1 files changed, 0 insertions, 578 deletions
diff --git a/src/lib/libcrypto/sha/sha512.c b/src/lib/libcrypto/sha/sha512.c
deleted file mode 100644
index 43d25eb119..0000000000
--- a/src/lib/libcrypto/sha/sha512.c
+++ /dev/null
@@ -1,578 +0,0 @@
-/* $OpenBSD: sha512.c,v 1.43 2025/02/14 12:01:58 jsing Exp $ */
-/* ====================================================================
- * Copyright (c) 1998-2011 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- */
-#include <endian.h>
-#include <stdlib.h>
-#include <string.h>
-#include <openssl/opensslconf.h>
-#include <openssl/crypto.h>
-#include <openssl/sha.h>
-#include "crypto_internal.h"
-#include "sha_internal.h"
-#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA512)
-/* Ensure that SHA_LONG64 and uint64_t are equivalent. */
-CTASSERT(sizeof(SHA_LONG64) == sizeof(uint64_t));
-void sha512_block_data_order(SHA512_CTX *ctx, const void *in, size_t num);
-void sha512_block_generic(SHA512_CTX *ctx, const void *in, size_t num);
-#ifndef HAVE_SHA512_BLOCK_GENERIC
-static const SHA_LONG64 K512[80] = {
-        U64(0x428a2f98d728ae22), U64(0x7137449123ef65cd),
-        U64(0xb5c0fbcfec4d3b2f), U64(0xe9b5dba58189dbbc),
-        U64(0x3956c25bf348b538), U64(0x59f111f1b605d019),
-        U64(0x923f82a4af194f9b), U64(0xab1c5ed5da6d8118),
-        U64(0xd807aa98a3030242), U64(0x12835b0145706fbe),
-        U64(0x243185be4ee4b28c), U64(0x550c7dc3d5ffb4e2),
-        U64(0x72be5d74f27b896f), U64(0x80deb1fe3b1696b1),
-        U64(0x9bdc06a725c71235), U64(0xc19bf174cf692694),
-        U64(0xe49b69c19ef14ad2), U64(0xefbe4786384f25e3),
-        U64(0x0fc19dc68b8cd5b5), U64(0x240ca1cc77ac9c65),
-        U64(0x2de92c6f592b0275), U64(0x4a7484aa6ea6e483),
-        U64(0x5cb0a9dcbd41fbd4), U64(0x76f988da831153b5),
-        U64(0x983e5152ee66dfab), U64(0xa831c66d2db43210),
-        U64(0xb00327c898fb213f), U64(0xbf597fc7beef0ee4),
-        U64(0xc6e00bf33da88fc2), U64(0xd5a79147930aa725),
-        U64(0x06ca6351e003826f), U64(0x142929670a0e6e70),
-        U64(0x27b70a8546d22ffc), U64(0x2e1b21385c26c926),
-        U64(0x4d2c6dfc5ac42aed), U64(0x53380d139d95b3df),
-        U64(0x650a73548baf63de), U64(0x766a0abb3c77b2a8),
-        U64(0x81c2c92e47edaee6), U64(0x92722c851482353b),
-        U64(0xa2bfe8a14cf10364), U64(0xa81a664bbc423001),
-        U64(0xc24b8b70d0f89791), U64(0xc76c51a30654be30),
-        U64(0xd192e819d6ef5218), U64(0xd69906245565a910),
-        U64(0xf40e35855771202a), U64(0x106aa07032bbd1b8),
-        U64(0x19a4c116b8d2d0c8), U64(0x1e376c085141ab53),
-        U64(0x2748774cdf8eeb99), U64(0x34b0bcb5e19b48a8),
-        U64(0x391c0cb3c5c95a63), U64(0x4ed8aa4ae3418acb),
-        U64(0x5b9cca4f7763e373), U64(0x682e6ff3d6b2b8a3),
-        U64(0x748f82ee5defb2fc), U64(0x78a5636f43172f60),
-        U64(0x84c87814a1f0ab72), U64(0x8cc702081a6439ec),
-        U64(0x90befffa23631e28), U64(0xa4506cebde82bde9),
-        U64(0xbef9a3f7b2c67915), U64(0xc67178f2e372532b),
-        U64(0xca273eceea26619c), U64(0xd186b8c721c0c207),
-        U64(0xeada7dd6cde0eb1e), U64(0xf57d4f7fee6ed178),
-        U64(0x06f067aa72176fba), U64(0x0a637dc5a2c898a6),
-        U64(0x113f9804bef90dae), U64(0x1b710b35131c471b),
-        U64(0x28db77f523047d84), U64(0x32caab7b40c72493),
-        U64(0x3c9ebe0a15c9bebc), U64(0x431d67c49c100d4c),
-        U64(0x4cc5d4becb3e42b6), U64(0x597f299cfc657e2a),
-        U64(0x5fcb6fab3ad6faec), U64(0x6c44198c4a475817),
-};
-static inline SHA_LONG64
-Sigma0(SHA_LONG64 x)
-{
-        return crypto_ror_u64(x, 28) ^ crypto_ror_u64(x, 34) ^
-            crypto_ror_u64(x, 39);
-}
-static inline SHA_LONG64
-Sigma1(SHA_LONG64 x)
-{
-        return crypto_ror_u64(x, 14) ^ crypto_ror_u64(x, 18) ^
-            crypto_ror_u64(x, 41);
-}
-static inline SHA_LONG64
-sigma0(SHA_LONG64 x)
-{
-        return crypto_ror_u64(x, 1) ^ crypto_ror_u64(x, 8) ^ (x >> 7);
-}
-static inline SHA_LONG64
-sigma1(SHA_LONG64 x)
-{
-        return crypto_ror_u64(x, 19) ^ crypto_ror_u64(x, 61) ^ (x >> 6);
-}
-static inline SHA_LONG64
-Ch(SHA_LONG64 x, SHA_LONG64 y, SHA_LONG64 z)
-{
-        return (x & y) ^ (~x & z);
-}
-static inline SHA_LONG64
-Maj(SHA_LONG64 x, SHA_LONG64 y, SHA_LONG64 z)
-{
-        return (x & y) ^ (x & z) ^ (y & z);
-}
-static inline void
-sha512_msg_schedule_update(SHA_LONG64 *W0, SHA_LONG64 W1,
-    SHA_LONG64 W9, SHA_LONG64 W14)
-{
-        *W0 = sigma1(W14) + W9 + sigma0(W1) + *W0;
-}
-static inline void
-sha512_round(SHA_LONG64 *a, SHA_LONG64 *b, SHA_LONG64 *c, SHA_LONG64 *d,
-    SHA_LONG64 *e, SHA_LONG64 *f, SHA_LONG64 *g, SHA_LONG64 *h,
-    SHA_LONG64 Kt, SHA_LONG64 Wt)
-{
-        SHA_LONG64 T1, T2;
-        T1 = *h + Sigma1(*e) + Ch(*e, *f, *g) + Kt + Wt;
-        T2 = Sigma0(*a) + Maj(*a, *b, *c);
-        *h = *g;
-        *g = *f;
-        *f = *e;
-        *e = *d + T1;
-        *d = *c;
-        *c = *b;
-        *b = *a;
-        *a = T1 + T2;
-}
-void
-sha512_block_generic(SHA512_CTX *ctx, const void *_in, size_t num)
