On Mon, Aug 18, 2014 at 16:03 +0200, Mike Belopuhov wrote:
> this removes /dev/crypto device interface and public key functionality
> that is only usable via /dev/crypto.
>
> OK?
>
minor correction: preserve #ifdef _KERNEL in the cryptodev.h. while
there are no userland programs including it atm leaving it for the
symmetry with cryptosoft.c seems like a good idea.
diff --git sys/conf/files sys/conf/files
index 3941639..9af78cc 100644
--- sys/conf/files
+++ sys/conf/files
@@ -870,11 +870,10 @@ file crypto/blf.c (inet & ipsec) | crypto
| vnd
file crypto/cast.c (inet & ipsec) | crypto
file crypto/ecb_enc.c (inet & ipsec) | crypto
file crypto/set_key.c (inet & ipsec) | crypto
file crypto/ecb3_enc.c (inet & ipsec) | crypto
file crypto/crypto.c (inet & ipsec) | crypto
-file crypto/cryptodev.c ((inet & ipsec) | crypto)
needs-flag
file crypto/criov.c (inet & ipsec) | crypto
file crypto/cryptosoft.c (inet & ipsec) | crypto
file crypto/xform.c (inet & ipsec) | crypto
file crypto/xform_ipcomp.c (inet & ipsec) | crypto
file crypto/arc4.c
diff --git sys/crypto/crypto.c sys/crypto/crypto.c
index f62752d..4a11ae3 100644
--- sys/crypto/crypto.c
+++ sys/crypto/crypto.c
@@ -280,39 +280,10 @@ crypto_get_driverid(u_int8_t flags)
/*
* Register a crypto driver. It should be called once for each algorithm
* supported by the driver.
*/
int
-crypto_kregister(u_int32_t driverid, int *kalg,
- int (*kprocess)(struct cryptkop *))
-{
- int s, i;
-
- if (driverid >= crypto_drivers_num || kalg == NULL ||
- crypto_drivers == NULL)
- return EINVAL;
-
- s = splvm();
-
- for (i = 0; i <= CRK_ALGORITHM_MAX; i++) {
- /*
- * XXX Do some performance testing to determine
- * placing. We probably need an auxiliary data
- * structure that describes relative performances.
- */
-
- crypto_drivers[driverid].cc_kalg[i] = kalg[i];
- }
-
- crypto_drivers[driverid].cc_kprocess = kprocess;
-
- splx(s);
- return 0;
-}
-
-/* Register a crypto driver. */
-int
crypto_register(u_int32_t driverid, int *alg,
int (*newses)(u_int32_t *, struct cryptoini *),
int (*freeses)(u_int64_t), int (*process)(struct cryptop *))
{
int s, i;
@@ -410,71 +381,10 @@ crypto_dispatch(struct cryptop *crp)
}
return 0;
}
-int
-crypto_kdispatch(struct cryptkop *krp)
-{
- if (crypto_taskq) {
- task_set(&krp->krp_task, (void (*))crypto_kinvoke, krp, NULL);
- task_add(crypto_taskq, &krp->krp_task);
- } else {
- crypto_kinvoke(krp);
- }
-
- return 0;
-}
-
-/*
- * Dispatch an asymmetric crypto request to the appropriate crypto devices.
- */
-int
-crypto_kinvoke(struct cryptkop *krp)
-{
- extern int cryptodevallowsoft;
- u_int32_t hid;
- int error;
- int s;
-
- /* Sanity checks. */
- if (krp == NULL || krp->krp_callback == NULL)
- return (EINVAL);
-
- s = splvm();
- for (hid = 0; hid < crypto_drivers_num; hid++) {
- if ((crypto_drivers[hid].cc_flags & CRYPTOCAP_F_SOFTWARE) &&
- cryptodevallowsoft == 0)
- continue;
- if (crypto_drivers[hid].cc_kprocess == NULL)
- continue;
- if ((crypto_drivers[hid].cc_kalg[krp->krp_op] &
- CRYPTO_ALG_FLAG_SUPPORTED) == 0)
- continue;
- break;
- }
-
- if (hid == crypto_drivers_num) {
- krp->krp_status = ENODEV;
- crypto_kdone(krp);
- splx(s);
- return (0);
- }
-
- krp->krp_hid = hid;
-
- crypto_drivers[hid].cc_koperations++;
-
- error = crypto_drivers[hid].cc_kprocess(krp);
- if (error) {
- krp->krp_status = error;
- crypto_kdone(krp);
- }
- splx(s);
- return (0);
-}
-
/*
* Dispatch a crypto request to the appropriate crypto devices.
*/
int
crypto_invoke(struct cryptop *crp)
@@ -624,40 +534,5 @@ crypto_done(struct cryptop *crp)
task_set(&crp->crp_task, (void (*))crp->crp_callback,
crp, NULL);
task_add(crypto_taskq, &crp->crp_task);
}
}
-
-/*
- * Invoke the callback on behalf of the driver.
