Merge pull request #1122 from samuel40791765/upstream-merge-2023-07-28

Upstream merge 2023 07 28
aws · Aug 4, 2023 · b99e3d6 · b99e3d6
2 parents 9679e12 + b020fa0
commit b99e3d6
Show file tree

Hide file tree

Showing 23 changed files with 528 additions and 332 deletions.
diff --git a/crypto/blake2/blake2.c b/crypto/blake2/blake2.c
@@ -55,10 +55,13 @@ static void blake2b_mix(uint64_t v[16], int a, int b, int c, int d, uint64_t x,
   v[b] = CRYPTO_rotr_u64(v[b] ^ v[c], 63);
 }
 
-static void blake2b_transform(
-    BLAKE2B_CTX *b2b,
-    const uint64_t block_words[BLAKE2B_CBLOCK / sizeof(uint64_t)],
-    size_t num_bytes, int is_final_block) {
+static uint64_t blake2b_load(const uint8_t block[BLAKE2B_CBLOCK], size_t i) {
+  return CRYPTO_load_u64_le(block + 8 * i);
+}
+
+static void blake2b_transform(BLAKE2B_CTX *b2b,
+                              const uint8_t block[BLAKE2B_CBLOCK],
+                              size_t num_bytes, int is_final_block) {
   // https://tools.ietf.org/html/rfc7693#section-3.2
   uint64_t v[16];
   OPENSSL_STATIC_ASSERT(sizeof(v) == sizeof(b2b->h) + sizeof(kIV), _)
@@ -78,14 +81,22 @@ static void blake2b_transform(
 
   for (int round = 0; round < 12; round++) {
     const uint8_t *const s = &kSigma[16 * (round % 10)];
-    blake2b_mix(v, 0, 4, 8, 12, block_words[s[0]], block_words[s[1]]);
-    blake2b_mix(v, 1, 5, 9, 13, block_words[s[2]], block_words[s[3]]);
-    blake2b_mix(v, 2, 6, 10, 14, block_words[s[4]], block_words[s[5]]);
-    blake2b_mix(v, 3, 7, 11, 15, block_words[s[6]], block_words[s[7]]);
-    blake2b_mix(v, 0, 5, 10, 15, block_words[s[8]], block_words[s[9]]);
-    blake2b_mix(v, 1, 6, 11, 12, block_words[s[10]], block_words[s[11]]);
-    blake2b_mix(v, 2, 7, 8, 13, block_words[s[12]], block_words[s[13]]);
-    blake2b_mix(v, 3, 4, 9, 14, block_words[s[14]], block_words[s[15]]);
+    blake2b_mix(v, 0, 4, 8, 12, blake2b_load(block, s[0]),
+                blake2b_load(block, s[1]));
+    blake2b_mix(v, 1, 5, 9, 13, blake2b_load(block, s[2]),
+                blake2b_load(block, s[3]));
+    blake2b_mix(v, 2, 6, 10, 14, blake2b_load(block, s[4]),
+                blake2b_load(block, s[5]));
+    blake2b_mix(v, 3, 7, 11, 15, blake2b_load(block, s[6]),
+                blake2b_load(block, s[7]));
+    blake2b_mix(v, 0, 5, 10, 15, blake2b_load(block, s[8]),
+                blake2b_load(block, s[9]));
+    blake2b_mix(v, 1, 6, 11, 12, blake2b_load(block, s[10]),
+                blake2b_load(block, s[11]));
+    blake2b_mix(v, 2, 7, 8, 13, blake2b_load(block, s[12]),
+                blake2b_load(block, s[13]));
+    blake2b_mix(v, 3, 4, 9, 14, blake2b_load(block, s[14]),
+                blake2b_load(block, s[15]));
   }
 
   for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(b2b->h); i++) {
@@ -111,13 +122,12 @@ void BLAKE2B256_Update(BLAKE2B_CTX *b2b, const void *in_data, size_t len) {
   if (len == 0) {
     return;
   }
-  const uint8_t *data = (const uint8_t *)in_data;
-
-  size_t todo = sizeof(b2b->block.bytes) - b2b->block_used;
+  const uint8_t *data = in_data;
+  size_t todo = sizeof(b2b->block) - b2b->block_used;
   if (todo > len) {
     todo = len;
   }
-  OPENSSL_memcpy(&b2b->block.bytes[b2b->block_used], data, todo);
+  OPENSSL_memcpy(&b2b->block[b2b->block_used], data, todo);
   b2b->block_used += todo;
   data += todo;
   len -= todo;
@@ -128,26 +138,24 @@ void BLAKE2B256_Update(BLAKE2B_CTX *b2b, const void *in_data, size_t len) {
 
