d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Don't check the auth algorithm for GCM.

Browse Source 
The upstream OpenSSL changes only set the cipher for GCM since the
authentication is redundant, and changes to OCF will soon remove the
GCM authentication algorithm constants entirely for the same reason.
In addition, ktls_create_session() already validates these fields and
wouldn't pass down an invalid auth_algorithm value to any drivers or
ktls backends.

Reviewed by:	hselasky
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D23671
This commit is contained in:
John Baldwin 2020-02-13 23:04:11 +00:00
parent ca3b3c573e
commit ff8c6681c8
1 changed files with 0 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
sys/dev/mlx5/mlx5_en/mlx5_en_hw_tls.c
View File

@ -339,10 +339,6 @@ mlx5e_tls_snd_tag_alloc(struct ifnet *ifp,
case CRYPTO_AES_NIST_GCM_16:
switch (en->cipher_key_len) {
case 128 / 8:
if (en->auth_algorithm != CRYPTO_AES_128_NIST_GMAC) {
error = EINVAL;
goto failure;
}
if (en->tls_vminor == TLS_MINOR_VER_TWO) {
if (MLX5_CAP_TLS(priv->mdev, tls_1_2_aes_gcm_128) == 0) {
error = EPROTONOSUPPORT;
@ -360,10 +356,6 @@ mlx5e_tls_snd_tag_alloc(struct ifnet *ifp,
break;
case 256 / 8:
if (en->auth_algorithm != CRYPTO_AES_256_NIST_GMAC) {
error = EINVAL;
goto failure;
}
if (en->tls_vminor == TLS_MINOR_VER_TWO) {
if (MLX5_CAP_TLS(priv->mdev, tls_1_2_aes_gcm_256) == 0) {
error = EPROTONOSUPPORT;