wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-01 03:34:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #6203 from julek-wolfssl/xor-optim

Browse Source 
Try to XOR as many words as possible in xorbuf APIs
This commit is contained in:
JacobBarthelmeh
2023-04-19 11:59:33 -06:00
committed by GitHub
parent 0e64972c86 81c9062973
commit 3865f943c3
9 changed files with 151 additions and 167 deletions
Download Patch File Download Diff File Expand all files Collapse all files

90
wolfcrypt/src/aes.c
View File

@@ -3829,8 +3829,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
XMEMCPY(temp_block, in + offset, AES_BLOCK_SIZE);
/* XOR block with IV for CBC */
for (i = 0; i < AES_BLOCK_SIZE; i++)
temp_block[i] ^= iv[i];
xorbuf(temp_block, iv, AES_BLOCK_SIZE);
ret = wc_AesEncrypt(aes, temp_block, out + offset);
if (ret != 0)
@@ -3869,8 +3868,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
wc_AesDecrypt(aes, in + offset, out + offset);
/* XOR block with IV for CBC */
for (i = 0; i < AES_BLOCK_SIZE; i++)
(out + offset)[i] ^= iv[i];
xorbuf(out + offset, iv, AES_BLOCK_SIZE);
/* store IV for next block */
XMEMCPY(iv, temp_block, AES_BLOCK_SIZE);
@@ -4455,9 +4453,9 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
/* Software AES - CTR Encrypt */
int wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
{
byte* tmp;
byte scratch[AES_BLOCK_SIZE];
int ret;
word32 processed;
if (aes == NULL || out == NULL || in == NULL) {
return BAD_FUNC_ARG;
@@ -4473,12 +4471,13 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
#endif
/* consume any unused bytes left in aes->tmp */
tmp = (byte*)aes->tmp + AES_BLOCK_SIZE - aes->left;
while (aes->left && sz) {
*(out++) = *(in++) ^ *(tmp++);
aes->left--;
sz--;
}
processed = min(aes->left, sz);
xorbufout(out, in, (byte*)aes->tmp + AES_BLOCK_SIZE - aes->left,
processed);
out += processed;
in += processed;
aes->left -= processed;
sz -= processed;
#if defined(HAVE_AES_ECB) && !defined(WOLFSSL_PIC32MZ_CRYPT) && \
!defined(XTRANSFORM_AESCTRBLOCK)
@@ -4545,13 +4544,8 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
}
IncrementAesCounter((byte*)aes->reg);
aes->left = AES_BLOCK_SIZE;
tmp = (byte*)aes->tmp;
while (sz--) {
*(out++) = *(in++) ^ *(tmp++);
aes->left--;
}
aes->left = AES_BLOCK_SIZE - sz;
xorbufout(out, in, aes->tmp, sz);
}
#ifdef WOLFSSL_CHECK_MEM_ZERO
