generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

modes/gcm128.c: harmonize ctx->ghash assignment, shortcut *_ctr32

Browse Source 
in OPENSSL_SMALL_FOOTPRINT build, remove undesired reformat artefact
and inconsistency in pre-processor logic.

Reviewed-by: Rich Salz <rsalz@openssl.org>
This commit is contained in:
Andy Polyakov 2015-01-25 15:48:42 +01:00
parent b2991c081a
commit 2e635aa81c
1 changed files with 104 additions and 118 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

222
crypto/modes/gcm128.c
View File

@ -148,9 +148,7 @@ static void gcm_gmult_8bit(u64 Xi[2], const u128 Htable[256])
const union { const union {
long one; long one;
char little; char little;
} is_endian = { } is_endian = { 1 };
1
};
static const size_t rem_8bit[256] = { static const size_t rem_8bit[256] = {
PACK(0x0000), PACK(0x01C2), PACK(0x0384), PACK(0x0246), PACK(0x0000), PACK(0x01C2), PACK(0x0384), PACK(0x0246),
PACK(0x0708), PACK(0x06CA), PACK(0x048C), PACK(0x054E), PACK(0x0708), PACK(0x06CA), PACK(0x048C), PACK(0x054E),
@ -319,9 +317,7 @@ static void gcm_init_4bit(u128 Htable[16], u64 H[2])
const union { const union {
long one; long one;
char little; char little;
} is_endian = { } is_endian = { 1 };
1
};
if (is_endian.little) if (is_endian.little)
for (j = 0; j < 16; ++j) { for (j = 0; j < 16; ++j) {
@ -354,9 +350,7 @@ static void gcm_gmult_4bit(u64 Xi[2], const u128 Htable[16])
const union { const union {
long one; long one;
char little; char little;
} is_endian = { } is_endian = { 1 };
1
};
nlo = ((const u8 *)Xi)[15]; nlo = ((const u8 *)Xi)[15];
nhi = nlo >> 4; nhi = nlo >> 4;
@ -435,9 +429,7 @@ static void gcm_ghash_4bit(u64 Xi[2], const u128 Htable[16],
const union { const union {
long one; long one;
char little; char little;
} is_endian = { } is_endian = { 1 };
1
};
# if 1 # if 1
do { do {
@ -627,9 +619,7 @@ static void gcm_gmult_1bit(u64 Xi[2], const u64 H[2])
const union { const union {
long one; long one;
char little; char little;
} is_endian = { } is_endian = { 1 };
1
};
V.hi = H[0]; /* H is in host byte order, no byte swapping */ V.hi = H[0]; /* H is in host byte order, no byte swapping */
V.lo = H[1]; V.lo = H[1];
@ -772,9 +762,7 @@ void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, void *key, block128_f block)
const union { const union {
long one; long one;
char little; char little;
} is_endian = { } is_endian = { 1 };
1
};
memset(ctx, 0, sizeof(*ctx)); memset(ctx, 0, sizeof(*ctx));
ctx->block = block; ctx->block = block;
@ -799,6 +787,11 @@ void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, void *key, block128_f block)
#if TABLE_BITS==8 #if TABLE_BITS==8
gcm_init_8bit(ctx->Htable, ctx->H.u); gcm_init_8bit(ctx->Htable, ctx->H.u);
#elif TABLE_BITS==4 #elif TABLE_BITS==4
