1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/os/ossrv/ssl/libcrypto/src/crypto/sha/sha512.c Fri Jun 15 03:10:57 2012 +0200
1.3 @@ -0,0 +1,611 @@
1.4 +/* crypto/sha/sha512.c */
1.5 +/* ====================================================================
1.6 + * Copyright (c) 2004 The OpenSSL Project. All rights reserved
1.7 + * according to the OpenSSL license [found here].
1.8 + * ====================================================================
1.9 + */
1.10 +
1.11 +/* ====================================================================
1.12 + * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
1.13 + *
1.14 + * Redistribution and use in source and binary forms, with or without
1.15 + * modification, are permitted provided that the following conditions
1.16 + * are met:
1.17 + *
1.18 + * 1. Redistributions of source code must retain the above copyright
1.19 + * notice, this list of conditions and the following disclaimer.
1.20 + *
1.21 + * 2. Redistributions in binary form must reproduce the above copyright
1.22 + * notice, this list of conditions and the following disclaimer in
1.23 + * the documentation and/or other materials provided with the
1.24 + * distribution.
1.25 + *
1.26 + * 3. All advertising materials mentioning features or use of this
1.27 + * software must display the following acknowledgment:
1.28 + * "This product includes software developed by the OpenSSL Project
1.29 + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
1.30 + *
1.31 + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
1.32 + * endorse or promote products derived from this software without
1.33 + * prior written permission. For written permission, please contact
1.34 + * openssl-core@openssl.org.
1.35 + *
1.36 + * 5. Products derived from this software may not be called "OpenSSL"
1.37 + * nor may "OpenSSL" appear in their names without prior written
1.38 + * permission of the OpenSSL Project.
1.39 + *
1.40 + * 6. Redistributions of any form whatsoever must retain the following
1.41 + * acknowledgment:
1.42 + * "This product includes software developed by the OpenSSL Project
1.43 + * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
1.44 + *
1.45 + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
1.46 + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
1.47 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
1.48 + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
1.49 + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
1.50 + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
1.51 + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
1.52 + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
1.53 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
1.54 + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
1.55 + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
1.56 + * OF THE POSSIBILITY OF SUCH DAMAGE.
1.57 + * ====================================================================
1.58 + *
1.59 + * This product includes cryptographic software written by Eric Young
1.60 + * (eay@cryptsoft.com). This product includes software written by Tim
1.61 + * Hudson (tjh@cryptsoft.com).
1.62 + *
1.63 + */
1.64 +
1.65 +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
1.66 + * All rights reserved.
1.67 + *
1.68 + * This package is an SSL implementation written
1.69 + * by Eric Young (eay@cryptsoft.com).
1.70 + * The implementation was written so as to conform with Netscapes SSL.
1.71 + *
1.72 + * This library is free for commercial and non-commercial use as long as
1.73 + * the following conditions are aheared to. The following conditions
1.74 + * apply to all code found in this distribution, be it the RC4, RSA,
1.75 + * lhash, DES, etc., code; not just the SSL code. The SSL documentation
1.76 + * included with this distribution is covered by the same copyright terms
1.77 + * except that the holder is Tim Hudson (tjh@cryptsoft.com).
1.78 + *
1.79 + * Copyright remains Eric Young's, and as such any Copyright notices in
1.80 + * the code are not to be removed.
1.81 + * If this package is used in a product, Eric Young should be given attribution
1.82 + * as the author of the parts of the library used.
1.83 + * This can be in the form of a textual message at program startup or
1.84 + * in documentation (online or textual) provided with the package.
1.85 + *
1.86 + * Redistribution and use in source and binary forms, with or without
1.87 + * modification, are permitted provided that the following conditions
1.88 + * are met:
1.89 + * 1. Redistributions of source code must retain the copyright
1.90 + * notice, this list of conditions and the following disclaimer.
1.91 + * 2. Redistributions in binary form must reproduce the above copyright
1.92 + * notice, this list of conditions and the following disclaimer in the
1.93 + * documentation and/or other materials provided with the distribution.
1.94 + * 3. All advertising materials mentioning features or use of this software
1.95 + * must display the following acknowledgement:
1.96 + * "This product includes cryptographic software written by
1.97 + * Eric Young (eay@cryptsoft.com)"
1.98 + * The word 'cryptographic' can be left out if the rouines from the library
1.99 + * being used are not cryptographic related :-).
