Add 0002-AM335x-OCF-Driver-for-Linux-3.patch that wasn't part of the official PS…

…P 04.06.00.11 release

Add 0002-AM335x-OCF-Driver-for-Linux-3.patch that wasn't part of the official PS…
…P 04.06.00.11 release
Eric Lee
1 parent 159a82241b
Showing 23 changed files with 6988 additions and 0 deletions Side-by-side Diff
crypto/Kconfig
crypto/Makefile
crypto/ocf/Config.in
crypto/ocf/Kconfig
crypto/ocf/Makefile
crypto/ocf/criov.c
crypto/ocf/crypto.c
crypto/ocf/cryptodev.c
crypto/ocf/cryptodev.h
crypto/ocf/cryptosoft.c
crypto/ocf/ocf-bench.c
crypto/ocf/ocf-compat.h
crypto/ocf/ocfnull/Makefile
crypto/ocf/ocfnull/ocfnull.c
crypto/ocf/random.c
crypto/ocf/rndtest.c
crypto/ocf/rndtest.h
crypto/ocf/uio.h
drivers/char/random.c
fs/fcntl.c
@@ -923,4 +923,6 @@
 source "drivers/crypto/Kconfig"
  
 endif	# if CRYPTO
+
+source "crypto/ocf/Kconfig"
@@ -91,6 +91,8 @@
 obj-$(CONFIG_CRYPTO_USER_API_HASH) += algif_hash.o
 obj-$(CONFIG_CRYPTO_USER_API_SKCIPHER) += algif_skcipher.o
  
+obj-$(CONFIG_OCF_OCF) += ocf/
+
 #
 # generic algorithms and the async_tx api
 #
+#############################################################################
+
+mainmenu_option next_comment
+comment 'OCF Configuration'
+tristate 'OCF (Open Cryptograhic Framework)' CONFIG_OCF_OCF
+dep_mbool '  enable fips RNG checks (fips check on RNG data before use)' \
+				CONFIG_OCF_FIPS $CONFIG_OCF_OCF
+dep_mbool '  enable harvesting entropy for /dev/random' \
+				CONFIG_OCF_RANDOMHARVEST $CONFIG_OCF_OCF
+dep_tristate '  cryptodev (user space support)' \
+				CONFIG_OCF_CRYPTODEV $CONFIG_OCF_OCF
+dep_tristate '  cryptosoft (software crypto engine)' \
+				CONFIG_OCF_CRYPTOSOFT $CONFIG_OCF_OCF
+dep_tristate '  ocfnull (does no crypto)' \
+				CONFIG_OCF_OCFNULL $CONFIG_OCF_OCF
+dep_tristate '  ocf-bench (HW crypto in-kernel benchmark)' \
+				CONFIG_OCF_BENCH $CONFIG_OCF_OCF
+endmenu
+
+#############################################################################
+menu "OCF Configuration"
+
+config OCF_OCF
+	tristate "OCF (Open Cryptograhic Framework)"
+	help
+	  A linux port of the OpenBSD/FreeBSD crypto framework.
+
+config OCF_RANDOMHARVEST
+	bool "crypto random --- harvest entropy for /dev/random"
+	depends on OCF_OCF
+	help
+	  Includes code to harvest random numbers from devices that support it.
+
+config OCF_FIPS
+	bool "enable fips RNG checks"
+	depends on OCF_OCF && OCF_RANDOMHARVEST
+	help
+	  Run all RNG provided data through a fips check before
+	  adding it /dev/random's entropy pool.
+
+config OCF_CRYPTODEV
+	tristate "cryptodev (user space support)"
+	depends on OCF_OCF
+	help
+	  The user space API to access crypto hardware.
+
+config OCF_CRYPTOSOFT
+	tristate "cryptosoft (software crypto engine)"
+	depends on OCF_OCF
+	help
+	  A software driver for the OCF framework that uses
+	  the kernel CryptoAPI.
+
+config OCF_OCFNULL
+	tristate "ocfnull (fake crypto engine)"
+	depends on OCF_OCF
+	help
+	  OCF driver for measuring ipsec overheads (does no crypto)
+
+config OCF_BENCH
+	tristate "ocf-bench (HW crypto in-kernel benchmark)"
+	depends on OCF_OCF
+	help
+	  A very simple encryption test for the in-kernel interface
+	  of OCF.  Also includes code to benchmark the IXP Access library
+	  for comparison.
+
+endmenu
+# for SGlinux builds
+-include $(ROOTDIR)/modules/.config
+
+OCF_OBJS = crypto.o criov.o
+
+ifdef CONFIG_OCF_RANDOMHARVEST
+	OCF_OBJS += random.o
+endif
+
+ifdef CONFIG_OCF_FIPS
+	OCF_OBJS += rndtest.o
+endif
+
+# Add in autoconf.h to get #defines for CONFIG_xxx
+AUTOCONF_H=$(ROOTDIR)/modules/autoconf.h
+ifeq ($(AUTOCONF_H), $(wildcard $(AUTOCONF_H)))
+	EXTRA_CFLAGS += -include $(AUTOCONF_H)
+	export EXTRA_CFLAGS
+endif
+
+ifndef obj
+	obj ?= .
+	_obj = subdir
+	mod-subdirs := safe hifn ixp4xx talitos ocfnull
+	export-objs += crypto.o criov.o random.o
+	list-multi += ocf.o
+	_slash :=
+else
+	_obj = obj
+	_slash := /
+endif
+
+EXTRA_CFLAGS += -I$(obj)/.
+
+obj-$(CONFIG_OCF_OCF)         += ocf.o
+obj-$(CONFIG_OCF_CRYPTODEV)   += cryptodev.o
+obj-$(CONFIG_OCF_CRYPTOSOFT)  += cryptosoft.o
+obj-$(CONFIG_OCF_BENCH)       += ocf-bench.o
+
+$(_obj)-$(CONFIG_OCF_OCFNULL) += ocfnull$(_slash)
+
+ocf-objs := $(OCF_OBJS)
+
+dummy:
+	@echo "Please consult the README for how to build OCF."
+	@echo "If you can't wait then the following should do it:"
+	@echo ""
+	@echo "    make ocf_modules"
+	@echo "    sudo make ocf_install"
+	@echo ""
+	@exit 1
+
+$(list-multi) dummy1: $(ocf-objs)
+	$(LD) -r -o $@ $(ocf-objs)
+
+.PHONY:
+clean:
+	rm -f *.o *.ko .*.o.flags .*.ko.cmd .*.o.cmd .*.mod.o.cmd *.mod.c
+	rm -f */*.o */*.ko */.*.o.cmd */.*.ko.cmd */.*.mod.o.cmd */*.mod.c */.*.o.flags
+	rm -f */modules.order */modules.builtin modules.order modules.builtin
+
+ifdef TOPDIR
+-include $(TOPDIR)/Rules.make
+endif
+
+#
+# targets to build easily on the current machine
+#
+
+ocf_make:
+	make -C /lib/modules/$(shell uname -r)/build M=`pwd` $(OCF_TARGET) CONFIG_OCF_OCF=m
+	make -C /lib/modules/$(shell uname -r)/build M=`pwd` $(OCF_TARGET) CONFIG_OCF_OCF=m CONFIG_OCF_CRYPTOSOFT=m
+	-make -C /lib/modules/$(shell uname -r)/build M=`pwd` $(OCF_TARGET) CONFIG_OCF_OCF=m CONFIG_OCF_BENCH=m
+	-make -C /lib/modules/$(shell uname -r)/build M=`pwd` $(OCF_TARGET) CONFIG_OCF_OCF=m CONFIG_OCF_OCFNULL=m
+	-make -C /lib/modules/$(shell uname -r)/build M=`pwd` $(OCF_TARGET) CONFIG_OCF_OCF=m CONFIG_OCF_HIFN=m
+
+ocf_modules:
+	$(MAKE) ocf_make OCF_TARGET=modules
+
+ocf_install:
+	$(MAKE) ocf_make OCF_TARGET="modules modules_install"
+	depmod
+	mkdir -p /usr/include/crypto
+	cp cryptodev.h /usr/include/crypto/.
+
+#
+# generate full kernel patches for 2.4 and 2.6 kernels to make patching
+# your kernel easier
+#
+
+.PHONY: patch
+patch:
+	patchbase=.; \
+		[ -d $$patchbase/patches ] || patchbase=..; \
+		patch=ocf-linux-base.patch; \
+		patch24=ocf-linux-24.patch; \
+		patch26=ocf-linux-26.patch; \
+		patch3=ocf-linux-3.patch; \
+		( \
+			find . -name Makefile; \
+			find . -name Config.in; \
+			find . -name Kconfig; \
+			find . -name README; \
+			find . -name '*.[ch]' | grep -v '.mod.c'; \
+		) | while read t; do \
+			diff -Nau /dev/null $$t | sed 's?^+++ \./?+++ linux/crypto/ocf/?'; \
+		done > $$patch; \
+		cat $$patchbase/patches/linux-2.4.35-ocf.patch $$patch > $$patch24; \
+		cat $$patchbase/patches/linux-2.6.38-ocf.patch $$patch > $$patch26; \
+		cat $$patchbase/patches/linux-3.2.1-ocf.patch $$patch > $$patch3; \
+
+
+#
+# this target probably does nothing for anyone but me - davidm
+#
+
+.PHONY: release
+release:
+	REL=`date +%Y%m%d`; RELDIR=/tmp/ocf-linux-$$REL; \
+		CURDIR=`pwd`; \
+		rm -rf /tmp/ocf-linux-$$REL*; \
+		mkdir -p $$RELDIR/ocf; \
+		mkdir -p $$RELDIR/patches; \
+		mkdir -p $$RELDIR/crypto-tools; \
+		cp README* $$RELDIR/.; \
+		cp patches/[!C]* $$RELDIR/patches/.; \
+		cp tools/[!C]* $$RELDIR/crypto-tools/.; \
+		cp -r [!C]* Config.in $$RELDIR/ocf/.; \
+		rm -rf $$RELDIR/ocf/patches $$RELDIR/ocf/tools; \
+		rm -f $$RELDIR/ocf/README*; \
+		cp $$CURDIR/../../user/crypto-tools/[!C]* $$RELDIR/crypto-tools/.; \
+		make -C $$RELDIR/crypto-tools clean; \
+		make -C $$RELDIR/ocf clean; \
+		find $$RELDIR/ocf -name CVS | xargs rm -rf; \
+		cd $$RELDIR/..; \
+		tar cvf ocf-linux-$$REL.tar ocf-linux-$$REL; \
+		gzip -9 ocf-linux-$$REL.tar
+/*      $OpenBSD: criov.c,v 1.9 2002/01/29 15:48:29 jason Exp $	*/
+
+/*
+ * Linux port done by David McCullough <david_mccullough@mcafee.com>
+ * Copyright (C) 2006-2010 David McCullough
+ * Copyright (C) 2004-2005 Intel Corporation.
+ * The license and original author are listed below.
+ *
+ * Copyright (c) 1999 Theo de Raadt
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in the
+ *   documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *   derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+__FBSDID("$FreeBSD: src/sys/opencrypto/criov.c,v 1.5 2006/06/04 22:15:13 pjd Exp $");
+ */
+
+#include <linux/version.h>
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED)
+#include <linux/config.h>
+#endif
+#include <linux/module.h>
+#include <linux/init.h>
+#include <linux/slab.h>
+#include <linux/uio.h>
+#include <linux/skbuff.h>
+#include <linux/kernel.h>
+#include <linux/mm.h>
+#include <asm/io.h>
+
+#include <uio.h>
+#include <cryptodev.h>
+
+/*
+ * This macro is only for avoiding code duplication, as we need to skip
+ * given number of bytes in the same way in three functions below.
+ */
+#define	CUIO_SKIP()	do {						\
+	KASSERT(off >= 0, ("%s: off %d < 0", __func__, off));		\
+	KASSERT(len >= 0, ("%s: len %d < 0", __func__, len));		\
+	while (off > 0) {						\
+		KASSERT(iol >= 0, ("%s: empty in skip", __func__));	\
+		if (off < iov->iov_len)					\
+			break;						\
+		off -= iov->iov_len;					\
+		iol--;							\
+		iov++;							\
+	}								\
+} while (0)
+
+void
+cuio_copydata(struct uio* uio, int off, int len, caddr_t cp)
+{
+	struct iovec *iov = uio->uio_iov;
+	int iol = uio->uio_iovcnt;
+	unsigned count;
+
+	CUIO_SKIP();
+	while (len > 0) {
+		KASSERT(iol >= 0, ("%s: empty", __func__));
+		count = min((int)(iov->iov_len - off), len);
+		memcpy(cp, ((caddr_t)iov->iov_base) + off, count);
+		len -= count;
+		cp += count;
+		off = 0;
+		iol--;
+		iov++;
+	}
+}
+
+void
+cuio_copyback(struct uio* uio, int off, int len, caddr_t cp)
+{
+	struct iovec *iov = uio->uio_iov;
+	int iol = uio->uio_iovcnt;
+	unsigned count;
+
+	CUIO_SKIP();
+	while (len > 0) {
+		KASSERT(iol >= 0, ("%s: empty", __func__));
+		count = min((int)(iov->iov_len - off), len);
+		memcpy(((caddr_t)iov->iov_base) + off, cp, count);
+		len -= count;
+		cp += count;
+		off = 0;
+		iol--;
+		iov++;
+	}
+}
+
+/*
+ * Return a pointer to iov/offset of location in iovec list.
+ */
+struct iovec *
+cuio_getptr(struct uio *uio, int loc, int *off)
+{
+	struct iovec *iov = uio->uio_iov;
+	int iol = uio->uio_iovcnt;
+
+	while (loc >= 0) {
+		/* Normal end of search */
+		if (loc < iov->iov_len) {
+	    		*off = loc;
+	    		return (iov);
+		}
+
+		loc -= iov->iov_len;
+		if (iol == 0) {
+			if (loc == 0) {
+				/* Point at the end of valid data */
+				*off = iov->iov_len;
+				return (iov);
+			} else
+				return (NULL);
+		} else {
+			iov++, iol--;
+		}
+    	}
+
+	return (NULL);
+}
+
+EXPORT_SYMBOL(cuio_copyback);
+EXPORT_SYMBOL(cuio_copydata);
+EXPORT_SYMBOL(cuio_getptr);
+
+static void
+skb_copy_bits_back(struct sk_buff *skb, int offset, caddr_t cp, int len)
+{
+	int i;
+	if (offset < skb_headlen(skb)) {
+		memcpy(skb->data + offset, cp, min_t(int, skb_headlen(skb), len));
+		len -= skb_headlen(skb);
+		cp += skb_headlen(skb);
+	}
+	offset -= skb_headlen(skb);
+	for (i = 0; len > 0 && i < skb_shinfo(skb)->nr_frags; i++) {
+		if (offset < skb_shinfo(skb)->frags[i].size) {
+			memcpy(page_address(skb_frag_page(&skb_shinfo(skb)->frags[i])) +
+					skb_shinfo(skb)->frags[i].page_offset,
+					cp, min_t(int, skb_shinfo(skb)->frags[i].size, len));
+			len -= skb_shinfo(skb)->frags[i].size;
+			cp += skb_shinfo(skb)->frags[i].size;
+		}
+		offset -= skb_shinfo(skb)->frags[i].size;
+	}
+}
+
+void
+crypto_copyback(int flags, caddr_t buf, int off, int size, caddr_t in)
+{
+
+	if ((flags & CRYPTO_F_SKBUF) != 0)
+		skb_copy_bits_back((struct sk_buff *)buf, off, in, size);
+	else if ((flags & CRYPTO_F_IOV) != 0)
+		cuio_copyback((struct uio *)buf, off, size, in);
+	else
+		bcopy(in, buf + off, size);
+}
+
+void
+crypto_copydata(int flags, caddr_t buf, int off, int size, caddr_t out)
+{
+
+	if ((flags & CRYPTO_F_SKBUF) != 0)
+		skb_copy_bits((struct sk_buff *)buf, off, out, size);
+	else if ((flags & CRYPTO_F_IOV) != 0)
+		cuio_copydata((struct uio *)buf, off, size, out);
+	else
+		bcopy(buf + off, out, size);
+}
+
+int
+crypto_apply(int flags, caddr_t buf, int off, int len,
+    int (*f)(void *, void *, u_int), void *arg)
+{
+#if 0
+	int error;
+
+	if ((flags & CRYPTO_F_SKBUF) != 0)
+		error = XXXXXX((struct mbuf *)buf, off, len, f, arg);
+	else if ((flags & CRYPTO_F_IOV) != 0)
+		error = cuio_apply((struct uio *)buf, off, len, f, arg);
+	else
+		error = (*f)(arg, buf + off, len);
+	return (error);
+#else
+	KASSERT(0, ("crypto_apply not implemented!\n"));
+#endif
+	return 0;
+}
+
+EXPORT_SYMBOL(crypto_copyback);
+EXPORT_SYMBOL(crypto_copydata);
+EXPORT_SYMBOL(crypto_apply);
+/*-
+ * Linux port done by David McCullough <david_mccullough@mcafee.com>
+ * Copyright (C) 2006-2010 David McCullough
+ * Copyright (C) 2004-2005 Intel Corporation.
+ * The license and original author are listed below.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * Copyright (c) 2002-2006 Sam Leffler.  All rights reserved.
+ *
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#if 0
+#include <sys/cdefs.h>
+__FBSDID("$FreeBSD: src/sys/opencrypto/crypto.c,v 1.27 2007/03/21 03:42:51 sam Exp $");
+#endif
+
+/*
+ * Cryptographic Subsystem.
+ *
+ * This code is derived from the Openbsd Cryptographic Framework (OCF)
+ * that has the copyright shown below.  Very little of the original
+ * code remains.
+ */
+/*-
+ * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)
+ *
+ * This code was written by Angelos D. Keromytis in Athens, Greece, in
+ * February 2000. Network Security Technologies Inc. (NSTI) kindly
+ * supported the development of this code.
+ *
+ * Copyright (c) 2000, 2001 Angelos D. Keromytis
+ *
+ * Permission to use, copy, and modify this software with or without fee
+ * is hereby granted, provided that this entire notice is included in
+ * all source code copies of any software which is or includes a copy or
+ * modification of this software.
+ *
+ * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY
+ * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
+ * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
+ * PURPOSE.
+ *
+__FBSDID("$FreeBSD: src/sys/opencrypto/crypto.c,v 1.16 2005/01/07 02:29:16 imp Exp $");
+ */
+
+
+#include <linux/version.h>
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED)
+#include <linux/config.h>
+#endif
+#include <linux/module.h>
+#include <linux/init.h>
+#include <linux/list.h>
+#include <linux/slab.h>
+#include <linux/wait.h>
+#include <linux/sched.h>
+#include <linux/spinlock.h>
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,4)
+#include <linux/kthread.h>
+#endif
+#include <cryptodev.h>
+
+/*
+ * keep track of whether or not we have been initialised, a big
+ * issue if we are linked into the kernel and a driver gets started before
+ * us
+ */
+static int crypto_initted = 0;
+
+/*
+ * Crypto drivers register themselves by allocating a slot in the
+ * crypto_drivers table with crypto_get_driverid() and then registering
+ * each algorithm they support with crypto_register() and crypto_kregister().
+ */
+
+/*
+ * lock on driver table
+ * we track its state as spin_is_locked does not do anything on non-SMP boxes
+ */
+static spinlock_t	crypto_drivers_lock;
+static int			crypto_drivers_locked;		/* for non-SMP boxes */
+
+#define	CRYPTO_DRIVER_LOCK() \
+			({ \
+				spin_lock_irqsave(&crypto_drivers_lock, d_flags); \
+			 	crypto_drivers_locked = 1; \
+				dprintk("%s,%d: DRIVER_LOCK()\n", __FILE__, __LINE__); \
+			 })
+#define	CRYPTO_DRIVER_UNLOCK() \
+			({ \
+			 	dprintk("%s,%d: DRIVER_UNLOCK()\n", __FILE__, __LINE__); \
+			 	crypto_drivers_locked = 0; \
+				spin_unlock_irqrestore(&crypto_drivers_lock, d_flags); \
+			 })
+#define	CRYPTO_DRIVER_ASSERT() \
+			({ \
+			 	if (!crypto_drivers_locked) { \
+					dprintk("%s,%d: DRIVER_ASSERT!\n", __FILE__, __LINE__); \
+			 	} \
+			 })
+
+/*
+ * Crypto device/driver capabilities structure.
+ *
+ * Synchronization:
+ * (d) - protected by CRYPTO_DRIVER_LOCK()
+ * (q) - protected by CRYPTO_Q_LOCK()
+ * Not tagged fields are read-only.
+ */
+struct cryptocap {
+	device_t	cc_dev;			/* (d) device/driver */
+	u_int32_t	cc_sessions;		/* (d) # of sessions */
+	u_int32_t	cc_koperations;		/* (d) # os asym operations */
+	/*
+	 * Largest possible operator length (in bits) for each type of
+	 * encryption algorithm. XXX not used
+	 */
+	u_int16_t	cc_max_op_len[CRYPTO_ALGORITHM_MAX + 1];
+	u_int8_t	cc_alg[CRYPTO_ALGORITHM_MAX + 1];
+	u_int8_t	cc_kalg[CRK_ALGORITHM_MAX + 1];
+
+	int		cc_flags;		/* (d) flags */
+#define CRYPTOCAP_F_CLEANUP	0x80000000	/* needs resource cleanup */
+	int		cc_qblocked;		/* (q) symmetric q blocked */
+	int		cc_kqblocked;		/* (q) asymmetric q blocked */
+
+	int		cc_unqblocked;		/* (q) symmetric q blocked */
+	int		cc_unkqblocked;		/* (q) asymmetric q blocked */
+};
+static struct cryptocap *crypto_drivers = NULL;
+static int crypto_drivers_num = 0;
+
+/*
+ * There are two queues for crypto requests; one for symmetric (e.g.
+ * cipher) operations and one for asymmetric (e.g. MOD)operations.
+ * A single mutex is used to lock access to both queues.  We could
+ * have one per-queue but having one simplifies handling of block/unblock
+ * operations.
+ */
+static LIST_HEAD(crp_q);		/* crypto request queue */
+static LIST_HEAD(crp_kq);		/* asym request queue */
+
+static spinlock_t crypto_q_lock;
+
+int crypto_all_qblocked = 0;  /* protect with Q_LOCK */
+module_param(crypto_all_qblocked, int, 0444);
+MODULE_PARM_DESC(crypto_all_qblocked, "Are all crypto queues blocked");
+
+int crypto_all_kqblocked = 0; /* protect with Q_LOCK */
+module_param(crypto_all_kqblocked, int, 0444);
+MODULE_PARM_DESC(crypto_all_kqblocked, "Are all asym crypto queues blocked");
+
+#define	CRYPTO_Q_LOCK() \
+			({ \
+				spin_lock_irqsave(&crypto_q_lock, q_flags); \
+			 	dprintk("%s,%d: Q_LOCK()\n", __FILE__, __LINE__); \
+			 })
+#define	CRYPTO_Q_UNLOCK() \
+			({ \
+			 	dprintk("%s,%d: Q_UNLOCK()\n", __FILE__, __LINE__); \
+				spin_unlock_irqrestore(&crypto_q_lock, q_flags); \
+			 })
+
+/*
+ * There are two queues for processing completed crypto requests; one
+ * for the symmetric and one for the asymmetric ops.  We only need one
+ * but have two to avoid type futzing (cryptop vs. cryptkop).  A single
+ * mutex is used to lock access to both queues.  Note that this lock
+ * must be separate from the lock on request queues to insure driver
+ * callbacks don't generate lock order reversals.
+ */
+static LIST_HEAD(crp_ret_q);		/* callback queues */
+static LIST_HEAD(crp_ret_kq);
+
+static spinlock_t crypto_ret_q_lock;
+#define	CRYPTO_RETQ_LOCK() \
+			({ \
+				spin_lock_irqsave(&crypto_ret_q_lock, r_flags); \
+				dprintk("%s,%d: RETQ_LOCK\n", __FILE__, __LINE__); \
+			 })
+#define	CRYPTO_RETQ_UNLOCK() \
+			({ \
+			 	dprintk("%s,%d: RETQ_UNLOCK\n", __FILE__, __LINE__); \
+				spin_unlock_irqrestore(&crypto_ret_q_lock, r_flags); \
+			 })
+#define	CRYPTO_RETQ_EMPTY()	(list_empty(&crp_ret_q) && list_empty(&crp_ret_kq))
+
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,20)
+static kmem_cache_t *cryptop_zone;
+static kmem_cache_t *cryptodesc_zone;
+#else
+static struct kmem_cache *cryptop_zone;
+static struct kmem_cache *cryptodesc_zone;
+#endif
+
+#define debug crypto_debug
+int crypto_debug = 0;
+module_param(crypto_debug, int, 0644);
+MODULE_PARM_DESC(crypto_debug, "Enable debug");
+EXPORT_SYMBOL(crypto_debug);
+
+/*
+ * Maximum number of outstanding crypto requests before we start
+ * failing requests.  We need this to prevent DOS when too many
+ * requests are arriving for us to keep up.  Otherwise we will
+ * run the system out of memory.  Since crypto is slow,  we are
+ * usually the bottleneck that needs to say, enough is enough.
+ *
+ * We cannot print errors when this condition occurs,  we are already too
+ * slow,  printing anything will just kill us
+ */
+
+static int crypto_q_cnt = 0;
+module_param(crypto_q_cnt, int, 0444);
+MODULE_PARM_DESC(crypto_q_cnt,
+		"Current number of outstanding crypto requests");
+
+static int crypto_q_max = 1000;
+module_param(crypto_q_max, int, 0644);
+MODULE_PARM_DESC(crypto_q_max,
+		"Maximum number of outstanding crypto requests");
+
+#define bootverbose crypto_verbose
+static int crypto_verbose = 0;
+module_param(crypto_verbose, int, 0644);
+MODULE_PARM_DESC(crypto_verbose,
+		"Enable verbose crypto startup");
+
+int	crypto_usercrypto = 1;	/* userland may do crypto reqs */
+module_param(crypto_usercrypto, int, 0644);
+MODULE_PARM_DESC(crypto_usercrypto,
+	   "Enable/disable user-mode access to crypto support");
+
+int	crypto_userasymcrypto = 1;	/* userland may do asym crypto reqs */
+module_param(crypto_userasymcrypto, int, 0644);
+MODULE_PARM_DESC(crypto_userasymcrypto,
+	   "Enable/disable user-mode access to asymmetric crypto support");
+
+int	crypto_devallowsoft = 0;	/* only use hardware crypto */
+module_param(crypto_devallowsoft, int, 0644);
+MODULE_PARM_DESC(crypto_devallowsoft,
+	   "Enable/disable use of software crypto support");
+
+/*
+ * This parameter controls the maximum number of crypto operations to
+ * do consecutively in the crypto kernel thread before scheduling to allow
+ * other processes to run. Without it, it is possible to get into a
+ * situation where the crypto thread never allows any other processes to run.
+ * Default to 1000 which should be less than one second.
+ */
+static int crypto_max_loopcount = 1000;
+module_param(crypto_max_loopcount, int, 0644);
+MODULE_PARM_DESC(crypto_max_loopcount,
+	   "Maximum number of crypto ops to do before yielding to other processes");
+
+#ifndef CONFIG_NR_CPUS
+#define CONFIG_NR_CPUS 1
+#endif
+
+static struct task_struct *cryptoproc[CONFIG_NR_CPUS];
+static struct task_struct *cryptoretproc[CONFIG_NR_CPUS];
+static DECLARE_WAIT_QUEUE_HEAD(cryptoproc_wait);
+static DECLARE_WAIT_QUEUE_HEAD(cryptoretproc_wait);
+
+static	int crypto_proc(void *arg);
+static	int crypto_ret_proc(void *arg);
+static	int crypto_invoke(struct cryptocap *cap, struct cryptop *crp, int hint);
+static	int crypto_kinvoke(struct cryptkop *krp, int flags);
+static	void crypto_exit(void);
+static  int crypto_init(void);
+
+static	struct cryptostats cryptostats;
+
+static struct cryptocap *
+crypto_checkdriver(u_int32_t hid)
+{
+	if (crypto_drivers == NULL)
+		return NULL;
+	return (hid >= crypto_drivers_num ? NULL : &crypto_drivers[hid]);
+}
+
+/*
+ * Compare a driver's list of supported algorithms against another
+ * list; return non-zero if all algorithms are supported.
+ */
+static int
+driver_suitable(const struct cryptocap *cap, const struct cryptoini *cri)
+{
+	const struct cryptoini *cr;
+
+	/* See if all the algorithms are supported. */
+	for (cr = cri; cr; cr = cr->cri_next)
+		if (cap->cc_alg[cr->cri_alg] == 0)
+			return 0;
+	return 1;
+}
+
+
+/*
+ * Select a driver for a new session that supports the specified
+ * algorithms and, optionally, is constrained according to the flags.
+ * The algorithm we use here is pretty stupid; just use the
+ * first driver that supports all the algorithms we need. If there
+ * are multiple drivers we choose the driver with the fewest active
+ * sessions.  We prefer hardware-backed drivers to software ones.
+ *
+ * XXX We need more smarts here (in real life too, but that's
+ * XXX another story altogether).
+ */
+static struct cryptocap *
+crypto_select_driver(const struct cryptoini *cri, int flags)
+{
+	struct cryptocap *cap, *best;
+	int match, hid;
+
+	CRYPTO_DRIVER_ASSERT();
+
+	/*
+	 * Look first for hardware crypto devices if permitted.
+	 */
+	if (flags & CRYPTOCAP_F_HARDWARE)
+		match = CRYPTOCAP_F_HARDWARE;
+	else
+		match = CRYPTOCAP_F_SOFTWARE;
+	best = NULL;
+again:
+	for (hid = 0; hid < crypto_drivers_num; hid++) {
+		cap = &crypto_drivers[hid];
+		/*
+		 * If it's not initialized, is in the process of
+		 * going away, or is not appropriate (hardware
+		 * or software based on match), then skip.
+		 */
+		if (cap->cc_dev == NULL ||
+		    (cap->cc_flags & CRYPTOCAP_F_CLEANUP) ||
+		    (cap->cc_flags & match) == 0)
+			continue;
+
+		/* verify all the algorithms are supported. */
+		if (driver_suitable(cap, cri)) {
+			if (best == NULL ||
+			    cap->cc_sessions < best->cc_sessions)
+				best = cap;
+		}
+	}
+	if (best != NULL)
+		return best;
+	if (match == CRYPTOCAP_F_HARDWARE && (flags & CRYPTOCAP_F_SOFTWARE)) {
+		/* sort of an Algol 68-style for loop */
+		match = CRYPTOCAP_F_SOFTWARE;
+		goto again;
+	}
+	return best;
+}
+
+/*
+ * Create a new session.  The crid argument specifies a crypto
+ * driver to use or constraints on a driver to select (hardware
+ * only, software only, either).  Whatever driver is selected
+ * must be capable of the requested crypto algorithms.
+ */
+int
+crypto_newsession(u_int64_t *sid, struct cryptoini *cri, int crid)
+{
+	struct cryptocap *cap;
+	u_int32_t hid, lid;
+	int err;
+	unsigned long d_flags;
+
+	CRYPTO_DRIVER_LOCK();
+	if ((crid & (CRYPTOCAP_F_HARDWARE | CRYPTOCAP_F_SOFTWARE)) == 0) {
+		/*
+		 * Use specified driver; verify it is capable.
+		 */
+		cap = crypto_checkdriver(crid);
+		if (cap != NULL && !driver_suitable(cap, cri))
+			cap = NULL;
+	} else {
+		/*
+		 * No requested driver; select based on crid flags.
+		 */
+		cap = crypto_select_driver(cri, crid);
+		/*
+		 * if NULL then can't do everything in one session.
+		 * XXX Fix this. We need to inject a "virtual" session
+		 * XXX layer right about here.
+		 */
+	}
+	if (cap != NULL) {
+		/* Call the driver initialization routine. */
+		hid = cap - crypto_drivers;
+		lid = hid;		/* Pass the driver ID. */
+		cap->cc_sessions++;
+		CRYPTO_DRIVER_UNLOCK();
+		err = CRYPTODEV_NEWSESSION(cap->cc_dev, &lid, cri);
+		CRYPTO_DRIVER_LOCK();
+		if (err == 0) {
+			(*sid) = (cap->cc_flags & 0xff000000)
+			       | (hid & 0x00ffffff);
+			(*sid) <<= 32;
+			(*sid) |= (lid & 0xffffffff);
+		} else
+			cap->cc_sessions--;
+	} else
+		err = EINVAL;
+	CRYPTO_DRIVER_UNLOCK();
+	return err;
+}
+
+static void
+crypto_remove(struct cryptocap *cap)
+{
+	CRYPTO_DRIVER_ASSERT();
+	if (cap->cc_sessions == 0 && cap->cc_koperations == 0)
+		bzero(cap, sizeof(*cap));
+}
+
+/*
+ * Delete an existing session (or a reserved session on an unregistered
+ * driver).
+ */
+int
+crypto_freesession(u_int64_t sid)
+{
+	struct cryptocap *cap;
+	u_int32_t hid;
+	int err = 0;
+	unsigned long d_flags;
+
+	dprintk("%s()\n", __FUNCTION__);
+	CRYPTO_DRIVER_LOCK();
+
+	if (crypto_drivers == NULL) {
+		err = EINVAL;
+		goto done;
+	}
+
+	/* Determine two IDs. */
+	hid = CRYPTO_SESID2HID(sid);
+
+	if (hid >= crypto_drivers_num) {
+		dprintk("%s - INVALID DRIVER NUM %d\n", __FUNCTION__, hid);
+		err = ENOENT;
+		goto done;
+	}
+	cap = &crypto_drivers[hid];
+
+	if (cap->cc_dev) {
+		CRYPTO_DRIVER_UNLOCK();
+		/* Call the driver cleanup routine, if available, unlocked. */
+		err = CRYPTODEV_FREESESSION(cap->cc_dev, sid);
+		CRYPTO_DRIVER_LOCK();
+	}
+
+	if (cap->cc_sessions)
+		cap->cc_sessions--;
+
+	if (cap->cc_flags & CRYPTOCAP_F_CLEANUP)
+		crypto_remove(cap);
+
+done:
+	CRYPTO_DRIVER_UNLOCK();
+	return err;
+}
+
+/*
+ * Return an unused driver id.  Used by drivers prior to registering
+ * support for the algorithms they handle.
+ */
+int32_t
+crypto_get_driverid(device_t dev, int flags)
+{
+	struct cryptocap *newdrv;
+	int i;
+	unsigned long d_flags;
+
+	if ((flags & (CRYPTOCAP_F_HARDWARE | CRYPTOCAP_F_SOFTWARE)) == 0) {
+		printf("%s: no flags specified when registering driver\n",
+		    device_get_nameunit(dev));
+		return -1;
+	}
+
+	CRYPTO_DRIVER_LOCK();
+
+	for (i = 0; i < crypto_drivers_num; i++) {
+		if (crypto_drivers[i].cc_dev == NULL &&
+		    (crypto_drivers[i].cc_flags & CRYPTOCAP_F_CLEANUP) == 0) {
+			break;
+		}
+	}
+
+	/* Out of entries, allocate some more. */
+	if (i == crypto_drivers_num) {
+		/* Be careful about wrap-around. */
+		if (2 * crypto_drivers_num <= crypto_drivers_num) {
+			CRYPTO_DRIVER_UNLOCK();
+			printk("crypto: driver count wraparound!\n");
+			return -1;
+		}
+
+		newdrv = kmalloc(2 * crypto_drivers_num * sizeof(struct cryptocap),
+				GFP_KERNEL);
+		if (newdrv == NULL) {
+			CRYPTO_DRIVER_UNLOCK();
+			printk("crypto: no space to expand driver table!\n");
+			return -1;
+		}
+
+		memcpy(newdrv, crypto_drivers,
+				crypto_drivers_num * sizeof(struct cryptocap));
+		memset(&newdrv[crypto_drivers_num], 0,
+				crypto_drivers_num * sizeof(struct cryptocap));
+
+		crypto_drivers_num *= 2;
+
+		kfree(crypto_drivers);
+		crypto_drivers = newdrv;
+	}
+
+	/* NB: state is zero'd on free */
+	crypto_drivers[i].cc_sessions = 1;	/* Mark */
+	crypto_drivers[i].cc_dev = dev;
+	crypto_drivers[i].cc_flags = flags;
+	if (bootverbose)
+		printf("crypto: assign %s driver id %u, flags %u\n",
+		    device_get_nameunit(dev), i, flags);
+
+	CRYPTO_DRIVER_UNLOCK();
+
+	return i;
+}
+
+/*
+ * Lookup a driver by name.  We match against the full device
+ * name and unit, and against just the name.  The latter gives
+ * us a simple widlcarding by device name.  On success return the
+ * driver/hardware identifier; otherwise return -1.
+ */
+int
+crypto_find_driver(const char *match)
+{
+	int i, len = strlen(match);
+	unsigned long d_flags;
+
+	CRYPTO_DRIVER_LOCK();
+	for (i = 0; i < crypto_drivers_num; i++) {
+		device_t dev = crypto_drivers[i].cc_dev;
+		if (dev == NULL ||
+		    (crypto_drivers[i].cc_flags & CRYPTOCAP_F_CLEANUP))
+			continue;
+		if (strncmp(match, device_get_nameunit(dev), len) == 0 ||
+		    strncmp(match, device_get_name(dev), len) == 0)
+			break;
+	}
+	CRYPTO_DRIVER_UNLOCK();
+	return i < crypto_drivers_num ? i : -1;
+}
+
+/*
+ * Return the device_t for the specified driver or NULL
+ * if the driver identifier is invalid.
+ */
+device_t
+crypto_find_device_byhid(int hid)
+{
+	struct cryptocap *cap = crypto_checkdriver(hid);
+	return cap != NULL ? cap->cc_dev : NULL;
+}
+
+/*
+ * Return the device/driver capabilities.
+ */
+int
+crypto_getcaps(int hid)
+{
+	struct cryptocap *cap = crypto_checkdriver(hid);
+	return cap != NULL ? cap->cc_flags : 0;
+}
+
+/*
+ * Register support for a key-related algorithm.  This routine
+ * is called once for each algorithm supported a driver.
+ */
+int
+crypto_kregister(u_int32_t driverid, int kalg, u_int32_t flags)
+{
+	struct cryptocap *cap;
+	int err;
+	unsigned long d_flags;
+
+	dprintk("%s()\n", __FUNCTION__);
+	CRYPTO_DRIVER_LOCK();
+
+	cap = crypto_checkdriver(driverid);
+	if (cap != NULL &&
+	    (CRK_ALGORITM_MIN <= kalg && kalg <= CRK_ALGORITHM_MAX)) {
+		/*
+		 * XXX Do some performance testing to determine placing.
+		 * XXX We probably need an auxiliary data structure that
+		 * XXX describes relative performances.
+		 */
+
+		cap->cc_kalg[kalg] = flags | CRYPTO_ALG_FLAG_SUPPORTED;
+		if (bootverbose)
+			printf("crypto: %s registers key alg %u flags %u\n"
+				, device_get_nameunit(cap->cc_dev)
+				, kalg
+				, flags
+			);
+		err = 0;
+	} else
+		err = EINVAL;
+
+	CRYPTO_DRIVER_UNLOCK();
+	return err;
+}
+
+/*
+ * Register support for a non-key-related algorithm.  This routine
+ * is called once for each such algorithm supported by a driver.
