D24775.id71665.diff
No OneTemporary
Actions

Size

29 KB

Referenced Files

None

Subscribers

None

D24775.id71665.diff
View Options

	Index: head/share/man/man4/hifn.4
	===================================================================
	--- head/share/man/man4/hifn.4
	+++ head/share/man/man4/hifn.4
	@@ -58,7 +58,7 @@
	.Nm
	driver registers itself to accelerate
	AES (7955 and 7956 only),
	-MD5-HMAC, SHA1, and SHA1-HMAC operations for
	+SHA1, and SHA1-HMAC operations for
	.Xr ipsec 4
	and
	.Xr crypto 4 .
	Index: head/share/man/man4/safe.4
	===================================================================
	--- head/share/man/man4/safe.4
	+++ head/share/man/man4/safe.4
	@@ -60,7 +60,7 @@
	.Pp
	The
	.Nm
	-driver registers itself to accelerate AES, MD5-HMAC,
	+driver registers itself to accelerate AES,
	SHA1-HMAC, and NULL operations for
	.Xr ipsec 4
	and
	Index: head/share/man/man9/crypto.9
	===================================================================
	--- head/share/man/man9/crypto.9
	+++ head/share/man/man9/crypto.9
	@@ -106,7 +106,6 @@
	.It Dv CRYPTO_AES_NIST_GMAC
	.It Dv CRYPTO_BLAKE2B
	.It Dv CRYPTO_BLAKE2S
	-.It Dv CRYPTO_MD5_HMAC
	.It Dv CRYPTO_NULL_HMAC
	.It Dv CRYPTO_POLY1305
	.It Dv CRYPTO_RIPEMD160
	Index: head/sys/crypto/via/padlock_hash.c
	===================================================================
	--- head/sys/crypto/via/padlock_hash.c
	+++ head/sys/crypto/via/padlock_hash.c
	@@ -321,9 +321,6 @@
	case CRYPTO_NULL_HMAC:
	axf = &auth_hash_null;
	break;
	- case CRYPTO_MD5_HMAC:
	- axf = &auth_hash_hmac_md5;
	- break;
	case CRYPTO_SHA1_HMAC:
	if ((via_feature_xcrypt & VIA_HAS_SHA) != 0)
	axf = &padlock_hmac_sha1;
	Index: head/sys/dev/cesa/cesa.c
	===================================================================
	--- head/sys/dev/cesa/cesa.c
	+++ head/sys/dev/cesa/cesa.c
	@@ -64,7 +64,6 @@
	#include <dev/ofw/ofw_bus.h>
	#include <dev/ofw/ofw_bus_subr.h>

	-#include <sys/md5.h>
	#include <crypto/sha1.h>
	#include <crypto/sha2/sha256.h>
	#include <crypto/rijndael/rijndael.h>
	@@ -434,14 +433,6 @@
	hout = (uint32_t *)cs->cs_hiv_out;

	switch (alg) {
	- case CRYPTO_MD5_HMAC:
	- hmac_init_ipad(&auth_hash_hmac_md5, mkey, mklen, &auth_ctx);
	- memcpy(hin, auth_ctx.md5ctx.state,
	- sizeof(auth_ctx.md5ctx.state));
	- hmac_init_opad(&auth_hash_hmac_md5, mkey, mklen, &auth_ctx);
	- memcpy(hout, auth_ctx.md5ctx.state,
	- sizeof(auth_ctx.md5ctx.state));
	- break;
	case CRYPTO_SHA1_HMAC:
	hmac_init_ipad(&auth_hash_hmac_sha1, mkey, mklen, &auth_ctx);
	memcpy(hin, auth_ctx.sha1ctx.h.b32,
	@@ -1599,7 +1590,6 @@
	sc->sc_soc_id == MV_DEV_88F6810))
	return (false);
	/* FALLTHROUGH */
	- case CRYPTO_MD5_HMAC:
	case CRYPTO_SHA1:
	case CRYPTO_SHA1_HMAC:
	break;
	@@ -1668,14 +1658,6 @@
	}

	switch (csp->csp_auth_alg) {
	- case CRYPTO_MD5_HMAC:
	- cs->cs_mblen = MD5_BLOCK_LEN;
	- cs->cs_hlen = (csp->csp_auth_mlen == 0) ? MD5_HASH_LEN :
	- csp->csp_auth_mlen;
	- cs->cs_config \|= CESA_CSHD_MD5_HMAC;
	- if (cs->cs_hlen == CESA_HMAC_TRUNC_LEN)
	- cs->cs_config \|= CESA_CSHD_96_BIT_HMAC;
	- break;
	case CRYPTO_SHA1:
	cs->cs_mblen = 1;
	cs->cs_hlen = (csp->csp_auth_mlen == 0) ? SHA1_HASH_LEN :
	Index: head/sys/dev/glxsb/glxsb.c
	===================================================================
	--- head/sys/dev/glxsb/glxsb.c
	+++ head/sys/dev/glxsb/glxsb.c
	@@ -497,7 +497,6 @@
	case CSP_MODE_ETA:
	switch (csp->csp_auth_alg) {
	case CRYPTO_NULL_HMAC:
	- case CRYPTO_MD5_HMAC:
	case CRYPTO_SHA1_HMAC:
	case CRYPTO_RIPEMD160_HMAC:
	case CRYPTO_SHA2_256_HMAC:
	Index: head/sys/dev/hifn/hifn7751.c
	===================================================================
	--- head/sys/dev/hifn/hifn7751.c
	+++ head/sys/dev/hifn/hifn7751.c
	@@ -2296,7 +2296,6 @@
	switch (csp->csp_auth_alg) {
	case CRYPTO_SHA1:
	break;
	- case CRYPTO_MD5_HMAC:
	case CRYPTO_SHA1_HMAC:
	if (csp->csp_auth_klen > HIFN_MAC_KEY_LENGTH)
	return (false);
	@@ -2478,11 +2477,6 @@
	cmd->base_masks \|= HIFN_BASE_CMD_MAC;

	switch (csp->csp_auth_alg) {
	- case CRYPTO_MD5_HMAC:
	- cmd->mac_masks \|= HIFN_MAC_CMD_ALG_MD5 \|
	- HIFN_MAC_CMD_RESULT \| HIFN_MAC_CMD_MODE_HMAC \|
	- HIFN_MAC_CMD_POS_IPSEC \| HIFN_MAC_CMD_TRUNC;
	- break;
	case CRYPTO_SHA1:
	cmd->mac_masks \|= HIFN_MAC_CMD_ALG_SHA1 \|
	HIFN_MAC_CMD_RESULT \| HIFN_MAC_CMD_MODE_HASH \|
	@@ -2495,8 +2489,7 @@
	break;
	}

