From nobody Sat Nov 6 16:46:19 2021 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 48279184F29F; Sat, 6 Nov 2021 16:46:20 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Hmjv00Fw4z3JCL; Sat, 6 Nov 2021 16:46:20 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id DE1906A3E; Sat, 6 Nov 2021 16:46:19 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 1A6GkJkq036908; Sat, 6 Nov 2021 16:46:19 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 1A6GkJtc036907; Sat, 6 Nov 2021 16:46:19 GMT (envelope-from git) Date: Sat, 6 Nov 2021 16:46:19 GMT Message-Id: <202111061646.1A6GkJtc036907@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Wojciech Macek Subject: git: 200bc58953f0 - main - Revert "ossl: Add support for AES-CBC cipher" List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: wma X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 200bc58953f0f5403d5ae57691f34500afe4c614 Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by wma: URL: https://cgit.FreeBSD.org/src/commit/?id=200bc58953f0f5403d5ae57691f34500afe4c614 commit 200bc58953f0f5403d5ae57691f34500afe4c614 Author: Wojciech Macek AuthorDate: 2021-11-06 16:46:01 +0000 Commit: Wojciech Macek CommitDate: 2021-11-06 16:46:01 +0000 Revert "ossl: Add support for AES-CBC cipher" This reverts commit 849faf4e0ba9a8b8f24ff34da93a0fd46c14eda9. --- share/man/man4/ossl.4 | 4 +- sys/conf/files | 1 - sys/conf/files.amd64 | 1 - sys/conf/files.arm64 | 4 - sys/conf/files.i386 | 1 - sys/crypto/openssl/ossl.c | 94 ++++++----------------- sys/crypto/openssl/ossl.h | 36 +-------- sys/crypto/openssl/ossl_aarch64.c | 23 +----- sys/crypto/openssl/ossl_aarch64.h | 31 -------- sys/crypto/openssl/ossl_aes.c | 153 ------------------------------------- sys/crypto/openssl/ossl_chacha20.c | 18 +---- sys/crypto/openssl/ossl_cipher.h | 53 ------------- sys/crypto/openssl/ossl_x86.c | 15 +--- sys/crypto/openssl/ossl_x86.h | 20 ----- sys/modules/ossl/Makefile | 14 ---- tests/sys/opencrypto/cryptotest.py | 2 +- 16 files changed, 34 insertions(+), 436 deletions(-) diff --git a/share/man/man4/ossl.4 b/share/man/man4/ossl.4 index 039ce301ac29..5929e46e9fe3 100644 --- a/share/man/man4/ossl.4 +++ b/share/man/man4/ossl.4 @@ -26,7 +26,7 @@ .\" .\" $FreeBSD$ .\" -.Dd September 24, 2021 +.Dd March 3, 2021 .Dt OSSL 4 .Os .Sh NAME @@ -74,8 +74,6 @@ driver includes support for the following algorithms: .Pp .Bl -bullet -compact .It -AES-CBC -.It ChaCha20 .It ChaCha20-Poly1305 (RFC 8439) diff --git a/sys/conf/files b/sys/conf/files index 9743341f6e45..f2663fd1c6c0 100644 --- a/sys/conf/files +++ b/sys/conf/files @@ -716,7 +716,6 @@ crypto/chacha20/chacha-sw.c optional crypto | ipsec | ipsec_support crypto/des/des_ecb.c optional netsmb crypto/des/des_setkey.c optional netsmb crypto/openssl/ossl.c optional ossl -crypto/openssl/ossl_aes.c optional ossl crypto/openssl/ossl_chacha20.c optional ossl crypto/openssl/ossl_poly1305.c optional ossl crypto/openssl/ossl_sha1.c optional ossl diff --git a/sys/conf/files.amd64 b/sys/conf/files.amd64 