FreeBSD Mail Archives

Date:      Mon, 11 May 2020 22:08:08 +0000 (UTC)
From:      John Baldwin <jhb@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r360936 - in head: share/man/man4 share/man/man9 sys/crypto/via sys/dev/cesa sys/dev/glxsb sys/dev/hifn sys/dev/safe sys/dev/sec sys/mips/cavium/cryptocteon sys/mips/nlm/dev/sec sys/ope...
Message-ID:  <202005112208.04BM880f065840@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help

Author: jhb
Date: Mon May 11 22:08:08 2020
New Revision: 360936
URL: https://svnweb.freebsd.org/changeset/base/360936

Log:
  Remove MD5 HMAC from OCF.
  
  There are no in-kernel consumers.
  
  Reviewed by:	cem
  Relnotes:	yes
  Sponsored by:	Chelsio Communications
  Differential Revision:	https://reviews.freebsd.org/D24775

Deleted:
  head/sys/opencrypto/xform_md5.c
Modified:
  head/share/man/man4/hifn.4
  head/share/man/man4/safe.4
  head/share/man/man9/crypto.9
  head/sys/crypto/via/padlock_hash.c
  head/sys/dev/cesa/cesa.c
  head/sys/dev/glxsb/glxsb.c
  head/sys/dev/hifn/hifn7751.c
  head/sys/dev/safe/safe.c
  head/sys/dev/sec/sec.c
  head/sys/mips/cavium/cryptocteon/cavium_crypto.c
  head/sys/mips/cavium/cryptocteon/cryptocteon.c
  head/sys/mips/cavium/cryptocteon/cryptocteonvar.h
  head/sys/mips/nlm/dev/sec/nlmsec.c
  head/sys/mips/nlm/dev/sec/nlmseclib.c
  head/sys/opencrypto/crypto.c
  head/sys/opencrypto/cryptodev.h
  head/sys/opencrypto/cryptosoft.c
  head/sys/opencrypto/xform.c
  head/sys/opencrypto/xform.h
  head/sys/opencrypto/xform_auth.h

Modified: head/share/man/man4/hifn.4
==============================================================================
--- head/share/man/man4/hifn.4	Mon May 11 21:42:19 2020	(r360935)
+++ head/share/man/man4/hifn.4	Mon May 11 22:08:08 2020	(r360936)
@@ -58,7 +58,7 @@ The
 .Nm
 driver registers itself to accelerate
 AES (7955 and 7956 only),
-MD5-HMAC, SHA1, and SHA1-HMAC operations for
+SHA1, and SHA1-HMAC operations for
 .Xr ipsec 4
 and
 .Xr crypto 4 .

Modified: head/share/man/man4/safe.4
==============================================================================
--- head/share/man/man4/safe.4	Mon May 11 21:42:19 2020	(r360935)
+++ head/share/man/man4/safe.4	Mon May 11 22:08:08 2020	(r360936)
@@ -60,7 +60,7 @@ driver supports cards containing SafeNet crypto accele
 .Pp
 The
 .Nm
-driver registers itself to accelerate AES, MD5-HMAC,
+driver registers itself to accelerate AES,
 SHA1-HMAC, and NULL operations for
 .Xr ipsec 4
 and

Modified: head/share/man/man9/crypto.9
==============================================================================
--- head/share/man/man9/crypto.9	Mon May 11 21:42:19 2020	(r360935)
+++ head/share/man/man9/crypto.9	Mon May 11 22:08:08 2020	(r360936)
@@ -106,7 +106,6 @@ The following authentication algorithms are supported:
 .It Dv CRYPTO_AES_NIST_GMAC
 .It Dv CRYPTO_BLAKE2B
 .It Dv CRYPTO_BLAKE2S
-.It Dv CRYPTO_MD5_HMAC
 .It Dv CRYPTO_NULL_HMAC
 .It Dv CRYPTO_POLY1305
 .It Dv CRYPTO_RIPEMD160

Modified: head/sys/crypto/via/padlock_hash.c
==============================================================================
--- head/sys/crypto/via/padlock_hash.c	Mon May 11 21:42:19 2020	(r360935)
+++ head/sys/crypto/via/padlock_hash.c	Mon May 11 22:08:08 2020	(r360936)
@@ -321,9 +321,6 @@ padlock_hash_lookup(int alg)
 	case CRYPTO_NULL_HMAC:
 		axf = &auth_hash_null;
 		break;
-	case CRYPTO_MD5_HMAC:
-		axf = &auth_hash_hmac_md5;
-		break;
 	case CRYPTO_SHA1_HMAC:
 		if ((via_feature_xcrypt & VIA_HAS_SHA) != 0)
 			axf = &padlock_hmac_sha1;

Modified: head/sys/dev/cesa/cesa.c
==============================================================================
--- head/sys/dev/cesa/cesa.c	Mon May 11 21:42:19 2020	(r360935)
+++ head/sys/dev/cesa/cesa.c	Mon May 11 22:08:08 2020	(r360936)
@@ -64,7 +64,6 @@ __FBSDID("$FreeBSD$");
 #include <dev/ofw/ofw_bus.h>
 #include <dev/ofw/ofw_bus_subr.h>
 
-#include <sys/md5.h>
 #include <crypto/sha1.h>
 #include <crypto/sha2/sha256.h>
 #include <crypto/rijndael/rijndael.h>
@@ -434,14 +433,6 @@ cesa_set_mkey(struct cesa_session *cs, int alg, const 
 	hout = (uint32_t *)cs->cs_hiv_out;
 
 	switch (alg) {
-	case CRYPTO_MD5_HMAC:
-		hmac_init_ipad(&auth_hash_hmac_md5, mkey, mklen, &auth_ctx);
-		memcpy(hin, auth_ctx.md5ctx.state,
-		    sizeof(auth_ctx.md5ctx.state));
-		hmac_init_opad(&auth_hash_hmac_md5, mkey, mklen, &auth_ctx);
-		memcpy(hout, auth_ctx.md5ctx.state,
-		    sizeof(auth_ctx.md5ctx.state));
-		break;
 	case CRYPTO_SHA1_HMAC:
 		hmac_init_ipad(&auth_hash_hmac_sha1, mkey, mklen, &auth_ctx);
 		memcpy(hin, auth_ctx.sha1ctx.h.b32,
@@ -1599,7 +1590,6 @@ cesa_auth_supported(struct cesa_softc *sc,
 		    sc->sc_soc_id == MV_DEV_88F6810))
 			return (false);
 		/* FALLTHROUGH */
-	case CRYPTO_MD5_HMAC:
 	case CRYPTO_SHA1:
 	case CRYPTO_SHA1_HMAC:
 		break;
@@ -1668,14 +1658,6 @@ cesa_newsession(device_t dev, crypto_session_t cses,
 	}
 
