summaryrefslogtreecommitdiffstats
path: root/crypto/modes/gcm128.c
diff options
context:
space:
mode:
authorRichard Levitte <levitte@openssl.org>2020-07-09 08:37:46 +0200
committerRichard Levitte <levitte@openssl.org>2020-07-11 10:00:33 +0200
commite23d850ff3281220f33ed78d9ca4fcadfa279565 (patch)
tree4e7f73d978bb1a7986e0ac27ee61bdab23d66ed2 /crypto/modes/gcm128.c
parentDOC: install documentation without execution permissions. (diff)
downloadopenssl-e23d850ff3281220f33ed78d9ca4fcadfa279565.tar.xz
openssl-e23d850ff3281220f33ed78d9ca4fcadfa279565.zip
Add and use internal header that implements endianness check
This moves test/ossl_test_endian.h to include/internal/endian.h and thereby makes the macros in there our standard way to check endianness in run-time. Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/12390)
Diffstat (limited to 'crypto/modes/gcm128.c')
-rw-r--r--crypto/modes/gcm128.c123
1 files changed, 44 insertions, 79 deletions
diff --git a/crypto/modes/gcm128.c b/crypto/modes/gcm128.c
index 0cefa1c865..4f52073d7f 100644
--- a/crypto/modes/gcm128.c
+++ b/crypto/modes/gcm128.c
@@ -10,6 +10,7 @@
#include <string.h>
#include <openssl/crypto.h>
#include "internal/cryptlib.h"
+#include "internal/endian.h"
#include "crypto/modes.h"
#if defined(__GNUC__) && !defined(STRICT_ALIGNMENT)
@@ -105,10 +106,7 @@ static void gcm_gmult_8bit(u64 Xi[2], const u128 Htable[256])
u128 Z = { 0, 0 };
const u8 *xi = (const u8 *)Xi + 15;
size_t rem, n = *xi;
- const union {
- long one;
- char little;
- } is_endian = { 1 };
+ DECLARE_IS_ENDIAN;
static const size_t rem_8bit[256] = {
PACK(0x0000), PACK(0x01C2), PACK(0x0384), PACK(0x0246),
PACK(0x0708), PACK(0x06CA), PACK(0x048C), PACK(0x054E),
@@ -194,7 +192,7 @@ static void gcm_gmult_8bit(u64 Xi[2], const u128 Htable[256])
Z.hi ^= (u64)rem_8bit[rem] << 32;
}
- if (is_endian.little) {
+ if (IS_LITTLE_ENDIAN) {
# ifdef BSWAP8
Xi[0] = BSWAP8(Z.hi);
Xi[1] = BSWAP8(Z.lo);
@@ -274,12 +272,9 @@ static void gcm_init_4bit(u128 Htable[16], u64 H[2])
*/
{
int j;
- const union {
- long one;
- char little;
- } is_endian = { 1 };
+ DECLARE_IS_ENDIAN;
- if (is_endian.little)
+ if (IS_LITTLE_ENDIAN)
for (j = 0; j < 16; ++j) {
V = Htable[j];
Htable[j].hi = V.lo;
@@ -307,10 +302,7 @@ static void gcm_gmult_4bit(u64 Xi[2], const u128 Htable[16])
u128 Z;
int cnt = 15;
size_t rem, nlo, nhi;
- const union {
- long one;
- char little;
- } is_endian = { 1 };
+ DECLARE_IS_ENDIAN;
nlo = ((const u8 *)Xi)[15];
nhi = nlo >> 4;
@@ -350,7 +342,7 @@ static void gcm_gmult_4bit(u64 Xi[2], const u128 Htable[16])
Z.lo ^= Htable[nlo].lo;
}
- if (is_endian.little) {
+ if (IS_LITTLE_ENDIAN) {
# ifdef BSWAP8
Xi[0] = BSWAP8(Z.hi);
Xi[1] = BSWAP8(Z.lo);
@@ -386,10 +378,7 @@ static void gcm_ghash_4bit(u64 Xi[2], const u128 Htable[16],
u128 Z;
int cnt;
size_t rem, nlo, nhi;
- const union {
- long one;
- char little;
- } is_endian = { 1 };
+ DECLARE_IS_ENDIAN;
# if 1
do {