-{
-        const uint8_t *in = _in;
-        const SHA_LONG64 *in64;
-        SHA_LONG64 a, b, c, d, e, f, g, h;
-        SHA_LONG64 X[16];
-        int i;
-        while (num--) {
-                a = ctx->h[0];
-                b = ctx->h[1];
-                c = ctx->h[2];
-                d = ctx->h[3];
-                e = ctx->h[4];
-                f = ctx->h[5];
-                g = ctx->h[6];
-                h = ctx->h[7];
-                if ((size_t)in % sizeof(SHA_LONG64) == 0) {
-                        /* Input is 64 bit aligned. */
-                        in64 = (const SHA_LONG64 *)in;
-                        X[0] = be64toh(in64[0]);
-                        X[1] = be64toh(in64[1]);
-                        X[2] = be64toh(in64[2]);
-                        X[3] = be64toh(in64[3]);
-                        X[4] = be64toh(in64[4]);
-                        X[5] = be64toh(in64[5]);
-                        X[6] = be64toh(in64[6]);
-                        X[7] = be64toh(in64[7]);
-                        X[8] = be64toh(in64[8]);
-                        X[9] = be64toh(in64[9]);
-                        X[10] = be64toh(in64[10]);
-                        X[11] = be64toh(in64[11]);
-                        X[12] = be64toh(in64[12]);
-                        X[13] = be64toh(in64[13]);
-                        X[14] = be64toh(in64[14]);
-                        X[15] = be64toh(in64[15]);
-                } else {
-                        /* Input is not 64 bit aligned. */
-                        X[0] = crypto_load_be64toh(&in[0 * 8]);
-                        X[1] = crypto_load_be64toh(&in[1 * 8]);
-                        X[2] = crypto_load_be64toh(&in[2 * 8]);
-                        X[3] = crypto_load_be64toh(&in[3 * 8]);
-                        X[4] = crypto_load_be64toh(&in[4 * 8]);
-                        X[5] = crypto_load_be64toh(&in[5 * 8]);
-                        X[6] = crypto_load_be64toh(&in[6 * 8]);
-                        X[7] = crypto_load_be64toh(&in[7 * 8]);
-                        X[8] = crypto_load_be64toh(&in[8 * 8]);
-                        X[9] = crypto_load_be64toh(&in[9 * 8]);
-                        X[10] = crypto_load_be64toh(&in[10 * 8]);
-                        X[11] = crypto_load_be64toh(&in[11 * 8]);
-                        X[12] = crypto_load_be64toh(&in[12 * 8]);
-                        X[13] = crypto_load_be64toh(&in[13 * 8]);
-                        X[14] = crypto_load_be64toh(&in[14 * 8]);
-                        X[15] = crypto_load_be64toh(&in[15 * 8]);
-                }
-                in += SHA512_CBLOCK;
-                sha512_round(&a, &b, &c, &d, &e, &f, &g, &h, K512[0], X[0]);
-                sha512_round(&a, &b, &c, &d, &e, &f, &g, &h, K512[1], X[1]);
-                sha512_round(&a, &b, &c, &d, &e, &f, &g, &h, K512[2], X[2]);
-                sha512_round(&a, &b, &c, &d, &e, &f, &g, &h, K512[3], X[3]);
-                sha512_round(&a, &b, &c, &d, &e, &f, &g, &h, K512[4], X[4]);
-                sha512_round(&a, &b, &c, &d, &e, &f, &g, &h, K512[5], X[5]);
-                sha512_round(&a, &b, &c, &d, &e, &f, &g, &h, K512[6], X[6]);
-                sha512_round(&a, &b, &c, &d, &e, &f, &g, &h, K512[7], X[7]);
-                sha512_round(&a, &b, &c, &d, &e, &f, &g, &h, K512[8], X[8]);
-                sha512_round(&a, &b, &c, &d, &e, &f, &g, &h, K512[9], X[9]);
-                sha512_round(&a, &b, &c, &d, &e, &f, &g, &h, K512[10], X[10]);
-                sha512_round(&a, &b, &c, &d, &e, &f, &g, &h, K512[11], X[11]);
-                sha512_round(&a, &b, &c, &d, &e, &f, &g, &h, K512[12], X[12]);
-                sha512_round(&a, &b, &c, &d, &e, &f, &g, &h, K512[13], X[13]);
-                sha512_round(&a, &b, &c, &d, &e, &f, &g, &h, K512[14], X[14]);
-                sha512_round(&a, &b, &c, &d, &e, &f, &g, &h, K512[15], X[15]);
-                for (i = 16; i < 80; i += 16) {
-                        sha512_msg_schedule_update(&X[0], X[1], X[9], X[14]);
-                        sha512_msg_schedule_update(&X[1], X[2], X[10], X[15]);
-                        sha512_msg_schedule_update(&X[2], X[3], X[11], X[0]);
-                        sha512_msg_schedule_update(&X[3], X[4], X[12], X[1]);
-                        sha512_msg_schedule_update(&X[4], X[5], X[13], X[2]);
-                        sha512_msg_schedule_update(&X[5], X[6], X[14], X[3]);
-                        sha512_msg_schedule_update(&X[6], X[7], X[15], X[4]);
-                        sha512_msg_schedule_update(&X[7], X[8], X[0], X[5]);
-                        sha512_msg_schedule_update(&X[8], X[9], X[1], X[6]);
-                        sha512_msg_schedule_update(&X[9], X[10], X[2], X[7]);
-                        sha512_msg_schedule_update(&X[10], X[11], X[3], X[8]);
-                        sha512_msg_schedule_update(&X[11], X[12], X[4], X[9]);
-                        sha512_msg_schedule_update(&X[12], X[13], X[5], X[10]);