 	switch (csp->csp_auth_alg) {
-	case CRYPTO_MD5_HMAC:
-		cs->cs_mblen = MD5_BLOCK_LEN;
-		cs->cs_hlen = (csp->csp_auth_mlen == 0) ? MD5_HASH_LEN :
-		    csp->csp_auth_mlen;
-		cs->cs_config |= CESA_CSHD_MD5_HMAC;
-		if (cs->cs_hlen == CESA_HMAC_TRUNC_LEN)
-			cs->cs_config |= CESA_CSHD_96_BIT_HMAC;
-		break;
 	case CRYPTO_SHA1:
 		cs->cs_mblen = 1;
 		cs->cs_hlen = (csp->csp_auth_mlen == 0) ? SHA1_HASH_LEN :

Modified: head/sys/dev/glxsb/glxsb.c
==============================================================================
--- head/sys/dev/glxsb/glxsb.c	Mon May 11 21:42:19 2020	(r360935)
+++ head/sys/dev/glxsb/glxsb.c	Mon May 11 22:08:08 2020	(r360936)
@@ -497,7 +497,6 @@ glxsb_crypto_probesession(device_t dev, const struct c
 	case CSP_MODE_ETA:
 		switch (csp->csp_auth_alg) {
 		case CRYPTO_NULL_HMAC:
-		case CRYPTO_MD5_HMAC:
 		case CRYPTO_SHA1_HMAC:
 		case CRYPTO_RIPEMD160_HMAC:
 		case CRYPTO_SHA2_256_HMAC:

Modified: head/sys/dev/hifn/hifn7751.c
==============================================================================
--- head/sys/dev/hifn/hifn7751.c	Mon May 11 21:42:19 2020	(r360935)
+++ head/sys/dev/hifn/hifn7751.c	Mon May 11 22:08:08 2020	(r360936)
@@ -2296,7 +2296,6 @@ hifn_auth_supported(struct hifn_softc *sc,
 	switch (csp->csp_auth_alg) {
 	case CRYPTO_SHA1:
 		break;
-	case CRYPTO_MD5_HMAC:
 	case CRYPTO_SHA1_HMAC:
 		if (csp->csp_auth_klen > HIFN_MAC_KEY_LENGTH)
 			return (false);
@@ -2478,11 +2477,6 @@ hifn_process(device_t dev, struct cryptop *crp, int hi
 		cmd->base_masks |= HIFN_BASE_CMD_MAC;
 
 		switch (csp->csp_auth_alg) {
-		case CRYPTO_MD5_HMAC:
-			cmd->mac_masks |= HIFN_MAC_CMD_ALG_MD5 |
-			    HIFN_MAC_CMD_RESULT | HIFN_MAC_CMD_MODE_HMAC |
-			    HIFN_MAC_CMD_POS_IPSEC | HIFN_MAC_CMD_TRUNC;
-			break;
 		case CRYPTO_SHA1:
 			cmd->mac_masks |= HIFN_MAC_CMD_ALG_SHA1 |
 			    HIFN_MAC_CMD_RESULT | HIFN_MAC_CMD_MODE_HASH |
@@ -2495,8 +2489,7 @@ hifn_process(device_t dev, struct cryptop *crp, int hi
 			break;
 		}
 
-		if (csp->csp_auth_alg == CRYPTO_SHA1_HMAC ||
-		    csp->csp_auth_alg == CRYPTO_MD5_HMAC) {
+		if (csp->csp_auth_alg == CRYPTO_SHA1_HMAC) {
 			cmd->mac_masks |= HIFN_MAC_CMD_NEW_KEY;
 			if (crp->crp_auth_key != NULL)
 				mackey = crp->crp_auth_key;

Modified: head/sys/dev/safe/safe.c
==============================================================================
--- head/sys/dev/safe/safe.c	Mon May 11 21:42:19 2020	(r360935)
+++ head/sys/dev/safe/safe.c	Mon May 11 22:08:08 2020	(r360936)
@@ -638,28 +638,17 @@ static void
 safe_setup_mackey(struct safe_session *ses, int algo, const uint8_t *key,
     int klen)
 {
-	MD5_CTX md5ctx;
 	SHA1_CTX sha1ctx;
 	int i;
 
-	if (algo == CRYPTO_MD5_HMAC) {
-		hmac_init_ipad(&auth_hash_hmac_md5, key, klen, &md5ctx);
-		bcopy(md5ctx.state, ses->ses_hminner, sizeof(md5ctx.state));
+	hmac_init_ipad(&auth_hash_hmac_sha1, key, klen, &sha1ctx);
+	bcopy(sha1ctx.h.b32, ses->ses_hminner, sizeof(sha1ctx.h.b32));
 
-		hmac_init_opad(&auth_hash_hmac_md5, key, klen, &md5ctx);
-		bcopy(md5ctx.state, ses->ses_hmouter, sizeof(md5ctx.state));
+	hmac_init_opad(&auth_hash_hmac_sha1, key, klen, &sha1ctx);
+	bcopy(sha1ctx.h.b32, ses->ses_hmouter, sizeof(sha1ctx.h.b32));
 
-		explicit_bzero(&md5ctx, sizeof(md5ctx));
-	} else {
-		hmac_init_ipad(&auth_hash_hmac_sha1, key, klen, &sha1ctx);
-		bcopy(sha1ctx.h.b32, ses->ses_hminner, sizeof(sha1ctx.h.b32));
+	explicit_bzero(&sha1ctx, sizeof(sha1ctx));
 
