mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-05 16:50:48 +02:00
port/cavium: fix Octeon AES-GCM AAD GHASH bug
Octeon_AesGcm_SetAAD unconditionally ran XOR0/XORMUL1 on the partial-block buffer after the main loop, which processed an extra all-zero block when aadSz was a non-zero multiple of 16, corrupting the GCM tag. Guard the trailing XOR/MUL with `if (remainder > 0)`. Issue: F-3335
This commit is contained in:
@@ -558,13 +558,15 @@ static NOOPT int Octeon_AesGcm_SetAAD(Aes* aes, byte* aad, word32 aadSz)
|
||||
CVMX_MT_GFM_XORMUL1(p[1]);
|
||||
}
|
||||
|
||||
XMEMSET(aesBlock, 0, sizeof(aesBlock));
|
||||
if (remainder > 0) {
|
||||
XMEMSET(aesBlock, 0, sizeof(aesBlock));
|
||||
|
||||
for (i = 0; i < remainder; i++)
|
||||
aesBlock[i] = aad[i];
|
||||
for (i = 0; i < remainder; i++)
|
||||
aesBlock[i] = aad[i];
|
||||
|
||||
CVMX_MT_GFM_XOR0(p[0]);
|
||||
CVMX_MT_GFM_XORMUL1(p[1]);
|
||||
CVMX_MT_GFM_XOR0(p[0]);
|
||||
CVMX_MT_GFM_XORMUL1(p[1]);
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user