[src/trunk]: src/sys/opencrypto Clean up userlevel access to software kernel ...

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/trunk]: src/sys/opencrypto Clean up userlevel access to software kernel ...
From: jonathan <jonathan%NetBSD.org@localhost>
Date: Fri, 24 Jan 2020 14:04:01 +0000

details:   https://anonhg.NetBSD.org/src/rev/1d89862d9164
branches:  trunk
changeset: 555496:1d89862d9164
user:      jonathan <jonathan%NetBSD.org@localhost>
date:      Wed Nov 19 03:18:33 2003 +0000

description:
Clean up userlevel access to software kernel transforms, in preparation
for using /dev/crypto for OpenSSL:

1. Add comments explaining crypto_devallowsoft, explaining the
OpenBSD-style three-way logic actully implemented in crypto_newsession().

2. Pass crypto_devallowsoft as the final argument to crypto_newsession(),
instead of a constant 0 value.

3. Set the default value of crypto_devallowsoft to 1, to allow
/dev/crypto access only for hardware-supported transforms.

Items 1-3 may be revised to match the FreeBSD two-way logic, if the
consensus is that there's no point to forcing software transforms.
But as a first step, let the description match what the code actually does.

GC unused variables usercrypto, userasmcrypto, cryptodevallowsoft from
cryptodev.c, in favour of variables crypto_usercrypto, crypto_userasmcrypto,
crypto_devallowsoft, which are used as well as defined in crypto.c.

diffstat:

 sys/opencrypto/crypto.c    |  21 +++++++++++++++++----
 sys/opencrypto/cryptodev.c |  13 +++++++------
 2 files changed, 24 insertions(+), 10 deletions(-)

diffs (90 lines):

diff -r 0b6f2939928b -r 1d89862d9164 sys/opencrypto/crypto.c
--- a/sys/opencrypto/crypto.c   Wed Nov 19 02:54:50 2003 +0000
+++ b/sys/opencrypto/crypto.c   Wed Nov 19 03:18:33 2003 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: crypto.c,v 1.5 2003/11/09 11:09:11 scw Exp $ */
+/*     $NetBSD: crypto.c,v 1.6 2003/11/19 03:18:33 jonathan Exp $ */
 /*     $FreeBSD: src/sys/opencrypto/crypto.c,v 1.4.2.5 2003/02/26 00:14:05 sam Exp $   */
 /*     $OpenBSD: crypto.c,v 1.41 2002/07/17 23:52:38 art Exp $ */
 
@@ -24,7 +24,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: crypto.c,v 1.5 2003/11/09 11:09:11 scw Exp $");
+__KERNEL_RCSID(0, "$NetBSD: crypto.c,v 1.6 2003/11/19 03:18:33 jonathan Exp $");
 
 /* XXX FIXME: should be defopt'ed */
 #define CRYPTO_TIMING                  /* enable cryptop timing stuff */
@@ -105,7 +105,20 @@
 
 int    crypto_usercrypto = 1;          /* userland may open /dev/crypto */
 int    crypto_userasymcrypto = 1;      /* userland may do asym crypto reqs */
-int    crypto_devallowsoft = 0;        /* only use hardware crypto for asym */
+/* 
+ * cryptodevallowsoft is (intended to be) sysctl'able, controlling
+ * access to hardware versus software transforms as below:
+ *
+ * crypto_devallowsoft < 0:  Force userlevel requests to use software
+ *                              transforms, always
+ * crypto_devallowsoft = 0:  Use hardware if present, grant userlevel
+ *                              requests for non-accelerated transforms
+ *                              (handling the latter in software)
+ * crypto_devallowsoft > 0:  Allow user requests only for transforms which
+ *                               are hardware-accelerated.
+ */
+int    crypto_devallowsoft = 1;        /* only use hardware crypto for asym */
+
 #ifdef __FreeBSD__
 SYSCTL_INT(_kern, OID_AUTO, usercrypto, CTLFLAG_RW,
           &crypto_usercrypto, 0,
@@ -1013,7 +1026,7 @@
 
        for (hid = 0; hid < crypto_drivers_num; hid++) {
                if ((crypto_drivers[hid].cc_flags & CRYPTOCAP_F_SOFTWARE) &&
-                   !crypto_devallowsoft) {
+                   crypto_devallowsoft = 0) {
                        continue;
                }
                if (crypto_drivers[hid].cc_kprocess == NULL)
diff -r 0b6f2939928b -r 1d89862d9164 sys/opencrypto/cryptodev.c
--- a/sys/opencrypto/cryptodev.c        Wed Nov 19 02:54:50 2003 +0000
+++ b/sys/opencrypto/cryptodev.c        Wed Nov 19 03:18:33 2003 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: cryptodev.c,v 1.8 2003/11/16 00:16:06 jonathan Exp $ */
+/*     $NetBSD: cryptodev.c,v 1.9 2003/11/19 03:18:33 jonathan Exp $ */
 /*     $FreeBSD: src/sys/opencrypto/cryptodev.c,v 1.4.2.4 2003/06/03 00:09:02 sam Exp $        */
 /*     $OpenBSD: cryptodev.c,v 1.53 2002/07/10 22:21:30 mickey Exp $   */
 
@@ -35,7 +35,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: cryptodev.c,v 1.8 2003/11/16 00:16:06 jonathan Exp $");
+__KERNEL_RCSID(0, "$NetBSD: cryptodev.c,v 1.9 2003/11/19 03:18:33 jonathan Exp $");
 
 #include <sys/param.h>
 #include <sys/systm.h>
@@ -129,9 +129,10 @@
 static int     cryptodev_cb(void *);
 static int     cryptodevkey_cb(void *);
 
-int    usercrypto = 1;         /* userland may do crypto requests */
-int    userasymcrypto = 1;     /* userland may do asymmetric crypto reqs */
-int    cryptodevallowsoft = 1; /* only use hardware crypto */
+/*
+ * sysctl-able control variables for /dev/crypto now defined in crypto.c:
+ * crypto_usercrypto, crypto_userasmcrypto, crypto_devallowsoft.
+ */
 
 /* ARGSUSED */
 int
@@ -272,7 +273,7 @@
                }
 
                error = crypto_newsession(&sid, (txform ? &crie : &cria),
-                           0);
+                           crypto_devallowsoft);
                if (error) {
                        /* this is an auditable security event? */
                        printf("SIOCSESSION violates kernel parameters\n");

Prev by Date: [src/trunk]: src/sys/arch/acorn32/stand/lib Save arguments passed into scratc...
Next by Date: [src/trunk]: src/regress/lib/libpthread/sem Actually print self in the "Threa...
Previous by Thread: [src/trunk]: src/sys/arch/acorn32/stand/lib Save arguments passed into scratc...
Next by Thread: [src/trunk]: src/regress/lib/libpthread/sem Actually print self in the "Threa...
Indexes:

Home | Main Index | Thread Index | Old Index