aboutsummaryrefslogtreecommitdiff
path: root/sys/netipsec
diff options
context:
space:
mode:
authorJohn Baldwin <jhb@FreeBSD.org>2020-05-02 00:06:58 +0000
committerJohn Baldwin <jhb@FreeBSD.org>2020-05-02 00:06:58 +0000
commit16aabb761c0a8e5fb120594fcce4f2bf79fad61e (patch)
tree62f2c0af310c3243e51cf8133e1261cff87ecf2d /sys/netipsec
parent4d7e9134bb1f9745229a350b5a3014af64650012 (diff)
downloadsrc-16aabb761c0a8e5fb120594fcce4f2bf79fad61e.tar.gz
src-16aabb761c0a8e5fb120594fcce4f2bf79fad61e.zip
Remove support for IPsec algorithms deprecated in r348205 and r360202.
Examples of depecrated algorithms in manual pages and sample configs are updated where relevant. I removed the one example of combining ESP and AH (vs using a cipher and auth in ESP) as RFC 8221 says this combination is NOT RECOMMENDED. Specifically, this removes support for the following ciphers: - des-cbc - 3des-cbc - blowfish-cbc - cast128-cbc - des-deriv - des-32iv - camellia-cbc This also removes support for the following authentication algorithms: - hmac-md5 - keyed-md5 - keyed-sha1 - hmac-ripemd160 Reviewed by: cem, gnn (older verisons) Relnotes: yes Sponsored by: Chelsio Communications Differential Revision: https://reviews.freebsd.org/D24342
Notes
Notes: svn path=/head/; revision=360557
Diffstat (limited to 'sys/netipsec')
-rw-r--r--sys/netipsec/ipsec.c5
-rw-r--r--sys/netipsec/ipsec.h2
-rw-r--r--sys/netipsec/key.c12
-rw-r--r--sys/netipsec/xform_ah.c26
-rw-r--r--sys/netipsec/xform_esp.c25
5 files changed, 1 insertions, 69 deletions
diff --git a/sys/netipsec/ipsec.c b/sys/netipsec/ipsec.c
index c6454547c5c2..f8ba71cf6635 100644
--- a/sys/netipsec/ipsec.c
+++ b/sys/netipsec/ipsec.c
@@ -217,11 +217,6 @@ SYSCTL_INT(_net_inet_ipsec, OID_AUTO, filtertunnel,
SYSCTL_VNET_PCPUSTAT(_net_inet_ipsec, OID_AUTO, ipsecstats, struct ipsecstat,
ipsec4stat, "IPsec IPv4 statistics.");
-struct timeval ipsec_warn_interval = { .tv_sec = 1, .tv_usec = 0 };
-SYSCTL_TIMEVAL_SEC(_net_inet_ipsec, OID_AUTO, crypto_warn_interval, CTLFLAG_RW,
- &ipsec_warn_interval,
- "Delay in seconds between warnings of deprecated IPsec crypto algorithms.");
-
#ifdef REGRESSION
/*
* When set to 1, IPsec will send packets with the same sequence number.
diff --git a/sys/netipsec/ipsec.h b/sys/netipsec/ipsec.h
index 345faa3618c8..0124b12c20cd 100644
--- a/sys/netipsec/ipsec.h
+++ b/sys/netipsec/ipsec.h
@@ -287,8 +287,6 @@ VNET_DECLARE(int, crypto_support);
VNET_DECLARE(int, async_crypto);
VNET_DECLARE(int, natt_cksum_policy);
-extern struct timeval ipsec_warn_interval;
-
#define IPSECSTAT_INC(name) \
VNET_PCPUSTAT_ADD(struct ipsecstat, ipsec4stat, name, 1)
#define V_ip4_esp_trans_deflev VNET(ip4_esp_trans_deflev)
diff --git a/sys/netipsec/key.c b/sys/netipsec/key.c
index e6ffea434f5e..f97c2195af9d 100644
--- a/sys/netipsec/key.c
+++ b/sys/netipsec/key.c
@@ -583,13 +583,8 @@ static struct supported_ealgs {
int sadb_alg;
const struct enc_xform *xform;
} supported_ealgs[] = {
- { SADB_EALG_DESCBC, &enc_xform_des },
- { SADB_EALG_3DESCBC, &enc_xform_3des },
{ SADB_X_EALG_AES, &enc_xform_rijndael128 },
- { SADB_X_EALG_BLOWFISHCBC, &enc_xform_blf },
- { SADB_X_EALG_CAST128CBC, &enc_xform_cast5 },
{ SADB_EALG_NULL, &enc_xform_null },
- { SADB_X_EALG_CAMELLIACBC, &enc_xform_camellia },
{ SADB_X_EALG_AESCTR, &enc_xform_aes_icm },
{ SADB_X_EALG_AESGCM16, &enc_xform_aes_nist_gcm },
{ SADB_X_EALG_AESGMAC, &enc_xform_aes_nist_gmac },
@@ -600,11 +595,7 @@ static struct supported_aalgs {
const struct auth_hash *xform;
} supported_aalgs[] = {
{ SADB_X_AALG_NULL, &auth_hash_null },
- { SADB_AALG_MD5HMAC, &auth_hash_hmac_md5 },
{ SADB_AALG_SHA1HMAC, &auth_hash_hmac_sha1 },
- { SADB_X_AALG_RIPEMD160HMAC, &auth_hash_hmac_ripemd_160 },
- { SADB_X_AALG_MD5, &auth_hash_key_md5 },
- { SADB_X_AALG_SHA, &auth_hash_key_sha1 },
{ SADB_X_AALG_SHA2_256, &auth_hash_hmac_sha2_256 },
{ SADB_X_AALG_SHA2_384, &auth_hash_hmac_sha2_384 },
{ SADB_X_AALG_SHA2_512, &auth_hash_hmac_sha2_512 },
@@ -6381,8 +6372,6 @@ key_getsizes_ah(const struct auth_hash *ah, int alg, u_int16_t* min,
* key size is restricted. Enforce this here.
