[openssl-commits] [openssl] master update
Andy Polyakov
appro at openssl.org
Fri Jan 30 15:38:54 UTC 2015
The branch master has been updated
via 2e635aa81cf1c4e3fd7cb0334c79e7d0771140f1 (commit)
via b2991c081aba5351a3386bdde2927672d53e5c99 (commit)
from 4938ebc4067ae74e07e88b25cd22fd8adf6b8ddc (commit)
- Log -----------------------------------------------------------------
commit 2e635aa81cf1c4e3fd7cb0334c79e7d0771140f1
Author: Andy Polyakov <appro at openssl.org>
Date: Sun Jan 25 15:48:42 2015 +0100
modes/gcm128.c: harmonize ctx->ghash assignment, shortcut *_ctr32
in OPENSSL_SMALL_FOOTPRINT build, remove undesired reformat artefact
and inconsistency in pre-processor logic.
Reviewed-by: Rich Salz <rsalz at openssl.org>
commit b2991c081aba5351a3386bdde2927672d53e5c99
Author: Andy Polyakov <appro at openssl.org>
Date: Sun Jan 25 14:51:43 2015 +0100
modes/gcm128.c: fix OPENSSL_SMALL_FOOTPRINT compile failure
on affected platforms (PowerPC and AArch64).
For reference, minimalistic #ifdef GHASH is sufficient, because
it's never defined with OPENSSL_SMALL_FOOTPRINT and ctx->ghash
is never referred.
Reviewed-by: Rich Salz <rsalz at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
crypto/modes/gcm128.c | 190 ++++++++++++++++++++++++-------------------------
1 file changed, 92 insertions(+), 98 deletions(-)
diff --git a/crypto/modes/gcm128.c b/crypto/modes/gcm128.c
index 75556dc..5c75c91 100644
--- a/crypto/modes/gcm128.c
+++ b/crypto/modes/gcm128.c
@@ -148,9 +148,7 @@ static void gcm_gmult_8bit(u64 Xi[2], const u128 Htable[256])
const union {
long one;
char little;
- } is_endian = {
- 1
- };
+ } is_endian = { 1 };
static const size_t rem_8bit[256] = {
PACK(0x0000), PACK(0x01C2), PACK(0x0384), PACK(0x0246),
PACK(0x0708), PACK(0x06CA), PACK(0x048C), PACK(0x054E),
@@ -319,9 +317,7 @@ static void gcm_init_4bit(u128 Htable[16], u64 H[2])
const union {
long one;
char little;
- } is_endian = {
- 1
- };
+ } is_endian = { 1 };
if (is_endian.little)
for (j = 0; j < 16; ++j) {
@@ -354,9 +350,7 @@ static void gcm_gmult_4bit(u64 Xi[2], const u128 Htable[16])
const union {
long one;
char little;
- } is_endian = {
- 1
- };
+ } is_endian = { 1 };
nlo = ((const u8 *)Xi)[15];
nhi = nlo >> 4;
@@ -435,9 +429,7 @@ static void gcm_ghash_4bit(u64 Xi[2], const u128 Htable[16],
const union {
long one;
char little;
- } is_endian = {
- 1
- };
+ } is_endian = { 1 };
# if 1
do {
@@ -627,9 +619,7 @@ static void gcm_gmult_1bit(u64 Xi[2], const u64 H[2])
const union {
long one;
char little;
- } is_endian = {
- 1
- };
+ } is_endian = { 1 };
V.hi = H[0]; /* H is in host byte order, no byte swapping */
V.lo = H[1];
@@ -772,9 +762,7 @@ void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, void *key, block128_f block)
const union {
long one;
char little;
- } is_endian = {
- 1
- };
+ } is_endian = { 1 };
