The first change shrinks aes_xcbc_mac_init by 183 bytes on amd64
(from 562 to 379 bytes).
The second change avoids a comparison with an address that may
point beyond the end of a buffer.
The third change is stylistic.
Alex
--- sys/opencrypto/aesxcbcmac.c.orig 2016-09-25 21:44:25.344941650 +0100
+++ sys/opencrypto/aesxcbcmac.c 2016-09-25 13:21:43.364224984 +0100
@@ -41,9 +41,12 @@
int
aes_xcbc_mac_init(void *vctx, const u_int8_t *key, u_int16_t keylen)
{
- u_int8_t k1seed[AES_BLOCKSIZE] = { 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1 };
- u_int8_t k2seed[AES_BLOCKSIZE] = { 2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2 };
- u_int8_t k3seed[AES_BLOCKSIZE] = { 3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3 };
+ static const u_int8_t k1seed[AES_BLOCKSIZE] =
+ { 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1 };
+ static const u_int8_t k2seed[AES_BLOCKSIZE] =
+ { 2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2 };
+ static const u_int8_t k3seed[AES_BLOCKSIZE] =
+ { 3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3 };
u_int32_t r_ks[(RIJNDAEL_MAXNR+1)*4];
aesxcbc_ctx *ctx;
u_int8_t k1[AES_BLOCKSIZE];
@@ -98,7 +101,7 @@
ctx->buflen = 0;
}
/* due to the special processing for M[n], "=" case is not included */
- while (addr + AES_BLOCKSIZE < ep) {
+ while (ep - addr > AES_BLOCKSIZE) {
memcpy(buf, addr, AES_BLOCKSIZE);
for (i = 0; i < sizeof(buf); i++)
buf[i] ^= ctx->e[i];
@@ -115,7 +118,7 @@
void
aes_xcbc_mac_result(u_int8_t *addr, void *vctx)
{
- u_char digest[AES_BLOCKSIZE];
+ u_int8_t digest[AES_BLOCKSIZE];
aesxcbc_ctx *ctx;
int i;