	- if (csp->csp_auth_alg == CRYPTO_SHA1_HMAC \|\|
	- csp->csp_auth_alg == CRYPTO_MD5_HMAC) {
	+ if (csp->csp_auth_alg == CRYPTO_SHA1_HMAC) {
	cmd->mac_masks \|= HIFN_MAC_CMD_NEW_KEY;
	if (crp->crp_auth_key != NULL)
	mackey = crp->crp_auth_key;
	Index: head/sys/dev/safe/safe.c
	===================================================================
	--- head/sys/dev/safe/safe.c
	+++ head/sys/dev/safe/safe.c
	@@ -638,28 +638,17 @@
	safe_setup_mackey(struct safe_session ses, int algo, const uint8_t key,
	int klen)
	{
	- MD5_CTX md5ctx;
	SHA1_CTX sha1ctx;
	int i;

	- if (algo == CRYPTO_MD5_HMAC) {
	- hmac_init_ipad(&auth_hash_hmac_md5, key, klen, &md5ctx);
	- bcopy(md5ctx.state, ses->ses_hminner, sizeof(md5ctx.state));
	+ hmac_init_ipad(&auth_hash_hmac_sha1, key, klen, &sha1ctx);
	+ bcopy(sha1ctx.h.b32, ses->ses_hminner, sizeof(sha1ctx.h.b32));

	- hmac_init_opad(&auth_hash_hmac_md5, key, klen, &md5ctx);
	- bcopy(md5ctx.state, ses->ses_hmouter, sizeof(md5ctx.state));
	+ hmac_init_opad(&auth_hash_hmac_sha1, key, klen, &sha1ctx);
	+ bcopy(sha1ctx.h.b32, ses->ses_hmouter, sizeof(sha1ctx.h.b32));

	- explicit_bzero(&md5ctx, sizeof(md5ctx));
	- } else {
	- hmac_init_ipad(&auth_hash_hmac_sha1, key, klen, &sha1ctx);
	- bcopy(sha1ctx.h.b32, ses->ses_hminner, sizeof(sha1ctx.h.b32));
	+ explicit_bzero(&sha1ctx, sizeof(sha1ctx));

	- hmac_init_opad(&auth_hash_hmac_sha1, key, klen, &sha1ctx);
	- bcopy(sha1ctx.h.b32, ses->ses_hmouter, sizeof(sha1ctx.h.b32));
	-
	- explicit_bzero(&sha1ctx, sizeof(sha1ctx));
	- }
	-
	/* PE is little-endian, insure proper byte order */
	for (i = 0; i < N(ses->ses_hminner); i++) {
	ses->ses_hminner[i] = htole32(ses->ses_hminner[i]);
	@@ -674,10 +663,6 @@
	{

	switch (csp->csp_auth_alg) {
	- case CRYPTO_MD5_HMAC:
	- if ((sc->sc_devinfo & SAFE_DEVINFO_MD5) == 0)
	- return (false);
	- break;
	case CRYPTO_SHA1_HMAC:
	if ((sc->sc_devinfo & SAFE_DEVINFO_SHA1) == 0)
	return (false);
	@@ -755,10 +740,7 @@
	if (csp->csp_auth_alg != 0) {
	ses->ses_mlen = csp->csp_auth_mlen;
	if (ses->ses_mlen == 0) {
	- if (csp->csp_auth_alg == CRYPTO_MD5_HMAC)
	- ses->ses_mlen = MD5_HASH_LEN;
	- else
	- ses->ses_mlen = SHA1_HASH_LEN;
	+ ses->ses_mlen = SHA1_HASH_LEN;
	}

	if (csp->csp_auth_key != NULL) {
	@@ -907,10 +889,6 @@
	}

	switch (csp->csp_auth_alg) {
	- case CRYPTO_MD5_HMAC:
	- cmd0 \|= SAFE_SA_CMD0_MD5;
	- cmd1 \|= SAFE_SA_CMD1_HMAC; /* NB: enable HMAC */
	- break;
	case CRYPTO_SHA1_HMAC:
	cmd0 \|= SAFE_SA_CMD0_SHA1;
	cmd1 \|= SAFE_SA_CMD1_HMAC; /* NB: enable HMAC */
	Index: head/sys/dev/sec/sec.c
	===================================================================
	--- head/sys/dev/sec/sec.c
	+++ head/sys/dev/sec/sec.c
	@@ -1158,7 +1158,6 @@
	if (sc->sc_version < 3)
	return (false);
	/* FALLTHROUGH */
	- case CRYPTO_MD5_HMAC:
	case CRYPTO_SHA1_HMAC:
	case CRYPTO_SHA2_256_HMAC:
	if (csp->csp_auth_klen > SEC_MAX_KEY_LEN)
	@@ -1465,7 +1464,6 @@
	{
	switch (alg) {
	case CRYPTO_SHA1:
	- case CRYPTO_MD5_HMAC:
	case CRYPTO_SHA1_HMAC:
	case CRYPTO_SHA2_256_HMAC:
	case CRYPTO_SHA2_384_HMAC:
	@@ -1485,12 +1483,6 @@
	*eu = SEC_EU_NONE;

	switch (csp->csp_auth_alg) {
	- case CRYPTO_MD5_HMAC:
	- *mode \|= SEC_MDEU_MODE_HMAC;
	- *eu = SEC_EU_MDEU_A;
	- *mode \|= SEC_MDEU_MODE_MD5;
	- *hashlen = MD5_HASH_LEN;
	- break;
	case CRYPTO_SHA1_HMAC:
	*mode \|= SEC_MDEU_MODE_HMAC;
	/* FALLTHROUGH */
	Index: head/sys/mips/cavium/cryptocteon/cavium_crypto.c
	===================================================================
	--- head/sys/mips/cavium/cryptocteon/cavium_crypto.c
	+++ head/sys/mips/cavium/cryptocteon/cavium_crypto.c
	@@ -458,104 +458,6 @@
	}

