1 files changed, 252 insertions, 164 deletions
diff --git a/src/lib/libcrypto/sha/sha1.c b/src/lib/libcrypto/sha/sha1.c
index 8bcc5e0431..32007d5d52 100644
--- a/src/lib/libcrypto/sha/sha1.c
+++ b/src/lib/libcrypto/sha/sha1.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sha1.c,v 1.13 2024/03/26 12:54:22 jsing Exp $ */
+/* $OpenBSD: sha1.c,v 1.14 2024/03/28 07:06:12 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -71,92 +71,114 @@
 /* Ensure that SHA_LONG and uint32_t are equivalent sizes. */
 CTASSERT(sizeof(SHA_LONG) == sizeof(uint32_t));
-#define DATA_ORDER_IS_BIG_ENDIAN
+#ifdef SHA1_ASM
+void sha1_block_data_order(SHA_CTX *ctx, const void *p, size_t num);
+#endif
-#define HASH_LONG               SHA_LONG
+#ifndef SHA1_ASM
-#define HASH_CTX                SHA_CTX
+static inline SHA_LONG
-#define HASH_CBLOCK             SHA_CBLOCK
+Ch(SHA_LONG x, SHA_LONG y, SHA_LONG z)
+{
+        return (x & y) ^ (~x & z);
+}
-#define HASH_BLOCK_DATA_ORDER           sha1_block_data_order
+static inline SHA_LONG
-#define Xupdate(a, ix, ia, ib, ic, id)  ( (a)=(ia^ib^ic^id),    \
+Parity(SHA_LONG x, SHA_LONG y, SHA_LONG z)
-                                          ix=(a)=ROTATE((a),1)  \
+{
-                                        )
+        return x ^ y ^ z;
+}
-#ifndef SHA1_ASM
+static inline SHA_LONG
-static
+Maj(SHA_LONG x, SHA_LONG y, SHA_LONG z)
-#endif
+{
-void sha1_block_data_order(SHA_CTX *c, const void *p, size_t num);
+        return (x & y) ^ (x & z) ^ (y & z);
+}
+static inline void
+sha1_msg_schedule_update(SHA_LONG *W0, SHA_LONG W2, SHA_LONG W8, SHA_LONG W13)
+{
+        *W0 = crypto_rol_u32(W13 ^ W8 ^ W2 ^ *W0, 1);
+}
-#define HASH_NO_UPDATE
+static inline void
-#define HASH_NO_TRANSFORM
+sha1_round1(SHA_LONG *a, SHA_LONG *b, SHA_LONG *c, SHA_LONG *d, SHA_LONG *e,
-#define HASH_NO_FINAL
+    SHA_LONG Wt)
+{
+        SHA_LONG Kt, T;
-#include "md32_common.h"
+        Kt = 0x5a827999UL;
+        T = crypto_rol_u32(*a, 5) + Ch(*b, *c, *d) + *e + Kt + Wt;
-#define K_00_19 0x5a827999UL
+        *e = *d;
-#define K_20_39 0x6ed9eba1UL
+        *d = *c;
-#define K_40_59 0x8f1bbcdcUL
+        *c = crypto_rol_u32(*b, 30);
-#define K_60_79 0xca62c1d6UL
+        *b = *a;
+        *a = T;
+}
+static inline void
+sha1_round2(SHA_LONG *a, SHA_LONG *b, SHA_LONG *c, SHA_LONG *d, SHA_LONG *e,
+    SHA_LONG Wt)
+{
+        SHA_LONG Kt, T;
+        Kt = 0x6ed9eba1UL;
+        T = crypto_rol_u32(*a, 5) + Parity(*b, *c, *d) + *e + Kt + Wt;
+        *e = *d;
+        *d = *c;
+        *c = crypto_rol_u32(*b, 30);
+        *b = *a;
+        *a = T;
+}
+static inline void
+sha1_round3(SHA_LONG *a, SHA_LONG *b, SHA_LONG *c, SHA_LONG *d, SHA_LONG *e,
+    SHA_LONG Wt)
+{
+        SHA_LONG Kt, T;
+        Kt = 0x8f1bbcdcUL;
+        T = crypto_rol_u32(*a, 5) + Maj(*b, *c, *d) + *e + Kt + Wt;
+        *e = *d;
+        *d = *c;
+        *c = crypto_rol_u32(*b, 30);
+        *b = *a;
+        *a = T;
+}
+static inline void
+sha1_round4(SHA_LONG *a, SHA_LONG *b, SHA_LONG *c, SHA_LONG *d, SHA_LONG *e,
+    SHA_LONG Wt)
+{
+        SHA_LONG Kt, T;
+        Kt = 0xca62c1d6UL;
+        T = crypto_rol_u32(*a, 5) + Parity(*b, *c, *d) + *e + Kt + Wt;
+        *e = *d;
+        *d = *c;
+        *c = crypto_rol_u32(*b, 30);
+        *b = *a;
+        *a = T;
+}
-/* As  pointed out by Wei Dai <weidai@eskimo.com>, F() below can be
- * simplified to the code in F_00_19.  Wei attributes these optimisations
- * to Peter Gutmann's SHS code, and he attributes it to Rich Schroeppel.
