From 293707af843ce1b4208eed3b8427b72356ea06f0 Mon Sep 17 00:00:00 2001 From: jhb Date: Thu, 15 Feb 2018 21:27:24 +0000 Subject: MFC 318090,319475: Use const with some read-only buffers in opencrypto APIs. 318090: Use const with some read-only buffers in opencrypto APIs. - Mark the source buffer for a copyback operation as const in the kernel API. - Use const with input-only buffers in crypto ioctl structures used with /dev/crypto. 319475: Fix some new errors and a warning in cryptotest. - Use a new 'char *key' to allocate storage for keys and assign the pointer to the session2_op 'const char *' members after the key is initialized. - Mark the 'find' variable used in crfind() static so that crfind() doesn't return a pointer to stack garbage. Sponsored by: Chelsio Communications (cherry picked from commit 230aaab2e615703ad509454fe1b16ab8f69b411c) --- sys/opencrypto/criov.c | 4 ++-- sys/opencrypto/cryptodev.h | 24 +++++++++++++----------- tools/tools/crypto/cryptotest.c | 18 ++++++++++-------- 3 files changed, 25 insertions(+), 21 deletions(-) diff --git a/sys/opencrypto/criov.c b/sys/opencrypto/criov.c index 499bfe3..71e395a 100644 --- a/sys/opencrypto/criov.c +++ b/sys/opencrypto/criov.c @@ -79,7 +79,7 @@ cuio_copydata(struct uio* uio, int off, int len, caddr_t cp) } void -cuio_copyback(struct uio* uio, int off, int len, caddr_t cp) +cuio_copyback(struct uio* uio, int off, int len, c_caddr_t cp) { struct iovec *iov = uio->uio_iov; int iol = uio->uio_iovcnt; @@ -155,7 +155,7 @@ cuio_apply(struct uio *uio, int off, int len, int (*f)(void *, void *, u_int), } void -crypto_copyback(int flags, caddr_t buf, int off, int size, caddr_t in) +crypto_copyback(int flags, caddr_t buf, int off, int size, c_caddr_t in) { if ((flags & CRYPTO_F_IMBUF) != 0) diff --git a/sys/opencrypto/cryptodev.h b/sys/opencrypto/cryptodev.h index 91bec56..3ca77c7 100644 --- a/sys/opencrypto/cryptodev.h +++ b/sys/opencrypto/cryptodev.h @@ -212,9 +212,9 @@ struct session_op { u_int32_t mac; /* ie. CRYPTO_MD5_HMAC */ u_int32_t keylen; /* cipher key */ - caddr_t key; + c_caddr_t key; int mackeylen; /* mac key */ - caddr_t mackey; + c_caddr_t mackey; u_int32_t ses; /* returns: session # */ }; @@ -224,9 +224,9 @@ struct session2_op { u_int32_t mac; /* ie. CRYPTO_MD5_HMAC */ u_int32_t keylen; /* cipher key */ - caddr_t key; + c_caddr_t key; int mackeylen; /* mac key */ - caddr_t mackey; + c_caddr_t mackey; u_int32_t ses; /* returns: session # */ int crid; /* driver id + flags (rw) */ @@ -241,9 +241,10 @@ struct crypt_op { u_int16_t flags; #define COP_F_BATCH 0x0008 /* Batch op if possible */ u_int len; - caddr_t src, dst; /* become iov[] inside kernel */ + c_caddr_t src; /* become iov[] inside kernel */ + caddr_t dst; caddr_t mac; /* must be big enough for chosen MAC */ - caddr_t iv; + c_caddr_t iv; }; /* op and flags the same as crypt_op */ @@ -254,10 +255,11 @@ struct crypt_aead { u_int len; u_int aadlen; u_int ivlen; - caddr_t src, dst; /* become iov[] inside kernel */ - caddr_t aad; /* additional authenticated data */ + c_caddr_t src; /* become iov[] inside kernel */ + caddr_t dst; + c_caddr_t aad; /* additional authenticated data */ caddr_t tag; /* must fit for chosen TAG length */ - caddr_t iv; + c_caddr_t iv; }; /* @@ -526,7 +528,7 @@ extern int crypto_devallowsoft; /* only use hardware crypto */ */ struct uio; extern void cuio_copydata(struct uio* uio, int off, int len, caddr_t cp); -extern void cuio_copyback(struct uio* uio, int off, int len, caddr_t cp); +extern void cuio_copyback(struct uio* uio, int off, int len, c_caddr_t cp); extern int cuio_getptr(struct uio *uio, int loc, int *off); extern int cuio_apply(struct uio *uio, int off, int len, int (*f)(void *, void *, u_int), void *arg); @@ -537,7 +539,7 @@ extern int crypto_mbuftoiov(struct mbuf *mbuf, struct iovec **iovptr, int *cnt, int *allocated); extern void crypto_copyback(int flags, caddr_t buf, int off, int size, - caddr_t in); + c_caddr_t in); extern void crypto_copydata(int flags, caddr_t buf, int off, int size, caddr_t out); extern int crypto_apply(int flags, caddr_t buf, int off, int len, diff --git a/tools/tools/crypto/cryptotest.c b/tools/tools/crypto/cryptotest.c index bf0f8ee..2b5aa0a 100644 --- a/tools/tools/crypto/cryptotest.c +++ b/tools/tools/crypto/cryptotest.c @@ -216,7 +216,7 @@ crlookup(const char *devname) const char * crfind(int crid) { - struct crypt_find_op find; + static struct crypt_find_op find; bzero(&find, sizeof(find)); find.crid = crid; @@ -252,7 +252,7 @@ runtest(struct alg *alg, int count, int size, u_long cmd, struct timeval *tv) { int i, fd = crget(); struct timeval start, stop, dt; - char *cleartext, *ciphertext, *originaltext; + char *cleartext, *ciphertext, *originaltext, *key; struct session2_op sop; struct crypt_op cop; char iv[EALG_MAX_BLOCK_LEN]; @@ -260,19 +260,21 @@ runtest(struct alg *alg, int count, int size, u_long cmd, struct timeval *tv) bzero(&sop, sizeof(sop)); if (!alg->ishash) { sop.keylen = (alg->minkeylen + alg->maxkeylen)/2; - sop.key = (char *) malloc(sop.keylen); - if (sop.key == NULL) + key = (char *) malloc(sop.keylen); + if (key == NULL) err(1, "malloc (key)"); for (i = 0; i < sop.keylen; i++) - sop.key[i] = rdigit(); + key[i] = rdigit(); + sop.key = key; sop.cipher = alg->code; } else { sop.mackeylen = (alg->minkeylen + alg->maxkeylen)/2; - sop.mackey = (char *) malloc(sop.mackeylen); - if (sop.mackey == NULL) + key = (char *) malloc(sop.mackeylen); + if (key == NULL) err(1, "malloc (mac)"); for (i = 0; i < sop.mackeylen; i++) - sop.mackey[i] = rdigit(); + key[i] = rdigit(); + sop.mackey = key; sop.mac = alg->code; } sop.crid = crid; -- cgit v1.1