1.100 + * 4. If you include any Windows specific code (or a derivative thereof) from
1.101 + * the apps directory (application code) you must include an acknowledgement:
1.102 + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
1.103 + *
1.104 + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
1.105 + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
1.106 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
1.107 + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
1.108 + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
1.109 + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
1.110 + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
1.111 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
1.112 + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
1.113 + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
1.114 + * SUCH DAMAGE.
1.115 + *
1.116 + * The licence and distribution terms for any publically available version or
1.117 + * derivative of this code cannot be changed. i.e. this code cannot simply be
1.118 + * copied and put under another distribution licence
1.119 + * [including the GNU Public Licence.]
1.120 + */
1.121 +/*
1.122 + © Portions copyright (c) 2010 Nokia Corporation. All rights reserved.
1.123 + */
1.124 +
1.125 +#include <openssl/opensslconf.h>
1.126 +#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA512)
1.127 +/*
1.128 + * IMPLEMENTATION NOTES.
1.129 + *
1.130 + * As you might have noticed 32-bit hash algorithms:
1.131 + *
1.132 + * - permit SHA_LONG to be wider than 32-bit (case on CRAY);
1.133 + * - optimized versions implement two transform functions: one operating
1.134 + * on [aligned] data in host byte order and one - on data in input
1.135 + * stream byte order;
1.136 + * - share common byte-order neutral collector and padding function
1.137 + * implementations, ../md32_common.h;
1.138 + *
1.139 + * Neither of the above applies to this SHA-512 implementations. Reasons
1.140 + * [in reverse order] are:
1.141 + *
1.142 + * - it's the only 64-bit hash algorithm for the moment of this writing,
1.143 + * there is no need for common collector/padding implementation [yet];
1.144 + * - by supporting only one transform function [which operates on
1.145 + * *aligned* data in input stream byte order, big-endian in this case]
1.146 + * we minimize burden of maintenance in two ways: a) collector/padding
1.147 + * function is simpler; b) only one transform function to stare at;
1.148 + * - SHA_LONG64 is required to be exactly 64-bit in order to be able to
1.149 + * apply a number of optimizations to mitigate potential performance
1.150 + * penalties caused by previous design decision;
1.151 + *
1.152 + * Caveat lector.
1.153 + *
1.154 + * Implementation relies on the fact that "long long" is 64-bit on
