Mercurial > illumos > git > illumos-omnios
changeset 11413:21d4b1442799
6719591 non-exploitable integer wraparound issue in copyin_key() [external report]
line wrap: on
line diff
--- a/usr/src/common/crypto/aes/aes_impl.c Fri Jan 01 05:31:21 2010 -0800 +++ b/usr/src/common/crypto/aes/aes_impl.c Fri Jan 01 15:55:01 2010 -0800 @@ -19,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2009 Sun Microsystems, Inc. All rights reserved. + * Copyright 2010 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -1597,7 +1597,7 @@ /* should never get here */ return; } - keysize = keyBits >> 3; + keysize = CRYPTO_BITS2BYTES(keyBits); /* * For _LITTLE_ENDIAN machines (except AMD64), reverse every
--- a/usr/src/common/crypto/blowfish/blowfish_impl.c Fri Jan 01 05:31:21 2010 -0800 +++ b/usr/src/common/crypto/blowfish/blowfish_impl.c Fri Jan 01 15:55:01 2010 -0800 @@ -19,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2008 Sun Microsystems, Inc. All rights reserved. + * Copyright 2010 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -567,12 +567,12 @@ { /* EXPORT DELETE START */ uint8_t *current = dst; - uint_t bitsleft = dst_len_bytes << 3; + uint_t bitsleft = CRYPTO_BYTES2BITS(dst_len_bytes); uint_t bitoffset = 0; uint_t currentbits; int i; - BLOWFISH_ASSERT(((len_bits + 7) >> 3) == len_bytes); + BLOWFISH_ASSERT(CRYPTO_BITS2BYTES(len_bits) == len_bytes); bzero(dst, dst_len_bytes);
--- a/usr/src/common/crypto/modes/ccm.c Fri Jan 01 05:31:21 2010 -0800 +++ b/usr/src/common/crypto/modes/ccm.c Fri Jan 01 15:55:01 2010 -0800 @@ -19,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2009 Sun Microsystems, Inc. All rights reserved. + * Copyright 2010 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -731,7 +731,7 @@ encoded[0] = 0xff; encoded[1] = 0xfe; #ifdef UNALIGNED_POINTERS_PERMITTED - lencoded_ptr = (uint32_t *)&encoded[2]; + lencoded_ptr = (uint32_t *)(void *)&encoded[2]; *lencoded_ptr = htonl(auth_data_len); #else encoded[2] = (auth_data_len & 0xff000000) >> 24; @@ -747,7 +747,7 @@ encoded[0] = 0xff; encoded[1] = 0xff; #ifdef UNALIGNED_POINTERS_PERMITTED - llencoded_ptr = (uint64_t *)&encoded[2]; + llencoded_ptr = (uint64_t *)(void *)&encoded[2]; *llencoded_ptr = htonl(auth_data_len); #else encoded[2] = (auth_data_len & 0xff00000000000000) >> 56; @@ -861,7 +861,7 @@ CK_AES_CCM_PARAMS *ccm_param; if (param != NULL) { - ccm_param = (CK_AES_CCM_PARAMS *)param; + ccm_param = (CK_AES_CCM_PARAMS *)(void *)param; if ((rv = ccm_validate_args(ccm_param, is_encrypt_init)) != 0) {
--- a/usr/src/common/crypto/modes/gcm.c Fri Jan 01 05:31:21 2010 -0800 +++ b/usr/src/common/crypto/modes/gcm.c Fri Jan 01 15:55:01 2010 -0800 @@ -19,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2009 Sun Microsystems, Inc. All rights reserved. + * Copyright 2010 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -120,7 +120,9 @@ #define GHASH(c, d, t) \ xor_block((uint8_t *)(d), (uint8_t *)(c)->gcm_ghash); \ - gcm_mul((uint64_t *)(c)->gcm_ghash, (c)->gcm_H, (uint64_t *)(t)); + gcm_mul((uint64_t *)(void *)(c)->gcm_ghash, (c)->gcm_H, \ + (uint64_t *)(void *)(t)); + /* * Encrypt multiple blocks of data in GCM mode. Decrypt for GCM mode @@ -299,7 +301,8 @@ ctx->gcm_processed_data_len += ctx->gcm_remainder_len; } - ctx->gcm_len_a_len_c[1] = htonll(ctx->gcm_processed_data_len << 3); + ctx->gcm_len_a_len_c[1] = + htonll(CRYPTO_BYTES2BITS(ctx->gcm_processed_data_len)); GHASH(ctx, ctx->gcm_len_a_len_c, ghash); encrypt_block(ctx->gcm_keysched, (uint8_t *)ctx->gcm_J0, (uint8_t *)ctx->gcm_J0); @@ -461,7 +464,7 @@ } } out: - ctx->gcm_len_a_len_c[1] = htonll(pt_len << 3); + ctx->gcm_len_a_len_c[1] = htonll(CRYPTO_BYTES2BITS(pt_len)); GHASH(ctx, ctx->gcm_len_a_len_c, ghash); encrypt_block(ctx->gcm_keysched, (uint8_t *)ctx->gcm_J0, (uint8_t *)ctx->gcm_J0); @@ -547,7 +550,7 @@ } while (remainder > 0); len_a_len_c[0] = 0; - len_a_len_c[1] = htonll(iv_len << 3); + len_a_len_c[1] = htonll(CRYPTO_BYTES2BITS(iv_len)); GHASH(ctx, len_a_len_c, ctx->gcm_J0); /* J0 will be used again in the final */ @@ -618,7 +621,7 @@ CK_AES_GCM_PARAMS *gcm_param; if (param != NULL) { - gcm_param = (CK_AES_GCM_PARAMS *)param; + gcm_param = (CK_AES_GCM_PARAMS *)(void *)param; if ((rv = gcm_validate_args(gcm_param)) != 0) { return (rv); @@ -629,7 +632,8 @@ gcm_ctx->gcm_processed_data_len = 0; /* these values are in bits */ - gcm_ctx->gcm_len_a_len_c[0] = htonll(gcm_param->ulAADLen << 3); + gcm_ctx->gcm_len_a_len_c[0] + = htonll(CRYPTO_BYTES2BITS(gcm_param->ulAADLen)); rv = CRYPTO_SUCCESS; gcm_ctx->gcm_flags |= GCM_MODE; @@ -657,13 +661,14 @@ CK_AES_GMAC_PARAMS *gmac_param; if (param != NULL) { - gmac_param = (CK_AES_GMAC_PARAMS *)param; + gmac_param = (CK_AES_GMAC_PARAMS *)(void *)param; gcm_ctx->gcm_tag_len = CRYPTO_BITS2BYTES(AES_GMAC_TAG_BITS); gcm_ctx->gcm_processed_data_len = 0; /* these values are in bits */ - gcm_ctx->gcm_len_a_len_c[0] = htonll(gmac_param->ulAADLen << 3); + gcm_ctx->gcm_len_a_len_c[0] + = htonll(CRYPTO_BYTES2BITS(gmac_param->ulAADLen)); rv = CRYPTO_SUCCESS; gcm_ctx->gcm_flags |= GMAC_MODE;
--- a/usr/src/uts/common/crypto/api/kcf_cipher.c Fri Jan 01 05:31:21 2010 -0800 +++ b/usr/src/uts/common/crypto/api/kcf_cipher.c Fri Jan 01 15:55:01 2010 -0800 @@ -19,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2009 Sun Microsystems, Inc. All rights reserved. + * Copyright 2010 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -178,7 +178,7 @@ * the provider in order to do a comparison. */ if (sinfo->cm_mech_flags & CRYPTO_KEYSIZE_UNIT_IN_BYTES) - tlen = key->ck_length >> 3; + tlen = CRYPTO_BITS2BYTES(key->ck_length); else tlen = key->ck_length; /*
--- a/usr/src/uts/common/crypto/api/kcf_random.c Fri Jan 01 05:31:21 2010 -0800 +++ b/usr/src/uts/common/crypto/api/kcf_random.c Fri Jan 01 15:55:01 2010 -0800 @@ -19,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2009 Sun Microsystems, Inc. All rights reserved. + * Copyright 2010 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -430,8 +430,8 @@ static int rnd_get_bytes(uint8_t *ptr, size_t len, extract_type_t how) { - size_t bytes; - size_t got; + size_t bytes; + int got; ASSERT(mutex_owned(&rndpool_lock)); /*
--- a/usr/src/uts/common/crypto/core/kcf.c Fri Jan 01 05:31:21 2010 -0800 +++ b/usr/src/uts/common/crypto/core/kcf.c Fri Jan 01 15:55:01 2010 -0800 @@ -19,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2009 Sun Microsystems, Inc. All rights reserved. + * Copyright 2010 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -282,7 +282,7 @@ KCF_FRMWRK_DEBUG(1, ("Integrity Check door returned = %d\n", ret)); - rkda = (kcf_door_arg_t *)darg.rbuf; + rkda = (kcf_door_arg_t *)(void *)darg.rbuf; if (rkda->da_u.result.status != ELFSIGN_SUCCESS) { ret = 1; KCF_FRMWRK_DEBUG(1, ("Integrity Check failed = %d\n", @@ -421,8 +421,8 @@ major_t major; char *drvmod; - if ((major = - ddi_driver_major(pinfo->pi_provider_dev.pd_hw)) != -1) { + if ((major = ddi_driver_major(pinfo->pi_provider_dev.pd_hw)) + != DDI_MAJOR_T_NONE) { drvmod = ddi_major_to_name(major); mctlp = mod_find_by_filename("drv", drvmod); } else @@ -655,7 +655,7 @@ rv = door_ki_upcall_limited(ldh, &darg, NULL, SIZE_MAX, 0); if (rv == 0) { - kcf_door_arg_t *rkda = (kcf_door_arg_t *)darg.rbuf; + kcf_door_arg_t *rkda = (kcf_door_arg_t *)(void *)darg.rbuf; KCF_FRMWRK_DEBUG(2, ("passed: %d\n", rkda->da_u.result.status));
