aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2011-08-07 17:07:03 -0400
committerLinus Torvalds <torvalds@linux-foundation.org>2011-08-07 17:07:03 -0400
commit4d4487140d34c1b9b321889d2d209321b0da6643 (patch)
tree1f1fa8d67a9f36980e457b77234d89f6761098c9
parent3295514841c2112d94451ba5deaf54f5afb78ea9 (diff)
arm: remove "optimized" SHA1 routines
Since commit 1eb19a12bd22 ("lib/sha1: use the git implementation of SHA-1"), the ARM SHA1 routines no longer work. The reason? They depended on the larger 320-byte workspace, and now the sha1 workspace is just 16 words (64 bytes). So the assembly version would overwrite the stack randomly. The optimized asm version is also probably slower than the new improved C version, so there's no reason to keep it around. At least that was the case in git, where what appears to be the same assembly language version was removed two years ago because the optimized C BLK_SHA1 code was faster. Reported-and-tested-by: Joachim Eastwood <manabian@gmail.com> Cc: Andreas Schwab <schwab@linux-m68k.org> Cc: Nicolas Pitre <nico@fluxnic.net> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-rw-r--r--arch/arm/lib/Makefile2
-rw-r--r--arch/arm/lib/sha1.S211
2 files changed, 1 insertions, 212 deletions
diff --git a/arch/arm/lib/Makefile b/arch/arm/lib/Makefile
index 59ff42ddf0ae..cf73a7f742dd 100644
--- a/arch/arm/lib/Makefile
+++ b/arch/arm/lib/Makefile
@@ -12,7 +12,7 @@ lib-y := backtrace.o changebit.o csumipv6.o csumpartial.o \
12 strchr.o strrchr.o \ 12 strchr.o strrchr.o \
13 testchangebit.o testclearbit.o testsetbit.o \ 13 testchangebit.o testclearbit.o testsetbit.o \
14 ashldi3.o ashrdi3.o lshrdi3.o muldi3.o \ 14 ashldi3.o ashrdi3.o lshrdi3.o muldi3.o \
15 ucmpdi2.o lib1funcs.o div64.o sha1.o \ 15 ucmpdi2.o lib1funcs.o div64.o \
16 io-readsb.o io-writesb.o io-readsl.o io-writesl.o 16 io-readsb.o io-writesb.o io-readsl.o io-writesl.o
17 17
18mmu-y := clear_user.o copy_page.o getuser.o putuser.o 18mmu-y := clear_user.o copy_page.o getuser.o putuser.o
diff --git a/arch/arm/lib/sha1.S b/arch/arm/lib/sha1.S
deleted file mode 100644
index eb0edb80d7b8..000000000000
--- a/arch/arm/lib/sha1.S
+++ /dev/null
@@ -1,211 +0,0 @@
1/*
2 * linux/arch/arm/lib/sha1.S
3 *
4 * SHA transform optimized for ARM
5 *
6 * Copyright: (C) 2005 by Nicolas Pitre <nico@fluxnic.net>
7 * Created: September 17, 2005
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License version 2 as
11 * published by the Free Software Foundation.
12 *
13 * The reference implementation for this code is linux/lib/sha1.c
14 */
15
16#include <linux/linkage.h>
17
18 .text
19
20
21/*
22 * void sha_transform(__u32 *digest, const char *in, __u32 *W)
23 *
24 * Note: the "in" ptr may be unaligned.
25 */
26
27ENTRY(sha_transform)
28
29 stmfd sp!, {r4 - r8, lr}
30
31 @ for (i = 0; i < 16; i++)
32 @ W[i] = be32_to_cpu(in[i]);
33
34#ifdef __ARMEB__
35 mov r4, r0
36 mov r0, r2
37 mov r2, #64
38 bl memcpy
39 mov r2, r0
40 mov r0, r4
41#else
42 mov r3, r2
43 mov lr, #16
441: ldrb r4, [r1], #1
45 ldrb r5, [r1], #1
46 ldrb r6, [r1], #1
47 ldrb r7, [r1], #1
48 subs lr, lr, #1
49 orr r5, r5, r4, lsl #8
50 orr r6, r6, r5, lsl #8
51 orr r7, r7, r6, lsl #8
52 str r7, [r3], #4
53 bne 1b
54#endif
55
56 @ for (i = 0; i < 64; i++)
57 @ W[i+16] = ror(W[i+13] ^ W[i+8] ^ W[i+2] ^ W[i], 31);
58
59 sub r3, r2, #4
60 mov lr, #64
612: ldr r4, [r3, #4]!