@@ -528,7 +517,7 @@ static void gcm_ghash_4bit(u64 Xi[2], const u128 Htable[16],
Z.hi ^= ((u64)rem_8bit[rem << 4]) << 48;
# endif
- if (is_endian.little) {
+ if (IS_LITTLE_ENDIAN) {
# ifdef BSWAP8
Xi[0] = BSWAP8(Z.hi);
Xi[1] = BSWAP8(Z.lo);
@@ -576,16 +565,13 @@ static void gcm_gmult_1bit(u64 Xi[2], const u64 H[2])
long X;
int i, j;
const long *xi = (const long *)Xi;
- const union {
- long one;
- char little;
- } is_endian = { 1 };
+ DECLARE_IS_ENDIAN;
V.hi = H[0]; /* H is in host byte order, no byte swapping */
V.lo = H[1];
for (j = 0; j < 16 / sizeof(long); ++j) {
- if (is_endian.little) {
+ if (IS_LITTLE_ENDIAN) {
if (sizeof(long) == 8) {
# ifdef BSWAP8
X = (long)(BSWAP8(xi[j]));
@@ -609,7 +595,7 @@ static void gcm_gmult_1bit(u64 Xi[2], const u64 H[2])
}
}
- if (is_endian.little) {
+ if (IS_LITTLE_ENDIAN) {
# ifdef BSWAP8
Xi[0] = BSWAP8(Z.hi);
Xi[1] = BSWAP8(Z.lo);
@@ -718,10 +704,7 @@ void gcm_ghash_p8(u64 Xi[2], const u128 Htable[16], const u8 *inp,
void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, void *key, block128_f block)
{
- const union {
- long one;
- char little;
- } is_endian = { 1 };
+ DECLARE_IS_ENDIAN;
memset(ctx, 0, sizeof(*ctx));
ctx->block = block;
@@ -729,7 +712,7 @@ void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, void *key, block128_f block)
(*block) (ctx->H.c, ctx->H.c, key);
- if (is_endian.little) {
+ if (IS_LITTLE_ENDIAN) {
/* H is stored in host byte order */
#ifdef BSWAP8
ctx->H.u[0] = BSWAP8(ctx->H.u[0]);
@@ -833,10 +816,7 @@ void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, void *key, block128_f block)
void CRYPTO_gcm128_setiv(GCM128_CONTEXT *ctx, const unsigned char *iv,
size_t len)
{
- const union {
- long one;
- char little;
- } is_endian = { 1 };
+ DECLARE_IS_ENDIAN;
unsigned int ctr;
#ifdef GCM_FUNCREF_4BIT
void (*gcm_gmult_p) (u64 Xi[2], const u128 Htable[16]) = ctx->gmult;
@@ -875,7 +855,7 @@ void CRYPTO_gcm128_setiv(GCM128_CONTEXT *ctx, const unsigned char *iv,
GCM_MUL(ctx);
}
len0 <<= 3;
- if (is_endian.little) {
+ if (IS_LITTLE_ENDIAN) {
#ifdef BSWAP8
ctx->Xi.u[1] ^= BSWAP8(len0);
#else
@@ -894,7 +874,7 @@ void CRYPTO_gcm128_setiv(GCM128_CONTEXT *ctx, const unsigned char *iv,
GCM_MUL(ctx);
- if (is_endian.little)
+ if (IS_LITTLE_ENDIAN)
#ifdef BSWAP4
ctr = BSWAP4(ctx->Xi.d[3]);
#else
@@ -913,7 +893,7 @@ void CRYPTO_gcm128_setiv(GCM128_CONTEXT *ctx, const unsigned char *iv,
(*ctx->block) (ctx->Yi.c, ctx->EK0.c, ctx->key);
++ctr;
- if (is_endian.little)
+ if (IS_LITTLE_ENDIAN)
#ifdef BSWAP4
ctx->Yi.d[3] = BSWAP4(ctr);
#else
@@ -988,10 +968,7 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
const unsigned char *in, unsigned char *out,
size_t len)
{
- const union {
- long one;
- char little;
- } is_endian = { 1 };
+ DECLARE_IS_ENDIAN;
unsigned int n, ctr, mres;
size_t i;
u64 mlen = ctx->len.u[1];
@@ -1030,7 +1007,7 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
ctx->ares = 0;
}
- if (is_endian.little)
+ if (IS_LITTLE_ENDIAN)
