1 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
2  * All rights reserved.
3  *
4  * This package is an SSL implementation written
5  * by Eric Young (eay@cryptsoft.com).
6  * The implementation was written so as to conform with Netscapes SSL.
7  *
8  * This library is free for commercial and non-commercial use as long as
9  * the following conditions are aheared to.  The following conditions
10  * apply to all code found in this distribution, be it the RC4, RSA,
11  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
12  * included with this distribution is covered by the same copyright terms
13  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
14  *
15  * Copyright remains Eric Young's, and as such any Copyright notices in
16  * the code are not to be removed.
17  * If this package is used in a product, Eric Young should be given attribution
18  * as the author of the parts of the library used.
19  * This can be in the form of a textual message at program startup or
20  * in documentation (online or textual) provided with the package.
21  *
22  * Redistribution and use in source and binary forms, with or without
23  * modification, are permitted provided that the following conditions
24  * are met:
25  * 1. Redistributions of source code must retain the copyright
26  *    notice, this list of conditions and the following disclaimer.
27  * 2. Redistributions in binary form must reproduce the above copyright
28  *    notice, this list of conditions and the following disclaimer in the
29  *    documentation and/or other materials provided with the distribution.
30  * 3. All advertising materials mentioning features or use of this software
31  *    must display the following acknowledgement:
32  *    "This product includes cryptographic software written by
33  *     Eric Young (eay@cryptsoft.com)"
34  *    The word 'cryptographic' can be left out if the rouines from the library
35  *    being used are not cryptographic related :-).
36  * 4. If you include any Windows specific code (or a derivative thereof) from
37  *    the apps directory (application code) you must include an acknowledgement:
38  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
39  *
40  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50  * SUCH DAMAGE.
51  *
52  * The licence and distribution terms for any publically available version or
53  * derivative of this code cannot be changed.  i.e. this code cannot simply be
54  * copied and put under another distribution licence
55  * [including the GNU Public Licence.] */
56 
57 #include <openssl/ripemd.h>
58 
59 #include <string.h>
60 
61 #include "../../crypto/internal.h"
62 #include "../../crypto/fipsmodule/digest/md32_common.h"
63 
64 
65 #define RIPEMD160_A 0x67452301L
66 #define RIPEMD160_B 0xEFCDAB89L
67 #define RIPEMD160_C 0x98BADCFEL
68 #define RIPEMD160_D 0x10325476L
69 #define RIPEMD160_E 0xC3D2E1F0L
70 
RIPEMD160_Init(RIPEMD160_CTX * ctx)71 int RIPEMD160_Init(RIPEMD160_CTX *ctx) {
72   OPENSSL_memset(ctx, 0, sizeof(*ctx));
73   ctx->h[0] = RIPEMD160_A;
74   ctx->h[1] = RIPEMD160_B;
75   ctx->h[2] = RIPEMD160_C;
76   ctx->h[3] = RIPEMD160_D;
77   ctx->h[4] = RIPEMD160_E;
