Coverage Report

Created: 2024-11-21 07:03

/src/boringssl/crypto/fipsmodule/sha/sha1.c.inc
Line
Count
Source (jump to first uncovered line)
1
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
2
 * All rights reserved.
3
 *
4
 * This package is an SSL implementation written
5
 * by Eric Young (eay@cryptsoft.com).
6
 * The implementation was written so as to conform with Netscapes SSL.
7
 *
8
 * This library is free for commercial and non-commercial use as long as
9
 * the following conditions are aheared to.  The following conditions
10
 * apply to all code found in this distribution, be it the RC4, RSA,
11
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
12
 * included with this distribution is covered by the same copyright terms
13
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
14
 *
15
 * Copyright remains Eric Young's, and as such any Copyright notices in
16
 * the code are not to be removed.
17
 * If this package is used in a product, Eric Young should be given attribution
18
 * as the author of the parts of the library used.
19
 * This can be in the form of a textual message at program startup or
20
 * in documentation (online or textual) provided with the package.
21
 *
22
 * Redistribution and use in source and binary forms, with or without
23
 * modification, are permitted provided that the following conditions
24
 * are met:
25
 * 1. Redistributions of source code must retain the copyright
26
 *    notice, this list of conditions and the following disclaimer.
27
 * 2. Redistributions in binary form must reproduce the above copyright
28
 *    notice, this list of conditions and the following disclaimer in the
29
 *    documentation and/or other materials provided with the distribution.
30
 * 3. All advertising materials mentioning features or use of this software
31
 *    must display the following acknowledgement:
32
 *    "This product includes cryptographic software written by
33
 *     Eric Young (eay@cryptsoft.com)"
34
 *    The word 'cryptographic' can be left out if the rouines from the library
35
 *    being used are not cryptographic related :-).
36
 * 4. If you include any Windows specific code (or a derivative thereof) from
37
 *    the apps directory (application code) you must include an acknowledgement:
38
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
39
 *
40
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50
 * SUCH DAMAGE.
51
 *
52
 * The licence and distribution terms for any publically available version or
53
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
54
 * copied and put under another distribution licence
55
 * [including the GNU Public Licence.] */
56
57
#include <string.h>
58
59
#include <openssl/mem.h>
60
61
#include "../bcm_interface.h"
62
#include "../../internal.h"
63
#include "../digest/md32_common.h"
64
#include "../service_indicator/internal.h"
65
#include "internal.h"
66
67
68
17.0k
bcm_infallible BCM_sha1_init(SHA_CTX *sha) {
69
17.0k
  OPENSSL_memset(sha, 0, sizeof(SHA_CTX));
70
17.0k
  sha->h[0] = 0x67452301UL;
71
17.0k
  sha->h[1] = 0xefcdab89UL;
72
17.0k
  sha->h[2] = 0x98badcfeUL;
73
17.0k
  sha->h[3] = 0x10325476UL;
74
17.0k
  sha->h[4] = 0xc3d2e1f0UL;
75
17.0k
  return bcm_infallible_approved;
76
17.0k
}
77
78
#if !defined(SHA1_ASM)
79
static void sha1_block_data_order(uint32_t state[5], const uint8_t *data,
80
                                  size_t num);
81
#endif
82
83
0
bcm_infallible BCM_sha1_transform(SHA_CTX *c, const uint8_t data[SHA_CBLOCK]) {
84
0
  sha1_block_data_order(c->h, data, 1);
85
0
  return bcm_infallible_approved;
86
0
}
87
88
40.1k
bcm_infallible BCM_sha1_update(SHA_CTX *c, const void *data, size_t len) {
89
40.1k
  crypto_md32_update(&sha1_block_data_order, c->h, c->data, SHA_CBLOCK, &c->num,
90
40.1k
                     &c->Nh, &c->Nl, data, len);
91
40.1k
  return bcm_infallible_approved;
92
40.1k
}
93
94
static void sha1_output_state(uint8_t out[SHA_DIGEST_LENGTH],
95
21.1k
                              const SHA_CTX *ctx) {
96
21.1k
  CRYPTO_store_u32_be(out, ctx->h[0]);
97
21.1k
  CRYPTO_store_u32_be(out + 4, ctx->h[1]);
98
21.1k
  CRYPTO_store_u32_be(out + 8, ctx->h[2]);
99
21.1k
  CRYPTO_store_u32_be(out + 12, ctx->h[3]);
100
21.1k
  CRYPTO_store_u32_be(out + 16, ctx->h[4]);
101
21.1k
}
102
103
21.1k
bcm_infallible BCM_sha1_final(uint8_t out[SHA_DIGEST_LENGTH], SHA_CTX *c) {
104
21.1k
  crypto_md32_final(&sha1_block_data_order, c->h, c->data, SHA_CBLOCK, &c->num,
105
21.1k
                    c->Nh, c->Nl, /*is_big_endian=*/1);
106
107
21.1k
  sha1_output_state(out, c);
108
21.1k
  FIPS_service_indicator_update_state();
109
21.1k
  return bcm_infallible_approved;
110
21.1k
}
111
112
bcm_infallible BCM_fips_186_2_prf(uint8_t *out, size_t out_len,
113
0
                           const uint8_t xkey[SHA_DIGEST_LENGTH]) {
114
  // XKEY and XVAL are 160-bit values, but are internally right-padded up to
115
  // block size. See FIPS 186-2, Appendix 3.3. This buffer maintains both the
116
  // current value of XKEY and the padding.
