[arch-commits] Commit in android-tools/trunk (PKGBUILD android-tools-gcc11.patch)
Anatol Pomozov
anatolik at gemini.archlinux.org
Tue Jul 20 17:18:09 UTC 2021
Date: Tuesday, July 20, 2021 @ 17:18:09
Author: anatolik
Revision: 980375
upgpkg: android-tools 31.0.2-1
Modified:
android-tools/trunk/PKGBUILD
Deleted:
android-tools/trunk/android-tools-gcc11.patch
---------------------------+
PKGBUILD | 17
android-tools-gcc11.patch | 4065 --------------------------------------------
2 files changed, 5 insertions(+), 4077 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2021-07-20 17:17:50 UTC (rev 980374)
+++ PKGBUILD 2021-07-20 17:18:09 UTC (rev 980375)
@@ -3,9 +3,9 @@
# Contributor: Alucryd <alucryd at gmail dot com>
pkgname=android-tools
-pkgver=31.0.0
-_tag=${pkgver}p1 # https://github.com/nmeum/android-tools sometimes carries extra patch version on top of the upstream versioning
-pkgrel=4
+pkgver=31.0.2
+_tag=${pkgver} # https://github.com/nmeum/android-tools sometimes carries extra patch version on top of the upstream versioning
+pkgrel=1
pkgdesc='Android platform tools'
arch=(x86_64)
url='http://tools.android.com/'
@@ -12,16 +12,9 @@
license=(Apache MIT)
depends=(libusb protobuf brotli zstd android-udev)
makedepends=(pcre2 gtest cmake go ninja git)
-source=(https://github.com/nmeum/android-tools/releases/download/$_tag/android-tools-$_tag.tar.xz
- android-tools-gcc11.patch)
-sha256sums=('51a4c3ba5f16945905449c4bd2c1c781a4df7469f6b7362f8837f4f640d8c7b6'
- '75fd8517769e5cb3b9a4b54c7d2d0b728537e35a42113531e8b7dfb6f296ea84')
+source=(https://github.com/nmeum/android-tools/releases/download/$_tag/android-tools-$_tag.tar.xz)
+sha256sums=('61b3bf6c240cb0b4d0ccfef696c55986e06657843627df950fdcf6881af0f8d4')
-prepare() {
- cd android-tools-$_tag
- patch -d vendor/boringssl -p1 < ../android-tools-gcc11.patch
-}
-
build() {
cd android-tools-$_tag
Deleted: android-tools-gcc11.patch
===================================================================
--- android-tools-gcc11.patch 2021-07-20 17:17:50 UTC (rev 980374)
+++ android-tools-gcc11.patch 2021-07-20 17:18:09 UTC (rev 980375)
@@ -1,4065 +0,0 @@
-From 139adff9b27eaf0bdaac664ec4c9a7db2fe3f920 Mon Sep 17 00:00:00 2001
-From: David Benjamin <davidben at google.com>
-Date: Thu, 25 Mar 2021 01:41:51 -0400
-Subject: [PATCH] Fix mismatch between header and implementation of bn_sqr_comba8.
-
-Bug: 402
-Change-Id: I6de879f44f6e3eca26f2f49c500769d944fa9bc0
-Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/46404
-Reviewed-by: Adam Langley <agl at google.com>
----
-
-diff --git a/crypto/fipsmodule/bn/internal.h b/crypto/fipsmodule/bn/internal.h
-index 623e0c6..3d368db 100644
---- a/crypto/fipsmodule/bn/internal.h
-+++ b/crypto/fipsmodule/bn/internal.h
-@@ -297,7 +297,7 @@
- void bn_mul_comba8(BN_ULONG r[16], const BN_ULONG a[8], const BN_ULONG b[8]);
-
- // bn_sqr_comba8 sets |r| to |a|^2.
--void bn_sqr_comba8(BN_ULONG r[16], const BN_ULONG a[4]);
-+void bn_sqr_comba8(BN_ULONG r[16], const BN_ULONG a[8]);
-
- // bn_sqr_comba4 sets |r| to |a|^2.
- void bn_sqr_comba4(BN_ULONG r[8], const BN_ULONG a[4]);
-From a24ab549e6ae246b391155d7bed3790ac0e07de2 Mon Sep 17 00:00:00 2001
-From: David Benjamin <davidben at google.com>
-Date: Thu, 25 Mar 2021 15:26:25 -0400
-Subject: [PATCH] Use an unsized helper for truncated SHA-512 variants.
-
-Although it is strictly fine to call SHA512_Final in SHA384_Final
-(array sizes in C parameters are purely decorational, according to the
-language), GCC 11 reportedly checks now and gets upset about the size
-mismatch. Use an unsized helper function so all our code matches the
-specified bounds.
-
-Unfortunately, the bounds in all the functions are a bit misleading
-because SHA512_Final really outputs based on sha->md_len (which Init
-function you called) rather than which Final function. I've fixed this
-places within a library where we mismatched and added asserts to the
-smaller functions. SHA512_Final is assert-less because I've seen lots of
-code use SHA384_Init / SHA512_Update / SHA512_Final.
-
-This doesn't fix the SHA256 variant since that is generated by a pile of
-macros in a multiply-included file. This is probably a good opportunity
-to make that code less macro-heavy.
-
-Update-Note: There is a small chance the asserts will trip something,
-but hopefully not since I've left SHA512_Final alone.
-
-Bug: 402
-Change-Id: I4c9d579a63ee0a0dea103c19ef219c13bb9aa62c
-Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/46405
-Reviewed-by: Adam Langley <agl at google.com>
----
-
-diff --git a/crypto/fipsmodule/digest/digests.c b/crypto/fipsmodule/digest/digests.c
-index 16daeba..f006ebb 100644
---- a/crypto/fipsmodule/digest/digests.c
-+++ b/crypto/fipsmodule/digest/digests.c
-@@ -247,13 +247,21 @@
- CHECK(SHA512_256_Init(ctx->md_data));
- }
-
-+static void sha512_256_update(EVP_MD_CTX *ctx, const void *data, size_t count) {
-+ CHECK(SHA512_256_Update(ctx->md_data, data, count));
-+}
-+
-+static void sha512_256_final(EVP_MD_CTX *ctx, uint8_t *md) {
-+ CHECK(SHA512_256_Final(md, ctx->md_data));
-+}
-+
- DEFINE_METHOD_FUNCTION(EVP_MD, EVP_sha512_256) {
- out->type = NID_sha512_256;
- out->md_size = SHA512_256_DIGEST_LENGTH;
- out->flags = 0;
- out->init = sha512_256_init;
-- out->update = sha512_update;
-- out->final = sha512_final;
-+ out->update = sha512_256_update;
-+ out->final = sha512_256_final;
- out->block_size = 128;
- out->ctx_size = sizeof(SHA512_CTX);
- }
-diff --git a/crypto/fipsmodule/sha/sha512.c b/crypto/fipsmodule/sha/sha512.c
-index fd02574..ba86c1e 100644
---- a/crypto/fipsmodule/sha/sha512.c
-+++ b/crypto/fipsmodule/sha/sha512.c
-@@ -70,6 +70,8 @@
- // this writing, so there is no need for a common collector/padding
- // implementation yet.
-
-+static int sha512_final_impl(uint8_t *out, SHA512_CTX *sha);
-+
- int SHA384_Init(SHA512_CTX *sha) {
- sha->h[0] = UINT64_C(0xcbbb9d5dc1059ed8);
- sha->h[1] = UINT64_C(0x629a292a367cd507);
-@@ -146,8 +148,8 @@
- uint8_t out[SHA512_256_DIGEST_LENGTH]) {
- SHA512_CTX ctx;
- SHA512_256_Init(&ctx);
-- SHA512_Update(&ctx, data, len);
-- SHA512_Final(out, &ctx);
-+ SHA512_256_Update(&ctx, data, len);
-+ SHA512_256_Final(out, &ctx);
- OPENSSL_cleanse(&ctx, sizeof(ctx));
- return out;
- }
-@@ -161,7 +163,8 @@
- int SHA384_Final(uint8_t out[SHA384_DIGEST_LENGTH], SHA512_CTX *sha) {
- // |SHA384_Init| sets |sha->md_len| to |SHA384_DIGEST_LENGTH|, so this has a
- // |smaller output.
-- return SHA512_Final(out, sha);
-+ assert(sha->md_len == SHA384_DIGEST_LENGTH);
-+ return sha512_final_impl(out, sha);
- }
-
- int SHA384_Update(SHA512_CTX *sha, const void *data, size_t len) {
-@@ -172,11 +175,11 @@
- return SHA512_Update(sha, data, len);
- }
-
--int SHA512_256_Final(uint8_t out[SHA512_256_DIGEST_LENGTH],
-- SHA512_CTX *sha) {
-+int SHA512_256_Final(uint8_t out[SHA512_256_DIGEST_LENGTH], SHA512_CTX *sha) {
- // |SHA512_256_Init| sets |sha->md_len| to |SHA512_256_DIGEST_LENGTH|, so this
- // has a |smaller output.
-- return SHA512_Final(out, sha);
-+ assert(sha->md_len == SHA512_256_DIGEST_LENGTH);
-+ return sha512_final_impl(out, sha);
- }
-
- void SHA512_Transform(SHA512_CTX *c, const uint8_t block[SHA512_CBLOCK]) {
-@@ -232,6 +235,15 @@
- }
-
- int SHA512_Final(uint8_t out[SHA512_DIGEST_LENGTH], SHA512_CTX *sha) {
-+ // Ideally we would assert |sha->md_len| is |SHA512_DIGEST_LENGTH| to match
-+ // the size hint, but calling code often pairs |SHA384_Init| with
-+ // |SHA512_Final| and expects |sha->md_len| to carry the over.
-+ //
-+ // TODO(davidben): Add an assert and fix code to match them up.
-+ return sha512_final_impl(out, sha);
-+}
-+
-+static int sha512_final_impl(uint8_t *out, SHA512_CTX *sha) {
- uint8_t *p = sha->p;
- size_t n = sha->num;
-
-From 8c31179d81081cc9b8ce5b5ac3151088c45042f7 Mon Sep 17 00:00:00 2001
-From: David Benjamin <davidben at google.com>
-Date: Fri, 19 Mar 2021 11:53:48 -0400
-Subject: [PATCH] Fix unnecessarily direction-specific tests in cipher_tests.txt
-
-All our EVP_CIPHERs are deterministic, so there's usually no point in
-testing only one direction. Some of the ECB tests were missing free
-decryption tests. CTR is the same in both directions, but we ought to
-test the API agrees. OFB vectors are doubled up, so we can merge them
-together. Plus there are typos in the OFB-AES192.Decrypt tests, also
-present upstream, so we weren't actually testing everything we should.
-
-(I haven't removed the direction-specific logic altogether since the
-tests imported from nist_cavp rely on it. Though there may be something
-to be said for running them both ways since they don't actually double
-them up...)
-
-Change-Id: I36a77d342afa436e89ad244a87567e1a4c6ee9dc
-Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/46284
-Reviewed-by: Adam Langley <agl at google.com>
-Commit-Queue: David Benjamin <davidben at google.com>
----
-
-diff --git a/crypto/cipher_extra/test/cipher_tests.txt b/crypto/cipher_extra/test/cipher_tests.txt
-index ced7595..52fd4af 100644
---- a/crypto/cipher_extra/test/cipher_tests.txt
-+++ b/crypto/cipher_extra/test/cipher_tests.txt
-@@ -109,7 +109,6 @@
- # AES 128 ECB tests (from FIPS-197 test vectors, encrypt)
- Cipher = AES-128-ECB
- Key = 000102030405060708090A0B0C0D0E0F
--Operation = ENCRYPT
- Plaintext = 00112233445566778899AABBCCDDEEFF
- Ciphertext = 69C4E0D86A7B0430D8CDB78070B4C55A
-
-@@ -117,7 +116,6 @@
- # AES 256 ECB tests (from FIPS-197 test vectors, encrypt)
- Cipher = AES-256-ECB
- Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F
--Operation = ENCRYPT
- Plaintext = 00112233445566778899AABBCCDDEEFF
- Ciphertext = 8EA2B7CA516745BFEAFC49904B496089
-
-@@ -227,42 +225,36 @@
- Cipher = AES-128-CTR
- Key = AE6852F8121067CC4BF7A5765577F39E
- IV = 00000030000000000000000000000001
--Operation = ENCRYPT
- Plaintext = 53696E676C6520626C6F636B206D7367
- Ciphertext = E4095D4FB7A7B3792D6175A3261311B8
-
- Cipher = AES-128-CTR
- Key = 7E24067817FAE0D743D6CE1F32539163
- IV = 006CB6DBC0543B59DA48D90B00000001
--Operation = ENCRYPT
- Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F
- Ciphertext = 5104A106168A72D9790D41EE8EDAD388EB2E1EFC46DA57C8FCE630DF9141BE28
-
- Cipher = AES-128-CTR
- Key = 7691BE035E5020A8AC6E618529F9A0DC
- IV = 00E0017B27777F3F4A1786F000000001
--Operation = ENCRYPT
- Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223
- Ciphertext = C1CF48A89F2FFDD9CF4652E9EFDB72D74540A42BDE6D7836D59A5CEAAEF3105325B2072F
-
- Cipher = AES-256-CTR
- Key = 776BEFF2851DB06F4C8A0542C8696F6C6A81AF1EEC96B4D37FC1D689E6C1C104
- IV = 00000060DB5672C97AA8F0B200000001
--Operation = ENCRYPT
- Plaintext = 53696E676C6520626C6F636B206D7367
- Ciphertext = 145AD01DBF824EC7560863DC71E3E0C0
-
- Cipher = AES-256-CTR
- Key = F6D66D6BD52D59BB0796365879EFF886C66DD51A5B6A99744B50590C87A23884
- IV = 00FAAC24C1585EF15A43D87500000001
--Operation = ENCRYPT
- Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F
- Ciphertext = F05E231B3894612C49EE000B804EB2A9B8306B508F839D6A5530831D9344AF1C
-
- Cipher = AES-256-CTR
- Key = FF7A617CE69148E4F1726E2F43581DE2AA62D9F805532EDFF1EED687FB54153D
- IV = 001CC5B751A51D70A1C1114800000001
--Operation = ENCRYPT
- Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223
- Ciphertext = EB6C52821D0BBBF7CE7594462ACA4FAAB407DF866569FD07F48CC0B583D6071F1EC0E6B8
-
-@@ -270,7 +262,6 @@
- Cipher = AES-128-CTR
- Key = 7E24067817FAE0D743D6CE1F32539163
- IV = 00000000000000007FFFFFFFFFFFFFFF
--Operation = ENCRYPT
- Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F
- Ciphertext = A2D459477E6432BD74184B1B5370D2243CDC202BC43583B2A55D288CDBBD1E03
-
-@@ -462,178 +453,78 @@
-
- # OFB tests from OpenSSL upstream.
-
--# OFB-AES128.Encrypt
-+# OFB-AES128
- Cipher = AES-128-OFB
- Key = 2B7E151628AED2A6ABF7158809CF4F3C
- IV = 000102030405060708090A0B0C0D0E0F
--Operation = ENCRYPT
- Plaintext = 6BC1BEE22E409F96E93D7E117393172A
- Ciphertext = 3B3FD92EB72DAD20333449F8E83CFB4A
-
- Cipher = AES-128-OFB
- Key = 2B7E151628AED2A6ABF7158809CF4F3C
- IV = 50FE67CC996D32B6DA0937E99BAFEC60
--Operation = ENCRYPT
- Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51
- Ciphertext = 7789508D16918F03F53C52DAC54ED825
-
- Cipher = AES-128-OFB
- Key = 2B7E151628AED2A6ABF7158809CF4F3C
- IV = D9A4DADA0892239F6B8B3D7680E15674
--Operation = ENCRYPT
- Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF
- Ciphertext = 9740051E9C5FECF64344F7A82260EDCC
-
- Cipher = AES-128-OFB
- Key = 2B7E151628AED2A6ABF7158809CF4F3C
- IV = A78819583F0308E7A6BF36B1386ABF23
--Operation = ENCRYPT
- Plaintext = F69F2445DF4F9B17AD2B417BE66C3710
- Ciphertext = 304C6528F659C77866A510D9C1D6AE5E
-
--# OFB-AES128.Decrypt
--Cipher = AES-128-OFB
--Key = 2B7E151628AED2A6ABF7158809CF4F3C
--IV = 000102030405060708090A0B0C0D0E0F
--Operation = DECRYPT
--Plaintext = 6BC1BEE22E409F96E93D7E117393172A
--Ciphertext = 3B3FD92EB72DAD20333449F8E83CFB4A
--
--Cipher = AES-128-OFB
--Key = 2B7E151628AED2A6ABF7158809CF4F3C
--IV = 50FE67CC996D32B6DA0937E99BAFEC60
--Operation = DECRYPT
--Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51
--Ciphertext = 7789508D16918F03F53C52DAC54ED825
--
--Cipher = AES-128-OFB
--Key = 2B7E151628AED2A6ABF7158809CF4F3C
--IV = D9A4DADA0892239F6B8B3D7680E15674
--Operation = DECRYPT
--Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF
--Ciphertext = 9740051E9C5FECF64344F7A82260EDCC
--
--Cipher = AES-128-OFB
--Key = 2B7E151628AED2A6ABF7158809CF4F3C
--IV = A78819583F0308E7A6BF36B1386ABF23
--Operation = DECRYPT
--Plaintext = F69F2445DF4F9B17AD2B417BE66C3710
--Ciphertext = 304C6528F659C77866A510D9C1D6AE5E
--
--# OFB-AES192.Encrypt
-+# OFB-AES192
- Cipher = AES-192-OFB
- Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B
- IV = 000102030405060708090A0B0C0D0E0F
--Operation = ENCRYPT
- Plaintext = 6BC1BEE22E409F96E93D7E117393172A
- Ciphertext = CDC80D6FDDF18CAB34C25909C99A4174
-
- Cipher = AES-192-OFB
- Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B
- IV = A609B38DF3B1133DDDFF2718BA09565E
--Operation = ENCRYPT
- Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51
- Ciphertext = FCC28B8D4C63837C09E81700C1100401
-
- Cipher = AES-192-OFB
- Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B
- IV = 52EF01DA52602FE0975F78AC84BF8A50
--Operation = ENCRYPT
- Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF
- Ciphertext = 8D9A9AEAC0F6596F559C6D4DAF59A5F2
-
- Cipher = AES-192-OFB
- Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B
- IV = BD5286AC63AABD7EB067AC54B553F71D
--Operation = ENCRYPT
- Plaintext = F69F2445DF4F9B17AD2B417BE66C3710
- Ciphertext = 6D9F200857CA6C3E9CAC524BD9ACC92A
-
--# OFB-AES192.Decrypt
--Cipher = AES-192-OFB
--Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B
--IV = 000102030405060708090A0B0C0D0E0F
--Operation = ENCRYPT
--Plaintext = 6BC1BEE22E409F96E93D7E117393172A
--Ciphertext = CDC80D6FDDF18CAB34C25909C99A4174
--
--Cipher = AES-192-OFB
--Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B
--IV = A609B38DF3B1133DDDFF2718BA09565E
--Operation = ENCRYPT
--Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51
--Ciphertext = FCC28B8D4C63837C09E81700C1100401
--
--Cipher = AES-192-OFB
--Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B
--IV = 52EF01DA52602FE0975F78AC84BF8A50
--Operation = ENCRYPT
--Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF
--Ciphertext = 8D9A9AEAC0F6596F559C6D4DAF59A5F2
--
--Cipher = AES-192-OFB
--Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B
--IV = BD5286AC63AABD7EB067AC54B553F71D
--Operation = ENCRYPT
--Plaintext = F69F2445DF4F9B17AD2B417BE66C3710
--Ciphertext = 6D9F200857CA6C3E9CAC524BD9ACC92A
--
--# OFB-AES256.Encrypt
-+# OFB-AES256
- Cipher = AES-256-OFB
- Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4
- IV = 000102030405060708090A0B0C0D0E0F
--Operation = ENCRYPT
- Plaintext = 6BC1BEE22E409F96E93D7E117393172A
- Ciphertext = DC7E84BFDA79164B7ECD8486985D3860
-
- Cipher = AES-256-OFB
- Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4
- IV = B7BF3A5DF43989DD97F0FA97EBCE2F4A
--Operation = ENCRYPT
- Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51
- Ciphertext = 4FEBDC6740D20B3AC88F6AD82A4FB08D
-
- Cipher = AES-256-OFB
- Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4
- IV = E1C656305ED1A7A6563805746FE03EDC
--Operation = ENCRYPT
- Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF
- Ciphertext = 71AB47A086E86EEDF39D1C5BBA97C408
-
- Cipher = AES-256-OFB
- Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4
- IV = 41635BE625B48AFC1666DD42A09D96E7
--Operation = ENCRYPT
--Plaintext = F69F2445DF4F9B17AD2B417BE66C3710
--Ciphertext = 0126141D67F37BE8538F5A8BE740E484
--
--
--# OFB-AES256.Decrypt
--Cipher = AES-256-OFB
--Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4
--IV = 000102030405060708090A0B0C0D0E0F
--Operation = DECRYPT
--Plaintext = 6BC1BEE22E409F96E93D7E117393172A
--Ciphertext = DC7E84BFDA79164B7ECD8486985D3860
--
--Cipher = AES-256-OFB
--Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4
--IV = B7BF3A5DF43989DD97F0FA97EBCE2F4A
--Operation = DECRYPT
--Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51
--Ciphertext = 4FEBDC6740D20B3AC88F6AD82A4FB08D
--
--Cipher = AES-256-OFB
--Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4
--IV = E1C656305ED1A7A6563805746FE03EDC
--Operation = DECRYPT
--Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF
--Ciphertext = 71AB47A086E86EEDF39D1C5BBA97C408
--
--Cipher = AES-256-OFB
--Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4
--IV = 41635BE625B48AFC1666DD42A09D96E7
--Operation = DECRYPT
- Plaintext = F69F2445DF4F9B17AD2B417BE66C3710
- Ciphertext = 0126141D67F37BE8538F5A8BE740E484
-
-@@ -667,7 +558,6 @@
- # AES-192-ECB tests from FIPS-197
- Cipher = AES-192-ECB
- Key = 000102030405060708090A0B0C0D0E0F1011121314151617
--Operation = ENCRYPT
- Plaintext = 00112233445566778899AABBCCDDEEFF
- Ciphertext = DDA97CA4864CDFE06EAF70A0EC0D7191
-
-From 502fceede9e9856ce9eb913d697490b58886ca38 Mon Sep 17 00:00:00 2001
-From: David Benjamin <davidben at google.com>
-Date: Fri, 19 Mar 2021 12:15:49 -0400
-Subject: [PATCH] Test empty EVP_CIPHER inputs and fix exact memcpy overlap.
