CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit

author	jhb <jhb@FreeBSD.org>
	Mon, 3 Jun 2019 21:04:23 +0000 (21:04 +0000)
committer	jhb <jhb@FreeBSD.org>
	Mon, 3 Jun 2019 21:04:23 +0000 (21:04 +0000)
commit	4239497352ddf236a6153faff3680765af1452b5
tree	c41ed33d737b82b2842f864d2fbad348c36eb96a	tree \| snapshot
parent	b3de223927216764b3981faf97c899622dc9ae0b	commit \| diff

MFC 348206,348231,348454: GELI crypto deprecation warnings.

348206:
Add deprecation warnings for weaker algorithms to geli(4).

- Triple DES has been formally deprecated in Kerberos (RFC 8429)
  and is soon to be deprecated in IPsec (RFC 8221).
- Blowfish is deprecated.  FreeBSD doesn't support its successor
  (Twofish).
- MD5 is generally considered a weak digest that has known attacks.

geli refuses to create new volumes using these algorithms via 'geli
init'.  It also warns when attaching to existing volumes or creating
temporary volumes via 'geli onetime' .  The plan is to fully remove
support for these algorithms in FreeBSD 13.

Note that none of these algorithms have ever been the default
algorithm used by geli(8).  Users would have had to explicitly select
these algorithms when creating volumes in the past.

348231:
Correct the argument passed to g_eli_algo2str()

348454:
Remove tests for the deprecated algorithms in r348206

The tests are failing because the return value and output have changed, but
before test code structure adjusted, removing these test cases help people
be able to focus on more important cases.

Approved by: re (gjb)
Relnotes: yes

sbin/geom/class/eli/geli.8		diff \| blob \| history
sbin/geom/class/eli/geom_eli.c		diff \| blob \| history
sys/geom/eli/g_eli.c		diff \| blob \| history
tests/sys/geom/class/eli/conf.sh		diff \| blob \| history
tests/sys/geom/class/eli/init_test.sh		diff \| blob \| history