1 files changed, 51 insertions, 51 deletions
diff --git a/src/lib/libcrypto/sha/sha256.c b/src/lib/libcrypto/sha/sha256.c
index 192e208755..6c58321756 100644
--- a/src/lib/libcrypto/sha/sha256.c
+++ b/src/lib/libcrypto/sha/sha256.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sha256.c,v 1.14 2023/03/26 17:56:51 jsing Exp $ */
+/* $OpenBSD: sha256.c,v 1.15 2023/03/29 05:34:01 jsing Exp $ */
 /* ====================================================================
 * Copyright (c) 1998-2011 The OpenSSL Project.  All rights reserved.
 *
@@ -163,7 +163,7 @@ SHA224_Final(unsigned char *md, SHA256_CTX *c)
 * Idea behind separate cases for pre-defined lengths is to let the
 * compiler decide if it's appropriate to unroll small loops.
 */
-#define HASH_MAKE_STRING(c,s)   do {    \
+#define HASH_MAKE_STRING(c, s)  do {    \
        unsigned long ll;               \
        unsigned int  nn;               \
        switch ((c)->md_len)            \
@@ -225,15 +225,15 @@ static const SHA_LONG K256[64] = {
 #define sigma0(x)       (ROTATE((x),25) ^ ROTATE((x),14) ^ ((x)>>3))
 #define sigma1(x)       (ROTATE((x),15) ^ ROTATE((x),13) ^ ((x)>>10))
-#define Ch(x,y,z)       (((x) & (y)) ^ ((~(x)) & (z)))
+#define Ch(x, y, z)     (((x) & (y)) ^ ((~(x)) & (z)))
-#define Maj(x,y,z)      (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
+#define Maj(x, y, z)    (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
 #ifdef OPENSSL_SMALL_FOOTPRINT
 static void
 sha256_block_data_order(SHA256_CTX *ctx, const void *in, size_t num)
 {
-        unsigned MD32_REG_T a, b,c, d,e, f,g, h,s0, s1, T1, T2;
+        unsigned MD32_REG_T a, b, c, d, e, f, g, h, s0, s1, T1, T2;
        SHA_LONG        X[16], l;
        int i;
        const unsigned char *data = in;
@@ -296,21 +296,21 @@ sha256_block_data_order(SHA256_CTX *ctx, const void *in, size_t num)
 #else
-#define ROUND_00_15(i,a,b,c,d,e,f,g,h)          do {    \
+#define ROUND_00_15(i, a, b, c, d, e, f, g, h)          do {    \
-        T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i];      \
+        T1 += h + Sigma1(e) + Ch(e, f, g) + K256[i];    \
-        h = Sigma0(a) + Maj(a,b,c);                     \
+        h = Sigma0(a) + Maj(a, b, c);                   \
        d += T1;        h += T1;                } while (0)
-#define ROUND_16_63(i,a,b,c,d,e,f,g,h,X)        do {    \
+#define ROUND_16_63(i, a, b, c, d, e, f, g, h, X)       do {    \
        s0 = X[(i+1)&0x0f];     s0 = sigma0(s0);        \
        s1 = X[(i+14)&0x0f];    s1 = sigma1(s1);        \
        T1 = X[(i)&0x0f] += s0 + s1 + X[(i+9)&0x0f];    \
-        ROUND_00_15(i,a,b,c,d,e,f,g,h);         } while (0)
+        ROUND_00_15(i, a, b, c, d, e, f, g, h);         } while (0)
 static void
 sha256_block_data_order(SHA256_CTX *ctx, const void *in, size_t num)
 {
-        unsigned MD32_REG_T a, b,c, d,e, f,g, h,s0, s1, T1;
+        unsigned MD32_REG_T a, b, c, d, e, f, g, h, s0, s1, T1;
        SHA_LONG        X[16];
        int i;
        const unsigned char *data = in;
@@ -331,37 +331,37 @@ sha256_block_data_order(SHA256_CTX *ctx, const void *in, size_t num)
                        const SHA_LONG *W = (const SHA_LONG *)data;
                        T1 = X[0] = W[0];
-                        ROUND_00_15(0, a,b, c,d, e,f, g, h);
+                        ROUND_00_15(0, a, b, c, d, e, f, g, h);
                        T1 = X[1] = W[1];
-                        ROUND_00_15(1, h,a, b,c, d,e, f, g);
+                        ROUND_00_15(1, h, a, b, c, d, e, f, g);
                        T1 = X[2] = W[2];
-                        ROUND_00_15(2, g,h, a,b, c,d, e, f);
+                        ROUND_00_15(2, g, h, a, b, c, d, e, f);
                        T1 = X[3] = W[3];