# if defined(GHASH)
# define CTX__GHASH(f) (ctx->ghash = (f))
# else
# define CTX__GHASH(f) (ctx->ghash = NULL)
# endif
# if defined(GHASH_ASM_X86_OR_64) # if defined(GHASH_ASM_X86_OR_64)
# if !defined(GHASH_ASM_X86) || defined(OPENSSL_IA32_SSE2) # if !defined(GHASH_ASM_X86) || defined(OPENSSL_IA32_SSE2)
if (OPENSSL_ia32cap_P[0] & (1 << 24) && /* check FXSR bit */ if (OPENSSL_ia32cap_P[0] & (1 << 24) && /* check FXSR bit */
@ -806,11 +799,11 @@ void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, void *key, block128_f block)
if (((OPENSSL_ia32cap_P[1] >> 22) & 0x41) == 0x41) { /* AVX+MOVBE */ if (((OPENSSL_ia32cap_P[1] >> 22) & 0x41) == 0x41) { /* AVX+MOVBE */
gcm_init_avx(ctx->Htable, ctx->H.u); gcm_init_avx(ctx->Htable, ctx->H.u);
ctx->gmult = gcm_gmult_avx; ctx->gmult = gcm_gmult_avx;
ctx->ghash = gcm_ghash_avx; CTX__GHASH(gcm_ghash_avx);
} else { } else {
gcm_init_clmul(ctx->Htable, ctx->H.u); gcm_init_clmul(ctx->Htable, ctx->H.u);
ctx->gmult = gcm_gmult_clmul; ctx->gmult = gcm_gmult_clmul;
ctx->ghash = gcm_ghash_clmul; CTX__GHASH(gcm_ghash_clmul);
} }
return; return;
} }
@ -823,66 +816,59 @@ void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, void *key, block128_f block)
if (OPENSSL_ia32cap_P[0] & (1 << 23)) { /* check MMX bit */ if (OPENSSL_ia32cap_P[0] & (1 << 23)) { /* check MMX bit */
# endif # endif
ctx->gmult = gcm_gmult_4bit_mmx; ctx->gmult = gcm_gmult_4bit_mmx;
ctx->ghash = gcm_ghash_4bit_mmx; CTX__GHASH(gcm_ghash_4bit_mmx);
} else { } else {
ctx->gmult = gcm_gmult_4bit_x86; ctx->gmult = gcm_gmult_4bit_x86;
ctx->ghash = gcm_ghash_4bit_x86; CTX__GHASH(gcm_ghash_4bit_x86);
} }
# else # else
ctx->gmult = gcm_gmult_4bit; ctx->gmult = gcm_gmult_4bit;
ctx->ghash = gcm_ghash_4bit; CTX__GHASH(gcm_ghash_4bit);
# endif # endif
# elif defined(GHASH_ASM_ARM) # elif defined(GHASH_ASM_ARM)
# ifdef PMULL_CAPABLE # ifdef PMULL_CAPABLE
if (PMULL_CAPABLE) { if (PMULL_CAPABLE) {
gcm_init_v8(ctx->Htable, ctx->H.u); gcm_init_v8(ctx->Htable, ctx->H.u);
ctx->gmult = gcm_gmult_v8; ctx->gmult = gcm_gmult_v8;
ctx->ghash = gcm_ghash_v8; CTX__GHASH(gcm_ghash_v8);
} else } else
# endif # endif
# ifdef NEON_CAPABLE # ifdef NEON_CAPABLE
if (NEON_CAPABLE) { if (NEON_CAPABLE) {
gcm_init_neon(ctx->Htable, ctx->H.u); gcm_init_neon(ctx->Htable, ctx->H.u);
ctx->gmult = gcm_gmult_neon; ctx->gmult = gcm_gmult_neon;
ctx->ghash = gcm_ghash_neon; CTX__GHASH(gcm_ghash_neon);
} else } else
# endif # endif
{ {
gcm_init_4bit(ctx->Htable, ctx->H.u); gcm_init_4bit(ctx->Htable, ctx->H.u);
ctx->gmult = gcm_gmult_4bit; ctx->gmult = gcm_gmult_4bit;
# if defined(GHASH) CTX__GHASH(gcm_ghash_4bit);
ctx->ghash = gcm_ghash_4bit;
# else
ctx->ghash = NULL;
# endif
} }
# elif defined(GHASH_ASM_SPARC) # elif defined(GHASH_ASM_SPARC)
if (OPENSSL_sparcv9cap_P[0] & SPARCV9_VIS3) { if (OPENSSL_sparcv9cap_P[0] & SPARCV9_VIS3) {
