![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / sys / crypto
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.92 / (download) - annotate - [select for diffs], Sun Oct 24 14:50:42 2021 UTC (2 years, 7 months ago) by tobhe
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
OPENBSD_7_4_BASE,
OPENBSD_7_4,
OPENBSD_7_3_BASE,
OPENBSD_7_3,
OPENBSD_7_2_BASE,
OPENBSD_7_2,
OPENBSD_7_1_BASE,
OPENBSD_7_1,
HEAD
Changes since 1.91: +6 -6 lines
Diff to previous 1.91 (colored)
Remove crp_etype and return errors directly from crypto_invoke() ok patrick@
Revision 1.91 / (download) - annotate - [select for diffs], Sun Oct 24 10:26:22 2021 UTC (2 years, 7 months ago) by patrick
Branch: MAIN
Changes since 1.90: +6 -9 lines
Diff to previous 1.90 (colored)
Stop setting etype in the MD crypto code. So far we have set the etype and returned the error, which made the MI crypto code set the etype for a second time. We still have to set etype after calling the MD process function, as the callers of crypto_invoke() still expect error handling to be shown through the etype. But at least now all MD crypto code does not have to worry about that anymore. Once the callers are changed to not look at etype anymore, we can get rid of it completely. ok tobhe@
Revision 1.90 / (download) - annotate - [select for diffs], Sat Oct 23 15:42:35 2021 UTC (2 years, 7 months ago) by tobhe
Branch: MAIN
Changes since 1.89: +1 -41 lines
Diff to previous 1.89 (colored)
Retire asynchronous crypto API as it is no longer required by any driver and adds unnecessary complexity. Dedicated crypto offloading devices are not common anymore. Modern CPU crypto acceleration works synchronously, eliminating the need for callbacks. Replace all occurrences of crypto_dispatch() with crypto_invoke(), which is blocking and only returns after the operation has completed or an error occured. Invoke callback functions directly from the consumer (e.g. IPsec, softraid) instead of relying on the crypto driver to call crypto_done(). ok bluhm@ mvs@ patrick@
Revision 1.89 / (download) - annotate - [select for diffs], Thu Oct 21 23:03:48 2021 UTC (2 years, 7 months ago) by tobhe
Branch: MAIN
Changes since 1.88: +1 -9 lines
Diff to previous 1.88 (colored)
Remove more dead code related to crypto task queues.
Revision 1.88 / (download) - annotate - [select for diffs], Thu Oct 21 22:59:08 2021 UTC (2 years, 7 months ago) by tobhe
Branch: MAIN
Changes since 1.87: +7 -25 lines
Diff to previous 1.87 (colored)
Remove code to run crypto operations in a task queue. The code was not reachable because all callers had set the CRYPTO_F_NOQUEUE flag. ok patrick@ mvs@ bluhm@
Revision 1.87 / (download) - annotate - [select for diffs], Wed Oct 13 22:43:44 2021 UTC (2 years, 7 months ago) by bluhm
Branch: MAIN
Changes since 1.86: +3 -5 lines
Diff to previous 1.86 (colored)
The function crypto_dispatch() never returns an error. Make it void and remove error handling in the callers. OK patrick@ mvs@
Revision 1.86 / (download) - annotate - [select for diffs], Wed Oct 13 13:08:58 2021 UTC (2 years, 7 months ago) by bluhm
Branch: MAIN
Changes since 1.85: +8 -10 lines
Diff to previous 1.85 (colored)
The kernel crypto framework sometimes returned an error, sometimes the callback was called, and sometimes both. So the caller of that API could not release resources correctly. A bunch of errors can or should not happen, replace them with an assert. Remove redundant checks. crypto_invoke() should not return the error, but pass it via callback. Some old hardware drivers keep part of their inconsistency as I cannot test them. OK mpi@
Revision 1.85 / (download) - annotate - [select for diffs], Mon Jul 26 21:27:56 2021 UTC (2 years, 10 months ago) by bluhm
Branch: MAIN
CVS Tags: OPENBSD_7_0_BASE,
OPENBSD_7_0
Changes since 1.84: +24 -8 lines
Diff to previous 1.84 (colored)
Do not queue crypto operations for IPsec. The packet entries in task queues were unlimited and could overflow during havy traffic. Even if we still use hardware drivers that sleep, softnet task instead of soft interrupt can handle this now. Without queues net lock is inherited and kernel lock is only needed once per packet. This results in less lock contention and faster IPsec. Also protect tdb drop counters with net lock and avoid a leak in crypto dispatch error handling. intense testing Hrvoje Popovski; OK mpi@
Revision 1.84 / (download) - annotate - [select for diffs], Wed Jul 21 11:11:41 2021 UTC (2 years, 10 months ago) by bluhm
Branch: MAIN
Changes since 1.83: +5 -5 lines
Diff to previous 1.83 (colored)
Propagate errors from crypto_invoke() and count them in IPsec. They should not happen, but always check error conditions. tq is never NULL, remove the check. tdb->tdb_odrops++ is not MP safe, but will be addressed separately in ipsec_output_cb(). OK mvs@
Revision 1.83 / (download) - annotate - [select for diffs], Wed Jun 30 12:21:02 2021 UTC (2 years, 11 months ago) by bluhm
Branch: MAIN
Changes since 1.82: +51 -38 lines
Diff to previous 1.82 (colored)
Remove unused variable cryptodesc_pool. Document global variables in crypto.c and annotate locking protection. Assert kernel lock where needed. Remove dead code from crypto_get_driverid(). Move crypto_init() prototype into header file. OK mpi@
Revision 1.82 / (download) - annotate - [select for diffs], Mon Mar 30 17:48:39 2020 UTC (4 years, 2 months ago) by krw
Branch: MAIN
CVS Tags: OPENBSD_6_9_BASE,
OPENBSD_6_9,
OPENBSD_6_8_BASE,
OPENBSD_6_8,
OPENBSD_6_7_BASE,
OPENBSD_6_7
Changes since 1.81: +6 -4 lines
Diff to previous 1.81 (colored)
Break crypto_unregister() sanity check into two expressions, making it clearer what is being checked. Original suggestion from kettenis@.
