pseudo_md5.c revision 272461
1/* 2 * This is work is derived from material Copyright RSA Data Security, Inc. 3 * 4 * The RSA copyright statement and Licence for that original material is 5 * included below. This is followed by the Apache copyright statement and 6 * licence for the modifications made to that material. 7 */ 8 9/* MD5C.C - RSA Data Security, Inc., MD5 message-digest algorithm 10 */ 11 12/* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All 13 rights reserved. 14 15 License to copy and use this software is granted provided that it 16 is identified as the "RSA Data Security, Inc. MD5 Message-Digest 17 Algorithm" in all material mentioning or referencing this software 18 or this function. 19 20 License is also granted to make and use derivative works provided 21 that such works are identified as "derived from the RSA Data 22 Security, Inc. MD5 Message-Digest Algorithm" in all material 23 mentioning or referencing the derived work. 24 25 RSA Data Security, Inc. makes no representations concerning either 26 the merchantability of this software or the suitability of this 27 software for any particular purpose. It is provided "as is" 28 without express or implied warranty of any kind. 29 30 These notices must be retained in any copies of any part of this 31 documentation and/or software. 32 */ 33 34/* Licensed to the Apache Software Foundation (ASF) under one or more 35 * contributor license agreements. See the NOTICE file distributed with 36 * this work for additional information regarding copyright ownership. 37 * The ASF licenses this file to You under the Apache License, Version 2.0 38 * (the "License"); you may not use this file except in compliance with 39 * the License. You may obtain a copy of the License at 40 * 41 * http://www.apache.org/licenses/LICENSE-2.0 42 * 43 * Unless required by applicable law or agreed to in writing, software 44 * distributed under the License is distributed on an "AS IS" BASIS, 45 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 46 * See the License for the specific language governing permissions and 47 * limitations under the License. 48 */ 49 50/* 51 * The apr_md5_encode() routine uses much code obtained from the FreeBSD 3.0 52 * MD5 crypt() function, which is licenced as follows: 53 * ---------------------------------------------------------------------------- 54 * "THE BEER-WARE LICENSE" (Revision 42): 55 * <phk@login.dknet.dk> wrote this file. As long as you retain this notice you 56 * can do whatever you want with this stuff. If we meet some day, and you think 57 * this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp 58 * ---------------------------------------------------------------------------- 59 */ 60 61/* 62 * pseudo_md5.c: md5-esque hash sum calculation for short data blocks. 63 * Code taken and adapted from the APR (see licenses above). 