SHA-224/-256/-384/-512 implementation. This is just sheer code commit.
Makefile modifications, make test, etc. will appear later...
diff --git a/crypto/sha/sha.h b/crypto/sha/sha.h
index 3fd54a1..9ef2141 100644
--- a/crypto/sha/sha.h
+++ b/crypto/sha/sha.h
@@ -114,6 +114,75 @@
unsigned char *SHA1(const unsigned char *d, unsigned long n,unsigned char *md);
void SHA1_Transform(SHA_CTX *c, const unsigned char *data);
#endif
+
+#define SHA256_CBLOCK (SHA_LBLOCK*4) /* SHA-256 treats input data as a
+ * contiguous array of 32 bit
+ * wide big-endian values. */
+#define SHA224_DIGEST_LENGTH 28
+#define SHA256_DIGEST_LENGTH 32
+
+typedef struct SHA256state_st
+ {
+ SHA_LONG h[8];
+ SHA_LONG Nl,Nh;
+ SHA_LONG data[SHA_LBLOCK];
+ int num;
+ } SHA256_CTX;
+
+#ifndef OPENSSL_NO_SHA256
+int SHA224_Init(SHA256_CTX *c);
+int SHA224_Update(SHA256_CTX *c, const void *data, size_t len);
+int SHA224_Final(unsigned char *md, SHA256_CTX *c);
+unsigned char *SHA224(const unsigned char *d, size_t n,unsigned char *md);
+int SHA256_Init(SHA256_CTX *c);
+int SHA256_Update(SHA256_CTX *c, const void *data, size_t len);
+int SHA256_Final(unsigned char *md, SHA256_CTX *c);
+unsigned char *SHA256(const unsigned char *d, size_t n,unsigned char *md);
+void SHA256_Transform(SHA256_CTX *c, const unsigned char *data);
+#endif
+
+#define SHA384_DIGEST_LENGTH 48
+#define SHA512_DIGEST_LENGTH 64
+
+/*
+ * Unlike 32-bit digest algorithms, SHA-512 *relies* on SHA_LONG64
+ * being exactly 64-bit wide. See Implementation Notes in sha512.c
+ * for further details.
+ */
+#define SHA512_CBLOCK (SHA_LBLOCK*8) /* SHA-512 treats input data as a
+ * contiguous array of 64 bit
+ * wide big-endian values. */
+#if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__)
+#define SHA_LONG64 unsigned __int64
+#define U64(C) C##UI64
+#else
+#define SHA_LONG64 unsigned long long
+#define U64(C) C##ULL
+#endif
+
+typedef struct SHA512state_st
+ {
+ SHA_LONG64 h[8];
+ SHA_LONG64 Nl,Nh;
+ union {
+ SHA_LONG64 d[SHA_LBLOCK];
+ unsigned char p[SHA512_CBLOCK];
+ } u;
+ int num;
+ } SHA512_CTX;
+
+#ifndef OPENSSL_NO_SHA512
+int SHA384_Init(SHA512_CTX *c);
+int SHA384_Update(SHA512_CTX *c, const void *data, size_t len);
+int SHA384_Final(unsigned char *md, SHA512_CTX *c);
+unsigned char *SHA384(const unsigned char *d, size_t n,unsigned char *md);
+int SHA512_Init(SHA512_CTX *c);
+int SHA512_Update(SHA512_CTX *c, const void *data, size_t len);
+int SHA512_Final(unsigned char *md, SHA512_CTX *c);
+unsigned char *SHA512(const unsigned char *d, size_t n,unsigned char *md);
+void SHA512_Transform(SHA512_CTX *c, const unsigned char *data);
+#endif
+
#ifdef __cplusplus
}
#endif
diff --git a/crypto/sha/sha256.c b/crypto/sha/sha256.c
new file mode 100644
index 0000000..b5a9da1
--- /dev/null
+++ b/crypto/sha/sha256.c
@@ -0,0 +1,283 @@
+/* crypto/sha/sha256.c */
+/* ====================================================================
+ * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
+ * ====================================================================
+ */
+#include <stdlib.h>
+#include <string.h>
+
+#include <openssl/opensslconf.h>
+#include <openssl/crypto.h>
+#include <openssl/sha.h>
+#include <openssl/opensslv.h>
+
+const char *SHA256_version="SHA-256" OPENSSL_VERSION_PTEXT;
+
+int SHA224_Init (SHA256_CTX *c)
+ {
+ c->h[0]=0xc1059ed8UL; c->h[1]=0x367cd507UL;
+ c->h[2]=0x3070dd17UL; c->h[3]=0xf70e5939UL;
+ c->h[4]=0xffc00b31UL; c->h[5]=0x68581511UL;
+ c->h[6]=0x64f98fa7UL; c->h[7]=0xbefa4fa4UL;
+ c->Nl=0; c->Nh=0;
+ c->num=0;
+ return 1;
+ }
+
+int SHA256_Init (SHA256_CTX *c)
+ {
+ c->h[0]=0x6a09e667UL; c->h[1]=0xbb67ae85UL;
+ c->h[2]=0x3c6ef372UL; c->h[3]=0xa54ff53aUL;
+ c->h[4]=0x510e527fUL; c->h[5]=0x9b05688cUL;
+ c->h[6]=0x1f83d9abUL; c->h[7]=0x5be0cd19UL;
+ c->Nl=0; c->Nh=0;
+ c->num=0;
+ return 1;
+ }
+
+unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md)
+ {
+ SHA256_CTX c;
+ static unsigned char m[SHA256_DIGEST_LENGTH];
+
+ SHA224_Init(&c);
+ SHA256_Update(&c,d,n);
+ SHA256_Final(m,&c);
+ if (md != NULL) memcpy (md,m,SHA224_DIGEST_LENGTH),
