diff --git a/crypto/fipsmodule/modes/cbc.c b/crypto/fipsmodule/modes/cbc.c index 64ea5056..3f1d7776 100644 --- a/crypto/fipsmodule/modes/cbc.c +++ b/crypto/fipsmodule/modes/cbc.c @@ -49,6 +49,8 @@ #include #include +#include + #include "internal.h" @@ -61,30 +63,15 @@ void CRYPTO_cbc128_encrypt(const uint8_t *in, uint8_t *out, size_t len, assert(key != NULL && ivec != NULL); assert(len == 0 || (in != NULL && out != NULL)); - if (STRICT_ALIGNMENT && - ((uintptr_t)in | (uintptr_t)out | (uintptr_t)ivec) % sizeof(size_t) != - 0) { - while (len >= 16) { - for (n = 0; n < 16; ++n) { - out[n] = in[n] ^ iv[n]; - } - (*block)(out, out, key); - iv = out; - len -= 16; - in += 16; - out += 16; - } - } else { - while (len >= 16) { - for (n = 0; n < 16; n += sizeof(size_t)) { - store_word_le(out + n, load_word_le(in + n) ^ load_word_le(iv + n)); - } - (*block)(out, out, key); - iv = out; - len -= 16; - in += 16; - out += 16; + while (len >= 16) { + for (n = 0; n < 16; n += sizeof(size_t)) { + store_word_le(out + n, load_word_le(in + n) ^ load_word_le(iv + n)); } + (*block)(out, out, key); + iv = out; + len -= 16; + in += 16; + out += 16; } while (len) { @@ -127,66 +114,35 @@ void CRYPTO_cbc128_decrypt(const uint8_t *in, uint8_t *out, size_t len, if ((inptr >= 32 && outptr <= inptr - 32) || inptr < outptr) { // If |out| is at least two blocks behind |in| or completely disjoint, there // is no need to decrypt to a temporary block. + OPENSSL_STATIC_ASSERT(16 % sizeof(size_t) == 0, + "block cannot be evenly divided into words"); const uint8_t *iv = ivec; - - if (STRICT_ALIGNMENT && - ((uintptr_t)in | (uintptr_t)out | (uintptr_t)ivec) % sizeof(size_t) != - 0) { - while (len >= 16) { - (*block)(in, out, key); - for (n = 0; n < 16; ++n) { - out[n] ^= iv[n]; - } - iv = in; - len -= 16; - in += 16; - out += 16; - } - } else if (16 % sizeof(size_t) == 0) { // always true - while (len >= 16) { - (*block)(in, out, key); - for (n = 0; n < 16; n += sizeof(size_t)) { - store_word_le(out + n, load_word_le(out + n) ^ load_word_le(iv + n)); - } - iv = in; - len -= 16; - in += 16; - out += 16; + while (len >= 16) { + (*block)(in, out, key); + for (n = 0; n < 16; n += sizeof(size_t)) { + store_word_le(out + n, load_word_le(out + n) ^ load_word_le(iv + n)); } + iv = in; + len -= 16; + in += 16; + out += 16; } OPENSSL_memcpy(ivec, iv, 16); } else { - // |out| is less than two blocks behind |in|. Decrypting an input block - // directly to |out| would overwrite a ciphertext block before it is used as - // the next block's IV. Decrypt to a temporary block instead. - if (STRICT_ALIGNMENT && - ((uintptr_t)in | (uintptr_t)out | (uintptr_t)ivec) % sizeof(size_t) != - 0) { - uint8_t c; - while (len >= 16) { - (*block)(in, tmp.c, key); - for (n = 0; n < 16; ++n) { - c = in[n]; - out[n] = tmp.c[n] ^ ivec[n]; - ivec[n] = c; - } - len -= 16; - in += 16; - out += 16; - } - } else if (16 % sizeof(size_t) == 0) { // always true - while (len >= 16) { - (*block)(in, tmp.c, key); - for (n = 0; n < 16; n += sizeof(size_t)) { - size_t c = load_word_le(in + n); - store_word_le(out + n, - tmp.t[n / sizeof(size_t)] ^ load_word_le(ivec + n)); - store_word_le(ivec + n, c); - } - len -= 16; - in += 16; - out += 16; + OPENSSL_STATIC_ASSERT(16 % sizeof(size_t) == 0, + "block cannot be evenly divided into words"); + + while (len >= 16) { + (*block)(in, tmp.c, key); + for (n = 0; n < 16; n += sizeof(size_t)) { + size_t c = load_word_le(in + n); + store_word_le(out + n, + tmp.t[n / sizeof(size_t)] ^ load_word_le(ivec + n)); + store_word_le(ivec + n, c); } + len -= 16; + in += 16; + out += 16; } } diff --git a/crypto/fipsmodule/modes/cfb.c b/crypto/fipsmodule/modes/cfb.c index 0a81f3b2..8ca90041 100644 --- a/crypto/fipsmodule/modes/cfb.c +++ b/crypto/fipsmodule/modes/cfb.c @@ -60,8 +60,6 @@ OPENSSL_STATIC_ASSERT(16 % sizeof(size_t) == 0, void CRYPTO_cfb128_encrypt(const uint8_t *in, uint8_t *out, size_t len, const AES_KEY *key, uint8_t ivec[16], unsigned *num, int enc, block128_f block) { - size_t l = 0; - assert(in && out && key && ivec && num); unsigned n = *num; @@ -72,21 +70,6 @@ void CRYPTO_cfb128_encrypt(const uint8_t *in, uint8_t *out, size_t len, --len; n = (n + 1) % 16; } -#if STRICT_ALIGNMENT - if (((uintptr_t)in | (uintptr_t)out | (uintptr_t)ivec) % sizeof(size_t) != - 0) { - while (l < len) { - if (n == 0) { - (*block)(ivec, ivec, key); - } - out[l] = ivec[n] ^= in[l]; - ++l; - n = (n + 1) % 16; - } - *num = n; - return; - } -#endif while (len >= 16) { (*block)(ivec, ivec, key); for (; n < 16; n += sizeof(size_t)) { @@ -116,22 +99,6 @@ void CRYPTO_cfb128_encrypt(const uint8_t *in, uint8_t *out, size_t len, --len; n = (n + 1) % 16; } - if (STRICT_ALIGNMENT && - ((uintptr_t)in | (uintptr_t)out | (uintptr_t)ivec) % sizeof(size_t) != - 0) { - while (l < len) { - uint8_t c; - if (n == 0) { - (*block)(ivec, ivec, key); - } - out[l] = ivec[n] ^ (c = in[l]); - ivec[n] = c; - ++l; - n = (n + 1) % 16; - } - *num = n; - return; - } while (len >= 16) { (*block)(ivec, ivec, key); for (; n < 16; n += sizeof(size_t)) { diff --git a/crypto/fipsmodule/modes/ctr.c b/crypto/fipsmodule/modes/ctr.c index b806b9a3..8b0e0594 100644 --- a/crypto/fipsmodule/modes/ctr.c +++ b/crypto/fipsmodule/modes/ctr.c @@ -99,26 +99,6 @@ void CRYPTO_ctr128_encrypt(const uint8_t *in, uint8_t *out, size_t len, --len; n = (n + 1) % 16; } - -#if STRICT_ALIGNMENT - if (((uintptr_t)in | (uintptr_t)out | - (uintptr_t)ecount_buf) % sizeof(size_t) != 0) { - size_t l = 0; - while (l < len) { - if (n == 0) { - (*block)(ivec, ecount_buf, key); - ctr128_inc(ivec); - } - out[l] = in[l] ^ ecount_buf[n]; - ++l; - n = (n + 1) % 16; - } - - *num = n; - return; - } -#endif - while (len >= 16) { (*block)(ivec, ecount_buf, key); ctr128_inc(ivec); diff --git a/crypto/fipsmodule/modes/gcm.c b/crypto/fipsmodule/modes/gcm.c index 97fde3e4..f92f6750 100644 --- a/crypto/fipsmodule/modes/gcm.c +++ b/crypto/fipsmodule/modes/gcm.c @@ -514,24 +514,6 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, const AES_KEY *key, } uint32_t ctr = CRYPTO_bswap4(ctx->Yi.d[3]); - if (STRICT_ALIGNMENT && - ((uintptr_t)in | (uintptr_t)out) % sizeof(size_t) != 0) { - for (size_t i = 0; i < len; ++i) { - if (n == 0) { - (*block)(ctx->Yi.c, ctx->EKi.c, key); - ++ctr; - ctx->Yi.d[3] = CRYPTO_bswap4(ctr); - } - ctx->Xi.c[n] ^= out[i] = in[i] ^ ctx->EKi.c[n]; - n = (n + 1) % 16; - if (n == 0) { - GCM_MUL(ctx, Xi); - } - } - - ctx->mres = n; - return 1; - } while (len >= GHASH_CHUNK) { size_t j = GHASH_CHUNK; @@ -622,27 +604,6 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, const AES_KEY *key, } uint32_t ctr = CRYPTO_bswap4(ctx->Yi.d[3]); - if (STRICT_ALIGNMENT && - ((uintptr_t)in | (uintptr_t)out) % sizeof(size_t) != 0) { - for (size_t i = 0; i < len; ++i) { - uint8_t c; - if (n == 0) { - (*block)(ctx->Yi.c, ctx->EKi.c, key); - ++ctr; - ctx->Yi.d[3] = CRYPTO_bswap4(ctr); - } - c = in[i]; - out[i] = c ^ ctx->EKi.c[n]; - ctx->Xi.c[n] ^= c; - n = (n + 1) % 16; - if (n == 0) { - GCM_MUL(ctx, Xi); - } - } - - ctx->mres = n; - return 1; - } while (len >= GHASH_CHUNK) { size_t j = GHASH_CHUNK; diff --git a/crypto/fipsmodule/modes/internal.h b/crypto/fipsmodule/modes/internal.h index 18ec60ca..ed1160b8 100644 --- a/crypto/fipsmodule/modes/internal.h +++ b/crypto/fipsmodule/modes/internal.h @@ -64,12 +64,6 @@ extern "C" { #endif -#define STRICT_ALIGNMENT 1 -#if defined(OPENSSL_X86_64) || defined(OPENSSL_X86) || defined(OPENSSL_AARCH64) -#undef STRICT_ALIGNMENT -#define STRICT_ALIGNMENT 0 -#endif - static inline uint32_t GETU32(const void *in) { uint32_t v; OPENSSL_memcpy(&v, in, sizeof(v));