D20344.diff
No OneTemporary
Actions

Size

2 KB

Referenced Files

None

Subscribers

None

D20344.diff
View Options

	Index: head/lib/geom/eli/geli.8
	===================================================================
	--- head/lib/geom/eli/geli.8
	+++ head/lib/geom/eli/geli.8
	@@ -24,7 +24,7 @@
	.\"
	.\" $FreeBSD$
	.\"
	-.Dd April 3, 2019
	+.Dd May 23, 2019
	.Dt GELI 8
	.Os
	.Sh NAME
	@@ -901,6 +901,18 @@
	.El
	.Sh EXIT STATUS
	Exit status is 0 on success, and 1 if the command fails.
	+.Sh DEPRECATION NOTICE
	+Support for the
	+.Nm Blowfish-CBC
	+and
	+.Nm 3DES-CBC
	+cryptographic algorithms and
	+.Nm HMAC/MD5
	+authentication algorithm will be removed in
	+.Fx 13.0 .
	+New volumes cannot be created using these algorithms.
	+Existing volumes should be migrated to a new volume that uses
	+non-deprecated algorithms.
	.Sh EXAMPLES
	Initialize a provider which is going to be encrypted with a
	passphrase and random data from a file on the user's pen drive.
	@@ -1134,7 +1146,7 @@
	.Fx 6.0 .
	Support for the
	.Nm Camellia
	-block cipher is implemented by Yoshisato Yanagisawa in
	+block cipher was implemented by Yoshisato Yanagisawa in
	.Fx 7.0 .
	.Pp
	Highest
	Index: head/lib/geom/eli/geom_eli.c
	===================================================================
	--- head/lib/geom/eli/geom_eli.c
	+++ head/lib/geom/eli/geom_eli.c
	@@ -805,6 +805,22 @@
	return;
	}
	}
	+ if (md.md_flags & G_ELI_FLAG_AUTH) {
	+ switch (md.md_aalgo) {
	+ case CRYPTO_MD5_HMAC:
	+ gctl_error(req,
	+ "The %s authentication algorithm is deprecated.",
	+ g_eli_algo2str(md.md_aalgo));
	+ return;
	+ }
	+ }
	+ switch (md.md_ealgo) {
	+ case CRYPTO_3DES_CBC:
	+ case CRYPTO_BLF_CBC:
	+ gctl_error(req, "The %s encryption algorithm is deprecated.",
	+ g_eli_algo2str(md.md_aalgo));
	+ return;
	+ }
	val = gctl_get_intmax(req, "keylen");
	md.md_keylen = val;
	md.md_keylen = g_eli_keylen(md.md_ealgo, md.md_keylen);
	Index: head/sys/geom/eli/g_eli.c
	===================================================================
	--- head/sys/geom/eli/g_eli.c
	+++ head/sys/geom/eli/g_eli.c
	@@ -960,8 +960,25 @@
	G_ELI_DEBUG(0, "Device %s created.", pp->name);
	G_ELI_DEBUG(0, "Encryption: %s %u", g_eli_algo2str(sc->sc_ealgo),
	sc->sc_ekeylen);
	- if (sc->sc_flags & G_ELI_FLAG_AUTH)
	+ switch (sc->sc_ealgo) {
	+ case CRYPTO_3DES_CBC:
	+ gone_in(13,
	+ "support for GEOM_ELI volumes encrypted with 3des");
	+ break;
	+ case CRYPTO_BLF_CBC:
	+ gone_in(13,
	+ "support for GEOM_ELI volumes encrypted with blowfish");
	+ break;
	+ }
	+ if (sc->sc_flags & G_ELI_FLAG_AUTH) {
	G_ELI_DEBUG(0, " Integrity: %s", g_eli_algo2str(sc->sc_aalgo));
	+ switch (sc->sc_aalgo) {
	+ case CRYPTO_MD5_HMAC:
	+ gone_in(13,
	+ "support for GEOM_ELI volumes authenticated with hmac/md5");
	+ break;
	+ }
	+ }
	G_ELI_DEBUG(0, " Crypto: %s",
	sc->sc_crypto == G_ELI_CRYPTO_SW ? "software" : "hardware");
	return (gp);

File Metadata

Mime Type: text/plain
Expires: Fri, May 15, 5:31 PM (9 h, 13 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 33092080
Default Alt Text: D20344.diff (2 KB)

D20344.diffNo OneTemporaryActions

D20344.diffView Options

File Metadata

Event Timeline

D20344.diff
No OneTemporary
Actions

D20344.diff
View Options