+ */
+int
+crypto_register(u_int32_t driverid, int alg, u_int16_t maxoplen,
+    u_int32_t flags)
+{
+	struct cryptocap *cap;
+	int err;
+	unsigned long d_flags;
+
+	dprintk("%s(id=0x%x, alg=%d, maxoplen=%d, flags=0x%x)\n", __FUNCTION__,
+			driverid, alg, maxoplen, flags);
+
+	CRYPTO_DRIVER_LOCK();
+
+	cap = crypto_checkdriver(driverid);
+	/* NB: algorithms are in the range [1..max] */
+	if (cap != NULL &&
+	    (CRYPTO_ALGORITHM_MIN <= alg && alg <= CRYPTO_ALGORITHM_MAX)) {
+		/*
+		 * XXX Do some performance testing to determine placing.
+		 * XXX We probably need an auxiliary data structure that
+		 * XXX describes relative performances.
+		 */
+
+		cap->cc_alg[alg] = flags | CRYPTO_ALG_FLAG_SUPPORTED;
+		cap->cc_max_op_len[alg] = maxoplen;
+		if (bootverbose)
+			printf("crypto: %s registers alg %u flags %u maxoplen %u\n"
+				, device_get_nameunit(cap->cc_dev)
+				, alg
+				, flags
+				, maxoplen
+			);
+		cap->cc_sessions = 0;		/* Unmark */
+		err = 0;
+	} else
+		err = EINVAL;
+
+	CRYPTO_DRIVER_UNLOCK();
+	return err;
+}
+
+static void
+driver_finis(struct cryptocap *cap)
+{
+	u_int32_t ses, kops;
+
+	CRYPTO_DRIVER_ASSERT();
+
+	ses = cap->cc_sessions;
+	kops = cap->cc_koperations;
+	bzero(cap, sizeof(*cap));
+	if (ses != 0 || kops != 0) {
+		/*
+		 * If there are pending sessions,
+		 * just mark as invalid.
+		 */
+		cap->cc_flags |= CRYPTOCAP_F_CLEANUP;
+		cap->cc_sessions = ses;
+		cap->cc_koperations = kops;
+	}
+}
+
+/*
+ * Unregister a crypto driver. If there are pending sessions using it,
+ * leave enough information around so that subsequent calls using those
+ * sessions will correctly detect the driver has been unregistered and
+ * reroute requests.
+ */
+int
+crypto_unregister(u_int32_t driverid, int alg)
+{
+	struct cryptocap *cap;
+	int i, err;
+	unsigned long d_flags;
+
+	dprintk("%s()\n", __FUNCTION__);
+	CRYPTO_DRIVER_LOCK();
+
+	cap = crypto_checkdriver(driverid);
+	if (cap != NULL &&
+	    (CRYPTO_ALGORITHM_MIN <= alg && alg <= CRYPTO_ALGORITHM_MAX) &&
+	    cap->cc_alg[alg] != 0) {
+		cap->cc_alg[alg] = 0;
+		cap->cc_max_op_len[alg] = 0;
+
+		/* Was this the last algorithm ? */
+		for (i = 1; i <= CRYPTO_ALGORITHM_MAX; i++)
+			if (cap->cc_alg[i] != 0)
+				break;
+
+		if (i == CRYPTO_ALGORITHM_MAX + 1)
+			driver_finis(cap);
+		err = 0;
+	} else
+		err = EINVAL;
+	CRYPTO_DRIVER_UNLOCK();
+	return err;
+}
+
+/*
+ * Unregister all algorithms associated with a crypto driver.
+ * If there are pending sessions using it, leave enough information
+ * around so that subsequent calls using those sessions will
+ * correctly detect the driver has been unregistered and reroute
+ * requests.
+ */
+int
+crypto_unregister_all(u_int32_t driverid)
+{
+	struct cryptocap *cap;
+	int err;
+	unsigned long d_flags;
+
+	dprintk("%s()\n", __FUNCTION__);
+	CRYPTO_DRIVER_LOCK();
+	cap = crypto_checkdriver(driverid);
+	if (cap != NULL) {
+		driver_finis(cap);
+		err = 0;
+	} else
+		err = EINVAL;
+	CRYPTO_DRIVER_UNLOCK();
+
+	return err;
+}
+
+/*
+ * Clear blockage on a driver.  The what parameter indicates whether
+ * the driver is now ready for cryptop's and/or cryptokop's.
+ */
+int
+crypto_unblock(u_int32_t driverid, int what)
+{
+	struct cryptocap *cap;
+	int err;
+	unsigned long q_flags;
+
+	CRYPTO_Q_LOCK();
+	cap = crypto_checkdriver(driverid);
+	if (cap != NULL) {
+		if (what & CRYPTO_SYMQ) {
+			cap->cc_qblocked = 0;
+			cap->cc_unqblocked = 0;
+			crypto_all_qblocked = 0;
+		}
+		if (what & CRYPTO_ASYMQ) {
+			cap->cc_kqblocked = 0;
+			cap->cc_unkqblocked = 0;
+			crypto_all_kqblocked = 0;
+		}
+		wake_up_interruptible(&cryptoproc_wait);
+		err = 0;
+	} else
+		err = EINVAL;
+	CRYPTO_Q_UNLOCK(); //DAVIDM should this be a driver lock
+
+	return err;
+}
+
+/*
+ * Add a crypto request to a queue, to be processed by the kernel thread.
+ */
+int
+crypto_dispatch(struct cryptop *crp)
+{
+	struct cryptocap *cap;
+	int result = -1;
+	unsigned long q_flags;
+
+	dprintk("%s()\n", __FUNCTION__);
+
+	cryptostats.cs_ops++;
+
+	CRYPTO_Q_LOCK();
+	if (crypto_q_cnt >= crypto_q_max) {
+		cryptostats.cs_drops++;
+		CRYPTO_Q_UNLOCK();
+		return ENOMEM;
+	}
+	crypto_q_cnt++;
+
+	/* make sure we are starting a fresh run on this crp. */
+	crp->crp_flags &= ~CRYPTO_F_DONE;
+	crp->crp_etype = 0;
+
+	/*
+	 * Caller marked the request to be processed immediately; dispatch
+	 * it directly to the driver unless the driver is currently blocked.
+	 */
+	if ((crp->crp_flags & CRYPTO_F_BATCH) == 0) {
+		int hid = CRYPTO_SESID2HID(crp->crp_sid);
+		cap = crypto_checkdriver(hid);
+		/* Driver cannot disappear when there is an active session. */
+		KASSERT(cap != NULL, ("%s: Driver disappeared.", __func__));
+		if (!cap->cc_qblocked) {
+			crypto_all_qblocked = 0;
+			crypto_drivers[hid].cc_unqblocked = 1;
+			CRYPTO_Q_UNLOCK();
+			result = crypto_invoke(cap, crp, 0);
+			CRYPTO_Q_LOCK();
+			if (result == ERESTART)
+				if (crypto_drivers[hid].cc_unqblocked)
+					crypto_drivers[hid].cc_qblocked = 1;
+			crypto_drivers[hid].cc_unqblocked = 0;
+		}
+	}
+	if (result == ERESTART) {
+		/*
+		 * The driver ran out of resources, mark the
+		 * driver ``blocked'' for cryptop's and put
+		 * the request back in the queue.  It would
+		 * best to put the request back where we got
+		 * it but that's hard so for now we put it
+		 * at the front.  This should be ok; putting
+		 * it at the end does not work.
+		 */
+		list_add(&crp->crp_next, &crp_q);
+		cryptostats.cs_blocks++;
+		result = 0;
+	} else if (result == -1) {
+		TAILQ_INSERT_TAIL(&crp_q, crp, crp_next);
+		result = 0;
+	}
+	wake_up_interruptible(&cryptoproc_wait);
+	CRYPTO_Q_UNLOCK();
+	return result;
+}
+
+/*
+ * Add an asymetric crypto request to a queue,
+ * to be processed by the kernel thread.
+ */
+int
+crypto_kdispatch(struct cryptkop *krp)
+{
+	int error;
+	unsigned long q_flags;
+
+	cryptostats.cs_kops++;
+
+	error = crypto_kinvoke(krp, krp->krp_crid);
+	if (error == ERESTART) {
+		CRYPTO_Q_LOCK();
+		TAILQ_INSERT_TAIL(&crp_kq, krp, krp_next);
+		wake_up_interruptible(&cryptoproc_wait);
+		CRYPTO_Q_UNLOCK();
+		error = 0;
+	}
+	return error;
+}
+
+/*
+ * Verify a driver is suitable for the specified operation.
+ */
+static __inline int
+kdriver_suitable(const struct cryptocap *cap, const struct cryptkop *krp)
+{
+	return (cap->cc_kalg[krp->krp_op] & CRYPTO_ALG_FLAG_SUPPORTED) != 0;
+}
+
+/*
+ * Select a driver for an asym operation.  The driver must
+ * support the necessary algorithm.  The caller can constrain
+ * which device is selected with the flags parameter.  The
+ * algorithm we use here is pretty stupid; just use the first
+ * driver that supports the algorithms we need. If there are
+ * multiple suitable drivers we choose the driver with the
+ * fewest active operations.  We prefer hardware-backed
+ * drivers to software ones when either may be used.
+ */
+static struct cryptocap *
+crypto_select_kdriver(const struct cryptkop *krp, int flags)
+{
+	struct cryptocap *cap, *best, *blocked;
+	int match, hid;
+
+	CRYPTO_DRIVER_ASSERT();
+
+	/*
+	 * Look first for hardware crypto devices if permitted.
+	 */
+	if (flags & CRYPTOCAP_F_HARDWARE)
+		match = CRYPTOCAP_F_HARDWARE;
+	else
+		match = CRYPTOCAP_F_SOFTWARE;
+	best = NULL;
+	blocked = NULL;
+again:
+	for (hid = 0; hid < crypto_drivers_num; hid++) {
+		cap = &crypto_drivers[hid];
+		/*
+		 * If it's not initialized, is in the process of
+		 * going away, or is not appropriate (hardware
+		 * or software based on match), then skip.
+		 */
+		if (cap->cc_dev == NULL ||
+		    (cap->cc_flags & CRYPTOCAP_F_CLEANUP) ||
+		    (cap->cc_flags & match) == 0)
+			continue;
+
+		/* verify all the algorithms are supported. */
+		if (kdriver_suitable(cap, krp)) {
+			if (best == NULL ||
+			    cap->cc_koperations < best->cc_koperations)
+				best = cap;
+		}
+	}
+	if (best != NULL)
+		return best;
+	if (match == CRYPTOCAP_F_HARDWARE && (flags & CRYPTOCAP_F_SOFTWARE)) {
+		/* sort of an Algol 68-style for loop */
+		match = CRYPTOCAP_F_SOFTWARE;
+		goto again;
+	}
+	return best;
+}
+
+/*
+ * Dispatch an assymetric crypto request.
+ */
+static int
+crypto_kinvoke(struct cryptkop *krp, int crid)
+{
+	struct cryptocap *cap = NULL;
+	int error;
+	unsigned long d_flags;
+
+	KASSERT(krp != NULL, ("%s: krp == NULL", __func__));
+	KASSERT(krp->krp_callback != NULL,
+	    ("%s: krp->crp_callback == NULL", __func__));
+
+	CRYPTO_DRIVER_LOCK();
+	if ((crid & (CRYPTOCAP_F_HARDWARE | CRYPTOCAP_F_SOFTWARE)) == 0) {
+		cap = crypto_checkdriver(crid);
+		if (cap != NULL) {
+			/*
+			 * Driver present, it must support the necessary
+			 * algorithm and, if s/w drivers are excluded,
+			 * it must be registered as hardware-backed.
+			 */
+			if (!kdriver_suitable(cap, krp) ||
+			    (!crypto_devallowsoft &&
+			     (cap->cc_flags & CRYPTOCAP_F_HARDWARE) == 0))
+				cap = NULL;
+		}
+	} else {
+		/*
+		 * No requested driver; select based on crid flags.
+		 */
+		if (!crypto_devallowsoft)	/* NB: disallow s/w drivers */
+			crid &= ~CRYPTOCAP_F_SOFTWARE;
+		cap = crypto_select_kdriver(krp, crid);
+	}
+	if (cap != NULL && !cap->cc_kqblocked) {
+		krp->krp_hid = cap - crypto_drivers;
+		cap->cc_koperations++;
+		CRYPTO_DRIVER_UNLOCK();
+		error = CRYPTODEV_KPROCESS(cap->cc_dev, krp, 0);
+		CRYPTO_DRIVER_LOCK();
+		if (error == ERESTART) {
+			cap->cc_koperations--;
+			CRYPTO_DRIVER_UNLOCK();
+			return (error);
+		}
+		/* return the actual device used */
+		krp->krp_crid = krp->krp_hid;
+	} else {
+		/*
+		 * NB: cap is !NULL if device is blocked; in
+		 *     that case return ERESTART so the operation
+		 *     is resubmitted if possible.
+		 */
+		error = (cap == NULL) ? ENODEV : ERESTART;
+	}
+	CRYPTO_DRIVER_UNLOCK();
+
+	if (error) {
+		krp->krp_status = error;
+		crypto_kdone(krp);
+	}
+	return 0;
+}
+
+
+/*
+ * Dispatch a crypto request to the appropriate crypto devices.
+ */
+static int
+crypto_invoke(struct cryptocap *cap, struct cryptop *crp, int hint)
+{
+	KASSERT(crp != NULL, ("%s: crp == NULL", __func__));
+	KASSERT(crp->crp_callback != NULL,
+	    ("%s: crp->crp_callback == NULL", __func__));
+	KASSERT(crp->crp_desc != NULL, ("%s: crp->crp_desc == NULL", __func__));
+
+	dprintk("%s()\n", __FUNCTION__);
+
+#ifdef CRYPTO_TIMING
+	if (crypto_timing)
+		crypto_tstat(&cryptostats.cs_invoke, &crp->crp_tstamp);
+#endif
+	if (cap->cc_flags & CRYPTOCAP_F_CLEANUP) {
+		struct cryptodesc *crd;
+		u_int64_t nid;
+
+		/*
+		 * Driver has unregistered; migrate the session and return
+		 * an error to the caller so they'll resubmit the op.
+		 *
+		 * XXX: What if there are more already queued requests for this
+		 *      session?
+		 */
+		crypto_freesession(crp->crp_sid);
+
+		for (crd = crp->crp_desc; crd->crd_next; crd = crd->crd_next)
+			crd->CRD_INI.cri_next = &(crd->crd_next->CRD_INI);
+
+		/* XXX propagate flags from initial session? */
+		if (crypto_newsession(&nid, &(crp->crp_desc->CRD_INI),
+		    CRYPTOCAP_F_HARDWARE | CRYPTOCAP_F_SOFTWARE) == 0)
+			crp->crp_sid = nid;
+
+		crp->crp_etype = EAGAIN;
+		crypto_done(crp);
+		return 0;
+	} else {
+		/*
+		 * Invoke the driver to process the request.
+		 */
+		return CRYPTODEV_PROCESS(cap->cc_dev, crp, hint);
+	}
+}
+
+/*
+ * Release a set of crypto descriptors.
+ */
+void
+crypto_freereq(struct cryptop *crp)
+{
+	struct cryptodesc *crd;
+
+	if (crp == NULL)
+		return;
+
+#ifdef DIAGNOSTIC
+	{
+		struct cryptop *crp2;
+		unsigned long q_flags;
+
+		CRYPTO_Q_LOCK();
+		TAILQ_FOREACH(crp2, &crp_q, crp_next) {
+			KASSERT(crp2 != crp,
+			    ("Freeing cryptop from the crypto queue (%p).",
+			    crp));
+		}
+		CRYPTO_Q_UNLOCK();
+		CRYPTO_RETQ_LOCK();
+		TAILQ_FOREACH(crp2, &crp_ret_q, crp_next) {
+			KASSERT(crp2 != crp,
+			    ("Freeing cryptop from the return queue (%p).",
+			    crp));
+		}
+		CRYPTO_RETQ_UNLOCK();
+	}
+#endif
+
+	while ((crd = crp->crp_desc) != NULL) {
+		crp->crp_desc = crd->crd_next;
+		kmem_cache_free(cryptodesc_zone, crd);
+	}
+	kmem_cache_free(cryptop_zone, crp);
+}
+
+/*
+ * Acquire a set of crypto descriptors.
+ */
+struct cryptop *
+crypto_getreq(int num)
+{
+	struct cryptodesc *crd;
+	struct cryptop *crp;
+
+	crp = kmem_cache_alloc(cryptop_zone, SLAB_ATOMIC);
+	if (crp != NULL) {
+		memset(crp, 0, sizeof(*crp));
+		INIT_LIST_HEAD(&crp->crp_next);
+		init_waitqueue_head(&crp->crp_waitq);
+		while (num--) {
+			crd = kmem_cache_alloc(cryptodesc_zone, SLAB_ATOMIC);
+			if (crd == NULL) {
+				crypto_freereq(crp);
+				return NULL;
+			}
+			memset(crd, 0, sizeof(*crd));
+			crd->crd_next = crp->crp_desc;
+			crp->crp_desc = crd;
+		}
+	}
+	return crp;
+}
+
+/*
+ * Invoke the callback on behalf of the driver.
+ */
+void
+crypto_done(struct cryptop *crp)
+{
+	unsigned long q_flags;
+
+	dprintk("%s()\n", __FUNCTION__);
+	if ((crp->crp_flags & CRYPTO_F_DONE) == 0) {
+		crp->crp_flags |= CRYPTO_F_DONE;
+		CRYPTO_Q_LOCK();
+		crypto_q_cnt--;
+		CRYPTO_Q_UNLOCK();
+	} else
+		printk("crypto: crypto_done op already done, flags 0x%x",
+				crp->crp_flags);
+	if (crp->crp_etype != 0)
+		cryptostats.cs_errs++;
+	/*
+	 * CBIMM means unconditionally do the callback immediately;
+	 * CBIFSYNC means do the callback immediately only if the
+	 * operation was done synchronously.  Both are used to avoid
+	 * doing extraneous context switches; the latter is mostly
+	 * used with the software crypto driver.
+	 */
+	if ((crp->crp_flags & CRYPTO_F_CBIMM) ||
+	    ((crp->crp_flags & CRYPTO_F_CBIFSYNC) &&
+	     (CRYPTO_SESID2CAPS(crp->crp_sid) & CRYPTOCAP_F_SYNC))) {
+		/*
+		 * Do the callback directly.  This is ok when the
+		 * callback routine does very little (e.g. the
+		 * /dev/crypto callback method just does a wakeup).
+		 */
+		crp->crp_callback(crp);
+	} else {
+		unsigned long r_flags;
+		/*
+		 * Normal case; queue the callback for the thread.
+		 */
+		CRYPTO_RETQ_LOCK();
+		wake_up_interruptible(&cryptoretproc_wait);/* shared wait channel */
+		TAILQ_INSERT_TAIL(&crp_ret_q, crp, crp_next);
+		CRYPTO_RETQ_UNLOCK();
+	}
+}
+
+/*
+ * Invoke the callback on behalf of the driver.
+ */
+void
+crypto_kdone(struct cryptkop *krp)
+{
+	struct cryptocap *cap;
+	unsigned long d_flags;
+
+	if ((krp->krp_flags & CRYPTO_KF_DONE) != 0)
+		printk("crypto: crypto_kdone op already done, flags 0x%x",
+				krp->krp_flags);
+	krp->krp_flags |= CRYPTO_KF_DONE;
+	if (krp->krp_status != 0)
+		cryptostats.cs_kerrs++;
+
+	CRYPTO_DRIVER_LOCK();
+	/* XXX: What if driver is loaded in the meantime? */
+	if (krp->krp_hid < crypto_drivers_num) {
+		cap = &crypto_drivers[krp->krp_hid];
+		cap->cc_koperations--;
+		KASSERT(cap->cc_koperations >= 0, ("cc_koperations < 0"));
+		if (cap->cc_flags & CRYPTOCAP_F_CLEANUP)
+			crypto_remove(cap);
+	}
+	CRYPTO_DRIVER_UNLOCK();
+
+	/*
+	 * CBIMM means unconditionally do the callback immediately;
+	 * This is used to avoid doing extraneous context switches
+	 */
+	if ((krp->krp_flags & CRYPTO_KF_CBIMM)) {
+		/*
+		 * Do the callback directly.  This is ok when the
+		 * callback routine does very little (e.g. the
+		 * /dev/crypto callback method just does a wakeup).
+		 */
+		krp->krp_callback(krp);
+	} else {
+		unsigned long r_flags;
+		/*
+		 * Normal case; queue the callback for the thread.
+		 */
+		CRYPTO_RETQ_LOCK();
+		wake_up_interruptible(&cryptoretproc_wait);/* shared wait channel */
+		TAILQ_INSERT_TAIL(&crp_ret_kq, krp, krp_next);
+		CRYPTO_RETQ_UNLOCK();
+	}
+}
+
+int
+crypto_getfeat(int *featp)
+{
+	int hid, kalg, feat = 0;
+	unsigned long d_flags;
+
+	CRYPTO_DRIVER_LOCK();
+	for (hid = 0; hid < crypto_drivers_num; hid++) {
+		const struct cryptocap *cap = &crypto_drivers[hid];
+
+		if ((cap->cc_flags & CRYPTOCAP_F_SOFTWARE) &&
+		    !crypto_devallowsoft) {
+			continue;
+		}
+		for (kalg = 0; kalg < CRK_ALGORITHM_MAX; kalg++)
+			if (cap->cc_kalg[kalg] & CRYPTO_ALG_FLAG_SUPPORTED)
+				feat |=  1 << kalg;
+	}
+	CRYPTO_DRIVER_UNLOCK();
+	*featp = feat;
+	return (0);
+}
+
+/*
+ * Crypto thread, dispatches crypto requests.
+ */
+static int
+crypto_proc(void *arg)
+{
+	struct cryptop *crp, *submit;
+	struct cryptkop *krp, *krpp;
+	struct cryptocap *cap;
+	u_int32_t hid;
+	int result, hint;
+	unsigned long q_flags;
+	int loopcount = 0;
+
+	set_current_state(TASK_INTERRUPTIBLE);
+
+	CRYPTO_Q_LOCK();
+	for (;;) {
+		/*
+		 * we need to make sure we don't get into a busy loop with nothing
+		 * to do,  the two crypto_all_*blocked vars help us find out when
+		 * we are all full and can do nothing on any driver or Q.  If so we
+		 * wait for an unblock.
+		 */
+		crypto_all_qblocked  = !list_empty(&crp_q);
+
+		/*
+		 * Find the first element in the queue that can be
+		 * processed and look-ahead to see if multiple ops
+		 * are ready for the same driver.
+		 */
+		submit = NULL;
+		hint = 0;
+		list_for_each_entry(crp, &crp_q, crp_next) {
+			hid = CRYPTO_SESID2HID(crp->crp_sid);
+			cap = crypto_checkdriver(hid);
+			/*
+			 * Driver cannot disappear when there is an active
+			 * session.
+			 */
+			KASSERT(cap != NULL, ("%s:%u Driver disappeared.",
+			    __func__, __LINE__));
+			if (cap == NULL || cap->cc_dev == NULL) {
+				/* Op needs to be migrated, process it. */
+				if (submit == NULL)
+					submit = crp;
+				break;
+			}
+			if (!cap->cc_qblocked) {
+				if (submit != NULL) {
+					/*
+					 * We stop on finding another op,
+					 * regardless whether its for the same
+					 * driver or not.  We could keep
+					 * searching the queue but it might be
+					 * better to just use a per-driver
+					 * queue instead.
+					 */
+					if (CRYPTO_SESID2HID(submit->crp_sid) == hid)
+						hint = CRYPTO_HINT_MORE;
+					break;
+				} else {
+					submit = crp;
+					if ((submit->crp_flags & CRYPTO_F_BATCH) == 0)
+						break;
+					/* keep scanning for more are q'd */
+				}
+			}
+		}
+		if (submit != NULL) {
+			hid = CRYPTO_SESID2HID(submit->crp_sid);
+			crypto_all_qblocked = 0;
+			list_del(&submit->crp_next);
+			crypto_drivers[hid].cc_unqblocked = 1;
+			cap = crypto_checkdriver(hid);
+			CRYPTO_Q_UNLOCK();
+			KASSERT(cap != NULL, ("%s:%u Driver disappeared.",
+			    __func__, __LINE__));
+			result = crypto_invoke(cap, submit, hint);
+			CRYPTO_Q_LOCK();
+			if (result == ERESTART) {
+				/*
+				 * The driver ran out of resources, mark the
+				 * driver ``blocked'' for cryptop's and put
+				 * the request back in the queue.  It would
+				 * best to put the request back where we got
+				 * it but that's hard so for now we put it
+				 * at the front.  This should be ok; putting
+				 * it at the end does not work.
+				 */
+				/* XXX validate sid again? */
+				list_add(&submit->crp_next, &crp_q);
+				cryptostats.cs_blocks++;
+				if (crypto_drivers[hid].cc_unqblocked)
+					crypto_drivers[hid].cc_qblocked=0;
+				crypto_drivers[hid].cc_unqblocked=0;
+			}
+			crypto_drivers[hid].cc_unqblocked = 0;
+		}
+
+		crypto_all_kqblocked = !list_empty(&crp_kq);
+
+		/* As above, but for key ops */
+		krp = NULL;
+		list_for_each_entry(krpp, &crp_kq, krp_next) {
+			cap = crypto_checkdriver(krpp->krp_hid);
+			if (cap == NULL || cap->cc_dev == NULL) {
+				/*
+				 * Operation needs to be migrated, invalidate
+				 * the assigned device so it will reselect a
+				 * new one below.  Propagate the original
+				 * crid selection flags if supplied.
+				 */
+				krp->krp_hid = krp->krp_crid &
+				    (CRYPTOCAP_F_SOFTWARE|CRYPTOCAP_F_HARDWARE);
+				if (krp->krp_hid == 0)
+					krp->krp_hid =
+				    CRYPTOCAP_F_SOFTWARE|CRYPTOCAP_F_HARDWARE;
+				break;
+			}
+			if (!cap->cc_kqblocked) {
+				krp = krpp;
+				break;
+			}
+		}
+		if (krp != NULL) {
+			crypto_all_kqblocked = 0;
+			list_del(&krp->krp_next);
+			crypto_drivers[krp->krp_hid].cc_kqblocked = 1;
+			CRYPTO_Q_UNLOCK();
+			result = crypto_kinvoke(krp, krp->krp_hid);
+			CRYPTO_Q_LOCK();
+			if (result == ERESTART) {
+				/*
+				 * The driver ran out of resources, mark the
+				 * driver ``blocked'' for cryptkop's and put
+				 * the request back in the queue.  It would
+				 * best to put the request back where we got
+				 * it but that's hard so for now we put it
+				 * at the front.  This should be ok; putting
+				 * it at the end does not work.
+				 */
+				/* XXX validate sid again? */
+				list_add(&krp->krp_next, &crp_kq);
+				cryptostats.cs_kblocks++;
+			} else
+				crypto_drivers[krp->krp_hid].cc_kqblocked = 0;
+		}
+
+		if (submit == NULL && krp == NULL) {
+			/*
+			 * Nothing more to be processed.  Sleep until we're
+			 * woken because there are more ops to process.
+			 * This happens either by submission or by a driver
+			 * becoming unblocked and notifying us through
+			 * crypto_unblock.  Note that when we wakeup we
+			 * start processing each queue again from the
+			 * front. It's not clear that it's important to
+			 * preserve this ordering since ops may finish
+			 * out of order if dispatched to different devices
+			 * and some become blocked while others do not.
+			 */
+			dprintk("%s - sleeping (qe=%d qb=%d kqe=%d kqb=%d)\n",
+					__FUNCTION__,
+					list_empty(&crp_q), crypto_all_qblocked,
+					list_empty(&crp_kq), crypto_all_kqblocked);
+			loopcount = 0;
+			CRYPTO_Q_UNLOCK();
+			wait_event_interruptible(cryptoproc_wait,
+					!(list_empty(&crp_q) || crypto_all_qblocked) ||
+					!(list_empty(&crp_kq) || crypto_all_kqblocked) ||
+					kthread_should_stop());
+			if (signal_pending (current)) {
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
+				spin_lock_irq(&current->sigmask_lock);
+#endif
+				flush_signals(current);
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
+				spin_unlock_irq(&current->sigmask_lock);
+#endif
+			}
+			CRYPTO_Q_LOCK();
+			dprintk("%s - awake\n", __FUNCTION__);
+			if (kthread_should_stop())
+				break;
+			cryptostats.cs_intrs++;
+		} else if (loopcount > crypto_max_loopcount) {
+			/*
+			 * Give other processes a chance to run if we've
+			 * been using the CPU exclusively for a while.
+			 */
+			loopcount = 0;
+			CRYPTO_Q_UNLOCK();
+			schedule();
+			CRYPTO_Q_LOCK();
+		}
+		loopcount++;
+	}
+	CRYPTO_Q_UNLOCK();
+	return 0;
+}
+
+/*
+ * Crypto returns thread, does callbacks for processed crypto requests.
+ * Callbacks are done here, rather than in the crypto drivers, because
+ * callbacks typically are expensive and would slow interrupt handling.
+ */
+static int
+crypto_ret_proc(void *arg)
+{
+	struct cryptop *crpt;
+	struct cryptkop *krpt;
+	unsigned long  r_flags;
+
+	set_current_state(TASK_INTERRUPTIBLE);
+
+	CRYPTO_RETQ_LOCK();
+	for (;;) {
+		/* Harvest return q's for completed ops */
+		crpt = NULL;
+		if (!list_empty(&crp_ret_q))
+			crpt = list_entry(crp_ret_q.next, typeof(*crpt), crp_next);
+		if (crpt != NULL)
+			list_del(&crpt->crp_next);
+
+		krpt = NULL;
+		if (!list_empty(&crp_ret_kq))
+			krpt = list_entry(crp_ret_kq.next, typeof(*krpt), krp_next);
+		if (krpt != NULL)
+			list_del(&krpt->krp_next);
+
+		if (crpt != NULL || krpt != NULL) {
+			CRYPTO_RETQ_UNLOCK();
+			/*
+			 * Run callbacks unlocked.
+			 */
+			if (crpt != NULL)
+				crpt->crp_callback(crpt);
+			if (krpt != NULL)
+				krpt->krp_callback(krpt);
+			CRYPTO_RETQ_LOCK();
+		} else {
+			/*
+			 * Nothing more to be processed.  Sleep until we're
+			 * woken because there are more returns to process.
+			 */
+			dprintk("%s - sleeping\n", __FUNCTION__);
+			CRYPTO_RETQ_UNLOCK();
+			wait_event_interruptible(cryptoretproc_wait,
+					!list_empty(&crp_ret_q) ||
+					!list_empty(&crp_ret_kq) ||
+					kthread_should_stop());
+			if (signal_pending (current)) {
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
+				spin_lock_irq(&current->sigmask_lock);
+#endif
+				flush_signals(current);
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
+				spin_unlock_irq(&current->sigmask_lock);
+#endif
+			}
+			CRYPTO_RETQ_LOCK();
+			dprintk("%s - awake\n", __FUNCTION__);
+			if (kthread_should_stop()) {
+				dprintk("%s - EXITING!\n", __FUNCTION__);
+				break;
+			}
+			cryptostats.cs_rets++;
+		}
+	}
+	CRYPTO_RETQ_UNLOCK();
+	return 0;
+}
+
+
+#if 0 /* should put this into /proc or something */
+static void
+db_show_drivers(void)
+{
+	int hid;
+
+	db_printf("%12s %4s %4s %8s %2s %2s\n"
+		, "Device"
+		, "Ses"
+		, "Kops"
+		, "Flags"
+		, "QB"
+		, "KB"
+	);
+	for (hid = 0; hid < crypto_drivers_num; hid++) {
+		const struct cryptocap *cap = &crypto_drivers[hid];
+		if (cap->cc_dev == NULL)
+			continue;
+		db_printf("%-12s %4u %4u %08x %2u %2u\n"
+		    , device_get_nameunit(cap->cc_dev)
+		    , cap->cc_sessions
+		    , cap->cc_koperations
+		    , cap->cc_flags
+		    , cap->cc_qblocked
+		    , cap->cc_kqblocked
+		);
+	}
+}
+
+DB_SHOW_COMMAND(crypto, db_show_crypto)
+{
+	struct cryptop *crp;
+
+	db_show_drivers();
+	db_printf("\n");
+
+	db_printf("%4s %8s %4s %4s %4s %4s %8s %8s\n",
+	    "HID", "Caps", "Ilen", "Olen", "Etype", "Flags",
+	    "Desc", "Callback");
+	TAILQ_FOREACH(crp, &crp_q, crp_next) {
+		db_printf("%4u %08x %4u %4u %4u %04x %8p %8p\n"
+		    , (int) CRYPTO_SESID2HID(crp->crp_sid)
+		    , (int) CRYPTO_SESID2CAPS(crp->crp_sid)
+		    , crp->crp_ilen, crp->crp_olen
+		    , crp->crp_etype
+		    , crp->crp_flags
+		    , crp->crp_desc
+		    , crp->crp_callback
+		);
+	}
+	if (!TAILQ_EMPTY(&crp_ret_q)) {
+		db_printf("\n%4s %4s %4s %8s\n",
+		    "HID", "Etype", "Flags", "Callback");
+		TAILQ_FOREACH(crp, &crp_ret_q, crp_next) {
+			db_printf("%4u %4u %04x %8p\n"
+			    , (int) CRYPTO_SESID2HID(crp->crp_sid)
+			    , crp->crp_etype
+			    , crp->crp_flags
+			    , crp->crp_callback
+			);
+		}
+	}
+}
+
+DB_SHOW_COMMAND(kcrypto, db_show_kcrypto)
+{
+	struct cryptkop *krp;
+
+	db_show_drivers();
+	db_printf("\n");
+
+	db_printf("%4s %5s %4s %4s %8s %4s %8s\n",
+	    "Op", "Status", "#IP", "#OP", "CRID", "HID", "Callback");
+	TAILQ_FOREACH(krp, &crp_kq, krp_next) {
+		db_printf("%4u %5u %4u %4u %08x %4u %8p\n"
+		    , krp->krp_op
+		    , krp->krp_status
+		    , krp->krp_iparams, krp->krp_oparams
+		    , krp->krp_crid, krp->krp_hid
+		    , krp->krp_callback
+		);
+	}
+	if (!TAILQ_EMPTY(&crp_ret_q)) {
+		db_printf("%4s %5s %8s %4s %8s\n",
+		    "Op", "Status", "CRID", "HID", "Callback");
+		TAILQ_FOREACH(krp, &crp_ret_kq, krp_next) {
+			db_printf("%4u %5u %08x %4u %8p\n"
+			    , krp->krp_op
+			    , krp->krp_status
+			    , krp->krp_crid, krp->krp_hid
+			    , krp->krp_callback
+			);
+		}
+	}
+}
+#endif
+
+
+static int
+crypto_init(void)
+{
+	int error;
+	unsigned long cpu;
+
+	dprintk("%s(%p)\n", __FUNCTION__, (void *) crypto_init);
+
+	if (crypto_initted)
+		return 0;
+	crypto_initted = 1;
+
+	spin_lock_init(&crypto_drivers_lock);
+	spin_lock_init(&crypto_q_lock);
+	spin_lock_init(&crypto_ret_q_lock);
+
+	cryptop_zone = kmem_cache_create("cryptop", sizeof(struct cryptop),
+				       0, SLAB_HWCACHE_ALIGN, NULL
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,23)
+				       , NULL
+#endif
+					);
+
+	cryptodesc_zone = kmem_cache_create("cryptodesc", sizeof(struct cryptodesc),
+				       0, SLAB_HWCACHE_ALIGN, NULL
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,23)
+				       , NULL
+#endif
+					);
+
+	if (cryptodesc_zone == NULL || cryptop_zone == NULL) {
+		printk("crypto: crypto_init cannot setup crypto zones\n");
+		error = ENOMEM;
+		goto bad;
+	}
+
+	crypto_drivers_num = CRYPTO_DRIVERS_INITIAL;
+	crypto_drivers = kmalloc(crypto_drivers_num * sizeof(struct cryptocap),
+			GFP_KERNEL);
+	if (crypto_drivers == NULL) {
+		printk("crypto: crypto_init cannot setup crypto drivers\n");
+		error = ENOMEM;
+		goto bad;
+	}
+
+	memset(crypto_drivers, 0, crypto_drivers_num * sizeof(struct cryptocap));
+
+	ocf_for_each_cpu(cpu) {
+		cryptoproc[cpu] = kthread_create(crypto_proc, (void *) cpu,
+									"ocf_%d", (int) cpu);
+		if (IS_ERR(cryptoproc[cpu])) {
+			error = PTR_ERR(cryptoproc[cpu]);
+			printk("crypto: crypto_init cannot start crypto thread; error %d",
+				error);
+			goto bad;
+		}
+		kthread_bind(cryptoproc[cpu], cpu);
+		wake_up_process(cryptoproc[cpu]);
+
+		cryptoretproc[cpu] = kthread_create(crypto_ret_proc, (void *) cpu,
+									"ocf_ret_%d", (int) cpu);
+		if (IS_ERR(cryptoretproc[cpu])) {
+			error = PTR_ERR(cryptoretproc[cpu]);
+			printk("crypto: crypto_init cannot start cryptoret thread; error %d",
+					error);
+			goto bad;
+		}
+		kthread_bind(cryptoretproc[cpu], cpu);
+		wake_up_process(cryptoretproc[cpu]);
+	}
+
+	return 0;
+bad:
+	crypto_exit();
+	return error;
+}
+
+
+static void
+crypto_exit(void)
+{
+	int cpu;
+
+	dprintk("%s()\n", __FUNCTION__);
+
+	/*
+	 * Terminate any crypto threads.
+	 */
+	ocf_for_each_cpu(cpu) {
+		kthread_stop(cryptoproc[cpu]);
+		kthread_stop(cryptoretproc[cpu]);
+	}
+
+	/*
+	 * Reclaim dynamically allocated resources.
+	 */
+	if (crypto_drivers != NULL)
+		kfree(crypto_drivers);
+
+	if (cryptodesc_zone != NULL)
+		kmem_cache_destroy(cryptodesc_zone);
+	if (cryptop_zone != NULL)
+		kmem_cache_destroy(cryptop_zone);
+}
+
+
+EXPORT_SYMBOL(crypto_newsession);
+EXPORT_SYMBOL(crypto_freesession);
+EXPORT_SYMBOL(crypto_get_driverid);
+EXPORT_SYMBOL(crypto_kregister);
+EXPORT_SYMBOL(crypto_register);
+EXPORT_SYMBOL(crypto_unregister);
+EXPORT_SYMBOL(crypto_unregister_all);
+EXPORT_SYMBOL(crypto_unblock);
+EXPORT_SYMBOL(crypto_dispatch);
+EXPORT_SYMBOL(crypto_kdispatch);
+EXPORT_SYMBOL(crypto_freereq);
+EXPORT_SYMBOL(crypto_getreq);
+EXPORT_SYMBOL(crypto_done);
+EXPORT_SYMBOL(crypto_kdone);
+EXPORT_SYMBOL(crypto_getfeat);
+EXPORT_SYMBOL(crypto_userasymcrypto);
+EXPORT_SYMBOL(crypto_getcaps);
+EXPORT_SYMBOL(crypto_find_driver);
+EXPORT_SYMBOL(crypto_find_device_byhid);
+
+module_init(crypto_init);
+module_exit(crypto_exit);
+
+MODULE_LICENSE("BSD");
+MODULE_AUTHOR("David McCullough <david_mccullough@mcafee.com>");
+MODULE_DESCRIPTION("OCF (OpenBSD Cryptographic Framework)");
+/*	$OpenBSD: cryptodev.c,v 1.52 2002/06/19 07:22:46 deraadt Exp $	*/
+
+/*-
+ * Linux port done by David McCullough <david_mccullough@mcafee.com>
+ * Copyright (C) 2006-2010 David McCullough
+ * Copyright (C) 2004-2005 Intel Corporation.
