"4361c4eb" (history) in projects: freebsd

Project(s)

Full Search
Definition
Symbol
File Path
History
Type

Searched hist:"4361 c4eb" (Results 1 – 4 of 4) sorted by relevance

/freebsd/sys/opencrypto/
H A D	cbc_mac.h	4361c4eb Wed Oct 06 21:08:48 GMT 2021 John Baldwin <jhb@FreeBSD.org> cryptosoft: Fix support for variable tag lengths in AES-CCM. The tag length is included as one of the values in the flags byte of block 0 passed to CBC_MAC, so merely copying the first N bytes is insufficient. To avoid adding more sideband data to the CBC MAC software context, pull the generation of block 0, the AAD length, and AAD padding out of cbc_mac.c and into cryptosoft.c. This matches how GCM/GMAC are handled where the length block is constructed in cryptosoft.c and passed as an input to the Update callback. As a result, the CBC MAC Update() routine is now much simpler and simply performs the XOR-and-encrypt step on each input block. While here, avoid a copy to the staging block in the Update routine when one or more full blocks are passed as input to the Update callback. Reviewed by: sef Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D32120 4361c4eb Wed Oct 06 21:08:48 GMT 2021 John Baldwin <jhb@FreeBSD.org> cryptosoft: Fix support for variable tag lengths in AES-CCM. The tag length is included as one of the values in the flags byte of block 0 passed to CBC_MAC, so merely copying the first N bytes is insufficient. To avoid adding more sideband data to the CBC MAC software context, pull the generation of block 0, the AAD length, and AAD padding out of cbc_mac.c and into cryptosoft.c. This matches how GCM/GMAC are handled where the length block is constructed in cryptosoft.c and passed as an input to the Update callback. As a result, the CBC MAC Update() routine is now much simpler and simply performs the XOR-and-encrypt step on each input block. While here, avoid a copy to the staging block in the Update routine when one or more full blocks are passed as input to the Update callback. Reviewed by: sef Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D32120 4361c4eb Wed Oct 06 21:08:48 GMT 2021 John Baldwin <jhb@FreeBSD.org> cryptosoft: Fix support for variable tag lengths in AES-CCM. The tag length is included as one of the values in the flags byte of block 0 passed to CBC_MAC, so merely copying the first N bytes is insufficient. To avoid adding more sideband data to the CBC MAC software context, pull the generation of block 0, the AAD length, and AAD padding out of cbc_mac.c and into cryptosoft.c. This matches how GCM/GMAC are handled where the length block is constructed in cryptosoft.c and passed as an input to the Update callback. As a result, the CBC MAC Update() routine is now much simpler and simply performs the XOR-and-encrypt step on each input block. While here, avoid a copy to the staging block in the Update routine when one or more full blocks are passed as input to the Update callback. Reviewed by: sef Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D32120 4361c4eb Wed Oct 06 21:08:48 GMT 2021 John Baldwin <jhb@FreeBSD.org> cryptosoft: Fix support for variable tag lengths in AES-CCM. The tag length is included as one of the values in the flags byte of block 0 passed to CBC_MAC, so merely copying the first N bytes is insufficient. To avoid adding more sideband data to the CBC MAC software context, pull the generation of block 0, the AAD length, and AAD padding out of cbc_mac.c and into cryptosoft.c. This matches how GCM/GMAC are handled where the length block is constructed in cryptosoft.c and passed as an input to the Update callback. As a result, the CBC MAC Update() routine is now much simpler and simply performs the XOR-and-encrypt step on each input block. While here, avoid a copy to the staging block in the Update routine when one or more full blocks are passed as input to the Update callback. Reviewed by: sef Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D32120 4361c4eb Wed Oct 06 21:08:48 GMT 2021 John Baldwin <jhb@FreeBSD.org> cryptosoft: Fix support for variable tag lengths in AES-CCM. The tag length is included as one of the values in the flags byte of block 0 passed to CBC_MAC, so merely copying the first N bytes is insufficient. To avoid adding more sideband data to the CBC MAC software context, pull the generation of block 0, the AAD length, and AAD padding out of cbc_mac.c and into cryptosoft.c. This