diff options
author | Luiz Otavio O Souza <luiz@netgate.com> | 2015-09-15 12:59:59 -0500 |
---|---|---|
committer | Luiz Otavio O Souza <luiz@netgate.com> | 2015-10-20 11:50:34 -0500 |
commit | 3265517c75228764d648177e0f07457acda04846 (patch) | |
tree | d6faf80ba5a0fd972c30d82dd7f3fee6087174e0 | |
parent | 82e938d40482c4204047485108b5c145c0101b29 (diff) | |
download | FreeBSD-src-3265517c75228764d648177e0f07457acda04846.zip FreeBSD-src-3265517c75228764d648177e0f07457acda04846.tar.gz |
MFC r262994:
allow the kern.cryptodevallowsoft sysctl to enable symetric/hashes too...
This will allow us to more easily test the software versions of these
routines...
Considering that we've never had an software asymetric implmentation,
it's doubtful anyone has this enabled...
TAG: IPSEC-HEAD
Issue: #4841
-rw-r--r-- | sys/opencrypto/crypto.c | 4 | ||||
-rw-r--r-- | sys/opencrypto/cryptodev.c | 13 |
2 files changed, 10 insertions, 7 deletions
diff --git a/sys/opencrypto/crypto.c b/sys/opencrypto/crypto.c index 889e855..d1df283 100644 --- a/sys/opencrypto/crypto.c +++ b/sys/opencrypto/crypto.c @@ -161,10 +161,10 @@ int crypto_userasymcrypto = 1; /* userland may do asym crypto reqs */ SYSCTL_INT(_kern, OID_AUTO, userasymcrypto, CTLFLAG_RW, &crypto_userasymcrypto, 0, "Enable/disable user-mode access to asymmetric crypto support"); -int crypto_devallowsoft = 0; /* only use hardware crypto for asym */ +int crypto_devallowsoft = 0; /* only use hardware crypto */ SYSCTL_INT(_kern, OID_AUTO, cryptodevallowsoft, CTLFLAG_RW, &crypto_devallowsoft, 0, - "Enable/disable use of software asym crypto support"); + "Enable/disable use of software crypto by /dev/crypto"); MALLOC_DEFINE(M_CRYPTO_DATA, "crypto", "crypto session records"); diff --git a/sys/opencrypto/cryptodev.c b/sys/opencrypto/cryptodev.c index 5e949ca..4d16833 100644 --- a/sys/opencrypto/cryptodev.c +++ b/sys/opencrypto/cryptodev.c @@ -351,11 +351,14 @@ cryptof_truncate( static int checkforsoftware(int crid) { - if (crid & CRYPTOCAP_F_SOFTWARE) - return EINVAL; /* XXX */ - if ((crid & CRYPTOCAP_F_HARDWARE) == 0 && - (crypto_getcaps(crid) & CRYPTOCAP_F_HARDWARE) == 0) - return EINVAL; /* XXX */ + + if (!crypto_devallowsoft) { + if (crid & CRYPTOCAP_F_SOFTWARE) + return EINVAL; /* XXX */ + if ((crid & CRYPTOCAP_F_HARDWARE) == 0 && + (crypto_getcaps(crid) & CRYPTOCAP_F_HARDWARE) == 0) + return EINVAL; /* XXX */ + } return 0; } |