/src/openssl/crypto/whrlpool/wp_block.c

Line	Count	Source
1		/*
2		* Copyright 2005-2021 The OpenSSL Project Authors. All Rights Reserved.
3		*
4		* Licensed under the Apache License 2.0 (the "License"). You may not use
5		* this file except in compliance with the License. You can obtain a copy
6		* in the file LICENSE in the source distribution or at
7		* https://www.openssl.org/source/license.html
8		*/
9
10		/**
11		* The Whirlpool hashing function.
12		*
13		* See
14		* P.S.L.M. Barreto, V. Rijmen,
15		* ``The Whirlpool hashing function,''
16		* NESSIE submission, 2000 (tweaked version, 2001),
17		* <https://www.cosic.esat.kuleuven.ac.be/nessie/workshop/submissions/whirlpool.zip>
18		*
19		* Based on "@version 3.0 (2003.03.12)" by Paulo S.L.M. Barreto and
20		* Vincent Rijmen. Lookup "reference implementations" on
21		* <http://planeta.terra.com.br/informatica/paulobarreto/>
22		*
23		* =============================================================================
24		*
25		* THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS
26		* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
27		* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
28		* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE
29		* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
30		* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
31		* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
32		* BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
33		* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
34		* OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
35		* EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36		*
37		*/
38
39		/*
40		* Whirlpool low level APIs are deprecated for public use, but still ok for
41		* internal use.
42		*/
43		#include "internal/deprecated.h"
44
45		#include "internal/cryptlib.h"
46		#include "wp_local.h"
47		#include <stdint.h>
48		#include <string.h>
49
50	0	#define ROUNDS 10
51
52		#define STRICT_ALIGNMENT
53		#if !defined(PEDANTIC) && (defined(__i386) \|\| defined(__i386__) \|\| defined(__x86_64) \|\| defined(__x86_64__) \|\| defined(_M_IX86) \|\| defined(_M_AMD64) \|\| defined(_M_X64))
54		/*
55		* Well, formally there're couple of other architectures, which permit
56		* unaligned loads, specifically those not crossing cache lines, IA-64 and
57		* PowerPC...
58		*/
59		#undef STRICT_ALIGNMENT
60		#endif
61
62		#ifndef STRICT_ALIGNMENT
63		#ifdef __GNUC__
64		typedef uint64_t u64_a1 __attribute((__aligned__(1)));
65		#else
66		typedef uint64_t u64_a1;
67		#endif
68		#endif
69
70		#if defined(__GNUC__) && !defined(STRICT_ALIGNMENT)
71		typedef uint64_t u64_aX __attribute((__aligned__(1)));
72		#else
73		typedef uint64_t u64_aX;
74		#endif
75
76		#undef SMALL_REGISTER_BANK
77		#if defined(__i386) \|\| defined(__i386__) \|\| defined(_M_IX86)
78		#define SMALL_REGISTER_BANK
79		#if defined(WHIRLPOOL_ASM)
80		#ifndef OPENSSL_SMALL_FOOTPRINT
81		/*
82		* it appears that for elder non-MMX
83		* CPUs this is actually faster!
84		*/
85		#define OPENSSL_SMALL_FOOTPRINT
86		#endif
87		#define GO_FOR_MMX(ctx, inp, num) \
88		do { \
89		void whirlpool_block_mmx(void , const void , size_t); \
90		if (!(OPENSSL_ia32cap_P[0] & (1 << 23))) \
91		break; \
92		whirlpool_block_mmx(ctx->H.c, inp, num); \
93		return; \
94		} while (0)
95		#endif
96		#endif
97
98		#undef ROTATE
99		#ifndef PEDANTIC
100		#if defined(_MSC_VER)
101		#if defined(_WIN64) /* applies to both IA-64 and AMD64 */
102		#include <stdlib.h>
103		#pragma intrinsic(_rotl64)
104		#define ROTATE(a, n) _rotl64((a), n)
105		#endif
106		#elif defined(__GNUC__) && __GNUC__ >= 2
107		#if defined(__x86_64) \|\| defined(__x86_64__)
108		#if defined(L_ENDIAN)
109		#define ROTATE(a, n) ({ uint64_t ret; asm ("rolq %1,%0" \
110		: "=r"(ret) : "J"(n),"0"(a) : "cc"); ret; })
111		#elif defined(B_ENDIAN)
112		/*
113		* Most will argue that x86_64 is always little-endian. Well, yes, but
114		* then we have stratus.com who has modified gcc to "emulate"
115		* big-endian on x86. Is there evidence that they [or somebody else]
116		* won't do same for x86_64? Naturally no. And this line is waiting
117		* ready for that brave soul:-)
118		*/
119		#define ROTATE(a, n) ({ uint64_t ret; asm ("rorq %1,%0" \
120		: "=r"(ret) : "J"(n),"0"(a) : "cc"); ret; })
121		#endif
122		#elif defined(__ia64) \|\| defined(__ia64__)
123		#if defined(L_ENDIAN)
124		#define ROTATE(a, n) ({ uint64_t ret; asm ("shrp %0=%1,%1,%2" \
125		: "=r"(ret) : "r"(a),"M"(64-(n))); ret; })
126		#elif defined(B_ENDIAN)
127		#define ROTATE(a, n) ({ uint64_t ret; asm ("shrp %0=%1,%1,%2" \
128		: "=r"(ret) : "r"(a),"M"(n)); ret; })
129		#endif
130		#endif
131		#endif
132		#endif
133
134		#if defined(OPENSSL_SMALL_FOOTPRINT)
135		#if !defined(ROTATE)
136		#if defined(L_ENDIAN) /* little-endians have to rotate left */
137		#define ROTATE(i, n) ((i) << (n) ^ (i) >> (64 - n))
138		#elif defined(B_ENDIAN) /* big-endians have to rotate right */
139		#define ROTATE(i, n) ((i) >> (n) ^ (i) << (64 - n))
140		#endif
141		#endif
142		#if defined(ROTATE) && !defined(STRICT_ALIGNMENT)
143		#define STRICT_ALIGNMENT /* ensure smallest table size */
144		#endif
145		#endif
146
147		/*
148		* Table size depends on STRICT_ALIGNMENT and whether or not endian-
149		* specific ROTATE macro is defined. If STRICT_ALIGNMENT is not
150		* defined, which is normally the case on x86[_64] CPUs, the table is
151		* 4KB large unconditionally. Otherwise if ROTATE is defined, the
152		* table is 2KB large, and otherwise - 16KB. 2KB table requires a
153		* whole bunch of additional rotations, but I'm willing to "trade,"
154		* because 16KB table certainly trashes L1 cache. I wish all CPUs
155		* could handle unaligned load as 4KB table doesn't trash the cache,
156		* nor does it require additional rotations.
157		*/
158		/*
159		* Note that every Cn macro expands as two loads: one byte load and
160		* one quadword load. One can argue that many single-byte loads
161		* is too excessive, as one could load a quadword and "milk" it for
162		* eight 8-bit values instead. Well, yes, but in order to do so and
163		* avoid excessive loads you have to accommodate a handful of 64-bit
164		* values in the register bank and issue a bunch of shifts and mask.
165		* It's a tradeoff: loads vs. shift and mask in big register bank[!].
166		* On most CPUs eight single-byte loads are faster and I let other
167		* ones to depend on smart compiler to fold byte loads if beneficial.
