1 /* crypto/sha/sha512.c */
2 /* ====================================================================
3 * Copyright (c) 2004 The OpenSSL Project. All rights reserved
4 * according to the OpenSSL license [found in ../../LICENSE].
5 * ====================================================================
7 #include <openssl/opensslconf.h>
8 #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA512)
10 * IMPLEMENTATION NOTES.
12 * As you might have noticed 32-bit hash algorithms:
14 * - permit SHA_LONG to be wider than 32-bit (case on CRAY);
15 * - optimized versions implement two transform functions: one operating
16 * on [aligned] data in host byte order and one - on data in input
18 * - share common byte-order neutral collector and padding function
19 * implementations, ../md32_common.h;
21 * Neither of the above applies to this SHA-512 implementations. Reasons
22 * [in reverse order] are:
24 * - it's the only 64-bit hash algorithm for the moment of this writing,
25 * there is no need for common collector/padding implementation [yet];
26 * - by supporting only one transform function [which operates on
27 * *aligned* data in input stream byte order, big-endian in this case]
28 * we minimize burden of maintenance in two ways: a) collector/padding
29 * function is simpler; b) only one transform function to stare at;
30 * - SHA_LONG64 is required to be exactly 64-bit in order to be able to
31 * apply a number of optimizations to mitigate potential performance
32 * penalties caused by previous design decision;
36 * Implementation relies on the fact that "long long" is 64-bit on
37 * both 32- and 64-bit platforms. If some compiler vendor comes up
38 * with 128-bit long long, adjustment to sha.h would be required.
39 * As this implementation relies on 64-bit integer type, it's totally
40 * inappropriate for platforms which don't support it, most notably
42 * <appro@fy.chalmers.se>
47 #include <openssl/crypto.h>
48 #include <openssl/sha.h>
49 #include <openssl/opensslv.h>
54 const char SHA512_version[]="SHA-512" OPENSSL_VERSION_PTEXT;
56 #if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \
57 defined(__x86_64) || defined(_M_AMD64) || defined(_M_X64) || \
58 defined(__s390__) || defined(__s390x__) || \
59 defined(__aarch64__) || \
61 #define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA
64 int SHA384_Init (SHA512_CTX *c)
66 c->h[0]=U64(0xcbbb9d5dc1059ed8);
67 c->h[1]=U64(0x629a292a367cd507);
68 c->h[2]=U64(0x9159015a3070dd17);
69 c->h[3]=U64(0x152fecd8f70e5939);
70 c->h[4]=U64(0x67332667ffc00b31);
71 c->h[5]=U64(0x8eb44a8768581511);
72 c->h[6]=U64(0xdb0c2e0d64f98fa7);
73 c->h[7]=U64(0x47b5481dbefa4fa4);
76 c->num=0; c->md_len=SHA384_DIGEST_LENGTH;
80 int SHA512_Init (SHA512_CTX *c)
82 c->h[0]=U64(0x6a09e667f3bcc908);
83 c->h[1]=U64(0xbb67ae8584caa73b);
84 c->h[2]=U64(0x3c6ef372fe94f82b);
85 c->h[3]=U64(0xa54ff53a5f1d36f1);
86 c->h[4]=U64(0x510e527fade682d1);
87 c->h[5]=U64(0x9b05688c2b3e6c1f);
88 c->h[6]=U64(0x1f83d9abfb41bd6b);