-                        sha512_msg_schedule_update(&X[13], X[14], X[6], X[11]);
-                        sha512_msg_schedule_update(&X[14], X[15], X[7], X[12]);
-                        sha512_msg_schedule_update(&X[15], X[0], X[8], X[13]);
-                        sha512_round(&a, &b, &c, &d, &e, &f, &g, &h, K512[i + 0], X[0]);
-                        sha512_round(&a, &b, &c, &d, &e, &f, &g, &h, K512[i + 1], X[1]);
-                        sha512_round(&a, &b, &c, &d, &e, &f, &g, &h, K512[i + 2], X[2]);
-                        sha512_round(&a, &b, &c, &d, &e, &f, &g, &h, K512[i + 3], X[3]);
-                        sha512_round(&a, &b, &c, &d, &e, &f, &g, &h, K512[i + 4], X[4]);
-                        sha512_round(&a, &b, &c, &d, &e, &f, &g, &h, K512[i + 5], X[5]);
-                        sha512_round(&a, &b, &c, &d, &e, &f, &g, &h, K512[i + 6], X[6]);
-                        sha512_round(&a, &b, &c, &d, &e, &f, &g, &h, K512[i + 7], X[7]);
-                        sha512_round(&a, &b, &c, &d, &e, &f, &g, &h, K512[i + 8], X[8]);
-                        sha512_round(&a, &b, &c, &d, &e, &f, &g, &h, K512[i + 9], X[9]);
-                        sha512_round(&a, &b, &c, &d, &e, &f, &g, &h, K512[i + 10], X[10]);
-                        sha512_round(&a, &b, &c, &d, &e, &f, &g, &h, K512[i + 11], X[11]);
-                        sha512_round(&a, &b, &c, &d, &e, &f, &g, &h, K512[i + 12], X[12]);
-                        sha512_round(&a, &b, &c, &d, &e, &f, &g, &h, K512[i + 13], X[13]);
-                        sha512_round(&a, &b, &c, &d, &e, &f, &g, &h, K512[i + 14], X[14]);
-                        sha512_round(&a, &b, &c, &d, &e, &f, &g, &h, K512[i + 15], X[15]);
-                }
-                ctx->h[0] += a;
-                ctx->h[1] += b;
-                ctx->h[2] += c;
-                ctx->h[3] += d;
-                ctx->h[4] += e;
-                ctx->h[5] += f;
-                ctx->h[6] += g;
-                ctx->h[7] += h;
-        }
-}
-#endif
-#ifndef HAVE_SHA512_BLOCK_DATA_ORDER
-void
-sha512_block_data_order(SHA512_CTX *ctx, const void *_in, size_t num)
-{
-        sha512_block_generic(ctx, _in, num);
-}
-#endif
-int
-SHA384_Init(SHA512_CTX *c)
-{
-        memset(c, 0, sizeof(*c));
-        c->h[0] = U64(0xcbbb9d5dc1059ed8);
-        c->h[1] = U64(0x629a292a367cd507);
-        c->h[2] = U64(0x9159015a3070dd17);
-        c->h[3] = U64(0x152fecd8f70e5939);
-        c->h[4] = U64(0x67332667ffc00b31);
-        c->h[5] = U64(0x8eb44a8768581511);
-        c->h[6] = U64(0xdb0c2e0d64f98fa7);
-        c->h[7] = U64(0x47b5481dbefa4fa4);
-        c->md_len = SHA384_DIGEST_LENGTH;
-        return 1;
-}
-LCRYPTO_ALIAS(SHA384_Init);
-int
-SHA384_Update(SHA512_CTX *c, const void *data, size_t len)
-{
-        return SHA512_Update(c, data, len);
-}
-LCRYPTO_ALIAS(SHA384_Update);
-int
-SHA384_Final(unsigned char *md, SHA512_CTX *c)
-{
-        return SHA512_Final(md, c);
-}
-LCRYPTO_ALIAS(SHA384_Final);
-unsigned char *
-SHA384(const unsigned char *d, size_t n, unsigned char *md)
-{
-        SHA512_CTX c;
-        SHA384_Init(&c);
-        SHA512_Update(&c, d, n);
-        SHA512_Final(md, &c);
-        explicit_bzero(&c, sizeof(c));
-        return (md);
-}
-LCRYPTO_ALIAS(SHA384);
-int
-SHA512_Init(SHA512_CTX *c)
-{
-        memset(c, 0, sizeof(*c));
-        c->h[0] = U64(0x6a09e667f3bcc908);
-        c->h[1] = U64(0xbb67ae8584caa73b);
-        c->h[2] = U64(0x3c6ef372fe94f82b);
-        c->h[3] = U64(0xa54ff53a5f1d36f1);
-        c->h[4] = U64(0x510e527fade682d1);
-        c->h[5] = U64(0x9b05688c2b3e6c1f);
-        c->h[6] = U64(0x1f83d9abfb41bd6b);
-        c->h[7] = U64(0x5be0cd19137e2179);
-        c->md_len = SHA512_DIGEST_LENGTH;
-        return 1;
-}
-LCRYPTO_ALIAS(SHA512_Init);
-void
-SHA512_Transform(SHA512_CTX *c, const unsigned char *data)
-{
-        sha512_block_data_order(c, data, 1);
-}
-LCRYPTO_ALIAS(SHA512_Transform);
-int
-SHA512_Update(SHA512_CTX *c, const void *_data, size_t len)
-{
-        const unsigned char *data = _data;
-        unsigned char *p = c->u.p;
-        SHA_LONG64 l;
-        if (len == 0)
-                return 1;
-        l = (c->Nl + (((SHA_LONG64)len) << 3))&U64(0xffffffffffffffff);
-        if (l < c->Nl)
-                c->Nh++;
-        if (sizeof(len) >= 8)
-                c->Nh += (((SHA_LONG64)len) >> 61);
-        c->Nl = l;
-        if (c->num != 0) {
-                size_t n = sizeof(c->u) - c->num;
-                if (len < n) {
-                        memcpy(p + c->num, data, len);
-                        c->num += (unsigned int)len;
-                        return 1;
-                } else{
-                        memcpy(p + c->num, data, n);
-                        c->num = 0;
-                        len -= n;
-                        data += n;
-                        sha512_block_data_order(c, p, 1);
-                }
-        }
-        if (len >= sizeof(c->u)) {
