1 files changed, 79 insertions, 128 deletions
diff --git a/src/lib/libcrypto/sha/sha1.c b/src/lib/libcrypto/sha/sha1.c
index 4b48653bdb..8bcc5e0431 100644
--- a/src/lib/libcrypto/sha/sha1.c
+++ b/src/lib/libcrypto/sha/sha1.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sha1.c,v 1.12 2023/08/10 07:15:23 jsing Exp $ */
+/* $OpenBSD: sha1.c,v 1.13 2024/03/26 12:54:22 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -64,8 +64,13 @@
 #include <openssl/crypto.h>
 #include <openssl/sha.h>
+#include "crypto_internal.h"
 #if !defined(OPENSSL_NO_SHA1) && !defined(OPENSSL_NO_SHA)
+/* Ensure that SHA_LONG and uint32_t are equivalent sizes. */
+CTASSERT(sizeof(SHA_LONG) == sizeof(uint32_t));
 #define DATA_ORDER_IS_BIG_ENDIAN
 #define HASH_LONG               SHA_LONG
@@ -138,109 +143,77 @@ void sha1_block_data_order(SHA_CTX *c, const void *p, size_t num);
 #if !defined(SHA1_ASM)
 #include <endian.h>
 static void
-sha1_block_data_order(SHA_CTX *c, const void *p, size_t num)
+sha1_block_data_order(SHA_CTX *c, const void *_in, size_t num)
 {
-        const unsigned char *data = p;
+        const uint8_t *in = _in;
-        unsigned int A, B, C, D, E, T, l;
+        const SHA_LONG *in32;
+        unsigned int A, B, C, D, E, T;
        unsigned int X0, X1, X2, X3, X4, X5, X6, X7,
            X8, X9, X10, X11, X12, X13, X14, X15;
-        A = c->h0;
+        while (num--) {
-        B = c->h1;
+                A = c->h0;
-        C = c->h2;
+                B = c->h1;
-        D = c->h3;
+                C = c->h2;
-        E = c->h4;
+                D = c->h3;
+                E = c->h4;
-        for (;;) {
+                if ((size_t)in % 4 == 0) {
-                if (BYTE_ORDER != LITTLE_ENDIAN &&
+                        /* Input is 32 bit aligned. */
-                    sizeof(SHA_LONG) == 4 && ((size_t)p % 4) == 0) {
+                        in32 = (const SHA_LONG *)in;
-                        const SHA_LONG *W = (const SHA_LONG *)data;
+                        X0 = be32toh(in32[0]);
+                        X1 = be32toh(in32[1]);
-                        X0 = W[0];
+                        X2 = be32toh(in32[2]);
-                        X1 = W[1];
+                        X3 = be32toh(in32[3]);
-                        BODY_00_15( 0, A, B, C, D, E, T, X0);
+                        X4 = be32toh(in32[4]);
-                        X2 = W[2];
+                        X5 = be32toh(in32[5]);
-                        BODY_00_15( 1, T, A, B, C, D, E, X1);
+                        X6 = be32toh(in32[6]);
-                        X3 = W[3];
+                        X7 = be32toh(in32[7]);
-                        BODY_00_15( 2, E, T, A, B, C, D, X2);
+                        X8 = be32toh(in32[8]);
-                        X4 = W[4];
+                        X9 = be32toh(in32[9]);
-                        BODY_00_15( 3, D, E, T, A, B, C, X3);
+                        X10 = be32toh(in32[10]);
-                        X5 = W[5];
+                        X11 = be32toh(in32[11]);
-                        BODY_00_15( 4, C, D, E, T, A, B, X4);
+                        X12 = be32toh(in32[12]);
-                        X6 = W[6];
+                        X13 = be32toh(in32[13]);