-
-See also 8129ac6ac4c0ca3a488c225cde580ede7dabe874 and
-81198bf323ea9deda907714170d329ca7d2ff01f from upstream.
-
-In trying to figure out why ASan (which normally catches overlapping
-memcpys) didn't flag this, I noticed that we actually don't have tests
-for empty inputs. I've added them to cipher_tests.txt where missing and
-fixed a bad assert in ofb.c.
-
-ASan still doesn't flag this because LLVM even requires memcpy handle
-dst == src. Still, fixing it is less effort than getting a clear answer
-from GCC and MSVC. Though this puts us in the frustrating position of
-trying to follow a C rule that our main toolchain and sanitizer disavow.
-https://bugs.llvm.org/show_bug.cgi?id=11763
-https://reviews.llvm.org/D86993
-
-Change-Id: I53c64a84834ddf5cddca0b3d53a29998f666ea2f
-Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/46285
-Commit-Queue: David Benjamin <davidben at google.com>
-Reviewed-by: Adam Langley <agl at google.com>
----
-
-diff --git a/crypto/cipher_extra/test/cipher_tests.txt b/crypto/cipher_extra/test/cipher_tests.txt
-index 52fd4af..bf7325e 100644
---- a/crypto/cipher_extra/test/cipher_tests.txt
-+++ b/crypto/cipher_extra/test/cipher_tests.txt
-@@ -29,6 +29,11 @@
- Plaintext = 00000000000000000000
- Ciphertext = d6a141a7ec3c38dfbd61
-
-+Cipher = RC4
-+Key = ef012345ef012345ef012345ef012345
-+Plaintext =
-+Ciphertext =
-+
-
- # DES EDE3 ECB tests
- Cipher = DES-EDE3
-@@ -81,6 +86,11 @@
- Plaintext = cc7569d005afd1a365f5c5836c14475fc15091199902af4a78460d56c16f91ca
- Ciphertext = 64db8af7a30363051a017cc92ed67ac6c0e2e1ffda0c94bbf0eeb803ba6b3d22
-
-+Cipher = DES-EDE3
-+Key = 2e8eb05dd8a2b7a5a61a6b8a3830b12da2c4b1bea1e884d5
-+Plaintext =
-+Ciphertext =
-+
-
- # DES EDE3 CBC tests (from destest)
- Cipher = DES-EDE3-CBC
-@@ -89,6 +99,12 @@
- Plaintext = 37363534333231204E6F77206973207468652074696D6520666F722000000000
- Ciphertext = 3FE301C962AC01D02213763C1CBD4CDC799657C064ECF5D41C673812CFDE9675
-
-+Cipher = DES-EDE3-CBC
-+Key = 0123456789abcdeff1e0d3c2b5a49786fedcba9876543210
-+IV = fedcba9876543210
-+Plaintext =
-+Ciphertext =
-+
-
- # DES EDE CBC tests
- Cipher = DES-EDE-CBC
-@@ -97,6 +113,12 @@
- Plaintext = 37363534333231204E6F77206973207468652074696D6520666F722000000000
- Ciphertext = 7948C0DA4FE91CD815DCA96DBC9B60A857EB954F4DEB08EB98722642AE69257B
-
-+Cipher = DES-EDE-CBC
-+Key = 0123456789abcdeff1e0d3c2b5a49786
-+IV = fedcba9876543210
-+Plaintext =
-+Ciphertext =
-+
-
- # DES EDE tests
- Cipher = DES-EDE
-@@ -105,6 +127,12 @@
- Plaintext = 37363534333231204E6F77206973207468652074696D6520666F722000000000
- Ciphertext = 22E889402E28422F8167AD279D90A566DA75B734E12C671FC2669AECB3E4FE8F
-
-+Cipher = DES-EDE
-+Key = 0123456789abcdeff1e0d3c2b5a49786
-+IV = fedcba9876543210
-+Plaintext =
-+Ciphertext =
-+
-
- # AES 128 ECB tests (from FIPS-197 test vectors, encrypt)
- Cipher = AES-128-ECB
-@@ -112,6 +140,11 @@
- Plaintext = 00112233445566778899AABBCCDDEEFF
- Ciphertext = 69C4E0D86A7B0430D8CDB78070B4C55A
-
-+Cipher = AES-128-ECB
-+Key = 000102030405060708090A0B0C0D0E0F
-+Plaintext =
-+Ciphertext =
-+
-
- # AES 256 ECB tests (from FIPS-197 test vectors, encrypt)
- Cipher = AES-256-ECB
-@@ -119,6 +152,11 @@
- Plaintext = 00112233445566778899AABBCCDDEEFF
- Ciphertext = 8EA2B7CA516745BFEAFC49904B496089
-
-+Cipher = AES-256-ECB
-+Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F
-+Plaintext =
-+Ciphertext =
-+
-
- # AES tests from NIST document SP800-38A
- # For all ECB encrypts and decrypts, the transformed sequence is
-@@ -194,6 +232,12 @@
- Plaintext = F69F2445DF4F9B17AD2B417BE66C3710
- Ciphertext = 3FF1CAA1681FAC09120ECA307586E1A7
-
-+Cipher = AES-128-CBC
-+Key = 2B7E151628AED2A6ABF7158809CF4F3C
-+IV = 73BED6B8E3C1743B7116E69E22229516
-+Plaintext =
-+Ciphertext =
-+
-
- # CBC-AES256.Encrypt and CBC-AES256.Decrypt
- Cipher = AES-256-CBC
-@@ -220,6 +264,12 @@
- Plaintext = F69F2445DF4F9B17AD2B417BE66C3710
- Ciphertext = B2EB05E2C39BE9FCDA6C19078C6A9D1B
-
-+Cipher = AES-256-CBC
-+Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4
-+IV = 39F23369A9D9BACFA530E26304231461
-+Plaintext =
-+Ciphertext =
-+
-
- # AES Counter test vectors from RFC3686
- Cipher = AES-128-CTR
-@@ -247,6 +297,12 @@
- Ciphertext = 145AD01DBF824EC7560863DC71E3E0C0
-
- Cipher = AES-256-CTR
-+Key = 776BEFF2851DB06F4C8A0542C8696F6C6A81AF1EEC96B4D37FC1D689E6C1C104
-+IV = 00000060DB5672C97AA8F0B200000001
-+Plaintext =
-+Ciphertext =
-+
-+Cipher = AES-256-CTR
- Key = F6D66D6BD52D59BB0796365879EFF886C66DD51A5B6A99744B50590C87A23884
- IV = 00FAAC24C1585EF15A43D87500000001
- Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F
-@@ -258,6 +314,12 @@
- Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223
- Ciphertext = EB6C52821D0BBBF7CE7594462ACA4FAAB407DF866569FD07F48CC0B583D6071F1EC0E6B8
-
-+Cipher = AES-256-CTR
-+Key = FF7A617CE69148E4F1726E2F43581DE2AA62D9F805532EDFF1EED687FB54153D
-+IV = 001CC5B751A51D70A1C1114800000001
-+Plaintext =
-+Ciphertext =
-+
- # Regression test for https://github.com/openssl/openssl/issues/1916.
- Cipher = AES-128-CTR
- Key = 7E24067817FAE0D743D6CE1F32539163
-@@ -478,6 +540,13 @@
- Plaintext = F69F2445DF4F9B17AD2B417BE66C3710
- Ciphertext = 304C6528F659C77866A510D9C1D6AE5E
-
-+Cipher = AES-128-OFB
-+Key = 2B7E151628AED2A6ABF7158809CF4F3C
-+IV = A78819583F0308E7A6BF36B1386ABF23
-+Plaintext =
-+Ciphertext =
-+
-+
- # OFB-AES192
- Cipher = AES-192-OFB
- Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B
-@@ -503,6 +572,13 @@
- Plaintext = F69F2445DF4F9B17AD2B417BE66C3710
- Ciphertext = 6D9F200857CA6C3E9CAC524BD9ACC92A
-
-+Cipher = AES-192-OFB
-+Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B
-+IV = BD5286AC63AABD7EB067AC54B553F71D
-+Plaintext =
-+Ciphertext =
-+
-+
- # OFB-AES256
- Cipher = AES-256-OFB
- Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4
-@@ -528,6 +604,12 @@
- Plaintext = F69F2445DF4F9B17AD2B417BE66C3710
- Ciphertext = 0126141D67F37BE8538F5A8BE740E484
-
-+Cipher = AES-256-OFB
-+Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4
-+IV = 41635BE625B48AFC1666DD42A09D96E7
-+Plaintext =
-+Ciphertext =
-+
-
- # AES-192 CBC-mode test from upstream OpenSSL.
- Cipher = AES-192-CBC
-@@ -619,3 +701,8 @@
- Key = FEDCBA9876543210
- Plaintext = 0123456789ABCDEF
- Ciphertext = ED39D950FA74BCC4
-+
-+Cipher = DES-ECB
-+Key = FEDCBA9876543210
-+Plaintext =
-+Ciphertext =
-diff --git a/crypto/fipsmodule/modes/cbc.c b/crypto/fipsmodule/modes/cbc.c
-index 3f1d777..750c575 100644
---- a/crypto/fipsmodule/modes/cbc.c
-+++ b/crypto/fipsmodule/modes/cbc.c
-@@ -57,12 +57,15 @@
- void CRYPTO_cbc128_encrypt(const uint8_t *in, uint8_t *out, size_t len,
- const AES_KEY *key, uint8_t ivec[16],
- block128_f block) {
-+ assert(key != NULL && ivec != NULL);
-+ if (len == 0) {
-+ // Avoid |ivec| == |iv| in the |memcpy| below, which is not legal in C.
-+ return;
-+ }
-+
-+ assert(in != NULL && out != NULL);
- size_t n;
- const uint8_t *iv = ivec;
--
-- assert(key != NULL && ivec != NULL);
-- assert(len == 0 || (in != NULL && out != NULL));
--
- while (len >= 16) {
- for (n = 0; n < 16; n += sizeof(size_t)) {
- store_word_le(out + n, load_word_le(in + n) ^ load_word_le(iv + n));
-@@ -97,20 +100,25 @@
- void CRYPTO_cbc128_decrypt(const uint8_t *in, uint8_t *out, size_t len,
- const AES_KEY *key, uint8_t ivec[16],
- block128_f block) {
-- size_t n;
-- union {
-- size_t t[16 / sizeof(size_t)];
-- uint8_t c[16];
-- } tmp;
--
- assert(key != NULL && ivec != NULL);
-- assert(len == 0 || (in != NULL && out != NULL));
-+ if (len == 0) {
-+ // Avoid |ivec| == |iv| in the |memcpy| below, which is not legal in C.
-+ return;
-+ }
-+
-+ assert(in != NULL && out != NULL);
-
- const uintptr_t inptr = (uintptr_t) in;
- const uintptr_t outptr = (uintptr_t) out;
- // If |in| and |out| alias, |in| must be ahead.
- assert(inptr >= outptr || inptr + len <= outptr);
-
-+ size_t n;
-+ union {
-+ size_t t[16 / sizeof(size_t)];
-+ uint8_t c[16];
-+ } tmp;
-+
- if ((inptr >= 32 && outptr <= inptr - 32) || inptr < outptr) {
- // If |out| is at least two blocks behind |in| or completely disjoint, there
- // is no need to decrypt to a temporary block.
-diff --git a/crypto/fipsmodule/modes/ofb.c b/crypto/fipsmodule/modes/ofb.c
-index 4c70ce6..9d73d8a 100644
---- a/crypto/fipsmodule/modes/ofb.c
-+++ b/crypto/fipsmodule/modes/ofb.c
-@@ -60,7 +60,8 @@
- void CRYPTO_ofb128_encrypt(const uint8_t *in, uint8_t *out, size_t len,
- const AES_KEY *key, uint8_t ivec[16], unsigned *num,
- block128_f block) {
-- assert(in && out && key && ivec && num);
-+ assert(key != NULL && ivec != NULL && num != NULL);
-+ assert(len == 0 || (in != NULL && out != NULL));
-
- unsigned n = *num;
-
-From 8d4c8fc41be567bca17ce7c15304dc06539a060a Mon Sep 17 00:00:00 2001
-From: David Benjamin <davidben at google.com>
-Date: Mon, 29 Mar 2021 12:59:55 -0400
-Subject: [PATCH] Make words in crypto/fipsmodule/modes actually words.
-
-It's a little confusing to have load_word_le but actually use size_t
-instead of crypto_word_t.
-
-NOTE: on some platforms, notably NaCl, crypto_word_t is larger than
-size_t. (Do we still need to support this?) We don't have a good testing
-story here, so I tested it by hacking up a 32-bit x86 build to think it
-was OPENSSL_64_BIT.
-
-Change-Id: Ia0ce469e86803f22655fe2d9659a6a5db766429f
-Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/46424
-Reviewed-by: Adam Langley <agl at google.com>
----
-
-diff --git a/crypto/fipsmodule/modes/cbc.c b/crypto/fipsmodule/modes/cbc.c
-index 750c575..ee3a186 100644
---- a/crypto/fipsmodule/modes/cbc.c
-+++ b/crypto/fipsmodule/modes/cbc.c
-@@ -67,7 +67,7 @@
- size_t n;
- const uint8_t *iv = ivec;
- while (len >= 16) {
-- for (n = 0; n < 16; n += sizeof(size_t)) {
-+ for (n = 0; n < 16; n += sizeof(crypto_word_t)) {
- store_word_le(out + n, load_word_le(in + n) ^ load_word_le(iv + n));
- }
- (*block)(out, out, key);
-@@ -115,19 +115,19 @@
-
- size_t n;
- union {
-- size_t t[16 / sizeof(size_t)];
-+ crypto_word_t t[16 / sizeof(crypto_word_t)];
- uint8_t c[16];
- } tmp;
-
- if ((inptr >= 32 && outptr <= inptr - 32) || inptr < outptr) {
- // If |out| is at least two blocks behind |in| or completely disjoint, there
- // is no need to decrypt to a temporary block.
-- OPENSSL_STATIC_ASSERT(16 % sizeof(size_t) == 0,
-+ OPENSSL_STATIC_ASSERT(16 % sizeof(crypto_word_t) == 0,
- "block cannot be evenly divided into words");
- const uint8_t *iv = ivec;
- while (len >= 16) {
- (*block)(in, out, key);
-- for (n = 0; n < 16; n += sizeof(size_t)) {
-+ for (n = 0; n < 16; n += sizeof(crypto_word_t)) {
- store_word_le(out + n, load_word_le(out + n) ^ load_word_le(iv + n));
- }
- iv = in;
-@@ -137,15 +137,15 @@
- }
- OPENSSL_memcpy(ivec, iv, 16);
- } else {
-- OPENSSL_STATIC_ASSERT(16 % sizeof(size_t) == 0,
-+ OPENSSL_STATIC_ASSERT(16 % sizeof(crypto_word_t) == 0,
- "block cannot be evenly divided into words");
-
- while (len >= 16) {
- (*block)(in, tmp.c, key);
-- for (n = 0; n < 16; n += sizeof(size_t)) {
-- size_t c = load_word_le(in + n);
-- store_word_le(out + n,
-- tmp.t[n / sizeof(size_t)] ^ load_word_le(ivec + n));
-+ for (n = 0; n < 16; n += sizeof(crypto_word_t)) {
-+ crypto_word_t c = load_word_le(in + n);
-+ store_word_le(
-+ out + n, tmp.t[n / sizeof(crypto_word_t)] ^ load_word_le(ivec + n));
- store_word_le(ivec + n, c);
- }
- len -= 16;
-diff --git a/crypto/fipsmodule/modes/cfb.c b/crypto/fipsmodule/modes/cfb.c
-index 8ca9004..01291c8 100644
---- a/crypto/fipsmodule/modes/cfb.c
-+++ b/crypto/fipsmodule/modes/cfb.c
-@@ -72,8 +72,8 @@
- }
- while (len >= 16) {
- (*block)(ivec, ivec, key);
-- for (; n < 16; n += sizeof(size_t)) {
-- size_t tmp = load_word_le(ivec + n) ^ load_word_le(in + n);
-+ for (; n < 16; n += sizeof(crypto_word_t)) {
-+ crypto_word_t tmp = load_word_le(ivec + n) ^ load_word_le(in + n);
- store_word_le(ivec + n, tmp);
- store_word_le(out + n, tmp);
- }
-@@ -101,8 +101,8 @@
- }
- while (len >= 16) {
- (*block)(ivec, ivec, key);
-- for (; n < 16; n += sizeof(size_t)) {
-- size_t t = load_word_le(in + n);
-+ for (; n < 16; n += sizeof(crypto_word_t)) {
-+ crypto_word_t t = load_word_le(in + n);
- store_word_le(out + n, load_word_le(ivec + n) ^ t);
- store_word_le(ivec + n, t);
- }
-diff --git a/crypto/fipsmodule/modes/ctr.c b/crypto/fipsmodule/modes/ctr.c
-index 8b0e059..cfb2184 100644
---- a/crypto/fipsmodule/modes/ctr.c
-+++ b/crypto/fipsmodule/modes/ctr.c
-@@ -69,8 +69,8 @@
- } while (n);
- }
-
--OPENSSL_STATIC_ASSERT(16 % sizeof(size_t) == 0,
-- "block cannot be divided into size_t");
-+OPENSSL_STATIC_ASSERT(16 % sizeof(crypto_word_t) == 0,
-+ "block cannot be divided into crypto_word_t");
-
- // The input encrypted as though 128bit counter mode is being used. The extra
- // state information to record how much of the 128bit block we have used is
-@@ -102,7 +102,7 @@
- while (len >= 16) {
- (*block)(ivec, ecount_buf, key);
- ctr128_inc(ivec);
-- for (n = 0; n < 16; n += sizeof(size_t)) {
-+ for (n = 0; n < 16; n += sizeof(crypto_word_t)) {
- store_word_le(out + n,
- load_word_le(in + n) ^ load_word_le(ecount_buf + n));
- }
-diff --git a/crypto/fipsmodule/modes/gcm.c b/crypto/fipsmodule/modes/gcm.c
-index 14fff86..077369d 100644
---- a/crypto/fipsmodule/modes/gcm.c
-+++ b/crypto/fipsmodule/modes/gcm.c
-@@ -73,7 +73,7 @@
-
- #if defined(GHASH_ASM_X86_64) || defined(GHASH_ASM_X86)
- static inline void gcm_reduce_1bit(u128 *V) {
-- if (sizeof(size_t) == 8) {
-+ if (sizeof(crypto_word_t) == 8) {
- uint64_t T = UINT64_C(0xe100000000000000) & (0 - (V->hi & 1));
- V->hi = (V->lo << 63) | (V->hi >> 1);
- V->lo = (V->lo >> 1) ^ T;
-@@ -377,9 +377,9 @@
- (*block)(ctx->Yi.c, ctx->EKi.c, key);
- ++ctr;
- ctx->Yi.d[3] = CRYPTO_bswap4(ctr);
-- for (size_t i = 0; i < 16; i += sizeof(size_t)) {
-- store_word_le(out + i,
-- load_word_le(in + i) ^ ctx->EKi.t[i / sizeof(size_t)]);
-+ for (size_t i = 0; i < 16; i += sizeof(crypto_word_t)) {
-+ store_word_le(out + i, load_word_le(in + i) ^
-+ ctx->EKi.t[i / sizeof(crypto_word_t)]);
- }
- out += 16;
- in += 16;
-@@ -394,9 +394,9 @@
- (*block)(ctx->Yi.c, ctx->EKi.c, key);
- ++ctr;
- ctx->Yi.d[3] = CRYPTO_bswap4(ctr);
-- for (size_t i = 0; i < 16; i += sizeof(size_t)) {
-- store_word_le(out + i,
-- load_word_le(in + i) ^ ctx->EKi.t[i / sizeof(size_t)]);
-+ for (size_t i = 0; i < 16; i += sizeof(crypto_word_t)) {
-+ store_word_le(out + i, load_word_le(in + i) ^
-+ ctx->EKi.t[i / sizeof(crypto_word_t)]);
- }
- out += 16;
- in += 16;
-@@ -468,9 +468,9 @@
- (*block)(ctx->Yi.c, ctx->EKi.c, key);
- ++ctr;
- ctx->Yi.d[3] = CRYPTO_bswap4(ctr);
-- for (size_t i = 0; i < 16; i += sizeof(size_t)) {
-- store_word_le(out + i,
-- load_word_le(in + i) ^ ctx->EKi.t[i / sizeof(size_t)]);
-+ for (size_t i = 0; i < 16; i += sizeof(crypto_word_t)) {
-+ store_word_le(out + i, load_word_le(in + i) ^
-+ ctx->EKi.t[i / sizeof(crypto_word_t)]);
- }
- out += 16;
- in += 16;
-@@ -485,9 +485,9 @@
- (*block)(ctx->Yi.c, ctx->EKi.c, key);
- ++ctr;
- ctx->Yi.d[3] = CRYPTO_bswap4(ctr);
-- for (size_t i = 0; i < 16; i += sizeof(size_t)) {
-- store_word_le(out + i,
-- load_word_le(in + i) ^ ctx->EKi.t[i / sizeof(size_t)]);
-+ for (size_t i = 0; i < 16; i += sizeof(crypto_word_t)) {
-+ store_word_le(out + i, load_word_le(in + i) ^
-+ ctx->EKi.t[i / sizeof(crypto_word_t)]);
- }
- out += 16;
- in += 16;
-diff --git a/crypto/fipsmodule/modes/internal.h b/crypto/fipsmodule/modes/internal.h
-index 2693fa6..bf25023 100644
---- a/crypto/fipsmodule/modes/internal.h
-+++ b/crypto/fipsmodule/modes/internal.h
-@@ -75,13 +75,13 @@
- OPENSSL_memcpy(out, &v, sizeof(v));
- }
-
--static inline size_t load_word_le(const void *in) {
-- size_t v;
-+static inline crypto_word_t load_word_le(const void *in) {
-+ crypto_word_t v;
- OPENSSL_memcpy(&v, in, sizeof(v));
- return v;
- }
-
--static inline void store_word_le(void *out, size_t v) {
-+static inline void store_word_le(void *out, crypto_word_t v) {
- OPENSSL_memcpy(out, &v, sizeof(v));
- }
-
-@@ -171,7 +171,7 @@
- uint64_t u[2];
- uint32_t d[4];
- uint8_t c[16];
-- size_t t[16 / sizeof(size_t)];
-+ crypto_word_t t[16 / sizeof(crypto_word_t)];
- } Yi, EKi, EK0, len, Xi;
-
- // Note that the order of |Xi| and |gcm_key| is fixed by the MOVBE-based,
-From ca4598781a37b6d3f2f7a63593229cd7570a194f Mon Sep 17 00:00:00 2001
-From: David Benjamin <davidben at google.com>
-Date: Mon, 29 Mar 2021 12:54:16 -0400
-Subject: [PATCH] Move load/store helpers to crypto/internal.h.
