PERFORCE change 111109 for review
Sam Leffler
sam at FreeBSD.org
Mon Dec 4 20:51:13 PST 2006
http://perforce.freebsd.org/chv.cgi?CH=111109
Change 111109 by sam at sam_ebb on 2006/12/05 04:51:11
o operations submitted through /dev/crypto are not supposed to
use a s/w driver; we must explicitly check this for symmetric
operations for the new ioctl that allows applications to
specify a particular device/driver
o fix comment for asym op case to explain the equivalent check
is done in the core code
NB: returning EINVAL for these cases isn't really helpful
Affected files ...
.. //depot/projects/crypto/sys/opencrypto/cryptodev.c#5 edit
Differences ...
==== //depot/projects/crypto/sys/opencrypto/cryptodev.c#5 (text+ko) ====
@@ -129,6 +129,22 @@
return (EIO);
}
+/*
+ * Check a crypto identifier to see if it requested
+ * a software device/driver. This can be done either
+ * by device name/class or through search constraints.
+ */
+static int
+checkforsoftware(int crid)
+{
+ if (crid & CRYPTOCAP_F_SOFTWARE)
+ return EINVAL; /* XXX */
+ if ((crid & CRYPTOCAP_F_HARDWARE) == 0 &&
+ (crypto_getcaps(crid) & CRYPTOCAP_F_HARDWARE) == 0)
+ return EINVAL; /* XXX */
+ return 0;
+}
+
/* ARGSUSED */
static int
cryptof_ioctl(
@@ -149,7 +165,7 @@
struct crypt_kop *kop;
u_int64_t sid;
u_int32_t ses;
- int error = 0;
+ int error = 0, crid;
/*
* XXX: Not sure Giant is needed, but better safe than sorry
@@ -267,9 +283,14 @@
}
/* NB: CIOGSESSION2 has the crid */
- error = crypto_newsession(&sid, (txform ? &crie : &cria),
- cmd == CIOCGSESSION2 ?
- SES2(sop)->crid : CRYPTOCAP_F_HARDWARE);
+ if (cmd == CIOCGSESSION2) {
+ crid = SES2(sop)->crid;
+ error = checkforsoftware(crid);
+ if (error)
+ goto bail;
+ } else
+ crid = CRYPTOCAP_F_HARDWARE;
+ error = crypto_newsession(&sid, (txform ? &crie : &cria), crid);
if (error)
goto bail;
@@ -320,7 +341,7 @@
return (EPERM); /* XXX compat? */
kop = (struct crypt_kop *)data;
if (cmd == CIOCKEY) {
- /* for backwards compatibility */
+ /* NB: crypto core enforces s/w driver use */
kop->crk_crid =
CRYPTOCAP_F_HARDWARE | CRYPTOCAP_F_SOFTWARE;
}
More information about the p4-projects
mailing list