Use the straight-forward ROTATE macro.
I would hope any sensible compiler would recognize the rotation. (If not, we should at least pull this into crypto/internal.h.) Confirmed that clang at least produces the exact same instructions for sha256_block_data_order for release + NO_ASM. This is also mostly moot as SHA-1 and SHA-256 both have assembly versions on x86 that sidestep most of this. For the digests, take it out of md32_common.h since it doesn't use the macro. md32_common.h isn't sure whether it's a multiply-included header or not. It should be, but it has an #include guard (doesn't quite do what you'd want) and will get HOST_c2l, etc., confused if one tries to include it twice. Change-Id: I1632801de6473ffd2c6557f3412521ec5d6b305c Reviewed-on: https://boringssl-review.googlesource.com/6650 Reviewed-by: Adam Langley <agl@google.com>
This commit is contained in:
parent
78fefbf3bb
commit
5a19d7dfa8
@ -202,24 +202,7 @@ how to use xors :-) I got it to its final state.
|
|||||||
#define ITERATIONS 16
|
#define ITERATIONS 16
|
||||||
#define HALF_ITERATIONS 8
|
#define HALF_ITERATIONS 8
|
||||||
|
|
||||||
#if defined(_MSC_VER)
|
|
||||||
#define ROTATE(a, n) (_lrotr(a, n))
|
|
||||||
#elif defined(__ICC)
|
|
||||||
#define ROTATE(a, n) (_rotr(a, n))
|
|
||||||
#elif defined(__GNUC__) && __GNUC__ >= 2 && !defined(OPENSSL_NO_ASM) && \
|
|
||||||
!defined(__STRICT_ANSI__) && \
|
|
||||||
(defined(OPENSSL_X86) || defined(OPENSSL_X86_64))
|
|
||||||
#define ROTATE(a, n) \
|
|
||||||
({ \
|
|
||||||
unsigned int ret; \
|
|
||||||
asm("rorl %1,%0" : "=r"(ret) : "I"(n), "0"(a) : "cc"); \
|
|
||||||
ret; \
|
|
||||||
})
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#ifndef ROTATE
|
|
||||||
#define ROTATE(a, n) (((a) >> (n)) + ((a) << (32 - (n))))
|
#define ROTATE(a, n) (((a) >> (n)) + ((a) << (32 - (n))))
|
||||||
#endif
|
|
||||||
|
|
||||||
|
|
||||||
#if defined(__cplusplus)
|
#if defined(__cplusplus)
|
||||||
|
@ -140,27 +140,6 @@ extern "C" {
|
|||||||
#error "HASH_MAKE_STRING must be defined!"
|
#error "HASH_MAKE_STRING must be defined!"
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#undef ROTATE
|
|
||||||
#if defined(_MSC_VER)
|
|
||||||
#define ROTATE(a, n) _lrotl(a, n)
|
|
||||||
#elif defined(__ICC)
|
|
||||||
#define ROTATE(a, n) _rotl(a, n)
|
|
||||||
#elif defined(__GNUC__) && __GNUC__ >= 2 && !defined(OPENSSL_NO_ASM)
|
|
||||||
#if defined(OPENSSL_X86) || defined(OPENSSL_X86_64)
|
|
||||||
/* Note this macro requires |n| be a constant. */
|
|
||||||
#define ROTATE(a, n) \
|
|
||||||
({ \
|
|
||||||
register uint32_t ret; \
|
|
||||||
asm("roll %1, %0" : "=r"(ret) : "I"(n), "0"((uint32_t)(a)) : "cc"); \
|
|
||||||
ret; \
|
|
||||||
})
|
|
||||||
#endif /* OPENSSL_X86 || OPENSSL_X86_64 */
|
|
||||||
#endif /* COMPILER */
|
|
||||||
|
|
||||||
#ifndef ROTATE
|
|
||||||
#define ROTATE(a, n) (((a) << (n)) | (((a)&0xffffffff) >> (32 - (n))))
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#if defined(DATA_ORDER_IS_BIG_ENDIAN)
