buffer bio stack lhash rand err \
evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5
-FDIRS= sha1 rand des aes dsa rsa dh hmac
+FDIRS= sha rand des aes dsa rsa dh hmac
# tests to perform. "alltests" is a special word indicating that all tests
# should be performed.
libcrypto.a.sha1: libcrypto.a
@if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
$(RANLIB) libcrypto.a; \
- fips/sha1/fips_standalone_sha1 libcrypto.a > libcrypto.a.sha1; \
+ fips/sha/fips_standalone_sha1 libcrypto.a > libcrypto.a.sha1; \
fi
sub_all:
LIBS=
-FDIRS=sha1 rand des aes dsa rsa dh hmac
+FDIRS=sha rand des aes dsa rsa dh hmac
GENERAL=Makefile README fips-lib.com install.com
fips_test: top top_fips_test_suite
cd testvectors && perl -p -i -e 's/COUNT=/COUNT = /' des[23]/req/*.req
- @for i in dsa sha1 aes des hmac rand rsa; \
+ @for i in dsa sha aes des hmac rand rsa; \
do \
(cd $$i && echo "making fips_test in fips/$$i..." && $(MAKE) fips_test) \
done;
"HMAC-SHA1(rsa/fips_rsa_eay.c)= 2596773a7af8f037427217b79f56858296961d66",
"HMAC-SHA1(rsa/fips_rsa_gen.c)= af83b857d2be13d59e7f1516e6b1a25edd6369c3",
"HMAC-SHA1(rsa/fips_rsa_selftest.c)= a9dc47bd1001f795d1565111d26433c300101e06",
-"HMAC-SHA1(sha1/fips_sha1dgst.c)= 26e529d630b5e754b4a29bd1bb697e991e7fdc04",
-"HMAC-SHA1(sha1/fips_standalone_sha1.c)= faae95bc36cc80f5be6a0cde02ebab0f63d4fd97",
-"HMAC-SHA1(sha1/fips_sha1_selftest.c)= a08f9c1e2c0f63b9aa96b927c0333a03b020749f",
-"HMAC-SHA1(sha1/asm/fips-sx86-elf.s)= ae66fb23ab8e1a2287e87a0a2dd30a4b9039fe63",
-"HMAC-SHA1(sha1/fips_sha_locl.h)= 30b6d6bdbdc9db0d66dc89010c1f4fe1c7b60574",
-"HMAC-SHA1(sha1/fips_md32_common.h)= c34d8b7785d3194ff968cf6d3efdd2bfcaec1fad",
-"HMAC-SHA1(sha1/fips_sha.h)= cbe98c211cff1684adfa3fe6e6225e92a0a25f6c",
-"HMAC-SHA1(sha1/fips_sha256.c)= 826e768677e67b7c87dfc9e084245b619804d01c",
-"HMAC-SHA1(sha1/fips_sha512.c)= 27e16912ff196982425c00fe266fa84ef4f48fcd",
+"HMAC-SHA1(sha/fips_sha1dgst.c)= 26e529d630b5e754b4a29bd1bb697e991e7fdc04",
+"HMAC-SHA1(sha/fips_standalone_sha1.c)= faae95bc36cc80f5be6a0cde02ebab0f63d4fd97",
+"HMAC-SHA1(sha/fips_sha1_selftest.c)= a08f9c1e2c0f63b9aa96b927c0333a03b020749f",
+"HMAC-SHA1(sha/asm/fips-sx86-elf.s)= ae66fb23ab8e1a2287e87a0a2dd30a4b9039fe63",
+"HMAC-SHA1(sha/fips_sha_locl.h)= 30b6d6bdbdc9db0d66dc89010c1f4fe1c7b60574",
+"HMAC-SHA1(sha/fips_md32_common.h)= c34d8b7785d3194ff968cf6d3efdd2bfcaec1fad",
+"HMAC-SHA1(sha/fips_sha.h)= cbe98c211cff1684adfa3fe6e6225e92a0a25f6c",
+"HMAC-SHA1(sha/fips_sha256.c)= 826e768677e67b7c87dfc9e084245b619804d01c",
+"HMAC-SHA1(sha/fips_sha512.c)= 27e16912ff196982425c00fe266fa84ef4f48fcd",
"HMAC-SHA1(hmac/fips_hmac.c)= a477cec1da76c0092979c4a875b6469339bff7ef",
"HMAC-SHA1(hmac/fips_hmac_selftest.c)= ebb32b205babf4300017de767fd6e3f1879765c9",
};
--- /dev/null
+fips_standalone_sha1
+lib
+Makefile.save
+*.flc
+semantic.cache
--- /dev/null
+#
+# SSLeay/fips/sha1/Makefile
+#
+
+DIR= sha
+TOP= ../..
+CC= cc
+INCLUDES=
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR= /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKEDEPPROG= makedepend
+MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE= Makefile
+AR= ar r
+EXE_EXT=
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST= fips_sha1test.c
+TESTDATA= sha1vectors.txt sha1hashes.txt
+APPS=
+EXE= fips_standalone_sha1$(EXE_EXT)
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=fips_sha1dgst.c fips_sha1_selftest.c asm/fips-sx86-elf.s \
+ fips_sha256.c fips_sha512.c
+LIBOBJ=fips_sha1dgst.o fips_sha1_selftest.o $(FIPS_SHA1_ASM_OBJ) \
+ fips_sha256.o fips_sha512.o
+
+SRC= $(LIBSRC) fips_standalone_sha1.c
+
+EXHEADER=fips_sha.h
+HEADER= $(EXHEADER) fips_sha_locl.h fips_md32_common.h
+
+ALL= $(GENERAL) $(SRC) $(HEADER)
+
+top:
+ (cd $(TOP); $(MAKE) DIRS=fips SDIRS=$(DIR) sub_all)
+
+all: fips_standalone_sha1$(EXE_EXT) lib
+
+lib: $(LIBOBJ)
+ $(AR) $(LIB) $(LIBOBJ)
+ $(RANLIB) $(LIB) || echo Never mind.
+ @sleep 2; touch lib
+
+fips_standalone_sha1$(EXE_EXT): fips_standalone_sha1.o fips_sha1dgst.o $(FIPS_SHA1_ASM_OBJ)
+ $(CC) -o fips_standalone_sha1$(EXE_EXT) $(CFLAGS) \
+ fips_standalone_sha1.o fips_sha1dgst.o $(FIPS_SHA1_ASM_OBJ)
+
+files:
+ $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+ @$(PERL) $(TOP)/util/mklink.pl $(TOP)/include/openssl $(EXHEADER)
+ @$(PERL) $(TOP)/util/mklink.pl $(TOP)/test $(TEST)
+ cp $(TESTDATA) $(TOP)/test
+ @$(PERL) $(TOP)/util/mklink.pl $(TOP)/apps $(APPS)
+
+install:
+ @headerlist="$(EXHEADER)"; for i in $$headerlist; \
+ do \
+ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done
+
+tags:
+ ctags $(SRC)
+
+tests:
+
+top_fips_sha1test:
+ (cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) TARGET=fips_sha1test sub_target)
+
+fips_sha1test: fips_sha1test.o $(TOP)/libcrypto.a
+ $(CC) $(CFLAGS) -o fips_sha1test fips_sha1test.o $(PEX_LIBS) $(TOP)/libcrypto.a $(EX_LIBS)
+ TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a fips_sha1test
+
+fips_test: top_fips_sha1test
+ -rm -rf ../testvectors/sha1/rsp
+ mkdir ../testvectors/sha1/rsp
+ ./fips_sha1test ../testvectors/sha1/req/sha.req > ../testvectors/sha1/rsp/sha.rsp
+
+lint:
+ lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+ $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(SRC) $(TEST)
+
+dclean:
+ $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+ mv -f Makefile.new $(MAKEFILE)
+
+clean:
+ rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE)
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+fips_sha1_selftest.o: ../../include/openssl/bio.h
+fips_sha1_selftest.o: ../../include/openssl/crypto.h
+fips_sha1_selftest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+fips_sha1_selftest.o: ../../include/openssl/fips.h
+fips_sha1_selftest.o: ../../include/openssl/fips_sha.h
+fips_sha1_selftest.o: ../../include/openssl/lhash.h
+fips_sha1_selftest.o: ../../include/openssl/opensslconf.h
+fips_sha1_selftest.o: ../../include/openssl/opensslv.h
+fips_sha1_selftest.o: ../../include/openssl/safestack.h
+fips_sha1_selftest.o: ../../include/openssl/stack.h
+fips_sha1_selftest.o: ../../include/openssl/symhacks.h fips_sha1_selftest.c
+fips_sha1dgst.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+fips_sha1dgst.o: ../../include/openssl/opensslconf.h
+fips_sha1dgst.o: ../../include/openssl/opensslv.h
+fips_sha1dgst.o: ../../include/openssl/safestack.h
+fips_sha1dgst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+fips_sha1dgst.o: fips_sha1dgst.c
+fips_sha1test.o: ../../e_os.h ../../include/openssl/bio.h
+fips_sha1test.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+fips_sha1test.o: ../../include/openssl/err.h ../../include/openssl/fips.h
+fips_sha1test.o: ../../include/openssl/fips_sha.h ../../include/openssl/lhash.h
+fips_sha1test.o: ../../include/openssl/opensslconf.h
+fips_sha1test.o: ../../include/openssl/opensslv.h
+fips_sha1test.o: ../../include/openssl/safestack.h
+fips_sha1test.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+fips_sha1test.o: fips_sha1test.c
+fips_sha256.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+fips_sha256.o: ../../include/openssl/fips.h ../../include/openssl/fips_sha.h
+fips_sha256.o: ../../include/openssl/opensslconf.h
+fips_sha256.o: ../../include/openssl/opensslv.h
+fips_sha256.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+fips_sha256.o: ../../include/openssl/symhacks.h fips_md32_common.h
+fips_sha256.o: fips_sha256.c
+fips_sha512.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+fips_sha512.o: ../../include/openssl/fips.h ../../include/openssl/fips_sha.h
+fips_sha512.o: ../../include/openssl/opensslconf.h
+fips_sha512.o: ../../include/openssl/opensslv.h
+fips_sha512.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+fips_sha512.o: ../../include/openssl/symhacks.h fips_sha512.c
+fips_standalone_sha1.o: ../../include/openssl/aes.h
+fips_standalone_sha1.o: ../../include/openssl/asn1.h
+fips_standalone_sha1.o: ../../include/openssl/bio.h
+fips_standalone_sha1.o: ../../include/openssl/blowfish.h
+fips_standalone_sha1.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
+fips_standalone_sha1.o: ../../include/openssl/crypto.h
+fips_standalone_sha1.o: ../../include/openssl/des.h
+fips_standalone_sha1.o: ../../include/openssl/des_old.h
+fips_standalone_sha1.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+fips_standalone_sha1.o: ../../include/openssl/e_os2.h
+fips_standalone_sha1.o: ../../include/openssl/evp.h
+fips_standalone_sha1.o: ../../include/openssl/fips_sha.h
+fips_standalone_sha1.o: ../../include/openssl/hmac.h
+fips_standalone_sha1.o: ../../include/openssl/idea.h
+fips_standalone_sha1.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+fips_standalone_sha1.o: ../../include/openssl/md5.h
+fips_standalone_sha1.o: ../../include/openssl/mdc2.h
+fips_standalone_sha1.o: ../../include/openssl/obj_mac.h
+fips_standalone_sha1.o: ../../include/openssl/objects.h
+fips_standalone_sha1.o: ../../include/openssl/opensslconf.h
+fips_standalone_sha1.o: ../../include/openssl/opensslv.h
+fips_standalone_sha1.o: ../../include/openssl/ossl_typ.h
+fips_standalone_sha1.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+fips_standalone_sha1.o: ../../include/openssl/rc5.h
+fips_standalone_sha1.o: ../../include/openssl/ripemd.h
+fips_standalone_sha1.o: ../../include/openssl/rsa.h
+fips_standalone_sha1.o: ../../include/openssl/safestack.h
+fips_standalone_sha1.o: ../../include/openssl/sha.h
+fips_standalone_sha1.o: ../../include/openssl/stack.h
+fips_standalone_sha1.o: ../../include/openssl/symhacks.h
+fips_standalone_sha1.o: ../../include/openssl/ui.h
+fips_standalone_sha1.o: ../../include/openssl/ui_compat.h
+fips_standalone_sha1.o: fips_standalone_sha1.c
--- /dev/null
+
+
+
+
+
+
+ .file "sha1-586.s"
+ .version "01.01"
+gcc2_compiled.:
+.text
+ .align 16
+.globl sha1_block_asm_data_order
+ .type sha1_block_asm_data_order,@function
+sha1_block_asm_data_order:
+ movl 12(%esp), %ecx
+ pushl %esi
+ sall $6, %ecx
+ movl 12(%esp), %esi
+ pushl %ebp
+ addl %esi, %ecx
+ pushl %ebx
+ movl 16(%esp), %ebp
+ pushl %edi
+ movl 12(%ebp), %edx
+ subl $108, %esp
+ movl 16(%ebp), %edi
+ movl 8(%ebp), %ebx
+ movl %ecx, 68(%esp)
+
+.L000start:
+
+ movl (%esi), %eax
+ movl 4(%esi), %ecx
+
+ xchgb %al, %ah
+ rorl $16, %eax
+ xchgb %al, %ah
+
+ xchgb %cl, %ch
+ rorl $16, %ecx
+ xchgb %cl, %ch
+ movl %eax, (%esp)
+ movl %ecx, 4(%esp)
+ movl 8(%esi), %eax
+ movl 12(%esi), %ecx
+
+ xchgb %al, %ah
+ rorl $16, %eax
+ xchgb %al, %ah
+
+ xchgb %cl, %ch
+ rorl $16, %ecx
+ xchgb %cl, %ch
+ movl %eax, 8(%esp)
+ movl %ecx, 12(%esp)
+ movl 16(%esi), %eax
+ movl 20(%esi), %ecx
+
+ xchgb %al, %ah
+ rorl $16, %eax
+ xchgb %al, %ah
+
+ xchgb %cl, %ch
+ rorl $16, %ecx
+ xchgb %cl, %ch
+ movl %eax, 16(%esp)
+ movl %ecx, 20(%esp)
+ movl 24(%esi), %eax
+ movl 28(%esi), %ecx
+
+ xchgb %al, %ah
+ rorl $16, %eax
+ xchgb %al, %ah
+
+ xchgb %cl, %ch
+ rorl $16, %ecx
+ xchgb %cl, %ch
+ movl %eax, 24(%esp)
+ movl %ecx, 28(%esp)
+ movl 32(%esi), %eax
+ movl 36(%esi), %ecx
+
+ xchgb %al, %ah
+ rorl $16, %eax
+ xchgb %al, %ah
+
+ xchgb %cl, %ch
+ rorl $16, %ecx
+ xchgb %cl, %ch
+ movl %eax, 32(%esp)
+ movl %ecx, 36(%esp)
+ movl 40(%esi), %eax
+ movl 44(%esi), %ecx
+
+ xchgb %al, %ah
+ rorl $16, %eax
+ xchgb %al, %ah
+
+ xchgb %cl, %ch
+ rorl $16, %ecx
+ xchgb %cl, %ch
+ movl %eax, 40(%esp)
+ movl %ecx, 44(%esp)
+ movl 48(%esi), %eax
+ movl 52(%esi), %ecx
+
+ xchgb %al, %ah
+ rorl $16, %eax
+ xchgb %al, %ah
+
+ xchgb %cl, %ch
+ rorl $16, %ecx
+ xchgb %cl, %ch
+ movl %eax, 48(%esp)
+ movl %ecx, 52(%esp)
+ movl 56(%esi), %eax
+ movl 60(%esi), %ecx
+
+ xchgb %al, %ah
+ rorl $16, %eax
+ xchgb %al, %ah
+
+ xchgb %cl, %ch
+ rorl $16, %ecx
+ xchgb %cl, %ch
+ movl %eax, 56(%esp)
+ movl %ecx, 60(%esp)
+
+
+ movl %esi, 132(%esp)
+.L001shortcut:
+
+
+ movl (%ebp), %eax
+ movl 4(%ebp), %ecx
+
+ movl %eax, %ebp
+ movl %ebx, %esi
+ roll $5, %ebp
+ xorl %edx, %esi
+ andl %ecx, %esi
+ rorl $2, %ecx
+ addl %edi, %ebp
+ movl (%esp), %edi
+ xorl %edx, %esi
+ leal 1518500249(%ebp,%edi,1),%ebp
+ addl %ebp, %esi
+
+ movl %esi, %ebp
+ movl %ecx, %edi
+ roll $5, %ebp
+ xorl %ebx, %edi
+ andl %eax, %edi
+ rorl $2, %eax
+ addl %edx, %ebp
+ movl 4(%esp), %edx
+ xorl %ebx, %edi
+ leal 1518500249(%ebp,%edx,1),%ebp
+ addl %ebp, %edi
+
+ movl %edi, %ebp
+ movl %eax, %edx
+ roll $5, %ebp
+ xorl %ecx, %edx
+ andl %esi, %edx
+ rorl $2, %esi
+ addl %ebx, %ebp
+ movl 8(%esp), %ebx
+ xorl %ecx, %edx
+ leal 1518500249(%ebp,%ebx,1),%ebp
+ addl %ebp, %edx
+
+ movl %edx, %ebp
+ movl %esi, %ebx
+ roll $5, %ebp
+ xorl %eax, %ebx
+ andl %edi, %ebx
+ rorl $2, %edi
+ addl %ecx, %ebp
+ movl 12(%esp), %ecx
+ xorl %eax, %ebx
+ leal 1518500249(%ebp,%ecx,1),%ebp
+ addl %ebp, %ebx
+
+ movl %ebx, %ebp
+ movl %edi, %ecx
+ roll $5, %ebp
+ xorl %esi, %ecx
+ andl %edx, %ecx
+ rorl $2, %edx
+ addl %eax, %ebp
+ movl 16(%esp), %eax
+ xorl %esi, %ecx
+ leal 1518500249(%ebp,%eax,1),%ebp
+ addl %ebp, %ecx
+
+ movl %ecx, %ebp
+ movl %edx, %eax
+ roll $5, %ebp
+ xorl %edi, %eax
+ andl %ebx, %eax
+ rorl $2, %ebx
+ addl %esi, %ebp
+ movl 20(%esp), %esi
+ xorl %edi, %eax
+ leal 1518500249(%ebp,%esi,1),%ebp
+ addl %ebp, %eax
+
+ movl %eax, %ebp
+ movl %ebx, %esi
+ roll $5, %ebp
+ xorl %edx, %esi
+ andl %ecx, %esi
+ rorl $2, %ecx
+ addl %edi, %ebp
+ movl 24(%esp), %edi
+ xorl %edx, %esi
+ leal 1518500249(%ebp,%edi,1),%ebp
+ addl %ebp, %esi
+
+ movl %esi, %ebp
+ movl %ecx, %edi
+ roll $5, %ebp
+ xorl %ebx, %edi
+ andl %eax, %edi
+ rorl $2, %eax
+ addl %edx, %ebp
+ movl 28(%esp), %edx
+ xorl %ebx, %edi
+ leal 1518500249(%ebp,%edx,1),%ebp
+ addl %ebp, %edi
+
+ movl %edi, %ebp
+ movl %eax, %edx
+ roll $5, %ebp
+ xorl %ecx, %edx
+ andl %esi, %edx
+ rorl $2, %esi
+ addl %ebx, %ebp
+ movl 32(%esp), %ebx
+ xorl %ecx, %edx
+ leal 1518500249(%ebp,%ebx,1),%ebp
+ addl %ebp, %edx
+
+ movl %edx, %ebp
+ movl %esi, %ebx
+ roll $5, %ebp
+ xorl %eax, %ebx
+ andl %edi, %ebx
+ rorl $2, %edi
+ addl %ecx, %ebp
+ movl 36(%esp), %ecx
+ xorl %eax, %ebx
+ leal 1518500249(%ebp,%ecx,1),%ebp
+ addl %ebp, %ebx
+
+ movl %ebx, %ebp
+ movl %edi, %ecx
+ roll $5, %ebp
+ xorl %esi, %ecx
+ andl %edx, %ecx
+ rorl $2, %edx
+ addl %eax, %ebp
+ movl 40(%esp), %eax
