/src/irssi/subprojects/openssl-1.1.1l/crypto/whrlpool/wp_block.c

Line	Count	Source
1		/*
2		* Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved.
3		*
4		* Licensed under the OpenSSL license (the "License"). You may not use
5		* this file except in compliance with the License. You can obtain a copy
6		* in the file LICENSE in the source distribution or at
7		* https://www.openssl.org/source/license.html
8		*/
9
10		/**
11		* The Whirlpool hashing function.
12		*
13		* See
14		* P.S.L.M. Barreto, V. Rijmen,
15		* ``The Whirlpool hashing function,''
16		* NESSIE submission, 2000 (tweaked version, 2001),
17		* <https://www.cosic.esat.kuleuven.ac.be/nessie/workshop/submissions/whirlpool.zip>
18		*
19		* Based on "@version 3.0 (2003.03.12)" by Paulo S.L.M. Barreto and
20		* Vincent Rijmen. Lookup "reference implementations" on
21		* <http://planeta.terra.com.br/informatica/paulobarreto/>
22		*
23		* =============================================================================
24		*
25		* THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS
26		* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
27		* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
28		* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE
29		* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
30		* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
31		* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
32		* BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
33		* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
34		* OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
35		* EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36		*
37		*/
38
39		#include "wp_local.h"
40		#include <string.h>
41
42		typedef unsigned char u8;
43		#if (defined(_WIN32) \|\| defined(_WIN64)) && !defined(__MINGW32)
44		typedef unsigned __int64 u64;
45		#elif defined(__arch64__)
46		typedef unsigned long u64;
47		#else
48		typedef unsigned long long u64;
49		#endif
50
51	0	#define ROUNDS 10
52
53		#define STRICT_ALIGNMENT
54		#if !defined(PEDANTIC) && (defined(__i386) \|\| defined(__i386__) \|\| \
55		defined(__x86_64) \|\| defined(__x86_64__) \|\| \
56		defined(_M_IX86) \|\| defined(_M_AMD64) \|\| \
57		defined(_M_X64))
58		/*
59		* Well, formally there're couple of other architectures, which permit
60		* unaligned loads, specifically those not crossing cache lines, IA-64 and
61		* PowerPC...
62		*/
63		# undef STRICT_ALIGNMENT
64		#endif
65
66		#ifndef STRICT_ALIGNMENT
67		# ifdef __GNUC__
68		typedef u64 u64_a1 __attribute((__aligned__(1)));
69		# else
70		typedef u64 u64_a1;
71		# endif
72		#endif
73
74		#if defined(__GNUC__) && !defined(STRICT_ALIGNMENT)
75		typedef u64 u64_aX __attribute((__aligned__(1)));
76		#else
77		typedef u64 u64_aX;
78		#endif
79
80		#undef SMALL_REGISTER_BANK
81		#if defined(__i386) \|\| defined(__i386__) \|\| defined(_M_IX86)
82		# define SMALL_REGISTER_BANK
83		# if defined(WHIRLPOOL_ASM)
84		# ifndef OPENSSL_SMALL_FOOTPRINT
85		/*
86		* it appears that for elder non-MMX
87		* CPUs this is actually faster!
88		*/
89		# define OPENSSL_SMALL_FOOTPRINT
90		# endif
91		# define GO_FOR_MMX(ctx,inp,num) do { \
92		extern unsigned long OPENSSL_ia32cap_P[]; \
93		void whirlpool_block_mmx(void ,const void ,size_t); \
94		if (!(OPENSSL_ia32cap_P[0] & (1<<23))) break; \
95		whirlpool_block_mmx(ctx->H.c,inp,num); return; \
96		} while (0)
97		# endif
98		#endif
99
100		#undef ROTATE
101		#ifndef PEDANTIC
102		# if defined(_MSC_VER)
103		# if defined(_WIN64) /* applies to both IA-64 and AMD64 */
104		# include <stdlib.h>
105		# pragma intrinsic(_rotl64)
106		# define ROTATE(a,n) _rotl64((a),n)
107		# endif
108		# elif defined(__GNUC__) && __GNUC__>=2
109		# if defined(__x86_64) \|\| defined(__x86_64__)
110		# if defined(L_ENDIAN)
111		# define ROTATE(a,n) ({ u64 ret; asm ("rolq %1,%0" \
112		: "=r"(ret) : "J"(n),"0"(a) : "cc"); ret; })
113		# elif defined(B_ENDIAN)
114		/*
115		* Most will argue that x86_64 is always little-endian. Well, yes, but
116		* then we have stratus.com who has modified gcc to "emulate"
117		* big-endian on x86. Is there evidence that they [or somebody else]
118		* won't do same for x86_64? Naturally no. And this line is waiting
119		* ready for that brave soul:-)
120		*/
121		# define ROTATE(a,n) ({ u64 ret; asm ("rorq %1,%0" \
122		: "=r"(ret) : "J"(n),"0"(a) : "cc"); ret; })
123		# endif
124		# elif defined(__ia64) \|\| defined(__ia64__)
125		# if defined(L_ENDIAN)
126		# define ROTATE(a,n) ({ u64 ret; asm ("shrp %0=%1,%1,%2" \
127		: "=r"(ret) : "r"(a),"M"(64-(n))); ret; })
128		# elif defined(B_ENDIAN)
129		# define ROTATE(a,n) ({ u64 ret; asm ("shrp %0=%1,%1,%2" \
130		: "=r"(ret) : "r"(a),"M"(n)); ret; })
131		# endif
132		# endif
133		# endif
134		#endif
135
136		#if defined(OPENSSL_SMALL_FOOTPRINT)
137		# if !defined(ROTATE)
138		# if defined(L_ENDIAN) /* little-endians have to rotate left */
139		# define ROTATE(i,n) ((i)<<(n) ^ (i)>>(64-n))
140		# elif defined(B_ENDIAN) /* big-endians have to rotate right */
141		# define ROTATE(i,n) ((i)>>(n) ^ (i)<<(64-n))
142		# endif
143		# endif
144		# if defined(ROTATE) && !defined(STRICT_ALIGNMENT)
145		# define STRICT_ALIGNMENT /* ensure smallest table size */
146		# endif
147		#endif
148
149		/*
150		* Table size depends on STRICT_ALIGNMENT and whether or not endian-
151		* specific ROTATE macro is defined. If STRICT_ALIGNMENT is not
152		* defined, which is normally the case on x86[_64] CPUs, the table is
153		* 4KB large unconditionally. Otherwise if ROTATE is defined, the
154		* table is 2KB large, and otherwise - 16KB. 2KB table requires a
155		* whole bunch of additional rotations, but I'm willing to "trade,"
156		* because 16KB table certainly trashes L1 cache. I wish all CPUs
157		* could handle unaligned load as 4KB table doesn't trash the cache,
158		* nor does it require additional rotations.
159		*/
160		/*
161		* Note that every Cn macro expands as two loads: one byte load and
162		* one quadword load. One can argue that that many single-byte loads
163		* is too excessive, as one could load a quadword and "milk" it for
164		* eight 8-bit values instead. Well, yes, but in order to do so and
165		* avoid excessive loads you have to accommodate a handful of 64-bit
166		* values in the register bank and issue a bunch of shifts and mask.
167		* It's a tradeoff: loads vs. shift and mask in big register bank[!].
168		* On most CPUs eight single-byte loads are faster and I let other
169		* ones to depend on smart compiler to fold byte loads if beneficial.
