From 063549f9605c018618670ecb6c5bbbdbedd62c04 Mon Sep 17 00:00:00 2001
From: Benoît Ganne <bganne@cisco.com>
Date: Wed, 19 Jan 2022 10:09:42 +0100
Subject: crypto: remove VNET_CRYPTO_OP_FLAG_INIT_IV flag
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

IV requirements vary wildly with the selected mode of operation. For
example, for AES-CBC the IV must be unpredictable whereas for AES
counter mode (CTR or GCM), it can be predictable but reusing an IV with
the same key material is catastrophic.
Because of that, it is hard to generate IV in a generic way, and it is
better left to the crypto user (eg. IPsec).

Type: improvement

Change-Id: I32689c591d8c6572b8d37c4d24f175ea6132d3ec
Signed-off-by: Benoît Ganne <bganne@cisco.com>
---
 src/plugins/crypto_native/main.c | 18 ++++--------------
 1 file changed, 4 insertions(+), 14 deletions(-)

(limited to 'src/plugins/crypto_native/main.c')

diff --git a/src/plugins/crypto_native/main.c b/src/plugins/crypto_native/main.c
index 32bbbb13652..712c333bce9 100644
--- a/src/plugins/crypto_native/main.c
+++ b/src/plugins/crypto_native/main.c
@@ -63,16 +63,12 @@ clib_error_t *
 crypto_native_init (vlib_main_t * vm)
 {
   crypto_native_main_t *cm = &crypto_native_main;
-  vlib_thread_main_t *tm = vlib_get_thread_main ();
   clib_error_t *error = 0;
 
   if (clib_cpu_supports_x86_aes () == 0 &&
       clib_cpu_supports_aarch64_aes () == 0)
     return 0;
 
-  vec_validate_aligned (cm->per_thread_data, tm->n_vlib_mains - 1,
-			CLIB_CACHE_LINE_BYTES);
-
   cm->crypto_engine_index =
     vnet_crypto_register_engine (vm, "native", 100,
 				 "Native ISA Optimized Crypto");
@@ -96,7 +92,7 @@ crypto_native_init (vlib_main_t * vm)
     error = clib_error_return (0, "No AES CBC implemenation available");
 
   if (error)
-    goto error;
+    return error;
 
 #if __x86_64__
   if (clib_cpu_supports_pclmulqdq ())
@@ -113,7 +109,7 @@ crypto_native_init (vlib_main_t * vm)
 	error = clib_error_return (0, "No AES GCM implemenation available");
 
       if (error)
-	goto error;
+	return error;
     }
 #endif
 #if __aarch64__
@@ -123,18 +119,12 @@ crypto_native_init (vlib_main_t * vm)
     error = clib_error_return (0, "No AES GCM implemenation available");
 
   if (error)
-    goto error;
+    return error;
 #endif
 
   vnet_crypto_register_key_handler (vm, cm->crypto_engine_index,
 				    crypto_native_key_handler);
-
-
-error:
-  if (error)
-    vec_free (cm->per_thread_data);
-
-  return error;
+  return 0;
 }
 
 /* *INDENT-OFF* */
-- 
cgit 1.2.3-korg