diff options
Diffstat (limited to 'freebsd/sys/opencrypto/cryptodev.c')
-rw-r--r-- | freebsd/sys/opencrypto/cryptodev.c | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/freebsd/sys/opencrypto/cryptodev.c b/freebsd/sys/opencrypto/cryptodev.c index 797616b5..02a03034 100644 --- a/freebsd/sys/opencrypto/cryptodev.c +++ b/freebsd/sys/opencrypto/cryptodev.c @@ -296,7 +296,13 @@ struct fcrypt { int sesn; }; +static struct timeval warninterval = { .tv_sec = 60, .tv_usec = 0 }; +SYSCTL_TIMEVAL_SEC(_kern, OID_AUTO, cryptodev_warn_interval, CTLFLAG_RW, + &warninterval, + "Delay in seconds between warnings of deprecated /dev/crypto algorithms"); + #ifndef __rtems__ +>>>>>>> e79fbf70f7e... RTEMS static int cryptof_ioctl(struct file *, u_long, void *, struct ucred *, struct thread *); static int cryptof_stat(struct file *, struct stat *, @@ -392,6 +398,8 @@ cryptof_ioctl( struct crypt_op copc; struct crypt_kop kopc; #endif + static struct timeval arc4warn, blfwarn, castwarn, deswarn, md5warn; + static struct timeval skipwarn, tdeswarn; switch (cmd) { case CIOCGSESSION: @@ -412,18 +420,28 @@ cryptof_ioctl( case 0: break; case CRYPTO_DES_CBC: + if (ratecheck(&deswarn, &warninterval)) + gone_in(13, "DES cipher via /dev/crypto"); txform = &enc_xform_des; break; case CRYPTO_3DES_CBC: + if (ratecheck(&tdeswarn, &warninterval)) + gone_in(13, "3DES cipher via /dev/crypto"); txform = &enc_xform_3des; break; case CRYPTO_BLF_CBC: + if (ratecheck(&blfwarn, &warninterval)) + gone_in(13, "Blowfish cipher via /dev/crypto"); txform = &enc_xform_blf; break; case CRYPTO_CAST_CBC: + if (ratecheck(&castwarn, &warninterval)) + gone_in(13, "CAST128 cipher via /dev/crypto"); txform = &enc_xform_cast5; break; case CRYPTO_SKIPJACK_CBC: + if (ratecheck(&skipwarn, &warninterval)) + gone_in(13, "Skipjack cipher via /dev/crypto"); txform = &enc_xform_skipjack; break; case CRYPTO_AES_CBC: @@ -436,6 +454,8 @@ cryptof_ioctl( txform = &enc_xform_null; break; case CRYPTO_ARC4: + if (ratecheck(&arc4warn, &warninterval)) + gone_in(13, "ARC4 cipher via /dev/crypto"); txform = &enc_xform_arc4; break; case CRYPTO_CAMELLIA_CBC: @@ -464,6 +484,9 @@ cryptof_ioctl( case 0: break; case CRYPTO_MD5_HMAC: + if (ratecheck(&md5warn, &warninterval)) + gone_in(13, + "MD5-HMAC authenticator via /dev/crypto"); thash = &auth_hash_hmac_md5; break; case CRYPTO_POLY1305: |