1.155 + * both 32- and 64-bit platforms. If some compiler vendor comes up
1.156 + * with 128-bit long long, adjustment to sha.h would be required.
1.157 + * As this implementation relies on 64-bit integer type, it's totally
1.158 + * inappropriate for platforms which don't support it, most notably
1.159 + * 16-bit platforms.
1.160 + * <appro@fy.chalmers.se>
1.161 + */
1.162 +#include <stdlib.h>
1.163 +#include <string.h>
1.164 +
1.165 +#include <openssl/crypto.h>
1.166 +#include <openssl/sha.h>
1.167 +#include <openssl/opensslv.h>
1.168 +
1.169 +#include "cryptlib.h"
1.170 +
1.171 +const char SHA512_version[]="SHA-512" OPENSSL_VERSION_PTEXT;
1.172 +
1.173 +#if defined(_M_IX86) || defined(_M_AMD64) || defined(__i386) || defined(__x86_64)
1.174 +#define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA
1.175 +#endif
1.176 +
1.177 +EXPORT_C int SHA384_Init (SHA512_CTX *c)
1.178 + {
1.179 + c->h[0]=U64(0xcbbb9d5dc1059ed8);
1.180 + c->h[1]=U64(0x629a292a367cd507);
1.181 + c->h[2]=U64(0x9159015a3070dd17);
1.182 + c->h[3]=U64(0x152fecd8f70e5939);
1.183 + c->h[4]=U64(0x67332667ffc00b31);
1.184 + c->h[5]=U64(0x8eb44a8768581511);
1.185 + c->h[6]=U64(0xdb0c2e0d64f98fa7);
1.186 + c->h[7]=U64(0x47b5481dbefa4fa4);
1.187 + c->Nl=0; c->Nh=0;
1.188 + c->num=0; c->md_len=SHA384_DIGEST_LENGTH;
1.189 + return 1;
1.190 + }
1.191 +
1.192 +EXPORT_C int SHA512_Init (SHA512_CTX *c)
1.193 + {
1.194 + c->h[0]=U64(0x6a09e667f3bcc908);
1.195 + c->h[1]=U64(0xbb67ae8584caa73b);
1.196 + c->h[2]=U64(0x3c6ef372fe94f82b);
1.197 + c->h[3]=U64(0xa54ff53a5f1d36f1);
1.198 + c->h[4]=U64(0x510e527fade682d1);
1.199 + c->h[5]=U64(0x9b05688c2b3e6c1f);
1.200 + c->h[6]=U64(0x1f83d9abfb41bd6b);
1.201 + c->h[7]=U64(0x5be0cd19137e2179);
1.202 + c->Nl=0; c->Nh=0;
1.203 + c->num=0; c->md_len=SHA512_DIGEST_LENGTH;
1.204 + return 1;
1.205 + }
1.206 +
1.207 +#ifndef SHA512_ASM
1.208 +static
1.209 +#endif
1.210 +void sha512_block (SHA512_CTX *ctx, const void *in, size_t num);
1.211 +
1.212 +EXPORT_C int SHA512_Final (unsigned char *md, SHA512_CTX *c)
1.213 + {
1.214 + unsigned char *p=(unsigned char *)c->u.p;
1.215 + size_t n=c->num;
1.216 +
1.217 + p[n]=0x80; /* There always is a room for one */
1.218 + n++;
1.219 + if (n > (sizeof(c->u)-16))
1.220 + memset (p+n,0,sizeof(c->u)-n), n=0,
1.221 + sha512_block (c,p,1);
1.222 +
1.223 + memset (p+n,0,sizeof(c->u)-16-n);
1.224 +#ifdef B_ENDIAN
1.225 + c->u.d[SHA_LBLOCK-2] = c->Nh;
1.226 + c->u.d[SHA_LBLOCK-1] = c->Nl;
1.227 +#else
1.228 + p[sizeof(c->u)-1] = (unsigned char)(c->Nl);
1.229 + p[sizeof(c->u)-2] = (unsigned char)(c->Nl>>8);
1.230 + p[sizeof(c->u)-3] = (unsigned char)(c->Nl>>16);
1.231 + p[sizeof(c->u)-4] = (unsigned char)(c->Nl>>24);
1.232 + p[sizeof(c->u)-5] = (unsigned char)(c->Nl>>32);
1.233 + p[sizeof(c->u)-6] = (unsigned char)(c->Nl>>40);
