From: Andy Polyakov <appro@openssl.org>
Date: Thu, 13 May 2004 13:48:33 +0000 (+0000)
Subject: SHA-224/-256/-384/-512 implementation. This is just sheer code commit.
X-Git-Tag: BEN_FIPS_TEST_6~14^2~265
X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=c842261b1bf0570604585421f4a49027e60d1da9

SHA-224/-256/-384/-512 implementation. This is just sheer code commit.
Makefile modifications, make test, etc. will appear later...
---

diff --git a/crypto/sha/sha.h b/crypto/sha/sha.h
index 3fd54a10cc..9ef21414e5 100644
--- a/crypto/sha/sha.h
+++ b/crypto/sha/sha.h
@@ -114,6 +114,75 @@ int SHA1_Final(unsigned char *md, SHA_CTX *c);
 unsigned char *SHA1(const unsigned char *d, unsigned long n,unsigned char *md);
 void SHA1_Transform(SHA_CTX *c, const unsigned char *data);
 #endif
+
+#define SHA256_CBLOCK	(SHA_LBLOCK*4)	/* SHA-256 treats input data as a
+					 * contiguous array of 32 bit
+					 * wide big-endian values. */
+#define SHA224_DIGEST_LENGTH	28
+#define SHA256_DIGEST_LENGTH	32
+
+typedef struct SHA256state_st
+	{
+	SHA_LONG h[8];
+	SHA_LONG Nl,Nh;
+	SHA_LONG data[SHA_LBLOCK];
+	int num;
+	} SHA256_CTX;
+
+#ifndef OPENSSL_NO_SHA256
+int SHA224_Init(SHA256_CTX *c);
+int SHA224_Update(SHA256_CTX *c, const void *data, size_t len);
+int SHA224_Final(unsigned char *md, SHA256_CTX *c);
+unsigned char *SHA224(const unsigned char *d, size_t n,unsigned char *md);
+int SHA256_Init(SHA256_CTX *c);
+int SHA256_Update(SHA256_CTX *c, const void *data, size_t len);
+int SHA256_Final(unsigned char *md, SHA256_CTX *c);
+unsigned char *SHA256(const unsigned char *d, size_t n,unsigned char *md);
+void SHA256_Transform(SHA256_CTX *c, const unsigned char *data);
+#endif
+
+#define SHA384_DIGEST_LENGTH	48
+#define SHA512_DIGEST_LENGTH	64
+
+/*
+ * Unlike 32-bit digest algorithms, SHA-512 *relies* on SHA_LONG64
+ * being exactly 64-bit wide. See Implementation Notes in sha512.c
+ * for further details.
+ */
+#define SHA512_CBLOCK	(SHA_LBLOCK*8)	/* SHA-512 treats input data as a
+					 * contiguous array of 64 bit
+					 * wide big-endian values. */
+#if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__)
+#define SHA_LONG64 unsigned __int64
+#define U64(C)     C##UI64
+#else
+#define SHA_LONG64 unsigned long long
+#define U64(C)     C##ULL
+#endif
+
+typedef struct SHA512state_st
+	{
+	SHA_LONG64 h[8];
+	SHA_LONG64 Nl,Nh;
+	union {
+		SHA_LONG64	d[SHA_LBLOCK];
+		unsigned char	p[SHA512_CBLOCK];
+	} u;
+	int num;
+	} SHA512_CTX;
+
+#ifndef OPENSSL_NO_SHA512
+int SHA384_Init(SHA512_CTX *c);
+int SHA384_Update(SHA512_CTX *c, const void *data, size_t len);
+int SHA384_Final(unsigned char *md, SHA512_CTX *c);
+unsigned char *SHA384(const unsigned char *d, size_t n,unsigned char *md);
+int SHA512_Init(SHA512_CTX *c);
+int SHA512_Update(SHA512_CTX *c, const void *data, size_t len);
+int SHA512_Final(unsigned char *md, SHA512_CTX *c);
+unsigned char *SHA512(const unsigned char *d, size_t n,unsigned char *md);
+void SHA512_Transform(SHA512_CTX *c, const unsigned char *data);
+#endif
+
 #ifdef  __cplusplus
 }
 #endif
diff --git a/crypto/sha/sha256.c b/crypto/sha/sha256.c
new file mode 100644
index 0000000000..b5a9da1004
--- /dev/null
+++ b/crypto/sha/sha256.c
@@ -0,0 +1,283 @@
+/* crypto/sha/sha256.c */
+/* ====================================================================
+ * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
+ * ====================================================================
+ */
+#include <stdlib.h>
+#include <string.h>
+
+#include <openssl/opensslconf.h>
+#include <openssl/crypto.h>
+#include <openssl/sha.h>
+#include <openssl/opensslv.h>
+
+const char *SHA256_version="SHA-256" OPENSSL_VERSION_PTEXT;
+
+int SHA224_Init (SHA256_CTX *c)
+	{
+	c->h[0]=0xc1059ed8UL;	c->h[1]=0x367cd507UL;
+	c->h[2]=0x3070dd17UL;	c->h[3]=0xf70e5939UL;
+	c->h[4]=0xffc00b31UL;	c->h[5]=0x68581511UL;
+	c->h[6]=0x64f98fa7UL;	c->h[7]=0xbefa4fa4UL;
+        c->Nl=0;        c->Nh=0;
+        c->num=0;
+        return 1;
+	}
+
+int SHA256_Init (SHA256_CTX *c)
+	{
+	c->h[0]=0x6a09e667UL;	c->h[1]=0xbb67ae85UL;
+	c->h[2]=0x3c6ef372UL;	c->h[3]=0xa54ff53aUL;
+	c->h[4]=0x510e527fUL;	c->h[5]=0x9b05688cUL;
+	c->h[6]=0x1f83d9abUL;	c->h[7]=0x5be0cd19UL;
+        c->Nl=0;        c->Nh=0;
