Generate IVs directly in esp_output.

This is the only place that uses CRYPTO_F_IV_GENERATE. All crypto drivers currently duplicate the same boilerplate code to handle this case. Doing the generation directly removes complexity from drivers. It also simplifies support for separate input and output buffers. Reviewed by: cem Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D24449
svn path=/head/; revision=360135
2020-04-20 22:20:26 +00:00 · 2020-04-20 22:20:26 +00:00 · 8cbde41419 · 2020-12-20 02:59:44 +00:00
commit 8cbde41419
parent 5c94a87341
1 changed files with 4 additions and 4 deletions
--- a/sys/netipsec/xform_esp.c
+++ b/sys/netipsec/xform_esp.c
@ -813,10 +813,9 @@ esp_output(struct mbuf *m, struct secpolicy *sp, struct secasvar *sav,
 	crp->crp_payload_length = m->m_pkthdr.len - (skip + hlen + alen);
 	crp->crp_op = CRYPTO_OP_ENCRYPT;

-	/* Encryption operation. */
+	/* Generate IV / nonce. */
+	ivp = &crp->crp_iv[0];
 	if (SAV_ISCTRORGCM(sav)) {
-		ivp = &crp->crp_iv[0];
-
 		/* GCM IV Format: RFC4106 4 */
 		/* CTR IV Format: RFC3686 4 */
 		/* Salt is last four bytes of key, RFC4106 8.1 */
@ -833,8 +832,9 @@ esp_output(struct mbuf *m, struct secpolicy *sp, struct secasvar *sav,
 		m_copyback(m, skip + hlen - sav->ivlen, sav->ivlen, &ivp[4]);
 		crp->crp_flags |= CRYPTO_F_IV_SEPARATE;
 	} else if (sav->ivlen != 0) {
+		arc4rand(ivp, sav->ivlen, 0);
 		crp->crp_iv_start = skip + hlen - sav->ivlen;
-		crp->crp_flags |= CRYPTO_F_IV_GENERATE;
+		m_copyback(m, crp->crp_iv_start, sav->ivlen, ivp);
 	}

 	/* Callback parameters */