Page MenuHomeFreeBSD
Differential D28501

armv8crypto: Fix some edge cases in the AES-GCM implementation
ClosedPublic
Actions

Authored by markj on Feb 5 2021, 2:25 PM.
Tags
None
Referenced Files
F132385722: D28501.id83410.diff
Thu, Oct 16, 11:14 AM
Unknown Object (File)
Sun, Oct 12, 7:07 AM
Unknown Object (File)
Sun, Oct 12, 7:07 AM
Unknown Object (File)
Sun, Oct 12, 7:07 AM
Unknown Object (File)
Sat, Oct 11, 8:47 PM
Unknown Object (File)
Thu, Oct 2, 3:48 AM
Unknown Object (File)
Tue, Sep 30, 11:08 PM
Unknown Object (File)
Sep 12 2025, 2:23 PM
View All 75 Files
Subscribers
andrew
imp

Details

Reviewers
jmg
gonzo
jhb
Commits
rG46d3e8cd88fa: armv8crypto: Fix some edge cases in the AES-GCM implementation
rG860e0c7fb848: armv8crypto: Fix some edge cases in the AES-GCM implementation
rG0dc7076037a8: armv8crypto: Fix some edge cases in the AES-GCM implementation
Summary
  • We only hash up to the first 16 bytes of the AAD.
  • When computing the digest during decryption, handle the case where len == trailer properly.

While here:

  • trailer is always smaller than AES_BLOCK_LEN, so remove a pair of unnecessary modulus operations.
  • Replace some byte-by-byte loops with memcpy() and memset() calls. In particular, zero the full block before copying a partial block into it since we do that elsewhere and it means that the memset() length is known at compile time.
Test Plan

Noticed when doing some refactoring, verified with cryptocheck.

Specifically, I used cryptocheck -d soft -a aes-gcm -z.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Revision Contents
Changeset List

PathSize
sys/
crypto/
armv8/
47 lines

Diff 83541

View Options

sys/crypto/armv8/armv8_crypto_wrap.c

Loading...