+ memset (m,0,sizeof(m));
+ else md=m,
+ memset (m+SHA224_DIGEST_LENGTH,0,sizeof(m)-SHA256_DIGEST_LENGTH);
+ OPENSSL_cleanse(&c,sizeof(c));
+ return(md);
+ }
+
+unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md)
+ {
+ SHA256_CTX c;
+ static unsigned char m[SHA256_DIGEST_LENGTH];
+
+ if (md == NULL) md=m;
+ SHA256_Init(&c);
+ SHA256_Update(&c,d,n);
+ SHA256_Final(md,&c);
+ OPENSSL_cleanse(&c,sizeof(c));
+ return(md);
+ }
+
+#ifndef SHA_LONG_LOG2
+#define SHA_LONG_LOG2 2 /* default to 32 bits */
+#endif
+
+#define DATA_ORDER_IS_BIG_ENDIAN
+
+#define HASH_LONG SHA_LONG
+#define HASH_LONG_LOG2 SHA_LONG_LOG2
+#define HASH_CTX SHA256_CTX
+#define HASH_CBLOCK SHA_CBLOCK
+#define HASH_LBLOCK SHA_LBLOCK
+#define HASH_MAKE_STRING(c,s) do { \
+ unsigned long ll; \
+ ll=(c)->h[0]; HOST_l2c(ll,(s)); ll=(c)->h[1]; HOST_l2c(ll,(s)); \
+ ll=(c)->h[2]; HOST_l2c(ll,(s)); ll=(c)->h[3]; HOST_l2c(ll,(s)); \
+ ll=(c)->h[4]; HOST_l2c(ll,(s)); ll=(c)->h[5]; HOST_l2c(ll,(s)); \
+ ll=(c)->h[6]; HOST_l2c(ll,(s)); ll=(c)->h[7]; HOST_l2c(ll,(s)); \
+ } while (0)
+
+#define HASH_UPDATE SHA256_Update
+#define HASH_TRANSFORM SHA256_Transform
+#define HASH_FINAL SHA256_Final
+#define HASH_BLOCK_HOST_ORDER sha256_block_host_order
+#define HASH_BLOCK_DATA_ORDER sha256_block_data_order
+void sha256_block_host_order (SHA256_CTX *ctx, const void *in, size_t num);
+void sha256_block_data_order (SHA256_CTX *ctx, const void *in, size_t num);
+
+#include "md32_common.h"
+
+static const SHA_LONG K256[64] = {
+ 0x428a2f98UL,0x71374491UL,0xb5c0fbcfUL,0xe9b5dba5UL,
+ 0x3956c25bUL,0x59f111f1UL,0x923f82a4UL,0xab1c5ed5UL,
+ 0xd807aa98UL,0x12835b01UL,0x243185beUL,0x550c7dc3UL,
+ 0x72be5d74UL,0x80deb1feUL,0x9bdc06a7UL,0xc19bf174UL,
+ 0xe49b69c1UL,0xefbe4786UL,0x0fc19dc6UL,0x240ca1ccUL,
+ 0x2de92c6fUL,0x4a7484aaUL,0x5cb0a9dcUL,0x76f988daUL,
+ 0x983e5152UL,0xa831c66dUL,0xb00327c8UL,0xbf597fc7UL,
+ 0xc6e00bf3UL,0xd5a79147UL,0x06ca6351UL,0x14292967UL,
+ 0x27b70a85UL,0x2e1b2138UL,0x4d2c6dfcUL,0x53380d13UL,
+ 0x650a7354UL,0x766a0abbUL,0x81c2c92eUL,0x92722c85UL,
+ 0xa2bfe8a1UL,0xa81a664bUL,0xc24b8b70UL,0xc76c51a3UL,
+ 0xd192e819UL,0xd6990624UL,0xf40e3585UL,0x106aa070UL,
+ 0x19a4c116UL,0x1e376c08UL,0x2748774cUL,0x34b0bcb5UL,
+ 0x391c0cb3UL,0x4ed8aa4aUL,0x5b9cca4fUL,0x682e6ff3UL,
+ 0x748f82eeUL,0x78a5636fUL,0x84c87814UL,0x8cc70208UL,
+ 0x90befffaUL,0xa4506cebUL,0xbef9a3f7UL,0xc67178f2UL };
+
+/*
+ * FIPS specification refers to right rotations, while our ROTATE macro
+ * is left one. This is why you might notice that rotation coefficients
+ * differ from those observed in FIPS document by 32-N...
+ */
+#define Sigma0(x) (ROTATE((x),30) ^ ROTATE((x),19) ^ ROTATE((x),10))
+#define Sigma1(x) (ROTATE((x),26) ^ ROTATE((x),21) ^ ROTATE((x),7))
+#define sigma0(x) (ROTATE((x),25) ^ ROTATE((x),14) ^ ((x)>>3))
+#define sigma1(x) (ROTATE((x),15) ^ ROTATE((x),13) ^ ((x)>>10))
+
+#define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z)))
+#define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
+
+#ifdef OPENSSL_SMALL_FOOTPRINT
+
+static void sha256_block (SHA256_CTX *ctx, const void *in, size_t num, int host)
+ {
+ unsigned MD32_REG_T a,b,c,d,e,f,g,h,s0,s1,T1,T2;
+ SHA_LONG X[16];
+ int i;
+
+ while (num--) {
+
+ a = ctx->h[0]; b = ctx->h[1]; c = ctx->h[2]; d = ctx->h[3];
+ e = ctx->h[4]; f = ctx->h[5]; g = ctx->h[6]; h = ctx->h[7];
+
+ if (host)
+ {
+ const SHA_LONG *W=in;
+
+ for (i=0;i<16;i++)
+ {
+ T1 = X[i] = W[i];
+ T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i];
+ T2 = Sigma0(a) + Maj(a,b,c);
+ h = g; g = f; f = e; e = d + T1;
+ d = c; c = b; b = a; a = T1 + T2;
+ }
+ }
+ else
+ {
+ const unsigned char *data=in;
+ SHA_LONG l;
+
+ for (i=0;i<16;i++)
+ {
+ HOST_c2l(data,l); T1 = X[i] = l;
+ T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i];
+ T2 = Sigma0(a) + Maj(a,b,c);
+ h = g; g = f; f = e; e = d + T1;
+ d = c; c = b; b = a; a = T1 + T2;
+ }
+ }
+
+ for (;i<64;i++)
+ {
+ s0 = X[(i+1)&0x0f]; s0 = sigma0(s0);
+ s1 = X[(i+14)&0x0f]; s1 = sigma1(s1);
+
+ T1 = X[i&0xf] += s0 + s1 + X[(i+9)&0xf];