-		hmac_init_opad(&auth_hash_hmac_sha1, key, klen, &sha1ctx);
-		bcopy(sha1ctx.h.b32, ses->ses_hmouter, sizeof(sha1ctx.h.b32));
-
-		explicit_bzero(&sha1ctx, sizeof(sha1ctx));
-	}
-
 	/* PE is little-endian, insure proper byte order */
 	for (i = 0; i < N(ses->ses_hminner); i++) {
 		ses->ses_hminner[i] = htole32(ses->ses_hminner[i]);
@@ -674,10 +663,6 @@ safe_auth_supported(struct safe_softc *sc,
 {
 
 	switch (csp->csp_auth_alg) {
-	case CRYPTO_MD5_HMAC:
-		if ((sc->sc_devinfo & SAFE_DEVINFO_MD5) == 0)
-			return (false);
-		break;
 	case CRYPTO_SHA1_HMAC:
 		if ((sc->sc_devinfo & SAFE_DEVINFO_SHA1) == 0)
 			return (false);
@@ -755,10 +740,7 @@ safe_newsession(device_t dev, crypto_session_t cses,
 	if (csp->csp_auth_alg != 0) {
 		ses->ses_mlen = csp->csp_auth_mlen;
 		if (ses->ses_mlen == 0) {
-			if (csp->csp_auth_alg == CRYPTO_MD5_HMAC)
-				ses->ses_mlen = MD5_HASH_LEN;
-			else
-				ses->ses_mlen = SHA1_HASH_LEN;
+			ses->ses_mlen = SHA1_HASH_LEN;
 		}
 
 		if (csp->csp_auth_key != NULL) {
@@ -907,10 +889,6 @@ safe_process(device_t dev, struct cryptop *crp, int hi
 		}
 
 		switch (csp->csp_auth_alg) {
-		case CRYPTO_MD5_HMAC:
-			cmd0 |= SAFE_SA_CMD0_MD5;
-			cmd1 |= SAFE_SA_CMD1_HMAC;	/* NB: enable HMAC */
-			break;
 		case CRYPTO_SHA1_HMAC:
 			cmd0 |= SAFE_SA_CMD0_SHA1;
 			cmd1 |= SAFE_SA_CMD1_HMAC;	/* NB: enable HMAC */

Modified: head/sys/dev/sec/sec.c
==============================================================================
--- head/sys/dev/sec/sec.c	Mon May 11 21:42:19 2020	(r360935)
+++ head/sys/dev/sec/sec.c	Mon May 11 22:08:08 2020	(r360936)
@@ -1158,7 +1158,6 @@ sec_auth_supported(struct sec_softc *sc,
 		if (sc->sc_version < 3)
 			return (false);
 		/* FALLTHROUGH */
-	case CRYPTO_MD5_HMAC:
 	case CRYPTO_SHA1_HMAC:
 	case CRYPTO_SHA2_256_HMAC:
 		if (csp->csp_auth_klen > SEC_MAX_KEY_LEN)
@@ -1465,7 +1464,6 @@ sec_mdeu_can_handle(u_int alg)
 {
 	switch (alg) {
 	case CRYPTO_SHA1:
-	case CRYPTO_MD5_HMAC:
 	case CRYPTO_SHA1_HMAC:
 	case CRYPTO_SHA2_256_HMAC:
 	case CRYPTO_SHA2_384_HMAC:
@@ -1485,12 +1483,6 @@ sec_mdeu_config(const struct crypto_session_params *cs
 	*eu = SEC_EU_NONE;
 
 	switch (csp->csp_auth_alg) {
-	case CRYPTO_MD5_HMAC:
-		*mode |= SEC_MDEU_MODE_HMAC;
-		*eu = SEC_EU_MDEU_A;
-		*mode |= SEC_MDEU_MODE_MD5;
-		*hashlen = MD5_HASH_LEN;
-		break;
 	case CRYPTO_SHA1_HMAC:
 		*mode |= SEC_MDEU_MODE_HMAC;
 		/* FALLTHROUGH */

Modified: head/sys/mips/cavium/cryptocteon/cavium_crypto.c
==============================================================================
--- head/sys/mips/cavium/cryptocteon/cavium_crypto.c	Mon May 11 21:42:19 2020	(r360935)
+++ head/sys/mips/cavium/cryptocteon/cavium_crypto.c	Mon May 11 22:08:08 2020	(r360936)
@@ -458,104 +458,6 @@ octo_aes_cbc_decrypt(
 }
 
