Commit Graph

118 Commits

Author SHA1 Message Date
hubertf 0579eb13de Add missing "break" for CRYPTO_CAST_CBC, and some assorted comment fixes.
openssl(1) checks for CAST (and others) on ~every startup.
2010-01-31 14:32:56 +00:00
dsl 2a54322c7b If a multithreaded app closes an fd while another thread is blocked in
read/write/accept, then the expectation is that the blocked thread will
exit and the close complete.
Since only one fd is affected, but many fd can refer to the same file,
the close code can only request the fs code unblock with ERESTART.
Fixed for pipes and sockets, ERESTART will only be generated after such
a close - so there should be no change for other programs.
Also rename fo_abort() to fo_restart() (this used to be fo_drain()).
Fixes PR/26567
2009-12-20 09:36:05 +00:00
dsl 7a42c833db Rename fo_drain() to fo_abort(), 'drain' is used to mean 'wait for output
do drain' in many places, whereas fo_drain() was called in order to force
blocking read()/write() etc calls to return to userspace so that a close()
call from a different thread can complete.
In the sockets code comment out the broken code in the inner function,
it was being called from compat code.
2009-12-09 21:32:58 +00:00
he 0ad5370a7a It is best to explicitly include <sys/condvar.h> if we're going to
use kcondvar_t.
2009-09-04 08:58:44 +00:00
tsutsui d779b85d3e Remove extra whitespace added by a stupid tool.
XXX: more in src/sys/arch
2009-04-18 14:58:02 +00:00
christos 86ba58fd64 Fix locking as Andy explained. Also fill in uid and gid like sys_pipe did. 2009-04-11 23:05:26 +00:00
christos b859fbe7cb Fix PR/37878 and PR/37550: Provide stat(2) for all devices and don't use
fbadop_stat.
2009-04-11 15:47:33 +00:00
ad c6367674d6 Add fileops::fo_drain(), to be called from fd_close() when there is more
than one active reference to a file descriptor. It should dislodge threads
sleeping while holding a reference to the descriptor. Implemented only for
sockets but should be extended to pipes, fifos, etc.

Fixes the case of a multithreaded process doing something like the
following, which would have hung until the process got a signal.

thr0	accept(fd, ...)
thr1	close(fd)
2009-04-04 10:12:51 +00:00
mrg b73a4b4545 avoid a useless uninitialised use, picked up by gcc -O3. 2009-03-26 01:52:24 +00:00
darran 36ea3668b9 Fixes PR kern/41069 and PR kern/41070.
Extends the Opencrypto API to allow the destination buffer size to be
specified when its not the same size as the input buffer (i.e. for
operations like compress and decompress).
The crypto_op and crypt_n_op structures gain a u_int dst_len field.
The session_op structure gains a comp_alg field to specify a compression
algorithm.
Moved four ioctls to new ids; CIOCGSESSION, CIOCNGSESSION,  CIOCCRYPT,
and CIOCNCRYPTM.
Added four backward compatible ioctls; OCIOCGSESSION, OCIOCNGSESSION,
OCIOCCRYPT, and OCIOCNCRYPTM.

Backward compatibility is maintained in ocryptodev.h and ocryptodev.c which
implement the original ioctls and set dst_len and comp_alg to 0.

Adds user-space access to compression features.

Adds software gzip support (CRYPTO_GZIP_COMP).

Adds the fast version of crc32 from zlib to libkern. This should be generally
useful and provide a place to start normalizing the various crc32 routines
in the kernel.  The crc32 routine is used in this patch to support GZIP.

With input and support from tls@NetBSD.org.
2009-03-25 01:26:12 +00:00
cegger e2cb85904d bcopy -> memcpy 2009-03-18 17:06:41 +00:00
cegger c363a9cb62 bzero -> memset 2009-03-18 16:00:08 +00:00
dsl 82357f6d42 ANSIfy another 1261 function definitions.
The only ones left in sys are beyond by sed script!
(or in sys/dist or sys/external)
Mostly they have function pointer parameters.
2009-03-14 21:04:01 +00:00
dsl 454af1c0e8 Change about 4500 of the K&R function definitions to ANSI ones.
There are still about 1600 left, but they have ',' or /* ... */
in the actual variable definitions - which my awk script doesn't handle.
There are also many that need () -> (void).
(The script does handle misordered arguments.)
2009-03-14 15:35:58 +00:00
cegger 9b87d582bd kill MALLOC and FREE macros. 2008-12-17 20:51:31 +00:00
darran d6a1889de6 Fix a race condition in opencrypto where the crypto request could be
completed by the crypto device, queued on the retq, but freed by the
ioctl lwp.  The problem manifests as various panics relating to the
condvar inside the request. The problem can occur whenever the crypto
device completes the request immediately and the ioctl skips the cv_wait().

