icp: remove digest entry points

For whatever reason, we call digest mechanisms directly, not through the KCF digest provider. So we can remove those entry points entirely. Sponsored-by: Klara, Inc. Sponsored-by: Wasabi Technology, Inc. Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Signed-off-by: Rob Norris <rob.norris@klarasystems.com> Closes #16209
2026-05-24 19:28:53 +03:00 · 2024-05-19 12:58:56 +10:00
parent 94f1e56e41
commit 1291c46ea4
7 changed files with 8 additions and 464 deletions
@@ -61,8 +61,7 @@
 */
 static const crypto_mech_info_t sha2_mech_info_tab[] = {
 	/* SHA256 */
-	{SUN_CKM_SHA256, SHA256_MECH_INFO_TYPE,
-	    CRYPTO_FG_DIGEST | CRYPTO_FG_DIGEST_ATOMIC},
+	{SUN_CKM_SHA256, SHA256_MECH_INFO_TYPE, 0},
 	/* SHA256-HMAC */
 	{SUN_CKM_SHA256_HMAC, SHA256_HMAC_MECH_INFO_TYPE,
 	    CRYPTO_FG_MAC | CRYPTO_FG_MAC_ATOMIC},
@@ -70,8 +69,7 @@ static const crypto_mech_info_t sha2_mech_info_tab[] = {
 	{SUN_CKM_SHA256_HMAC_GENERAL, SHA256_HMAC_GEN_MECH_INFO_TYPE,
 	    CRYPTO_FG_MAC | CRYPTO_FG_MAC_ATOMIC},
 	/* SHA384 */
-	{SUN_CKM_SHA384, SHA384_MECH_INFO_TYPE,
-	    CRYPTO_FG_DIGEST | CRYPTO_FG_DIGEST_ATOMIC},
+	{SUN_CKM_SHA384, SHA384_MECH_INFO_TYPE, 0},
 	/* SHA384-HMAC */
 	{SUN_CKM_SHA384_HMAC, SHA384_HMAC_MECH_INFO_TYPE,
 	    CRYPTO_FG_MAC | CRYPTO_FG_MAC_ATOMIC},
@@ -79,8 +77,7 @@ static const crypto_mech_info_t sha2_mech_info_tab[] = {
 	{SUN_CKM_SHA384_HMAC_GENERAL, SHA384_HMAC_GEN_MECH_INFO_TYPE,
 	    CRYPTO_FG_MAC | CRYPTO_FG_MAC_ATOMIC},
 	/* SHA512 */
-	{SUN_CKM_SHA512, SHA512_MECH_INFO_TYPE,
-	    CRYPTO_FG_DIGEST | CRYPTO_FG_DIGEST_ATOMIC},
+	{SUN_CKM_SHA512, SHA512_MECH_INFO_TYPE, 0},
 	/* SHA512-HMAC */
 	{SUN_CKM_SHA512_HMAC, SHA512_HMAC_MECH_INFO_TYPE,
 	    CRYPTO_FG_MAC | CRYPTO_FG_MAC_ATOMIC},
@@ -89,21 +86,6 @@ static const crypto_mech_info_t sha2_mech_info_tab[] = {
 	    CRYPTO_FG_MAC | CRYPTO_FG_MAC_ATOMIC},
 };

-static int sha2_digest_init(crypto_ctx_t *, crypto_mechanism_t *);
-static int sha2_digest(crypto_ctx_t *, crypto_data_t *, crypto_data_t *);
-static int sha2_digest_update(crypto_ctx_t *, crypto_data_t *);
-static int sha2_digest_final(crypto_ctx_t *, crypto_data_t *);
-static int sha2_digest_atomic(crypto_mechanism_t *, crypto_data_t *,
-    crypto_data_t *);
-
-static const crypto_digest_ops_t sha2_digest_ops = {
-	.digest_init = sha2_digest_init,
-	.digest = sha2_digest,
-	.digest_update = sha2_digest_update,
-	.digest_final = sha2_digest_final,
-	.digest_atomic = sha2_digest_atomic
-};
-
 static int sha2_mac_init(crypto_ctx_t *, crypto_mechanism_t *, crypto_key_t *,
    crypto_spi_ctx_template_t);
 static int sha2_mac_update(crypto_ctx_t *, crypto_data_t *);
@@ -132,7 +114,6 @@ static const crypto_ctx_ops_t sha2_ctx_ops = {
 };

 static const crypto_ops_t sha2_crypto_ops = {
-	&sha2_digest_ops,
 	NULL,
 	&sha2_mac_ops,
 	&sha2_ctx_ops,
@@ -184,27 +165,6 @@ sha2_mod_fini(void)
 	return (ret);
 }

