From Angelos:

- simplistic load balancing across multiple cards
- simplified registration process
- a few style nits.

8 files changed, 325 insertions, 180 deletions

diff --git a/sys/crypto/crypto.c b/sys/crypto/crypto.c
index f520d27fbfe..817220367b1 100644
--- a/sys/crypto/crypto.c
+++ b/sys/crypto/crypto.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: crypto.c,v 1.41 2002/07/17 23:52:38 art Exp $	*/
+/*	$OpenBSD: crypto.c,v 1.42 2002/11/21 19:34:25 jason Exp $	*/
 /*
  * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)
  *
@@ -37,18 +37,25 @@ int crypto_pool_initialized = 0;
 struct cryptop *crp_req_queue = NULL;
 struct cryptop **crp_req_queue_tail = NULL;
 
+struct cryptop *crp_ret_queue = NULL;
+struct cryptop **crp_ret_queue_tail = NULL;
+
 struct cryptkop *krp_req_queue = NULL;
 struct cryptkop **krp_req_queue_tail = NULL;
 
+struct cryptkop *krp_ret_queue = NULL;
+struct cryptkop **krp_ret_queue_tail = NULL;
+
 /*
  * Create a new session.
  */
 int
 crypto_newsession(u_int64_t *sid, struct cryptoini *cri, int hard)
 {
+	u_int32_t hid, lid, hid2 = -1;
+	struct cryptocap *cpc;
 	struct cryptoini *cr;
-	u_int32_t hid, lid;
-	int err, s;
+	int err, s, turn = 0;
 
 	if (crypto_drivers == NULL)
 		return EINVAL;
@@ -57,44 +64,99 @@ crypto_newsession(u_int64_t *sid, struct cryptoini *cri, int hard)
 
 	/*
 	 * The algorithm we use here is pretty stupid; just use the
-	 * first driver that supports all the algorithms we need.
+	 * first driver that supports all the algorithms we need. Do
+	 * a double-pass over all the drivers, ignoring software ones
+	 * at first, to deal with cases of drivers that register after
+	 * the software one(s) --- e.g., PCMCIA crypto cards.
 	 *
 	 * XXX We need more smarts here (in real life too, but that's
 	 * XXX another story altogether).
 	 */
+	do {
+		for (hid = 0; hid < crypto_drivers_num; hid++) {
+			cpc = &crypto_drivers[hid];
+
+			/*
+			 * If it's not initialized or has remaining sessions
+			 * referencing it, skip.
+			 */
+			if (cpc->cc_newsession == NULL ||
+			    (cpc->cc_flags & CRYPTOCAP_F_CLEANUP))
+				continue;
+
+			if (cpc->cc_flags & CRYPTOCAP_F_SOFTWARE) {
+				/*
+				 * First round of search, ignore
+				 * software drivers.
+				 */
+				if (turn == 0)
+					continue;
+			} else { /* !CRYPTOCAP_F_SOFTWARE */
+				/* Second round of search, only software. */
+				if (turn == 1)
+					continue;
+			}
+
+			/* See if all the algorithms are supported. */
+			for (cr = cri; cr; cr = cr->cri_next) {
+				if (cpc->cc_alg[cr->cri_alg] == 0)
+					break;
+			}
+
+			/*
+			 * If even one algorithm is not supported,
+			 * keep searching.
+			 */
+			if (cr != NULL)
+				continue;
+
+			/*
+			 * If we had a previous match, see how it compares
+			 * to this one. Keep "remembering" whichever is
+			 * the best of the two.
+			 */
+			if (hid2 != -1) {
+				/*
+				 * Compare session numbers, pick the one
+				 * with the lowest.
+				 * XXX Need better metrics, this will
+				 * XXX just do un-weighted round-robin.
+				 */
+				if (crypto_drivers[hid].cc_sessions <=
+				    crypto_drivers[hid2].cc_sessions)
+					hid2 = hid;
+			} else {
+				/*
+				 * Remember this one, for future
+                                 * comparisons.
+				 */
+				hid2 = hid;
+			}
+		}
 
-	for (hid = 0; hid < crypto_drivers_num; hid++) {
 		/*
-		 * If it's not initialized or has remaining sessions
-		 * referencing it, skip.
+		 * If we found something worth remembering, leave. The
+		 * side-effect is that we will always prefer a hardware
+		 * driver over the software one.
 		 */
-		if (crypto_drivers[hid].cc_newsession == NULL ||
-		    (crypto_drivers[hid].cc_flags & CRYPTOCAP_F_CLEANUP))
-			continue;
+		if (hid2 != -1)
+			break;
 
-		/* Hardware requested -- ignore software drivers. */
-		if (hard &&
-		    (crypto_drivers[hid].cc_flags & CRYPTOCAP_F_SOFTWARE))
-			continue;
+		turn++;
 
-		/* See if all the algorithms are supported. */
-		for (cr = cri; cr; cr = cr->cri_next)
-			if (crypto_drivers[hid].cc_alg[cr->cri_alg] == 0)
-				break;
+		/* If we only want hardware drivers, don't do second pass. */
+	} while (turn <= 2 && hard == 0);
 
