From 82d81d4fb0509236d10fe5de8bc2d4d26d6730b6 Mon Sep 17 00:00:00 2001 From: Damjan Marion Date: Thu, 25 Apr 2019 18:24:04 +0200 Subject: crypto: AES GCM IV length is always 12 ... at least for use cases we are interested in Change-Id: I1156ff354635e8f990ce2664ebc8dcd3786ddca5 Signed-off-by: Damjan Marion --- src/plugins/crypto_openssl/main.c | 2 +- src/plugins/unittest/crypto_test.c | 2 -- src/vnet/crypto/crypto.h | 2 +- src/vnet/ipsec/esp_decrypt.c | 1 - 4 files changed, 2 insertions(+), 5 deletions(-) diff --git a/src/plugins/crypto_openssl/main.c b/src/plugins/crypto_openssl/main.c index fb9754f85a2..eaa16ceb2d8 100644 --- a/src/plugins/crypto_openssl/main.c +++ b/src/plugins/crypto_openssl/main.c @@ -155,7 +155,7 @@ openssl_ops_dec_gcm (vlib_main_t * vm, vnet_crypto_op_t * ops[], u32 n_ops, int len; EVP_DecryptInit_ex (ctx, cipher, 0, 0, 0); - EVP_CIPHER_CTX_ctrl (ctx, EVP_CTRL_GCM_SET_IVLEN, op->iv_len, 0); + EVP_CIPHER_CTX_ctrl (ctx, EVP_CTRL_GCM_SET_IVLEN, 12, 0); EVP_DecryptInit_ex (ctx, 0, 0, key->data, op->iv); if (op->aad_len) EVP_DecryptUpdate (ctx, 0, &len, op->aad, op->aad_len); diff --git a/src/plugins/unittest/crypto_test.c b/src/plugins/unittest/crypto_test.c index b4f48741573..24910e7df6d 100644 --- a/src/plugins/unittest/crypto_test.c +++ b/src/plugins/unittest/crypto_test.c @@ -114,7 +114,6 @@ test_crypto (vlib_main_t * vm, crypto_test_main_t * tm) case VNET_CRYPTO_OP_TYPE_ENCRYPT: case VNET_CRYPTO_OP_TYPE_DECRYPT: op->iv = r->iv.data; - op->iv_len = r->iv.length; op->key_index = vnet_crypto_key_add (vm, r->alg, r->key.data, r->key.length); @@ -128,7 +127,6 @@ test_crypto (vlib_main_t * vm, crypto_test_main_t * tm) case VNET_CRYPTO_OP_TYPE_AEAD_ENCRYPT: case VNET_CRYPTO_OP_TYPE_AEAD_DECRYPT: op->iv = r->iv.data; - op->iv_len = r->iv.length; op->key_index = vnet_crypto_key_add (vm, r->alg, r->key.data, r->key.length); diff --git a/src/vnet/crypto/crypto.h b/src/vnet/crypto/crypto.h index 6ab32ec22bf..2d9c524b266 100644 --- a/src/vnet/crypto/crypto.h +++ b/src/vnet/crypto/crypto.h @@ -132,7 +132,7 @@ typedef struct u32 key_index; u32 len, salt; u16 aad_len; - u8 iv_len, digest_len, tag_len; + u8 digest_len, tag_len; u8 *iv; u8 *src; u8 *dst; diff --git a/src/vnet/ipsec/esp_decrypt.c b/src/vnet/ipsec/esp_decrypt.c index dfc86d47ace..92bd606d771 100644 --- a/src/vnet/ipsec/esp_decrypt.c +++ b/src/vnet/ipsec/esp_decrypt.c @@ -266,7 +266,6 @@ esp_decrypt_inline (vlib_main_t * vm, */ op->iv -= sizeof (sa0->salt); clib_memcpy_fast (op->iv, &sa0->salt, sizeof (sa0->salt)); - op->iv_len = cpd.iv_sz + sizeof (sa0->salt); op->tag = payload + len; op->tag_len = 16; -- cgit 1.2.3-korg