- * #define F(x,y,z) (((x) & (y))  |  ((~(x)) & (z)))
- * I've just become aware of another tweak to be made, again from Wei Dai,
- * in F_40_59, (x&a)|(y&a) -> (x|y)&a
- */
-#define F_00_19(b, c, d)        ((((c) ^ (d)) & (b)) ^ (d))
-#define F_20_39(b, c, d)        ((b) ^ (c) ^ (d))
-#define F_40_59(b, c, d)        (((b) & (c)) | (((b)|(c)) & (d)))
-#define F_60_79(b, c, d)        F_20_39(b, c, d)
-#define BODY_00_15(i, a, b, c, d, e, f, xi) \
-        (f)=xi+(e)+K_00_19+ROTATE((a),5)+F_00_19((b),(c),(d)); \
-        (b)=ROTATE((b),30);
-#define BODY_16_19(i, a, b, c, d, e, f, xi, xa, xb, xc, xd) \
-        Xupdate(f, xi, xa, xb, xc, xd); \
-        (f)+=(e)+K_00_19+ROTATE((a),5)+F_00_19((b),(c),(d)); \
-        (b)=ROTATE((b),30);
-#define BODY_20_31(i, a, b, c, d, e, f, xi, xa, xb, xc, xd) \
-        Xupdate(f, xi, xa, xb, xc, xd); \
-        (f)+=(e)+K_20_39+ROTATE((a),5)+F_20_39((b),(c),(d)); \
-        (b)=ROTATE((b),30);
-#define BODY_32_39(i, a, b, c, d, e, f, xa, xb, xc, xd) \
-        Xupdate(f, xa, xa, xb, xc, xd); \
-        (f)+=(e)+K_20_39+ROTATE((a),5)+F_20_39((b),(c),(d)); \
-        (b)=ROTATE((b),30);
-#define BODY_40_59(i, a, b, c, d, e, f, xa, xb, xc, xd) \
-        Xupdate(f, xa, xa, xb, xc, xd); \
-        (f)+=(e)+K_40_59+ROTATE((a),5)+F_40_59((b),(c),(d)); \
-        (b)=ROTATE((b),30);
-#define BODY_60_79(i, a, b, c, d, e, f, xa, xb, xc, xd) \
-        Xupdate(f, xa, xa, xb, xc, xd); \
-        (f)=xa+(e)+K_60_79+ROTATE((a),5)+F_60_79((b),(c),(d)); \
-        (b)=ROTATE((b),30);
-#if !defined(SHA1_ASM)
-#include <endian.h>
 static void
-sha1_block_data_order(SHA_CTX *c, const void *_in, size_t num)
+sha1_block_data_order(SHA_CTX *ctx, const void *_in, size_t num)
 {
        const uint8_t *in = _in;
        const SHA_LONG *in32;
-        unsigned int A, B, C, D, E, T;
+        unsigned int a, b, c, d, e;
        unsigned int X0, X1, X2, X3, X4, X5, X6, X7,
            X8, X9, X10, X11, X12, X13, X14, X15;
        while (num--) {
-                A = c->h0;
+                a = ctx->h0;
-                B = c->h1;
+                b = ctx->h1;
-                C = c->h2;
+                c = ctx->h2;
-                D = c->h3;
+                d = ctx->h3;
-                E = c->h4;
+                e = ctx->h4;
                if ((size_t)in % 4 == 0) {
                        /* Input is 32 bit aligned. */
@@ -198,102 +220,168 @@ sha1_block_data_order(SHA_CTX *c, const void *_in, size_t num)
                }
                in += SHA_CBLOCK;
-                BODY_00_15( 0, A, B, C, D, E, T, X0);
+                sha1_round1(&a, &b, &c, &d, &e, X0);
-                BODY_00_15( 1, T, A, B, C, D, E, X1);
+                sha1_round1(&a, &b, &c, &d, &e, X1);
-                BODY_00_15( 2, E, T, A, B, C, D, X2);
+                sha1_round1(&a, &b, &c, &d, &e, X2);
-                BODY_00_15( 3, D, E, T, A, B, C, X3);
+                sha1_round1(&a, &b, &c, &d, &e, X3);
-                BODY_00_15( 4, C, D, E, T, A, B, X4);
+                sha1_round1(&a, &b, &c, &d, &e, X4);
-                BODY_00_15( 5, B, C, D, E, T, A, X5);
+                sha1_round1(&a, &b, &c, &d, &e, X5);
-                BODY_00_15( 6, A, B, C, D, E, T, X6);
+                sha1_round1(&a, &b, &c, &d, &e, X6);
-                BODY_00_15( 7, T, A, B, C, D, E, X7);
+                sha1_round1(&a, &b, &c, &d, &e, X7);
-                BODY_00_15( 8, E, T, A, B, C, D, X8);
+                sha1_round1(&a, &b, &c, &d, &e, X8);
-                BODY_00_15( 9, D, E, T, A, B, C, X9);
+                sha1_round1(&a, &b, &c, &d, &e, X9);
-                BODY_00_15(10, C, D, E, T, A, B, X10);
+                sha1_round1(&a, &b, &c, &d, &e, X10);
-                BODY_00_15(11, B, C, D, E, T, A, X11);
+                sha1_round1(&a, &b, &c, &d, &e, X11);
-                BODY_00_15(12, A, B, C, D, E, T, X12);
+                sha1_round1(&a, &b, &c, &d, &e, X12);
-                BODY_00_15(13, T, A, B, C, D, E, X13);
+                sha1_round1(&a, &b, &c, &d, &e, X13);
-                BODY_00_15(14, E, T, A, B, C, D, X14);
+                sha1_round1(&a, &b, &c, &d, &e, X14);
-                BODY_00_15(15, D, E, T, A, B, C, X15);
+                sha1_round1(&a, &b, &c, &d, &e, X15);
-                BODY_16_19(16, C, D, E, T, A, B, X0, X0, X2, X8, X13);
+                sha1_msg_schedule_update(&X0, X2, X8, X13);
-                BODY_16_19(17, B, C, D, E, T, A, X1, X1, X3, X9, X14);
+                sha1_msg_schedule_update(&X1, X3, X9, X14);
-                BODY_16_19(18, A, B, C, D, E, T, X2, X2, X4, X10, X15);
+                sha1_msg_schedule_update(&X2, X4, X10, X15);
-                BODY_16_19(19, T, A, B, C, D, E, X3, X3, X5, X11, X0);
+                sha1_msg_schedule_update(&X3, X5, X11, X0);
+                sha1_msg_schedule_update(&X4, X6, X12, X1);
-                BODY_20_31(20, E, T, A, B, C, D, X4, X4, X6, X12, X1);
+                sha1_msg_schedule_update(&X5, X7, X13, X2);
-                BODY_20_31(21, D, E, T, A, B, C, X5, X5, X7, X13, X2);