#ifdef BSWAP4
ctr = BSWAP4(ctx->Yi.d[3]);
#else
@@ -1091,7 +1068,7 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
(*block) (ctx->Yi.c, ctx->EKi.c, key);
++ctr;
- if (is_endian.little)
+ if (IS_LITTLE_ENDIAN)
# ifdef BSWAP4
ctx->Yi.d[3] = BSWAP4(ctr);
# else
@@ -1118,7 +1095,7 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
(*block) (ctx->Yi.c, ctx->EKi.c, key);
++ctr;
- if (is_endian.little)
+ if (IS_LITTLE_ENDIAN)
# ifdef BSWAP4
ctx->Yi.d[3] = BSWAP4(ctr);
# else
@@ -1141,7 +1118,7 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
(*block) (ctx->Yi.c, ctx->EKi.c, key);
++ctr;
- if (is_endian.little)
+ if (IS_LITTLE_ENDIAN)
# ifdef BSWAP4
ctx->Yi.d[3] = BSWAP4(ctr);
# else
@@ -1160,7 +1137,7 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
if (len) {
(*block) (ctx->Yi.c, ctx->EKi.c, key);
++ctr;
- if (is_endian.little)
+ if (IS_LITTLE_ENDIAN)
# ifdef BSWAP4
ctx->Yi.d[3] = BSWAP4(ctr);
# else
@@ -1191,7 +1168,7 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
if (n == 0) {
(*block) (ctx->Yi.c, ctx->EKi.c, key);
++ctr;
- if (is_endian.little)
+ if (IS_LITTLE_ENDIAN)
#ifdef BSWAP4
ctx->Yi.d[3] = BSWAP4(ctr);
#else
@@ -1223,10 +1200,7 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
const unsigned char *in, unsigned char *out,
size_t len)
{
- const union {
- long one;
- char little;
- } is_endian = { 1 };
+ DECLARE_IS_ENDIAN;
unsigned int n, ctr, mres;
size_t i;
u64 mlen = ctx->len.u[1];
@@ -1265,7 +1239,7 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
ctx->ares = 0;
}
- if (is_endian.little)
+ if (IS_LITTLE_ENDIAN)
#ifdef BSWAP4
ctr = BSWAP4(ctx->Yi.d[3]);
#else
@@ -1329,7 +1303,7 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
(*block) (ctx->Yi.c, ctx->EKi.c, key);
++ctr;
- if (is_endian.little)
+ if (IS_LITTLE_ENDIAN)
# ifdef BSWAP4
ctx->Yi.d[3] = BSWAP4(ctr);
# else
@@ -1354,7 +1328,7 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
(*block) (ctx->Yi.c, ctx->EKi.c, key);
++ctr;
- if (is_endian.little)
+ if (IS_LITTLE_ENDIAN)
# ifdef BSWAP4
ctx->Yi.d[3] = BSWAP4(ctr);
# else
@@ -1376,7 +1350,7 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
(*block) (ctx->Yi.c, ctx->EKi.c, key);
++ctr;
- if (is_endian.little)
+ if (IS_LITTLE_ENDIAN)
# ifdef BSWAP4
ctx->Yi.d[3] = BSWAP4(ctr);
# else
@@ -1398,7 +1372,7 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
if (len) {
(*block) (ctx->Yi.c, ctx->EKi.c, key);
++ctr;
- if (is_endian.little)
+ if (IS_LITTLE_ENDIAN)
# ifdef BSWAP4
ctx->Yi.d[3] = BSWAP4(ctr);
# else
@@ -1432,7 +1406,7 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
if (n == 0) {
(*block) (ctx->Yi.c, ctx->EKi.c, key);
++ctr;
- if (is_endian.little)
+ if (IS_LITTLE_ENDIAN)
#ifdef BSWAP4
ctx->Yi.d[3] = BSWAP4(ctr);
#else
@@ -1469,10 +1443,7 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx,
#if defined(OPENSSL_SMALL_FOOTPRINT)
return CRYPTO_gcm128_encrypt(ctx, in, out, len);
#else
- const union {
