1/* crypto/sha/sha_locl.h */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to.  The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 *    notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 *    notice, this list of conditions and the following disclaimer in the
30 *    documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 *    must display the following acknowledgement:
33 *    "This product includes cryptographic software written by
34 *     Eric Young (eay@cryptsoft.com)"
35 *    The word 'cryptographic' can be left out if the rouines from the library
36 *    being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 *    the apps directory (application code) you must include an acknowledgement:
39 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed.  i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdlib.h>
60#include <string.h>
61
62#include <openssl/opensslconf.h>
63#include <openssl/sha.h>
64
65#ifndef SHA_LONG_LOG2
66#define SHA_LONG_LOG2	2	/* default to 32 bits */
67#endif
68
69#define DATA_ORDER_IS_BIG_ENDIAN
70
71#define HASH_LONG               SHA_LONG
72#define HASH_LONG_LOG2          SHA_LONG_LOG2
73#define HASH_CTX                SHA_CTX
74#define HASH_CBLOCK             SHA_CBLOCK
75#define HASH_LBLOCK             SHA_LBLOCK
76#define HASH_MAKE_STRING(c,s)   do {	\
77	unsigned long ll;		\
78	ll=(c)->h0; HOST_l2c(ll,(s));	\
79	ll=(c)->h1; HOST_l2c(ll,(s));	\
80	ll=(c)->h2; HOST_l2c(ll,(s));	\
81	ll=(c)->h3; HOST_l2c(ll,(s));	\
82	ll=(c)->h4; HOST_l2c(ll,(s));	\
83	} while (0)
84
85#if defined(SHA_0)
86
87# define HASH_UPDATE             	SHA_Update
88# define HASH_TRANSFORM          	SHA_Transform
89# define HASH_FINAL              	SHA_Final
90# define HASH_INIT			SHA_Init
91# define HASH_BLOCK_HOST_ORDER   	sha_block_host_order
92# define HASH_BLOCK_DATA_ORDER   	sha_block_data_order
93# define Xupdate(a,ix,ia,ib,ic,id)	(ix=(a)=(ia^ib^ic^id))
94
95  void sha_block_host_order (SHA_CTX *c, const void *p,size_t num);
96  void sha_block_data_order (SHA_CTX *c, const void *p,size_t num);
97
98#elif defined(SHA_1)
99
100# define HASH_UPDATE             	SHA1_Update
101# define HASH_TRANSFORM          	SHA1_Transform
102# define HASH_FINAL              	SHA1_Final
103# define HASH_INIT			SHA1_Init
104# define HASH_BLOCK_HOST_ORDER   	sha1_block_host_order
105# define HASH_BLOCK_DATA_ORDER   	sha1_block_data_order
106# if defined(__MWERKS__) && defined(__MC68K__)
107   /* Metrowerks for Motorola fails otherwise:-( <appro@fy.chalmers.se> */
108#  define Xupdate(a,ix,ia,ib,ic,id)	do { (a)=(ia^ib^ic^id);		\
109					     ix=(a)=ROTATE((a),1);	\
110					} while (0)
111# else
112#  define Xupdate(a,ix,ia,ib,ic,id)	( (a)=(ia^ib^ic^id),	\
113					  ix=(a)=ROTATE((a),1)	\
114					)
115# endif
116
117# ifdef SHA1_ASM
118#  if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__)
119#   if !defined(B_ENDIAN)
120#    define sha1_block_host_order		sha1_block_asm_host_order
121#    define DONT_IMPLEMENT_BLOCK_HOST_ORDER
122#    define sha1_block_data_order		sha1_block_asm_data_order
123#    define DONT_IMPLEMENT_BLOCK_DATA_ORDER
124#    define HASH_BLOCK_DATA_ORDER_ALIGNED	sha1_block_asm_data_order
125#   endif
126#  elif defined(__ia64) || defined(__ia64__) || defined(_M_IA64)
127#   define sha1_block_host_order		sha1_block_asm_host_order
128#   define DONT_IMPLEMENT_BLOCK_HOST_ORDER
129#   define sha1_block_data_order		sha1_block_asm_data_order
130#   define DONT_IMPLEMENT_BLOCK_DATA_ORDER
131#  endif
132# endif
133  void sha1_block_host_order (SHA_CTX *c, const void *p,size_t num);
134  void sha1_block_data_order (SHA_CTX *c, const void *p,size_t num);
135
136#else
137# error "Either SHA_0 or SHA_1 must be defined."
