wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-02 12:14:38 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #6203 from julek-wolfssl/xor-optim

Browse Source 
Try to XOR as many words as possible in xorbuf APIs
This commit is contained in:
JacobBarthelmeh
2023-04-19 11:59:33 -06:00
committed by GitHub
parent 0e64972c86 81c9062973
commit 3865f943c3
9 changed files with 151 additions and 167 deletions
Download Patch File Download Diff File Expand all files Collapse all files

78
wolfcrypt/src/aes.c
View File

@@ -3829,8 +3829,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
XMEMCPY(temp_block, in + offset, AES_BLOCK_SIZE); XMEMCPY(temp_block, in + offset, AES_BLOCK_SIZE);
/* XOR block with IV for CBC */ /* XOR block with IV for CBC */
for (i = 0; i < AES_BLOCK_SIZE; i++) xorbuf(temp_block, iv, AES_BLOCK_SIZE);
temp_block[i] ^= iv[i];
ret = wc_AesEncrypt(aes, temp_block, out + offset); ret = wc_AesEncrypt(aes, temp_block, out + offset);
if (ret != 0) if (ret != 0)
@@ -3869,8 +3868,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
wc_AesDecrypt(aes, in + offset, out + offset); wc_AesDecrypt(aes, in + offset, out + offset);
/* XOR block with IV for CBC */ /* XOR block with IV for CBC */
for (i = 0; i < AES_BLOCK_SIZE; i++) xorbuf(out + offset, iv, AES_BLOCK_SIZE);
(out + offset)[i] ^= iv[i];
/* store IV for next block */ /* store IV for next block */
XMEMCPY(iv, temp_block, AES_BLOCK_SIZE); XMEMCPY(iv, temp_block, AES_BLOCK_SIZE);
@@ -4455,9 +4453,9 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
/* Software AES - CTR Encrypt */ /* Software AES - CTR Encrypt */
int wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) int wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
{ {
byte* tmp;
byte scratch[AES_BLOCK_SIZE]; byte scratch[AES_BLOCK_SIZE];
int ret; int ret;
word32 processed;
if (aes == NULL || out == NULL || in == NULL) { if (aes == NULL || out == NULL || in == NULL) {
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
@@ -4473,12 +4471,13 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
#endif #endif
/* consume any unused bytes left in aes->tmp */ /* consume any unused bytes left in aes->tmp */
tmp = (byte*)aes->tmp + AES_BLOCK_SIZE - aes->left; processed = min(aes->left, sz);
while (aes->left && sz) { xorbufout(out, in, (byte*)aes->tmp + AES_BLOCK_SIZE - aes->left,
*(out++) = *(in++) ^ *(tmp++); processed);
aes->left--; out += processed;
sz--; in += processed;
} aes->left -= processed;
sz -= processed;
#if defined(HAVE_AES_ECB) && !defined(WOLFSSL_PIC32MZ_CRYPT) && \ #if defined(HAVE_AES_ECB) && !defined(WOLFSSL_PIC32MZ_CRYPT) && \
!defined(XTRANSFORM_AESCTRBLOCK) !defined(XTRANSFORM_AESCTRBLOCK)
@@ -4545,13 +4544,8 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
} }
IncrementAesCounter((byte*)aes->reg); IncrementAesCounter((byte*)aes->reg);
aes->left = AES_BLOCK_SIZE; aes->left = AES_BLOCK_SIZE - sz;
tmp = (byte*)aes->tmp; xorbufout(out, in, aes->tmp, sz);
while (sz--) {
*(out++) = *(in++) ^ *(tmp++);
aes->left--;
}
} }