117
0
  uint8_t block[SHA_CBLOCK] = {0};
118
0
  OPENSSL_memcpy(block, xkey, SHA_DIGEST_LENGTH);
119
120
0
  while (out_len != 0) {
121
    // We always use a zero XSEED, so we can merge the inner and outer loops.
122
    // XVAL is also always equal to XKEY.
123
0
    SHA_CTX ctx;
124
0
    BCM_sha1_init(&ctx);
125
0
    BCM_sha1_transform(&ctx, block);
126
127
    // XKEY = (1 + XKEY + w_i) mod 2^b
128
0
    uint32_t carry = 1;
129
0
    for (int i = 4; i >= 0; i--) {
130
0
      uint32_t tmp = CRYPTO_load_u32_be(block + i * 4);
131
0
      tmp = CRYPTO_addc_u32(tmp, ctx.h[i], carry, &carry);
132
0
      CRYPTO_store_u32_be(block + i * 4, tmp);
133
0
    }
134
135
    // Output w_i.
136
0
    if (out_len < SHA_DIGEST_LENGTH) {
137
0
      uint8_t buf[SHA_DIGEST_LENGTH];
138
0
      sha1_output_state(buf, &ctx);
139
0
      OPENSSL_memcpy(out, buf, out_len);
140
0
      break;
141
0
    }
142
0
    sha1_output_state(out, &ctx);
143
0
    out += SHA_DIGEST_LENGTH;
144
0
    out_len -= SHA_DIGEST_LENGTH;
145
0
  }
146
0
  return bcm_infallible_not_approved;
147
0
}
148
149
#define Xupdate(a, ix, ia, ib, ic, id)    \
150
14.5M
  do {                                    \
151
14.5M
    (a) = ((ia) ^ (ib) ^ (ic) ^ (id));    \
152
14.5M
    (ix) = (a) = CRYPTO_rotl_u32((a), 1); \
153
14.5M
  } while (0)
154
155
4.56M
#define K_00_19 0x5a827999UL
156
4.56M
#define K_20_39 0x6ed9eba1UL
157
4.56M
#define K_40_59 0x8f1bbcdcUL
158
4.56M
#define K_60_79 0xca62c1d6UL
159
160
// As  pointed out by Wei Dai <weidai@eskimo.com>, F() below can be simplified
161
// to the code in F_00_19.  Wei attributes these optimisations to Peter
162
// Gutmann's SHS code, and he attributes it to Rich Schroeppel. #define
163
// F(x,y,z) (((x) & (y))  |  ((~(x)) & (z))) I've just become aware of another
164
// tweak to be made, again from Wei Dai, in F_40_59, (x&a)|(y&a) -> (x|y)&a
165
4.56M
#define F_00_19(b, c, d) ((((c) ^ (d)) & (b)) ^ (d))
166
9.12M
#define F_20_39(b, c, d) ((b) ^ (c) ^ (d))
167
4.56M
#define F_40_59(b, c, d) (((b) & (c)) | (((b) | (c)) & (d)))
168
4.56M
#define F_60_79(b, c, d) F_20_39(b, c, d)
169
170
#define BODY_00_15(i, a, b, c, d, e, f, xi)                \
171
3.64M
  do {                                                     \
172
3.64M
    (f) = (xi) + (e) + K_00_19 + CRYPTO_rotl_u32((a), 5) + \
173
3.64M
          F_00_19((b), (c), (d));                          \
174
3.64M
    (b) = CRYPTO_rotl_u32((b), 30);                        \
175
3.64M
  } while (0)
176
177
#define BODY_16_19(i, a, b, c, d, e, f, xi, xa, xb, xc, xd)                  \
178
912k
