svn commit: r360927 - in head: share/man/man9 sys/opencrypto
John Baldwin
jhb at FreeBSD.org
Mon May 11 21:05:01 UTC 2020
Author: jhb
Date: Mon May 11 21:04:59 2020
New Revision: 360927
URL: https://svnweb.freebsd.org/changeset/base/360927
Log:
Remove support for keyed MD5 and SHA1 authentication hashes.
They no longer have any in-tree consumers. Note that these are a
different from MD5-HMAC and SHA1-HMAC and were only used with IPsec.
Reviewed by: cem
Relnotes: yes
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D24770
Modified:
head/share/man/man9/crypto.9
head/sys/opencrypto/crypto.c
head/sys/opencrypto/cryptodev.h
head/sys/opencrypto/cryptosoft.c
head/sys/opencrypto/xform_auth.h
head/sys/opencrypto/xform_md5.c
head/sys/opencrypto/xform_sha1.c
Modified: head/share/man/man9/crypto.9
==============================================================================
--- head/share/man/man9/crypto.9 Mon May 11 20:58:27 2020 (r360926)
+++ head/share/man/man9/crypto.9 Mon May 11 21:04:59 2020 (r360927)
@@ -107,14 +107,12 @@ The following authentication algorithms are supported:
.It Dv CRYPTO_BLAKE2B
.It Dv CRYPTO_BLAKE2S
.It Dv CRYPTO_MD5_HMAC
-.It Dv CRYPTO_MD5_KPDK
.It Dv CRYPTO_NULL_HMAC
.It Dv CRYPTO_POLY1305
.It Dv CRYPTO_RIPEMD160
.It Dv CRYPTO_RIPEMD160_HMAC
.It Dv CRYPTO_SHA1
.It Dv CRYPTO_SHA1_HMAC
-.It Dv CRYPTO_SHA1_KPDK
.It Dv CRYPTO_SHA2_224
.It Dv CRYPTO_SHA2_224_HMAC
.It Dv CRYPTO_SHA2_256
Modified: head/sys/opencrypto/crypto.c
==============================================================================
--- head/sys/opencrypto/crypto.c Mon May 11 20:58:27 2020 (r360926)
+++ head/sys/opencrypto/crypto.c Mon May 11 21:04:59 2020 (r360927)
@@ -546,10 +546,6 @@ crypto_auth_hash(const struct crypto_session_params *c
return (&auth_hash_null);
case CRYPTO_RIPEMD160_HMAC:
return (&auth_hash_hmac_ripemd_160);
- case CRYPTO_MD5_KPDK:
- return (&auth_hash_key_md5);
- case CRYPTO_SHA1_KPDK:
- return (&auth_hash_key_sha1);
case CRYPTO_SHA1:
return (&auth_hash_sha1);
case CRYPTO_SHA2_224:
@@ -690,8 +686,6 @@ static enum alg_type {
[CRYPTO_MD5_HMAC] = ALG_KEYED_DIGEST,
[CRYPTO_SHA1_HMAC] = ALG_KEYED_DIGEST,
[CRYPTO_RIPEMD160_HMAC] = ALG_KEYED_DIGEST,
- [CRYPTO_MD5_KPDK] = ALG_KEYED_DIGEST,
- [CRYPTO_SHA1_KPDK] = ALG_KEYED_DIGEST,
[CRYPTO_AES_CBC] = ALG_CIPHER,
[CRYPTO_ARC4] = ALG_CIPHER,
[CRYPTO_SHA1] = ALG_DIGEST,
Modified: head/sys/opencrypto/cryptodev.h
==============================================================================
--- head/sys/opencrypto/cryptodev.h Mon May 11 20:58:27 2020 (r360926)
+++ head/sys/opencrypto/cryptodev.h Mon May 11 21:04:59 2020 (r360927)
@@ -81,8 +81,6 @@
#define SHA2_256_HASH_LEN 32
#define SHA2_384_HASH_LEN 48
#define SHA2_512_HASH_LEN 64
-#define MD5_KPDK_HASH_LEN 16