168		* Hand-coded assembler would be another alternative:-)
169		*/
170		#ifdef STRICT_ALIGNMENT
171		#if defined(ROTATE)
172		#define N 1
173		#define LL(c0, c1, c2, c3, c4, c5, c6, c7) c0, c1, c2, c3, c4, c5, c6, c7
174		#define C0(K, i) (Cx.q[K.c[(i) * 8 + 0]])
175		#define C1(K, i) ROTATE(Cx.q[K.c[(i) * 8 + 1]], 8)
176		#define C2(K, i) ROTATE(Cx.q[K.c[(i) * 8 + 2]], 16)
177		#define C3(K, i) ROTATE(Cx.q[K.c[(i) * 8 + 3]], 24)
178		#define C4(K, i) ROTATE(Cx.q[K.c[(i) * 8 + 4]], 32)
179		#define C5(K, i) ROTATE(Cx.q[K.c[(i) * 8 + 5]], 40)
180		#define C6(K, i) ROTATE(Cx.q[K.c[(i) * 8 + 6]], 48)
181		#define C7(K, i) ROTATE(Cx.q[K.c[(i) * 8 + 7]], 56)
182		#else
183		#define N 8
184		#define LL(c0, c1, c2, c3, c4, c5, c6, c7) c0, c1, c2, c3, c4, c5, c6, c7, \
185		c7, c0, c1, c2, c3, c4, c5, c6, \
186		c6, c7, c0, c1, c2, c3, c4, c5, \
187		c5, c6, c7, c0, c1, c2, c3, c4, \
188		c4, c5, c6, c7, c0, c1, c2, c3, \
189		c3, c4, c5, c6, c7, c0, c1, c2, \
190		c2, c3, c4, c5, c6, c7, c0, c1, \
191		c1, c2, c3, c4, c5, c6, c7, c0
192		#define C0(K, i) (Cx.q[0 + 8 * K.c[(i) * 8 + 0]])
193		#define C1(K, i) (Cx.q[1 + 8 * K.c[(i) * 8 + 1]])
194		#define C2(K, i) (Cx.q[2 + 8 * K.c[(i) * 8 + 2]])
195		#define C3(K, i) (Cx.q[3 + 8 * K.c[(i) * 8 + 3]])
196		#define C4(K, i) (Cx.q[4 + 8 * K.c[(i) * 8 + 4]])
197		#define C5(K, i) (Cx.q[5 + 8 * K.c[(i) * 8 + 5]])
198		#define C6(K, i) (Cx.q[6 + 8 * K.c[(i) * 8 + 6]])
199		#define C7(K, i) (Cx.q[7 + 8 * K.c[(i) * 8 + 7]])
200		#endif
201		#else
202	0	#define N 2
203		#define LL(c0, c1, c2, c3, c4, c5, c6, c7) c0, c1, c2, c3, c4, c5, c6, c7, \
204		c0, c1, c2, c3, c4, c5, c6, c7
205	0	#define C0(K, i) (((uint64_t )(Cx.c + 0))[2 K.c[(i) * 8 + 0]])
206	0	#define C1(K, i) (((u64_a1 )(Cx.c + 7))[2 K.c[(i) * 8 + 1]])
207	0	#define C2(K, i) (((u64_a1 )(Cx.c + 6))[2 K.c[(i) * 8 + 2]])
208	0	#define C3(K, i) (((u64_a1 )(Cx.c + 5))[2 K.c[(i) * 8 + 3]])
209	0	#define C4(K, i) (((u64_a1 )(Cx.c + 4))[2 K.c[(i) * 8 + 4]])
210	0	#define C5(K, i) (((u64_a1 )(Cx.c + 3))[2 K.c[(i) * 8 + 5]])
211	0	#define C6(K, i) (((u64_a1 )(Cx.c + 2))[2 K.c[(i) * 8 + 6]])
212	0	#define C7(K, i) (((u64_a1 )(Cx.c + 1))[2 K.c[(i) * 8 + 7]])
213		#endif
214
215		static const union {
216		uint8_t c[(256 * N + ROUNDS) * sizeof(uint64_t)];
217		uint64_t q[(256 * N + ROUNDS)];
218		} Cx = {
219		{ /* Note endian-neutral representation:-) */
220		LL(0x18, 0x18, 0x60, 0x18, 0xc0, 0x78, 0x30, 0xd8),
221		LL(0x23, 0x23, 0x8c, 0x23, 0x05, 0xaf, 0x46, 0x26),
222		LL(0xc6, 0xc6, 0x3f, 0xc6, 0x7e, 0xf9, 0x91, 0xb8),
223		LL(0xe8, 0xe8, 0x87, 0xe8, 0x13, 0x6f, 0xcd, 0xfb),
224		LL(0x87, 0x87, 0x26, 0x87, 0x4c, 0xa1, 0x13, 0xcb),
225		LL(0xb8, 0xb8, 0xda, 0xb8, 0xa9, 0x62, 0x6d, 0x11),
226		LL(0x01, 0x01, 0x04, 0x01, 0x08, 0x05, 0x02, 0x09),
227		LL(0x4f, 0x4f, 0x21, 0x4f, 0x42, 0x6e, 0x9e, 0x0d),
228		LL(0x36, 0x36, 0xd8, 0x36, 0xad, 0xee, 0x6c, 0x9b),
229		LL(0xa6, 0xa6, 0xa2, 0xa6, 0x59, 0x04, 0x51, 0xff),
230		LL(0xd2, 0xd2, 0x6f, 0xd2, 0xde, 0xbd, 0xb9, 0x0c),
231		LL(0xf5, 0xf5, 0xf3, 0xf5, 0xfb, 0x06, 0xf7, 0x0e),
232		LL(0x79, 0x79, 0xf9, 0x79, 0xef, 0x80, 0xf2, 0x96),
233		LL(0x6f, 0x6f, 0xa1, 0x6f, 0x5f, 0xce, 0xde, 0x30),
234		LL(0x91, 0x91, 0x7e, 0x91, 0xfc, 0xef, 0x3f, 0x6d),
235		LL(0x52, 0x52, 0x55, 0x52, 0xaa, 0x07, 0xa4, 0xf8),
236		LL(0x60, 0x60, 0x9d, 0x60, 0x27, 0xfd, 0xc0, 0x47),
237		LL(0xbc, 0xbc, 0xca, 0xbc, 0x89, 0x76, 0x65, 0x35),
238		LL(0x9b, 0x9b, 0x56, 0x9b, 0xac, 0xcd, 0x2b, 0x37),
239		LL(0x8e, 0x8e, 0x02, 0x8e, 0x04, 0x8c, 0x01, 0x8a),
240		LL(0xa3, 0xa3, 0xb6, 0xa3, 0x71, 0x15, 0x5b, 0xd2),
