1/* crypto/sha/sha_locl.h */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to.  The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 *    notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 *    notice, this list of conditions and the following disclaimer in the
30 *    documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 *    must display the following acknowledgement:
33 *    "This product includes cryptographic software written by
34 *     Eric Young (eay@cryptsoft.com)"
35 *    The word 'cryptographic' can be left out if the rouines from the library
36 *    being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 *    the apps directory (application code) you must include an acknowledgement:
39 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed.  i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdlib.h>
60#include <string.h>
61
62#include <openssl/opensslconf.h>
63#include <openssl/sha.h>
64#include <openssl/fips.h>
65
66#ifndef SHA_LONG_LOG2
67#define SHA_LONG_LOG2	2	/* default to 32 bits */
68#endif
69
70#define DATA_ORDER_IS_BIG_ENDIAN
71
72#define HASH_LONG               SHA_LONG
73#define HASH_LONG_LOG2          SHA_LONG_LOG2
74#define HASH_CTX                SHA_CTX
75#define HASH_CBLOCK             SHA_CBLOCK
76#define HASH_LBLOCK             SHA_LBLOCK
77#define HASH_MAKE_STRING(c,s)   do {	\
78	unsigned long ll;		\
79	ll=(c)->h0; HOST_l2c(ll,(s));	\
80	ll=(c)->h1; HOST_l2c(ll,(s));	\
81	ll=(c)->h2; HOST_l2c(ll,(s));	\
82	ll=(c)->h3; HOST_l2c(ll,(s));	\
83	ll=(c)->h4; HOST_l2c(ll,(s));	\
84	} while (0)
85
86#if defined(SHA_0)
87
88# define HASH_UPDATE             	SHA_Update
89# define HASH_TRANSFORM          	SHA_Transform
90# define HASH_FINAL              	SHA_Final
91# define HASH_INIT			SHA_Init
92# define HASH_BLOCK_HOST_ORDER   	sha_block_host_order
93# define HASH_BLOCK_DATA_ORDER   	sha_block_data_order
94# define Xupdate(a,ix,ia,ib,ic,id)	(ix=(a)=(ia^ib^ic^id))
95
96  void sha_block_host_order (SHA_CTX *c, const void *p,FIPS_SHA_SIZE_T num);
97  void sha_block_data_order (SHA_CTX *c, const void *p,FIPS_SHA_SIZE_T num);
98
99#elif defined(SHA_1)
100
101# define HASH_UPDATE             	SHA1_Update
102# define HASH_TRANSFORM          	SHA1_Transform
103# define HASH_FINAL              	SHA1_Final
104# define HASH_INIT			SHA1_Init
105# define HASH_BLOCK_HOST_ORDER   	sha1_block_host_order
106# define HASH_BLOCK_DATA_ORDER   	sha1_block_data_order
107# if defined(__MWERKS__) && defined(__MC68K__)
108   /* Metrowerks for Motorola fails otherwise:-( <appro@fy.chalmers.se> */
109#  define Xupdate(a,ix,ia,ib,ic,id)	do { (a)=(ia^ib^ic^id);		\
110					     ix=(a)=ROTATE((a),1);	\
111					} while (0)
112# else
113#  define Xupdate(a,ix,ia,ib,ic,id)	( (a)=(ia^ib^ic^id),	\
114					  ix=(a)=ROTATE((a),1)	\
115					)
116# endif
117
118# ifdef SHA1_ASM
119#  if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__)
120#   define sha1_block_host_order		sha1_block_asm_host_order
121#   define DONT_IMPLEMENT_BLOCK_HOST_ORDER
122#   define sha1_block_data_order		sha1_block_asm_data_order
123#   define DONT_IMPLEMENT_BLOCK_DATA_ORDER
124#   define HASH_BLOCK_DATA_ORDER_ALIGNED	sha1_block_asm_data_order
125#  endif
126# endif
127  void sha1_block_host_order (SHA_CTX *c, const void *p,FIPS_SHA_SIZE_T num);
128  void sha1_block_data_order (SHA_CTX *c, const void *p,FIPS_SHA_SIZE_T num);
129
130#else
131# error "Either SHA_0 or SHA_1 must be defined."
