We just removed DES support from IPsec and there are no other users,
so this deletes plain DES from the kernel crypto framework, including
the crypto accelerator drivers.
ok?
Index: sys/crypto/cryptodev.h
===================================================================
RCS file: /cvs/src/sys/crypto/cryptodev.h,v
retrieving revision 1.66
diff -u -p -r1.66 cryptodev.h
--- sys/crypto/cryptodev.h 13 Nov 2015 15:29:55 -0000 1.66
+++ sys/crypto/cryptodev.h 10 Dec 2015 12:50:32 -0000
@@ -72,7 +72,6 @@
#define HMAC_OPAD_VAL 0x5C
/* Encryption algorithm block sizes */
-#define DES_BLOCK_LEN 8
#define DES3_BLOCK_LEN 8
#define BLOWFISH_BLOCK_LEN 8
#define CAST128_BLOCK_LEN 8
@@ -83,32 +82,31 @@
/* Maximum hash algorithm result length */
#define AALG_MAX_RESULT_LEN 64 /* Keep this updated */
-#define CRYPTO_DES_CBC 1
-#define CRYPTO_3DES_CBC 2
-#define CRYPTO_BLF_CBC 3
-#define CRYPTO_CAST_CBC 4
-#define CRYPTO_MD5_HMAC 6
-#define CRYPTO_SHA1_HMAC 7
-#define CRYPTO_RIPEMD160_HMAC 8
-#define CRYPTO_RIJNDAEL128_CBC 11 /* 128 bit blocksize */
-#define CRYPTO_AES_CBC 11 /* 128 bit blocksize -- the same as above */
-#define CRYPTO_DEFLATE_COMP 12 /* Deflate compression algorithm */
-#define CRYPTO_NULL 13
-#define CRYPTO_LZS_COMP 14 /* LZS compression algorithm */
-#define CRYPTO_SHA2_256_HMAC 15
-#define CRYPTO_SHA2_384_HMAC 16
-#define CRYPTO_SHA2_512_HMAC 17
-#define CRYPTO_AES_CTR 18
-#define CRYPTO_AES_XTS 19
-#define CRYPTO_AES_GCM_16 20
-#define CRYPTO_AES_128_GMAC 21
-#define CRYPTO_AES_192_GMAC 22
-#define CRYPTO_AES_256_GMAC 23
-#define CRYPTO_AES_GMAC 24
-#define CRYPTO_CHACHA20_POLY1305 25
-#define CRYPTO_CHACHA20_POLY1305_MAC 26
-#define CRYPTO_ESN 27 /* Support for Extended Sequence Numbers */
-#define CRYPTO_ALGORITHM_MAX 27 /* Keep updated */
+#define CRYPTO_3DES_CBC 1
+#define CRYPTO_BLF_CBC 2
+#define CRYPTO_CAST_CBC 3
+#define CRYPTO_MD5_HMAC 4
+#define CRYPTO_SHA1_HMAC 5
+#define CRYPTO_RIPEMD160_HMAC 6
+#define CRYPTO_RIJNDAEL128_CBC 7 /* 128 bit blocksize */
+#define CRYPTO_AES_CBC 7 /* 128 bit blocksize -- the same as above */
+#define CRYPTO_DEFLATE_COMP 8 /* Deflate compression algorithm */
+#define CRYPTO_NULL 9
+#define CRYPTO_LZS_COMP 10 /* LZS compression algorithm */
+#define CRYPTO_SHA2_256_HMAC 11
+#define CRYPTO_SHA2_384_HMAC 12
+#define CRYPTO_SHA2_512_HMAC 13
+#define CRYPTO_AES_CTR 14
+#define CRYPTO_AES_XTS 15
+#define CRYPTO_AES_GCM_16 16
+#define CRYPTO_AES_128_GMAC 17
+#define CRYPTO_AES_192_GMAC 18
+#define CRYPTO_AES_256_GMAC 19
+#define CRYPTO_AES_GMAC 20
+#define CRYPTO_CHACHA20_POLY1305 21
+#define CRYPTO_CHACHA20_POLY1305_MAC 22
+#define CRYPTO_ESN 23 /* Support for Extended Sequence Numbers */
+#define CRYPTO_ALGORITHM_MAX 23 /* Keep updated */
/* Algorithm flags */
#define CRYPTO_ALG_FLAG_SUPPORTED 0x01 /* Algorithm is supported
*/
@@ -220,7 +218,7 @@ struct cryptocap {
* ioctl parameter to request creation of a session.