#ifdef WOLFSSL_CHECK_MEM_ZERO #ifdef WOLFSSL_CHECK_MEM_ZERO
@@ -9924,6 +9918,7 @@ static WARN_UNUSED_RESULT int wc_AesFeedbackEncrypt(
byte* reg = NULL; byte* reg = NULL;
#endif #endif
int ret = 0; int ret = 0;
word32 processed;
if (aes == NULL || out == NULL || in == NULL) { if (aes == NULL || out == NULL || in == NULL) {
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
@@ -9936,18 +9931,17 @@ static WARN_UNUSED_RESULT int wc_AesFeedbackEncrypt(
#endif #endif
/* consume any unused bytes left in aes->tmp */ /* consume any unused bytes left in aes->tmp */
tmp = (byte*)aes->tmp + AES_BLOCK_SIZE - aes->left; processed = min(aes->left, sz);
while (aes->left && sz) { xorbufout(out, in, (byte*)aes->tmp + AES_BLOCK_SIZE - aes->left, processed);
*(out) = *(in++) ^ *(tmp++);
#ifdef WOLFSSL_AES_CFB #ifdef WOLFSSL_AES_CFB
if (mode == AES_CFB_MODE) { if (mode == AES_CFB_MODE) {
*(reg++) = *out; XMEMCPY((byte*)aes->reg + AES_BLOCK_SIZE - aes->left, out, processed);
} }
#endif #endif
out++; aes->left -= processed;
aes->left--; out += processed;
sz--; in += processed;
} sz -= processed;
SAVE_VECTOR_REGISTERS(return _svr_ret;); SAVE_VECTOR_REGISTERS(return _svr_ret;);
@@ -9990,16 +9984,13 @@ static WARN_UNUSED_RESULT int wc_AesFeedbackEncrypt(
reg = (byte*)aes->reg; reg = (byte*)aes->reg;
#endif #endif
while (sz--) { xorbufout(out, in, tmp, sz);
*(out) = *(in++) ^ *(tmp++);
#ifdef WOLFSSL_AES_CFB #ifdef WOLFSSL_AES_CFB
if (mode == AES_CFB_MODE) { if (mode == AES_CFB_MODE) {
*(reg++) = *out; XMEMCPY(reg, out, sz);
} }
#endif #endif
out++; aes->left -= sz;
aes->left--;
}
} }
RESTORE_VECTOR_REGISTERS(); RESTORE_VECTOR_REGISTERS();
@@ -10022,8 +10013,8 @@ static WARN_UNUSED_RESULT int wc_AesFeedbackEncrypt(
static WARN_UNUSED_RESULT int wc_AesFeedbackDecrypt( static WARN_UNUSED_RESULT int wc_AesFeedbackDecrypt(
Aes* aes, byte* out, const byte* in, word32 sz, byte mode) Aes* aes, byte* out, const byte* in, word32 sz, byte mode)
{ {
byte* tmp;
int ret = 0; int ret = 0;
word32 processed;
if (aes == NULL || out == NULL || in == NULL) { if (aes == NULL || out == NULL || in == NULL) {
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
@@ -10038,12 +10029,12 @@ static WARN_UNUSED_RESULT int wc_AesFeedbackDecrypt(
#endif #endif
/* consume any unused bytes left in aes->tmp */ /* consume any unused bytes left in aes->tmp */
tmp = (byte*)aes->tmp + AES_BLOCK_SIZE - aes->left; processed = min(aes->left, sz);
while (aes->left && sz) { xorbufout(out, in, (byte*)aes->tmp + AES_BLOCK_SIZE - aes->left, processed);
*(out++) = *(in++) ^ *(tmp++); aes->left -= processed;
aes->left--; out += processed;
sz--; in += processed;
} sz -= processed;
SAVE_VECTOR_REGISTERS(return _svr_ret;); SAVE_VECTOR_REGISTERS(return _svr_ret;);
@@ -10086,13 +10077,8 @@ static WARN_UNUSED_RESULT int wc_AesFeedbackDecrypt(
} }
#endif #endif
aes->left = AES_BLOCK_SIZE; aes->left = AES_BLOCK_SIZE - sz;
tmp = (byte*)aes->tmp; xorbufout(out, in, aes->tmp, sz);
while (sz--) {
*(out++) = *(in++) ^ *(tmp++);
aes->left--;
}
} }
RESTORE_VECTOR_REGISTERS(); RESTORE_VECTOR_REGISTERS();