170		* Hand-coded assembler would be another alternative:-)
171		*/
172		#ifdef STRICT_ALIGNMENT
173		# if defined(ROTATE)
174		# define N 1
175		# define LL(c0,c1,c2,c3,c4,c5,c6,c7) c0,c1,c2,c3,c4,c5,c6,c7
176		# define C0(K,i) (Cx.q[K.c[(i)*8+0]])
177		# define C1(K,i) ROTATE(Cx.q[K.c[(i)*8+1]],8)
178		# define C2(K,i) ROTATE(Cx.q[K.c[(i)*8+2]],16)
179		# define C3(K,i) ROTATE(Cx.q[K.c[(i)*8+3]],24)
180		# define C4(K,i) ROTATE(Cx.q[K.c[(i)*8+4]],32)
181		# define C5(K,i) ROTATE(Cx.q[K.c[(i)*8+5]],40)
182		# define C6(K,i) ROTATE(Cx.q[K.c[(i)*8+6]],48)
183		# define C7(K,i) ROTATE(Cx.q[K.c[(i)*8+7]],56)
184		# else
185		# define N 8
186		# define LL(c0,c1,c2,c3,c4,c5,c6,c7) c0,c1,c2,c3,c4,c5,c6,c7, \
187		c7,c0,c1,c2,c3,c4,c5,c6, \
188		c6,c7,c0,c1,c2,c3,c4,c5, \
189		c5,c6,c7,c0,c1,c2,c3,c4, \
190		c4,c5,c6,c7,c0,c1,c2,c3, \
191		c3,c4,c5,c6,c7,c0,c1,c2, \
192		c2,c3,c4,c5,c6,c7,c0,c1, \
193		c1,c2,c3,c4,c5,c6,c7,c0
194		# define C0(K,i) (Cx.q[0+8K.c[(i)8+0]])
195		# define C1(K,i) (Cx.q[1+8K.c[(i)8+1]])
196		# define C2(K,i) (Cx.q[2+8K.c[(i)8+2]])
197		# define C3(K,i) (Cx.q[3+8K.c[(i)8+3]])
198		# define C4(K,i) (Cx.q[4+8K.c[(i)8+4]])
199		# define C5(K,i) (Cx.q[5+8K.c[(i)8+5]])
200		# define C6(K,i) (Cx.q[6+8K.c[(i)8+6]])
201		# define C7(K,i) (Cx.q[7+8K.c[(i)8+7]])
202		# endif
203		#else
204	0	# define N 2
205		# define LL(c0,c1,c2,c3,c4,c5,c6,c7) c0,c1,c2,c3,c4,c5,c6,c7, \
206		c0,c1,c2,c3,c4,c5,c6,c7
207	0	# define C0(K,i) (((u64)(Cx.c+0))[2K.c[(i)*8+0]])
208	0	# define C1(K,i) (((u64_a1)(Cx.c+7))[2K.c[(i)*8+1]])
209	0	# define C2(K,i) (((u64_a1)(Cx.c+6))[2K.c[(i)*8+2]])
210	0	# define C3(K,i) (((u64_a1)(Cx.c+5))[2K.c[(i)*8+3]])
211	0	# define C4(K,i) (((u64_a1)(Cx.c+4))[2K.c[(i)*8+4]])
212	0	# define C5(K,i) (((u64_a1)(Cx.c+3))[2K.c[(i)*8+5]])
213	0	# define C6(K,i) (((u64_a1)(Cx.c+2))[2K.c[(i)*8+6]])
214	0	# define C7(K,i) (((u64_a1)(Cx.c+1))[2K.c[(i)*8+7]])
215		#endif
216
217		static const
218		union {
219		u8 c[(256 * N + ROUNDS) * sizeof(u64)];
220		u64 q[(256 * N + ROUNDS)];
221		} Cx = {
222		{
223		/* Note endian-neutral representation:-) */
224		LL(0x18, 0x18, 0x60, 0x18, 0xc0, 0x78, 0x30, 0xd8),
225		LL(0x23, 0x23, 0x8c, 0x23, 0x05, 0xaf, 0x46, 0x26),
226		LL(0xc6, 0xc6, 0x3f, 0xc6, 0x7e, 0xf9, 0x91, 0xb8),
227		LL(0xe8, 0xe8, 0x87, 0xe8, 0x13, 0x6f, 0xcd, 0xfb),
228		LL(0x87, 0x87, 0x26, 0x87, 0x4c, 0xa1, 0x13, 0xcb),
229		LL(0xb8, 0xb8, 0xda, 0xb8, 0xa9, 0x62, 0x6d, 0x11),
230		LL(0x01, 0x01, 0x04, 0x01, 0x08, 0x05, 0x02, 0x09),
231		LL(0x4f, 0x4f, 0x21, 0x4f, 0x42, 0x6e, 0x9e, 0x0d),
232		LL(0x36, 0x36, 0xd8, 0x36, 0xad, 0xee, 0x6c, 0x9b),
233		LL(0xa6, 0xa6, 0xa2, 0xa6, 0x59, 0x04, 0x51, 0xff),
234		LL(0xd2, 0xd2, 0x6f, 0xd2, 0xde, 0xbd, 0xb9, 0x0c),
235		LL(0xf5, 0xf5, 0xf3, 0xf5, 0xfb, 0x06, 0xf7, 0x0e),
236		LL(0x79, 0x79, 0xf9, 0x79, 0xef, 0x80, 0xf2, 0x96),
237		LL(0x6f, 0x6f, 0xa1, 0x6f, 0x5f, 0xce, 0xde, 0x30),
238		LL(0x91, 0x91, 0x7e, 0x91, 0xfc, 0xef, 0x3f, 0x6d),
239		LL(0x52, 0x52, 0x55, 0x52, 0xaa, 0x07, 0xa4, 0xf8),
240		LL(0x60, 0x60, 0x9d, 0x60, 0x27, 0xfd, 0xc0, 0x47),
241		LL(0xbc, 0xbc, 0xca, 0xbc, 0x89, 0x76, 0x65, 0x35),
242		LL(0x9b, 0x9b, 0x56, 0x9b, 0xac, 0xcd, 0x2b, 0x37),
243		LL(0x8e, 0x8e, 0x02, 0x8e, 0x04, 0x8c, 0x01, 0x8a),
244		LL(0xa3, 0xa3, 0xb6, 0xa3, 0x71, 0x15, 0x5b, 0xd2),
245		LL(0x0c, 0x0c, 0x30, 0x0c, 0x60, 0x3c, 0x18, 0x6c),
246		LL(0x7b, 0x7b, 0xf1, 0x7b, 0xff, 0x8a, 0xf6, 0x84),
247		LL(0x35, 0x35, 0xd4, 0x35, 0xb5, 0xe1, 0x6a, 0x80),
248		LL(0x1d, 0x1d, 0x74, 0x1d, 0xe8, 0x69, 0x3a, 0xf5),
249		LL(0xe0, 0xe0, 0xa7, 0xe0, 0x53, 0x47, 0xdd, 0xb3),
