pseudo_md5.c revision 272461 
1/*
2 * This is work is derived from material Copyright RSA Data Security, Inc.
3 *
4 * The RSA copyright statement and Licence for that original material is
5 * included below. This is followed by the Apache copyright statement and
6 * licence for the modifications made to that material.
7 */
8
9/* MD5C.C - RSA Data Security, Inc., MD5 message-digest algorithm
10 */
11
12/* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All
13   rights reserved.
14
15   License to copy and use this software is granted provided that it
16   is identified as the "RSA Data Security, Inc. MD5 Message-Digest
17   Algorithm" in all material mentioning or referencing this software
18   or this function.
19
20   License is also granted to make and use derivative works provided
21   that such works are identified as "derived from the RSA Data
22   Security, Inc. MD5 Message-Digest Algorithm" in all material
23   mentioning or referencing the derived work.
24
25   RSA Data Security, Inc. makes no representations concerning either
26   the merchantability of this software or the suitability of this
27   software for any particular purpose. It is provided "as is"
28   without express or implied warranty of any kind.
29
30   These notices must be retained in any copies of any part of this
31   documentation and/or software.
32 */
33
34/* Licensed to the Apache Software Foundation (ASF) under one or more
35 * contributor license agreements.  See the NOTICE file distributed with
36 * this work for additional information regarding copyright ownership.
37 * The ASF licenses this file to You under the Apache License, Version 2.0
38 * (the "License"); you may not use this file except in compliance with
39 * the License.  You may obtain a copy of the License at
40 *
41 *     http://www.apache.org/licenses/LICENSE-2.0
42 *
43 * Unless required by applicable law or agreed to in writing, software
44 * distributed under the License is distributed on an "AS IS" BASIS,
45 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
46 * See the License for the specific language governing permissions and
47 * limitations under the License.
48 */
49
50/*
51 * The apr_md5_encode() routine uses much code obtained from the FreeBSD 3.0
52 * MD5 crypt() function, which is licenced as follows:
53 * ----------------------------------------------------------------------------
54 * "THE BEER-WARE LICENSE" (Revision 42):
55 * <phk@login.dknet.dk> wrote this file.  As long as you retain this notice you
56 * can do whatever you want with this stuff. If we meet some day, and you think
57 * this stuff is worth it, you can buy me a beer in return.   Poul-Henning Kamp
58 * ----------------------------------------------------------------------------
59 */
60
61/*
62 * pseudo_md5.c:  md5-esque hash sum calculation for short data blocks.
63 *                Code taken and adapted from the APR (see licenses above).
64 */
65#include "private/svn_pseudo_md5.h"
66
67/* Constants for MD5 calculation.
68 */
69
70#define S11 7
71#define S12 12
72#define S13 17
73#define S14 22
74#define S21 5
75#define S22 9
76#define S23 14
77#define S24 20
78#define S31 4
79#define S32 11
80#define S33 16
81#define S34 23
82#define S41 6
83#define S42 10
84#define S43 15
85#define S44 21
86
87/* F, G, H and I are basic MD5 functions.
88 */
89#define F(x, y, z) (((x) & (y)) | ((~x) & (z)))
90#define G(x, y, z) (((x) & (z)) | ((y) & (~z)))
91#define H(x, y, z) ((x) ^ (y) ^ (z))
92#define I(x, y, z) ((y) ^ ((x) | (~z)))
93
94/* ROTATE_LEFT rotates x left n bits.
95 */
96#if defined(_MSC_VER) && _MSC_VER >= 1310
97#pragma intrinsic(_rotl)
98#define ROTATE_LEFT(x, n) (_rotl(x,n))
99#else
100#define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n))))
101#endif
102
103/* FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4.
104 * Rotation is separate from addition to prevent recomputation.