+ * The license and original author are listed below.
+ *
+ * Copyright (c) 2001 Theo de Raadt
+ * Copyright (c) 2002-2006 Sam Leffler, Errno Consulting
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in the
+ *   documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *   derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * Effort sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F30602-01-2-0537.
+ *
+__FBSDID("$FreeBSD: src/sys/opencrypto/cryptodev.c,v 1.34 2007/05/09 19:37:02 gnn Exp $");
+ */
+
+#include <linux/version.h>
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED)
+#include <linux/config.h>
+#endif
+#include <linux/types.h>
+#include <linux/time.h>
+#include <linux/delay.h>
+#include <linux/list.h>
+#include <linux/init.h>
+#include <linux/sched.h>
+#include <linux/unistd.h>
+#include <linux/module.h>
+#include <linux/wait.h>
+#include <linux/slab.h>
+#include <linux/fs.h>
+#include <linux/dcache.h>
+#include <linux/file.h>
+#include <linux/mount.h>
+#include <linux/miscdevice.h>
+#include <asm/uaccess.h>
+
+#include <cryptodev.h>
+#include <uio.h>
+
+extern asmlinkage long sys_dup(unsigned int fildes);
+
+#define debug cryptodev_debug
+int cryptodev_debug = 0;
+module_param(cryptodev_debug, int, 0644);
+MODULE_PARM_DESC(cryptodev_debug, "Enable cryptodev debug");
+
+struct csession_info {
+	u_int16_t	blocksize;
+	u_int16_t	minkey, maxkey;
+
+	u_int16_t	keysize;
+	/* u_int16_t	hashsize;  */
+	u_int16_t	authsize;
+	u_int16_t	authkey;
+	/* u_int16_t	ctxsize; */
+};
+
+struct csession {
+	struct list_head	list;
+	u_int64_t	sid;
+	u_int32_t	ses;
+
+	wait_queue_head_t waitq;
+
+	u_int32_t	cipher;
+
+	u_int32_t	mac;
+
+	caddr_t		key;
+	int		keylen;
+	u_char		tmp_iv[EALG_MAX_BLOCK_LEN];
+
+	caddr_t		mackey;
+	int		mackeylen;
+
+	struct csession_info info;
+
+	struct iovec	iovec;
+	struct uio	uio;
+	int		error;
+};
+
+struct fcrypt {
+	struct list_head	csessions;
+	int		sesn;
+};
+
+static struct csession *csefind(struct fcrypt *, u_int);
+static int csedelete(struct fcrypt *, struct csession *);
+static struct csession *cseadd(struct fcrypt *, struct csession *);
+static struct csession *csecreate(struct fcrypt *, u_int64_t,
+		struct cryptoini *crie, struct cryptoini *cria, struct csession_info *);
+static int csefree(struct csession *);
+
+static	int cryptodev_op(struct csession *, struct crypt_op *);
+static	int cryptodev_key(struct crypt_kop *);
+static	int cryptodev_find(struct crypt_find_op *);
+
+static int cryptodev_cb(void *);
+static int cryptodev_open(struct inode *inode, struct file *filp);
+
+/*
+ * Check a crypto identifier to see if it requested
+ * a valid crid and it's capabilities match.
+ */
+static int
+checkcrid(int crid)
+{
+	int hid = crid & ~(CRYPTOCAP_F_SOFTWARE | CRYPTOCAP_F_HARDWARE);
+	int typ = crid & (CRYPTOCAP_F_SOFTWARE | CRYPTOCAP_F_HARDWARE);
+	int caps = 0;
+
+	/* if the user hasn't selected a driver, then just call newsession */
+	if (hid == 0 && typ != 0)
+		return 0;
+
+	caps = crypto_getcaps(hid);
+
+	/* didn't find anything with capabilities */
+	if (caps == 0) {
+		dprintk("%s: hid=%x typ=%x not matched\n", __FUNCTION__, hid, typ);
+		return EINVAL;
+	}
+
+	/* the user didn't specify SW or HW, so the driver is ok */
+	if (typ == 0)
+		return 0;
+
+	/* if the type specified didn't match */
+	if (typ != (caps & (CRYPTOCAP_F_SOFTWARE | CRYPTOCAP_F_HARDWARE))) {
+		dprintk("%s: hid=%x typ=%x caps=%x not matched\n", __FUNCTION__,
+				hid, typ, caps);
+		return EINVAL;
+	}
+
+	return 0;
+}
+
+static int
+cryptodev_op(struct csession *cse, struct crypt_op *cop)
+{
+	struct cryptop *crp = NULL;
+	struct cryptodesc *crde = NULL, *crda = NULL;
+	int error = 0;
+
+	dprintk("%s()\n", __FUNCTION__);
+	if (cop->len > CRYPTO_MAX_DATA_LEN) {
+		dprintk("%s: %d > %d\n", __FUNCTION__, cop->len, CRYPTO_MAX_DATA_LEN);
+		return (E2BIG);
+	}
+
+	if (cse->info.blocksize && (cop->len % cse->info.blocksize) != 0) {
+		dprintk("%s: blocksize=%d len=%d\n", __FUNCTION__, cse->info.blocksize,
+				cop->len);
+		return (EINVAL);
+	}
+
+	cse->uio.uio_iov = &cse->iovec;
+	cse->uio.uio_iovcnt = 1;
+	cse->uio.uio_offset = 0;
+#if 0
+	cse->uio.uio_resid = cop->len;
+	cse->uio.uio_segflg = UIO_SYSSPACE;
+	cse->uio.uio_rw = UIO_WRITE;
+	cse->uio.uio_td = td;
+#endif
+	cse->uio.uio_iov[0].iov_len = cop->len;
+	if (cse->info.authsize)
+		cse->uio.uio_iov[0].iov_len += cse->info.authsize;
+	cse->uio.uio_iov[0].iov_base = kmalloc(cse->uio.uio_iov[0].iov_len,
+			GFP_KERNEL);
+
+	if (cse->uio.uio_iov[0].iov_base == NULL) {
+		dprintk("%s: iov_base kmalloc(%d) failed\n", __FUNCTION__,
+				(int)cse->uio.uio_iov[0].iov_len);
+		return (ENOMEM);
+	}
+
+	crp = crypto_getreq((cse->info.blocksize != 0) + (cse->info.authsize != 0));
+	if (crp == NULL) {
+		dprintk("%s: ENOMEM\n", __FUNCTION__);
+		error = ENOMEM;
+		goto bail;
+	}
+
+	if (cse->info.authsize && cse->info.blocksize) {
+		if (cop->op == COP_ENCRYPT) {
+			crde = crp->crp_desc;
+			crda = crde->crd_next;
+		} else {
+			crda = crp->crp_desc;
+			crde = crda->crd_next;
+		}
+	} else if (cse->info.authsize) {
+		crda = crp->crp_desc;
+	} else if (cse->info.blocksize) {
+		crde = crp->crp_desc;
+	} else {
+		dprintk("%s: bad request\n", __FUNCTION__);
+		error = EINVAL;
+		goto bail;
+	}
+
+	if ((error = copy_from_user(cse->uio.uio_iov[0].iov_base, cop->src,
+					cop->len))) {
+		dprintk("%s: bad copy\n", __FUNCTION__);
+		goto bail;
+	}
+
+	if (crda) {
+		crda->crd_skip = 0;
+		crda->crd_len = cop->len;
+		crda->crd_inject = cop->len;
+
+		crda->crd_alg = cse->mac;
+		crda->crd_key = cse->mackey;
+		crda->crd_klen = cse->mackeylen * 8;
+	}
+
+	if (crde) {
+		if (cop->op == COP_ENCRYPT)
+			crde->crd_flags |= CRD_F_ENCRYPT;
+		else
+			crde->crd_flags &= ~CRD_F_ENCRYPT;
+		crde->crd_len = cop->len;
+		crde->crd_inject = 0;
+
+		crde->crd_alg = cse->cipher;
+		crde->crd_key = cse->key;
+		crde->crd_klen = cse->keylen * 8;
+	}
+
+	crp->crp_ilen = cse->uio.uio_iov[0].iov_len;
+	crp->crp_flags = CRYPTO_F_IOV | CRYPTO_F_CBIMM
+		       | (cop->flags & COP_F_BATCH);
+	crp->crp_buf = (caddr_t)&cse->uio;
+	crp->crp_callback = (int (*) (struct cryptop *)) cryptodev_cb;
+	crp->crp_sid = cse->sid;
+	crp->crp_opaque = (void *)cse;
+
+	if (cop->iv) {
+		if (crde == NULL) {
+			error = EINVAL;
+			dprintk("%s no crde\n", __FUNCTION__);
+			goto bail;
+		}
+		if (cse->cipher == CRYPTO_ARC4) { /* XXX use flag? */
+			error = EINVAL;
+			dprintk("%s arc4 with IV\n", __FUNCTION__);
+			goto bail;
+		}
+		if ((error = copy_from_user(cse->tmp_iv, cop->iv,
+						cse->info.blocksize))) {
+			dprintk("%s bad iv copy\n", __FUNCTION__);
+			goto bail;
+		}
+		memcpy(crde->crd_iv, cse->tmp_iv, cse->info.blocksize);
+		crde->crd_flags |= CRD_F_IV_EXPLICIT | CRD_F_IV_PRESENT;
+		crde->crd_skip = 0;
+	} else if (cse->cipher == CRYPTO_ARC4) { /* XXX use flag? */
+		crde->crd_skip = 0;
+	} else if (crde) {
+		crde->crd_flags |= CRD_F_IV_PRESENT;
+		crde->crd_skip = cse->info.blocksize;
+		crde->crd_len -= cse->info.blocksize;
+	}
+
+	if (cop->mac && crda == NULL) {
+		error = EINVAL;
+		dprintk("%s no crda\n", __FUNCTION__);
+		goto bail;
+	}
+
+	/*
+	 * Let the dispatch run unlocked, then, interlock against the
+	 * callback before checking if the operation completed and going
+	 * to sleep.  This insures drivers don't inherit our lock which
+	 * results in a lock order reversal between crypto_dispatch forced
+	 * entry and the crypto_done callback into us.
+	 */
+	error = crypto_dispatch(crp);
+	if (error) {
+		dprintk("%s error in crypto_dispatch\n", __FUNCTION__);
+		goto bail;
+	}
+
+	dprintk("%s about to WAIT\n", __FUNCTION__);
+	/*
+	 * we really need to wait for driver to complete to maintain
+	 * state,  luckily interrupts will be remembered
+	 */
+	do {
+		error = wait_event_interruptible(crp->crp_waitq,
+				((crp->crp_flags & CRYPTO_F_DONE) != 0));
+		/*
+		 * we can't break out of this loop or we will leave behind
+		 * a huge mess,  however,  staying here means if your driver
+		 * is broken user applications can hang and not be killed.
+		 * The solution,  fix your driver :-)
+		 */
+		if (error) {
+			schedule();
+			error = 0;
+		}
+	} while ((crp->crp_flags & CRYPTO_F_DONE) == 0);
+	dprintk("%s finished WAITING error=%d\n", __FUNCTION__, error);
+
+	if (crp->crp_etype != 0) {
+		error = crp->crp_etype;
+		dprintk("%s error in crp processing\n", __FUNCTION__);
+		goto bail;
+	}
+
+	if (cse->error) {
+		error = cse->error;
+		dprintk("%s error in cse processing\n", __FUNCTION__);
+		goto bail;
+	}
+
+	if (cop->dst && (error = copy_to_user(cop->dst,
+					cse->uio.uio_iov[0].iov_base, cop->len))) {
+		dprintk("%s bad dst copy\n", __FUNCTION__);
+		goto bail;
+	}
+
+	if (cop->mac &&
+			(error=copy_to_user(cop->mac,
+				(caddr_t)cse->uio.uio_iov[0].iov_base + cop->len,
+				cse->info.authsize))) {
+		dprintk("%s bad mac copy\n", __FUNCTION__);
+		goto bail;
+	}
+
+bail:
+	if (crp)
+		crypto_freereq(crp);
+	if (cse->uio.uio_iov[0].iov_base)
+		kfree(cse->uio.uio_iov[0].iov_base);
+
+	return (error);
+}
+
+static int
+cryptodev_cb(void *op)
+{
+	struct cryptop *crp = (struct cryptop *) op;
+	struct csession *cse = (struct csession *)crp->crp_opaque;
+	int error;
+
+	dprintk("%s()\n", __FUNCTION__);
+	error = crp->crp_etype;
+	if (error == EAGAIN) {
+		crp->crp_flags &= ~CRYPTO_F_DONE;
+#ifdef NOTYET
+		/*
+		 * DAVIDM I am fairly sure that we should turn this into a batch
+		 * request to stop bad karma/lockup, revisit
+		 */
+		crp->crp_flags |= CRYPTO_F_BATCH;
+#endif
+		return crypto_dispatch(crp);
+	}
+	if (error != 0 || (crp->crp_flags & CRYPTO_F_DONE)) {
+		cse->error = error;
+		wake_up_interruptible(&crp->crp_waitq);
+	}
+	return (0);
+}
+
+static int
+cryptodevkey_cb(void *op)
+{
+	struct cryptkop *krp = (struct cryptkop *) op;
+	dprintk("%s()\n", __FUNCTION__);
+	wake_up_interruptible(&krp->krp_waitq);
+	return (0);
+}
+
+static int
+cryptodev_key(struct crypt_kop *kop)
+{
+	struct cryptkop *krp = NULL;
+	int error = EINVAL;
+	int in, out, size, i;
+
+	dprintk("%s()\n", __FUNCTION__);
+	if (kop->crk_iparams + kop->crk_oparams > CRK_MAXPARAM) {
+		dprintk("%s params too big\n", __FUNCTION__);
+		return (EFBIG);
+	}
+
+	in = kop->crk_iparams;
+	out = kop->crk_oparams;
+	switch (kop->crk_op) {
+	case CRK_MOD_EXP:
+		if (in == 3 && out == 1)
+			break;
+		return (EINVAL);
+	case CRK_MOD_EXP_CRT:
+		if (in == 6 && out == 1)
+			break;
+		return (EINVAL);
+	case CRK_DSA_SIGN:
+		if (in == 5 && out == 2)
+			break;
+		return (EINVAL);
+	case CRK_DSA_VERIFY:
+		if (in == 7 && out == 0)
+			break;
+		return (EINVAL);
+	case CRK_DH_COMPUTE_KEY:
+		if (in == 3 && out == 1)
+			break;
+		return (EINVAL);
+	default:
+		return (EINVAL);
+	}
+
+	krp = (struct cryptkop *)kmalloc(sizeof *krp, GFP_KERNEL);
+	if (!krp)
+		return (ENOMEM);
+	bzero(krp, sizeof *krp);
+	krp->krp_op = kop->crk_op;
+	krp->krp_status = kop->crk_status;
+	krp->krp_iparams = kop->crk_iparams;
+	krp->krp_oparams = kop->crk_oparams;
+	krp->krp_crid = kop->crk_crid;
+	krp->krp_status = 0;
+	krp->krp_flags = CRYPTO_KF_CBIMM;
+	krp->krp_callback = (int (*) (struct cryptkop *)) cryptodevkey_cb;
+	init_waitqueue_head(&krp->krp_waitq);
+
+	for (i = 0; i < CRK_MAXPARAM; i++)
+		krp->krp_param[i].crp_nbits = kop->crk_param[i].crp_nbits;
+	for (i = 0; i < krp->krp_iparams + krp->krp_oparams; i++) {
+		size = (krp->krp_param[i].crp_nbits + 7) / 8;
+		if (size == 0)
+			continue;
+		krp->krp_param[i].crp_p = (caddr_t) kmalloc(size, GFP_KERNEL);
+		if (i >= krp->krp_iparams)
+			continue;
+		error = copy_from_user(krp->krp_param[i].crp_p,
+				kop->crk_param[i].crp_p, size);
+		if (error)
+			goto fail;
+	}
+
+	error = crypto_kdispatch(krp);
+	if (error)
+		goto fail;
+
+	do {
+		error = wait_event_interruptible(krp->krp_waitq,
+				((krp->krp_flags & CRYPTO_KF_DONE) != 0));
+		/*
+		 * we can't break out of this loop or we will leave behind
+		 * a huge mess,  however,  staying here means if your driver
+		 * is broken user applications can hang and not be killed.
+		 * The solution,  fix your driver :-)
+		 */
+		if (error) {
+			schedule();
+			error = 0;
+		}
+	} while ((krp->krp_flags & CRYPTO_KF_DONE) == 0);
+
+	dprintk("%s finished WAITING error=%d\n", __FUNCTION__, error);
+
+	kop->crk_crid = krp->krp_crid;		/* device that did the work */
+	if (krp->krp_status != 0) {
+		error = krp->krp_status;
+		goto fail;
+	}
+
+	for (i = krp->krp_iparams; i < krp->krp_iparams + krp->krp_oparams; i++) {
+		size = (krp->krp_param[i].crp_nbits + 7) / 8;
+		if (size == 0)
+			continue;
+		error = copy_to_user(kop->crk_param[i].crp_p, krp->krp_param[i].crp_p,
+				size);
+		if (error)
+			goto fail;
+	}
+
+fail:
+	if (krp) {
+		kop->crk_status = krp->krp_status;
+		for (i = 0; i < CRK_MAXPARAM; i++) {
+			if (krp->krp_param[i].crp_p)
+				kfree(krp->krp_param[i].crp_p);
+		}
+		kfree(krp);
+	}
+	return (error);
+}
+
+static int
+cryptodev_find(struct crypt_find_op *find)
+{
+	device_t dev;
+
+	if (find->crid != -1) {
+		dev = crypto_find_device_byhid(find->crid);
+		if (dev == NULL)
+			return (ENOENT);
+		strlcpy(find->name, device_get_nameunit(dev),
+		    sizeof(find->name));
+	} else {
+		find->crid = crypto_find_driver(find->name);
+		if (find->crid == -1)
+			return (ENOENT);
+	}
+	return (0);
+}
+
+static struct csession *
+csefind(struct fcrypt *fcr, u_int ses)
+{
+	struct csession *cse;
+
+	dprintk("%s()\n", __FUNCTION__);
+	list_for_each_entry(cse, &fcr->csessions, list)
+		if (cse->ses == ses)
+			return (cse);
+	return (NULL);
+}
+
+static int
+csedelete(struct fcrypt *fcr, struct csession *cse_del)
+{
+	struct csession *cse;
+
+	dprintk("%s()\n", __FUNCTION__);
+	list_for_each_entry(cse, &fcr->csessions, list) {
+		if (cse == cse_del) {
+			list_del(&cse->list);
+			return (1);
+		}
+	}
+	return (0);
+}
+
+static struct csession *
+cseadd(struct fcrypt *fcr, struct csession *cse)
+{
+	dprintk("%s()\n", __FUNCTION__);
+	list_add_tail(&cse->list, &fcr->csessions);
+	cse->ses = fcr->sesn++;
+	return (cse);
+}
+
+static struct csession *
+csecreate(struct fcrypt *fcr, u_int64_t sid, struct cryptoini *crie,
+	struct cryptoini *cria, struct csession_info *info)
+{
+	struct csession *cse;
+
+	dprintk("%s()\n", __FUNCTION__);
+	cse = (struct csession *) kmalloc(sizeof(struct csession), GFP_KERNEL);
+	if (cse == NULL)
+		return NULL;
+	memset(cse, 0, sizeof(struct csession));
+
+	INIT_LIST_HEAD(&cse->list);
+	init_waitqueue_head(&cse->waitq);
+
+	cse->key = crie->cri_key;
+	cse->keylen = crie->cri_klen/8;
+	cse->mackey = cria->cri_key;
+	cse->mackeylen = cria->cri_klen/8;
+	cse->sid = sid;
+	cse->cipher = crie->cri_alg;
+	cse->mac = cria->cri_alg;
+	cse->info = *info;
+	cseadd(fcr, cse);
+	return (cse);
+}
+
+static int
+csefree(struct csession *cse)
+{
+	int error;
+
+	dprintk("%s()\n", __FUNCTION__);
+	error = crypto_freesession(cse->sid);
+	if (cse->key)
+		kfree(cse->key);
+	if (cse->mackey)
+		kfree(cse->mackey);
+	kfree(cse);
+	return(error);
+}
+
+static int
+cryptodev_ioctl(
+	struct inode *inode,
+	struct file *filp,
+	unsigned int cmd,
+	unsigned long arg)
+{
+	struct cryptoini cria, crie;
+	struct fcrypt *fcr = filp->private_data;
+	struct csession *cse;
+	struct csession_info info;
+	struct session2_op sop;
+	struct crypt_op cop;
+	struct crypt_kop kop;
+	struct crypt_find_op fop;
+	u_int64_t sid;
+	u_int32_t ses = 0;
+	int feat, fd, error = 0, crid;
+	mm_segment_t fs;
+
+	dprintk("%s(cmd=%x arg=%lx)\n", __FUNCTION__, cmd, arg);
+
+	switch (cmd) {
+
+	case CRIOGET: {
+		dprintk("%s(CRIOGET)\n", __FUNCTION__);
+		fs = get_fs();
+		set_fs(get_ds());
+		for (fd = 0; fd < files_fdtable(current->files)->max_fds; fd++)
+			if (files_fdtable(current->files)->fd[fd] == filp)
+				break;
+		fd = sys_dup(fd);
+		set_fs(fs);
+		put_user(fd, (int *) arg);
+		return IS_ERR_VALUE(fd) ? fd : 0;
+		}
+
+#define	CIOCGSESSSTR	(cmd == CIOCGSESSION ? "CIOCGSESSION" : "CIOCGSESSION2")
+	case CIOCGSESSION:
+	case CIOCGSESSION2:
+		dprintk("%s(%s)\n", __FUNCTION__, CIOCGSESSSTR);
+		memset(&crie, 0, sizeof(crie));
+		memset(&cria, 0, sizeof(cria));
+		memset(&info, 0, sizeof(info));
+		memset(&sop, 0, sizeof(sop));
+
+		if (copy_from_user(&sop, (void*)arg, (cmd == CIOCGSESSION) ?
+					sizeof(struct session_op) : sizeof(sop))) {
+			dprintk("%s(%s) - bad copy\n", __FUNCTION__, CIOCGSESSSTR);
+			error = EFAULT;
+			goto bail;
+		}
+
+		switch (sop.cipher) {
+		case 0:
+			dprintk("%s(%s) - no cipher\n", __FUNCTION__, CIOCGSESSSTR);
+			break;
+		case CRYPTO_NULL_CBC:
+			info.blocksize = NULL_BLOCK_LEN;
+			info.minkey = NULL_MIN_KEY_LEN;
+			info.maxkey = NULL_MAX_KEY_LEN;
+			break;
+		case CRYPTO_DES_CBC:
+			info.blocksize = DES_BLOCK_LEN;
+			info.minkey = DES_MIN_KEY_LEN;
+			info.maxkey = DES_MAX_KEY_LEN;
+			break;
+		case CRYPTO_3DES_CBC:
+			info.blocksize = DES3_BLOCK_LEN;
+			info.minkey = DES3_MIN_KEY_LEN;
+			info.maxkey = DES3_MAX_KEY_LEN;
+			break;
+		case CRYPTO_BLF_CBC:
+			info.blocksize = BLOWFISH_BLOCK_LEN;
+			info.minkey = BLOWFISH_MIN_KEY_LEN;
+			info.maxkey = BLOWFISH_MAX_KEY_LEN;
+			break;
+		case CRYPTO_CAST_CBC:
+			info.blocksize = CAST128_BLOCK_LEN;
+			info.minkey = CAST128_MIN_KEY_LEN;
+			info.maxkey = CAST128_MAX_KEY_LEN;
+			break;
+		case CRYPTO_SKIPJACK_CBC:
+			info.blocksize = SKIPJACK_BLOCK_LEN;
+			info.minkey = SKIPJACK_MIN_KEY_LEN;
+			info.maxkey = SKIPJACK_MAX_KEY_LEN;
+			break;
+		case CRYPTO_AES_CBC:
+			info.blocksize = AES_BLOCK_LEN;
+			info.minkey = AES_MIN_KEY_LEN;
+			info.maxkey = AES_MAX_KEY_LEN;
+			break;
+		case CRYPTO_ARC4:
+			info.blocksize = ARC4_BLOCK_LEN;
+			info.minkey = ARC4_MIN_KEY_LEN;
+			info.maxkey = ARC4_MAX_KEY_LEN;
+			break;
+		case CRYPTO_CAMELLIA_CBC:
+			info.blocksize = CAMELLIA_BLOCK_LEN;
+			info.minkey = CAMELLIA_MIN_KEY_LEN;
+			info.maxkey = CAMELLIA_MAX_KEY_LEN;
+			break;
+		default:
+			dprintk("%s(%s) - bad cipher\n", __FUNCTION__, CIOCGSESSSTR);
+			error = EINVAL;
+			goto bail;
+		}
+
+		switch (sop.mac) {
+		case 0:
+			dprintk("%s(%s) - no mac\n", __FUNCTION__, CIOCGSESSSTR);
+			break;
+		case CRYPTO_NULL_HMAC:
+			info.authsize = NULL_HASH_LEN;
+			break;
+		case CRYPTO_MD5:
+			info.authsize = MD5_HASH_LEN;
+			break;
+		case CRYPTO_SHA1:
+			info.authsize = SHA1_HASH_LEN;
+			break;
+		case CRYPTO_SHA2_256:
+			info.authsize = SHA2_256_HASH_LEN;
+			break;
+		case CRYPTO_SHA2_384:
+			info.authsize = SHA2_384_HASH_LEN;
+  			break;
+		case CRYPTO_SHA2_512:
+			info.authsize = SHA2_512_HASH_LEN;
+			break;
+		case CRYPTO_RIPEMD160:
+			info.authsize = RIPEMD160_HASH_LEN;
+			break;
+		case CRYPTO_MD5_HMAC:
+			info.authsize = MD5_HASH_LEN;
+			info.authkey = 16;
+			break;
+		case CRYPTO_SHA1_HMAC:
+			info.authsize = SHA1_HASH_LEN;
+			info.authkey = 20;
+			break;
+		case CRYPTO_SHA2_256_HMAC:
+			info.authsize = SHA2_256_HASH_LEN;
+			info.authkey = 32;
+			break;
+		case CRYPTO_SHA2_384_HMAC:
+			info.authsize = SHA2_384_HASH_LEN;
+			info.authkey = 48;
+  			break;
+		case CRYPTO_SHA2_512_HMAC:
+			info.authsize = SHA2_512_HASH_LEN;
+			info.authkey = 64;
+			break;
+		case CRYPTO_RIPEMD160_HMAC:
+			info.authsize = RIPEMD160_HASH_LEN;
+			info.authkey = 20;
+			break;
+		default:
+			dprintk("%s(%s) - bad mac\n", __FUNCTION__, CIOCGSESSSTR);
+			error = EINVAL;
+			goto bail;
+		}
+
+		if (info.blocksize) {
+			crie.cri_alg = sop.cipher;
+			crie.cri_klen = sop.keylen * 8;
+			if ((info.maxkey && sop.keylen > info.maxkey) ||
+				   	sop.keylen < info.minkey) {
+				dprintk("%s(%s) - bad key\n", __FUNCTION__, CIOCGSESSSTR);
+				error = EINVAL;
+				goto bail;
+			}
+
+			crie.cri_key = (u_int8_t *) kmalloc(crie.cri_klen/8+1, GFP_KERNEL);
+			if (copy_from_user(crie.cri_key, sop.key,
+							crie.cri_klen/8)) {
+				dprintk("%s(%s) - bad copy\n", __FUNCTION__, CIOCGSESSSTR);
+				error = EFAULT;
+				goto bail;
+			}
+			if (info.authsize)
+				crie.cri_next = &cria;
+		}
+
+		if (info.authsize) {
+			cria.cri_alg = sop.mac;
+			cria.cri_klen = sop.mackeylen * 8;
+			if (info.authkey && sop.mackeylen != info.authkey) {
+				dprintk("%s(%s) - mackeylen %d != %d\n", __FUNCTION__,
+						CIOCGSESSSTR, sop.mackeylen, info.authkey);
+				error = EINVAL;
+				goto bail;
+			}
+
+			if (cria.cri_klen) {
+				cria.cri_key = (u_int8_t *) kmalloc(cria.cri_klen/8,GFP_KERNEL);
+				if (copy_from_user(cria.cri_key, sop.mackey,
+								cria.cri_klen / 8)) {
+					dprintk("%s(%s) - bad copy\n", __FUNCTION__, CIOCGSESSSTR);
+					error = EFAULT;
+					goto bail;
+				}
+			}
+		}
+
+		/* NB: CIOGSESSION2 has the crid */
+		if (cmd == CIOCGSESSION2) {
+			crid = sop.crid;
+			error = checkcrid(crid);
+			if (error) {
+				dprintk("%s(%s) - checkcrid %x\n", __FUNCTION__,
+						CIOCGSESSSTR, error);
+				goto bail;
+			}
+		} else {
+			/* allow either HW or SW to be used */
+			crid = CRYPTOCAP_F_HARDWARE | CRYPTOCAP_F_SOFTWARE;
+		}
+		error = crypto_newsession(&sid, (info.blocksize ? &crie : &cria), crid);
+		if (error) {
+			dprintk("%s(%s) - newsession %d\n",__FUNCTION__,CIOCGSESSSTR,error);
+			goto bail;
+		}
+
+		cse = csecreate(fcr, sid, &crie, &cria, &info);
+		if (cse == NULL) {
+			crypto_freesession(sid);
+			error = EINVAL;
+			dprintk("%s(%s) - csecreate failed\n", __FUNCTION__, CIOCGSESSSTR);
+			goto bail;
+		}
+		sop.ses = cse->ses;
+
+		if (cmd == CIOCGSESSION2) {
+			/* return hardware/driver id */
+			sop.crid = CRYPTO_SESID2HID(cse->sid);
+		}
+
+		if (copy_to_user((void*)arg, &sop, (cmd == CIOCGSESSION) ?
+					sizeof(struct session_op) : sizeof(sop))) {
+			dprintk("%s(%s) - bad copy\n", __FUNCTION__, CIOCGSESSSTR);
+			error = EFAULT;
+		}
+bail:
+		if (error) {
+			dprintk("%s(%s) - bail %d\n", __FUNCTION__, CIOCGSESSSTR, error);
+			if (crie.cri_key)
+				kfree(crie.cri_key);
+			if (cria.cri_key)
+				kfree(cria.cri_key);
+		}
+		break;
+	case CIOCFSESSION:
+		dprintk("%s(CIOCFSESSION)\n", __FUNCTION__);
+		get_user(ses, (uint32_t*)arg);
+		cse = csefind(fcr, ses);
+		if (cse == NULL) {
+			error = EINVAL;
+			dprintk("%s(CIOCFSESSION) - Fail %d\n", __FUNCTION__, error);
+			break;
+		}
+		csedelete(fcr, cse);
+		error = csefree(cse);
+		break;
+	case CIOCCRYPT:
+		dprintk("%s(CIOCCRYPT)\n", __FUNCTION__);
+		if(copy_from_user(&cop, (void*)arg, sizeof(cop))) {
+			dprintk("%s(CIOCCRYPT) - bad copy\n", __FUNCTION__);
+			error = EFAULT;
+			goto bail;
+		}
+		cse = csefind(fcr, cop.ses);
+		if (cse == NULL) {
+			error = EINVAL;
+			dprintk("%s(CIOCCRYPT) - Fail %d\n", __FUNCTION__, error);
+			break;
+		}
+		error = cryptodev_op(cse, &cop);
+		if(copy_to_user((void*)arg, &cop, sizeof(cop))) {
+			dprintk("%s(CIOCCRYPT) - bad return copy\n", __FUNCTION__);
+			error = EFAULT;
+			goto bail;
+		}
+		break;
+	case CIOCKEY:
+	case CIOCKEY2:
+		dprintk("%s(CIOCKEY)\n", __FUNCTION__);
+		if (!crypto_userasymcrypto)
+			return (EPERM);		/* XXX compat? */
+		if(copy_from_user(&kop, (void*)arg, sizeof(kop))) {
+			dprintk("%s(CIOCKEY) - bad copy\n", __FUNCTION__);
+			error = EFAULT;
+			goto bail;
+		}
+		if (cmd == CIOCKEY) {
+			/* NB: crypto core enforces s/w driver use */
+			kop.crk_crid =
+			    CRYPTOCAP_F_HARDWARE | CRYPTOCAP_F_SOFTWARE;
+		}
+		error = cryptodev_key(&kop);
+		if(copy_to_user((void*)arg, &kop, sizeof(kop))) {
+			dprintk("%s(CIOCGKEY) - bad return copy\n", __FUNCTION__);
+			error = EFAULT;
+			goto bail;
+		}
+		break;
+	case CIOCASYMFEAT:
+		dprintk("%s(CIOCASYMFEAT)\n", __FUNCTION__);
+		if (!crypto_userasymcrypto) {
+			/*
+			 * NB: if user asym crypto operations are
+			 * not permitted return "no algorithms"
+			 * so well-behaved applications will just
+			 * fallback to doing them in software.
+			 */
+			feat = 0;
+		} else
+			error = crypto_getfeat(&feat);
+		if (!error) {
+		  error = copy_to_user((void*)arg, &feat, sizeof(feat));
+		}
+		break;
+	case CIOCFINDDEV:
+		if (copy_from_user(&fop, (void*)arg, sizeof(fop))) {
+			dprintk("%s(CIOCFINDDEV) - bad copy\n", __FUNCTION__);
+			error = EFAULT;
+			goto bail;
+		}
+		error = cryptodev_find(&fop);
+		if (copy_to_user((void*)arg, &fop, sizeof(fop))) {
+			dprintk("%s(CIOCFINDDEV) - bad return copy\n", __FUNCTION__);
+			error = EFAULT;
+			goto bail;
+		}
+		break;
+	default:
+		dprintk("%s(unknown ioctl 0x%x)\n", __FUNCTION__, cmd);
+		error = EINVAL;
+		break;
+	}
+	return(-error);
+}
+
+#ifdef HAVE_UNLOCKED_IOCTL
+static long
+cryptodev_unlocked_ioctl(
+	struct file *filp,
+	unsigned int cmd,
+	unsigned long arg)
+{
+	return cryptodev_ioctl(NULL, filp, cmd, arg);
+}
+#endif
+
+static int
+cryptodev_open(struct inode *inode, struct file *filp)
+{
+	struct fcrypt *fcr;
+
+	dprintk("%s()\n", __FUNCTION__);
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,35)
+	/*
+	 * on 2.6.35 private_data points to a miscdevice structure, we override
+	 * it,  which is currently safe to do.
+	 */
+	if (filp->private_data) {
+		printk("cryptodev: Private data already exists - %p!\n", filp->private_data);
+		return(-ENODEV);
+	}
+#endif
+
+	fcr = kmalloc(sizeof(*fcr), GFP_KERNEL);
+	if (!fcr) {
+		dprintk("%s() - malloc failed\n", __FUNCTION__);
+		return(-ENOMEM);
+	}
+	memset(fcr, 0, sizeof(*fcr));
+
+	INIT_LIST_HEAD(&fcr->csessions);
+	filp->private_data = fcr;
+	return(0);
+}
+
+static int
+cryptodev_release(struct inode *inode, struct file *filp)
+{
+	struct fcrypt *fcr = filp->private_data;
+	struct csession *cse, *tmp;
+
+	dprintk("%s()\n", __FUNCTION__);
+	if (!filp) {
+		printk("cryptodev: No private data on release\n");
+		return(0);
+	}
+
+	list_for_each_entry_safe(cse, tmp, &fcr->csessions, list) {
+		list_del(&cse->list);
+		(void)csefree(cse);
+	}
+	filp->private_data = NULL;
+	kfree(fcr);
+	return(0);
+}
+
+static struct file_operations cryptodev_fops = {
+	.owner = THIS_MODULE,
+	.open = cryptodev_open,
+	.release = cryptodev_release,
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,36)
+	.ioctl = cryptodev_ioctl,
+#endif
+#ifdef HAVE_UNLOCKED_IOCTL
+	.unlocked_ioctl = cryptodev_unlocked_ioctl,
+#endif
+};
+
+static struct miscdevice cryptodev = {
+	.minor = CRYPTODEV_MINOR,
+	.name = "crypto",
+	.fops = &cryptodev_fops,
+};
+
+static int __init
+cryptodev_init(void)
+{
+	int rc;
+
+	dprintk("%s(%p)\n", __FUNCTION__, cryptodev_init);
+	rc = misc_register(&cryptodev);
+	if (rc) {
+		printk(KERN_ERR "cryptodev: registration of /dev/crypto failed\n");
+		return(rc);
+	}
+
+	return(0);
+}
+
+static void __exit
+cryptodev_exit(void)
+{
+	dprintk("%s()\n", __FUNCTION__);
+	misc_deregister(&cryptodev);
+}
+
+module_init(cryptodev_init);
+module_exit(cryptodev_exit);
+
+MODULE_LICENSE("BSD");
+MODULE_AUTHOR("David McCullough <david_mccullough@mcafee.com>");
+MODULE_DESCRIPTION("Cryptodev (user interface to OCF)");
+/*	$FreeBSD: src/sys/opencrypto/cryptodev.h,v 1.25 2007/05/09 19:37:02 gnn Exp $	*/
+/*	$OpenBSD: cryptodev.h,v 1.31 2002/06/11 11:14:29 beck Exp $	*/
+
+/*-
+ * Linux port done by David McCullough <david_mccullough@mcafee.com>
+ * Copyright (C) 2006-2010 David McCullough
+ * Copyright (C) 2004-2005 Intel Corporation.
+ * The license and original author are listed below.
+ *
+ * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)
+ * Copyright (c) 2002-2006 Sam Leffler, Errno Consulting
+ *
+ * This code was written by Angelos D. Keromytis in Athens, Greece, in
+ * February 2000. Network Security Technologies Inc. (NSTI) kindly
+ * supported the development of this code.
+ *
+ * Copyright (c) 2000 Angelos D. Keromytis
+ *
+ * Permission to use, copy, and modify this software with or without fee
+ * is hereby granted, provided that this entire notice is included in
+ * all source code copies of any software which is or includes a copy or
+ * modification of this software.
+ *
+ * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY
+ * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
+ * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
+ * PURPOSE.
+ *
+ * Copyright (c) 2001 Theo de Raadt
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in the
+ *   documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *   derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * Effort sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F30602-01-2-0537.
