summaryrefslogtreecommitdiffstats
path: root/src/plugins/crypto_openssl
diff options
context:
space:
mode:
authorBenoît Ganne <bganne@cisco.com>2022-01-19 10:09:42 +0100
committerDamjan Marion <dmarion@0xa5.net>2023-03-06 17:15:24 +0000
commit063549f9605c018618670ecb6c5bbbdbedd62c04 (patch)
tree278242f135d25eaabee714bcb919318cf0afc08f /src/plugins/crypto_openssl
parentf471e3339f12049531d2ead015d82f117d8fd936 (diff)
crypto: remove VNET_CRYPTO_OP_FLAG_INIT_IV flag
IV requirements vary wildly with the selected mode of operation. For example, for AES-CBC the IV must be unpredictable whereas for AES counter mode (CTR or GCM), it can be predictable but reusing an IV with the same key material is catastrophic. Because of that, it is hard to generate IV in a generic way, and it is better left to the crypto user (eg. IPsec). Type: improvement Change-Id: I32689c591d8c6572b8d37c4d24f175ea6132d3ec Signed-off-by: Benoît Ganne <bganne@cisco.com>
Diffstat (limited to 'src/plugins/crypto_openssl')
-rw-r--r--src/plugins/crypto_openssl/main.c6
1 files changed, 0 insertions, 6 deletions
diff --git a/src/plugins/crypto_openssl/main.c b/src/plugins/crypto_openssl/main.c
index 251e75d6255..50b40c48285 100644
--- a/src/plugins/crypto_openssl/main.c
+++ b/src/plugins/crypto_openssl/main.c
@@ -104,9 +104,6 @@ openssl_ops_enc_cbc (vlib_main_t *vm, vnet_crypto_op_t *ops[],
vnet_crypto_key_t *key = vnet_crypto_get_key (op->key_index);
int out_len = 0;
- if (op->flags & VNET_CRYPTO_OP_FLAG_INIT_IV)
- RAND_bytes (op->iv, iv_len);
-
EVP_EncryptInit_ex (ctx, cipher, NULL, key->data, op->iv);
if (op->flags & VNET_CRYPTO_OP_FLAG_CHAINED_BUFFERS)
@@ -215,9 +212,6 @@ openssl_ops_enc_aead (vlib_main_t *vm, vnet_crypto_op_t *ops[],
vnet_crypto_key_t *key = vnet_crypto_get_key (op->key_index);
int len = 0;
- if (op->flags & VNET_CRYPTO_OP_FLAG_INIT_IV)
- RAND_bytes (op->iv, 8);
-
EVP_EncryptInit_ex (ctx, cipher, 0, 0, 0);
if (is_gcm)
EVP_CIPHER_CTX_ctrl (ctx, EVP_CTRL_GCM_SET_IVLEN, 12, NULL);