132#endif
133
134#include "fips_md32_common.h"
135
136#define INIT_DATA_h0 0x67452301UL
137#define INIT_DATA_h1 0xefcdab89UL
138#define INIT_DATA_h2 0x98badcfeUL
139#define INIT_DATA_h3 0x10325476UL
140#define INIT_DATA_h4 0xc3d2e1f0UL
141
142int HASH_INIT (SHA_CTX *c)
143	{
144	c->h0=INIT_DATA_h0;
145	c->h1=INIT_DATA_h1;
146	c->h2=INIT_DATA_h2;
147	c->h3=INIT_DATA_h3;
148	c->h4=INIT_DATA_h4;
149	c->Nl=0;
150	c->Nh=0;
151	c->num=0;
152	return 1;
153	}
154
155#define K_00_19	0x5a827999UL
156#define K_20_39 0x6ed9eba1UL
157#define K_40_59 0x8f1bbcdcUL
158#define K_60_79 0xca62c1d6UL
159
160/* As  pointed out by Wei Dai <weidai@eskimo.com>, F() below can be
161 * simplified to the code in F_00_19.  Wei attributes these optimisations
162 * to Peter Gutmann's SHS code, and he attributes it to Rich Schroeppel.
163 * #define F(x,y,z) (((x) & (y))  |  ((~(x)) & (z)))
164 * I've just become aware of another tweak to be made, again from Wei Dai,
165 * in F_40_59, (x&a)|(y&a) -> (x|y)&a
166 */
167#define	F_00_19(b,c,d)	((((c) ^ (d)) & (b)) ^ (d))
168#define	F_20_39(b,c,d)	((b) ^ (c) ^ (d))
169#define F_40_59(b,c,d)	(((b) & (c)) | (((b)|(c)) & (d)))
170#define	F_60_79(b,c,d)	F_20_39(b,c,d)
171
172#define BODY_00_15(i,a,b,c,d,e,f,xi) \
173	(f)=xi+(e)+K_00_19+ROTATE((a),5)+F_00_19((b),(c),(d)); \
174	(b)=ROTATE((b),30);
175
176#define BODY_16_19(i,a,b,c,d,e,f,xi,xa,xb,xc,xd) \
177	Xupdate(f,xi,xa,xb,xc,xd); \
178	(f)+=(e)+K_00_19+ROTATE((a),5)+F_00_19((b),(c),(d)); \
179	(b)=ROTATE((b),30);
180
181#define BODY_20_31(i,a,b,c,d,e,f,xi,xa,xb,xc,xd) \
182	Xupdate(f,xi,xa,xb,xc,xd); \
183	(f)+=(e)+K_20_39+ROTATE((a),5)+F_20_39((b),(c),(d)); \
184	(b)=ROTATE((b),30);
185
186#define BODY_32_39(i,a,b,c,d,e,f,xa,xb,xc,xd) \
187	Xupdate(f,xa,xa,xb,xc,xd); \
188	(f)+=(e)+K_20_39+ROTATE((a),5)+F_20_39((b),(c),(d)); \
189	(b)=ROTATE((b),30);
190
191#define BODY_40_59(i,a,b,c,d,e,f,xa,xb,xc,xd) \
192	Xupdate(f,xa,xa,xb,xc,xd); \
193	(f)+=(e)+K_40_59+ROTATE((a),5)+F_40_59((b),(c),(d)); \
194	(b)=ROTATE((b),30);
195
196#define BODY_60_79(i,a,b,c,d,e,f,xa,xb,xc,xd) \
197	Xupdate(f,xa,xa,xb,xc,xd); \
198	(f)=xa+(e)+K_60_79+ROTATE((a),5)+F_60_79((b),(c),(d)); \
199	(b)=ROTATE((b),30);
200
201#ifdef X
202#undef X
203#endif
204#ifndef MD32_XARRAY
205  /*
206   * Originally X was an array. As it's automatic it's natural
207   * to expect RISC compiler to accomodate at least part of it in
208   * the register bank, isn't it? Unfortunately not all compilers
209   * "find" this expectation reasonable:-( On order to make such
210   * compilers generate better code I replace X[] with a bunch of
211   * X0, X1, etc. See the function body below...