89 c->h[7]=U64(0x5be0cd19137e2179);
92 c->num=0; c->md_len=SHA512_DIGEST_LENGTH;
99 void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num);
101 int SHA512_Final (unsigned char *md, SHA512_CTX *c)
103 unsigned char *p=(unsigned char *)c->u.p;
106 p[n]=0x80; /* There always is a room for one */
108 if (n > (sizeof(c->u)-16))
109 memset (p+n,0,sizeof(c->u)-n), n=0,
110 sha512_block_data_order (c,p,1);
112 memset (p+n,0,sizeof(c->u)-16-n);
114 c->u.d[SHA_LBLOCK-2] = c->Nh;
115 c->u.d[SHA_LBLOCK-1] = c->Nl;
117 p[sizeof(c->u)-1] = (unsigned char)(c->Nl);
118 p[sizeof(c->u)-2] = (unsigned char)(c->Nl>>8);
119 p[sizeof(c->u)-3] = (unsigned char)(c->Nl>>16);
120 p[sizeof(c->u)-4] = (unsigned char)(c->Nl>>24);
121 p[sizeof(c->u)-5] = (unsigned char)(c->Nl>>32);
122 p[sizeof(c->u)-6] = (unsigned char)(c->Nl>>40);
123 p[sizeof(c->u)-7] = (unsigned char)(c->Nl>>48);
124 p[sizeof(c->u)-8] = (unsigned char)(c->Nl>>56);
125 p[sizeof(c->u)-9] = (unsigned char)(c->Nh);
126 p[sizeof(c->u)-10] = (unsigned char)(c->Nh>>8);
127 p[sizeof(c->u)-11] = (unsigned char)(c->Nh>>16);
128 p[sizeof(c->u)-12] = (unsigned char)(c->Nh>>24);
129 p[sizeof(c->u)-13] = (unsigned char)(c->Nh>>32);
130 p[sizeof(c->u)-14] = (unsigned char)(c->Nh>>40);
131 p[sizeof(c->u)-15] = (unsigned char)(c->Nh>>48);
132 p[sizeof(c->u)-16] = (unsigned char)(c->Nh>>56);
135 sha512_block_data_order (c,p,1);
141 /* Let compiler decide if it's appropriate to unroll... */
142 case SHA384_DIGEST_LENGTH:
143 for (n=0;n<SHA384_DIGEST_LENGTH/8;n++)
145 SHA_LONG64 t = c->h[n];
147 *(md++) = (unsigned char)(t>>56);
148 *(md++) = (unsigned char)(t>>48);
149 *(md++) = (unsigned char)(t>>40);
150 *(md++) = (unsigned char)(t>>32);
151 *(md++) = (unsigned char)(t>>24);
152 *(md++) = (unsigned char)(t>>16);
153 *(md++) = (unsigned char)(t>>8);
154 *(md++) = (unsigned char)(t);
157 case SHA512_DIGEST_LENGTH:
158 for (n=0;n<SHA512_DIGEST_LENGTH/8;n++)
160 SHA_LONG64 t = c->h[n];
162 *(md++) = (unsigned char)(t>>56);
163 *(md++) = (unsigned char)(t>>48);
164 *(md++) = (unsigned char)(t>>40);
165 *(md++) = (unsigned char)(t>>32);
166 *(md++) = (unsigned char)(t>>24);
167 *(md++) = (unsigned char)(t>>16);
168 *(md++) = (unsigned char)(t>>8);
169 *(md++) = (unsigned char)(t);
172 /* ... as well as make sure md_len is not abused. */
179 int SHA384_Final (unsigned char *md,SHA512_CTX *c)
180 { return SHA512_Final (md,c); }
182 int SHA512_Update (SHA512_CTX *c, const void *_data, size_t len)
185 unsigned char *p=c->u.p;
186 const unsigned char *data=(const unsigned char *)_data;
188 if (len==0) return 1;
190 l = (c->Nl+(((SHA_LONG64)len)<<3))&U64(0xffffffffffffffff);
191 if (l < c->Nl) c->Nh++;
192 if (sizeof(len)>=8) c->Nh+=(((SHA_LONG64)len)>>61);
197 size_t n = sizeof(c->u) - c->num;
201 memcpy (p+c->num,data,len), c->num += (unsigned int)len;
205 memcpy (p+c->num,data,n), c->num = 0;
207 sha512_block_data_order (c,p,1);
211 if (len >= sizeof(c->u))