	/****************************************************************************/
	-/* MD5 */
	-
	-int
	-octo_null_md5_encrypt(
	- struct octo_sess *od,
	- struct iovec *iov, size_t iovcnt, size_t iovlen,
	- int auth_off, int auth_len,
	- int crypt_off, int crypt_len,
	- uint8_t icv, uint8_t ivp)
	-{
	- int next = 0;
	- uint64_t *data;
	- uint64_t tmp1, tmp2;
	- int data_i, data_l, alen = auth_len;
	-
	- dprintf("%s()\n", __func__);
	-
	- if (__predict_false(od == NULL \|\| iov==NULL \|\| iovlen==0 \|\|
	- (auth_off & 0x7) \|\| (auth_off + auth_len > iovlen))) {
	- dprintf("%s: Bad parameters od=%p iov=%p iovlen=%jd "
	- "auth_off=%d auth_len=%d crypt_off=%d crypt_len=%d "
	- "icv=%p ivp=%p\n", __func__, od, iov, iovlen,
	- auth_off, auth_len, crypt_off, crypt_len, icv, ivp);
	- return -EINVAL;
	- }
	-
	- IOV_INIT(iov, data, data_i, data_l);
	-
	- /* Load MD5 IV */
	- CVMX_MT_HSH_IV(od->octo_hminner[0], 0);
	- CVMX_MT_HSH_IV(od->octo_hminner[1], 1);
	-
	- while (auth_off > 0) {
	- IOV_CONSUME(iov, data, data_i, data_l);
	- auth_off -= 8;
	- }
	-
	- while (auth_len > 0) {
	- CVM_LOAD_MD5_UNIT(*data, next);
	- auth_len -= 8;
	- IOV_CONSUME(iov, data, data_i, data_l);
	- }
	-
	- /* finish the hash */
	- CVMX_PREFETCH0(od->octo_hmouter);
	-#if 0
	- if (__predict_false(inplen)) {
	- uint64_t tmp = 0;
	- uint8_t p = (uint8_t ) & tmp;
	- p[inplen] = 0x80;
	- do {
	- inplen--;
	- p[inplen] = ((uint8_t *) data)[inplen];
	- } while (inplen);
	- CVM_LOAD_MD5_UNIT(tmp, next);
	- } else {
	- CVM_LOAD_MD5_UNIT(0x8000000000000000ULL, next);
	- }
	-#else
	- CVM_LOAD_MD5_UNIT(0x8000000000000000ULL, next);
	-#endif
	-
	- /* Finish Inner hash */
	- while (next != 7) {
	- CVM_LOAD_MD5_UNIT(((uint64_t) 0x0ULL), next);
	- }
	- CVMX_ES64(tmp1, ((alen + 64) << 3));
	- CVM_LOAD_MD5_UNIT(tmp1, next);
	-
	- /* Get the inner hash of HMAC */
	- CVMX_MF_HSH_IV(tmp1, 0);
	- CVMX_MF_HSH_IV(tmp2, 1);
	-
	- /* Initialize hash unit */
	- CVMX_MT_HSH_IV(od->octo_hmouter[0], 0);
	- CVMX_MT_HSH_IV(od->octo_hmouter[1], 1);
	-
	- CVMX_MT_HSH_DAT(tmp1, 0);
	- CVMX_MT_HSH_DAT(tmp2, 1);
	- CVMX_MT_HSH_DAT(0x8000000000000000ULL, 2);
	- CVMX_MT_HSH_DATZ(3);
	- CVMX_MT_HSH_DATZ(4);
	- CVMX_MT_HSH_DATZ(5);
	- CVMX_MT_HSH_DATZ(6);
	- CVMX_ES64(tmp1, ((64 + 16) << 3));
	- CVMX_MT_HSH_STARTMD5(tmp1);
	-
	- /* save the HMAC */
	- data = (uint64_t *)icv;
	- CVMX_MF_HSH_IV(*data, 0);
	- data++;
	- CVMX_MF_HSH_IV(tmp1, 1);
	- (uint32_t )data = (uint32_t) (tmp1 >> 32);
	-
	- return 0;
	-}
	-
	-/****************************************************************************/
	/* SHA1 */