- */
-void
-crypto_kdone(struct cryptkop *krp)
-{
- task_set(&krp->krp_task, (void (*))krp->krp_callback, krp, NULL);
- task_add(crypto_taskq, &krp->krp_task);
-}
-
-int
-crypto_getfeat(int *featp)
-{
- extern int cryptodevallowsoft, userasymcrypto;
- int hid, kalg, feat = 0;
-
- if (userasymcrypto == 0)
- goto out;
- for (hid = 0; hid < crypto_drivers_num; hid++) {
- if ((crypto_drivers[hid].cc_flags & CRYPTOCAP_F_SOFTWARE) &&
- cryptodevallowsoft == 0) {
- continue;
- }
- if (crypto_drivers[hid].cc_kprocess == NULL)
- continue;
- for (kalg = 0; kalg <= CRK_ALGORITHM_MAX; kalg++)
- if ((crypto_drivers[hid].cc_kalg[kalg] &
- CRYPTO_ALG_FLAG_SUPPORTED) != 0)
- feat |= 1 << kalg;
- }
-out:
- *featp = feat;
- return (0);
-}
diff --git sys/crypto/cryptodev.c sys/crypto/cryptodev.c
deleted file mode 100644
index b704aac..0000000
--- sys/crypto/cryptodev.c
+++ /dev/null
@@ -1,760 +0,0 @@
-/* $OpenBSD: cryptodev.c,v 1.82 2014/08/18 05:11:03 dlg Exp $ */
-
-/*
- * Copyright (c) 2001 Theo de Raadt
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- * Effort sponsored in part by the Defense Advanced Research Projects
- * Agency (DARPA) and Air Force Research Laboratory, Air Force
- * Materiel Command, USAF, under agreement number F30602-01-2-0537.
- *
- */
-
-#include <sys/param.h>
-#include <sys/systm.h>
-#include <sys/malloc.h>
-#include <sys/pool.h>
-#include <sys/mbuf.h>
-#include <sys/proc.h>
-#include <sys/file.h>
-#include <sys/filedesc.h>
-#include <sys/errno.h>
-#include <dev/rndvar.h>
-#include <sys/conf.h>
-#include <sys/device.h>
-#include <crypto/md5.h>
-#include <crypto/sha1.h>
-#include <crypto/rmd160.h>
-#include <crypto/cast.h>
-#include <crypto/blf.h>
-#include <crypto/cryptodev.h>
-#include <crypto/xform.h>
-
-extern struct cryptocap *crypto_drivers;
-extern int crypto_drivers_num;
-
-struct csession {
- TAILQ_ENTRY(csession) next;
- u_int64_t sid;
- u_int32_t ses;
-
- u_int32_t cipher;
- struct enc_xform *txform;
- u_int32_t mac;
- struct auth_hash *thash;
-
- caddr_t key;
- int keylen;
- u_char tmp_iv[EALG_MAX_BLOCK_LEN];
-
- caddr_t mackey;
- int mackeylen;
- u_char tmp_mac[CRYPTO_MAX_MAC_LEN];
-
- struct iovec iovec[IOV_MAX];
- struct uio uio;
- int error;
-};
-
-struct fcrypt {
- TAILQ_HEAD(csessionlist, csession) csessions;
- int sesn;
-};
-
-void cryptoattach(int);
-
-int cryptof_read(struct file *, off_t *, struct uio *, struct ucred *);
-int cryptof_write(struct file *, off_t *, struct uio *, struct ucred *);
-int cryptof_ioctl(struct file *, u_long, caddr_t, struct proc *p);
-int cryptof_poll(struct file *, int, struct proc *);
-int cryptof_kqfilter(struct file *, struct knote *);
-int cryptof_stat(struct file *, struct stat *, struct proc *);
-int cryptof_close(struct file *, struct proc *);
-
-static struct fileops cryptofops = {
- cryptof_read,
- cryptof_write,
- cryptof_ioctl,
- cryptof_poll,
- cryptof_kqfilter,
- cryptof_stat,
- cryptof_close
-};
-
-struct csession *csefind(struct fcrypt *, u_int);
-int csedelete(struct fcrypt *, struct csession *);
-struct csession *cseadd(struct fcrypt *, struct csession *);
-struct csession *csecreate(struct fcrypt *, u_int64_t, caddr_t, u_int64_t,
- caddr_t, u_int64_t, u_int32_t, u_int32_t, struct enc_xform *,
- struct auth_hash *);
-int csefree(struct csession *);
-
-int cryptodev_op(struct csession *, struct crypt_op *, struct proc *);
-int cryptodev_key(struct crypt_kop *);
-int cryptodev_dokey(struct crypt_kop *kop, struct crparam kvp[]);
-
-int cryptodev_cb(struct cryptop *);
-int cryptodevkey_cb(struct cryptkop *);
-
-int usercrypto = 0; /* userland may do crypto requests */