matches how GCM/GMAC are handled where the length block is constructed in cryptosoft.c and passed as an input to the Update callback. As a result, the CBC MAC Update() routine is now much simpler and simply performs the XOR-and-encrypt step on each input block. While here, avoid a copy to the staging block in the Update routine when one or more full blocks are passed as input to the Update callback. Reviewed by: sef Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D32120 4361c4eb Wed Oct 06 21:08:48 GMT 2021 John Baldwin <jhb@FreeBSD.org> cryptosoft: Fix support for variable tag lengths in AES-CCM. The tag length is included as one of the values in the flags byte of block 0 passed to CBC_MAC, so merely copying the first N bytes is insufficient. To avoid adding more sideband data to the CBC MAC software context, pull the generation of block 0, the AAD length, and AAD padding out of cbc_mac.c and into cryptosoft.c. This matches how GCM/GMAC are handled where the length block is constructed in cryptosoft.c and passed as an input to the Update callback. As a result, the CBC MAC Update() routine is now much simpler and simply performs the XOR-and-encrypt step on each input block. While here, avoid a copy to the staging block in the Update routine when one or more full blocks are passed as input to the Update callback. Reviewed by: sef Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D32120 4361c4eb Wed Oct 06 21:08:48 GMT 2021 John Baldwin <jhb@FreeBSD.org> cryptosoft: Fix support for variable tag lengths in AES-CCM. The tag length is included as one of the values in the flags byte of block 0 passed to CBC_MAC, so merely copying the first N bytes is insufficient. To avoid adding more sideband data to the CBC MAC software context, pull the generation of block 0, the AAD length, and AAD padding out of cbc_mac.c and into cryptosoft.c. This matches how GCM/GMAC are handled where the length block is constructed in cryptosoft.c and passed as an input to the Update callback. As a result, the CBC MAC Update() routine is now much simpler and simply performs the XOR-and-encrypt step on each input block. While here, avoid a copy to the staging block in the Update routine when one or more full blocks are passed as input to the Update callback. Reviewed by: sef Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D32120
H A D	cbc_mac.c	4361c4eb Wed Oct 06 21:08:48 GMT 2021 John Baldwin <jhb@FreeBSD.org> cryptosoft: Fix support for variable tag lengths in AES-CCM. The tag length is included as one of the values in the flags byte of block 0 passed to CBC_MAC, so merely copying the first N bytes is insufficient. To avoid adding more sideband data to the CBC MAC software context, pull the generation of block 0, the AAD length, and AAD padding out of cbc_mac.c and into cryptosoft.c. This matches how GCM/GMAC are handled where the length block is constructed in cryptosoft.c and passed as an input to the Update callback. As a result, the CBC MAC Update() routine is now much simpler and simply performs the XOR-and-encrypt step on each input block. While here, avoid a copy to the staging block in the Update routine when one or more full blocks are passed as input to the Update callback. Reviewed by: sef Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D32120 4361c4eb Wed Oct 06 21:08:48 GMT 2021 John Baldwin <jhb@FreeBSD.org> cryptosoft: Fix support for variable tag lengths in AES-CCM. The tag length is included as one of the values in the flags byte of block 0 passed to CBC_MAC, so merely copying the first N bytes is insufficient. To avoid adding more sideband data to the CBC MAC software context, pull the generation of block 0, the AAD length, and AAD padding out of cbc_mac.c and into cryptosoft.c. This matches how GCM/GMAC are handled where the length block is constructed in cryptosoft.c and passed as an input to the Update callback. As a result, the CBC MAC Update() routine is now much simpler and simply performs the XOR-and-encrypt step on each input block. While here, avoid a copy to the staging block in the Update routine when one or more full blocks are passed as input to the Update callback. Reviewed by: sef Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D32120 4361c4eb Wed Oct 06 21:08:48 GMT 2021 John Baldwin <jhb@FreeBSD.org> cryptosoft: Fix support for variable tag lengths in AES-CCM. The tag length is included as one of the values