213 #ifndef SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA
214 if ((size_t)data%sizeof(c->u.d[0]) != 0)
215 while (len >= sizeof(c->u))
216 memcpy (p,data,sizeof(c->u)),
217 sha512_block_data_order (c,p,1),
219 data += sizeof(c->u);
222 sha512_block_data_order (c,data,len/sizeof(c->u)),
228 if (len != 0) memcpy (p,data,len), c->num = (int)len;
233 int SHA384_Update (SHA512_CTX *c, const void *data, size_t len)
234 { return SHA512_Update (c,data,len); }
236 void SHA512_Transform (SHA512_CTX *c, const unsigned char *data)
237 { sha512_block_data_order (c,data,1); }
239 unsigned char *SHA384(const unsigned char *d, size_t n, unsigned char *md)
242 static unsigned char m[SHA384_DIGEST_LENGTH];
244 if (md == NULL) md=m;
246 SHA512_Update(&c,d,n);
248 OPENSSL_cleanse(&c,sizeof(c));
252 unsigned char *SHA512(const unsigned char *d, size_t n, unsigned char *md)
255 static unsigned char m[SHA512_DIGEST_LENGTH];
257 if (md == NULL) md=m;
259 SHA512_Update(&c,d,n);
261 OPENSSL_cleanse(&c,sizeof(c));
267 static const SHA_LONG64 K512[80] = {
268 U64(0x428a2f98d728ae22),U64(0x7137449123ef65cd),
269 U64(0xb5c0fbcfec4d3b2f),U64(0xe9b5dba58189dbbc),
270 U64(0x3956c25bf348b538),U64(0x59f111f1b605d019),
271 U64(0x923f82a4af194f9b),U64(0xab1c5ed5da6d8118),
272 U64(0xd807aa98a3030242),U64(0x12835b0145706fbe),
273 U64(0x243185be4ee4b28c),U64(0x550c7dc3d5ffb4e2),
274 U64(0x72be5d74f27b896f),U64(0x80deb1fe3b1696b1),
275 U64(0x9bdc06a725c71235),U64(0xc19bf174cf692694),
276 U64(0xe49b69c19ef14ad2),U64(0xefbe4786384f25e3),
277 U64(0x0fc19dc68b8cd5b5),U64(0x240ca1cc77ac9c65),
278 U64(0x2de92c6f592b0275),U64(0x4a7484aa6ea6e483),
279 U64(0x5cb0a9dcbd41fbd4),U64(0x76f988da831153b5),
280 U64(0x983e5152ee66dfab),U64(0xa831c66d2db43210),
281 U64(0xb00327c898fb213f),U64(0xbf597fc7beef0ee4),
282 U64(0xc6e00bf33da88fc2),U64(0xd5a79147930aa725),
283 U64(0x06ca6351e003826f),U64(0x142929670a0e6e70),
284 U64(0x27b70a8546d22ffc),U64(0x2e1b21385c26c926),
285 U64(0x4d2c6dfc5ac42aed),U64(0x53380d139d95b3df),
286 U64(0x650a73548baf63de),U64(0x766a0abb3c77b2a8),
287 U64(0x81c2c92e47edaee6),U64(0x92722c851482353b),
288 U64(0xa2bfe8a14cf10364),U64(0xa81a664bbc423001),
289 U64(0xc24b8b70d0f89791),U64(0xc76c51a30654be30),
290 U64(0xd192e819d6ef5218),U64(0xd69906245565a910),
291 U64(0xf40e35855771202a),U64(0x106aa07032bbd1b8),
292 U64(0x19a4c116b8d2d0c8),U64(0x1e376c085141ab53),
293 U64(0x2748774cdf8eeb99),U64(0x34b0bcb5e19b48a8),
294 U64(0x391c0cb3c5c95a63),U64(0x4ed8aa4ae3418acb),
295 U64(0x5b9cca4f7763e373),U64(0x682e6ff3d6b2b8a3),
296 U64(0x748f82ee5defb2fc),U64(0x78a5636f43172f60),
297 U64(0x84c87814a1f0ab72),U64(0x8cc702081a6439ec),
298 U64(0x90befffa23631e28),U64(0xa4506cebde82bde9),
299 U64(0xbef9a3f7b2c67915),U64(0xc67178f2e372532b),
300 U64(0xca273eceea26619c),U64(0xd186b8c721c0c207),
301 U64(0xeada7dd6cde0eb1e),U64(0xf57d4f7fee6ed178),
302 U64(0x06f067aa72176fba),U64(0x0a637dc5a2c898a6),
303 U64(0x113f9804bef90dae),U64(0x1b710b35131c471b),
304 U64(0x28db77f523047d84),U64(0x32caab7b40c72493),