250		LL(0xd7, 0xd7, 0x7b, 0xd7, 0xf6, 0xac, 0xb3, 0x21),
251		LL(0xc2, 0xc2, 0x2f, 0xc2, 0x5e, 0xed, 0x99, 0x9c),
252		LL(0x2e, 0x2e, 0xb8, 0x2e, 0x6d, 0x96, 0x5c, 0x43),
253		LL(0x4b, 0x4b, 0x31, 0x4b, 0x62, 0x7a, 0x96, 0x29),
254		LL(0xfe, 0xfe, 0xdf, 0xfe, 0xa3, 0x21, 0xe1, 0x5d),
255		LL(0x57, 0x57, 0x41, 0x57, 0x82, 0x16, 0xae, 0xd5),
256		LL(0x15, 0x15, 0x54, 0x15, 0xa8, 0x41, 0x2a, 0xbd),
257		LL(0x77, 0x77, 0xc1, 0x77, 0x9f, 0xb6, 0xee, 0xe8),
258		LL(0x37, 0x37, 0xdc, 0x37, 0xa5, 0xeb, 0x6e, 0x92),
259		LL(0xe5, 0xe5, 0xb3, 0xe5, 0x7b, 0x56, 0xd7, 0x9e),
260		LL(0x9f, 0x9f, 0x46, 0x9f, 0x8c, 0xd9, 0x23, 0x13),
261		LL(0xf0, 0xf0, 0xe7, 0xf0, 0xd3, 0x17, 0xfd, 0x23),
262		LL(0x4a, 0x4a, 0x35, 0x4a, 0x6a, 0x7f, 0x94, 0x20),
263		LL(0xda, 0xda, 0x4f, 0xda, 0x9e, 0x95, 0xa9, 0x44),
264		LL(0x58, 0x58, 0x7d, 0x58, 0xfa, 0x25, 0xb0, 0xa2),
265		LL(0xc9, 0xc9, 0x03, 0xc9, 0x06, 0xca, 0x8f, 0xcf),
266		LL(0x29, 0x29, 0xa4, 0x29, 0x55, 0x8d, 0x52, 0x7c),
267		LL(0x0a, 0x0a, 0x28, 0x0a, 0x50, 0x22, 0x14, 0x5a),
268		LL(0xb1, 0xb1, 0xfe, 0xb1, 0xe1, 0x4f, 0x7f, 0x50),
269		LL(0xa0, 0xa0, 0xba, 0xa0, 0x69, 0x1a, 0x5d, 0xc9),
270		LL(0x6b, 0x6b, 0xb1, 0x6b, 0x7f, 0xda, 0xd6, 0x14),
271		LL(0x85, 0x85, 0x2e, 0x85, 0x5c, 0xab, 0x17, 0xd9),
272		LL(0xbd, 0xbd, 0xce, 0xbd, 0x81, 0x73, 0x67, 0x3c),
273		LL(0x5d, 0x5d, 0x69, 0x5d, 0xd2, 0x34, 0xba, 0x8f),
274		LL(0x10, 0x10, 0x40, 0x10, 0x80, 0x50, 0x20, 0x90),
275		LL(0xf4, 0xf4, 0xf7, 0xf4, 0xf3, 0x03, 0xf5, 0x07),
276		LL(0xcb, 0xcb, 0x0b, 0xcb, 0x16, 0xc0, 0x8b, 0xdd),
277		LL(0x3e, 0x3e, 0xf8, 0x3e, 0xed, 0xc6, 0x7c, 0xd3),
278		LL(0x05, 0x05, 0x14, 0x05, 0x28, 0x11, 0x0a, 0x2d),
279		LL(0x67, 0x67, 0x81, 0x67, 0x1f, 0xe6, 0xce, 0x78),
280		LL(0xe4, 0xe4, 0xb7, 0xe4, 0x73, 0x53, 0xd5, 0x97),
281		LL(0x27, 0x27, 0x9c, 0x27, 0x25, 0xbb, 0x4e, 0x02),
282		LL(0x41, 0x41, 0x19, 0x41, 0x32, 0x58, 0x82, 0x73),
283		LL(0x8b, 0x8b, 0x16, 0x8b, 0x2c, 0x9d, 0x0b, 0xa7),
284		LL(0xa7, 0xa7, 0xa6, 0xa7, 0x51, 0x01, 0x53, 0xf6),
285		LL(0x7d, 0x7d, 0xe9, 0x7d, 0xcf, 0x94, 0xfa, 0xb2),
286		LL(0x95, 0x95, 0x6e, 0x95, 0xdc, 0xfb, 0x37, 0x49),
287		LL(0xd8, 0xd8, 0x47, 0xd8, 0x8e, 0x9f, 0xad, 0x56),
288		LL(0xfb, 0xfb, 0xcb, 0xfb, 0x8b, 0x30, 0xeb, 0x70),
289		LL(0xee, 0xee, 0x9f, 0xee, 0x23, 0x71, 0xc1, 0xcd),
290		LL(0x7c, 0x7c, 0xed, 0x7c, 0xc7, 0x91, 0xf8, 0xbb),
291		LL(0x66, 0x66, 0x85, 0x66, 0x17, 0xe3, 0xcc, 0x71),
292		LL(0xdd, 0xdd, 0x53, 0xdd, 0xa6, 0x8e, 0xa7, 0x7b),
293		LL(0x17, 0x17, 0x5c, 0x17, 0xb8, 0x4b, 0x2e, 0xaf),
294		LL(0x47, 0x47, 0x01, 0x47, 0x02, 0x46, 0x8e, 0x45),
295		LL(0x9e, 0x9e, 0x42, 0x9e, 0x84, 0xdc, 0x21, 0x1a),
296		LL(0xca, 0xca, 0x0f, 0xca, 0x1e, 0xc5, 0x89, 0xd4),
297		LL(0x2d, 0x2d, 0xb4, 0x2d, 0x75, 0x99, 0x5a, 0x58),
298		LL(0xbf, 0xbf, 0xc6, 0xbf, 0x91, 0x79, 0x63, 0x2e),
299		LL(0x07, 0x07, 0x1c, 0x07, 0x38, 0x1b, 0x0e, 0x3f),
300		LL(0xad, 0xad, 0x8e, 0xad, 0x01, 0x23, 0x47, 0xac),
301		LL(0x5a, 0x5a, 0x75, 0x5a, 0xea, 0x2f, 0xb4, 0xb0),
302		LL(0x83, 0x83, 0x36, 0x83, 0x6c, 0xb5, 0x1b, 0xef),
303		LL(0x33, 0x33, 0xcc, 0x33, 0x85, 0xff, 0x66, 0xb6),
304		LL(0x63, 0x63, 0x91, 0x63, 0x3f, 0xf2, 0xc6, 0x5c),
305		LL(0x02, 0x02, 0x08, 0x02, 0x10, 0x0a, 0x04, 0x12),
306		LL(0xaa, 0xaa, 0x92, 0xaa, 0x39, 0x38, 0x49, 0x93),
307		LL(0x71, 0x71, 0xd9, 0x71, 0xaf, 0xa8, 0xe2, 0xde),
308		LL(0xc8, 0xc8, 0x07, 0xc8, 0x0e, 0xcf, 0x8d, 0xc6),
309		LL(0x19, 0x19, 0x64, 0x19, 0xc8, 0x7d, 0x32, 0xd1),
310		LL(0x49, 0x49, 0x39, 0x49, 0x72, 0x70, 0x92, 0x3b),
311		LL(0xd9, 0xd9, 0x43, 0xd9, 0x86, 0x9a, 0xaf, 0x5f),
312		LL(0xf2, 0xf2, 0xef, 0xf2, 0xc3, 0x1d, 0xf9, 0x31),
