diff --git a/include/sys/crypto/common.h b/include/sys/crypto/common.h index 76be22952..7db5d87cb 100644 --- a/include/sys/crypto/common.h +++ b/include/sys/crypto/common.h @@ -214,19 +214,6 @@ typedef uint32_t crypto_keysize_unit_t; #define SUN_CKM_ECDSA_SHA1 "CKM_ECDSA_SHA1" #define SUN_CKM_ECDSA "CKM_ECDSA" -/* Shared operation context format for CKM_RC4 */ -typedef struct { -#if defined(__amd64) - uint32_t i, j; - uint32_t arr[256]; - uint32_t flag; -#else - uchar_t arr[256]; - uchar_t i, j; -#endif /* __amd64 */ - uint64_t pad; /* For 64-bit alignment */ -} arcfour_state_t; - /* Data arguments of cryptographic operations */ typedef enum crypto_data_format { @@ -238,21 +225,15 @@ typedef struct crypto_data { crypto_data_format_t cd_format; /* Format identifier */ off_t cd_offset; /* Offset from the beginning */ size_t cd_length; /* # of bytes in use */ - caddr_t cd_miscdata; /* ancillary data */ union { /* Raw format */ - iovec_t cdu_raw; /* Pointer and length */ + iovec_t cd_raw; /* Pointer and length */ /* uio scatter-gather format */ - zfs_uio_t *cdu_uio; - - } cdu; /* Crypto Data Union */ + zfs_uio_t *cd_uio; + }; /* Crypto Data Union */ } crypto_data_t; -#define cd_raw cdu.cdu_raw -#define cd_uio cdu.cdu_uio -#define cd_mp cdu.cdu_mp - /* The keys, and their contents */ typedef struct { diff --git a/module/icp/algs/modes/cbc.c b/module/icp/algs/modes/cbc.c index bddb5b64d..73605f04d 100644 --- a/module/icp/algs/modes/cbc.c +++ b/module/icp/algs/modes/cbc.c @@ -242,19 +242,12 @@ int cbc_init_ctx(cbc_ctx_t *cbc_ctx, char *param, size_t param_len, size_t block_size, void (*copy_block)(uint8_t *, uint64_t *)) { - /* - * Copy IV into context. - * - * If cm_param == NULL then the IV comes from the - * cd_miscdata field in the crypto_data structure. - */ - if (param != NULL) { - ASSERT(param_len == block_size); - copy_block((uchar_t *)param, cbc_ctx->cbc_iv); - } + /* Copy IV into context. */ + ASSERT3P(param, !=, NULL); + ASSERT3U(param_len, ==, block_size); + + copy_block((uchar_t *)param, cbc_ctx->cbc_iv); - cbc_ctx->cbc_lastp = (uint8_t *)&cbc_ctx->cbc_iv[0]; - cbc_ctx->cbc_flags |= CBC_MODE; return (CRYPTO_SUCCESS); } diff --git a/module/icp/core/kcf_prov_lib.c b/module/icp/core/kcf_prov_lib.c index c65a9111a..505dbec31 100644 --- a/module/icp/core/kcf_prov_lib.c +++ b/module/icp/core/kcf_prov_lib.c @@ -114,33 +114,21 @@ crypto_put_output_data(uchar_t *buf, crypto_data_t *output, int len) int crypto_update_iov(void *ctx, crypto_data_t *input, crypto_data_t *output, - int (*cipher)(void *, caddr_t, size_t, crypto_data_t *), - void (*copy_block)(uint8_t *, uint64_t *)) + int (*cipher)(void *, caddr_t, size_t, crypto_data_t *)) { - common_ctx_t *common_ctx = ctx; - int rv; - ASSERT(input != output); - if (input->cd_miscdata != NULL) { - copy_block((uint8_t *)input->cd_miscdata, - &common_ctx->cc_iv[0]); - } if (input->cd_raw.iov_len < input->cd_length) return (CRYPTO_ARGUMENTS_BAD); - rv = (cipher)(ctx, input->cd_raw.iov_base + input->cd_offset, - input->cd_length, output); - - return (rv); + return ((cipher)(ctx, input->cd_raw.iov_base + input->cd_offset, + input->cd_length, output)); } int crypto_update_uio(void *ctx, crypto_data_t *input, crypto_data_t *output, - int (*cipher)(void *, caddr_t, size_t, crypto_data_t *), - void (*copy_block)(uint8_t *, uint64_t *)) + int (*cipher)(void *, caddr_t, size_t, crypto_data_t *)) { - common_ctx_t *common_ctx = ctx; zfs_uio_t *uiop = input->cd_uio; off_t offset = input->cd_offset; size_t length = input->cd_length; @@ -148,10 +136,6 @@ crypto_update_uio(void *ctx, crypto_data_t *input, crypto_data_t *output, size_t cur_len; ASSERT(input != output); - if (input->cd_miscdata != NULL) { - copy_block((uint8_t *)input->cd_miscdata, - &common_ctx->cc_iv[0]); - } if (zfs_uio_segflg(input->cd_uio) != UIO_SYSSPACE) { return (CRYPTO_ARGUMENTS_BAD); diff --git