1 files changed, 64 insertions, 122 deletions

diff --git a/libc/bionic/sha1.c b/libc/bionic/sha1.c
index efa95a55c..a4fbd673b 100644
--- a/libc/bionic/sha1.c
+++ b/libc/bionic/sha1.c
@@ -22,10 +22,7 @@
 #include <assert.h>
 #include <sha1.h>
 #include <string.h>
-
-#if HAVE_NBTOOL_CONFIG_H
-#include "nbtool_config.h"
-#endif
+#include <endian.h>
 
 #if !HAVE_SHA1_H
 
@@ -36,8 +33,7 @@
  * I got the idea of expanding during the round function from SSLeay
  */
 #if BYTE_ORDER == LITTLE_ENDIAN
-# define blk0(i) (block->l[i] = (rol(block->l[i],24)&0xFF00FF00) \
-    |(rol(block->l[i],8)&0x00FF00FF))
+# define blk0(i) swap32(block->l[i])
 #else
 # define blk0(i) block->l[i]
 #endif
@@ -54,77 +50,17 @@
 #define R4(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0xCA62C1D6+rol(v,5);w=rol(w,30);
 
 typedef union {
-    u_char c[64];
-    u_int l[16];
+    uint8_t c[SHA1_BLOCK_SIZE];
+    uint32_t l[SHA1_BLOCK_SIZE/4];
 } CHAR64LONG16;
 
