sha512.c revision 160814
1/* crypto/sha/sha512.c */ 2/* ==================================================================== 3 * Copyright (c) 2004 The OpenSSL Project. All rights reserved 4 * according to the OpenSSL license [found in ../../LICENSE]. 5 * ==================================================================== 6 */ 7#include <openssl/opensslconf.h> 8#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA512) 9/* 10 * IMPLEMENTATION NOTES. 11 * 12 * As you might have noticed 32-bit hash algorithms: 13 * 14 * - permit SHA_LONG to be wider than 32-bit (case on CRAY); 15 * - optimized versions implement two transform functions: one operating 16 * on [aligned] data in host byte order and one - on data in input 17 * stream byte order; 18 * - share common byte-order neutral collector and padding function 19 * implementations, ../md32_common.h; 20 * 21 * Neither of the above applies to this SHA-512 implementations. Reasons 22 * [in reverse order] are: 23 * 24 * - it's the only 64-bit hash algorithm for the moment of this writing, 25 * there is no need for common collector/padding implementation [yet]; 26 * - by supporting only one transform function [which operates on 27 * *aligned* data in input stream byte order, big-endian in this case] 28 * we minimize burden of maintenance in two ways: a) collector/padding 29 * function is simpler; b) only one transform function to stare at; 30 * - SHA_LONG64 is required to be exactly 64-bit in order to be able to 31 * apply a number of optimizations to mitigate potential performance 32 * penalties caused by previous design decision; 33 * 34 * Caveat lector. 35 * 36 * Implementation relies on the fact that "long long" is 64-bit on 37 * both 32- and 64-bit platforms. If some compiler vendor comes up 38 * with 128-bit long long, adjustment to sha.h would be required. 39 * As this implementation relies on 64-bit integer type, it's totally 40 * inappropriate for platforms which don't support it, most notably 41 * 16-bit platforms. 42 * <appro@fy.chalmers.se> 43 */ 44#include <stdlib.h> 45#include <string.h> 46 47#include <openssl/crypto.h> 48#include <openssl/sha.h> 49#include <openssl/opensslv.h> 50 51#include "cryptlib.h" 52 53const char *SHA512_version="SHA-512" OPENSSL_VERSION_PTEXT; 54 55#if defined(_M_IX86) || defined(_M_AMD64) || defined(__i386) || defined(__x86_64) 56#define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA 57#endif 58 59int SHA384_Init (SHA512_CTX *c) 60 { 61 c->h[0]=U64(0xcbbb9d5dc1059ed8); 62 c->h[1]=U64(0x629a292a367cd507); 63 c->h[2]=U64(0x9159015a3070dd17); 64 c->h[3]=U64(0x152fecd8f70e5939); 65 c->h[4]=U64(0x67332667ffc00b31); 66 c->h[5]=U64(0x8eb44a8768581511); 67 c->h[6]=U64(0xdb0c2e0d64f98fa7); 68 c->h[7]=U64(0x47b5481dbefa4fa4); 69 