summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/modes/gcm128.c
diff options
context:
space:
mode:
authorjsing <>2025-04-25 08:19:22 +0000
committerjsing <>2025-04-25 08:19:22 +0000
commit1ce223ac672aba9e1d955ebac21162d281b013b2 (patch)
treeb486bdb2814aa982d936f7edc80b5835442558ef /src/lib/libcrypto/modes/gcm128.c
parentfa507d40374ff29342cd51b7f2db5f7ad373594d (diff)
downloadopenbsd-1ce223ac672aba9e1d955ebac21162d281b013b2.tar.gz
openbsd-1ce223ac672aba9e1d955ebac21162d281b013b2.tar.bz2
openbsd-1ce223ac672aba9e1d955ebac21162d281b013b2.zip
Use the OPENSSL_SMALL_FOOTPRINT code in gcm_init_4bit().
A modern compiler will unroll these loops - LLVM produces identical code (at least on arm64). Drop the manually unrolled version and have code that is more readable and maintainable. ok tb@
Diffstat (limited to 'src/lib/libcrypto/modes/gcm128.c')
-rw-r--r--src/lib/libcrypto/modes/gcm128.c34
1 files changed, 2 insertions, 32 deletions
diff --git a/src/lib/libcrypto/modes/gcm128.c b/src/lib/libcrypto/modes/gcm128.c
index fb03f72754..db1f2b9a1c 100644
--- a/src/lib/libcrypto/modes/gcm128.c
+++ b/src/lib/libcrypto/modes/gcm128.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: gcm128.c,v 1.32 2025/04/23 14:15:19 jsing Exp $ */ 1/* $OpenBSD: gcm128.c,v 1.33 2025/04/25 08:19:22 jsing Exp $ */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 2010 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 2010 The OpenSSL Project. All rights reserved.
4 * 4 *
@@ -232,16 +232,13 @@ static void
232gcm_init_4bit(u128 Htable[16], u64 H[2]) 232gcm_init_4bit(u128 Htable[16], u64 H[2])
233{ 233{
234 u128 V; 234 u128 V;
235#if defined(OPENSSL_SMALL_FOOTPRINT)
236 int i; 235 int i;
237#endif
238 236
239 Htable[0].hi = 0; 237 Htable[0].hi = 0;
240 Htable[0].lo = 0; 238 Htable[0].lo = 0;
241 V.hi = H[0]; 239 V.hi = H[0];
242 V.lo = H[1]; 240 V.lo = H[1];
243 241
244#if defined(OPENSSL_SMALL_FOOTPRINT)
245 for (Htable[8] = V, i = 4; i > 0; i >>= 1) { 242 for (Htable[8] = V, i = 4; i > 0; i >>= 1) {
246 REDUCE1BIT(V); 243 REDUCE1BIT(V);
247 Htable[i] = V; 244 Htable[i] = V;
@@ -255,34 +252,7 @@ gcm_init_4bit(u128 Htable[16], u64 H[2])
255 Hi[j].lo = V.lo ^ Htable[j].lo; 252 Hi[j].lo = V.lo ^ Htable[j].lo;
256 } 253 }
257 } 254 }
258#else 255
259 Htable[8] = V;
260 REDUCE1BIT(V);
261 Htable[4] = V;
262 REDUCE1BIT(V);
263 Htable[2] = V;
264 REDUCE1BIT(V);
265 Htable[1] = V;
266 Htable[3].hi = V.hi ^ Htable[2].hi, Htable[3].lo = V.lo ^ Htable[2].lo;
267 V = Htable[4];
268 Htable[5].hi = V.hi ^ Htable[1].hi, Htable[5].lo = V.lo ^ Htable[1].lo;
269 Htable[6].hi = V.hi ^ Htable[2].hi, Htable[6].lo = V.lo ^ Htable[2].lo;
270 Htable[7].hi = V.hi ^ Htable[3].hi, Htable[7].lo = V.lo ^ Htable[3].lo;
271 V = Htable[8];
272 Htable[9].hi = V.hi ^ Htable[1].hi, Htable[9].lo = V.lo ^ Htable[1].lo;
273 Htable[10].hi = V.hi ^ Htable[2].hi,
274 Htable[10].lo = V.lo ^ Htable[2].lo;
275 Htable[11].hi = V.hi ^ Htable[3].hi,
276 Htable[11].lo = V.lo ^ Htable[3].lo;
277 Htable[12].hi = V.hi ^ Htable[4].hi,
278 Htable[12].lo = V.lo ^ Htable[4].lo;
279 Htable[13].hi = V.hi ^ Htable[5].hi,
280 Htable[13].lo = V.lo ^ Htable[5].lo;
281 Htable[14].hi = V.hi ^ Htable[6].hi,
282 Htable[14].lo = V.lo ^ Htable[6].lo;
283 Htable[15].hi = V.hi ^ Htable[7].hi,
284 Htable[15].lo = V.lo ^ Htable[7].lo;
285#endif
286#if defined(GHASH_ASM) && (defined(__arm__) || defined(__arm)) 256#if defined(GHASH_ASM) && (defined(__arm__) || defined(__arm))
287 /* 257 /*
288 * ARM assembler expects specific dword order in Htable. 258 * ARM assembler expects specific dword order in Htable.
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-30 18:04:41 +0000