 /****************************************************************************/
-/* MD5 */
-
-int
-octo_null_md5_encrypt(
-    struct octo_sess *od,
-    struct iovec *iov, size_t iovcnt, size_t iovlen,
-    int auth_off, int auth_len,
-    int crypt_off, int crypt_len,
-    uint8_t *icv, uint8_t *ivp)
-{
-    int next = 0;
-    uint64_t *data;
-    uint64_t tmp1, tmp2;
-    int data_i, data_l, alen = auth_len;
-
-    dprintf("%s()\n", __func__);
-
-    if (__predict_false(od == NULL || iov==NULL || iovlen==0 ||
-	    (auth_off & 0x7) || (auth_off + auth_len > iovlen))) {
-	dprintf("%s: Bad parameters od=%p iov=%p iovlen=%jd "
-		"auth_off=%d auth_len=%d crypt_off=%d crypt_len=%d "
-		"icv=%p ivp=%p\n", __func__, od, iov, iovlen,
-		auth_off, auth_len, crypt_off, crypt_len, icv, ivp);
-	return -EINVAL;
-    }
-
-    IOV_INIT(iov, data, data_i, data_l);
-
-    /* Load MD5 IV */
-    CVMX_MT_HSH_IV(od->octo_hminner[0], 0);
-    CVMX_MT_HSH_IV(od->octo_hminner[1], 1);
-
-    while (auth_off > 0) {
-	IOV_CONSUME(iov, data, data_i, data_l);
-	auth_off -= 8;
-    }
-
-    while (auth_len > 0) {
-	CVM_LOAD_MD5_UNIT(*data, next);
-	auth_len -= 8;
-	IOV_CONSUME(iov, data, data_i, data_l);
-    }
-
-    /* finish the hash */
-    CVMX_PREFETCH0(od->octo_hmouter);
-#if 0
-    if (__predict_false(inplen)) {
-	uint64_t tmp = 0;
-	uint8_t *p = (uint8_t *) & tmp;
-	p[inplen] = 0x80;
-	do {
-	    inplen--;
-	    p[inplen] = ((uint8_t *) data)[inplen];
-	} while (inplen);
-	CVM_LOAD_MD5_UNIT(tmp, next);
-    } else {
-	CVM_LOAD_MD5_UNIT(0x8000000000000000ULL, next);
-    }
-#else
-    CVM_LOAD_MD5_UNIT(0x8000000000000000ULL, next);
-#endif
-
-    /* Finish Inner hash */
-    while (next != 7) {
-	CVM_LOAD_MD5_UNIT(((uint64_t) 0x0ULL), next);
-    }
-    CVMX_ES64(tmp1, ((alen + 64) << 3));
-    CVM_LOAD_MD5_UNIT(tmp1, next);
-
-    /* Get the inner hash of HMAC */
-    CVMX_MF_HSH_IV(tmp1, 0);
-    CVMX_MF_HSH_IV(tmp2, 1);
-
-    /* Initialize hash unit */
-    CVMX_MT_HSH_IV(od->octo_hmouter[0], 0);
-    CVMX_MT_HSH_IV(od->octo_hmouter[1], 1);
-
-    CVMX_MT_HSH_DAT(tmp1, 0);
-    CVMX_MT_HSH_DAT(tmp2, 1);
-    CVMX_MT_HSH_DAT(0x8000000000000000ULL, 2);
-    CVMX_MT_HSH_DATZ(3);
-    CVMX_MT_HSH_DATZ(4);
-    CVMX_MT_HSH_DATZ(5);
-    CVMX_MT_HSH_DATZ(6);
-    CVMX_ES64(tmp1, ((64 + 16) << 3));
-    CVMX_MT_HSH_STARTMD5(tmp1);
-
-    /* save the HMAC */
-    data = (uint64_t *)icv;
-    CVMX_MF_HSH_IV(*data, 0);
-    data++;
-    CVMX_MF_HSH_IV(tmp1, 1);
-    *(uint32_t *)data = (uint32_t) (tmp1 >> 32);
-
-    return 0;
-}
-
-/****************************************************************************/
 /* SHA1 */
 