+ xorl %esi, %ecx
+ leal 1518500249(%ebp,%eax,1),%ebp
+ addl %ebp, %ecx
+
+ movl %ecx, %ebp
+ movl %edx, %eax
+ roll $5, %ebp
+ xorl %edi, %eax
+ andl %ebx, %eax
+ rorl $2, %ebx
+ addl %esi, %ebp
+ movl 44(%esp), %esi
+ xorl %edi, %eax
+ leal 1518500249(%ebp,%esi,1),%ebp
+ addl %ebp, %eax
+
+ movl %eax, %ebp
+ movl %ebx, %esi
+ roll $5, %ebp
+ xorl %edx, %esi
+ andl %ecx, %esi
+ rorl $2, %ecx
+ addl %edi, %ebp
+ movl 48(%esp), %edi
+ xorl %edx, %esi
+ leal 1518500249(%ebp,%edi,1),%ebp
+ addl %ebp, %esi
+
+ movl %esi, %ebp
+ movl %ecx, %edi
+ roll $5, %ebp
+ xorl %ebx, %edi
+ andl %eax, %edi
+ rorl $2, %eax
+ addl %edx, %ebp
+ movl 52(%esp), %edx
+ xorl %ebx, %edi
+ leal 1518500249(%ebp,%edx,1),%ebp
+ addl %ebp, %edi
+
+ movl %edi, %ebp
+ movl %eax, %edx
+ roll $5, %ebp
+ xorl %ecx, %edx
+ andl %esi, %edx
+ rorl $2, %esi
+ addl %ebx, %ebp
+ movl 56(%esp), %ebx
+ xorl %ecx, %edx
+ leal 1518500249(%ebp,%ebx,1),%ebp
+ addl %ebp, %edx
+
+ movl %edx, %ebp
+ movl %esi, %ebx
+ roll $5, %ebp
+ xorl %eax, %ebx
+ andl %edi, %ebx
+ rorl $2, %edi
+ addl %ecx, %ebp
+ movl 60(%esp), %ecx
+ xorl %eax, %ebx
+ leal 1518500249(%ebp,%ecx,1),%ebp
+ addl %ebp, %ebx
+
+ movl 8(%esp), %ecx
+ movl %edi, %ebp
+ xorl (%esp), %ecx
+ xorl %esi, %ebp
+ xorl 32(%esp), %ecx
+ andl %edx, %ebp
+ xorl 52(%esp), %ecx
+ rorl $2, %edx
+ xorl %esi, %ebp
+.byte 209
+.byte 193
+ movl %ecx, (%esp)
+ leal 1518500249(%ecx,%eax,1),%ecx
+ movl %ebx, %eax
+ addl %ebp, %ecx
+ roll $5, %eax
+ addl %eax, %ecx
+
+ movl 12(%esp), %eax
+ movl %edx, %ebp
+ xorl 4(%esp), %eax
+ xorl %edi, %ebp
+ xorl 36(%esp), %eax
+ andl %ebx, %ebp
+ xorl 56(%esp), %eax
+ rorl $2, %ebx
+ xorl %edi, %ebp
+.byte 209
+.byte 192
+ movl %eax, 4(%esp)
+ leal 1518500249(%eax,%esi,1),%eax
+ movl %ecx, %esi
+ addl %ebp, %eax
+ roll $5, %esi
+ addl %esi, %eax
+
+ movl 16(%esp), %esi
+ movl %ebx, %ebp
+ xorl 8(%esp), %esi
+ xorl %edx, %ebp
+ xorl 40(%esp), %esi
+ andl %ecx, %ebp
+ xorl 60(%esp), %esi
+ rorl $2, %ecx
+ xorl %edx, %ebp
+.byte 209
+.byte 198
+ movl %esi, 8(%esp)
+ leal 1518500249(%esi,%edi,1),%esi
+ movl %eax, %edi
+ addl %ebp, %esi
+ roll $5, %edi
+ addl %edi, %esi
+
+ movl 20(%esp), %edi
+ movl %ecx, %ebp
+ xorl 12(%esp), %edi
+ xorl %ebx, %ebp
+ xorl 44(%esp), %edi
+ andl %eax, %ebp
+ xorl (%esp), %edi
+ rorl $2, %eax
+ xorl %ebx, %ebp
+.byte 209
+.byte 199
+ movl %edi, 12(%esp)
+ leal 1518500249(%edi,%edx,1),%edi
+ movl %esi, %edx
+ addl %ebp, %edi
+ roll $5, %edx
+ addl %edx, %edi
+
+ movl 16(%esp), %edx
+ movl %esi, %ebp
+ xorl 24(%esp), %edx
+ rorl $2, %esi
+ xorl 48(%esp), %edx
+ xorl %eax, %ebp
+ xorl 4(%esp), %edx
+ xorl %ecx, %ebp
+.byte 209
+.byte 194
+ movl %edx, 16(%esp)
+ leal 1859775393(%edx,%ebx,1),%edx
+ movl %edi, %ebx
+ roll $5, %ebx
+ addl %ebp, %edx
+ addl %ebx, %edx
+
+ movl 20(%esp), %ebx
+ movl %edi, %ebp
+ xorl 28(%esp), %ebx
+ rorl $2, %edi
+ xorl 52(%esp), %ebx
+ xorl %esi, %ebp
+ xorl 8(%esp), %ebx
+ xorl %eax, %ebp
+.byte 209
+.byte 195
+ movl %ebx, 20(%esp)
+ leal 1859775393(%ebx,%ecx,1),%ebx
+ movl %edx, %ecx
+ roll $5, %ecx
+ addl %ebp, %ebx
+ addl %ecx, %ebx
+
+ movl 24(%esp), %ecx
+ movl %edx, %ebp
+ xorl 32(%esp), %ecx
+ rorl $2, %edx
+ xorl 56(%esp), %ecx
+ xorl %edi, %ebp
+ xorl 12(%esp), %ecx
+ xorl %esi, %ebp
+.byte 209
+.byte 193
+ movl %ecx, 24(%esp)
+ leal 1859775393(%ecx,%eax,1),%ecx
+ movl %ebx, %eax
+ roll $5, %eax
+ addl %ebp, %ecx
+ addl %eax, %ecx
+
+ movl 28(%esp), %eax
+ movl %ebx, %ebp
+ xorl 36(%esp), %eax
+ rorl $2, %ebx
+ xorl 60(%esp), %eax
+ xorl %edx, %ebp
+ xorl 16(%esp), %eax
+ xorl %edi, %ebp
+.byte 209
+.byte 192
+ movl %eax, 28(%esp)
+ leal 1859775393(%eax,%esi,1),%eax
+ movl %ecx, %esi
+ roll $5, %esi
+ addl %ebp, %eax
+ addl %esi, %eax
+
+ movl 32(%esp), %esi
+ movl %ecx, %ebp
+ xorl 40(%esp), %esi
+ rorl $2, %ecx
+ xorl (%esp), %esi
+ xorl %ebx, %ebp
+ xorl 20(%esp), %esi
+ xorl %edx, %ebp
+.byte 209
+.byte 198
+ movl %esi, 32(%esp)
+ leal 1859775393(%esi,%edi,1),%esi
+ movl %eax, %edi
+ roll $5, %edi
+ addl %ebp, %esi
+ addl %edi, %esi
+
+ movl 36(%esp), %edi
+ movl %eax, %ebp
+ xorl 44(%esp), %edi
+ rorl $2, %eax
+ xorl 4(%esp), %edi
+ xorl %ecx, %ebp
+ xorl 24(%esp), %edi
+ xorl %ebx, %ebp
+.byte 209
+.byte 199
+ movl %edi, 36(%esp)
+ leal 1859775393(%edi,%edx,1),%edi
+ movl %esi, %edx
+ roll $5, %edx
+ addl %ebp, %edi
+ addl %edx, %edi
+
+ movl 40(%esp), %edx
+ movl %esi, %ebp
+ xorl 48(%esp), %edx
+ rorl $2, %esi
+ xorl 8(%esp), %edx
+ xorl %eax, %ebp
+ xorl 28(%esp), %edx
+ xorl %ecx, %ebp
+.byte 209
+.byte 194
+ movl %edx, 40(%esp)
+ leal 1859775393(%edx,%ebx,1),%edx
+ movl %edi, %ebx
+ roll $5, %ebx
+ addl %ebp, %edx
+ addl %ebx, %edx
+
+ movl 44(%esp), %ebx
+ movl %edi, %ebp
+ xorl 52(%esp), %ebx
+ rorl $2, %edi
+ xorl 12(%esp), %ebx
+ xorl %esi, %ebp
+ xorl 32(%esp), %ebx
+ xorl %eax, %ebp
+.byte 209
+.byte 195
+ movl %ebx, 44(%esp)
+ leal 1859775393(%ebx,%ecx,1),%ebx
+ movl %edx, %ecx
+ roll $5, %ecx
+ addl %ebp, %ebx
+ addl %ecx, %ebx
+
+ movl 48(%esp), %ecx
+ movl %edx, %ebp
+ xorl 56(%esp), %ecx
+ rorl $2, %edx
+ xorl 16(%esp), %ecx
+ xorl %edi, %ebp
+ xorl 36(%esp), %ecx
+ xorl %esi, %ebp
+.byte 209
+.byte 193
+ movl %ecx, 48(%esp)
+ leal 1859775393(%ecx,%eax,1),%ecx
+ movl %ebx, %eax
+ roll $5, %eax
+ addl %ebp, %ecx
+ addl %eax, %ecx
+
+ movl 52(%esp), %eax
+ movl %ebx, %ebp
+ xorl 60(%esp), %eax
+ rorl $2, %ebx
+ xorl 20(%esp), %eax
+ xorl %edx, %ebp
+ xorl 40(%esp), %eax
+ xorl %edi, %ebp
+.byte 209
+.byte 192
+ movl %eax, 52(%esp)
+ leal 1859775393(%eax,%esi,1),%eax
+ movl %ecx, %esi
+ roll $5, %esi
+ addl %ebp, %eax
+ addl %esi, %eax
+
+ movl 56(%esp), %esi
+ movl %ecx, %ebp
+ xorl (%esp), %esi
+ rorl $2, %ecx
+ xorl 24(%esp), %esi
+ xorl %ebx, %ebp
+ xorl 44(%esp), %esi
+ xorl %edx, %ebp
+.byte 209
+.byte 198
+ movl %esi, 56(%esp)
+ leal 1859775393(%esi,%edi,1),%esi
+ movl %eax, %edi
+ roll $5, %edi
+ addl %ebp, %esi
+ addl %edi, %esi
+
+ movl 60(%esp), %edi
+ movl %eax, %ebp
+ xorl 4(%esp), %edi
+ rorl $2, %eax
+ xorl 28(%esp), %edi
+ xorl %ecx, %ebp
+ xorl 48(%esp), %edi
+ xorl %ebx, %ebp
+.byte 209
+.byte 199
+ movl %edi, 60(%esp)
+ leal 1859775393(%edi,%edx,1),%edi
+ movl %esi, %edx
+ roll $5, %edx
+ addl %ebp, %edi
+ addl %edx, %edi
+
+ movl (%esp), %edx
+ movl %esi, %ebp
+ xorl 8(%esp), %edx
+ rorl $2, %esi
+ xorl 32(%esp), %edx
+ xorl %eax, %ebp
+ xorl 52(%esp), %edx
+ xorl %ecx, %ebp
+.byte 209
+.byte 194
+ movl %edx, (%esp)
+ leal 1859775393(%edx,%ebx,1),%edx
+ movl %edi, %ebx
+ roll $5, %ebx
+ addl %ebp, %edx
+ addl %ebx, %edx
+
+ movl 4(%esp), %ebx
+ movl %edi, %ebp
+ xorl 12(%esp), %ebx
+ rorl $2, %edi
+ xorl 36(%esp), %ebx
+ xorl %esi, %ebp
+ xorl 56(%esp), %ebx
+ xorl %eax, %ebp
+.byte 209
+.byte 195
+ movl %ebx, 4(%esp)
+ leal 1859775393(%ebx,%ecx,1),%ebx
+ movl %edx, %ecx
+ roll $5, %ecx
+ addl %ebp, %ebx
+ addl %ecx, %ebx
+
+ movl 8(%esp), %ecx
+ movl %edx, %ebp
+ xorl 16(%esp), %ecx
+ rorl $2, %edx
+ xorl 40(%esp), %ecx
+ xorl %edi, %ebp
+ xorl 60(%esp), %ecx
+ xorl %esi, %ebp
+.byte 209
+.byte 193
+ movl %ecx, 8(%esp)
+ leal 1859775393(%ecx,%eax,1),%ecx
+ movl %ebx, %eax
+ roll $5, %eax
+ addl %ebp, %ecx
+ addl %eax, %ecx
+
+ movl 12(%esp), %eax
+ movl %ebx, %ebp
+ xorl 20(%esp), %eax
+ rorl $2, %ebx
+ xorl 44(%esp), %eax
+ xorl %edx, %ebp
+ xorl (%esp), %eax
+ xorl %edi, %ebp
+.byte 209
+.byte 192
+ movl %eax, 12(%esp)
+ leal 1859775393(%eax,%esi,1),%eax
+ movl %ecx, %esi
+ roll $5, %esi
+ addl %ebp, %eax
+ addl %esi, %eax
+
+ movl 16(%esp), %esi
+ movl %ecx, %ebp
+ xorl 24(%esp), %esi
+ rorl $2, %ecx
+ xorl 48(%esp), %esi
+ xorl %ebx, %ebp
+ xorl 4(%esp), %esi
+ xorl %edx, %ebp
+.byte 209
+.byte 198
+ movl %esi, 16(%esp)
+ leal 1859775393(%esi,%edi,1),%esi
+ movl %eax, %edi
+ roll $5, %edi
+ addl %ebp, %esi
+ addl %edi, %esi
+
+ movl 20(%esp), %edi
+ movl %eax, %ebp
+ xorl 28(%esp), %edi
+ rorl $2, %eax
+ xorl 52(%esp), %edi
+ xorl %ecx, %ebp
+ xorl 8(%esp), %edi
+ xorl %ebx, %ebp
+.byte 209
+.byte 199
+ movl %edi, 20(%esp)
+ leal 1859775393(%edi,%edx,1),%edi
+ movl %esi, %edx
+ roll $5, %edx
+ addl %ebp, %edi
+ addl %edx, %edi
+
+ movl 24(%esp), %edx
+ movl %esi, %ebp
+ xorl 32(%esp), %edx
+ rorl $2, %esi
+ xorl 56(%esp), %edx
+ xorl %eax, %ebp
+ xorl 12(%esp), %edx
+ xorl %ecx, %ebp
+.byte 209
+.byte 194
+ movl %edx, 24(%esp)
+ leal 1859775393(%edx,%ebx,1),%edx
+ movl %edi, %ebx
+ roll $5, %ebx
+ addl %ebp, %edx
+ addl %ebx, %edx
+
+ movl 28(%esp), %ebx
+ movl %edi, %ebp
+ xorl 36(%esp), %ebx
+ rorl $2, %edi
+ xorl 60(%esp), %ebx
+ xorl %esi, %ebp
+ xorl 16(%esp), %ebx
+ xorl %eax, %ebp
+.byte 209
+.byte 195
+ movl %ebx, 28(%esp)
+ leal 1859775393(%ebx,%ecx,1),%ebx
+ movl %edx, %ecx
+ roll $5, %ecx
+ addl %ebp, %ebx
+ addl %ecx, %ebx
+
+ movl 32(%esp), %ecx
+ movl %edx, %ebp
+ xorl 40(%esp), %ecx
+ orl %edi, %ebp
+ xorl (%esp), %ecx
+ andl %esi, %ebp
+ xorl 20(%esp), %ecx
+.byte 209
+.byte 193
+ movl %ecx, 32(%esp)
+ leal 2400959708(%ecx,%eax,1),%ecx
+ movl %edx, %eax
+ rorl $2, %edx
+ andl %edi, %eax
+ orl %eax, %ebp
+ movl %ebx, %eax
+ roll $5, %eax
+ addl %eax, %ebp
+ addl %ebp, %ecx
+
+ movl 36(%esp), %eax
+ movl %ebx, %ebp
+ xorl 44(%esp), %eax
+ orl %edx, %ebp
+ xorl 4(%esp), %eax
+ andl %edi, %ebp
+ xorl 24(%esp), %eax
+.byte 209
+.byte 192
+ movl %eax, 36(%esp)
+ leal 2400959708(%eax,%esi,1),%eax
+ movl %ebx, %esi
+ rorl $2, %ebx
+ andl %edx, %esi
+ orl %esi, %ebp
+ movl %ecx, %esi
+ roll $5, %esi
+ addl %esi, %ebp
+ addl %ebp, %eax
+
+ movl 40(%esp), %esi
+ movl %ecx, %ebp
+ xorl 48(%esp), %esi
+ orl %ebx, %ebp
+ xorl 8(%esp), %esi
+ andl %edx, %ebp
+ xorl 28(%esp), %esi
+.byte 209
+.byte 198
+ movl %esi, 40(%esp)
+ leal 2400959708(%esi,%edi,1),%esi
+ movl %ecx, %edi
+ rorl $2, %ecx
+ andl %ebx, %edi
+ orl %edi, %ebp
+ movl %eax, %edi
+ roll $5, %edi
+ addl %edi, %ebp
+ addl %ebp, %esi
+
+ movl 44(%esp), %edi
+ movl %eax, %ebp
+ xorl 52(%esp), %edi
+ orl %ecx, %ebp
+ xorl 12(%esp), %edi
+ andl %ebx, %ebp
+ xorl 32(%esp), %edi
+.byte 209
+.byte 199
+ movl %edi, 44(%esp)
+ leal 2400959708(%edi,%edx,1),%edi
+ movl %eax, %edx
+ rorl $2, %eax
+ andl %ecx, %edx
+ orl %edx, %ebp
+ movl %esi, %edx
+ roll $5, %edx
+ addl %edx, %ebp
+ addl %ebp, %edi
+
+ movl 48(%esp), %edx
+ movl %esi, %ebp
+ xorl 56(%esp), %edx
+ orl %eax, %ebp
+ xorl 16(%esp), %edx
+ andl %ecx, %ebp
+ xorl 36(%esp), %edx
+.byte 209
+.byte 194
+ movl %edx, 48(%esp)
+ leal 2400959708(%edx,%ebx,1),%edx
+ movl %esi, %ebx
+ rorl $2, %esi
+ andl %eax, %ebx
+ orl %ebx, %ebp
+ movl %edi, %ebx
+ roll $5, %ebx
+ addl %ebx, %ebp
+ addl %ebp, %edx
+
+ movl 52(%esp), %ebx
+ movl %edi, %ebp
+ xorl 60(%esp), %ebx
+ orl %esi, %ebp
+ xorl 20(%esp), %ebx
+ andl %eax, %ebp
+ xorl 40(%esp), %ebx
+.byte 209
+.byte 195
+ movl %ebx, 52(%esp)
+ leal 2400959708(%ebx,%ecx,1),%ebx
+ movl %edi, %ecx
+ rorl $2, %edi
+ andl %esi, %ecx
+ orl %ecx, %ebp
+ movl %edx, %ecx
+ roll $5, %ecx
+ addl %ecx, %ebp
+ addl %ebp, %ebx
+
+ movl 56(%esp), %ecx
+ movl %edx, %ebp
+ xorl (%esp), %ecx
+ orl %edi, %ebp
+ xorl 24(%esp), %ecx
+ andl %esi, %ebp
+ xorl 44(%esp), %ecx
+.byte 209
+.byte 193
+ movl %ecx, 56(%esp)
+ leal 2400959708(%ecx,%eax,1),%ecx
+ movl %edx, %eax
+ rorl $2, %edx
+ andl %edi, %eax
+ orl %eax, %ebp
+ movl %ebx, %eax
+ roll $5, %eax
+ addl %eax, %ebp
+ addl %ebp, %ecx
+
+ movl 60(%esp), %eax
+ movl %ebx, %ebp
+ xorl 4(%esp), %eax
+ orl %edx, %ebp
+ xorl 28(%esp), %eax
+ andl %edi, %ebp
+ xorl 48(%esp), %eax
+.byte 209
+.byte 192
+ movl %eax, 60(%esp)
+ leal 2400959708(%eax,%esi,1),%eax
+ movl %ebx, %esi
+ rorl $2, %ebx
+ andl %edx, %esi
+ orl %esi, %ebp
+ movl %ecx, %esi
+ roll $5, %esi
+ addl %esi, %ebp
+ addl %ebp, %eax
+
+ movl (%esp), %esi
+ movl %ecx, %ebp
+ xorl 8(%esp), %esi
+ orl %ebx, %ebp
+ xorl 32(%esp), %esi
+ andl %edx, %ebp
+ xorl 52(%esp), %esi
+.byte 209
+.byte 198
+ movl %esi, (%esp)
+ leal 2400959708(%esi,%edi,1),%esi
+ movl %ecx, %edi
+ rorl $2, %ecx
+ andl %ebx, %edi
+ orl %edi, %ebp
+ movl %eax, %edi
+ roll $5, %edi
+ addl %edi, %ebp
+ addl %ebp, %esi
+
+ movl 4(%esp), %edi
+ movl %eax, %ebp
+ xorl 12(%esp), %edi
+ orl %ecx, %ebp
+ xorl 36(%esp), %edi
+ andl %ebx, %ebp
+ xorl 56(%esp), %edi
+.byte 209
+.byte 199
+ movl %edi, 4(%esp)
+ leal 2400959708(%edi,%edx,1),%edi
+ movl %eax, %edx
+ rorl $2, %eax
+ andl %ecx, %edx
+ orl %edx, %ebp
+ movl %esi, %edx
+ roll $5, %edx
+ addl %edx, %ebp
+ addl %ebp, %edi
+
+ movl 8(%esp), %edx
+ movl %esi, %ebp
+ xorl 16(%esp), %edx
+ orl %eax, %ebp
+ xorl 40(%esp), %edx
+ andl %ecx, %ebp
+ xorl 60(%esp), %edx
+.byte 209
+.byte 194
+ movl %edx, 8(%esp)
+ leal 2400959708(%edx,%ebx,1),%edx
+ movl %esi, %ebx
+ rorl $2, %esi
+ andl %eax, %ebx
+ orl %ebx, %ebp
+ movl %edi, %ebx
+ roll $5, %ebx
+ addl %ebx, %ebp
+ addl %ebp, %edx
+
+ movl 12(%esp), %ebx
+ movl %edi, %ebp
+ xorl 20(%esp), %ebx
+ orl %esi, %ebp
+ xorl 44(%esp), %ebx
+ andl %eax, %ebp
+ xorl (%esp), %ebx
+.byte 209
+.byte 195
+ movl %ebx, 12(%esp)
+ leal 2400959708(%ebx,%ecx,1),%ebx
+ movl %edi, %ecx
+ rorl $2, %edi
+ andl %esi, %ecx
+ orl %ecx, %ebp
+ movl %edx, %ecx
+ roll $5, %ecx
+ addl %ecx, %ebp
+ addl %ebp, %ebx
+
+ movl 16(%esp), %ecx
+ movl %edx, %ebp
+ xorl 24(%esp), %ecx
+ orl %edi, %ebp
+ xorl 48(%esp), %ecx
+ andl %esi, %ebp
+ xorl 4(%esp), %ecx
+.byte 209
+.byte 193
+ movl %ecx, 16(%esp)
+ leal 2400959708(%ecx,%eax,1),%ecx
+ movl %edx, %eax
+ rorl $2, %edx
+ andl %edi, %eax
+ orl %eax, %ebp
+ movl %ebx, %eax
+ roll $5, %eax
+ addl %eax, %ebp
+ addl %ebp, %ecx
+
+ movl 20(%esp), %eax
+ movl %ebx, %ebp
+ xorl 28(%esp), %eax
+ orl %edx, %ebp
+ xorl 52(%esp), %eax
+ andl %edi, %ebp
+ xorl 8(%esp), %eax
+.byte 209
+.byte 192
+ movl %eax, 20(%esp)
+ leal 2400959708(%eax,%esi,1),%eax
+ movl %ebx, %esi
+ rorl $2, %ebx
+ andl %edx, %esi
+ orl %esi, %ebp
+ movl %ecx, %esi
+ roll $5, %esi
+ addl %esi, %ebp
+ addl %ebp, %eax
+
+ movl 24(%esp), %esi
+ movl %ecx, %ebp
+ xorl 32(%esp), %esi
+ orl %ebx, %ebp
+ xorl 56(%esp), %esi
+ andl %edx, %ebp
+ xorl 12(%esp), %esi
+.byte 209
+.byte 198
+ movl %esi, 24(%esp)
+ leal 2400959708(%esi,%edi,1),%esi
+ movl %ecx, %edi
+ rorl $2, %ecx
+ andl %ebx, %edi
+ orl %edi, %ebp
+ movl %eax, %edi
+ roll $5, %edi
+ addl %edi, %ebp
