Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 25 Feb 2020 15:49:47 -0800
From:      John Baldwin <jhb@FreeBSD.org>
To:        "freebsd-arch@freebsd.org" <freebsd-arch@freebsd.org>
Subject:   Re: CFT: Open Crypto Framework Changes: Round 1
Message-ID:  <fcecef5c-9384-c2ed-fdcf-85c6a9403d46@FreeBSD.org>
In-Reply-To: <921919dd-6291-61af-2dc6-768bcdbd5cff@FreeBSD.org>
References:  <c83b6b93-138d-26ca-6edf-4abac4df3d7f@FreeBSD.org> <921919dd-6291-61af-2dc6-768bcdbd5cff@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On 11/21/19 11:40 AM, John Baldwin wrote:
> On 8/2/19 3:46 PM, John Baldwin wrote:
>> A while back I ranted about what I perceived to be several issues with
>> our in-kernel framework.  I've been working on a first round of changes
>> over the past several months and believe I've gotten far enough to be
>> a first milestone that's probably suitable for merging.  At this point
>> what I would most appreciate is design review on what I've done so far
>> (though an eye towards the future wouldn't hurt).  I have more changes I
>> think I'd like to make, but this is a big enough chunk to chew on for
>> now.
>>
>> The code:
>>
>> https://github.com/freebsd/freebsd/compare/master...bsdjhb:ocf_rework
> 
> I have progressed further on this work and would like to merge it into the
> tree soon.  Some changes since the last summary I gave are:

A commit candidate is now up for review at https://reviews.freebsd.org/D23677

I believe I have fixed the earlier regression with cesa(4) and IPsec (but
have no hardware to test).  I've also now tested GELI with auth.  One
behavior change is that GELI with auth will now fail I/O requests when
auth fails instead of printing a warning and then returning unauthenticated
data anyway.  That behavior doesn't seem ideal.  If we need it, GELI could
grow an option where it would resubmit any requests that failed auth as
a decryption only request, but even then I would probably think that should
be an off-by-default option.

-- 
John Baldwin

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?fcecef5c-9384-c2ed-fdcf-85c6a9403d46>