tech-crypto archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
final -- I think -- opencrypto mutex/condvar patch
The attached seems to work. I've made the necessary changes to
netipsec but I'm not really able to test them, so I'd appreciate
that (as well as any other mistakes of mine anyone cares to point
out).
Also, I wonder if I missed anything I'd need to do to mark the thread or
the softint as MPSAFE; I haven't done that (MPSAFE on those) yet.
This should probably use multiple locks as the freebsd code does. And I
should probably put CBIMM back in.
Patch attached and at http://www.panix.com/~tls/ocf-mtx6.diff
Thor
Index: netipsec/xform_ah.c
===================================================================
RCS file: /cvsroot/src/sys/netipsec/xform_ah.c,v
retrieving revision 1.19
diff -u -p -r1.19 xform_ah.c
--- netipsec/xform_ah.c 28 Oct 2007 15:48:23 -0000 1.19
+++ netipsec/xform_ah.c 3 Feb 2008 20:15:56 -0000
@@ -230,8 +230,13 @@ ah_init(struct secasvar *sav, struct xfo
int error;
error = ah_init0(sav, xsp, &cria);
- return error ? error :
- crypto_newsession(&sav->tdb_cryptoid, &cria, crypto_support);
+ if (!error) {
+ mutex_spin_enter(&crypto_mtx);
+ error = crypto_newsession(&sav->tdb_cryptoid,
+ &cria, crypto_support);
+ mutex_spin_exit(&crypto_mtx);
+ }
+ return error;
}
/*
@@ -247,7 +252,9 @@ ah_zeroize(struct secasvar *sav)
if (sav->key_auth)
bzero(_KEYBUF(sav->key_auth), _KEYLEN(sav->key_auth));
+ mutex_spin_enter(&crypto_mtx);
err = crypto_freesession(sav->tdb_cryptoid);
+ mutex_spin_exit(&crypto_mtx);
sav->tdb_cryptoid = 0;
sav->tdb_authalgxform = NULL;
sav->tdb_xform = NULL;
Index: netipsec/xform_esp.c
===================================================================
RCS file: /cvsroot/src/sys/netipsec/xform_esp.c,v
retrieving revision 1.16
diff -u -p -r1.16 xform_esp.c
--- netipsec/xform_esp.c 27 Jun 2007 20:38:33 -0000 1.16
+++ netipsec/xform_esp.c 3 Feb 2008 20:15:57 -0000
@@ -231,6 +231,7 @@ esp_init(struct secasvar *sav, struct xf
crie.cri_key = _KEYBUF(sav->key_enc);
/* XXX Rounds ? */
+ mutex_spin_enter(&crypto_mtx);
if (sav->tdb_authalgxform && sav->tdb_encalgxform) {
/* init both auth & enc */
crie.cri_next = &cria;
@@ -247,6 +248,7 @@ esp_init(struct secasvar *sav, struct xf
DPRINTF(("esp_init: no encoding OR authentication xform!\n"));
error = EINVAL;
}
+ mutex_spin_exit(&crypto_mtx);
return error;
}
Index: netipsec/xform_ipcomp.c
===================================================================
RCS file: /cvsroot/src/sys/netipsec/xform_ipcomp.c,v
retrieving revision 1.16
diff -u -p -r1.16 xform_ipcomp.c
--- netipsec/xform_ipcomp.c 29 Dec 2007 14:56:35 -0000 1.16
+++ netipsec/xform_ipcomp.c 3 Feb 2008 20:15:57 -0000
@@ -106,6 +106,7 @@ ipcomp_init(struct secasvar *sav, struct
{
struct comp_algo *tcomp;
struct cryptoini cric;
+ int ses;
/* NB: algorithm really comes in alg_enc and not alg_comp! */
tcomp = ipcomp_algorithm_lookup(sav->alg_enc);
@@ -122,7 +123,10 @@ ipcomp_init(struct secasvar *sav, struct
bzero(&cric, sizeof (cric));
cric.cri_alg = sav->tdb_compalgxform->type;
- return crypto_newsession(&sav->tdb_cryptoid, &cric, crypto_support);
+ mutex_spin_enter(&crypto_mtx);
+ ses = crypto_newsession(&sav->tdb_cryptoid, &cric, crypto_support);
+ mutex_spin_exit(&crypto_mtx);
+ return ses;
}
/*
@@ -133,7 +137,9 @@ ipcomp_zeroize(struct secasvar *sav)
{
int err;
+ mutex_spin_enter(&crypto_mtx);
err = crypto_freesession(sav->tdb_cryptoid);
+ mutex_spin_exit(&crypto_mtx);
sav->tdb_cryptoid = 0;
return err;
}
Home |
Main Index |
Thread Index |
Old Index