Page MenuHomeFreeBSD

ktls: Centralize the check for CBC ciphers
ClosedPublic

Authored by jhb on Tue, Jun 30, 8:32 PM.
Tags
None
Referenced Files
Unknown Object (File)
Wed, Jul 8, 4:43 AM
Unknown Object (File)
Wed, Jul 8, 4:34 AM
Unknown Object (File)
Tue, Jul 7, 4:23 PM
Unknown Object (File)
Tue, Jul 7, 4:16 PM
Unknown Object (File)
Tue, Jul 7, 8:06 AM
Unknown Object (File)
Tue, Jul 7, 3:39 AM
Unknown Object (File)
Tue, Jul 7, 1:02 AM
Unknown Object (File)
Mon, Jul 6, 10:57 PM
Subscribers

Details

Summary

Move the check out of ktls_enable_(rx|tx) and into ktls_create_session.

Sponsored by: Chelsio Communications

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

jhb requested review of this revision.Tue, Jun 30, 8:32 PM

I got the expected failures when toggling this and running kyua ktls_test.

From Claude:

Commit: 50ac71cacbc4 — ktls: Centralize the check for CBC ciphers                                                         
                                                                   
This moves the ktls_cbc_enable guard from ktls_enable_rx() and ktls_enable_tx() into ktls_create_session(), placing it just 
before the CBC cipher's switch on auth_algorithm.                                                                           
 
- The centralization is correct: ktls_create_session() is the natural choke point shared by both paths.                     
- Minor: the error code changes from ENOTSUP to EOPNOTSUPP. On FreeBSD these share the same value (45), so no behavioral
difference, but worth being aware of.                                                                                       
- No other issues.

For the minor point Claude noted, ENOTSUP is an alternate spelling, EOPNOTSUPP is the canonical version for BSD.

This revision is now accepted and ready to land.Tue, Jun 30, 8:37 PM
This revision was automatically updated to reflect the committed changes.