Fix AES-GCM-SIV on large inputs. This was noticed by observing we had one line of missing test coverage in polyval.c. CRYPTO_POLYVAL_update_blocks acts 32 blocks at a time and all existing test vectors are smaller than that. Test vector obtained by just picking random values and seeing what our existing implementation did if I modified CRYPTO_POLYVAL_update_blocks to consume many more blocks at a time. Then I fixed the bug and ensured the answer was still the same. Change-Id: Ib7002dbc10952229ff42a17132c30d0e290d4be5 Reviewed-on: https://boringssl-review.googlesource.com/13041 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com>

commit: 14e18ca257ea479097c72456a861c65e57cb7cd3 [log] [tgz]
author: David Benjamin <davidben@google.com> Thu Dec 22 23:10:37 2016 -0500
committer: Adam Langley <agl@google.com> Wed Jan 04 01:45:31 2017 +0000
tree: 479f8887b5b387270373abe78ca7cd62a3deb911
parent: 55696cecde12355a6e55749d4d70a1042e53431b [diff]
diff --git a/crypto/cipher/test/aes_128_gcm_siv_tests.txt b/crypto/cipher/test/aes_128_gcm_siv_tests.txt
index a929b59..faf97c1 100644
--- a/crypto/cipher/test/aes_128_gcm_siv_tests.txt
+++ b/crypto/cipher/test/aes_128_gcm_siv_tests.txt

