Fix CRYPTO_gcm128_decrypt() when compiled with TABLE_BITS == 1.

This appears to have been broken since 2013 when OpenSSL commit 3b4be0018b5 landed. This added in_t and out_t variables, but continued to use in and out instead. Yet another reason why untested conditional code is a bad thing. ok beck@ tb@
author: jsing <> 2025-04-23 10:58:48 +0000
committer: jsing <> 2025-04-23 10:58:48 +0000
commit: 87b4aa4f0c1a819187551854f2557308698dd67f (patch)
tree: bd54a464c6ab8b23ea9f5aa8ead913d13d0b5816 /src
parent: 273e048d695a49faad75ca2ffa6e445353142be8 (diff)
download: openbsd-87b4aa4f0c1a819187551854f2557308698dd67f.tar.gz
openbsd-87b4aa4f0c1a819187551854f2557308698dd67f.tar.bz2
openbsd-87b4aa4f0c1a819187551854f2557308698dd67f.zip
1 files changed, 3 insertions, 3 deletions
diff --git a/src/lib/libcrypto/modes/gcm128.c b/src/lib/libcrypto/modes/gcm128.c
index ff9f047ec7..b980c7431f 100644
--- a/src/lib/libcrypto/modes/gcm128.c
+++ b/src/lib/libcrypto/modes/gcm128.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: gcm128.c,v 1.29 2025/04/22 14:09:20 jsing Exp $ */
+/* $OpenBSD: gcm128.c,v 1.30 2025/04/23 10:58:48 jsing Exp $ */
 /* ====================================================================
 * Copyright (c) 2010 The OpenSSL Project.  All rights reserved.
 *
@@ -1060,8 +1060,8 @@ CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
                                ctx->Yi.d[3] = htobe32(ctr);
                                for (i = 0; i < 16/sizeof(size_t); ++i) {
-                                        size_t c = in[i];
+                                        size_t c = in_t[i];
-                                        out[i] = c ^ ctx->EKi.t[i];
+                                        out_t[i] = c ^ ctx->EKi.t[i];
                                        ctx->Xi.t[i] ^= c;
                                }
                                GCM_MUL(ctx, Xi);
author	jsing <>	2025-04-23 10:58:48 +0000
committer	jsing <>	2025-04-23 10:58:48 +0000
commit	87b4aa4f0c1a819187551854f2557308698dd67f (patch)
tree	bd54a464c6ab8b23ea9f5aa8ead913d13d0b5816 /src
parent	273e048d695a49faad75ca2ffa6e445353142be8 (diff)
download	openbsd-87b4aa4f0c1a819187551854f2557308698dd67f.tar.gz openbsd-87b4aa4f0c1a819187551854f2557308698dd67f.tar.bz2 openbsd-87b4aa4f0c1a819187551854f2557308698dd67f.zip

diff --git a/src/lib/libcrypto/modes/gcm128.c b/src/lib/libcrypto/modes/gcm128.c index ff9f047ec7..b980c7431f 100644 --- a/src/lib/libcrypto/modes/gcm128.c +++ b/src/lib/libcrypto/modes/gcm128.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: gcm128.c,v 1.29 2025/04/22 14:09:20 jsing Exp $ */	1	/* $OpenBSD: gcm128.c,v 1.30 2025/04/23 10:58:48 jsing Exp $ */
2	/* ====================================================================	2	/* ====================================================================
3	* Copyright (c) 2010 The OpenSSL Project. All rights reserved.	3	* Copyright (c) 2010 The OpenSSL Project. All rights reserved.
4	*	4	*
@@ -1060,8 +1060,8 @@ CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
1060	ctx->Yi.d[3] = htobe32(ctr);	1060	ctx->Yi.d[3] = htobe32(ctr);
1061		1061
1062	for (i = 0; i < 16/sizeof(size_t); ++i) {	1062	for (i = 0; i < 16/sizeof(size_t); ++i) {
1063	size_t c = in[i];	1063	size_t c = in_t[i];
1064	out[i] = c ^ ctx->EKi.t[i];	1064	out_t[i] = c ^ ctx->EKi.t[i];
1065	ctx->Xi.t[i] ^= c;	1065	ctx->Xi.t[i] ^= c;
1066	}	1066	}
1067	GCM_MUL(ctx, Xi);	1067	GCM_MUL(ctx, Xi);