313		LL(0xe3, 0xe3, 0xab, 0xe3, 0x4b, 0x48, 0xdb, 0xa8),
314		LL(0x5b, 0x5b, 0x71, 0x5b, 0xe2, 0x2a, 0xb6, 0xb9),
315		LL(0x88, 0x88, 0x1a, 0x88, 0x34, 0x92, 0x0d, 0xbc),
316		LL(0x9a, 0x9a, 0x52, 0x9a, 0xa4, 0xc8, 0x29, 0x3e),
317		LL(0x26, 0x26, 0x98, 0x26, 0x2d, 0xbe, 0x4c, 0x0b),
318		LL(0x32, 0x32, 0xc8, 0x32, 0x8d, 0xfa, 0x64, 0xbf),
319		LL(0xb0, 0xb0, 0xfa, 0xb0, 0xe9, 0x4a, 0x7d, 0x59),
320		LL(0xe9, 0xe9, 0x83, 0xe9, 0x1b, 0x6a, 0xcf, 0xf2),
321		LL(0x0f, 0x0f, 0x3c, 0x0f, 0x78, 0x33, 0x1e, 0x77),
322		LL(0xd5, 0xd5, 0x73, 0xd5, 0xe6, 0xa6, 0xb7, 0x33),
323		LL(0x80, 0x80, 0x3a, 0x80, 0x74, 0xba, 0x1d, 0xf4),
324		LL(0xbe, 0xbe, 0xc2, 0xbe, 0x99, 0x7c, 0x61, 0x27),
325		LL(0xcd, 0xcd, 0x13, 0xcd, 0x26, 0xde, 0x87, 0xeb),
326		LL(0x34, 0x34, 0xd0, 0x34, 0xbd, 0xe4, 0x68, 0x89),
327		LL(0x48, 0x48, 0x3d, 0x48, 0x7a, 0x75, 0x90, 0x32),
328		LL(0xff, 0xff, 0xdb, 0xff, 0xab, 0x24, 0xe3, 0x54),
329		LL(0x7a, 0x7a, 0xf5, 0x7a, 0xf7, 0x8f, 0xf4, 0x8d),
330		LL(0x90, 0x90, 0x7a, 0x90, 0xf4, 0xea, 0x3d, 0x64),
331		LL(0x5f, 0x5f, 0x61, 0x5f, 0xc2, 0x3e, 0xbe, 0x9d),
332		LL(0x20, 0x20, 0x80, 0x20, 0x1d, 0xa0, 0x40, 0x3d),
333		LL(0x68, 0x68, 0xbd, 0x68, 0x67, 0xd5, 0xd0, 0x0f),
334		LL(0x1a, 0x1a, 0x68, 0x1a, 0xd0, 0x72, 0x34, 0xca),
335		LL(0xae, 0xae, 0x82, 0xae, 0x19, 0x2c, 0x41, 0xb7),
336		LL(0xb4, 0xb4, 0xea, 0xb4, 0xc9, 0x5e, 0x75, 0x7d),
337		LL(0x54, 0x54, 0x4d, 0x54, 0x9a, 0x19, 0xa8, 0xce),
338		LL(0x93, 0x93, 0x76, 0x93, 0xec, 0xe5, 0x3b, 0x7f),
339		LL(0x22, 0x22, 0x88, 0x22, 0x0d, 0xaa, 0x44, 0x2f),
340		LL(0x64, 0x64, 0x8d, 0x64, 0x07, 0xe9, 0xc8, 0x63),
341		LL(0xf1, 0xf1, 0xe3, 0xf1, 0xdb, 0x12, 0xff, 0x2a),
342		LL(0x73, 0x73, 0xd1, 0x73, 0xbf, 0xa2, 0xe6, 0xcc),
343		LL(0x12, 0x12, 0x48, 0x12, 0x90, 0x5a, 0x24, 0x82),
344		LL(0x40, 0x40, 0x1d, 0x40, 0x3a, 0x5d, 0x80, 0x7a),
345		LL(0x08, 0x08, 0x20, 0x08, 0x40, 0x28, 0x10, 0x48),
346		LL(0xc3, 0xc3, 0x2b, 0xc3, 0x56, 0xe8, 0x9b, 0x95),
347		LL(0xec, 0xec, 0x97, 0xec, 0x33, 0x7b, 0xc5, 0xdf),
348		LL(0xdb, 0xdb, 0x4b, 0xdb, 0x96, 0x90, 0xab, 0x4d),
349		LL(0xa1, 0xa1, 0xbe, 0xa1, 0x61, 0x1f, 0x5f, 0xc0),
350		LL(0x8d, 0x8d, 0x0e, 0x8d, 0x1c, 0x83, 0x07, 0x91),
351		LL(0x3d, 0x3d, 0xf4, 0x3d, 0xf5, 0xc9, 0x7a, 0xc8),
352		LL(0x97, 0x97, 0x66, 0x97, 0xcc, 0xf1, 0x33, 0x5b),
353		LL(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
354		LL(0xcf, 0xcf, 0x1b, 0xcf, 0x36, 0xd4, 0x83, 0xf9),
355		LL(0x2b, 0x2b, 0xac, 0x2b, 0x45, 0x87, 0x56, 0x6e),
356		LL(0x76, 0x76, 0xc5, 0x76, 0x97, 0xb3, 0xec, 0xe1),
357		LL(0x82, 0x82, 0x32, 0x82, 0x64, 0xb0, 0x19, 0xe6),
358		LL(0xd6, 0xd6, 0x7f, 0xd6, 0xfe, 0xa9, 0xb1, 0x28),
359		LL(0x1b, 0x1b, 0x6c, 0x1b, 0xd8, 0x77, 0x36, 0xc3),
360		LL(0xb5, 0xb5, 0xee, 0xb5, 0xc1, 0x5b, 0x77, 0x74),
361		LL(0xaf, 0xaf, 0x86, 0xaf, 0x11, 0x29, 0x43, 0xbe),
362		LL(0x6a, 0x6a, 0xb5, 0x6a, 0x77, 0xdf, 0xd4, 0x1d),
363		LL(0x50, 0x50, 0x5d, 0x50, 0xba, 0x0d, 0xa0, 0xea),
364		LL(0x45, 0x45, 0x09, 0x45, 0x12, 0x4c, 0x8a, 0x57),
365		LL(0xf3, 0xf3, 0xeb, 0xf3, 0xcb, 0x18, 0xfb, 0x38),
366		LL(0x30, 0x30, 0xc0, 0x30, 0x9d, 0xf0, 0x60, 0xad),
367		LL(0xef, 0xef, 0x9b, 0xef, 0x2b, 0x74, 0xc3, 0xc4),
368		LL(0x3f, 0x3f, 0xfc, 0x3f, 0xe5, 0xc3, 0x7e, 0xda),
369		LL(0x55, 0x55, 0x49, 0x55, 0x92, 0x1c, 0xaa, 0xc7),
370		LL(0xa2, 0xa2, 0xb2, 0xa2, 0x79, 0x10, 0x59, 0xdb),
371		LL(0xea, 0xea, 0x8f, 0xea, 0x03, 0x65, 0xc9, 0xe9),
372		LL(0x65, 0x65, 0x89, 0x65, 0x0f, 0xec, 0xca, 0x6a),
373		LL(0xba, 0xba, 0xd2, 0xba, 0xb9, 0x68, 0x69, 0x03),
374		LL(0x2f, 0x2f, 0xbc, 0x2f, 0x65, 0x93, 0x5e, 0x4a),