-		/* Ok, all algorithms are supported. */
-		if (cr == NULL)
-			break;
-	}
+	hid = hid2;
 
 	/*
 	 * Can't do everything in one session.
 	 *
-	 * XXX Fix this. We need to inject a "virtual" session layer right
-	 * XXX about here.
+	 * XXX Fix this. We need to inject a "virtual" session
+	 * XXX layer right about here.
 	 */
 
-	if (hid == crypto_drivers_num) {
+	if (hid == -1) {
 		splx(s);
 		return EINVAL;
 	}
@@ -227,70 +289,66 @@ crypto_get_driverid(u_int8_t flags)
  * supported by the driver.
  */
 int
-crypto_kregister(u_int32_t driverid, int kalg, u_int32_t flags,
+crypto_kregister(u_int32_t driverid, int *kalg,
     int (*kprocess)(struct cryptkop *))
 {
-	int s;
+	int s, i;
 
-	if (driverid >= crypto_drivers_num || kalg < 0 ||
-	    kalg > CRK_ALGORITHM_MAX || crypto_drivers == NULL)
+	if (driverid >= crypto_drivers_num || kalg  == NULL ||
+	    crypto_drivers == NULL)
 		return EINVAL;
 
 	s = splimp();
 
-	/*
-	 * XXX Do some performance testing to determine placing.
-	 * XXX We probably need an auxiliary data structure that describes
-	 * XXX relative performances.
-	 */
+	for (i = 0; i < CRK_ALGORITHM_MAX; i++) {
+		/*
+		 * XXX Do some performance testing to determine
+		 * placing.  We probably need an auxiliary data
+		 * structure that describes relative performances.
+		 */
 
-	crypto_drivers[driverid].cc_kalg[kalg] =
-	    flags | CRYPTO_ALG_FLAG_SUPPORTED;
+		crypto_drivers[driverid].cc_kalg[i] = kalg[i];
+	}
 
-	if (crypto_drivers[driverid].cc_kprocess == NULL)
-		crypto_drivers[driverid].cc_kprocess = kprocess;
+	crypto_drivers[driverid].cc_kprocess = kprocess;
 
 	splx(s);
 	return 0;
 }
 
-/*
- * Register a crypto driver. It should be called once for each algorithm
- * supported by the driver.
- */
+/* Register a crypto driver. */
 int
-crypto_register(u_int32_t driverid, int alg, u_int16_t maxoplen,
-    u_int32_t flags,
+crypto_register(u_int32_t driverid, int *alg,
     int (*newses)(u_int32_t *, struct cryptoini *),
     int (*freeses)(u_int64_t), int (*process)(struct cryptop *))
 {
-	int s;
+	int s, i;
 
-	if (driverid >= crypto_drivers_num || alg <= 0 ||
-	    alg > CRYPTO_ALGORITHM_MAX || crypto_drivers == NULL)
-		return EINVAL;
 
+	if (driverid >= crypto_drivers_num || alg == NULL ||
+	    crypto_drivers == NULL)
+		return EINVAL;
+	
 	s = splimp();
 
-	/*
-	 * XXX Do some performance testing to determine placing.
-	 * XXX We probably need an auxiliary data structure that describes
-	 * XXX relative performances.
-	 */
+	for (i = 0; i < CRYPTO_ALGORITHM_MAX; i++) {
+		/*
+		 * XXX Do some performance testing to determine
+		 * placing.  We probably need an auxiliary data
+		 * structure that describes relative performances.
+		 */
 
-	crypto_drivers[driverid].cc_alg[alg] =
-	    flags | CRYPTO_ALG_FLAG_SUPPORTED;
+		crypto_drivers[driverid].cc_alg[i] = alg[i];
+	}
 
-	crypto_drivers[driverid].cc_max_op_len[alg] = maxoplen;
 
-	if (crypto_drivers[driverid].cc_process == NULL) {
-		crypto_drivers[driverid].cc_newsession = newses;
-		crypto_drivers[driverid].cc_process = process;
-		crypto_drivers[driverid].cc_freesession = freeses;
-		crypto_drivers[driverid].cc_sessions = 0; /* Unmark */
-	}
+	crypto_drivers[driverid].cc_newsession = newses;
+	crypto_drivers[driverid].cc_process = process;
+	crypto_drivers[driverid].cc_freesession = freeses;
+	crypto_drivers[driverid].cc_sessions = 0; /* Unmark */
 
 	splx(s);
+
 	return 0;
 }
 
@@ -303,26 +361,32 @@ crypto_register(u_int32_t driverid, int alg, u_int16_t maxoplen,
 int
 crypto_unregister(u_int32_t driverid, int alg)
 {
-	int i, s = splimp();
+	int i = CRYPTO_ALGORITHM_MAX + 1, s = splimp();
 	u_int32_t ses;
 
