svn commit: r360937 - head
John Baldwin
jhb at FreeBSD.org
Mon May 11 22:51:23 UTC 2020
On 5/11/20 3:19 PM, Cy Schubert wrote:
> In message <202005112215.04BMFkh8071808 at repo.freebsd.org>, John Baldwin
> writes:
>> Author: jhb
>> Date: Mon May 11 22:15:46 2020
>> New Revision: 360937
>> URL: https://svnweb.freebsd.org/changeset/base/360937
>>
>> Log:
>> Document removal of deprecated algorithms from OCF.
>>
>> Sponsored by: Chelsio Communications
>>
>> Modified:
>> head/RELNOTES
>>
>> Modified: head/RELNOTES
>> =============================================================================
>> =
>> --- head/RELNOTES Mon May 11 22:08:08 2020 (r360936)
>> +++ head/RELNOTES Mon May 11 22:15:46 2020 (r360937)
>> @@ -10,6 +10,11 @@ newline. Entries should be separated by a newline.
>>
>> Changes to this file should not be MFCed.
>>
>> +r360920,r360923,r360924,r360927,r360928,r360931,r360933,r360936:
>> + Remove support for ARC4, Blowfish, Cast, DES, Triple DES, MD5,
>> + MD5-KPDK, MD5-HMAC, SHA1-KPDK, and Skipjack algorithms from
>> + the kernel open cryptographic framework (OCF).
>> +
>> r360562:
>> Remove support for ARC4, Blowfish, Cast, DES, Triple DES,
>> MD5-HMAC, and Skipjack algorithms from /dev/crypto.
>>
>
> Do we need a __FreeBSD_version bump?
We shouldn't. I did not remove any of the CRYPTO_* constants that
list algorithms since OpenSSL assumes some of them exist unconditionally.
OpenSSL's /dev/crypto engine could use some love (it doesn't support
AES-GCM on FreeBSD for example), but I've also found that using the
engine isn't really beneficial. Doing crypto in the kernel via KTLS
seems to perform better for hardware accelerators than the /dev/crypto
interface.
--
John Baldwin
More information about the svn-src-all
mailing list