summaryrefslogtreecommitdiff
path: root/sys
diff options
context:
space:
mode:
Diffstat (limited to 'sys')
-rw-r--r--sys/arch/amd64/amd64/aesni.c3
-rw-r--r--sys/arch/amd64/amd64/via.c3
-rw-r--r--sys/arch/arm64/arm64/cryptox.c3
-rw-r--r--sys/arch/i386/i386/via.c3
-rw-r--r--sys/arch/i386/pci/glxsb.c3
-rw-r--r--sys/arch/octeon/dev/octcrypto.c3
-rw-r--r--sys/crypto/crypto.c42
-rw-r--r--sys/crypto/cryptodev.h8
-rw-r--r--sys/crypto/cryptosoft.c3
-rw-r--r--sys/dev/softraid_crypto.c27
-rw-r--r--sys/dev/softraid_raid1c.c13
-rw-r--r--sys/netinet/ip_ah.c68
-rw-r--r--sys/netinet/ip_esp.c67
-rw-r--r--sys/netinet/ip_ipcomp.c71
-rw-r--r--sys/netinet/ip_ipsp.h4
-rw-r--r--sys/netinet/ipsec_input.c74
-rw-r--r--sys/netinet/ipsec_output.c77
17 files changed, 209 insertions, 263 deletions
diff --git a/sys/arch/amd64/amd64/aesni.c b/sys/arch/amd64/amd64/aesni.c
index 12ed40b37a8..d99c1c745ea 100644
--- a/sys/arch/amd64/amd64/aesni.c
+++ b/sys/arch/amd64/amd64/aesni.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: aesni.c,v 1.51 2021/10/13 13:08:58 bluhm Exp $ */
+/* $OpenBSD: aesni.c,v 1.52 2021/10/23 15:42:34 tobhe Exp $ */
/*-
* Copyright (c) 2003 Jason Wright
* Copyright (c) 2003, 2004 Theo de Raadt
@@ -699,7 +699,6 @@ aesni_process(struct cryptop *crp)
out:
smr_read_leave();
crp->crp_etype = err;
- crypto_done(crp);
return (err);
}
diff --git a/sys/arch/amd64/amd64/via.c b/sys/arch/amd64/amd64/via.c
index d6f04c3a88c..041b4a15377 100644
--- a/sys/arch/amd64/amd64/via.c
+++ b/sys/arch/amd64/amd64/via.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: via.c,v 1.35 2021/10/13 13:08:58 bluhm Exp $ */
+/* $OpenBSD: via.c,v 1.36 2021/10/23 15:42:34 tobhe Exp $ */
/* $NetBSD: machdep.c,v 1.214 1996/11/10 03:16:17 thorpej Exp $ */
/*-
@@ -460,7 +460,6 @@ viac3_crypto_process(struct cryptop *crp)
}
out:
crp->crp_etype = err;
- crypto_done(crp);
return (err);
}
diff --git a/sys/arch/arm64/arm64/cryptox.c b/sys/arch/arm64/arm64/cryptox.c
index 0b4ff183f04..c97da3a0ca3 100644
--- a/sys/arch/arm64/arm64/cryptox.c
+++ b/sys/arch/arm64/arm64/cryptox.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cryptox.c,v 1.3 2021/10/13 13:08:58 bluhm Exp $ */
+/* $OpenBSD: cryptox.c,v 1.4 2021/10/23 15:42:35 tobhe Exp $ */
/*
* Copyright (c) 2003 Jason Wright
* Copyright (c) 2003, 2004 Theo de Raadt
@@ -486,6 +486,5 @@ cryptox_process(struct cryptop *crp)
out:
smr_read_leave();
crp->crp_etype = err;
- crypto_done(crp);
return (err);
}
diff --git a/sys/arch/i386/i386/via.c b/sys/arch/i386/i386/via.c
index 9822bec8519..3a93e6c289f 100644
--- a/sys/arch/i386/i386/via.c
+++ b/sys/arch/i386/i386/via.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: via.c,v 1.48 2021/10/13 13:08:58 bluhm Exp $ */
+/* $OpenBSD: via.c,v 1.49 2021/10/23 15:42:35 tobhe Exp $ */
/* $NetBSD: machdep.c,v 1.214 1996/11/10 03:16:17 thorpej Exp $ */
/*-
@@ -468,7 +468,6 @@ viac3_crypto_process(struct cryptop *crp)
}
out:
crp->crp_etype = err;
- crypto_done(crp);
return (err);
}
diff --git a/sys/arch/i386/pci/glxsb.c b/sys/arch/i386/pci/glxsb.c
index 2dca0de55fb..e09cea3f7d7 100644
--- a/sys/arch/i386/pci/glxsb.c
+++ b/sys/arch/i386/pci/glxsb.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: glxsb.c,v 1.38 2021/10/13 13:08:58 bluhm Exp $ */
+/* $OpenBSD: glxsb.c,v 1.39 2021/10/23 15:42:35 tobhe Exp $ */
/*
* Copyright (c) 2006 Tom Cosgrove <tom@openbsd.org>
@@ -825,7 +825,6 @@ glxsb_crypto_process(struct cryptop *crp)
out:
crp->crp_etype = err;
- crypto_done(crp);
splx(s);
return (err);
}
diff --git a/sys/arch/octeon/dev/octcrypto.c b/sys/arch/octeon/dev/octcrypto.c
index 26449679790..29017de999e 100644
--- a/sys/arch/octeon/dev/octcrypto.c
+++ b/sys/arch/octeon/dev/octcrypto.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: octcrypto.c,v 1.6 2021/10/13 13:08:58 bluhm Exp $ */
+/* $OpenBSD: octcrypto.c,v 1.7 2021/10/23 15:42:35 tobhe Exp $ */
/*
* Copyright (c) 2018 Visa Hankala
@@ -658,7 +658,6 @@ out:
smr_read_leave();
crp->crp_etype = error;
- crypto_done(crp);
return error;
}
diff --git a/sys/crypto/crypto.c b/sys/crypto/crypto.c
index c4bc6064a9b..6efb0d791f2 100644
--- a/sys/crypto/crypto.c
+++ b/sys/crypto/crypto.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: crypto.c,v 1.89 2021/10/21 23:03:48 tobhe Exp $ */
+/* $OpenBSD: crypto.c,v 1.90 2021/10/23 15:42:35 tobhe Exp $ */
/*
* The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)
*
@@ -377,33 +377,6 @@ crypto_unregister(u_int32_t driverid, int alg)
}
/*
- * Add crypto request to a queue, to be processed by a kernel thread.