1.234 + p[sizeof(c->u)-7] = (unsigned char)(c->Nl>>48);
1.235 + p[sizeof(c->u)-8] = (unsigned char)(c->Nl>>56);
1.236 + p[sizeof(c->u)-9] = (unsigned char)(c->Nh);
1.237 + p[sizeof(c->u)-10] = (unsigned char)(c->Nh>>8);
1.238 + p[sizeof(c->u)-11] = (unsigned char)(c->Nh>>16);
1.239 + p[sizeof(c->u)-12] = (unsigned char)(c->Nh>>24);
1.240 + p[sizeof(c->u)-13] = (unsigned char)(c->Nh>>32);
1.241 + p[sizeof(c->u)-14] = (unsigned char)(c->Nh>>40);
1.242 + p[sizeof(c->u)-15] = (unsigned char)(c->Nh>>48);
1.243 + p[sizeof(c->u)-16] = (unsigned char)(c->Nh>>56);
1.244 +#endif
1.245 +
1.246 + sha512_block (c,p,1);
1.247 +
1.248 + if (md==0) return 0;
1.249 +
1.250 + switch (c->md_len)
1.251 + {
1.252 + /* Let compiler decide if it's appropriate to unroll... */
1.253 + case SHA384_DIGEST_LENGTH:
1.254 + for (n=0;n<SHA384_DIGEST_LENGTH/8;n++)
1.255 + {
1.256 + SHA_LONG64 t = c->h[n];
1.257 +
1.258 + *(md++) = (unsigned char)(t>>56);
1.259 + *(md++) = (unsigned char)(t>>48);
1.260 + *(md++) = (unsigned char)(t>>40);
1.261 + *(md++) = (unsigned char)(t>>32);
1.262 + *(md++) = (unsigned char)(t>>24);
1.263 + *(md++) = (unsigned char)(t>>16);
1.264 + *(md++) = (unsigned char)(t>>8);
1.265 + *(md++) = (unsigned char)(t);
1.266 + }
1.267 + break;
1.268 + case SHA512_DIGEST_LENGTH:
1.269 + for (n=0;n<SHA512_DIGEST_LENGTH/8;n++)
1.270 + {
1.271 + SHA_LONG64 t = c->h[n];
1.272 +
1.273 + *(md++) = (unsigned char)(t>>56);
1.274 + *(md++) = (unsigned char)(t>>48);
1.275 + *(md++) = (unsigned char)(t>>40);
1.276 + *(md++) = (unsigned char)(t>>32);
1.277 + *(md++) = (unsigned char)(t>>24);
1.278 + *(md++) = (unsigned char)(t>>16);
1.279 + *(md++) = (unsigned char)(t>>8);
1.280 + *(md++) = (unsigned char)(t);
1.281 + }
1.282 + break;
1.283 + /* ... as well as make sure md_len is not abused. */
1.284 + default: return 0;
1.285 + }
1.286 +
1.287 + return 1;
1.288 + }
1.289 +
1.290 +EXPORT_C int SHA384_Final (unsigned char *md,SHA512_CTX *c)
1.291 +{ return SHA512_Final (md,c); }
1.292 +
1.293 +EXPORT_C int SHA512_Update (SHA512_CTX *c, const void *_data, size_t len)
1.294 + {
1.295 + SHA_LONG64 l;
1.296 + unsigned char *p=c->u.p;
1.297 + const unsigned char *data=(const unsigned char *)_data;
1.298 +
1.299 + if (len==0) return 1;
1.300 +
1.301 + l = (c->Nl+(((SHA_LONG64)len)<<3))&U64(0xffffffffffffffff);
1.302 + if (l < c->Nl) c->Nh++;
1.303 + if (sizeof(len)>=8) c->Nh+=(((SHA_LONG64)len)>>61);
1.304 + c->Nl=l;
1.305 +
1.306 + if (c->num != 0)
1.307 + {
1.308 + size_t n = sizeof(c->u) - c->num;
1.309 +
1.310 + if (len < n)
1.311 + {
1.312 + memcpy (p+c->num,data,len), c->num += len;
1.313 + return 1;
1.314 + }
1.315 + else {
1.316 + memcpy (p+c->num,data,n), c->num = 0;
1.317 + len-=n, data+=n;
1.318 + sha512_block (c,p,1);
1.319 + }
1.320 + }
1.321 +
1.322 + if (len >= sizeof(c->u))