-                        BODY_00_15( 5, B, C, D, E, T, A, X5);
+                        X14 = be32toh(in32[14]);
-                        X7 = W[7];
+                        X15 = be32toh(in32[15]);
-                        BODY_00_15( 6, A, B, C, D, E, T, X6);
-                        X8 = W[8];
-                        BODY_00_15( 7, T, A, B, C, D, E, X7);
-                        X9 = W[9];
-                        BODY_00_15( 8, E, T, A, B, C, D, X8);
-                        X10 = W[10];
-                        BODY_00_15( 9, D, E, T, A, B, C, X9);
-                        X11 = W[11];
-                        BODY_00_15(10, C, D, E, T, A, B, X10);
-                        X12 = W[12];
-                        BODY_00_15(11, B, C, D, E, T, A, X11);
-                        X13 = W[13];
-                        BODY_00_15(12, A, B, C, D, E, T, X12);
-                        X14 = W[14];
-                        BODY_00_15(13, T, A, B, C, D, E, X13);
-                        X15 = W[15];
-                        BODY_00_15(14, E, T, A, B, C, D, X14);
-                        BODY_00_15(15, D, E, T, A, B, C, X15);
-                        data += SHA_CBLOCK;
                } else {
-                        HOST_c2l(data, l);
+                        /* Input is not 32 bit aligned. */
-                        X0 = l;
+                        X0 = crypto_load_be32toh(&in[0 * 4]);
-                        HOST_c2l(data, l);
+                        X1 = crypto_load_be32toh(&in[1 * 4]);
-                        X1 = l;
+                        X2 = crypto_load_be32toh(&in[2 * 4]);
-                        BODY_00_15( 0, A, B, C, D, E, T, X0);
+                        X3 = crypto_load_be32toh(&in[3 * 4]);
-                        HOST_c2l(data, l);
+                        X4 = crypto_load_be32toh(&in[4 * 4]);
-                        X2 = l;
+                        X5 = crypto_load_be32toh(&in[5 * 4]);
-                        BODY_00_15( 1, T, A, B, C, D, E, X1);
+                        X6 = crypto_load_be32toh(&in[6 * 4]);
-                        HOST_c2l(data, l);
+                        X7 = crypto_load_be32toh(&in[7 * 4]);
-                        X3 = l;
+                        X8 = crypto_load_be32toh(&in[8 * 4]);
-                        BODY_00_15( 2, E, T, A, B, C, D, X2);
+                        X9 = crypto_load_be32toh(&in[9 * 4]);
-                        HOST_c2l(data, l);
+                        X10 = crypto_load_be32toh(&in[10 * 4]);
-                        X4 = l;
+                        X11 = crypto_load_be32toh(&in[11 * 4]);
-                        BODY_00_15( 3, D, E, T, A, B, C, X3);
+                        X12 = crypto_load_be32toh(&in[12 * 4]);
-                        HOST_c2l(data, l);
+                        X13 = crypto_load_be32toh(&in[13 * 4]);
-                        X5 = l;
+                        X14 = crypto_load_be32toh(&in[14 * 4]);
-                        BODY_00_15( 4, C, D, E, T, A, B, X4);
+                        X15 = crypto_load_be32toh(&in[15 * 4]);
-                        HOST_c2l(data, l);
-                        X6 = l;
-                        BODY_00_15( 5, B, C, D, E, T, A, X5);