   // More input remains therefore we must have filled |b2b->block|.
   assert(b2b->block_used == BLAKE2B_CBLOCK);
-  blake2b_transform(b2b, b2b->block.words, BLAKE2B_CBLOCK,
+  blake2b_transform(b2b, b2b->block, BLAKE2B_CBLOCK,
                     /*is_final_block=*/0);
   b2b->block_used = 0;
 
   while (len > BLAKE2B_CBLOCK) {
-    uint64_t block_words[BLAKE2B_CBLOCK / sizeof(uint64_t)];
-    OPENSSL_memcpy(block_words, data, sizeof(block_words));
-    blake2b_transform(b2b, block_words, BLAKE2B_CBLOCK, /*is_final_block=*/0);
+    blake2b_transform(b2b, data, BLAKE2B_CBLOCK, /*is_final_block=*/0);
     data += BLAKE2B_CBLOCK;
     len -= BLAKE2B_CBLOCK;
   }
 
-  OPENSSL_memcpy(b2b->block.bytes, data, len);
+  OPENSSL_memcpy(b2b->block, data, len);
   b2b->block_used = len;
 }
 
 void BLAKE2B256_Final(uint8_t out[BLAKE2B256_DIGEST_LENGTH], BLAKE2B_CTX *b2b) {
-  OPENSSL_memset(&b2b->block.bytes[b2b->block_used], 0,
-                 sizeof(b2b->block.bytes) - b2b->block_used);
-  blake2b_transform(b2b, b2b->block.words, b2b->block_used,
+  OPENSSL_memset(&b2b->block[b2b->block_used], 0,
+                 sizeof(b2b->block) - b2b->block_used);
+  blake2b_transform(b2b, b2b->block, b2b->block_used,
                     /*is_final_block=*/1);
   OPENSSL_STATIC_ASSERT(BLAKE2B256_DIGEST_LENGTH <= sizeof(b2b->h), _)
   memcpy(out, b2b->h, BLAKE2B256_DIGEST_LENGTH);

diff --git a/crypto/fipsmodule/modes/cbc.c b/crypto/fipsmodule/modes/cbc.c
@@ -68,10 +68,7 @@ void CRYPTO_cbc128_encrypt(const uint8_t *in, uint8_t *out, size_t len,
   size_t n;
   const uint8_t *iv = ivec;
   while (len >= 16) {
-    for (n = 0; n < 16; n += sizeof(crypto_word_t)) {
-      CRYPTO_store_word_le(
-          out + n, CRYPTO_load_word_le(in + n) ^ CRYPTO_load_word_le(iv + n));
-    }
+    CRYPTO_xor16(out, in, iv);
     (*block)(out, out, key);
     iv = out;
     len -= 16;
@@ -120,15 +117,10 @@ void CRYPTO_cbc128_decrypt(const uint8_t *in, uint8_t *out, size_t len,
   if ((inptr >= 32 && outptr <= inptr - 32) || inptr < outptr) {
     // If |out| is at least two blocks behind |in| or completely disjoint, there
     // is no need to decrypt to a temporary block.
-    OPENSSL_STATIC_ASSERT(16 % sizeof(crypto_word_t) == 0,
-                          block_cannot_be_evenly_divided_into_crypto_word_t)
     const uint8_t *iv = ivec;
     while (len >= 16) {
       (*block)(in, out, key);
-      for (n = 0; n < 16; n += sizeof(crypto_word_t)) {
-        CRYPTO_store_word_le(out + n, CRYPTO_load_word_le(out + n) ^
-                                          CRYPTO_load_word_le(iv + n));
-      }
+      CRYPTO_xor16(out, out, iv);
       iv = in;
       len -= 16;
       in += 16;

diff --git a/crypto/fipsmodule/modes/ctr.c b/crypto/fipsmodule/modes/ctr.c
@@ -103,10 +103,7 @@ void CRYPTO_ctr128_encrypt(const uint8_t *in, uint8_t *out, size_t len,
   while (len >= 16) {
     (*block)(ivec, ecount_buf, key);
     ctr128_inc(ivec);
-    for (n = 0; n < 16; n += sizeof(crypto_word_t)) {
-      CRYPTO_store_word_le(out + n, CRYPTO_load_word_le(in + n) ^
-                                        CRYPTO_load_word_le(ecount_buf + n));
-    }
+    CRYPTO_xor16(out, in, ecount_buf);
     len -= 16;
     out += 16;
     in += 16;