70
wolfcrypt/src/chacha.c
View File

@@ -202,15 +202,12 @@ int wc_Chacha_SetKey(ChaCha* ctx, const byte* key, word32 keySz)
/** /**
* Converts word into bytes with rotations having been done. * Converts word into bytes with rotations having been done.
*/ */
static WC_INLINE void wc_Chacha_wordtobyte(word32 output[CHACHA_CHUNK_WORDS], static WC_INLINE void wc_Chacha_wordtobyte(word32 x[CHACHA_CHUNK_WORDS],
const word32 input[CHACHA_CHUNK_WORDS]) word32 state[CHACHA_CHUNK_WORDS])
{ {
word32 x[CHACHA_CHUNK_WORDS];
word32 i; word32 i;
for (i = 0; i < CHACHA_CHUNK_WORDS; i++) { XMEMCPY(x, state, CHACHA_CHUNK_BYTES);
x[i] = input[i];
}
for (i = (ROUNDS); i > 0; i -= 2) { for (i = (ROUNDS); i > 0; i -= 2) {
QUARTERROUND(0, 4, 8, 12) QUARTERROUND(0, 4, 8, 12)
@@ -224,11 +221,8 @@ static WC_INLINE void wc_Chacha_wordtobyte(word32 output[CHACHA_CHUNK_WORDS],
} }
for (i = 0; i < CHACHA_CHUNK_WORDS; i++) { for (i = 0; i < CHACHA_CHUNK_WORDS; i++) {
x[i] = PLUS(x[i], input[i]); x[i] = PLUS(x[i], state[i]);
} x[i] = LITTLE32(x[i]);
for (i = 0; i < CHACHA_CHUNK_WORDS; i++) {
output[i] = LITTLE32(x[i]);
} }
} }
@@ -334,36 +328,33 @@ extern void chacha_encrypt_avx2(ChaCha* ctx, const byte* m, byte* c,
static void wc_Chacha_encrypt_bytes(ChaCha* ctx, const byte* m, byte* c, static void wc_Chacha_encrypt_bytes(ChaCha* ctx, const byte* m, byte* c,
word32 bytes) word32 bytes)
{ {
byte* output; union {
word32 temp[CHACHA_CHUNK_WORDS]; /* used to make sure aligned */ byte state[CHACHA_CHUNK_BYTES];
word32 i; word32 state32[CHACHA_CHUNK_WORDS];
wolfssl_word align_word; /* align for xorbufout */
} tmp;
/* handle left overs */ /* handle left overs */
if (bytes > 0 && ctx->left > 0) { if (bytes > 0 && ctx->left > 0) {
wc_Chacha_wordtobyte(temp, ctx->X); /* recreate the stream */ word32 processed = min(bytes, ctx->left);
output = (byte*)temp + CHACHA_CHUNK_BYTES - ctx->left; wc_Chacha_wordtobyte(tmp.state32, ctx->X); /* recreate the stream */
for (i = 0; i < bytes && i < ctx->left; i++) { xorbufout(c, m, tmp.state + CHACHA_CHUNK_BYTES - ctx->left, processed);
c[i] = (byte)(m[i] ^ output[i]); ctx->left -= processed;
}
ctx->left -= i;
/* Used up all of the stream that was left, increment the counter */ /* Used up all of the stream that was left, increment the counter */
if (ctx->left == 0) { if (ctx->left == 0) {
ctx->X[CHACHA_MATRIX_CNT_IV] = ctx->X[CHACHA_MATRIX_CNT_IV] =
PLUSONE(ctx->X[CHACHA_MATRIX_CNT_IV]); PLUSONE(ctx->X[CHACHA_MATRIX_CNT_IV]);
} }
bytes -= i; bytes -= processed;
c += i; c += processed;
m += i; m += processed;
} }
output = (byte*)temp;
while (bytes >= CHACHA_CHUNK_BYTES) { while (bytes >= CHACHA_CHUNK_BYTES) {
wc_Chacha_wordtobyte(temp, ctx->X); wc_Chacha_wordtobyte(tmp.state32, ctx->X);
ctx->X[CHACHA_MATRIX_CNT_IV] = PLUSONE(ctx->X[CHACHA_MATRIX_CNT_IV]); ctx->X[CHACHA_MATRIX_CNT_IV] = PLUSONE(ctx->X[CHACHA_MATRIX_CNT_IV]);
for (i = 0; i < CHACHA_CHUNK_BYTES; ++i) { xorbufout(c, m, tmp.state, CHACHA_CHUNK_BYTES);
c[i] = (byte)(m[i] ^ output[i]);
}
bytes -= CHACHA_CHUNK_BYTES; bytes -= CHACHA_CHUNK_BYTES;
c += CHACHA_CHUNK_BYTES; c += CHACHA_CHUNK_BYTES;
m += CHACHA_CHUNK_BYTES; m += CHACHA_CHUNK_BYTES;
@@ -373,11 +364,9 @@ static void wc_Chacha_encrypt_bytes(ChaCha* ctx, const byte* m, byte* c,
/* in this case there will always be some left over since bytes is less /* in this case there will always be some left over since bytes is less
* than CHACHA_CHUNK_BYTES, so do not increment counter after getting * than CHACHA_CHUNK_BYTES, so do not increment counter after getting
* stream in order for the stream to be recreated on next call */ * stream in order for the stream to be recreated on next call */
wc_Chacha_wordtobyte(temp, ctx->X); wc_Chacha_wordtobyte(tmp.state32, ctx->X);
for (i = 0; i < bytes; ++i) { xorbufout(c, m, tmp.state, bytes);
c[i] = m[i] ^ output[i]; ctx->left = CHACHA_CHUNK_BYTES - bytes;
}
ctx->left = CHACHA_CHUNK_BYTES - i;
} }
} }
@@ -394,17 +383,14 @@ int wc_Chacha_Process(ChaCha* ctx, byte* output, const byte* input,
/* handle left overs */ /* handle left overs */
if (msglen > 0 && ctx->left > 0) { if (msglen > 0 && ctx->left > 0) {
byte* out; byte* out;
word32 i; word32 processed = min(msglen, ctx->left);
out = (byte*)ctx->over + CHACHA_CHUNK_BYTES - ctx->left; out = (byte*)ctx->over + CHACHA_CHUNK_BYTES - ctx->left;
for (i = 0; i < msglen && i < ctx->left; i++) { xorbufout(output, input, out, processed);
output[i] = (byte)(input[i] ^ out[i]); ctx->left -= processed;
} msglen -= processed;
ctx->left -= i; output += processed;
input += processed;
msglen -= i;
output += i;
input += i;
} }
if (msglen == 0) { if (msglen == 0) {