+ T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i];
+ T2 = Sigma0(a) + Maj(a,b,c);
+ h = g; g = f; f = e; e = d + T1;
+ d = c; c = b; b = a; a = T1 + T2;
+ }
+
+ ctx->h[0] += a; ctx->h[1] += b; ctx->h[2] += c; ctx->h[3] += d;
+ ctx->h[4] += e; ctx->h[5] += f; ctx->h[6] += g; ctx->h[7] += h;
+
+ }
+}
+
+#else
+
+#define ROUND_00_15(i,a,b,c,d,e,f,g,h) do { \
+ T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i]; \
+ h = Sigma0(a) + Maj(a,b,c); \
+ d += T1; h += T1; } while (0)
+
+#define ROUND_16_63(i,a,b,c,d,e,f,g,h,X) do { \
+ s0 = X[(i+1)&0x0f]; s0 = sigma0(s0); \
+ s1 = X[(i+14)&0x0f]; s1 = sigma1(s1); \
+ T1 = X[i&0x0f] += s0 + s1 + X[(i+9)&0x0f]; \
+ ROUND_00_15(i,a,b,c,d,e,f,g,h); } while (0)
+
+static void sha256_block (SHA256_CTX *ctx, const void *in, size_t num, int host)
+ {
+ unsigned MD32_REG_T a,b,c,d,e,f,g,h,s0,s1,T1;
+ SHA_LONG X[16];
+ int i;
+
+ while (num--) {
+
+ a = ctx->h[0]; b = ctx->h[1]; c = ctx->h[2]; d = ctx->h[3];
+ e = ctx->h[4]; f = ctx->h[5]; g = ctx->h[6]; h = ctx->h[7];
+
+ if (host)
+ {
+ const SHA_LONG *W=in;
+
+ T1 = X[0] = W[0]; ROUND_00_15(0,a,b,c,d,e,f,g,h);
+ T1 = X[1] = W[1]; ROUND_00_15(1,h,a,b,c,d,e,f,g);
+ T1 = X[2] = W[2]; ROUND_00_15(2,g,h,a,b,c,d,e,f);
+ T1 = X[3] = W[3]; ROUND_00_15(3,f,g,h,a,b,c,d,e);
+ T1 = X[4] = W[4]; ROUND_00_15(4,e,f,g,h,a,b,c,d);
+ T1 = X[5] = W[5]; ROUND_00_15(5,d,e,f,g,h,a,b,c);
+ T1 = X[6] = W[6]; ROUND_00_15(6,c,d,e,f,g,h,a,b);
+ T1 = X[7] = W[7]; ROUND_00_15(7,b,c,d,e,f,g,h,a);
+ T1 = X[8] = W[8]; ROUND_00_15(8,a,b,c,d,e,f,g,h);
+ T1 = X[9] = W[9]; ROUND_00_15(9,h,a,b,c,d,e,f,g);
+ T1 = X[10] = W[10]; ROUND_00_15(10,g,h,a,b,c,d,e,f);
+ T1 = X[11] = W[11]; ROUND_00_15(11,f,g,h,a,b,c,d,e);
+ T1 = X[12] = W[12]; ROUND_00_15(12,e,f,g,h,a,b,c,d);
+ T1 = X[13] = W[13]; ROUND_00_15(13,d,e,f,g,h,a,b,c);
+ T1 = X[14] = W[14]; ROUND_00_15(14,c,d,e,f,g,h,a,b);
+ T1 = X[15] = W[15]; ROUND_00_15(15,b,c,d,e,f,g,h,a);
+ }
+ else
+ {
+ const unsigned char *data=in;
+ SHA_LONG l;
+
+ HOST_c2l(data,l); T1 = X[0] = l; ROUND_00_15(0,a,b,c,d,e,f,g,h);
+ HOST_c2l(data,l); T1 = X[1] = l; ROUND_00_15(1,h,a,b,c,d,e,f,g);
+ HOST_c2l(data,l); T1 = X[2] = l; ROUND_00_15(2,g,h,a,b,c,d,e,f);
+ HOST_c2l(data,l); T1 = X[3] = l; ROUND_00_15(3,f,g,h,a,b,c,d,e);
+ HOST_c2l(data,l); T1 = X[4] = l; ROUND_00_15(4,e,f,g,h,a,b,c,d);
+ HOST_c2l(data,l); T1 = X[5] = l; ROUND_00_15(5,d,e,f,g,h,a,b,c);
+ HOST_c2l(data,l); T1 = X[6] = l; ROUND_00_15(6,c,d,e,f,g,h,a,b);
+ HOST_c2l(data,l); T1 = X[7] = l; ROUND_00_15(7,b,c,d,e,f,g,h,a);
+ HOST_c2l(data,l); T1 = X[8] = l; ROUND_00_15(8,a,b,c,d,e,f,g,h);
+ HOST_c2l(data,l); T1 = X[9] = l; ROUND_00_15(9,h,a,b,c,d,e,f,g);
+ HOST_c2l(data,l); T1 = X[10] = l; ROUND_00_15(10,g,h,a,b,c,d,e,f);
+ HOST_c2l(data,l); T1 = X[11] = l; ROUND_00_15(11,f,g,h,a,b,c,d,e);
+ HOST_c2l(data,l); T1 = X[12] = l; ROUND_00_15(12,e,f,g,h,a,b,c,d);
+ HOST_c2l(data,l); T1 = X[13] = l; ROUND_00_15(13,d,e,f,g,h,a,b,c);
+ HOST_c2l(data,l); T1 = X[14] = l; ROUND_00_15(14,c,d,e,f,g,h,a,b);
+ HOST_c2l(data,l); T1 = X[15] = l; ROUND_00_15(15,b,c,d,e,f,g,h,a);
+ }
+
+ for (i=16;i<64;i+=8)
+ {
+ ROUND_16_63(i+0,a,b,c,d,e,f,g,h,X);
+ ROUND_16_63(i+1,h,a,b,c,d,e,f,g,X);
+ ROUND_16_63(i+2,g,h,a,b,c,d,e,f,X);
+ ROUND_16_63(i+3,f,g,h,a,b,c,d,e,X);
+ ROUND_16_63(i+4,e,f,g,h,a,b,c,d,X);
+ ROUND_16_63(i+5,d,e,f,g,h,a,b,c,X);
+ ROUND_16_63(i+6,c,d,e,f,g,h,a,b,X);
+ ROUND_16_63(i+7,b,c,d,e,f,g,h,a,X);
+ }
+
+ ctx->h[0] += a; ctx->h[1] += b; ctx->h[2] += c; ctx->h[3] += d;
+ ctx->h[4] += e; ctx->h[5] += f; ctx->h[6] += g; ctx->h[7] += h;
+
+ }
+ }
+
+#endif
+
+/*
+ * Idea is to trade couple of cycles for some space. On IA-32 we save
+ * about 4K in "big footprint" case. In "small footprint" case any gain
+ * is appreciated:-)
+ */
+void HASH_BLOCK_HOST_ORDER (SHA256_CTX *ctx, const void *in, size_t num)
+{ sha256_block (ctx,in,num,1); }
+
+void HASH_BLOCK_DATA_ORDER (SHA256_CTX *ctx, const void *in, size_t num)
+{ sha256_block (ctx,in,num,0); }
diff --git a/crypto/sha/sha256t.c b/crypto/sha/sha256t.c
new file mode 100644
