Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 27 Feb 2019 19:27:16 +0000 (UTC)
From:      Sean Eric Fagan <sef@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r344630 - head/tools/tools/crypto
Message-ID:  <201902271927.x1RJRGUY072365@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: sef
Date: Wed Feb 27 19:27:16 2019
New Revision: 344630
URL: https://svnweb.freebsd.org/changeset/base/344630

Log:
  Have cryptocheck toggle kern.cryptodevallowsoft if necessary (this
  requires root access).
  
  Reviewed by:	cem, jhb
  Sponsored by:	iXsystems, Inc.
  Differential Revision:	https://reviews.freebsd.org/D19372

Modified:
  head/tools/tools/crypto/cryptocheck.c

Modified: head/tools/tools/crypto/cryptocheck.c
==============================================================================
--- head/tools/tools/crypto/cryptocheck.c	Wed Feb 27 18:13:41 2019	(r344629)
+++ head/tools/tools/crypto/cryptocheck.c	Wed Feb 27 19:27:16 2019	(r344630)
@@ -111,6 +111,7 @@
  */
 
 #include <sys/param.h>
+#include <sys/sysctl.h>
 #include <assert.h>
 #include <err.h>
 #include <fcntl.h>
@@ -275,13 +276,41 @@ devcrypto(void)
 	return (fd);
 }
 
+/*
+ * Called on exit to change kern.cryptodevallowsoft back to 0
+ */
+#define CRYPT_SOFT_ALLOW	"kern.cryptodevallowsoft"
+
+static void
+reset_user_soft(void)
+{
+	int off = 0;
+	sysctlbyname(CRYPT_SOFT_ALLOW, NULL, NULL, &off, sizeof(off));
+}
+
+static void
+enable_user_soft(void)
+{
+	int curstate;
+	int on = 1;
+	size_t cursize = sizeof(curstate);
+
+	if (sysctlbyname(CRYPT_SOFT_ALLOW, &curstate, &cursize,
+		&on, sizeof(on)) == 0) {
+		if (curstate == 0)
+			atexit(reset_user_soft);
+	}
+}
+
 static int
 crlookup(const char *devname)
 {
 	struct crypt_find_op find;
 
-	if (strncmp(devname, "soft", 4) == 0)
+	if (strncmp(devname, "soft", 4) == 0) {
+		enable_user_soft();
 		return CRYPTO_FLAG_SOFTWARE;
+	}
 
 	find.crid = -1;
 	strlcpy(find.name, devname, sizeof(find.name));

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201902271927.x1RJRGUY072365>