241		LL(0x0c, 0x0c, 0x30, 0x0c, 0x60, 0x3c, 0x18, 0x6c),
242		LL(0x7b, 0x7b, 0xf1, 0x7b, 0xff, 0x8a, 0xf6, 0x84),
243		LL(0x35, 0x35, 0xd4, 0x35, 0xb5, 0xe1, 0x6a, 0x80),
244		LL(0x1d, 0x1d, 0x74, 0x1d, 0xe8, 0x69, 0x3a, 0xf5),
245		LL(0xe0, 0xe0, 0xa7, 0xe0, 0x53, 0x47, 0xdd, 0xb3),
246		LL(0xd7, 0xd7, 0x7b, 0xd7, 0xf6, 0xac, 0xb3, 0x21),
247		LL(0xc2, 0xc2, 0x2f, 0xc2, 0x5e, 0xed, 0x99, 0x9c),
248		LL(0x2e, 0x2e, 0xb8, 0x2e, 0x6d, 0x96, 0x5c, 0x43),
249		LL(0x4b, 0x4b, 0x31, 0x4b, 0x62, 0x7a, 0x96, 0x29),
250		LL(0xfe, 0xfe, 0xdf, 0xfe, 0xa3, 0x21, 0xe1, 0x5d),
251		LL(0x57, 0x57, 0x41, 0x57, 0x82, 0x16, 0xae, 0xd5),
252		LL(0x15, 0x15, 0x54, 0x15, 0xa8, 0x41, 0x2a, 0xbd),
253		LL(0x77, 0x77, 0xc1, 0x77, 0x9f, 0xb6, 0xee, 0xe8),
254		LL(0x37, 0x37, 0xdc, 0x37, 0xa5, 0xeb, 0x6e, 0x92),
255		LL(0xe5, 0xe5, 0xb3, 0xe5, 0x7b, 0x56, 0xd7, 0x9e),
256		LL(0x9f, 0x9f, 0x46, 0x9f, 0x8c, 0xd9, 0x23, 0x13),
257		LL(0xf0, 0xf0, 0xe7, 0xf0, 0xd3, 0x17, 0xfd, 0x23),
258		LL(0x4a, 0x4a, 0x35, 0x4a, 0x6a, 0x7f, 0x94, 0x20),
259		LL(0xda, 0xda, 0x4f, 0xda, 0x9e, 0x95, 0xa9, 0x44),
260		LL(0x58, 0x58, 0x7d, 0x58, 0xfa, 0x25, 0xb0, 0xa2),
261		LL(0xc9, 0xc9, 0x03, 0xc9, 0x06, 0xca, 0x8f, 0xcf),
262		LL(0x29, 0x29, 0xa4, 0x29, 0x55, 0x8d, 0x52, 0x7c),
263		LL(0x0a, 0x0a, 0x28, 0x0a, 0x50, 0x22, 0x14, 0x5a),
264		LL(0xb1, 0xb1, 0xfe, 0xb1, 0xe1, 0x4f, 0x7f, 0x50),
265		LL(0xa0, 0xa0, 0xba, 0xa0, 0x69, 0x1a, 0x5d, 0xc9),
266		LL(0x6b, 0x6b, 0xb1, 0x6b, 0x7f, 0xda, 0xd6, 0x14),
267		LL(0x85, 0x85, 0x2e, 0x85, 0x5c, 0xab, 0x17, 0xd9),
268		LL(0xbd, 0xbd, 0xce, 0xbd, 0x81, 0x73, 0x67, 0x3c),
269		LL(0x5d, 0x5d, 0x69, 0x5d, 0xd2, 0x34, 0xba, 0x8f),
270		LL(0x10, 0x10, 0x40, 0x10, 0x80, 0x50, 0x20, 0x90),
271		LL(0xf4, 0xf4, 0xf7, 0xf4, 0xf3, 0x03, 0xf5, 0x07),
272		LL(0xcb, 0xcb, 0x0b, 0xcb, 0x16, 0xc0, 0x8b, 0xdd),
273		LL(0x3e, 0x3e, 0xf8, 0x3e, 0xed, 0xc6, 0x7c, 0xd3),
274		LL(0x05, 0x05, 0x14, 0x05, 0x28, 0x11, 0x0a, 0x2d),
275		LL(0x67, 0x67, 0x81, 0x67, 0x1f, 0xe6, 0xce, 0x78),
276		LL(0xe4, 0xe4, 0xb7, 0xe4, 0x73, 0x53, 0xd5, 0x97),
277		LL(0x27, 0x27, 0x9c, 0x27, 0x25, 0xbb, 0x4e, 0x02),
278		LL(0x41, 0x41, 0x19, 0x41, 0x32, 0x58, 0x82, 0x73),
279		LL(0x8b, 0x8b, 0x16, 0x8b, 0x2c, 0x9d, 0x0b, 0xa7),
280		LL(0xa7, 0xa7, 0xa6, 0xa7, 0x51, 0x01, 0x53, 0xf6),
281		LL(0x7d, 0x7d, 0xe9, 0x7d, 0xcf, 0x94, 0xfa, 0xb2),
282		LL(0x95, 0x95, 0x6e, 0x95, 0xdc, 0xfb, 0x37, 0x49),
283		LL(0xd8, 0xd8, 0x47, 0xd8, 0x8e, 0x9f, 0xad, 0x56),
284		LL(0xfb, 0xfb, 0xcb, 0xfb, 0x8b, 0x30, 0xeb, 0x70),
285		LL(0xee, 0xee, 0x9f, 0xee, 0x23, 0x71, 0xc1, 0xcd),
286		LL(0x7c, 0x7c, 0xed, 0x7c, 0xc7, 0x91, 0xf8, 0xbb),
287		LL(0x66, 0x66, 0x85, 0x66, 0x17, 0xe3, 0xcc, 0x71),
288		LL(0xdd, 0xdd, 0x53, 0xdd, 0xa6, 0x8e, 0xa7, 0x7b),
289		LL(0x17, 0x17, 0x5c, 0x17, 0xb8, 0x4b, 0x2e, 0xaf),
290		LL(0x47, 0x47, 0x01, 0x47, 0x02, 0x46, 0x8e, 0x45),
291		LL(0x9e, 0x9e, 0x42, 0x9e, 0x84, 0xdc, 0x21, 0x1a),
292		LL(0xca, 0xca, 0x0f, 0xca, 0x1e, 0xc5, 0x89, 0xd4),
293		LL(0x2d, 0x2d, 0xb4, 0x2d, 0x75, 0x99, 0x5a, 0x58),
294		LL(0xbf, 0xbf, 0xc6, 0xbf, 0x91, 0x79, 0x63, 0x2e),
295		LL(0x07, 0x07, 0x1c, 0x07, 0x38, 0x1b, 0x0e, 0x3f),
296		LL(0xad, 0xad, 0x8e, 0xad, 0x01, 0x23, 0x47, 0xac),
297		LL(0x5a, 0x5a, 0x75, 0x5a, 0xea, 0x2f, 0xb4, 0xb0),
298		LL(0x83, 0x83, 0x36, 0x83, 0x6c, 0xb5, 0x1b, 0xef),
299		LL(0x33, 0x33, 0xcc, 0x33, 0x85, 0xff, 0x66, 0xb6),
300		LL(0x63, 0x63, 0x91, 0x63, 0x3f, 0xf2, 0xc6, 0x5c),
301		LL(0x02, 0x02, 0x08, 0x02, 0x10, 0x0a, 0x04, 0x12),
302		LL(0xaa, 0xaa, 0x92, 0xaa, 0x39, 0x38, 0x49, 0x93),
303		LL(0x71, 0x71, 0xd9, 0x71, 0xaf, 0xa8, 0xe2, 0xde),
304		LL(0xc8, 0xc8, 0x07, 0xc8, 0x0e, 0xcf, 0x8d, 0xc6),