 int
@@ -652,351 +554,6 @@ octo_null_sha1_encrypt(
     data++;
     CVMX_MF_HSH_IV(tmp1, 1);
     *(uint32_t *)data = (uint32_t) (tmp1 >> 32);
-
-    return 0;
-}
-
-/****************************************************************************/
-/* AES MD5 */
-
-int
-octo_aes_cbc_md5_encrypt(
-    struct octo_sess *od,
-    struct iovec *iov, size_t iovcnt, size_t iovlen,
-    int auth_off, int auth_len,
-    int crypt_off, int crypt_len,
-    uint8_t *icv, uint8_t *ivp)
-{
-    int next = 0;
-    union {
-	uint32_t data32[2];
-	uint64_t data64[1];
-    } mydata[2];
-    uint64_t *pdata = &mydata[0].data64[0];
-    uint64_t *data =  &mydata[1].data64[0];
-    uint32_t *data32;
-    uint64_t tmp1, tmp2;
-    int data_i, data_l, alen = auth_len;
-
-    dprintf("%s()\n", __func__);
-
-    if (__predict_false(od == NULL || iov==NULL || iovlen==0 || ivp==NULL ||
-	    (crypt_off & 0x3) || (crypt_off + crypt_len > iovlen) ||
-	    (crypt_len  & 0x7) ||
-	    (auth_len  & 0x7) ||
-	    (auth_off & 0x3) || (auth_off + auth_len > iovlen))) {
-	dprintf("%s: Bad parameters od=%p iov=%p iovlen=%jd "
-		"auth_off=%d auth_len=%d crypt_off=%d crypt_len=%d "
-		"icv=%p ivp=%p\n", __func__, od, iov, iovlen,
-		auth_off, auth_len, crypt_off, crypt_len, icv, ivp);
-	return -EINVAL;
-    }
-
-    IOV_INIT(iov, data32, data_i, data_l);
-
-    CVMX_PREFETCH0(ivp);
-    CVMX_PREFETCH0(od->octo_enckey);
-
-    /* load AES Key */
-    CVMX_MT_AES_KEY(((uint64_t *) od->octo_enckey)[0], 0);
-    CVMX_MT_AES_KEY(((uint64_t *) od->octo_enckey)[1], 1);
-
-    if (od->octo_encklen == 16) {
-	CVMX_MT_AES_KEY(0x0, 2);
-	CVMX_MT_AES_KEY(0x0, 3);
-    } else if (od->octo_encklen == 24) {
-	CVMX_MT_AES_KEY(((uint64_t *) od->octo_enckey)[2], 2);
-	CVMX_MT_AES_KEY(0x0, 3);
-    } else if (od->octo_encklen == 32) {
-	CVMX_MT_AES_KEY(((uint64_t *) od->octo_enckey)[2], 2);
-	CVMX_MT_AES_KEY(((uint64_t *) od->octo_enckey)[3], 3);
-    } else {
-	dprintf("%s: Bad key length %d\n", __func__, od->octo_encklen);
-	return -EINVAL;
-    }
-    CVMX_MT_AES_KEYLENGTH(od->octo_encklen / 8 - 1);
-
-    CVMX_MT_AES_IV(((uint64_t *) ivp)[0], 0);
-    CVMX_MT_AES_IV(((uint64_t *) ivp)[1], 1);
-
-    /* Load MD5 IV */
-    CVMX_MT_HSH_IV(od->octo_hminner[0], 0);
-    CVMX_MT_HSH_IV(od->octo_hminner[1], 1);
-
-    while (crypt_off > 0 && auth_off > 0) {
-	IOV_CONSUME(iov, data32, data_i, data_l);
-	crypt_off -= 4;
-	auth_off -= 4;
-    }
-
-    while (crypt_len > 0 || auth_len > 0) {
-    	uint32_t *pdata32[3];
-
-	pdata32[0] = data32;
-	mydata[0].data32[0] = *data32;
-	IOV_CONSUME(iov, data32, data_i, data_l);
-
-	pdata32[1] = data32;
-	mydata[0].data32[1] = *data32;
-	IOV_CONSUME(iov, data32, data_i, data_l);
-
-	pdata32[2] = data32;
-	mydata[1].data32[0] = *data32;
-	IOV_CONSUME(iov, data32, data_i, data_l);
-
-	mydata[1].data32[1] = *data32;
-
-
-    	if (crypt_off <= 0) {
-	    if (crypt_len > 0) {
-		CVMX_MT_AES_ENC_CBC0(*pdata);
-		CVMX_MT_AES_ENC_CBC1(*data);
-		CVMX_MF_AES_RESULT(*pdata, 0);
-		CVMX_MF_AES_RESULT(*data, 1);
-		crypt_len -= 16;
-	    }
-	} else
-	    crypt_off -= 16;
-
-    	if (auth_off <= 0) {
-	    if (auth_len > 0) {
-		CVM_LOAD_MD5_UNIT(*pdata, next);
-		CVM_LOAD_MD5_UNIT(*data, next);
-		auth_len -= 16;
-	    }
-	} else
-	    auth_off -= 16;
-
-	*pdata32[0] = mydata[0].data32[0];
-	*pdata32[1] = mydata[0].data32[1];
-	*pdata32[2] = mydata[1].data32[0];
-	*data32     = mydata[1].data32[1];
-
-	IOV_CONSUME(iov, data32, data_i, data_l);
-    }
-
-    /* finish the hash */
-    CVMX_PREFETCH0(od->octo_hmouter);
-#if 0
-    if (__predict_false(inplen)) {
-	uint64_t tmp = 0;
-	uint8_t *p = (uint8_t *) & tmp;
-	p[inplen] = 0x80;
-	do {
-	    inplen--;
-	    p[inplen] = ((uint8_t *) data)[inplen];
-	} while (inplen);
-	CVM_LOAD_MD5_UNIT(tmp, next);
-    } else {
-	CVM_LOAD_MD5_UNIT(0x8000000000000000ULL, next);
-    }
-#else
-    CVM_LOAD_MD5_UNIT(0x8000000000000000ULL, next);
-#endif
-
-    /* Finish Inner hash */
-    while (next != 7) {
-	CVM_LOAD_MD5_UNIT(((uint64_t) 0x0ULL), next);
-    }
-    CVMX_ES64(tmp1, ((alen + 64) << 3));
-    CVM_LOAD_MD5_UNIT(tmp1, next);
-
-    /* Get the inner hash of HMAC */
-    CVMX_MF_HSH_IV(tmp1, 0);
-    CVMX_MF_HSH_IV(tmp2, 1);
-
-    /* Initialize hash unit */
-    CVMX_MT_HSH_IV(od->octo_hmouter[0], 0);
-    CVMX_MT_HSH_IV(od->octo_hmouter[1], 1);
-
-    CVMX_MT_HSH_DAT(tmp1, 0);
-    CVMX_MT_HSH_DAT(tmp2, 1);
-    CVMX_MT_HSH_DAT(0x8000000000000000ULL, 2);
-    CVMX_MT_HSH_DATZ(3);
-    CVMX_MT_HSH_DATZ(4);
-    CVMX_MT_HSH_DATZ(5);
-    CVMX_MT_HSH_DATZ(6);
-    CVMX_ES64(tmp1, ((64 + 16) << 3));
-    CVMX_MT_HSH_STARTMD5(tmp1);
-
-    /* save the HMAC */
-    data32 = (uint32_t *)icv;
-    CVMX_MF_HSH_IV(tmp1, 0);
-    *data32 = (uint32_t) (tmp1 >> 32);
-    data32++;