	int
	@@ -652,351 +554,6 @@
	data++;
	CVMX_MF_HSH_IV(tmp1, 1);
	(uint32_t )data = (uint32_t) (tmp1 >> 32);
	-
	- return 0;
	-}
	-
	-/****************************************************************************/
	-/* AES MD5 */
	-
	-int
	-octo_aes_cbc_md5_encrypt(
	- struct octo_sess *od,
	- struct iovec *iov, size_t iovcnt, size_t iovlen,
	- int auth_off, int auth_len,
	- int crypt_off, int crypt_len,
	- uint8_t icv, uint8_t ivp)
	-{
	- int next = 0;
	- union {
	- uint32_t data32[2];
	- uint64_t data64[1];
	- } mydata[2];
	- uint64_t *pdata = &mydata[0].data64[0];
	- uint64_t *data = &mydata[1].data64[0];
	- uint32_t *data32;
	- uint64_t tmp1, tmp2;
	- int data_i, data_l, alen = auth_len;
	-
	- dprintf("%s()\n", __func__);
	-
	- if (__predict_false(od == NULL \|\| iov==NULL \|\| iovlen==0 \|\| ivp==NULL \|\|
	- (crypt_off & 0x3) \|\| (crypt_off + crypt_len > iovlen) \|\|
	- (crypt_len & 0x7) \|\|
	- (auth_len & 0x7) \|\|
	- (auth_off & 0x3) \|\| (auth_off + auth_len > iovlen))) {
	- dprintf("%s: Bad parameters od=%p iov=%p iovlen=%jd "
	- "auth_off=%d auth_len=%d crypt_off=%d crypt_len=%d "
	- "icv=%p ivp=%p\n", __func__, od, iov, iovlen,
	- auth_off, auth_len, crypt_off, crypt_len, icv, ivp);
	- return -EINVAL;
	- }
	-
	- IOV_INIT(iov, data32, data_i, data_l);
	-
	- CVMX_PREFETCH0(ivp);
	- CVMX_PREFETCH0(od->octo_enckey);
	-
	- /* load AES Key */
	- CVMX_MT_AES_KEY(((uint64_t *) od->octo_enckey)[0], 0);
	- CVMX_MT_AES_KEY(((uint64_t *) od->octo_enckey)[1], 1);
	-
	- if (od->octo_encklen == 16) {
	- CVMX_MT_AES_KEY(0x0, 2);
	- CVMX_MT_AES_KEY(0x0, 3);
	- } else if (od->octo_encklen == 24) {
	- CVMX_MT_AES_KEY(((uint64_t *) od->octo_enckey)[2], 2);
	- CVMX_MT_AES_KEY(0x0, 3);
	- } else if (od->octo_encklen == 32) {
	- CVMX_MT_AES_KEY(((uint64_t *) od->octo_enckey)[2], 2);
	- CVMX_MT_AES_KEY(((uint64_t *) od->octo_enckey)[3], 3);
	- } else {
	- dprintf("%s: Bad key length %d\n", __func__, od->octo_encklen);
	- return -EINVAL;
	- }
	- CVMX_MT_AES_KEYLENGTH(od->octo_encklen / 8 - 1);
	-
	- CVMX_MT_AES_IV(((uint64_t *) ivp)[0], 0);
	- CVMX_MT_AES_IV(((uint64_t *) ivp)[1], 1);
	-
	- /* Load MD5 IV */
	- CVMX_MT_HSH_IV(od->octo_hminner[0], 0);
	- CVMX_MT_HSH_IV(od->octo_hminner[1], 1);
	-
	- while (crypt_off > 0 && auth_off > 0) {
	- IOV_CONSUME(iov, data32, data_i, data_l);
	- crypt_off -= 4;
	- auth_off -= 4;
	- }
	-
	- while (crypt_len > 0 \|\| auth_len > 0) {
	- uint32_t *pdata32[3];
	-
	- pdata32[0] = data32;
	- mydata[0].data32[0] = *data32;
	- IOV_CONSUME(iov, data32, data_i, data_l);
	-
	- pdata32[1] = data32;
	- mydata[0].data32[1] = *data32;
	- IOV_CONSUME(iov, data32, data_i, data_l);
	-
	- pdata32[2] = data32;
	- mydata[1].data32[0] = *data32;
	- IOV_CONSUME(iov, data32, data_i, data_l);
	-
	- mydata[1].data32[1] = *data32;
	-
	-
	- if (crypt_off <= 0) {
	- if (crypt_len > 0) {
	- CVMX_MT_AES_ENC_CBC0(*pdata);
	- CVMX_MT_AES_ENC_CBC1(*data);
	- CVMX_MF_AES_RESULT(*pdata, 0);
	- CVMX_MF_AES_RESULT(*data, 1);
	- crypt_len -= 16;
	- }
	- } else
	- crypt_off -= 16;
	-
	- if (auth_off <= 0) {
	- if (auth_len > 0) {
	- CVM_LOAD_MD5_UNIT(*pdata, next);
	- CVM_LOAD_MD5_UNIT(*data, next);
	- auth_len -= 16;
	- }
	- } else
	- auth_off -= 16;
	-
	- *pdata32[0] = mydata[0].data32[0];
	- *pdata32[1] = mydata[0].data32[1];
	- *pdata32[2] = mydata[1].data32[0];
	- *data32 = mydata[1].data32[1];
	-
	- IOV_CONSUME(iov, data32, data_i, data_l);
	- }
	-
	- /* finish the hash */
	- CVMX_PREFETCH0(od->octo_hmouter);
	-#if 0
	- if (__predict_false(inplen)) {
	- uint64_t tmp = 0;
	- uint8_t p = (uint8_t ) & tmp;
	- p[inplen] = 0x80;
	- do {
	- inplen--;
	- p[inplen] = ((uint8_t *) data)[inplen];
	- } while (inplen);
	- CVM_LOAD_MD5_UNIT(tmp, next);
	- } else {
	- CVM_LOAD_MD5_UNIT(0x8000000000000000ULL, next);
	- }
	-#else
	- CVM_LOAD_MD5_UNIT(0x8000000000000000ULL, next);
	-#endif
	-
	- /* Finish Inner hash */
	- while (next != 7) {
	- CVM_LOAD_MD5_UNIT(((uint64_t) 0x0ULL), next);
	- }
	- CVMX_ES64(tmp1, ((alen + 64) << 3));
	- CVM_LOAD_MD5_UNIT(tmp1, next);
	-
	- /* Get the inner hash of HMAC */
	- CVMX_MF_HSH_IV(tmp1, 0);
	- CVMX_MF_HSH_IV(tmp2, 1);
	-
	- /* Initialize hash unit */
	- CVMX_MT_HSH_IV(od->octo_hmouter[0], 0);
	- CVMX_MT_HSH_IV(od->octo_hmouter[1], 1);
	-
	- CVMX_MT_HSH_DAT(tmp1, 0);
	- CVMX_MT_HSH_DAT(tmp2, 1);
	- CVMX_MT_HSH_DAT(0x8000000000000000ULL, 2);
	- CVMX_MT_HSH_DATZ(3);
	- CVMX_MT_HSH_DATZ(4);
	- CVMX_MT_HSH_DATZ(5);
	- CVMX_MT_HSH_DATZ(6);
	- CVMX_ES64(tmp1, ((64 + 16) << 3));
	- CVMX_MT_HSH_STARTMD5(tmp1);
	-
	- /* save the HMAC */
	- data32 = (uint32_t *)icv;
	- CVMX_MF_HSH_IV(tmp1, 0);
	- *data32 = (uint32_t) (tmp1 >> 32);
	- data32++;
