sl@0: /* crypto/sha/sha256.c */ sl@0: /* ==================================================================== sl@0: * Copyright (c) 2004 The OpenSSL Project. All rights reserved sl@0: * according to the OpenSSL license [found here]. sl@0: * ==================================================================== sl@0: */ sl@0: sl@0: /* ==================================================================== sl@0: * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. sl@0: * sl@0: * Redistribution and use in source and binary forms, with or without sl@0: * modification, are permitted provided that the following conditions sl@0: * are met: sl@0: * sl@0: * 1. Redistributions of source code must retain the above copyright sl@0: * notice, this list of conditions and the following disclaimer. sl@0: * sl@0: * 2. Redistributions in binary form must reproduce the above copyright sl@0: * notice, this list of conditions and the following disclaimer in sl@0: * the documentation and/or other materials provided with the sl@0: * distribution. sl@0: * sl@0: * 3. All advertising materials mentioning features or use of this sl@0: * software must display the following acknowledgment: sl@0: * "This product includes software developed by the OpenSSL Project sl@0: * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" sl@0: * sl@0: * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to sl@0: * endorse or promote products derived from this software without sl@0: * prior written permission. For written permission, please contact sl@0: * openssl-core@openssl.org. sl@0: * sl@0: * 5. Products derived from this software may not be called "OpenSSL" sl@0: * nor may "OpenSSL" appear in their names without prior written sl@0: * permission of the OpenSSL Project. sl@0: * sl@0: * 6. Redistributions of any form whatsoever must retain the following sl@0: * acknowledgment: sl@0: * "This product includes software developed by the OpenSSL Project sl@0: * for use in the OpenSSL Toolkit (http://www.openssl.org/)" sl@0: * sl@0: * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY sl@0: * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE sl@0: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR sl@0: * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR sl@0: * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, sl@0: * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT sl@0: * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; sl@0: * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) sl@0: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, sl@0: * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) sl@0: * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED sl@0: * OF THE POSSIBILITY OF SUCH DAMAGE. sl@0: * ==================================================================== sl@0: * sl@0: * This product includes cryptographic software written by Eric Young sl@0: * (eay@cryptsoft.com). This