-
-We have loads of variations of these. Align them in one set. This avoids
-the HOST_* macros defined by md32_common.h, so it'll be a little easier
-to make it a more conventional header.
-
-Change-Id: Id47fe7b51a8f961bd87839f8146d8a5aa8027aa6
-Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/46425
-Reviewed-by: Adam Langley <agl at google.com>
----
-
-diff --git a/crypto/fipsmodule/digest/md32_common.h b/crypto/fipsmodule/digest/md32_common.h
-index 07d39d9..a0634d1 100644
---- a/crypto/fipsmodule/digest/md32_common.h
-+++ b/crypto/fipsmodule/digest/md32_common.h
-@@ -136,44 +136,6 @@
- #error "HASH_MAKE_STRING must be defined!"
- #endif
-
--#if defined(DATA_ORDER_IS_BIG_ENDIAN)
--
--#define HOST_c2l(c, l) \
-- do { \
-- (l) = (((uint32_t)(*((c)++))) << 24); \
-- (l) |= (((uint32_t)(*((c)++))) << 16); \
-- (l) |= (((uint32_t)(*((c)++))) << 8); \
-- (l) |= (((uint32_t)(*((c)++)))); \
-- } while (0)
--
--#define HOST_l2c(l, c) \
-- do { \
-- *((c)++) = (uint8_t)(((l) >> 24) & 0xff); \
-- *((c)++) = (uint8_t)(((l) >> 16) & 0xff); \
-- *((c)++) = (uint8_t)(((l) >> 8) & 0xff); \
-- *((c)++) = (uint8_t)(((l)) & 0xff); \
-- } while (0)
--
--#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
--
--#define HOST_c2l(c, l) \
-- do { \
-- (l) = (((uint32_t)(*((c)++)))); \
-- (l) |= (((uint32_t)(*((c)++))) << 8); \
-- (l) |= (((uint32_t)(*((c)++))) << 16); \
-- (l) |= (((uint32_t)(*((c)++))) << 24); \
-- } while (0)
--
--#define HOST_l2c(l, c) \
-- do { \
-- *((c)++) = (uint8_t)(((l)) & 0xff); \
-- *((c)++) = (uint8_t)(((l) >> 8) & 0xff); \
-- *((c)++) = (uint8_t)(((l) >> 16) & 0xff); \
-- *((c)++) = (uint8_t)(((l) >> 24) & 0xff); \
-- } while (0)
--
--#endif // DATA_ORDER
--
- int HASH_UPDATE(HASH_CTX *c, const void *data_, size_t len) {
- const uint8_t *data = data_;
-
-@@ -247,13 +209,12 @@
- // Append a 64-bit length to the block and process it.
- uint8_t *p = c->data + HASH_CBLOCK - 8;
- #if defined(DATA_ORDER_IS_BIG_ENDIAN)
-- HOST_l2c(c->Nh, p);
-- HOST_l2c(c->Nl, p);
-+ CRYPTO_store_u32_be(p, c->Nh);
-+ CRYPTO_store_u32_be(p + 4, c->Nl);
- #elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
-- HOST_l2c(c->Nl, p);
-- HOST_l2c(c->Nh, p);
-+ CRYPTO_store_u32_le(p, c->Nl);
-+ CRYPTO_store_u32_le(p + 4, c->Nh);
- #endif
-- assert(p == c->data + HASH_CBLOCK);
- HASH_BLOCK_DATA_ORDER(c->h, c->data, 1);
- c->num = 0;
- OPENSSL_memset(c->data, 0, HASH_CBLOCK);
-diff --git a/crypto/fipsmodule/md4/md4.c b/crypto/fipsmodule/md4/md4.c
-index cc2a631..0551664 100644
---- a/crypto/fipsmodule/md4/md4.c
-+++ b/crypto/fipsmodule/md4/md4.c
-@@ -92,17 +92,16 @@
- #define HASH_UPDATE MD4_Update
- #define HASH_TRANSFORM MD4_Transform
- #define HASH_FINAL MD4_Final
--#define HASH_MAKE_STRING(c, s) \
-- do { \
-- uint32_t ll; \
-- ll = (c)->h[0]; \
-- HOST_l2c(ll, (s)); \
-- ll = (c)->h[1]; \
-- HOST_l2c(ll, (s)); \
-- ll = (c)->h[2]; \
-- HOST_l2c(ll, (s)); \
-- ll = (c)->h[3]; \
-- HOST_l2c(ll, (s)); \
-+#define HASH_MAKE_STRING(c, s) \
-+ do { \
-+ CRYPTO_store_u32_le((s), (c)->h[0]); \
-+ (s) += 4; \
-+ CRYPTO_store_u32_le((s), (c)->h[1]); \
-+ (s) += 4; \
-+ CRYPTO_store_u32_le((s), (c)->h[2]); \
-+ (s) += 4; \
-+ CRYPTO_store_u32_le((s), (c)->h[3]); \
-+ (s) += 4; \
- } while (0)
- #define HASH_BLOCK_DATA_ORDER md4_block_data_order
-
-@@ -136,7 +135,7 @@
- } while (0)
-
- void md4_block_data_order(uint32_t *state, const uint8_t *data, size_t num) {
-- uint32_t A, B, C, D, l;
-+ uint32_t A, B, C, D;
- uint32_t X0, X1, X2, X3, X4, X5, X6, X7, X8, X9, X10, X11, X12, X13, X14, X15;
-
- A = state[0];
-@@ -145,53 +144,53 @@
- D = state[3];
-
- for (; num--;) {
-- HOST_c2l(data, l);
-- X0 = l;
-- HOST_c2l(data, l);
-- X1 = l;
-+ X0 = CRYPTO_load_u32_le(data);
-+ data += 4;
-+ X1 = CRYPTO_load_u32_le(data);
-+ data += 4;
- // Round 0
- R0(A, B, C, D, X0, 3, 0);
-- HOST_c2l(data, l);
-- X2 = l;
-+ X2 = CRYPTO_load_u32_le(data);
-+ data += 4;
- R0(D, A, B, C, X1, 7, 0);
-- HOST_c2l(data, l);
-- X3 = l;
-+ X3 = CRYPTO_load_u32_le(data);
-+ data += 4;
- R0(C, D, A, B, X2, 11, 0);
-- HOST_c2l(data, l);
-- X4 = l;
-+ X4 = CRYPTO_load_u32_le(data);
-+ data += 4;
- R0(B, C, D, A, X3, 19, 0);
-- HOST_c2l(data, l);
-- X5 = l;
-+ X5 = CRYPTO_load_u32_le(data);
-+ data += 4;
- R0(A, B, C, D, X4, 3, 0);
-- HOST_c2l(data, l);
-- X6 = l;
-+ X6 = CRYPTO_load_u32_le(data);
-+ data += 4;
- R0(D, A, B, C, X5, 7, 0);
-- HOST_c2l(data, l);
-- X7 = l;
-+ X7 = CRYPTO_load_u32_le(data);
-+ data += 4;
- R0(C, D, A, B, X6, 11, 0);
-- HOST_c2l(data, l);
-- X8 = l;
-+ X8 = CRYPTO_load_u32_le(data);
-+ data += 4;
- R0(B, C, D, A, X7, 19, 0);
-- HOST_c2l(data, l);
-- X9 = l;
-+ X9 = CRYPTO_load_u32_le(data);
-+ data += 4;
- R0(A, B, C, D, X8, 3, 0);
-- HOST_c2l(data, l);
-- X10 = l;
-+ X10 = CRYPTO_load_u32_le(data);
-+ data += 4;
- R0(D, A, B, C, X9, 7, 0);
-- HOST_c2l(data, l);
-- X11 = l;
-+ X11 = CRYPTO_load_u32_le(data);
-+ data += 4;
- R0(C, D, A, B, X10, 11, 0);
-- HOST_c2l(data, l);
-- X12 = l;
-+ X12 = CRYPTO_load_u32_le(data);
-+ data += 4;
- R0(B, C, D, A, X11, 19, 0);
-- HOST_c2l(data, l);
-- X13 = l;
-+ X13 = CRYPTO_load_u32_le(data);
-+ data += 4;
- R0(A, B, C, D, X12, 3, 0);
-- HOST_c2l(data, l);
-- X14 = l;
-+ X14 = CRYPTO_load_u32_le(data);
-+ data += 4;
- R0(D, A, B, C, X13, 7, 0);
-- HOST_c2l(data, l);
-- X15 = l;
-+ X15 = CRYPTO_load_u32_le(data);
-+ data += 4;
- R0(C, D, A, B, X14, 11, 0);
- R0(B, C, D, A, X15, 19, 0);
- // Round 1
-@@ -252,5 +251,3 @@
- #undef R0
- #undef R1
- #undef R2
--#undef HOST_c2l
--#undef HOST_l2c
-diff --git a/crypto/fipsmodule/md5/md5.c b/crypto/fipsmodule/md5/md5.c
-index a48d704..bd6bf6a 100644
---- a/crypto/fipsmodule/md5/md5.c
-+++ b/crypto/fipsmodule/md5/md5.c
-@@ -98,17 +98,16 @@
- #define HASH_UPDATE MD5_Update
- #define HASH_TRANSFORM MD5_Transform
- #define HASH_FINAL MD5_Final
--#define HASH_MAKE_STRING(c, s) \
-- do { \
-- uint32_t ll; \
-- ll = (c)->h[0]; \
-- HOST_l2c(ll, (s)); \
-- ll = (c)->h[1]; \
-- HOST_l2c(ll, (s)); \
-- ll = (c)->h[2]; \
-- HOST_l2c(ll, (s)); \
-- ll = (c)->h[3]; \
-- HOST_l2c(ll, (s)); \
-+#define HASH_MAKE_STRING(c, s) \
-+ do { \
-+ CRYPTO_store_u32_le((s), (c)->h[0]); \
-+ (s) += 4; \
-+ CRYPTO_store_u32_le((s), (c)->h[1]); \
-+ (s) += 4; \
-+ CRYPTO_store_u32_le((s), (c)->h[2]); \
-+ (s) += 4; \
-+ CRYPTO_store_u32_le((s), (c)->h[3]); \
-+ (s) += 4; \
- } while (0)
- #define HASH_BLOCK_DATA_ORDER md5_block_data_order
-
-@@ -158,7 +157,7 @@
- #endif
- static void md5_block_data_order(uint32_t *state, const uint8_t *data,
- size_t num) {
-- uint32_t A, B, C, D, l;
-+ uint32_t A, B, C, D;
- uint32_t XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, XX8, XX9, XX10, XX11, XX12,
- XX13, XX14, XX15;
- #define X(i) XX##i
-@@ -169,53 +168,53 @@
- D = state[3];
-
- for (; num--;) {
-- HOST_c2l(data, l);
-- X(0) = l;
-- HOST_c2l(data, l);
-- X(1) = l;
-+ X(0) = CRYPTO_load_u32_le(data);
-+ data += 4;
-+ X(1) = CRYPTO_load_u32_le(data);
-+ data += 4;
- // Round 0
- R0(A, B, C, D, X(0), 7, 0xd76aa478L);
-- HOST_c2l(data, l);
-- X(2) = l;
-+ X(2) = CRYPTO_load_u32_le(data);
-+ data += 4;
- R0(D, A, B, C, X(1), 12, 0xe8c7b756L);
-- HOST_c2l(data, l);
-- X(3) = l;
-+ X(3) = CRYPTO_load_u32_le(data);
-+ data += 4;
- R0(C, D, A, B, X(2), 17, 0x242070dbL);
-- HOST_c2l(data, l);
-- X(4) = l;
-+ X(4) = CRYPTO_load_u32_le(data);
-+ data += 4;
- R0(B, C, D, A, X(3), 22, 0xc1bdceeeL);
-- HOST_c2l(data, l);
-- X(5) = l;
-+ X(5) = CRYPTO_load_u32_le(data);
-+ data += 4;
- R0(A, B, C, D, X(4), 7, 0xf57c0fafL);
-- HOST_c2l(data, l);
-- X(6) = l;
-+ X(6) = CRYPTO_load_u32_le(data);
-+ data += 4;
- R0(D, A, B, C, X(5), 12, 0x4787c62aL);
-- HOST_c2l(data, l);
-- X(7) = l;
-+ X(7) = CRYPTO_load_u32_le(data);
-+ data += 4;
- R0(C, D, A, B, X(6), 17, 0xa8304613L);
-- HOST_c2l(data, l);
-- X(8) = l;
-+ X(8) = CRYPTO_load_u32_le(data);
-+ data += 4;
- R0(B, C, D, A, X(7), 22, 0xfd469501L);
-- HOST_c2l(data, l);
-- X(9) = l;
-+ X(9) = CRYPTO_load_u32_le(data);
-+ data += 4;
- R0(A, B, C, D, X(8), 7, 0x698098d8L);
-- HOST_c2l(data, l);
-- X(10) = l;
-+ X(10) = CRYPTO_load_u32_le(data);
-+ data += 4;
- R0(D, A, B, C, X(9), 12, 0x8b44f7afL);
-- HOST_c2l(data, l);
-- X(11) = l;
-+ X(11) = CRYPTO_load_u32_le(data);
-+ data += 4;
- R0(C, D, A, B, X(10), 17, 0xffff5bb1L);
-- HOST_c2l(data, l);
-- X(12) = l;
-+ X(12) = CRYPTO_load_u32_le(data);
-+ data += 4;
- R0(B, C, D, A, X(11), 22, 0x895cd7beL);
-- HOST_c2l(data, l);
-- X(13) = l;
-+ X(13) = CRYPTO_load_u32_le(data);
-+ data += 4;
- R0(A, B, C, D, X(12), 7, 0x6b901122L);
-- HOST_c2l(data, l);
-- X(14) = l;
-+ X(14) = CRYPTO_load_u32_le(data);
-+ data += 4;
- R0(D, A, B, C, X(13), 12, 0xfd987193L);
-- HOST_c2l(data, l);
-- X(15) = l;
-+ X(15) = CRYPTO_load_u32_le(data);
-+ data += 4;
- R0(C, D, A, B, X(14), 17, 0xa679438eL);
- R0(B, C, D, A, X(15), 22, 0x49b40821L);
- // Round 1
-@@ -297,5 +296,3 @@
- #undef R1
- #undef R2
- #undef R3
--#undef HOST_c2l
--#undef HOST_l2c
-diff --git a/crypto/fipsmodule/modes/cbc.c b/crypto/fipsmodule/modes/cbc.c
-index ee3a186..192580e 100644
---- a/crypto/fipsmodule/modes/cbc.c
-+++ b/crypto/fipsmodule/modes/cbc.c
-@@ -52,6 +52,7 @@
- #include <openssl/type_check.h>
-
- #include "internal.h"
-+#include "../../internal.h"
-
-
- void CRYPTO_cbc128_encrypt(const uint8_t *in, uint8_t *out, size_t len,
-@@ -68,7 +69,8 @@
- const uint8_t *iv = ivec;
- while (len >= 16) {
- for (n = 0; n < 16; n += sizeof(crypto_word_t)) {
-- store_word_le(out + n, load_word_le(in + n) ^ load_word_le(iv + n));
-+ CRYPTO_store_word_le(
-+ out + n, CRYPTO_load_word_le(in + n) ^ CRYPTO_load_word_le(iv + n));
- }
- (*block)(out, out, key);
- iv = out;
-@@ -128,7 +130,8 @@
- while (len >= 16) {
- (*block)(in, out, key);
- for (n = 0; n < 16; n += sizeof(crypto_word_t)) {
-- store_word_le(out + n, load_word_le(out + n) ^ load_word_le(iv + n));
-+ CRYPTO_store_word_le(out + n, CRYPTO_load_word_le(out + n) ^
-+ CRYPTO_load_word_le(iv + n));
- }
- iv = in;
- len -= 16;
-@@ -143,10 +146,10 @@
- while (len >= 16) {
- (*block)(in, tmp.c, key);
- for (n = 0; n < 16; n += sizeof(crypto_word_t)) {
-- crypto_word_t c = load_word_le(in + n);
-- store_word_le(
-- out + n, tmp.t[n / sizeof(crypto_word_t)] ^ load_word_le(ivec + n));
-- store_word_le(ivec + n, c);
-+ crypto_word_t c = CRYPTO_load_word_le(in + n);
-+ CRYPTO_store_word_le(out + n, tmp.t[n / sizeof(crypto_word_t)] ^
-+ CRYPTO_load_word_le(ivec + n));
-+ CRYPTO_store_word_le(ivec + n, c);
- }
- len -= 16;
- in += 16;
-diff --git a/crypto/fipsmodule/modes/cfb.c b/crypto/fipsmodule/modes/cfb.c
-index 01291c8..283a107 100644
---- a/crypto/fipsmodule/modes/cfb.c
-+++ b/crypto/fipsmodule/modes/cfb.c
-@@ -73,9 +73,10 @@
- while (len >= 16) {
- (*block)(ivec, ivec, key);
- for (; n < 16; n += sizeof(crypto_word_t)) {
-- crypto_word_t tmp = load_word_le(ivec + n) ^ load_word_le(in + n);
-- store_word_le(ivec + n, tmp);
-- store_word_le(out + n, tmp);
-+ crypto_word_t tmp =
-+ CRYPTO_load_word_le(ivec + n) ^ CRYPTO_load_word_le(in + n);
-+ CRYPTO_store_word_le(ivec + n, tmp);
-+ CRYPTO_store_word_le(out + n, tmp);
- }
- len -= 16;
- out += 16;
-@@ -102,9 +103,9 @@
- while (len >= 16) {
- (*block)(ivec, ivec, key);
- for (; n < 16; n += sizeof(crypto_word_t)) {
-- crypto_word_t t = load_word_le(in + n);
-- store_word_le(out + n, load_word_le(ivec + n) ^ t);
-- store_word_le(ivec + n, t);
-+ crypto_word_t t = CRYPTO_load_word_le(in + n);
-+ CRYPTO_store_word_le(out + n, CRYPTO_load_word_le(ivec + n) ^ t);
-+ CRYPTO_store_word_le(ivec + n, t);
- }
- len -= 16;
- out += 16;
-diff --git a/crypto/fipsmodule/modes/ctr.c b/crypto/fipsmodule/modes/ctr.c
-index cfb2184..cea79ad 100644
---- a/crypto/fipsmodule/modes/ctr.c
-+++ b/crypto/fipsmodule/modes/ctr.c
-@@ -52,6 +52,7 @@
- #include <string.h>
-
- #include "internal.h"
-+#include "../../internal.h"
-
-
- // NOTE: the IV/counter CTR mode is big-endian. The code itself
-@@ -103,8 +104,8 @@
- (*block)(ivec, ecount_buf, key);
- ctr128_inc(ivec);
- for (n = 0; n < 16; n += sizeof(crypto_word_t)) {
-- store_word_le(out + n,
-- load_word_le(in + n) ^ load_word_le(ecount_buf + n));
-+ CRYPTO_store_word_le(out + n, CRYPTO_load_word_le(in + n) ^
-+ CRYPTO_load_word_le(ecount_buf + n));
- }
- len -= 16;
- out += 16;
-@@ -152,7 +153,7 @@
- n = (n + 1) % 16;
- }
-
-- ctr32 = GETU32(ivec + 12);
-+ ctr32 = CRYPTO_load_u32_be(ivec + 12);
- while (len >= 16) {
- size_t blocks = len / 16;
- // 1<<28 is just a not-so-small yet not-so-large number...