gcm_init_vis3(ctx->Htable, ctx->H.u); gcm_init_vis3(ctx->Htable, ctx->H.u);
ctx->gmult = gcm_gmult_vis3; ctx->gmult = gcm_gmult_vis3;
ctx->ghash = gcm_ghash_vis3; CTX__GHASH(gcm_ghash_vis3);
} else { } else {
gcm_init_4bit(ctx->Htable, ctx->H.u); gcm_init_4bit(ctx->Htable, ctx->H.u);
ctx->gmult = gcm_gmult_4bit; ctx->gmult = gcm_gmult_4bit;
ctx->ghash = gcm_ghash_4bit; CTX__GHASH(gcm_ghash_4bit);
} }
# elif defined(GHASH_ASM_PPC) # elif defined(GHASH_ASM_PPC)
if (OPENSSL_ppccap_P & PPC_CRYPTO207) { if (OPENSSL_ppccap_P & PPC_CRYPTO207) {
gcm_init_p8(ctx->Htable, ctx->H.u); gcm_init_p8(ctx->Htable, ctx->H.u);
ctx->gmult = gcm_gmult_p8; ctx->gmult = gcm_gmult_p8;
ctx->ghash = gcm_ghash_p8; CTX__GHASH(gcm_ghash_p8);
} else { } else {
gcm_init_4bit(ctx->Htable, ctx->H.u); gcm_init_4bit(ctx->Htable, ctx->H.u);
ctx->gmult = gcm_gmult_4bit; ctx->gmult = gcm_gmult_4bit;
# if defined(GHASH) CTX__GHASH(gcm_ghash_4bit);
ctx->ghash = gcm_ghash_4bit;
# else
ctx->ghash = NULL;
# endif
} }
# else # else
gcm_init_4bit(ctx->Htable, ctx->H.u); gcm_init_4bit(ctx->Htable, ctx->H.u);
# endif # endif
# undef CTX__GHASH
#endif #endif
} }
@ -892,9 +878,7 @@ void CRYPTO_gcm128_setiv(GCM128_CONTEXT *ctx, const unsigned char *iv,
const union { const union {
long one; long one;
char little; char little;
} is_endian = { } is_endian = { 1 };
1
};
unsigned int ctr; unsigned int ctr;
#ifdef GCM_FUNCREF_4BIT #ifdef GCM_FUNCREF_4BIT
void (*gcm_gmult_p) (u64 Xi[2], const u128 Htable[16]) = ctx->gmult; void (*gcm_gmult_p) (u64 Xi[2], const u128 Htable[16]) = ctx->gmult;
@ -1038,9 +1022,7 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
const union { const union {
long one; long one;
char little; char little;
} is_endian = { } is_endian = { 1 };
1
};
unsigned int n, ctr; unsigned int n, ctr;
size_t i; size_t i;
u64 mlen = ctx->len.u[1]; u64 mlen = ctx->len.u[1];
@ -1048,7 +1030,7 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
void *key = ctx->key; void *key = ctx->key;
#ifdef GCM_FUNCREF_4BIT #ifdef GCM_FUNCREF_4BIT
void (*gcm_gmult_p) (u64 Xi[2], const u128 Htable[16]) = ctx->gmult; void (*gcm_gmult_p) (u64 Xi[2], const u128 Htable[16]) = ctx->gmult;
# ifdef GHASH # if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT)
void (*gcm_ghash_p) (u64 Xi[2], const u128 Htable[16], void (*gcm_ghash_p) (u64 Xi[2], const u128 Htable[16],
const u8 *inp, size_t len) = ctx->ghash; const u8 *inp, size_t len) = ctx->ghash;
# endif # endif
@ -1098,7 +1080,8 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
if (((size_t)in | (size_t)out) % sizeof(size_t) != 0) if (((size_t)in | (size_t)out) % sizeof(size_t) != 0)
break; break;
# endif # endif
# if defined(GHASH) && defined(GHASH_CHUNK) # if defined(GHASH)
# if defined(GHASH_CHUNK)
while (len >= GHASH_CHUNK) { while (len >= GHASH_CHUNK) {