@@ -234,3 +234,12 @@
 AD: 0100000000000000000000000000000002000000
 CT: b26d43ae158316ac37f41579ccf1d461274e
 TAG: 13b7c01d08dd6969d51d1bf0fbbdc4d2
+
+# Sample large random test vector.
+
+KEY: ee0f62a965fa640d1c95d79b215dca71
+NONCE: 7df5a22c91e6b6f37594dfef54847bd9
+IN: 5d90037e677666fbc0215305096301d852609e1380992d8c2e3594344a7f9a0521fdeda53de07d3184d590667fc7151a93ba097f20c67da0b1da8c23bd05887a4b66ab50333874819035eafd775fcfa86b380968f15d8cd46483d418b2c074f0dc18407108f63abe89c5448e83d064b6544a275dd75a21dd0241dafa086beb8446f398f6c1b2b117ad6f2cdb04031640852b5e15560d39b8d9088824f728ae66b2214e4cd70f60174313a5f0286741caeb4b66d0513b63c4a1325306f79f1f79bb28ccf6448fa3160876eefd85ca03c196a3e5568b0f3c818e7cf9d661423ed6a50a6911d52217a1b81e94ba040f336e74ac71b33964c3a7d960a32c255e22fcb7dcc41b9b136815b784ce4015b61b55e305e2ab1f96d17b561eb0281476cbaec54e942a186fbf3df92358960182c3c034066364e80fa492b36d36ee68f2738220f249a69f24405fe9995dab0b0b338ee68d85f0e59870903ca9d02f32ee6a24efc85434610586470b938daa9d14206c360339f7ec50857f4e5075a29bb51720d9a6f399f7b8bd45b402b0eed8f6e427d5dd358a0c3f10a58582be8934ebd7903497cc6622a977d6045f97a58f5ed7a3470583ebf88f71150499047e4b624f8018cffaca0d5a9db7f73da2db6770c98cd628d2d6682a4c41d584f37ea0ff7e8763616a548027e29cb3ec3e02a82eab205f7af46b6c9b02a15de54fc301a9845d50396cf3826b23296c360fafbaf65e5f48c4998085d7dac07736b106a8bb1e8e69dca15464d1bf156a5f84b62170f680826dcca7bf1c126cdb70dc872a005806d423cee46ab0d84d2d8d490c8eaec8b17b12913d4856c59f5348c6956c96a32595eef8c89ee5ae99706c92e748714dae4ae45685710261cd66d3ef93ed01bb862bfeb3b4fb5074ffec5517c8845173fde2774cd3b5a25cc1dc11d833c29614b7272bf213aeb19f83603aee97a9bc43e8b88c8789c520f634028cce2b0be343e74c8c341a153a36f797f38a4ebb53589e45f1e64299fedd2e9bbdeb9ad9ab4e2eccb4bd2b57000a5d7b064e6b6fb5cb9c743d6afe697bac549ade238c7a3a094e799e9c7e6cef6e6d4b8c8f1d862bc8ab9b96238c7d5393b2f684c5b4826df6c5f48cadb43fd6d6cb189ca56125bfee9dd44d22a2e28d7a9e63565321c9ecad96b3ae7376c984c44cab978002ff78d947230fe15918b3a73232ff5c05586c4b0e2e0d737be6abef80414b008ad2deea1944a4248f02063500a9276217ceabeca39ec4d6af647395a9c91401dcbe8f9645ef97eca5624029f942cc9979fd31636d65ed181a65763c5c16e65f8673a3cc6143ede8144d894559dedfac3000e8d86590b0ced25dd8666d71f237fd3511d7f8a20dbb4e95e3aca9807a2351bf705a7eec5a80f2b390ef9df496c5cd7ca9f5d8846df291025beb9781c793613efe7798
+AD: 4b7531e0a946b20c80f70dea4d437833f3dd26ae6f6dc37b7b99e82122acf2b7975f6d8efcb7ec4c6ff3c0ce4a5864adba0e658aeb8d9b839f3509f033827bc69a1ab080a0a1cc63559b00a3a259c53c145b0282f5e56930fc35b11c83b6564f2e80f186c2ef2e8886641fe6c4966dc9f86c567e73902d1a8fc33be1551e8359aa585bd2b8da83c0cd78a086cdebf8904d1b66a2fee176fa19714f062b752653d75a0e441ff7fba0c5a0cb6ded48f68b38af82faa985f9d97ba3c0978e1d23d8eb8899072fbec9379ca5f2b91293cb57eac81a6d711f9cccb36ff16b0de86d27d62e136ddbc1a2be38d5a1284e4620f4f9ab1f16729630e16dd2901f24f5ad6e
+CT: 1b5a273ee4e1f87516bb711bd97c559fd5139286d90d3f64813f88c697ff448c7ce57ff3a2b70479c0f904f0c6de92234ef72b4ad62038a32108804042e07ad94e49a327bd28f1c49786c2b1537392c582031f52e3bd27336dab9d237ce47ffd0c8002b60b1055226cf28c6d99be0e4f75afb72c6953ffa0b033f74304efe19601d34dfda29874efdc9ebfa74c9d55c7273561c46b7cd4d631ab05ca7172111c13f0703ff9cec063988b7bf1bd9557b8d8a914162d2f31113f1682e951acaba4a314aabf901bdc5117184109fca1cecfe552f2e7d003eab51ceb992c2bb11245e1cd7e230398a3d18bab59c9acf033bde779166bfd3f98792902f84e4ef32cf5f410af2cec9cbe67ebb28f3fceb497abf4b1c240cab4852d840de9dec20f0e21853be6227784beee276ea3a4c6092654f7d62af614e5ea976791195415befa1f4a9d77c35a84b0d54b5eb1e00f55bbafac209468532b18d020e16798256aab9ea3989d876822cc68135ee103169962965a9383b2cff70213f9c52bcf2441e7b8ec07bee0c225be5353bcfe6d9ff546d30889813a13e1e966028dd80ec096202a26e478278af8b15bcf29137d536658d51293c6cfecde110e5b17ec39ce5317db5a03a1919f52f89ceeec0b5f48875e9692501b34303110e52ef4ea96d98cc28ab6e9ca24a8bb124629ac480b06fa8321b5712f2ae22e750848404ac20232716e195b343adebb52234cbc002c602574a7fbad638c1a7201eb38d4404b3d672119617e1190402b57568ee1e776ba18087164ddfbbf77f26ae5ee229ef101f10306f6449920b08d4e46bb2039d4777319547d7b4ef32e61c3cc897bc36cc2d5983c63e38814276a28125468112b646b877bbe2d206e578a8fd402be6d963b1d79c8b14dbca801bb92d7217cb7375d5e126702270158c89db653f1ee34e1c1ca066fe854532a36b74d36d9bc077506349a4cb8143dca1be3241f64cdc410c4d362982500aeea2a12172ccac996a333a2bff5393e0be9bcb93ca0fd62a22f0f72618325e233b42214ce8683c57dcf3113edbc5102e84b265aa031e26ec5fa18b1a7fa72358072d47b85e045cd52541e49b94d74fb21bb19725675c0d014ca8f8219c26cb8158f5d84b2cafb0474b2b39cb7f21c3320b5cbd57cff7133243a462e492de6340ee7d60ef888d639ca50380529f09b9eb279c49ad04662b7ec4f579fcec011790f18b2c0ad081eaf2be13d6f6a5969db46d56df9daea2cb332e719135109fd1d7caa84af315c0054f37177312c01a9f3f05a6e9bca719f906d1e8af7fdc24a3677c922f435e6e4c069073ea779c2b74c98f9374f5a38961a4354e74803f0f4042b91fb82a0c593c13f9ff720a70136d0b108acdb762a08f98a222f48c2858c0cc9a27edc9e79fe0f71ebe2940c60a279476975926eab478685ebf8a74705
+TAG: 6f5223329c07cbf6b038d307cbb8a719

diff --git a/crypto/cipher/test/aes_256_gcm_siv_tests.txt b/crypto/cipher/test/aes_256_gcm_siv_tests.txt
index cd38e23..b7a9efe 100644
--- a/crypto/cipher/test/aes_256_gcm_siv_tests.txt
+++ b/crypto/cipher/test/aes_256_gcm_siv_tests.txt

