1 files changed, 5 insertions, 13 deletions
diff --git a/src/lib/libcrypto/modes/gcm128.c b/src/lib/libcrypto/modes/gcm128.c
index db1f2b9a1c..1e925f2a1f 100644
--- a/src/lib/libcrypto/modes/gcm128.c
+++ b/src/lib/libcrypto/modes/gcm128.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: gcm128.c,v 1.33 2025/04/25 08:19:22 jsing Exp $ */
+/* $OpenBSD: gcm128.c,v 1.34 2025/04/25 08:26:57 jsing Exp $ */
 /* ====================================================================
 * Copyright (c) 2010 The OpenSSL Project.  All rights reserved.
 *
@@ -332,7 +332,6 @@ gcm_gmult_4bit(u64 Xi[2], const u128 Htable[16])
        Xi[1] = htobe64(Z.lo);
 }
-#if !defined(OPENSSL_SMALL_FOOTPRINT)
 /*
 * Streamed gcm_mult_4bit, see CRYPTO_gcm128_[en|de]crypt for
 * details... Compiler-generated code doesn't seem to give any
@@ -488,7 +487,6 @@ gcm_ghash_4bit(u64 Xi[2], const u128 Htable[16],
                Xi[1] = htobe64(Z.lo);
        } while (inp += 16, len -= 16);
 }
-#endif
 #else
 void gcm_gmult_4bit(u64 Xi[2], const u128 Htable[16]);
 void gcm_ghash_4bit(u64 Xi[2], const u128 Htable[16], const u8 *inp,
@@ -496,13 +494,11 @@ void gcm_ghash_4bit(u64 Xi[2], const u128 Htable[16], const u8 *inp,
 #endif
 #define GCM_MUL(ctx,Xi)   gcm_gmult_4bit(ctx->Xi.u,ctx->Htable)
-#if defined(GHASH_ASM) || !defined(OPENSSL_SMALL_FOOTPRINT)
 #define GHASH(ctx,in,len) gcm_ghash_4bit((ctx)->Xi.u,(ctx)->Htable,in,len)
 /* GHASH_CHUNK is "stride parameter" missioned to mitigate cache
 * trashing effect. In other words idea is to hash data while it's
 * still in L1 cache after encryption pass... */
 #define GHASH_CHUNK       (3*1024)
-#endif
 #else   /* TABLE_BITS */
@@ -792,7 +788,6 @@ CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
        ctr = be32toh(ctx->Yi.d[3]);
        n = ctx->mres;
-#if !defined(OPENSSL_SMALL_FOOTPRINT)
        if (16 % sizeof(size_t) == 0)
                do {    /* always true actually */
                        if (n) {
@@ -888,7 +883,6 @@ CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
                        ctx->mres = n;
                        return 0;
                } while (0);
-#endif
        for (i = 0; i < len; ++i) {
                if (n == 0) {
                        (*block)(ctx->Yi.c, ctx->EKi.c, key);
@@ -938,7 +932,6 @@ CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
        ctr = be32toh(ctx->Yi.d[3]);
        n = ctx->mres;
-#if !defined(OPENSSL_SMALL_FOOTPRINT)
        if (16 % sizeof(size_t) == 0)
                do {    /* always true actually */
                        if (n) {
@@ -1036,7 +1029,6 @@ CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
                        ctx->mres = n;
                        return 0;
                } while (0);
-#endif
        for (i = 0; i < len; ++i) {
                u8 c;
                if (n == 0) {
@@ -1101,7 +1093,7 @@ CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx,
                        return 0;
                }
        }
-#if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT)
        while (len >= GHASH_CHUNK) {
                (*stream)(in, out, GHASH_CHUNK/16, key, ctx->Yi.c);
                ctr += GHASH_CHUNK/16;
@@ -1111,7 +1103,7 @@ CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx,
                in += GHASH_CHUNK;
                len -= GHASH_CHUNK;
        }
-#endif
        if ((i = (len & (size_t)-16))) {
                size_t j = i/16;
@@ -1193,7 +1185,7 @@ CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx,
                        return 0;
                }
        }
-#if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT)
        while (len >= GHASH_CHUNK) {
                GHASH(ctx, in, GHASH_CHUNK);
                (*stream)(in, out, GHASH_CHUNK/16, key, ctx->Yi.c);
@@ -1203,7 +1195,7 @@ CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx,
                in += GHASH_CHUNK;
                len -= GHASH_CHUNK;
        }
-#endif
        if ((i = (len & (size_t)-16))) {
                size_t j = i/16;

diff --git a/src/lib/libcrypto/modes/gcm128.c b/src/lib/libcrypto/modes/gcm128.c index db1f2b9a1c..1e925f2a1f 100644 --- a/src/lib/libcrypto/modes/gcm128.c +++ b/src/lib/libcrypto/modes/gcm128.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: gcm128.c,v 1.33 2025/04/25 08:19:22 jsing Exp $ */	1	/* $OpenBSD: gcm128.c,v 1.34 2025/04/25 08:26:57 jsing Exp $ */
2	/* ====================================================================	2	/* ====================================================================
3	* Copyright (c) 2010 The OpenSSL Project. All rights reserved.	3	* Copyright (c) 2010 The OpenSSL Project. All rights reserved.
