diff options
author | Jeffrey Walton <noloader@gmail.com> | 2017-08-13 16:05:39 -0400 |
---|---|---|
committer | Jeffrey Walton <noloader@gmail.com> | 2017-08-13 16:05:39 -0400 |
commit | 2aff92ddb6e679fca04432f01a1a16a035e33008 (patch) | |
tree | 87673ebbd4e2aee79d52717cafd6bf67fe1629df /seal.cpp | |
parent | 863bf9133c81933f4417fa9de49850a7c181158c (diff) | |
download | cryptopp-git-2aff92ddb6e679fca04432f01a1a16a035e33008.tar.gz |
Fix bad SHA::Transform calculation (Issue 455)
Reworked SHA class internals to align all the implementations. Formerly all hashes were software based, IterHashBase handled endian conversions, IterHashBase repeatedly called the single block SHA{N}::Transform. The rework added SHA{N}::HashMultipleBlocks, and the SHA classes attempt to always use it.
Now SHA{N}::Transform calls into SHA{N}_HashMultipleBlocks, which is a free standing function. An added wrinkle is hardware wants little endian data and software presents big endian data, so HashMultipleBlocks accepts a ByteOrder for the incoming data. Hardware based SHA{N}_HashMultipleBlocks can often perform the endian swap much easier by setting an EPI mask so it was profitable to defer to hardware when available.
The rework also removed the hacked-in pointers to implementations. The class now looks more like AES, GCM, etc.
Diffstat (limited to 'seal.cpp')
-rw-r--r-- | seal.cpp | 6 |
1 files changed, 1 insertions, 5 deletions
@@ -38,12 +38,8 @@ word32 SEAL_Gamma::Apply(word32 i) word32 shaIndex = i/5;
if (shaIndex != lastIndex)
{
-#if CRYPTOPP_BOOL_SSE_SHA_INTRINSICS_AVAILABLE
- D[0] = ConditionalByteReverse(HasSHA() ? BIG_ENDIAN_ORDER : LITTLE_ENDIAN_ORDER, shaIndex);
-#else
- D[0] = shaIndex;
-#endif
memcpy(Z, H, 20);
+ D[0] = shaIndex;
SHA1::Transform(Z, D);
lastIndex = shaIndex;
}
|