Revision 1.81 / (download) - annotate - [select for diffs], Sun Mar 29 13:43:13 2020 UTC (4 years, 2 months ago) by krw
Branch: MAIN
Changes since 1.80: +4 -4 lines
Diff to previous 1.80 (colored)
Don't access past end of cc_alg[] when trying to avoid unregistering an invalid algorithm. CID 1453298 ok kettenis@ (with suggested improvements to come)
Revision 1.80 / (download) - annotate - [select for diffs], Thu Nov 30 16:31:12 2017 UTC (6 years, 6 months ago) by visa
Branch: MAIN
CVS Tags: OPENBSD_6_6_BASE,
OPENBSD_6_6,
OPENBSD_6_5_BASE,
OPENBSD_6_5,
OPENBSD_6_4_BASE,
OPENBSD_6_4,
OPENBSD_6_3_BASE,
OPENBSD_6_3
Changes since 1.79: +2 -2 lines
Diff to previous 1.79 (colored)
Fix the IPL and flags of the MP-safe crypto taskq. Now a sane IPL is passed to the mutex implementation, and the queue actually runs without the kernel lock. Tested by dhill@ OK mikeb@, dhill@, kettenis@
Revision 1.79 / (download) - annotate - [select for diffs], Tue Feb 7 17:25:46 2017 UTC (7 years, 4 months ago) by patrick
Branch: MAIN
CVS Tags: OPENBSD_6_2_BASE,
OPENBSD_6_2,
OPENBSD_6_1_BASE,
OPENBSD_6_1
Changes since 1.78: +18 -24 lines
Diff to previous 1.78 (colored)
Reduce the per-packet allocation costs for crypto operations (cryptop) by pre-allocating two cryptodesc objects and storing them in an array instead of a linked list. If more than two cryptodesc objects are required use mallocarray to fetch them. Adapt the drivers to the new API. This change results in one pool-get per ESP packet instead of three. It also simplifies softraid crypto where more cryptodesc objects are allocated than used. From, with and ok markus@, ok bluhm@ "looks sane" mpi@
Revision 1.78 / (download) - annotate - [select for diffs], Mon Sep 19 18:09:40 2016 UTC (7 years, 8 months ago) by tedu
Branch: MAIN
Changes since 1.77: +2 -2 lines
Diff to previous 1.77 (colored)
convert bcopy to memcpy. from david hill
Revision 1.77 / (download) - annotate - [select for diffs], Thu Sep 15 02:00:17 2016 UTC (7 years, 8 months ago) by dlg
Branch: MAIN
Changes since 1.76: +5 -7 lines
Diff to previous 1.76 (colored)
all pools have their ipl set via pool_setipl, so fold it into pool_init. the ioff argument to pool_init() is unused and has been for many years, so this replaces it with an ipl argument. because the ipl will be set on init we no longer need pool_setipl. most of these changes have been done with coccinelle using the spatch below. cocci sucks at formatting code though, so i fixed that by hand. the manpage and subr_pool.c bits i did myself. ok tedu@ jmatthew@ @ipl@ expression pp; expression ipl; expression s, a, o, f, m, p; @@ -pool_init(pp, s, a, o, f, m, p); -pool_setipl(pp, ipl); +pool_init(pp, s, a, ipl, f, m, p);
Revision 1.76 / (download) - annotate - [select for diffs], Mon Apr 18 21:05:55 2016 UTC (8 years, 1 month ago) by kettenis
Branch: MAIN
CVS Tags: OPENBSD_6_0_BASE,
OPENBSD_6_0
Changes since 1.75: +17 -3 lines
Diff to previous 1.75 (colored)
Add a mechanism for dispatching mpsafe crypto operations. This adds a new CRYPTOCAP_F_MPSAFE flag that crypto implementations can set to indicate that their cc_process() implementation can safely run without holding the kernel lock. ok mikeb@
Revision 1.75 / (download) - annotate - [select for diffs], Fri Aug 28 00:03:53 2015 UTC (8 years, 9 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_5_9_BASE,
OPENBSD_5_9
Changes since 1.74: +5 -3 lines
Diff to previous 1.74 (colored)
fairly simple sizes for free(); ok tedu
Revision 1.74 / (download) - annotate - [select for diffs], Mon Feb 9 03:15:41 2015 UTC (9 years, 4 months ago) by dlg
Branch: MAIN
CVS Tags: OPENBSD_5_8_BASE,
OPENBSD_5_8,
OPENBSD_5_7_BASE,
OPENBSD_5_7
Changes since 1.73: +2 -2 lines
Diff to previous 1.73 (colored)
we want to defer work traditionally (in openbsd) handled in an interrupt context to a taskq running in a thread. however, there is a concern that if we do that then we allow accidental use of sleeping APIs in this work, which will make it harder to move the work back to interrupts in the future. guenther and kettenis came up with the idea of marking a proc with CANTSLEEP which the sleep paths can check and panic on. this builds on that so you create taskqs that run with CANTSLEEP set except when they need to sleep for more tasks to run. the taskq_create api is changed to take a flags argument so users can specify CANTSLEEP. MPSAFE is also passed via this flags field now. this means archs that defined IPL_MPSAFE to 0 can now create mpsafe taskqs too. lots of discussion at s2k15 ok guenther@ miod@ mpi@ tedu@ pelikan@
Revision 1.73 / (download) - annotate - [select for diffs], Tue Jan 27 03:17:35 2015 UTC (9 years, 4 months ago) by dlg
Branch: MAIN
Changes since 1.72: +3 -4 lines
Diff to previous 1.72 (colored)
remove the second void * argument on tasks. when workqs were introduced, we provided a second argument so you could pass a thing and some context to work on it in. there were very few things that took advantage of the second argument, so when i introduced pools i suggested removing it. since tasks were meant to replace workqs, it was requested that we keep the second argument to make porting from workqs to tasks easier. now that workqs are gone, i had a look at the use of the second argument again and found only one good use of it (vdsp(4) on sparc64 if you're interested) and a tiny handful of questionable uses. the vast majority of tasks only used a single argument. i have since modified all tasks that used two args to only use one, so now we can remove the second argument. so this is a mechanical change. all tasks only passed NULL as their second argument, so we can just remove it. ok krw@
Revision 1.72 / (download) - annotate - [select for diffs], Thu Oct 23 00:15:09 2014 UTC (9 years, 7 months ago) by dlg
Branch: MAIN
Changes since 1.71: +4 -13 lines
Diff to previous 1.71 (colored)
pools lock themselves now, we just have to tell them what IPL they will be used from. this adds pool_setipl at IPL_VM to the crypto descriptor pools, and removes all the splvm handling around the use of those pools. tested by many via tech@ ok kettenis@ deraadt@
Revision 1.71 / (download) - annotate - [select for diffs], Thu Oct 23 00:11:48 2014 UTC (9 years, 7 months ago) by dlg
Branch: MAIN
Changes since 1.70: +2 -2 lines
Diff to previous 1.70 (colored)
apply only the bit of r1.69 that should have been committed: make the crypto taskq protect things at IPL_VM instead of IPL_HIGH. everything else in crypto.c uses splvm/IPL_VM. it seems this IPL_HIGH came about because the hand rolled task list and thread that crypto used to use was converted to workqs, which unconditionally used IPL_HIGH internally. when it was converted from workqs to tasks it blindly ported the protection workqs gave. tested by many via tech@ and snapshots ok kettenis@
Revision 1.70 / (download) - annotate - [select for diffs], Thu Oct 23 00:10:09 2014 UTC (9 years, 7 months ago) by dlg
Branch: MAIN
Changes since 1.69: +13 -4 lines
Diff to previous 1.69 (colored)
revert previous. it did more than the commit message said it did.