*/
switch (alg) {
- case SADB_X_AALG_MD5: *min = *max = 16; break;
- case SADB_X_AALG_SHA: *min = *max = 20; break;
case SADB_X_AALG_NULL: *min = 1; *max = 256; break;
case SADB_X_AALG_SHA2_256: *min = *max = 32; break;
case SADB_X_AALG_SHA2_384: *min = *max = 48; break;
@@ -6413,7 +6402,6 @@ key_getcomb_ah()
#if 1
/* we prefer HMAC algorithms, not old algorithms */
if (i != SADB_AALG_SHA1HMAC &&
- i != SADB_AALG_MD5HMAC &&
i != SADB_X_AALG_SHA2_256 &&
i != SADB_X_AALG_SHA2_384 &&
i != SADB_X_AALG_SHA2_512)
diff --git a/sys/netipsec/xform_ah.c b/sys/netipsec/xform_ah.c
index 834376634d5a..9c6026481ddf 100644
--- a/sys/netipsec/xform_ah.c
+++ b/sys/netipsec/xform_ah.c
@@ -108,7 +108,6 @@ SYSCTL_VNET_PCPUSTAT(_net_inet_ah, IPSECCTL_STATS, stats, struct ahstat,
#endif
static unsigned char ipseczeroes[256]; /* larger than an ip6 extension hdr */
-static struct timeval md5warn, ripewarn, kpdkmd5warn, kpdksha1warn;
static int ah_input_cb(struct cryptop*);
static int ah_output_cb(struct cryptop*);
@@ -185,25 +184,6 @@ ah_init0(struct secasvar *sav, struct xformsw *xsp,
return EINVAL;
}
- switch (sav->alg_auth) {
- case SADB_AALG_MD5HMAC:
- if (ratecheck(&md5warn, &ipsec_warn_interval))
- gone_in(13, "MD5-HMAC authenticator for IPsec");
- break;
- case SADB_X_AALG_RIPEMD160HMAC:
- if (ratecheck(&ripewarn, &ipsec_warn_interval))
- gone_in(13, "RIPEMD160-HMAC authenticator for IPsec");
- break;
- case SADB_X_AALG_MD5:
- if (ratecheck(&kpdkmd5warn, &ipsec_warn_interval))
- gone_in(13, "Keyed-MD5 authenticator for IPsec");
- break;
- case SADB_X_AALG_SHA:
- if (ratecheck(&kpdksha1warn, &ipsec_warn_interval))
- gone_in(13, "Keyed-SHA1 authenticator for IPsec");
- break;
- }
-
/*
* Verify the replay state block allocation is consistent with
* the protocol type. We check here so we can make assumptions
@@ -317,11 +297,7 @@ ah_massage_headers(struct mbuf **m0, int proto, int skip, int alg, int out)
ip->ip_tos = 0;
ip->ip_ttl = 0;
ip->ip_sum = 0;
-
- if (alg == CRYPTO_MD5_KPDK || alg == CRYPTO_SHA1_KPDK)
- ip->ip_off &= htons(IP_DF);
- else
- ip->ip_off = htons(0);
+ ip->ip_off = htons(0);
ptr = mtod(m, unsigned char *);
diff --git a/sys/netipsec/xform_esp.c b/sys/netipsec/xform_esp.c
index 2195f28d70c6..22ffc92f5cb9 100644
--- a/sys/netipsec/xform_esp.c
+++ b/sys/netipsec/xform_esp.c
@@ -94,8 +94,6 @@ SYSCTL_VNET_PCPUSTAT(_net_inet_esp, IPSECCTL_STATS, stats,
struct espstat, espstat,
"ESP statistics (struct espstat, netipsec/esp_var.h");
-static struct timeval deswarn, blfwarn, castwarn, camelliawarn, tdeswarn;
-
static int esp_input_cb(struct cryptop *op);
static int esp_output_cb(struct cryptop *crp);
@@ -159,29 +157,6 @@ esp_init(struct secasvar *sav, struct xformsw *xsp)
return EINVAL;
}
- switch (sav->alg_enc) {
- case SADB_EALG_DESCBC:
- if (ratecheck(&deswarn, &ipsec_warn_interval))
- gone_in(13, "DES cipher for IPsec");
- break;
- case SADB_EALG_3DESCBC:
- if (ratecheck(&tdeswarn, &ipsec_warn_interval))
- gone_in(13, "3DES cipher for IPsec");
- break;
- case SADB_X_EALG_BLOWFISHCBC:
- if (ratecheck(&blfwarn, &ipsec_warn_interval))
- gone_in(13, "Blowfish cipher for IPsec");
- break;
- case SADB_X_EALG_CAST128CBC:
- if (ratecheck(&castwarn, &ipsec_warn_interval))
- gone_in(13, "CAST cipher for IPsec");
- break;
- case SADB_X_EALG_CAMELLIACBC:
- if (ratecheck(&camelliawarn, &ipsec_warn_interval))
- gone_in(13, "Camellia cipher for IPsec");
- break;
- }
-
/* subtract off the salt, RFC4106, 8.1 and RFC3686, 5.1 */
keylen = _KEYLEN(sav->key_enc) - SAV_ISCTRORGCM(sav) * 4;
if (txform->minkey > keylen || keylen > txform->maxkey) {