c->Nl=0; c->Nh=0; 70 c->num=0; c->md_len=SHA384_DIGEST_LENGTH; 71 return 1; 72 } 73 74int SHA512_Init (SHA512_CTX *c) 75 { 76 c->h[0]=U64(0x6a09e667f3bcc908); 77 c->h[1]=U64(0xbb67ae8584caa73b); 78 c->h[2]=U64(0x3c6ef372fe94f82b); 79 c->h[3]=U64(0xa54ff53a5f1d36f1); 80 c->h[4]=U64(0x510e527fade682d1); 81 c->h[5]=U64(0x9b05688c2b3e6c1f); 82 c->h[6]=U64(0x1f83d9abfb41bd6b); 83 c->h[7]=U64(0x5be0cd19137e2179); 84 c->Nl=0; c->Nh=0; 85 c->num=0; c->md_len=SHA512_DIGEST_LENGTH; 86 return 1; 87 } 88 89#ifndef SHA512_ASM 90static 91#endif 92void sha512_block (SHA512_CTX *ctx, const void *in, size_t num); 93 94int SHA512_Final (unsigned char *md, SHA512_CTX *c) 95 { 96 unsigned char *p=(unsigned char *)c->u.p; 97 size_t n=c->num; 98 99 p[n]=0x80; /* There always is a room for one */ 100 n++; 101 if (n > (sizeof(c->u)-16)) 102 memset (p+n,0,sizeof(c->u)-n), n=0, 103 sha512_block (c,p,1); 104 105 memset (p+n,0,sizeof(c->u)-16-n); 106#ifdef B_ENDIAN 107 c->u.d[SHA_LBLOCK-2] = c->Nh; 108 c->u.d[SHA_LBLOCK-1] = c->Nl; 109#else 110 p[sizeof(c->u)-1] = (unsigned char)(c->Nl); 111 p[sizeof(c->u)-2] = (unsigned char)(c->Nl>>8); 112 p[sizeof(c->u)-3] = (unsigned char)(c->Nl>>16); 113 p[sizeof(c->u)-4] = (unsigned char)(c->Nl>>24); 114 p[sizeof(c->u)-5] = (unsigned char)(c->Nl>>32); 115 p[sizeof(c->u)-6] = (unsigned char)(c->Nl>>40); 116 p[sizeof(c->u)-7] = (unsigned char)(c->Nl>>48); 117 p[sizeof(c->u)-8] = (unsigned char)(c->Nl>>56); 118 p[sizeof(c->u)-9] = (unsigned char)(c->Nh); 119 p[sizeof(c->u)-10] = (unsigned char)(c->Nh>>8); 120 p[sizeof(c->u)-11] = (unsigned char)(c->Nh>>16); 121 p[sizeof(c->u)-12] = (unsigned char)(c->Nh>>24); 122 p[sizeof(c->u)-13] = (unsigned char)(c->Nh>>32); 123 p[sizeof(c->u)-14] = (unsigned char)(c->Nh>>40); 124 p[sizeof(c->u)-15] = (unsigned char)(c->Nh>>48); 125 p[sizeof(c->u)-16] = (unsigned char)(c->Nh>>56); 126#endif 127 128 sha512_block (c,p,1); 129 130 if (md==0) return 0; 131 132 switch (c->md_len) 133 { 134 /* Let compiler decide if it's appropriate to unroll... */ 135 case SHA384_DIGEST_LENGTH: 136 for (n=0;n<SHA384_DIGEST_LENGTH/8;n++) 137 { 138 SHA_LONG64 t = c->h[n]; 139 140 *(md++) = (unsigned char)(t>>56); 141 *(md++) = (unsigned char)(t>>48); 142 *(md++) = (unsigned char)(t>>40); 143 *(md++) = (unsigned char)(t>>32); 144 *(md++) = (unsigned char)(t>>24); 145 *(md++) = (unsigned char)(t>>16); 146 *(md++) = (unsigned char)(t>>8); 147 *(md++) = (unsigned char)(t); 148 } 149 break; 150 case SHA512_DIGEST_LENGTH: 151 for (n=0;n<SHA512_DIGEST_LENGTH/8;n++) 152 { 153 SHA_LONG64 t = c->h[n]; 154 155 *(md++) = (unsigned char)(t>>56); 156 *(md++) = (unsigned char)(t>>48); 157 *(md++) = (unsigned char)(t>>40); 158 *(md++) = (unsigned char)(t>>32); 159 *(md++) = (unsigned char)(t>>24); 160 *(md++) = (unsigned char)(t>>16); 161 *(md++) = (unsigned char)(t>>8); 162 *(md++) = (unsigned char)(t); 163 } 164 break; 165 /* ... as well as make sure md_len is not abused. */ 166 default: return 0; 167 } 168 169 return 1; 170 } 171 172int SHA384_Final (unsigned char *md,SHA512_CTX *c) 173{ return SHA512_Final (md,c); } 174 175int SHA512_Update (SHA512_CTX *c, const void *_data, size_t len) 176 { 177 SHA_LONG64 l; 178 unsigned char *p=c->u.p; 179 const unsigned char *data=(const unsigned char *)_data; 180 181 if (len==0) return 1; 182 183 l = (c->Nl+(((SHA_LONG64)len)<<3))&U64(0xffffffffffffffff); 184 if (l < c->Nl) c->Nh++; 185 if (sizeof(len)>=8) c->Nh+=(((SHA_LONG64)len)>>61); 186 c->Nl=l; 187 188 if (c->num != 0) 189 { 190 size_t n = sizeof(c->u) - c->num; 191 192 if (len < n) 193 { 194 memcpy (p+c->num,data,len), c->num += len; 195 return 1; 196 } 197 else { 198 memcpy (p+c->num,data,n), c->num = 0; 199 len-=n, data+=n; 200 sha512_block (c,p,1); 201 } 202 } 203 204 if (len >= sizeof(c->u)) 205 { 206#ifndef SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA 207 if ((size_t)data%sizeof(c->u.d[0]) != 0) 208 while (len >= sizeof(c->u)) 209 memcpy (p,data,sizeof(c->u)), 210 sha512_block (c,p,1), 211 len -= sizeof(c->u), 212 data += sizeof(c->u); 213 else 214#endif 215 sha512_block (c,data,len/sizeof(c->u)), 216 data += len, 217 len %= sizeof(c->u), 218 data -= len; 219 } 220 221 if (len != 0) memcpy (p,data,len), c->num = (int)len; 222 223 return 1; 224 } 225 226int SHA384_Update (SHA512_CTX *c, const void *data, size_t len) 227{ return SHA512_Update (c,data,len); } 228 229void SHA512_Transform (SHA512_CTX *c, const unsigned char *data) 230{ sha512_block (c,data,1); } 231 232unsigned char *SHA384(const unsigned char *d, size_t n, unsigned char *md) 233 { 234 SHA512_CTX c; 235 static unsigned char m[SHA384_DIGEST_LENGTH]; 236 237 if (md == NULL) md=m; 238 SHA384_Init(&c); 239 SHA512_Update(&c,d,n); 240 SHA512_Final(md,&c); 241 OPENSSL_cleanse(&c,sizeof(c)); 242 return(md); 243 } 244 245unsigned char *SHA512(const unsigned char *d, size_t n, unsigned char *md) 246 { 247 SHA512_CTX c; 248 static unsigned char m[SHA512_DIGEST_LENGTH]; 249 250 if (md == NULL) md=m; 251 SHA512_Init(&c); 252 SHA512_Update(&c,d,n); 253 SHA512_Final(md,&c); 254 OPENSSL_cleanse(&c,sizeof(c)); 255 return(md); 256 } 257 258#ifndef SHA512_ASM 259static const SHA_LONG64 K512[80] = { 260 U64(0x428a2f98d728ae22),U64(0x7137449123ef65cd), 261 U64(0xb5c0fbcfec4d3b2f),U64(0xe9b5dba58189dbbc), 262 U64(0x3956c25bf348b538),U64(0x59f111f1b605d019), 263 U64(0x923f82a4af194f9b),U64(0xab1c5ed5da6d8118), 264 U64(0xd807aa98a3030242),U64(0x12835b0145706fbe), 265 U64(0x243185be4ee4b28c),U64(0x550c7dc3d5ffb4e2), 266 U64(0x72be5d74f27b896f),U64(0x80deb1fe3b1696b1), 