From: Loup Vaillant <loup@loup-vaillant.fr>
Date: Mon, 22 Jan 2018 21:38:05 +0000 (+0100)
Subject: SHA-512: hoisted w[] out of the round function
X-Git-Url: https://git.codecow.com/?a=commitdiff_plain;h=93e89bf0a34df28e51e61da2fceba5f41fb17c98;p=Monocypher.git

SHA-512: hoisted w[] out of the round function

This avoids wiping w[] for each block, and reclaims the speed
we lost in the previous commit.  It's also simpler.
---

diff --git a/src/optional/sha512.c b/src/optional/sha512.c
index 7bbbc45..0b56fa1 100644
--- a/src/optional/sha512.c
+++ b/src/optional/sha512.c
@@ -69,7 +69,7 @@ static const u64 K[80] = {
 
 static void sha512_compress(crypto_sha512_ctx *ctx)
 {
-    u64 w[80];
+    u64 *w = ctx->w;
     FOR(i,  0, 16) { w[i] = ctx->input[i]; }
     FOR(i, 16, 80) { w[i] = (lit_sigma1(w[i- 2]) + w[i- 7] +
                              lit_sigma0(w[i-15]) + w[i-16]); }
@@ -88,11 +88,6 @@ static void sha512_compress(crypto_sha512_ctx *ctx)
     ctx->hash[2] += c;    ctx->hash[3] += d;
     ctx->hash[4] += e;    ctx->hash[5] += f;
     ctx->hash[6] += g;    ctx->hash[7] += h;
-
-    volatile u64 *W = w;
-    FOR (i, 0, 80) {
-        W[i] = 0;
-    }
 }
 
 static void sha512_set_input(crypto_sha512_ctx *ctx, u8 input)
diff --git a/src/optional/sha512.h b/src/optional/sha512.h
index d08f926..1354079 100644
--- a/src/optional/sha512.h
+++ b/src/optional/sha512.h
@@ -5,6 +5,7 @@
 #include <inttypes.h>
 
 typedef struct {
+    uint64_t w[80]; // work area
     uint64_t hash[8];
     uint64_t input[16];
     uint64_t input_size[2];