- */
-void
-crypto_dispatch(struct cryptop *crp)
-{
- int lock = 1, s;
- u_int32_t hid;
-
- s = splvm();
- hid = (crp->crp_sid >> 32) & 0xffffffff;
- if (hid < crypto_drivers_num) {
- if (crypto_drivers[hid].cc_flags & CRYPTOCAP_F_MPSAFE)
- lock = 0;
- }
- splx(s);
-
- /* XXXSMP crypto_invoke() is not MP safe */
- lock = 1;
-
- if (lock)
- KERNEL_LOCK();
- crypto_invoke(crp);
- if (lock)
- KERNEL_UNLOCK();
-}
-
-/*
* Dispatch a crypto request to the appropriate crypto devices.
*/
void
@@ -416,7 +389,6 @@ crypto_invoke(struct cryptop *crp)
/* Sanity checks. */
KASSERT(crp != NULL);
- KASSERT(crp->crp_callback != NULL);
KERNEL_ASSERT_LOCKED();
@@ -466,7 +438,6 @@ crypto_invoke(struct cryptop *crp)
crp->crp_etype = EAGAIN;
done:
- crypto_done(crp);
splx(s);
}
@@ -518,14 +489,3 @@ crypto_init(void)
pool_init(&cryptop_pool, sizeof(struct cryptop), 0, IPL_VM, 0,
"cryptop", NULL);
}
-
-/*
- * Invoke the callback on behalf of the driver.
- */
-void
-crypto_done(struct cryptop *crp)
-{
- crp->crp_flags |= CRYPTO_F_DONE;
-
- crp->crp_callback(crp);
-}
diff --git a/sys/crypto/cryptodev.h b/sys/crypto/cryptodev.h
index 5caa5125a46..4af72c7a9a5 100644
--- a/sys/crypto/cryptodev.h
+++ b/sys/crypto/cryptodev.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: cryptodev.h,v 1.79 2021/10/22 12:30:53 bluhm Exp $ */
+/* $OpenBSD: cryptodev.h,v 1.80 2021/10/23 15:42:35 tobhe Exp $ */
/*
* The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)
@@ -169,18 +169,14 @@ struct cryptop {
#define CRYPTO_F_IMBUF 0x0001 /* Input/output are mbuf chains, otherwise contig */
#define CRYPTO_F_IOV 0x0002 /* Input/output are uio */
#define CRYPTO_F_MPSAFE 0x0004 /* Do not use kernel lock for callback */
-#define CRYPTO_F_DONE 0x0010 /* request completed */
void *crp_buf; /* Data to be processed */
- void *crp_opaque; /* Opaque pointer, passed along */
struct cryptodesc *crp_desc; /* List of processing descriptors */
struct cryptodesc crp_sdesc[2]; /* Static array for small ops */
int crp_ndesc; /* Amount of descriptors to use */
int crp_ndescalloc;/* Amount of descriptors allocated */
- void (*crp_callback)(struct cryptop *); /* Callback function */
-
caddr_t crp_mac;
};
@@ -214,14 +210,12 @@ void crypto_init(void);
int crypto_newsession(u_int64_t *, struct cryptoini *, int);
int crypto_freesession(u_int64_t);
-void crypto_dispatch(struct cryptop *);
int crypto_register(u_int32_t, int *,
int (*)(u_int32_t *, struct cryptoini *), int (*)(u_int64_t),
int (*)(struct cryptop *));
int crypto_unregister(u_int32_t, int);
int32_t crypto_get_driverid(u_int8_t);
void crypto_invoke(struct cryptop *);
-void crypto_done(struct cryptop *);
void cuio_copydata(struct uio *, int, int, caddr_t);
void cuio_copyback(struct uio *, int, int, const void *);
diff --git a/sys/crypto/cryptosoft.c b/sys/crypto/cryptosoft.c
index 3fc7e3ca8f0..dcb815aaa17 100644
--- a/sys/crypto/cryptosoft.c
+++ b/sys/crypto/cryptosoft.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cryptosoft.c,v 1.89 2021/10/13 13:08:58 bluhm Exp $ */
+/* $OpenBSD: cryptosoft.c,v 1.90 2021/10/23 15:42:35 tobhe Exp $ */
/*
* The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)
@@ -1129,7 +1129,6 @@ swcr_process(struct cryptop *crp)
}
done:
- crypto_done(crp);
return 0;
}
diff --git a/sys/dev/softraid_crypto.c b/sys/dev/softraid_crypto.c
index 867e9f61df5..376deb19b01 100644
--- a/sys/dev/softraid_crypto.c