Revision 1.69 / (download) - annotate - [select for diffs], Wed Oct 22 05:37:54 2014 UTC (9 years, 7 months ago) by dlg
Branch: MAIN
Changes since 1.68: +5 -14 lines
Diff to previous 1.68 (colored)
make the crypto taskq protect things at IPL_VM instead of IPL_HIGH. everything else in crypto.c uses splvm/IPL_VM. it seems this IPL_HIGH came about because the hand rolled task list and thread that crypto used to use was converted to workqs, which unconditionally used IPL_HIGH internally. when it was converted from workqs to tasks it blindly ported the protection workqs gave. tested by many via tech@ and snapshots ok kettenis@
Revision 1.68 / (download) - annotate - [select for diffs], Mon Oct 20 00:40:33 2014 UTC (9 years, 7 months ago) by dlg
Branch: MAIN
Changes since 1.67: +4 -9 lines
Diff to previous 1.67 (colored)
replace bzeros after allocations with M_ZERO and PR_ZERO as appropriate. ok deraadt@
Revision 1.67 / (download) - annotate - [select for diffs], Sun Sep 14 14:17:23 2014 UTC (9 years, 8 months ago) by jsg
Branch: MAIN
Changes since 1.66: +1 -2 lines
Diff to previous 1.66 (colored)
remove uneeded proc.h includes ok mpi@ kspillner@
Revision 1.66 / (download) - annotate - [select for diffs], Wed Aug 20 06:23:03 2014 UTC (9 years, 9 months ago) by mikeb
Branch: MAIN
Changes since 1.65: +1 -126 lines
Diff to previous 1.65 (colored)
Bye bye /dev/crypto The interface has been disabled by default for about 4 years and currently there's not much value in having it around at all. ok deraadt
Revision 1.65 / (download) - annotate - [select for diffs], Sun Jul 13 23:24:47 2014 UTC (9 years, 11 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_5_6_BASE,
OPENBSD_5_6
Changes since 1.64: +4 -4 lines
Diff to previous 1.64 (colored)
use mallocarray()
Revision 1.64 / (download) - annotate - [select for diffs], Sat Jul 12 18:50:00 2014 UTC (9 years, 11 months ago) by tedu
Branch: MAIN
Changes since 1.63: +2 -2 lines
Diff to previous 1.63 (colored)
add a size argument to free. will be used soon, but for now default to 0. after discussions with beck deraadt kettenis.
Revision 1.63 / (download) - annotate - [select for diffs], Tue Jan 21 05:40:32 2014 UTC (10 years, 4 months ago) by mikeb
Branch: MAIN
CVS Tags: OPENBSD_5_5_BASE,
OPENBSD_5_5
Changes since 1.62: +1 -17 lines
Diff to previous 1.62 (colored)
cc_queued is not used for anything atm, remove it; ok jsing, markus
Revision 1.62 / (download) - annotate - [select for diffs], Tue Jan 21 05:38:49 2014 UTC (10 years, 4 months ago) by mikeb
Branch: MAIN
Changes since 1.61: +2 -2 lines
Diff to previous 1.61 (colored)
Respect CRYPTO_F_NOQUEUE flag when dispatching a crypto operation ok jsing, markus
Revision 1.61 / (download) - annotate - [select for diffs], Thu Oct 31 10:32:38 2013 UTC (10 years, 7 months ago) by mikeb
Branch: MAIN
Changes since 1.60: +14 -13 lines
Diff to previous 1.60 (colored)
convert crypto work queue to the task_add(9) api; ok dlg
Revision 1.60 / (download) - annotate - [select for diffs], Wed Mar 27 16:42:05 2013 UTC (11 years, 2 months ago) by tedu
Branch: MAIN
CVS Tags: OPENBSD_5_4_BASE,
OPENBSD_5_4
Changes since 1.59: +2 -3 lines
Diff to previous 1.59 (colored)
institute a hard cap on crypto devs instead of a useless wraparound check ok beck
Revision 1.59 / (download) - annotate - [select for diffs], Tue Jan 11 15:42:05 2011 UTC (13 years, 5 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_5_3_BASE,
OPENBSD_5_3,
OPENBSD_5_2_BASE,
OPENBSD_5_2,
OPENBSD_5_1_BASE,
OPENBSD_5_1,
OPENBSD_5_0_BASE,
OPENBSD_5_0,
OPENBSD_4_9_BASE,
OPENBSD_4_9
Changes since 1.58: +2 -2 lines
Diff to previous 1.58 (colored)
for key material that is being being discarded, convert bzero() to explicit_bzero() where required ok markus mikeb
Revision 1.58 / (download) - annotate - [select for diffs], Wed Sep 8 14:15:56 2010 UTC (13 years, 9 months ago) by jsing
Branch: MAIN
Changes since 1.57: +7 -11 lines
Diff to previous 1.57 (colored)
Reintroduce most crypto/crypto.c r1.55: Move pool initialization to init_crypto and zap the crypto_pool_initialized variable. This way we don't have to check if the pool are initialized every time we do a crypto_getreq(). However, also perform the crypto initialisation earlier in init_main so that the crypto pools are initialised before they are used. ok mikeb@ thib@ deraadt@
Revision 1.57 / (download) - annotate - [select for diffs], Sun Aug 8 04:10:49 2010 UTC (13 years, 10 months ago) by jsing
Branch: MAIN
CVS Tags: OPENBSD_4_8_BASE,
OPENBSD_4_8
Changes since 1.56: +11 -6 lines
Diff to previous 1.56 (colored)
Backout r1.55 since this breaks anything which does crypto ops prior to init_crypto() being called from late in init_main(). In particular, this breaks softraid crypto volumes that are assembled at boot. No cookies for thib/mikeb! "Back it out, right now" deraadt@