64 */ 65#include "private/svn_pseudo_md5.h" 66 67/* Constants for MD5 calculation. 68 */ 69 70#define S11 7 71#define S12 12 72#define S13 17 73#define S14 22 74#define S21 5 75#define S22 9 76#define S23 14 77#define S24 20 78#define S31 4 79#define S32 11 80#define S33 16 81#define S34 23 82#define S41 6 83#define S42 10 84#define S43 15 85#define S44 21 86 87/* F, G, H and I are basic MD5 functions. 88 */ 89#define F(x, y, z) (((x) & (y)) | ((~x) & (z))) 90#define G(x, y, z) (((x) & (z)) | ((y) & (~z))) 91#define H(x, y, z) ((x) ^ (y) ^ (z)) 92#define I(x, y, z) ((y) ^ ((x) | (~z))) 93 94/* ROTATE_LEFT rotates x left n bits. 95 */ 96#if defined(_MSC_VER) && _MSC_VER >= 1310 97#pragma intrinsic(_rotl) 98#define ROTATE_LEFT(x, n) (_rotl(x,n)) 99#else 100#define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n)))) 101#endif 102 103/* FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4. 104 * Rotation is separate from addition to prevent recomputation. 105 */ 106#define FF(a, b, c, d, x, s, ac) { \ 107 (a) += F ((b), (c), (d)) + (x) + (apr_uint32_t)(ac); \ 108 (a) = ROTATE_LEFT ((a), (s)); \ 109 (a) += (b); \ 110 } 111#define GG(a, b, c, d, x, s, ac) { \ 112 (a) += G ((b), (c), (d)) + (x) + (apr_uint32_t)(ac); \ 113 (a) = ROTATE_LEFT ((a), (s)); \ 114 (a) += (b); \ 115 } 116#define HH(a, b, c, d, x, s, ac) { \ 117 (a) += H ((b), (c), (d)) + (x) + (apr_uint32_t)(ac); \ 118 (a) = ROTATE_LEFT ((a), (s)); \ 119 (a) += (b); \ 120 } 121#define II(a, b, c, d, x, s, ac) { \ 122 (a) += I ((b), (c), (d)) + (x) + (apr_uint32_t)(ac); \ 123 (a) = ROTATE_LEFT ((a), (s)); \ 124 (a) += (b); \ 125 } 126 127/* The idea of the functions below is as follows: 128 * 129 * - The core MD5 algorithm does not assume that the "important" data 130 * is at the begin of the encryption block, followed by e.g. 0. 131 * Instead, all bits are equally relevant. 132 * 133 * - If some bytes in the input are known to be 0, we may hard-code them. 134 * With the previous property, it is safe to move them to the upper end 135 * of the encryption block to maximize the number of steps that can be 136 * pre-calculated. 137 * 138 * - Variable-length streams will use the upper 8 byte of the last 139 * encryption block to store the stream length in bits (to make 0, 00, 140 * 000, ... etc. produce different hash sums). 141 * 142 * - We will hash at most 63 bytes, i.e. 504 bits. In the standard stream 143 * implementation, the upper 6 bytes of the last encryption block would 144 * be 0. We will put at least one non-NULL value in the last 4 bytes. 145 * Therefore, our input will always be different to a standard MD5 stream 146 * implementation in either block count, content or both. 147 * 148 * - Our length indicator also varies with the number bytes in the input. 149 * Hence, different pseudo-MD5 input length produces different output 150 * (with "cryptographic probability") even if the content is all 0 or 151 * otherwise identical. 