138#endif
139
140#include "md32_common.h"
141
142#define INIT_DATA_h0 0x67452301UL
143#define INIT_DATA_h1 0xefcdab89UL
144#define INIT_DATA_h2 0x98badcfeUL
145#define INIT_DATA_h3 0x10325476UL
146#define INIT_DATA_h4 0xc3d2e1f0UL
147
148int HASH_INIT (SHA_CTX *c)
149	{
150	c->h0=INIT_DATA_h0;
151	c->h1=INIT_DATA_h1;
152	c->h2=INIT_DATA_h2;
153	c->h3=INIT_DATA_h3;
154	c->h4=INIT_DATA_h4;
155	c->Nl=0;
156	c->Nh=0;
157	c->num=0;
158	return 1;
159	}
160
161#define K_00_19	0x5a827999UL
162#define K_20_39 0x6ed9eba1UL
163#define K_40_59 0x8f1bbcdcUL
164#define K_60_79 0xca62c1d6UL
165
166/* As  pointed out by Wei Dai <weidai@eskimo.com>, F() below can be
167 * simplified to the code in F_00_19.  Wei attributes these optimisations
168 * to Peter Gutmann's SHS code, and he attributes it to Rich Schroeppel.
169 * #define F(x,y,z) (((x) & (y))  |  ((~(x)) & (z)))
170 * I've just become aware of another tweak to be made, again from Wei Dai,
171 * in F_40_59, (x&a)|(y&a) -> (x|y)&a
172 */
173#define	F_00_19(b,c,d)	((((c) ^ (d)) & (b)) ^ (d))
174#define	F_20_39(b,c,d)	((b) ^ (c) ^ (d))
175#define F_40_59(b,c,d)	(((b) & (c)) | (((b)|(c)) & (d)))
176#define	F_60_79(b,c,d)	F_20_39(b,c,d)
177
178#ifndef OPENSSL_SMALL_FOOTPRINT
179
180#define BODY_00_15(i,a,b,c,d,e,f,xi) \
181	(f)=xi+(e)+K_00_19+ROTATE((a),5)+F_00_19((b),(c),(d)); \
182	(b)=ROTATE((b),30);
183
184#define BODY_16_19(i,a,b,c,d,e,f,xi,xa,xb,xc,xd) \
185	Xupdate(f,xi,xa,xb,xc,xd); \
186	(f)+=(e)+K_00_19+ROTATE((a),5)+F_00_19((b),(c),(d)); \
187	(b)=ROTATE((b),30);
188
189#define BODY_20_31(i,a,b,c,d,e,f,xi,xa,xb,xc,xd) \
190	Xupdate(f,xi,xa,xb,xc,xd); \
191	(f)+=(e)+K_20_39+ROTATE((a),5)+F_20_39((b),(c),(d)); \
192	(b)=ROTATE((b),30);
193
194#define BODY_32_39(i,a,b,c,d,e,f,xa,xb,xc,xd) \
195	Xupdate(f,xa,xa,xb,xc,xd); \
196	(f)+=(e)+K_20_39+ROTATE((a),5)+F_20_39((b),(c),(d)); \
197	(b)=ROTATE((b),30);
198
199#define BODY_40_59(i,a,b,c,d,e,f,xa,xb,xc,xd) \
200	Xupdate(f,xa,xa,xb,xc,xd); \
201	(f)+=(e)+K_40_59+ROTATE((a),5)+F_40_59((b),(c),(d)); \
202	(b)=ROTATE((b),30);
203
204#define BODY_60_79(i,a,b,c,d,e,f,xa,xb,xc,xd) \
205	Xupdate(f,xa,xa,xb,xc,xd); \
206	(f)=xa+(e)+K_60_79+ROTATE((a),5)+F_60_79((b),(c),(d)); \
207	(b)=ROTATE((b),30);
208
209#ifdef X
210#undef X
211#endif
212#ifndef MD32_XARRAY
213  /*
214   * Originally X was an array. As it's automatic it's natural
215   * to expect RISC compiler to accomodate at least part of it in
216   * the register bank, isn't it? Unfortunately not all compilers
217   * "find" this expectation reasonable:-( On order to make such
218   * compilers generate better code I replace X[] with a bunch of
219   * X0, X1, etc. See the function body below...
