1 /* sha512.c - Functions to compute SHA512 and SHA384 message digest of files or
2 memory blocks according to the NIST specification FIPS-180-2.
4 Copyright (C) 2005-2006, 2008-2013 Free Software Foundation, Inc.
6 This program is free software: you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation, either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>. */
19 /* Written by David Madore, considerably copypasting from
20 Scott G. Miller's sha1.c
25 #if HAVE_OPENSSL_SHA512
26 # define GL_OPENSSL_INLINE _GL_EXTERN_INLINE
36 # include "unlocked-io.h"
39 #ifdef WORDS_BIGENDIAN
43 u64or (u64or (u64or (u64shl (n, 56), \
44 u64shl (u64and (n, u64lo (0x0000ff00)), 40)), \
45 u64or (u64shl (u64and (n, u64lo (0x00ff0000)), 24), \
46 u64shl (u64and (n, u64lo (0xff000000)), 8))), \
47 u64or (u64or (u64and (u64shr (n, 8), u64lo (0xff000000)), \
48 u64and (u64shr (n, 24), u64lo (0x00ff0000))), \
49 u64or (u64and (u64shr (n, 40), u64lo (0x0000ff00)), \
53 #define BLOCKSIZE 32768
54 #if BLOCKSIZE % 128 != 0
55 # error "invalid BLOCKSIZE"
58 #if ! HAVE_OPENSSL_SHA512
59 /* This array contains the bytes used to pad the buffer to the next
61 static const unsigned char fillbuf[128] = { 0x80, 0 /* , 0, 0, ... */ };
65 Takes a pointer to a 512 bit block of data (eight 64 bit ints) and
66 initializes it to the start constants of the SHA512 algorithm. This
67 must be called before using hash in the call to sha512_hash
70 sha512_init_ctx (struct sha512_ctx *ctx)
72 ctx->state[0] = u64hilo (0x6a09e667, 0xf3bcc908);
73 ctx->state[1] = u64hilo (0xbb67ae85, 0x84caa73b);
74 ctx->state[2] = u64hilo (0x3c6ef372, 0xfe94f82b);
75 ctx->state[3] = u64hilo (0xa54ff53a, 0x5f1d36f1);
76 ctx->state[4] = u64hilo (0x510e527f, 0xade682d1);
77 ctx->state[5] = u64hilo (0x9b05688c, 0x2b3e6c1f);
78 ctx->state[6] = u64hilo (0x1f83d9ab, 0xfb41bd6b);
79 ctx->state[7] = u64hilo (0x5be0cd19, 0x137e2179);
81 ctx->total[0] = ctx->total[1] = u64lo (0);
86 sha384_init_ctx (struct sha512_ctx *ctx)
88 ctx->state[0] = u64hilo (0xcbbb9d5d, 0xc1059ed8);
89 ctx->state[1] = u64hilo (0x629a292a, 0x367cd507);
90 ctx->state[2] = u64hilo (0x9159015a, 0x3070dd17);
91 ctx->state[3] = u64hilo (0x152fecd8, 0xf70e5939);
92 ctx->state[4] = u64hilo (0x67332667, 0xffc00b31);
93 ctx->state[5] = u64hilo (0x8eb44a87, 0x68581511);
94 ctx->state[6] = u64hilo (0xdb0c2e0d, 0x64f98fa7);
95 ctx->state[7] = u64hilo (0x47b5481d, 0xbefa4fa4);
97 ctx->total[0] = ctx->total[1] = u64lo (0);
101 /* Copy the value from V into the memory location pointed to by *CP,
102 If your architecture allows unaligned access, this is equivalent to
103 * (__typeof__ (v) *) cp = v */
105 set_uint64 (char *cp, u64 v)
107 memcpy (cp, &v, sizeof v);
110 /* Put result from CTX in first 64 bytes following RESBUF.