in the flags byte of block 0 passed to CBC_MAC, so merely copying the first N bytes is insufficient. To avoid adding more sideband data to the CBC MAC software context, pull the generation of block 0, the AAD length, and AAD padding out of cbc_mac.c and into cryptosoft.c. This matches how GCM/GMAC are handled where the length block is constructed in cryptosoft.c and passed as an input to the Update callback. As a result, the CBC MAC Update() routine is now much simpler and simply performs the XOR-and-encrypt step on each input block. While here, avoid a copy to the staging block in the Update routine when one or more full blocks are passed as input to the Update callback. Reviewed by: sef Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D32120 4361c4eb Wed Oct 06 21:08:48 GMT 2021 John Baldwin <jhb@FreeBSD.org> cryptosoft: Fix support for variable tag lengths in AES-CCM. The tag length is included as one of the values in the flags byte of block 0 passed to CBC_MAC, so merely copying the first N bytes is insufficient. To avoid adding more sideband data to the CBC MAC software context, pull the generation of block 0, the AAD length, and AAD padding out of cbc_mac.c and into cryptosoft.c. This matches how GCM/GMAC are handled where the length block is constructed in cryptosoft.c and passed as an input to the Update callback. As a result, the CBC MAC Update() routine is now much simpler and simply performs the XOR-and-encrypt step on each input block. While here, avoid a copy to the staging block in the Update routine when one or more full blocks are passed as input to the Update callback. Reviewed by: sef Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D32120 4361c4eb Wed Oct 06 21:08:48 GMT 2021 John Baldwin <jhb@FreeBSD.org> cryptosoft: Fix support for variable tag lengths in AES-CCM. The tag length is included as one of the values in the flags byte of block 0 passed to CBC_MAC, so merely copying the first N bytes is insufficient. To avoid adding more sideband data to the CBC MAC software context, pull the generation of block 0, the AAD length, and AAD padding out of cbc_mac.c and into cryptosoft.c. This matches how GCM/GMAC are handled where the length block is constructed in cryptosoft.c and passed as an input to the Update callback. As a result, the CBC MAC Update() routine is now much simpler and simply performs the XOR-and-encrypt step on each input block. While here, avoid a copy to the staging block in the Update routine when one or more full blocks are passed as input to the Update callback. Reviewed by: sef Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D32120 4361c4eb Wed Oct 06 21:08:48 GMT 2021 John Baldwin <jhb@FreeBSD.org> cryptosoft: Fix support for variable tag lengths in AES-CCM. The tag length is included as one of the values in the flags byte of block 0 passed to CBC_MAC, so merely copying the first N bytes is insufficient. To avoid adding more sideband data to the CBC MAC software context, pull the generation of block 0, the AAD length, and AAD padding out of cbc_mac.c and into cryptosoft.c. This matches how GCM/GMAC are handled where the length block is constructed in cryptosoft.c and passed as an input to the Update callback. As a result, the CBC MAC Update() routine is now much simpler and simply performs the XOR-and-encrypt step on each input block. While here, avoid a copy to the staging block in the Update routine when one or more full blocks are passed as input to the Update callback. Reviewed by: sef Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D32120 4361c4eb Wed Oct 06 21:08:48 GMT 2021 John Baldwin <jhb@FreeBSD.org> cryptosoft: Fix support for variable tag lengths in AES-CCM. The tag length is included as one of the values in the flags byte of block 0 passed to CBC_MAC, so merely copying the first N bytes is insufficient. To avoid adding more sideband data to the CBC MAC software context, pull the generation of block 0, the AAD length, and AAD padding out of cbc_mac.c and into cryptosoft.c. This matches how GCM/GMAC are handled where the length block is constructed in cryptosoft.c and passed as an input to the Update callback. As a result, the CBC MAC Update() routine is now much simpler and simply performs the XOR-and-encrypt step on each input block. While here, avoid a copy to the staging block in the Update routine when one or more full blocks are passed as input to the Update callback. Reviewed by: sef Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D32120
