xref: /illumos-gate/usr/src/uts/common/crypto/io/cryptoadm.c (revision 4db555a5389470c6f15aa8b50a38ca5d533d0641)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 
27 /*
28  * The ioctl interface for administrative commands.
29  */
30 
31 #include <sys/types.h>
32 #include <sys/modctl.h>
33 #include <sys/conf.h>
34 #include <sys/stat.h>
35 #include <sys/ddi.h>
36 #include <sys/sunddi.h>
37 #include <sys/kmem.h>
38 #include <sys/errno.h>
39 #include <sys/ksynch.h>
40 #include <sys/file.h>
41 #include <sys/open.h>
42 #include <sys/cred.h>
43 #include <sys/model.h>
44 #include <sys/sysmacros.h>
45 #include <sys/crypto/common.h>
46 #include <sys/crypto/api.h>
47 #include <sys/crypto/impl.h>
48 #include <sys/crypto/sched_impl.h>
49 #include <sys/crypto/ioctladmin.h>
50 #include <c2/audit.h>
51 #include <sys/disp.h>
52 
53 /*
54  * DDI entry points.
55  */
56 static int cryptoadm_attach(dev_info_t *, ddi_attach_cmd_t);
57 static int cryptoadm_detach(dev_info_t *, ddi_detach_cmd_t);
58 static int cryptoadm_getinfo(dev_info_t *, ddi_info_cmd_t, void *, void **);
59 static int cryptoadm_open(dev_t *, int, int, cred_t *);
60 static int cryptoadm_close(dev_t, int, int, cred_t *);
61 static int cryptoadm_ioctl(dev_t, int, intptr_t, int, cred_t *, int *);
62 
63 extern void audit_cryptoadm(int, char *, crypto_mech_name_t *, uint_t,
64     uint_t, uint32_t, int);
65 
66 /*
67  * Module linkage.
68  */
69 static struct cb_ops cbops = {
70 	cryptoadm_open,		/* cb_open */
71 	cryptoadm_close,	/* cb_close */
72 	nodev,			/* cb_strategy */
73 	nodev,			/* cb_print */
74 	nodev,			/* cb_dump */
75 	nodev,			/* cb_read */
76 	nodev,			/* cb_write */
77 	cryptoadm_ioctl,	/* cb_ioctl */
78 	nodev,			/* cb_devmap */
79 	nodev,			/* cb_mmap */
80 	nodev,			/* cb_segmap */
81 	nochpoll,		/* cb_chpoll */
82 	ddi_prop_op,		/* cb_prop_op */
83 	NULL,			/* cb_streamtab */
84 	D_MP,			/* cb_flag */
85 	CB_REV,			/* cb_rev */
86 	nodev,			/* cb_aread */
87 	nodev,			/* cb_awrite */
88 };
89 
90 static struct dev_ops devops = {
91 	DEVO_REV,		/* devo_rev */
92 	0,			/* devo_refcnt */
93 	cryptoadm_getinfo,	/* devo_getinfo */
94 	nulldev,		/* devo_identify */
95 	nulldev,		/* devo_probe */
96 	cryptoadm_attach,	/* devo_attach */
97 	cryptoadm_detach,	/* devo_detach */
98 	nodev,			/* devo_reset */
99 	&cbops,			/* devo_cb_ops */
100 	NULL,			/* devo_bus_ops */
101 	NULL,			/* devo_power */
102 	ddi_quiesce_not_needed,		/* devo_quiesce */
103 };
104 
105 static struct modldrv modldrv = {
106 	&mod_driverops,					/* drv_modops */
107 	"Cryptographic Administrative Interface",	/* drv_linkinfo */
108 	&devops,
109 };
110 
111 static struct modlinkage modlinkage = {
112 	MODREV_1,		/* ml_rev */
113 	&modldrv,		/* ml_linkage */
114 	NULL
115 };
116 
117 static dev_info_t	*cryptoadm_dip = NULL;
118 
119 /*
120  * DDI entry points.
