diff options
| -rw-r--r-- | sys/crypto/cryptodev.h | 4 | ||||
| -rw-r--r-- | sys/crypto/cryptosoft.c | 60 | ||||
| -rw-r--r-- | sys/crypto/xform.c | 18 | ||||
| -rw-r--r-- | sys/crypto/xform.h | 4 | ||||
| -rw-r--r-- | sys/net/pfkeyv2.h | 6 | ||||
| -rw-r--r-- | sys/net/pfkeyv2_convert.c | 10 | ||||
| -rw-r--r-- | sys/netinet/ip_ah.c | 20 |
7 files changed, 9 insertions, 113 deletions
diff --git a/sys/crypto/cryptodev.h b/sys/crypto/cryptodev.h index be6a8b2aebc..f4af569b728 100644 --- a/sys/crypto/cryptodev.h +++ b/sys/crypto/cryptodev.h @@ -1,4 +1,4 @@ -/* $OpenBSD: cryptodev.h,v 1.59 2014/08/20 06:23:03 mikeb Exp $ */ +/* $OpenBSD: cryptodev.h,v 1.60 2014/12/28 10:02:37 tedu Exp $ */ /* * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu) @@ -89,8 +89,6 @@ #define CRYPTO_MD5_HMAC 6 #define CRYPTO_SHA1_HMAC 7 #define CRYPTO_RIPEMD160_HMAC 8 -#define CRYPTO_MD5_KPDK 9 -#define CRYPTO_SHA1_KPDK 10 #define CRYPTO_RIJNDAEL128_CBC 11 /* 128 bit blocksize */ #define CRYPTO_AES_CBC 11 /* 128 bit blocksize -- the same as above */ #define CRYPTO_ARC4 12 diff --git a/sys/crypto/cryptosoft.c b/sys/crypto/cryptosoft.c index 8715bed9e4f..2f5166b681a 100644 --- a/sys/crypto/cryptosoft.c +++ b/sys/crypto/cryptosoft.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cryptosoft.c,v 1.71 2014/07/13 23:24:47 deraadt Exp $ */ +/* $OpenBSD: cryptosoft.c,v 1.72 2014/12/28 10:02:37 tedu Exp $ */ /* * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu) @@ -465,15 +465,6 @@ swcr_authcompute(struct cryptop *crp, struct cryptodesc *crd, axf->Final(aalg, &ctx); break; - case CRYPTO_MD5_KPDK: - case CRYPTO_SHA1_KPDK: - if (sw->sw_octx == NULL) - return EINVAL; - - axf->Update(&ctx, sw->sw_octx, sw->sw_klen); - axf->Final(aalg, &ctx); - break; - case CRYPTO_MD5: case CRYPTO_SHA1: axf->Final(aalg, &ctx); @@ -895,37 +886,6 @@ swcr_newsession(u_int32_t *sid, struct cryptoini *cri) (*swd)->sw_axf = axf; break; - case CRYPTO_MD5_KPDK: - axf = &auth_hash_key_md5; - goto auth2common; - - case CRYPTO_SHA1_KPDK: - axf = &auth_hash_key_sha1; - auth2common: - (*swd)->sw_ictx = malloc(axf->ctxsize, M_CRYPTO_DATA, - M_NOWAIT); - if ((*swd)->sw_ictx == NULL) { - swcr_freesession(i); - return ENOBUFS; - } - - /* Store the key so we can "append" it to the payload */ - (*swd)->sw_octx = malloc(cri->cri_klen / 8, M_CRYPTO_DATA, - M_NOWAIT); - if ((*swd)->sw_octx == NULL) { - swcr_freesession(i); - return ENOBUFS; - } - - (*swd)->sw_klen = cri->cri_klen / 8; - bcopy(cri->cri_key, (*swd)->sw_octx, cri->cri_klen / 8); - axf->Init((*swd)->sw_ictx); - axf->Update((*swd)->sw_ictx, cri->cri_key, - cri->cri_klen / 8); - axf->Final(NULL, (*swd)->sw_ictx); - (*swd)->sw_axf = axf; - break; - case CRYPTO_MD5: axf = &auth_hash_md5; goto auth3common; @@ -1045,20 +1005,6 @@ swcr_freesession(u_int64_t tid) } break; - case CRYPTO_MD5_KPDK: - case CRYPTO_SHA1_KPDK: - axf = swd->sw_axf; - - if (swd->sw_ictx) { - explicit_bzero(swd->sw_ictx, axf->ctxsize); - free(swd->sw_ictx, M_CRYPTO_DATA, 0); - } - if (swd->sw_octx) { - explicit_bzero(swd->sw_octx, swd->sw_klen); - free(swd->sw_octx, M_CRYPTO_DATA, 0); - } - break; - case CRYPTO_AES_128_GMAC: case CRYPTO_AES_192_GMAC: case CRYPTO_AES_256_GMAC: @@ -1152,8 +1098,6 @@ swcr_process(struct cryptop *crp) case CRYPTO_SHA2_256_HMAC: case CRYPTO_SHA2_384_HMAC: case CRYPTO_SHA2_512_HMAC: - case CRYPTO_MD5_KPDK: - case CRYPTO_SHA1_KPDK: case CRYPTO_MD5: case CRYPTO_SHA1: if ((crp->crp_etype = swcr_authcompute(crp, crd, sw, @@ -1214,8 +1158,6 @@ swcr_init(void) algs[CRYPTO_MD5_HMAC] = CRYPTO_ALG_FLAG_SUPPORTED; algs[CRYPTO_SHA1_HMAC] = CRYPTO_ALG_FLAG_SUPPORTED; algs[CRYPTO_RIPEMD160_HMAC] = CRYPTO_ALG_FLAG_SUPPORTED; - algs[CRYPTO_MD5_KPDK] = CRYPTO_ALG_FLAG_SUPPORTED; - algs[CRYPTO_SHA1_KPDK] = CRYPTO_ALG_FLAG_SUPPORTED; algs[CRYPTO_MD5] = CRYPTO_ALG_FLAG_SUPPORTED; algs[CRYPTO_SHA1] = CRYPTO_ALG_FLAG_SUPPORTED; algs[CRYPTO_RIJNDAEL128_CBC] = CRYPTO_ALG_FLAG_SUPPORTED; diff --git a/sys/crypto/xform.c b/sys/crypto/xform.c index 475ee21bebf..55957518b3f 100644 --- a/sys/crypto/xform.c +++ b/sys/crypto/xform.c @@ -1,4 +1,4 @@ -/* $OpenBSD: xform.c,v 1.44 2013/08/25 14:26:56 jsing Exp $ */ +/* $OpenBSD: xform.c,v 1.45 2014/12/28 10:02:37 tedu Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr), @@ -314,22 +314,6 @@ struct auth_hash auth_hash_gmac_aes_256 = { (void (*)(u_int8_t *, void *)) AES_GMAC_Final }; -struct auth_hash auth_hash_key_md5 = { - CRYPTO_MD5_KPDK, "Keyed MD5", - 0, 16, 16, sizeof(MD5_CTX), 0, - (void (*)(void *)) MD5Init, NULL, NULL, - MD5Update_int, - (void (*)(u_int8_t *, void *)) MD5Final -}; - -struct auth_hash auth_hash_key_sha1 = { - CRYPTO_SHA1_KPDK, "Keyed SHA1", - 0, 20, 20, sizeof(SHA1_CTX), 0, - (void (*)(void *)) SHA1Init, NULL, NULL, - SHA1Update_int, - (void (*)(u_int8_t *, void *)) SHA1Final -}; - struct auth_hash auth_hash_md5 = { CRYPTO_MD5, "MD5", 0, 16, 16, sizeof(MD5_CTX), 0, diff --git a/sys/crypto/xform.h b/sys/crypto/xform.h index 6547cf8b29b..0e7678c49af 100644 --- a/sys/crypto/xform.h +++ b/sys/crypto/xform.h @@ -1,4 +1,4 @@ -/* $OpenBSD: xform.h,v 1.23 2013/08/25 14:26:56 jsing Exp $ */ +/* $OpenBSD: xform.h,v 1.24 2014/12/28 10:02:37 tedu Exp $ */ /* * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu) @@ -90,8 +90,6 @@ extern struct enc_xform enc_xform_null; extern struct auth_hash auth_hash_md5; extern struct auth_hash auth_hash_sha1; -extern struct auth_hash auth_hash_key_md5; -extern struct auth_hash auth_hash_key_sha1; extern struct auth_hash auth_hash_hmac_md5_96; extern struct auth_hash auth_hash_hmac_sha1_96; extern struct auth_hash auth_hash_hmac_ripemd_160_96; diff --git a/sys/net/pfkeyv2.h b/sys/net/pfkeyv2.h index ace99172939..cf915b3cfb7 100644 --- a/sys/net/pfkeyv2.h +++ b/sys/net/pfkeyv2.