diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index c44f77bb1..75e57145e 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -3829,8 +3829,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv) XMEMCPY(temp_block, in + offset, AES_BLOCK_SIZE); /* XOR block with IV for CBC */ - for (i = 0; i < AES_BLOCK_SIZE; i++) - temp_block[i] ^= iv[i]; + xorbuf(temp_block, iv, AES_BLOCK_SIZE); ret = wc_AesEncrypt(aes, temp_block, out + offset); if (ret != 0) @@ -3869,8 +3868,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv) wc_AesDecrypt(aes, in + offset, out + offset); /* XOR block with IV for CBC */ - for (i = 0; i < AES_BLOCK_SIZE; i++) - (out + offset)[i] ^= iv[i]; + xorbuf(out + offset, iv, AES_BLOCK_SIZE); /* store IV for next block */ XMEMCPY(iv, temp_block, AES_BLOCK_SIZE); @@ -4455,9 +4453,9 @@ int wc_AesSetIV(Aes* aes, const byte* iv) /* Software AES - CTR Encrypt */ int wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) { - byte* tmp; byte scratch[AES_BLOCK_SIZE]; int ret; + word32 processed; if (aes == NULL || out == NULL || in == NULL) { return BAD_FUNC_ARG; @@ -4473,12 +4471,13 @@ int wc_AesSetIV(Aes* aes, const byte* iv) #endif /* consume any unused bytes left in aes->tmp */ - tmp = (byte*)aes->tmp + AES_BLOCK_SIZE - aes->left; - while (aes->left && sz) { - *(out++) = *(in++) ^ *(tmp++); - aes->left--; - sz--; - } + processed = min(aes->left, sz); + xorbufout(out, in, (byte*)aes->tmp + AES_BLOCK_SIZE - aes->left, + processed); + out += processed; + in += processed; + aes->left -= processed; + sz -= processed; #if defined(HAVE_AES_ECB) && !defined(WOLFSSL_PIC32MZ_CRYPT) && \ !defined(XTRANSFORM_AESCTRBLOCK) @@ -4545,13 +4544,8 @@ int wc_AesSetIV(Aes* aes, const byte* iv) } IncrementAesCounter((byte*)aes->reg); - aes->left = AES_BLOCK_SIZE; - tmp = (byte*)aes->tmp; - - while (sz--) { - *(out++) = *(in++) ^ *(tmp++); - aes->left--; - } + aes->left = AES_BLOCK_SIZE - sz; + xorbufout(out, in, aes->tmp, sz); } #ifdef WOLFSSL_CHECK_MEM_ZERO @@ -9924,6 +9918,7 @@ static WARN_UNUSED_RESULT int wc_AesFeedbackEncrypt( byte* reg = NULL; #endif int ret = 0; + word32 processed; if (aes == NULL || out == NULL || in == NULL) { return BAD_FUNC_ARG; @@ -9936,18 +9931,17 @@ static WARN_UNUSED_RESULT int wc_AesFeedbackEncrypt( #endif /* consume any unused bytes left in aes->tmp */ - tmp = (byte*)aes->tmp + AES_BLOCK_SIZE - aes->left; - while (aes->left && sz) { - *(out) = *(in++) ^ *(tmp++); - #ifdef WOLFSSL_AES_CFB - if (mode == AES_CFB_MODE) { - *(reg++) = *out; - } - #endif - out++; - aes->left--; - sz--; + processed = min(aes->left, sz); + xorbufout(out, in, (byte*)aes->tmp + AES_BLOCK_SIZE - aes->left, processed); +#ifdef WOLFSSL_AES_CFB + if (mode == AES_CFB_MODE) { + XMEMCPY((byte*)aes->reg + AES_BLOCK_SIZE - aes->left, out, processed); } +#endif + aes->left -= processed; + out += processed; + in += processed; + sz -= processed; SAVE_VECTOR_REGISTERS(return _svr_ret;); @@ -9990,16 +9984,13 @@ static WARN_UNUSED_RESULT int wc_AesFeedbackEncrypt( reg = (byte*)aes->reg; #endif - while (sz--) { - *(out) = *(in++) ^ *(tmp++); - #ifdef WOLFSSL_AES_CFB - if (mode == AES_CFB_MODE) { - *(reg++) = *out; - } - #endif - out++; - aes->left--; + xorbufout(out, in, tmp, sz); + #ifdef WOLFSSL_AES_CFB + if (mode == AES_CFB_MODE) { + XMEMCPY(reg, out, sz); } + #endif + aes->left -= sz; } RESTORE_VECTOR_REGISTERS(); @@ -10022,8 +10013,8 @@ static WARN_UNUSED_RESULT int wc_AesFeedbackEncrypt( static WARN_UNUSED_RESULT int wc_AesFeedbackDecrypt( Aes* aes, byte* out, const byte* in, word32 sz, byte mode) { - byte* tmp; int ret = 0; + word32 processed; if (aes == NULL || out == NULL || in == NULL) { return BAD_FUNC_ARG; @@ -10038,12 +10029,12 @@ static WARN_UNUSED_RESULT int wc_AesFeedbackDecrypt( #endif /* consume any unused bytes left in aes->tmp */ - tmp = (byte*)aes->tmp + AES_BLOCK_SIZE - aes->left; - while (aes->left && sz) { - *(out++) = *(in++) ^ *(tmp++); - aes->left--; - sz--; - } + processed = min(aes->left, sz); + xorbufout(out, in, (byte*)aes->tmp + AES_BLOCK_SIZE - aes->left, processed); + aes->left -= processed; + out += processed; + in += processed; + sz -= processed; SAVE_VECTOR_REGISTERS(return _svr_ret;); @@ -10086,13 +10077,8 @@ static WARN_UNUSED_RESULT int wc_AesFeedbackDecrypt( } #endif - aes->left = AES_BLOCK_SIZE; - tmp = (byte*)aes->tmp; - - while (sz--) { - *(out++) = *(in++) ^ *(tmp++); - aes->left--; - } + aes->left = AES_BLOCK_SIZE - sz; + xorbufout(out, in, aes->tmp, sz); } RESTORE_VECTOR_REGISTERS(); diff --git a/wolfcrypt/src/chacha.c b/wolfcrypt/src/chacha.c index ae17728f1..4dc960149 100644 --- a/wolfcrypt/src/chacha.c +++ b/wolfcrypt/src/chacha.c @@ -202,15 +202,12 @@ int wc_Chacha_SetKey(ChaCha* ctx, const byte* key, word32 keySz) /** * Converts word into bytes with rotations having been done. */ -static WC_INLINE void wc_Chacha_wordtobyte(word32 output[CHACHA_CHUNK_WORDS], - const word32 input[CHACHA_CHUNK_WORDS]) +static WC_INLINE void wc_Chacha_wordtobyte(word32 x[CHACHA_CHUNK_WORDS], + word32 state[CHACHA_CHUNK_WORDS]) { - word32 x[CHACHA_CHUNK_WORDS]; word32 i; - for (i = 0; i < CHACHA_CHUNK_WORDS; i++) { - x[i] = input[i]; - } + XMEMCPY(x, state, CHACHA_CHUNK_BYTES); for (i = (ROUNDS); i > 0; i -= 2) { QUARTERROUND(0, 4, 8, 12) @@ -224,11 +221,8 @@ static WC_INLINE void wc_Chacha_wordtobyte(word32 output[CHACHA_CHUNK_WORDS], } for (i = 0; i < CHACHA_CHUNK_WORDS; i++) { - x[i] = PLUS(x[i], input[i]); - } - - for (i = 0; i < CHACHA_CHUNK_WORDS; i++) { - output[i] = LITTLE32(x[i]); + x[i] = PLUS(x[i], state[i]); + x[i] = LITTLE32(x[i]); } } @@ -334,36 +328,33 @@ extern void chacha_encrypt_avx2(ChaCha* ctx, const byte* m, byte* c, static void wc_Chacha_encrypt_bytes(ChaCha* ctx, const byte* m, byte* c, word32 bytes) { - byte* output; - word32 temp[CHACHA_CHUNK_WORDS]; /* used to make sure aligned */ - word32 i; + union { + byte state[CHACHA_CHUNK_BYTES]; + word32 state32[CHACHA_CHUNK_WORDS]; + wolfssl_word align_word; /* align for xorbufout */ + } tmp; /* handle left overs */ if (bytes > 0 && ctx->left > 0) { - wc_Chacha_wordtobyte(temp, ctx->X); /* recreate the stream */ - output = (byte*)temp + CHACHA_CHUNK_BYTES - ctx->left; - for (i = 0; i < bytes && i < ctx->left; i++) { - c[i] = (byte)(m[i] ^ output[i]); - } - ctx->left -= i; + word32 processed = min(bytes, ctx->left); + wc_Chacha_wordtobyte(tmp.state32, ctx->X); /* recreate the stream */ + xorbufout(c, m, tmp.state + CHACHA_CHUNK_BYTES - ctx->left, processed); + ctx->left -= processed; /* Used up all of the stream that was left, increment the counter */ if (ctx->left == 0) { ctx->X[CHACHA_MATRIX_CNT_IV] = PLUSONE(ctx->X[CHACHA_MATRIX_CNT_IV]); } - bytes -= i; - c += i; - m += i; + bytes -= processed; + c += processed; + m += processed; } - output = (byte*)temp; while (bytes >= CHACHA_CHUNK_BYTES) { - wc_Chacha_wordtobyte(temp, ctx->X); + wc_Chacha_wordtobyte(tmp.state32, ctx->X); ctx->X[CHACHA_MATRIX_CNT_IV] = PLUSONE(ctx->X[CHACHA_MATRIX_CNT_IV]); - for (i = 0; i < CHACHA_CHUNK_BYTES; ++i) { - c[i] = (byte)(m[i] ^ output[i]); - } + xorbufout(c, m, tmp.state, CHACHA_CHUNK_BYTES); bytes -= CHACHA_CHUNK_BYTES; c += CHACHA_CHUNK_BYTES; m += CHACHA_CHUNK_BYTES; @@ -373,11 +364,9 @@ static void wc_Chacha_encrypt_bytes(ChaCha* ctx, const byte* m, byte* c, /* in this case there will always be some left over since bytes is less * than CHACHA_CHUNK_BYTES, so do not increment counter after getting * stream in order for the stream to be recreated on next call */ - wc_Chacha_wordtobyte(temp, ctx->X); - for (i = 0; i < bytes; ++i) { - c[i] = m[i] ^ output[i]; - } - ctx->left = CHACHA_CHUNK_BYTES - i; + wc_Chacha_wordtobyte(tmp.state32, ctx->X); + xorbufout(c, m, tmp.state, bytes); + ctx->left = CHACHA_CHUNK_BYTES - bytes; } } @@ -394,17 +383,14 @@ int wc_Chacha_Process(ChaCha* ctx, byte* output, const byte* input, /* handle left overs */ if (msglen > 0 && ctx->left > 0) { byte* out; - word32 i; + word32 processed = min(msglen, ctx->left); out = (byte*)ctx->over + CHACHA_CHUNK_BYTES - ctx->left; - for (i = 0; i < msglen && i < ctx->left; i++) { - output[i] = (byte)(input[i] ^ out[i]); - } - ctx->left -= i; - - msglen -= i; - output += i; - input += i; + xorbufout(output, input, out, processed); + ctx->left -= processed; + msglen -= processed; + output += processed; + input += processed; } if (msglen == 0) { diff --git a/wolfcrypt/src/des3.c b/wolfcrypt/src/des3.c index 02cc76112..672a8673b 100644 --- a/wolfcrypt/src/des3.c +++ b/wolfcrypt/src/des3.c @@ -941,8 +941,7 @@ XMEMCPY(temp_block, in + offset, DES_BLOCK_SIZE); /* XOR block with IV for CBC */ - for (i = 0; i < DES_BLOCK_SIZE; i++) - temp_block[i] ^= iv[i]; + xorbuf(temp_block, iv, DES_BLOCK_SIZE); ret = wolfSSL_CryptHwMutexLock(); if(ret != 0) { @@ -1000,8 +999,7 @@ wolfSSL_CryptHwMutexUnLock(); /* XOR block with IV for CBC */ - for (i = 0; i < DES_BLOCK_SIZE; i++) - (out + offset)[i] ^= iv[i]; + xorbuf(out + offset, iv, DES_BLOCK_SIZE); /* store IV for next block */ XMEMCPY(iv, temp_block, DES_BLOCK_SIZE); @@ -1037,8 +1035,7 @@ XMEMCPY(temp_block, in + offset, DES_BLOCK_SIZE); /* XOR block with IV for CBC */ - for (i = 0; i < DES_BLOCK_SIZE; i++) - temp_block[i] ^= iv[i]; + xorbuf(temp_block, iv, DES_BLOCK_SIZE); ret = wolfSSL_CryptHwMutexLock(); if(ret != 0) { @@ -1104,8 +1101,7 @@ wolfSSL_CryptHwMutexUnLock(); /* XOR block with IV for CBC */ - for (i = 0; i < DES_BLOCK_SIZE; i++) - (out + offset)[i] ^= iv[i]; + xorbuf(out + offset, iv, DES_BLOCK_SIZE); /* store IV for next block */ XMEMCPY(iv, temp_block, DES_BLOCK_SIZE); diff --git a/wolfcrypt/src/hpke.c b/wolfcrypt/src/hpke.c index b9e3c3b2c..b0d7dc441 100644 --- a/wolfcrypt/src/hpke.c +++ b/wolfcrypt/src/hpke.c @@ -43,6 +43,13 @@ #include #include +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + const int hpkeSupportedKem[HPKE_SUPPORTED_KEM_LEN] = { DHKEM_P256_HKDF_SHA256, DHKEM_P384_HKDF_SHA384, @@ -581,7 +588,6 @@ static int wc_HpkeLabeledExpand(Hpke* hpke, byte* suite_id, word32 suite_id_len, static int wc_HpkeContextComputeNonce(Hpke* hpke, HpkeBaseContext* context, byte* out) { - int i; int ret; byte seq_bytes[HPKE_Nn_MAX]; @@ -589,9 +595,7 @@ static int wc_HpkeContextComputeNonce(Hpke* hpke, HpkeBaseContext* context, * nonce */ ret = I2OSP(context->seq, hpke->Nn, seq_bytes); if (ret == 0) { - for (i = 0; i < (int)hpke->Nn; i++) { - out[i] = (context->base_nonce[i] ^ seq_bytes[i]); - } + xorbufout(out, context->base_nonce, seq_bytes, hpke->Nn); } return ret; diff --git a/wolfcrypt/src/misc.c b/wolfcrypt/src/misc.c index 3c47e517c..477fc5aa6 100644 --- a/wolfcrypt/src/misc.c +++ b/wolfcrypt/src/misc.c @@ -256,42 +256,60 @@ WC_MISC_STATIC WC_INLINE void ByteReverseWords64(word64* out, const word64* in, #ifndef WOLFSSL_NO_XOR_OPS /* This routine performs a bitwise XOR operation of <*r> and <*a> for number of wolfssl_words, placing the result in <*r>. */ -WC_MISC_STATIC WC_INLINE void XorWordsOut(wolfssl_word* r, - const wolfssl_word* a, const wolfssl_word* b, word32 n) +WC_MISC_STATIC WC_INLINE void XorWordsOut(wolfssl_word** r, + const wolfssl_word** a, const