+        c->num=0;
+        return 1;
+	}
+
+unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md)
+	{
+	SHA256_CTX c;
+	static unsigned char m[SHA256_DIGEST_LENGTH];
+
+	SHA224_Init(&c);
+	SHA256_Update(&c,d,n);
+	SHA256_Final(m,&c);
+	if (md != NULL) memcpy (md,m,SHA224_DIGEST_LENGTH),
+			memset (m,0,sizeof(m));
+	else		md=m,
+			memset (m+SHA224_DIGEST_LENGTH,0,sizeof(m)-SHA256_DIGEST_LENGTH);
+	OPENSSL_cleanse(&c,sizeof(c));
+	return(md);
+	}
+
+unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md)
+	{
+	SHA256_CTX c;
+	static unsigned char m[SHA256_DIGEST_LENGTH];
+
+	if (md == NULL) md=m;
+	SHA256_Init(&c);
+	SHA256_Update(&c,d,n);
+	SHA256_Final(md,&c);
+	OPENSSL_cleanse(&c,sizeof(c));
+	return(md);
+	}
+
+#ifndef	SHA_LONG_LOG2
+#define	SHA_LONG_LOG2	2	/* default to 32 bits */
+#endif
+
+#define	DATA_ORDER_IS_BIG_ENDIAN
+
+#define	HASH_LONG		SHA_LONG
+#define	HASH_LONG_LOG2		SHA_LONG_LOG2
+#define	HASH_CTX		SHA256_CTX
+#define	HASH_CBLOCK		SHA_CBLOCK
+#define	HASH_LBLOCK		SHA_LBLOCK
+#define	HASH_MAKE_STRING(c,s)	do {	\
+	unsigned long ll;		\
+	ll=(c)->h[0]; HOST_l2c(ll,(s));	ll=(c)->h[1]; HOST_l2c(ll,(s));	\
+	ll=(c)->h[2]; HOST_l2c(ll,(s));	ll=(c)->h[3]; HOST_l2c(ll,(s));	\
+	ll=(c)->h[4]; HOST_l2c(ll,(s));	ll=(c)->h[5]; HOST_l2c(ll,(s));	\
+	ll=(c)->h[6]; HOST_l2c(ll,(s));	ll=(c)->h[7]; HOST_l2c(ll,(s));	\
+	} while (0)
+
+#define	HASH_UPDATE		SHA256_Update
+#define	HASH_TRANSFORM		SHA256_Transform
+#define	HASH_FINAL		SHA256_Final
+#define	HASH_BLOCK_HOST_ORDER	sha256_block_host_order
+#define	HASH_BLOCK_DATA_ORDER	sha256_block_data_order
+void sha256_block_host_order (SHA256_CTX *ctx, const void *in, size_t num);
+void sha256_block_data_order (SHA256_CTX *ctx, const void *in, size_t num);
+
+#include "md32_common.h"
+
+static const SHA_LONG K256[64] = {
+	0x428a2f98UL,0x71374491UL,0xb5c0fbcfUL,0xe9b5dba5UL,
+	0x3956c25bUL,0x59f111f1UL,0x923f82a4UL,0xab1c5ed5UL,
+	0xd807aa98UL,0x12835b01UL,0x243185beUL,0x550c7dc3UL,
+	0x72be5d74UL,0x80deb1feUL,0x9bdc06a7UL,0xc19bf174UL,
+	0xe49b69c1UL,0xefbe4786UL,0x0fc19dc6UL,0x240ca1ccUL,
+	0x2de92c6fUL,0x4a7484aaUL,0x5cb0a9dcUL,0x76f988daUL,
+	0x983e5152UL,0xa831c66dUL,0xb00327c8UL,0xbf597fc7UL,
+	0xc6e00bf3UL,0xd5a79147UL,0x06ca6351UL,0x14292967UL,
+	0x27b70a85UL,0x2e1b2138UL,0x4d2c6dfcUL,0x53380d13UL,
+	0x650a7354UL,0x766a0abbUL,0x81c2c92eUL,0x92722c85UL,
+	0xa2bfe8a1UL,0xa81a664bUL,0xc24b8b70UL,0xc76c51a3UL,
+	0xd192e819UL,0xd6990624UL,0xf40e3585UL,0x106aa070UL,
+	0x19a4c116UL,0x1e376c08UL,0x2748774cUL,0x34b0bcb5UL,
+	0x391c0cb3UL,0x4ed8aa4aUL,0x5b9cca4fUL,0x682e6ff3UL,
+	0x748f82eeUL,0x78a5636fUL,0x84c87814UL,0x8cc70208UL,
+	0x90befffaUL,0xa4506cebUL,0xbef9a3f7UL,0xc67178f2UL };
+
+/*
+ * FIPS specification refers to right rotations, while our ROTATE macro
+ * is left one. This is why you might notice that rotation coefficients
+ * differ from those observed in FIPS document by 32-N...
+ */
+#define Sigma0(x)	(ROTATE((x),30) ^ ROTATE((x),19) ^ ROTATE((x),10))
+#define Sigma1(x)	(ROTATE((x),26) ^ ROTATE((x),21) ^ ROTATE((x),7))
+#define sigma0(x)	(ROTATE((x),25) ^ ROTATE((x),14) ^ ((x)>>3))
+#define sigma1(x)	(ROTATE((x),15) ^ ROTATE((x),13) ^ ((x)>>10))
+
+#define Ch(x,y,z)	(((x) & (y)) ^ ((~(x)) & (z)))
+#define Maj(x,y,z)	(((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
+
+#ifdef OPENSSL_SMALL_FOOTPRINT
+
+static void sha256_block (SHA256_CTX *ctx, const void *in, size_t num, int host)
+	{
+	unsigned MD32_REG_T a,b,c,d,e,f,g,h,s0,s1,T1,T2;
+	SHA_LONG	X[16];
+	int i;
+
+			while (num--) {
+
+	a = ctx->h[0];	b = ctx->h[1];	c = ctx->h[2];	d = ctx->h[3];
+	e = ctx->h[4];	f = ctx->h[5];	g = ctx->h[6];	h = ctx->h[7];
+
+	if (host)
+		{
+		const SHA_LONG *W=in;
+
+		for (i=0;i<16;i++)
+			{
+			T1 = X[i] = W[i];
+			T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i];
+			T2 = Sigma0(a) + Maj(a,b,c);
+			h = g;	g = f;	f = e;	e = d + T1;
+			d = c;	c = b;	b = a;	a = T1 + T2;
+			}
+		}
+	else
+		{
+		const unsigned char *data=in;
+		SHA_LONG l;
+
+		for (i=0;i<16;i++)
+			{
+			HOST_c2l(data,l); T1 = X[i] = l;
+			T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i];
+			T2 = Sigma0(a) + Maj(a,b,c);
+			h = g;	g = f;	f = e;	e = d + T1;
+			d = c;	c = b;	b = a;	a = T1 + T2;
