adds unnecessary complexity. Dedicated crypto offloading devices are not common
anymore. Modern CPU crypto acceleration works synchronously, eliminating the need
for callbacks.
Replace all occurrences of crypto_dispatch() with crypto_invoke(), which is
blocking and only returns after the operation has completed or an error occured.
Invoke callback functions directly from the consumer (e.g. IPsec, softraid)
instead of relying on the crypto driver to call crypto_done().
ok bluhm@ mvs@ patrick@
-/* $OpenBSD: aesni.c,v 1.51 2021/10/13 13:08:58 bluhm Exp $ */
+/* $OpenBSD: aesni.c,v 1.52 2021/10/23 15:42:34 tobhe Exp $ */
/*-
* Copyright (c) 2003 Jason Wright
* Copyright (c) 2003, 2004 Theo de Raadt
out:
smr_read_leave();
crp->crp_etype = err;
- crypto_done(crp);
return (err);
}
-/* $OpenBSD: via.c,v 1.35 2021/10/13 13:08:58 bluhm Exp $ */
+/* $OpenBSD: via.c,v 1.36 2021/10/23 15:42:34 tobhe Exp $ */
/* $NetBSD: machdep.c,v 1.214 1996/11/10 03:16:17 thorpej Exp $ */
/*-
}
out:
crp->crp_etype = err;
- crypto_done(crp);
return (err);
}
-/* $OpenBSD: cryptox.c,v 1.3 2021/10/13 13:08:58 bluhm Exp $ */
+/* $OpenBSD: cryptox.c,v 1.4 2021/10/23 15:42:35 tobhe Exp $ */
/*
* Copyright (c) 2003 Jason Wright
* Copyright (c) 2003, 2004 Theo de Raadt
out:
smr_read_leave();
crp->crp_etype = err;
- crypto_done(crp);
return (err);
}
-/* $OpenBSD: via.c,v 1.48 2021/10/13 13:08:58 bluhm Exp $ */
+/* $OpenBSD: via.c,v 1.49 2021/10/23 15:42:35 tobhe Exp $ */
/* $NetBSD: machdep.c,v 1.214 1996/11/10 03:16:17 thorpej Exp $ */
/*-
}
out:
crp->crp_etype = err;
- crypto_done(crp);
return (err);
}
-/* $OpenBSD: glxsb.c,v 1.38 2021/10/13 13:08:58 bluhm Exp $ */
+/* $OpenBSD: glxsb.c,v 1.39 2021/10/23 15:42:35 tobhe Exp $ */
/*
* Copyright (c) 2006 Tom Cosgrove <tom@openbsd.org>
out:
crp->crp_etype = err;
- crypto_done(crp);
splx(s);
return (err);
}
-/* $OpenBSD: octcrypto.c,v 1.6 2021/10/13 13:08:58 bluhm Exp $ */
+/* $OpenBSD: octcrypto.c,v 1.7 2021/10/23 15:42:35 tobhe Exp $ */
/*
* Copyright (c) 2018 Visa Hankala
smr_read_leave();
crp->crp_etype = error;
- crypto_done(crp);
return error;
}
-/* $OpenBSD: crypto.c,v 1.89 2021/10/21 23:03:48 tobhe Exp $ */
+/* $OpenBSD: crypto.c,v 1.90 2021/10/23 15:42:35 tobhe Exp $ */
/*
* The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)
*
return 0;
}
-/*
- * Add crypto request to a queue, to be processed by a kernel thread.
- */
-void
-crypto_dispatch(struct cryptop *crp)
-{
- int lock = 1, s;
- u_int32_t hid;
-
- s = splvm();
- hid = (crp->crp_sid >> 32) & 0xffffffff;
- if (hid < crypto_drivers_num) {
- if (crypto_drivers[hid].cc_flags & CRYPTOCAP_F_MPSAFE)
- lock = 0;
- }
- splx(s);
-
- /* XXXSMP crypto_invoke() is not MP safe */
- lock = 1;
-
- if (lock)
- KERNEL_LOCK();
- crypto_invoke(crp);
- if (lock)
- KERNEL_UNLOCK();
-}
-
/*
* Dispatch a crypto request to the appropriate crypto devices.
