Coverage Report

Created: 2024-11-21 07:03

/src/nss-nspr/nss/lib/freebl/sha_fast.c
Line
Count
Source (jump to first uncovered line)
1
/* This Source Code Form is subject to the terms of the Mozilla Public
2
 * License, v. 2.0. If a copy of the MPL was not distributed with this
3
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4
5
#ifdef FREEBL_NO_DEPEND
6
#include "stubs.h"
7
#endif
8
9
#include <memory.h>
10
#include "blapi.h"
11
#include "sha_fast.h"
12
#include "prerror.h"
13
#include "secerr.h"
14
15
#ifdef TRACING_SSL
16
#include "ssl.h"
17
#include "ssltrace.h"
18
#endif
19
20
static void shaCompress(volatile SHA_HW_t *X, const PRUint32 *datain);
21
22
12.7k
#define W u.w
23
17.0k
#define B u.b
24
25
2.73M
#define SHA_F1(X, Y, Z) ((((Y) ^ (Z)) & (X)) ^ (Z))
26
2.73M
#define SHA_F2(X, Y, Z) ((X) ^ (Y) ^ (Z))
27
2.73M
#define SHA_F3(X, Y, Z) (((X) & (Y)) | ((Z) & ((X) | (Y))))
28
2.73M
#define SHA_F4(X, Y, Z) ((X) ^ (Y) ^ (Z))
29
30
8.73M
#define SHA_MIX(n, a, b, c) XW(n) = SHA_ROTL(XW(a) ^ XW(b) ^ XW(c) ^ XW(n), 1)
31
32
void SHA1_Compress_Native(SHA1Context *ctx);
33
void SHA1_Update_Native(SHA1Context *ctx, const unsigned char *dataIn, unsigned int len);
34
35
static void SHA1_Compress_Generic(SHA1Context *ctx);
36
static void SHA1_Update_Generic(SHA1Context *ctx, const unsigned char *dataIn, unsigned int len);
37
38
#ifndef USE_HW_SHA1
39
void
40
SHA1_Compress_Native(SHA1Context *ctx)
41
0
{
42
0
    PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
43
0
    PORT_Assert(0);
44
0
}
45
46
void
47
SHA1_Update_Native(SHA1Context *ctx, const unsigned char *dataIn, unsigned int len)
48
0
{
49
0
    PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
50
0
    PORT_Assert(0);
51
0
}
52
#endif
53
54
/*
55
 *  SHA: initialize context
56
 */
57
void
58
SHA1_Begin(SHA1Context *ctx)
59
5.15k
{
60
5.15k
    ctx->size = 0;
61
    /*
62
     *  Initialize H with constants from FIPS180-1.
63
     */
64
5.15k
    ctx->H[0] = 0x67452301L;
65
5.15k
    ctx->H[1] = 0xefcdab89L;
66
5.15k
    ctx->H[2] = 0x98badcfeL;
67
5.15k
    ctx->H[3] = 0x10325476L;
68
5.15k
    ctx->H[4] = 0xc3d2e1f0L;
69
70
#if defined(USE_HW_SHA1) && defined(IS_LITTLE_ENDIAN)
71
    /* arm's implementation is tested on little endian only */
72
    if (arm_sha1_support()) {
73
        ctx->compress = SHA1_Compress_Native;
74
        ctx->update = SHA1_Update_Native;
75
    } else
76
#endif
77
5.15k
    {
78
5.15k
        ctx->compress = SHA1_Compress_Generic;
79
5.15k
        ctx->update = SHA1_Update_Generic;
80
5.15k
    }
81
5.15k
}
82
83
/* Explanation of H array and index values:
84
 * The context's H array is actually the concatenation of two arrays
85
 * defined by SHA1, the H array of state variables (5 elements),
86
 * and the W array of intermediate values, of which there are 16 elements.
87
 * The W array starts at H[5], that is W[0] is H[5].
88
 * Although these values are defined as 32-bit values, we use 64-bit
89
 * variables to hold them because the AMD64 stores 64 bit values in
90
 * memory MUCH faster than it stores any smaller values.