-                        HOST_c2l(data, l);
-                        X7 = l;
-                        BODY_00_15( 6, A, B, C, D, E, T, X6);
-                        HOST_c2l(data, l);
-                        X8 = l;
-                        BODY_00_15( 7, T, A, B, C, D, E, X7);
-                        HOST_c2l(data, l);
-                        X9 = l;
-                        BODY_00_15( 8, E, T, A, B, C, D, X8);
-                        HOST_c2l(data, l);
-                        X10 = l;
-                        BODY_00_15( 9, D, E, T, A, B, C, X9);
-                        HOST_c2l(data, l);
-                        X11 = l;
-                        BODY_00_15(10, C, D, E, T, A, B, X10);
-                        HOST_c2l(data, l);
-                        X12 = l;
-                        BODY_00_15(11, B, C, D, E, T, A, X11);
-                        HOST_c2l(data, l);
-                        X13 = l;
-                        BODY_00_15(12, A, B, C, D, E, T, X12);
-                        HOST_c2l(data, l);
-                        X14 = l;
-                        BODY_00_15(13, T, A, B, C, D, E, X13);
-                        HOST_c2l(data, l);
-                        X15 = l;
-                        BODY_00_15(14, E, T, A, B, C, D, X14);
-                        BODY_00_15(15, D, E, T, A, B, C, X15);
                }
+                in += SHA_CBLOCK;
+                BODY_00_15( 0, A, B, C, D, E, T, X0);
+                BODY_00_15( 1, T, A, B, C, D, E, X1);
+                BODY_00_15( 2, E, T, A, B, C, D, X2);
+                BODY_00_15( 3, D, E, T, A, B, C, X3);
+                BODY_00_15( 4, C, D, E, T, A, B, X4);
+                BODY_00_15( 5, B, C, D, E, T, A, X5);
+                BODY_00_15( 6, A, B, C, D, E, T, X6);
+                BODY_00_15( 7, T, A, B, C, D, E, X7);
+                BODY_00_15( 8, E, T, A, B, C, D, X8);
+                BODY_00_15( 9, D, E, T, A, B, C, X9);
+                BODY_00_15(10, C, D, E, T, A, B, X10);
+                BODY_00_15(11, B, C, D, E, T, A, X11);
+                BODY_00_15(12, A, B, C, D, E, T, X12);
+                BODY_00_15(13, T, A, B, C, D, E, X13);
+                BODY_00_15(14, E, T, A, B, C, D, X14);
+                BODY_00_15(15, D, E, T, A, B, C, X15);
                BODY_16_19(16, C, D, E, T, A, B, X0, X0, X2, X8, X13);
                BODY_16_19(17, B, C, D, E, T, A, X1, X1, X3, X9, X14);
@@ -316,16 +289,6 @@ sha1_block_data_order(SHA_CTX *c, const void *p, size_t num)
                c->h2 = (c->h2 + A)&0xffffffffL;
                c->h3 = (c->h3 + B)&0xffffffffL;
                c->h4 = (c->h4 + C)&0xffffffffL;
-                if (--num == 0)
-                        break;
-                A = c->h0;
-                B = c->h1;
-                C = c->h2;
-                D = c->h3;
-                E = c->h4;
        }
 }
 #endif
@@ -412,7 +375,6 @@ int
 SHA1_Final(unsigned char *md, SHA_CTX *c)
 {
        unsigned char *p = (unsigned char *)c->data;
-        unsigned long ll;
        size_t n = c->num;
        p[n] = 0x80; /* there is always room for one */
@@ -423,31 +385,20 @@ SHA1_Final(unsigned char *md, SHA_CTX *c)
                n = 0;
                sha1_block_data_order(c, p, 1);