index 0000000..01f935e
--- /dev/null
+++ b/crypto/sha/sha256t.c
@@ -0,0 +1,72 @@
+/* crypto/sha/sha256t.c */
+/* ====================================================================
+ * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
+ * ====================================================================
+ */
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+
+#include <openssl/sha.h>
+
+unsigned char app_b1[SHA256_DIGEST_LENGTH] = {
+ 0xba,0x78,0x16,0xbf,0x8f,0x01,0xcf,0xea,
+ 0x41,0x41,0x40,0xde,0x5d,0xae,0x22,0x23,
+ 0xb0,0x03,0x61,0xa3,0x96,0x17,0x7a,0x9c,
+ 0xb4,0x10,0xff,0x61,0xf2,0x00,0x15,0xad };
+
+unsigned char app_b2[SHA256_DIGEST_LENGTH] = {
+ 0x24,0x8d,0x6a,0x61,0xd2,0x06,0x38,0xb8,
+ 0xe5,0xc0,0x26,0x93,0x0c,0x3e,0x60,0x39,
+ 0xa3,0x3c,0xe4,0x59,0x64,0xff,0x21,0x67,
+ 0xf6,0xec,0xed,0xd4,0x19,0xdb,0x06,0xc1 };
+
+unsigned char app_b3[SHA256_DIGEST_LENGTH] = {
+ 0xcd,0xc7,0x6e,0x5c,0x99,0x14,0xfb,0x92,
+ 0x81,0xa1,0xc7,0xe2,0x84,0xd7,0x3e,0x67,
+ 0xf1,0x80,0x9a,0x48,0xa4,0x97,0x20,0x0e,
+ 0x04,0x6d,0x39,0xcc,0xc7,0x11,0x2c,0xd0 };
+
+int main ()
+{ unsigned char md[SHA256_DIGEST_LENGTH];
+ int i;
+ SHA256_CTX ctx;
+
+ fprintf(stdout,"Testing SHA-256 ");
+
+ SHA256("abc",3,md);
+ if (memcmp(md,app_b1,sizeof(app_b1)))
+ { fflush(stdout);
+ fprintf(stderr,"\nTEST 1 of 3 failed.\n");
+ return 1;
+ }
+ else
+ fprintf(stdout,"."); fflush(stdout);
+
+ SHA256("abcdbcde""cdefdefg""efghfghi""ghijhijk"
+ "ijkljklm""klmnlmno""mnopnopq",56,md);
+ if (memcmp(md,app_b2,sizeof(app_b2)))
+ { fflush(stdout);
+ fprintf(stderr,"\nTEST 2 of 3 failed.\n");
+ return 1;
+ }
+ else
+ fprintf(stdout,"."); fflush(stdout);
+
+ SHA256_Init(&ctx);
+ for (i=0;i<1000000;i+=64)
+ SHA256_Update(&ctx, "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
+ "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa",
+ (1000000-i)<64?1000000-i:64);
+ SHA256_Final(md,&ctx);
+
+ if (memcmp(md,app_b3,sizeof(app_b3)))
+ { fflush(stdout);
+ fprintf(stderr,"\nTEST 3 of 3 failed.\n");
+ return 1;
+ }
+ else
+ fprintf(stdout,"."); fflush(stdout);
+
+ fprintf(stdout," passed.\n"); fflush(stdout);
+}
diff --git a/crypto/sha/sha512.c b/crypto/sha/sha512.c
new file mode 100644
index 0000000..074ac0e
--- /dev/null
+++ b/crypto/sha/sha512.c
@@ -0,0 +1,399 @@
+/* crypto/sha/sha512.c */
+/* ====================================================================
+ * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
+ * ====================================================================
+ */
+/*
+ * IMPLEMENTATION NOTES.
+ *
+ * As you might have noticed 32-bit hash algorithms:
+ *
+ * - permit SHA_LONG to be wider than 32-bit (case on CRAY);
+ * - optimized versions implement two transform functions: one operating
+ * on [aligned] data in host byte order and one - on data in input
+ * stream byte order;
+ * - share common byte-order neutral collector and padding function
+ * implementations, ../md32_common.h;
+ *
+ * Neither of the above applies to this SHA-512 implementations. Reasons
+ * [in reverse order] are:
+ *
+ * - it's the only 64-bit hash algorithm for the moment of this writing,
+ * there is no need for common collector/padding implementation [yet];
+ * - by supporting only one transform function [which operates on
+ * *aligned* data in input stream byte order, big-endian in this case]
+ * we minimize burden of maintenance in two ways: a) collector/padding
+ * function is simpler; b) only one transform function to stare at;
+ * - SHA_LONG64 is required to be exactly 64-bit in order to be able to
+ * apply a number of optimizations to mitigate potential performance
+ * penalties caused by previous design decision;
+ *
+ * Caveat lector.
+ *
+ * Implementation relies on the fact that "long long" is 64-bit on
+ * both 32- and 64-bit platforms. If some compiler vendor comes up
+ * with 128-bit long long, adjustment to sha.h would be required.
+ * As this implementation relies on 64-bit integer type, it's totally
+ * inappropriate for platforms which don't support it, most notably
+ * 16-bit platforms.