- long one;
- char little;
- } is_endian = { 1 };
+ DECLARE_IS_ENDIAN;
unsigned int n, ctr, mres;
size_t i;
u64 mlen = ctx->len.u[1];
@@ -1510,7 +1481,7 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx,
ctx->ares = 0;
}
- if (is_endian.little)
+ if (IS_LITTLE_ENDIAN)
# ifdef BSWAP4
ctr = BSWAP4(ctx->Yi.d[3]);
# else
@@ -1558,7 +1529,7 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx,
while (len >= GHASH_CHUNK) {
(*stream) (in, out, GHASH_CHUNK / 16, key, ctx->Yi.c);
ctr += GHASH_CHUNK / 16;
- if (is_endian.little)
+ if (IS_LITTLE_ENDIAN)
# ifdef BSWAP4
ctx->Yi.d[3] = BSWAP4(ctr);
# else
@@ -1578,7 +1549,7 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx,
(*stream) (in, out, j, key, ctx->Yi.c);
ctr += (unsigned int)j;
- if (is_endian.little)
+ if (IS_LITTLE_ENDIAN)
# ifdef BSWAP4
ctx->Yi.d[3] = BSWAP4(ctr);
# else
@@ -1603,7 +1574,7 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx,
if (len) {
(*ctx->block) (ctx->Yi.c, ctx->EKi.c, key);
++ctr;
- if (is_endian.little)
+ if (IS_LITTLE_ENDIAN)
# ifdef BSWAP4
ctx->Yi.d[3] = BSWAP4(ctr);
# else
@@ -1633,10 +1604,7 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx,
#if defined(OPENSSL_SMALL_FOOTPRINT)
return CRYPTO_gcm128_decrypt(ctx, in, out, len);
#else
- const union {
- long one;
- char little;
- } is_endian = { 1 };
+ DECLARE_IS_ENDIAN;
unsigned int n, ctr, mres;
size_t i;
u64 mlen = ctx->len.u[1];
@@ -1674,7 +1642,7 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx,
ctx->ares = 0;
}
- if (is_endian.little)
+ if (IS_LITTLE_ENDIAN)
# ifdef BSWAP4
ctr = BSWAP4(ctx->Yi.d[3]);
# else
@@ -1725,7 +1693,7 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx,
GHASH(ctx, in, GHASH_CHUNK);
(*stream) (in, out, GHASH_CHUNK / 16, key, ctx->Yi.c);
ctr += GHASH_CHUNK / 16;
- if (is_endian.little)
+ if (IS_LITTLE_ENDIAN)
# ifdef BSWAP4
ctx->Yi.d[3] = BSWAP4(ctr);
# else
@@ -1757,7 +1725,7 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx,
# endif
(*stream) (in, out, j, key, ctx->Yi.c);
ctr += (unsigned int)j;
- if (is_endian.little)
+ if (IS_LITTLE_ENDIAN)
# ifdef BSWAP4
ctx->Yi.d[3] = BSWAP4(ctr);
# else
@@ -1772,7 +1740,7 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx,
if (len) {
(*ctx->block) (ctx->Yi.c, ctx->EKi.c, key);
++ctr;
- if (is_endian.little)
+ if (IS_LITTLE_ENDIAN)
# ifdef BSWAP4
ctx->Yi.d[3] = BSWAP4(ctr);
# else
@@ -1800,10 +1768,7 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx,
int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx, const unsigned char *tag,
size_t len)
{
- const union {
- long one;
- char little;
- } is_endian = { 1 };
+ DECLARE_IS_ENDIAN;
u64 alen = ctx->len.u[0] << 3;
u64 clen = ctx->len.u[1] << 3;
#ifdef GCM_FUNCREF_4BIT
@@ -1835,7 +1800,7 @@ int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx, const unsigned char *tag,
GCM_MUL(ctx);
#endif
- if (is_endian.little) {
+ if (IS_LITTLE_ENDIAN) {
#ifdef BSWAP8
alen = BSWAP8(alen);
clen = BSWAP8(clen);