-int userasymcrypto = 0; /* userland may do asymmetric crypto reqs */
-int cryptodevallowsoft = 0; /* only use hardware crypto */
-
-/* ARGSUSED */
-int
-cryptof_read(struct file *fp, off_t *poff, struct uio *uio, struct ucred *cred)
-{
- return (EIO);
-}
-
-/* ARGSUSED */
-int
-cryptof_write(struct file *fp, off_t *poff, struct uio *uio, struct ucred
*cred)
-{
- return (EIO);
-}
-
-/* ARGSUSED */
-int
-cryptof_ioctl(struct file *fp, u_long cmd, caddr_t data, struct proc *p)
-{
- struct cryptoini cria, crie;
- struct fcrypt *fcr = fp->f_data;
- struct csession *cse;
- struct session_op *sop;
- struct crypt_op *cop;
- struct enc_xform *txform = NULL;
- struct auth_hash *thash = NULL;
- u_int64_t sid;
- u_int32_t ses;
- int error = 0;
-
- switch (cmd) {
- case CIOCGSESSION:
- sop = (struct session_op *)data;
- switch (sop->cipher) {
- case 0:
- break;
- case CRYPTO_DES_CBC:
- txform = &enc_xform_des;
- break;
- case CRYPTO_3DES_CBC:
- txform = &enc_xform_3des;
- break;
- case CRYPTO_BLF_CBC:
- txform = &enc_xform_blf;
- break;
- case CRYPTO_CAST_CBC:
- txform = &enc_xform_cast5;
- break;
- case CRYPTO_AES_CBC:
- txform = &enc_xform_rijndael128;
- break;
- case CRYPTO_AES_CTR:
- txform = &enc_xform_aes_ctr;
- break;
- case CRYPTO_AES_XTS:
- txform = &enc_xform_aes_xts;
- break;
- case CRYPTO_ARC4:
- txform = &enc_xform_arc4;
- break;
- case CRYPTO_NULL:
- txform = &enc_xform_null;
- break;
- default:
- return (EINVAL);
- }
-
- switch (sop->mac) {
- case 0:
- break;
-#if 0
- case CRYPTO_MD5_HMAC:
- thash = &auth_hash_hmac_md5_96;
- break;
- case CRYPTO_SHA1_HMAC:
- thash = &auth_hash_hmac_sha1_96;
- break;
- case CRYPTO_RIPEMD160_HMAC:
- thash = &auth_hash_hmac_ripemd_160_96;
- break;
- case CRYPTO_MD5:
- thash = &auth_hash_md5;
- break;
- case CRYPTO_SHA1:
- thash = &auth_hash_sha1;
- break;
-#endif
- default:
- return (EINVAL);
- }
-
- bzero(&crie, sizeof(crie));
- bzero(&cria, sizeof(cria));
-
- if (txform) {
- crie.cri_alg = txform->type;
- crie.cri_klen = sop->keylen * 8;
- if (sop->keylen > txform->maxkey ||
- sop->keylen < txform->minkey) {
- error = EINVAL;
- goto bail;
- }
-
- crie.cri_key = malloc(crie.cri_klen / 8, M_XDATA,
- M_WAITOK);
- if ((error = copyin(sop->key, crie.cri_key,
- crie.cri_klen / 8)))
- goto bail;
- if (thash)
- crie.cri_next = &cria;
- }
-
- if (thash) {
- cria.cri_alg = thash->type;
- cria.cri_klen = sop->mackeylen * 8;
- if (sop->mackeylen != thash->keysize) {
- error = EINVAL;
- goto bail;
- }
-
- if (cria.cri_klen) {
- cria.cri_key = malloc(cria.cri_klen / 8,
- M_XDATA, M_WAITOK);
- if ((error = copyin(sop->mackey, cria.cri_key,
- cria.cri_klen / 8)))
- goto bail;
- }
- }
-
- error = crypto_newsession(&sid, (txform ? &crie : &cria),
- !cryptodevallowsoft);
-
- if (error)
- goto bail;
-
- cse = csecreate(fcr, sid, crie.cri_key, crie.cri_klen,
- cria.cri_key, cria.cri_klen, sop->cipher, sop->mac, txform,
- thash);
-
- if (cse == NULL) {
- crypto_freesession(sid);
- error = EINVAL;
- goto bail;
- }
- sop->ses = cse->ses;
-
-bail:
- if (error) {
- if (crie.cri_key) {
- explicit_bzero(crie.cri_key, crie.cri_klen / 8);
- free(crie.cri_key, M_XDATA, 0);
- }
- if (cria.cri_key) {
- explicit_bzero(cria.cri_key, cria.cri_klen / 8);
- free(cria.cri_key, M_XDATA, 0);
- }
- }
- break;
- case CIOCFSESSION:
- ses = *(u_int32_t *)data;
- cse = csefind(fcr, ses);
- if (cse == NULL)
- return (EINVAL);
- csedelete(fcr, cse);
- error = csefree(cse);
- break;
- case CIOCCRYPT:
- cop = (struct crypt_op *)data;
- cse = csefind(fcr, cop->ses);
- if (cse == NULL)
- return (EINVAL);
- error = cryptodev_op(cse, cop, p);
- break;