-                sha512_block_data_order(c, data, len/sizeof(c->u));
-                data += len;
-                len %= sizeof(c->u);
-                data -= len;
-        }
-        if (len != 0) {
-                memcpy(p, data, len);
-                c->num = (int)len;
-        }
-        return 1;
-}
-LCRYPTO_ALIAS(SHA512_Update);
-int
-SHA512_Final(unsigned char *md, SHA512_CTX *c)
-{
-        unsigned char *p = (unsigned char *)c->u.p;
-        size_t n = c->num;
-        p[n]=0x80;      /* There always is a room for one */
-        n++;
-        if (n > (sizeof(c->u) - 16)) {
-                memset(p + n, 0, sizeof(c->u) - n);
-                n = 0;
-                sha512_block_data_order(c, p, 1);
-        }
-        memset(p + n, 0, sizeof(c->u) - 16 - n);
-        c->u.d[SHA_LBLOCK - 2] = htobe64(c->Nh);
-        c->u.d[SHA_LBLOCK - 1] = htobe64(c->Nl);
-        sha512_block_data_order(c, p, 1);
-        if (md == NULL)
-                return 0;
-        /* Let compiler decide if it's appropriate to unroll... */
-        switch (c->md_len) {
-        case SHA512_224_DIGEST_LENGTH:
-                for (n = 0; n < SHA512_224_DIGEST_LENGTH/8; n++) {
-                        crypto_store_htobe64(md, c->h[n]);
-                        md += 8;
-                }
-                crypto_store_htobe32(md, c->h[n] >> 32);
-                break;
-        case SHA512_256_DIGEST_LENGTH:
-                for (n = 0; n < SHA512_256_DIGEST_LENGTH/8; n++) {
-                        crypto_store_htobe64(md, c->h[n]);
-                        md += 8;
-                }
-                break;
-        case SHA384_DIGEST_LENGTH:
-                for (n = 0; n < SHA384_DIGEST_LENGTH/8; n++) {
-                        crypto_store_htobe64(md, c->h[n]);
-                        md += 8;
-                }
-                break;
-        case SHA512_DIGEST_LENGTH:
-                for (n = 0; n < SHA512_DIGEST_LENGTH/8; n++) {
-                        crypto_store_htobe64(md, c->h[n]);
-                        md += 8;
-                }
-                break;
-        default:
-                return 0;
-        }
-        return 1;
-}
-LCRYPTO_ALIAS(SHA512_Final);
-unsigned char *
-SHA512(const unsigned char *d, size_t n, unsigned char *md)
-{
-        SHA512_CTX c;
-        SHA512_Init(&c);
-        SHA512_Update(&c, d, n);
-        SHA512_Final(md, &c);
-        explicit_bzero(&c, sizeof(c));
-        return (md);
-}
-LCRYPTO_ALIAS(SHA512);
-int
-SHA512_224_Init(SHA512_CTX *c)
-{
-        memset(c, 0, sizeof(*c));
-        /* FIPS 180-4 section 5.3.6.1. */
-        c->h[0] = U64(0x8c3d37c819544da2);
-        c->h[1] = U64(0x73e1996689dcd4d6);
-        c->h[2] = U64(0x1dfab7ae32ff9c82);
-        c->h[3] = U64(0x679dd514582f9fcf);
-        c->h[4] = U64(0x0f6d2b697bd44da8);
-        c->h[5] = U64(0x77e36f7304c48942);
-        c->h[6] = U64(0x3f9d85a86a1d36c8);
-        c->h[7] = U64(0x1112e6ad91d692a1);
-        c->md_len = SHA512_224_DIGEST_LENGTH;
-        return 1;
-}
-int
-SHA512_224_Update(SHA512_CTX *c, const void *data, size_t len)
-{
-        return SHA512_Update(c, data, len);
-}
-int
-SHA512_224_Final(unsigned char *md, SHA512_CTX *c)
-{
-        return SHA512_Final(md, c);
-}
-int
-SHA512_256_Init(SHA512_CTX *c)
-{
-        memset(c, 0, sizeof(*c));
-        /* FIPS 180-4 section 5.3.6.2. */
-        c->h[0] = U64(0x22312194fc2bf72c);
-        c->h[1] = U64(0x9f555fa3c84c64c2);
-        c->h[2] = U64(0x2393b86b6f53b151);
-        c->h[3] = U64(0x963877195940eabd);
-        c->h[4] = U64(0x96283ee2a88effe3);
-        c->h[5] = U64(0xbe5e1e2553863992);
-        c->h[6] = U64(0x2b0199fc2c85b8aa);
-        c->h[7] = U64(0x0eb72ddc81c52ca2);
-        c->md_len = SHA512_256_DIGEST_LENGTH;
-        return 1;
-}
-int
-SHA512_256_Update(SHA512_CTX *c, const void *data, size_t len)
-{
-        return SHA512_Update(c, data, len);
-}
-int
-SHA512_256_Final(unsigned char *md, SHA512_CTX *c)
-{
-        return SHA512_Final(md, c);
-}
-#endif /* !OPENSSL_NO_SHA512 */

diff --git a/src/lib/libcrypto/sha/sha512.c b/src/lib/libcrypto/sha/sha512.c deleted file mode 100644 index 43d25eb119..0000000000 --- a/src/lib/libcrypto/sha/sha512.c +++ /dev/null
@@ -1,578 +0,0 @@
1	/* $OpenBSD: sha512.c,v 1.43 2025/02/14 12:01:58 jsing Exp $ */
2	/* ====================================================================
3	* Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved.
4	*
5	* Redistribution and use in source and binary forms, with or without
6	* modification, are permitted provided that the following conditions
7	* are met:
8	*
9	* 1. Redistributions of source code must retain the above copyright
10	* notice, this list of conditions and the following disclaimer.
11	*
12	* 2. Redistributions in binary form must reproduce the above copyright
13	* notice, this list of conditions and the following disclaimer in
14	* the documentation and/or other materials provided with the
15	* distribution.