--- a/usr/src/uts/common/crypto/core/kcf_callprov.c Fri Jan 01 05:31:21 2010 -0800 +++ b/usr/src/uts/common/crypto/core/kcf_callprov.c Fri Jan 01 15:55:01 2010 -0800 @@ -19,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2009 Sun Microsystems, Inc. All rights reserved. + * Copyright 2010 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -46,8 +46,8 @@ * variable defined as caddr_t *. */ #define KCF_PROV_NULL_ENTRY_POINT(pd, o1, o2, ops) \ - (ops = (caddr_t *)((caddr_t)(pd)->pd_ops_vector + (o1)), \ - (*ops == NULL || *(caddr_t *)((caddr_t)(*ops) + (o2)) == NULL)) + (ops = (caddr_t *)(void *)((caddr_t)(pd)->pd_ops_vector + (o1)), \ + (*ops == NULL || *(caddr_t *)(void *)((caddr_t)(*ops) + (o2)) == NULL)) static int kcf_emulate_dual(kcf_provider_desc_t *, crypto_ctx_t *, @@ -136,7 +136,7 @@ /* modulus length is returned in bytes */ if (mech_info->cm_mech_flags & CRYPTO_KEYSIZE_UNIT_IN_BITS) - keylen = attr_len * 8; + keylen = CRYPTO_BYTES2BITS(attr_len); else keylen = attr_len; /* Check prime for DH/DSA operations. */ @@ -145,7 +145,7 @@ /* prime length is returned in bytes */ if (mech_info->cm_mech_flags & CRYPTO_KEYSIZE_UNIT_IN_BITS) - keylen = attr_len * 8; + keylen = CRYPTO_BYTES2BITS(attr_len); else keylen = attr_len; }
--- a/usr/src/uts/common/crypto/core/kcf_policy.c Fri Jan 01 05:31:21 2010 -0800 +++ b/usr/src/uts/common/crypto/core/kcf_policy.c Fri Jan 01 15:55:01 2010 -0800 @@ -2,9 +2,8 @@ * CDDL HEADER START * * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. @@ -20,12 +19,10 @@ * CDDL HEADER END */ /* - * Copyright 2004 Sun Microsystems, Inc. All rights reserved. + * Copyright 2010 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ -#pragma ident "%Z%%M% %I% %E% SMI" - /* * This file is part of the core Kernel Cryptographic Framework. * It implements the management of the policy table. Entries are @@ -110,7 +107,7 @@ int i; ASSERT(policy_tab != NULL); - ASSERT(policy_tab_num >= 0); + ASSERT(policy_tab_num != (uint_t)-1); /* underflow */ mutex_enter(&policy_tab_mutex); @@ -152,7 +149,7 @@ int i; ASSERT(policy_tab != NULL); - ASSERT(policy_tab_num >= 0); + ASSERT(policy_tab_num != (uint_t)-1); /* underflow */ mutex_enter(&policy_tab_mutex);
--- a/usr/src/uts/common/crypto/core/kcf_prov_lib.c Fri Jan 01 05:31:21 2010 -0800 +++ b/usr/src/uts/common/crypto/core/kcf_prov_lib.c Fri Jan 01 15:55:01 2010 -0800 @@ -19,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2009 Sun Microsystems, Inc. All rights reserved. + * Copyright 2010 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -297,7 +297,7 @@ key = kmem_alloc(len, kmflag); if (key == NULL) return (CRYPTO_HOST_MEMORY); - k_attrs = (crypto_object_attribute_t *)((caddr_t)key + + k_attrs = (crypto_object_attribute_t *)(void *)((caddr_t)key + sizeof (crypto_key_t)); attr_val = (caddr_t)k_attrs +
--- a/usr/src/uts/common/crypto/core/kcf_prov_tabs.c Fri Jan 01 05:31:21 2010 -0800 +++ b/usr/src/uts/common/crypto/core/kcf_prov_tabs.c Fri Jan 01 15:55:01 2010 -0800 @@ -19,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2009 Sun Microsystems, Inc. All rights reserved. + * Copyright 2010 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -157,7 +157,7 @@ kcf_provider_desc_t *prov_desc; ASSERT(prov_tab != NULL); - ASSERT(prov_tab_num >= 0); + ASSERT(prov_tab_num != (uint_t)-1); /* underflow */ /* * Validate provider id, since it can be specified by a 3rd-party @@ -652,7 +652,7 @@ bcopy(p, final_buffer, final_size); } kmem_free(p, n); - p = (kcf_provider_desc_t **)final_buffer; + p = (kcf_provider_desc_t **)(void *)final_buffer; } out: *count = cnt; @@ -757,7 +757,7 @@ bcopy(p, final_buffer, final_size); } kmem_free(p, n); - p = (kcf_provider_desc_t **)final_buffer; + p = (kcf_provider_desc_t **)(void *)final_buffer; } cnt = j; out:
--- a/usr/src/uts/common/crypto/core/kcf_sched.c Fri Jan 01 05:31:21 2010 -0800 +++ b/usr/src/uts/common/crypto/core/kcf_sched.c Fri Jan 01 15:55:01 2010 -0800 @@ -19,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2009 Sun Microsystems, Inc. All rights reserved. + * Copyright 2010 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -1604,7 +1604,7 @@ * We check the kp_threads since kcfd could have started * while we are waiting on the global software queue. */ - if (kcfpool->kp_threads <= 0 && !is_logged) { + if ((kcfpool->kp_threads == 0) && !is_logged) { cmn_err(CE_WARN, "kcfd is not running. Please check " "and restart kcfd. Using the failover kernel " "thread for now.\n"); @@ -1879,7 +1879,7 @@ if (kcr == NULL) return (NULL); - /* Copy the whole crypto_call_req struct, as it isn't persistant */ + /* Copy the whole crypto_call_req struct, as it isn't persistent */ if (crq != NULL) kcr->kr_callreq = *crq; else @@ -1907,7 +1907,7 @@ kcf_provider_desc_t *pd; crypto_dual_data_t *ct; - /* Stop the processing if an error occured at this step */ + /* Stop the processing if an error occurred at this step */ if (error != CRYPTO_SUCCESS) { out: areq->an_reqarg = next_req->kr_callreq;
--- a/usr/src/uts/common/crypto/io/arcfour.c Fri Jan 01 05:31:21 2010 -0800 +++ b/usr/src/uts/common/crypto/io/arcfour.c Fri Jan 01 15:55:01 2010 -0800 @@ -19,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2009 Sun Microsystems, Inc. All rights reserved. + * Copyright 2010 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -247,7 +247,8 @@ crypto_kmflag(req))) == NULL) return (CRYPTO_HOST_MEMORY); - arcfour_key_init(keystream, key->ck_data, key->ck_length >> 3); + arcfour_key_init(keystream, key->ck_data, + CRYPTO_BITS2BYTES(key->ck_length)); ctx->cc_provider_private = keystream;
--- a/usr/src/uts/common/crypto/io/crypto.c Fri Jan 01 05:31:21 2010 -0800 +++ b/usr/src/uts/common/crypto/io/crypto.c Fri Jan 01 15:55:01 2010 -0800 @@ -19,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2009 Sun Microsystems, Inc. All rights reserved. + * Copyright 2010 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -106,7 +106,6 @@ static int sign_verify_update(dev_t dev, caddr_t arg, int mode, int (*)(crypto_context_t, crypto_data_t *, crypto_call_req_t *)); -static void crypto_initialize_rctl(void); static void crypto_release_provider_session(crypto_minor_t *, crypto_provider_session_t *); static int crypto_buffer_check(size_t); @@ -433,7 +432,7 @@ return (DDI_SUCCESS); } -/* ARGSUSED */ +/* ARGSUSED3 */ static int crypto_open(dev_t *devp, int flag, int otyp, cred_t *credp) { @@ -527,7 +526,7 @@ return (0); } -/* ARGSUSED */ +/* ARGSUSED1 */ static int crypto_close(dev_t dev, int flag, int otyp, cred_t *credp) { @@ -1079,8 +1078,12 @@ get_all_mechanism_info(dev_t dev, caddr_t arg, int mode, int *rval) { STRUCT_DECL(crypto_get_all_mechanism_info, get_all_mech); +#ifdef _LP64 + STRUCT_DECL(crypto_mechanism_info, mi); +#else /* LINTED E_FUNC_SET_NOT_USED */ STRUCT_DECL(crypto_mechanism_info, mi); +#endif crypto_mech_name_t mech_name; crypto_mech_type_t mech_type; crypto_mechanism_info_t *mech_infos = NULL; @@ -1960,7 +1963,7 @@ CRYPTO_SUCCESS) { sp->sd_pre_approved_amount = 0; } else { - sp->sd_pre_approved_amount = crypto_pre_approved_limit; + sp->sd_pre_approved_amount = (int)crypto_pre_approved_limit; } cm->cm_session_table[i] = sp; @@ -2362,14 +2365,15 @@ case CRYPTO_KEY_RAW: key_bits = STRUCT_FGET(key, ck_length); if (key_bits != 0) { - key_bytes = CRYPTO_BITS2BYTES(key_bits); - if (key_bytes > crypto_max_buffer_len) { + if (key_bits > + (CRYPTO_BYTES2BITS(crypto_max_buffer_len))) { cmn_err(CE_NOTE, "copyin_key: buffer greater " "than %ld bytes, pid = %d", crypto_max_buffer_len, curproc->p_pid); rv = CRYPTO_ARGUMENTS_BAD; goto out; } + key_bytes = CRYPTO_BITS2BYTES(key_bits); rv = CRYPTO_BUFFER_CHECK(sp, key_bytes, *out_rctl_chk); @@ -2389,7 +2393,7 @@ goto out; } } - out_key->ck_length = key_bits; + out_key->ck_length = (ulong_t)key_bits; break; case CRYPTO_KEY_ATTR_LIST: @@ -2832,7 +2836,8 @@ error = EFAULT; goto