12
wolfcrypt/src/des3.c
View File

@@ -941,8 +941,7 @@
XMEMCPY(temp_block, in + offset, DES_BLOCK_SIZE); XMEMCPY(temp_block, in + offset, DES_BLOCK_SIZE);
/* XOR block with IV for CBC */ /* XOR block with IV for CBC */
for (i = 0; i < DES_BLOCK_SIZE; i++) xorbuf(temp_block, iv, DES_BLOCK_SIZE);
temp_block[i] ^= iv[i];
ret = wolfSSL_CryptHwMutexLock(); ret = wolfSSL_CryptHwMutexLock();
if(ret != 0) { if(ret != 0) {
@@ -1000,8 +999,7 @@
wolfSSL_CryptHwMutexUnLock(); wolfSSL_CryptHwMutexUnLock();
/* XOR block with IV for CBC */ /* XOR block with IV for CBC */
for (i = 0; i < DES_BLOCK_SIZE; i++) xorbuf(out + offset, iv, DES_BLOCK_SIZE);
(out + offset)[i] ^= iv[i];
/* store IV for next block */ /* store IV for next block */
XMEMCPY(iv, temp_block, DES_BLOCK_SIZE); XMEMCPY(iv, temp_block, DES_BLOCK_SIZE);
@@ -1037,8 +1035,7 @@
XMEMCPY(temp_block, in + offset, DES_BLOCK_SIZE); XMEMCPY(temp_block, in + offset, DES_BLOCK_SIZE);
/* XOR block with IV for CBC */ /* XOR block with IV for CBC */
for (i = 0; i < DES_BLOCK_SIZE; i++) xorbuf(temp_block, iv, DES_BLOCK_SIZE);
temp_block[i] ^= iv[i];
ret = wolfSSL_CryptHwMutexLock(); ret = wolfSSL_CryptHwMutexLock();
if(ret != 0) { if(ret != 0) {
@@ -1104,8 +1101,7 @@
wolfSSL_CryptHwMutexUnLock(); wolfSSL_CryptHwMutexUnLock();
/* XOR block with IV for CBC */ /* XOR block with IV for CBC */
for (i = 0; i < DES_BLOCK_SIZE; i++) xorbuf(out + offset, iv, DES_BLOCK_SIZE);
(out + offset)[i] ^= iv[i];
/* store IV for next block */ /* store IV for next block */
XMEMCPY(iv, temp_block, DES_BLOCK_SIZE); XMEMCPY(iv, temp_block, DES_BLOCK_SIZE);

