On Wed, Sep 17, 2025 at 12:44:35PM +0100, Crystal Kolipe wrote:
> On Wed, Sep 17, 2025 at 01:42:59AM +0200, Jeremie Courreges-Anglas wrote:
> > On Wed, Sep 17, 2025 at 09:29:12AM +1000, Damien Miller wrote:
> > > On Wed, 17 Sep 2025, Jeremie Courreges-Anglas wrote:
> > > 
> > > > Should vnconfig move from blowfish, it should probably be to a scheme
> > > > actually designed for data storage like AES-XTS (like softraid CRYPTO)
> > > > or similar.
> > > > 
> > > >   https://en.wikipedia.org/wiki/Disk_encryption_theory
> > > > 
> > > > I'm no crypto expert, but I doubt that moving from blowfish-CBC to
> > > > AES-CBC would be a big win.
> > > 
> > > softraid already uses AES-XTS for encrypted volumes.
> > 
> > Yup.
> > 
> > > IMO vnconfig
> > > crypto is just legacy and should be removed.
> > 
> > From looking at the code, vnconfig already says:
> > 
> >   WARNING: Consider using softraid crypto.
> > 
> > Maybe we should make it clear that we're going to remove this code,
> > say, for 7.9?  If people actually wanted to keep using this, I guess
> > someone would have stepped up by now.
> 
> Surely it's more likely that anyone who is already using it would just ignore
> the warning and assume that it's aimed at new users?  Exactly because there is
> no mention of the vnconfig encryption support being removed.
> 
> Why not start by making the related options undocumented in the manual?

You're saying people ignore the warning because it doesn't mention a
pending removal, but instead of fixing that, you make it harder for
users to get at the documentation needed to migrate their data.

It seems we all agree that these options should be removed, so ok for
the diff below?


Index: vnconfig.8
===================================================================
RCS file: /cvs/src/sbin/vnconfig/vnconfig.8,v
diff -u -p -r1.7 vnconfig.8
--- vnconfig.8	16 Aug 2022 13:59:51 -0000	1.7
+++ vnconfig.8	17 Sep 2025 12:22:15 -0000
@@ -90,6 +90,8 @@ to
 The options are as follows:
 .Bl -tag -width Ds
 .It Fl K Ar rounds
+DEPRECATED OPTION, see
+.Sx CAVEATS .
 Associate an encryption key with the device.
 All data will be encrypted using the Blowfish cipher before it is
 written to the disk.
@@ -105,6 +107,8 @@ is a number between 1000 and
 .Dv INT_MAX .
 DO NOT LOSE THE SALT FILE.
 .It Fl k
+DEPRECATED OPTION, see
+.Sx CAVEATS .
 Associate an encryption key with the device.
 The user is asked for the encryption key.
 All data will be encrypted using the Blowfish cipher before it is
@@ -115,6 +119,8 @@ If a specific
 .Ar vnd_dev
 is given, then only that one will be described.
 .It Fl S Ar saltfile
+DEPRECATED OPTION, see
+.Sx CAVEATS .
 When
 .Fl K
 is used, specify the
@@ -174,3 +180,10 @@ The
 .Nm
 command first appeared in
 .Ox 4.2 .
+.Sh CAVEATS
+vnconfig encryption support will be removed in a future
+.Ox
+release.
+Consider migrating your data and using
+.Xr softraid 4
+CRYPTO instead.
Index: vnconfig.c
===================================================================
RCS file: /cvs/src/sbin/vnconfig/vnconfig.c,v
diff -u -p -r1.14 vnconfig.c
--- vnconfig.c	9 Nov 2024 10:57:06 -0000	1.14
+++ vnconfig.c	17 Sep 2025 12:12:30 -0000
@@ -133,8 +133,13 @@ main(int argc, char **argv)
 		} else
 			usage();
 
-		if (opt_k || opt_K)
-			fprintf(stderr, "WARNING: Consider using softraid crypto.\n");
+		if (opt_k || opt_K) {
+			fprintf(stderr,
+			    "WARNING: vnconfig encryption support will be "
+			    "removed in a future OpenBSD release.\n");
+			fprintf(stderr, "WARNING: Consider migrating your data "
+			    "and using softraid crypto.\n");
+		}
 		if (opt_k) {
 			if (opt_K)
 				errx(1, "-k and -K are mutually exclusive");


-- 
jca