diff --git a/module/icp/core/kcf_sched.c b/module/icp/core/kcf_sched.c index 4c689c20f..7d2b46a5f 100644 --- a/module/icp/core/kcf_sched.c +++ b/module/icp/core/kcf_sched.c @@ -58,7 +58,6 @@ kcf_new_ctx(kcf_provider_desc_t *pd) kcf_ctx->kc_sw_prov_desc = NULL; ctx = &kcf_ctx->kc_glbl_ctx; - ctx->cc_provider = pd->pd_prov_handle; ctx->cc_provider_private = NULL; ctx->cc_framework_private = (void *)kcf_ctx; diff --git a/module/icp/include/sys/crypto/impl.h b/module/icp/include/sys/crypto/impl.h index ba37c99e9..2194af864 100644 --- a/module/icp/include/sys/crypto/impl.h +++ b/module/icp/include/sys/crypto/impl.h @@ -146,7 +146,6 @@ typedef enum { * pd_irefcnt: References held by the framework internal structs * pd_lock: lock protects pd_state * pd_state: State value of the provider - * pd_prov_handle: Provider handle specified by provider * pd_ops_vector: The ops vector specified by Provider * pd_mech_indx: Lookup table which maps a core framework mechanism * number to an index in pd_mechanisms array @@ -171,7 +170,6 @@ typedef struct kcf_provider_desc { kmutex_t pd_lock; kcf_prov_state_t pd_state; kcondvar_t pd_resume_cv; - crypto_provider_handle_t pd_prov_handle; const crypto_ops_t *pd_ops_vector; ushort_t pd_mech_indx[KCF_OPS_CLASSSIZE]\ [KCF_MAXMECHTAB]; @@ -405,16 +403,14 @@ typedef struct crypto_minor { template) ( \ (KCF_PROV_CIPHER_OPS(pd) && KCF_PROV_CIPHER_OPS(pd)->encrypt_atomic) ? \ KCF_PROV_CIPHER_OPS(pd)->encrypt_atomic( \ - (pd)->pd_prov_handle, session, mech, key, plaintext, ciphertext, \ - template) : \ + session, mech, key, plaintext, ciphertext, template) : \ CRYPTO_NOT_SUPPORTED) #define KCF_PROV_DECRYPT_ATOMIC(pd, session, mech, key, ciphertext, plaintext, \ template) ( \ (KCF_PROV_CIPHER_OPS(pd) && KCF_PROV_CIPHER_OPS(pd)->decrypt_atomic) ? \ KCF_PROV_CIPHER_OPS(pd)->decrypt_atomic( \ - (pd)->pd_prov_handle, session, mech, key, ciphertext, plaintext, \ - template) : \ + session, mech, key, ciphertext, plaintext, template) : \ CRYPTO_NOT_SUPPORTED) /* @@ -443,7 +439,7 @@ typedef struct crypto_minor { #define KCF_PROV_MAC_ATOMIC(pd, session, mech, key, data, mac, template) ( \ (KCF_PROV_MAC_OPS(pd) && KCF_PROV_MAC_OPS(pd)->mac_atomic) ? \ KCF_PROV_MAC_OPS(pd)->mac_atomic( \ - (pd)->pd_prov_handle, session, mech, key, data, mac, template) : \ + session, mech, key, data, mac, template) : \ CRYPTO_NOT_SUPPORTED) /* @@ -453,7 +449,7 @@ typedef struct crypto_minor { #define KCF_PROV_CREATE_CTX_TEMPLATE(pd, mech, key, template, size) ( \ (KCF_PROV_CTX_OPS(pd) && KCF_PROV_CTX_OPS(pd)->create_ctx_template) ? \ KCF_PROV_CTX_OPS(pd)->create_ctx_template( \ - (pd)->pd_prov_handle, mech, key, template, size) : \ + mech, key, template, size) : \ CRYPTO_NOT_SUPPORTED) #define KCF_PROV_FREE_CONTEXT(pd, ctx) ( \ diff --git a/module/icp/include/sys/crypto/spi.h b/module/icp/include/sys/crypto/spi.h index 6d656fef2..eb0d6bdc6 100644 --- a/module/icp/include/sys/crypto/spi.h +++ b/module/icp/include/sys/crypto/spi.h @@ -43,14 +43,6 @@ extern "C" { #define __no_const #endif /* CONSTIFY_PLUGIN */ -/* - * Provider-private handle. This handle is specified by a provider - * when it registers by means of the pi_provider_handle field of - * the crypto_provider_info structure, and passed to the provider - * when its entry points are invoked. - */ -typedef void *crypto_provider_handle_t; - /* * Context templates can be used to by providers to pre-process * keying material, such as key schedules. They are allocated by @@ -70,7 +62,6 @@ typedef void *crypto_spi_ctx_template_t; * as separate arguments to Provider routines. */ typedef struct crypto_ctx { - crypto_provider_handle_t cc_provider; void *cc_provider_private; /* owned by provider */ void *cc_framework_private; /* owned by framework */ } crypto_ctx_t; @@ -87,7 +78,7 @@ typedef struct crypto_digest_ops { int (*digest_update)(crypto_ctx_t *, crypto_data_t *); int (*digest_key)(crypto_ctx_t *, crypto_key_t *); int (*digest_final)(crypto_ctx_t *, crypto_data_t *); - int (*digest_atomic)(crypto_provider_handle_t, crypto_session_id_t, + int (*digest_atomic)(crypto_session_id_t, crypto_mechanism_t *, crypto_data_t *, crypto_data_t *); } __no_const crypto_digest_ops_t; @@ -108,7 +99,7 @@ typedef struct crypto_cipher_ops { crypto_data_t *, crypto_data_t *); int (*encrypt_final)(crypto_ctx_t *, crypto_data_t *); - int (*encrypt_atomic)(crypto_provider_handle_t, crypto_session_id_t, + int (*encrypt_atomic)(crypto_session_id_t, crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, crypto_data_t *, crypto_spi_ctx_template_t); @@ -121,7 +112,7 @@ typedef struct crypto_cipher_ops { crypto_data_t *, crypto_data_t *); int (*decrypt_final)(crypto_ctx_t *, crypto_data_t *); - int (*decrypt_atomic)(crypto_provider_handle_t, crypto_session_id_t, + int (*decrypt_atomic)(crypto_session_id_t, crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, crypto_data_t *, crypto_spi_ctx_template_t); } __no_const crypto_cipher_ops_t; @@ -142,10 +133,10 @@ typedef struct crypto_mac_ops { crypto_data_t *); int (*mac_final)(crypto_ctx_t *, crypto_data_t *); - int (*mac_atomic)(crypto_provider_handle_t, crypto_session_id_t, + int (*mac_atomic)(crypto_session_id_t, crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, crypto_data_t *, crypto_spi_ctx_template_t); - int (*mac_verify_atomic)(crypto_provider_handle_t, crypto_session_id_t, + int (*mac_verify_atomic)(crypto_session_id_t, crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, crypto_data_t *, crypto_spi_ctx_template_t); } __no_const crypto_mac_ops_t; @@ -157,8 +148,7 @@ typedef struct crypto_mac_ops { * with the kernel using crypto_register_provider(9F). */ typedef struct crypto_ctx_ops { - int (*create_ctx_template)(crypto_provider_handle_t, - crypto_mechanism_t *, crypto_key_t *, + int (*create_ctx_template)(crypto_mechanism_t *, crypto_key_t *, crypto_spi_ctx_template_t *, size_t *); int (*free_context)(crypto_ctx_t *); } __no_const crypto_ctx_ops_t; @@ -230,13 +220,10 @@ typedef uint_t crypto_kcf_provider_handle_t; /* * Provider information. Passed as argument to crypto_register_provider(9F). - * Describes the provider and its capabilities. Multiple providers can - * register for the same device instance. In this case, the same - * pi_provider_dev must be specified with a different pi_provider_handle. + * Describes the provider and its capabilities. */ typedef struct crypto_provider_info { const char *pi_provider_description; - crypto_provider_handle_t pi_provider_handle; const crypto_ops_t *pi_ops_vector; uint_t pi_mech_list_count; const crypto_mech_info_t *pi_mechanisms; diff --git