Make sha512-armv4.pl byte-order neutral.

2 files changed, 56 insertions, 7 deletions

diff --git a/crypto/sha/asm/sha512-armv4.pl b/crypto/sha/asm/sha512-armv4.pl
index 7e7a726b17..da720bd5d3 100644
--- a/crypto/sha/asm/sha512-armv4.pl
+++ b/crypto/sha/asm/sha512-armv4.pl
@@ -12,12 +12,15 @@
 # This code is ~4.5 (four and a half) times faster than code generated
 # by gcc 3.4 and it spends ~72 clock cycles per byte. 
 
-# This module currently has dependency on byte order, namely *dword*
-# order in ctx->h[0-9]. I have to think of a way to reliably detect
-# "endianness" [and flip below two constants] or arrange given dword
-# order in C.
-$lo=0;	# this denotes little-endian platform.
-$hi=4;
+# Byte order [in]dependence. =========================================
+#
+# Caller is expected to maintain specific *dword* order in h[0-7],
+# namely with most significant dword at *lower* address, which is
+# reflected in below two parameters. *Byte* order within these dwords
+# in turn is whatever *native* byte order on current platform.
+$hi=0;
+$lo=4;
+# ====================================================================
 
 $ctx="r0";
 $inp="r1";
diff --git a/crypto/sha/sha512.c b/crypto/sha/sha512.c
index 914458c000..654b59a125 100644
--- a/crypto/sha/sha512.c
+++ b/crypto/sha/sha512.c
@@ -61,6 +61,19 @@ const char SHA512_version[]="SHA-512" OPENSSL_VERSION_PTEXT;
 
 int SHA384_Init (SHA512_CTX *c)
 	{
+#if defined(SHA512_ASM) && (defined(__arm__) || defined(__arm))
+	/* maintain dword order required by assembler module */
+	unsigned int *h = (unsigned int *)c->h;
+
+	h[0]  = 0xcbbb9d5d; h[1]  = 0xc1059ed8;
+	h[2]  = 0x629a292a; h[3]  = 0x367cd507;
+	h[4]  = 0x9159015a; h[5]  = 0x3070dd17;
+	h[6]  = 0x152fecd8; h[7]  = 0xf70e5939;
+	h[8]  = 0x67332667; h[9]  = 0xffc00b31;
+	h[10] = 0x8eb44a87; h[11] = 0x68581511;
+	h[12] = 0xdb0c2e0d; h[13] = 0x64f98fa7;
+	h[14] = 0x47b5481d; h[15] = 0xbefa4fa4;
+#else
 	c->h[0]=U64(0xcbbb9d5dc1059ed8);
 	c->h[1]=U64(0x629a292a367cd507);
 	c->h[2]=U64(0x9159015a3070dd17);
@@ -69,6 +82,7 @@ int SHA384_Init (SHA512_CTX *c)
 	c->h[5]=U64(0x8eb44a8768581511);
 	c->h[6]=U64(0xdb0c2e0d64f98fa7);
 	c->h[7]=U64(0x47b5481dbefa4fa4);
+#endif
         c->Nl=0;        c->Nh=0;
         c->num=0;       c->md_len=SHA384_DIGEST_LENGTH;
         return 1;
@@ -76,6 +90,19 @@ int SHA384_Init (SHA512_CTX *c)
 
 int SHA512_Init (SHA512_CTX *c)
 	{
+#if defined(SHA512_ASM) && (defined(__arm__) || defined(__arm))
+	/* maintain dword order required by assembler module */
+	unsigned int *h = (unsigned int *)c->h;
+
+	h[0]  = 0x6a09e667; h[1]  = 0xf3bcc908;
+	h[2]  = 0xbb67ae85; h[3]  = 0x84caa73b;
+	h[4]  = 0x3c6ef372; h[5]  = 0xfe94f82b;
+	h[6]  = 0xa54ff53a; h[7]  = 0x5f1d36f1;
+	h[8]  = 0x510e527f; h[9]  = 0xade682d1;
+	h[10] = 0x9b05688c; h[11] = 0x2b3e6c1f;
+	h[12] = 0x1f83d9ab; h[13] = 0xfb41bd6b;
+	h[14] = 0x5be0cd19; h[15] = 0x137e2179;
+#else
 	c->h[0]=U64(0x6a09e667f3bcc908);
 	c->h[1]=U64(0xbb67ae8584caa73b);
 	c->h[2]=U64(0x3c6ef372fe94f82b);
@@ -84,6 +111,7 @@ int SHA512_Init (SHA512_CTX *c)
 	c->h[5]=U64(0x9b05688c2b3e6c1f);
 	c->h[6]=U64(0x1f83d9abfb41bd6b);
 	c->h[7]=U64(0x5be0cd19137e2179);
+#endif
         c->Nl=0;        c->Nh=0;
         c->num=0;       c->md_len=SHA512_DIGEST_LENGTH;
         return 1;
@@ -132,6 +160,24 @@ int SHA512_Final (unsigned char *md, SHA512_CTX *c)
 
 	if (md==0) return 0;
 
+#if defined(SHA512_ASM) && (defined(__arm__) || defined(__arm))
+	/* recall assembler dword order... */
+	n = c->md_len;
+	if (n == SHA384_DIGEST_LENGTH || n == SHA512_DIGEST_LENGTH)
+		{
+		unsigned int *h = (unsigned int *)c->h, t;
+
+		for (n/=4;n;n--)
+			{
+			t = *(h++);
+			*(md++) = (unsigned char)(t>>24);
+			*(md++) = (unsigned char)(t>>16);
+			*(md++) = (unsigned char)(t>>8);
+			*(md++) = (unsigned char)(t);
+			}
+		}
+	else	return 0;
+#else
 	switch (c->md_len)
 		{
 		/* Let compiler decide if it's appropriate to unroll... */
@@ -168,7 +214,7 @@ int SHA512_Final (unsigned char *md, SHA512_CTX *c)
 		/* ... as well as make sure md_len is not abused. */
 		default:	return 0;
 		}
-
+#endif
 	return 1;
 	}