+			}
+		}
+
+	for (;i<64;i++)
+		{
+		s0 = X[(i+1)&0x0f];	s0 = sigma0(s0);
+		s1 = X[(i+14)&0x0f];	s1 = sigma1(s1);
+
+		T1 = X[i&0xf] += s0 + s1 + X[(i+9)&0xf];
+		T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i];
+		T2 = Sigma0(a) + Maj(a,b,c);
+		h = g;	g = f;	f = e;	e = d + T1;
+		d = c;	c = b;	b = a;	a = T1 + T2;
+		}
+
+	ctx->h[0] += a;	ctx->h[1] += b;	ctx->h[2] += c;	ctx->h[3] += d;
+	ctx->h[4] += e;	ctx->h[5] += f;	ctx->h[6] += g;	ctx->h[7] += h;
+
+			}
+}
+
+#else
+
+#define	ROUND_00_15(i,a,b,c,d,e,f,g,h)		do {	\
+	T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i];	\
+	h = Sigma0(a) + Maj(a,b,c);			\
+	d += T1;	h += T1;		} while (0)
+
+#define	ROUND_16_63(i,a,b,c,d,e,f,g,h,X)	do {	\
+	s0 = X[(i+1)&0x0f];	s0 = sigma0(s0);	\
+	s1 = X[(i+14)&0x0f];	s1 = sigma1(s1);	\
+	T1 = X[i&0x0f] += s0 + s1 + X[(i+9)&0x0f];	\
+	ROUND_00_15(i,a,b,c,d,e,f,g,h);		} while (0)
+
+static void sha256_block (SHA256_CTX *ctx, const void *in, size_t num, int host)
+	{
+	unsigned MD32_REG_T a,b,c,d,e,f,g,h,s0,s1,T1;
+	SHA_LONG	X[16];
+	int i;
+
+			while (num--) {
+
+	a = ctx->h[0];	b = ctx->h[1];	c = ctx->h[2];	d = ctx->h[3];
+	e = ctx->h[4];	f = ctx->h[5];	g = ctx->h[6];	h = ctx->h[7];
+
+	if (host)
+		{
+		const SHA_LONG *W=in;
+
+		T1 = X[0] = W[0];	ROUND_00_15(0,a,b,c,d,e,f,g,h);
+		T1 = X[1] = W[1];	ROUND_00_15(1,h,a,b,c,d,e,f,g);
+		T1 = X[2] = W[2];	ROUND_00_15(2,g,h,a,b,c,d,e,f);
+		T1 = X[3] = W[3];	ROUND_00_15(3,f,g,h,a,b,c,d,e);
+		T1 = X[4] = W[4];	ROUND_00_15(4,e,f,g,h,a,b,c,d);
+		T1 = X[5] = W[5];	ROUND_00_15(5,d,e,f,g,h,a,b,c);
+		T1 = X[6] = W[6];	ROUND_00_15(6,c,d,e,f,g,h,a,b);
+		T1 = X[7] = W[7];	ROUND_00_15(7,b,c,d,e,f,g,h,a);
+		T1 = X[8] = W[8];	ROUND_00_15(8,a,b,c,d,e,f,g,h);
+		T1 = X[9] = W[9];	ROUND_00_15(9,h,a,b,c,d,e,f,g);
+		T1 = X[10] = W[10];	ROUND_00_15(10,g,h,a,b,c,d,e,f);
+		T1 = X[11] = W[11];	ROUND_00_15(11,f,g,h,a,b,c,d,e);
+		T1 = X[12] = W[12];	ROUND_00_15(12,e,f,g,h,a,b,c,d);
+		T1 = X[13] = W[13];	ROUND_00_15(13,d,e,f,g,h,a,b,c);
+		T1 = X[14] = W[14];	ROUND_00_15(14,c,d,e,f,g,h,a,b);
+		T1 = X[15] = W[15];	ROUND_00_15(15,b,c,d,e,f,g,h,a);
+		}
+	else
+		{
+		const unsigned char *data=in;
+		SHA_LONG l;
+
+		HOST_c2l(data,l); T1 = X[0] = l;  ROUND_00_15(0,a,b,c,d,e,f,g,h);
+		HOST_c2l(data,l); T1 = X[1] = l;  ROUND_00_15(1,h,a,b,c,d,e,f,g);
+		HOST_c2l(data,l); T1 = X[2] = l;  ROUND_00_15(2,g,h,a,b,c,d,e,f);
+		HOST_c2l(data,l); T1 = X[3] = l;  ROUND_00_15(3,f,g,h,a,b,c,d,e);
+		HOST_c2l(data,l); T1 = X[4] = l;  ROUND_00_15(4,e,f,g,h,a,b,c,d);
+		HOST_c2l(data,l); T1 = X[5] = l;  ROUND_00_15(5,d,e,f,g,h,a,b,c);
+		HOST_c2l(data,l); T1 = X[6] = l;  ROUND_00_15(6,c,d,e,f,g,h,a,b);
+		HOST_c2l(data,l); T1 = X[7] = l;  ROUND_00_15(7,b,c,d,e,f,g,h,a);
+		HOST_c2l(data,l); T1 = X[8] = l;  ROUND_00_15(8,a,b,c,d,e,f,g,h);
+		HOST_c2l(data,l); T1 = X[9] = l;  ROUND_00_15(9,h,a,b,c,d,e,f,g);
+		HOST_c2l(data,l); T1 = X[10] = l; ROUND_00_15(10,g,h,a,b,c,d,e,f);
+		HOST_c2l(data,l); T1 = X[11] = l; ROUND_00_15(11,f,g,h,a,b,c,d,e);
+		HOST_c2l(data,l); T1 = X[12] = l; ROUND_00_15(12,e,f,g,h,a,b,c,d);
+		HOST_c2l(data,l); T1 = X[13] = l; ROUND_00_15(13,d,e,f,g,h,a,b,c);
+		HOST_c2l(data,l); T1 = X[14] = l; ROUND_00_15(14,c,d,e,f,g,h,a,b);
+		HOST_c2l(data,l); T1 = X[15] = l; ROUND_00_15(15,b,c,d,e,f,g,h,a);
+		}
+
+	for (i=16;i<64;i+=8)
+		{
+		ROUND_16_63(i+0,a,b,c,d,e,f,g,h,X);
+		ROUND_16_63(i+1,h,a,b,c,d,e,f,g,X);
+		ROUND_16_63(i+2,g,h,a,b,c,d,e,f,X);
+		ROUND_16_63(i+3,f,g,h,a,b,c,d,e,X);
+		ROUND_16_63(i+4,e,f,g,h,a,b,c,d,X);
+		ROUND_16_63(i+5,d,e,f,g,h,a,b,c,X);
+		ROUND_16_63(i+6,c,d,e,f,g,h,a,b,X);
+		ROUND_16_63(i+7,b,c,d,e,f,g,h,a,X);
+		}
+
+	ctx->h[0] += a;	ctx->h[1] += b;	ctx->h[2] += c;	ctx->h[3] += d;
+	ctx->h[4] += e;	ctx->h[5] += f;	ctx->h[6] += g;	ctx->h[7] += h;
+
+			}
+	}
+
+#endif
+
+/*
+ * Idea is to trade couple of cycles for some space. On IA-32 we save
+ * about 4K in "big footprint" case. In "small footprint" case any gain
+ * is appreciated:-)
+ */
+void HASH_BLOCK_HOST_ORDER (SHA256_CTX *ctx, const void *in, size_t num)
+{   sha256_block (ctx,in,num,1);   }
+
+void HASH_BLOCK_DATA_ORDER (SHA256_CTX *ctx, const void *in, size_t num)
+{   sha256_block (ctx,in,num,0);   }
