generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

s3_cbc.c: get rid of expensive divisions [from master].

Browse Source 
(cherry picked from commit e9baceab5a385e570706ca98dec768b2d89d1ac6)
This commit is contained in:
Andy Polyakov 2013-02-08 16:59:26 +01:00
parent f73546df92
commit 6ba1d561eb
1 changed files with 21 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
ssl/s3_cbc.c
View File

@ -76,6 +76,13 @@
#define DUPLICATE_MSB_TO_ALL(x) ( (unsigned)( (int)(x) >> (sizeof(int)*8-1) ) ) #define DUPLICATE_MSB_TO_ALL(x) ( (unsigned)( (int)(x) >> (sizeof(int)*8-1) ) )
#define DUPLICATE_MSB_TO_ALL_8(x) ((unsigned char)(DUPLICATE_MSB_TO_ALL(x))) #define DUPLICATE_MSB_TO_ALL_8(x) ((unsigned char)(DUPLICATE_MSB_TO_ALL(x)))
/* constant_time_lt returns 0xff if a<b and 0x00 otherwise. */
static unsigned constant_time_lt(unsigned a, unsigned b)
{
a -= b;
return DUPLICATE_MSB_TO_ALL(a);
}
/* constant_time_ge returns 0xff if a>=b and 0x00 otherwise. */ /* constant_time_ge returns 0xff if a>=b and 0x00 otherwise. */
static unsigned constant_time_ge(unsigned a, unsigned b) static unsigned constant_time_ge(unsigned a, unsigned b)
{ {
@ -84,7 +91,7 @@ static unsigned constant_time_ge(unsigned a, unsigned b)
} }
/* constant_time_eq_8 returns 0xff if a==b and 0x00 otherwise. */ /* constant_time_eq_8 returns 0xff if a==b and 0x00 otherwise. */
static unsigned char constant_time_eq_8(unsigned char a, unsigned char b) static unsigned char constant_time_eq_8(unsigned a, unsigned b)
{ {
unsigned c = a ^ b; unsigned c = a ^ b;
c--; c--;
@ -281,16 +288,13 @@ void ssl3_cbc_copy_mac(unsigned char* out,
rotate_offset = (div_spoiler + mac_start - scan_start) % md_size; rotate_offset = (div_spoiler + mac_start - scan_start) % md_size;
memset(rotated_mac, 0, md_size); memset(rotated_mac, 0, md_size);
for (i = scan_start; i < orig_len;) for (i = scan_start, j = 0; i < orig_len; i++)
{ {
for (j = 0; j < md_size && i < orig_len; i++, j++) unsigned char mac_started = constant_time_ge(i, mac_start);
{ unsigned char mac_ended = constant_time_ge(i, mac_end);
unsigned char mac_started = constant_time_ge(i, mac_start); unsigned char b = rec->data[i];
unsigned char mac_ended = constant_time_ge(i, mac_end); rotated_mac[j++] |= b & mac_started & ~mac_ended;
unsigned char b = 0; j &= constant_time_lt(j,md_size);
b = rec->data[i];
rotated_mac[j] |= b & mac_started & ~mac_ended;
}
} }
/* Now rotate the MAC */ /* Now rotate the MAC */
@ -298,16 +302,19 @@ void ssl3_cbc_copy_mac(unsigned char* out,
j = 0; j = 0;
for (i = 0; i < md_size; i++) for (i = 0; i < md_size; i++)
{ {
unsigned char offset = (div_spoiler + rotate_offset + i) % md_size; out[j++] = rotated_mac[rotate_offset++];
out[j++] = rotated_mac[offset]; rotate_offset &= constant_time_lt(rotate_offset,md_size);
} }
#else #else
memset(out, 0, md_size); memset(out, 0, md_size);
rotate_offset = md_size - rotate_offset;
rotate_offset &= constant_time_lt(rotate_offset,md_size);
for (i = 0; i < md_size; i++) for (i = 0; i < md_size; i++)
{ {
unsigned char offset = (div_spoiler + md_size - rotate_offset + i) % md_size;
for (j = 0; j < md_size; j++) for (j = 0; j < md_size; j++)
out[j] |= rotated_mac[i] & constant_time_eq_8(j, offset); out[j] |= rotated_mac[i] & constant_time_eq_8(j, rotate_offset);
rotate_offset++;
rotate_offset &= constant_time_lt(rotate_offset,md_size);
} }
#endif #endif
} }