X-Git-Url: https://wimlib.net/git/?p=wimlib;a=blobdiff_plain;f=src%2Fsha1.c;h=d15325063d92b6e047ccfb438a7b683d4fb056ab;hp=b0746bce507610aa14af6a7f46a21d67ef91ff05;hb=eb3e3b72db23ecaa7789a807afeb9577962653fe;hpb=885632f08c75c1d7bb5d25436231c78f6ad7e0c0;ds=sidebyside diff --git a/src/sha1.c b/src/sha1.c index b0746bce..d1532506 100644 --- a/src/sha1.c +++ b/src/sha1.c @@ -1,507 +1,233 @@ -/* sha1.c - Functions to compute SHA1 message digest of files or - memory blocks according to the NIST specification FIPS-180-1. - - Copyright (C) 2000-2001, 2003-2006, 2008-2011 Free Software Foundation, Inc. - - This program is free software; you can redistribute it and/or modify it - under the terms of the GNU General Public License as published by the - Free Software Foundation; either version 3, or (at your option) any - later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software Foundation, - Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ - -/* Written by Scott G. Miller - Credits: - Robert Klep -- Expansion function fix - - Modified by Eric Biggers for wimlib: Conditionally compile in the use of - OpenSSL or Intel's assembly code for SHA1 block updates -*/ - -#include "util.h" -#include "wimlib.h" -#include "sha1.h" -#include "endianness.h" -#include - -#define SWAP(n) to_be32(n) - -#define BLOCKSIZE 32768 -#if BLOCKSIZE % 64 != 0 -#error "invalid BLOCKSIZE" +/* + * sha1.c - implementation of the Secure Hash Algorithm version 1 (FIPS 180-1) + * + * The following copying information applies to this specific source code file: + * + * Written in 2014-2015 by Eric Biggers + * + * To the extent possible under law, the author(s) have dedicated all copyright + * and related and neighboring rights to this software to the public domain + * worldwide via the Creative Commons Zero 1.0 Universal Public Domain + * Dedication (the "CC0"). + * + * This software is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS + * FOR A PARTICULAR PURPOSE. See the CC0 for more details. + * + * You should have received a copy of the CC0 along with this software; if not + * see . + */ + +#ifdef HAVE_CONFIG_H +# include "config.h" #endif - -#ifdef WITH_LIBCRYPTO - -static inline void sha1_init_ctx(SHA_CTX *ctx) -{ - SHA1_Init(ctx); -} - -static inline void sha1_process_block(const void *buffer, size_t len, - SHA_CTX *ctx) -{ - SHA1_Update(ctx, buffer, len); -} - -static inline void sha1_process_bytes(const void *buffer, size_t len, - SHA_CTX *ctx) -{ - SHA1_Update(ctx, buffer, len); -} - - -static inline void *sha1_finish_ctx(SHA_CTX *ctx, void *resbuf) +#include "wimlib/endianness.h" +#include "wimlib/sha1.h" +#include "wimlib/unaligned.h" + +/* Dummy SHA-1 message digest of all 0's. This is used in the WIM format to + * mean "SHA-1 not specified". */ +const u8 zero_hash[20]; + +/* + * Builds a hexadecimal string representation of a SHA-1 message digest. + * + * The output buffer must be at least 41 characters. + */ +void +sprint_hash(const u8 hash[SHA1_HASH_SIZE], tchar strbuf[SHA1_HASH_SIZE * 2 + 1]) { - SHA1_Final(resbuf, ctx); -} -#else /* WITH_LIBCRYPTO */ - -/* Structure to save state of computation between the single steps. */ -struct sha1_ctx { - uint32_t A; - uint32_t B; - uint32_t C; - uint32_t D; - uint32_t E; - - uint32_t total[2]; - uint32_t buflen; - uint32_t buffer[32]; -}; - -typedef struct sha1_ctx SHA_CTX; - -#ifdef ENABLE_SSSE3_SHA1 -extern void sha1_update_intel(int *hash, const char* input, size_t num_blocks); - -static inline void sha1_process_block(const void *buffer, size_t len, - SHA_CTX *ctx) -{ - sha1_update_intel((int*)ctx, buffer, len / 64); - ctx->total[0] += len; - if (ctx->total[0] < len) - ++ctx->total[1]; -} - -#include -void ssse3_not_found() -{ - fprintf(stderr, -"Cannot calculate SHA1 message digest: CPU does not support SSSE3\n" -"instructions! Recompile wimlib without the --enable-ssse3-sha1 flag\n" -"to use wimlib on this CPU.