*/
/* Sanity checks. */
KASSERT(crp != NULL);
- KASSERT(crp->crp_callback != NULL);
KERNEL_ASSERT_LOCKED();
crp->crp_etype = EAGAIN;
done:
- crypto_done(crp);
splx(s);
}
pool_init(&cryptop_pool, sizeof(struct cryptop), 0, IPL_VM, 0,
"cryptop", NULL);
}
-
-/*
- * Invoke the callback on behalf of the driver.
- */
-void
-crypto_done(struct cryptop *crp)
-{
- crp->crp_flags |= CRYPTO_F_DONE;
-
- crp->crp_callback(crp);
-}
-/* $OpenBSD: cryptodev.h,v 1.79 2021/10/22 12:30:53 bluhm Exp $ */
+/* $OpenBSD: cryptodev.h,v 1.80 2021/10/23 15:42:35 tobhe Exp $ */
/*
* The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)
#define CRYPTO_F_IMBUF 0x0001 /* Input/output are mbuf chains, otherwise contig */
#define CRYPTO_F_IOV 0x0002 /* Input/output are uio */
#define CRYPTO_F_MPSAFE 0x0004 /* Do not use kernel lock for callback */
-#define CRYPTO_F_DONE 0x0010 /* request completed */
void *crp_buf; /* Data to be processed */
- void *crp_opaque; /* Opaque pointer, passed along */
struct cryptodesc *crp_desc; /* List of processing descriptors */
struct cryptodesc crp_sdesc[2]; /* Static array for small ops */
int crp_ndesc; /* Amount of descriptors to use */
int crp_ndescalloc;/* Amount of descriptors allocated */
- void (*crp_callback)(struct cryptop *); /* Callback function */
-
caddr_t crp_mac;
};
int crypto_newsession(u_int64_t *, struct cryptoini *, int);
int crypto_freesession(u_int64_t);
-void crypto_dispatch(struct cryptop *);
int crypto_register(u_int32_t, int *,
int (*)(u_int32_t *, struct cryptoini *), int (*)(u_int64_t),
int (*)(struct cryptop *));
int crypto_unregister(u_int32_t, int);
int32_t crypto_get_driverid(u_int8_t);
void crypto_invoke(struct cryptop *);
-void crypto_done(struct cryptop *);
void cuio_copydata(struct uio *, int, int, caddr_t);
void cuio_copyback(struct uio *, int, int, const void *);
-/* $OpenBSD: cryptosoft.c,v 1.89 2021/10/13 13:08:58 bluhm Exp $ */
+/* $OpenBSD: cryptosoft.c,v 1.90 2021/10/23 15:42:35 tobhe Exp $ */
/*
* The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)
}
done:
- crypto_done(crp);
return 0;
}
-/* $OpenBSD: softraid_crypto.c,v 1.143 2021/10/22 05:06:37 anton Exp $ */
+/* $OpenBSD: softraid_crypto.c,v 1.144 2021/10/23 15:42:35 tobhe Exp $ */
/*
* Copyright (c) 2007 Marco Peereboom <marco@peereboom.us>
* Copyright (c) 2008 Hans-Joerg Hoexer <hshoexer@openbsd.org>
struct sr_crypto *, struct sr_meta_opt_hdr *);
int sr_crypto_meta_opt_handler(struct sr_discipline *,
struct sr_meta_opt_hdr *);
-void sr_crypto_write(struct cryptop *);
+void sr_crypto_write(struct sr_crypto_wu *);
int sr_crypto_rw(struct sr_workunit *);
int sr_crypto_dev_rw(struct sr_workunit *, struct sr_crypto_wu *);
void sr_crypto_done_internal(struct sr_workunit *,
