diff options
| author | miod <> | 2014-04-23 18:40:39 +0000 |
|---|---|---|
| committer | miod <> | 2014-04-23 18:40:39 +0000 |
| commit | 7f5d17891e05458836147cd2b05889fde1e7be19 (patch) | |
| tree | e1e4b99a334105ef85f59fe57d8b382b9d71b773 /src/lib/libcrypto/modes/gcm128.c | |
| parent | 909fa81274d3ab37a13fd6a376b38c3652c1ec4f (diff) | |
| download | openbsd-7f5d17891e05458836147cd2b05889fde1e7be19.tar.gz openbsd-7f5d17891e05458836147cd2b05889fde1e7be19.tar.bz2 openbsd-7f5d17891e05458836147cd2b05889fde1e7be19.zip | |
Figure out endianness at compile-time, using _BYTE_ORDER from
<machine/endian.h>, rather than writing 1 to a 32-bit variable and checking
whether the first byte is nonzero.
tweaks and ok matthew@; ok beck@ tedu@
Diffstat (limited to 'src/lib/libcrypto/modes/gcm128.c')
| -rw-r--r-- | src/lib/libcrypto/modes/gcm128.c | 75 |
1 files changed, 31 insertions, 44 deletions
diff --git a/src/lib/libcrypto/modes/gcm128.c b/src/lib/libcrypto/modes/gcm128.c index a495db110f..92b7f4f3c8 100644 --- a/src/lib/libcrypto/modes/gcm128.c +++ b/src/lib/libcrypto/modes/gcm128.c | |||
| @@ -147,7 +147,6 @@ static void gcm_gmult_8bit(u64 Xi[2], const u128 Htable[256]) | |||
| 147 | u128 Z = { 0, 0}; | 147 | u128 Z = { 0, 0}; |
| 148 | const u8 *xi = (const u8 *)Xi+15; | 148 | const u8 *xi = (const u8 *)Xi+15; |
| 149 | size_t rem, n = *xi; | 149 | size_t rem, n = *xi; |
| 150 | const union { long one; char little; } is_endian = {1}; | ||
| 151 | static const size_t rem_8bit[256] = { | 150 | static const size_t rem_8bit[256] = { |
| 152 | PACK(0x0000), PACK(0x01C2), PACK(0x0384), PACK(0x0246), | 151 | PACK(0x0000), PACK(0x01C2), PACK(0x0384), PACK(0x0246), |
| 153 | PACK(0x0708), PACK(0x06CA), PACK(0x048C), PACK(0x054E), | 152 | PACK(0x0708), PACK(0x06CA), PACK(0x048C), PACK(0x054E), |
| @@ -231,7 +230,7 @@ static void gcm_gmult_8bit(u64 Xi[2], const u128 Htable[256]) | |||
| 231 | Z.hi ^= (u64)rem_8bit[rem]<<32; | 230 | Z.hi ^= (u64)rem_8bit[rem]<<32; |
| 232 | } | 231 | } |
| 233 | 232 | ||
| 234 | if (is_endian.little) { | 233 | if (_BYTE_ORDER == _LITTLE_ENDIAN) { |
| 235 | #ifdef BSWAP8 | 234 | #ifdef BSWAP8 |
| 236 | Xi[0] = BSWAP8(Z.hi); | 235 | Xi[0] = BSWAP8(Z.hi); |
| 237 | Xi[1] = BSWAP8(Z.lo); | 236 | Xi[1] = BSWAP8(Z.lo); |
| @@ -307,9 +306,8 @@ static void gcm_init_4bit(u128 Htable[16], u64 H[2]) | |||
| 307 | */ | 306 | */ |
| 308 | { | 307 | { |
| 309 | int j; | 308 | int j; |
| 310 | const union { long one; char little; } is_endian = {1}; | ||
| 311 | 309 | ||
| 312 | if (is_endian.little) | 310 | if (_BYTE_ORDER == _LITTLE_ENDIAN) |
| 313 | for (j=0;j<16;++j) { | 311 | for (j=0;j<16;++j) { |
| 314 | V = Htable[j]; | 312 | V = Htable[j]; |