-#define SHA1_KPDK_HASH_LEN 20
#define AES_GMAC_HASH_LEN 16
#define POLY1305_HASH_LEN 16
#define AES_CBC_MAC_HASH_LEN 16
Modified: head/sys/opencrypto/cryptosoft.c
==============================================================================
--- head/sys/opencrypto/cryptosoft.c Mon May 11 20:58:27 2020 (r360926)
+++ head/sys/opencrypto/cryptosoft.c Mon May 11 21:04:59 2020 (r360927)
@@ -64,7 +64,6 @@ struct swcr_auth {
void *sw_octx;
struct auth_hash *sw_axf;
uint16_t sw_mlen;
- uint16_t sw_octx_len;
};
struct swcr_encdec {
@@ -349,27 +348,6 @@ swcr_authprepare(struct auth_hash *axf, struct swcr_au
hmac_init_ipad(axf, key, klen, sw->sw_ictx);
hmac_init_opad(axf, key, klen, sw->sw_octx);
break;
- case CRYPTO_MD5_KPDK:
- case CRYPTO_SHA1_KPDK:
- {
- /*
- * We need a buffer that can hold an md5 and a sha1 result
- * just to throw it away.
- * What we do here is the initial part of:
- * ALGO( key, keyfill, .. )
- * adding the key to sw_ictx and abusing Final() to get the
- * "keyfill" padding.
- * In addition we abuse the sw_octx to save the key to have
- * it to be able to append it at the end in swcr_authcompute().
- */
- u_char buf[SHA1_RESULTLEN];
-
- bcopy(key, sw->sw_octx, klen);
- axf->Init(sw->sw_ictx);
- axf->Update(sw->sw_ictx, key, klen);
- axf->Final(buf, sw->sw_ictx);
- break;
- }
case CRYPTO_POLY1305:
case CRYPTO_BLAKE2B:
case CRYPTO_BLAKE2S:
@@ -442,23 +420,6 @@ swcr_authcompute(struct swcr_session *ses, struct cryp
axf->Final(aalg, &ctx);
break;
- case CRYPTO_MD5_KPDK:
- case CRYPTO_SHA1_KPDK:
- /* If we have no key saved, return error. */
- if (sw->sw_octx == NULL)
- return EINVAL;
-
- /*
- * Add the trailing copy of the key (see comment in
- * swcr_authprepare()) after the data:
- * ALGO( .., key, algofill )
- * and let Final() do the proper, natural "algofill"
- * padding.
- */
- axf->Update(&ctx, sw->sw_octx, sw->sw_octx_len);
- axf->Final(aalg, &ctx);
- break;
-
case CRYPTO_BLAKE2B:
case CRYPTO_BLAKE2S:
case CRYPTO_NULL_HMAC:
@@ -947,8 +908,7 @@ swcr_setup_auth(struct swcr_session *ses,
case CRYPTO_SHA2_512_HMAC:
case CRYPTO_NULL_HMAC:
case CRYPTO_RIPEMD160_HMAC:
- swa->sw_octx_len = axf->ctxsize;
- swa->sw_octx = malloc(swa->sw_octx_len, M_CRYPTO_DATA,
+ swa->sw_octx = malloc(axf->ctxsize, M_CRYPTO_DATA,
M_NOWAIT);
if (swa->sw_octx == NULL)
return (ENOBUFS);
@@ -961,23 +921,6 @@ swcr_setup_auth(struct swcr_session *ses,
if (csp->csp_mode == CSP_MODE_DIGEST)
ses->swcr_process = swcr_authcompute;
break;
- case CRYPTO_MD5_KPDK:
- case CRYPTO_SHA1_KPDK:
- swa->sw_octx_len = csp->csp_auth_klen;
- swa->sw_octx = malloc(swa->sw_octx_len, M_CRYPTO_DATA,
- M_NOWAIT);
- if (swa->sw_octx == NULL)
- return (ENOBUFS);
-
- /* Store the key so we can "append" it to the payload */
- if (csp->csp_auth_key != NULL) {
