From f5af8aefeae7fd73167403dd407e9a14aead5948 Mon Sep 17 00:00:00 2001
From: Denys Vlasenko <vda.linux@googlemail.com>
Date: Sun, 6 Jul 2025 18:35:37 +0200
Subject: libbb/yescrypt: shrink PBKDF2

function                                             old     new   delta
static.PBKDF2_SHA256                                 189     176     -13

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
---
 libbb/yescrypt/alg-sha256.c | 28 ++++++++++++++--------------
 1 file changed, 14 insertions(+), 14 deletions(-)

diff --git a/libbb/yescrypt/alg-sha256.c b/libbb/yescrypt/alg-sha256.c
index 28d8c5296..f56b905ad 100644
--- a/libbb/yescrypt/alg-sha256.c
+++ b/libbb/yescrypt/alg-sha256.c
@@ -77,7 +77,7 @@ HMAC_SHA256_Update(HMAC_SHA256_CTX *ctx, const void *in, size_t len)
  * buffer ${digest}.
  */
 static void
-HMAC_SHA256_Final(HMAC_SHA256_CTX *ctx, uint8_t digest[32])
+HMAC_SHA256_Final(HMAC_SHA256_CTX *ctx, void *digest)
 {
 	/* Finish the inner SHA256 operation. */
 	sha256_end(&ctx->ictx, digest); /* using digest[] as scratch space */
@@ -93,8 +93,7 @@ HMAC_SHA256_Final(HMAC_SHA256_CTX *ctx, uint8_t digest[32])
  * length ${Klen}, and write the result to ${digest}.
  */
 static void
-HMAC_SHA256_Buf(const void *K, size_t Klen, const void *in, size_t len,
-		uint8_t digest[32])
+HMAC_SHA256_Buf(const void *K, size_t Klen, const void *in, size_t len, void *digest)
 {
 	HMAC_SHA256_CTX ctx;
 	HMAC_SHA256_Init(&ctx, K, Klen);
@@ -114,11 +113,6 @@ PBKDF2_SHA256(const uint8_t *passwd, size_t passwdlen,
 {
 	HMAC_SHA256_CTX Phctx, PShctx, hctx;
 	size_t i;
-	uint8_t U[32];
-	uint8_t T[32];
-	uint64_t j;
-	int k;
-	size_t clen;
 
 	/* Compute HMAC state after processing P. */
 	HMAC_SHA256_Init(&Phctx, passwd, passwdlen);
@@ -128,14 +122,19 @@ PBKDF2_SHA256(const uint8_t *passwd, size_t passwdlen,
 	HMAC_SHA256_Update(&PShctx, salt, saltlen);
 
 	/* Iterate through the blocks. */
-	for (i = 0; i * 32 < dkLen; i++) {
+	for (i = 0; dkLen != 0; i++) {
+		uint64_t U[32 / 8];
+		uint64_t T[32 / 8];
+		uint64_t j;
 		uint32_t ivec;
+		size_t clen;
+		int k;
 
 		/* Generate INT(i + 1). */
 		ivec = SWAP_BE32((uint32_t)(i + 1));
 
 		/* Compute U_1 = PRF(P, S || INT(i)). */
-		memcpy(&hctx, &PShctx, sizeof(HMAC_SHA256_CTX));
+		hctx = PShctx;
 		HMAC_SHA256_Update(&hctx, &ivec, 4);
 		HMAC_SHA256_Final(&hctx, T);
 
@@ -144,19 +143,20 @@ PBKDF2_SHA256(const uint8_t *passwd, size_t passwdlen,
 			memcpy(U, T, 32);
 			for (j = 2; j <= c; j++) {
 				/* Compute U_j. */
-				memcpy(&hctx, &Phctx, sizeof(HMAC_SHA256_CTX));
+				hctx = Phctx;
 				HMAC_SHA256_Update(&hctx, U, 32);
 				HMAC_SHA256_Final(&hctx, U);
 				/* ... xor U_j ... */
-				for (k = 0; k < 32; k++)
+				for (k = 0; k < 32 / 8; k++)
 					T[k] ^= U[k];
 			}
 		}
 
 		/* Copy as many bytes as necessary into buf. */
-		clen = dkLen - i * 32;
+		clen = dkLen;
 		if (clen > 32)
 			clen = 32;
-		memcpy(&buf[i * 32], T, clen);
+		buf = mempcpy(buf, T, clen);
+		dkLen -= clen;
 	}
 }
-- 
cgit v1.2.3-55-g6feb