]> Cypherpunks repositories - gostls13.git/commitdiff
projects / gostls13.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: b9e2ffd)
crypto/internal/fips140/aes/gcm: use aes.EncryptBlockInternal on ppc64x and s390x
authorFilippo Valsorda <filippo@golang.org>
Tue, 17 Dec 2024 16:55:01 +0000 (17:55 +0100)
committerGopher Robot <gobot@golang.org>
Tue, 17 Dec 2024 19:35:53 +0000 (11:35 -0800)
Left them out of CL 636775 because I did a search by reference, which
does not span architectures.

Fixes crypto/cipher.TestFIPSServiceIndicator failure on ppc64x and s390x.

For #69536

Change-Id: I34b49705a7099066e8c3871a7a34b394a9298e98
Reviewed-on: https://go-review.googlesource.com/c/go/+/637175
Reviewed-by: David Chase <drchase@google.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>

src/crypto/internal/fips140/aes/gcm/gcm_ppc64x.go patch | blob | history
src/crypto/internal/fips140/aes/gcm/gcm_s390x.go patch | blob | history

diff --git a/src/crypto/internal/fips140/aes/gcm/gcm_ppc64x.go b/src/crypto/internal/fips140/aes/gcm/gcm_ppc64x.go
index 5084835e88d315d8f4f50f5c1d18f129e0fad493..8d44c75745d9b8cd9428dabb5029d84770a699e0 100644 (file)
--- a/src/crypto/internal/fips140/aes/gcm/gcm_ppc64x.go
+++ b/src/crypto/internal/fips140/aes/gcm/gcm_ppc64x.go
@@ -51,7 +51,7 @@ func initGCM(g *GCM) {
        }
 
        hle := make([]byte, gcmBlockSize)
-       g.cipher.Encrypt(hle, hle)
+       aes.EncryptBlockInternal(&g.cipher, hle, hle)
 
        // Reverse the bytes in each 8 byte chunk
        // Load little endian, store big endian
@@ -133,7 +133,7 @@ func seal(out []byte, g *GCM, nonce, plaintext, data []byte) {
        var counter, tagMask [gcmBlockSize]byte
        deriveCounter(&counter, nonce, &g.productTable)
 
-       g.cipher.Encrypt(tagMask[:], counter[:])
+       aes.EncryptBlockInternal(&g.cipher, tagMask[:], counter[:])
        gcmInc32(&counter)
 
        counterCrypt(&g.cipher, out, plaintext, &counter)
@@ -151,7 +151,7 @@ func open(out []byte, g *GCM, nonce, ciphertext, data []byte) error {
        var counter, tagMask [gcmBlockSize]byte
        deriveCounter(&counter, nonce, &g.productTable)
 
-       g.cipher.Encrypt(tagMask[:], counter[:])
+       aes.EncryptBlockInternal(&g.cipher, tagMask[:], counter[:])
        gcmInc32(&counter)
 
        var expectedTag [gcmTagSize]byte
diff --git a/src/crypto/internal/fips140/aes/gcm/gcm_s390x.go b/src/crypto/internal/fips140/aes/gcm/gcm_s390x.go
index 6d88e1824083bec0f3f9f3ddcca630b129607e12..526f3f9d4a2019c9aa10a3896077face13ac83ce 100644 (file)
--- a/src/crypto/internal/fips140/aes/gcm/gcm_s390x.go
+++ b/src/crypto/internal/fips140/aes/gcm/gcm_s390x.go
@@ -55,7 +55,7 @@ func initGCM(g *GCM) {
                return
        }
        // Note that hashKey is also used in the KMA codepath to hash large nonces.
-       g.cipher.Encrypt(g.hashKey[:], g.hashKey[:])
+       aes.EncryptBlockInternal(&g.cipher, g.hashKey[:], g.hashKey[:])
 }
 
 // ghashAsm uses the GHASH algorithm to hash data with the given key. The initial
@@ -115,7 +115,7 @@ func counterCrypt(g *GCM, dst, src []byte, cnt *[gcmBlockSize]byte) {
        }
        if len(src) > 0 {
                var x [16]byte
-               g.cipher.Encrypt(x[:], cnt[:])
+               aes.EncryptBlockInternal(&g.cipher, x[:], cnt[:])
                for i := range src {
                        dst[i] = src[i] ^ x[i]
                }
Go GOST TLS 1.3