-                        ROUND_00_15(3, f,g, h,a, b,c, d, e);
+                        ROUND_00_15(3, f, g, h, a, b, c, d, e);
                        T1 = X[4] = W[4];
-                        ROUND_00_15(4, e,f, g,h, a,b, c, d);
+                        ROUND_00_15(4, e, f, g, h, a, b, c, d);
                        T1 = X[5] = W[5];
-                        ROUND_00_15(5, d,e, f,g, h,a, b, c);
+                        ROUND_00_15(5, d, e, f, g, h, a, b, c);
                        T1 = X[6] = W[6];
-                        ROUND_00_15(6, c,d, e,f, g,h, a, b);
+                        ROUND_00_15(6, c, d, e, f, g, h, a, b);
                        T1 = X[7] = W[7];
-                        ROUND_00_15(7, b,c, d,e, f,g, h, a);
+                        ROUND_00_15(7, b, c, d, e, f, g, h, a);
                        T1 = X[8] = W[8];
-                        ROUND_00_15(8, a,b, c,d, e,f, g, h);
+                        ROUND_00_15(8, a, b, c, d, e, f, g, h);
                        T1 = X[9] = W[9];
-                        ROUND_00_15(9, h,a, b,c, d,e, f, g);
+                        ROUND_00_15(9, h, a, b, c, d, e, f, g);
                        T1 = X[10] = W[10];
-                        ROUND_00_15(10, g,h, a,b, c,d, e, f);
+                        ROUND_00_15(10, g, h, a, b, c, d, e, f);
                        T1 = X[11] = W[11];
-                        ROUND_00_15(11, f,g, h,a, b,c, d, e);
+                        ROUND_00_15(11, f, g, h, a, b, c, d, e);
                        T1 = X[12] = W[12];
-                        ROUND_00_15(12, e,f, g,h, a,b, c, d);
+                        ROUND_00_15(12, e, f, g, h, a, b, c, d);
                        T1 = X[13] = W[13];
-                        ROUND_00_15(13, d,e, f,g, h,a, b, c);
+                        ROUND_00_15(13, d, e, f, g, h, a, b, c);
                        T1 = X[14] = W[14];
-                        ROUND_00_15(14, c,d, e,f, g,h, a, b);
+                        ROUND_00_15(14, c, d, e, f, g, h, a, b);
                        T1 = X[15] = W[15];
-                        ROUND_00_15(15, b,c, d,e, f,g, h, a);
+                        ROUND_00_15(15, b, c, d, e, f, g, h, a);
                        data += SHA256_CBLOCK;
                } else {
@@ -369,63 +369,63 @@ sha256_block_data_order(SHA256_CTX *ctx, const void *in, size_t num)
                        HOST_c2l(data, l);
                        T1 = X[0] = l;
-                        ROUND_00_15(0, a,b, c,d, e,f, g, h);
+                        ROUND_00_15(0, a, b, c, d, e, f, g, h);
                        HOST_c2l(data, l);
                        T1 = X[1] = l;
-                        ROUND_00_15(1, h,a, b,c, d,e, f, g);
+                        ROUND_00_15(1, h, a, b, c, d, e, f, g);
                        HOST_c2l(data, l);
                        T1 = X[2] = l;
-                        ROUND_00_15(2, g,h, a,b, c,d, e, f);
+                        ROUND_00_15(2, g, h, a, b, c, d, e, f);
                        HOST_c2l(data, l);
                        T1 = X[3] = l;
-                        ROUND_00_15(3, f,g, h,a, b,c, d, e);
+                        ROUND_00_15(3, f, g, h, a, b, c, d, e);
                        HOST_c2l(data, l);
                        T1 = X[4] = l;
-                        ROUND_00_15(4, e,f, g,h, a,b, c, d);
+                        ROUND_00_15(4, e, f, g, h, a, b, c, d);
                        HOST_c2l(data, l);
                        T1 = X[5] = l;
-                        ROUND_00_15(5, d,e, f,g, h,a, b, c);
+                        ROUND_00_15(5, d, e, f, g, h, a, b, c);
                        HOST_c2l(data, l);
                        T1 = X[6] = l;
-                        ROUND_00_15(6, c,d, e,f, g,h, a, b);
+                        ROUND_00_15(6, c, d, e, f, g, h, a, b);