*/
struct session_op {
- u_int32_t cipher; /* ie. CRYPTO_DES_CBC */
+ u_int32_t cipher; /* ie. CRYPTO_AES_CBC */
u_int32_t mac; /* ie. CRYPTO_MD5_HMAC */
u_int32_t keylen; /* cipher key */
Index: sys/crypto/cryptosoft.c
===================================================================
RCS file: /cvs/src/sys/crypto/cryptosoft.c,v
retrieving revision 1.79
diff -u -p -r1.79 cryptosoft.c
--- sys/crypto/cryptosoft.c 18 Nov 2015 12:23:14 -0000 1.79
+++ sys/crypto/cryptosoft.c 10 Dec 2015 12:53:13 -0000
@@ -789,9 +789,6 @@ swcr_newsession(u_int32_t *sid, struct c
}
switch (cri->cri_alg) {
- case CRYPTO_DES_CBC:
- txf = &enc_xform_des;
- goto enccommon;
case CRYPTO_3DES_CBC:
txf = &enc_xform_3des;
goto enccommon;
@@ -963,7 +960,6 @@ swcr_freesession(u_int64_t tid)
swcr_sessions[sid] = swd->sw_next;
switch (swd->sw_alg) {
- case CRYPTO_DES_CBC:
case CRYPTO_3DES_CBC:
case CRYPTO_BLF_CBC:
case CRYPTO_CAST_CBC:
@@ -1075,7 +1071,6 @@ swcr_process(struct cryptop *crp)
switch (sw->sw_alg) {
case CRYPTO_NULL:
break;
- case CRYPTO_DES_CBC:
case CRYPTO_3DES_CBC:
case CRYPTO_BLF_CBC:
case CRYPTO_CAST_CBC:
@@ -1144,7 +1139,6 @@ swcr_init(void)
bzero(algs, sizeof(algs));
- algs[CRYPTO_DES_CBC] = CRYPTO_ALG_FLAG_SUPPORTED;
algs[CRYPTO_3DES_CBC] = CRYPTO_ALG_FLAG_SUPPORTED;
algs[CRYPTO_BLF_CBC] = CRYPTO_ALG_FLAG_SUPPORTED;
algs[CRYPTO_CAST_CBC] = CRYPTO_ALG_FLAG_SUPPORTED;
Index: sys/crypto/des_locl.h
===================================================================
RCS file: /cvs/src/sys/crypto/des_locl.h,v
retrieving revision 1.6
diff -u -p -r1.6 des_locl.h
--- sys/crypto/des_locl.h 16 Jan 2015 15:29:45 -0000 1.6
+++ sys/crypto/des_locl.h 10 Dec 2015 12:59:10 -0000
@@ -68,7 +68,6 @@ typedef struct des_ks_struct
#define DES_SCHEDULE_SZ (sizeof(des_key_schedule))
-void des_encrypt(u_int32_t *data,des_key_schedule ks, int enc);
void des_encrypt2(u_int32_t *data,des_key_schedule ks, int enc);
Index: sys/crypto/ecb_enc.c
===================================================================
RCS file: /cvs/src/sys/crypto/ecb_enc.c,v
retrieving revision 1.5
diff -u -p -r1.5 ecb_enc.c
--- sys/crypto/ecb_enc.c 15 Jan 2015 23:26:40 -0000 1.5
+++ sys/crypto/ecb_enc.c 10 Dec 2015 12:57:10 -0000
@@ -51,81 +51,6 @@
#include "spr.h"
void
-des_ecb_encrypt(des_cblock (*input), des_cblock (*output), des_key_schedule ks,
- int encrypt)
-{
- register u_int32_t l0, l1;
- register unsigned char *in, *out;
- u_int32_t ll[2];
-
- in = (unsigned char *) input;
- out = (unsigned char *) output;
- c2l(in, l0);
