Rename SHA256/384/512 API to avoid namespace collisions with

forthcoming OpenSSL update.
Function names lose their underscore (SHA256_Init => SHA256Init) and
the various SHA256_CTX, SHA512_CTX are merged into a single SHA2_CTX
that is used for all these hashes.
ok millert@ manpage bits jmc@ "please commit" deraadt@

src/include/sha2.h

@@ -1,4 +1,4 @@
-/*	$OpenBSD: sha2.h,v 1.6 2004/06/22 01:57:30 jfb Exp $	*/
+/*	$OpenBSD: sha2.h,v 1.7 2008/09/06 12:00:19 djm Exp $	*/
 
 /*
  * FILE:	sha2.h
@@ -50,71 +50,67 @@
 #define SHA512_DIGEST_STRING_LENGTH	(SHA512_DIGEST_LENGTH * 2 + 1)
 
 
-/*** SHA-256/384/512 Context Structures *******************************/
-typedef struct _SHA256_CTX {
-	u_int32_t	state[8];
-	u_int64_t	bitcount;
-	u_int8_t	buffer[SHA256_BLOCK_LENGTH];
-} SHA256_CTX;
-typedef struct _SHA512_CTX {
-	u_int64_t	state[8];
+/*** SHA-256/384/512 Context Structure *******************************/
+typedef struct _SHA2_CTX {
+	union {
+		u_int32_t	st32[8];
+		u_int64_t	st64[8];
+	} state;
 	u_int64_t	bitcount[2];
 	u_int8_t	buffer[SHA512_BLOCK_LENGTH];
-} SHA512_CTX;
-
-typedef SHA512_CTX SHA384_CTX;
+} SHA2_CTX;
 
 #include <sys/cdefs.h>
 
 __BEGIN_DECLS
-void SHA256_Init(SHA256_CTX *);
-void SHA256_Transform(u_int32_t state[8], const u_int8_t [SHA256_BLOCK_LENGTH]);
-void SHA256_Update(SHA256_CTX *, const u_int8_t *, size_t)
+void SHA256Init(SHA2_CTX *);
+void SHA256Transform(u_int32_t state[8], const u_int8_t [SHA256_BLOCK_LENGTH]);
+void SHA256Update(SHA2_CTX *, const u_int8_t *, size_t)
 	__attribute__((__bounded__(__string__,2,3)));
-void SHA256_Pad(SHA256_CTX *);
-void SHA256_Final(u_int8_t [SHA256_DIGEST_LENGTH], SHA256_CTX *)
+void SHA256Pad(SHA2_CTX *);
+void SHA256Final(u_int8_t [SHA256_DIGEST_LENGTH], SHA2_CTX *)
 	__attribute__((__bounded__(__minbytes__,1,SHA256_DIGEST_LENGTH)));
-char *SHA256_End(SHA256_CTX *, char *)
+char *SHA256End(SHA2_CTX *, char *)
 	__attribute__((__bounded__(__minbytes__,2,SHA256_DIGEST_STRING_LENGTH)));
-char *SHA256_File(const char *, char *)
+char *SHA256File(const char *, char *)
 	__attribute__((__bounded__(__minbytes__,2,SHA256_DIGEST_STRING_LENGTH)));
-char *SHA256_FileChunk(const char *, char *, off_t, off_t)
+char *SHA256FileChunk(const char *, char *, off_t, off_t)
 	__attribute__((__bounded__(__minbytes__,2,SHA256_DIGEST_STRING_LENGTH)));
-char *SHA256_Data(const u_int8_t *, size_t, char *)
+char *SHA256Data(const u_int8_t *, size_t, char *)
 	__attribute__((__bounded__(__string__,1,2)))
 	__attribute__((__bounded__(__minbytes__,3,SHA256_DIGEST_STRING_LENGTH)));
 
-void SHA384_Init(SHA384_CTX *);
-void SHA384_Transform(u_int64_t state[8], const u_int8_t [SHA384_BLOCK_LENGTH]);
-void SHA384_Update(SHA384_CTX *, const u_int8_t *, size_t)
+void SHA384Init(SHA2_CTX *);
+void SHA384Transform(u_int64_t state[8], const u_int8_t [SHA384_BLOCK_LENGTH]);
+void SHA384Update(SHA2_CTX *, const u_int8_t *, size_t)
 	__attribute__((__bounded__(__string__,2,3)));
-void SHA384_Pad(SHA384_CTX *);
-void SHA384_Final(u_int8_t [SHA384_DIGEST_LENGTH], SHA384_CTX *)
+void SHA384Pad(SHA2_CTX *);
+void SHA384Final(u_int8_t [SHA384_DIGEST_LENGTH], SHA2_CTX *)
 	__attribute__((__bounded__(__minbytes__,1,SHA384_DIGEST_LENGTH)));
-char *SHA384_End(SHA384_CTX *, char *)
+char *SHA384End(SHA2_CTX *, char *)
 	__attribute__((__bounded__(__minbytes__,2,SHA384_DIGEST_STRING_LENGTH)));
-char *SHA384_File(const char *, char *)
+char *SHA384File(const char *, char *)
 	__attribute__((__bounded__(__minbytes__,2,SHA384_DIGEST_STRING_LENGTH)));
-char *SHA384_FileChunk(const char *, char *, off_t, off_t)
+char *SHA384FileChunk(const char *, char *, off_t, off_t)
 	__attribute__((__bounded__(__minbytes__,2,SHA384_DIGEST_STRING_LENGTH)));
-char *SHA384_Data(const u_int8_t *, size_t, char *)
+char *SHA384Data(const u_int8_t *, size_t, char *)
 	__attribute__((__bounded__(__string__,1,2)))
 	__attribute__((__bounded__(__minbytes__,3,SHA384_DIGEST_STRING_LENGTH)));
 