diff --git a/crypto/sha/sha256t.c b/crypto/sha/sha256t.c
new file mode 100644
index 0000000000..01f935e9e9
--- /dev/null
+++ b/crypto/sha/sha256t.c
@@ -0,0 +1,72 @@
+/* crypto/sha/sha256t.c */
+/* ====================================================================
+ * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
+ * ====================================================================
+ */
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+
+#include <openssl/sha.h>
+
+unsigned char app_b1[SHA256_DIGEST_LENGTH] = {
+	0xba,0x78,0x16,0xbf,0x8f,0x01,0xcf,0xea,
+	0x41,0x41,0x40,0xde,0x5d,0xae,0x22,0x23,
+	0xb0,0x03,0x61,0xa3,0x96,0x17,0x7a,0x9c,
+	0xb4,0x10,0xff,0x61,0xf2,0x00,0x15,0xad	};
+
+unsigned char app_b2[SHA256_DIGEST_LENGTH] = {
+	0x24,0x8d,0x6a,0x61,0xd2,0x06,0x38,0xb8,
+	0xe5,0xc0,0x26,0x93,0x0c,0x3e,0x60,0x39,
+	0xa3,0x3c,0xe4,0x59,0x64,0xff,0x21,0x67,
+	0xf6,0xec,0xed,0xd4,0x19,0xdb,0x06,0xc1	};
+
+unsigned char app_b3[SHA256_DIGEST_LENGTH] = {
+	0xcd,0xc7,0x6e,0x5c,0x99,0x14,0xfb,0x92,
+	0x81,0xa1,0xc7,0xe2,0x84,0xd7,0x3e,0x67,
+	0xf1,0x80,0x9a,0x48,0xa4,0x97,0x20,0x0e,
+	0x04,0x6d,0x39,0xcc,0xc7,0x11,0x2c,0xd0	};
+
+int main ()
+{ unsigned char md[SHA256_DIGEST_LENGTH];
+  int		i;
+  SHA256_CTX	ctx;
+
+    fprintf(stdout,"Testing SHA-256 ");
+
+    SHA256("abc",3,md);
+    if (memcmp(md,app_b1,sizeof(app_b1)))
+    {	fflush(stdout);
+	fprintf(stderr,"\nTEST 1 of 3 failed.\n");
+	return 1;
+    }
+    else
+	fprintf(stdout,"."); fflush(stdout);
+
+    SHA256("abcdbcde""cdefdefg""efghfghi""ghijhijk"
+	   "ijkljklm""klmnlmno""mnopnopq",56,md);
+    if (memcmp(md,app_b2,sizeof(app_b2)))
+    {	fflush(stdout);
+	fprintf(stderr,"\nTEST 2 of 3 failed.\n");
+	return 1;
+    }
+    else
+	fprintf(stdout,"."); fflush(stdout);
+
+    SHA256_Init(&ctx);
+    for (i=0;i<1000000;i+=64)
+	SHA256_Update(&ctx, "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
+			    "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa",
+			    (1000000-i)<64?1000000-i:64);
+    SHA256_Final(md,&ctx);
+
+    if (memcmp(md,app_b3,sizeof(app_b3)))
+    {	fflush(stdout);
+	fprintf(stderr,"\nTEST 3 of 3 failed.\n");
+	return 1;
+    }
+    else
+	fprintf(stdout,"."); fflush(stdout);
+
+    fprintf(stdout," passed.\n"); fflush(stdout);
+}
diff --git a/crypto/sha/sha512.c b/crypto/sha/sha512.c
new file mode 100644
index 0000000000..074ac0ebe9
--- /dev/null
+++ b/crypto/sha/sha512.c
@@ -0,0 +1,399 @@
+/* crypto/sha/sha512.c */
+/* ====================================================================
+ * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
+ * ====================================================================
+ */
+/*
+ * IMPLEMENTATION NOTES.
+ *
+ * As you might have noticed 32-bit hash algorithms:
+ *
+ * - permit SHA_LONG to be wider than 32-bit (case on CRAY);
+ * - optimized versions implement two transform functions: one operating
+ *   on [aligned] data in host byte order and one - on data in input
+ *   stream byte order;
+ * - share common byte-order neutral collector and padding function
+ *   implementations, ../md32_common.h;
+ *
+ * Neither of the above applies to this SHA-512 implementations. Reasons
+ * [in reverse order] are:
+ *
+ * - it's the only 64-bit hash algorithm for the moment of this writing,
+ *   there is no need for common collector/padding implementation [yet];
+ * - by supporting only one transform function [which operates on
+ *   *aligned* data in input stream byte order, big-endian in this case]
+ *   we minimize burden of maintenance in two ways: a) collector/padding
+ *   function is simpler; b) only one transform function to stare at;
+ * - SHA_LONG64 is required to be exactly 64-bit in order to be able to
+ *   apply a number of optimizations to mitigate potential performance
+ *   penalties caused by previous design decision;
+ *
+ * Caveat lector.
+ *
+ * Implementation relies on the fact that "long long" is 64-bit on
+ * both 32- and 64-bit platforms. If some compiler vendor comes up
+ * with 128-bit long long, adjustment to sha.h would be required.
+ * As this implementation relies on 64-bit integer type, it's totally
+ * inappropriate for platforms which don't support it, most notably
+ * 16-bit platforms.
