From owner-freebsd-arch@freebsd.org Tue May 7 15:55:27 2019 Return-Path: Delivered-To: freebsd-arch@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3051D158BF85 for ; Tue, 7 May 2019 15:55:27 +0000 (UTC) (envelope-from cse.cem@gmail.com) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 586058F202 for ; Tue, 7 May 2019 15:55:26 +0000 (UTC) (envelope-from cse.cem@gmail.com) Received: by mailman.ysv.freebsd.org (Postfix) id 18F4D158BF81; Tue, 7 May 2019 15:55:26 +0000 (UTC) Delivered-To: arch@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E91D1158BF80 for ; Tue, 7 May 2019 15:55:25 +0000 (UTC) (envelope-from cse.cem@gmail.com) Received: from mail-io1-f42.google.com (mail-io1-f42.google.com [209.85.166.42]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 7D5CD8F200; Tue, 7 May 2019 15:55:25 +0000 (UTC) (envelope-from cse.cem@gmail.com) Received: by mail-io1-f42.google.com with SMTP id b3so8930607iob.12; Tue, 07 May 2019 08:55:25 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:reply-to :from:date:message-id:subject:to:cc:content-transfer-encoding; bh=0xC38Au6w48vbbAEBZ4gnLOTwfquHpqhAhwgUhYCm5k=; b=Hd6GC2V81iDYQmHufyH584PAQ3kMrjjLC7PGbp0eUW6vFAxq3FiW+rTnORBCZivjAG DvFYJJI/LtsP7TsDcRvcKrzkPNG3iYG7LNksOuaihqSoURAoI8aNtIr+m1+GbWvwp5fB xpe2TZdiUtCm2F/8TGSAVipIwxU6/UT7YOn+DwbiXz8Hqihmru/jw2ddqd7SUA74UraO C9nvPVNo2qHxuJYPANB1iXCUgRwujzEl1DJNGKL7yCAx17xZDdCJruHB55k2LXLJufok TRKqwe04O9SoJUBQk2pzKdf5ln7fsxw1rFHSH54cfLHWO2j9ZUBNhsaHjMu3jbGxMJBn cMUA== X-Gm-Message-State: APjAAAW0LS5qK32F7Dp/rmtAi6ilVhKZDNGj33zRmGNV0DgpyjOpr+9S /nYmVmsHVi1k4CS/6SfXFcHdO03r X-Google-Smtp-Source: APXvYqzoG1euVlVvg/UJu0+3Uj8ia3pguPU9FIIVyHud+vilUBj6h06K1WVDwv7lMRHFy7atefaBtw== X-Received: by 2002:a6b:8f51:: with SMTP id r78mr11434823iod.110.1557244524168; Tue, 07 May 2019 08:55:24 -0700 (PDT) Received: from mail-it1-f180.google.com (mail-it1-f180.google.com. [209.85.166.180]) by smtp.gmail.com with ESMTPSA id s4sm3850960ioc.76.2019.05.07.08.55.23 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 07 May 2019 08:55:23 -0700 (PDT) Received: by mail-it1-f180.google.com with SMTP id q65so25815864itg.2; Tue, 07 May 2019 08:55:23 -0700 (PDT) X-Received: by 2002:a02:1a89:: with SMTP id 131mr22038276jai.78.1557244523726; Tue, 07 May 2019 08:55:23 -0700 (PDT) MIME-Version: 1.0 References: <41ed59c2-f06c-710b-0e77-3b78add85ca3@FreeBSD.org> In-Reply-To: <41ed59c2-f06c-710b-0e77-3b78add85ca3@FreeBSD.org> Reply-To: cem@freebsd.org From: Conrad Meyer Date: Tue, 7 May 2019 08:55:12 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: Deprecating crypto algorithms in the kernel To: John Baldwin Cc: "freebsd-arch@freebsd.org" Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Queue-Id: 7D5CD8F200 X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-6.99 / 15.00]; REPLY(-4.00)[]; NEURAL_HAM_SHORT(-0.99)[-0.994,0]; TAGGED_FROM(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; NEURAL_HAM_LONG(-1.00)[-1.000,0] X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 May 2019 15:55:27 -0000 On Mon, May 6, 2019 at 6:14 PM John Baldwin wrote: > I have been doing some work off and on to address some of the shortcoming= s > in the in-kernel open crypto framework. =E2=80=A6 some of the currently = supported > algorithms have known weaknesses or are deprecated in RFCs, by the author= s, > etc. I would like to take a stab at trimming some of this for FreeBSD 13= . > For an initial proposal, =E2=80=A6 > > This adds runtime deprecation notices in the kernel when using deprecated > algorithms for IPsec (according to RFC 8221), and Kerberos GSS (RFCs 6649 > and 8429). It then also adds deprecation notices for a few algorithms in > GELI. For GELI, the current patches should refuse to create new volumes > with these algorithms and warn when mounting an existing volume. > > The current optimistic goal would be to merge all the warning back to 11 > and 12 and then remove support for these algorithms outright in 13.0. > For GELI in particular, I recognize this is somewhat painful as it means > doing a dump/restore if you've created volumes with affected algorithms. > OTOH, these algorithms are not the current defaults. Nor were they ever =E2=80=94 the default has always been an aes-based algorithm since the initial import of GELI in 2005 (r148456). > Finally, I've added warnings to /dev/crypto to warn if userland tries to > create new sessions for algorithms that no longer have any non-deprecated > in-kernel consumers. We've discussed this offline, but I just wanted to remark on the public lists that I'm all in favor of removing crufty bad crypto algorithms, and your chosen list seems to meet that criteria while being a conservative change. Please kill 'em. :-) Best, Conrad