        }
        memset(p + n, 0, SHA_CBLOCK - 8 - n);
+        c->data[SHA_LBLOCK - 2] = htobe32(c->Nh);
+        c->data[SHA_LBLOCK - 1] = htobe32(c->Nl);
-        p += SHA_CBLOCK - 8;
-#if   defined(DATA_ORDER_IS_BIG_ENDIAN)
-        HOST_l2c(c->Nh, p);
-        HOST_l2c(c->Nl, p);
-#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
-        HOST_l2c(c->Nl, p);
-        HOST_l2c(c->Nh, p);
-#endif
-        p -= SHA_CBLOCK;
        sha1_block_data_order(c, p, 1);
        c->num = 0;
        memset(p, 0, SHA_CBLOCK);
-        ll = c->h0;
+        crypto_store_htobe32(&md[0 * 4], c->h0);
-        HOST_l2c(ll, md);
+        crypto_store_htobe32(&md[1 * 4], c->h1);
-        ll = c->h1;
+        crypto_store_htobe32(&md[2 * 4], c->h2);
-        HOST_l2c(ll, md);
+        crypto_store_htobe32(&md[3 * 4], c->h3);
-        ll = c->h2;
+        crypto_store_htobe32(&md[4 * 4], c->h4);
-        HOST_l2c(ll, md);
-        ll = c->h3;
-        HOST_l2c(ll, md);
-        ll = c->h4;
-        HOST_l2c(ll, md);
        return 1;
 }

diff --git a/src/lib/libcrypto/sha/sha1.c b/src/lib/libcrypto/sha/sha1.c index 4b48653bdb..8bcc5e0431 100644 --- a/src/lib/libcrypto/sha/sha1.c +++ b/src/lib/libcrypto/sha/sha1.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: sha1.c,v 1.12 2023/08/10 07:15:23 jsing Exp $ */	1	/* $OpenBSD: sha1.c,v 1.13 2024/03/26 12:54:22 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -64,8 +64,13 @@
64	#include <openssl/crypto.h>	64	#include <openssl/crypto.h>
65	#include <openssl/sha.h>	65	#include <openssl/sha.h>
66		66
		67	#include "crypto_internal.h"
		68
67	#if !defined(OPENSSL_NO_SHA1) && !defined(OPENSSL_NO_SHA)	69	#if !defined(OPENSSL_NO_SHA1) && !defined(OPENSSL_NO_SHA)
68		70
		71	/* Ensure that SHA_LONG and uint32_t are equivalent sizes. */
		72	CTASSERT(sizeof(SHA_LONG) == sizeof(uint32_t));
		73
69	#define DATA_ORDER_IS_BIG_ENDIAN	74	#define DATA_ORDER_IS_BIG_ENDIAN
70		75
71	#define HASH_LONG SHA_LONG	76	#define HASH_LONG SHA_LONG
@@ -138,109 +143,77 @@ void sha1_block_data_order(SHA_CTX c, const void p, size_t num);
138	#if !defined(SHA1_ASM)	143	#if !defined(SHA1_ASM)
139	#include <endian.h>	144	#include <endian.h>
140	static void	145	static void
141	sha1_block_data_order(SHA_CTX c, const void p, size_t num)	146	sha1_block_data_order(SHA_CTX c, const void _in, size_t num)
142	{	147	{
143	const unsigned char *data = p;	148	const uint8_t *in = _in;
144	unsigned int A, B, C, D, E, T, l;	149	const SHA_LONG *in32;
		150	unsigned int A, B, C, D, E, T;
145	unsigned int X0, X1, X2, X3, X4, X5, X6, X7,	151	unsigned int X0, X1, X2, X3, X4, X5, X6, X7,
146	X8, X9, X10, X11, X12, X13, X14, X15;	152	X8, X9, X10, X11, X12, X13, X14, X15;
147		153
148	A = c->h0;	154	while (num--) {
149	B = c->h1;	155	A = c->h0;
150	C = c->h2;	156	B = c->h1;
151	D = c->h3;	157	C = c->h2;
152	E = c->h4;	158	D = c->h3;
153		159	E = c->h4;
154	for (;;) {	160
155		161	if ((size_t)in % 4 == 0) {
156	if (BYTE_ORDER != LITTLE_ENDIAN &&	162	/* Input is 32 bit aligned. */
157	sizeof(SHA_LONG) == 4 && ((size_t)p % 4) == 0) {	163	in32 = (const SHA_LONG *)in;
158	const SHA_LONG W = (const SHA_LONG )data;	164	X0 = be32toh(in32[0]);
159		165	X1 = be32toh(in32[1]);