+ *					<appro@fy.chalmers.se>
+ */
+#include <stdlib.h>
+#include <string.h>
+
+#include <openssl/opensslconf.h>
+#include <openssl/crypto.h>
+#include <openssl/sha.h>
+#include <openssl/opensslv.h>
+
+const char *SHA512_version="SHA-512" OPENSSL_VERSION_PTEXT;
+
+int SHA384_Init (SHA512_CTX *c)
+	{
+	c->h[0]=U64(0xcbbb9d5dc1059ed8);
+	c->h[1]=U64(0x629a292a367cd507);
+	c->h[2]=U64(0x9159015a3070dd17);
+	c->h[3]=U64(0x152fecd8f70e5939);
+	c->h[4]=U64(0x67332667ffc00b31);
+	c->h[5]=U64(0x8eb44a8768581511);
+	c->h[6]=U64(0xdb0c2e0d64f98fa7);
+	c->h[7]=U64(0x47b5481dbefa4fa4);
+        c->Nl=0;        c->Nh=0;
+        c->num=0;
+        return 1;
+	}
+
+int SHA512_Init (SHA512_CTX *c)
+	{
+	c->h[0]=U64(0x6a09e667f3bcc908);
+	c->h[1]=U64(0xbb67ae8584caa73b);
+	c->h[2]=U64(0x3c6ef372fe94f82b);
+	c->h[3]=U64(0xa54ff53a5f1d36f1);
+	c->h[4]=U64(0x510e527fade682d1);
+	c->h[5]=U64(0x9b05688c2b3e6c1f);
+	c->h[6]=U64(0x1f83d9abfb41bd6b);
+	c->h[7]=U64(0x5be0cd19137e2179);
+        c->Nl=0;        c->Nh=0;
+        c->num=0;
+        return 1;
+	}
+
+static void sha512_block (SHA512_CTX *ctx, const void *in, size_t num);
+
+static int sha512_final (unsigned char *md, SHA512_CTX *c, size_t msz)
+	{
+	unsigned char *p=(unsigned char *)c->u.p;
+	size_t n=c->num;
+
+	p[n]=0x80;
+	n++;
+	if (n > (sizeof(c->u)-16))
+		memset (p+n,0,sizeof(c->u)-n), n=0,
+		sha512_block (c,p,1);
+
+	memset (p+n,0,sizeof(c->u)-16-n);
+#ifdef	B_ENDIAN
+	c->u.d[SHA_LBLOCK-2] = c->Nh;
+	c->u.d[SHA_LBLOCK-1] = c->Nl;
+#else
+	p[sizeof(c->u)-1]  = (c->Nl)&0xFF;
+	p[sizeof(c->u)-2]  = (c->Nl>>8)&0xFF;
+	p[sizeof(c->u)-3]  = (c->Nl>>16)&0xFF;
+	p[sizeof(c->u)-4]  = (c->Nl>>24)&0xFF;
+	p[sizeof(c->u)-5]  = (c->Nl>>32)&0xFF;
+	p[sizeof(c->u)-6]  = (c->Nl>>40)&0xFF;
+	p[sizeof(c->u)-7]  = (c->Nl>>48)&0xFF;
+	p[sizeof(c->u)-8]  = (c->Nl>>56)&0xFF;
+	p[sizeof(c->u)-9]  = (c->Nh)&0xFF;
+	p[sizeof(c->u)-10] = (c->Nh>>8)&0xFF;
+	p[sizeof(c->u)-11] = (c->Nh>>16)&0xFF;
+	p[sizeof(c->u)-12] = (c->Nh>>24)&0xFF;
+	p[sizeof(c->u)-13] = (c->Nh>>32)&0xFF;
+	p[sizeof(c->u)-14] = (c->Nh>>40)&0xFF;
+	p[sizeof(c->u)-15] = (c->Nh>>48)&0xFF;
+	p[sizeof(c->u)-16] = (c->Nh>>56)&0xFF;
+#endif
+
+	sha512_block (c,p,1);
+
+	if (md==0) return 0;
+
+	for (n=0;msz>0;n++,msz-=8)
+		{
+		SHA_LONG64 t = c->h[n];
+
+		*(md++)	= (t>>56)&0xFF;	*(md++)	= (t>>48)&0xFF;
+		*(md++)	= (t>>40)&0xFF;	*(md++)	= (t>>32)&0xFF;
+		*(md++)	= (t>>24)&0xFF;	*(md++)	= (t>>16)&0xFF;
+		*(md++)	= (t>>8)&0xFF;	*(md++)	= (t)&0xFF;
+		}
+
+	return 1;
+	}
+
+int SHA384_Final (unsigned char *md,SHA512_CTX *c)
+{   return sha512_final (md,c,SHA384_DIGEST_LENGTH);   }
+int SHA512_Final (unsigned char *md,SHA512_CTX *c)
+{   return sha512_final (md,c,SHA512_DIGEST_LENGTH);   }
+
+int SHA512_Update (SHA512_CTX *c, const void *_data, size_t len)
+	{
+	SHA_LONG64	l;
+	unsigned char  *p=c->u.p,*data=(unsigned char *)_data;
+
+	if (len==0) return  1;
+
+	l = (c->Nl+(((SHA_LONG64)len)<<3))&U64(0xffffffffffffffff);
+	if (l < c->Nl)		c->Nh++;
+	if (sizeof(len)>=8)	c->Nh+=(((SHA_LONG64)len)>>61);
+	c->Nl=l;
+
+	if (c->num != 0)
+		{
+		size_t n = sizeof(c->u) - c->num;
+
+		if (len < n)
+			{
+			memcpy (p+c->num,data,len), c->num += len;
+			return 1;
+			}
+		else	{
+			memcpy (p+c->num,data,n), c->num = 0;
+			len-=n, data+=n;
+			sha512_block (c,p,1);
+			}
+		}
+
+	if (len >= sizeof(c->u))
+		{
+#ifndef SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA
+		if ((int)data%sizeof(c->u.d[0]) != 0)
+			while (len >= sizeof(c->u))
+				memcpy (p,data,sizeof(c->u)),
+				sha512_block (c,p,1),
+				len  -= sizeof(c->u),
+				data += sizeof(c->u);
+		else
+#endif
+			sha512_block (c,data,len/sizeof(c->u)),
+			data += len,
+			len  %= sizeof(c->u),
+			data -= len;
+		}
+
+	if (len != 0)	memcpy (p,data,len), c->num = (int)len;
+
+	return 1;
+	}
+
+int SHA384_Update (SHA512_CTX *c, const void *data, size_t len)
+{   return SHA512_Update (c,data,len);   }
+
+void SHA512_Transform (SHA512_CTX *c, const unsigned char *data)
+{   sha512_block (c,data,1);  }
+
+unsigned char *SHA384(const unsigned char *d, size_t n, unsigned char *md)
+	{
+	SHA512_CTX c;
+	static unsigned char m[SHA384_DIGEST_LENGTH];