- case CIOCKEY:
- error = cryptodev_key((struct crypt_kop *)data);
- break;
- case CIOCASYMFEAT:
- error = crypto_getfeat((int *)data);
- break;
- default:
- error = EINVAL;
- }
- return (error);
-}
-
-int
-cryptodev_op(struct csession *cse, struct crypt_op *cop, struct proc *p)
-{
- struct cryptop *crp = NULL;
- struct cryptodesc *crde = NULL, *crda = NULL;
- int s, error;
- u_int32_t hid;
-
- if (cop->len > 64*1024-4)
- return (E2BIG);
-
- if (cse->txform) {
- if (cop->len == 0 || (cop->len % cse->txform->blocksize) != 0)
- return (EINVAL);
- }
-
- bzero(&cse->uio, sizeof(cse->uio));
- cse->uio.uio_iovcnt = 1;
- cse->uio.uio_segflg = UIO_SYSSPACE;
- cse->uio.uio_rw = UIO_WRITE;
- cse->uio.uio_procp = p;
- cse->uio.uio_iov = cse->iovec;
- bzero(&cse->iovec, sizeof(cse->iovec));
- cse->uio.uio_iov[0].iov_len = cop->len;
- cse->uio.uio_iov[0].iov_base = dma_alloc(cop->len, M_WAITOK);
- cse->uio.uio_resid = cse->uio.uio_iov[0].iov_len;
-
- /* number of requests, not logical and */
- crp = crypto_getreq((cse->txform != NULL) + (cse->thash != NULL));
- if (crp == NULL) {
- error = ENOMEM;
- goto bail;
- }
-
- if (cse->thash) {
- crda = crp->crp_desc;
- if (cse->txform)
- crde = crda->crd_next;
- } else {
- if (cse->txform)
- crde = crp->crp_desc;
- else {
- error = EINVAL;
- goto bail;
- }
- }
-
- if ((error = copyin(cop->src, cse->uio.uio_iov[0].iov_base, cop->len)))
- goto bail;
-
- if (crda) {
- crda->crd_skip = 0;
- crda->crd_len = cop->len;
- crda->crd_inject = 0; /* ??? */
-
- crda->crd_alg = cse->mac;
- crda->crd_key = cse->mackey;
- crda->crd_klen = cse->mackeylen * 8;
- }
-
- if (crde) {
- if (cop->op == COP_ENCRYPT)
- crde->crd_flags |= CRD_F_ENCRYPT;
- else
- crde->crd_flags &= ~CRD_F_ENCRYPT;
- crde->crd_len = cop->len;
- crde->crd_inject = 0;
-
- crde->crd_alg = cse->cipher;
- crde->crd_key = cse->key;
- crde->crd_klen = cse->keylen * 8;
- }
-
- crp->crp_ilen = cop->len;
- crp->crp_buf = (caddr_t)&cse->uio;
- crp->crp_callback = cryptodev_cb;
- crp->crp_sid = cse->sid;
- crp->crp_opaque = cse;
-
- if (cop->iv) {
- if (crde == NULL) {
- error = EINVAL;
- goto bail;
- }
- if (cse->cipher == CRYPTO_ARC4) { /* XXX use flag? */
- error = EINVAL;
- goto bail;
- }
- if ((error = copyin(cop->iv, cse->tmp_iv,
cse->txform->blocksize)))
- goto bail;
- bcopy(cse->tmp_iv, crde->crd_iv, cse->txform->blocksize);
- crde->crd_flags |= CRD_F_IV_EXPLICIT | CRD_F_IV_PRESENT;
- crde->crd_skip = 0;
- } else if (cse->cipher == CRYPTO_ARC4) { /* XXX use flag? */
- crde->crd_skip = 0;
- } else if (crde) {
- crde->crd_flags |= CRD_F_IV_PRESENT;
- crde->crd_skip = cse->txform->blocksize;
- crde->crd_len -= cse->txform->blocksize;
- }
-
- if (cop->mac) {
- if (crda == NULL) {
- error = EINVAL;
- goto bail;
- }
- crp->crp_mac = cse->tmp_mac;
- }
-
- /* try the fast path first */
- crp->crp_flags = CRYPTO_F_IOV | CRYPTO_F_NOQUEUE;
- hid = (crp->crp_sid >> 32) & 0xffffffff;
- if (hid >= crypto_drivers_num)
- goto dispatch;
- if (crypto_drivers[hid].cc_flags & CRYPTOCAP_F_SOFTWARE)
- goto dispatch;
- if (crypto_drivers[hid].cc_process == NULL)
- goto dispatch;
- error = crypto_drivers[hid].cc_process(crp);
- if (error) {
- /* clear error */
- crp->crp_etype = 0;
- goto dispatch;
- }
- goto processed;
- dispatch:
- crp->crp_flags = CRYPTO_F_IOV;
- crypto_dispatch(crp);
- processed:
- s = splnet();
- while (!(crp->crp_flags & CRYPTO_F_DONE)) {
- error = tsleep(cse, PSOCK, "crydev", 0);
- }
- splx(s);
- if (error) {
- /* XXX can this happen? if so, how do we recover? */
- goto bail;
- }
-
- if (cse->error) {
- error = cse->error;
- goto bail;
- }
- if (crp->crp_etype != 0) {