|
#if defined(DATA_ORDER_IS_BIG_ENDIAN)
|
||||||
|
|
||||||
#if !defined(PEDANTIC) && defined(__GNUC__) && __GNUC__ >= 2 && \
|
#if !defined(PEDANTIC) && defined(__GNUC__) && __GNUC__ >= 2 && \
|
||||||
|
@ -103,6 +103,8 @@ void md4_block_data_order(uint32_t *state, const uint8_t *data, size_t num);
|
|||||||
#define G(b, c, d) (((b) & (c)) | ((b) & (d)) | ((c) & (d)))
|
#define G(b, c, d) (((b) & (c)) | ((b) & (d)) | ((c) & (d)))
|
||||||
#define H(b, c, d) ((b) ^ (c) ^ (d))
|
#define H(b, c, d) ((b) ^ (c) ^ (d))
|
||||||
|
|
||||||
|
#define ROTATE(a, n) (((a) << (n)) | ((a) >> (32 - (n))))
|
||||||
|
|
||||||
#define R0(a, b, c, d, k, s, t) \
|
#define R0(a, b, c, d, k, s, t) \
|
||||||
{ \
|
{ \
|
||||||
a += ((k) + (t)+F((b), (c), (d))); \
|
a += ((k) + (t)+F((b), (c), (d))); \
|
||||||
|
@ -127,6 +127,8 @@ void md5_block_data_order(uint32_t *state, const uint8_t *data, size_t num);
|
|||||||
#define H(b,c,d) ((b) ^ (c) ^ (d))
|
#define H(b,c,d) ((b) ^ (c) ^ (d))
|
||||||
#define I(b,c,d) (((~(d)) | (b)) ^ (c))
|
#define I(b,c,d) (((~(d)) | (b)) ^ (c))
|
||||||
|
|
||||||
|
#define ROTATE(a, n) (((a) << (n)) | ((a) >> (32 - (n))))
|
||||||
|
|
||||||
#define R0(a,b,c,d,k,s,t) { \
|
#define R0(a,b,c,d,k,s,t) { \
|
||||||
a+=((k)+(t)+F((b),(c),(d))); \
|
a+=((k)+(t)+F((b),(c),(d))); \
|
||||||
a=ROTATE(a,s); \
|
a=ROTATE(a,s); \
|
||||||
|
@ -117,6 +117,7 @@ uint8_t *SHA1(const uint8_t *data, size_t len, uint8_t *out) {
|
|||||||
#define HASH_TRANSFORM SHA1_Transform
|
#define HASH_TRANSFORM SHA1_Transform
|
||||||
#define HASH_FINAL SHA1_Final
|
#define HASH_FINAL SHA1_Final
|
||||||
#define HASH_BLOCK_DATA_ORDER sha1_block_data_order
|
#define HASH_BLOCK_DATA_ORDER sha1_block_data_order
|
||||||
|
#define ROTATE(a, n) (((a) << (n)) | ((a) >> (32 - (n))))
|
||||||
#define Xupdate(a, ix, ia, ib, ic, id) \
|
#define Xupdate(a, ix, ia, ib, ic, id) \
|
||||||
((a) = (ia ^ ib ^ ic ^ id), ix = (a) = ROTATE((a), 1))
|
((a) = (ia ^ ib ^ ic ^ id), ix = (a) = ROTATE((a), 1))
|
||||||
|
|
||||||
|
@ -204,6 +204,8 @@ static const uint32_t K256[64] = {
|
|||||||
0x682e6ff3UL, 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL,
|
0x682e6ff3UL, 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL,
|
||||||
0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL};
|
0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL};
|
||||||
|
|
||||||
|
#define ROTATE(a, n) (((a) << (n)) | ((a) >> (32 - (n))))
|
||||||
|
|
||||||
/* FIPS specification refers to right rotations, while our ROTATE macro
|
/* FIPS specification refers to right rotations, while our ROTATE macro
|
||||||
* is left one. This is why you might notice that rotation coefficients
|
* is left one. This is why you might notice that rotation coefficients
|
||||||
* differ from those observed in FIPS document by 32-N... */
|
* differ from those observed in FIPS document by 32-N... */
|
||||||
|
Loading…
Reference in New Issue
Block a user