-	/* Sanity checks */
-	if (driverid >= crypto_drivers_num || alg <= 0 ||
-	    alg > CRYPTO_ALGORITHM_MAX || crypto_drivers == NULL ||
+	/* Sanity checks. */
+	if (driverid >= crypto_drivers_num || crypto_drivers == NULL ||
+	    ((alg <= 0 || alg > CRYPTO_ALGORITHM_MAX) &&
+		alg != CRYPTO_ALGORITHM_ALL) ||
 	    crypto_drivers[driverid].cc_alg[alg] == 0) {
 		splx(s);
 		return EINVAL;
 	}
 
-	crypto_drivers[driverid].cc_alg[alg] = 0;
-	crypto_drivers[driverid].cc_max_op_len[alg] = 0;
+	if (alg != CRYPTO_ALGORITHM_ALL) {
+		crypto_drivers[driverid].cc_alg[alg] = 0;
 
-	/* Was this the last algorithm ? */
-	for (i = 1; i <= CRYPTO_ALGORITHM_MAX; i++)
-		if (crypto_drivers[driverid].cc_alg[i] != 0)
-			break;
+		/* Was this the last algorithm ? */
+		for (i = 1; i <= CRYPTO_ALGORITHM_MAX; i++)
+			if (crypto_drivers[driverid].cc_alg[i] != 0)
+				break;
+	}
 
-	if (i == CRYPTO_ALGORITHM_MAX + 1) {
+	/*
+	 * If a driver unregistered its last algorithm or all of them
+	 * (alg == CRYPTO_ALGORITHM_ALL), cleanup its entry.
+	 */
+	if (i == CRYPTO_ALGORITHM_MAX + 1 || alg == CRYPTO_ALGORITHM_ALL) {
 		ses = crypto_drivers[driverid].cc_sessions;
 		bzero(&crypto_drivers[driverid], sizeof(struct cryptocap));
 		if (ses != 0) {
@@ -344,12 +408,23 @@ int
 crypto_dispatch(struct cryptop *crp)
 {
 	int s = splimp();
+	u_int32_t hid;
+
+	/*
+	 * Keep track of ops per driver, for coallescing purposes. If
+	 * we have been given an invalid hid, we'll deal with in the
+	 * crypto_invoke(), through session migration.
+	 */
+	hid = (crp->crp_sid >> 32) & 0xffffffff;
+	if (hid < crypto_drivers_num)
+		crypto_drivers[hid].cc_queued++;
 
+	crp->crp_next = NULL;
 	if (crp_req_queue == NULL) {
 		crp_req_queue = crp;
 		crp_req_queue_tail = &(crp->crp_next);
 		splx(s);
-		wakeup((caddr_t) &crp_req_queue);
+		wakeup((caddr_t) &crp_req_queue); /* Shared wait channel. */
 	} else {
 		*crp_req_queue_tail = crp;
 		crp_req_queue_tail = &(crp->crp_next);
@@ -363,11 +438,12 @@ crypto_kdispatch(struct cryptkop *krp)
 {
 	int s = splimp();
 
+	krp->krp_next = NULL;
 	if (krp_req_queue == NULL) {
 		krp_req_queue = krp;
 		krp_req_queue_tail = &(krp->krp_next);
 		splx(s);
-		wakeup((caddr_t) &crp_req_queue);	/* shared wait channel */
+		wakeup((caddr_t) &crp_req_queue); /* Shared wait channel. */
 	} else {
 		*krp_req_queue_tail = krp;
 		krp_req_queue_tail = &(krp->krp_next);
@@ -377,7 +453,7 @@ crypto_kdispatch(struct cryptkop *krp)
 }
 
 /*
- * Dispatch an assymetric crypto request to the appropriate crypto devices.
+ * Dispatch an asymmetric crypto request to the appropriate crypto devices.
  */
 int
 crypto_kinvoke(struct cryptkop *krp)
@@ -401,12 +477,17 @@ crypto_kinvoke(struct cryptkop *krp)
 			continue;
 		break;
 	}
+
 	if (hid == crypto_drivers_num) {
 		krp->krp_status = ENODEV;
 		crypto_kdone(krp);
 		return (0);
 	}
+
 	krp->krp_hid = hid;
+
+	crypto_drivers[hid].cc_koperations++;
+
 	error = crypto_drivers[hid].cc_kprocess(krp);
 	if (error) {
 		krp->krp_status = error;
@@ -437,40 +518,46 @@ crypto_invoke(struct cryptop *crp)
 	}
 
 	hid = (crp->crp_sid >> 32) & 0xffffffff;
-	if (hid >= crypto_drivers_num) {
-		/* Migrate session. */
-		for (crd = crp->crp_desc; crd->crd_next; crd = crd->crd_next)
-			crd->CRD_INI.cri_next = &(crd->crd_next->CRD_INI);
+	if (hid >= crypto_drivers_num)
+		goto migrate;
 
-		if (crypto_newsession(&nid, &(crp->crp_desc->CRD_INI), 0) == 0)
-			crp->crp_sid = nid;
+	crypto_drivers[hid].cc_queued--;
 