	- *data32 = (uint32_t) tmp1;
	- data32++;
	- CVMX_MF_HSH_IV(tmp1, 1);
	- *data32 = (uint32_t) (tmp1 >> 32);
	-
	- return 0;
	-}
	-
	-int
	-octo_aes_cbc_md5_decrypt(
	- struct octo_sess *od,
	- struct iovec *iov, size_t iovcnt, size_t iovlen,
	- int auth_off, int auth_len,
	- int crypt_off, int crypt_len,
	- uint8_t icv, uint8_t ivp)
	-{
	- int next = 0;
	- union {
	- uint32_t data32[2];
	- uint64_t data64[1];
	- } mydata[2];
	- uint64_t *pdata = &mydata[0].data64[0];
	- uint64_t *data = &mydata[1].data64[0];
	- uint32_t *data32;
	- uint64_t tmp1, tmp2;
	- int data_i, data_l, alen = auth_len;
	-
	- dprintf("%s()\n", __func__);
	-
	- if (__predict_false(od == NULL \|\| iov==NULL \|\| iovlen==0 \|\| ivp==NULL \|\|
	- (crypt_off & 0x3) \|\| (crypt_off + crypt_len > iovlen) \|\|
	- (crypt_len & 0x7) \|\|
	- (auth_len & 0x7) \|\|
	- (auth_off & 0x3) \|\| (auth_off + auth_len > iovlen))) {
	- dprintf("%s: Bad parameters od=%p iov=%p iovlen=%jd "
	- "auth_off=%d auth_len=%d crypt_off=%d crypt_len=%d "
	- "icv=%p ivp=%p\n", __func__, od, iov, iovlen,
	- auth_off, auth_len, crypt_off, crypt_len, icv, ivp);
	- return -EINVAL;
	- }
	-
	- IOV_INIT(iov, data32, data_i, data_l);
	-
	- CVMX_PREFETCH0(ivp);
	- CVMX_PREFETCH0(od->octo_enckey);
	-
	- /* load AES Key */
	- CVMX_MT_AES_KEY(((uint64_t *) od->octo_enckey)[0], 0);
	- CVMX_MT_AES_KEY(((uint64_t *) od->octo_enckey)[1], 1);
	-
	- if (od->octo_encklen == 16) {
	- CVMX_MT_AES_KEY(0x0, 2);
	- CVMX_MT_AES_KEY(0x0, 3);
	- } else if (od->octo_encklen == 24) {
	- CVMX_MT_AES_KEY(((uint64_t *) od->octo_enckey)[2], 2);
	- CVMX_MT_AES_KEY(0x0, 3);
	- } else if (od->octo_encklen == 32) {
	- CVMX_MT_AES_KEY(((uint64_t *) od->octo_enckey)[2], 2);
	- CVMX_MT_AES_KEY(((uint64_t *) od->octo_enckey)[3], 3);
	- } else {
	- dprintf("%s: Bad key length %d\n", __func__, od->octo_encklen);
	- return -EINVAL;
	- }
	- CVMX_MT_AES_KEYLENGTH(od->octo_encklen / 8 - 1);
	-
	- CVMX_MT_AES_IV(((uint64_t *) ivp)[0], 0);
	- CVMX_MT_AES_IV(((uint64_t *) ivp)[1], 1);
	-
	- /* Load MD5 IV */
	- CVMX_MT_HSH_IV(od->octo_hminner[0], 0);
	- CVMX_MT_HSH_IV(od->octo_hminner[1], 1);
	-
	- while (crypt_off > 0 && auth_off > 0) {
	- IOV_CONSUME(iov, data32, data_i, data_l);
	- crypt_off -= 4;
	- auth_off -= 4;
	- }
	-
	- while (crypt_len > 0 \|\| auth_len > 0) {
	- uint32_t *pdata32[3];
	-
	- pdata32[0] = data32;
	- mydata[0].data32[0] = *data32;
	- IOV_CONSUME(iov, data32, data_i, data_l);
	- pdata32[1] = data32;
	- mydata[0].data32[1] = *data32;
	- IOV_CONSUME(iov, data32, data_i, data_l);
	- pdata32[2] = data32;
	- mydata[1].data32[0] = *data32;
	- IOV_CONSUME(iov, data32, data_i, data_l);
	- mydata[1].data32[1] = *data32;
	-
	- if (auth_off <= 0) {
	- if (auth_len > 0) {
	- CVM_LOAD_MD5_UNIT(*pdata, next);
	- CVM_LOAD_MD5_UNIT(*data, next);
	- auth_len -= 16;
	- }
	- } else
	- auth_off -= 16;
	-
	- if (crypt_off <= 0) {
	- if (crypt_len > 0) {
	- CVMX_MT_AES_DEC_CBC0(*pdata);
	- CVMX_MT_AES_DEC_CBC1(*data);
	- CVMX_MF_AES_RESULT(*pdata, 0);
	- CVMX_MF_AES_RESULT(*data, 1);
	- crypt_len -= 16;
	- }
	- } else
	- crypt_off -= 16;
	-
	- *pdata32[0] = mydata[0].data32[0];
	- *pdata32[1] = mydata[0].data32[1];
	- *pdata32[2] = mydata[1].data32[0];
	- *data32 = mydata[1].data32[1];
	-
	- IOV_CONSUME(iov, data32, data_i, data_l);
	- }
	-
	- /* finish the hash */
	- CVMX_PREFETCH0(od->octo_hmouter);
	-#if 0
	- if (__predict_false(inplen)) {
	- uint64_t tmp = 0;
	- uint8_t p = (uint8_t ) & tmp;
	- p[inplen] = 0x80;
	- do {
	- inplen--;
	- p[inplen] = ((uint8_t *) data)[inplen];
	- } while (inplen);
	- CVM_LOAD_MD5_UNIT(tmp, next);
	- } else {
	- CVM_LOAD_MD5_UNIT(0x8000000000000000ULL, next);
	- }
	-#else
	- CVM_LOAD_MD5_UNIT(0x8000000000000000ULL, next);
	-#endif
	-
	- /* Finish Inner hash */
	- while (next != 7) {
	- CVM_LOAD_MD5_UNIT(((uint64_t) 0x0ULL), next);
	- }
	- CVMX_ES64(tmp1, ((alen + 64) << 3));
	- CVM_LOAD_MD5_UNIT(tmp1, next);
	-
	- /* Get the inner hash of HMAC */
	- CVMX_MF_HSH_IV(tmp1, 0);
	- CVMX_MF_HSH_IV(tmp2, 1);
	-
	- /* Initialize hash unit */
	- CVMX_MT_HSH_IV(od->octo_hmouter[0], 0);
	- CVMX_MT_HSH_IV(od->octo_hmouter[1], 1);
	-
	- CVMX_MT_HSH_DAT(tmp1, 0);
	- CVMX_MT_HSH_DAT(tmp2, 1);
	- CVMX_MT_HSH_DAT(0x8000000000000000ULL, 2);
	- CVMX_MT_HSH_DATZ(3);
	- CVMX_MT_HSH_DATZ(4);
	- CVMX_MT_HSH_DATZ(5);
	- CVMX_MT_HSH_DATZ(6);
	- CVMX_ES64(tmp1, ((64 + 16) << 3));
	- CVMX_MT_HSH_STARTMD5(tmp1);
	-
	- /* save the HMAC */
	- data32 = (uint32_t *)icv;
	- CVMX_MF_HSH_IV(tmp1, 0);
	- *data32 = (uint32_t) (tmp1 >> 32);
	- data32++;
	- *data32 = (uint32_t) tmp1;
	- data32++;
	- CVMX_MF_HSH_IV(tmp1, 1);
	- *data32 = (uint32_t) (tmp1 >> 32);

