svn commit: r359945 - in head: lib/geom/eli sys/geom/eli

Kyle Evans kevans at freebsd.org
Wed Apr 15 17:55:54 UTC 2020 

On Tue, Apr 14, 2020 at 7:15 PM John Baldwin <jhb at freebsd.org> wrote:
>
> Author: jhb
> Date: Wed Apr 15 00:14:50 2020
> New Revision: 359945
> URL: https://svnweb.freebsd.org/changeset/base/359945
>
> Log:
>   Remove support for geli(4) algorithms deprecated in r348206.
>
>   This removes support for reading and writing volumes using the
>   following algorithms:
>
>   - Triple DES
>   - Blowfish
>   - MD5 HMAC integrity
>
>   In addition, this commit adds an explicit whitelist of supported
>   algorithms to give a better error message when an invalid or
>   unsupported algorithm is used by an existing volume.
>
>   Reviewed by:  cem
>   Sponsored by: Chelsio Communications
>   Differential Revision:        https://reviews.freebsd.org/D24343
>
> Modified:
>   head/lib/geom/eli/geli.8
>   head/lib/geom/eli/geom_eli.c
>   head/sys/geom/eli/g_eli.c
>   head/sys/geom/eli/g_eli.h
>   head/sys/geom/eli/g_eli_crypto.c
>   head/sys/geom/eli/g_eli_ctl.c
>
> [... snip ...]
> @@ -522,6 +506,36 @@ eli_metadata_dump(const struct g_eli_metadata *md)
>         printf("  MD5 hash: %s\n", str);
>  }
>
> +#ifdef _KERNEL
> +static bool
> +eli_metadata_crypto_supported(const struct g_eli_metadata *md)
> +{
> +
> +       switch (md->md_ealgo) {
> +       case CRYPTO_NULL_CBC:
> +       case CRYPTO_AES_CBC:
> +       case CRYPTO_CAMELLIA_CBC:
> +       case CRYPTO_AES_XTS:
> +               break;
> +       default:
> +               return (false);
> +       }
> +       if (md->md_flags & G_ELI_FLAG_AUTH) {
> +               switch (md->md_aalgo) {
> +               case CRYPTO_SHA1_HMAC:
> +               case CRYPTO_RIPEMD160_HMAC:
> +               case CRYPTO_SHA2_256_HMAC:
> +               case CRYPTO_SHA2_384_HMAC:
> +               case CRYPTO_SHA2_512_HMAC:
> +                       break;
> +               default:
> +                       return (false);
> +               }
> +       }
> +       return (true);
> +}
> +#endif
> +
>  static __inline u_int
>  g_eli_keylen(u_int algo, u_int keylen)
>  {
> [... snip ...]

eli_metadata_crypto_supported is defined here, but unused in most
compilation units that include g_eli.h, resulting in some amount of
noise:

In file included from /usr/src/sys/geom/eli/g_eli_crypto.c:46:
/usr/src/sys/geom/eli/g_eli.h:511:1: warning: unused function
'eli_metadata_crypto_supported' [-Wunused-function]
eli_metadata_crypto_supported(const struct g_eli_metadata *md)

(repeat for g_eli_hmac.c, g_eli_integrity.c, g_eli_key.c,
g_eli_key_cache.c, g_eli_privacy.c, pkcs5v2.c)

Given that it's probably not in danger of silently going away and not
getting removed, any objection to marking it __unused to squelch the warnings?

Thanks,

Kyle Evans

More information about the svn-src-all mailing list