release_minor; } - STRUCT_FSET(encrypt, ce_encrlen, encr.cd_length); + STRUCT_FSET(encrypt, ce_encrlen, + (ulong_t)encr.cd_length); } if (rv == CRYPTO_BUFFER_TOO_SMALL) { @@ -2843,7 +2848,8 @@ */ if (STRUCT_FGETP(encrypt, ce_encrbuf) == NULL) rv = CRYPTO_SUCCESS; - STRUCT_FSET(encrypt, ce_encrlen, encr.cd_length); + STRUCT_FSET(encrypt, ce_encrlen, + (ulong_t)encr.cd_length); } release_minor: @@ -2998,7 +3004,8 @@ if (STRUCT_FGETP(encrypt_update, eu_encrbuf) == NULL) rv = CRYPTO_SUCCESS; } - STRUCT_FSET(encrypt_update, eu_encrlen, encr.cd_length); + STRUCT_FSET(encrypt_update, eu_encrlen, + (ulong_t)encr.cd_length); } else { CRYPTO_CANCEL_CTX(ctxpp); } @@ -3134,7 +3141,8 @@ error = EFAULT; goto release_minor; } - STRUCT_FSET(encrypt_final, ef_encrlen, encr.cd_length); + STRUCT_FSET(encrypt_final, ef_encrlen, + (ulong_t)encr.cd_length); } if (rv == CRYPTO_BUFFER_TOO_SMALL) { @@ -3145,7 +3153,8 @@ */ if (STRUCT_FGETP(encrypt_final, ef_encrbuf) == NULL) rv = CRYPTO_SUCCESS; - STRUCT_FSET(encrypt_final, ef_encrlen, encr.cd_length); + STRUCT_FSET(encrypt_final, ef_encrlen, + (ulong_t)encr.cd_length); } release_minor: @@ -3511,7 +3520,8 @@ error = EFAULT; goto release_minor; } - STRUCT_FSET(crypto_digest, cd_digestlen, digest.cd_length); + STRUCT_FSET(crypto_digest, cd_digestlen, + (ulong_t)digest.cd_length); } if (rv == CRYPTO_BUFFER_TOO_SMALL) { @@ -3522,7 +3532,8 @@ */ if (STRUCT_FGETP(crypto_digest, cd_digestbuf) == NULL) rv = CRYPTO_SUCCESS; - STRUCT_FSET(crypto_digest, cd_digestlen, digest.cd_length); + STRUCT_FSET(crypto_digest, cd_digestlen, + (ulong_t)digest.cd_length); } release_minor: @@ -4484,9 +4495,9 @@ bcopy(p, STRUCT_BUF(oa), STRUCT_SIZE(oa)); value_len = k_attrs[i].oa_value_len; STRUCT_FSET(oa, oa_type, k_attrs[i].oa_type); - STRUCT_FSET(oa, oa_value_len, value_len); + STRUCT_FSET(oa, oa_value_len, (ssize_t)value_len); valuep = STRUCT_FGETP(oa, oa_value); - if (valuep != NULL && value_len != -1) { + if ((valuep != NULL) && (value_len != (size_t)-1)) { if (copyout(k_attrs[i].oa_value, valuep, value_len) != 0) { error = EFAULT; @@ -4766,8 +4777,12 @@ object_get_attribute_value(dev_t dev, caddr_t arg, int mode, int *rval) { STRUCT_DECL(crypto_object_get_attribute_value, get_attribute_value); +#ifdef _LP64 + STRUCT_DECL(crypto_object_attribute, oa); +#else /* LINTED E_FUNC_SET_NOT_USED */ STRUCT_DECL(crypto_object_attribute, oa); +#endif kcf_provider_desc_t *real_provider; kcf_req_params_t params; crypto_object_attribute_t *k_attrs = NULL; @@ -4910,7 +4925,7 @@ KCF_PROV_REFRELE(real_provider); if (rv == CRYPTO_SUCCESS) { - STRUCT_FSET(object_get_size, gs_size, size); + STRUCT_FSET(object_get_size, gs_size, (ulong_t)size); } release_minor: @@ -5410,8 +5425,12 @@ nostore_generate_key(dev_t dev, caddr_t arg, int mode, int *rval) { STRUCT_DECL(crypto_nostore_generate_key, generate_key); +#ifdef _LP64 + STRUCT_DECL(crypto_object_attribute, oa); +#else /* LINTED E_FUNC_SET_NOT_USED */ STRUCT_DECL(crypto_object_attribute, oa); +#endif kcf_provider_desc_t *real_provider = NULL; kcf_req_params_t params; crypto_mechanism_t mech; @@ -5700,8 +5719,12 @@ nostore_generate_key_pair(dev_t dev, caddr_t arg, int mode, int *rval) { STRUCT_DECL(crypto_nostore_generate_key_pair, generate_key_pair); +#ifdef _LP64 + STRUCT_DECL(crypto_object_attribute, oa); +#else /* LINTED E_FUNC_SET_NOT_USED */ STRUCT_DECL(crypto_object_attribute, oa); +#endif kcf_provider_desc_t *real_provider = NULL; kcf_req_params_t params; crypto_mechanism_t mech; @@ -6000,7 +6023,8 @@ wrapped_key_buffer, new_wrapped_key_len) != 0) { error = EFAULT; } - STRUCT_FSET(wrap_key, wk_wrapped_key_len, new_wrapped_key_len); + STRUCT_FSET(wrap_key, wk_wrapped_key_len, + (ulong_t)new_wrapped_key_len); } if (rv == CRYPTO_BUFFER_TOO_SMALL) { @@ -6011,7 +6035,8 @@ */ if (STRUCT_FGETP(wrap_key, wk_wrapped_key) == NULL) rv = CRYPTO_SUCCESS; - STRUCT_FSET(wrap_key, wk_wrapped_key_len, new_wrapped_key_len); + STRUCT_FSET(wrap_key, wk_wrapped_key_len, + (ulong_t)new_wrapped_key_len); } out: @@ -6367,8 +6392,12 @@ nostore_derive_key(dev_t dev, caddr_t arg, int mode, int *rval) { STRUCT_DECL(crypto_nostore_derive_key, derive_key); +#ifdef _LP64 + STRUCT_DECL(crypto_object_attribute, oa); +#else /* LINTED E_FUNC_SET_NOT_USED */ STRUCT_DECL(crypto_object_attribute, oa); +#endif kcf_provider_desc_t *real_provider = NULL; kcf_req_params_t params; crypto_object_attribute_t *k_in_attrs = NULL;