+ addl %ebp, %esi
+
+ movl 28(%esp), %edi
+ movl %eax, %ebp
+ xorl 36(%esp), %edi
+ orl %ecx, %ebp
+ xorl 60(%esp), %edi
+ andl %ebx, %ebp
+ xorl 16(%esp), %edi
+.byte 209
+.byte 199
+ movl %edi, 28(%esp)
+ leal 2400959708(%edi,%edx,1),%edi
+ movl %eax, %edx
+ rorl $2, %eax
+ andl %ecx, %edx
+ orl %edx, %ebp
+ movl %esi, %edx
+ roll $5, %edx
+ addl %edx, %ebp
+ addl %ebp, %edi
+
+ movl 32(%esp), %edx
+ movl %esi, %ebp
+ xorl 40(%esp), %edx
+ orl %eax, %ebp
+ xorl (%esp), %edx
+ andl %ecx, %ebp
+ xorl 20(%esp), %edx
+.byte 209
+.byte 194
+ movl %edx, 32(%esp)
+ leal 2400959708(%edx,%ebx,1),%edx
+ movl %esi, %ebx
+ rorl $2, %esi
+ andl %eax, %ebx
+ orl %ebx, %ebp
+ movl %edi, %ebx
+ roll $5, %ebx
+ addl %ebx, %ebp
+ addl %ebp, %edx
+
+ movl 36(%esp), %ebx
+ movl %edi, %ebp
+ xorl 44(%esp), %ebx
+ orl %esi, %ebp
+ xorl 4(%esp), %ebx
+ andl %eax, %ebp
+ xorl 24(%esp), %ebx
+.byte 209
+.byte 195
+ movl %ebx, 36(%esp)
+ leal 2400959708(%ebx,%ecx,1),%ebx
+ movl %edi, %ecx
+ rorl $2, %edi
+ andl %esi, %ecx
+ orl %ecx, %ebp
+ movl %edx, %ecx
+ roll $5, %ecx
+ addl %ecx, %ebp
+ addl %ebp, %ebx
+
+ movl 40(%esp), %ecx
+ movl %edx, %ebp
+ xorl 48(%esp), %ecx
+ orl %edi, %ebp
+ xorl 8(%esp), %ecx
+ andl %esi, %ebp
+ xorl 28(%esp), %ecx
+.byte 209
+.byte 193
+ movl %ecx, 40(%esp)
+ leal 2400959708(%ecx,%eax,1),%ecx
+ movl %edx, %eax
+ rorl $2, %edx
+ andl %edi, %eax
+ orl %eax, %ebp
+ movl %ebx, %eax
+ roll $5, %eax
+ addl %eax, %ebp
+ addl %ebp, %ecx
+
+ movl 44(%esp), %eax
+ movl %ebx, %ebp
+ xorl 52(%esp), %eax
+ orl %edx, %ebp
+ xorl 12(%esp), %eax
+ andl %edi, %ebp
+ xorl 32(%esp), %eax
+.byte 209
+.byte 192
+ movl %eax, 44(%esp)
+ leal 2400959708(%eax,%esi,1),%eax
+ movl %ebx, %esi
+ rorl $2, %ebx
+ andl %edx, %esi
+ orl %esi, %ebp
+ movl %ecx, %esi
+ roll $5, %esi
+ addl %esi, %ebp
+ addl %ebp, %eax
+
+ movl 48(%esp), %esi
+ movl %ecx, %ebp
+ xorl 56(%esp), %esi
+ rorl $2, %ecx
+ xorl 16(%esp), %esi
+ xorl %ebx, %ebp
+ xorl 36(%esp), %esi
+ xorl %edx, %ebp
+.byte 209
+.byte 198
+ movl %esi, 48(%esp)
+ leal 3395469782(%esi,%edi,1),%esi
+ movl %eax, %edi
+ roll $5, %edi
+ addl %ebp, %esi
+ addl %edi, %esi
+
+ movl 52(%esp), %edi
+ movl %eax, %ebp
+ xorl 60(%esp), %edi
+ rorl $2, %eax
+ xorl 20(%esp), %edi
+ xorl %ecx, %ebp
+ xorl 40(%esp), %edi
+ xorl %ebx, %ebp
+.byte 209
+.byte 199
+ movl %edi, 52(%esp)
+ leal 3395469782(%edi,%edx,1),%edi
+ movl %esi, %edx
+ roll $5, %edx
+ addl %ebp, %edi
+ addl %edx, %edi
+
+ movl 56(%esp), %edx
+ movl %esi, %ebp
+ xorl (%esp), %edx
+ rorl $2, %esi
+ xorl 24(%esp), %edx
+ xorl %eax, %ebp
+ xorl 44(%esp), %edx
+ xorl %ecx, %ebp
+.byte 209
+.byte 194
+ movl %edx, 56(%esp)
+ leal 3395469782(%edx,%ebx,1),%edx
+ movl %edi, %ebx
+ roll $5, %ebx
+ addl %ebp, %edx
+ addl %ebx, %edx
+
+ movl 60(%esp), %ebx
+ movl %edi, %ebp
+ xorl 4(%esp), %ebx
+ rorl $2, %edi
+ xorl 28(%esp), %ebx
+ xorl %esi, %ebp
+ xorl 48(%esp), %ebx
+ xorl %eax, %ebp
+.byte 209
+.byte 195
+ movl %ebx, 60(%esp)
+ leal 3395469782(%ebx,%ecx,1),%ebx
+ movl %edx, %ecx
+ roll $5, %ecx
+ addl %ebp, %ebx
+ addl %ecx, %ebx
+
+ movl (%esp), %ecx
+ movl %edx, %ebp
+ xorl 8(%esp), %ecx
+ rorl $2, %edx
+ xorl 32(%esp), %ecx
+ xorl %edi, %ebp
+ xorl 52(%esp), %ecx
+ xorl %esi, %ebp
+.byte 209
+.byte 193
+ movl %ecx, (%esp)
+ leal 3395469782(%ecx,%eax,1),%ecx
+ movl %ebx, %eax
+ roll $5, %eax
+ addl %ebp, %ecx
+ addl %eax, %ecx
+
+ movl 4(%esp), %eax
+ movl %ebx, %ebp
+ xorl 12(%esp), %eax
+ rorl $2, %ebx
+ xorl 36(%esp), %eax
+ xorl %edx, %ebp
+ xorl 56(%esp), %eax
+ xorl %edi, %ebp
+.byte 209
+.byte 192
+ movl %eax, 4(%esp)
+ leal 3395469782(%eax,%esi,1),%eax
+ movl %ecx, %esi
+ roll $5, %esi
+ addl %ebp, %eax
+ addl %esi, %eax
+
+ movl 8(%esp), %esi
+ movl %ecx, %ebp
+ xorl 16(%esp), %esi
+ rorl $2, %ecx
+ xorl 40(%esp), %esi
+ xorl %ebx, %ebp
+ xorl 60(%esp), %esi
+ xorl %edx, %ebp
+.byte 209
+.byte 198
+ movl %esi, 8(%esp)
+ leal 3395469782(%esi,%edi,1),%esi
+ movl %eax, %edi
+ roll $5, %edi
+ addl %ebp, %esi
+ addl %edi, %esi
+
+ movl 12(%esp), %edi
+ movl %eax, %ebp
+ xorl 20(%esp), %edi
+ rorl $2, %eax
+ xorl 44(%esp), %edi
+ xorl %ecx, %ebp
+ xorl (%esp), %edi
+ xorl %ebx, %ebp
+.byte 209
+.byte 199
+ movl %edi, 12(%esp)
+ leal 3395469782(%edi,%edx,1),%edi
+ movl %esi, %edx
+ roll $5, %edx
+ addl %ebp, %edi
+ addl %edx, %edi
+
+ movl 16(%esp), %edx
+ movl %esi, %ebp
+ xorl 24(%esp), %edx
+ rorl $2, %esi
+ xorl 48(%esp), %edx
+ xorl %eax, %ebp
+ xorl 4(%esp), %edx
+ xorl %ecx, %ebp
+.byte 209
+.byte 194
+ movl %edx, 16(%esp)
+ leal 3395469782(%edx,%ebx,1),%edx
+ movl %edi, %ebx
+ roll $5, %ebx
+ addl %ebp, %edx
+ addl %ebx, %edx
+
+ movl 20(%esp), %ebx
+ movl %edi, %ebp
+ xorl 28(%esp), %ebx
+ rorl $2, %edi
+ xorl 52(%esp), %ebx
+ xorl %esi, %ebp
+ xorl 8(%esp), %ebx
+ xorl %eax, %ebp
+.byte 209
+.byte 195
+ movl %ebx, 20(%esp)
+ leal 3395469782(%ebx,%ecx,1),%ebx
+ movl %edx, %ecx
+ roll $5, %ecx
+ addl %ebp, %ebx
+ addl %ecx, %ebx
+
+ movl 24(%esp), %ecx
+ movl %edx, %ebp
+ xorl 32(%esp), %ecx
+ rorl $2, %edx
+ xorl 56(%esp), %ecx
+ xorl %edi, %ebp
+ xorl 12(%esp), %ecx
+ xorl %esi, %ebp
+.byte 209
+.byte 193
+ movl %ecx, 24(%esp)
+ leal 3395469782(%ecx,%eax,1),%ecx
+ movl %ebx, %eax
+ roll $5, %eax
+ addl %ebp, %ecx
+ addl %eax, %ecx
+
+ movl 28(%esp), %eax
+ movl %ebx, %ebp
+ xorl 36(%esp), %eax
+ rorl $2, %ebx
+ xorl 60(%esp), %eax
+ xorl %edx, %ebp
+ xorl 16(%esp), %eax
+ xorl %edi, %ebp
+.byte 209
+.byte 192
+ movl %eax, 28(%esp)
+ leal 3395469782(%eax,%esi,1),%eax
+ movl %ecx, %esi
+ roll $5, %esi
+ addl %ebp, %eax
+ addl %esi, %eax
+
+ movl 32(%esp), %esi
+ movl %ecx, %ebp
+ xorl 40(%esp), %esi
+ rorl $2, %ecx
+ xorl (%esp), %esi
+ xorl %ebx, %ebp
+ xorl 20(%esp), %esi
+ xorl %edx, %ebp
+.byte 209
+.byte 198
+ movl %esi, 32(%esp)
+ leal 3395469782(%esi,%edi,1),%esi
+ movl %eax, %edi
+ roll $5, %edi
+ addl %ebp, %esi
+ addl %edi, %esi
+
+ movl 36(%esp), %edi
+ movl %eax, %ebp
+ xorl 44(%esp), %edi
+ rorl $2, %eax
+ xorl 4(%esp), %edi
+ xorl %ecx, %ebp
+ xorl 24(%esp), %edi
+ xorl %ebx, %ebp
+.byte 209
+.byte 199
+ movl %edi, 36(%esp)
+ leal 3395469782(%edi,%edx,1),%edi
+ movl %esi, %edx
+ roll $5, %edx
+ addl %ebp, %edi
+ addl %edx, %edi
+
+ movl 40(%esp), %edx
+ movl %esi, %ebp
+ xorl 48(%esp), %edx
+ rorl $2, %esi
+ xorl 8(%esp), %edx
+ xorl %eax, %ebp
+ xorl 28(%esp), %edx
+ xorl %ecx, %ebp
+.byte 209
+.byte 194
+ movl %edx, 40(%esp)
+ leal 3395469782(%edx,%ebx,1),%edx
+ movl %edi, %ebx
+ roll $5, %ebx
+ addl %ebp, %edx
+ addl %ebx, %edx
+
+ movl 44(%esp), %ebx
+ movl %edi, %ebp
+ xorl 52(%esp), %ebx
+ rorl $2, %edi
+ xorl 12(%esp), %ebx
+ xorl %esi, %ebp
+ xorl 32(%esp), %ebx
+ xorl %eax, %ebp
+.byte 209
+.byte 195
+ movl %ebx, 44(%esp)
+ leal 3395469782(%ebx,%ecx,1),%ebx
+ movl %edx, %ecx
+ roll $5, %ecx
+ addl %ebp, %ebx
+ addl %ecx, %ebx
+
+ movl 48(%esp), %ecx
+ movl %edx, %ebp
+ xorl 56(%esp), %ecx
+ rorl $2, %edx
+ xorl 16(%esp), %ecx
+ xorl %edi, %ebp
+ xorl 36(%esp), %ecx
+ xorl %esi, %ebp
+.byte 209
+.byte 193
+ movl %ecx, 48(%esp)
+ leal 3395469782(%ecx,%eax,1),%ecx
+ movl %ebx, %eax
+ roll $5, %eax
+ addl %ebp, %ecx
+ addl %eax, %ecx
+
+ movl 52(%esp), %eax
+ movl %ebx, %ebp
+ xorl 60(%esp), %eax
+ rorl $2, %ebx
+ xorl 20(%esp), %eax
+ xorl %edx, %ebp
+ xorl 40(%esp), %eax
+ xorl %edi, %ebp
+.byte 209
+.byte 192
+ movl %eax, 52(%esp)
+ leal 3395469782(%eax,%esi,1),%eax
+ movl %ecx, %esi
+ roll $5, %esi
+ addl %ebp, %eax
+ addl %esi, %eax
+
+ movl 56(%esp), %esi
+ movl %ecx, %ebp
+ xorl (%esp), %esi
+ rorl $2, %ecx
+ xorl 24(%esp), %esi
+ xorl %ebx, %ebp
+ xorl 44(%esp), %esi
+ xorl %edx, %ebp
+.byte 209
+.byte 198
+ movl %esi, 56(%esp)
+ leal 3395469782(%esi,%edi,1),%esi
+ movl %eax, %edi
+ roll $5, %edi
+ addl %ebp, %esi
+ addl %edi, %esi
+
+ movl 60(%esp), %edi
+ movl %eax, %ebp
+ xorl 4(%esp), %edi
+ rorl $2, %eax
+ xorl 28(%esp), %edi
+ xorl %ecx, %ebp
+ xorl 48(%esp), %edi
+ xorl %ebx, %ebp
+.byte 209
+.byte 199
+ movl %edi, 60(%esp)
+ leal 3395469782(%edi,%edx,1),%edi
+ movl %esi, %edx
+ roll $5, %edx
+ addl %ebp, %edi
+ addl %edx, %edi
+
+
+ movl 128(%esp), %ebp
+ movl 12(%ebp), %edx
+ addl %ecx, %edx
+ movl 4(%ebp), %ecx
+ addl %esi, %ecx
+ movl %eax, %esi
+ movl (%ebp), %eax
+ movl %edx, 12(%ebp)
+ addl %edi, %eax
+ movl 16(%ebp), %edi
+ addl %ebx, %edi
+ movl 8(%ebp), %ebx
+ addl %esi, %ebx
+ movl %eax, (%ebp)
+ movl 132(%esp), %esi
+ movl %ebx, 8(%ebp)
+ addl $64, %esi
+ movl 68(%esp), %eax
+ movl %edi, 16(%ebp)
+ cmpl %eax, %esi
+ movl %ecx, 4(%ebp)
+ jb .L000start
+ addl $108, %esp
+ popl %edi
+ popl %ebx
+ popl %ebp
+ popl %esi
+ ret
+.L_sha1_block_asm_data_order_end:
+ .size sha1_block_asm_data_order,.L_sha1_block_asm_data_order_end-sha1_block_asm_data_order
+.ident "desasm.pl"
+.text
+ .align 16
+.globl sha1_block_asm_host_order
+ .type sha1_block_asm_host_order,@function
+sha1_block_asm_host_order:
+ movl 12(%esp), %ecx
+ pushl %esi
+ sall $6, %ecx
+ movl 12(%esp), %esi
+ pushl %ebp
+ addl %esi, %ecx
+ pushl %ebx
+ movl 16(%esp), %ebp
+ pushl %edi
+ movl 12(%ebp), %edx
+ subl $108, %esp
+ movl 16(%ebp), %edi
+ movl 8(%ebp), %ebx
+ movl %ecx, 68(%esp)
+
+ movl (%esi), %eax
+ movl 4(%esi), %ecx
+ movl %eax, (%esp)
+ movl %ecx, 4(%esp)
+ movl 8(%esi), %eax
+ movl 12(%esi), %ecx
+ movl %eax, 8(%esp)
+ movl %ecx, 12(%esp)
+ movl 16(%esi), %eax
+ movl 20(%esi), %ecx
+ movl %eax, 16(%esp)
+ movl %ecx, 20(%esp)
+ movl 24(%esi), %eax
+ movl 28(%esi), %ecx
+ movl %eax, 24(%esp)
+ movl %ecx, 28(%esp)
+ movl 32(%esi), %eax
+ movl 36(%esi), %ecx
+ movl %eax, 32(%esp)
+ movl %ecx, 36(%esp)
+ movl 40(%esi), %eax
+ movl 44(%esi), %ecx
+ movl %eax, 40(%esp)
+ movl %ecx, 44(%esp)
+ movl 48(%esi), %eax
+ movl 52(%esi), %ecx
+ movl %eax, 48(%esp)
+ movl %ecx, 52(%esp)
+ movl 56(%esi), %eax
+ movl 60(%esi), %ecx
+ movl %eax, 56(%esp)
+ movl %ecx, 60(%esp)
+ jmp .L001shortcut
+.L_sha1_block_asm_host_order_end:
+ .size sha1_block_asm_host_order,.L_sha1_block_asm_host_order_end-sha1_block_asm_host_order
+.ident "desasm.pl"
--- /dev/null
+/* crypto/md32_common.h */
+/* ====================================================================
+ * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/*
+ * This is a generic 32 bit "collector" for message digest algorithms.
+ * Whenever needed it collects input character stream into chunks of
+ * 32 bit values and invokes a block function that performs actual hash
+ * calculations.
+ *
+ * Porting guide.
+ *
+ * Obligatory macros:
+ *
+ * DATA_ORDER_IS_BIG_ENDIAN or DATA_ORDER_IS_LITTLE_ENDIAN
+ * this macro defines byte order of input stream.
+ * HASH_CBLOCK
+ * size of a unit chunk HASH_BLOCK operates on.
+ * HASH_LONG
+ * has to be at lest 32 bit wide, if it's wider, then
+ * HASH_LONG_LOG2 *has to* be defined along
+ * HASH_CTX
+ * context structure that at least contains following
+ * members:
+ * typedef struct {
+ * ...
+ * HASH_LONG Nl,Nh;
+ * HASH_LONG data[HASH_LBLOCK];
+ * unsigned int num;
+ * ...
+ * } HASH_CTX;
+ * HASH_UPDATE
+ * name of "Update" function, implemented here.
+ * HASH_TRANSFORM
+ * name of "Transform" function, implemented here.
+ * HASH_FINAL
+ * name of "Final" function, implemented here.
+ * HASH_BLOCK_HOST_ORDER
+ * name of "block" function treating *aligned* input message
+ * in host byte order, implemented externally.
+ * HASH_BLOCK_DATA_ORDER
+ * name of "block" function treating *unaligned* input message
+ * in original (data) byte order, implemented externally (it
+ * actually is optional if data and host are of the same
+ * "endianess").
+ * HASH_MAKE_STRING
+ * macro convering context variables to an ASCII hash string.
+ *
+ * Optional macros:
+ *
+ * B_ENDIAN or L_ENDIAN
+ * defines host byte-order.
+ * HASH_LONG_LOG2
+ * defaults to 2 if not states otherwise.
+ * HASH_LBLOCK
+ * assumed to be HASH_CBLOCK/4 if not stated otherwise.
+ * HASH_BLOCK_DATA_ORDER_ALIGNED
+ * alternative "block" function capable of treating
+ * aligned input message in original (data) order,
+ * implemented externally.
+ *
+ * MD5 example:
+ *
+ * #define DATA_ORDER_IS_LITTLE_ENDIAN
+ *
+ * #define HASH_LONG MD5_LONG
+ * #define HASH_LONG_LOG2 MD5_LONG_LOG2
+ * #define HASH_CTX MD5_CTX
+ * #define HASH_CBLOCK MD5_CBLOCK
+ * #define HASH_LBLOCK MD5_LBLOCK
+ * #define HASH_UPDATE MD5_Update
+ * #define HASH_TRANSFORM MD5_Transform
+ * #define HASH_FINAL MD5_Final
+ * #define HASH_BLOCK_HOST_ORDER md5_block_host_order
+ * #define HASH_BLOCK_DATA_ORDER md5_block_data_order
+ *
+ * <appro@fy.chalmers.se>
+ */
+
+#if !defined(DATA_ORDER_IS_BIG_ENDIAN) && !defined(DATA_ORDER_IS_LITTLE_ENDIAN)
+#error "DATA_ORDER must be defined!"
+#endif
+
+#ifndef HASH_CBLOCK
+#error "HASH_CBLOCK must be defined!"
+#endif
+#ifndef HASH_LONG
+#error "HASH_LONG must be defined!"
+#endif
+#ifndef HASH_CTX
+#error "HASH_CTX must be defined!"
+#endif
+
+#ifndef HASH_UPDATE
+#error "HASH_UPDATE must be defined!"
+#endif
+#ifndef HASH_TRANSFORM
+#error "HASH_TRANSFORM must be defined!"
+#endif
+#ifndef HASH_FINAL
+#error "HASH_FINAL must be defined!"
+#endif
+
+#ifndef HASH_BLOCK_HOST_ORDER
+#error "HASH_BLOCK_HOST_ORDER must be defined!"
+#endif
+
+#if 0
+/*
+ * Moved below as it's required only if HASH_BLOCK_DATA_ORDER_ALIGNED
+ * isn't defined.
+ */
+#ifndef HASH_BLOCK_DATA_ORDER
+#error "HASH_BLOCK_DATA_ORDER must be defined!"
+#endif
+#endif
+
+#ifndef HASH_LBLOCK
+#define HASH_LBLOCK (HASH_CBLOCK/4)
+#endif
+
+#ifndef HASH_LONG_LOG2
+#define HASH_LONG_LOG2 2
+#endif
+
+/*
+ * Engage compiler specific rotate intrinsic function if available.
+ */
+#undef ROTATE
+#ifndef PEDANTIC
+# if defined(_MSC_VER) || defined(__ICC)
+# define ROTATE(a,n) _lrotl(a,n)
+# elif defined(__MWERKS__)
+# if defined(__POWERPC__)
+# define ROTATE(a,n) __rlwinm(a,n,0,31)
+# elif defined(__MC68K__)
+ /* Motorola specific tweak. <appro@fy.chalmers.se> */
+# define ROTATE(a,n) ( n<24 ? __rol(a,n) : __ror(a,32-n) )
+# else
+# define ROTATE(a,n) __rol(a,n)
+# endif
+# elif defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
+ /*
+ * Some GNU C inline assembler templates. Note that these are
+ * rotates by *constant* number of bits! But that's exactly
+ * what we need here...
