124 void gcm_gmult_4bit(uint64_t Xi[2], const u128 Htable[16]) {  in gcm_gmult_4bit()
129   nlo = ((const uint8_t *)Xi)[15];  in gcm_gmult_4bit()
153     nlo = ((const uint8_t *)Xi)[cnt];  in gcm_gmult_4bit()
170   Xi[0] = CRYPTO_bswap8(Z.hi);  in gcm_gmult_4bit()
171   Xi[1] = CRYPTO_bswap8(Z.lo);  in gcm_gmult_4bit()
179 void gcm_ghash_4bit(uint64_t Xi[2], const u128 Htable[16], const uint8_t *inp,  in gcm_ghash_4bit()
187     nlo = ((const uint8_t *)Xi)[15];  in gcm_ghash_4bit()
212       nlo = ((const uint8_t *)Xi)[cnt];  in gcm_ghash_4bit()
230     Xi[0] = CRYPTO_bswap8(Z.hi);  in gcm_ghash_4bit()
231     Xi[1] = CRYPTO_bswap8(Z.lo);  in gcm_ghash_4bit()
236 #define GCM_MUL(ctx, Xi) gcm_gmult_4bit((ctx)->Xi.u, (ctx)->gcm_key.Htable)  argument
238   gcm_ghash_4bit((ctx)->Xi.u, (ctx)->gcm_key.Htable, in, len)
245 void gcm_init_ssse3(u128 Htable[16], const uint64_t Xi[2]) {  in gcm_init_ssse3()
247   gcm_init_4bit(Htable, Xi);  in gcm_init_ssse3()
273 #define GCM_MUL(ctx, Xi) (*gcm_gmult_p)((ctx)->Xi.u, (ctx)->gcm_key.Htable)  argument
276   (*gcm_ghash_p)((ctx)->Xi.u, (ctx)->gcm_key.Htable, in, len)
382   void (*gcm_gmult_p)(uint64_t Xi[2], const u128 Htable[16]) =  in CRYPTO_gcm128_setiv()
388   ctx->Xi.u[0] = 0;  in CRYPTO_gcm128_setiv()
389   ctx->Xi.u[1] = 0;  in CRYPTO_gcm128_setiv()
431   void (*gcm_gmult_p)(uint64_t Xi[2], const u128 Htable[16]) =  in CRYPTO_gcm128_aad()
434   void (*gcm_ghash_p)(uint64_t Xi[2], const u128 Htable[16], const uint8_t *inp,  in CRYPTO_gcm128_aad()
452       ctx->Xi.c[n] ^= *(aad++);  in CRYPTO_gcm128_aad()
457       GCM_MUL(ctx, Xi);  in CRYPTO_gcm128_aad()
476       ctx->Xi.c[i] ^= aad[i];  in CRYPTO_gcm128_aad()
488   void (*gcm_gmult_p)(uint64_t Xi[2], const u128 Htable[16]) =  in CRYPTO_gcm128_encrypt()
490   void (*gcm_ghash_p)(uint64_t Xi[2], const u128 Htable[16], const uint8_t *inp,  in CRYPTO_gcm128_encrypt()
503     GCM_MUL(ctx, Xi);  in CRYPTO_gcm128_encrypt()
510       ctx->Xi.c[n] ^= *(out++) = *(in++) ^ ctx->EKi.c[n];  in CRYPTO_gcm128_encrypt()
515       GCM_MUL(ctx, Xi);  in CRYPTO_gcm128_encrypt()
562       ctx->Xi.c[n] ^= out[n] = in[n] ^ ctx->EKi.c[n];  in CRYPTO_gcm128_encrypt()
576   void (*gcm_gmult_p)(uint64_t Xi[2], const u128 Htable[16]) =  in CRYPTO_gcm128_decrypt()
