Date: Mon, 11 May 2020 15:51:20 -0700 From: John Baldwin <jhb@FreeBSD.org> To: Cy Schubert <Cy.Schubert@cschubert.com> Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r360937 - head Message-ID: <7584e240-6f27-ae72-8447-86d77ec1541f@FreeBSD.org> In-Reply-To: <202005112219.04BMJFRZ081754@slippy.cwsent.com> References: <202005112215.04BMFkh8071808@repo.freebsd.org> <202005112219.04BMJFRZ081754@slippy.cwsent.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 5/11/20 3:19 PM, Cy Schubert wrote: > In message <202005112215.04BMFkh8071808@repo.freebsd.org>, John Baldwin > writes: >> Author: jhb >> Date: Mon May 11 22:15:46 2020 >> New Revision: 360937 >> URL: https://svnweb.freebsd.org/changeset/base/360937 >> >> Log: >> Document removal of deprecated algorithms from OCF. >> >> Sponsored by: Chelsio Communications >> >> Modified: >> head/RELNOTES >> >> Modified: head/RELNOTES >> ============================================================================= >> = >> --- head/RELNOTES Mon May 11 22:08:08 2020 (r360936) >> +++ head/RELNOTES Mon May 11 22:15:46 2020 (r360937) >> @@ -10,6 +10,11 @@ newline. Entries should be separated by a newline. >> >> Changes to this file should not be MFCed. >> >> +r360920,r360923,r360924,r360927,r360928,r360931,r360933,r360936: >> + Remove support for ARC4, Blowfish, Cast, DES, Triple DES, MD5, >> + MD5-KPDK, MD5-HMAC, SHA1-KPDK, and Skipjack algorithms from >> + the kernel open cryptographic framework (OCF). >> + >> r360562: >> Remove support for ARC4, Blowfish, Cast, DES, Triple DES, >> MD5-HMAC, and Skipjack algorithms from /dev/crypto. >> > > Do we need a __FreeBSD_version bump? We shouldn't. I did not remove any of the CRYPTO_* constants that list algorithms since OpenSSL assumes some of them exist unconditionally. OpenSSL's /dev/crypto engine could use some love (it doesn't support AES-GCM on FreeBSD for example), but I've also found that using the engine isn't really beneficial. Doing crypto in the kernel via KTLS seems to perform better for hardware accelerators than the /dev/crypto interface. -- John Baldwin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7584e240-6f27-ae72-8447-86d77ec1541f>