105 */
106#define FF(a, b, c, d, x, s, ac) { \
107 (a) += F ((b), (c), (d)) + (x) + (apr_uint32_t)(ac); \
108 (a) = ROTATE_LEFT ((a), (s)); \
109 (a) += (b); \
110  }
111#define GG(a, b, c, d, x, s, ac) { \
112 (a) += G ((b), (c), (d)) + (x) + (apr_uint32_t)(ac); \
113 (a) = ROTATE_LEFT ((a), (s)); \
114 (a) += (b); \
115  }
116#define HH(a, b, c, d, x, s, ac) { \
117 (a) += H ((b), (c), (d)) + (x) + (apr_uint32_t)(ac); \
118 (a) = ROTATE_LEFT ((a), (s)); \
119 (a) += (b); \
120  }
121#define II(a, b, c, d, x, s, ac) { \
122 (a) += I ((b), (c), (d)) + (x) + (apr_uint32_t)(ac); \
123 (a) = ROTATE_LEFT ((a), (s)); \
124 (a) += (b); \
125  }
126
127/* The idea of the functions below is as follows:
128 *
129 * - The core MD5 algorithm does not assume that the "important" data
130 *   is at the begin of the encryption block, followed by e.g. 0.
131 *   Instead, all bits are equally relevant.
132 *
133 * - If some bytes in the input are known to be 0, we may hard-code them.
134 *   With the previous property, it is safe to move them to the upper end
135 *   of the encryption block to maximize the number of steps that can be
136 *   pre-calculated.
137 *
138 * - Variable-length streams will use the upper 8 byte of the last
139 *   encryption block to store the stream length in bits (to make 0, 00,
140 *   000, ... etc. produce different hash sums).
141 *
142 * - We will hash at most 63 bytes, i.e. 504 bits.  In the standard stream
143 *   implementation, the upper 6 bytes of the last encryption block would
144 *   be 0.  We will put at least one non-NULL value in the last 4 bytes.
145 *   Therefore, our input will always be different to a standard MD5 stream
146 *   implementation in either block count, content or both.
147 *
148 * - Our length indicator also varies with the number bytes in the input.
149 *   Hence, different pseudo-MD5 input length produces different output
150 *   (with "cryptographic probability") even if the content is all 0 or
151 *   otherwise identical.
152 *
153 * - Collisions between pseudo-MD5 and pseudo-MD5 as well as pseudo-MD5
154 *   and standard MD5 are as likely as any other MD5 collision.
155 */
156
157void svn__pseudo_md5_15(apr_uint32_t digest[4],
158                        const apr_uint32_t x[4])
159{
160    apr_uint32_t a = 0x67452301;
161    apr_uint32_t b = 0xefcdab89;
162    apr_uint32_t c = 0x98badcfe;
163    apr_uint32_t d = 0x10325476;
164
165    /* make sure byte 63 gets the marker independently of BE / LE */
166    apr_uint32_t x3n = x[3] ^ 0xffffffff;
167
168    /* Round 1 */
169    FF(a, b, c, d, 0,    S11, 0xd76aa478); /* 1 */
170    FF(d, a, b, c, 0,    S12, 0xe8c7b756); /* 2 */
171    FF(c, d, a, b, 0,    S13, 0x242070db); /* 3 */
172    FF(b, c, d, a, 0,    S14, 0xc1bdceee); /* 4 */
173    FF(a, b, c, d, 0,    S11, 0xf57c0faf); /* 5 */
174    FF(d, a, b, c, 0,    S12, 0x4787c62a); /* 6 */