121  */
122 int
123 _init(void)
124 {
125 	return (mod_install(&modlinkage));
126 }
127 
128 int
129 _fini(void)
130 {
131 	return (mod_remove(&modlinkage));
132 }
133 
134 int
135 _info(struct modinfo *modinfop)
136 {
137 	return (mod_info(&modlinkage, modinfop));
138 }
139 
140 /* ARGSUSED */
141 static int
142 cryptoadm_getinfo(dev_info_t *dip, ddi_info_cmd_t cmd, void *arg, void **result)
143 {
144 	switch (cmd) {
145 	case DDI_INFO_DEVT2DEVINFO:
146 		*result = (void *)cryptoadm_dip;
147 		return (DDI_SUCCESS);
148 
149 	case DDI_INFO_DEVT2INSTANCE:
150 		*result = (void *)0;
151 		return (DDI_SUCCESS);
152 	}
153 	return (DDI_FAILURE);
154 }
155 
156 static int
157 cryptoadm_attach(dev_info_t *dip, ddi_attach_cmd_t cmd)
158 {
159 	if (cmd != DDI_ATTACH) {
160 		return (DDI_FAILURE);
161 	}
162 	if (ddi_get_instance(dip) != 0) {
163 		/* we only allow instance 0 to attach */
164 		return (DDI_FAILURE);
165 	}
166 
167 	/* create the minor node */
168 	if (ddi_create_minor_node(dip, "cryptoadm", S_IFCHR, 0,
169 	    DDI_PSEUDO, 0) != DDI_SUCCESS) {
170 		cmn_err(CE_WARN, "cryptoadm: failed creating minor node");
171 		ddi_remove_minor_node(dip, NULL);
172 		return (DDI_FAILURE);
173 	}
174 
175 	cryptoadm_dip = dip;
176 
177 	return (DDI_SUCCESS);
178 }
179 
180 static int
181 cryptoadm_detach(dev_info_t *dip, ddi_detach_cmd_t cmd)
182 {
183 	if (cmd != DDI_DETACH)
184 		return (DDI_FAILURE);
185 
186 	cryptoadm_dip = NULL;
187 	ddi_remove_minor_node(dip, NULL);
188 
189 	return (DDI_SUCCESS);
190 }
191 
192 /* ARGSUSED */
193 static int
194 cryptoadm_open(dev_t *devp, int flag, int otyp, cred_t *credp)
195 {
196 	if (otyp != OTYP_CHR || cryptoadm_dip == NULL)
197 		return (ENXIO);
198 
199 	/* exclusive opens are not supported */
200 	if (flag & FEXCL)
201 		return (ENOTSUP);
202 
203 	*devp = makedevice(getmajor(*devp), 0);
204 
205 	kcf_sched_start();
206 
207 	return (0);
208 }
209 
210 /* ARGSUSED */
211 static int
212 cryptoadm_close(dev_t dev, int flag, int otyp, cred_t *credp)
213 {
214 	return (0);
215 }
216 
217 /*
218  * Returns TRUE if array of size MAXNAMELEN contains a '\0'
219  * termination character, otherwise, it returns FALSE.
220  */
221 static boolean_t
222 null_terminated(char *array)
223 {
224 	int i;
225 
226 	for (i = 0; i < MAXNAMELEN; i++)
227 		if (array[i] == '\0')
228 			return (B_TRUE);
229 
230 	return (B_FALSE);
231 }
232 
233 /*
234  * This ioctl returns an array of hardware providers.  Each entry
235  * contains a device name, device instance, and number of
236  * supported mechanisms.