a/module/icp/io/aes.c b/module/icp/io/aes.c index 034cf4d07..ee0e1895d 100644 --- a/module/icp/io/aes.c +++ b/module/icp/io/aes.c @@ -87,14 +87,14 @@ static int aes_decrypt_final(crypto_ctx_t *, crypto_data_t *); static int aes_encrypt(crypto_ctx_t *, crypto_data_t *, crypto_data_t *); static int aes_encrypt_update(crypto_ctx_t *, crypto_data_t *, crypto_data_t *); -static int aes_encrypt_atomic(crypto_provider_handle_t, crypto_session_id_t, +static int aes_encrypt_atomic(crypto_session_id_t, crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, crypto_data_t *, crypto_spi_ctx_template_t); static int aes_decrypt(crypto_ctx_t *, crypto_data_t *, crypto_data_t *); static int aes_decrypt_update(crypto_ctx_t *, crypto_data_t *, crypto_data_t *); -static int aes_decrypt_atomic(crypto_provider_handle_t, crypto_session_id_t, +static int aes_decrypt_atomic(crypto_session_id_t, crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, crypto_data_t *, crypto_spi_ctx_template_t); @@ -111,10 +111,10 @@ static const crypto_cipher_ops_t aes_cipher_ops = { .decrypt_atomic = aes_decrypt_atomic }; -static int aes_mac_atomic(crypto_provider_handle_t, crypto_session_id_t, +static int aes_mac_atomic(crypto_session_id_t, crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, crypto_data_t *, crypto_spi_ctx_template_t); -static int aes_mac_verify_atomic(crypto_provider_handle_t, crypto_session_id_t, +static int aes_mac_verify_atomic(crypto_session_id_t, crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, crypto_data_t *, crypto_spi_ctx_template_t); @@ -127,9 +127,8 @@ static const crypto_mac_ops_t aes_mac_ops = { .mac_verify_atomic = aes_mac_verify_atomic }; -static int aes_create_ctx_template(crypto_provider_handle_t, - crypto_mechanism_t *, crypto_key_t *, crypto_spi_ctx_template_t *, - size_t *); +static int aes_create_ctx_template(crypto_mechanism_t *, crypto_key_t *, + crypto_spi_ctx_template_t *, size_t *); static int aes_free_context(crypto_ctx_t *); static const crypto_ctx_ops_t aes_ctx_ops = { @@ -146,7 +145,6 @@ static const crypto_ops_t aes_crypto_ops = { static const crypto_provider_info_t aes_prov_info = { "AES Software Provider", - NULL, &aes_crypto_ops, sizeof (aes_mech_info_tab) / sizeof (crypto_mech_info_t), aes_mech_info_tab @@ -840,12 +838,12 @@ aes_decrypt_final(crypto_ctx_t *ctx, crypto_data_t *data) } static int -aes_encrypt_atomic(crypto_provider_handle_t provider, - crypto_session_id_t session_id, crypto_mechanism_t *mechanism, +aes_encrypt_atomic(crypto_session_id_t session_id, + crypto_mechanism_t *mechanism, crypto_key_t *key, crypto_data_t *plaintext, crypto_data_t *ciphertext, crypto_spi_ctx_template_t template) { - (void) provider, (void) session_id; + (void) session_id; aes_ctx_t aes_ctx; /* on the stack */ off_t saved_offset; size_t saved_length; @@ -976,12 +974,12 @@ out: } static int -aes_decrypt_atomic(crypto_provider_handle_t provider, - crypto_session_id_t session_id, crypto_mechanism_t *mechanism, +aes_decrypt_atomic(crypto_session_id_t session_id, + crypto_mechanism_t *mechanism, crypto_key_t *key, crypto_data_t *ciphertext, crypto_data_t *plaintext, crypto_spi_ctx_template_t template) { - (void) provider, (void) session_id; + (void) session_id; aes_ctx_t aes_ctx; /* on the stack */ off_t saved_offset; size_t saved_length; @@ -1142,11 +1140,9 @@ out: * KCF software provider context template entry points. */ static int -aes_create_ctx_template(crypto_provider_handle_t provider, - crypto_mechanism_t *mechanism, crypto_key_t *key, +aes_create_ctx_template(crypto_mechanism_t *mechanism, crypto_key_t *key, crypto_spi_ctx_template_t *tmpl, size_t *tmpl_size) { - (void) provider; void *keysched; size_t size; int rv; @@ -1318,8 +1314,7 @@ process_gmac_mech(crypto_mechanism_t *mech, crypto_data_t *data, } static int -aes_mac_atomic(crypto_provider_handle_t provider, - crypto_session_id_t session_id, crypto_mechanism_t *mechanism, +aes_mac_atomic(crypto_session_id_t session_id, crypto_mechanism_t *mechanism, crypto_key_t *key, crypto_data_t *data, crypto_data_t *mac, crypto_spi_ctx_template_t template) { @@ -1335,15 +1330,14 @@ aes_mac_atomic(crypto_provider_handle_t provider, gcm_mech.cm_param_len = sizeof (CK_AES_GCM_PARAMS); gcm_mech.cm_param = (char *)&gcm_params; - return (aes_encrypt_atomic(provider, session_id, &gcm_mech, + return (aes_encrypt_atomic(session_id, &gcm_mech, key, &null_crypto_data, mac, template)); } static int -aes_mac_verify_atomic(crypto_provider_handle_t provider, - crypto_session_id_t session_id, crypto_mechanism_t *mechanism, - crypto_key_t *key, crypto_data_t *data, crypto_data_t *mac, - crypto_spi_ctx_template_t template) +aes_mac_verify_atomic(crypto_session_id_t session_id, + crypto_mechanism_t *mechanism, crypto_key_t *key, crypto_data_t *data, + crypto_data_t *mac, crypto_spi_ctx_template_t template) { CK_AES_GCM_PARAMS gcm_params; crypto_mechanism_t gcm_mech; @@ -1357,6 +1351,6 @@ aes_mac_verify_atomic(crypto_provider_handle_t provider, gcm_mech.cm_param_len = sizeof (CK_AES_GCM_PARAMS); gcm_mech.cm_param = (char *)&gcm_params; - return (aes_decrypt_atomic(provider, session_id, &gcm_mech, + return (aes_decrypt_atomic(session_id, &gcm_mech, key, mac, &null_crypto_data, template)); } diff --git a/module/icp/io/sha2_mod.c b/module/icp/io/sha2_mod.c index db6cc539c..2cb8e929f 100644 --- a/module/icp/io/sha2_mod.c +++ b/module/icp/io/sha2_mod.c @@ -109,7 +109,7 @@ static int sha2_digest_init(crypto_ctx_t *, crypto_mechanism_t *); static int sha2_digest(crypto_ctx_t *, crypto_data_t *, crypto_data_t *); static int sha2_digest_update(crypto_ctx_t *, crypto_data_t *); static int sha2_digest_final(crypto_ctx_t *, crypto_data_t *); -static int sha2_digest_atomic(crypto_provider_handle_t, crypto_session_id_t, +static int sha2_digest_atomic(crypto_session_id_t, crypto_mechanism_t *, crypto_data_t *, crypto_data_t *); static const crypto_digest_ops_t sha2_digest_ops = { @@ -124,10 +124,10 @@ static int sha2_mac_init(crypto_ctx_t *, crypto_mechanism_t *, crypto_key_t *, crypto_spi_ctx_template_t); static int sha2_mac_update(crypto_ctx_t *, crypto_data_t *); static int sha2_mac_final(crypto_ctx_t *, crypto_data_t *); -static int sha2_mac_atomic(crypto_provider_handle_t, crypto_session_id_t, +static int sha2_mac_atomic(crypto_session_id_t, crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, crypto_data_t *, crypto_spi_ctx_template_t); -static int sha2_mac_verify_atomic(crypto_provider_handle_t, crypto_session_id_t, +static int sha2_mac_verify_atomic(crypto_session_id_t, crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, crypto_data_t *, crypto_spi_ctx_template_t); @@ -140,9 +140,8 @@ static const crypto_mac_ops_t sha2_mac_ops = { .mac_verify_atomic = sha2_mac_verify_atomic }; -static int sha2_create_ctx_template(crypto_provider_handle_t, - crypto_mechanism_t *, crypto_key_t *, crypto_spi_ctx_template_t *, - size_t *); +static int sha2_create_ctx_template(crypto_mechanism_t *, crypto_key_t *, + crypto_spi_ctx_template_t *, size_t *); static int sha2_free_context(crypto_ctx_t *); static const crypto_ctx_ops_t sha2_ctx_ops = { @@ -159,7 +158,6 @@ static const crypto_ops_t sha2_crypto_ops = { static const crypto_provider_info_t sha2_prov_info = { "SHA2 Software Provider", - NULL, &sha2_crypto_ops, sizeof (sha2_mech_info_tab) / sizeof (crypto_mech_info_t), sha2_mech_info_tab @@ -554,11 +552,10 @@ sha2_digest_final(crypto_ctx_t *ctx, crypto_data_t *digest) } static int -sha2_digest_atomic(crypto_provider_handle_t provider, - crypto_session_id_t session_id, crypto_mechanism_t *mechanism, - crypto_data_t *data, crypto_data_t *digest) +sha2_digest_atomic(crypto_session_id_t session_id, + crypto_mechanism_t *mechanism, crypto_data_t *data, crypto_data_t *digest) { - (void) provider, (void) session_id; + (void) session_id; int ret = CRYPTO_SUCCESS; SHA2_CTX sha2_ctx; uint32_t sha_digest_len; @@ -916,12 +913,11 @@ sha2_mac_final(crypto_ctx_t *ctx, crypto_data_t *mac) } static int -sha2_mac_atomic(crypto_provider_handle_t provider, - crypto_session_id_t session_id, crypto_mechanism_t *mechanism, +sha2_mac_atomic(crypto_session_id_t session_id, crypto_mechanism_t *mechanism, crypto_key_t *key, crypto_data_t *data, crypto_data_t *mac, crypto_spi_ctx_template_t ctx_template) { - (void) provider, (void) session_id; + (void) session_id; int ret = CRYPTO_SUCCESS; uchar_t digest[SHA512_DIGEST_LENGTH]; sha2_hmac_ctx_t sha2_hmac_ctx; @@ -1050,12 +1046,12 @@ bail: } static int -sha2_mac_verify_atomic(crypto_provider_handle_t provider, - crypto_session_id_t session_id, crypto_mechanism_t *mechanism, +sha2_mac_verify_atomic(crypto_session_id_t session_id, + crypto_mechanism_t *mechanism, crypto_key_t *key, crypto_data_t *data, crypto_data_t *mac, crypto_spi_ctx_template_t ctx_template) { - (void) provider, (void) session_id; + (void) session_id; int ret = CRYPTO_SUCCESS; uchar_t digest[SHA512_DIGEST_LENGTH]; sha2_hmac_ctx_t sha2_hmac_ctx; @@ -1226,11 +1222,9 @@ bail: */ static int -sha2_create_ctx_template(crypto_provider_handle_t provider, - crypto_mechanism_t *mechanism, crypto_key_t *key, +sha2_create_ctx_template(crypto_mechanism_t *mechanism, crypto_key_t *key, crypto_spi_ctx_template_t *ctx_template, size_t *ctx_template_size) { - (void) provider; sha2_hmac_ctx_t *sha2_hmac_ctx_tmpl; uint_t keylen_in_bytes = CRYPTO_BITS2BYTES(key->ck_length); uint32_t sha_digest_len, sha_hmac_block_size; diff --git a/module/icp/io/skein_mod.c b/module/icp/io/skein_mod.c index 43d9c9db1..f791b4000 100644 --- a/module/icp/io/skein_mod.c +++ b/module/icp/io/skein_mod.c @@ -55,7 +55,7 @@ static int skein_digest_init(crypto_ctx_t *, crypto_mechanism_t *); static int skein_digest(crypto_ctx_t *, crypto_data_t *, crypto_data_t *); static int skein_update(crypto_ctx_t *, crypto_data_t *); static int skein_final(crypto_ctx_t *, crypto_data_t *); -static int skein_digest_atomic(crypto_provider_handle_t, crypto_session_id_t, +static