4	*	4	*
@@ -332,7 +332,6 @@ gcm_gmult_4bit(u64 Xi[2], const u128 Htable[16])
332	Xi[1] = htobe64(Z.lo);	332	Xi[1] = htobe64(Z.lo);
333	}	333	}
334		334
335	#if !defined(OPENSSL_SMALL_FOOTPRINT)
336	/*	335	/*
337	* Streamed gcm_mult_4bit, see CRYPTO_gcm128_[en\|de]crypt for	336	* Streamed gcm_mult_4bit, see CRYPTO_gcm128_[en\|de]crypt for
338	* details... Compiler-generated code doesn't seem to give any	337	* details... Compiler-generated code doesn't seem to give any
@@ -488,7 +487,6 @@ gcm_ghash_4bit(u64 Xi[2], const u128 Htable[16],
488	Xi[1] = htobe64(Z.lo);	487	Xi[1] = htobe64(Z.lo);
489	} while (inp += 16, len -= 16);	488	} while (inp += 16, len -= 16);
490	}	489	}
491	#endif
492	#else	490	#else
493	void gcm_gmult_4bit(u64 Xi[2], const u128 Htable[16]);	491	void gcm_gmult_4bit(u64 Xi[2], const u128 Htable[16]);
494	void gcm_ghash_4bit(u64 Xi[2], const u128 Htable[16], const u8 *inp,	492	void gcm_ghash_4bit(u64 Xi[2], const u128 Htable[16], const u8 *inp,
@@ -496,13 +494,11 @@ void gcm_ghash_4bit(u64 Xi[2], const u128 Htable[16], const u8 *inp,
496	#endif	494	#endif
497		495
498	#define GCM_MUL(ctx,Xi) gcm_gmult_4bit(ctx->Xi.u,ctx->Htable)	496	#define GCM_MUL(ctx,Xi) gcm_gmult_4bit(ctx->Xi.u,ctx->Htable)
499	#if defined(GHASH_ASM) \|\| !defined(OPENSSL_SMALL_FOOTPRINT)
500	#define GHASH(ctx,in,len) gcm_ghash_4bit((ctx)->Xi.u,(ctx)->Htable,in,len)	497	#define GHASH(ctx,in,len) gcm_ghash_4bit((ctx)->Xi.u,(ctx)->Htable,in,len)
501	/* GHASH_CHUNK is "stride parameter" missioned to mitigate cache	498	/* GHASH_CHUNK is "stride parameter" missioned to mitigate cache
502	* trashing effect. In other words idea is to hash data while it's	499	* trashing effect. In other words idea is to hash data while it's
503	* still in L1 cache after encryption pass... */	500	* still in L1 cache after encryption pass... */
504	#define GHASH_CHUNK (3*1024)	501	#define GHASH_CHUNK (3*1024)
505	#endif
506		502
507	#else /* TABLE_BITS */	503	#else /* TABLE_BITS */
508		504
@@ -792,7 +788,6 @@ CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
792	ctr = be32toh(ctx->Yi.d[3]);	788	ctr = be32toh(ctx->Yi.d[3]);
793		789
794	n = ctx->mres;	790	n = ctx->mres;
795	#if !defined(OPENSSL_SMALL_FOOTPRINT)
796	if (16 % sizeof(size_t) == 0)	791	if (16 % sizeof(size_t) == 0)
797	do { /* always true actually */	792	do { /* always true actually */
798	if (n) {	793	if (n) {
@@ -888,7 +883,6 @@ CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
888	ctx->mres = n;	883	ctx->mres = n;
889	return 0;	884	return 0;
