Index: head/lib/geom/eli/geli.8 =================================================================== --- head/lib/geom/eli/geli.8 +++ head/lib/geom/eli/geli.8 @@ -24,7 +24,7 @@ .\" .\" $FreeBSD$ .\" -.Dd March 19, 2020 +.Dd April 14, 2020 .Dt GELI 8 .Os .Sh NAME @@ -172,14 +172,11 @@ Supports many cryptographic algorithms (currently .Nm AES-XTS , .Nm AES-CBC , -.Nm Blowfish-CBC , -.Nm Camellia-CBC and -.Nm 3DES-CBC ) . +.Nm Camellia-CBC ) . .It Can optionally perform data authentication (integrity verification) utilizing one of the following algorithms: -.Nm HMAC/MD5 , .Nm HMAC/SHA1 , .Nm HMAC/RIPEMD160 , .Nm HMAC/SHA256 , @@ -259,7 +256,6 @@ .Nm HMAC/SHA256 algorithm, 89% of the original provider storage will be available for use. Currently supported algorithms are: -.Nm HMAC/MD5 , .Nm HMAC/SHA1 , .Nm HMAC/RIPEMD160 , .Nm HMAC/SHA256 , @@ -303,9 +299,7 @@ Currently supported algorithms are: .Nm AES-XTS , .Nm AES-CBC , -.Nm Blowfish-CBC , .Nm Camellia-CBC , -.Nm 3DES-CBC , and .Nm NULL . The default and recommended algorithm is @@ -359,11 +353,6 @@ .Em 128 , 192, 256 -.It Nm Blowfish-CBC -.Em 128 -+ n * 32, for n=[0..10] -.It Nm 3DES-CBC -.Em 192 .El .It Fl P Do not use a passphrase as a component of the User Key. @@ -901,18 +890,6 @@ .El .Sh EXIT STATUS Exit status is 0 on success, and 1 if the command fails. -.Sh DEPRECATION NOTICE -Support for the -.Nm Blowfish-CBC -and -.Nm 3DES-CBC -cryptographic algorithms and -.Nm HMAC/MD5 -authentication algorithm will be removed in -.Fx 13.0 . -New volumes cannot be created using these algorithms. -Existing volumes should be migrated to a new volume that uses -non-deprecated algorithms. .Sh EXAMPLES Initialize a provider which is going to be encrypted with a passphrase and random data from a file on the user's pen drive. @@ -967,7 +944,7 @@ Encrypted swap partition setup: .Bd -literal -offset indent # dd if=/dev/random of=/dev/ada0s1b bs=1m -# geli onetime -d -e 3des ada0s1b +# geli onetime -d ada0s1b # swapon /dev/ada0s1b.eli .Ed .Pp Index: head/lib/geom/eli/geom_eli.c =================================================================== --- head/lib/geom/eli/geom_eli.c +++ head/lib/geom/eli/geom_eli.c @@ -805,22 +805,6 @@ return; } } - if (md.md_flags & G_ELI_FLAG_AUTH) { - switch (md.md_aalgo) { - case CRYPTO_MD5_HMAC: - gctl_error(req, - "The %s authentication algorithm is deprecated.", - g_eli_algo2str(md.md_aalgo)); - return; - } - } - switch (md.md_ealgo) { - case CRYPTO_3DES_CBC: - case CRYPTO_BLF_CBC: - gctl_error(req, "The %s encryption algorithm is deprecated.", - g_eli_algo2str(md.md_ealgo)); - return; - } val = gctl_get_intmax(req, "keylen"); md.md_keylen = val; md.md_keylen = g_eli_keylen(md.md_ealgo, md.md_keylen); Index: head/sys/geom/eli/g_eli.h =================================================================== --- head/sys/geom/eli/g_eli.h +++ head/sys/geom/eli/g_eli.h @@ -417,18 +417,10 @@ return (CRYPTO_AES_CBC); else if (strcasecmp("aes-xts", name) == 0) return (CRYPTO_AES_XTS); - else if (strcasecmp("blowfish", name) == 0) - return (CRYPTO_BLF_CBC); - else if (strcasecmp("blowfish-cbc", name) == 0) - return (CRYPTO_BLF_CBC); else if (strcasecmp("camellia", name) == 0) return (CRYPTO_CAMELLIA_CBC); else if (strcasecmp("camellia-cbc", name) == 0) return (CRYPTO_CAMELLIA_CBC); - else if (strcasecmp("3des", name) == 0) - return (CRYPTO_3DES_CBC); - else if (strcasecmp("3des-cbc", name) == 0) - return (CRYPTO_3DES_CBC); return (CRYPTO_ALGORITHM_MIN - 1); } @@ -436,9 +428,7 @@ g_eli_str2aalgo(const char *name) { - if (strcasecmp("hmac/md5", name) == 0) - return (CRYPTO_MD5_HMAC); - else if (strcasecmp("hmac/sha1", name) == 0) + if (strcasecmp("hmac/sha1", name) == 0) return (CRYPTO_SHA1_HMAC); else if (strcasecmp("hmac/ripemd160", name) == 0) return (CRYPTO_RIPEMD160_HMAC); @@ -462,14 +452,8 @@ return ("AES-CBC"); case CRYPTO_AES_XTS: return ("AES-XTS"); - case CRYPTO_BLF_CBC: - return ("Blowfish-CBC"); case CRYPTO_CAMELLIA_CBC: return ("CAMELLIA-CBC"); - case CRYPTO_3DES_CBC: - return ("3DES-CBC"); - case