Page MenuHomeFreeBSD
Differential D22117

Use a counter with a random base for explicit IVs in GCM.
ClosedPublic
Actions

Authored by jhb on Oct 22 2019, 10:07 PM.
Tags
None
Referenced Files
Unknown Object (File)
Jul 22 2025, 10:48 AM
Unknown Object (File)
Jun 23 2025, 11:32 AM
Unknown Object (File)
Jun 20 2025, 5:32 PM
Unknown Object (File)
Jun 20 2025, 8:03 AM
Unknown Object (File)
Jun 8 2025, 11:57 PM
Unknown Object (File)
Jun 6 2025, 3:36 PM
Unknown Object (File)
May 15 2025, 8:30 PM
Unknown Object (File)
May 15 2025, 9:52 AM
View All 91 Files
Subscribers
imp

Details

Reviewers
gallatin
Commits
rS354028: Use a counter with a random base for explicit IVs in GCM.
Summary

This permits constructing the entire TLS header in ktls_frame()
rather than ktls_seq(). This also matches the approach used by
OpenSSL which uses an incrementing nonce as the explicit IV
rather than the sequence number.

Test Plan
  • tested with ktls_ocf with both cryptosoft and ccr
  • used wireshark to verify incrementing nonces

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

jhb created this revision.Oct 22 2019, 10:07 PM
Harbormaster completed remote builds in B27160: Diff 63557.Oct 22 2019, 10:07 PM
jhb added a comment.Oct 22 2019, 10:09 PM

Would you be able to test this with the current ISA-L module (and verify it works ok on your end)?

gallatin accepted this revision.Oct 23 2019, 11:08 PM

Works fine running on a Netflix cache.

This revision is now accepted and ready to land.Oct 23 2019, 11:08 PM
Closed by commit rS354028: Use a counter with a random base for explicit IVs in GCM. (authored by jhb). · Explain WhyOct 24 2019, 6:13 PM
This revision was automatically updated to reflect the committed changes.
jhb added a commit: rS354028: Use a counter with a random base for explicit IVs in GCM..
Herald added a subscriber: imp. · View Herald TranscriptOct 24 2019, 6:13 PM

Revision Contents
Changeset List

PathSize
head/
sys/
kern/
47 lines

Diff 63641

View Options

head/sys/kern/uipc_ktls.c

Loading...