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pfkeyv2.h,v 1.64 2013/10/24 18:50:16 deraadt Exp $ */ +/* $OpenBSD: pfkeyv2.h,v 1.65 2014/12/28 10:02:37 tedu Exp $ */ /* * @(#)COPYRIGHT 1.1 (NRL) January 1998 * @@ -300,9 +300,7 @@ struct sadb_x_tap { #define SADB_X_AALG_AES128GMAC 9 #define SADB_X_AALG_AES192GMAC 10 #define SADB_X_AALG_AES256GMAC 11 -#define SADB_X_AALG_MD5 249 -#define SADB_X_AALG_SHA1 250 -#define SADB_AALG_MAX 250 +#define SADB_AALG_MAX 11 #define SADB_EALG_NONE 0 #define SADB_X_EALG_DES_IV64 1 diff --git a/sys/net/pfkeyv2_convert.c b/sys/net/pfkeyv2_convert.c index b6e4c65a5df..fd1d341dac5 100644 --- a/sys/net/pfkeyv2_convert.c +++ b/sys/net/pfkeyv2_convert.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfkeyv2_convert.c,v 1.44 2014/12/19 17:14:40 tedu Exp $ */ +/* $OpenBSD: pfkeyv2_convert.c,v 1.45 2014/12/28 10:02:37 tedu Exp $ */ /* * The author of this code is Angelos D. Keromytis (angelos@keromytis.org) * @@ -214,14 +214,6 @@ export_sa(void **p, struct tdb *tdb) case CRYPTO_AES_256_GMAC: sadb_sa->sadb_sa_auth = SADB_X_AALG_AES256GMAC; break; - - case CRYPTO_MD5_KPDK: - sadb_sa->sadb_sa_auth = SADB_X_AALG_MD5; - break; - - case CRYPTO_SHA1_KPDK: - sadb_sa->sadb_sa_auth = SADB_X_AALG_SHA1; - break; } } diff --git a/sys/netinet/ip_ah.c b/sys/netinet/ip_ah.c index 58f2e23d4d1..f66ea31c495 100644 --- a/sys/netinet/ip_ah.c +++ b/sys/netinet/ip_ah.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ah.c,v 1.113 2014/12/19 17:14:40 tedu Exp $ */ +/* $OpenBSD: ip_ah.c,v 1.114 2014/12/28 10:02:37 tedu Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr) and @@ -129,14 +129,6 @@ ah_init(struct tdb *tdbp, struct xformsw *xsp, struct ipsecinit *ii) thash = &auth_hash_hmac_sha2_512_256; break; - case SADB_X_AALG_MD5: - thash = &auth_hash_key_md5; - break; - - case SADB_X_AALG_SHA1: - thash = &auth_hash_key_sha1; - break; - default: DPRINTF(("ah_init(): unsupported authentication algorithm %d specified\n", ii->ii_authalg)); return EINVAL; @@ -232,15 +224,7 @@ ah_massage_headers(struct mbuf **m0, int proto, int skip, int alg, int out) ip->ip_tos = 0; ip->ip_ttl = 0; ip->ip_sum = 0; - - /* - * On input, fix ip_len which has been byte-swapped - * at ip_input(). - */ - if (alg == CRYPTO_MD5_KPDK || alg == CRYPTO_SHA1_KPDK) - ip->ip_off &= htons(IP_DF); - else - ip->ip_off = 0; + ip->ip_off = 0; ptr = mtod(m, unsigned char *) + sizeof(struct ip); |