- ll[0] = l0;
- c2l(in, l1);
- ll[1] = l1;
- des_encrypt(ll, ks, encrypt);
- l0 = ll[0];
- l2c(l0, out);
- l1 = ll[1];
- l2c(l1, out);
- l0 = l1 = ll[0] = ll[1] = 0;
-}
-
-void
-des_encrypt(u_int32_t *data, des_key_schedule ks, int encrypt)
-{
- register u_int32_t l, r, t, u;
-#ifdef DES_USE_PTR
- register unsigned char *des_SP=(unsigned char *)des_SPtrans;
-#endif
- register int i;
- register u_int32_t *s;
-
- u = data[0];
- r = data[1];
-
- IP(u, r);
- /* Things have been modified so that the initial rotate is
- * done outside the loop. This required the
- * des_SPtrans values in sp.h to be rotated 1 bit to the right.
- * One perl script later and things have a 5% speed up on a sparc2.
- * Thanks to Richard Outerbridge <71755....@compuserve.com>
- * for pointing this out. */
- l = (r << 1) | (r >> 31);
- r = (u << 1) | (u >> 31);
-
- /* clear the top bits on machines with 8byte longs */
- l &= 0xffffffffL;
- r &= 0xffffffffL;
-
- s = (u_int32_t *) ks;
- /* I don't know if it is worth the effort of loop unrolling the
- * inner loop */
- if (encrypt) {
- for (i = 0; i < 32; i += 4) {
- D_ENCRYPT(l, r, i + 0); /* 1 */
- D_ENCRYPT(r, l, i + 2); /* 2 */
- }
- } else {
- for (i = 30; i > 0; i -= 4) {
- D_ENCRYPT(l, r, i - 0); /* 16 */
- D_ENCRYPT(r, l, i - 2); /* 15 */
- }
- }
- l = (l >> 1) | (l << 31);
- r = (r >> 1) | (r << 31);
- /* clear the top bits on machines with 8byte longs */
- l &= 0xffffffffL;
- r &= 0xffffffffL;
-
- FP(r, l);
- data[0] = l;
- data[1] = r;
- l = r = t = u = 0;
-}
-
-void
des_encrypt2(u_int32_t *data, des_key_schedule ks, int encrypt)
{
register u_int32_t l, r, t, u;
Index: sys/crypto/set_key.c
===================================================================
RCS file: /cvs/src/sys/crypto/set_key.c,v
retrieving revision 1.3
diff -u -p -r1.3 set_key.c
--- sys/crypto/set_key.c 18 Nov 2013 18:49:53 -0000 1.3
+++ sys/crypto/set_key.c 10 Dec 2015 13:04:37 -0000
@@ -58,23 +58,10 @@
#include "podd.h"
#include "sk.h"
-#ifdef PROTO
static int check_parity(des_cblock (*key));
-#else
-static int check_parity();
-#endif
int des_check_key=0;
-void
-des_set_odd_parity(des_cblock (*key))
-{
- int i;
-
- for (i = 0; i < DES_KEY_SZ; i++)
- (*key)[i] = odd_parity[(*key)[i]];
-}
-
static int
check_parity(des_cblock (*key))
{
@@ -224,10 +211,4 @@ des_set_key(des_cblock (*key), des_key_s
*(k++) = s & 0xffffffffL;
}
return (0);
-}
-
-int
-des_key_sched(des_cblock (*key), des_key_schedule schedule)
-{
- return (des_set_key(key, schedule));
}
