SHA-512: hoisted w[] out of the round function

This avoids wiping w[] for each block, and reclaims the speed
we lost in the previous commit.  It's also simpler.

diff --git a/src/optional/sha512.c b/src/optional/sha512.c
index 7bbbc4538fffd5b9869459f10357bb47d8cbb233..0b56fa14f3191f418dcba96e3f5a4fc90a1a4bbe 100644 (file)
--- a/src/optional/sha512.c
+++ b/src/optional/sha512.c
@@ -69,7 +69,7 @@ static const u64 K[80] = {
 
 static void sha512_compress(crypto_sha512_ctx *ctx)
 {
-    u64 w[80];
+    u64 *w = ctx->w;
     FOR(i,  0, 16) { w[i] = ctx->input[i]; }
     FOR(i, 16, 80) { w[i] = (lit_sigma1(w[i- 2]) + w[i- 7] +
                              lit_sigma0(w[i-15]) + w[i-16]); }
@@ -88,11 +88,6 @@ static void sha512_compress(crypto_sha512_ctx *ctx)
     ctx->hash[2] += c;    ctx->hash[3] += d;
     ctx->hash[4] += e;    ctx->hash[5] += f;
     ctx->hash[6] += g;    ctx->hash[7] += h;
-
-    volatile u64 *W = w;
-    FOR (i, 0, 80) {
-        W[i] = 0;
-    }
 }
 
 static void sha512_set_input(crypto_sha512_ctx *ctx, u8 input)

diff --git a/src/optional/sha512.h b/src/optional/sha512.h
index d08f926f34b75bbd48a59773fcc71bf0a50558e6..13540792fa8760d4fbf7889801ce8513e2f9dfa3 100644 (file)
--- a/src/optional/sha512.h
+++ b/src/optional/sha512.h
@@ -5,6 +5,7 @@
 #include <inttypes.h>
 
 typedef struct {
+    uint64_t w[80]; // work area
     uint64_t hash[8];
     uint64_t input[16];
     uint64_t input_size[2];