152 * 153 * - Collisions between pseudo-MD5 and pseudo-MD5 as well as pseudo-MD5 154 * and standard MD5 are as likely as any other MD5 collision. 155 */ 156 157void svn__pseudo_md5_15(apr_uint32_t digest[4], 158 const apr_uint32_t x[4]) 159{ 160 apr_uint32_t a = 0x67452301; 161 apr_uint32_t b = 0xefcdab89; 162 apr_uint32_t c = 0x98badcfe; 163 apr_uint32_t d = 0x10325476; 164 165 /* make sure byte 63 gets the marker independently of BE / LE */ 166 apr_uint32_t x3n = x[3] ^ 0xffffffff; 167 168 /* Round 1 */ 169 FF(a, b, c, d, 0, S11, 0xd76aa478); /* 1 */ 170 FF(d, a, b, c, 0, S12, 0xe8c7b756); /* 2 */ 171 FF(c, d, a, b, 0, S13, 0x242070db); /* 3 */ 172 FF(b, c, d, a, 0, S14, 0xc1bdceee); /* 4 */ 173 FF(a, b, c, d, 0, S11, 0xf57c0faf); /* 5 */ 174 FF(d, a, b, c, 0, S12, 0x4787c62a); /* 6 */ 175 FF(c, d, a, b, 0, S13, 0xa8304613); /* 7 */ 176 FF(b, c, d, a, 0, S14, 0xfd469501); /* 8 */ 177 FF(a, b, c, d, 0, S11, 0x698098d8); /* 9 */ 178 FF(d, a, b, c, 0, S12, 0x8b44f7af); /* 10 */ 179 FF(c, d, a, b, 0, S13, 0xffff5bb1); /* 11 */ 180 FF(b, c, d, a, 0, S14, 0x895cd7be); /* 12 */ 181 FF(a, b, c, d, x[0], S11, 0x6b901122); /* 13 */ 182 FF(d, a, b, c, x[1], S12, 0xfd987193); /* 14 */ 183 FF(c, d, a, b, x[2], S13, 0xa679438e); /* 15 */ 184 FF(b, c, d, a, x3n, S14, 0x49b40821); /* 16 */ 185 186 /* Round 2 */ 187 GG(a, b, c, d, 0, S21, 0xf61e2562); /* 17 */ 188 GG(d, a, b, c, 0, S22, 0xc040b340); /* 18 */ 189 GG(c, d, a, b, 0, S23, 0x265e5a51); /* 19 */ 190 GG(b, c, d, a, 0, S24, 0xe9b6c7aa); /* 20 */ 191 GG(a, b, c, d, 0, S21, 0xd62f105d); /* 21 */ 192 GG(d, a, b, c, 0, S22, 0x2441453); /* 22 */ 193 GG(c, d, a, b, x3n, S23, 0xd8a1e681); /* 23 */ 194 GG(b, c, d, a, 0, S24, 0xe7d3fbc8); /* 24 */ 195 GG(a, b, c, d, 0, S21, 0x21e1cde6); /* 25 */ 196 GG(d, a, b, c, x[2], S22, 0xc33707d6); /* 26 */ 197 GG(c, d, a, b, 0, S23, 0xf4d50d87); /* 27 */ 198 GG(b, c, d, a, 0, S24, 0x455a14ed); /* 28 */ 199 GG(a, b, c, d, x[1], S21, 0xa9e3e905); /* 29 */ 200 GG(d, a, b, c, 0, S22, 0xfcefa3f8); /* 30 */ 201 GG(c, d, a, b, 0, S23, 0x676f02d9); /* 31 */ 202 GG(b, c, d, a, x[0], S24, 0x8d2a4c8a); /* 32 */ 203 204 /* Round 3 */ 205 HH(a, b, c, d, 0, S31, 0xfffa3942); /* 33 */ 206 HH(d, a, b, c, 0, S32, 0x8771f681); /* 34 */ 207 HH(c, d, a, b, 0, S33, 0x6d9d6122); /* 35 */ 208 HH(b, c, d, a, x[2], S34, 0xfde5380c); /* 36 */ 209 HH(a, b, c, d, 0, S31, 0xa4beea44); /* 37 */ 210 HH(d, a, b, c, 0, S32, 0x4bdecfa9); /* 38 */ 211 HH(c, d, a, b, 0, S33, 0xf6bb4b60); /* 39 */ 212 HH(b, c, d, a, 0, S34, 0xbebfbc70); /* 40 */ 213 HH(a, b, c, d, x[1], S31, 0x289b7ec6); /* 41 */ 214 HH(d, a, b, c, 0, S32, 0xeaa127fa); /* 42 */ 215 HH(c, d, a, b, 0, S33, 0xd4ef3085); /* 43 */ 216 HH(b, c, d, a, 0, S34, 0x4881d05); /* 44 */ 217 HH(a, b, c, d, 0, S31, 0xd9d4d039); /* 45 */ 218 HH(d, a, b, c, x[0], S32, 