svn commit: r353291 - in stable: 11/sys/opencrypto 12/sys/opencrypto
John Baldwin
jhb at FreeBSD.org
Mon Oct 7 20:41:55 UTC 2019
Author: jhb
Date: Mon Oct 7 20:41:55 2019
New Revision: 353291
URL: https://svnweb.freebsd.org/changeset/base/353291
Log:
MFC 351557: Adjust the deprecated warnings for /dev/crypto to be less noisy.
Warn when actual operations are performed instead of when sessions are
created. The /dev/crypto engine in OpenSSL 1.0.x tries to create
sessions for all possible algorithms each time it is initialized
resulting in spurious warnings.
Modified:
stable/12/sys/opencrypto/cryptodev.c
Directory Properties:
stable/12/ (props changed)
Changes in other areas also in this revision:
Modified:
stable/11/sys/opencrypto/cryptodev.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/12/sys/opencrypto/cryptodev.c
==============================================================================
--- stable/12/sys/opencrypto/cryptodev.c Mon Oct 7 20:35:04 2019 (r353290)
+++ stable/12/sys/opencrypto/cryptodev.c Mon Oct 7 20:41:55 2019 (r353291)
@@ -391,8 +391,6 @@ cryptof_ioctl(
struct crypt_op copc;
struct crypt_kop kopc;
#endif
- static struct timeval arc4warn, blfwarn, castwarn, deswarn, md5warn;
- static struct timeval skipwarn, tdeswarn;
switch (cmd) {
case CIOCGSESSION:
@@ -413,28 +411,18 @@ cryptof_ioctl(
case 0:
break;
case CRYPTO_DES_CBC:
- if (ratecheck(&deswarn, &warninterval))
- gone_in(13, "DES cipher via /dev/crypto");
txform = &enc_xform_des;
break;
case CRYPTO_3DES_CBC:
- if (ratecheck(&tdeswarn, &warninterval))
- gone_in(13, "3DES cipher via /dev/crypto");
txform = &enc_xform_3des;
break;
case CRYPTO_BLF_CBC:
- if (ratecheck(&blfwarn, &warninterval))
- gone_in(13, "Blowfish cipher via /dev/crypto");
txform = &enc_xform_blf;
break;
case CRYPTO_CAST_CBC:
- if (ratecheck(&castwarn, &warninterval))
- gone_in(13, "CAST128 cipher via /dev/crypto");
txform = &enc_xform_cast5;
break;
case CRYPTO_SKIPJACK_CBC:
- if (ratecheck(&skipwarn, &warninterval))
- gone_in(13, "Skipjack cipher via /dev/crypto");
txform = &enc_xform_skipjack;
break;
case CRYPTO_AES_CBC:
@@ -447,8 +435,6 @@ cryptof_ioctl(
txform = &enc_xform_null;
break;
case CRYPTO_ARC4:
- if (ratecheck(&arc4warn, &warninterval))
- gone_in(13, "ARC4 cipher via /dev/crypto");
txform = &enc_xform_arc4;
break;
case CRYPTO_CAMELLIA_CBC:
@@ -477,9 +463,6 @@ cryptof_ioctl(
case 0:
break;
case CRYPTO_MD5_HMAC:
- if (ratecheck(&md5warn, &warninterval))
- gone_in(13,
- "MD5-HMAC authenticator via /dev/crypto");
thash = &auth_hash_hmac_md5;
break;
case CRYPTO_POLY1305:
@@ -815,6 +798,47 @@ cod_free(struct cryptop_data *cod)
free(cod, M_XDATA);
}
+static void
+cryptodev_warn(struct csession *cse)
+{
+ static struct timeval arc4warn, blfwarn, castwarn, deswarn, md5warn;
+ static struct timeval skipwarn, tdeswarn;
+
+ switch (cse->cipher) {
+ case CRYPTO_DES_CBC:
+ if (ratecheck(&deswarn, &warninterval))
+ gone_in(13, "DES cipher via /dev/crypto");
+ break;
+ case CRYPTO_3DES_CBC:
+ if (ratecheck(&tdeswarn, &warninterval))
+ gone_in(13, "3DES cipher via /dev/crypto");
+ break;
+ case CRYPTO_BLF_CBC:
+ if (ratecheck(&blfwarn, &warninterval))
+ gone_in(13, "Blowfish cipher via /dev/crypto");
+ break;
+ case CRYPTO_CAST_CBC:
+ if (ratecheck(&castwarn, &warninterval))
+ gone_in(13, "CAST128 cipher via /dev/crypto");
+ break;
+ case CRYPTO_SKIPJACK_CBC:
+ if (ratecheck(&skipwarn, &warninterval))
+ gone_in(13, "Skipjack cipher via /dev/crypto");
+ break;
+ case CRYPTO_ARC4:
+ if (ratecheck(&arc4warn, &warninterval))
+ gone_in(13, "ARC4 cipher via /dev/crypto");
+ break;
+ }
+
+ switch (cse->mac) {
+ case CRYPTO_MD5_HMAC:
+ if (ratecheck(&md5warn, &warninterval))
+ gone_in(13, "MD5-HMAC authenticator via /dev/crypto");
+ break;
+ }
+}
+
static int
cryptodev_op(
struct csession *cse,
@@ -937,6 +961,7 @@ cryptodev_op(
error = EINVAL;
goto bail;
}
+ cryptodev_warn(cse);
again:
/*
@@ -1106,6 +1131,7 @@ cryptodev_aead(
SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
goto bail;
}
+ cryptodev_warn(cse);
again:
/*
* Let the dispatch run unlocked, then, interlock against the
More information about the svn-src-all
mailing list