From 663ae8f7f949b4d4fc0c91d8e9b2a01f56e40dc5 Mon Sep 17 00:00:00 2001 From: John Baldwin Date: Fri, 22 Apr 2022 15:52:27 -0700 Subject: [PATCH] KTLS: Construct IV directly in crp.crp_iv for TLS 1.3 AEAD encryption. Previously this used a temporary nonce[] buffer. The decrypt hook for TLS 1.3 as well as the hooks for TLS 1.2 already constructed the IV directly in crp.crp_iv. Reviewed by: hselasky Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D35027 --- sys/opencrypto/ktls_ocf.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/sys/opencrypto/ktls_ocf.c b/sys/opencrypto/ktls_ocf.c index 575a91f9fe3f..3b330bf7061c 100644 --- a/sys/opencrypto/ktls_ocf.c +++ b/sys/opencrypto/ktls_ocf.c @@ -564,7 +564,6 @@ ktls_ocf_tls13_aead_encrypt(struct ktls_ocf_encrypt_state *state, struct tls_aead_data_13 *ad; struct cryptop *crp; struct ktls_ocf_session *os; - char nonce[12]; int error; os = tls->ocf_session; @@ -575,8 +574,8 @@ ktls_ocf_tls13_aead_encrypt(struct ktls_ocf_encrypt_state *state, crypto_initreq(crp, os->sid); /* Setup the nonce. */ - memcpy(nonce, tls->params.iv, tls->params.iv_len); - *(uint64_t *)(nonce + 4) ^= htobe64(m->m_epg_seqno); + memcpy(crp->crp_iv, tls->params.iv, tls->params.iv_len); + *(uint64_t *)(crp->crp_iv + 4) ^= htobe64(m->m_epg_seqno); /* Setup the AAD. */ ad = &state->aead13; @@ -614,8 +613,6 @@ ktls_ocf_tls13_aead_encrypt(struct ktls_ocf_encrypt_state *state, crp->crp_op = CRYPTO_OP_ENCRYPT | CRYPTO_OP_COMPUTE_DIGEST; crp->crp_flags = CRYPTO_F_CBIMM | CRYPTO_F_IV_SEPARATE; - memcpy(crp->crp_iv, nonce, sizeof(nonce)); - if (tls->params.cipher_algorithm == CRYPTO_AES_NIST_GCM_16) counter_u64_add(ocf_tls13_gcm_encrypts, 1); else