index 6b51c1a5a55d..37ff6404cdba 100644 --- a/sys/conf/files.amd64 +++ b/sys/conf/files.amd64 @@ -88,7 +88,6 @@ cddl/dev/dtrace/amd64/dtrace_asm.S optional dtrace compile-with "${DTRACE_S}" cddl/dev/dtrace/amd64/dtrace_subr.c optional dtrace compile-with "${DTRACE_C}" crypto/aesni/aeskeys_amd64.S optional aesni crypto/des/des_enc.c optional netsmb -crypto/openssl/amd64/aesni-x86_64.S optional ossl crypto/openssl/amd64/chacha-x86_64.S optional ossl crypto/openssl/amd64/poly1305-x86_64.S optional ossl crypto/openssl/amd64/sha1-x86_64.S optional ossl diff --git a/sys/conf/files.arm64 b/sys/conf/files.arm64 index e718e9b93847..a0bdaeb475d6 100644 --- a/sys/conf/files.arm64 +++ b/sys/conf/files.arm64 @@ -128,8 +128,6 @@ ghashv8-armx.o optional armv8crypto \ crypto/des/des_enc.c optional netsmb crypto/openssl/ossl_aarch64.c optional ossl -crypto/openssl/aarch64/aesv8-armx.S optional ossl \ - compile-with "${CC} -c ${CFLAGS:N-mgeneral-regs-only} ${WERROR} -march=armv8-a+crypto ${.IMPSRC}" crypto/openssl/aarch64/chacha-armv8.S optional ossl \ compile-with "${CC} -c ${CFLAGS:N-mgeneral-regs-only} ${WERROR} ${.IMPSRC}" crypto/openssl/aarch64/poly1305-armv8.S optional ossl \ @@ -140,8 +138,6 @@ crypto/openssl/aarch64/sha256-armv8.S optional ossl \ compile-with "${CC} -c ${CFLAGS:N-mgeneral-regs-only} ${WERROR} ${.IMPSRC}" crypto/openssl/aarch64/sha512-armv8.S optional ossl \ compile-with "${CC} -c ${CFLAGS:N-mgeneral-regs-only} ${WERROR} ${.IMPSRC}" -crypto/openssl/aarch64/vpaes-armv8.S optional ossl \ - compile-with "${CC} -c ${CFLAGS:N-mgeneral-regs-only} ${WERROR} ${.IMPSRC}" dev/acpica/acpi_bus_if.m optional acpi dev/acpica/acpi_if.m optional acpi diff --git a/sys/conf/files.i386 b/sys/conf/files.i386 index 0c681d6a84a0..e83bcd5a3492 100644 --- a/sys/conf/files.i386 +++ b/sys/conf/files.i386 @@ -15,7 +15,6 @@ cddl/dev/dtrace/i386/dtrace_asm.S optional dtrace compile-with "${DTRACE_S}" cddl/dev/dtrace/i386/dtrace_subr.c optional dtrace compile-with "${DTRACE_C}" crypto/aesni/aeskeys_i386.S optional aesni crypto/des/arch/i386/des_enc.S optional netsmb -crypto/openssl/i386/aesni-x86.S optional ossl crypto/openssl/i386/chacha-x86.S optional ossl crypto/openssl/i386/poly1305-x86.S optional ossl crypto/openssl/i386/sha1-586.S optional ossl diff --git a/sys/crypto/openssl/ossl.c b/sys/crypto/openssl/ossl.c index f46b5a966bb1..ad9b93dd960d 100644 --- a/sys/crypto/openssl/ossl.c +++ b/sys/crypto/openssl/ossl.c @@ -49,10 +49,24 @@ __FBSDID("$FreeBSD$"); #include #include -#include #include "cryptodev_if.h" +struct ossl_softc { + int32_t sc_cid; +}; + +struct ossl_session_hash { + struct ossl_hash_context ictx; + struct ossl_hash_context octx; + struct auth_hash *axf; + u_int mlen; +}; + +struct ossl_session { + struct ossl_session_hash hash; +}; + static MALLOC_DEFINE(M_OSSL, "ossl", "OpenSSL crypto"); static void @@ -78,7 +92,7 @@ ossl_attach(device_t dev) sc = device_get_softc(dev); - ossl_cpuid(sc); + ossl_cpuid(); sc->sc_cid = crypto_get_driverid(dev, sizeof(struct