Make words in crypto/fipsmodule/modes actually words. It's a little confusing to have load_word_le but actually use size_t instead of crypto_word_t. NOTE: on some platforms, notably NaCl, crypto_word_t is larger than size_t. (Do we still need to support this?) We don't have a good testing story here, so I tested it by hacking up a 32-bit x86 build to think it was OPENSSL_64_BIT. Change-Id: Ia0ce469e86803f22655fe2d9659a6a5db766429f Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/46424 Reviewed-by: Adam Langley <agl@google.com>
diff --git a/crypto/fipsmodule/modes/cbc.c b/crypto/fipsmodule/modes/cbc.c index 750c575..ee3a186 100644 --- a/crypto/fipsmodule/modes/cbc.c +++ b/crypto/fipsmodule/modes/cbc.c
@@ -67,7 +67,7 @@ size_t n; const uint8_t *iv = ivec; while (len >= 16) { - for (n = 0; n < 16; n += sizeof(size_t)) { + for (n = 0; n < 16; n += sizeof(crypto_word_t)) { store_word_le(out + n, load_word_le(in + n) ^ load_word_le(iv + n)); } (*block)(out, out, key); @@ -115,19 +115,19 @@ size_t n; union { - size_t t[16 / sizeof(size_t)]; + crypto_word_t t[16 / sizeof(crypto_word_t)]; uint8_t c[16]; } tmp; if ((inptr >= 32 && outptr <= inptr - 32) || inptr < outptr) { // If |out| is at least two blocks behind |in| or completely disjoint, there // is no need to decrypt to a temporary block. - OPENSSL_STATIC_ASSERT(16 % sizeof(size_t) == 0, + OPENSSL_STATIC_ASSERT(16 % sizeof(crypto_word_t) == 0, "block cannot be evenly divided into words"); const uint8_t *iv = ivec; while (len >= 16) { (*block)(in, out, key); - for (n = 0; n < 16; n += sizeof(size_t)) { + for (n = 0; n < 16; n += sizeof(crypto_word_t)) { store_word_le(out + n, load_word_le(out + n) ^ load_word_le(iv + n)); } iv = in; @@ -137,15 +137,15 @@ } OPENSSL_memcpy(ivec, iv, 16); } else { - OPENSSL_STATIC_ASSERT(16 % sizeof(size_t) == 0, + OPENSSL_STATIC_ASSERT(16 % sizeof(crypto_word_t) == 0, "block cannot be evenly divided into words"); while (len >= 16) { (*block)(in, tmp.c, key); - for (n = 0; n < 16; n += sizeof(size_t)) { - size_t c = load_word_le(in + n); - store_word_le(out + n, - tmp.t[n / sizeof(size_t)] ^ load_word_le(ivec + n)); + for (n = 0; n < 16; n += sizeof(crypto_word_t)) { + crypto_word_t c = load_word_le(in + n); + store_word_le( + out + n, tmp.t[n / sizeof(crypto_word_t)] ^ load_word_le(ivec + n)); store_word_le(ivec + n, c); } len -= 16;
diff --git a/crypto/fipsmodule/modes/cfb.c b/crypto/fipsmodule/modes/cfb.c index 8ca9004..01291c8 100644 --- a/crypto/fipsmodule/modes/cfb.c +++ b/crypto/fipsmodule/modes/cfb.c
@@ -72,8 +72,8 @@ } while (len >= 16) { (*block)(ivec, ivec, key); - for (; n < 16; n += sizeof(size_t)) { - size_t tmp = load_word_le(ivec + n) ^ load_word_le(in + n); + for (; n < 16; n += sizeof(crypto_word_t)) { + crypto_word_t tmp = load_word_le(ivec + n) ^ load_word_le(in + n); store_word_le(ivec + n, tmp); store_word_le(out + n, tmp); } @@ -101,8 +101,8 @@ } while (len >= 16) { (*block)(ivec, ivec, key); - for (; n < 16; n += sizeof(size_t)) { - size_t t = load_word_le(in + n); + for (; n < 16; n += sizeof(crypto_word_t)) { + crypto_word_t t = load_word_le(in + n); store_word_le(out + n, load_word_le(ivec + n) ^ t); store_word_le(ivec + n, t); }
diff --git a/crypto/fipsmodule/modes/ctr.c b/crypto/fipsmodule/modes/ctr.c index 8b0e059..cfb2184 100644 --- a/crypto/fipsmodule/modes/ctr.c +++ b/crypto/fipsmodule/modes/ctr.c
