diff options
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/crypto/cryptodev.h | 56 | ||||
| -rw-r--r-- | sys/crypto/cryptosoft.c | 8 | ||||
| -rw-r--r-- | sys/crypto/des_locl.h | 3 | ||||
| -rw-r--r-- | sys/crypto/ecb_enc.c | 77 | ||||
| -rw-r--r-- | sys/crypto/set_key.c | 21 | ||||
| -rw-r--r-- | sys/crypto/xform.c | 33 | ||||
| -rw-r--r-- | sys/crypto/xform.h | 3 | ||||
| -rw-r--r-- | sys/dev/pci/hifn7751.c | 18 | ||||
| -rw-r--r-- | sys/dev/pci/safe.c | 25 | ||||
| -rw-r--r-- | sys/dev/pci/ubsec.c | 19 |
10 files changed, 48 insertions, 215 deletions
diff --git a/sys/crypto/cryptodev.h b/sys/crypto/cryptodev.h index 76d9f53ebd2..cb29bf54a22 100644 --- a/sys/crypto/cryptodev.h +++ b/sys/crypto/cryptodev.h @@ -1,4 +1,4 @@ -/* $OpenBSD: cryptodev.h,v 1.66 2015/11/13 15:29:55 naddy Exp $ */ +/* $OpenBSD: cryptodev.h,v 1.67 2015/12/10 21:00:51 naddy Exp $ */ /* * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu) @@ -72,7 +72,6 @@ #define HMAC_OPAD_VAL 0x5C /* Encryption algorithm block sizes */ -#define DES_BLOCK_LEN 8 #define DES3_BLOCK_LEN 8 #define BLOWFISH_BLOCK_LEN 8 #define CAST128_BLOCK_LEN 8 @@ -83,32 +82,31 @@ /* Maximum hash algorithm result length */ #define AALG_MAX_RESULT_LEN 64 /* Keep this updated */ -#define CRYPTO_DES_CBC 1 -#define CRYPTO_3DES_CBC 2 -#define CRYPTO_BLF_CBC 3 -#define CRYPTO_CAST_CBC 4 -#define CRYPTO_MD5_HMAC 6 -#define CRYPTO_SHA1_HMAC 7 -#define CRYPTO_RIPEMD160_HMAC 8 -#define CRYPTO_RIJNDAEL128_CBC 11 /* 128 bit blocksize */ -#define CRYPTO_AES_CBC 11 /* 128 bit blocksize -- the same as above */ -#define CRYPTO_DEFLATE_COMP 12 /* Deflate compression algorithm */ -#define CRYPTO_NULL 13 -#define CRYPTO_LZS_COMP 14 /* LZS compression algorithm */ -#define CRYPTO_SHA2_256_HMAC 15 -#define CRYPTO_SHA2_384_HMAC 16 -#define CRYPTO_SHA2_512_HMAC 17 -#define CRYPTO_AES_CTR 18 -#define CRYPTO_AES_XTS 19 -#define CRYPTO_AES_GCM_16 20 -#define CRYPTO_AES_128_GMAC 21 -#define CRYPTO_AES_192_GMAC 22 -#define CRYPTO_AES_256_GMAC 23 -#define CRYPTO_AES_GMAC 24 -#define CRYPTO_CHACHA20_POLY1305 25 -#define CRYPTO_CHACHA20_POLY1305_MAC 26 -#define CRYPTO_ESN 27 /* Support for Extended Sequence Numbers */ -#define CRYPTO_ALGORITHM_MAX 27 /* Keep updated */ +#define CRYPTO_3DES_CBC 1 +#define CRYPTO_BLF_CBC 2 +#define CRYPTO_CAST_CBC 3 +#define CRYPTO_MD5_HMAC 4 +#define CRYPTO_SHA1_HMAC 5 +#define CRYPTO_RIPEMD160_HMAC 6 +#define CRYPTO_RIJNDAEL128_CBC 7 /* 128 bit blocksize */ +#define CRYPTO_AES_CBC 7 /* 128 bit blocksize -- the same as above */ +#define CRYPTO_DEFLATE_COMP 8 /* Deflate compression algorithm */ +#define CRYPTO_NULL 9 +#define CRYPTO_LZS_COMP 10 /* LZS compression algorithm */ +#define CRYPTO_SHA2_256_HMAC 11 +#define CRYPTO_SHA2_384_HMAC 12 +#define CRYPTO_SHA2_512_HMAC 13 +#define CRYPTO_AES_CTR 14 +#define CRYPTO_AES_XTS 15 +#define CRYPTO_AES_GCM_16 16 +#define CRYPTO_AES_128_GMAC 17 +#define CRYPTO_AES_192_GMAC 18 +#define CRYPTO_AES_256_GMAC 19 +#define CRYPTO_AES_GMAC 20 +#define CRYPTO_CHACHA20_POLY1305 21 +#define CRYPTO_CHACHA20_POLY1305_MAC 22 +#define CRYPTO_ESN 23 /* Support for Extended Sequence Numbers */ +#define CRYPTO_ALGORITHM_MAX 23 /* Keep updated */ /* Algorithm flags */ #define CRYPTO_ALG_FLAG_SUPPORTED 0x01 /* Algorithm is supported */ @@ -220,7 +218,7 @@ struct cryptocap { * ioctl parameter to request creation of a session. */ struct session_op { - u_int32_t cipher; /* ie. CRYPTO_DES_CBC */ + u_int32_t cipher; /* ie. CRYPTO_AES_CBC */ u_int32_t mac; /* ie. CRYPTO_MD5_HMAC */ u_int32_t keylen; /* cipher key */ diff --git a/sys/crypto/cryptosoft.c b/sys/crypto/cryptosoft.c index 3c7d72dfb45..241c0858b32 100644 --- a/sys/crypto/cryptosoft.c +++ b/sys/crypto/cryptosoft.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cryptosoft.c,v 1.79 2015/11/18 12:23:14 mikeb Exp $ */ +/* $OpenBSD: cryptosoft.c,v 1.80 2015/12/10 21:00:51 naddy Exp $ */ /* * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu) @@ -789,9 +789,6 @@ swcr_newsession(u_int32_t *sid, struct cryptoini *cri) } switch (cri->cri_alg) { - case CRYPTO_DES_CBC: - txf = &enc_xform_des; - goto enccommon; case CRYPTO_3DES_CBC: txf = &enc_xform_3des; goto enccommon; @@ -963,7 +960,6 @@ swcr_freesession(u_int64_t tid) swcr_sessions[sid] = swd->sw_next; switch (swd->sw_alg) { - case CRYPTO_DES_CBC: case CRYPTO_3DES_CBC: case CRYPTO_BLF_CBC: case CRYPTO_CAST_CBC: @@ -1075,7 +1071,6 @@ swcr_process(struct cryptop *crp) switch (sw->sw_alg) { case CRYPTO_NULL: break; - case CRYPTO_DES_CBC: case CRYPTO_3DES_CBC: case CRYPTO_BLF_CBC: case CRYPTO_CAST_CBC: @@ -1144,7 +1139,6 @@ swcr_init(void) bzero(algs, sizeof(algs)); - algs[CRYPTO_DES_CBC] = CRYPTO_ALG_FLAG_SUPPORTED; algs[CRYPTO_3DES_CBC] = CRYPTO_ALG_FLAG_SUPPORTED; algs[CRYPTO_BLF_CBC] = CRYPTO_ALG_FLAG_SUPPORTED; algs[CRYPTO_CAST_CBC] = CRYPTO_ALG_FLAG_SUPPORTED; diff --git a/sys/crypto/des_locl.h b/sys/crypto/des_locl.h index 7e1ea27fba2..a9f38010692 100644 --- a/sys/crypto/des_locl.h +++ b/sys/crypto/des_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: des_locl.h,v 1.6 2015/01/16 15:29:45 tedu Exp $ */ +/* $OpenBSD: des_locl.h,v 1.7 2015/12/10 21:00:51 naddy Exp $ */ /* lib/des/des_locl.h */ /* Copyright (C) 1995 Eric Young (eay@mincom.oz.au) @@ -68,7 +68,6 @@ typedef struct des_ks_struct #define DES_SCHEDULE_SZ (sizeof(des_key_schedule)) -void