	return 0;
	}
	Index: head/sys/mips/cavium/cryptocteon/cryptocteon.c
	===================================================================
	--- head/sys/mips/cavium/cryptocteon/cryptocteon.c
	+++ head/sys/mips/cavium/cryptocteon/cryptocteon.c
	@@ -101,9 +101,6 @@
	u_int hash_len;

	switch (csp->csp_auth_alg) {
	- case CRYPTO_MD5_HMAC:
	- hash_len = MD5_HASH_LEN;
	- break;
	case CRYPTO_SHA1_HMAC:
	hash_len = SHA1_HASH_LEN;
	break;
	@@ -197,9 +194,6 @@
	ocd->octo_mlen = csp->csp_auth_mlen;
	if (csp->csp_auth_mlen == 0) {
	switch (csp->csp_auth_alg) {
	- case CRYPTO_MD5_HMAC:
	- ocd->octo_mlen = MD5_HASH_LEN;
	- break;
	case CRYPTO_SHA1_HMAC:
	ocd->octo_mlen = SHA1_HASH_LEN;
	break;
	@@ -209,10 +203,6 @@
	switch (csp->csp_mode) {
	case CSP_MODE_DIGEST:
	switch (csp->csp_auth_alg) {
	- case CRYPTO_MD5_HMAC:
	- ocd->octo_encrypt = octo_null_md5_encrypt;
	- ocd->octo_decrypt = octo_null_md5_encrypt;
	- break;
	case CRYPTO_SHA1_HMAC:
	ocd->octo_encrypt = octo_null_sha1_encrypt;
	ocd->octo_decrypt = octo_null_sha1_encrypt;
	@@ -231,10 +221,6 @@
	switch (csp->csp_cipher_alg) {
	case CRYPTO_AES_CBC:
	switch (csp->csp_auth_alg) {
	- case CRYPTO_MD5_HMAC:
	- ocd->octo_encrypt = octo_aes_cbc_md5_encrypt;
	- ocd->octo_decrypt = octo_aes_cbc_md5_decrypt;
	- break;
	case CRYPTO_SHA1_HMAC:
	ocd->octo_encrypt = octo_aes_cbc_sha1_encrypt;
	ocd->octo_decrypt = octo_aes_cbc_sha1_decrypt;
	Index: head/sys/mips/cavium/cryptocteon/cryptocteonvar.h
	===================================================================
	--- head/sys/mips/cavium/cryptocteon/cryptocteonvar.h
	+++ head/sys/mips/cavium/cryptocteon/cryptocteonvar.h
	@@ -64,15 +64,12 @@
	void octo_calc_hash(uint8_t, unsigned char , uint64_t , uint64_t *);

	/* XXX Actually just hashing functions, not encryption. */
	-octo_encrypt_t octo_null_md5_encrypt;
	octo_encrypt_t octo_null_sha1_encrypt;

	octo_encrypt_t octo_aes_cbc_encrypt;
	-octo_encrypt_t octo_aes_cbc_md5_encrypt;
	octo_encrypt_t octo_aes_cbc_sha1_encrypt;

	octo_decrypt_t octo_aes_cbc_decrypt;
	-octo_decrypt_t octo_aes_cbc_md5_decrypt;
	octo_decrypt_t octo_aes_cbc_sha1_decrypt;