product includes software written by Tim sl@0: * Hudson (tjh@cryptsoft.com). sl@0: * sl@0: */ sl@0: sl@0: /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) sl@0: * All rights reserved. sl@0: * sl@0: * This package is an SSL implementation written sl@0: * by Eric Young (eay@cryptsoft.com). sl@0: * The implementation was written so as to conform with Netscapes SSL. sl@0: * sl@0: * This library is free for commercial and non-commercial use as long as sl@0: * the following conditions are aheared to. The following conditions sl@0: * apply to all code found in this distribution, be it the RC4, RSA, sl@0: * lhash, DES, etc., code; not just the SSL code. The SSL documentation sl@0: * included with this distribution is covered by the same copyright terms sl@0: * except that the holder is Tim Hudson (tjh@cryptsoft.com). sl@0: * sl@0: * Copyright remains Eric Young's, and as such any Copyright notices in sl@0: * the code are not to be removed. sl@0: * If this package is used in a product, Eric Young should be given attribution sl@0: * as the author of the parts of the library used. sl@0: * This can be in the form of a textual message at program startup or sl@0: * in documentation (online or textual) provided with the package. sl@0: * sl@0: * Redistribution and use in source and binary forms, with or without sl@0: * modification, are permitted provided that the following conditions sl@0: * are met: sl@0: * 1. Redistributions of source code must retain the copyright sl@0: * notice, this list of conditions and the following disclaimer. sl@0: * 2. Redistributions in binary form must reproduce the above copyright sl@0: * notice, this list of conditions and the following disclaimer in the sl@0: * documentation and/or other materials provided with the distribution. sl@0: * 3. All advertising materials mentioning features or use of this software sl@0: * must display the following acknowledgement: sl@0: * "This product includes cryptographic software written by sl@0: * Eric Young (eay@cryptsoft.com)" sl@0: * The word 'cryptographic' can be left out if the rouines from the library sl@0: * being used are not cryptographic related :-). sl@0: * 4. If you include any Windows specific code (or a derivative thereof) from sl@0: * the apps directory (application code) you must include an acknowledgement: sl@0: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" sl@0: * sl@0: * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND sl@0: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE sl@0: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE sl@0: * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE sl@0: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL sl@0: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS sl@0: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) sl@0: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT sl@0: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY sl@0: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF sl@0: * SUCH DAMAGE. sl@0: * sl@0: * The licence and distribution terms for any publically available version or sl@0: * derivative of this code cannot be changed. i.e. this code cannot simply be sl@0: * copied and put under another distribution licence sl@0: * [including the GNU Public Licence.] sl@0: */ sl@0: /* sl@0: © Portions copyright (c) 2010 Nokia Corporation. All rights reserved. sl@0: */ sl@0: sl@0: #include sl@0: #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA256) sl@0: sl@0: #include sl@0: #include sl@0: sl@0: #include sl@0: #include sl@0: #include sl@0: sl@0: const char SHA256_version[]="SHA-256" OPENSSL_VERSION_PTEXT; sl@0: sl@0: EXPORT_C int SHA224_Init (SHA256_CTX *c) sl@0: { sl@0: c->h[0]=0xc1059ed8UL; c->h[1]=0x367cd507UL; sl@0: c->h[2]=0x3070dd17UL; c->h[3]=0xf70e5939UL; sl@0: c->h[4]=0xffc00b31UL; c->h[5]=0x68581511UL; sl@0: c->h[6]=0x64f98fa7UL; c->h[7]=0xbefa4fa4UL; sl@0: c->Nl=0; c->Nh=0; sl@0: c->num=0; c->md_len=SHA224_DIGEST_LENGTH; sl@0: return 1; sl@0: } sl@0: sl@0: EXPORT_C int SHA256_Init (SHA256_CTX *c) sl@0: { sl@0: c->h[0]=0x6a09e667UL; c->h[1]=0xbb67ae85UL; sl@0: c->h[2]=0x3c6ef372UL; c->h[3]=0xa54ff53aUL; sl@0: c->h[4]=0x510e527fUL; c->h[5]=0x9b05688cUL; sl@0: c->h[6]=0x1f83d9abUL; c->h[7]=0x5be0cd19UL; sl@0: c->Nl=0; c->Nh=0; sl@0: c->num=0; c->md_len=SHA256_DIGEST_LENGTH; sl@0: return 1; sl@0: } sl@0: sl@0: EXPORT_C unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md) sl@0: { sl@0: SHA256_CTX c; sl@0: static unsigned char m[SHA224_DIGEST_LENGTH]; sl@0: sl@0: if (md == NULL) md=m; sl@0: SHA224_Init(&c); sl@0: SHA256_Update(&c,d,n); sl@0: SHA256_Final(md,&c); sl@0: OPENSSL_cleanse(&c,sizeof(c)); sl@0: return(md); sl@0: } sl@0: sl@0: EXPORT_C unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md) sl@0: { sl@0: SHA256_CTX c; sl@0: static unsigned char m[SHA256_DIGEST_LENGTH]; sl@0: sl@0: if (md == NULL) md=m; sl@0: SHA256_Init(&c); sl@0: SHA256_Update(&c,d,n); sl@0: SHA256_Final(md,&c); sl@0: OPENSSL_cleanse(&c,sizeof(c)); sl@0: return(md); sl@0: } sl@0: sl@0: EXPORT_C int SHA224_Update(SHA256_CTX *c, const void *data, size_t len) sl@0: { return SHA256_Update (c,data,len); } sl@0: EXPORT_C int SHA224_Final (unsigned char *md, SHA256_CTX *c) sl@0: { return SHA256_Final (md,c); } sl@0: sl@0: #ifndef SHA_LONG_LOG2 sl@0: #define SHA_LONG_LOG2 2 /* default to 32 bits */ sl@0: #endif sl@0: sl@0: #define DATA_ORDER_IS_BIG_ENDIAN sl@0: sl@0: #define HASH_LONG SHA_LONG sl@0: #define HASH_LONG_LOG2 SHA_LONG_LOG2 sl@0: #define HASH_CTX SHA256_CTX sl@0: #define HASH_CBLOCK SHA_CBLOCK sl@0: #define HASH_LBLOCK SHA_LBLOCK sl@0: /* sl@0: * Note that FIPS180-2 discusses "Truncation of the Hash Function Output." sl@0: * default: case below covers for it. It's not clear however if it's sl@0: * permitted to truncate to amount of bytes not divisible by 4. I bet not, sl@0: * but if it