\n"); - abort(); + int i; + u8 high, low; + + for (i = 0; i < SHA1_HASH_SIZE; i++) { + high = hash[i] >> 4; + low = hash[i] & 0xF; + strbuf[i * 2 + 0] = (high < 10 ? high + '0' : high - 10 + 'a'); + strbuf[i * 2 + 1] = (low < 10 ? low + '0' : low - 10 + 'a'); + } + strbuf[i * 2] = 0; } -#else /* ENABLE_SSSE3_SHA1 */ - -static void sha1_process_block(const void *buffer, size_t len, - SHA_CTX *ctx); - -#endif /* ENABLE_SSSE3_SHA1 */ - - -/* This array contains the bytes used to pad the buffer to the next - 64-byte boundary. (RFC 1321, 3.1: Step 1) */ -static const u8 fillbuf[64] = { 0x80, 0 /* , 0, 0, ... */ }; - -/* Initialize structure containing state of computation. */ -static void sha1_init_ctx(SHA_CTX *ctx); - -/* Starting with the result of former calls of this function (or the - initialization function update the context for the next LEN bytes - starting at BUFFER. - It is NOT required that LEN is a multiple of 64. */ -static void sha1_process_bytes(const void *buffer, size_t len, - SHA_CTX *ctx); - -/* Process the remaining bytes in the buffer and put result from CTX - in first 20 bytes following RESBUF. The result is always in little - endian byte order, so that a byte-wise output yields to the wanted - ASCII representation of the message digest. */ -static void *sha1_finish_ctx(SHA_CTX *ctx, void *resbuf); - -/* Put result from CTX in first 20 bytes following RESBUF. The result is - always in little endian byte order, so that a byte-wise output yields - to the wanted ASCII representation of the message digest. */ -static void *sha1_read_ctx(const SHA_CTX *ctx, void *resbuf); -#endif /* WITH_LIBCRYPTO */ +/* If we use libcrypto (e.g. OpenSSL) then we get all the SHA-1 functions for + * free. Otherwise we need to implement them ourselves. */ +#ifndef WITH_LIBCRYPTO +#define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits)))) -/* Compute SHA1 message digest for bytes read from STREAM. The resulting - * message digest number will be written into the 20 bytes beginning at - * RESBLOCK. */ -int sha1_stream(FILE * stream, void *resblock) -{ - SHA_CTX ctx; - - size_t sum; - - char *buffer = MALLOC(BLOCKSIZE + 72); - if (!buffer) { - ERROR("Out of memory!\n"); - return WIMLIB_ERR_NOMEM; - } - - /* Initialize the computation context. */ - sha1_init_ctx(&ctx); - - /* Iterate over full file contents. */ - while (1) { - /* We read the file in blocks of BLOCKSIZE bytes. One call of the - computation function processes the whole buffer so that with the - next round of the loop another block can be read. */ - size_t n; - sum = 0; - - /* Read block. Take care for partial reads. */ - while (1) { - n = fread(buffer + sum, 1, BLOCKSIZE - sum, stream); - - sum += n; - - if (sum == BLOCKSIZE) - break; - - if (n == 0) { - /* Check for the error flag IFF N == 0, so that - * we don't exit the loop after a partial read - * due to e.g., EAGAIN or EWOULDBLOCK. */ - if (ferror(stream)) { - FREE(buffer); - ERROR("Read error while calculating " - "SHA1 message digest: %m\n"); - return WIMLIB_ERR_READ; - } - goto process_partial_block; - } - - /* We've read at least one byte, so ignore errors. But always - check for EOF, since feof may be true even though N > 0. - Otherwise, we could end up calling fread after