Page MenuHomeFreeBSD

cryptodev: Permit CIOCCRYPT for AEAD ciphers.
ClosedPublic

Authored by jhb on Sep 24 2021, 6:04 PM.

Details

Summary

A request without AAD for an AEAD cipher can be submitted via
CIOCCRYPT rather than CIOCCRYPTAEAD.

Sponsored by: The FreeBSD Foundation

Diff Detail

Repository
R10 FreeBSD src repository
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

This was triggered by cryptotest.py since it uses CIOCCRYPT for requests without AAD and some of the AES-CCM tests use empty AAD.

crp_sanity() asserts that for AEAD requests the IV must be in a separate buffer, i.e., CRYPTO_F_IV_SEPARATE is set. cryptodev_aead() ensures this, but cryptodev_op() does not.

Mmm, true. I will add a test that rejects AEAD requests without a separate IV.

  • Reject AEAD requests without an explicit IV.
This revision is now accepted and ready to land.Oct 1 2021, 9:41 PM
This revision was automatically updated to reflect the committed changes.