-		crp->crp_etype = EAGAIN;
-		crypto_done(crp);
-		return 0;
-	}
-
-	if (crypto_drivers[hid].cc_flags & CRYPTOCAP_F_CLEANUP)
+	if (crypto_drivers[hid].cc_flags & CRYPTOCAP_F_CLEANUP) {
 		crypto_freesession(crp->crp_sid);
+		goto migrate;
+	}
 
-	if (crypto_drivers[hid].cc_process == NULL) {
-		/* Migrate session. */
-		for (crd = crp->crp_desc; crd->crd_next; crd = crd->crd_next)
-			crd->CRD_INI.cri_next = &(crd->crd_next->CRD_INI);
+	if (crypto_drivers[hid].cc_process == NULL)
+		goto migrate;
 
-		if (crypto_newsession(&nid, &(crp->crp_desc->CRD_INI), 0) == 0)
-			crp->crp_sid = nid;
-
-		crp->crp_etype = EAGAIN;
-		crypto_done(crp);
-		return 0;
-	}
+	crypto_drivers[hid].cc_operations++;
+	crypto_drivers[hid].cc_bytes += crp->crp_ilen;
 
 	error = crypto_drivers[hid].cc_process(crp);
 	if (error) {
-		crp->crp_etype = error;
-		crypto_done(crp);
+		if (error == ERESTART) {
+			/* Unregister driver and migrate session. */
+			crypto_unregister(hid, CRYPTO_ALGORITHM_ALL);
+			goto migrate;
+		} else {
+			crp->crp_etype = error;
+			crypto_done(crp);
+		}
 	}
+
+	return 0;
+
+ migrate:
+	/* Migrate session. */
+	for (crd = crp->crp_desc; crd->crd_next; crd = crd->crd_next)
+		crd->CRD_INI.cri_next = &(crd->crd_next->CRD_INI);
+
+	if (crypto_newsession(&nid, &(crp->crp_desc->CRD_INI), 0) == 0)
+		crp->crp_sid = nid;
+
+	crp->crp_etype = EAGAIN;
+	crypto_done(crp);
 	return 0;
 }
 
@@ -545,8 +632,8 @@ crypto_getreq(int num)
 void
 crypto_thread(void)
 {
-	struct cryptop *crp;
-	struct cryptkop *krp;
+	struct cryptop *crp, *crpt;
+	struct cryptkop *krp, *krpt;
 	int s;
 
 	s = splimp();
@@ -554,7 +641,10 @@ crypto_thread(void)
 	for (;;) {
 		crp = crp_req_queue;
 		krp = krp_req_queue;
-		if (crp == NULL && krp == NULL) {
+		crpt = crp_ret_queue;
+		krpt = krp_ret_queue;
+		if (crp == NULL && krp == NULL &&
+		    crpt == NULL && krpt == NULL) {
 			(void) tsleep(&crp_req_queue, PLOCK, "crypto_wait", 0);
 			continue;
 		}
@@ -569,6 +659,24 @@ crypto_thread(void)
 			krp_req_queue = krp->krp_next;
 			crypto_kinvoke(krp);
 		}
+		if (crpt) {
+			/* Remove from the queue. */
+			crp_ret_queue = crpt->crp_next;
+			splx(s);
+			crpt->crp_callback(crpt);
+			splimp();
+		}
+		if (krpt) {
+			/* Remove from the queue. */
+			krp_ret_queue = krpt->krp_next;
+			/*
+			 * Cheat. For public key ops, we know that
+			 * all that's done is a wakeup() for the
+			 * userland process, so don't bother to
+			 * change the processor priority.
+			 */
+			krpt->krp_callback(krpt);
+		}
 	}
 }
 
@@ -578,7 +686,19 @@ crypto_thread(void)
 void
 crypto_done(struct cryptop *crp)
 {
-	crp->crp_callback(crp);
+	int s = splimp();
+
+	crp->crp_next = NULL;
+	if (crp_ret_queue == NULL) {
+		crp_ret_queue = crp;
+		crp_ret_queue_tail = &(crp->crp_next);
+		splx(s);
+		wakeup((caddr_t) &crp_req_queue); /* Shared wait channel. */
+	} else {
+		*crp_ret_queue_tail = crp;
+		crp_ret_queue_tail = &(crp->crp_next);
+		splx(s);
+	}
 }
 
 /*
@@ -587,7 +707,19 @@ crypto_done(struct cryptop *crp)
 void
 crypto_kdone(struct cryptkop *krp)
 {
-	krp->krp_callback(krp);
+	int s = splimp();
+
+	krp->krp_next = NULL;
+	if (krp_ret_queue == NULL) {
+		krp_ret_queue = krp;
+		krp_ret_queue_tail = &(krp->krp_next);
+		splx(s);
+		wakeup((caddr_t) &crp_req_queue); /* Shared wait channel. */
+	} else {
+		*krp_ret_queue_tail = krp;
+		krp_ret_queue_tail = &(krp->krp_next);
+		splx(s);
+	}
 }
 
 int
diff --git a/sys/crypto/cryptodev.c b/sys/crypto/cryptodev.c
index 91e4e46c77c..25386790a0a 100644
--- a/sys/crypto/cryptodev.c
+++ b/sys/crypto/cryptodev.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: cryptodev.c,v 1.54 2002/11/12 18:23:13 jason Exp $	*/
+/*	$OpenBSD: cryptodev.c,v 1.55 2002/11/21 19:34:25 jason Exp $	*/
 