Index: sys/crypto/xform.c
===================================================================
RCS file: /cvs/src/sys/crypto/xform.c,v
retrieving revision 1.53
diff -u -p -r1.53 xform.c
--- sys/crypto/xform.c 13 Nov 2015 15:29:55 -0000 1.53
+++ sys/crypto/xform.c 10 Dec 2015 12:54:44 -0000
@@ -66,10 +66,8 @@
#include <crypto/chachapoly.h>
extern void des_ecb3_encrypt(caddr_t, caddr_t, caddr_t, caddr_t, caddr_t, int);
-extern void des_ecb_encrypt(caddr_t, caddr_t, caddr_t, int);
int des_set_key(void *, caddr_t);
-int des1_setkey(void *, u_int8_t *, int);
int des3_setkey(void *, u_int8_t *, int);
int blf_setkey(void *, u_int8_t *, int);
int cast5_setkey(void *, u_int8_t *, int);
@@ -78,7 +76,6 @@ int aes_ctr_setkey(void *, u_int8_t *,
int aes_xts_setkey(void *, u_int8_t *, int);
int null_setkey(void *, u_int8_t *, int);
-void des1_encrypt(caddr_t, u_int8_t *);
void des3_encrypt(caddr_t, u_int8_t *);
void blf_encrypt(caddr_t, u_int8_t *);
void cast5_encrypt(caddr_t, u_int8_t *);
@@ -86,7 +83,6 @@ void rijndael128_encrypt(caddr_t, u_int8
void null_encrypt(caddr_t, u_int8_t *);
void aes_xts_encrypt(caddr_t, u_int8_t *);
-void des1_decrypt(caddr_t, u_int8_t *);
void des3_decrypt(caddr_t, u_int8_t *);
void blf_decrypt(caddr_t, u_int8_t *);
void cast5_decrypt(caddr_t, u_int8_t *);
@@ -135,15 +131,6 @@ struct aes_xts_ctx {
void aes_xts_crypt(struct aes_xts_ctx *, u_int8_t *, u_int);
/* Encryption instances */
-struct enc_xform enc_xform_des = {
- CRYPTO_DES_CBC, "DES",
- 8, 8, 8, 8, 128,
- des1_encrypt,
- des1_decrypt,
- des1_setkey,
- NULL
-};
-
struct enc_xform enc_xform_3des = {
CRYPTO_3DES_CBC, "3DES",
8, 8, 24, 24, 384,
@@ -336,24 +323,6 @@ struct comp_algo comp_algo_lzs = {
/*
* Encryption wrapper routines.
*/
-void
-des1_encrypt(caddr_t key, u_int8_t *blk)
-{
- des_ecb_encrypt(blk, blk, key, 1);
-}
-
-void
-des1_decrypt(caddr_t key, u_int8_t *blk)
-{
- des_ecb_encrypt(blk, blk, key, 0);
-}
-
-int
-des1_setkey(void *sched, u_int8_t *key, int len)
-{
- return des_set_key(key, sched);
-}
-
void
des3_encrypt(caddr_t key, u_int8_t *blk)
{
Index: sys/crypto/xform.h
===================================================================
RCS file: /cvs/src/sys/crypto/xform.h,v
retrieving revision 1.27
diff -u -p -r1.27 xform.h
--- sys/crypto/xform.h 13 Nov 2015 15:29:55 -0000 1.27
+++ sys/crypto/xform.h 10 Dec 2015 12:54:26 -0000
@@ -76,7 +76,6 @@ union authctx {
AES_GMAC_CTX aes_gmac_ctx;
};
-extern struct enc_xform enc_xform_des;
extern struct enc_xform enc_xform_3des;