| 315 | Htable[j].hi = V.lo; | 313 | Htable[j].hi = V.lo; |
| @@ -337,7 +335,6 @@ static void gcm_gmult_4bit(u64 Xi[2], const u128 Htable[16]) | |||
| 337 | u128 Z; | 335 | u128 Z; |
| 338 | int cnt = 15; | 336 | int cnt = 15; |
| 339 | size_t rem, nlo, nhi; | 337 | size_t rem, nlo, nhi; |
| 340 | const union { long one; char little; } is_endian = {1}; | ||
| 341 | 338 | ||
| 342 | nlo = ((const u8 *)Xi)[15]; | 339 | nlo = ((const u8 *)Xi)[15]; |
| 343 | nhi = nlo>>4; | 340 | nhi = nlo>>4; |
| @@ -376,7 +373,7 @@ static void gcm_gmult_4bit(u64 Xi[2], const u128 Htable[16]) | |||
| 376 | Z.lo ^= Htable[nlo].lo; | 373 | Z.lo ^= Htable[nlo].lo; |
| 377 | } | 374 | } |
| 378 | 375 | ||
| 379 | if (is_endian.little) { | 376 | if (_BYTE_ORDER == _LITTLE_ENDIAN) { |
| 380 | #ifdef BSWAP8 | 377 | #ifdef BSWAP8 |
| 381 | Xi[0] = BSWAP8(Z.hi); | 378 | Xi[0] = BSWAP8(Z.hi); |
| 382 | Xi[1] = BSWAP8(Z.lo); | 379 | Xi[1] = BSWAP8(Z.lo); |
| @@ -409,7 +406,6 @@ static void gcm_ghash_4bit(u64 Xi[2],const u128 Htable[16], | |||
| 409 | u128 Z; | 406 | u128 Z; |
| 410 | int cnt; | 407 | int cnt; |
| 411 | size_t rem, nlo, nhi; | 408 | size_t rem, nlo, nhi; |
| 412 | const union { long one; char little; } is_endian = {1}; | ||
| 413 | 409 | ||
| 414 | #if 1 | 410 | #if 1 |
| 415 | do { | 411 | do { |
| @@ -546,7 +542,7 @@ static void gcm_ghash_4bit(u64 Xi[2],const u128 Htable[16], | |||
| 546 | Z.hi ^= ((u64)rem_8bit[rem<<4])<<48; | 542 | Z.hi ^= ((u64)rem_8bit[rem<<4])<<48; |
| 547 | #endif | 543 | #endif |
| 548 | 544 | ||
| 549 | if (is_endian.little) { | 545 | if (_BYTE_ORDER == _LITTLE_ENDIAN) { |
| 550 | #ifdef BSWAP8 | 546 | #ifdef BSWAP8 |
| 551 | Xi[0] = BSWAP8(Z.hi); | 547 | Xi[0] = BSWAP8(Z.hi); |
| 552 | Xi[1] = BSWAP8(Z.lo); | 548 | Xi[1] = BSWAP8(Z.lo); |
| @@ -588,13 +584,12 @@ static void gcm_gmult_1bit(u64 Xi[2],const u64 H[2]) | |||
| 588 | long X; | 584 | long X; |
| 589 | int i,j; | 585 | int i,j; |
| 590 | const long *xi = (const long *)Xi; | 586 | const long *xi = (const long *)Xi; |
| 591 | const union { long one; char little; } is_endian = {1}; | ||
| 592 | 587 | ||
| 593 | V.hi = H[0]; /* H is in host byte order, no byte swapping */ | 588 | V.hi = H[0]; /* H is in host byte order, no byte swapping */ |
| 594 | V.lo = H[1]; | 589 | V.lo = H[1]; |
| 595 | 590 | ||
| 596 | for (j=0; j<16/sizeof(long); ++j) { | 591 | for (j=0; j<16/sizeof(long); ++j) { |
| 597 | if (is_endian.little) { | 592 | if (_BYTE_ORDER == _LITTLE_ENDIAN) { |
| 598 | if (sizeof(long)==8) { | 593 | if (sizeof(long)==8) { |
| 599 | #ifdef BSWAP8 | 594 | #ifdef BSWAP8 |
| 600 | X = (long)(BSWAP8(xi[j])); | 595 | X = (long)(BSWAP8(xi[j])); |
