Date: Tue, 5 Dec 2006 04:43:01 GMT From: Sam Leffler <sam@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 111107 for review Message-ID: <200612050443.kB54h1Cx050262@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=111107 Change 111107 by sam@sam_ebb on 2006/12/05 04:42:46 move check of crypto_userasymcrypto from the core crypto code to the /dev/crypto ioctl handler where it belongs Affected files ... .. //depot/projects/crypto/sys/opencrypto/crypto.c#5 edit .. //depot/projects/crypto/sys/opencrypto/cryptodev.c#3 edit Differences ... ==== //depot/projects/crypto/sys/opencrypto/crypto.c#5 (text+ko) ==== @@ -1220,9 +1220,6 @@ { int hid, kalg, feat = 0; - if (!crypto_userasymcrypto) - goto out; - CRYPTO_DRIVER_LOCK(); for (hid = 0; hid < crypto_drivers_num; hid++) { if ((crypto_drivers[hid].cc_flags & CRYPTOCAP_F_SOFTWARE) && @@ -1235,7 +1232,6 @@ feat |= 1 << kalg; } CRYPTO_DRIVER_UNLOCK(); -out: *featp = feat; return (0); } ==== //depot/projects/crypto/sys/opencrypto/cryptodev.c#3 (text+ko) ==== @@ -325,7 +325,16 @@ error = cryptodev_key(kop); break; case CIOCASYMFEAT: - error = crypto_getfeat((int *)data); + if (!crypto_userasymcrypto) { + /* + * NB: if user asym crypto operations are + * not permitted return "no algorithms" + * so well-behaved applications will just + * fallback to doing them in software. + */ + *(int *)data = 0; + } else + error = crypto_getfeat((int *)data); break; case CIOCFINDDEV: error = cryptodev_find((struct crypt_find_op *)data);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200612050443.kB54h1Cx050262>