extern struct enc_xform enc_xform_blf;
extern struct enc_xform enc_xform_cast5;
Index: sys/dev/pci/hifn7751.c
===================================================================
RCS file: /cvs/src/sys/dev/pci/hifn7751.c,v
retrieving revision 1.173
diff -u -p -r1.173 hifn7751.c
--- sys/dev/pci/hifn7751.c 13 Nov 2015 15:29:55 -0000 1.173
+++ sys/dev/pci/hifn7751.c 10 Dec 2015 13:05:38 -0000
@@ -295,7 +295,6 @@ hifn_attach(struct device *parent, struc
case HIFN_PUSTAT_ENA_1:
algs[CRYPTO_MD5_HMAC] = CRYPTO_ALG_FLAG_SUPPORTED;
algs[CRYPTO_SHA1_HMAC] = CRYPTO_ALG_FLAG_SUPPORTED;
- algs[CRYPTO_DES_CBC] = CRYPTO_ALG_FLAG_SUPPORTED;
}
if (sc->sc_flags & HIFN_HAS_AES)
algs[CRYPTO_AES_CBC] = CRYPTO_ALG_FLAG_SUPPORTED;
@@ -1866,7 +1865,6 @@ hifn_newsession(u_int32_t *sidp, struct
return (EINVAL);
mac = 1;
break;
- case CRYPTO_DES_CBC:
case CRYPTO_3DES_CBC:
case CRYPTO_AES_CBC:
if (cry)
@@ -1983,8 +1981,7 @@ hifn_process(struct cryptop *crp)
crd1->crd_alg == CRYPTO_SHA1_HMAC) {
maccrd = crd1;
enccrd = NULL;
- } else if (crd1->crd_alg == CRYPTO_DES_CBC ||
- crd1->crd_alg == CRYPTO_3DES_CBC ||
+ } else if (crd1->crd_alg == CRYPTO_3DES_CBC ||
crd1->crd_alg == CRYPTO_AES_CBC) {
if ((crd1->crd_flags & CRD_F_ENCRYPT) == 0)
cmd->base_masks |= HIFN_BASE_CMD_DECODE;
@@ -1999,15 +1996,13 @@ hifn_process(struct cryptop *crp)
} else {
if ((crd1->crd_alg == CRYPTO_MD5_HMAC ||
crd1->crd_alg == CRYPTO_SHA1_HMAC) &&
- (crd2->crd_alg == CRYPTO_DES_CBC ||
- crd2->crd_alg == CRYPTO_3DES_CBC ||
+ (crd2->crd_alg == CRYPTO_3DES_CBC ||
crd2->crd_alg == CRYPTO_AES_CBC) &&
((crd2->crd_flags & CRD_F_ENCRYPT) == 0)) {
cmd->base_masks = HIFN_BASE_CMD_DECODE;
maccrd = crd1;
enccrd = crd2;
- } else if ((crd1->crd_alg == CRYPTO_DES_CBC ||
- crd1->crd_alg == CRYPTO_3DES_CBC ||
+ } else if ((crd1->crd_alg == CRYPTO_3DES_CBC ||
crd1->crd_alg == CRYPTO_AES_CBC) &&
(crd2->crd_alg == CRYPTO_MD5_HMAC ||
crd2->crd_alg == CRYPTO_SHA1_HMAC) &&
@@ -2027,11 +2022,6 @@ hifn_process(struct cryptop *crp)
cmd->enccrd = enccrd;
cmd->base_masks |= HIFN_BASE_CMD_CRYPT;
switch (enccrd->crd_alg) {
- case CRYPTO_DES_CBC:
- cmd->cry_masks |= HIFN_CRYPT_CMD_ALG_DES |
- HIFN_CRYPT_CMD_MODE_CBC |
- HIFN_CRYPT_CMD_NEW_IV;
- break;
case CRYPTO_3DES_CBC:
cmd->cry_masks |= HIFN_CRYPT_CMD_ALG_3DES |
HIFN_CRYPT_CMD_MODE_CBC |
Index: sys/dev/pci/safe.c
===================================================================
RCS file: /cvs/src/sys/dev/pci/safe.c,v
retrieving revision 1.40
diff -u -p -r1.40 safe.c
--- sys/dev/pci/safe.c 16 Jul 2015 16:12:15 -0000 1.40