 /*
  * Copyright (c) 2001 Theo de Raadt
@@ -304,8 +304,9 @@ cryptodev_op(struct csession *cse, struct crypt_op *cop, struct proc *p)
 	if (cop->len > 256*1024-4)
 		return (E2BIG);
 
-	if (cse->txform && (cop->len % cse->txform->blocksize) != 0)
+	if (cse->txform && (cop->len % cse->txform->blocksize) != 0) {
 		return (EINVAL);
+	}
 
 	bzero(&cse->uio, sizeof(cse->uio));
 	cse->uio.uio_iovcnt = 1;
diff --git a/sys/crypto/cryptodev.h b/sys/crypto/cryptodev.h
index 8160ec2620a..0fa8a653b2f 100644
--- a/sys/crypto/cryptodev.h
+++ b/sys/crypto/cryptodev.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: cryptodev.h,v 1.34 2002/11/12 18:23:13 jason Exp $	*/
+/*	$OpenBSD: cryptodev.h,v 1.35 2002/11/21 19:34:25 jason Exp $	*/
 
 /*
  * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)
@@ -96,6 +96,8 @@
 #define CRYPTO_NULL		16
 #define CRYPTO_ALGORITHM_MAX	16 /* Keep updated - see below */
 
+#define	CRYPTO_ALGORITHM_ALL	(CRYPTO_ALGORITHM_MAX + 1)
+
 /* Algorithm flags */
 #define	CRYPTO_ALG_FLAG_SUPPORTED	0x01 /* Algorithm is supported */
 #define	CRYPTO_ALG_FLAG_RNG_ENABLE	0x02 /* Has HW RNG for DH/DSA */
@@ -216,21 +218,25 @@ struct cryptkop {
 
 /* Crypto capabilities structure */
 struct cryptocap {
-	u_int32_t	cc_sessions;
+	u_int64_t	cc_operations;	/* Counter of how many ops done */
+	u_int64_t	cc_bytes;	/* Counter of how many bytes done */
+	u_int64_t	cc_koperations;	/* How many PK ops done */
+
+	u_int32_t	cc_sessions;	/* How many sessions allocated */
 
-	/*
-	 * Largest possible operator length (in bits) for each type of
-	 * encryption algorithm.
-	 */
-	u_int16_t	cc_max_op_len[CRYPTO_ALGORITHM_MAX + 1];
+	/* Symmetric/hash algorithms supported */
+	int		cc_alg[CRYPTO_ALGORITHM_MAX + 1];
 
-	u_int8_t	cc_alg[CRYPTO_ALGORITHM_MAX + 1];
+	/* Asymmetric algorithms supported */
+	int		cc_kalg[CRK_ALGORITHM_MAX + 1];
 
-	u_int8_t	cc_kalg[CRK_ALGORITHM_MAX + 1];
+	int		cc_queued;	/* Operations queued */
 
 	u_int8_t	cc_flags;
-#define CRYPTOCAP_F_CLEANUP   0x1
-#define CRYPTOCAP_F_SOFTWARE  0x02
+#define CRYPTOCAP_F_CLEANUP     0x01
+#define CRYPTOCAP_F_SOFTWARE    0x02
+#define CRYPTOCAP_F_ENCRYPT_MAC 0x04 /* Can do encrypt-then-MAC (IPsec) */
+#define CRYPTOCAP_F_MAC_ENCRYPT 0x08 /* Can do MAC-then-encrypt (TLS) */
 
 	int		(*cc_newsession) (u_int32_t *, struct cryptoini *);
 	int		(*cc_process) (struct cryptop *);
@@ -290,11 +296,10 @@ int	crypto_newsession(u_int64_t *, struct cryptoini *, int);
 int	crypto_freesession(u_int64_t);
 int	crypto_dispatch(struct cryptop *);
 int	crypto_kdispatch(struct cryptkop *);
-int	crypto_register(u_int32_t, int, u_int16_t, u_int32_t,
+int	crypto_register(u_int32_t, int *,
 	    int (*)(u_int32_t *, struct cryptoini *), int (*)(u_int64_t),
 	    int (*)(struct cryptop *));
-int	crypto_kregister(u_int32_t, int, u_int32_t,
-	    int (*)(struct cryptkop *));
+int	crypto_kregister(u_int32_t, int *, int (*)(struct cryptkop *));
 int	crypto_unregister(u_int32_t, int);
 int32_t	crypto_get_driverid(u_int8_t);
 void	crypto_thread(void);
diff --git a/sys/crypto/cryptosoft.c b/sys/crypto/cryptosoft.c
index 6b50bf664c5..e42149f4df4 100644
--- a/sys/crypto/cryptosoft.c
+++ b/sys/crypto/cryptosoft.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: cryptosoft.c,v 1.36 2002/11/12 18:23:13 jason Exp $	*/
+/*	$OpenBSD: cryptosoft.c,v 1.37 2002/11/21 19:34:25 jason Exp $	*/
 