-@@ -172,7 +173,7 @@
- }
- (*func)(in, out, blocks, key, ivec);
- // (*func) does not update ivec, caller does:
-- PUTU32(ivec + 12, ctr32);
-+ CRYPTO_store_u32_be(ivec + 12, ctr32);
- // ... overflow was detected, propogate carry.
- if (ctr32 == 0) {
- ctr96_inc(ivec);
-@@ -186,7 +187,7 @@
- OPENSSL_memset(ecount_buf, 0, 16);
- (*func)(ecount_buf, ecount_buf, 1, key, ivec);
- ++ctr32;
-- PUTU32(ivec + 12, ctr32);
-+ CRYPTO_store_u32_be(ivec + 12, ctr32);
- if (ctr32 == 0) {
- ctr96_inc(ivec);
- }
-diff --git a/crypto/fipsmodule/modes/gcm.c b/crypto/fipsmodule/modes/gcm.c
-index 077369d..b010cd5 100644
---- a/crypto/fipsmodule/modes/gcm.c
-+++ b/crypto/fipsmodule/modes/gcm.c
-@@ -378,8 +378,9 @@
- ++ctr;
- ctx->Yi.d[3] = CRYPTO_bswap4(ctr);
- for (size_t i = 0; i < 16; i += sizeof(crypto_word_t)) {
-- store_word_le(out + i, load_word_le(in + i) ^
-- ctx->EKi.t[i / sizeof(crypto_word_t)]);
-+ CRYPTO_store_word_le(out + i,
-+ CRYPTO_load_word_le(in + i) ^
-+ ctx->EKi.t[i / sizeof(crypto_word_t)]);
- }
- out += 16;
- in += 16;
-@@ -395,8 +396,9 @@
- ++ctr;
- ctx->Yi.d[3] = CRYPTO_bswap4(ctr);
- for (size_t i = 0; i < 16; i += sizeof(crypto_word_t)) {
-- store_word_le(out + i, load_word_le(in + i) ^
-- ctx->EKi.t[i / sizeof(crypto_word_t)]);
-+ CRYPTO_store_word_le(out + i,
-+ CRYPTO_load_word_le(in + i) ^
-+ ctx->EKi.t[i / sizeof(crypto_word_t)]);
- }
- out += 16;
- in += 16;
-@@ -469,8 +471,9 @@
- ++ctr;
- ctx->Yi.d[3] = CRYPTO_bswap4(ctr);
- for (size_t i = 0; i < 16; i += sizeof(crypto_word_t)) {
-- store_word_le(out + i, load_word_le(in + i) ^
-- ctx->EKi.t[i / sizeof(crypto_word_t)]);
-+ CRYPTO_store_word_le(out + i,
-+ CRYPTO_load_word_le(in + i) ^
-+ ctx->EKi.t[i / sizeof(crypto_word_t)]);
- }
- out += 16;
- in += 16;
-@@ -486,8 +489,9 @@
- ++ctr;
- ctx->Yi.d[3] = CRYPTO_bswap4(ctr);
- for (size_t i = 0; i < 16; i += sizeof(crypto_word_t)) {
-- store_word_le(out + i, load_word_le(in + i) ^
-- ctx->EKi.t[i / sizeof(crypto_word_t)]);
-+ CRYPTO_store_word_le(out + i,
-+ CRYPTO_load_word_le(in + i) ^
-+ ctx->EKi.t[i / sizeof(crypto_word_t)]);
- }
- out += 16;
- in += 16;
-diff --git a/crypto/fipsmodule/modes/internal.h b/crypto/fipsmodule/modes/internal.h
-index bf25023..2fea558 100644
---- a/crypto/fipsmodule/modes/internal.h
-+++ b/crypto/fipsmodule/modes/internal.h
-@@ -64,27 +64,6 @@
- #endif
-
-
--static inline uint32_t GETU32(const void *in) {
-- uint32_t v;
-- OPENSSL_memcpy(&v, in, sizeof(v));
-- return CRYPTO_bswap4(v);
--}
--
--static inline void PUTU32(void *out, uint32_t v) {
-- v = CRYPTO_bswap4(v);
-- OPENSSL_memcpy(out, &v, sizeof(v));
--}
--
--static inline crypto_word_t load_word_le(const void *in) {
-- crypto_word_t v;
-- OPENSSL_memcpy(&v, in, sizeof(v));
-- return v;
--}
--
--static inline void store_word_le(void *out, crypto_word_t v) {
-- OPENSSL_memcpy(out, &v, sizeof(v));
--}
--
- // block128_f is the type of an AES block cipher implementation.
- //
- // Unlike upstream OpenSSL, it and the other functions in this file hard-code
-diff --git a/crypto/fipsmodule/sha/sha1.c b/crypto/fipsmodule/sha/sha1.c
-index 3b76194..2f50c67 100644
---- a/crypto/fipsmodule/sha/sha1.c
-+++ b/crypto/fipsmodule/sha/sha1.c
-@@ -88,19 +88,18 @@
- #define HASH_CTX SHA_CTX
- #define HASH_CBLOCK 64
- #define HASH_DIGEST_LENGTH 20
--#define HASH_MAKE_STRING(c, s) \
-- do { \
-- uint32_t ll; \
-- ll = (c)->h[0]; \
-- HOST_l2c(ll, (s)); \
-- ll = (c)->h[1]; \
-- HOST_l2c(ll, (s)); \
-- ll = (c)->h[2]; \
-- HOST_l2c(ll, (s)); \
-- ll = (c)->h[3]; \
-- HOST_l2c(ll, (s)); \
-- ll = (c)->h[4]; \
-- HOST_l2c(ll, (s)); \
-+#define HASH_MAKE_STRING(c, s) \
-+ do { \
-+ CRYPTO_store_u32_be((s), (c)->h[0]); \
-+ (s) += 4; \
-+ CRYPTO_store_u32_be((s), (c)->h[1]); \
-+ (s) += 4; \
-+ CRYPTO_store_u32_be((s), (c)->h[2]); \
-+ (s) += 4; \
-+ CRYPTO_store_u32_be((s), (c)->h[3]); \
-+ (s) += 4; \
-+ CRYPTO_store_u32_be((s), (c)->h[4]); \
-+ (s) += 4; \
- } while (0)
-
- #define HASH_UPDATE SHA1_Update
-@@ -193,7 +192,7 @@
- #if !defined(SHA1_ASM)
- static void sha1_block_data_order(uint32_t *state, const uint8_t *data,
- size_t num) {
-- register uint32_t A, B, C, D, E, T, l;
-+ register uint32_t A, B, C, D, E, T;
- uint32_t XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, XX8, XX9, XX10,
- XX11, XX12, XX13, XX14, XX15;
-
-@@ -204,52 +203,52 @@
- E = state[4];
-
- for (;;) {
-- HOST_c2l(data, l);
-- X(0) = l;
-- HOST_c2l(data, l);
-- X(1) = l;
-+ X(0) = CRYPTO_load_u32_be(data);
-+ data += 4;
-+ X(1) = CRYPTO_load_u32_be(data);
-+ data += 4;
- BODY_00_15(0, A, B, C, D, E, T, X(0));
-- HOST_c2l(data, l);
-- X(2) = l;
-+ X(2) = CRYPTO_load_u32_be(data);
-+ data += 4;
- BODY_00_15(1, T, A, B, C, D, E, X(1));
-- HOST_c2l(data, l);
-- X(3) = l;
-+ X(3) = CRYPTO_load_u32_be(data);
-+ data += 4;
- BODY_00_15(2, E, T, A, B, C, D, X(2));
-- HOST_c2l(data, l);
-- X(4) = l;
-+ X(4) = CRYPTO_load_u32_be(data);
-+ data += 4;
- BODY_00_15(3, D, E, T, A, B, C, X(3));
-- HOST_c2l(data, l);
-- X(5) = l;
-+ X(5) = CRYPTO_load_u32_be(data);
-+ data += 4;
- BODY_00_15(4, C, D, E, T, A, B, X(4));
-- HOST_c2l(data, l);
-- X(6) = l;
-+ X(6) = CRYPTO_load_u32_be(data);
-+ data += 4;
- BODY_00_15(5, B, C, D, E, T, A, X(5));
-- HOST_c2l(data, l);
-- X(7) = l;
-+ X(7) = CRYPTO_load_u32_be(data);
-+ data += 4;
- BODY_00_15(6, A, B, C, D, E, T, X(6));
-- HOST_c2l(data, l);
-- X(8) = l;
-+ X(8) = CRYPTO_load_u32_be(data);
-+ data += 4;
- BODY_00_15(7, T, A, B, C, D, E, X(7));
-- HOST_c2l(data, l);
-- X(9) = l;
-+ X(9) = CRYPTO_load_u32_be(data);
-+ data += 4;
- BODY_00_15(8, E, T, A, B, C, D, X(8));
-- HOST_c2l(data, l);
-- X(10) = l;
-+ X(10) = CRYPTO_load_u32_be(data);
-+ data += 4;
- BODY_00_15(9, D, E, T, A, B, C, X(9));
-- HOST_c2l(data, l);
-- X(11) = l;
-+ X(11) = CRYPTO_load_u32_be(data);
-+ data += 4;
- BODY_00_15(10, C, D, E, T, A, B, X(10));
-- HOST_c2l(data, l);
-- X(12) = l;
-+ X(12) = CRYPTO_load_u32_be(data);
-+ data += 4;
- BODY_00_15(11, B, C, D, E, T, A, X(11));
-- HOST_c2l(data, l);
-- X(13) = l;
-+ X(13) = CRYPTO_load_u32_be(data);
-+ data += 4;
- BODY_00_15(12, A, B, C, D, E, T, X(12));
-- HOST_c2l(data, l);
-- X(14) = l;
-+ X(14) = CRYPTO_load_u32_be(data);
-+ data += 4;
- BODY_00_15(13, T, A, B, C, D, E, X(13));
-- HOST_c2l(data, l);
-- X(15) = l;
-+ X(15) = CRYPTO_load_u32_be(data);
-+ data += 4;
- BODY_00_15(14, E, T, A, B, C, D, X(14));
- BODY_00_15(15, D, E, T, A, B, C, X(15));
-
-@@ -367,5 +366,3 @@
- #undef BODY_40_59
- #undef BODY_60_79
- #undef X
--#undef HOST_c2l
--#undef HOST_l2c
-diff --git a/crypto/fipsmodule/sha/sha256.c b/crypto/fipsmodule/sha/sha256.c
-index 0e42446..390ee3a 100644
---- a/crypto/fipsmodule/sha/sha256.c
-+++ b/crypto/fipsmodule/sha/sha256.c
-@@ -139,19 +139,18 @@
- // hash 'final' function can fail. This should never happen.
- #define HASH_MAKE_STRING(c, s) \
- do { \
-- uint32_t ll; \
- unsigned int nn; \
- switch ((c)->md_len) { \
- case SHA224_DIGEST_LENGTH: \
- for (nn = 0; nn < SHA224_DIGEST_LENGTH / 4; nn++) { \
-- ll = (c)->h[nn]; \
-- HOST_l2c(ll, (s)); \
-+ CRYPTO_store_u32_be((s), (c)->h[nn]); \
-+ (s) += 4; \
- } \
- break; \
- case SHA256_DIGEST_LENGTH: \
- for (nn = 0; nn < SHA256_DIGEST_LENGTH / 4; nn++) { \
-- ll = (c)->h[nn]; \
-- HOST_l2c(ll, (s)); \
-+ CRYPTO_store_u32_be((s), (c)->h[nn]); \
-+ (s) += 4; \
- } \
- break; \
- default: \
-@@ -159,8 +158,8 @@
- return 0; \
- } \
- for (nn = 0; nn < (c)->md_len / 4; nn++) { \
-- ll = (c)->h[nn]; \
-- HOST_l2c(ll, (s)); \
-+ CRYPTO_store_u32_be((s), (c)->h[nn]); \
-+ (s) += 4; \
- } \
- break; \
- } \
-@@ -241,55 +240,53 @@
- g = state[6];
- h = state[7];
-
-- uint32_t l;
--
-- HOST_c2l(data, l);
-- T1 = X[0] = l;
-+ T1 = X[0] = CRYPTO_load_u32_be(data);
-+ data += 4;
- ROUND_00_15(0, a, b, c, d, e, f, g, h);
-- HOST_c2l(data, l);
-- T1 = X[1] = l;
-+ T1 = X[1] = CRYPTO_load_u32_be(data);
-+ data += 4;
- ROUND_00_15(1, h, a, b, c, d, e, f, g);
-- HOST_c2l(data, l);
-- T1 = X[2] = l;
-+ T1 = X[2] = CRYPTO_load_u32_be(data);
-+ data += 4;
- ROUND_00_15(2, g, h, a, b, c, d, e, f);
-- HOST_c2l(data, l);
-- T1 = X[3] = l;
-+ T1 = X[3] = CRYPTO_load_u32_be(data);
-+ data += 4;
- ROUND_00_15(3, f, g, h, a, b, c, d, e);
-- HOST_c2l(data, l);
-- T1 = X[4] = l;
-+ T1 = X[4] = CRYPTO_load_u32_be(data);
-+ data += 4;
- ROUND_00_15(4, e, f, g, h, a, b, c, d);
-- HOST_c2l(data, l);
-- T1 = X[5] = l;
-+ T1 = X[5] = CRYPTO_load_u32_be(data);
-+ data += 4;
- ROUND_00_15(5, d, e, f, g, h, a, b, c);
-- HOST_c2l(data, l);
-- T1 = X[6] = l;
-+ T1 = X[6] = CRYPTO_load_u32_be(data);
-+ data += 4;
- ROUND_00_15(6, c, d, e, f, g, h, a, b);
-- HOST_c2l(data, l);
-- T1 = X[7] = l;
-+ T1 = X[7] = CRYPTO_load_u32_be(data);
-+ data += 4;
- ROUND_00_15(7, b, c, d, e, f, g, h, a);
-- HOST_c2l(data, l);
-- T1 = X[8] = l;
-+ T1 = X[8] = CRYPTO_load_u32_be(data);
-+ data += 4;
- ROUND_00_15(8, a, b, c, d, e, f, g, h);
-- HOST_c2l(data, l);
-- T1 = X[9] = l;
-+ T1 = X[9] = CRYPTO_load_u32_be(data);
-+ data += 4;
- ROUND_00_15(9, h, a, b, c, d, e, f, g);
-- HOST_c2l(data, l);
-- T1 = X[10] = l;
-+ T1 = X[10] = CRYPTO_load_u32_be(data);
-+ data += 4;
- ROUND_00_15(10, g, h, a, b, c, d, e, f);
-- HOST_c2l(data, l);
-- T1 = X[11] = l;
-+ T1 = X[11] = CRYPTO_load_u32_be(data);
-+ data += 4;
- ROUND_00_15(11, f, g, h, a, b, c, d, e);
-- HOST_c2l(data, l);
-- T1 = X[12] = l;
-+ T1 = X[12] = CRYPTO_load_u32_be(data);
-+ data += 4;
- ROUND_00_15(12, e, f, g, h, a, b, c, d);
-- HOST_c2l(data, l);
-- T1 = X[13] = l;
-+ T1 = X[13] = CRYPTO_load_u32_be(data);
-+ data += 4;
- ROUND_00_15(13, d, e, f, g, h, a, b, c);
-- HOST_c2l(data, l);
-- T1 = X[14] = l;
-+ T1 = X[14] = CRYPTO_load_u32_be(data);
-+ data += 4;
- ROUND_00_15(14, c, d, e, f, g, h, a, b);
-- HOST_c2l(data, l);
-- T1 = X[15] = l;
-+ T1 = X[15] = CRYPTO_load_u32_be(data);
-+ data += 4;
- ROUND_00_15(15, b, c, d, e, f, g, h, a);
-
- for (i = 16; i < 64; i += 8) {
-@@ -339,5 +336,3 @@
- #undef Maj
- #undef ROUND_00_15
- #undef ROUND_16_63
--#undef HOST_c2l
--#undef HOST_l2c
-diff --git a/crypto/fipsmodule/sha/sha512.c b/crypto/fipsmodule/sha/sha512.c
-index ba86c1e..1f40e7a 100644
---- a/crypto/fipsmodule/sha/sha512.c
-+++ b/crypto/fipsmodule/sha/sha512.c
-@@ -256,22 +256,8 @@
- }
-
- OPENSSL_memset(p + n, 0, sizeof(sha->p) - 16 - n);
-- p[sizeof(sha->p) - 1] = (uint8_t)(sha->Nl);
-- p[sizeof(sha->p) - 2] = (uint8_t)(sha->Nl >> 8);
-- p[sizeof(sha->p) - 3] = (uint8_t)(sha->Nl >> 16);
-- p[sizeof(sha->p) - 4] = (uint8_t)(sha->Nl >> 24);
-- p[sizeof(sha->p) - 5] = (uint8_t)(sha->Nl >> 32);
-- p[sizeof(sha->p) - 6] = (uint8_t)(sha->Nl >> 40);
-- p[sizeof(sha->p) - 7] = (uint8_t)(sha->Nl >> 48);
-- p[sizeof(sha->p) - 8] = (uint8_t)(sha->Nl >> 56);
-- p[sizeof(sha->p) - 9] = (uint8_t)(sha->Nh);
-- p[sizeof(sha->p) - 10] = (uint8_t)(sha->Nh >> 8);
-- p[sizeof(sha->p) - 11] = (uint8_t)(sha->Nh >> 16);
-- p[sizeof(sha->p) - 12] = (uint8_t)(sha->Nh >> 24);
-- p[sizeof(sha->p) - 13] = (uint8_t)(sha->Nh >> 32);
-- p[sizeof(sha->p) - 14] = (uint8_t)(sha->Nh >> 40);
-- p[sizeof(sha->p) - 15] = (uint8_t)(sha->Nh >> 48);
-- p[sizeof(sha->p) - 16] = (uint8_t)(sha->Nh >> 56);
-+ CRYPTO_store_u64_be(p + sizeof(sha->p) - 16, sha->Nh);
-+ CRYPTO_store_u64_be(p + sizeof(sha->p) - 8, sha->Nl);
-
- sha512_block_data_order(sha->h, p, 1);
-
-@@ -368,12 +354,6 @@
- #define ROTR(x, s) (((x) >> s) | (x) << (64 - s))
- #endif
-
--static inline uint64_t load_u64_be(const void *ptr) {
-- uint64_t ret;
-- OPENSSL_memcpy(&ret, ptr, sizeof(ret));
-- return CRYPTO_bswap8(ret);
--}
--
- #define Sigma0(x) (ROTR((x), 28) ^ ROTR((x), 34) ^ ROTR((x), 39))
- #define Sigma1(x) (ROTR((x), 14) ^ ROTR((x), 18) ^ ROTR((x), 41))
- #define sigma0(x) (ROTR((x), 1) ^ ROTR((x), 8) ^ ((x) >> 7))
-@@ -404,7 +384,7 @@
- F[7] = state[7];
-
- for (i = 0; i < 16; i++, F--) {
-- T = load_u64_be(in + i * 8);
-+ T = CRYPTO_load_u64_be(in + i * 8);
- F[0] = A;
- F[4] = E;
- F[8] = T;
-@@ -476,37 +456,37 @@
- g = state[6];
- h = state[7];
-
-- T1 = X[0] = load_u64_be(in);
-+ T1 = X[0] = CRYPTO_load_u64_be(in);
- ROUND_00_15(0, a, b, c, d, e, f, g, h);
-- T1 = X[1] = load_u64_be(in + 8);
-+ T1 = X[1] = CRYPTO_load_u64_be(in + 8);
- ROUND_00_15(1, h, a, b, c, d, e, f, g);
-- T1 = X[2] = load_u64_be(in + 2 * 8);
-+ T1 = X[2] = CRYPTO_load_u64_be(in + 2 * 8);
- ROUND_00_15(2, g, h, a, b, c, d, e, f);
-- T1 = X[3] = load_u64_be(in + 3 * 8);
-+ T1 = X[3] = CRYPTO_load_u64_be(in + 3 * 8);
- ROUND_00_15(3, f, g, h, a, b, c, d, e);
-- T1 = X[4] = load_u64_be(in + 4 * 8);
-+ T1 = X[4] = CRYPTO_load_u64_be(in + 4 * 8);
- ROUND_00_15(4, e, f, g, h, a, b, c, d);
-- T1 = X[5] = load_u64_be(in + 5 * 8);
-+ T1 = X[5] = CRYPTO_load_u64_be(in + 5 * 8);
- ROUND_00_15(5, d, e, f, g, h, a, b, c);
-- T1 = X[6] = load_u64_be(in + 6 * 8);
-+ T1 = X[6] = CRYPTO_load_u64_be(in + 6 * 8);
- ROUND_00_15(6, c, d, e, f, g, h, a, b);
-- T1 = X[7] = load_u64_be(in + 7 * 8);
-+ T1 = X[7] = CRYPTO_load_u64_be(in + 7 * 8);
- ROUND_00_15(7, b, c, d, e, f, g, h, a);
-- T1 = X[8] = load_u64_be(in + 8 * 8);
-+ T1 = X[8] = CRYPTO_load_u64_be(in + 8 * 8);
- ROUND_00_15(8, a, b, c, d, e, f, g, h);
-- T1 = X[9] = load_u64_be(in + 9 * 8);
-+ T1 = X[9] = CRYPTO_load_u64_be(in + 9 * 8);
- ROUND_00_15(9, h, a, b, c, d, e, f, g);
-- T1 = X[10] = load_u64_be(in + 10 * 8);
-+ T1 = X[10] = CRYPTO_load_u64_be(in + 10 * 8);
- ROUND_00_15(10, g, h, a, b, c, d, e, f);
-- T1 = X[11] = load_u64_be(in + 11 * 8);
-+ T1 = X[11] = CRYPTO_load_u64_be(in + 11 * 8);
- ROUND_00_15(11, f, g, h, a, b, c, d, e);
-- T1 = X[12] = load_u64_be(in + 12 * 8);
-+ T1 = X[12] = CRYPTO_load_u64_be(in + 12 * 8);
- ROUND_00_15(12, e, f, g, h, a, b, c, d);
-- T1 = X[13] = load_u64_be(in + 13 * 8);
-+ T1 = X[13] = CRYPTO_load_u64_be(in + 13 * 8);
- ROUND_00_15(13, d, e, f, g, h, a, b, c);
-- T1 = X[14] = load_u64_be(in + 14 * 8);
-+ T1 = X[14] = CRYPTO_load_u64_be(in + 14 * 8);
- ROUND_00_15(14, c, d, e, f, g, h, a, b);
-- T1 = X[15] = load_u64_be(in + 15 * 8);
-+ T1 = X[15] = CRYPTO_load_u64_be(in + 15 * 8);
- ROUND_00_15(15, b, c, d, e, f, g, h, a);
-
- for (i = 16; i < 80; i += 16) {
-diff --git a/crypto/internal.h b/crypto/internal.h
-index 51d1d9c..14c60e0 100644
---- a/crypto/internal.h
-+++ b/crypto/internal.h
-@@ -819,6 +819,58 @@
- return memset(dst, c, n);
- }
-
-+
-+// Loads and stores.