175    FF(c, d, a, b, 0,    S13, 0xa8304613); /* 7 */
176    FF(b, c, d, a, 0,    S14, 0xfd469501); /* 8 */
177    FF(a, b, c, d, 0,    S11, 0x698098d8); /* 9 */
178    FF(d, a, b, c, 0,    S12, 0x8b44f7af); /* 10 */
179    FF(c, d, a, b, 0,    S13, 0xffff5bb1); /* 11 */
180    FF(b, c, d, a, 0,    S14, 0x895cd7be); /* 12 */
181    FF(a, b, c, d, x[0], S11, 0x6b901122); /* 13 */
182    FF(d, a, b, c, x[1], S12, 0xfd987193); /* 14 */
183    FF(c, d, a, b, x[2], S13, 0xa679438e); /* 15 */
184    FF(b, c, d, a, x3n,  S14, 0x49b40821); /* 16 */
185
186    /* Round 2 */
187    GG(a, b, c, d, 0,    S21, 0xf61e2562); /* 17 */
188    GG(d, a, b, c, 0,    S22, 0xc040b340); /* 18 */
189    GG(c, d, a, b, 0,    S23, 0x265e5a51); /* 19 */
190    GG(b, c, d, a, 0,    S24, 0xe9b6c7aa); /* 20 */
191    GG(a, b, c, d, 0,    S21, 0xd62f105d); /* 21 */
192    GG(d, a, b, c, 0,    S22, 0x2441453);  /* 22 */
193    GG(c, d, a, b, x3n,  S23, 0xd8a1e681); /* 23 */
194    GG(b, c, d, a, 0,    S24, 0xe7d3fbc8); /* 24 */
195    GG(a, b, c, d, 0,    S21, 0x21e1cde6); /* 25 */
196    GG(d, a, b, c, x[2], S22, 0xc33707d6); /* 26 */
197    GG(c, d, a, b, 0,    S23, 0xf4d50d87); /* 27 */
198    GG(b, c, d, a, 0,    S24, 0x455a14ed); /* 28 */
199    GG(a, b, c, d, x[1], S21, 0xa9e3e905); /* 29 */
200    GG(d, a, b, c, 0,    S22, 0xfcefa3f8); /* 30 */
201    GG(c, d, a, b, 0,    S23, 0x676f02d9); /* 31 */
202    GG(b, c, d, a, x[0], S24, 0x8d2a4c8a); /* 32 */
203
204    /* Round 3 */
205    HH(a, b, c, d, 0,    S31, 0xfffa3942); /* 33 */
206    HH(d, a, b, c, 0,    S32, 0x8771f681); /* 34 */
207    HH(c, d, a, b, 0,    S33, 0x6d9d6122); /* 35 */
208    HH(b, c, d, a, x[2], S34, 0xfde5380c); /* 36 */
209    HH(a, b, c, d, 0,    S31, 0xa4beea44); /* 37 */
210    HH(d, a, b, c, 0,    S32, 0x4bdecfa9); /* 38 */
211    HH(c, d, a, b, 0,    S33, 0xf6bb4b60); /* 39 */
212    HH(b, c, d, a, 0,    S34, 0xbebfbc70); /* 40 */
213    HH(a, b, c, d, x[1], S31, 0x289b7ec6); /* 41 */
214    HH(d, a, b, c, 0,    S32, 0xeaa127fa); /* 42 */
215    HH(c, d, a, b, 0,    S33, 0xd4ef3085); /* 43 */
216    HH(b, c, d, a, 0,    S34, 0x4881d05);  /* 44 */
217    HH(a, b, c, d, 0,    S31, 0xd9d4d039); /* 45 */
218    HH(d, a, b, c, x[0], S32, 0xe6db99e5); /* 46 */
219    HH(c, d, a, b, x3n,  S33, 0x1fa27cf8); /* 47 */
220    HH(b, c, d, a, 0,    S34, 0xc4ac5665); /* 48 */
221
222    /* Round 4 */
223    II(a, b, c, d, 0,    S41, 0xf4292244); /* 49 */
224    II(d, a, b, c, 0,    S42, 0x432aff97); /* 50 */
225    II(c, d, a, b, x[2], S43, 0xab9423a7); /* 51 */
226    II(b, c, d, a, 0,    S44, 0xfc93a039); /* 52 */
227    II(a, b, c, d, x[0], S41, 0x655b59c3); /* 53 */
228    II(d, a, b, c, 0,    S42, 0x8f0ccc92); /* 54 */
229    II(c, d, a, b, 0,    S43, 0xffeff47d); /* 55 */
230    II(b, c, d, a, 0,    S44, 0x85845dd1); /* 56 */
231    II(a, b, c, d, 0,    S41, 0x6fa87e4f); /* 57 */
232    II(d, a, b, c, x3n,  S42, 0xfe2ce6e0); /* 58 */