220   *					<appro@fy.chalmers.se>
221   */
222# define X(i)	XX##i
223#else
224  /*
225   * However! Some compilers (most notably HP C) get overwhelmed by
226   * that many local variables so that we have to have the way to
227   * fall down to the original behavior.
228   */
229# define X(i)	XX[i]
230#endif
231
232#ifndef DONT_IMPLEMENT_BLOCK_HOST_ORDER
233void HASH_BLOCK_HOST_ORDER (SHA_CTX *c, const void *d, size_t num)
234	{
235	const SHA_LONG *W=d;
236	register unsigned MD32_REG_T A,B,C,D,E,T;
237#ifndef MD32_XARRAY
238	unsigned MD32_REG_T	XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7,
239				XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15;
240#else
241	SHA_LONG	XX[16];
242#endif
243
244	A=c->h0;
245	B=c->h1;
246	C=c->h2;
247	D=c->h3;
248	E=c->h4;
249
250	for (;;)
251		{
252	BODY_00_15( 0,A,B,C,D,E,T,W[ 0]);
253	BODY_00_15( 1,T,A,B,C,D,E,W[ 1]);
254	BODY_00_15( 2,E,T,A,B,C,D,W[ 2]);
255	BODY_00_15( 3,D,E,T,A,B,C,W[ 3]);
256	BODY_00_15( 4,C,D,E,T,A,B,W[ 4]);
257	BODY_00_15( 5,B,C,D,E,T,A,W[ 5]);
258	BODY_00_15( 6,A,B,C,D,E,T,W[ 6]);
259	BODY_00_15( 7,T,A,B,C,D,E,W[ 7]);
260	BODY_00_15( 8,E,T,A,B,C,D,W[ 8]);
261	BODY_00_15( 9,D,E,T,A,B,C,W[ 9]);
262	BODY_00_15(10,C,D,E,T,A,B,W[10]);
263	BODY_00_15(11,B,C,D,E,T,A,W[11]);
264	BODY_00_15(12,A,B,C,D,E,T,W[12]);
265	BODY_00_15(13,T,A,B,C,D,E,W[13]);
266	BODY_00_15(14,E,T,A,B,C,D,W[14]);
267	BODY_00_15(15,D,E,T,A,B,C,W[15]);
268
269	BODY_16_19(16,C,D,E,T,A,B,X( 0),W[ 0],W[ 2],W[ 8],W[13]);
270	BODY_16_19(17,B,C,D,E,T,A,X( 1),W[ 1],W[ 3],W[ 9],W[14]);
271	BODY_16_19(18,A,B,C,D,E,T,X( 2),W[ 2],W[ 4],W[10],W[15]);
272	BODY_16_19(19,T,A,B,C,D,E,X( 3),W[ 3],W[ 5],W[11],X( 0));
273
274	BODY_20_31(20,E,T,A,B,C,D,X( 4),W[ 4],W[ 6],W[12],X( 1));
275	BODY_20_31(21,D,E,T,A,B,C,X( 5),W[ 5],W[ 7],W[13],X( 2));
276	BODY_20_31(22,C,D,E,T,A,B,X( 6),W[ 6],W[ 8],W[14],X( 3));
277	BODY_20_31(23,B,C,D,E,T,A,X( 7),W[ 7],W[ 9],W[15],X( 4));
278	BODY_20_31(24,A,B,C,D,E,T,X( 8),W[ 8],W[10],X( 0),X( 5));
279	BODY_20_31(25,T,A,B,C,D,E,X( 9),W[ 9],W[11],X( 1),X( 6));
280	BODY_20_31(26,E,T,A,B,C,D,X(10),W[10],W[12],X( 2),X( 7));
281	BODY_20_31(27,D,E,T,A,B,C,X(11),W[11],W[13],X( 3),X( 8));
282	BODY_20_31(28,C,D,E,T,A,B,X(12),W[12],W[14],X( 4),X( 9));
283	BODY_20_31(29,B,C,D,E,T,A,X(13),W[13],W[15],X( 5),X(10));
284	BODY_20_31(30,A,B,C,D,E,T,X(14),W[14],X( 0),X( 6),X(11));