12
wolfcrypt/src/hpke.c
View File

@@ -43,6 +43,13 @@
#include <wolfssl/wolfcrypt/aes.h> #include <wolfssl/wolfcrypt/aes.h>
#include <wolfssl/wolfcrypt/hpke.h> #include <wolfssl/wolfcrypt/hpke.h>
#ifdef NO_INLINE
#include <wolfssl/wolfcrypt/misc.h>
#else
#define WOLFSSL_MISC_INCLUDED
#include <wolfcrypt/src/misc.c>
#endif
const int hpkeSupportedKem[HPKE_SUPPORTED_KEM_LEN] = { const int hpkeSupportedKem[HPKE_SUPPORTED_KEM_LEN] = {
DHKEM_P256_HKDF_SHA256, DHKEM_P256_HKDF_SHA256,
DHKEM_P384_HKDF_SHA384, DHKEM_P384_HKDF_SHA384,
@@ -581,7 +588,6 @@ static int wc_HpkeLabeledExpand(Hpke* hpke, byte* suite_id, word32 suite_id_len,
static int wc_HpkeContextComputeNonce(Hpke* hpke, HpkeBaseContext* context, static int wc_HpkeContextComputeNonce(Hpke* hpke, HpkeBaseContext* context,
byte* out) byte* out)
{ {
int i;
int ret; int ret;
byte seq_bytes[HPKE_Nn_MAX]; byte seq_bytes[HPKE_Nn_MAX];
@@ -589,9 +595,7 @@ static int wc_HpkeContextComputeNonce(Hpke* hpke, HpkeBaseContext* context,
* nonce */ * nonce */
ret = I2OSP(context->seq, hpke->Nn, seq_bytes); ret = I2OSP(context->seq, hpke->Nn, seq_bytes);
if (ret == 0) { if (ret == 0) {
for (i = 0; i < (int)hpke->Nn; i++) { xorbufout(out, context->base_nonce, seq_bytes, hpke->Nn);
out[i] = (context->base_nonce[i] ^ seq_bytes[i]);
}
} }
return ret; return ret;

