From 7bdb62b33649056f8eb7b5b8accf307c2f374faa Mon Sep 17 00:00:00 2001
From: Jeffrey Walton <noloader@gmail.com>
Date: Fri, 15 Sep 2017 18:33:05 -0400
Subject: Fix bad SHA152 hash under IBM XL C/C++ compiler (GH #502)

---
 sha.cpp | 92 +++++++++++++++++++++++++++++++++++++++++++++++++++++++----------
 1 file changed, 79 insertions(+), 13 deletions(-)

(limited to 'sha.cpp')

diff --git a/sha.cpp b/sha.cpp
index d384b1fd..982677a2 100644
--- a/sha.cpp
+++ b/sha.cpp
@@ -132,6 +132,17 @@ void SHA1_HashBlock_CXX(word32 *state, const word32 *data)
     state[4] += e;
 }
 
+#undef blk0
+#undef blk1
+#undef f1
+#undef f2
+#undef f3
+#undef f4
+#undef R1
+#undef R2
+#undef R3
+#undef R4
+
 ANONYMOUS_NAMESPACE_END
 
 //////////////////////////////
@@ -236,11 +247,6 @@ const word32 SHA256_K[64] CRYPTOPP_SECTION_ALIGN16 = {
 
 ANONYMOUS_NAMESPACE_BEGIN
 
-#define blk2(i) (W[i&15]+=s1(W[(i-2)&15])+W[(i-7)&15]+s0(W[(i-15)&15]))
-
-#define Ch(x,y,z) (z^(x&(y^z)))
-#define Maj(x,y,z) (y^((x^y)&(y^z)))
-
 #define a(i) T[(0-i)&7]
 #define b(i) T[(1-i)&7]
 #define c(i) T[(2-i)&7]
@@ -250,14 +256,20 @@ ANONYMOUS_NAMESPACE_BEGIN
 #define g(i) T[(6-i)&7]
 #define h(i) T[(7-i)&7]
 
+#define blk0(i) (W[i] = data[i])
+#define blk2(i) (W[i&15]+=s1(W[(i-2)&15])+W[(i-7)&15]+s0(W[(i-15)&15]))
+
+#define Ch(x,y,z) (z^(x&(y^z)))
+#define Maj(x,y,z) (y^((x^y)&(y^z)))
+
 #define R(i) h(i)+=S1(e(i))+Ch(e(i),f(i),g(i))+SHA256_K[i+j]+(j?blk2(i):blk0(i));\
     d(i)+=h(i);h(i)+=S0(a(i))+Maj(a(i),b(i),c(i))
 
 // for SHA256
-#define S0(x) (rotrFixed(x,2)^rotrFixed(x,13)^rotrFixed(x,22))
-#define S1(x) (rotrFixed(x,6)^rotrFixed(x,11)^rotrFixed(x,25))
 #define s0(x) (rotrFixed(x,7)^rotrFixed(x,18)^(x>>3))
 #define s1(x) (rotrFixed(x,17)^rotrFixed(x,19)^(x>>10))
+#define S0(x) (rotrFixed(x,2)^rotrFixed(x,13)^rotrFixed(x,22))
+#define S1(x) (rotrFixed(x,6)^rotrFixed(x,11)^rotrFixed(x,25))
 
 void SHA256_HashBlock_CXX(word32 *state, const word32 *data)
 {
@@ -283,12 +295,26 @@ void SHA256_HashBlock_CXX(word32 *state, const word32 *data)
     state[7] += h(0);
 }
 
-#undef S0
-#undef S1
+#undef Ch
+#undef Maj
 #undef s0
 #undef s1
+#undef S0
+#undef S1
+#undef blk0
+#undef blk1
+#undef blk2
 #undef R
 
+#undef a
+#undef b
+#undef c
+#undef d
+#undef e
+#undef f
+#undef g
+#undef h
+
 ANONYMOUS_NAMESPACE_END
 
 void SHA224::InitState(HashWordType *state)
@@ -782,8 +808,10 @@ void SHA512::InitState(HashWordType *state)
     memcpy(state, s, sizeof(s));
 }
 
+// We add extern to export table to sha-simd.cpp, but it
+//  cleared http://github.com/weidai11/cryptopp/issues/502
 CRYPTOPP_ALIGN_DATA(16)
-const word64 SHA512_K[80] CRYPTOPP_SECTION_ALIGN16 = {
+extern const word64 SHA512_K[80] CRYPTOPP_SECTION_ALIGN16 = {
     W64LIT(0x428a2f98d728ae22), W64LIT(0x7137449123ef65cd),
     W64LIT(0xb5c0fbcfec4d3b2f), W64LIT(0xe9b5dba58189dbbc),
     W64LIT(0x3956c25bf348b538), W64LIT(0x59f111f1b605d019),
@@ -1030,13 +1058,28 @@ ANONYMOUS_NAMESPACE_END
 
 ANONYMOUS_NAMESPACE_BEGIN
 
-#define S0(x) (rotrFixed(x,28)^rotrFixed(x,34)^rotrFixed(x,39))
-#define S1(x) (rotrFixed(x,14)^rotrFixed(x,18)^rotrFixed(x,41))
+#define a(i) T[(0-i)&7]
+#define b(i) T[(1-i)&7]
+#define c(i) T[(2-i)&7]
+#define d(i) T[(3-i)&7]
+#define e(i) T[(4-i)&7]
+#define f(i) T[(5-i)&7]
+#define g(i) T[(6-i)&7]
+#define h(i) T[(7-i)&7]
+
+#define blk0(i) (W[i]=data[i])
+#define blk2(i) (W[i&15]+=s1(W[(i-2)&15])+W[(i-7)&15]+s0(W[(i-15)&15]))
+
+#define Ch(x,y,z) (z^(x&(y^z)))
+#define Maj(x,y,z) (y^((x^y)&(y^z)))
+
 #define s0(x) (rotrFixed(x,1)^rotrFixed(x,8)^(x>>7))
 #define s1(x) (rotrFixed(x,19)^rotrFixed(x,61)^(x>>6))
+#define S0(x) (rotrFixed(x,28)^rotrFixed(x,34)^rotrFixed(x,39))
+#define S1(x) (rotrFixed(x,14)^rotrFixed(x,18)^rotrFixed(x,41))
 
 #define R(i) h(i)+=S1(e(i))+Ch(e(i),f(i),g(i))+SHA512_K[i+j]+\
-    (j?blk2(i):blk0(i));d(i)+=h(i);h(i)+=S0(a(i))+Maj(a(i),b(i),c(i))
+    (j?blk2(i):blk0(i));d(i)+=h(i);h(i)+=S0(a(i))+Maj(a(i),b(i),c(i));
 
 void SHA512_HashBlock_CXX(word64 *state, const word64 *data)
 {
@@ -1065,6 +1108,29 @@ void SHA512_HashBlock_CXX(word64 *state, const word64 *data)
     state[7] += h(0);
 }
 
+#undef Ch
+#undef Maj
+
+#undef s0
+#undef s1
+#undef S0
+#undef S1
+
+#undef blk0
+#undef blk1
+#undef blk2
+
+#undef R
+
+#undef a
+#undef b
+#undef c
+#undef d
+#undef e
+#undef f
+#undef g
+#undef h
+
 ANONYMOUS_NAMESPACE_END
 
 void SHA512::Transform(word64 *state, const word64 *data)
-- 
cgit v1.2.1