src - FreeBSD source tree

diff options


context:
space:
mode:

author	John Baldwin <jhb@FreeBSD.org>	2020-05-11 21:04:59 +0000
committer	John Baldwin <jhb@FreeBSD.org>	2020-05-11 21:04:59 +0000
commit	3a0b6a93a7002e7c8d1c7a86bae2d933834c3357 (patch)
tree	d0d157e91268bdf26d2bdb662bc84616b3f6ffac /sys/opencrypto
parent	f54ab96def788e69c2248ea355636b6bc111e747 (diff)
download	src-3a0b6a93a7002e7c8d1c7a86bae2d933834c3357.tar.gz src-3a0b6a93a7002e7c8d1c7a86bae2d933834c3357.zip

Remove support for keyed MD5 and SHA1 authentication hashes.

They no longer have any in-tree consumers. Note that these are a different from MD5-HMAC and SHA1-HMAC and were only used with IPsec. Reviewed by: cem Relnotes: yes Sponsored by: Chelsio Communications Differential Revision: https://reviews.freebsd.org/D24770

Notes

Notes: svn path=/head/; revision=360927

Diffstat (limited to 'sys/opencrypto')

-rw-r--r--

sys/opencrypto/crypto.c

-rw-r--r--

sys/opencrypto/cryptodev.h

-rw-r--r--

sys/opencrypto/cryptosoft.c

-rw-r--r--

sys/opencrypto/xform_auth.h

-rw-r--r--

sys/opencrypto/xform_md5.c

-rw-r--r--

sys/opencrypto/xform_sha1.c

6 files changed, 2 insertions, 95 deletions

diff --git a/sys/opencrypto/crypto.c b/sys/opencrypto/crypto.c
index a8c310f72e31..1f064a64426d 100644
--- a/sys/opencrypto/crypto.c
+++ b/sys/opencrypto/crypto.c

@@ -546,10 +546,6 @@ crypto_auth_hash(const struct crypto_session_params *csp)

return (&auth_hash_null);

case CRYPTO_RIPEMD160_HMAC:

return (&auth_hash_hmac_ripemd_160);

- case CRYPTO_MD5_KPDK:

- return (&auth_hash_key_md5);

- case CRYPTO_SHA1_KPDK:

- return (&auth_hash_key_sha1);

case CRYPTO_SHA1:

return (&auth_hash_sha1);

case CRYPTO_SHA2_224:

@@ -690,8 +686,6 @@ static enum alg_type {

[CRYPTO_MD5_HMAC] = ALG_KEYED_DIGEST,

[CRYPTO_SHA1_HMAC] = ALG_KEYED_DIGEST,

[CRYPTO_RIPEMD160_HMAC] = ALG_KEYED_DIGEST,

- [CRYPTO_MD5_KPDK] = ALG_KEYED_DIGEST,

- [CRYPTO_SHA1_KPDK] = ALG_KEYED_DIGEST,

[CRYPTO_AES_CBC] = ALG_CIPHER,

[CRYPTO_ARC4] = ALG_CIPHER,

[CRYPTO_SHA1] = ALG_DIGEST,

diff --git a/sys/opencrypto/cryptodev.h b/sys/opencrypto/cryptodev.h
index 8e47c1d8527f..2f1eef20d318 100644
--- a/sys/opencrypto/cryptodev.h
+++ b/sys/opencrypto/cryptodev.h

@@ -81,8 +81,6 @@

#define SHA2_256_HASH_LEN 32

#define SHA2_384_HASH_LEN 48

#define SHA2_512_HASH_LEN 64

-#define MD5_KPDK_HASH_LEN 16

-#define SHA1_KPDK_HASH_LEN 20

#define AES_GMAC_HASH_LEN 16

#define POLY1305_HASH_LEN 16

#define AES_CBC_MAC_HASH_LEN 16

diff --git a/sys/opencrypto/cryptosoft.c b/sys/opencrypto/cryptosoft.c
index a14e0f2bd4a6..5ef38e4c22ca 100644
--- a/sys/opencrypto/cryptosoft.c
+++ b/sys/opencrypto/cryptosoft.c

@@ -64,7 +64,6 @@ struct swcr_auth {

void *sw_octx;

struct auth_hash *sw_axf;

uint16_t sw_mlen;

- uint16_t sw_octx_len;

};

struct swcr_encdec {

@@ -349,27 +348,6 @@ swcr_authprepare(struct auth_hash *axf, struct swcr_auth *sw,

hmac_init_ipad(axf, key, klen, sw->sw_ictx);

hmac_init_opad(axf, key, klen, sw->sw_octx);

break;

- case CRYPTO_MD5_KPDK:

- case CRYPTO_SHA1_KPDK:

- {

- /*

- * We need a buffer that can hold an md5 and a sha1 result

- * just to throw it away.

- * What we do here is the initial part of:

- * ALGO( key, keyfill, .. )

- * adding the key to sw_ictx and abusing Final() to get the

- * "keyfill" padding.

- * In addition we abuse the sw_octx to save the key to have

- * it to be able to append it at the end in swcr_authcompute().

- */

- u_char buf[SHA1_RESULTLEN];

- bcopy(key, sw->sw_octx, klen);

- axf->Init(sw->sw_ictx);

- axf->Update(sw->sw_ictx, key, klen);

- axf->Final(buf, sw->sw_ictx);

- break;

- }

case CRYPTO_POLY1305:

case CRYPTO_BLAKE2B:

case CRYPTO_BLAKE2S:

@@ -442,23 +420,6 @@ swcr_authcompute(struct swcr_session *ses, struct cryptop *crp)

axf->Final(aalg, &ctx);

break;

- case CRYPTO_MD5_KPDK:

- case CRYPTO_SHA1_KPDK:

- /* If we have no key saved, return error. */

- if (sw->sw_octx == NULL)

- return EINVAL;

- /*

- * Add the trailing copy of the key (see comment in

- * swcr_authprepare()) after the data:

- * ALGO( .., key, algofill )

- * and let Final() do the proper, natural "algofill"

- * padding.