237  */
238 /* ARGSUSED */
239 static int
240 get_dev_list(dev_t dev, caddr_t arg, int mode, int *rval)
241 {
242 	crypto_get_dev_list_t dev_list;
243 	crypto_dev_list_entry_t *entries;
244 	size_t copyout_size;
245 	uint_t count;
246 	ulong_t offset;
247 
248 	if (copyin(arg, &dev_list, sizeof (dev_list)) != 0)
249 		return (EFAULT);
250 
251 	/* get the list from the core module */
252 	if (crypto_get_dev_list(&count, &entries) != 0) {
253 		dev_list.dl_return_value = CRYPTO_FAILED;
254 		if (copyout(&dev_list, arg, sizeof (dev_list)) != 0) {
255 			return (EFAULT);
256 		}
257 		return (0);
258 	}
259 
260 	/* check if buffer is too small */
261 	if (count > dev_list.dl_dev_count) {
262 		dev_list.dl_dev_count = count;
263 		dev_list.dl_return_value = CRYPTO_BUFFER_TOO_SMALL;
264 		crypto_free_dev_list(entries, count);
265 		if (copyout(&dev_list, arg, sizeof (dev_list)) != 0) {
266 			return (EFAULT);
267 		}
268 		return (0);
269 	}
270 
271 	dev_list.dl_dev_count = count;
272 	dev_list.dl_return_value = CRYPTO_SUCCESS;
273 
274 	copyout_size = count * sizeof (crypto_dev_list_entry_t);
275 
276 	/* copyout the first stuff */
277 	if (copyout(&dev_list, arg, sizeof (dev_list)) != 0) {
278 		crypto_free_dev_list(entries, count);
279 		return (EFAULT);
280 	}
281 
282 	/* copyout entries */
283 	offset = offsetof(crypto_get_dev_list_t, dl_devs);
284 	if (count > 0 && copyout(entries, arg + offset, copyout_size) != 0) {
285 		crypto_free_dev_list(entries, count);
286 		return (EFAULT);
287 	}
288 	crypto_free_dev_list(entries, count);
289 	return (0);
290 }
291 
292 /*
293  * This ioctl returns a buffer containing the null terminated names
294  * of software providers.
295  */
296 /* ARGSUSED */
297 static int
298 get_soft_list(dev_t dev, caddr_t arg, int mode, int *rval)
299 {
300 	STRUCT_DECL(crypto_get_soft_list, soft_list);
301 	char *names;
302 	size_t len;
303 	uint_t count;
304 
305 	STRUCT_INIT(soft_list, mode);
306 
307 	if (copyin(arg, STRUCT_BUF(soft_list), STRUCT_SIZE(soft_list)) != 0)
308 		return (EFAULT);
309 
310 	/* get the list from the core module */
311 	if (crypto_get_soft_list(&count, &names, &len) != 0) {
312 		STRUCT_FSET(soft_list, sl_return_value, CRYPTO_FAILED);
313 		if (copyout(STRUCT_BUF(soft_list), arg,
314 		    STRUCT_SIZE(soft_list)) != 0) {
315 			return (EFAULT);
316 		}
317 		return (0);
318 	}
319 
320 	/* check if buffer is too small */
321 	if (len > STRUCT_FGET(soft_list, sl_soft_len)) {
322 		STRUCT_FSET(soft_list, sl_soft_count, count);
323 		STRUCT_FSET(soft_list, sl_soft_len, len);
324 		STRUCT_FSET(soft_list, sl_return_value,
325 		    CRYPTO_BUFFER_TOO_SMALL);
326 		kmem_free(names, len);
327 		if (copyout(STRUCT_BUF(soft_list), arg,
328 		    STRUCT_SIZE(soft_list)) != 0) {
329 			return (EFAULT);
330 		}
331 		return (0);
332 	}
333 
334 	STRUCT_FSET(soft_list, sl_soft_count, count);
335 	STRUCT_FSET(soft_list, sl_soft_len, len);
336 	STRUCT_FSET(soft_list, sl_return_value, CRYPTO_SUCCESS);
337 
338 	if (count > 0 && copyout(names,
339 	    STRUCT_FGETP(soft_list, sl_soft_names), len) != 0) {
340 		kmem_free(names, len);
341 		return (EFAULT);
342 	}
343 	kmem_free(names, len);
344 
345 	if (copyout(STRUCT_BUF(soft_list), arg, STRUCT_SIZE(soft_list)) != 0) {
346 		return (EFAULT);
347 	}
348 
349 	return (0);
350 }
351 
352 /*
353  * This ioctl returns an array of mechanisms supported by the
354  * specified device.