	#endif /* !_MIPS_CAVIUM_CRYPTOCTEON_CRYPTOCTEONVAR_H_ */
	Index: head/sys/mips/nlm/dev/sec/nlmsec.c
	===================================================================
	--- head/sys/mips/nlm/dev/sec/nlmsec.c
	+++ head/sys/mips/nlm/dev/sec/nlmsec.c
	@@ -377,7 +377,6 @@

	switch (csp->csp_auth_alg) {
	case CRYPTO_SHA1:
	- case CRYPTO_MD5_HMAC:
	case CRYPTO_SHA1_HMAC:
	break;
	default:
	Index: head/sys/mips/nlm/dev/sec/nlmseclib.c
	===================================================================
	--- head/sys/mips/nlm/dev/sec/nlmseclib.c
	+++ head/sys/mips/nlm/dev/sec/nlmseclib.c
	@@ -253,10 +253,6 @@
	cmd->hashalg = NLM_HASH_SHA;
	cmd->hashmode = NLM_HASH_MODE_SHA1;
	break;
	- case CRYPTO_MD5_HMAC:
	- cmd->hashalg = NLM_HASH_MD5;
	- cmd->hashmode = NLM_HASH_MODE_SHA1;
	- break;
	case CRYPTO_SHA1_HMAC:
	cmd->hashalg = NLM_HASH_SHA;
	cmd->hashmode = NLM_HASH_MODE_SHA1;
	Index: head/sys/opencrypto/crypto.c
	===================================================================
	--- head/sys/opencrypto/crypto.c
	+++ head/sys/opencrypto/crypto.c
	@@ -530,8 +530,6 @@
	{

	switch (csp->csp_auth_alg) {
	- case CRYPTO_MD5_HMAC:
	- return (&auth_hash_hmac_md5);
	case CRYPTO_SHA1_HMAC:
	return (&auth_hash_hmac_sha1);
	case CRYPTO_SHA2_224_HMAC:
	@@ -674,7 +672,6 @@
	ALG_COMPRESSION,
	ALG_AEAD
	} alg_types[] = {
	- [CRYPTO_MD5_HMAC] = ALG_KEYED_DIGEST,
	[CRYPTO_SHA1_HMAC] = ALG_KEYED_DIGEST,
	[CRYPTO_RIPEMD160_HMAC] = ALG_KEYED_DIGEST,
	[CRYPTO_AES_CBC] = ALG_CIPHER,
	Index: head/sys/opencrypto/cryptodev.h
	===================================================================
	--- head/sys/opencrypto/cryptodev.h
	+++ head/sys/opencrypto/cryptodev.h
	@@ -74,7 +74,6 @@

	/* Hash values */
	#define NULL_HASH_LEN 16
	-#define MD5_HASH_LEN 16
	#define SHA1_HASH_LEN 20
	#define RIPEMD160_HASH_LEN 20
	#define SHA2_224_HASH_LEN 28
	@@ -87,7 +86,6 @@
	/* Maximum hash algorithm result length */
	#define HASH_MAX_LEN SHA2_512_HASH_LEN /* Keep this updated */

	-#define MD5_BLOCK_LEN 64
	#define SHA1_BLOCK_LEN 64
	#define RIPEMD160_BLOCK_LEN 64
	#define SHA2_224_BLOCK_LEN 64
	@@ -210,7 +208,7 @@
	/* NB: deprecated */
	struct session_op {
	u_int32_t cipher; /* ie. CRYPTO_AES_CBC */
	- u_int32_t mac; /* ie. CRYPTO_MD5_HMAC */
	+ u_int32_t mac; /* ie. CRYPTO_SHA2_256_HMAC */

	u_int32_t keylen; /* cipher key */
	c_caddr_t key;
	@@ -227,7 +225,7 @@
	*/
	struct session2_op {
	u_int32_t cipher; /* ie. CRYPTO_AES_CBC */
	- u_int32_t mac; /* ie. CRYPTO_MD5_HMAC */
	+ u_int32_t mac; /* ie. CRYPTO_SHA2_256_HMAC */

	u_int32_t keylen; /* cipher key */
	c_caddr_t key;
	Index: head/sys/opencrypto/cryptosoft.c
	===================================================================
	--- head/sys/opencrypto/cryptosoft.c
	+++ head/sys/opencrypto/cryptosoft.c
	@@ -49,7 +49,6 @@

	#include <crypto/sha1.h>
	#include <opencrypto/rmd160.h>
	-#include <sys/md5.h>

	#include <opencrypto/cryptodev.h>
	#include <opencrypto/xform.h>
	@@ -336,7 +335,6 @@
	{

	switch (axf->type) {
	- case CRYPTO_MD5_HMAC:
	case CRYPTO_SHA1_HMAC:
	case CRYPTO_SHA2_224_HMAC:
	case CRYPTO_SHA2_256_HMAC:
	@@ -403,7 +401,6 @@
	axf->Final(aalg, &ctx);
	break;

	- case CRYPTO_MD5_HMAC:
	case CRYPTO_SHA1_HMAC:
	case CRYPTO_SHA2_224_HMAC:
	case CRYPTO_SHA2_256_HMAC:
	@@ -899,7 +896,6 @@
	return (ENOBUFS);

	switch (csp->csp_auth_alg) {
	- case CRYPTO_MD5_HMAC:
	case CRYPTO_SHA1_HMAC:
	case CRYPTO_SHA2_224_HMAC:
	case CRYPTO_SHA2_256_HMAC:
	@@ -1085,7 +1081,6 @@
	if (axf == NULL)
	return (false);
	switch (csp->csp_auth_alg) {
	- case CRYPTO_MD5_HMAC:
	case CRYPTO_SHA1_HMAC:
	case CRYPTO_SHA2_224_HMAC:
	case CRYPTO_SHA2_256_HMAC:
	Index: head/sys/opencrypto/xform.h
	===================================================================
	--- head/sys/opencrypto/xform.h
	+++ head/sys/opencrypto/xform.h
	@@ -31,7 +31,6 @@
	#ifndef _CRYPTO_XFORM_H_
	#define _CRYPTO_XFORM_H_