- error = crp->crp_etype;
- goto bail;
- }
-
-
- if (cop->dst &&
- (error = copyout(cse->uio.uio_iov[0].iov_base, cop->dst, cop->len)))
- goto bail;
-
- if (cop->mac &&
- (error = copyout(crp->crp_mac, cop->mac, cse->thash->authsize)))
- goto bail;
-
-bail:
- if (crp)
- crypto_freereq(crp);
- if (cse->uio.uio_iov[0].iov_base)
- dma_free(cse->uio.uio_iov[0].iov_base, cop->len);
-
- return (error);
-}
-
-int
-cryptodev_cb(struct cryptop *crp)
-{
- struct csession *cse = crp->crp_opaque;
-
- cse->error = crp->crp_etype;
- if (crp->crp_etype == EAGAIN) {
- crp->crp_flags = CRYPTO_F_IOV;
- return crypto_dispatch(crp);
- }
- wakeup(cse);
- return (0);
-}
-
-int
-cryptodevkey_cb(struct cryptkop *krp)
-{
-
- wakeup(krp);
- return (0);
-}
-
-int
-cryptodev_key(struct crypt_kop *kop)
-{
- struct cryptkop *krp = NULL;
- int error = EINVAL;
- int in, out, size, i;
-
- if (kop->crk_iparams + kop->crk_oparams > CRK_MAXPARAM) {
- return (EFBIG);
- }
-
- in = kop->crk_iparams;
- out = kop->crk_oparams;
- switch (kop->crk_op) {
- case CRK_MOD_EXP:
- if (in == 3 && out == 1)
- break;
- return (EINVAL);
- case CRK_MOD_EXP_CRT:
- if (in == 6 && out == 1)
- break;
- return (EINVAL);
- case CRK_DSA_SIGN:
- if (in == 5 && out == 2)
- break;
- return (EINVAL);
- case CRK_DSA_VERIFY:
- if (in == 7 && out == 0)
- break;
- return (EINVAL);
- case CRK_DH_COMPUTE_KEY:
- if (in == 3 && out == 1)
- break;
- return (EINVAL);
- default:
- return (EINVAL);
- }
-
- krp = malloc(sizeof *krp, M_XDATA, M_WAITOK | M_ZERO);
- krp->krp_op = kop->crk_op;
- krp->krp_status = kop->crk_status;
- krp->krp_iparams = kop->crk_iparams;
- krp->krp_oparams = kop->crk_oparams;
- krp->krp_status = 0;
- krp->krp_callback = cryptodevkey_cb;
-
- for (i = 0; i < CRK_MAXPARAM; i++) {
- krp->krp_param[i].crp_nbits = kop->crk_param[i].crp_nbits;
- if (kop->crk_param[i].crp_nbits > 65536) {
- /* XXX how big do we need to support? */
- goto fail;
- }
- }
- for (i = 0; i < krp->krp_iparams + krp->krp_oparams; i++) {
- size = (krp->krp_param[i].crp_nbits + 7) / 8;
- if (size == 0)
- continue;
- krp->krp_param[i].crp_p = malloc(size, M_XDATA, M_WAITOK);
- if (i >= krp->krp_iparams)
- continue;
- error = copyin(kop->crk_param[i].crp_p,
krp->krp_param[i].crp_p, size);
- if (error)
- goto fail;
- }
-
- error = crypto_kdispatch(krp);
- if (error)
- goto fail;
- error = tsleep(krp, PSOCK, "crydev", 0);
- if (error) {
- /* XXX can this happen? if so, how do we recover? */
- goto fail;
- }
-
- if (krp->krp_status != 0) {
- error = krp->krp_status;
- goto fail;
- }
-
- for (i = krp->krp_iparams; i < krp->krp_iparams + krp->krp_oparams;
i++) {
- size = (krp->krp_param[i].crp_nbits + 7) / 8;
- if (size == 0)
- continue;
- error = copyout(krp->krp_param[i].crp_p,
kop->crk_param[i].crp_p, size);
- if (error)
- goto fail;
- }
-
-fail:
- if (krp) {
- kop->crk_status = krp->krp_status;
- for (i = 0; i < CRK_MAXPARAM; i++) {
- if (krp->krp_param[i].crp_p) {
- explicit_bzero(krp->krp_param[i].crp_p,
- (krp->krp_param[i].crp_nbits + 7) / 8);
- free(krp->krp_param[i].crp_p, M_XDATA, 0);
- }
- }
- free(krp, M_XDATA, 0);
- }
- return (error);
-}
-
-/* ARGSUSED */
-int
-cryptof_poll(struct file *fp, int events, struct proc *p)
-{
- return (0);
-}
-
-/* ARGSUSED */
-int
-cryptof_kqfilter(struct file *fp, struct knote *kn)
-{
- return (0);
-}
-
-/* ARGSUSED */
-int
-cryptof_stat(struct file *fp, struct stat *sb, struct proc *p)
-{
- return (EOPNOTSUPP);
-}
-
-/* ARGSUSED */
-int
-cryptof_close(struct file *fp, struct proc *p)
-{
- struct fcrypt *fcr = fp->f_data;
- struct csession *cse;
-
- while ((cse = TAILQ_FIRST(&fcr->csessions))) {