@@ -9924,6 +9918,7 @@ static WARN_UNUSED_RESULT int wc_AesFeedbackEncrypt(
byte* reg = NULL;
#endif
int ret = 0;
word32 processed;
if (aes == NULL || out == NULL || in == NULL) {
return BAD_FUNC_ARG;
@@ -9936,18 +9931,17 @@ static WARN_UNUSED_RESULT int wc_AesFeedbackEncrypt(
#endif
/* consume any unused bytes left in aes->tmp */
tmp = (byte*)aes->tmp + AES_BLOCK_SIZE - aes->left;
while (aes->left && sz) {
*(out) = *(in++) ^ *(tmp++);
#ifdef WOLFSSL_AES_CFB
if (mode == AES_CFB_MODE) {
*(reg++) = *out;
}
#endif
out++;
aes->left--;
sz--;
processed = min(aes->left, sz);
xorbufout(out, in, (byte*)aes->tmp + AES_BLOCK_SIZE - aes->left, processed);
#ifdef WOLFSSL_AES_CFB
if (mode == AES_CFB_MODE) {
XMEMCPY((byte*)aes->reg + AES_BLOCK_SIZE - aes->left, out, processed);
}
#endif
aes->left -= processed;
out += processed;
in += processed;
sz -= processed;
SAVE_VECTOR_REGISTERS(return _svr_ret;);
@@ -9990,16 +9984,13 @@ static WARN_UNUSED_RESULT int wc_AesFeedbackEncrypt(
reg = (byte*)aes->reg;
#endif
while (sz--) {
*(out) = *(in++) ^ *(tmp++);
#ifdef WOLFSSL_AES_CFB
if (mode == AES_CFB_MODE) {
*(reg++) = *out;
}
#endif
out++;
aes->left--;
xorbufout(out, in, tmp, sz);
#ifdef WOLFSSL_AES_CFB
if (mode == AES_CFB_MODE) {
XMEMCPY(reg, out, sz);
}
#endif
aes->left -= sz;
}
RESTORE_VECTOR_REGISTERS();
@@ -10022,8 +10013,8 @@ static WARN_UNUSED_RESULT int wc_AesFeedbackEncrypt(
static WARN_UNUSED_RESULT int wc_AesFeedbackDecrypt(
Aes* aes, byte* out, const byte* in, word32 sz, byte mode)
{
byte* tmp;
int ret = 0;
word32 processed;
if (aes == NULL || out == NULL || in == NULL) {
return BAD_FUNC_ARG;
@@ -10038,12 +10029,12 @@ static WARN_UNUSED_RESULT int wc_AesFeedbackDecrypt(
#endif
/* consume any unused bytes left in aes->tmp */
tmp = (byte*)aes->tmp + AES_BLOCK_SIZE - aes->left;
while (aes->left && sz) {
*(out++) = *(in++) ^ *(tmp++);
aes->left--;
sz--;
}
processed = min(aes->left, sz);
xorbufout(out, in, (byte*)aes->tmp + AES_BLOCK_SIZE - aes->left, processed);
aes->left -= processed;
out += processed;
in += processed;
sz -= processed;
SAVE_VECTOR_REGISTERS(return _svr_ret;);
@@ -10086,13 +10077,8 @@ static WARN_UNUSED_RESULT int wc_AesFeedbackDecrypt(
}
#endif
aes->left = AES_BLOCK_SIZE;
tmp = (byte*)aes->tmp;
while (sz--) {
*(out++) = *(in++) ^ *(tmp++);
aes->left--;
}
aes->left = AES_BLOCK_SIZE - sz;
xorbufout(out, in, aes->tmp, sz);
}
RESTORE_VECTOR_REGISTERS();