size_t j = GHASH_CHUNK; size_t j = GHASH_CHUNK;
@ -1109,11 +1092,11 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
(*block) (ctx->Yi.c, ctx->EKi.c, key); (*block) (ctx->Yi.c, ctx->EKi.c, key);
++ctr; ++ctr;
if (is_endian.little) if (is_endian.little)
# ifdef BSWAP4 # ifdef BSWAP4
ctx->Yi.d[3] = BSWAP4(ctr); ctx->Yi.d[3] = BSWAP4(ctr);
# else # else
PUTU32(ctx->Yi.c + 12, ctr); PUTU32(ctx->Yi.c + 12, ctr);
# endif # endif
else else
ctx->Yi.d[3] = ctr; ctx->Yi.d[3] = ctr;
for (i = 0; i < 16 / sizeof(size_t); ++i) for (i = 0; i < 16 / sizeof(size_t); ++i)
@ -1125,6 +1108,7 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
GHASH(ctx, out - GHASH_CHUNK, GHASH_CHUNK); GHASH(ctx, out - GHASH_CHUNK, GHASH_CHUNK);
len -= GHASH_CHUNK; len -= GHASH_CHUNK;
} }
# endif
if ((i = (len & (size_t)-16))) { if ((i = (len & (size_t)-16))) {
size_t j = i; size_t j = i;
@ -1225,9 +1209,7 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
const union { const union {
long one; long one;
char little; char little;
} is_endian = { } is_endian = { 1 };
1
};
unsigned int n, ctr; unsigned int n, ctr;
size_t i; size_t i;
u64 mlen = ctx->len.u[1]; u64 mlen = ctx->len.u[1];
@ -1235,7 +1217,7 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
void *key = ctx->key; void *key = ctx->key;
#ifdef GCM_FUNCREF_4BIT #ifdef GCM_FUNCREF_4BIT
void (*gcm_gmult_p) (u64 Xi[2], const u128 Htable[16]) = ctx->gmult; void (*gcm_gmult_p) (u64 Xi[2], const u128 Htable[16]) = ctx->gmult;
# ifdef GHASH # if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT)
void (*gcm_ghash_p) (u64 Xi[2], const u128 Htable[16], void (*gcm_ghash_p) (u64 Xi[2], const u128 Htable[16],
const u8 *inp, size_t len) = ctx->ghash; const u8 *inp, size_t len) = ctx->ghash;
# endif # endif
@ -1284,7 +1266,8 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
if (((size_t)in | (size_t)out) % sizeof(size_t) != 0) if (((size_t)in | (size_t)out) % sizeof(size_t) != 0)
break; break;
# endif # endif
# if defined(GHASH) && defined(GHASH_CHUNK) # if defined(GHASH)
# if defined(GHASH_CHUNK)
while (len >= GHASH_CHUNK) { while (len >= GHASH_CHUNK) {
size_t j = GHASH_CHUNK; size_t j = GHASH_CHUNK;
@ -1296,11 +1279,11 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
(*block) (ctx->Yi.c, ctx->EKi.c, key); (*block) (ctx->Yi.c, ctx->EKi.c, key);
++ctr; ++ctr;
if (is_endian.little) if (is_endian.little)
# ifdef BSWAP4 # ifdef BSWAP4
ctx->Yi.d[3] = BSWAP4(ctr); ctx->Yi.d[3] = BSWAP4(ctr);
# else # else
PUTU32(ctx->Yi.c + 12, ctr); PUTU32(ctx->Yi.c + 12, ctr);
# endif # endif
else else
ctx->Yi.d[3] = ctr; ctx->Yi.d[3] = ctr;
for (i = 0; i < 16 / sizeof(size_t); ++i) for (i = 0; i < 16 / sizeof(size_t); ++i)
@ -1311,6 +1294,7 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
} }
len -= GHASH_CHUNK; len -= GHASH_CHUNK;
} }