| @@ -620,7 +615,7 @@ static void gcm_gmult_1bit(u64 Xi[2],const u64 H[2]) | |||
| 620 | } | 615 | } |
| 621 | } | 616 | } |
| 622 | 617 | ||
| 623 | if (is_endian.little) { | 618 | if (_BYTE_ORDER == _LITTLE_ENDIAN) { |
| 624 | #ifdef BSWAP8 | 619 | #ifdef BSWAP8 |
| 625 | Xi[0] = BSWAP8(Z.hi); | 620 | Xi[0] = BSWAP8(Z.hi); |
| 626 | Xi[1] = BSWAP8(Z.lo); | 621 | Xi[1] = BSWAP8(Z.lo); |
| @@ -685,15 +680,13 @@ void gcm_ghash_neon(u64 Xi[2],const u128 Htable[16],const u8 *inp,size_t len); | |||
| 685 | 680 | ||
| 686 | void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx,void *key,block128_f block) | 681 | void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx,void *key,block128_f block) |
| 687 | { | 682 | { |
| 688 | const union { long one; char little; } is_endian = {1}; | ||
| 689 | |||
| 690 | memset(ctx,0,sizeof(*ctx)); | 683 | memset(ctx,0,sizeof(*ctx)); |
| 691 | ctx->block = block; | 684 | ctx->block = block; |
| 692 | ctx->key = key; | 685 | ctx->key = key; |
| 693 | 686 | ||
| 694 | (*block)(ctx->H.c,ctx->H.c,key); | 687 | (*block)(ctx->H.c,ctx->H.c,key); |
| 695 | 688 | ||
| 696 | if (is_endian.little) { | 689 | if (_BYTE_ORDER == _LITTLE_ENDIAN) { |
| 697 | /* H is stored in host byte order */ | 690 | /* H is stored in host byte order */ |
| 698 | #ifdef BSWAP8 | 691 | #ifdef BSWAP8 |
| 699 | ctx->H.u[0] = BSWAP8(ctx->H.u[0]); | 692 | ctx->H.u[0] = BSWAP8(ctx->H.u[0]); |
| @@ -755,7 +748,6 @@ void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx,void *key,block128_f block) | |||
| 755 | 748 | ||
| 756 | void CRYPTO_gcm128_setiv(GCM128_CONTEXT *ctx,const unsigned char *iv,size_t len) | 749 | void CRYPTO_gcm128_setiv(GCM128_CONTEXT *ctx,const unsigned char *iv,size_t len) |
| 757 | { | 750 | { |
| 758 | const union { long one; char little; } is_endian = {1}; | ||
| 759 | unsigned int ctr; | 751 | unsigned int ctr; |
| 760 | #ifdef GCM_FUNCREF_4BIT | 752 | #ifdef GCM_FUNCREF_4BIT |
| 761 | void (*gcm_gmult_p)(u64 Xi[2],const u128 Htable[16]) = ctx->gmult; | 753 | void (*gcm_gmult_p)(u64 Xi[2],const u128 Htable[16]) = ctx->gmult; |
| @@ -790,7 +782,7 @@ void CRYPTO_gcm128_setiv(GCM128_CONTEXT *ctx,const unsigned char *iv,size_t len) | |||
| 790 | GCM_MUL(ctx,Yi); | 782 | GCM_MUL(ctx,Yi); |
| 791 | } | 783 | } |
| 792 | len0 <<= 3; | 784 | len0 <<= 3; |
| 793 | if (is_endian.little) { | 785 | if (_BYTE_ORDER == _LITTLE_ENDIAN) { |
| 794 | #ifdef BSWAP8 | 786 | #ifdef BSWAP8 |
| 795 | ctx->Yi.u[1] ^= BSWAP8(len0); | 787 | ctx->Yi.u[1] ^= BSWAP8(len0); |
| 796 | #else | 788 | #else |
| @@ -809,7 +801,7 @@ void CRYPTO_gcm128_setiv(GCM128_CONTEXT *ctx,const unsigned char *iv,size_t len) | |||
| 809 | 801 | ||