78   return 1;
79 }
80 
81 static void ripemd160_block_data_order(uint32_t h[5], const uint8_t *data,
82                                        size_t num);
83 
RIPEMD160_Transform(RIPEMD160_CTX * c,const uint8_t data[RIPEMD160_CBLOCK])84 void RIPEMD160_Transform(RIPEMD160_CTX *c,
85                          const uint8_t data[RIPEMD160_CBLOCK]) {
86   ripemd160_block_data_order(c->h, data, 1);
87 }
88 
RIPEMD160_Update(RIPEMD160_CTX * c,const void * data,size_t len)89 int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, size_t len) {
90   crypto_md32_update(&ripemd160_block_data_order, c->h, c->data,
91                      RIPEMD160_CBLOCK, &c->num, &c->Nh, &c->Nl, data, len);
92   return 1;
93 }
94 
RIPEMD160_Final(uint8_t out[RIPEMD160_DIGEST_LENGTH],RIPEMD160_CTX * c)95 int RIPEMD160_Final(uint8_t out[RIPEMD160_DIGEST_LENGTH], RIPEMD160_CTX *c) {
96   crypto_md32_final(&ripemd160_block_data_order, c->h, c->data,
97                     RIPEMD160_CBLOCK, &c->num, c->Nh, c->Nl,
98                     /*is_big_endian=*/0);
99 
100   CRYPTO_store_u32_le(out, c->h[0]);
101   CRYPTO_store_u32_le(out + 4, c->h[1]);
102   CRYPTO_store_u32_le(out + 8, c->h[2]);
103   CRYPTO_store_u32_le(out + 12, c->h[3]);
104   CRYPTO_store_u32_le(out + 16, c->h[4]);
105   return 1;
106 }
107 
108 // Transformed F2 and F4 are courtesy of Wei Dai <weidai@eskimo.com>
109 #define F1(x, y, z) ((x) ^ (y) ^ (z))
110 #define F2(x, y, z) ((((y) ^ (z)) & (x)) ^ (z))
111 #define F3(x, y, z) (((~(y)) | (x)) ^ (z))
112 #define F4(x, y, z) ((((x) ^ (y)) & (z)) ^ (y))
113 #define F5(x, y, z) (((~(z)) | (y)) ^ (x))
114 
115 #define RIP1(a, b, c, d, e, w, s)  \
116   {                                \
117     a += F1(b, c, d) + X(w);       \
118     a = CRYPTO_rotl_u32(a, s) + e; \
119     c = CRYPTO_rotl_u32(c, 10);    \
120   }
121 
122 #define RIP2(a, b, c, d, e, w, s, K) \
123   {                                  \
124     a += F2(b, c, d) + X(w) + K;     \
125     a = CRYPTO_rotl_u32(a, s) + e;   \
126     c = CRYPTO_rotl_u32(c, 10);      \
127   }
128 
129 #define RIP3(a, b, c, d, e, w, s, K) \
130   {                                  \
131     a += F3(b, c, d) + X(w) + K;     \
132     a = CRYPTO_rotl_u32(a, s) + e;   \
133     c = CRYPTO_rotl_u32(c, 10);      \
134   }
135 
136 #define RIP4(a, b, c, d, e, w, s, K) \
137   {                                  \
138     a += F4(b, c, d) + X(w) + K;     \
139     a = CRYPTO_rotl_u32(a, s) + e;   \
140     c = CRYPTO_rotl_u32(c, 10);      \
141   }
142 
143 #define RIP5(a, b, c, d, e, w, s, K) \
144   {                                  \
145     a += F5(b, c, d) + X(w) + K;     \
146     a = CRYPTO_rotl_u32(a, s) + e;   \
147     c = CRYPTO_rotl_u32(c, 10);      \
148   }
149 
150 #define KL0 0x00000000L
151 #define KL1 0x5A827999L
152 #define KL2 0x6ED9EBA1L
153 #define KL3 0x8F1BBCDCL
154 #define KL4 0xA953FD4EL
155 
156 #define KR0 0x50A28BE6L
157 #define KR1 0x5C4DD124L
158 #define KR2 0x6D703EF3L
159 #define KR3 0x7A6D76E9L
160 #define KR4 0x00000000L
161 
162 #define WL00  0
163 #define SL00 11
164 #define WL01  1
165 #define SL01 14
166 #define WL02  2
167 #define SL02 15
168 #define WL03  3