285	BODY_20_31(31,T,A,B,C,D,E,X(15),W[15],X( 1),X( 7),X(12));
286
287	BODY_32_39(32,E,T,A,B,C,D,X( 0),X( 2),X( 8),X(13));
288	BODY_32_39(33,D,E,T,A,B,C,X( 1),X( 3),X( 9),X(14));
289	BODY_32_39(34,C,D,E,T,A,B,X( 2),X( 4),X(10),X(15));
290	BODY_32_39(35,B,C,D,E,T,A,X( 3),X( 5),X(11),X( 0));
291	BODY_32_39(36,A,B,C,D,E,T,X( 4),X( 6),X(12),X( 1));
292	BODY_32_39(37,T,A,B,C,D,E,X( 5),X( 7),X(13),X( 2));
293	BODY_32_39(38,E,T,A,B,C,D,X( 6),X( 8),X(14),X( 3));
294	BODY_32_39(39,D,E,T,A,B,C,X( 7),X( 9),X(15),X( 4));
295
296	BODY_40_59(40,C,D,E,T,A,B,X( 8),X(10),X( 0),X( 5));
297	BODY_40_59(41,B,C,D,E,T,A,X( 9),X(11),X( 1),X( 6));
298	BODY_40_59(42,A,B,C,D,E,T,X(10),X(12),X( 2),X( 7));
299	BODY_40_59(43,T,A,B,C,D,E,X(11),X(13),X( 3),X( 8));
300	BODY_40_59(44,E,T,A,B,C,D,X(12),X(14),X( 4),X( 9));
301	BODY_40_59(45,D,E,T,A,B,C,X(13),X(15),X( 5),X(10));
302	BODY_40_59(46,C,D,E,T,A,B,X(14),X( 0),X( 6),X(11));
303	BODY_40_59(47,B,C,D,E,T,A,X(15),X( 1),X( 7),X(12));
304	BODY_40_59(48,A,B,C,D,E,T,X( 0),X( 2),X( 8),X(13));
305	BODY_40_59(49,T,A,B,C,D,E,X( 1),X( 3),X( 9),X(14));
306	BODY_40_59(50,E,T,A,B,C,D,X( 2),X( 4),X(10),X(15));
307	BODY_40_59(51,D,E,T,A,B,C,X( 3),X( 5),X(11),X( 0));
308	BODY_40_59(52,C,D,E,T,A,B,X( 4),X( 6),X(12),X( 1));
309	BODY_40_59(53,B,C,D,E,T,A,X( 5),X( 7),X(13),X( 2));
310	BODY_40_59(54,A,B,C,D,E,T,X( 6),X( 8),X(14),X( 3));
311	BODY_40_59(55,T,A,B,C,D,E,X( 7),X( 9),X(15),X( 4));
312	BODY_40_59(56,E,T,A,B,C,D,X( 8),X(10),X( 0),X( 5));
313	BODY_40_59(57,D,E,T,A,B,C,X( 9),X(11),X( 1),X( 6));
314	BODY_40_59(58,C,D,E,T,A,B,X(10),X(12),X( 2),X( 7));
315	BODY_40_59(59,B,C,D,E,T,A,X(11),X(13),X( 3),X( 8));
316
317	BODY_60_79(60,A,B,C,D,E,T,X(12),X(14),X( 4),X( 9));
318	BODY_60_79(61,T,A,B,C,D,E,X(13),X(15),X( 5),X(10));
319	BODY_60_79(62,E,T,A,B,C,D,X(14),X( 0),X( 6),X(11));
320	BODY_60_79(63,D,E,T,A,B,C,X(15),X( 1),X( 7),X(12));
321	BODY_60_79(64,C,D,E,T,A,B,X( 0),X( 2),X( 8),X(13));
322	BODY_60_79(65,B,C,D,E,T,A,X( 1),X( 3),X( 9),X(14));
323	BODY_60_79(66,A,B,C,D,E,T,X( 2),X( 4),X(10),X(15));
324	BODY_60_79(67,T,A,B,C,D,E,X( 3),X( 5),X(11),X( 0));
325	BODY_60_79(68,E,T,A,B,C,D,X( 4),X( 6),X(12),X( 1));
326	BODY_60_79(69,D,E,T,A,B,C,X( 5),X( 7),X(13),X( 2));
327	BODY_60_79(70,C,D,E,T,A,B,X( 6),X( 8),X(14),X( 3));
328	BODY_60_79(71,B,C,D,E,T,A,X( 7),X( 9),X(15),X( 4));