Revision 1.56 / (download) - annotate - [select for diffs], Thu Jul 8 09:46:50 2010 UTC (13 years, 11 months ago) by thib
Branch: MAIN
Changes since 1.55: +6 -4 lines
Diff to previous 1.55 (colored)
Revert part of previous. The splvm protection is needed after all, as we are walking the list of registered crypto drivers and doing that unprotected is unwise. Pointed out by kettenis@
Revision 1.55 / (download) - annotate - [select for diffs], Thu Jul 8 08:12:48 2010 UTC (13 years, 11 months ago) by thib
Branch: MAIN
Changes since 1.54: +9 -16 lines
Diff to previous 1.54 (colored)
Move pool initialization to init_crypto and zap the crypto_pool_initialized variable. This way we don't have to check if the pool are initialized every time we do a crypto_getreq(). Move splvm lower as it isnt need all through crypto_newsession(). tiny KNF nit. From mikeb OK deraadt@
Revision 1.54 / (download) - annotate - [select for diffs], Wed Jun 9 19:38:19 2010 UTC (14 years ago) by thib
Branch: MAIN
Changes since 1.53: +8 -8 lines
Diff to previous 1.53 (colored)
Remove the CRYPTO_ALGORITHM_ALL define, fixup accordingly and make the loop invartiants <= CRYPTO_ALGORITHM_MAX Do this also for the CRK_ALGORITHM_MAX this also fixes the a bug that caused us to skip CRK_DH_COMPUTE_KEY. ok deraadt@
Revision 1.53 / (download) - annotate - [select for diffs], Thu Sep 3 07:47:27 2009 UTC (14 years, 9 months ago) by dlg
Branch: MAIN
CVS Tags: OPENBSD_4_7_BASE,
OPENBSD_4_7
Changes since 1.52: +12 -7 lines
Diff to previous 1.52 (colored)
crypto hardware (eg, hifn) establishes its interrupt handler at IPL_NET. when the hardware finishes some work for the crypto subsystem and therefore something in the kernel that wanted crypto done, it calls crypto_done from that interrupt handler. one of the things that uses crypto is ipsec. when crypto is done for ipsec it then pushes the packet along the network stack. the problem is that all the structures inside the network stack are only protected at splsoftnet. we could be in the middle of modifications to the pf state table or the pfsync queues when we get a hifn interrupt and then go stomp on the same structures. the solution is to defer the completions so they can do the right spl protections. this basically reverts r1.46 of src/sys/crypto/crypto.c. found by naddy@
Revision 1.52 / (download) - annotate - [select for diffs], Thu Oct 30 23:55:22 2008 UTC (15 years, 7 months ago) by dlg
Branch: MAIN
CVS Tags: OPENBSD_4_6_BASE,
OPENBSD_4_6,
OPENBSD_4_5_BASE,
OPENBSD_4_5
Changes since 1.51: +1 -1 lines
Diff to previous 1.51 (colored)
reintroduce mutexes to workqs for locking. tested by many on many archs including several alpha test. ok tedu@ go for it deraadt@
Revision 1.51 / (download) - annotate - [select for diffs], Wed Nov 28 13:52:23 2007 UTC (16 years, 6 months ago) by tedu
Branch: MAIN
CVS Tags: OPENBSD_4_4_BASE,
OPENBSD_4_4,
OPENBSD_4_3_BASE,
OPENBSD_4_3
Changes since 1.50: +23 -10 lines
Diff to previous 1.50 (colored)
finish conversion to workq. remove list remnants, and put spl in the right places. handle the no workq case here. ok deraadt
Revision 1.50 / (download) - annotate - [select for diffs], Sun Nov 25 15:56:16 2007 UTC (16 years, 6 months ago) by tedu
Branch: MAIN
Changes since 1.49: +14 -55 lines
Diff to previous 1.49 (colored)
convert crypto thread to workq. add WQ_DIRECTOK flag to workq. combined, this lets us use crypto before the thread is running and therefore cryptoraid can attach nice and early. ok/testing deraadt mbalmer marco
Revision 1.49 / (download) - annotate - [select for diffs], Wed Nov 14 19:12:36 2007 UTC (16 years, 7 months ago) by markus
Branch: MAIN
Changes since 1.48: +1 -2 lines
Diff to previous 1.48 (colored)
do not call crypto_done() on errors, since the drivers already do this. otherwise we call the callback twice; fixes panics on crypto errors as seen on reboot; ok hshoexer
Revision 1.48 / (download) - annotate - [select for diffs], Wed May 31 23:01:44 2006 UTC (18 years ago) by tedu
Branch: MAIN
CVS Tags: OPENBSD_4_2_BASE,
OPENBSD_4_2,
OPENBSD_4_1_BASE,
OPENBSD_4_1,
OPENBSD_4_0_BASE,
OPENBSD_4_0
Changes since 1.47: +21 -12 lines
Diff to previous 1.47 (colored)
remove some silly casts. put spl calls after all declarations. put one splx in a better spot. make a variable size MALLOC use malloc. remove null test after malloc(M_WAITOK). add PR_NOWAIT flag to pool_get instead of 0. change callbacks to correct type. ok brad deraadt markus mickey
Revision 1.47 / (download) - annotate - [select for diffs], Sat Mar 4 21:33:39 2006 UTC (18 years, 3 months ago) by brad
Branch: MAIN
Changes since 1.46: +12 -12 lines
Diff to previous 1.46 (colored)
