From ad40776cc5decfa82c23279c5f744ad0b03ab751 Mon Sep 17 00:00:00 2001 From: sef Date: Wed, 27 Feb 2019 19:27:16 +0000 Subject: [PATCH] Have cryptocheck toggle kern.cryptodevallowsoft if necessary (this requires root access). Reviewed by: cem, jhb Sponsored by: iXsystems, Inc. Differential Revision: https://reviews.freebsd.org/D19372 --- tools/tools/crypto/cryptocheck.c | 31 ++++++++++++++++++++++++++++++- 1 file changed, 30 insertions(+), 1 deletion(-) diff --git a/tools/tools/crypto/cryptocheck.c b/tools/tools/crypto/cryptocheck.c index 8f35c6b7e345..1cfb400cbce7 100644 --- a/tools/tools/crypto/cryptocheck.c +++ b/tools/tools/crypto/cryptocheck.c @@ -111,6 +111,7 @@ */ #include +#include #include #include #include @@ -275,13 +276,41 @@ devcrypto(void) return (fd); } +/* + * Called on exit to change kern.cryptodevallowsoft back to 0 + */ +#define CRYPT_SOFT_ALLOW "kern.cryptodevallowsoft" + +static void +reset_user_soft(void) +{ + int off = 0; + sysctlbyname(CRYPT_SOFT_ALLOW, NULL, NULL, &off, sizeof(off)); +} + +static void +enable_user_soft(void) +{ + int curstate; + int on = 1; + size_t cursize = sizeof(curstate); + + if (sysctlbyname(CRYPT_SOFT_ALLOW, &curstate, &cursize, + &on, sizeof(on)) == 0) { + if (curstate == 0) + atexit(reset_user_soft); + } +} + static int crlookup(const char *devname) { struct crypt_find_op find; - if (strncmp(devname, "soft", 4) == 0) + if (strncmp(devname, "soft", 4) == 0) { + enable_user_soft(); return CRYPTO_FLAG_SOFTWARE; + } find.crid = -1; strlcpy(find.name, devname, sizeof(find.name));