1.323 + {
1.324 +#ifndef SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA
1.325 + if ((size_t)data%sizeof(c->u.d[0]) != 0)
1.326 + while (len >= sizeof(c->u))
1.327 + memcpy (p,data,sizeof(c->u)),
1.328 + sha512_block (c,p,1),
1.329 + len -= sizeof(c->u),
1.330 + data += sizeof(c->u);
1.331 + else
1.332 +#endif
1.333 + sha512_block (c,data,len/sizeof(c->u)),
1.334 + data += len,
1.335 + len %= sizeof(c->u),
1.336 + data -= len;
1.337 + }
1.338 +
1.339 + if (len != 0) memcpy (p,data,len), c->num = (int)len;
1.340 +
1.341 + return 1;
1.342 + }
1.343 +
1.344 +EXPORT_C int SHA384_Update (SHA512_CTX *c, const void *data, size_t len)
1.345 +{ return SHA512_Update (c,data,len); }
1.346 +
1.347 +EXPORT_C void SHA512_Transform (SHA512_CTX *c, const unsigned char *data)
1.348 +{ sha512_block (c,data,1); }
1.349 +
1.350 +EXPORT_C unsigned char *SHA384(const unsigned char *d, size_t n, unsigned char *md)
1.351 + {
1.352 + SHA512_CTX c;
1.353 + static unsigned char m[SHA384_DIGEST_LENGTH];
1.354 +
1.355 + if (md == NULL) md=m;
1.356 + SHA384_Init(&c);
1.357 + SHA512_Update(&c,d,n);
1.358 + SHA512_Final(md,&c);
1.359 + OPENSSL_cleanse(&c,sizeof(c));
1.360 + return(md);
1.361 + }
1.362 +
1.363 +EXPORT_C unsigned char *SHA512(const unsigned char *d, size_t n, unsigned char *md)
1.364 + {
1.365 + SHA512_CTX c;
1.366 + static unsigned char m[SHA512_DIGEST_LENGTH];
1.367 +
1.368 + if (md == NULL) md=m;
1.369 + SHA512_Init(&c);
1.370 + SHA512_Update(&c,d,n);
1.371 + SHA512_Final(md,&c);
1.372 + OPENSSL_cleanse(&c,sizeof(c));
1.373 + return(md);
1.374 + }
1.375 +
1.376 +#ifndef SHA512_ASM
1.377 +static const SHA_LONG64 K512[80] = {
1.378 + U64(0x428a2f98d728ae22),U64(0x7137449123ef65cd),
1.379 + U64(0xb5c0fbcfec4d3b2f),U64(0xe9b5dba58189dbbc),
1.380 + U64(0x3956c25bf348b538),U64(0x59f111f1b605d019),
1.381 + U64(0x923f82a4af194f9b),U64(0xab1c5ed5da6d8118),
1.382 + U64(0xd807aa98a3030242),U64(0x12835b0145706fbe),
1.383 + U64(0x243185be4ee4b28c),U64(0x550c7dc3d5ffb4e2),
1.384 + U64(0x72be5d74f27b896f),U64(0x80deb1fe3b1696b1),
1.385 + U64(0x9bdc06a725c71235),U64(0xc19bf174cf692694),
1.386 + U64(0xe49b69c19ef14ad2),U64(0xefbe4786384f25e3),
1.387 + U64(0x0fc19dc68b8cd5b5),U64(0x240ca1cc77ac9c65),
1.388 + U64(0x2de92c6f592b0275),U64(0x4a7484aa6ea6e483),
1.389 + U64(0x5cb0a9dcbd41fbd4),U64(0x76f988da831153b5),
1.390 + U64(0x983e5152ee66dfab),U64(0xa831c66d2db43210),
1.391 + U64(0xb00327c898fb213f),U64(0xbf597fc7beef0ee4),
1.392 + U64(0xc6e00bf33da88fc2),U64(0xd5a79147930aa725),
1.393 + U64(0x06ca6351e003826f),U64(0x142929670a0e6e70),
1.394 + U64(0x27b70a8546d22ffc),U64(0x2e1b21385c26c926),
1.395 + U64(0x4d2c6dfc5ac42aed),U64(0x53380d139d95b3df),
1.396 + U64(0x650a73548baf63de),U64(0x766a0abb3c77b2a8),
1.397 + U64(0x81c2c92e47edaee6),U64(0x92722c851482353b),
