diff options
| author | Jussi Kivilinna <jussi.kivilinna@iki.fi> | 2022-02-19 13:45:59 +0200 |
|---|---|---|
| committer | Jussi Kivilinna <jussi.kivilinna@iki.fi> | 2022-02-22 19:54:34 +0200 |
| commit | 2508b755608ce182a7e570dc2717a6a70346b927 (patch) | |
| tree | adb9b371eac77204affe5216cdc1cfc330245b2f /cipher/cipher-ccm.c | |
| parent | 052c5ef4cea56772b7015e36f231fa0bcbf91410 (diff) | |
| download | libgcrypt-2508b755608ce182a7e570dc2717a6a70346b927.tar.gz | |
Perform AEAD input 24KiB splitting only when input larger than 32KiB
* cipher/chacha20.c (_gcry_chacha20_poly1305_encrypt)
(_gcry_chacha20_poly1305_decrypt): Process in 24KiB chunks if input
larger than 32KiB.
* cipher/cipher-ccm.c (_gcry_cipher_ccm_encrypt)
(_gcry_cipher_ccm_decrypt): Likewise.
* cipher/cipher-eax.c (_gcry_cipher_eax_encrypt)
(_gcry_cipher_eax_decrypt): Likewise.
* cipher/cipher-gcm.c (gcm_cipher_inner): Likewise.
* cipher/cipher-ocb.c (ocb_crypt): Likewise.
* cipher/cipher-poly2305.c (_gcry_cipher_poly1305_encrypt)
(_gcry_cipher_poly1305_decrypt): Likewise.
--
Splitting input which length is just above 24KiB is not benefical.
Instead perform splitting if input is longer than 32KiB to ensure that
last chunk is also a large buffer.
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
Diffstat (limited to 'cipher/cipher-ccm.c')
| -rw-r--r-- | cipher/cipher-ccm.c | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/cipher/cipher-ccm.c b/cipher/cipher-ccm.c index dcb268d0..3e2a767a 100644 --- a/cipher/cipher-ccm.c +++ b/cipher/cipher-ccm.c @@ -345,8 +345,10 @@ _gcry_cipher_ccm_encrypt (gcry_cipher_hd_t c, unsigned char *outbuf, size_t currlen = inbuflen; /* Since checksumming is done before encryption, process input in 24KiB - * chunks to keep data loaded in L1 cache for encryption. */ - if (currlen > 24 * 1024) + * chunks to keep data loaded in L1 cache for encryption. However only + * do splitting if input is large enough so that last chunks does not + * end up being short. */ + if (currlen > 32 * 1024) currlen = 24 * 1024; c->u_mode.ccm.encryptlen -= currlen; @@ -391,8 +393,10 @@ _gcry_cipher_ccm_decrypt (gcry_cipher_hd_t c, unsigned char *outbuf, size_t currlen = inbuflen; /* Since checksumming is done after decryption, process input in 24KiB - * chunks to keep data loaded in L1 cache for checksumming. */ - if (currlen > 24 * 1024) + * chunks to keep data loaded in L1 cache for checksumming. However + * only do splitting if input is large enough so that last chunks + * does not end up being short. */ + if (currlen > 32 * 1024) currlen = 24 * 1024; err = _gcry_cipher_ctr_encrypt (c, outbuf, outbuflen, inbuf, currlen); |