+ * <appro@fy.chalmers.se>
+ */
+# if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)
+# define ROTATE(a,n) ({ register unsigned int ret; \
+ asm ( \
+ "roll %1,%0" \
+ : "=r"(ret) \
+ : "I"(n), "0"(a) \
+ : "cc"); \
+ ret; \
+ })
+# elif defined(__powerpc) || defined(__ppc__) || defined(__powerpc64__)
+# define ROTATE(a,n) ({ register unsigned int ret; \
+ asm ( \
+ "rlwinm %0,%1,%2,0,31" \
+ : "=r"(ret) \
+ : "r"(a), "I"(n)); \
+ ret; \
+ })
+# endif
+# endif
+#endif /* PEDANTIC */
+
+#if HASH_LONG_LOG2==2 /* Engage only if sizeof(HASH_LONG)== 4 */
+/* A nice byte order reversal from Wei Dai <weidai@eskimo.com> */
+#ifdef ROTATE
+/* 5 instructions with rotate instruction, else 9 */
+#define REVERSE_FETCH32(a,l) ( \
+ l=*(const HASH_LONG *)(a), \
+ ((ROTATE(l,8)&0x00FF00FF)|(ROTATE((l&0x00FF00FF),24))) \
+ )
+#else
+/* 6 instructions with rotate instruction, else 8 */
+#define REVERSE_FETCH32(a,l) ( \
+ l=*(const HASH_LONG *)(a), \
+ l=(((l>>8)&0x00FF00FF)|((l&0x00FF00FF)<<8)), \
+ ROTATE(l,16) \
+ )
+/*
+ * Originally the middle line started with l=(((l&0xFF00FF00)>>8)|...
+ * It's rewritten as above for two reasons:
+ * - RISCs aren't good at long constants and have to explicitely
+ * compose 'em with several (well, usually 2) instructions in a
+ * register before performing the actual operation and (as you
+ * already realized:-) having same constant should inspire the
+ * compiler to permanently allocate the only register for it;
+ * - most modern CPUs have two ALUs, but usually only one has
+ * circuitry for shifts:-( this minor tweak inspires compiler
+ * to schedule shift instructions in a better way...
+ *
+ * <appro@fy.chalmers.se>
+ */
+#endif
+#endif
+
+#ifndef ROTATE
+#define ROTATE(a,n) (((a)<<(n))|(((a)&0xffffffff)>>(32-(n))))
+#endif
+
+/*
+ * Make some obvious choices. E.g., HASH_BLOCK_DATA_ORDER_ALIGNED
+ * and HASH_BLOCK_HOST_ORDER ought to be the same if input data
+ * and host are of the same "endianess". It's possible to mask
+ * this with blank #define HASH_BLOCK_DATA_ORDER though...
+ *
+ * <appro@fy.chalmers.se>
+ */
+#if defined(B_ENDIAN)
+# if defined(DATA_ORDER_IS_BIG_ENDIAN)
+# if !defined(HASH_BLOCK_DATA_ORDER_ALIGNED) && HASH_LONG_LOG2==2
+# define HASH_BLOCK_DATA_ORDER_ALIGNED HASH_BLOCK_HOST_ORDER
+# endif
+# endif
+#elif defined(L_ENDIAN)
+# if defined(DATA_ORDER_IS_LITTLE_ENDIAN)
+# if !defined(HASH_BLOCK_DATA_ORDER_ALIGNED) && HASH_LONG_LOG2==2
+# define HASH_BLOCK_DATA_ORDER_ALIGNED HASH_BLOCK_HOST_ORDER
+# endif
+# endif
+#endif
+
+#if !defined(HASH_BLOCK_DATA_ORDER_ALIGNED)
+#ifndef HASH_BLOCK_DATA_ORDER
+#error "HASH_BLOCK_DATA_ORDER must be defined!"
+#endif
+#endif
+
+#if defined(DATA_ORDER_IS_BIG_ENDIAN)
+
+#ifndef PEDANTIC
+# if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
+# if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)
+ /*
+ * This gives ~30-40% performance improvement in SHA-256 compiled
+ * with gcc [on P4]. Well, first macro to be frank. We can pull
+ * this trick on x86* platforms only, because these CPUs can fetch
+ * unaligned data without raising an exception.
+ */
+# define HOST_c2l(c,l) ({ unsigned int r=*((const unsigned int *)(c)); \
+ asm ("bswapl %0":"=r"(r):"0"(r)); \
+ (c)+=4; (l)=r; })
+# define HOST_l2c(l,c) ({ unsigned int r=(l); \
+ asm ("bswapl %0":"=r"(r):"0"(r)); \
+ *((unsigned int *)(c))=r; (c)+=4; r; })
+# endif
+# endif
+#endif
+
+#ifndef HOST_c2l
+#define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++)))<<24), \
+ l|=(((unsigned long)(*((c)++)))<<16), \
+ l|=(((unsigned long)(*((c)++)))<< 8), \
+ l|=(((unsigned long)(*((c)++))) ), \
+ l)
+#endif
+#define HOST_p_c2l(c,l,n) { \
+ switch (n) { \
+ case 0: l =((unsigned long)(*((c)++)))<<24; \
+ case 1: l|=((unsigned long)(*((c)++)))<<16; \
+ case 2: l|=((unsigned long)(*((c)++)))<< 8; \
+ case 3: l|=((unsigned long)(*((c)++))); \
+ } }
+#define HOST_p_c2l_p(c,l,sc,len) { \
+ switch (sc) { \
+ case 0: l =((unsigned long)(*((c)++)))<<24; \
+ if (--len == 0) break; \
+ case 1: l|=((unsigned long)(*((c)++)))<<16; \
+ if (--len == 0) break; \
+ case 2: l|=((unsigned long)(*((c)++)))<< 8; \
+ } }
+/* NOTE the pointer is not incremented at the end of this */
+#define HOST_c2l_p(c,l,n) { \
+ l=0; (c)+=n; \
+ switch (n) { \
+ case 3: l =((unsigned long)(*(--(c))))<< 8; \
+ case 2: l|=((unsigned long)(*(--(c))))<<16; \
+ case 1: l|=((unsigned long)(*(--(c))))<<24; \
+ } }
+#ifndef HOST_l2c
+#define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \
+ *((c)++)=(unsigned char)(((l)>>16)&0xff), \
+ *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
+ *((c)++)=(unsigned char)(((l) )&0xff), \
+ l)
+#endif
+
+#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
+
+#if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)
+ /* See comment in DATA_ORDER_IS_BIG_ENDIAN section. */
+# define HOST_c2l(c,l) ((l)=*((const unsigned int *)(c)), (c)+=4, l)
+# define HOST_l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4, l)
+#endif
+
+#ifndef HOST_c2l
+#define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++))) ), \
+ l|=(((unsigned long)(*((c)++)))<< 8), \
+ l|=(((unsigned long)(*((c)++)))<<16), \
+ l|=(((unsigned long)(*((c)++)))<<24), \
+ l)
+#endif
+#define HOST_p_c2l(c,l,n) { \
+ switch (n) { \
+ case 0: l =((unsigned long)(*((c)++))); \
+ case 1: l|=((unsigned long)(*((c)++)))<< 8; \
+ case 2: l|=((unsigned long)(*((c)++)))<<16; \
+ case 3: l|=((unsigned long)(*((c)++)))<<24; \
+ } }
+#define HOST_p_c2l_p(c,l,sc,len) { \
+ switch (sc) { \
+ case 0: l =((unsigned long)(*((c)++))); \
+ if (--len == 0) break; \
+ case 1: l|=((unsigned long)(*((c)++)))<< 8; \
+ if (--len == 0) break; \
+ case 2: l|=((unsigned long)(*((c)++)))<<16; \
+ } }
+/* NOTE the pointer is not incremented at the end of this */
+#define HOST_c2l_p(c,l,n) { \
+ l=0; (c)+=n; \
+ switch (n) { \
+ case 3: l =((unsigned long)(*(--(c))))<<16; \
+ case 2: l|=((unsigned long)(*(--(c))))<< 8; \
+ case 1: l|=((unsigned long)(*(--(c)))); \
+ } }
+#ifndef HOST_l2c
+#define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \
+ *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
+ *((c)++)=(unsigned char)(((l)>>16)&0xff), \
+ *((c)++)=(unsigned char)(((l)>>24)&0xff), \
+ l)
+#endif
+
+#endif
+
+/*
+ * Time for some action:-)
+ */
+
+int HASH_UPDATE (HASH_CTX *c, const void *data_, size_t len)
+ {
+ const unsigned char *data=data_;
+ register HASH_LONG * p;
+ register HASH_LONG l;
+ size_t sw,sc,ew,ec;
+
+ if(FIPS_selftest_failed())
+ return 0;
+
+ if (len==0) return 1;
+
+ l=(c->Nl+(((HASH_LONG)len)<<3))&0xffffffffUL;
+ /* 95-05-24 eay Fixed a bug with the overflow handling, thanks to
+ * Wei Dai <weidai@eskimo.com> for pointing it out. */
+ if (l < c->Nl) /* overflow */
+ c->Nh++;
+ c->Nh+=(len>>29); /* might cause compiler warning on 16-bit */
+ c->Nl=l;
+
+ if (c->num != 0)
+ {
+ p=c->data;
+ sw=c->num>>2;
+ sc=c->num&0x03;
+
+ if ((c->num+len) >= HASH_CBLOCK)
+ {
+ l=p[sw]; HOST_p_c2l(data,l,sc); p[sw++]=l;
+ for (; sw<HASH_LBLOCK; sw++)
+ {
+ HOST_c2l(data,l); p[sw]=l;
+ }
+ HASH_BLOCK_HOST_ORDER (c,p,1);
+ len-=(HASH_CBLOCK-c->num);
+ c->num=0;
+ /* drop through and do the rest */
+ }
+ else
+ {
+ c->num+=(unsigned int)len;
+ if ((sc+len) < 4) /* ugly, add char's to a word */
+ {
+ l=p[sw]; HOST_p_c2l_p(data,l,sc,len); p[sw]=l;
+ }
+ else
+ {
+ ew=(c->num>>2);
+ ec=(c->num&0x03);
+ if (sc)
+ l=p[sw];
+ HOST_p_c2l(data,l,sc);
+ p[sw++]=l;
+ for (; sw < ew; sw++)
+ {
+ HOST_c2l(data,l); p[sw]=l;
+ }
+ if (ec)
+ {
+ HOST_c2l_p(data,l,ec); p[sw]=l;
+ }
+ }
+ return 1;
+ }
+ }
+
+ sw=len/HASH_CBLOCK;
+ if (sw > 0)
+ {
+#if defined(HASH_BLOCK_DATA_ORDER_ALIGNED)
+ /*
+ * Note that HASH_BLOCK_DATA_ORDER_ALIGNED gets defined
+ * only if sizeof(HASH_LONG)==4.
+ */
+ if ((((size_t)data)%4) == 0)
+ {
+ /* data is properly aligned so that we can cast it: */
+ HASH_BLOCK_DATA_ORDER_ALIGNED (c,(const HASH_LONG *)data,sw);
+ sw*=HASH_CBLOCK;
+ data+=sw;
+ len-=sw;
+ }
+ else
+#if !defined(HASH_BLOCK_DATA_ORDER)
+ while (sw--)
+ {
+ memcpy (p=c->data,data,HASH_CBLOCK);
+ HASH_BLOCK_DATA_ORDER_ALIGNED(c,p,1);
+ data+=HASH_CBLOCK;
+ len-=HASH_CBLOCK;
+ }
+#endif
+#endif
+#if defined(HASH_BLOCK_DATA_ORDER)
+ {
+ HASH_BLOCK_DATA_ORDER(c,data,sw);
+ sw*=HASH_CBLOCK;
+ data+=sw;
+ len-=sw;
+ }
+#endif
+ }
+
+ if (len!=0)
+ {
+ p = c->data;
+ c->num = len;
+ ew=len>>2; /* words to copy */
+ ec=len&0x03;
+ for (; ew; ew--,p++)
+ {
+ HOST_c2l(data,l); *p=l;
+ }
+ HOST_c2l_p(data,l,ec);
+ *p=l;
+ }
+ return 1;
+ }
+
+
+void HASH_TRANSFORM (HASH_CTX *c, const unsigned char *data)
+ {
+#if defined(HASH_BLOCK_DATA_ORDER_ALIGNED)
+ if ((((size_t)data)%4) == 0)
+ /* data is properly aligned so that we can cast it: */
+ HASH_BLOCK_DATA_ORDER_ALIGNED (c,(const HASH_LONG *)data,1);
+ else
+#if !defined(HASH_BLOCK_DATA_ORDER)
+ {
+ memcpy (c->data,data,HASH_CBLOCK);
+ HASH_BLOCK_DATA_ORDER_ALIGNED (c,c->data,1);
+ }
+#endif
+#endif
+#if defined(HASH_BLOCK_DATA_ORDER)
+ HASH_BLOCK_DATA_ORDER (c,data,1);
+#endif
+ }
+
+
+int HASH_FINAL (unsigned char *md, HASH_CTX *c)
+ {
+ register HASH_LONG *p;
+ register unsigned long l;
+ register int i,j;
+ static const unsigned char end[4]={0x80,0x00,0x00,0x00};
+ const unsigned char *cp=end;
+
+ /* c->num should definitly have room for at least one more byte. */
+ p=c->data;
+ i=c->num>>2;
+ j=c->num&0x03;
+
+#if 0
+ /* purify often complains about the following line as an
+ * Uninitialized Memory Read. While this can be true, the
+ * following p_c2l macro will reset l when that case is true.
+ * This is because j&0x03 contains the number of 'valid' bytes
+ * already in p[i]. If and only if j&0x03 == 0, the UMR will
+ * occur but this is also the only time p_c2l will do
+ * l= *(cp++) instead of l|= *(cp++)
+ * Many thanks to Alex Tang <altitude@cic.net> for pickup this
+ * 'potential bug' */
+#ifdef PURIFY
+ if (j==0) p[i]=0; /* Yeah, but that's not the way to fix it:-) */
+#endif
+ l=p[i];
+#else
+ l = (j==0) ? 0 : p[i];
+#endif
+ HOST_p_c2l(cp,l,j); p[i++]=l; /* i is the next 'undefined word' */
+
+ if (i>(HASH_LBLOCK-2)) /* save room for Nl and Nh */
+ {
+ if (i<HASH_LBLOCK) p[i]=0;
+ HASH_BLOCK_HOST_ORDER (c,p,1);
+ i=0;
+ }
+ for (; i<(HASH_LBLOCK-2); i++)
+ p[i]=0;
+
+#if defined(DATA_ORDER_IS_BIG_ENDIAN)
+ p[HASH_LBLOCK-2]=c->Nh;
+ p[HASH_LBLOCK-1]=c->Nl;
+#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
+ p[HASH_LBLOCK-2]=c->Nl;
+ p[HASH_LBLOCK-1]=c->Nh;
+#endif
+ HASH_BLOCK_HOST_ORDER (c,p,1);
+
+#ifndef HASH_MAKE_STRING
+#error "HASH_MAKE_STRING must be defined!"
+#else
+ HASH_MAKE_STRING(c,md);
+#endif
+
+ c->num=0;
+ /* clear stuff, HASH_BLOCK may be leaving some stuff on the stack
+ * but I'm not worried :-)
+ OPENSSL_cleanse((void *)c,sizeof(HASH_CTX));
+ */
+ return 1;
+ }
+
+#ifndef MD32_REG_T
+#define MD32_REG_T long
+/*
+ * This comment was originaly written for MD5, which is why it
+ * discusses A-D. But it basically applies to all 32-bit digests,
+ * which is why it was moved to common header file.
+ *
+ * In case you wonder why A-D are declared as long and not
+ * as MD5_LONG. Doing so results in slight performance
+ * boost on LP64 architectures. The catch is we don't
+ * really care if 32 MSBs of a 64-bit register get polluted
+ * with eventual overflows as we *save* only 32 LSBs in
+ * *either* case. Now declaring 'em long excuses the compiler
+ * from keeping 32 MSBs zeroed resulting in 13% performance
+ * improvement under SPARC Solaris7/64 and 5% under AlphaLinux.
+ * Well, to be honest it should say that this *prevents*
+ * performance degradation.
+ * <appro@fy.chalmers.se>
+ * Apparently there're LP64 compilers that generate better
+ * code if A-D are declared int. Most notably GCC-x86_64
+ * generates better code.
+ * <appro@fy.chalmers.se>
+ */
+#endif
--- /dev/null
+/* fips/sha1/fips_sha.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_SHA_H
+#define HEADER_SHA_H
+
+#include <openssl/e_os2.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#if defined(OPENSSL_NO_SHA) || (defined(OPENSSL_NO_SHA0) && defined(OPENSSL_NO_SHA1))
+#error SHA is disabled.
+#endif
+
+/*
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ * ! SHA_LONG has to be at least 32 bits wide. If it's wider, then !
+ * ! SHA_LONG_LOG2 has to be defined along. !
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ */
+
+#if defined(OPENSSL_SYS_WIN16) || defined(__LP32__)
+#define SHA_LONG unsigned long
+#elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__)
+#define SHA_LONG unsigned long
+#define SHA_LONG_LOG2 3
+#else
+#define SHA_LONG unsigned int
+#endif
+
+#define SHA_LBLOCK 16
+#define SHA_CBLOCK (SHA_LBLOCK*4) /* SHA treats input data as a
+ * contiguous array of 32 bit
+ * wide big-endian values. */
+#define SHA_LAST_BLOCK (SHA_CBLOCK-8)
+#define SHA_DIGEST_LENGTH 20
+
+typedef struct SHAstate_st
+ {
+ SHA_LONG h0,h1,h2,h3,h4;
+ SHA_LONG Nl,Nh;
+ SHA_LONG data[SHA_LBLOCK];
+ unsigned int num;
+ } SHA_CTX;
+
+#ifndef OPENSSL_NO_SHA1
+int SHA1_Init(SHA_CTX *c);
+int SHA1_Update(SHA_CTX *c, const void *data, size_t len);
+int SHA1_Final(unsigned char *md, SHA_CTX *c);
+unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md);
+void SHA1_Transform(SHA_CTX *c, const unsigned char *data);
+#endif
+
+#define SHA256_CBLOCK (SHA_LBLOCK*4) /* SHA-256 treats input data as a
+ * contiguous array of 32 bit
+ * wide big-endian values. */
+#define SHA224_DIGEST_LENGTH 28
+#define SHA256_DIGEST_LENGTH 32
+
+typedef struct SHA256state_st
+ {
+ SHA_LONG h[8];
+ SHA_LONG Nl,Nh;
+ SHA_LONG data[SHA_LBLOCK];
+ unsigned int num,md_len;
+ } SHA256_CTX;
+
+#ifndef OPENSSL_NO_SHA256
+int SHA224_Init(SHA256_CTX *c);
+int SHA224_Update(SHA256_CTX *c, const void *data, size_t len);
+int SHA224_Final(unsigned char *md, SHA256_CTX *c);
+unsigned char *SHA224(const unsigned char *d, size_t n,unsigned char *md);
+int SHA256_Init(SHA256_CTX *c);
+int SHA256_Update(SHA256_CTX *c, const void *data, size_t len);
+int SHA256_Final(unsigned char *md, SHA256_CTX *c);
+unsigned char *SHA256(const unsigned char *d, size_t n,unsigned char *md);
+void SHA256_Transform(SHA256_CTX *c, const unsigned char *data);
+#endif
+
+#define SHA384_DIGEST_LENGTH 48
+#define SHA512_DIGEST_LENGTH 64
+
+/*
+ * Unlike 32-bit digest algorithms, SHA-512 *relies* on SHA_LONG64
+ * being exactly 64-bit wide. See Implementation Notes in sha512.c
+ * for further details.
+ */
+#define SHA512_CBLOCK (SHA_LBLOCK*8) /* SHA-512 treats input data as a
+ * contiguous array of 64 bit
+ * wide big-endian values. */
+#if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__)
+#define SHA_LONG64 unsigned __int64
+#define U64(C) C##UI64
+#elif defined(__arch64__)
+#define SHA_LONG64 unsigned long
+#define U64(C) C##UL
+#else
+#define SHA_LONG64 unsigned long long
+#define U64(C) C##ULL
+#endif
+
+typedef struct SHA512state_st
+ {
+ SHA_LONG64 h[8];
+ SHA_LONG64 Nl,Nh;
+ union {
+ SHA_LONG64 d[SHA_LBLOCK];
+ unsigned char p[SHA512_CBLOCK];
+ } u;
+ unsigned int num,md_len;
+ } SHA512_CTX;
+
+#ifndef OPENSSL_NO_SHA512
+int SHA384_Init(SHA512_CTX *c);
+int SHA384_Update(SHA512_CTX *c, const void *data, size_t len);
+int SHA384_Final(unsigned char *md, SHA512_CTX *c);
+unsigned char *SHA384(const unsigned char *d, size_t n,unsigned char *md);
+int SHA512_Init(SHA512_CTX *c);
+int SHA512_Update(SHA512_CTX *c, const void *data, size_t len);
+int SHA512_Final(unsigned char *md, SHA512_CTX *c);
+unsigned char *SHA512(const unsigned char *d, size_t n,unsigned char *md);
+void SHA512_Transform(SHA512_CTX *c, const unsigned char *data);
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
--- /dev/null
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include <string.h>
+#include <openssl/err.h>
+#include <openssl/fips.h>
+#include <openssl/fips_sha.h>
+
+#ifdef OPENSSL_FIPS
+static char test[][60]=
+ {
+ "",
+ "abc",
+ "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
+ };
+
+static const unsigned char ret[][SHA_DIGEST_LENGTH]=
+ {
+ { 0xda,0x39,0xa3,0xee,0x5e,0x6b,0x4b,0x0d,0x32,0x55,
+ 0xbf,0xef,0x95,0x60,0x18,0x90,0xaf,0xd8,0x07,0x09 },
+ { 0xa9,0x99,0x3e,0x36,0x47,0x06,0x81,0x6a,0xba,0x3e,
+ 0x25,0x71,0x78,0x50,0xc2,0x6c,0x9c,0xd0,0xd8,0x9d },
+ { 0x84,0x98,0x3e,0x44,0x1c,0x3b,0xd2,0x6e,0xba,0xae,
+ 0x4a,0xa1,0xf9,0x51,0x29,0xe5,0xe5,0x46,0x70,0xf1 },
+ };
+
+void FIPS_corrupt_sha1()
+ {
+ test[2][0]++;
+ }
+
+int FIPS_selftest_sha1()
+ {
+ int n;
+
+ for(n=0 ; n<sizeof(test)/sizeof(test[0]) ; ++n)
+ {
+ unsigned char md[SHA_DIGEST_LENGTH];
+
+ SHA1((unsigned char*)test[n],strlen(test[n]),md);
+ if(memcmp(md,ret[n],sizeof md))
+ {
+ FIPSerr(FIPS_F_FIPS_SELFTEST_SHA,FIPS_R_SELFTEST_FAILED);
+ return 0;
+ }
+ }
+ return 1;
+ }
+
+#endif
--- /dev/null
+/* crypto/sha/sha1dgst.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#if !defined(OPENSSL_NO_SHA1) && !defined(OPENSSL_NO_SHA)
+
+#undef SHA_0
+#define SHA_1
+
+#include <openssl/opensslv.h>
+#include <openssl/opensslconf.h>
+#include <openssl/crypto.h>
+
+#ifdef OPENSSL_FIPS
+const char SHA1_version[]="SHA1" OPENSSL_VERSION_PTEXT;
+
+/* The implementation is in fips_md32_common.h */
+#include "fips_sha_locl.h"
+
+unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md)
+ {
+ SHA_CTX c;
+ static unsigned char m[SHA_DIGEST_LENGTH];
+
+ OPENSSL_assert(sizeof(unsigned long)<=sizeof(size_t));
+ if (md == NULL) md=m;
+ if (!SHA1_Init(&c))
+ return NULL;
+ SHA1_Update(&c,d,n);
+ SHA1_Final(md,&c);
+ OPENSSL_cleanse(&c,sizeof(c));
+ return(md);
+ }
+
+#else /* ndef OPENSSL_FIPS */
+
+static void *dummy=&dummy;
+
+#endif /* ndef OPENSSL_FIPS */
+
+#endif
+
--- /dev/null
+/* crypto/sha/sha256.c */
+/* ====================================================================
+ * Copyright (c) 2004 The OpenSSL Project. All rights reserved
+ * according to the OpenSSL license [found in ../../LICENSE].
