diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index 02a6e1d424..8057f30791 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -2151,14 +2151,14 @@ static void XorTable_Multi(const word32* t, word32* t0, byte o0, word32 e1 = 0; word32 e2 = 0; word32 e3 = 0; - byte hi0 = o0 & 0xf0; - byte lo0 = o0 & 0x0f; - byte hi1 = o1 & 0xf0; - byte lo1 = o1 & 0x0f; - byte hi2 = o2 & 0xf0; - byte lo2 = o2 & 0x0f; - byte hi3 = o3 & 0xf0; - byte lo3 = o3 & 0x0f; + byte hi0 = o0 & WC_CACHE_LINE_MASK_HI; + byte lo0 = o0 & WC_CACHE_LINE_MASK_LO; + byte hi1 = o1 & WC_CACHE_LINE_MASK_HI; + byte lo1 = o1 & WC_CACHE_LINE_MASK_LO; + byte hi2 = o2 & WC_CACHE_LINE_MASK_HI; + byte lo2 = o2 & WC_CACHE_LINE_MASK_LO; + byte hi3 = o3 & WC_CACHE_LINE_MASK_HI; + byte lo3 = o3 & WC_CACHE_LINE_MASK_LO; int i; for (i = 0; i < 256; i += (1 << WC_CACHE_LINE_BITS)) { diff --git a/wolfcrypt/src/sp_int.c b/wolfcrypt/src/sp_int.c index b6ce7d1a34..455ddddf4b 100644 --- a/wolfcrypt/src/sp_int.c +++ b/wolfcrypt/src/sp_int.c @@ -5121,6 +5121,14 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo, (size_t) 0, (size_t)-1 }; +/* Constant time access here will not work on CHERI so fallback to basic for now */ +#ifdef __CHERI_PURE_CAPABILITY__ + #define SP_CT_ADDR(t, idx) ((t)[(idx)]) +#else + #define SP_CT_ADDR(t, idx) \ + (sp_int*)(((size_t)(t)[0] & sp_off_on_addr[(idx)^1]) + \ + ((size_t)(t)[1] & sp_off_on_addr[(idx)])) +#endif #endif #endif @@ -13166,13 +13174,9 @@ static int _sp_exptmod_ex(const sp_int* b, const sp_int* e, int bits, } #else /* 4.1. t[s] = t[s] ^ 2 */ - _sp_copy((sp_int*)(((size_t)t[0] & sp_off_on_addr[s^1]) + - ((size_t)t[1] & sp_off_on_addr[s ])), - t[2]); + _sp_copy(SP_CT_ADDR(t, s), t[2]); err = sp_sqrmod(t[2], m, t[2]); - _sp_copy(t[2], - (sp_int*)(((size_t)t[0] & sp_off_on_addr[s^1]) + - ((size_t)t[1] & sp_off_on_addr[s ]))); + _sp_copy(t[2], SP_CT_ADDR(t, s)); if (err == MP_OKAY) { /* 4.2. y = e[i] */ @@ -13183,13 +13187,9 @@ static int _sp_exptmod_ex(const sp_int* b, const sp_int* e, int bits, /* 4.4 s = s | y */ s |= y; /* 4.5. t[j] = t[j] * b */ - _sp_copy((sp_int*)(((size_t)t[0] & sp_off_on_addr[j^1]) + - ((size_t)t[1] & sp_off_on_addr[j ])), - t[2]); + _sp_copy(SP_CT_ADDR(t, j), t[2]); err = _sp_mulmod(t[2], b, m, t[2]); - _sp_copy(t[2], - (sp_int*)(((size_t)t[0] & sp_off_on_addr[j^1]) + - ((size_t)t[1] & sp_off_on_addr[j ]))); + _sp_copy(t[2], SP_CT_ADDR(t, j)); } #endif } @@ -13279,9 +13279,7 @@ static int _sp_exptmod_ex(const sp_int* b, const sp_int* e, int bits, err = sp_mulmod(t[0], t[1], m, t[2]); /* 