1.398 + U64(0xa2bfe8a14cf10364),U64(0xa81a664bbc423001),
1.399 + U64(0xc24b8b70d0f89791),U64(0xc76c51a30654be30),
1.400 + U64(0xd192e819d6ef5218),U64(0xd69906245565a910),
1.401 + U64(0xf40e35855771202a),U64(0x106aa07032bbd1b8),
1.402 + U64(0x19a4c116b8d2d0c8),U64(0x1e376c085141ab53),
1.403 + U64(0x2748774cdf8eeb99),U64(0x34b0bcb5e19b48a8),
1.404 + U64(0x391c0cb3c5c95a63),U64(0x4ed8aa4ae3418acb),
1.405 + U64(0x5b9cca4f7763e373),U64(0x682e6ff3d6b2b8a3),
1.406 + U64(0x748f82ee5defb2fc),U64(0x78a5636f43172f60),
1.407 + U64(0x84c87814a1f0ab72),U64(0x8cc702081a6439ec),
1.408 + U64(0x90befffa23631e28),U64(0xa4506cebde82bde9),
1.409 + U64(0xbef9a3f7b2c67915),U64(0xc67178f2e372532b),
1.410 + U64(0xca273eceea26619c),U64(0xd186b8c721c0c207),
1.411 + U64(0xeada7dd6cde0eb1e),U64(0xf57d4f7fee6ed178),
1.412 + U64(0x06f067aa72176fba),U64(0x0a637dc5a2c898a6),
1.413 + U64(0x113f9804bef90dae),U64(0x1b710b35131c471b),
1.414 + U64(0x28db77f523047d84),U64(0x32caab7b40c72493),
1.415 + U64(0x3c9ebe0a15c9bebc),U64(0x431d67c49c100d4c),
1.416 + U64(0x4cc5d4becb3e42b6),U64(0x597f299cfc657e2a),
1.417 + U64(0x5fcb6fab3ad6faec),U64(0x6c44198c4a475817) };
1.418 +
1.419 +#ifndef PEDANTIC
1.420 +# if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
1.421 +# if defined(__x86_64) || defined(__x86_64__)
1.422 +# define PULL64(x) ({ SHA_LONG64 ret=*((const SHA_LONG64 *)(&(x))); \
1.423 + asm ("bswapq %0" \
1.424 + : "=r"(ret) \
1.425 + : "0"(ret)); ret; })
1.426 +# endif
1.427 +# endif
1.428 +#endif
1.429 +
1.430 +#ifndef PULL64
1.431 +#define B(x,j) (((SHA_LONG64)(*(((const unsigned char *)(&x))+j)))<<((7-j)*8))
1.432 +#define PULL64(x) (B(x,0)|B(x,1)|B(x,2)|B(x,3)|B(x,4)|B(x,5)|B(x,6)|B(x,7))
1.433 +#endif
1.434 +
1.435 +#ifndef PEDANTIC
1.436 +# if defined(_MSC_VER)
1.437 +# if defined(_WIN64) /* applies to both IA-64 and AMD64 */
1.438 +# define ROTR(a,n) _rotr64((a),n)
1.439 +# endif
1.440 +# elif defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
1.441 +# if defined(__x86_64) || defined(__x86_64__)
1.442 +# define ROTR(a,n) ({ unsigned long ret; \
1.443 + asm ("rorq %1,%0" \
1.444 + : "=r"(ret) \
1.445 + : "J"(n),"0"(a) \
1.446 + : "cc"); ret; })
1.447 +# elif defined(_ARCH_PPC) && defined(__64BIT__)
1.448 +# define ROTR(a,n) ({ unsigned long ret; \
1.449 + asm ("rotrdi %0,%1,%2" \
1.450 + : "=r"(ret) \
1.451 + : "r"(a),"K"(n)); ret; })
1.452 +# endif
1.453 +# endif
1.454 +#endif
1.455 +
1.456 +#ifndef ROTR
1.457 +#define ROTR(x,s) (((x)>>s) | (x)<<(64-s))
1.458 +#endif
1.459 +
1.460 +#define Sigma0(x) (ROTR((x),28) ^ ROTR((x),34) ^ ROTR((x),39))
1.461 +#define Sigma1(x) (ROTR((x),14) ^ ROTR((x),18) ^ ROTR((x),41))
1.462 +#define sigma0(x) (ROTR((x),1) ^ ROTR((x),8) ^ ((x)>>7))
1.463 +#define sigma1(x) (ROTR((x),19) ^ ROTR((x),61) ^ ((x)>>6))
1.464 +
1.465 +#define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z)))