- TAILQ_REMOVE(&fcr->csessions, cse, next);
- (void)csefree(cse);
- }
- free(fcr, M_XDATA, 0);
- fp->f_data = NULL;
- return 0;
-}
-
-void
-cryptoattach(int n)
-{
-}
-
-int
-cryptoopen(dev_t dev, int flag, int mode, struct proc *p)
-{
- if (usercrypto == 0)
- return (ENXIO);
-#ifdef CRYPTO
- return (0);
-#else
- return (ENXIO);
-#endif
-}
-
-int
-cryptoclose(dev_t dev, int flag, int mode, struct proc *p)
-{
- return (0);
-}
-
-int
-cryptoioctl(dev_t dev, u_long cmd, caddr_t data, int flag, struct proc *p)
-{
- struct file *f;
- struct fcrypt *fcr;
- int fd, error;
-
- switch (cmd) {
- case CRIOGET:
- fcr = malloc(sizeof(struct fcrypt), M_XDATA, M_WAITOK);
- TAILQ_INIT(&fcr->csessions);
- fcr->sesn = 0;
-
- fdplock(p->p_fd);
- error = falloc(p, &f, &fd);
- fdpunlock(p->p_fd);
- if (error) {
- free(fcr, M_XDATA, 0);
- return (error);
- }
- f->f_flag = FREAD | FWRITE;
- f->f_type = DTYPE_CRYPTO;
- f->f_ops = &cryptofops;
- f->f_data = fcr;
- *(u_int32_t *)data = fd;
- FILE_SET_MATURE(f, p);
- break;
- default:
- error = EINVAL;
- break;
- }
- return (error);
-}
-
-struct csession *
-csefind(struct fcrypt *fcr, u_int ses)
-{
- struct csession *cse;
-
- TAILQ_FOREACH(cse, &fcr->csessions, next)
- if (cse->ses == ses)
- return (cse);
- return (NULL);
-}
-
-int
-csedelete(struct fcrypt *fcr, struct csession *cse_del)
-{
- struct csession *cse;
-
- TAILQ_FOREACH(cse, &fcr->csessions, next) {
- if (cse == cse_del) {
- TAILQ_REMOVE(&fcr->csessions, cse, next);
- return (1);
- }
- }
- return (0);
-}
-
-struct csession *
-cseadd(struct fcrypt *fcr, struct csession *cse)
-{
- TAILQ_INSERT_TAIL(&fcr->csessions, cse, next);
- cse->ses = fcr->sesn++;
- return (cse);
-}
-
-struct csession *
-csecreate(struct fcrypt *fcr, u_int64_t sid, caddr_t key, u_int64_t keylen,
- caddr_t mackey, u_int64_t mackeylen, u_int32_t cipher, u_int32_t mac,
- struct enc_xform *txform, struct auth_hash *thash)
-{
- struct csession *cse;
-
- cse = malloc(sizeof(struct csession), M_XDATA, M_NOWAIT);
- if (cse == NULL)
- return NULL;
- cse->key = key;
- cse->keylen = keylen/8;
- cse->mackey = mackey;
- cse->mackeylen = mackeylen/8;
- cse->sid = sid;
- cse->cipher = cipher;
- cse->mac = mac;
- cse->txform = txform;
- cse->thash = thash;
- cseadd(fcr, cse);
- return (cse);
-}
-
-int
-csefree(struct csession *cse)
-{
- int error;
-
- error = crypto_freesession(cse->sid);
- if (cse->key)
- free(cse->key, M_XDATA, 0);
- if (cse->mackey)
- free(cse->mackey, M_XDATA, 0);
- free(cse, M_XDATA, 0);
- return (error);
-}
diff --git sys/crypto/cryptodev.h sys/crypto/cryptodev.h
index 69911e7..971fe3c 100644
--- sys/crypto/cryptodev.h
+++ sys/crypto/cryptodev.h
@@ -198,51 +198,10 @@ struct cryptop {
#define CRYPTO_BUF_MBUF 0x2
#define CRYPTO_OP_DECRYPT 0x0
#define CRYPTO_OP_ENCRYPT 0x1
-/* bignum parameter, in packed bytes, ... */
-struct crparam {
- caddr_t crp_p;
- u_int crp_nbits;
-};
-
-#define CRK_MAXPARAM 8
-
-struct crypt_kop {
- u_int crk_op; /* ie. CRK_MOD_EXP or other */
- u_int crk_status; /* return status */
- u_short crk_iparams; /* # of input parameters */
- u_short crk_oparams; /* # of output parameters */
- u_int crk_pad1;
- struct crparam crk_param[CRK_MAXPARAM];
-};
-#define CRK_MOD_EXP 0
-#define CRK_MOD_EXP_CRT 1
-#define CRK_DSA_SIGN 2
-#define CRK_DSA_VERIFY 3
-#define CRK_DH_COMPUTE_KEY 4
-#define CRK_ALGORITHM_MAX 4 /* Keep updated */
-
-#define CRF_MOD_EXP (1 << CRK_MOD_EXP)
-#define CRF_MOD_EXP_CRT (1 << CRK_MOD_EXP_CRT)
-#define CRF_DSA_SIGN (1 << CRK_DSA_SIGN)
-#define CRF_DSA_VERIFY (1 << CRK_DSA_VERIFY)
-#define CRF_DH_COMPUTE_KEY (1 << CRK_DH_COMPUTE_KEY)