- swcr_authprepare(axf, swa, csp->csp_auth_key,
- csp->csp_auth_klen);
- }
-
- if (csp->csp_mode == CSP_MODE_DIGEST)
- ses->swcr_process = swcr_authcompute;
- break;
case CRYPTO_SHA1:
case CRYPTO_SHA2_224:
case CRYPTO_SHA2_256:
@@ -1151,8 +1094,6 @@ swcr_auth_supported(const struct crypto_session_params
case CRYPTO_SHA2_512_HMAC:
case CRYPTO_NULL_HMAC:
case CRYPTO_RIPEMD160_HMAC:
- case CRYPTO_MD5_KPDK:
- case CRYPTO_SHA1_KPDK:
break;
case CRYPTO_AES_NIST_GMAC:
switch (csp->csp_auth_klen * 8) {
@@ -1399,7 +1340,7 @@ swcr_freesession(device_t dev, crypto_session_t cses)
free(swa->sw_ictx, M_CRYPTO_DATA);
}
if (swa->sw_octx != NULL) {
- explicit_bzero(swa->sw_octx, swa->sw_octx_len);
+ explicit_bzero(swa->sw_octx, axf->ctxsize);
free(swa->sw_octx, M_CRYPTO_DATA);
}
}
Modified: head/sys/opencrypto/xform_auth.h
==============================================================================
--- head/sys/opencrypto/xform_auth.h Mon May 11 20:58:27 2020 (r360926)
+++ head/sys/opencrypto/xform_auth.h Mon May 11 21:04:59 2020 (r360927)
@@ -66,8 +66,6 @@ struct auth_hash {
};
extern struct auth_hash auth_hash_null;
-extern struct auth_hash auth_hash_key_md5;
-extern struct auth_hash auth_hash_key_sha1;
extern struct auth_hash auth_hash_hmac_md5;
extern struct auth_hash auth_hash_hmac_sha1;
extern struct auth_hash auth_hash_hmac_ripemd_160;
Modified: head/sys/opencrypto/xform_md5.c
==============================================================================
--- head/sys/opencrypto/xform_md5.c Mon May 11 20:58:27 2020 (r360926)
+++ head/sys/opencrypto/xform_md5.c Mon May 11 21:04:59 2020 (r360927)
@@ -68,18 +68,6 @@ struct auth_hash auth_hash_hmac_md5 = {
.Final = (void (*) (u_int8_t *, void *)) MD5Final,
};
-struct auth_hash auth_hash_key_md5 = {
- .type = CRYPTO_MD5_KPDK,
- .name = "Keyed MD5",
- .keysize = 0,
- .hashsize = MD5_KPDK_HASH_LEN,
- .ctxsize = sizeof(MD5_CTX),
- .blocksize = 0,
- .Init = (void (*)(void *)) MD5Init,
- .Update = MD5Update_int,
- .Final = (void (*)(u_int8_t *, void *)) MD5Final,
-};
-
/*
* And now for auth.
*/
Modified: head/sys/opencrypto/xform_sha1.c
==============================================================================
--- head/sys/opencrypto/xform_sha1.c Mon May 11 20:58:27 2020 (r360926)
+++ head/sys/opencrypto/xform_sha1.c Mon May 11 21:04:59 2020 (r360927)
@@ -82,18 +82,6 @@ struct auth_hash auth_hash_hmac_sha1 = {
.Final = SHA1Final_int,
};
-struct auth_hash auth_hash_key_sha1 = {
- .type = CRYPTO_SHA1_KPDK,
- .name = "Keyed SHA1",
- .keysize = 0,
- .hashsize = SHA1_KPDK_HASH_LEN,
- .ctxsize = sizeof(SHA1_CTX),
- .blocksize = 0,
- .Init = SHA1Init_int,
- .Update = SHA1Update_int,
- .Final = SHA1Final_int,
-};
-
/*
* And now for auth.
*/
More information about the svn-src-all
mailing list