[git commit] tls: AES-GCM: in GMULT, avoid memcpy, use one less variable in bit loop

Denys Vlasenko vda.linux at googlemail.com
Sat Dec 8 20:24:38 UTC 2018


commit: https://git.busybox.net/busybox/commit/?id=32ec5f170589537ebec40ba334324ecf208009e7
branch: https://git.busybox.net/busybox/commit/?id=refs/heads/master

function                                             old     new   delta
GMULT                                                168     159      -9

Signed-off-by: Denys Vlasenko <vda.linux at googlemail.com>
---
 networking/tls_aesgcm.c | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/networking/tls_aesgcm.c b/networking/tls_aesgcm.c
index 008dc9b5d..a4663cd79 100644
--- a/networking/tls_aesgcm.c
+++ b/networking/tls_aesgcm.c
@@ -97,25 +97,25 @@ static void RIGHTSHIFTX(byte* x)
 #undef l
 }
 
+// Caller guarantees X is aligned
 static void GMULT(byte* X, byte* Y)
 {
     byte Z[AES_BLOCK_SIZE] ALIGNED_long;
-    byte V[AES_BLOCK_SIZE] ALIGNED_long;
-    int i, j;
+    //byte V[AES_BLOCK_SIZE] ALIGNED_long;
+    int i;
 
     XMEMSET(Z, 0, AES_BLOCK_SIZE);
-    XMEMCPY(V, X, AES_BLOCK_SIZE);
-    for (i = 0; i < AES_BLOCK_SIZE; i++)
-    {
-        byte y = Y[i];
-        for (j = 0; j < 8; j++)
-        {
+    //XMEMCPY(V, X, AES_BLOCK_SIZE);
+    for (i = 0; i < AES_BLOCK_SIZE; i++) {
+        uint32_t y = 0x800000 | Y[i];
+        for (;;) { // for every bit in Y[i], from msb to lsb
             if (y & 0x80) {
-                xorbuf_aligned_AES_BLOCK_SIZE(Z, V);
+                xorbuf_aligned_AES_BLOCK_SIZE(Z, X); // was V, not X
             }
-
-            RIGHTSHIFTX(V);
+            RIGHTSHIFTX(X); // was V, not X
             y = y << 1;
+            if ((int32_t)y < 0) // if bit 0x80000000 set = if 8 iterations done
+                break;
         }
     }
     XMEMCPY(X, Z, AES_BLOCK_SIZE);


More information about the busybox-cvs mailing list