329	BODY_60_79(72,A,B,C,D,E,T,X( 8),X(10),X( 0),X( 5));
330	BODY_60_79(73,T,A,B,C,D,E,X( 9),X(11),X( 1),X( 6));
331	BODY_60_79(74,E,T,A,B,C,D,X(10),X(12),X( 2),X( 7));
332	BODY_60_79(75,D,E,T,A,B,C,X(11),X(13),X( 3),X( 8));
333	BODY_60_79(76,C,D,E,T,A,B,X(12),X(14),X( 4),X( 9));
334	BODY_60_79(77,B,C,D,E,T,A,X(13),X(15),X( 5),X(10));
335	BODY_60_79(78,A,B,C,D,E,T,X(14),X( 0),X( 6),X(11));
336	BODY_60_79(79,T,A,B,C,D,E,X(15),X( 1),X( 7),X(12));
337
338	c->h0=(c->h0+E)&0xffffffffL;
339	c->h1=(c->h1+T)&0xffffffffL;
340	c->h2=(c->h2+A)&0xffffffffL;
341	c->h3=(c->h3+B)&0xffffffffL;
342	c->h4=(c->h4+C)&0xffffffffL;
343
344	if (--num == 0) break;
345
346	A=c->h0;
347	B=c->h1;
348	C=c->h2;
349	D=c->h3;
350	E=c->h4;
351
352	W+=SHA_LBLOCK;
353		}
354	}
355#endif
356
357#ifndef DONT_IMPLEMENT_BLOCK_DATA_ORDER
358void HASH_BLOCK_DATA_ORDER (SHA_CTX *c, const void *p, size_t num)
359	{
360	const unsigned char *data=p;
361	register unsigned MD32_REG_T A,B,C,D,E,T,l;
362#ifndef MD32_XARRAY
363	unsigned MD32_REG_T	XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7,
364				XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15;
365#else
366	SHA_LONG	XX[16];
367#endif
368
369	A=c->h0;
370	B=c->h1;
371	C=c->h2;
372	D=c->h3;
373	E=c->h4;
374
375	for (;;)
376		{
377
378	HOST_c2l(data,l); X( 0)=l;		HOST_c2l(data,l); X( 1)=l;
379	BODY_00_15( 0,A,B,C,D,E,T,X( 0));	HOST_c2l(data,l); X( 2)=l;
380	BODY_00_15( 1,T,A,B,C,D,E,X( 1));	HOST_c2l(data,l); X( 3)=l;
381	BODY_00_15( 2,E,T,A,B,C,D,X( 2));	HOST_c2l(data,l); X( 4)=l;
382	BODY_00_15( 3,D,E,T,A,B,C,X( 3));	HOST_c2l(data,l); X( 5)=l;
383	BODY_00_15( 4,C,D,E,T,A,B,X( 4));	HOST_c2l(data,l); X( 6)=l;
384	BODY_00_15( 5,B,C,D,E,T,A,X( 5));	HOST_c2l(data,l); X( 7)=l;
385	BODY_00_15( 6,A,B,C,D,E,T,X( 6));	HOST_c2l(data,l); X( 8)=l;
386	BODY_00_15( 7,T,A,B,C,D,E,X( 7));	HOST_c2l(data,l); X( 9)=l;
387	BODY_00_15( 8,E,T,A,B,C,D,X( 8));	HOST_c2l(data,l); X(10)=l;
388	BODY_00_15( 9,D,E,T,A,B,C,X( 9));	HOST_c2l(data,l); X(11)=l;
389	BODY_00_15(10,C,D,E,T,A,B,X(10));	HOST_c2l(data,l); X(12)=l;
390	BODY_00_15(11,B,C,D,E,T,A,X(11));	HOST_c2l(data,l); X(13)=l;
391	BODY_00_15(12,A,B,C,D,E,T,X(12));	HOST_c2l(data,l); X(14)=l;
392	BODY_00_15(13,T,A,B,C,D,E,X(13));	HOST_c2l(data,l); X(15)=l;
393	BODY_00_15(14,E,T,A,B,C,D,X(14));
394	BODY_00_15(15,D,E,T,A,B,C,X(15));
395
396	BODY_16_19(16,C,D,E,T,A,B,X( 0),X( 0),X( 2),X( 8),X(13));
