Provide and use crypto_store_htobe64().

It is common to need to store data in a specific endianness - rather than
handrolling and deduplicating code to do this, provide a
crypto_store_htobe64() function that converts from host endian to big
endian, before storing the data to a location with unknown alignment.

ok tb@

2 files changed, 43 insertions, 23 deletions

diff --git a/lib/libcrypto/crypto_internal.h b/lib/libcrypto/crypto_internal.h
new file mode 100644
index 00000000000..af2a87216e2
--- /dev/null
+++ b/lib/libcrypto/crypto_internal.h
@@ -0,0 +1,34 @@
+/*	$OpenBSD: crypto_internal.h,v 1.1 2023/04/12 04:40:39 jsing Exp $ */
+/*
+ * Copyright (c) 2023 Joel Sing <jsing@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <endian.h>
+#include <stddef.h>
+#include <string.h>
+
+#ifndef HEADER_CRYPTO_INTERNAL_H
+#define HEADER_CRYPTO_INTERNAL_H
+
+#ifndef HAVE_CRYPTO_STORE_HTOBE64
+static inline void
+crypto_store_htobe64(uint8_t *dst, uint64_t v)
+{
+	v = htobe64(v);
+	memcpy(dst, &v, sizeof(v));
+}
+#endif
+
+#endif
diff --git a/lib/libcrypto/sha/sha512.c b/lib/libcrypto/sha/sha512.c
index a518c039ea2..14c4cbd4f3a 100644
--- a/lib/libcrypto/sha/sha512.c
+++ b/lib/libcrypto/sha/sha512.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sha512.c,v 1.30 2023/04/11 15:38:55 tb Exp $ */
+/* $OpenBSD: sha512.c,v 1.31 2023/04/12 04:40:39 jsing Exp $ */
 /* ====================================================================
  * Copyright (c) 1998-2011 The OpenSSL Project.  All rights reserved.
  *
@@ -61,6 +61,8 @@
 #include <openssl/crypto.h>
 #include <openssl/sha.h>
 
+#include "crypto_internal.h"
+
 #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA512)
 
 #if !defined(__STRICT_ALIGNMENT) || defined(SHA512_ASM)
@@ -552,37 +554,21 @@ SHA512_Final(unsigned char *md, SHA512_CTX *c)
 
 	sha512_block_data_order(c, p, 1);
 
-	if (md == 0)
+	if (md == NULL)
 		return 0;
 
+	/* Let compiler decide if it's appropriate to unroll... */
 	switch (c->md_len) {
-		/* Let compiler decide if it's appropriate to unroll... */
 	case SHA384_DIGEST_LENGTH:
 		for (n = 0; n < SHA384_DIGEST_LENGTH/8; n++) {
-			SHA_LONG64 t = c->h[n];
-
-			*(md++) = (unsigned char)(t >> 56);
-			*(md++) = (unsigned char)(t >> 48);
-			*(md++) = (unsigned char)(t >> 40);
-			*(md++) = (unsigned char)(t >> 32);
-			*(md++) = (unsigned char)(t >> 24);
-			*(md++) = (unsigned char)(t >> 16);
-			*(md++) = (unsigned char)(t >> 8);
-			*(md++) = (unsigned char)(t);
+			crypto_store_htobe64(md, c->h[n]);
+			md += 8;
 		}
 		break;
 	case SHA512_DIGEST_LENGTH:
 		for (n = 0; n < SHA512_DIGEST_LENGTH/8; n++) {
-			SHA_LONG64 t = c->h[n];
-
-			*(md++) = (unsigned char)(t >> 56);
-			*(md++) = (unsigned char)(t >> 48);
-			*(md++) = (unsigned char)(t >> 40);
-			*(md++) = (unsigned char)(t >> 32);
-			*(md++) = (unsigned char)(t >> 24);
-			*(md++) = (unsigned char)(t >> 16);
-			*(md++) = (unsigned char)(t >> 8);
-			*(md++) = (unsigned char)(t);
+			crypto_store_htobe64(md, c->h[n]);
+			md += 8;
 		}
 		break;
 		/* ... as well as make sure md_len is not abused. */