+                sha1_msg_schedule_update(&X6, X8, X14, X3);
-                BODY_20_31(22, C, D, E, T, A, B, X6, X6, X8, X14, X3);
+                sha1_msg_schedule_update(&X7, X9, X15, X4);
-                BODY_20_31(23, B, C, D, E, T, A, X7, X7, X9, X15, X4);
+                sha1_msg_schedule_update(&X8, X10, X0, X5);
-                BODY_20_31(24, A, B, C, D, E, T, X8, X8, X10, X0, X5);
+                sha1_msg_schedule_update(&X9, X11, X1, X6);
-                BODY_20_31(25, T, A, B, C, D, E, X9, X9, X11, X1, X6);
+                sha1_msg_schedule_update(&X10, X12, X2, X7);
-                BODY_20_31(26, E, T, A, B, C, D, X10, X10, X12, X2, X7);
+                sha1_msg_schedule_update(&X11, X13, X3, X8);
-                BODY_20_31(27, D, E, T, A, B, C, X11, X11, X13, X3, X8);
+                sha1_msg_schedule_update(&X12, X14, X4, X9);
-                BODY_20_31(28, C, D, E, T, A, B, X12, X12, X14, X4, X9);
+                sha1_msg_schedule_update(&X13, X15, X5, X10);
-                BODY_20_31(29, B, C, D, E, T, A, X13, X13, X15, X5, X10);
+                sha1_msg_schedule_update(&X14, X0, X6, X11);
-                BODY_20_31(30, A, B, C, D, E, T, X14, X14, X0, X6, X11);
+                sha1_msg_schedule_update(&X15, X1, X7, X12);
-                BODY_20_31(31, T, A, B, C, D, E, X15, X15, X1, X7, X12);
+                sha1_round1(&a, &b, &c, &d, &e, X0);
-                BODY_32_39(32, E, T, A, B, C, D, X0, X2, X8, X13);
+                sha1_round1(&a, &b, &c, &d, &e, X1);
-                BODY_32_39(33, D, E, T, A, B, C, X1, X3, X9, X14);
+                sha1_round1(&a, &b, &c, &d, &e, X2);
-                BODY_32_39(34, C, D, E, T, A, B, X2, X4, X10, X15);
+                sha1_round1(&a, &b, &c, &d, &e, X3);
-                BODY_32_39(35, B, C, D, E, T, A, X3, X5, X11, X0);
+                sha1_round2(&a, &b, &c, &d, &e, X4);
-                BODY_32_39(36, A, B, C, D, E, T, X4, X6, X12, X1);
+                sha1_round2(&a, &b, &c, &d, &e, X5);
-                BODY_32_39(37, T, A, B, C, D, E, X5, X7, X13, X2);
+                sha1_round2(&a, &b, &c, &d, &e, X6);
-                BODY_32_39(38, E, T, A, B, C, D, X6, X8, X14, X3);
+                sha1_round2(&a, &b, &c, &d, &e, X7);
-                BODY_32_39(39, D, E, T, A, B, C, X7, X9, X15, X4);
+                sha1_round2(&a, &b, &c, &d, &e, X8);
+                sha1_round2(&a, &b, &c, &d, &e, X9);
-                BODY_40_59(40, C, D, E, T, A, B, X8, X10, X0, X5);
+                sha1_round2(&a, &b, &c, &d, &e, X10);
-                BODY_40_59(41, B, C, D, E, T, A, X9, X11, X1, X6);
+                sha1_round2(&a, &b, &c, &d, &e, X11);
-                BODY_40_59(42, A, B, C, D, E, T, X10, X12, X2, X7);
+                sha1_round2(&a, &b, &c, &d, &e, X12);
-                BODY_40_59(43, T, A, B, C, D, E, X11, X13, X3, X8);
+                sha1_round2(&a, &b, &c, &d, &e, X13);
-                BODY_40_59(44, E, T, A, B, C, D, X12, X14, X4, X9);
+                sha1_round2(&a, &b, &c, &d, &e, X14);
-                BODY_40_59(45, D, E, T, A, B, C, X13, X15, X5, X10);
+                sha1_round2(&a, &b, &c, &d, &e, X15);
-                BODY_40_59(46, C, D, E, T, A, B, X14, X0, X6, X11);
-                BODY_40_59(47, B, C, D, E, T, A, X15, X1, X7, X12);
+                sha1_msg_schedule_update(&X0, X2, X8, X13);
-                BODY_40_59(48, A, B, C, D, E, T, X0, X2, X8, X13);
+                sha1_msg_schedule_update(&X1, X3, X9, X14);
-                BODY_40_59(49, T, A, B, C, D, E, X1, X3, X9, X14);
+                sha1_msg_schedule_update(&X2, X4, X10, X15);
-                BODY_40_59(50, E, T, A, B, C, D, X2, X4, X10, X15);
+                sha1_msg_schedule_update(&X3, X5, X11, X0);
-                BODY_40_59(51, D, E, T, A, B, C, X3, X5, X11, X0);
+                sha1_msg_schedule_update(&X4, X6, X12, X1);
-                BODY_40_59(52, C, D, E, T, A, B, X4, X6, X12, X1);
+                sha1_msg_schedule_update(&X5, X7, X13, X2);
-                BODY_40_59(53, B, C, D, E, T, A, X5, X7, X13, X2);
+                sha1_msg_schedule_update(&X6, X8, X14, X3);
-                BODY_40_59(54, A, B, C, D, E, T, X6, X8, X14, X3);
+                sha1_msg_schedule_update(&X7, X9, X15, X4);
-                BODY_40_59(55, T, A, B, C, D, E, X7, X9, X15, X4);
+                sha1_msg_schedule_update(&X8, X10, X0, X5);
-                BODY_40_59(56, E, T, A, B, C, D, X8, X10, X0, X5);
+                sha1_msg_schedule_update(&X9, X11, X1, X6);
-                BODY_40_59(57, D, E, T, A, B, C, X9, X11, X1, X6);
+                sha1_msg_schedule_update(&X10, X12, X2, X7);
-                BODY_40_59(58, C, D, E, T, A, B, X10, X12, X2, X7);
+                sha1_msg_schedule_update(&X11, X13, X3, X8);
-                BODY_40_59(59, B, C, D, E, T, A, X11, X13, X3, X8);
+                sha1_msg_schedule_update(&X12, X14, X4, X9);
+                sha1_msg_schedule_update(&X13, X15, X5, X10);
