From owner-freebsd-arch@freebsd.org  Tue May  7 19:39:31 2019
Return-Path: <owner-freebsd-arch@freebsd.org>
Delivered-To: freebsd-arch@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id F33481591BA3
 for <freebsd-arch@mailman.ysv.freebsd.org>;
 Tue,  7 May 2019 19:39:30 +0000 (UTC)
 (envelope-from freebsd-rwg@gndrsh.dnsmgr.net)
Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org
 [IPv6:2001:1900:2254:206a::50:5])
 by mx1.freebsd.org (Postfix) with ESMTP id 5F682718A2
 for <freebsd-arch@freebsd.org>; Tue,  7 May 2019 19:39:30 +0000 (UTC)
 (envelope-from freebsd-rwg@gndrsh.dnsmgr.net)
Received: by mailman.ysv.freebsd.org (Postfix)
 id 1C7781591BA2; Tue,  7 May 2019 19:39:30 +0000 (UTC)
Delivered-To: arch@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0AE2F1591BA1
 for <arch@mailman.ysv.freebsd.org>; Tue,  7 May 2019 19:39:30 +0000 (UTC)
 (envelope-from freebsd-rwg@gndrsh.dnsmgr.net)
Received: from gndrsh.dnsmgr.net (br1.CN84in.dnsmgr.net [69.59.192.140])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 77BE87189E;
 Tue,  7 May 2019 19:39:29 +0000 (UTC)
 (envelope-from freebsd-rwg@gndrsh.dnsmgr.net)
Received: from gndrsh.dnsmgr.net (localhost [127.0.0.1])
 by gndrsh.dnsmgr.net (8.13.3/8.13.3) with ESMTP id x47JdPHk013096;
 Tue, 7 May 2019 12:39:25 -0700 (PDT)
 (envelope-from freebsd-rwg@gndrsh.dnsmgr.net)
Received: (from freebsd-rwg@localhost)
 by gndrsh.dnsmgr.net (8.13.3/8.13.3/Submit) id x47JdPQA013095;
 Tue, 7 May 2019 12:39:25 -0700 (PDT) (envelope-from freebsd-rwg)
From: "Rodney W. Grimes" <freebsd-rwg@gndrsh.dnsmgr.net>
Message-Id: <201905071939.x47JdPQA013095@gndrsh.dnsmgr.net>
Subject: Re: Deprecating crypto algorithms in the kernel
In-Reply-To: <CAG6CVpXRkVgwzKdtnp5nqcBMU4MZH9d_45Tn9HwBHQ3+wT7OOQ@mail.gmail.com>
To: cem@freebsd.org
Date: Tue, 7 May 2019 12:39:25 -0700 (PDT)
CC: John Baldwin <jhb@freebsd.org>,
 "freebsd-arch@freebsd.org" <arch@freebsd.org>
X-Mailer: ELM [version 2.4ME+ PL121h (25)]
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=US-ASCII
X-Rspamd-Queue-Id: 77BE87189E
X-Spamd-Bar: ------
Authentication-Results: mx1.freebsd.org
X-Spamd-Result: default: False [-6.96 / 15.00];
 NEURAL_HAM_MEDIUM(-1.00)[-1.000,0];
 NEURAL_HAM_LONG(-1.00)[-1.000,0]; REPLY(-4.00)[];
 NEURAL_HAM_SHORT(-0.96)[-0.965,0]
X-BeenThere: freebsd-arch@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion related to FreeBSD architecture <freebsd-arch.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-arch>,
 <mailto:freebsd-arch-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-arch/>
List-Post: <mailto:freebsd-arch@freebsd.org>
List-Help: <mailto:freebsd-arch-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-arch>,
 <mailto:freebsd-arch-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 07 May 2019 19:39:31 -0000

> On Mon, May 6, 2019 at 6:14 PM John Baldwin <jhb@freebsd.org> wrote:
> > I have been doing some work off and on to address some of the shortcomings
> > in the in-kernel open crypto framework.  ? some of the currently supported
> > algorithms have known weaknesses or are deprecated in RFCs, by the authors,
> > etc.  I would like to take a stab at trimming some of this for FreeBSD 13.
> > For an initial proposal, ?
> >
> > This adds runtime deprecation notices in the kernel when using deprecated
> > algorithms for IPsec (according to RFC 8221), and Kerberos GSS (RFCs 6649
> > and 8429).  It then also adds deprecation notices for a few algorithms in
> > GELI.  For GELI, the current patches should refuse to create new volumes
> > with these algorithms and warn when mounting an existing volume.
> >
> > The current optimistic goal would be to merge all the warning back to 11
> > and 12 and then remove support for these algorithms outright in 13.0.
> > For GELI in particular, I recognize this is somewhat painful as it means
> > doing a dump/restore if you've created volumes with affected algorithms.
> > OTOH, these algorithms are not the current defaults.
> 
> Nor were they ever ? the default has always been an aes-based
> algorithm since the initial import of GELI in 2005 (r148456).
> 
> > Finally, I've added warnings to /dev/crypto to warn if userland tries to
> > create new sessions for algorithms that no longer have any non-deprecated
> > in-kernel consumers.
> 
> We've discussed this offline, but I just wanted to remark on the
> public lists that I'm all in favor of removing crufty bad crypto
> algorithms, and your chosen list seems to meet that criteria while
> being a conservative change.  Please kill 'em.  :-)

Does doing this in any way break TCPMD5, which is extensively
still in use for BGP sessions.  Breaking that would probably
be a bad idea.

-- 
Rod Grimes                                                 rgrimes@freebsd.org