-void SHA512_Init(SHA512_CTX *);
-void SHA512_Transform(u_int64_t state[8], const u_int8_t [SHA512_BLOCK_LENGTH]);
-void SHA512_Update(SHA512_CTX *, const u_int8_t *, size_t)
+void SHA512Init(SHA2_CTX *);
+void SHA512Transform(u_int64_t state[8], const u_int8_t [SHA512_BLOCK_LENGTH]);
+void SHA512Update(SHA2_CTX *, const u_int8_t *, size_t)
 	__attribute__((__bounded__(__string__,2,3)));
-void SHA512_Pad(SHA512_CTX *);
-void SHA512_Final(u_int8_t [SHA512_DIGEST_LENGTH], SHA512_CTX *)
+void SHA512Pad(SHA2_CTX *);
+void SHA512Final(u_int8_t [SHA512_DIGEST_LENGTH], SHA2_CTX *)
 	__attribute__((__bounded__(__minbytes__,1,SHA512_DIGEST_LENGTH)));
-char *SHA512_End(SHA512_CTX *, char *)
+char *SHA512End(SHA2_CTX *, char *)
 	__attribute__((__bounded__(__minbytes__,2,SHA512_DIGEST_STRING_LENGTH)));
-char *SHA512_File(const char *, char *)
+char *SHA512File(const char *, char *)
 	__attribute__((__bounded__(__minbytes__,2,SHA512_DIGEST_STRING_LENGTH)));
-char *SHA512_FileChunk(const char *, char *, off_t, off_t)
+char *SHA512FileChunk(const char *, char *, off_t, off_t)
 	__attribute__((__bounded__(__minbytes__,2,SHA512_DIGEST_STRING_LENGTH)));
-char *SHA512_Data(const u_int8_t *, size_t, char *)
+char *SHA512Data(const u_int8_t *, size_t, char *)
 	__attribute__((__bounded__(__string__,1,2)))
 	__attribute__((__bounded__(__minbytes__,3,SHA512_DIGEST_STRING_LENGTH)));
 __END_DECLS

src/lib/libc/hash/Makefile.inc

@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile.inc,v 1.17 2004/05/03 17:30:14 millert Exp $
+#	$OpenBSD: Makefile.inc,v 1.18 2008/09/06 12:00:19 djm Exp $
 
 # hash functions
 .PATH: ${LIBCSRCDIR}/hash
@@ -19,15 +19,15 @@ MLINKS+=rmd160.3 RMD160FileChunk.3 rmd160.3 RMD160Pad.3  rmd160.3 RMD160Data.3
 MLINKS+=sha1.3 SHA1Transform.3 sha1.3 SHA1Init.3 sha1.3 SHA1Final.3
 MLINKS+=sha1.3 SHA1Update.3    sha1.3 SHA1End.3  sha1.3 SHA1File.3
 MLINKS+=sha1.3 SHA1FileChunk.3 sha1.3 SHA1Pad.3  sha1.3 SHA1Data.3
-MLINKS+=sha2.3 SHA256_Init.3 sha2.3 SHA256_Update.3 sha2.3 SHA256_Final.3
-MLINKS+=sha2.3 SHA256_End.3  sha2.3 SHA256_File.3   sha2.3 SHA256_Data.3
-MLINKS+=sha2.3 SHA256_Pad.3  sha2.3 SHA256_FileChunk.3
-MLINKS+=sha2.3 SHA384_Init.3 sha2.3 SHA384_Update.3 sha2.3 SHA384_Final.3
-MLINKS+=sha2.3 SHA384_End.3  sha2.3 SHA384_File.3   sha2.3 SHA384_Data.3
-MLINKS+=sha2.3 SHA384_Pad.3  sha2.3 SHA384_FileChunk.3
-MLINKS+=sha2.3 SHA512_Init.3 sha2.3 SHA512_Update.3 sha2.3 SHA512_Final.3
-MLINKS+=sha2.3 SHA512_End.3  sha2.3 SHA512_File.3   sha2.3 SHA512_Data.3
-MLINKS+=sha2.3 SHA512_Pad.3  sha2.3 SHA512_FileChunk.3
+MLINKS+=sha2.3 SHA256Init.3  sha2.3 SHA256Update.3    sha2.3 SHA256Pad.3
+MLINKS+=sha2.3 SHA256Final.3 sha2.3 SHA256Transform.3 sha2.3 SHA256End.3
+MLINKS+=sha2.3 SHA256File.3  sha2.3 SHA256FileChunk.3 sha2.3 SHA256Data.3
+MLINKS+=sha2.3 SHA384Init.3  sha2.3 SHA384Update.3    sha2.3 SHA384Pad.3
+MLINKS+=sha2.3 SHA384Final.3 sha2.3 SHA384Transform.3 sha2.3 SHA384End.3
+MLINKS+=sha2.3 SHA384File.3  sha2.3 SHA384FileChunk.3 sha2.3 SHA384Data.3
+MLINKS+=sha2.3 SHA512Init.3  sha2.3 SHA512Update.3    sha2.3 SHA512Pad.3
+MLINKS+=sha2.3 SHA512Final.3 sha2.3 SHA512Transform.3 sha2.3 SHA512End.3
+MLINKS+=sha2.3 SHA512File.3  sha2.3 SHA512FileChunk.3 sha2.3 SHA512Data.3
 CLEANFILES+= ${HELPER} md[45].3
 