+ *
+ */
+
+#ifndef _CRYPTO_CRYPTO_H_
+#define _CRYPTO_CRYPTO_H_
+
+/* Some initial values */
+#define CRYPTO_DRIVERS_INITIAL	4
+#define CRYPTO_SW_SESSIONS	32
+
+/* Hash values */
+#define NULL_HASH_LEN		0
+#define MD5_HASH_LEN		16
+#define SHA1_HASH_LEN		20
+#define RIPEMD160_HASH_LEN	20
+#define SHA2_256_HASH_LEN	32
+#define SHA2_384_HASH_LEN	48
+#define SHA2_512_HASH_LEN	64
+#define MD5_KPDK_HASH_LEN	16
+#define SHA1_KPDK_HASH_LEN	20
+/* Maximum hash algorithm result length */
+#define HASH_MAX_LEN		SHA2_512_HASH_LEN /* Keep this updated */
+
+/* HMAC values */
+#define NULL_HMAC_BLOCK_LEN			1
+#define MD5_HMAC_BLOCK_LEN			64
+#define SHA1_HMAC_BLOCK_LEN			64
+#define RIPEMD160_HMAC_BLOCK_LEN	64
+#define SHA2_256_HMAC_BLOCK_LEN		64
+#define SHA2_384_HMAC_BLOCK_LEN		128
+#define SHA2_512_HMAC_BLOCK_LEN		128
+/* Maximum HMAC block length */
+#define HMAC_MAX_BLOCK_LEN		SHA2_512_HMAC_BLOCK_LEN /* Keep this updated */
+#define HMAC_IPAD_VAL			0x36
+#define HMAC_OPAD_VAL			0x5C
+
+/* Encryption algorithm block sizes */
+#define NULL_BLOCK_LEN			1
+#define DES_BLOCK_LEN			8
+#define DES3_BLOCK_LEN			8
+#define BLOWFISH_BLOCK_LEN		8
+#define SKIPJACK_BLOCK_LEN		8
+#define CAST128_BLOCK_LEN		8
+#define RIJNDAEL128_BLOCK_LEN	16
+#define AES_BLOCK_LEN			RIJNDAEL128_BLOCK_LEN
+#define CAMELLIA_BLOCK_LEN		16
+#define ARC4_BLOCK_LEN			1
+#define EALG_MAX_BLOCK_LEN		AES_BLOCK_LEN /* Keep this updated */
+
+/* Encryption algorithm min and max key sizes */
+#define NULL_MIN_KEY_LEN		0
+#define NULL_MAX_KEY_LEN		0
+#define DES_MIN_KEY_LEN			8
+#define DES_MAX_KEY_LEN			8
+#define DES3_MIN_KEY_LEN		24
+#define DES3_MAX_KEY_LEN		24
+#define BLOWFISH_MIN_KEY_LEN	4
+#define BLOWFISH_MAX_KEY_LEN	56
+#define SKIPJACK_MIN_KEY_LEN	10
+#define SKIPJACK_MAX_KEY_LEN	10
+#define CAST128_MIN_KEY_LEN		5
+#define CAST128_MAX_KEY_LEN		16
+#define RIJNDAEL128_MIN_KEY_LEN	16
+#define RIJNDAEL128_MAX_KEY_LEN	32
+#define AES_MIN_KEY_LEN			RIJNDAEL128_MIN_KEY_LEN
+#define AES_MAX_KEY_LEN			RIJNDAEL128_MAX_KEY_LEN
+#define CAMELLIA_MIN_KEY_LEN	16
+#define CAMELLIA_MAX_KEY_LEN	32
+#define ARC4_MIN_KEY_LEN		1
+#define ARC4_MAX_KEY_LEN		256
+
+/* Max size of data that can be processed */
+#define CRYPTO_MAX_DATA_LEN		64*1024 - 1
+
+#define CRYPTO_ALGORITHM_MIN	1
+#define CRYPTO_DES_CBC			1
+#define CRYPTO_3DES_CBC			2
+#define CRYPTO_BLF_CBC			3
+#define CRYPTO_CAST_CBC			4
+#define CRYPTO_SKIPJACK_CBC		5
+#define CRYPTO_MD5_HMAC			6
+#define CRYPTO_SHA1_HMAC		7
+#define CRYPTO_RIPEMD160_HMAC	8
+#define CRYPTO_MD5_KPDK			9
+#define CRYPTO_SHA1_KPDK		10
+#define CRYPTO_RIJNDAEL128_CBC	11 /* 128 bit blocksize */
+#define CRYPTO_AES_CBC			11 /* 128 bit blocksize -- the same as above */
+#define CRYPTO_ARC4				12
+#define CRYPTO_MD5				13
+#define CRYPTO_SHA1				14
+#define CRYPTO_NULL_HMAC		15
+#define CRYPTO_NULL_CBC			16
+#define CRYPTO_DEFLATE_COMP		17 /* Deflate compression algorithm */
+#define CRYPTO_SHA2_256_HMAC	18
+#define CRYPTO_SHA2_384_HMAC	19
+#define CRYPTO_SHA2_512_HMAC	20
+#define CRYPTO_CAMELLIA_CBC		21
+#define CRYPTO_SHA2_256			22
+#define CRYPTO_SHA2_384			23
+#define CRYPTO_SHA2_512			24
+#define CRYPTO_RIPEMD160		25
+#define	CRYPTO_LZS_COMP			26
+#define CRYPTO_ALGORITHM_MAX	26 /* Keep updated - see above */
+
+/* Algorithm flags */
+#define CRYPTO_ALG_FLAG_SUPPORTED	0x01 /* Algorithm is supported */
+#define CRYPTO_ALG_FLAG_RNG_ENABLE	0x02 /* Has HW RNG for DH/DSA */
+#define CRYPTO_ALG_FLAG_DSA_SHA		0x04 /* Can do SHA on msg */
+
+/*
+ * Crypto driver/device flags.  They can set in the crid
+ * parameter when creating a session or submitting a key
+ * op to affect the device/driver assigned.  If neither
+ * of these are specified then the crid is assumed to hold
+ * the driver id of an existing (and suitable) device that
+ * must be used to satisfy the request.
+ */
+#define CRYPTO_FLAG_HARDWARE	0x01000000	/* hardware accelerated */
+#define CRYPTO_FLAG_SOFTWARE	0x02000000	/* software implementation */
+
+/* NB: deprecated */
+struct session_op {
+	u_int32_t	cipher;		/* ie. CRYPTO_DES_CBC */
+	u_int32_t	mac;		/* ie. CRYPTO_MD5_HMAC */
+
+	u_int32_t	keylen;		/* cipher key */
+	caddr_t		key;
+	int		mackeylen;	/* mac key */
+	caddr_t		mackey;
+
+  	u_int32_t	ses;		/* returns: session # */
+};
+
+struct session2_op {
+	u_int32_t	cipher;		/* ie. CRYPTO_DES_CBC */
+	u_int32_t	mac;		/* ie. CRYPTO_MD5_HMAC */
+
+	u_int32_t	keylen;		/* cipher key */
+	caddr_t		key;
+	int		mackeylen;	/* mac key */
+	caddr_t		mackey;
+
+  	u_int32_t	ses;		/* returns: session # */
+	int		crid;		/* driver id + flags (rw) */
+	int		pad[4];		/* for future expansion */
+};
+
+struct crypt_op {
+	u_int32_t	ses;
+	u_int16_t	op;		/* i.e. COP_ENCRYPT */
+#define COP_NONE	0
+#define COP_ENCRYPT	1
+#define COP_DECRYPT	2
+	u_int16_t	flags;
+#define	COP_F_BATCH	0x0008		/* Batch op if possible */
+	u_int		len;
+	caddr_t		src, dst;	/* become iov[] inside kernel */
+	caddr_t		mac;		/* must be big enough for chosen MAC */
+	caddr_t		iv;
+};
+
+/*
+ * Parameters for looking up a crypto driver/device by
+ * device name or by id.  The latter are returned for
+ * created sessions (crid) and completed key operations.
+ */
+struct crypt_find_op {
+	int		crid;		/* driver id + flags */
+	char		name[32];	/* device/driver name */
+};
+
+/* bignum parameter, in packed bytes, ... */
+struct crparam {
+	caddr_t		crp_p;
+	u_int		crp_nbits;
+};
+
+#define CRK_MAXPARAM	8
+
+struct crypt_kop {
+	u_int		crk_op;		/* ie. CRK_MOD_EXP or other */
+	u_int		crk_status;	/* return status */
+	u_short		crk_iparams;	/* # of input parameters */
+	u_short		crk_oparams;	/* # of output parameters */
+	u_int		crk_crid;	/* NB: only used by CIOCKEY2 (rw) */
+	struct crparam	crk_param[CRK_MAXPARAM];
+};
+#define CRK_ALGORITM_MIN	0
+#define CRK_MOD_EXP		0
+#define CRK_MOD_EXP_CRT		1
+#define CRK_DSA_SIGN		2
+#define CRK_DSA_VERIFY		3
+#define CRK_DH_COMPUTE_KEY	4
+#define CRK_ALGORITHM_MAX	4 /* Keep updated - see below */
+
+#define CRF_MOD_EXP		(1 << CRK_MOD_EXP)
+#define CRF_MOD_EXP_CRT		(1 << CRK_MOD_EXP_CRT)
+#define CRF_DSA_SIGN		(1 << CRK_DSA_SIGN)
+#define CRF_DSA_VERIFY		(1 << CRK_DSA_VERIFY)
+#define CRF_DH_COMPUTE_KEY	(1 << CRK_DH_COMPUTE_KEY)
+
+/*
+ * done against open of /dev/crypto, to get a cloned descriptor.
+ * Please use F_SETFD against the cloned descriptor.
+ */
+#define CRIOGET		_IOWR('c', 100, u_int32_t)
+#define CRIOASYMFEAT	CIOCASYMFEAT
+#define CRIOFINDDEV	CIOCFINDDEV
+
+/* the following are done against the cloned descriptor */
+#define CIOCGSESSION	_IOWR('c', 101, struct session_op)
+#define CIOCFSESSION	_IOW('c', 102, u_int32_t)
+#define CIOCCRYPT	_IOWR('c', 103, struct crypt_op)
+#define CIOCKEY		_IOWR('c', 104, struct crypt_kop)
+#define CIOCASYMFEAT	_IOR('c', 105, u_int32_t)
+#define CIOCGSESSION2	_IOWR('c', 106, struct session2_op)
+#define CIOCKEY2	_IOWR('c', 107, struct crypt_kop)
+#define CIOCFINDDEV	_IOWR('c', 108, struct crypt_find_op)
+
+struct cryptotstat {
+	struct timespec	acc;		/* total accumulated time */
+	struct timespec	min;		/* min time */
+	struct timespec	max;		/* max time */
+	u_int32_t	count;		/* number of observations */
+};
+
+struct cryptostats {
+	u_int32_t	cs_ops;		/* symmetric crypto ops submitted */
+	u_int32_t	cs_errs;	/* symmetric crypto ops that failed */
+	u_int32_t	cs_kops;	/* asymetric/key ops submitted */
+	u_int32_t	cs_kerrs;	/* asymetric/key ops that failed */
+	u_int32_t	cs_intrs;	/* crypto swi thread activations */
+	u_int32_t	cs_rets;	/* crypto return thread activations */
+	u_int32_t	cs_blocks;	/* symmetric op driver block */
+	u_int32_t	cs_kblocks;	/* symmetric op driver block */
+	/*
+	 * When CRYPTO_TIMING is defined at compile time and the
+	 * sysctl debug.crypto is set to 1, the crypto system will
+	 * accumulate statistics about how long it takes to process
+	 * crypto requests at various points during processing.
+	 */
+	struct cryptotstat cs_invoke;	/* crypto_dipsatch -> crypto_invoke */
+	struct cryptotstat cs_done;	/* crypto_invoke -> crypto_done */
+	struct cryptotstat cs_cb;	/* crypto_done -> callback */
+	struct cryptotstat cs_finis;	/* callback -> callback return */
+
+	u_int32_t	cs_drops;		/* crypto ops dropped due to congestion */
+};
+
+#ifdef __KERNEL__
+
+/* Standard initialization structure beginning */
+struct cryptoini {
+	int		cri_alg;	/* Algorithm to use */
+	int		cri_klen;	/* Key length, in bits */
+	int		cri_mlen;	/* Number of bytes we want from the
+					   entire hash. 0 means all. */
+	caddr_t		cri_key;	/* key to use */
+	u_int8_t	cri_iv[EALG_MAX_BLOCK_LEN];	/* IV to use */
+	struct cryptoini *cri_next;
+};
+
+/* Describe boundaries of a single crypto operation */
+struct cryptodesc {
+	int		crd_skip;	/* How many bytes to ignore from start */
+	int		crd_len;	/* How many bytes to process */
+	int		crd_inject;	/* Where to inject results, if applicable */
+	int		crd_flags;
+
+#define CRD_F_ENCRYPT		0x01	/* Set when doing encryption */
+#define CRD_F_IV_PRESENT	0x02	/* When encrypting, IV is already in
+					   place, so don't copy. */
+#define CRD_F_IV_EXPLICIT	0x04	/* IV explicitly provided */
+#define CRD_F_DSA_SHA_NEEDED	0x08	/* Compute SHA-1 of buffer for DSA */
+#define CRD_F_KEY_EXPLICIT	0x10	/* Key explicitly provided */
+#define CRD_F_COMP		0x0f    /* Set when doing compression */
+
+	struct cryptoini	CRD_INI; /* Initialization/context data */
+#define crd_iv		CRD_INI.cri_iv
+#define crd_key		CRD_INI.cri_key
+#define crd_alg		CRD_INI.cri_alg
+#define crd_klen	CRD_INI.cri_klen
+#define crd_mlen	CRD_INI.cri_mlen
+
+	struct cryptodesc *crd_next;
+};
+
+/* Structure describing complete operation */
+struct cryptop {
+	struct list_head crp_next;
+	wait_queue_head_t crp_waitq;
+
+	u_int64_t	crp_sid;	/* Session ID */
+	int		crp_ilen;	/* Input data total length */
+	int		crp_olen;	/* Result total length */
+
+	int		crp_etype;	/*
+					 * Error type (zero means no error).
+					 * All error codes except EAGAIN
+					 * indicate possible data corruption (as in,
+					 * the data have been touched). On all
+					 * errors, the crp_sid may have changed
+					 * (reset to a new one), so the caller
+					 * should always check and use the new
+					 * value on future requests.
+					 */
+	int		crp_flags;
+
+#define CRYPTO_F_SKBUF		0x0001	/* Input/output are skbuf chains */
+#define CRYPTO_F_IOV		0x0002	/* Input/output are uio */
+#define CRYPTO_F_REL		0x0004	/* Must return data in same place */
+#define CRYPTO_F_BATCH		0x0008	/* Batch op if possible */
+#define CRYPTO_F_CBIMM		0x0010	/* Do callback immediately */
+#define CRYPTO_F_DONE		0x0020	/* Operation completed */
+#define CRYPTO_F_CBIFSYNC	0x0040	/* Do CBIMM if op is synchronous */
+
+	caddr_t		crp_buf;	/* Data to be processed */
+	caddr_t		crp_opaque;	/* Opaque pointer, passed along */
+	struct cryptodesc *crp_desc;	/* Linked list of processing descriptors */
+
+	int (*crp_callback)(struct cryptop *); /* Callback function */
+};
+
+#define CRYPTO_BUF_CONTIG	0x0
+#define CRYPTO_BUF_IOV		0x1
+#define CRYPTO_BUF_SKBUF		0x2
+
+#define CRYPTO_OP_DECRYPT	0x0
+#define CRYPTO_OP_ENCRYPT	0x1
+
+/*
+ * Hints passed to process methods.
+ */
+#define CRYPTO_HINT_MORE	0x1	/* more ops coming shortly */
+
+struct cryptkop {
+	struct list_head krp_next;
+	wait_queue_head_t krp_waitq;
+
+	int		krp_flags;
+#define CRYPTO_KF_DONE		0x0001	/* Operation completed */
+#define CRYPTO_KF_CBIMM		0x0002	/* Do callback immediately */
+
+	u_int		krp_op;		/* ie. CRK_MOD_EXP or other */
+	u_int		krp_status;	/* return status */
+	u_short		krp_iparams;	/* # of input parameters */
+	u_short		krp_oparams;	/* # of output parameters */
+	u_int		krp_crid;	/* desired device, etc. */
+	u_int32_t	krp_hid;
+	struct crparam	krp_param[CRK_MAXPARAM];	/* kvm */
+	int		(*krp_callback)(struct cryptkop *);
+};
+
+#include <ocf-compat.h>
+
+/*
+ * Session ids are 64 bits.  The lower 32 bits contain a "local id" which
+ * is a driver-private session identifier.  The upper 32 bits contain a
+ * "hardware id" used by the core crypto code to identify the driver and
+ * a copy of the driver's capabilities that can be used by client code to
+ * optimize operation.
+ */
+#define CRYPTO_SESID2HID(_sid)	(((_sid) >> 32) & 0x00ffffff)
+#define CRYPTO_SESID2CAPS(_sid)	(((_sid) >> 32) & 0xff000000)
+#define CRYPTO_SESID2LID(_sid)	(((u_int32_t) (_sid)) & 0xffffffff)
+
+extern	int crypto_newsession(u_int64_t *sid, struct cryptoini *cri, int hard);
+extern	int crypto_freesession(u_int64_t sid);
+#define CRYPTOCAP_F_HARDWARE	CRYPTO_FLAG_HARDWARE
+#define CRYPTOCAP_F_SOFTWARE	CRYPTO_FLAG_SOFTWARE
+#define CRYPTOCAP_F_SYNC	0x04000000	/* operates synchronously */
+extern	int32_t crypto_get_driverid(device_t dev, int flags);
+extern	int crypto_find_driver(const char *);
+extern	device_t crypto_find_device_byhid(int hid);
+extern	int crypto_getcaps(int hid);
+extern	int crypto_register(u_int32_t driverid, int alg, u_int16_t maxoplen,
+	    u_int32_t flags);
+extern	int crypto_kregister(u_int32_t, int, u_int32_t);
+extern	int crypto_unregister(u_int32_t driverid, int alg);
+extern	int crypto_unregister_all(u_int32_t driverid);
+extern	int crypto_dispatch(struct cryptop *crp);
+extern	int crypto_kdispatch(struct cryptkop *);
+#define CRYPTO_SYMQ	0x1
+#define CRYPTO_ASYMQ	0x2
+extern	int crypto_unblock(u_int32_t, int);
+extern	void crypto_done(struct cryptop *crp);
+extern	void crypto_kdone(struct cryptkop *);
+extern	int crypto_getfeat(int *);
+
+extern	void crypto_freereq(struct cryptop *crp);
+extern	struct cryptop *crypto_getreq(int num);
+
+extern  int crypto_usercrypto;      /* userland may do crypto requests */
+extern  int crypto_userasymcrypto;  /* userland may do asym crypto reqs */
+extern  int crypto_devallowsoft;    /* only use hardware crypto */
+
+/*
+ * random number support,  crypto_unregister_all will unregister
+ */
+extern int crypto_rregister(u_int32_t driverid,
+		int (*read_random)(void *arg, u_int32_t *buf, int len), void *arg);
+extern int crypto_runregister_all(u_int32_t driverid);
+
+/*
+ * Crypto-related utility routines used mainly by drivers.
+ *
+ * XXX these don't really belong here; but for now they're
+ *     kept apart from the rest of the system.
+ */
+struct uio;
+extern	void cuio_copydata(struct uio* uio, int off, int len, caddr_t cp);
+extern	void cuio_copyback(struct uio* uio, int off, int len, caddr_t cp);
+extern	struct iovec *cuio_getptr(struct uio *uio, int loc, int *off);
+
+extern	void crypto_copyback(int flags, caddr_t buf, int off, int size,
+	    caddr_t in);
+extern	void crypto_copydata(int flags, caddr_t buf, int off, int size,
+	    caddr_t out);
+extern	int crypto_apply(int flags, caddr_t buf, int off, int len,
+	    int (*f)(void *, void *, u_int), void *arg);
+
+#endif /* __KERNEL__ */
+#endif /* _CRYPTO_CRYPTO_H_ */
+/*
+ * An OCF module that uses the linux kernel cryptoapi, based on the
+ * original cryptosoft for BSD by Angelos D. Keromytis (angelos@cis.upenn.edu)
+ * but is mostly unrecognisable,
+ *
+ * Written by David McCullough <david_mccullough@mcafee.com>
+ * Copyright (C) 2004-2011 David McCullough
+ * Copyright (C) 2004-2005 Intel Corporation.
+ *
+ * LICENSE TERMS
+ *
+ * The free distribution and use of this software in both source and binary
+ * form is allowed (with or without changes) provided that:
+ *
+ *   1. distributions of this source code include the above copyright
+ *      notice, this list of conditions and the following disclaimer;
+ *
+ *   2. distributions in binary form include the above copyright
+ *      notice, this list of conditions and the following disclaimer
+ *      in the documentation and/or other associated materials;
+ *
+ *   3. the copyright holder's name is not used to endorse products
+ *      built using this software without specific written permission.
+ *
+ * ALTERNATIVELY, provided that this notice is retained in full, this product
+ * may be distributed under the terms of the GNU General Public License (GPL),
+ * in which case the provisions of the GPL apply INSTEAD OF those given above.
+ *
+ * DISCLAIMER
+ *
+ * This software is provided 'as is' with no explicit or implied warranties
+ * in respect of its properties, including, but not limited to, correctness
+ * and/or fitness for purpose.
+ * ---------------------------------------------------------------------------
+ */
+
+#include <linux/version.h>
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED)
+#include <linux/config.h>
+#endif
+#include <linux/module.h>
+#include <linux/init.h>
+#include <linux/list.h>
+#include <linux/slab.h>
+#include <linux/sched.h>
+#include <linux/wait.h>
+#include <linux/crypto.h>
+#include <linux/mm.h>
+#include <linux/skbuff.h>
+#include <linux/random.h>
+#include <linux/interrupt.h>
+#include <linux/spinlock.h>
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,10)
+#include <linux/scatterlist.h>
+#endif
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,29)
+#include <crypto/hash.h>
+#endif
+
+#include <cryptodev.h>
+#include <uio.h>
+
+struct {
+	softc_device_decl	sc_dev;
+} swcr_softc;
+
+#define offset_in_page(p) ((unsigned long)(p) & ~PAGE_MASK)
+
+#define SW_TYPE_CIPHER		0x01
+#define SW_TYPE_HMAC		0x02
+#define SW_TYPE_HASH		0x04
+#define SW_TYPE_COMP		0x08
+#define SW_TYPE_BLKCIPHER	0x10
+#define SW_TYPE_ALG_MASK	0x1f
+
+#define SW_TYPE_ASYNC		0x8000
+
+#define SW_TYPE_INUSE		0x10000000
+
+/* We change some of the above if we have an async interface */
+
+#define SW_TYPE_ALG_AMASK	(SW_TYPE_ALG_MASK | SW_TYPE_ASYNC)
+
+#define SW_TYPE_ABLKCIPHER	(SW_TYPE_BLKCIPHER | SW_TYPE_ASYNC)
+#define SW_TYPE_AHASH		(SW_TYPE_HASH | SW_TYPE_ASYNC)
+#define SW_TYPE_AHMAC		(SW_TYPE_HMAC | SW_TYPE_ASYNC)
+
+#define SCATTERLIST_MAX 16
+
+struct swcr_data {
+	struct work_struct  workq;
+	int					sw_type;
+	int					sw_alg;
+	struct crypto_tfm	*sw_tfm;
+	spinlock_t			sw_tfm_lock;
+	union {
+		struct {
+			char *sw_key;
+			int  sw_klen;
+			int  sw_mlen;
+		} hmac;
+		void *sw_comp_buf;
+	} u;
+	struct swcr_data	*sw_next;
+};
+
+struct swcr_req {
+	struct swcr_data	*sw_head;
+	struct swcr_data	*sw;
+	struct cryptop		*crp;
+	struct cryptodesc	*crd;
+	struct scatterlist	 sg[SCATTERLIST_MAX];
+	unsigned char		 iv[EALG_MAX_BLOCK_LEN];
+	char				 result[HASH_MAX_LEN];
+	void				*crypto_req;
+};
+
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,20)
+static kmem_cache_t *swcr_req_cache;
+#else
+static struct kmem_cache *swcr_req_cache;
+#endif
+
+#ifndef CRYPTO_TFM_MODE_CBC
+/*
+ * As of linux-2.6.21 this is no longer defined, and presumably no longer
+ * needed to be passed into the crypto core code.
+ */
+#define	CRYPTO_TFM_MODE_CBC	0
+#define	CRYPTO_TFM_MODE_ECB	0
+#endif
+
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
+	/*
+	 * Linux 2.6.19 introduced a new Crypto API, setup macro's to convert new
+	 * API into old API.
+	 */
+
+	/* Symmetric/Block Cipher */
+	struct blkcipher_desc
+	{
+		struct crypto_tfm *tfm;
+		void *info;
+	};
+	#define ecb(X)								#X , CRYPTO_TFM_MODE_ECB
+	#define cbc(X)								#X , CRYPTO_TFM_MODE_CBC
+	#define crypto_has_blkcipher(X, Y, Z)		crypto_alg_available(X, 0)
+	#define crypto_blkcipher_cast(X)			X
+	#define crypto_blkcipher_tfm(X)				X
+	#define crypto_alloc_blkcipher(X, Y, Z)		crypto_alloc_tfm(X, mode)
+	#define crypto_blkcipher_ivsize(X)			crypto_tfm_alg_ivsize(X)
+	#define crypto_blkcipher_blocksize(X)		crypto_tfm_alg_blocksize(X)
+	#define crypto_blkcipher_setkey(X, Y, Z)	crypto_cipher_setkey(X, Y, Z)
+	#define crypto_blkcipher_encrypt_iv(W, X, Y, Z)	\
+				crypto_cipher_encrypt_iv((W)->tfm, X, Y, Z, (u8 *)((W)->info))
+	#define crypto_blkcipher_decrypt_iv(W, X, Y, Z)	\
+				crypto_cipher_decrypt_iv((W)->tfm, X, Y, Z, (u8 *)((W)->info))
+	#define crypto_blkcipher_set_flags(x, y)	/* nop */
+	#define crypto_free_blkcipher(x)			crypto_free_tfm(x)
+	#define crypto_free_comp					crypto_free_tfm
+	#define crypto_free_hash					crypto_free_tfm
+
+	/* Hash/HMAC/Digest */
+	struct hash_desc
+	{
+		struct crypto_tfm *tfm;
+	};
+	#define hmac(X)							#X , 0
+	#define crypto_has_hash(X, Y, Z)		crypto_alg_available(X, 0)
+	#define crypto_hash_cast(X)				X
+	#define crypto_hash_tfm(X)				X
+	#define crypto_alloc_hash(X, Y, Z)		crypto_alloc_tfm(X, mode)
+	#define crypto_hash_digestsize(X)		crypto_tfm_alg_digestsize(X)
+	#define crypto_hash_digest(W, X, Y, Z)	\
+				crypto_digest_digest((W)->tfm, X, sg_num, Z)
+
+	/* Asymmetric Cipher */
+	#define crypto_has_cipher(X, Y, Z)		crypto_alg_available(X, 0)
+
+	/* Compression */
+	#define crypto_has_comp(X, Y, Z)		crypto_alg_available(X, 0)
+	#define crypto_comp_tfm(X)				X
+	#define crypto_comp_cast(X)				X
+	#define crypto_alloc_comp(X, Y, Z)		crypto_alloc_tfm(X, mode)
+	#define plain(X)	#X , 0
+#else
+	#define ecb(X)	"ecb(" #X ")" , 0
+	#define cbc(X)	"cbc(" #X ")" , 0
+	#define hmac(X)	"hmac(" #X ")" , 0
+	#define plain(X)	#X , 0
+#endif /* if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19) */
+
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,22)
+/* no ablkcipher in older kernels */
+#define crypto_alloc_ablkcipher(a,b,c)		(NULL)
+#define crypto_ablkcipher_tfm(x)			((struct crypto_tfm *)(x))
+#define crypto_ablkcipher_set_flags(a, b)	/* nop */
+#define crypto_ablkcipher_setkey(x, y, z)	(-EINVAL)
+#define	crypto_has_ablkcipher(a,b,c)		(0)
+#else
+#define	HAVE_ABLKCIPHER
+#endif
+
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,32)
+/* no ahash in older kernels */
+#define crypto_ahash_tfm(x)					((struct crypto_tfm *)(x))
+#define	crypto_alloc_ahash(a,b,c)			(NULL)
+#define	crypto_ahash_digestsize(x)			0
+#else
+#define	HAVE_AHASH
+#endif
+
+struct crypto_details {
+	char *alg_name;
+	int mode;
+	int sw_type;
+};
+
+static struct crypto_details crypto_details[] = {
+	[CRYPTO_DES_CBC]         = { cbc(des),          SW_TYPE_BLKCIPHER, },
+	[CRYPTO_3DES_CBC]        = { cbc(des3_ede),     SW_TYPE_BLKCIPHER, },
+	[CRYPTO_BLF_CBC]         = { cbc(blowfish),     SW_TYPE_BLKCIPHER, },
+	[CRYPTO_CAST_CBC]        = { cbc(cast5),        SW_TYPE_BLKCIPHER, },
+	[CRYPTO_SKIPJACK_CBC]    = { cbc(skipjack),     SW_TYPE_BLKCIPHER, },
+	[CRYPTO_MD5_HMAC]        = { hmac(md5),         SW_TYPE_HMAC, },
+	[CRYPTO_SHA1_HMAC]       = { hmac(sha1),        SW_TYPE_HMAC, },
+	[CRYPTO_RIPEMD160_HMAC]  = { hmac(ripemd160),   SW_TYPE_HMAC, },
+	[CRYPTO_MD5_KPDK]        = { plain(md5-kpdk),   SW_TYPE_HASH, },
+	[CRYPTO_SHA1_KPDK]       = { plain(sha1-kpdk),  SW_TYPE_HASH, },
+	[CRYPTO_AES_CBC]         = { cbc(aes),          SW_TYPE_BLKCIPHER, },
+	[CRYPTO_ARC4]            = { ecb(arc4),         SW_TYPE_BLKCIPHER, },
+	[CRYPTO_MD5]             = { plain(md5),        SW_TYPE_HASH, },
+	[CRYPTO_SHA1]            = { plain(sha1),       SW_TYPE_HASH, },
+	[CRYPTO_NULL_HMAC]       = { hmac(digest_null), SW_TYPE_HMAC, },
+	[CRYPTO_NULL_CBC]        = { cbc(cipher_null),  SW_TYPE_BLKCIPHER, },
+	[CRYPTO_DEFLATE_COMP]    = { plain(deflate),    SW_TYPE_COMP, },
+	[CRYPTO_SHA2_256_HMAC]   = { hmac(sha256),      SW_TYPE_HMAC, },
+	[CRYPTO_SHA2_384_HMAC]   = { hmac(sha384),      SW_TYPE_HMAC, },
+	[CRYPTO_SHA2_512_HMAC]   = { hmac(sha512),      SW_TYPE_HMAC, },
+	[CRYPTO_CAMELLIA_CBC]    = { cbc(camellia),     SW_TYPE_BLKCIPHER, },
+	[CRYPTO_SHA2_256]        = { plain(sha256),     SW_TYPE_HASH, },
+	[CRYPTO_SHA2_384]        = { plain(sha384),     SW_TYPE_HASH, },
+	[CRYPTO_SHA2_512]        = { plain(sha512),     SW_TYPE_HASH, },
+	[CRYPTO_RIPEMD160]       = { plain(ripemd160),  SW_TYPE_HASH, },
+};
+
+int32_t swcr_id = -1;
+module_param(swcr_id, int, 0444);
+MODULE_PARM_DESC(swcr_id, "Read-Only OCF ID for cryptosoft driver");
+
+int swcr_fail_if_compression_grows = 1;
+module_param(swcr_fail_if_compression_grows, int, 0644);
+MODULE_PARM_DESC(swcr_fail_if_compression_grows,
+                "Treat compression that results in more data as a failure");
+
+int swcr_no_ahash = 0;
+module_param(swcr_no_ahash, int, 0644);
+MODULE_PARM_DESC(swcr_no_ahash,
+                "Do not use async hash/hmac even if available");
+
+int swcr_no_ablk = 0;
+module_param(swcr_no_ablk, int, 0644);
+MODULE_PARM_DESC(swcr_no_ablk,
+                "Do not use async blk ciphers even if available");
+
+static struct swcr_data **swcr_sessions = NULL;
+static u_int32_t swcr_sesnum = 0;
+
+static	int swcr_process(device_t, struct cryptop *, int);
+static	int swcr_newsession(device_t, u_int32_t *, struct cryptoini *);
+static	int swcr_freesession(device_t, u_int64_t);
+
+static device_method_t swcr_methods = {
+	/* crypto device methods */
+	DEVMETHOD(cryptodev_newsession,	swcr_newsession),
+	DEVMETHOD(cryptodev_freesession,swcr_freesession),
+	DEVMETHOD(cryptodev_process,	swcr_process),
+};
+
+#define debug swcr_debug
+int swcr_debug = 0;
+module_param(swcr_debug, int, 0644);
+MODULE_PARM_DESC(swcr_debug, "Enable debug");
+
+static void swcr_process_req(struct swcr_req *req);
+
+/*
+ * somethings just need to be run with user context no matter whether
+ * the kernel compression libs use vmalloc/vfree for example.
+ */
+
+typedef struct {
+	struct work_struct wq;
+	void	(*func)(void *arg);
+	void	*arg;
+} execute_later_t;
+
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,20)
+static void
+doing_it_now(struct work_struct *wq)
+{
+	execute_later_t *w = container_of(wq, execute_later_t, wq);
+	(w->func)(w->arg);
+	kfree(w);
+}
+#else
+static void
+doing_it_now(void *arg)
+{
+	execute_later_t *w = (execute_later_t *) arg;
+	(w->func)(w->arg);
+	kfree(w);
+}
+#endif
+
+static void
+execute_later(void (fn)(void *), void *arg)
+{
+	execute_later_t *w;
+
+	w = (execute_later_t *) kmalloc(sizeof(execute_later_t), SLAB_ATOMIC);
+	if (w) {
+		memset(w, '\0', sizeof(w));
+		w->func = fn;
+		w->arg = arg;
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,20)
+		INIT_WORK(&w->wq, doing_it_now);
+#else
+		INIT_WORK(&w->wq, doing_it_now, w);
+#endif
+		schedule_work(&w->wq);
+	}
+}
+
+/*
+ * Generate a new software session.