355  */
356 /* ARGSUSED */
357 static int
358 get_dev_info(dev_t dev, caddr_t arg, int mode, int *rval)
359 {
360 	crypto_get_dev_info_t dev_info;
361 	crypto_mech_name_t *entries;
362 	size_t copyout_size;
363 	uint_t count;
364 	ulong_t offset;
365 	char *dev_name;
366 	int rv;
367 
368 	if (copyin(arg, &dev_info, sizeof (dev_info)) != 0)
369 		return (EFAULT);
370 
371 	dev_name = dev_info.di_dev_name;
372 	/* make sure the device name is null terminated */
373 	if (!null_terminated(dev_name)) {
374 		dev_info.di_return_value = CRYPTO_ARGUMENTS_BAD;
375 		if (copyout(&dev_info, arg, sizeof (dev_info)) != 0) {
376 			return (EFAULT);
377 		}
378 		return (0);
379 	}
380 
381 	/* get mechanism names from the core module */
382 	if ((rv = crypto_get_dev_info(dev_name, dev_info.di_dev_instance,
383 	    &count, &entries)) != CRYPTO_SUCCESS) {
384 		dev_info.di_return_value = rv;
385 		if (copyout(&dev_info, arg, sizeof (dev_info)) != 0) {
386 			return (EFAULT);
387 		}
388 		return (0);
389 	}
390 
391 	/* check if buffer is too small */
392 	if (count > dev_info.di_count) {
393 		dev_info.di_count = count;
394 		dev_info.di_return_value = CRYPTO_BUFFER_TOO_SMALL;
395 		crypto_free_mech_list(entries, count);
396 		if (copyout(&dev_info, arg, sizeof (dev_info)) != 0) {
397 			return (EFAULT);
398 		}
399 		return (0);
400 	}
401 
402 	dev_info.di_count = count;
403 	dev_info.di_return_value = CRYPTO_SUCCESS;
404 
405 	copyout_size = count * sizeof (crypto_mech_name_t);
406 
407 	/* copyout the first stuff */
408 	if (copyout(&dev_info, arg, sizeof (dev_info)) != 0) {
409 		crypto_free_mech_list(entries, count);
410 		return (EFAULT);
411 	}
412 
413 	/* copyout entries */
414 	offset = offsetof(crypto_get_dev_info_t, di_list);
415 	if (copyout(entries, arg + offset, copyout_size) != 0) {
416 		crypto_free_mech_list(entries, count);
417 		return (EFAULT);
418 	}
419 	crypto_free_mech_list(entries, count);
420 	return (0);
421 }
422 
423 /*
424  * This ioctl returns an array of mechanisms supported by the
425  * specified cryptographic module.
426  */
427 /* ARGSUSED */
428 static int
429 get_soft_info(dev_t dev, caddr_t arg, int mode, int *rval)
430 {
431 	crypto_get_soft_info_t soft_info;
432 	crypto_mech_name_t *entries;
433 	size_t copyout_size;
434 	uint_t count;
435 	ulong_t offset;
436 	char *name;
437 
438 	if (copyin(arg, &soft_info, sizeof (soft_info)) != 0)
439 		return (EFAULT);
440 
441 	name = soft_info.si_name;
442 	/* make sure the provider name is null terminated */
443 	if (!null_terminated(name)) {
444 		soft_info.si_return_value = CRYPTO_ARGUMENTS_BAD;
445 		if (copyout(&soft_info, arg, sizeof (soft_info)) != 0) {
446 			return (EFAULT);
447 		}
448 		return (0);
449 	}
450 
451 	/* get mechanism names from the core module */
452 	if (crypto_get_soft_info(name, &count, &entries) != 0) {
453 		soft_info.si_return_value = CRYPTO_FAILED;
454 		if (copyout(&soft_info, arg, sizeof (soft_info)) != 0) {
455 			return (EFAULT);
456 		}
457 		return (0);
458 	}
459 
460 	/* check if buffer is too small */
461 	if (count > soft_info.si_count) {
462 		soft_info.si_count = count;
463 		soft_info.si_return_value = CRYPTO_BUFFER_TOO_SMALL;
464 		crypto_free_mech_list(entries, count);
465 		if (copyout(&soft_info, arg, sizeof (soft_info)) != 0) {
466 			return (EFAULT);
467 		}
468 		return (0);
469 	}
470 
471 	soft_info.si_count = count;
472 	soft_info.si_return_value = CRYPTO_SUCCESS;
473 	copyout_size = count * sizeof (crypto_mech_name_t);
474 
475 	/* copyout the first stuff */
476 	if (copyout(&soft_info, arg, sizeof (soft_info)) != 0) {
477 		crypto_free_mech_list(entries, count);
478 		return (EFAULT);
479 	}
480 
481 	/* copyout entries */
482 	offset = offsetof(crypto_get_soft_info_t, si_list);
483 	if (copyout(entries, arg + offset, copyout_size) != 0) {
484 		crypto_free_mech_list(entries, count);
485 		return (EFAULT);
486 	}
487 	crypto_free_mech_list(entries, count);
488 	return (0);
489 }
490 
491 /*
492  * This ioctl disables mechanisms supported by the specified device.