-                BODY_60_79(60, A, B, C, D, E, T, X12, X14, X4, X9);
+                sha1_msg_schedule_update(&X14, X0, X6, X11);
-                BODY_60_79(61, T, A, B, C, D, E, X13, X15, X5, X10);
+                sha1_msg_schedule_update(&X15, X1, X7, X12);
-                BODY_60_79(62, E, T, A, B, C, D, X14, X0, X6, X11);
-                BODY_60_79(63, D, E, T, A, B, C, X15, X1, X7, X12);
+                sha1_round2(&a, &b, &c, &d, &e, X0);
-                BODY_60_79(64, C, D, E, T, A, B, X0, X2, X8, X13);
+                sha1_round2(&a, &b, &c, &d, &e, X1);
-                BODY_60_79(65, B, C, D, E, T, A, X1, X3, X9, X14);
+                sha1_round2(&a, &b, &c, &d, &e, X2);
-                BODY_60_79(66, A, B, C, D, E, T, X2, X4, X10, X15);
+                sha1_round2(&a, &b, &c, &d, &e, X3);
-                BODY_60_79(67, T, A, B, C, D, E, X3, X5, X11, X0);
+                sha1_round2(&a, &b, &c, &d, &e, X4);
-                BODY_60_79(68, E, T, A, B, C, D, X4, X6, X12, X1);
+                sha1_round2(&a, &b, &c, &d, &e, X5);
-                BODY_60_79(69, D, E, T, A, B, C, X5, X7, X13, X2);
+                sha1_round2(&a, &b, &c, &d, &e, X6);
-                BODY_60_79(70, C, D, E, T, A, B, X6, X8, X14, X3);
+                sha1_round2(&a, &b, &c, &d, &e, X7);
-                BODY_60_79(71, B, C, D, E, T, A, X7, X9, X15, X4);
+                sha1_round3(&a, &b, &c, &d, &e, X8);
-                BODY_60_79(72, A, B, C, D, E, T, X8, X10, X0, X5);
+                sha1_round3(&a, &b, &c, &d, &e, X9);
-                BODY_60_79(73, T, A, B, C, D, E, X9, X11, X1, X6);
+                sha1_round3(&a, &b, &c, &d, &e, X10);
-                BODY_60_79(74, E, T, A, B, C, D, X10, X12, X2, X7);
+                sha1_round3(&a, &b, &c, &d, &e, X11);
-                BODY_60_79(75, D, E, T, A, B, C, X11, X13, X3, X8);
+                sha1_round3(&a, &b, &c, &d, &e, X12);
-                BODY_60_79(76, C, D, E, T, A, B, X12, X14, X4, X9);
+                sha1_round3(&a, &b, &c, &d, &e, X13);
-                BODY_60_79(77, B, C, D, E, T, A, X13, X15, X5, X10);
+                sha1_round3(&a, &b, &c, &d, &e, X14);
-                BODY_60_79(78, A, B, C, D, E, T, X14, X0, X6, X11);
+                sha1_round3(&a, &b, &c, &d, &e, X15);
-                BODY_60_79(79, T, A, B, C, D, E, X15, X1, X7, X12);
+                sha1_msg_schedule_update(&X0, X2, X8, X13);
-                c->h0 = (c->h0 + E)&0xffffffffL;
+                sha1_msg_schedule_update(&X1, X3, X9, X14);
-                c->h1 = (c->h1 + T)&0xffffffffL;
+                sha1_msg_schedule_update(&X2, X4, X10, X15);
-                c->h2 = (c->h2 + A)&0xffffffffL;
+                sha1_msg_schedule_update(&X3, X5, X11, X0);
-                c->h3 = (c->h3 + B)&0xffffffffL;
+                sha1_msg_schedule_update(&X4, X6, X12, X1);
-                c->h4 = (c->h4 + C)&0xffffffffL;
+                sha1_msg_schedule_update(&X5, X7, X13, X2);
+                sha1_msg_schedule_update(&X6, X8, X14, X3);
+                sha1_msg_schedule_update(&X7, X9, X15, X4);
+                sha1_msg_schedule_update(&X8, X10, X0, X5);
+                sha1_msg_schedule_update(&X9, X11, X1, X6);
+                sha1_msg_schedule_update(&X10, X12, X2, X7);
+                sha1_msg_schedule_update(&X11, X13, X3, X8);
+                sha1_msg_schedule_update(&X12, X14, X4, X9);
+                sha1_msg_schedule_update(&X13, X15, X5, X10);
+                sha1_msg_schedule_update(&X14, X0, X6, X11);
+                sha1_msg_schedule_update(&X15, X1, X7, X12);
+                sha1_round3(&a, &b, &c, &d, &e, X0);
+                sha1_round3(&a, &b, &c, &d, &e, X1);
+                sha1_round3(&a, &b, &c, &d, &e, X2);
+                sha1_round3(&a, &b, &c, &d, &e, X3);
+                sha1_round3(&a, &b, &c, &d, &e, X4);
+                sha1_round3(&a, &b, &c, &d, &e, X5);
+                sha1_round3(&a, &b, &c, &d, &e, X6);
+                sha1_round3(&a, &b, &c, &d, &e, X7);
+                sha1_round3(&a, &b, &c, &d, &e, X8);
+                sha1_round3(&a, &b, &c, &d, &e, X9);
+                sha1_round3(&a, &b, &c, &d, &e, X10);
+                sha1_round3(&a, &b, &c, &d, &e, X11);
+                sha1_round4(&a, &b, &c, &d, &e, X12);
+                sha1_round4(&a, &b, &c, &d, &e, X13);
+                sha1_round4(&a, &b, &c, &d, &e, X14);
+                sha1_round4(&a, &b, &c, &d, &e, X15);
+                sha1_msg_schedule_update(&X0, X2, X8, X13);
+                sha1_msg_schedule_update(&X1, X3, X9, X14);
+                sha1_msg_schedule_update(&X2, X4, X10, X15);
+                sha1_msg_schedule_update(&X3, X5, X11, X0);
+                sha1_msg_schedule_update(&X4, X6, X12, X1);
+                sha1_msg_schedule_update(&X5, X7, X13, X2);
+                sha1_msg_schedule_update(&X6, X8, X14, X3);
+                sha1_msg_schedule_update(&X7, X9, X15, X4);
+                sha1_msg_schedule_update(&X8, X10, X0, X5);
+                sha1_msg_schedule_update(&X9, X11, X1, X6);