16	*
17	* 3. All advertising materials mentioning features or use of this
18	* software must display the following acknowledgment:
19	* "This product includes software developed by the OpenSSL Project
20	* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
21	*
22	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23	* endorse or promote products derived from this software without
24	* prior written permission. For written permission, please contact
25	* openssl-core@openssl.org.
26	*
27	* 5. Products derived from this software may not be called "OpenSSL"
28	* nor may "OpenSSL" appear in their names without prior written
29	* permission of the OpenSSL Project.
30	*
31	* 6. Redistributions of any form whatsoever must retain the following
32	* acknowledgment:
33	* "This product includes software developed by the OpenSSL Project
34	* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
35	*
36	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47	* OF THE POSSIBILITY OF SUCH DAMAGE.
48	* ====================================================================
49	*
50	* This product includes cryptographic software written by Eric Young
51	* (eay@cryptsoft.com). This product includes software written by Tim
52	* Hudson (tjh@cryptsoft.com).
53	*/
54
55	#include <endian.h>
56	#include <stdlib.h>
57	#include <string.h>
58
59	#include <openssl/opensslconf.h>
60
61	#include <openssl/crypto.h>
62	#include <openssl/sha.h>
63
64	#include "crypto_internal.h"
65	#include "sha_internal.h"
66
67	#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA512)
68
69	/* Ensure that SHA_LONG64 and uint64_t are equivalent. */
70	CTASSERT(sizeof(SHA_LONG64) == sizeof(uint64_t));
71
72	void sha512_block_data_order(SHA512_CTX ctx, const void in, size_t num);
73	void sha512_block_generic(SHA512_CTX ctx, const void in, size_t num);
74
75	#ifndef HAVE_SHA512_BLOCK_GENERIC
76	static const SHA_LONG64 K512[80] = {
77	U64(0x428a2f98d728ae22), U64(0x7137449123ef65cd),
78	U64(0xb5c0fbcfec4d3b2f), U64(0xe9b5dba58189dbbc),
79	U64(0x3956c25bf348b538), U64(0x59f111f1b605d019),
80	U64(0x923f82a4af194f9b), U64(0xab1c5ed5da6d8118),
81	U64(0xd807aa98a3030242), U64(0x12835b0145706fbe),
82	U64(0x243185be4ee4b28c), U64(0x550c7dc3d5ffb4e2),
83	U64(0x72be5d74f27b896f), U64(0x80deb1fe3b1696b1),
84	U64(0x9bdc06a725c71235), U64(0xc19bf174cf692694),
85	U64(0xe49b69c19ef14ad2), U64(0xefbe4786384f25e3),
86	U64(0x0fc19dc68b8cd5b5), U64(0x240ca1cc77ac9c65),
87	U64(0x2de92c6f592b0275), U64(0x4a7484aa6ea6e483),
88	U64(0x5cb0a9dcbd41fbd4), U64(0x76f988da831153b5),
89	U64(0x983e5152ee66dfab), U64(0xa831c66d2db43210),
90	U64(0xb00327c898fb213f), U64(0xbf597fc7beef0ee4),
91	U64(0xc6e00bf33da88fc2), U64(0xd5a79147930aa725),
92	U64(0x06ca6351e003826f), U64(0x142929670a0e6e70),
93	U64(0x27b70a8546d22ffc), U64(0x2e1b21385c26c926),
94	U64(0x4d2c6dfc5ac42aed), U64(0x53380d139d95b3df),
95	U64(0x650a73548baf63de), U64(0x766a0abb3c77b2a8),
96	U64(0x81c2c92e47edaee6), U64(0x92722c851482353b),
97	U64(0xa2bfe8a14cf10364), U64(0xa81a664bbc423001),
98	U64(0xc24b8b70d0f89791), U64(0xc76c51a30654be30),
99	U64(0xd192e819d6ef5218), U64(0xd69906245565a910),
100	U64(0xf40e35855771202a), U64(0x106aa07032bbd1b8),
101	U64(0x19a4c116b8d2d0c8), U64(0x1e376c085141ab53),
102	U64(0x2748774cdf8eeb99), U64(0x34b0bcb5e19b48a8),
103	U64(0x391c0cb3c5c95a63), U64(0x4ed8aa4ae3418acb),
104	U64(0x5b9cca4f7763e373), U64(0x682e6ff3d6b2b8a3),
105	U64(0x748f82ee5defb2fc), U64(0x78a5636f43172f60),
106	U64(0x84c87814a1f0ab72), U64(0x8cc702081a6439ec),
107	U64(0x90befffa23631e28), U64(0xa4506cebde82bde9),
108	U64(0xbef9a3f7b2c67915), U64(0xc67178f2e372532b),
109	U64(0xca273eceea26619c), U64(0xd186b8c721c0c207),
110	U64(0xeada7dd6cde0eb1e), U64(0xf57d4f7fee6ed178),
111	U64(0x06f067aa72176fba), U64(0x0a637dc5a2c898a6),
112	U64(0x113f9804bef90dae), U64(0x1b710b35131c471b),
113	U64(0x28db77f523047d84), U64(0x32caab7b40c72493),
114	U64(0x3c9ebe0a15c9bebc), U64(0x431d67c49c100d4c),
115	U64(0x4cc5d4becb3e42b6), U64(0x597f299cfc657e2a),
116	U64(0x5fcb6fab3ad6faec), U64(0x6c44198c4a475817),
117	};
118
119	static inline SHA_LONG64
120	Sigma0(SHA_LONG64 x)
121	{
122	return crypto_ror_u64(x, 28) ^ crypto_ror_u64(x, 34) ^