wolfssl_word** b, word32 n) { word32 i; - for (i = 0; i < n; i++) r[i] = a[i] ^ b[i]; + for (i = 0; i < n; i++) + *((*r)++) = *((*a)++) ^ *((*b)++); } /* This routine performs a bitwise XOR operation of <*buf> and <*mask> of n counts, placing the result in <*buf>. */ -WC_MISC_STATIC WC_INLINE void xorbufout(void*out, const void* buf, +WC_MISC_STATIC WC_INLINE void xorbufout(void* out, const void* buf, const void* mask, word32 count) { - if (((wc_ptr_t)out | (wc_ptr_t)buf | (wc_ptr_t)mask | count) % - WOLFSSL_WORD_SIZE == 0) - XorWordsOut( (wolfssl_word*)out, (wolfssl_word*)buf, - (const wolfssl_word*)mask, count / WOLFSSL_WORD_SIZE); - else { - word32 i; - byte* o = (byte*)out; - byte* b = (byte*)buf; - const byte* m = (const byte*)mask; + word32 i; + byte* o; + byte* b; + const byte* m; - for (i = 0; i < count; i++) o[i] = b[i] ^ m[i]; + o = (byte*)out; + b = (byte*)buf; + m = (const byte*)mask; + + + if (((wc_ptr_t)o) % WOLFSSL_WORD_SIZE == + ((wc_ptr_t)b) % WOLFSSL_WORD_SIZE && + ((wc_ptr_t)b) % WOLFSSL_WORD_SIZE == + ((wc_ptr_t)m) % WOLFSSL_WORD_SIZE) { + /* Alignment checks out. Possible to XOR words. */ + /* Move alignment so that it lines up with a + * WOLFSSL_WORD_SIZE boundary */ + while (((wc_ptr_t)b) % WOLFSSL_WORD_SIZE != 0 && count > 0) { + *(o++) = *(b++) ^ *(m++); + count--; + } + XorWordsOut( (wolfssl_word**)&o, (const wolfssl_word**)&b, + (const wolfssl_word**)&m, count / WOLFSSL_WORD_SIZE); + count %= WOLFSSL_WORD_SIZE; } + + for (i = 0; i < count; i++) + o[i] = b[i] ^ m[i]; } /* This routine performs a bitwise XOR operation of <*r> and <*a> for number of wolfssl_words, placing the result in <*r>. */ -WC_MISC_STATIC WC_INLINE void XorWords(wolfssl_word* r, const wolfssl_word* a, +WC_MISC_STATIC WC_INLINE void XorWords(wolfssl_word** r, const wolfssl_word** a, word32 n) { word32 i; - for (i = 0; i < n; i++) r[i] ^= a[i]; + for (i = 0; i < n; i++) + *((*r)++) ^= *((*a)++); } /* This routine performs a bitwise XOR operation of <*buf> and <*mask> of n @@ -299,16 +317,29 @@ counts, placing the result in <*buf>. */ WC_MISC_STATIC WC_INLINE void xorbuf(void* buf, const void* mask, word32 count) { - if (((wc_ptr_t)buf | (wc_ptr_t)mask | count) % WOLFSSL_WORD_SIZE == 0) - XorWords( (wolfssl_word*)buf, - (const wolfssl_word*)mask, count / WOLFSSL_WORD_SIZE); - else { - word32 i; - byte* b = (byte*)buf; - const byte* m = (const byte*)mask; + word32 i; + byte* b; + const byte* m; - for (i = 0; i < count; i++) b[i] ^= m[i]; + b = (byte*)buf; + m = (const byte*)mask; + + if (((wc_ptr_t)b) % WOLFSSL_WORD_SIZE == + ((wc_ptr_t)m) % WOLFSSL_WORD_SIZE) { + /* Alignment checks out. Possible to XOR words. */ + /* Move alignment so that it lines up with a + * WOLFSSL_WORD_SIZE boundary */ + while (((wc_ptr_t)buf) % WOLFSSL_WORD_SIZE != 0 && count > 0) { + *(b++) ^= *(m++); + count--; + } + XorWords( (wolfssl_word**)&b, + (const wolfssl_word**)&m, count / WOLFSSL_WORD_SIZE); + count %= WOLFSSL_WORD_SIZE; } + + for (i = 0; i < count; i++) + b[i] ^= m[i]; } #endif @@ -585,7 +616,7 @@ WC_MISC_STATIC WC_INLINE void ctMaskCopy(byte mask, byte* dst, byte* src, { int i; for (i = 0; i < size; ++i) { - *(dst + i) ^= (*(dst + i) ^ *(src + i)) & mask; + dst[i] ^= (dst[i] ^ src[i]) & mask; } } diff --git a/wolfcrypt/src/pkcs12.c b/wolfcrypt/src/pkcs12.c index 7756d4379..b2d837caa 100644 --- a/wolfcrypt/src/pkcs12.c +++ b/wolfcrypt/src/pkcs12.c @@ -1157,6 +1157,8 @@ static byte* PKCS12_ConcatonateContent(WC_PKCS12* pkcs12,byte* mergedData, byte* oldContent; word32 oldContentSz; + (void)pkcs12; + if (mergedData == NULL || in == NULL) return NULL; diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index e63ddc96a..531302d4c 100644 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -1143,7 +1143,6 @@ static int RsaPad_OAEP(const byte* input, word32 inputLen, byte* pkcsBlock, int ret; word32 hLen; int psLen; - int i; word32 idx; #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) @@ -1235,10 +1234,8 @@ static int RsaPad_OAEP(const byte* input, word32 inputLen, byte* pkcsBlock, } XMEMCPY(pkcsBlock + (pkcsBlockLen - inputLen), input, inputLen); pkcsBlock[idx--] = 0x01; /* PS and M separator */ - while (psLen > 0 && idx > 0) { - pkcsBlock[idx--] = 0x00; - psLen--; - } + XMEMSET(pkcsBlock + idx - psLen + 1, 0, psLen); + idx -= psLen; idx = idx - hLen + 1; XMEMCPY(pkcsBlock + idx, lHash, hLen); @@ -1277,19 +1274,14 @@ static int RsaPad_OAEP(const byte* input, word32 inputLen, byte* pkcsBlock, return ret; } - i = 0; - idx = hLen + 1; - while (idx < pkcsBlockLen && (word32)i < (pkcsBlockLen - hLen -1)) { - pkcsBlock[idx] = dbMask[i++] ^ pkcsBlock[idx]; - idx++; - } + xorbuf(pkcsBlock + hLen + 1, dbMask,pkcsBlockLen - hLen - 1); + #ifdef WOLFSSL_SMALL_STACK XFREE(dbMask, heap, DYNAMIC_TYPE_RSA); #endif /* create maskedSeed from seedMask */ - idx = 0; - pkcsBlock[idx++] = 0x00; + pkcsBlock[0] = 0x00; /* create seedMask inline */ if ((ret = RsaMGF(mgf, pkcsBlock + hLen + 1, pkcsBlockLen - hLen - 1, pkcsBlock + 1, hLen, heap)) != 0) { @@ -1301,11 +1293,7 @@ static int RsaPad_OAEP(const byte* input, word32 inputLen, byte* pkcsBlock, } /* xor created seedMask with seed to make maskedSeed */ - i = 0; - while (idx < (hLen + 1) && i < (int)hLen) { - pkcsBlock[idx] = pkcsBlock[idx] ^ seed[i++]; - idx++; - } + xorbuf(pkcsBlock + 1, seed, hLen); #ifdef WOLFSSL_CHECK_MEM_ZERO /* Seed must be zeroized now that it has been used. */ wc_MemZero_Add("Pad OAEP seed", seed, hLen); @@ -1349,7 +1337,7 @@ static int RsaPad_PSS(const byte* input, word32 inputLen, byte* pkcsBlock, int