2011-02-08 Niels Möller <nisse@lysator.liu.se>
+ * gcm.c (GHASH_POLYNOMIAL): Use unsigned long for this constant.
+ (gcm_gf_shift_chunk): Fixed bugs for the big endian 64-bit case,
+ e.g., sparc64. For both 4-bit and 8-bit tables.
+
* gcm.c: Use the new union gcm_block for all gf operations.
* gcm.h (union gcm_block): New union, used to enforce alignment.
#include "nettle-internal.h"
#include "macros.h"
-#define GHASH_POLYNOMIAL 0xE1
+#define GHASH_POLYNOMIAL 0xE1UL
static void
gcm_gf_add (union gcm_block *r, const union gcm_block *x, const union gcm_block *y)
{
unsigned long *w = x->w;
long mask;
+
/* Shift uses big-endian representation. */
#if WORDS_BIGENDIAN
# if SIZEOF_LONG == 4
{
union gcm_block V;
union gcm_block Z;
-
unsigned i;
+
memcpy(V.b, x, sizeof(V));
memset(Z.b, 0, sizeof(Z));
w[1] = (w[1] >> 4) | ((w[0] & 0xf) << 28);
w[0] = (w[0] >> 4) ^ (reduce << 16);
# elif SIZEOF_LONG == 8
- reduce = shift_table[w[3] & 0xf];
- w[1] = (w[1] >> 4) | ((w[0] & 0xf) << 63);
+ reduce = shift_table[w[1] & 0xf];
+ w[1] = (w[1] >> 4) | ((w[0] & 0xf) << 60);
w[0] = (w[0] >> 4) ^ (reduce << 48);
# else
# error Unsupported word size. */
w[1] = (w[1] >> 8) | ((w[0] & 0xff) << 24);
w[0] = (w[0] >> 8) ^ (reduce << 16);
# elif SIZEOF_LONG == 8
- reduce = shift_table[w[3] & 0xff];
+ reduce = shift_table[w[1] & 0xff];
w[1] = (w[1] >> 8) | ((w[0] & 0xff) << 56);
w[0] = (w[0] >> 8) ^ (reduce << 48);
# else
projects / thirdparty / nettle.git / commitdiff