splimp -> splvm ok miod@
Revision 1.46 / (download) - annotate - [select for diffs], Tue Dec 21 10:07:34 2004 UTC (19 years, 5 months ago) by mpf
Branch: MAIN
CVS Tags: OPENBSD_3_9_BASE,
OPENBSD_3_9,
OPENBSD_3_8_BASE,
OPENBSD_3_8,
OPENBSD_3_7_BASE,
OPENBSD_3_7
Changes since 1.45: +7 -67 lines
Diff to previous 1.45 (colored)
Don't use crypto thread for callbacks. This primarily improves IPsec performance when using crypto accelerators. With help from markus@, tested by wvdputte@. ok deraadt@, markus@
Revision 1.45 / (download) - annotate - [select for diffs], Sun Jun 20 20:45:06 2004 UTC (19 years, 11 months ago) by aaron
Branch: MAIN
CVS Tags: OPENBSD_3_6_BASE,
OPENBSD_3_6
Changes since 1.44: +2 -2 lines
Diff to previous 1.44 (colored)
In crypto_thread(), always save return value from splimp(). We were only storing it once on kernel startup. Scary. "holy crap" --deraadt. art@ ok Unclear if this was actually a problem in practice, but this doesn't hurt.
Revision 1.2.2.9 / (download) - annotate - [select for diffs], Sat Jun 7 11:02:27 2003 UTC (21 years ago) by ho
Branch: SMP
Changes since 1.2.2.8: +21 -11 lines
Diff to previous 1.2.2.8 (colored) next main 1.3 (colored)
Sync SMP branch to -current
Revision 1.44 / (download) - annotate - [select for diffs], Tue Jun 3 15:28:06 2003 UTC (21 years ago) by beck
Branch: MAIN
CVS Tags: SMP_SYNC_B,
SMP_SYNC_A,
OPENBSD_3_5_BASE,
OPENBSD_3_5,
OPENBSD_3_4_BASE,
OPENBSD_3_4
Changes since 1.43: +21 -11 lines
Diff to previous 1.43 (colored)
Fastpath for userland crypto requests. This change makes userland crypto requests attempt to call the crypto driver directly to process crypto layer requests, as opposed to queueing them in the kernel crypto thread. If we can't use the crypto devices (i.e. they're busy) we fall back to queueing the request up in the crypto thread as before. This does allow for faster performance in some cases (smaller requests, how small seems to be dependent on the card/cpu combination) where context switching is a major issue in performance. ok deraadt@ jason@
Revision 1.30.2.4 / (download) - annotate - [select for diffs], Mon May 19 21:53:13 2003 UTC (21 years ago) by tedu
Branch: UBC
Changes since 1.30.2.3: +238 -106 lines
Diff to previous 1.30.2.3 (colored) to branchpoint 1.30 (colored) next main 1.31 (colored)
sync
Revision 1.2.2.8 / (download) - annotate - [select for diffs], Thu Mar 27 23:53:48 2003 UTC (21 years, 2 months ago) by niklas
Branch: SMP
Changes since 1.2.2.7: +357 -85 lines
Diff to previous 1.2.2.7 (colored)
Sync the SMP branch with 3.3
Revision 1.43 / (download) - annotate - [select for diffs], Wed Feb 19 03:41:31 2003 UTC (21 years, 3 months ago) by jason
Branch: MAIN
CVS Tags: UBC_SYNC_A,
OPENBSD_3_3_BASE,
OPENBSD_3_3
Changes since 1.42: +2 -2 lines
Diff to previous 1.42 (colored)
Copy the ENTIRE table into the supported algorithms (how the hell did this work before?!)
Revision 1.42 / (download) - annotate - [select for diffs], Thu Nov 21 19:34:25 2002 UTC (21 years, 6 months ago) by jason
Branch: MAIN
Changes since 1.41: +238 -106 lines
Diff to previous 1.41 (colored)
From Angelos: - simplistic load balancing across multiple cards - simplified registration process - a few style nits.
Revision 1.30.2.3 / (download) - annotate - [select for diffs], Tue Oct 29 00:30:52 2002 UTC (21 years, 7 months ago) by art
Branch: UBC
Changes since 1.30.2.2: +9 -13 lines
Diff to previous 1.30.2.2 (colored) to branchpoint 1.30 (colored)
sync to -current
Revision 1.41 / (download) - annotate - [select for diffs], Wed Jul 17 23:52:38 2002 UTC (21 years, 11 months ago) by art
Branch: MAIN
CVS Tags: UBC_SYNC_B,
OPENBSD_3_2_BASE,
OPENBSD_3_2
Changes since 1.40: +63 -88 lines
Diff to previous 1.40 (colored)
I don't know why this breaks things for me when sshd starts on sparc64. But after wasting the whole day trying to just locate the problem I don't care. Back out since this wasn't tested and showed to anyone else.
Revision 1.40 / (download) - annotate - [select for diffs], Tue Jul 16 06:29:43 2002 UTC (21 years, 11 months ago) by angelos
Branch: MAIN
Changes since 1.39: +45 -26 lines
Diff to previous 1.39 (colored)
Double-pass over drivers, first hardware only, then software (if we are interested in software).
Revision 1.39 / (download) - annotate - [select for diffs], Tue Jul 16 06:12:46 2002 UTC (21 years, 11 months ago) by angelos
Branch: MAIN
Changes since 1.38: +45 -39 lines
Diff to previous 1.38 (colored)
Fix a typo, cleanup on session migration code in crypto_invoke(), and add a convention that if the driver returns ERESTART as an error message of its process method, the crypto framework will unregister the driver and migrate all its sessions. After discussion with Sam Leffler and Jason Wright.