--- a/usr/src/uts/common/crypto/io/dca.c Fri Jan 01 05:31:21 2010 -0800 +++ b/usr/src/uts/common/crypto/io/dca.c Fri Jan 01 15:55:01 2010 -0800 @@ -20,7 +20,7 @@ */ /* - * Copyright 2009 Sun Microsystems, Inc. All rights reserved. + * Copyright 2010 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -183,7 +183,8 @@ {SUN_CKM_DSA, DSA_MECH_INFO_TYPE, CRYPTO_FG_SIGN | CRYPTO_FG_VERIFY | CRYPTO_FG_SIGN_ATOMIC | CRYPTO_FG_VERIFY_ATOMIC, - DSA_MIN_KEY_LEN * 8, DSA_MAX_KEY_LEN * 8, + CRYPTO_BYTES2BITS(DSA_MIN_KEY_LEN), + CRYPTO_BYTES2BITS(DSA_MAX_KEY_LEN), CRYPTO_KEYSIZE_UNIT_IN_BITS}, /* RSA */ @@ -194,7 +195,8 @@ CRYPTO_FG_ENCRYPT_ATOMIC | CRYPTO_FG_DECRYPT_ATOMIC | CRYPTO_FG_SIGN_ATOMIC | CRYPTO_FG_SIGN_RECOVER_ATOMIC | CRYPTO_FG_VERIFY_ATOMIC | CRYPTO_FG_VERIFY_RECOVER_ATOMIC, - RSA_MIN_KEY_LEN * 8, RSA_MAX_KEY_LEN * 8, + CRYPTO_BYTES2BITS(RSA_MIN_KEY_LEN), + CRYPTO_BYTES2BITS(RSA_MAX_KEY_LEN), CRYPTO_KEYSIZE_UNIT_IN_BITS}, {SUN_CKM_RSA_PKCS, RSA_PKCS_MECH_INFO_TYPE, CRYPTO_FG_ENCRYPT | CRYPTO_FG_DECRYPT | CRYPTO_FG_SIGN | @@ -203,7 +205,8 @@ CRYPTO_FG_ENCRYPT_ATOMIC | CRYPTO_FG_DECRYPT_ATOMIC | CRYPTO_FG_SIGN_ATOMIC | CRYPTO_FG_SIGN_RECOVER_ATOMIC | CRYPTO_FG_VERIFY_ATOMIC | CRYPTO_FG_VERIFY_RECOVER_ATOMIC, - RSA_MIN_KEY_LEN * 8, RSA_MAX_KEY_LEN * 8, + CRYPTO_BYTES2BITS(RSA_MIN_KEY_LEN), + CRYPTO_BYTES2BITS(RSA_MAX_KEY_LEN), CRYPTO_KEYSIZE_UNIT_IN_BITS} }; @@ -1672,9 +1675,9 @@ #if defined(i386) || defined(__i386) /* * Use kmem_alloc instead of ddi_dma_mem_alloc here since the latter - * may fail on x86 platform if a physically contigous memory chunk + * may fail on x86 platform if a physically contiguous memory chunk * cannot be found. From initial testing, we did not see performance - * degration as seen on Sparc. + * degradation as seen on Sparc. */ if ((reqp->dr_ibuf_kaddr = kmem_alloc(size, KM_SLEEP)) == NULL) { dca_error(dca, "unable to alloc request ibuf memory"); @@ -1688,9 +1691,9 @@ } #else /* - * We could kmem_alloc for sparc too. However, it gives worse - * performance when transfering more than one page data. For example, - * using 4 threads and 12032 byte data and 3DES on 900MHZ sparc system, + * We could kmem_alloc for Sparc too. However, it gives worse + * performance when transferring more than one page data. For example, + * using 4 threads and 12032 byte data and 3DES on 900MHZ Sparc system, * kmem_alloc uses 80% CPU and ddi_dma_mem_alloc uses 50% CPU for * the same throughput. */ @@ -1888,9 +1891,9 @@ /* * Binds user buffers to DMA handles dynamically. On Sparc, a user buffer - * is mapped to a single physicall address. On x86, a user buffer is mapped - * to multiple physically addresses. These phsyical addresses are chained - * using the method specified in Broadcom BCM5820 specification + * is mapped to a single physical address. On x86, a user buffer is mapped + * to multiple physical addresses. These physical addresses are chained + * using the method specified in Broadcom BCM5820 specification. */ int dca_bindchains(dca_request_t *reqp, size_t incnt, size_t outcnt)