+++ b/sys/dev/softraid_crypto.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: softraid_crypto.c,v 1.143 2021/10/22 05:06:37 anton Exp $ */
+/* $OpenBSD: softraid_crypto.c,v 1.144 2021/10/23 15:42:35 tobhe Exp $ */
/*
* Copyright (c) 2007 Marco Peereboom <marco@peereboom.us>
* Copyright (c) 2008 Hans-Joerg Hoexer <hshoexer@openbsd.org>
@@ -87,13 +87,13 @@ int sr_crypto_meta_opt_handler_internal(struct sr_discipline *,
struct sr_crypto *, struct sr_meta_opt_hdr *);
int sr_crypto_meta_opt_handler(struct sr_discipline *,
struct sr_meta_opt_hdr *);
-void sr_crypto_write(struct cryptop *);
+void sr_crypto_write(struct sr_crypto_wu *);
int sr_crypto_rw(struct sr_workunit *);
int sr_crypto_dev_rw(struct sr_workunit *, struct sr_crypto_wu *);
void sr_crypto_done_internal(struct sr_workunit *,
struct sr_crypto *);
void sr_crypto_done(struct sr_workunit *);
-void sr_crypto_read(struct cryptop *);
+void sr_crypto_read(struct sr_crypto_wu *);
void sr_crypto_calculate_check_hmac_sha1(u_int8_t *, int,
u_int8_t *, int, u_char *);
void sr_crypto_hotplug(struct sr_discipline *, struct disk *, int);
@@ -322,7 +322,6 @@ sr_crypto_prepare(struct sr_workunit *wu, struct sr_crypto *mdd_crypto,
keyndx = blkno >> SR_CRYPTO_KEY_BLKSHIFT;
crwu->cr_crp->crp_sid = mdd_crypto->scr_sid[keyndx];
- crwu->cr_crp->crp_opaque = crwu;
crwu->cr_crp->crp_ilen = xs->datalen;
crwu->cr_crp->crp_alloctype = M_DEVBUF;
crwu->cr_crp->crp_flags = CRYPTO_F_IOV;
@@ -1168,8 +1167,8 @@ sr_crypto_rw(struct sr_workunit *wu)
if (wu->swu_xs->flags & SCSI_DATA_OUT) {
mdd_crypto = &wu->swu_dis->mds.mdd_crypto;
crwu = sr_crypto_prepare(wu, mdd_crypto, 1);
- crwu->cr_crp->crp_callback = sr_crypto_write;
- crypto_dispatch(crwu->cr_crp);
+ crypto_invoke(crwu->cr_crp);
+ sr_crypto_write(crwu);
rv = crwu->cr_crp->crp_etype;
} else
rv = sr_crypto_dev_rw(wu, NULL);
@@ -1178,16 +1177,15 @@ sr_crypto_rw(struct sr_workunit *wu)
}
void
-sr_crypto_write(struct cryptop *crp)
+sr_crypto_write(struct sr_crypto_wu *crwu)
{
- struct sr_crypto_wu *crwu = crp->crp_opaque;
struct sr_workunit *wu = &crwu->cr_wu;
int s;
DNPRINTF(SR_D_INTR, "%s: sr_crypto_write: wu %p xs: %p\n",
DEVNAME(wu->swu_dis->sd_sc), wu, wu->swu_xs);
- if (crp->crp_etype) {
+ if (crwu->cr_crp->crp_etype) {
/* fail io */
wu->swu_xs->error = XS_DRIVER_STUFFUP;
s = splbio();
@@ -1246,10 +1244,10 @@ sr_crypto_done_internal(struct sr_workunit *wu, struct sr_crypto *mdd_crypto)
/* If this was a successful read, initiate decryption of the data. */
if (ISSET(xs->flags, SCSI_DATA_IN) && xs->error == XS_NOERROR) {
crwu = sr_crypto_prepare(wu, mdd_crypto, 0);
- crwu->cr_crp->crp_callback = sr_crypto_read;
- DNPRINTF(SR_D_INTR, "%s: sr_crypto_done: crypto_dispatch %p\n",
+ DNPRINTF(SR_D_INTR, "%s: sr_crypto_done: crypto_invoke %p\n",
DEVNAME(wu->swu_dis->sd_sc), crwu->cr_crp);
- crypto_dispatch(crwu->cr_crp);
+ crypto_invoke(crwu->cr_crp);
+ sr_crypto_read(crwu);
return;
}
@@ -1266,16 +1264,15 @@ sr_crypto_done(struct sr_workunit *wu)
}
void
-sr_crypto_read(struct cryptop *crp)
+sr_crypto_read(struct sr_crypto_wu *crwu)
{
- struct sr_crypto_wu *crwu = crp->crp_opaque;
struct sr_workunit *wu = &crwu->cr_wu;
int s;
DNPRINTF(SR_D_INTR, "%s: sr_crypto_read: wu %p xs: %p\n",
DEVNAME(wu->swu_dis->sd_sc), wu, wu->swu_xs);
- if (crp->crp_etype)
+ if (crwu->cr_crp->crp_etype)
wu->swu_xs->error = XS_DRIVER_STUFFUP;
s = splbio();
diff --git a/sys/dev/softraid_raid1c.c b/sys/dev/softraid_raid1c.c