                        HOST_c2l(data, l);
                        T1 = X[7] = l;
-                        ROUND_00_15(7, b,c, d,e, f,g, h, a);
+                        ROUND_00_15(7, b, c, d, e, f, g, h, a);
                        HOST_c2l(data, l);
                        T1 = X[8] = l;
-                        ROUND_00_15(8, a,b, c,d, e,f, g, h);
+                        ROUND_00_15(8, a, b, c, d, e, f, g, h);
                        HOST_c2l(data, l);
                        T1 = X[9] = l;
-                        ROUND_00_15(9, h,a, b,c, d,e, f, g);
+                        ROUND_00_15(9, h, a, b, c, d, e, f, g);
                        HOST_c2l(data, l);
                        T1 = X[10] = l;
-                        ROUND_00_15(10, g,h, a,b, c,d, e, f);
+                        ROUND_00_15(10, g, h, a, b, c, d, e, f);
                        HOST_c2l(data, l);
                        T1 = X[11] = l;
-                        ROUND_00_15(11, f,g, h,a, b,c, d, e);
+                        ROUND_00_15(11, f, g, h, a, b, c, d, e);
                        HOST_c2l(data, l);
                        T1 = X[12] = l;
-                        ROUND_00_15(12, e,f, g,h, a,b, c, d);
+                        ROUND_00_15(12, e, f, g, h, a, b, c, d);
                        HOST_c2l(data, l);
                        T1 = X[13] = l;
-                        ROUND_00_15(13, d,e, f,g, h,a, b, c);
+                        ROUND_00_15(13, d, e, f, g, h, a, b, c);
                        HOST_c2l(data, l);
                        T1 = X[14] = l;
-                        ROUND_00_15(14, c,d, e,f, g,h, a, b);
+                        ROUND_00_15(14, c, d, e, f, g, h, a, b);
                        HOST_c2l(data, l);
                        T1 = X[15] = l;
-                        ROUND_00_15(15, b,c, d,e, f,g, h, a);
+                        ROUND_00_15(15, b, c, d, e, f, g, h, a);
                }
                for (i = 16; i < 64; i += 8) {
-                        ROUND_16_63(i + 0, a,b, c,d, e,f, g,h, X);
+                        ROUND_16_63(i + 0, a, b, c, d, e, f, g, h, X);
-                        ROUND_16_63(i + 1, h,a, b,c, d,e, f,g, X);
+                        ROUND_16_63(i + 1, h, a, b, c, d, e, f, g, X);
-                        ROUND_16_63(i + 2, g,h, a,b, c,d, e,f, X);
+                        ROUND_16_63(i + 2, g, h, a, b, c, d, e, f, X);
-                        ROUND_16_63(i + 3, f,g, h,a, b,c, d,e, X);
+                        ROUND_16_63(i + 3, f, g, h, a, b, c, d, e, X);
-                        ROUND_16_63(i + 4, e,f, g,h, a,b, c,d, X);
+                        ROUND_16_63(i + 4, e, f, g, h, a, b, c, d, X);
-                        ROUND_16_63(i + 5, d,e, f,g, h,a, b,c, X);
+                        ROUND_16_63(i + 5, d, e, f, g, h, a, b, c, X);
-                        ROUND_16_63(i + 6, c,d, e,f, g,h, a,b, X);
+                        ROUND_16_63(i + 6, c, d, e, f, g, h, a, b, X);
-                        ROUND_16_63(i + 7, b,c, d,e, f,g, h,a, X);
+                        ROUND_16_63(i + 7, b, c, d, e, f, g, h, a, X);
                }
                ctx->h[0] += a;

diff --git a/src/lib/libcrypto/sha/sha256.c b/src/lib/libcrypto/sha/sha256.c index 192e208755..6c58321756 100644 --- a/src/lib/libcrypto/sha/sha256.c +++ b/src/lib/libcrypto/sha/sha256.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: sha256.c,v 1.14 2023/03/26 17:56:51 jsing Exp $ */	1	/* $OpenBSD: sha256.c,v 1.15 2023/03/29 05:34:01 jsing Exp $ */
2	/* ====================================================================	2	/* ====================================================================
3	* Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved.	3	* Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved.
