Project

General

Profile

Actions

Bug #14417

closed

System Information widget does not properly form list of active hardware crypto algorithms

Added by Patrik Stahlman 11 months ago. Updated 6 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Dashboard
Target version:
Start date:
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
23.09
Release Notes:
Default
Affected Version:
Affected Architecture:
All

Description

The System Information widget fails to display support for crypto algorithms if the algorithm is available both in the CPU and the new IIMB.

With IPsec-MB crypto disabled the information is correct:

AES-NI CPU Crypto: Yes (active)
IPsec-MB Crypto: Yes (inactive)
QAT Crypto: No
Hardware crypto     AES-CBC,AES-CCM,AES-GCM,AES-ICM,AES-XTS

When IPSec-MB is enabled, AES-GCM is not shown:

AES-NI CPU Crypto: Yes (active)
IPsec-MB Crypto: Yes (active)
QAT Crypto: No
Hardware crypto     AES-CBC,AES-CCM,ChaCha20-Poly1305,AES-ICM,AES-XTS

The problems seems to be in /usr/local/www/includes/functions.inc.php, function crypto_accel_get_algs() where the code to handle duplicates in the arrays is broken.

I simplified the function:

function crypto_accel_get_algs($crypto)
{
        $algs = [];

        foreach ($crypto['accel'] as $accel) {
                /* skip these... */
                if (!$accel['present'] || !$accel['enabled'])
                        continue;

                $algs = array_merge($algs, $accel['algs']);
        }

        /* return early */
        if (empty($algs))
                return (gettext('Inactive'));

        /* sort alphabetically */
        ksort($algs);

        /* now flip back so keys become values, done twice to remove duplicates */
        $algs = array_flip($algs);
        $algs = array_flip($algs);

        /* format and return the algs string */
        return (implode(',', $algs));
}

and the system information widget now outputs the correct information:


AES-NI CPU Crypto: Yes (active)
IPsec-MB Crypto: Yes (active)
QAT Crypto: No
Hardware crypto     AES-CBC,AES-CCM,AES-GCM,AES-ICM,AES-XTS,ChaCha20-Poly1305

Sorry but no patch, I forgot to make a backup before editing the file...


Files

Actions #1

Updated by Jim Pingle 11 months ago

  • Target version set to 23.09
Actions #2

Updated by Kris Phillips 11 months ago

I tested this with IPSec-MB and QAT enabled and AES-NI disabled. Issue was not present, so this appears to just be the combination of AES-NI and IPSec-MB.

Actions #3

Updated by Jim Pingle 8 months ago

  • Project changed from pfSense Plus to pfSense
  • Subject changed from System Information widget does not show Hardware crypto algorithms available in both AES-NI CPU and IPsec-MB Crypto to System Information widget does properly form array of active hardware crypto algorithms
  • Category changed from Dashboard to Dashboard
  • Status changed from New to In Progress
  • Assignee set to Jim Pingle
  • Target version changed from 23.09 to 2.8.0
  • Affected Plus Version deleted (23.05)
  • Plus Target Version set to 23.09

Though the problem is easiest to notice in Plus, the function is similar in CE and could in theory have the same problem.

Actions #4

Updated by Jim Pingle 8 months ago

Fix committed. Seems to list everything for me now and also in the correct alphabetical order.

Before:

After:

Actions #5

Updated by Jim Pingle 8 months ago

  • Status changed from Feedback to Resolved

This appears to be correct and looks better on a variety of hardware models

Actions #6

Updated by Jim Pingle 7 months ago

  • Subject changed from System Information widget does properly form array of active hardware crypto algorithms to System Information widget does not properly form list of active hardware crypto algorithms
Actions #7

Updated by Jim Pingle 6 months ago

  • Target version changed from 2.8.0 to 2.7.1
Actions

Also available in: Atom PDF