70
wolfcrypt/src/chacha.c
View File

@@ -202,15 +202,12 @@ int wc_Chacha_SetKey(ChaCha* ctx, const byte* key, word32 keySz)
/**
* Converts word into bytes with rotations having been done.
*/
static WC_INLINE void wc_Chacha_wordtobyte(word32 output[CHACHA_CHUNK_WORDS],
const word32 input[CHACHA_CHUNK_WORDS])
static WC_INLINE void wc_Chacha_wordtobyte(word32 x[CHACHA_CHUNK_WORDS],
word32 state[CHACHA_CHUNK_WORDS])
{
word32 x[CHACHA_CHUNK_WORDS];
word32 i;
for (i = 0; i < CHACHA_CHUNK_WORDS; i++) {
x[i] = input[i];
}
XMEMCPY(x, state, CHACHA_CHUNK_BYTES);
for (i = (ROUNDS); i > 0; i -= 2) {
QUARTERROUND(0, 4, 8, 12)
@@ -224,11 +221,8 @@ static WC_INLINE void wc_Chacha_wordtobyte(word32 output[CHACHA_CHUNK_WORDS],
}
for (i = 0; i < CHACHA_CHUNK_WORDS; i++) {
x[i] = PLUS(x[i], input[i]);
}
for (i = 0; i < CHACHA_CHUNK_WORDS; i++) {
output[i] = LITTLE32(x[i]);
x[i] = PLUS(x[i], state[i]);
x[i] = LITTLE32(x[i]);
}
}
@@ -334,36 +328,33 @@ extern void chacha_encrypt_avx2(ChaCha* ctx, const byte* m, byte* c,
static void wc_Chacha_encrypt_bytes(ChaCha* ctx, const byte* m, byte* c,
word32 bytes)
{
byte* output;
word32 temp[CHACHA_CHUNK_WORDS]; /* used to make sure aligned */
word32 i;
union {
byte state[CHACHA_CHUNK_BYTES];
word32 state32[CHACHA_CHUNK_WORDS];
wolfssl_word align_word; /* align for xorbufout */
} tmp;
/* handle left overs */
if (bytes > 0 && ctx->left > 0) {
wc_Chacha_wordtobyte(temp, ctx->X); /* recreate the stream */
output = (byte*)temp + CHACHA_CHUNK_BYTES - ctx->left;
for (i = 0; i < bytes && i < ctx->left; i++) {
c[i] = (byte)(m[i] ^ output[i]);
}
ctx->left -= i;
word32 processed = min(bytes, ctx->left);
wc_Chacha_wordtobyte(tmp.state32, ctx->X); /* recreate the stream */
xorbufout(c, m, tmp.state + CHACHA_CHUNK_BYTES - ctx->left, processed);
ctx->left -= processed;
/* Used up all of the stream that was left, increment the counter */
if (ctx->left == 0) {
ctx->X[CHACHA_MATRIX_CNT_IV] =
PLUSONE(ctx->X[CHACHA_MATRIX_CNT_IV]);
}
bytes -= i;
c += i;
m += i;
bytes -= processed;
c += processed;
m += processed;
}
output = (byte*)temp;
while (bytes >= CHACHA_CHUNK_BYTES) {
wc_Chacha_wordtobyte(temp, ctx->X);
wc_Chacha_wordtobyte(tmp.state32, ctx->X);
ctx->X[CHACHA_MATRIX_CNT_IV] = PLUSONE(ctx->X[CHACHA_MATRIX_CNT_IV]);
for (i = 0; i < CHACHA_CHUNK_BYTES; ++i) {
c[i] = (byte)(m[i] ^ output[i]);
}
xorbufout(c, m, tmp.state, CHACHA_CHUNK_BYTES);
bytes -= CHACHA_CHUNK_BYTES;
c += CHACHA_CHUNK_BYTES;
m += CHACHA_CHUNK_BYTES;
@@ -373,11 +364,9 @@ static void wc_Chacha_encrypt_bytes(ChaCha* ctx, const byte* m, byte* c,
/* in this case there will always be some left over since bytes is less
* than CHACHA_CHUNK_BYTES, so do not increment counter after getting
* stream in order for the stream to be recreated on next call */
wc_Chacha_wordtobyte(temp, ctx->X);
for (i = 0; i < bytes; ++i) {
c[i] = m[i] ^ output[i];
}
ctx->left = CHACHA_CHUNK_BYTES - i;
wc_Chacha_wordtobyte(tmp.state32, ctx->X);
xorbufout(c, m, tmp.state, bytes);
ctx->left = CHACHA_CHUNK_BYTES - bytes;
}
}
@@ -394,17 +383,14 @@ int wc_Chacha_Process(ChaCha* ctx, byte* output, const byte* input,
/* handle left overs */
if (msglen > 0 && ctx->left > 0) {
byte* out;
word32 i;
word32 processed = min(msglen, ctx->left);
out = (byte*)ctx->over + CHACHA_CHUNK_BYTES - ctx->left;
for (i = 0; i < msglen && i < ctx->left; i++) {
output[i] = (byte)(input[i] ^ out[i]);
}
ctx->left -= i;
msglen -= i;
output += i;
input += i;
xorbufout(output, input, out, processed);
ctx->left -= processed;
msglen -= processed;
output += processed;
input += processed;
}
if (msglen == 0) {