4	*	4	*
@@ -163,7 +163,7 @@ SHA224_Final(unsigned char md, SHA256_CTX c)
163	* Idea behind separate cases for pre-defined lengths is to let the	163	* Idea behind separate cases for pre-defined lengths is to let the
164	* compiler decide if it's appropriate to unroll small loops.	164	* compiler decide if it's appropriate to unroll small loops.
165	*/	165	*/
166	#define HASH_MAKE_STRING(c,s) do { \	166	#define HASH_MAKE_STRING(c, s) do { \
167	unsigned long ll; \	167	unsigned long ll; \
168	unsigned int nn; \	168	unsigned int nn; \
169	switch ((c)->md_len) \	169	switch ((c)->md_len) \
@@ -225,15 +225,15 @@ static const SHA_LONG K256[64] = {
225	#define sigma0(x) (ROTATE((x),25) ^ ROTATE((x),14) ^ ((x)>>3))	225	#define sigma0(x) (ROTATE((x),25) ^ ROTATE((x),14) ^ ((x)>>3))
226	#define sigma1(x) (ROTATE((x),15) ^ ROTATE((x),13) ^ ((x)>>10))	226	#define sigma1(x) (ROTATE((x),15) ^ ROTATE((x),13) ^ ((x)>>10))
227		227
228	#define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z)))	228	#define Ch(x, y, z) (((x) & (y)) ^ ((~(x)) & (z)))
229	#define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))	229	#define Maj(x, y, z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
230		230
231	#ifdef OPENSSL_SMALL_FOOTPRINT	231	#ifdef OPENSSL_SMALL_FOOTPRINT
232		232
233	static void	233	static void
234	sha256_block_data_order(SHA256_CTX ctx, const void in, size_t num)	234	sha256_block_data_order(SHA256_CTX ctx, const void in, size_t num)
235	{	235	{
236	unsigned MD32_REG_T a, b,c, d,e, f,g, h,s0, s1, T1, T2;	236	unsigned MD32_REG_T a, b, c, d, e, f, g, h, s0, s1, T1, T2;
237	SHA_LONG X[16], l;	237	SHA_LONG X[16], l;
238	int i;	238	int i;
239	const unsigned char *data = in;	239	const unsigned char *data = in;
@@ -296,21 +296,21 @@ sha256_block_data_order(SHA256_CTX ctx, const void in, size_t num)
296		296
297	#else	297	#else
298		298
299	#define ROUND_00_15(i,a,b,c,d,e,f,g,h) do { \	299	#define ROUND_00_15(i, a, b, c, d, e, f, g, h) do { \
300	T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i]; \	300	T1 += h + Sigma1(e) + Ch(e, f, g) + K256[i]; \
301	h = Sigma0(a) + Maj(a,b,c); \	301	h = Sigma0(a) + Maj(a, b, c); \
302	d += T1; h += T1; } while (0)	302	d += T1; h += T1; } while (0)
303		303
304	#define ROUND_16_63(i,a,b,c,d,e,f,g,h,X) do { \	304	#define ROUND_16_63(i, a, b, c, d, e, f, g, h, X) do { \
