Unify the different SHA1 structs again.

sjaeckel · sjaeckel · commit f689fbb037b8 · 2026-04-14T08:46:37.000+02:00
Signed-off-by: Steffen Jaeckel &lt;s@jaeckel.eu&gt;
diff --git a/src/hashes/sha1.c b/src/hashes/sha1.c
@@ -63,11 +63,11 @@ static int  s_sha1_c_compress(hash_state *md, const unsigned char *buf)
     }
 
     /* copy state */
-    a = md->sha1_c.state[0];
-    b = md->sha1_c.state[1];
-    c = md->sha1_c.state[2];
-    d = md->sha1_c.state[3];
-    e = md->sha1_c.state[4];
+    a = md->sha1.state[0];
+    b = md->sha1.state[1];
+    c = md->sha1.state[2];
+    d = md->sha1.state[3];
+    e = md->sha1.state[4];
 
 #ifdef LTC_SMALL_STACK_SHA1
     #define Wi(i) do { W[(i) % 16] = ROL(W[((i) - 3) % 16] ^ W[((i) - 8) % 16] ^ W[((i) - 14) % 16] ^ W[((i) - 16) % 16], 1); } while(0)
@@ -160,11 +160,11 @@ static int  s_sha1_c_compress(hash_state *md, const unsigned char *buf)
     #undef Windex
 
     /* store */
-    md->sha1_c.state[0] = md->sha1_c.state[0] + a;
-    md->sha1_c.state[1] = md->sha1_c.state[1] + b;
-    md->sha1_c.state[2] = md->sha1_c.state[2] + c;
-    md->sha1_c.state[3] = md->sha1_c.state[3] + d;
-    md->sha1_c.state[4] = md->sha1_c.state[4] + e;
+    md->sha1.state[0] = md->sha1.state[0] + a;
+    md->sha1.state[1] = md->sha1.state[1] + b;
+    md->sha1.state[2] = md->sha1.state[2] + c;
+    md->sha1.state[3] = md->sha1.state[3] + d;
+    md->sha1.state[4] = md->sha1.state[4] + e;
 
     return CRYPT_OK;
 }
@@ -187,13 +187,16 @@ static int s_sha1_c_compress(hash_state *md, const unsigned char *buf)
 int sha1_c_init(hash_state * md)
 {
    LTC_ARGCHK(md != NULL);
-   md->sha1_c.state[0] = 0x67452301UL;
-   md->sha1_c.state[1] = 0xefcdab89UL;
-   md->sha1_c.state[2] = 0x98badcfeUL;
-   md->sha1_c.state[3] = 0x10325476UL;
-   md->sha1_c.state[4] = 0xc3d2e1f0UL;
-   md->sha1_c.curlen = 0;
-   md->sha1_c.length = 0;
+
+   md->sha1.state = LTC_ALIGN_BUF(md->sha1.state_buf, 16);
+
+   md->sha1.state[0] = 0x67452301UL;
+   md->sha1.state[1] = 0xefcdab89UL;
+   md->sha1.state[2] = 0x98badcfeUL;
+   md->sha1.state[3] = 0x10325476UL;
+   md->sha1.state[4] = 0xc3d2e1f0UL;
+   md->sha1.curlen = 0;
+   md->sha1.length = 0;
    return CRYPT_OK;
 }
 
@@ -204,7 +207,7 @@ int sha1_c_init(hash_state * md)
    @param inlen  The length of the data (octets)
    @return CRYPT_OK if successful
 */
-HASH_PROCESS(sha1_c_process, s_sha1_c_compress, sha1_c, 64)
+HASH_PROCESS(sha1_c_process, s_sha1_c_compress, sha1, 64)
 
 /**
    Terminate the hash to get the digest
@@ -219,40 +222,40 @@ int sha1_c_done(hash_state * md, unsigned char *out)
     LTC_ARGCHK(md  != NULL);
     LTC_ARGCHK(out != NULL);
 
-    if (md->sha1_c.curlen >= sizeof(md->sha1_c.buf)) {
+    if (md->sha1.curlen >= sizeof(md->sha1.buf)) {
        return CRYPT_INVALID_ARG;
     }
 
     /* increase the length of the message */
-    md->sha1_c.length += md->sha1_c.curlen * 8;
+    md->sha1.length += md->sha1.curlen * 8;
 
     /* append the '1' bit */
-    md->sha1_c.buf[md->sha1_c.curlen++] = (unsigned char)0x80;
+    md->sha1.buf[md->sha1.curlen++] = (unsigned char)0x80;
 