  do {                                                                       \
179
912k
    Xupdate(f, xi, xa, xb, xc, xd);                                          \
180
912k
    (f) += (e) + K_00_19 + CRYPTO_rotl_u32((a), 5) + F_00_19((b), (c), (d)); \
181
912k
    (b) = CRYPTO_rotl_u32((b), 30);                                          \
182
912k
  } while (0)
183
184
#define BODY_20_31(i, a, b, c, d, e, f, xi, xa, xb, xc, xd)                  \
185
2.73M
  do {                                                                       \
186
2.73M
    Xupdate(f, xi, xa, xb, xc, xd);                                          \
187
2.73M
    (f) += (e) + K_20_39 + CRYPTO_rotl_u32((a), 5) + F_20_39((b), (c), (d)); \
188
2.73M
    (b) = CRYPTO_rotl_u32((b), 30);                                          \
189
2.73M
  } while (0)
190
191
#define BODY_32_39(i, a, b, c, d, e, f, xa, xb, xc, xd)                      \
192
1.82M
  do {                                                                       \
193
1.82M
    Xupdate(f, xa, xa, xb, xc, xd);                                          \
194
1.82M
    (f) += (e) + K_20_39 + CRYPTO_rotl_u32((a), 5) + F_20_39((b), (c), (d)); \
195
1.82M
    (b) = CRYPTO_rotl_u32((b), 30);                                          \
196
1.82M
  } while (0)
197
198
#define BODY_40_59(i, a, b, c, d, e, f, xa, xb, xc, xd)                      \
199
4.56M
  do {                                                                       \
200
4.56M
    Xupdate(f, xa, xa, xb, xc, xd);                                          \
201
4.56M
    (f) += (e) + K_40_59 + CRYPTO_rotl_u32((a), 5) + F_40_59((b), (c), (d)); \
202
4.56M
    (b) = CRYPTO_rotl_u32((b), 30);                                          \
203
4.56M
  } while (0)
204
205
#define BODY_60_79(i, a, b, c, d, e, f, xa, xb, xc, xd)    \
206
4.56M
  do {                                                     \
207
4.56M
    Xupdate(f, xa, xa, xb, xc, xd);                        \
208
4.56M
    (f) = (xa) + (e) + K_60_79 + CRYPTO_rotl_u32((a), 5) + \
209
4.56M
          F_60_79((b), (c), (d));                          \
210
4.56M
    (b) = CRYPTO_rotl_u32((b), 30);                        \
211
4.56M
  } while (0)
212
213
#ifdef X
214
#undef X
215
#endif
216
217
/* Originally X was an array. As it's automatic it's natural
218
* to expect RISC compiler to accomodate at least part of it in
219
* the register bank, isn't it? Unfortunately not all compilers
220
* "find" this expectation reasonable:-( On order to make such
221
* compilers generate better code I replace X[] with a bunch of
222
* X0, X1, etc. See the function body below...