375		LL(0xc0, 0xc0, 0x27, 0xc0, 0x4e, 0xe7, 0x9d, 0x8e),
376		LL(0xde, 0xde, 0x5f, 0xde, 0xbe, 0x81, 0xa1, 0x60),
377		LL(0x1c, 0x1c, 0x70, 0x1c, 0xe0, 0x6c, 0x38, 0xfc),
378		LL(0xfd, 0xfd, 0xd3, 0xfd, 0xbb, 0x2e, 0xe7, 0x46),
379		LL(0x4d, 0x4d, 0x29, 0x4d, 0x52, 0x64, 0x9a, 0x1f),
380		LL(0x92, 0x92, 0x72, 0x92, 0xe4, 0xe0, 0x39, 0x76),
381		LL(0x75, 0x75, 0xc9, 0x75, 0x8f, 0xbc, 0xea, 0xfa),
382		LL(0x06, 0x06, 0x18, 0x06, 0x30, 0x1e, 0x0c, 0x36),
383		LL(0x8a, 0x8a, 0x12, 0x8a, 0x24, 0x98, 0x09, 0xae),
384		LL(0xb2, 0xb2, 0xf2, 0xb2, 0xf9, 0x40, 0x79, 0x4b),
385		LL(0xe6, 0xe6, 0xbf, 0xe6, 0x63, 0x59, 0xd1, 0x85),
386		LL(0x0e, 0x0e, 0x38, 0x0e, 0x70, 0x36, 0x1c, 0x7e),
387		LL(0x1f, 0x1f, 0x7c, 0x1f, 0xf8, 0x63, 0x3e, 0xe7),
388		LL(0x62, 0x62, 0x95, 0x62, 0x37, 0xf7, 0xc4, 0x55),
389		LL(0xd4, 0xd4, 0x77, 0xd4, 0xee, 0xa3, 0xb5, 0x3a),
390		LL(0xa8, 0xa8, 0x9a, 0xa8, 0x29, 0x32, 0x4d, 0x81),
391		LL(0x96, 0x96, 0x62, 0x96, 0xc4, 0xf4, 0x31, 0x52),
392		LL(0xf9, 0xf9, 0xc3, 0xf9, 0x9b, 0x3a, 0xef, 0x62),
393		LL(0xc5, 0xc5, 0x33, 0xc5, 0x66, 0xf6, 0x97, 0xa3),
394		LL(0x25, 0x25, 0x94, 0x25, 0x35, 0xb1, 0x4a, 0x10),
395		LL(0x59, 0x59, 0x79, 0x59, 0xf2, 0x20, 0xb2, 0xab),
396		LL(0x84, 0x84, 0x2a, 0x84, 0x54, 0xae, 0x15, 0xd0),
397		LL(0x72, 0x72, 0xd5, 0x72, 0xb7, 0xa7, 0xe4, 0xc5),
398		LL(0x39, 0x39, 0xe4, 0x39, 0xd5, 0xdd, 0x72, 0xec),
399		LL(0x4c, 0x4c, 0x2d, 0x4c, 0x5a, 0x61, 0x98, 0x16),
400		LL(0x5e, 0x5e, 0x65, 0x5e, 0xca, 0x3b, 0xbc, 0x94),
401		LL(0x78, 0x78, 0xfd, 0x78, 0xe7, 0x85, 0xf0, 0x9f),
402		LL(0x38, 0x38, 0xe0, 0x38, 0xdd, 0xd8, 0x70, 0xe5),
403		LL(0x8c, 0x8c, 0x0a, 0x8c, 0x14, 0x86, 0x05, 0x98),
404		LL(0xd1, 0xd1, 0x63, 0xd1, 0xc6, 0xb2, 0xbf, 0x17),
405		LL(0xa5, 0xa5, 0xae, 0xa5, 0x41, 0x0b, 0x57, 0xe4),
406		LL(0xe2, 0xe2, 0xaf, 0xe2, 0x43, 0x4d, 0xd9, 0xa1),
407		LL(0x61, 0x61, 0x99, 0x61, 0x2f, 0xf8, 0xc2, 0x4e),
408		LL(0xb3, 0xb3, 0xf6, 0xb3, 0xf1, 0x45, 0x7b, 0x42),
409		LL(0x21, 0x21, 0x84, 0x21, 0x15, 0xa5, 0x42, 0x34),
410		LL(0x9c, 0x9c, 0x4a, 0x9c, 0x94, 0xd6, 0x25, 0x08),
411		LL(0x1e, 0x1e, 0x78, 0x1e, 0xf0, 0x66, 0x3c, 0xee),
412		LL(0x43, 0x43, 0x11, 0x43, 0x22, 0x52, 0x86, 0x61),
413		LL(0xc7, 0xc7, 0x3b, 0xc7, 0x76, 0xfc, 0x93, 0xb1),
414		LL(0xfc, 0xfc, 0xd7, 0xfc, 0xb3, 0x2b, 0xe5, 0x4f),
415		LL(0x04, 0x04, 0x10, 0x04, 0x20, 0x14, 0x08, 0x24),
416		LL(0x51, 0x51, 0x59, 0x51, 0xb2, 0x08, 0xa2, 0xe3),
417		LL(0x99, 0x99, 0x5e, 0x99, 0xbc, 0xc7, 0x2f, 0x25),
418		LL(0x6d, 0x6d, 0xa9, 0x6d, 0x4f, 0xc4, 0xda, 0x22),
419		LL(0x0d, 0x0d, 0x34, 0x0d, 0x68, 0x39, 0x1a, 0x65),
420		LL(0xfa, 0xfa, 0xcf, 0xfa, 0x83, 0x35, 0xe9, 0x79),
421		LL(0xdf, 0xdf, 0x5b, 0xdf, 0xb6, 0x84, 0xa3, 0x69),
422		LL(0x7e, 0x7e, 0xe5, 0x7e, 0xd7, 0x9b, 0xfc, 0xa9),
423		LL(0x24, 0x24, 0x90, 0x24, 0x3d, 0xb4, 0x48, 0x19),
424		LL(0x3b, 0x3b, 0xec, 0x3b, 0xc5, 0xd7, 0x76, 0xfe),
425		LL(0xab, 0xab, 0x96, 0xab, 0x31, 0x3d, 0x4b, 0x9a),
426		LL(0xce, 0xce, 0x1f, 0xce, 0x3e, 0xd1, 0x81, 0xf0),
427		LL(0x11, 0x11, 0x44, 0x11, 0x88, 0x55, 0x22, 0x99),
428		LL(0x8f, 0x8f, 0x06, 0x8f, 0x0c, 0x89, 0x03, 0x83),
429		LL(0x4e, 0x4e, 0x25, 0x4e, 0x4a, 0x6b, 0x9c, 0x04),
430		LL(0xb7, 0xb7, 0xe6, 0xb7, 0xd1, 0x51, 0x73, 0x66),
431		LL(0xeb, 0xeb, 0x8b, 0xeb, 0x0b, 0x60, 0xcb, 0xe0),
432		LL(0x3c, 0x3c, 0xf0, 0x3c, 0xfd, 0xcc, 0x78, 0xc1),
433		LL(0x81, 0x81, 0x3e, 0x81, 0x7c, 0xbf, 0x1f, 0xfd),
434		LL(0x94, 0x94, 0x6a, 0x94, 0xd4, 0xfe, 0x35, 0x40),
435		LL(0xf7, 0xf7, 0xfb, 0xf7, 0xeb, 0x0c, 0xf3, 0x1c),
436		LL(0xb9, 0xb9, 0xde, 0xb9, 0xa1, 0x67, 0x6f, 0x18),
437		LL(0x13, 0x13, 0x4c, 0x13, 0x98, 0x5f, 0x26, 0x8b),
