git: 474d9290eb9e - main - ossl: Don't try to initialize the cipher for Chacha20+Poly1305.
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 20 Jun 2023 14:54:08 UTC
The branch main has been updated by jhb:
URL: https://cgit.FreeBSD.org/src/commit/?id=474d9290eb9e9f0e636c7f814d0d10ba5147149f
commit 474d9290eb9e9f0e636c7f814d0d10ba5147149f
Author: John Baldwin <jhb@FreeBSD.org>
AuthorDate: 2023-06-20 14:53:50 +0000
Commit: John Baldwin <jhb@FreeBSD.org>
CommitDate: 2023-06-20 14:53:50 +0000
ossl: Don't try to initialize the cipher for Chacha20+Poly1305.
Chacha20+Poly1305 doesn't use an ossl_cipher instance the way AES-GCM
does, so ossl_lookup_cipher() failed causing ossl_newsession() to
always fail for Chacha20+Poly1305 sessions.
Reported by: gallatin (ktls_test fails with ossl.ko loaded)
Fixes: 9a3444d91c70 ossl: Add a VAES-based AES-GCM implementation for amd64
Tested by: gallatin
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D40580
---
sys/crypto/openssl/ossl.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/sys/crypto/openssl/ossl.c b/sys/crypto/openssl/ossl.c
index 723d1a80543d..25897cae0dca 100644
--- a/sys/crypto/openssl/ossl.c
+++ b/sys/crypto/openssl/ossl.c
@@ -301,7 +301,8 @@ ossl_newsession(device_t dev, crypto_session_t cses,
error = ossl_newsession_cipher(s, csp);
break;
case CSP_MODE_AEAD:
- error = ossl_newsession_cipher(s, csp);
+ if (csp->csp_cipher_alg != CRYPTO_CHACHA20_POLY1305)
+ error = ossl_newsession_cipher(s, csp);
break;
default:
__assert_unreachable();