New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OCB-AES: improve the calculation of double mask #6667
Conversation
crypto/modes/ocb128.c
Outdated
@@ -74,7 +74,8 @@ static void ocb_double(OCB_BLOCK *in, OCB_BLOCK *out) | |||
*/ | |||
mask = in->c[0] & 0x80; | |||
mask >>= 7; | |||
mask *= 135; | |||
mask *= -1; | |||
mask &= 135; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If one aims for multiplication removal, then I'd rather suggest mask = (0 - mask) & 135
. It would be more readable, for following reason. There are implicit type conversions that take place here, and multiplication by -1 triggers more elaborate mental path to confirm that course of operations is free from undefined behaviour as defined by language standard. I would also suggest to replace 135 with hexadecimal for better readability.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
crypto/modes/ocb128.c
Outdated
@@ -74,7 +74,7 @@ static void ocb_double(OCB_BLOCK *in, OCB_BLOCK *out) | |||
*/ | |||
mask = in->c[0] & 0x80; | |||
mask >>= 7; | |||
mask *= 135; | |||
mask = -mask & 0x87; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Suggested (0 - mask)
was not a coincidence. Microsoft compiler complains about unary minus with unsigned type. It's a warning, but we attempt to minimize warnings.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done again.
CLA: trivial
Editorial note. The modified code is cipher-agnostic, yet subject speaks of AES. If I end up committing this I intend to replace "AES-OCB" in subject with "modes/ocb128.c". |
CLA: trivial Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from #6667)
Merged. Thanks. |
Note that this improves performance.
CLA: trivial
Checklist