223
*         <appro@fy.chalmers.se> */
224
3.64M
#define X(i)  XX##i
225
226
#if !defined(SHA1_ASM)
227
228
#if !defined(SHA1_ASM_NOHW)
229
static void sha1_block_data_order_nohw(uint32_t state[5], const uint8_t *data,
230
23.1k
                                       size_t num) {
231
23.1k
  register uint32_t A, B, C, D, E, T;
232
23.1k
  uint32_t XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, XX8, XX9, XX10,
233
23.1k
      XX11, XX12, XX13, XX14, XX15;
234
235
23.1k
  A = state[0];
236
23.1k
  B = state[1];
237
23.1k
  C = state[2];
238
23.1k
  D = state[3];
239
23.1k
  E = state[4];
240
241
228k
  for (;;) {
242
228k
    X(0) = CRYPTO_load_u32_be(data);
243
228k
    data += 4;
244
228k
    X(1) = CRYPTO_load_u32_be(data);
245
228k
    data += 4;
246
228k
    BODY_00_15(0, A, B, C, D, E, T, X(0));
247
228k
    X(2) = CRYPTO_load_u32_be(data);
248
228k
    data += 4;
249
228k
    BODY_00_15(1, T, A, B, C, D, E, X(1));
250
228k
    X(3) = CRYPTO_load_u32_be(data);
251
228k
    data += 4;
252
228k
    BODY_00_15(2, E, T, A, B, C, D, X(2));
253
228k
    X(4) = CRYPTO_load_u32_be(data);
254
228k
    data += 4;
255
228k
    BODY_00_15(3, D, E, T, A, B, C, X(3));
256
228k
    X(5) = CRYPTO_load_u32_be(data);
257
228k
    data += 4;
258
228k
    BODY_00_15(4, C, D, E, T, A, B, X(4));
259
228k
    X(6) = CRYPTO_load_u32_be(data);
260
228k
    data += 4;
261
228k
    BODY_00_15(5, B, C, D, E, T, A, X(5));
262
228k
    X(7) = CRYPTO_load_u32_be(data);
263
228k
    data += 4;
264
228k
    BODY_00_15(6, A, B, C, D, E, T, X(6));
265
228k
    X(8) = CRYPTO_load_u32_be(data);
266
228k
    data += 4;
267
228k
    BODY_00_15(7, T, A, B, C, D, E, X(7));
268
228k
    X(9) = CRYPTO_load_u32_be(data);
269
228k
    data += 4;
270
228k
    BODY_00_15(8, E, T, A, B, C, D, X(8));
271
228k
    X(10) = CRYPTO_load_u32_be(data);
272
228k
    data += 4;
273
228k
    BODY_00_15(9, D, E, T, A, B, C, X(9));
274
228k
    X(11) = CRYPTO_load_u32_be(data);
275
228k
    data += 4;
276
228k
    BODY_00_15(10, C, D, E, T, A, B, X(10));
277
228k
    X(12) = CRYPTO_load_u32_be(data);
278
228k
    data += 4;
279
228k
    BODY_00_15(11, B, C, D, E, T, A, X(11));
280
228k
    X(13) = CRYPTO_load_u32_be(data);
281
228k
    data += 4;
282
228k
    BODY_00_15(12, A, B, C, D, E, T, X(12));
283
228k
    X(14) = CRYPTO_load_u32_be(data);
284
228k
    data += 4;
285
228k
    BODY_00_15(13, T, A, B, C, D, E, X(13));
286
228k
    X(15) = CRYPTO_load_u32_be(data);
287
228k
    data += 4;
288
228k
    BODY_00_15(14, E, T, A, B, C, D, X(14));
289
228k
    BODY_00_15(15, D, E, T, A, B, C, X(15));
290
291
228k
    BODY_16_19(16, C, D, E, T, A, B, X(0), X(0), X(2), X(8), X(13));
292
228k
    BODY_16_19(17, B, C, D, E, T, A, X(1), X(1), X(3), X(9), X(14));
293
228k
    BODY_16_19(18, A, B, C, D, E, T, X(2), X(2), X(4), X(10), X(15));
294
228k
    BODY_16_19(19, T, A, B, C, D, E, X(3), X(3), X(5), X(11), X(0));
295
296
228k
    BODY_20_31(20, E, T, A, B, C, D, X(4), X(4), X(6), X(12), X(1));
297
228k
    BODY_20_31(21, D, E, T, A, B, C, X(5), X(5), X(7), X(13), X(2));