111 The result must be in little endian byte order. */
113 sha512_read_ctx (const struct sha512_ctx *ctx, void *resbuf)
118 for (i = 0; i < 8; i++)
119 set_uint64 (r + i * sizeof ctx->state[0], SWAP (ctx->state[i]));
125 sha384_read_ctx (const struct sha512_ctx *ctx, void *resbuf)
130 for (i = 0; i < 6; i++)
131 set_uint64 (r + i * sizeof ctx->state[0], SWAP (ctx->state[i]));
136 /* Process the remaining bytes in the internal buffer and the usual
137 prolog according to the standard and write the result to RESBUF. */
139 sha512_conclude_ctx (struct sha512_ctx *ctx)
141 /* Take yet unprocessed bytes into account. */
142 size_t bytes = ctx->buflen;
143 size_t size = (bytes < 112) ? 128 / 8 : 128 * 2 / 8;
145 /* Now count remaining bytes. */
146 ctx->total[0] = u64plus (ctx->total[0], u64lo (bytes));
147 if (u64lt (ctx->total[0], u64lo (bytes)))
148 ctx->total[1] = u64plus (ctx->total[1], u64lo (1));
150 /* Put the 128-bit file length in *bits* at the end of the buffer.
151 Use set_uint64 rather than a simple assignment, to avoid risk of
153 set_uint64 ((char *) &ctx->buffer[size - 2],
154 SWAP (u64or (u64shl (ctx->total[1], 3),
155 u64shr (ctx->total[0], 61))));
156 set_uint64 ((char *) &ctx->buffer[size - 1],
157 SWAP (u64shl (ctx->total[0], 3)));
159 memcpy (&((char *) ctx->buffer)[bytes], fillbuf, (size - 2) * 8 - bytes);
161 /* Process last bytes. */
162 sha512_process_block (ctx->buffer, size * 8, ctx);
166 sha512_finish_ctx (struct sha512_ctx *ctx, void *resbuf)
168 sha512_conclude_ctx (ctx);
169 return sha512_read_ctx (ctx, resbuf);
173 sha384_finish_ctx (struct sha512_ctx *ctx, void *resbuf)
175 sha512_conclude_ctx (ctx);
176 return sha384_read_ctx (ctx, resbuf);
180 /* Compute SHA512 message digest for bytes read from STREAM. The
181 resulting message digest number will be written into the 64 bytes
182 beginning at RESBLOCK. */
184 sha512_stream (FILE *stream, void *resblock)
186 struct sha512_ctx ctx;
189 char *buffer = malloc (BLOCKSIZE + 72);
193 /* Initialize the computation context. */
194 sha512_init_ctx (&ctx);
196 /* Iterate over full file contents. */
199 /* We read the file in blocks of BLOCKSIZE bytes. One call of the
200 computation function processes the whole buffer so that with the
201 next round of the loop another block can be read. */
205 /* Read block. Take care for partial reads. */
208 n = fread (buffer + sum, 1, BLOCKSIZE - sum, stream);
212 if (sum == BLOCKSIZE)
217 /* Check for the error flag IFF N == 0, so that we don't
218 exit the loop after a partial read due to e.g., EAGAIN
225 goto process_partial_block;
228 /* We've read at least one byte, so ignore errors. But always
229 check for EOF, since feof may be true even though N > 0.
230 Otherwise, we could end up calling fread after EOF. */
232 goto process_partial_block;
235 /* Process buffer with BLOCKSIZE bytes. Note that
238 sha512_process_block (buffer, BLOCKSIZE, &ctx);
241 process_partial_block:;
243 /* Process any remaining bytes. */
245 sha512_process_bytes (buffer, sum, &ctx);
247 /* Construct result in desired memory. */
248 sha512_finish_ctx (&ctx, resblock);
253 /* FIXME: Avoid code duplication */
255 sha384_stream (FILE *stream, void *resblock)
257 struct sha512_ctx ctx;
260 char *buffer = malloc (BLOCKSIZE + 72);
264 /* Initialize the computation context. */
265 sha384_init_ctx (&ctx);
267 /* Iterate over full file contents. */
270 /* We read the file in blocks of BLOCKSIZE bytes. One call of the
271 computation function processes the whole buffer so that with the
272 next round of the loop another block can be read. */
276 /* Read block. Take care for partial reads. */
279 n = fread (buffer + sum, 1, BLOCKSIZE - sum, stream);
283 if (sum == BLOCKSIZE)
288 /* Check for the error flag IFF N == 0, so that we don't
289 exit the loop after a partial read due to e.g., EAGAIN
296 goto process_partial_block;
299 /* We've read at least one byte, so ignore errors. But always
300 check for EOF, since feof may be true even though N > 0.
