Use explicitly specified ivsize instead of blocksize when we mean IV size.
Set zero ivsize for enc_xform_null and remove special handling from xform_esp.c. Reviewed by: gnn Differential Revision: https://reviews.freebsd.org/D1503
This commit is contained in:
parent
f169c1bc41
commit
4a54e95cd7
@ -6706,7 +6706,7 @@ key_register(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp)
|
||||
continue;
|
||||
alg = (struct sadb_alg *)(mtod(n, caddr_t) + off);
|
||||
alg->sadb_alg_id = i;
|
||||
alg->sadb_alg_ivlen = ealgo->blocksize;
|
||||
alg->sadb_alg_ivlen = ealgo->ivsize;
|
||||
alg->sadb_alg_minbits = _BITS(ealgo->minkey);
|
||||
alg->sadb_alg_maxbits = _BITS(ealgo->maxkey);
|
||||
off += PFKEY_ALIGN8(sizeof(struct sadb_alg));
|
||||
|
@ -200,16 +200,10 @@ esp_init(struct secasvar *sav, struct xformsw *xsp)
|
||||
return EINVAL;
|
||||
}
|
||||
|
||||
/*
|
||||
* NB: The null xform needs a non-zero blocksize to keep the
|
||||
* crypto code happy but if we use it to set ivlen then
|
||||
* the ESP header will be processed incorrectly. The
|
||||
* compromise is to force it to zero here.
|
||||
*/
|
||||
if (SAV_ISCTRORGCM(sav))
|
||||
sav->ivlen = 8; /* RFC4106 3.1 and RFC3686 3.1 */
|
||||
else
|
||||
sav->ivlen = (txform == &enc_xform_null ? 0 : txform->ivsize);
|
||||
sav->ivlen = txform->ivsize;
|
||||
|
||||
/*
|
||||
* Setup AH-related state.
|
||||
|
@ -154,7 +154,7 @@ MALLOC_DEFINE(M_XDATA, "xform", "xform data buffers");
|
||||
struct enc_xform enc_xform_null = {
|
||||
CRYPTO_NULL_CBC, "NULL",
|
||||
/* NB: blocksize of 4 is to generate a properly aligned ESP header */
|
||||
NULL_BLOCK_LEN, NULL_BLOCK_LEN, NULL_MIN_KEY, NULL_MAX_KEY,
|
||||
NULL_BLOCK_LEN, 0, NULL_MIN_KEY, NULL_MAX_KEY,
|
||||
null_encrypt,
|
||||
null_decrypt,
|
||||
null_setkey,
|
||||
|
Loading…
Reference in New Issue
Block a user