Date: Fri, 4 Dec 2020 01:09:52 +0000 (UTC) From: John Baldwin <jhb@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-12@freebsd.org Subject: svn commit: r368319 - in stable/12: share/man/man4 sys/opencrypto Message-ID: <202012040109.0B419qk6011346@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: jhb Date: Fri Dec 4 01:09:51 2020 New Revision: 368319 URL: https://svnweb.freebsd.org/changeset/base/368319 Log: MFC 366844: Mark asymmetric cryptography via OCF deprecated for 14.0. Only one MIPS-specific driver implements support for one of the asymmetric operations. There are no in-kernel users besides /dev/crypto. The only known user of the /dev/crypto interface was the engine in OpenSSL releases before 1.1.0. 1.1.0 includes a rewritten engine that does not use the asymmetric operations due to lack of documentation. Modified: stable/12/share/man/man4/crypto.4 stable/12/sys/opencrypto/crypto.c stable/12/sys/opencrypto/cryptodev.c Directory Properties: stable/12/ (props changed) Modified: stable/12/share/man/man4/crypto.4 ============================================================================== --- stable/12/share/man/man4/crypto.4 Fri Dec 4 00:48:11 2020 (r368318) +++ stable/12/share/man/man4/crypto.4 Fri Dec 4 01:09:51 2020 (r368319) @@ -60,7 +60,7 @@ .\" .\" $FreeBSD$ .\" -.Dd December 17, 2019 +.Dd October 19, 2020 .Dt CRYPTO 4 .Os .Sh NAME @@ -108,6 +108,11 @@ both asymmetric-key (public-key/private-key) requests modular arithmetic (for Diffie-Hellman key exchange and other cryptographic protocols). The two modes are described separately below. +.Sh DEPRECATION NOTICE +The asymmetric-key operations supported by this interface will not be +present in +.Fx 14.0 +and later. .Sh THEORY OF OPERATION Regardless of whether symmetric-key or asymmetric-key operations are to be performed, use of the device requires a basic series of steps: Modified: stable/12/sys/opencrypto/crypto.c ============================================================================== --- stable/12/sys/opencrypto/crypto.c Fri Dec 4 00:48:11 2020 (r368318) +++ stable/12/sys/opencrypto/crypto.c Fri Dec 4 01:09:51 2020 (r368319) @@ -841,6 +841,7 @@ crypto_kregister(u_int32_t driverid, int kalg, u_int32 , kalg , flags ); + gone_in_dev(cap->cc_dev, 14, "asymmetric crypto"); err = 0; } else err = EINVAL; Modified: stable/12/sys/opencrypto/cryptodev.c ============================================================================== --- stable/12/sys/opencrypto/cryptodev.c Fri Dec 4 00:48:11 2020 (r368318) +++ stable/12/sys/opencrypto/cryptodev.c Fri Dec 4 01:09:51 2020 (r368319) @@ -374,6 +374,7 @@ cryptof_ioctl( struct ucred *active_cred, struct thread *td) { + static struct timeval keywarn, featwarn; #define SES2(p) ((struct session2_op *)p) struct cryptoini cria, crie; struct fcrypt *fcr = fp->f_data; @@ -701,6 +702,10 @@ bail: case CIOCKEY32: case CIOCKEY232: #endif + if (ratecheck(&keywarn, &warninterval)) + gone_in(14, + "Asymmetric crypto operations via /dev/crypto"); + if (!crypto_userasymcrypto) { SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); return (EPERM); /* XXX compat? */ @@ -730,6 +735,10 @@ bail: #endif break; case CIOCASYMFEAT: + if (ratecheck(&featwarn, &warninterval)) + gone_in(14, + "Asymmetric crypto features via /dev/crypto"); + if (!crypto_userasymcrypto) { /* * NB: if user asym crypto operations are
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202012040109.0B419qk6011346>