The message schedule W[80] is calculated anew when sha512_transform
is executed. Therefore it is local to that function and does not need
to be defined in struct sha512_ctx.
Note: the sha256 algorithm already does it this way.
Signed-off-by: Adrian-Ken Rueegsegger <ken@xxxxxxxxxxx>
---
crypto/sha512_generic.c | 13 +++++--------
1 files changed, 5 insertions(+), 8 deletions(-)
diff --git a/crypto/sha512_generic.c b/crypto/sha512_generic.c
index bc36861..e0b0303 100644
--- a/crypto/sha512_generic.c
+++ b/crypto/sha512_generic.c
@@ -25,7 +25,6 @@ struct sha512_ctx {
u64 state[8];
u32 count[4];
u8 buf[128];
- u64 W[80];
};
static inline u64 Ch(u64 x, u64 y, u64 z)
@@ -89,10 +88,10 @@ static inline void BLEND_OP(int I, u64 *W)
}
static void
-sha512_transform(u64 *state, u64 *W, const u8 *input)
+sha512_transform(u64 *state, const u8 *input)
{
u64 a, b, c, d, e, f, g, h, t1, t2;
-
+ u64 W[80];
int i;
/* load the input */
@@ -132,6 +131,7 @@ sha512_transform(u64 *state, u64 *W, const u8 *input)
/* erase our data */
a = b = c = d = e = f = g = h = t1 = t2 = 0;
+ memset(W, 0, 80 * sizeof(u64));
}
static void
@@ -187,10 +187,10 @@ sha512_update(struct crypto_tfm *tfm, const u8 *data, unsigned int len)
/* Transform as many times as possible. */
if (len >= part_len) {
memcpy(&sctx->buf[index], data, part_len);
- sha512_transform(sctx->state, sctx->W, sctx->buf);
+ sha512_transform(sctx->state, sctx->buf);
for (i = part_len; i + 127 < len; i+=128)
- sha512_transform(sctx->state, sctx->W, &data[i]);
+ sha512_transform(sctx->state, &data[i]);
index = 0;
} else {
@@ -199,9 +199,6 @@ sha512_update(struct crypto_tfm *tfm, const u8 *data, unsigned int len)
/* Buffer remaining input */
memcpy(&sctx->buf[index], &data[i], len - i);
-
- /* erase our data */
- memset(sctx->W, 0, sizeof(sctx->W));
}
static void
--
1.5.2.5
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