298
228k
    BODY_20_31(22, C, D, E, T, A, B, X(6), X(6), X(8), X(14), X(3));
299
228k
    BODY_20_31(23, B, C, D, E, T, A, X(7), X(7), X(9), X(15), X(4));
300
228k
    BODY_20_31(24, A, B, C, D, E, T, X(8), X(8), X(10), X(0), X(5));
301
228k
    BODY_20_31(25, T, A, B, C, D, E, X(9), X(9), X(11), X(1), X(6));
302
228k
    BODY_20_31(26, E, T, A, B, C, D, X(10), X(10), X(12), X(2), X(7));
303
228k
    BODY_20_31(27, D, E, T, A, B, C, X(11), X(11), X(13), X(3), X(8));
304
228k
    BODY_20_31(28, C, D, E, T, A, B, X(12), X(12), X(14), X(4), X(9));
305
228k
    BODY_20_31(29, B, C, D, E, T, A, X(13), X(13), X(15), X(5), X(10));
306
228k
    BODY_20_31(30, A, B, C, D, E, T, X(14), X(14), X(0), X(6), X(11));
307
228k
    BODY_20_31(31, T, A, B, C, D, E, X(15), X(15), X(1), X(7), X(12));
308
309
228k
    BODY_32_39(32, E, T, A, B, C, D, X(0), X(2), X(8), X(13));
310
228k
    BODY_32_39(33, D, E, T, A, B, C, X(1), X(3), X(9), X(14));
311
228k
    BODY_32_39(34, C, D, E, T, A, B, X(2), X(4), X(10), X(15));
312
228k
    BODY_32_39(35, B, C, D, E, T, A, X(3), X(5), X(11), X(0));
313
228k
    BODY_32_39(36, A, B, C, D, E, T, X(4), X(6), X(12), X(1));
314
228k
    BODY_32_39(37, T, A, B, C, D, E, X(5), X(7), X(13), X(2));
315
228k
    BODY_32_39(38, E, T, A, B, C, D, X(6), X(8), X(14), X(3));
316
228k
    BODY_32_39(39, D, E, T, A, B, C, X(7), X(9), X(15), X(4));
317
318
228k
    BODY_40_59(40, C, D, E, T, A, B, X(8), X(10), X(0), X(5));
319
228k
    BODY_40_59(41, B, C, D, E, T, A, X(9), X(11), X(1), X(6));
320
228k
    BODY_40_59(42, A, B, C, D, E, T, X(10), X(12), X(2), X(7));
321
228k
    BODY_40_59(43, T, A, B, C, D, E, X(11), X(13), X(3), X(8));
322
228k
    BODY_40_59(44, E, T, A, B, C, D, X(12), X(14), X(4), X(9));
323
228k
    BODY_40_59(45, D, E, T, A, B, C, X(13), X(15), X(5), X(10));
324
228k
    BODY_40_59(46, C, D, E, T, A, B, X(14), X(0), X(6), X(11));
325
228k
    BODY_40_59(47, B, C, D, E, T, A, X(15), X(1), X(7), X(12));
326
228k
    BODY_40_59(48, A, B, C, D, E, T, X(0), X(2), X(8), X(13));
327
228k
    BODY_40_59(49, T, A, B, C, D, E, X(1), X(3), X(9), X(14));
328
228k
    BODY_40_59(50, E, T, A, B, C, D, X(2), X(4), X(10), X(15));
329
228k
    BODY_40_59(51, D, E, T, A, B, C, X(3), X(5), X(11), X(0));
330
228k
    BODY_40_59(52, C, D, E, T, A, B, X(4), X(6), X(12), X(1));
331
228k
    BODY_40_59(53, B, C, D, E, T, A, X(5), X(7), X(13), X(2));
332
228k
    BODY_40_59(54, A, B, C, D, E, T, X(6), X(8), X(14), X(3));
333
228k
    BODY_40_59(55, T, A, B, C, D, E, X(7), X(9), X(15), X(4));
334
228k
    BODY_40_59(56, E, T, A, B, C, D, X(8), X(10), X(0), X(5));
335
228k
    BODY_40_59(57, D, E, T, A, B, C, X(9), X(11), X(1), X(6));
336
228k
    BODY_40_59(58, C, D, E, T, A, B, X(10), X(12), X(2), X(7));
337
228k
    BODY_40_59(59, B, C, D, E, T, A, X(11), X(13), X(3), X(8));
338
339
228k
    BODY_60_79(60, A, B, C, D, E, T, X(12), X(14), X(4), X(9));
340
228k
    BODY_60_79(61, T, A, B, C, D, E, X(13), X(15), X(5), X(10));
341
228k
    BODY_60_79(62, E, T, A, B, C, D, X(14), X(0), X(6), X(11));
342
228k