91
 *
92
 * Rather than passing the context structure to shaCompress, we pass
93
 * this combined array of H and W values.  We do not pass the address
94
 * of the first element of this array, but rather pass the address of an
95
 * element in the middle of the array, element X.  Presently X[0] is H[11].
96
 * So we pass the address of H[11] as the address of array X to shaCompress.
97
 * Then shaCompress accesses the members of the array using positive AND
98
 * negative indexes.
99
 *
100
 * Pictorially: (each element is 8 bytes)
101
 * H | H0 H1 H2 H3 H4 W0 W1 W2 W3 W4 W5 W6 W7 W8 W9 Wa Wb Wc Wd We Wf |
102
 * X |-11-10 -9 -8 -7 -6 -5 -4 -3 -2 -1 X0 X1 X2 X3 X4 X5 X6 X7 X8 X9 |
103
 *
104
 * The byte offset from X[0] to any member of H and W is always
105
 * representable in a signed 8-bit value, which will be encoded
106
 * as a single byte offset in the X86-64 instruction set.
107
 * If we didn't pass the address of H[11], and instead passed the
108
 * address of H[0], the offsets to elements H[16] and above would be
109
 * greater than 127, not representable in a signed 8-bit value, and the
110
 * x86-64 instruction set would encode every such offset as a 32-bit
111
 * signed number in each instruction that accessed element H[16] or
112
 * higher.  This results in much bigger and slower code.
113
 */
114
#if !defined(SHA_PUT_W_IN_STACK)
115
1.50M
#define H2X 11 /* X[0] is H[11], and H[0] is X[-11] */
116
56.7M
#define W2X 6  /* X[0] is W[6],  and W[0] is X[-6]  */
117
#else
118
#define H2X 0
119
#endif
120
121
/*
122
 *  SHA: Add data to context.
123
 */
124
void
125
SHA1_Update(SHA1Context *ctx, const unsigned char *dataIn, unsigned int len)
126
19.6k
{
127
19.6k
    ctx->update(ctx, dataIn, len);
128
19.6k
}
129
130
static void
131
SHA1_Update_Generic(SHA1Context *ctx, const unsigned char *dataIn, unsigned int len)
132
19.6k
{
133
19.6k
    register unsigned int lenB;
134
19.6k
    register unsigned int togo;
135
136
19.6k
    if (!len)
137
14
        return;
138
139
    /* accumulate the byte count. */
140
19.6k
    lenB = (unsigned int)(ctx->size) & 63U;
141
142
19.6k
    ctx->size += len;
143
144
    /*
145
     *  Read the data into W and process blocks as they get full
146
     */
147
19.6k
    if (lenB > 0) {
148
9.46k
        togo = 64U - lenB;
149
9.46k
        if (len < togo)
150
7.07k
            togo = len;
151
9.46k
        memcpy(ctx->B + lenB, dataIn, togo);
152
9.46k
        len -= togo;
153
9.46k
        dataIn += togo;
154
9.46k
        lenB = (lenB + togo) & 63U;
155
9.46k
        if (!lenB) {
156
2.39k
            shaCompress(&ctx->H[H2X], ctx->W);
157
2.39k
        }
158
9.46k
    }
159
#if !defined(HAVE_UNALIGNED_ACCESS)
160
    if ((ptrdiff_t)dataIn % sizeof(PRUint32)) {
161
        while (len >= 64U) {
162
            memcpy(ctx->B, dataIn, 64);
163
            len -= 64U;
164
            shaCompress(&ctx->H[H2X], ctx->W);
165
            dataIn += 64U;
166
        }
167
    } else
168
#endif
169
19.6k
    {
170
148k
        while (len >= 64U) {
171
128k
            len -= 64U;
172
128k
            shaCompress(&ctx->H[H2X], (PRUint32 *)dataIn);
173
128k
            dataIn += 64U;
174
128k
        }
175
19.6k
    }
176
19.6k
    if (len) {
177
7.54k
        memcpy(ctx->B, dataIn, len);
178
7.54k
    }
179
19.6k
}
180
181
/*
182
 *  SHA: Generate hash value from context
183
 */
184
void NO_SANITIZE_ALIGNMENT
185
SHA1_End(SHA1Context *ctx, unsigned char *hashout,
186
         unsigned int *pDigestLen, unsigned int maxDigestLen)
187
5.15k
{
188
5.15k
    register PRUint64 size;
189
5.15k
    register PRUint32 lenB;
190
191
5.15k