397	BODY_16_19(17,B,C,D,E,T,A,X( 1),X( 1),X( 3),X( 9),X(14));
398	BODY_16_19(18,A,B,C,D,E,T,X( 2),X( 2),X( 4),X(10),X(15));
399	BODY_16_19(19,T,A,B,C,D,E,X( 3),X( 3),X( 5),X(11),X( 0));
400
401	BODY_20_31(20,E,T,A,B,C,D,X( 4),X( 4),X( 6),X(12),X( 1));
402	BODY_20_31(21,D,E,T,A,B,C,X( 5),X( 5),X( 7),X(13),X( 2));
403	BODY_20_31(22,C,D,E,T,A,B,X( 6),X( 6),X( 8),X(14),X( 3));
404	BODY_20_31(23,B,C,D,E,T,A,X( 7),X( 7),X( 9),X(15),X( 4));
405	BODY_20_31(24,A,B,C,D,E,T,X( 8),X( 8),X(10),X( 0),X( 5));
406	BODY_20_31(25,T,A,B,C,D,E,X( 9),X( 9),X(11),X( 1),X( 6));
407	BODY_20_31(26,E,T,A,B,C,D,X(10),X(10),X(12),X( 2),X( 7));
408	BODY_20_31(27,D,E,T,A,B,C,X(11),X(11),X(13),X( 3),X( 8));
409	BODY_20_31(28,C,D,E,T,A,B,X(12),X(12),X(14),X( 4),X( 9));
410	BODY_20_31(29,B,C,D,E,T,A,X(13),X(13),X(15),X( 5),X(10));
411	BODY_20_31(30,A,B,C,D,E,T,X(14),X(14),X( 0),X( 6),X(11));
412	BODY_20_31(31,T,A,B,C,D,E,X(15),X(15),X( 1),X( 7),X(12));
413
414	BODY_32_39(32,E,T,A,B,C,D,X( 0),X( 2),X( 8),X(13));
415	BODY_32_39(33,D,E,T,A,B,C,X( 1),X( 3),X( 9),X(14));
416	BODY_32_39(34,C,D,E,T,A,B,X( 2),X( 4),X(10),X(15));
417	BODY_32_39(35,B,C,D,E,T,A,X( 3),X( 5),X(11),X( 0));
418	BODY_32_39(36,A,B,C,D,E,T,X( 4),X( 6),X(12),X( 1));
419	BODY_32_39(37,T,A,B,C,D,E,X( 5),X( 7),X(13),X( 2));
420	BODY_32_39(38,E,T,A,B,C,D,X( 6),X( 8),X(14),X( 3));
421	BODY_32_39(39,D,E,T,A,B,C,X( 7),X( 9),X(15),X( 4));
422
423	BODY_40_59(40,C,D,E,T,A,B,X( 8),X(10),X( 0),X( 5));
424	BODY_40_59(41,B,C,D,E,T,A,X( 9),X(11),X( 1),X( 6));
425	BODY_40_59(42,A,B,C,D,E,T,X(10),X(12),X( 2),X( 7));
426	BODY_40_59(43,T,A,B,C,D,E,X(11),X(13),X( 3),X( 8));
427	BODY_40_59(44,E,T,A,B,C,D,X(12),X(14),X( 4),X( 9));
428	BODY_40_59(45,D,E,T,A,B,C,X(13),X(15),X( 5),X(10));
429	BODY_40_59(46,C,D,E,T,A,B,X(14),X( 0),X( 6),X(11));
430	BODY_40_59(47,B,C,D,E,T,A,X(15),X( 1),X( 7),X(12));
431	BODY_40_59(48,A,B,C,D,E,T,X( 0),X( 2),X( 8),X(13));
432	BODY_40_59(49,T,A,B,C,D,E,X( 1),X( 3),X( 9),X(14));
433	BODY_40_59(50,E,T,A,B,C,D,X( 2),X( 4),X(10),X(15));
434	BODY_40_59(51,D,E,T,A,B,C,X( 3),X( 5),X(11),X( 0));
435	BODY_40_59(52,C,D,E,T,A,B,X( 4),X( 6),X(12),X( 1));
436	BODY_40_59(53,B,C,D,E,T,A,X( 5),X( 7),X(13),X( 2));
437	BODY_40_59(54,A,B,C,D,E,T,X( 6),X( 8),X(14),X( 3));
438	BODY_40_59(55,T,A,B,C,D,E,X( 7),X( 9),X(15),X( 4));
439	BODY_40_59(56,E,T,A,B,C,D,X( 8),X(10),X( 0),X( 5));
