diff options
| author | John Baldwin <jhb@FreeBSD.org> | 2020-11-25 00:10:54 +0000 |
|---|---|---|
| committer | John Baldwin <jhb@FreeBSD.org> | 2020-11-25 00:10:54 +0000 |
| commit | 688f8b822cea550753e7f3495339141cb6b565b7 (patch) | |
| tree | 3cd4ee29d26786fc5cae6115ca6dd069672d5456 /share | |
| parent | 908dca3ef4695fe0abf4001ea2b3f73e9247a540 (diff) | |
| download | src-test2-688f8b822cea550753e7f3495339141cb6b565b7.tar.gz src-test2-688f8b822cea550753e7f3495339141cb6b565b7.zip | |
Remove the cloned file descriptors for /dev/crypto.
Crypto file descriptors were added in the original OCF import as a way
to provide per-open data (specifically the list of symmetric
sessions). However, this gives a bit of a confusing API where one has
to open /dev/crypto and then invoke an ioctl to obtain a second file
descriptor. This also does not match the API used with /dev/crypto on
other BSDs or with Linux's /dev/crypto driver.
Character devices have gained support for per-open data via cdevpriv
since OCF was imported, so use cdevpriv to simplify the userland API
by permitting ioctls directly on /dev/crypto descriptors.
To provide backwards compatibility, CRIOGET now opens another
/dev/crypto descriptor via kern_openat() rather than dup'ing the
existing file descriptor. This preserves prior semantics in case
CRIOGET is invoked multiple times on a single file descriptor.
Reviewed by: markj
Relnotes: yes
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D27302
Notes
Notes:
svn path=/head/; revision=368005
Diffstat (limited to 'share')
| -rw-r--r-- | share/man/man4/crypto.4 | 29 |
1 files changed, 7 insertions, 22 deletions
diff --git a/share/man/man4/crypto.4 b/share/man/man4/crypto.4 index b31a02efdcb5..851b8b1b0f31 100644 --- a/share/man/man4/crypto.4 +++ b/share/man/man4/crypto.4 @@ -60,7 +60,7 @@ .\" .\" $FreeBSD$ .\" -.Dd November 6, 2020 +.Dd November 24, 2020 .Dt CRYPTO 4 .Os .Sh NAME @@ -122,19 +122,11 @@ Open the .Pa /dev/crypto device. .It -Create a new cryptography file descriptor via -.Dv CRIOGET -to use for all subsequent -.Xr ioctl 2 -commands. -.It -Close the -.Pa /dev/crypto -device. -.It If any symmetric-keyed cryptographic or digest operations will be performed, create a session with -.Dv CIOCGSESSION . +.Dv CIOCGSESSION +or +.Dv CIOCGSESSION2 . Most applications will require at least one symmetric session. Since cipher and MAC keys are tied to sessions, many applications will require more. @@ -152,8 +144,9 @@ or Optionally destroy a session with .Dv CIOCFSESSION . .It -Close the cryptography file descriptor with -.Xr close 2 . +Close the +.Pa /dev/crypto +device. This will automatically close any remaining sessions associated with the file desriptor. .El @@ -458,11 +451,3 @@ session: if you request a algorithm, you must supply a suitably-sized buffer. .Pp The scheme for passing arguments for asymmetric requests is baroque. -.Pp -.Dv CRIOGET -should not exist. -It should be possible to use the -.Dv CIOC Ns \&* -commands directly on a -.Pa /dev/crypto -file descriptor. |