160	X0 = W[0];	166	X2 = be32toh(in32[2]);
161	X1 = W[1];	167	X3 = be32toh(in32[3]);
162	BODY_00_15( 0, A, B, C, D, E, T, X0);	168	X4 = be32toh(in32[4]);
163	X2 = W[2];	169	X5 = be32toh(in32[5]);
164	BODY_00_15( 1, T, A, B, C, D, E, X1);	170	X6 = be32toh(in32[6]);
165	X3 = W[3];	171	X7 = be32toh(in32[7]);
166	BODY_00_15( 2, E, T, A, B, C, D, X2);	172	X8 = be32toh(in32[8]);
167	X4 = W[4];	173	X9 = be32toh(in32[9]);
168	BODY_00_15( 3, D, E, T, A, B, C, X3);	174	X10 = be32toh(in32[10]);
169	X5 = W[5];	175	X11 = be32toh(in32[11]);
170	BODY_00_15( 4, C, D, E, T, A, B, X4);	176	X12 = be32toh(in32[12]);
171	X6 = W[6];	177	X13 = be32toh(in32[13]);
172	BODY_00_15( 5, B, C, D, E, T, A, X5);	178	X14 = be32toh(in32[14]);
173	X7 = W[7];	179	X15 = be32toh(in32[15]);
174	BODY_00_15( 6, A, B, C, D, E, T, X6);
175	X8 = W[8];
176	BODY_00_15( 7, T, A, B, C, D, E, X7);
177	X9 = W[9];
178	BODY_00_15( 8, E, T, A, B, C, D, X8);
179	X10 = W[10];
180	BODY_00_15( 9, D, E, T, A, B, C, X9);
181	X11 = W[11];
182	BODY_00_15(10, C, D, E, T, A, B, X10);
183	X12 = W[12];
184	BODY_00_15(11, B, C, D, E, T, A, X11);
185	X13 = W[13];
186	BODY_00_15(12, A, B, C, D, E, T, X12);
187	X14 = W[14];
188	BODY_00_15(13, T, A, B, C, D, E, X13);
189	X15 = W[15];
190	BODY_00_15(14, E, T, A, B, C, D, X14);
191	BODY_00_15(15, D, E, T, A, B, C, X15);
192
193	data += SHA_CBLOCK;
194	} else {	180	} else {
195	HOST_c2l(data, l);	181	/* Input is not 32 bit aligned. */
196	X0 = l;	182	X0 = crypto_load_be32toh(&in[0 * 4]);
197	HOST_c2l(data, l);	183	X1 = crypto_load_be32toh(&in[1 * 4]);
198	X1 = l;	184	X2 = crypto_load_be32toh(&in[2 * 4]);
199	BODY_00_15( 0, A, B, C, D, E, T, X0);	185	X3 = crypto_load_be32toh(&in[3 * 4]);
200	HOST_c2l(data, l);	186	X4 = crypto_load_be32toh(&in[4 * 4]);
201	X2 = l;	187	X5 = crypto_load_be32toh(&in[5 * 4]);
202	BODY_00_15( 1, T, A, B, C, D, E, X1);	188	X6 = crypto_load_be32toh(&in[6 * 4]);
203	HOST_c2l(data, l);	189	X7 = crypto_load_be32toh(&in[7 * 4]);
204	X3 = l;	190	X8 = crypto_load_be32toh(&in[8 * 4]);
205	BODY_00_15( 2, E, T, A, B, C, D, X2);	191	X9 = crypto_load_be32toh(&in[9 * 4]);
206	HOST_c2l(data, l);	192	X10 = crypto_load_be32toh(&in[10 * 4]);
207	X4 = l;	193	X11 = crypto_load_be32toh(&in[11 * 4]);
208	BODY_00_15( 3, D, E, T, A, B, C, X3);	194	X12 = crypto_load_be32toh(&in[12 * 4]);
209	HOST_c2l(data, l);	195	X13 = crypto_load_be32toh(&in[13 * 4]);
210	X5 = l;	196	X14 = crypto_load_be32toh(&in[14 * 4]);
211	BODY_00_15( 4, C, D, E, T, A, B, X4);	197	X15 = crypto_load_be32toh(&in[15 * 4]);
212	HOST_c2l(data, l);
213	X6 = l;
214	BODY_00_15( 5, B, C, D, E, T, A, X5);
215	HOST_c2l(data, l);
216	X7 = l;
217	BODY_00_15( 6, A, B, C, D, E, T, X6);
218	HOST_c2l(data, l);
219	X8 = l;
220	BODY_00_15( 7, T, A, B, C, D, E, X7);
221	HOST_c2l(data, l);
222	X9 = l;
223	BODY_00_15( 8, E, T, A, B, C, D, X8);
224	HOST_c2l(data, l);
225	X10 = l;
226	BODY_00_15( 9, D, E, T, A, B, C, X9);
227	HOST_c2l(data, l);
228	X11 = l;
229	BODY_00_15(10, C, D, E, T, A, B, X10);
230	HOST_c2l(data, l);
231	X12 = l;
232	BODY_00_15(11, B, C, D, E, T, A, X11);
233	HOST_c2l(data, l);
234	X13 = l;
235	BODY_00_15(12, A, B, C, D, E, T, X12);
236	HOST_c2l(data, l);
237	X14 = l;
238	BODY_00_15(13, T, A, B, C, D, E, X13);
239	HOST_c2l(data, l);