    BODY_60_79(63, D, E, T, A, B, C, X(15), X(1), X(7), X(12));
343
228k
    BODY_60_79(64, C, D, E, T, A, B, X(0), X(2), X(8), X(13));
344
228k
    BODY_60_79(65, B, C, D, E, T, A, X(1), X(3), X(9), X(14));
345
228k
    BODY_60_79(66, A, B, C, D, E, T, X(2), X(4), X(10), X(15));
346
228k
    BODY_60_79(67, T, A, B, C, D, E, X(3), X(5), X(11), X(0));
347
228k
    BODY_60_79(68, E, T, A, B, C, D, X(4), X(6), X(12), X(1));
348
228k
    BODY_60_79(69, D, E, T, A, B, C, X(5), X(7), X(13), X(2));
349
228k
    BODY_60_79(70, C, D, E, T, A, B, X(6), X(8), X(14), X(3));
350
228k
    BODY_60_79(71, B, C, D, E, T, A, X(7), X(9), X(15), X(4));
351
228k
    BODY_60_79(72, A, B, C, D, E, T, X(8), X(10), X(0), X(5));
352
228k
    BODY_60_79(73, T, A, B, C, D, E, X(9), X(11), X(1), X(6));
353
228k
    BODY_60_79(74, E, T, A, B, C, D, X(10), X(12), X(2), X(7));
354
228k
    BODY_60_79(75, D, E, T, A, B, C, X(11), X(13), X(3), X(8));
355
228k
    BODY_60_79(76, C, D, E, T, A, B, X(12), X(14), X(4), X(9));
356
228k
    BODY_60_79(77, B, C, D, E, T, A, X(13), X(15), X(5), X(10));
357
228k
    BODY_60_79(78, A, B, C, D, E, T, X(14), X(0), X(6), X(11));
358
228k
    BODY_60_79(79, T, A, B, C, D, E, X(15), X(1), X(7), X(12));
359
360
228k
    state[0] = (state[0] + E) & 0xffffffffL;
361
228k
    state[1] = (state[1] + T) & 0xffffffffL;
362
228k
    state[2] = (state[2] + A) & 0xffffffffL;
363
228k
    state[3] = (state[3] + B) & 0xffffffffL;
364
228k
    state[4] = (state[4] + C) & 0xffffffffL;
365
366
228k
    if (--num == 0) {
367
23.1k
      break;
368
23.1k
    }
369
370
204k
    A = state[0];
371
204k
    B = state[1];
372
204k
    C = state[2];
373
204k
    D = state[3];
374
204k
    E = state[4];
375
204k
  }
376
23.1k
}
377
#endif  // !SHA1_ASM_NOHW
378
379
static void sha1_block_data_order(uint32_t state[5], const uint8_t *data,
380
23.1k
                                  size_t num) {
381
#if defined(SHA1_ASM_HW)
382
  if (sha1_hw_capable()) {
383
    sha1_block_data_order_hw(state, data, num);
384
    return;
385
  }
386
#endif
387
#if defined(SHA1_ASM_AVX2)
388
  if (sha1_avx2_capable()) {
389
    sha1_block_data_order_avx2(state, data, num);
390
    return;
391
  }
392
#endif
393
#if defined(SHA1_ASM_AVX)
394
  if (sha1_avx_capable()) {
395
    sha1_block_data_order_avx(state, data, num);
396
    return;
397
  }
398
#endif
399
#if defined(SHA1_ASM_SSSE3)
400
  if (sha1_ssse3_capable()) {
401
    sha1_block_data_order_ssse3(state, data, num);
402
    return;
403
  }
404
#endif
405
#if defined(SHA1_ASM_NEON)
406
  if (CRYPTO_is_NEON_capable()) {
407
    sha1_block_data_order_neon(state, data, num);
408
    return;
409
  }
410
#endif
411
23.1k
  sha1_block_data_order_nohw(state, data, num);
412
23.1k
}
413
414
#endif  // !SHA1_ASM
415
416
#undef Xupdate
417
#undef K_00_19
418
#undef K_20_39
419
#undef K_40_59
420
#undef K_60_79
421
#undef F_00_19
422
#undef F_20_39
423
#undef F_40_59
424
#undef F_60_79
425
#undef BODY_00_15
426
#undef BODY_16_19
427
#undef BODY_20_31
428
#undef BODY_32_39
429
#undef BODY_40_59
430
#undef BODY_60_79
431
#undef X