	-#include <sys/md5.h>
	#include <crypto/sha1.h>
	#include <crypto/sha2/sha256.h>
	#include <crypto/sha2/sha384.h>
	Index: head/sys/opencrypto/xform.c
	===================================================================
	--- head/sys/opencrypto/xform.c
	+++ head/sys/opencrypto/xform.c
	@@ -66,8 +66,6 @@
	#include <opencrypto/deflate.h>
	#include <opencrypto/rmd160.h>

	-#include <sys/md5.h>
	-
	#include <opencrypto/cryptodev.h>
	#include <opencrypto/xform.h>

	@@ -82,7 +80,6 @@

	/* Include the authentication and hashing algorithms */
	#include "xform_gmac.c"
	-#include "xform_md5.c"
	#include "xform_rmd160.c"
	#include "xform_sha1.c"
	#include "xform_sha2.c"
	Index: head/sys/opencrypto/xform_auth.h
	===================================================================
	--- head/sys/opencrypto/xform_auth.h
	+++ head/sys/opencrypto/xform_auth.h
	@@ -34,7 +34,6 @@
	#include <sys/malloc.h>
	#include <sys/errno.h>

	-#include <sys/md5.h>
	#include <crypto/sha1.h>
	#include <crypto/sha2/sha224.h>
	#include <crypto/sha2/sha256.h>
	@@ -66,7 +65,6 @@
	};

	extern struct auth_hash auth_hash_null;
	-extern struct auth_hash auth_hash_hmac_md5;
	extern struct auth_hash auth_hash_hmac_sha1;
	extern struct auth_hash auth_hash_hmac_ripemd_160;
	extern struct auth_hash auth_hash_hmac_sha2_224;
	@@ -89,7 +87,6 @@
	extern struct auth_hash auth_hash_ccm_cbc_mac_256;

	union authctx {
	- MD5_CTX md5ctx;
	SHA1_CTX sha1ctx;
	RMD160_CTX rmd160ctx;
	SHA224_CTX sha224ctx;
	Index: head/sys/opencrypto/xform_md5.c
	===================================================================
	--- head/sys/opencrypto/xform_md5.c
	+++ head/sys/opencrypto/xform_md5.c
	@@ -1,79 +0,0 @@
	-/* $OpenBSD: xform.c,v 1.16 2001/08/28 12:20:43 ben Exp $ */
	-/*-
	- * The authors of this code are John Ioannidis (ji@tla.org),
	- * Angelos D. Keromytis (kermit@csd.uch.gr),
	- * Niels Provos (provos@physnet.uni-hamburg.de) and
	- * Damien Miller (djm@mindrot.org).
	- *
	- * This code was written by John Ioannidis for BSD/OS in Athens, Greece,
	- * in November 1995.
	- *
	- * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996,
	- * by Angelos D. Keromytis.
	- *
	- * Additional transforms and features in 1997 and 1998 by Angelos D. Keromytis
	- * and Niels Provos.
	- *
	- * Additional features in 1999 by Angelos D. Keromytis.
	- *
	- * AES XTS implementation in 2008 by Damien Miller
	- *
	- * Copyright (C) 1995, 1996, 1997, 1998, 1999 by John Ioannidis,
	- * Angelos D. Keromytis and Niels Provos.
	- *
	- * Copyright (C) 2001, Angelos D. Keromytis.
	- *
	- * Copyright (C) 2008, Damien Miller
	- * Copyright (c) 2014 The FreeBSD Foundation
	- * All rights reserved.
	- *
	- * Portions of this software were developed by John-Mark Gurney
	- * under sponsorship of the FreeBSD Foundation and
	- * Rubicon Communications, LLC (Netgate).
	- *
	- * Permission to use, copy, and modify this software with or without fee
	- * is hereby granted, provided that this entire notice is included in
	- * all copies of any software which is or includes a copy or
	- * modification of this software.
	- * You may use this code under the GNU public license if you so wish. Please
	- * contribute changes back to the authors under this freer than GPL license
	- * so that we may further the use of strong encryption without limitations to
	- * all.
	- *
	- * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
	- * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY
	- * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
	- * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
	- * PURPOSE.
	- */
	-
	-#include <sys/cdefs.h>
	-__FBSDID("$FreeBSD$");
	-
	-#include <sys/md5.h>
	-#include <opencrypto/xform_auth.h>
	-
	-static int MD5Update_int(void , const u_int8_t , u_int16_t);
	-
	-/* Authentication instances */
	-struct auth_hash auth_hash_hmac_md5 = {
	- .type = CRYPTO_MD5_HMAC,
	- .name = "HMAC-MD5",
	- .keysize = MD5_BLOCK_LEN,
	- .hashsize = MD5_HASH_LEN,
	- .ctxsize = sizeof(MD5_CTX),
	- .blocksize = MD5_BLOCK_LEN,
	- .Init = (void () (void )) MD5Init,
	- .Update = MD5Update_int,
	- .Final = (void () (u_int8_t , void *)) MD5Final,
	-};
	-
	-/*
	- * And now for auth.
	- */
	-static int
	-MD5Update_int(void ctx, const u_int8_t buf, u_int16_t len)
	-{
	- MD5Update(ctx, buf, len);
	- return 0;
	-}

File Metadata

Mime Type: text/plain
Expires: Fri, Mar 20, 12:40 PM (9 h, 44 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 29974125
Default Alt Text: D24775.id71665.diff (29 KB)

D24775.id71665.diffNo OneTemporaryActions

D24775.id71665.diffView Options

File Metadata

Event Timeline

D24775.id71665.diff
No OneTemporary
Actions

D24775.id71665.diff
View Options