Fix RSA perf regression Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>

commit: 3b25c40f5296a284de45d402e050a3454de47fd9 [log] [tgz]
author: Dave Rodgman <dave.rodgman@arm.com> Thu May 18 14:41:06 2023 +0100
committer: Dave Rodgman <dave.rodgman@arm.com> Fri May 26 12:42:48 2023 +0100
tree: cc937f9fabe224f8cc75068eed66da34213e6ea7
parent: 3108645d67e7bd0eae2877fa7f5018f520817c1e [diff]
diff --git a/library/bignum_core.c b/library/bignum_core.c
index b41d046..5e19590 100644
--- a/library/bignum_core.c
+++ b/library/bignum_core.c

@@ -211,8 +211,14 @@
         return;
     }
 
-    mbedtls_ct_memcpy_if(assign, (unsigned char *) X, (unsigned char *) A, NULL,
-                         limbs * sizeof(mbedtls_mpi_uint));
+    /* This function is very performance-sensitive for RSA. For this reason
+     * we have the loop below, instead of calling mbedtls_ct_memcpy_if
+     * (this is more optimal since here we don't have to handle the case where
+     * we copy awkwardly sized data).
+     */
+    for (size_t i = 0; i < limbs; i++) {
+        X[i] = mbedtls_ct_mpi_uint_if(assign, A[i], X[i]);
+    }
 }
 
 void mbedtls_mpi_core_cond_swap(mbedtls_mpi_uint *X,
commit	3b25c40f5296a284de45d402e050a3454de47fd9	[log] [tgz]
author	Dave Rodgman <dave.rodgman@arm.com>	Thu May 18 14:41:06 2023 +0100
committer	Dave Rodgman <dave.rodgman@arm.com>	Fri May 26 12:42:48 2023 +0100
tree	cc937f9fabe224f8cc75068eed66da34213e6ea7
parent	3108645d67e7bd0eae2877fa7f5018f520817c1e [diff]