    static const unsigned char bulk_pad[64] = { 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0,
192
5.15k
                                                0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
193
5.15k
                                                0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
194
5.15k
#define tmp lenB
195
196
5.15k
    PORT_Assert(maxDigestLen >= SHA1_LENGTH);
197
198
    /*
199
     *  Pad with a binary 1 (e.g. 0x80), then zeroes, then length in bits
200
     */
201
5.15k
    size = ctx->size;
202
203
5.15k
    lenB = (PRUint32)size & 63;
204
5.15k
    SHA1_Update(ctx, bulk_pad, (((55 + 64) - lenB) & 63) + 1);
205
5.15k
    PORT_Assert(((PRUint32)ctx->size & 63) == 56);
206
    /* Convert size from bytes to bits. */
207
5.15k
    size <<= 3;
208
5.15k
    ctx->W[14] = SHA_HTONL((PRUint32)(size >> 32));
209
5.15k
    ctx->W[15] = SHA_HTONL((PRUint32)size);
210
5.15k
    ctx->compress(ctx);
211
212
    /*
213
     *  Output hash
214
     */
215
5.15k
    SHA_STORE_RESULT;
216
5.15k
    if (pDigestLen) {
217
5.15k
        *pDigestLen = SHA1_LENGTH;
218
5.15k
    }
219
5.15k
#undef tmp
220
5.15k
}
221
222
void
223
SHA1_EndRaw(SHA1Context *ctx, unsigned char *hashout,
224
            unsigned int *pDigestLen, unsigned int maxDigestLen)
225
0
{
226
#if defined(SHA_NEED_TMP_VARIABLE)
227
    register PRUint32 tmp;
228
#endif
229
0
    PORT_Assert(maxDigestLen >= SHA1_LENGTH);
230
231
0
    SHA_STORE_RESULT;
232
0
    if (pDigestLen)
233
0
        *pDigestLen = SHA1_LENGTH;
234
0
}
235
236
#undef B
237
/*
238
 *  SHA: Compression function, unrolled.
239
 *
240
 * Some operations in shaCompress are done as 5 groups of 16 operations.
241
 * Others are done as 4 groups of 20 operations.
242
 * The code below shows that structure.
243
 *
244
 * The functions that compute the new values of the 5 state variables
245
 * A-E are done in 4 groups of 20 operations (or you may also think
246
 * of them as being done in 16 groups of 5 operations).  They are
247
 * done by the SHA_RNDx macros below, in the right column.
248
 *
249
 * The functions that set the 16 values of the W array are done in
250
 * 5 groups of 16 operations.  The first group is done by the
251
 * LOAD macros below, the latter 4 groups are done by SHA_MIX below,
252
 * in the left column.
253
 *
254
 * gcc's optimizer observes that each member of the W array is assigned
255
 * a value 5 times in this code.  It reduces the number of store
256
 * operations done to the W array in the context (that is, in the X array)
257
 * by creating a W array on the stack, and storing the W values there for
258
 * the first 4 groups of operations on W, and storing the values in the
259
 * context's W array only in the fifth group.  This is undesirable.
260
 * It is MUCH bigger code than simply using the context's W array, because
261
 * all the offsets to the W array in the stack are 32-bit signed offsets,
262
 * and it is no faster than storing the values in the context's W array.
263
 *
264
 * The original code for sha_fast.c prevented this creation of a separate
265
 * W array in the stack by creating a W array of 80 members, each of
266
 * whose elements is assigned only once. It also separated the computations
267
 * of the W array values and the computations of the values for the 5
268
 * state variables into two separate passes, W's, then A-E's so that the
269
 * second pass could be done all in registers (except for accessing the W
270
 * array) on machines with fewer registers.  The method is suboptimal
271
 * for machines with enough registers to do it all in one pass, and it
272
 * necessitates using many instructions with 32-bit offsets.