+                sha1_msg_schedule_update(&X10, X12, X2, X7);
+                sha1_msg_schedule_update(&X11, X13, X3, X8);
+                sha1_msg_schedule_update(&X12, X14, X4, X9);
+                sha1_msg_schedule_update(&X13, X15, X5, X10);
+                sha1_msg_schedule_update(&X14, X0, X6, X11);
+                sha1_msg_schedule_update(&X15, X1, X7, X12);
+                sha1_round4(&a, &b, &c, &d, &e, X0);
+                sha1_round4(&a, &b, &c, &d, &e, X1);
+                sha1_round4(&a, &b, &c, &d, &e, X2);
+                sha1_round4(&a, &b, &c, &d, &e, X3);
+                sha1_round4(&a, &b, &c, &d, &e, X4);
+                sha1_round4(&a, &b, &c, &d, &e, X5);
+                sha1_round4(&a, &b, &c, &d, &e, X6);
+                sha1_round4(&a, &b, &c, &d, &e, X7);
+                sha1_round4(&a, &b, &c, &d, &e, X8);
+                sha1_round4(&a, &b, &c, &d, &e, X9);
+                sha1_round4(&a, &b, &c, &d, &e, X10);
+                sha1_round4(&a, &b, &c, &d, &e, X11);
+                sha1_round4(&a, &b, &c, &d, &e, X12);
+                sha1_round4(&a, &b, &c, &d, &e, X13);
+                sha1_round4(&a, &b, &c, &d, &e, X14);
+                sha1_round4(&a, &b, &c, &d, &e, X15);
+                ctx->h0 += a;
+                ctx->h1 += b;
+                ctx->h2 += c;
+                ctx->h3 += d;
+                ctx->h4 += e;
        }
 }
 #endif
 int
 SHA1_Init(SHA_CTX *c)
 {

diff --git a/src/lib/libcrypto/sha/sha1.c b/src/lib/libcrypto/sha/sha1.c index 8bcc5e0431..32007d5d52 100644 --- a/src/lib/libcrypto/sha/sha1.c +++ b/src/lib/libcrypto/sha/sha1.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: sha1.c,v 1.13 2024/03/26 12:54:22 jsing Exp $ */	1	/* $OpenBSD: sha1.c,v 1.14 2024/03/28 07:06:12 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -71,92 +71,114 @@
71	/* Ensure that SHA_LONG and uint32_t are equivalent sizes. */	71	/* Ensure that SHA_LONG and uint32_t are equivalent sizes. */
72	CTASSERT(sizeof(SHA_LONG) == sizeof(uint32_t));	72	CTASSERT(sizeof(SHA_LONG) == sizeof(uint32_t));
73		73
74	#define DATA_ORDER_IS_BIG_ENDIAN	74	#ifdef SHA1_ASM
		75	void sha1_block_data_order(SHA_CTX ctx, const void p, size_t num);
		76	#endif
75		77
76	#define HASH_LONG SHA_LONG	78	#ifndef SHA1_ASM
77	#define HASH_CTX SHA_CTX	79	static inline SHA_LONG
78	#define HASH_CBLOCK SHA_CBLOCK	80	Ch(SHA_LONG x, SHA_LONG y, SHA_LONG z)
		81	{
		82	return (x & y) ^ (~x & z);
		83	}
79		84
80	#define HASH_BLOCK_DATA_ORDER sha1_block_data_order	85	static inline SHA_LONG
81	#define Xupdate(a, ix, ia, ib, ic, id) ( (a)=(ia^ib^ic^id), \	86	Parity(SHA_LONG x, SHA_LONG y, SHA_LONG z)
82	ix=(a)=ROTATE((a),1) \	87	{
83	)	88	return x ^ y ^ z;
		89	}
84		90
85	#ifndef SHA1_ASM	91	static inline SHA_LONG
86	static	92	Maj(SHA_LONG x, SHA_LONG y, SHA_LONG z)
87	#endif	93	{
88	void sha1_block_data_order(SHA_CTX c, const void p, size_t num);	94	return (x & y) ^ (x & z) ^ (y & z);
		95	}
		96
		97	static inline void
		98	sha1_msg_schedule_update(SHA_LONG *W0, SHA_LONG W2, SHA_LONG W8, SHA_LONG W13)
		99	{
		100	W0 = crypto_rol_u32(W13 ^ W8 ^ W2 ^ W0, 1);
		101	}
89		102
90	#define HASH_NO_UPDATE	103	static inline void
91	#define HASH_NO_TRANSFORM	104	sha1_round1(SHA_LONG a, SHA_LONG b, SHA_LONG c, SHA_LONG d, SHA_LONG *e,
92	#define HASH_NO_FINAL	105	SHA_LONG Wt)
		106	{
		107	SHA_LONG Kt, T;
93		108
94	#include "md32_common.h"	109	Kt = 0x5a827999UL;
		110	T = crypto_rol_u32(a, 5) + Ch(b, c, d) + *e + Kt + Wt;
95		111
96	#define K_00_19 0x5a827999UL	112	e = d;
97	#define K_20_39 0x6ed9eba1UL	113	d = c;
98	#define K_40_59 0x8f1bbcdcUL	114	c = crypto_rol_u32(b, 30);
99	#define K_60_79 0xca62c1d6UL	115	b = a;
		116	*a = T;
		117	}
		118
		119	static inline void
		120	sha1_round2(SHA_LONG a, SHA_LONG b, SHA_LONG c, SHA_LONG d, SHA_LONG *e,
		121	SHA_LONG Wt)
		122	{
		123	SHA_LONG Kt, T;
		124
		125	Kt = 0x6ed9eba1UL;
		126	T = crypto_rol_u32(a, 5) + Parity(b, c, d) + *e + Kt + Wt;
		127
		128	e = d;
		129	d = c;
		130	c = crypto_rol_u32(b, 30);
		131	b = a;
		132	*a = T;
		133	}
		134
		135	static inline void
		136	sha1_round3(SHA_LONG a, SHA_LONG b, SHA_LONG c, SHA_LONG d, SHA_LONG *e,
		137	SHA_LONG Wt)
		138	{
		139	SHA_LONG Kt, T;
		140
		141	Kt = 0x8f1bbcdcUL;
		142	T = crypto_rol_u32(a, 5) + Maj(b, c, d) + *e + Kt + Wt;
		143
		144	e = d;
		145	d = c;
		146	c = crypto_rol_u32(b, 30);
		147	b = a;
		148	*a = T;
		149	}
		150
		151	static inline void
		152	sha1_round4(SHA_LONG a, SHA_LONG b, SHA_LONG c, SHA_LONG d, SHA_LONG *e,
		153	SHA_LONG Wt)
		154	{
		155	SHA_LONG Kt, T;
		156
		157	Kt = 0xca62c1d6UL;
		158	T = crypto_rol_u32(a, 5) + Parity(b, c, d) + *e + Kt + Wt;
		159
		160	e = d;
		161	d = c;
		162	c = crypto_rol_u32(b, 30);
		163	b = a;
		164	*a = T;
		165	}
100		166
101	/* As pointed out by Wei Dai <weidai@eskimo.com>, F() below can be
102	* simplified to the code in F_00_19. Wei attributes these optimisations
103	* to Peter Gutmann's SHS code, and he attributes it to Rich Schroeppel.
