/* GHASH_CHUNK is "stride parameter" missioned to mitigate cache
* trashing effect. In other words idea is to hash data while it's
* still in L1 cache after encryption pass... */
-#define GHASH_CHUNK 1024
+#define GHASH_CHUNK (3*1024)
#endif
#else /* TABLE_BITS */
ctx->Yi.d[3] = ctr;
}
c = in[i];
- out[i] ^= ctx->EKi.c[n];
+ out[i] = c^ctx->EKi.c[n];
ctx->Xi.c[n] ^= c;
n = (n+1)%16;
if (n==0)
size_t j=i/16;
(*stream)(in,out,j,ctx->key,ctx->Yi.c);
- ctr += j;
+ ctr += (unsigned int)j;
if (is_endian.little)
PUTU32(ctx->Yi.c+12,ctr);
else
in -= i;
#endif
(*stream)(in,out,j,ctx->key,ctx->Yi.c);
- ctr += j;
+ ctr += (unsigned int)j;
if (is_endian.little)
PUTU32(ctx->Yi.c+12,ctr);
else
AES_set_encrypt_key(K##n,sizeof(K##n)*8,&key); \
CRYPTO_gcm128_init(&ctx,&key,(block128_f)AES_encrypt); \
CRYPTO_gcm128_setiv(&ctx,IV##n,sizeof(IV##n)); \
+ memset(out,0,sizeof(out)); \
if (A##n) CRYPTO_gcm128_aad(&ctx,A##n,sizeof(A##n)); \
if (P##n) CRYPTO_gcm128_encrypt(&ctx,P##n,out,sizeof(out)); \
if (CRYPTO_gcm128_finish(&ctx,T##n,16) || \
(C##n && memcmp(out,C##n,sizeof(out)))) \
- ret++, printf ("encrypt test#%d failed.\n",n);\
+ ret++, printf ("encrypt test#%d failed.\n",n); \
CRYPTO_gcm128_setiv(&ctx,IV##n,sizeof(IV##n)); \
+ memset(out,0,sizeof(out)); \
if (A##n) CRYPTO_gcm128_aad(&ctx,A##n,sizeof(A##n)); \
if (C##n) CRYPTO_gcm128_decrypt(&ctx,C##n,out,sizeof(out)); \
if (CRYPTO_gcm128_finish(&ctx,T##n,16) || \
projects / oweals / openssl.git / commitdiff