Page MenuHomeFreeBSD

cryptodev: Allow some CIOCCRYPT operations with an empty payload.

Authored by jhb on Sep 24 2021, 6:04 PM.



If an operation would generate a MAC output (e.g. for digest operation
or for an AEAD or EtA operation), then an empty payload buffer is
valid. Only reject requests with an empty buffer for "plain" cipher

Some of the AES-CCM NIST KAT vectors use an empty payload.

While here, don't advance crp_payload_start for requests that use an
empty payload with an inline IV. (*)

Reported by: (*)
Sponsored by: The FreeBSD Foundation

Diff Detail

rS FreeBSD src repository - subversion
No Linters Available
No Unit Test Coverage
Build Status
Buildable 41710
Build 38599: arc lint + arc unit

Event Timeline

Similar to D32108. this was triggered by AES-CCM tests via


This is the change I talked about over in D32123 where I had relaxed this requirement for all but CSP_MODE_CIPHER.

I think we could further refine this to check for cop->len == cse->ivsize if cop->iv is NULL.


In your other review we could perhaps make this conditional on the updated crp_payload_length != 0 if we wanted to keep the assertion in crp_sanity()?


Yes, I think that is necessary.


I think that's fine. To be clear, the idea is to have this instead:

crp->crp_payload_length -= cse->ivsize;
if (crp->crp_payload_length > 0)
    crp->crp_payload_start += cse->ivsize;

Do you want to just handle this in this review?

jhb marked 2 inline comments as done.Oct 1 2021, 9:27 PM
  • Check for cop->len == cse->ivsize.
  • Don't bump payload_start for an empty payload.
This revision is now accepted and ready to land.Oct 1 2021, 9:36 PM