44     const void *key, unsigned char ivec[16], uint64_t *Xi);
46     const void *key, unsigned char ivec[16], uint64_t *Xi);
51 void GCM_init(__uint128_t Htable[16], uint64_t Xi[2]);
52 void GCM_gmult(uint64_t Xi[2], const __uint128_t Htable[16]);
53 void GCM_ghash(uint64_t Xi[2], const __uint128_t Htable[16], const void *in,
67     const void *key, unsigned char ivec[16], uint64_t *Xi);
69     const void *key, unsigned char ivec[16], uint64_t *Xi);
76 void GCM_init(__uint128_t Htable[16], uint64_t Xi[2]);
77 void GCM_gmult(uint64_t Xi[2], const __uint128_t Htable[16]);
78 void GCM_ghash(uint64_t Xi[2], const __uint128_t Htable[16], const void *in,
83     size_t len, const void *key, unsigned char ivec_[16], uint64_t *Xi,  in ppc_aes_gcm_crypt()  argument
119 		s = encrypt ? ppc_aes_gcm_encrypt(in, out, len, key, ivec->c, Xi) :  in ppc_aes_gcm_crypt()
120 		    ppc_aes_gcm_decrypt(in, out, len, key, ivec->c, Xi);  in ppc_aes_gcm_crypt()
160 	memcpy(tag, ctx->gcm.Xi.c, len);  in gcm_tag_op()
196 	ctx->gcm.Xi.u[0] = 0;  in gcm_setiv_op()
197 	ctx->gcm.Xi.u[1] = 0;  in gcm_setiv_op()
228 			ctx->gcm.Xi.c[n] ^= *(aad++);  in gcm_aad_op()
233 			GCM_gmult(ctx->gcm.Xi.u, ctx->gcm.Htable);  in gcm_aad_op()
240 		GCM_ghash(ctx->gcm.Xi.u, ctx->gcm.Htable, aad, i);  in gcm_aad_op()
247 			ctx->gcm.Xi.c[i] ^= aad[i];  in gcm_aad_op()
271 		GCM_gmult(ctx->gcm.Xi.u, ctx->gcm.Htable);  in gcm_encrypt()
293 		ctx->gcm.Xi.c[n] ^= out[i] = in[i] ^ ctx->gcm.EKi.c[n];  in gcm_encrypt()
296 			GCM_gmult(ctx->gcm.Xi.u, ctx->gcm.Htable);  in gcm_encrypt()
320 		GCM_gmult(ctx->gcm.Xi.u, ctx->gcm.Htable);  in gcm_encrypt_ctr32()
333 			ctx->gcm.Xi.c[n] ^= *(out++) = *(in++) ^ ctx->gcm.EKi.c[n];  in gcm_encrypt_ctr32()
338 			GCM_gmult(ctx->gcm.Xi.u, ctx->gcm.Htable);  in gcm_encrypt_ctr32()
359 				ctx->gcm.Xi.c[i] ^= out[i];  in gcm_encrypt_ctr32()
360 			GCM_gmult(ctx->gcm.Xi.u, ctx->gcm.Htable);  in gcm_encrypt_ctr32()
373 			ctx->gcm.Xi.c[mres++] ^= out[n] = in[n] ^ ctx->gcm.EKi.c[n];  in gcm_encrypt_ctr32()
394 	    &ctx->aes_ks, ctx->gcm.Yi.c, ctx->gcm.Xi.u);  in gcm_encrypt_op()
422 		GCM_gmult(ctx->gcm.Xi.u, ctx->gcm.Htable);  in gcm_decrypt()
447 		ctx->gcm.Xi.c[n] ^= c;  in gcm_decrypt()
450 			GCM_gmult(ctx->gcm.Xi.u, ctx->gcm.Htable);  in gcm_decrypt()
474 		GCM_gmult(ctx->gcm.Xi.u, ctx->gcm.Htable);  in gcm_decrypt_ctr32()
489 			ctx->gcm.Xi.c[n] ^= c;  in gcm_decrypt_ctr32()
494 			GCM_gmult(ctx->gcm.Xi.u, ctx->gcm.Htable);  in gcm_decrypt_ctr32()
507 				ctx->gcm.Xi.c[k] ^= in[k];  in gcm_decrypt_ctr32()
508 			GCM_gmult(ctx->gcm.Xi.u, ctx->gcm.Htable);  in gcm_decrypt_ctr32()
534 			ctx->gcm.Xi.c[mres++] ^= c;  in gcm_decrypt_ctr32()
556 	    ctx->gcm.Yi.c, ctx->gcm.Xi.u);  in gcm_decrypt_op()
574 		GCM_gmult(ctx->gcm.Xi.u, ctx->gcm.Htable);  in gcm_finish_op()
581 	ctx->gcm.Xi.u[0] ^= alen;  in gcm_finish_op()
582 	ctx->gcm.Xi.u[1] ^= clen;  in gcm_finish_op()
583 	GCM_gmult(ctx->gcm.Xi.u, ctx->gcm.Htable);  in gcm_finish_op()
585 	ctx->gcm.Xi.u[0] ^= ctx->gcm.EK0.u[0];  in gcm_finish_op()
586 	ctx->gcm.Xi.u[1] ^= ctx->gcm.EK0.u[1];  in gcm_finish_op()
589 		return timingsafe_bcmp(ctx->gcm.Xi.c, tag, len);  in gcm_finish_op()