 .ifndef NOMAN
@@ -53,12 +53,18 @@ sha1hl.c:	helper.c
 	sed -e 's/hashinc/sha1.h/g' -e 's/HASH/SHA1/g' $> > $@
 
 sha256hl.c:	helper.c
-	sed -e 's/hashinc/sha2.h/g' -e 's/HASH_\{0,1\}/SHA256_/g' $> > $@
+	sed -e 's/hashinc/sha2.h/g' \
+	    -e 's/HASH/SHA256/g' \
+	    -e 's/SHA[0-9][0-9][0-9]_CTX/SHA2_CTX/g' $> > $@
 
 sha384hl.c:	helper.c
-	sed -e 's/hashinc/sha2.h/g' -e 's/HASH_\{0,1\}/SHA384_/g' $> > $@
+	sed -e 's/hashinc/sha2.h/g' \
+	    -e 's/HASH/SHA384/g' \
+	    -e 's/SHA[0-9][0-9][0-9]_CTX/SHA2_CTX/g' $> > $@
 
 sha512hl.c:	helper.c
-	sed -e 's/hashinc/sha2.h/g' -e 's/HASH_\{0,1\}/SHA512_/g' $> > $@
+	sed -e 's/hashinc/sha2.h/g' \
+	    -e 's/HASH/SHA512/g' \
+	    -e 's/SHA[0-9][0-9][0-9]_CTX/SHA2_CTX/g' $> > $@
 
 beforedepend: md4hl.c md5hl.c rmd160hl.c sha1hl.c sha256hl.c sha384hl.c sha512hl.c