-    *data32 = (uint32_t) tmp1;
-    data32++;
-    CVMX_MF_HSH_IV(tmp1, 1);
-    *data32 = (uint32_t) (tmp1 >> 32);
-
-    return 0;
-}
-
-int
-octo_aes_cbc_md5_decrypt(
-    struct octo_sess *od,
-    struct iovec *iov, size_t iovcnt, size_t iovlen,
-    int auth_off, int auth_len,
-    int crypt_off, int crypt_len,
-    uint8_t *icv, uint8_t *ivp)
-{
-    int next = 0;
-    union {
-	uint32_t data32[2];
-	uint64_t data64[1];
-    } mydata[2];
-    uint64_t *pdata = &mydata[0].data64[0];
-    uint64_t *data =  &mydata[1].data64[0];
-    uint32_t *data32;
-    uint64_t tmp1, tmp2;
-    int data_i, data_l, alen = auth_len;
-
-    dprintf("%s()\n", __func__);
-
-    if (__predict_false(od == NULL || iov==NULL || iovlen==0 || ivp==NULL ||
-	    (crypt_off & 0x3) || (crypt_off + crypt_len > iovlen) ||
-	    (crypt_len  & 0x7) ||
-	    (auth_len  & 0x7) ||
-	    (auth_off & 0x3) || (auth_off + auth_len > iovlen))) {
-	dprintf("%s: Bad parameters od=%p iov=%p iovlen=%jd "
-		"auth_off=%d auth_len=%d crypt_off=%d crypt_len=%d "
-		"icv=%p ivp=%p\n", __func__, od, iov, iovlen,
-		auth_off, auth_len, crypt_off, crypt_len, icv, ivp);
-	return -EINVAL;
-    }
-
-    IOV_INIT(iov, data32, data_i, data_l);
-
-    CVMX_PREFETCH0(ivp);
-    CVMX_PREFETCH0(od->octo_enckey);
-
-    /* load AES Key */
-    CVMX_MT_AES_KEY(((uint64_t *) od->octo_enckey)[0], 0);
-    CVMX_MT_AES_KEY(((uint64_t *) od->octo_enckey)[1], 1);
-
-    if (od->octo_encklen == 16) {
-	CVMX_MT_AES_KEY(0x0, 2);
-	CVMX_MT_AES_KEY(0x0, 3);
-    } else if (od->octo_encklen == 24) {
-	CVMX_MT_AES_KEY(((uint64_t *) od->octo_enckey)[2], 2);
-	CVMX_MT_AES_KEY(0x0, 3);
-    } else if (od->octo_encklen == 32) {
-	CVMX_MT_AES_KEY(((uint64_t *) od->octo_enckey)[2], 2);
-	CVMX_MT_AES_KEY(((uint64_t *) od->octo_enckey)[3], 3);
-    } else {
-	dprintf("%s: Bad key length %d\n", __func__, od->octo_encklen);
-	return -EINVAL;
-    }
-    CVMX_MT_AES_KEYLENGTH(od->octo_encklen / 8 - 1);
-
-    CVMX_MT_AES_IV(((uint64_t *) ivp)[0], 0);
-    CVMX_MT_AES_IV(((uint64_t *) ivp)[1], 1);
-
-    /* Load MD5 IV */
-    CVMX_MT_HSH_IV(od->octo_hminner[0], 0);
-    CVMX_MT_HSH_IV(od->octo_hminner[1], 1);
-
-    while (crypt_off > 0 && auth_off > 0) {
-	IOV_CONSUME(iov, data32, data_i, data_l);
-	crypt_off -= 4;
-	auth_off -= 4;
-    }
-
-    while (crypt_len > 0 || auth_len > 0) {
-    	uint32_t *pdata32[3];
-
-	pdata32[0] = data32;
-	mydata[0].data32[0] = *data32;
-	IOV_CONSUME(iov, data32, data_i, data_l);
-	pdata32[1] = data32;
-	mydata[0].data32[1] = *data32;
-	IOV_CONSUME(iov, data32, data_i, data_l);
-	pdata32[2] = data32;
-	mydata[1].data32[0] = *data32;
-	IOV_CONSUME(iov, data32, data_i, data_l);
-	mydata[1].data32[1] = *data32;
-
-    	if (auth_off <= 0) {
-	    if (auth_len > 0) {
-		CVM_LOAD_MD5_UNIT(*pdata, next);
-		CVM_LOAD_MD5_UNIT(*data, next);
-		auth_len -= 16;
-	    }
-	} else
-	    auth_off -= 16;
-
-    	if (crypt_off <= 0) {
-	    if (crypt_len > 0) {
-		CVMX_MT_AES_DEC_CBC0(*pdata);
-		CVMX_MT_AES_DEC_CBC1(*data);
-		CVMX_MF_AES_RESULT(*pdata, 0);
-		CVMX_MF_AES_RESULT(*data, 1);
-		crypt_len -= 16;
-	    }
-	} else
-	    crypt_off -= 16;
-
-	*pdata32[0] = mydata[0].data32[0];
-	*pdata32[1] = mydata[0].data32[1];
-	*pdata32[2] = mydata[1].data32[0];
-	*data32     = mydata[1].data32[1];
-
-	IOV_CONSUME(iov, data32, data_i, data_l);
-    }
-
-    /* finish the hash */
-    CVMX_PREFETCH0(od->octo_hmouter);
-#if 0
-    if (__predict_false(inplen)) {
-	uint64_t tmp = 0;
-	uint8_t *p = (uint8_t *) & tmp;
-	p[inplen] = 0x80;
-	do {
-	    inplen--;
-	    p[inplen] = ((uint8_t *) data)[inplen];
-	} while (inplen);
-	CVM_LOAD_MD5_UNIT(tmp, next);
-    } else {
-	CVM_LOAD_MD5_UNIT(0x8000000000000000ULL, next);
-    }
-#else
-    CVM_LOAD_MD5_UNIT(0x8000000000000000ULL, next);
-#endif
-
-    /* Finish Inner hash */
-    while (next != 7) {
-	CVM_LOAD_MD5_UNIT(((uint64_t) 0x0ULL), next);
-    }
-    CVMX_ES64(tmp1, ((alen + 64) << 3));
-    CVM_LOAD_MD5_UNIT(tmp1, next);
-
-    /* Get the inner hash of HMAC */
-    CVMX_MF_HSH_IV(tmp1, 0);
-    CVMX_MF_HSH_IV(tmp2, 1);
-
-    /* Initialize hash unit */
-    CVMX_MT_HSH_IV(od->octo_hmouter[0], 0);
-    CVMX_MT_HSH_IV(od->octo_hmouter[1], 1);
-
-    CVMX_MT_HSH_DAT(tmp1, 0);
-    CVMX_MT_HSH_DAT(tmp2, 1);
-    CVMX_MT_HSH_DAT(0x8000000000000000ULL, 2);
-    CVMX_MT_HSH_DATZ(3);
-    CVMX_MT_HSH_DATZ(4);
-    CVMX_MT_HSH_DATZ(5);
-    CVMX_MT_HSH_DATZ(6);
-    CVMX_ES64(tmp1, ((64 + 16) << 3));
-    CVMX_MT_HSH_STARTMD5(tmp1);
-
-    /* save the HMAC */
-    data32 = (uint32_t *)icv;
-    CVMX_MF_HSH_IV(tmp1, 0);
-    *data32 = (uint32_t) (tmp1 >> 32);
-    data32++;
-    *data32 = (uint32_t) tmp1;
-    data32++;
-    CVMX_MF_HSH_IV(tmp1, 1);
-    *data32 = (uint32_t) (tmp1 >> 32);
 
