Page MenuHomeFreeBSD

cryptodev: Permit CIOCCRYPT for AEAD ciphers.
ClosedPublic

Authored by jhb on Sep 24 2021, 6:04 PM.
Tags
None
Referenced Files
Unknown Object (File)
Fri, Feb 23, 5:37 AM
Unknown Object (File)
Wed, Feb 21, 9:08 AM
Unknown Object (File)
Wed, Feb 21, 9:08 AM
Unknown Object (File)
Wed, Feb 21, 9:08 AM
Unknown Object (File)
Wed, Feb 21, 9:04 AM
Unknown Object (File)
Wed, Feb 21, 1:54 AM
Unknown Object (File)
Tue, Feb 20, 4:39 AM
Unknown Object (File)
Tue, Feb 13, 8:29 PM
Subscribers

Details

Summary

A request without AAD for an AEAD cipher can be submitted via
CIOCCRYPT rather than CIOCCRYPTAEAD.

Sponsored by: The FreeBSD Foundation

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

This was triggered by cryptotest.py since it uses CIOCCRYPT for requests without AAD and some of the AES-CCM tests use empty AAD.

crp_sanity() asserts that for AEAD requests the IV must be in a separate buffer, i.e., CRYPTO_F_IV_SEPARATE is set. cryptodev_aead() ensures this, but cryptodev_op() does not.

Mmm, true. I will add a test that rejects AEAD requests without a separate IV.

  • Reject AEAD requests without an explicit IV.
This revision is now accepted and ready to land.Oct 1 2021, 9:41 PM
This revision was automatically updated to reflect the committed changes.