memset(ctx, 0, sizeof(*ctx));
ctx->block = block;
@@ -799,6 +787,11 @@ void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, void *key, block128_f block)
#if TABLE_BITS==8
gcm_init_8bit(ctx->Htable, ctx->H.u);
#elif TABLE_BITS==4
+# if defined(GHASH)
+# define CTX__GHASH(f) (ctx->ghash = (f))
+# else
+# define CTX__GHASH(f) (ctx->ghash = NULL)
+# endif
# if defined(GHASH_ASM_X86_OR_64)
# if !defined(GHASH_ASM_X86) || defined(OPENSSL_IA32_SSE2)
if (OPENSSL_ia32cap_P[0] & (1 << 24) && /* check FXSR bit */
@@ -806,11 +799,11 @@ void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, void *key, block128_f block)
if (((OPENSSL_ia32cap_P[1] >> 22) & 0x41) == 0x41) { /* AVX+MOVBE */
gcm_init_avx(ctx->Htable, ctx->H.u);
ctx->gmult = gcm_gmult_avx;
- ctx->ghash = gcm_ghash_avx;
+ CTX__GHASH(gcm_ghash_avx);
} else {
gcm_init_clmul(ctx->Htable, ctx->H.u);
ctx->gmult = gcm_gmult_clmul;
- ctx->ghash = gcm_ghash_clmul;
+ CTX__GHASH(gcm_ghash_clmul);
}
return;
}
@@ -823,58 +816,59 @@ void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, void *key, block128_f block)
if (OPENSSL_ia32cap_P[0] & (1 << 23)) { /* check MMX bit */
# endif
ctx->gmult = gcm_gmult_4bit_mmx;
- ctx->ghash = gcm_ghash_4bit_mmx;
+ CTX__GHASH(gcm_ghash_4bit_mmx);
} else {
ctx->gmult = gcm_gmult_4bit_x86;
- ctx->ghash = gcm_ghash_4bit_x86;
+ CTX__GHASH(gcm_ghash_4bit_x86);
}
# else
ctx->gmult = gcm_gmult_4bit;
- ctx->ghash = gcm_ghash_4bit;
+ CTX__GHASH(gcm_ghash_4bit);
# endif
# elif defined(GHASH_ASM_ARM)
# ifdef PMULL_CAPABLE
if (PMULL_CAPABLE) {
gcm_init_v8(ctx->Htable, ctx->H.u);
ctx->gmult = gcm_gmult_v8;
- ctx->ghash = gcm_ghash_v8;
+ CTX__GHASH(gcm_ghash_v8);
} else
# endif
# ifdef NEON_CAPABLE
if (NEON_CAPABLE) {
gcm_init_neon(ctx->Htable, ctx->H.u);
ctx->gmult = gcm_gmult_neon;
- ctx->ghash = gcm_ghash_neon;
+ CTX__GHASH(gcm_ghash_neon);
} else
# endif
{
gcm_init_4bit(ctx->Htable, ctx->H.u);
ctx->gmult = gcm_gmult_4bit;
- ctx->ghash = gcm_ghash_4bit;
+ CTX__GHASH(gcm_ghash_4bit);
}
# elif defined(GHASH_ASM_SPARC)
if (OPENSSL_sparcv9cap_P[0] & SPARCV9_VIS3) {
gcm_init_vis3(ctx->Htable, ctx->H.u);
ctx->gmult = gcm_gmult_vis3;
- ctx->ghash = gcm_ghash_vis3;
+ CTX__GHASH(gcm_ghash_vis3);
} else {
gcm_init_4bit(ctx->Htable, ctx->H.u);
ctx->gmult = gcm_gmult_4bit;
- ctx->ghash = gcm_ghash_4bit;
+ CTX__GHASH(gcm_ghash_4bit);
}
# elif defined(GHASH_ASM_PPC)
if (OPENSSL_ppccap_P & PPC_CRYPTO207) {
gcm_init_p8(ctx->Htable, ctx->H.u);
ctx->gmult = gcm_gmult_p8;
- ctx->ghash = gcm_ghash_p8;
+ CTX__GHASH(gcm_ghash_p8);
} else {
gcm_init_4bit(ctx->Htable, ctx->H.u);
ctx->gmult = gcm_gmult_4bit;
- ctx->ghash = gcm_ghash_4bit;
+ CTX__GHASH(gcm_ghash_4bit);
}
# else
gcm_init_4bit(ctx->Htable, ctx->H.u);
# endif
+# undef CTX__GHASH
#endif
}
@@ -884,9 +878,7 @@ void CRYPTO_gcm128_setiv(GCM128_CONTEXT *ctx, const unsigned char *iv,