+ * <appro@fy.chalmers.se>
+ */
+#include <stdlib.h>
+#include <string.h>
+
+#include <openssl/opensslconf.h>
+#include <openssl/crypto.h>
+#include <openssl/sha.h>
+#include <openssl/opensslv.h>
+
+const char *SHA512_version="SHA-512" OPENSSL_VERSION_PTEXT;
+
+int SHA384_Init (SHA512_CTX *c)
+ {
+ c->h[0]=U64(0xcbbb9d5dc1059ed8);
+ c->h[1]=U64(0x629a292a367cd507);
+ c->h[2]=U64(0x9159015a3070dd17);
+ c->h[3]=U64(0x152fecd8f70e5939);
+ c->h[4]=U64(0x67332667ffc00b31);
+ c->h[5]=U64(0x8eb44a8768581511);
+ c->h[6]=U64(0xdb0c2e0d64f98fa7);
+ c->h[7]=U64(0x47b5481dbefa4fa4);
+ c->Nl=0; c->Nh=0;
+ c->num=0;
+ return 1;
+ }
+
+int SHA512_Init (SHA512_CTX *c)
+ {
+ c->h[0]=U64(0x6a09e667f3bcc908);
+ c->h[1]=U64(0xbb67ae8584caa73b);
+ c->h[2]=U64(0x3c6ef372fe94f82b);
+ c->h[3]=U64(0xa54ff53a5f1d36f1);
+ c->h[4]=U64(0x510e527fade682d1);
+ c->h[5]=U64(0x9b05688c2b3e6c1f);
+ c->h[6]=U64(0x1f83d9abfb41bd6b);
+ c->h[7]=U64(0x5be0cd19137e2179);
+ c->Nl=0; c->Nh=0;
+ c->num=0;
+ return 1;
+ }
+
+static void sha512_block (SHA512_CTX *ctx, const void *in, size_t num);
+
+static int sha512_final (unsigned char *md, SHA512_CTX *c, size_t msz)
+ {
+ unsigned char *p=(unsigned char *)c->u.p;
+ size_t n=c->num;
+
+ p[n]=0x80;
+ n++;
+ if (n > (sizeof(c->u)-16))
+ memset (p+n,0,sizeof(c->u)-n), n=0,
+ sha512_block (c,p,1);
+
+ memset (p+n,0,sizeof(c->u)-16-n);
+#ifdef B_ENDIAN
+ c->u.d[SHA_LBLOCK-2] = c->Nh;
+ c->u.d[SHA_LBLOCK-1] = c->Nl;
+#else
+ p[sizeof(c->u)-1] = (c->Nl)&0xFF;
+ p[sizeof(c->u)-2] = (c->Nl>>8)&0xFF;
+ p[sizeof(c->u)-3] = (c->Nl>>16)&0xFF;
+ p[sizeof(c->u)-4] = (c->Nl>>24)&0xFF;
+ p[sizeof(c->u)-5] = (c->Nl>>32)&0xFF;
+ p[sizeof(c->u)-6] = (c->Nl>>40)&0xFF;
+ p[sizeof(c->u)-7] = (c->Nl>>48)&0xFF;
+ p[sizeof(c->u)-8] = (c->Nl>>56)&0xFF;
+ p[sizeof(c->u)-9] = (c->Nh)&0xFF;
+ p[sizeof(c->u)-10] = (c->Nh>>8)&0xFF;
+ p[sizeof(c->u)-11] = (c->Nh>>16)&0xFF;
+ p[sizeof(c->u)-12] = (c->Nh>>24)&0xFF;
+ p[sizeof(c->u)-13] = (c->Nh>>32)&0xFF;
+ p[sizeof(c->u)-14] = (c->Nh>>40)&0xFF;
+ p[sizeof(c->u)-15] = (c->Nh>>48)&0xFF;
+ p[sizeof(c->u)-16] = (c->Nh>>56)&0xFF;
+#endif
+
+ sha512_block (c,p,1);
+
+ if (md==0) return 0;
+
+ for (n=0;msz>0;n++,msz-=8)
+ {
+ SHA_LONG64 t = c->h[n];
+
+ *(md++) = (t>>56)&0xFF; *(md++) = (t>>48)&0xFF;
+ *(md++) = (t>>40)&0xFF; *(md++) = (t>>32)&0xFF;
+ *(md++) = (t>>24)&0xFF; *(md++) = (t>>16)&0xFF;
+ *(md++) = (t>>8)&0xFF; *(md++) = (t)&0xFF;
+ }
+
+ return 1;
+ }
+
+int SHA384_Final (unsigned char *md,SHA512_CTX *c)
+{ return sha512_final (md,c,SHA384_DIGEST_LENGTH); }
+int SHA512_Final (unsigned char *md,SHA512_CTX *c)
+{ return sha512_final (md,c,SHA512_DIGEST_LENGTH); }
+
+int SHA512_Update (SHA512_CTX *c, const void *_data, size_t len)
+ {
+ SHA_LONG64 l;
+ unsigned char *p=c->u.p,*data=(unsigned char *)_data;
+
+ if (len==0) return 1;
+
+ l = (c->Nl+(((SHA_LONG64)len)<<3))&U64(0xffffffffffffffff);
+ if (l < c->Nl) c->Nh++;
+ if (sizeof(len)>=8) c->Nh+=(((SHA_LONG64)len)>>61);
+ c->Nl=l;
+
+ if (c->num != 0)
+ {
+ size_t n = sizeof(c->u) - c->num;
+
+ if (len < n)
+ {
+ memcpy (p+c->num,data,len), c->num += len;
+ return 1;
+ }
+ else {
+ memcpy (p+c->num,data,n), c->num = 0;
+ len-=n, data+=n;
+ sha512_block (c,p,1);
+ }
+ }
+
+ if (len >= sizeof(c->u))
+ {
+#ifndef SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA
+ if ((int)data%sizeof(c->u.d[0]) != 0)
+ while (len >= sizeof(c->u))
+ memcpy (p,data,sizeof(c->u)),
+ sha512_block (c,p,1),
+ len -= sizeof(c->u),
+ data += sizeof(c->u);
+ else
+#endif
+ sha512_block (c,data,len/sizeof(c->u)),
+ data += len,
+ len %= sizeof(c->u),
+ data -= len;
+ }
+
+ if (len != 0) memcpy (p,data,len), c->num = (int)len;
+
+ return 1;
+ }
+
+int SHA384_Update (SHA512_CTX *c, const void *data, size_t len)
+{ return SHA512_Update (c,data,len); }
+
+void SHA512_Transform (SHA512_CTX *c, const unsigned char *data)
+{ sha512_block (c,data,1); }
+
+unsigned char *SHA384(const unsigned char *d, size_t n, unsigned char *md)
+ {
+ SHA512_CTX c;
+ static unsigned char m[SHA384_DIGEST_LENGTH];