index d23323bc5e4..d428709aedb 100644
--- a/sys/dev/softraid_raid1c.c
+++ b/sys/dev/softraid_raid1c.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: softraid_raid1c.c,v 1.4 2021/10/13 22:43:44 bluhm Exp $ */
+/* $OpenBSD: softraid_raid1c.c,v 1.5 2021/10/23 15:42:35 tobhe Exp $ */
/*
* Copyright (c) 2007 Marco Peereboom <marco@peereboom.us>
* Copyright (c) 2008 Hans-Joerg Hoexer <hshoexer@openbsd.org>
@@ -58,7 +58,7 @@ void sr_raid1c_free_resources(struct sr_discipline *sd);
int sr_raid1c_ioctl(struct sr_discipline *sd, struct bioc_discipline *bd);
int sr_raid1c_meta_opt_handler(struct sr_discipline *,
struct sr_meta_opt_hdr *);
-void sr_raid1c_write(struct cryptop *);
+void sr_raid1c_write(struct sr_crypto_wu *);
int sr_raid1c_rw(struct sr_workunit *);
int sr_raid1c_dev_rw(struct sr_workunit *, struct sr_crypto_wu *);
void sr_raid1c_done(struct sr_workunit *wu);
@@ -312,16 +312,15 @@ bad:
}
void
-sr_raid1c_write(struct cryptop *crp)
+sr_raid1c_write(struct sr_crypto_wu *crwu)
{
- struct sr_crypto_wu *crwu = crp->crp_opaque;
struct sr_workunit *wu = &crwu->cr_wu;
int s;
DNPRINTF(SR_D_INTR, "%s: sr_raid1c_write: wu %p xs: %p\n",
DEVNAME(wu->swu_dis->sd_sc), wu, wu->swu_xs);
- if (crp->crp_etype) {
+ if (crwu->cr_crp->crp_etype) {
/* fail io */
wu->swu_xs->error = XS_DRIVER_STUFFUP;
s = splbio();
@@ -358,8 +357,8 @@ sr_raid1c_rw(struct sr_workunit *wu)
!ISSET(wu->swu_flags, SR_WUF_REBUILD)) {
mdd_raid1c = &wu->swu_dis->mds.mdd_raid1c;
crwu = sr_crypto_prepare(wu, &mdd_raid1c->sr1c_crypto, 1);
- crwu->cr_crp->crp_callback = sr_raid1c_write;
- crypto_dispatch(crwu->cr_crp);
+ crypto_invoke(crwu->cr_crp);
+ sr_raid1c_write(crwu);
rv = crwu->cr_crp->crp_etype;
} else
rv = sr_raid1c_dev_rw(wu, NULL);
diff --git a/sys/netinet/ip_ah.c b/sys/netinet/ip_ah.c
index a10c2a7b7ba..e64026d6392 100644
--- a/sys/netinet/ip_ah.c
+++ b/sys/netinet/ip_ah.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_ah.c,v 1.158 2021/10/22 15:44:20 bluhm Exp $ */
+/* $OpenBSD: ip_ah.c,v 1.159 2021/10/23 15:42:35 tobhe Exp $ */
/*
* The authors of this code are John Ioannidis (ji@tla.org),
* Angelos D. Keromytis (kermit@csd.uch.gr) and
@@ -531,7 +531,7 @@ ah_input(struct mbuf *m, struct tdb *tdb, int skip, int protoff)
struct tdb_crypto *tc = NULL;
u_int32_t btsx, esn;
u_int8_t hl;
- int error, rplen;
+ int error, rplen, clen;
u_int64_t ibytes;
#ifdef ENCDEBUG
char buf[INET6_ADDRSTRLEN];
@@ -686,9 +686,7 @@ ah_input(struct mbuf *m, struct tdb *tdb, int skip, int protoff)
crp->crp_ilen = m->m_pkthdr.len; /* Total input length. */
crp->crp_flags = CRYPTO_F_IMBUF | CRYPTO_F_MPSAFE;
crp->crp_buf = (caddr_t)m;
- crp->crp_callback = ipsec_input_cb;
crp->crp_sid = tdb->tdb_cryptoid;
- crp->crp_opaque = (caddr_t)tc;
/* These are passed as-is to the callback. */
tc->tc_skip = skip;
@@ -699,7 +697,34 @@ ah_input(struct mbuf *m, struct tdb *tdb, int skip, int protoff)
memcpy(&tc->tc_dst, &tdb->tdb_dst, sizeof(union sockaddr_union));
tc->tc_rpl = tdb->tdb_rpl;
- crypto_dispatch(crp);
+ KERNEL_LOCK();
+ crypto_invoke(crp);
+ while (crp->crp_etype == EAGAIN) {
+ /* Reset the session ID */
+ if (tdb->tdb_cryptoid != 0)
+ tdb->tdb_cryptoid = crp->crp_sid;
+ crypto_invoke(crp);
+ }
+ KERNEL_UNLOCK();
+ if (crp->crp_etype) {
+ DPRINTF("crypto error %d", crp->crp_etype);
+ ipsecstat_inc(ipsec_noxform);
+ error = crp->crp_etype;
+ goto drop;
+ }
+
+ /* Length of data after processing */
+ clen = crp->crp_olen;
+