0xe6db99e5); /* 46 */ 219 HH(c, d, a, b, x3n, S33, 0x1fa27cf8); /* 47 */ 220 HH(b, c, d, a, 0, S34, 0xc4ac5665); /* 48 */ 221 222 /* Round 4 */ 223 II(a, b, c, d, 0, S41, 0xf4292244); /* 49 */ 224 II(d, a, b, c, 0, S42, 0x432aff97); /* 50 */ 225 II(c, d, a, b, x[2], S43, 0xab9423a7); /* 51 */ 226 II(b, c, d, a, 0, S44, 0xfc93a039); /* 52 */ 227 II(a, b, c, d, x[0], S41, 0x655b59c3); /* 53 */ 228 II(d, a, b, c, 0, S42, 0x8f0ccc92); /* 54 */ 229 II(c, d, a, b, 0, S43, 0xffeff47d); /* 55 */ 230 II(b, c, d, a, 0, S44, 0x85845dd1); /* 56 */ 231 II(a, b, c, d, 0, S41, 0x6fa87e4f); /* 57 */ 232 II(d, a, b, c, x3n, S42, 0xfe2ce6e0); /* 58 */ 233 II(c, d, a, b, 0, S43, 0xa3014314); /* 59 */ 234 II(b, c, d, a, x[1], S44, 0x4e0811a1); /* 60 */ 235 II(a, b, c, d, 0, S41, 0xf7537e82); /* 61 */ 236 II(d, a, b, c, 0, S42, 0xbd3af235); /* 62 */ 237 II(c, d, a, b, 0, S43, 0x2ad7d2bb); /* 63 */ 238 II(b, c, d, a, 0, S44, 0xeb86d391); /* 64 */ 239 240 digest[0] = a; 241 digest[1] = b; 242 digest[2] = c; 243 digest[3] = d; 244} 245 246void svn__pseudo_md5_31(apr_uint32_t digest[4], 247 const apr_uint32_t x[8]) 248{ 249 apr_uint32_t a = 0x67452301; 250 apr_uint32_t b = 0xefcdab89; 251 apr_uint32_t c = 0x98badcfe; 252 apr_uint32_t d = 0x10325476; 253 254 /* make sure byte 63 gets the marker independently of BE / LE */ 255 apr_uint32_t x7n = x[7] ^ 0xfefefefe; 256 257 /* Round 1 */ 258 FF(a, b, c, d, 0, S11, 0xd76aa478); /* 1 */ 259 FF(d, a, b, c, 0, S12, 0xe8c7b756); /* 2 */ 260 FF(c, d, a, b, 0, S13, 0x242070db); /* 3 */ 261 FF(b, c, d, a, 0, S14, 0xc1bdceee); /* 4 */ 262 FF(a, b, c, d, 0, S11, 0xf57c0faf); /* 5 */ 263 FF(d, a, b, c, 0, S12, 0x4787c62a); /* 6 */ 264 FF(c, d, a, b, 0, S13, 0xa8304613); /* 7 */ 265 FF(b, c, d, a, 0, S14, 0xfd469501); /* 8 */ 266 FF(a, b, c, d, x[0], S11, 0x698098d8); /* 9 */ 267 FF(d, a, b, c, x[1], S12, 0x8b44f7af); /* 10 */ 268 FF(c, d, a, b, x[2], S13, 0xffff5bb1); /* 11 */ 269 FF(b, c, d, a, x[3], S14, 0x895cd7be); /* 12 */ 270 FF(a, b, c, d, x[4], S11, 0x6b901122); /* 13 */ 271 FF(d, a, b, c, x[5], S12, 0xfd987193); /* 14 */ 272 FF(c, d, a, b, x[6], S13, 0xa679438e); /* 15 */ 273 FF(b, c, d, a, x7n, S14, 0x49b40821); /* 16 */ 274 275 /* Round 2 */ 276 GG(a, b, c, d, 0, S21, 0xf61e2562); /* 17 */ 277 GG(d, a, b, c, 0, S22, 0xc040b340); /* 18 */ 278 GG(c, d, a, b, x[3], S23, 0x265e5a51); /* 19 */ 279 GG(b, c, d, a, 0, S24, 0xe9b6c7aa); /* 20 */ 280 GG(a, b, c, d, 0, S21, 0xd62f105d); /* 21 */ 281 GG(d, a, b, c, x[2], S22, 0x2441453); /* 22 */ 282 GG(c, d, a, b, x7n, S23, 0xd8a1e681); /* 23 */ 283 GG(b, c, d, a, 0, S24, 0xe7d3fbc8); /* 24 */ 284 GG(a, b, c, d, x[1], S21, 0x21e1cde6); /* 25 */ 285 GG(d, a, b, c, x[6], S22, 0xc33707d6); /* 26 */ 286 GG(c, d, a, b, 0, S23, 0xf4d50d87); /* 27 */ 287 GG(b, c, d, a, x[0], S24, 0x455a14ed); /* 28 */ 288 GG(a, b, c, d, x[5], S21, 0xa9e3e905); /* 29 */ 289 