# endif
if ((i = (len & (size_t)-16))) { if ((i = (len & (size_t)-16))) {
GHASH(ctx, in, i); GHASH(ctx, in, i);
while (len >= 16) { while (len >= 16) {
@ -1414,23 +1398,24 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx,
const unsigned char *in, unsigned char *out, const unsigned char *in, unsigned char *out,
size_t len, ctr128_f stream) size_t len, ctr128_f stream)
{ {
#if defined(OPENSSL_SMALL_FOOTPRINT)
return CRYPTO_gcm128_encrypt(ctx, in, out, len);
#else
const union { const union {
long one; long one;
char little; char little;
} is_endian = { } is_endian = { 1 };
1
};
unsigned int n, ctr; unsigned int n, ctr;
size_t i; size_t i;
u64 mlen = ctx->len.u[1]; u64 mlen = ctx->len.u[1];
void *key = ctx->key; void *key = ctx->key;
#ifdef GCM_FUNCREF_4BIT # ifdef GCM_FUNCREF_4BIT
void (*gcm_gmult_p) (u64 Xi[2], const u128 Htable[16]) = ctx->gmult; void (*gcm_gmult_p) (u64 Xi[2], const u128 Htable[16]) = ctx->gmult;
# ifdef GHASH # ifdef GHASH
void (*gcm_ghash_p) (u64 Xi[2], const u128 Htable[16], void (*gcm_ghash_p) (u64 Xi[2], const u128 Htable[16],
const u8 *inp, size_t len) = ctx->ghash; const u8 *inp, size_t len) = ctx->ghash;
# endif
# endif # endif
#endif
mlen += len; mlen += len;
if (mlen > ((U64(1) << 36) - 32) || (sizeof(len) == 8 && mlen < len)) if (mlen > ((U64(1) << 36) - 32) || (sizeof(len) == 8 && mlen < len))
@ -1444,11 +1429,11 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx,
} }
if (is_endian.little) if (is_endian.little)
#ifdef BSWAP4 # ifdef BSWAP4
ctr = BSWAP4(ctx->Yi.d[3]); ctr = BSWAP4(ctx->Yi.d[3]);
#else # else
ctr = GETU32(ctx->Yi.c + 12); ctr = GETU32(ctx->Yi.c + 12);
#endif # endif
else else
ctr = ctx->Yi.d[3]; ctr = ctx->Yi.d[3];
@ -1466,60 +1451,60 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx,
return 0; return 0;
} }
} }
#if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT) # if defined(GHASH) && defined(GHASH_CHUNK)
while (len >= GHASH_CHUNK) { while (len >= GHASH_CHUNK) {
(*stream) (in, out, GHASH_CHUNK / 16, key, ctx->Yi.c); (*stream) (in, out, GHASH_CHUNK / 16, key, ctx->Yi.c);
ctr += GHASH_CHUNK / 16; ctr += GHASH_CHUNK / 16;
if (is_endian.little) if (is_endian.little)
# ifdef BSWAP4
ctx->Yi.d[3] = BSWAP4(ctr);
# else
PUTU32(ctx->Yi.c + 12, ctr);
# endif
else
ctx->Yi.d[3] = ctr;
GHASH(ctx, out, GHASH_CHUNK);
out += GHASH_CHUNK;
in += GHASH_CHUNK;
len -= GHASH_CHUNK;
}
# endif
if ((i = (len & (size_t)-16))) {
size_t j = i / 16;
(*stream) (in, out, j, key, ctx->Yi.c);
ctr += (unsigned int)j;
if (is_endian.little)
# ifdef BSWAP4 # ifdef BSWAP4
ctx->Yi.d[3] = BSWAP4(ctr); ctx->Yi.d[3] = BSWAP4(ctr);
# else # else
PUTU32(ctx->Yi.c + 12, ctr); PUTU32(ctx->Yi.c + 12, ctr);
# endif # endif
else
ctx->Yi.d[3] = ctr;
GHASH(ctx, out, GHASH_CHUNK);
out += GHASH_CHUNK;
in += GHASH_CHUNK;
len -= GHASH_CHUNK;
}
#endif