CRYPTO_MD5_HMAC: - return ("HMAC/MD5"); case CRYPTO_SHA1_HMAC: return ("HMAC/SHA1"); case CRYPTO_RIPEMD160_HMAC: @@ -522,6 +506,36 @@ printf(" MD5 hash: %s\n", str); } +#ifdef _KERNEL +static bool +eli_metadata_crypto_supported(const struct g_eli_metadata *md) +{ + + switch (md->md_ealgo) { + case CRYPTO_NULL_CBC: + case CRYPTO_AES_CBC: + case CRYPTO_CAMELLIA_CBC: + case CRYPTO_AES_XTS: + break; + default: + return (false); + } + if (md->md_flags & G_ELI_FLAG_AUTH) { + switch (md->md_aalgo) { + case CRYPTO_SHA1_HMAC: + case CRYPTO_RIPEMD160_HMAC: + case CRYPTO_SHA2_256_HMAC: + case CRYPTO_SHA2_384_HMAC: + case CRYPTO_SHA2_512_HMAC: + break; + default: + return (false); + } + } + return (true); +} +#endif + static __inline u_int g_eli_keylen(u_int algo, u_int keylen) { @@ -557,18 +571,6 @@ default: return (0); } - case CRYPTO_BLF_CBC: - if (keylen == 0) - return (128); - if (keylen < 128 || keylen > 448) - return (0); - if ((keylen % 32) != 0) - return (0); - return (keylen); - case CRYPTO_3DES_CBC: - if (keylen == 0 || keylen == 192) - return (192); - return (0); default: return (0); } @@ -583,12 +585,8 @@ return (AES_XTS_IV_LEN); case CRYPTO_AES_CBC: return (AES_BLOCK_LEN); - case CRYPTO_BLF_CBC: - return (BLOWFISH_BLOCK_LEN); case CRYPTO_CAMELLIA_CBC: return (CAMELLIA_BLOCK_LEN); - case CRYPTO_3DES_CBC: - return (DES3_BLOCK_LEN); } return (0); } @@ -598,8 +596,6 @@ { switch (algo) { - case CRYPTO_MD5_HMAC: - return (16); case CRYPTO_SHA1_HMAC: return (20); case CRYPTO_RIPEMD160_HMAC: Index: head/sys/geom/eli/g_eli.c =================================================================== --- head/sys/geom/eli/g_eli.c +++ head/sys/geom/eli/g_eli.c @@ -847,6 +847,8 @@ int dcw, error; G_ELI_DEBUG(1, "Creating device %s%s.", bpp->name, G_ELI_SUFFIX); + KASSERT(eli_metadata_crypto_supported(md), + ("%s: unsupported crypto for %s", __func__, bpp->name)); gp = g_new_geomf(mp, "%s%s", bpp->name, G_ELI_SUFFIX); sc = malloc(sizeof(*sc), M_ELI, M_WAITOK | M_ZERO); @@ -975,25 +977,8 @@ G_ELI_DEBUG(0, "Device %s created.", pp->name); G_ELI_DEBUG(0, "Encryption: %s %u", g_eli_algo2str(sc->sc_ealgo), sc->sc_ekeylen); - switch (sc->sc_ealgo) { - case CRYPTO_3DES_CBC: - gone_in(13, - "support for GEOM_ELI volumes encrypted with 3des"); - break; - case CRYPTO_BLF_CBC: - gone_in(13, - "support for GEOM_ELI volumes encrypted with blowfish"); - break; - } - if (sc->sc_flags & G_ELI_FLAG_AUTH) { + if (sc->sc_flags & G_ELI_FLAG_AUTH) G_ELI_DEBUG(0, " Integrity: %s", g_eli_algo2str(sc->sc_aalgo)); - switch (sc->sc_aalgo) { - case CRYPTO_MD5_HMAC: - gone_in(13, - "support for GEOM_ELI volumes authenticated with hmac/md5"); - break; - } - } G_ELI_DEBUG(0, " Crypto: %s", sc->sc_crypto == G_ELI_CRYPTO_SW ? "software" : "hardware"); return (gp); @@ -1188,6 +1173,11 @@ return (NULL); if (md.md_keys == 0x00) { G_ELI_DEBUG(0, "No valid keys on %s.", pp->name); + return (NULL); + } + if (!eli_metadata_crypto_supported(&md)) { + G_ELI_DEBUG(0, "%s uses invalid or unsupported algorithms\n", + pp->name); return (NULL); } if (md.md_iterations == -1) { Index: head/sys/geom/eli/g_eli_crypto.c =================================================================== --- head/sys/geom/eli/g_eli_crypto.c +++ head/sys/geom/eli/g_eli_crypto.c @@ -138,9 +138,6 @@ return (EINVAL); } break; - case CRYPTO_BLF_CBC: - type = EVP_bf_cbc(); - break; #ifndef OPENSSL_NO_CAMELLIA case CRYPTO_CAMELLIA_CBC: switch (keysize) { @@ -158,9 +155,6 @@ } break; #endif - case CRYPTO_3DES_CBC: - type = EVP_des_ede3_cbc(); - break; default: return (EINVAL); } Index: head/sys/geom/eli/g_eli_ctl.c =================================================================== --- head/sys/geom/eli/g_eli_ctl.c +++ head/sys/geom/eli/g_eli_ctl.c @@ -138,6 +138,11 @@ gctl_error(req, "No valid keys on %s.", pp->name); return; } + if (!eli_metadata_crypto_supported(&md)) { + explicit_bzero(&md, sizeof(md)); + gctl_error(req, "Invalid or unsupported algorithms."); + return; + } key = gctl_get_param(req, "key", &keysize); if (key == NULL || keysize != G_ELI_USERKEYLEN) {