+
+ if (md == NULL) md=m;
+ SHA384_Init(&c);
+ SHA512_Update(&c,d,n);
+ sha512_final(md,&c,sizeof(m));
+ OPENSSL_cleanse(&c,sizeof(c));
+ return(md);
+ }
+
+unsigned char *SHA512(const unsigned char *d, size_t n, unsigned char *md)
+ {
+ SHA512_CTX c;
+ static unsigned char m[SHA512_DIGEST_LENGTH];
+
+ if (md == NULL) md=m;
+ SHA512_Init(&c);
+ SHA512_Update(&c,d,n);
+ sha512_final(md,&c,sizeof(m));
+ OPENSSL_cleanse(&c,sizeof(c));
+ return(md);
+ }
+
+static const SHA_LONG64 K512[80] = {
+ U64(0x428a2f98d728ae22),U64(0x7137449123ef65cd),
+ U64(0xb5c0fbcfec4d3b2f),U64(0xe9b5dba58189dbbc),
+ U64(0x3956c25bf348b538),U64(0x59f111f1b605d019),
+ U64(0x923f82a4af194f9b),U64(0xab1c5ed5da6d8118),
+ U64(0xd807aa98a3030242),U64(0x12835b0145706fbe),
+ U64(0x243185be4ee4b28c),U64(0x550c7dc3d5ffb4e2),
+ U64(0x72be5d74f27b896f),U64(0x80deb1fe3b1696b1),
+ U64(0x9bdc06a725c71235),U64(0xc19bf174cf692694),
+ U64(0xe49b69c19ef14ad2),U64(0xefbe4786384f25e3),
+ U64(0x0fc19dc68b8cd5b5),U64(0x240ca1cc77ac9c65),
+ U64(0x2de92c6f592b0275),U64(0x4a7484aa6ea6e483),
+ U64(0x5cb0a9dcbd41fbd4),U64(0x76f988da831153b5),
+ U64(0x983e5152ee66dfab),U64(0xa831c66d2db43210),
+ U64(0xb00327c898fb213f),U64(0xbf597fc7beef0ee4),
+ U64(0xc6e00bf33da88fc2),U64(0xd5a79147930aa725),
+ U64(0x06ca6351e003826f),U64(0x142929670a0e6e70),
+ U64(0x27b70a8546d22ffc),U64(0x2e1b21385c26c926),
+ U64(0x4d2c6dfc5ac42aed),U64(0x53380d139d95b3df),
+ U64(0x650a73548baf63de),U64(0x766a0abb3c77b2a8),
+ U64(0x81c2c92e47edaee6),U64(0x92722c851482353b),
+ U64(0xa2bfe8a14cf10364),U64(0xa81a664bbc423001),
+ U64(0xc24b8b70d0f89791),U64(0xc76c51a30654be30),
+ U64(0xd192e819d6ef5218),U64(0xd69906245565a910),
+ U64(0xf40e35855771202a),U64(0x106aa07032bbd1b8),
+ U64(0x19a4c116b8d2d0c8),U64(0x1e376c085141ab53),
+ U64(0x2748774cdf8eeb99),U64(0x34b0bcb5e19b48a8),
+ U64(0x391c0cb3c5c95a63),U64(0x4ed8aa4ae3418acb),
+ U64(0x5b9cca4f7763e373),U64(0x682e6ff3d6b2b8a3),
+ U64(0x748f82ee5defb2fc),U64(0x78a5636f43172f60),
+ U64(0x84c87814a1f0ab72),U64(0x8cc702081a6439ec),
+ U64(0x90befffa23631e28),U64(0xa4506cebde82bde9),
+ U64(0xbef9a3f7b2c67915),U64(0xc67178f2e372532b),
+ U64(0xca273eceea26619c),U64(0xd186b8c721c0c207),
+ U64(0xeada7dd6cde0eb1e),U64(0xf57d4f7fee6ed178),
+ U64(0x06f067aa72176fba),U64(0x0a637dc5a2c898a6),
+ U64(0x113f9804bef90dae),U64(0x1b710b35131c471b),
+ U64(0x28db77f523047d84),U64(0x32caab7b40c72493),
+ U64(0x3c9ebe0a15c9bebc),U64(0x431d67c49c100d4c),
+ U64(0x4cc5d4becb3e42b6),U64(0x597f299cfc657e2a),
+ U64(0x5fcb6fab3ad6faec),U64(0x6c44198c4a475817) };
+
+#define B(x,j) (((SHA_LONG64)(*(((unsigned char *)(&x))+j)))<<((7-j)*8))
+#define PULL64(x) (B(x,0)|B(x,1)|B(x,2)|B(x,3)|B(x,4)|B(x,5)|B(x,6)|B(x,7))
+
+#define ROTR(x,s) (((x)>>s) | (x)<<(64-s))
+#define Sigma0(x) (ROTR((x),28) ^ ROTR((x),34) ^ ROTR((x),39))
+#define Sigma1(x) (ROTR((x),14) ^ ROTR((x),18) ^ ROTR((x),41))
+#define sigma0(x) (ROTR((x),1) ^ ROTR((x),8) ^ ((x)>>7))
+#define sigma1(x) (ROTR((x),19) ^ ROTR((x),61) ^ ((x)>>6))
+
+#define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z)))
+#define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
+
+#ifdef OPENSSL_SMALL_FOOTPRINT
+
+static void sha512_block (SHA512_CTX *ctx, const void *in, size_t num)
+ {
+ const SHA_LONG64 *W=in;
+ SHA_LONG64 a,b,c,d,e,f,g,h,s0,s1,T1,T2;
+ SHA_LONG64 X[16];
+ int i;
+
+ while (num--) {
+
+ a = ctx->h[0]; b = ctx->h[1]; c = ctx->h[2]; d = ctx->h[3];
+ e = ctx->h[4]; f = ctx->h[5]; g = ctx->h[6]; h = ctx->h[7];
+
+ for (i=0;i<16;i++)
+ {
+#ifdef B_ENDIAN
+ T1 = X[i] = W[i];
+#else
+ T1 = X[i] = PULL64(W[i]);
+#endif
+ T1 += h + Sigma1(e) + Ch(e,f,g) + K512[i];
+ T2 = Sigma0(a) + Maj(a,b,c);
+ h = g; g = f; f = e; e = d + T1;
+ d = c; c = b; b = a; a = T1 + T2;
+ }
+
+ for (;i<80;i++)
+ {
+ s0 = X[(i+1)&0x0f]; s0 = sigma0(s0);
+ s1 = X[(i+14)&0x0f]; s1 = sigma1(s1);
+
+ T1 = X[i&0xf] += s0 + s1 + X[(i+9)&0xf];
+ T1 += h + Sigma1(e) + Ch(e,f,g) + K512[i];
+ T2 = Sigma0(a) + Maj(a,b,c);
+ h = g; g = f; f = e; e = d + T1;
