New commits:
commit 8abd958f3c7f2159b2beed0c9c37650bd784a181
Author: Andrew Cagney <[email protected]>
Date: Wed Jul 31 12:22:53 2024 -0400
fips crypto: for AEAD use CKG_GENERATE_COUNTER_XOR
Instead of generating a random 8-byte IV, use CKG_GENERATE_COUNTER_XOR
to generate a counting IV. To quote:
The Initialization Vector (IV) MUST be eight octets. The IV MUST be
chosen by the encryptor in a manner that ensures that the same IV
value is used only once for a given key. The encryptor MAY generate
the IV in any manner that ensures uniqueness. Common approaches to
IV generation include incrementing a counter for each packet and
linear feedback shift registers (LFSRs).
https://www.rfc-editor.org/rfc/rfc5282.html#section-3.1
It's what SSL does (apparently). Ref:
https://bugzilla.mozilla.org/show_bug.cgi?id=1906464
Ref #1535 in the GCM code, replace PK11_Encrypt() with PK11_AEADOp()
commit 1aeca65a8c4455543ae6909b026ab41eed107cbf
Author: Andrew Cagney <[email protected]>
Date: Wed Jul 31 12:19:12 2024 -0400
crypto: drop const from cipher_context_aead_op_nss(cipher_op_context)
commit 0c11a1b0a4f6718dc1c2d612128f2fef44985e42
Author: Andrew Cagney <[email protected]>
Date: Wed Jul 31 12:17:42 2024 -0400
hunks: add hunk_cpy()
commit a84477d6f7f963cb188ee9d74cb3b0ca006fd6ea
Author: Andrew Cagney <[email protected]>
Date: Wed Jul 31 08:35:15 2024 -0400
nss: add jam_nss_ckg()
_______________________________________________
Swan-commit mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-commit
