svn commit: r361404 - head/sys/crypto/ccp

Fri May 22 20:52:37 UTC 2020

Author: jhb
Date: Fri May 22 20:52:36 2020
New Revision: 361404
URL: https://svnweb.freebsd.org/changeset/base/361404

Log:
  Remove a workaround for GCM requests with an empty payload.
  
  This was copied from ccr(4) (which does require the workaround), but
  is reportedly not needed for ccp(4).
  
  Discussed with:	cem
  Sponsored by:	Netflix

Modified:
  head/sys/crypto/ccp/ccp.c

Modified: head/sys/crypto/ccp/ccp.c
==============================================================================

--- head/sys/crypto/ccp/ccp.c	Fri May 22 19:09:43 2020	(r361403)
+++ head/sys/crypto/ccp/ccp.c	Fri May 22 20:52:36 2020	(r361404)
@@ -113,67 +113,6 @@ ccp_populate_sglist(struct sglist *sg, struct cryptop 
 	return (error);
 }
 
-/*
- * Handle a GCM request with an empty payload by performing the
- * operation in software.
- */
-static void
-ccp_gcm_soft(struct ccp_session *s, struct cryptop *crp)
-{
-	struct aes_gmac_ctx gmac_ctx;
-	char block[GMAC_BLOCK_LEN];
-	char digest[GMAC_DIGEST_LEN];
-	char iv[AES_BLOCK_LEN];
-	int i, len;
-
-	/*
-	 * This assumes a 12-byte IV from the crp.  See longer comment
-	 * above in ccp_gcm() for more details.
-	 */
-	if ((crp->crp_flags & CRYPTO_F_IV_SEPARATE) == 0) {
-		crp->crp_etype = EINVAL;
-		goto out;
-	}
-	memcpy(iv, crp->crp_iv, 12);
-	*(uint32_t *)&iv[12] = htobe32(1);
-
-	/* Initialize the MAC. */
-	AES_GMAC_Init(&gmac_ctx);
-	AES_GMAC_Setkey(&gmac_ctx, s->blkcipher.enckey, s->blkcipher.key_len);
-	AES_GMAC_Reinit(&gmac_ctx, iv, sizeof(iv));
-
-	/* MAC the AAD. */
-	for (i = 0; i < crp->crp_aad_length; i += sizeof(block)) {
-		len = imin(crp->crp_aad_length - i, sizeof(block));
-		crypto_copydata(crp, crp->crp_aad_start + i, len, block);
-		bzero(block + len, sizeof(block) - len);
-		AES_GMAC_Update(&gmac_ctx, block, sizeof(block));
-	}
-
-	/* Length block. */
-	bzero(block, sizeof(block));
-	((uint32_t *)block)[1] = htobe32(crp->crp_aad_length * 8);
-	AES_GMAC_Update(&gmac_ctx, block, sizeof(block));
-	AES_GMAC_Final(digest, &gmac_ctx);
-
-	if (CRYPTO_OP_IS_ENCRYPT(crp->crp_op)) {
-		crypto_copyback(crp, crp->crp_digest_start, sizeof(digest),
-		    digest);
-		crp->crp_etype = 0;
-	} else {
-		char digest2[GMAC_DIGEST_LEN];
-
-		crypto_copydata(crp, crp->crp_digest_start, sizeof(digest2),
-		    digest2);
-		if (timingsafe_bcmp(digest, digest2, sizeof(digest)) == 0)
-			crp->crp_etype = 0;
-		else
-			crp->crp_etype = EBADMSG;
-	}
-out:
-	crypto_done(crp);
-}
-
 static int
 ccp_probe(device_t dev)
 {
@@ -643,11 +582,6 @@ ccp_process(device_t dev, struct cryptop *crp, int hin
 		error = ccp_authenc(qp, s, crp);
 		break;
 	case GCM:
-		if (crp->crp_payload_length == 0) {
-			mtx_unlock(&qp->cq_lock);
-			ccp_gcm_soft(s, crp);
-			return (0);
-		}
 		if (s->pending != 0) {
 			error = EAGAIN;
 			break;
