diff --git a/module/icp/core/kcf_prov_tabs.c b/module/icp/core/kcf_prov_tabs.c index d58786788..ac18c66e9 100644 --- a/module/icp/core/kcf_prov_tabs.c +++ b/module/icp/core/kcf_prov_tabs.c @@ -206,24 +206,6 @@ kcf_alloc_provider_desc(const crypto_provider_info_t *info) kcf_provider_desc_t *desc = kmem_zalloc(sizeof (kcf_provider_desc_t), KM_SLEEP); - /* - * pd_description serves two purposes - * - Appears as a blank padded PKCS#11 style string, that will be - * returned to applications in CK_SLOT_INFO.slotDescription. - * This means that we should not have a null character in the - * first CRYPTO_PROVIDER_DESCR_MAX_LEN bytes. - * - Appears as a null-terminated string that can be used by - * other kcf routines. - * - * So, we allocate enough room for one extra null terminator - * which keeps every one happy. - */ - desc->pd_description = kmem_alloc(CRYPTO_PROVIDER_DESCR_MAX_LEN + 1, - KM_SLEEP); - (void) memset(desc->pd_description, ' ', - CRYPTO_PROVIDER_DESCR_MAX_LEN); - desc->pd_description[CRYPTO_PROVIDER_DESCR_MAX_LEN] = '\0'; - desc->pd_mech_list_count = info->pi_mech_list_count; desc->pd_mechanisms = kmem_zalloc(sizeof (crypto_mech_info_t) * info->pi_mech_list_count, KM_SLEEP); @@ -290,10 +272,6 @@ kcf_free_provider_desc(kcf_provider_desc_t *desc) /* free the kernel memory associated with the provider descriptor */ - if (desc->pd_description != NULL) - kmem_free(desc->pd_description, - CRYPTO_PROVIDER_DESCR_MAX_LEN + 1); - if (desc->pd_mechanisms != NULL) /* free the memory associated with the mechanism info's */ kmem_free(desc->pd_mechanisms, sizeof (crypto_mech_info_t) * diff --git a/module/icp/include/sys/crypto/impl.h b/module/icp/include/sys/crypto/impl.h index 3c8f4d37e..39fa6dafe 100644 --- a/module/icp/include/sys/crypto/impl.h +++ b/module/icp/include/sys/crypto/impl.h @@ -221,7 +221,7 @@ typedef struct kcf_provider_desc { // int pd_module_id; // struct modctl *pd_mctlp; kcondvar_t pd_remove_cv; - char *pd_description; + const char *pd_description; uint_t pd_flags; uint_t pd_hash_limit; crypto_kcf_provider_handle_t pd_kcf_prov_handle; diff --git a/module/icp/include/sys/crypto/spi.h b/module/icp/include/sys/crypto/spi.h index 2993caa4f..25fba6dda 100644 --- a/module/icp/include/sys/crypto/spi.h +++ b/module/icp/include/sys/crypto/spi.h @@ -267,7 +267,7 @@ typedef uint_t crypto_kcf_provider_handle_t; * pi_provider_dev must be specified with a different pi_provider_handle. */ typedef struct crypto_provider_info { - char *pi_provider_description; + const char *pi_provider_description; crypto_provider_type_t pi_provider_type; crypto_provider_handle_t pi_provider_handle; const crypto_ops_t *pi_ops_vector; diff --git a/module/icp/spi/kcf_spi.c b/module/icp/spi/kcf_spi.c index 284b56b85..3e6612350 100644 --- a/module/icp/spi/kcf_spi.c +++ b/module/icp/spi/kcf_spi.c @@ -96,19 +96,7 @@ crypto_register_provider(const crypto_provider_info_t *info, prov_desc->pd_prov_handle = info->pi_provider_handle; /* copy provider description string */ - if (info->pi_provider_description != NULL) { - /* - * pi_provider_descriptor is a string that can contain - * up to CRYPTO_PROVIDER_DESCR_MAX_LEN + 1 characters - * INCLUDING the terminating null character. A bcopy() - * is necessary here as pd_description should not have - * a null character. See comments in kcf_alloc_provider_desc() - * for details on pd_description field. - */ - bcopy(info->pi_provider_description, prov_desc->pd_description, - MIN(strlen(info->pi_provider_description), - (size_t)CRYPTO_PROVIDER_DESCR_MAX_LEN)); - } + prov_desc->pd_description = info->pi_provider_description; /* Change from Illumos: the ops vector is persistent. */ if (info->pi_provider_type != CRYPTO_LOGICAL_PROVIDER) {