305 U64(0x3c9ebe0a15c9bebc),U64(0x431d67c49c100d4c),
306 U64(0x4cc5d4becb3e42b6),U64(0x597f299cfc657e2a),
307 U64(0x5fcb6fab3ad6faec),U64(0x6c44198c4a475817) };
310 # if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
311 # if defined(__x86_64) || defined(__x86_64__)
312 # define ROTR(a,n) ({ SHA_LONG64 ret; \
317 # if !defined(B_ENDIAN)
318 # define PULL64(x) ({ SHA_LONG64 ret=*((const SHA_LONG64 *)(&(x))); \
323 # elif (defined(__i386) || defined(__i386__)) && !defined(B_ENDIAN)
324 # if defined(I386_ONLY)
325 # define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\
326 unsigned int hi=p[0],lo=p[1]; \
327 asm("xchgb %%ah,%%al;xchgb %%dh,%%dl;"\
328 "roll $16,%%eax; roll $16,%%edx; "\
329 "xchgb %%ah,%%al;xchgb %%dh,%%dl;" \
330 : "=a"(lo),"=d"(hi) \
331 : "0"(lo),"1"(hi) : "cc"); \
332 ((SHA_LONG64)hi)<<32|lo; })
334 # define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\
335 unsigned int hi=p[0],lo=p[1]; \
336 asm ("bswapl %0; bswapl %1;" \
337 : "=r"(lo),"=r"(hi) \
338 : "0"(lo),"1"(hi)); \
339 ((SHA_LONG64)hi)<<32|lo; })
341 # elif (defined(_ARCH_PPC) && defined(__64BIT__)) || defined(_ARCH_PPC64)
342 # define ROTR(a,n) ({ SHA_LONG64 ret; \
343 asm ("rotrdi %0,%1,%2" \
345 : "r"(a),"K"(n)); ret; })
346 # elif defined(__aarch64__)
347 # define ROTR(a,n) ({ SHA_LONG64 ret; \
348 asm ("ror %0,%1,%2" \
350 : "r"(a),"I"(n)); ret; })
351 # if defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__) && \
352 __BYTE_ORDER__==__ORDER_LITTLE_ENDIAN__
353 # define PULL64(x) ({ SHA_LONG64 ret; \
356 : "r"(*((const SHA_LONG64 *)(&(x))))); ret; })
359 # elif defined(_MSC_VER)
360 # if defined(_WIN64) /* applies to both IA-64 and AMD64 */
361 # pragma intrinsic(_rotr64)
362 # define ROTR(a,n) _rotr64((a),n)
364 # if defined(_M_IX86) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
365 # if defined(I386_ONLY)
366 static SHA_LONG64 __fastcall __pull64be(const void *x)
367 { _asm mov edx, [ecx + 0]
368 _asm mov eax, [ecx + 4]
377 static SHA_LONG64 __fastcall __pull64be(const void *x)
378 { _asm mov edx, [ecx + 0]
379 _asm mov eax, [ecx + 4]
384 # define PULL64(x) __pull64be(&(x))
386 # pragma inline_depth(0)
393 #define B(x,j) (((SHA_LONG64)(*(((const unsigned char *)(&x))+j)))<<((7-j)*8))
394 #define PULL64(x) (B(x,0)|B(x,1)|B(x,2)|B(x,3)|B(x,4)|B(x,5)|B(x,6)|B(x,7))
398 #define ROTR(x,s) (((x)>>s) | (x)<<(64-s))
401 #define Sigma0(x) (ROTR((x),28) ^ ROTR((x),34) ^ ROTR((x),39))
402 #define Sigma1(x) (ROTR((x),14) ^ ROTR((x),18) ^ ROTR((x),41))
403 #define sigma0(x) (ROTR((x),1) ^ ROTR((x),8) ^ ((x)>>7))
404 #define sigma1(x) (ROTR((x),19) ^ ROTR((x),61) ^ ((x)>>6))
406 #define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z)))
407 #define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
410 #if defined(__i386) || defined(__i386__) || defined(_M_IX86)
412 * This code should give better results on 32-bit CPU with less than
413 * ~24 registers, both size and performance wise...
