Bug #14417
closed
System Information widget does not properly form list of active hardware crypto algorithms
100%
Description
The System Information widget fails to display support for crypto algorithms if the algorithm is available both in the CPU and the new IIMB.
With IPsec-MB crypto disabled the information is correct:
AES-NI CPU Crypto: Yes (active) IPsec-MB Crypto: Yes (inactive) QAT Crypto: No Hardware crypto AES-CBC,AES-CCM,AES-GCM,AES-ICM,AES-XTS
When IPSec-MB is enabled, AES-GCM is not shown:
AES-NI CPU Crypto: Yes (active) IPsec-MB Crypto: Yes (active) QAT Crypto: No Hardware crypto AES-CBC,AES-CCM,ChaCha20-Poly1305,AES-ICM,AES-XTS
The problems seems to be in /usr/local/www/includes/functions.inc.php, function crypto_accel_get_algs() where the code to handle duplicates in the arrays is broken.
I simplified the function:
function crypto_accel_get_algs($crypto)
{
$algs = [];
foreach ($crypto['accel'] as $accel) {
/* skip these... */
if (!$accel['present'] || !$accel['enabled'])
continue;
$algs = array_merge($algs, $accel['algs']);
}
/* return early */
if (empty($algs))
return (gettext('Inactive'));
/* sort alphabetically */
ksort($algs);
/* now flip back so keys become values, done twice to remove duplicates */
$algs = array_flip($algs);
$algs = array_flip($algs);
/* format and return the algs string */
return (implode(',', $algs));
}
and the system information widget now outputs the correct information:
AES-NI CPU Crypto: Yes (active) IPsec-MB Crypto: Yes (active) QAT Crypto: No Hardware crypto AES-CBC,AES-CCM,AES-GCM,AES-ICM,AES-XTS,ChaCha20-Poly1305
Sorry but no patch, I forgot to make a backup before editing the file...
Files
Updated by Kris Phillips 12 months ago
I tested this with IPSec-MB and QAT enabled and AES-NI disabled. Issue was not present, so this appears to just be the combination of AES-NI and IPSec-MB.
Updated by Jim Pingle 9 months ago
- Project changed from pfSense Plus to pfSense
- Subject changed from System Information widget does not show Hardware crypto algorithms available in both AES-NI CPU and IPsec-MB Crypto to System Information widget does properly form array of active hardware crypto algorithms
- Category changed from Dashboard to Dashboard
- Status changed from New to In Progress
- Assignee set to Jim Pingle
- Target version changed from 23.09 to 2.8.0
- Affected Plus Version deleted (
23.05) - Plus Target Version set to 23.09
Though the problem is easiest to notice in Plus, the function is similar in CE and could in theory have the same problem.
Updated by Jim Pingle 9 months ago
- File clipboard-202308171320-9zdu0.png clipboard-202308171320-9zdu0.png added
- File clipboard-202308171320-vkqxv.png clipboard-202308171320-vkqxv.png added
- Status changed from In Progress to Feedback
- % Done changed from 0 to 100
Fix committed. Seems to list everything for me now and also in the correct alphabetical order.
Before:
After:
Updated by Jim Pingle 9 months ago
- Status changed from Feedback to Resolved
This appears to be correct and looks better on a variety of hardware models
Updated by Jim Pingle 7 months ago
- Subject changed from System Information widget does properly form array of active hardware crypto algorithms to System Information widget does not properly form list of active hardware crypto algorithms