Date: Tue, 26 Jan 2021 00:03:47 +0000 From: bugzilla-noreply@freebsd.org To: fs@FreeBSD.org Subject: [Bug 252981] panic with ZFS encryption and QAT: VERIFY3(0 == spa_do_crypt_bad(... Message-ID: <bug-252981-3630-w3PAdGffBR@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-252981-3630@https.bugs.freebsd.org/bugzilla/> References: <bug-252981-3630@https.bugs.freebsd.org/bugzilla/>
index | next in thread | previous in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=252981 --- Comment #5 from Mark Johnston <markj@FreeBSD.org> --- (In reply to Alan Somers from comment #3) This constraint only applies to AES-GCM. Other algorithms that provide integrity checking don't have such a limit on the AAD size. IPSec's ESP protocol includes the ESP header itself as AAD, for instance, but because the AAD size is fixed and smaller than the limit, it can use QAT/AES-GCM with no problems. That use-case was the original motivation for the port. (In reply to Alan Somers from comment #4) GELI doesn't appear to authenticate anything that isn't also encrypted, so there is no AAD. Even if it were to use GCM there would be no problem. -- You are receiving this mail because: You are the assignee for the bug.help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-252981-3630-w3PAdGffBR>