Fix early_mac_len computation. We would set it to block_size rather than zero. This doesn't cause problems (the code behaves correctly with either value), but it is a tiny missed optimization. Change-Id: Ic751352750cc7ef74aa25a6cc96da82007199941 Reviewed-on: https://boringssl-review.googlesource.com/24364 Commit-Queue: David Benjamin <davidben@google.com> Commit-Queue: Adam Langley <agl@google.com> Reviewed-by: Adam Langley <agl@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

commit: 80ede1df8ee17f9ec2e43848c038442c280f81a8 [log] [tgz]
author: David Benjamin <davidben@google.com> Thu Dec 21 16:30:28 2017 -0500
committer: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Thu Dec 21 21:41:39 2017 +0000
tree: 68513bb5235bf343a0856ad79fb1d789677d2216
parent: 36fce983b65fefc326b58e941913a971db639922 [diff]
diff --git a/crypto/cipher_extra/e_tls.c b/crypto/cipher_extra/e_tls.c
index 72754c0..bba22be 100644
--- a/crypto/cipher_extra/e_tls.c
+++ b/crypto/cipher_extra/e_tls.c

@@ -191,8 +191,7 @@
   // block from encrypting the input and split the result between |out| and
   // |out_tag|. Then feed the rest.
 
-  const size_t early_mac_len =
-      (block_size - (in_len % block_size) % block_size);
+  const size_t early_mac_len = (block_size - (in_len % block_size)) % block_size;
   if (early_mac_len != 0) {
     assert(len + block_size - early_mac_len == in_len);
     uint8_t buf[EVP_MAX_BLOCK_LENGTH];
commit	80ede1df8ee17f9ec2e43848c038442c280f81a8	[log] [tgz]
author	David Benjamin <davidben@google.com>	Thu Dec 21 16:30:28 2017 -0500
committer	CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>	Thu Dec 21 21:41:39 2017 +0000
tree	68513bb5235bf343a0856ad79fb1d789677d2216
parent	36fce983b65fefc326b58e941913a971db639922 [diff]