-
-struct cryptkop {
- struct task krp_task;
-
- u_int krp_op; /* ie. CRK_MOD_EXP or other */
- u_int krp_status; /* return status */
- u_short krp_iparams; /* # of input parameters */
- u_short krp_oparams; /* # of output parameters */
- u_int32_t krp_hid;
- struct crparam krp_param[CRK_MAXPARAM]; /* kvm */
- int (*krp_callback)(struct cryptkop *);
-};
-
/* Crypto capabilities structure */
struct cryptocap {
u_int64_t cc_operations; /* Counter of how many ops done */
u_int64_t cc_bytes; /* Counter of how many bytes done */
u_int64_t cc_koperations; /* How many PK ops done */
@@ -250,13 +209,10 @@ struct cryptocap {
u_int32_t cc_sessions; /* How many sessions allocated */
/* Symmetric/hash algorithms supported */
int cc_alg[CRYPTO_ALGORITHM_MAX + 1];
- /* Asymmetric algorithms supported */
- int cc_kalg[CRK_ALGORITHM_MAX + 1];
-
int cc_queued; /* Operations queued */
u_int8_t cc_flags;
#define CRYPTOCAP_F_CLEANUP 0x01
#define CRYPTOCAP_F_SOFTWARE 0x02
@@ -264,11 +220,10 @@ struct cryptocap {
#define CRYPTOCAP_F_MAC_ENCRYPT 0x08 /* Can do MAC-then-encrypt (TLS) */
int (*cc_newsession) (u_int32_t *, struct cryptoini *);
int (*cc_process) (struct cryptop *);
int (*cc_freesession) (u_int64_t);
- int (*cc_kprocess) (struct cryptkop *);
};
/*
* ioctl parameter to request creation of a session.
*/
@@ -300,40 +255,21 @@ struct crypt_op {
caddr_t iv;
};
#define CRYPTO_MAX_MAC_LEN 20
-/*
- * done against open of /dev/crypto, to get a cloned descriptor.
- * Please use F_SETFD against the cloned descriptor.
- */
-#define CRIOGET _IOWR('c', 100, u_int32_t)
-
-/* the following are done against the cloned descriptor */
-#define CIOCGSESSION _IOWR('c', 101, struct session_op)
-#define CIOCFSESSION _IOW('c', 102, u_int32_t)
-#define CIOCCRYPT _IOWR('c', 103, struct crypt_op)
-#define CIOCKEY _IOWR('c', 104, struct crypt_kop)
-
-#define CIOCASYMFEAT _IOR('c', 105, u_int32_t)
-
#ifdef _KERNEL
int crypto_newsession(u_int64_t *, struct cryptoini *, int);
int crypto_freesession(u_int64_t);
int crypto_dispatch(struct cryptop *);
-int crypto_kdispatch(struct cryptkop *);
int crypto_register(u_int32_t, int *,
int (*)(u_int32_t *, struct cryptoini *), int (*)(u_int64_t),
int (*)(struct cryptop *));
-int crypto_kregister(u_int32_t, int *, int (*)(struct cryptkop *));
int crypto_unregister(u_int32_t, int);
int32_t crypto_get_driverid(u_int8_t);
int crypto_invoke(struct cryptop *);
-int crypto_kinvoke(struct cryptkop *);
void crypto_done(struct cryptop *);
-void crypto_kdone(struct cryptkop *);
-int crypto_getfeat(int *);
void cuio_copydata(struct uio *, int, int, caddr_t);
void cuio_copyback(struct uio *, int, int, const void *);
int cuio_getptr(struct uio *, int, int *);
int cuio_apply(struct uio *, int, int,
diff --git sys/kern/kern_sysctl.c sys/kern/kern_sysctl.c
index d0cd8af..0794d0e 100644
--- sys/kern/kern_sysctl.c
+++ sys/kern/kern_sysctl.c
@@ -266,15 +266,10 @@ kern_sysctl(int *name, u_int namelen, void *oldp, size_t
*oldlenp, void *newp,
dev_t dev;
extern int somaxconn, sominconn;
extern int usermount, nosuidcoredump;
extern long cp_time[CPUSTATES];
extern int stackgap_random;
-#ifdef CRYPTO
- extern int usercrypto;
- extern int userasymcrypto;
- extern int cryptodevallowsoft;
-#endif
extern int maxlocksperuid;
extern int pool_debug;
/* all sysctl names at this level are terminal except a ton of them */
if (namelen != 1) {
@@ -517,20 +512,10 @@ kern_sysctl(int *name, u_int namelen, void *oldp, size_t
*oldlenp, void *newp,
return (0);
#if defined(SYSVMSG) || defined(SYSVSEM) || defined(SYSVSHM)
case KERN_SYSVIPC_INFO:
return (sysctl_sysvipc(name + 1, namelen - 1, oldp, oldlenp));
