Page MenuHomeFreeBSD
Differential D32108

cryptodev: Permit CIOCCRYPT for AEAD ciphers.
ClosedPublic
Actions

Authored by jhb on Sep 24 2021, 6:04 PM.
Tags
None
Referenced Files
F125471734: D32108.diff
Fri, Aug 8, 3:59 AM
Unknown Object (File)
Wed, Aug 6, 11:31 PM
Unknown Object (File)
Tue, Aug 5, 6:39 AM
Unknown Object (File)
Tue, Jul 29, 7:31 AM
Unknown Object (File)
Thu, Jul 10, 9:17 AM
Unknown Object (File)
Jun 24 2025, 6:21 PM
Unknown Object (File)
Jun 22 2025, 6:27 PM
Unknown Object (File)
Jun 20 2025, 5:34 PM
View All Files
Subscribers
emaste
imp
jmg

Details

Reviewers
markj
Commits
rGac648e3affe3: cryptodev: Permit CIOCCRYPT for AEAD ciphers.
rG70dbebea1242: cryptodev: Permit CIOCCRYPT for AEAD ciphers.
Summary

A request without AAD for an AEAD cipher can be submitted via
CIOCCRYPT rather than CIOCCRYPTAEAD.

Sponsored by: The FreeBSD Foundation

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
No Lint Coverage
Unit
No Test Coverage
Build Status
Buildable 41709
Build 38598: arc lint + arc unit

Event Timeline

jhb created this revision.Sep 24 2021, 6:04 PM
Herald added subscribers: jmg, imp. · View Herald TranscriptSep 24 2021, 6:04 PM
jhb requested review of this revision.Sep 24 2021, 6:04 PM
jhb added a parent revision: D32107: cryptodev: Permit explicit IV/nonce and MAC/tag lengths..
jhb added a child revision: D32109: cryptodev: Allow some CIOCCRYPT operations with an empty payload..
Harbormaster completed remote builds in B41709: Diff 95642.Sep 24 2021, 6:05 PM
jhb added a comment.Sep 24 2021, 6:07 PM

This was triggered by cryptotest.py since it uses CIOCCRYPT for requests without AAD and some of the AES-CCM tests use empty AAD.

jhb mentioned this in D32109: cryptodev: Allow some CIOCCRYPT operations with an empty payload..Sep 24 2021, 6:08 PM
jhb added a reviewer: markj.Sep 27 2021, 9:33 PM
markj added a comment.Sep 28 2021, 2:44 PM

crp_sanity() asserts that for AEAD requests the IV must be in a separate buffer, i.e., CRYPTO_F_IV_SEPARATE is set. cryptodev_aead() ensures this, but cryptodev_op() does not.

jhb added a comment.Oct 1 2021, 9:08 PM

Mmm, true. I will add a test that rejects AEAD requests without a separate IV.

jhb updated this revision to Diff 96112.Oct 1 2021, 9:23 PM
  • Reject AEAD requests without an explicit IV.
Harbormaster completed remote builds in B41906: Diff 96112.Oct 1 2021, 9:23 PM
markj accepted this revision.Oct 1 2021, 9:41 PM
This revision is now accepted and ready to land.Oct 1 2021, 9:41 PM
Closed by commit rG70dbebea1242: cryptodev: Permit CIOCCRYPT for AEAD ciphers. (authored by jhb). · Explain WhyOct 6 2021, 9:11 PM
This revision was automatically updated to reflect the committed changes.
jhb added a commit: rG70dbebea1242: cryptodev: Permit CIOCCRYPT for AEAD ciphers..
jhb added a commit: rGac648e3affe3: cryptodev: Permit CIOCCRYPT for AEAD ciphers..Oct 21 2021, 10:04 PM

Revision Contents
Changeset List

PathSize
sys/
opencrypto/
1 line

Diff 95642

View Options

sys/opencrypto/cryptodev.c

Loading...