493  */
494 /* ARGSUSED */
495 static int
496 load_dev_disabled(dev_t dev, caddr_t arg, int mode, int *rval)
497 {
498 	crypto_load_dev_disabled_t dev_disabled;
499 	crypto_mech_name_t *entries;
500 	size_t size;
501 	ulong_t offset;
502 	uint_t count;
503 	uint_t instance;
504 	char *dev_name;
505 	uint32_t rv;
506 	int error = 0;
507 
508 	if (copyin(arg, &dev_disabled, sizeof (dev_disabled)) != 0) {
509 		error =  EFAULT;
510 		goto out2;
511 	}
512 
513 	dev_name = dev_disabled.dd_dev_name;
514 	/* make sure the device name is null terminated */
515 	if (!null_terminated(dev_name)) {
516 		rv = CRYPTO_ARGUMENTS_BAD;
517 		goto out;
518 	}
519 
520 	count = dev_disabled.dd_count;
521 	instance = dev_disabled.dd_dev_instance;
522 	if (count == 0) {
523 		/* remove the entry */
524 		if (crypto_load_dev_disabled(dev_name, instance, 0, NULL) != 0)
525 			rv = CRYPTO_FAILED;
526 		else
527 			rv = CRYPTO_SUCCESS;
528 		goto out;
529 	}
530 
531 	if (count > KCF_MAXMECHS) {
532 		rv = CRYPTO_ARGUMENTS_BAD;
533 		goto out;
534 	}
535 
536 	size = count * sizeof (crypto_mech_name_t);
537 	entries = kmem_alloc(size, KM_SLEEP);
538 
539 	offset = offsetof(crypto_load_dev_disabled_t, dd_list);
540 	if (copyin(arg + offset, entries, size) != 0) {
541 		kmem_free(entries, size);
542 		error = EFAULT;
543 		goto out2;
544 	}
545 
546 	/* 'entries' consumed (but not freed) by crypto_load_dev_disabled() */
547 	if (crypto_load_dev_disabled(dev_name, instance, count, entries) != 0) {
548 		kmem_free(entries, size);
549 		rv = CRYPTO_FAILED;
550 		goto out;
551 	}
552 	rv = CRYPTO_SUCCESS;
553 out:
554 	dev_disabled.dd_return_value = rv;
555 
556 	if (copyout(&dev_disabled, arg, sizeof (dev_disabled)) != 0) {
557 		error = EFAULT;
558 	}
559 out2:
560 	if (AU_AUDITING())
561 		audit_cryptoadm(CRYPTO_LOAD_DEV_DISABLED, dev_name, entries,
562 		    count, instance, rv, error);
563 	return (error);
564 }
565 
566 /*
567  * This ioctl disables mechanisms supported by the specified
568  * cryptographic module.