+++ sys/dev/pci/safe.c 10 Dec 2015 13:06:28 -0000
@@ -253,7 +253,6 @@ safe_attach(struct device *parent, struc
if (devinfo & SAFE_DEVINFO_DES) {
printf(" 3DES");
algs[CRYPTO_3DES_CBC] = CRYPTO_ALG_FLAG_SUPPORTED;
- algs[CRYPTO_DES_CBC] = CRYPTO_ALG_FLAG_SUPPORTED;
}
if (devinfo & SAFE_DEVINFO_AES) {
printf(" AES");
@@ -377,8 +376,7 @@ safe_process(struct cryptop *crp)
maccrd = crd1;
enccrd = NULL;
cmd0 |= SAFE_SA_CMD0_OP_HASH;
- } else if (crd1->crd_alg == CRYPTO_DES_CBC ||
- crd1->crd_alg == CRYPTO_3DES_CBC ||
+ } else if (crd1->crd_alg == CRYPTO_3DES_CBC ||
crd1->crd_alg == CRYPTO_AES_CBC) {
maccrd = NULL;
enccrd = crd1;
@@ -391,14 +389,12 @@ safe_process(struct cryptop *crp)
} else {
if ((crd1->crd_alg == CRYPTO_MD5_HMAC ||
crd1->crd_alg == CRYPTO_SHA1_HMAC) &&
- (crd2->crd_alg == CRYPTO_DES_CBC ||
- crd2->crd_alg == CRYPTO_3DES_CBC ||
+ (crd2->crd_alg == CRYPTO_3DES_CBC ||
crd2->crd_alg == CRYPTO_AES_CBC) &&
((crd2->crd_flags & CRD_F_ENCRYPT) == 0)) {
maccrd = crd1;
enccrd = crd2;
- } else if ((crd1->crd_alg == CRYPTO_DES_CBC ||
- crd1->crd_alg == CRYPTO_3DES_CBC ||
+ } else if ((crd1->crd_alg == CRYPTO_3DES_CBC ||
crd1->crd_alg == CRYPTO_AES_CBC) &&
(crd2->crd_alg == CRYPTO_MD5_HMAC ||
crd2->crd_alg == CRYPTO_SHA1_HMAC) &&
@@ -414,11 +410,7 @@ safe_process(struct cryptop *crp)
}
if (enccrd) {
- if (enccrd->crd_alg == CRYPTO_DES_CBC) {
- cmd0 |= SAFE_SA_CMD0_DES;
- cmd1 |= SAFE_SA_CMD1_CBC;
- ivsize = 2*sizeof(u_int32_t);
- } else if (enccrd->crd_alg == CRYPTO_3DES_CBC) {
+ if (enccrd->crd_alg == CRYPTO_3DES_CBC) {
cmd0 |= SAFE_SA_CMD0_3DES;
cmd1 |= SAFE_SA_CMD1_CBC;
ivsize = 2*sizeof(u_int32_t);
@@ -1279,8 +1271,7 @@ safe_newsession(u_int32_t *sidp, struct
if (macini)
return (EINVAL);
macini = c;
- } else if (c->cri_alg == CRYPTO_DES_CBC ||
- c->cri_alg == CRYPTO_3DES_CBC ||
+ } else if (c->cri_alg == CRYPTO_3DES_CBC ||
c->cri_alg == CRYPTO_AES_CBC) {
if (encini)
return (EINVAL);
@@ -1292,10 +1283,6 @@ safe_newsession(u_int32_t *sidp, struct
return (EINVAL);
if (encini) { /* validate key length */
switch (encini->cri_alg) {
- case CRYPTO_DES_CBC:
- if (encini->cri_klen != 64)
- return (EINVAL);
- break;
case CRYPTO_3DES_CBC:
if (encini->cri_klen != 192)
return (EINVAL);
Index: sys/dev/pci/ubsec.c
===================================================================
RCS file: /cvs/src/sys/dev/pci/ubsec.c,v
retrieving revision 1.160
diff -u -p -r1.160 ubsec.c
--- sys/dev/pci/ubsec.c 15 Aug 2014 15:37:51 -0000 1.160