     /* if the length is currently above 56 bytes we append zeros
      * then compress.  Then we can fall back to padding zeros and length
      * encoding like normal.
      */
-    if (md->sha1_c.curlen > 56) {
-        while (md->sha1_c.curlen < 64) {
-            md->sha1_c.buf[md->sha1_c.curlen++] = (unsigned char)0;
+    if (md->sha1.curlen > 56) {
+        while (md->sha1.curlen < 64) {
+            md->sha1.buf[md->sha1.curlen++] = (unsigned char)0;
         }
-        s_sha1_c_compress(md, md->sha1_c.buf);
-        md->sha1_c.curlen = 0;
+        s_sha1_c_compress(md, md->sha1.buf);
+        md->sha1.curlen = 0;
     }
 
     /* pad upto 56 bytes of zeroes */
-    while (md->sha1_c.curlen < 56) {
-        md->sha1_c.buf[md->sha1_c.curlen++] = (unsigned char)0;
+    while (md->sha1.curlen < 56) {
+        md->sha1.buf[md->sha1.curlen++] = (unsigned char)0;
     }
 
     /* store length */
-    STORE64H(md->sha1_c.length, md->sha1_c.buf+56);
-    s_sha1_c_compress(md, md->sha1_c.buf);
+    STORE64H(md->sha1.length, md->sha1.buf+56);
+    s_sha1_c_compress(md, md->sha1.buf);
 
     /* copy output */
     for (i = 0; i < 5; i++) {
-        STORE32H(md->sha1_c.state[i], out+(4*i));
+        STORE32H(md->sha1.state[i], out+(4*i));
     }
 #ifdef LTC_CLEAN_STACK
     zeromem(md, sizeof(hash_state));
diff --git a/src/hashes/sha1_x86.c b/src/hashes/sha1_x86.c
@@ -64,13 +64,13 @@ static int ltc_attribute_sha1 s_sha1_x86_compress(hash_state *md, const unsigned
 
     LTC_ARGCHK(md != NULL);
     LTC_ARGCHK(buf != NULL);
-    LTC_ARGCHK(((uintptr_t)(&md->sha1_x86.state[0])) % 16 == 0);
+    LTC_ARGCHK(((uintptr_t)(&md->sha1.state[0])) % 16 == 0);
     LTC_ARGCHK(sizeof(int) == 4);
 
     reverse_8 = _mm_set_epi64x(0x0001020304050607ull, 0x08090a0b0c0d0e0full);
-    abcdx = _mm_load_si128(((__m128i const*)(&md->sha1_x86.state[0])));
+    abcdx = _mm_load_si128(((__m128i const*)(&md->sha1.state[0])));
     abcdx = _mm_shuffle_epi32(abcdx, k_reverse_32);
-    e = _mm_set_epi32(*((int const*)(&md->sha1_x86.state[4])), 0, 0, 0);
+    e = _mm_set_epi32(*((int const*)(&md->sha1.state[4])), 0, 0, 0);
 
     old_abcd = abcdx;
     old_e = e;
@@ -176,8 +176,8 @@ static int ltc_attribute_sha1 s_sha1_x86_compress(hash_state *md, const unsigned
     e = _mm_add_epi32(e, old_e);
 
     abcdx = _mm_shuffle_epi32(abcdx, k_reverse_32);
-    _mm_store_si128(((__m128i*)(&md->sha1_x86.state[0])), abcdx);
-    *((int*)(&md->sha1_x86.state[4])) = _mm_extract_epi32(e, 3);
+    _mm_store_si128(((__m128i*)(&md->sha1.state[0])), abcdx);
+    *((int*)(&md->sha1.state[4])) = _mm_extract_epi32(e, 3);
 
     return CRYPT_OK;
 
@@ -202,13 +202,16 @@ static int s_sha1_x86_compress(hash_state *md, const unsigned char *buf)
 int sha1_x86_init(hash_state * md)
 {
    LTC_ARGCHK(md != NULL);
-   md->sha1_x86.state[0] = 0x67452301UL;
-   md->sha1_x86.state[1] = 0xefcdab89UL;
-   md->sha1_x86.state[2] = 0x98badcfeUL;
-   md->sha1_x86.state[3] = 0x10325476UL;
-   md->sha1_x86.state[4] = 0xc3d2e1f0UL;
-   md->sha1_x86.curlen = 0;
-   md->sha1_x86.length = 0;
+
+   md->sha1.state = LTC_ALIGN_BUF(md->sha1.state_buf, 16);
+
+   md->sha1.state[0] = 0x67452301UL;
+   md->sha1.state[1] = 0xefcdab89UL;
+   md->sha1.state[2] = 0x98badcfeUL;
+   md->sha1.state[3] = 0x10325476UL;
+   md->sha1.state[4] = 0xc3d2e1f0UL;
+   md->sha1.curlen = 0;
+   md->sha1.length = 0;
    return CRYPT_OK;
 }
 
