From f3639accd54746835805a45037e74c0b6d419308 Mon Sep 17 00:00:00 2001
From: Ariel Ben-Yehuda <ariel.byd@gmail.com>
Date: Tue, 10 Jan 2017 16:24:06 +0200
Subject: [PATCH] Use little-endian encoding for Blake2 hashing on all
 architectures

Like many hash functions, the blake2 hash is mathematically defined on
a sequence of 64-bit words. As Rust's hash interface operates on
sequences of octets, some encoding must be used to bridge that
difference.

The Blake2 RFC (RFC 7693) specifies that:
   Byte (octet) streams are interpreted as words in little-endian order,
   with the least-significant byte first.

So use that encoding consistently.

Fixes #38891.
---
 src/librustc_data_structures/blake2b.rs | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/src/librustc_data_structures/blake2b.rs b/src/librustc_data_structures/blake2b.rs
index 8c82c135dc426..31492e2621945 100644
--- a/src/librustc_data_structures/blake2b.rs
+++ b/src/librustc_data_structures/blake2b.rs
@@ -113,17 +113,20 @@ fn blake2b_compress(ctx: &mut Blake2bCtx, last: bool) {
     }
 
     {
-        // Re-interpret the input buffer in the state as u64s
+        // Re-interpret the input buffer in the state as an array
+        // of little-endian u64s, converting them to machine
+        // endianness. It's OK to modify the buffer in place
+        // since this is the last time  this data will be accessed
+        // before it's overwritten.
+
         let m: &mut [u64; 16] = unsafe {
             let b: &mut [u8; 128] = &mut ctx.b;
             ::std::mem::transmute(b)
         };
 
-        // It's OK to modify the buffer in place since this is the last time
-        // this data will be accessed before it's overwritten
         if cfg!(target_endian = "big") {
             for word in &mut m[..] {
-                *word = word.to_be();
+                *word = u64::from_le(*word);
             }
         }
 
@@ -209,9 +212,10 @@ fn blake2b_final(ctx: &mut Blake2bCtx)
 
     blake2b_compress(ctx, true);
 
+    // Modify our buffer to little-endian format as it will be read
+    // as a byte array. It's OK to modify the buffer in place since
+    // this is the last time this data will be accessed.
     if cfg!(target_endian = "big") {
-        // Make sure that the data is in memory in little endian format, as is
-        // demanded by BLAKE2
         for word in &mut ctx.h {
             *word = word.to_le();
         }