From 4a895ebf662403cccb2451f9905dd105ca46fe13 Mon Sep 17 00:00:00 2001
From: Jack Lloyd <jack@randombit.net>
Date: Wed, 6 May 2020 20:28:17 -0400
Subject: Avoid extra resize during AES key schedule

---
 src/lib/block/aes/aes.cpp | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

diff --git a/src/lib/block/aes/aes.cpp b/src/lib/block/aes/aes.cpp
index 21f580641..b1792561f 100644
--- a/src/lib/block/aes/aes.cpp
+++ b/src/lib/block/aes/aes.cpp
@@ -660,8 +660,8 @@ void aes_key_schedule(const uint8_t key[], size_t length,
 
    CT::poison(key, length);
 
-   EK.resize(length + 32);
-   DK.resize(length + 32);
+   EK.resize(length + 28);
+   DK.resize(length + 28);
 
    for(size_t i = 0; i != X; ++i)
       EK[i] = load_be<uint32_t>(key, i);
@@ -670,7 +670,7 @@ void aes_key_schedule(const uint8_t key[], size_t length,
       {
       EK[i] = EK[i-X] ^ RC[(i-X)/X] ^ rotl<8>(SE_word(EK[i-1]));
 
-      for(size_t j = 1; j != X; ++j)
+      for(size_t j = 1; j != X && (i+j) < EK.size(); ++j)
          {
          EK[i+j] = EK[i+j-X];
 
@@ -689,7 +689,7 @@ void aes_key_schedule(const uint8_t key[], size_t length,
       DK[i+3] = EK[4*rounds-i+3];
       }
 
-   for(size_t i = 4; i != length + 24; ++i)
+   for(size_t i = 4; i != DK.size() - 4; ++i)
       {
       const uint8_t s0 = get_byte(0, DK[i]);
       const uint8_t s1 = get_byte(1, DK[i]);
@@ -702,9 +702,6 @@ void aes_key_schedule(const uint8_t key[], size_t length,
          rotr<24>(InvMixColumn(s3));
       }
 
-   EK.resize(length + 24 + 4);
-   DK.resize(length + 24 + 4);
-
    if(bswap_keys)
       {
       // HW AES on little endian needs the subkeys to be byte reversed
-- 
cgit v1.2.3