104	* #define F(x,y,z) (((x) & (y)) \| ((~(x)) & (z)))
105	* I've just become aware of another tweak to be made, again from Wei Dai,
106	* in F_40_59, (x&a)\|(y&a) -> (x\|y)&a
107	*/
108	#define F_00_19(b, c, d) ((((c) ^ (d)) & (b)) ^ (d))
109	#define F_20_39(b, c, d) ((b) ^ (c) ^ (d))
110	#define F_40_59(b, c, d) (((b) & (c)) \| (((b)\|(c)) & (d)))
111	#define F_60_79(b, c, d) F_20_39(b, c, d)
112
113
114	#define BODY_00_15(i, a, b, c, d, e, f, xi) \
115	(f)=xi+(e)+K_00_19+ROTATE((a),5)+F_00_19((b),(c),(d)); \
116	(b)=ROTATE((b),30);
117
118	#define BODY_16_19(i, a, b, c, d, e, f, xi, xa, xb, xc, xd) \
119	Xupdate(f, xi, xa, xb, xc, xd); \
120	(f)+=(e)+K_00_19+ROTATE((a),5)+F_00_19((b),(c),(d)); \
121	(b)=ROTATE((b),30);
122
123	#define BODY_20_31(i, a, b, c, d, e, f, xi, xa, xb, xc, xd) \
124	Xupdate(f, xi, xa, xb, xc, xd); \
125	(f)+=(e)+K_20_39+ROTATE((a),5)+F_20_39((b),(c),(d)); \
126	(b)=ROTATE((b),30);
127
128	#define BODY_32_39(i, a, b, c, d, e, f, xa, xb, xc, xd) \
129	Xupdate(f, xa, xa, xb, xc, xd); \
130	(f)+=(e)+K_20_39+ROTATE((a),5)+F_20_39((b),(c),(d)); \
131	(b)=ROTATE((b),30);
132
133	#define BODY_40_59(i, a, b, c, d, e, f, xa, xb, xc, xd) \
134	Xupdate(f, xa, xa, xb, xc, xd); \
135	(f)+=(e)+K_40_59+ROTATE((a),5)+F_40_59((b),(c),(d)); \
136	(b)=ROTATE((b),30);
137
138	#define BODY_60_79(i, a, b, c, d, e, f, xa, xb, xc, xd) \
139	Xupdate(f, xa, xa, xb, xc, xd); \
140	(f)=xa+(e)+K_60_79+ROTATE((a),5)+F_60_79((b),(c),(d)); \
141	(b)=ROTATE((b),30);
142
143	#if !defined(SHA1_ASM)
144	#include <endian.h>
145	static void	167	static void
146	sha1_block_data_order(SHA_CTX c, const void _in, size_t num)	168	sha1_block_data_order(SHA_CTX ctx, const void _in, size_t num)
147	{	169	{
148	const uint8_t *in = _in;	170	const uint8_t *in = _in;
149	const SHA_LONG *in32;	171	const SHA_LONG *in32;
150	unsigned int A, B, C, D, E, T;	172	unsigned int a, b, c, d, e;
151	unsigned int X0, X1, X2, X3, X4, X5, X6, X7,	173	unsigned int X0, X1, X2, X3, X4, X5, X6, X7,
152	X8, X9, X10, X11, X12, X13, X14, X15;	174	X8, X9, X10, X11, X12, X13, X14, X15;
153		175
154	while (num--) {	176	while (num--) {
155	A = c->h0;	177	a = ctx->h0;
156	B = c->h1;	178	b = ctx->h1;
157	C = c->h2;	179	c = ctx->h2;
158	D = c->h3;	180	d = ctx->h3;
159	E = c->h4;	181	e = ctx->h4;
160		182
161	if ((size_t)in % 4 == 0) {	183	if ((size_t)in % 4 == 0) {
162	/* Input is 32 bit aligned. */	184	/* Input is 32 bit aligned. */
@@ -198,102 +220,168 @@ sha1_block_data_order(SHA_CTX c, const void _in, size_t num)
198	}	220	}
199	in += SHA_CBLOCK;	221	in += SHA_CBLOCK;
200		222
201	BODY_00_15( 0, A, B, C, D, E, T, X0);	223	sha1_round1(&a, &b, &c, &d, &e, X0);
202	BODY_00_15( 1, T, A, B, C, D, E, X1);	224	sha1_round1(&a, &b, &c, &d, &e, X1);
203	BODY_00_15( 2, E, T, A, B, C, D, X2);	225	sha1_round1(&a, &b, &c, &d, &e, X2);
204	BODY_00_15( 3, D, E, T, A, B, C, X3);	226	sha1_round1(&a, &b, &c, &d, &e, X3);
205	BODY_00_15( 4, C, D, E, T, A, B, X4);	227	sha1_round1(&a, &b, &c, &d, &e, X4);
206	BODY_00_15( 5, B, C, D, E, T, A, X5);	228	sha1_round1(&a, &b, &c, &d, &e, X5);
207	BODY_00_15( 6, A, B, C, D, E, T, X6);	229	sha1_round1(&a, &b, &c, &d, &e, X6);
208	BODY_00_15( 7, T, A, B, C, D, E, X7);	230	sha1_round1(&a, &b, &c, &d, &e, X7);
209	BODY_00_15( 8, E, T, A, B, C, D, X8);	231	sha1_round1(&a, &b, &c, &d, &e, X8);
210	BODY_00_15( 9, D, E, T, A, B, C, X9);	232	sha1_round1(&a, &b, &c, &d, &e, X9);
211	BODY_00_15(10, C, D, E, T, A, B, X10);	233	sha1_round1(&a, &b, &c, &d, &e, X10);
212	BODY_00_15(11, B, C, D, E, T, A, X11);	234	sha1_round1(&a, &b, &c, &d, &e, X11);
213	BODY_00_15(12, A, B, C, D, E, T, X12);	235	sha1_round1(&a, &b, &c, &d, &e, X12);
214	BODY_00_15(13, T, A, B, C, D, E, X13);	236	sha1_round1(&a, &b, &c, &d, &e, X13);
215	BODY_00_15(14, E, T, A, B, C, D, X14);	237	sha1_round1(&a, &b, &c, &d, &e, X14);
216	BODY_00_15(15, D, E, T, A, B, C, X15);	238	sha1_round1(&a, &b, &c, &d, &e, X15);
217		239
218	BODY_16_19(16, C, D, E, T, A, B, X0, X0, X2, X8, X13);	240	sha1_msg_schedule_update(&X0, X2, X8, X13);
219	BODY_16_19(17, B, C, D, E, T, A, X1, X1, X3, X9, X14);	241	sha1_msg_schedule_update(&X1, X3, X9, X14);
220	BODY_16_19(18, A, B, C, D, E, T, X2, X2, X4, X10, X15);	242	sha1_msg_schedule_update(&X2, X4, X10, X15);
221	BODY_16_19(19, T, A, B, C, D, E, X3, X3, X5, X11, X0);	243	sha1_msg_schedule_update(&X3, X5, X11, X0);
222		244	sha1_msg_schedule_update(&X4, X6, X12, X1);
223	BODY_20_31(20, E, T, A, B, C, D, X4, X4, X6, X12, X1);	245	sha1_msg_schedule_update(&X5, X7, X13, X2);
224	BODY_20_31(21, D, E, T, A, B, C, X5, X5, X7, X13, X2);	246	sha1_msg_schedule_update(&X6, X8, X14, X3);
