src/sys/opencrypto/cryptodev.c, branch release/12.4.0

Remove unused 32-bit compatibility structures from cryptodev.

2021-09-16T11:20:48+00:00

The counters are exported by a sysctl and have the same width on all
platforms anyway.

Reviewed by:	cem, delphij, jhb
Sponsored by:	Rubicon Communications, LLC (Netgate)
Differential Revision:	https://reviews.freebsd.org/D25465

(cherry picked from commit a5ae70f5a0554235c499016bec3a721adbb1043a)

MFC 366844: Mark asymmetric cryptography via OCF deprecated for 14.0.

2020-12-04T01:09:51+00:00

Only one MIPS-specific driver implements support for one of the
asymmetric operations.  There are no in-kernel users besides
/dev/crypto.  The only known user of the /dev/crypto interface was the
engine in OpenSSL releases before 1.1.0.  1.1.0 includes a rewritten
engine that does not use the asymmetric operations due to lack of
documentation.

MFC r363374:

2020-07-27T14:16:27+00:00

crypto(9): Stop checking for failures from malloc(M_WAITOK).

PR:	240545

MFC 356508: Use falloc_noinstall + finstall for crypto file descriptors.

2020-05-05T04:37:05+00:00

MFC 356561: Add stricter checking on mac key lengths.

2020-01-20T11:54:00+00:00

Negative lengths are always invalid.  The key length should also
be zero for hash algorithms that do not accept a key.

admbugs:	949

MFC 356507,356520: Add a reference count to cryptodev sessions.

2020-01-20T11:19:55+00:00

356507:
Add a reference count to cryptodev sessions.

This prevents use-after-free races with crypto requests (which may
sleep) and CIOCFSESSION as well as races from current CIOCFSESSION
requests.

356520:
Remove no-longer-used function prototype.

admbugs:	949
Sponsored by:	Chelsio Communications

MFC 351557: Adjust the deprecated warnings for /dev/crypto to be less noisy.

2019-10-07T20:41:55+00:00

Warn when actual operations are performed instead of when sessions are
created.  The /dev/crypto engine in OpenSSL 1.0.x tries to create
sessions for all possible algorithms each time it is initialized
resulting in spurious warnings.

MFC 348970,348974:

2019-08-21T22:42:08+00:00

Make the warning intervals for deprecated crypto algorithms tunable.

348970:
Make the warning intervals for deprecated crypto algorithms tunable.

New sysctl/tunables can now set the interval (in seconds) between
rate-limited crypto warnings.  The new sysctls are:
- kern.cryptodev_warn_interval for /dev/crypto
- net.inet.ipsec.crypto_warn_interval for IPsec
- kern.kgssapi_warn_interval for KGSSAPI

348974:
Move declaration of warninterval out from under COMPAT_FREEBSD32.

This fixes builds of kernels without COMPAT_FREEBSD32.

MFC 348876: Add warnings to /dev/crypto for deprecated algorithms.

2019-08-20T01:30:35+00:00

These algorithms are deprecated algorithms that will have no in-kernel
consumers in FreeBSD 13.  Specifically, deprecate the following
algorithms:
- ARC4
- Blowfish
- CAST128
- DES
- 3DES
- MD5-HMAC
- Skipjack

Relnotes:	yes

MFC r344140,r344141,r344142,r344143,r344388,r344547

2019-03-14T02:46:03+00:00

r344140:
Add CBC-MAC authentication.

r344141:
Add AES-CCM encryption, and plumb into OCF.

r344142:
Pasting in a source control line missed the last quote.  Fixed.

r344143:
Fix another issue from r344141, having to do with size of a shift amount.
This did not show up in my testing.

r344388:
It turns out that setting the IV length is necessary with CCM in OpenSSL.
This adds that back.

r344547:
Fix another bug introduced during the review process of r344140:
the tag wasn't being computed properly due to chaning a >= comparison
to an == comparison.