+++ sys/dev/pci/ubsec.c 10 Dec 2015 13:08:44 -0000
@@ -267,7 +267,6 @@ ubsec_attach(struct device *parent, stru
bzero(algs, sizeof(algs));
algs[CRYPTO_3DES_CBC] = CRYPTO_ALG_FLAG_SUPPORTED;
- algs[CRYPTO_DES_CBC] = CRYPTO_ALG_FLAG_SUPPORTED;
algs[CRYPTO_MD5_HMAC] = CRYPTO_ALG_FLAG_SUPPORTED;
algs[CRYPTO_SHA1_HMAC] = CRYPTO_ALG_FLAG_SUPPORTED;
if (sc->sc_flags & UBS_FLAGS_AES)
@@ -627,8 +626,7 @@ ubsec_newsession(u_int32_t *sidp, struct
if (macini)
return (EINVAL);
macini = c;
- } else if (c->cri_alg == CRYPTO_DES_CBC ||
- c->cri_alg == CRYPTO_3DES_CBC ||
+ } else if (c->cri_alg == CRYPTO_3DES_CBC ||
c->cri_alg == CRYPTO_AES_CBC) {
if (encini)
return (EINVAL);
@@ -689,10 +687,6 @@ ubsec_newsession(u_int32_t *sidp, struct
if (encini->cri_alg == CRYPTO_AES_CBC) {
bcopy(encini->cri_key, ses->ses_key,
encini->cri_klen / 8);
- } else if (encini->cri_alg == CRYPTO_DES_CBC) {
- bcopy(encini->cri_key, &ses->ses_key[0], 8);
- bcopy(encini->cri_key, &ses->ses_key[2], 8);
- bcopy(encini->cri_key, &ses->ses_key[4], 8);
} else
bcopy(encini->cri_key, ses->ses_key, 24);
@@ -853,8 +847,7 @@ ubsec_process(struct cryptop *crp)
crd1->crd_alg == CRYPTO_SHA1_HMAC) {
maccrd = crd1;
enccrd = NULL;
- } else if (crd1->crd_alg == CRYPTO_DES_CBC ||
- crd1->crd_alg == CRYPTO_3DES_CBC ||
+ } else if (crd1->crd_alg == CRYPTO_3DES_CBC ||
crd1->crd_alg == CRYPTO_AES_CBC) {
maccrd = NULL;
enccrd = crd1;
@@ -865,14 +858,12 @@ ubsec_process(struct cryptop *crp)
} else {
if ((crd1->crd_alg == CRYPTO_MD5_HMAC ||
crd1->crd_alg == CRYPTO_SHA1_HMAC) &&
- (crd2->crd_alg == CRYPTO_DES_CBC ||
- crd2->crd_alg == CRYPTO_3DES_CBC ||
+ (crd2->crd_alg == CRYPTO_3DES_CBC ||
crd2->crd_alg == CRYPTO_AES_CBC) &&
((crd2->crd_flags & CRD_F_ENCRYPT) == 0)) {
maccrd = crd1;
enccrd = crd2;
- } else if ((crd1->crd_alg == CRYPTO_DES_CBC ||
- crd1->crd_alg == CRYPTO_3DES_CBC ||
+ } else if ((crd1->crd_alg == CRYPTO_3DES_CBC ||
crd1->crd_alg == CRYPTO_AES_CBC) &&
(crd2->crd_alg == CRYPTO_MD5_HMAC ||
crd2->crd_alg == CRYPTO_SHA1_HMAC) &&
Index: share/man/man4/hifn.4
===================================================================
RCS file: /cvs/src/share/man/man4/hifn.4,v
retrieving revision 1.49
diff -u -p -r1.49 hifn.4
--- share/man/man4/hifn.4 13 Nov 2015 15:33:41 -0000 1.49
+++ share/man/man4/hifn.4 10 Dec 2015 13:09:34 -0000
@@ -69,7 +69,7 @@ The
.Tn Hifn 7955 ,
and
.Tn Hifn 7956
-chips all support acceleration of DES, Triple-DES,
+chips all support acceleration of Triple-DES,
MD5-HMAC, SHA1-HMAC, and LZS operations for
.Xr ipsec 4 .