+
+	if (md == NULL) md=m;
+	SHA384_Init(&c);
+	SHA512_Update(&c,d,n);
+	sha512_final(md,&c,sizeof(m));
+	OPENSSL_cleanse(&c,sizeof(c));
+	return(md);
+	}
+
+unsigned char *SHA512(const unsigned char *d, size_t n, unsigned char *md)
+	{
+	SHA512_CTX c;
+	static unsigned char m[SHA512_DIGEST_LENGTH];
+
+	if (md == NULL) md=m;
+	SHA512_Init(&c);
+	SHA512_Update(&c,d,n);
+	sha512_final(md,&c,sizeof(m));
+	OPENSSL_cleanse(&c,sizeof(c));
+	return(md);
+	}
+
+static const SHA_LONG64 K512[80] = {
+        U64(0x428a2f98d728ae22),U64(0x7137449123ef65cd),
+        U64(0xb5c0fbcfec4d3b2f),U64(0xe9b5dba58189dbbc),
+        U64(0x3956c25bf348b538),U64(0x59f111f1b605d019),
+        U64(0x923f82a4af194f9b),U64(0xab1c5ed5da6d8118),
+        U64(0xd807aa98a3030242),U64(0x12835b0145706fbe),
+        U64(0x243185be4ee4b28c),U64(0x550c7dc3d5ffb4e2),
+        U64(0x72be5d74f27b896f),U64(0x80deb1fe3b1696b1),
+        U64(0x9bdc06a725c71235),U64(0xc19bf174cf692694),
+        U64(0xe49b69c19ef14ad2),U64(0xefbe4786384f25e3),
+        U64(0x0fc19dc68b8cd5b5),U64(0x240ca1cc77ac9c65),
+        U64(0x2de92c6f592b0275),U64(0x4a7484aa6ea6e483),
+        U64(0x5cb0a9dcbd41fbd4),U64(0x76f988da831153b5),
+        U64(0x983e5152ee66dfab),U64(0xa831c66d2db43210),
+        U64(0xb00327c898fb213f),U64(0xbf597fc7beef0ee4),
+        U64(0xc6e00bf33da88fc2),U64(0xd5a79147930aa725),
+        U64(0x06ca6351e003826f),U64(0x142929670a0e6e70),
+        U64(0x27b70a8546d22ffc),U64(0x2e1b21385c26c926),
+        U64(0x4d2c6dfc5ac42aed),U64(0x53380d139d95b3df),
+        U64(0x650a73548baf63de),U64(0x766a0abb3c77b2a8),
+        U64(0x81c2c92e47edaee6),U64(0x92722c851482353b),
+        U64(0xa2bfe8a14cf10364),U64(0xa81a664bbc423001),
+        U64(0xc24b8b70d0f89791),U64(0xc76c51a30654be30),
+        U64(0xd192e819d6ef5218),U64(0xd69906245565a910),
+        U64(0xf40e35855771202a),U64(0x106aa07032bbd1b8),
+        U64(0x19a4c116b8d2d0c8),U64(0x1e376c085141ab53),
+        U64(0x2748774cdf8eeb99),U64(0x34b0bcb5e19b48a8),
+        U64(0x391c0cb3c5c95a63),U64(0x4ed8aa4ae3418acb),
+        U64(0x5b9cca4f7763e373),U64(0x682e6ff3d6b2b8a3),
+        U64(0x748f82ee5defb2fc),U64(0x78a5636f43172f60),
+        U64(0x84c87814a1f0ab72),U64(0x8cc702081a6439ec),
+        U64(0x90befffa23631e28),U64(0xa4506cebde82bde9),
+        U64(0xbef9a3f7b2c67915),U64(0xc67178f2e372532b),
+        U64(0xca273eceea26619c),U64(0xd186b8c721c0c207),
+        U64(0xeada7dd6cde0eb1e),U64(0xf57d4f7fee6ed178),
+        U64(0x06f067aa72176fba),U64(0x0a637dc5a2c898a6),
+        U64(0x113f9804bef90dae),U64(0x1b710b35131c471b),
+        U64(0x28db77f523047d84),U64(0x32caab7b40c72493),
+        U64(0x3c9ebe0a15c9bebc),U64(0x431d67c49c100d4c),
+        U64(0x4cc5d4becb3e42b6),U64(0x597f299cfc657e2a),
+        U64(0x5fcb6fab3ad6faec),U64(0x6c44198c4a475817) };
+
+#define B(x,j)    (((SHA_LONG64)(*(((unsigned char *)(&x))+j)))<<((7-j)*8))
+#define PULL64(x) (B(x,0)|B(x,1)|B(x,2)|B(x,3)|B(x,4)|B(x,5)|B(x,6)|B(x,7))
+
+#define ROTR(x,s)	(((x)>>s) | (x)<<(64-s))
+#define Sigma0(x)	(ROTR((x),28) ^ ROTR((x),34) ^ ROTR((x),39))
+#define Sigma1(x)	(ROTR((x),14) ^ ROTR((x),18) ^ ROTR((x),41))
+#define sigma0(x)	(ROTR((x),1)  ^ ROTR((x),8)  ^ ((x)>>7))
+#define sigma1(x)	(ROTR((x),19) ^ ROTR((x),61) ^ ((x)>>6))
+
+#define Ch(x,y,z)	(((x) & (y)) ^ ((~(x)) & (z)))
+#define Maj(x,y,z)	(((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
+
+#ifdef OPENSSL_SMALL_FOOTPRINT
+
+static void sha512_block (SHA512_CTX *ctx, const void *in, size_t num)
+	{
+	const SHA_LONG64 *W=in;
+	SHA_LONG64	a,b,c,d,e,f,g,h,s0,s1,T1,T2;
+	SHA_LONG64	X[16];
+	int i;
+
+			while (num--) {
+
+	a = ctx->h[0];	b = ctx->h[1];	c = ctx->h[2];	d = ctx->h[3];
+	e = ctx->h[4];	f = ctx->h[5];	g = ctx->h[6];	h = ctx->h[7];
+
+	for (i=0;i<16;i++)
+		{
+#ifdef B_ENDIAN
+		T1 = X[i] = W[i];
+#else
+		T1 = X[i] = PULL64(W[i]);
+#endif
+		T1 += h + Sigma1(e) + Ch(e,f,g) + K512[i];
+		T2 = Sigma0(a) + Maj(a,b,c);
+		h = g;	g = f;	f = e;	e = d + T1;
+		d = c;	c = b;	b = a;	a = T1 + T2;
+		}
+
+	for (;i<80;i++)
+		{
+		s0 = X[(i+1)&0x0f];	s0 = sigma0(s0);
+		s1 = X[(i+14)&0x0f];	s1 = sigma1(s1);
+
+		T1 = X[i&0xf] += s0 + s1 + X[(i+9)&0xf];