301 Otherwise, we could end up calling fread after EOF. */
303 goto process_partial_block;
306 /* Process buffer with BLOCKSIZE bytes. Note that
309 sha512_process_block (buffer, BLOCKSIZE, &ctx);
312 process_partial_block:;
314 /* Process any remaining bytes. */
316 sha512_process_bytes (buffer, sum, &ctx);
318 /* Construct result in desired memory. */
319 sha384_finish_ctx (&ctx, resblock);
324 #if ! HAVE_OPENSSL_SHA512
325 /* Compute SHA512 message digest for LEN bytes beginning at BUFFER. The
326 result is always in little endian byte order, so that a byte-wise
327 output yields to the wanted ASCII representation of the message
330 sha512_buffer (const char *buffer, size_t len, void *resblock)
332 struct sha512_ctx ctx;
334 /* Initialize the computation context. */
335 sha512_init_ctx (&ctx);
337 /* Process whole buffer but last len % 128 bytes. */
338 sha512_process_bytes (buffer, len, &ctx);
340 /* Put result in desired memory area. */
341 return sha512_finish_ctx (&ctx, resblock);
345 sha384_buffer (const char *buffer, size_t len, void *resblock)
347 struct sha512_ctx ctx;
349 /* Initialize the computation context. */
350 sha384_init_ctx (&ctx);
352 /* Process whole buffer but last len % 128 bytes. */
353 sha512_process_bytes (buffer, len, &ctx);
355 /* Put result in desired memory area. */
356 return sha384_finish_ctx (&ctx, resblock);
360 sha512_process_bytes (const void *buffer, size_t len, struct sha512_ctx *ctx)
362 /* When we already have some bits in our internal buffer concatenate
363 both inputs first. */
364 if (ctx->buflen != 0)
366 size_t left_over = ctx->buflen;
367 size_t add = 256 - left_over > len ? len : 256 - left_over;
369 memcpy (&((char *) ctx->buffer)[left_over], buffer, add);
372 if (ctx->buflen > 128)
374 sha512_process_block (ctx->buffer, ctx->buflen & ~127, ctx);
377 /* The regions in the following copy operation cannot overlap. */
379 &((char *) ctx->buffer)[(left_over + add) & ~127],
383 buffer = (const char *) buffer + add;
387 /* Process available complete blocks. */
390 #if !_STRING_ARCH_unaligned
391 # define UNALIGNED_P(p) ((uintptr_t) (p) % alignof (u64) != 0)
392 if (UNALIGNED_P (buffer))
395 sha512_process_block (memcpy (ctx->buffer, buffer, 128), 128, ctx);
396 buffer = (const char *) buffer + 128;
402 sha512_process_block (buffer, len & ~127, ctx);
403 buffer = (const char *) buffer + (len & ~127);
408 /* Move remaining bytes in internal buffer. */
411 size_t left_over = ctx->buflen;
413 memcpy (&((char *) ctx->buffer)[left_over], buffer, len);
415 if (left_over >= 128)
417 sha512_process_block (ctx->buffer, 128, ctx);
419 memcpy (ctx->buffer, &ctx->buffer[16], left_over);
421 ctx->buflen = left_over;
425 /* --- Code below is the primary difference between sha1.c and sha512.c --- */
427 /* SHA512 round constants */
428 #define K(I) sha512_round_constants[I]
429 static u64 const sha512_round_constants[80] = {
430 u64init (0x428a2f98, 0xd728ae22), u64init (0x71374491, 0x23ef65cd),
