diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index 80b94efa14..f7d4fbd6e7 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -907,7 +907,7 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits /* Pick the widest available implementation at runtime. Callers must * already be inside a VECTOR_REGISTERS_PUSH / SAVE_VECTOR_REGISTERS * region (all bulk AES-NI call sites are). */ - static WC_INLINE void AesEcbEncryptBlocks(const unsigned char* in, + static WC_MAYBE_UNUSED WC_INLINE void AesEcbEncryptBlocks(const unsigned char* in, unsigned char* out, word32 sz, const unsigned char* key, int nr) { #ifdef HAVE_INTEL_AVX512 @@ -936,7 +936,7 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits } #ifdef HAVE_AES_DECRYPT - static WC_INLINE void AesEcbDecryptBlocks(const unsigned char* in, + static WC_MAYBE_UNUSED WC_INLINE void AesEcbDecryptBlocks(const unsigned char* in, unsigned char* out, word32 sz, const unsigned char* key, int nr) { #ifdef HAVE_INTEL_AVX512 @@ -966,7 +966,7 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits #endif #ifdef HAVE_AES_CBC - static WC_INLINE void AesCbcEncryptBlocks(const unsigned char* in, + static WC_MAYBE_UNUSED WC_INLINE void AesCbcEncryptBlocks(const unsigned char* in, unsigned char* out, unsigned char* iv, word32 sz, const unsigned char* key, int nr) { @@ -997,7 +997,7 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits #endif /* HAVE_AES_CBC */ #ifdef HAVE_AES_DECRYPT - static WC_INLINE void AesCbcDecryptBlocks(const unsigned char* in, + static WC_MAYBE_UNUSED WC_INLINE void AesCbcDecryptBlocks(const unsigned char* in, unsigned char* out, unsigned char* iv, word32 sz, const unsigned char* key, int nr) { @@ -1027,7 +1027,7 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits } #endif /* HAVE_AES_DECRYPT */ - static WC_INLINE void AesCtrEncryptBlocks(const unsigned char* in, + static WC_MAYBE_UNUSED WC_INLINE void AesCtrEncryptBlocks(const unsigned char* in, unsigned char* out, word32 sz, const unsigned char* key, int nr, unsigned char* ctr) { @@ -15511,6 +15511,14 @@ static WARN_UNUSED_RESULT int AesCfbDecrypt_C(Aes* aes, byte* out, #ifdef WC_AES_HAVE_PREFETCH_ARG int did_prefetches = 0; #endif +#ifndef WC_AES_CFB_DEC_BUF_BLOCKS + #define WC_AES_CFB_DEC_BUF_BLOCKS 32 +#elif WC_AES_CFB_DEC_BUF_BLOCKS < 2 + #error Invalid WC_AES_CFB_DEC_BUF_BLOCKS +#endif +#ifdef WOLFSSL_SMALL_STACK + byte *tmp = NULL; +#endif (void)mode; @@ -15534,18 +15542,30 @@ static WARN_UNUSED_RESULT int AesCfbDecrypt_C(Aes* aes, byte* out, sz -= processed; } +#if defined(WOLFSSL_SMALL_STACK) && defined(HAVE_AES_ECB) && \ + !defined(WOLFSSL_PIC32MZ_CRYPT) && \ + (defined(USE_INTEL_SPEEDUP) || defined(WOLFSSL_ARMASM)) + /* Only suffer the heap overhead if sz is enough to warrant it. + * + * Allocate the working buffer before suspending interrupts, so that we can + * allocate with regular GFP_KERNEL. + */ + if (sz >= WC_AES_CFB_DEC_BUF_BLOCKS * WC_AES_BLOCK_SIZE) + tmp = (byte *)XMALLOC(WC_AES_CFB_DEC_BUF_BLOCKS * WC_AES_BLOCK_SIZE, NULL, DYNAMIC_TYPE_AES); +#endif + VECTOR_REGISTERS_PUSH; - #if !defined(WOLFSSL_SMALL_STACK) && defined(HAVE_AES_ECB) && \ + #if defined(HAVE_AES_ECB) && \ !defined(WOLFSSL_PIC32MZ_CRYPT) && \ (defined(USE_INTEL_SPEEDUP) || defined(WOLFSSL_ARMASM)) +#ifdef WOLFSSL_SMALL_STACK + if (tmp != NULL) +#endif { - #ifndef WC_AES_CFB_DEC_BUF_BLOCKS - #define WC_AES_CFB_DEC_BUF_BLOCKS 32 - #elif WC_AES_CFB_DEC_BUF_BLOCKS < 2 - #error Invalid WC_AES_CFB_DEC_BUF_BLOCKS - #endif +#ifndef WOLFSSL_SMALL_STACK ALIGN16 byte tmp[WC_AES_CFB_DEC_BUF_BLOCKS * WC_AES_BLOCK_SIZE]; +#endif while (sz >= 2 * WC_AES_BLOCK_SIZE) { word32 blocks = sz / WC_AES_BLOCK_SIZE; word32 nbytes; @@ -15592,6 +15612,11 @@ static WARN_UNUSED_RESULT int AesCfbDecrypt_C(Aes* aes, byte* out, VECTOR_REGISTERS_POP; +#ifdef WOLFSSL_SMALL_STACK + /* Free tmp after restoring interrupts, so that GFP_KERNEL is usable. */ + XFREE(tmp, NULL, DYNAMIC_TYPE_AES); +#endif + return ret; } #endif /* HAVE_AES_DECRYPT */