@@ -224,3 +224,12 @@
 AD: 0100000000000000000000000000000002000000
 CT: c6d3d28704bf20067d62e1a3872d40dda44b
 TAG: 6ac0135a4379dbc67967ff55fd4d1f2f
+
+# Sample large random test vector.
+
+KEY: 83475d5042f8baedf4ca779088abfab17d35416a767d8c42c2a650cc597e5004
+NONCE: 7df5a22c91e6b6f37594dfef54847bd9
+IN: 5d90037e677666fbc0215305096301d852609e1380992d8c2e3594344a7f9a0521fdeda53de07d3184d590667fc7151a93ba097f20c67da0b1da8c23bd05887a4b66ab50333874819035eafd775fcfa86b380968f15d8cd46483d418b2c074f0dc18407108f63abe89c5448e83d064b6544a275dd75a21dd0241dafa086beb8446f398f6c1b2b117ad6f2cdb04031640852b5e15560d39b8d9088824f728ae66b2214e4cd70f60174313a5f0286741caeb4b66d0513b63c4a1325306f79f1f79bb28ccf6448fa3160876eefd85ca03c196a3e5568b0f3c818e7cf9d661423ed6a50a6911d52217a1b81e94ba040f336e74ac71b33964c3a7d960a32c255e22fcb7dcc41b9b136815b784ce4015b61b55e305e2ab1f96d17b561eb0281476cbaec54e942a186fbf3df92358960182c3c034066364e80fa492b36d36ee68f2738220f249a69f24405fe9995dab0b0b338ee68d85f0e59870903ca9d02f32ee6a24efc85434610586470b938daa9d14206c360339f7ec50857f4e5075a29bb51720d9a6f399f7b8bd45b402b0eed8f6e427d5dd358a0c3f10a58582be8934ebd7903497cc6622a977d6045f97a58f5ed7a3470583ebf88f71150499047e4b624f8018cffaca0d5a9db7f73da2db6770c98cd628d2d6682a4c41d584f37ea0ff7e8763616a548027e29cb3ec3e02a82eab205f7af46b6c9b02a15de54fc301a9845d50396cf3826b23296c360fafbaf65e5f48c4998085d7dac07736b106a8bb1e8e69dca15464d1bf156a5f84b62170f680826dcca7bf1c126cdb70dc872a005806d423cee46ab0d84d2d8d490c8eaec8b17b12913d4856c59f5348c6956c96a32595eef8c89ee5ae99706c92e748714dae4ae45685710261cd66d3ef93ed01bb862bfeb3b4fb5074ffec5517c8845173fde2774cd3b5a25cc1dc11d833c29614b7272bf213aeb19f83603aee97a9bc43e8b88c8789c520f634028cce2b0be343e74c8c341a153a36f797f38a4ebb53589e45f1e64299fedd2e9bbdeb9ad9ab4e2eccb4bd2b57000a5d7b064e6b6fb5cb9c743d6afe697bac549ade238c7a3a094e799e9c7e6cef6e6d4b8c8f1d862bc8ab9b96238c7d5393b2f684c5b4826df6c5f48cadb43fd6d6cb189ca56125bfee9dd44d22a2e28d7a9e63565321c9ecad96b3ae7376c984c44cab978002ff78d947230fe15918b3a73232ff5c05586c4b0e2e0d737be6abef80414b008ad2deea1944a4248f02063500a9276217ceabeca39ec4d6af647395a9c91401dcbe8f9645ef97eca5624029f942cc9979fd31636d65ed181a65763c5c16e65f8673a3cc6143ede8144d894559dedfac3000e8d86590b0ced25dd8666d71f237fd3511d7f8a20dbb4e95e3aca9807a2351bf705a7eec5a80f2b390ef9df496c5cd7ca9f5d8846df291025beb9781c793613efe7798
+AD: 4b7531e0a946b20c80f70dea4d437833f3dd26ae6f6dc37b7b99e82122acf2b7975f6d8efcb7ec4c6ff3c0ce4a5864adba0e658aeb8d9b839f3509f033827bc69a1ab080a0a1cc63559b00a3a259c53c145b0282f5e56930fc35b11c83b6564f2e80f186c2ef2e8886641fe6c4966dc9f86c567e73902d1a8fc33be1551e8359aa585bd2b8da83c0cd78a086cdebf8904d1b66a2fee176fa19714f062b752653d75a0e441ff7fba0c5a0cb6ded48f68b38af82faa985f9d97ba3c0978e1d23d8eb8899072fbec9379ca5f2b91293cb57eac81a6d711f9cccb36ff16b0de86d27d62e136ddbc1a2be38d5a1284e4620f4f9ab1f16729630e16dd2901f24f5ad6e