62 subs lr, lr, #1
63 ldr r5, [r3, #8]
64 ldr r6, [r3, #32]
65 ldr r7, [r3, #52]
66 eor r4, r4, r5
67 eor r4, r4, r6
68 eor r4, r4, r7
69 mov r4, r4, ror #31
70 str r4, [r3, #64]
71 bne 2b
72
73 /*
74 * The SHA functions are:
75 *
76 * f1(B,C,D) = (D ^ (B & (C ^ D)))
77 * f2(B,C,D) = (B ^ C ^ D)
78 * f3(B,C,D) = ((B & C) | (D & (B | C)))
79 *
80 * Then the sub-blocks are processed as follows:
81 *
82 * A' = ror(A, 27) + f(B,C,D) + E + K + *W++
83 * B' = A
84 * C' = ror(B, 2)
85 * D' = C
86 * E' = D
87 *
88 * We therefore unroll each loop 5 times to avoid register shuffling.
89 * Also the ror for C (and also D and E which are successivelyderived
90 * from it) is applied in place to cut on an additional mov insn for
91 * each round.
92 */
93
94 .macro sha_f1, A, B, C, D, E
95 ldr r3, [r2], #4
96 eor ip, \C, \D
97 add \E, r1, \E, ror #2
98 and ip, \B, ip, ror #2
99 add \E, \E, \A, ror #27
100 eor ip, ip, \D, ror #2
101 add \E, \E, r3
102 add \E, \E, ip
103 .endm
104
105 .macro sha_f2, A, B, C, D, E
106 ldr r3, [r2], #4
107 add \E, r1, \E, ror #2
108 eor ip, \B, \C, ror #2
109 add \E, \E, \A, ror #27
110 eor ip, ip, \D, ror #2
111 add \E, \E, r3
112 add \E, \E, ip
113 .endm
114
115 .macro sha_f3, A, B, C, D, E
116 ldr r3, [r2], #4
117 add \E, r1, \E, ror #2
118 orr ip, \B, \C, ror #2
119 add \E, \E, \A, ror #27
120 and ip, ip, \D, ror #2
121 add \E, \E, r3
122 and r3, \B, \C, ror #2
123 orr ip, ip, r3
124 add \E, \E, ip
125 .endm
126
127 ldmia r0, {r4 - r8}
128
129 mov lr, #4
130 ldr r1, .L_sha_K + 0
131
132 /* adjust initial values */
133 mov r6, r6, ror #30
134 mov r7, r7, ror #30
135 mov r8, r8, ror #30
136
1373: subs lr, lr, #1
138 sha_f1 r4, r5, r6, r7, r8
139 sha_f1 r8, r4, r5, r6, r7
140 sha_f1 r7, r8, r4, r5, r6
141 sha_f1 r6, r7, r8, r4, r5
142 sha_f1 r5, r6, r7, r8, r4
143 bne 3b
144
145 ldr r1, .L_sha_K + 4
146 mov lr, #4
147
1484: subs lr, lr, #1
149 sha_f2 r4, r5, r6, r7, r8
150 sha_f2 r8, r4, r5, r6, r7
151 sha_f2 r7, r8, r4, r5, r6
152 sha_f2 r6, r7, r8, r4, r5
153 sha_f2 r5, r6, r7, r8, r4
154 bne 4b
155
156 ldr r1, .L_sha_K + 8
157 mov lr, #4
158
1595: subs lr, lr, #1
160 sha_f3 r4, r5, r6, r7, r8
161 sha_f3 r8, r4, r5, r6, r7
162 sha_f3 r7, r8, r4, r5, r6
163 sha_f3 r6, r7, r8, r4, r5
164 sha_f3 r5, r6, r7, r8, r4
165 bne 5b
166
167 ldr r1, .L_sha_K + 12
168 mov lr, #4
169
1706: subs lr, lr, #1
171 sha_f2 r4, r5, r6, r7, r8
172 sha_f2 r8, r4, r5, r6, r7
173 sha_f2 r7, r8, r4, r5, r6
174 sha_f2 r6, r7, r8, r4, r5
175 sha_f2 r5, r6, r7, r8, r4
176 bne 6b
177
178 ldmia r0, {r1, r2, r3, ip, lr}
179 add r4, r1, r4
180 add r5, r2, r5
181 add r6, r3, r6, ror #2
182 add r7, ip, r7, ror #2
183 add r8, lr, r8, ror #2
184 stmia r0, {r4 - r8}
185
186 ldmfd sp!, {r4 - r8, pc}
187
188ENDPROC(sha_transform)
189
190 .align 2
191.L_sha_K:
192 .word 0x5a827999, 0x6ed9eba1, 0x8f1bbcdc, 0xca62c1d6
193
194
195/*
196 * void sha_init(__u32 *buf)
197 */
198
199 .align 2
200.L_sha_initial_digest:
201 .word 0x67452301, 0xefcdab89, 0x98badcfe, 0x10325476, 0xc3d2e1f0
202
203ENTRY(sha_init)
204
205 str lr, [sp, #-4]!
206 adr r1, .L_sha_initial_digest
207 ldmia r1, {r1, r2, r3, ip, lr}
208 stmia r0, {r1, r2, r3, ip, lr}
209 ldr pc, [sp], #4
210
211ENDPROC(sha_init)