169 #define SL03 12
170 #define WL04  4
171 #define SL04  5
172 #define WL05  5
173 #define SL05  8
174 #define WL06  6
175 #define SL06  7
176 #define WL07  7
177 #define SL07  9
178 #define WL08  8
179 #define SL08 11
180 #define WL09  9
181 #define SL09 13
182 #define WL10 10
183 #define SL10 14
184 #define WL11 11
185 #define SL11 15
186 #define WL12 12
187 #define SL12  6
188 #define WL13 13
189 #define SL13  7
190 #define WL14 14
191 #define SL14  9
192 #define WL15 15
193 #define SL15  8
194 
195 #define WL16  7
196 #define SL16  7
197 #define WL17  4
198 #define SL17  6
199 #define WL18 13
200 #define SL18  8
201 #define WL19  1
202 #define SL19 13
203 #define WL20 10
204 #define SL20 11
205 #define WL21  6
206 #define SL21  9
207 #define WL22 15
208 #define SL22  7
209 #define WL23  3
210 #define SL23 15
211 #define WL24 12
212 #define SL24  7
213 #define WL25  0
214 #define SL25 12
215 #define WL26  9
216 #define SL26 15
217 #define WL27  5
218 #define SL27  9
219 #define WL28  2
220 #define SL28 11
221 #define WL29 14
222 #define SL29  7
223 #define WL30 11
224 #define SL30 13
225 #define WL31  8
226 #define SL31 12
227 
228 #define WL32  3
229 #define SL32 11
230 #define WL33 10
231 #define SL33 13
232 #define WL34 14
233 #define SL34  6
234 #define WL35  4
235 #define SL35  7
236 #define WL36  9
237 #define SL36 14
238 #define WL37 15
239 #define SL37  9
240 #define WL38  8
241 #define SL38 13
242 #define WL39  1
243 #define SL39 15
244 #define WL40  2
245 #define SL40 14
246 #define WL41  7
247 #define SL41  8
248 #define WL42  0
249 #define SL42 13
250 #define WL43  6
251 #define SL43  6
252 #define WL44 13
253 #define SL44  5
254 #define WL45 11
255 #define SL45 12
256 #define WL46  5
257 #define SL46  7
258 #define WL47 12
259 #define SL47  5
260 
261 #define WL48  1
262 #define SL48 11
263 #define WL49  9
264 #define SL49 12
265 #define WL50 11
266 #define SL50 14
267 #define WL51 10
268 #define SL51 15
269 #define WL52  0
270 #define SL52 14
271 #define WL53  8
272 #define SL53 15
273 #define WL54 12
274 #define SL54  9
275 #define WL55  4
276 #define SL55  8
277 #define WL56 13
278 #define SL56  9
279 #define WL57  3
280 #define SL57 14
281 #define WL58  7
282 #define SL58  5
283 #define WL59 15
284 #define SL59  6
285 #define WL60 14
286 #define SL60  8
287 #define WL61  5
288 #define SL61  6
289 #define WL62  6
290 #define SL62  5
291 #define WL63  2
292 #define SL63 12
293 
294 #define WL64  4
295 #define SL64  9
296 #define WL65  0
297 #define SL65 15
298 #define WL66  5
299 #define SL66  5
300 #define WL67  9
301 #define SL67 11
302 #define WL68  7
303 #define SL68  6
304 #define WL69 12
305 #define SL69  8
306 #define WL70  2
307 #define SL70 13
308 #define WL71 10
309 #define SL71 12
310 #define WL72 14
311 #define SL72  5
312 #define WL73  1
313 #define SL73 12
314 #define WL74  3
315 #define SL74 13
316 #define WL75  8
317 #define SL75 14
318 #define WL76 11
319 #define SL76 11
320 #define WL77  6
321 #define SL77  8
322 #define WL78 15
323 #define SL78  5
324 #define WL79 13
325 #define SL79  6
326 
327 #define WR00  5
328 #define SR00  8
329 #define WR01 14
330 #define SR01  9