--- a/usr/src/uts/common/crypto/io/dprov.c Fri Jan 01 05:31:21 2010 -0800 +++ b/usr/src/uts/common/crypto/io/dprov.c Fri Jan 01 15:55:01 2010 -0800 @@ -19,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2009 Sun Microsystems, Inc. All rights reserved. + * Copyright 2010 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -8846,7 +8846,7 @@ * The length of the array is expressed in bytes. * Convert to bits now since that's how keys are measured. */ - len = len << 3; + len = CRYPTO_BYTES2BITS(len); /* optional */ if ((dprov_get_key_attr_ulong(key, DPROV_CKA_VALUE_LEN, @@ -8907,7 +8907,7 @@ * The length of attributes are in bytes. * Convert to bits now since that's how keys are measured. */ - len = len << 3; + len = CRYPTO_BYTES2BITS(len); ret_key->ck_data = value; ret_key->ck_length = (uint_t)len;
--- a/usr/src/uts/common/crypto/io/rsa.c Fri Jan 01 05:31:21 2010 -0800 +++ b/usr/src/uts/common/crypto/io/rsa.c Fri Jan 01 15:55:01 2010 -0800 @@ -19,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2009 Sun Microsystems, Inc. All rights reserved. + * Copyright 2010 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -928,7 +928,8 @@ return (CRYPTO_HOST_MEMORY); /* psize and qsize for RSA_key_init is in bits. */ - if (RSA_key_init(rsakey, prime2_len * 8, prime1_len * 8) != BIG_OK) { + if (RSA_key_init(rsakey, CRYPTO_BYTES2BITS(prime2_len), + CRYPTO_BYTES2BITS(prime1_len)) != BIG_OK) { rv = CRYPTO_HOST_MEMORY; goto clean1; }
--- a/usr/src/uts/common/crypto/io/swrand.c Fri Jan 01 05:31:21 2010 -0800 +++ b/usr/src/uts/common/crypto/io/swrand.c Fri Jan 01 15:55:01 2010 -0800 @@ -19,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2009 Sun Microsystems, Inc. All rights reserved. + * Copyright 2010 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -370,9 +370,9 @@ /* Figure out how many bytes to extract */ bytes = min(HASHSIZE, len); - bytes = min(bytes, entropy_bits/8); - entropy_bits -= bytes * 8; - BUMP_SWRAND_STATS(ss_entOut, bytes * 8); + bytes = min(bytes, CRYPTO_BITS2BYTES(entropy_bits)); + entropy_bits -= CRYPTO_BYTES2BITS(bytes); + BUMP_SWRAND_STATS(ss_entOut, CRYPTO_BYTES2BITS(bytes)); swrand_stats.ss_entEst = entropy_bits; /* Extract entropy by hashing pool content */ @@ -535,8 +535,8 @@ } entropy_bits += entropy_est; - if (entropy_bits > RNDPOOLSIZE * 8) - entropy_bits = RNDPOOLSIZE * 8; + if (entropy_bits > CRYPTO_BYTES2BITS(RNDPOOLSIZE)) + entropy_bits = CRYPTO_BYTES2BITS(RNDPOOLSIZE); swrand_stats.ss_entEst = entropy_bits; BUMP_SWRAND_STATS(ss_entIn, entropy_est); @@ -608,7 +608,7 @@ * The maximum entropy amount in bits per block of memory read is * log_2(MEMBLOCKSIZE * 8); */ - i = MEMBLOCKSIZE << 3; + i = CRYPTO_BYTES2BITS(MEMBLOCKSIZE); while (i >>= 1) entsrc->entperblock++; @@ -682,7 +682,7 @@ for (i = 0; i < RNDPOOLSIZE/4; i++) { /* If the pool is "full", stop after one block */ - if (entropy_bits + ent >= RNDPOOLSIZE * 8) { + if (entropy_bits + ent >= CRYPTO_BYTES2BITS(RNDPOOLSIZE)) { if (i > 0) break; }
--- a/usr/src/uts/common/sys/crypto/common.h Fri Jan 01 05:31:21 2010 -0800 +++ b/usr/src/uts/common/sys/crypto/common.h Fri Jan 01 15:55:01 2010 -0800 @@ -19,7 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2009 Sun Microsystems, Inc. All rights reserved. + * Copyright 2010 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -162,7 +162,7 @@ /* * The measurement unit bit flag for a mechanism's minimum or maximum key size. - * The unit are mechanism dependant. It can be in bits or in bytes. + * The unit are mechanism dependent. It can be in bits or in bytes. */ typedef uint32_t crypto_keysize_unit_t; @@ -387,8 +387,10 @@ * Raw key lengths are expressed in number of bits. * The following macro returns the minimum number of * bytes that can contain the specified number of bits. + * Round up without overflowing the integer type. */ -#define CRYPTO_BITS2BYTES(n) (((n) + 7) >> 3) +#define CRYPTO_BITS2BYTES(n) ((n) == 0 ? 0 : (((n) - 1) >> 3) + 1) +#define CRYPTO_BYTES2BITS(n) ((n) << 3) /* Providers */