src/lib/libc/hash/sha2.3

@@ -1,4 +1,4 @@
-.\"	$OpenBSD: sha2.3,v 1.14 2007/05/31 19:19:29 jmc Exp $
+.\"	$OpenBSD: sha2.3,v 1.15 2008/09/06 12:00:19 djm Exp $
 .\"
 .\" Copyright (c) 2003, 2004 Todd C. Miller <Todd.Miller@courtesan.com>
 .\"
@@ -20,77 +20,77 @@
 .\"
 .\" See http://www.nist.gov/sha/ for the detailed standard
 .\"
-.Dd $Mdocdate: May 31 2007 $
+.Dd $Mdocdate: September 6 2008 $
 .Dt SHA2 3
 .Os
 .Sh NAME
-.Nm SHA256_Init ,
-.Nm SHA256_Update ,
-.Nm SHA256_Pad ,
-.Nm SHA256_Final ,
-.Nm SHA256_Transform ,
-.Nm SHA256_End ,
-.Nm SHA256_File ,
-.Nm SHA256_FileChunk ,
-.Nm SHA256_Data
+.Nm SHA256Init ,
+.Nm SHA256Update ,
+.Nm SHA256Pad ,
+.Nm SHA256Final ,
+.Nm SHA256Transform ,
+.Nm SHA256End ,
+.Nm SHA256File ,
+.Nm SHA256FileChunk ,
+.Nm SHA256Data
 .Nd calculate the NIST Secure Hash Standard (version 2)
 .Sh SYNOPSIS
 .Fd #include <sys/types.h>
 .Fd #include <sha2.h>
 .Ft void
-.Fn SHA256_Init "SHA256_CTX *context"
+.Fn SHA256Init "SHA2_CTX *context"
 .Ft void
-.Fn SHA256_Update "SHA256_CTX *context" "const u_int8_t *data" "size_t len"
+.Fn SHA256Update "SHA2_CTX *context" "const u_int8_t *data" "size_t len"
 .Ft void
-.Fn SHA256_Pad "SHA256_CTX *context"
+.Fn SHA256Pad "SHA2_CTX *context"
 .Ft void
-.Fn SHA256_Final "u_int8_t digest[SHA256_DIGEST_LENGTH]" "SHA256_CTX *context"
+.Fn SHA256Final "u_int8_t digest[SHA256_DIGEST_LENGTH]" "SHA2_CTX *context"
 .Ft void
-.Fn SHA256_Transform "u_int32_t state[8]" "const u_int8_t buffer[SHA256_BLOCK_LENGTH]"
+.Fn SHA256Transform "u_int32_t state[8]" "const u_int8_t buffer[SHA256_BLOCK_LENGTH]"
 .Ft "char *"
-.Fn SHA256_End "SHA256_CTX *context" "char *buf"
+.Fn SHA256End "SHA2_CTX *context" "char *buf"
 .Ft "char *"
-.Fn SHA256_File "const char *filename" "char *buf"
+.Fn SHA256File "const char *filename" "char *buf"
 .Ft "char *"
-.Fn SHA256_FileChunk "const char *filename" "char *buf" "off_t offset" "off_t length"
+.Fn SHA256FileChunk "const char *filename" "char *buf" "off_t offset" "off_t length"
 .Ft "char *"
-.Fn SHA256_Data "u_int8_t *data" "size_t len" "char *buf"
+.Fn SHA256Data "u_int8_t *data" "size_t len" "char *buf"
 .Ft void
-.Fn SHA384_Init "SHA384_CTX *context"
+.Fn SHA384Init "SHA2_CTX *context"
 .Ft void
-.Fn SHA384_Update "SHA384_CTX *context" "const u_int8_t *data" "size_t len"
+.Fn SHA384Update "SHA2_CTX *context" "const u_int8_t *data" "size_t len"
 .Ft void
-.Fn SHA384_Pad "SHA384_CTX *context"
+.Fn SHA384Pad "SHA2_CTX *context"
 .Ft void
-.Fn SHA384_Final "u_int8_t digest[SHA384_DIGEST_LENGTH]" "SHA384_CTX *context"
+.Fn SHA384Final "u_int8_t digest[SHA384_DIGEST_LENGTH]" "SHA2_CTX *context"
 .Ft void
-.Fn SHA384_Transform "u_int64_t state[8]" "const u_int8_t buffer[SHA384_BLOCK_LENGTH]"
+.Fn SHA384Transform "u_int64_t state[8]" "const u_int8_t buffer[SHA384_BLOCK_LENGTH]"
 .Ft "char *"
-.Fn SHA384_End "SHA384_CTX *context" "char *buf"
+.Fn SHA384End "SHA2_CTX *context" "char *buf"
 .Ft "char *"
-.Fn SHA384_File "char *filename" "char *buf"
+.Fn SHA384File "char *filename" "char *buf"
 .Ft "char *"
-.Fn SHA384_FileChunk "char *filename" "char *buf" "off_t offset" "off_t length"
+.Fn SHA384FileChunk "char *filename" "char *buf" "off_t offset" "off_t length"
 .Ft "char *"
-.Fn SHA384_Data "u_int8_t *data" "size_t len" "char *buf"
+.Fn SHA384Data "u_int8_t *data" "size_t len" "char *buf"
 .Ft void
-.Fn SHA512_Init "SHA512_CTX *context"
+.Fn SHA512Init "SHA2_CTX *context"
 .Ft void
-.Fn SHA512_Update "SHA512_CTX *context" "const u_int8_t *data" "size_t len"
+.Fn SHA512Update "SHA2_CTX *context" "const u_int8_t *data" "size_t len"
 .Ft void
-.Fn SHA512_Pad "SHA512_CTX *context"
+.Fn SHA512Pad "SHA2_CTX *context"
 .Ft void
-.Fn SHA512_Final "u_int8_t digest[SHA512_DIGEST_LENGTH]" "SHA512_CTX *context"
+.Fn SHA512Final "u_int8_t digest[SHA512_DIGEST_LENGTH]" "SHA2_CTX *context"
 .Ft void
-.Fn SHA512_Transform "u_int64_t state[8]" "const u_int8_t buffer[SHA512_BLOCK_LENGTH]"
+.Fn SHA512Transform "u_int64_t state[8]" "const u_int8_t buffer[SHA512_BLOCK_LENGTH]"
 .Ft "char *"
-.Fn SHA512_End "SHA512_CTX *context" "char *buf"
+.Fn SHA512End "SHA2_CTX *context" "char *buf"
 .Ft "char *"
-.Fn SHA512_File "char *filename" "char *buf"
+.Fn SHA512File "char *filename" "char *buf"
 .Ft "char *"
-.Fn SHA512_FileChunk "char *filename" "char *buf" "off_t offset" "off_t length"
+.Fn SHA512FileChunk "char *filename" "char *buf" "off_t offset" "off_t length"
 .Ft "char *"
-.Fn SHA512_Data "u_int8_t *data" "size_t len" "char *buf"
+.Fn SHA512Data "u_int8_t *data" "size_t len" "char *buf"
 .Sh DESCRIPTION
 The SHA2 functions implement the NIST Secure Hash Standard,
 FIPS PUB 180-2.
@@ -110,70 +110,70 @@ The 256, 384, and 512-bit versions of SHA2 share the same interface.
 For brevity, only the 256-bit variants are described below.
 .Pp
 The
-.Fn SHA256_Init
-function initializes a SHA256_CTX
+.Fn SHA256Init
+function initializes a SHA2_CTX
 .Ar context
 for use with
-.Fn SHA256_Update ,
+.Fn SHA256Update
 and
-.Fn SHA256_Final .
+.Fn SHA256Final .
 The
-.Fn SHA256_Update
+.Fn SHA256Update
 function adds
 .Ar data
 of length
 .Ar len
-to the SHA256_CTX specified by
+to the SHA2_CTX specified by
 .Ar context .
-.Fn SHA256_Final
+.Fn SHA256Final
 is called when all data has been added via
-.Fn SHA256_Update
+.Fn SHA256Update
 and stores a message digest in the
 .Ar digest
 parameter.
 .Pp
 The
-.Fn SHA256_Pad
+.Fn SHA256Pad
 function can be used to apply padding to the message digest as in
-.Fn SHA256_Final ,
+.Fn SHA256Final ,
 but the current context can still be used with
-.Fn SHA256_Update .
+.Fn SHA256Update .
 .Pp
 The
-.Fn SHA256_Transform
+.Fn SHA256Transform
 function is used by
-.Fn SHA256_Update
+.Fn SHA256Update
 to hash 512-bit blocks and forms the core of the algorithm.
 Most programs should use the interface provided by
-.Fn SHA256_Init ,
-.Fn SHA256_Update ,
+.Fn SHA256Init ,
+.Fn SHA256Update ,
 and
-.Fn SHA256_Final
+.Fn SHA256Final
 instead of calling
-.Fn SHA256_Transform
+.Fn SHA256Transform
 directly.
 .Pp
 The
-.Fn SHA256_End
+.Fn SHA256End
 function is a front end for
-.Fn SHA256_Final
+.Fn SHA256Final
 which converts the digest into an
 .Tn ASCII
 representation of the digest in hexadecimal.
 .Pp
 The
-.Fn SHA256_File
+.Fn SHA256File
 function calculates the digest for a file and returns the result via
-.Fn SHA256_End .
+.Fn SHA256End .
 If
-.Fn SHA256_File
+.Fn SHA256File
 is unable to open the file, a
 .Dv NULL
 pointer is returned.
 .Pp
-.Fn SHA256_FileChunk
+.Fn SHA256FileChunk
 behaves like
-.Fn SHA256_File
+.Fn SHA256File
 but calculates the digest only for that portion of the file starting at
 .Fa offset
 and continuing for
@@ -189,17 +189,17 @@ or
 will be ignored.
 .Pp
 The
-.Fn SHA256_Data
+.Fn SHA256Data
 function
 calculates the digest of an arbitrary string and returns the result via
-.Fn SHA256_End .
+.Fn SHA256End .
 .Pp
 For each of the
-.Fn SHA256_End ,
-.Fn SHA256_File ,
-.Fn SHA256_FileChunk ,
+.Fn SHA256End ,
+.Fn SHA256File ,
+.Fn SHA256FileChunk ,
 and
-.Fn SHA256_Data
+.Fn SHA256Data
 functions the
 .Ar buf
 parameter should either be a string large enough to hold the resulting digest
@@ -223,16 +223,16 @@ The following code fragment will calculate the SHA-256 digest for the string
 which is
 .Dq 0xba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad .
 .Bd -literal -offset indent
-SHA256_CTX ctx;
+SHA2_CTX ctx;
 u_int8_t results[SHA256_DIGEST_LENGTH];
 char *buf;
 int n;
 
