diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libcrypto/modes/gcm128.c | 19 |
1 files changed, 9 insertions, 10 deletions
diff --git a/src/lib/libcrypto/modes/gcm128.c b/src/lib/libcrypto/modes/gcm128.c index 8b9a7bcfbb..2540b7cf3d 100644 --- a/src/lib/libcrypto/modes/gcm128.c +++ b/src/lib/libcrypto/modes/gcm128.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: gcm128.c,v 1.49 2025/06/08 07:38:42 jsing Exp $ */ | 1 | /* $OpenBSD: gcm128.c,v 1.50 2025/06/08 07:49:45 jsing Exp $ */ |
| 2 | /* ==================================================================== | 2 | /* ==================================================================== |
| 3 | * Copyright (c) 2010 The OpenSSL Project. All rights reserved. | 3 | * Copyright (c) 2010 The OpenSSL Project. All rights reserved. |
| 4 | * | 4 | * |
| @@ -77,7 +77,7 @@ gcm_init_4bit(u128 Htable[16], uint64_t H[2]) | |||
| 77 | for (i = 2; i < 16; i <<= 1) { | 77 | for (i = 2; i < 16; i <<= 1) { |
| 78 | u128 *Hi = Htable + i; | 78 | u128 *Hi = Htable + i; |
| 79 | int j; | 79 | int j; |
| 80 | for (V = *Hi, j = 1; j < i; ++j) { | 80 | for (V = *Hi, j = 1; j < i; j++) { |
| 81 | Hi[j].hi = V.hi ^ Htable[j].hi; | 81 | Hi[j].hi = V.hi ^ Htable[j].hi; |
| 82 | Hi[j].lo = V.lo ^ Htable[j].lo; | 82 | Hi[j].lo = V.lo ^ Htable[j].lo; |
| 83 | } | 83 | } |
| @@ -338,14 +338,14 @@ CRYPTO_gcm128_setiv(GCM128_CONTEXT *ctx, const unsigned char *iv, size_t len) | |||
| 338 | uint64_t len0 = len; | 338 | uint64_t len0 = len; |
| 339 | 339 | ||
| 340 | while (len >= 16) { | 340 | while (len >= 16) { |
| 341 | for (i = 0; i < 16; ++i) | 341 | for (i = 0; i < 16; i++) |
| 342 | ctx->Yi.c[i] ^= iv[i]; | 342 | ctx->Yi.c[i] ^= iv[i]; |
| 343 | gcm_mul(ctx, ctx->Yi.u); | 343 | gcm_mul(ctx, ctx->Yi.u); |
| 344 | iv += 16; | 344 | iv += 16; |
| 345 | len -= 16; | 345 | len -= 16; |
| 346 | } | 346 | } |
| 347 | if (len) { | 347 | if (len > 0) { |
| 348 | for (i = 0; i < len; ++i) | 348 | for (i = 0; i < len; i++) |
| 349 | ctx->Yi.c[i] ^= iv[i]; | 349 | ctx->Yi.c[i] ^= iv[i]; |
| 350 | gcm_mul(ctx, ctx->Yi.u); | 350 | gcm_mul(ctx, ctx->Yi.u); |
| 351 | } | 351 | } |
| @@ -358,8 +358,7 @@ CRYPTO_gcm128_setiv(GCM128_CONTEXT *ctx, const unsigned char *iv, size_t len) | |||
| 358 | } | 358 | } |
| 359 | 359 | ||
| 360 | (*ctx->block)(ctx->Yi.c, ctx->EK0.c, ctx->key); | 360 | (*ctx->block)(ctx->Yi.c, ctx->EK0.c, ctx->key); |
| 361 | ++ctr; | 361 | ctx->Yi.d[3] = htobe32(++ctr); |
| 362 | ctx->Yi.d[3] = htobe32(ctr); | ||
| 363 | } | 362 | } |
| 364 | LCRYPTO_ALIAS(CRYPTO_gcm128_setiv); | 363 | LCRYPTO_ALIAS(CRYPTO_gcm128_setiv); |
| 365 | 364 | ||
| @@ -398,7 +397,7 @@ CRYPTO_gcm128_aad(GCM128_CONTEXT *ctx, const unsigned char *aad, size_t len) | |||
| 398 | } | 397 | } |
| 399 | if (len > 0) { | 398 | if (len > 0) { |
| 400 | n = (unsigned int)len; | 399 | n = (unsigned int)len; |
| 401 | for (i = 0; i < len; ++i) | 400 | for (i = 0; i < len; i++) |
| 402 | ctx->Xi.c[i] ^= aad[i]; | 401 | ctx->Xi.c[i] ^= aad[i]; |
| 403 | } | 402 | } |
| 404 | ctx->ares = n; | 403 | ctx->ares = n; |
| @@ -430,7 +429,7 @@ CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, const unsigned char *in, | |||
| 430 | 429 | ||
| 431 | n = ctx->mres; | 430 | n = ctx->mres; |
| 432 | 431 | ||
| 433 | for (i = 0; i < len; ++i) { | 432 | for (i = 0; i < len; i++) { |
| 434 | if (n == 0) { | 433 | if (n == 0) { |
| 435 | ctx->block(ctx->Yi.c, ctx->EKi.c, ctx->key); | 434 | ctx->block(ctx->Yi.c, ctx->EKi.c, ctx->key); |
| 436 | ctx->Yi.d[3] = htobe32(++ctr); | 435 | ctx->Yi.d[3] = htobe32(++ctr); |
| @@ -471,7 +470,7 @@ CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, const unsigned char *in, | |||
| 471 | 470 | ||
| 472 | n = ctx->mres; | 471 | n = ctx->mres; |
| 473 | 472 | ||
| 474 | for (i = 0; i < len; ++i) { | 473 | for (i = 0; i < len; i++) { |
| 475 | if (n == 0) { | 474 | if (n == 0) { |
| 476 | ctx->block(ctx->Yi.c, ctx->EKi.c, ctx->key); | 475 | ctx->block(ctx->Yi.c, ctx->EKi.c, ctx->key); |
| 477 | ctx->Yi.d[3] = htobe32(++ctr); | 476 | ctx->Yi.d[3] = htobe32(++ctr); |