9,h,a,b,c,d,e,f,g,X); |
| 616 » » ROUND_16_80(i,10,g,h,a,b,c,d,e,f,X); |
| 617 » » ROUND_16_80(i,11,f,g,h,a,b,c,d,e,X); |
| 618 » » ROUND_16_80(i,12,e,f,g,h,a,b,c,d,X); |
| 619 » » ROUND_16_80(i,13,d,e,f,g,h,a,b,c,X); |
| 620 » » ROUND_16_80(i,14,c,d,e,f,g,h,a,b,X); |
| 621 » » ROUND_16_80(i,15,b,c,d,e,f,g,h,a,X); |
534 } | 622 } |
535 | 623 |
536 ctx->h[0] += a; ctx->h[1] += b; ctx->h[2] += c; ctx->h[3] += d; | 624 ctx->h[0] += a; ctx->h[1] += b; ctx->h[2] += c; ctx->h[3] += d; |
537 ctx->h[4] += e; ctx->h[5] += f; ctx->h[6] += g; ctx->h[7] += h; | 625 ctx->h[4] += e; ctx->h[5] += f; ctx->h[6] += g; ctx->h[7] += h; |
538 | 626 |
539 W+=SHA_LBLOCK; | 627 W+=SHA_LBLOCK; |
540 } | 628 } |
541 } | 629 } |
542 | 630 |
543 #endif | 631 #endif |
544 | 632 |
545 #endif /* SHA512_ASM */ | 633 #endif /* SHA512_ASM */ |
546 | 634 |
547 #else /* OPENSSL_NO_SHA512 */ | 635 #else /* !OPENSSL_NO_SHA512 */ |
548 | 636 |
549 /* Sensitive compilers ("Compaq C V6.4-005 on OpenVMS VAX V7.3", for | 637 #if defined(PEDANTIC) || defined(__DECC) || defined(OPENSSL_SYS_MACOSX) |
550 * example) dislike a statement-free file, complaining: | 638 static void *dummy=&dummy; |
551 * "%CC-W-EMPTYFILE, Source file does not contain any declarations." | 639 #endif |
552 */ | |
553 | 640 |
554 int sha512_dummy(); | 641 #endif /* !OPENSSL_NO_SHA512 */ |
555 | |
556 #endif /* OPENSSL_NO_SHA512 */ | |
OLD | NEW |