From owner-svn-src-stable@freebsd.org  Fri May 31 20:26:57 2019
Return-Path: <owner-svn-src-stable@freebsd.org>
Delivered-To: svn-src-stable@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 97C0515C5114;
 Fri, 31 May 2019 20:26:57 +0000 (UTC) (envelope-from jhb@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 server-signature RSA-PSS (4096 bits)
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 36C3D834D2;
 Fri, 31 May 2019 20:26:57 +0000 (UTC) (envelope-from jhb@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 135EC575D;
 Fri, 31 May 2019 20:26:57 +0000 (UTC) (envelope-from jhb@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x4VKQuG4051214;
 Fri, 31 May 2019 20:26:56 GMT (envelope-from jhb@FreeBSD.org)
Received: (from jhb@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id x4VKQu3T051213;
 Fri, 31 May 2019 20:26:56 GMT (envelope-from jhb@FreeBSD.org)
Message-Id: <201905312026.x4VKQu3T051213@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: jhb set sender to jhb@FreeBSD.org
 using -f
From: John Baldwin <jhb@FreeBSD.org>
Date: Fri, 31 May 2019 20:26:56 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org
Subject: svn commit: r348482 - stable/11/sys/netipsec
X-SVN-Group: stable-11
X-SVN-Commit-Author: jhb
X-SVN-Commit-Paths: stable/11/sys/netipsec
X-SVN-Commit-Revision: 348482
X-SVN-Commit-Repository: base
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Rspamd-Queue-Id: 36C3D834D2
X-Spamd-Bar: --
Authentication-Results: mx1.freebsd.org
X-Spamd-Result: default: False [-2.96 / 15.00];
 local_wl_from(0.00)[FreeBSD.org];
 NEURAL_HAM_MEDIUM(-1.00)[-0.999,0];
 NEURAL_HAM_SHORT(-0.96)[-0.962,0];
 ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US];
 NEURAL_HAM_LONG(-1.00)[-1.000,0]
X-BeenThere: svn-src-stable@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SVN commit messages for all the -stable branches of the src tree
 <svn-src-stable.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-stable>, 
 <mailto:svn-src-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-stable/>
List-Post: <mailto:svn-src-stable@freebsd.org>
List-Help: <mailto:svn-src-stable-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-stable>,
 <mailto:svn-src-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 31 May 2019 20:26:58 -0000

Author: jhb
Date: Fri May 31 20:26:56 2019
New Revision: 348482
URL: https://svnweb.freebsd.org/changeset/base/348482

Log:
  MFC 348205:
  Add deprecation warnings for IPsec algorithms deprecated in RFC 8221.
  
  All of these algorithms are either explicitly marked MUST NOT, or they
  are implicitly MUST NOTs by virtue of not being included in IETF's
  list of protocols at all despite having assignments from IANA.
  
  Specifically, this adds warnings for the following ciphers:
  - des-cbc
  - blowfish-cbc
  - cast128-cbc
  - des-deriv
  - des-32iv
  - camellia-cbc
  
  Warnings for the following authentication algorithms are also added:
  - hmac-md5
  - keyed-md5
  - keyed-sha1
  - hmac-ripemd160
  
  Approved by:	re (gjb)

Modified:
  stable/11/sys/netipsec/xform_ah.c
  stable/11/sys/netipsec/xform_esp.c
Directory Properties:
  stable/11/   (props changed)

Modified: stable/11/sys/netipsec/xform_ah.c
==============================================================================
--- stable/11/sys/netipsec/xform_ah.c	Fri May 31 20:25:57 2019	(r348481)
+++ stable/11/sys/netipsec/xform_ah.c	Fri May 31 20:26:56 2019	(r348482)
@@ -108,6 +108,8 @@ SYSCTL_VNET_PCPUSTAT(_net_inet_ah, IPSECCTL_STATS, sta
 #endif
 
 static unsigned char ipseczeroes[256];	/* larger than an ip6 extension hdr */
+static struct timeval md5warn, ripewarn, kpdkmd5warn, kpdksha1warn;
+static struct timeval warninterval = { .tv_sec = 1, .tv_usec = 0 };
 
 static int ah_input_cb(struct cryptop*);
 static int ah_output_cb(struct cryptop*);
@@ -174,6 +176,26 @@ ah_init0(struct secasvar *sav, struct xformsw *xsp, st
 			__func__, sav->alg_auth));
 		return EINVAL;
 	}
+
+	switch (sav->alg_auth) {
+	case SADB_AALG_MD5HMAC:
+		if (ratecheck(&md5warn, &warninterval))
+			gone_in(13, "MD5-HMAC authenticator for IPsec");
+		break;
+	case SADB_X_AALG_RIPEMD160HMAC:
+		if (ratecheck(&ripewarn, &warninterval))
+			gone_in(13, "RIPEMD160-HMAC authenticator for IPsec");
+		break;
+	case SADB_X_AALG_MD5:
+		if (ratecheck(&kpdkmd5warn, &warninterval))
+			gone_in(13, "Keyed-MD5 authenticator for IPsec");
+		break;
+	case SADB_X_AALG_SHA:
+		if (ratecheck(&kpdksha1warn, &warninterval))
+			gone_in(13, "Keyed-SHA1 authenticator for IPsec");
+		break;
+	}
+
 	/*
 	 * Verify the replay state block allocation is consistent with
 	 * the protocol type.  We check here so we can make assumptions

Modified: stable/11/sys/netipsec/xform_esp.c
==============================================================================
--- stable/11/sys/netipsec/xform_esp.c	Fri May 31 20:25:57 2019	(r348481)
+++ stable/11/sys/netipsec/xform_esp.c	Fri May 31 20:26:56 2019	(r348482)
@@ -94,6 +94,9 @@ SYSCTL_VNET_PCPUSTAT(_net_inet_esp, IPSECCTL_STATS, st
     struct espstat, espstat,
     "ESP statistics (struct espstat, netipsec/esp_var.h");
 
+static struct timeval deswarn, blfwarn, castwarn, camelliawarn;
+static struct timeval warninterval = { .tv_sec = 1, .tv_usec = 0 };
+
 static int esp_input_cb(struct cryptop *op);
 static int esp_output_cb(struct cryptop *crp);
 
@@ -156,6 +159,26 @@ esp_init(struct secasvar *sav, struct xformsw *xsp)
 			__func__));
 		return EINVAL;
 	}
+
+	switch (sav->alg_enc) {
+	case SADB_EALG_DESCBC:
+		if (ratecheck(&deswarn, &warninterval))
+			gone_in(13, "DES cipher for IPsec");
+		break;
+	case SADB_X_EALG_BLOWFISHCBC:
+		if (ratecheck(&blfwarn, &warninterval))
+			gone_in(13, "Blowfish cipher for IPsec");
+		break;
+	case SADB_X_EALG_CAST128CBC:
+		if (ratecheck(&castwarn, &warninterval))
+			gone_in(13, "CAST cipher for IPsec");
+		break;
+	case SADB_X_EALG_CAMELLIACBC:
+		if (ratecheck(&camelliawarn, &warninterval))
+			gone_in(13, "Camellia cipher for IPsec");
+		break;
+	}
+
 	/* subtract off the salt, RFC4106, 8.1 and RFC3686, 5.1 */
 	keylen = _KEYLEN(sav->key_enc) - SAV_ISCTRORGCM(sav) * 4;
 	if (txform->minkey > keylen || keylen > txform->maxkey) {