struct sr_crypto *);
void sr_crypto_done(struct sr_workunit *);
-void sr_crypto_read(struct cryptop *);
+void sr_crypto_read(struct sr_crypto_wu *);
void sr_crypto_calculate_check_hmac_sha1(u_int8_t *, int,
u_int8_t *, int, u_char *);
void sr_crypto_hotplug(struct sr_discipline *, struct disk *, int);
keyndx = blkno >> SR_CRYPTO_KEY_BLKSHIFT;
crwu->cr_crp->crp_sid = mdd_crypto->scr_sid[keyndx];
- crwu->cr_crp->crp_opaque = crwu;
crwu->cr_crp->crp_ilen = xs->datalen;
crwu->cr_crp->crp_alloctype = M_DEVBUF;
crwu->cr_crp->crp_flags = CRYPTO_F_IOV;
if (wu->swu_xs->flags & SCSI_DATA_OUT) {
mdd_crypto = &wu->swu_dis->mds.mdd_crypto;
crwu = sr_crypto_prepare(wu, mdd_crypto, 1);
- crwu->cr_crp->crp_callback = sr_crypto_write;
- crypto_dispatch(crwu->cr_crp);
+ crypto_invoke(crwu->cr_crp);
+ sr_crypto_write(crwu);
rv = crwu->cr_crp->crp_etype;
} else
rv = sr_crypto_dev_rw(wu, NULL);
}
void
-sr_crypto_write(struct cryptop *crp)
+sr_crypto_write(struct sr_crypto_wu *crwu)
{
- struct sr_crypto_wu *crwu = crp->crp_opaque;
struct sr_workunit *wu = &crwu->cr_wu;
int s;
DNPRINTF(SR_D_INTR, "%s: sr_crypto_write: wu %p xs: %p\n",
DEVNAME(wu->swu_dis->sd_sc), wu, wu->swu_xs);
- if (crp->crp_etype) {
+ if (crwu->cr_crp->crp_etype) {
/* fail io */
wu->swu_xs->error = XS_DRIVER_STUFFUP;
s = splbio();
/* If this was a successful read, initiate decryption of the data. */
if (ISSET(xs->flags, SCSI_DATA_IN) && xs->error == XS_NOERROR) {
crwu = sr_crypto_prepare(wu, mdd_crypto, 0);
- crwu->cr_crp->crp_callback = sr_crypto_read;
- DNPRINTF(SR_D_INTR, "%s: sr_crypto_done: crypto_dispatch %p\n",
+ DNPRINTF(SR_D_INTR, "%s: sr_crypto_done: crypto_invoke %p\n",
DEVNAME(wu->swu_dis->sd_sc), crwu->cr_crp);
- crypto_dispatch(crwu->cr_crp);
+ crypto_invoke(crwu->cr_crp);
+ sr_crypto_read(crwu);
return;
}
}
void
-sr_crypto_read(struct cryptop *crp)
+sr_crypto_read(struct sr_crypto_wu *crwu)
{
- struct sr_crypto_wu *crwu = crp->crp_opaque;
struct sr_workunit *wu = &crwu->cr_wu;
int s;
DNPRINTF(SR_D_INTR, "%s: sr_crypto_read: wu %p xs: %p\n",
DEVNAME(wu->swu_dis->sd_sc), wu, wu->swu_xs);
- if (crp->crp_etype)
+ if (crwu->cr_crp->crp_etype)
wu->swu_xs->error = XS_DRIVER_STUFFUP;
s = splbio();
-/* $OpenBSD: softraid_raid1c.c,v 1.4 2021/10/13 22:43:44 bluhm Exp $ */
+/* $OpenBSD: softraid_raid1c.c,v 1.5 2021/10/23 15:42:35 tobhe Exp $ */
/*
* Copyright (c) 2007 Marco Peereboom <marco@peereboom.us>
* Copyright (c) 2008 Hans-Joerg Hoexer <hshoexer@openbsd.org>
int sr_raid1c_ioctl(struct sr_discipline *sd, struct bioc_discipline *bd);
int sr_raid1c_meta_opt_handler(struct sr_discipline *,
struct sr_meta_opt_hdr *);
-void sr_raid1c_write(struct cryptop *);
+void sr_raid1c_write(struct sr_crypto_wu *);
