xnu-3789.31.2.tar.gz

[apple/xnu.git] / bsd / netkey / key.c

diff --git a/bsd/netkey/key.c b/bsd/netkey/key.c
index 1b4e6420b0441636b681515c5a90764149ab73dc..7e1a6061fa3d654d96896831f21f0feceac8b24c 100644 (file)
--- a/bsd/netkey/key.c
+++ b/bsd/netkey/key.c
@@ -103,7 +103,7 @@
 #include <netkey/keysock.h>
 #include <netkey/key_debug.h>
 #include <stdarg.h>
-
+#include <libkern/crypto/rand.h>
 
 #include <netinet6/ipsec.h>
 #if INET6
@@ -4245,7 +4245,11 @@ key_setsaval(
                        }
                        
                        /* initialize */
-                       key_randomfill(sav->iv, sav->ivlen);
+                       if (sav->alg_enc == SADB_X_EALG_AES_GCM) {
+                               bzero(sav->iv, sav->ivlen);
+                       } else {
+                               key_randomfill(sav->iv, sav->ivlen);
+                       }
 #endif
                        break;
                case SADB_SATYPE_AH:
@@ -4495,7 +4499,11 @@ key_setsaval2(struct secasvar      *sav,
                                }
                        }
                        /* initialize */
-                       key_randomfill(sav->iv, sav->ivlen);
+                       if (sav->alg_enc == SADB_X_EALG_AES_GCM) {
+                               bzero(sav->iv, sav->ivlen);
+                       } else {
+                               key_randomfill(sav->iv, sav->ivlen);
+                       }
                }
 #endif
        }
@@ -6315,8 +6323,7 @@ key_randomfill(
                           size_t l)
 {
 #ifdef __APPLE__
-       
-       read_random(p, (u_int)l);
+       cc_rand_generate(p, l); 
 #else
        size_t n;
        u_int32_t v;