Date: Mon, 20 Apr 2020 22:24:50 +0000 (UTC) From: John Baldwin <jhb@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r360136 - in head: share/man/man9 sys/crypto/aesni sys/crypto/armv8 sys/crypto/ccp sys/crypto/via sys/dev/cesa sys/dev/cxgbe/crypto sys/dev/glxsb sys/dev/hifn sys/dev/safe sys/dev/sec s... Message-ID: <202004202224.03KMOosL003616@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: jhb Date: Mon Apr 20 22:24:49 2020 New Revision: 360136 URL: https://svnweb.freebsd.org/changeset/base/360136 Log: Retire the CRYPTO_F_IV_GENERATE flag. The sole in-tree user of this flag has been retired, so remove this complexity from all drivers. While here, add a helper routine drivers can use to read the current request's IV into a local buffer. Use this routine to replace duplicated code in nearly all drivers. Reviewed by: cem Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D24450 Modified: head/share/man/man9/Makefile head/share/man/man9/crypto_driver.9 head/share/man/man9/crypto_request.9 head/sys/crypto/aesni/aesni.c head/sys/crypto/armv8/armv8_crypto.c head/sys/crypto/ccp/ccp_hardware.c head/sys/crypto/via/padlock_cipher.c head/sys/dev/cesa/cesa.c head/sys/dev/cxgbe/crypto/t4_crypto.c head/sys/dev/glxsb/glxsb.c head/sys/dev/hifn/hifn7751.c head/sys/dev/safe/safe.c head/sys/dev/sec/sec.c head/sys/dev/ubsec/ubsec.c head/sys/mips/cavium/cryptocteon/cryptocteon.c head/sys/mips/nlm/dev/sec/nlmsec.c head/sys/opencrypto/crypto.c head/sys/opencrypto/cryptodev.h head/sys/opencrypto/cryptosoft.c Modified: head/share/man/man9/Makefile ============================================================================== --- head/share/man/man9/Makefile Mon Apr 20 22:20:26 2020 (r360135) +++ head/share/man/man9/Makefile Mon Apr 20 22:24:49 2020 (r360136) @@ -904,6 +904,7 @@ MLINKS+=crypto_driver.9 crypto_apply.9 \ crypto_driver.9 crypto_done.9 \ crypto_driver.9 crypto_get_driverid.9 \ crypto_driver.9 crypto_get_driver_session.9 \ + crypto_driver.9 crypto_read_iv.9 \ crypto_driver.9 crypto_unblock.9 \ crypto_driver.9 crypto_unregister_all.9 \ crypto_driver.9 CRYPTODEV_FREESESSION.9 \ Modified: head/share/man/man9/crypto_driver.9 ============================================================================== --- head/share/man/man9/crypto_driver.9 Mon Apr 20 22:20:26 2020 (r360135) +++ head/share/man/man9/crypto_driver.9 Mon Apr 20 22:24:49 2020 (r360136) @@ -30,7 +30,7 @@ .\" .\" $FreeBSD$ .\" -.Dd March 27, 2020 +.Dd April 20, 2020 .Dt CRYPTO_DRIVER 9 .Os .Sh NAME @@ -62,6 +62,8 @@ .Fn crypto_get_driverid "device_t dev" "size_t session_size" "int flags" .Ft void * .Fn crypto_get_driver_session "crypto_session_t crypto_session" +.Ft void +.Fn crypto_read_iv "struct cryptop *crp" "void *iv" .Ft int .Fn crypto_unblock "uint32_t driverid" "int what" .Ft int @@ -260,6 +262,12 @@ into the data buffer for The bytes are written starting at an offset of .Fa off bytes in the request's data