Revision 1.38 / (download) - annotate - [select for diffs], Tue Jun 11 11:14:29 2002 UTC (22 years ago) by beck
Branch: MAIN
Changes since 1.37: +7 -14 lines
Diff to previous 1.37 (colored)
kernel changes to make asymmetric crypto work in userland - modify getfeat to return something more useful to us on devices (like lofn and everything else until jason fixes it) that can't do rsa stuff, etc and can only do mod_exp.. - error handling fixes so we correctly fail to software when we can't deal with a particular key size - add sysctl kern.userasymcrypto to turn on/off userland asymmetric crypto via /dev/crypto - 1 == on, 0 == off, default is off
Revision 1.30.2.2 / (download) - annotate - [select for diffs], Tue Jun 11 03:28:34 2002 UTC (22 years ago) by art
Branch: UBC
Changes since 1.30.2.1: +146 -33 lines
Diff to previous 1.30.2.1 (colored) to branchpoint 1.30 (colored)
Sync UBC branch to -current
Revision 1.37 / (download) - annotate - [select for diffs], Mon Jun 10 22:36:49 2002 UTC (22 years ago) by beck
Branch: MAIN
Changes since 1.36: +6 -5 lines
Diff to previous 1.36 (colored)
fix ivory tower greek fix. ok angelos@
Revision 1.36 / (download) - annotate - [select for diffs], Sun Jun 9 22:23:17 2002 UTC (22 years ago) by angelos
Branch: MAIN
Changes since 1.35: +4 -2 lines
Diff to previous 1.35 (colored)
Don't use an int for the flags, when the structure uses u_int8_t. Also, make sure the logic is correct (bad theo!)
Revision 1.35 / (download) - annotate - [select for diffs], Tue Apr 23 22:20:47 2002 UTC (22 years, 1 month ago) by deraadt
Branch: MAIN
Changes since 1.34: +30 -1 lines
Diff to previous 1.34 (colored)
initial hack at a CIOCSYMFEAT ioctl
Revision 1.34 / (download) - annotate - [select for diffs], Tue Apr 23 19:13:04 2002 UTC (22 years, 1 month ago) by deraadt
Branch: MAIN
Changes since 1.33: +123 -8 lines
Diff to previous 1.33 (colored)
driver queueing & callback code for keying operations
Revision 1.2.2.7 / (download) - annotate - [select for diffs], Wed Mar 6 02:07:09 2002 UTC (22 years, 3 months ago) by niklas
Branch: SMP
Changes since 1.2.2.6: +3 -34 lines
Diff to previous 1.2.2.6 (colored)
Merge in trunk
Revision 1.33 / (download) - annotate - [select for diffs], Mon Mar 4 21:23:39 2002 UTC (22 years, 3 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_3_1_BASE,
OPENBSD_3_1
Changes since 1.32: +1 -32 lines
Diff to previous 1.32 (colored)
crypto_check_alg() is not needed
Revision 1.30.2.1 / (download) - annotate - [select for diffs], Thu Jan 31 22:55:29 2002 UTC (22 years, 4 months ago) by niklas
Branch: UBC
Changes since 1.30: +3 -3 lines
Diff to previous 1.30 (colored)
Merge in -current, builds on i386, otherwise untested
Revision 1.32 / (download) - annotate - [select for diffs], Wed Jan 23 01:33:07 2002 UTC (22 years, 4 months ago) by art
Branch: MAIN
Changes since 1.31: +3 -3 lines
Diff to previous 1.31 (colored)
It looks like there has been one crack smoking and a few cut and pastes. PR_FREEHEADER should not be set in pool_init by the caller. It shouldn't be set in pool_init at all. Besides, it's going away soon anyway.
Revision 1.31 / (download) - annotate - [select for diffs], Wed Jan 23 00:39:47 2002 UTC (22 years, 4 months ago) by art
Branch: MAIN
Changes since 1.30: +3 -3 lines
Diff to previous 1.30 (colored)
Pool deals fairly well with physical memory shortage, but it doesn't deal well (not at all) with shortages of the vm_map where the pages are mapped (usually kmem_map). Try to deal with it: - group all information the backend allocator for a pool in a separate struct. The pool will only have a pointer to that struct. - change the pool_init API to reflect that. - link all pools allocating from the same allocator on a linked list. - Since an allocator is responsible to wait for physical memory it will only fail (waitok) when it runs out of its backing vm_map, carefully drain pools using the same allocator so that va space is freed. (see comments in code for caveats and details). - change pool_reclaim to return if it actually succeeded to free some memory, use that information to make draining easier and more efficient. - get rid of PR_URGENT, noone uses it.
Revision 1.26.2.1 / (download) - annotate - [select for diffs], Fri Dec 14 21:48:07 2001 UTC (22 years, 6 months ago) by jason
Branch: OPENBSD_3_0
Changes since 1.26: +4 -2 lines
Diff to previous 1.26 (colored) next main 1.27 (colored)
Pull in patch from current: Fix (deraadt): be way more sure that software cannot be used
Revision 1.2.2.6 / (download) - annotate - [select for diffs], Wed Dec 5 00:43:29 2001 UTC (22 years, 6 months ago) by niklas
Branch: SMP
Changes since 1.2.2.5: +2 -4 lines
Diff to previous 1.2.2.5 (colored)
Merge in -current
Revision 1.2.2.5 / (download) - annotate - [select for diffs], Tue Nov 13 21:05:48 2001 UTC (22 years, 7 months ago) by niklas
Branch: SMP
Changes since 1.2.2.4: +7 -3 lines
Diff to previous 1.2.2.4 (colored)
Merge in -current
Revision 1.30 / (download) - annotate - [select for diffs], Tue Nov 13 18:54:32 2001 UTC (22 years, 7 months ago) by deraadt
Branch: MAIN
CVS Tags: UBC_BASE
Branch point for: UBC
Changes since 1.29: +2 -1 lines
Diff to previous 1.29 (colored)
and for the case where it allocates a bunch at a time, also make sure the software flag gets set.