3.3. t[3] = t[y] ^ 2 */ if (err == MP_OKAY) { - _sp_copy((sp_int*)(((size_t)t[0] & sp_off_on_addr[y^1]) + - ((size_t)t[1] & sp_off_on_addr[y ])), - t[3]); + _sp_copy(SP_CT_ADDR(t, y), t[3]); err = sp_sqrmod(t[3], m, t[3]); } /* 3.4. t[y] = t[3], t[y^1] = t[2] */ @@ -13403,16 +13401,12 @@ static int _sp_exptmod_mont_ex(const sp_int* b, const sp_int* e, int bits, /* 6. For i in (bits-1)...0 */ for (i = bits - 1; (err == MP_OKAY) && (i >= 0); i--) { /* 6.1. t[s] = t[s] ^ 2 */ - _sp_copy((sp_int*)(((size_t)t[0] & sp_off_on_addr[s^1]) + - ((size_t)t[1] & sp_off_on_addr[s ])), - t[3]); + _sp_copy(SP_CT_ADDR(t, s), t[3]); err = sp_sqr(t[3], t[3]); if (err == MP_OKAY) { err = _sp_mont_red(t[3], m, mp, 0); } - _sp_copy(t[3], - (sp_int*)(((size_t)t[0] & sp_off_on_addr[s^1]) + - ((size_t)t[1] & sp_off_on_addr[s ]))); + _sp_copy(t[3], SP_CT_ADDR(t, s)); if (err == MP_OKAY) { /* 6.2. y = e[i] */ @@ -13424,16 +13418,12 @@ static int _sp_exptmod_mont_ex(const sp_int* b, const sp_int* e, int bits, s |= y; /* 6.5. t[j] = t[j] * bm */ - _sp_copy((sp_int*)(((size_t)t[0] & sp_off_on_addr[j^1]) + - ((size_t)t[1] & sp_off_on_addr[j ])), - t[3]); + _sp_copy(SP_CT_ADDR(t, j), t[3]); err = sp_mul(t[3], t[2], t[3]); if (err == MP_OKAY) { err = _sp_mont_red(t[3], m, mp, 0); } - _sp_copy(t[3], - (sp_int*)(((size_t)t[0] & sp_off_on_addr[j^1]) + - ((size_t)t[1] & sp_off_on_addr[j ]))); + _sp_copy(t[3], SP_CT_ADDR(t, j)); } } if (err == MP_OKAY) { @@ -13543,9 +13533,7 @@ static int _sp_exptmod_mont_ex(const sp_int* b, const sp_int* e, int bits, } /* 4.3. t[3] = t[y] ^ 2 */ if (err == MP_OKAY) { - _sp_copy((sp_int*)(((size_t)t[0] & sp_off_on_addr[y^1]) + - ((size_t)t[1] & sp_off_on_addr[y ])), - t[3]); + _sp_copy(SP_CT_ADDR(t, y), t[3]); err = sp_sqr(t[3], t[3]); } if (err == MP_OKAY) { diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 7ef18d6c7f..6504f467d6 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -5761,7 +5761,7 @@ typedef struct BuildMsgArgs { #endif #ifdef WOLFSSL_ASYNC_IO - #define MAX_ASYNC_ARGS 18 + #define MAX_ASYNC_ARGS 24 typedef void (*FreeArgsCb)(struct WOLFSSL* ssl, void* pArgs); struct WOLFSSL_ASYNC { @@ -5769,7 +5769,11 @@ typedef struct BuildMsgArgs { BuildMsgArgs buildArgs; /* holder for current BuildMessage args */ #endif FreeArgsCb freeArgs; /* function pointer to cleanup args */ +#ifdef __CHERI_PURE_CAPABILITY__ + max_align_t args[MAX_ASYNC_ARGS * sizeof(word32) / sizeof(max_align_t)]; /* holder for current args */ +#else word32 args[MAX_ASYNC_ARGS]; /* holder for current args */ +#endif }; #endif