ossl_session), CRYPTOCAP_F_SOFTWARE | CRYPTOCAP_F_SYNC | CRYPTOCAP_F_ACCEL_SOFTWARE); @@ -129,34 +143,9 @@ ossl_lookup_hash(const struct crypto_session_params *csp) } } -static struct ossl_cipher* -ossl_lookup_cipher(const struct crypto_session_params *csp) -{ - - switch (csp->csp_cipher_alg) { - case CRYPTO_AES_CBC: - switch (csp->csp_cipher_klen * 8) { - case 128: - case 192: - case 256: - break; - default: - return (NULL); - } - return (&ossl_cipher_aes_cbc); - case CRYPTO_CHACHA20: - if (csp->csp_cipher_klen != CHACHA_KEY_SIZE) - return (NULL); - return (&ossl_cipher_chacha20); - default: - return (NULL); - } -} - static int ossl_probesession(device_t dev, const struct crypto_session_params *csp) { - struct ossl_softc *sc = device_get_softc(dev); if ((csp->csp_flags & ~(CSP_F_SEPARATE_OUTPUT | CSP_F_SEPARATE_AAD)) != 0) @@ -167,10 +156,14 @@ ossl_probesession(device_t dev, const struct crypto_session_params *csp) return (EINVAL); break; case CSP_MODE_CIPHER: - if (csp->csp_cipher_alg != CRYPTO_CHACHA20 && !sc->has_aes) - return (EINVAL); - if (ossl_lookup_cipher(csp) == NULL) + switch (csp->csp_cipher_alg) { + case CRYPTO_CHACHA20: + if (csp->csp_cipher_klen != CHACHA_KEY_SIZE) + return (EINVAL); + break; + default: return (EINVAL); + } break; case CSP_MODE_AEAD: switch (csp->csp_cipher_alg) { @@ -220,57 +213,20 @@ ossl_newsession_hash(struct ossl_session *s, } } -static int -ossl_newsession_cipher(struct ossl_session *s, - const struct crypto_session_params *csp) -{ - struct ossl_cipher *cipher; - int error = 0; - - cipher = ossl_lookup_cipher(csp); - if (cipher == NULL) - return (EINVAL); - - s->cipher.cipher = cipher; - - if (csp->csp_cipher_key == NULL) - return (0); - - fpu_kern_enter(curthread, NULL, FPU_KERN_NOCTX); - if (cipher->set_encrypt_key != NULL) { - error = cipher->set_encrypt_key(csp->csp_cipher_key, - 8 * csp->csp_cipher_klen, &s->cipher.enc_ctx); - if (error != 0) { - fpu_kern_leave(curthread, NULL); - return (error); - } - } - if (cipher->set_decrypt_key != NULL) - error = cipher->set_decrypt_key(csp->csp_cipher_key, - 8 * csp->csp_cipher_klen, &s->cipher.dec_ctx); - fpu_kern_leave(curthread, NULL); - - return (error); -} - static int ossl_newsession(device_t dev, crypto_session_t cses, const struct crypto_session_params *csp) { struct ossl_session *s; - int error = 0; s = crypto_get_driver_session(cses); switch (csp->csp_mode) { case CSP_MODE_DIGEST: ossl_newsession_hash(s, csp); break; - case CSP_MODE_CIPHER: - error = ossl_newsession_cipher(s, csp); - break; } - return (error); + return (0); } static int @@ -364,7 +320,7 @@ ossl_process(device_t dev, struct cryptop *crp, int hint) error = ossl_process_hash(s, crp, csp); break; case CSP_MODE_CIPHER: - error = s->cipher.cipher->process(&s->cipher, crp, csp); + error = ossl_chacha20(crp, csp); break; case CSP_MODE_AEAD: if (CRYPTO_OP_IS_ENCRYPT(crp->crp_op)) diff --git a/sys/crypto/openssl/ossl.h b/sys/crypto/openssl/ossl.h index 4f5353818add..11793dca037a 100644 --- a/sys/crypto/openssl/ossl.h +++ b/sys/crypto/openssl/ossl.h @@ -36,47 +36,20 @@ struct cryptop; struct crypto_session_params; -struct ossl_softc; -struct ossl_session; +int ossl_chacha20(struct cryptop *crp, + const struct crypto_session_params *csp); int ossl_chacha20_poly1305_decrypt(struct cryptop *crp, const struct crypto_session_params *csp); int ossl_chacha20_poly1305_encrypt(struct cryptop *crp, const struct crypto_session_params *csp); -void ossl_cpuid(struct ossl_softc *sc); - -struct ossl_softc { - int32_t sc_cid; - bool has_aes; -}; +void ossl_cpuid(void); /* Needs to be big enough to hold any hash context. */ struct ossl_hash_context { uint32_t dummy[61]; } __aligned(32); -struct ossl_cipher_context { - uint32_t dummy[61]; -} __aligned(32); - -struct ossl_session_hash { - struct ossl_hash_context ictx; - struct ossl_hash_context octx; - struct auth_hash *axf; - u_int mlen; -}; - -struct ossl_session_cipher { - struct ossl_cipher_context dec_ctx; - struct ossl_cipher_context enc_ctx; - struct ossl_cipher *cipher; -}; - -struct ossl_session { - struct ossl_session_cipher cipher; - struct ossl_session_hash hash; -}; - extern struct auth_hash ossl_hash_poly1305; extern struct auth_hash ossl_hash_sha1; extern struct auth_hash ossl_hash_sha224; @@ -84,7 +57,4 @@ extern struct auth_hash ossl_hash_sha256; extern struct auth_hash ossl_hash_sha384; extern struct auth_hash ossl_hash_sha512; -extern struct ossl_cipher ossl_cipher_aes_cbc; -extern struct ossl_cipher ossl_cipher_chacha20; - #endif /* !__OSSL_H__ */ diff --git a/sys/crypto/openssl/ossl_aarch64.c b/sys/crypto/openssl/ossl_aarch64.c index e4b87a75a403..2a45a848808a 100644 --- a/sys/crypto/openssl/ossl_aarch64.c +++ b/sys/crypto/openssl/ossl_aarch64.c @@ -36,7 +36,6 @@ #include #include -#include #include /* @@ -44,14 +43,8 @@ */ unsigned int OPENSSL_armcap_P; -ossl_cipher_setkey_t aes_v8_set_encrypt_key; -ossl_cipher_setkey_t aes_v8_set_decrypt_key; - -ossl_cipher_setkey_t vpaes_set_encrypt_key; -ossl_cipher_setkey_t vpaes_set_decrypt_key; - void -ossl_cpuid(struct ossl_softc *sc) +ossl_cpuid(void) { /* SHA features */ if ((elf_hwcap & HWCAP_SHA1) != 0) @@ -66,18 +59,4 @@ ossl_cpuid(struct ossl_softc *sc) OPENSSL_armcap_P |= ARMV8_AES; if ((elf_hwcap & HWCAP_PMULL) != 0) OPENSSL_armcap_P |= ARMV8_PMULL; - - if ((OPENSSL_armcap_P & ARMV8_AES) == 0 && - (OPENSSL_armcap_P & ARMV7_NEON) == 0) { - sc->has_aes = false; - return; - } - sc->has_aes = true; - if (OPENSSL_armcap_P & ARMV8_AES) { - ossl_cipher_aes_cbc.set_encrypt_key = aes_v8_set_encrypt_key; - ossl_cipher_aes_cbc.set_decrypt_key = aes_v8_set_decrypt_key; - } else { - ossl_cipher_aes_cbc.set_encrypt_key = vpaes_set_encrypt_key; - ossl_cipher_aes_cbc.set_decrypt_key = vpaes_set_decrypt_key; - } } diff --git a/sys/crypto/openssl/ossl_aarch64.h b/sys/crypto/openssl/ossl_aarch64.h deleted file mode 100644 index f933f862d009..000000000000 --- a/sys/crypto/openssl/ossl_aarch64.h +++ /dev/null @@ -1,31 +0,0 @@ -/* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#ifndef __OSSL_AARCH64__ -#define __OSSL_AARCH64__ - -#include -#include -#include - -/* aesv8-armx.S */ -ossl_cipher_encrypt_t aes_v8_cbc_encrypt; -/* vpaes-armv8.S */ -ossl_cipher_encrypt_t vpaes_cbc_encrypt; - -static void -AES_CBC_ENCRYPT(const unsigned char *in, unsigned char *out, - size_t length, const void *key, unsigned char *iv, int encrypt) -{ - if (OPENSSL_armcap_P & ARMV8_AES) - aes_v8_cbc_encrypt(in, out, length, key, iv, encrypt); - else - vpaes_cbc_encrypt(in, out, length, key, iv, encrypt); -} -#endif diff --git a/sys/crypto/openssl/ossl_aes.c b/sys/crypto/openssl/ossl_aes.c deleted file mode 100644 index 93f16e7dce55..000000000000 --- a/sys/crypto/openssl/ossl_aes.c +++ /dev/null @@ -1,153 +0,0 @@ -/*- - * SPDX-License-Identifier: BSD-2-Clause-FreeBSD - * - * Copyright (c) 2021 Stormshield. - * Copyright (c) 2021 Semihalf. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include -__FBSDID("$FreeBSD$"); - -#include -#include - -#include - -#include -#include - -#if defined(__amd64__) || defined(__i386__) -#include -#elif defined (__aarch64__) -#include -#endif - -static ossl_cipher_process_t ossl_aes_cbc; - -struct ossl_cipher ossl_cipher_aes_cbc = { - .type = CRYPTO_AES_CBC, - .blocksize = AES_BLOCK_LEN, - .ivsize = AES_BLOCK_LEN, - - /* Filled during initialization based on CPU caps. */ - .set_encrypt_key = NULL, - .set_decrypt_key = NULL, - .process = ossl_aes_cbc -}; - -static int -ossl_aes_cbc(struct ossl_session_cipher *s, struct cryptop *crp, - const struct crypto_session_params *csp) -{ - struct crypto_buffer_cursor cc_in, cc_out; - unsigned char block[EALG_MAX_BLOCK_LEN]; - unsigned char iv[EALG_MAX_BLOCK_LEN]; - const unsigned char *in, *inseg; - unsigned char *out, *outseg; - size_t plen, seglen, inlen, outlen; - struct ossl_cipher_context key; - struct ossl_cipher *cipher; - int blocklen, error; - bool encrypt; - - cipher = s->cipher; - encrypt = CRYPTO_OP_IS_ENCRYPT(crp->crp_op); - plen = crp->crp_payload_length; - blocklen = cipher->blocksize; - - if (plen % blocklen) - return (EINVAL); - - if (crp->crp_cipher_key != NULL) { - if (encrypt) - error = cipher->set_encrypt_key(crp->crp_cipher_key, - 8 * csp->csp_cipher_klen, &key); - else - error = cipher->set_decrypt_key(crp->crp_cipher_key, - 8 * csp->csp_cipher_klen, &key); - if (error) - return (error); - } else { - if (encrypt) - key = s->enc_ctx; - else - key = s->dec_ctx; - } - - crypto_read_iv(crp, iv); - - /* Derived from ossl_chacha20.c */ - crypto_cursor_init(&cc_in, &crp->crp_buf); - crypto_cursor_advance(&cc_in, crp->crp_payload_start); - inseg = crypto_cursor_segment(&cc_in, &inlen); - if (CRYPTO_HAS_OUTPUT_BUFFER(crp)) { - crypto_cursor_init(&cc_out, &crp->crp_obuf); - crypto_cursor_advance(&cc_out, crp->crp_payload_output_start); - } else { - cc_out = cc_in; - } - outseg = crypto_cursor_segment(&cc_out, &outlen); - - while (plen >= blocklen) { - if (inlen < blocklen) { - crypto_cursor_copydata(&cc_in, blocklen, block); - in = block; - inlen = blocklen; - } else { - in = inseg; - } - if (outlen < blocklen) { - out = block; - outlen = blocklen; - } else { - out = outseg; - } - - /* Figure out how many blocks we can encrypt/decrypt at once. */ - seglen = rounddown(MIN(plen, MIN(inlen, outlen)), blocklen); - - AES_CBC_ENCRYPT(in, out, seglen, &key, iv, encrypt); - - if (out == block) { - crypto_cursor_copyback(&cc_out, blocklen, block); - outseg = crypto_cursor_segment(&cc_out, &outlen); - } else { - crypto_cursor_advance(&cc_out, seglen); - outseg += seglen; - outlen -= seglen; - } - if (in == block) { - inseg = crypto_cursor_segment(&cc_in, &inlen); - } else { - crypto_cursor_advance(&cc_in, seglen); - inseg += seglen; - inlen -= seglen; - } - plen -= seglen; - } - - explicit_bzero(block, sizeof(block)); - explicit_bzero(iv, sizeof(iv)); - explicit_bzero(&key, sizeof(key)); - return (0); -} diff --git a/sys/crypto/openssl/ossl_chacha20.c b/sys/crypto/openssl/ossl_chacha20.c index c21a28470a26..aa125121e8b4 100644 --- a/sys/crypto/openssl/ossl_chacha20.c +++ b/sys/crypto/openssl/ossl_chacha20.c @@ -37,24 +37,10 @@ #include #include -#include #include -static ossl_cipher_process_t ossl_chacha20; - -struct ossl_cipher ossl_cipher_chacha20 = { - .type = CRYPTO_CHACHA20, - .blocksize = CHACHA_BLK_SIZE, - .ivsize = CHACHA_CTR_SIZE, - - .set_encrypt_key = NULL, - .set_decrypt_key = NULL, - .process = ossl_chacha20 -}; - -static int -ossl_chacha20(struct ossl_session_cipher *s, struct cryptop *crp, - const struct crypto_session_params *csp) +int +ossl_chacha20(struct cryptop *crp, const struct crypto_session_params *csp) { _Alignas(8) unsigned int key[CHACHA_KEY_SIZE / 4]; unsigned int counter[CHACHA_CTR_SIZE / 4]; diff --git a/sys/crypto/openssl/ossl_cipher.h b/sys/crypto/openssl/ossl_cipher.h deleted file mode 100644 index d9e6ec29aafc..000000000000 --- a/sys/crypto/openssl/ossl_cipher.h +++ /dev/null @@ -1,53 +0,0 @@ -/*- - * SPDX-License-Identifier: BSD-2-Clause-FreeBSD - * - * Copyright (c) 2021 Stormshield. - * Copyright (c) 2021 Semihalf. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#ifndef __OSSL_CIPHER_H__ -#define __OSSL_CIPHER_H__ - -struct ossl_session_cipher; -struct cryptop; -struct crypto_session_params; - -typedef int (ossl_cipher_setkey_t)(const unsigned char*, int, void*); -typedef int (ossl_cipher_process_t)(struct ossl_session_cipher*, struct cryptop*, - const struct crypto_session_params*); -typedef void (ossl_cipher_encrypt_t)(const unsigned char*, unsigned char*, size_t, - const void*, unsigned char*, int); - -ossl_cipher_encrypt_t ossl_aes_cbc_encrypt; - -struct ossl_cipher { - int type; - uint16_t blocksize; - uint16_t ivsize; - - ossl_cipher_setkey_t *set_encrypt_key; - ossl_cipher_setkey_t *set_decrypt_key; - ossl_cipher_process_t *process; -}; - -#endif diff --git a/sys/crypto/openssl/ossl_x86.c b/sys/crypto/openssl/ossl_x86.c index a1e9a995948b..60ff6fa0c759 100644 --- a/sys/crypto/openssl/ossl_x86.c +++ b/sys/crypto/openssl/ossl_x86.c @@ -39,7 +39,6 @@ #include #include -#include /* * See