 /*
  * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)
@@ -920,40 +920,34 @@ done:
 void
 swcr_init(void)
 {
-	swcr_id = crypto_get_driverid(CRYPTOCAP_F_SOFTWARE);
+	int algs[CRYPTO_ALGORITHM_MAX + 1];
+	int flags = CRYPTOCAP_F_SOFTWARE | CRYPTOCAP_F_ENCRYPT_MAC |
+	    CRYPTOCAP_F_MAC_ENCRYPT;
+
+	swcr_id = crypto_get_driverid(flags);
 	if (swcr_id < 0) {
 		/* This should never happen */
 		panic("Software crypto device cannot initialize!");
 	}
 
-	crypto_register(swcr_id, CRYPTO_DES_CBC, 0, 0, swcr_newsession,
+	bzero(algs, sizeof(algs));
+
+	algs[CRYPTO_DES_CBC] = CRYPTO_ALG_FLAG_SUPPORTED;
+	algs[CRYPTO_3DES_CBC] = CRYPTO_ALG_FLAG_SUPPORTED;
+	algs[CRYPTO_BLF_CBC] = CRYPTO_ALG_FLAG_SUPPORTED;
+	algs[CRYPTO_CAST_CBC] = CRYPTO_ALG_FLAG_SUPPORTED;
+	algs[CRYPTO_SKIPJACK_CBC] = CRYPTO_ALG_FLAG_SUPPORTED;
+	algs[CRYPTO_MD5_HMAC] = CRYPTO_ALG_FLAG_SUPPORTED;
+	algs[CRYPTO_SHA1_HMAC] = CRYPTO_ALG_FLAG_SUPPORTED;
+	algs[CRYPTO_RIPEMD160_HMAC] = CRYPTO_ALG_FLAG_SUPPORTED;
+	algs[CRYPTO_MD5_KPDK] = CRYPTO_ALG_FLAG_SUPPORTED;
+	algs[CRYPTO_SHA1_KPDK] = CRYPTO_ALG_FLAG_SUPPORTED;
+	algs[CRYPTO_MD5] = CRYPTO_ALG_FLAG_SUPPORTED;
+	algs[CRYPTO_SHA1] = CRYPTO_ALG_FLAG_SUPPORTED;
+	algs[CRYPTO_RIJNDAEL128_CBC] = CRYPTO_ALG_FLAG_SUPPORTED;
+	algs[CRYPTO_DEFLATE_COMP] = CRYPTO_ALG_FLAG_SUPPORTED;
+	algs[CRYPTO_NULL] = CRYPTO_ALG_FLAG_SUPPORTED;
+
+	crypto_register(swcr_id, algs, swcr_newsession,
 	    swcr_freesession, swcr_process);
-	crypto_register(swcr_id, CRYPTO_3DES_CBC, 0, 0,
-	    NULL, NULL, NULL);
-	crypto_register(swcr_id, CRYPTO_BLF_CBC, 0, 0,
-	    NULL, NULL, NULL);
-	crypto_register(swcr_id, CRYPTO_CAST_CBC, 0, 0,
-	    NULL, NULL, NULL);
-	crypto_register(swcr_id, CRYPTO_SKIPJACK_CBC, 0, 0,
-	    NULL, NULL, NULL);
-	crypto_register(swcr_id, CRYPTO_MD5_HMAC, 0, 0,
-	    NULL, NULL, NULL);
-	crypto_register(swcr_id, CRYPTO_SHA1_HMAC, 0, 0,
-	    NULL, NULL, NULL);
-	crypto_register(swcr_id, CRYPTO_RIPEMD160_HMAC, 0, 0,
-	    NULL, NULL, NULL);
-	crypto_register(swcr_id, CRYPTO_MD5_KPDK, 0, 0,
-	    NULL, NULL, NULL);
-	crypto_register(swcr_id, CRYPTO_SHA1_KPDK, 0, 0,
-	    NULL, NULL, NULL);
-	crypto_register(swcr_id, CRYPTO_MD5, 0, 0,
-	    NULL, NULL, NULL);
-	crypto_register(swcr_id, CRYPTO_SHA1, 0, 0,
-	    NULL, NULL, NULL);
-	crypto_register(swcr_id, CRYPTO_RIJNDAEL128_CBC, 0, 0,
-	    NULL, NULL, NULL);
-	crypto_register(swcr_id, CRYPTO_DEFLATE_COMP, 0, 0,
-	    NULL, NULL, NULL);
-	crypto_register(swcr_id, CRYPTO_NULL, 0, 0,
-	    NULL, NULL, NULL);
 }
diff --git a/sys/dev/pci/hifn7751.c b/sys/dev/pci/hifn7751.c
index 5be93e94619..70834edf503 100644
--- a/sys/dev/pci/hifn7751.c
+++ b/sys/dev/pci/hifn7751.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: hifn7751.c,v 1.133 2002/11/19 18:40:17 jason Exp $	*/
+/*	$OpenBSD: hifn7751.c,v 1.134 2002/11/21 19:34:25 jason Exp $	*/
 