-+//
-+// The following functions load and store sized integers with the specified
-+// endianness. They use |memcpy|, and so avoid alignment or strict aliasing
-+// requirements on the input and output pointers.
-+
-+static inline uint32_t CRYPTO_load_u32_le(const void *in) {
-+ uint32_t v;
-+ OPENSSL_memcpy(&v, in, sizeof(v));
-+ return v;
-+}
-+
-+static inline void CRYPTO_store_u32_le(void *out, uint32_t v) {
-+ OPENSSL_memcpy(out, &v, sizeof(v));
-+}
-+
-+static inline uint32_t CRYPTO_load_u32_be(const void *in) {
-+ uint32_t v;
-+ OPENSSL_memcpy(&v, in, sizeof(v));
-+ return CRYPTO_bswap4(v);
-+}
-+
-+static inline void CRYPTO_store_u32_be(void *out, uint32_t v) {
-+ v = CRYPTO_bswap4(v);
-+ OPENSSL_memcpy(out, &v, sizeof(v));
-+}
-+
-+static inline uint64_t CRYPTO_load_u64_be(const void *ptr) {
-+ uint64_t ret;
-+ OPENSSL_memcpy(&ret, ptr, sizeof(ret));
-+ return CRYPTO_bswap8(ret);
-+}
-+
-+static inline void CRYPTO_store_u64_be(void *out, uint64_t v) {
-+ v = CRYPTO_bswap8(v);
-+ OPENSSL_memcpy(out, &v, sizeof(v));
-+}
-+
-+static inline crypto_word_t CRYPTO_load_word_le(const void *in) {
-+ crypto_word_t v;
-+ OPENSSL_memcpy(&v, in, sizeof(v));
-+ return v;
-+}
-+
-+static inline void CRYPTO_store_word_le(void *out, crypto_word_t v) {
-+ OPENSSL_memcpy(out, &v, sizeof(v));
-+}
-+
-+
-+// FIPS functions.
-+
- #if defined(BORINGSSL_FIPS)
- // BORINGSSL_FIPS_abort is called when a FIPS power-on or continuous test
- // fails. It prevents any further cryptographic operations by the current
-diff --git a/decrepit/ripemd/internal.h b/decrepit/ripemd/internal.h
-index 089be15..6be563d 100644
---- a/decrepit/ripemd/internal.h
-+++ b/decrepit/ripemd/internal.h
-@@ -59,6 +59,8 @@
-
- #include <openssl/base.h>
-
-+#include "../../crypto/internal.h"
-+
- #if defined(__cplusplus)
- extern "C" {
- #endif
-@@ -76,20 +78,20 @@
- #define HASH_UPDATE RIPEMD160_Update
- #define HASH_TRANSFORM RIPEMD160_Transform
- #define HASH_FINAL RIPEMD160_Final
--#define HASH_MAKE_STRING(c, s) \
-- do { \
-- unsigned long ll; \
-- ll = (c)->h[0]; \
-- HOST_l2c(ll, (s)); \
-- ll = (c)->h[1]; \
-- HOST_l2c(ll, (s)); \
-- ll = (c)->h[2]; \
-- HOST_l2c(ll, (s)); \
-- ll = (c)->h[3]; \
-- HOST_l2c(ll, (s)); \
-- ll = (c)->h[4]; \
-- HOST_l2c(ll, (s)); \
-+#define HASH_MAKE_STRING(c, s) \
-+ do { \
-+ CRYPTO_store_u32_le((s), (c)->h[0]); \
-+ (s) += 4; \
-+ CRYPTO_store_u32_le((s), (c)->h[1]); \
-+ (s) += 4; \
-+ CRYPTO_store_u32_le((s), (c)->h[2]); \
-+ (s) += 4; \
-+ CRYPTO_store_u32_le((s), (c)->h[3]); \
-+ (s) += 4; \
-+ CRYPTO_store_u32_le((s), (c)->h[4]); \
-+ (s) += 4; \
- } while (0)
-+
- #define HASH_BLOCK_DATA_ORDER ripemd160_block_data_order
-
- #include "../../crypto/fipsmodule/digest/md32_common.h"
-diff --git a/decrepit/ripemd/ripemd.c b/decrepit/ripemd/ripemd.c
-index 17b3fdf..f0c87cf 100644
---- a/decrepit/ripemd/ripemd.c
-+++ b/decrepit/ripemd/ripemd.c
-@@ -74,7 +74,7 @@
- static void ripemd160_block_data_order(uint32_t h[5], const uint8_t *data,
- size_t num) {
- uint32_t A, B, C, D, E;
-- uint32_t a, b, c, d, e, l;
-+ uint32_t a, b, c, d, e;
- uint32_t XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, XX8, XX9, XX10, XX11, XX12,
- XX13, XX14, XX15;
- #define X(i) XX##i
-@@ -86,52 +86,52 @@
- D = h[3];
- E = h[4];
-
-- HOST_c2l(data, l);
-- X(0) = l;
-- HOST_c2l(data, l);
-- X(1) = l;
-+ X(0) = CRYPTO_load_u32_le(data);
-+ data += 4;
-+ X(1) = CRYPTO_load_u32_le(data);
-+ data += 4;
- RIP1(A, B, C, D, E, WL00, SL00);
-- HOST_c2l(data, l);
-- X(2) = l;
-+ X(2) = CRYPTO_load_u32_le(data);
-+ data += 4;
- RIP1(E, A, B, C, D, WL01, SL01);
-- HOST_c2l(data, l);
-- X(3) = l;
-+ X(3) = CRYPTO_load_u32_le(data);
-+ data += 4;
- RIP1(D, E, A, B, C, WL02, SL02);
-- HOST_c2l(data, l);
-- X(4) = l;
-+ X(4) = CRYPTO_load_u32_le(data);
-+ data += 4;
- RIP1(C, D, E, A, B, WL03, SL03);
-- HOST_c2l(data, l);
-- X(5) = l;
-+ X(5) = CRYPTO_load_u32_le(data);
-+ data += 4;
- RIP1(B, C, D, E, A, WL04, SL04);
-- HOST_c2l(data, l);
-- X(6) = l;
-+ X(6) = CRYPTO_load_u32_le(data);
-+ data += 4;
- RIP1(A, B, C, D, E, WL05, SL05);
-- HOST_c2l(data, l);
-- X(7) = l;
-+ X(7) = CRYPTO_load_u32_le(data);
-+ data += 4;
- RIP1(E, A, B, C, D, WL06, SL06);
-- HOST_c2l(data, l);
-- X(8) = l;
-+ X(8) = CRYPTO_load_u32_le(data);
-+ data += 4;
- RIP1(D, E, A, B, C, WL07, SL07);
-- HOST_c2l(data, l);
-- X(9) = l;
-+ X(9) = CRYPTO_load_u32_le(data);
-+ data += 4;
- RIP1(C, D, E, A, B, WL08, SL08);
-- HOST_c2l(data, l);
-- X(10) = l;
-+ X(10) = CRYPTO_load_u32_le(data);
-+ data += 4;
- RIP1(B, C, D, E, A, WL09, SL09);
-- HOST_c2l(data, l);
-- X(11) = l;
-+ X(11) = CRYPTO_load_u32_le(data);
-+ data += 4;
- RIP1(A, B, C, D, E, WL10, SL10);
-- HOST_c2l(data, l);
-- X(12) = l;
-+ X(12) = CRYPTO_load_u32_le(data);
-+ data += 4;
- RIP1(E, A, B, C, D, WL11, SL11);
-- HOST_c2l(data, l);
-- X(13) = l;
-+ X(13) = CRYPTO_load_u32_le(data);
-+ data += 4;
- RIP1(D, E, A, B, C, WL12, SL12);
-- HOST_c2l(data, l);
-- X(14) = l;
-+ X(14) = CRYPTO_load_u32_le(data);
-+ data += 4;
- RIP1(C, D, E, A, B, WL13, SL13);
-- HOST_c2l(data, l);
-- X(15) = l;
-+ X(15) = CRYPTO_load_u32_le(data);
-+ data += 4;
- RIP1(B, C, D, E, A, WL14, SL14);
- RIP1(A, B, C, D, E, WL15, SL15);
-
-From 15e0f6784bb986d44a170f131c6687a54822bedf Mon Sep 17 00:00:00 2001
-From: David Benjamin <davidben at google.com>
-Date: Mon, 29 Mar 2021 14:16:58 -0400
-Subject: [PATCH] Fold ripemd/internal.h into ripemd.c.
-
-It's only used from that file and, given the names defined by it,
-probably isn't usable by other files anyway.
-
-Change-Id: Ice205408962ade00c1dcb51406da3ef2fd7f0393
-Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/46426
-Reviewed-by: Adam Langley <agl at google.com>
----
-
-diff --git a/decrepit/ripemd/internal.h b/decrepit/ripemd/internal.h
-deleted file mode 100644
-index 6be563d..0000000
---- a/decrepit/ripemd/internal.h
-+++ /dev/null
-@@ -1,496 +0,0 @@
--/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay at cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay at cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.] */
--
--#ifndef OPENSSL_HEADER_RIPEMD_INTERNAL_H
--#define OPENSSL_HEADER_RIPEMD_INTERNAL_H
--
--#include <openssl/base.h>
--
--#include "../../crypto/internal.h"
--
--#if defined(__cplusplus)
--extern "C" {
--#endif
--
--
--static void ripemd160_block_data_order(uint32_t h[5], const uint8_t *data,
-- size_t num);
--
--#define DATA_ORDER_IS_LITTLE_ENDIAN
--
--#define HASH_LONG uint32_t
--#define HASH_CTX RIPEMD160_CTX
--#define HASH_CBLOCK RIPEMD160_CBLOCK
--#define HASH_DIGEST_LENGTH RIPEMD160_DIGEST_LENGTH
--#define HASH_UPDATE RIPEMD160_Update
--#define HASH_TRANSFORM RIPEMD160_Transform
--#define HASH_FINAL RIPEMD160_Final
--#define HASH_MAKE_STRING(c, s) \
-- do { \
-- CRYPTO_store_u32_le((s), (c)->h[0]); \
-- (s) += 4; \
-- CRYPTO_store_u32_le((s), (c)->h[1]); \
-- (s) += 4; \
-- CRYPTO_store_u32_le((s), (c)->h[2]); \
-- (s) += 4; \
-- CRYPTO_store_u32_le((s), (c)->h[3]); \
-- (s) += 4; \
-- CRYPTO_store_u32_le((s), (c)->h[4]); \
-- (s) += 4; \
-- } while (0)
--
--#define HASH_BLOCK_DATA_ORDER ripemd160_block_data_order
--
--#include "../../crypto/fipsmodule/digest/md32_common.h"
--
--// Transformed F2 and F4 are courtesy of Wei Dai <weidai at eskimo.com>
--#define F1(x, y, z) ((x) ^ (y) ^ (z))
--#define F2(x, y, z) ((((y) ^ (z)) & (x)) ^ (z))
--#define F3(x, y, z) (((~(y)) | (x)) ^ (z))
--#define F4(x, y, z) ((((x) ^ (y)) & (z)) ^ (y))
--#define F5(x, y, z) (((~(z)) | (y)) ^ (x))
--
--#define RIPEMD160_A 0x67452301L
--#define RIPEMD160_B 0xEFCDAB89L
--#define RIPEMD160_C 0x98BADCFEL
--#define RIPEMD160_D 0x10325476L
--#define RIPEMD160_E 0xC3D2E1F0L
--
--#define ROTATE(a, n) (((a) << (n)) | (((a)&0xffffffff) >> (32 - (n))))
--
--#define RIP1(a, b, c, d, e, w, s) \
-- { \
-- a += F1(b, c, d) + X(w); \
-- a = ROTATE(a, s) + e; \
-- c = ROTATE(c, 10); \
-- }
--
--#define RIP2(a, b, c, d, e, w, s, K) \
-- { \
-- a += F2(b, c, d) + X(w) + K; \
-- a = ROTATE(a, s) + e; \
-- c = ROTATE(c, 10); \
-- }
--
--#define RIP3(a, b, c, d, e, w, s, K) \
-- { \
-- a += F3(b, c, d) + X(w) + K; \
-- a = ROTATE(a, s) + e; \
-- c = ROTATE(c, 10); \
-- }
--
--#define RIP4(a, b, c, d, e, w, s, K) \
-- { \
-- a += F4(b, c, d) + X(w) + K; \
-- a = ROTATE(a, s) + e; \
-- c = ROTATE(c, 10); \
-- }
--
--#define RIP5(a, b, c, d, e, w, s, K) \
-- { \
-- a += F5(b, c, d) + X(w) + K; \
-- a = ROTATE(a, s) + e; \
-- c = ROTATE(c, 10); \
-- }
--
--#define KL0 0x00000000L
--#define KL1 0x5A827999L
--#define KL2 0x6ED9EBA1L
--#define KL3 0x8F1BBCDCL
--#define KL4 0xA953FD4EL
--
--#define KR0 0x50A28BE6L
--#define KR1 0x5C4DD124L
--#define KR2 0x6D703EF3L
--#define KR3 0x7A6D76E9L
--#define KR4 0x00000000L
--
--#define WL00 0
--#define SL00 11
--#define WL01 1
--#define SL01 14
--#define WL02 2
--#define SL02 15
--#define WL03 3
--#define SL03 12
--#define WL04 4
--#define SL04 5
--#define WL05 5
--#define SL05 8
--#define WL06 6
--#define SL06 7
--#define WL07 7
--#define SL07 9
--#define WL08 8
--#define SL08 11
--#define WL09 9
--#define SL09 13
--#define WL10 10
--#define SL10 14
--#define WL11 11
--#define SL11 15
--#define WL12 12
--#define SL12 6
--#define WL13 13
--#define SL13 7
--#define WL14 14
--#define SL14 9
--#define WL15 15
--#define SL15 8
--
--#define WL16 7
--#define SL16 7
--#define WL17 4
--#define SL17 6
--#define WL18 13
--#define SL18 8
--#define WL19 1
--#define SL19 13
--#define WL20 10
--#define SL20 11
--#define WL21 6
--#define SL21 9
--#define WL22 15
--#define SL22 7
--#define WL23 3
--#define SL23 15
--#define WL24 12
--#define SL24 7
--#define WL25 0
--#define SL25 12
--#define WL26 9
--#define SL26 15
--#define WL27 5
--#define SL27 9
--#define WL28 2
--#define SL28 11
--#define WL29 14
--#define SL29 7
--#define WL30 11
--#define SL30 13
--#define WL31 8
--#define SL31 12
--
--#define WL32 3
--#define SL32 11
--#define WL33 10
--#define SL33 13
--#define WL34 14
--#define SL34 6
--#define WL35 4
--#define SL35 7
--#define WL36 9
--#define SL36 14
--#define WL37 15
--#define SL37 9
--#define WL38 8
--#define SL38 13
--#define WL39 1
--#define SL39 15
--#define WL40 2
--#define SL40 14
--#define WL41 7
--#define SL41 8
--#define WL42 0
--#define SL42 13
--#define WL43 6
--#define SL43 6
--#define WL44 13
--#define SL44 5
--#define WL45 11
--#define SL45 12
--#define WL46 5
--#define SL46 7
--#define WL47 12
--#define SL47 5
--
--#define WL48 1
--#define SL48 11
--#define WL49 9
--#define SL49 12
--#define WL50 11
--#define SL50 14
--#define WL51 10
--#define SL51 15
--#define WL52 0
--#define SL52 14
--#define WL53 8
--#define SL53 15
--#define WL54 12
--#define SL54 9
--#define WL55 4
--#define SL55 8
--#define WL56 13
--#define SL56 9
--#define WL57 3
--#define SL57 14
--#define WL58 7
--#define SL58 5
--#define WL59 15
--#define SL59 6
--#define WL60 14
--#define SL60 8
--#define WL61 5
--#define SL61 6
--#define WL62 6
--#define SL62 5
--#define WL63 2
--#define SL63 12
--
--#define WL64 4
--#define SL64 9
--#define WL65 0
--#define SL65 15
--#define WL66 5
--#define SL66 5
--#define WL67 9
--#define SL67 11
--#define WL68 7
--#define SL68 6
--#define WL69 12
--#define SL69 8
--#define WL70 2
--#define SL70 13
--#define WL71 10
--#define SL71 12
--#define WL72 14
--#define SL72 5
--#define WL73 1
--#define SL73 12
--#define WL74 3
--#define SL74 13
--#define WL75 8
--#define SL75 14
--#define WL76 11
--#define SL76 11
--#define WL77 6
--#define SL77 8
--#define WL78 15
--#define SL78 5
--#define WL79 13
--#define SL79 6
--
--#define WR00 5
--#define SR00 8
--#define WR01 14
--#define SR01 9
--#define WR02 7
--#define SR02 9
--#define WR03 0
--#define SR03 11
--#define WR04 9
--#define SR04 13
--#define WR05 2
--#define SR05 15
--#define WR06 11
--#define SR06 15
--#define WR07 4
--#define SR07 5
--#define WR08 13
--#define SR08 7
--#define WR09 6
--#define SR09 7
--#define WR10 15
--#define SR10 8
--#define WR11 8
--#define SR11 11
--#define WR12 1
--#define SR12 14
--#define WR13 10
--#define SR13 14
--#define WR14 3
--#define SR14 12
--#define WR15 12
--#define SR15 6
--
--#define WR16 6
--#define SR16 9
--#define WR17 11
--#define SR17 13
--#define WR18 3
--#define SR18 15
--#define WR19 7
--#define SR19 7
--#define WR20 0
--#define SR20 12
--#define WR21 13
--#define SR21 8
--#define WR22 5
--#define SR22 9
--#define WR23 10
--#define SR23 11
--#define WR24 14
--#define SR24 7
--#define WR25 15
--#define SR25 7
--#define WR26 8
--#define SR26 12
--#define WR27 12
--#define SR27 7
--#define WR28 4
--#define SR28 6
--#define WR29 9
--#define SR29 15
--#define WR30 1
--#define SR30 13
--#define WR31 2
--#define SR31 11
--
--#define WR32 15
--#define SR32 9
--#define WR33 5
--#define SR33 7
--#define WR34 1
--#define SR34 15
--#define WR35 3
--#define SR35 11
--#define WR36 7
--#define SR36 8
--#define WR37 14
--#define SR37 6
--#define WR38 6
--#define SR38 6
--#define WR39 9
--#define SR39 14
--#define WR40 11
--#define SR40 12
--#define WR41 8
--#define SR41 13
--#define WR42 12
--#define SR42 5
--#define WR43 2
--#define SR43 14
--#define WR44 10
--#define SR44 13
--#define WR45 0
--#define SR45 13
--#define WR46 4
--#define SR46 7
--#define WR47 13
--#define SR47 5
--
--#define WR48 8
--#define SR48 15
--#define WR49 6
--#define SR49 5
--#define WR50 4
--#define SR50 8
--#define WR51 1
--#define SR51 11
--#define WR52 3
--#define SR52 14
--#define WR53 11
--#define SR53 14
--#define WR54 15
--#define SR54 6
--#define WR55 0
--#define SR55 14
--#define WR56 5
--#define SR56 6
--#define WR57 12
--#define SR57 9
--#define WR58 2
--#define SR58 12
--#define WR59 13
--#define SR59 9
--#define WR60 9
--#define SR60 12
--#define WR61 7
--#define SR61 5
--#define WR62 10
--#define SR62 15
--#define WR63 14
--#define SR63 8
--
--#define WR64 12
--#define SR64 8
--#define WR65 15
--#define SR65 5
--#define WR66 10
--#define SR66 12
--#define WR67 4
--#define SR67 9
--#define WR68 1
--#define SR68 12
--#define WR69 5
--#define SR69 5
--#define WR70 8
--#define SR70 14
--#define WR71 7
--#define SR71 6
--#define WR72 6
--#define SR72 8
--#define WR73 2
--#define SR73 13
--#define WR74 13
--#define SR74 6
--#define WR75 14
--#define SR75 5
--#define WR76 0
--#define SR76 15
--#define WR77 3
--#define SR77 13
--#define WR78 9
--#define SR78 11
--#define WR79 11
--#define SR79 11
--
--
--#if defined(__cplusplus)
--} // extern C
--#endif
--
--#endif // OPENSSL_HEADER_RIPEMD_INTERNAL_H
-diff --git a/decrepit/ripemd/ripemd.c b/decrepit/ripemd/ripemd.c
-index f0c87cf..50329c7 100644
---- a/decrepit/ripemd/ripemd.c
-+++ b/decrepit/ripemd/ripemd.c
-@@ -58,9 +58,15 @@
-
- #include <string.h>
-
--#include "internal.h"
-+#include "../../crypto/internal.h"
-
-
-+#define RIPEMD160_A 0x67452301L
-+#define RIPEMD160_B 0xEFCDAB89L
-+#define RIPEMD160_C 0x98BADCFEL
-+#define RIPEMD160_D 0x10325476L
-+#define RIPEMD160_E 0xC3D2E1F0L
-+
- int RIPEMD160_Init(RIPEMD160_CTX *ctx) {
- OPENSSL_memset(ctx, 0, sizeof(*ctx));
- ctx->h[0] = RIPEMD160_A;
-@@ -72,6 +78,422 @@
- }
-
- static void ripemd160_block_data_order(uint32_t h[5], const uint8_t *data,
-+ size_t num);
-+
-+#define DATA_ORDER_IS_LITTLE_ENDIAN
-+
-+#define HASH_LONG uint32_t
-+#define HASH_CTX RIPEMD160_CTX
-+#define HASH_CBLOCK RIPEMD160_CBLOCK
-+#define HASH_DIGEST_LENGTH RIPEMD160_DIGEST_LENGTH
-+#define HASH_UPDATE RIPEMD160_Update
-+#define HASH_TRANSFORM RIPEMD160_Transform
-+#define HASH_FINAL RIPEMD160_Final
-+#define HASH_MAKE_STRING(c, s) \
-+ do { \
-+ CRYPTO_store_u32_le((s), (c)->h[0]); \
-+ (s) += 4; \
-+ CRYPTO_store_u32_le((s), (c)->h[1]); \
-+ (s) += 4; \
-+ CRYPTO_store_u32_le((s), (c)->h[2]); \
-+ (s) += 4; \
-+ CRYPTO_store_u32_le((s), (c)->h[3]); \
-+ (s) += 4; \
-+ CRYPTO_store_u32_le((s), (c)->h[4]); \
-+ (s) += 4; \
-+ } while (0)
-+
-+#define HASH_BLOCK_DATA_ORDER ripemd160_block_data_order
-+
-+#include "../../crypto/fipsmodule/digest/md32_common.h"
-+
-+// Transformed F2 and F4 are courtesy of Wei Dai <weidai at eskimo.com>
-+#define F1(x, y, z) ((x) ^ (y) ^ (z))
-+#define F2(x, y, z) ((((y) ^ (z)) & (x)) ^ (z))
-+#define F3(x, y, z) (((~(y)) | (x)) ^ (z))
-+#define F4(x, y, z) ((((x) ^ (y)) & (z)) ^ (y))
-+#define F5(x, y, z) (((~(z)) | (y)) ^ (x))
-+
-+#define ROTATE(a, n) (((a) << (n)) | (((a)&0xffffffff) >> (32 - (n))))
-+
-+#define RIP1(a, b, c, d, e, w, s) \
-+ { \
-+ a += F1(b, c, d) + X(w); \
-+ a = ROTATE(a, s) + e; \
-+ c = ROTATE(c, 10); \
-+ }
-+
-+#define RIP2(a, b, c, d, e, w, s, K) \
-+ { \
-+ a += F2(b, c, d) + X(w) + K; \
-+ a = ROTATE(a, s) + e; \
-+ c = ROTATE(c, 10); \
-+ }
-+
-+#define RIP3(a, b, c, d, e, w, s, K) \
-+ { \
-+ a += F3(b, c, d) + X(w) + K; \
-+ a = ROTATE(a, s) + e; \
-+ c = ROTATE(c, 10); \
-+ }
-+
-+#define RIP4(a, b, c, d, e, w, s, K) \
-+ { \
-+ a += F4(b, c, d) + X(w) + K; \
-+ a = ROTATE(a, s) + e; \
-+ c = ROTATE(c, 10); \
-+ }
-+
-+#define RIP5(a, b, c, d, e, w, s, K) \
-+ { \
-+ a += F5(b, c, d) + X(w) + K; \
-+ a = ROTATE(a, s) + e; \
-+ c = ROTATE(c, 10); \
-+ }
-+
-+#define KL0 0x00000000L
-+#define KL1 0x5A827999L
-+#define KL2 0x6ED9EBA1L
-+#define KL3 0x8F1BBCDCL
-+#define KL4 0xA953FD4EL
-+
-+#define KR0 0x50A28BE6L
-+#define KR1 0x5C4DD124L
-+#define KR2 0x6D703EF3L
-+#define KR3 0x7A6D76E9L
-+#define KR4 0x00000000L
-+
-+#define WL00 0
-+#define SL00 11
-+#define WL01 1
-+#define SL01 14
-+#define WL02 2
-+#define SL02 15
-+#define WL03 3
-+#define SL03 12
-+#define WL04 4
-+#define SL04 5
-+#define WL05 5
-+#define SL05 8
-+#define WL06 6
-+#define SL06 7
-+#define WL07 7
-+#define SL07 9
-+#define WL08 8
-+#define SL08 11
-+#define WL09 9
-+#define SL09 13
-+#define WL10 10
-+#define SL10 14
-+#define WL11 11
-+#define SL11 15
-+#define WL12 12
-+#define SL12 6
-+#define WL13 13
-+#define SL13 7
-+#define WL14 14
-+#define SL14 9
-+#define WL15 15
-+#define SL15 8
-+
-+#define WL16 7
-+#define SL16 7
-+#define WL17 4
-+#define SL17 6
-+#define WL18 13
-+#define SL18 8
-+#define WL19 1
-+#define SL19 13
-+#define WL20 10
-+#define SL20 11
-+#define WL21 6
-+#define SL21 9
-+#define WL22 15
-+#define SL22 7
-+#define WL23 3
-+#define SL23 15
-+#define WL24 12
-+#define SL24 7
-+#define WL25 0
-+#define SL25 12
-+#define WL26 9
-+#define SL26 15
-+#define WL27 5
-+#define SL27 9
-+#define WL28 2
-+#define SL28 11
-+#define WL29 14
-+#define SL29 7
-+#define WL30 11
-+#define SL30 13
-+#define WL31 8
-+#define SL31 12
-+
-+#define WL32 3
-+#define SL32 11
-+#define WL33 10
-+#define SL33 13
-+#define WL34 14
-+#define SL34 6
-+#define WL35 4
-+#define SL35 7
-+#define WL36 9
-+#define SL36 14
-+#define WL37 15
-+#define SL37 9
-+#define WL38 8
-+#define SL38 13
-+#define WL39 1
-+#define SL39 15
-+#define WL40 2
-+#define SL40 14
-+#define WL41 7
-+#define SL41 8
-+#define WL42 0
-+#define SL42 13
-+#define WL43 6
-+#define SL43 6
-+#define WL44 13
-+#define SL44 5
-+#define WL45 11
-+#define SL45 12
-+#define WL46 5
-+#define SL46 7
-+#define WL47 12
-+#define SL47 5
-+
-+#define WL48 1
-+#define SL48 11
-+#define WL49 9
-+#define SL49 12
-+#define WL50 11
-+#define SL50 14
-+#define WL51 10
-+#define SL51 15
-+#define WL52 0
-+#define SL52 14
-+#define WL53 8
-+#define SL53 15
-+#define WL54 12
-+#define SL54 9
-+#define WL55 4
-+#define SL55 8
-+#define WL56 13
-+#define SL56 9
-+#define WL57 3
-+#define SL57 14
-+#define WL58 7
-+#define SL58 5
-+#define WL59 15
-+#define SL59 6
-+#define WL60 14
-+#define SL60 8
-+#define WL61 5
-+#define SL61 6
-+#define WL62 6
-+#define SL62 5
-+#define WL63 2
-+#define SL63 12
-+
-+#define WL64 4
-+#define SL64 9
-+#define WL65 0
-+#define SL65 15
-+#define WL66 5
-+#define SL66 5
-+#define WL67 9
-+#define SL67 11
-+#define WL68 7
-+#define SL68 6
-+#define WL69 12
-+#define SL69 8
-+#define WL70 2
-+#define SL70 13
-+#define WL71 10
-+#define SL71 12
-+#define WL72 14
-+#define SL72 5
-+#define WL73 1
-+#define SL73 12
-+#define WL74 3
-+#define SL74 13
-+#define WL75 8
-+#define SL75 14
-+#define WL76 11
-+#define SL76 11
-+#define WL77 6
-+#define SL77 8
-+#define WL78 15
-+#define SL78 5
-+#define WL79 13
-+#define SL79 6
-+
-+#define WR00 5
-+#define SR00 8
-+#define WR01 14
-+#define SR01 9
-+#define WR02 7
-+#define SR02 9
-+#define WR03 0
-+#define SR03 11
-+#define WR04 9
-+#define SR04 13
-+#define WR05 2
-+#define SR05 15
-+#define WR06 11
-+#define SR06 15
-+#define WR07 4
-+#define SR07 5
-+#define WR08 13
-+#define SR08 7
-+#define WR09 6
-+#define SR09 7
-+#define WR10 15
-+#define SR10 8
-+#define WR11 8
-+#define SR11 11
-+#define WR12 1
-+#define SR12 14
-+#define WR13 10
-+#define SR13 14
-+#define WR14 3
-+#define SR14 12
-+#define WR15 12
-+#define SR15 6
-+
-+#define WR16 6
-+#define SR16 9
-+#define WR17 11
-+#define SR17 13
-+#define WR18 3
-+#define SR18 15
-+#define WR19 7
-+#define SR19 7
-+#define WR20 0
-+#define SR20 12
-+#define WR21 13
-+#define SR21 8
-+#define WR22 5
-+#define SR22 9
-+#define WR23 10
-+#define SR23 11
-+#define WR24 14
-+#define SR24 7
-+#define WR25 15
-+#define SR25 7
-+#define WR26 8
-+#define SR26 12
-+#define WR27 12
-+#define SR27 7
-+#define WR28 4
-+#define SR28 6
-+#define WR29 9
-+#define SR29 15
-+#define WR30 1
-+#define SR30 13
-+#define WR31 2
-+#define SR31 11
-+
-+#define WR32 15
-+#define SR32 9
-+#define WR33 5
-+#define SR33 7
-+#define WR34 1
-+#define SR34 15
-+#define WR35 3
-+#define SR35 11
-+#define WR36 7
-+#define SR36 8
-+#define WR37 14
-+#define SR37 6
-+#define WR38 6
-+#define SR38 6
-+#define WR39 9
-+#define SR39 14
-+#define WR40 11
-+#define SR40 12
-+#define WR41 8
-+#define SR41 13
-+#define WR42 12
-+#define SR42 5
-+#define WR43 2
-+#define SR43 14
-+#define WR44 10
-+#define SR44 13
-+#define WR45 0
-+#define SR45 13
-+#define WR46 4
-+#define SR46 7
-+#define WR47 13
-+#define SR47 5
-+
-+#define WR48 8
-+#define SR48 15
-+#define WR49 6
-+#define SR49 5
-+#define WR50 4
-+#define SR50 8
-+#define WR51 1
-+#define SR51 11
-+#define WR52 3
-+#define SR52 14
-+#define WR53 11
-+#define SR53 14
-+#define WR54 15
-+#define SR54 6
-+#define WR55 0
-+#define SR55 14
-+#define WR56 5
-+#define SR56 6
-+#define WR57 12
-+#define SR57 9
-+#define WR58 2
-+#define SR58 12
-+#define WR59 13
-+#define SR59 9
-+#define WR60 9
-+#define SR60 12
-+#define WR61 7
-+#define SR61 5
-+#define WR62 10
-+#define SR62 15
-+#define WR63 14
-+#define SR63 8
-+
-+#define WR64 12
-+#define SR64 8
-+#define WR65 15
-+#define SR65 5
-+#define WR66 10
-+#define SR66 12
-+#define WR67 4
-+#define SR67 9
-+#define WR68 1
-+#define SR68 12
-+#define WR69 5
-+#define SR69 5
-+#define WR70 8
-+#define SR70 14
-+#define WR71 7
-+#define SR71 6
-+#define WR72 6
-+#define SR72 8
-+#define WR73 2
-+#define SR73 13
-+#define WR74 13
-+#define SR74 6
-+#define WR75 14
-+#define SR75 5
-+#define WR76 0
-+#define SR76 15
-+#define WR77 3
-+#define SR77 13
-+#define WR78 9
-+#define SR78 11
-+#define WR79 11
-+#define SR79 11
-+
-+static void ripemd160_block_data_order(uint32_t h[5], const uint8_t *data,
- size_t num) {
- uint32_t A, B, C, D, E;
- uint32_t a, b, c, d, e;
-From 4320bc47617a66d4219e66e2420311dbfb6c3cb0 Mon Sep 17 00:00:00 2001
-From: David Benjamin <davidben at google.com>
-Date: Mon, 29 Mar 2021 14:26:07 -0400
-Subject: [PATCH] Pull HASH_TRANSFORM out of md32_common.h.
-
-The macro isn't doing any work here.
-
-Change-Id: Id97dfa4b027407c5e4b3e7eb1586c3c2a2d977d8
-Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/47806
-Commit-Queue: David Benjamin <davidben at google.com>
-Reviewed-by: Adam Langley <agl at google.com>
----
-
-diff --git a/crypto/fipsmodule/digest/md32_common.h b/crypto/fipsmodule/digest/md32_common.h
-index a0634d1..8a14108 100644
---- a/crypto/fipsmodule/digest/md32_common.h
-+++ b/crypto/fipsmodule/digest/md32_common.h
-@@ -86,9 +86,6 @@
- // |HASH_UPDATE| must be defined as the name of the "Update" function to
- // generate.
- //
--// |HASH_TRANSFORM| must be defined as the the name of the "Transform"
--// function to generate.
--//
- // |HASH_FINAL| must be defined as the name of "Final" function to generate.
- //
- // |HASH_BLOCK_DATA_ORDER| must be defined as the name of the "Block" function.
-@@ -121,9 +118,6 @@
- #ifndef HASH_UPDATE
- #error "HASH_UPDATE must be defined!"
- #endif
--#ifndef HASH_TRANSFORM
--#error "HASH_TRANSFORM must be defined!"
--#endif
- #ifndef HASH_FINAL
- #error "HASH_FINAL must be defined!"
- #endif
-@@ -185,11 +179,6 @@
- }
-
-
--void HASH_TRANSFORM(HASH_CTX *c, const uint8_t data[HASH_CBLOCK]) {
-- HASH_BLOCK_DATA_ORDER(c->h, data, 1);
--}
--
--
- int HASH_FINAL(uint8_t out[HASH_DIGEST_LENGTH], HASH_CTX *c) {
- // |c->data| always has room for at least one byte. A full block would have
- // been consumed.