75
wolfcrypt/src/misc.c
View File

@@ -256,12 +256,13 @@ WC_MISC_STATIC WC_INLINE void ByteReverseWords64(word64* out, const word64* in,
#ifndef WOLFSSL_NO_XOR_OPS #ifndef WOLFSSL_NO_XOR_OPS
/* This routine performs a bitwise XOR operation of <*r> and <*a> for <n> number /* This routine performs a bitwise XOR operation of <*r> and <*a> for <n> number
of wolfssl_words, placing the result in <*r>. */ of wolfssl_words, placing the result in <*r>. */
WC_MISC_STATIC WC_INLINE void XorWordsOut(wolfssl_word* r, WC_MISC_STATIC WC_INLINE void XorWordsOut(wolfssl_word** r,
const wolfssl_word* a, const wolfssl_word* b, word32 n) const wolfssl_word** a, const wolfssl_word** b, word32 n)
{ {
word32 i; word32 i;
for (i = 0; i < n; i++) r[i] = a[i] ^ b[i]; for (i = 0; i < n; i++)
*((*r)++) = *((*a)++) ^ *((*b)++);
} }
/* This routine performs a bitwise XOR operation of <*buf> and <*mask> of n /* This routine performs a bitwise XOR operation of <*buf> and <*mask> of n
@@ -270,28 +271,45 @@ counts, placing the result in <*buf>. */
WC_MISC_STATIC WC_INLINE void xorbufout(void* out, const void* buf, WC_MISC_STATIC WC_INLINE void xorbufout(void* out, const void* buf,
const void* mask, word32 count) const void* mask, word32 count)
{ {
if (((wc_ptr_t)out | (wc_ptr_t)buf | (wc_ptr_t)mask | count) %
WOLFSSL_WORD_SIZE == 0)
XorWordsOut( (wolfssl_word*)out, (wolfssl_word*)buf,
(const wolfssl_word*)mask, count / WOLFSSL_WORD_SIZE);
else {
word32 i; word32 i;
byte* o = (byte*)out; byte* o;
byte* b = (byte*)buf; byte* b;
const byte* m = (const byte*)mask; const byte* m;
for (i = 0; i < count; i++) o[i] = b[i] ^ m[i]; o = (byte*)out;
b = (byte*)buf;
m = (const byte*)mask;
if (((wc_ptr_t)o) % WOLFSSL_WORD_SIZE ==
((wc_ptr_t)b) % WOLFSSL_WORD_SIZE &&
((wc_ptr_t)b) % WOLFSSL_WORD_SIZE ==
((wc_ptr_t)m) % WOLFSSL_WORD_SIZE) {
/* Alignment checks out. Possible to XOR words. */
/* Move alignment so that it lines up with a
* WOLFSSL_WORD_SIZE boundary */
while (((wc_ptr_t)b) % WOLFSSL_WORD_SIZE != 0 && count > 0) {
*(o++) = *(b++) ^ *(m++);
count--;
} }
XorWordsOut( (wolfssl_word**)&o, (const wolfssl_word**)&b,
(const wolfssl_word**)&m, count / WOLFSSL_WORD_SIZE);
count %= WOLFSSL_WORD_SIZE;
}
for (i = 0; i < count; i++)
o[i] = b[i] ^ m[i];
} }
/* This routine performs a bitwise XOR operation of <*r> and <*a> for <n> number /* This routine performs a bitwise XOR operation of <*r> and <*a> for <n> number
of wolfssl_words, placing the result in <*r>. */ of wolfssl_words, placing the result in <*r>. */
WC_MISC_STATIC WC_INLINE void XorWords(wolfssl_word* r, const wolfssl_word* a, WC_MISC_STATIC WC_INLINE void XorWords(wolfssl_word** r, const wolfssl_word** a,
word32 n) word32 n)
{ {
word32 i; word32 i;
for (i = 0; i < n; i++) r[i] ^= a[i]; for (i = 0; i < n; i++)
*((*r)++) ^= *((*a)++);
} }
/* This routine performs a bitwise XOR operation of <*buf> and <*mask> of n /* This routine performs a bitwise XOR operation of <*buf> and <*mask> of n
@@ -299,16 +317,29 @@ counts, placing the result in <*buf>. */
WC_MISC_STATIC WC_INLINE void xorbuf(void* buf, const void* mask, word32 count) WC_MISC_STATIC WC_INLINE void xorbuf(void* buf, const void* mask, word32 count)
{ {
if (((wc_ptr_t)buf | (wc_ptr_t)mask | count) % WOLFSSL_WORD_SIZE == 0)
XorWords( (wolfssl_word*)buf,
(const wolfssl_word*)mask, count / WOLFSSL_WORD_SIZE);
else {
word32 i; word32 i;
byte* b = (byte*)buf; byte* b;
const byte* m = (const byte*)mask; const byte* m;
for (i = 0; i < count; i++) b[i] ^= m[i]; b = (byte*)buf;
m = (const byte*)mask;
if (((wc_ptr_t)b) % WOLFSSL_WORD_SIZE ==
((wc_ptr_t)m) % WOLFSSL_WORD_SIZE) {
/* Alignment checks out. Possible to XOR words. */
/* Move alignment so that it lines up with a
* WOLFSSL_WORD_SIZE boundary */
while (((wc_ptr_t)buf) % WOLFSSL_WORD_SIZE != 0 && count > 0) {
*(b++) ^= *(m++);
count--;
} }
XorWords( (wolfssl_word**)&b,
(const wolfssl_word**)&m, count / WOLFSSL_WORD_SIZE);
count %= WOLFSSL_WORD_SIZE;
}
for (i = 0; i < count; i++)
b[i] ^= m[i];
} }
#endif #endif
@@ -585,7 +616,7 @@ WC_MISC_STATIC WC_INLINE void ctMaskCopy(byte mask, byte* dst, byte* src,
{ {
int i; int i;
for (i = 0; i < size; ++i) { for (i = 0; i < size; ++i) {
*(dst + i) ^= (*(dst + i) ^ *(src + i)) & mask; dst[i] ^= (dst[i] ^ src[i]) & mask;
} }
} }

2
wolfcrypt/src/pkcs12.c
View File

@@ -1157,6 +1157,8 @@ static byte* PKCS12_ConcatonateContent(WC_PKCS12* pkcs12,byte* mergedData,
byte* oldContent; byte* oldContent;
word32 oldContentSz; word32 oldContentSz;
(void)pkcs12;
if (mergedData == NULL || in == NULL) if (mergedData == NULL || in == NULL)
return NULL; return NULL;