#endif
-#ifdef CRYPTO
- case KERN_USERCRYPTO:
- return (sysctl_int(oldp, oldlenp, newp, newlen, &usercrypto));
- case KERN_USERASYMCRYPTO:
- return (sysctl_int(oldp, oldlenp, newp, newlen,
- &userasymcrypto));
- case KERN_CRYPTODEVALLOWSOFT:
- return (sysctl_int(oldp, oldlenp, newp, newlen,
- &cryptodevallowsoft));
-#endif
case KERN_SPLASSERT:
return (sysctl_int(oldp, oldlenp, newp, newlen,
&splassert_ctl));
#ifdef SYSVSEM
case KERN_SEMINFO:
diff --git sys/sys/conf.h sys/sys/conf.h
index 661a809..568e659a 100644
--- sys/sys/conf.h
+++ sys/sys/conf.h
@@ -245,16 +245,10 @@ extern struct cdevsw cdevsw[];
dev_init(c,n,open), dev_init(c,n,close), dev_init(c,n,read), \
dev_init(c,n,write), dev_init(c,n,ioctl), \
(dev_type_stop((*))) enodev, 0, seltrue, dev_init(c,n,mmap), \
0, 0, seltrue_kqfilter }
-/* open, close, read, write, ioctl, mmap */
-#define cdev_crypto_init(c,n) { \
- dev_init(c,n,open), dev_init(c,n,close), (dev_type_read((*))) enodev, \
- (dev_type_write((*))) enodev, dev_init(c,n,ioctl), (dev_type_stop((*)))
enodev, \
- 0, selfalse, (dev_type_mmap((*))) enodev }
-
/* open, close, read, write, ioctl */
#define cdev_systrace_init(c,n) { \
dev_init(c,n,open), dev_init(c,n,close), (dev_type_read((*))) enodev, \
(dev_type_write((*))) enodev, dev_init(c,n,ioctl), (dev_type_stop((*)))
enodev, \
0, selfalse, (dev_type_mmap((*))) enodev }
@@ -612,12 +606,10 @@ cdev_decl(wskbd);
cdev_decl(wsmouse);
cdev_decl(wsmux);
cdev_decl(ksyms);
-cdev_decl(crypto);
-
cdev_decl(systrace);
cdev_decl(bio);
cdev_decl(vscsi);
diff --git sys/sys/sysctl.h sys/sys/sysctl.h
index 889e997..73540f4 100644
--- sys/sys/sysctl.h
+++ sys/sys/sysctl.h
@@ -150,19 +150,19 @@ struct ctlname {
#define KERN_NPROCS 47 /* int: number of processes */
#define KERN_MSGBUF 48 /* message buffer,
KERN_MSGBUFSIZE */
#define KERN_POOL 49 /* struct: pool information */
#define KERN_STACKGAPRANDOM 50 /* int: stackgap_random */
#define KERN_SYSVIPC_INFO 51 /* struct: SysV sem/shm/msg
info */
-#define KERN_USERCRYPTO 52 /* int: usercrypto */
-#define KERN_CRYPTODEVALLOWSOFT 53 /* int: cryptodevallowsoft */
+/* was define KERN_USERCRYPTO 52 */
+/* was define KERN_CRYPTODEVALLOWSOFT 53 */
#define KERN_SPLASSERT 54 /* int: splassert */
#define KERN_PROC_ARGS 55 /* node: proc args and env */
#define KERN_NFILES 56 /* int: number of open files */
#define KERN_TTYCOUNT 57 /* int: number of tty devices */
#define KERN_NUMVNODES 58 /* int: number of vnodes in use */
#define KERN_MBSTAT 59 /* struct: mbuf statistics */
-#define KERN_USERASYMCRYPTO 60 /* int: usercrypto */
+/* was define KERN_USERASYMCRYPTO 60 */
#define KERN_SEMINFO 61 /* struct: SysV struct seminfo
*/
#define KERN_SHMINFO 62 /* struct: SysV struct shminfo
*/
#define KERN_INTRCNT 63 /* node: interrupt counters */
#define KERN_WATCHDOG 64 /* node: watchdog */
#define KERN_EMUL 65 /* node: emuls */
@@ -233,19 +233,19 @@ struct ctlname {
{ "nprocs", CTLTYPE_INT }, \
{ "msgbuf", CTLTYPE_STRUCT }, \
{ "pool", CTLTYPE_NODE }, \
{ "stackgap_random", CTLTYPE_INT }, \
{ "sysvipc_info", CTLTYPE_INT }, \
- { "usercrypto", CTLTYPE_INT }, \
- { "cryptodevallowsoft", CTLTYPE_INT }, \
+ { "gap", 0 }, \
+ { "gap", 0 }, \
{ "splassert", CTLTYPE_INT }, \
{ "procargs", CTLTYPE_NODE }, \
{ "nfiles", CTLTYPE_INT }, \
{ "ttycount", CTLTYPE_INT }, \
{ "numvnodes", CTLTYPE_INT }, \
{ "mbstat", CTLTYPE_STRUCT }, \
- { "userasymcrypto", CTLTYPE_INT }, \
+ { "gap", 0 }, \
{ "seminfo", CTLTYPE_STRUCT }, \
{ "shminfo", CTLTYPE_STRUCT }, \
{ "intrcnt", CTLTYPE_NODE }, \
{ "watchdog", CTLTYPE_NODE }, \
{ "emul", CTLTYPE_NODE }, \