| 810 | GCM_MUL(ctx,Yi); | 802 | GCM_MUL(ctx,Yi); |
| 811 | 803 | ||
| 812 | if (is_endian.little) | 804 | if (_BYTE_ORDER == _LITTLE_ENDIAN) |
| 813 | #ifdef BSWAP4 | 805 | #ifdef BSWAP4 |
| 814 | ctr = BSWAP4(ctx->Yi.d[3]); | 806 | ctr = BSWAP4(ctx->Yi.d[3]); |
| 815 | #else | 807 | #else |
| @@ -821,7 +813,7 @@ void CRYPTO_gcm128_setiv(GCM128_CONTEXT *ctx,const unsigned char *iv,size_t len) | |||
| 821 | 813 | ||
| 822 | (*ctx->block)(ctx->Yi.c,ctx->EK0.c,ctx->key); | 814 | (*ctx->block)(ctx->Yi.c,ctx->EK0.c,ctx->key); |
| 823 | ++ctr; | 815 | ++ctr; |
| 824 | if (is_endian.little) | 816 | if (_BYTE_ORDER == _LITTLE_ENDIAN) |
| 825 | #ifdef BSWAP4 | 817 | #ifdef BSWAP4 |
| 826 | ctx->Yi.d[3] = BSWAP4(ctr); | 818 | ctx->Yi.d[3] = BSWAP4(ctr); |
| 827 | #else | 819 | #else |
| @@ -892,7 +884,6 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, | |||
| 892 | const unsigned char *in, unsigned char *out, | 884 | const unsigned char *in, unsigned char *out, |
| 893 | size_t len) | 885 | size_t len) |
| 894 | { | 886 | { |
| 895 | const union { long one; char little; } is_endian = {1}; | ||
| 896 | unsigned int n, ctr; | 887 | unsigned int n, ctr; |
| 897 | size_t i; | 888 | size_t i; |
| 898 | u64 mlen = ctx->len.u[1]; | 889 | u64 mlen = ctx->len.u[1]; |
| @@ -920,7 +911,7 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, | |||
| 920 | ctx->ares = 0; | 911 | ctx->ares = 0; |
| 921 | } | 912 | } |
| 922 | 913 | ||
| 923 | if (is_endian.little) | 914 | if (_BYTE_ORDER == _LITTLE_ENDIAN) |
| 924 | #ifdef BSWAP4 | 915 | #ifdef BSWAP4 |
| 925 | ctr = BSWAP4(ctx->Yi.d[3]); | 916 | ctr = BSWAP4(ctx->Yi.d[3]); |
| 926 | #else | 917 | #else |
| @@ -958,7 +949,7 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, | |||
| 958 | 949 | ||
| 959 | (*block)(ctx->Yi.c,ctx->EKi.c,key); | 950 | (*block)(ctx->Yi.c,ctx->EKi.c,key); |
| 960 | ++ctr; | 951 | ++ctr; |
| 961 | if (is_endian.little) | 952 | if (_BYTE_ORDER == _LITTLE_ENDIAN) |
| 962 | #ifdef BSWAP4 | 953 | #ifdef BSWAP4 |
| 963 | ctx->Yi.d[3] = BSWAP4(ctr); | 954 | ctx->Yi.d[3] = BSWAP4(ctr); |
| 964 | #else | 955 | #else |
| @@ -984,7 +975,7 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, | |||
| 984 | 975 | ||
| 985 | (*block)(ctx->Yi.c,ctx->EKi.c,key); | 976 | (*block)(ctx->Yi.c,ctx->EKi.c,key); |
| 986 | ++ctr; | 977 | ++ctr; |
| 987 | if (is_endian.little) | 978 | if (_BYTE_ORDER == _LITTLE_ENDIAN) |
| 988 | #ifdef BSWAP4 | 979 | #ifdef BSWAP4 |
| 989 | ctx->Yi.d[3] = BSWAP4(ctr); | 980 | ctx->Yi.d[3] = BSWAP4(ctr); |
| 990 | #else | 981 | #else |
| @@ -1007,7 +998,7 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, | |||
| 1007 | 998 | ||