438		LL(0x2c, 0x2c, 0xb0, 0x2c, 0x7d, 0x9c, 0x58, 0x51),
439		LL(0xd3, 0xd3, 0x6b, 0xd3, 0xd6, 0xb8, 0xbb, 0x05),
440		LL(0xe7, 0xe7, 0xbb, 0xe7, 0x6b, 0x5c, 0xd3, 0x8c),
441		LL(0x6e, 0x6e, 0xa5, 0x6e, 0x57, 0xcb, 0xdc, 0x39),
442		LL(0xc4, 0xc4, 0x37, 0xc4, 0x6e, 0xf3, 0x95, 0xaa),
443		LL(0x03, 0x03, 0x0c, 0x03, 0x18, 0x0f, 0x06, 0x1b),
444		LL(0x56, 0x56, 0x45, 0x56, 0x8a, 0x13, 0xac, 0xdc),
445		LL(0x44, 0x44, 0x0d, 0x44, 0x1a, 0x49, 0x88, 0x5e),
446		LL(0x7f, 0x7f, 0xe1, 0x7f, 0xdf, 0x9e, 0xfe, 0xa0),
447		LL(0xa9, 0xa9, 0x9e, 0xa9, 0x21, 0x37, 0x4f, 0x88),
448		LL(0x2a, 0x2a, 0xa8, 0x2a, 0x4d, 0x82, 0x54, 0x67),
449		LL(0xbb, 0xbb, 0xd6, 0xbb, 0xb1, 0x6d, 0x6b, 0x0a),
450		LL(0xc1, 0xc1, 0x23, 0xc1, 0x46, 0xe2, 0x9f, 0x87),
451		LL(0x53, 0x53, 0x51, 0x53, 0xa2, 0x02, 0xa6, 0xf1),
452		LL(0xdc, 0xdc, 0x57, 0xdc, 0xae, 0x8b, 0xa5, 0x72),
453		LL(0x0b, 0x0b, 0x2c, 0x0b, 0x58, 0x27, 0x16, 0x53),
454		LL(0x9d, 0x9d, 0x4e, 0x9d, 0x9c, 0xd3, 0x27, 0x01),
455		LL(0x6c, 0x6c, 0xad, 0x6c, 0x47, 0xc1, 0xd8, 0x2b),
456		LL(0x31, 0x31, 0xc4, 0x31, 0x95, 0xf5, 0x62, 0xa4),
457		LL(0x74, 0x74, 0xcd, 0x74, 0x87, 0xb9, 0xe8, 0xf3),
458		LL(0xf6, 0xf6, 0xff, 0xf6, 0xe3, 0x09, 0xf1, 0x15),
459		LL(0x46, 0x46, 0x05, 0x46, 0x0a, 0x43, 0x8c, 0x4c),
460		LL(0xac, 0xac, 0x8a, 0xac, 0x09, 0x26, 0x45, 0xa5),
461		LL(0x89, 0x89, 0x1e, 0x89, 0x3c, 0x97, 0x0f, 0xb5),
462		LL(0x14, 0x14, 0x50, 0x14, 0xa0, 0x44, 0x28, 0xb4),
463		LL(0xe1, 0xe1, 0xa3, 0xe1, 0x5b, 0x42, 0xdf, 0xba),
464		LL(0x16, 0x16, 0x58, 0x16, 0xb0, 0x4e, 0x2c, 0xa6),
465		LL(0x3a, 0x3a, 0xe8, 0x3a, 0xcd, 0xd2, 0x74, 0xf7),
466		LL(0x69, 0x69, 0xb9, 0x69, 0x6f, 0xd0, 0xd2, 0x06),
467		LL(0x09, 0x09, 0x24, 0x09, 0x48, 0x2d, 0x12, 0x41),
468		LL(0x70, 0x70, 0xdd, 0x70, 0xa7, 0xad, 0xe0, 0xd7),
469		LL(0xb6, 0xb6, 0xe2, 0xb6, 0xd9, 0x54, 0x71, 0x6f),
470		LL(0xd0, 0xd0, 0x67, 0xd0, 0xce, 0xb7, 0xbd, 0x1e),
471		LL(0xed, 0xed, 0x93, 0xed, 0x3b, 0x7e, 0xc7, 0xd6),
472		LL(0xcc, 0xcc, 0x17, 0xcc, 0x2e, 0xdb, 0x85, 0xe2),
473		LL(0x42, 0x42, 0x15, 0x42, 0x2a, 0x57, 0x84, 0x68),
474		LL(0x98, 0x98, 0x5a, 0x98, 0xb4, 0xc2, 0x2d, 0x2c),
475		LL(0xa4, 0xa4, 0xaa, 0xa4, 0x49, 0x0e, 0x55, 0xed),
476		LL(0x28, 0x28, 0xa0, 0x28, 0x5d, 0x88, 0x50, 0x75),
477		LL(0x5c, 0x5c, 0x6d, 0x5c, 0xda, 0x31, 0xb8, 0x86),
478		LL(0xf8, 0xf8, 0xc7, 0xf8, 0x93, 0x3f, 0xed, 0x6b),
479		LL(0x86, 0x86, 0x22, 0x86, 0x44, 0xa4, 0x11, 0xc2),
480	0	#define RC (&(Cx.q[256*N]))
481		0x18, 0x23, 0xc6, 0xe8, 0x87, 0xb8, 0x01, 0x4f,
482		/* rc[ROUNDS] */
483		0x36, 0xa6, 0xd2, 0xf5, 0x79, 0x6f, 0x91, 0x52, 0x60, 0xbc, 0x9b,
484		0x8e, 0xa3, 0x0c, 0x7b, 0x35, 0x1d, 0xe0, 0xd7, 0xc2, 0x2e, 0x4b,
485		0xfe, 0x57, 0x15, 0x77, 0x37, 0xe5, 0x9f, 0xf0, 0x4a, 0xda, 0x58,
486		0xc9, 0x29, 0x0a, 0xb1, 0xa0, 0x6b, 0x85, 0xbd, 0x5d, 0x10, 0xf4,
487		0xcb, 0x3e, 0x05, 0x67, 0xe4, 0x27, 0x41, 0x8b, 0xa7, 0x7d, 0x95,
488		0xd8, 0xfb, 0xee, 0x7c, 0x66, 0xdd, 0x17, 0x47, 0x9e, 0xca, 0x2d,
489		0xbf, 0x07, 0xad, 0x5a, 0x83, 0x33
490		}
491		};
492
493		void whirlpool_block(WHIRLPOOL_CTX ctx, const void inp, size_t n)
494	0	{
495	0	int r;
496	0	const u8 *p = inp;
497	0	union {
498	0	u64 q[8];
499	0	u8 c[64];
500	0	} S, K, H = (void )ctx->H.q;
501
502		#ifdef GO_FOR_MMX
503		GO_FOR_MMX(ctx, inp, n);
504		#endif
505	0	do {
506		#ifdef OPENSSL_SMALL_FOOTPRINT
507		u64 L[8];
508		int i;
509
510		for (i = 0; i < 64; i++)
511		S.c[i] = (K.c[i] = H->c[i]) ^ p[i];
512		for (r = 0; r < ROUNDS; r++) {
513		for (i = 0; i < 8; i++) {
514		L[i] = i ? 0 : RC[r];
515		L[i] ^= C0(K, i) ^ C1(K, (i - 1) & 7) ^