const union {
long one;
char little;
- } is_endian = {
- 1
- };
+ } is_endian = { 1 };
unsigned int ctr;
#ifdef GCM_FUNCREF_4BIT
void (*gcm_gmult_p) (u64 Xi[2], const u128 Htable[16]) = ctx->gmult;
@@ -1030,9 +1022,7 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
const union {
long one;
char little;
- } is_endian = {
- 1
- };
+ } is_endian = { 1 };
unsigned int n, ctr;
size_t i;
u64 mlen = ctx->len.u[1];
@@ -1040,7 +1030,7 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
void *key = ctx->key;
#ifdef GCM_FUNCREF_4BIT
void (*gcm_gmult_p) (u64 Xi[2], const u128 Htable[16]) = ctx->gmult;
-# ifdef GHASH
+# if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT)
void (*gcm_ghash_p) (u64 Xi[2], const u128 Htable[16],
const u8 *inp, size_t len) = ctx->ghash;
# endif
@@ -1090,7 +1080,8 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
if (((size_t)in | (size_t)out) % sizeof(size_t) != 0)
break;
# endif
-# if defined(GHASH) && defined(GHASH_CHUNK)
+# if defined(GHASH)
+# if defined(GHASH_CHUNK)
while (len >= GHASH_CHUNK) {
size_t j = GHASH_CHUNK;
@@ -1101,11 +1092,11 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
(*block) (ctx->Yi.c, ctx->EKi.c, key);
++ctr;
if (is_endian.little)
-# ifdef BSWAP4
+# ifdef BSWAP4
ctx->Yi.d[3] = BSWAP4(ctr);
-# else
+# else
PUTU32(ctx->Yi.c + 12, ctr);
-# endif
+# endif
else
ctx->Yi.d[3] = ctr;
for (i = 0; i < 16 / sizeof(size_t); ++i)
@@ -1117,6 +1108,7 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
GHASH(ctx, out - GHASH_CHUNK, GHASH_CHUNK);
len -= GHASH_CHUNK;
}
+# endif
if ((i = (len & (size_t)-16))) {
size_t j = i;
@@ -1217,9 +1209,7 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
const union {
long one;
char little;
- } is_endian = {
- 1
- };
+ } is_endian = { 1 };
unsigned int n, ctr;
size_t i;
u64 mlen = ctx->len.u[1];
@@ -1227,7 +1217,7 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
void *key = ctx->key;
#ifdef GCM_FUNCREF_4BIT
void (*gcm_gmult_p) (u64 Xi[2], const u128 Htable[16]) = ctx->gmult;
-# ifdef GHASH
+# if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT)
void (*gcm_ghash_p) (u64 Xi[2], const u128 Htable[16],
const u8 *inp, size_t len) = ctx->ghash;
# endif
@@ -1276,7 +1266,8 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
if (((size_t)in | (size_t)out) % sizeof(size_t) != 0)
break;
# endif
-# if defined(GHASH) && defined(GHASH_CHUNK)
+# if defined(GHASH)
+# if defined(GHASH_CHUNK)
while (len >= GHASH_CHUNK) {
size_t j = GHASH_CHUNK;
@@ -1288,11 +1279,11 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
(*block) (ctx->Yi.c, ctx->EKi.c, key);
++ctr;
if (is_endian.little)
-# ifdef BSWAP4
+# ifdef BSWAP4
ctx->Yi.d[3] = BSWAP4(ctr);
-# else
+# else
PUTU32(ctx->Yi.c + 12, ctr);
-# endif
+# endif
else
ctx->Yi.d[3] = ctr;
for (i = 0; i < 16 / sizeof(size_t); ++i)