| 1008 | (*block)(ctx->Yi.c,ctx->EKi.c,key); | 999 | (*block)(ctx->Yi.c,ctx->EKi.c,key); |
| 1009 | ++ctr; | 1000 | ++ctr; |
| 1010 | if (is_endian.little) | 1001 | if (_BYTE_ORDER == _LITTLE_ENDIAN) |
| 1011 | #ifdef BSWAP4 | 1002 | #ifdef BSWAP4 |
| 1012 | ctx->Yi.d[3] = BSWAP4(ctr); | 1003 | ctx->Yi.d[3] = BSWAP4(ctr); |
| 1013 | #else | 1004 | #else |
| @@ -1027,7 +1018,7 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, | |||
| 1027 | if (len) { | 1018 | if (len) { |
| 1028 | (*block)(ctx->Yi.c,ctx->EKi.c,key); | 1019 | (*block)(ctx->Yi.c,ctx->EKi.c,key); |
| 1029 | ++ctr; | 1020 | ++ctr; |
| 1030 | if (is_endian.little) | 1021 | if (_BYTE_ORDER == _LITTLE_ENDIAN) |
| 1031 | #ifdef BSWAP4 | 1022 | #ifdef BSWAP4 |
| 1032 | ctx->Yi.d[3] = BSWAP4(ctr); | 1023 | ctx->Yi.d[3] = BSWAP4(ctr); |
| 1033 | #else | 1024 | #else |
| @@ -1049,7 +1040,7 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, | |||
| 1049 | if (n==0) { | 1040 | if (n==0) { |
| 1050 | (*block)(ctx->Yi.c,ctx->EKi.c,key); | 1041 | (*block)(ctx->Yi.c,ctx->EKi.c,key); |
| 1051 | ++ctr; | 1042 | ++ctr; |
| 1052 | if (is_endian.little) | 1043 | if (_BYTE_ORDER == _LITTLE_ENDIAN) |
| 1053 | #ifdef BSWAP4 | 1044 | #ifdef BSWAP4 |
| 1054 | ctx->Yi.d[3] = BSWAP4(ctr); | 1045 | ctx->Yi.d[3] = BSWAP4(ctr); |
| 1055 | #else | 1046 | #else |
| @@ -1072,7 +1063,6 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, | |||
| 1072 | const unsigned char *in, unsigned char *out, | 1063 | const unsigned char *in, unsigned char *out, |
| 1073 | size_t len) | 1064 | size_t len) |
| 1074 | { | 1065 | { |
| 1075 | const union { long one; char little; } is_endian = {1}; | ||
| 1076 | unsigned int n, ctr; | 1066 | unsigned int n, ctr; |
| 1077 | size_t i; | 1067 | size_t i; |
| 1078 | u64 mlen = ctx->len.u[1]; | 1068 | u64 mlen = ctx->len.u[1]; |
| @@ -1097,7 +1087,7 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, | |||
| 1097 | ctx->ares = 0; | 1087 | ctx->ares = 0; |
| 1098 | } | 1088 | } |
| 1099 | 1089 | ||
| 1100 | if (is_endian.little) | 1090 | if (_BYTE_ORDER == _LITTLE_ENDIAN) |
| 1101 | #ifdef BSWAP4 | 1091 | #ifdef BSWAP4 |
| 1102 | ctr = BSWAP4(ctx->Yi.d[3]); | 1092 | ctr = BSWAP4(ctx->Yi.d[3]); |
| 1103 | #else | 1093 | #else |
| @@ -1138,7 +1128,7 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, | |||
| 1138 | 1128 | ||
| 1139 | (*block)(ctx->Yi.c,ctx->EKi.c,key); | 1129 | (*block)(ctx->Yi.c,ctx->EKi.c,key); |
| 1140 | ++ctr; | 1130 | ++ctr; |
| 1141 | if (is_endian.little) | 1131 | if (_BYTE_ORDER == _LITTLE_ENDIAN) |
| 1142 | #ifdef BSWAP4 | 1132 | #ifdef BSWAP4 |
| 1143 | ctx->Yi.d[3] = BSWAP4(ctr); | 1133 | ctx->Yi.d[3] = BSWAP4(ctr); |
| 1144 | #else | 1134 | #else |
