Diffusion FreeBSD src repository 46d3e8cd88fa

armv8crypto: Fix some edge cases in the AES-GCM implementation
46d3e8cd88fa
Actions

Tags

None

Referenced Files

None

Subscribers

None

Description

armv8crypto: Fix some edge cases in the AES-GCM implementation

We were only hashing up to the first 16 bytes of the AAD.
When computing the digest during decryption, handle the case where len == trailer, i.e., len < AES_BLOCK_LEN, properly.

While here:

trailer is always smaller than AES_BLOCK_LEN, so remove a pair of unnecessary modulus operations.
Replace some byte-by-byte loops with memcpy() and memset() calls. In particular, zero the full block before copying a partial block into it since we do that elsewhere and it means that the memset() length is known at compile time.

Approved by: re (gjb)
Reviewed by: jhb
Sponsored by: Ampere Computing
Submitted by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D28501

(cherry picked from commit 0dc7076037a87100060309f7179ef6a01f32f99e)
(cherry picked from commit 860e0c7fb84863580521142825330aa941dee313)

Details

Provenance

Authored on Feb 8 2021, 2:19 PM

Reviewer

Differential Revision

D28501: armv8crypto: Fix some edge cases in the AES-GCM implementation

Parents

rGdc57f212526d: grep: fix -A handling in conjunction with -m match limitation

Branches

Unknown

Tags

Unknown

Event Timeline

markj committed rG46d3e8cd88fa: armv8crypto: Fix some edge cases in the AES-GCM implementation (authored by markj).Feb 11 2021, 4:47 PM

markj added an edge: D28501: armv8crypto: Fix some edge cases in the AES-GCM implementation.

Changes (1)

Path

Size

sys/

crypto/

armv8/

armv8_crypto_wrap.c

rG46d3e8cd88fa

sys/crypto/armv8/armv8_crypto_wrap.c

Loading...