123	crypto_ror_u64(x, 39);
124	}
125
126	static inline SHA_LONG64
127	Sigma1(SHA_LONG64 x)
128	{
129	return crypto_ror_u64(x, 14) ^ crypto_ror_u64(x, 18) ^
130	crypto_ror_u64(x, 41);
131	}
132
133	static inline SHA_LONG64
134	sigma0(SHA_LONG64 x)
135	{
136	return crypto_ror_u64(x, 1) ^ crypto_ror_u64(x, 8) ^ (x >> 7);
137	}
138
139	static inline SHA_LONG64
140	sigma1(SHA_LONG64 x)
141	{
142	return crypto_ror_u64(x, 19) ^ crypto_ror_u64(x, 61) ^ (x >> 6);
143	}
144
145	static inline SHA_LONG64
146	Ch(SHA_LONG64 x, SHA_LONG64 y, SHA_LONG64 z)
147	{
148	return (x & y) ^ (~x & z);
149	}
150
151	static inline SHA_LONG64
152	Maj(SHA_LONG64 x, SHA_LONG64 y, SHA_LONG64 z)
153	{
154	return (x & y) ^ (x & z) ^ (y & z);
155	}
156
157	static inline void
158	sha512_msg_schedule_update(SHA_LONG64 *W0, SHA_LONG64 W1,
159	SHA_LONG64 W9, SHA_LONG64 W14)
160	{
161	W0 = sigma1(W14) + W9 + sigma0(W1) + W0;
162	}
163
164	static inline void
165	sha512_round(SHA_LONG64 a, SHA_LONG64 b, SHA_LONG64 c, SHA_LONG64 d,
166	SHA_LONG64 e, SHA_LONG64 f, SHA_LONG64 g, SHA_LONG64 h,
167	SHA_LONG64 Kt, SHA_LONG64 Wt)
168	{
169	SHA_LONG64 T1, T2;
170
171	T1 = h + Sigma1(e) + Ch(e, f, *g) + Kt + Wt;
172	T2 = Sigma0(a) + Maj(a, b, c);
173
174	h = g;
175	g = f;
176	f = e;
177	e = d + T1;
178	d = c;
179	c = b;
180	b = a;
181	*a = T1 + T2;
182	}
183
184	void
185	sha512_block_generic(SHA512_CTX ctx, const void _in, size_t num)
186	{
187	const uint8_t *in = _in;
188	const SHA_LONG64 *in64;
189	SHA_LONG64 a, b, c, d, e, f, g, h;
190	SHA_LONG64 X[16];
191	int i;
192
193	while (num--) {
194	a = ctx->h[0];
195	b = ctx->h[1];
196	c = ctx->h[2];
197	d = ctx->h[3];
198	e = ctx->h[4];
199	f = ctx->h[5];
200	g = ctx->h[6];
201	h = ctx->h[7];
202
203	if ((size_t)in % sizeof(SHA_LONG64) == 0) {
204	/* Input is 64 bit aligned. */
205	in64 = (const SHA_LONG64 *)in;
206	X[0] = be64toh(in64[0]);
207	X[1] = be64toh(in64[1]);
208	X[2] = be64toh(in64[2]);
209	X[3] = be64toh(in64[3]);
210	X[4] = be64toh(in64[4]);
211	X[5] = be64toh(in64[5]);
212	X[6] = be64toh(in64[6]);
213	X[7] = be64toh(in64[7]);
214	X[8] = be64toh(in64[8]);
215	X[9] = be64toh(in64[9]);
216	X[10] = be64toh(in64[10]);
217	X[11] = be64toh(in64[11]);
218	X[12] = be64toh(in64[12]);
219	X[13] = be64toh(in64[13]);
220	X[14] = be64toh(in64[14]);
221	X[15] = be64toh(in64[15]);
222	} else {
223	/* Input is not 64 bit aligned. */
224	X[0] = crypto_load_be64toh(&in[0 * 8]);
225	X[1] = crypto_load_be64toh(&in[1 * 8]);
226	X[2] = crypto_load_be64toh(&in[2 * 8]);
227	X[3] = crypto_load_be64toh(&in[3 * 8]);
228	X[4] = crypto_load_be64toh(&in[4 * 8]);
229	X[5] = crypto_load_be64toh(&in[5 * 8]);
230	X[6] = crypto_load_be64toh(&in[6 * 8]);
231	X[7] = crypto_load_be64toh(&in[7 * 8]);
232	X[8] = crypto_load_be64toh(&in[8 * 8]);
233	X[9] = crypto_load_be64toh(&in[9 * 8]);
234	X[10] = crypto_load_be64toh(&in[10 * 8]);
235	X[11] = crypto_load_be64toh(&in[11 * 8]);
236	X[12] = crypto_load_be64toh(&in[12 * 8]);
237	X[13] = crypto_load_be64toh(&in[13 * 8]);
238	X[14] = crypto_load_be64toh(&in[14 * 8]);
239	X[15] = crypto_load_be64toh(&in[15 * 8]);
240	}
241	in += SHA512_CBLOCK;
242
243	sha512_round(&a, &b, &c, &d, &e, &f, &g, &h, K512[0], X[0]);
244	sha512_round(&a, &b, &c, &d, &e, &f, &g, &h, K512[1], X[1]);
245	sha512_round(&a, &b, &c, &d, &e, &f, &g, &h, K512[2], X[2]);
246	sha512_round(&a, &b, &c, &d, &e, &f, &g, &h, K512[3], X[3]);
247	sha512_round(&a, &b, &c, &d, &e, &f, &g, &h, K512[4], X[4]);
248	sha512_round(&a, &b, &c, &d, &e, &f, &g, &h, K512[5], X[5]);
249	sha512_round(&a, &b, &c, &d, &e, &f, &g, &h, K512[6], X[6]);
250	sha512_round(&a, &b, &c, &d, &e, &f, &g, &h, K512[7], X[7]);
251	sha512_round(&a, &b, &c, &d, &e, &f, &g, &h, K512[8], X[8]);
252	sha512_round(&a, &b, &c, &d, &e, &f, &g, &h, K512[9], X[9]);
253	sha512_round(&a, &b, &c, &d, &e, &f, &g, &h, K512[10], X[10]);
254	sha512_round(&a, &b, &c, &d, &e, &f, &g, &h, K512[11], X[11]);
255	sha512_round(&a, &b, &c, &d, &e, &f, &g, &h, K512[12], X[12]);
256	sha512_round(&a, &b, &c, &d, &e, &f, &g, &h, K512[13], X[13]);
257	sha512_round(&a, &b, &c, &d, &e, &f, &g, &h, K512[14], X[14]);
258	sha512_round(&a, &b, &c, &d, &e, &f, &g, &h, K512[15], X[15]);
259
260	for (i = 16; i < 80; i += 16) {
