Fix streaming additional authenticated data.
-
Nettle allows streaming of additional authenticated data (AAD), but some AEAD modes require that all but the last chunk of AAD must be the size of the ciphers block size, or a multiple thereof.
-
Previously, EAX and OCB would mis-compute the message digest.
-
Previously, GCM would assert the above requirement, and abort(2) otherwise.
-
Fix streaming AAD to the affected modes by buffering up to a block size of AAD.
-
CCM and ChaChaPoly1305 were not affected.
-
Add smoke tests streaming AAD to the modes using randomized chunk sizes.