225	BODY_20_31(22, C, D, E, T, A, B, X6, X6, X8, X14, X3);	247	sha1_msg_schedule_update(&X7, X9, X15, X4);
226	BODY_20_31(23, B, C, D, E, T, A, X7, X7, X9, X15, X4);	248	sha1_msg_schedule_update(&X8, X10, X0, X5);
227	BODY_20_31(24, A, B, C, D, E, T, X8, X8, X10, X0, X5);	249	sha1_msg_schedule_update(&X9, X11, X1, X6);
228	BODY_20_31(25, T, A, B, C, D, E, X9, X9, X11, X1, X6);	250	sha1_msg_schedule_update(&X10, X12, X2, X7);
229	BODY_20_31(26, E, T, A, B, C, D, X10, X10, X12, X2, X7);	251	sha1_msg_schedule_update(&X11, X13, X3, X8);
230	BODY_20_31(27, D, E, T, A, B, C, X11, X11, X13, X3, X8);	252	sha1_msg_schedule_update(&X12, X14, X4, X9);
231	BODY_20_31(28, C, D, E, T, A, B, X12, X12, X14, X4, X9);	253	sha1_msg_schedule_update(&X13, X15, X5, X10);
232	BODY_20_31(29, B, C, D, E, T, A, X13, X13, X15, X5, X10);	254	sha1_msg_schedule_update(&X14, X0, X6, X11);
233	BODY_20_31(30, A, B, C, D, E, T, X14, X14, X0, X6, X11);	255	sha1_msg_schedule_update(&X15, X1, X7, X12);
234	BODY_20_31(31, T, A, B, C, D, E, X15, X15, X1, X7, X12);	256
235		257	sha1_round1(&a, &b, &c, &d, &e, X0);
236	BODY_32_39(32, E, T, A, B, C, D, X0, X2, X8, X13);	258	sha1_round1(&a, &b, &c, &d, &e, X1);
237	BODY_32_39(33, D, E, T, A, B, C, X1, X3, X9, X14);	259	sha1_round1(&a, &b, &c, &d, &e, X2);
238	BODY_32_39(34, C, D, E, T, A, B, X2, X4, X10, X15);	260	sha1_round1(&a, &b, &c, &d, &e, X3);
239	BODY_32_39(35, B, C, D, E, T, A, X3, X5, X11, X0);	261	sha1_round2(&a, &b, &c, &d, &e, X4);
240	BODY_32_39(36, A, B, C, D, E, T, X4, X6, X12, X1);	262	sha1_round2(&a, &b, &c, &d, &e, X5);
241	BODY_32_39(37, T, A, B, C, D, E, X5, X7, X13, X2);	263	sha1_round2(&a, &b, &c, &d, &e, X6);
242	BODY_32_39(38, E, T, A, B, C, D, X6, X8, X14, X3);	264	sha1_round2(&a, &b, &c, &d, &e, X7);
243	BODY_32_39(39, D, E, T, A, B, C, X7, X9, X15, X4);	265	sha1_round2(&a, &b, &c, &d, &e, X8);
244		266	sha1_round2(&a, &b, &c, &d, &e, X9);
245	BODY_40_59(40, C, D, E, T, A, B, X8, X10, X0, X5);	267	sha1_round2(&a, &b, &c, &d, &e, X10);
246	BODY_40_59(41, B, C, D, E, T, A, X9, X11, X1, X6);	268	sha1_round2(&a, &b, &c, &d, &e, X11);
247	BODY_40_59(42, A, B, C, D, E, T, X10, X12, X2, X7);	269	sha1_round2(&a, &b, &c, &d, &e, X12);
248	BODY_40_59(43, T, A, B, C, D, E, X11, X13, X3, X8);	270	sha1_round2(&a, &b, &c, &d, &e, X13);
249	BODY_40_59(44, E, T, A, B, C, D, X12, X14, X4, X9);	271	sha1_round2(&a, &b, &c, &d, &e, X14);
250	BODY_40_59(45, D, E, T, A, B, C, X13, X15, X5, X10);	272	sha1_round2(&a, &b, &c, &d, &e, X15);
251	BODY_40_59(46, C, D, E, T, A, B, X14, X0, X6, X11);	273
252	BODY_40_59(47, B, C, D, E, T, A, X15, X1, X7, X12);	274	sha1_msg_schedule_update(&X0, X2, X8, X13);
253	BODY_40_59(48, A, B, C, D, E, T, X0, X2, X8, X13);	275	sha1_msg_schedule_update(&X1, X3, X9, X14);
254	BODY_40_59(49, T, A, B, C, D, E, X1, X3, X9, X14);	276	sha1_msg_schedule_update(&X2, X4, X10, X15);
255	BODY_40_59(50, E, T, A, B, C, D, X2, X4, X10, X15);	277	sha1_msg_schedule_update(&X3, X5, X11, X0);
256	BODY_40_59(51, D, E, T, A, B, C, X3, X5, X11, X0);	278	sha1_msg_schedule_update(&X4, X6, X12, X1);
257	BODY_40_59(52, C, D, E, T, A, B, X4, X6, X12, X1);	279	sha1_msg_schedule_update(&X5, X7, X13, X2);
258	BODY_40_59(53, B, C, D, E, T, A, X5, X7, X13, X2);	280	sha1_msg_schedule_update(&X6, X8, X14, X3);
259	BODY_40_59(54, A, B, C, D, E, T, X6, X8, X14, X3);	281	sha1_msg_schedule_update(&X7, X9, X15, X4);
260	BODY_40_59(55, T, A, B, C, D, E, X7, X9, X15, X4);	282	sha1_msg_schedule_update(&X8, X10, X0, X5);
261	BODY_40_59(56, E, T, A, B, C, D, X8, X10, X0, X5);	283	sha1_msg_schedule_update(&X9, X11, X1, X6);
262	BODY_40_59(57, D, E, T, A, B, C, X9, X11, X1, X6);	284	sha1_msg_schedule_update(&X10, X12, X2, X7);
263	BODY_40_59(58, C, D, E, T, A, B, X10, X12, X2, X7);	285	sha1_msg_schedule_update(&X11, X13, X3, X8);
264	BODY_40_59(59, B, C, D, E, T, A, X11, X13, X3, X8);	286	sha1_msg_schedule_update(&X12, X14, X4, X9);
265		287	sha1_msg_schedule_update(&X13, X15, X5, X10);
266	BODY_60_79(60, A, B, C, D, E, T, X12, X14, X4, X9);	288	sha1_msg_schedule_update(&X14, X0, X6, X11);
267	BODY_60_79(61, T, A, B, C, D, E, X13, X15, X5, X10);	289	sha1_msg_schedule_update(&X15, X1, X7, X12);
268	BODY_60_79(62, E, T, A, B, C, D, X14, X0, X6, X11);	290
269	BODY_60_79(63, D, E, T, A, B, C, X15, X1, X7, X12);	291	sha1_round2(&a, &b, &c, &d, &e, X0);
270	BODY_60_79(64, C, D, E, T, A, B, X0, X2, X8, X13);	292	sha1_round2(&a, &b, &c, &d, &e, X1);
271	BODY_60_79(65, B, C, D, E, T, A, X1, X3, X9, X14);	293	sha1_round2(&a, &b, &c, &d, &e, X2);
272	BODY_60_79(66, A, B, C, D, E, T, X2, X4, X10, X15);	294	sha1_round2(&a, &b, &c, &d, &e, X3);