buffer. +.Pp +.Fn crypto_read_iv +copies the IV or nonce for +.Fa crp +into the the local buffer pointed to by +.Fa iv . .Pp A driver calls .Fn crypto_done Modified: head/share/man/man9/crypto_request.9 ============================================================================== --- head/share/man/man9/crypto_request.9 Mon Apr 20 22:20:26 2020 (r360135) +++ head/share/man/man9/crypto_request.9 Mon Apr 20 22:24:49 2020 (r360136) @@ -30,7 +30,7 @@ .\" .\" $FreeBSD$ .\" -.Dd March 27, 2020 +.Dd April 20, 2020 .Dt CRYPTO_REQUEST 9 .Os .Sh NAME @@ -225,16 +225,6 @@ should be set in and .Fa crp_digest_start should be left as zero. -.Pp -An encryption request using an IV stored in the IV region may set -.Dv CRYPTO_F_IV_GENERATE -in -.Fa crp_flags -to request that the driver generate a random IV. -Note that -.Dv CRYPTO_F_IV_GENERATE -cannot be used with decryption operations or in combination with -.Dv CRYPTO_F_IV_SEPARATE . .Pp Requests that store part, but not all, of the IV in the data buffer should store the partial IV in the data buffer and pass the full IV separately in Modified: head/sys/crypto/aesni/aesni.c ============================================================================== --- head/sys/crypto/aesni/aesni.c Mon Apr 20 22:20:26 2020 (r360135) +++ head/sys/crypto/aesni/aesni.c Mon Apr 20 22:24:49 2020 (r360136) @@ -704,14 +704,7 @@ aesni_cipher_crypt(struct aesni_session *ses, struct c aesni_cipher_setup_common(ses, csp, crp->crp_cipher_key, csp->csp_cipher_klen); - /* Setup iv */ - if (crp->crp_flags & CRYPTO_F_IV_GENERATE) { - arc4rand(iv, csp->csp_ivlen, 0); - crypto_copyback(crp, crp->crp_iv_start, csp->csp_ivlen, iv); - } else if (crp->crp_flags & CRYPTO_F_IV_SEPARATE) - memcpy(iv, crp->crp_iv, csp->csp_ivlen); - else - crypto_copydata(crp, crp->crp_iv_start, csp->csp_ivlen, iv); + crypto_read_iv(crp, iv); switch (csp->csp_cipher_alg) { case CRYPTO_AES_CBC: Modified: head/sys/crypto/armv8/armv8_crypto.c ============================================================================== --- head/sys/crypto/armv8/armv8_crypto.c Mon Apr 20 22:20:26 2020 (r360135) +++ head/sys/crypto/armv8/armv8_crypto.c Mon Apr 20 22:24:49 2020 (r360136) @@ -335,14 +335,7 @@ armv8_crypto_cipher_process(struct armv8_crypto_sessio panic("armv8: new cipher key"); } - /* Setup iv */ - if (crp->crp_flags & CRYPTO_F_IV_GENERATE) { - arc4rand(iv, csp->csp_ivlen, 0); - crypto_copyback(crp, crp->crp_iv_start, csp->csp_ivlen, iv); - } else if (crp->crp_flags & CRYPTO_F_IV_SEPARATE) - memcpy(iv, crp->crp_iv, csp->csp_ivlen); - else - crypto_copydata(crp, crp->crp_iv_start, csp->csp_ivlen, iv); + crypto_read_iv(crp, iv); /* Do work */ switch (csp->csp_cipher_alg) { Modified: head/sys/crypto/ccp/ccp_hardware.c ============================================================================== --- head/sys/crypto/ccp/ccp_hardware.c Mon Apr 20 22:20:26 2020 (r360135) +++ head/sys/crypto/ccp/ccp_hardware.c Mon