273
 *
274
 * This code eliminates the separate W array on the stack by a completely
275
 * different means: by declaring the X array volatile.  This prevents
276
 * the optimizer from trying to reduce the use of the X array by the
277
 * creation of a MORE expensive W array on the stack. The result is
278
 * that all instructions use signed 8-bit offsets and not 32-bit offsets.
279
 *
280
 * The combination of this code and the -O3 optimizer flag on GCC 3.4.3
281
 * results in code that is 3 times faster than the previous NSS sha_fast
282
 * code on AMD64.
283
 */
284
static void NO_SANITIZE_ALIGNMENT
285
shaCompress(volatile SHA_HW_t *X, const PRUint32 *inbuf)
286
136k
{
287
136k
    register SHA_HW_t A, B, C, D, E;
288
289
#if defined(SHA_NEED_TMP_VARIABLE)
290
    register PRUint32 tmp;
291
#endif
292
293
136k
#if !defined(SHA_PUT_W_IN_STACK)
294
1.36M
#define XH(n) X[n - H2X]
295
56.7M
#define XW(n) X[n - W2X]
296
#else
297
    SHA_HW_t w_0, w_1, w_2, w_3, w_4, w_5, w_6, w_7,
298
        w_8, w_9, w_10, w_11, w_12, w_13, w_14, w_15;
299
#define XW(n) w_##n
300
#define XH(n) X[n]
301
#endif
302
303
2.73M
#define K0 0x5a827999L
304
2.73M
#define K1 0x6ed9eba1L
305
2.73M
#define K2 0x8f1bbcdcL
306
2.73M
#define K3 0xca62c1d6L
307
308
136k
#define SHA_RND1(a, b, c, d, e, n)                         \
309
2.73M
    a = SHA_ROTL(b, 5) + SHA_F1(c, d, e) + a + XW(n) + K0; \
310
2.73M
    c = SHA_ROTL(c, 30)
311
136k
#define SHA_RND2(a, b, c, d, e, n)                         \
312
2.73M
    a = SHA_ROTL(b, 5) + SHA_F2(c, d, e) + a + XW(n) + K1; \
313
2.73M
    c = SHA_ROTL(c, 30)
314
136k
#define SHA_RND3(a, b, c, d, e, n)                         \
315
2.73M
    a = SHA_ROTL(b, 5) + SHA_F3(c, d, e) + a + XW(n) + K2; \
316
2.73M
    c = SHA_ROTL(c, 30)
317
136k
#define SHA_RND4(a, b, c, d, e, n)                         \
318
2.73M
    a = SHA_ROTL(b, 5) + SHA_F4(c, d, e) + a + XW(n) + K3; \
319
2.73M
    c = SHA_ROTL(c, 30)
320
321
2.18M
#define LOAD(n) XW(n) = SHA_HTONL(inbuf[n])
322
323
136k
    A = XH(0);
324
136k
    B = XH(1);
325
136k
    C = XH(2);
326
136k
    D = XH(3);
327
136k
    E = XH(4);
328
329
136k
    LOAD(0);
330
136k
    SHA_RND1(E, A, B, C, D, 0);
331
136k
    LOAD(1);
332
136k
    SHA_RND1(D, E, A, B, C, 1);
333
136k
    LOAD(2);
334
136k
    SHA_RND1(C, D, E, A, B, 2);
335
136k
    LOAD(3);
336
136k
    SHA_RND1(B, C, D, E, A, 3);
337
136k
    LOAD(4);
338
136k
    SHA_RND1(A, B, C, D, E, 4);
339
136k
    LOAD(5);
340
136k
    SHA_RND1(E, A, B, C, D, 5);
341
136k
    LOAD(6);
342
136k
    SHA_RND1(D, E, A, B, C, 6);
343
136k
    LOAD(7);
344
136k
    SHA_RND1(C, D, E, A, B, 7);