EOF. */ - if (feof(stream)) - goto process_partial_block; - } - - /* Process buffer with BLOCKSIZE bytes. Note that - BLOCKSIZE % 64 == 0 - */ - sha1_process_block(buffer, BLOCKSIZE, &ctx); - } - - process_partial_block:; +#define blk0(i) (tmp[i] = be32_to_cpu(load_be32_unaligned(&(block)[(i) * 4]))) - /* Process any remaining bytes. */ - if (sum > 0) - sha1_process_bytes(buffer, sum, &ctx); +#define blk(i) (tmp[i & 15] = rol(tmp[(i + 13) & 15] ^ \ + tmp[(i + 8) & 15] ^ \ + tmp[(i + 2) & 15] ^ \ + tmp[(i + 0) & 15], 1)) - /* Construct result in desired memory. */ - sha1_finish_ctx(&ctx, resblock); - FREE(buffer); - return 0; -} +#define R0(v, w, x, y, z, i) \ + z += ((w & (x ^ y)) ^ y) + blk0(i) + 0x5A827999 + rol(v, 5); \ + w = rol(w, 30); -#ifndef WITH_LIBCRYPTO -/* Compute SHA1 message digest for LEN bytes beginning at BUFFER. The - result is always in little endian byte order, so that a byte-wise - output yields to the wanted ASCII representation of the message - digest. */ -void *sha1_buffer(const char *buffer, size_t len, void *resblock) -{ - SHA_CTX ctx; +#define R1(v, w, x, y, z, i) \ + z += ((w & (x ^ y)) ^ y) + blk(i) + 0x5A827999 + rol(v, 5); \ + w = rol(w, 30); - /* Initialize the computation context. */ - sha1_init_ctx(&ctx); +#define R2(v, w, x, y, z, i) \ + z += (w ^ x ^ y) + blk(i) + 0x6ED9EBA1 + rol(v, 5); \ + w = rol(w, 30); - /* Process whole buffer but last len % 64 bytes. */ - sha1_process_bytes(buffer, len, &ctx); +#define R3(v, w, x, y, z, i) \ + z += (((w | x) & y) | (w & x)) + blk(i) + 0x8F1BBCDC + rol(v, 5); \ + w = rol(w, 30); - /* Put result in desired memory area. */ - return sha1_finish_ctx(&ctx, resblock); -} +#define R4(v, w, x, y, z, i) \ + z += (w ^ x ^ y) + blk(i) + 0xCA62C1D6 + rol(v, 5); \ + w = rol(w, 30); -/* Take a pointer to a 160 bit block of data (five 32 bit ints) and - initialize it to the start constants of the SHA1 algorithm. This - must be called before using hash in the call to sha1_hash. */ -static void sha1_init_ctx(SHA_CTX *ctx) +/* Hash a single 512-bit block. This is the core of the algorithm. */ +static void +sha1_transform_default(u32 state[5], const u8 block[64]) { - ctx->A = 0x67452301; - ctx->B = 0xefcdab89; - ctx->C = 0x98badcfe; - ctx->D = 0x10325476; - ctx->E = 0xc3d2e1f0; - - ctx->total[0] = ctx->total[1] = 0; - ctx->buflen = 0; + u32 a, b, c, d, e; + u32 tmp[16]; + + /* Copy ctx->state[] to working vars */ + a = state[0]; + b = state[1]; + c = state[2]; + d = state[3]; + e = state[4]; + + /* 4 rounds of 20 operations each. Loop unrolled. */ + R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3); + R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7); + R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11); + R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15); + R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19); + R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23); + R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27); + R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31); + R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35); + R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39); + R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43); + R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47); + R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51); + R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55); + R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59); + R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63); + R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67); + R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71); + R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75); + R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79); + + /* Add