-/*
- * KCF software provider digest entry points.
- */
-
-static int
-sha2_digest_init(crypto_ctx_t *ctx, crypto_mechanism_t *mechanism)
-{
-
-	/*
-	 * Allocate and initialize SHA2 context.
-	 */
-	ctx->cc_provider_private = kmem_alloc(sizeof (sha2_ctx_t), KM_SLEEP);
-	if (ctx->cc_provider_private == NULL)
-		return (CRYPTO_HOST_MEMORY);
-
-	PROV_SHA2_CTX(ctx)->sc_mech_type = mechanism->cm_type;
-	SHA2Init(mechanism->cm_type, &PROV_SHA2_CTX(ctx)->sc_sha2_ctx);
-
-	return (CRYPTO_SUCCESS);
-}
-
 /*
 * Helper SHA2 digest update function for uio data.
 */
@@ -360,246 +320,6 @@ sha2_digest_final_uio(SHA2_CTX *sha2_ctx, crypto_data_t *digest,
 	return (CRYPTO_SUCCESS);
 }

-static int
-sha2_digest(crypto_ctx_t *ctx, crypto_data_t *data, crypto_data_t *digest)
-{
-	int ret = CRYPTO_SUCCESS;
-	uint_t sha_digest_len;
-
-	ASSERT(ctx->cc_provider_private != NULL);
-
-	switch (PROV_SHA2_CTX(ctx)->sc_mech_type) {
-	case SHA256_MECH_INFO_TYPE:
-		sha_digest_len = SHA256_DIGEST_LENGTH;
-		break;
-	case SHA384_MECH_INFO_TYPE:
-		sha_digest_len = SHA384_DIGEST_LENGTH;
-		break;
-	case SHA512_MECH_INFO_TYPE:
-		sha_digest_len = SHA512_DIGEST_LENGTH;
-		break;
-	default:
-		return (CRYPTO_MECHANISM_INVALID);
-	}
-
-	/*
-	 * We need to just return the length needed to store the output.
-	 * We should not destroy the context for the following cases.
-	 */
-	if ((digest->cd_length == 0) ||
-	    (digest->cd_length < sha_digest_len)) {
-		digest->cd_length = sha_digest_len;
-		return (CRYPTO_BUFFER_TOO_SMALL);
-	}
-
-	/*
-	 * Do the SHA2 update on the specified input data.
-	 */
-	switch (data->cd_format) {
-	case CRYPTO_DATA_RAW:
-		SHA2Update(&PROV_SHA2_CTX(ctx)->sc_sha2_ctx,
-		    (uint8_t *)data->cd_raw.iov_base + data->cd_offset,
-		    data->cd_length);
-		break;
-	case CRYPTO_DATA_UIO:
-		ret = sha2_digest_update_uio(&PROV_SHA2_CTX(ctx)->sc_sha2_ctx,
-		    data);
-		break;
-	default:
-		ret = CRYPTO_ARGUMENTS_BAD;
-	}
-
-	if (ret != CRYPTO_SUCCESS) {
-		/* the update failed, free context and bail */
-		kmem_free(ctx->cc_provider_private, sizeof (sha2_ctx_t));
-		ctx->cc_provider_private = NULL;
-		digest->cd_length = 0;
-		return (ret);
-	}
-
-	/*
-	 * Do a SHA2 final, must be done separately since the digest
-	 * type can be different than the input data type.
-	 */
-	switch (digest->cd_format) {
-	case CRYPTO_DATA_RAW:
-		SHA2Final((unsigned char *)digest->cd_raw.iov_base +
-		    digest->cd_offset, &PROV_SHA2_CTX(ctx)->sc_sha2_ctx);
-		break;
-	case CRYPTO_DATA_UIO:
-		ret = sha2_digest_final_uio(&PROV_SHA2_CTX(ctx)->sc_sha2_ctx,
-		    digest, sha_digest_len, NULL);
-		break;
-	default:
-		ret = CRYPTO_ARGUMENTS_BAD;
-	}
-
-	/* all done, free context and return */
-
-	if (ret == CRYPTO_SUCCESS)
-		digest->cd_length = sha_digest_len;
-	else
-		digest->cd_length = 0;
-
-	kmem_free(ctx->cc_provider_private, sizeof (sha2_ctx_t));
-	ctx->cc_provider_private = NULL;
-	return (ret);
-}
-
-static int
-sha2_digest_update(crypto_ctx_t *ctx, crypto_data_t *data)
-{
-	int ret = CRYPTO_SUCCESS;
-
-	ASSERT(ctx->cc_provider_private != NULL);
-
-	/*
-	 * Do the SHA2 update on the specified input data.
-	 */
-	switch (data->cd_format) {
-	case CRYPTO_DATA_RAW:
-		SHA2Update(&PROV_SHA2_CTX(ctx)->sc_sha2_ctx,