12
wolfcrypt/src/des3.c
View File

@@ -941,8 +941,7 @@
XMEMCPY(temp_block, in + offset, DES_BLOCK_SIZE);
/* XOR block with IV for CBC */
for (i = 0; i < DES_BLOCK_SIZE; i++)
temp_block[i] ^= iv[i];
xorbuf(temp_block, iv, DES_BLOCK_SIZE);
ret = wolfSSL_CryptHwMutexLock();
if(ret != 0) {
@@ -1000,8 +999,7 @@
wolfSSL_CryptHwMutexUnLock();
/* XOR block with IV for CBC */
for (i = 0; i < DES_BLOCK_SIZE; i++)
(out + offset)[i] ^= iv[i];
xorbuf(out + offset, iv, DES_BLOCK_SIZE);
/* store IV for next block */
XMEMCPY(iv, temp_block, DES_BLOCK_SIZE);
@@ -1037,8 +1035,7 @@
XMEMCPY(temp_block, in + offset, DES_BLOCK_SIZE);
/* XOR block with IV for CBC */
for (i = 0; i < DES_BLOCK_SIZE; i++)
temp_block[i] ^= iv[i];
xorbuf(temp_block, iv, DES_BLOCK_SIZE);
ret = wolfSSL_CryptHwMutexLock();
if(ret != 0) {
@@ -1104,8 +1101,7 @@
wolfSSL_CryptHwMutexUnLock();
/* XOR block with IV for CBC */
for (i = 0; i < DES_BLOCK_SIZE; i++)
(out + offset)[i] ^= iv[i];
xorbuf(out + offset, iv, DES_BLOCK_SIZE);
/* store IV for next block */
XMEMCPY(iv, temp_block, DES_BLOCK_SIZE);

12
wolfcrypt/src/hpke.c
View File

@@ -43,6 +43,13 @@
#include <wolfssl/wolfcrypt/aes.h>
#include <wolfssl/wolfcrypt/hpke.h>
#ifdef NO_INLINE
#include <wolfssl/wolfcrypt/misc.h>
#else
#define WOLFSSL_MISC_INCLUDED
#include <wolfcrypt/src/misc.c>
#endif
const int hpkeSupportedKem[HPKE_SUPPORTED_KEM_LEN] = {
DHKEM_P256_HKDF_SHA256,
DHKEM_P384_HKDF_SHA384,
@@ -581,7 +588,6 @@ static int wc_HpkeLabeledExpand(Hpke* hpke, byte* suite_id, word32 suite_id_len,
static int wc_HpkeContextComputeNonce(Hpke* hpke, HpkeBaseContext* context,
byte* out)
{
int i;
int ret;
byte seq_bytes[HPKE_Nn_MAX];
@@ -589,9 +595,7 @@ static int wc_HpkeContextComputeNonce(Hpke* hpke, HpkeBaseContext* context,
* nonce */
ret = I2OSP(context->seq, hpke->Nn, seq_bytes);
if (ret == 0) {
for (i = 0; i < (int)hpke->Nn; i++) {
out[i] = (context->base_nonce[i] ^ seq_bytes[i]);
}
xorbufout(out, context->base_nonce, seq_bytes, hpke->Nn);
}
return ret;