+ * ====================================================================
+ */
+#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA256)
+
+#include <stdlib.h>
+#include <string.h>
+
+#include <openssl/opensslconf.h>
+#include <openssl/crypto.h>
+#include <openssl/fips_sha.h>
+#include <openssl/fips.h>
+#include <openssl/opensslv.h>
+
+const char SHA256_version[]="SHA-256" OPENSSL_VERSION_PTEXT;
+
+int SHA224_Init (SHA256_CTX *c)
+ {
+ c->h[0]=0xc1059ed8UL; c->h[1]=0x367cd507UL;
+ c->h[2]=0x3070dd17UL; c->h[3]=0xf70e5939UL;
+ c->h[4]=0xffc00b31UL; c->h[5]=0x68581511UL;
+ c->h[6]=0x64f98fa7UL; c->h[7]=0xbefa4fa4UL;
+ c->Nl=0; c->Nh=0;
+ c->num=0; c->md_len=SHA224_DIGEST_LENGTH;
+ return 1;
+ }
+
+int SHA256_Init (SHA256_CTX *c)
+ {
+ c->h[0]=0x6a09e667UL; c->h[1]=0xbb67ae85UL;
+ c->h[2]=0x3c6ef372UL; c->h[3]=0xa54ff53aUL;
+ c->h[4]=0x510e527fUL; c->h[5]=0x9b05688cUL;
+ c->h[6]=0x1f83d9abUL; c->h[7]=0x5be0cd19UL;
+ c->Nl=0; c->Nh=0;
+ c->num=0; c->md_len=SHA256_DIGEST_LENGTH;
+ return 1;
+ }
+
+unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md)
+ {
+ SHA256_CTX c;
+ static unsigned char m[SHA224_DIGEST_LENGTH];
+
+ if (md == NULL) md=m;
+ SHA224_Init(&c);
+ SHA256_Update(&c,d,n);
+ SHA256_Final(md,&c);
+ OPENSSL_cleanse(&c,sizeof(c));
+ return(md);
+ }
+
+unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md)
+ {
+ SHA256_CTX c;
+ static unsigned char m[SHA256_DIGEST_LENGTH];
+
+ if (md == NULL) md=m;
+ SHA256_Init(&c);
+ SHA256_Update(&c,d,n);
+ SHA256_Final(md,&c);
+ OPENSSL_cleanse(&c,sizeof(c));
+ return(md);
+ }
+
+int SHA224_Update(SHA256_CTX *c, const void *data, size_t len)
+{ return SHA256_Update (c,data,len); }
+int SHA224_Final (unsigned char *md, SHA256_CTX *c)
+{ return SHA256_Final (md,c); }
+
+#ifndef SHA_LONG_LOG2
+#define SHA_LONG_LOG2 2 /* default to 32 bits */
+#endif
+
+#define DATA_ORDER_IS_BIG_ENDIAN
+
+#define HASH_LONG SHA_LONG
+#define HASH_LONG_LOG2 SHA_LONG_LOG2
+#define HASH_CTX SHA256_CTX
+#define HASH_CBLOCK SHA_CBLOCK
+#define HASH_LBLOCK SHA_LBLOCK
+/*
+ * Note that FIPS180-2 discusses "Truncation of the Hash Function Output."
+ * default: case below covers for it. It's not clear however if it's
+ * permitted to truncate to amount of bytes not divisible by 4. I bet not,
+ * but if it is, then default: case shall be extended. For reference.
+ * Idea behind separate cases for pre-defined lenghts is to let the
+ * compiler decide if it's appropriate to unroll small loops.
+ */
+#define HASH_MAKE_STRING(c,s) do { \
+ unsigned long ll; \
+ unsigned int n; \
+ switch ((c)->md_len) \
+ { case SHA224_DIGEST_LENGTH: \
+ for (n=0;n<SHA224_DIGEST_LENGTH/4;n++) \
+ { ll=(c)->h[n]; HOST_l2c(ll,(s)); } \
+ break; \
+ case SHA256_DIGEST_LENGTH: \
+ for (n=0;n<SHA256_DIGEST_LENGTH/4;n++) \
+ { ll=(c)->h[n]; HOST_l2c(ll,(s)); } \
+ break; \
+ default: \
+ if ((c)->md_len > SHA256_DIGEST_LENGTH) \
+ return 0; \
+ for (n=0;n<(c)->md_len/4;n++) \
+ { ll=(c)->h[n]; HOST_l2c(ll,(s)); } \
+ break; \
+ } \
+ } while (0)
+
+#define HASH_UPDATE SHA256_Update
+#define HASH_TRANSFORM SHA256_Transform
+#define HASH_FINAL SHA256_Final
+#define HASH_BLOCK_HOST_ORDER sha256_block_host_order
+#define HASH_BLOCK_DATA_ORDER sha256_block_data_order
+void sha256_block_host_order (SHA256_CTX *ctx, const void *in, size_t num);
+void sha256_block_data_order (SHA256_CTX *ctx, const void *in, size_t num);
+
+#include "fips_md32_common.h"
+
+#ifdef SHA256_ASM
+void sha256_block (SHA256_CTX *ctx, const void *in, size_t num, int host);
+#else
+static const SHA_LONG K256[64] = {
+ 0x428a2f98UL,0x71374491UL,0xb5c0fbcfUL,0xe9b5dba5UL,
+ 0x3956c25bUL,0x59f111f1UL,0x923f82a4UL,0xab1c5ed5UL,
+ 0xd807aa98UL,0x12835b01UL,0x243185beUL,0x550c7dc3UL,
+ 0x72be5d74UL,0x80deb1feUL,0x9bdc06a7UL,0xc19bf174UL,
+ 0xe49b69c1UL,0xefbe4786UL,0x0fc19dc6UL,0x240ca1ccUL,
+ 0x2de92c6fUL,0x4a7484aaUL,0x5cb0a9dcUL,0x76f988daUL,
+ 0x983e5152UL,0xa831c66dUL,0xb00327c8UL,0xbf597fc7UL,
+ 0xc6e00bf3UL,0xd5a79147UL,0x06ca6351UL,0x14292967UL,
+ 0x27b70a85UL,0x2e1b2138UL,0x4d2c6dfcUL,0x53380d13UL,
+ 0x650a7354UL,0x766a0abbUL,0x81c2c92eUL,0x92722c85UL,
+ 0xa2bfe8a1UL,0xa81a664bUL,0xc24b8b70UL,0xc76c51a3UL,
+ 0xd192e819UL,0xd6990624UL,0xf40e3585UL,0x106aa070UL,
+ 0x19a4c116UL,0x1e376c08UL,0x2748774cUL,0x34b0bcb5UL,
+ 0x391c0cb3UL,0x4ed8aa4aUL,0x5b9cca4fUL,0x682e6ff3UL,
+ 0x748f82eeUL,0x78a5636fUL,0x84c87814UL,0x8cc70208UL,
+ 0x90befffaUL,0xa4506cebUL,0xbef9a3f7UL,0xc67178f2UL };
+
+/*
+ * FIPS specification refers to right rotations, while our ROTATE macro
+ * is left one. This is why you might notice that rotation coefficients
+ * differ from those observed in FIPS document by 32-N...
+ */
+#define Sigma0(x) (ROTATE((x),30) ^ ROTATE((x),19) ^ ROTATE((x),10))
+#define Sigma1(x) (ROTATE((x),26) ^ ROTATE((x),21) ^ ROTATE((x),7))
+#define sigma0(x) (ROTATE((x),25) ^ ROTATE((x),14) ^ ((x)>>3))
+#define sigma1(x) (ROTATE((x),15) ^ ROTATE((x),13) ^ ((x)>>10))
+
+#define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z)))
+#define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
+
+#ifdef OPENSSL_SMALL_FOOTPRINT
+
+static void sha256_block (SHA256_CTX *ctx, const void *in, size_t num, int host)
+ {
+ unsigned MD32_REG_T a,b,c,d,e,f,g,h,s0,s1,T1,T2;
+ SHA_LONG X[16];
+ int i;
+ const unsigned char *data=in;
+
+ while (num--) {
+
+ a = ctx->h[0]; b = ctx->h[1]; c = ctx->h[2]; d = ctx->h[3];
+ e = ctx->h[4]; f = ctx->h[5]; g = ctx->h[6]; h = ctx->h[7];
+
+ if (host)
+ {
+ const SHA_LONG *W=(const SHA_LONG *)data;
+
+ for (i=0;i<16;i++)
+ {
+ T1 = X[i] = W[i];
+ T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i];
+ T2 = Sigma0(a) + Maj(a,b,c);
+ h = g; g = f; f = e; e = d + T1;
+ d = c; c = b; b = a; a = T1 + T2;
+ }
+
+ data += SHA256_CBLOCK;
+ }
+ else
+ {
+ SHA_LONG l;
+
+ for (i=0;i<16;i++)
+ {
+ HOST_c2l(data,l); T1 = X[i] = l;
+ T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i];
+ T2 = Sigma0(a) + Maj(a,b,c);
+ h = g; g = f; f = e; e = d + T1;
+ d = c; c = b; b = a; a = T1 + T2;
+ }
+ }
+
+ for (;i<64;i++)
+ {
+ s0 = X[(i+1)&0x0f]; s0 = sigma0(s0);
+ s1 = X[(i+14)&0x0f]; s1 = sigma1(s1);
+
+ T1 = X[i&0xf] += s0 + s1 + X[(i+9)&0xf];
+ T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i];
+ T2 = Sigma0(a) + Maj(a,b,c);
+ h = g; g = f; f = e; e = d + T1;
+ d = c; c = b; b = a; a = T1 + T2;
+ }
+
+ ctx->h[0] += a; ctx->h[1] += b; ctx->h[2] += c; ctx->h[3] += d;
+ ctx->h[4] += e; ctx->h[5] += f; ctx->h[6] += g; ctx->h[7] += h;
+
+ }
+}
+
+#else
+
+#define ROUND_00_15(i,a,b,c,d,e,f,g,h) do { \
+ T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i]; \
+ h = Sigma0(a) + Maj(a,b,c); \
+ d += T1; h += T1; } while (0)
+
+#define ROUND_16_63(i,a,b,c,d,e,f,g,h,X) do { \
+ s0 = X[(i+1)&0x0f]; s0 = sigma0(s0); \
+ s1 = X[(i+14)&0x0f]; s1 = sigma1(s1); \
+ T1 = X[(i)&0x0f] += s0 + s1 + X[(i+9)&0x0f]; \
+ ROUND_00_15(i,a,b,c,d,e,f,g,h); } while (0)
+
+static void sha256_block (SHA256_CTX *ctx, const void *in, size_t num, int host)
+ {
+ unsigned MD32_REG_T a,b,c,d,e,f,g,h,s0,s1,T1;
+ SHA_LONG X[16];
+ int i;
+ const unsigned char *data=in;
+
+ while (num--) {
+
+ a = ctx->h[0]; b = ctx->h[1]; c = ctx->h[2]; d = ctx->h[3];
+ e = ctx->h[4]; f = ctx->h[5]; g = ctx->h[6]; h = ctx->h[7];
+
+ if (host)
+ {
+ const SHA_LONG *W=(const SHA_LONG *)data;
+
+ T1 = X[0] = W[0]; ROUND_00_15(0,a,b,c,d,e,f,g,h);
+ T1 = X[1] = W[1]; ROUND_00_15(1,h,a,b,c,d,e,f,g);
+ T1 = X[2] = W[2]; ROUND_00_15(2,g,h,a,b,c,d,e,f);
+ T1 = X[3] = W[3]; ROUND_00_15(3,f,g,h,a,b,c,d,e);
+ T1 = X[4] = W[4]; ROUND_00_15(4,e,f,g,h,a,b,c,d);
+ T1 = X[5] = W[5]; ROUND_00_15(5,d,e,f,g,h,a,b,c);
+ T1 = X[6] = W[6]; ROUND_00_15(6,c,d,e,f,g,h,a,b);
+ T1 = X[7] = W[7]; ROUND_00_15(7,b,c,d,e,f,g,h,a);
+ T1 = X[8] = W[8]; ROUND_00_15(8,a,b,c,d,e,f,g,h);
+ T1 = X[9] = W[9]; ROUND_00_15(9,h,a,b,c,d,e,f,g);
+ T1 = X[10] = W[10]; ROUND_00_15(10,g,h,a,b,c,d,e,f);
+ T1 = X[11] = W[11]; ROUND_00_15(11,f,g,h,a,b,c,d,e);
+ T1 = X[12] = W[12]; ROUND_00_15(12,e,f,g,h,a,b,c,d);
+ T1 = X[13] = W[13]; ROUND_00_15(13,d,e,f,g,h,a,b,c);
+ T1 = X[14] = W[14]; ROUND_00_15(14,c,d,e,f,g,h,a,b);
+ T1 = X[15] = W[15]; ROUND_00_15(15,b,c,d,e,f,g,h,a);
+
+ data += SHA256_CBLOCK;
+ }
+ else
+ {
+ SHA_LONG l;
+
+ HOST_c2l(data,l); T1 = X[0] = l; ROUND_00_15(0,a,b,c,d,e,f,g,h);
+ HOST_c2l(data,l); T1 = X[1] = l; ROUND_00_15(1,h,a,b,c,d,e,f,g);
+ HOST_c2l(data,l); T1 = X[2] = l; ROUND_00_15(2,g,h,a,b,c,d,e,f);
+ HOST_c2l(data,l); T1 = X[3] = l; ROUND_00_15(3,f,g,h,a,b,c,d,e);
+ HOST_c2l(data,l); T1 = X[4] = l; ROUND_00_15(4,e,f,g,h,a,b,c,d);
+ HOST_c2l(data,l); T1 = X[5] = l; ROUND_00_15(5,d,e,f,g,h,a,b,c);
+ HOST_c2l(data,l); T1 = X[6] = l; ROUND_00_15(6,c,d,e,f,g,h,a,b);
+ HOST_c2l(data,l); T1 = X[7] = l; ROUND_00_15(7,b,c,d,e,f,g,h,a);
+ HOST_c2l(data,l); T1 = X[8] = l; ROUND_00_15(8,a,b,c,d,e,f,g,h);
+ HOST_c2l(data,l); T1 = X[9] = l; ROUND_00_15(9,h,a,b,c,d,e,f,g);
+ HOST_c2l(data,l); T1 = X[10] = l; ROUND_00_15(10,g,h,a,b,c,d,e,f);
+ HOST_c2l(data,l); T1 = X[11] = l; ROUND_00_15(11,f,g,h,a,b,c,d,e);
+ HOST_c2l(data,l); T1 = X[12] = l; ROUND_00_15(12,e,f,g,h,a,b,c,d);
+ HOST_c2l(data,l); T1 = X[13] = l; ROUND_00_15(13,d,e,f,g,h,a,b,c);
+ HOST_c2l(data,l); T1 = X[14] = l; ROUND_00_15(14,c,d,e,f,g,h,a,b);
+ HOST_c2l(data,l); T1 = X[15] = l; ROUND_00_15(15,b,c,d,e,f,g,h,a);
+ }
+
+ for (i=16;i<64;i+=8)
+ {
+ ROUND_16_63(i+0,a,b,c,d,e,f,g,h,X);
+ ROUND_16_63(i+1,h,a,b,c,d,e,f,g,X);
+ ROUND_16_63(i+2,g,h,a,b,c,d,e,f,X);
+ ROUND_16_63(i+3,f,g,h,a,b,c,d,e,X);
+ ROUND_16_63(i+4,e,f,g,h,a,b,c,d,X);
+ ROUND_16_63(i+5,d,e,f,g,h,a,b,c,X);
+ ROUND_16_63(i+6,c,d,e,f,g,h,a,b,X);
+ ROUND_16_63(i+7,b,c,d,e,f,g,h,a,X);
+ }
+
+ ctx->h[0] += a; ctx->h[1] += b; ctx->h[2] += c; ctx->h[3] += d;
+ ctx->h[4] += e; ctx->h[5] += f; ctx->h[6] += g; ctx->h[7] += h;
+
+ }
+ }
+
+#endif
+#endif /* SHA256_ASM */
+
+/*
+ * Idea is to trade couple of cycles for some space. On IA-32 we save
+ * about 4K in "big footprint" case. In "small footprint" case any gain
+ * is appreciated:-)
+ */
+void HASH_BLOCK_HOST_ORDER (SHA256_CTX *ctx, const void *in, size_t num)
+{ sha256_block (ctx,in,num,1); }
+
+void HASH_BLOCK_DATA_ORDER (SHA256_CTX *ctx, const void *in, size_t num)
+{ sha256_block (ctx,in,num,0); }
+
+#endif /* OPENSSL_NO_SHA256 */
--- /dev/null
+/* crypto/sha/sha512.c */
+/* ====================================================================
+ * Copyright (c) 2004 The OpenSSL Project. All rights reserved
+ * according to the OpenSSL license [found in ../../LICENSE].
+ * ====================================================================
+ */
+#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA512)
+/*
+ * IMPLEMENTATION NOTES.
+ *
+ * As you might have noticed 32-bit hash algorithms:
+ *
+ * - permit SHA_LONG to be wider than 32-bit (case on CRAY);
+ * - optimized versions implement two transform functions: one operating
+ * on [aligned] data in host byte order and one - on data in input
+ * stream byte order;
+ * - share common byte-order neutral collector and padding function
+ * implementations, ../md32_common.h;
+ *
+ * Neither of the above applies to this SHA-512 implementations. Reasons
+ * [in reverse order] are:
+ *
+ * - it's the only 64-bit hash algorithm for the moment of this writing,
+ * there is no need for common collector/padding implementation [yet];
+ * - by supporting only one transform function [which operates on
+ * *aligned* data in input stream byte order, big-endian in this case]
+ * we minimize burden of maintenance in two ways: a) collector/padding
+ * function is simpler; b) only one transform function to stare at;
+ * - SHA_LONG64 is required to be exactly 64-bit in order to be able to
+ * apply a number of optimizations to mitigate potential performance
+ * penalties caused by previous design decision;
+ *
+ * Caveat lector.
+ *
+ * Implementation relies on the fact that "long long" is 64-bit on
+ * both 32- and 64-bit platforms. If some compiler vendor comes up
+ * with 128-bit long long, adjustment to sha.h would be required.
+ * As this implementation relies on 64-bit integer type, it's totally
+ * inappropriate for platforms which don't support it, most notably
+ * 16-bit platforms.