569  */
570 /* ARGSUSED */
571 static int
572 load_soft_disabled(dev_t dev, caddr_t arg, int mode, int *rval)
573 {
574 	crypto_load_soft_disabled_t soft_disabled;
575 	crypto_mech_name_t *entries;
576 	size_t size;
577 	uint_t count;
578 	ulong_t offset;
579 	char *name;
580 	uint32_t rv;
581 	int error = 0;
582 
583 	if (copyin(arg, &soft_disabled, sizeof (soft_disabled)) != 0) {
584 		error = EFAULT;
585 		goto out2;
586 	}
587 
588 	name = soft_disabled.sd_name;
589 	/* make sure the name is null terminated */
590 	if (!null_terminated(name)) {
591 		soft_disabled.sd_return_value = CRYPTO_ARGUMENTS_BAD;
592 		if (copyout(&soft_disabled, arg, sizeof (soft_disabled)) != 0) {
593 			return (EFAULT);
594 		}
595 		return (0);
596 	}
597 
598 	count = soft_disabled.sd_count;
599 	if (count == 0) {
600 		/* remove the entry */
601 		if (crypto_load_soft_disabled(name, 0, NULL) != 0) {
602 			rv = CRYPTO_FAILED;
603 		} else {
604 			rv = CRYPTO_SUCCESS;
605 		}
606 		goto out;
607 	}
608 
609 	if (count > KCF_MAXMECHS) {
610 		rv = CRYPTO_ARGUMENTS_BAD;
611 		goto out;
612 	}
613 
614 	size = count * sizeof (crypto_mech_name_t);
615 	entries = kmem_alloc(size, KM_SLEEP);
616 
617 	offset = offsetof(crypto_load_soft_disabled_t, sd_list);
618 	if (copyin(arg + offset, entries, size) != 0) {
619 		kmem_free(entries, size);
620 		error = EFAULT;
621 		goto out2;
622 	}
623 
624 	/* 'entries' is consumed by crypto_load_soft_disabled() */
625 	if (crypto_load_soft_disabled(name, count, entries) != 0) {
626 		kmem_free(entries, size);
627 		rv = CRYPTO_FAILED;
628 		goto out;
629 	}
630 	rv = CRYPTO_SUCCESS;
631 out:
632 	soft_disabled.sd_return_value = rv;
633 
634 	if (copyout(&soft_disabled, arg, sizeof (soft_disabled)) != 0) {
635 		error = EFAULT;
636 	}
637 out2:
638 	if (AU_AUDITING())
639 		audit_cryptoadm(CRYPTO_LOAD_SOFT_DISABLED, name, entries,
640 		    count, 0, rv, error);
641 	return (error);
642 }
643 
644 /*
645  * This ioctl loads the supported mechanisms of the specfied cryptographic
646  * module.  This is so, at boot time, all software providers do not
647  * have to be opened in order to cause them to register their
648  * supported mechanisms.
649  */
650 /* ARGSUSED */
651 static int
652 load_soft_config(dev_t dev, caddr_t arg, int mode, int *rval)
653 {
654 	crypto_load_soft_config_t soft_config;
655 	crypto_mech_name_t *entries;
656 	size_t size;
657 	uint_t count;
658 	ulong_t offset;
659 	char *name;
660 	uint32_t rv;
661 	int error = 0;
662 
663 	if (copyin(arg, &soft_config, sizeof (soft_config)) != 0) {
664 		error = EFAULT;
665 		goto out2;
666 	}
667 
668 	name = soft_config.sc_name;
669 	/* make sure the name is null terminated */
670 	if (!null_terminated(name)) {
671 		soft_config.sc_return_value = CRYPTO_ARGUMENTS_BAD;
672 		if (copyout(&soft_config, arg, sizeof (soft_config)) != 0) {
673 			return (EFAULT);
674 		}
675 		return (0);
676 	}
677 
678 	count = soft_config.sc_count;
679 	if (count == 0) {
680 		if (crypto_load_soft_config(name, 0, NULL) != 0) {
681 			rv = CRYPTO_FAILED;
682 		} else {
683 			rv = CRYPTO_SUCCESS;
684 		}
685 		goto out;
686 	}
687 
688 	if (count > KCF_MAXMECHS) {
689 		rv = CRYPTO_ARGUMENTS_BAD;
690 		goto out;
691 	}
692 
693 	size = count * sizeof (crypto_mech_name_t);
694 	entries = kmem_alloc(size, KM_SLEEP);
695 
696 	offset = offsetof(crypto_load_soft_config_t, sc_list);
697 	if (copyin(arg + offset, entries, size) != 0) {
698 		kmem_free(entries, size);
699 		error = EFAULT;
700 		goto out2;
701 	}
702 
703 	/*
704 	 * 'entries' is consumed (but not freed) by
705 	 * crypto_load_soft_config()
706 	 */
707 	if (crypto_load_soft_config(name, count, entries) != 0) {
708 		kmem_free(entries, size);
709 		rv = CRYPTO_FAILED;
710 		goto out;
711 	}
712 	rv = CRYPTO_SUCCESS;
713 out:
714 	soft_config.sc_return_value = rv;
715 
716 	if (copyout(&soft_config, arg, sizeof (soft_config)) != 0) {
717 		error = EFAULT;
718 	}
719 out2:
720 	if (AU_AUDITING())
721 		audit_cryptoadm(CRYPTO_LOAD_SOFT_CONFIG, name, entries, count,
722 		    0, rv, error);
723 	return (error);
724 }
725 
726 /*
727  * This ioctl unloads the specfied cryptographic module and removes
728  * its table of supported mechanisms.
