Page MenuHomeFreeBSD

Use const with some read-only buffers in opencrypto APIs.
ClosedPublic

Authored by jhb on Apr 27 2017, 12:05 AM.

Details

Summary

Use const with some read-only buffers in opencrypto APIs.

  • Mark the source buffer for a copyback operation as const in the kernel API.
  • Use const with input-only buffers in crypto ioctl structures used with /dev/crypto.
Test Plan
  • passes make tinderbox
  • have tested IPSec + /dev/crypto access (via a testing tool that compares the results of crypto operations on /dev/crypto against OpenSSL's software implementation) against cryptosoft, aesni(4), and a driver for the Chelsio T6 crypto engine

Diff Detail

Repository
rS FreeBSD src repository
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

jhb created this revision.Apr 27 2017, 12:05 AM
jmg edited edge metadata.Apr 28 2017, 5:31 PM

looks fine, have you verified that the tests in tests/sys/opencrypto pass? they are not present in your test plan.

Also, is your testing tool in the tree?

jhb added a comment.Apr 28 2017, 5:48 PM

The testing tool is in the branch https://github.com/freebsd/freebsd/compare/master...bsdjhb:cryptocheck. (These changes are also in that branch, and my intention is to pull smaller bits out one at a time for review.) I will run the other tests, though they are currently still hardcoded for aesni0.

jhb added a comment.Apr 28 2017, 7:05 PM

The python tests pass.

No objection from secteam@ (if we were blocking).

This revision was automatically updated to reflect the committed changes.