-		    (uint8_t *)data->cd_raw.iov_base + data->cd_offset,
-		    data->cd_length);
-		break;
-	case CRYPTO_DATA_UIO:
-		ret = sha2_digest_update_uio(&PROV_SHA2_CTX(ctx)->sc_sha2_ctx,
-		    data);
-		break;
-	default:
-		ret = CRYPTO_ARGUMENTS_BAD;
-	}
-
-	return (ret);
-}
-
-static int
-sha2_digest_final(crypto_ctx_t *ctx, crypto_data_t *digest)
-{
-	int ret = CRYPTO_SUCCESS;
-	uint_t sha_digest_len;
-
-	ASSERT(ctx->cc_provider_private != NULL);
-
-	switch (PROV_SHA2_CTX(ctx)->sc_mech_type) {
-	case SHA256_MECH_INFO_TYPE:
-		sha_digest_len = SHA256_DIGEST_LENGTH;
-		break;
-	case SHA384_MECH_INFO_TYPE:
-		sha_digest_len = SHA384_DIGEST_LENGTH;
-		break;
-	case SHA512_MECH_INFO_TYPE:
-		sha_digest_len = SHA512_DIGEST_LENGTH;
-		break;
-	default:
-		return (CRYPTO_MECHANISM_INVALID);
-	}
-
-	/*
-	 * We need to just return the length needed to store the output.
-	 * We should not destroy the context for the following cases.
-	 */
-	if ((digest->cd_length == 0) ||
-	    (digest->cd_length < sha_digest_len)) {
-		digest->cd_length = sha_digest_len;
-		return (CRYPTO_BUFFER_TOO_SMALL);
-	}
-
-	/*
-	 * Do a SHA2 final.
-	 */
-	switch (digest->cd_format) {
-	case CRYPTO_DATA_RAW:
-		SHA2Final((unsigned char *)digest->cd_raw.iov_base +
-		    digest->cd_offset, &PROV_SHA2_CTX(ctx)->sc_sha2_ctx);
-		break;
-	case CRYPTO_DATA_UIO:
-		ret = sha2_digest_final_uio(&PROV_SHA2_CTX(ctx)->sc_sha2_ctx,
-		    digest, sha_digest_len, NULL);
-		break;
-	default:
-		ret = CRYPTO_ARGUMENTS_BAD;
-	}
-
-	/* all done, free context and return */
-
-	if (ret == CRYPTO_SUCCESS)
-		digest->cd_length = sha_digest_len;
-	else
-		digest->cd_length = 0;
-
-	kmem_free(ctx->cc_provider_private, sizeof (sha2_ctx_t));
-	ctx->cc_provider_private = NULL;
-
-	return (ret);
-}
-
-static int
-sha2_digest_atomic(crypto_mechanism_t *mechanism, crypto_data_t *data,
-    crypto_data_t *digest)
-{
-	int ret = CRYPTO_SUCCESS;
-	SHA2_CTX sha2_ctx;
-	uint32_t sha_digest_len;
-
-	/*
-	 * Do the SHA inits.
-	 */
-
-	SHA2Init(mechanism->cm_type, &sha2_ctx);
-
-	switch (data->cd_format) {
-	case CRYPTO_DATA_RAW:
-		SHA2Update(&sha2_ctx, (uint8_t *)data->
-		    cd_raw.iov_base + data->cd_offset, data->cd_length);
-		break;
-	case CRYPTO_DATA_UIO:
-		ret = sha2_digest_update_uio(&sha2_ctx, data);
-		break;
-	default:
-		ret = CRYPTO_ARGUMENTS_BAD;
-	}
-
-	/*
-	 * Do the SHA updates on the specified input data.
-	 */
-
-	if (ret != CRYPTO_SUCCESS) {
-		/* the update failed, bail */
-		digest->cd_length = 0;
-		return (ret);
-	}
-
-	if (mechanism->cm_type <= SHA256_HMAC_GEN_MECH_INFO_TYPE)
-		sha_digest_len = SHA256_DIGEST_LENGTH;
-	else
-		sha_digest_len = SHA512_DIGEST_LENGTH;
-
-	/*
-	 * Do a SHA2 final, must be done separately since the digest
-	 * type can be different than the input data type.
-	 */
-	switch (digest->cd_format) {
-	case CRYPTO_DATA_RAW:
-		SHA2Final((unsigned char *)digest->cd_raw.iov_base +
-		    digest->cd_offset, &sha2_ctx);
-		break;
-	case CRYPTO_DATA_UIO:
-		ret = sha2_digest_final_uio(&sha2_ctx, digest,
-		    sha_digest_len, NULL);
-		break;
-	default:
-		ret = CRYPTO_ARGUMENTS_BAD;
-	}
-
-	if (ret == CRYPTO_SUCCESS)
-		digest->cd_length = sha_digest_len;
-	else
-		digest->cd_length = 0;
-
-	return (ret);
-}
-
 /*
 * KCF software provider mac entry points.
 *