729  */
730 /* ARGSUSED */
731 static int
732 unload_soft_module(dev_t dev, caddr_t arg, int mode, int *rval)
733 {
734 	crypto_unload_soft_module_t unload_soft_module;
735 	char *name;
736 	uint32_t rv;
737 	int error = 0;
738 
739 	if (copyin(arg, &unload_soft_module,
740 	    sizeof (unload_soft_module)) != 0) {
741 		error = EFAULT;
742 		goto out2;
743 	}
744 
745 	name = unload_soft_module.sm_name;
746 	/* make sure the name is null terminated */
747 	if (!null_terminated(name)) {
748 		unload_soft_module.sm_return_value = CRYPTO_ARGUMENTS_BAD;
749 		if (copyout(&unload_soft_module, arg,
750 		    sizeof (unload_soft_module)) != 0) {
751 			return (EFAULT);
752 		}
753 		return (0);
754 	}
755 
756 	rv = crypto_unload_soft_module(name);
757 out:
758 	unload_soft_module.sm_return_value = rv;
759 
760 	if (copyout(&unload_soft_module, arg,
761 	    sizeof (unload_soft_module)) != 0) {
762 		error = EFAULT;
763 	}
764 out2:
765 	if (AU_AUDITING())
766 		audit_cryptoadm(CRYPTO_UNLOAD_SOFT_MODULE, name, NULL, 0, 0,
767 		    rv, error);
768 
769 	return (error);
770 }
771 
772 static int
773 cryptoadm_ioctl(dev_t dev, int cmd, intptr_t arg, int mode, cred_t *c,
774     int *rval)
775 {
776 	int error;
777 #define	ARG	((caddr_t)arg)
778 
779 	switch (cmd) {
780 	case CRYPTO_LOAD_DEV_DISABLED:
781 	case CRYPTO_LOAD_SOFT_DISABLED:
782 	case CRYPTO_LOAD_SOFT_CONFIG:
783 	case CRYPTO_UNLOAD_SOFT_MODULE:
784 	case CRYPTO_LOAD_DOOR:
785 	case CRYPTO_FIPS140_SET:
786 		if ((error = drv_priv(c)) != 0)
787 			return (error);
788 	default:
789 		break;
790 	}
791 
792 	switch (cmd) {
793 	case CRYPTO_GET_DEV_LIST:
794 		return (get_dev_list(dev, ARG, mode, rval));
795 
796 	case CRYPTO_GET_DEV_INFO:
797 		return (get_dev_info(dev, ARG, mode, rval));
798 
799 	case CRYPTO_GET_SOFT_LIST:
800 		return (get_soft_list(dev, ARG, mode, rval));
801 
802 	case CRYPTO_GET_SOFT_INFO:
803 		return (get_soft_info(dev, ARG, mode, rval));
804 
805 	case CRYPTO_LOAD_DEV_DISABLED:
806 		return (load_dev_disabled(dev, ARG, mode, rval));
807 
808 	case CRYPTO_LOAD_SOFT_DISABLED:
809 		return (load_soft_disabled(dev, ARG, mode, rval));
810 
811 	case CRYPTO_LOAD_SOFT_CONFIG:
812 		return (load_soft_config(dev, ARG, mode, rval));
813 
814 	case CRYPTO_UNLOAD_SOFT_MODULE:
815 		return (unload_soft_module(dev, ARG, mode, rval));
816 	}
817 
818 	return (EINVAL);
819 }
820