Page MenuHomeFreeBSD
Files F147867621

D24346.id70896.diff
No OneTemporary
Actions

D24346.id70896.diff
View Options

Index: sys/opencrypto/cryptodev.c
===================================================================
--- sys/opencrypto/cryptodev.c
+++ sys/opencrypto/cryptodev.c
@@ -291,11 +291,6 @@
struct mtx lock;
};
-static struct timeval warninterval = { .tv_sec = 60, .tv_usec = 0 };
-SYSCTL_TIMEVAL_SEC(_kern, OID_AUTO, cryptodev_warn_interval, CTLFLAG_RW,
- &warninterval,
- "Delay in seconds between warnings of deprecated /dev/crypto algorithms");
-
static int cryptof_ioctl(struct file *, u_long, void *,
struct ucred *, struct thread *);
static int cryptof_stat(struct file *, struct stat *,
@@ -408,21 +403,9 @@
switch (sop->cipher) {
case 0:
break;
- case CRYPTO_DES_CBC:
- txform = &enc_xform_des;
- break;
case CRYPTO_3DES_CBC:
txform = &enc_xform_3des;
break;
- case CRYPTO_BLF_CBC:
- txform = &enc_xform_blf;
- break;
- case CRYPTO_CAST_CBC:
- txform = &enc_xform_cast5;
- break;
- case CRYPTO_SKIPJACK_CBC:
- txform = &enc_xform_skipjack;
- break;
case CRYPTO_AES_CBC:
txform = &enc_xform_rijndael128;
break;
@@ -432,9 +415,6 @@
case CRYPTO_NULL_CBC:
txform = &enc_xform_null;
break;
- case CRYPTO_ARC4:
- txform = &enc_xform_arc4;
- break;
case CRYPTO_CAMELLIA_CBC:
txform = &enc_xform_camellia;
break;
@@ -460,9 +440,6 @@
switch (sop->mac) {
case 0:
break;
- case CRYPTO_MD5_HMAC:
- thash = &auth_hash_hmac_md5;
- break;
case CRYPTO_POLY1305:
thash = &auth_hash_poly1305;
break;
@@ -847,49 +824,6 @@
free(cod, M_XDATA);
}
-static void
-cryptodev_warn(struct csession *cse)
-{
- static struct timeval arc4warn, blfwarn, castwarn, deswarn, md5warn;
- static struct timeval skipwarn, tdeswarn;
- const struct crypto_session_params *csp;
-
- csp = crypto_get_params(cse->cses);
- switch (csp->csp_cipher_alg) {
- case CRYPTO_DES_CBC:
- if (ratecheck(&deswarn, &warninterval))
- gone_in(13, "DES cipher via /dev/crypto");
- break;
- case CRYPTO_3DES_CBC:
- if (ratecheck(&tdeswarn, &warninterval))
- gone_in(13, "3DES cipher via /dev/crypto");
- break;
- case CRYPTO_BLF_CBC:
- if (ratecheck(&blfwarn, &warninterval))
- gone_in(13, "Blowfish cipher via /dev/crypto");
- break;
- case CRYPTO_CAST_CBC:
- if (ratecheck(&castwarn, &warninterval))
- gone_in(13, "CAST128 cipher via /dev/crypto");
- break;
- case CRYPTO_SKIPJACK_CBC:
- if (ratecheck(&skipwarn, &warninterval))
- gone_in(13, "Skipjack cipher via /dev/crypto");
- break;
- case CRYPTO_ARC4:
- if (ratecheck(&arc4warn, &warninterval))
- gone_in(13, "ARC4 cipher via /dev/crypto");
- break;
- }
-
- switch (csp->csp_auth_alg) {
- case CRYPTO_MD5_HMAC:
- if (ratecheck(&md5warn, &warninterval))
- gone_in(13, "MD5-HMAC authenticator via /dev/crypto");
- break;
- }
-}
-
static int
cryptodev_op(
struct csession *cse,
@@ -1040,7 +974,6 @@
goto bail;
}
}
- cryptodev_warn(cse);
again:
/*
* Let the dispatch run unlocked, then, interlock against the
@@ -1231,7 +1164,6 @@
SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
goto bail;
}
- cryptodev_warn(cse);
again:
/*
* Let the dispatch run unlocked, then, interlock against the
Index: tests/sys/opencrypto/cryptotest.py
===================================================================
--- tests/sys/opencrypto/cryptotest.py
+++ tests/sys/opencrypto/cryptotest.py
@@ -51,7 +51,6 @@
return iglob(os.path.join(katdir, base, glob))
aesmodules = [ 'cryptosoft0', 'aesni0', 'armv8crypto0', 'ccr0', 'ccp0' ]
-desmodules = [ 'cryptosoft0', ]
shamodules = [ 'cryptosoft0', 'aesni0', 'armv8crypto0', 'ccr0', 'ccp0' ]
def GenTestCase(cname):
@@ -332,46 +331,6 @@
" Expected: " + repr(data) + \
" on " + cname)
- ###############
- ##### DES #####
- ###############
- @unittest.skipIf(cname not in desmodules, 'skipping DES on %s' % (cname))
- def test_tdes(self):
- for i in katg('KAT_TDES', 'TCBC[a-z]*.rsp'):
- self.runTDES(i)
-
- def runTDES(self, fname):
- columns = [ 'COUNT', 'KEYs', 'IV', 'PLAINTEXT', 'CIPHERTEXT', ]
- with cryptodev.KATParser(fname, columns) as parser:
- self.runTDESWithParser(parser)
-
- def runTDESWithParser(self, parser):
- curfun = None
- for mode, lines in next(parser):
- if mode == 'ENCRYPT':
- swapptct = False
- curfun = Crypto.encrypt
- elif mode == 'DECRYPT':
- swapptct = True
- curfun = Crypto.decrypt
- else:
- raise RuntimeError('unknown mode: %r' % repr(mode))
-
- for data in lines:
- curcnt = int(data['COUNT'])
- key = data['KEYs'] * 3
- cipherkey = binascii.unhexlify(key)
- iv = binascii.unhexlify(data['IV'])
- pt = binascii.unhexlify(data['PLAINTEXT'])
- ct = binascii.unhexlify(data['CIPHERTEXT'])
-
- if swapptct:
- pt, ct = ct, pt
- # run the fun
- c = Crypto(cryptodev.CRYPTO_3DES_CBC, cipherkey, crid=crid)
- r = curfun(c, pt, iv)
- self.assertEqual(r, ct)
-
###############
##### SHA #####
###############

File Metadata

Mime Type
text/plain
Expires
Sun, Mar 15, 7:32 AM (4 h, 39 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
29707342
Default Alt Text
D24346.id70896.diff (5 KB)

Event Timeline