212   *					<appro@fy.chalmers.se>
213   */
214# define X(i)	XX##i
215#else
216  /*
217   * However! Some compilers (most notably HP C) get overwhelmed by
218   * that many local variables so that we have to have the way to
219   * fall down to the original behavior.
220   */
221# define X(i)	XX[i]
222#endif
223
224#ifndef DONT_IMPLEMENT_BLOCK_HOST_ORDER
225void HASH_BLOCK_HOST_ORDER (SHA_CTX *c, const void *d, FIPS_SHA_SIZE_T num)
226	{
227	const SHA_LONG *W=d;
228	register unsigned MD32_REG_T A,B,C,D,E,T;
229#ifndef MD32_XARRAY
230	unsigned MD32_REG_T	XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7,
231				XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15;
232#else
233	SHA_LONG	XX[16];
234#endif
235
236	if(FIPS_selftest_failed())
237	    return;
238
239	A=c->h0;
240	B=c->h1;
241	C=c->h2;
242	D=c->h3;
243	E=c->h4;
244
245	for (;;)
246		{
247	BODY_00_15( 0,A,B,C,D,E,T,W[ 0]);
248	BODY_00_15( 1,T,A,B,C,D,E,W[ 1]);
249	BODY_00_15( 2,E,T,A,B,C,D,W[ 2]);
250	BODY_00_15( 3,D,E,T,A,B,C,W[ 3]);
251	BODY_00_15( 4,C,D,E,T,A,B,W[ 4]);
252	BODY_00_15( 5,B,C,D,E,T,A,W[ 5]);
253	BODY_00_15( 6,A,B,C,D,E,T,W[ 6]);
254	BODY_00_15( 7,T,A,B,C,D,E,W[ 7]);
255	BODY_00_15( 8,E,T,A,B,C,D,W[ 8]);
256	BODY_00_15( 9,D,E,T,A,B,C,W[ 9]);
257	BODY_00_15(10,C,D,E,T,A,B,W[10]);
258	BODY_00_15(11,B,C,D,E,T,A,W[11]);
259	BODY_00_15(12,A,B,C,D,E,T,W[12]);
260	BODY_00_15(13,T,A,B,C,D,E,W[13]);
261	BODY_00_15(14,E,T,A,B,C,D,W[14]);
262	BODY_00_15(15,D,E,T,A,B,C,W[15]);
263
264	BODY_16_19(16,C,D,E,T,A,B,X( 0),W[ 0],W[ 2],W[ 8],W[13]);
265	BODY_16_19(17,B,C,D,E,T,A,X( 1),W[ 1],W[ 3],W[ 9],W[14]);
266	BODY_16_19(18,A,B,C,D,E,T,X( 2),W[ 2],W[ 4],W[10],W[15]);
267	BODY_16_19(19,T,A,B,C,D,E,X( 3),W[ 3],W[ 5],W[11],X( 0));
268
269	BODY_20_31(20,E,T,A,B,C,D,X( 4),W[ 4],W[ 6],W[12],X( 1));
270	BODY_20_31(21,D,E,T,A,B,C,X( 5),W[ 5],W[ 7],W[13],X( 2));
271	BODY_20_31(22,C,D,E,T,A,B,X( 6),W[ 6],W[ 8],W[14],X( 3));
272	BODY_20_31(23,B,C,D,E,T,A,X( 7),W[ 7],W[ 9],W[15],X( 4));
273	BODY_20_31(24,A,B,C,D,E,T,X( 8),W[ 8],W[10],X( 0),X( 5));
274	BODY_20_31(25,T,A,B,C,D,E,X( 9),W[ 9],W[11],X( 1),X( 6));
275	BODY_20_31(26,E,T,A,B,C,D,X(10),W[10],W[12],X( 2),X( 7));
276	BODY_20_31(27,D,E,T,A,B,C,X(11),W[11],W[13],X( 3),X( 8));