a/module/icp/include/sys/crypto/impl.h b/module/icp/include/sys/crypto/impl.h index da00c4001..03e7a6771 100644 --- a/module/icp/include/sys/crypto/impl.h +++ b/module/icp/include/sys/crypto/impl.h @@ -481,11 +481,9 @@ extern void kcf_free_provider_desc(kcf_provider_desc_t *); extern void undo_register_provider(kcf_provider_desc_t *, boolean_t); extern int crypto_put_output_data(uchar_t *, crypto_data_t *, int); extern int crypto_update_iov(void *, crypto_data_t *, crypto_data_t *, - int (*cipher)(void *, caddr_t, size_t, crypto_data_t *), - void (*copy_block)(uint8_t *, uint64_t *)); + int (*cipher)(void *, caddr_t, size_t, crypto_data_t *)); extern int crypto_update_uio(void *, crypto_data_t *, crypto_data_t *, - int (*cipher)(void *, caddr_t, size_t, crypto_data_t *), - void (*copy_block)(uint8_t *, uint64_t *)); + int (*cipher)(void *, caddr_t, size_t, crypto_data_t *)); /* Access to the provider's table */ extern void kcf_prov_tab_destroy(void); diff --git a/module/icp/io/aes.c b/module/icp/io/aes.c index be3ced6d9..ad8a15a72 100644 --- a/module/icp/io/aes.c +++ b/module/icp/io/aes.c @@ -582,13 +582,11 @@ aes_encrypt_update(crypto_ctx_t *ctx, crypto_data_t *plaintext, switch (plaintext->cd_format) { case CRYPTO_DATA_RAW: ret = crypto_update_iov(ctx->cc_provider_private, - plaintext, ciphertext, aes_encrypt_contiguous_blocks, - aes_copy_block64); + plaintext, ciphertext, aes_encrypt_contiguous_blocks); break; case CRYPTO_DATA_UIO: ret = crypto_update_uio(ctx->cc_provider_private, - plaintext, ciphertext, aes_encrypt_contiguous_blocks, - aes_copy_block64); + plaintext, ciphertext, aes_encrypt_contiguous_blocks); break; default: ret = CRYPTO_ARGUMENTS_BAD; @@ -661,13 +659,11 @@ aes_decrypt_update(crypto_ctx_t *ctx, crypto_data_t *ciphertext, switch (ciphertext->cd_format) { case CRYPTO_DATA_RAW: ret = crypto_update_iov(ctx->cc_provider_private, - ciphertext, plaintext, aes_decrypt_contiguous_blocks, - aes_copy_block64); + ciphertext, plaintext, aes_decrypt_contiguous_blocks); break; case CRYPTO_DATA_UIO: ret = crypto_update_uio(ctx->cc_provider_private, - ciphertext, plaintext, aes_decrypt_contiguous_blocks, - aes_copy_block64); + ciphertext, plaintext, aes_decrypt_contiguous_blocks); break; default: ret = CRYPTO_ARGUMENTS_BAD; @@ -930,11 +926,11 @@ aes_encrypt_atomic(crypto_provider_handle_t provider, switch (plaintext->cd_format) { case CRYPTO_DATA_RAW: ret = crypto_update_iov(&aes_ctx, plaintext, ciphertext, - aes_encrypt_contiguous_blocks, aes_copy_block64); + aes_encrypt_contiguous_blocks); break; case CRYPTO_DATA_UIO: ret = crypto_update_uio(&aes_ctx, plaintext, ciphertext, - aes_encrypt_contiguous_blocks, aes_copy_block64); + aes_encrypt_contiguous_blocks); break; default: ret = CRYPTO_ARGUMENTS_BAD; @@ -1071,11 +1067,11 @@ aes_decrypt_atomic(crypto_provider_handle_t provider, switch (ciphertext->cd_format) { case CRYPTO_DATA_RAW: ret = crypto_update_iov(&aes_ctx, ciphertext, plaintext, - aes_decrypt_contiguous_blocks, aes_copy_block64); + aes_decrypt_contiguous_blocks); break; case CRYPTO_DATA_UIO: ret = crypto_update_uio(&aes_ctx, ciphertext, plaintext, - aes_decrypt_contiguous_blocks, aes_copy_block64); + aes_decrypt_contiguous_blocks); break; default: ret = CRYPTO_ARGUMENTS_BAD; diff --git a/module/os/linux/zfs/zio_crypt.c b/module/os/linux/zfs/zio_crypt.c index 909246f20..31126a78b 100644 --- a/module/os/linux/zfs/zio_crypt.c +++ b/module/os/linux/zfs/zio_crypt.c @@ -438,13 +438,11 @@ zio_do_crypt_uio(boolean_t encrypt, uint64_t crypt, crypto_key_t *key, plaindata.cd_format = CRYPTO_DATA_UIO; plaindata.cd_offset = 0; plaindata.cd_uio = puio; - plaindata.cd_miscdata = NULL; plaindata.cd_length = plain_full_len; cipherdata.cd_format = CRYPTO_DATA_UIO; cipherdata.cd_offset = 0; cipherdata.cd_uio = cuio; - cipherdata.cd_miscdata = NULL; cipherdata.cd_length = datalen + maclen; /* perform the actual encryption */