+ */
+static int
+swcr_newsession(device_t dev, u_int32_t *sid, struct cryptoini *cri)
+{
+	struct swcr_data **swd;
+	u_int32_t i;
+	int error;
+	char *algo;
+	int mode;
+
+	dprintk("%s()\n", __FUNCTION__);
+	if (sid == NULL || cri == NULL) {
+		dprintk("%s,%d - EINVAL\n", __FILE__, __LINE__);
+		return EINVAL;
+	}
+
+	if (swcr_sessions) {
+		for (i = 1; i < swcr_sesnum; i++)
+			if (swcr_sessions[i] == NULL)
+				break;
+	} else
+		i = 1;		/* NB: to silence compiler warning */
+
+	if (swcr_sessions == NULL || i == swcr_sesnum) {
+		if (swcr_sessions == NULL) {
+			i = 1; /* We leave swcr_sessions[0] empty */
+			swcr_sesnum = CRYPTO_SW_SESSIONS;
+		} else
+			swcr_sesnum *= 2;
+
+		swd = kmalloc(swcr_sesnum * sizeof(struct swcr_data *), SLAB_ATOMIC);
+		if (swd == NULL) {
+			/* Reset session number */
+			if (swcr_sesnum == CRYPTO_SW_SESSIONS)
+				swcr_sesnum = 0;
+			else
+				swcr_sesnum /= 2;
+			dprintk("%s,%d: ENOBUFS\n", __FILE__, __LINE__);
+			return ENOBUFS;
+		}
+		memset(swd, 0, swcr_sesnum * sizeof(struct swcr_data *));
+
+		/* Copy existing sessions */
+		if (swcr_sessions) {
+			memcpy(swd, swcr_sessions,
+			    (swcr_sesnum / 2) * sizeof(struct swcr_data *));
+			kfree(swcr_sessions);
+		}
+
+		swcr_sessions = swd;
+	}
+
+	swd = &swcr_sessions[i];
+	*sid = i;
+
+	while (cri) {
+		*swd = (struct swcr_data *) kmalloc(sizeof(struct swcr_data),
+				SLAB_ATOMIC);
+		if (*swd == NULL) {
+			swcr_freesession(NULL, i);
+			dprintk("%s,%d: ENOBUFS\n", __FILE__, __LINE__);
+			return ENOBUFS;
+		}
+		memset(*swd, 0, sizeof(struct swcr_data));
+
+		if (cri->cri_alg < 0 ||
+				cri->cri_alg>=sizeof(crypto_details)/sizeof(crypto_details[0])){
+			printk("cryptosoft: Unknown algorithm 0x%x\n", cri->cri_alg);
+			swcr_freesession(NULL, i);
+			return EINVAL;
+		}
+
+		algo = crypto_details[cri->cri_alg].alg_name;
+		if (!algo || !*algo) {
+			printk("cryptosoft: Unsupported algorithm 0x%x\n", cri->cri_alg);
+			swcr_freesession(NULL, i);
+			return EINVAL;
+		}
+
+		mode = crypto_details[cri->cri_alg].mode;
+		(*swd)->sw_type = crypto_details[cri->cri_alg].sw_type;
+		(*swd)->sw_alg = cri->cri_alg;
+
+		spin_lock_init(&(*swd)->sw_tfm_lock);
+
+		/* Algorithm specific configuration */
+		switch (cri->cri_alg) {
+		case CRYPTO_NULL_CBC:
+			cri->cri_klen = 0; /* make it work with crypto API */
+			break;
+		default:
+			break;
+		}
+
+		if ((*swd)->sw_type & SW_TYPE_BLKCIPHER) {
+			dprintk("%s crypto_alloc_*blkcipher(%s, 0x%x)\n", __FUNCTION__,
+					algo, mode);
+
+			/* try async first */
+			(*swd)->sw_tfm = swcr_no_ablk ? NULL :
+					crypto_ablkcipher_tfm(crypto_alloc_ablkcipher(algo, 0, 0));
+			if ((*swd)->sw_tfm && !IS_ERR((*swd)->sw_tfm)) {
+				dprintk("%s %s cipher is async\n", __FUNCTION__, algo);
+				(*swd)->sw_type |= SW_TYPE_ASYNC;
+			} else {
+				(*swd)->sw_tfm = crypto_blkcipher_tfm(
+						crypto_alloc_blkcipher(algo, 0, CRYPTO_ALG_ASYNC));
+				if ((*swd)->sw_tfm && !IS_ERR((*swd)->sw_tfm))
+					dprintk("%s %s cipher is sync\n", __FUNCTION__, algo);
+			}
+			if (!(*swd)->sw_tfm || IS_ERR((*swd)->sw_tfm)) {
+				int err;
+				dprintk("cryptosoft: crypto_alloc_blkcipher failed(%s, 0x%x)\n",
+						algo,mode);
+				err = IS_ERR((*swd)->sw_tfm) ? -(PTR_ERR((*swd)->sw_tfm)) : EINVAL;
+				(*swd)->sw_tfm = NULL; /* ensure NULL */
+				swcr_freesession(NULL, i);
+				return err;
+			}
+
+			if (debug) {
+				dprintk("%s key:cri->cri_klen=%d,(cri->cri_klen + 7)/8=%d",
+						__FUNCTION__, cri->cri_klen, (cri->cri_klen + 7) / 8);
+				for (i = 0; i < (cri->cri_klen + 7) / 8; i++)
+					dprintk("%s0x%x", (i % 8) ? " " : "\n    ",
+							cri->cri_key[i] & 0xff);
+				dprintk("\n");
+			}
+			if ((*swd)->sw_type & SW_TYPE_ASYNC) {
+				/* OCF doesn't enforce keys */
+				crypto_ablkcipher_set_flags(
+						__crypto_ablkcipher_cast((*swd)->sw_tfm),
+							CRYPTO_TFM_REQ_WEAK_KEY);
+				error = crypto_ablkcipher_setkey(
+							__crypto_ablkcipher_cast((*swd)->sw_tfm),
+								cri->cri_key, (cri->cri_klen + 7) / 8);
+			} else {
+				/* OCF doesn't enforce keys */
+				crypto_blkcipher_set_flags(
+						crypto_blkcipher_cast((*swd)->sw_tfm),
+							CRYPTO_TFM_REQ_WEAK_KEY);
+				error = crypto_blkcipher_setkey(
+							crypto_blkcipher_cast((*swd)->sw_tfm),
+								cri->cri_key, (cri->cri_klen + 7) / 8);
+			}
+			if (error) {
+				printk("cryptosoft: setkey failed %d (crt_flags=0x%x)\n", error,
+						(*swd)->sw_tfm->crt_flags);
+				swcr_freesession(NULL, i);
+				return error;
+			}
+		} else if ((*swd)->sw_type & (SW_TYPE_HMAC | SW_TYPE_HASH)) {
+			dprintk("%s crypto_alloc_*hash(%s, 0x%x)\n", __FUNCTION__,
+					algo, mode);
+
+			/* try async first */
+			(*swd)->sw_tfm = swcr_no_ahash ? NULL :
+					crypto_ahash_tfm(crypto_alloc_ahash(algo, 0, 0));
+			if ((*swd)->sw_tfm) {
+				dprintk("%s %s hash is async\n", __FUNCTION__, algo);
+				(*swd)->sw_type |= SW_TYPE_ASYNC;
+			} else {
+				dprintk("%s %s hash is sync\n", __FUNCTION__, algo);
+				(*swd)->sw_tfm = crypto_hash_tfm(
+						crypto_alloc_hash(algo, 0, CRYPTO_ALG_ASYNC));
+			}
+
+			if (!(*swd)->sw_tfm) {
+				dprintk("cryptosoft: crypto_alloc_hash failed(%s,0x%x)\n",
+						algo, mode);
+				swcr_freesession(NULL, i);
+				return EINVAL;
+			}
+
+			(*swd)->u.hmac.sw_klen = (cri->cri_klen + 7) / 8;
+			(*swd)->u.hmac.sw_key = (char *)kmalloc((*swd)->u.hmac.sw_klen,
+					SLAB_ATOMIC);
+			if ((*swd)->u.hmac.sw_key == NULL) {
+				swcr_freesession(NULL, i);
+				dprintk("%s,%d: ENOBUFS\n", __FILE__, __LINE__);
+				return ENOBUFS;
+			}
+			memcpy((*swd)->u.hmac.sw_key, cri->cri_key, (*swd)->u.hmac.sw_klen);
+			if (cri->cri_mlen) {
+				(*swd)->u.hmac.sw_mlen = cri->cri_mlen;
+			} else if ((*swd)->sw_type & SW_TYPE_ASYNC) {
+				(*swd)->u.hmac.sw_mlen = crypto_ahash_digestsize(
+						__crypto_ahash_cast((*swd)->sw_tfm));
+			} else  {
+				(*swd)->u.hmac.sw_mlen = crypto_hash_digestsize(
+						crypto_hash_cast((*swd)->sw_tfm));
+			}
+		} else if ((*swd)->sw_type & SW_TYPE_COMP) {
+			(*swd)->sw_tfm = crypto_comp_tfm(
+					crypto_alloc_comp(algo, 0, CRYPTO_ALG_ASYNC));
+			if (!(*swd)->sw_tfm) {
+				dprintk("cryptosoft: crypto_alloc_comp failed(%s,0x%x)\n",
+						algo, mode);
+				swcr_freesession(NULL, i);
+				return EINVAL;
+			}
+			(*swd)->u.sw_comp_buf = kmalloc(CRYPTO_MAX_DATA_LEN, SLAB_ATOMIC);
+			if ((*swd)->u.sw_comp_buf == NULL) {
+				swcr_freesession(NULL, i);
+				dprintk("%s,%d: ENOBUFS\n", __FILE__, __LINE__);
+				return ENOBUFS;
+			}
+		} else {
+			printk("cryptosoft: Unhandled sw_type %d\n", (*swd)->sw_type);
+			swcr_freesession(NULL, i);
+			return EINVAL;
+		}
+
+		cri = cri->cri_next;
+		swd = &((*swd)->sw_next);
+	}
+	return 0;
+}
+
+/*
+ * Free a session.
+ */
+static int
+swcr_freesession(device_t dev, u_int64_t tid)
+{
+	struct swcr_data *swd;
+	u_int32_t sid = CRYPTO_SESID2LID(tid);
+
+	dprintk("%s()\n", __FUNCTION__);
+	if (sid > swcr_sesnum || swcr_sessions == NULL ||
+			swcr_sessions[sid] == NULL) {
+		dprintk("%s,%d: EINVAL\n", __FILE__, __LINE__);
+		return(EINVAL);
+	}
+
+	/* Silently accept and return */
+	if (sid == 0)
+		return(0);
+
+	while ((swd = swcr_sessions[sid]) != NULL) {
+		swcr_sessions[sid] = swd->sw_next;
+		if (swd->sw_tfm) {
+			switch (swd->sw_type & SW_TYPE_ALG_AMASK) {
+#ifdef HAVE_AHASH
+			case SW_TYPE_AHMAC:
+			case SW_TYPE_AHASH:
+				crypto_free_ahash(__crypto_ahash_cast(swd->sw_tfm));
+				break;
+#endif
+#ifdef HAVE_ABLKCIPHER
+			case SW_TYPE_ABLKCIPHER:
+				crypto_free_ablkcipher(__crypto_ablkcipher_cast(swd->sw_tfm));
+				break;
+#endif
+			case SW_TYPE_BLKCIPHER:
+				crypto_free_blkcipher(crypto_blkcipher_cast(swd->sw_tfm));
+				break;
+			case SW_TYPE_HMAC:
+			case SW_TYPE_HASH:
+				crypto_free_hash(crypto_hash_cast(swd->sw_tfm));
+				break;
+			case SW_TYPE_COMP:
+				if (in_interrupt())
+					execute_later((void (*)(void *))crypto_free_comp, (void *)crypto_comp_cast(swd->sw_tfm));
+				else
+					crypto_free_comp(crypto_comp_cast(swd->sw_tfm));
+				break;
+			default:
+				crypto_free_tfm(swd->sw_tfm);
+				break;
+			}
+			swd->sw_tfm = NULL;
+		}
+		if (swd->sw_type & SW_TYPE_COMP) {
+			if (swd->u.sw_comp_buf)
+				kfree(swd->u.sw_comp_buf);
+		} else {
+			if (swd->u.hmac.sw_key)
+				kfree(swd->u.hmac.sw_key);
+		}
+		kfree(swd);
+	}
+	return 0;
+}
+
+static void swcr_process_req_complete(struct swcr_req *req)
+{
+	dprintk("%s()\n", __FUNCTION__);
+
+	if (req->sw->sw_type & SW_TYPE_INUSE) {
+		unsigned long flags;
+		spin_lock_irqsave(&req->sw->sw_tfm_lock, flags);
+		req->sw->sw_type &= ~SW_TYPE_INUSE;
+		spin_unlock_irqrestore(&req->sw->sw_tfm_lock, flags);
+	}
+
+	if (req->crp->crp_etype)
+		goto done;
+
+	switch (req->sw->sw_type & SW_TYPE_ALG_AMASK) {
+#if defined(HAVE_AHASH)
+	case SW_TYPE_AHMAC:
+	case SW_TYPE_AHASH:
+		crypto_copyback(req->crp->crp_flags, req->crp->crp_buf,
+				req->crd->crd_inject, req->sw->u.hmac.sw_mlen, req->result);
+		ahash_request_free(req->crypto_req);
+		break;
+#endif
+#if defined(HAVE_ABLKCIPHER)
+	case SW_TYPE_ABLKCIPHER:
+		ablkcipher_request_free(req->crypto_req);
+		break;
+#endif
+	case SW_TYPE_CIPHER:
+	case SW_TYPE_HMAC:
+	case SW_TYPE_HASH:
+	case SW_TYPE_COMP:
+	case SW_TYPE_BLKCIPHER:
+		break;
+	default:
+		req->crp->crp_etype = EINVAL;
+		goto done;
+	}
+
+	req->crd = req->crd->crd_next;
+	if (req->crd) {
+		swcr_process_req(req);
+		return;
+	}
+
+done:
+	dprintk("%s crypto_done %p\n", __FUNCTION__, req);
+	crypto_done(req->crp);
+	kmem_cache_free(swcr_req_cache, req);
+}
+
+#if defined(HAVE_ABLKCIPHER) || defined(HAVE_AHASH)
+static void swcr_process_callback(struct crypto_async_request *creq, int err)
+{
+	struct swcr_req *req = creq->data;
+
+	dprintk("%s()\n", __FUNCTION__);
+	if (err) {
+		if (err == -EINPROGRESS)
+			return;
+		dprintk("%s() fail %d\n", __FUNCTION__, -err);
+		req->crp->crp_etype = -err;
+	}
+
+	swcr_process_req_complete(req);
+}
+#endif /* defined(HAVE_ABLKCIPHER) || defined(HAVE_AHASH) */
+
+
+static void swcr_process_req(struct swcr_req *req)
+{
+	struct swcr_data *sw;
+	struct cryptop *crp = req->crp;
+	struct cryptodesc *crd = req->crd;
+	struct sk_buff *skb = (struct sk_buff *) crp->crp_buf;
+	struct uio *uiop = (struct uio *) crp->crp_buf;
+	int sg_num, sg_len, skip;
+
+	dprintk("%s()\n", __FUNCTION__);
+
+	/*
+	 * Find the crypto context.
+	 *
+	 * XXX Note that the logic here prevents us from having
+	 * XXX the same algorithm multiple times in a session
+	 * XXX (or rather, we can but it won't give us the right
+	 * XXX results). To do that, we'd need some way of differentiating
+	 * XXX between the various instances of an algorithm (so we can
+	 * XXX locate the correct crypto context).
+	 */
+	for (sw = req->sw_head; sw && sw->sw_alg != crd->crd_alg; sw = sw->sw_next)
+		;
+
+	/* No such context ? */
+	if (sw == NULL) {
+		crp->crp_etype = EINVAL;
+		dprintk("%s,%d: EINVAL\n", __FILE__, __LINE__);
+		goto done;
+	}
+
+	/*
+	 * for some types we need to ensure only one user as info is stored in
+	 * the tfm during an operation that can get corrupted
+	 */
+	switch (sw->sw_type & SW_TYPE_ALG_AMASK) {
+#ifdef HAVE_AHASH
+	case SW_TYPE_AHMAC:
+	case SW_TYPE_AHASH:
+#endif
+	case SW_TYPE_HMAC:
+	case SW_TYPE_HASH: {
+		unsigned long flags;
+		spin_lock_irqsave(&sw->sw_tfm_lock, flags);
+		if (sw->sw_type & SW_TYPE_INUSE) {
+			spin_unlock_irqrestore(&sw->sw_tfm_lock, flags);
+			execute_later((void (*)(void *))swcr_process_req, (void *)req);
+			return;
+		}
+		sw->sw_type |= SW_TYPE_INUSE;
+		spin_unlock_irqrestore(&sw->sw_tfm_lock, flags);
+		} break;
+	}
+
+	req->sw = sw;
+	skip = crd->crd_skip;
+
+	/*
+	 * setup the SG list skip from the start of the buffer
+	 */
+	memset(req->sg, 0, sizeof(req->sg));
+	sg_init_table(req->sg, SCATTERLIST_MAX);
+	if (crp->crp_flags & CRYPTO_F_SKBUF) {
+		int i, len;
+
+		sg_num = 0;
+		sg_len = 0;
+
+		if (skip < skb_headlen(skb)) {
+			len = skb_headlen(skb) - skip;
+			if (len + sg_len > crd->crd_len)
+				len = crd->crd_len - sg_len;
+			sg_set_page(&req->sg[sg_num],
+				virt_to_page(skb->data + skip), len,
+				offset_in_page(skb->data + skip));
+			sg_len += len;
+			sg_num++;
+			skip = 0;
+		} else
+			skip -= skb_headlen(skb);
+
+		for (i = 0; sg_len < crd->crd_len &&
+					i < skb_shinfo(skb)->nr_frags &&
+					sg_num < SCATTERLIST_MAX; i++) {
+			if (skip < skb_shinfo(skb)->frags[i].size) {
+				len = skb_shinfo(skb)->frags[i].size - skip;
+				if (len + sg_len > crd->crd_len)
+					len = crd->crd_len - sg_len;
+				sg_set_page(&req->sg[sg_num],
+					skb_frag_page(&skb_shinfo(skb)->frags[i]),
+					len,
+					skb_shinfo(skb)->frags[i].page_offset + skip);
+				sg_len += len;
+				sg_num++;
+				skip = 0;
+			} else
+				skip -= skb_shinfo(skb)->frags[i].size;
+		}
+	} else if (crp->crp_flags & CRYPTO_F_IOV) {
+		int len;
+
+		sg_len = 0;
+		for (sg_num = 0; sg_len < crd->crd_len &&
+				sg_num < uiop->uio_iovcnt &&
+				sg_num < SCATTERLIST_MAX; sg_num++) {
+			if (skip <= uiop->uio_iov[sg_num].iov_len) {
+				len = uiop->uio_iov[sg_num].iov_len - skip;
+				if (len + sg_len > crd->crd_len)
+					len = crd->crd_len - sg_len;
+				sg_set_page(&req->sg[sg_num],
+					virt_to_page(uiop->uio_iov[sg_num].iov_base+skip),
+					len,
+					offset_in_page(uiop->uio_iov[sg_num].iov_base+skip));
+				sg_len += len;
+				skip = 0;
+			} else
+				skip -= uiop->uio_iov[sg_num].iov_len;
+		}
+	} else {
+		sg_len = (crp->crp_ilen - skip);
+		if (sg_len > crd->crd_len)
+			sg_len = crd->crd_len;
+		sg_set_page(&req->sg[0], virt_to_page(crp->crp_buf + skip),
+			sg_len, offset_in_page(crp->crp_buf + skip));
+		sg_num = 1;
+	}
+	if (sg_num > 0)
+		sg_mark_end(&req->sg[sg_num-1]);
+
+	switch (sw->sw_type & SW_TYPE_ALG_AMASK) {
+
+#ifdef HAVE_AHASH
+	case SW_TYPE_AHMAC:
+	case SW_TYPE_AHASH:
+		{
+		int ret;
+
+		/* check we have room for the result */
+		if (crp->crp_ilen - crd->crd_inject < sw->u.hmac.sw_mlen) {
+			dprintk("cryptosoft: EINVAL crp_ilen=%d, len=%d, inject=%d "
+					"digestsize=%d\n", crp->crp_ilen, crd->crd_skip + sg_len,
+					crd->crd_inject, sw->u.hmac.sw_mlen);
+			crp->crp_etype = EINVAL;
+			goto done;
+		}
+
+		req->crypto_req =
+				ahash_request_alloc(__crypto_ahash_cast(sw->sw_tfm),GFP_ATOMIC);
+		if (!req->crypto_req) {
+			crp->crp_etype = ENOMEM;
+			dprintk("%s,%d: ENOMEM ahash_request_alloc", __FILE__, __LINE__);
+			goto done;
+		}
+
+		ahash_request_set_callback(req->crypto_req,
+				CRYPTO_TFM_REQ_MAY_BACKLOG, swcr_process_callback, req);
+
+		memset(req->result, 0, sizeof(req->result));
+
+		if (sw->sw_type & SW_TYPE_AHMAC)
+			crypto_ahash_setkey(__crypto_ahash_cast(sw->sw_tfm),
+					sw->u.hmac.sw_key, sw->u.hmac.sw_klen);
+		ahash_request_set_crypt(req->crypto_req, req->sg, req->result, sg_len);
+		ret = crypto_ahash_digest(req->crypto_req);
+		switch (ret) {
+		case -EINPROGRESS:
+		case -EBUSY:
+			return;
+		default:
+		case 0:
+			dprintk("hash OP %s %d\n", ret ? "failed" : "success", ret);
+			crp->crp_etype = ret;
+			goto done;
+		}
+		} break;
+#endif /* HAVE_AHASH */
+
+#ifdef HAVE_ABLKCIPHER
+	case SW_TYPE_ABLKCIPHER: {
+		int ret;
+		unsigned char *ivp = req->iv;
+		int ivsize =
+			crypto_ablkcipher_ivsize(__crypto_ablkcipher_cast(sw->sw_tfm));
+
+		if (sg_len < crypto_ablkcipher_blocksize(
+				__crypto_ablkcipher_cast(sw->sw_tfm))) {
+			crp->crp_etype = EINVAL;
+			dprintk("%s,%d: EINVAL len %d < %d\n", __FILE__, __LINE__,
+					sg_len, crypto_ablkcipher_blocksize(
+						__crypto_ablkcipher_cast(sw->sw_tfm)));
+			goto done;
+		}
+
+		if (ivsize > sizeof(req->iv)) {
+			crp->crp_etype = EINVAL;
+			dprintk("%s,%d: EINVAL\n", __FILE__, __LINE__);
+			goto done;
+		}
+
+		req->crypto_req = ablkcipher_request_alloc(
+				__crypto_ablkcipher_cast(sw->sw_tfm), GFP_ATOMIC);
+		if (!req->crypto_req) {
+			crp->crp_etype = ENOMEM;
+			dprintk("%s,%d: ENOMEM ablkcipher_request_alloc",
+					__FILE__, __LINE__);
+			goto done;
+		}
+
+		ablkcipher_request_set_callback(req->crypto_req,
+				CRYPTO_TFM_REQ_MAY_BACKLOG, swcr_process_callback, req);
+
+		if (crd->crd_flags & CRD_F_KEY_EXPLICIT) {
+			int i, error;
+
+			if (debug) {
+				dprintk("%s key:", __FUNCTION__);
+				for (i = 0; i < (crd->crd_klen + 7) / 8; i++)
+					dprintk("%s0x%x", (i % 8) ? " " : "\n    ",
+							crd->crd_key[i] & 0xff);
+				dprintk("\n");
+			}
+			/* OCF doesn't enforce keys */
+			crypto_ablkcipher_set_flags(__crypto_ablkcipher_cast(sw->sw_tfm),
+					CRYPTO_TFM_REQ_WEAK_KEY);
+			error = crypto_ablkcipher_setkey(
+						__crypto_ablkcipher_cast(sw->sw_tfm), crd->crd_key,
+						(crd->crd_klen + 7) / 8);
+			if (error) {
+				dprintk("cryptosoft: setkey failed %d (crt_flags=0x%x)\n",
+						error, sw->sw_tfm->crt_flags);
+				crp->crp_etype = -error;
+			}
+		}
+
+		if (crd->crd_flags & CRD_F_ENCRYPT) { /* encrypt */
+
+			if (crd->crd_flags & CRD_F_IV_EXPLICIT)
+				ivp = crd->crd_iv;
+			else
+				get_random_bytes(ivp, ivsize);
+			/*
+			 * do we have to copy the IV back to the buffer ?
+			 */
+			if ((crd->crd_flags & CRD_F_IV_PRESENT) == 0) {
+				crypto_copyback(crp->crp_flags, crp->crp_buf,
+						crd->crd_inject, ivsize, (caddr_t)ivp);
+			}
+			ablkcipher_request_set_crypt(req->crypto_req, req->sg, req->sg,
+					sg_len, ivp);
+			ret = crypto_ablkcipher_encrypt(req->crypto_req);
+
+		} else { /*decrypt */
+
+			if (crd->crd_flags & CRD_F_IV_EXPLICIT)
+				ivp = crd->crd_iv;
+			else
+				crypto_copydata(crp->crp_flags, crp->crp_buf,
+						crd->crd_inject, ivsize, (caddr_t)ivp);
+			ablkcipher_request_set_crypt(req->crypto_req, req->sg, req->sg,
+					sg_len, ivp);
+			ret = crypto_ablkcipher_decrypt(req->crypto_req);
+		}
+
+		switch (ret) {
+		case -EINPROGRESS:
+		case -EBUSY:
+			return;
+		default:
+		case 0:
+			dprintk("crypto OP %s %d\n", ret ? "failed" : "success", ret);
+			crp->crp_etype = ret;
+			goto done;
+		}
+		} break;
+#endif /* HAVE_ABLKCIPHER */
+
+	case SW_TYPE_BLKCIPHER: {
+		unsigned char iv[EALG_MAX_BLOCK_LEN];
+		unsigned char *ivp = iv;
+		struct blkcipher_desc desc;
+		int ivsize = crypto_blkcipher_ivsize(crypto_blkcipher_cast(sw->sw_tfm));
+
+		if (sg_len < crypto_blkcipher_blocksize(
+				crypto_blkcipher_cast(sw->sw_tfm))) {
+			crp->crp_etype = EINVAL;
+			dprintk("%s,%d: EINVAL len %d < %d\n", __FILE__, __LINE__,
+					sg_len, crypto_blkcipher_blocksize(
+						crypto_blkcipher_cast(sw->sw_tfm)));
+			goto done;
+		}
+
+		if (ivsize > sizeof(iv)) {
+			crp->crp_etype = EINVAL;
+			dprintk("%s,%d: EINVAL\n", __FILE__, __LINE__);
+			goto done;
+		}
+
+		if (crd->crd_flags & CRD_F_KEY_EXPLICIT) {
+			int i, error;
+
+			if (debug) {
+				dprintk("%s key:", __FUNCTION__);
+				for (i = 0; i < (crd->crd_klen + 7) / 8; i++)
+					dprintk("%s0x%x", (i % 8) ? " " : "\n    ",
+							crd->crd_key[i] & 0xff);
+				dprintk("\n");
+			}
+			/* OCF doesn't enforce keys */
+			crypto_blkcipher_set_flags(crypto_blkcipher_cast(sw->sw_tfm),
+					CRYPTO_TFM_REQ_WEAK_KEY);
+			error = crypto_blkcipher_setkey(
+						crypto_blkcipher_cast(sw->sw_tfm), crd->crd_key,
+						(crd->crd_klen + 7) / 8);
+			if (error) {
+				dprintk("cryptosoft: setkey failed %d (crt_flags=0x%x)\n",
+						error, sw->sw_tfm->crt_flags);
+				crp->crp_etype = -error;
+			}
+		}
+
+		memset(&desc, 0, sizeof(desc));
+		desc.tfm = crypto_blkcipher_cast(sw->sw_tfm);
+
+		if (crd->crd_flags & CRD_F_ENCRYPT) { /* encrypt */
+
+			if (crd->crd_flags & CRD_F_IV_EXPLICIT) {
+				ivp = crd->crd_iv;
+			} else {
+				get_random_bytes(ivp, ivsize);
+			}
+			/*
+			 * do we have to copy the IV back to the buffer ?
+			 */
+			if ((crd->crd_flags & CRD_F_IV_PRESENT) == 0) {
+				crypto_copyback(crp->crp_flags, crp->crp_buf,
+						crd->crd_inject, ivsize, (caddr_t)ivp);
+			}
+			desc.info = ivp;
+			crypto_blkcipher_encrypt_iv(&desc, req->sg, req->sg, sg_len);
+
+		} else { /*decrypt */
+
+			if (crd->crd_flags & CRD_F_IV_EXPLICIT) {
+				ivp = crd->crd_iv;
+			} else {
+				crypto_copydata(crp->crp_flags, crp->crp_buf,
+						crd->crd_inject, ivsize, (caddr_t)ivp);
+			}
+			desc.info = ivp;
+			crypto_blkcipher_decrypt_iv(&desc, req->sg, req->sg, sg_len);
+		}
+		} break;
+
+	case SW_TYPE_HMAC:
+	case SW_TYPE_HASH:
+		{
+		char result[HASH_MAX_LEN];
+		struct hash_desc desc;
+
+		/* check we have room for the result */
+		if (crp->crp_ilen - crd->crd_inject < sw->u.hmac.sw_mlen) {
+			dprintk("cryptosoft: EINVAL crp_ilen=%d, len=%d, inject=%d "
+					"digestsize=%d\n", crp->crp_ilen, crd->crd_skip + sg_len,
+					crd->crd_inject, sw->u.hmac.sw_mlen);
+			crp->crp_etype = EINVAL;
+			goto done;
+		}
+
+		memset(&desc, 0, sizeof(desc));
+		desc.tfm = crypto_hash_cast(sw->sw_tfm);
+
+		memset(result, 0, sizeof(result));
+
+		if (sw->sw_type & SW_TYPE_HMAC) {
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
+			crypto_hmac(sw->sw_tfm, sw->u.hmac.sw_key, &sw->u.hmac.sw_klen,
+					req->sg, sg_num, result);
+#else
+			crypto_hash_setkey(desc.tfm, sw->u.hmac.sw_key,
+					sw->u.hmac.sw_klen);
+			crypto_hash_digest(&desc, req->sg, sg_len, result);
+#endif /* LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19) */
+
+		} else { /* SW_TYPE_HASH */
+			crypto_hash_digest(&desc, req->sg, sg_len, result);
+		}
+
+		crypto_copyback(crp->crp_flags, crp->crp_buf,
+				crd->crd_inject, sw->u.hmac.sw_mlen, result);
+		}
+		break;
+
+	case SW_TYPE_COMP: {
+		void *ibuf = NULL;
+		void *obuf = sw->u.sw_comp_buf;
+		int ilen = sg_len, olen = CRYPTO_MAX_DATA_LEN;
+		int ret = 0;
+
+		/*
+		 * we need to use an additional copy if there is more than one
+		 * input chunk since the kernel comp routines do not handle
+		 * SG yet.  Otherwise we just use the input buffer as is.
+		 * Rather than allocate another buffer we just split the tmp
+		 * buffer we already have.
+		 * Perhaps we should just use zlib directly ?
+		 */
+		if (sg_num > 1) {
+			int blk;
+
+			ibuf = obuf;
+			for (blk = 0; blk < sg_num; blk++) {
+				memcpy(obuf, sg_virt(&req->sg[blk]),
+						req->sg[blk].length);
+				obuf += req->sg[blk].length;
+			}
+			olen -= sg_len;
+		} else
+			ibuf = sg_virt(&req->sg[0]);
+
+		if (crd->crd_flags & CRD_F_ENCRYPT) { /* compress */
+			ret = crypto_comp_compress(crypto_comp_cast(sw->sw_tfm),
+					ibuf, ilen, obuf, &olen);
+			if (!ret && olen > crd->crd_len) {
+				dprintk("cryptosoft: ERANGE compress %d into %d\n",
+						crd->crd_len, olen);
+				if (swcr_fail_if_compression_grows)
+					ret = ERANGE;
+			}
+		} else { /* decompress */
+			ret = crypto_comp_decompress(crypto_comp_cast(sw->sw_tfm),
+					ibuf, ilen, obuf, &olen);
+			if (!ret && (olen + crd->crd_inject) > crp->crp_olen) {
+				dprintk("cryptosoft: ETOOSMALL decompress %d into %d, "
+						"space for %d,at offset %d\n",
+						crd->crd_len, olen, crp->crp_olen, crd->crd_inject);
+				ret = ETOOSMALL;
+			}
+		}
+		if (ret)
+			dprintk("%s,%d: ret = %d\n", __FILE__, __LINE__, ret);
+
+		/*
+		 * on success copy result back,
+		 * linux crpyto API returns -errno,  we need to fix that
+		 */
+		crp->crp_etype = ret < 0 ? -ret : ret;
+		if (ret == 0) {
+			/* copy back the result and return it's size */
+			crypto_copyback(crp->crp_flags, crp->crp_buf,
+					crd->crd_inject, olen, obuf);
+			crp->crp_olen = olen;
+		}
+		} break;
+
+	default:
+		/* Unknown/unsupported algorithm */
+		dprintk("%s,%d: EINVAL\n", __FILE__, __LINE__);
+		crp->crp_etype = EINVAL;
+		goto done;
+	}
+
+done:
+	swcr_process_req_complete(req);
+}
+
+
+/*
+ * Process a crypto request.
+ */
+static int
+swcr_process(device_t dev, struct cryptop *crp, int hint)
+{
+	struct swcr_req *req = NULL;
+	u_int32_t lid;
+
+	dprintk("%s()\n", __FUNCTION__);
+	/* Sanity check */
+	if (crp == NULL) {
+		dprintk("%s,%d: EINVAL\n", __FILE__, __LINE__);
+		return EINVAL;
+	}
+
+	crp->crp_etype = 0;
+
+	if (crp->crp_desc == NULL || crp->crp_buf == NULL) {
+		dprintk("%s,%d: EINVAL\n", __FILE__, __LINE__);
+		crp->crp_etype = EINVAL;
+		goto done;
+	}
+
+	lid = crp->crp_sid & 0xffffffff;
+	if (lid >= swcr_sesnum || lid == 0 || swcr_sessions == NULL ||
+			swcr_sessions[lid] == NULL) {
+		crp->crp_etype = ENOENT;
+		dprintk("%s,%d: ENOENT\n", __FILE__, __LINE__);
+		goto done;
+	}
+
+	/*
+	 * do some error checking outside of the loop for SKB and IOV processing
+	 * this leaves us with valid skb or uiop pointers for later
+	 */
+	if (crp->crp_flags & CRYPTO_F_SKBUF) {
+		struct sk_buff *skb = (struct sk_buff *) crp->crp_buf;
+		if (skb_shinfo(skb)->nr_frags >= SCATTERLIST_MAX) {
+			printk("%s,%d: %d nr_frags > SCATTERLIST_MAX", __FILE__, __LINE__,
+					skb_shinfo(skb)->nr_frags);
+			goto done;
+		}
+	} else if (crp->crp_flags & CRYPTO_F_IOV) {
+		struct uio *uiop = (struct uio *) crp->crp_buf;
+		if (uiop->uio_iovcnt > SCATTERLIST_MAX) {
+			printk("%s,%d: %d uio_iovcnt > SCATTERLIST_MAX", __FILE__, __LINE__,
+					uiop->uio_iovcnt);
+			goto done;
+		}
+	}
+
+	/*
+	 * setup a new request ready for queuing
+	 */
+	req = kmem_cache_alloc(swcr_req_cache, SLAB_ATOMIC);
+	if (req == NULL) {
+		dprintk("%s,%d: ENOMEM\n", __FILE__, __LINE__);
+		crp->crp_etype = ENOMEM;
+		goto done;
+	}
+	memset(req, 0, sizeof(*req));
+
+	req->sw_head = swcr_sessions[lid];
+	req->crp = crp;
+	req->crd = crp->crp_desc;
+
+	swcr_process_req(req);
+	return 0;
+
+done:
+	crypto_done(crp);
+	if (req)
+		kmem_cache_free(swcr_req_cache, req);
+	return 0;
+}
+
+
+static int
+cryptosoft_init(void)
+{
+	int i, sw_type, mode;
+	char *algo;
+
+	dprintk("%s(%p)\n", __FUNCTION__, cryptosoft_init);
+
+	swcr_req_cache = kmem_cache_create("cryptosoft_req",
+				sizeof(struct swcr_req), 0, SLAB_HWCACHE_ALIGN, NULL
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,23)
+				, NULL
+#endif
+				);
+	if (!swcr_req_cache) {
+		printk("cryptosoft: failed to create request cache\n");
+		return -ENOENT;
+	}
+
+	softc_device_init(&swcr_softc, "cryptosoft", 0, swcr_methods);
+
+	swcr_id = crypto_get_driverid(softc_get_device(&swcr_softc),
+			CRYPTOCAP_F_SOFTWARE | CRYPTOCAP_F_SYNC);
+	if (swcr_id < 0) {
+		printk("cryptosoft: Software crypto device cannot initialize!");
+		return -ENODEV;
+	}
+
+#define	REGISTER(alg) \
+		crypto_register(swcr_id, alg, 0,0)
+
+	for (i = 0; i < sizeof(crypto_details)/sizeof(crypto_details[0]); i++) {
+		int found;
+
+		algo = crypto_details[i].alg_name;
+		if (!algo || !*algo) {
+			dprintk("%s:Algorithm %d not supported\n", __FUNCTION__, i);
+			continue;
+		}
+
+		mode = crypto_details[i].mode;
+		sw_type = crypto_details[i].sw_type;
+
+		found = 0;
+		switch (sw_type & SW_TYPE_ALG_MASK) {
+		case SW_TYPE_CIPHER:
+			found = crypto_has_cipher(algo, 0, CRYPTO_ALG_ASYNC);
+			break;
+		case SW_TYPE_HMAC:
+			found = crypto_has_hash(algo, 0, swcr_no_ahash?CRYPTO_ALG_ASYNC:0);
+			break;
+		case SW_TYPE_HASH:
+			found = crypto_has_hash(algo, 0, swcr_no_ahash?CRYPTO_ALG_ASYNC:0);
+			break;
+		case SW_TYPE_COMP:
+			found = crypto_has_comp(algo, 0, CRYPTO_ALG_ASYNC);
+			break;
+		case SW_TYPE_BLKCIPHER:
+			found = crypto_has_blkcipher(algo, 0, CRYPTO_ALG_ASYNC);
+			if (!found && !swcr_no_ablk)
+				found = crypto_has_ablkcipher(algo, 0, 0);
+			break;
+		}
+		if (found) {
+			REGISTER(i);
+		} else {
+			dprintk("%s:Algorithm Type %d not supported (algorithm %d:'%s')\n",
+					__FUNCTION__, sw_type, i, algo);
+		}
+	}
+	return 0;
+}
+
+static void
+cryptosoft_exit(void)
+{
+	dprintk("%s()\n", __FUNCTION__);
+	crypto_unregister_all(swcr_id);
+	swcr_id = -1;
+	kmem_cache_destroy(swcr_req_cache);
+}
+
+late_initcall(cryptosoft_init);
+module_exit(cryptosoft_exit);
+
+MODULE_LICENSE("Dual BSD/GPL");
+MODULE_AUTHOR("David McCullough <david_mccullough@mcafee.com>");
+MODULE_DESCRIPTION("Cryptosoft (OCF module for kernel crypto)");
+/*
+ * A loadable module that benchmarks the OCF crypto speed from kernel space.
+ *
+ * Copyright (C) 2004-2010 David McCullough <david_mccullough@mcafee.com>
+ *
+ * LICENSE TERMS
+ *
+ * The free distribution and use of this software in both source and binary
+ * form is allowed (with or without changes) provided that:
+ *
+ *   1. distributions of this source code include the above copyright
+ *      notice, this list of conditions and the following disclaimer;
+ *
+ *   2. distributions in binary form include the above copyright
+ *      notice, this list of conditions and the following disclaimer
+ *      in the documentation and/or other associated materials;
+ *
+ *   3. the copyright holder's name is not used to endorse products
+ *      built using this software without specific written permission.
+ *
+ * ALTERNATIVELY, provided that this notice is retained in full, this product
+ * may be distributed under the terms of the GNU General Public License (GPL),
+ * in which case the provisions of the GPL apply INSTEAD OF those given above.
+ *
+ * DISCLAIMER
+ *
+ * This software is provided 'as is' with no explicit or implied warranties
+ * in respect of its properties, including, but not limited to, correctness
+ * and/or fitness for purpose.