305		LL(0x19, 0x19, 0x64, 0x19, 0xc8, 0x7d, 0x32, 0xd1),
306		LL(0x49, 0x49, 0x39, 0x49, 0x72, 0x70, 0x92, 0x3b),
307		LL(0xd9, 0xd9, 0x43, 0xd9, 0x86, 0x9a, 0xaf, 0x5f),
308		LL(0xf2, 0xf2, 0xef, 0xf2, 0xc3, 0x1d, 0xf9, 0x31),
309		LL(0xe3, 0xe3, 0xab, 0xe3, 0x4b, 0x48, 0xdb, 0xa8),
310		LL(0x5b, 0x5b, 0x71, 0x5b, 0xe2, 0x2a, 0xb6, 0xb9),
311		LL(0x88, 0x88, 0x1a, 0x88, 0x34, 0x92, 0x0d, 0xbc),
312		LL(0x9a, 0x9a, 0x52, 0x9a, 0xa4, 0xc8, 0x29, 0x3e),
313		LL(0x26, 0x26, 0x98, 0x26, 0x2d, 0xbe, 0x4c, 0x0b),
314		LL(0x32, 0x32, 0xc8, 0x32, 0x8d, 0xfa, 0x64, 0xbf),
315		LL(0xb0, 0xb0, 0xfa, 0xb0, 0xe9, 0x4a, 0x7d, 0x59),
316		LL(0xe9, 0xe9, 0x83, 0xe9, 0x1b, 0x6a, 0xcf, 0xf2),
317		LL(0x0f, 0x0f, 0x3c, 0x0f, 0x78, 0x33, 0x1e, 0x77),
318		LL(0xd5, 0xd5, 0x73, 0xd5, 0xe6, 0xa6, 0xb7, 0x33),
319		LL(0x80, 0x80, 0x3a, 0x80, 0x74, 0xba, 0x1d, 0xf4),
320		LL(0xbe, 0xbe, 0xc2, 0xbe, 0x99, 0x7c, 0x61, 0x27),
321		LL(0xcd, 0xcd, 0x13, 0xcd, 0x26, 0xde, 0x87, 0xeb),
322		LL(0x34, 0x34, 0xd0, 0x34, 0xbd, 0xe4, 0x68, 0x89),
323		LL(0x48, 0x48, 0x3d, 0x48, 0x7a, 0x75, 0x90, 0x32),
324		LL(0xff, 0xff, 0xdb, 0xff, 0xab, 0x24, 0xe3, 0x54),
325		LL(0x7a, 0x7a, 0xf5, 0x7a, 0xf7, 0x8f, 0xf4, 0x8d),
326		LL(0x90, 0x90, 0x7a, 0x90, 0xf4, 0xea, 0x3d, 0x64),
327		LL(0x5f, 0x5f, 0x61, 0x5f, 0xc2, 0x3e, 0xbe, 0x9d),
328		LL(0x20, 0x20, 0x80, 0x20, 0x1d, 0xa0, 0x40, 0x3d),
329		LL(0x68, 0x68, 0xbd, 0x68, 0x67, 0xd5, 0xd0, 0x0f),
330		LL(0x1a, 0x1a, 0x68, 0x1a, 0xd0, 0x72, 0x34, 0xca),
331		LL(0xae, 0xae, 0x82, 0xae, 0x19, 0x2c, 0x41, 0xb7),
332		LL(0xb4, 0xb4, 0xea, 0xb4, 0xc9, 0x5e, 0x75, 0x7d),
333		LL(0x54, 0x54, 0x4d, 0x54, 0x9a, 0x19, 0xa8, 0xce),
334		LL(0x93, 0x93, 0x76, 0x93, 0xec, 0xe5, 0x3b, 0x7f),
335		LL(0x22, 0x22, 0x88, 0x22, 0x0d, 0xaa, 0x44, 0x2f),
336		LL(0x64, 0x64, 0x8d, 0x64, 0x07, 0xe9, 0xc8, 0x63),
337		LL(0xf1, 0xf1, 0xe3, 0xf1, 0xdb, 0x12, 0xff, 0x2a),
338		LL(0x73, 0x73, 0xd1, 0x73, 0xbf, 0xa2, 0xe6, 0xcc),
339		LL(0x12, 0x12, 0x48, 0x12, 0x90, 0x5a, 0x24, 0x82),
340		LL(0x40, 0x40, 0x1d, 0x40, 0x3a, 0x5d, 0x80, 0x7a),
341		LL(0x08, 0x08, 0x20, 0x08, 0x40, 0x28, 0x10, 0x48),
342		LL(0xc3, 0xc3, 0x2b, 0xc3, 0x56, 0xe8, 0x9b, 0x95),
343		LL(0xec, 0xec, 0x97, 0xec, 0x33, 0x7b, 0xc5, 0xdf),
344		LL(0xdb, 0xdb, 0x4b, 0xdb, 0x96, 0x90, 0xab, 0x4d),
345		LL(0xa1, 0xa1, 0xbe, 0xa1, 0x61, 0x1f, 0x5f, 0xc0),
346		LL(0x8d, 0x8d, 0x0e, 0x8d, 0x1c, 0x83, 0x07, 0x91),
347		LL(0x3d, 0x3d, 0xf4, 0x3d, 0xf5, 0xc9, 0x7a, 0xc8),
348		LL(0x97, 0x97, 0x66, 0x97, 0xcc, 0xf1, 0x33, 0x5b),
349		LL(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
350		LL(0xcf, 0xcf, 0x1b, 0xcf, 0x36, 0xd4, 0x83, 0xf9),
351		LL(0x2b, 0x2b, 0xac, 0x2b, 0x45, 0x87, 0x56, 0x6e),
352		LL(0x76, 0x76, 0xc5, 0x76, 0x97, 0xb3, 0xec, 0xe1),
353		LL(0x82, 0x82, 0x32, 0x82, 0x64, 0xb0, 0x19, 0xe6),
354		LL(0xd6, 0xd6, 0x7f, 0xd6, 0xfe, 0xa9, 0xb1, 0x28),
355		LL(0x1b, 0x1b, 0x6c, 0x1b, 0xd8, 0x77, 0x36, 0xc3),
356		LL(0xb5, 0xb5, 0xee, 0xb5, 0xc1, 0x5b, 0x77, 0x74),
357		LL(0xaf, 0xaf, 0x86, 0xaf, 0x11, 0x29, 0x43, 0xbe),
358		LL(0x6a, 0x6a, 0xb5, 0x6a, 0x77, 0xdf, 0xd4, 0x1d),
359		LL(0x50, 0x50, 0x5d, 0x50, 0xba, 0x0d, 0xa0, 0xea),
360		LL(0x45, 0x45, 0x09, 0x45, 0x12, 0x4c, 0x8a, 0x57),
361		LL(0xf3, 0xf3, 0xeb, 0xf3, 0xcb, 0x18, 0xfb, 0x38),
362		LL(0x30, 0x30, 0xc0, 0x30, 0x9d, 0xf0, 0x60, 0xad),
363		LL(0xef, 0xef, 0x9b, 0xef, 0x2b, 0x74, 0xc3, 0xc4),
364		LL(0x3f, 0x3f, 0xfc, 0x3f, 0xe5, 0xc3, 0x7e, 0xda),
365		LL(0x55, 0x55, 0x49, 0x55, 0x92, 0x1c, 0xaa, 0xc7),
366		LL(0xa2, 0xa2, 0xb2, 0xa2, 0x79, 0x10, 0x59, 0xdb),
367		LL(0xea, 0xea, 0x8f, 0xea, 0x03, 0x65, 0xc9, 0xe9),