305	s0 = X[(i+1)&0x0f]; s0 = sigma0(s0); \	305	s0 = X[(i+1)&0x0f]; s0 = sigma0(s0); \
306	s1 = X[(i+14)&0x0f]; s1 = sigma1(s1); \	306	s1 = X[(i+14)&0x0f]; s1 = sigma1(s1); \
307	T1 = X[(i)&0x0f] += s0 + s1 + X[(i+9)&0x0f]; \	307	T1 = X[(i)&0x0f] += s0 + s1 + X[(i+9)&0x0f]; \
308	ROUND_00_15(i,a,b,c,d,e,f,g,h); } while (0)	308	ROUND_00_15(i, a, b, c, d, e, f, g, h); } while (0)
309		309
310	static void	310	static void
311	sha256_block_data_order(SHA256_CTX ctx, const void in, size_t num)	311	sha256_block_data_order(SHA256_CTX ctx, const void in, size_t num)
312	{	312	{
313	unsigned MD32_REG_T a, b,c, d,e, f,g, h,s0, s1, T1;	313	unsigned MD32_REG_T a, b, c, d, e, f, g, h, s0, s1, T1;
314	SHA_LONG X[16];	314	SHA_LONG X[16];
315	int i;	315	int i;
316	const unsigned char *data = in;	316	const unsigned char *data = in;
@@ -331,37 +331,37 @@ sha256_block_data_order(SHA256_CTX ctx, const void in, size_t num)
331	const SHA_LONG W = (const SHA_LONG )data;	331	const SHA_LONG W = (const SHA_LONG )data;
332		332
333	T1 = X[0] = W[0];	333	T1 = X[0] = W[0];
334	ROUND_00_15(0, a,b, c,d, e,f, g, h);	334	ROUND_00_15(0, a, b, c, d, e, f, g, h);
335	T1 = X[1] = W[1];	335	T1 = X[1] = W[1];
336	ROUND_00_15(1, h,a, b,c, d,e, f, g);	336	ROUND_00_15(1, h, a, b, c, d, e, f, g);
337	T1 = X[2] = W[2];	337	T1 = X[2] = W[2];
338	ROUND_00_15(2, g,h, a,b, c,d, e, f);	338	ROUND_00_15(2, g, h, a, b, c, d, e, f);
339	T1 = X[3] = W[3];	339	T1 = X[3] = W[3];
340	ROUND_00_15(3, f,g, h,a, b,c, d, e);	340	ROUND_00_15(3, f, g, h, a, b, c, d, e);
341	T1 = X[4] = W[4];	341	T1 = X[4] = W[4];
342	ROUND_00_15(4, e,f, g,h, a,b, c, d);	342	ROUND_00_15(4, e, f, g, h, a, b, c, d);
343	T1 = X[5] = W[5];	343	T1 = X[5] = W[5];
344	ROUND_00_15(5, d,e, f,g, h,a, b, c);	344	ROUND_00_15(5, d, e, f, g, h, a, b, c);
345	T1 = X[6] = W[6];	345	T1 = X[6] = W[6];
346	ROUND_00_15(6, c,d, e,f, g,h, a, b);	346	ROUND_00_15(6, c, d, e, f, g, h, a, b);
347	T1 = X[7] = W[7];	347	T1 = X[7] = W[7];
348	ROUND_00_15(7, b,c, d,e, f,g, h, a);	348	ROUND_00_15(7, b, c, d, e, f, g, h, a);
349	T1 = X[8] = W[8];	349	T1 = X[8] = W[8];
350	ROUND_00_15(8, a,b, c,d, e,f, g, h);	350	ROUND_00_15(8, a, b, c, d, e, f, g, h);
351	T1 = X[9] = W[9];	351	T1 = X[9] = W[9];
352	ROUND_00_15(9, h,a, b,c, d,e, f, g);	352	ROUND_00_15(9, h, a, b, c, d, e, f, g);