H A D	cryptosoft.c	4361c4eb Wed Oct 06 21:08:48 GMT 2021 John Baldwin <jhb@FreeBSD.org> cryptosoft: Fix support for variable tag lengths in AES-CCM. The tag length is included as one of the values in the flags byte of block 0 passed to CBC_MAC, so merely copying the first N bytes is insufficient. To avoid adding more sideband data to the CBC MAC software context, pull the generation of block 0, the AAD length, and AAD padding out of cbc_mac.c and into cryptosoft.c. This matches how GCM/GMAC are handled where the length block is constructed in cryptosoft.c and passed as an input to the Update callback. As a result, the CBC MAC Update() routine is now much simpler and simply performs the XOR-and-encrypt step on each input block. While here, avoid a copy to the staging block in the Update routine when one or more full blocks are passed as input to the Update callback. Reviewed by: sef Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D32120 4361c4eb Wed Oct 06 21:08:48 GMT 2021 John Baldwin <jhb@FreeBSD.org> cryptosoft: Fix support for variable tag lengths in AES-CCM. The tag length is included as one of the values in the flags byte of block 0 passed to CBC_MAC, so merely copying the first N bytes is insufficient. To avoid adding more sideband data to the CBC MAC software context, pull the generation of block 0, the AAD length, and AAD padding out of cbc_mac.c and into cryptosoft.c. This matches how GCM/GMAC are handled where the length block is constructed in cryptosoft.c and passed as an input to the Update callback. As a result, the CBC MAC Update() routine is now much simpler and simply performs the XOR-and-encrypt step on each input block. While here, avoid a copy to the staging block in the Update routine when one or more full blocks are passed as input to the Update callback. Reviewed by: sef Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D32120 4361c4eb Wed Oct 06 21:08:48 GMT 2021 John Baldwin <jhb@FreeBSD.org> cryptosoft: Fix support for variable tag lengths in AES-CCM. The tag length is included as one of the values in the flags byte of block 0 passed to CBC_MAC, so merely copying the first N bytes is insufficient. To avoid adding more sideband data to the CBC MAC software context, pull the generation of block 0, the AAD length, and AAD padding out of cbc_mac.c and into cryptosoft.c. This matches how GCM/GMAC are handled where the length block is constructed in cryptosoft.c and passed as an input to the Update callback. As a result, the CBC MAC Update() routine is now much simpler and simply performs the XOR-and-encrypt step on each input block. While here, avoid a copy to the staging block in the Update routine when one or more full blocks are passed as input to the Update callback. Reviewed by: sef Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D32120 4361c4eb Wed Oct 06 21:08:48 GMT 2021 John Baldwin <jhb@FreeBSD.org> cryptosoft: Fix support for variable tag lengths in AES-CCM. The tag length is included as one of the values in the flags byte of block 0 passed to CBC_MAC, so merely copying the first N bytes is insufficient. To avoid adding more sideband data to the CBC MAC software context, pull the generation of block 0, the AAD length, and AAD padding out of cbc_mac.c and into cryptosoft.c. This matches how GCM/GMAC are handled where the length block is constructed in cryptosoft.c and passed as an input to the Update callback. As a result, the CBC MAC Update() routine is now much simpler and simply performs the XOR-and-encrypt step on each input block. While here, avoid a copy to the staging block in the Update routine when one or more full blocks are passed as input to the Update callback. Reviewed by: sef Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D32120 4361c4eb Wed Oct 06 21:08:48 GMT 2021 John Baldwin <jhb@FreeBSD.org> cryptosoft: Fix support for variable tag lengths in AES-CCM. The tag length is included as one of the values in the flags byte of block 0 passed to CBC_MAC, so merely copying the first N bytes is insufficient. To avoid adding more sideband data to the CBC MAC software context, pull the generation of block 0, the AAD length, and AAD padding out of cbc_mac.c and into cryptosoft.c. This matches how GCM/GMAC are handled where the length block is constructed in cryptosoft.c and passed as an input to