368		LL(0x65, 0x65, 0x89, 0x65, 0x0f, 0xec, 0xca, 0x6a),
369		LL(0xba, 0xba, 0xd2, 0xba, 0xb9, 0x68, 0x69, 0x03),
370		LL(0x2f, 0x2f, 0xbc, 0x2f, 0x65, 0x93, 0x5e, 0x4a),
371		LL(0xc0, 0xc0, 0x27, 0xc0, 0x4e, 0xe7, 0x9d, 0x8e),
372		LL(0xde, 0xde, 0x5f, 0xde, 0xbe, 0x81, 0xa1, 0x60),
373		LL(0x1c, 0x1c, 0x70, 0x1c, 0xe0, 0x6c, 0x38, 0xfc),
374		LL(0xfd, 0xfd, 0xd3, 0xfd, 0xbb, 0x2e, 0xe7, 0x46),
375		LL(0x4d, 0x4d, 0x29, 0x4d, 0x52, 0x64, 0x9a, 0x1f),
376		LL(0x92, 0x92, 0x72, 0x92, 0xe4, 0xe0, 0x39, 0x76),
377		LL(0x75, 0x75, 0xc9, 0x75, 0x8f, 0xbc, 0xea, 0xfa),
378		LL(0x06, 0x06, 0x18, 0x06, 0x30, 0x1e, 0x0c, 0x36),
379		LL(0x8a, 0x8a, 0x12, 0x8a, 0x24, 0x98, 0x09, 0xae),
380		LL(0xb2, 0xb2, 0xf2, 0xb2, 0xf9, 0x40, 0x79, 0x4b),
381		LL(0xe6, 0xe6, 0xbf, 0xe6, 0x63, 0x59, 0xd1, 0x85),
382		LL(0x0e, 0x0e, 0x38, 0x0e, 0x70, 0x36, 0x1c, 0x7e),
383		LL(0x1f, 0x1f, 0x7c, 0x1f, 0xf8, 0x63, 0x3e, 0xe7),
384		LL(0x62, 0x62, 0x95, 0x62, 0x37, 0xf7, 0xc4, 0x55),
385		LL(0xd4, 0xd4, 0x77, 0xd4, 0xee, 0xa3, 0xb5, 0x3a),
386		LL(0xa8, 0xa8, 0x9a, 0xa8, 0x29, 0x32, 0x4d, 0x81),
387		LL(0x96, 0x96, 0x62, 0x96, 0xc4, 0xf4, 0x31, 0x52),
388		LL(0xf9, 0xf9, 0xc3, 0xf9, 0x9b, 0x3a, 0xef, 0x62),
389		LL(0xc5, 0xc5, 0x33, 0xc5, 0x66, 0xf6, 0x97, 0xa3),
390		LL(0x25, 0x25, 0x94, 0x25, 0x35, 0xb1, 0x4a, 0x10),
391		LL(0x59, 0x59, 0x79, 0x59, 0xf2, 0x20, 0xb2, 0xab),
392		LL(0x84, 0x84, 0x2a, 0x84, 0x54, 0xae, 0x15, 0xd0),
393		LL(0x72, 0x72, 0xd5, 0x72, 0xb7, 0xa7, 0xe4, 0xc5),
394		LL(0x39, 0x39, 0xe4, 0x39, 0xd5, 0xdd, 0x72, 0xec),
395		LL(0x4c, 0x4c, 0x2d, 0x4c, 0x5a, 0x61, 0x98, 0x16),
396		LL(0x5e, 0x5e, 0x65, 0x5e, 0xca, 0x3b, 0xbc, 0x94),
397		LL(0x78, 0x78, 0xfd, 0x78, 0xe7, 0x85, 0xf0, 0x9f),
398		LL(0x38, 0x38, 0xe0, 0x38, 0xdd, 0xd8, 0x70, 0xe5),
399		LL(0x8c, 0x8c, 0x0a, 0x8c, 0x14, 0x86, 0x05, 0x98),
400		LL(0xd1, 0xd1, 0x63, 0xd1, 0xc6, 0xb2, 0xbf, 0x17),
401		LL(0xa5, 0xa5, 0xae, 0xa5, 0x41, 0x0b, 0x57, 0xe4),
402		LL(0xe2, 0xe2, 0xaf, 0xe2, 0x43, 0x4d, 0xd9, 0xa1),
403		LL(0x61, 0x61, 0x99, 0x61, 0x2f, 0xf8, 0xc2, 0x4e),
404		LL(0xb3, 0xb3, 0xf6, 0xb3, 0xf1, 0x45, 0x7b, 0x42),
405		LL(0x21, 0x21, 0x84, 0x21, 0x15, 0xa5, 0x42, 0x34),
406		LL(0x9c, 0x9c, 0x4a, 0x9c, 0x94, 0xd6, 0x25, 0x08),
407		LL(0x1e, 0x1e, 0x78, 0x1e, 0xf0, 0x66, 0x3c, 0xee),
408		LL(0x43, 0x43, 0x11, 0x43, 0x22, 0x52, 0x86, 0x61),
409		LL(0xc7, 0xc7, 0x3b, 0xc7, 0x76, 0xfc, 0x93, 0xb1),
410		LL(0xfc, 0xfc, 0xd7, 0xfc, 0xb3, 0x2b, 0xe5, 0x4f),
411		LL(0x04, 0x04, 0x10, 0x04, 0x20, 0x14, 0x08, 0x24),
412		LL(0x51, 0x51, 0x59, 0x51, 0xb2, 0x08, 0xa2, 0xe3),
413		LL(0x99, 0x99, 0x5e, 0x99, 0xbc, 0xc7, 0x2f, 0x25),
414		LL(0x6d, 0x6d, 0xa9, 0x6d, 0x4f, 0xc4, 0xda, 0x22),
415		LL(0x0d, 0x0d, 0x34, 0x0d, 0x68, 0x39, 0x1a, 0x65),
416		LL(0xfa, 0xfa, 0xcf, 0xfa, 0x83, 0x35, 0xe9, 0x79),
417		LL(0xdf, 0xdf, 0x5b, 0xdf, 0xb6, 0x84, 0xa3, 0x69),
418		LL(0x7e, 0x7e, 0xe5, 0x7e, 0xd7, 0x9b, 0xfc, 0xa9),
419		LL(0x24, 0x24, 0x90, 0x24, 0x3d, 0xb4, 0x48, 0x19),
420		LL(0x3b, 0x3b, 0xec, 0x3b, 0xc5, 0xd7, 0x76, 0xfe),
421		LL(0xab, 0xab, 0x96, 0xab, 0x31, 0x3d, 0x4b, 0x9a),
422		LL(0xce, 0xce, 0x1f, 0xce, 0x3e, 0xd1, 0x81, 0xf0),
423		LL(0x11, 0x11, 0x44, 0x11, 0x88, 0x55, 0x22, 0x99),
424		LL(0x8f, 0x8f, 0x06, 0x8f, 0x0c, 0x89, 0x03, 0x83),
425		LL(0x4e, 0x4e, 0x25, 0x4e, 0x4a, 0x6b, 0x9c, 0x04),
426		LL(0xb7, 0xb7, 0xe6, 0xb7, 0xd1, 0x51, 0x73, 0x66),
427		LL(0xeb, 0xeb, 0x8b, 0xeb, 0x0b, 0x60, 0xcb, 0xe0),
428		LL(0x3c, 0x3c, 0xf0, 0x3c, 0xfd, 0xcc, 0x78, 0xc1),
429		LL(0x81, 0x81, 0x3e, 0x81, 0x7c, 0xbf, 0x1f, 0xfd),
430		LL(0x94, 0x94, 0x6a, 0x94, 0xd4, 0xfe, 0x35, 0x40),
