Diff - ac9404c3a858cd5656b514552c324c17c6e1ea7f^! - boringssl.git - Git at Google

commit	ac9404c3a858cd5656b514552c324c17c6e1ea7f	[log] [tgz]
author	Brian Smith <brian@briansmith.org>	Sun Nov 01 10:13:24 2015 -1000
committer	Adam Langley <agl@google.com>	Wed Nov 04 00:01:09 2015 +0000
tree	70cc42364f44f8e7fe1feb062d400dd82d4a9ba4
parent	8fb0f525e1a6a5c9be5250a7e91ffacb3e2c3ddf [diff] [blame]

Improve crypto/digest/md32_common.h mechanism.

The documentation in md32_common.h is now (more) correct with respect
to the most important details of the layout of |HASH_CTX|. The
documentation explaining why sha512.c doesn't use md32_common.h is now
more accurate as well.

Before, the C implementations of HASH_BLOCK_DATA_ORDER took a pointer
to the |HASH_CTX| and the assembly language implementations took a
pointer to the hash state |h| member of |HASH_CTX|. (This worked
because |h| is always the first member of |HASH_CTX|.) Now, the C
implementations take a pointer directly to |h| too.

The definitions of |MD4_CTX|, |MD5_CTX|, and |SHA1_CTX| were changed to
be consistent with |SHA256_CTX| and |SHA512_CTX| in storing the hash
state in an array. This will break source compatibility with any
external code that accesses the hash state directly, but will not
affect binary compatibility.

The second parameter of |HASH_BLOCK_DATA_ORDER| is now of type
|const uint8_t *|; previously it was |void *| and all implementations
had a |uint8_t *data| variable to access it as an array of bytes.

This change paves the way for future refactorings such as automatically
generating the |*_Init| functions and/or sharing one I-U-F
implementation across all digest algorithms.

Change-Id: I6e9dd09ff057c67941021d324a4fa1d39f58b0db
Reviewed-on: https://boringssl-review.googlesource.com/6405
Reviewed-by: Adam Langley <agl@google.com>

diff --git a/include/openssl/sha.h b/include/openssl/sha.h
index ac2ab75..f4253ec 100644
--- a/include/openssl/sha.h
+++ b/include/openssl/sha.h

@@ -98,7 +98,22 @@
 OPENSSL_EXPORT void SHA1_Transform(SHA_CTX *sha, const uint8_t *block);
 
 struct sha_state_st {
-  uint32_t h0, h1, h2, h3, h4;
+#if !defined(ANDROID)
+  uint32_t h[5];
+#else
+  /* wpa_supplicant accesses |h0|..|h4| so we must support those names
+   * for compatibility with it until it can be updated. */
+  union {
+    uint32_t h[5];
+    struct {
+      uint32_t h0;
+      uint32_t h1;
+      uint32_t h2;
+      uint32_t h3;
+      uint32_t h4;
+    };
+  };
+#endif
   uint32_t Nl, Nh;
   uint32_t data[16];
   unsigned int num;