-diff --git a/crypto/fipsmodule/md4/md4.c b/crypto/fipsmodule/md4/md4.c
-index 0551664..9d229bf 100644
---- a/crypto/fipsmodule/md4/md4.c
-+++ b/crypto/fipsmodule/md4/md4.c
-@@ -84,13 +84,16 @@
-
- void md4_block_data_order(uint32_t *state, const uint8_t *data, size_t num);
-
-+void MD4_Transform(MD4_CTX *c, const uint8_t data[MD4_CBLOCK]) {
-+ md4_block_data_order(c->h, data, 1);
-+}
-+
- #define DATA_ORDER_IS_LITTLE_ENDIAN
-
- #define HASH_CTX MD4_CTX
- #define HASH_CBLOCK 64
- #define HASH_DIGEST_LENGTH 16
- #define HASH_UPDATE MD4_Update
--#define HASH_TRANSFORM MD4_Transform
- #define HASH_FINAL MD4_Final
- #define HASH_MAKE_STRING(c, s) \
- do { \
-@@ -240,7 +243,6 @@
- #undef HASH_CBLOCK
- #undef HASH_DIGEST_LENGTH
- #undef HASH_UPDATE
--#undef HASH_TRANSFORM
- #undef HASH_FINAL
- #undef HASH_MAKE_STRING
- #undef HASH_BLOCK_DATA_ORDER
-diff --git a/crypto/fipsmodule/md5/md5.c b/crypto/fipsmodule/md5/md5.c
-index bd6bf6a..e454a84 100644
---- a/crypto/fipsmodule/md5/md5.c
-+++ b/crypto/fipsmodule/md5/md5.c
-@@ -89,6 +89,9 @@
- size_t num);
- #endif
-
-+void MD5_Transform(MD5_CTX *c, const uint8_t data[MD5_CBLOCK]) {
-+ md5_block_data_order(c->h, data, 1);
-+}
-
- #define DATA_ORDER_IS_LITTLE_ENDIAN
-
-@@ -96,7 +99,6 @@
- #define HASH_CBLOCK 64
- #define HASH_DIGEST_LENGTH 16
- #define HASH_UPDATE MD5_Update
--#define HASH_TRANSFORM MD5_Transform
- #define HASH_FINAL MD5_Final
- #define HASH_MAKE_STRING(c, s) \
- do { \
-@@ -283,7 +285,6 @@
- #undef HASH_CBLOCK
- #undef HASH_DIGEST_LENGTH
- #undef HASH_UPDATE
--#undef HASH_TRANSFORM
- #undef HASH_FINAL
- #undef HASH_MAKE_STRING
- #undef HASH_BLOCK_DATA_ORDER
-diff --git a/crypto/fipsmodule/sha/sha1.c b/crypto/fipsmodule/sha/sha1.c
-index 2f50c67..7149d11 100644
---- a/crypto/fipsmodule/sha/sha1.c
-+++ b/crypto/fipsmodule/sha/sha1.c
-@@ -83,6 +83,15 @@
- return out;
- }
-
-+#if !defined(SHA1_ASM)
-+static void sha1_block_data_order(uint32_t *state, const uint8_t *data,
-+ size_t num);
-+#endif
-+
-+void SHA1_Transform(SHA_CTX *c, const uint8_t data[SHA_CBLOCK]) {
-+ sha1_block_data_order(c->h, data, 1);
-+}
-+
- #define DATA_ORDER_IS_BIG_ENDIAN
-
- #define HASH_CTX SHA_CTX
-@@ -103,7 +112,6 @@
- } while (0)
-
- #define HASH_UPDATE SHA1_Update
--#define HASH_TRANSFORM SHA1_Transform
- #define HASH_FINAL SHA1_Final
- #define HASH_BLOCK_DATA_ORDER sha1_block_data_order
- #define ROTATE(a, n) (((a) << (n)) | ((a) >> (32 - (n))))
-@@ -113,11 +121,6 @@
- (ix) = (a) = ROTATE((a), 1); \
- } while (0)
-
--#if !defined(SHA1_ASM)
--static void sha1_block_data_order(uint32_t *state, const uint8_t *data,
-- size_t num);
--#endif
--
- #include "../digest/md32_common.h"
-
- #define K_00_19 0x5a827999UL
-@@ -346,7 +349,6 @@
- #undef HASH_DIGEST_LENGTH
- #undef HASH_MAKE_STRING
- #undef HASH_UPDATE
--#undef HASH_TRANSFORM
- #undef HASH_FINAL
- #undef HASH_BLOCK_DATA_ORDER
- #undef ROTATE
-diff --git a/crypto/fipsmodule/sha/sha256.c b/crypto/fipsmodule/sha/sha256.c
-index 390ee3a..ff961c8 100644
---- a/crypto/fipsmodule/sha/sha256.c
-+++ b/crypto/fipsmodule/sha/sha256.c
-@@ -122,6 +122,15 @@
- return SHA256_Final(out, ctx);
- }
-
-+#ifndef SHA256_ASM
-+static void sha256_block_data_order(uint32_t *state, const uint8_t *in,
-+ size_t num);
-+#endif
-+
-+void SHA256_Transform(SHA256_CTX *c, const uint8_t data[SHA256_CBLOCK]) {
-+ sha256_block_data_order(c->h, data, 1);
-+}
-+
- #define DATA_ORDER_IS_BIG_ENDIAN
-
- #define HASH_CTX SHA256_CTX
-@@ -167,13 +176,8 @@
-
-
- #define HASH_UPDATE SHA256_Update
--#define HASH_TRANSFORM SHA256_Transform
- #define HASH_FINAL SHA256_Final
- #define HASH_BLOCK_DATA_ORDER sha256_block_data_order
--#ifndef SHA256_ASM
--static void sha256_block_data_order(uint32_t *state, const uint8_t *in,
-- size_t num);
--#endif
-
- #include "../digest/md32_common.h"
-
-@@ -324,7 +328,6 @@
- #undef HASH_DIGEST_LENGTH
- #undef HASH_MAKE_STRING
- #undef HASH_UPDATE
--#undef HASH_TRANSFORM
- #undef HASH_FINAL
- #undef HASH_BLOCK_DATA_ORDER
- #undef ROTATE
-diff --git a/decrepit/ripemd/ripemd.c b/decrepit/ripemd/ripemd.c
-index 50329c7..ac6bd83 100644
---- a/decrepit/ripemd/ripemd.c
-+++ b/decrepit/ripemd/ripemd.c
-@@ -80,6 +80,11 @@
- static void ripemd160_block_data_order(uint32_t h[5], const uint8_t *data,
- size_t num);
-
-+void RIPEMD160_Transform(RIPEMD160_CTX *c,
-+ const uint8_t data[RIPEMD160_CBLOCK]) {
-+ ripemd160_block_data_order(c->h, data, 1);
-+}
-+
- #define DATA_ORDER_IS_LITTLE_ENDIAN
-
- #define HASH_LONG uint32_t
-@@ -87,7 +92,6 @@
- #define HASH_CBLOCK RIPEMD160_CBLOCK
- #define HASH_DIGEST_LENGTH RIPEMD160_DIGEST_LENGTH
- #define HASH_UPDATE RIPEMD160_Update
--#define HASH_TRANSFORM RIPEMD160_Transform
- #define HASH_FINAL RIPEMD160_Final
- #define HASH_MAKE_STRING(c, s) \
- do { \
-From 597ffef971dd980b7de5e97a0c9b7ca26eec94bc Mon Sep 17 00:00:00 2001
-From: David Benjamin <davidben at google.com>
-Date: Mon, 29 Mar 2021 14:45:13 -0400
-Subject: [PATCH] Make md32_common.h single-included and use an unsized helper for SHA-256.
-
-Similar to
-https://boringssl-review.googlesource.com/c/boringssl/+/46405,
-SHA256_Final and SHA224_Final hit array size warnings in the new GCC.
-The array sizes are, strictly speaking, purely decoration, but this is a
-good warning so we should be clean with it on.
-
-That same change is difficult to apply to md32_common.h because
-md32_common.h generates the functions for us. md32_common.h is already
-strange in that it is multiply-included and changes behavior based on
-macros defined by the caller.
-
-Instead, replace it with inline functions, which are a bit more
-conventional and typesafe. This allows each hash function to define the
-function prototype. Use this to add an unsized helper for SHA-256.
-
-Bug: 402
-Change-Id: I61bc30fb58c54dd40a55c9b1ebf3fb9adde5e038
-Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/47807
-Reviewed-by: Adam Langley <agl at google.com>
-Reviewed-by: Peter Foley <pefoley at google.com>
-Commit-Queue: David Benjamin <davidben at google.com>
----
-
-diff --git a/crypto/fipsmodule/digest/md32_common.h b/crypto/fipsmodule/digest/md32_common.h
-index 8a14108..129ec48 100644
---- a/crypto/fipsmodule/digest/md32_common.h
-+++ b/crypto/fipsmodule/digest/md32_common.h
-@@ -46,6 +46,9 @@
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ==================================================================== */
-
-+#ifndef OPENSSL_HEADER_DIGEST_MD32_COMMON_H
-+#define OPENSSL_HEADER_DIGEST_MD32_COMMON_H
-+
- #include <openssl/base.h>
-
- #include <assert.h>
-@@ -59,22 +62,15 @@
-
- // This is a generic 32-bit "collector" for message digest algorithms. It
- // collects input character stream into chunks of 32-bit values and invokes the
--// block function that performs the actual hash calculations. To make use of
--// this mechanism, the following macros must be defined before including
--// md32_common.h.
-+// block function that performs the actual hash calculations.
- //
--// One of |DATA_ORDER_IS_BIG_ENDIAN| or |DATA_ORDER_IS_LITTLE_ENDIAN| must be
--// defined to specify the byte order of the input stream.
--//
--// |HASH_CBLOCK| must be defined as the integer block size, in bytes.
--//
--// |HASH_CTX| must be defined as the name of the context structure, which must
--// have at least the following members:
-+// To make use of this mechanism, the hash context should be defined with the
-+// following parameters.
- //
- // typedef struct <name>_state_st {
- // uint32_t h[<chaining length> / sizeof(uint32_t)];
- // uint32_t Nl, Nh;
--// uint8_t data[HASH_CBLOCK];
-+// uint8_t data[<block size>];
- // unsigned num;
- // ...
- // } <NAME>_CTX;
-@@ -83,136 +79,117 @@
- // any truncation (e.g. 64 for SHA-224 and SHA-256, 128 for SHA-384 and
- // SHA-512).
- //
--// |HASH_UPDATE| must be defined as the name of the "Update" function to
--// generate.
--//
--// |HASH_FINAL| must be defined as the name of "Final" function to generate.
--//
--// |HASH_BLOCK_DATA_ORDER| must be defined as the name of the "Block" function.
--// That function must be implemented manually. It must be capable of operating
--// on *unaligned* input data in its original (data) byte order. It must have
--// this signature:
--//
--// void HASH_BLOCK_DATA_ORDER(uint32_t *state, const uint8_t *data,
--// size_t num);
--//
--// It must update the hash state |state| with |num| blocks of data from |data|,
--// where each block is |HASH_CBLOCK| bytes; i.e. |data| points to a array of
--// |HASH_CBLOCK * num| bytes. |state| points to the |h| member of a |HASH_CTX|,
--// and so will have |<chaining length> / sizeof(uint32_t)| elements.
--//
--// |HASH_MAKE_STRING(c, s)| must be defined as a block statement that converts
--// the hash state |c->h| into the output byte order, storing the result in |s|.
-+// |h| is the hash state and is updated by a function of type
-+// |crypto_md32_block_func|. |data| is the partial unprocessed block and has
-+// |num| bytes. |Nl| and |Nh| maintain the number of bits processed so far.
-
--#if !defined(DATA_ORDER_IS_BIG_ENDIAN) && !defined(DATA_ORDER_IS_LITTLE_ENDIAN)
--#error "DATA_ORDER must be defined!"
--#endif
-+// A crypto_md32_block_func should incorporate |num_blocks| of input from |data|
-+// into |state|. It is assumed the caller has sized |state| and |data| for the
-+// hash function.
-+typedef void (*crypto_md32_block_func)(uint32_t *state, const uint8_t *data,
-+ size_t num_blocks);
-
--#ifndef HASH_CBLOCK
--#error "HASH_CBLOCK must be defined!"
--#endif
--#ifndef HASH_CTX
--#error "HASH_CTX must be defined!"
--#endif
--
--#ifndef HASH_UPDATE
--#error "HASH_UPDATE must be defined!"
--#endif
--#ifndef HASH_FINAL
--#error "HASH_FINAL must be defined!"
--#endif
--
--#ifndef HASH_BLOCK_DATA_ORDER
--#error "HASH_BLOCK_DATA_ORDER must be defined!"
--#endif
--
--#ifndef HASH_MAKE_STRING
--#error "HASH_MAKE_STRING must be defined!"
--#endif
--
--int HASH_UPDATE(HASH_CTX *c, const void *data_, size_t len) {
-- const uint8_t *data = data_;
--
-+// crypto_md32_update adds |len| bytes from |in| to the digest. |data| must be a
-+// buffer of length |block_size| with the first |*num| bytes containing a
-+// partial block. This function combines the partial block with |in| and
-+// incorporates any complete blocks into the digest state |h|. It then updates
-+// |data| and |*num| with the new partial block and updates |*Nh| and |*Nl| with
-+// the data consumed.
-+static inline void crypto_md32_update(crypto_md32_block_func block_func,
-+ uint32_t *h, uint8_t *data,
-+ size_t block_size, unsigned *num,
-+ uint32_t *Nh, uint32_t *Nl,
-+ const uint8_t *in, size_t len) {
- if (len == 0) {
-- return 1;
-+ return;
- }
-
-- uint32_t l = c->Nl + (((uint32_t)len) << 3);
-- if (l < c->Nl) {
-+ uint32_t l = *Nl + (((uint32_t)len) << 3);
-+ if (l < *Nl) {
- // Handle carries.
-- c->Nh++;
-+ (*Nh)++;
- }
-- c->Nh += (uint32_t)(len >> 29);
-- c->Nl = l;
-+ *Nh += (uint32_t)(len >> 29);
-+ *Nl = l;
-
-- size_t n = c->num;
-+ size_t n = *num;
- if (n != 0) {
-- if (len >= HASH_CBLOCK || len + n >= HASH_CBLOCK) {
-- OPENSSL_memcpy(c->data + n, data, HASH_CBLOCK - n);
-- HASH_BLOCK_DATA_ORDER(c->h, c->data, 1);
-- n = HASH_CBLOCK - n;
-- data += n;
-+ if (len >= block_size || len + n >= block_size) {
-+ OPENSSL_memcpy(data + n, in, block_size - n);
-+ block_func(h, data, 1);
-+ n = block_size - n;
-+ in += n;
- len -= n;
-- c->num = 0;
-- // Keep |c->data| zeroed when unused.
-- OPENSSL_memset(c->data, 0, HASH_CBLOCK);
-+ *num = 0;
-+ // Keep |data| zeroed when unused.
-+ OPENSSL_memset(data, 0, block_size);
- } else {
-- OPENSSL_memcpy(c->data + n, data, len);
-- c->num += (unsigned)len;
-- return 1;
-+ OPENSSL_memcpy(data + n, in, len);
-+ *num += (unsigned)len;
-+ return;
- }
- }
-
-- n = len / HASH_CBLOCK;
-+ n = len / block_size;
- if (n > 0) {
-- HASH_BLOCK_DATA_ORDER(c->h, data, n);
-- n *= HASH_CBLOCK;
-- data += n;
-+ block_func(h, in, n);
-+ n *= block_size;
-+ in += n;
- len -= n;
- }
-
- if (len != 0) {
-- c->num = (unsigned)len;
-- OPENSSL_memcpy(c->data, data, len);
-+ *num = (unsigned)len;
-+ OPENSSL_memcpy(data, in, len);
- }
-- return 1;
- }
-
--
--int HASH_FINAL(uint8_t out[HASH_DIGEST_LENGTH], HASH_CTX *c) {
-- // |c->data| always has room for at least one byte. A full block would have
-+// crypto_md32_final incorporates the partial block and trailing length into the
-+// digest state |h|. The trailing length is encoded in little-endian if
-+// |is_big_endian| is zero and big-endian otherwise. |data| must be a buffer of
-+// length |block_size| with the first |*num| bytes containing a partial block.
-+// |Nh| and |Nl| contain the total number of bits processed. On return, this
-+// function clears the partial block in |data| and
-+// |*num|.
-+//
-+// This function does not serialize |h| into a final digest. This is the
-+// responsibility of the caller.
-+static inline void crypto_md32_final(crypto_md32_block_func block_func,
-+ uint32_t *h, uint8_t *data,
-+ size_t block_size, unsigned *num,
-+ uint32_t Nh, uint32_t Nl,
-+ int is_big_endian) {
-+ // |data| always has room for at least one byte. A full block would have
- // been consumed.
-- size_t n = c->num;
-- assert(n < HASH_CBLOCK);
-- c->data[n] = 0x80;
-+ size_t n = *num;
-+ assert(n < block_size);
-+ data[n] = 0x80;
- n++;
-
- // Fill the block with zeros if there isn't room for a 64-bit length.
-- if (n > (HASH_CBLOCK - 8)) {
-- OPENSSL_memset(c->data + n, 0, HASH_CBLOCK - n);
-+ if (n > block_size - 8) {
-+ OPENSSL_memset(data + n, 0, block_size - n);
- n = 0;
-- HASH_BLOCK_DATA_ORDER(c->h, c->data, 1);
-+ block_func(h, data, 1);
- }
-- OPENSSL_memset(c->data + n, 0, HASH_CBLOCK - 8 - n);
-+ OPENSSL_memset(data + n, 0, block_size - 8 - n);
-
- // Append a 64-bit length to the block and process it.
