Save 14 bytes in CTR-DRBG

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2025-03-09 10:14:11 +00:00 · 2024-01-13 16:43:18 +00:00 · 2024-01-13 16:43:18 +00:00 · 174eeff235
commit 174eeff235
parent 591ff05384
1 changed files with 12 additions and 14 deletions
--- a/library/ctr_drbg.c
+++ b/library/ctr_drbg.c
@ -369,9 +369,7 @@ static int ctr_drbg_update_internal(mbedtls_ctr_drbg_context *ctx,
        p += MBEDTLS_CTR_DRBG_BLOCKSIZE;
    }

-    for (i = 0; i < MBEDTLS_CTR_DRBG_SEEDLEN; i++) {
-        tmp[i] ^= data[i];
-    }
+    mbedtls_xor(tmp, tmp, data, MBEDTLS_CTR_DRBG_SEEDLEN);

    /*
     * Update key and counter
@ -614,10 +612,11 @@ int mbedtls_ctr_drbg_random_with_add(void *p_rng,
 {
    int ret = 0;
    mbedtls_ctr_drbg_context *ctx = (mbedtls_ctr_drbg_context *) p_rng;
-    unsigned char add_input[MBEDTLS_CTR_DRBG_SEEDLEN];
    unsigned char *p = output;
-    unsigned char tmp[MBEDTLS_CTR_DRBG_BLOCKSIZE];
-    int i;
+    struct {
+        unsigned char add_input[MBEDTLS_CTR_DRBG_SEEDLEN];
+        unsigned char tmp[MBEDTLS_CTR_DRBG_BLOCKSIZE];
+    } locals;
    size_t use_len;

    if (output_len > MBEDTLS_CTR_DRBG_MAX_REQUEST) {
@ -628,7 +627,7 @@ int mbedtls_ctr_drbg_random_with_add(void *p_rng,
        return MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG;
    }

-    memset(add_input, 0, MBEDTLS_CTR_DRBG_SEEDLEN);
+    memset(locals.add_input, 0, MBEDTLS_CTR_DRBG_SEEDLEN);

    if (ctx->reseed_counter > ctx->reseed_interval ||
        ctx->prediction_resistance) {
@ -639,10 +638,10 @@ int mbedtls_ctr_drbg_random_with_add(void *p_rng,
    }

    if (add_len > 0) {
-        if ((ret = block_cipher_df(add_input, additional, add_len)) != 0) {
+        if ((ret = block_cipher_df(locals.add_input, additional, add_len)) != 0) {
            goto exit;
        }
-        if ((ret = ctr_drbg_update_internal(ctx, add_input)) != 0) {
+        if ((ret = ctr_drbg_update_internal(ctx, locals.add_input)) != 0) {
            goto exit;
        }
    }
@ -658,7 +657,7 @@ int mbedtls_ctr_drbg_random_with_add(void *p_rng,
         */
 #if defined(MBEDTLS_AES_C)
        if ((ret = mbedtls_aes_crypt_ecb(&ctx->aes_ctx, MBEDTLS_AES_ENCRYPT,
-                                         ctx->counter, tmp)) != 0) {
+                                         ctx->counter, locals.tmp)) != 0) {
            goto exit;
        }
 #else
@ -678,20 +677,19 @@ int mbedtls_ctr_drbg_random_with_add(void *p_rng,
        /*
         * Copy random block to destination
         */
-        memcpy(p, tmp, use_len);
+        memcpy(p, locals.tmp, use_len);
        p += use_len;
        output_len -= use_len;
    }

-    if ((ret = ctr_drbg_update_internal(ctx, add_input)) != 0) {
+    if ((ret = ctr_drbg_update_internal(ctx, locals.add_input)) != 0) {
        goto exit;
    }

    ctx->reseed_counter++;

 exit:
-    mbedtls_platform_zeroize(add_input, sizeof(add_input));
-    mbedtls_platform_zeroize(tmp, sizeof(tmp));
+    mbedtls_platform_zeroize(&locals, sizeof(locals));
    return ret;
 }