| @@ -1162,7 +1152,7 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, | |||
| 1162 | 1152 | ||
| 1163 | (*block)(ctx->Yi.c,ctx->EKi.c,key); | 1153 | (*block)(ctx->Yi.c,ctx->EKi.c,key); |
| 1164 | ++ctr; | 1154 | ++ctr; |
| 1165 | if (is_endian.little) | 1155 | if (_BYTE_ORDER == _LITTLE_ENDIAN) |
| 1166 | #ifdef BSWAP4 | 1156 | #ifdef BSWAP4 |
| 1167 | ctx->Yi.d[3] = BSWAP4(ctr); | 1157 | ctx->Yi.d[3] = BSWAP4(ctr); |
| 1168 | #else | 1158 | #else |
| @@ -1184,7 +1174,7 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, | |||
| 1184 | 1174 | ||
| 1185 | (*block)(ctx->Yi.c,ctx->EKi.c,key); | 1175 | (*block)(ctx->Yi.c,ctx->EKi.c,key); |
| 1186 | ++ctr; | 1176 | ++ctr; |
| 1187 | if (is_endian.little) | 1177 | if (_BYTE_ORDER == _LITTLE_ENDIAN) |
| 1188 | #ifdef BSWAP4 | 1178 | #ifdef BSWAP4 |
| 1189 | ctx->Yi.d[3] = BSWAP4(ctr); | 1179 | ctx->Yi.d[3] = BSWAP4(ctr); |
| 1190 | #else | 1180 | #else |
| @@ -1206,7 +1196,7 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, | |||
| 1206 | if (len) { | 1196 | if (len) { |
| 1207 | (*block)(ctx->Yi.c,ctx->EKi.c,key); | 1197 | (*block)(ctx->Yi.c,ctx->EKi.c,key); |
| 1208 | ++ctr; | 1198 | ++ctr; |
| 1209 | if (is_endian.little) | 1199 | if (_BYTE_ORDER == _LITTLE_ENDIAN) |
| 1210 | #ifdef BSWAP4 | 1200 | #ifdef BSWAP4 |
| 1211 | ctx->Yi.d[3] = BSWAP4(ctr); | 1201 | ctx->Yi.d[3] = BSWAP4(ctr); |
| 1212 | #else | 1202 | #else |
| @@ -1231,7 +1221,7 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, | |||
| 1231 | if (n==0) { | 1221 | if (n==0) { |
| 1232 | (*block)(ctx->Yi.c,ctx->EKi.c,key); | 1222 | (*block)(ctx->Yi.c,ctx->EKi.c,key); |
| 1233 | ++ctr; | 1223 | ++ctr; |
| 1234 | if (is_endian.little) | 1224 | if (_BYTE_ORDER == _LITTLE_ENDIAN) |
| 1235 | #ifdef BSWAP4 | 1225 | #ifdef BSWAP4 |
| 1236 | ctx->Yi.d[3] = BSWAP4(ctr); | 1226 | ctx->Yi.d[3] = BSWAP4(ctr); |
| 1237 | #else | 1227 | #else |
| @@ -1256,7 +1246,6 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx, | |||
| 1256 | const unsigned char *in, unsigned char *out, | 1246 | const unsigned char *in, unsigned char *out, |
| 1257 | size_t len, ctr128_f stream) | 1247 | size_t len, ctr128_f stream) |
| 1258 | { | 1248 | { |
| 1259 | const union { long one; char little; } is_endian = {1}; | ||
| 1260 | unsigned int n, ctr; | 1249 | unsigned int n, ctr; |
| 1261 | size_t i; | 1250 | size_t i; |
| 1262 | u64 mlen = ctx->len.u[1]; | 1251 | u64 mlen = ctx->len.u[1]; |
| @@ -1280,7 +1269,7 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx, | |||
| 1280 | ctx->ares = 0; | 1269 | ctx->ares = 0; |
| 1281 | } | 1270 | } |
| 1282 | 1271 | ||
| 1283 | if (is_endian.little) | 1272 | if (_BYTE_ORDER == _LITTLE_ENDIAN) |