     return 0;
 }

Modified: head/sys/mips/cavium/cryptocteon/cryptocteon.c
==============================================================================
--- head/sys/mips/cavium/cryptocteon/cryptocteon.c	Mon May 11 21:42:19 2020	(r360935)
+++ head/sys/mips/cavium/cryptocteon/cryptocteon.c	Mon May 11 22:08:08 2020	(r360936)
@@ -101,9 +101,6 @@ cryptocteon_auth_supported(const struct crypto_session
 	u_int hash_len;
 
 	switch (csp->csp_auth_alg) {
-	case CRYPTO_MD5_HMAC:
-		hash_len = MD5_HASH_LEN;
-		break;
 	case CRYPTO_SHA1_HMAC:
 		hash_len = SHA1_HASH_LEN;
 		break;
@@ -197,9 +194,6 @@ cryptocteon_newsession(device_t dev, crypto_session_t 
 	ocd->octo_mlen = csp->csp_auth_mlen;
 	if (csp->csp_auth_mlen == 0) {
 		switch (csp->csp_auth_alg) {
-		case CRYPTO_MD5_HMAC:
-			ocd->octo_mlen = MD5_HASH_LEN;
-			break;
 		case CRYPTO_SHA1_HMAC:
 			ocd->octo_mlen = SHA1_HASH_LEN;
 			break;
@@ -209,10 +203,6 @@ cryptocteon_newsession(device_t dev, crypto_session_t 
 	switch (csp->csp_mode) {
 	case CSP_MODE_DIGEST:
 		switch (csp->csp_auth_alg) {
-		case CRYPTO_MD5_HMAC:
-			ocd->octo_encrypt = octo_null_md5_encrypt;
-			ocd->octo_decrypt = octo_null_md5_encrypt;
-			break;
 		case CRYPTO_SHA1_HMAC:
 			ocd->octo_encrypt = octo_null_sha1_encrypt;
 			ocd->octo_decrypt = octo_null_sha1_encrypt;
@@ -231,10 +221,6 @@ cryptocteon_newsession(device_t dev, crypto_session_t 
 		switch (csp->csp_cipher_alg) {
 		case CRYPTO_AES_CBC:
 			switch (csp->csp_auth_alg) {
-			case CRYPTO_MD5_HMAC:
-				ocd->octo_encrypt = octo_aes_cbc_md5_encrypt;
-				ocd->octo_decrypt = octo_aes_cbc_md5_decrypt;
-				break;
 			case CRYPTO_SHA1_HMAC:
 				ocd->octo_encrypt = octo_aes_cbc_sha1_encrypt;
 				ocd->octo_decrypt = octo_aes_cbc_sha1_decrypt;

Modified: head/sys/mips/cavium/cryptocteon/cryptocteonvar.h
==============================================================================
--- head/sys/mips/cavium/cryptocteon/cryptocteonvar.h	Mon May 11 21:42:19 2020	(r360935)
+++ head/sys/mips/cavium/cryptocteon/cryptocteonvar.h	Mon May 11 22:08:08 2020	(r360936)
@@ -64,15 +64,12 @@ extern int cryptocteon_debug;
 void octo_calc_hash(uint8_t, unsigned char *, uint64_t *, uint64_t *);
 
 /* XXX Actually just hashing functions, not encryption.  */
-octo_encrypt_t octo_null_md5_encrypt;
 octo_encrypt_t octo_null_sha1_encrypt;
 
 octo_encrypt_t octo_aes_cbc_encrypt;
-octo_encrypt_t octo_aes_cbc_md5_encrypt;
 octo_encrypt_t octo_aes_cbc_sha1_encrypt;
 
 octo_decrypt_t octo_aes_cbc_decrypt;
-octo_decrypt_t octo_aes_cbc_md5_decrypt;
 octo_decrypt_t octo_aes_cbc_sha1_decrypt;
 
 #endif /* !_MIPS_CAVIUM_CRYPTOCTEON_CRYPTOCTEONVAR_H_ */

Modified: head/sys/mips/nlm/dev/sec/nlmsec.c
==============================================================================
--- head/sys/mips/nlm/dev/sec/nlmsec.c	Mon May 11 21:42:19 2020	(r360935)
+++ head/sys/mips/nlm/dev/sec/nlmsec.c	Mon May 11 22:08:08 2020	(r360936)
@@ -377,7 +377,6 @@ xlp_sec_auth_supported(const struct crypto_session_par
 
 	switch (csp->csp_auth_alg) {
 	case CRYPTO_SHA1:
-	case CRYPTO_MD5_HMAC:
 	case CRYPTO_SHA1_HMAC:
 		break;
 	default:

Modified: head/sys/mips/nlm/dev/sec/nlmseclib.c
==============================================================================
--- head/sys/mips/nlm/dev/sec/nlmseclib.c	Mon May 11 21:42:19 2020	(r360935)
+++ head/sys/mips/nlm/dev/sec/nlmseclib.c	Mon May 11 22:08:08 2020	(r360936)
@@ -253,10 +253,6 @@ nlm_get_digest_param(struct xlp_sec_command *cmd,
 		cmd->hashalg  = NLM_HASH_SHA;
 		cmd->hashmode = NLM_HASH_MODE_SHA1;
 		break;
-	case CRYPTO_MD5_HMAC:
-		cmd->hashalg  = NLM_HASH_MD5;
-		cmd->hashmode = NLM_HASH_MODE_SHA1;
-		break;
 	case CRYPTO_SHA1_HMAC:
 		cmd->hashalg  = NLM_HASH_SHA;
 		cmd->hashmode = NLM_HASH_MODE_SHA1;

Modified: head/sys/opencrypto/crypto.c
==============================================================================
--- head/sys/opencrypto/crypto.c	Mon May 11 21:42:19 2020	(r360935)
+++ head/sys/opencrypto/crypto.c	Mon May 11 22:08:08 2020	(r360936)
@@ -530,8 +530,6 @@ crypto_auth_hash(const struct crypto_session_params *c
 {
 
 	switch (csp->csp_auth_alg) {
-	case CRYPTO_MD5_HMAC:
-		return (&auth_hash_hmac_md5);
 	case CRYPTO_SHA1_HMAC:
 		return (&auth_hash_hmac_sha1);
 	case CRYPTO_SHA2_224_HMAC:
@@ -674,7 +672,6 @@ static enum alg_type {
 	ALG_COMPRESSION,
 	ALG_AEAD
 } alg_types[] = {
-	[CRYPTO_MD5_HMAC] = ALG_KEYED_DIGEST,
 	[CRYPTO_SHA1_HMAC] = ALG_KEYED_DIGEST,
 	[CRYPTO_RIPEMD160_HMAC] = ALG_KEYED_DIGEST,
 	[CRYPTO_AES_CBC] = ALG_CIPHER,

Modified: head/sys/opencrypto/cryptodev.h
==============================================================================
--- head/sys/opencrypto/cryptodev.h	Mon May 11 21:42:19 2020	(r360935)
+++ head/sys/opencrypto/cryptodev.h	Mon May 11 22:08:08 2020	(r360936)
@@ -74,7 +74,6 @@
 
 /* Hash values */
 #define	NULL_HASH_LEN		16
-#define	MD5_HASH_LEN		16
 #define	SHA1_HASH_LEN		20
 #define	RIPEMD160_HASH_LEN	20
 #define	SHA2_224_HASH_LEN	28
@@ -87,7 +86,6 @@
 /* Maximum hash algorithm result length */
 #define	HASH_MAX_LEN		SHA2_512_HASH_LEN /* Keep this updated */
 