331 #define WR02  7
332 #define SR02  9
333 #define WR03  0
334 #define SR03 11
335 #define WR04  9
336 #define SR04 13
337 #define WR05  2
338 #define SR05 15
339 #define WR06 11
340 #define SR06 15
341 #define WR07  4
342 #define SR07  5
343 #define WR08 13
344 #define SR08  7
345 #define WR09  6
346 #define SR09  7
347 #define WR10 15
348 #define SR10  8
349 #define WR11  8
350 #define SR11 11
351 #define WR12  1
352 #define SR12 14
353 #define WR13 10
354 #define SR13 14
355 #define WR14  3
356 #define SR14 12
357 #define WR15 12
358 #define SR15  6
359 
360 #define WR16  6
361 #define SR16  9
362 #define WR17 11
363 #define SR17 13
364 #define WR18  3
365 #define SR18 15
366 #define WR19  7
367 #define SR19  7
368 #define WR20  0
369 #define SR20 12
370 #define WR21 13
371 #define SR21  8
372 #define WR22  5
373 #define SR22  9
374 #define WR23 10
375 #define SR23 11
376 #define WR24 14
377 #define SR24  7
378 #define WR25 15
379 #define SR25  7
380 #define WR26  8
381 #define SR26 12
382 #define WR27 12
383 #define SR27  7
384 #define WR28  4
385 #define SR28  6
386 #define WR29  9
387 #define SR29 15
388 #define WR30  1
389 #define SR30 13
390 #define WR31  2
391 #define SR31 11
392 
393 #define WR32 15
394 #define SR32  9
395 #define WR33  5
396 #define SR33  7
397 #define WR34  1
398 #define SR34 15
399 #define WR35  3
400 #define SR35 11
401 #define WR36  7
402 #define SR36  8
403 #define WR37 14
404 #define SR37  6
405 #define WR38  6
406 #define SR38  6
407 #define WR39  9
408 #define SR39 14
409 #define WR40 11
410 #define SR40 12
411 #define WR41  8
412 #define SR41 13
413 #define WR42 12
414 #define SR42  5
415 #define WR43  2
416 #define SR43 14
417 #define WR44 10
418 #define SR44 13
419 #define WR45  0
420 #define SR45 13
421 #define WR46  4
422 #define SR46  7
423 #define WR47 13
424 #define SR47  5
425 
426 #define WR48  8
427 #define SR48 15
428 #define WR49  6
429 #define SR49  5
430 #define WR50  4
431 #define SR50  8
432 #define WR51  1
433 #define SR51 11
434 #define WR52  3
435 #define SR52 14
436 #define WR53 11
437 #define SR53 14
438 #define WR54 15
439 #define SR54  6
440 #define WR55  0
441 #define SR55 14
442 #define WR56  5
443 #define SR56  6
444 #define WR57 12
445 #define SR57  9
446 #define WR58  2
447 #define SR58 12
448 #define WR59 13
449 #define SR59  9
450 #define WR60  9
451 #define SR60 12
452 #define WR61  7
453 #define SR61  5
454 #define WR62 10
455 #define SR62 15
456 #define WR63 14
457 #define SR63  8
458 
459 #define WR64 12
460 #define SR64  8
461 #define WR65 15
462 #define SR65  5
463 #define WR66 10
464 #define SR66 12
465 #define WR67  4
466 #define SR67  9
467 #define WR68  1
468 #define SR68 12
469 #define WR69  5
470 #define SR69  5
471 #define WR70  8
472 #define SR70 14
473 #define WR71  7
474 #define SR71  6
475 #define WR72  6
476 #define SR72  8
477 #define WR73  2
478 #define SR73 13
479 #define WR74 13
480 #define SR74  6
481 #define WR75 14
482 #define SR75  5
483 #define WR76  0
484 #define SR76 15
485 #define WR77  3
486 #define SR77 13
487 #define WR78  9
488 #define SR78 11
489 #define WR79 11
490 #define SR79 11
491 