277	BODY_20_31(28,C,D,E,T,A,B,X(12),W[12],W[14],X( 4),X( 9));
278	BODY_20_31(29,B,C,D,E,T,A,X(13),W[13],W[15],X( 5),X(10));
279	BODY_20_31(30,A,B,C,D,E,T,X(14),W[14],X( 0),X( 6),X(11));
280	BODY_20_31(31,T,A,B,C,D,E,X(15),W[15],X( 1),X( 7),X(12));
281
282	BODY_32_39(32,E,T,A,B,C,D,X( 0),X( 2),X( 8),X(13));
283	BODY_32_39(33,D,E,T,A,B,C,X( 1),X( 3),X( 9),X(14));
284	BODY_32_39(34,C,D,E,T,A,B,X( 2),X( 4),X(10),X(15));
285	BODY_32_39(35,B,C,D,E,T,A,X( 3),X( 5),X(11),X( 0));
286	BODY_32_39(36,A,B,C,D,E,T,X( 4),X( 6),X(12),X( 1));
287	BODY_32_39(37,T,A,B,C,D,E,X( 5),X( 7),X(13),X( 2));
288	BODY_32_39(38,E,T,A,B,C,D,X( 6),X( 8),X(14),X( 3));
289	BODY_32_39(39,D,E,T,A,B,C,X( 7),X( 9),X(15),X( 4));
290
291	BODY_40_59(40,C,D,E,T,A,B,X( 8),X(10),X( 0),X( 5));
292	BODY_40_59(41,B,C,D,E,T,A,X( 9),X(11),X( 1),X( 6));
293	BODY_40_59(42,A,B,C,D,E,T,X(10),X(12),X( 2),X( 7));
294	BODY_40_59(43,T,A,B,C,D,E,X(11),X(13),X( 3),X( 8));
295	BODY_40_59(44,E,T,A,B,C,D,X(12),X(14),X( 4),X( 9));
296	BODY_40_59(45,D,E,T,A,B,C,X(13),X(15),X( 5),X(10));
297	BODY_40_59(46,C,D,E,T,A,B,X(14),X( 0),X( 6),X(11));
298	BODY_40_59(47,B,C,D,E,T,A,X(15),X( 1),X( 7),X(12));
299	BODY_40_59(48,A,B,C,D,E,T,X( 0),X( 2),X( 8),X(13));
300	BODY_40_59(49,T,A,B,C,D,E,X( 1),X( 3),X( 9),X(14));
301	BODY_40_59(50,E,T,A,B,C,D,X( 2),X( 4),X(10),X(15));
302	BODY_40_59(51,D,E,T,A,B,C,X( 3),X( 5),X(11),X( 0));
303	BODY_40_59(52,C,D,E,T,A,B,X( 4),X( 6),X(12),X( 1));
304	BODY_40_59(53,B,C,D,E,T,A,X( 5),X( 7),X(13),X( 2));
305	BODY_40_59(54,A,B,C,D,E,T,X( 6),X( 8),X(14),X( 3));
306	BODY_40_59(55,T,A,B,C,D,E,X( 7),X( 9),X(15),X( 4));
307	BODY_40_59(56,E,T,A,B,C,D,X( 8),X(10),X( 0),X( 5));
308	BODY_40_59(57,D,E,T,A,B,C,X( 9),X(11),X( 1),X( 6));
309	BODY_40_59(58,C,D,E,T,A,B,X(10),X(12),X( 2),X( 7));
310	BODY_40_59(59,B,C,D,E,T,A,X(11),X(13),X( 3),X( 8));
311
312	BODY_60_79(60,A,B,C,D,E,T,X(12),X(14),X( 4),X( 9));
313	BODY_60_79(61,T,A,B,C,D,E,X(13),X(15),X( 5),X(10));
314	BODY_60_79(62,E,T,A,B,C,D,X(14),X( 0),X( 6),X(11));
315	BODY_60_79(63,D,E,T,A,B,C,X(15),X( 1),X( 7),X(12));
316	BODY_60_79(64,C,D,E,T,A,B,X( 0),X( 2),X( 8),X(13));
317	BODY_60_79(65,B,C,D,E,T,A,X( 1),X( 3),X( 9),X(14));
318	BODY_60_79(66,A,B,C,D,E,T,X( 2),X( 4),X(10),X(15));