+ /* Release the crypto descriptors */
+ crypto_freereq(crp);
+
+ error = ah_input_cb(tdb, tc, m, clen);
+ if (error) {
+ ipsecstat_inc(ipsec_idrops);
+ tdb->tdb_idrops++;
+ }
+
return 0;
drop:
@@ -893,7 +918,7 @@ ah_output(struct mbuf *m, struct tdb *tdb, int skip, int protoff)
struct cryptop *crp = NULL;
u_int64_t replay64;
u_int16_t iplen;
- int error, rplen, roff;
+ int error, rplen, roff, ilen, olen;
u_int8_t prot;
struct ah *ah;
#if NBPFILTER > 0
@@ -1133,9 +1158,7 @@ ah_output(struct mbuf *m, struct tdb *tdb, int skip, int protoff)
crp->crp_ilen = m->m_pkthdr.len; /* Total input length. */
crp->crp_flags = CRYPTO_F_IMBUF | CRYPTO_F_MPSAFE;
crp->crp_buf = (caddr_t)m;
- crp->crp_callback = ipsec_output_cb;
crp->crp_sid = tdb->tdb_cryptoid;
- crp->crp_opaque = (caddr_t)tc;
/* These are passed as-is to the callback. */
tc->tc_skip = skip;
@@ -1145,7 +1168,34 @@ ah_output(struct mbuf *m, struct tdb *tdb, int skip, int protoff)
tc->tc_rdomain = tdb->tdb_rdomain;
memcpy(&tc->tc_dst, &tdb->tdb_dst, sizeof(union sockaddr_union));
- crypto_dispatch(crp);
+ KERNEL_LOCK();
+ crypto_invoke(crp);
+ while (crp->crp_etype == EAGAIN) {
+ /* Reset the session ID */
+ if (tdb->tdb_cryptoid != 0)
+ tdb->tdb_cryptoid = crp->crp_sid;
+ crypto_invoke(crp);
+ }
+ KERNEL_UNLOCK();
+ if (crp->crp_etype) {
+ DPRINTF("crypto error %d", crp->crp_etype);
+ ipsecstat_inc(ipsec_noxform);
+ error = crp->crp_etype;
+ goto drop;
+ }
+
+ ilen = crp->crp_ilen;
+ olen = crp->crp_olen;
+
+ /* Release the crypto descriptors */
+ crypto_freereq(crp);
+
+ error = ah_output_cb(tdb, tc, m, ilen, olen);
+ if (error) {
+ ipsecstat_inc(ipsec_odrops);
+ tdb->tdb_odrops++;
+ }
+
return 0;
drop:
diff --git a/sys/netinet/ip_esp.c b/sys/netinet/ip_esp.c
index 1b96a2b942d..391cfe0f4f5 100644
--- a/sys/netinet/ip_esp.c
+++ b/sys/netinet/ip_esp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_esp.c,v 1.177 2021/10/22 15:44:20 bluhm Exp $ */
+/* $OpenBSD: ip_esp.c,v 1.178 2021/10/23 15:42:35 tobhe Exp $ */
/*
* The authors of this code are John Ioannidis (ji@tla.org),
* Angelos D. Keromytis (kermit@csd.uch.gr) and
@@ -347,7 +347,7 @@ esp_input(struct mbuf *m, struct tdb *tdb, int skip, int protoff)
struct cryptodesc *crde = NULL, *crda = NULL;
struct cryptop *crp = NULL;
struct tdb_crypto *tc = NULL;
- int plen, alen, hlen, error;
+ int plen, alen, hlen, error, clen;
u_int32_t btsx, esn;
#ifdef ENCDEBUG
char buf[INET6_ADDRSTRLEN];
@@ -498,9 +498,7 @@ esp_input(struct mbuf *m, struct tdb *tdb, int skip, int protoff)
crp->crp_ilen = m->m_pkthdr.len; /* Total input length */
crp->crp_flags = CRYPTO_F_IMBUF | CRYPTO_F_MPSAFE;
crp->crp_buf = (caddr_t)m;
- crp->crp_callback = ipsec_input_cb;
crp->crp_sid = tdb->tdb_cryptoid;
- crp->crp_opaque = (caddr_t)tc;
/* These are passed as-is to the callback */
tc->tc_skip = skip;
@@ -526,7 +524,33 @@ esp_input(struct mbuf *m, struct tdb *tdb, int skip, int protoff)
crde->crd_len = m->m_pkthdr.len - (skip + hlen + alen);
}
- crypto_dispatch(crp);
+ KERNEL_LOCK();
+ crypto_invoke(crp);
+ while (crp->crp_etype == EAGAIN) {
+ /* Reset the session ID */
+ if (tdb->tdb_cryptoid != 0)
+ tdb->tdb_cryptoid = crp->crp_sid;
+ crypto_invoke(crp);
+ }
+ KERNEL_UNLOCK();
+ if (crp->crp_etype) {
+ DPRINTF("crypto error %d", crp->crp_etype);
+ ipsecstat_inc(ipsec_noxform);
+ error = crp->crp_etype;
+ goto drop;
+ }
+
+ clen = crp->crp_olen;
+
+ /* Release the crypto descriptors */
