From 87b4aa4f0c1a819187551854f2557308698dd67f Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Wed, 23 Apr 2025 10:58:48 +0000
Subject: Fix CRYPTO_gcm128_decrypt() when compiled with TABLE_BITS == 1.

This appears to have been broken since 2013 when OpenSSL commit 3b4be0018b5
landed. This added in_t and out_t variables, but continued to use in and
out instead. Yet another reason why untested conditional code is a bad
thing.

ok beck@ tb@
---
 src/lib/libcrypto/modes/gcm128.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'src/lib/libcrypto')

diff --git a/src/lib/libcrypto/modes/gcm128.c b/src/lib/libcrypto/modes/gcm128.c
index ff9f047ec7..b980c7431f 100644
--- a/src/lib/libcrypto/modes/gcm128.c
+++ b/src/lib/libcrypto/modes/gcm128.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: gcm128.c,v 1.29 2025/04/22 14:09:20 jsing Exp $ */
+/* $OpenBSD: gcm128.c,v 1.30 2025/04/23 10:58:48 jsing Exp $ */
 /* ====================================================================
  * Copyright (c) 2010 The OpenSSL Project.  All rights reserved.
  *
@@ -1060,8 +1060,8 @@ CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
 				ctx->Yi.d[3] = htobe32(ctr);
 
 				for (i = 0; i < 16/sizeof(size_t); ++i) {
-					size_t c = in[i];
-					out[i] = c ^ ctx->EKi.t[i];
+					size_t c = in_t[i];
+					out_t[i] = c ^ ctx->EKi.t[i];
 					ctx->Xi.t[i] ^= c;
 				}
 				GCM_MUL(ctx, Xi);
-- 
cgit v1.2.3-55-g6feb