319	BODY_60_79(67,T,A,B,C,D,E,X( 3),X( 5),X(11),X( 0));
320	BODY_60_79(68,E,T,A,B,C,D,X( 4),X( 6),X(12),X( 1));
321	BODY_60_79(69,D,E,T,A,B,C,X( 5),X( 7),X(13),X( 2));
322	BODY_60_79(70,C,D,E,T,A,B,X( 6),X( 8),X(14),X( 3));
323	BODY_60_79(71,B,C,D,E,T,A,X( 7),X( 9),X(15),X( 4));
324	BODY_60_79(72,A,B,C,D,E,T,X( 8),X(10),X( 0),X( 5));
325	BODY_60_79(73,T,A,B,C,D,E,X( 9),X(11),X( 1),X( 6));
326	BODY_60_79(74,E,T,A,B,C,D,X(10),X(12),X( 2),X( 7));
327	BODY_60_79(75,D,E,T,A,B,C,X(11),X(13),X( 3),X( 8));
328	BODY_60_79(76,C,D,E,T,A,B,X(12),X(14),X( 4),X( 9));
329	BODY_60_79(77,B,C,D,E,T,A,X(13),X(15),X( 5),X(10));
330	BODY_60_79(78,A,B,C,D,E,T,X(14),X( 0),X( 6),X(11));
331	BODY_60_79(79,T,A,B,C,D,E,X(15),X( 1),X( 7),X(12));
332
333	c->h0=(c->h0+E)&0xffffffffL;
334	c->h1=(c->h1+T)&0xffffffffL;
335	c->h2=(c->h2+A)&0xffffffffL;
336	c->h3=(c->h3+B)&0xffffffffL;
337	c->h4=(c->h4+C)&0xffffffffL;
338
339	if (--num == 0) break;
340
341	A=c->h0;
342	B=c->h1;
343	C=c->h2;
344	D=c->h3;
345	E=c->h4;
346
347	W+=SHA_LBLOCK;
348		}
349	}
350#endif
351
352#ifndef DONT_IMPLEMENT_BLOCK_DATA_ORDER
353void HASH_BLOCK_DATA_ORDER (SHA_CTX *c, const void *p, FIPS_SHA_SIZE_T num)
354	{
355	const unsigned char *data=p;
356	register unsigned MD32_REG_T A,B,C,D,E,T,l;
357#ifndef MD32_XARRAY
358	unsigned MD32_REG_T	XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7,
359				XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15;
360#else
361	SHA_LONG	XX[16];
362#endif
363
364	if(FIPS_selftest_failed())
365	    return;
366
367	A=c->h0;
368	B=c->h1;
369	C=c->h2;
370	D=c->h3;
371	E=c->h4;
372
373	for (;;)
374		{
375
376	HOST_c2l(data,l); X( 0)=l;		HOST_c2l(data,l); X( 1)=l;
377	BODY_00_15( 0,A,B,C,D,E,T,X( 0));	HOST_c2l(data,l); X( 2)=l;
378	BODY_00_15( 1,T,A,B,C,D,E,X( 1));	HOST_c2l(data,l); X( 3)=l;
379	BODY_00_15( 2,E,T,A,B,C,D,X( 2));	HOST_c2l(data,l); X( 4)=l;
380	BODY_00_15( 3,D,E,T,A,B,C,X( 3));	HOST_c2l(data,l); X( 5)=l;
381	BODY_00_15( 4,C,D,E,T,A,B,X( 4));	HOST_c2l(data,l); X( 6)=l;
382	BODY_00_15( 5,B,C,D,E,T,A,X( 5));	HOST_c2l(data,l); X( 7)=l;
383	BODY_00_15( 6,A,B,C,D,E,T,X( 6));	HOST_c2l(data,l); X( 8)=l;
384	BODY_00_15( 7,T,A,B,C,D,E,X( 7));	HOST_c2l(data,l); X( 9)=l;
