From bc1afd923fa7ed3bad6afe202345ff452445115b Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Sun, 18 May 2025 07:13:48 +0000
Subject: Inline REDUCE1BIT macro.

The REDUCE1BIT macro is now only used in one place, so just inline it.
Additionally we do not need separate 32 bit and 64 bit versions - just use
the 64 bit version and let the compiler deal with it (we effectively get
the same code on i386).

ok beck@ joshua@
---
 src/lib/libcrypto/modes/gcm128.c | 21 ++++++---------------
 1 file changed, 6 insertions(+), 15 deletions(-)

(limited to 'src/lib/libcrypto')

diff --git a/src/lib/libcrypto/modes/gcm128.c b/src/lib/libcrypto/modes/gcm128.c
index 5eb616cef7..334e592aa5 100644
--- a/src/lib/libcrypto/modes/gcm128.c
+++ b/src/lib/libcrypto/modes/gcm128.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: gcm128.c,v 1.37 2025/05/17 14:43:17 jsing Exp $ */
+/* $OpenBSD: gcm128.c,v 1.38 2025/05/18 07:13:48 jsing Exp $ */
 /* ====================================================================
  * Copyright (c) 2010 The OpenSSL Project.  All rights reserved.
  *
@@ -56,24 +56,13 @@
 #include "modes_local.h"
 
 #define	PACK(s)		((size_t)(s)<<(sizeof(size_t)*8-16))
-#define REDUCE1BIT(V)							\
-	do {								\
-		if (sizeof(size_t)==8) {				\
-			u64 T = U64(0xe100000000000000) & (0-(V.lo&1));	\
-			V.lo  = (V.hi<<63)|(V.lo>>1);			\
-			V.hi  = (V.hi>>1 )^T;				\
-		} else {						\
-			u32 T = 0xe1000000U & (0-(u32)(V.lo&1));	\
-			V.lo  = (V.hi<<63)|(V.lo>>1);			\
-			V.hi  = (V.hi>>1 )^((u64)T<<32);		\
-		}							\
-	} while(0)
 
 static void
 gcm_init_4bit(u128 Htable[16], u64 H[2])
 {
 	u128 V;
-	int  i;
+	u64 T;
+	int i;
 
 	Htable[0].hi = 0;
 	Htable[0].lo = 0;
@@ -81,7 +70,9 @@ gcm_init_4bit(u128 Htable[16], u64 H[2])
 	V.lo = H[1];
 
 	for (Htable[8] = V, i = 4; i > 0; i >>= 1) {
-		REDUCE1BIT(V);
+		T = U64(0xe100000000000000) & (0 - (V.lo & 1));
+		V.lo = (V.hi << 63) | (V.lo >> 1);
+		V.hi = (V.hi >> 1 ) ^ T;
 		Htable[i] = V;
 	}
 
-- 
cgit v1.2.3-55-g6feb