+ * <appro@fy.chalmers.se>
+ */
+#include <stdlib.h>
+#include <string.h>
+
+#include <openssl/opensslconf.h>
+#include <openssl/crypto.h>
+#include <openssl/fips_sha.h>
+#include <openssl/fips.h>
+#include <openssl/opensslv.h>
+
+const char SHA512_version[]="SHA-512" OPENSSL_VERSION_PTEXT;
+
+#if defined(_M_IX86) || defined(_M_AMD64) || defined(__i386) || defined(__x86_64)
+#define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA
+#endif
+
+int SHA384_Init (SHA512_CTX *c)
+ {
+ c->h[0]=U64(0xcbbb9d5dc1059ed8);
+ c->h[1]=U64(0x629a292a367cd507);
+ c->h[2]=U64(0x9159015a3070dd17);
+ c->h[3]=U64(0x152fecd8f70e5939);
+ c->h[4]=U64(0x67332667ffc00b31);
+ c->h[5]=U64(0x8eb44a8768581511);
+ c->h[6]=U64(0xdb0c2e0d64f98fa7);
+ c->h[7]=U64(0x47b5481dbefa4fa4);
+ c->Nl=0; c->Nh=0;
+ c->num=0; c->md_len=SHA384_DIGEST_LENGTH;
+ return 1;
+ }
+
+int SHA512_Init (SHA512_CTX *c)
+ {
+ c->h[0]=U64(0x6a09e667f3bcc908);
+ c->h[1]=U64(0xbb67ae8584caa73b);
+ c->h[2]=U64(0x3c6ef372fe94f82b);
+ c->h[3]=U64(0xa54ff53a5f1d36f1);
+ c->h[4]=U64(0x510e527fade682d1);
+ c->h[5]=U64(0x9b05688c2b3e6c1f);
+ c->h[6]=U64(0x1f83d9abfb41bd6b);
+ c->h[7]=U64(0x5be0cd19137e2179);
+ c->Nl=0; c->Nh=0;
+ c->num=0; c->md_len=SHA512_DIGEST_LENGTH;
+ return 1;
+ }
+
+#ifndef SHA512_ASM
+static
+#endif
+void sha512_block (SHA512_CTX *ctx, const void *in, size_t num);
+
+int SHA512_Final (unsigned char *md, SHA512_CTX *c)
+ {
+ unsigned char *p=(unsigned char *)c->u.p;
+ size_t n=c->num;
+
+ p[n]=0x80; /* There always is a room for one */
+ n++;
+ if (n > (sizeof(c->u)-16))
+ memset (p+n,0,sizeof(c->u)-n), n=0,
+ sha512_block (c,p,1);
+
+ memset (p+n,0,sizeof(c->u)-16-n);
+#ifdef B_ENDIAN
+ c->u.d[SHA_LBLOCK-2] = c->Nh;
+ c->u.d[SHA_LBLOCK-1] = c->Nl;
+#else
+ p[sizeof(c->u)-1] = (unsigned char)(c->Nl);
+ p[sizeof(c->u)-2] = (unsigned char)(c->Nl>>8);
+ p[sizeof(c->u)-3] = (unsigned char)(c->Nl>>16);
+ p[sizeof(c->u)-4] = (unsigned char)(c->Nl>>24);
+ p[sizeof(c->u)-5] = (unsigned char)(c->Nl>>32);
+ p[sizeof(c->u)-6] = (unsigned char)(c->Nl>>40);
+ p[sizeof(c->u)-7] = (unsigned char)(c->Nl>>48);
+ p[sizeof(c->u)-8] = (unsigned char)(c->Nl>>56);
+ p[sizeof(c->u)-9] = (unsigned char)(c->Nh);
+ p[sizeof(c->u)-10] = (unsigned char)(c->Nh>>8);
+ p[sizeof(c->u)-11] = (unsigned char)(c->Nh>>16);
+ p[sizeof(c->u)-12] = (unsigned char)(c->Nh>>24);
+ p[sizeof(c->u)-13] = (unsigned char)(c->Nh>>32);
+ p[sizeof(c->u)-14] = (unsigned char)(c->Nh>>40);
+ p[sizeof(c->u)-15] = (unsigned char)(c->Nh>>48);
+ p[sizeof(c->u)-16] = (unsigned char)(c->Nh>>56);
+#endif
+
+ sha512_block (c,p,1);
+
+ if (md==0) return 0;
+
+ switch (c->md_len)
+ {
+ /* Let compiler decide if it's appropriate to unroll... */
+ case SHA384_DIGEST_LENGTH:
+ for (n=0;n<SHA384_DIGEST_LENGTH/8;n++)
+ {
+ SHA_LONG64 t = c->h[n];
+
+ *(md++) = (unsigned char)(t>>56);
+ *(md++) = (unsigned char)(t>>48);
+ *(md++) = (unsigned char)(t>>40);
+ *(md++) = (unsigned char)(t>>32);
+ *(md++) = (unsigned char)(t>>24);
+ *(md++) = (unsigned char)(t>>16);
+ *(md++) = (unsigned char)(t>>8);
+ *(md++) = (unsigned char)(t);
+ }
+ break;
+ case SHA512_DIGEST_LENGTH:
+ for (n=0;n<SHA512_DIGEST_LENGTH/8;n++)
+ {
+ SHA_LONG64 t = c->h[n];
+
+ *(md++) = (unsigned char)(t>>56);
+ *(md++) = (unsigned char)(t>>48);
+ *(md++) = (unsigned char)(t>>40);
+ *(md++) = (unsigned char)(t>>32);
+ *(md++) = (unsigned char)(t>>24);
+ *(md++) = (unsigned char)(t>>16);
+ *(md++) = (unsigned char)(t>>8);
+ *(md++) = (unsigned char)(t);
+ }
+ break;
+ /* ... as well as make sure md_len is not abused. */
+ default: return 0;
+ }
+
+ return 1;
+ }
+
+int SHA384_Final (unsigned char *md,SHA512_CTX *c)
+{ return SHA512_Final (md,c); }
+
+int SHA512_Update (SHA512_CTX *c, const void *_data, size_t len)
+ {
+ SHA_LONG64 l;
+ unsigned char *p=c->u.p;
+ const unsigned char *data=(const unsigned char *)_data;
+
+ if(FIPS_selftest_failed())
+ return 0;
+
+ if (len==0) return 1;
+
+ l = (c->Nl+(((SHA_LONG64)len)<<3))&U64(0xffffffffffffffff);
+ if (l < c->Nl) c->Nh++;
+ if (sizeof(len)>=8) c->Nh+=(((SHA_LONG64)len)>>61);
+ c->Nl=l;
+
+ if (c->num != 0)
+ {
+ size_t n = sizeof(c->u) - c->num;
+
+ if (len < n)
+ {
+ memcpy (p+c->num,data,len), c->num += len;
+ return 1;
+ }
+ else {
+ memcpy (p+c->num,data,n), c->num = 0;
+ len-=n, data+=n;
+ sha512_block (c,p,1);
+ }
+ }
+
+ if (len >= sizeof(c->u))
+ {
+#ifndef SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA
+ if ((size_t)data%sizeof(c->u.d[0]) != 0)
+ while (len >= sizeof(c->u))
+ memcpy (p,data,sizeof(c->u)),
+ sha512_block (c,p,1),
+ len -= sizeof(c->u),
+ data += sizeof(c->u);
+ else
+#endif
+ sha512_block (c,data,len/sizeof(c->u)),
+ data += len,
+ len %= sizeof(c->u),
+ data -= len;
+ }
+
+ if (len != 0) memcpy (p,data,len), c->num = (int)len;
+
+ return 1;
+ }
+
+int SHA384_Update (SHA512_CTX *c, const void *data, size_t len)
+{ return SHA512_Update (c,data,len); }
+
+void SHA512_Transform (SHA512_CTX *c, const unsigned char *data)
+{ sha512_block (c,data,1); }
+
+unsigned char *SHA384(const unsigned char *d, size_t n, unsigned char *md)
+ {
+ SHA512_CTX c;
+ static unsigned char m[SHA384_DIGEST_LENGTH];
+
+ if (md == NULL) md=m;
+ SHA384_Init(&c);
+ SHA512_Update(&c,d,n);
+ SHA512_Final(md,&c);
+ OPENSSL_cleanse(&c,sizeof(c));
+ return(md);
+ }
+
+unsigned char *SHA512(const unsigned char *d, size_t n, unsigned char *md)
+ {
+ SHA512_CTX c;
+ static unsigned char m[SHA512_DIGEST_LENGTH];
+
+ if (md == NULL) md=m;
+ SHA512_Init(&c);
+ SHA512_Update(&c,d,n);
+ SHA512_Final(md,&c);
+ OPENSSL_cleanse(&c,sizeof(c));
+ return(md);
+ }
+
+#ifndef SHA512_ASM
+static const SHA_LONG64 K512[80] = {
+ U64(0x428a2f98d728ae22),U64(0x7137449123ef65cd),
+ U64(0xb5c0fbcfec4d3b2f),U64(0xe9b5dba58189dbbc),
+ U64(0x3956c25bf348b538),U64(0x59f111f1b605d019),
+ U64(0x923f82a4af194f9b),U64(0xab1c5ed5da6d8118),
+ U64(0xd807aa98a3030242),U64(0x12835b0145706fbe),
+ U64(0x243185be4ee4b28c),U64(0x550c7dc3d5ffb4e2),
+ U64(0x72be5d74f27b896f),U64(0x80deb1fe3b1696b1),
+ U64(0x9bdc06a725c71235),U64(0xc19bf174cf692694),
+ U64(0xe49b69c19ef14ad2),U64(0xefbe4786384f25e3),
+ U64(0x0fc19dc68b8cd5b5),U64(0x240ca1cc77ac9c65),
+ U64(0x2de92c6f592b0275),U64(0x4a7484aa6ea6e483),
+ U64(0x5cb0a9dcbd41fbd4),U64(0x76f988da831153b5),
+ U64(0x983e5152ee66dfab),U64(0xa831c66d2db43210),
+ U64(0xb00327c898fb213f),U64(0xbf597fc7beef0ee4),
+ U64(0xc6e00bf33da88fc2),U64(0xd5a79147930aa725),
+ U64(0x06ca6351e003826f),U64(0x142929670a0e6e70),
+ U64(0x27b70a8546d22ffc),U64(0x2e1b21385c26c926),
+ U64(0x4d2c6dfc5ac42aed),U64(0x53380d139d95b3df),
+ U64(0x650a73548baf63de),U64(0x766a0abb3c77b2a8),
+ U64(0x81c2c92e47edaee6),U64(0x92722c851482353b),
+ U64(0xa2bfe8a14cf10364),U64(0xa81a664bbc423001),
+ U64(0xc24b8b70d0f89791),U64(0xc76c51a30654be30),
+ U64(0xd192e819d6ef5218),U64(0xd69906245565a910),
+ U64(0xf40e35855771202a),U64(0x106aa07032bbd1b8),
+ U64(0x19a4c116b8d2d0c8),U64(0x1e376c085141ab53),
+ U64(0x2748774cdf8eeb99),U64(0x34b0bcb5e19b48a8),
+ U64(0x391c0cb3c5c95a63),U64(0x4ed8aa4ae3418acb),
+ U64(0x5b9cca4f7763e373),U64(0x682e6ff3d6b2b8a3),
+ U64(0x748f82ee5defb2fc),U64(0x78a5636f43172f60),
+ U64(0x84c87814a1f0ab72),U64(0x8cc702081a6439ec),
+ U64(0x90befffa23631e28),U64(0xa4506cebde82bde9),
+ U64(0xbef9a3f7b2c67915),U64(0xc67178f2e372532b),
+ U64(0xca273eceea26619c),U64(0xd186b8c721c0c207),
+ U64(0xeada7dd6cde0eb1e),U64(0xf57d4f7fee6ed178),
+ U64(0x06f067aa72176fba),U64(0x0a637dc5a2c898a6),
+ U64(0x113f9804bef90dae),U64(0x1b710b35131c471b),
+ U64(0x28db77f523047d84),U64(0x32caab7b40c72493),
+ U64(0x3c9ebe0a15c9bebc),U64(0x431d67c49c100d4c),
+ U64(0x4cc5d4becb3e42b6),U64(0x597f299cfc657e2a),
+ U64(0x5fcb6fab3ad6faec),U64(0x6c44198c4a475817) };
+
+#ifndef PEDANTIC
+# if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
+# if defined(__x86_64) || defined(__x86_64__)
+# define PULL64(x) ({ SHA_LONG64 ret=*((const SHA_LONG64 *)(&(x))); \
+ asm ("bswapq %0" \
+ : "=r"(ret) \
+ : "0"(ret)); ret; })
+# endif
+# endif
+#endif
+
+#ifndef PULL64
+#define B(x,j) (((SHA_LONG64)(*(((const unsigned char *)(&x))+j)))<<((7-j)*8))
+#define PULL64(x) (B(x,0)|B(x,1)|B(x,2)|B(x,3)|B(x,4)|B(x,5)|B(x,6)|B(x,7))
+#endif
+
+#ifndef PEDANTIC
+# if defined(_MSC_VER)
+# if defined(_WIN64) /* applies to both IA-64 and AMD64 */
+# define ROTR(a,n) _rotr64((a),n)
+# endif
+# elif defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
+# if defined(__x86_64) || defined(__x86_64__)
+# define ROTR(a,n) ({ unsigned long ret; \
+ asm ("rorq %1,%0" \
+ : "=r"(ret) \
+ : "J"(n),"0"(a) \
+ : "cc"); ret; })
+# elif defined(_ARCH_PPC) && defined(__64BIT__)
+# define ROTR(a,n) ({ unsigned long ret; \
+ asm ("rotrdi %0,%1,%2" \
+ : "=r"(ret) \
+ : "r"(a),"K"(n)); ret; })
+# endif
+# endif
+#endif
+
+#ifndef ROTR
+#define ROTR(x,s) (((x)>>s) | (x)<<(64-s))
+#endif
+
+#define Sigma0(x) (ROTR((x),28) ^ ROTR((x),34) ^ ROTR((x),39))
+#define Sigma1(x) (ROTR((x),14) ^ ROTR((x),18) ^ ROTR((x),41))
+#define sigma0(x) (ROTR((x),1) ^ ROTR((x),8) ^ ((x)>>7))
+#define sigma1(x) (ROTR((x),19) ^ ROTR((x),61) ^ ((x)>>6))
+
+#define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z)))
+#define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
+
+#ifdef OPENSSL_SMALL_FOOTPRINT
+
+static void sha512_block (SHA512_CTX *ctx, const void *in, size_t num)
+ {
+ const SHA_LONG64 *W=in;
+ SHA_LONG64 a,b,c,d,e,f,g,h,s0,s1,T1,T2;
+ SHA_LONG64 X[16];
+ int i;
+
+ while (num--) {
+
+ a = ctx->h[0]; b = ctx->h[1]; c = ctx->h[2]; d = ctx->h[3];
+ e = ctx->h[4]; f = ctx->h[5]; g = ctx->h[6]; h = ctx->h[7];
+
+ for (i=0;i<16;i++)
+ {
+#ifdef B_ENDIAN
+ T1 = X[i] = W[i];
+#else
+ T1 = X[i] = PULL64(W[i]);
+#endif
+ T1 += h + Sigma1(e) + Ch(e,f,g) + K512[i];
+ T2 = Sigma0(a) + Maj(a,b,c);
+ h = g; g = f; f = e; e = d + T1;
+ d = c; c = b; b = a; a = T1 + T2;
+ }
+
+ for (;i<80;i++)
+ {
+ s0 = X[(i+1)&0x0f]; s0 = sigma0(s0);
+ s1 = X[(i+14)&0x0f]; s1 = sigma1(s1);
+
+ T1 = X[i&0xf] += s0 + s1 + X[(i+9)&0xf];
+ T1 += h + Sigma1(e) + Ch(e,f,g) + K512[i];
+ T2 = Sigma0(a) + Maj(a,b,c);
+ h = g; g = f; f = e; e = d + T1;
+ d = c; c = b; b = a; a = T1 + T2;
+ }
+
+ ctx->h[0] += a; ctx->h[1] += b; ctx->h[2] += c; ctx->h[3] += d;
+ ctx->h[4] += e; ctx->h[5] += f; ctx->h[6] += g; ctx->h[7] += h;
+
+ W+=SHA_LBLOCK;
+ }
+ }
+
+#else
+
+#define ROUND_00_15(i,a,b,c,d,e,f,g,h) do { \
+ T1 += h + Sigma1(e) + Ch(e,f,g) + K512[i]; \
+ h = Sigma0(a) + Maj(a,b,c); \
+ d += T1; h += T1; } while (0)
+
+#define ROUND_16_80(i,a,b,c,d,e,f,g,h,X) do { \
+ s0 = X[(i+1)&0x0f]; s0 = sigma0(s0); \
+ s1 = X[(i+14)&0x0f]; s1 = sigma1(s1); \
+ T1 = X[(i)&0x0f] += s0 + s1 + X[(i+9)&0x0f]; \
+ ROUND_00_15(i,a,b,c,d,e,f,g,h); } while (0)
+
+static void sha512_block (SHA512_CTX *ctx, const void *in, size_t num)
+ {
+ const SHA_LONG64 *W=in;
+ SHA_LONG64 a,b,c,d,e,f,g,h,s0,s1,T1;
+ SHA_LONG64 X[16];
+ int i;
+
+ while (num--) {
+
+ a = ctx->h[0]; b = ctx->h[1]; c = ctx->h[2]; d = ctx->h[3];
+ e = ctx->h[4]; f = ctx->h[5]; g = ctx->h[6]; h = ctx->h[7];
+
+#ifdef B_ENDIAN
+ T1 = X[0] = W[0]; ROUND_00_15(0,a,b,c,d,e,f,g,h);
+ T1 = X[1] = W[1]; ROUND_00_15(1,h,a,b,c,d,e,f,g);
+ T1 = X[2] = W[2]; ROUND_00_15(2,g,h,a,b,c,d,e,f);
+ T1 = X[3] = W[3]; ROUND_00_15(3,f,g,h,a,b,c,d,e);
+ T1 = X[4] = W[4]; ROUND_00_15(4,e,f,g,h,a,b,c,d);
+ T1 = X[5] = W[5]; ROUND_00_15(5,d,e,f,g,h,a,b,c);
+ T1 = X[6] = W[6]; ROUND_00_15(6,c,d,e,f,g,h,a,b);
+ T1 = X[7] = W[7]; ROUND_00_15(7,b,c,d,e,f,g,h,a);
+ T1 = X[8] = W[8]; ROUND_00_15(8,a,b,c,d,e,f,g,h);
+ T1 = X[9] = W[9]; ROUND_00_15(9,h,a,b,c,d,e,f,g);
+ T1 = X[10] = W[10]; ROUND_00_15(10,g,h,a,b,c,d,e,f);
+ T1 = X[11] = W[11]; ROUND_00_15(11,f,g,h,a,b,c,d,e);
+ T1 = X[12] = W[12]; ROUND_00_15(12,e,f,g,h,a,b,c,d);
+ T1 = X[13] = W[13]; ROUND_00_15(13,d,e,f,g,h,a,b,c);
+ T1 = X[14] = W[14]; ROUND_00_15(14,c,d,e,f,g,h,a,b);
+ T1 = X[15] = W[15]; ROUND_00_15(15,b,c,d,e,f,g,h,a);
+#else
+ T1 = X[0] = PULL64(W[0]); ROUND_00_15(0,a,b,c,d,e,f,g,h);
+ T1 = X[1] = PULL64(W[1]); ROUND_00_15(1,h,a,b,c,d,e,f,g);
+ T1 = X[2] = PULL64(W[2]); ROUND_00_15(2,g,h,a,b,c,d,e,f);
+ T1 = X[3] = PULL64(W[3]); ROUND_00_15(3,f,g,h,a,b,c,d,e);
+ T1 = X[4] = PULL64(W[4]); ROUND_00_15(4,e,f,g,h,a,b,c,d);
+ T1 = X[5] = PULL64(W[5]); ROUND_00_15(5,d,e,f,g,h,a,b,c);
+ T1 = X[6] = PULL64(W[6]); ROUND_00_15(6,c,d,e,f,g,h,a,b);
+ T1 = X[7] = PULL64(W[7]); ROUND_00_15(7,b,c,d,e,f,g,h,a);
+ T1 = X[8] = PULL64(W[8]); ROUND_00_15(8,a,b,c,d,e,f,g,h);
+ T1 = X[9] = PULL64(W[9]); ROUND_00_15(9,h,a,b,c,d,e,f,g);
+ T1 = X[10] = PULL64(W[10]); ROUND_00_15(10,g,h,a,b,c,d,e,f);
+ T1 = X[11] = PULL64(W[11]); ROUND_00_15(11,f,g,h,a,b,c,d,e);
+ T1 = X[12] = PULL64(W[12]); ROUND_00_15(12,e,f,g,h,a,b,c,d);
+ T1 = X[13] = PULL64(W[13]); ROUND_00_15(13,d,e,f,g,h,a,b,c);
+ T1 = X[14] = PULL64(W[14]); ROUND_00_15(14,c,d,e,f,g,h,a,b);
+ T1 = X[15] = PULL64(W[15]); ROUND_00_15(15,b,c,d,e,f,g,h,a);
+#endif
+
+ for (i=16;i<80;i+=8)
+ {
+ ROUND_16_80(i+0,a,b,c,d,e,f,g,h,X);
+ ROUND_16_80(i+1,h,a,b,c,d,e,f,g,X);
+ ROUND_16_80(i+2,g,h,a,b,c,d,e,f,X);
+ ROUND_16_80(i+3,f,g,h,a,b,c,d,e,X);
+ ROUND_16_80(i+4,e,f,g,h,a,b,c,d,X);
+ ROUND_16_80(i+5,d,e,f,g,h,a,b,c,X);
+ ROUND_16_80(i+6,c,d,e,f,g,h,a,b,X);
+ ROUND_16_80(i+7,b,c,d,e,f,g,h,a,X);
+ }
+
+ ctx->h[0] += a; ctx->h[1] += b; ctx->h[2] += c; ctx->h[3] += d;
+ ctx->h[4] += e; ctx->h[5] += f; ctx->h[6] += g; ctx->h[7] += h;
+
+ W+=SHA_LBLOCK;
+ }
+ }
+
+#endif
+
+#endif /* SHA512_ASM */
+
+#endif /* OPENSSL_NO_SHA512 */
--- /dev/null
+/* crypto/sha/sha_locl.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdlib.h>
+#include <string.h>
+
+#include <openssl/opensslconf.h>
+#include <openssl/fips_sha.h>
+#include <openssl/fips.h>
+
+#ifndef SHA_LONG_LOG2
+#define SHA_LONG_LOG2 2 /* default to 32 bits */
+#endif
+
+#define DATA_ORDER_IS_BIG_ENDIAN
+
+#define HASH_LONG SHA_LONG
+#define HASH_LONG_LOG2 SHA_LONG_LOG2
+#define HASH_CTX SHA_CTX
+#define HASH_CBLOCK SHA_CBLOCK
+#define HASH_LBLOCK SHA_LBLOCK
+#define HASH_MAKE_STRING(c,s) do { \
+ unsigned long ll; \
+ ll=(c)->h0; HOST_l2c(ll,(s)); \
+ ll=(c)->h1; HOST_l2c(ll,(s)); \
+ ll=(c)->h2; HOST_l2c(ll,(s)); \
+ ll=(c)->h3; HOST_l2c(ll,(s)); \
+ ll=(c)->h4; HOST_l2c(ll,(s)); \
+ } while (0)
+
+#if defined(SHA_0)
+
+# define HASH_UPDATE SHA_Update
+# define HASH_TRANSFORM SHA_Transform
+# define HASH_FINAL SHA_Final
+# define HASH_INIT SHA_Init
+# define HASH_BLOCK_HOST_ORDER sha_block_host_order
+# define HASH_BLOCK_DATA_ORDER sha_block_data_order
+# define Xupdate(a,ix,ia,ib,ic,id) (ix=(a)=(ia^ib^ic^id))
+
+ void sha_block_host_order (SHA_CTX *c, const void *p,size_t num);
+ void sha_block_data_order (SHA_CTX *c, const void *p,size_t num);
+
+#elif defined(SHA_1)
+
+# define HASH_UPDATE SHA1_Update
+# define HASH_TRANSFORM SHA1_Transform
+# define HASH_FINAL SHA1_Final
+# define HASH_INIT SHA1_Init
+# define HASH_BLOCK_HOST_ORDER sha1_block_host_order
+# define HASH_BLOCK_DATA_ORDER sha1_block_data_order
+# if defined(__MWERKS__) && defined(__MC68K__)
+ /* Metrowerks for Motorola fails otherwise:-( <appro@fy.chalmers.se> */
+# define Xupdate(a,ix,ia,ib,ic,id) do { (a)=(ia^ib^ic^id); \
+ ix=(a)=ROTATE((a),1); \
+ } while (0)
+# else
+# define Xupdate(a,ix,ia,ib,ic,id) ( (a)=(ia^ib^ic^id), \
+ ix=(a)=ROTATE((a),1) \
+ )
+# endif
+
+# ifdef SHA1_ASM
+# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__)
+# define sha1_block_host_order sha1_block_asm_host_order
+# define DONT_IMPLEMENT_BLOCK_HOST_ORDER
+# define sha1_block_data_order sha1_block_asm_data_order
+# define DONT_IMPLEMENT_BLOCK_DATA_ORDER
+# define HASH_BLOCK_DATA_ORDER_ALIGNED sha1_block_asm_data_order
+# endif
+# endif
+ void sha1_block_host_order (SHA_CTX *c, const void *p,size_t num);
+ void sha1_block_data_order (SHA_CTX *c, const void *p,size_t num);
+
+#else
+# error "Either SHA_0 or SHA_1 must be defined."
