diff options
author | John Baldwin <jhb@FreeBSD.org> | 2020-10-20 17:50:18 +0000 |
---|---|---|
committer | John Baldwin <jhb@FreeBSD.org> | 2020-10-20 17:50:18 +0000 |
commit | ba610be90a7cb6d851e0e0e6d7612769352a3c0c (patch) | |
tree | 85995acc49eba2878d5c92913c0e66655cc7857f /share | |
parent | 91bc73618deae3a0d4efc467d94883c7e9fdd088 (diff) | |
download | src-test-ba610be90a7cb6d851e0e0e6d7612769352a3c0c.tar.gz src-test-ba610be90a7cb6d851e0e0e6d7612769352a3c0c.zip |
Add a kernel crypto driver using assembly routines from OpenSSL.
Currently, this supports SHA1 and SHA2-{224,256,384,512} both as plain
hashes and in HMAC mode on both amd64 and i386. It uses the SHA
intrinsics when present similar to aesni(4), but uses SSE/AVX
instructions when they are not.
Note that some files from OpenSSL that normally wrap the assembly
routines have been adapted to export methods usable by 'struct
auth_xform' as is used by existing software crypto routines.
Reviewed by: gallatin, jkim, delphij, gnn
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D26821
Notes
Notes:
svn path=/head/; revision=366901
Diffstat (limited to 'share')
-rw-r--r-- | share/man/man4/Makefile | 2 | ||||
-rw-r--r-- | share/man/man4/ossl.4 | 105 |
2 files changed, 107 insertions, 0 deletions
diff --git a/share/man/man4/Makefile b/share/man/man4/Makefile index 47ba4b7a62ba3..efc4d64c62cab 100644 --- a/share/man/man4/Makefile +++ b/share/man/man4/Makefile @@ -398,6 +398,7 @@ MAN= aac.4 \ ocs_fc.4\ ohci.4 \ orm.4 \ + ${_ossl.4} \ ow.4 \ ow_temp.4 \ owc.4 \ @@ -819,6 +820,7 @@ _ntb_transport.4=ntb_transport.4 _nvd.4= nvd.4 _nvme.4= nvme.4 _nvram.4= nvram.4 +_ossl.4= ossl.4 _padlock.4= padlock.4 _pchtherm.4= pchtherm.4 _rr232x.4= rr232x.4 diff --git a/share/man/man4/ossl.4 b/share/man/man4/ossl.4 new file mode 100644 index 0000000000000..44da8e09831b2 --- /dev/null +++ b/share/man/man4/ossl.4 @@ -0,0 +1,105 @@ +.\" Copyright (c) 2020 Netflix, Inc +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer, +.\" without modification. +.\" 2. Redistributions in binary form must reproduce at minimum a disclaimer +.\" similar to the "NO WARRANTY" disclaimer below ("Disclaimer") and any +.\" redistribution must be conditioned upon including a substantially +.\" similar Disclaimer requirement for further binary redistribution. +.\" +.\" NO WARRANTY +.\" THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +.\" LIMITED TO, THE IMPLIED WARRANTIES OF NONINFRINGEMENT, MERCHANTIBILITY +.\" AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL +.\" THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR SPECIAL, EXEMPLARY, +.\" OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER +.\" IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF +.\" THE POSSIBILITY OF SUCH DAMAGES. +.\" +.\" $FreeBSD$ +.\" +.Dd October 19, 2020 +.Dt OSSL 4 +.Os +.Sh NAME +.Nm ossl +.Nd "driver using OpenSSL assembly routines on x86 CPUs" +.Sh SYNOPSIS +To compile this driver into the kernel, +place the following lines in your +kernel configuration file: +.Bd -ragged -offset indent +.Cd "device crypto" +.Cd "device cryptodev" +.Cd "device ossl" +.Ed +.Pp +Alternatively, to load the driver as a +module at boot time, place the following line in +.Xr loader.conf 5 : +.Bd -literal -offset indent +ossl_load="YES" +.Ed +.Sh DESCRIPTION +The OpenSSL distribution includes architecture-specific +implementations for some commonly used cryptographic algorithms. +This driver adds a wrapper around these routines permitting them to be +used by in-kernel cryptography consumers such as kernel TLS and IPsec. +.Pp +The +.Nm +driver includes architecture-specific implementations for the following +architectures: +.Pp +.Bl -bullet -compact +.It +amd64 +.It +i386 +.El +.Pp +The +.Nm +driver includes support for the following algorithms: +.Pp +.Bl -bullet -compact +.It +SHA1 +.It +SHA1-HMAC +.It +SHA2-224 +.It +SHA2-224-HMAC +.It +SHA2-256 +.It +SHA2-256-HMAC +.It +SHA2-384 +.It +SHA2-384-HMAC +.It +SHA2-512 +.It +SHA2-512-HMAC +.El +.Sh SEE ALSO +.Xr crypto 4 , +.Xr intro 4 , +.Xr ipsec 4 , +.Xr crypto 7 , +.Xr crypto 9 +.Sh HISTORY +The +.Nm +driver first appeared in +.Fx 13.0 . |