Apr 20 22:24:49 2020 (r360136) @@ -1353,13 +1353,7 @@ ccp_collect_iv(struct cryptop *crp, const struct crypt char *iv) { - if (crp->crp_flags & CRYPTO_F_IV_GENERATE) { - arc4rand(iv, csp->csp_ivlen, 0); - crypto_copyback(crp, crp->crp_iv_start, csp->csp_ivlen, iv); - } else if (crp->crp_flags & CRYPTO_F_IV_SEPARATE) - memcpy(iv, crp->crp_iv, csp->csp_ivlen); - else - crypto_copydata(crp, crp->crp_iv_start, csp->csp_ivlen, iv); + crypto_read_iv(crp, iv); /* * If the input IV is 12 bytes, append an explicit counter of 1. Modified: head/sys/crypto/via/padlock_cipher.c ============================================================================== --- head/sys/crypto/via/padlock_cipher.c Mon Apr 20 22:20:26 2020 (r360135) +++ head/sys/crypto/via/padlock_cipher.c Mon Apr 20 22:24:49 2020 (r360136) @@ -209,13 +209,7 @@ padlock_cipher_process(struct padlock_session *ses, st cw->cw_filler2 = 0; cw->cw_filler3 = 0; - if (crp->crp_flags & CRYPTO_F_IV_GENERATE) { - arc4rand(iv, AES_BLOCK_LEN, 0); - crypto_copyback(crp, crp->crp_iv_start, AES_BLOCK_LEN, iv); - } else if (crp->crp_flags & CRYPTO_F_IV_SEPARATE) - memcpy(iv, crp->crp_iv, AES_BLOCK_LEN); - else - crypto_copydata(crp, crp->crp_iv_start, AES_BLOCK_LEN, iv); + crypto_read_iv(crp, iv); if (CRYPTO_OP_IS_ENCRYPT(crp->crp_op)) { cw->cw_direction = PADLOCK_DIRECTION_ENCRYPT; Modified: head/sys/dev/cesa/cesa.c ============================================================================== --- head/sys/dev/cesa/cesa.c Mon Apr 20 22:20:26 2020 (r360135) +++ head/sys/dev/cesa/cesa.c Mon Apr 20 22:24:49 2020 (r360136) @@ -1791,17 +1791,8 @@ cesa_process(device_t dev, struct cryptop *crp, int hi CESA_LOCK(sc, sessions); cesa_sync_desc(sc, BUS_DMASYNC_POSTREAD | BUS_DMASYNC_POSTWRITE); - if (csp->csp_cipher_alg != 0) { - if (crp->crp_flags & CRYPTO_F_IV_GENERATE) { - arc4rand(cr->cr_csd->csd_iv, csp->csp_ivlen, 0); - crypto_copyback(crp, crp->crp_iv_start, csp->csp_ivlen, - cr->cr_csd->csd_iv); - } else if (crp->crp_flags & CRYPTO_F_IV_SEPARATE) - memcpy(cr->cr_csd->csd_iv, crp->crp_iv, csp->csp_ivlen); - else - crypto_copydata(crp, crp->crp_iv_start, csp->csp_ivlen, - cr->cr_csd->csd_iv); - } + if (csp->csp_cipher_alg != 0) + crypto_read_iv(crp, cr->cr_csd->csd_iv); if (crp->crp_cipher_key != NULL) { memcpy(cs->cs_key, crp->crp_cipher_key, Modified: head/sys/dev/cxgbe/crypto/t4_crypto.c ============================================================================== --- head/sys/dev/cxgbe/crypto/t4_crypto.c Mon Apr 20 22:20:26 2020 (r360135) +++ head/sys/dev/cxgbe/crypto/t4_crypto.c Mon Apr 20 22:24:49 2020 (r360136) @@ -665,19 +665,7 @@ ccr_blkcipher(struct ccr_softc *sc, struct ccr_session crwr = wrtod(wr); memset(crwr, 0, wr_len); - /* - * Read the existing IV from the request or generate a random - * one if none is provided. - */ - if (crp->crp_flags & CRYPTO_F_IV_GENERATE) { - arc4rand(iv, s->blkcipher.iv_len, 