+ */
+
+
+#include <linux/version.h>
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED)
+#include <linux/config.h>
+#endif
+#include <linux/module.h>
+#include <linux/init.h>
+#include <linux/list.h>
+#include <linux/slab.h>
+#include <linux/wait.h>
+#include <linux/sched.h>
+#include <linux/spinlock.h>
+#include <linux/interrupt.h>
+#include <cryptodev.h>
+
+#ifdef I_HAVE_AN_XSCALE_WITH_INTEL_SDK
+#define BENCH_IXP_ACCESS_LIB 1
+#endif
+#ifdef BENCH_IXP_ACCESS_LIB
+#include <IxTypes.h>
+#include <IxOsBuffMgt.h>
+#include <IxNpeDl.h>
+#include <IxCryptoAcc.h>
+#include <IxQMgr.h>
+#include <IxOsServices.h>
+#include <IxOsCacheMMU.h>
+#endif
+
+/*
+ * support for access lib version 1.4
+ */
+#ifndef IX_MBUF_PRIV
+#define IX_MBUF_PRIV(x) ((x)->priv)
+#endif
+
+/*
+ * the number of simultaneously active requests
+ */
+static int request_q_len = 40;
+module_param(request_q_len, int, 0);
+MODULE_PARM_DESC(request_q_len, "Number of outstanding requests");
+
+/*
+ * how many requests we want to have processed
+ */
+static int request_num = 1024;
+module_param(request_num, int, 0);
+MODULE_PARM_DESC(request_num, "run for at least this many requests");
+
+/*
+ * the size of each request
+ */
+static int request_size = 1488;
+module_param(request_size, int, 0);
+MODULE_PARM_DESC(request_size, "size of each request");
+
+/*
+ * OCF batching of requests
+ */
+static int request_batch = 1;
+module_param(request_batch, int, 0);
+MODULE_PARM_DESC(request_batch, "enable OCF request batching");
+
+/*
+ * OCF immediate callback on completion
+ */
+static int request_cbimm = 1;
+module_param(request_cbimm, int, 0);
+MODULE_PARM_DESC(request_cbimm, "enable OCF immediate callback on completion");
+
+/*
+ * a structure for each request
+ */
+typedef struct  {
+	struct work_struct work;
+#ifdef BENCH_IXP_ACCESS_LIB
+	IX_MBUF mbuf;
+#endif
+	unsigned char *buffer;
+} request_t;
+
+static request_t *requests;
+
+static spinlock_t ocfbench_counter_lock;
+static int outstanding;
+static int total;
+
+/*************************************************************************/
+/*
+ * OCF benchmark routines
+ */
+
+static uint64_t ocf_cryptoid;
+static unsigned long jstart, jstop;
+
+static int ocf_init(void);
+static int ocf_cb(struct cryptop *crp);
+static void ocf_request(void *arg);
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,20)
+static void ocf_request_wq(struct work_struct *work);
+#endif
+
+static int
+ocf_init(void)
+{
+	int error;
+	struct cryptoini crie, cria;
+	struct cryptodesc crda, crde;
+
+	memset(&crie, 0, sizeof(crie));
+	memset(&cria, 0, sizeof(cria));
+	memset(&crde, 0, sizeof(crde));
+	memset(&crda, 0, sizeof(crda));
+
+	cria.cri_alg  = CRYPTO_SHA1_HMAC;
+	cria.cri_klen = 20 * 8;
+	cria.cri_key  = "0123456789abcdefghij";
+
+	//crie.cri_alg  = CRYPTO_3DES_CBC;
+	crie.cri_alg  = CRYPTO_AES_CBC;
+	crie.cri_klen = 24 * 8;
+	crie.cri_key  = "0123456789abcdefghijklmn";
+
+	crie.cri_next = &cria;
+
+	error = crypto_newsession(&ocf_cryptoid, &crie,
+				CRYPTOCAP_F_HARDWARE | CRYPTOCAP_F_SOFTWARE);
+	if (error) {
+		printk("crypto_newsession failed %d\n", error);
+		return -1;
+	}
+	return 0;
+}
+
+static int
+ocf_cb(struct cryptop *crp)
+{
+	request_t *r = (request_t *) crp->crp_opaque;
+	unsigned long flags;
+
+	if (crp->crp_etype)
+		printk("Error in OCF processing: %d\n", crp->crp_etype);
+	crypto_freereq(crp);
+	crp = NULL;
+
+	/* do all requests  but take at least 1 second */
+	spin_lock_irqsave(&ocfbench_counter_lock, flags);
+	total++;
+	if (total > request_num && jstart + HZ < jiffies) {
+		outstanding--;
+		spin_unlock_irqrestore(&ocfbench_counter_lock, flags);
+		return 0;
+	}
+	spin_unlock_irqrestore(&ocfbench_counter_lock, flags);
+
+	schedule_work(&r->work);
+	return 0;
+}
+
+
+static void
+ocf_request(void *arg)
+{
+	request_t *r = arg;
+	struct cryptop *crp = crypto_getreq(2);
+	struct cryptodesc *crde, *crda;
+	unsigned long flags;
+
+	if (!crp) {
+		spin_lock_irqsave(&ocfbench_counter_lock, flags);
+		outstanding--;
+		spin_unlock_irqrestore(&ocfbench_counter_lock, flags);
+		return;
+	}
+
+	crde = crp->crp_desc;
+	crda = crde->crd_next;
+
+	crda->crd_skip = 0;
+	crda->crd_flags = 0;
+	crda->crd_len = request_size;
+	crda->crd_inject = request_size;
+	crda->crd_alg = CRYPTO_SHA1_HMAC;
+	crda->crd_key = "0123456789abcdefghij";
+	crda->crd_klen = 20 * 8;
+
+	crde->crd_skip = 0;
+	crde->crd_flags = CRD_F_IV_EXPLICIT | CRD_F_ENCRYPT;
+	crde->crd_len = request_size;
+	crde->crd_inject = request_size;
+	//crde->crd_alg = CRYPTO_3DES_CBC;
+	crde->crd_alg = CRYPTO_AES_CBC;
+	crde->crd_key = "0123456789abcdefghijklmn";
+	crde->crd_klen = 24 * 8;
+
+	crp->crp_ilen = request_size + 64;
+	crp->crp_flags = 0;
+	if (request_batch)
+		crp->crp_flags |= CRYPTO_F_BATCH;
+	if (request_cbimm)
+		crp->crp_flags |= CRYPTO_F_CBIMM;
+	crp->crp_buf = (caddr_t) r->buffer;
+	crp->crp_callback = ocf_cb;
+	crp->crp_sid = ocf_cryptoid;
+	crp->crp_opaque = (caddr_t) r;
+	crypto_dispatch(crp);
+}
+
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,20)
+static void
+ocf_request_wq(struct work_struct *work)
+{
+	request_t *r = container_of(work, request_t, work);
+	ocf_request(r);
+}
+#endif
+
+static void
+ocf_done(void)
+{
+	crypto_freesession(ocf_cryptoid);
+}
+
+/*************************************************************************/
+#ifdef BENCH_IXP_ACCESS_LIB
+/*************************************************************************/
+/*
+ * CryptoAcc benchmark routines
+ */
+
+static IxCryptoAccCtx ixp_ctx;
+static UINT32 ixp_ctx_id;
+static IX_MBUF ixp_pri;
+static IX_MBUF ixp_sec;
+static int ixp_registered = 0;
+
+static void ixp_register_cb(UINT32 ctx_id, IX_MBUF *bufp,
+					IxCryptoAccStatus status);
+static void ixp_perform_cb(UINT32 ctx_id, IX_MBUF *sbufp, IX_MBUF *dbufp,
+					IxCryptoAccStatus status);
+static void ixp_request(void *arg);
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,20)
+static void ixp_request_wq(struct work_struct *work);
+#endif
+
+static int
+ixp_init(void)
+{
+	IxCryptoAccStatus status;
+
+	ixp_ctx.cipherCtx.cipherAlgo = IX_CRYPTO_ACC_CIPHER_3DES;
+	ixp_ctx.cipherCtx.cipherMode = IX_CRYPTO_ACC_MODE_CBC;
+	ixp_ctx.cipherCtx.cipherKeyLen = 24;
+	ixp_ctx.cipherCtx.cipherBlockLen = IX_CRYPTO_ACC_DES_BLOCK_64;
+	ixp_ctx.cipherCtx.cipherInitialVectorLen = IX_CRYPTO_ACC_DES_IV_64;
+	memcpy(ixp_ctx.cipherCtx.key.cipherKey, "0123456789abcdefghijklmn", 24);
+
+	ixp_ctx.authCtx.authAlgo = IX_CRYPTO_ACC_AUTH_SHA1;
+	ixp_ctx.authCtx.authDigestLen = 12;
+	ixp_ctx.authCtx.aadLen = 0;
+	ixp_ctx.authCtx.authKeyLen = 20;
+	memcpy(ixp_ctx.authCtx.key.authKey, "0123456789abcdefghij", 20);
+
+	ixp_ctx.useDifferentSrcAndDestMbufs = 0;
+	ixp_ctx.operation = IX_CRYPTO_ACC_OP_ENCRYPT_AUTH ;
+
+	IX_MBUF_MLEN(&ixp_pri)  = IX_MBUF_PKT_LEN(&ixp_pri) = 128;
+	IX_MBUF_MDATA(&ixp_pri) = (unsigned char *) kmalloc(128, SLAB_ATOMIC);
+	IX_MBUF_MLEN(&ixp_sec)  = IX_MBUF_PKT_LEN(&ixp_sec) = 128;
+	IX_MBUF_MDATA(&ixp_sec) = (unsigned char *) kmalloc(128, SLAB_ATOMIC);
+
+	status = ixCryptoAccCtxRegister(&ixp_ctx, &ixp_pri, &ixp_sec,
+			ixp_register_cb, ixp_perform_cb, &ixp_ctx_id);
+
+	if (IX_CRYPTO_ACC_STATUS_SUCCESS == status) {
+		while (!ixp_registered)
+			schedule();
+		return ixp_registered < 0 ? -1 : 0;
+	}
+
+	printk("ixp: ixCryptoAccCtxRegister failed %d\n", status);
+	return -1;
+}
+
+static void
+ixp_register_cb(UINT32 ctx_id, IX_MBUF *bufp, IxCryptoAccStatus status)
+{
+	if (bufp) {
+		IX_MBUF_MLEN(bufp) = IX_MBUF_PKT_LEN(bufp) = 0;
+		kfree(IX_MBUF_MDATA(bufp));
+		IX_MBUF_MDATA(bufp) = NULL;
+	}
+
+	if (IX_CRYPTO_ACC_STATUS_WAIT == status)
+		return;
+	if (IX_CRYPTO_ACC_STATUS_SUCCESS == status)
+		ixp_registered = 1;
+	else
+		ixp_registered = -1;
+}
+
+static void
+ixp_perform_cb(
+	UINT32 ctx_id,
+	IX_MBUF *sbufp,
+	IX_MBUF *dbufp,
+	IxCryptoAccStatus status)
+{
+	request_t *r = NULL;
+	unsigned long flags;
+
+	/* do all requests  but take at least 1 second */
+	spin_lock_irqsave(&ocfbench_counter_lock, flags);
+	total++;
+	if (total > request_num && jstart + HZ < jiffies) {
+		outstanding--;
+		spin_unlock_irqrestore(&ocfbench_counter_lock, flags);
+		return;
+	}
+
+	if (!sbufp || !(r = IX_MBUF_PRIV(sbufp))) {
+		printk("crappo %p %p\n", sbufp, r);
+		outstanding--;
+		spin_unlock_irqrestore(&ocfbench_counter_lock, flags);
+		return;
+	}
+	spin_unlock_irqrestore(&ocfbench_counter_lock, flags);
+
+	schedule_work(&r->work);
+}
+
+static void
+ixp_request(void *arg)
+{
+	request_t *r = arg;
+	IxCryptoAccStatus status;
+	unsigned long flags;
+
+	memset(&r->mbuf, 0, sizeof(r->mbuf));
+	IX_MBUF_MLEN(&r->mbuf) = IX_MBUF_PKT_LEN(&r->mbuf) = request_size + 64;
+	IX_MBUF_MDATA(&r->mbuf) = r->buffer;
+	IX_MBUF_PRIV(&r->mbuf) = r;
+	status = ixCryptoAccAuthCryptPerform(ixp_ctx_id, &r->mbuf, NULL,
+			0, request_size, 0, request_size, request_size, r->buffer);
+	if (IX_CRYPTO_ACC_STATUS_SUCCESS != status) {
+		printk("status1 = %d\n", status);
+		spin_lock_irqsave(&ocfbench_counter_lock, flags);
+		outstanding--;
+		spin_unlock_irqrestore(&ocfbench_counter_lock, flags);
+		return;
+	}
+	return;
+}
+
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,20)
+static void
+ixp_request_wq(struct work_struct *work)
+{
+	request_t *r = container_of(work, request_t, work);
+	ixp_request(r);
+}
+#endif
+
+static void
+ixp_done(void)
+{
+	/* we should free the session here but I am lazy :-) */
+}
+
+/*************************************************************************/
+#endif /* BENCH_IXP_ACCESS_LIB */
+/*************************************************************************/
+
+int
+ocfbench_init(void)
+{
+	int i;
+	unsigned long mbps;
+	unsigned long flags;
+
+	printk("Crypto Speed tests\n");
+
+	requests = kmalloc(sizeof(request_t) * request_q_len, GFP_KERNEL);
+	if (!requests) {
+		printk("malloc failed\n");
+		return -EINVAL;
+	}
+
+	for (i = 0; i < request_q_len; i++) {
+		/* +64 for return data */
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,20)
+		INIT_WORK(&requests[i].work, ocf_request_wq);
+#else
+		INIT_WORK(&requests[i].work, ocf_request, &requests[i]);
+#endif
+		requests[i].buffer = kmalloc(request_size + 128, GFP_DMA);
+		if (!requests[i].buffer) {
+			printk("malloc failed\n");
+			return -EINVAL;
+		}
+		memset(requests[i].buffer, '0' + i, request_size + 128);
+	}
+
+	/*
+	 * OCF benchmark
+	 */
+	printk("OCF: testing ...\n");
+	if (ocf_init() == -1)
+		return -EINVAL;
+
+	spin_lock_init(&ocfbench_counter_lock);
+	total = outstanding = 0;
+	jstart = jiffies;
+	for (i = 0; i < request_q_len; i++) {
+		spin_lock_irqsave(&ocfbench_counter_lock, flags);
+		outstanding++;
+		spin_unlock_irqrestore(&ocfbench_counter_lock, flags);
+		ocf_request(&requests[i]);
+	}
+	while (outstanding > 0)
+		schedule();
+	jstop = jiffies;
+
+	mbps = 0;
+	if (jstop > jstart) {
+		mbps = (unsigned long) total * (unsigned long) request_size * 8;
+		mbps /= ((jstop - jstart) * 1000) / HZ;
+	}
+	printk("OCF: %d requests of %d bytes in %d jiffies (%d.%03d Mbps)\n",
+			total, request_size, (int)(jstop - jstart),
+			((int)mbps) / 1000, ((int)mbps) % 1000);
+	ocf_done();
+
+#ifdef BENCH_IXP_ACCESS_LIB
+	/*
+	 * IXP benchmark
+	 */
+	printk("IXP: testing ...\n");
+	ixp_init();
+	total = outstanding = 0;
+	jstart = jiffies;
+	for (i = 0; i < request_q_len; i++) {
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,20)
+		INIT_WORK(&requests[i].work, ixp_request_wq);
+#else
+		INIT_WORK(&requests[i].work, ixp_request, &requests[i]);
+#endif
+		spin_lock_irqsave(&ocfbench_counter_lock, flags);
+		outstanding++;
+		spin_unlock_irqrestore(&ocfbench_counter_lock, flags);
+		ixp_request(&requests[i]);
+	}
+	while (outstanding > 0)
+		schedule();
+	jstop = jiffies;
+
+	mbps = 0;
+	if (jstop > jstart) {
+		mbps = (unsigned long) total * (unsigned long) request_size * 8;
+		mbps /= ((jstop - jstart) * 1000) / HZ;
+	}
+	printk("IXP: %d requests of %d bytes in %d jiffies (%d.%03d Mbps)\n",
+			total, request_size, jstop - jstart,
+			((int)mbps) / 1000, ((int)mbps) % 1000);
+	ixp_done();
+#endif /* BENCH_IXP_ACCESS_LIB */
+
+	for (i = 0; i < request_q_len; i++)
+		kfree(requests[i].buffer);
+	kfree(requests);
+	return -EINVAL; /* always fail to load so it can be re-run quickly ;-) */
+}
+
+static void __exit ocfbench_exit(void)
+{
+}
+
+module_init(ocfbench_init);
+module_exit(ocfbench_exit);
+
+MODULE_LICENSE("BSD");
+MODULE_AUTHOR("David McCullough <david_mccullough@mcafee.com>");
+MODULE_DESCRIPTION("Benchmark various in-kernel crypto speeds");
+#ifndef _BSD_COMPAT_H_
+#define _BSD_COMPAT_H_ 1
+/****************************************************************************/
+/*
+ * Provide compat routines for older linux kernels and BSD kernels
+ *
+ * Written by David McCullough <david_mccullough@mcafee.com>
+ * Copyright (C) 2010 David McCullough <david_mccullough@mcafee.com>
+ *
+ * LICENSE TERMS
+ *
+ * The free distribution and use of this software in both source and binary
+ * form is allowed (with or without changes) provided that:
+ *
+ *   1. distributions of this source code include the above copyright
+ *      notice, this list of conditions and the following disclaimer;
+ *
+ *   2. distributions in binary form include the above copyright
+ *      notice, this list of conditions and the following disclaimer
+ *      in the documentation and/or other associated materials;
+ *
+ *   3. the copyright holder's name is not used to endorse products
+ *      built using this software without specific written permission.
+ *
+ * ALTERNATIVELY, provided that this notice is retained in full, this file
+ * may be distributed under the terms of the GNU General Public License (GPL),
+ * in which case the provisions of the GPL apply INSTEAD OF those given above.
+ *
+ * DISCLAIMER
+ *
+ * This software is provided 'as is' with no explicit or implied warranties
+ * in respect of its properties, including, but not limited to, correctness
+ * and/or fitness for purpose.
+ */
+/****************************************************************************/
+#ifdef __KERNEL__
+#include <linux/version.h>
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED)
+#include <linux/config.h>
+#endif
+
+/*
+ * fake some BSD driver interface stuff specifically for OCF use
+ */
+
+typedef struct ocf_device *device_t;
+
+typedef struct {
+	int (*cryptodev_newsession)(device_t dev, u_int32_t *sidp, struct cryptoini *cri);
+	int (*cryptodev_freesession)(device_t dev, u_int64_t tid);
+	int (*cryptodev_process)(device_t dev, struct cryptop *crp, int hint);
+	int (*cryptodev_kprocess)(device_t dev, struct cryptkop *krp, int hint);
+} device_method_t;
+#define DEVMETHOD(id, func)	id: func
+
+struct ocf_device {
+	char name[32];		/* the driver name */
+	char nameunit[32];	/* the driver name + HW instance */
+	int  unit;
+	device_method_t	methods;
+	void *softc;
+};
+
+#define CRYPTODEV_NEWSESSION(dev, sid, cri) \
+	((*(dev)->methods.cryptodev_newsession)(dev,sid,cri))
+#define CRYPTODEV_FREESESSION(dev, sid) \
+	((*(dev)->methods.cryptodev_freesession)(dev, sid))
+#define CRYPTODEV_PROCESS(dev, crp, hint) \
+	((*(dev)->methods.cryptodev_process)(dev, crp, hint))
+#define CRYPTODEV_KPROCESS(dev, krp, hint) \
+	((*(dev)->methods.cryptodev_kprocess)(dev, krp, hint))
+
+#define device_get_name(dev)	((dev)->name)
+#define device_get_nameunit(dev)	((dev)->nameunit)
+#define device_get_unit(dev)	((dev)->unit)
+#define device_get_softc(dev)	((dev)->softc)
+
+#define	softc_device_decl \
+		struct ocf_device _device; \
+		device_t
+
+#define	softc_device_init(_sc, _name, _unit, _methods) \
+	if (1) {\
+	strncpy((_sc)->_device.name, _name, sizeof((_sc)->_device.name) - 1); \
+	snprintf((_sc)->_device.nameunit, sizeof((_sc)->_device.name), "%s%d", _name, _unit); \
+	(_sc)->_device.unit = _unit; \
+	(_sc)->_device.methods = _methods; \
+	(_sc)->_device.softc = (void *) _sc; \
+	*(device_t *)((softc_get_device(_sc))+1) = &(_sc)->_device; \
+	} else
+
+#define	softc_get_device(_sc)	(&(_sc)->_device)
+
+/*
+ * iomem support for 2.4 and 2.6 kernels
+ */
+#include <linux/version.h>
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
+#define ocf_iomem_t	unsigned long
+
+/*
+ * implement simple workqueue like support for older kernels
+ */
+
+#include <linux/tqueue.h>
+
+#define work_struct tq_struct
+
+#define INIT_WORK(wp, fp, ap) \
+	do { \
+		(wp)->sync = 0; \
+		(wp)->routine = (fp); \
+		(wp)->data = (ap); \
+	} while (0)
+
+#define schedule_work(wp) \
+	do { \
+		queue_task((wp), &tq_immediate); \
+		mark_bh(IMMEDIATE_BH); \
+	} while (0)
+
+#define flush_scheduled_work()	run_task_queue(&tq_immediate)
+
+#else
+#define ocf_iomem_t	void __iomem *
+
+#include <linux/workqueue.h>
+
+#endif
+
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,26)
+#include <linux/fdtable.h>
+#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,11)
+#define files_fdtable(files)	(files)
+#endif
+
+#ifdef MODULE_PARM
+#undef module_param	/* just in case */
+#define	module_param(a,b,c)		MODULE_PARM(a,"i")
+#endif
+
+#define bzero(s,l)		memset(s,0,l)
+#define bcopy(s,d,l)	memcpy(d,s,l)
+#define bcmp(x, y, l)	memcmp(x,y,l)
+
+#define MIN(x,y)	((x) < (y) ? (x) : (y))
+
+#define device_printf(dev, a...) ({ \
+				printk("%s: ", device_get_nameunit(dev)); printk(a); \
+			})
+
+#undef printf
+#define printf(fmt...)	printk(fmt)
+
+#define KASSERT(c,p)	if (!(c)) { printk p ; } else
+
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
+#define ocf_daemonize(str) \
+	daemonize(); \
+	spin_lock_irq(&current->sigmask_lock); \
+	sigemptyset(&current->blocked); \
+	recalc_sigpending(current); \
+	spin_unlock_irq(&current->sigmask_lock); \
+	sprintf(current->comm, str);
+#else
+#define ocf_daemonize(str) daemonize(str);
+#endif
+
+#define	TAILQ_INSERT_TAIL(q,d,m) list_add_tail(&(d)->m, (q))
+#define	TAILQ_EMPTY(q)	list_empty(q)
+#define	TAILQ_FOREACH(v, q, m) list_for_each_entry(v, q, m)
+
+#define read_random(p,l) get_random_bytes(p,l)
+
+#define DELAY(x)	((x) > 2000 ? mdelay((x)/1000) : udelay(x))
+#define strtoul simple_strtoul
+
+#define pci_get_vendor(dev)	((dev)->vendor)
+#define pci_get_device(dev)	((dev)->device)
+
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
+#define pci_set_consistent_dma_mask(dev, mask) (0)
+#endif
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,10)
+#define pci_dma_sync_single_for_cpu pci_dma_sync_single
+#endif
+
+#ifndef DMA_32BIT_MASK
+#define DMA_32BIT_MASK  0x00000000ffffffffULL
+#endif
+
+#ifndef htole32
+#define htole32(x)	cpu_to_le32(x)
+#endif
+#ifndef htobe32
+#define htobe32(x)	cpu_to_be32(x)
+#endif
+#ifndef htole16
+#define htole16(x)	cpu_to_le16(x)
+#endif
+#ifndef htobe16
+#define htobe16(x)	cpu_to_be16(x)
+#endif
+
+/* older kernels don't have these */
+
+#include <asm/irq.h>
+#if !defined(IRQ_NONE) && !defined(IRQ_RETVAL)
+#define IRQ_NONE
+#define IRQ_HANDLED
+#define IRQ_WAKE_THREAD
+#define IRQ_RETVAL
+#define irqreturn_t void
+typedef irqreturn_t (*irq_handler_t)(int irq, void *arg, struct pt_regs *regs);
+#endif
+#ifndef IRQF_SHARED
+#define IRQF_SHARED	SA_SHIRQ
+#endif
+
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,5,0)
+# define strlcpy(dest,src,len) \
+		({strncpy(dest,src,(len)-1); ((char *)dest)[(len)-1] = '\0'; })
+#endif
+
+#ifndef MAX_ERRNO
+#define MAX_ERRNO	4095
+#endif
+#ifndef IS_ERR_VALUE
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,5,5)
+#include <linux/err.h>
+#endif
+#ifndef IS_ERR_VALUE
+#define IS_ERR_VALUE(x) ((unsigned long)(x) >= (unsigned long)-MAX_ERRNO)
+#endif
+#endif
+
+/*
+ * common debug for all
+ */
+#if 1
+#define dprintk(a...)	do { if (debug) printk(a); } while(0)
+#else
+#define dprintk(a...)
+#endif
+
+#ifndef SLAB_ATOMIC
+/* Changed in 2.6.20, must use GFP_ATOMIC now */
+#define	SLAB_ATOMIC	GFP_ATOMIC
+#endif
+
+/*
+ * need some additional support for older kernels */
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,2)
+#define pci_register_driver_compat(driver, rc) \
+	do { \
+		if ((rc) > 0) { \
+			(rc) = 0; \
+		} else if (rc == 0) { \
+			(rc) = -ENODEV; \
+		} else { \
+			pci_unregister_driver(driver); \
+		} \
+	} while (0)
+#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,10)
+#define pci_register_driver_compat(driver,rc) ((rc) = (rc) < 0 ? (rc) : 0)
+#else
+#define pci_register_driver_compat(driver,rc)
+#endif
+
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,24)
+
+#include <linux/mm.h>
+#include <asm/scatterlist.h>
+
+static inline void sg_set_page(struct scatterlist *sg,  struct page *page,
+			       unsigned int len, unsigned int offset)
+{
+	sg->page = page;
+	sg->offset = offset;
+	sg->length = len;
+}
+
+static inline void *sg_virt(struct scatterlist *sg)
+{
+	return page_address(sg->page) + sg->offset;
+}
+
+#define sg_init_table(sg, n)
+
+#define sg_mark_end(sg)
+
+#endif
+
+#ifndef late_initcall
+#define late_initcall(init) module_init(init)
+#endif
+
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,4) || !defined(CONFIG_SMP)
+#define ocf_for_each_cpu(cpu) for ((cpu) = 0; (cpu) == 0; (cpu)++)
+#else
+#define ocf_for_each_cpu(cpu) for_each_present_cpu(cpu)
+#endif
+
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,27)
+#include <linux/sched.h>
+#define	kill_proc(p,s,v)	send_sig(s,find_task_by_vpid(p),0)
+#endif
+
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,4)
+
+struct ocf_thread {
+	struct task_struct	*task;
+	int					(*func)(void *arg);
+	void				*arg;
+};
+
+/* thread startup helper func */
+static inline int ocf_run_thread(void *arg)
+{
+	struct ocf_thread *t = (struct ocf_thread *) arg;
+	if (!t)
+		return -1; /* very bad */
+	t->task = current;
+	daemonize();
+	spin_lock_irq(&current->sigmask_lock);
+	sigemptyset(&current->blocked);
+	recalc_sigpending(current);
+	spin_unlock_irq(&current->sigmask_lock);
+	return (*t->func)(t->arg);
+}
+
+#define kthread_create(f,a,fmt...) \
+	({ \
+		struct ocf_thread t; \
+		pid_t p; \
+		t.task = NULL; \
+		t.func = (f); \
+		t.arg = (a); \
+		p = kernel_thread(ocf_run_thread, &t, CLONE_FS|CLONE_FILES); \
+		while (p != (pid_t) -1 && t.task == NULL) \
+			schedule(); \
+		if (t.task) \
+			snprintf(t.task->comm, sizeof(t.task->comm), fmt); \
+		(t.task); \
+	})
+
+#define kthread_bind(t,cpu)	/**/
+
+#define kthread_should_stop()	(strcmp(current->comm, "stopping") == 0)
+
+#define kthread_stop(t) \
+	({ \
+		strcpy((t)->comm, "stopping"); \
+		kill_proc((t)->pid, SIGTERM, 1); \
+		do { \
+			schedule(); \
+		} while (kill_proc((t)->pid, SIGTERM, 1) == 0); \
+	})
+
+#else
+#include <linux/kthread.h>
+#endif
+
+
+#if LINUX_VERSION_CODE < KERNEL_VERSION(3,2,0)
+#define	skb_frag_page(x)	((x)->page)
+#endif
+
+#endif /* __KERNEL__ */
+
+/****************************************************************************/
+#endif /* _BSD_COMPAT_H_ */
+# for SGlinux builds
+-include $(ROOTDIR)/modules/.config
+
+obj-$(CONFIG_OCF_OCFNULL) += ocfnull.o
+
+obj ?= .
+EXTRA_CFLAGS += -I$(obj)/..
+
+ifdef TOPDIR
+-include $(TOPDIR)/Rules.make
+endif
+/*
+ * An OCF module for determining the cost of crypto versus the cost of
+ * IPSec processing outside of OCF.  This modules gives us the effect of
+ * zero cost encryption,  of course you will need to run it at both ends
+ * since it does no crypto at all.
+ *
+ * Written by David McCullough <david_mccullough@mcafee.com>
+ * Copyright (C) 2006-2010 David McCullough
+ *
+ * LICENSE TERMS
+ *
+ * The free distribution and use of this software in both source and binary
+ * form is allowed (with or without changes) provided that:
+ *
+ *   1. distributions of this source code include the above copyright
+ *      notice, this list of conditions and the following disclaimer;
+ *
+ *   2. distributions in binary form include the above copyright
+ *      notice, this list of conditions and the following disclaimer
+ *      in the documentation and/or other associated materials;
+ *
+ *   3. the copyright holder's name is not used to endorse products
+ *      built using this software without specific written permission.
+ *
+ * ALTERNATIVELY, provided that this notice is retained in full, this product
+ * may be distributed under the terms of the GNU General Public License (GPL),
+ * in which case the provisions of the GPL apply INSTEAD OF those given above.
+ *
+ * DISCLAIMER
+ *
+ * This software is provided 'as is' with no explicit or implied warranties
+ * in respect of its properties, including, but not limited to, correctness
+ * and/or fitness for purpose.
+ */
+
+#include <linux/version.h>
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED)
+#include <linux/config.h>
+#endif
+#include <linux/module.h>
+#include <linux/init.h>
+#include <linux/list.h>
+#include <linux/slab.h>
+#include <linux/sched.h>
+#include <linux/wait.h>
+#include <linux/crypto.h>
+#include <linux/interrupt.h>
+
+#include <cryptodev.h>
+#include <uio.h>
+
+static int32_t			 null_id = -1;
+static u_int32_t		 null_sesnum = 0;
+
+static int null_process(device_t, struct cryptop *, int);
+static int null_newsession(device_t, u_int32_t *, struct cryptoini *);
+static int null_freesession(device_t, u_int64_t);
+
+#define debug ocfnull_debug
+int ocfnull_debug = 0;
+module_param(ocfnull_debug, int, 0644);
+MODULE_PARM_DESC(ocfnull_debug, "Enable debug");
+
+/*
+ * dummy device structure
+ */
+
+static struct {
+	softc_device_decl	sc_dev;
+} nulldev;
+
+static device_method_t null_methods = {
+	/* crypto device methods */
+	DEVMETHOD(cryptodev_newsession,	null_newsession),
+	DEVMETHOD(cryptodev_freesession,null_freesession),
+	DEVMETHOD(cryptodev_process,	null_process),
+};
+
+/*
+ * Generate a new software session.
+ */
+static int
+null_newsession(device_t arg, u_int32_t *sid, struct cryptoini *cri)
+{
+	dprintk("%s()\n", __FUNCTION__);
+	if (sid == NULL || cri == NULL) {
+		dprintk("%s,%d - EINVAL\n", __FILE__, __LINE__);
+		return EINVAL;
+	}
+
+	if (null_sesnum == 0)
+		null_sesnum++;
+	*sid = null_sesnum++;
+	return 0;
+}
+
+
+/*
+ * Free a session.
+ */
+static int
+null_freesession(device_t arg, u_int64_t tid)
+{
+	u_int32_t sid = CRYPTO_SESID2LID(tid);
+
+	dprintk("%s()\n", __FUNCTION__);
+	if (sid > null_sesnum) {
+		dprintk("%s,%d: EINVAL\n", __FILE__, __LINE__);
+		return EINVAL;
+	}
+
+	/* Silently accept and return */
+	if (sid == 0)
+		return 0;
+	return 0;
+}
+
+
+/*
+ * Process a request.
+ */
+static int
+null_process(device_t arg, struct cryptop *crp, int hint)
+{
+	unsigned int lid;
+
+	dprintk("%s()\n", __FUNCTION__);
+
+	/* Sanity check */
+	if (crp == NULL) {
+		dprintk("%s,%d: EINVAL\n", __FILE__, __LINE__);
+		return EINVAL;
+	}
+
+	crp->crp_etype = 0;
+
+	if (crp->crp_desc == NULL || crp->crp_buf == NULL) {
+		dprintk("%s,%d: EINVAL\n", __FILE__, __LINE__);
+		crp->crp_etype = EINVAL;
+		goto done;
+	}
+
+	/*
+	 * find the session we are using
+	 */
+
+	lid = crp->crp_sid & 0xffffffff;
+	if (lid >= null_sesnum || lid == 0) {
+		crp->crp_etype = ENOENT;
+		dprintk("%s,%d: ENOENT\n", __FILE__, __LINE__);
+		goto done;
+	}
+
+done:
+	crypto_done(crp);
+	return 0;
+}
+
+
+/*
+ * our driver startup and shutdown routines
+ */
+
+static int
+null_init(void)
+{
+	dprintk("%s(%p)\n", __FUNCTION__, null_init);
+
+	memset(&nulldev, 0, sizeof(nulldev));
+	softc_device_init(&nulldev, "ocfnull", 0, null_methods);
+
+	null_id = crypto_get_driverid(softc_get_device(&nulldev),
+				CRYPTOCAP_F_HARDWARE);
+	if (null_id < 0)
+		panic("ocfnull: crypto device cannot initialize!");
+
+#define	REGISTER(alg) \
+	crypto_register(null_id,alg,0,0)
+	REGISTER(CRYPTO_DES_CBC);
+	REGISTER(CRYPTO_3DES_CBC);
+	REGISTER(CRYPTO_RIJNDAEL128_CBC);
+	REGISTER(CRYPTO_MD5);
+	REGISTER(CRYPTO_SHA1);
+	REGISTER(CRYPTO_MD5_HMAC);
+	REGISTER(CRYPTO_SHA1_HMAC);
+#undef REGISTER
+
+	return 0;
+}
+
+static void
+null_exit(void)
+{
+	dprintk("%s()\n", __FUNCTION__);
+	crypto_unregister_all(null_id);
+	null_id = -1;
+}
+
+module_init(null_init);
+module_exit(null_exit);
+
+MODULE_LICENSE("Dual BSD/GPL");
+MODULE_AUTHOR("David McCullough <david_mccullough@mcafee.com>");
+MODULE_DESCRIPTION("ocfnull - claims a lot but does nothing");
+/*
+ * A system independant way of adding entropy to the kernels pool
+ * this way the drivers can focus on the real work and we can take
+ * care of pushing it to the appropriate place in the kernel.
+ *
+ * This should be fast and callable from timers/interrupts
+ *
+ * Written by David McCullough <david_mccullough@mcafee.com>
+ * Copyright (C) 2006-2010 David McCullough
+ * Copyright (C) 2004-2005 Intel Corporation.
+ *
+ * LICENSE TERMS
+ *
+ * The free distribution and use of this software in both source and binary
+ * form is allowed (with or without changes) provided that:
+ *
+ *   1. distributions of this source code include the above copyright
+ *      notice, this list of conditions and the following disclaimer;
+ *
+ *   2. distributions in binary form include the above copyright
+ *      notice, this list of conditions and the following disclaimer
+ *      in the documentation and/or other associated materials;
+ *
+ *   3. the copyright holder's name is not used to endorse products
+ *      built using this software without specific written permission.
+ *
+ * ALTERNATIVELY, provided that this notice is retained in full, this product
+ * may be distributed under the terms of the GNU General Public License (GPL),
+ * in which case the provisions of the GPL apply INSTEAD OF those given above.
+ *
+ * DISCLAIMER
+ *
+ * This software is provided 'as is' with no explicit or implied warranties
+ * in respect of its properties, including, but not limited to, correctness
+ * and/or fitness for purpose.
+ */
+
+#include <linux/version.h>
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED)
+#include <linux/config.h>
+#endif
+#include <linux/module.h>
+#include <linux/init.h>
+#include <linux/list.h>
+#include <linux/slab.h>
+#include <linux/wait.h>
+#include <linux/sched.h>
+#include <linux/spinlock.h>
+#include <linux/unistd.h>
+#include <linux/poll.h>
+#include <linux/random.h>
+#include <cryptodev.h>
+
+#ifdef CONFIG_OCF_FIPS
+#include "rndtest.h"
+#endif
+
+#ifndef HAS_RANDOM_INPUT_WAIT
+#error "Please do not enable OCF_RANDOMHARVEST unless you have applied patches"
+#endif
+
+/*
+ * a hack to access the debug levels from the crypto driver
+ */
+extern int crypto_debug;
+#define debug crypto_debug
+
+/*
+ * a list of all registered random providers
+ */
+static LIST_HEAD(random_ops);
+static int started = 0;
+static int initted = 0;
+
+struct random_op {
+	struct list_head random_list;
+	u_int32_t driverid;
+	int (*read_random)(void *arg, u_int32_t *buf, int len);
+	void *arg;
+};
+
+static int random_proc(void *arg);
+
+static pid_t		randomproc = (pid_t) -1;
+static spinlock_t	random_lock;
+
+/*
+ * just init the spin locks
+ */
+static int
+crypto_random_init(void)
+{
+	spin_lock_init(&random_lock);
+	initted = 1;
+	return(0);
+}
+
+/*
+ * Add the given random reader to our list (if not present)
+ * and start the thread (if not already started)
+ *
+ * we have to assume that driver id is ok for now
+ */
+int
+crypto_rregister(
+	u_int32_t driverid,
+	int (*read_random)(void *arg, u_int32_t *buf, int len),
+	void *arg)
+{
+	unsigned long flags;
+	int ret = 0;
+	struct random_op	*rops, *tmp;
+
+	dprintk("%s,%d: %s(0x%x, %p, %p)\n", __FILE__, __LINE__,
+			__FUNCTION__, driverid, read_random, arg);
+
+	if (!initted)
+		crypto_random_init();
+
+#if 0
+	struct cryptocap	*cap;
+
+	cap = crypto_checkdriver(driverid);
+	if (!cap)
+		return EINVAL;
+#endif
+
+	list_for_each_entry_safe(rops, tmp, &random_ops, random_list) {
+		if (rops->driverid == driverid && rops->read_random == read_random)
+			return EEXIST;
+	}
+
+	rops = (struct random_op *) kmalloc(sizeof(*rops), GFP_KERNEL);
+	if (!rops)
+		return ENOMEM;
+
+	rops->driverid    = driverid;
+	rops->read_random = read_random;
+	rops->arg = arg;
+
+	spin_lock_irqsave(&random_lock, flags);
+	list_add_tail(&rops->random_list, &random_ops);
+	if (!started) {
+		randomproc = kernel_thread(random_proc, NULL, CLONE_FS|CLONE_FILES);
+		if (randomproc < 0) {
+			ret = randomproc;
+			printk("crypto: crypto_rregister cannot start random thread; "
+					"error %d", ret);
+		} else
+			started = 1;
+	}
+	spin_unlock_irqrestore(&random_lock, flags);
+
+	return ret;
+}
+EXPORT_SYMBOL(crypto_rregister);
+
+int
+crypto_runregister_all(u_int32_t driverid)
+{
+	struct random_op *rops, *tmp;
+	unsigned long flags;
+
+	dprintk("%s,%d: %s(0x%x)\n", __FILE__, __LINE__, __FUNCTION__, driverid);
+
+	list_for_each_entry_safe(rops, tmp, &random_ops, random_list) {
+		if (rops->driverid == driverid) {
+			list_del(&rops->random_list);
+			kfree(rops);
+		}
+	}
+
+	spin_lock_irqsave(&random_lock, flags);
+	if (list_empty(&random_ops) && started)
+		kill_proc(randomproc, SIGKILL, 1);
+	spin_unlock_irqrestore(&random_lock, flags);
+	return(0);
+}
+EXPORT_SYMBOL(crypto_runregister_all);
+
+/*
+ * while we can add entropy to random.c continue to read random data from
+ * the drivers and push it to random.
+ */
+static int
+random_proc(void *arg)
+{
+	int n;
+	int wantcnt;
+	int bufcnt = 0;
+	int retval = 0;
+	int *buf = NULL;
+
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
+	daemonize();
+	spin_lock_irq(&current->sigmask_lock);
+	sigemptyset(&current->blocked);
+	recalc_sigpending(current);
+	spin_unlock_irq(&current->sigmask_lock);
+	sprintf(current->comm, "ocf-random");
+#else
+	daemonize("ocf-random");
+	allow_signal(SIGKILL);
+#endif
+
+	(void) get_fs();
+	set_fs(get_ds());
+
+#ifdef CONFIG_OCF_FIPS
+#define NUM_INT (RNDTEST_NBYTES/sizeof(int))
+#else
+#define NUM_INT 32
+#endif
+
+	/*
+	 * some devices can transferr their RNG data direct into memory,
+	 * so make sure it is device friendly
+	 */
+	buf = kmalloc(NUM_INT * sizeof(int), GFP_DMA);
+	if (NULL == buf) {
+		printk("crypto: RNG could not allocate memory\n");
+		retval = -ENOMEM;
+		goto bad_alloc;
+	}
+
+	wantcnt = NUM_INT;   /* start by adding some entropy */
+
+	/*
+	 * its possible due to errors or driver removal that we no longer
+	 * have anything to do,  if so exit or we will consume all the CPU
+	 * doing nothing
+	 */
+	while (!list_empty(&random_ops)) {
+		struct random_op	*rops, *tmp;
+
+#ifdef CONFIG_OCF_FIPS
+		if (wantcnt)
+			wantcnt = NUM_INT; /* FIPs mode can do 20000 bits or none */
+#endif
+
+		/* see if we can get enough entropy to make the world
+		 * a better place.