261	sha512_msg_schedule_update(&X[0], X[1], X[9], X[14]);
262	sha512_msg_schedule_update(&X[1], X[2], X[10], X[15]);
263	sha512_msg_schedule_update(&X[2], X[3], X[11], X[0]);
264	sha512_msg_schedule_update(&X[3], X[4], X[12], X[1]);
265	sha512_msg_schedule_update(&X[4], X[5], X[13], X[2]);
266	sha512_msg_schedule_update(&X[5], X[6], X[14], X[3]);
267	sha512_msg_schedule_update(&X[6], X[7], X[15], X[4]);
268	sha512_msg_schedule_update(&X[7], X[8], X[0], X[5]);
269	sha512_msg_schedule_update(&X[8], X[9], X[1], X[6]);
270	sha512_msg_schedule_update(&X[9], X[10], X[2], X[7]);
271	sha512_msg_schedule_update(&X[10], X[11], X[3], X[8]);
272	sha512_msg_schedule_update(&X[11], X[12], X[4], X[9]);
273	sha512_msg_schedule_update(&X[12], X[13], X[5], X[10]);
274	sha512_msg_schedule_update(&X[13], X[14], X[6], X[11]);
275	sha512_msg_schedule_update(&X[14], X[15], X[7], X[12]);
276	sha512_msg_schedule_update(&X[15], X[0], X[8], X[13]);
277
278	sha512_round(&a, &b, &c, &d, &e, &f, &g, &h, K512[i + 0], X[0]);
279	sha512_round(&a, &b, &c, &d, &e, &f, &g, &h, K512[i + 1], X[1]);
280	sha512_round(&a, &b, &c, &d, &e, &f, &g, &h, K512[i + 2], X[2]);
281	sha512_round(&a, &b, &c, &d, &e, &f, &g, &h, K512[i + 3], X[3]);
282	sha512_round(&a, &b, &c, &d, &e, &f, &g, &h, K512[i + 4], X[4]);
283	sha512_round(&a, &b, &c, &d, &e, &f, &g, &h, K512[i + 5], X[5]);
284	sha512_round(&a, &b, &c, &d, &e, &f, &g, &h, K512[i + 6], X[6]);
285	sha512_round(&a, &b, &c, &d, &e, &f, &g, &h, K512[i + 7], X[7]);
286	sha512_round(&a, &b, &c, &d, &e, &f, &g, &h, K512[i + 8], X[8]);
287	sha512_round(&a, &b, &c, &d, &e, &f, &g, &h, K512[i + 9], X[9]);
288	sha512_round(&a, &b, &c, &d, &e, &f, &g, &h, K512[i + 10], X[10]);
289	sha512_round(&a, &b, &c, &d, &e, &f, &g, &h, K512[i + 11], X[11]);
290	sha512_round(&a, &b, &c, &d, &e, &f, &g, &h, K512[i + 12], X[12]);
291	sha512_round(&a, &b, &c, &d, &e, &f, &g, &h, K512[i + 13], X[13]);
292	sha512_round(&a, &b, &c, &d, &e, &f, &g, &h, K512[i + 14], X[14]);
293	sha512_round(&a, &b, &c, &d, &e, &f, &g, &h, K512[i + 15], X[15]);
294	}
295
296	ctx->h[0] += a;
297	ctx->h[1] += b;
298	ctx->h[2] += c;
299	ctx->h[3] += d;
300	ctx->h[4] += e;
301	ctx->h[5] += f;
302	ctx->h[6] += g;
303	ctx->h[7] += h;
304	}
305	}
306	#endif
307
308	#ifndef HAVE_SHA512_BLOCK_DATA_ORDER
309	void
310	sha512_block_data_order(SHA512_CTX ctx, const void _in, size_t num)
311	{
312	sha512_block_generic(ctx, _in, num);
313	}
314	#endif
315
316	int
317	SHA384_Init(SHA512_CTX *c)
318	{
319	memset(c, 0, sizeof(*c));
320
321	c->h[0] = U64(0xcbbb9d5dc1059ed8);
322	c->h[1] = U64(0x629a292a367cd507);
323	c->h[2] = U64(0x9159015a3070dd17);
324	c->h[3] = U64(0x152fecd8f70e5939);
325	c->h[4] = U64(0x67332667ffc00b31);
326	c->h[5] = U64(0x8eb44a8768581511);
327	c->h[6] = U64(0xdb0c2e0d64f98fa7);
328	c->h[7] = U64(0x47b5481dbefa4fa4);
329
330	c->md_len = SHA384_DIGEST_LENGTH;
331
332	return 1;
333	}
334	LCRYPTO_ALIAS(SHA384_Init);
335
336	int
337	SHA384_Update(SHA512_CTX c, const void data, size_t len)
338	{
339	return SHA512_Update(c, data, len);
340	}
341	LCRYPTO_ALIAS(SHA384_Update);
342
343	int
344	SHA384_Final(unsigned char md, SHA512_CTX c)
345	{
346	return SHA512_Final(md, c);
347	}
348	LCRYPTO_ALIAS(SHA384_Final);
349
350	unsigned char *
351	SHA384(const unsigned char d, size_t n, unsigned char md)
352	{
353	SHA512_CTX c;
354
355	SHA384_Init(&c);
356	SHA512_Update(&c, d, n);
357	SHA512_Final(md, &c);
358
359	explicit_bzero(&c, sizeof(c));
360
361	return (md);
362	}
363	LCRYPTO_ALIAS(SHA384);
364
365	int
366	SHA512_Init(SHA512_CTX *c)
367	{
368	memset(c, 0, sizeof(*c));
369
370	c->h[0] = U64(0x6a09e667f3bcc908);
371	c->h[1] = U64(0xbb67ae8584caa73b);
372	c->h[2] = U64(0x3c6ef372fe94f82b);
373	c->h[3] = U64(0xa54ff53a5f1d36f1);
374	c->h[4] = U64(0x510e527fade682d1);
375	c->h[5] = U64(0x9b05688c2b3e6c1f);
376	c->h[6] = U64(0x1f83d9abfb41bd6b);
377	c->h[7] = U64(0x5be0cd19137e2179);
378
379	c->md_len = SHA512_DIGEST_LENGTH;
380
381	return 1;
382	}
383	LCRYPTO_ALIAS(SHA512_Init);
384
385	void
386	SHA512_Transform(SHA512_CTX c, const unsigned char data)
387	{
388	sha512_block_data_order(c, data, 1);
389	}
390	LCRYPTO_ALIAS(SHA512_Transform);
391
392	int