431		LL(0xf7, 0xf7, 0xfb, 0xf7, 0xeb, 0x0c, 0xf3, 0x1c),
432		LL(0xb9, 0xb9, 0xde, 0xb9, 0xa1, 0x67, 0x6f, 0x18),
433		LL(0x13, 0x13, 0x4c, 0x13, 0x98, 0x5f, 0x26, 0x8b),
434		LL(0x2c, 0x2c, 0xb0, 0x2c, 0x7d, 0x9c, 0x58, 0x51),
435		LL(0xd3, 0xd3, 0x6b, 0xd3, 0xd6, 0xb8, 0xbb, 0x05),
436		LL(0xe7, 0xe7, 0xbb, 0xe7, 0x6b, 0x5c, 0xd3, 0x8c),
437		LL(0x6e, 0x6e, 0xa5, 0x6e, 0x57, 0xcb, 0xdc, 0x39),
438		LL(0xc4, 0xc4, 0x37, 0xc4, 0x6e, 0xf3, 0x95, 0xaa),
439		LL(0x03, 0x03, 0x0c, 0x03, 0x18, 0x0f, 0x06, 0x1b),
440		LL(0x56, 0x56, 0x45, 0x56, 0x8a, 0x13, 0xac, 0xdc),
441		LL(0x44, 0x44, 0x0d, 0x44, 0x1a, 0x49, 0x88, 0x5e),
442		LL(0x7f, 0x7f, 0xe1, 0x7f, 0xdf, 0x9e, 0xfe, 0xa0),
443		LL(0xa9, 0xa9, 0x9e, 0xa9, 0x21, 0x37, 0x4f, 0x88),
444		LL(0x2a, 0x2a, 0xa8, 0x2a, 0x4d, 0x82, 0x54, 0x67),
445		LL(0xbb, 0xbb, 0xd6, 0xbb, 0xb1, 0x6d, 0x6b, 0x0a),
446		LL(0xc1, 0xc1, 0x23, 0xc1, 0x46, 0xe2, 0x9f, 0x87),
447		LL(0x53, 0x53, 0x51, 0x53, 0xa2, 0x02, 0xa6, 0xf1),
448		LL(0xdc, 0xdc, 0x57, 0xdc, 0xae, 0x8b, 0xa5, 0x72),
449		LL(0x0b, 0x0b, 0x2c, 0x0b, 0x58, 0x27, 0x16, 0x53),
450		LL(0x9d, 0x9d, 0x4e, 0x9d, 0x9c, 0xd3, 0x27, 0x01),
451		LL(0x6c, 0x6c, 0xad, 0x6c, 0x47, 0xc1, 0xd8, 0x2b),
452		LL(0x31, 0x31, 0xc4, 0x31, 0x95, 0xf5, 0x62, 0xa4),
453		LL(0x74, 0x74, 0xcd, 0x74, 0x87, 0xb9, 0xe8, 0xf3),
454		LL(0xf6, 0xf6, 0xff, 0xf6, 0xe3, 0x09, 0xf1, 0x15),
455		LL(0x46, 0x46, 0x05, 0x46, 0x0a, 0x43, 0x8c, 0x4c),
456		LL(0xac, 0xac, 0x8a, 0xac, 0x09, 0x26, 0x45, 0xa5),
457		LL(0x89, 0x89, 0x1e, 0x89, 0x3c, 0x97, 0x0f, 0xb5),
458		LL(0x14, 0x14, 0x50, 0x14, 0xa0, 0x44, 0x28, 0xb4),
459		LL(0xe1, 0xe1, 0xa3, 0xe1, 0x5b, 0x42, 0xdf, 0xba),
460		LL(0x16, 0x16, 0x58, 0x16, 0xb0, 0x4e, 0x2c, 0xa6),
461		LL(0x3a, 0x3a, 0xe8, 0x3a, 0xcd, 0xd2, 0x74, 0xf7),
462		LL(0x69, 0x69, 0xb9, 0x69, 0x6f, 0xd0, 0xd2, 0x06),
463		LL(0x09, 0x09, 0x24, 0x09, 0x48, 0x2d, 0x12, 0x41),
464		LL(0x70, 0x70, 0xdd, 0x70, 0xa7, 0xad, 0xe0, 0xd7),
465		LL(0xb6, 0xb6, 0xe2, 0xb6, 0xd9, 0x54, 0x71, 0x6f),
466		LL(0xd0, 0xd0, 0x67, 0xd0, 0xce, 0xb7, 0xbd, 0x1e),
467		LL(0xed, 0xed, 0x93, 0xed, 0x3b, 0x7e, 0xc7, 0xd6),
468		LL(0xcc, 0xcc, 0x17, 0xcc, 0x2e, 0xdb, 0x85, 0xe2),
469		LL(0x42, 0x42, 0x15, 0x42, 0x2a, 0x57, 0x84, 0x68),
470		LL(0x98, 0x98, 0x5a, 0x98, 0xb4, 0xc2, 0x2d, 0x2c),
471		LL(0xa4, 0xa4, 0xaa, 0xa4, 0x49, 0x0e, 0x55, 0xed),
472		LL(0x28, 0x28, 0xa0, 0x28, 0x5d, 0x88, 0x50, 0x75),
473		LL(0x5c, 0x5c, 0x6d, 0x5c, 0xda, 0x31, 0xb8, 0x86),
474		LL(0xf8, 0xf8, 0xc7, 0xf8, 0x93, 0x3f, 0xed, 0x6b),
475		LL(0x86, 0x86, 0x22, 0x86, 0x44, 0xa4, 0x11, 0xc2),
476	0	#define RC (&(Cx.q[256 * N]))
477		0x18, 0x23, 0xc6, 0xe8, 0x87, 0xb8, 0x01, 0x4f,
478		/* rc[ROUNDS] */
479		0x36, 0xa6, 0xd2, 0xf5, 0x79, 0x6f, 0x91, 0x52, 0x60, 0xbc, 0x9b,
480		0x8e, 0xa3, 0x0c, 0x7b, 0x35, 0x1d, 0xe0, 0xd7, 0xc2, 0x2e, 0x4b,
481		0xfe, 0x57, 0x15, 0x77, 0x37, 0xe5, 0x9f, 0xf0, 0x4a, 0xda, 0x58,
482		0xc9, 0x29, 0x0a, 0xb1, 0xa0, 0x6b, 0x85, 0xbd, 0x5d, 0x10, 0xf4,
483		0xcb, 0x3e, 0x05, 0x67, 0xe4, 0x27, 0x41, 0x8b, 0xa7, 0x7d, 0x95,
484		0xd8, 0xfb, 0xee, 0x7c, 0x66, 0xdd, 0x17, 0x47, 0x9e, 0xca, 0x2d,
485		0xbf, 0x07, 0xad, 0x5a, 0x83, 0x33 }
486		};
487
488		void whirlpool_block(WHIRLPOOL_CTX ctx, const void inp, size_t n)
489	0	{
490	0	int r;
491	0	const uint8_t *p = inp;
492	0	union {
493	0	uint64_t q[8];
494	0	uint8_t c[64];
495	0	} S, K, H = (void )ctx->H.q;
496
497		#ifdef GO_FOR_MMX
498		GO_FOR_MMX(ctx, inp, n);
499		#endif
500	0	do {
501		#ifdef OPENSSL_SMALL_FOOTPRINT
502		uint64_t L[8];
503		int i;
504
505		for (i = 0; i < 64; i++)
506		S.c[i] = (K.c[i] = H->c[i]) ^ p[i];
