summaryrefslogtreecommitdiff
path: root/sys/crypto/crypto.c
AgeCommit message (Collapse)Author
2004-12-21Don't use crypto thread for callbacks.Marco Pfatschbacher
This primarily improves IPsec performance when using crypto accelerators. With help from markus@, tested by wvdputte@. ok deraadt@, markus@
2004-06-20In crypto_thread(), always save return value from splimp(). We were onlyAaron Campbell
storing it once on kernel startup. Scary. "holy crap" --deraadt. art@ ok Unclear if this was actually a problem in practice, but this doesn't hurt.
2003-06-03Fastpath for userland crypto requests. This change makes userlandBob Beck
crypto requests attempt to call the crypto driver directly to process crypto layer requests, as opposed to queueing them in the kernel crypto thread. If we can't use the crypto devices (i.e. they're busy) we fall back to queueing the request up in the crypto thread as before. This does allow for faster performance in some cases (smaller requests, how small seems to be dependent on the card/cpu combination) where context switching is a major issue in performance. ok deraadt@ jason@
2003-02-19Copy the ENTIRE table into the supported algorithms (how the hell did thisJason Wright
work before?!)
2002-11-21From Angelos:Jason Wright
- simplistic load balancing across multiple cards - simplified registration process - a few style nits.
2002-07-17I don't know why this breaks things for me when sshd starts on sparc64.Artur Grabowski
But after wasting the whole day trying to just locate the problem I don't care. Back out since this wasn't tested and showed to anyone else.
2002-07-16Double-pass over drivers, first hardware only, then software (if weAngelos D. Keromytis
are interested in software).
2002-07-16Fix a typo, cleanup on session migration code in crypto_invoke(), andAngelos D. Keromytis
add a convention that if the driver returns ERESTART as an error message of its process method, the crypto framework will unregister the driver and migrate all its sessions. After discussion with Sam Leffler and Jason Wright.
2002-06-11kernel changes to make asymmetric crypto work in userlandBob Beck
- modify getfeat to return something more useful to us on devices (like lofn and everything else until jason fixes it) that can't do rsa stuff, etc and can only do mod_exp.. - error handling fixes so we correctly fail to software when we can't deal with a particular key size - add sysctl kern.userasymcrypto to turn on/off userland asymmetric crypto via /dev/crypto - 1 == on, 0 == off, default is off
2002-06-10fix ivory tower greek fix. ok angelos@Bob Beck
2002-06-09Don't use an int for the flags, when the structure usesAngelos D. Keromytis
u_int8_t. Also, make sure the logic is correct (bad theo!)
2002-04-23initial hack at a CIOCSYMFEAT ioctlTheo de Raadt
2002-04-23driver queueing & callback code for keying operationsTheo de Raadt
2002-03-04crypto_check_alg() is not neededTheo de Raadt
2002-01-23It looks like there has been one crack smoking and a few cut and pastes.Artur Grabowski
PR_FREEHEADER should not be set in pool_init by the caller. It shouldn't be set in pool_init at all. Besides, it's going away soon anyway.
2002-01-23Pool deals fairly well with physical memory shortage, but it doesn't dealArtur Grabowski
well (not at all) with shortages of the vm_map where the pages are mapped (usually kmem_map). Try to deal with it: - group all information the backend allocator for a pool in a separate struct. The pool will only have a pointer to that struct. - change the pool_init API to reflect that. - link all pools allocating from the same allocator on a linked list. - Since an allocator is responsible to wait for physical memory it will only fail (waitok) when it runs out of its backing vm_map, carefully drain pools using the same allocator so that va space is freed. (see comments in code for caveats and details). - change pool_reclaim to return if it actually succeeded to free some memory, use that information to make draining easier and more efficient. - get rid of PR_URGENT, noone uses it.
2001-11-13and for the case where it allocates a bunch at a time, also make sure theTheo de Raadt
software flag gets set.
2001-11-13incorrect checkTheo de Raadt
2001-11-09be way more sure that software cannot be usedTheo de Raadt
2001-11-08indentTheo de Raadt
2001-08-05put in tags for ARC4 to please ben, who now has no excusesTheo de Raadt
2001-06-27KNFAngelos D. Keromytis
2001-06-26Remove space.Angelos D. Keromytis
2001-06-25Add crypto_check_alg(), from jgarfiel@seas.upenn.eduAngelos D. Keromytis
2001-06-25Update copyright; you can use this with or without fee (unless yourAngelos D. Keromytis
name is Theo Deraadt)
2001-06-23New prototype for crypto_register(), to take into account maximum keyAngelos D. Keromytis
length (for PK operations) and various flags. Structures for public key operations (DH, RSA, DSA). A lot of this work was done by jgarfiel@seas.upenn.edu
2001-06-23merge crypto/crypto{dev,}.h to crypto/cryptodev.h, to avoid name conflicts ↵Theo de Raadt
inside OpenSSL codebase
2001-06-16KNFTheo de Raadt
2001-06-06Use pool(9) for some of the structures, and splimp/splx to protectAngelos D. Keromytis
from ourselves. Should solve PR 1850.
2001-05-13initial cut at /dev/crypto support. takes original mbuf "try, and discardTheo de Raadt
if we fail" semantics and extends to two varients of data movement: mbuf, or an iovec style block.
2001-05-05Use the M_CRYPTO_DATA and M_CRYPTO_OPS malloc types.Angelos D. Keromytis
2000-12-13make the 31-bit code work on 32-bit machines.Niels Provos
2000-09-07avoid excessive wakeup(). we think this is safe...Theo de Raadt
2000-08-19MALLOC/FREE -> malloc/free ok art@ angelos@Nathan Binkert
2000-07-03Fix tail queue leakage (zzlevo@dd.chalmers.se)Angelos D. Keromytis
2000-06-20crypto_done(), all it does for now is invoke the callback.Angelos D. Keromytis
2000-06-18Add Rijndael (128-bit blocksize) in the software crypto driver.Angelos D. Keromytis
Hacking at OpenBSD Crypto 2000 :-)
2000-06-18Move prototype to include file.Angelos D. Keromytis
2000-06-18Crypto kernel thread interface; requests are enqueued and processed byAngelos D. Keromytis
a kernel thread. This allows a much cleaner interface with respect to spl levels.
2000-06-06OpenBSD tagsTheo de Raadt
2000-04-28crypto_dispatch() only returns an error if the argument it wasAngelos D. Keromytis
provided was NULL or no callback was specified.
2000-04-28avoid using void * when we are talking about pointersTheo de Raadt
2000-04-23Change the type of freesession to take u_int64_t as argument.Angelos D. Keromytis
2000-04-18Add a few newlines for readability.Angelos D. Keromytis
2000-03-19split crypto driver front-end from software crypto engineTheo de Raadt
2000-03-17Cryptographic services framework, and software "device driver". TheAngelos D. Keromytis
idea is to support various cryptographic hardware accelerators (which may be (detachable) cards, secondary/tertiary/etc processors, software crypto, etc). Supports session migration between crypto devices. What it doesn't (yet) support: - multiple instances of the same algorithm used in the same session - use of multiple crypto drivers in the same session - asymmetric crypto No support for a userland device yet. IPsec code path modified to allow for asynchronous cryptography (callbacks used in both input and output processing). Some unrelated code simplification done in the process (especially for AH). Development of this code kindly supported by Network Security Technologies (NSTI). The code was writen mostly in Greece, and is being committed from Montreal.