+		T1 += h + Sigma1(e) + Ch(e,f,g) + K512[i];
+		T2 = Sigma0(a) + Maj(a,b,c);
+		h = g;	g = f;	f = e;	e = d + T1;
+		d = c;	c = b;	b = a;	a = T1 + T2;
+		}
+
+	ctx->h[0] += a;	ctx->h[1] += b;	ctx->h[2] += c;	ctx->h[3] += d;
+	ctx->h[4] += e;	ctx->h[5] += f;	ctx->h[6] += g;	ctx->h[7] += h;
+
+			}
+	}
+
+#else
+
+#define	ROUND_00_15(i,a,b,c,d,e,f,g,h)		do {	\
+	T1 += h + Sigma1(e) + Ch(e,f,g) + K512[i];	\
+	h = Sigma0(a) + Maj(a,b,c);			\
+	d += T1;	h += T1;		} while (0)
+
+#define	ROUND_16_80(i,a,b,c,d,e,f,g,h,X)	do {	\
+	s0 = X[(i+1)&0x0f];	s0 = sigma0(s0);	\
+	s1 = X[(i+14)&0x0f];	s1 = sigma1(s1);	\
+	T1 = X[i&0x0f] += s0 + s1 + X[(i+9)&0x0f];	\
+	ROUND_00_15(i,a,b,c,d,e,f,g,h);		} while (0)
+
+static void sha512_block (SHA512_CTX *ctx, const void *in, size_t num)
+	{
+	const SHA_LONG64 *W=in;
+	SHA_LONG64	a,b,c,d,e,f,g,h,s0,s1,T1;
+	SHA_LONG64	X[16];
+	int i;
+
+			while (num--) {
+
+	a = ctx->h[0];	b = ctx->h[1];	c = ctx->h[2];	d = ctx->h[3];
+	e = ctx->h[4];	f = ctx->h[5];	g = ctx->h[6];	h = ctx->h[7];
+
+#ifdef B_ENDIAN
+	T1 = X[0] = W[0];	ROUND_00_15(0,a,b,c,d,e,f,g,h);
+	T1 = X[1] = W[1];	ROUND_00_15(1,h,a,b,c,d,e,f,g);
+	T1 = X[2] = W[2];	ROUND_00_15(2,g,h,a,b,c,d,e,f);
+	T1 = X[3] = W[3];	ROUND_00_15(3,f,g,h,a,b,c,d,e);
+	T1 = X[4] = W[4];	ROUND_00_15(4,e,f,g,h,a,b,c,d);
+	T1 = X[5] = W[5];	ROUND_00_15(5,d,e,f,g,h,a,b,c);
+	T1 = X[6] = W[6];	ROUND_00_15(6,c,d,e,f,g,h,a,b);
+	T1 = X[7] = W[7];	ROUND_00_15(7,b,c,d,e,f,g,h,a);
+	T1 = X[8] = W[8];	ROUND_00_15(8,a,b,c,d,e,f,g,h);
+	T1 = X[9] = W[9];	ROUND_00_15(9,h,a,b,c,d,e,f,g);
+	T1 = X[10] = W[10];	ROUND_00_15(10,g,h,a,b,c,d,e,f);
+	T1 = X[11] = W[11];	ROUND_00_15(11,f,g,h,a,b,c,d,e);
+	T1 = X[12] = W[12];	ROUND_00_15(12,e,f,g,h,a,b,c,d);
+	T1 = X[13] = W[13];	ROUND_00_15(13,d,e,f,g,h,a,b,c);
+	T1 = X[14] = W[14];	ROUND_00_15(14,c,d,e,f,g,h,a,b);
+	T1 = X[15] = W[15];	ROUND_00_15(15,b,c,d,e,f,g,h,a);
+#else
+	T1 = X[0]  = PULL64(W[0]);	ROUND_00_15(0,a,b,c,d,e,f,g,h);
+	T1 = X[1]  = PULL64(W[1]);	ROUND_00_15(1,h,a,b,c,d,e,f,g);
+	T1 = X[2]  = PULL64(W[2]);	ROUND_00_15(2,g,h,a,b,c,d,e,f);
+	T1 = X[3]  = PULL64(W[3]);	ROUND_00_15(3,f,g,h,a,b,c,d,e);
+	T1 = X[4]  = PULL64(W[4]);	ROUND_00_15(4,e,f,g,h,a,b,c,d);
+	T1 = X[5]  = PULL64(W[5]);	ROUND_00_15(5,d,e,f,g,h,a,b,c);
+	T1 = X[6]  = PULL64(W[6]);	ROUND_00_15(6,c,d,e,f,g,h,a,b);
+	T1 = X[7]  = PULL64(W[7]);	ROUND_00_15(7,b,c,d,e,f,g,h,a);
+	T1 = X[8]  = PULL64(W[8]);	ROUND_00_15(8,a,b,c,d,e,f,g,h);
+	T1 = X[9]  = PULL64(W[9]);	ROUND_00_15(9,h,a,b,c,d,e,f,g);
+	T1 = X[10] = PULL64(W[10]);	ROUND_00_15(10,g,h,a,b,c,d,e,f);
+	T1 = X[11] = PULL64(W[11]);	ROUND_00_15(11,f,g,h,a,b,c,d,e);
+	T1 = X[12] = PULL64(W[12]);	ROUND_00_15(12,e,f,g,h,a,b,c,d);
+	T1 = X[13] = PULL64(W[13]);	ROUND_00_15(13,d,e,f,g,h,a,b,c);
+	T1 = X[14] = PULL64(W[14]);	ROUND_00_15(14,c,d,e,f,g,h,a,b);
+	T1 = X[15] = PULL64(W[15]);	ROUND_00_15(15,b,c,d,e,f,g,h,a);
+#endif
+
+	for (i=16;i<80;i+=8)
+		{
+		ROUND_16_80(i+0,a,b,c,d,e,f,g,h,X);
+		ROUND_16_80(i+1,h,a,b,c,d,e,f,g,X);
+		ROUND_16_80(i+2,g,h,a,b,c,d,e,f,X);
+		ROUND_16_80(i+3,f,g,h,a,b,c,d,e,X);
+		ROUND_16_80(i+4,e,f,g,h,a,b,c,d,X);
+		ROUND_16_80(i+5,d,e,f,g,h,a,b,c,X);
+		ROUND_16_80(i+6,c,d,e,f,g,h,a,b,X);
+		ROUND_16_80(i+7,b,c,d,e,f,g,h,a,X);
+		}
+
+	ctx->h[0] += a;	ctx->h[1] += b;	ctx->h[2] += c;	ctx->h[3] += d;
+	ctx->h[4] += e;	ctx->h[5] += f;	ctx->h[6] += g;	ctx->h[7] += h;
+
+			}
+	}
+
+#endif
diff --git a/crypto/sha/sha512t.c b/crypto/sha/sha512t.c
new file mode 100644
index 0000000000..8d2c760c51
--- /dev/null
+++ b/crypto/sha/sha512t.c
@@ -0,0 +1,150 @@
+/* crypto/sha/sha512t.c */
+/* ====================================================================
+ * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
+ * ====================================================================
+ */
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+
+#include <openssl/sha.h>
+
+unsigned char app_c1[SHA512_DIGEST_LENGTH] = {
+	0xdd,0xaf,0x35,0xa1,0x93,0x61,0x7a,0xba,
+	0xcc,0x41,0x73,0x49,0xae,0x20,0x41,0x31,
+	0x12,0xe6,0xfa,0x4e,0x89,0xa9,0x7e,0xa2,
+	0x0a,0x9e,0xee,0xe6,0x4b,0x55,0xd3,0x9a,
+	0x21,0x92,0x99,0x2a,0x27,0x4f,0xc1,0xa8,
