GMAC_BLOCK_LEN
uint8_t blk[GMAC_BLOCK_LEN];
for (i = 0; i < aadlen; i += GMAC_BLOCK_LEN) {
memset(blk, 0, GMAC_BLOCK_LEN);
memcpy(blk, aad + i, MINIMUM(aadlen - i, GMAC_BLOCK_LEN));
AES_GMAC_Update(&ctx, blk, GMAC_BLOCK_LEN);
for (i = 0; i < len; i += GMAC_BLOCK_LEN) {
int dlen = MINIMUM(len - i, GMAC_BLOCK_LEN);
rlen = roundup(aadlen, GMAC_BLOCK_LEN);
bzero(tag, GMAC_BLOCK_LEN);
aesni_gmac_update(ses->ses_ghash, tag, GMAC_BLOCK_LEN);
memcpy(crp->crp_mac, tag, GMAC_BLOCK_LEN);
bzero(ses->ses_ghash->S, GMAC_BLOCK_LEN);
bzero(ses->ses_ghash->Z, GMAC_BLOCK_LEN);
uint64_t tag[ndwords(GMAC_BLOCK_LEN)];
octcrypto_ghash_update(buf, roundup(aadlen, GMAC_BLOCK_LEN));
octcrypto_ghash_update(block, GMAC_BLOCK_LEN);
bzero(ctx->ghash.H, GMAC_BLOCK_LEN);
bzero(ctx->ghash.S, GMAC_BLOCK_LEN);
bzero(ctx->ghash.Z, GMAC_BLOCK_LEN);
bzero(ctx->J, GMAC_BLOCK_LEN);
plen = len % GMAC_BLOCK_LEN;
if (len >= GMAC_BLOCK_LEN)
GMAC_BLOCK_LEN);
uint8_t keystream[GMAC_BLOCK_LEN];
ctx->J[GMAC_BLOCK_LEN - 1] = 1;
for (i = 0; i < GMAC_BLOCK_LEN * 8; i++) {
for (i = 0; i < len / GMAC_BLOCK_LEN; i++) {
bcopy(ctx->S, ctx->Z, GMAC_BLOCK_LEN);
uint8_t H[GMAC_BLOCK_LEN]; /* hash subkey */
uint8_t S[GMAC_BLOCK_LEN]; /* state */
uint8_t Z[GMAC_BLOCK_LEN]; /* initial state */
uint8_t J[GMAC_BLOCK_LEN]; /* counter block */
16+4, GMAC_BLOCK_LEN, GMAC_DIGEST_LEN, sizeof(AES_GMAC_CTX),
24+4, GMAC_BLOCK_LEN, GMAC_DIGEST_LEN, sizeof(AES_GMAC_CTX),
32+4, GMAC_BLOCK_LEN, GMAC_DIGEST_LEN, sizeof(AES_GMAC_CTX),