des_encrypt(u_int32_t *data,des_key_schedule ks, int enc); void des_encrypt2(u_int32_t *data,des_key_schedule ks, int enc); diff --git a/sys/crypto/ecb_enc.c b/sys/crypto/ecb_enc.c index a68cfdc8ea3..fa20c81f4fb 100644 --- a/sys/crypto/ecb_enc.c +++ b/sys/crypto/ecb_enc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ecb_enc.c,v 1.5 2015/01/15 23:26:40 tedu Exp $ */ +/* $OpenBSD: ecb_enc.c,v 1.6 2015/12/10 21:00:51 naddy Exp $ */ /* lib/des/ecb_enc.c */ /* Copyright (C) 1995 Eric Young (eay@mincom.oz.au) @@ -51,81 +51,6 @@ #include "spr.h" void -des_ecb_encrypt(des_cblock (*input), des_cblock (*output), des_key_schedule ks, - int encrypt) -{ - register u_int32_t l0, l1; - register unsigned char *in, *out; - u_int32_t ll[2]; - - in = (unsigned char *) input; - out = (unsigned char *) output; - c2l(in, l0); - ll[0] = l0; - c2l(in, l1); - ll[1] = l1; - des_encrypt(ll, ks, encrypt); - l0 = ll[0]; - l2c(l0, out); - l1 = ll[1]; - l2c(l1, out); - l0 = l1 = ll[0] = ll[1] = 0; -} - -void -des_encrypt(u_int32_t *data, des_key_schedule ks, int encrypt) -{ - register u_int32_t l, r, t, u; -#ifdef DES_USE_PTR - register unsigned char *des_SP=(unsigned char *)des_SPtrans; -#endif - register int i; - register u_int32_t *s; - - u = data[0]; - r = data[1]; - - IP(u, r); - /* Things have been modified so that the initial rotate is - * done outside the loop. This required the - * des_SPtrans values in sp.h to be rotated 1 bit to the right. - * One perl script later and things have a 5% speed up on a sparc2. - * Thanks to Richard Outerbridge <71755.204@CompuServe.COM> - * for pointing this out. */ - l = (r << 1) | (r >> 31); - r = (u << 1) | (u >> 31); - - /* clear the top bits on machines with 8byte longs */ - l &= 0xffffffffL; - r &= 0xffffffffL; - - s = (u_int32_t *) ks; - /* I don't know if it is worth the effort of loop unrolling the - * inner loop */ - if (encrypt) { - for (i = 0; i < 32; i += 4) { - D_ENCRYPT(l, r, i + 0); /* 1 */ - D_ENCRYPT(r, l, i + 2); /* 2 */ - } - } else { - for (i = 30; i > 0; i -= 4) { - D_ENCRYPT(l, r, i - 0); /* 16 */ - D_ENCRYPT(r, l, i - 2); /* 15 */ - } - } - l = (l >> 1) | (l << 31); - r = (r >> 1) | (r << 31); - /* clear the top bits on machines with 8byte longs */ - l &= 0xffffffffL; - r &= 0xffffffffL; - - FP(r, l); - data[0] = l; - data[1] = r; - l = r = t = u = 0; -} - -void des_encrypt2(u_int32_t *data, des_key_schedule ks, int encrypt) { register u_int32_t l, r, t, u; diff --git a/sys/crypto/set_key.c b/sys/crypto/set_key.c index cceb3fb5d67..fcc3174d372 100644 --- a/sys/crypto/set_key.c +++ b/sys/crypto/set_key.c @@ -1,4 +1,4 @@ -/* $OpenBSD: set_key.c,v 1.3 2013/11/18 18:49:53 brad Exp $ */ +/* $OpenBSD: set_key.c,v 1.4 2015/12/10 21:00:51 naddy Exp $ */ /* lib/des/set_key.c */ /* Copyright (C) 1995 Eric Young (eay@mincom.oz.au) @@ -58,23 +58,10 @@ #include "podd.h" #include "sk.h" -#ifdef PROTO static int check_parity(des_cblock (*key)); -#else -static int check_parity(); -#endif int des_check_key=0; -void -des_set_odd_parity(des_cblock (*key)) -{ - int i; - - for (i = 0; i < DES_KEY_SZ; i++) - (*key)[i] = odd_parity[(*key)[i]]; -} - static int check_parity(des_cblock (*key)) { @@ -225,9 +212,3 @@ des_set_key(des_cblock (*key), des_key_schedule schedule) } return (0); } - -int -des_key_sched(des_cblock (*key), des_key_schedule schedule) -{ - return (des_set_key(key, schedule)); -} diff --git a/sys/crypto/xform.c b/sys/crypto/xform.c index 6d16a025f46..c5f1e988053 100644 --- a/sys/crypto/xform.c +++ b/sys/crypto/xform.c @@ -1,4 +1,4 @@ -/* $OpenBSD: xform.c,v 1.53 2015/11/13 15:29:55 naddy Exp $ */ +/* $OpenBSD: xform.c,v 1.54 2015/12/10 21:00:51 naddy Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr), @@ -66,10 +66,8 @@ #include <crypto/chachapoly.h> extern void des_ecb3_encrypt(caddr_t, caddr_t, caddr_t, caddr_t, caddr_t, int); -extern void des_ecb_encrypt(caddr_t, caddr_t, caddr_t, int); int des_set_key(void *, caddr_t); -int des1_setkey(void *, u_int8_t *, int); int des3_setkey(void *, u_int8_t *, int); int blf_setkey(void *, u_int8_t *, int); int cast5_setkey(void *, u_int8_t *, int); @@ -78,7 +76,6 @@ int aes_ctr_setkey(void *, u_int8_t *, int); int aes_xts_setkey(void *, u_int8_t *, int); int null_setkey(void *, u_int8_t *, int); -void des1_encrypt(caddr_t, u_int8_t *); void des3_encrypt(caddr_t, u_int8_t *); void blf_encrypt(caddr_t, u_int8_t *); void cast5_encrypt(caddr_t, u_int8_t *); @@ -86,7 +83,6 @@ void rijndael128_encrypt(caddr_t, u_int8_t *); void null_encrypt(caddr_t, u_int8_t *); void aes_xts_encrypt(caddr_t, u_int8_t *); -void des1_decrypt(caddr_t, u_int8_t *); void des3_decrypt(caddr_t, u_int8_t *); void blf_decrypt(caddr_t, u_int8_t *); void cast5_decrypt(caddr_t, u_int8_t *); @@ -135,15 +131,6 @@ struct aes_xts_ctx { void aes_xts_crypt(struct aes_xts_ctx *, u_int8_t *, u_int); /* Encryption instances */ -struct enc_xform enc_xform_des = { - CRYPTO_DES_CBC, "DES", - 8, 8, 8, 8, 128, - des1_encrypt, - des1_decrypt, - des1_setkey, - NULL -}; - struct enc_xform enc_xform_3des = { CRYPTO_3DES_CBC, "3DES", 8, 8, 24, 24, 384, @@ -337,24 +324,6 @@ struct comp_algo comp_algo_lzs = { * Encryption wrapper routines. */ void -des1_encrypt(caddr_t key, u_int8_t *blk) -{ - des_ecb_encrypt(blk, blk, key, 1); -} - -void -des1_decrypt(caddr_t key, u_int8_t *blk) -{ - des_ecb_encrypt(blk, blk, key, 0); -} - -int -des1_setkey(void *sched, u_int8_t *key, int len) -{ - return des_set_key(key, sched); -} - -void des3_encrypt(caddr_t key, u_int8_t *blk) { des_ecb3_encrypt(blk, blk, key, key + 128, key + 256, 1); diff --git a/sys/crypto/xform.h b/sys/crypto/xform.h index a8417b77991..33d479d06bc 100644 --- a/sys/crypto/xform.h +++ b/sys/crypto/xform.h @@ -1,4 +1,4 @@ -/* $OpenBSD: xform.h,v 1.27 2015/11/13 15:29:55 naddy Exp $ */ +/* $OpenBSD: xform.h,v 1.28 2015/12/10 21:00:51 naddy Exp $ */ /* * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu) @@ -76,7 +76,6 @@ union authctx { AES_GMAC_CTX aes_gmac_ctx; }; -extern struct enc_xform enc_xform_des; extern struct enc_xform enc_xform_3des; extern struct enc_xform enc_xform_blf; extern struct enc_xform enc_xform_cast5; diff --git a/sys/dev/pci/hifn7751.c b/sys/dev/pci/hifn7751.c index 45a163c9181..e3331572720 100644 --- a/sys/dev/pci/hifn7751.c +++ b/sys/dev/pci/hifn7751.c @@ -1,4 +1,4 @@ -/* $OpenBSD: hifn7751.c,v 1.173 2015/11/13 15:29:55 naddy Exp $ */ +/* $OpenBSD: hifn7751.c,v 1.174 2015/12/10 21:00:51 naddy Exp $ */ /* * Invertex AEON / Hifn 7751 driver @@ -295,7 +295,6 @@ hifn_attach(struct device *parent, struct device *self, void *aux) case HIFN_PUSTAT_ENA_1: algs[CRYPTO_MD5_HMAC] = CRYPTO_ALG_FLAG_SUPPORTED; algs[CRYPTO_SHA1_HMAC] = CRYPTO_ALG_FLAG_SUPPORTED; - algs[CRYPTO_DES_CBC] = CRYPTO_ALG_FLAG_SUPPORTED; } if (sc->sc_flags & HIFN_HAS_AES) algs[CRYPTO_AES_CBC] = CRYPTO_ALG_FLAG_SUPPORTED; @@ -1866,7 +1865,6 @@ hifn_newsession(u_int32_t *sidp, struct cryptoini *cri) return (EINVAL); mac = 1; break; - case CRYPTO_DES_CBC: case CRYPTO_3DES_CBC: case CRYPTO_AES_CBC: if (cry) @@ -1983,8 +1981,7 @@ hifn_process(struct cryptop *crp) crd1->crd_alg == CRYPTO_SHA1_HMAC) { maccrd = crd1; enccrd = NULL; - } else if (crd1->crd_alg == CRYPTO_DES_CBC || - crd1->crd_alg == CRYPTO_3DES_CBC || + } else if (crd1->crd_alg == CRYPTO_3DES_CBC || crd1->crd_alg == CRYPTO_AES_CBC) { if ((crd1->crd_flags & CRD_F_ENCRYPT) == 0) cmd->base_masks |= HIFN_BASE_CMD_DECODE; @@ -1999,15 +1996,13 @@ hifn_process(struct cryptop *crp) } else { if ((crd1->crd_alg == CRYPTO_MD5_HMAC || crd1->crd_alg == CRYPTO_SHA1_HMAC) && - (crd2->crd_alg == CRYPTO_DES_CBC || - crd2->crd_alg == CRYPTO_3DES_CBC || + (crd2->crd_alg == CRYPTO_3DES_CBC || crd2->crd_alg == CRYPTO_AES_CBC) && ((crd2->crd_flags & CRD_F_ENCRYPT) == 0)) { cmd->base_masks = HIFN_BASE_CMD_DECODE; maccrd = crd1; enccrd = crd2; - } else if ((crd1->crd_alg == CRYPTO_DES_CBC || - crd1->crd_alg == CRYPTO_3DES_CBC || + } else if ((crd1->crd_alg == CRYPTO_3DES_CBC || crd1->crd_alg == CRYPTO_AES_CBC) && (crd2->crd_alg == CRYPTO_MD5_HMAC || crd2->crd_alg == CRYPTO_SHA1_HMAC) && @@ -2027,11 +2022,6 @@ hifn_process(struct cryptop *crp) cmd->enccrd = enccrd; cmd->base_masks |= HIFN_BASE_CMD_CRYPT; switch (enccrd->crd_alg) { - case CRYPTO_DES_CBC: - cmd->cry_masks |= HIFN_CRYPT_CMD_ALG_DES | - HIFN_CRYPT_CMD_MODE_CBC | - HIFN_CRYPT_CMD_NEW_IV; - break; case CRYPTO_3DES_CBC: cmd->cry_masks |= HIFN_CRYPT_CMD_ALG_3DES | HIFN_CRYPT_CMD_MODE_CBC | diff --git a/sys/dev/pci/safe.c b/sys/dev/pci/safe.c index 73053f62192..44bf9f0edc9 100644 --- a/sys/dev/pci/safe.c +++ b/sys/dev/pci/safe.c @@ -1,4 +1,4 @@ -/* $OpenBSD: safe.c,v 1.40 2015/07/16 16:12:15 mpi Exp $ */ +/* $OpenBSD: safe.c,v 1.41 2015/12/10 21:00:51 naddy Exp $ */ /*- * Copyright (c) 2003 Sam Leffler, Errno Consulting @@ -253,7 +253,6 @@ safe_attach(struct device *parent, struct device *self, void *aux) if (devinfo & SAFE_DEVINFO_DES) { printf(" 3DES"); algs[CRYPTO_3DES_CBC] = CRYPTO_ALG_FLAG_SUPPORTED; - algs[CRYPTO_DES_CBC] = CRYPTO_ALG_FLAG_SUPPORTED; } if (devinfo & SAFE_DEVINFO_AES) { printf(" AES"); @@ -377,8 +376,7 @@ safe_process(struct cryptop *crp) maccrd = crd1; enccrd = NULL; cmd0 |= SAFE_SA_CMD0_OP_HASH; - } else if (crd1->crd_alg == CRYPTO_DES_CBC || - crd1->crd_alg == CRYPTO_3DES_CBC || + } else if (crd1->crd_alg == CRYPTO_3DES_CBC || crd1->crd_alg == CRYPTO_AES_CBC) { maccrd = NULL; enccrd = crd1; @@ -391,14 +389,12 @@ safe_process(struct cryptop *crp) } else { if ((crd1->crd_alg == CRYPTO_MD5_HMAC || crd1->crd_alg == CRYPTO_SHA1_HMAC) && - (crd2->crd_alg == CRYPTO_DES_CBC || - crd2->crd_alg == CRYPTO_3DES_CBC || + (crd2->crd_alg == CRYPTO_3DES_CBC || crd2->crd_alg == CRYPTO_AES_CBC) && ((crd2->crd_flags & CRD_F_ENCRYPT) == 0)) { maccrd = crd1; enccrd = crd2; - } else if ((crd1->crd_alg == CRYPTO_DES_CBC || - crd1->crd_alg == CRYPTO_3DES_CBC || + } else if ((crd1->crd_alg == CRYPTO_3DES_CBC || crd1->crd_alg == CRYPTO_AES_CBC) && (crd2->crd_alg == CRYPTO_MD5_HMAC || crd2->crd_alg == CRYPTO_SHA1_HMAC) && @@ -414,11 +410,7 @@ safe_process(struct cryptop *crp) } if (enccrd) { - if (enccrd->crd_alg == CRYPTO_DES_CBC) { - cmd0 |= SAFE_SA_CMD0_DES; - cmd1 |= SAFE_SA_CMD1_CBC; - ivsize = 2*sizeof(u_int32_t); - } else if (enccrd->crd_alg == CRYPTO_3DES_CBC) { + if (enccrd->crd_alg == CRYPTO_3DES_CBC) { cmd0 |= SAFE_SA_CMD0_3DES; cmd1 |= SAFE_SA_CMD1_CBC; ivsize = 2*sizeof(u_int32_t); @@ -1279,8 +1271,7 @@ safe_newsession(u_int32_t *sidp, struct cryptoini *cri) if (macini) return (EINVAL); macini = c; - } else if (c->cri_alg == CRYPTO_DES_CBC || - c->cri_alg == CRYPTO_3DES_CBC || + } else if (c->cri_alg == CRYPTO_3DES_CBC || c->cri_alg == CRYPTO_AES_CBC) { if (encini) return (EINVAL); @@ -1292,10 +1283,6 @@ safe_newsession(u_int32_t *sidp, struct cryptoini *cri) return (EINVAL); if (encini) { /* validate key length */ switch (encini->cri_alg) { - case CRYPTO_DES_CBC: - if (encini->cri_klen != 64) - return (EINVAL); - break; case CRYPTO_3DES_CBC: if (encini->cri_klen != 192) return (EINVAL); diff --git a/sys/dev/pci/ubsec.c b/sys/dev/pci/ubsec.c index 9a4d79f42b0..a54257c0623 100644 --- a/sys/dev/pci/ubsec.c +++ b/sys/dev/pci/ubsec.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ubsec.c,v 1.160 2014/08/15 15:37:51 mikeb Exp $ */ +/* $OpenBSD: ubsec.c,v 1.161 2015/12/10 21:00:51 naddy Exp $ */ /* * Copyright (c) 2000 Jason L. Wright (jason@thought.net) @@ -267,7 +267,6 @@ ubsec_attach(struct device *parent, struct device *self, void *aux) bzero(algs, sizeof(algs)); algs[CRYPTO_3DES_CBC] = CRYPTO_ALG_FLAG_SUPPORTED; - algs[CRYPTO_DES_CBC] = CRYPTO_ALG_FLAG_SUPPORTED; algs[CRYPTO_MD5_HMAC] = CRYPTO_ALG_FLAG_SUPPORTED; algs[CRYPTO_SHA1_HMAC] = CRYPTO_ALG_FLAG_SUPPORTED; if (sc->sc_flags & UBS_FLAGS_AES) @@ -627,8 +626,7 @@ ubsec_newsession(u_int32_t *sidp, struct cryptoini *cri) if (macini) return (EINVAL); macini = c; - } else if (c->cri_alg == CRYPTO_DES_CBC || - c->cri_alg == CRYPTO_3DES_CBC || + } else if (c->cri_alg == CRYPTO_3DES_CBC || c->cri_alg == CRYPTO_AES_CBC) { if (encini) return (EINVAL); @@ -689,10 +687,6 @@ ubsec_newsession(u_int32_t *sidp, struct cryptoini *cri) if (encini->cri_alg == CRYPTO_AES_CBC) { bcopy(encini->cri_key, ses->ses_key, encini->cri_klen / 8); - } else if (encini->cri_alg == CRYPTO_DES_CBC) { - bcopy(encini->cri_key, &ses->ses_key[0], 8); - bcopy(encini->cri_key, &ses->ses_key[2], 8); - bcopy(encini->cri_key, &ses->ses_key[4], 8); } else bcopy(encini->cri_key, ses->ses_key, 24); @@ -853,8 +847,7 @@ ubsec_process(struct cryptop *crp) crd1->crd_alg == CRYPTO_SHA1_HMAC) { maccrd = crd1; enccrd = NULL; - } else if (crd1->crd_alg == CRYPTO_DES_CBC || - crd1->crd_alg == CRYPTO_3DES_CBC || + } else if (crd1->crd_alg == CRYPTO_3DES_CBC || crd1->crd_alg == CRYPTO_AES_CBC) { maccrd = NULL; enccrd = crd1; @@ -865,14 +858,12 @@ ubsec_process(struct cryptop *crp) } else { if ((crd1->crd_alg == CRYPTO_MD5_HMAC || crd1->crd_alg == CRYPTO_SHA1_HMAC) && - (crd2->crd_alg == CRYPTO_DES_CBC || - crd2->crd_alg == CRYPTO_3DES_CBC || + (crd2->crd_alg == CRYPTO_3DES_CBC || crd2->crd_alg == CRYPTO_AES_CBC) && ((crd2->crd_flags & CRD_F_ENCRYPT) == 0)) { maccrd = crd1; enccrd = crd2; - } else if ((crd1->crd_alg == CRYPTO_DES_CBC || - crd1->crd_alg == CRYPTO_3DES_CBC || + } else if ((crd1->crd_alg == CRYPTO_3DES_CBC || crd1->crd_alg == CRYPTO_AES_CBC) && (crd2->crd_alg == CRYPTO_MD5_HMAC || crd2->crd_alg == CRYPTO_SHA1_HMAC) && |