+ crypto_freereq(crp);
+
+ error = esp_input_cb(tdb, tc, m, clen);
+ if (error) {
+ ipsecstat_inc(ipsec_idrops);
+ tdb->tdb_idrops++;
+ }
+
return 0;
drop:
@@ -742,7 +766,7 @@ esp_output(struct mbuf *m, struct tdb *tdb, int skip, int protoff)
{
const struct enc_xform *espx = tdb->tdb_encalgxform;
const struct auth_hash *esph = tdb->tdb_authalgxform;
- int ilen, hlen, rlen, padding, blks, alen, roff, error;
+ int ilen, olen, hlen, rlen, padding, blks, alen, roff, error;
u_int64_t replay64;
u_int32_t replay;
struct mbuf *mi, *mo = (struct mbuf *) NULL;
@@ -980,8 +1004,6 @@ esp_output(struct mbuf *m, struct tdb *tdb, int skip, int protoff)
crp->crp_ilen = m->m_pkthdr.len; /* Total input length. */
crp->crp_flags = CRYPTO_F_IMBUF | CRYPTO_F_MPSAFE;
crp->crp_buf = (caddr_t)m;
- crp->crp_callback = ipsec_output_cb;
- crp->crp_opaque = (caddr_t)tc;
crp->crp_sid = tdb->tdb_cryptoid;
if (esph) {
@@ -1010,7 +1032,34 @@ esp_output(struct mbuf *m, struct tdb *tdb, int skip, int protoff)
crda->crd_len = m->m_pkthdr.len - (skip + alen);
}
- crypto_dispatch(crp);
+ KERNEL_LOCK();
+ crypto_invoke(crp);
+ while (crp->crp_etype == EAGAIN) {
+ /* Reset the session ID */
+ if (tdb->tdb_cryptoid != 0)
+ tdb->tdb_cryptoid = crp->crp_sid;
+ crypto_invoke(crp);
+ }
+ KERNEL_UNLOCK();
+ if (crp->crp_etype) {
+ DPRINTF("crypto error %d", crp->crp_etype);
+ ipsecstat_inc(ipsec_noxform);
+ error = crp->crp_etype;
+ goto drop;
+ }
+
+ ilen = crp->crp_ilen;
+ olen = crp->crp_olen;
+
+ /* Release the crypto descriptors */
+ crypto_freereq(crp);
+
+ error = esp_output_cb(tdb, tc, m, ilen, olen);
+ if (error) {
+ ipsecstat_inc(ipsec_odrops);
+ tdb->tdb_odrops++;
+ }
+
return 0;
drop:
diff --git a/sys/netinet/ip_ipcomp.c b/sys/netinet/ip_ipcomp.c
index 902955c9d6e..1854df89a5d 100644
--- a/sys/netinet/ip_ipcomp.c
+++ b/sys/netinet/ip_ipcomp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_ipcomp.c,v 1.79 2021/10/22 15:44:20 bluhm Exp $ */
+/* $OpenBSD: ip_ipcomp.c,v 1.80 2021/10/23 15:42:35 tobhe Exp $ */
/*
* Copyright (c) 2001 Jean-Jacques Bernard-Gundol (jj@wabbitt.org)
@@ -135,7 +135,7 @@ ipcomp_input(struct mbuf *m, struct tdb *tdb, int skip, int protoff)
{
const struct comp_algo *ipcompx = tdb->tdb_compalgxform;
struct tdb_crypto *tc;
- int hlen;
+ int hlen, error, clen;
struct cryptodesc *crdc = NULL;
struct cryptop *crp;
@@ -172,9 +172,7 @@ ipcomp_input(struct mbuf *m, struct tdb *tdb, int skip, int protoff)
crp->crp_ilen = m->m_pkthdr.len - (skip + hlen);
crp->crp_flags = CRYPTO_F_IMBUF | CRYPTO_F_MPSAFE;
crp->crp_buf = (caddr_t)m;
- crp->crp_callback = ipsec_input_cb;
crp->crp_sid = tdb->tdb_cryptoid;
- crp->crp_opaque = (caddr_t)tc;
/* These are passed as-is to the callback */
tc->tc_skip = skip;
@@ -184,7 +182,35 @@ ipcomp_input(struct mbuf *m, struct tdb *tdb, int skip, int protoff)
tc->tc_rdomain = tdb->tdb_rdomain;
tc->tc_dst = tdb->tdb_dst;
- crypto_dispatch(crp);
+ KERNEL_LOCK();
+ crypto_invoke(crp);
+ while (crp->crp_etype == EAGAIN) {
+ /* Reset the session ID */
+ if (tdb->tdb_cryptoid != 0)
+ tdb->tdb_cryptoid = crp->crp_sid;
+ crypto_invoke(crp);
+ }
+ KERNEL_UNLOCK();
+ if (crp->crp_etype) {
+ DPRINTF("crypto error %d", crp->crp_etype);
+ ipsecstat_inc(ipsec_noxform);
+ free(tc, M_XDATA, 0);
+ m_freem(m);
+ crypto_freereq(crp);
+ return crp->crp_etype;
+ }
+
+ clen = crp->crp_olen;
+
+ /* Release the crypto descriptors */
+ crypto_freereq(crp);
+
