diff options
| author |   deraadt <deraadt@openbsd.org> | 2002-02-23 08:07:58 +0000 |
|---|---|---|
| committer | deraadt <deraadt@openbsd.org> | 2002-02-23 08:07:58 +0000 |
| commit | 14e6915dd221c1d54be905de07ed46b9b975d314 (patch) | |
| tree | dc9dde7c4c4b4201dadf3807eeca64cf067cd852 | |
| parent | Document KERN_SYSVIPC_INFO; from NetBSD (diff) | |
| download | wireguard-openbsd-14e6915dd221c1d54be905de07ed46b9b975d314.tar.xz wireguard-openbsd-14e6915dd221c1d54be905de07ed46b9b975d314.zip | |
sysctl kern.usercrypto
| -rw-r--r-- | etc/sysctl.conf | 3 | ||||
| -rw-r--r-- | lib/libc/gen/sysctl.3 | 7 | ||||
| -rw-r--r-- | sbin/sysctl/sysctl.8 | 3 | ||||
| -rw-r--r-- | sys/crypto/cryptodev.c | 6 | ||||
| -rw-r--r-- | sys/kern/kern_sysctl.c | 9 | ||||
| -rw-r--r-- | sys/sys/sysctl.h | 6 |
6 files changed, 27 insertions, 7 deletions
diff --git a/etc/sysctl.conf b/etc/sysctl.conf index c7639c3b490..0fa652d3bde 100644 --- a/etc/sysctl.conf +++ b/etc/sysctl.conf @@ -1,4 +1,4 @@ -# $OpenBSD: sysctl.conf,v 1.24 2001/08/07 14:07:47 deraadt Exp $ +# $OpenBSD: sysctl.conf,v 1.25 2002/02/23 08:07:58 deraadt Exp $ # # This file contains a list of sysctl options the user wants set at # boot time. See sysctl(3) and sysctl(8) for more information on @@ -17,3 +17,4 @@ #vm.swapencrypt.enable=1 # 1=Encrypt pages that go to swap #vfs.nfs.iothreads=4 # number of nfsio kernel threads #net.inet.ip.mtudisc=0 # 0=disable tcp mtu discovery +#kern.usercrypto=1 # 1=enable userland use of /dev/crypto diff --git a/lib/libc/gen/sysctl.3 b/lib/libc/gen/sysctl.3 index c5c590ed88c..508748251d2 100644 --- a/lib/libc/gen/sysctl.3 +++ b/lib/libc/gen/sysctl.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: sysctl.3,v 1.79 2002/02/23 07:07:37 millert Exp $ +.\" $OpenBSD: sysctl.3,v 1.80 2002/02/23 08:07:59 deraadt Exp $ .\" .\" Copyright (c) 1993 .\" The Regents of the University of California. All rights reserved. @@ -313,6 +313,7 @@ information. .It Dv KERN_VERSION No " string no" .It Dv KERN_VNODE No " struct vnode no" .It Dv KERN_STACKGAPRANDOM No " integer yes" +.It Dv KERN_USERCRYPTO No " integer yes" .El .Pp .Bl -tag -width "123456" @@ -618,6 +619,10 @@ The random value is added to make buffer overflow exploitation slightly harder. The bigger the number, the harder it is to brute force this added protection, but it also means bigger waste of memory. +.It Dv KERN_USERCRYPTO +Permits userland to use +.Pa /dev/crypto +for cryptographic support via hardware cryptographic devices. .El .Ss CTL_MACHDEP The set of variables defined is architecture dependent. diff --git a/sbin/sysctl/sysctl.8 b/sbin/sysctl/sysctl.8 index 1cbb1892edb..07dccb01a41 100644 --- a/sbin/sysctl/sysctl.8 +++ b/sbin/sysctl/sysctl.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: sysctl.8,v 1.77 2002/02/11 18:43:51 mpech Exp $ +.\" $OpenBSD: sysctl.8,v 1.78 2002/02/23 08:07:59 deraadt Exp $ .\" $NetBSD: sysctl.8,v 1.4 1995/09/30 07:12:49 thorpej Exp $ .\" .