@@ -1303,6 +1294,7 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
}
len -= GHASH_CHUNK;
}
+# endif
if ((i = (len & (size_t)-16))) {
GHASH(ctx, in, i);
while (len >= 16) {
@@ -1406,23 +1398,24 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx,
const unsigned char *in, unsigned char *out,
size_t len, ctr128_f stream)
{
+#if defined(OPENSSL_SMALL_FOOTPRINT)
+ return CRYPTO_gcm128_encrypt(ctx, in, out, len);
+#else
const union {
long one;
char little;
- } is_endian = {
- 1
- };
+ } is_endian = { 1 };
unsigned int n, ctr;
size_t i;
u64 mlen = ctx->len.u[1];
void *key = ctx->key;
-#ifdef GCM_FUNCREF_4BIT
+# ifdef GCM_FUNCREF_4BIT
void (*gcm_gmult_p) (u64 Xi[2], const u128 Htable[16]) = ctx->gmult;
-# ifdef GHASH
+# ifdef GHASH
void (*gcm_ghash_p) (u64 Xi[2], const u128 Htable[16],
const u8 *inp, size_t len) = ctx->ghash;
+# endif
# endif
-#endif
mlen += len;
if (mlen > ((U64(1) << 36) - 32) || (sizeof(len) == 8 && mlen < len))
@@ -1436,11 +1429,11 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx,
}
if (is_endian.little)
-#ifdef BSWAP4
+# ifdef BSWAP4
ctr = BSWAP4(ctx->Yi.d[3]);
-#else
+# else
ctr = GETU32(ctx->Yi.c + 12);
-#endif
+# endif
else
ctr = ctx->Yi.d[3];
@@ -1458,16 +1451,16 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx,
return 0;
}
}
-#if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT)
+# if defined(GHASH) && defined(GHASH_CHUNK)
while (len >= GHASH_CHUNK) {
(*stream) (in, out, GHASH_CHUNK / 16, key, ctx->Yi.c);
ctr += GHASH_CHUNK / 16;
if (is_endian.little)
-# ifdef BSWAP4
+# ifdef BSWAP4
ctx->Yi.d[3] = BSWAP4(ctr);
-# else
+# else
PUTU32(ctx->Yi.c + 12, ctr);
-# endif
+# endif
else
ctx->Yi.d[3] = ctr;
GHASH(ctx, out, GHASH_CHUNK);
@@ -1475,43 +1468,43 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx,
in += GHASH_CHUNK;
len -= GHASH_CHUNK;
}
-#endif
+# endif
if ((i = (len & (size_t)-16))) {
size_t j = i / 16;
(*stream) (in, out, j, key, ctx->Yi.c);
ctr += (unsigned int)j;
if (is_endian.little)
-#ifdef BSWAP4
+# ifdef BSWAP4
ctx->Yi.d[3] = BSWAP4(ctr);
-#else
+# else
PUTU32(ctx->Yi.c + 12, ctr);
-#endif
+# endif
else
ctx->Yi.d[3] = ctr;
in += i;
len -= i;
-#if defined(GHASH)
+# if defined(GHASH)
GHASH(ctx, out, i);
out += i;
-#else
+# else
while (j--) {
for (i = 0; i < 16; ++i)
ctx->Xi.c[i] ^= out[i];
GCM_MUL(ctx, Xi);
out += 16;
}
-#endif
+# endif
}
if (len) {
(*ctx->block) (ctx->Yi.c, ctx->EKi.c, key);
++ctr;
if (is_endian.little)
-#ifdef BSWAP4
+# ifdef BSWAP4
ctx->Yi.d[3] = BSWAP4(ctr);
-#else
+# else
PUTU32(ctx->Yi.c + 12, ctr);
-#endif
+# endif
else
ctx->Yi.d[3] = ctr;
while (len--) {
@@ -1522,29 +1515,31 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx,
ctx->mres = n;
return 0;
+#endif
}
int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx,
const unsigned char *in, unsigned char *out,
size_t len, ctr128_f stream)