the Update callback. As a result, the CBC MAC Update() routine is now much simpler and simply performs the XOR-and-encrypt step on each input block. While here, avoid a copy to the staging block in the Update routine when one or more full blocks are passed as input to the Update callback. Reviewed by: sef Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D32120 4361c4eb Wed Oct 06 21:08:48 GMT 2021 John Baldwin <jhb@FreeBSD.org> cryptosoft: Fix support for variable tag lengths in AES-CCM. The tag length is included as one of the values in the flags byte of block 0 passed to CBC_MAC, so merely copying the first N bytes is insufficient. To avoid adding more sideband data to the CBC MAC software context, pull the generation of block 0, the AAD length, and AAD padding out of cbc_mac.c and into cryptosoft.c. This matches how GCM/GMAC are handled where the length block is constructed in cryptosoft.c and passed as an input to the Update callback. As a result, the CBC MAC Update() routine is now much simpler and simply performs the XOR-and-encrypt step on each input block. While here, avoid a copy to the staging block in the Update routine when one or more full blocks are passed as input to the Update callback. Reviewed by: sef Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D32120 4361c4eb Wed Oct 06 21:08:48 GMT 2021 John Baldwin <jhb@FreeBSD.org> cryptosoft: Fix support for variable tag lengths in AES-CCM. The tag length is included as one of the values in the flags byte of block 0 passed to CBC_MAC, so merely copying the first N bytes is insufficient. To avoid adding more sideband data to the CBC MAC software context, pull the generation of block 0, the AAD length, and AAD padding out of cbc_mac.c and into cryptosoft.c. This matches how GCM/GMAC are handled where the length block is constructed in cryptosoft.c and passed as an input to the Update callback. As a result, the CBC MAC Update() routine is now much simpler and simply performs the XOR-and-encrypt step on each input block. While here, avoid a copy to the staging block in the Update routine when one or more full blocks are passed as input to the Update callback. Reviewed by: sef Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D32120
/freebsd/sys/dev/cxgbe/crypto/
H A D	t4_crypto.c	4361c4eb Wed Oct 06 21:08:48 GMT 2021 John Baldwin <jhb@FreeBSD.org> cryptosoft: Fix support for variable tag lengths in AES-CCM. The tag length is included as one of the values in the flags byte of block 0 passed to CBC_MAC, so merely copying the first N bytes is insufficient. To avoid adding more sideband data to the CBC MAC software context, pull the generation of block 0, the AAD length, and AAD padding out of cbc_mac.c and into cryptosoft.c. This matches how GCM/GMAC are handled where the length block is constructed in cryptosoft.c and passed as an input to the Update callback. As a result, the CBC MAC Update() routine is now much simpler and simply performs the XOR-and-encrypt step on each input block. While here, avoid a copy to the staging block in the Update routine when one or more full blocks are passed as input to the Update callback. Reviewed by: sef Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D32120 4361c4eb Wed Oct 06 21:08:48 GMT 2021 John Baldwin <jhb@FreeBSD.org> cryptosoft: Fix support for variable tag lengths in AES-CCM. The tag length is included as one of the values in the flags byte of block 0 passed to CBC_MAC, so merely copying the first N bytes is insufficient. To avoid adding more sideband data to the CBC MAC software context, pull the generation of block 0, the AAD length, and AAD padding out of cbc_mac.c and into cryptosoft.c. This matches how GCM/GMAC are handled where the length block is constructed in cryptosoft.c and passed as an input to the Update callback. As a result, the CBC MAC Update() routine is now much simpler and simply performs the XOR-and-encrypt step on each input block. While here, avoid a copy to the staging block in the Update routine when one or more full blocks are passed as input to the Update callback. Reviewed by: sef Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D32120 4361c4eb Wed Oct 06 21:08:48 GMT 2021 John Baldwin <jhb@FreeBSD.org> cryptosoft: Fix support for variable tag lengths in AES-CCM. The tag length is included as one of the values in the flags byte of block 0 passed to CBC_MAC, so merely copying the first N bytes