int skein_digest_atomic(crypto_session_id_t, crypto_mechanism_t *, crypto_data_t *, crypto_data_t *); static const crypto_digest_ops_t skein_digest_ops = { @@ -68,7 +68,7 @@ static const crypto_digest_ops_t skein_digest_ops = { static int skein_mac_init(crypto_ctx_t *, crypto_mechanism_t *, crypto_key_t *, crypto_spi_ctx_template_t); -static int skein_mac_atomic(crypto_provider_handle_t, crypto_session_id_t, +static int skein_mac_atomic(crypto_session_id_t, crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, crypto_data_t *, crypto_spi_ctx_template_t); @@ -81,9 +81,8 @@ static const crypto_mac_ops_t skein_mac_ops = { .mac_verify_atomic = NULL }; -static int skein_create_ctx_template(crypto_provider_handle_t, - crypto_mechanism_t *, crypto_key_t *, crypto_spi_ctx_template_t *, - size_t *); +static int skein_create_ctx_template(crypto_mechanism_t *, crypto_key_t *, + crypto_spi_ctx_template_t *, size_t *); static int skein_free_context(crypto_ctx_t *); static const crypto_ctx_ops_t skein_ctx_ops = { @@ -100,7 +99,6 @@ static const crypto_ops_t skein_crypto_ops = { static const crypto_provider_info_t skein_prov_info = { "Skein Software Provider", - NULL, &skein_crypto_ops, sizeof (skein_mech_info_tab) / sizeof (crypto_mech_info_t), skein_mech_info_tab @@ -475,11 +473,10 @@ skein_final(crypto_ctx_t *ctx, crypto_data_t *digest) * Supported input/output formats are raw, uio and mblk. */ static int -skein_digest_atomic(crypto_provider_handle_t provider, - crypto_session_id_t session_id, crypto_mechanism_t *mechanism, - crypto_data_t *data, crypto_data_t *digest) +skein_digest_atomic(crypto_session_id_t session_id, + crypto_mechanism_t *mechanism, crypto_data_t *data, crypto_data_t *digest) { - (void) provider, (void) session_id; + (void) session_id; int error; skein_ctx_t skein_ctx; crypto_ctx_t ctx; @@ -579,13 +576,12 @@ errout: * function as to those of the partial operations above. */ static int -skein_mac_atomic(crypto_provider_handle_t provider, - crypto_session_id_t session_id, crypto_mechanism_t *mechanism, +skein_mac_atomic(crypto_session_id_t session_id, crypto_mechanism_t *mechanism, crypto_key_t *key, crypto_data_t *data, crypto_data_t *mac, crypto_spi_ctx_template_t ctx_template) { /* faux crypto context just for skein_digest_{update,final} */ - (void) provider, (void) session_id; + (void) session_id; int error; crypto_ctx_t ctx; skein_ctx_t skein_ctx; @@ -620,11 +616,9 @@ errout: * skein_mac_init. */ static int -skein_create_ctx_template(crypto_provider_handle_t provider, - crypto_mechanism_t *mechanism, crypto_key_t *key, +skein_create_ctx_template(crypto_mechanism_t *mechanism, crypto_key_t *key, crypto_spi_ctx_template_t *ctx_template, size_t *ctx_template_size) { - (void) provider; int error; skein_ctx_t *ctx_tmpl; diff --git a/module/icp/spi/kcf_spi.c b/module/icp/spi/kcf_spi.c index bfcb353e5..ae36df399 100644 --- a/module/icp/spi/kcf_spi.c +++ b/module/icp/spi/kcf_spi.c @@ -69,9 +69,6 @@ crypto_register_provider(const crypto_provider_info_t *info, prov_desc = kcf_alloc_provider_desc(); KCF_PROV_REFHOLD(prov_desc); - /* provider-private handle, opaque to KCF */ - prov_desc->pd_prov_handle = info->pi_provider_handle; - /* copy provider description string */ prov_desc->pd_description = info->pi_provider_description;