516		C2(K, (i - 2) & 7) ^ C3(K, (i - 3) & 7) ^
517		C4(K, (i - 4) & 7) ^ C5(K, (i - 5) & 7) ^
518		C6(K, (i - 6) & 7) ^ C7(K, (i - 7) & 7);
519		}
520		memcpy(K.q, L, 64);
521		for (i = 0; i < 8; i++) {
522		L[i] ^= C0(S, i) ^ C1(S, (i - 1) & 7) ^
523		C2(S, (i - 2) & 7) ^ C3(S, (i - 3) & 7) ^
524		C4(S, (i - 4) & 7) ^ C5(S, (i - 5) & 7) ^
525		C6(S, (i - 6) & 7) ^ C7(S, (i - 7) & 7);
526		}
527		memcpy(S.q, L, 64);
528		}
529		for (i = 0; i < 64; i++)
530		H->c[i] ^= S.c[i] ^ p[i];
531		#else
532	0	u64 L0, L1, L2, L3, L4, L5, L6, L7;
533
534		# ifdef STRICT_ALIGNMENT
535		if ((size_t)p & 7) {
536		memcpy(S.c, p, 64);
537		S.q[0] ^= (K.q[0] = H->q[0]);
538		S.q[1] ^= (K.q[1] = H->q[1]);
539		S.q[2] ^= (K.q[2] = H->q[2]);
540		S.q[3] ^= (K.q[3] = H->q[3]);
541		S.q[4] ^= (K.q[4] = H->q[4]);
542		S.q[5] ^= (K.q[5] = H->q[5]);
543		S.q[6] ^= (K.q[6] = H->q[6]);
544		S.q[7] ^= (K.q[7] = H->q[7]);
545		} else
546		# endif
547	0	{
548	0	const u64_aX pa = (const u64_aX )p;
549	0	S.q[0] = (K.q[0] = H->q[0]) ^ pa[0];
550	0	S.q[1] = (K.q[1] = H->q[1]) ^ pa[1];
551	0	S.q[2] = (K.q[2] = H->q[2]) ^ pa[2];
552	0	S.q[3] = (K.q[3] = H->q[3]) ^ pa[3];
553	0	S.q[4] = (K.q[4] = H->q[4]) ^ pa[4];
554	0	S.q[5] = (K.q[5] = H->q[5]) ^ pa[5];
555	0	S.q[6] = (K.q[6] = H->q[6]) ^ pa[6];
556	0	S.q[7] = (K.q[7] = H->q[7]) ^ pa[7];
557	0	}
558
559	0	for (r = 0; r < ROUNDS; r++) {
560		# ifdef SMALL_REGISTER_BANK
561		L0 = C0(K, 0) ^ C1(K, 7) ^ C2(K, 6) ^ C3(K, 5) ^
562		C4(K, 4) ^ C5(K, 3) ^ C6(K, 2) ^ C7(K, 1) ^ RC[r];
563		L1 = C0(K, 1) ^ C1(K, 0) ^ C2(K, 7) ^ C3(K, 6) ^
564		C4(K, 5) ^ C5(K, 4) ^ C6(K, 3) ^ C7(K, 2);
565		L2 = C0(K, 2) ^ C1(K, 1) ^ C2(K, 0) ^ C3(K, 7) ^
566		C4(K, 6) ^ C5(K, 5) ^ C6(K, 4) ^ C7(K, 3);
567		L3 = C0(K, 3) ^ C1(K, 2) ^ C2(K, 1) ^ C3(K, 0) ^
568		C4(K, 7) ^ C5(K, 6) ^ C6(K, 5) ^ C7(K, 4);
569		L4 = C0(K, 4) ^ C1(K, 3) ^ C2(K, 2) ^ C3(K, 1) ^
570		C4(K, 0) ^ C5(K, 7) ^ C6(K, 6) ^ C7(K, 5);
571		L5 = C0(K, 5) ^ C1(K, 4) ^ C2(K, 3) ^ C3(K, 2) ^
572		C4(K, 1) ^ C5(K, 0) ^ C6(K, 7) ^ C7(K, 6);
573		L6 = C0(K, 6) ^ C1(K, 5) ^ C2(K, 4) ^ C3(K, 3) ^
574		C4(K, 2) ^ C5(K, 1) ^ C6(K, 0) ^ C7(K, 7);
575		L7 = C0(K, 7) ^ C1(K, 6) ^ C2(K, 5) ^ C3(K, 4) ^
576		C4(K, 3) ^ C5(K, 2) ^ C6(K, 1) ^ C7(K, 0);
577
578		K.q[0] = L0;
579		K.q[1] = L1;
580		K.q[2] = L2;
581		K.q[3] = L3;
582		K.q[4] = L4;
583		K.q[5] = L5;
584		K.q[6] = L6;
585		K.q[7] = L7;
586
587		L0 ^= C0(S, 0) ^ C1(S, 7) ^ C2(S, 6) ^ C3(S, 5) ^
588		C4(S, 4) ^ C5(S, 3) ^ C6(S, 2) ^ C7(S, 1);
589		L1 ^= C0(S, 1) ^ C1(S, 0) ^ C2(S, 7) ^ C3(S, 6) ^
590		C4(S, 5) ^ C5(S, 4) ^ C6(S, 3) ^ C7(S, 2);
591		L2 ^= C0(S, 2) ^ C1(S, 1) ^ C2(S, 0) ^ C3(S, 7) ^
592		C4(S, 6) ^ C5(S, 5) ^ C6(S, 4) ^ C7(S, 3);
593		L3 ^= C0(S, 3) ^ C1(S, 2) ^ C2(S, 1) ^ C3(S, 0) ^
594		C4(S, 7) ^ C5(S, 6) ^ C6(S, 5) ^ C7(S, 4);
595		L4 ^= C0(S, 4) ^ C1(S, 3) ^ C2(S, 2) ^ C3(S, 1) ^
596		C4(S, 0) ^ C5(S, 7) ^ C6(S, 6) ^ C7(S, 5);
597		L5 ^= C0(S, 5) ^ C1(S, 4) ^ C2(S, 3) ^ C3(S, 2) ^
598		C4(S, 1) ^ C5(S, 0) ^ C6(S, 7) ^ C7(S, 6);
599		L6 ^= C0(S, 6) ^ C1(S, 5) ^ C2(S, 4) ^ C3(S, 3) ^
600		C4(S, 2) ^ C5(S, 1) ^ C6(S, 0) ^ C7(S, 7);
601		L7 ^= C0(S, 7) ^ C1(S, 6) ^ C2(S, 5) ^ C3(S, 4) ^
602		C4(S, 3) ^ C5(S, 2) ^ C6(S, 1) ^ C7(S, 0);
603
604		S.q[0] = L0;
605		S.q[1] = L1;
606		S.q[2] = L2;
607		S.q[3] = L3;
608		S.q[4] = L4;
609		S.q[5] = L5;
610		S.q[6] = L6;
611		S.q[7] = L7;
612		# else
613	0	L0 = C0(K, 0);
614	0	L1 = C1(K, 0);
615	0	L2 = C2(K, 0);
616	0	L3 = C3(K, 0);
617	0	L4 = C4(K, 0);
618	0	L5 = C5(K, 0);
619	0	L6 = C6(K, 0);
620	0	L7 = C7(K, 0);
621	0	L0 ^= RC[r];
622
623	0	L1 ^= C0(K, 1);
624	0	L2 ^= C1(K, 1);