0); - crypto_copyback(crp, crp->crp_iv_start, s->blkcipher.iv_len, - iv); - } else if (crp->crp_flags & CRYPTO_F_IV_SEPARATE) - memcpy(iv, crp->crp_iv, s->blkcipher.iv_len); - else - crypto_copydata(crp, crp->crp_iv_start, s->blkcipher.iv_len, - iv); + crypto_read_iv(crp, iv); /* Zero the remainder of the IV for AES-XTS. */ memset(iv + s->blkcipher.iv_len, 0, iv_len - s->blkcipher.iv_len); @@ -968,19 +956,7 @@ ccr_eta(struct ccr_softc *sc, struct ccr_session *s, s crwr = wrtod(wr); memset(crwr, 0, wr_len); - /* - * Read the existing IV from the request or generate a random - * one if none is provided. - */ - if (crp->crp_flags & CRYPTO_F_IV_GENERATE) { - arc4rand(iv, s->blkcipher.iv_len, 0); - crypto_copyback(crp, crp->crp_iv_start, s->blkcipher.iv_len, - iv); - } else if (crp->crp_flags & CRYPTO_F_IV_SEPARATE) - memcpy(iv, crp->crp_iv, s->blkcipher.iv_len); - else - crypto_copydata(crp, crp->crp_iv_start, s->blkcipher.iv_len, - iv); + crypto_read_iv(crp, iv); /* Zero the remainder of the IV for AES-XTS. */ memset(iv + s->blkcipher.iv_len, 0, iv_len - s->blkcipher.iv_len); Modified: head/sys/dev/glxsb/glxsb.c ============================================================================== --- head/sys/dev/glxsb/glxsb.c Mon Apr 20 22:20:26 2020 (r360135) +++ head/sys/dev/glxsb/glxsb.c Mon Apr 20 22:24:49 2020 (r360136) @@ -659,13 +659,7 @@ glxsb_crypto_encdec(struct cryptop *crp, struct glxsb_ else control = SB_CTL_DEC; - if (crp->crp_flags & CRYPTO_F_IV_GENERATE) { - arc4rand(op_iv, sizeof(op_iv), 0); - crypto_copyback(crp, crp->crp_iv_start, sizeof(op_iv), op_iv); - } else if (crp->crp_flags & CRYPTO_F_IV_SEPARATE) - memcpy(op_iv, crp->crp_iv, sizeof(op_iv)); - else - crypto_copydata(crp, crp->crp_iv_start, sizeof(op_iv), op_iv); + crypto_read_iv(crp, op_iv); offset = 0; tlen = crp->crp_payload_length; Modified: head/sys/dev/hifn/hifn7751.c ============================================================================== --- head/sys/dev/hifn/hifn7751.c Mon Apr 20 22:20:26 2020 (r360135) +++ head/sys/dev/hifn/hifn7751.c Mon Apr 20 22:24:49 2020 (r360136) @@ -2431,7 +2431,7 @@ hifn_process(device_t dev, struct cryptop *crp, int hi struct hifn_softc *sc = device_get_softc(dev); struct hifn_command *cmd = NULL; const void *mackey; - int err, ivlen, keylen; + int err, keylen; struct hifn_session *ses; ses = crypto_get_driver_session(crp->crp_session); @@ -2485,18 +2485,8 @@ hifn_process(device_t dev, struct cryptop *crp, int hi err = EINVAL; goto errout; } - if (csp->csp_cipher_alg != CRYPTO_ARC4) { - ivlen = csp->csp_ivlen; - if (crp->crp_flags & CRYPTO_F_IV_GENERATE) { - arc4rand(cmd->iv, ivlen, 0); - crypto_copyback(crp, crp->crp_iv_start, ivlen, - cmd->iv); - } else if (crp->crp_flags & CRYPTO_F_IV_SEPARATE) - memcpy(cmd->iv, crp->crp_iv, ivlen); - else - crypto_copydata(crp, crp->crp_iv_start, ivlen, - cmd->iv); - } + if (csp->csp_cipher_alg != CRYPTO_ARC4) + crypto_read_iv(crp, cmd->iv); if (crp->crp_cipher_key != NULL) cmd->ck = crp->crp_cipher_key; Modified: head/sys/dev/safe/safe.c ============================================================================== --- head/sys/dev/safe/safe.c Mon Apr 20 22:20:26 2020 (r360135) +++ head/sys/dev/safe/safe.c Mon Apr 20 22:24:49 2020 (r360136) @@ -894,16 +894,7 @@ safe_process(device_t dev, struct cryptop *crp, int hi * in the state record and set the hash/crypt offset to * copy both the header+IV. */ - if (crp->crp_flags & CRYPTO_F_IV_GENERATE) { - arc4rand(re->re_sastate.sa_saved_iv, csp->csp_ivlen, 0); - crypto_copyback(crp, crp->crp_iv_start, csp->csp_ivlen, - re->re_sastate.sa_saved_iv); - } else if (crp->crp_flags & CRYPTO_F_IV_SEPARATE) - memcpy(re->re_sastate.sa_saved_iv, crp->crp_iv, - csp->csp_ivlen); - else - crypto_copydata(crp, crp->crp_iv_start, csp->csp_ivlen, - re->re_sastate.sa_saved_iv); + crypto_read_iv(crp, re->re_sastate.sa_saved_iv); cmd0 |= SAFE_SA_CMD0_IVLD_STATE; if (CRYPTO_OP_IS_ENCRYPT(crp->crp_op)) { Modified: head/sys/dev/sec/sec.c ============================================================================== --- head/sys/dev/sec/sec.c Mon Apr 20 22:20:26 2020 (r360135) +++ head/sys/dev/sec/sec.c Mon Apr 20 22:24:49 2020 (r360136) @@ -1285,18 +1285,8 @@ sec_process(device_t dev, struct cryptop *crp, int hin desc->sd_error = 0; desc->sd_crp = crp; - if (csp->csp_cipher_alg != 0) { - if (crp->crp_flags & CRYPTO_F_IV_GENERATE) { - arc4rand(desc->sd_desc->shd_iv, csp->csp_ivlen, 0); - crypto_copyback(crp, crp->crp_iv_start, csp->csp_ivlen, - desc->sd_desc->shd_iv); - } else if (crp->crp_flags & CRYPTO_F_IV_SEPARATE) - memcpy(desc->sd_desc->shd_iv, crp->crp_iv, - csp->csp_ivlen); - else - crypto_copydata(crp, crp->crp_iv_start, csp->csp_ivlen, - desc->sd_desc->shd_iv); - } + if (csp->csp_cipher_alg != 0) + crypto_read_iv(crp, desc->sd_desc->shd_iv); if (crp->crp_cipher_key != NULL) memcpy(ses->ss_key, crp->crp_cipher_key, csp->csp_cipher_klen); Modified: head/sys/dev/ubsec/ubsec.c ============================================================================== --- head/sys/dev/ubsec/ubsec.c Mon Apr 20 22:20:26 2020 (r360135) +++ head/sys/dev/ubsec/ubsec.c Mon Apr 20 22:24:49 2020 (r360136) @@ -1043,15 +1043,7 @@ ubsec_process(device_t dev, struct cryptop *crp, int h ctx.pc_flags |= htole16(UBS_PKTCTX_ENC_3DES); - if (crp->crp_flags & CRYPTO_F_IV_GENERATE) { - arc4rand(ctx.pc_iv, csp->csp_ivlen, 0); - crypto_copyback(crp, crp->crp_iv_start, - csp->csp_ivlen, ctx.pc_iv); - } else if (crp->crp_flags & CRYPTO_F_IV_SEPARATE) - memcpy(ctx.pc_iv, crp->crp_iv, csp->csp_ivlen); - else - crypto_copydata(crp, crp->crp_iv_start, csp->csp_ivlen, - ctx.pc_iv); + crypto_read_iv(crp, ctx.pc_iv); if (!CRYPTO_OP_IS_ENCRYPT(crp->crp_op)) { ctx.pc_flags |= htole16(UBS_PKTCTX_INBOUND); Modified: head/sys/mips/cavium/cryptocteon/cryptocteon.c ============================================================================== --- head/sys/mips/cavium/cryptocteon/cryptocteon.c