The problem can be reproduced by enabling cryptosoft and running an openssl
speed test. E.g.
    sysctl -w kern.cryptodevallowsoft=-1
    openssl speed -engine cryptodev -evp des-ede3-cbc -multi 64

Add a macro for TAILQ_FOREACH_REVERSE_SAFE() to queue.h, since this
was missing and the opencrypto code removes requests from a list while
iterating with TAILQ_FOREACH_REVERSE().

Add missing cv_destroy() calls for the key request cleanup.

Reviewed by Thor Lancelot Simon.
2008-11-18 12:59:58 +00:00
degroote 8501900fa0 In crypto_freereq, destroy explicitly the condvar
ok by tls@
2008-08-03 10:18:12 +00:00
christos f4569a9440 Coverity CID 5021: Check pointers before using. 2008-05-24 16:42:00 +00:00
christos 7bf4013b89 Coverity CID 5027: Remove impossible test. 2008-05-24 16:29:34 +00:00
christos 3af4b27011 KNF, whitespace, b* -> mem*. No functional change. 2008-05-24 16:28:58 +00:00
ad 2bbb14eaa4 Back out previous. It broke the build. 2008-05-05 13:41:29 +00:00
ad b407147f14 Move zlib out of net/ and into kern/. It would probably be better to use
the reachover Makefiles and libz, but this is already here and it works.
2008-05-04 23:07:09 +00:00
ad 1498ad220e Make various bits of debug code compile again. 2008-04-30 14:07:13 +00:00
martin ce099b4099 Remove clause 3 and 4 from TNF licenses 2008-04-28 20:22:51 +00:00
tls 8b5e4b7c91 As suggested by rmind, do not check return status of KM_SLEEP/PR_WAITOK
allocations.  A little hair-raising but it does make the code easier to
read.
2008-04-21 19:05:41 +00:00
rmind 888190d519 Protect selrecord/selnotify calls with crypto_mtx; few misc changes. 2008-04-11 10:28:10 +00:00
dogcow 28e06cc882 fix 64-bit b0rkenness. 2008-04-11 06:25:35 +00:00
tls 597ee710c7 Extend crypto.4 interface:
* Asynchronous operation with result retrieval via select/poll
	* Mutliple-request submit/retrieve ioctls
	* Mutliple-session create-destroy ioctls

Revise/rewrite crypto.4 manual page.  It should now be much easier to write
new applications to this API.

Measured performance for trivial requests: 84,000 very short modular math
operations/sec, 120,000 very short md5 hashes per sec (with a hardware
accellerator of moderate performance but very low latency, whose driver
will be contributed at a later date).

Contributed to TNF by Coyote Point Systems, Inc.
2008-04-10 22:48:42 +00:00
ad a9ca7a3734 Catch up with descriptor handling changes. See kern_descrip.c revision
1.173 for details.
2008-03-21 21:54:58 +00:00
tls baa02d2a35 From Darran Hunt: you can't just specify the "wrong" underlying algorithm
with the "right" output size in the xform declaration and have the _96
HMAC variants work -- the actual algorithm machinery (hardware or software)
ignores the output-size parameter, it's just there to inform the interface
consumer.

This should fix FAST_IPSEC.
2008-02-28 09:29:10 +00:00
ad ed830de973 cryptoret: avoid a sleep/wakeup race. 2008-02-05 12:26:13 +00:00
tls 923a0df2bf The kthread is now MPSAFE. 2008-02-05 01:43:22 +00:00
tls efc90f2f7e Some locking fixes (double-release mutex in softintr wakeup case, which I
hadn't tested) and an uninitialized field in cse which Darran Hunt
found.  Some more debugging printfs.

Turn on MPSAFE for the kthread.  We're not sure it's safe for the softint
yet.  Gives a little performance kick for swcrypto with many requests on
MP systems.
2008-02-04 14:46:26 +00:00
tls e5bd2a127e Rework opencrypto to use a spin mutex (crypto_mtx) instead of "splcrypto"
(actually splnet) and condvars instead of tsleep/wakeup.  Fix a few
miscellaneous problems and add some debugging printfs while there.

Restore set of CRYPTO_F_DONE in crypto_done() which was lost at some
point after this code came from FreeBSD -- it made it impossible to wait
properly for a condition.

Add flags analogous to the "crp" flags to the key operation's krp struct.
Add a new flag, CRYPTO_F_ONRETQ which tells us a request finished before
the kthread had a chance to dequeue it and call its callback -- this was
letting requests stick on the queues before even though done and copied
out.

Callers of crypto_newsession() or crypto_freesession() must now take the
mutex.  Change netipsec to do so.  Dispatch takes the mutex itself as
needed.