@@ -69,8 +69,8 @@ } while (n); } -OPENSSL_STATIC_ASSERT(16 % sizeof(size_t) == 0, - "block cannot be divided into size_t"); +OPENSSL_STATIC_ASSERT(16 % sizeof(crypto_word_t) == 0, + "block cannot be divided into crypto_word_t"); // The input encrypted as though 128bit counter mode is being used. The extra // state information to record how much of the 128bit block we have used is @@ -102,7 +102,7 @@ while (len >= 16) { (*block)(ivec, ecount_buf, key); ctr128_inc(ivec); - for (n = 0; n < 16; n += sizeof(size_t)) { + for (n = 0; n < 16; n += sizeof(crypto_word_t)) { store_word_le(out + n, load_word_le(in + n) ^ load_word_le(ecount_buf + n)); }
diff --git a/crypto/fipsmodule/modes/gcm.c b/crypto/fipsmodule/modes/gcm.c index 14fff86..077369d 100644 --- a/crypto/fipsmodule/modes/gcm.c +++ b/crypto/fipsmodule/modes/gcm.c
@@ -73,7 +73,7 @@ #if defined(GHASH_ASM_X86_64) || defined(GHASH_ASM_X86) static inline void gcm_reduce_1bit(u128 *V) { - if (sizeof(size_t) == 8) { + if (sizeof(crypto_word_t) == 8) { uint64_t T = UINT64_C(0xe100000000000000) & (0 - (V->hi & 1)); V->hi = (V->lo << 63) | (V->hi >> 1); V->lo = (V->lo >> 1) ^ T; @@ -377,9 +377,9 @@ (*block)(ctx->Yi.c, ctx->EKi.c, key); ++ctr; ctx->Yi.d[3] = CRYPTO_bswap4(ctr); - for (size_t i = 0; i < 16; i += sizeof(size_t)) { - store_word_le(out + i, - load_word_le(in + i) ^ ctx->EKi.t[i / sizeof(size_t)]); + for (size_t i = 0; i < 16; i += sizeof(crypto_word_t)) { + store_word_le(out + i, load_word_le(in + i) ^ + ctx->EKi.t[i / sizeof(crypto_word_t)]); } out += 16; in += 16; @@ -394,9 +394,9 @@ (*block)(ctx->Yi.c, ctx->EKi.c, key); ++ctr; ctx->Yi.d[3] = CRYPTO_bswap4(ctr); - for (size_t i = 0; i < 16; i += sizeof(size_t)) { - store_word_le(out + i, - load_word_le(in + i) ^ ctx->EKi.t[i / sizeof(size_t)]); + for (size_t i = 0; i < 16; i += sizeof(crypto_word_t)) { + store_word_le(out + i, load_word_le(in + i) ^ + ctx->EKi.t[i / sizeof(crypto_word_t)]); } out += 16; in += 16; @@ -468,9 +468,9 @@ (*block)(ctx->Yi.c, ctx->EKi.c, key); ++ctr; ctx->Yi.d[3] = CRYPTO_bswap4(ctr); - for (size_t i = 0; i < 16; i += sizeof(size_t)) { - store_word_le(out + i, - load_word_le(in + i) ^ ctx->EKi.t[i / sizeof(size_t)]); + for (size_t i = 0; i < 16; i += sizeof(crypto_word_t)) { + store_word_le(out + i, load_word_le(in + i) ^ + ctx->EKi.t[i / sizeof(crypto_word_t)]); } out += 16; in += 16; @@ -485,9 +485,9 @@ (*block)(ctx->Yi.c, ctx->EKi.c, key); ++ctr; ctx->Yi.d[3] = CRYPTO_bswap4(ctr); - for (size_t i = 0; i < 16; i += sizeof(size_t)) { - store_word_le(out + i, - load_word_le(in + i) ^ ctx->EKi.t[i / sizeof(size_t)]); + for (size_t i = 0; i < 16; i += sizeof(crypto_word_t)) { + store_word_le(out + i, load_word_le(in + i) ^ + ctx->EKi.t[i / sizeof(crypto_word_t)]); } out += 16; in += 16;
diff --git a/crypto/fipsmodule/modes/internal.h b/crypto/fipsmodule/modes/internal.h index 2693fa6..bf25023 100644 --- a/crypto/fipsmodule/modes/internal.h +++ b/crypto/fipsmodule/modes/internal.h
@@ -75,13 +75,13 @@ OPENSSL_memcpy(out, &v, sizeof(v)); } -static inline size_t load_word_le(const void *in) { - size_t v; +static inline crypto_word_t load_word_le(const void *in) { + crypto_word_t v; OPENSSL_memcpy(&v, in, sizeof(v)); return v; } -static inline void store_word_le(void *out, size_t v) { +static inline void store_word_le(void *out, crypto_word_t v) { OPENSSL_memcpy(out, &v, sizeof(v)); } @@ -171,7 +171,7 @@ uint64_t u[2]; uint32_t d[4]; uint8_t c[16]; - size_t t[16 / sizeof(size_t)]; + crypto_word_t t[16 / sizeof(crypto_word_t)]; } Yi, EKi, EK0, len, Xi; // Note that the order of |Xi| and |gcm_key| is fixed by the MOVBE-based,