- */

- axf->Update(&ctx, sw->sw_octx, sw->sw_octx_len);

- axf->Final(aalg, &ctx);

- break;

case CRYPTO_BLAKE2B:

case CRYPTO_BLAKE2S:

case CRYPTO_NULL_HMAC:

@@ -947,29 +908,11 @@ swcr_setup_auth(struct swcr_session *ses,

case CRYPTO_SHA2_512_HMAC:

case CRYPTO_NULL_HMAC:

case CRYPTO_RIPEMD160_HMAC:

- swa->sw_octx_len = axf->ctxsize;

- swa->sw_octx = malloc(swa->sw_octx_len, M_CRYPTO_DATA,

- M_NOWAIT);

- if (swa->sw_octx == NULL)

- return (ENOBUFS);

- if (csp->csp_auth_key != NULL) {

- swcr_authprepare(axf, swa, csp->csp_auth_key,

- csp->csp_auth_klen);

- }

- if (csp->csp_mode == CSP_MODE_DIGEST)

- ses->swcr_process = swcr_authcompute;

- break;

- case CRYPTO_MD5_KPDK:

- case CRYPTO_SHA1_KPDK:

- swa->sw_octx_len = csp->csp_auth_klen;

- swa->sw_octx = malloc(swa->sw_octx_len, M_CRYPTO_DATA,

+ swa->sw_octx = malloc(axf->ctxsize, M_CRYPTO_DATA,

M_NOWAIT);

if (swa->sw_octx == NULL)

return (ENOBUFS);

- /* Store the key so we can "append" it to the payload */

if (csp->csp_auth_key != NULL) {

swcr_authprepare(axf, swa, csp->csp_auth_key,

csp->csp_auth_klen);

@@ -1151,8 +1094,6 @@ swcr_auth_supported(const struct crypto_session_params *csp)

case CRYPTO_SHA2_512_HMAC:

case CRYPTO_NULL_HMAC:

case CRYPTO_RIPEMD160_HMAC:

- case CRYPTO_MD5_KPDK:

- case CRYPTO_SHA1_KPDK:

break;

case CRYPTO_AES_NIST_GMAC:

switch (csp->csp_auth_klen * 8) {

@@ -1399,7 +1340,7 @@ swcr_freesession(device_t dev, crypto_session_t cses)

free(swa->sw_ictx, M_CRYPTO_DATA);

}

if (swa->sw_octx != NULL) {

- explicit_bzero(swa->sw_octx, swa->sw_octx_len);

+ explicit_bzero(swa->sw_octx, axf->ctxsize);

free(swa->sw_octx, M_CRYPTO_DATA);

}

diff --git a/sys/opencrypto/xform_auth.h b/sys/opencrypto/xform_auth.h
index 9b0726257d77..49ce5089d76c 100644
--- a/sys/opencrypto/xform_auth.h
+++ b/sys/opencrypto/xform_auth.h

@@ -66,8 +66,6 @@ struct auth_hash {

};

extern struct auth_hash auth_hash_null;

-extern struct auth_hash auth_hash_key_md5;

-extern struct auth_hash auth_hash_key_sha1;

extern struct auth_hash auth_hash_hmac_md5;

extern struct auth_hash auth_hash_hmac_sha1;

extern struct auth_hash auth_hash_hmac_ripemd_160;

diff --git a/sys/opencrypto/xform_md5.c b/sys/opencrypto/xform_md5.c
index 5611ee397251..25c634632d5d 100644
--- a/sys/opencrypto/xform_md5.c
+++ b/sys/opencrypto/xform_md5.c

@@ -68,18 +68,6 @@ struct auth_hash auth_hash_hmac_md5 = {

.Final = (void (*) (u_int8_t *, void *)) MD5Final,

};

-struct auth_hash auth_hash_key_md5 = {

- .type = CRYPTO_MD5_KPDK,

- .name = "Keyed MD5",

- .keysize = 0,

- .hashsize = MD5_KPDK_HASH_LEN,

- .ctxsize = sizeof(MD5_CTX),

- .blocksize = 0,

- .Init = (void (*)(void *)) MD5Init,

- .Update = MD5Update_int,

- .Final = (void (*)(u_int8_t *, void *)) MD5Final,

-};

* And now for auth.

diff --git a/sys/opencrypto/xform_sha1.c b/sys/opencrypto/xform_sha1.c
index 44ac8c0e8b77..e6becf03d36c 100644
--- a/sys/opencrypto/xform_sha1.c
+++ b/sys/opencrypto/xform_sha1.c

@@ -82,18 +82,6 @@ struct auth_hash auth_hash_hmac_sha1 = {

.Final = SHA1Final_int,

};

-struct auth_hash auth_hash_key_sha1 = {

- .type = CRYPTO_SHA1_KPDK,

- .name = "Keyed SHA1",

- .keysize = 0,

- .hashsize = SHA1_KPDK_HASH_LEN,

- .ctxsize = sizeof(SHA1_CTX),

- .blocksize = 0,

- .Init = SHA1Init_int,

- .Update = SHA1Update_int,

- .Final = SHA1Final_int,

-};

* And now for auth.