-/* old sparc64 gcc could not compile this */
-#undef SPARC64_GCC_WORKAROUND
-#if defined(__sparc64__) && defined(__GNUC__) && __GNUC__ < 3
-#define SPARC64_GCC_WORKAROUND
-#endif
-
-#ifdef SPARC64_GCC_WORKAROUND
-void do_R01(u_int32_t *a, u_int32_t *b, u_int32_t *c, u_int32_t *d, u_int32_t *e, CHAR64LONG16 *);
-void do_R2(u_int32_t *a, u_int32_t *b, u_int32_t *c, u_int32_t *d, u_int32_t *e, CHAR64LONG16 *);
-void do_R3(u_int32_t *a, u_int32_t *b, u_int32_t *c, u_int32_t *d, u_int32_t *e, CHAR64LONG16 *);
-void do_R4(u_int32_t *a, u_int32_t *b, u_int32_t *c, u_int32_t *d, u_int32_t *e, CHAR64LONG16 *);
-
-#define nR0(v,w,x,y,z,i) R0(*v,*w,*x,*y,*z,i)
-#define nR1(v,w,x,y,z,i) R1(*v,*w,*x,*y,*z,i)
-#define nR2(v,w,x,y,z,i) R2(*v,*w,*x,*y,*z,i)
-#define nR3(v,w,x,y,z,i) R3(*v,*w,*x,*y,*z,i)
-#define nR4(v,w,x,y,z,i) R4(*v,*w,*x,*y,*z,i)
-
-void
-do_R01(u_int32_t *a, u_int32_t *b, u_int32_t *c, u_int32_t *d, u_int32_t *e, CHAR64LONG16 *block)
-{
-    nR0(a,b,c,d,e, 0); nR0(e,a,b,c,d, 1); nR0(d,e,a,b,c, 2); nR0(c,d,e,a,b, 3);
-    nR0(b,c,d,e,a, 4); nR0(a,b,c,d,e, 5); nR0(e,a,b,c,d, 6); nR0(d,e,a,b,c, 7);
-    nR0(c,d,e,a,b, 8); nR0(b,c,d,e,a, 9); nR0(a,b,c,d,e,10); nR0(e,a,b,c,d,11);
-    nR0(d,e,a,b,c,12); nR0(c,d,e,a,b,13); nR0(b,c,d,e,a,14); nR0(a,b,c,d,e,15);
-    nR1(e,a,b,c,d,16); nR1(d,e,a,b,c,17); nR1(c,d,e,a,b,18); nR1(b,c,d,e,a,19);
-}
-
-void
-do_R2(u_int32_t *a, u_int32_t *b, u_int32_t *c, u_int32_t *d, u_int32_t *e, CHAR64LONG16 *block)
-{
-    nR2(a,b,c,d,e,20); nR2(e,a,b,c,d,21); nR2(d,e,a,b,c,22); nR2(c,d,e,a,b,23);
-    nR2(b,c,d,e,a,24); nR2(a,b,c,d,e,25); nR2(e,a,b,c,d,26); nR2(d,e,a,b,c,27);
-    nR2(c,d,e,a,b,28); nR2(b,c,d,e,a,29); nR2(a,b,c,d,e,30); nR2(e,a,b,c,d,31);
-    nR2(d,e,a,b,c,32); nR2(c,d,e,a,b,33); nR2(b,c,d,e,a,34); nR2(a,b,c,d,e,35);
-    nR2(e,a,b,c,d,36); nR2(d,e,a,b,c,37); nR2(c,d,e,a,b,38); nR2(b,c,d,e,a,39);
-}
-
-void
-do_R3(u_int32_t *a, u_int32_t *b, u_int32_t *c, u_int32_t *d, u_int32_t *e, CHAR64LONG16 *block)
-{
-    nR3(a,b,c,d,e,40); nR3(e,a,b,c,d,41); nR3(d,e,a,b,c,42); nR3(c,d,e,a,b,43);
-    nR3(b,c,d,e,a,44); nR3(a,b,c,d,e,45); nR3(e,a,b,c,d,46); nR3(d,e,a,b,c,47);
-    nR3(c,d,e,a,b,48); nR3(b,c,d,e,a,49); nR3(a,b,c,d,e,50); nR3(e,a,b,c,d,51);
-    nR3(d,e,a,b,c,52); nR3(c,d,e,a,b,53); nR3(b,c,d,e,a,54); nR3(a,b,c,d,e,55);
-    nR3(e,a,b,c,d,56); nR3(d,e,a,b,c,57); nR3(c,d,e,a,b,58); nR3(b,c,d,e,a,59);
-}
-
-void
-do_R4(u_int32_t *a, u_int32_t *b, u_int32_t *c, u_int32_t *d, u_int32_t *e, CHAR64LONG16 *block)
-{
-    nR4(a,b,c,d,e,60); nR4(e,a,b,c,d,61); nR4(d,e,a,b,c,62); nR4(c,d,e,a,b,63);
-    nR4(b,c,d,e,a,64); nR4(a,b,c,d,e,65); nR4(e,a,b,c,d,66); nR4(d,e,a,b,c,67);
-    nR4(c,d,e,a,b,68); nR4(b,c,d,e,a,69); nR4(a,b,c,d,e,70); nR4(e,a,b,c,d,71);
-    nR4(d,e,a,b,c,72); nR4(c,d,e,a,b,73); nR4(b,c,d,e,a,74); nR4(a,b,c,d,e,75);
-    nR4(e,a,b,c,d,76); nR4(d,e,a,b,c,77); nR4(c,d,e,a,b,78); nR4(b,c,d,e,a,79);
-}
-#endif
-
 /*
  * Hash a single 512-bit block. This is the core of the algorithm.
  */
-void SHA1Transform(state, buffer)
-    u_int32_t state[5];
-    const u_char buffer[64];
+void SHA1Transform(uint32_t state[SHA1_DIGEST_LENGTH/4],
+                   const uint8_t buffer[SHA1_BLOCK_SIZE])
 {
-    u_int32_t a, b, c, d, e;
+    uint32_t a, b, c, d, e;
     CHAR64LONG16 *block;
 
 #ifdef SHA1HANDSOFF
@@ -136,7 +72,7 @@ void SHA1Transform(state, buffer)
 
 #ifdef SHA1HANDSOFF
     block = &workspace;
-    (void)memcpy(block, buffer, 64);
+    (void)memcpy(block, buffer, SHA1_BLOCK_SIZE);
 #else
     block = (CHAR64LONG16 *)(void *)buffer;
 #endif
@@ -148,12 +84,6 @@ void SHA1Transform(state, buffer)
     d = state[3];
     e = state[4];
 
-#ifdef SPARC64_GCC_WORKAROUND
-    do_R01(&a, &b, &c, &d, &e, block);
-    do_R2(&a, &b, &c, &d, &e, block);
-    do_R3(&a, &b, &c, &d, &e, block);
-    do_R4(&a, &b, &c, &d, &e, block);
-#else
     /* 4 rounds of 20 operations each. Loop unrolled. */
     R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3);
     R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7);
@@ -175,7 +105,6 @@ void SHA1Transform(state, buffer)
     R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71);
     R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75);
     R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79);
-#endif
 
     /* Add the working vars back into context.state[] */
     state[0] += a;
@@ -192,78 +121,91 @@ void SHA1Transform(state, buffer)
 /*
  * SHA1Init - Initialize new context
  */
-void SHA1Init(context)
-    SHA1_CTX *context;
+void SHA1Init(SHA1_CTX *context)
 {
-
     assert(context != 0);
 