233    II(c, d, a, b, 0,    S43, 0xa3014314); /* 59 */
234    II(b, c, d, a, x[1], S44, 0x4e0811a1); /* 60 */
235    II(a, b, c, d, 0,    S41, 0xf7537e82); /* 61 */
236    II(d, a, b, c, 0,    S42, 0xbd3af235); /* 62 */
237    II(c, d, a, b, 0,    S43, 0x2ad7d2bb); /* 63 */
238    II(b, c, d, a, 0,    S44, 0xeb86d391); /* 64 */
239
240    digest[0] = a;
241    digest[1] = b;
242    digest[2] = c;
243    digest[3] = d;
244}
245
246void svn__pseudo_md5_31(apr_uint32_t digest[4],
247                        const apr_uint32_t x[8])
248{
249    apr_uint32_t a = 0x67452301;
250    apr_uint32_t b = 0xefcdab89;
251    apr_uint32_t c = 0x98badcfe;
252    apr_uint32_t d = 0x10325476;
253
254    /* make sure byte 63 gets the marker independently of BE / LE */
255    apr_uint32_t x7n = x[7] ^ 0xfefefefe;
256
257    /* Round 1 */
258    FF(a, b, c, d, 0,    S11, 0xd76aa478); /* 1 */
259    FF(d, a, b, c, 0,    S12, 0xe8c7b756); /* 2 */
260    FF(c, d, a, b, 0,    S13, 0x242070db); /* 3 */
261    FF(b, c, d, a, 0,    S14, 0xc1bdceee); /* 4 */
262    FF(a, b, c, d, 0,    S11, 0xf57c0faf); /* 5 */
263    FF(d, a, b, c, 0,    S12, 0x4787c62a); /* 6 */
264    FF(c, d, a, b, 0,    S13, 0xa8304613); /* 7 */
265    FF(b, c, d, a, 0,    S14, 0xfd469501); /* 8 */
266    FF(a, b, c, d, x[0], S11, 0x698098d8); /* 9 */
267    FF(d, a, b, c, x[1], S12, 0x8b44f7af); /* 10 */
268    FF(c, d, a, b, x[2], S13, 0xffff5bb1); /* 11 */
269    FF(b, c, d, a, x[3], S14, 0x895cd7be); /* 12 */
270    FF(a, b, c, d, x[4], S11, 0x6b901122); /* 13 */
271    FF(d, a, b, c, x[5], S12, 0xfd987193); /* 14 */
272    FF(c, d, a, b, x[6], S13, 0xa679438e); /* 15 */
273    FF(b, c, d, a, x7n,  S14, 0x49b40821); /* 16 */
274
275    /* Round 2 */
276    GG(a, b, c, d, 0,    S21, 0xf61e2562); /* 17 */
277    GG(d, a, b, c, 0,    S22, 0xc040b340); /* 18 */
278    GG(c, d, a, b, x[3], S23, 0x265e5a51); /* 19 */
279    GG(b, c, d, a, 0,    S24, 0xe9b6c7aa); /* 20 */
280    GG(a, b, c, d, 0,    S21, 0xd62f105d); /* 21 */
281    GG(d, a, b, c, x[2], S22, 0x2441453);  /* 22 */
282    GG(c, d, a, b, x7n,  S23, 0xd8a1e681); /* 23 */
283    GG(b, c, d, a, 0,    S24, 0xe7d3fbc8); /* 24 */
284    GG(a, b, c, d, x[1], S21, 0x21e1cde6); /* 25 */
285    GG(d, a, b, c, x[6], S22, 0xc33707d6); /* 26 */
286    GG(c, d, a, b, 0,    S23, 0xf4d50d87); /* 27 */
287    GG(b, c, d, a, x[0], S24, 0x455a14ed); /* 28 */
288    GG(a, b, c, d, x[5], S21, 0xa9e3e905); /* 29 */
289    GG(d, a, b, c, 0,    S22, 0xfcefa3f8); /* 30 */
290    GG(c, d, a, b, 0,    S23, 0x676f02d9); /* 31 */
291    GG(b, c, d, a, x[4], S24, 0x8d2a4c8a); /* 32 */
292
293    /* Round 3 */
294    HH(a, b, c, d, 0,    S31, 0xfffa3942); /* 33 */
295    HH(d, a, b, c, x[0], S32, 0x8771f681); /* 34 */
296    HH(c, d, a, b, x[3], S33, 0x6d9d6122); /* 35 */
297    HH(b, c, d, a, x[6], S34, 0xfde5380c); /* 36 */