81
wolfcrypt/src/misc.c
View File

@@ -256,42 +256,60 @@ WC_MISC_STATIC WC_INLINE void ByteReverseWords64(word64* out, const word64* in,
#ifndef WOLFSSL_NO_XOR_OPS
/* This routine performs a bitwise XOR operation of <*r> and <*a> for <n> number
of wolfssl_words, placing the result in <*r>. */
WC_MISC_STATIC WC_INLINE void XorWordsOut(wolfssl_word* r,
const wolfssl_word* a, const wolfssl_word* b, word32 n)
WC_MISC_STATIC WC_INLINE void XorWordsOut(wolfssl_word** r,
const wolfssl_word** a, const wolfssl_word** b, word32 n)
{
word32 i;
for (i = 0; i < n; i++) r[i] = a[i] ^ b[i];
for (i = 0; i < n; i++)
*((*r)++) = *((*a)++) ^ *((*b)++);
}
/* This routine performs a bitwise XOR operation of <*buf> and <*mask> of n
counts, placing the result in <*buf>. */
WC_MISC_STATIC WC_INLINE void xorbufout(void*out, const void* buf,
WC_MISC_STATIC WC_INLINE void xorbufout(void* out, const void* buf,
const void* mask, word32 count)
{
if (((wc_ptr_t)out | (wc_ptr_t)buf | (wc_ptr_t)mask | count) %
WOLFSSL_WORD_SIZE == 0)
XorWordsOut( (wolfssl_word*)out, (wolfssl_word*)buf,
(const wolfssl_word*)mask, count / WOLFSSL_WORD_SIZE);
else {
word32 i;
byte* o = (byte*)out;
byte* b = (byte*)buf;
const byte* m = (const byte*)mask;
word32 i;
byte* o;
byte* b;
const byte* m;
for (i = 0; i < count; i++) o[i] = b[i] ^ m[i];
o = (byte*)out;
b = (byte*)buf;
m = (const byte*)mask;
if (((wc_ptr_t)o) % WOLFSSL_WORD_SIZE ==
((wc_ptr_t)b) % WOLFSSL_WORD_SIZE &&
((wc_ptr_t)b) % WOLFSSL_WORD_SIZE ==
((wc_ptr_t)m) % WOLFSSL_WORD_SIZE) {
/* Alignment checks out. Possible to XOR words. */
/* Move alignment so that it lines up with a
* WOLFSSL_WORD_SIZE boundary */
while (((wc_ptr_t)b) % WOLFSSL_WORD_SIZE != 0 && count > 0) {
*(o++) = *(b++) ^ *(m++);
count--;
}
XorWordsOut( (wolfssl_word**)&o, (const wolfssl_word**)&b,
(const wolfssl_word**)&m, count / WOLFSSL_WORD_SIZE);
count %= WOLFSSL_WORD_SIZE;
}
for (i = 0; i < count; i++)
o[i] = b[i] ^ m[i];
}
/* This routine performs a bitwise XOR operation of <*r> and <*a> for <n> number
of wolfssl_words, placing the result in <*r>. */
WC_MISC_STATIC WC_INLINE void XorWords(wolfssl_word* r, const wolfssl_word* a,
WC_MISC_STATIC WC_INLINE void XorWords(wolfssl_word** r, const wolfssl_word** a,
word32 n)
{
word32 i;
for (i = 0; i < n; i++) r[i] ^= a[i];
for (i = 0; i < n; i++)
*((*r)++) ^= *((*a)++);
}
/* This routine performs a bitwise XOR operation of <*buf> and <*mask> of n
@@ -299,16 +317,29 @@ counts, placing the result in <*buf>. */
WC_MISC_STATIC WC_INLINE void xorbuf(void* buf, const void* mask, word32 count)
{
if (((wc_ptr_t)buf | (wc_ptr_t)mask | count) % WOLFSSL_WORD_SIZE == 0)
XorWords( (wolfssl_word*)buf,
(const wolfssl_word*)mask, count / WOLFSSL_WORD_SIZE);
else {
word32 i;
byte* b = (byte*)buf;
const byte* m = (const byte*)mask;
word32 i;
byte* b;
const byte* m;
for (i = 0; i < count; i++) b[i] ^= m[i];
b = (byte*)buf;
m = (const byte*)mask;
if (((wc_ptr_t)b) % WOLFSSL_WORD_SIZE ==
((wc_ptr_t)m) % WOLFSSL_WORD_SIZE) {
/* Alignment checks out. Possible to XOR words. */
/* Move alignment so that it lines up with a
* WOLFSSL_WORD_SIZE boundary */
while (((wc_ptr_t)buf) % WOLFSSL_WORD_SIZE != 0 && count > 0) {
*(b++) ^= *(m++);
count--;
}
XorWords( (wolfssl_word**)&b,
(const wolfssl_word**)&m, count / WOLFSSL_WORD_SIZE);
count %= WOLFSSL_WORD_SIZE;
}
for (i = 0; i < count; i++)
b[i] ^= m[i];
}
#endif
@@ -585,7 +616,7 @@ WC_MISC_STATIC WC_INLINE void ctMaskCopy(byte mask, byte* dst, byte* src,
{
int i;
for (i = 0; i < size; ++i) {
*(dst + i) ^= (*(dst + i) ^ *(src + i)) & mask;
dst[i] ^= (dst[i] ^ src[i]) & mask;
}
}