415 static void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num)
417 const SHA_LONG64 *W=in;
419 SHA_LONG64 X[9+80],*F;
425 A = ctx->h[0]; F[1] = ctx->h[1];
426 F[2] = ctx->h[2]; F[3] = ctx->h[3];
427 E = ctx->h[4]; F[5] = ctx->h[5];
428 F[6] = ctx->h[6]; F[7] = ctx->h[7];
430 for (i=0;i<16;i++,F--)
440 T += F[7] + Sigma1(E) + Ch(E,F[5],F[6]) + K512[i];
442 A = T + Sigma0(A) + Maj(A,F[1],F[2]);
447 T = sigma0(F[8+16-1]);
448 T += sigma1(F[8+16-14]);
449 T += F[8+16] + F[8+16-9];
454 T += F[7] + Sigma1(E) + Ch(E,F[5],F[6]) + K512[i];
456 A = T + Sigma0(A) + Maj(A,F[1],F[2]);
459 ctx->h[0] += A; ctx->h[1] += F[1];
460 ctx->h[2] += F[2]; ctx->h[3] += F[3];
461 ctx->h[4] += E; ctx->h[5] += F[5];
462 ctx->h[6] += F[6]; ctx->h[7] += F[7];
468 #elif defined(OPENSSL_SMALL_FOOTPRINT)
470 static void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num)
472 const SHA_LONG64 *W=in;
473 SHA_LONG64 a,b,c,d,e,f,g,h,s0,s1,T1,T2;
479 a = ctx->h[0]; b = ctx->h[1]; c = ctx->h[2]; d = ctx->h[3];
480 e = ctx->h[4]; f = ctx->h[5]; g = ctx->h[6]; h = ctx->h[7];
487 T1 = X[i] = PULL64(W[i]);
489 T1 += h + Sigma1(e) + Ch(e,f,g) + K512[i];
490 T2 = Sigma0(a) + Maj(a,b,c);
491 h = g; g = f; f = e; e = d + T1;
492 d = c; c = b; b = a; a = T1 + T2;
497 s0 = X[(i+1)&0x0f]; s0 = sigma0(s0);
498 s1 = X[(i+14)&0x0f]; s1 = sigma1(s1);
500 T1 = X[i&0xf] += s0 + s1 + X[(i+9)&0xf];
501 T1 += h + Sigma1(e) + Ch(e,f,g) + K512[i];
502 T2 = Sigma0(a) + Maj(a,b,c);
503 h = g; g = f; f = e; e = d + T1;
504 d = c; c = b; b = a; a = T1 + T2;
507 ctx->h[0] += a; ctx->h[1] += b; ctx->h[2] += c; ctx->h[3] += d;
508 ctx->h[4] += e; ctx->h[5] += f; ctx->h[6] += g; ctx->h[7] += h;
516 #define ROUND_00_15(i,a,b,c,d,e,f,g,h) do { \
517 T1 += h + Sigma1(e) + Ch(e,f,g) + K512[i]; \
518 h = Sigma0(a) + Maj(a,b,c); \
519 d += T1; h += T1; } while (0)
521 #define ROUND_16_80(i,j,a,b,c,d,e,f,g,h,X) do { \
522 s0 = X[(j+1)&0x0f]; s0 = sigma0(s0); \
523 s1 = X[(j+14)&0x0f]; s1 = sigma1(s1); \
524 T1 = X[(j)&0x0f] += s0 + s1 + X[(j+9)&0x0f]; \
525 ROUND_00_15(i+j,a,b,c,d,e,f,g,h); } while (0)
527 static void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num)
529 const SHA_LONG64 *W=in;
530 SHA_LONG64 a,b,c,d,e,f,g,h,s0,s1,T1;
536 a = ctx->h[0]; b = ctx->h[1]; c = ctx->h[2]; d = ctx->h[3];
537 e = ctx->h[4]; f = ctx->h[5]; g = ctx->h[6]; h = ctx->h[7];
540 T1 = X[0] = W[0]; ROUND_00_15(0,a,b,c,d,e,f,g,h);
541 T1 = X[1] = W[1]; ROUND_00_15(1,h,a,b,c,d,e,f,g);
542 T1 = X[2] = W[2]; ROUND_00_15(2,g,h,a,b,c,d,e,f);
543 T1 = X[3] = W[3]; ROUND_00_15(3,f,g,h,a,b,c,d,e);
544 T1 = X[4] = W[4]; ROUND_00_15(4,e,f,g,h,a,b,c,d);