int sr_raid1c_rw(struct sr_workunit *);
int sr_raid1c_dev_rw(struct sr_workunit *, struct sr_crypto_wu *);
void sr_raid1c_done(struct sr_workunit *wu);
}
void
-sr_raid1c_write(struct cryptop *crp)
+sr_raid1c_write(struct sr_crypto_wu *crwu)
{
- struct sr_crypto_wu *crwu = crp->crp_opaque;
struct sr_workunit *wu = &crwu->cr_wu;
int s;
DNPRINTF(SR_D_INTR, "%s: sr_raid1c_write: wu %p xs: %p\n",
DEVNAME(wu->swu_dis->sd_sc), wu, wu->swu_xs);
- if (crp->crp_etype) {
+ if (crwu->cr_crp->crp_etype) {
/* fail io */
wu->swu_xs->error = XS_DRIVER_STUFFUP;
s = splbio();
!ISSET(wu->swu_flags, SR_WUF_REBUILD)) {
mdd_raid1c = &wu->swu_dis->mds.mdd_raid1c;
crwu = sr_crypto_prepare(wu, &mdd_raid1c->sr1c_crypto, 1);
- crwu->cr_crp->crp_callback = sr_raid1c_write;
- crypto_dispatch(crwu->cr_crp);
+ crypto_invoke(crwu->cr_crp);
+ sr_raid1c_write(crwu);
rv = crwu->cr_crp->crp_etype;
} else
rv = sr_raid1c_dev_rw(wu, NULL);
-/* $OpenBSD: ip_ah.c,v 1.158 2021/10/22 15:44:20 bluhm Exp $ */
+/* $OpenBSD: ip_ah.c,v 1.159 2021/10/23 15:42:35 tobhe Exp $ */
/*
* The authors of this code are John Ioannidis (ji@tla.org),
* Angelos D. Keromytis (kermit@csd.uch.gr) and
struct tdb_crypto *tc = NULL;
u_int32_t btsx, esn;
u_int8_t hl;
- int error, rplen;
+ int error, rplen, clen;
u_int64_t ibytes;
#ifdef ENCDEBUG
char buf[INET6_ADDRSTRLEN];
crp->crp_ilen = m->m_pkthdr.len; /* Total input length. */
crp->crp_flags = CRYPTO_F_IMBUF | CRYPTO_F_MPSAFE;
crp->crp_buf = (caddr_t)m;
- crp->crp_callback = ipsec_input_cb;
crp->crp_sid = tdb->tdb_cryptoid;
- crp->crp_opaque = (caddr_t)tc;
/* These are passed as-is to the callback. */
tc->tc_skip = skip;
memcpy(&tc->tc_dst, &tdb->tdb_dst, sizeof(union sockaddr_union));
tc->tc_rpl = tdb->tdb_rpl;
- crypto_dispatch(crp);
+ KERNEL_LOCK();
+ crypto_invoke(crp);
+ while (crp->crp_etype == EAGAIN) {
+ /* Reset the session ID */
+ if (tdb->tdb_cryptoid != 0)
+ tdb->tdb_cryptoid = crp->crp_sid;
+ crypto_invoke(crp);
+ }
+ KERNEL_UNLOCK();
+ if (crp->crp_etype) {
+ DPRINTF("crypto error %d", crp->crp_etype);
+ ipsecstat_inc(ipsec_noxform);
+ error = crp->crp_etype;
+ goto drop;
+ }
+
+ /* Length of data after processing */
+ clen = crp->crp_olen;
+
+ /* Release the crypto descriptors */
+ crypto_freereq(crp);
+
+ error = ah_input_cb(tdb, tc, m, clen);
+ if (error) {
+ ipsecstat_inc(ipsec_idrops);
+ tdb->tdb_idrops++;
+ }
+
return 0;
drop:
struct cryptop *crp = NULL;
u_int64_t replay64;
u_int16_t iplen;
- int error, rplen, roff;
+ int error, rplen, roff, ilen, olen;
u_int8_t prot;
struct ah *ah;
#if NBPFILTER > 0
crp->crp_ilen = m->m_pkthdr.len; /* Total input length. */
crp->crp_flags = CRYPTO_F_IMBUF | CRYPTO_F_MPSAFE;
crp->crp_buf = (caddr_t)m;