267 U64(0x9bdc06a725c71235),U64(0xc19bf174cf692694), 268 U64(0xe49b69c19ef14ad2),U64(0xefbe4786384f25e3), 269 U64(0x0fc19dc68b8cd5b5),U64(0x240ca1cc77ac9c65), 270 U64(0x2de92c6f592b0275),U64(0x4a7484aa6ea6e483), 271 U64(0x5cb0a9dcbd41fbd4),U64(0x76f988da831153b5), 272 U64(0x983e5152ee66dfab),U64(0xa831c66d2db43210), 273 U64(0xb00327c898fb213f),U64(0xbf597fc7beef0ee4), 274 U64(0xc6e00bf33da88fc2),U64(0xd5a79147930aa725), 275 U64(0x06ca6351e003826f),U64(0x142929670a0e6e70), 276 U64(0x27b70a8546d22ffc),U64(0x2e1b21385c26c926), 277 U64(0x4d2c6dfc5ac42aed),U64(0x53380d139d95b3df), 278 U64(0x650a73548baf63de),U64(0x766a0abb3c77b2a8), 279 U64(0x81c2c92e47edaee6),U64(0x92722c851482353b), 280 U64(0xa2bfe8a14cf10364),U64(0xa81a664bbc423001), 281 U64(0xc24b8b70d0f89791),U64(0xc76c51a30654be30), 282 U64(0xd192e819d6ef5218),U64(0xd69906245565a910), 283 U64(0xf40e35855771202a),U64(0x106aa07032bbd1b8), 284 U64(0x19a4c116b8d2d0c8),U64(0x1e376c085141ab53), 285 U64(0x2748774cdf8eeb99),U64(0x34b0bcb5e19b48a8), 286 U64(0x391c0cb3c5c95a63),U64(0x4ed8aa4ae3418acb), 287 U64(0x5b9cca4f7763e373),U64(0x682e6ff3d6b2b8a3), 288 U64(0x748f82ee5defb2fc),U64(0x78a5636f43172f60), 289 U64(0x84c87814a1f0ab72),U64(0x8cc702081a6439ec), 290 U64(0x90befffa23631e28),U64(0xa4506cebde82bde9), 291 U64(0xbef9a3f7b2c67915),U64(0xc67178f2e372532b), 292 U64(0xca273eceea26619c),U64(0xd186b8c721c0c207), 293 U64(0xeada7dd6cde0eb1e),U64(0xf57d4f7fee6ed178), 294 U64(0x06f067aa72176fba),U64(0x0a637dc5a2c898a6), 295 U64(0x113f9804bef90dae),U64(0x1b710b35131c471b), 296 U64(0x28db77f523047d84),U64(0x32caab7b40c72493), 297 U64(0x3c9ebe0a15c9bebc),U64(0x431d67c49c100d4c), 298 U64(0x4cc5d4becb3e42b6),U64(0x597f299cfc657e2a), 299 U64(0x5fcb6fab3ad6faec),U64(0x6c44198c4a475817) }; 300 301#ifndef PEDANTIC 302# if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) 303# if defined(__x86_64) || defined(__x86_64__) 304# define PULL64(x) ({ SHA_LONG64 ret=*((const SHA_LONG64 *)(&(x))); \ 305 asm ("bswapq %0" \ 306 : "=r"(ret) \ 307 : "0"(ret)); ret; }) 308# endif 309# endif 310#endif 311 312#ifndef PULL64 313#define B(x,j) (((SHA_LONG64)(*(((const unsigned char *)(&x))+j)))<<((7-j)*8)) 314#define PULL64(x) (B(x,0)|B(x,1)|B(x,2)|B(x,3)|B(x,4)|B(x,5)|B(x,6)|B(x,7)) 315#endif 316 317#ifndef PEDANTIC 318# if defined(_MSC_VER) 319# if defined(_WIN64) /* applies to both IA-64 and AMD64 */ 320# define ROTR(a,n) _rotr64((a),n) 321# endif 322# elif defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) 323# if defined(__x86_64) || defined(__x86_64__) 324# define ROTR(a,n) ({ unsigned long ret; \ 325 asm ("rorq %1,%0" \ 326 : "=r"(ret) \ 327 : "J"(n),"0"(a) \ 328 : "cc"); ret; }) 329# elif defined(_ARCH_PPC) && defined(__64BIT__) 330# define ROTR(a,n) ({ unsigned