298    HH(a, b, c, d, 0,    S31, 0xa4beea44); /* 37 */
299    HH(d, a, b, c, 0,    S32, 0x4bdecfa9); /* 38 */
300    HH(c, d, a, b, 0,    S33, 0xf6bb4b60); /* 39 */
301    HH(b, c, d, a, x[2], S34, 0xbebfbc70); /* 40 */
302    HH(a, b, c, d, x[5], S31, 0x289b7ec6); /* 41 */
303    HH(d, a, b, c, 0,    S32, 0xeaa127fa); /* 42 */
304    HH(c, d, a, b, 0,    S33, 0xd4ef3085); /* 43 */
305    HH(b, c, d, a, 0,    S34, 0x4881d05);  /* 44 */
306    HH(a, b, c, d, x[1], S31, 0xd9d4d039); /* 45 */
307    HH(d, a, b, c, x[4], S32, 0xe6db99e5); /* 46 */
308    HH(c, d, a, b, x7n,  S33, 0x1fa27cf8); /* 47 */
309    HH(b, c, d, a, 0,    S34, 0xc4ac5665); /* 48 */
310
311    /* Round 4 */
312    II(a, b, c, d, 0,    S41, 0xf4292244); /* 49 */
313    II(d, a, b, c, 0,    S42, 0x432aff97); /* 50 */
314    II(c, d, a, b, x[6], S43, 0xab9423a7); /* 51 */
315    II(b, c, d, a, 0,    S44, 0xfc93a039); /* 52 */
316    II(a, b, c, d, x[4], S41, 0x655b59c3); /* 53 */
317    II(d, a, b, c, 0,    S42, 0x8f0ccc92); /* 54 */
318    II(c, d, a, b, x[2], S43, 0xffeff47d); /* 55 */
319    II(b, c, d, a, 0,    S44, 0x85845dd1); /* 56 */
320    II(a, b, c, d, x[0], S41, 0x6fa87e4f); /* 57 */
321    II(d, a, b, c, x7n,  S42, 0xfe2ce6e0); /* 58 */
322    II(c, d, a, b, 0,    S43, 0xa3014314); /* 59 */
323    II(b, c, d, a, x[5], S44, 0x4e0811a1); /* 60 */
324    II(a, b, c, d, 0,    S41, 0xf7537e82); /* 61 */
325    II(d, a, b, c, x[3], S42, 0xbd3af235); /* 62 */
326    II(c, d, a, b, 0,    S43, 0x2ad7d2bb); /* 63 */
327    II(b, c, d, a, x[1], S44, 0xeb86d391); /* 64 */
328
329    digest[0] = a;
330    digest[1] = b;
331    digest[2] = c;
332    digest[3] = d;
333}
334
335void svn__pseudo_md5_63(apr_uint32_t digest[4],
336                        const apr_uint32_t x[16])
337{
338    apr_uint32_t a = 0x67452301;
339    apr_uint32_t b = 0xefcdab89;
340    apr_uint32_t c = 0x98badcfe;
341    apr_uint32_t d = 0x10325476;
342
343    /* make sure byte 63 gets the marker independently of BE / LE */
344    apr_uint32_t x15n = x[15] ^ 0xfcfcfcfc;
345
346    /* Round 1 */
347    FF(a, b, c, d, x[0],  S11, 0xd76aa478); /* 1 */
348    FF(d, a, b, c, x[1],  S12, 0xe8c7b756); /* 2 */
349    FF(c, d, a, b, x[2],  S13, 0x242070db); /* 3 */
350    FF(b, c, d, a, x[3],  S14, 0xc1bdceee); /* 4 */
351    FF(a, b, c, d, x[4],  S11, 0xf57c0faf); /* 5 */
352    FF(d, a, b, c, x[5],  S12, 0x4787c62a); /* 6 */
353    FF(c, d, a, b, x[6],  S13, 0xa8304613); /* 7 */
354    FF(b, c, d, a, x[7],  S14, 0xfd469501); /* 8 */
355    FF(a, b, c, d, x[8],  S11, 0x698098d8); /* 9 */
356    FF(d, a, b, c, x[9],  S12, 0x8b44f7af); /* 10 */
357    FF(c, d, a, b, x[10], S13, 0xffff5bb1); /* 11 */
358    FF(b, c, d, a, x[11], S14, 0x895cd7be); /* 12 */
359    FF(a, b, c, d, x[12], S11, 0x6b901122); /* 13 */
360    FF(d, a, b, c, x[13], S12, 0xfd987193); /* 14 */
361    FF(c, d, a, b, x[14], S13, 0xa679438e); /* 15 */