- crp->crp_callback = ipsec_output_cb;
crp->crp_sid = tdb->tdb_cryptoid;
- crp->crp_opaque = (caddr_t)tc;
/* These are passed as-is to the callback. */
tc->tc_skip = skip;
tc->tc_rdomain = tdb->tdb_rdomain;
memcpy(&tc->tc_dst, &tdb->tdb_dst, sizeof(union sockaddr_union));
- crypto_dispatch(crp);
+ KERNEL_LOCK();
+ crypto_invoke(crp);
+ while (crp->crp_etype == EAGAIN) {
+ /* Reset the session ID */
+ if (tdb->tdb_cryptoid != 0)
+ tdb->tdb_cryptoid = crp->crp_sid;
+ crypto_invoke(crp);
+ }
+ KERNEL_UNLOCK();
+ if (crp->crp_etype) {
+ DPRINTF("crypto error %d", crp->crp_etype);
+ ipsecstat_inc(ipsec_noxform);
+ error = crp->crp_etype;
+ goto drop;
+ }
+
+ ilen = crp->crp_ilen;
+ olen = crp->crp_olen;
+
+ /* Release the crypto descriptors */
+ crypto_freereq(crp);
+
+ error = ah_output_cb(tdb, tc, m, ilen, olen);
+ if (error) {
+ ipsecstat_inc(ipsec_odrops);
+ tdb->tdb_odrops++;
+ }
+
return 0;
drop:
-/* $OpenBSD: ip_esp.c,v 1.177 2021/10/22 15:44:20 bluhm Exp $ */
+/* $OpenBSD: ip_esp.c,v 1.178 2021/10/23 15:42:35 tobhe Exp $ */
/*
* The authors of this code are John Ioannidis (ji@tla.org),
* Angelos D. Keromytis (kermit@csd.uch.gr) and
struct cryptodesc *crde = NULL, *crda = NULL;
struct cryptop *crp = NULL;
struct tdb_crypto *tc = NULL;
- int plen, alen, hlen, error;
+ int plen, alen, hlen, error, clen;
u_int32_t btsx, esn;
#ifdef ENCDEBUG
char buf[INET6_ADDRSTRLEN];
crp->crp_ilen = m->m_pkthdr.len; /* Total input length */
crp->crp_flags = CRYPTO_F_IMBUF | CRYPTO_F_MPSAFE;
crp->crp_buf = (caddr_t)m;
- crp->crp_callback = ipsec_input_cb;
crp->crp_sid = tdb->tdb_cryptoid;
- crp->crp_opaque = (caddr_t)tc;
/* These are passed as-is to the callback */
tc->tc_skip = skip;
crde->crd_len = m->m_pkthdr.len - (skip + hlen + alen);
}
- crypto_dispatch(crp);
+ KERNEL_LOCK();
+ crypto_invoke(crp);
+ while (crp->crp_etype == EAGAIN) {
+ /* Reset the session ID */
+ if (tdb->tdb_cryptoid != 0)
+ tdb->tdb_cryptoid = crp->crp_sid;
+ crypto_invoke(crp);
+ }
+ KERNEL_UNLOCK();
+ if (crp->crp_etype) {
+ DPRINTF("crypto error %d", crp->crp_etype);
+ ipsecstat_inc(ipsec_noxform);
+ error = crp->crp_etype;
+ goto drop;
+ }
+
+ clen = crp->crp_olen;
+
+ /* Release the crypto descriptors */
+ crypto_freereq(crp);
+
+ error = esp_input_cb(tdb, tc, m, clen);
+ if (error) {
+ ipsecstat_inc(ipsec_idrops);
+ tdb->tdb_idrops++;
+ }
+
return 0;
drop:
{
const struct enc_xform *espx = tdb->tdb_encalgxform;
const struct auth_hash *esph = tdb->tdb_authalgxform;
- int ilen, hlen, rlen, padding, blks, alen, roff, error;
+ int ilen, olen, hlen, rlen, padding, blks, alen, roff, error;
u_int64_t replay64;
u_int32_t replay;
struct mbuf *mi, *mo = (struct mbuf *) NULL;