545 T1 = X[5] = W[5]; ROUND_00_15(5,d,e,f,g,h,a,b,c);
546 T1 = X[6] = W[6]; ROUND_00_15(6,c,d,e,f,g,h,a,b);
547 T1 = X[7] = W[7]; ROUND_00_15(7,b,c,d,e,f,g,h,a);
548 T1 = X[8] = W[8]; ROUND_00_15(8,a,b,c,d,e,f,g,h);
549 T1 = X[9] = W[9]; ROUND_00_15(9,h,a,b,c,d,e,f,g);
550 T1 = X[10] = W[10]; ROUND_00_15(10,g,h,a,b,c,d,e,f);
551 T1 = X[11] = W[11]; ROUND_00_15(11,f,g,h,a,b,c,d,e);
552 T1 = X[12] = W[12]; ROUND_00_15(12,e,f,g,h,a,b,c,d);
553 T1 = X[13] = W[13]; ROUND_00_15(13,d,e,f,g,h,a,b,c);
554 T1 = X[14] = W[14]; ROUND_00_15(14,c,d,e,f,g,h,a,b);
555 T1 = X[15] = W[15]; ROUND_00_15(15,b,c,d,e,f,g,h,a);
557 T1 = X[0] = PULL64(W[0]); ROUND_00_15(0,a,b,c,d,e,f,g,h);
558 T1 = X[1] = PULL64(W[1]); ROUND_00_15(1,h,a,b,c,d,e,f,g);
559 T1 = X[2] = PULL64(W[2]); ROUND_00_15(2,g,h,a,b,c,d,e,f);
560 T1 = X[3] = PULL64(W[3]); ROUND_00_15(3,f,g,h,a,b,c,d,e);
561 T1 = X[4] = PULL64(W[4]); ROUND_00_15(4,e,f,g,h,a,b,c,d);
562 T1 = X[5] = PULL64(W[5]); ROUND_00_15(5,d,e,f,g,h,a,b,c);
563 T1 = X[6] = PULL64(W[6]); ROUND_00_15(6,c,d,e,f,g,h,a,b);
564 T1 = X[7] = PULL64(W[7]); ROUND_00_15(7,b,c,d,e,f,g,h,a);
565 T1 = X[8] = PULL64(W[8]); ROUND_00_15(8,a,b,c,d,e,f,g,h);
566 T1 = X[9] = PULL64(W[9]); ROUND_00_15(9,h,a,b,c,d,e,f,g);
567 T1 = X[10] = PULL64(W[10]); ROUND_00_15(10,g,h,a,b,c,d,e,f);
568 T1 = X[11] = PULL64(W[11]); ROUND_00_15(11,f,g,h,a,b,c,d,e);
569 T1 = X[12] = PULL64(W[12]); ROUND_00_15(12,e,f,g,h,a,b,c,d);
570 T1 = X[13] = PULL64(W[13]); ROUND_00_15(13,d,e,f,g,h,a,b,c);
571 T1 = X[14] = PULL64(W[14]); ROUND_00_15(14,c,d,e,f,g,h,a,b);
572 T1 = X[15] = PULL64(W[15]); ROUND_00_15(15,b,c,d,e,f,g,h,a);
575 for (i=16;i<80;i+=16)
577 ROUND_16_80(i, 0,a,b,c,d,e,f,g,h,X);
578 ROUND_16_80(i, 1,h,a,b,c,d,e,f,g,X);
579 ROUND_16_80(i, 2,g,h,a,b,c,d,e,f,X);
580 ROUND_16_80(i, 3,f,g,h,a,b,c,d,e,X);
581 ROUND_16_80(i, 4,e,f,g,h,a,b,c,d,X);
582 ROUND_16_80(i, 5,d,e,f,g,h,a,b,c,X);
583 ROUND_16_80(i, 6,c,d,e,f,g,h,a,b,X);
584 ROUND_16_80(i, 7,b,c,d,e,f,g,h,a,X);
585 ROUND_16_80(i, 8,a,b,c,d,e,f,g,h,X);
586 ROUND_16_80(i, 9,h,a,b,c,d,e,f,g,X);
587 ROUND_16_80(i,10,g,h,a,b,c,d,e,f,X);
588 ROUND_16_80(i,11,f,g,h,a,b,c,d,e,X);
589 ROUND_16_80(i,12,e,f,g,h,a,b,c,d,X);
590 ROUND_16_80(i,13,d,e,f,g,h,a,b,c,X);
591 ROUND_16_80(i,14,c,d,e,f,g,h,a,b,X);
592 ROUND_16_80(i,15,b,c,d,e,f,g,h,a,X);
595 ctx->h[0] += a; ctx->h[1] += b; ctx->h[2] += c; ctx->h[3] += d;
596 ctx->h[4] += e; ctx->h[5] += f; ctx->h[6] += g; ctx->h[7] += h;
604 #endif /* SHA512_ASM */
606 #else /* !OPENSSL_NO_SHA512 */
608 #if defined(PEDANTIC) || defined(__DECC) || defined(OPENSSL_SYS_MACOSX)
609 static void *dummy=&dummy;
612 #endif /* !OPENSSL_NO_SHA512 */