 buf = "abc";
 n = strlen(buf);
-SHA256_Init(&ctx);
-SHA256_Update(&ctx, (u_int8_t *)buf, n);
-SHA256_Final(results, &ctx);
+SHA256Init(&ctx);
+SHA256Update(&ctx, (u_int8_t *)buf, n);
+SHA256Final(results, &ctx);
 
 /* Print the digest as one long hex value */
 printf("0x");
@@ -243,11 +243,11 @@ putchar('\en');
 .Pp
 Alternately, the helper functions could be used in the following way:
 .Bd -literal -offset indent
-SHA256_CTX ctx;
+SHA2_CTX ctx;
 u_int8_t output[SHA256_DIGEST_STRING_LENGTH];
 char *buf = "abc";
 
-printf("0x%s\en", SHA256_Data(buf, strlen(buf), output));
+printf("0x%s\en", SHA256Data(buf, strlen(buf), output));
 .Ed
 .Sh SEE ALSO
 .Xr cksum 1 ,
@@ -266,11 +266,11 @@ The SHA2 functions appeared in
 This implementation of the SHA functions was written by Aaron D. Gifford.
 .Pp
 The
-.Fn SHA256_End ,
-.Fn SHA256_File ,
-.Fn SHA256_FileChunk ,
+.Fn SHA256End ,
+.Fn SHA256File ,
+.Fn SHA256FileChunk ,
 and
-.Fn SHA256_Data
+.Fn SHA256Data
 helper functions are derived from code written by Poul-Henning Kamp.
 .Sh CAVEATS
 This implementation of the Secure Hash Standard has not been validated by

src/lib/libc/hash/sha2.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: sha2.c,v 1.11 2005/08/08 08:05:35 espie Exp $	*/
+/*	$OpenBSD: sha2.c,v 1.12 2008/09/06 12:00:19 djm Exp $	*/
 