345
136k
    LOAD(8);
346
136k
    SHA_RND1(B, C, D, E, A, 8);
347
136k
    LOAD(9);
348
136k
    SHA_RND1(A, B, C, D, E, 9);
349
136k
    LOAD(10);
350
136k
    SHA_RND1(E, A, B, C, D, 10);
351
136k
    LOAD(11);
352
136k
    SHA_RND1(D, E, A, B, C, 11);
353
136k
    LOAD(12);
354
136k
    SHA_RND1(C, D, E, A, B, 12);
355
136k
    LOAD(13);
356
136k
    SHA_RND1(B, C, D, E, A, 13);
357
136k
    LOAD(14);
358
136k
    SHA_RND1(A, B, C, D, E, 14);
359
136k
    LOAD(15);
360
136k
    SHA_RND1(E, A, B, C, D, 15);
361
362
136k
    SHA_MIX(0, 13, 8, 2);
363
136k
    SHA_RND1(D, E, A, B, C, 0);
364
136k
    SHA_MIX(1, 14, 9, 3);
365
136k
    SHA_RND1(C, D, E, A, B, 1);
366
136k
    SHA_MIX(2, 15, 10, 4);
367
136k
    SHA_RND1(B, C, D, E, A, 2);
368
136k
    SHA_MIX(3, 0, 11, 5);
369
136k
    SHA_RND1(A, B, C, D, E, 3);
370
371
136k
    SHA_MIX(4, 1, 12, 6);
372
136k
    SHA_RND2(E, A, B, C, D, 4);
373
136k
    SHA_MIX(5, 2, 13, 7);
374
136k
    SHA_RND2(D, E, A, B, C, 5);
375
136k
    SHA_MIX(6, 3, 14, 8);
376
136k
    SHA_RND2(C, D, E, A, B, 6);
377
136k
    SHA_MIX(7, 4, 15, 9);
378
136k
    SHA_RND2(B, C, D, E, A, 7);
379
136k
    SHA_MIX(8, 5, 0, 10);
380
136k
    SHA_RND2(A, B, C, D, E, 8);
381
136k
    SHA_MIX(9, 6, 1, 11);
382
136k
    SHA_RND2(E, A, B, C, D, 9);
383
136k
    SHA_MIX(10, 7, 2, 12);
384
136k
    SHA_RND2(D, E, A, B, C, 10);
385
136k
    SHA_MIX(11, 8, 3, 13);
386
136k
    SHA_RND2(C, D, E, A, B, 11);
387
136k
    SHA_MIX(12, 9, 4, 14);
388
136k
    SHA_RND2(B, C, D, E, A, 12);
389
136k
    SHA_MIX(13, 10, 5, 15);
390
136k
    SHA_RND2(A, B, C, D, E, 13);
391
136k
    SHA_MIX(14, 11, 6, 0);
392
136k
    SHA_RND2(E, A, B, C, D, 14);
393
136k
    SHA_MIX(15, 12, 7, 1);
394
136k
    SHA_RND2(D, E, A, B, C, 15);
395
396
136k
    SHA_MIX(0, 13, 8, 2);
397
136k
    SHA_RND2(C, D, E, A, B, 0);
398
136k
    SHA_MIX(1, 14, 9, 3);
399
136k
    SHA_RND2(B, C, D, E, A, 1);
400
136k
    SHA_MIX(2, 15, 10, 4);
401
136k
    SHA_RND2(A, B, C, D, E, 2);
402
136k
    SHA_MIX(3, 0, 11, 5);
403
136k
    SHA_RND2(E, A, B, C, D, 3);
404
136k
    SHA_MIX(4, 1, 12, 6);
405
136k
    SHA_RND2(D, E, A, B, C, 4);
406
136k
    SHA_MIX(5, 2, 13, 7);
407
136k
    SHA_RND2(C, D, E, A, B, 5);
408
136k
    SHA_MIX(6, 3, 14, 8);
409
136k
    SHA_RND2(B, C, D, E, A, 6);
410
136k
    SHA_MIX(7, 4, 15, 9);
411
136k
    SHA_RND2(A, B, C, D, E, 7);
412
413
136k
    SHA_MIX(8, 5, 0, 10);
414
136k
    SHA_RND3(E, A, B, C, D, 8);
415
136k
    SHA_MIX(9, 6, 1, 11);
416
136k
    SHA_RND3(D, E, A, B, C, 9);
417
136k
    SHA_MIX(10, 7, 2, 12);
418
136k
    SHA_RND3(C, D, E, A, B, 10);
419
136k
    SHA_MIX(11, 8, 3, 13);
420
136k