The
Index: share/man/man4/safe.4
===================================================================
RCS file: /cvs/src/share/man/man4/safe.4,v
retrieving revision 1.10
diff -u -p -r1.10 safe.4
--- share/man/man4/safe.4 20 Aug 2014 11:23:41 -0000 1.10
+++ share/man/man4/safe.4 10 Dec 2015 13:10:02 -0000
@@ -49,7 +49,7 @@ A faster version of the 1141.
.Pp
The
.Nm
-driver registers itself to accelerate DES, Triple-DES, AES, MD5-HMAC,
+driver registers itself to accelerate Triple-DES, AES, MD5-HMAC,
and SHA1-HMAC operations for
.Xr ipsec 4 .
.Pp
Index: share/man/man4/ubsec.4
===================================================================
RCS file: /cvs/src/share/man/man4/ubsec.4,v
retrieving revision 1.35
diff -u -p -r1.35 ubsec.4
--- share/man/man4/ubsec.4 20 Aug 2014 18:59:56 -0000 1.35
+++ share/man/man4/ubsec.4 10 Dec 2015 13:10:19 -0000
@@ -38,7 +38,7 @@ The
driver supports cards containing any of the following chips:
.Bl -tag -width "Broadcom BCM5821" -offset indent
.It Bluesteel 5501
-The original chipset, no longer made.
+The original chipset.
This extremely rare unit
was not very fast, lacked an RNG, and had a number of other bugs.
.It Bluesteel 5601
@@ -71,7 +71,7 @@ Faster version of the BCM5861.
.Pp
The
.Nm
-driver registers itself to accelerate DES, Triple-DES, MD5-HMAC,
+driver registers itself to accelerate Triple-DES, MD5-HMAC,
and SHA1-HMAC operations for
.Xr ipsec 4 .
The driver also supports acceleration of AES-CBC with the BCM5823 or newer.
Index: share/man/man9/crypto.9
===================================================================
RCS file: /cvs/src/share/man/man9/crypto.9,v
retrieving revision 1.41
diff -u -p -r1.41 crypto.9
--- share/man/man9/crypto.9 23 Nov 2015 17:53:57 -0000 1.41
+++ share/man/man9/crypto.9 10 Dec 2015 13:13:23 -0000
@@ -140,7 +140,6 @@ structure are:
Contains an algorithm identifier.
Currently supported encryption algorithms are:
.Bd -literal
-CRYPTO_DES_CBC
CRYPTO_3DES_CBC
CRYPTO_BLF_CBC
CRYPTO_CAST_CBC
@@ -511,9 +510,6 @@ Some type of benchmarking is in order he
.Pp
Multiple instances of the same algorithm in the same session are not
supported.
-Note that 3DES is considered one algorithm (and not three
-instances of DES).
-Thus, 3DES and DES could be mixed in the same request.
.Pp
A queue for completed operations should be implemented and processed
at some software
--
Christian "naddy" Weisgerber na...@mips.inka.de