the working vars back into context.state[] */ + state[0] += a; + state[1] += b; + state[2] += c; + state[3] += d; + state[4] += e; } -/* Copy the 4 byte value from v into the memory location pointed to by *cp, - If your architecture allows unaligned access this is equivalent to - * (uint32_t *) cp = v */ -static inline void set_uint32(char *cp, uint32_t v) -{ - memcpy(cp, &v, sizeof v); -} +#ifdef ENABLE_SSSE3_SHA1 +extern void +sha1_transform_blocks_ssse3(u32 state[5], const void *data, size_t num_blocks); +extern void +sha1_transform_blocks_default(u32 state[5], const void *data, size_t num_blocks); +# define sha1_transform_blocks sha1_transform_blocks_ssse3 +#else +# define sha1_transform_blocks sha1_transform_blocks_default +#endif -/* Put result from CTX in first 20 bytes following RESBUF. The result - must be in little endian byte order. */ -static void *sha1_read_ctx(const SHA_CTX *ctx, void *resbuf) +#ifndef ENABLE_SSSE3_SHA1 +static +#endif +void +sha1_transform_blocks_default(u32 state[5], const void *data, size_t num_blocks) { - char *r = resbuf; - set_uint32(r + 0 * sizeof ctx->A, SWAP(ctx->A)); - set_uint32(r + 1 * sizeof ctx->B, SWAP(ctx->B)); - set_uint32(r + 2 * sizeof ctx->C, SWAP(ctx->C)); - set_uint32(r + 3 * sizeof ctx->D, SWAP(ctx->D)); - set_uint32(r + 4 * sizeof ctx->E, SWAP(ctx->E)); - - return resbuf; + do { + sha1_transform_default(state, data); + data += 64; + } while (--num_blocks); } -/* Process the remaining bytes in the internal buffer and the usual - prolog according to the standard and write the result to RESBUF. */ -static void *sha1_finish_ctx(SHA_CTX *ctx, void *resbuf) +/* Initializes the specified SHA-1 context. + * + * After sha1_init(), call sha1_update() zero or more times to provide the data + * to be hashed. Then call sha1_final() to get the final hash. */ +void +sha1_init(SHA_CTX *ctx) { - /* Take yet unprocessed bytes into account. */ - uint32_t bytes = ctx->buflen; - size_t size = (bytes < 56) ? 64 / 4 : 64 * 2 / 4; - - /* Now count remaining bytes. */ - ctx->total[0] += bytes; - if (ctx->total[0] < bytes) - ++ctx->total[1]; - - /* Put the 64-bit file length in *bits* at the end of the buffer. */ - ctx->buffer[size - 2] = - SWAP((ctx->total[1] << 3) | (ctx->total[0] >> 29)); - ctx->buffer[size - 1] = SWAP(ctx->total[0] << 3); - - memcpy(&((char *)ctx->buffer)[bytes], fillbuf, (size - 2) * 4 - bytes); + ctx->bytecount = 0; - /* Process last bytes. */ - sha1_process_block(ctx->buffer, size * 4, ctx); - - return sha1_read_ctx(ctx, resbuf); + ctx->state[0] = 0x67452301; + ctx->state[1] = 0xEFCDAB89; + ctx->state[2] = 0x98BADCFE; + ctx->state[3] = 0x10325476; + ctx->state[4] = 0xC3D2E1F0; } - -static void sha1_process_bytes(const void *buffer, size_t len, SHA_CTX *ctx) +/* Updates the SHA-1 context with @len bytes of data. */ +void +sha1_update(SHA_CTX *ctx, const void *data, size_t len) { - /* When we already have some bits in our internal buffer concatenate - both inputs first. */ - if (ctx->buflen != 0) { - size_t left_over = ctx->buflen; - size_t add = 128 - left_over > len ? len : 128 - left_over; - - memcpy(&((char *)ctx->buffer)[left_over], buffer, add); - ctx->buflen += add; - - if (ctx->buflen > 64) { - sha1_process_block(ctx->buffer, ctx->buflen & ~63, ctx); - - ctx->buflen &= 63; - /* The regions in the following copy operation cannot overlap. */ - memcpy(ctx->buffer, - &((char *)ctx->buffer)[(left_over + add) & ~63], - ctx->buflen); + unsigned buffered = ctx->bytecount & 63; + + ctx->bytecount += len; + + if (buffered) { + /* Previous block is unfinished. */ + if (len < 64 - buffered) { + memcpy(&ctx->buffer[buffered], data, len); + /* Previous block still unfinished. */ + return; + } else { + memcpy(&ctx->buffer[buffered], data, 64 - buffered); + /* Finished the previous block. */ + sha1_transform_blocks(ctx->state, ctx->buffer, 1); + data += 64 - buffered; + len -= 64 - buffered; } - - buffer = (const char *)buffer + add; - len -= add; } - /* Process available complete blocks. */ - if (len >= 64) { -#if !_STRING_ARCH_unaligned -#define alignof(type) offsetof (struct { char c; type x; }, x) -#define UNALIGNED_P(p) (((size_t) p) % alignof (uint32_t) != 0) - if (UNALIGNED_P(buffer)) - while (len > 64) { - sha1_process_block(memcpy - (ctx->buffer, buffer, 64), - 64, ctx); - buffer = (const char *)buffer + 64; - len -= 64; - } else -#endif - { - sha1_process_block(buffer, len & ~63, ctx); - buffer = (const char *)buffer + (len & ~63); - len &= 63; - } + /* Process blocks directly from the input data. */ + if (len / 64) { + sha1_transform_blocks(ctx->state, data, len / 64); + data += len & ~63; + len &= 63; } - /* Move remaining bytes in internal buffer. */ - if (len > 0) { - size_t left_over = ctx->buflen; - - memcpy(&((char *)ctx->buffer)[left_over], buffer, len); - left_over += len; - if (left_over >= 64) { - sha1_process_block(ctx->buffer, 64, ctx); - left_over -= 64; - memcpy(ctx->buffer, &ctx->buffer[16], left_over); - } - ctx->buflen = left_over; - } + /* Copy any remaining bytes to the buffer. */ + if (len) + memcpy(ctx->buffer, data, len); } -/* --- Code below is the primary difference between md5.c and sha1.c --- */ - -/* SHA1 round constants */ -#define K1 0x5a827999 -#define K2 0x6ed9eba1 -#define K3 0x8f1bbcdc -#define K4 0xca62c1d6 +/* Pad the message and generate the final SHA-1 message digest. */ +void +sha1_final(u8 md[20], SHA_CTX *ctx) +{ + /* Logically, we must append 1 bit, then a variable number of 0 bits, + * then the message length in bits as a big-endian integer, so that the + * final length is a multiple of the block size. */ + static const u8 padding[64] = {0x80, }; + be64 finalcount = cpu_to_be64(ctx->bytecount << 3); -/* Round functions. Note that F2 is the same as F4. */ -#define F1(B,C,D) ( D ^ ( B & ( C ^ D ) ) ) -#define F2(B,C,D) (B ^ C ^ D) -#define F3(B,C,D) ( ( B & C ) | ( D & ( B | C ) ) ) -#define F4(B,C,D) (B ^ C ^ D) + sha1_update(ctx, padding, 64 - ((ctx->bytecount + 8) & 63)); + sha1_update(ctx, &finalcount, 8); -/* Process LEN bytes of BUFFER, accumulating context into CTX. - It is assumed that LEN % 64 == 0. - Most of this code comes from GnuPG's cipher/sha1.c. */ + for (int i = 0; i < 5; i++) + store_be32_unaligned(cpu_to_be32(ctx->state[i]), &md[i * 4]); +} -#ifndef ENABLE_SSSE3_SHA1 -static void sha1_process_block(const void *buffer, size_t len, SHA_CTX *ctx) +/* Calculate the SHA-1 message digest of the specified buffer. + * @len is the buffer length in bytes. */ +void +sha1_buffer(const void *buffer, size_t len, u8 md[20]) { - const uint32_t *words = buffer; - size_t nwords = len / sizeof(uint32_t); - const uint32_t *endp = words + nwords; - uint32_t x[16]; - uint32_t a = ctx->A; - uint32_t b = ctx->B; - uint32_t c = ctx->C; - uint32_t d = ctx->D; - uint32_t e = ctx->E; - - /* First increment the byte count. RFC 1321 specifies the possible - length of the file up to 2^64 bits. Here we only compute the - number of bytes. Do a double word