578   void (*gcm_ghash_p)(uint64_t Xi[2], const u128 Htable[16], const uint8_t *inp,  in CRYPTO_gcm128_decrypt()
591     GCM_MUL(ctx, Xi);  in CRYPTO_gcm128_decrypt()
600       ctx->Xi.c[n] ^= c;  in CRYPTO_gcm128_decrypt()
605       GCM_MUL(ctx, Xi);  in CRYPTO_gcm128_decrypt()
653       ctx->Xi.c[n] ^= c;  in CRYPTO_gcm128_decrypt()
667   void (*gcm_gmult_p)(uint64_t Xi[2], const u128 Htable[16]) =  in CRYPTO_gcm128_encrypt_ctr32()
669   void (*gcm_ghash_p)(uint64_t Xi[2], const u128 Htable[16], const uint8_t *inp,  in CRYPTO_gcm128_encrypt_ctr32()
682     GCM_MUL(ctx, Xi);  in CRYPTO_gcm128_encrypt_ctr32()
689       ctx->Xi.c[n] ^= *(out++) = *(in++) ^ ctx->EKi.c[n];  in CRYPTO_gcm128_encrypt_ctr32()
694       GCM_MUL(ctx, Xi);  in CRYPTO_gcm128_encrypt_ctr32()
705     size_t bulk = aesni_gcm_encrypt(in, out, len, key, ctx->Yi.c, ctx->Xi.u);  in CRYPTO_gcm128_encrypt_ctr32()
739       ctx->Xi.c[n] ^= out[n] = in[n] ^ ctx->EKi.c[n];  in CRYPTO_gcm128_encrypt_ctr32()
752   void (*gcm_gmult_p)(uint64_t Xi[2], const u128 Htable[16]) =  in CRYPTO_gcm128_decrypt_ctr32()
754   void (*gcm_ghash_p)(uint64_t Xi[2], const u128 Htable[16], const uint8_t *inp,  in CRYPTO_gcm128_decrypt_ctr32()
767     GCM_MUL(ctx, Xi);  in CRYPTO_gcm128_decrypt_ctr32()
776       ctx->Xi.c[n] ^= c;  in CRYPTO_gcm128_decrypt_ctr32()
781       GCM_MUL(ctx, Xi);  in CRYPTO_gcm128_decrypt_ctr32()
792     size_t bulk = aesni_gcm_decrypt(in, out, len, key, ctx->Yi.c, ctx->Xi.u);  in CRYPTO_gcm128_decrypt_ctr32()
827       ctx->Xi.c[n] ^= c;  in CRYPTO_gcm128_decrypt_ctr32()
839   void (*gcm_gmult_p)(uint64_t Xi[2], const u128 Htable[16]) =  in CRYPTO_gcm128_finish()
844     GCM_MUL(ctx, Xi);  in CRYPTO_gcm128_finish()
847   ctx->Xi.u[0] ^= CRYPTO_bswap8(ctx->len.u[0] << 3);  in CRYPTO_gcm128_finish()
848   ctx->Xi.u[1] ^= CRYPTO_bswap8(ctx->len.u[1] << 3);  in CRYPTO_gcm128_finish()
849   GCM_MUL(ctx, Xi);  in CRYPTO_gcm128_finish()
851   ctx->Xi.u[0] ^= ctx->EK0.u[0];  in CRYPTO_gcm128_finish()
852   ctx->Xi.u[1] ^= ctx->EK0.u[1];  in CRYPTO_gcm128_finish()
854   if (tag && len <= sizeof(ctx->Xi)) {  in CRYPTO_gcm128_finish()
855     return CRYPTO_memcmp(ctx->Xi.c, tag, len) == 0;  in CRYPTO_gcm128_finish()
863   OPENSSL_memcpy(tag, ctx->Xi.c,  in CRYPTO_gcm128_tag()
864                  len <= sizeof(ctx->Xi.c) ? len : sizeof(ctx->Xi.c));  in CRYPTO_gcm128_tag()