crp->crp_ilen = m->m_pkthdr.len; /* Total input length. */
crp->crp_flags = CRYPTO_F_IMBUF | CRYPTO_F_MPSAFE;
crp->crp_buf = (caddr_t)m;
- crp->crp_callback = ipsec_output_cb;
- crp->crp_opaque = (caddr_t)tc;
crp->crp_sid = tdb->tdb_cryptoid;
if (esph) {
crda->crd_len = m->m_pkthdr.len - (skip + alen);
}
- crypto_dispatch(crp);
+ KERNEL_LOCK();
+ crypto_invoke(crp);
+ while (crp->crp_etype == EAGAIN) {
+ /* Reset the session ID */
+ if (tdb->tdb_cryptoid != 0)
+ tdb->tdb_cryptoid = crp->crp_sid;
+ crypto_invoke(crp);
+ }
+ KERNEL_UNLOCK();
+ if (crp->crp_etype) {
+ DPRINTF("crypto error %d", crp->crp_etype);
+ ipsecstat_inc(ipsec_noxform);
+ error = crp->crp_etype;
+ goto drop;
+ }
+
+ ilen = crp->crp_ilen;
+ olen = crp->crp_olen;
+
+ /* Release the crypto descriptors */
+ crypto_freereq(crp);
+
+ error = esp_output_cb(tdb, tc, m, ilen, olen);
+ if (error) {
+ ipsecstat_inc(ipsec_odrops);
+ tdb->tdb_odrops++;
+ }
+
return 0;
drop:
-/* $OpenBSD: ip_ipcomp.c,v 1.79 2021/10/22 15:44:20 bluhm Exp $ */
+/* $OpenBSD: ip_ipcomp.c,v 1.80 2021/10/23 15:42:35 tobhe Exp $ */
/*
* Copyright (c) 2001 Jean-Jacques Bernard-Gundol (jj@wabbitt.org)
{
const struct comp_algo *ipcompx = tdb->tdb_compalgxform;
struct tdb_crypto *tc;
- int hlen;
+ int hlen, error, clen;
struct cryptodesc *crdc = NULL;
struct cryptop *crp;
crp->crp_ilen = m->m_pkthdr.len - (skip + hlen);
crp->crp_flags = CRYPTO_F_IMBUF | CRYPTO_F_MPSAFE;
crp->crp_buf = (caddr_t)m;
- crp->crp_callback = ipsec_input_cb;
crp->crp_sid = tdb->tdb_cryptoid;
- crp->crp_opaque = (caddr_t)tc;
/* These are passed as-is to the callback */
tc->tc_skip = skip;
tc->tc_rdomain = tdb->tdb_rdomain;
tc->tc_dst = tdb->tdb_dst;
- crypto_dispatch(crp);
+ KERNEL_LOCK();
+ crypto_invoke(crp);
+ while (crp->crp_etype == EAGAIN) {
+ /* Reset the session ID */
+ if (tdb->tdb_cryptoid != 0)
+ tdb->tdb_cryptoid = crp->crp_sid;
+ crypto_invoke(crp);
+ }
+ KERNEL_UNLOCK();
+ if (crp->crp_etype) {
+ DPRINTF("crypto error %d", crp->crp_etype);
+ ipsecstat_inc(ipsec_noxform);
+ free(tc, M_XDATA, 0);
+ m_freem(m);
+ crypto_freereq(crp);
+ return crp->crp_etype;
+ }
+
+ clen = crp->crp_olen;
+
+ /* Release the crypto descriptors */
+ crypto_freereq(crp);
+
+ error = ipcomp_input_cb(tdb, tc, m, clen);
+ if (error) {
+ ipsecstat_inc(ipsec_idrops);
+ tdb->tdb_idrops++;
+ }
+
return 0;
}
ipcomp_output(struct mbuf *m, struct tdb *tdb, int skip, int protoff)
{
const struct comp_algo *ipcompx = tdb->tdb_compalgxform;
- int error, hlen;
+ int error, hlen, ilen, olen;
struct cryptodesc *crdc = NULL;
struct cryptop *crp = NULL;
struct tdb_crypto *tc;
crp->crp_ilen = m->m_pkthdr.len; /* Total input length */
crp->crp_flags = CRYPTO_F_IMBUF | CRYPTO_F_MPSAFE;
crp->crp_buf = (caddr_t)m;