2
wolfcrypt/src/pkcs12.c
View File

@@ -1157,6 +1157,8 @@ static byte* PKCS12_ConcatonateContent(WC_PKCS12* pkcs12,byte* mergedData,
byte* oldContent;
word32 oldContentSz;
(void)pkcs12;
if (mergedData == NULL || in == NULL)
return NULL;

41
wolfcrypt/src/rsa.c
View File

@@ -1143,7 +1143,6 @@ static int RsaPad_OAEP(const byte* input, word32 inputLen, byte* pkcsBlock,
int ret;
word32 hLen;
int psLen;
int i;
word32 idx;
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
@@ -1235,10 +1234,8 @@ static int RsaPad_OAEP(const byte* input, word32 inputLen, byte* pkcsBlock,
}
XMEMCPY(pkcsBlock + (pkcsBlockLen - inputLen), input, inputLen);
pkcsBlock[idx--] = 0x01; /* PS and M separator */
while (psLen > 0 && idx > 0) {
pkcsBlock[idx--] = 0x00;
psLen--;
}
XMEMSET(pkcsBlock + idx - psLen + 1, 0, psLen);
idx -= psLen;
idx = idx - hLen + 1;
XMEMCPY(pkcsBlock + idx, lHash, hLen);
@@ -1277,19 +1274,14 @@ static int RsaPad_OAEP(const byte* input, word32 inputLen, byte* pkcsBlock,
return ret;
}
i = 0;
idx = hLen + 1;
while (idx < pkcsBlockLen && (word32)i < (pkcsBlockLen - hLen -1)) {
pkcsBlock[idx] = dbMask[i++] ^ pkcsBlock[idx];
idx++;
}
xorbuf(pkcsBlock + hLen + 1, dbMask,pkcsBlockLen - hLen - 1);
#ifdef WOLFSSL_SMALL_STACK
XFREE(dbMask, heap, DYNAMIC_TYPE_RSA);
#endif
/* create maskedSeed from seedMask */
idx = 0;
pkcsBlock[idx++] = 0x00;
pkcsBlock[0] = 0x00;
/* create seedMask inline */
if ((ret = RsaMGF(mgf, pkcsBlock + hLen + 1, pkcsBlockLen - hLen - 1,
pkcsBlock + 1, hLen, heap)) != 0) {
@@ -1301,11 +1293,7 @@ static int RsaPad_OAEP(const byte* input, word32 inputLen, byte* pkcsBlock,
}
/* xor created seedMask with seed to make maskedSeed */
i = 0;
while (idx < (hLen + 1) && i < (int)hLen) {
pkcsBlock[idx] = pkcsBlock[idx] ^ seed[i++];
idx++;
}
xorbuf(pkcsBlock + 1, seed, hLen);
#ifdef WOLFSSL_CHECK_MEM_ZERO
/* Seed must be zeroized now that it has been used. */
wc_MemZero_Add("Pad OAEP seed", seed, hLen);
@@ -1349,7 +1337,7 @@ static int RsaPad_PSS(const byte* input, word32 inputLen, byte* pkcsBlock,
int saltLen, int bits, void* heap)
{
int ret = 0;
int hLen, i, o, maskLen, hiBits;
int hLen, o, maskLen, hiBits;
byte* m;
byte* s;
#if defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_STATIC_MEMORY)