long ret; \ 331 asm ("rotrdi %0,%1,%2" \ 332 : "=r"(ret) \ 333 : "r"(a),"K"(n)); ret; }) 334# endif 335# endif 336#endif 337 338#ifndef ROTR 339#define ROTR(x,s) (((x)>>s) | (x)<<(64-s)) 340#endif 341 342#define Sigma0(x) (ROTR((x),28) ^ ROTR((x),34) ^ ROTR((x),39)) 343#define Sigma1(x) (ROTR((x),14) ^ ROTR((x),18) ^ ROTR((x),41)) 344#define sigma0(x) (ROTR((x),1) ^ ROTR((x),8) ^ ((x)>>7)) 345#define sigma1(x) (ROTR((x),19) ^ ROTR((x),61) ^ ((x)>>6)) 346 347#define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) 348#define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) 349 350#if defined(OPENSSL_IA32_SSE2) && !defined(OPENSSL_NO_ASM) && !defined(I386_ONLY) 351#define GO_FOR_SSE2(ctx,in,num) do { \ 352 void sha512_block_sse2(void *,const void *,size_t); \ 353 if (!(OPENSSL_ia32cap_P & (1<<26))) break; \ 354 sha512_block_sse2(ctx->h,in,num); return; \ 355 } while (0) 356#endif 357 358#ifdef OPENSSL_SMALL_FOOTPRINT 359 360static void sha512_block (SHA512_CTX *ctx, const void *in, size_t num) 361 { 362 const SHA_LONG64 *W=in; 363 SHA_LONG64 a,b,c,d,e,f,g,h,s0,s1,T1,T2; 364 SHA_LONG64 X[16]; 365 int i; 366 367#ifdef GO_FOR_SSE2 368 GO_FOR_SSE2(ctx,in,num); 369#endif 370 371 while (num--) { 372 373 a = ctx->h[0]; b = ctx->h[1]; c = ctx->h[2]; d = ctx->h[3]; 374 e = ctx->h[4]; f = ctx->h[5]; g = ctx->h[6]; h = ctx->h[7]; 375 376 for (i=0;i<16;i++) 377 { 378#ifdef B_ENDIAN 379 T1 = X[i] = W[i]; 380#else 381 T1 = X[i] = PULL64(W[i]); 382#endif 383 T1 += h + Sigma1(e) + Ch(e,f,g) + K512[i]; 384 T2 = Sigma0(a) + Maj(a,b,c); 385 h = g; g = f; f = e; e = d + T1; 386 d = c; c = b; b = a; a = T1 + T2; 387 } 388 389 for (;i<80;i++) 390 { 391 s0 = X[(i+1)&0x0f]; s0 = sigma0(s0); 392 s1 = X[(i+14)&0x0f]; s1 = sigma1(s1); 393 394 T1 = X[i&0xf] += s0 + s1 + X[(i+9)&0xf]; 395 T1 += h + Sigma1(e) + Ch(e,f,g) + K512[i]; 396 T2 = Sigma0(a) + Maj(a,b,c); 397 h = g; g = f; f = e; e = d + T1; 398 d = c; c = b; b = a; a = T1 + T2; 399 } 400 401 ctx->h[0] += a; ctx->h[1] += b; ctx->h[2] += c; ctx->h[3] += d; 402 ctx->h[4] += e; ctx->h[5] += f; ctx->h[6] += g; ctx->h[7] += h; 403 404 W+=SHA_LBLOCK; 405 } 406 } 407 408#else 409 410#define ROUND_00_15(i,a,b,c,d,e,f,g,h) do { \ 411 T1 += h + Sigma1(e) + Ch(e,f,g) + K512[i]; \ 412 h = Sigma0(a) + Maj(a,b,c); \ 413 d += T1; h += T1; } while (0) 414 415#define ROUND_16_80(i,a,b,c,d,e,f,g,h,X) do { \ 416 s0 = X[(i+1)&0x0f]; s0 = sigma0(s0); \ 417 s1 = X[(i+14)&0x0f]; s1 = sigma1(s1); \ 418 T1 = X[(i)&0x0f] += s0 + s1 + X[(i+9)&0x0f]; \ 419 ROUND_00_15(i,a,b,c,d,e,f,g,h); } while (0) 420 421static void sha512_block (SHA512_CTX *ctx, const void *in, size_t num) 422 { 423 const SHA_LONG64 *W=in; 424 SHA_LONG64 a,b,c,d,e,f,g,h,s0,s1,T1; 425 SHA_LONG64 X[16]; 426 int i; 427 428#ifdef