Remove support for keyed MD5 and SHA1 authentication hashes.

They no longer have any in-tree consumers.  Note that these are a
different from MD5-HMAC and SHA1-HMAC and were only used with IPsec.

Reviewed by:	cem
Relnotes:	yes
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D24770

1 files changed, 2 insertions, 61 deletions

diff --git a/sys/opencrypto/cryptosoft.c b/sys/opencrypto/cryptosoft.c
index a14e0f2bd4a6..5ef38e4c22ca 100644
--- a/sys/opencrypto/cryptosoft.c
+++ b/sys/opencrypto/cryptosoft.c
@@ -64,7 +64,6 @@ struct swcr_auth {
 	void		*sw_octx;
 	struct auth_hash *sw_axf;
 	uint16_t	sw_mlen;
-	uint16_t	sw_octx_len;
 };
 
 struct swcr_encdec {
@@ -349,27 +348,6 @@ swcr_authprepare(struct auth_hash *axf, struct swcr_auth *sw,
 		hmac_init_ipad(axf, key, klen, sw->sw_ictx);
 		hmac_init_opad(axf, key, klen, sw->sw_octx);
 		break;
-	case CRYPTO_MD5_KPDK:
-	case CRYPTO_SHA1_KPDK:
-	{
-		/* 
-		 * We need a buffer that can hold an md5 and a sha1 result
-		 * just to throw it away.
-		 * What we do here is the initial part of:
-		 *   ALGO( key, keyfill, .. )
-		 * adding the key to sw_ictx and abusing Final() to get the
-		 * "keyfill" padding.
-		 * In addition we abuse the sw_octx to save the key to have
-		 * it to be able to append it at the end in swcr_authcompute().
-		 */
-		u_char buf[SHA1_RESULTLEN];
-
-		bcopy(key, sw->sw_octx, klen);
-		axf->Init(sw->sw_ictx);
-		axf->Update(sw->sw_ictx, key, klen);
-		axf->Final(buf, sw->sw_ictx);
-		break;
-	}
 	case CRYPTO_POLY1305:
 	case CRYPTO_BLAKE2B:
 	case CRYPTO_BLAKE2S:
@@ -442,23 +420,6 @@ swcr_authcompute(struct swcr_session *ses, struct cryptop *crp)
 		axf->Final(aalg, &ctx);
 		break;
 
-	case CRYPTO_MD5_KPDK:
-	case CRYPTO_SHA1_KPDK:
-		/* If we have no key saved, return error. */
-		if (sw->sw_octx == NULL)
-			return EINVAL;
-
-		/*
-		 * Add the trailing copy of the key (see comment in
-		 * swcr_authprepare()) after the data:
-		 *   ALGO( .., key, algofill )
-		 * and let Final() do the proper, natural "algofill"
-		 * padding.
-		 */
-		axf->Update(&ctx, sw->sw_octx, sw->sw_octx_len);
-		axf->Final(aalg, &ctx);
-		break;
-
 	case CRYPTO_BLAKE2B:
 	case CRYPTO_BLAKE2S:
 	case CRYPTO_NULL_HMAC:
@@ -947,29 +908,11 @@ swcr_setup_auth(struct swcr_session *ses,
 	case CRYPTO_SHA2_512_HMAC:
 	case CRYPTO_NULL_HMAC:
 	case CRYPTO_RIPEMD160_HMAC:
-		swa->sw_octx_len = axf->ctxsize;
-		swa->sw_octx = malloc(swa->sw_octx_len, M_CRYPTO_DATA,
-		    M_NOWAIT);
-		if (swa->sw_octx == NULL)
-			return (ENOBUFS);
-
-		if (csp->csp_auth_key != NULL) {
-			swcr_authprepare(axf, swa, csp->csp_auth_key,
-			    csp->csp_auth_klen);
-		}
-
-		if (csp->csp_mode == CSP_MODE_DIGEST)
-			ses->swcr_process = swcr_authcompute;
-		break;
-	case CRYPTO_MD5_KPDK:
-	case CRYPTO_SHA1_KPDK:
-		swa->sw_octx_len = csp->csp_auth_klen;
-		swa->sw_octx = malloc(swa->sw_octx_len, M_CRYPTO_DATA,
+		swa->sw_octx = malloc(axf->ctxsize, M_CRYPTO_DATA,
 		    M_NOWAIT);
 		if (swa->sw_octx == NULL)
 			return (ENOBUFS);
 
-		/* Store the key so we can "append" it to the payload */
 		if (csp->csp_auth_key != NULL) {
 			swcr_authprepare(axf, swa, csp->csp_auth_key,
 			    csp->csp_auth_klen);
@@ -1151,8 +1094,6 @@ swcr_auth_supported(const struct crypto_session_params *csp)
 	case CRYPTO_SHA2_512_HMAC:
 	case CRYPTO_NULL_HMAC:
 	case CRYPTO_RIPEMD160_HMAC:
-	case CRYPTO_MD5_KPDK:
-	case CRYPTO_SHA1_KPDK:
 		break;
 	case CRYPTO_AES_NIST_GMAC:
 		switch (csp->csp_auth_klen * 8) {
@@ -1399,7 +1340,7 @@ swcr_freesession(device_t dev, crypto_session_t cses)
 			free(swa->sw_ictx, M_CRYPTO_DATA);
 		}
 		if (swa->sw_octx != NULL) {
-			explicit_bzero(swa->sw_octx, swa->sw_octx_len);
+			explicit_bzero(swa->sw_octx, axf->ctxsize);
 			free(swa->sw_octx, M_CRYPTO_DATA);
 		}
 	}