-#define	MD5_BLOCK_LEN		64
 #define	SHA1_BLOCK_LEN		64
 #define	RIPEMD160_BLOCK_LEN	64
 #define	SHA2_224_BLOCK_LEN	64
@@ -210,7 +208,7 @@
 /* NB: deprecated */
 struct session_op {
 	u_int32_t	cipher;		/* ie. CRYPTO_AES_CBC */
-	u_int32_t	mac;		/* ie. CRYPTO_MD5_HMAC */
+	u_int32_t	mac;		/* ie. CRYPTO_SHA2_256_HMAC */
 
 	u_int32_t	keylen;		/* cipher key */
 	c_caddr_t	key;
@@ -227,7 +225,7 @@ struct session_op {
  */
 struct session2_op {
 	u_int32_t	cipher;		/* ie. CRYPTO_AES_CBC */
-	u_int32_t	mac;		/* ie. CRYPTO_MD5_HMAC */
+	u_int32_t	mac;		/* ie. CRYPTO_SHA2_256_HMAC */
 
 	u_int32_t	keylen;		/* cipher key */
 	c_caddr_t	key;

Modified: head/sys/opencrypto/cryptosoft.c
==============================================================================
--- head/sys/opencrypto/cryptosoft.c	Mon May 11 21:42:19 2020	(r360935)
+++ head/sys/opencrypto/cryptosoft.c	Mon May 11 22:08:08 2020	(r360936)
@@ -49,7 +49,6 @@ __FBSDID("$FreeBSD$");
 
 #include <crypto/sha1.h>
 #include <opencrypto/rmd160.h>
-#include <sys/md5.h>
 
 #include <opencrypto/cryptodev.h>
 #include <opencrypto/xform.h>
@@ -336,7 +335,6 @@ swcr_authprepare(struct auth_hash *axf, struct swcr_au
 {
 
 	switch (axf->type) {
-	case CRYPTO_MD5_HMAC:
 	case CRYPTO_SHA1_HMAC:
 	case CRYPTO_SHA2_224_HMAC:
 	case CRYPTO_SHA2_256_HMAC:
@@ -403,7 +401,6 @@ swcr_authcompute(struct swcr_session *ses, struct cryp
 		axf->Final(aalg, &ctx);
 		break;
 
-	case CRYPTO_MD5_HMAC:
 	case CRYPTO_SHA1_HMAC:
 	case CRYPTO_SHA2_224_HMAC:
 	case CRYPTO_SHA2_256_HMAC:
@@ -899,7 +896,6 @@ swcr_setup_auth(struct swcr_session *ses,
 		return (ENOBUFS);
 	
 	switch (csp->csp_auth_alg) {
-	case CRYPTO_MD5_HMAC:
 	case CRYPTO_SHA1_HMAC:
 	case CRYPTO_SHA2_224_HMAC:
 	case CRYPTO_SHA2_256_HMAC:
@@ -1085,7 +1081,6 @@ swcr_auth_supported(const struct crypto_session_params
 	if (axf == NULL)
 		return (false);
 	switch (csp->csp_auth_alg) {
-	case CRYPTO_MD5_HMAC:
 	case CRYPTO_SHA1_HMAC:
 	case CRYPTO_SHA2_224_HMAC:
 	case CRYPTO_SHA2_256_HMAC:

Modified: head/sys/opencrypto/xform.c
==============================================================================
--- head/sys/opencrypto/xform.c	Mon May 11 21:42:19 2020	(r360935)
+++ head/sys/opencrypto/xform.c	Mon May 11 22:08:08 2020	(r360936)
@@ -66,8 +66,6 @@ __FBSDID("$FreeBSD$");
 #include <opencrypto/deflate.h>
 #include <opencrypto/rmd160.h>
 
-#include <sys/md5.h>
-
 #include <opencrypto/cryptodev.h>
 #include <opencrypto/xform.h>
 
@@ -82,7 +80,6 @@ MALLOC_DEFINE(M_XDATA, "xform", "xform data buffers");
 
 /* Include the authentication and hashing algorithms */
 #include "xform_gmac.c"
-#include "xform_md5.c"
 #include "xform_rmd160.c"
 #include "xform_sha1.c"
 #include "xform_sha2.c"

Modified: head/sys/opencrypto/xform.h
==============================================================================
--- head/sys/opencrypto/xform.h	Mon May 11 21:42:19 2020	(r360935)
+++ head/sys/opencrypto/xform.h	Mon May 11 22:08:08 2020	(r360936)
@@ -31,7 +31,6 @@
 #ifndef _CRYPTO_XFORM_H_
 #define _CRYPTO_XFORM_H_
 
-#include <sys/md5.h>
 #include <crypto/sha1.h>
 #include <crypto/sha2/sha256.h>
 #include <crypto/sha2/sha384.h>

Modified: head/sys/opencrypto/xform_auth.h
==============================================================================
--- head/sys/opencrypto/xform_auth.h	Mon May 11 21:42:19 2020	(r360935)
+++ head/sys/opencrypto/xform_auth.h	Mon May 11 22:08:08 2020	(r360936)
@@ -34,7 +34,6 @@
 #include <sys/malloc.h>
 #include <sys/errno.h>
 
-#include <sys/md5.h>
 #include <crypto/sha1.h>
 #include <crypto/sha2/sha224.h>
 #include <crypto/sha2/sha256.h>
@@ -66,7 +65,6 @@ struct auth_hash {
 };
 
 extern struct auth_hash auth_hash_null;
-extern struct auth_hash auth_hash_hmac_md5;
 extern struct auth_hash auth_hash_hmac_sha1;
 extern struct auth_hash auth_hash_hmac_ripemd_160;
 extern struct auth_hash auth_hash_hmac_sha2_224;
@@ -89,7 +87,6 @@ extern struct auth_hash auth_hash_ccm_cbc_mac_192;
 extern struct auth_hash auth_hash_ccm_cbc_mac_256;
 
 union authctx {
-	MD5_CTX md5ctx;
 	SHA1_CTX sha1ctx;
 	RMD160_CTX rmd160ctx;
 	SHA224_CTX sha224ctx;

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202005112208.04BM880f065840>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation