1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/os/ossrv/ssl/libcrypto/src/crypto/sha/sha256.c Fri Jun 15 03:10:57 2012 +0200
1.3 @@ -0,0 +1,434 @@
1.4 +/* crypto/sha/sha256.c */
1.5 +/* ====================================================================
1.6 + * Copyright (c) 2004 The OpenSSL Project. All rights reserved
1.7 + * according to the OpenSSL license [found here].
1.8 + * ====================================================================
1.9 + */
1.10 +
1.11 +/* ====================================================================
1.12 + * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
1.13 + *
1.14 + * Redistribution and use in source and binary forms, with or without
1.15 + * modification, are permitted provided that the following conditions
1.16 + * are met:
1.17 + *
1.18 + * 1. Redistributions of source code must retain the above copyright
1.19 + * notice, this list of conditions and the following disclaimer.
1.20 + *
1.21 + * 2. Redistributions in binary form must reproduce the above copyright
1.22 + * notice, this list of conditions and the following disclaimer in
1.23 + * the documentation and/or other materials provided with the
1.24 + * distribution.
1.25 + *
1.26 + * 3. All advertising materials mentioning features or use of this
1.27 + * software must display the following acknowledgment:
1.28 + * "This product includes software developed by the OpenSSL Project
1.29 + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
1.30 + *
1.31 + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
1.32 + * endorse or promote products derived from this software without
1.33 + * prior written permission. For written permission, please contact
1.34 + * openssl-core@openssl.org.
1.35 + *
1.36 + * 5. Products derived from this software may not be called "OpenSSL"
1.37 + * nor may "OpenSSL" appear in their names without prior written
1.38 + * permission of the OpenSSL Project.
1.39 + *
1.40 + * 6. Redistributions of any form whatsoever must retain the following
1.41 + * acknowledgment:
1.42 + * "This product includes software developed by the OpenSSL Project
1.43 + * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
1.44 + *
1.45 + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
1.46 + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
1.47 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
1.48 + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
1.49 + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
1.50 + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
1.51 + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
1.52 + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
1.53 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
1.54 + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
1.55 + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
1.56 + * OF THE POSSIBILITY OF SUCH DAMAGE.
1.57 + * ====================================================================
1.58 + *
1.59 + * This product includes cryptographic software written by Eric Young
1.60 + * (eay@cryptsoft.com). This product includes software written by Tim
1.61 + * Hudson (tjh@cryptsoft.com).
1.62 + *
1.63 + */
1.64 +
1.65 +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
1.66 + * All rights reserved.
1.67 + *
1.68 + * This package is an SSL implementation written
1.69 + * by Eric Young (eay@cryptsoft.com).
1.70 + * The implementation was written so as to conform with Netscapes SSL.
1.71 + *
1.72 + * This library is free for commercial and non-commercial use as long as
1.73 + * the following conditions are aheared to. The following conditions
1.74 + * apply to all code found in this distribution, be it the RC4, RSA,
1.75 + * lhash, DES, etc., code; not just the SSL code. The SSL documentation
1.76 + * included with this distribution is covered by the same copyright terms
1.77 + * except that the holder is Tim Hudson (tjh@cryptsoft.com).
1.78 + *
1.79 + * Copyright remains Eric Young's, and as such any Copyright notices in
1.80 + * the code are not to be removed.
1.81 + * If this package is used in a product, Eric Young should be given attribution
1.82 + * as the author of the parts of the library used.
1.83 + * This can be in the form of a textual message at program startup or
1.84 + * in documentation (online or textual) provided with the package.
1.85 + *
1.86 + * Redistribution and use in source and binary forms, with or without
1.87 + * modification, are permitted provided that the following conditions
1.88 + * are met:
1.89 + * 1. Redistributions of source code must retain the copyright
1.90 + * notice, this list of conditions and the following disclaimer.
1.91 + * 2. Redistributions in binary form must reproduce the above copyright
1.92 + * notice, this list of conditions and the following disclaimer in the
1.93 + * documentation and/or other materials provided with the distribution.
1.94 + * 3. All advertising materials mentioning features or use of this software
1.95 + * must display the following acknowledgement:
1.96 + * "This product includes cryptographic software written by
1.97 + * Eric Young (eay@cryptsoft.com)"
1.98 + * The word 'cryptographic' can be left out if the rouines from the library
1.99 + * being used are not cryptographic related :-).
1.100 + * 4. If you include any Windows specific code (or a derivative thereof) from
1.101 + * the apps directory (application code) you must include an acknowledgement:
1.102 + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
1.103 + *
1.104 + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
1.105 + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
1.106 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
1.107 + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
1.108 + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
1.109 + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
1.110 + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
1.111 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
1.112 + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
1.113 + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
1.114 + * SUCH DAMAGE.
1.115 + *
1.116 + * The licence and distribution terms for any publically available version or
1.117 + * derivative of this code cannot be changed. i.e. this code cannot simply be
1.118 + * copied and put under another distribution licence
1.119 + * [including the GNU Public Licence.]
1.120 + */
1.121 +/*
1.122 + © Portions copyright (c) 2010 Nokia Corporation. All rights reserved.
1.123 + */
1.124 +
1.125 +#include <openssl/opensslconf.h>
1.126 +#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA256)
1.127 +
1.128 +#include <stdlib.h>
1.129 +#include <string.h>
1.130 +
1.131 +#include <openssl/crypto.h>
1.132 +#include <openssl/sha.h>
1.133 +#include <openssl/opensslv.h>
1.134 +
1.135 +const char SHA256_version[]="SHA-256" OPENSSL_VERSION_PTEXT;
1.136 +
1.137 +EXPORT_C int SHA224_Init (SHA256_CTX *c)
1.138 + {
1.139 + c->h[0]=0xc1059ed8UL; c->h[1]=0x367cd507UL;
1.140 + c->h[2]=0x3070dd17UL; c->h[3]=0xf70e5939UL;
1.141 + c->h[4]=0xffc00b31UL; c->h[5]=0x68581511UL;
1.142 + c->h[6]=0x64f98fa7UL; c->h[7]=0xbefa4fa4UL;
1.143 + c->Nl=0; c->Nh=0;
1.144 + c->num=0; c->md_len=SHA224_DIGEST_LENGTH;
1.145 + return 1;
1.146 + }
1.147 +
1.148 +EXPORT_C int SHA256_Init (SHA256_CTX *c)
1.149 + {
1.150 + c->h[0]=0x6a09e667UL; c->h[1]=0xbb67ae85UL;
1.151 + c->h[2]=0x3c6ef372UL; c->h[3]=0xa54ff53aUL;
1.152 + c->h[4]=0x510e527fUL; c->h[5]=0x9b05688cUL;
1.153 + c->h[6]=0x1f83d9abUL; c->h[7]=0x5be0cd19UL;
1.154 + c->Nl=0; c->Nh=0;
1.155 + c->num=0; c->md_len=SHA256_DIGEST_LENGTH;
1.156 + return 1;
1.157 + }
1.158 +
1.159 +EXPORT_C unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md)
1.160 + {
1.161 + SHA256_CTX c;
1.162 + static unsigned char m[SHA224_DIGEST_LENGTH];
1.163 +
1.164 + if (md == NULL) md=m;
1.165 + SHA224_Init(&c);
1.166 + SHA256_Update(&c,d,n);
1.167 + SHA256_Final(md,&c);
1.168 + OPENSSL_cleanse(&c,sizeof(c));
1.169 + return(md);
1.170 + }
1.171 +
1.172 +EXPORT_C unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md)
1.173 + {
1.174 + SHA256_CTX c;
1.175 + static unsigned char m[SHA256_DIGEST_LENGTH];
1.176 +
1.177 + if (md == NULL) md=m;
1.178 + SHA256_Init(&c);
1.179 + SHA256_Update(&c,d,n);
1.180 + SHA256_Final(md,&c);
1.181 + OPENSSL_cleanse(&c,sizeof(c));
1.182 + return(md);
1.183 + }
1.184 +
1.185 +EXPORT_C int SHA224_Update(SHA256_CTX *c, const void *data, size_t len)
1.186 +{ return SHA256_Update (c,data,len); }
1.187 +EXPORT_C int SHA224_Final (unsigned char *md, SHA256_CTX *c)
1.188 +{ return SHA256_Final (md,c); }
1.189 +
1.190 +#ifndef SHA_LONG_LOG2
1.191 +#define SHA_LONG_LOG2 2 /* default to 32 bits */
1.192 +#endif
1.193 +
1.194 +#define DATA_ORDER_IS_BIG_ENDIAN
1.195 +
1.196 +#define HASH_LONG SHA_LONG
1.197 +#define HASH_LONG_LOG2 SHA_LONG_LOG2
1.198 +#define HASH_CTX SHA256_CTX
1.199 +#define HASH_CBLOCK SHA_CBLOCK
1.200 +#define HASH_LBLOCK SHA_LBLOCK
1.201 +/*
1.202 + * Note that FIPS180-2 discusses "Truncation of the Hash Function Output."
1.203 + * default: case below covers for it. It's not clear however if it's
1.204 + * permitted to truncate to amount of bytes not divisible by 4. I bet not,
1.205 + * but if it is, then default: case shall be extended. For reference.
1.206 + * Idea behind separate cases for pre-defined lenghts is to let the
1.207 + * compiler decide if it's appropriate to unroll small loops.
1.208 + */
1.209 +#define HASH_MAKE_STRING(c,s) do { \
1.210 + unsigned long ll; \
1.211 + unsigned int n; \
1.212 + switch ((c)->md_len) \
1.213 + { case SHA224_DIGEST_LENGTH: \
1.214 + for (n=0;n<SHA224_DIGEST_LENGTH/4;n++) \
1.215 + { ll=(c)->h[n]; HOST_l2c(ll,(s)); } \
1.216 + break; \
1.217 + case SHA256_DIGEST_LENGTH: \
1.218 + for (n=0;n<SHA256_DIGEST_LENGTH/4;n++) \
1.219 + { ll=(c)->h[n]; HOST_l2c(ll,(s)); } \
1.220 + break; \
1.221 + default: \
1.222 + if ((c)->md_len > SHA256_DIGEST_LENGTH) \
1.223 + return 0; \
1.224 + for (n=0;n<(c)->md_len/4;n++) \
1.225 + { ll=(c)->h[n]; HOST_l2c(ll,(s)); } \
1.226 + break; \
1.227 + } \
1.228 + } while (0)
1.229 +
1.230 +#define HASH_UPDATE SHA256_Update
1.231 +#define HASH_TRANSFORM SHA256_Transform
1.232 +#define HASH_FINAL SHA256_Final
1.233 +#define HASH_BLOCK_HOST_ORDER sha256_block_host_order
1.234 +#define HASH_BLOCK_DATA_ORDER sha256_block_data_order
1.235 +void sha256_block_host_order (SHA256_CTX *ctx, const void *in, size_t num);
1.236 +void sha256_block_data_order (SHA256_CTX *ctx, const void *in, size_t num);
1.237 +
1.238 +#include "md32_common.h"
1.239 +
1.240 +#ifdef SHA256_ASM
1.241 +void sha256_block (SHA256_CTX *ctx, const void *in, size_t num, int host);
1.242 +#else
1.243 +static const SHA_LONG K256[64] = {
1.244 + 0x428a2f98UL,0x71374491UL,0xb5c0fbcfUL,0xe9b5dba5UL,
1.245 + 0x3956c25bUL,0x59f111f1UL,0x923f82a4UL,0xab1c5ed5UL,
1.246 + 0xd807aa98UL,0x12835b01UL,0x243185beUL,0x550c7dc3UL,
1.247 + 0x72be5d74UL,0x80deb1feUL,0x9bdc06a7UL,0xc19bf174UL,
1.248 + 0xe49b69c1UL,0xefbe4786UL,0x0fc19dc6UL,0x240ca1ccUL,
1.249 + 0x2de92c6fUL,0x4a7484aaUL,0x5cb0a9dcUL,0x76f988daUL,
1.250 + 0x983e5152UL,0xa831c66dUL,0xb00327c8UL,0xbf597fc7UL,
1.251 + 0xc6e00bf3UL,0xd5a79147UL,0x06ca6351UL,0x14292967UL,
1.252 + 0x27b70a85UL,0x2e1b2138UL,0x4d2c6dfcUL,0x53380d13UL,
1.253 + 0x650a7354UL,0x766a0abbUL,0x81c2c92eUL,0x92722c85UL,
1.254 + 0xa2bfe8a1UL,0xa81a664bUL,0xc24b8b70UL,0xc76c51a3UL,
1.255 + 0xd192e819UL,0xd6990624UL,0xf40e3585UL,0x106aa070UL,
1.256 + 0x19a4c116UL,0x1e376c08UL,0x2748774cUL,0x34b0bcb5UL,
1.257 + 0x391c0cb3UL,0x4ed8aa4aUL,0x5b9cca4fUL,0x682e6ff3UL,
1.258 + 0x748f82eeUL,0x78a5636fUL,0x84c87814UL,0x8cc70208UL,
1.259 + 0x90befffaUL,0xa4506cebUL,0xbef9a3f7UL,0xc67178f2UL };
1.260 +
1.261 +/*
1.262 + * FIPS specification refers to right rotations, while our ROTATE macro
1.263 + * is left one. This is why you might notice that rotation coefficients
1.264 + * differ from those observed in FIPS document by 32-N...
1.265 + */
1.266 +#define Sigma0(x) (ROTATE((x),30) ^ ROTATE((x),19) ^ ROTATE((x),10))
1.267 +#define Sigma1(x) (ROTATE((x),26) ^ ROTATE((x),21) ^ ROTATE((x),7))
1.268 +#define sigma0(x) (ROTATE((x),25) ^ ROTATE((x),14) ^ ((x)>>3))
1.269 +#define sigma1(x) (ROTATE((x),15) ^ ROTATE((x),13) ^ ((x)>>10))
1.270 +
1.271 +#define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z)))
1.272 +#define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
1.273 +
1.274 +#ifdef OPENSSL_SMALL_FOOTPRINT
1.275 +
1.276 +static void sha256_block (SHA256_CTX *ctx, const void *in, size_t num, int host)
1.277 + {
1.278 + unsigned MD32_REG_T a,b,c,d,e,f,g,h,s0,s1,T1,T2;
1.279 + SHA_LONG X[16];
1.280 + int i;
1.281 + const unsigned char *data=in;
1.282 +
1.283 + while (num--) {
1.284 +
1.285 + a = ctx->h[0]; b = ctx->h[1]; c = ctx->h[2]; d = ctx->h[3];
1.286 + e = ctx->h[4]; f = ctx->h[5]; g = ctx->h[6]; h = ctx->h[7];
1.287 +
1.288 + if (host)
1.289 + {
1.290 + const SHA_LONG *W=(const SHA_LONG *)data;
1.291 +
1.292 + for (i=0;i<16;i++)
1.293 + {
1.294 + T1 = X[i] = W[i];
1.295 + T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i];
1.296 + T2 = Sigma0(a) + Maj(a,b,c);
1.297 + h = g; g = f; f = e; e = d + T1;
1.298 + d = c; c = b; b = a; a = T1 + T2;
1.299 + }
1.300 +
1.301 + data += SHA256_CBLOCK;
1.302 + }
1.303 + else
1.304 + {
1.305 + SHA_LONG l;
1.306 +
1.307 + for (i=0;i<16;i++)
1.308 + {
1.309 + HOST_c2l(data,l); T1 = X[i] = l;
1.310 + T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i];
1.311 + T2 = Sigma0(a) + Maj(a,b,c);
1.312 + h = g; g = f; f = e; e = d + T1;
1.313 + d = c; c = b; b = a; a = T1 + T2;
1.314 + }
1.315 + }
1.316 +
1.317 + for (;i<64;i++)
1.318 + {
1.319 + s0 = X[(i+1)&0x0f]; s0 = sigma0(s0);
1.320 + s1 = X[(i+14)&0x0f]; s1 = sigma1(s1);
1.321 +
1.322 + T1 = X[i&0xf] += s0 + s1 + X[(i+9)&0xf];
1.323 + T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i];
1.324 + T2 = Sigma0(a) + Maj(a,b,c);
1.325 + h = g; g = f; f = e; e = d + T1;
1.326 + d = c; c = b; b = a; a = T1 + T2;
1.327 + }
1.328 +
1.329 + ctx->h[0] += a; ctx->h[1] += b; ctx->h[2] += c; ctx->h[3] += d;
1.330 + ctx->h[4] += e; ctx->h[5] += f; ctx->h[6] += g; ctx->h[7] += h;
1.331 +