GG(d, a, b, c, 0, S22, 0xfcefa3f8); /* 30 */ 290 GG(c, d, a, b, 0, S23, 0x676f02d9); /* 31 */ 291 GG(b, c, d, a, x[4], S24, 0x8d2a4c8a); /* 32 */ 292 293 /* Round 3 */ 294 HH(a, b, c, d, 0, S31, 0xfffa3942); /* 33 */ 295 HH(d, a, b, c, x[0], S32, 0x8771f681); /* 34 */ 296 HH(c, d, a, b, x[3], S33, 0x6d9d6122); /* 35 */ 297 HH(b, c, d, a, x[6], S34, 0xfde5380c); /* 36 */ 298 HH(a, b, c, d, 0, S31, 0xa4beea44); /* 37 */ 299 HH(d, a, b, c, 0, S32, 0x4bdecfa9); /* 38 */ 300 HH(c, d, a, b, 0, S33, 0xf6bb4b60); /* 39 */ 301 HH(b, c, d, a, x[2], S34, 0xbebfbc70); /* 40 */ 302 HH(a, b, c, d, x[5], S31, 0x289b7ec6); /* 41 */ 303 HH(d, a, b, c, 0, S32, 0xeaa127fa); /* 42 */ 304 HH(c, d, a, b, 0, S33, 0xd4ef3085); /* 43 */ 305 HH(b, c, d, a, 0, S34, 0x4881d05); /* 44 */ 306 HH(a, b, c, d, x[1], S31, 0xd9d4d039); /* 45 */ 307 HH(d, a, b, c, x[4], S32, 0xe6db99e5); /* 46 */ 308 HH(c, d, a, b, x7n, S33, 0x1fa27cf8); /* 47 */ 309 HH(b, c, d, a, 0, S34, 0xc4ac5665); /* 48 */ 310 311 /* Round 4 */ 312 II(a, b, c, d, 0, S41, 0xf4292244); /* 49 */ 313 II(d, a, b, c, 0, S42, 0x432aff97); /* 50 */ 314 II(c, d, a, b, x[6], S43, 0xab9423a7); /* 51 */ 315 II(b, c, d, a, 0, S44, 0xfc93a039); /* 52 */ 316 II(a, b, c, d, x[4], S41, 0x655b59c3); /* 53 */ 317 II(d, a, b, c, 0, S42, 0x8f0ccc92); /* 54 */ 318 II(c, d, a, b, x[2], S43, 0xffeff47d); /* 55 */ 319 II(b, c, d, a, 0, S44, 0x85845dd1); /* 56 */ 320 II(a, b, c, d, x[0], S41, 0x6fa87e4f); /* 57 */ 321 II(d, a, b, c, x7n, S42, 0xfe2ce6e0); /* 58 */ 322 II(c, d, a, b, 0, S43, 0xa3014314); /* 59 */ 323 II(b, c, d, a, x[5], S44, 0x4e0811a1); /* 60 */ 324 II(a, b, c, d, 0, S41, 0xf7537e82); /* 61 */ 325 II(d, a, b, c, x[3], S42, 0xbd3af235); /* 62 */ 326 II(c, d, a, b, 0, S43, 0x2ad7d2bb); /* 63 */ 327 II(b, c, d, a, x[1], S44, 0xeb86d391); /* 64 */ 328 329 digest[0] = a; 330 digest[1] = b; 331 digest[2] = c; 332 digest[3] = d; 333} 334 335void svn__pseudo_md5_63(apr_uint32_t digest[4], 336 const apr_uint32_t x[16]) 337{ 338 apr_uint32_t a = 0x67452301; 339 apr_uint32_t b = 0xefcdab89; 340 apr_uint32_t c = 0x98badcfe; 341 apr_uint32_t d = 0x10325476; 342 343 /* make sure byte 63 gets the marker independently of BE / LE */ 344 apr_uint32_t x15n = x[15] ^ 0xfcfcfcfc; 345 346 /* Round 1 */ 347 FF(a, b, c, d, x[0], S11, 0xd76aa478); /* 1 */ 348 FF(d, a, b, c, x[1], S12, 0xe8c7b756); /* 2 */ 349 FF(c, d, a, b, x[2], S13, 0x242070db); /* 3 */ 350 FF(b, c, d, a, x[3], S14, 0xc1bdceee); /* 4 */ 351 FF(a, b, c, d, x[4], S11, 0xf57c0faf); /* 5 */ 352 FF(d, a, b, c, x[5], S12, 0x4787c62a); /* 6 */ 353 FF(c, d, a, b, x[6], S13, 0xa8304613); /* 7 */ 354 FF(b, c, d, a, x[7], S14, 0xfd469501); /* 8 */ 355 FF(a, b, c, d, x[8], S11, 0x698098d8); /* 9 */ 356 FF(d, a, b, c, x[9], S12, 0x8b44f7af); /* 10 */ 357 FF(c, d, a, b, x[10], S13, 0xffff5bb1); /* 11 */ 358 FF(b, c, d, a, x[11], S14, 0x895cd7be); /* 12 */ 359 