ripemd160_block_data_order(uint32_t h[5],const uint8_t * data,size_t num)492 static void ripemd160_block_data_order(uint32_t h[5], const uint8_t *data,
493                                        size_t num) {
494   uint32_t A, B, C, D, E;
495   uint32_t a, b, c, d, e;
496   uint32_t XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, XX8, XX9, XX10, XX11, XX12,
497       XX13, XX14, XX15;
498 #define X(i) XX##i
499 
500   for (; num--;) {
501     A = h[0];
502     B = h[1];
503     C = h[2];
504     D = h[3];
505     E = h[4];
506 
507     X(0) = CRYPTO_load_u32_le(data);
508     data += 4;
509     X(1) = CRYPTO_load_u32_le(data);
510     data += 4;
511     RIP1(A, B, C, D, E, WL00, SL00);
512     X(2) = CRYPTO_load_u32_le(data);
513     data += 4;
514     RIP1(E, A, B, C, D, WL01, SL01);
515     X(3) = CRYPTO_load_u32_le(data);
516     data += 4;
517     RIP1(D, E, A, B, C, WL02, SL02);
518     X(4) = CRYPTO_load_u32_le(data);
519     data += 4;
520     RIP1(C, D, E, A, B, WL03, SL03);
521     X(5) = CRYPTO_load_u32_le(data);
522     data += 4;
523     RIP1(B, C, D, E, A, WL04, SL04);
524     X(6) = CRYPTO_load_u32_le(data);
525     data += 4;
526     RIP1(A, B, C, D, E, WL05, SL05);
527     X(7) = CRYPTO_load_u32_le(data);
528     data += 4;
529     RIP1(E, A, B, C, D, WL06, SL06);
530     X(8) = CRYPTO_load_u32_le(data);
531     data += 4;
532     RIP1(D, E, A, B, C, WL07, SL07);
533     X(9) = CRYPTO_load_u32_le(data);
534     data += 4;
535     RIP1(C, D, E, A, B, WL08, SL08);
536     X(10) = CRYPTO_load_u32_le(data);
537     data += 4;
538     RIP1(B, C, D, E, A, WL09, SL09);
539     X(11) = CRYPTO_load_u32_le(data);
540     data += 4;
541     RIP1(A, B, C, D, E, WL10, SL10);
542     X(12) = CRYPTO_load_u32_le(data);
543     data += 4;
544     RIP1(E, A, B, C, D, WL11, SL11);
545     X(13) = CRYPTO_load_u32_le(data);
546     data += 4;
547     RIP1(D, E, A, B, C, WL12, SL12);
548     X(14) = CRYPTO_load_u32_le(data);
549     data += 4;
550     RIP1(C, D, E, A, B, WL13, SL13);
551     X(15) = CRYPTO_load_u32_le(data);
552     data += 4;
553     RIP1(B, C, D, E, A, WL14, SL14);
554     RIP1(A, B, C, D, E, WL15, SL15);
555 
556     RIP2(E, A, B, C, D, WL16, SL16, KL1);
557     RIP2(D, E, A, B, C, WL17, SL17, KL1);
558     RIP2(C, D, E, A, B, WL18, SL18, KL1);
559     RIP2(B, C, D, E, A, WL19, SL19, KL1);
560     RIP2(A, B, C, D, E, WL20, SL20, KL1);
561     RIP2(E, A, B, C, D, WL21, SL21, KL1);
562     RIP2(D, E, A, B, C, WL22, SL22, KL1);
563     RIP2(C, D, E, A, B, WL23, SL23, KL1);
564     RIP2(B, C, D, E, A, WL24, SL24, KL1);
565     RIP2(A, B, C, D, E, WL25, SL25, KL1);
566     RIP2(E, A, B, C, D, WL26, SL26, KL1);
567     RIP2(D, E, A, B, C, WL27, SL27, KL1);
568     RIP2(C, D, E, A, B, WL28, SL28, KL1);
569     RIP2(B, C, D, E, A, WL29, SL29, KL1);
570     RIP2(A, B, C, D, E, WL30, SL30, KL1);
571     RIP2(E, A, B, C, D, WL31, SL31, KL1);
572 
573     RIP3(D, E, A, B, C, WL32, SL32, KL2);
574     RIP3(C, D, E, A, B, WL33, SL33, KL2);
575     RIP3(B, C, D, E, A, WL34, SL34, KL2);
576     RIP3(A, B, C, D, E, WL35, SL35, KL2);
577     RIP3(E, A, B, C, D, WL36, SL36, KL2);
578     RIP3(D, E, A, B, C, WL37, SL37, KL2);
579     RIP3(C, D, E, A, B, WL38, SL38, KL2);
580     RIP3(B, C, D, E, A, WL39, SL39, KL2);
581     RIP3(A, B, C, D, E, WL40, SL40, KL2);
582     RIP3(E, A, B, C, D, WL41, SL41, KL2);
583     RIP3(D, E, A, B, C, WL42, SL42, KL2);
584     RIP3(C, D, E, A, B, WL43, SL43, KL2);
585     RIP3(B, C, D, E, A, WL44, SL44, KL2);
586     RIP3(A, B, C, D, E, WL45, SL45, KL2);
587     RIP3(E, A, B, C, D, WL46, SL46, KL2);
588     RIP3(D, E, A, B, C, WL47, SL47, KL2);
589 
590     RIP4(C, D, E, A, B, WL48, SL48, KL3);
591     RIP4(B, C, D, E, A, WL49, SL49, KL3);
592     RIP4(A, B, C, D, E, WL50, SL50, KL3);
593     RIP4(E, A, B, C, D, WL51, SL51, KL3);
594     RIP4(D, E, A, B, C, WL52, SL52, KL3);
595     RIP4(C, D, E, A, B, WL53, SL53, KL3);
596     RIP4(B, C, D, E, A, WL54, SL54, KL3);
597     RIP4(A, B, C, D, E, WL55, SL55, KL3);
598     RIP4(E, A, B, C, D, WL56, SL56, KL3);
599     RIP4(D, E, A, B, C, WL57, SL57, KL3);
600     RIP4(C, D, E, A, B, WL58, SL58, KL3);
601     RIP4(B, C, D, E, A, WL59, SL59, KL3);
602     RIP4(A, B, C, D, E, WL60, SL60, KL3);
603     RIP4(E, A, B, C, D, WL61, SL61, KL3);
604     RIP4(D, E, A, B, C, WL62, SL62, KL3);
605     RIP4(C, D, E, A, B, WL63, SL63, KL3);
606 
607     RIP5(B, C, D, E, A, WL64, SL64, KL4);
608     RIP5(A, B, C, D, E, WL65, SL65, KL4);
609     RIP5(E, A, B, C, D, WL66, SL66, KL4);
610     RIP5(D, E, A, B, C, WL67, SL67, KL4);
611     RIP5(C, D, E, A, B, WL68, SL68, KL4);
612     RIP5(B, C, D, E, A, WL69, SL69, KL4);
613     RIP5(A, B, C, D, E, WL70, SL70, KL4);
614     RIP5(E, A, B, C, D, WL71, SL71, KL4);
615     RIP5(D, E, A, B, C, WL72, SL72, KL4);
616     RIP5(C, D, E, A, B, WL73, SL73, KL4);
617     RIP5(B, C, D, E, A, WL74, SL74, KL4);
618     RIP5(A, B, C, D, E, WL75, SL75, KL4);
619     RIP5(E, A, B, C, D, WL76, SL76, KL4);
620     RIP5(D, E, A, B, C, WL77, SL77, KL4);
621     RIP5(C, D, E, A, B, WL78, SL78, KL4);
622     RIP5(B, C, D, E, A, WL79, SL79, KL4);
623 
624     a = A;
625     b = B;
626     c = C;
627     d = D;
628     e = E;
629     // Do other half
630     A = h[0];
631     B = h[1];
632     C = h[2];
633     D = h[3];
634     E = h[4];
635 
636     RIP5(A, B, C, D, E, WR00, SR00, KR0);
637     RIP5(E, A, B, C, D, WR01, SR01, KR0);
638     RIP5(D, E, A, B, C, WR02, SR02, KR0);
639     RIP5(C, D, E, A, B, WR03, SR03, KR0);
640     RIP5(B, C, D, E, A, WR04, SR04, KR0);
641     RIP5(A, B, C, D, E, WR05, SR05, KR0);
642     RIP5(E, A, B, C, D, WR06, SR06, KR0);
643     RIP5(D, E, A, B, C, WR07, SR07, KR0);
644     RIP5(C, D, E, A, B, WR08, SR08, KR0);
645     RIP5(B, C, D, E, A, WR09, SR09, KR0);
646     RIP5(A, B, C, D, E, WR10, SR10, KR0);
647     RIP5(E, A, B, C, D, WR11, SR11, KR0);
648     RIP5(D, E, A, B, C, WR12, SR12, KR0);
649     RIP5(C, D, E, A, B, WR13, SR13, KR0);
650     RIP5(B, C, D, E, A, WR14, SR14, KR0);
651     RIP5(A, B, C, D, E, WR15, SR15, KR0);
652 
653     RIP4(E, A, B, C, D, WR16, SR16, KR1);
654     RIP4(D, E, A, B, C, WR17, SR17, KR1);
655     RIP4(C, D, E, A, B, WR18, SR18, KR1);
656     RIP4(B, C, D, E, A, WR19, SR19, KR1);
657     RIP4(A, B, C, D, E, WR20, SR20, KR1);
658     RIP4(E, A, B, C, D, WR21, SR21, KR1);
659     RIP4(D, E, A, B, C, WR22, SR22, KR1);