+ error = ipcomp_input_cb(tdb, tc, m, clen);
+ if (error) {
+ ipsecstat_inc(ipsec_idrops);
+ tdb->tdb_idrops++;
+ }
+
return 0;
}
@@ -319,7 +345,7 @@ int
ipcomp_output(struct mbuf *m, struct tdb *tdb, int skip, int protoff)
{
const struct comp_algo *ipcompx = tdb->tdb_compalgxform;
- int error, hlen;
+ int error, hlen, ilen, olen;
struct cryptodesc *crdc = NULL;
struct cryptop *crp = NULL;
struct tdb_crypto *tc;
@@ -474,11 +500,38 @@ ipcomp_output(struct mbuf *m, struct tdb *tdb, int skip, int protoff)
crp->crp_ilen = m->m_pkthdr.len; /* Total input length */
crp->crp_flags = CRYPTO_F_IMBUF | CRYPTO_F_MPSAFE;
crp->crp_buf = (caddr_t)m;
- crp->crp_callback = ipsec_output_cb;
- crp->crp_opaque = (caddr_t)tc;
crp->crp_sid = tdb->tdb_cryptoid;
- crypto_dispatch(crp);
+ KERNEL_LOCK();
+ crypto_invoke(crp);
+ while (crp->crp_etype == EAGAIN) {
+ /* Reset the session ID */
+ if (tdb->tdb_cryptoid != 0)
+ tdb->tdb_cryptoid = crp->crp_sid;
+ crypto_invoke(crp);
+ }
+ KERNEL_UNLOCK();
+ if (crp->crp_etype) {
+ DPRINTF("crypto error %d", crp->crp_etype);
+ ipsecstat_inc(ipsec_noxform);
+ free(tc, M_XDATA, 0);
+ m_freem(m);
+ crypto_freereq(crp);
+ return crp->crp_etype;
+ }
+
+ ilen = crp->crp_ilen;
+ olen = crp->crp_olen;
+
+ /* Release the crypto descriptors */
+ crypto_freereq(crp);
+
+ error = ipcomp_output_cb(tdb, tc, m, crp->crp_ilen, crp->crp_olen);
+ if (error) {
+ ipsecstat_inc(ipsec_odrops);
+ tdb->tdb_odrops++;
+ }
+
return 0;
drop:
diff --git a/sys/netinet/ip_ipsp.h b/sys/netinet/ip_ipsp.h
index 9bb39465b57..55452ca25c5 100644
--- a/sys/netinet/ip_ipsp.h
+++ b/sys/netinet/ip_ipsp.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_ipsp.h,v 1.210 2021/10/13 14:36:31 bluhm Exp $ */
+/* $OpenBSD: ip_ipsp.h,v 1.211 2021/10/23 15:42:35 tobhe Exp $ */
/*
* The authors of this code are John Ioannidis (ji@tla.org),
* Angelos D. Keromytis (kermit@csd.uch.gr),
@@ -648,8 +648,6 @@ void ipsp_init(void);
void ipsec_init(void);
int ipsec_sysctl(int *, u_int, void *, size_t *, void *, size_t);
int ipsec_common_input(struct mbuf *, int, int, int, int, int);
-void ipsec_input_cb(struct cryptop *);
-void ipsec_output_cb(struct cryptop *);
int ipsec_common_input_cb(struct mbuf *, struct tdb *, int, int);
int ipsec_delete_policy(struct ipsec_policy *);
ssize_t ipsec_hdrsz(struct tdb *);
diff --git a/sys/netinet/ipsec_input.c b/sys/netinet/ipsec_input.c
index 2a9a378bde7..12b845087d5 100644
--- a/sys/netinet/ipsec_input.c
+++ b/sys/netinet/ipsec_input.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ipsec_input.c,v 1.185 2021/10/22 15:44:20 bluhm Exp $ */
+/* $OpenBSD: ipsec_input.c,v 1.186 2021/10/23 15:42:35 tobhe Exp $ */
/*
* The authors of this code are John Ioannidis (ji@tla.org),
* Angelos D. Keromytis (kermit@csd.uch.gr) and
@@ -366,78 +366,6 @@ ipsec_common_input(struct mbuf *m, int skip, int protoff, int af, int sproto,
return error;
}
-void
-ipsec_input_cb(struct cryptop *crp)
-{
- struct tdb_crypto *tc = (struct tdb_crypto *) crp->crp_opaque;
- struct mbuf *m = (struct mbuf *) crp->crp_buf;
- struct tdb *tdb = NULL;
- int clen, error;
-
- NET_ASSERT_LOCKED();
-
- if (m == NULL) {
- DPRINTF("bogus returned buffer from crypto");
- ipsecstat_inc(ipsec_crypto);
- goto drop;
- }
-
- tdb = gettdb(tc->tc_rdomain, tc->tc_spi, &tc->tc_dst, tc->tc_proto);
- if (tdb == NULL) {
- DPRINTF("TDB is expired while in crypto");
- ipsecstat_inc(ipsec_notdb);
- goto drop;
- }
-