+#endif
+
+#include "fips_md32_common.h"
+
+#define INIT_DATA_h0 0x67452301UL
+#define INIT_DATA_h1 0xefcdab89UL
+#define INIT_DATA_h2 0x98badcfeUL
+#define INIT_DATA_h3 0x10325476UL
+#define INIT_DATA_h4 0xc3d2e1f0UL
+
+int HASH_INIT (SHA_CTX *c)
+ {
+ /* This assert denotes binary compatibility in 0.9.7 context
+ and commonly optimized away by compiler. */
+ OPENSSL_assert(sizeof(unsigned long)<=sizeof(size_t));
+ c->h0=INIT_DATA_h0;
+ c->h1=INIT_DATA_h1;
+ c->h2=INIT_DATA_h2;
+ c->h3=INIT_DATA_h3;
+ c->h4=INIT_DATA_h4;
+ c->Nl=0;
+ c->Nh=0;
+ c->num=0;
+ return 1;
+ }
+
+#define K_00_19 0x5a827999UL
+#define K_20_39 0x6ed9eba1UL
+#define K_40_59 0x8f1bbcdcUL
+#define K_60_79 0xca62c1d6UL
+
+/* As pointed out by Wei Dai <weidai@eskimo.com>, F() below can be
+ * simplified to the code in F_00_19. Wei attributes these optimisations
+ * to Peter Gutmann's SHS code, and he attributes it to Rich Schroeppel.
+ * #define F(x,y,z) (((x) & (y)) | ((~(x)) & (z)))
+ * I've just become aware of another tweak to be made, again from Wei Dai,
+ * in F_40_59, (x&a)|(y&a) -> (x|y)&a
+ */
+#define F_00_19(b,c,d) ((((c) ^ (d)) & (b)) ^ (d))
+#define F_20_39(b,c,d) ((b) ^ (c) ^ (d))
+#define F_40_59(b,c,d) (((b) & (c)) | (((b)|(c)) & (d)))
+#define F_60_79(b,c,d) F_20_39(b,c,d)
+
+#define BODY_00_15(i,a,b,c,d,e,f,xi) \
+ (f)=xi+(e)+K_00_19+ROTATE((a),5)+F_00_19((b),(c),(d)); \
+ (b)=ROTATE((b),30);
+
+#define BODY_16_19(i,a,b,c,d,e,f,xi,xa,xb,xc,xd) \
+ Xupdate(f,xi,xa,xb,xc,xd); \
+ (f)+=(e)+K_00_19+ROTATE((a),5)+F_00_19((b),(c),(d)); \
+ (b)=ROTATE((b),30);
+
+#define BODY_20_31(i,a,b,c,d,e,f,xi,xa,xb,xc,xd) \
+ Xupdate(f,xi,xa,xb,xc,xd); \
+ (f)+=(e)+K_20_39+ROTATE((a),5)+F_20_39((b),(c),(d)); \
+ (b)=ROTATE((b),30);
+
+#define BODY_32_39(i,a,b,c,d,e,f,xa,xb,xc,xd) \
+ Xupdate(f,xa,xa,xb,xc,xd); \
+ (f)+=(e)+K_20_39+ROTATE((a),5)+F_20_39((b),(c),(d)); \
+ (b)=ROTATE((b),30);
+
+#define BODY_40_59(i,a,b,c,d,e,f,xa,xb,xc,xd) \
+ Xupdate(f,xa,xa,xb,xc,xd); \
+ (f)+=(e)+K_40_59+ROTATE((a),5)+F_40_59((b),(c),(d)); \
+ (b)=ROTATE((b),30);
+
+#define BODY_60_79(i,a,b,c,d,e,f,xa,xb,xc,xd) \
+ Xupdate(f,xa,xa,xb,xc,xd); \
+ (f)=xa+(e)+K_60_79+ROTATE((a),5)+F_60_79((b),(c),(d)); \
+ (b)=ROTATE((b),30);
+
+#ifdef X
+#undef X
+#endif
+#ifndef MD32_XARRAY
+ /*
+ * Originally X was an array. As it's automatic it's natural
+ * to expect RISC compiler to accomodate at least part of it in
+ * the register bank, isn't it? Unfortunately not all compilers
+ * "find" this expectation reasonable:-( On order to make such
+ * compilers generate better code I replace X[] with a bunch of
+ * X0, X1, etc. See the function body below...
+ * <appro@fy.chalmers.se>
+ */
+# define X(i) XX##i
+#else
+ /*
+ * However! Some compilers (most notably HP C) get overwhelmed by
+ * that many local variables so that we have to have the way to
+ * fall down to the original behavior.
+ */
+# define X(i) XX[i]
+#endif
+
+#ifndef DONT_IMPLEMENT_BLOCK_HOST_ORDER
+void HASH_BLOCK_HOST_ORDER (SHA_CTX *c, const void *d, size_t num)
+ {
+ const SHA_LONG *W=d;
+ register unsigned MD32_REG_T A,B,C,D,E,T;
+#ifndef MD32_XARRAY
+ unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7,
+ XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15;
+#else
+ SHA_LONG XX[16];
+#endif
+
+ if(FIPS_selftest_failed())
+ return;
+
+ A=c->h0;
+ B=c->h1;
+ C=c->h2;
+ D=c->h3;
+ E=c->h4;
+
+ for (;;)
+ {
+ BODY_00_15( 0,A,B,C,D,E,T,W[ 0]);
+ BODY_00_15( 1,T,A,B,C,D,E,W[ 1]);
+ BODY_00_15( 2,E,T,A,B,C,D,W[ 2]);
+ BODY_00_15( 3,D,E,T,A,B,C,W[ 3]);
+ BODY_00_15( 4,C,D,E,T,A,B,W[ 4]);
+ BODY_00_15( 5,B,C,D,E,T,A,W[ 5]);
+ BODY_00_15( 6,A,B,C,D,E,T,W[ 6]);
+ BODY_00_15( 7,T,A,B,C,D,E,W[ 7]);
+ BODY_00_15( 8,E,T,A,B,C,D,W[ 8]);
+ BODY_00_15( 9,D,E,T,A,B,C,W[ 9]);
+ BODY_00_15(10,C,D,E,T,A,B,W[10]);
+ BODY_00_15(11,B,C,D,E,T,A,W[11]);
+ BODY_00_15(12,A,B,C,D,E,T,W[12]);
+ BODY_00_15(13,T,A,B,C,D,E,W[13]);
+ BODY_00_15(14,E,T,A,B,C,D,W[14]);
+ BODY_00_15(15,D,E,T,A,B,C,W[15]);
+
+ BODY_16_19(16,C,D,E,T,A,B,X( 0),W[ 0],W[ 2],W[ 8],W[13]);
+ BODY_16_19(17,B,C,D,E,T,A,X( 1),W[ 1],W[ 3],W[ 9],W[14]);
+ BODY_16_19(18,A,B,C,D,E,T,X( 2),W[ 2],W[ 4],W[10],W[15]);
+ BODY_16_19(19,T,A,B,C,D,E,X( 3),W[ 3],W[ 5],W[11],X( 0));
+
+ BODY_20_31(20,E,T,A,B,C,D,X( 4),W[ 4],W[ 6],W[12],X( 1));
+ BODY_20_31(21,D,E,T,A,B,C,X( 5),W[ 5],W[ 7],W[13],X( 2));
+ BODY_20_31(22,C,D,E,T,A,B,X( 6),W[ 6],W[ 8],W[14],X( 3));
+ BODY_20_31(23,B,C,D,E,T,A,X( 7),W[ 7],W[ 9],W[15],X( 4));
+ BODY_20_31(24,A,B,C,D,E,T,X( 8),W[ 8],W[10],X( 0),X( 5));
+ BODY_20_31(25,T,A,B,C,D,E,X( 9),W[ 9],W[11],X( 1),X( 6));
+ BODY_20_31(26,E,T,A,B,C,D,X(10),W[10],W[12],X( 2),X( 7));
+ BODY_20_31(27,D,E,T,A,B,C,X(11),W[11],W[13],X( 3),X( 8));
+ BODY_20_31(28,C,D,E,T,A,B,X(12),W[12],W[14],X( 4),X( 9));
+ BODY_20_31(29,B,C,D,E,T,A,X(13),W[13],W[15],X( 5),X(10));
+ BODY_20_31(30,A,B,C,D,E,T,X(14),W[14],X( 0),X( 6),X(11));
+ BODY_20_31(31,T,A,B,C,D,E,X(15),W[15],X( 1),X( 7),X(12));
+
+ BODY_32_39(32,E,T,A,B,C,D,X( 0),X( 2),X( 8),X(13));
+ BODY_32_39(33,D,E,T,A,B,C,X( 1),X( 3),X( 9),X(14));
+ BODY_32_39(34,C,D,E,T,A,B,X( 2),X( 4),X(10),X(15));
+ BODY_32_39(35,B,C,D,E,T,A,X( 3),X( 5),X(11),X( 0));
+ BODY_32_39(36,A,B,C,D,E,T,X( 4),X( 6),X(12),X( 1));
+ BODY_32_39(37,T,A,B,C,D,E,X( 5),X( 7),X(13),X( 2));
+ BODY_32_39(38,E,T,A,B,C,D,X( 6),X( 8),X(14),X( 3));
+ BODY_32_39(39,D,E,T,A,B,C,X( 7),X( 9),X(15),X( 4));
+
+ BODY_40_59(40,C,D,E,T,A,B,X( 8),X(10),X( 0),X( 5));
+ BODY_40_59(41,B,C,D,E,T,A,X( 9),X(11),X( 1),X( 6));
+ BODY_40_59(42,A,B,C,D,E,T,X(10),X(12),X( 2),X( 7));
+ BODY_40_59(43,T,A,B,C,D,E,X(11),X(13),X( 3),X( 8));
+ BODY_40_59(44,E,T,A,B,C,D,X(12),X(14),X( 4),X( 9));
+ BODY_40_59(45,D,E,T,A,B,C,X(13),X(15),X( 5),X(10));
+ BODY_40_59(46,C,D,E,T,A,B,X(14),X( 0),X( 6),X(11));
+ BODY_40_59(47,B,C,D,E,T,A,X(15),X( 1),X( 7),X(12));
+ BODY_40_59(48,A,B,C,D,E,T,X( 0),X( 2),X( 8),X(13));
+ BODY_40_59(49,T,A,B,C,D,E,X( 1),X( 3),X( 9),X(14));
+ BODY_40_59(50,E,T,A,B,C,D,X( 2),X( 4),X(10),X(15));
+ BODY_40_59(51,D,E,T,A,B,C,X( 3),X( 5),X(11),X( 0));
+ BODY_40_59(52,C,D,E,T,A,B,X( 4),X( 6),X(12),X( 1));
+ BODY_40_59(53,B,C,D,E,T,A,X( 5),X( 7),X(13),X( 2));
+ BODY_40_59(54,A,B,C,D,E,T,X( 6),X( 8),X(14),X( 3));
+ BODY_40_59(55,T,A,B,C,D,E,X( 7),X( 9),X(15),X( 4));
+ BODY_40_59(56,E,T,A,B,C,D,X( 8),X(10),X( 0),X( 5));
+ BODY_40_59(57,D,E,T,A,B,C,X( 9),X(11),X( 1),X( 6));
+ BODY_40_59(58,C,D,E,T,A,B,X(10),X(12),X( 2),X( 7));
+ BODY_40_59(59,B,C,D,E,T,A,X(11),X(13),X( 3),X( 8));
+
+ BODY_60_79(60,A,B,C,D,E,T,X(12),X(14),X( 4),X( 9));
+ BODY_60_79(61,T,A,B,C,D,E,X(13),X(15),X( 5),X(10));
+ BODY_60_79(62,E,T,A,B,C,D,X(14),X( 0),X( 6),X(11));
+ BODY_60_79(63,D,E,T,A,B,C,X(15),X( 1),X( 7),X(12));
+ BODY_60_79(64,C,D,E,T,A,B,X( 0),X( 2),X( 8),X(13));
+ BODY_60_79(65,B,C,D,E,T,A,X( 1),X( 3),X( 9),X(14));
+ BODY_60_79(66,A,B,C,D,E,T,X( 2),X( 4),X(10),X(15));
+ BODY_60_79(67,T,A,B,C,D,E,X( 3),X( 5),X(11),X( 0));
+ BODY_60_79(68,E,T,A,B,C,D,X( 4),X( 6),X(12),X( 1));
+ BODY_60_79(69,D,E,T,A,B,C,X( 5),X( 7),X(13),X( 2));
+ BODY_60_79(70,C,D,E,T,A,B,X( 6),X( 8),X(14),X( 3));
+ BODY_60_79(71,B,C,D,E,T,A,X( 7),X( 9),X(15),X( 4));
+ BODY_60_79(72,A,B,C,D,E,T,X( 8),X(10),X( 0),X( 5));
+ BODY_60_79(73,T,A,B,C,D,E,X( 9),X(11),X( 1),X( 6));
+ BODY_60_79(74,E,T,A,B,C,D,X(10),X(12),X( 2),X( 7));
+ BODY_60_79(75,D,E,T,A,B,C,X(11),X(13),X( 3),X( 8));
+ BODY_60_79(76,C,D,E,T,A,B,X(12),X(14),X( 4),X( 9));
+ BODY_60_79(77,B,C,D,E,T,A,X(13),X(15),X( 5),X(10));
+ BODY_60_79(78,A,B,C,D,E,T,X(14),X( 0),X( 6),X(11));
+ BODY_60_79(79,T,A,B,C,D,E,X(15),X( 1),X( 7),X(12));
+
+ c->h0=(c->h0+E)&0xffffffffL;
+ c->h1=(c->h1+T)&0xffffffffL;
+ c->h2=(c->h2+A)&0xffffffffL;
+ c->h3=(c->h3+B)&0xffffffffL;
+ c->h4=(c->h4+C)&0xffffffffL;
+
+ if (--num == 0) break;
+
+ A=c->h0;
+ B=c->h1;
+ C=c->h2;
+ D=c->h3;
+ E=c->h4;
+
+ W+=SHA_LBLOCK;
+ }
+ }
+#endif
+
+#ifndef DONT_IMPLEMENT_BLOCK_DATA_ORDER
+void HASH_BLOCK_DATA_ORDER (SHA_CTX *c, const void *p, size_t num)
+ {
+ const unsigned char *data=p;
+ register unsigned MD32_REG_T A,B,C,D,E,T,l;
+#ifndef MD32_XARRAY
+ unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7,
+ XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15;
+#else
+ SHA_LONG XX[16];
+#endif
+
+ if(FIPS_selftest_failed())
+ return;
+
+ A=c->h0;
+ B=c->h1;
+ C=c->h2;
+ D=c->h3;
+ E=c->h4;
+
+ for (;;)
+ {
+
+ HOST_c2l(data,l); X( 0)=l; HOST_c2l(data,l); X( 1)=l;
+ BODY_00_15( 0,A,B,C,D,E,T,X( 0)); HOST_c2l(data,l); X( 2)=l;
+ BODY_00_15( 1,T,A,B,C,D,E,X( 1)); HOST_c2l(data,l); X( 3)=l;
+ BODY_00_15( 2,E,T,A,B,C,D,X( 2)); HOST_c2l(data,l); X( 4)=l;
+ BODY_00_15( 3,D,E,T,A,B,C,X( 3)); HOST_c2l(data,l); X( 5)=l;
+ BODY_00_15( 4,C,D,E,T,A,B,X( 4)); HOST_c2l(data,l); X( 6)=l;
+ BODY_00_15( 5,B,C,D,E,T,A,X( 5)); HOST_c2l(data,l); X( 7)=l;
+ BODY_00_15( 6,A,B,C,D,E,T,X( 6)); HOST_c2l(data,l); X( 8)=l;
+ BODY_00_15( 7,T,A,B,C,D,E,X( 7)); HOST_c2l(data,l); X( 9)=l;
+ BODY_00_15( 8,E,T,A,B,C,D,X( 8)); HOST_c2l(data,l); X(10)=l;
+ BODY_00_15( 9,D,E,T,A,B,C,X( 9)); HOST_c2l(data,l); X(11)=l;
+ BODY_00_15(10,C,D,E,T,A,B,X(10)); HOST_c2l(data,l); X(12)=l;
+ BODY_00_15(11,B,C,D,E,T,A,X(11)); HOST_c2l(data,l); X(13)=l;
+ BODY_00_15(12,A,B,C,D,E,T,X(12)); HOST_c2l(data,l); X(14)=l;
+ BODY_00_15(13,T,A,B,C,D,E,X(13)); HOST_c2l(data,l); X(15)=l;
+ BODY_00_15(14,E,T,A,B,C,D,X(14));
+ BODY_00_15(15,D,E,T,A,B,C,X(15));
+
+ BODY_16_19(16,C,D,E,T,A,B,X( 0),X( 0),X( 2),X( 8),X(13));
+ BODY_16_19(17,B,C,D,E,T,A,X( 1),X( 1),X( 3),X( 9),X(14));
+ BODY_16_19(18,A,B,C,D,E,T,X( 2),X( 2),X( 4),X(10),X(15));
+ BODY_16_19(19,T,A,B,C,D,E,X( 3),X( 3),X( 5),X(11),X( 0));
+
+ BODY_20_31(20,E,T,A,B,C,D,X( 4),X( 4),X( 6),X(12),X( 1));
+ BODY_20_31(21,D,E,T,A,B,C,X( 5),X( 5),X( 7),X(13),X( 2));
+ BODY_20_31(22,C,D,E,T,A,B,X( 6),X( 6),X( 8),X(14),X( 3));
+ BODY_20_31(23,B,C,D,E,T,A,X( 7),X( 7),X( 9),X(15),X( 4));
+ BODY_20_31(24,A,B,C,D,E,T,X( 8),X( 8),X(10),X( 0),X( 5));
+ BODY_20_31(25,T,A,B,C,D,E,X( 9),X( 9),X(11),X( 1),X( 6));
+ BODY_20_31(26,E,T,A,B,C,D,X(10),X(10),X(12),X( 2),X( 7));
+ BODY_20_31(27,D,E,T,A,B,C,X(11),X(11),X(13),X( 3),X( 8));
+ BODY_20_31(28,C,D,E,T,A,B,X(12),X(12),X(14),X( 4),X( 9));
+ BODY_20_31(29,B,C,D,E,T,A,X(13),X(13),X(15),X( 5),X(10));
+ BODY_20_31(30,A,B,C,D,E,T,X(14),X(14),X( 0),X( 6),X(11));
+ BODY_20_31(31,T,A,B,C,D,E,X(15),X(15),X( 1),X( 7),X(12));
+
+ BODY_32_39(32,E,T,A,B,C,D,X( 0),X( 2),X( 8),X(13));
+ BODY_32_39(33,D,E,T,A,B,C,X( 1),X( 3),X( 9),X(14));
+ BODY_32_39(34,C,D,E,T,A,B,X( 2),X( 4),X(10),X(15));
+ BODY_32_39(35,B,C,D,E,T,A,X( 3),X( 5),X(11),X( 0));
+ BODY_32_39(36,A,B,C,D,E,T,X( 4),X( 6),X(12),X( 1));
+ BODY_32_39(37,T,A,B,C,D,E,X( 5),X( 7),X(13),X( 2));
+ BODY_32_39(38,E,T,A,B,C,D,X( 6),X( 8),X(14),X( 3));
+ BODY_32_39(39,D,E,T,A,B,C,X( 7),X( 9),X(15),X( 4));
+
+ BODY_40_59(40,C,D,E,T,A,B,X( 8),X(10),X( 0),X( 5));
+ BODY_40_59(41,B,C,D,E,T,A,X( 9),X(11),X( 1),X( 6));
+ BODY_40_59(42,A,B,C,D,E,T,X(10),X(12),X( 2),X( 7));
+ BODY_40_59(43,T,A,B,C,D,E,X(11),X(13),X( 3),X( 8));
+ BODY_40_59(44,E,T,A,B,C,D,X(12),X(14),X( 4),X( 9));
+ BODY_40_59(45,D,E,T,A,B,C,X(13),X(15),X( 5),X(10));
+ BODY_40_59(46,C,D,E,T,A,B,X(14),X( 0),X( 6),X(11));
+ BODY_40_59(47,B,C,D,E,T,A,X(15),X( 1),X( 7),X(12));
+ BODY_40_59(48,A,B,C,D,E,T,X( 0),X( 2),X( 8),X(13));
+ BODY_40_59(49,T,A,B,C,D,E,X( 1),X( 3),X( 9),X(14));
+ BODY_40_59(50,E,T,A,B,C,D,X( 2),X( 4),X(10),X(15));
+ BODY_40_59(51,D,E,T,A,B,C,X( 3),X( 5),X(11),X( 0));
+ BODY_40_59(52,C,D,E,T,A,B,X( 4),X( 6),X(12),X( 1));
+ BODY_40_59(53,B,C,D,E,T,A,X( 5),X( 7),X(13),X( 2));
+ BODY_40_59(54,A,B,C,D,E,T,X( 6),X( 8),X(14),X( 3));
+ BODY_40_59(55,T,A,B,C,D,E,X( 7),X( 9),X(15),X( 4));
+ BODY_40_59(56,E,T,A,B,C,D,X( 8),X(10),X( 0),X( 5));
+ BODY_40_59(57,D,E,T,A,B,C,X( 9),X(11),X( 1),X( 6));
+ BODY_40_59(58,C,D,E,T,A,B,X(10),X(12),X( 2),X( 7));
+ BODY_40_59(59,B,C,D,E,T,A,X(11),X(13),X( 3),X( 8));
+
+ BODY_60_79(60,A,B,C,D,E,T,X(12),X(14),X( 4),X( 9));
+ BODY_60_79(61,T,A,B,C,D,E,X(13),X(15),X( 5),X(10));
+ BODY_60_79(62,E,T,A,B,C,D,X(14),X( 0),X( 6),X(11));
+ BODY_60_79(63,D,E,T,A,B,C,X(15),X( 1),X( 7),X(12));
+ BODY_60_79(64,C,D,E,T,A,B,X( 0),X( 2),X( 8),X(13));
+ BODY_60_79(65,B,C,D,E,T,A,X( 1),X( 3),X( 9),X(14));
+ BODY_60_79(66,A,B,C,D,E,T,X( 2),X( 4),X(10),X(15));
+ BODY_60_79(67,T,A,B,C,D,E,X( 3),X( 5),X(11),X( 0));
+ BODY_60_79(68,E,T,A,B,C,D,X( 4),X( 6),X(12),X( 1));
+ BODY_60_79(69,D,E,T,A,B,C,X( 5),X( 7),X(13),X( 2));
+ BODY_60_79(70,C,D,E,T,A,B,X( 6),X( 8),X(14),X( 3));
+ BODY_60_79(71,B,C,D,E,T,A,X( 7),X( 9),X(15),X( 4));
+ BODY_60_79(72,A,B,C,D,E,T,X( 8),X(10),X( 0),X( 5));
+ BODY_60_79(73,T,A,B,C,D,E,X( 9),X(11),X( 1),X( 6));
+ BODY_60_79(74,E,T,A,B,C,D,X(10),X(12),X( 2),X( 7));
+ BODY_60_79(75,D,E,T,A,B,C,X(11),X(13),X( 3),X( 8));
+ BODY_60_79(76,C,D,E,T,A,B,X(12),X(14),X( 4),X( 9));
+ BODY_60_79(77,B,C,D,E,T,A,X(13),X(15),X( 5),X(10));
+ BODY_60_79(78,A,B,C,D,E,T,X(14),X( 0),X( 6),X(11));
+ BODY_60_79(79,T,A,B,C,D,E,X(15),X( 1),X( 7),X(12));
+
+ c->h0=(c->h0+E)&0xffffffffL;
+ c->h1=(c->h1+T)&0xffffffffL;
+ c->h2=(c->h2+A)&0xffffffffL;
+ c->h3=(c->h3+B)&0xffffffffL;
+ c->h4=(c->h4+C)&0xffffffffL;
+
+ if (--num == 0) break;
+
+ A=c->h0;
+ B=c->h1;
+ C=c->h2;
+ D=c->h3;
+ E=c->h4;
+
+ }
+ }
+#endif
--- /dev/null
+/* fips_shatest.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2005.