507		for (r = 0; r < ROUNDS; r++) {
508		for (i = 0; i < 8; i++) {
509		L[i] = i ? 0 : RC[r];
510		L[i] ^= C0(K, i) ^ C1(K, (i - 1) & 7) ^ C2(K, (i - 2) & 7) ^ C3(K, (i - 3) & 7) ^ C4(K, (i - 4) & 7) ^ C5(K, (i - 5) & 7) ^ C6(K, (i - 6) & 7) ^ C7(K, (i - 7) & 7);
511		}
512		memcpy(K.q, L, 64);
513		for (i = 0; i < 8; i++) {
514		L[i] ^= C0(S, i) ^ C1(S, (i - 1) & 7) ^ C2(S, (i - 2) & 7) ^ C3(S, (i - 3) & 7) ^ C4(S, (i - 4) & 7) ^ C5(S, (i - 5) & 7) ^ C6(S, (i - 6) & 7) ^ C7(S, (i - 7) & 7);
515		}
516		memcpy(S.q, L, 64);
517		}
518		for (i = 0; i < 64; i++)
519		H->c[i] ^= S.c[i] ^ p[i];
520		#else
521	0	uint64_t L0, L1, L2, L3, L4, L5, L6, L7;
522
523		#ifdef STRICT_ALIGNMENT
524		if ((size_t)p & 7) {
525		memcpy(S.c, p, 64);
526		S.q[0] ^= (K.q[0] = H->q[0]);
527		S.q[1] ^= (K.q[1] = H->q[1]);
528		S.q[2] ^= (K.q[2] = H->q[2]);
529		S.q[3] ^= (K.q[3] = H->q[3]);
530		S.q[4] ^= (K.q[4] = H->q[4]);
531		S.q[5] ^= (K.q[5] = H->q[5]);
532		S.q[6] ^= (K.q[6] = H->q[6]);
533		S.q[7] ^= (K.q[7] = H->q[7]);
534		} else
535		#endif
536	0	{
537	0	const u64_aX pa = (const u64_aX )p;
538	0	S.q[0] = (K.q[0] = H->q[0]) ^ pa[0];
539	0	S.q[1] = (K.q[1] = H->q[1]) ^ pa[1];
540	0	S.q[2] = (K.q[2] = H->q[2]) ^ pa[2];
541	0	S.q[3] = (K.q[3] = H->q[3]) ^ pa[3];
542	0	S.q[4] = (K.q[4] = H->q[4]) ^ pa[4];
543	0	S.q[5] = (K.q[5] = H->q[5]) ^ pa[5];
544	0	S.q[6] = (K.q[6] = H->q[6]) ^ pa[6];
545	0	S.q[7] = (K.q[7] = H->q[7]) ^ pa[7];
546	0	}
547
548	0	for (r = 0; r < ROUNDS; r++) {
549		#ifdef SMALL_REGISTER_BANK
550		L0 = C0(K, 0) ^ C1(K, 7) ^ C2(K, 6) ^ C3(K, 5) ^ C4(K, 4) ^ C5(K, 3) ^ C6(K, 2) ^ C7(K, 1) ^ RC[r];
551		L1 = C0(K, 1) ^ C1(K, 0) ^ C2(K, 7) ^ C3(K, 6) ^ C4(K, 5) ^ C5(K, 4) ^ C6(K, 3) ^ C7(K, 2);
552		L2 = C0(K, 2) ^ C1(K, 1) ^ C2(K, 0) ^ C3(K, 7) ^ C4(K, 6) ^ C5(K, 5) ^ C6(K, 4) ^ C7(K, 3);
553		L3 = C0(K, 3) ^ C1(K, 2) ^ C2(K, 1) ^ C3(K, 0) ^ C4(K, 7) ^ C5(K, 6) ^ C6(K, 5) ^ C7(K, 4);
554		L4 = C0(K, 4) ^ C1(K, 3) ^ C2(K, 2) ^ C3(K, 1) ^ C4(K, 0) ^ C5(K, 7) ^ C6(K, 6) ^ C7(K, 5);
555		L5 = C0(K, 5) ^ C1(K, 4) ^ C2(K, 3) ^ C3(K, 2) ^ C4(K, 1) ^ C5(K, 0) ^ C6(K, 7) ^ C7(K, 6);
556		L6 = C0(K, 6) ^ C1(K, 5) ^ C2(K, 4) ^ C3(K, 3) ^ C4(K, 2) ^ C5(K, 1) ^ C6(K, 0) ^ C7(K, 7);
557		L7 = C0(K, 7) ^ C1(K, 6) ^ C2(K, 5) ^ C3(K, 4) ^ C4(K, 3) ^ C5(K, 2) ^ C6(K, 1) ^ C7(K, 0);
558
559		K.q[0] = L0;
560		K.q[1] = L1;
561		K.q[2] = L2;
562		K.q[3] = L3;
563		K.q[4] = L4;
564		K.q[5] = L5;
565		K.q[6] = L6;
566		K.q[7] = L7;
567
568		L0 ^= C0(S, 0) ^ C1(S, 7) ^ C2(S, 6) ^ C3(S, 5) ^ C4(S, 4) ^ C5(S, 3) ^ C6(S, 2) ^ C7(S, 1);
569		L1 ^= C0(S, 1) ^ C1(S, 0) ^ C2(S, 7) ^ C3(S, 6) ^ C4(S, 5) ^ C5(S, 4) ^ C6(S, 3) ^ C7(S, 2);
570		L2 ^= C0(S, 2) ^ C1(S, 1) ^ C2(S, 0) ^ C3(S, 7) ^ C4(S, 6) ^ C5(S, 5) ^ C6(S, 4) ^ C7(S, 3);
571		L3 ^= C0(S, 3) ^ C1(S, 2) ^ C2(S, 1) ^ C3(S, 0) ^ C4(S, 7) ^ C5(S, 6) ^ C6(S, 5) ^ C7(S, 4);
572		L4 ^= C0(S, 4) ^ C1(S, 3) ^ C2(S, 2) ^ C3(S, 1) ^ C4(S, 0) ^ C5(S, 7) ^ C6(S, 6) ^ C7(S, 5);
573		L5 ^= C0(S, 5) ^ C1(S, 4) ^ C2(S, 3) ^ C3(S, 2) ^ C4(S, 1) ^ C5(S, 0) ^ C6(S, 7) ^ C7(S, 6);
574		L6 ^= C0(S, 6) ^ C1(S, 5) ^ C2(S, 4) ^ C3(S, 3) ^ C4(S, 2) ^ C5(S, 1) ^ C6(S, 0) ^ C7(S, 7);
575		L7 ^= C0(S, 7) ^ C1(S, 6) ^ C2(S, 5) ^ C3(S, 4) ^ C4(S, 3) ^ C5(S, 2) ^ C6(S, 1) ^ C7(S, 0);
576
577		S.q[0] = L0;
578		S.q[1] = L1;
579		S.q[2] = L2;
580		S.q[3] = L3;
581		S.q[4] = L4;
582		S.q[5] = L5;
583		S.q[6] = L6;
584		S.q[7] = L7;
585		#else
586	0	L0 = C0(K, 0);
587	0	L1 = C1(K, 0);
588	0	L2 = C2(K, 0);
589	0	L3 = C3(K, 0);
590	0	L4 = C4(K, 0);
591	0	L5 = C5(K, 0);
592	0	L6 = C6(K, 0);
593	0	L7 = C7(K, 0);
594	0	L0 ^= RC[r];
595