1.332 + }
1.333 +}
1.334 +
1.335 +#else
1.336 +
1.337 +#define ROUND_00_15(i,a,b,c,d,e,f,g,h) do { \
1.338 + T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i]; \
1.339 + h = Sigma0(a) + Maj(a,b,c); \
1.340 + d += T1; h += T1; } while (0)
1.341 +
1.342 +#define ROUND_16_63(i,a,b,c,d,e,f,g,h,X) do { \
1.343 + s0 = X[(i+1)&0x0f]; s0 = sigma0(s0); \
1.344 + s1 = X[(i+14)&0x0f]; s1 = sigma1(s1); \
1.345 + T1 = X[(i)&0x0f] += s0 + s1 + X[(i+9)&0x0f]; \
1.346 + ROUND_00_15(i,a,b,c,d,e,f,g,h); } while (0)
1.347 +
1.348 +static void sha256_block (SHA256_CTX *ctx, const void *in, size_t num, int host)
1.349 + {
1.350 + unsigned MD32_REG_T a,b,c,d,e,f,g,h,s0,s1,T1;
1.351 + SHA_LONG X[16];
1.352 + int i;
1.353 + const unsigned char *data=in;
1.354 +
1.355 + while (num--) {
1.356 +
1.357 + a = ctx->h[0]; b = ctx->h[1]; c = ctx->h[2]; d = ctx->h[3];
1.358 + e = ctx->h[4]; f = ctx->h[5]; g = ctx->h[6]; h = ctx->h[7];
1.359 +
1.360 + if (host)
1.361 + {
1.362 + const SHA_LONG *W=(const SHA_LONG *)data;
1.363 +
1.364 + T1 = X[0] = W[0]; ROUND_00_15(0,a,b,c,d,e,f,g,h);
1.365 + T1 = X[1] = W[1]; ROUND_00_15(1,h,a,b,c,d,e,f,g);
1.366 + T1 = X[2] = W[2]; ROUND_00_15(2,g,h,a,b,c,d,e,f);
1.367 + T1 = X[3] = W[3]; ROUND_00_15(3,f,g,h,a,b,c,d,e);
1.368 + T1 = X[4] = W[4]; ROUND_00_15(4,e,f,g,h,a,b,c,d);
1.369 + T1 = X[5] = W[5]; ROUND_00_15(5,d,e,f,g,h,a,b,c);
1.370 + T1 = X[6] = W[6]; ROUND_00_15(6,c,d,e,f,g,h,a,b);
1.371 + T1 = X[7] = W[7]; ROUND_00_15(7,b,c,d,e,f,g,h,a);
1.372 + T1 = X[8] = W[8]; ROUND_00_15(8,a,b,c,d,e,f,g,h);
1.373 + T1 = X[9] = W[9]; ROUND_00_15(9,h,a,b,c,d,e,f,g);
1.374 + T1 = X[10] = W[10]; ROUND_00_15(10,g,h,a,b,c,d,e,f);
1.375 + T1 = X[11] = W[11]; ROUND_00_15(11,f,g,h,a,b,c,d,e);
1.376 + T1 = X[12] = W[12]; ROUND_00_15(12,e,f,g,h,a,b,c,d);
1.377 + T1 = X[13] = W[13]; ROUND_00_15(13,d,e,f,g,h,a,b,c);
1.378 + T1 = X[14] = W[14]; ROUND_00_15(14,c,d,e,f,g,h,a,b);
1.379 + T1 = X[15] = W[15]; ROUND_00_15(15,b,c,d,e,f,g,h,a);
1.380 +
1.381 + data += SHA256_CBLOCK;
1.382 + }
1.383 + else
1.384 + {
1.385 + SHA_LONG l;
1.386 +
1.387 + HOST_c2l(data,l); T1 = X[0] = l; ROUND_00_15(0,a,b,c,d,e,f,g,h);
1.388 + HOST_c2l(data,l); T1 = X[1] = l; ROUND_00_15(1,h,a,b,c,d,e,f,g);