saltLen, int bits, void* heap) { int ret = 0; - int hLen, i, o, maskLen, hiBits; + int hLen, o, maskLen, hiBits; byte* m; byte* s; #if defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_STATIC_MEMORY) @@ -1485,9 +1473,7 @@ static int RsaPad_PSS(const byte* input, word32 inputLen, byte* pkcsBlock, m = pkcsBlock + maskLen - saltLen - 1; *(m++) ^= 0x01; - for (i = 0; i < saltLen; i++) { - m[i] ^= salt[o + i]; - } + xorbuf(m, salt + o, saltLen); } #if !defined(WOLFSSL_NO_MALLOC) || defined(WOLFSSL_STATIC_MEMORY) @@ -1681,9 +1667,7 @@ static int RsaUnPad_OAEP(byte *pkcsBlock, unsigned int pkcsBlockLen, } /* xor seedMask value with maskedSeed to get seed value */ - for (idx = 0; idx < (word32)hLen; idx++) { - tmp[idx] = tmp[idx] ^ pkcsBlock[1 + idx]; - } + xorbuf(tmp, pkcsBlock + 1, hLen); /* get dbMask value */ if ((ret = RsaMGF(mgf, tmp, hLen, tmp + hLen, @@ -1698,9 +1682,7 @@ static int RsaUnPad_OAEP(byte *pkcsBlock, unsigned int pkcsBlockLen, } /* get DB value by doing maskedDB xor dbMask */ - for (idx = 0; idx < (pkcsBlockLen - hLen - 1); idx++) { - pkcsBlock[hLen + 1 + idx] = pkcsBlock[hLen + 1 + idx] ^ tmp[idx + hLen]; - } + xorbuf(pkcsBlock + hLen + 1, tmp + hLen, pkcsBlockLen - hLen - 1); ForceZero(tmp, pkcsBlockLen); #ifdef WOLFSSL_SMALL_STACK @@ -1873,8 +1855,7 @@ static int RsaUnPad_PSS(byte *pkcsBlock, unsigned int pkcsBlockLen, return PSS_SALTLEN_E; } } - for (i++; i < maskLen; i++) - pkcsBlock[i] ^= tmp[i]; + xorbuf(pkcsBlock + i, tmp + i, maskLen - i); #if !defined(WOLFSSL_NO_MALLOC) || defined(WOLFSSL_STATIC_MEMORY) XFREE(tmp, heap, DYNAMIC_TYPE_RSA_BUFFER); diff --git a/wolfcrypt/src/sakke.c b/wolfcrypt/src/sakke.c index 17d61d93a..3803a4dd5 100644 --- a/wolfcrypt/src/sakke.c +++ b/wolfcrypt/src/sakke.c @@ -6136,9 +6136,7 @@ static void sakke_xor_in_v(const byte* v, word32 hashSz, byte* out, int idx, i = 0; } o = i; - for (; i < hashSz; i++) { - out[idx + i - o] ^= v[i]; - } + xorbuf(out + idx + i - o, v + i, hashSz - i); } /* diff --git a/wolfssl/wolfcrypt/misc.h b/wolfssl/wolfcrypt/misc.h index 418246787..e433a1a3c 100644 --- a/wolfssl/wolfcrypt/misc.h +++ b/wolfssl/wolfcrypt/misc.h @@ -59,12 +59,12 @@ WOLFSSL_LOCAL void ByteReverseWords(word32* out, const word32* in, word32 byteCount); WOLFSSL_LOCAL -void XorWordsOut(wolfssl_word* r, const wolfssl_word* a, const wolfssl_word* b, - word32 n); +void XorWordsOut(wolfssl_word** r, const wolfssl_word** a, + const wolfssl_word** b, word32 n); WOLFSSL_LOCAL void xorbufout(void* out, const void* buf, const void* mask, word32 count); WOLFSSL_LOCAL -void XorWords(wolfssl_word* r, const wolfssl_word* a, word32 n); +void XorWords(wolfssl_word** r, const wolfssl_word** a, word32 n); WOLFSSL_LOCAL void xorbuf(void* buf, const void* mask, word32 count);