 /*
  * Invertex AEON / Hifn 7751 driver
@@ -150,6 +150,7 @@ hifn_attach(parent, self, aux)
 	u_int16_t ena;
 	int rseg;
 	caddr_t kva;
+	int algs[CRYPTO_ALGORITHM_MAX + 1];
 
 	sc->sc_pci_pc = pa->pa_pc;
 	sc->sc_pci_tag = pa->pa_tag;
@@ -290,26 +291,24 @@ hifn_attach(parent, self, aux)
 	    READ_REG_0(sc, HIFN_0_PUCNFG) | HIFN_PUCNFG_CHIPID);
 	ena = READ_REG_0(sc, HIFN_0_PUSTAT) & HIFN_PUSTAT_CHIPENA;
 
+	bzero(algs, sizeof(algs));
+
 	switch (ena) {
 	case HIFN_PUSTAT_ENA_2:
-		crypto_register(sc->sc_cid, CRYPTO_3DES_CBC, 0, 0,
-		    hifn_newsession, hifn_freesession, hifn_process);
-		crypto_register(sc->sc_cid, CRYPTO_ARC4, 0, 0,
-		    hifn_newsession, hifn_freesession, hifn_process);
+		algs[CRYPTO_3DES_CBC] = CRYPTO_ALG_FLAG_SUPPORTED;
+		algs[CRYPTO_ARC4] = CRYPTO_ALG_FLAG_SUPPORTED;
 		/*FALLTHROUGH*/
 	case HIFN_PUSTAT_ENA_1:
-		crypto_register(sc->sc_cid, CRYPTO_MD5, 0, 0,
-		    hifn_newsession, hifn_freesession, hifn_process);
-		crypto_register(sc->sc_cid, CRYPTO_SHA1, 0, 0,
-		    hifn_newsession, hifn_freesession, hifn_process);
-		crypto_register(sc->sc_cid, CRYPTO_MD5_HMAC, 0, 0,
-		    hifn_newsession, hifn_freesession, hifn_process);
-		crypto_register(sc->sc_cid, CRYPTO_SHA1_HMAC, 0, 0,
-		    hifn_newsession, hifn_freesession, hifn_process);
-		crypto_register(sc->sc_cid, CRYPTO_DES_CBC, 0, 0,
-		    hifn_newsession, hifn_freesession, hifn_process);
+		algs[CRYPTO_MD5] = CRYPTO_ALG_FLAG_SUPPORTED;
+		algs[CRYPTO_SHA1] = CRYPTO_ALG_FLAG_SUPPORTED;
+		algs[CRYPTO_MD5_HMAC] = CRYPTO_ALG_FLAG_SUPPORTED;
+		algs[CRYPTO_SHA1_HMAC] = CRYPTO_ALG_FLAG_SUPPORTED;
+		algs[CRYPTO_DES_CBC] = CRYPTO_ALG_FLAG_SUPPORTED;
 	}
 
+	crypto_register(sc->sc_cid, algs, hifn_newsession,
+	    hifn_freesession, hifn_process);
+
 	bus_dmamap_sync(sc->sc_dmat, sc->sc_dmamap, 0,
 	    sc->sc_dmamap->dm_mapsize,
 	    BUS_DMASYNC_PREREAD | BUS_DMASYNC_PREWRITE);
diff --git a/sys/dev/pci/lofn.c b/sys/dev/pci/lofn.c
index f9df2a53e55..0e350a1e7d3 100644
--- a/sys/dev/pci/lofn.c
+++ b/sys/dev/pci/lofn.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: lofn.c,v 1.21 2002/09/24 18:33:26 jason Exp $	*/
+/*	$OpenBSD: lofn.c,v 1.22 2002/11/21 19:34:25 jason Exp $	*/
 
 /*
  * Copyright (c) 2001-2002 Jason L. Wright (jason@thought.net)
@@ -114,6 +114,7 @@ lofn_attach(parent, self, aux)
 	const char *intrstr = NULL;
 	bus_size_t iosize;
 	u_int32_t cmd;
+	int algs[CRK_ALGORITHM_MAX + 1];
 
 	cmd = pci_conf_read(pc, pa->pa_tag, PCI_COMMAND_STATUS_REG);
 	cmd |= PCI_COMMAND_MEM_ENABLE;
@@ -168,7 +169,10 @@ lofn_attach(parent, self, aux)
 		return;
 	}
 