1.466 +#define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
1.467 +
1.468 +#if defined(OPENSSL_IA32_SSE2) && !defined(OPENSSL_NO_ASM) && !defined(I386_ONLY)
1.469 +#define GO_FOR_SSE2(ctx,in,num) do { \
1.470 + void sha512_block_sse2(void *,const void *,size_t); \
1.471 + if (!(OPENSSL_ia32cap_P & (1<<26))) break; \
1.472 + sha512_block_sse2(ctx->h,in,num); return; \
1.473 + } while (0)
1.474 +#endif
1.475 +
1.476 +#ifdef OPENSSL_SMALL_FOOTPRINT
1.477 +
1.478 +static void sha512_block (SHA512_CTX *ctx, const void *in, size_t num)
1.479 + {
1.480 + const SHA_LONG64 *W=in;
1.481 + SHA_LONG64 a,b,c,d,e,f,g,h,s0,s1,T1,T2;
1.482 + SHA_LONG64 X[16];
1.483 + int i;
1.484 +
1.485 +#ifdef GO_FOR_SSE2
1.486 + GO_FOR_SSE2(ctx,in,num);
1.487 +#endif
1.488 +
1.489 + while (num--) {
1.490 +
1.491 + a = ctx->h[0]; b = ctx->h[1]; c = ctx->h[2]; d = ctx->h[3];
1.492 + e = ctx->h[4]; f = ctx->h[5]; g = ctx->h[6]; h = ctx->h[7];
1.493 +
1.494 + for (i=0;i<16;i++)
1.495 + {
1.496 +#ifdef B_ENDIAN
1.497 + T1 = X[i] = W[i];
1.498 +#else
1.499 + T1 = X[i] = PULL64(W[i]);
1.500 +#endif
1.501 + T1 += h + Sigma1(e) + Ch(e,f,g) + K512[i];
1.502 + T2 = Sigma0(a) + Maj(a,b,c);
1.503 + h = g; g = f; f = e; e = d + T1;
1.504 + d = c; c = b; b = a; a = T1 + T2;
1.505 + }
1.506 +
1.507 + for (;i<80;i++)
1.508 + {
1.509 + s0 = X[(i+1)&0x0f]; s0 = sigma0(s0);
1.510 + s1 = X[(i+14)&0x0f]; s1 = sigma1(s1);
1.511 +
1.512 + T1 = X[i&0xf] += s0 + s1 + X[(i+9)&0xf];
1.513 + T1 += h + Sigma1(e) + Ch(e,f,g) + K512[i];
1.514 + T2 = Sigma0(a) + Maj(a,b,c);
1.515 + h = g; g = f; f = e; e = d + T1;
1.516 + d = c; c = b; b = a; a = T1 + T2;
1.517 + }
1.518 +
1.519 + ctx->h[0] += a; ctx->h[1] += b; ctx->h[2] += c; ctx->h[3] += d;
1.520 + ctx->h[4] += e; ctx->h[5] += f; ctx->h[6] += g; ctx->h[7] += h;
1.521 +
1.522 + W+=SHA_LBLOCK;
1.523 + }
1.524 + }
1.525 +
1.526 +#else
1.527 +
1.528 +#define ROUND_00_15(i,a,b,c,d,e,f,g,h) do { \
1.529 + T1 += h + Sigma1(e) + Ch(e,f,g) + K512[i]; \
1.530 + h = Sigma0(a) + Maj(a,b,c); \
1.531 + d += T1; h += T1; } while (0)
1.532 +
1.533 +#define ROUND_16_80(i,a,b,c,d,e,f,g,h,X) do { \
1.534 + s0 = X[(i+1)&0x0f]; s0 = sigma0(s0); \
1.535 + s1 = X[(i+14)&0x0f]; s1 = sigma1(s1); \
1.536 + T1 = X[(i)&0x0f] += s0 + s1 + X[(i+9)&0x0f]; \
1.537 + ROUND_00_15(i,a,b,c,d,e,f,g,h); } while (0)
1.538 +
1.539 +static void sha512_block (SHA512_CTX *ctx, const void *in, size_t num)
1.540 + {
1.541 + const SHA_LONG64 *W=in;
1.542 + SHA_LONG64 a,b,c,d,e,f,g,h,s0,s1,T1;
1.543 + SHA_LONG64 X[16];
1.544 + int i;
1.545 +
1.546 +#ifdef GO_FOR_SSE2
1.547 + GO_FOR_SSE2(ctx,in,num);
1.548 +#endif
1.549 +
1.550 + while (num--) {
1.551 +
1.552 + a = ctx->h[0]; b = ctx->h[1]; c = ctx->h[2]; d = ctx->h[3];
1.553 + e = ctx->h[4]; f = ctx->h[5]; g = ctx->h[6]; h = ctx->h[7];