+		 */
+		while (bufcnt < wantcnt && bufcnt < NUM_INT) {
+			list_for_each_entry_safe(rops, tmp, &random_ops, random_list) {
+
+				n = (*rops->read_random)(rops->arg, &buf[bufcnt],
+							 NUM_INT - bufcnt);
+
+				/* on failure remove the random number generator */
+				if (n == -1) {
+					list_del(&rops->random_list);
+					printk("crypto: RNG (driverid=0x%x) failed, disabling\n",
+							rops->driverid);
+					kfree(rops);
+				} else if (n > 0)
+					bufcnt += n;
+			}
+			/* give up CPU for a bit, just in case as this is a loop */
+			schedule();
+		}
+
+
+#ifdef CONFIG_OCF_FIPS
+		if (bufcnt > 0 && rndtest_buf((unsigned char *) &buf[0])) {
+			dprintk("crypto: buffer had fips errors, discarding\n");
+			bufcnt = 0;
+		}
+#endif
+
+		/*
+		 * if we have a certified buffer,  we can send some data
+		 * to /dev/random and move along
+		 */
+		if (bufcnt > 0) {
+			/* add what we have */
+			random_input_words(buf, bufcnt, bufcnt*sizeof(int)*8);
+			bufcnt = 0;
+		}
+
+		/* give up CPU for a bit so we don't hog while filling */
+		schedule();
+
+		/* wait for needing more */
+		wantcnt = random_input_wait();
+
+		if (wantcnt <= 0)
+			wantcnt = 0; /* try to get some info again */
+		else
+		 	/* round up to one word or we can loop forever */
+			wantcnt = (wantcnt + (sizeof(int)*8)) / (sizeof(int)*8);
+		if (wantcnt > NUM_INT) {
+			wantcnt = NUM_INT;
+		}
+
+		if (signal_pending(current)) {
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
+			spin_lock_irq(&current->sigmask_lock);
+#endif
+			flush_signals(current);
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
+			spin_unlock_irq(&current->sigmask_lock);
+#endif
+		}
+	}
+
+	kfree(buf);
+
+bad_alloc:
+	spin_lock_irq(&random_lock);
+	randomproc = (pid_t) -1;
+	started = 0;
+	spin_unlock_irq(&random_lock);
+
+	return retval;
+}
+/*	$OpenBSD$	*/
+
+/*
+ * OCF/Linux port done by David McCullough <david_mccullough@mcafee.com>
+ * Copyright (C) 2006-2010 David McCullough
+ * Copyright (C) 2004-2005 Intel Corporation.
+ * The license and original author are listed below.
+ *
+ * Copyright (c) 2002 Jason L. Wright (jason@thought.net)
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by Jason L. Wright
+ * 4. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+ * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <linux/version.h>
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED)
+#include <linux/config.h>
+#endif
+#include <linux/module.h>
+#include <linux/list.h>
+#include <linux/wait.h>
+#include <linux/time.h>
+#include <linux/unistd.h>
+#include <linux/kernel.h>
+#include <linux/string.h>
+#include <linux/time.h>
+#include <cryptodev.h>
+#include "rndtest.h"
+
+static struct rndtest_stats rndstats;
+
+static	void rndtest_test(struct rndtest_state *);
+
+/* The tests themselves */
+static	int rndtest_monobit(struct rndtest_state *);
+static	int rndtest_runs(struct rndtest_state *);
+static	int rndtest_longruns(struct rndtest_state *);
+static	int rndtest_chi_4(struct rndtest_state *);
+
+static	int rndtest_runs_check(struct rndtest_state *, int, int *);
+static	void rndtest_runs_record(struct rndtest_state *, int, int *);
+
+static const struct rndtest_testfunc {
+	int (*test)(struct rndtest_state *);
+} rndtest_funcs[] = {
+	{ rndtest_monobit },
+	{ rndtest_runs },
+	{ rndtest_chi_4 },
+	{ rndtest_longruns },
+};
+
+#define	RNDTEST_NTESTS	(sizeof(rndtest_funcs)/sizeof(rndtest_funcs[0]))
+
+static void
+rndtest_test(struct rndtest_state *rsp)
+{
+	int i, rv = 0;
+
+	rndstats.rst_tests++;
+	for (i = 0; i < RNDTEST_NTESTS; i++)
+		rv |= (*rndtest_funcs[i].test)(rsp);
+	rsp->rs_discard = (rv != 0);
+}
+
+
+extern int crypto_debug;
+#define rndtest_verbose 2
+#define rndtest_report(rsp, failure, fmt, a...) \
+	{ if (failure || crypto_debug) { printk("rng_test: " fmt "\n", a); } else; }
+
+#define	RNDTEST_MONOBIT_MINONES	9725
+#define	RNDTEST_MONOBIT_MAXONES	10275
+
+static int
+rndtest_monobit(struct rndtest_state *rsp)
+{
+	int i, ones = 0, j;
+	u_int8_t r;
+
+	for (i = 0; i < RNDTEST_NBYTES; i++) {
+		r = rsp->rs_buf[i];
+		for (j = 0; j < 8; j++, r <<= 1)
+			if (r & 0x80)
+				ones++;
+	}
+	if (ones > RNDTEST_MONOBIT_MINONES &&
+	    ones < RNDTEST_MONOBIT_MAXONES) {
+		if (rndtest_verbose > 1)
+			rndtest_report(rsp, 0, "monobit pass (%d < %d < %d)",
+			    RNDTEST_MONOBIT_MINONES, ones,
+			    RNDTEST_MONOBIT_MAXONES);
+		return (0);
+	} else {
+		if (rndtest_verbose)
+			rndtest_report(rsp, 1,
+			    "monobit failed (%d ones)", ones);
+		rndstats.rst_monobit++;
+		return (-1);
+	}
+}
+
+#define	RNDTEST_RUNS_NINTERVAL	6
+
+static const struct rndtest_runs_tabs {
+	u_int16_t min, max;
+} rndtest_runs_tab[] = {
+	{ 2343, 2657 },
+	{ 1135, 1365 },
+	{ 542, 708 },
+	{ 251, 373 },
+	{ 111, 201 },
+	{ 111, 201 },
+};
+
+static int
+rndtest_runs(struct rndtest_state *rsp)
+{
+	int i, j, ones, zeros, rv = 0;
+	int onei[RNDTEST_RUNS_NINTERVAL], zeroi[RNDTEST_RUNS_NINTERVAL];
+	u_int8_t c;
+
+	bzero(onei, sizeof(onei));
+	bzero(zeroi, sizeof(zeroi));
+	ones = zeros = 0;
+	for (i = 0; i < RNDTEST_NBYTES; i++) {
+		c = rsp->rs_buf[i];
+		for (j = 0; j < 8; j++, c <<= 1) {
+			if (c & 0x80) {
+				ones++;
+				rndtest_runs_record(rsp, zeros, zeroi);
+				zeros = 0;
+			} else {
+				zeros++;
+				rndtest_runs_record(rsp, ones, onei);
+				ones = 0;
+			}
+		}
+	}
+	rndtest_runs_record(rsp, ones, onei);
+	rndtest_runs_record(rsp, zeros, zeroi);
+
+	rv |= rndtest_runs_check(rsp, 0, zeroi);
+	rv |= rndtest_runs_check(rsp, 1, onei);
+
+	if (rv)
+		rndstats.rst_runs++;
+
+	return (rv);
+}
+
+static void
+rndtest_runs_record(struct rndtest_state *rsp, int len, int *intrv)
+{
+	if (len == 0)
+		return;
+	if (len > RNDTEST_RUNS_NINTERVAL)
+		len = RNDTEST_RUNS_NINTERVAL;
+	len -= 1;
+	intrv[len]++;
+}
+
+static int
+rndtest_runs_check(struct rndtest_state *rsp, int val, int *src)
+{
+	int i, rv = 0;
+
+	for (i = 0; i < RNDTEST_RUNS_NINTERVAL; i++) {
+		if (src[i] < rndtest_runs_tab[i].min ||
+		    src[i] > rndtest_runs_tab[i].max) {
+			rndtest_report(rsp, 1,
+			    "%s interval %d failed (%d, %d-%d)",
+			    val ? "ones" : "zeros",
+			    i + 1, src[i], rndtest_runs_tab[i].min,
+			    rndtest_runs_tab[i].max);
+			rv = -1;
+		} else {
+			rndtest_report(rsp, 0,
+			    "runs pass %s interval %d (%d < %d < %d)",
+			    val ? "ones" : "zeros",
+			    i + 1, rndtest_runs_tab[i].min, src[i],
+			    rndtest_runs_tab[i].max);
+		}
+	}
+	return (rv);
+}
+
+static int
+rndtest_longruns(struct rndtest_state *rsp)
+{
+	int i, j, ones = 0, zeros = 0, maxones = 0, maxzeros = 0;
+	u_int8_t c;
+
+	for (i = 0; i < RNDTEST_NBYTES; i++) {
+		c = rsp->rs_buf[i];
+		for (j = 0; j < 8; j++, c <<= 1) {
+			if (c & 0x80) {
+				zeros = 0;
+				ones++;
+				if (ones > maxones)
+					maxones = ones;
+			} else {
+				ones = 0;
+				zeros++;
+				if (zeros > maxzeros)
+					maxzeros = zeros;
+			}
+		}
+	}
+
+	if (maxones < 26 && maxzeros < 26) {
+		rndtest_report(rsp, 0, "longruns pass (%d ones, %d zeros)",
+			maxones, maxzeros);
+		return (0);
+	} else {
+		rndtest_report(rsp, 1, "longruns fail (%d ones, %d zeros)",
+			maxones, maxzeros);
+		rndstats.rst_longruns++;
+		return (-1);
+	}
+}
+
+/*
+ * chi^2 test over 4 bits: (this is called the poker test in FIPS 140-2,
+ * but it is really the chi^2 test over 4 bits (the poker test as described
+ * by Knuth vol 2 is something different, and I take him as authoritative
+ * on nomenclature over NIST).
+ */
+#define	RNDTEST_CHI4_K	16
+#define	RNDTEST_CHI4_K_MASK	(RNDTEST_CHI4_K - 1)
+
+/*
+ * The unnormalized values are used so that we don't have to worry about
+ * fractional precision.  The "real" value is found by:
+ *	(V - 1562500) * (16 / 5000) = Vn   (where V is the unnormalized value)
+ */
+#define	RNDTEST_CHI4_VMIN	1563181		/* 2.1792 */
+#define	RNDTEST_CHI4_VMAX	1576929		/* 46.1728 */
+
+static int
+rndtest_chi_4(struct rndtest_state *rsp)
+{
+	unsigned int freq[RNDTEST_CHI4_K], i, sum;
+
+	for (i = 0; i < RNDTEST_CHI4_K; i++)
+		freq[i] = 0;
+
+	/* Get number of occurances of each 4 bit pattern */
+	for (i = 0; i < RNDTEST_NBYTES; i++) {
+		freq[(rsp->rs_buf[i] >> 4) & RNDTEST_CHI4_K_MASK]++;
+		freq[(rsp->rs_buf[i] >> 0) & RNDTEST_CHI4_K_MASK]++;
+	}
+
+	for (i = 0, sum = 0; i < RNDTEST_CHI4_K; i++)
+		sum += freq[i] * freq[i];
+
+	if (sum >= 1563181 && sum <= 1576929) {
+		rndtest_report(rsp, 0, "chi^2(4): pass (sum %u)", sum);
+		return (0);
+	} else {
+		rndtest_report(rsp, 1, "chi^2(4): failed (sum %u)", sum);
+		rndstats.rst_chi++;
+		return (-1);
+	}
+}
+
+int
+rndtest_buf(unsigned char *buf)
+{
+	struct rndtest_state rsp;
+
+	memset(&rsp, 0, sizeof(rsp));
+	rsp.rs_buf = buf;
+	rndtest_test(&rsp);
+	return(rsp.rs_discard);
+}
+/*	$FreeBSD: src/sys/dev/rndtest/rndtest.h,v 1.1 2003/03/11 22:54:44 sam Exp $	*/
+/*	$OpenBSD$	*/
+
+/*
+ * Copyright (c) 2002 Jason L. Wright (jason@thought.net)
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by Jason L. Wright
+ * 4. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+ * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+
+/* Some of the tests depend on these values */
+#define	RNDTEST_NBYTES	2500
+#define	RNDTEST_NBITS	(8 * RNDTEST_NBYTES)
+
+struct rndtest_state {
+	int		rs_discard;	/* discard/accept random data */
+	u_int8_t	*rs_buf;
+};
+
+struct rndtest_stats {
+	u_int32_t	rst_discard;	/* number of bytes discarded */
+	u_int32_t	rst_tests;	/* number of test runs */
+	u_int32_t	rst_monobit;	/* monobit test failures */
+	u_int32_t	rst_runs;	/* 0/1 runs failures */
+	u_int32_t	rst_longruns;	/* longruns failures */
+	u_int32_t	rst_chi;	/* chi^2 failures */
+};
+
+extern int rndtest_buf(unsigned char *buf);
+#ifndef _OCF_UIO_H_
+#define _OCF_UIO_H_
+
+#include <linux/uio.h>
+
+/*
+ * The linux uio.h doesn't have all we need.  To be fully api compatible
+ * with the BSD cryptodev,  we need to keep this around.  Perhaps this can
+ * be moved back into the linux/uio.h
+ *
+ * Linux port done by David McCullough <david_mccullough@mcafee.com>
+ * Copyright (C) 2006-2010 David McCullough
+ * Copyright (C) 2004-2005 Intel Corporation.
+ *
+ * LICENSE TERMS
+ *
+ * The free distribution and use of this software in both source and binary
+ * form is allowed (with or without changes) provided that:
+ *
+ *   1. distributions of this source code include the above copyright
+ *      notice, this list of conditions and the following disclaimer;
+ *
+ *   2. distributions in binary form include the above copyright
+ *      notice, this list of conditions and the following disclaimer
+ *      in the documentation and/or other associated materials;
+ *
+ *   3. the copyright holder's name is not used to endorse products
+ *      built using this software without specific written permission.
+ *
+ * ALTERNATIVELY, provided that this notice is retained in full, this product
+ * may be distributed under the terms of the GNU General Public License (GPL),
+ * in which case the provisions of the GPL apply INSTEAD OF those given above.
+ *
+ * DISCLAIMER
+ *
+ * This software is provided 'as is' with no explicit or implied warranties
+ * in respect of its properties, including, but not limited to, correctness
+ * and/or fitness for purpose.
+ * ---------------------------------------------------------------------------
+ */
+
+struct uio {
+	struct	iovec *uio_iov;
+	int		uio_iovcnt;
+	off_t	uio_offset;
+	int		uio_resid;
+#if 0
+	enum	uio_seg uio_segflg;
+	enum	uio_rw uio_rw;
+	struct  thread *uio_td;
+#endif
+};
+
+#endif
@@ -130,6 +130,9 @@
  * 	void add_interrupt_randomness(int irq);
  * 	void add_disk_randomness(struct gendisk *disk);
  *
+ *      void random_input_words(__u32 *buf, size_t wordcount, int ent_count)
+ *      int random_input_wait(void);
+ *
  * add_input_randomness() uses the input layer interrupt timing, as well as
  * the event type information from the hardware.
  *
@@ -147,6 +150,13 @@
  * seek times do not make for good sources of entropy, as their seek
  * times are usually fairly consistent.
  *
+ * random_input_words() just provides a raw block of entropy to the input
+ * pool, such as from a hardware entropy generator.
+ *
+ * random_input_wait() suspends the caller until such time as the
+ * entropy pool falls below the write threshold, and returns a count of how
+ * much entropy (in bits) is needed to sustain the pool.
+ *
  * All of these routines try to estimate how many bits of randomness a
  * particular randomness source.  They do this by keeping track of the
  * first and second order deltas of the event timings.
@@ -721,6 +731,63 @@
 	add_timer_randomness(disk->random, 0x100 + disk_devt(disk));
 }
 #endif
+
+/*
+ * random_input_words - add bulk entropy to pool
+ *
+ * @buf: buffer to add
+ * @wordcount: number of __u32 words to add
+ * @ent_count: total amount of entropy (in bits) to credit
+ *
+ * this provides bulk input of entropy to the input pool
+ *
+ */
+void random_input_words(__u32 *buf, size_t wordcount, int ent_count)
+{
+	mix_pool_bytes(&input_pool, buf, wordcount*4);
+
+	credit_entropy_bits(&input_pool, ent_count);
+
+	DEBUG_ENT("crediting %d bits => %d\n",
+		  ent_count, input_pool.entropy_count);
+	/*
+	 * Wake up waiting processes if we have enough
+	 * entropy.
+	 */
+	if (input_pool.entropy_count >= random_read_wakeup_thresh)
+		wake_up_interruptible(&random_read_wait);
+}
+EXPORT_SYMBOL(random_input_words);
+
+/*
+ * random_input_wait - wait until random needs entropy
+ *
+ * this function sleeps until the /dev/random subsystem actually
+ * needs more entropy, and then return the amount of entropy
+ * that it would be nice to have added to the system.
+ */
+int random_input_wait(void)
+{
+	int count;
+
+	wait_event_interruptible(random_write_wait,
+			 input_pool.entropy_count < random_write_wakeup_thresh);
+
+	count = random_write_wakeup_thresh - input_pool.entropy_count;
+
+        /* likely we got woken up due to a signal */
+	if (count <= 0) count = random_read_wakeup_thresh;
+
+	DEBUG_ENT("requesting %d bits from input_wait()er %d<%d\n",
+		  count,
+		  input_pool.entropy_count, random_write_wakeup_thresh);
+
+	return count;
+}
+EXPORT_SYMBOL(random_input_wait);
+
+
+#define EXTRACT_SIZE 10
  
 /*********************************************************************
  *
@@ -142,6 +142,7 @@
 	}
 	return ret;
 }
+EXPORT_SYMBOL(sys_dup);
  
 #define SETFL_MASK (O_APPEND | O_NONBLOCK | O_NDELAY | O_DIRECT | O_NOATIME)
  
@@ -19,6 +19,7 @@
 #define APOLLO_MOUSE_MINOR	7
 #define PC110PAD_MINOR		9
 /*#define ADB_MOUSE_MINOR	10	FIXME OBSOLETE */
+#define CRYPTODEV_MINOR		70	/* /dev/crypto */
 #define WATCHDOG_MINOR		130	/* Watchdog timer     */
 #define TEMP_MINOR		131	/* Temperature Sensor */
 #define RTC_MINOR		135
@@ -34,6 +34,30 @@
 /* Clear the entropy pool and associated counters.  (Superuser only.) */
 #define RNDCLEARPOOL	_IO( 'R', 0x06 )
  
+#ifdef CONFIG_FIPS_RNG
+
+/* Size of seed value - equal to AES blocksize */
+#define AES_BLOCK_SIZE_BYTES	16
+#define SEED_SIZE_BYTES			AES_BLOCK_SIZE_BYTES
+/* Size of AES key */
+#define KEY_SIZE_BYTES		16
+
+/* ioctl() structure used by FIPS 140-2 Tests */
+struct rand_fips_test {
+	unsigned char key[KEY_SIZE_BYTES];			/* Input */
+	unsigned char datetime[SEED_SIZE_BYTES];	/* Input */
+	unsigned char seed[SEED_SIZE_BYTES];		/* Input */
+	unsigned char result[SEED_SIZE_BYTES];		/* Output */
+};
+
+/* FIPS 140-2 RNG Variable Seed Test. (Superuser only.) */
+#define RNDFIPSVST	_IOWR('R', 0x10, struct rand_fips_test)
+
+/* FIPS 140-2 RNG Monte Carlo Test. (Superuser only.) */
+#define RNDFIPSMCT	_IOWR('R', 0x11, struct rand_fips_test)
+
+#endif /* #ifdef CONFIG_FIPS_RNG */
+
 struct rand_pool_info {
 	int	entropy_count;
 	int	buf_size;
@@ -53,6 +77,10 @@
 extern void add_input_randomness(unsigned int type, unsigned int code,
 				 unsigned int value);
 extern void add_interrupt_randomness(int irq);
+
+extern void random_input_words(__u32 *buf, size_t wordcount, int ent_count);
+extern int random_input_wait(void);
+#define HAS_RANDOM_INPUT_WAIT 1
  
 extern void get_random_bytes(void *buf, int nbytes);
 void generate_random_uuid(unsigned char uuid_out[16]);
@@ -428,6 +428,7 @@
 {
 	return find_task_by_pid_ns(vnr, current->nsproxy->pid_ns);
 }
+EXPORT_SYMBOL(find_task_by_vpid);
  
 struct pid *get_task_pid(struct task_struct *task, enum pid_type type)
 {
...	...	@@ -923,4 +923,6 @@
923	923	source "drivers/crypto/Kconfig"
924	924
925	925	endif # if CRYPTO
	926	+
	927	+source "crypto/ocf/Kconfig"
...	...	@@ -91,6 +91,8 @@
91	91	obj-$(CONFIG_CRYPTO_USER_API_HASH) += algif_hash.o
92	92	obj-$(CONFIG_CRYPTO_USER_API_SKCIPHER) += algif_skcipher.o
93	93
	94	+obj-$(CONFIG_OCF_OCF) += ocf/
	95	+
94	96	#
95	97	# generic algorithms and the async_tx api
96	98	#
	1	+#############################################################################
	2	+
	3	+mainmenu_option next_comment
	4	+comment 'OCF Configuration'
	5	+tristate 'OCF (Open Cryptograhic Framework)' CONFIG_OCF_OCF
	6	+dep_mbool ' enable fips RNG checks (fips check on RNG data before use)' \
	7	+ CONFIG_OCF_FIPS $CONFIG_OCF_OCF
	8	+dep_mbool ' enable harvesting entropy for /dev/random' \
	9	+ CONFIG_OCF_RANDOMHARVEST $CONFIG_OCF_OCF
	10	+dep_tristate ' cryptodev (user space support)' \
	11	+ CONFIG_OCF_CRYPTODEV $CONFIG_OCF_OCF
	12	+dep_tristate ' cryptosoft (software crypto engine)' \
	13	+ CONFIG_OCF_CRYPTOSOFT $CONFIG_OCF_OCF
	14	+dep_tristate ' ocfnull (does no crypto)' \
	15	+ CONFIG_OCF_OCFNULL $CONFIG_OCF_OCF
	16	+dep_tristate ' ocf-bench (HW crypto in-kernel benchmark)' \
	17	+ CONFIG_OCF_BENCH $CONFIG_OCF_OCF
	18	+endmenu
	19	+
	20	+#############################################################################
	1	+menu "OCF Configuration"
	2	+
	3	+config OCF_OCF
	4	+ tristate "OCF (Open Cryptograhic Framework)"
	5	+ help
	6	+ A linux port of the OpenBSD/FreeBSD crypto framework.
	7	+
	8	+config OCF_RANDOMHARVEST
	9	+ bool "crypto random --- harvest entropy for /dev/random"
	10	+ depends on OCF_OCF
	11	+ help
	12	+ Includes code to harvest random numbers from devices that support it.
	13	+
	14	+config OCF_FIPS
	15	+ bool "enable fips RNG checks"
	16	+ depends on OCF_OCF && OCF_RANDOMHARVEST
	17	+ help
	18	+ Run all RNG provided data through a fips check before
	19	+ adding it /dev/random's entropy pool.
	20	+
	21	+config OCF_CRYPTODEV
	22	+ tristate "cryptodev (user space support)"
	23	+ depends on OCF_OCF
	24	+ help
	25	+ The user space API to access crypto hardware.
	26	+
	27	+config OCF_CRYPTOSOFT
	28	+ tristate "cryptosoft (software crypto engine)"
	29	+ depends on OCF_OCF
	30	+ help
	31	+ A software driver for the OCF framework that uses
	32	+ the kernel CryptoAPI.
	33	+
	34	+config OCF_OCFNULL
	35	+ tristate "ocfnull (fake crypto engine)"
	36	+ depends on OCF_OCF
	37	+ help
	38	+ OCF driver for measuring ipsec overheads (does no crypto)
	39	+
	40	+config OCF_BENCH
	41	+ tristate "ocf-bench (HW crypto in-kernel benchmark)"
	42	+ depends on OCF_OCF
	43	+ help
	44	+ A very simple encryption test for the in-kernel interface
	45	+ of OCF. Also includes code to benchmark the IXP Access library
	46	+ for comparison.
	47	+
	48	+endmenu
	1	+# for SGlinux builds
	2	+-include $(ROOTDIR)/modules/.config
	3	+
	4	+OCF_OBJS = crypto.o criov.o
	5	+
	6	+ifdef CONFIG_OCF_RANDOMHARVEST
	7	+ OCF_OBJS += random.o
	8	+endif
	9	+
	10	+ifdef CONFIG_OCF_FIPS
	11	+ OCF_OBJS += rndtest.o
	12	+endif
	13	+
	14	+# Add in autoconf.h to get #defines for CONFIG_xxx
	15	+AUTOCONF_H=$(ROOTDIR)/modules/autoconf.h
	16	+ifeq ($(AUTOCONF_H), $(wildcard $(AUTOCONF_H)))
	17	+ EXTRA_CFLAGS += -include $(AUTOCONF_H)
	18	+ export EXTRA_CFLAGS
	19	+endif
	20	+
	21	+ifndef obj
	22	+ obj ?= .
	23	+ _obj = subdir
	24	+ mod-subdirs := safe hifn ixp4xx talitos ocfnull
	25	+ export-objs += crypto.o criov.o random.o
	26	+ list-multi += ocf.o
	27	+ _slash :=
	28	+else
	29	+ _obj = obj
	30	+ _slash := /
	31	+endif
	32	+
	33	+EXTRA_CFLAGS += -I$(obj)/.
	34	+
	35	+obj-$(CONFIG_OCF_OCF) += ocf.o
	36	+obj-$(CONFIG_OCF_CRYPTODEV) += cryptodev.o
	37	+obj-$(CONFIG_OCF_CRYPTOSOFT) += cryptosoft.o
	38	+obj-$(CONFIG_OCF_BENCH) += ocf-bench.o
	39	+
	40	+$(_obj)-$(CONFIG_OCF_OCFNULL) += ocfnull$(_slash)
	41	+
	42	+ocf-objs := $(OCF_OBJS)
	43	+
	44	+dummy:
	45	+ @echo "Please consult the README for how to build OCF."
	46	+ @echo "If you can't wait then the following should do it:"
	47	+ @echo ""
	48	+ @echo " make ocf_modules"
	49	+ @echo " sudo make ocf_install"
	50	+ @echo ""
	51	+ @exit 1
	52	+
	53	+$(list-multi) dummy1: $(ocf-objs)
	54	+ $(LD) -r -o $@ $(ocf-objs)
	55	+
	56	+.PHONY:
	57	+clean:
	58	+ rm -f .o .ko ..o.flags ..ko.cmd ..o.cmd ..mod.o.cmd *.mod.c
	59	+ rm -f /.o /.ko /..o.cmd /..ko.cmd /..mod.o.cmd /.mod.c /..o.flags
	60	+ rm -f /modules.order /modules.builtin modules.order modules.builtin
	61	+
	62	+ifdef TOPDIR
	63	+-include $(TOPDIR)/Rules.make
	64	+endif
	65	+
	66	+#
	67	+# targets to build easily on the current machine
	68	+#
	69	+
	70	+ocf_make:
	71	+ make -C /lib/modules/$(shell uname -r)/build M=`pwd` $(OCF_TARGET) CONFIG_OCF_OCF=m
	72	+ make -C /lib/modules/$(shell uname -r)/build M=`pwd` $(OCF_TARGET) CONFIG_OCF_OCF=m CONFIG_OCF_CRYPTOSOFT=m
	73	+ -make -C /lib/modules/$(shell uname -r)/build M=`pwd` $(OCF_TARGET) CONFIG_OCF_OCF=m CONFIG_OCF_BENCH=m
	74	+ -make -C /lib/modules/$(shell uname -r)/build M=`pwd` $(OCF_TARGET) CONFIG_OCF_OCF=m CONFIG_OCF_OCFNULL=m
	75	+ -make -C /lib/modules/$(shell uname -r)/build M=`pwd` $(OCF_TARGET) CONFIG_OCF_OCF=m CONFIG_OCF_HIFN=m
	76	+
	77	+ocf_modules:
	78	+ $(MAKE) ocf_make OCF_TARGET=modules
	79	+
	80	+ocf_install:
	81	+ $(MAKE) ocf_make OCF_TARGET="modules modules_install"
	82	+ depmod
	83	+ mkdir -p /usr/include/crypto
	84	+ cp cryptodev.h /usr/include/crypto/.
	85	+
	86	+#
	87	+# generate full kernel patches for 2.4 and 2.6 kernels to make patching
	88	+# your kernel easier
	89	+#
	90	+
	91	+.PHONY: patch
	92	+patch:
	93	+ patchbase=.; \
	94	+ [ -d $$patchbase/patches ] \|\| patchbase=..; \
	95	+ patch=ocf-linux-base.patch; \
	96	+ patch24=ocf-linux-24.patch; \
	97	+ patch26=ocf-linux-26.patch; \
	98	+ patch3=ocf-linux-3.patch; \
	99	+ ( \
	100	+ find . -name Makefile; \
	101	+ find . -name Config.in; \
	102	+ find . -name Kconfig; \
	103	+ find . -name README; \
	104	+ find . -name '*.[ch]' \| grep -v '.mod.c'; \
	105	+ ) \| while read t; do \
	106	+ diff -Nau /dev/null $$t \| sed 's?^+++ \./?+++ linux/crypto/ocf/?'; \
	107	+ done > $$patch; \
	108	+ cat $$patchbase/patches/linux-2.4.35-ocf.patch $$patch > $$patch24; \
	109	+ cat $$patchbase/patches/linux-2.6.38-ocf.patch $$patch > $$patch26; \
	110	+ cat $$patchbase/patches/linux-3.2.1-ocf.patch $$patch > $$patch3; \
	111	+
	112	+
	113	+#
	114	+# this target probably does nothing for anyone but me - davidm
	115	+#
	116	+
	117	+.PHONY: release
	118	+release:
	119	+ REL=`date +%Y%m%d`; RELDIR=/tmp/ocf-linux-$$REL; \
	120	+ CURDIR=`pwd`; \
	121	+ rm -rf /tmp/ocf-linux-$$REL*; \
	122	+ mkdir -p $$RELDIR/ocf; \
	123	+ mkdir -p $$RELDIR/patches; \
	124	+ mkdir -p $$RELDIR/crypto-tools; \
	125	+ cp README* $$RELDIR/.; \
	126	+ cp patches/[!C]* $$RELDIR/patches/.; \
	127	+ cp tools/[!C]* $$RELDIR/crypto-tools/.; \
	128	+ cp -r [!C]* Config.in $$RELDIR/ocf/.; \
	129	+ rm -rf $$RELDIR/ocf/patches $$RELDIR/ocf/tools; \
	130	+ rm -f $$RELDIR/ocf/README*; \
	131	+ cp $$CURDIR/../../user/crypto-tools/[!C]* $$RELDIR/crypto-tools/.; \
	132	+ make -C $$RELDIR/crypto-tools clean; \
	133	+ make -C $$RELDIR/ocf clean; \
	134	+ find $$RELDIR/ocf -name CVS \| xargs rm -rf; \
	135	+ cd $$RELDIR/..; \
	136	+ tar cvf ocf-linux-$$REL.tar ocf-linux-$$REL; \
	137	+ gzip -9 ocf-linux-$$REL.tar
	1	+/* $OpenBSD: criov.c,v 1.9 2002/01/29 15:48:29 jason Exp $ */
	2	+
	3	+/*
	4	+ * Linux port done by David McCullough <david_mccullough@mcafee.com>
	5	+ * Copyright (C) 2006-2010 David McCullough
	6	+ * Copyright (C) 2004-2005 Intel Corporation.
	7	+ * The license and original author are listed below.
	8	+ *
	9	+ * Copyright (c) 1999 Theo de Raadt
	10	+ *
	11	+ * Redistribution and use in source and binary forms, with or without
	12	+ * modification, are permitted provided that the following conditions
	13	+ * are met:
	14	+ *
	15	+ * 1. Redistributions of source code must retain the above copyright
	16	+ * notice, this list of conditions and the following disclaimer.
	17	+ * 2. Redistributions in binary form must reproduce the above copyright
	18	+ * notice, this list of conditions and the following disclaimer in the
	19	+ * documentation and/or other materials provided with the distribution.
	20	+ * 3. The name of the author may not be used to endorse or promote products
	21	+ * derived from this software without specific prior written permission.
	22	+ *
	23	+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
	24	+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
	25	+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
	26	+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
	27	+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
	28	+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
	29	+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
	30	+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
	31	+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
	32	+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
	33	+ *
	34	+__FBSDID("$FreeBSD: src/sys/opencrypto/criov.c,v 1.5 2006/06/04 22:15:13 pjd Exp $");
	35	+ */
	36	+
	37	+#include <linux/version.h>
	38	+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED)
	39	+#include <linux/config.h>
	40	+#endif
	41	+#include <linux/module.h>
	42	+#include <linux/init.h>
	43	+#include <linux/slab.h>
	44	+#include <linux/uio.h>
	45	+#include <linux/skbuff.h>
	46	+#include <linux/kernel.h>
	47	+#include <linux/mm.h>
	48	+#include <asm/io.h>
	49	+
	50	+#include <uio.h>
	51	+#include <cryptodev.h>
	52	+
	53	+/*
	54	+ * This macro is only for avoiding code duplication, as we need to skip
	55	+ * given number of bytes in the same way in three functions below.
	56	+ */
	57	+#define CUIO_SKIP() do { \
	58	+ KASSERT(off >= 0, ("%s: off %d < 0", __func__, off)); \
	59	+ KASSERT(len >= 0, ("%s: len %d < 0", __func__, len)); \
	60	+ while (off > 0) { \
	61	+ KASSERT(iol >= 0, ("%s: empty in skip", __func__)); \
	62	+ if (off < iov->iov_len) \
	63	+ break; \
	64	+ off -= iov->iov_len; \
	65	+ iol--; \
	66	+ iov++; \
	67	+ } \
	68	+} while (0)
	69	+
	70	+void
	71	+cuio_copydata(struct uio* uio, int off, int len, caddr_t cp)
	72	+{
	73	+ struct iovec *iov = uio->uio_iov;
	74	+ int iol = uio->uio_iovcnt;
	75	+ unsigned count;
	76	+
	77	+ CUIO_SKIP();
	78	+ while (len > 0) {
	79	+ KASSERT(iol >= 0, ("%s: empty", __func__));
	80	+ count = min((int)(iov->iov_len - off), len);
	81	+ memcpy(cp, ((caddr_t)iov->iov_base) + off, count);
	82	+ len -= count;
	83	+ cp += count;
	84	+ off = 0;
	85	+ iol--;
	86	+ iov++;
	87	+ }
	88	+}
	89	+
	90	+void
	91	+cuio_copyback(struct uio* uio, int off, int len, caddr_t cp)
	92	+{
	93	+ struct iovec *iov = uio->uio_iov;
	94	+ int iol = uio->uio_iovcnt;
	95	+ unsigned count;
	96	+
	97	+ CUIO_SKIP();
	98	+ while (len > 0) {
	99	+ KASSERT(iol >= 0, ("%s: empty", __func__));
	100	+ count = min((int)(iov->iov_len - off), len);
	101	+ memcpy(((caddr_t)iov->iov_base) + off, cp, count);
	102	+ len -= count;
	103	+ cp += count;
	104	+ off = 0;
	105	+ iol--;
	106	+ iov++;
	107	+ }
	108	+}
	109	+
	110	+/*
	111	+ * Return a pointer to iov/offset of location in iovec list.
	112	+ */
	113	+struct iovec *
	114	+cuio_getptr(struct uio uio, int loc, int off)
	115	+{
	116	+ struct iovec *iov = uio->uio_iov;
	117	+ int iol = uio->uio_iovcnt;
	118	+
	119	+ while (loc >= 0) {
	120	+ /* Normal end of search */
	121	+ if (loc < iov->iov_len) {
	122	+ *off = loc;
	123	+ return (iov);
	124	+ }
	125	+
	126	+ loc -= iov->iov_len;
	127	+ if (iol == 0) {
	128	+ if (loc == 0) {
	129	+ /* Point at the end of valid data */
	130	+ *off = iov->iov_len;
	131	+ return (iov);
	132	+ } else
	133	+ return (NULL);
	134	+ } else {
	135	+ iov++, iol--;
	136	+ }
	137	+ }
	138	+
	139	+ return (NULL);
	140	+}
	141	+
	142	+EXPORT_SYMBOL(cuio_copyback);
	143	+EXPORT_SYMBOL(cuio_copydata);
	144	+EXPORT_SYMBOL(cuio_getptr);
	145	+
	146	+static void
	147	+skb_copy_bits_back(struct sk_buff *skb, int offset, caddr_t cp, int len)
	148	+{
	149	+ int i;
	150	+ if (offset < skb_headlen(skb)) {
	151	+ memcpy(skb->data + offset, cp, min_t(int, skb_headlen(skb), len));
	152	+ len -= skb_headlen(skb);
	153	+ cp += skb_headlen(skb);
	154	+ }
	155	+ offset -= skb_headlen(skb);
	156	+ for (i = 0; len > 0 && i < skb_shinfo(skb)->nr_frags; i++) {
	157	+ if (offset < skb_shinfo(skb)->frags[i].size) {
	158	+ memcpy(page_address(skb_frag_page(&skb_shinfo(skb)->frags[i])) +
	159	+ skb_shinfo(skb)->frags[i].page_offset,
	160	+ cp, min_t(int, skb_shinfo(skb)->frags[i].size, len));
	161	+ len -= skb_shinfo(skb)->frags[i].size;
	162	+ cp += skb_shinfo(skb)->frags[i].size;
	163	+ }
	164	+ offset -= skb_shinfo(skb)->frags[i].size;
	165	+ }
	166	+}
	167	+
	168	+void
	169	+crypto_copyback(int flags, caddr_t buf, int off, int size, caddr_t in)
	170	+{
	171	+
	172	+ if ((flags & CRYPTO_F_SKBUF) != 0)
	173	+ skb_copy_bits_back((struct sk_buff *)buf, off, in, size);
	174	+ else if ((flags & CRYPTO_F_IOV) != 0)
	175	+ cuio_copyback((struct uio *)buf, off, size, in);
	176	+ else
	177	+ bcopy(in, buf + off, size);
	178	+}
	179	+
	180	+void
	181	+crypto_copydata(int flags, caddr_t buf, int off, int size, caddr_t out)
	182	+{
	183	+
	184	+ if ((flags & CRYPTO_F_SKBUF) != 0)
	185	+ skb_copy_bits((struct sk_buff *)buf, off, out, size);
	186	+ else if ((flags & CRYPTO_F_IOV) != 0)
	187	+ cuio_copydata((struct uio *)buf, off, size, out);
	188	+ else
	189	+ bcopy(buf + off, out, size);
	190	+}
	191	+
	192	+int
	193	+crypto_apply(int flags, caddr_t buf, int off, int len,
	194	+ int (f)(void , void , u_int), void arg)
	195	+{
	196	+#if 0
	197	+ int error;
	198	+
	199	+ if ((flags & CRYPTO_F_SKBUF) != 0)
	200	+ error = XXXXXX((struct mbuf *)buf, off, len, f, arg);
	201	+ else if ((flags & CRYPTO_F_IOV) != 0)
	202	+ error = cuio_apply((struct uio *)buf, off, len, f, arg);
	203	+ else
	204	+ error = (*f)(arg, buf + off, len);
	205	+ return (error);
	206	+#else
	207	+ KASSERT(0, ("crypto_apply not implemented!\n"));
	208	+#endif
	209	+ return 0;
	210	+}
	211	+
	212	+EXPORT_SYMBOL(crypto_copyback);
	213	+EXPORT_SYMBOL(crypto_copydata);
	214	+EXPORT_SYMBOL(crypto_apply);
	1	+/* $FreeBSD: src/sys/opencrypto/cryptodev.h,v 1.25 2007/05/09 19:37:02 gnn Exp $ */
	2	+/* $OpenBSD: cryptodev.h,v 1.31 2002/06/11 11:14:29 beck Exp $ */
	3	+
	4	+/*-
	5	+ * Linux port done by David McCullough <david_mccullough@mcafee.com>
	6	+ * Copyright (C) 2006-2010 David McCullough
	7	+ * Copyright (C) 2004-2005 Intel Corporation.
