From owner-svn-src-all@freebsd.org Thu Feb 13 23:04:12 2020 Return-Path: Delivered-To: svn-src-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 3873F2391AB; Thu, 13 Feb 2020 23:04:12 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48JXBh09m7z3FKg; Thu, 13 Feb 2020 23:04:12 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 012F41A4C8; Thu, 13 Feb 2020 23:04:12 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 01DN4B1f090284; Thu, 13 Feb 2020 23:04:11 GMT (envelope-from jhb@FreeBSD.org) Received: (from jhb@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 01DN4Buq090283; Thu, 13 Feb 2020 23:04:11 GMT (envelope-from jhb@FreeBSD.org) Message-Id: <202002132304.01DN4Buq090283@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: jhb set sender to jhb@FreeBSD.org using -f From: John Baldwin Date: Thu, 13 Feb 2020 23:04:11 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r357891 - head/sys/dev/mlx5/mlx5_en X-SVN-Group: head X-SVN-Commit-Author: jhb X-SVN-Commit-Paths: head/sys/dev/mlx5/mlx5_en X-SVN-Commit-Revision: 357891 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Feb 2020 23:04:12 -0000 Author: jhb Date: Thu Feb 13 23:04:11 2020 New Revision: 357891 URL: https://svnweb.freebsd.org/changeset/base/357891 Log: Don't check the auth algorithm for GCM. The upstream OpenSSL changes only set the cipher for GCM since the authentication is redundant, and changes to OCF will soon remove the GCM authentication algorithm constants entirely for the same reason. In addition, ktls_create_session() already validates these fields and wouldn't pass down an invalid auth_algorithm value to any drivers or ktls backends. Reviewed by: hselasky Sponsored by: Chelsio Communications Differential Revision: https://reviews.freebsd.org/D23671 Modified: head/sys/dev/mlx5/mlx5_en/mlx5_en_hw_tls.c Modified: head/sys/dev/mlx5/mlx5_en/mlx5_en_hw_tls.c ============================================================================== --- head/sys/dev/mlx5/mlx5_en/mlx5_en_hw_tls.c Thu Feb 13 22:55:45 2020 (r357890) +++ head/sys/dev/mlx5/mlx5_en/mlx5_en_hw_tls.c Thu Feb 13 23:04:11 2020 (r357891) @@ -339,10 +339,6 @@ mlx5e_tls_snd_tag_alloc(struct ifnet *ifp, case CRYPTO_AES_NIST_GCM_16: switch (en->cipher_key_len) { case 128 / 8: - if (en->auth_algorithm != CRYPTO_AES_128_NIST_GMAC) { - error = EINVAL; - goto failure; - } if (en->tls_vminor == TLS_MINOR_VER_TWO) { if (MLX5_CAP_TLS(priv->mdev, tls_1_2_aes_gcm_128) == 0) { error = EPROTONOSUPPORT; @@ -360,10 +356,6 @@ mlx5e_tls_snd_tag_alloc(struct ifnet *ifp, break; case 256 / 8: - if (en->auth_algorithm != CRYPTO_AES_256_NIST_GMAC) { - error = EINVAL; - goto failure; - } if (en->tls_vminor == TLS_MINOR_VER_TWO) { if (MLX5_CAP_TLS(priv->mdev, tls_1_2_aes_gcm_256) == 0) { error = EPROTONOSUPPORT;