431 u64init (0xb5c0fbcf, 0xec4d3b2f), u64init (0xe9b5dba5, 0x8189dbbc),
432 u64init (0x3956c25b, 0xf348b538), u64init (0x59f111f1, 0xb605d019),
433 u64init (0x923f82a4, 0xaf194f9b), u64init (0xab1c5ed5, 0xda6d8118),
434 u64init (0xd807aa98, 0xa3030242), u64init (0x12835b01, 0x45706fbe),
435 u64init (0x243185be, 0x4ee4b28c), u64init (0x550c7dc3, 0xd5ffb4e2),
436 u64init (0x72be5d74, 0xf27b896f), u64init (0x80deb1fe, 0x3b1696b1),
437 u64init (0x9bdc06a7, 0x25c71235), u64init (0xc19bf174, 0xcf692694),
438 u64init (0xe49b69c1, 0x9ef14ad2), u64init (0xefbe4786, 0x384f25e3),
439 u64init (0x0fc19dc6, 0x8b8cd5b5), u64init (0x240ca1cc, 0x77ac9c65),
440 u64init (0x2de92c6f, 0x592b0275), u64init (0x4a7484aa, 0x6ea6e483),
441 u64init (0x5cb0a9dc, 0xbd41fbd4), u64init (0x76f988da, 0x831153b5),
442 u64init (0x983e5152, 0xee66dfab), u64init (0xa831c66d, 0x2db43210),
443 u64init (0xb00327c8, 0x98fb213f), u64init (0xbf597fc7, 0xbeef0ee4),
444 u64init (0xc6e00bf3, 0x3da88fc2), u64init (0xd5a79147, 0x930aa725),
445 u64init (0x06ca6351, 0xe003826f), u64init (0x14292967, 0x0a0e6e70),
446 u64init (0x27b70a85, 0x46d22ffc), u64init (0x2e1b2138, 0x5c26c926),
447 u64init (0x4d2c6dfc, 0x5ac42aed), u64init (0x53380d13, 0x9d95b3df),
448 u64init (0x650a7354, 0x8baf63de), u64init (0x766a0abb, 0x3c77b2a8),
449 u64init (0x81c2c92e, 0x47edaee6), u64init (0x92722c85, 0x1482353b),
450 u64init (0xa2bfe8a1, 0x4cf10364), u64init (0xa81a664b, 0xbc423001),
451 u64init (0xc24b8b70, 0xd0f89791), u64init (0xc76c51a3, 0x0654be30),
452 u64init (0xd192e819, 0xd6ef5218), u64init (0xd6990624, 0x5565a910),
453 u64init (0xf40e3585, 0x5771202a), u64init (0x106aa070, 0x32bbd1b8),
454 u64init (0x19a4c116, 0xb8d2d0c8), u64init (0x1e376c08, 0x5141ab53),
455 u64init (0x2748774c, 0xdf8eeb99), u64init (0x34b0bcb5, 0xe19b48a8),
456 u64init (0x391c0cb3, 0xc5c95a63), u64init (0x4ed8aa4a, 0xe3418acb),
457 u64init (0x5b9cca4f, 0x7763e373), u64init (0x682e6ff3, 0xd6b2b8a3),
458 u64init (0x748f82ee, 0x5defb2fc), u64init (0x78a5636f, 0x43172f60),
459 u64init (0x84c87814, 0xa1f0ab72), u64init (0x8cc70208, 0x1a6439ec),
460 u64init (0x90befffa, 0x23631e28), u64init (0xa4506ceb, 0xde82bde9),
461 u64init (0xbef9a3f7, 0xb2c67915), u64init (0xc67178f2, 0xe372532b),
462 u64init (0xca273ece, 0xea26619c), u64init (0xd186b8c7, 0x21c0c207),
463 u64init (0xeada7dd6, 0xcde0eb1e), u64init (0xf57d4f7f, 0xee6ed178),
464 u64init (0x06f067aa, 0x72176fba), u64init (0x0a637dc5, 0xa2c898a6),
465 u64init (0x113f9804, 0xbef90dae), u64init (0x1b710b35, 0x131c471b),
466 u64init (0x28db77f5, 0x23047d84), u64init (0x32caab7b, 0x40c72493),
467 u64init (0x3c9ebe0a, 0x15c9bebc), u64init (0x431d67c4, 0x9c100d4c),
468 u64init (0x4cc5d4be, 0xcb3e42b6), u64init (0x597f299c, 0xfc657e2a),
469 u64init (0x5fcb6fab, 0x3ad6faec), u64init (0x6c44198c, 0x4a475817),
472 /* Round functions. */
473 #define F2(A, B, C) u64or (u64and (A, B), u64and (C, u64or (A, B)))
474 #define F1(E, F, G) u64xor (G, u64and (E, u64xor (F, G)))
476 /* Process LEN bytes of BUFFER, accumulating context into CTX.