385	BODY_00_15( 8,E,T,A,B,C,D,X( 8));	HOST_c2l(data,l); X(10)=l;
386	BODY_00_15( 9,D,E,T,A,B,C,X( 9));	HOST_c2l(data,l); X(11)=l;
387	BODY_00_15(10,C,D,E,T,A,B,X(10));	HOST_c2l(data,l); X(12)=l;
388	BODY_00_15(11,B,C,D,E,T,A,X(11));	HOST_c2l(data,l); X(13)=l;
389	BODY_00_15(12,A,B,C,D,E,T,X(12));	HOST_c2l(data,l); X(14)=l;
390	BODY_00_15(13,T,A,B,C,D,E,X(13));	HOST_c2l(data,l); X(15)=l;
391	BODY_00_15(14,E,T,A,B,C,D,X(14));
392	BODY_00_15(15,D,E,T,A,B,C,X(15));
393
394	BODY_16_19(16,C,D,E,T,A,B,X( 0),X( 0),X( 2),X( 8),X(13));
395	BODY_16_19(17,B,C,D,E,T,A,X( 1),X( 1),X( 3),X( 9),X(14));
396	BODY_16_19(18,A,B,C,D,E,T,X( 2),X( 2),X( 4),X(10),X(15));
397	BODY_16_19(19,T,A,B,C,D,E,X( 3),X( 3),X( 5),X(11),X( 0));
398
399	BODY_20_31(20,E,T,A,B,C,D,X( 4),X( 4),X( 6),X(12),X( 1));
400	BODY_20_31(21,D,E,T,A,B,C,X( 5),X( 5),X( 7),X(13),X( 2));
401	BODY_20_31(22,C,D,E,T,A,B,X( 6),X( 6),X( 8),X(14),X( 3));
402	BODY_20_31(23,B,C,D,E,T,A,X( 7),X( 7),X( 9),X(15),X( 4));
403	BODY_20_31(24,A,B,C,D,E,T,X( 8),X( 8),X(10),X( 0),X( 5));
404	BODY_20_31(25,T,A,B,C,D,E,X( 9),X( 9),X(11),X( 1),X( 6));
405	BODY_20_31(26,E,T,A,B,C,D,X(10),X(10),X(12),X( 2),X( 7));
406	BODY_20_31(27,D,E,T,A,B,C,X(11),X(11),X(13),X( 3),X( 8));
407	BODY_20_31(28,C,D,E,T,A,B,X(12),X(12),X(14),X( 4),X( 9));
408	BODY_20_31(29,B,C,D,E,T,A,X(13),X(13),X(15),X( 5),X(10));
409	BODY_20_31(30,A,B,C,D,E,T,X(14),X(14),X( 0),X( 6),X(11));
410	BODY_20_31(31,T,A,B,C,D,E,X(15),X(15),X( 1),X( 7),X(12));
411
412	BODY_32_39(32,E,T,A,B,C,D,X( 0),X( 2),X( 8),X(13));
413	BODY_32_39(33,D,E,T,A,B,C,X( 1),X( 3),X( 9),X(14));
414	BODY_32_39(34,C,D,E,T,A,B,X( 2),X( 4),X(10),X(15));
415	BODY_32_39(35,B,C,D,E,T,A,X( 3),X( 5),X(11),X( 0));
416	BODY_32_39(36,A,B,C,D,E,T,X( 4),X( 6),X(12),X( 1));
417	BODY_32_39(37,T,A,B,C,D,E,X( 5),X( 7),X(13),X( 2));
418	BODY_32_39(38,E,T,A,B,C,D,X( 6),X( 8),X(14),X( 3));
419	BODY_32_39(39,D,E,T,A,B,C,X( 7),X( 9),X(15),X( 4));
420
421	BODY_40_59(40,C,D,E,T,A,B,X( 8),X(10),X( 0),X( 5));
422	BODY_40_59(41,B,C,D,E,T,A,X( 9),X(11),X( 1),X( 6));
423	BODY_40_59(42,A,B,C,D,E,T,X(10),X(12),X( 2),X( 7));
424	BODY_40_59(43,T,A,B,C,D,E,X(11),X(13),X( 3),X( 8));
425	BODY_40_59(44,E,T,A,B,C,D,X(12),X(14),X( 4),X( 9));
426	BODY_40_59(45,D,E,T,A,B,C,X(13),X(15),X( 5),X(10));
