svn commit: r351557 - head/sys/opencrypto
John Baldwin
jhb at FreeBSD.org
Tue Aug 27 21:29:38 UTC 2019
Author: jhb
Date: Tue Aug 27 21:29:37 2019
New Revision: 351557
URL: https://svnweb.freebsd.org/changeset/base/351557
Log:
Adjust the deprecated warnings for /dev/crypto to be less noisy.
Warn when actual operations are performed instead of when sessions are
created. The /dev/crypto engine in OpenSSL 1.0.x tries to create
sessions for all possible algorithms each time it is initialized
resulting in spurious warnings.
Reported by: Mike Tancsa
MFC after: 3 days
Sponsored by: Chelsio Communications
Modified:
head/sys/opencrypto/cryptodev.c
Modified: head/sys/opencrypto/cryptodev.c
==============================================================================
--- head/sys/opencrypto/cryptodev.c Tue Aug 27 20:51:17 2019 (r351556)
+++ head/sys/opencrypto/cryptodev.c Tue Aug 27 21:29:37 2019 (r351557)
@@ -391,8 +391,6 @@ cryptof_ioctl(
struct crypt_op copc;
struct crypt_kop kopc;
#endif
- static struct timeval arc4warn, blfwarn, castwarn, deswarn, md5warn;
- static struct timeval skipwarn, tdeswarn;
switch (cmd) {
case CIOCGSESSION:
@@ -413,28 +411,18 @@ cryptof_ioctl(
case 0:
break;
case CRYPTO_DES_CBC:
- if (ratecheck(&deswarn, &warninterval))
- gone_in(13, "DES cipher via /dev/crypto");
txform = &enc_xform_des;
break;
case CRYPTO_3DES_CBC:
- if (ratecheck(&tdeswarn, &warninterval))
- gone_in(13, "3DES cipher via /dev/crypto");
txform = &enc_xform_3des;
break;
case CRYPTO_BLF_CBC:
- if (ratecheck(&blfwarn, &warninterval))
- gone_in(13, "Blowfish cipher via /dev/crypto");
txform = &enc_xform_blf;
break;
case CRYPTO_CAST_CBC:
- if (ratecheck(&castwarn, &warninterval))
- gone_in(13, "CAST128 cipher via /dev/crypto");
txform = &enc_xform_cast5;
break;
case CRYPTO_SKIPJACK_CBC:
- if (ratecheck(&skipwarn, &warninterval))
- gone_in(13, "Skipjack cipher via /dev/crypto");
txform = &enc_xform_skipjack;
break;
case CRYPTO_AES_CBC:
@@ -447,8 +435,6 @@ cryptof_ioctl(
txform = &enc_xform_null;
break;
case CRYPTO_ARC4:
- if (ratecheck(&arc4warn, &warninterval))
- gone_in(13, "ARC4 cipher via /dev/crypto");
txform = &enc_xform_arc4;
break;
case CRYPTO_CAMELLIA_CBC:
@@ -477,9 +463,6 @@ cryptof_ioctl(
case 0:
break;
case CRYPTO_MD5_HMAC:
- if (ratecheck(&md5warn, &warninterval))
- gone_in(13,
- "MD5-HMAC authenticator via /dev/crypto");
thash = &auth_hash_hmac_md5;
break;
case CRYPTO_POLY1305:
@@ -815,6 +798,47 @@ cod_free(struct cryptop_data *cod)
free(cod, M_XDATA);
}
+static void
+cryptodev_warn(struct csession *cse)
+{
+ static struct timeval arc4warn, blfwarn, castwarn, deswarn, md5warn;
+ static struct timeval skipwarn, tdeswarn;
+
+ switch (cse->cipher) {
+ case CRYPTO_DES_CBC:
+ if (ratecheck(&deswarn, &warninterval))
+ gone_in(13, "DES cipher via /dev/crypto");
+ break;
+ case CRYPTO_3DES_CBC:
+ if (ratecheck(&tdeswarn, &warninterval))
+ gone_in(13, "3DES cipher via /dev/crypto");
+ break;
+ case CRYPTO_BLF_CBC:
+ if (ratecheck(&blfwarn, &warninterval))
+ gone_in(13, "Blowfish cipher via /dev/crypto");
+ break;
+ case CRYPTO_CAST_CBC:
+ if (ratecheck(&castwarn, &warninterval))
+ gone_in(13, "CAST128 cipher via /dev/crypto");
+ break;
+ case CRYPTO_SKIPJACK_CBC:
+ if (ratecheck(&skipwarn, &warninterval))
+ gone_in(13, "Skipjack cipher via /dev/crypto");
+ break;
+ case CRYPTO_ARC4:
+ if (ratecheck(&arc4warn, &warninterval))
+ gone_in(13, "ARC4 cipher via /dev/crypto");
+ break;
+ }
+
+ switch (cse->mac) {
+ case CRYPTO_MD5_HMAC:
+ if (ratecheck(&md5warn, &warninterval))
+ gone_in(13, "MD5-HMAC authenticator via /dev/crypto");
+ break;
+ }
+}
+
static int
cryptodev_op(
struct csession *cse,
@@ -937,6 +961,7 @@ cryptodev_op(
error = EINVAL;
goto bail;
}
+ cryptodev_warn(cse);
again:
/*
@@ -1106,6 +1131,7 @@ cryptodev_aead(
SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
goto bail;
}
+ cryptodev_warn(cse);
again:
/*
* Let the dispatch run unlocked, then, interlock against the
More information about the svn-src-all
mailing list