Simplify handling of big vs little endian.

Rather than sprinkling BYTE_ORDER checks throughout the implementation,
always define PULL64 - on big endian platforms it just becomes a no-op.

ok tb@

diff --git a/lib/libcrypto/sha/sha512.c b/lib/libcrypto/sha/sha512.c
index 9b4b2cf..8c78f82 100644 (file)
--- a/lib/libcrypto/sha/sha512.c
+++ b/lib/libcrypto/sha/sha512.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sha512.c,v 1.27 2023/04/11 10:32:21 jsing Exp $ */
+/* $OpenBSD: sha512.c,v 1.28 2023/04/11 10:35:21 jsing Exp $ */
 /* ====================================================================
  * Copyright (c) 1998-2011 The OpenSSL Project.  All rights reserved.
  *
@@ -142,9 +142,13 @@ static const SHA_LONG64 K512[80] = {
 #endif
 
 #ifndef PULL64
+#if BYTE_ORDER == BIG_ENDIAN
+#define PULL64(x)      (x)
+#else
 #define B(x, j)                (((SHA_LONG64)(*(((const unsigned char *)(&x))+j)))<<((7-j)*8))
 #define PULL64(x)      (B(x,0)|B(x,1)|B(x,2)|B(x,3)|B(x,4)|B(x,5)|B(x,6)|B(x,7))
 #endif
+#endif
 
 #ifndef ROTR
 #define ROTR(x, s)     (((x)>>s) | (x)<<(64-s))
@@ -242,11 +246,7 @@ sha512_block_data_order(SHA512_CTX *ctx, const void *in, size_t num)
                h = ctx->h[7];
 
                for (i = 0; i < 16; i++) {
-#if BYTE_ORDER == BIG_ENDIAN
-                       T1 = X[i] = W[i];
-#else
                        T1 = X[i] = PULL64(W[i]);
-#endif
                        T1 += h + Sigma1(e) + Ch(e, f, g) + K512[i];
                        T2 = Sigma0(a) + Maj(a, b, c);
                        h = g;
@@ -323,40 +323,6 @@ sha512_block_data_order(SHA512_CTX *ctx, const void *in, size_t num)
                g = ctx->h[6];
                h = ctx->h[7];
 
-#if BYTE_ORDER == BIG_ENDIAN
-               T1 = X[0] = W[0];
-               ROUND_00_15(0, a, b, c, d, e, f, g, h);
-               T1 = X[1] = W[1];
-               ROUND_00_15(1, h, a, b, c, d, e, f, g);
-               T1 = X[2] = W[2];
-               ROUND_00_15(2, g, h, a, b, c, d, e, f);
-               T1 = X[3] = W[3];
-               ROUND_00_15(3, f, g, h, a, b, c, d, e);
-               T1 = X[4] = W[4];
-               ROUND_00_15(4, e, f, g, h, a, b, c, d);
-               T1 = X[5] = W[5];
-               ROUND_00_15(5, d, e, f, g, h, a, b, c);
-               T1 = X[6] = W[6];
-               ROUND_00_15(6, c, d, e, f, g, h, a, b);
-               T1 = X[7] = W[7];
-               ROUND_00_15(7, b, c, d, e, f, g, h, a);
-               T1 = X[8] = W[8];
-               ROUND_00_15(8, a, b, c, d, e, f, g, h);
-               T1 = X[9] = W[9];
-               ROUND_00_15(9, h, a, b, c, d, e, f, g);
-               T1 = X[10] = W[10];
-               ROUND_00_15(10, g, h, a, b, c, d, e, f);
-               T1 = X[11] = W[11];
-               ROUND_00_15(11, f, g, h, a, b, c, d, e);
-               T1 = X[12] = W[12];
-               ROUND_00_15(12, e, f, g, h, a, b, c, d);
-               T1 = X[13] = W[13];
-               ROUND_00_15(13, d, e, f, g, h, a, b, c);
-               T1 = X[14] = W[14];
-               ROUND_00_15(14, c, d, e, f, g, h, a, b);
-               T1 = X[15] = W[15];
-               ROUND_00_15(15, b, c, d, e, f, g, h, a);
-#else
                T1 = X[0] = PULL64(W[0]);
                ROUND_00_15(0, a, b, c, d, e, f, g, h);
                T1 = X[1] = PULL64(W[1]);
@@ -389,7 +355,6 @@ sha512_block_data_order(SHA512_CTX *ctx, const void *in, size_t num)
                ROUND_00_15(14, c, d, e, f, g, h, a, b);
                T1 = X[15] = PULL64(W[15]);
                ROUND_00_15(15, b, c, d, e, f, g, h, a);
-#endif
 
                for (i = 16; i < 80; i += 16) {
                        ROUND_16_80(i, 0, a, b, c, d, e, f, g, h, X);