    SHA_RND3(B, C, D, E, A, 11);
421
136k
    SHA_MIX(12, 9, 4, 14);
422
136k
    SHA_RND3(A, B, C, D, E, 12);
423
136k
    SHA_MIX(13, 10, 5, 15);
424
136k
    SHA_RND3(E, A, B, C, D, 13);
425
136k
    SHA_MIX(14, 11, 6, 0);
426
136k
    SHA_RND3(D, E, A, B, C, 14);
427
136k
    SHA_MIX(15, 12, 7, 1);
428
136k
    SHA_RND3(C, D, E, A, B, 15);
429
430
136k
    SHA_MIX(0, 13, 8, 2);
431
136k
    SHA_RND3(B, C, D, E, A, 0);
432
136k
    SHA_MIX(1, 14, 9, 3);
433
136k
    SHA_RND3(A, B, C, D, E, 1);
434
136k
    SHA_MIX(2, 15, 10, 4);
435
136k
    SHA_RND3(E, A, B, C, D, 2);
436
136k
    SHA_MIX(3, 0, 11, 5);
437
136k
    SHA_RND3(D, E, A, B, C, 3);
438
136k
    SHA_MIX(4, 1, 12, 6);
439
136k
    SHA_RND3(C, D, E, A, B, 4);
440
136k
    SHA_MIX(5, 2, 13, 7);
441
136k
    SHA_RND3(B, C, D, E, A, 5);
442
136k
    SHA_MIX(6, 3, 14, 8);
443
136k
    SHA_RND3(A, B, C, D, E, 6);
444
136k
    SHA_MIX(7, 4, 15, 9);
445
136k
    SHA_RND3(E, A, B, C, D, 7);
446
136k
    SHA_MIX(8, 5, 0, 10);
447
136k
    SHA_RND3(D, E, A, B, C, 8);
448
136k
    SHA_MIX(9, 6, 1, 11);
449
136k
    SHA_RND3(C, D, E, A, B, 9);
450
136k
    SHA_MIX(10, 7, 2, 12);
451
136k
    SHA_RND3(B, C, D, E, A, 10);
452
136k
    SHA_MIX(11, 8, 3, 13);
453
136k
    SHA_RND3(A, B, C, D, E, 11);
454
455
136k
    SHA_MIX(12, 9, 4, 14);
456
136k
    SHA_RND4(E, A, B, C, D, 12);
457
136k
    SHA_MIX(13, 10, 5, 15);
458
136k
    SHA_RND4(D, E, A, B, C, 13);
459
136k
    SHA_MIX(14, 11, 6, 0);
460
136k
    SHA_RND4(C, D, E, A, B, 14);
461
136k
    SHA_MIX(15, 12, 7, 1);
462
136k
    SHA_RND4(B, C, D, E, A, 15);
463
464
136k
    SHA_MIX(0, 13, 8, 2);
465
136k
    SHA_RND4(A, B, C, D, E, 0);
466
136k
    SHA_MIX(1, 14, 9, 3);
467
136k
    SHA_RND4(E, A, B, C, D, 1);
468
136k
    SHA_MIX(2, 15, 10, 4);
469
136k
    SHA_RND4(D, E, A, B, C, 2);
470
136k
    SHA_MIX(3, 0, 11, 5);
471
136k
    SHA_RND4(C, D, E, A, B, 3);
472
136k
    SHA_MIX(4, 1, 12, 6);
473
136k
    SHA_RND4(B, C, D, E, A, 4);
474
136k
    SHA_MIX(5, 2, 13, 7);
475
136k
    SHA_RND4(A, B, C, D, E, 5);
476
136k
    SHA_MIX(6, 3, 14, 8);
477
136k
    SHA_RND4(E, A, B, C, D, 6);
478
136k
    SHA_MIX(7, 4, 15, 9);
479
136k
    SHA_RND4(D, E, A, B, C, 7);
480
136k
    SHA_MIX(8, 5, 0, 10);
481
136k
    SHA_RND4(C, D, E, A, B, 8);
482
136k
    SHA_MIX(9, 6, 1, 11);
483
136k
    SHA_RND4(B, C, D, E, A, 9);
484
136k
    SHA_MIX(10, 7, 2, 12);
485
136k
    SHA_RND4(A, B, C, D, E, 10);
486
136k
    SHA_MIX(11, 8, 3, 13);
487
136k
    SHA_RND4(E, A, B, C, D, 11);
488
136k
    SHA_MIX(12, 9, 4, 14);
489
136k
    SHA_RND4(D, E, A, B, C, 12);
490
136k
    SHA_MIX(13, 10, 5, 15);
491
136k
