svn commit: r366844 - in head: share/man/man4 sys/opencrypto
John Baldwin
jhb at FreeBSD.org
Mon Oct 19 18:21:42 UTC 2020
Author: jhb
Date: Mon Oct 19 18:21:41 2020
New Revision: 366844
URL: https://svnweb.freebsd.org/changeset/base/366844
Log:
Mark asymmetric cryptography via OCF deprecated for 14.0.
Only one MIPS-specific driver implements support for one of the
asymmetric operations. There are no in-kernel users besides
/dev/crypto. The only known user of the /dev/crypto interface was the
engine in OpenSSL releases before 1.1.0. 1.1.0 includes a rewritten
engine that does not use the asymmetric operations due to lack of
documentation.
Reviewed by: cem, markj
MFC after: 1 week
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D26810
Modified:
head/share/man/man4/crypto.4
head/sys/opencrypto/crypto.c
head/sys/opencrypto/cryptodev.c
Modified: head/share/man/man4/crypto.4
==============================================================================
--- head/share/man/man4/crypto.4 Mon Oct 19 17:35:45 2020 (r366843)
+++ head/share/man/man4/crypto.4 Mon Oct 19 18:21:41 2020 (r366844)
@@ -60,7 +60,7 @@
.\"
.\" $FreeBSD$
.\"
-.Dd May 11, 2020
+.Dd October 19, 2020
.Dt CRYPTO 4
.Os
.Sh NAME
@@ -108,6 +108,11 @@ both asymmetric-key (public-key/private-key) requests
modular arithmetic (for Diffie-Hellman key exchange and other
cryptographic protocols).
The two modes are described separately below.
+.Sh DEPRECATION NOTICE
+The asymmetric-key operations supported by this interface will not be
+present in
+.Fx 14.0
+and later.
.Sh THEORY OF OPERATION
Regardless of whether symmetric-key or asymmetric-key operations are
to be performed, use of the device requires a basic series of steps:
Modified: head/sys/opencrypto/crypto.c
==============================================================================
--- head/sys/opencrypto/crypto.c Mon Oct 19 17:35:45 2020 (r366843)
+++ head/sys/opencrypto/crypto.c Mon Oct 19 18:21:41 2020 (r366844)
@@ -1142,6 +1142,7 @@ crypto_kregister(u_int32_t driverid, int kalg, u_int32
, kalg
, flags
);
+ gone_in_dev(cap->cc_dev, 14, "asymmetric crypto");
err = 0;
} else
err = EINVAL;
Modified: head/sys/opencrypto/cryptodev.c
==============================================================================
--- head/sys/opencrypto/cryptodev.c Mon Oct 19 17:35:45 2020 (r366843)
+++ head/sys/opencrypto/cryptodev.c Mon Oct 19 18:21:41 2020 (r366844)
@@ -346,6 +346,11 @@ SYSCTL_BOOL(_kern_crypto, OID_AUTO, cryptodev_separate
&use_separate_aad, 0,
"Use separate AAD buffer for /dev/crypto requests.");
+static struct timeval warninterval = { .tv_sec = 60, .tv_usec = 0 };
+SYSCTL_TIMEVAL_SEC(_kern, OID_AUTO, cryptodev_warn_interval, CTLFLAG_RW,
+ &warninterval,
+ "Delay in seconds between warnings of deprecated /dev/crypto algorithms");
+
static int cryptof_ioctl(struct file *, u_long, void *,
struct ucred *, struct thread *);
static int cryptof_stat(struct file *, struct stat *,
@@ -419,6 +424,7 @@ cryptof_ioctl(
struct ucred *active_cred,
struct thread *td)
{
+ static struct timeval keywarn, featwarn;
struct crypto_session_params csp;
struct fcrypt *fcr = fp->f_data;
struct csession *cse;
@@ -818,6 +824,10 @@ bail:
break;
case CIOCKEY:
case CIOCKEY2:
+ if (ratecheck(&keywarn, &warninterval))
+ gone_in(14,
+ "Asymmetric crypto operations via /dev/crypto");
+
if (!crypto_userasymcrypto) {
SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
return (EPERM); /* XXX compat? */
@@ -833,6 +843,10 @@ bail:
mtx_unlock(&Giant);
break;
case CIOCASYMFEAT:
+ if (ratecheck(&featwarn, &warninterval))
+ gone_in(14,
+ "Asymmetric crypto features via /dev/crypto");
+
if (!crypto_userasymcrypto) {
/*
* NB: if user asym crypto operations are
More information about the svn-src-all
mailing list