Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 13 Feb 2020 23:04:11 +0000 (UTC)
From:      John Baldwin <jhb@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r357891 - head/sys/dev/mlx5/mlx5_en
Message-ID:  <202002132304.01DN4Buq090283@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: jhb
Date: Thu Feb 13 23:04:11 2020
New Revision: 357891
URL: https://svnweb.freebsd.org/changeset/base/357891

Log:
  Don't check the auth algorithm for GCM.
  
  The upstream OpenSSL changes only set the cipher for GCM since the
  authentication is redundant, and changes to OCF will soon remove the
  GCM authentication algorithm constants entirely for the same reason.
  In addition, ktls_create_session() already validates these fields and
  wouldn't pass down an invalid auth_algorithm value to any drivers or
  ktls backends.
  
  Reviewed by:	hselasky
  Sponsored by:	Chelsio Communications
  Differential Revision:	https://reviews.freebsd.org/D23671

Modified:
  head/sys/dev/mlx5/mlx5_en/mlx5_en_hw_tls.c

Modified: head/sys/dev/mlx5/mlx5_en/mlx5_en_hw_tls.c
==============================================================================
--- head/sys/dev/mlx5/mlx5_en/mlx5_en_hw_tls.c	Thu Feb 13 22:55:45 2020	(r357890)
+++ head/sys/dev/mlx5/mlx5_en/mlx5_en_hw_tls.c	Thu Feb 13 23:04:11 2020	(r357891)
@@ -339,10 +339,6 @@ mlx5e_tls_snd_tag_alloc(struct ifnet *ifp,
 	case CRYPTO_AES_NIST_GCM_16:
 		switch (en->cipher_key_len) {
 		case 128 / 8:
-			if (en->auth_algorithm != CRYPTO_AES_128_NIST_GMAC) {
-				error = EINVAL;
-				goto failure;
-			}
 			if (en->tls_vminor == TLS_MINOR_VER_TWO) {
 				if (MLX5_CAP_TLS(priv->mdev, tls_1_2_aes_gcm_128) == 0) {
 					error = EPROTONOSUPPORT;
@@ -360,10 +356,6 @@ mlx5e_tls_snd_tag_alloc(struct ifnet *ifp,
 			break;
 
 		case 256 / 8:
-			if (en->auth_algorithm != CRYPTO_AES_256_NIST_GMAC) {
-				error = EINVAL;
-				goto failure;
-			}
 			if (en->tls_vminor == TLS_MINOR_VER_TWO) {
 				if (MLX5_CAP_TLS(priv->mdev, tls_1_2_aes_gcm_256) == 0) {
 					error = EPROTONOSUPPORT;

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202002132304.01DN4Buq090283>