Have cryptocheck toggle kern.cryptodevallowsoft if necessary (this

requires root access). Reviewed by: cem, jhb Sponsored by: iXsystems, Inc. Differential Revision: https://reviews.freebsd.org/D19372
2019-02-27 19:27:16 +00:00 · 2019-02-27 19:27:16 +00:00 · ad40776cc5
commit ad40776cc5
parent 26a7f7df6b
1 changed files with 30 additions and 1 deletions
--- a/tools/tools/crypto/cryptocheck.c
+++ b/tools/tools/crypto/cryptocheck.c
@ -111,6 +111,7 @@
 */

 #include <sys/param.h>
+#include <sys/sysctl.h>
 #include <assert.h>
 #include <err.h>
 #include <fcntl.h>
@ -275,13 +276,41 @@ devcrypto(void)
 	return (fd);
 }

+/*
+ * Called on exit to change kern.cryptodevallowsoft back to 0
+ */
+#define CRYPT_SOFT_ALLOW	"kern.cryptodevallowsoft"
+
+static void
+reset_user_soft(void)
+{
+	int off = 0;
+	sysctlbyname(CRYPT_SOFT_ALLOW, NULL, NULL, &off, sizeof(off));
+}
+
+static void
+enable_user_soft(void)
+{
+	int curstate;
+	int on = 1;
+	size_t cursize = sizeof(curstate);
+
+	if (sysctlbyname(CRYPT_SOFT_ALLOW, &curstate, &cursize,
+		&on, sizeof(on)) == 0) {
+		if (curstate == 0)
+			atexit(reset_user_soft);
+	}
+}
+
 static int
 crlookup(const char *devname)
 {
 	struct crypt_find_op find;

-	if (strncmp(devname, "soft", 4) == 0)
+	if (strncmp(devname, "soft", 4) == 0) {
+		enable_user_soft();
 		return CRYPTO_FLAG_SOFTWARE;
+	}

 	find.crid = -1;
 	strlcpy(find.name, devname, sizeof(find.name));