| 1284 | #ifdef BSWAP4 | 1273 | #ifdef BSWAP4 |
| 1285 | ctr = BSWAP4(ctx->Yi.d[3]); | 1274 | ctr = BSWAP4(ctx->Yi.d[3]); |
| 1286 | #else | 1275 | #else |
| @@ -1306,7 +1295,7 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx, | |||
| 1306 | while (len>=GHASH_CHUNK) { | 1295 | while (len>=GHASH_CHUNK) { |
| 1307 | (*stream)(in,out,GHASH_CHUNK/16,key,ctx->Yi.c); | 1296 | (*stream)(in,out,GHASH_CHUNK/16,key,ctx->Yi.c); |
| 1308 | ctr += GHASH_CHUNK/16; | 1297 | ctr += GHASH_CHUNK/16; |
| 1309 | if (is_endian.little) | 1298 | if (_BYTE_ORDER == _LITTLE_ENDIAN) |
| 1310 | #ifdef BSWAP4 | 1299 | #ifdef BSWAP4 |
| 1311 | ctx->Yi.d[3] = BSWAP4(ctr); | 1300 | ctx->Yi.d[3] = BSWAP4(ctr); |
| 1312 | #else | 1301 | #else |
| @@ -1325,7 +1314,7 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx, | |||
| 1325 | 1314 | ||
| 1326 | (*stream)(in,out,j,key,ctx->Yi.c); | 1315 | (*stream)(in,out,j,key,ctx->Yi.c); |
| 1327 | ctr += (unsigned int)j; | 1316 | ctr += (unsigned int)j; |
| 1328 | if (is_endian.little) | 1317 | if (_BYTE_ORDER == _LITTLE_ENDIAN) |
| 1329 | #ifdef BSWAP4 | 1318 | #ifdef BSWAP4 |
| 1330 | ctx->Yi.d[3] = BSWAP4(ctr); | 1319 | ctx->Yi.d[3] = BSWAP4(ctr); |
| 1331 | #else | 1320 | #else |
| @@ -1349,7 +1338,7 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx, | |||
| 1349 | if (len) { | 1338 | if (len) { |
| 1350 | (*ctx->block)(ctx->Yi.c,ctx->EKi.c,key); | 1339 | (*ctx->block)(ctx->Yi.c,ctx->EKi.c,key); |
| 1351 | ++ctr; | 1340 | ++ctr; |
| 1352 | if (is_endian.little) | 1341 | if (_BYTE_ORDER == _LITTLE_ENDIAN) |
| 1353 | #ifdef BSWAP4 | 1342 | #ifdef BSWAP4 |
| 1354 | ctx->Yi.d[3] = BSWAP4(ctr); | 1343 | ctx->Yi.d[3] = BSWAP4(ctr); |
| 1355 | #else | 1344 | #else |
| @@ -1371,7 +1360,6 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, | |||
| 1371 | const unsigned char *in, unsigned char *out, | 1360 | const unsigned char *in, unsigned char *out, |
| 1372 | size_t len,ctr128_f stream) | 1361 | size_t len,ctr128_f stream) |
| 1373 | { | 1362 | { |
| 1374 | const union { long one; char little; } is_endian = {1}; | ||
| 1375 | unsigned int n, ctr; | 1363 | unsigned int n, ctr; |
| 1376 | size_t i; | 1364 | size_t i; |
| 1377 | u64 mlen = ctx->len.u[1]; | 1365 | u64 mlen = ctx->len.u[1]; |
| @@ -1395,7 +1383,7 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, | |||
| 1395 | ctx->ares = 0; | 1383 | ctx->ares = 0; |
| 1396 | } | 1384 | } |
| 1397 | 1385 | ||
| 1398 | if (is_endian.little) | 1386 | if (_BYTE_ORDER == _LITTLE_ENDIAN) |
| 1399 | #ifdef BSWAP4 | 1387 | #ifdef BSWAP4 |
| 1400 | ctr = BSWAP4(ctx->Yi.d[3]); | 1388 | ctr = BSWAP4(ctx->Yi.d[3]); |
| 1401 | #else | 1389 | #else |