This was tested fairly extensively with the cryptosoft backend and lightly
with a new hardware driver.  It has not been tested with FAST_IPSEC; I am
unable to ascertain whether FAST_IPSEC currently works at all in our tree.

pjd@FreeBSD.ORG, ad@NetBSD.ORG, and darran@snark.us pointed me in the
right direction several times in the course of this.  Remaining bugs
are mine alone.
2008-02-04 00:35:34 +00:00
tls e2205fa0bb Add CRYPTO_*_HMAC_96 defines -- missed this file in previous commit. 2008-02-02 04:46:29 +00:00
tls 9b6c682b45 From Darran Hunt at Coyote Point: don't truncate HMAC to 96 bits unless
actually asked to.

Fixed in FreeBSD a while ago, discussed on tech-kern and tech-crypto.
2008-02-02 02:39:00 +00:00
tls 8edf0049e7 don't allocate AES keys with M_WAITOK! 2008-02-01 19:10:31 +00:00
tls e17d3eea39 This code never worked on a released version of FreeBSD in the form it's
been in in our tree, and certainly does not work on any version of FreeBSD
now.  Run through unifdef -D__NetBSD__ -U__FreeBSD__ yielding a small
reduction of size and a dramatic improvement in readability.

No, this does not yield any meaningful decrease in patchability (unlike
mechanical changes that touch live source lines) -- try it and see.
2008-02-01 04:52:35 +00:00
tls 651160c66b Fix accidental checkin inverting the sense of cryptodev_allowsoft, which
is crazy but has always documented.
2008-01-29 20:33:44 +00:00
tls 49444bc037 Make /dev/crypto properly cloning. Leave CRIOGET in place but note that
it is deprecated, no longer required, and will be removed in a future
release of NetBSD.

Dramatically reduce the size of the session structure by removing an
IOV_MAX array of iovecs where only the first was use.  Saves an 8k
bzero on each session creation.

Convert fixed-size allocations in cryptodev.c to pools.
2008-01-26 00:04:27 +00:00
tls 9675caff5e Some minor opencrypto fixes, one with a major performance impact for
OpenSSL:

1) Fix extremely misleading text in crypto.4 manual page so it does not
   appear to claim that a new cloned file descriptor is required for every
   session.

2) Fix severe performance problem (and fd leak!) in openssl cryptodev
   engine resulting from misunderstanding probably caused by said manual
   page text.

3) Check for session-ID wraparound in kernel cryptodev provider.  Also,
   start allocating sessions at 1, not 0 -- this will be necessary when
   we add ioctls for the creation of multiple sessions at once, so we
   can tell which if any creations failed.
2008-01-25 07:09:56 +00:00
tls 632396a909 Add constants for modular arithmetic operations other than exponentiation -- there's hardware out there which can do them. 2008-01-19 08:08:20 +00:00
ad 46ed8f7d77 Use the softint API. 2007-10-08 16:18:02 +00:00
degroote a1cb9a9a85 Fix a stupid bogus bcopy -> memcpy conversion.
I will write it 1000 times : when I convert bcopy to memcpy, don't forget to
swap first and secund args.
2007-09-22 23:38:17 +00:00
ad 88ab7da936 Merge some of the less invasive changes from the vmlocking branch:
- kthread, callout, devsw API changes
- select()/poll() improvements
- miscellaneous MT safety improvements
2007-07-09 20:51:58 +00:00
degroote 03281f71f1 Use dynamic array instead of an static array to decompress. It lets us to
decompress any data, whatever is the radio decompressed data / compressed
data.

It fixes the last issues with fast_ipsec and ipcomp.

While here, bzero -> memset, bcopy -> memcpy, FREE -> free

Reviewed a long time ago by sam@
2007-05-21 11:35:16 +00:00
ad 59d979c5f1 Pass an ipl argument to pool_init/POOL_INIT to be used when initializing
the pool's lock.
2007-03-12 18:18:22 +00:00
christos 53524e44ef Kill caddr_t; there will be some MI fallout, but it will be fixed shortly. 2007-03-04 05:59:00 +00:00
daniel c339e55881 Add an opencrypto provider for the AES xcrypt instructions found on VIA
C5P and later cores (also known as 'ACE', which is part of the VIA PadLock
security engine). Ported from OpenBSD.

Reviewed on tech-crypto and port-i386, no objections to commiting this.
2007-02-17 00:28:23 +00:00
daniel 9a3687b724 crypto_init does not call crypto_init0 only once, because the marker
created with ONCE_DECL() is local. This results in reinitializing
the driver list when crypto_get_driverid() (and leaks memory). Fix
this by making the marker static.

Fixes PR/35412.

Ack freza@.
2007-01-12 12:00:27 +00:00