660     RIP4(C, D, E, A, B, WR23, SR23, KR1);
661     RIP4(B, C, D, E, A, WR24, SR24, KR1);
662     RIP4(A, B, C, D, E, WR25, SR25, KR1);
663     RIP4(E, A, B, C, D, WR26, SR26, KR1);
664     RIP4(D, E, A, B, C, WR27, SR27, KR1);
665     RIP4(C, D, E, A, B, WR28, SR28, KR1);
666     RIP4(B, C, D, E, A, WR29, SR29, KR1);
667     RIP4(A, B, C, D, E, WR30, SR30, KR1);
668     RIP4(E, A, B, C, D, WR31, SR31, KR1);
669 
670     RIP3(D, E, A, B, C, WR32, SR32, KR2);
671     RIP3(C, D, E, A, B, WR33, SR33, KR2);
672     RIP3(B, C, D, E, A, WR34, SR34, KR2);
673     RIP3(A, B, C, D, E, WR35, SR35, KR2);
674     RIP3(E, A, B, C, D, WR36, SR36, KR2);
675     RIP3(D, E, A, B, C, WR37, SR37, KR2);
676     RIP3(C, D, E, A, B, WR38, SR38, KR2);
677     RIP3(B, C, D, E, A, WR39, SR39, KR2);
678     RIP3(A, B, C, D, E, WR40, SR40, KR2);
679     RIP3(E, A, B, C, D, WR41, SR41, KR2);
680     RIP3(D, E, A, B, C, WR42, SR42, KR2);
681     RIP3(C, D, E, A, B, WR43, SR43, KR2);
682     RIP3(B, C, D, E, A, WR44, SR44, KR2);
683     RIP3(A, B, C, D, E, WR45, SR45, KR2);
684     RIP3(E, A, B, C, D, WR46, SR46, KR2);
685     RIP3(D, E, A, B, C, WR47, SR47, KR2);
686 
687     RIP2(C, D, E, A, B, WR48, SR48, KR3);
688     RIP2(B, C, D, E, A, WR49, SR49, KR3);
689     RIP2(A, B, C, D, E, WR50, SR50, KR3);
690     RIP2(E, A, B, C, D, WR51, SR51, KR3);
691     RIP2(D, E, A, B, C, WR52, SR52, KR3);
692     RIP2(C, D, E, A, B, WR53, SR53, KR3);
693     RIP2(B, C, D, E, A, WR54, SR54, KR3);
694     RIP2(A, B, C, D, E, WR55, SR55, KR3);
695     RIP2(E, A, B, C, D, WR56, SR56, KR3);
696     RIP2(D, E, A, B, C, WR57, SR57, KR3);
697     RIP2(C, D, E, A, B, WR58, SR58, KR3);
698     RIP2(B, C, D, E, A, WR59, SR59, KR3);
699     RIP2(A, B, C, D, E, WR60, SR60, KR3);
700     RIP2(E, A, B, C, D, WR61, SR61, KR3);
701     RIP2(D, E, A, B, C, WR62, SR62, KR3);
702     RIP2(C, D, E, A, B, WR63, SR63, KR3);
703 
704     RIP1(B, C, D, E, A, WR64, SR64);
705     RIP1(A, B, C, D, E, WR65, SR65);
706     RIP1(E, A, B, C, D, WR66, SR66);
707     RIP1(D, E, A, B, C, WR67, SR67);
708     RIP1(C, D, E, A, B, WR68, SR68);
709     RIP1(B, C, D, E, A, WR69, SR69);
710     RIP1(A, B, C, D, E, WR70, SR70);
711     RIP1(E, A, B, C, D, WR71, SR71);
712     RIP1(D, E, A, B, C, WR72, SR72);
713     RIP1(C, D, E, A, B, WR73, SR73);
714     RIP1(B, C, D, E, A, WR74, SR74);
715     RIP1(A, B, C, D, E, WR75, SR75);
716     RIP1(E, A, B, C, D, WR76, SR76);
717     RIP1(D, E, A, B, C, WR77, SR77);
718     RIP1(C, D, E, A, B, WR78, SR78);
719     RIP1(B, C, D, E, A, WR79, SR79);
720 
721     D = h[1] + c + D;
722     h[1] = h[2] + d + E;
723     h[2] = h[3] + e + A;
724     h[3] = h[4] + a + B;
725     h[4] = h[0] + b + C;
726     h[0] = D;
727   }
728 
729 #undef X
730 }
731 
RIPEMD160(const uint8_t * data,size_t len,uint8_t out[RIPEMD160_DIGEST_LENGTH])732 uint8_t *RIPEMD160(const uint8_t *data, size_t len,
733                    uint8_t out[RIPEMD160_DIGEST_LENGTH]) {
734   RIPEMD160_CTX ctx;
735 
736   if (!RIPEMD160_Init(&ctx)) {
737     return NULL;
738   }
739 
740   RIPEMD160_Update(&ctx, data, len);
741   RIPEMD160_Final(out, &ctx);
742   return out;
743 }
744