diff options
| author | jsing <> | 2025-04-23 14:12:38 +0000 |
|---|---|---|
| committer | jsing <> | 2025-04-23 14:12:38 +0000 |
| commit | 0846d43744d6b6951a96dae0b1276507c34c1d31 (patch) | |
| tree | 5c695e71d6556cc4f076675e14bd89b34925fb3e /src | |
| parent | 87b4aa4f0c1a819187551854f2557308698dd67f (diff) | |
| download | openbsd-0846d43744d6b6951a96dae0b1276507c34c1d31.tar.gz openbsd-0846d43744d6b6951a96dae0b1276507c34c1d31.tar.bz2 openbsd-0846d43744d6b6951a96dae0b1276507c34c1d31.zip | |
Rewrite gcm_gmult_1bit() to avoid sizeof(long) hacks.
We're already using 64 bit variables, so just continue to do so and let
the compiler deal with code generation. While here, use unsigned right
shifts instead of relying on signed right shifts and implementation-defined
behaviour (which the original code did).
Feedback from lucas@
ok beck@ tb@
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libcrypto/modes/gcm128.c | 30 |
1 files changed, 8 insertions, 22 deletions
diff --git a/src/lib/libcrypto/modes/gcm128.c b/src/lib/libcrypto/modes/gcm128.c index b980c7431f..29f289cb7e 100644 --- a/src/lib/libcrypto/modes/gcm128.c +++ b/src/lib/libcrypto/modes/gcm128.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: gcm128.c,v 1.30 2025/04/23 10:58:48 jsing Exp $ */ | 1 | /* $OpenBSD: gcm128.c,v 1.31 2025/04/23 14:12:38 jsing Exp $ */ |
| 2 | /* ==================================================================== | 2 | /* ==================================================================== |
| 3 | * Copyright (c) 2010 The OpenSSL Project. All rights reserved. | 3 | * Copyright (c) 2010 The OpenSSL Project. All rights reserved. |
| 4 | * | 4 | * |
| @@ -545,35 +545,21 @@ void gcm_ghash_4bit(u64 Xi[2], const u128 Htable[16], const u8 *inp, | |||
| 545 | static void | 545 | static void |
| 546 | gcm_gmult_1bit(u64 Xi[2], const u64 H[2]) | 546 | gcm_gmult_1bit(u64 Xi[2], const u64 H[2]) |
| 547 | { | 547 | { |
| 548 | u128 V, Z = { 0,0 }; | 548 | u128 V, Z = { 0, 0 }; |
| 549 | long X; | 549 | u64 X; |
| 550 | int i, j; | 550 | int i, j; |
| 551 | const long *xi = (const long *)Xi; | ||
| 552 | 551 | ||
| 553 | V.hi = H[0]; /* H is in host byte order, no byte swapping */ | 552 | V.hi = H[0]; /* H is in host byte order, no byte swapping */ |
| 554 | V.lo = H[1]; | 553 | V.lo = H[1]; |
| 555 | 554 | ||
| 556 | for (j = 0; j < 16/sizeof(long); ++j) { | 555 | for (j = 0; j < 2; j++) { |
| 557 | #if BYTE_ORDER == LITTLE_ENDIAN | 556 | X = be64toh(Xi[j]); |
| 558 | #if SIZE_MAX == 0xffffffffffffffff | ||
| 559 | #ifdef BSWAP8 | ||
| 560 | X = (long)(BSWAP8(xi[j])); | ||
| 561 | #else | ||
| 562 | const u8 *p = (const u8 *)(xi + j); | ||
| 563 | X = (long)((u64)GETU32(p) << 32|GETU32(p + 4)); | ||
| 564 | #endif | ||
| 565 | #else | ||
| 566 | const u8 *p = (const u8 *)(xi + j); | ||
| 567 | X = (long)GETU32(p); | ||
| 568 | #endif | ||
| 569 | #else /* BIG_ENDIAN */ | ||
| 570 | X = xi[j]; | ||
| 571 | #endif | ||
| 572 | 557 | ||
| 573 | for (i = 0; i < 8*sizeof(long); ++i, X <<= 1) { | 558 | for (i = 0; i < 64; i++) { |
| 574 | u64 M = (u64)(X >> (8*sizeof(long) - 1)); | 559 | u64 M = 0 - (X >> 63); |
| 575 | Z.hi ^= V.hi & M; | 560 | Z.hi ^= V.hi & M; |
| 576 | Z.lo ^= V.lo & M; | 561 | Z.lo ^= V.lo & M; |
| 562 | X <<= 1; | ||
| 577 | 563 | ||
| 578 | REDUCE1BIT(V); | 564 | REDUCE1BIT(V); |
| 579 | } | 565 | } |