596	0	L1 ^= C0(K, 1);
597	0	L2 ^= C1(K, 1);
598	0	L3 ^= C2(K, 1);
599	0	L4 ^= C3(K, 1);
600	0	L5 ^= C4(K, 1);
601	0	L6 ^= C5(K, 1);
602	0	L7 ^= C6(K, 1);
603	0	L0 ^= C7(K, 1);
604
605	0	L2 ^= C0(K, 2);
606	0	L3 ^= C1(K, 2);
607	0	L4 ^= C2(K, 2);
608	0	L5 ^= C3(K, 2);
609	0	L6 ^= C4(K, 2);
610	0	L7 ^= C5(K, 2);
611	0	L0 ^= C6(K, 2);
612	0	L1 ^= C7(K, 2);
613
614	0	L3 ^= C0(K, 3);
615	0	L4 ^= C1(K, 3);
616	0	L5 ^= C2(K, 3);
617	0	L6 ^= C3(K, 3);
618	0	L7 ^= C4(K, 3);
619	0	L0 ^= C5(K, 3);
620	0	L1 ^= C6(K, 3);
621	0	L2 ^= C7(K, 3);
622
623	0	L4 ^= C0(K, 4);
624	0	L5 ^= C1(K, 4);
625	0	L6 ^= C2(K, 4);
626	0	L7 ^= C3(K, 4);
627	0	L0 ^= C4(K, 4);
628	0	L1 ^= C5(K, 4);
629	0	L2 ^= C6(K, 4);
630	0	L3 ^= C7(K, 4);
631
632	0	L5 ^= C0(K, 5);
633	0	L6 ^= C1(K, 5);
634	0	L7 ^= C2(K, 5);
635	0	L0 ^= C3(K, 5);
636	0	L1 ^= C4(K, 5);
637	0	L2 ^= C5(K, 5);
638	0	L3 ^= C6(K, 5);
639	0	L4 ^= C7(K, 5);
640
641	0	L6 ^= C0(K, 6);
642	0	L7 ^= C1(K, 6);
643	0	L0 ^= C2(K, 6);
644	0	L1 ^= C3(K, 6);
645	0	L2 ^= C4(K, 6);
646	0	L3 ^= C5(K, 6);
647	0	L4 ^= C6(K, 6);
648	0	L5 ^= C7(K, 6);
649
650	0	L7 ^= C0(K, 7);
651	0	L0 ^= C1(K, 7);
652	0	L1 ^= C2(K, 7);
653	0	L2 ^= C3(K, 7);
654	0	L3 ^= C4(K, 7);
655	0	L4 ^= C5(K, 7);
656	0	L5 ^= C6(K, 7);
657	0	L6 ^= C7(K, 7);
658
659	0	K.q[0] = L0;
660	0	K.q[1] = L1;
661	0	K.q[2] = L2;
662	0	K.q[3] = L3;
663	0	K.q[4] = L4;
664	0	K.q[5] = L5;
665	0	K.q[6] = L6;
666	0	K.q[7] = L7;
667
668	0	L0 ^= C0(S, 0);
669	0	L1 ^= C1(S, 0);
670	0	L2 ^= C2(S, 0);
671	0	L3 ^= C3(S, 0);
672	0	L4 ^= C4(S, 0);
673	0	L5 ^= C5(S, 0);
674	0	L6 ^= C6(S, 0);
675	0	L7 ^= C7(S, 0);
676
677	0	L1 ^= C0(S, 1);
678	0	L2 ^= C1(S, 1);
679	0	L3 ^= C2(S, 1);
680	0	L4 ^= C3(S, 1);
681	0	L5 ^= C4(S, 1);
682	0	L6 ^= C5(S, 1);
683	0	L7 ^= C6(S, 1);
684	0	L0 ^= C7(S, 1);
685
686	0	L2 ^= C0(S, 2);
687	0	L3 ^= C1(S, 2);
688	0	L4 ^= C2(S, 2);
689	0	L5 ^= C3(S, 2);
690	0	L6 ^= C4(S, 2);
691	0	L7 ^= C5(S, 2);
692	0	L0 ^= C6(S, 2);
693	0	L1 ^= C7(S, 2);
694
695	0	L3 ^= C0(S, 3);
696	0	L4 ^= C1(S, 3);
697	0	L5 ^= C2(S, 3);
698	0	L6 ^= C3(S, 3);
699	0	L7 ^= C4(S, 3);
700	0	L0 ^= C5(S, 3);
701	0	L1 ^= C6(S, 3);
702	0	L2 ^= C7(S, 3);
703
704	0	L4 ^= C0(S, 4);
705	0	L5 ^= C1(S, 4);
706	0	L6 ^= C2(S, 4);
707	0	L7 ^= C3(S, 4);
708	0	L0 ^= C4(S, 4);
709	0	L1 ^= C5(S, 4);
710	0	L2 ^= C6(S, 4);
711	0	L3 ^= C7(S, 4);
712
713	0	L5 ^= C0(S, 5);
714	0	L6 ^= C1(S, 5);
715	0	L7 ^= C2(S, 5);
716	0	L0 ^= C3(S, 5);
717	0	L1 ^= C4(S, 5);
718	0	L2 ^= C5(S, 5);
719	0	L3 ^= C6(S, 5);
720	0	L4 ^= C7(S, 5);
721
722	0	L6 ^= C0(S, 6);
723	0	L7 ^= C1(S, 6);
724	0	L0 ^= C2(S, 6);
725	0	L1 ^= C3(S, 6);
726	0	L2 ^= C4(S, 6);
727	0	L3 ^= C5(S, 6);
728	0	L4 ^= C6(S, 6);
729	0	L5 ^= C7(S, 6);
730
731	0	L7 ^= C0(S, 7);
732	0	L0 ^= C1(S, 7);
733	0	L1 ^= C2(S, 7);
734	0	L2 ^= C3(S, 7);
735	0	L3 ^= C4(S, 7);
736	0	L4 ^= C5(S, 7);
737	0	L5 ^= C6(S, 7);
738	0	L6 ^= C7(S, 7);
739
740	0	S.q[0] = L0;
741	0	S.q[1] = L1;
742	0	S.q[2] = L2;
743	0	S.q[3] = L3;
744	0	S.q[4] = L4;
745	0	S.q[5] = L5;
746	0	S.q[6] = L6;
747	0	S.q[7] = L7;
748	0	#endif
749	0	}
750
751		#ifdef STRICT_ALIGNMENT
752		if ((size_t)p & 7) {
753		int i;
754		for (i = 0; i < 64; i++)
755		H->c[i] ^= S.c[i] ^ p[i];
756		} else
757		#endif
758	0	{
759	0	const u64_aX pa = (const u64_aX )p;
760	0	H->q[0] ^= S.q[0] ^ pa[0];
761	0	H->q[1] ^= S.q[1] ^ pa[1];
762	0	H->q[2] ^= S.q[2] ^ pa[2];
763	0	H->q[3] ^= S.q[3] ^ pa[3];
764	0	H->q[4] ^= S.q[4] ^ pa[4];
765	0	H->q[5] ^= S.q[5] ^ pa[5];
766	0	H->q[6] ^= S.q[6] ^ pa[6];
767	0	H->q[7] ^= S.q[7] ^ pa[7];
768	0	}
769	0	#endif
770	0	p += 64;
771	0	} while (--n);
772	0	}

Coverage Report

Created: 2026-05-30 06:06