Various optimizations to software AES-CCM and AES-GCM.
- Make use of cursors to avoid data copies for AES-CCM and AES-GCM.
Pass pointers into the request's input and/or output buffers directly to the Update, encrypt, and decrypt hooks rather than always copying all data into a temporary block buffer on the stack.
- Move handling for partial final blocks out of the main loop.
This removes branches from the main loop and permits using encrypt/decrypt_last which avoids a memset to clear the rest of the block on the stack.
- Shrink the on-stack buffers to assume AES block sizes and CCM/GCM tag lengths.
- For AAD data, pass larger chunks to axf->Update. CCM can take each AAD segment in a single call. GMAC can take multiple blocks at a time.
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D25058