 /*
  * FILE:	sha2.c
@@ -272,14 +272,14 @@ const static u_int64_t sha512_initial_hash_value[8] = {
 
 /*** SHA-256: *********************************************************/
 void
-SHA256_Init(SHA256_CTX *context)
+SHA256Init(SHA2_CTX *context)
 {
 	if (context == NULL)
 		return;
-	memcpy(context->state, sha256_initial_hash_value,
+	memcpy(context->state.st32, sha256_initial_hash_value,
 	    sizeof(sha256_initial_hash_value));
 	memset(context->buffer, 0, sizeof(context->buffer));
-	context->bitcount = 0;
+	context->bitcount[0] = 0;
 }
 
 #ifdef SHA2_UNROLL_TRANSFORM
@@ -308,7 +308,7 @@ SHA256_Init(SHA256_CTX *context)
 } while(0)
 
 void
-SHA256_Transform(u_int32_t state[8], const u_int8_t data[SHA256_BLOCK_LENGTH])
+SHA256Transform(u_int32_t state[8], const u_int8_t data[SHA256_BLOCK_LENGTH])
 {
 	u_int32_t	a, b, c, d, e, f, g, h, s0, s1;
 	u_int32_t	T1, W256[16];
@@ -366,7 +366,7 @@ SHA256_Transform(u_int32_t state[8], const u_int8_t data[SHA256_BLOCK_LENGTH])
 #else /* SHA2_UNROLL_TRANSFORM */
 
 void
-SHA256_Transform(u_int32_t state[8], const u_int8_t data[SHA256_BLOCK_LENGTH])
+SHA256Transform(u_int32_t state[8], const u_int8_t data[SHA256_BLOCK_LENGTH])
 {
 	u_int32_t	a, b, c, d, e, f, g, h, s0, s1;
 	u_int32_t	T1, T2, W256[16];
@@ -441,7 +441,7 @@ SHA256_Transform(u_int32_t state[8], const u_int8_t data[SHA256_BLOCK_LENGTH])
 #endif /* SHA2_UNROLL_TRANSFORM */
 
 void
-SHA256_Update(SHA256_CTX *context, const u_int8_t *data, size_t len)
+SHA256Update(SHA2_CTX *context, const u_int8_t *data, size_t len)
 {
 	size_t	freespace, usedspace;
 
@@ -449,7 +449,7 @@ SHA256_Update(SHA256_CTX *context, const u_int8_t *data, size_t len)
 	if (len == 0)
 		return;
 
-	usedspace = (context->bitcount >> 3) % SHA256_BLOCK_LENGTH;
+	usedspace = (context->bitcount[0] >> 3) % SHA256_BLOCK_LENGTH;
 	if (usedspace > 0) {
 		/* Calculate how much free space is available in the buffer */
 		freespace = SHA256_BLOCK_LENGTH - usedspace;
@@ -457,14 +457,14 @@ SHA256_Update(SHA256_CTX *context, const u_int8_t *data, size_t len)
 		if (len >= freespace) {
 			/* Fill the buffer completely and process it */
 			memcpy(&context->buffer[usedspace], data, freespace);
-			context->bitcount += freespace << 3;
+			context->bitcount[0] += freespace << 3;
 			len -= freespace;
 			data += freespace;
-			SHA256_Transform(context->state, context->buffer);
+			SHA256Transform(context->state.st32, context->buffer);
 		} else {
 			/* The buffer is not yet full */
 			memcpy(&context->buffer[usedspace], data, len);
-			context->bitcount += len << 3;
+			context->bitcount[0] += len << 3;
 			/* Clean up: */
 			usedspace = freespace = 0;
 			return;
@@ -472,26 +472,26 @@ SHA256_Update(SHA256_CTX *context, const u_int8_t *data, size_t len)
 	}
 	while (len >= SHA256_BLOCK_LENGTH) {
 		/* Process as many complete blocks as we can */
-		SHA256_Transform(context->state, data);
-		context->bitcount += SHA256_BLOCK_LENGTH << 3;
+		SHA256Transform(context->state.st32, data);
+		context->bitcount[0] += SHA256_BLOCK_LENGTH << 3;
 		len -= SHA256_BLOCK_LENGTH;
 		data += SHA256_BLOCK_LENGTH;
 	}
 	if (len > 0) {
 		/* There's left-overs, so save 'em */
 		memcpy(context->buffer, data, len);
-		context->bitcount += len << 3;
+		context->bitcount[0] += len << 3;
 	}
 	/* Clean up: */
 	usedspace = freespace = 0;
 }
 
 void
-SHA256_Pad(SHA256_CTX *context)
+SHA256Pad(SHA2_CTX *context)
 {
 	unsigned int	usedspace;
 