440	BODY_40_59(57,D,E,T,A,B,C,X( 9),X(11),X( 1),X( 6));
441	BODY_40_59(58,C,D,E,T,A,B,X(10),X(12),X( 2),X( 7));
442	BODY_40_59(59,B,C,D,E,T,A,X(11),X(13),X( 3),X( 8));
443
444	BODY_60_79(60,A,B,C,D,E,T,X(12),X(14),X( 4),X( 9));
445	BODY_60_79(61,T,A,B,C,D,E,X(13),X(15),X( 5),X(10));
446	BODY_60_79(62,E,T,A,B,C,D,X(14),X( 0),X( 6),X(11));
447	BODY_60_79(63,D,E,T,A,B,C,X(15),X( 1),X( 7),X(12));
448	BODY_60_79(64,C,D,E,T,A,B,X( 0),X( 2),X( 8),X(13));
449	BODY_60_79(65,B,C,D,E,T,A,X( 1),X( 3),X( 9),X(14));
450	BODY_60_79(66,A,B,C,D,E,T,X( 2),X( 4),X(10),X(15));
451	BODY_60_79(67,T,A,B,C,D,E,X( 3),X( 5),X(11),X( 0));
452	BODY_60_79(68,E,T,A,B,C,D,X( 4),X( 6),X(12),X( 1));
453	BODY_60_79(69,D,E,T,A,B,C,X( 5),X( 7),X(13),X( 2));
454	BODY_60_79(70,C,D,E,T,A,B,X( 6),X( 8),X(14),X( 3));
455	BODY_60_79(71,B,C,D,E,T,A,X( 7),X( 9),X(15),X( 4));
456	BODY_60_79(72,A,B,C,D,E,T,X( 8),X(10),X( 0),X( 5));
457	BODY_60_79(73,T,A,B,C,D,E,X( 9),X(11),X( 1),X( 6));
458	BODY_60_79(74,E,T,A,B,C,D,X(10),X(12),X( 2),X( 7));
459	BODY_60_79(75,D,E,T,A,B,C,X(11),X(13),X( 3),X( 8));
460	BODY_60_79(76,C,D,E,T,A,B,X(12),X(14),X( 4),X( 9));
461	BODY_60_79(77,B,C,D,E,T,A,X(13),X(15),X( 5),X(10));
462	BODY_60_79(78,A,B,C,D,E,T,X(14),X( 0),X( 6),X(11));
463	BODY_60_79(79,T,A,B,C,D,E,X(15),X( 1),X( 7),X(12));
464
465	c->h0=(c->h0+E)&0xffffffffL;
466	c->h1=(c->h1+T)&0xffffffffL;
467	c->h2=(c->h2+A)&0xffffffffL;
468	c->h3=(c->h3+B)&0xffffffffL;
469	c->h4=(c->h4+C)&0xffffffffL;
470
471	if (--num == 0) break;
472
473	A=c->h0;
474	B=c->h1;
475	C=c->h2;
476	D=c->h3;
477	E=c->h4;
478
479		}
480	}
481#endif
482
483#else	/* OPENSSL_SMALL_FOOTPRINT */
484
485#define BODY_00_15(xi)		 do {	\
486	T=E+K_00_19+F_00_19(B,C,D);	\
487	E=D, D=C, C=ROTATE(B,30), B=A;	\
488	A=ROTATE(A,5)+T+xi;	    } while(0)
489
490#define BODY_16_19(xa,xb,xc,xd)	 do {	\
491	Xupdate(T,xa,xa,xb,xc,xd);	\
492	T+=E+K_00_19+F_00_19(B,C,D);	\
493	E=D, D=C, C=ROTATE(B,30), B=A;	\
494	A=ROTATE(A,5)+T;	    } while(0)
495
496#define BODY_20_39(xa,xb,xc,xd)	 do {	\
497	Xupdate(T,xa,xa,xb,xc,xd);	\
498	T+=E+K_20_39+F_20_39(B,C,D);	\
499	E=D, D=C, C=ROTATE(B,30), B=A;	\
500	A=ROTATE(A,5)+T;	    } while(0)
501
502#define BODY_40_59(xa,xb,xc,xd)	 do {	\
503	Xupdate(T,xa,xa,xb,xc,xd);	\
504	T+=E+K_40_59+F_40_59(B,C,D);	\
505	E=D, D=C, C=ROTATE(B,30), B=A;	\
506	A=ROTATE(A,5)+T;	    } while(0)