GO_FOR_SSE2 429 GO_FOR_SSE2(ctx,in,num); 430#endif 431 432 while (num--) { 433 434 a = ctx->h[0]; b = ctx->h[1]; c = ctx->h[2]; d = ctx->h[3]; 435 e = ctx->h[4]; f = ctx->h[5]; g = ctx->h[6]; h = ctx->h[7]; 436 437#ifdef B_ENDIAN 438 T1 = X[0] = W[0]; ROUND_00_15(0,a,b,c,d,e,f,g,h); 439 T1 = X[1] = W[1]; ROUND_00_15(1,h,a,b,c,d,e,f,g); 440 T1 = X[2] = W[2]; ROUND_00_15(2,g,h,a,b,c,d,e,f); 441 T1 = X[3] = W[3]; ROUND_00_15(3,f,g,h,a,b,c,d,e); 442 T1 = X[4] = W[4]; ROUND_00_15(4,e,f,g,h,a,b,c,d); 443 T1 = X[5] = W[5]; ROUND_00_15(5,d,e,f,g,h,a,b,c); 444 T1 = X[6] = W[6]; ROUND_00_15(6,c,d,e,f,g,h,a,b); 445 T1 = X[7] = W[7]; ROUND_00_15(7,b,c,d,e,f,g,h,a); 446 T1 = X[8] = W[8]; ROUND_00_15(8,a,b,c,d,e,f,g,h); 447 T1 = X[9] = W[9]; ROUND_00_15(9,h,a,b,c,d,e,f,g); 448 T1 = X[10] = W[10]; ROUND_00_15(10,g,h,a,b,c,d,e,f); 449 T1 = X[11] = W[11]; ROUND_00_15(11,f,g,h,a,b,c,d,e); 450 T1 = X[12] = W[12]; ROUND_00_15(12,e,f,g,h,a,b,c,d); 451 T1 = X[13] = W[13]; ROUND_00_15(13,d,e,f,g,h,a,b,c); 452 T1 = X[14] = W[14]; ROUND_00_15(14,c,d,e,f,g,h,a,b); 453 T1 = X[15] = W[15]; ROUND_00_15(15,b,c,d,e,f,g,h,a); 454#else 455 T1 = X[0] = PULL64(W[0]); ROUND_00_15(0,a,b,c,d,e,f,g,h); 456 T1 = X[1] = PULL64(W[1]); ROUND_00_15(1,h,a,b,c,d,e,f,g); 457 T1 = X[2] = PULL64(W[2]); ROUND_00_15(2,g,h,a,b,c,d,e,f); 458 T1 = X[3] = PULL64(W[3]); ROUND_00_15(3,f,g,h,a,b,c,d,e); 459 T1 = X[4] = PULL64(W[4]); ROUND_00_15(4,e,f,g,h,a,b,c,d); 460 T1 = X[5] = PULL64(W[5]); ROUND_00_15(5,d,e,f,g,h,a,b,c); 461 T1 = X[6] = PULL64(W[6]); ROUND_00_15(6,c,d,e,f,g,h,a,b); 462 T1 = X[7] = PULL64(W[7]); ROUND_00_15(7,b,c,d,e,f,g,h,a); 463 T1 = X[8] = PULL64(W[8]); ROUND_00_15(8,a,b,c,d,e,f,g,h); 464 T1 = X[9] = PULL64(W[9]); ROUND_00_15(9,h,a,b,c,d,e,f,g); 465 T1 = X[10] = PULL64(W[10]); ROUND_00_15(10,g,h,a,b,c,d,e,f); 466 T1 = X[11] = PULL64(W[11]); ROUND_00_15(11,f,g,h,a,b,c,d,e); 467 T1 = X[12] = PULL64(W[12]); ROUND_00_15(12,e,f,g,h,a,b,c,d); 468 T1 = X[13] = PULL64(W[13]); ROUND_00_15(13,d,e,f,g,h,a,b,c); 469 T1 = X[14] = PULL64(W[14]); ROUND_00_15(14,c,d,e,f,g,h,a,b); 470 T1 = X[15] = PULL64(W[15]); ROUND_00_15(15,b,c,d,e,f,g,h,a); 471#endif 472 473 for (i=16;i<80;i+=8) 474 { 475 ROUND_16_80(i+0,a,b,c,d,e,f,g,h,X); 476 ROUND_16_80(i+1,h,a,b,c,d,e,f,g,X); 477 ROUND_16_80(i+2,g,h,a,b,c,d,e,f,X); 478 ROUND_16_80(i+3,f,g,h,a,b,c,d,e,X); 479 ROUND_16_80(i+4,e,f,g,h,a,b,c,d,X); 480 ROUND_16_80(i+5,d,e,f,g,h,a,b,c,X); 481 ROUND_16_80(i+6,c,d,e,f,g,h,a,b,X); 482 ROUND_16_80(i+7,b,c,d,e,f,g,h,a,X); 483 } 484 485 ctx->h[0] += a; ctx->h[1] += b; ctx->h[2] += c; ctx->h[3] += d; 486 ctx->h[4] += e; ctx->h[5] += f; ctx->h[6] += g; ctx->h[7] += h; 487 488 W+=SHA_LBLOCK; 489 } 490 } 491 492#endif 493 494#endif /* SHA512_ASM */ 495 496#endif /* OPENSSL_NO_SHA512 */ 497