- crp->crp_callback = ipsec_output_cb;
- crp->crp_opaque = (caddr_t)tc;
crp->crp_sid = tdb->tdb_cryptoid;
- crypto_dispatch(crp);
+ KERNEL_LOCK();
+ crypto_invoke(crp);
+ while (crp->crp_etype == EAGAIN) {
+ /* Reset the session ID */
+ if (tdb->tdb_cryptoid != 0)
+ tdb->tdb_cryptoid = crp->crp_sid;
+ crypto_invoke(crp);
+ }
+ KERNEL_UNLOCK();
+ if (crp->crp_etype) {
+ DPRINTF("crypto error %d", crp->crp_etype);
+ ipsecstat_inc(ipsec_noxform);
+ free(tc, M_XDATA, 0);
+ m_freem(m);
+ crypto_freereq(crp);
+ return crp->crp_etype;
+ }
+
+ ilen = crp->crp_ilen;
+ olen = crp->crp_olen;
+
+ /* Release the crypto descriptors */
+ crypto_freereq(crp);
+
+ error = ipcomp_output_cb(tdb, tc, m, crp->crp_ilen, crp->crp_olen);
+ if (error) {
+ ipsecstat_inc(ipsec_odrops);
+ tdb->tdb_odrops++;
+ }
+
return 0;
drop:
-/* $OpenBSD: ip_ipsp.h,v 1.210 2021/10/13 14:36:31 bluhm Exp $ */
+/* $OpenBSD: ip_ipsp.h,v 1.211 2021/10/23 15:42:35 tobhe Exp $ */
/*
* The authors of this code are John Ioannidis (ji@tla.org),
* Angelos D. Keromytis (kermit@csd.uch.gr),
void ipsec_init(void);
int ipsec_sysctl(int *, u_int, void *, size_t *, void *, size_t);
int ipsec_common_input(struct mbuf *, int, int, int, int, int);
-void ipsec_input_cb(struct cryptop *);
-void ipsec_output_cb(struct cryptop *);
int ipsec_common_input_cb(struct mbuf *, struct tdb *, int, int);
int ipsec_delete_policy(struct ipsec_policy *);
ssize_t ipsec_hdrsz(struct tdb *);
-/* $OpenBSD: ipsec_input.c,v 1.185 2021/10/22 15:44:20 bluhm Exp $ */
+/* $OpenBSD: ipsec_input.c,v 1.186 2021/10/23 15:42:35 tobhe Exp $ */
/*
* The authors of this code are John Ioannidis (ji@tla.org),
* Angelos D. Keromytis (kermit@csd.uch.gr) and
return error;
}
-void
-ipsec_input_cb(struct cryptop *crp)
-{
- struct tdb_crypto *tc = (struct tdb_crypto *) crp->crp_opaque;
- struct mbuf *m = (struct mbuf *) crp->crp_buf;
- struct tdb *tdb = NULL;
- int clen, error;
-
- NET_ASSERT_LOCKED();
-
- if (m == NULL) {
- DPRINTF("bogus returned buffer from crypto");
- ipsecstat_inc(ipsec_crypto);
- goto drop;
- }
-
- tdb = gettdb(tc->tc_rdomain, tc->tc_spi, &tc->tc_dst, tc->tc_proto);
- if (tdb == NULL) {
- DPRINTF("TDB is expired while in crypto");
- ipsecstat_inc(ipsec_notdb);
- goto drop;
- }
-
- /* Check for crypto errors */
- if (crp->crp_etype) {
- if (crp->crp_etype == EAGAIN) {
- /* Reset the session ID */
- if (tdb->tdb_cryptoid != 0)
- tdb->tdb_cryptoid = crp->crp_sid;
- crypto_dispatch(crp);
- return;
- }
- DPRINTF("crypto error %d", crp->crp_etype);
- ipsecstat_inc(ipsec_noxform);
- goto drop;
- }
-
- /* Length of data after processing */
- clen = crp->crp_olen;
-
- /* Release the crypto descriptors */
- crypto_freereq(crp);
-