353	T1 = X[10] = W[10];	353	T1 = X[10] = W[10];
354	ROUND_00_15(10, g,h, a,b, c,d, e, f);	354	ROUND_00_15(10, g, h, a, b, c, d, e, f);
355	T1 = X[11] = W[11];	355	T1 = X[11] = W[11];
356	ROUND_00_15(11, f,g, h,a, b,c, d, e);	356	ROUND_00_15(11, f, g, h, a, b, c, d, e);
357	T1 = X[12] = W[12];	357	T1 = X[12] = W[12];
358	ROUND_00_15(12, e,f, g,h, a,b, c, d);	358	ROUND_00_15(12, e, f, g, h, a, b, c, d);
359	T1 = X[13] = W[13];	359	T1 = X[13] = W[13];
360	ROUND_00_15(13, d,e, f,g, h,a, b, c);	360	ROUND_00_15(13, d, e, f, g, h, a, b, c);
361	T1 = X[14] = W[14];	361	T1 = X[14] = W[14];
362	ROUND_00_15(14, c,d, e,f, g,h, a, b);	362	ROUND_00_15(14, c, d, e, f, g, h, a, b);
363	T1 = X[15] = W[15];	363	T1 = X[15] = W[15];
364	ROUND_00_15(15, b,c, d,e, f,g, h, a);	364	ROUND_00_15(15, b, c, d, e, f, g, h, a);
365		365
366	data += SHA256_CBLOCK;	366	data += SHA256_CBLOCK;
367	} else {	367	} else {
@@ -369,63 +369,63 @@ sha256_block_data_order(SHA256_CTX ctx, const void in, size_t num)
369		369
370	HOST_c2l(data, l);	370	HOST_c2l(data, l);
371	T1 = X[0] = l;	371	T1 = X[0] = l;
372	ROUND_00_15(0, a,b, c,d, e,f, g, h);	372	ROUND_00_15(0, a, b, c, d, e, f, g, h);
373	HOST_c2l(data, l);	373	HOST_c2l(data, l);
374	T1 = X[1] = l;	374	T1 = X[1] = l;
375	ROUND_00_15(1, h,a, b,c, d,e, f, g);	375	ROUND_00_15(1, h, a, b, c, d, e, f, g);
376	HOST_c2l(data, l);	376	HOST_c2l(data, l);
377	T1 = X[2] = l;	377	T1 = X[2] = l;
378	ROUND_00_15(2, g,h, a,b, c,d, e, f);	378	ROUND_00_15(2, g, h, a, b, c, d, e, f);
379	HOST_c2l(data, l);	379	HOST_c2l(data, l);
380	T1 = X[3] = l;	380	T1 = X[3] = l;
381	ROUND_00_15(3, f,g, h,a, b,c, d, e);	381	ROUND_00_15(3, f, g, h, a, b, c, d, e);
382	HOST_c2l(data, l);	382	HOST_c2l(data, l);
383	T1 = X[4] = l;	383	T1 = X[4] = l;
384	ROUND_00_15(4, e,f, g,h, a,b, c, d);	384	ROUND_00_15(4, e, f, g, h, a, b, c, d);
385	HOST_c2l(data, l);	385	HOST_c2l(data, l);
386	T1 = X[5] = l;	386	T1 = X[5] = l;
387	ROUND_00_15(5, d,e, f,g, h,a, b, c);	387	ROUND_00_15(5, d, e, f, g, h, a, b, c);
388	HOST_c2l(data, l);	388	HOST_c2l(data, l);
389	T1 = X[6] = l;	389	T1 = X[6] = l;
390	ROUND_00_15(6, c,d, e,f, g,h, a, b);	390	ROUND_00_15(6, c, d, e, f, g, h, a, b);
391	HOST_c2l(data, l);	391	HOST_c2l(data, l);
392	T1 = X[7] = l;	392	T1 = X[7] = l;
393	ROUND_00_15(7, b,c, d,e, f,g, h, a);	393	ROUND_00_15(7, b, c, d, e, f, g, h, a);