477 It is assumed that LEN % 128 == 0.
478 Most of this code comes from GnuPG's cipher/sha1.c. */
481 sha512_process_block (const void *buffer, size_t len, struct sha512_ctx *ctx)
483 u64 const *words = buffer;
484 u64 const *endp = words + len / sizeof (u64);
486 u64 a = ctx->state[0];
487 u64 b = ctx->state[1];
488 u64 c = ctx->state[2];
489 u64 d = ctx->state[3];
490 u64 e = ctx->state[4];
491 u64 f = ctx->state[5];
492 u64 g = ctx->state[6];
493 u64 h = ctx->state[7];
494 u64 lolen = u64size (len);
496 /* First increment the byte count. FIPS PUB 180-2 specifies the possible
497 length of the file up to 2^128 bits. Here we only compute the
498 number of bytes. Do a double word increment. */
499 ctx->total[0] = u64plus (ctx->total[0], lolen);
500 ctx->total[1] = u64plus (ctx->total[1],
501 u64plus (u64size (len >> 31 >> 31 >> 2),
502 u64lo (u64lt (ctx->total[0], lolen))));
504 #define S0(x) u64xor (u64rol(x, 63), u64xor (u64rol (x, 56), u64shr (x, 7)))
505 #define S1(x) u64xor (u64rol (x, 45), u64xor (u64rol (x, 3), u64shr (x, 6)))
506 #define SS0(x) u64xor (u64rol (x, 36), u64xor (u64rol (x, 30), u64rol (x, 25)))
507 #define SS1(x) u64xor (u64rol(x, 50), u64xor (u64rol (x, 46), u64rol (x, 23)))
509 #define M(I) (x[(I) & 15] \
510 = u64plus (x[(I) & 15], \
511 u64plus (S1 (x[((I) - 2) & 15]), \
512 u64plus (x[((I) - 7) & 15], \
513 S0 (x[((I) - 15) & 15])))))
515 #define R(A, B, C, D, E, F, G, H, K, M) \
518 u64 t0 = u64plus (SS0 (A), F2 (A, B, C)); \
520 u64plus (H, u64plus (SS1 (E), \
521 u64plus (F1 (E, F, G), u64plus (K, M)))); \
522 D = u64plus (D, t1); \
523 H = u64plus (t0, t1); \
530 /* FIXME: see sha1.c for a better implementation. */
531 for (t = 0; t < 16; t++)
533 x[t] = SWAP (*words);
537 R( a, b, c, d, e, f, g, h, K( 0), x[ 0] );
538 R( h, a, b, c, d, e, f, g, K( 1), x[ 1] );
539 R( g, h, a, b, c, d, e, f, K( 2), x[ 2] );
540 R( f, g, h, a, b, c, d, e, K( 3), x[ 3] );
541 R( e, f, g, h, a, b, c, d, K( 4), x[ 4] );
542 R( d, e, f, g, h, a, b, c, K( 5), x[ 5] );
543 R( c, d, e, f, g, h, a, b, K( 6), x[ 6] );
544 R( b, c, d, e, f, g, h, a, K( 7), x[ 7] );
545 R( a, b, c, d, e, f, g, h, K( 8), x[ 8] );
546 R( h, a, b, c, d, e, f, g, K( 9), x[ 9] );
547 R( g, h, a, b, c, d, e, f, K(10), x[10] );
548 R( f, g, h, a, b, c, d, e, K(11), x[11] );
549 R( e, f, g, h, a, b, c, d, K(12), x[12] );
550 R( d, e, f, g, h, a, b, c, K(13), x[13] );
551 R( c, d, e, f, g, h, a, b, K(14), x[14] );
552 R( b, c, d, e, f, g, h, a, K(15), x[15] );
553 R( a, b, c, d, e, f, g, h, K(16), M(16) );
554 R( h, a, b, c, d, e, f, g, K(17), M(17) );
555 R( g, h, a, b, c, d, e, f, K(18), M(18) );
556 R( f, g, h, a, b, c, d, e, K(19), M(19) );
557 R( e, f, g, h, a, b, c, d, K(20), M(20) );
558 R( d, e, f, g, h, a, b, c, K(21), M(21) );
559 R( c, d, e, f, g, h, a, b, K(22), M(22) );
560 R( b, c, d, e, f, g, h, a, K(23), M(23) );
561 R( a, b, c, d, e, f, g, h, K(24), M(24) );
562 R( h, a, b, c, d, e, f, g, K(25), M(25) );