+CT: 30b73374cc093ffaad4be2088142b08ed1b0d2914f96d90e0279aeb3a6547807b9b3bbfe2cd880e8f3a9f3b6e42da1ef53d78a6c63da686498b61523ac4c82caa01d31afe1ec00e80349df969684b060299aa86e4b7a38c643987889eab5a0a0996d18b2350439c7162d566dbb0d55f0f50a81d982df5e2047a23800a418b5adf42d8ff26cfd961527347439e76fbb2c2da08c1dd1a5fddf149d47eaf571498e23c3104c6b2dffb8e5d5e5f90e50eae9146f48b19a6e2d49cd170654a0041096f4f57aff5054dbf784e7748b3ddfdb9c447ed86681bcfb8055407fcec320990609089c3b51845f8e9bcb21382421a2f8634e1ad8739795202ade68aa47ab10026031cb3bfd94adc70702c31760753af4a2bb852581519e91cce5b1e0e49d028a1a03b915917d1011a4a7c04b46e1d8434663aa9473d1ad135966ab18145caf825f4a04d47b953989e188d21ec9f3858623fe16c413d2caa73761ec9dab8bf4e6dcdb997a503168487b67d1b3a9768a1887c292b9f39d40a404b8ffd011150490ed2e751ccbe4f7661785d8c5b778a21aa7e6efc132afe81765cc4ef32b5959e19ca97a4c37601257b8484fab234760242db6fd140ed1cfaff1d11cfad836171b42a164671c178164bbdb14815376f4eed1fbbb95f8e4614ff23de5cc9a0642a228d6bce19fbeea0e661b14696c6eb4aca97ac2cbe838578e7033703e2b551f7ef5dae4a68cdc58daac41eddc07b38ea7c4de1262ce04fb16f75870bbf41c95acbce6eb86dc3452a0d177aef3bc1e39878788d4a2680feb5d888debe62ec64fd72290c0cf8b9105c365c7305d994b28a2b32b88fdd11c3879dc1e005d6a2aa99daa926b18338f0980cdf0d8275e190bb9b8da9a63ff332bb5f5b654414a110b9d6128d0984d015c2a0a100985733fd400be0829f57e72655bfcd10c20341cd24cad0705647363ec0a3d678f30f7a1e85bc1a2dd133fcef5f25852eb6d81d7b4b531aff4e655285375f1b1ceee0d58a63f85f21f6525e3ad43f76a8fef16c785047778e1eccfe8e3c7cb34f2e037a61e3f01af88874b30911df60664e5ca65d6836166ff796e6b710af474add57957c2139b24257bcee287090f1ca1f91c95cc2c9348689aa7b95dfcedb02e68e38c1cd75ef966f0d33c4e09c40e2e58d30f6d0771d11debf01e57f342f3fffa34a1ed2bf10035c1607f3fd79423c0164dd6c171d8046edaed9b7b2a75bc11e1e8417c4550795aab6f106a95b5dda022e512269e8b2937b1d5601cfec1dba8b763707b97bc786ac94e38cd368cadeb1b48a3e068b614fc7b06430db80d46889027ca3d228d87c6eb00531e8d913734e3af987b104d052bbd63564184cd9dc803e6948d70575c9606a704245ef6136f707ddba8a00f288199867774c6e7487311c29aada3f607fc904f88be90cae49789a5163a4c
+TAG: 37db916a9c13afd36e39ce5d01665067

diff --git a/crypto/modes/polyval.c b/crypto/modes/polyval.c
index eb7eadc..125b256 100644
--- a/crypto/modes/polyval.c
+++ b/crypto/modes/polyval.c

@@ -72,6 +72,7 @@
       todo = sizeof(reversed);
     }
     OPENSSL_memcpy(reversed, in, todo);
+    in += todo;
     in_len -= todo;
 
     size_t blocks = todo / sizeof(polyval_block);
commit	14e18ca257ea479097c72456a861c65e57cb7cd3	[log] [tgz]
author	David Benjamin <davidben@google.com>	Thu Dec 22 23:10:37 2016 -0500
committer	Adam Langley <agl@google.com>	Wed Jan 04 01:45:31 2017 +0000
tree	479f8887b5b387270373abe78ca7cd62a3deb911
parent	55696cecde12355a6e55749d4d70a1042e53431b [diff]