svn commit: r357891 - head/sys/dev/mlx5/mlx5_en
John Baldwin
jhb at FreeBSD.org
Thu Feb 13 23:04:12 UTC 2020
Author: jhb
Date: Thu Feb 13 23:04:11 2020
New Revision: 357891
URL: https://svnweb.freebsd.org/changeset/base/357891
Log:
Don't check the auth algorithm for GCM.
The upstream OpenSSL changes only set the cipher for GCM since the
authentication is redundant, and changes to OCF will soon remove the
GCM authentication algorithm constants entirely for the same reason.
In addition, ktls_create_session() already validates these fields and
wouldn't pass down an invalid auth_algorithm value to any drivers or
ktls backends.
Reviewed by: hselasky
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D23671
Modified:
head/sys/dev/mlx5/mlx5_en/mlx5_en_hw_tls.c
Modified: head/sys/dev/mlx5/mlx5_en/mlx5_en_hw_tls.c
==============================================================================
--- head/sys/dev/mlx5/mlx5_en/mlx5_en_hw_tls.c Thu Feb 13 22:55:45 2020 (r357890)
+++ head/sys/dev/mlx5/mlx5_en/mlx5_en_hw_tls.c Thu Feb 13 23:04:11 2020 (r357891)
@@ -339,10 +339,6 @@ mlx5e_tls_snd_tag_alloc(struct ifnet *ifp,
case CRYPTO_AES_NIST_GCM_16:
switch (en->cipher_key_len) {
case 128 / 8:
- if (en->auth_algorithm != CRYPTO_AES_128_NIST_GMAC) {
- error = EINVAL;
- goto failure;
- }
if (en->tls_vminor == TLS_MINOR_VER_TWO) {
if (MLX5_CAP_TLS(priv->mdev, tls_1_2_aes_gcm_128) == 0) {
error = EPROTONOSUPPORT;
@@ -360,10 +356,6 @@ mlx5e_tls_snd_tag_alloc(struct ifnet *ifp,
break;
case 256 / 8:
- if (en->auth_algorithm != CRYPTO_AES_256_NIST_GMAC) {
- error = EINVAL;
- goto failure;
- }
if (en->tls_vminor == TLS_MINOR_VER_TWO) {
if (MLX5_CAP_TLS(priv->mdev, tls_1_2_aes_gcm_256) == 0) {
error = EPROTONOSUPPORT;
More information about the svn-src-head
mailing list