Halve allocation size for precomputed values in gcm_key.

diff --git a/ChangeLog b/ChangeLog
index 17cb1bc3051d1dbfa02097c77fe8be5ca7340632..58aa4081929623046eb3d4a6b1a8eb6b6fe0e7da 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2025-03-24  Niels Möller  <nisse@lysator.liu.se>
+
+       * gcm.h (GCM_TABLE_BITS): Delete constant.
+       (struct gcm_key): Halve the allocation size for precomputed
+       values, to 2048 bytes, or 128 16-byte blocks.
+
 2025-03-18  Niels Möller  <nisse@lysator.liu.se>
 
        Delete the output size argument from almost all digest functions.

diff --git a/gcm.h b/gcm.h
index ca3f9c406e900d6fa314576b88bd7795fa18d4e3..f442ed8fe25c90e56af7e09078f6871d8494d8a0 100644 (file)
--- a/gcm.h
+++ b/gcm.h
@@ -106,12 +106,11 @@ extern "C" {
 #define GCM_BLOCK_SIZE 16
 #define GCM_IV_SIZE (GCM_BLOCK_SIZE - 4)
 #define GCM_DIGEST_SIZE 16
-#define GCM_TABLE_BITS 8
 
 /* Hashing subkey */
 struct gcm_key
 {
-  union nettle_block16 h[1 << GCM_TABLE_BITS];
+  union nettle_block16 h[0x80];
 };
 
 /* Per-message state, depending on the iv */

diff --git a/ghash-set-key.c b/ghash-set-key.c
index da1c90f03c37dc624c5e7a02cadb6311fbf2beb3..180bb9d6a2ab8f540dbe8b8f82b1e898ad916c50 100644 (file)
--- a/ghash-set-key.c
+++ b/ghash-set-key.c
@@ -51,10 +51,6 @@ _nettle_ghash_set_key_c (struct gcm_key *ctx, const union nettle_block16 *key);
 #define _nettle_ghash_set_key _nettle_ghash_set_key_c
 #endif
 
-#if GCM_TABLE_BITS < 7
-# error Unsupported table size.
-#endif
-
 /* Implements a lookup table for processors without carryless-mul
    instruction. */
 void

diff --git a/ghash-update.c b/ghash-update.c
index bdeaa38d5c0a5e548fd2c3a6fd81af414aa563e9..dc25a32b4ef88aade1741df39808bb875f3b56a0 100644 (file)
--- a/ghash-update.c
+++ b/ghash-update.c
@@ -44,10 +44,6 @@
 #include "ghash-internal.h"
 #include "block-internal.h"
 
-#if GCM_TABLE_BITS < 7
-# error Unsupported table size.
-#endif
-
 /* For fat builds */
 #if HAVE_NATIVE_ghash_update
 const uint8_t *