--- a/usr/src/uts/intel/crypto/Makefile Fri Jan 01 05:31:21 2010 -0800 +++ b/usr/src/uts/intel/crypto/Makefile Fri Jan 01 15:55:01 2010 -0800 @@ -19,11 +19,9 @@ # CDDL HEADER END # # -# Copyright 2006 Sun Microsystems, Inc. All rights reserved. +# Copyright 2010 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # -# ident "%Z%%M% %I% %E% SMI" -# # This makefile drives the production of the crypto driver # kernel module. # @@ -56,18 +54,6 @@ LINT_TARGET = $(MODULE).lint INSTALL_TARGET = $(BINARY) $(ROOTMODULE) $(ROOTLINK) $(ROOT_CONFFILE) -# -# For now, disable these lint checks; maintainers should endeavor -# to investigate and remove these for maximum lint coverage. -# Please do not carry these forward to new Makefiles. -# -LINTTAGS += -erroff=E_SUSPICIOUS_COMPARISON -LINTTAGS += -erroff=E_BAD_PTR_CAST_ALIGN -LINTTAGS += -erroff=E_SUPPRESSION_DIRECTIVE_UNUSED -LINTTAGS += -erroff=E_STATIC_UNUSED -LINTTAGS += -erroff=E_PTRDIFF_OVERFLOW -LINTTAGS += -erroff=E_ASSIGN_NARROW_CONV - LDFLAGS += -dy -Nmisc/kcf #
--- a/usr/src/uts/intel/kcf/Makefile Fri Jan 01 05:31:21 2010 -0800 +++ b/usr/src/uts/intel/kcf/Makefile Fri Jan 01 15:55:01 2010 -0800 @@ -19,7 +19,7 @@ # CDDL HEADER END # # -# Copyright 2009 Sun Microsystems, Inc. All rights reserved. +# Copyright 2010 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # # This makefile drives the production of the Kernel Cryptographic @@ -58,22 +58,17 @@ INSTALL_TARGET = $(BINARY) $(ROOTMODULE) # -# For now, disable these lint checks; maintainers should endeavor -# to investigate and remove these for maximum lint coverage. -# Please do not carry these forward to new Makefiles. -# -LINTTAGS += -erroff=E_SUSPICIOUS_COMPARISON -LINTTAGS += -erroff=E_BAD_PTR_CAST_ALIGN - -LINTTAGS += -I$(COM_DIR) - -# # Linkage dependencies # +# +# lint pass one enforcement +# CFLAGS += $(CCVERBOSE) -I$(COM_DIR) AS_CPPFLAGS += -I../../$(PLATFORM) +LINTTAGS += -I$(COM_DIR) + # # Default build targets. #
--- a/usr/src/uts/sparc/crypto/Makefile Fri Jan 01 05:31:21 2010 -0800 +++ b/usr/src/uts/sparc/crypto/Makefile Fri Jan 01 15:55:01 2010 -0800 @@ -19,11 +19,9 @@ # CDDL HEADER END # # -# Copyright 2006 Sun Microsystems, Inc. All rights reserved. +# Copyright 2010 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # -# ident "%Z%%M% %I% %E% SMI" -# # This makefile drives the production of the crypto driver # kernel module. # @@ -61,18 +59,6 @@ # CFLAGS += $(CCVERBOSE) -# -# For now, disable these lint checks; maintainers should endeavor -# to investigate and remove these for maximum lint coverage. -# Please do not carry these forward to new Makefiles. -# -LINTTAGS += -erroff=E_SUSPICIOUS_COMPARISON -LINTTAGS += -erroff=E_BAD_PTR_CAST_ALIGN -LINTTAGS += -erroff=E_SUPPRESSION_DIRECTIVE_UNUSED -LINTTAGS += -erroff=E_STATIC_UNUSED -LINTTAGS += -erroff=E_PTRDIFF_OVERFLOW -LINTTAGS += -erroff=E_ASSIGN_NARROW_CONV - LDFLAGS += -dy -Nmisc/kcf #
--- a/usr/src/uts/sparc/kcf/Makefile Fri Jan 01 05:31:21 2010 -0800 +++ b/usr/src/uts/sparc/kcf/Makefile Fri Jan 01 15:55:01 2010 -0800 @@ -19,11 +19,9 @@ # CDDL HEADER END # # -# Copyright 2008 Sun Microsystems, Inc. All rights reserved. +# Copyright 2010 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # -#ident "%Z%%M% %I% %E% SMI" -# # This makefile drives the production of the Kernel Cryptographic # Framework core module. # @@ -65,16 +63,6 @@ # CFLAGS += $(CCVERBOSE) -I$(COM_DIR) -# -# For now, disable these lint checks; maintainers should endeavor -# to investigate and remove these for maximum lint coverage. -# Please do not carry these forward to new Makefiles. -# -LINTTAGS += -erroff=E_BAD_PTR_CAST_ALIGN -LINTTAGS += -erroff=E_ASSIGN_NARROW_CONV -LINTTAGS += -erroff=E_STATIC_UNUSED -LINTTAGS += -erroff=E_SUSPICIOUS_COMPARISON -LINTTAGS += -erroff=E_PTRDIFF_OVERFLOW LINTTAGS += -I$(COM_DIR) #