|
|
@@ -6626,9 +6626,7 @@ static void GMULT(word64* X, word64* Y)
|
|
|
word64 Z[2] = {0,0};
|
|
|
word64 V[2];
|
|
|
int i, j;
|
|
|
-#ifdef AES_GCM_GMULT_CT
|
|
|
word64 v1;
|
|
|
-#endif
|
|
|
V[0] = X[0]; V[1] = X[1];
|
|
|
|
|
|
for (i = 0; i < 2; i++)
|
|
|
@@ -6636,7 +6634,7 @@ static void GMULT(word64* X, word64* Y)
|
|
|
word64 y = Y[i];
|
|
|
for (j = 0; j < 64; j++)
|
|
|
{
|
|
|
-#ifdef AES_GCM_GMULT_CT
|
|
|
+#ifndef AES_GCM_GMULT_NCT
|
|
|
word64 mask = 0 - (y >> 63);
|
|
|
Z[0] ^= V[0] & mask;
|
|
|
Z[1] ^= V[1] & mask;
|
|
|
@@ -6647,27 +6645,11 @@ static void GMULT(word64* X, word64* Y)
|
|
|
}
|
|
|
#endif
|
|
|
|
|
|
-#ifdef AES_GCM_GMULT_CT
|
|
|
v1 = (0 - (V[1] & 1)) & 0xE100000000000000ULL;
|
|
|
V[1] >>= 1;
|
|
|
V[1] |= V[0] << 63;
|
|
|
V[0] >>= 1;
|
|
|
V[0] ^= v1;
|
|
|
-#else
|
|
|
- if (V[1] & 0x0000000000000001) {
|
|
|
- V[1] >>= 1;
|
|
|
- V[1] |= ((V[0] & 0x0000000000000001) ?
|
|
|
- 0x8000000000000000ULL : 0);
|
|
|
- V[0] >>= 1;
|
|
|
- V[0] ^= 0xE100000000000000ULL;
|
|
|
- }
|
|
|
- else {
|
|
|
- V[1] >>= 1;
|
|
|
- V[1] |= ((V[0] & 0x0000000000000001) ?
|
|
|
- 0x8000000000000000ULL : 0);
|
|
|
- V[0] >>= 1;
|
|
|
- }
|
|
|
-#endif
|
|
|
y <<= 1;
|
|
|
}
|
|
|
}
|
David Garske