{
+#if defined(OPENSSL_SMALL_FOOTPRINT)
+ return CRYPTO_gcm128_decrypt(ctx, in, out, len);
+#else
const union {
long one;
char little;
- } is_endian = {
- 1
- };
+ } is_endian = { 1 };
unsigned int n, ctr;
size_t i;
u64 mlen = ctx->len.u[1];
void *key = ctx->key;
-#ifdef GCM_FUNCREF_4BIT
+# ifdef GCM_FUNCREF_4BIT
void (*gcm_gmult_p) (u64 Xi[2], const u128 Htable[16]) = ctx->gmult;
-# ifdef GHASH
+# ifdef GHASH
void (*gcm_ghash_p) (u64 Xi[2], const u128 Htable[16],
const u8 *inp, size_t len) = ctx->ghash;
+# endif
# endif
-#endif
mlen += len;
if (mlen > ((U64(1) << 36) - 32) || (sizeof(len) == 8 && mlen < len))
@@ -1558,11 +1553,11 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx,
}
if (is_endian.little)
-#ifdef BSWAP4
+# ifdef BSWAP4
ctr = BSWAP4(ctx->Yi.d[3]);
-#else
+# else
ctr = GETU32(ctx->Yi.c + 12);
-#endif
+# endif
else
ctr = ctx->Yi.d[3];
@@ -1582,30 +1577,30 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx,
return 0;
}
}
-#if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT)
+# if defined(GHASH) && defined(GHASH_CHUNK)
while (len >= GHASH_CHUNK) {
GHASH(ctx, in, GHASH_CHUNK);
(*stream) (in, out, GHASH_CHUNK / 16, key, ctx->Yi.c);
ctr += GHASH_CHUNK / 16;
if (is_endian.little)
-# ifdef BSWAP4
+# ifdef BSWAP4
ctx->Yi.d[3] = BSWAP4(ctr);
-# else
+# else
PUTU32(ctx->Yi.c + 12, ctr);
-# endif
+# endif
else
ctx->Yi.d[3] = ctr;
out += GHASH_CHUNK;
in += GHASH_CHUNK;
len -= GHASH_CHUNK;
}
-#endif
+# endif
if ((i = (len & (size_t)-16))) {
size_t j = i / 16;
-#if defined(GHASH)
+# if defined(GHASH)
GHASH(ctx, in, i);
-#else
+# else
while (j--) {
size_t k;
for (k = 0; k < 16; ++k)
@@ -1615,15 +1610,15 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx,
}
j = i / 16;
in -= i;
-#endif
+# endif
(*stream) (in, out, j, key, ctx->Yi.c);
ctr += (unsigned int)j;
if (is_endian.little)
-#ifdef BSWAP4
+# ifdef BSWAP4
ctx->Yi.d[3] = BSWAP4(ctr);
-#else
+# else
PUTU32(ctx->Yi.c + 12, ctr);
-#endif
+# endif
else
ctx->Yi.d[3] = ctr;
out += i;
@@ -1634,11 +1629,11 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx,
(*ctx->block) (ctx->Yi.c, ctx->EKi.c, key);
++ctr;
if (is_endian.little)
-#ifdef BSWAP4
+# ifdef BSWAP4
ctx->Yi.d[3] = BSWAP4(ctr);
-#else
+# else
PUTU32(ctx->Yi.c + 12, ctr);
-#endif
+# endif
else
ctx->Yi.d[3] = ctr;
while (len--) {
@@ -1651,6 +1646,7 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx,
ctx->mres = n;
return 0;
+#endif
}
int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx, const unsigned char *tag,
@@ -1659,9 +1655,7 @@ int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx, const unsigned char *tag,
const union {
long one;
char little;
- } is_endian = {
- 1
- };
+ } is_endian = { 1 };
u64 alen = ctx->len.u[0] << 3;
u64 clen = ctx->len.u[1] << 3;
#ifdef GCM_FUNCREF_4BIT
More information about the openssl-commits
mailing list