if ((i = (len & (size_t)-16))) {
size_t j = i / 16;
(*stream) (in, out, j, key, ctx->Yi.c);
ctr += (unsigned int)j;
if (is_endian.little)
#ifdef BSWAP4
ctx->Yi.d[3] = BSWAP4(ctr);
#else
PUTU32(ctx->Yi.c + 12, ctr);
#endif
else else
ctx->Yi.d[3] = ctr; ctx->Yi.d[3] = ctr;
in += i; in += i;
len -= i; len -= i;
#if defined(GHASH) # if defined(GHASH)
GHASH(ctx, out, i); GHASH(ctx, out, i);
out += i; out += i;
#else # else
while (j--) { while (j--) {
for (i = 0; i < 16; ++i) for (i = 0; i < 16; ++i)
ctx->Xi.c[i] ^= out[i]; ctx->Xi.c[i] ^= out[i];
GCM_MUL(ctx, Xi); GCM_MUL(ctx, Xi);
out += 16; out += 16;
} }
#endif # endif
} }
if (len) { if (len) {
(*ctx->block) (ctx->Yi.c, ctx->EKi.c, key); (*ctx->block) (ctx->Yi.c, ctx->EKi.c, key);
++ctr; ++ctr;
if (is_endian.little) if (is_endian.little)
#ifdef BSWAP4 # ifdef BSWAP4
ctx->Yi.d[3] = BSWAP4(ctr); ctx->Yi.d[3] = BSWAP4(ctr);
#else # else
PUTU32(ctx->Yi.c + 12, ctr); PUTU32(ctx->Yi.c + 12, ctr);
#endif # endif
else else
ctx->Yi.d[3] = ctr; ctx->Yi.d[3] = ctr;
while (len--) { while (len--) {
@ -1530,29 +1515,31 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx,
ctx->mres = n; ctx->mres = n;
return 0; return 0;
#endif
} }
int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx,
const unsigned char *in, unsigned char *out, const unsigned char *in, unsigned char *out,
size_t len, ctr128_f stream) size_t len, ctr128_f stream)
{ {
#if defined(OPENSSL_SMALL_FOOTPRINT)
return CRYPTO_gcm128_decrypt(ctx, in, out, len);
#else
const union { const union {
long one; long one;
char little; char little;
} is_endian = { } is_endian = { 1 };
1
};
unsigned int n, ctr; unsigned int n, ctr;
size_t i; size_t i;
u64 mlen = ctx->len.u[1]; u64 mlen = ctx->len.u[1];
void *key = ctx->key; void *key = ctx->key;
#ifdef GCM_FUNCREF_4BIT # ifdef GCM_FUNCREF_4BIT
void (*gcm_gmult_p) (u64 Xi[2], const u128 Htable[16]) = ctx->gmult; void (*gcm_gmult_p) (u64 Xi[2], const u128 Htable[16]) = ctx->gmult;
# ifdef GHASH # ifdef GHASH
void (*gcm_ghash_p) (u64 Xi[2], const u128 Htable[16], void (*gcm_ghash_p) (u64 Xi[2], const u128 Htable[16],
const u8 *inp, size_t len) = ctx->ghash; const u8 *inp, size_t len) = ctx->ghash;
# endif
# endif # endif
#endif
mlen += len; mlen += len;
if (mlen > ((U64(1) << 36) - 32) || (sizeof(len) == 8 && mlen < len)) if (mlen > ((U64(1) << 36) - 32) || (sizeof(len) == 8 && mlen < len))
@ -1566,11 +1553,11 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx,
} }
if (is_endian.little) if (is_endian.little)
#ifdef BSWAP4 # ifdef BSWAP4
ctr = BSWAP4(ctx->Yi.d[3]); ctr = BSWAP4(ctx->Yi.d[3]);
#else # else
ctr = GETU32(ctx->Yi.c + 12); ctr = GETU32(ctx->Yi.c + 12);
#endif # endif
else else
ctr = ctx->Yi.d[3]; ctr = ctx->Yi.d[3];
@ -1590,30 +1577,30 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx,
return 0; return 0;
} }