-	usedspace = (context->bitcount >> 3) % SHA256_BLOCK_LENGTH;
+	usedspace = (context->bitcount[0] >> 3) % SHA256_BLOCK_LENGTH;
 	if (usedspace > 0) {
 		/* Begin padding with a 1 bit: */
 		context->buffer[usedspace++] = 0x80;
@@ -506,7 +506,7 @@ SHA256_Pad(SHA256_CTX *context)
 				    SHA256_BLOCK_LENGTH - usedspace);
 			}
 			/* Do second-to-last transform: */
-			SHA256_Transform(context->state, context->buffer);
+			SHA256Transform(context->state.st32, context->buffer);
 
 			/* Prepare for last transform: */
 			memset(context->buffer, 0, SHA256_SHORT_BLOCK_LENGTH);
@@ -520,19 +520,19 @@ SHA256_Pad(SHA256_CTX *context)
 	}
 	/* Store the length of input data (in bits) in big endian format: */
 	BE_64_TO_8(&context->buffer[SHA256_SHORT_BLOCK_LENGTH],
-	    context->bitcount);
+	    context->bitcount[0]);
 
 	/* Final transform: */
-	SHA256_Transform(context->state, context->buffer);
+	SHA256Transform(context->state.st32, context->buffer);
 
 	/* Clean up: */
 	usedspace = 0;
 }
 
 void
-SHA256_Final(u_int8_t digest[SHA256_DIGEST_LENGTH], SHA256_CTX *context)
+SHA256Final(u_int8_t digest[SHA256_DIGEST_LENGTH], SHA2_CTX *context)
 {
-	SHA256_Pad(context);
+	SHA256Pad(context);
 
 	/* If no digest buffer is passed, we don't bother doing this: */
 	if (digest != NULL) {
@@ -541,9 +541,9 @@ SHA256_Final(u_int8_t digest[SHA256_DIGEST_LENGTH], SHA256_CTX *context)
 
 		/* Convert TO host byte order */
 		for (i = 0; i < 8; i++)
-			BE_32_TO_8(digest + i * 4, context->state[i]);
+			BE_32_TO_8(digest + i * 4, context->state.st32[i]);
 #else
-		memcpy(digest, context->state, SHA256_DIGEST_LENGTH);
+		memcpy(digest, context->state.st32, SHA256_DIGEST_LENGTH);
 #endif
 		memset(context, 0, sizeof(*context));
 	}
@@ -552,11 +552,11 @@ SHA256_Final(u_int8_t digest[SHA256_DIGEST_LENGTH], SHA256_CTX *context)
 
 /*** SHA-512: *********************************************************/
 void
-SHA512_Init(SHA512_CTX *context)
+SHA512Init(SHA2_CTX *context)
 {
 	if (context == NULL)
 		return;
-	memcpy(context->state, sha512_initial_hash_value,
+	memcpy(context->state.st64, sha512_initial_hash_value,
 	    sizeof(sha512_initial_hash_value));
 	memset(context->buffer, 0, sizeof(context->buffer));
 	context->bitcount[0] = context->bitcount[1] =  0;
@@ -589,7 +589,7 @@ SHA512_Init(SHA512_CTX *context)
 } while(0)
 
 void
-SHA512_Transform(u_int64_t state[8], const u_int8_t data[SHA512_BLOCK_LENGTH])
+SHA512Transform(u_int64_t state[8], const u_int8_t data[SHA512_BLOCK_LENGTH])
 {
 	u_int64_t	a, b, c, d, e, f, g, h, s0, s1;
 	u_int64_t	T1, W512[16];
@@ -647,7 +647,7 @@ SHA512_Transform(u_int64_t state[8], const u_int8_t data[SHA512_BLOCK_LENGTH])
 #else /* SHA2_UNROLL_TRANSFORM */
 
 void
-SHA512_Transform(u_int64_t state[8], const u_int8_t data[SHA512_BLOCK_LENGTH])
+SHA512Transform(u_int64_t state[8], const u_int8_t data[SHA512_BLOCK_LENGTH])
 {
 	u_int64_t	a, b, c, d, e, f, g, h, s0, s1;
 	u_int64_t	T1, T2, W512[16];
@@ -722,7 +722,7 @@ SHA512_Transform(u_int64_t state[8], const u_int8_t data[SHA512_BLOCK_LENGTH])
 #endif /* SHA2_UNROLL_TRANSFORM */
 
 void
-SHA512_Update(SHA512_CTX *context, const u_int8_t *data, size_t len)
+SHA512Update(SHA2_CTX *context, const u_int8_t *data, size_t len)
 {
 	size_t	freespace, usedspace;
 