increment. */ - ctx->total[0] += len; - if (ctx->total[0] < len) - ++ctx->total[1]; - -#define rol(x, n) (((x) << (n)) | ((uint32_t) (x) >> (32 - (n)))) - -#define M(I) ( tm = x[I&0x0f] ^ x[(I-14)&0x0f] \ - ^ x[(I-8)&0x0f] ^ x[(I-3)&0x0f] \ - , (x[I&0x0f] = rol(tm, 1)) ) - -#define R(A,B,C,D,E,F,K,M) do { E += rol( A, 5 ) \ - + F( B, C, D ) \ - + K \ - + M; \ - B = rol( B, 30 ); \ - } while(0) - - while (words < endp) { - uint32_t tm; - int t; - for (t = 0; t < 16; t++) { - x[t] = SWAP(*words); - words++; - } + SHA_CTX ctx; - R(a, b, c, d, e, F1, K1, x[0]); - R(e, a, b, c, d, F1, K1, x[1]); - R(d, e, a, b, c, F1, K1, x[2]); - R(c, d, e, a, b, F1, K1, x[3]); - R(b, c, d, e, a, F1, K1, x[4]); - R(a, b, c, d, e, F1, K1, x[5]); - R(e, a, b, c, d, F1, K1, x[6]); - R(d, e, a, b, c, F1, K1, x[7]); - R(c, d, e, a, b, F1, K1, x[8]); - R(b, c, d, e, a, F1, K1, x[9]); - R(a, b, c, d, e, F1, K1, x[10]); - R(e, a, b, c, d, F1, K1, x[11]); - R(d, e, a, b, c, F1, K1, x[12]); - R(c, d, e, a, b, F1, K1, x[13]); - R(b, c, d, e, a, F1, K1, x[14]); - R(a, b, c, d, e, F1, K1, x[15]); - R(e, a, b, c, d, F1, K1, M(16)); - R(d, e, a, b, c, F1, K1, M(17)); - R(c, d, e, a, b, F1, K1, M(18)); - R(b, c, d, e, a, F1, K1, M(19)); - R(a, b, c, d, e, F2, K2, M(20)); - R(e, a, b, c, d, F2, K2, M(21)); - R(d, e, a, b, c, F2, K2, M(22)); - R(c, d, e, a, b, F2, K2, M(23)); - R(b, c, d, e, a, F2, K2, M(24)); - R(a, b, c, d, e, F2, K2, M(25)); - R(e, a, b, c, d, F2, K2, M(26)); - R(d, e, a, b, c, F2, K2, M(27)); - R(c, d, e, a, b, F2, K2, M(28)); - R(b, c, d, e, a, F2, K2, M(29)); - R(a, b, c, d, e, F2, K2, M(30)); - R(e, a, b, c, d, F2, K2, M(31)); - R(d, e, a, b, c, F2, K2, M(32)); - R(c, d, e, a, b, F2, K2, M(33)); - R(b, c, d, e, a, F2, K2, M(34)); - R(a, b, c, d, e, F2, K2, M(35)); - R(e, a, b, c, d, F2, K2, M(36)); - R(d, e, a, b, c, F2, K2, M(37)); - R(c, d, e, a, b, F2, K2, M(38)); - R(b, c, d, e, a, F2, K2, M(39)); - R(a, b, c, d, e, F3, K3, M(40)); - R(e, a, b, c, d, F3, K3, M(41)); - R(d, e, a, b, c, F3, K3, M(42)); - R(c, d, e, a, b, F3, K3, M(43)); - R(b, c, d, e, a, F3, K3, M(44)); - R(a, b, c, d, e, F3, K3, M(45)); - R(e, a, b, c, d, F3, K3, M(46)); - R(d, e, a, b, c, F3, K3, M(47)); - R(c, d, e, a, b, F3, K3, M(48)); - R(b, c, d, e, a, F3, K3, M(49)); - R(a, b, c, d, e, F3, K3, M(50)); - R(e, a, b, c, d, F3, K3, M(51)); - R(d, e, a, b, c, F3, K3, M(52)); - R(c, d, e, a, b, F3, K3, M(53)); - R(b, c, d, e, a, F3, K3, M(54)); - R(a, b, c, d, e, F3, K3, M(55)); - R(e, a, b, c, d, F3, K3, M(56)); - R(d, e, a, b, c, F3, K3, M(57)); - R(c, d, e, a, b, F3, K3, M(58)); - R(b, c, d, e, a, F3, K3, M(59)); - R(a, b, c, d, e, F4, K4, M(60)); - R(e, a, b, c, d, F4, K4, M(61)); - R(d, e, a, b, c, F4, K4, M(62)); - R(c, d, e, a, b, F4, K4, M(63)); - R(b, c, d, e, a, F4, K4, M(64)); - R(a, b, c, d, e, F4, K4, M(65)); - R(e, a, b, c, d, F4, K4, M(66)); - R(d, e, a, b, c, F4, K4, M(67)); - R(c, d, e, a, b, F4, K4, M(68)); - R(b, c, d, e, a, F4, K4, M(69)); - R(a, b, c, d, e, F4, K4, M(70)); - R(e, a, b, c, d, F4, K4, M(71)); - R(d, e, a, b, c, F4, K4, M(72)); - R(c, d, e, a, b, F4, K4, M(73)); - R(b, c, d, e, a, F4, K4, M(74)); - R(a, b, c, d, e, F4, K4, M(75)); - R(e, a, b, c, d, F4, K4, M(76)); - R(d, e, a, b, c, F4, K4, M(77)); - R(c, d, e, a, b, F4, K4, M(78)); - R(b, c, d, e, a, F4, K4, M(79)); - - a = ctx->A += a; - b = ctx->B += b; - c = ctx->C += c; - d = ctx->D += d; - e = ctx->E += e; - } + sha1_init(&ctx); + sha1_update(&ctx, buffer, len); + sha1_final(md, &ctx); } -#endif /* ENABLE_SSSE3_SHA1 */ -#endif /* WITH_LIBCRYPTO */ +#endif /* !WITH_LIBCRYPTO */