} }
#if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT) # if defined(GHASH) && defined(GHASH_CHUNK)
while (len >= GHASH_CHUNK) { while (len >= GHASH_CHUNK) {
GHASH(ctx, in, GHASH_CHUNK); GHASH(ctx, in, GHASH_CHUNK);
(*stream) (in, out, GHASH_CHUNK / 16, key, ctx->Yi.c); (*stream) (in, out, GHASH_CHUNK / 16, key, ctx->Yi.c);
ctr += GHASH_CHUNK / 16; ctr += GHASH_CHUNK / 16;
if (is_endian.little) if (is_endian.little)
# ifdef BSWAP4 # ifdef BSWAP4
ctx->Yi.d[3] = BSWAP4(ctr); ctx->Yi.d[3] = BSWAP4(ctr);
# else # else
PUTU32(ctx->Yi.c + 12, ctr); PUTU32(ctx->Yi.c + 12, ctr);
# endif # endif
else else
ctx->Yi.d[3] = ctr; ctx->Yi.d[3] = ctr;
out += GHASH_CHUNK; out += GHASH_CHUNK;
in += GHASH_CHUNK; in += GHASH_CHUNK;
len -= GHASH_CHUNK; len -= GHASH_CHUNK;
} }
#endif # endif
if ((i = (len & (size_t)-16))) { if ((i = (len & (size_t)-16))) {
size_t j = i / 16; size_t j = i / 16;
#if defined(GHASH) # if defined(GHASH)
GHASH(ctx, in, i); GHASH(ctx, in, i);
#else # else
while (j--) { while (j--) {
size_t k; size_t k;
for (k = 0; k < 16; ++k) for (k = 0; k < 16; ++k)
@ -1623,15 +1610,15 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx,
} }
j = i / 16; j = i / 16;
in -= i; in -= i;
#endif # endif
(*stream) (in, out, j, key, ctx->Yi.c); (*stream) (in, out, j, key, ctx->Yi.c);
ctr += (unsigned int)j; ctr += (unsigned int)j;
if (is_endian.little) if (is_endian.little)
#ifdef BSWAP4 # ifdef BSWAP4
ctx->Yi.d[3] = BSWAP4(ctr); ctx->Yi.d[3] = BSWAP4(ctr);
#else # else
PUTU32(ctx->Yi.c + 12, ctr); PUTU32(ctx->Yi.c + 12, ctr);
#endif # endif
else else
ctx->Yi.d[3] = ctr; ctx->Yi.d[3] = ctr;
out += i; out += i;
@ -1642,11 +1629,11 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx,
(*ctx->block) (ctx->Yi.c, ctx->EKi.c, key); (*ctx->block) (ctx->Yi.c, ctx->EKi.c, key);
++ctr; ++ctr;
if (is_endian.little) if (is_endian.little)
#ifdef BSWAP4 # ifdef BSWAP4
ctx->Yi.d[3] = BSWAP4(ctr); ctx->Yi.d[3] = BSWAP4(ctr);
#else # else
PUTU32(ctx->Yi.c + 12, ctr); PUTU32(ctx->Yi.c + 12, ctr);
#endif # endif
else else
ctx->Yi.d[3] = ctr; ctx->Yi.d[3] = ctr;
while (len--) { while (len--) {
@ -1659,6 +1646,7 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx,
ctx->mres = n; ctx->mres = n;
return 0; return 0;
#endif
} }
int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx, const unsigned char *tag, int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx, const unsigned char *tag,
@ -1667,9 +1655,7 @@ int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx, const unsigned char *tag,
const union { const union {
long one; long one;
char little; char little;
} is_endian = { } is_endian = { 1 };
1
};
u64 alen = ctx->len.u[0] << 3; u64 alen = ctx->len.u[0] << 3;
u64 clen = ctx->len.u[1] << 3; u64 clen = ctx->len.u[1] << 3;
#ifdef GCM_FUNCREF_4BIT #ifdef GCM_FUNCREF_4BIT