    SHA_RND4(C, D, E, A, B, 13);
492
136k
    SHA_MIX(14, 11, 6, 0);
493
136k
    SHA_RND4(B, C, D, E, A, 14);
494
136k
    SHA_MIX(15, 12, 7, 1);
495
136k
    SHA_RND4(A, B, C, D, E, 15);
496
497
136k
    XH(0) += A;
498
136k
    XH(1) += B;
499
136k
    XH(2) += C;
500
136k
    XH(3) += D;
501
136k
    XH(4) += E;
502
136k
}
503
504
static void
505
SHA1_Compress_Generic(SHA1Context *ctx)
506
5.15k
{
507
5.15k
    shaCompress(&ctx->H[H2X], ctx->u.w);
508
5.15k
}
509
510
/*************************************************************************
511
** Code below this line added to make SHA code support BLAPI interface
512
*/
513
514
SHA1Context *
515
SHA1_NewContext(void)
516
138
{
517
138
    SHA1Context *cx;
518
519
    /* no need to ZNew, SHA1_Begin will init the context */
520
138
    cx = PORT_New(SHA1Context);
521
138
    return cx;
522
138
}
523
524
/* Zero and free the context */
525
void
526
SHA1_DestroyContext(SHA1Context *cx, PRBool freeit)
527
138
{
528
138
    memset(cx, 0, sizeof *cx);
529
138
    if (freeit) {
530
138
        PORT_Free(cx);
531
138
    }
532
138
}
533
534
SECStatus
535
SHA1_HashBuf(unsigned char *dest, const unsigned char *src, PRUint32 src_length)
536
2
{
537
2
    SHA1Context ctx;
538
2
    unsigned int outLen;
539
540
2
    SHA1_Begin(&ctx);
541
2
    ctx.update(&ctx, src, src_length);
542
2
    SHA1_End(&ctx, dest, &outLen, SHA1_LENGTH);
543
2
    memset(&ctx, 0, sizeof ctx);
544
2
    return SECSuccess;
545
2
}
546
547
/* Hash a null-terminated character string. */
548
SECStatus
549
SHA1_Hash(unsigned char *dest, const char *src)
550
0
{
551
0
    return SHA1_HashBuf(dest, (const unsigned char *)src, PORT_Strlen(src));
552
0
}
553
554
/*
555
 * need to support save/restore state in pkcs11. Stores all the info necessary
556
 * for a structure into just a stream of bytes.
557
 */
558
unsigned int
559
SHA1_FlattenSize(SHA1Context *cx)
560
11
{
561
11
    return sizeof(SHA1Context);
562
11
}
563
564
SECStatus
565
SHA1_Flatten(SHA1Context *cx, unsigned char *space)
566
0
{
567
0
    PORT_Memcpy(space, cx, sizeof(SHA1Context));
568
0
    return SECSuccess;
569
0
}
570
571
SHA1Context *
572
SHA1_Resurrect(unsigned char *space, void *arg)
573
0
{
574
0
    SHA1Context *cx = SHA1_NewContext();
575
0
    if (cx == NULL)
576
0
        return NULL;
577
578
0
    PORT_Memcpy(cx, space, sizeof(SHA1Context));
579
0
    return cx;
580
0
}
581
582
void
583
SHA1_Clone(SHA1Context *dest, SHA1Context *src)
584
0
{
585
0
    memcpy(dest, src, sizeof *dest);
586
0
}
587
588
void
589
SHA1_TraceState(SHA1Context *ctx)
590
0
{
591
0
    PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
592
0
}