diff options
author | Mark Johnston <markj@FreeBSD.org> | 2021-02-08 14:19:07 +0000 |
---|---|---|
committer | Mark Johnston <markj@FreeBSD.org> | 2021-02-08 14:19:07 +0000 |
commit | 0dc7076037a87100060309f7179ef6a01f32f99e (patch) | |
tree | 86d6cb8a8510129977a4de5b96b3e5e512267108 /contrib | |
parent | b5aa9ad43aead288dca0eb94fb4621991917f4e1 (diff) | |
download | src-0dc7076037a87100060309f7179ef6a01f32f99e.tar.gz src-0dc7076037a87100060309f7179ef6a01f32f99e.zip |
armv8crypto: Fix some edge cases in the AES-GCM implementation
- We were only hashing up to the first 16 bytes of the AAD.
- When computing the digest during decryption, handle the case where
len == trailer, i.e., len < AES_BLOCK_LEN, properly.
While here:
- trailer is always smaller than AES_BLOCK_LEN, so remove a pair of
unnecessary modulus operations.
- Replace some byte-by-byte loops with memcpy() and memset() calls.
In particular, zero the full block before copying a partial block into
it since we do that elsewhere and it means that the memset() length is
known at compile time.
Reviewed by: jhb
Sponsored by: Ampere Computing
Submitted by: Klara, Inc.
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D28501
Diffstat (limited to 'contrib')
0 files changed, 0 insertions, 0 deletions