507
508#define BODY_60_79(xa,xb,xc,xd)	 do {	\
509	Xupdate(T,xa,xa,xb,xc,xd);	\
510	T=E+K_60_79+F_60_79(B,C,D);	\
511	E=D, D=C, C=ROTATE(B,30), B=A;	\
512	A=ROTATE(A,5)+T+xa;	    } while(0)
513
514#ifndef DONT_IMPLEMENT_BLOCK_HOST_ORDER
515void HASH_BLOCK_HOST_ORDER (SHA_CTX *c, const void *d, size_t num)
516	{
517	const SHA_LONG *W=d;
518	register unsigned MD32_REG_T A,B,C,D,E,T;
519	int i;
520	SHA_LONG	X[16];
521
522	A=c->h0;
523	B=c->h1;
524	C=c->h2;
525	D=c->h3;
526	E=c->h4;
527
528	for (;;)
529		{
530	for (i=0;i<16;i++)
531	{ X[i]=W[i]; BODY_00_15(X[i]); }
532	for (i=0;i<4;i++)
533	{ BODY_16_19(X[i],       X[i+2],      X[i+8],     X[(i+13)&15]); }
534	for (;i<24;i++)
535	{ BODY_20_39(X[i&15],    X[(i+2)&15], X[(i+8)&15],X[(i+13)&15]); }
536	for (i=0;i<20;i++)
537	{ BODY_40_59(X[(i+8)&15],X[(i+10)&15],X[i&15],    X[(i+5)&15]);  }
538	for (i=4;i<24;i++)
539	{ BODY_60_79(X[(i+8)&15],X[(i+10)&15],X[i&15],    X[(i+5)&15]);  }
540
541	c->h0=(c->h0+A)&0xffffffffL;
542	c->h1=(c->h1+B)&0xffffffffL;
543	c->h2=(c->h2+C)&0xffffffffL;
544	c->h3=(c->h3+D)&0xffffffffL;
545	c->h4=(c->h4+E)&0xffffffffL;
546
547	if (--num == 0) break;
548
549	A=c->h0;
550	B=c->h1;
551	C=c->h2;
552	D=c->h3;
553	E=c->h4;
554
555	W+=SHA_LBLOCK;
556		}
557	}
558#endif
559
560#ifndef DONT_IMPLEMENT_BLOCK_DATA_ORDER
561void HASH_BLOCK_DATA_ORDER (SHA_CTX *c, const void *p, size_t num)
562	{
563	const unsigned char *data=p;
564	register unsigned MD32_REG_T A,B,C,D,E,T,l;
565	int i;
566	SHA_LONG	X[16];
567
568	A=c->h0;
569	B=c->h1;
570	C=c->h2;
571	D=c->h3;
572	E=c->h4;
573
574	for (;;)
575		{
576	for (i=0;i<16;i++)
577	{ HOST_c2l(data,l); X[i]=l; BODY_00_15(X[i]); }
578	for (i=0;i<4;i++)
579	{ BODY_16_19(X[i],       X[i+2],      X[i+8],     X[(i+13)&15]); }
580	for (;i<24;i++)
581	{ BODY_20_39(X[i&15],    X[(i+2)&15], X[(i+8)&15],X[(i+13)&15]); }
582	for (i=0;i<20;i++)
583	{ BODY_40_59(X[(i+8)&15],X[(i+10)&15],X[i&15],    X[(i+5)&15]);  }
584	for (i=4;i<24;i++)
585	{ BODY_60_79(X[(i+8)&15],X[(i+10)&15],X[i&15],    X[(i+5)&15]);  }
586
587	c->h0=(c->h0+A)&0xffffffffL;
588	c->h1=(c->h1+B)&0xffffffffL;
589	c->h2=(c->h2+C)&0xffffffffL;
590	c->h3=(c->h3+D)&0xffffffffL;
591	c->h4=(c->h4+E)&0xffffffffL;
592
593	if (--num == 0) break;
594
595	A=c->h0;
596	B=c->h1;
597	C=c->h2;
598	D=c->h3;
599	E=c->h4;
600
601		}
602	}
603#endif
604
605#endif
606