@@ -741,7 +741,7 @@ SHA512_Update(SHA512_CTX *context, const u_int8_t *data, size_t len)
 			ADDINC128(context->bitcount, freespace << 3);
 			len -= freespace;
 			data += freespace;
-			SHA512_Transform(context->state, context->buffer);
+			SHA512Transform(context->state.st64, context->buffer);
 		} else {
 			/* The buffer is not yet full */
 			memcpy(&context->buffer[usedspace], data, len);
@@ -753,7 +753,7 @@ SHA512_Update(SHA512_CTX *context, const u_int8_t *data, size_t len)
 	}
 	while (len >= SHA512_BLOCK_LENGTH) {
 		/* Process as many complete blocks as we can */
-		SHA512_Transform(context->state, data);
+		SHA512Transform(context->state.st64, data);
 		ADDINC128(context->bitcount, SHA512_BLOCK_LENGTH << 3);
 		len -= SHA512_BLOCK_LENGTH;
 		data += SHA512_BLOCK_LENGTH;
@@ -768,7 +768,7 @@ SHA512_Update(SHA512_CTX *context, const u_int8_t *data, size_t len)
 }
 
 void
-SHA512_Pad(SHA512_CTX *context)
+SHA512Pad(SHA2_CTX *context)
 {
 	unsigned int	usedspace;
 
@@ -785,7 +785,7 @@ SHA512_Pad(SHA512_CTX *context)
 				memset(&context->buffer[usedspace], 0, SHA512_BLOCK_LENGTH - usedspace);
 			}
 			/* Do second-to-last transform: */
-			SHA512_Transform(context->state, context->buffer);
+			SHA512Transform(context->state.st64, context->buffer);
 
 			/* And set-up for the last transform: */
 			memset(context->buffer, 0, SHA512_BLOCK_LENGTH - 2);
@@ -804,16 +804,16 @@ SHA512_Pad(SHA512_CTX *context)
 	    context->bitcount[0]);
 
 	/* Final transform: */
-	SHA512_Transform(context->state, context->buffer);
+	SHA512Transform(context->state.st64, context->buffer);
 
 	/* Clean up: */
 	usedspace = 0;
 }
 
 void
-SHA512_Final(u_int8_t digest[SHA512_DIGEST_LENGTH], SHA512_CTX *context)
+SHA512Final(u_int8_t digest[SHA512_DIGEST_LENGTH], SHA2_CTX *context)
 {
-	SHA512_Pad(context);
+	SHA512Pad(context);
 
 	/* If no digest buffer is passed, we don't bother doing this: */
 	if (digest != NULL) {
@@ -822,9 +822,9 @@ SHA512_Final(u_int8_t digest[SHA512_DIGEST_LENGTH], SHA512_CTX *context)
 
 		/* Convert TO host byte order */
 		for (i = 0; i < 8; i++)
-			BE_64_TO_8(digest + i * 8, context->state[i]);
+			BE_64_TO_8(digest + i * 8, context->state.st64[i]);
 #else
-		memcpy(digest, context->state, SHA512_DIGEST_LENGTH);
+		memcpy(digest, context->state.st64, SHA512_DIGEST_LENGTH);
 #endif
 		memset(context, 0, sizeof(*context));
 	}
@@ -833,24 +833,24 @@ SHA512_Final(u_int8_t digest[SHA512_DIGEST_LENGTH], SHA512_CTX *context)
 
 /*** SHA-384: *********************************************************/
 void
-SHA384_Init(SHA384_CTX *context)
+SHA384Init(SHA2_CTX *context)
 {
 	if (context == NULL)
 		return;
-	memcpy(context->state, sha384_initial_hash_value,
+	memcpy(context->state.st64, sha384_initial_hash_value,
 	    sizeof(sha384_initial_hash_value));
 	memset(context->buffer, 0, sizeof(context->buffer));
 	context->bitcount[0] = context->bitcount[1] = 0;
 }
 
-__weak_alias(SHA384_Transform, SHA512_Transform);
-__weak_alias(SHA384_Update, SHA512_Update);
-__weak_alias(SHA384_Pad, SHA512_Pad);
+__weak_alias(SHA384Transform, SHA512Transform);
+__weak_alias(SHA384Update, SHA512Update);
+__weak_alias(SHA384Pad, SHA512Pad);
 
 void
-SHA384_Final(u_int8_t digest[SHA384_DIGEST_LENGTH], SHA384_CTX *context)
+SHA384Final(u_int8_t digest[SHA384_DIGEST_LENGTH], SHA2_CTX *context)
 {
-	SHA384_Pad(context);
+	SHA384Pad(context);
 
 	/* If no digest buffer is passed, we don't bother doing this: */
 	if (digest != NULL) {
@@ -859,9 +859,9 @@ SHA384_Final(u_int8_t digest[SHA384_DIGEST_LENGTH], SHA384_CTX *context)
 
 		/* Convert TO host byte order */
 		for (i = 0; i < 6; i++)
-			BE_64_TO_8(digest + i * 8, context->state[i]);
+			BE_64_TO_8(digest + i * 8, context->state.st64[i]);
 #else
-		memcpy(digest, context->state, SHA384_DIGEST_LENGTH);
+		memcpy(digest, context->state.st64, SHA384_DIGEST_LENGTH);
 #endif
 	}