+ d = c; c = b; b = a; a = T1 + T2;
+ }
+
+ ctx->h[0] += a; ctx->h[1] += b; ctx->h[2] += c; ctx->h[3] += d;
+ ctx->h[4] += e; ctx->h[5] += f; ctx->h[6] += g; ctx->h[7] += h;
+
+ }
+ }
+
+#else
+
+#define ROUND_00_15(i,a,b,c,d,e,f,g,h) do { \
+ T1 += h + Sigma1(e) + Ch(e,f,g) + K512[i]; \
+ h = Sigma0(a) + Maj(a,b,c); \
+ d += T1; h += T1; } while (0)
+
+#define ROUND_16_80(i,a,b,c,d,e,f,g,h,X) do { \
+ s0 = X[(i+1)&0x0f]; s0 = sigma0(s0); \
+ s1 = X[(i+14)&0x0f]; s1 = sigma1(s1); \
+ T1 = X[i&0x0f] += s0 + s1 + X[(i+9)&0x0f]; \
+ ROUND_00_15(i,a,b,c,d,e,f,g,h); } while (0)
+
+static void sha512_block (SHA512_CTX *ctx, const void *in, size_t num)
+ {
+ const SHA_LONG64 *W=in;
+ SHA_LONG64 a,b,c,d,e,f,g,h,s0,s1,T1;
+ SHA_LONG64 X[16];
+ int i;
+
+ while (num--) {
+
+ a = ctx->h[0]; b = ctx->h[1]; c = ctx->h[2]; d = ctx->h[3];
+ e = ctx->h[4]; f = ctx->h[5]; g = ctx->h[6]; h = ctx->h[7];
+
+#ifdef B_ENDIAN
+ T1 = X[0] = W[0]; ROUND_00_15(0,a,b,c,d,e,f,g,h);
+ T1 = X[1] = W[1]; ROUND_00_15(1,h,a,b,c,d,e,f,g);
+ T1 = X[2] = W[2]; ROUND_00_15(2,g,h,a,b,c,d,e,f);
+ T1 = X[3] = W[3]; ROUND_00_15(3,f,g,h,a,b,c,d,e);
+ T1 = X[4] = W[4]; ROUND_00_15(4,e,f,g,h,a,b,c,d);
+ T1 = X[5] = W[5]; ROUND_00_15(5,d,e,f,g,h,a,b,c);
+ T1 = X[6] = W[6]; ROUND_00_15(6,c,d,e,f,g,h,a,b);
+ T1 = X[7] = W[7]; ROUND_00_15(7,b,c,d,e,f,g,h,a);
+ T1 = X[8] = W[8]; ROUND_00_15(8,a,b,c,d,e,f,g,h);
+ T1 = X[9] = W[9]; ROUND_00_15(9,h,a,b,c,d,e,f,g);
+ T1 = X[10] = W[10]; ROUND_00_15(10,g,h,a,b,c,d,e,f);
+ T1 = X[11] = W[11]; ROUND_00_15(11,f,g,h,a,b,c,d,e);
+ T1 = X[12] = W[12]; ROUND_00_15(12,e,f,g,h,a,b,c,d);
+ T1 = X[13] = W[13]; ROUND_00_15(13,d,e,f,g,h,a,b,c);
+ T1 = X[14] = W[14]; ROUND_00_15(14,c,d,e,f,g,h,a,b);
+ T1 = X[15] = W[15]; ROUND_00_15(15,b,c,d,e,f,g,h,a);
+#else
+ T1 = X[0] = PULL64(W[0]); ROUND_00_15(0,a,b,c,d,e,f,g,h);
+ T1 = X[1] = PULL64(W[1]); ROUND_00_15(1,h,a,b,c,d,e,f,g);
+ T1 = X[2] = PULL64(W[2]); ROUND_00_15(2,g,h,a,b,c,d,e,f);
+ T1 = X[3] = PULL64(W[3]); ROUND_00_15(3,f,g,h,a,b,c,d,e);
+ T1 = X[4] = PULL64(W[4]); ROUND_00_15(4,e,f,g,h,a,b,c,d);
+ T1 = X[5] = PULL64(W[5]); ROUND_00_15(5,d,e,f,g,h,a,b,c);
+ T1 = X[6] = PULL64(W[6]); ROUND_00_15(6,c,d,e,f,g,h,a,b);
+ T1 = X[7] = PULL64(W[7]); ROUND_00_15(7,b,c,d,e,f,g,h,a);
+ T1 = X[8] = PULL64(W[8]); ROUND_00_15(8,a,b,c,d,e,f,g,h);
+ T1 = X[9] = PULL64(W[9]); ROUND_00_15(9,h,a,b,c,d,e,f,g);
+ T1 = X[10] = PULL64(W[10]); ROUND_00_15(10,g,h,a,b,c,d,e,f);
+ T1 = X[11] = PULL64(W[11]); ROUND_00_15(11,f,g,h,a,b,c,d,e);
+ T1 = X[12] = PULL64(W[12]); ROUND_00_15(12,e,f,g,h,a,b,c,d);
+ T1 = X[13] = PULL64(W[13]); ROUND_00_15(13,d,e,f,g,h,a,b,c);
+ T1 = X[14] = PULL64(W[14]); ROUND_00_15(14,c,d,e,f,g,h,a,b);
+ T1 = X[15] = PULL64(W[15]); ROUND_00_15(15,b,c,d,e,f,g,h,a);
+#endif
+
+ for (i=16;i<80;i+=8)
+ {
+ ROUND_16_80(i+0,a,b,c,d,e,f,g,h,X);
+ ROUND_16_80(i+1,h,a,b,c,d,e,f,g,X);
+ ROUND_16_80(i+2,g,h,a,b,c,d,e,f,X);
+ ROUND_16_80(i+3,f,g,h,a,b,c,d,e,X);
+ ROUND_16_80(i+4,e,f,g,h,a,b,c,d,X);
+ ROUND_16_80(i+5,d,e,f,g,h,a,b,c,X);
+ ROUND_16_80(i+6,c,d,e,f,g,h,a,b,X);
+ ROUND_16_80(i+7,b,c,d,e,f,g,h,a,X);
+ }
+
+ ctx->h[0] += a; ctx->h[1] += b; ctx->h[2] += c; ctx->h[3] += d;
+ ctx->h[4] += e; ctx->h[5] += f; ctx->h[6] += g; ctx->h[7] += h;
+
+ }
+ }
+
+#endif
diff --git a/crypto/sha/sha512t.c b/crypto/sha/sha512t.c
new file mode 100644
index 0000000..8d2c760
--- /dev/null
+++ b/crypto/sha/sha512t.c
@@ -0,0 +1,150 @@
+/* crypto/sha/sha512t.c */
+/* ====================================================================
+ * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
+ * ====================================================================
+ */
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+
+#include <openssl/sha.h>
+
+unsigned char app_c1[SHA512_DIGEST_LENGTH] = {
+ 0xdd,0xaf,0x35,0xa1,0x93,0x61,0x7a,0xba,
+ 0xcc,0x41,0x73,0x49,0xae,0x20,0x41,0x31,
+ 0x12,0xe6,0xfa,0x4e,0x89,0xa9,0x7e,0xa2,
+ 0x0a,0x9e,0xee,0xe6,0x4b,0x55,0xd3,0x9a,
+ 0x21,0x92,0x99,0x2a,0x27,0x4f,0xc1,0xa8,
