Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 20 Apr 2020 22:20:26 +0000 (UTC)
From:      John Baldwin <jhb@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r360135 - head/sys/netipsec
Message-ID:  <202004202220.03KMKQAB097456@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: jhb
Date: Mon Apr 20 22:20:26 2020
New Revision: 360135
URL: https://svnweb.freebsd.org/changeset/base/360135

Log:
  Generate IVs directly in esp_output.
  
  This is the only place that uses CRYPTO_F_IV_GENERATE.  All crypto
  drivers currently duplicate the same boilerplate code to handle this
  case.  Doing the generation directly removes complexity from drivers.
  It also simplifies support for separate input and output buffers.
  
  Reviewed by:	cem
  Sponsored by:	Netflix
  Differential Revision:	https://reviews.freebsd.org/D24449

Modified:
  head/sys/netipsec/xform_esp.c

Modified: head/sys/netipsec/xform_esp.c
==============================================================================
--- head/sys/netipsec/xform_esp.c	Mon Apr 20 19:16:10 2020	(r360134)
+++ head/sys/netipsec/xform_esp.c	Mon Apr 20 22:20:26 2020	(r360135)
@@ -813,10 +813,9 @@ esp_output(struct mbuf *m, struct secpolicy *sp, struc
 	crp->crp_payload_length = m->m_pkthdr.len - (skip + hlen + alen);
 	crp->crp_op = CRYPTO_OP_ENCRYPT;
 
-	/* Encryption operation. */
+	/* Generate IV / nonce. */
+	ivp = &crp->crp_iv[0];
 	if (SAV_ISCTRORGCM(sav)) {
-		ivp = &crp->crp_iv[0];
-
 		/* GCM IV Format: RFC4106 4 */
 		/* CTR IV Format: RFC3686 4 */
 		/* Salt is last four bytes of key, RFC4106 8.1 */
@@ -833,8 +832,9 @@ esp_output(struct mbuf *m, struct secpolicy *sp, struc
 		m_copyback(m, skip + hlen - sav->ivlen, sav->ivlen, &ivp[4]);
 		crp->crp_flags |= CRYPTO_F_IV_SEPARATE;
 	} else if (sav->ivlen != 0) {
+		arc4rand(ivp, sav->ivlen, 0);
 		crp->crp_iv_start = skip + hlen - sav->ivlen;
-		crp->crp_flags |= CRYPTO_F_IV_GENERATE;
+		m_copyback(m, crp->crp_iv_start, sav->ivlen, ivp);
 	}
 
 	/* Callback parameters */

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202004202220.03KMKQAB097456>