394	HOST_c2l(data, l);	394	HOST_c2l(data, l);
395	T1 = X[8] = l;	395	T1 = X[8] = l;
396	ROUND_00_15(8, a,b, c,d, e,f, g, h);	396	ROUND_00_15(8, a, b, c, d, e, f, g, h);
397	HOST_c2l(data, l);	397	HOST_c2l(data, l);
398	T1 = X[9] = l;	398	T1 = X[9] = l;
399	ROUND_00_15(9, h,a, b,c, d,e, f, g);	399	ROUND_00_15(9, h, a, b, c, d, e, f, g);
400	HOST_c2l(data, l);	400	HOST_c2l(data, l);
401	T1 = X[10] = l;	401	T1 = X[10] = l;
402	ROUND_00_15(10, g,h, a,b, c,d, e, f);	402	ROUND_00_15(10, g, h, a, b, c, d, e, f);
403	HOST_c2l(data, l);	403	HOST_c2l(data, l);
404	T1 = X[11] = l;	404	T1 = X[11] = l;
405	ROUND_00_15(11, f,g, h,a, b,c, d, e);	405	ROUND_00_15(11, f, g, h, a, b, c, d, e);
406	HOST_c2l(data, l);	406	HOST_c2l(data, l);
407	T1 = X[12] = l;	407	T1 = X[12] = l;
408	ROUND_00_15(12, e,f, g,h, a,b, c, d);	408	ROUND_00_15(12, e, f, g, h, a, b, c, d);
409	HOST_c2l(data, l);	409	HOST_c2l(data, l);
410	T1 = X[13] = l;	410	T1 = X[13] = l;
411	ROUND_00_15(13, d,e, f,g, h,a, b, c);	411	ROUND_00_15(13, d, e, f, g, h, a, b, c);
412	HOST_c2l(data, l);	412	HOST_c2l(data, l);
413	T1 = X[14] = l;	413	T1 = X[14] = l;
414	ROUND_00_15(14, c,d, e,f, g,h, a, b);	414	ROUND_00_15(14, c, d, e, f, g, h, a, b);
415	HOST_c2l(data, l);	415	HOST_c2l(data, l);
416	T1 = X[15] = l;	416	T1 = X[15] = l;
417	ROUND_00_15(15, b,c, d,e, f,g, h, a);	417	ROUND_00_15(15, b, c, d, e, f, g, h, a);
418	}	418	}
419		419
420	for (i = 16; i < 64; i += 8) {	420	for (i = 16; i < 64; i += 8) {
421	ROUND_16_63(i + 0, a,b, c,d, e,f, g,h, X);	421	ROUND_16_63(i + 0, a, b, c, d, e, f, g, h, X);
422	ROUND_16_63(i + 1, h,a, b,c, d,e, f,g, X);	422	ROUND_16_63(i + 1, h, a, b, c, d, e, f, g, X);
423	ROUND_16_63(i + 2, g,h, a,b, c,d, e,f, X);	423	ROUND_16_63(i + 2, g, h, a, b, c, d, e, f, X);
424	ROUND_16_63(i + 3, f,g, h,a, b,c, d,e, X);	424	ROUND_16_63(i + 3, f, g, h, a, b, c, d, e, X);
425	ROUND_16_63(i + 4, e,f, g,h, a,b, c,d, X);	425	ROUND_16_63(i + 4, e, f, g, h, a, b, c, d, X);
426	ROUND_16_63(i + 5, d,e, f,g, h,a, b,c, X);	426	ROUND_16_63(i + 5, d, e, f, g, h, a, b, c, X);
427	ROUND_16_63(i + 6, c,d, e,f, g,h, a,b, X);	427	ROUND_16_63(i + 6, c, d, e, f, g, h, a, b, X);
428	ROUND_16_63(i + 7, b,c, d,e, f,g, h,a, X);	428	ROUND_16_63(i + 7, b, c, d, e, f, g, h, a, X);
429	}	429	}
430		430
431	ctx->h[0] += a;	431	ctx->h[0] += a;