# This code is ~4.5 (four and a half) times faster than code generated
# by gcc 3.4 and it spends ~72 clock cycles per byte.
-# This module currently has dependency on byte order, namely *dword*
-# order in ctx->h[0-9]. I have to think of a way to reliably detect
-# "endianness" [and flip below two constants] or arrange given dword
-# order in C.
-$lo=0; # this denotes little-endian platform.
-$hi=4;
+# Byte order [in]dependence. =========================================
+#
+# Caller is expected to maintain specific *dword* order in h[0-7],
+# namely with most significant dword at *lower* address, which is
+# reflected in below two parameters. *Byte* order within these dwords
+# in turn is whatever *native* byte order on current platform.
+$hi=0;
+$lo=4;
+# ====================================================================
$ctx="r0";
$inp="r1";
int SHA384_Init (SHA512_CTX *c)
{
+#if defined(SHA512_ASM) && (defined(__arm__) || defined(__arm))
+ /* maintain dword order required by assembler module */
+ unsigned int *h = (unsigned int *)c->h;
+
+ h[0] = 0xcbbb9d5d; h[1] = 0xc1059ed8;
+ h[2] = 0x629a292a; h[3] = 0x367cd507;
+ h[4] = 0x9159015a; h[5] = 0x3070dd17;
+ h[6] = 0x152fecd8; h[7] = 0xf70e5939;
+ h[8] = 0x67332667; h[9] = 0xffc00b31;
+ h[10] = 0x8eb44a87; h[11] = 0x68581511;
+ h[12] = 0xdb0c2e0d; h[13] = 0x64f98fa7;
+ h[14] = 0x47b5481d; h[15] = 0xbefa4fa4;
+#else
c->h[0]=U64(0xcbbb9d5dc1059ed8);
c->h[1]=U64(0x629a292a367cd507);
c->h[2]=U64(0x9159015a3070dd17);
c->h[5]=U64(0x8eb44a8768581511);
c->h[6]=U64(0xdb0c2e0d64f98fa7);
c->h[7]=U64(0x47b5481dbefa4fa4);
+#endif
c->Nl=0; c->Nh=0;
c->num=0; c->md_len=SHA384_DIGEST_LENGTH;
return 1;
int SHA512_Init (SHA512_CTX *c)
{
+#if defined(SHA512_ASM) && (defined(__arm__) || defined(__arm))
+ /* maintain dword order required by assembler module */
+ unsigned int *h = (unsigned int *)c->h;
+
+ h[0] = 0x6a09e667; h[1] = 0xf3bcc908;
+ h[2] = 0xbb67ae85; h[3] = 0x84caa73b;
+ h[4] = 0x3c6ef372; h[5] = 0xfe94f82b;
+ h[6] = 0xa54ff53a; h[7] = 0x5f1d36f1;
+ h[8] = 0x510e527f; h[9] = 0xade682d1;
+ h[10] = 0x9b05688c; h[11] = 0x2b3e6c1f;
+ h[12] = 0x1f83d9ab; h[13] = 0xfb41bd6b;
+ h[14] = 0x5be0cd19; h[15] = 0x137e2179;
+#else
c->h[0]=U64(0x6a09e667f3bcc908);
c->h[1]=U64(0xbb67ae8584caa73b);
c->h[2]=U64(0x3c6ef372fe94f82b);
c->h[5]=U64(0x9b05688c2b3e6c1f);
c->h[6]=U64(0x1f83d9abfb41bd6b);
c->h[7]=U64(0x5be0cd19137e2179);
+#endif
c->Nl=0; c->Nh=0;
c->num=0; c->md_len=SHA512_DIGEST_LENGTH;
return 1;
if (md==0) return 0;
+#if defined(SHA512_ASM) && (defined(__arm__) || defined(__arm))
+ /* recall assembler dword order... */
+ n = c->md_len;
+ if (n == SHA384_DIGEST_LENGTH || n == SHA512_DIGEST_LENGTH)
+ {
+ unsigned int *h = (unsigned int *)c->h, t;
+
+ for (n/=4;n;n--)
+ {
+ t = *(h++);
+ *(md++) = (unsigned char)(t>>24);
+ *(md++) = (unsigned char)(t>>16);
+ *(md++) = (unsigned char)(t>>8);
+ *(md++) = (unsigned char)(t);
+ }
+ }
+ else return 0;
+#else
switch (c->md_len)
{
/* Let compiler decide if it's appropriate to unroll... */
/* ... as well as make sure md_len is not abused. */
default: return 0;
}
-
+#endif
return 1;
}
projects / openssl.git / commitdiff