Age | Commit message (Collapse) | Author |
|
This primarily improves IPsec performance when using crypto accelerators.
With help from markus@, tested by wvdputte@.
ok deraadt@, markus@
|
|
storing it once on kernel startup. Scary. "holy crap" --deraadt. art@ ok
Unclear if this was actually a problem in practice, but this doesn't hurt.
|
|
crypto requests attempt to call the crypto driver directly to process
crypto layer requests, as opposed to queueing them in the kernel
crypto thread. If we can't use the crypto devices (i.e. they're busy)
we fall back to queueing the request up in the crypto thread as
before. This does allow for faster performance in some cases (smaller
requests, how small seems to be dependent on the card/cpu combination)
where context switching is a major issue in performance.
ok deraadt@ jason@
|
|
work before?!)
|
|
- simplistic load balancing across multiple cards
- simplified registration process
- a few style nits.
|
|
But after wasting the whole day trying to just locate the problem I don't care.
Back out since this wasn't tested and showed to anyone else.
|
|
are interested in software).
|
|
add a convention that if the driver returns ERESTART as an error
message of its process method, the crypto framework will unregister
the driver and migrate all its sessions. After discussion with Sam
Leffler and Jason Wright.
|
|
- modify getfeat to return something more useful to us on devices
(like lofn and everything else until jason fixes it) that can't
do rsa stuff, etc and can only do mod_exp..
- error handling fixes so we correctly fail to software when we can't
deal with a particular key size
- add sysctl kern.userasymcrypto to turn on/off userland asymmetric crypto
via /dev/crypto - 1 == on, 0 == off, default is off
|
|
|
|
u_int8_t. Also, make sure the logic is correct (bad theo!)
|
|
|
|
|
|
|
|
PR_FREEHEADER should not be set in pool_init by the caller. It shouldn't
be set in pool_init at all. Besides, it's going away soon anyway.
|
|
well (not at all) with shortages of the vm_map where the pages are mapped
(usually kmem_map).
Try to deal with it:
- group all information the backend allocator for a pool in a separate
struct. The pool will only have a pointer to that struct.
- change the pool_init API to reflect that.
- link all pools allocating from the same allocator on a linked list.
- Since an allocator is responsible to wait for physical memory it will
only fail (waitok) when it runs out of its backing vm_map, carefully
drain pools using the same allocator so that va space is freed.
(see comments in code for caveats and details).
- change pool_reclaim to return if it actually succeeded to free some
memory, use that information to make draining easier and more efficient.
- get rid of PR_URGENT, noone uses it.
|
|
software flag gets set.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
name is Theo Deraadt)
|
|
length (for PK operations) and various flags.
Structures for public key operations (DH, RSA, DSA). A lot of this
work was done by jgarfiel@seas.upenn.edu
|
|
inside OpenSSL codebase
|
|
|
|
from ourselves. Should solve PR 1850.
|
|
if we fail" semantics and extends to two varients of data movement: mbuf,
or an iovec style block.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Hacking at OpenBSD Crypto 2000 :-)
|
|
|
|
a kernel thread. This allows a much cleaner interface with respect to
spl levels.
|
|
|
|
provided was NULL or no callback was specified.
|
|
|
|
|
|
|
|
|
|
idea is to support various cryptographic hardware accelerators (which
may be (detachable) cards, secondary/tertiary/etc processors,
software crypto, etc). Supports session migration between crypto
devices. What it doesn't (yet) support:
- multiple instances of the same algorithm used in the same session
- use of multiple crypto drivers in the same session
- asymmetric crypto
No support for a userland device yet.
IPsec code path modified to allow for asynchronous cryptography
(callbacks used in both input and output processing). Some unrelated
code simplification done in the process (especially for AH).
Development of this code kindly supported by Network Security
Technologies (NSTI). The code was writen mostly in Greece, and is
being committed from Montreal.
|