+	0x36,0xba,0x3c,0x23,0xa3,0xfe,0xeb,0xbd,
+	0x45,0x4d,0x44,0x23,0x64,0x3c,0xe8,0x0e,
+	0x2a,0x9a,0xc9,0x4f,0xa5,0x4c,0xa4,0x9f };
+
+unsigned char app_c2[SHA512_DIGEST_LENGTH] = {
+	0x8e,0x95,0x9b,0x75,0xda,0xe3,0x13,0xda,
+	0x8c,0xf4,0xf7,0x28,0x14,0xfc,0x14,0x3f,
+	0x8f,0x77,0x79,0xc6,0xeb,0x9f,0x7f,0xa1,
+	0x72,0x99,0xae,0xad,0xb6,0x88,0x90,0x18,
+	0x50,0x1d,0x28,0x9e,0x49,0x00,0xf7,0xe4,
+	0x33,0x1b,0x99,0xde,0xc4,0xb5,0x43,0x3a,
+	0xc7,0xd3,0x29,0xee,0xb6,0xdd,0x26,0x54,
+	0x5e,0x96,0xe5,0x5b,0x87,0x4b,0xe9,0x09 };
+
+unsigned char app_c3[SHA512_DIGEST_LENGTH] = {
+	0xe7,0x18,0x48,0x3d,0x0c,0xe7,0x69,0x64,
+	0x4e,0x2e,0x42,0xc7,0xbc,0x15,0xb4,0x63,
+	0x8e,0x1f,0x98,0xb1,0x3b,0x20,0x44,0x28,
+	0x56,0x32,0xa8,0x03,0xaf,0xa9,0x73,0xeb,
+	0xde,0x0f,0xf2,0x44,0x87,0x7e,0xa6,0x0a,
+	0x4c,0xb0,0x43,0x2c,0xe5,0x77,0xc3,0x1b,
+	0xeb,0x00,0x9c,0x5c,0x2c,0x49,0xaa,0x2e,
+	0x4e,0xad,0xb2,0x17,0xad,0x8c,0xc0,0x9b };
+
+unsigned char app_d1[SHA384_DIGEST_LENGTH] = {
+	0xcb,0x00,0x75,0x3f,0x45,0xa3,0x5e,0x8b,
+	0xb5,0xa0,0x3d,0x69,0x9a,0xc6,0x50,0x07,
+	0x27,0x2c,0x32,0xab,0x0e,0xde,0xd1,0x63,
+	0x1a,0x8b,0x60,0x5a,0x43,0xff,0x5b,0xed,
+	0x80,0x86,0x07,0x2b,0xa1,0xe7,0xcc,0x23,
+	0x58,0xba,0xec,0xa1,0x34,0xc8,0x25,0xa7 };
+
+unsigned char app_d2[SHA384_DIGEST_LENGTH] = {
+	0x09,0x33,0x0c,0x33,0xf7,0x11,0x47,0xe8,
+	0x3d,0x19,0x2f,0xc7,0x82,0xcd,0x1b,0x47,
+	0x53,0x11,0x1b,0x17,0x3b,0x3b,0x05,0xd2,
+	0x2f,0xa0,0x80,0x86,0xe3,0xb0,0xf7,0x12,
+	0xfc,0xc7,0xc7,0x1a,0x55,0x7e,0x2d,0xb9,
+	0x66,0xc3,0xe9,0xfa,0x91,0x74,0x60,0x39 };
+
+unsigned char app_d3[SHA384_DIGEST_LENGTH] = {
+	0x9d,0x0e,0x18,0x09,0x71,0x64,0x74,0xcb,
+	0x08,0x6e,0x83,0x4e,0x31,0x0a,0x4a,0x1c,
+	0xed,0x14,0x9e,0x9c,0x00,0xf2,0x48,0x52,
+	0x79,0x72,0xce,0xc5,0x70,0x4c,0x2a,0x5b,
+	0x07,0xb8,0xb3,0xdc,0x38,0xec,0xc4,0xeb,
+	0xae,0x97,0xdd,0xd8,0x7f,0x3d,0x89,0x85 };
+
+int main ()
+{ unsigned char md[SHA512_DIGEST_LENGTH];
+  int		i;
+  SHA512_CTX	ctx;
+
+    fprintf(stdout,"Testing SHA-512 ");
+
+    SHA512("abc",3,md);
+    if (memcmp(md,app_c1,sizeof(app_c1)))
+    {	fflush(stdout);
+	fprintf(stderr,"\nTEST 1 of 3 failed.\n");
+	return 1;
+    }
+    else
+	fprintf(stdout,"."); fflush(stdout);
+
+    SHA512("abcdefgh""bcdefghi""cdefghij""defghijk"
+	   "efghijkl""fghijklm""ghijklmn""hijklmno"
+	   "ijklmnop""jklmnopq""klmnopqr""lmnopqrs"
+	   "mnopqrst""nopqrstu",112,md);
+    if (memcmp(md,app_c2,sizeof(app_c2)))
+    {	fflush(stdout);
+	fprintf(stderr,"\nTEST 2 of 3 failed.\n");
+	return 1;
+    }
+    else
+	fprintf(stdout,"."); fflush(stdout);
+
+    SHA512_Init(&ctx);
+    for (i=0;i<1000000;i+=64)
+	SHA512_Update(&ctx, "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
+			    "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa",
+			    (1000000-i)<64?1000000-i:64);
+    SHA512_Final(md,&ctx);
+
+    if (memcmp(md,app_c3,sizeof(app_c3)))
+    {	fflush(stdout);
+	fprintf(stderr,"\nTEST 3 of 3 failed.\n");
+	return 1;
+    }
+    else
+	fprintf(stdout,"."); fflush(stdout);
+
+    fprintf(stdout," passed.\n"); fflush(stdout);
+
+    fprintf(stdout,"Testing SHA-384 ");
+
+    SHA384("abc",3,md);
+    if (memcmp(md,app_d1,sizeof(app_d1)))
+    {	fflush(stdout);
+	fprintf(stderr,"\nTEST 1 of 3 failed.\n");
+	return 1;
+    }
+    else
+	fprintf(stdout,"."); fflush(stdout);
+
+    SHA384("abcdefgh""bcdefghi""cdefghij""defghijk"
+	   "efghijkl""fghijklm""ghijklmn""hijklmno"
+	   "ijklmnop""jklmnopq""klmnopqr""lmnopqrs"
+	   "mnopqrst""nopqrstu",112,md);
+    if (memcmp(md,app_d2,sizeof(app_d2)))
+    {	fflush(stdout);
+	fprintf(stderr,"\nTEST 2 of 3 failed.\n");
+	return 1;
+    }
+    else
+	fprintf(stdout,"."); fflush(stdout);
+
+    SHA384_Init(&ctx);
+    for (i=0;i<1000000;i+=64)
+	SHA512_Update(&ctx, "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
+			    "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa",
+			    (1000000-i)<64?1000000-i:64);
+    SHA384_Final(md,&ctx);
+
+    if (memcmp(md,app_d3,sizeof(app_d3)))
+    {	fflush(stdout);
+	fprintf(stderr,"\nTEST 3 of 3 failed.\n");
+	return 1;
+    }
+    else
+	fprintf(stdout,"."); fflush(stdout);
+
+    fprintf(stdout," passed.\n"); fflush(stdout);
+}