Skip to content

Bsdkm driver cleanup#10695

Open
philljj wants to merge 4 commits into
wolfSSL:masterfrom
philljj:bsdkm_fixes
Open

Bsdkm driver cleanup#10695
philljj wants to merge 4 commits into
wolfSSL:masterfrom
philljj:bsdkm_fixes

Conversation

@philljj

@philljj philljj commented Jun 16, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Description

Cleanup for bsdkm driver:

  • tests should use CRYPTO_F_CBIFSYNC flag, so callback isn't randomly deferred.
  • sanitize ivlen, and auth_mlen.
  • handle aes cleanup better.

Fixes F-5305, F-5306, F-5307.
Fixes ZD-21992.

Testing

Tested on FreeBSD 14.3-RELEASE.

#!/bin/sh                  
BSDKM_CFLAGS="-DWOLFSSL_BSDKM_VERBOSE_DEBUG -DWOLFSSL_BSDKM_FPU_DEBUG"          
                                                                                
./configure --enable-freebsdkm --enable-freebsdkm-crypto-register \
  --enable-cryptonly --enable-crypttests \
  --enable-kernel-benchmarks --enable-all-crypto --enable-aesni \
  --enable-aesni-with-avx \
  CFLAGS="$BSDKM_CFLAGS" && make \       
  || exit 1

file bsdkm/libwolfssl.ko && sudo kldload bsdkm/libwolfssl.ko || exit 1

#!/bin/sh
./configure --enable-freebsdkm --enable-cryptonly --enable-crypttests \
  --enable-kernel-benchmarks --enable-all-crypto --enable-aesni \
  --enable-aesni-with-avx CFLAGS="-DWOLFSSL_BSDKM_VERBOSE_DEBUG" && make \
  || exit 1
file bsdkm/libwolfssl.ko && sudo kldload bsdkm/libwolfssl.ko || exit 1

@philljj philljj self-assigned this Jun 16, 2026
Copilot AI review requested due to automatic review settings June 16, 2026 04:25
Copilot AI reviewed Jun 16, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR cleans up the FreeBSD kernel module (BSDKM) crypto driver by adding stricter session parameter validation, improving AES session initialization/teardown behavior, and making the in-kernel AES tests deterministic with respect to callback timing.

Changes:

  • Added csp_ivlen / csp_auth_mlen validation for AES-CBC and AES-GCM in probesession and newsession.
  • Reworked AES session setup to pre-set keys during session creation and adjusted per-request handling to set IVs and perform cleanup.
  • Updated BSDKM AES test requests to include CRYPTO_F_CBIFSYNC to avoid deferred callbacks.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File Description
bsdkm/wolfkmod.c Adds parameter sanitization for AES sessions and refactors AES init/use/cleanup in CBC and GCM paths.
bsdkm/wolfkmod_aes.c Updates kernel-mode AES tests to set CRYPTO_F_CBIFSYNC for consistent callback behavior.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread bsdkm/wolfkmod.c
Comment thread bsdkm/wolfkmod.c
@github-actions

github-actions Bot commented Jun 16, 2026
edited
Loading

Copy link
Copy Markdown

MemBrowse Memory Report

No memory changes detected for:

@philljj

philljj commented Jun 16, 2026
edited
Loading

Copy link
Copy Markdown
Contributor Author

Retest this please.

Fips harness test hung.

@philljj philljj assigned wolfSSL-Bot and unassigned philljj Jun 16, 2026
@philljj philljj added the For This Release Release version 5.9.2 label Jun 16, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

@wolfSSL-Bot wolfSSL-Bot

Labels

For This Release Release version 5.9.2

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@philljj @wolfSSL-Bot