Author: jhb Date: Mon Oct 19 18:21:41 2020 New Revision: 366844 URL: https://svnweb.freebsd.org/changeset/base/366844
Log: Mark asymmetric cryptography via OCF deprecated for 14.0. Only one MIPS-specific driver implements support for one of the asymmetric operations. There are no in-kernel users besides /dev/crypto. The only known user of the /dev/crypto interface was the engine in OpenSSL releases before 1.1.0. 1.1.0 includes a rewritten engine that does not use the asymmetric operations due to lack of documentation. Reviewed by: cem, markj MFC after: 1 week Sponsored by: Chelsio Communications Differential Revision: https://reviews.freebsd.org/D26810 Modified: head/share/man/man4/crypto.4 head/sys/opencrypto/crypto.c head/sys/opencrypto/cryptodev.c Modified: head/share/man/man4/crypto.4 ============================================================================== --- head/share/man/man4/crypto.4 Mon Oct 19 17:35:45 2020 (r366843) +++ head/share/man/man4/crypto.4 Mon Oct 19 18:21:41 2020 (r366844) @@ -60,7 +60,7 @@ .\" .\" $FreeBSD$ .\" -.Dd May 11, 2020 +.Dd October 19, 2020 .Dt CRYPTO 4 .Os .Sh NAME @@ -108,6 +108,11 @@ both asymmetric-key (public-key/private-key) requests modular arithmetic (for Diffie-Hellman key exchange and other cryptographic protocols). The two modes are described separately below. +.Sh DEPRECATION NOTICE +The asymmetric-key operations supported by this interface will not be +present in +.Fx 14.0 +and later. .Sh THEORY OF OPERATION Regardless of whether symmetric-key or asymmetric-key operations are to be performed, use of the device requires a basic series of steps: Modified: head/sys/opencrypto/crypto.c ============================================================================== --- head/sys/opencrypto/crypto.c Mon Oct 19 17:35:45 2020 (r366843) +++ head/sys/opencrypto/crypto.c Mon Oct 19 18:21:41 2020 (r366844) @@ -1142,6 +1142,7 @@ crypto_kregister(u_int32_t driverid, int kalg, u_int32 , kalg , flags ); + gone_in_dev(cap->cc_dev, 14, "asymmetric crypto"); err = 0; } else err = EINVAL; Modified: head/sys/opencrypto/cryptodev.c ============================================================================== --- head/sys/opencrypto/cryptodev.c Mon Oct 19 17:35:45 2020 (r366843) +++ head/sys/opencrypto/cryptodev.c Mon Oct 19 18:21:41 2020 (r366844) @@ -346,6 +346,11 @@ SYSCTL_BOOL(_kern_crypto, OID_AUTO, cryptodev_separate &use_separate_aad, 0, "Use separate AAD buffer for /dev/crypto requests."); +static struct timeval warninterval = { .tv_sec = 60, .tv_usec = 0 }; +SYSCTL_TIMEVAL_SEC(_kern, OID_AUTO, cryptodev_warn_interval, CTLFLAG_RW, + &warninterval, + "Delay in seconds between warnings of deprecated /dev/crypto algorithms"); + static int cryptof_ioctl(struct file *, u_long, void *, struct ucred *, struct thread *); static int cryptof_stat(struct file *, struct stat *, @@ -419,6 +424,7 @@ cryptof_ioctl( struct ucred *active_cred, struct thread *td) { + static struct timeval keywarn, featwarn; struct crypto_session_params csp; struct fcrypt *fcr = fp->f_data; struct csession *cse; @@ -818,6 +824,10 @@ bail: break; case CIOCKEY: case CIOCKEY2: + if (ratecheck(&keywarn, &warninterval)) + gone_in(14, + "Asymmetric crypto operations via /dev/crypto"); + if (!crypto_userasymcrypto) { SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); return (EPERM); /* XXX compat? */ @@ -833,6 +843,10 @@ bail: mtx_unlock(&Giant); break; case CIOCASYMFEAT: + if (ratecheck(&featwarn, &warninterval)) + gone_in(14, + "Asymmetric crypto features via /dev/crypto"); + if (!crypto_userasymcrypto) { /* * NB: if user asym crypto operations are _______________________________________________ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