+ */
+/* ====================================================================
+ * Copyright (c) 2005 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include <string.h>
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+#include <openssl/err.h>
+#include <openssl/x509v3.h>
+
+#ifndef OPENSSL_FIPS
+
+int main(int argc, char *argv[])
+{
+ printf("No FIPS SHAXXX support\n");
+ return(0);
+}
+
+#else
+
+static int dgst_test(BIO *err, BIO *out, BIO *in);
+static int print_dgst(BIO *err, const EVP_MD *md, BIO *out,
+ unsigned char *Msg, int Msglen);
+static int print_monte(BIO *err, const EVP_MD *md, BIO *out,
+ unsigned char *Seed, int SeedLen);
+
+int main(int argc, char **argv)
+ {
+ BIO *in = NULL, *out = NULL, *err = NULL;
+
+ int ret = 1;
+
+ ERR_load_crypto_strings();
+
+ err = BIO_new_fp(stderr, BIO_NOCLOSE);
+
+ if (!err)
+ {
+ fprintf(stderr, "FATAL stderr initialization error\n");
+ goto end;
+ }
+
+ if(!FIPS_mode_set(1,argv[0]))
+ {
+ ERR_print_errors(err);
+ goto end;
+ }
+
+ if (argc == 1)
+ in = BIO_new_fp(stdin, BIO_NOCLOSE);
+ else
+ in = BIO_new_file(argv[1], "r");
+
+ if (argc < 2)
+ out = BIO_new_fp(stdout, BIO_NOCLOSE);
+ else
+ out = BIO_new_file(argv[2], "w");
+
+ if (!in)
+ {
+ BIO_printf(err, "FATAL input initialization error\n");
+ goto end;
+ }
+
+ if (!out)
+ {
+ fprintf(stderr, "FATAL output initialization error\n");
+ goto end;
+ }
+
+ if (!dgst_test(err, out, in))
+ {
+ fprintf(stderr, "FATAL digest file processing error\n");
+ goto end;
+ }
+ else
+ ret = 0;
+
+ end:
+
+ if (ret && err)
+ ERR_print_errors(err);
+
+ if (in)
+ BIO_free(in);
+ if (out)
+ BIO_free(out);
+ if (err)
+ BIO_free(err);
+
+ return ret;
+
+ }
+
+#define SHA_TEST_MAX_BITS 102400
+#define SHA_TEST_MAXLINELEN (((SHA_TEST_MAX_BITS >> 3) * 2) + 10)
+
+int dgst_test(BIO *err, BIO *out, BIO *in)
+ {
+ const EVP_MD *md = NULL;
+ char *linebuf, *olinebuf, *p, *q;
+ char *keyword, *value;
+ unsigned char *Msg = NULL, *Seed = NULL;
+ long MsgLen = -1, Len = -1, SeedLen = -1;
+ int ret = 0;
+ int lnum = 0;
+
+ olinebuf = OPENSSL_malloc(SHA_TEST_MAXLINELEN);
+ linebuf = OPENSSL_malloc(SHA_TEST_MAXLINELEN);
+
+ if (!linebuf || !olinebuf)
+ goto error;
+
+
+ while (BIO_gets(in, olinebuf, SHA_TEST_MAXLINELEN) > 0)
+ {
+ lnum++;
+ strcpy(linebuf, olinebuf);
+ keyword = linebuf;
+ /* Skip leading space */
+ while (isspace((unsigned char)*keyword))
+ keyword++;
+
+ /* Look for = sign */
+ p = strchr(linebuf, '=');
+
+ /* If no = or starts with [ (for [L=20] line) just copy */
+ if (!p)
+ {
+ if (!BIO_puts(out, olinebuf))
+ goto error;
+ continue;
+ }
+
+ q = p - 1;
+
+ /* Remove trailing space */
+ while (isspace((unsigned char)*q))
+ *q-- = 0;
+
+ *p = 0;
+ value = p + 1;
+
+ /* Remove leading space from value */
+ while (isspace((unsigned char)*value))
+ value++;
+
+ /* Remove trailing space from value */
+ p = value + strlen(value) - 1;
+
+ while (*p == '\n' || isspace((unsigned char)*p))
+ *p-- = 0;
+
+ if (!strcmp(keyword,"[L") && *p==']')
+ {
+ switch (atoi(value))
+ {
+ case 20: md=EVP_sha1(); break;
+ case 28: md=EVP_sha224(); break;
+ case 32: md=EVP_sha256(); break;
+ case 48: md=EVP_sha384(); break;
+ case 64: md=EVP_sha512(); break;
+ default: goto parse_error;
+ }
+ }
+ else if (!strcmp(keyword, "Len"))
+ {
+ if (Len != -1)
+ goto parse_error;
+ Len = atoi(value);
+ if (Len < 0)
+ goto parse_error;
+ /* Only handle multiples of 8 bits */
+ if (Len & 0x7)
+ goto parse_error;
+ if (Len > SHA_TEST_MAX_BITS)
+ goto parse_error;
+ MsgLen = Len >> 3;
+ }
+
+ else if (!strcmp(keyword, "Msg"))
+ {
+ long tmplen;
+ if (strlen(value) & 1)
+ *(--value) = '0';
+ if (Msg)
+ goto parse_error;
+ Msg = string_to_hex(value, &tmplen);
+ if (!Msg)
+ goto parse_error;
+ }
+ else if (!strcmp(keyword, "Seed"))
+ {
+ if (strlen(value) & 1)
+ *(--value) = '0';
+ if (Seed)
+ goto parse_error;
+ Seed = string_to_hex(value, &SeedLen);
+ if (!Seed)
+ goto parse_error;
+ }
+ else if (!strcmp(keyword, "MD"))
+ continue;
+ else
+ goto parse_error;
+
+ BIO_puts(out, olinebuf);
+
+ if (md && Msg && (MsgLen >= 0))
+ {
+ if (!print_dgst(err, md, out, Msg, MsgLen))
+ goto error;
+ OPENSSL_free(Msg);
+ Msg = NULL;
+ MsgLen = -1;
+ Len = -1;
+ }
+ else if (md && Seed && (SeedLen > 0))
+ {
+ if (!print_monte(err, md, out, Seed, SeedLen))
+ goto error;
+ OPENSSL_free(Seed);
+ Seed = NULL;
+ SeedLen = -1;
+ }
+
+
+ }
+
+
+ ret = 1;
+
+
+ error:
+
+ if (olinebuf)
+ OPENSSL_free(olinebuf);
+ if (linebuf)
+ OPENSSL_free(linebuf);
+ if (Msg)
+ OPENSSL_free(Msg);
+ if (Seed)
+ OPENSSL_free(Seed);
+
+ return ret;
+
+ parse_error:
+
+ BIO_printf(err, "FATAL parse error processing line %d\n", lnum);
+
+ goto error;
+
+ }
+
+static int print_dgst(BIO *err, const EVP_MD *emd, BIO *out,
+ unsigned char *Msg, int Msglen)
+ {
+ int i, mdlen;
+ unsigned char md[EVP_MAX_MD_SIZE];
+ if (!EVP_Digest(Msg, Msglen, md, (unsigned int *)&mdlen, emd, NULL))
+ {
+ BIO_puts(err, "Error calculating HASH\n");
+ return 0;
+ }
+ BIO_puts(out, "MD = ");
+ for (i = 0; i < mdlen; i++)
+ BIO_printf(out, "%02x", md[i]);
+ BIO_puts(out, "\n");
+ return 1;
+ }
+
+static int print_monte(BIO *err, const EVP_MD *md, BIO *out,
+ unsigned char *Seed, int SeedLen)
+ {
+ int i, j, k;
+ int ret = 0;
+ EVP_MD_CTX ctx;
+ unsigned char *m1, *m2, *m3, *p;
+ unsigned int mlen, m1len, m2len, m3len;
+
+ EVP_MD_CTX_init(&ctx);
+
+ if (SeedLen > EVP_MAX_MD_SIZE)
+ mlen = SeedLen;
+ else
+ mlen = EVP_MAX_MD_SIZE;
+
+ m1 = OPENSSL_malloc(mlen);
+ m2 = OPENSSL_malloc(mlen);
+ m3 = OPENSSL_malloc(mlen);
+
+ if (!m1 || !m2 || !m3)
+ goto mc_error;
+
+ m1len = m2len = m3len = SeedLen;
+ memcpy(m1, Seed, SeedLen);
+ memcpy(m2, Seed, SeedLen);
+ memcpy(m3, Seed, SeedLen);
+
+ BIO_puts(out, "\n");
+
+ for (j = 0; j < 100; j++)
+ {
+ for (i = 0; i < 1000; i++)
+ {
+ EVP_DigestInit_ex(&ctx, md, NULL);
+ EVP_DigestUpdate(&ctx, m1, m1len);
+ EVP_DigestUpdate(&ctx, m2, m2len);
+ EVP_DigestUpdate(&ctx, m3, m3len);
+ p = m1;
+ m1 = m2;
+ m1len = m2len;
+ m2 = m3;
+ m2len = m3len;
+ m3 = p;
+ EVP_DigestFinal_ex(&ctx, m3, &m3len);
+ }
+ BIO_printf(out, "Count = %d\n", j);
+ BIO_puts(out, "MD = ");
+ for (k = 0; k < m3len; k++)
+ BIO_printf(out, "%02x", m3[k]);
+ BIO_puts(out, "\n\n");
+ memcpy(m1, m3, m3len);
+ memcpy(m2, m3, m3len);
+ m1len = m2len = m3len;
+ }
+
+ ret = 1;
+
+ mc_error:
+ if (m1)
+ OPENSSL_free(m1);
+ if (m2)
+ OPENSSL_free(m2);
+ if (m3)
+ OPENSSL_free(m3);
+
+ EVP_MD_CTX_cleanup(&ctx);
+
+ return ret;
+ }
+
+#endif
--- /dev/null
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/opensslconf.h>
+#include <openssl/fips_sha.h>
+#include <openssl/hmac.h>
+
+int FIPS_selftest_failed() { return 0; }
+void OPENSSL_cleanse(void *p,size_t len) {}
+
+#ifdef OPENSSL_FIPS
+
+static void hmac_init(SHA_CTX *md_ctx,SHA_CTX *o_ctx,
+ const char *key)
+ {
+ int len=strlen(key);
+ int i;
+ unsigned char keymd[HMAC_MAX_MD_CBLOCK];
+ unsigned char pad[HMAC_MAX_MD_CBLOCK];
+
+ if (len > SHA_CBLOCK)
+ {
+ SHA1_Init(md_ctx);
+ SHA1_Update(md_ctx,key,len);
+ SHA1_Final(keymd,md_ctx);
+ len=20;
+ }
+ else
+ memcpy(keymd,key,len);
+ memset(&keymd[len],'\0',HMAC_MAX_MD_CBLOCK-len);
+
+ for(i=0 ; i < HMAC_MAX_MD_CBLOCK ; i++)
+ pad[i]=0x36^keymd[i];
+ SHA1_Init(md_ctx);
+ SHA1_Update(md_ctx,pad,SHA_CBLOCK);
+
+ for(i=0 ; i < HMAC_MAX_MD_CBLOCK ; i++)
+ pad[i]=0x5c^keymd[i];
+ SHA1_Init(o_ctx);
+ SHA1_Update(o_ctx,pad,SHA_CBLOCK);
+ }
+
+static void hmac_final(unsigned char *md,SHA_CTX *md_ctx,SHA_CTX *o_ctx)
+ {
+ unsigned char buf[20];
+
+ SHA1_Final(buf,md_ctx);
+ SHA1_Update(o_ctx,buf,sizeof buf);
+ SHA1_Final(md,o_ctx);
+ }
+
+#endif
+
+int main(int argc,char **argv)
+ {
+#ifdef OPENSSL_FIPS
+ static char key[]="etaonrishdlcupfm";
+ int n;
+
+ if(argc < 2)
+ {
+ fprintf(stderr,"%s [<file>]+\n",argv[0]);
+ exit(1);
+ }
+
+ for(n=1 ; n < argc ; ++n)
+ {
+ FILE *f=fopen(argv[n],"rb");
+ SHA_CTX md_ctx,o_ctx;
+ unsigned char md[20];
+ int i;
+
+ if(!f)
+ {
+ perror(argv[n]);
+ exit(2);
+ }
+
+ hmac_init(&md_ctx,&o_ctx,key);
+ for( ; ; )
+ {
+ char buf[1024];
+ int l=fread(buf,1,sizeof buf,f);
+
+ if(l == 0)
+ {
+ if(ferror(f))
+ {
+ perror(argv[n]);
+ exit(3);
+ }
+ else
+ break;
+ }
+ SHA1_Update(&md_ctx,buf,l);
+ }
+ hmac_final(md,&md_ctx,&o_ctx);
+
+ printf("HMAC-SHA1(%s)= ",argv[n]);
+ for(i=0 ; i < 20 ; ++i)
+ printf("%02x",md[i]);
+ printf("\n");
+ }
+#endif
+ return 0;
+ }
+
+
IDEATEST= ideatest
SHATEST= shatest
SHA1TEST= sha1test
-FIPS_SHA1TEST= fips_sha1test
+FIPS_SHATEST= fips_shatest
MDC2TEST= mdc2test
RMDTEST= rmdtest
MD2TEST= md2test
EXE= $(BNTEST)$(EXE_EXT) $(ECTEST)$(EXE_EXT) $(IDEATEST)$(EXE_EXT) $(MD2TEST)$(EXE_EXT) $(MD4TEST)$(EXE_EXT) $(MD5TEST)$(EXE_EXT) $(HMACTEST)$(EXE_EXT) \
$(RC2TEST)$(EXE_EXT) $(RC4TEST)$(EXE_EXT) $(RC5TEST)$(EXE_EXT) \
- $(DESTEST)$(EXE_EXT) $(FIPS_DESTEST)$(EXE_EXT) $(SHATEST)$(EXE_EXT) $(SHA1TEST)$(EXE_EXT) $(FIPS_SHA1TEST)$(EXE_EXT) $(MDC2TEST)$(EXE_EXT) $(RMDTEST)$(EXE_EXT) \
+ $(DESTEST)$(EXE_EXT) $(FIPS_DESTEST)$(EXE_EXT) $(SHATEST)$(EXE_EXT) $(SHA1TEST)$(EXE_EXT) $(FIPS_SHATEST)$(EXE_EXT) $(MDC2TEST)$(EXE_EXT) $(RMDTEST)$(EXE_EXT) \
$(RANDTEST)$(EXE_EXT) $(FIPS_RANDTEST)$(EXE_EXT) $(DHTEST)$(EXE_EXT) $(ENGINETEST)$(EXE_EXT) \
$(BFTEST)$(EXE_EXT) $(CASTTEST)$(EXE_EXT) $(SSLTEST)$(EXE_EXT) $(EXPTEST)$(EXE_EXT) $(DSATEST)$(EXE_EXT) $(FIPS_DSATEST)$(EXE_EXT) $(RSATEST)$(EXE_EXT) \
$(EVPTEST)$(EXE_EXT) $(FIPS_AESTEST)$(EXE_EXT) \
OBJ= $(BNTEST).o $(ECTEST).o $(IDEATEST).o $(MD2TEST).o $(MD4TEST).o $(MD5TEST).o \
$(HMACTEST).o \
$(RC2TEST).o $(RC4TEST).o $(RC5TEST).o \
- $(DESTEST).o $(FIPS_DESTEST).o $(SHATEST).o $(SHA1TEST).o $(FIPS_SHA1TEST).o $(MDC2TEST).o $(RMDTEST).o \
+ $(DESTEST).o $(FIPS_DESTEST).o $(SHATEST).o $(SHA1TEST).o $(FIPS_SHATEST).o $(MDC2TEST).o $(RMDTEST).o \
$(RANDTEST).o $(FIPS_RANDTEST).o $(DHTEST).o $(ENGINETEST).o $(CASTTEST).o \
$(BFTEST).o $(SSLTEST).o $(DSATEST).o $(FIPS_DSATEST).o $(EXPTEST).o $(RSATEST).o \
$(EVPTEST).o $(FIPS_AESTEST).o $(FIPS_HMACTEST).o $(FIPS_RSAVTEST).o \
SRC= $(BNTEST).c $(ECTEST).c $(IDEATEST).c $(MD2TEST).c $(MD4TEST).c $(MD5TEST).c \
$(HMACTEST).c \
$(RC2TEST).c $(RC4TEST).c $(RC5TEST).c \
- $(DESTEST).c $(FIPS_DESTEST).c $(SHATEST).c $(SHA1TEST).c $(FIPS_SHA1TEST).c $(MDC2TEST).c $(RMDTEST).c \
+ $(DESTEST).c $(FIPS_DESTEST).c $(SHATEST).c $(SHA1TEST).c $(FIPS_SHATEST).c $(MDC2TEST).c $(RMDTEST).c \
$(RANDTEST).c $(FIPS_RANDTEST).c $(DHTEST).c $(ENGINETEST).c $(CASTTEST).c \
$(BFTEST).c $(SSLTEST).c $(DSATEST).c $(FIPS_DSATEST).c $(EXPTEST).c $(RSATEST).c \
$(EVPTEST).c $(FIPS_AESTEST).c $(FIPS_HMACTEST).c $(FIPS_RSAVTEST).c \
../util/shlib_wrap.sh ./$(SHATEST)
../util/shlib_wrap.sh ./$(SHA1TEST)
if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
- ../util/shlib_wrap.sh ./$(FIPS_SHA1TEST) sha1vectors.txt | sed s/Strings/Hashes/ | cmp sha1hashes.txt - ; \
+ ../util/shlib_wrap.sh ./$(FIPS_SHATEST) sha1vectors.txt | sed s/Strings/Hashes/ | cmp sha1hashes.txt - ; \
fi
test_mdc2:
$(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO)
@target=$(SHA1TEST); $(BUILD_CMD)
-$(FIPS_SHA1TEST)$(EXE_EXT): $(FIPS_SHA1TEST).o $(DLIBCRYPTO)
- @target=$(FIPS_SHA1TEST); $(BUILD_CMD)
+$(FIPS_SHATEST)$(EXE_EXT): $(FIPS_SHATEST).o $(DLIBCRYPTO)
+ @target=$(FIPS_SHATEST); $(BUILD_CMD)
if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
- TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a $(FIPS_SHA1TEST); \
+ TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a $(FIPS_SHATEST); \
fi
$(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO)
fips_rsavtest.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
fips_rsavtest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
fips_rsavtest.o: ../include/openssl/x509v3.h fips_rsavtest.c
-fips_sha1test.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/crypto.h
-fips_sha1test.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-fips_sha1test.o: ../include/openssl/fips.h ../include/openssl/fips_sha.h
-fips_sha1test.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
-fips_sha1test.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
-fips_sha1test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-fips_sha1test.o: fips_sha1test.c
+fips_shatest.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/crypto.h
+fips_shatest.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+fips_shatest.o: ../include/openssl/fips.h ../include/openssl/fips_sha.h
+fips_shatest.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
+fips_shatest.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
+fips_shatest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+fips_shatest.o: fips_shatest.c
hmactest.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
hmactest.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
hmactest.o: ../include/openssl/bn.h ../include/openssl/cast.h
my @args = @_;
my $change_dir = "";
- my $check_program = "sha1/fips_standalone_sha1";
+ my $check_program = "sha/fips_standalone_sha1";
my $verbose = 0;
my $badfiles = 0;