427	BODY_40_59(46,C,D,E,T,A,B,X(14),X( 0),X( 6),X(11));
428	BODY_40_59(47,B,C,D,E,T,A,X(15),X( 1),X( 7),X(12));
429	BODY_40_59(48,A,B,C,D,E,T,X( 0),X( 2),X( 8),X(13));
430	BODY_40_59(49,T,A,B,C,D,E,X( 1),X( 3),X( 9),X(14));
431	BODY_40_59(50,E,T,A,B,C,D,X( 2),X( 4),X(10),X(15));
432	BODY_40_59(51,D,E,T,A,B,C,X( 3),X( 5),X(11),X( 0));
433	BODY_40_59(52,C,D,E,T,A,B,X( 4),X( 6),X(12),X( 1));
434	BODY_40_59(53,B,C,D,E,T,A,X( 5),X( 7),X(13),X( 2));
435	BODY_40_59(54,A,B,C,D,E,T,X( 6),X( 8),X(14),X( 3));
436	BODY_40_59(55,T,A,B,C,D,E,X( 7),X( 9),X(15),X( 4));
437	BODY_40_59(56,E,T,A,B,C,D,X( 8),X(10),X( 0),X( 5));
438	BODY_40_59(57,D,E,T,A,B,C,X( 9),X(11),X( 1),X( 6));
439	BODY_40_59(58,C,D,E,T,A,B,X(10),X(12),X( 2),X( 7));
440	BODY_40_59(59,B,C,D,E,T,A,X(11),X(13),X( 3),X( 8));
441
442	BODY_60_79(60,A,B,C,D,E,T,X(12),X(14),X( 4),X( 9));
443	BODY_60_79(61,T,A,B,C,D,E,X(13),X(15),X( 5),X(10));
444	BODY_60_79(62,E,T,A,B,C,D,X(14),X( 0),X( 6),X(11));
445	BODY_60_79(63,D,E,T,A,B,C,X(15),X( 1),X( 7),X(12));
446	BODY_60_79(64,C,D,E,T,A,B,X( 0),X( 2),X( 8),X(13));
447	BODY_60_79(65,B,C,D,E,T,A,X( 1),X( 3),X( 9),X(14));
448	BODY_60_79(66,A,B,C,D,E,T,X( 2),X( 4),X(10),X(15));
449	BODY_60_79(67,T,A,B,C,D,E,X( 3),X( 5),X(11),X( 0));
450	BODY_60_79(68,E,T,A,B,C,D,X( 4),X( 6),X(12),X( 1));
451	BODY_60_79(69,D,E,T,A,B,C,X( 5),X( 7),X(13),X( 2));
452	BODY_60_79(70,C,D,E,T,A,B,X( 6),X( 8),X(14),X( 3));
453	BODY_60_79(71,B,C,D,E,T,A,X( 7),X( 9),X(15),X( 4));
454	BODY_60_79(72,A,B,C,D,E,T,X( 8),X(10),X( 0),X( 5));
455	BODY_60_79(73,T,A,B,C,D,E,X( 9),X(11),X( 1),X( 6));
456	BODY_60_79(74,E,T,A,B,C,D,X(10),X(12),X( 2),X( 7));
457	BODY_60_79(75,D,E,T,A,B,C,X(11),X(13),X( 3),X( 8));
458	BODY_60_79(76,C,D,E,T,A,B,X(12),X(14),X( 4),X( 9));
459	BODY_60_79(77,B,C,D,E,T,A,X(13),X(15),X( 5),X(10));
460	BODY_60_79(78,A,B,C,D,E,T,X(14),X( 0),X( 6),X(11));
461	BODY_60_79(79,T,A,B,C,D,E,X(15),X( 1),X( 7),X(12));
462
463	c->h0=(c->h0+E)&0xffffffffL;
464	c->h1=(c->h1+T)&0xffffffffL;
465	c->h2=(c->h2+A)&0xffffffffL;
466	c->h3=(c->h3+B)&0xffffffffL;
467	c->h4=(c->h4+C)&0xffffffffL;
468
469	if (--num == 0) break;
470
471	A=c->h0;
472	B=c->h1;
473	C=c->h2;
474	D=c->h3;
475	E=c->h4;
476
477		}
478	}
479#endif
480