-	crypto_kregister(sc->sc_cid, CRK_MOD_EXP, 0, lofn_kprocess);
+	bzero(algs, sizeof(algs));
+	algs[CRK_MOD_EXP] = CRYPTO_ALG_FLAG_SUPPORTED;
+
+	crypto_kregister(sc->sc_cid, algs, lofn_kprocess);
 
 	printf(": %s\n", intrstr);
 
diff --git a/sys/dev/pci/nofn.c b/sys/dev/pci/nofn.c
index 997d6c144c1..c7717f2c1fb 100644
--- a/sys/dev/pci/nofn.c
+++ b/sys/dev/pci/nofn.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: nofn.c,v 1.6 2002/09/24 18:33:26 jason Exp $	*/
+/*	$OpenBSD: nofn.c,v 1.7 2002/11/21 19:34:25 jason Exp $	*/
 
 /*
  * Copyright (c) 2002 Jason L. Wright (jason@thought.net)
@@ -373,6 +373,7 @@ nofn_pk_enable(sc)
 	struct nofn_softc *sc;
 {
 	u_int32_t r;
+	int algs[CRK_ALGORITHM_MAX + 1];
 
 	if ((sc->sc_cid = crypto_get_driverid(0)) < 0) {
 		printf(": failed to register cid\n");
@@ -382,7 +383,9 @@ nofn_pk_enable(sc)
 	SIMPLEQ_INIT(&sc->sc_pk_queue);
 	sc->sc_pk_current = NULL;
 
-	crypto_kregister(sc->sc_cid, CRK_MOD_EXP, 0, nofn_pk_process);
+	bzero(algs, sizeof(algs));
+	algs[CRK_MOD_EXP] = CRYPTO_ALG_FLAG_SUPPORTED;
+	crypto_kregister(sc->sc_cid, algs, nofn_pk_process);
 
 	/* enable ALU */
 	r = PK_READ_4(sc, NOFN_PK_CFG2);
diff --git a/sys/dev/pci/ubsec.c b/sys/dev/pci/ubsec.c
index 187ed180ea9..aab0a78f5e7 100644
--- a/sys/dev/pci/ubsec.c
+++ b/sys/dev/pci/ubsec.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ubsec.c,v 1.119 2002/11/19 18:40:17 jason Exp $	*/
+/*	$OpenBSD: ubsec.c,v 1.120 2002/11/21 19:34:25 jason Exp $	*/
 
 /*
  * Copyright (c) 2000 Jason L. Wright (jason@thought.net)
@@ -167,6 +167,8 @@ ubsec_attach(parent, self, aux)
 	struct ubsec_dma *dmap;
 	bus_size_t iosize;
 	u_int32_t cmd, i;
+	int algs[CRYPTO_ALGORITHM_MAX + 1];
+	int kalgs[CRK_ALGORITHM_MAX + 1];
 
 	SIMPLEQ_INIT(&sc->sc_queue);
 	SIMPLEQ_INIT(&sc->sc_qchip);
@@ -273,11 +275,13 @@ ubsec_attach(parent, self, aux)
 		SIMPLEQ_INSERT_TAIL(&sc->sc_freequeue, q, q_next);
 	}
 
-	crypto_register(sc->sc_cid, CRYPTO_3DES_CBC, 0, 0,
-	    ubsec_newsession, ubsec_freesession, ubsec_process);
-	crypto_register(sc->sc_cid, CRYPTO_DES_CBC, 0, 0, NULL, NULL, NULL);
-	crypto_register(sc->sc_cid, CRYPTO_MD5_HMAC, 0, 0, NULL, NULL, NULL);
-	crypto_register(sc->sc_cid, CRYPTO_SHA1_HMAC, 0, 0, NULL, NULL, NULL);
+	bzero(algs, sizeof(algs));
+	algs[CRYPTO_3DES_CBC] = CRYPTO_ALG_FLAG_SUPPORTED;
+	algs[CRYPTO_DES_CBC] = CRYPTO_ALG_FLAG_SUPPORTED;
+	algs[CRYPTO_MD5_HMAC] = CRYPTO_ALG_FLAG_SUPPORTED;
+	algs[CRYPTO_SHA1_HMAC] = CRYPTO_ALG_FLAG_SUPPORTED;
+	crypto_register(sc->sc_cid, algs, ubsec_newsession,
+	    ubsec_freesession, ubsec_process);
 
 	/*
 	 * Reset Broadcom chip
@@ -332,10 +336,13 @@ skip_rng:
 	if (sc->sc_flags & UBS_FLAGS_KEY) {
 		sc->sc_statmask |= BS_STAT_MCR2_DONE;
 
-		crypto_kregister(sc->sc_cid, CRK_MOD_EXP, 0, ubsec_kprocess);
+		bzero(kalgs, sizeof(kalgs));
+		kalgs[CRK_MOD_EXP] = CRYPTO_ALG_FLAG_SUPPORTED;
 #if 0
-		crypto_kregister(sc->sc_cid, CRK_MOD_EXP_CRT, 0, ubsec_kprocess);
+		kalgs[CRK_MOD_EXP_CRT] = CRYPTO_ALG_FLAG_SUPPORTED;
 #endif
+
+		crypto_kregister(sc->sc_cid, kalgs, ubsec_kprocess);
 	}
 
 	printf("\n");