     /* SHA1 initialization constants */
-    context->state[0] = 0x67452301;
-    context->state[1] = 0xEFCDAB89;
-    context->state[2] = 0x98BADCFE;
-    context->state[3] = 0x10325476;
-    context->state[4] = 0xC3D2E1F0;
-    context->count[0] = context->count[1] = 0;
+    *context = (SHA1_CTX) {
+        .state = {
+            0x67452301,
+            0xEFCDAB89,
+            0x98BADCFE,
+            0x10325476,
+            0xC3D2E1F0,
+        },
+        .count = 0,
+    };
 }
 
 
 /*
  * Run your data through this.
  */
-void SHA1Update(context, data, len)
-    SHA1_CTX *context;
-    const u_char *data;
-    u_int len;
+void SHA1Update(SHA1_CTX *context, const uint8_t *data, unsigned int len)
 {
-    u_int i, j;
+    unsigned int i, j;
+    unsigned int partial, done;
+    const uint8_t *src;
 
     assert(context != 0);
     assert(data != 0);
 
-    j = context->count[0];
-    if ((context->count[0] += len << 3) < j)
-	context->count[1] += (len>>29)+1;
-    j = (j >> 3) & 63;
-    if ((j + len) > 63) {
-	(void)memcpy(&context->buffer[j], data, (i = 64-j));
-	SHA1Transform(context->state, context->buffer);
-	for ( ; i + 63 < len; i += 64)
-	    SHA1Transform(context->state, &data[i]);
-	j = 0;
-    } else {
-	i = 0;
+    partial = context->count % SHA1_BLOCK_SIZE;
+    context->count += len;
+    done = 0;
+    src = data;
+
+    if ((partial + len) >= SHA1_BLOCK_SIZE) {
+        if (partial) {
+            done = -partial;
+            memcpy(context->buffer + partial, data, done + SHA1_BLOCK_SIZE);
+            src = context->buffer;
+        }
+        do {
+            SHA1Transform(context->state, src);
+            done += SHA1_BLOCK_SIZE;
+            src = data + done;
+        } while (done + SHA1_BLOCK_SIZE <= len);
+        partial = 0;
     }
-    (void)memcpy(&context->buffer[j], &data[i], len - i);
+    memcpy(context->buffer + partial, src, len - done);
 }
 
 
 /*
  * Add padding and return the message digest.
  */
-void SHA1Final(digest, context)
-    u_char digest[20];
-    SHA1_CTX* context;
+void SHA1Final(uint8_t digest[SHA1_DIGEST_LENGTH], SHA1_CTX *context)
 {
-    u_int i;
-    u_char finalcount[8];
+    uint32_t i, index, pad_len;
+    uint64_t bits;
+    static const uint8_t padding[SHA1_BLOCK_SIZE] = { 0x80, };
 
     assert(digest != 0);
     assert(context != 0);
 
-    for (i = 0; i < 8; i++) {
-	finalcount[i] = (u_char)((context->count[(i >= 4 ? 0 : 1)]
-	 >> ((3-(i & 3)) * 8) ) & 255);	 /* Endian independent */
-    }
-    SHA1Update(context, (const u_char *)"\200", 1);
-    while ((context->count[0] & 504) != 448)
-	SHA1Update(context, (const u_char *)"\0", 1);
-    SHA1Update(context, finalcount, 8);  /* Should cause a SHA1Transform() */
+#if BYTE_ORDER == LITTLE_ENDIAN
+    bits = swap64(context->count << 3);
+#else
+    bits = context->count << 3;
+#endif
+
+    /* Pad out to 56 mod 64 */
+    index = context->count & 0x3f;
+    pad_len = (index < 56) ? (56 - index) : ((64 + 56) - index);
+    SHA1Update(context, padding, pad_len);
+
+    /* Append length */
+    SHA1Update(context, (const uint8_t *)&bits, sizeof(bits));
 
     if (digest) {
-	for (i = 0; i < 20; i++)
-	    digest[i] = (u_char)
-		((context->state[i>>2] >> ((3-(i & 3)) * 8) ) & 255);
+        for (i = 0; i < SHA1_DIGEST_LENGTH/4; i++)
+#if BYTE_ORDER == LITTLE_ENDIAN
+            ((uint32_t *)digest)[i] = swap32(context->state[i]);
+#else
+            ((uint32_t *)digest)[i] = context->state[i];
+#endif
     }
 }