From d97918ec678c4086001840e7263ba9ac3504ce24 Mon Sep 17 00:00:00 2001 From: Damjan Marion Date: Thu, 25 Apr 2019 18:28:31 +0200 Subject: crypto, ipsec: change GCM IV handling - nonce construction out of salt and iv is ipsec specific so it should be handled in ipsec code - fixes GCM unit tests - GCM IV is constructed out of simple counter, per RFC4106 section 3.1 Change-Id: Ib7712cc9612830daa737f5171d8384f1d361bb61 Signed-off-by: Damjan Marion --- src/plugins/crypto_openssl/main.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) (limited to 'src/plugins/crypto_openssl/main.c') diff --git a/src/plugins/crypto_openssl/main.c b/src/plugins/crypto_openssl/main.c index eaa16ceb2d8..0560f31a00a 100644 --- a/src/plugins/crypto_openssl/main.c +++ b/src/plugins/crypto_openssl/main.c @@ -118,18 +118,14 @@ openssl_ops_enc_gcm (vlib_main_t * vm, vnet_crypto_op_t * ops[], u32 n_ops, { vnet_crypto_op_t *op = ops[i]; vnet_crypto_key_t *key = vnet_crypto_get_key (op->key_index); - u32 nonce[3]; int len; if (op->flags & VNET_CRYPTO_OP_FLAG_INIT_IV) RAND_bytes (op->iv, 8); - nonce[0] = op->salt; - clib_memcpy_fast (nonce + 1, op->iv, 8); - EVP_EncryptInit_ex (ctx, cipher, 0, 0, 0); EVP_CIPHER_CTX_ctrl (ctx, EVP_CTRL_GCM_SET_IVLEN, 12, NULL); - EVP_EncryptInit_ex (ctx, 0, 0, key->data, (u8 *) nonce); + EVP_EncryptInit_ex (ctx, 0, 0, key->data, op->iv); if (op->aad_len) EVP_EncryptUpdate (ctx, NULL, &len, op->aad, op->aad_len); EVP_EncryptUpdate (ctx, op->dst, &len, op->src, op->len); -- cgit 1.2.3-korg