890	} while (0);	885	} while (0);
891	#endif
892	for (i = 0; i < len; ++i) {	886	for (i = 0; i < len; ++i) {
893	if (n == 0) {	887	if (n == 0) {
894	(*block)(ctx->Yi.c, ctx->EKi.c, key);	888	(*block)(ctx->Yi.c, ctx->EKi.c, key);
@@ -938,7 +932,6 @@ CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
938	ctr = be32toh(ctx->Yi.d[3]);	932	ctr = be32toh(ctx->Yi.d[3]);
939		933
940	n = ctx->mres;	934	n = ctx->mres;
941	#if !defined(OPENSSL_SMALL_FOOTPRINT)
942	if (16 % sizeof(size_t) == 0)	935	if (16 % sizeof(size_t) == 0)
943	do { /* always true actually */	936	do { /* always true actually */
944	if (n) {	937	if (n) {
@@ -1036,7 +1029,6 @@ CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
1036	ctx->mres = n;	1029	ctx->mres = n;
1037	return 0;	1030	return 0;
1038	} while (0);	1031	} while (0);
1039	#endif
1040	for (i = 0; i < len; ++i) {	1032	for (i = 0; i < len; ++i) {
1041	u8 c;	1033	u8 c;
1042	if (n == 0) {	1034	if (n == 0) {
@@ -1101,7 +1093,7 @@ CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx,
1101	return 0;	1093	return 0;
1102	}	1094	}
1103	}	1095	}
1104	#if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT)	1096
1105	while (len >= GHASH_CHUNK) {	1097	while (len >= GHASH_CHUNK) {
1106	(*stream)(in, out, GHASH_CHUNK/16, key, ctx->Yi.c);	1098	(*stream)(in, out, GHASH_CHUNK/16, key, ctx->Yi.c);
1107	ctr += GHASH_CHUNK/16;	1099	ctr += GHASH_CHUNK/16;
@@ -1111,7 +1103,7 @@ CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx,
1111	in += GHASH_CHUNK;	1103	in += GHASH_CHUNK;
1112	len -= GHASH_CHUNK;	1104	len -= GHASH_CHUNK;
1113	}	1105	}
1114	#endif	1106
1115	if ((i = (len & (size_t)-16))) {	1107	if ((i = (len & (size_t)-16))) {
1116	size_t j = i/16;	1108	size_t j = i/16;
1117		1109
@@ -1193,7 +1185,7 @@ CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx,
1193	return 0;	1185	return 0;
1194	}	1186	}
1195	}	1187	}
1196	#if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT)	1188
1197	while (len >= GHASH_CHUNK) {	1189	while (len >= GHASH_CHUNK) {
1198	GHASH(ctx, in, GHASH_CHUNK);	1190	GHASH(ctx, in, GHASH_CHUNK);
1199	(*stream)(in, out, GHASH_CHUNK/16, key, ctx->Yi.c);	1191	(*stream)(in, out, GHASH_CHUNK/16, key, ctx->Yi.c);
@@ -1203,7 +1195,7 @@ CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx,
1203	in += GHASH_CHUNK;	1195	in += GHASH_CHUNK;
1204	len -= GHASH_CHUNK;	1196	len -= GHASH_CHUNK;
1205	}	1197	}
1206	#endif	1198
1207	if ((i = (len & (size_t)-16))) {	1199	if ((i = (len & (size_t)-16))) {
1208	size_t j = i/16;	1200	size_t j = i/16;
1209		1201