41
wolfcrypt/src/rsa.c
View File

@@ -1143,7 +1143,6 @@ static int RsaPad_OAEP(const byte* input, word32 inputLen, byte* pkcsBlock,
int ret; int ret;
word32 hLen; word32 hLen;
int psLen; int psLen;
int i;
word32 idx; word32 idx;
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
@@ -1235,10 +1234,8 @@ static int RsaPad_OAEP(const byte* input, word32 inputLen, byte* pkcsBlock,
} }
XMEMCPY(pkcsBlock + (pkcsBlockLen - inputLen), input, inputLen); XMEMCPY(pkcsBlock + (pkcsBlockLen - inputLen), input, inputLen);
pkcsBlock[idx--] = 0x01; /* PS and M separator */ pkcsBlock[idx--] = 0x01; /* PS and M separator */
while (psLen > 0 && idx > 0) { XMEMSET(pkcsBlock + idx - psLen + 1, 0, psLen);
pkcsBlock[idx--] = 0x00; idx -= psLen;
psLen--;
}
idx = idx - hLen + 1; idx = idx - hLen + 1;
XMEMCPY(pkcsBlock + idx, lHash, hLen); XMEMCPY(pkcsBlock + idx, lHash, hLen);
@@ -1277,19 +1274,14 @@ static int RsaPad_OAEP(const byte* input, word32 inputLen, byte* pkcsBlock,
return ret; return ret;
} }
i = 0; xorbuf(pkcsBlock + hLen + 1, dbMask,pkcsBlockLen - hLen - 1);
idx = hLen + 1;
while (idx < pkcsBlockLen && (word32)i < (pkcsBlockLen - hLen -1)) {
pkcsBlock[idx] = dbMask[i++] ^ pkcsBlock[idx];
idx++;
}
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
XFREE(dbMask, heap, DYNAMIC_TYPE_RSA); XFREE(dbMask, heap, DYNAMIC_TYPE_RSA);
#endif #endif
/* create maskedSeed from seedMask */ /* create maskedSeed from seedMask */
idx = 0; pkcsBlock[0] = 0x00;
pkcsBlock[idx++] = 0x00;
/* create seedMask inline */ /* create seedMask inline */
if ((ret = RsaMGF(mgf, pkcsBlock + hLen + 1, pkcsBlockLen - hLen - 1, if ((ret = RsaMGF(mgf, pkcsBlock + hLen + 1, pkcsBlockLen - hLen - 1,
pkcsBlock + 1, hLen, heap)) != 0) { pkcsBlock + 1, hLen, heap)) != 0) {
@@ -1301,11 +1293,7 @@ static int RsaPad_OAEP(const byte* input, word32 inputLen, byte* pkcsBlock,
} }
/* xor created seedMask with seed to make maskedSeed */ /* xor created seedMask with seed to make maskedSeed */
i = 0; xorbuf(pkcsBlock + 1, seed, hLen);
while (idx < (hLen + 1) && i < (int)hLen) {
pkcsBlock[idx] = pkcsBlock[idx] ^ seed[i++];
idx++;
}
#ifdef WOLFSSL_CHECK_MEM_ZERO #ifdef WOLFSSL_CHECK_MEM_ZERO
/* Seed must be zeroized now that it has been used. */ /* Seed must be zeroized now that it has been used. */
wc_MemZero_Add("Pad OAEP seed", seed, hLen); wc_MemZero_Add("Pad OAEP seed", seed, hLen);
@@ -1349,7 +1337,7 @@ static int RsaPad_PSS(const byte* input, word32 inputLen, byte* pkcsBlock,
int saltLen, int bits, void* heap) int saltLen, int bits, void* heap)
{ {
int ret = 0; int ret = 0;
int hLen, i, o, maskLen, hiBits; int hLen, o, maskLen, hiBits;
byte* m; byte* m;
byte* s; byte* s;
#if defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_STATIC_MEMORY) #if defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_STATIC_MEMORY)
@@ -1485,9 +1473,7 @@ static int RsaPad_PSS(const byte* input, word32 inputLen, byte* pkcsBlock,
m = pkcsBlock + maskLen - saltLen - 1; m = pkcsBlock + maskLen - saltLen - 1;
*(m++) ^= 0x01; *(m++) ^= 0x01;
for (i = 0; i < saltLen; i++) { xorbuf(m, salt + o, saltLen);
m[i] ^= salt[o + i];
}
} }
#if !defined(WOLFSSL_NO_MALLOC) || defined(WOLFSSL_STATIC_MEMORY) #if !defined(WOLFSSL_NO_MALLOC) || defined(WOLFSSL_STATIC_MEMORY)
@@ -1681,9 +1667,7 @@ static int RsaUnPad_OAEP(byte *pkcsBlock, unsigned int pkcsBlockLen,
} }
/* xor seedMask value with maskedSeed to get seed value */ /* xor seedMask value with maskedSeed to get seed value */
for (idx = 0; idx < (word32)hLen; idx++) { xorbuf(tmp, pkcsBlock + 1, hLen);
tmp[idx] = tmp[idx] ^ pkcsBlock[1 + idx];
}
/* get dbMask value */ /* get dbMask value */
if ((ret = RsaMGF(mgf, tmp, hLen, tmp + hLen, if ((ret = RsaMGF(mgf, tmp, hLen, tmp + hLen,
@@ -1698,9 +1682,7 @@ static int RsaUnPad_OAEP(byte *pkcsBlock, unsigned int pkcsBlockLen,
} }
/* get DB value by doing maskedDB xor dbMask */ /* get DB value by doing maskedDB xor dbMask */
for (idx = 0; idx < (pkcsBlockLen - hLen - 1); idx++) { xorbuf(pkcsBlock + hLen + 1, tmp + hLen, pkcsBlockLen - hLen - 1);
pkcsBlock[hLen + 1 + idx] = pkcsBlock[hLen + 1 + idx] ^ tmp[idx + hLen];
}
ForceZero(tmp, pkcsBlockLen); ForceZero(tmp, pkcsBlockLen);
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
@@ -1873,8 +1855,7 @@ static int RsaUnPad_PSS(byte *pkcsBlock, unsigned int pkcsBlockLen,
return PSS_SALTLEN_E; return PSS_SALTLEN_E;
} }
} }
for (i++; i < maskLen; i++) xorbuf(pkcsBlock + i, tmp + i, maskLen - i);
pkcsBlock[i] ^= tmp[i];
#if !defined(WOLFSSL_NO_MALLOC) || defined(WOLFSSL_STATIC_MEMORY) #if !defined(WOLFSSL_NO_MALLOC) || defined(WOLFSSL_STATIC_MEMORY)
XFREE(tmp, heap, DYNAMIC_TYPE_RSA_BUFFER); XFREE(tmp, heap, DYNAMIC_TYPE_RSA_BUFFER);