362    FF(b, c, d, a, x15n,  S14, 0x49b40821); /* 16 */
363
364    /* Round 2 */
365    GG(a, b, c, d, x[1],  S21, 0xf61e2562); /* 17 */
366    GG(d, a, b, c, x[6],  S22, 0xc040b340); /* 18 */
367    GG(c, d, a, b, x[11], S23, 0x265e5a51); /* 19 */
368    GG(b, c, d, a, x[0],  S24, 0xe9b6c7aa); /* 20 */
369    GG(a, b, c, d, x[5],  S21, 0xd62f105d); /* 21 */
370    GG(d, a, b, c, x[10], S22, 0x2441453);  /* 22 */
371    GG(c, d, a, b, x15n,  S23, 0xd8a1e681); /* 23 */
372    GG(b, c, d, a, x[4],  S24, 0xe7d3fbc8); /* 24 */
373    GG(a, b, c, d, x[9],  S21, 0x21e1cde6); /* 25 */
374    GG(d, a, b, c, x[14], S22, 0xc33707d6); /* 26 */
375    GG(c, d, a, b, x[3],  S23, 0xf4d50d87); /* 27 */
376    GG(b, c, d, a, x[8],  S24, 0x455a14ed); /* 28 */
377    GG(a, b, c, d, x[13], S21, 0xa9e3e905); /* 29 */
378    GG(d, a, b, c, x[2],  S22, 0xfcefa3f8); /* 30 */
379    GG(c, d, a, b, x[7],  S23, 0x676f02d9); /* 31 */
380    GG(b, c, d, a, x[12], S24, 0x8d2a4c8a); /* 32 */
381
382    /* Round 3 */
383    HH(a, b, c, d, x[5],  S31, 0xfffa3942); /* 33 */
384    HH(d, a, b, c, x[8],  S32, 0x8771f681); /* 34 */
385    HH(c, d, a, b, x[11], S33, 0x6d9d6122); /* 35 */
386    HH(b, c, d, a, x[14], S34, 0xfde5380c); /* 36 */
387    HH(a, b, c, d, x[1],  S31, 0xa4beea44); /* 37 */
388    HH(d, a, b, c, x[4],  S32, 0x4bdecfa9); /* 38 */
389    HH(c, d, a, b, x[7],  S33, 0xf6bb4b60); /* 39 */
390    HH(b, c, d, a, x[10], S34, 0xbebfbc70); /* 40 */
391    HH(a, b, c, d, x[13], S31, 0x289b7ec6); /* 41 */
392    HH(d, a, b, c, x[0],  S32, 0xeaa127fa); /* 42 */
393    HH(c, d, a, b, x[3],  S33, 0xd4ef3085); /* 43 */
394    HH(b, c, d, a, x[6],  S34, 0x4881d05);  /* 44 */
395    HH(a, b, c, d, x[9],  S31, 0xd9d4d039); /* 45 */
396    HH(d, a, b, c, x[12], S32, 0xe6db99e5); /* 46 */
397    HH(c, d, a, b, x15n,  S33, 0x1fa27cf8); /* 47 */
398    HH(b, c, d, a, x[2],  S34, 0xc4ac5665); /* 48 */
399
400    /* Round 4 */
401    II(a, b, c, d, x[0],  S41, 0xf4292244); /* 49 */
402    II(d, a, b, c, x[7],  S42, 0x432aff97); /* 50 */
403    II(c, d, a, b, x[14], S43, 0xab9423a7); /* 51 */
404    II(b, c, d, a, x[5],  S44, 0xfc93a039); /* 52 */
405    II(a, b, c, d, x[12], S41, 0x655b59c3); /* 53 */
406    II(d, a, b, c, x[3],  S42, 0x8f0ccc92); /* 54 */
407    II(c, d, a, b, x[10], S43, 0xffeff47d); /* 55 */
408    II(b, c, d, a, x[1],  S44, 0x85845dd1); /* 56 */
409    II(a, b, c, d, x[8],  S41, 0x6fa87e4f); /* 57 */
410    II(d, a, b, c, x15n,  S42, 0xfe2ce6e0); /* 58 */
411    II(c, d, a, b, x[6],  S43, 0xa3014314); /* 59 */
412    II(b, c, d, a, x[13], S44, 0x4e0811a1); /* 60 */
413    II(a, b, c, d, x[4],  S41, 0xf7537e82); /* 61 */
414    II(d, a, b, c, x[11], S42, 0xbd3af235); /* 62 */
415    II(c, d, a, b, x[2],  S43, 0x2ad7d2bb); /* 63 */
416    II(b, c, d, a, x[9],  S44, 0xeb86d391); /* 64 */
417
418    digest[0] = a;
419    digest[1] = b;
420    digest[2] = c;
421    digest[3] = d;
422}
423