| @@ -1424,7 +1412,7 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, | |||
| 1424 | GHASH(ctx,in,GHASH_CHUNK); | 1412 | GHASH(ctx,in,GHASH_CHUNK); |
| 1425 | (*stream)(in,out,GHASH_CHUNK/16,key,ctx->Yi.c); | 1413 | (*stream)(in,out,GHASH_CHUNK/16,key,ctx->Yi.c); |
| 1426 | ctr += GHASH_CHUNK/16; | 1414 | ctr += GHASH_CHUNK/16; |
| 1427 | if (is_endian.little) | 1415 | if (_BYTE_ORDER == _LITTLE_ENDIAN) |
| 1428 | #ifdef BSWAP4 | 1416 | #ifdef BSWAP4 |
| 1429 | ctx->Yi.d[3] = BSWAP4(ctr); | 1417 | ctx->Yi.d[3] = BSWAP4(ctr); |
| 1430 | #else | 1418 | #else |
| @@ -1454,7 +1442,7 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, | |||
| 1454 | #endif | 1442 | #endif |
| 1455 | (*stream)(in,out,j,key,ctx->Yi.c); | 1443 | (*stream)(in,out,j,key,ctx->Yi.c); |
| 1456 | ctr += (unsigned int)j; | 1444 | ctr += (unsigned int)j; |
| 1457 | if (is_endian.little) | 1445 | if (_BYTE_ORDER == _LITTLE_ENDIAN) |
| 1458 | #ifdef BSWAP4 | 1446 | #ifdef BSWAP4 |
| 1459 | ctx->Yi.d[3] = BSWAP4(ctr); | 1447 | ctx->Yi.d[3] = BSWAP4(ctr); |
| 1460 | #else | 1448 | #else |
| @@ -1469,7 +1457,7 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, | |||
| 1469 | if (len) { | 1457 | if (len) { |
| 1470 | (*ctx->block)(ctx->Yi.c,ctx->EKi.c,key); | 1458 | (*ctx->block)(ctx->Yi.c,ctx->EKi.c,key); |
| 1471 | ++ctr; | 1459 | ++ctr; |
| 1472 | if (is_endian.little) | 1460 | if (_BYTE_ORDER == _LITTLE_ENDIAN) |
| 1473 | #ifdef BSWAP4 | 1461 | #ifdef BSWAP4 |
| 1474 | ctx->Yi.d[3] = BSWAP4(ctr); | 1462 | ctx->Yi.d[3] = BSWAP4(ctr); |
| 1475 | #else | 1463 | #else |
| @@ -1492,7 +1480,6 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, | |||
| 1492 | int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx,const unsigned char *tag, | 1480 | int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx,const unsigned char *tag, |
| 1493 | size_t len) | 1481 | size_t len) |
| 1494 | { | 1482 | { |
| 1495 | const union { long one; char little; } is_endian = {1}; | ||
| 1496 | u64 alen = ctx->len.u[0]<<3; | 1483 | u64 alen = ctx->len.u[0]<<3; |
| 1497 | u64 clen = ctx->len.u[1]<<3; | 1484 | u64 clen = ctx->len.u[1]<<3; |
| 1498 | #ifdef GCM_FUNCREF_4BIT | 1485 | #ifdef GCM_FUNCREF_4BIT |
| @@ -1502,7 +1489,7 @@ int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx,const unsigned char *tag, | |||
| 1502 | if (ctx->mres || ctx->ares) | 1489 | if (ctx->mres || ctx->ares) |
| 1503 | GCM_MUL(ctx,Xi); | 1490 | GCM_MUL(ctx,Xi); |
| 1504 | 1491 | ||
| 1505 | if (is_endian.little) { | 1492 | if (_BYTE_ORDER == _LITTLE_ENDIAN) { |
| 1506 | #ifdef BSWAP8 | 1493 | #ifdef BSWAP8 |
| 1507 | alen = BSWAP8(alen); | 1494 | alen = BSWAP8(alen); |
| 1508 | clen = BSWAP8(clen); | 1495 | clen = BSWAP8(clen); |