-- uint8_t *p = c->data + HASH_CBLOCK - 8;
--#if defined(DATA_ORDER_IS_BIG_ENDIAN)
-- CRYPTO_store_u32_be(p, c->Nh);
-- CRYPTO_store_u32_be(p + 4, c->Nl);
--#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
-- CRYPTO_store_u32_le(p, c->Nl);
-- CRYPTO_store_u32_le(p + 4, c->Nh);
--#endif
-- HASH_BLOCK_DATA_ORDER(c->h, c->data, 1);
-- c->num = 0;
-- OPENSSL_memset(c->data, 0, HASH_CBLOCK);
--
-- HASH_MAKE_STRING(c, out);
-- return 1;
-+ if (is_big_endian) {
-+ CRYPTO_store_u32_be(data + block_size - 8, Nh);
-+ CRYPTO_store_u32_be(data + block_size - 4, Nl);
-+ } else {
-+ CRYPTO_store_u32_le(data + block_size - 8, Nl);
-+ CRYPTO_store_u32_le(data + block_size - 4, Nh);
-+ }
-+ block_func(h, data, 1);
-+ *num = 0;
-+ OPENSSL_memset(data, 0, block_size);
- }
-
-
- #if defined(__cplusplus)
- } // extern C
- #endif
-+
-+#endif // OPENSSL_HEADER_DIGEST_MD32_COMMON_H
-diff --git a/crypto/fipsmodule/md4/md4.c b/crypto/fipsmodule/md4/md4.c
-index 9d229bf..8779402 100644
---- a/crypto/fipsmodule/md4/md4.c
-+++ b/crypto/fipsmodule/md4/md4.c
-@@ -60,6 +60,7 @@
- #include <string.h>
-
- #include "../../internal.h"
-+#include "../digest/md32_common.h"
-
-
- uint8_t *MD4(const uint8_t *data, size_t len, uint8_t out[MD4_DIGEST_LENGTH]) {
-@@ -88,27 +89,22 @@
- md4_block_data_order(c->h, data, 1);
- }
-
--#define DATA_ORDER_IS_LITTLE_ENDIAN
-+int MD4_Update(MD4_CTX *c, const void *data, size_t len) {
-+ crypto_md32_update(&md4_block_data_order, c->h, c->data, MD4_CBLOCK, &c->num,
-+ &c->Nh, &c->Nl, data, len);
-+ return 1;
-+}
-
--#define HASH_CTX MD4_CTX
--#define HASH_CBLOCK 64
--#define HASH_DIGEST_LENGTH 16
--#define HASH_UPDATE MD4_Update
--#define HASH_FINAL MD4_Final
--#define HASH_MAKE_STRING(c, s) \
-- do { \
-- CRYPTO_store_u32_le((s), (c)->h[0]); \
-- (s) += 4; \
-- CRYPTO_store_u32_le((s), (c)->h[1]); \
-- (s) += 4; \
-- CRYPTO_store_u32_le((s), (c)->h[2]); \
-- (s) += 4; \
-- CRYPTO_store_u32_le((s), (c)->h[3]); \
-- (s) += 4; \
-- } while (0)
--#define HASH_BLOCK_DATA_ORDER md4_block_data_order
-+int MD4_Final(uint8_t out[MD4_DIGEST_LENGTH], MD4_CTX *c) {
-+ crypto_md32_final(&md4_block_data_order, c->h, c->data, MD4_CBLOCK, &c->num,
-+ c->Nh, c->Nl, /*is_big_endian=*/0);
-
--#include "../digest/md32_common.h"
-+ CRYPTO_store_u32_le(out, c->h[0]);
-+ CRYPTO_store_u32_le(out + 4, c->h[1]);
-+ CRYPTO_store_u32_le(out + 8, c->h[2]);
-+ CRYPTO_store_u32_le(out + 12, c->h[3]);
-+ return 1;
-+}
-
- // As pointed out by Wei Dai <weidai at eskimo.com>, the above can be
- // simplified to the code below. Wei attributes these optimizations
-@@ -238,14 +234,6 @@
- }
- }
-
--#undef DATA_ORDER_IS_LITTLE_ENDIAN
--#undef HASH_CTX
--#undef HASH_CBLOCK
--#undef HASH_DIGEST_LENGTH
--#undef HASH_UPDATE
--#undef HASH_FINAL
--#undef HASH_MAKE_STRING
--#undef HASH_BLOCK_DATA_ORDER
- #undef F
- #undef G
- #undef H
-diff --git a/crypto/fipsmodule/md5/md5.c b/crypto/fipsmodule/md5/md5.c
-index e454a84..eba34bc 100644
---- a/crypto/fipsmodule/md5/md5.c
-+++ b/crypto/fipsmodule/md5/md5.c
-@@ -60,8 +60,9 @@
-
- #include <openssl/mem.h>
-
--#include "internal.h"
- #include "../../internal.h"
-+#include "../digest/md32_common.h"
-+#include "internal.h"
-
-
- uint8_t *MD5(const uint8_t *data, size_t len, uint8_t out[MD5_DIGEST_LENGTH]) {
-@@ -93,27 +94,22 @@
- md5_block_data_order(c->h, data, 1);
- }
-
--#define DATA_ORDER_IS_LITTLE_ENDIAN
-+int MD5_Update(MD5_CTX *c, const void *data, size_t len) {
-+ crypto_md32_update(&md5_block_data_order, c->h, c->data, MD5_CBLOCK, &c->num,
-+ &c->Nh, &c->Nl, data, len);
-+ return 1;
-+}
-
--#define HASH_CTX MD5_CTX
--#define HASH_CBLOCK 64
--#define HASH_DIGEST_LENGTH 16
--#define HASH_UPDATE MD5_Update
--#define HASH_FINAL MD5_Final
--#define HASH_MAKE_STRING(c, s) \
-- do { \
-- CRYPTO_store_u32_le((s), (c)->h[0]); \
-- (s) += 4; \
-- CRYPTO_store_u32_le((s), (c)->h[1]); \
-- (s) += 4; \
-- CRYPTO_store_u32_le((s), (c)->h[2]); \
-- (s) += 4; \
-- CRYPTO_store_u32_le((s), (c)->h[3]); \
-- (s) += 4; \
-- } while (0)
--#define HASH_BLOCK_DATA_ORDER md5_block_data_order
-+int MD5_Final(uint8_t out[MD5_DIGEST_LENGTH], MD5_CTX *c) {
-+ crypto_md32_final(&md5_block_data_order, c->h, c->data, MD5_CBLOCK, &c->num,
-+ c->Nh, c->Nl, /*is_big_endian=*/0);
-
--#include "../digest/md32_common.h"
-+ CRYPTO_store_u32_le(out, c->h[0]);
-+ CRYPTO_store_u32_le(out + 4, c->h[1]);
-+ CRYPTO_store_u32_le(out + 8, c->h[2]);
-+ CRYPTO_store_u32_le(out + 12, c->h[3]);
-+ return 1;
-+}
-
- // As pointed out by Wei Dai <weidai at eskimo.com>, the above can be
- // simplified to the code below. Wei attributes these optimizations
-@@ -280,14 +276,6 @@
- #undef X
- #endif
-
--#undef DATA_ORDER_IS_LITTLE_ENDIAN
--#undef HASH_CTX
--#undef HASH_CBLOCK
--#undef HASH_DIGEST_LENGTH
--#undef HASH_UPDATE
--#undef HASH_FINAL
--#undef HASH_MAKE_STRING
--#undef HASH_BLOCK_DATA_ORDER
- #undef F
- #undef G
- #undef H
-diff --git a/crypto/fipsmodule/sha/sha1.c b/crypto/fipsmodule/sha/sha1.c
-index 7149d11..c629308 100644
---- a/crypto/fipsmodule/sha/sha1.c
-+++ b/crypto/fipsmodule/sha/sha1.c
-@@ -60,8 +60,9 @@
-
- #include <openssl/mem.h>
-
--#include "internal.h"
- #include "../../internal.h"
-+#include "../digest/md32_common.h"
-+#include "internal.h"
-
-
- int SHA1_Init(SHA_CTX *sha) {
-@@ -92,28 +93,24 @@
- sha1_block_data_order(c->h, data, 1);
- }
-
--#define DATA_ORDER_IS_BIG_ENDIAN
-+int SHA1_Update(SHA_CTX *c, const void *data, size_t len) {
-+ crypto_md32_update(&sha1_block_data_order, c->h, c->data, SHA_CBLOCK, &c->num,
-+ &c->Nh, &c->Nl, data, len);
-+ return 1;
-+}
-
--#define HASH_CTX SHA_CTX
--#define HASH_CBLOCK 64
--#define HASH_DIGEST_LENGTH 20
--#define HASH_MAKE_STRING(c, s) \
-- do { \
-- CRYPTO_store_u32_be((s), (c)->h[0]); \
-- (s) += 4; \
-- CRYPTO_store_u32_be((s), (c)->h[1]); \
-- (s) += 4; \
-- CRYPTO_store_u32_be((s), (c)->h[2]); \
-- (s) += 4; \
-- CRYPTO_store_u32_be((s), (c)->h[3]); \
-- (s) += 4; \
-- CRYPTO_store_u32_be((s), (c)->h[4]); \
-- (s) += 4; \
-- } while (0)
-+int SHA1_Final(uint8_t out[SHA_DIGEST_LENGTH], SHA_CTX *c) {
-+ crypto_md32_final(&sha1_block_data_order, c->h, c->data, SHA_CBLOCK, &c->num,
-+ c->Nh, c->Nl, /*is_big_endian=*/1);
-
--#define HASH_UPDATE SHA1_Update
--#define HASH_FINAL SHA1_Final
--#define HASH_BLOCK_DATA_ORDER sha1_block_data_order
-+ CRYPTO_store_u32_be(out, c->h[0]);
-+ CRYPTO_store_u32_be(out + 4, c->h[1]);
-+ CRYPTO_store_u32_be(out + 8, c->h[2]);
-+ CRYPTO_store_u32_be(out + 12, c->h[3]);
-+ CRYPTO_store_u32_be(out + 16, c->h[4]);
-+ return 1;
-+}
-+
- #define ROTATE(a, n) (((a) << (n)) | ((a) >> (32 - (n))))
- #define Xupdate(a, ix, ia, ib, ic, id) \
- do { \
-@@ -121,8 +118,6 @@
- (ix) = (a) = ROTATE((a), 1); \
- } while (0)
-
--#include "../digest/md32_common.h"
--
- #define K_00_19 0x5a827999UL
- #define K_20_39 0x6ed9eba1UL
- #define K_40_59 0x8f1bbcdcUL
-@@ -343,14 +338,6 @@
- }
- #endif
-
--#undef DATA_ORDER_IS_BIG_ENDIAN
--#undef HASH_CTX
--#undef HASH_CBLOCK
--#undef HASH_DIGEST_LENGTH
--#undef HASH_MAKE_STRING
--#undef HASH_UPDATE
--#undef HASH_FINAL
--#undef HASH_BLOCK_DATA_ORDER
- #undef ROTATE
- #undef Xupdate
- #undef K_00_19
-diff --git a/crypto/fipsmodule/sha/sha256.c b/crypto/fipsmodule/sha/sha256.c
-index ff961c8..4394f4a 100644
---- a/crypto/fipsmodule/sha/sha256.c
-+++ b/crypto/fipsmodule/sha/sha256.c
-@@ -60,8 +60,9 @@
-
- #include <openssl/mem.h>
-
--#include "internal.h"
- #include "../../internal.h"
-+#include "../digest/md32_common.h"
-+#include "internal.h"
-
-
- int SHA224_Init(SHA256_CTX *sha) {
-@@ -112,16 +113,6 @@
- return out;
- }
-
--int SHA224_Update(SHA256_CTX *ctx, const void *data, size_t len) {
-- return SHA256_Update(ctx, data, len);
--}
--
--int SHA224_Final(uint8_t out[SHA224_DIGEST_LENGTH], SHA256_CTX *ctx) {
-- // SHA224_Init sets |ctx->md_len| to |SHA224_DIGEST_LENGTH|, so this has a
-- // smaller output.
-- return SHA256_Final(out, ctx);
--}
--
- #ifndef SHA256_ASM
- static void sha256_block_data_order(uint32_t *state, const uint8_t *in,
- size_t num);
-@@ -131,55 +122,51 @@
- sha256_block_data_order(c->h, data, 1);
- }
-
--#define DATA_ORDER_IS_BIG_ENDIAN
-+int SHA256_Update(SHA256_CTX *c, const void *data, size_t len) {
-+ crypto_md32_update(&sha256_block_data_order, c->h, c->data, SHA256_CBLOCK,
-+ &c->num, &c->Nh, &c->Nl, data, len);
-+ return 1;
-+}
-
--#define HASH_CTX SHA256_CTX
--#define HASH_CBLOCK 64
--#define HASH_DIGEST_LENGTH 32
-+int SHA224_Update(SHA256_CTX *ctx, const void *data, size_t len) {
-+ return SHA256_Update(ctx, data, len);
-+}
-
--// Note that FIPS180-2 discusses "Truncation of the Hash Function Output."
--// default: case below covers for it. It's not clear however if it's permitted
--// to truncate to amount of bytes not divisible by 4. I bet not, but if it is,
--// then default: case shall be extended. For reference. Idea behind separate
--// cases for pre-defined lenghts is to let the compiler decide if it's
--// appropriate to unroll small loops.
--//
--// TODO(davidben): The small |md_len| case is one of the few places a low-level
--// hash 'final' function can fail. This should never happen.
--#define HASH_MAKE_STRING(c, s) \
-- do { \
-- unsigned int nn; \
-- switch ((c)->md_len) { \
-- case SHA224_DIGEST_LENGTH: \
-- for (nn = 0; nn < SHA224_DIGEST_LENGTH / 4; nn++) { \
-- CRYPTO_store_u32_be((s), (c)->h[nn]); \
-- (s) += 4; \
-- } \
-- break; \
-- case SHA256_DIGEST_LENGTH: \
-- for (nn = 0; nn < SHA256_DIGEST_LENGTH / 4; nn++) { \
-- CRYPTO_store_u32_be((s), (c)->h[nn]); \
-- (s) += 4; \
-- } \
-- break; \
-- default: \
-- if ((c)->md_len > SHA256_DIGEST_LENGTH) { \
-- return 0; \
-- } \
-- for (nn = 0; nn < (c)->md_len / 4; nn++) { \
-- CRYPTO_store_u32_be((s), (c)->h[nn]); \
-- (s) += 4; \
-- } \
-- break; \
-- } \
-- } while (0)
-+static int sha256_final_impl(uint8_t *out, SHA256_CTX *c) {
-+ crypto_md32_final(&sha256_block_data_order, c->h, c->data, SHA256_CBLOCK,
-+ &c->num, c->Nh, c->Nl, /*is_big_endian=*/1);
-
-+ // TODO(davidben): This overflow check one of the few places a low-level hash
-+ // 'final' function can fail. SHA-512 does not have a corresponding check.
-+ // These functions already misbehave if the caller arbitrarily mutates |c|, so
-+ // can we assume one of |SHA256_Init| or |SHA224_Init| was used?
-+ if (c->md_len > SHA256_DIGEST_LENGTH) {
-+ return 0;
-+ }
-
--#define HASH_UPDATE SHA256_Update
--#define HASH_FINAL SHA256_Final
--#define HASH_BLOCK_DATA_ORDER sha256_block_data_order
-+ assert(c->md_len % 4 == 0);
-+ const size_t out_words = c->md_len / 4;
-+ for (size_t i = 0; i < out_words; i++) {
-+ CRYPTO_store_u32_be(out, c->h[i]);
-+ out += 4;
-+ }
-+ return 1;
-+}
-
--#include "../digest/md32_common.h"
-+int SHA256_Final(uint8_t out[SHA256_DIGEST_LENGTH], SHA256_CTX *c) {
-+ // Ideally we would assert |sha->md_len| is |SHA256_DIGEST_LENGTH| to match
-+ // the size hint, but calling code often pairs |SHA224_Init| with
-+ // |SHA256_Final| and expects |sha->md_len| to carry the size over.
-+ //
-+ // TODO(davidben): Add an assert and fix code to match them up.
-+ return sha256_final_impl(out, c);
-+}
-+int SHA224_Final(uint8_t out[SHA224_DIGEST_LENGTH], SHA256_CTX *ctx) {
-+ // SHA224_Init sets |ctx->md_len| to |SHA224_DIGEST_LENGTH|, so this has a
-+ // smaller output.
-+ assert(ctx->md_len == SHA224_DIGEST_LENGTH);
-+ return sha256_final_impl(out, ctx);
-+}
-
- #ifndef SHA256_ASM
- static const uint32_t K256[64] = {
-@@ -322,14 +309,6 @@
- sha256_block_data_order(state, data, num_blocks);
- }
-
--#undef DATA_ORDER_IS_BIG_ENDIAN
--#undef HASH_CTX
--#undef HASH_CBLOCK
--#undef HASH_DIGEST_LENGTH
--#undef HASH_MAKE_STRING
--#undef HASH_UPDATE
--#undef HASH_FINAL
--#undef HASH_BLOCK_DATA_ORDER
- #undef ROTATE
- #undef Sigma0
- #undef Sigma1
-diff --git a/crypto/fipsmodule/sha/sha512.c b/crypto/fipsmodule/sha/sha512.c
-index 1f40e7a..befdd52 100644
---- a/crypto/fipsmodule/sha/sha512.c
-+++ b/crypto/fipsmodule/sha/sha512.c
-@@ -162,7 +162,7 @@
-
- int SHA384_Final(uint8_t out[SHA384_DIGEST_LENGTH], SHA512_CTX *sha) {
- // |SHA384_Init| sets |sha->md_len| to |SHA384_DIGEST_LENGTH|, so this has a
-- // |smaller output.
-+ // smaller output.
- assert(sha->md_len == SHA384_DIGEST_LENGTH);
- return sha512_final_impl(out, sha);
- }
-@@ -237,7 +237,7 @@
- int SHA512_Final(uint8_t out[SHA512_DIGEST_LENGTH], SHA512_CTX *sha) {
- // Ideally we would assert |sha->md_len| is |SHA512_DIGEST_LENGTH| to match
- // the size hint, but calling code often pairs |SHA384_Init| with
-- // |SHA512_Final| and expects |sha->md_len| to carry the over.
-+ // |SHA512_Final| and expects |sha->md_len| to carry the size over.
- //
- // TODO(davidben): Add an assert and fix code to match them up.
- return sha512_final_impl(out, sha);
-@@ -270,9 +270,8 @@
- assert(sha->md_len % 8 == 0);
- const size_t out_words = sha->md_len / 8;
- for (size_t i = 0; i < out_words; i++) {
-- const uint64_t t = CRYPTO_bswap8(sha->h[i]);
-- memcpy(out, &t, sizeof(t));
-- out += sizeof(t);
-+ CRYPTO_store_u64_be(out, sha->h[i]);
-+ out += 8;
- }
-
- return 1;
-diff --git a/decrepit/ripemd/ripemd.c b/decrepit/ripemd/ripemd.c
-index ac6bd83..9120cdd 100644
---- a/decrepit/ripemd/ripemd.c
-+++ b/decrepit/ripemd/ripemd.c
-@@ -59,6 +59,7 @@
- #include <string.h>
-
- #include "../../crypto/internal.h"
-+#include "../../crypto/fipsmodule/digest/md32_common.h"
-
-
- #define RIPEMD160_A 0x67452301L
-@@ -85,31 +86,24 @@
- ripemd160_block_data_order(c->h, data, 1);
- }
-
--#define DATA_ORDER_IS_LITTLE_ENDIAN
-+int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, size_t len) {
-+ crypto_md32_update(&ripemd160_block_data_order, c->h, c->data,
-+ RIPEMD160_CBLOCK, &c->num, &c->Nh, &c->Nl, data, len);
-+ return 1;
-+}
-
--#define HASH_LONG uint32_t
--#define HASH_CTX RIPEMD160_CTX
--#define HASH_CBLOCK RIPEMD160_CBLOCK
--#define HASH_DIGEST_LENGTH RIPEMD160_DIGEST_LENGTH
--#define HASH_UPDATE RIPEMD160_Update
--#define HASH_FINAL RIPEMD160_Final
--#define HASH_MAKE_STRING(c, s) \
-- do { \
-- CRYPTO_store_u32_le((s), (c)->h[0]); \
-- (s) += 4; \
-- CRYPTO_store_u32_le((s), (c)->h[1]); \
-- (s) += 4; \
-- CRYPTO_store_u32_le((s), (c)->h[2]); \
-- (s) += 4; \
-- CRYPTO_store_u32_le((s), (c)->h[3]); \
-- (s) += 4; \
-- CRYPTO_store_u32_le((s), (c)->h[4]); \
-- (s) += 4; \
-- } while (0)
-+int RIPEMD160_Final(uint8_t out[RIPEMD160_DIGEST_LENGTH], RIPEMD160_CTX *c) {
-+ crypto_md32_final(&ripemd160_block_data_order, c->h, c->data,
-+ RIPEMD160_CBLOCK, &c->num, c->Nh, c->Nl,
-+ /*is_big_endian=*/0);
-
--#define HASH_BLOCK_DATA_ORDER ripemd160_block_data_order
--
--#include "../../crypto/fipsmodule/digest/md32_common.h"
-+ CRYPTO_store_u32_le(out, c->h[0]);
-+ CRYPTO_store_u32_le(out + 4, c->h[1]);
-+ CRYPTO_store_u32_le(out + 8, c->h[2]);
-+ CRYPTO_store_u32_le(out + 12, c->h[3]);
-+ CRYPTO_store_u32_le(out + 16, c->h[4]);
-+ return 1;
-+}
-
- // Transformed F2 and F4 are courtesy of Wei Dai <weidai at eskimo.com>
- #define F1(x, y, z) ((x) ^ (y) ^ (z))
-From 92c6fbfc4c44dc8462d260d836020d2b793e7804 Mon Sep 17 00:00:00 2001
-From: Peter Foley <pefoley2 at pefoley.com>
-Date: Fri, 28 May 2021 14:16:23 -0400
-Subject: [PATCH] Fix array-parameter warnings
-
-e.g.
-/home/peter/boringssl/crypto/curve25519/curve25519.c:503:57: error: argument 2 of type 'const uint8_t[32]' {aka 'const unsigned char[32'} with mismatched bound [-Werror=array-parameter=]
- 503 | int x25519_ge_frombytes_vartime(ge_p3 *h, const uint8_t s[32]) {
- | ~~~~~~~~~~~~~~^~~~~
-In file included from /home/peter/boringssl/crypto/curve25519/curve25519.c:33:
-/home/peter/boringssl/crypto/curve25519/internal.h:109:58: note: previously declared as 'const uint8_t *' {aka 'const unsigned char *'}
- 109 | int x25519_ge_frombytes_vartime(ge_p3 *h, const uint8_t *s);
- | ~~~~~~~~~~~~~~~^
-/home/peter/boringssl/crypto/curve25519/curve25519.c:823:57: error: argument 2 of type 'const uint8_t *' {aka 'const unsigned char *'} declared as a pointer [-Werror=array-parameter=]
- 823 | void x25519_ge_scalarmult_base(ge_p3 *h, const uint8_t *a) {
- | ~~~~~~~~~~~~~~~^
-In file included from /home/peter/boringssl/crypto/curve25519/curve25519.c:33:
-/home/peter/boringssl/crypto/curve25519/internal.h:117:56: note: previously declared as an array 'const uint8_t[32]' {aka 'const unsigned char[32]'}
- 117 | void x25519_ge_scalarmult_base(ge_p3 *h, const uint8_t a[32]);
- | ~~~~~~~~~~~~~~^~~~~
-cc1: all warnings being treated as errors
-
-Change-Id: I7e9b68fe261a94834f519057adb6ff90c0cb73cf
-Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/47805
-Reviewed-by: David Benjamin <davidben at google.com>
-Commit-Queue: David Benjamin <davidben at google.com>
----
-
-diff --git a/crypto/curve25519/curve25519.c b/crypto/curve25519/curve25519.c
-index 232f6e0..ea48810 100644
---- a/crypto/curve25519/curve25519.c
-+++ b/crypto/curve25519/curve25519.c
-@@ -820,7 +820,7 @@
- //
- // Preconditions:
- // a[31] <= 127
--void x25519_ge_scalarmult_base(ge_p3 *h, const uint8_t *a) {
-+void x25519_ge_scalarmult_base(ge_p3 *h, const uint8_t a[32]) {
- signed char e[64];
- signed char carry;
- ge_p1p1 r;
-diff --git a/crypto/curve25519/internal.h b/crypto/curve25519/internal.h
-index 01be307..76ff78f 100644
---- a/crypto/curve25519/internal.h
-+++ b/crypto/curve25519/internal.h
-@@ -106,7 +106,7 @@
- } ge_cached;
-
- void x25519_ge_tobytes(uint8_t s[32], const ge_p2 *h);
--int x25519_ge_frombytes_vartime(ge_p3 *h, const uint8_t *s);
-+int x25519_ge_frombytes_vartime(ge_p3 *h, const uint8_t s[32]);
- void x25519_ge_p3_to_cached(ge_cached *r, const ge_p3 *p);
- void x25519_ge_p1p1_to_p2(ge_p2 *r, const ge_p1p1 *p);
- void x25519_ge_p1p1_to_p3(ge_p3 *r, const ge_p1p1 *p);
More information about the arch-commits
mailing list