563 R( g, h, a, b, c, d, e, f, K(26), M(26) );
564 R( f, g, h, a, b, c, d, e, K(27), M(27) );
565 R( e, f, g, h, a, b, c, d, K(28), M(28) );
566 R( d, e, f, g, h, a, b, c, K(29), M(29) );
567 R( c, d, e, f, g, h, a, b, K(30), M(30) );
568 R( b, c, d, e, f, g, h, a, K(31), M(31) );
569 R( a, b, c, d, e, f, g, h, K(32), M(32) );
570 R( h, a, b, c, d, e, f, g, K(33), M(33) );
571 R( g, h, a, b, c, d, e, f, K(34), M(34) );
572 R( f, g, h, a, b, c, d, e, K(35), M(35) );
573 R( e, f, g, h, a, b, c, d, K(36), M(36) );
574 R( d, e, f, g, h, a, b, c, K(37), M(37) );
575 R( c, d, e, f, g, h, a, b, K(38), M(38) );
576 R( b, c, d, e, f, g, h, a, K(39), M(39) );
577 R( a, b, c, d, e, f, g, h, K(40), M(40) );
578 R( h, a, b, c, d, e, f, g, K(41), M(41) );
579 R( g, h, a, b, c, d, e, f, K(42), M(42) );
580 R( f, g, h, a, b, c, d, e, K(43), M(43) );
581 R( e, f, g, h, a, b, c, d, K(44), M(44) );
582 R( d, e, f, g, h, a, b, c, K(45), M(45) );
583 R( c, d, e, f, g, h, a, b, K(46), M(46) );
584 R( b, c, d, e, f, g, h, a, K(47), M(47) );
585 R( a, b, c, d, e, f, g, h, K(48), M(48) );
586 R( h, a, b, c, d, e, f, g, K(49), M(49) );
587 R( g, h, a, b, c, d, e, f, K(50), M(50) );
588 R( f, g, h, a, b, c, d, e, K(51), M(51) );
589 R( e, f, g, h, a, b, c, d, K(52), M(52) );
590 R( d, e, f, g, h, a, b, c, K(53), M(53) );
591 R( c, d, e, f, g, h, a, b, K(54), M(54) );
592 R( b, c, d, e, f, g, h, a, K(55), M(55) );
593 R( a, b, c, d, e, f, g, h, K(56), M(56) );
594 R( h, a, b, c, d, e, f, g, K(57), M(57) );
595 R( g, h, a, b, c, d, e, f, K(58), M(58) );
596 R( f, g, h, a, b, c, d, e, K(59), M(59) );
597 R( e, f, g, h, a, b, c, d, K(60), M(60) );
598 R( d, e, f, g, h, a, b, c, K(61), M(61) );
599 R( c, d, e, f, g, h, a, b, K(62), M(62) );
600 R( b, c, d, e, f, g, h, a, K(63), M(63) );
601 R( a, b, c, d, e, f, g, h, K(64), M(64) );
602 R( h, a, b, c, d, e, f, g, K(65), M(65) );
603 R( g, h, a, b, c, d, e, f, K(66), M(66) );
604 R( f, g, h, a, b, c, d, e, K(67), M(67) );
605 R( e, f, g, h, a, b, c, d, K(68), M(68) );
606 R( d, e, f, g, h, a, b, c, K(69), M(69) );
607 R( c, d, e, f, g, h, a, b, K(70), M(70) );
608 R( b, c, d, e, f, g, h, a, K(71), M(71) );
609 R( a, b, c, d, e, f, g, h, K(72), M(72) );
610 R( h, a, b, c, d, e, f, g, K(73), M(73) );
611 R( g, h, a, b, c, d, e, f, K(74), M(74) );
612 R( f, g, h, a, b, c, d, e, K(75), M(75) );
613 R( e, f, g, h, a, b, c, d, K(76), M(76) );
614 R( d, e, f, g, h, a, b, c, K(77), M(77) );
615 R( c, d, e, f, g, h, a, b, K(78), M(78) );
616 R( b, c, d, e, f, g, h, a, K(79), M(79) );
618 a = ctx->state[0] = u64plus (ctx->state[0], a);
619 b = ctx->state[1] = u64plus (ctx->state[1], b);
620 c = ctx->state[2] = u64plus (ctx->state[2], c);
621 d = ctx->state[3] = u64plus (ctx->state[3], d);
622 e = ctx->state[4] = u64plus (ctx->state[4], e);
623 f = ctx->state[5] = u64plus (ctx->state[5], f);
624 g = ctx->state[6] = u64plus (ctx->state[6], g);
625 h = ctx->state[7] = u64plus (ctx->state[7], h);
projects / gnulib.git / blob