Revision 1.29 / (download) - annotate - [select for diffs], Tue Nov 13 17:45:59 2001 UTC (22 years, 7 months ago) by deraadt
Branch: MAIN
Changes since 1.28: +1 -4 lines
Diff to previous 1.28 (colored)
incorrect check
Revision 1.28 / (download) - annotate - [select for diffs], Fri Nov 9 03:11:38 2001 UTC (22 years, 7 months ago) by deraadt
Branch: MAIN
Changes since 1.27: +6 -2 lines
Diff to previous 1.27 (colored)
be way more sure that software cannot be used
Revision 1.27 / (download) - annotate - [select for diffs], Thu Nov 8 23:12:38 2001 UTC (22 years, 7 months ago) by deraadt
Branch: MAIN
Changes since 1.26: +2 -2 lines
Diff to previous 1.26 (colored)
indent
Revision 1.2.2.4 / (download) - annotate - [select for diffs], Wed Oct 31 03:11:47 2001 UTC (22 years, 7 months ago) by nate
Branch: SMP
Changes since 1.2.2.3: +2 -1 lines
Diff to previous 1.2.2.3 (colored)
Sync the SMP branch to something just after 3.0
Revision 1.26 / (download) - annotate - [select for diffs], Sun Aug 5 09:36:38 2001 UTC (22 years, 10 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_3_0_BASE
Branch point for: OPENBSD_3_0
Changes since 1.25: +2 -1 lines
Diff to previous 1.25 (colored)
put in tags for ARC4 to please ben, who now has no excuses
Revision 1.2.2.3 / (download) - annotate - [select for diffs], Wed Jul 4 10:39:58 2001 UTC (22 years, 11 months ago) by niklas
Branch: SMP
Changes since 1.2.2.2: +348 -336 lines
Diff to previous 1.2.2.2 (colored)
Merge in -current from two days ago in the SMP branch. As usual with merges, they do not indicate progress, so do not hold your breath for working SMP, and do not mail me and ask about the state of it. It has not changed. There is work ongoing, but very, very slowly. The commit is done in parts as to not lock up the tree in too big chunks at a time.
Revision 1.25 / (download) - annotate - [select for diffs], Wed Jun 27 05:49:33 2001 UTC (22 years, 11 months ago) by angelos
Branch: MAIN
Changes since 1.24: +22 -20 lines
Diff to previous 1.24 (colored)
KNF
Revision 1.24 / (download) - annotate - [select for diffs], Tue Jun 26 19:29:25 2001 UTC (22 years, 11 months ago) by angelos
Branch: MAIN
Changes since 1.23: +1 -2 lines
Diff to previous 1.23 (colored)
Remove space.
Revision 1.23 / (download) - annotate - [select for diffs], Mon Jun 25 17:52:36 2001 UTC (22 years, 11 months ago) by angelos
Branch: MAIN
Changes since 1.22: +32 -1 lines
Diff to previous 1.22 (colored)
Add crypto_check_alg(), from jgarfiel@seas.upenn.edu
Revision 1.22 / (download) - annotate - [select for diffs], Mon Jun 25 05:02:22 2001 UTC (22 years, 11 months ago) by angelos
Branch: MAIN
Changes since 1.21: +3 -3 lines
Diff to previous 1.21 (colored)
Update copyright; you can use this with or without fee (unless your name is Theo Deraadt)
Revision 1.21 / (download) - annotate - [select for diffs], Sat Jun 23 21:00:48 2001 UTC (22 years, 11 months ago) by angelos
Branch: MAIN
Changes since 1.20: +7 -3 lines
Diff to previous 1.20 (colored)
New prototype for crypto_register(), to take into account maximum key length (for PK operations) and various flags. Structures for public key operations (DH, RSA, DSA). A lot of this work was done by jgarfiel@seas.upenn.edu
Revision 1.20 / (download) - annotate - [select for diffs], Sat Jun 23 18:30:35 2001 UTC (22 years, 11 months ago) by deraadt
Branch: MAIN
Changes since 1.19: +2 -2 lines
Diff to previous 1.19 (colored)
merge crypto/crypto{dev,}.h to crypto/cryptodev.h, to avoid name conflicts inside OpenSSL codebase
Revision 1.19 / (download) - annotate - [select for diffs], Sat Jun 16 22:17:49 2001 UTC (23 years ago) by deraadt
Branch: MAIN
Changes since 1.18: +296 -326 lines
Diff to previous 1.18 (colored)
KNF
Revision 1.18 / (download) - annotate - [select for diffs], Wed Jun 6 18:58:52 2001 UTC (23 years ago) by angelos
Branch: MAIN
Changes since 1.17: +81 -80 lines
Diff to previous 1.17 (colored)
Use pool(9) for some of the structures, and splimp/splx to protect from ourselves. Should solve PR 1850.
Revision 1.2.2.2 / (download) - annotate - [select for diffs], Mon May 14 22:06:51 2001 UTC (23 years, 1 month ago) by niklas
Branch: SMP
Changes since 1.2.2.1: +106 -29 lines
Diff to previous 1.2.2.1 (colored)
merge in approximately 2.9 into SMP branch
Revision 1.17 / (download) - annotate - [select for diffs], Sun May 13 15:39:26 2001 UTC (23 years, 1 month ago) by deraadt
Branch: MAIN
Changes since 1.16: +8 -3 lines
Diff to previous 1.16 (colored)
initial cut at /dev/crypto support. takes original mbuf "try, and discard if we fail" semantics and extends to two varients of data movement: mbuf, or an iovec style block.
Revision 1.16 / (download) - annotate - [select for diffs], Sat May 5 00:31:34 2001 UTC (23 years, 1 month ago) by angelos
Branch: MAIN
Changes since 1.15: +6 -6 lines
Diff to previous 1.15 (colored)
Use the M_CRYPTO_DATA and M_CRYPTO_OPS malloc types.
