From 1ce223ac672aba9e1d955ebac21162d281b013b2 Mon Sep 17 00:00:00 2001 From: jsing <> Date: Fri, 25 Apr 2025 08:19:22 +0000 Subject: Use the OPENSSL_SMALL_FOOTPRINT code in gcm_init_4bit(). A modern compiler will unroll these loops - LLVM produces identical code (at least on arm64). Drop the manually unrolled version and have code that is more readable and maintainable. ok tb@ --- src/lib/libcrypto/modes/gcm128.c | 34 ++-------------------------------- 1 file changed, 2 insertions(+), 32 deletions(-) (limited to 'src') diff --git a/src/lib/libcrypto/modes/gcm128.c b/src/lib/libcrypto/modes/gcm128.c index fb03f72754..db1f2b9a1c 100644 --- a/src/lib/libcrypto/modes/gcm128.c +++ b/src/lib/libcrypto/modes/gcm128.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gcm128.c,v 1.32 2025/04/23 14:15:19 jsing Exp $ */ +/* $OpenBSD: gcm128.c,v 1.33 2025/04/25 08:19:22 jsing Exp $ */ /* ==================================================================== * Copyright (c) 2010 The OpenSSL Project. All rights reserved. * @@ -232,16 +232,13 @@ static void gcm_init_4bit(u128 Htable[16], u64 H[2]) { u128 V; -#if defined(OPENSSL_SMALL_FOOTPRINT) int i; -#endif Htable[0].hi = 0; Htable[0].lo = 0; V.hi = H[0]; V.lo = H[1]; -#if defined(OPENSSL_SMALL_FOOTPRINT) for (Htable[8] = V, i = 4; i > 0; i >>= 1) { REDUCE1BIT(V); Htable[i] = V; @@ -255,34 +252,7 @@ gcm_init_4bit(u128 Htable[16], u64 H[2]) Hi[j].lo = V.lo ^ Htable[j].lo; } } -#else - Htable[8] = V; - REDUCE1BIT(V); - Htable[4] = V; - REDUCE1BIT(V); - Htable[2] = V; - REDUCE1BIT(V); - Htable[1] = V; - Htable[3].hi = V.hi ^ Htable[2].hi, Htable[3].lo = V.lo ^ Htable[2].lo; - V = Htable[4]; - Htable[5].hi = V.hi ^ Htable[1].hi, Htable[5].lo = V.lo ^ Htable[1].lo; - Htable[6].hi = V.hi ^ Htable[2].hi, Htable[6].lo = V.lo ^ Htable[2].lo; - Htable[7].hi = V.hi ^ Htable[3].hi, Htable[7].lo = V.lo ^ Htable[3].lo; - V = Htable[8]; - Htable[9].hi = V.hi ^ Htable[1].hi, Htable[9].lo = V.lo ^ Htable[1].lo; - Htable[10].hi = V.hi ^ Htable[2].hi, - Htable[10].lo = V.lo ^ Htable[2].lo; - Htable[11].hi = V.hi ^ Htable[3].hi, - Htable[11].lo = V.lo ^ Htable[3].lo; - Htable[12].hi = V.hi ^ Htable[4].hi, - Htable[12].lo = V.lo ^ Htable[4].lo; - Htable[13].hi = V.hi ^ Htable[5].hi, - Htable[13].lo = V.lo ^ Htable[5].lo; - Htable[14].hi = V.hi ^ Htable[6].hi, - Htable[14].lo = V.lo ^ Htable[6].lo; - Htable[15].hi = V.hi ^ Htable[7].hi, - Htable[15].lo = V.lo ^ Htable[7].lo; -#endif + #if defined(GHASH_ASM) && (defined(__arm__) || defined(__arm)) /* * ARM assembler expects specific dword order in Htable. -- cgit v1.2.3-55-g6feb