@@ -1485,9 +1473,7 @@ static int RsaPad_PSS(const byte* input, word32 inputLen, byte* pkcsBlock,
m = pkcsBlock + maskLen - saltLen - 1;
*(m++) ^= 0x01;
for (i = 0; i < saltLen; i++) {
m[i] ^= salt[o + i];
}
xorbuf(m, salt + o, saltLen);
}
#if !defined(WOLFSSL_NO_MALLOC) || defined(WOLFSSL_STATIC_MEMORY)
@@ -1681,9 +1667,7 @@ static int RsaUnPad_OAEP(byte *pkcsBlock, unsigned int pkcsBlockLen,
}
/* xor seedMask value with maskedSeed to get seed value */
for (idx = 0; idx < (word32)hLen; idx++) {
tmp[idx] = tmp[idx] ^ pkcsBlock[1 + idx];
}
xorbuf(tmp, pkcsBlock + 1, hLen);
/* get dbMask value */
if ((ret = RsaMGF(mgf, tmp, hLen, tmp + hLen,
@@ -1698,9 +1682,7 @@ static int RsaUnPad_OAEP(byte *pkcsBlock, unsigned int pkcsBlockLen,
}
/* get DB value by doing maskedDB xor dbMask */
for (idx = 0; idx < (pkcsBlockLen - hLen - 1); idx++) {
pkcsBlock[hLen + 1 + idx] = pkcsBlock[hLen + 1 + idx] ^ tmp[idx + hLen];
}
xorbuf(pkcsBlock + hLen + 1, tmp + hLen, pkcsBlockLen - hLen - 1);
ForceZero(tmp, pkcsBlockLen);
#ifdef WOLFSSL_SMALL_STACK
@@ -1873,8 +1855,7 @@ static int RsaUnPad_PSS(byte *pkcsBlock, unsigned int pkcsBlockLen,
return PSS_SALTLEN_E;
}
}
for (i++; i < maskLen; i++)
pkcsBlock[i] ^= tmp[i];
xorbuf(pkcsBlock + i, tmp + i, maskLen - i);
#if !defined(WOLFSSL_NO_MALLOC) || defined(WOLFSSL_STATIC_MEMORY)
XFREE(tmp, heap, DYNAMIC_TYPE_RSA_BUFFER);

4
wolfcrypt/src/sakke.c
View File

@@ -6136,9 +6136,7 @@ static void sakke_xor_in_v(const byte* v, word32 hashSz, byte* out, int idx,
i = 0;
}
o = i;
for (; i < hashSz; i++) {
out[idx + i - o] ^= v[i];
}
xorbuf(out + idx + i - o, v + i, hashSz - i);
}
/*

6
wolfssl/wolfcrypt/misc.h
View File

@@ -59,12 +59,12 @@ WOLFSSL_LOCAL
void ByteReverseWords(word32* out, const word32* in, word32 byteCount);
WOLFSSL_LOCAL
void XorWordsOut(wolfssl_word* r, const wolfssl_word* a, const wolfssl_word* b,
word32 n);
void XorWordsOut(wolfssl_word** r, const wolfssl_word** a,
const wolfssl_word** b, word32 n);
WOLFSSL_LOCAL
void xorbufout(void* out, const void* buf, const void* mask, word32 count);
WOLFSSL_LOCAL
void XorWords(wolfssl_word* r, const wolfssl_word* a, word32 n);
void XorWords(wolfssl_word** r, const wolfssl_word** a, word32 n);
WOLFSSL_LOCAL
void xorbuf(void* buf, const void* mask, word32 count);