@@ -219,7 +222,7 @@ int sha1_x86_init(hash_state * md)
    @param inlen  The length of the data (octets)
    @return CRYPT_OK if successful
 */
-HASH_PROCESS(sha1_x86_process, s_sha1_x86_compress, sha1_x86, 64)
+HASH_PROCESS(sha1_x86_process, s_sha1_x86_compress, sha1, 64)
 
 /**
    Terminate the hash to get the digest
@@ -234,40 +237,40 @@ int sha1_x86_done(hash_state * md, unsigned char *out)
     LTC_ARGCHK(md  != NULL);
     LTC_ARGCHK(out != NULL);
 
-    if (md->sha1_x86.curlen >= ((int)(sizeof(md->sha1_x86.buf)))) {
+    if (md->sha1.curlen >= ((int)(sizeof(md->sha1.buf)))) {
        return CRYPT_INVALID_ARG;
     }
 
     /* increase the length of the message */
-    md->sha1_x86.length += md->sha1_x86.curlen * 8;
+    md->sha1.length += md->sha1.curlen * 8;
 
     /* append the '1' bit */
-    md->sha1_x86.buf[md->sha1_x86.curlen++] = (unsigned char)0x80;
+    md->sha1.buf[md->sha1.curlen++] = (unsigned char)0x80;
 
     /* if the length is currently above 56 bytes we append zeros
      * then compress.  Then we can fall back to padding zeros and length
      * encoding like normal.
      */
-    if (md->sha1_x86.curlen > 56) {
-        while (md->sha1_x86.curlen < 64) {
-            md->sha1_x86.buf[md->sha1_x86.curlen++] = (unsigned char)0;
+    if (md->sha1.curlen > 56) {
+        while (md->sha1.curlen < 64) {
+            md->sha1.buf[md->sha1.curlen++] = (unsigned char)0;
         }
-        s_sha1_x86_compress(md, md->sha1_x86.buf);
-        md->sha1_x86.curlen = 0;
+        s_sha1_x86_compress(md, md->sha1.buf);
+        md->sha1.curlen = 0;
     }
 
     /* pad upto 56 bytes of zeroes */
-    while (md->sha1_x86.curlen < 56) {
-        md->sha1_x86.buf[md->sha1_x86.curlen++] = (unsigned char)0;
+    while (md->sha1.curlen < 56) {
+        md->sha1.buf[md->sha1.curlen++] = (unsigned char)0;
     }
 
     /* store length */
-    STORE64H(md->sha1_x86.length, md->sha1_x86.buf+56);
-    s_sha1_x86_compress(md, md->sha1_x86.buf);
+    STORE64H(md->sha1.length, md->sha1.buf+56);
+    s_sha1_x86_compress(md, md->sha1.buf);
 
     /* copy output */
     for (i = 0; i < 5; i++) {
-        STORE32H(md->sha1_x86.state[i], out+(4*i));
+        STORE32H(md->sha1.state[i], out+(4*i));
     }
 #ifdef LTC_CLEAN_STACK
     zeromem(md, sizeof(hash_state));
diff --git a/src/headers/tomcrypt_hash.h b/src/headers/tomcrypt_hash.h
@@ -60,25 +60,14 @@ LTC_ALIGN_AS(16) struct sha256_x86_state {
 #endif
 
 #ifdef LTC_SHA1
-struct sha1_c_state {
+struct sha1_state {
     ulong64 length;
-    ulong32 state[5], curlen;
+    ulong32 *state, curlen;
     unsigned char buf[64];
+    unsigned char state_buf[LTC_ALIGNED_BUF_SIZE(ulong32, 5, 16)];
 };
 #endif
 
-#ifdef LTC_SHA1_X86
-#pragma pack(push)
-#pragma pack(16)
-struct sha1_x86_state {
-    ulong32 state[5];
-    ulong32  curlen;
-    ulong64 length;
-    unsigned char buf[64];
-};
-#pragma pack(pop)
-#endif
-
 #ifdef LTC_MD5
 struct md5_state {
     ulong64 length;
@@ -206,10 +195,7 @@ typedef union Hash_state {
     struct sha256_x86_state sha256_x86;
 #endif
 #ifdef LTC_SHA1
-    struct sha1_c_state sha1_c;
-#endif
-#ifdef LTC_SHA1_X86
-    struct sha1_x86_state sha1_x86;
+    struct sha1_state sha1;
 #endif
 #ifdef LTC_MD5
     struct md5_state    md5;
diff --git a/src/misc/crypt/crypt_sizes.c b/src/misc/crypt/crypt_sizes.c
@@ -40,7 +40,7 @@ static const crypt_size s_crypt_sizes[] = {
     SZ_STRINGIFY_S(sha256_c_state),
 #endif
 #ifdef LTC_SHA1
-    SZ_STRINGIFY_S(sha1_c_state),
+    SZ_STRINGIFY_S(sha1_state),
 #endif
 #ifdef LTC_MD5
     SZ_STRINGIFY_S(md5_state),