OPENSSL_ia32cap(3). @@ -50,13 +49,9 @@ * [3] = 0 */ unsigned int OPENSSL_ia32cap_P[4]; -#define AESNI_CAPABLE (OPENSSL_ia32cap_P[1]&(1<<(57-32))) - -ossl_cipher_setkey_t aesni_set_encrypt_key; -ossl_cipher_setkey_t aesni_set_decrypt_key; void -ossl_cpuid(struct ossl_softc *sc) +ossl_cpuid(void) { uint64_t xcr0; u_int regs[4]; @@ -117,12 +112,4 @@ ossl_cpuid(struct ossl_softc *sc) OPENSSL_ia32cap_P[1] &= ~(CPUID2_AVX | AMDID2_XOP | CPUID2_FMA); OPENSSL_ia32cap_P[2] &= ~CPUID_STDEXT_AVX2; } - - if (!AESNI_CAPABLE) { - sc->has_aes = false; - return; - } - sc->has_aes = true; - ossl_cipher_aes_cbc.set_encrypt_key = aesni_set_encrypt_key; - ossl_cipher_aes_cbc.set_decrypt_key = aesni_set_decrypt_key; } diff --git a/sys/crypto/openssl/ossl_x86.h b/sys/crypto/openssl/ossl_x86.h deleted file mode 100644 index 12bd5a4eaddb..000000000000 --- a/sys/crypto/openssl/ossl_x86.h +++ /dev/null @@ -1,20 +0,0 @@ -/* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#ifndef __OSSL_X86__ -#define __OSSL_X86__ - -#include -#include - -/* aesni-x86_64.S, aesni-x86.S */ -ossl_cipher_encrypt_t aesni_cbc_encrypt; - -#define AES_CBC_ENCRYPT aesni_cbc_encrypt -#endif diff --git a/sys/modules/ossl/Makefile b/sys/modules/ossl/Makefile index 765e70a03edd..dfd82dcf6e1f 100644 --- a/sys/modules/ossl/Makefile +++ b/sys/modules/ossl/Makefile @@ -4,12 +4,10 @@ .PATH: ${SRCTOP}/sys/crypto/openssl/${MACHINE_CPUARCH} KMOD= ossl -OBJS+= ${OBJS.${MACHINE_CPUARCH}} SRCS= bus_if.h \ cryptodev_if.h \ device_if.h \ ossl.c \ - ossl_aes.c \ ossl_chacha20.c \ ossl_poly1305.c \ ossl_sha1.c \ @@ -23,11 +21,9 @@ SRCS.aarch64= \ sha1-armv8.S \ sha256-armv8.S \ sha512-armv8.S \ - vpaes-armv8.S \ ossl_aarch64.c SRCS.amd64= \ - aesni-x86_64.S \ chacha-x86_64.S \ poly1305-x86_64.S \ sha1-x86_64.S \ @@ -36,7 +32,6 @@ SRCS.amd64= \ ossl_x86.c SRCS.i386= \ - aesni-x86.S \ chacha-x86.S \ poly1305-x86.S \ sha1-586.S \ @@ -50,13 +45,4 @@ ${SRCS.aarch64:M*.S:S/S/o/}: ${.TARGET:R}.S ${CC} -c ${CFLAGS:N-mgeneral-regs-only} ${WERROR} ${PROF} ${.IMPSRC} ${CTFCONVERT_CMD} -# Based on modules/armv8crypto/Makefile. -# Clang doesn't recognize "aes*" instructions without -march set. -aesv8-armx.o: aesv8-armx.S - ${CC} -c ${CFLAGS:N-mgeneral-regs-only} ${WERROR} ${PROF} \ - -march=armv8-a+crypto ${.IMPSRC} - ${CTFCONVERT_CMD} - -OBJS.aarch64= aesv8-armx.o - .include diff --git a/tests/sys/opencrypto/cryptotest.py b/tests/sys/opencrypto/cryptotest.py index 447a7854b246..74ce62cee33d 100644 --- a/tests/sys/opencrypto/cryptotest.py +++ b/tests/sys/opencrypto/cryptotest.py @@ -50,7 +50,7 @@ def katg(base, glob): raise unittest.SkipTest("Missing %s test vectors" % (base)) return iglob(os.path.join(katdir, base, glob)) -aesmodules = [ 'cryptosoft0', 'aesni0', 'armv8crypto0', 'ccr0', 'ccp0', 'ossl0', 'safexcel0', 'qat0' ] +aesmodules = [ 'cryptosoft0', 'aesni0', 'armv8crypto0', 'ccr0', 'ccp0', 'safexcel0', 'qat0' ] shamodules = [ 'cryptosoft0', 'aesni0', 'armv8crypto0', 'ccr0', 'ccp0', 'ossl0', 'safexcel0', 'qat0' ] def GenTestCase(cname):