Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 5 Dec 2006 04:46:05 GMT
From:      Sam Leffler <sam@FreeBSD.org>
To:        Perforce Change Reviews <perforce@freebsd.org>
Subject:   PERFORCE change 111108 for review
Message-ID:  <200612050446.kB54k5L1050542@repoman.freebsd.org>

next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=111108

Change 111108 by sam@sam_ebb on 2006/12/05 04:46:00

	crypto_userasymcrypto is supposed to control whether users
	can submit asym crypto operations but it only controlled
	the return value of getfeat (returning 0 so user apps assumed
	there were no algorithms available in the kernel); clearly
	this is wrong, if you want to disallow operations you have
	to have check this variable for key op ioctls

Affected files ...

.. //depot/projects/crypto/sys/opencrypto/cryptodev.c#4 edit

Differences ...

==== //depot/projects/crypto/sys/opencrypto/cryptodev.c#4 (text+ko) ====

@@ -316,6 +316,8 @@
 		break;
 	case CIOCKEY:
 	case CIOCKEY2:
+		if (!crypto_userasymcrypto)
+			return (EPERM);		/* XXX compat? */
 		kop = (struct crypt_kop *)data;
 		if (cmd == CIOCKEY) {
 			/* for backwards compatibility */



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200612050446.kB54k5L1050542>