PERFORCE change 111108 for review
Sam Leffler
sam at FreeBSD.org
Mon Dec 4 20:46:06 PST 2006
http://perforce.freebsd.org/chv.cgi?CH=111108
Change 111108 by sam at sam_ebb on 2006/12/05 04:46:00
crypto_userasymcrypto is supposed to control whether users
can submit asym crypto operations but it only controlled
the return value of getfeat (returning 0 so user apps assumed
there were no algorithms available in the kernel); clearly
this is wrong, if you want to disallow operations you have
to have check this variable for key op ioctls
Affected files ...
.. //depot/projects/crypto/sys/opencrypto/cryptodev.c#4 edit
Differences ...
==== //depot/projects/crypto/sys/opencrypto/cryptodev.c#4 (text+ko) ====
@@ -316,6 +316,8 @@
break;
case CIOCKEY:
case CIOCKEY2:
+ if (!crypto_userasymcrypto)
+ return (EPERM); /* XXX compat? */
kop = (struct crypt_kop *)data;
if (cmd == CIOCKEY) {
/* for backwards compatibility */
More information about the p4-projects
mailing list