1.554 +
1.555 +#ifdef B_ENDIAN
1.556 + T1 = X[0] = W[0]; ROUND_00_15(0,a,b,c,d,e,f,g,h);
1.557 + T1 = X[1] = W[1]; ROUND_00_15(1,h,a,b,c,d,e,f,g);
1.558 + T1 = X[2] = W[2]; ROUND_00_15(2,g,h,a,b,c,d,e,f);
1.559 + T1 = X[3] = W[3]; ROUND_00_15(3,f,g,h,a,b,c,d,e);
1.560 + T1 = X[4] = W[4]; ROUND_00_15(4,e,f,g,h,a,b,c,d);
1.561 + T1 = X[5] = W[5]; ROUND_00_15(5,d,e,f,g,h,a,b,c);
1.562 + T1 = X[6] = W[6]; ROUND_00_15(6,c,d,e,f,g,h,a,b);
1.563 + T1 = X[7] = W[7]; ROUND_00_15(7,b,c,d,e,f,g,h,a);
1.564 + T1 = X[8] = W[8]; ROUND_00_15(8,a,b,c,d,e,f,g,h);
1.565 + T1 = X[9] = W[9]; ROUND_00_15(9,h,a,b,c,d,e,f,g);
1.566 + T1 = X[10] = W[10]; ROUND_00_15(10,g,h,a,b,c,d,e,f);
1.567 + T1 = X[11] = W[11]; ROUND_00_15(11,f,g,h,a,b,c,d,e);
1.568 + T1 = X[12] = W[12]; ROUND_00_15(12,e,f,g,h,a,b,c,d);
1.569 + T1 = X[13] = W[13]; ROUND_00_15(13,d,e,f,g,h,a,b,c);
1.570 + T1 = X[14] = W[14]; ROUND_00_15(14,c,d,e,f,g,h,a,b);
1.571 + T1 = X[15] = W[15]; ROUND_00_15(15,b,c,d,e,f,g,h,a);
1.572 +#else
1.573 + T1 = X[0] = PULL64(W[0]); ROUND_00_15(0,a,b,c,d,e,f,g,h);
1.574 + T1 = X[1] = PULL64(W[1]); ROUND_00_15(1,h,a,b,c,d,e,f,g);
1.575 + T1 = X[2] = PULL64(W[2]); ROUND_00_15(2,g,h,a,b,c,d,e,f);
1.576 + T1 = X[3] = PULL64(W[3]); ROUND_00_15(3,f,g,h,a,b,c,d,e);
1.577 + T1 = X[4] = PULL64(W[4]); ROUND_00_15(4,e,f,g,h,a,b,c,d);
1.578 + T1 = X[5] = PULL64(W[5]); ROUND_00_15(5,d,e,f,g,h,a,b,c);
1.579 + T1 = X[6] = PULL64(W[6]); ROUND_00_15(6,c,d,e,f,g,h,a,b);
1.580 + T1 = X[7] = PULL64(W[7]); ROUND_00_15(7,b,c,d,e,f,g,h,a);
1.581 + T1 = X[8] = PULL64(W[8]); ROUND_00_15(8,a,b,c,d,e,f,g,h);
1.582 + T1 = X[9] = PULL64(W[9]); ROUND_00_15(9,h,a,b,c,d,e,f,g);
1.583 + T1 = X[10] = PULL64(W[10]); ROUND_00_15(10,g,h,a,b,c,d,e,f);
1.584 + T1 = X[11] = PULL64(W[11]); ROUND_00_15(11,f,g,h,a,b,c,d,e);
1.585 + T1 = X[12] = PULL64(W[12]); ROUND_00_15(12,e,f,g,h,a,b,c,d);
1.586 + T1 = X[13] = PULL64(W[13]); ROUND_00_15(13,d,e,f,g,h,a,b,c);
1.587 + T1 = X[14] = PULL64(W[14]); ROUND_00_15(14,c,d,e,f,g,h,a,b);
1.588 + T1 = X[15] = PULL64(W[15]); ROUND_00_15(15,b,c,d,e,f,g,h,a);
1.589 +#endif
1.590 +
1.591 + for (i=16;i<80;i+=8)
1.592 + {
1.593 + ROUND_16_80(i+0,a,b,c,d,e,f,g,h,X);
1.594 + ROUND_16_80(i+1,h,a,b,c,d,e,f,g,X);
1.595 + ROUND_16_80(i+2,g,h,a,b,c,d,e,f,X);
1.596 + ROUND_16_80(i+3,f,g,h,a,b,c,d,e,X);
1.597 + ROUND_16_80(i+4,e,f,g,h,a,b,c,d,X);
1.598 + ROUND_16_80(i+5,d,e,f,g,h,a,b,c,X);
1.599 + ROUND_16_80(i+6,c,d,e,f,g,h,a,b,X);
1.600 + ROUND_16_80(i+7,b,c,d,e,f,g,h,a,X);
1.601 + }
1.602 +
1.603 + ctx->h[0] += a; ctx->h[1] += b; ctx->h[2] += c; ctx->h[3] += d;
1.604 + ctx->h[4] += e; ctx->h[5] += f; ctx->h[6] += g; ctx->h[7] += h;
1.605 +
1.606 + W+=SHA_LBLOCK;
1.607 + }
1.608 + }
1.609 +
1.610 +#endif
1.611 +
1.612 +#endif /* SHA512_ASM */
1.613 +
1.614 +#endif /* OPENSSL_NO_SHA512 */