240	X15 = l;
241	BODY_00_15(14, E, T, A, B, C, D, X14);
242	BODY_00_15(15, D, E, T, A, B, C, X15);
243	}	198	}
		199	in += SHA_CBLOCK;
		200
		201	BODY_00_15( 0, A, B, C, D, E, T, X0);
		202	BODY_00_15( 1, T, A, B, C, D, E, X1);
		203	BODY_00_15( 2, E, T, A, B, C, D, X2);
		204	BODY_00_15( 3, D, E, T, A, B, C, X3);
		205	BODY_00_15( 4, C, D, E, T, A, B, X4);
		206	BODY_00_15( 5, B, C, D, E, T, A, X5);
		207	BODY_00_15( 6, A, B, C, D, E, T, X6);
		208	BODY_00_15( 7, T, A, B, C, D, E, X7);
		209	BODY_00_15( 8, E, T, A, B, C, D, X8);
		210	BODY_00_15( 9, D, E, T, A, B, C, X9);
		211	BODY_00_15(10, C, D, E, T, A, B, X10);
		212	BODY_00_15(11, B, C, D, E, T, A, X11);
		213	BODY_00_15(12, A, B, C, D, E, T, X12);
		214	BODY_00_15(13, T, A, B, C, D, E, X13);
		215	BODY_00_15(14, E, T, A, B, C, D, X14);
		216	BODY_00_15(15, D, E, T, A, B, C, X15);
244		217
245	BODY_16_19(16, C, D, E, T, A, B, X0, X0, X2, X8, X13);	218	BODY_16_19(16, C, D, E, T, A, B, X0, X0, X2, X8, X13);
246	BODY_16_19(17, B, C, D, E, T, A, X1, X1, X3, X9, X14);	219	BODY_16_19(17, B, C, D, E, T, A, X1, X1, X3, X9, X14);
@@ -316,16 +289,6 @@ sha1_block_data_order(SHA_CTX c, const void p, size_t num)
316	c->h2 = (c->h2 + A)&0xffffffffL;	289	c->h2 = (c->h2 + A)&0xffffffffL;
317	c->h3 = (c->h3 + B)&0xffffffffL;	290	c->h3 = (c->h3 + B)&0xffffffffL;
318	c->h4 = (c->h4 + C)&0xffffffffL;	291	c->h4 = (c->h4 + C)&0xffffffffL;
319
320	if (--num == 0)
321	break;
322
323	A = c->h0;
324	B = c->h1;
325	C = c->h2;
326	D = c->h3;
327	E = c->h4;
328
329	}	292	}
330	}	293	}
331	#endif	294	#endif
@@ -412,7 +375,6 @@ int
412	SHA1_Final(unsigned char md, SHA_CTX c)	375	SHA1_Final(unsigned char md, SHA_CTX c)
413	{	376	{
414	unsigned char p = (unsigned char )c->data;	377	unsigned char p = (unsigned char )c->data;
415	unsigned long ll;
416	size_t n = c->num;	378	size_t n = c->num;
417		379
418	p[n] = 0x80; /* there is always room for one */	380	p[n] = 0x80; /* there is always room for one */
@@ -423,31 +385,20 @@ SHA1_Final(unsigned char md, SHA_CTX c)
423	n = 0;	385	n = 0;
424	sha1_block_data_order(c, p, 1);	386	sha1_block_data_order(c, p, 1);
425	}	387	}
		388
426	memset(p + n, 0, SHA_CBLOCK - 8 - n);	389	memset(p + n, 0, SHA_CBLOCK - 8 - n);
		390	c->data[SHA_LBLOCK - 2] = htobe32(c->Nh);
		391	c->data[SHA_LBLOCK - 1] = htobe32(c->Nl);
427		392
428	p += SHA_CBLOCK - 8;
429	#if defined(DATA_ORDER_IS_BIG_ENDIAN)
430	HOST_l2c(c->Nh, p);
431	HOST_l2c(c->Nl, p);
432	#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
433	HOST_l2c(c->Nl, p);
434	HOST_l2c(c->Nh, p);
435	#endif
436	p -= SHA_CBLOCK;
437	sha1_block_data_order(c, p, 1);	393	sha1_block_data_order(c, p, 1);
438	c->num = 0;	394	c->num = 0;
439	memset(p, 0, SHA_CBLOCK);	395	memset(p, 0, SHA_CBLOCK);
440		396
441	ll = c->h0;	397	crypto_store_htobe32(&md[0 * 4], c->h0);
442	HOST_l2c(ll, md);	398	crypto_store_htobe32(&md[1 * 4], c->h1);
443	ll = c->h1;	399	crypto_store_htobe32(&md[2 * 4], c->h2);
444	HOST_l2c(ll, md);	400	crypto_store_htobe32(&md[3 * 4], c->h3);
445	ll = c->h2;	401	crypto_store_htobe32(&md[4 * 4], c->h4);
446	HOST_l2c(ll, md);
447	ll = c->h3;
448	HOST_l2c(ll, md);
449	ll = c->h4;
450	HOST_l2c(ll, md);
451		402
452	return 1;	403	return 1;
453	}	404	}