+ 0x36,0xba,0x3c,0x23,0xa3,0xfe,0xeb,0xbd,
+ 0x45,0x4d,0x44,0x23,0x64,0x3c,0xe8,0x0e,
+ 0x2a,0x9a,0xc9,0x4f,0xa5,0x4c,0xa4,0x9f };
+
+unsigned char app_c2[SHA512_DIGEST_LENGTH] = {
+ 0x8e,0x95,0x9b,0x75,0xda,0xe3,0x13,0xda,
+ 0x8c,0xf4,0xf7,0x28,0x14,0xfc,0x14,0x3f,
+ 0x8f,0x77,0x79,0xc6,0xeb,0x9f,0x7f,0xa1,
+ 0x72,0x99,0xae,0xad,0xb6,0x88,0x90,0x18,
+ 0x50,0x1d,0x28,0x9e,0x49,0x00,0xf7,0xe4,
+ 0x33,0x1b,0x99,0xde,0xc4,0xb5,0x43,0x3a,
+ 0xc7,0xd3,0x29,0xee,0xb6,0xdd,0x26,0x54,
+ 0x5e,0x96,0xe5,0x5b,0x87,0x4b,0xe9,0x09 };
+
+unsigned char app_c3[SHA512_DIGEST_LENGTH] = {
+ 0xe7,0x18,0x48,0x3d,0x0c,0xe7,0x69,0x64,
+ 0x4e,0x2e,0x42,0xc7,0xbc,0x15,0xb4,0x63,
+ 0x8e,0x1f,0x98,0xb1,0x3b,0x20,0x44,0x28,
+ 0x56,0x32,0xa8,0x03,0xaf,0xa9,0x73,0xeb,
+ 0xde,0x0f,0xf2,0x44,0x87,0x7e,0xa6,0x0a,
+ 0x4c,0xb0,0x43,0x2c,0xe5,0x77,0xc3,0x1b,
+ 0xeb,0x00,0x9c,0x5c,0x2c,0x49,0xaa,0x2e,
+ 0x4e,0xad,0xb2,0x17,0xad,0x8c,0xc0,0x9b };
+
+unsigned char app_d1[SHA384_DIGEST_LENGTH] = {
+ 0xcb,0x00,0x75,0x3f,0x45,0xa3,0x5e,0x8b,
+ 0xb5,0xa0,0x3d,0x69,0x9a,0xc6,0x50,0x07,
+ 0x27,0x2c,0x32,0xab,0x0e,0xde,0xd1,0x63,
+ 0x1a,0x8b,0x60,0x5a,0x43,0xff,0x5b,0xed,
+ 0x80,0x86,0x07,0x2b,0xa1,0xe7,0xcc,0x23,
+ 0x58,0xba,0xec,0xa1,0x34,0xc8,0x25,0xa7 };
+
+unsigned char app_d2[SHA384_DIGEST_LENGTH] = {
+ 0x09,0x33,0x0c,0x33,0xf7,0x11,0x47,0xe8,
+ 0x3d,0x19,0x2f,0xc7,0x82,0xcd,0x1b,0x47,
+ 0x53,0x11,0x1b,0x17,0x3b,0x3b,0x05,0xd2,
+ 0x2f,0xa0,0x80,0x86,0xe3,0xb0,0xf7,0x12,
+ 0xfc,0xc7,0xc7,0x1a,0x55,0x7e,0x2d,0xb9,
+ 0x66,0xc3,0xe9,0xfa,0x91,0x74,0x60,0x39 };
+
+unsigned char app_d3[SHA384_DIGEST_LENGTH] = {
+ 0x9d,0x0e,0x18,0x09,0x71,0x64,0x74,0xcb,
+ 0x08,0x6e,0x83,0x4e,0x31,0x0a,0x4a,0x1c,
+ 0xed,0x14,0x9e,0x9c,0x00,0xf2,0x48,0x52,
+ 0x79,0x72,0xce,0xc5,0x70,0x4c,0x2a,0x5b,
+ 0x07,0xb8,0xb3,0xdc,0x38,0xec,0xc4,0xeb,
+ 0xae,0x97,0xdd,0xd8,0x7f,0x3d,0x89,0x85 };
+
+int main ()
+{ unsigned char md[SHA512_DIGEST_LENGTH];
+ int i;
+ SHA512_CTX ctx;
+
+ fprintf(stdout,"Testing SHA-512 ");
+
+ SHA512("abc",3,md);
+ if (memcmp(md,app_c1,sizeof(app_c1)))
+ { fflush(stdout);
+ fprintf(stderr,"\nTEST 1 of 3 failed.\n");
+ return 1;
+ }
+ else
+ fprintf(stdout,"."); fflush(stdout);
+
+ SHA512("abcdefgh""bcdefghi""cdefghij""defghijk"
+ "efghijkl""fghijklm""ghijklmn""hijklmno"
+ "ijklmnop""jklmnopq""klmnopqr""lmnopqrs"
+ "mnopqrst""nopqrstu",112,md);
+ if (memcmp(md,app_c2,sizeof(app_c2)))
+ { fflush(stdout);
+ fprintf(stderr,"\nTEST 2 of 3 failed.\n");
+ return 1;
+ }
+ else
+ fprintf(stdout,"."); fflush(stdout);
+
+ SHA512_Init(&ctx);
+ for (i=0;i<1000000;i+=64)
+ SHA512_Update(&ctx, "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
+ "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa",
+ (1000000-i)<64?1000000-i:64);
+ SHA512_Final(md,&ctx);
+
+ if (memcmp(md,app_c3,sizeof(app_c3)))
+ { fflush(stdout);
+ fprintf(stderr,"\nTEST 3 of 3 failed.\n");
+ return 1;
+ }
+ else
+ fprintf(stdout,"."); fflush(stdout);
+
+ fprintf(stdout," passed.\n"); fflush(stdout);
+
+ fprintf(stdout,"Testing SHA-384 ");
+
+ SHA384("abc",3,md);
+ if (memcmp(md,app_d1,sizeof(app_d1)))
+ { fflush(stdout);
+ fprintf(stderr,"\nTEST 1 of 3 failed.\n");
+ return 1;
+ }
+ else
+ fprintf(stdout,"."); fflush(stdout);
+
+ SHA384("abcdefgh""bcdefghi""cdefghij""defghijk"
+ "efghijkl""fghijklm""ghijklmn""hijklmno"
+ "ijklmnop""jklmnopq""klmnopqr""lmnopqrs"
+ "mnopqrst""nopqrstu",112,md);
+ if (memcmp(md,app_d2,sizeof(app_d2)))
+ { fflush(stdout);
+ fprintf(stderr,"\nTEST 2 of 3 failed.\n");
+ return 1;
+ }
+ else
+ fprintf(stdout,"."); fflush(stdout);
+
+ SHA384_Init(&ctx);
+ for (i=0;i<1000000;i+=64)
+ SHA512_Update(&ctx, "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
+ "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa",
+ (1000000-i)<64?1000000-i:64);
+ SHA384_Final(md,&ctx);
+
+ if (memcmp(md,app_d3,sizeof(app_d3)))
+ { fflush(stdout);
+ fprintf(stderr,"\nTEST 3 of 3 failed.\n");
+ return 1;
+ }
+ else
+ fprintf(stdout,"."); fflush(stdout);
+
+ fprintf(stdout," passed.\n"); fflush(stdout);
+}