393	SHA512_Update(SHA512_CTX c, const void _data, size_t len)
394	{
395	const unsigned char *data = _data;
396	unsigned char *p = c->u.p;
397	SHA_LONG64 l;
398
399	if (len == 0)
400	return 1;
401
402	l = (c->Nl + (((SHA_LONG64)len) << 3))&U64(0xffffffffffffffff);
403	if (l < c->Nl)
404	c->Nh++;
405	if (sizeof(len) >= 8)
406	c->Nh += (((SHA_LONG64)len) >> 61);
407	c->Nl = l;
408
409	if (c->num != 0) {
410	size_t n = sizeof(c->u) - c->num;
411
412	if (len < n) {
413	memcpy(p + c->num, data, len);
414	c->num += (unsigned int)len;
415	return 1;
416	} else{
417	memcpy(p + c->num, data, n);
418	c->num = 0;
419	len -= n;
420	data += n;
421	sha512_block_data_order(c, p, 1);
422	}
423	}
424
425	if (len >= sizeof(c->u)) {
426	sha512_block_data_order(c, data, len/sizeof(c->u));
427	data += len;
428	len %= sizeof(c->u);
429	data -= len;
430	}
431
432	if (len != 0) {
433	memcpy(p, data, len);
434	c->num = (int)len;
435	}
436
437	return 1;
438	}
439	LCRYPTO_ALIAS(SHA512_Update);
440
441	int
442	SHA512_Final(unsigned char md, SHA512_CTX c)
443	{
444	unsigned char p = (unsigned char )c->u.p;
445	size_t n = c->num;
446
447	p[n]=0x80; /* There always is a room for one */
448	n++;
449	if (n > (sizeof(c->u) - 16)) {
450	memset(p + n, 0, sizeof(c->u) - n);
451	n = 0;
452	sha512_block_data_order(c, p, 1);
453	}
454
455	memset(p + n, 0, sizeof(c->u) - 16 - n);
456	c->u.d[SHA_LBLOCK - 2] = htobe64(c->Nh);
457	c->u.d[SHA_LBLOCK - 1] = htobe64(c->Nl);
458
459	sha512_block_data_order(c, p, 1);
460
461	if (md == NULL)
462	return 0;
463
464	/* Let compiler decide if it's appropriate to unroll... */
465	switch (c->md_len) {
466	case SHA512_224_DIGEST_LENGTH:
467	for (n = 0; n < SHA512_224_DIGEST_LENGTH/8; n++) {
468	crypto_store_htobe64(md, c->h[n]);
469	md += 8;
470	}
471	crypto_store_htobe32(md, c->h[n] >> 32);
472	break;
473	case SHA512_256_DIGEST_LENGTH:
474	for (n = 0; n < SHA512_256_DIGEST_LENGTH/8; n++) {
475	crypto_store_htobe64(md, c->h[n]);
476	md += 8;
477	}
478	break;
479	case SHA384_DIGEST_LENGTH:
480	for (n = 0; n < SHA384_DIGEST_LENGTH/8; n++) {
481	crypto_store_htobe64(md, c->h[n]);
482	md += 8;
483	}
484	break;
485	case SHA512_DIGEST_LENGTH:
486	for (n = 0; n < SHA512_DIGEST_LENGTH/8; n++) {
487	crypto_store_htobe64(md, c->h[n]);
488	md += 8;
489	}
490	break;
491	default:
492	return 0;
493	}
494
495	return 1;
496	}
497	LCRYPTO_ALIAS(SHA512_Final);
498
499	unsigned char *
500	SHA512(const unsigned char d, size_t n, unsigned char md)
501	{
502	SHA512_CTX c;
503
504	SHA512_Init(&c);
505	SHA512_Update(&c, d, n);
506	SHA512_Final(md, &c);
507
508	explicit_bzero(&c, sizeof(c));
509
510	return (md);
511	}
512	LCRYPTO_ALIAS(SHA512);
513
514	int
515	SHA512_224_Init(SHA512_CTX *c)
516	{
517	memset(c, 0, sizeof(*c));
518
519	/* FIPS 180-4 section 5.3.6.1. */
520	c->h[0] = U64(0x8c3d37c819544da2);
521	c->h[1] = U64(0x73e1996689dcd4d6);
522	c->h[2] = U64(0x1dfab7ae32ff9c82);
523	c->h[3] = U64(0x679dd514582f9fcf);
524	c->h[4] = U64(0x0f6d2b697bd44da8);
525	c->h[5] = U64(0x77e36f7304c48942);
526	c->h[6] = U64(0x3f9d85a86a1d36c8);
527	c->h[7] = U64(0x1112e6ad91d692a1);
528
529	c->md_len = SHA512_224_DIGEST_LENGTH;
530
531	return 1;
532	}
533
534	int
535	SHA512_224_Update(SHA512_CTX c, const void data, size_t len)
536	{
537	return SHA512_Update(c, data, len);
538	}
539
540	int
541	SHA512_224_Final(unsigned char md, SHA512_CTX c)
542	{
543	return SHA512_Final(md, c);
544	}
545
546	int
547	SHA512_256_Init(SHA512_CTX *c)
548	{
549	memset(c, 0, sizeof(*c));
550
551	/* FIPS 180-4 section 5.3.6.2. */
552	c->h[0] = U64(0x22312194fc2bf72c);
553	c->h[1] = U64(0x9f555fa3c84c64c2);
554	c->h[2] = U64(0x2393b86b6f53b151);
555	c->h[3] = U64(0x963877195940eabd);
556	c->h[4] = U64(0x96283ee2a88effe3);
557	c->h[5] = U64(0xbe5e1e2553863992);
558	c->h[6] = U64(0x2b0199fc2c85b8aa);
559	c->h[7] = U64(0x0eb72ddc81c52ca2);
560
561	c->md_len = SHA512_256_DIGEST_LENGTH;
562
563	return 1;
564	}
565
566	int
567	SHA512_256_Update(SHA512_CTX c, const void data, size_t len)
568	{
569	return SHA512_Update(c, data, len);
570	}
571
572	int
573	SHA512_256_Final(unsigned char md, SHA512_CTX c)
574	{
575	return SHA512_Final(md, c);
576	}
577
578	#endif /* !OPENSSL_NO_SHA512 */