\" Copyright (c) 1993 @@ -149,6 +149,7 @@ privilege can change the value. .It kern.ccpu u_int no .It kern.nprocs int no .It kern.stackgap_random int yes +.It kern.usercrypto int yes .It vm.loadavg struct no .It vm.psstrings struct no .It vm.swapencrypt.enable integer yes diff --git a/sys/crypto/cryptodev.c b/sys/crypto/cryptodev.c index 3c2ac1f87a1..ee1073fb375 100644 --- a/sys/crypto/cryptodev.c +++ b/sys/crypto/cryptodev.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cryptodev.c,v 1.29 2002/02/08 13:53:28 art Exp $ */ +/* $OpenBSD: cryptodev.c,v 1.30 2002/02/23 08:07:59 deraadt Exp $ */ /* * Copyright (c) 2001 Theo de Raadt @@ -112,6 +112,8 @@ int csefree(struct csession *); int crypto_op(struct csession *, struct crypt_op *, struct proc *); +int usercrypto = 1; /* userland may do crypto requests */ + /* ARGSUSED */ int cryptof_read(fp, poff, uio, cred) @@ -490,6 +492,8 @@ cryptoopen(dev, flag, mode, p) int mode; struct proc *p; { + if (usercrypto == 0) + return (ENXIO); return (0); } diff --git a/sys/kern/kern_sysctl.c b/sys/kern/kern_sysctl.c index 44eb2f9924c..edf544e207e 100644 --- a/sys/kern/kern_sysctl.c +++ b/sys/kern/kern_sysctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_sysctl.c,v 1.60 2001/11/28 13:47:39 art Exp $ */ +/* $OpenBSD: kern_sysctl.c,v 1.61 2002/02/23 08:11:05 deraadt Exp $ */ /* $NetBSD: kern_sysctl.c,v 1.17 1996/05/20 17:49:05 mrg Exp $ */ /*- @@ -246,6 +246,9 @@ kern_sysctl(name, namelen, oldp, oldlenp, newp, newlen, p) extern int usermount, nosuidcoredump; extern long cp_time[CPUSTATES]; extern int stackgap_random; +#ifdef CRYPTO + extern int usercrypto; +#endif /* all sysctl names at this level are terminal */ if (namelen != 1 && !(name[0] == KERN_PROC || name[0] == KERN_PROF || @@ -423,6 +426,10 @@ kern_sysctl(name, namelen, oldp, oldlenp, newp, newlen, p) case KERN_SYSVIPC_INFO: return (sysctl_sysvipc(name + 1, namelen - 1, oldp, oldlenp)); #endif +#ifdef CRYPTO + case KERN_USERCRYPTO: + return (sysctl_int(oldp, oldlenp, newp, newlen, &usercrypto)); +#endif default: return (EOPNOTSUPP); } diff --git a/sys/sys/sysctl.h b/sys/sys/sysctl.h index edbfbe6afca..901cc156ebc 100644 --- a/sys/sys/sysctl.h +++ b/sys/sys/sysctl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sysctl.h,v 1.44 2001/11/06 19:53:21 miod Exp $ */ +/* $OpenBSD: sysctl.h,v 1.45 2002/02/23 08:07:59 deraadt Exp $ */ /* $NetBSD: sysctl.h,v 1.16 1996/04/09 20:55:36 cgd Exp $ */ /* @@ -165,7 +165,8 @@ struct ctlname { #define KERN_POOL 49 /* struct: pool information */ #define KERN_STACKGAPRANDOM 50 /* int: stackgap_random */ #define KERN_SYSVIPC_INFO 51 /* struct: SysV sem/shm/msg info */ -#define KERN_MAXID 52 /* number of valid kern ids */ +#define KERN_USERCRYPTO 52 /* int: usercrypto */ +#define KERN_MAXID 53 /* number of valid kern ids */ #define CTL_KERN_NAMES { \ { 0, 0 }, \ @@ -220,6 +221,7 @@ struct ctlname { { "pool", CTLTYPE_NODE }, \ { "stackgap_random", CTLTYPE_INT }, \ { "sysvipc_info", CTLTYPE_INT }, \ + { "usercrypto", CTLTYPE_INT }, \ } /* |