- /* Check for crypto errors */
- if (crp->crp_etype) {
- if (crp->crp_etype == EAGAIN) {
- /* Reset the session ID */
- if (tdb->tdb_cryptoid != 0)
- tdb->tdb_cryptoid = crp->crp_sid;
- crypto_dispatch(crp);
- return;
- }
- DPRINTF("crypto error %d", crp->crp_etype);
- ipsecstat_inc(ipsec_noxform);
- goto drop;
- }
-
- /* Length of data after processing */
- clen = crp->crp_olen;
-
- /* Release the crypto descriptors */
- crypto_freereq(crp);
-
- switch (tdb->tdb_sproto) {
- case IPPROTO_ESP:
- error = esp_input_cb(tdb, tc, m, clen);
- break;
- case IPPROTO_AH:
- error = ah_input_cb(tdb, tc, m, clen);
- break;
- case IPPROTO_IPCOMP:
- error = ipcomp_input_cb(tdb, tc, m, clen);
- break;
- default:
- panic("%s: unknown/unsupported security protocol %d",
- __func__, tdb->tdb_sproto);
- }
- if (error) {
- ipsecstat_inc(ipsec_idrops);
- tdb->tdb_idrops++;
- }
- return;
-
- drop:
- m_freem(m);
- free(tc, M_XDATA, 0);
- crypto_freereq(crp);
- ipsecstat_inc(ipsec_idrops);
- if (tdb != NULL)
- tdb->tdb_idrops++;
-}
-
/*
* IPsec input callback, called by the transform callback. Takes care of
* filtering and other sanity checks on the processed packet.
diff --git a/sys/netinet/ipsec_output.c b/sys/netinet/ipsec_output.c
index ed11171b543..43b94b843db 100644
--- a/sys/netinet/ipsec_output.c
+++ b/sys/netinet/ipsec_output.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ipsec_output.c,v 1.90 2021/10/22 15:44:20 bluhm Exp $ */
+/* $OpenBSD: ipsec_output.c,v 1.91 2021/10/23 15:42:35 tobhe Exp $ */
/*
* The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)
*
@@ -378,81 +378,6 @@ ipsp_process_packet(struct mbuf *m, struct tdb *tdb, int af, int tunalready)
}
/*
- * IPsec output callback, called directly by the crypto driver.
- */
-void
-ipsec_output_cb(struct cryptop *crp)
-{
- struct tdb_crypto *tc = (struct tdb_crypto *) crp->crp_opaque;
- struct mbuf *m = (struct mbuf *) crp->crp_buf;
- struct tdb *tdb = NULL;
- int error, ilen, olen;
-
- NET_ASSERT_LOCKED();
-
- if (m == NULL) {
- DPRINTF("bogus returned buffer from crypto");
- ipsecstat_inc(ipsec_crypto);
- goto drop;
- }
-
- tdb = gettdb(tc->tc_rdomain, tc->tc_spi, &tc->tc_dst, tc->tc_proto);
- if (tdb == NULL) {
- DPRINTF("TDB is expired while in crypto");
- ipsecstat_inc(ipsec_notdb);
- goto drop;
- }
-
- /* Check for crypto errors. */
- if (crp->crp_etype) {
- if (crp->crp_etype == EAGAIN) {
- /* Reset the session ID */
- if (tdb->tdb_cryptoid != 0)
- tdb->tdb_cryptoid = crp->crp_sid;
- crypto_dispatch(crp);
- return;
- }
- DPRINTF("crypto error %d", crp->crp_etype);
- ipsecstat_inc(ipsec_noxform);
- goto drop;
- }
-
- olen = crp->crp_olen;
- ilen = crp->crp_ilen;
-
- /* Release crypto descriptors. */
- crypto_freereq(crp);
-
- switch (tdb->tdb_sproto) {
- case IPPROTO_ESP:
- error = esp_output_cb(tdb, tc, m, ilen, olen);
- break;
- case IPPROTO_AH:
- error = ah_output_cb(tdb, tc, m, ilen, olen);
- break;
- case IPPROTO_IPCOMP:
- error = ipcomp_output_cb(tdb, tc, m, ilen, olen);
- break;
- default:
- panic("%s: unhandled security protocol %d",
- __func__, tdb->tdb_sproto);
- }
- if (error) {
- ipsecstat_inc(ipsec_odrops);
- tdb->tdb_odrops++;
- }
- return;
-
- drop:
- m_freem(m);
- free(tc, M_XDATA, 0);
- crypto_freereq(crp);
- ipsecstat_inc(ipsec_odrops);
- if (tdb != NULL)
- tdb->tdb_odrops++;
-}
-
-/*
* Called by the IPsec output transform callbacks, to transmit the packet
* or do further processing, as necessary.
*/