Date: Tue, 5 Dec 2006 04:46:05 GMT From: Sam Leffler <sam@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 111108 for review Message-ID: <200612050446.kB54k5L1050542@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=111108 Change 111108 by sam@sam_ebb on 2006/12/05 04:46:00 crypto_userasymcrypto is supposed to control whether users can submit asym crypto operations but it only controlled the return value of getfeat (returning 0 so user apps assumed there were no algorithms available in the kernel); clearly this is wrong, if you want to disallow operations you have to have check this variable for key op ioctls Affected files ... .. //depot/projects/crypto/sys/opencrypto/cryptodev.c#4 edit Differences ... ==== //depot/projects/crypto/sys/opencrypto/cryptodev.c#4 (text+ko) ==== @@ -316,6 +316,8 @@ break; case CIOCKEY: case CIOCKEY2: + if (!crypto_userasymcrypto) + return (EPERM); /* XXX compat? */ kop = (struct crypt_kop *)data; if (cmd == CIOCKEY) { /* for backwards compatibility */
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200612050446.kB54k5L1050542>