- switch (tdb->tdb_sproto) {
- case IPPROTO_ESP:
- error = esp_input_cb(tdb, tc, m, clen);
- break;
- case IPPROTO_AH:
- error = ah_input_cb(tdb, tc, m, clen);
- break;
- case IPPROTO_IPCOMP:
- error = ipcomp_input_cb(tdb, tc, m, clen);
- break;
- default:
- panic("%s: unknown/unsupported security protocol %d",
- __func__, tdb->tdb_sproto);
- }
- if (error) {
- ipsecstat_inc(ipsec_idrops);
- tdb->tdb_idrops++;
- }
- return;
-
- drop:
- m_freem(m);
- free(tc, M_XDATA, 0);
- crypto_freereq(crp);
- ipsecstat_inc(ipsec_idrops);
- if (tdb != NULL)
- tdb->tdb_idrops++;
-}
-
/*
* IPsec input callback, called by the transform callback. Takes care of
* filtering and other sanity checks on the processed packet.
-/* $OpenBSD: ipsec_output.c,v 1.90 2021/10/22 15:44:20 bluhm Exp $ */
+/* $OpenBSD: ipsec_output.c,v 1.91 2021/10/23 15:42:35 tobhe Exp $ */
/*
* The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)
*
return error;
}
-/*
- * IPsec output callback, called directly by the crypto driver.
- */
-void
-ipsec_output_cb(struct cryptop *crp)
-{
- struct tdb_crypto *tc = (struct tdb_crypto *) crp->crp_opaque;
- struct mbuf *m = (struct mbuf *) crp->crp_buf;
- struct tdb *tdb = NULL;
- int error, ilen, olen;
-
- NET_ASSERT_LOCKED();
-
- if (m == NULL) {
- DPRINTF("bogus returned buffer from crypto");
- ipsecstat_inc(ipsec_crypto);
- goto drop;
- }
-
- tdb = gettdb(tc->tc_rdomain, tc->tc_spi, &tc->tc_dst, tc->tc_proto);
- if (tdb == NULL) {
- DPRINTF("TDB is expired while in crypto");
- ipsecstat_inc(ipsec_notdb);
- goto drop;
- }
-
- /* Check for crypto errors. */
- if (crp->crp_etype) {
- if (crp->crp_etype == EAGAIN) {
- /* Reset the session ID */
- if (tdb->tdb_cryptoid != 0)
- tdb->tdb_cryptoid = crp->crp_sid;
- crypto_dispatch(crp);
- return;
- }
- DPRINTF("crypto error %d", crp->crp_etype);
- ipsecstat_inc(ipsec_noxform);
- goto drop;
- }
-
- olen = crp->crp_olen;
- ilen = crp->crp_ilen;
-
- /* Release crypto descriptors. */
- crypto_freereq(crp);
-
- switch (tdb->tdb_sproto) {
- case IPPROTO_ESP:
- error = esp_output_cb(tdb, tc, m, ilen, olen);
- break;
- case IPPROTO_AH:
- error = ah_output_cb(tdb, tc, m, ilen, olen);
- break;
- case IPPROTO_IPCOMP:
- error = ipcomp_output_cb(tdb, tc, m, ilen, olen);
- break;
- default:
- panic("%s: unhandled security protocol %d",
- __func__, tdb->tdb_sproto);
- }
- if (error) {
- ipsecstat_inc(ipsec_odrops);
- tdb->tdb_odrops++;
- }
- return;
-
- drop:
- m_freem(m);
- free(tc, M_XDATA, 0);
- crypto_freereq(crp);
- ipsecstat_inc(ipsec_odrops);
- if (tdb != NULL)
- tdb->tdb_odrops++;
-}
-
/*
* Called by the IPsec output transform callbacks, to transmit the packet
* or do further processing, as necessary.
projects / openbsd / commitdiff