memset(CTX, 0, sizeof(gost2012_hash_ctx));
CTX->digest_size = digest_size;
+ /*
+ * IV for 512-bit hash should be 0^512
+ * IV for 256-bit hash should be (00000001)^64
+ *
+ * It's already zeroed when CTX is cleared above, so we only
+ * need to set it to 0x01-s for 256-bit hash.
+ */
if (digest_size == 256)
memset(&CTX->h, 0x01, sizeof(uint512_u));
- else
- memset(&CTX->h, 0x00, sizeof(uint512_u));
}
static INLINE void pad(gost2012_hash_ctx * CTX)
{
unsigned char buf[64];
- if (CTX->bufsize > 63)
- return;
-
memset(&buf, 0x00, sizeof buf);
memcpy(&buf, CTX->buffer, CTX->bufsize);
{
#ifndef __GOST3411_BIG_ENDIAN__
unsigned int CF, OF;
+ unsigned long long tmp;
unsigned int i;
CF = 0;
- for (i = 0; i < 8; i++) {
- r->QWORD[i] = x->QWORD[i] + y->QWORD[i];
- if (r->QWORD[i] < y->QWORD[i] || r->QWORD[i] < x->QWORD[i])
+ for (i = 0; i < 8; i++)
+ {
+ /* Detecting integer overflow condition for three numbers
+ * in a portable way is tricky a little. */
+
+ /* Step 1: numbers cause overflow */
+ tmp = x->QWORD[i] + y->QWORD[i];
+
+ /* Compare with any of two summands, no need to check both */
+ if (tmp < x->QWORD[i])
OF = 1;
else
OF = 0;
- r->QWORD[i] += CF;
+ /* Step 2: carry bit causes overflow */
+ tmp += CF;
+
+ if (CF > 0 && tmp == 0)
+ OF = 1;
+
CF = OF;
+
+ r->QWORD[i] = tmp;
}
#else
const unsigned char *xp, *yp;
static INLINE void stage2(gost2012_hash_ctx * CTX, const unsigned char *data)
{
- g(&(CTX->h), &(CTX->N), data);
+ union uint512_u m;
+
+ memcpy(&m, data, sizeof(m));
+ g(&(CTX->h), &(CTX->N), (const unsigned char *)&m);
add512(&(CTX->N), &buffer512, &(CTX->N));
- add512(&(CTX->Sigma), (const union uint512_u *)data, &(CTX->Sigma));
+ add512(&(CTX->Sigma), &m, &(CTX->Sigma));
}
static INLINE void stage3(gost2012_hash_ctx * CTX)
g(&(CTX->h), &buffer0, (const unsigned char *)&(CTX->N));
g(&(CTX->h), &buffer0, (const unsigned char *)&(CTX->Sigma));
- memcpy(&(CTX->hash), &(CTX->h), sizeof(uint512_u));
}
/*
CTX->bufsize = 0;
if (CTX->digest_size == 256)
- memcpy(digest, &(CTX->hash.QWORD[4]), 32);
+ memcpy(digest, &(CTX->h.QWORD[4]), 32);
else
- memcpy(digest, &(CTX->hash.QWORD[0]), 64);
+ memcpy(digest, &(CTX->h.QWORD[0]), 64);
}