From 3b25c40f5296a284de45d402e050a3454de47fd9 Mon Sep 17 00:00:00 2001
From: Dave Rodgman <dave.rodgman@arm.com>
Date: Thu, 18 May 2023 14:41:06 +0100
Subject: [PATCH] Fix RSA perf regression

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
---
 library/bignum_core.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/library/bignum_core.c b/library/bignum_core.c
index b41d046a5..5e1959079 100644
--- a/library/bignum_core.c
+++ b/library/bignum_core.c
@@ -211,8 +211,14 @@ void mbedtls_mpi_core_cond_assign(mbedtls_mpi_uint *X,
         return;
     }
 
-    mbedtls_ct_memcpy_if(assign, (unsigned char *) X, (unsigned char *) A, NULL,
-                         limbs * sizeof(mbedtls_mpi_uint));
+    /* This function is very performance-sensitive for RSA. For this reason
+     * we have the loop below, instead of calling mbedtls_ct_memcpy_if
+     * (this is more optimal since here we don't have to handle the case where
+     * we copy awkwardly sized data).
+     */
+    for (size_t i = 0; i < limbs; i++) {
+        X[i] = mbedtls_ct_mpi_uint_if(assign, A[i], X[i]);
+    }
 }
 
 void mbedtls_mpi_core_cond_swap(mbedtls_mpi_uint *X,