Page MenuHomeFreeBSD

Add a kernel crypto driver using assembly routines from OpenSSL.
ClosedPublic

Authored by jhb on Oct 16 2020, 6:04 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sat, Mar 23, 1:51 AM
Unknown Object (File)
Sat, Mar 23, 1:50 AM
Unknown Object (File)
Sat, Mar 23, 1:50 AM
Unknown Object (File)
Sat, Mar 23, 1:50 AM
Unknown Object (File)
Sat, Mar 23, 1:50 AM
Unknown Object (File)
Fri, Mar 22, 4:00 PM
Unknown Object (File)
Jan 5 2024, 6:46 PM
Unknown Object (File)
Dec 20 2023, 6:03 AM

Details

Summary

Currently, this supports SHA1 and SHA2-{224,256,384,512} both as plain
hashes and in HMAC mode. It supports both amd64 and i386. It uses
the SHA intrinsics when present similar to aesni(4), but uses SSE/AVX
instructions when they are not present.

Note that some files from OpenSSL that normally wrap the assembly
routines have been adapted to export methods usable by 'struct
auth_xform' as is used by existing software crypto routines.

Test Plan
  • tested with cryptocheck on both amd64 and i386
  • tested with KTLS AES-CBC support on amd64

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

jhb requested review of this revision.Oct 16 2020, 6:04 PM
jhb created this revision.

This depends on commit https://github.com/freebsd/freebsd/commit/27d1c1c38fa76d11182de27e1e9b91160152fae7, but arcanist choked with a 413 error (EFBIG basically) when trying to upload that commit as a phab review. The branch did pass Cirrus-CI, so the libcrypto changes in the GH commit do work for updating libcrypto for the new location.

I named this ossl(4) instead of openssl(4), but I'm not super timed to the name.

This doesn't yet have a manpage.

Adding arm64 support in the future shouldn't be very hard. Once I caught i386's machine/fpu.h up to amd64, the changes to add i386 were just this: https://github.com/freebsd/freebsd/commit/c94c95591637662f5cbaebe0881d08ae451cd788

There is also the opportunity to add AES modes in the future as well, perhaps replacing aesni(4) entirely. I suspect that these routines are more maintained and have seen more review than the bits in aesni(4).

jhb added inline comments.
sys/crypto/openssl/ossl_sha256.c
25 ↗(On Diff #78325)

I should perhaps 'svn cp' these files from their sources in src/crypto/openssl when committing. Originally not all of the files mapped 1:1, but when refactoring to add SHA2 hashes, I ended up more closely matching the OpenSSL layout.

jhb retitled this revision from Add an kernel crypto driver using assembly routines from OpenSSL. to Add a kernel crypto driver using assembly routines from OpenSSL..Oct 16 2020, 6:17 PM
This revision is now accepted and ready to land.Oct 19 2020, 1:25 PM
  • Allow ossl to be built statically.
  • Add a manpage.
This revision now requires review to proceed.Oct 19 2020, 10:38 PM
  • Fix the architecture bullet list.
  • Make the list of algorithms explicit.
delphij added a subscriber: delphij.

Diff between diff 1..3 looked fine to me.

This revision is now accepted and ready to land.Oct 19 2020, 10:52 PM
gnn added a subscriber: gnn.

LGTM