Revision 1.14.2.1 / (download) - annotate - [select for diffs], Wed Dec 13 16:13:45 2000 UTC (23 years, 6 months ago) by jason
Branch: OPENBSD_2_8
Changes since 1.14: +3 -3 lines
Diff to previous 1.14 (colored) next main 1.15 (colored)
Pull in patch from current: Fix (provos): make the 31-bit code work on 32-bit machines.
Revision 1.15 / (download) - annotate - [select for diffs], Wed Dec 13 08:34:05 2000 UTC (23 years, 6 months ago) by provos
Branch: MAIN
CVS Tags: OPENBSD_2_9_BASE,
OPENBSD_2_9
Changes since 1.14: +3 -3 lines
Diff to previous 1.14 (colored)
make the 31-bit code work on 32-bit machines.
Revision 1.14 / (download) - annotate - [select for diffs], Thu Sep 7 18:44:29 2000 UTC (23 years, 9 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_2_8_BASE
Branch point for: OPENBSD_2_8
Changes since 1.13: +8 -8 lines
Diff to previous 1.13 (colored)
avoid excessive wakeup(). we think this is safe...
Revision 1.13 / (download) - annotate - [select for diffs], Sat Aug 19 13:43:23 2000 UTC (23 years, 9 months ago) by nate
Branch: MAIN
Changes since 1.12: +4 -6 lines
Diff to previous 1.12 (colored)
MALLOC/FREE -> malloc/free ok art@ angelos@
Revision 1.12 / (download) - annotate - [select for diffs], Mon Jul 3 20:38:34 2000 UTC (23 years, 11 months ago) by angelos
Branch: MAIN
Changes since 1.11: +1 -6 lines
Diff to previous 1.11 (colored)
Fix tail queue leakage (zzlevo@dd.chalmers.se)
Revision 1.11 / (download) - annotate - [select for diffs], Tue Jun 20 05:39:32 2000 UTC (23 years, 11 months ago) by angelos
Branch: MAIN
Changes since 1.10: +12 -3 lines
Diff to previous 1.10 (colored)
crypto_done(), all it does for now is invoke the callback.
Revision 1.10 / (download) - annotate - [select for diffs], Sun Jun 18 08:37:10 2000 UTC (23 years, 11 months ago) by angelos
Branch: MAIN
Changes since 1.9: +4 -4 lines
Diff to previous 1.9 (colored)
Add Rijndael (128-bit blocksize) in the software crypto driver. Hacking at OpenBSD Crypto 2000 :-)
Revision 1.9 / (download) - annotate - [select for diffs], Sun Jun 18 03:08:56 2000 UTC (23 years, 11 months ago) by angelos
Branch: MAIN
Changes since 1.8: +0 -2 lines
Diff to previous 1.8 (colored)
Move prototype to include file.
Revision 1.8 / (download) - annotate - [select for diffs], Sun Jun 18 03:07:11 2000 UTC (23 years, 11 months ago) by angelos
Branch: MAIN
Changes since 1.7: +75 -3 lines
Diff to previous 1.7 (colored)
Crypto kernel thread interface; requests are enqueued and processed by a kernel thread. This allows a much cleaner interface with respect to spl levels.
Revision 1.7 / (download) - annotate - [select for diffs], Tue Jun 6 06:49:47 2000 UTC (24 years ago) by deraadt
Branch: MAIN
Changes since 1.6: +2 -0 lines
Diff to previous 1.6 (colored)
OpenBSD tags
Revision 1.6 / (download) - annotate - [select for diffs], Fri Apr 28 05:25:39 2000 UTC (24 years, 1 month ago) by angelos
Branch: MAIN
CVS Tags: OPENBSD_2_7_BASE,
OPENBSD_2_7
Changes since 1.5: +8 -4 lines
Diff to previous 1.5 (colored)
crypto_dispatch() only returns an error if the argument it was provided was NULL or no callback was specified.
Revision 1.5 / (download) - annotate - [select for diffs], Fri Apr 28 05:21:45 2000 UTC (24 years, 1 month ago) by deraadt
Branch: MAIN
Changes since 1.4: +6 -8 lines
Diff to previous 1.4 (colored)
avoid using void * when we are talking about pointers
Revision 1.4 / (download) - annotate - [select for diffs], Sun Apr 23 05:01:53 2000 UTC (24 years, 1 month ago) by angelos
Branch: MAIN
Changes since 1.3: +3 -4 lines
Diff to previous 1.3 (colored)
Change the type of freesession to take u_int64_t as argument.
Revision 1.3 / (download) - annotate - [select for diffs], Tue Apr 18 06:21:14 2000 UTC (24 years, 1 month ago) by angelos
Branch: MAIN
Changes since 1.2: +2 -0 lines
Diff to previous 1.2 (colored)
Add a few newlines for readability.
Revision 1.2.2.1 / (download) - annotate - [select for diffs], Fri Mar 24 09:09:05 2000 UTC (24 years, 2 months ago) by niklas
Branch: SMP
Changes since 1.2: +0 -0 lines
Diff to previous 1.2 (colored)
Sync with -current
Revision 1.2 / (download) - annotate - [select for diffs], Sun Mar 19 06:53:40 2000 UTC (24 years, 2 months ago) by deraadt
Branch: MAIN
Branch point for: SMP
Changes since 1.1: +0 -725 lines
Diff to previous 1.1 (colored)
split crypto driver front-end from software crypto engine
Revision 1.1 / (download) - annotate - [select for diffs], Fri Mar 17 10:25:21 2000 UTC (24 years, 3 months ago) by angelos
Branch: MAIN
Cryptographic services framework, and software "device driver". The idea is to support various cryptographic hardware accelerators (which may be (detachable) cards, secondary/tertiary/etc processors, software crypto, etc). Supports session migration between crypto devices. What it doesn't (yet) support: - multiple instances of the same algorithm used in the same session - use of multiple crypto drivers in the same session - asymmetric crypto No support for a userland device yet. IPsec code path modified to allow for asynchronous cryptography (callbacks used in both input and output processing). Some unrelated code simplification done in the process (especially for AH). Development of this code kindly supported by Network Security Technologies (NSTI). The code was writen mostly in Greece, and is being committed from Montreal.