1.389 + HOST_c2l(data,l); T1 = X[2] = l; ROUND_00_15(2,g,h,a,b,c,d,e,f);
1.390 + HOST_c2l(data,l); T1 = X[3] = l; ROUND_00_15(3,f,g,h,a,b,c,d,e);
1.391 + HOST_c2l(data,l); T1 = X[4] = l; ROUND_00_15(4,e,f,g,h,a,b,c,d);
1.392 + HOST_c2l(data,l); T1 = X[5] = l; ROUND_00_15(5,d,e,f,g,h,a,b,c);
1.393 + HOST_c2l(data,l); T1 = X[6] = l; ROUND_00_15(6,c,d,e,f,g,h,a,b);
1.394 + HOST_c2l(data,l); T1 = X[7] = l; ROUND_00_15(7,b,c,d,e,f,g,h,a);
1.395 + HOST_c2l(data,l); T1 = X[8] = l; ROUND_00_15(8,a,b,c,d,e,f,g,h);
1.396 + HOST_c2l(data,l); T1 = X[9] = l; ROUND_00_15(9,h,a,b,c,d,e,f,g);
1.397 + HOST_c2l(data,l); T1 = X[10] = l; ROUND_00_15(10,g,h,a,b,c,d,e,f);
1.398 + HOST_c2l(data,l); T1 = X[11] = l; ROUND_00_15(11,f,g,h,a,b,c,d,e);
1.399 + HOST_c2l(data,l); T1 = X[12] = l; ROUND_00_15(12,e,f,g,h,a,b,c,d);
1.400 + HOST_c2l(data,l); T1 = X[13] = l; ROUND_00_15(13,d,e,f,g,h,a,b,c);
1.401 + HOST_c2l(data,l); T1 = X[14] = l; ROUND_00_15(14,c,d,e,f,g,h,a,b);
1.402 + HOST_c2l(data,l); T1 = X[15] = l; ROUND_00_15(15,b,c,d,e,f,g,h,a);
1.403 + }
1.404 +
1.405 + for (i=16;i<64;i+=8)
1.406 + {
1.407 + ROUND_16_63(i+0,a,b,c,d,e,f,g,h,X);
1.408 + ROUND_16_63(i+1,h,a,b,c,d,e,f,g,X);
1.409 + ROUND_16_63(i+2,g,h,a,b,c,d,e,f,X);
1.410 + ROUND_16_63(i+3,f,g,h,a,b,c,d,e,X);
1.411 + ROUND_16_63(i+4,e,f,g,h,a,b,c,d,X);
1.412 + ROUND_16_63(i+5,d,e,f,g,h,a,b,c,X);
1.413 + ROUND_16_63(i+6,c,d,e,f,g,h,a,b,X);
1.414 + ROUND_16_63(i+7,b,c,d,e,f,g,h,a,X);
1.415 + }
1.416 +
1.417 + ctx->h[0] += a; ctx->h[1] += b; ctx->h[2] += c; ctx->h[3] += d;
1.418 + ctx->h[4] += e; ctx->h[5] += f; ctx->h[6] += g; ctx->h[7] += h;
1.419 +
1.420 + }
1.421 + }
1.422 +
1.423 +#endif
1.424 +#endif /* SHA256_ASM */
1.425 +
1.426 +/*
1.427 + * Idea is to trade couple of cycles for some space. On IA-32 we save
1.428 + * about 4K in "big footprint" case. In "small footprint" case any gain
1.429 + * is appreciated:-)
1.430 + */
1.431 +void HASH_BLOCK_HOST_ORDER (SHA256_CTX *ctx, const void *in, size_t num)
1.432 +{ sha256_block (ctx,in,num,1); }
1.433 +
1.434 +void HASH_BLOCK_DATA_ORDER (SHA256_CTX *ctx, const void *in, size_t num)
1.435 +{ sha256_block (ctx,in,num,0); }
1.436 +
1.437 +#endif /* OPENSSL_NO_SHA256 */