4
wolfcrypt/src/sakke.c
View File

@@ -6136,9 +6136,7 @@ static void sakke_xor_in_v(const byte* v, word32 hashSz, byte* out, int idx,
i = 0; i = 0;
} }
o = i; o = i;
for (; i < hashSz; i++) { xorbuf(out + idx + i - o, v + i, hashSz - i);
out[idx + i - o] ^= v[i];
}
} }
/* /*

6
wolfssl/wolfcrypt/misc.h
View File

@@ -59,12 +59,12 @@ WOLFSSL_LOCAL
void ByteReverseWords(word32* out, const word32* in, word32 byteCount); void ByteReverseWords(word32* out, const word32* in, word32 byteCount);
WOLFSSL_LOCAL WOLFSSL_LOCAL
void XorWordsOut(wolfssl_word* r, const wolfssl_word* a, const wolfssl_word* b, void XorWordsOut(wolfssl_word** r, const wolfssl_word** a,
word32 n); const wolfssl_word** b, word32 n);
WOLFSSL_LOCAL WOLFSSL_LOCAL
void xorbufout(void* out, const void* buf, const void* mask, word32 count); void xorbufout(void* out, const void* buf, const void* mask, word32 count);
WOLFSSL_LOCAL WOLFSSL_LOCAL
void XorWords(wolfssl_word* r, const wolfssl_word* a, word32 n); void XorWords(wolfssl_word** r, const wolfssl_word** a, word32 n);
WOLFSSL_LOCAL WOLFSSL_LOCAL
void xorbuf(void* buf, const void* mask, word32 count); void xorbuf(void* buf, const void* mask, word32 count);