625	0	L3 ^= C2(K, 1);
626	0	L4 ^= C3(K, 1);
627	0	L5 ^= C4(K, 1);
628	0	L6 ^= C5(K, 1);
629	0	L7 ^= C6(K, 1);
630	0	L0 ^= C7(K, 1);
631
632	0	L2 ^= C0(K, 2);
633	0	L3 ^= C1(K, 2);
634	0	L4 ^= C2(K, 2);
635	0	L5 ^= C3(K, 2);
636	0	L6 ^= C4(K, 2);
637	0	L7 ^= C5(K, 2);
638	0	L0 ^= C6(K, 2);
639	0	L1 ^= C7(K, 2);
640
641	0	L3 ^= C0(K, 3);
642	0	L4 ^= C1(K, 3);
643	0	L5 ^= C2(K, 3);
644	0	L6 ^= C3(K, 3);
645	0	L7 ^= C4(K, 3);
646	0	L0 ^= C5(K, 3);
647	0	L1 ^= C6(K, 3);
648	0	L2 ^= C7(K, 3);
649
650	0	L4 ^= C0(K, 4);
651	0	L5 ^= C1(K, 4);
652	0	L6 ^= C2(K, 4);
653	0	L7 ^= C3(K, 4);
654	0	L0 ^= C4(K, 4);
655	0	L1 ^= C5(K, 4);
656	0	L2 ^= C6(K, 4);
657	0	L3 ^= C7(K, 4);
658
659	0	L5 ^= C0(K, 5);
660	0	L6 ^= C1(K, 5);
661	0	L7 ^= C2(K, 5);
662	0	L0 ^= C3(K, 5);
663	0	L1 ^= C4(K, 5);
664	0	L2 ^= C5(K, 5);
665	0	L3 ^= C6(K, 5);
666	0	L4 ^= C7(K, 5);
667
668	0	L6 ^= C0(K, 6);
669	0	L7 ^= C1(K, 6);
670	0	L0 ^= C2(K, 6);
671	0	L1 ^= C3(K, 6);
672	0	L2 ^= C4(K, 6);
673	0	L3 ^= C5(K, 6);
674	0	L4 ^= C6(K, 6);
675	0	L5 ^= C7(K, 6);
676
677	0	L7 ^= C0(K, 7);
678	0	L0 ^= C1(K, 7);
679	0	L1 ^= C2(K, 7);
680	0	L2 ^= C3(K, 7);
681	0	L3 ^= C4(K, 7);
682	0	L4 ^= C5(K, 7);
683	0	L5 ^= C6(K, 7);
684	0	L6 ^= C7(K, 7);
685
686	0	K.q[0] = L0;
687	0	K.q[1] = L1;
688	0	K.q[2] = L2;
689	0	K.q[3] = L3;
690	0	K.q[4] = L4;
691	0	K.q[5] = L5;
692	0	K.q[6] = L6;
693	0	K.q[7] = L7;
694
695	0	L0 ^= C0(S, 0);
696	0	L1 ^= C1(S, 0);
697	0	L2 ^= C2(S, 0);
698	0	L3 ^= C3(S, 0);
699	0	L4 ^= C4(S, 0);
700	0	L5 ^= C5(S, 0);
701	0	L6 ^= C6(S, 0);
702	0	L7 ^= C7(S, 0);
703
704	0	L1 ^= C0(S, 1);
705	0	L2 ^= C1(S, 1);
706	0	L3 ^= C2(S, 1);
707	0	L4 ^= C3(S, 1);
708	0	L5 ^= C4(S, 1);
709	0	L6 ^= C5(S, 1);
710	0	L7 ^= C6(S, 1);
711	0	L0 ^= C7(S, 1);
712
713	0	L2 ^= C0(S, 2);
714	0	L3 ^= C1(S, 2);
715	0	L4 ^= C2(S, 2);
716	0	L5 ^= C3(S, 2);
717	0	L6 ^= C4(S, 2);
718	0	L7 ^= C5(S, 2);
719	0	L0 ^= C6(S, 2);
720	0	L1 ^= C7(S, 2);
721
722	0	L3 ^= C0(S, 3);
723	0	L4 ^= C1(S, 3);
724	0	L5 ^= C2(S, 3);
725	0	L6 ^= C3(S, 3);
726	0	L7 ^= C4(S, 3);
727	0	L0 ^= C5(S, 3);
728	0	L1 ^= C6(S, 3);
729	0	L2 ^= C7(S, 3);
730
731	0	L4 ^= C0(S, 4);
732	0	L5 ^= C1(S, 4);
733	0	L6 ^= C2(S, 4);
734	0	L7 ^= C3(S, 4);
735	0	L0 ^= C4(S, 4);
736	0	L1 ^= C5(S, 4);
737	0	L2 ^= C6(S, 4);
738	0	L3 ^= C7(S, 4);
739
740	0	L5 ^= C0(S, 5);
741	0	L6 ^= C1(S, 5);
742	0	L7 ^= C2(S, 5);
743	0	L0 ^= C3(S, 5);
744	0	L1 ^= C4(S, 5);
745	0	L2 ^= C5(S, 5);
746	0	L3 ^= C6(S, 5);
747	0	L4 ^= C7(S, 5);
748
749	0	L6 ^= C0(S, 6);
750	0	L7 ^= C1(S, 6);
751	0	L0 ^= C2(S, 6);
752	0	L1 ^= C3(S, 6);
753	0	L2 ^= C4(S, 6);
754	0	L3 ^= C5(S, 6);
755	0	L4 ^= C6(S, 6);
756	0	L5 ^= C7(S, 6);
757
758	0	L7 ^= C0(S, 7);
759	0	L0 ^= C1(S, 7);
760	0	L1 ^= C2(S, 7);
761	0	L2 ^= C3(S, 7);
762	0	L3 ^= C4(S, 7);
763	0	L4 ^= C5(S, 7);
764	0	L5 ^= C6(S, 7);
765	0	L6 ^= C7(S, 7);
766
767	0	S.q[0] = L0;
768	0	S.q[1] = L1;
769	0	S.q[2] = L2;
770	0	S.q[3] = L3;
771	0	S.q[4] = L4;
772	0	S.q[5] = L5;
773	0	S.q[6] = L6;
774	0	S.q[7] = L7;
775	0	# endif
776	0	}
777
778		# ifdef STRICT_ALIGNMENT
779		if ((size_t)p & 7) {
780		int i;
781		for (i = 0; i < 64; i++)
782		H->c[i] ^= S.c[i] ^ p[i];
783		} else
784		# endif
785	0	{
786	0	const u64_aX pa = (const u64_aX )p;
787	0	H->q[0] ^= S.q[0] ^ pa[0];
788	0	H->q[1] ^= S.q[1] ^ pa[1];
789	0	H->q[2] ^= S.q[2] ^ pa[2];
790	0	H->q[3] ^= S.q[3] ^ pa[3];
791	0	H->q[4] ^= S.q[4] ^ pa[4];
792	0	H->q[5] ^= S.q[5] ^ pa[5];
793	0	H->q[6] ^= S.q[6] ^ pa[6];
794	0	H->q[7] ^= S.q[7] ^ pa[7];
795	0	}
796	0	#endif
797	0	p += 64;
798	0	} while (--n);
799	0	}

Coverage Report

Created: 2025-11-15 06:54