273	BODY_60_79(67, T, A, B, C, D, E, X3, X5, X11, X0);	295	sha1_round2(&a, &b, &c, &d, &e, X4);
274	BODY_60_79(68, E, T, A, B, C, D, X4, X6, X12, X1);	296	sha1_round2(&a, &b, &c, &d, &e, X5);
275	BODY_60_79(69, D, E, T, A, B, C, X5, X7, X13, X2);	297	sha1_round2(&a, &b, &c, &d, &e, X6);
276	BODY_60_79(70, C, D, E, T, A, B, X6, X8, X14, X3);	298	sha1_round2(&a, &b, &c, &d, &e, X7);
277	BODY_60_79(71, B, C, D, E, T, A, X7, X9, X15, X4);	299	sha1_round3(&a, &b, &c, &d, &e, X8);
278	BODY_60_79(72, A, B, C, D, E, T, X8, X10, X0, X5);	300	sha1_round3(&a, &b, &c, &d, &e, X9);
279	BODY_60_79(73, T, A, B, C, D, E, X9, X11, X1, X6);	301	sha1_round3(&a, &b, &c, &d, &e, X10);
280	BODY_60_79(74, E, T, A, B, C, D, X10, X12, X2, X7);	302	sha1_round3(&a, &b, &c, &d, &e, X11);
281	BODY_60_79(75, D, E, T, A, B, C, X11, X13, X3, X8);	303	sha1_round3(&a, &b, &c, &d, &e, X12);
282	BODY_60_79(76, C, D, E, T, A, B, X12, X14, X4, X9);	304	sha1_round3(&a, &b, &c, &d, &e, X13);
283	BODY_60_79(77, B, C, D, E, T, A, X13, X15, X5, X10);	305	sha1_round3(&a, &b, &c, &d, &e, X14);
284	BODY_60_79(78, A, B, C, D, E, T, X14, X0, X6, X11);	306	sha1_round3(&a, &b, &c, &d, &e, X15);
285	BODY_60_79(79, T, A, B, C, D, E, X15, X1, X7, X12);	307
286		308	sha1_msg_schedule_update(&X0, X2, X8, X13);
287	c->h0 = (c->h0 + E)&0xffffffffL;	309	sha1_msg_schedule_update(&X1, X3, X9, X14);
288	c->h1 = (c->h1 + T)&0xffffffffL;	310	sha1_msg_schedule_update(&X2, X4, X10, X15);
289	c->h2 = (c->h2 + A)&0xffffffffL;	311	sha1_msg_schedule_update(&X3, X5, X11, X0);
290	c->h3 = (c->h3 + B)&0xffffffffL;	312	sha1_msg_schedule_update(&X4, X6, X12, X1);
291	c->h4 = (c->h4 + C)&0xffffffffL;	313	sha1_msg_schedule_update(&X5, X7, X13, X2);
		314	sha1_msg_schedule_update(&X6, X8, X14, X3);
		315	sha1_msg_schedule_update(&X7, X9, X15, X4);
		316	sha1_msg_schedule_update(&X8, X10, X0, X5);
		317	sha1_msg_schedule_update(&X9, X11, X1, X6);
		318	sha1_msg_schedule_update(&X10, X12, X2, X7);
		319	sha1_msg_schedule_update(&X11, X13, X3, X8);
		320	sha1_msg_schedule_update(&X12, X14, X4, X9);
		321	sha1_msg_schedule_update(&X13, X15, X5, X10);
		322	sha1_msg_schedule_update(&X14, X0, X6, X11);
		323	sha1_msg_schedule_update(&X15, X1, X7, X12);
		324
		325	sha1_round3(&a, &b, &c, &d, &e, X0);
		326	sha1_round3(&a, &b, &c, &d, &e, X1);
		327	sha1_round3(&a, &b, &c, &d, &e, X2);
		328	sha1_round3(&a, &b, &c, &d, &e, X3);
		329	sha1_round3(&a, &b, &c, &d, &e, X4);
		330	sha1_round3(&a, &b, &c, &d, &e, X5);
		331	sha1_round3(&a, &b, &c, &d, &e, X6);
		332	sha1_round3(&a, &b, &c, &d, &e, X7);
		333	sha1_round3(&a, &b, &c, &d, &e, X8);
		334	sha1_round3(&a, &b, &c, &d, &e, X9);
		335	sha1_round3(&a, &b, &c, &d, &e, X10);
		336	sha1_round3(&a, &b, &c, &d, &e, X11);
		337	sha1_round4(&a, &b, &c, &d, &e, X12);
		338	sha1_round4(&a, &b, &c, &d, &e, X13);
		339	sha1_round4(&a, &b, &c, &d, &e, X14);
		340	sha1_round4(&a, &b, &c, &d, &e, X15);
		341
		342	sha1_msg_schedule_update(&X0, X2, X8, X13);
		343	sha1_msg_schedule_update(&X1, X3, X9, X14);
		344	sha1_msg_schedule_update(&X2, X4, X10, X15);
		345	sha1_msg_schedule_update(&X3, X5, X11, X0);
		346	sha1_msg_schedule_update(&X4, X6, X12, X1);
		347	sha1_msg_schedule_update(&X5, X7, X13, X2);
		348	sha1_msg_schedule_update(&X6, X8, X14, X3);
		349	sha1_msg_schedule_update(&X7, X9, X15, X4);
		350	sha1_msg_schedule_update(&X8, X10, X0, X5);
		351	sha1_msg_schedule_update(&X9, X11, X1, X6);
		352	sha1_msg_schedule_update(&X10, X12, X2, X7);
		353	sha1_msg_schedule_update(&X11, X13, X3, X8);
		354	sha1_msg_schedule_update(&X12, X14, X4, X9);
		355	sha1_msg_schedule_update(&X13, X15, X5, X10);
		356	sha1_msg_schedule_update(&X14, X0, X6, X11);
		357	sha1_msg_schedule_update(&X15, X1, X7, X12);
		358
		359	sha1_round4(&a, &b, &c, &d, &e, X0);
		360	sha1_round4(&a, &b, &c, &d, &e, X1);
		361	sha1_round4(&a, &b, &c, &d, &e, X2);
		362	sha1_round4(&a, &b, &c, &d, &e, X3);
		363	sha1_round4(&a, &b, &c, &d, &e, X4);
		364	sha1_round4(&a, &b, &c, &d, &e, X5);
		365	sha1_round4(&a, &b, &c, &d, &e, X6);
		366	sha1_round4(&a, &b, &c, &d, &e, X7);
		367	sha1_round4(&a, &b, &c, &d, &e, X8);
		368	sha1_round4(&a, &b, &c, &d, &e, X9);
		369	sha1_round4(&a, &b, &c, &d, &e, X10);
		370	sha1_round4(&a, &b, &c, &d, &e, X11);
		371	sha1_round4(&a, &b, &c, &d, &e, X12);
		372	sha1_round4(&a, &b, &c, &d, &e, X13);
		373	sha1_round4(&a, &b, &c, &d, &e, X14);
		374	sha1_round4(&a, &b, &c, &d, &e, X15);
		375
		376	ctx->h0 += a;
		377	ctx->h1 += b;
		378	ctx->h2 += c;
		379	ctx->h3 += d;
		380	ctx->h4 += e;
292	}	381	}
293	}	382	}
294	#endif	383	#endif
295		384
296
297	int	385	int
298	SHA1_Init(SHA_CTX *c)	386	SHA1_Init(SHA_CTX *c)
299	{	387	{