svn commit: r368319 - in stable/12: share/man/man4 sys/opencrypto

Thu, 03 Dec 2020 17:10:00 -0800 

Author: jhb
Date: Fri Dec  4 01:09:51 2020
New Revision: 368319
URL: https://svnweb.freebsd.org/changeset/base/368319

Log:
  MFC 366844: Mark asymmetric cryptography via OCF deprecated for 14.0.
  
  Only one MIPS-specific driver implements support for one of the
  asymmetric operations.  There are no in-kernel users besides
  /dev/crypto.  The only known user of the /dev/crypto interface was the
  engine in OpenSSL releases before 1.1.0.  1.1.0 includes a rewritten
  engine that does not use the asymmetric operations due to lack of
  documentation.

Modified:
  stable/12/share/man/man4/crypto.4
  stable/12/sys/opencrypto/crypto.c
  stable/12/sys/opencrypto/cryptodev.c
Directory Properties:
  stable/12/   (props changed)

Modified: stable/12/share/man/man4/crypto.4
==============================================================================
--- stable/12/share/man/man4/crypto.4   Fri Dec  4 00:48:11 2020        
(r368318)
+++ stable/12/share/man/man4/crypto.4   Fri Dec  4 01:09:51 2020        
(r368319)
@@ -60,7 +60,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd December 17, 2019
+.Dd October 19, 2020
 .Dt CRYPTO 4
 .Os
 .Sh NAME
@@ -108,6 +108,11 @@ both asymmetric-key (public-key/private-key) requests 
 modular arithmetic (for Diffie-Hellman key exchange and other
 cryptographic protocols).
 The two modes are described separately below.
+.Sh DEPRECATION NOTICE
+The asymmetric-key operations supported by this interface will not be
+present in
+.Fx 14.0
+and later.
 .Sh THEORY OF OPERATION
 Regardless of whether symmetric-key or asymmetric-key operations are
 to be performed, use of the device requires a basic series of steps:

Modified: stable/12/sys/opencrypto/crypto.c
==============================================================================
--- stable/12/sys/opencrypto/crypto.c   Fri Dec  4 00:48:11 2020        
(r368318)
+++ stable/12/sys/opencrypto/crypto.c   Fri Dec  4 01:09:51 2020        
(r368319)
@@ -841,6 +841,7 @@ crypto_kregister(u_int32_t driverid, int kalg, u_int32
                                , kalg
                                , flags
                        );
+               gone_in_dev(cap->cc_dev, 14, "asymmetric crypto");
                err = 0;
        } else
                err = EINVAL;

Modified: stable/12/sys/opencrypto/cryptodev.c
==============================================================================
--- stable/12/sys/opencrypto/cryptodev.c        Fri Dec  4 00:48:11 2020        
(r368318)
+++ stable/12/sys/opencrypto/cryptodev.c        Fri Dec  4 01:09:51 2020        
(r368319)
@@ -374,6 +374,7 @@ cryptof_ioctl(
        struct ucred *active_cred,
        struct thread *td)
 {
+       static struct timeval keywarn, featwarn;
 #define        SES2(p) ((struct session2_op *)p)
        struct cryptoini cria, crie;
        struct fcrypt *fcr = fp->f_data;
@@ -701,6 +702,10 @@ bail:
        case CIOCKEY32:
        case CIOCKEY232:
 #endif
+               if (ratecheck(&keywarn, &warninterval))
+                       gone_in(14,
+                           "Asymmetric crypto operations via /dev/crypto");
+
                if (!crypto_userasymcrypto) {
                        SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
                        return (EPERM);         /* XXX compat? */
@@ -730,6 +735,10 @@ bail:
 #endif
                break;
        case CIOCASYMFEAT:
+               if (ratecheck(&featwarn, &warninterval))
+                       gone_in(14,
+                           "Asymmetric crypto features via /dev/crypto");
+
                if (!crypto_userasymcrypto) {
                        /*
                         * NB: if user asym crypto operations are
_______________________________________________
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Reply via email to