FF(a, b, c, d, x[12], S11, 0x6b901122); /* 13 */ 360 FF(d, a, b, c, x[13], S12, 0xfd987193); /* 14 */ 361 FF(c, d, a, b, x[14], S13, 0xa679438e); /* 15 */ 362 FF(b, c, d, a, x15n, S14, 0x49b40821); /* 16 */ 363 364 /* Round 2 */ 365 GG(a, b, c, d, x[1], S21, 0xf61e2562); /* 17 */ 366 GG(d, a, b, c, x[6], S22, 0xc040b340); /* 18 */ 367 GG(c, d, a, b, x[11], S23, 0x265e5a51); /* 19 */ 368 GG(b, c, d, a, x[0], S24, 0xe9b6c7aa); /* 20 */ 369 GG(a, b, c, d, x[5], S21, 0xd62f105d); /* 21 */ 370 GG(d, a, b, c, x[10], S22, 0x2441453); /* 22 */ 371 GG(c, d, a, b, x15n, S23, 0xd8a1e681); /* 23 */ 372 GG(b, c, d, a, x[4], S24, 0xe7d3fbc8); /* 24 */ 373 GG(a, b, c, d, x[9], S21, 0x21e1cde6); /* 25 */ 374 GG(d, a, b, c, x[14], S22, 0xc33707d6); /* 26 */ 375 GG(c, d, a, b, x[3], S23, 0xf4d50d87); /* 27 */ 376 GG(b, c, d, a, x[8], S24, 0x455a14ed); /* 28 */ 377 GG(a, b, c, d, x[13], S21, 0xa9e3e905); /* 29 */ 378 GG(d, a, b, c, x[2], S22, 0xfcefa3f8); /* 30 */ 379 GG(c, d, a, b, x[7], S23, 0x676f02d9); /* 31 */ 380 GG(b, c, d, a, x[12], S24, 0x8d2a4c8a); /* 32 */ 381 382 /* Round 3 */ 383 HH(a, b, c, d, x[5], S31, 0xfffa3942); /* 33 */ 384 HH(d, a, b, c, x[8], S32, 0x8771f681); /* 34 */ 385 HH(c, d, a, b, x[11], S33, 0x6d9d6122); /* 35 */ 386 HH(b, c, d, a, x[14], S34, 0xfde5380c); /* 36 */ 387 HH(a, b, c, d, x[1], S31, 0xa4beea44); /* 37 */ 388 HH(d, a, b, c, x[4], S32, 0x4bdecfa9); /* 38 */ 389 HH(c, d, a, b, x[7], S33, 0xf6bb4b60); /* 39 */ 390 HH(b, c, d, a, x[10], S34, 0xbebfbc70); /* 40 */ 391 HH(a, b, c, d, x[13], S31, 0x289b7ec6); /* 41 */ 392 HH(d, a, b, c, x[0], S32, 0xeaa127fa); /* 42 */ 393 HH(c, d, a, b, x[3], S33, 0xd4ef3085); /* 43 */ 394 HH(b, c, d, a, x[6], S34, 0x4881d05); /* 44 */ 395 HH(a, b, c, d, x[9], S31, 0xd9d4d039); /* 45 */ 396 HH(d, a, b, c, x[12], S32, 0xe6db99e5); /* 46 */ 397 HH(c, d, a, b, x15n, S33, 0x1fa27cf8); /* 47 */ 398 HH(b, c, d, a, x[2], S34, 0xc4ac5665); /* 48 */ 399 400 /* Round 4 */ 401 II(a, b, c, d, x[0], S41, 0xf4292244); /* 49 */ 402 II(d, a, b, c, x[7], S42, 0x432aff97); /* 50 */ 403 II(c, d, a, b, x[14], S43, 0xab9423a7); /* 51 */ 404 II(b, c, d, a, x[5], S44, 0xfc93a039); /* 52 */ 405 II(a, b, c, d, x[12], S41, 0x655b59c3); /* 53 */ 406 II(d, a, b, c, x[3], S42, 0x8f0ccc92); /* 54 */ 407 II(c, d, a, b, x[10], S43, 0xffeff47d); /* 55 */ 408 II(b, c, d, a, x[1], S44, 0x85845dd1); /* 56 */ 409 II(a, b, c, d, x[8], S41, 0x6fa87e4f); /* 57 */ 410 II(d, a, b, c, x15n, S42, 0xfe2ce6e0); /* 58 */ 411 II(c, d, a, b, x[6], S43, 0xa3014314); /* 59 */ 412 II(b, c, d, a, x[13], S44, 0x4e0811a1); /* 60 */ 413 II(a, b, c, d, x[4], S41, 0xf7537e82); /* 61 */ 414 II(d, a, b, c, x[11], S42, 0xbd3af235); /* 62 */ 415 II(c, d, a, b, x[2], S43, 0x2ad7d2bb); /* 63 */ 416 II(b, c, d, a, x[9], S44, 0xeb86d391); /* 64 */ 417 418 digest[0] = a; 419 digest[1] = b; 420 digest[2] = c; 421 digest[3] = d; 422} 423