svn commit: r368319 - in stable/12: share/man/man4 sys/opencrypto

[John Baldwin]

Author: jhb
Date: Fri Dec  4 01:09:51 2020
New Revision: 368319
URL: https://svnweb.freebsd.org/changeset/base/368319

Log:
  MFC 366844: Mark asymmetric cryptography via OCF deprecated for 14.0.
  
  Only one MIPS-specific driver implements support for one of the
  asymmetric operations.  There are no in-kernel users besides
  /dev/crypto.  The only known user of the /dev/crypto interface was the
  engine in OpenSSL releases before 1.1.0.  1.1.0 includes a rewritten
  engine that does not use the asymmetric operations due to lack of
  documentation.

Modified:
  stable/12/share/man/man4/crypto.4
  stable/12/sys/opencrypto/crypto.c
  stable/12/sys/opencrypto/cryptodev.c
Directory Properties:
  stable/12/   (props changed)

Modified: stable/12/share/man/man4/crypto.4
==============================================================================
--- stable/12/share/man/man4/crypto.4	Fri Dec  4 00:48:11 2020	(r368318)
+++ stable/12/share/man/man4/crypto.4	Fri Dec  4 01:09:51 2020	(r368319)
@@ -60,7 +60,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd December 17, 2019
+.Dd October 19, 2020
 .Dt CRYPTO 4
 .Os
 .Sh NAME
@@ -108,6 +108,11 @@ both asymmetric-key (public-key/private-key) requests 
 modular arithmetic (for Diffie-Hellman key exchange and other
 cryptographic protocols).
 The two modes are described separately below.
+.Sh DEPRECATION NOTICE
+The asymmetric-key operations supported by this interface will not be
+present in
+.Fx 14.0
+and later.
 .Sh THEORY OF OPERATION
 Regardless of whether symmetric-key or asymmetric-key operations are
 to be performed, use of the device requires a basic series of steps:

Modified: stable/12/sys/opencrypto/crypto.c
==============================================================================
--- stable/12/sys/opencrypto/crypto.c	Fri Dec  4 00:48:11 2020	(r368318)
+++ stable/12/sys/opencrypto/crypto.c	Fri Dec  4 01:09:51 2020	(r368319)
@@ -841,6 +841,7 @@ crypto_kregister(u_int32_t driverid, int kalg, u_int32
 				, kalg
 				, flags
 			);
+		gone_in_dev(cap->cc_dev, 14, "asymmetric crypto");
 		err = 0;
 	} else
 		err = EINVAL;

Modified: stable/12/sys/opencrypto/cryptodev.c
==============================================================================
--- stable/12/sys/opencrypto/cryptodev.c	Fri Dec  4 00:48:11 2020	(r368318)
+++ stable/12/sys/opencrypto/cryptodev.c	Fri Dec  4 01:09:51 2020	(r368319)
@@ -374,6 +374,7 @@ cryptof_ioctl(
 	struct ucred *active_cred,
 	struct thread *td)
 {
+	static struct timeval keywarn, featwarn;
 #define	SES2(p)	((struct session2_op *)p)
 	struct cryptoini cria, crie;
 	struct fcrypt *fcr = fp->f_data;
@@ -701,6 +702,10 @@ bail:
 	case CIOCKEY32:
 	case CIOCKEY232:
 #endif
+		if (ratecheck(&keywarn, &warninterval))
+			gone_in(14,
+			    "Asymmetric crypto operations via /dev/crypto");
+
 		if (!crypto_userasymcrypto) {
 			SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
 			return (EPERM);		/* XXX compat? */
@@ -730,6 +735,10 @@ bail:
 #endif
 		break;
 	case CIOCASYMFEAT:
+		if (ratecheck(&featwarn, &warninterval))
+			gone_in(14,
+			    "Asymmetric crypto features via /dev/crypto");
+
 		if (!crypto_userasymcrypto) {
 			/*
 			 * NB: if user asym crypto operations are