From 41a660e1641f8444e32002eaf37d68a323ac1905 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Niels=20M=C3=B6ller?= Date: Tue, 8 Feb 2011 12:20:38 +0100 Subject: [PATCH] * gcm.c (GHASH_POLYNOMIAL): Use unsigned long for this constant. (gcm_gf_shift_chunk): Fixed bugs for the big endian 64-bit case, e.g., sparc64. For both 4-bit and 8-bit tables. Rev: nettle/ChangeLog:1.139 Rev: nettle/gcm.c:1.10 --- ChangeLog | 4 ++++ gcm.c | 11 ++++++----- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 64825426..4affdd38 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,9 @@ 2011-02-08 Niels Möller + * gcm.c (GHASH_POLYNOMIAL): Use unsigned long for this constant. + (gcm_gf_shift_chunk): Fixed bugs for the big endian 64-bit case, + e.g., sparc64. For both 4-bit and 8-bit tables. + * gcm.c: Use the new union gcm_block for all gf operations. * gcm.h (union gcm_block): New union, used to enforce alignment. diff --git a/gcm.c b/gcm.c index a4474651..452450ed 100644 --- a/gcm.c +++ b/gcm.c @@ -45,7 +45,7 @@ #include "nettle-internal.h" #include "macros.h" -#define GHASH_POLYNOMIAL 0xE1 +#define GHASH_POLYNOMIAL 0xE1UL static void gcm_gf_add (union gcm_block *r, const union gcm_block *x, const union gcm_block *y) @@ -65,6 +65,7 @@ gcm_gf_shift (union gcm_block *x) { unsigned long *w = x->w; long mask; + /* Shift uses big-endian representation. */ #if WORDS_BIGENDIAN # if SIZEOF_LONG == 4 @@ -112,8 +113,8 @@ gcm_gf_mul (union gcm_block *r, const union gcm_block *x, unsigned yn, const uin { union gcm_block V; union gcm_block Z; - unsigned i; + memcpy(V.b, x, sizeof(V)); memset(Z.b, 0, sizeof(Z)); @@ -204,8 +205,8 @@ gcm_gf_shift_chunk(union gcm_block *x) w[1] = (w[1] >> 4) | ((w[0] & 0xf) << 28); w[0] = (w[0] >> 4) ^ (reduce << 16); # elif SIZEOF_LONG == 8 - reduce = shift_table[w[3] & 0xf]; - w[1] = (w[1] >> 4) | ((w[0] & 0xf) << 63); + reduce = shift_table[w[1] & 0xf]; + w[1] = (w[1] >> 4) | ((w[0] & 0xf) << 60); w[0] = (w[0] >> 4) ^ (reduce << 48); # else # error Unsupported word size. */ @@ -269,7 +270,7 @@ gcm_gf_shift_chunk(union gcm_block *x) w[1] = (w[1] >> 8) | ((w[0] & 0xff) << 24); w[0] = (w[0] >> 8) ^ (reduce << 16); # elif SIZEOF_LONG == 8 - reduce = shift_table[w[3] & 0xff]; + reduce = shift_table[w[1] & 0xff]; w[1] = (w[1] >> 8) | ((w[0] & 0xff) << 56); w[0] = (w[0] >> 8) ^ (reduce << 48); # else -- 2.47.3