is insufficient. To avoid adding more sideband data to the CBC MAC software context, pull the generation of block 0, the AAD length, and AAD padding out of cbc_mac.c and into cryptosoft.c. This matches how GCM/GMAC are handled where the length block is constructed in cryptosoft.c and passed as an input to the Update callback. As a result, the CBC MAC Update() routine is now much simpler and simply performs the XOR-and-encrypt step on each input block. While here, avoid a copy to the staging block in the Update routine when one or more full blocks are passed as input to the Update callback. Reviewed by: sef Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D32120 4361c4eb Wed Oct 06 21:08:48 GMT 2021 John Baldwin <jhb@FreeBSD.org> cryptosoft: Fix support for variable tag lengths in AES-CCM. The tag length is included as one of the values in the flags byte of block 0 passed to CBC_MAC, so merely copying the first N bytes is insufficient. To avoid adding more sideband data to the CBC MAC software context, pull the generation of block 0, the AAD length, and AAD padding out of cbc_mac.c and into cryptosoft.c. This matches how GCM/GMAC are handled where the length block is constructed in cryptosoft.c and passed as an input to the Update callback. As a result, the CBC MAC Update() routine is now much simpler and simply performs the XOR-and-encrypt step on each input block. While here, avoid a copy to the staging block in the Update routine when one or more full blocks are passed as input to the Update callback. Reviewed by: sef Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D32120 4361c4eb Wed Oct 06 21:08:48 GMT 2021 John Baldwin <jhb@FreeBSD.org> cryptosoft: Fix support for variable tag lengths in AES-CCM. The tag length is included as one of the values in the flags byte of block 0 passed to CBC_MAC, so merely copying the first N bytes is insufficient. To avoid adding more sideband data to the CBC MAC software context, pull the generation of block 0, the AAD length, and AAD padding out of cbc_mac.c and into cryptosoft.c. This matches how GCM/GMAC are handled where the length block is constructed in cryptosoft.c and passed as an input to the Update callback. As a result, the CBC MAC Update() routine is now much simpler and simply performs the XOR-and-encrypt step on each input block. While here, avoid a copy to the staging block in the Update routine when one or more full blocks are passed as input to the Update callback. Reviewed by: sef Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D32120 4361c4eb Wed Oct 06 21:08:48 GMT 2021 John Baldwin <jhb@FreeBSD.org> cryptosoft: Fix support for variable tag lengths in AES-CCM. The tag length is included as one of the values in the flags byte of block 0 passed to CBC_MAC, so merely copying the first N bytes is insufficient. To avoid adding more sideband data to the CBC MAC software context, pull the generation of block 0, the AAD length, and AAD padding out of cbc_mac.c and into cryptosoft.c. This matches how GCM/GMAC are handled where the length block is constructed in cryptosoft.c and passed as an input to the Update callback. As a result, the CBC MAC Update() routine is now much simpler and simply performs the XOR-and-encrypt step on each input block. While here, avoid a copy to the staging block in the Update routine when one or more full blocks are passed as input to the Update callback. Reviewed by: sef Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D32120 4361c4eb Wed Oct 06 21:08:48 GMT 2021 John Baldwin <jhb@FreeBSD.org> cryptosoft: Fix support for variable tag lengths in AES-CCM. The tag length is included as one of the values in the flags byte of block 0 passed to CBC_MAC, so merely copying the first N bytes is insufficient. To avoid adding more sideband data to the CBC MAC software context, pull the generation of block 0, the AAD length, and AAD padding out of cbc_mac.c and into cryptosoft.c. This matches how GCM/GMAC are handled where the length block is constructed in cryptosoft.c and passed as an input to the Update callback. As a result, the CBC MAC Update() routine is now much simpler and simply performs the XOR-and-encrypt step on each input block. While here, avoid a copy to the staging block in the Update routine when one or more full blocks are passed as input to the Update callback. Reviewed by: sef Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D32120