Mon Apr 20 22:20:26 2020 (r360135) +++ head/sys/mips/cavium/cryptocteon/cryptocteon.c Mon Apr 20 22:24:49 2020 (r360136) @@ -365,12 +365,7 @@ cryptocteon_process(device_t dev, struct cryptop *crp, } if (csp->csp_cipher_alg != 0) { - if (crp->crp_flags & CRYPTO_F_IV_GENERATE) { - arc4rand(iv_data, csp->csp_ivlen, 0); - crypto_copyback(crp, crp->crp_iv_start, csp->csp_ivlen, - iv_data); - ivp = iv_data; - } else if (crp->crp_flags & CRYPTO_F_IV_SEPARATE) + if (crp->crp_flags & CRYPTO_F_IV_SEPARATE) ivp = crp->crp_iv; else { crypto_copydata(crp, crp->crp_iv_start, csp->csp_ivlen, Modified: head/sys/mips/nlm/dev/sec/nlmsec.c ============================================================================== --- head/sys/mips/nlm/dev/sec/nlmsec.c Mon Apr 20 22:20:26 2020 (r360135) +++ head/sys/mips/nlm/dev/sec/nlmsec.c Mon Apr 20 22:24:49 2020 (r360136) @@ -470,11 +470,7 @@ xlp_copyiv(struct xlp_sec_softc *sc, struct xlp_sec_co crp = cmd->crp; if (csp->csp_cipher_alg != CRYPTO_ARC4) { - if (crp->crp_flags & CRYPTO_F_IV_GENERATE) { - arc4rand(cmd->iv, csp->csp_ivlen, 0); - crypto_copyback(crp, crp->crp_iv_start, csp->csp_ivlen, - cmd->iv); - } else if (crp->crp_flags & CRYPTO_F_IV_SEPARATE) + if (crp->crp_flags & CRYPTO_F_IV_SEPARATE) memcpy(cmd->iv, crp->crp_iv, csp->csp_ivlen); } } Modified: head/sys/opencrypto/crypto.c ============================================================================== --- head/sys/opencrypto/crypto.c Mon Apr 20 22:20:26 2020 (r360135) +++ head/sys/opencrypto/crypto.c Mon Apr 20 22:24:49 2020 (r360136) @@ -1280,14 +1280,6 @@ crp_sanity(struct cryptop *crp) ("invalid ETA op %x", crp->crp_op)); break; } - KASSERT((crp->crp_flags & CRYPTO_F_IV_GENERATE) == 0 || - crp->crp_op == CRYPTO_OP_ENCRYPT || - crp->crp_op == (CRYPTO_OP_ENCRYPT | CRYPTO_OP_COMPUTE_DIGEST), - ("IV_GENERATE set for non-encryption operation %x", crp->crp_op)); - KASSERT((crp->crp_flags & - (CRYPTO_F_IV_SEPARATE | CRYPTO_F_IV_GENERATE)) != - (CRYPTO_F_IV_SEPARATE | CRYPTO_F_IV_GENERATE), - ("crp with both IV_SEPARATE and IV_GENERATE set")); KASSERT(crp->crp_buf_type >= CRYPTO_BUF_CONTIG && crp->crp_buf_type <= CRYPTO_BUF_MBUF, ("invalid crp buffer type %d", crp->crp_buf_type)); @@ -1305,9 +1297,8 @@ crp_sanity(struct cryptop *crp) ("AAD region in request not supporting AAD")); } if (csp->csp_ivlen == 0) { - KASSERT((crp->crp_flags & - (CRYPTO_F_IV_SEPARATE | CRYPTO_F_IV_GENERATE)) == 0, - ("IV_GENERATE or IV_SEPARATE set when IV isn't used")); + KASSERT((crp->crp_flags & CRYPTO_F_IV_SEPARATE) == 0, + ("IV_SEPARATE set when IV isn't used")); KASSERT(crp->crp_iv_start == 0, ("crp_iv_start set when IV isn't used")); } else if (crp->crp_flags & CRYPTO_F_IV_SEPARATE) { @@ -1360,8 +1351,6 @@ crypto_dispatch(struct cryptop *crp) #ifdef INVARIANTS crp_sanity(crp); #endif - - /* TODO: Handle CRYPTO_F_IV_GENERATE so drivers don't have to. */ cryptostats.cs_ops++; Modified: head/sys/opencrypto/cryptodev.h ============================================================================== --- head/sys/opencrypto/cryptodev.h Mon Apr 20 22:20:26 2020 (r360135) +++ head/sys/opencrypto/cryptodev.h Mon Apr 20 22:24:49 2020 (r360136) @@ -454,7 +454,6 @@ struct cryptop { * if CRYPTO_F_ASYNC flags is set */ #define CRYPTO_F_IV_SEPARATE 0x0200 /* Use crp_iv[] as IV. */ -#define CRYPTO_F_IV_GENERATE 0x0400 /* Generate a random IV and store. */ int crp_op; @@ -610,6 +609,18 @@ int crypto_apply(struct cryptop *crp, int off, int len int (*f)(void *, void *, u_int), void *arg); void *crypto_contiguous_subsegment(struct cryptop *crp, size_t skip, size_t len); + +static __inline void +crypto_read_iv(struct cryptop *crp, void *iv) +{ + const struct crypto_session_params *csp; + + csp = crypto_get_params(crp->crp_session); + if (crp->crp_flags & CRYPTO_F_IV_SEPARATE) + memcpy(iv, crp->crp_iv, csp->csp_ivlen); + else + crypto_copydata(crp, crp->crp_iv_start, csp->csp_ivlen, iv); +} #endif /* _KERNEL */ #endif /* _CRYPTO_CRYPTO_H_ */ Modified: head/sys/opencrypto/cryptosoft.c ============================================================================== --- head/sys/opencrypto/cryptosoft.c Mon Apr 20 22:20:26 2020 (r360135) +++ head/sys/opencrypto/cryptosoft.c Mon Apr 20 22:24:49 2020 (r360136) @@ -133,14 +133,7 @@ swcr_encdec(struct swcr_session *ses, struct cryptop * (crp->crp_flags & CRYPTO_F_IV_SEPARATE) == 0) return (EINVAL); - /* IV explicitly provided ? */ - if (crp->crp_flags & CRYPTO_F_IV_SEPARATE) - bcopy(crp->crp_iv, iv, ivlen); - else if (crp->crp_flags & CRYPTO_F_IV_GENERATE) { - arc4rand(iv, ivlen, 0); - crypto_copyback(crp, crp->crp_iv_start, ivlen, iv); - } else - crypto_copydata(crp, crp->crp_iv_start, ivlen, iv); + crypto_read_iv(crp, iv); if (crp->crp_cipher_key != NULL) { if (sw->sw_kschedule) @@ -510,15 +503,9 @@ swcr_gmac(struct swcr_session *ses, struct cryptop *cr bcopy(swa->sw_ictx, &ctx, axf->ctxsize); blksz = axf->blocksize; - if (crp->crp_flags & CRYPTO_F_IV_GENERATE) - return (EINVAL); - /* Initialize the IV */ ivlen = AES_GCM_IV_LEN; - if (crp->crp_flags & CRYPTO_F_IV_SEPARATE) - bcopy(crp->crp_iv, iv, ivlen); - else - crypto_copydata(crp, crp->crp_iv_start, ivlen, iv); + crypto_read_iv(crp, iv); axf->Reinit(&ctx, iv, ivlen); for (i = 0; i < crp->crp_payload_length; i += blksz) { @@ -669,15 +656,9 @@ swcr_ccm_cbc_mac(struct swcr_session *ses, struct cryp bcopy(swa->sw_ictx, &ctx, axf->ctxsize); blksz = axf->blocksize; - if (crp->crp_flags & CRYPTO_F_IV_GENERATE) - return (EINVAL); - /* Initialize the IV */ ivlen = AES_CCM_IV_LEN; - if (crp->crp_flags & CRYPTO_F_IV_SEPARATE) - bcopy(crp->crp_iv, iv, ivlen); - else - crypto_copydata(crp, crp->crp_iv_start, ivlen, iv); + crypto_read_iv(crp, iv); /* * AES CCM-CBC-MAC needs to know the length of both the auth
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202004202224.03KMOosL003616>