[PATCH 1/4] cipher: add explicit blocksize checks to allow better optimization

Jussi Kivilinna jussi.kivilinna at iki.fi
Sat Jan 28 14:13:09 CET 2017 

* cipher/cipher-cbc.c (_gcry_cipher_cbc_encrypt)
(_gcry_cipher_cbc_decrypt): Add explicit check for cipher blocksize of
64-bit or 128-bit.
* cipher/cipher-cfb.c (_gcry_cipher_cfb_encrypt)
(_gcry_cipher_cfb_decrypt): Ditto.
* cipher/cipher-cmac.c (cmac_write, cmac_generate_subkeys)
(cmac_final): Ditto.
* cipher/cipher-ctr.c (_gcry_cipher_ctr_encrypt): Ditto.
* cipher/cipher-ofb.c (_gcry_cipher_ofb_encrypt): Ditto.
--

Signed-off-by: Jussi Kivilinna <jussi.kivilinna at iki.fi>
---
 0 files changed

diff --git a/cipher/cipher-cbc.c b/cipher/cipher-cbc.c
index 67814b7..95c49b2 100644
--- a/cipher/cipher-cbc.c
+++ b/cipher/cipher-cbc.c
@@ -44,6 +44,11 @@ _gcry_cipher_cbc_encrypt (gcry_cipher_hd_t c,
   size_t nblocks = inbuflen / blocksize;
   unsigned int burn, nburn;
 
+  /* Tell compiler that we require a cipher with a 64bit or 128 bit block
+   * length, to allow better optimization of this function.  */
+  if (blocksize > 16 || blocksize < 8 || blocksize & (8 - 1))
+    return GPG_ERR_INV_LENGTH;
+
   if (outbuflen < ((c->flags & GCRY_CIPHER_CBC_MAC)? blocksize : inbuflen))
     return GPG_ERR_BUFFER_TOO_SHORT;
 
@@ -133,6 +138,11 @@ _gcry_cipher_cbc_decrypt (gcry_cipher_hd_t c,
   size_t nblocks = inbuflen / blocksize;
   unsigned int burn, nburn;
 
+  /* Tell compiler that we require a cipher with a 64bit or 128 bit block
+   * length, to allow better optimization of this function.  */
+  if (blocksize > 16 || blocksize < 8 || blocksize & (8 - 1))
+    return GPG_ERR_INV_LENGTH;
+
   if (outbuflen < inbuflen)
     return GPG_ERR_BUFFER_TOO_SHORT;
 
diff --git a/cipher/cipher-cfb.c b/cipher/cipher-cfb.c
index f289ed3..21c81ca 100644
--- a/cipher/cipher-cfb.c
+++ b/cipher/cipher-cfb.c
@@ -41,6 +41,11 @@ _gcry_cipher_cfb_encrypt (gcry_cipher_hd_t c,
   size_t blocksize_x_2 = blocksize + blocksize;
   unsigned int burn, nburn;
 
+  /* Tell compiler that we require a cipher with a 64bit or 128 bit block
+   * length, to allow better optimization of this function.  */
+  if (blocksize > 16 || blocksize < 8 || blocksize & (8 - 1))
+    return GPG_ERR_INV_LENGTH;
+
   if (outbuflen < inbuflen)
     return GPG_ERR_BUFFER_TOO_SHORT;
 
@@ -138,6 +143,11 @@ _gcry_cipher_cfb_decrypt (gcry_cipher_hd_t c,
   size_t blocksize_x_2 = blocksize + blocksize;
   unsigned int burn, nburn;
 
+  /* Tell compiler that we require a cipher with a 64bit or 128 bit block
+   * length, to allow better optimization of this function.  */
+  if (blocksize > 16 || blocksize < 8 || blocksize & (8 - 1))
+    return GPG_ERR_INV_LENGTH;
+
   if (outbuflen < inbuflen)
     return GPG_ERR_BUFFER_TOO_SHORT;
 
diff --git a/cipher/cipher-cmac.c b/cipher/cipher-cmac.c
index eca1c1a..da3ef75 100644
--- a/cipher/cipher-cmac.c
+++ b/cipher/cipher-cmac.c
@@ -42,6 +42,11 @@ cmac_write (gcry_cipher_hd_t c, const byte * inbuf, size_t inlen)
   unsigned int burn = 0;
   unsigned int nblocks;
 
+  /* Tell compiler that we require a cipher with a 64bit or 128 bit block
+   * length, to allow better optimization of this function.  */
+  if (blocksize > 16 || blocksize < 8 || blocksize & (8 - 1))
+    return;
+
   if (!inlen || !inbuf)
     return;
 
@@ -109,6 +114,11 @@ cmac_generate_subkeys (gcry_cipher_hd_t c)
     byte buf[MAX_BLOCKSIZE];
   } u;
 
+  /* Tell compiler that we require a cipher with a 64bit or 128 bit block
+   * length, to allow better optimization of this function.  */
+  if (blocksize > 16 || blocksize < 8 || blocksize & (8 - 1))
+    return;
+
   if (MAX_BLOCKSIZE < blocksize)
     BUG ();
 
@@ -149,6 +159,11 @@ cmac_final (gcry_cipher_hd_t c)
   unsigned int burn;
   byte *subkey;
 
+  /* Tell compiler that we require a cipher with a 64bit or 128 bit block
+   * length, to allow better optimization of this function.  */
+  if (blocksize > 16 || blocksize < 8 || blocksize & (8 - 1))
+    return;
+
   if (count == blocksize)
     subkey = c->u_mode.cmac.subkeys[0];        /* K1 */
   else
diff --git a/cipher/cipher-ctr.c b/cipher/cipher-ctr.c
index 4bbfaae..f9cb6b5 100644
--- a/cipher/cipher-ctr.c
+++ b/cipher/cipher-ctr.c
@@ -42,6 +42,11 @@ _gcry_cipher_ctr_encrypt (gcry_cipher_hd_t c,
   size_t nblocks;
   unsigned int burn, nburn;
 
+  /* Tell compiler that we require a cipher with a 64bit or 128 bit block
+   * length, to allow better optimization of this function.  */
+  if (blocksize > 16 || blocksize < 8 || blocksize & (8 - 1))
+    return GPG_ERR_INV_LENGTH;
+
   if (outbuflen < inbuflen)
     return GPG_ERR_BUFFER_TOO_SHORT;
 
diff --git a/cipher/cipher-ofb.c b/cipher/cipher-ofb.c
index 7db7658..f821d1b 100644
--- a/cipher/cipher-ofb.c
+++ b/cipher/cipher-ofb.c
@@ -40,6 +40,11 @@ _gcry_cipher_ofb_encrypt (gcry_cipher_hd_t c,
   size_t blocksize = c->spec->blocksize;
   unsigned int burn, nburn;
 
+  /* Tell compiler that we require a cipher with a 64bit or 128 bit block
+   * length, to allow better optimization of this function.  */
+  if (blocksize > 16 || blocksize < 8 || blocksize & (8 - 1))
+    return GPG_ERR_INV_LENGTH;
+
   if (outbuflen < inbuflen)
     return GPG_ERR_BUFFER_TOO_SHORT;

More information about the Gcrypt-devel mailing list