git: 663ae8f7f949 - main - KTLS: Construct IV directly in crp.crp_iv for TLS 1.3 AEAD encryption.

From: John Baldwin <jhb_at_FreeBSD.org>
Date: Fri, 22 Apr 2022 22:55:22 UTC
The branch main has been updated by jhb:

URL: https://cgit.FreeBSD.org/src/commit/?id=663ae8f7f949b4d4fc0c91d8e9b2a01f56e40dc5

commit 663ae8f7f949b4d4fc0c91d8e9b2a01f56e40dc5
Author:     John Baldwin <jhb@FreeBSD.org>
AuthorDate: 2022-04-22 22:52:27 +0000
Commit:     John Baldwin <jhb@FreeBSD.org>
CommitDate: 2022-04-22 22:52:27 +0000

    KTLS: Construct IV directly in crp.crp_iv for TLS 1.3 AEAD encryption.
    
    Previously this used a temporary nonce[] buffer.  The decrypt hook for
    TLS 1.3 as well as the hooks for TLS 1.2 already constructed the IV
    directly in crp.crp_iv.
    
    Reviewed by:    hselasky
    Sponsored by:   Netflix
    Differential Revision:  https://reviews.freebsd.org/D35027
---
 sys/opencrypto/ktls_ocf.c | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/sys/opencrypto/ktls_ocf.c b/sys/opencrypto/ktls_ocf.c
index 575a91f9fe3f..3b330bf7061c 100644
--- a/sys/opencrypto/ktls_ocf.c
+++ b/sys/opencrypto/ktls_ocf.c
@@ -564,7 +564,6 @@ ktls_ocf_tls13_aead_encrypt(struct ktls_ocf_encrypt_state *state,
 	struct tls_aead_data_13 *ad;
 	struct cryptop *crp;
 	struct ktls_ocf_session *os;
-	char nonce[12];
 	int error;
 
 	os = tls->ocf_session;
@@ -575,8 +574,8 @@ ktls_ocf_tls13_aead_encrypt(struct ktls_ocf_encrypt_state *state,
 	crypto_initreq(crp, os->sid);
 
 	/* Setup the nonce. */
-	memcpy(nonce, tls->params.iv, tls->params.iv_len);
-	*(uint64_t *)(nonce + 4) ^= htobe64(m->m_epg_seqno);
+	memcpy(crp->crp_iv, tls->params.iv, tls->params.iv_len);
+	*(uint64_t *)(crp->crp_iv + 4) ^= htobe64(m->m_epg_seqno);
 
 	/* Setup the AAD. */
 	ad = &state->aead13;
@@ -614,8 +613,6 @@ ktls_ocf_tls13_aead_encrypt(struct ktls_ocf_encrypt_state *state,
 	crp->crp_op = CRYPTO_OP_ENCRYPT | CRYPTO_OP_COMPUTE_DIGEST;
 	crp->crp_flags = CRYPTO_F_CBIMM | CRYPTO_F_IV_SEPARATE;
 
-	memcpy(crp->crp_iv, nonce, sizeof(nonce));
-
 	if (tls->params.cipher_algorithm == CRYPTO_AES_NIST_GCM_16)
 		counter_u64_add(ocf_tls13_gcm_encrypts, 1);
 	else