is, then default: case shall be extended. For reference. sl@0: * Idea behind separate cases for pre-defined lenghts is to let the sl@0: * compiler decide if it's appropriate to unroll small loops. sl@0: */ sl@0: #define HASH_MAKE_STRING(c,s) do { \ sl@0: unsigned long ll; \ sl@0: unsigned int n; \ sl@0: switch ((c)->md_len) \ sl@0: { case SHA224_DIGEST_LENGTH: \ sl@0: for (n=0;nh[n]; HOST_l2c(ll,(s)); } \ sl@0: break; \ sl@0: case SHA256_DIGEST_LENGTH: \ sl@0: for (n=0;nh[n]; HOST_l2c(ll,(s)); } \ sl@0: break; \ sl@0: default: \ sl@0: if ((c)->md_len > SHA256_DIGEST_LENGTH) \ sl@0: return 0; \ sl@0: for (n=0;n<(c)->md_len/4;n++) \ sl@0: { ll=(c)->h[n]; HOST_l2c(ll,(s)); } \ sl@0: break; \ sl@0: } \ sl@0: } while (0) sl@0: sl@0: #define HASH_UPDATE SHA256_Update sl@0: #define HASH_TRANSFORM SHA256_Transform sl@0: #define HASH_FINAL SHA256_Final sl@0: #define HASH_BLOCK_HOST_ORDER sha256_block_host_order sl@0: #define HASH_BLOCK_DATA_ORDER sha256_block_data_order sl@0: void sha256_block_host_order (SHA256_CTX *ctx, const void *in, size_t num); sl@0: void sha256_block_data_order (SHA256_CTX *ctx, const void *in, size_t num); sl@0: sl@0: #include "md32_common.h" sl@0: sl@0: #ifdef SHA256_ASM sl@0: void sha256_block (SHA256_CTX *ctx, const void *in, size_t num, int host); sl@0: #else sl@0: static const SHA_LONG K256[64] = { sl@0: 0x428a2f98UL,0x71374491UL,0xb5c0fbcfUL,0xe9b5dba5UL, sl@0: 0x3956c25bUL,0x59f111f1UL,0x923f82a4UL,0xab1c5ed5UL, sl@0: 0xd807aa98UL,0x12835b01UL,0x243185beUL,0x550c7dc3UL, sl@0: 0x72be5d74UL,0x80deb1feUL,0x9bdc06a7UL,0xc19bf174UL, sl@0: 0xe49b69c1UL,0xefbe4786UL,0x0fc19dc6UL,0x240ca1ccUL, sl@0: 0x2de92c6fUL,0x4a7484aaUL,0x5cb0a9dcUL,0x76f988daUL, sl@0: 0x983e5152UL,0xa831c66dUL,0xb00327c8UL,0xbf597fc7UL, sl@0: 0xc6e00bf3UL,0xd5a79147UL,0x06ca6351UL,0x14292967UL, sl@0: 0x27b70a85UL,0x2e1b2138UL,0x4d2c6dfcUL,0x53380d13UL, sl@0: 0x650a7354UL,0x766a0abbUL,0x81c2c92eUL,0x92722c85UL, sl@0: 0xa2bfe8a1UL,0xa81a664bUL,0xc24b8b70UL,0xc76c51a3UL, sl@0: 0xd192e819UL,0xd6990624UL,0xf40e3585UL,0x106aa070UL, sl@0: 0x19a4c116UL,0x1e376c08UL,0x2748774cUL,0x34b0bcb5UL, sl@0: 0x391c0cb3UL,0x4ed8aa4aUL,0x5b9cca4fUL,0x682e6ff3UL, sl@0: 0x748f82eeUL,0x78a5636fUL,0x84c87814UL,0x8cc70208UL, sl@0: 0x90befffaUL,0xa4506cebUL,0xbef9a3f7UL,0xc67178f2UL }; sl@0: sl@0: /* sl@0: * FIPS specification refers to right rotations, while our ROTATE macro sl@0: * is left one. This is why you might notice that rotation coefficients sl@0: * differ from those observed in FIPS document by 32-N... sl@0: */ sl@0: #define Sigma0(x) (ROTATE((x),30) ^ ROTATE((x),19) ^ ROTATE((x),10)) sl@0: #define Sigma1(x) (ROTATE((x),26) ^ ROTATE((x),21) ^ ROTATE((x),7)) sl@0: #define sigma0(x) (ROTATE((x),25) ^ ROTATE((x),14) ^ ((x)>>3)) sl@0: #define sigma1(x) (ROTATE((x),15) ^ ROTATE((x),13) ^ ((x)>>10)) sl@0: sl@0: #define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) sl@0: #define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) sl@0: sl@0: #ifdef OPENSSL_SMALL_FOOTPRINT sl@0: sl@0: static void sha256_block (SHA256_CTX *ctx, const void *in, size_t num, int host) sl@0: { sl@0: unsigned MD32_REG_T a,b,c,d,e,f,g,h,s0,s1,T1,T2; sl@0: SHA_LONG X[16]; sl@0: int i; sl@0: const unsigned char *data=in; sl@0: sl@0: while (num--) { sl@0: sl@0: a = ctx->h[0]; b = ctx->h[1]; c = ctx->h[2]; d = ctx->h[3]; sl@0: e = ctx->h[4]; f = ctx->h[5]; g = ctx->h[6]; h = ctx->h[7]; sl@0: sl@0: if (host) sl@0: { sl@0: const SHA_LONG *W=(const SHA_LONG *)data; sl@0: sl@0: for (i=0;i<16;i++) sl@0: { sl@0: T1 = X[i] = W[i]; sl@0: T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i]; sl@0: T2 = Sigma0(a) + Maj(a,b,c); sl@0: h = g; g = f; f = e; e = d + T1; sl@0: d = c; c = b; b = a; a = T1 + T2; sl@0: } sl@0: sl@0: data += SHA256_CBLOCK; sl@0: } sl@0: else sl@0: { sl@0: SHA_LONG l; sl@0: sl@0: for (i=0;i<16;i++) sl@0: { sl@0: HOST_c2l(data,l); T1 = X[i] = l; sl@0: T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i]; sl@0: T2 = Sigma0(a) + Maj(a,b,c); sl@0: h = g; g = f; f = e; e = d + T1; sl@0: d = c; c = b; b = a; a = T1 + T2; sl@0: } sl@0: } sl@0: sl@0: for (;i<64;i++) sl@0: { sl@0: s0 = X[(i+1)&0x0f]; s0 = sigma0(s0); sl@0: s1 = X[(i+14)&0x0f]; s1 = sigma1(s1); sl@0: sl@0: T1 = X[i&0xf] += s0 + s1 + X[(i+9)&0xf]; sl@0: T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i]; sl@0: T2 = Sigma0(a) + Maj(a,b,c); sl@0: h = g; g = f; f = e; e = d + T1; sl@0: d = c; c = b; b = a; a = T1 + T2; sl@0: } sl@0: sl@0: ctx->h[0] += a; ctx->h[1] += b; ctx->h[2] += c; ctx->h[3] += d; sl@0: ctx->h[4] += e; ctx->h[5] += f; ctx->h[6] += g; ctx->h[7] += h; sl@0: sl@0: } sl@0: } sl@0: sl@0: #else sl@0: sl@0: #define ROUND_00_15(i,a,b,c,d,e,f,g,h) do { \ sl@0: T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i]; \ sl@0: h = Sigma0(a) + Maj(a,b,c); \ sl@0: d += T1; h += T1; } while (0) sl@0: sl@0: #define ROUND_16_63(i,a,b,c,d,e,f,g,h,X) do { \ sl@0: s0 = X[(i+1)&0x0f]; s0 = sigma0(s0); \ sl@0: s1 = X[(i+14)&0x0f]; s1 = sigma1(s1); \ sl@0: T1 = X[(i)&0x0f] += s0 + s1 + X[(i+9)&0x0f]; \ sl@0: ROUND_00_15(i,a,b,c,d,e,f,g,h); } while (0) sl@0: sl@0: static void sha256_block (SHA256_CTX *ctx, const void *in, size_t num, int host) sl@0: { sl@0: unsigned MD32_REG_T a,b,c,d,e,f,g,h,s0,s1,T1; sl@0: SHA_LONG X[16]; sl@0: int i; sl@0: const unsigned char *data=in; sl@0: sl@0: while (num--) { sl@0: sl@0: a = ctx->h[0]; b = ctx->h[1]; c = ctx->h[2]; d = ctx->h[3]; sl@0: e = ctx->h[4]; f = ctx->h[5]; g = ctx->h[6]; h = ctx->h[7]; sl@0: sl@0: if (host) sl@0: { sl@0: const SHA_LONG *W=(const SHA_LONG *)data; sl@0: sl@0: T1 = X[0] = W[0]; ROUND_00_15(0,a,b,c,d,e,f,g,h); sl@0: T1 = X[1] = W[1]; ROUND_00_15(1,h,a,b,c,d,e,f,g); sl@0: T1 = X[2] = W[2]; ROUND_00_15(2,g,h,a,b,c,d,e,f); sl@0: T1 = X[3] = W[3]; ROUND_00_15(3,f,g,h,a,b,c,d,e); sl@0: T1 = X[4] = W[4]; ROUND_00_15(4,e,f,g,h,a,b,c,d); sl@0: T1 = X[5] = W[5]; ROUND_00_15(5,d,e,f,g,h,a,b,c); sl@0: T1 = X[6] = W[6]; ROUND_00_15(6,c,d,e,f,g,h,a,b); sl@0: T1 = X[7] = W[7]; ROUND_00_15(7,b,c,d,e,f,g,h,a); sl@0: T1 = X[8] = W[8]; ROUND_00_15(8,a,b,c,d,e,f,g,h); sl@0: T1 = X[9] = W[9]; ROUND_00_15(9,h,a,b,c,d,e,f,g); sl@0: T1 = X[10] = W[10]; ROUND_00_15(10,g,h,a,b,c,d,e,f); sl@0: T1 = X[11] = W[11]; ROUND_00_15(11,f,g,h,a,b,c,d,e); sl@0: T1 = X[12] = W[12]; ROUND_00_15(12,e,f,g,h,a,b,c,d); sl@0: T1 = X[13] = W[13]; ROUND_00_15(13,d,e,f,g,h,a,b,c); sl@0: T1 = X[14] = W[14]; ROUND_00_15(14,c,d,e,f,g,h,a,b); sl@0: T1 = X[15] = W[15]; ROUND_00_15(15,b,c,d,e,f,g,h,a); sl@0: sl@0: data += SHA256_CBLOCK; sl@0: } sl@0: else sl@0: { sl@0: SHA_LONG l; sl@0: sl@0: HOST_c2l(data,l); T1 = X[0] = l; ROUND_00_15(0,a,b,c,d,e,f,g,h); sl@0: HOST_c2l(data,l); T1 = X[1] = l; ROUND_00_15(1,h,a,b,c,d,e,f,g); sl@0: HOST_c2l(data,l); T1 = X[2] = l; ROUND_00_15(2,g,h,a,b,c,d,e,f); sl@0: HOST_c2l(data,l); T1 = X[3] = l; ROUND_00_15(3,f,g,h,a,b,c,d,e); sl@0: HOST_c2l(data,l); T1 = X[4] = l; ROUND_00_15(4,e,f,g,h,a,b,c,d); sl@0: HOST_c2l(data,l); T1 = X[5] = l; ROUND_00_15(5,d,e,f,g,h,a,b,c); sl@0: HOST_c2l(data,l); T1 = X[6] = l; ROUND_00_15(6,c,d,e,f,g,h,a,b); sl@0: HOST_c2l(data,l); T1 = X[7] = l; ROUND_00_15(7,b,c,d,e,f,g,h,a); sl@0: HOST_c2l(data,l); T1 = X[8] = l; ROUND_00_15(8,a,b,c,d,e,f,g,h); sl@0: HOST_c2l(data,l); T1 = X[9] = l; ROUND_00_15(9,h,a,b,c,d,e,f,g); sl@0: HOST_c2l(data,l); T1 = X[10] = l; ROUND_00_15(10,g,h,a,b,c,d,e,f); sl@0: HOST_c2l(data,l); T1 = X[11] = l; ROUND_00_15(11,f,g,h,a,b,c,d,e); sl@0: HOST_c2l(data,l); T1 = X[12] = l; ROUND_00_15(12,e,f,g,h,a,b,c,d); sl@0: HOST_c2l(data,l); T1 = X[13] = l; ROUND_00_15(13,d,e,f,g,h,a,b,c); sl@0: HOST_c2l(data,l); T1 = X[14] = l; ROUND_00_15(14,c,d,e,f,g,h,a,b); sl@0: HOST_c2l(data,l); T1 = X[15] = l; ROUND_00_15(15,b,c,d,e,f,g,h,a); sl@0: } sl@0: sl@0: for (i=16;i<64;i+=8) sl@0: { sl@0: ROUND_16_63(i+0,a,b,c,d,e,f,g,h,X); sl@0: ROUND_16_63(i+1,h,a,b,c,d,e,f,g,X); sl@0: ROUND_16_63(i+2,g,h,a,b,c,d,e,f,X); sl@0: ROUND_16_63(i+3,f,g,h,a,b,c,d,e,X); sl@0: ROUND_16_63(i+4,e,f,g,h,a,b,c,d,X); sl@0: ROUND_16_63(i+5,d,e,f,g,h,a,b,c,X); sl@0: ROUND_16_63(i+6,c,d,e,f,g,h,a,b,X); sl@0: ROUND_16_63(i+7,b,c,d,e,f,g,h,a,X); sl@0: } sl@0: sl@0: ctx->h[0] += a; ctx->h[1] += b; ctx->h[2] += c; ctx->h[3] += d; sl@0: ctx->h[4] += e; ctx->h[5] += f; ctx->h[6] += g; ctx->h[7] += h; sl@0: sl@0: } sl@0: } sl@0: sl@0: #endif sl@0: #endif /* SHA256_ASM */ sl@0: sl@0: /* sl@0: * Idea is to trade couple of cycles for some space. On IA-32 we save sl@0: * about 4K in "big footprint" case. In "small footprint" case any gain sl@0: * is appreciated:-) sl@0: */ sl@0: void HASH_BLOCK_HOST_ORDER (SHA256_CTX *ctx, const void *in, size_t num) sl@0: { sha256_block (ctx,in,num,1); } sl@0: sl@0: void HASH_BLOCK_DATA_ORDER (SHA256_CTX *ctx, const void *in, size_t num) sl@0: { sha256_block (ctx,in,num,0); } sl@0: sl@0: #endif /* OPENSSL_NO_SHA256 */