	8	+ * The license and original author are listed below.
	9	+ *
	10	+ * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)
	11	+ * Copyright (c) 2002-2006 Sam Leffler, Errno Consulting
	12	+ *
	13	+ * This code was written by Angelos D. Keromytis in Athens, Greece, in
	14	+ * February 2000. Network Security Technologies Inc. (NSTI) kindly
	15	+ * supported the development of this code.
	16	+ *
	17	+ * Copyright (c) 2000 Angelos D. Keromytis
	18	+ *
	19	+ * Permission to use, copy, and modify this software with or without fee
	20	+ * is hereby granted, provided that this entire notice is included in
	21	+ * all source code copies of any software which is or includes a copy or
	22	+ * modification of this software.
	23	+ *
	24	+ * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
	25	+ * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY
	26	+ * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
	27	+ * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
	28	+ * PURPOSE.
	29	+ *
	30	+ * Copyright (c) 2001 Theo de Raadt
	31	+ *
	32	+ * Redistribution and use in source and binary forms, with or without
	33	+ * modification, are permitted provided that the following conditions
	34	+ * are met:
	35	+ *
	36	+ * 1. Redistributions of source code must retain the above copyright
	37	+ * notice, this list of conditions and the following disclaimer.
	38	+ * 2. Redistributions in binary form must reproduce the above copyright
	39	+ * notice, this list of conditions and the following disclaimer in the
	40	+ * documentation and/or other materials provided with the distribution.
	41	+ * 3. The name of the author may not be used to endorse or promote products
	42	+ * derived from this software without specific prior written permission.
	43	+ *
	44	+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
	45	+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
	46	+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
	47	+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
	48	+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
	49	+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
	50	+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
	51	+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
	52	+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
	53	+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
	54	+ *
	55	+ * Effort sponsored in part by the Defense Advanced Research Projects
	56	+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
	57	+ * Materiel Command, USAF, under agreement number F30602-01-2-0537.
	58	+ *
	59	+ */
	60	+
	61	+#ifndef _CRYPTO_CRYPTO_H_
	62	+#define _CRYPTO_CRYPTO_H_
	63	+
	64	+/* Some initial values */
	65	+#define CRYPTO_DRIVERS_INITIAL 4
	66	+#define CRYPTO_SW_SESSIONS 32
	67	+
	68	+/* Hash values */
	69	+#define NULL_HASH_LEN 0
	70	+#define MD5_HASH_LEN 16
	71	+#define SHA1_HASH_LEN 20
	72	+#define RIPEMD160_HASH_LEN 20
	73	+#define SHA2_256_HASH_LEN 32
	74	+#define SHA2_384_HASH_LEN 48
	75	+#define SHA2_512_HASH_LEN 64
	76	+#define MD5_KPDK_HASH_LEN 16
	77	+#define SHA1_KPDK_HASH_LEN 20
	78	+/* Maximum hash algorithm result length */
	79	+#define HASH_MAX_LEN SHA2_512_HASH_LEN /* Keep this updated */
	80	+
	81	+/* HMAC values */
	82	+#define NULL_HMAC_BLOCK_LEN 1
	83	+#define MD5_HMAC_BLOCK_LEN 64
	84	+#define SHA1_HMAC_BLOCK_LEN 64
	85	+#define RIPEMD160_HMAC_BLOCK_LEN 64
	86	+#define SHA2_256_HMAC_BLOCK_LEN 64
	87	+#define SHA2_384_HMAC_BLOCK_LEN 128
	88	+#define SHA2_512_HMAC_BLOCK_LEN 128
	89	+/* Maximum HMAC block length */
	90	+#define HMAC_MAX_BLOCK_LEN SHA2_512_HMAC_BLOCK_LEN /* Keep this updated */
	91	+#define HMAC_IPAD_VAL 0x36
	92	+#define HMAC_OPAD_VAL 0x5C
	93	+
	94	+/* Encryption algorithm block sizes */
	95	+#define NULL_BLOCK_LEN 1
	96	+#define DES_BLOCK_LEN 8
	97	+#define DES3_BLOCK_LEN 8
	98	+#define BLOWFISH_BLOCK_LEN 8
	99	+#define SKIPJACK_BLOCK_LEN 8
	100	+#define CAST128_BLOCK_LEN 8
	101	+#define RIJNDAEL128_BLOCK_LEN 16
	102	+#define AES_BLOCK_LEN RIJNDAEL128_BLOCK_LEN
	103	+#define CAMELLIA_BLOCK_LEN 16
	104	+#define ARC4_BLOCK_LEN 1
	105	+#define EALG_MAX_BLOCK_LEN AES_BLOCK_LEN /* Keep this updated */
	106	+
	107	+/* Encryption algorithm min and max key sizes */
	108	+#define NULL_MIN_KEY_LEN 0
	109	+#define NULL_MAX_KEY_LEN 0
	110	+#define DES_MIN_KEY_LEN 8
	111	+#define DES_MAX_KEY_LEN 8
	112	+#define DES3_MIN_KEY_LEN 24
	113	+#define DES3_MAX_KEY_LEN 24
	114	+#define BLOWFISH_MIN_KEY_LEN 4
	115	+#define BLOWFISH_MAX_KEY_LEN 56
	116	+#define SKIPJACK_MIN_KEY_LEN 10
	117	+#define SKIPJACK_MAX_KEY_LEN 10
	118	+#define CAST128_MIN_KEY_LEN 5
	119	+#define CAST128_MAX_KEY_LEN 16
	120	+#define RIJNDAEL128_MIN_KEY_LEN 16
	121	+#define RIJNDAEL128_MAX_KEY_LEN 32
	122	+#define AES_MIN_KEY_LEN RIJNDAEL128_MIN_KEY_LEN
	123	+#define AES_MAX_KEY_LEN RIJNDAEL128_MAX_KEY_LEN
	124	+#define CAMELLIA_MIN_KEY_LEN 16
	125	+#define CAMELLIA_MAX_KEY_LEN 32
	126	+#define ARC4_MIN_KEY_LEN 1
	127	+#define ARC4_MAX_KEY_LEN 256
	128	+
	129	+/* Max size of data that can be processed */
	130	+#define CRYPTO_MAX_DATA_LEN 64*1024 - 1
	131	+
	132	+#define CRYPTO_ALGORITHM_MIN 1
	133	+#define CRYPTO_DES_CBC 1
	134	+#define CRYPTO_3DES_CBC 2
	135	+#define CRYPTO_BLF_CBC 3
	136	+#define CRYPTO_CAST_CBC 4
	137	+#define CRYPTO_SKIPJACK_CBC 5
	138	+#define CRYPTO_MD5_HMAC 6
	139	+#define CRYPTO_SHA1_HMAC 7
	140	+#define CRYPTO_RIPEMD160_HMAC 8
	141	+#define CRYPTO_MD5_KPDK 9
	142	+#define CRYPTO_SHA1_KPDK 10
	143	+#define CRYPTO_RIJNDAEL128_CBC 11 /* 128 bit blocksize */
	144	+#define CRYPTO_AES_CBC 11 /* 128 bit blocksize -- the same as above */
	145	+#define CRYPTO_ARC4 12
	146	+#define CRYPTO_MD5 13
	147	+#define CRYPTO_SHA1 14
	148	+#define CRYPTO_NULL_HMAC 15
	149	+#define CRYPTO_NULL_CBC 16
	150	+#define CRYPTO_DEFLATE_COMP 17 /* Deflate compression algorithm */
	151	+#define CRYPTO_SHA2_256_HMAC 18
	152	+#define CRYPTO_SHA2_384_HMAC 19
	153	+#define CRYPTO_SHA2_512_HMAC 20
	154	+#define CRYPTO_CAMELLIA_CBC 21
	155	+#define CRYPTO_SHA2_256 22
	156	+#define CRYPTO_SHA2_384 23
	157	+#define CRYPTO_SHA2_512 24
	158	+#define CRYPTO_RIPEMD160 25
	159	+#define CRYPTO_LZS_COMP 26
	160	+#define CRYPTO_ALGORITHM_MAX 26 /* Keep updated - see above */
	161	+
	162	+/* Algorithm flags */
	163	+#define CRYPTO_ALG_FLAG_SUPPORTED 0x01 /* Algorithm is supported */
	164	+#define CRYPTO_ALG_FLAG_RNG_ENABLE 0x02 /* Has HW RNG for DH/DSA */
	165	+#define CRYPTO_ALG_FLAG_DSA_SHA 0x04 /* Can do SHA on msg */
	166	+
	167	+/*
	168	+ * Crypto driver/device flags. They can set in the crid
	169	+ * parameter when creating a session or submitting a key
	170	+ * op to affect the device/driver assigned. If neither
	171	+ * of these are specified then the crid is assumed to hold
	172	+ * the driver id of an existing (and suitable) device that
	173	+ * must be used to satisfy the request.
	174	+ */
	175	+#define CRYPTO_FLAG_HARDWARE 0x01000000 /* hardware accelerated */
	176	+#define CRYPTO_FLAG_SOFTWARE 0x02000000 /* software implementation */
	177	+
	178	+/* NB: deprecated */
	179	+struct session_op {
	180	+ u_int32_t cipher; /* ie. CRYPTO_DES_CBC */
	181	+ u_int32_t mac; /* ie. CRYPTO_MD5_HMAC */
	182	+
	183	+ u_int32_t keylen; /* cipher key */
	184	+ caddr_t key;
	185	+ int mackeylen; /* mac key */
	186	+ caddr_t mackey;
	187	+
	188	+ u_int32_t ses; /* returns: session # */
	189	+};
	190	+
	191	+struct session2_op {
	192	+ u_int32_t cipher; /* ie. CRYPTO_DES_CBC */
	193	+ u_int32_t mac; /* ie. CRYPTO_MD5_HMAC */
	194	+
	195	+ u_int32_t keylen; /* cipher key */
	196	+ caddr_t key;
	197	+ int mackeylen; /* mac key */
	198	+ caddr_t mackey;
	199	+
	200	+ u_int32_t ses; /* returns: session # */
	201	+ int crid; /* driver id + flags (rw) */
	202	+ int pad[4]; /* for future expansion */
	203	+};
	204	+
	205	+struct crypt_op {
	206	+ u_int32_t ses;
	207	+ u_int16_t op; /* i.e. COP_ENCRYPT */
	208	+#define COP_NONE 0
	209	+#define COP_ENCRYPT 1
	210	+#define COP_DECRYPT 2
	211	+ u_int16_t flags;
	212	+#define COP_F_BATCH 0x0008 /* Batch op if possible */
	213	+ u_int len;
	214	+ caddr_t src, dst; /* become iov[] inside kernel */
	215	+ caddr_t mac; /* must be big enough for chosen MAC */
	216	+ caddr_t iv;
	217	+};
	218	+
	219	+/*
	220	+ * Parameters for looking up a crypto driver/device by
	221	+ * device name or by id. The latter are returned for
	222	+ * created sessions (crid) and completed key operations.
	223	+ */
	224	+struct crypt_find_op {
	225	+ int crid; /* driver id + flags */
	226	+ char name[32]; /* device/driver name */
	227	+};
	228	+
	229	+/* bignum parameter, in packed bytes, ... */
	230	+struct crparam {
	231	+ caddr_t crp_p;
	232	+ u_int crp_nbits;
	233	+};
	234	+
	235	+#define CRK_MAXPARAM 8
	236	+
	237	+struct crypt_kop {
	238	+ u_int crk_op; /* ie. CRK_MOD_EXP or other */
	239	+ u_int crk_status; /* return status */
	240	+ u_short crk_iparams; /* # of input parameters */
	241	+ u_short crk_oparams; /* # of output parameters */
	242	+ u_int crk_crid; /* NB: only used by CIOCKEY2 (rw) */
	243	+ struct crparam crk_param[CRK_MAXPARAM];
	244	+};
	245	+#define CRK_ALGORITM_MIN 0
	246	+#define CRK_MOD_EXP 0
	247	+#define CRK_MOD_EXP_CRT 1
	248	+#define CRK_DSA_SIGN 2
	249	+#define CRK_DSA_VERIFY 3
	250	+#define CRK_DH_COMPUTE_KEY 4
	251	+#define CRK_ALGORITHM_MAX 4 /* Keep updated - see below */
	252	+
	253	+#define CRF_MOD_EXP (1 << CRK_MOD_EXP)
	254	+#define CRF_MOD_EXP_CRT (1 << CRK_MOD_EXP_CRT)
	255	+#define CRF_DSA_SIGN (1 << CRK_DSA_SIGN)
	256	+#define CRF_DSA_VERIFY (1 << CRK_DSA_VERIFY)
	257	+#define CRF_DH_COMPUTE_KEY (1 << CRK_DH_COMPUTE_KEY)
	258	+
	259	+/*
	260	+ * done against open of /dev/crypto, to get a cloned descriptor.
	261	+ * Please use F_SETFD against the cloned descriptor.
	262	+ */
	263	+#define CRIOGET _IOWR('c', 100, u_int32_t)
	264	+#define CRIOASYMFEAT CIOCASYMFEAT
	265	+#define CRIOFINDDEV CIOCFINDDEV
	266	+
	267	+/* the following are done against the cloned descriptor */
	268	+#define CIOCGSESSION _IOWR('c', 101, struct session_op)
	269	+#define CIOCFSESSION _IOW('c', 102, u_int32_t)
	270	+#define CIOCCRYPT _IOWR('c', 103, struct crypt_op)
	271	+#define CIOCKEY _IOWR('c', 104, struct crypt_kop)
	272	+#define CIOCASYMFEAT _IOR('c', 105, u_int32_t)
	273	+#define CIOCGSESSION2 _IOWR('c', 106, struct session2_op)
	274	+#define CIOCKEY2 _IOWR('c', 107, struct crypt_kop)
	275	+#define CIOCFINDDEV _IOWR('c', 108, struct crypt_find_op)
	276	+
	277	+struct cryptotstat {
	278	+ struct timespec acc; /* total accumulated time */
	279	+ struct timespec min; /* min time */
	280	+ struct timespec max; /* max time */
	281	+ u_int32_t count; /* number of observations */
	282	+};
	283	+
	284	+struct cryptostats {
	285	+ u_int32_t cs_ops; /* symmetric crypto ops submitted */
	286	+ u_int32_t cs_errs; /* symmetric crypto ops that failed */
	287	+ u_int32_t cs_kops; /* asymetric/key ops submitted */
	288	+ u_int32_t cs_kerrs; /* asymetric/key ops that failed */
	289	+ u_int32_t cs_intrs; /* crypto swi thread activations */
	290	+ u_int32_t cs_rets; /* crypto return thread activations */
	291	+ u_int32_t cs_blocks; /* symmetric op driver block */
	292	+ u_int32_t cs_kblocks; /* symmetric op driver block */
	293	+ /*
	294	+ * When CRYPTO_TIMING is defined at compile time and the
	295	+ * sysctl debug.crypto is set to 1, the crypto system will
	296	+ * accumulate statistics about how long it takes to process
	297	+ * crypto requests at various points during processing.
	298	+ */
	299	+ struct cryptotstat cs_invoke; /* crypto_dipsatch -> crypto_invoke */
	300	+ struct cryptotstat cs_done; /* crypto_invoke -> crypto_done */
	301	+ struct cryptotstat cs_cb; /* crypto_done -> callback */
	302	+ struct cryptotstat cs_finis; /* callback -> callback return */
	303	+
	304	+ u_int32_t cs_drops; /* crypto ops dropped due to congestion */
	305	+};
	306	+
	307	+#ifdef __KERNEL__
	308	+
	309	+/* Standard initialization structure beginning */
	310	+struct cryptoini {
	311	+ int cri_alg; /* Algorithm to use */
	312	+ int cri_klen; /* Key length, in bits */
	313	+ int cri_mlen; /* Number of bytes we want from the
	314	+ entire hash. 0 means all. */
	315	+ caddr_t cri_key; /* key to use */
	316	+ u_int8_t cri_iv[EALG_MAX_BLOCK_LEN]; /* IV to use */
	317	+ struct cryptoini *cri_next;
	318	+};
	319	+
	320	+/* Describe boundaries of a single crypto operation */
	321	+struct cryptodesc {
	322	+ int crd_skip; /* How many bytes to ignore from start */
	323	+ int crd_len; /* How many bytes to process */
	324	+ int crd_inject; /* Where to inject results, if applicable */
	325	+ int crd_flags;
	326	+
	327	+#define CRD_F_ENCRYPT 0x01 /* Set when doing encryption */
	328	+#define CRD_F_IV_PRESENT 0x02 /* When encrypting, IV is already in
	329	+ place, so don't copy. */
	330	+#define CRD_F_IV_EXPLICIT 0x04 /* IV explicitly provided */
	331	+#define CRD_F_DSA_SHA_NEEDED 0x08 /* Compute SHA-1 of buffer for DSA */
	332	+#define CRD_F_KEY_EXPLICIT 0x10 /* Key explicitly provided */
	333	+#define CRD_F_COMP 0x0f /* Set when doing compression */
	334	+
	335	+ struct cryptoini CRD_INI; /* Initialization/context data */
	336	+#define crd_iv CRD_INI.cri_iv
	337	+#define crd_key CRD_INI.cri_key
	338	+#define crd_alg CRD_INI.cri_alg
	339	+#define crd_klen CRD_INI.cri_klen
	340	+#define crd_mlen CRD_INI.cri_mlen
	341	+
	342	+ struct cryptodesc *crd_next;
	343	+};
	344	+
	345	+/* Structure describing complete operation */
	346	+struct cryptop {
	347	+ struct list_head crp_next;
	348	+ wait_queue_head_t crp_waitq;
	349	+
	350	+ u_int64_t crp_sid; /* Session ID */
	351	+ int crp_ilen; /* Input data total length */
	352	+ int crp_olen; /* Result total length */
	353	+
	354	+ int crp_etype; /*
	355	+ * Error type (zero means no error).
	356	+ * All error codes except EAGAIN
	357	+ * indicate possible data corruption (as in,
	358	+ * the data have been touched). On all
	359	+ * errors, the crp_sid may have changed
	360	+ * (reset to a new one), so the caller
	361	+ * should always check and use the new
	362	+ * value on future requests.
	363	+ */
	364	+ int crp_flags;
	365	+
	366	+#define CRYPTO_F_SKBUF 0x0001 /* Input/output are skbuf chains */
	367	+#define CRYPTO_F_IOV 0x0002 /* Input/output are uio */
	368	+#define CRYPTO_F_REL 0x0004 /* Must return data in same place */
	369	+#define CRYPTO_F_BATCH 0x0008 /* Batch op if possible */
	370	+#define CRYPTO_F_CBIMM 0x0010 /* Do callback immediately */
	371	+#define CRYPTO_F_DONE 0x0020 /* Operation completed */
	372	+#define CRYPTO_F_CBIFSYNC 0x0040 /* Do CBIMM if op is synchronous */
	373	+
	374	+ caddr_t crp_buf; /* Data to be processed */
	375	+ caddr_t crp_opaque; /* Opaque pointer, passed along */
	376	+ struct cryptodesc crp_desc; / Linked list of processing descriptors */
	377	+
	378	+ int (crp_callback)(struct cryptop ); /* Callback function */
	379	+};
	380	+
	381	+#define CRYPTO_BUF_CONTIG 0x0
	382	+#define CRYPTO_BUF_IOV 0x1
	383	+#define CRYPTO_BUF_SKBUF 0x2
	384	+
	385	+#define CRYPTO_OP_DECRYPT 0x0
	386	+#define CRYPTO_OP_ENCRYPT 0x1
	387	+
	388	+/*
	389	+ * Hints passed to process methods.
	390	+ */
	391	+#define CRYPTO_HINT_MORE 0x1 /* more ops coming shortly */
	392	+
	393	+struct cryptkop {
	394	+ struct list_head krp_next;
	395	+ wait_queue_head_t krp_waitq;
	396	+
	397	+ int krp_flags;
	398	+#define CRYPTO_KF_DONE 0x0001 /* Operation completed */
	399	+#define CRYPTO_KF_CBIMM 0x0002 /* Do callback immediately */
	400	+
	401	+ u_int krp_op; /* ie. CRK_MOD_EXP or other */
	402	+ u_int krp_status; /* return status */
	403	+ u_short krp_iparams; /* # of input parameters */
	404	+ u_short krp_oparams; /* # of output parameters */
	405	+ u_int krp_crid; /* desired device, etc. */
	406	+ u_int32_t krp_hid;
	407	+ struct crparam krp_param[CRK_MAXPARAM]; /* kvm */
	408	+ int (krp_callback)(struct cryptkop );
	409	+};
	410	+
	411	+#include <ocf-compat.h>
	412	+
	413	+/*
	414	+ * Session ids are 64 bits. The lower 32 bits contain a "local id" which
	415	+ * is a driver-private session identifier. The upper 32 bits contain a
	416	+ * "hardware id" used by the core crypto code to identify the driver and
	417	+ * a copy of the driver's capabilities that can be used by client code to
	418	+ * optimize operation.
	419	+ */
	420	+#define CRYPTO_SESID2HID(_sid) (((_sid) >> 32) & 0x00ffffff)
	421	+#define CRYPTO_SESID2CAPS(_sid) (((_sid) >> 32) & 0xff000000)
	422	+#define CRYPTO_SESID2LID(_sid) (((u_int32_t) (_sid)) & 0xffffffff)
	423	+
	424	+extern int crypto_newsession(u_int64_t sid, struct cryptoini cri, int hard);
	425	+extern int crypto_freesession(u_int64_t sid);
	426	+#define CRYPTOCAP_F_HARDWARE CRYPTO_FLAG_HARDWARE
	427	+#define CRYPTOCAP_F_SOFTWARE CRYPTO_FLAG_SOFTWARE
	428	+#define CRYPTOCAP_F_SYNC 0x04000000 /* operates synchronously */
	429	+extern int32_t crypto_get_driverid(device_t dev, int flags);
	430	+extern int crypto_find_driver(const char *);
	431	+extern device_t crypto_find_device_byhid(int hid);
	432	+extern int crypto_getcaps(int hid);
	433	+extern int crypto_register(u_int32_t driverid, int alg, u_int16_t maxoplen,
	434	+ u_int32_t flags);
	435	+extern int crypto_kregister(u_int32_t, int, u_int32_t);
	436	+extern int crypto_unregister(u_int32_t driverid, int alg);
	437	+extern int crypto_unregister_all(u_int32_t driverid);
	438	+extern int crypto_dispatch(struct cryptop *crp);
	439	+extern int crypto_kdispatch(struct cryptkop *);
	440	+#define CRYPTO_SYMQ 0x1
	441	+#define CRYPTO_ASYMQ 0x2
	442	+extern int crypto_unblock(u_int32_t, int);
	443	+extern void crypto_done(struct cryptop *crp);
	444	+extern void crypto_kdone(struct cryptkop *);
	445	+extern int crypto_getfeat(int *);
	446	+
	447	+extern void crypto_freereq(struct cryptop *crp);
	448	+extern struct cryptop *crypto_getreq(int num);
	449	+
	450	+extern int crypto_usercrypto; /* userland may do crypto requests */
	451	+extern int crypto_userasymcrypto; /* userland may do asym crypto reqs */
	452	+extern int crypto_devallowsoft; /* only use hardware crypto */
	453	+
	454	+/*
	455	+ * random number support, crypto_unregister_all will unregister
	456	+ */
	457	+extern int crypto_rregister(u_int32_t driverid,
	458	+ int (read_random)(void arg, u_int32_t buf, int len), void arg);
	459	+extern int crypto_runregister_all(u_int32_t driverid);
	460	+
	461	+/*
	462	+ * Crypto-related utility routines used mainly by drivers.
	463	+ *
	464	+ * XXX these don't really belong here; but for now they're
	465	+ * kept apart from the rest of the system.
	466	+ */
	467	+struct uio;
	468	+extern void cuio_copydata(struct uio* uio, int off, int len, caddr_t cp);
	469	+extern void cuio_copyback(struct uio* uio, int off, int len, caddr_t cp);
	470	+extern struct iovec cuio_getptr(struct uio uio, int loc, int *off);
	471	+
	472	+extern void crypto_copyback(int flags, caddr_t buf, int off, int size,
	473	+ caddr_t in);
	474	+extern void crypto_copydata(int flags, caddr_t buf, int off, int size,
	475	+ caddr_t out);
	476	+extern int crypto_apply(int flags, caddr_t buf, int off, int len,
	477	+ int (f)(void , void , u_int), void arg);
	478	+
	479	+#endif /* __KERNEL__ */
	480	+#endif /* _CRYPTO_CRYPTO_H_ */
	1	+/*
	2	+ * A loadable module that benchmarks the OCF crypto speed from kernel space.
	3	+ *
	4	+ * Copyright (C) 2004-2010 David McCullough <david_mccullough@mcafee.com>
	5	+ *
	6	+ * LICENSE TERMS
	7	+ *
	8	+ * The free distribution and use of this software in both source and binary
	9	+ * form is allowed (with or without changes) provided that:
	10	+ *
	11	+ * 1. distributions of this source code include the above copyright
	12	+ * notice, this list of conditions and the following disclaimer;
	13	+ *
	14	+ * 2. distributions in binary form include the above copyright
	15	+ * notice, this list of conditions and the following disclaimer
	16	+ * in the documentation and/or other associated materials;
	17	+ *
	18	+ * 3. the copyright holder's name is not used to endorse products
	19	+ * built using this software without specific written permission.
	20	+ *
	21	+ * ALTERNATIVELY, provided that this notice is retained in full, this product
	22	+ * may be distributed under the terms of the GNU General Public License (GPL),
	23	+ * in which case the provisions of the GPL apply INSTEAD OF those given above.
	24	+ *
	25	+ * DISCLAIMER
	26	+ *
	27	+ * This software is provided 'as is' with no explicit or implied warranties
	28	+ * in respect of its properties, including, but not limited to, correctness
	29	+ * and/or fitness for purpose.
	30	+ */
	31	+
	32	+
	33	+#include <linux/version.h>
	34	+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED)
	35	+#include <linux/config.h>
	36	+#endif
	37	+#include <linux/module.h>
	38	+#include <linux/init.h>
	39	+#include <linux/list.h>
	40	+#include <linux/slab.h>
	41	+#include <linux/wait.h>
	42	+#include <linux/sched.h>
	43	+#include <linux/spinlock.h>
	44	+#include <linux/interrupt.h>
	45	+#include <cryptodev.h>
	46	+
	47	+#ifdef I_HAVE_AN_XSCALE_WITH_INTEL_SDK
	48	+#define BENCH_IXP_ACCESS_LIB 1
	49	+#endif
	50	+#ifdef BENCH_IXP_ACCESS_LIB
	51	+#include <IxTypes.h>
	52	+#include <IxOsBuffMgt.h>
	53	+#include <IxNpeDl.h>
	54	+#include <IxCryptoAcc.h>
	55	+#include <IxQMgr.h>
	56	+#include <IxOsServices.h>
	57	+#include <IxOsCacheMMU.h>
	58	+#endif
	59	+
	60	+/*
	61	+ * support for access lib version 1.4
	62	+ */
	63	+#ifndef IX_MBUF_PRIV
	64	+#define IX_MBUF_PRIV(x) ((x)->priv)
	65	+#endif
	66	+
	67	+/*
	68	+ * the number of simultaneously active requests
	69	+ */
	70	+static int request_q_len = 40;
	71	+module_param(request_q_len, int, 0);
	72	+MODULE_PARM_DESC(request_q_len, "Number of outstanding requests");
	73	+
	74	+/*
	75	+ * how many requests we want to have processed
	76	+ */
	77	+static int request_num = 1024;
	78	+module_param(request_num, int, 0);
	79	+MODULE_PARM_DESC(request_num, "run for at least this many requests");
	80	+
	81	+/*
	82	+ * the size of each request
	83	+ */
	84	+static int request_size = 1488;
	85	+module_param(request_size, int, 0);
	86	+MODULE_PARM_DESC(request_size, "size of each request");
	87	+
	88	+/*
	89	+ * OCF batching of requests
	90	+ */
	91	+static int request_batch = 1;
	92	+module_param(request_batch, int, 0);
	93	+MODULE_PARM_DESC(request_batch, "enable OCF request batching");
	94	+
	95	+/*
	96	+ * OCF immediate callback on completion
	97	+ */
	98	+static int request_cbimm = 1;
	99	+module_param(request_cbimm, int, 0);
	100	+MODULE_PARM_DESC(request_cbimm, "enable OCF immediate callback on completion");
	101	+
	102	+/*
	103	+ * a structure for each request
	104	+ */
	105	+typedef struct {
	106	+ struct work_struct work;
	107	+#ifdef BENCH_IXP_ACCESS_LIB
	108	+ IX_MBUF mbuf;
	109	+#endif
	110	+ unsigned char *buffer;
	111	+} request_t;
	112	+
	113	+static request_t *requests;
	114	+
	115	+static spinlock_t ocfbench_counter_lock;
	116	+static int outstanding;
	117	+static int total;
	118	+
	119	+/*************************************************************************/
	120	+/*
	121	+ * OCF benchmark routines
	122	+ */
	123	+
	124	+static uint64_t ocf_cryptoid;
	125	+static unsigned long jstart, jstop;
	126	+
	127	+static int ocf_init(void);
	128	+static int ocf_cb(struct cryptop *crp);
	129	+static void ocf_request(void *arg);
	130	+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,20)
	131	+static void ocf_request_wq(struct work_struct *work);
	132	+#endif
	133	+
	134	+static int
	135	+ocf_init(void)
	136	+{
	137	+ int error;
	138	+ struct cryptoini crie, cria;
	139	+ struct cryptodesc crda, crde;
	140	+
	141	+ memset(&crie, 0, sizeof(crie));
	142	+ memset(&cria, 0, sizeof(cria));
	143	+ memset(&crde, 0, sizeof(crde));
	144	+ memset(&crda, 0, sizeof(crda));
	145	+
	146	+ cria.cri_alg = CRYPTO_SHA1_HMAC;
	147	+ cria.cri_klen = 20 * 8;
	148	+ cria.cri_key = "0123456789abcdefghij";
	149	+
	150	+ //crie.cri_alg = CRYPTO_3DES_CBC;
	151	+ crie.cri_alg = CRYPTO_AES_CBC;
	152	+ crie.cri_klen = 24 * 8;
	153	+ crie.cri_key = "0123456789abcdefghijklmn";
	154	+
	155	+ crie.cri_next = &cria;
	156	+
	157	+ error = crypto_newsession(&ocf_cryptoid, &crie,
	158	+ CRYPTOCAP_F_HARDWARE \| CRYPTOCAP_F_SOFTWARE);
	159	+ if (error) {
	160	+ printk("crypto_newsession failed %d\n", error);
	161	+ return -1;
	162	+ }
	163	+ return 0;
	164	+}
	165	+
	166	+static int
	167	+ocf_cb(struct cryptop *crp)
	168	+{
	169	+ request_t r = (request_t ) crp->crp_opaque;
	170	+ unsigned long flags;
	171	+
	172	+ if (crp->crp_etype)
	173	+ printk("Error in OCF processing: %d\n", crp->crp_etype);
	174	+ crypto_freereq(crp);
	175	+ crp = NULL;
	176	+
	177	+ /* do all requests but take at least 1 second */
	178	+ spin_lock_irqsave(&ocfbench_counter_lock, flags);
	179	+ total++;
	180	+ if (total > request_num && jstart + HZ < jiffies) {
	181	+ outstanding--;
	182	+ spin_unlock_irqrestore(&ocfbench_counter_lock, flags);
	183	+ return 0;
	184	+ }
	185	+ spin_unlock_irqrestore(&ocfbench_counter_lock, flags);
	186	+
	187	+ schedule_work(&r->work);
	188	+ return 0;
	189	+}
	190	+
	191	+
	192	+static void
	193	+ocf_request(void *arg)
	194	+{
	195	+ request_t *r = arg;
	196	+ struct cryptop *crp = crypto_getreq(2);
	197	+ struct cryptodesc crde, crda;
	198	+ unsigned long flags;
	199	+
	200	+ if (!crp) {
	201	+ spin_lock_irqsave(&ocfbench_counter_lock, flags);
	202	+ outstanding--;
	203	+ spin_unlock_irqrestore(&ocfbench_counter_lock, flags);
	204	+ return;
	205	+ }
	206	+
	207	+ crde = crp->crp_desc;
	208	+ crda = crde->crd_next;
	209	+
	210	+ crda->crd_skip = 0;
	211	+ crda->crd_flags = 0;
	212	+ crda->crd_len = request_size;
	213	+ crda->crd_inject = request_size;
	214	+ crda->crd_alg = CRYPTO_SHA1_HMAC;
	215	+ crda->crd_key = "0123456789abcdefghij";
	216	+ crda->crd_klen = 20 * 8;
	217	+
	218	+ crde->crd_skip = 0;
	219	+ crde->crd_flags = CRD_F_IV_EXPLICIT \| CRD_F_ENCRYPT;
	220	+ crde->crd_len = request_size;
	221	+ crde->crd_inject = request_size;
	222	+ //crde->crd_alg = CRYPTO_3DES_CBC;
	223	+ crde->crd_alg = CRYPTO_AES_CBC;
	224	+ crde->crd_key = "0123456789abcdefghijklmn";
	225	+ crde->crd_klen = 24 * 8;
	226	+
	227	+ crp->crp_ilen = request_size + 64;
	228	+ crp->crp_flags = 0;
	229	+ if (request_batch)
	230	+ crp->crp_flags \|= CRYPTO_F_BATCH;
	231	+ if (request_cbimm)
	232	+ crp->crp_flags \|= CRYPTO_F_CBIMM;
	233	+ crp->crp_buf = (caddr_t) r->buffer;
	234	+ crp->crp_callback = ocf_cb;
	235	+ crp->crp_sid = ocf_cryptoid;
	236	+ crp->crp_opaque = (caddr_t) r;
	237	+ crypto_dispatch(crp);
	238	+}
	239	+
	240	+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,20)
	241	+static void
	242	+ocf_request_wq(struct work_struct *work)
	243	+{
	244	+ request_t *r = container_of(work, request_t, work);
	245	+ ocf_request(r);
	246	+}
	247	+#endif
	248	+
	249	+static void
	250	+ocf_done(void)
	251	+{
	252	+ crypto_freesession(ocf_cryptoid);
	253	+}
	254	+
	255	+/*************************************************************************/
	256	+#ifdef BENCH_IXP_ACCESS_LIB
	257	+/*************************************************************************/
	258	+/*
	259	+ * CryptoAcc benchmark routines
	260	+ */
	261	+
	262	+static IxCryptoAccCtx ixp_ctx;
	263	+static UINT32 ixp_ctx_id;
	264	+static IX_MBUF ixp_pri;
	265	+static IX_MBUF ixp_sec;
	266	+static int ixp_registered = 0;
	267	+
	268	+static void ixp_register_cb(UINT32 ctx_id, IX_MBUF *bufp,
	269	+ IxCryptoAccStatus status);
	270	+static void ixp_perform_cb(UINT32 ctx_id, IX_MBUF sbufp, IX_MBUF dbufp,
	271	+ IxCryptoAccStatus status);
	272	+static void ixp_request(void *arg);
	273	+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,20)
	274	+static void ixp_request_wq(struct work_struct *work);
	275	+#endif
	276	+
	277	+static int
	278	+ixp_init(void)
	279	+{
	280	+ IxCryptoAccStatus status;
	281	+
	282	+ ixp_ctx.cipherCtx.cipherAlgo = IX_CRYPTO_ACC_CIPHER_3DES;
	283	+ ixp_ctx.cipherCtx.cipherMode = IX_CRYPTO_ACC_MODE_CBC;
	284	+ ixp_ctx.cipherCtx.cipherKeyLen = 24;
	285	+ ixp_ctx.cipherCtx.cipherBlockLen = IX_CRYPTO_ACC_DES_BLOCK_64;
	286	+ ixp_ctx.cipherCtx.cipherInitialVectorLen = IX_CRYPTO_ACC_DES_IV_64;
	287	+ memcpy(ixp_ctx.cipherCtx.key.cipherKey, "0123456789abcdefghijklmn", 24);
	288	+
	289	+ ixp_ctx.authCtx.authAlgo = IX_CRYPTO_ACC_AUTH_SHA1;
	290	+ ixp_ctx.authCtx.authDigestLen = 12;
	291	+ ixp_ctx.authCtx.aadLen = 0;
	292	+ ixp_ctx.authCtx.authKeyLen = 20;
	293	+ memcpy(ixp_ctx.authCtx.key.authKey, "0123456789abcdefghij", 20);
	294	+
	295	+ ixp_ctx.useDifferentSrcAndDestMbufs = 0;
	296	+ ixp_ctx.operation = IX_CRYPTO_ACC_OP_ENCRYPT_AUTH ;
	297	+
	298	+ IX_MBUF_MLEN(&ixp_pri) = IX_MBUF_PKT_LEN(&ixp_pri) = 128;
	299	+ IX_MBUF_MDATA(&ixp_pri) = (unsigned char *) kmalloc(128, SLAB_ATOMIC);
	300	+ IX_MBUF_MLEN(&ixp_sec) = IX_MBUF_PKT_LEN(&ixp_sec) = 128;
	301	+ IX_MBUF_MDATA(&ixp_sec) = (unsigned char *) kmalloc(128, SLAB_ATOMIC);
	302	+
	303	+ status = ixCryptoAccCtxRegister(&ixp_ctx, &ixp_pri, &ixp_sec,
	304	+ ixp_register_cb, ixp_perform_cb, &ixp_ctx_id);
	305	+
	306	+ if (IX_CRYPTO_ACC_STATUS_SUCCESS == status) {
	307	+ while (!ixp_registered)
	308	+ schedule();
	309	+ return ixp_registered < 0 ? -1 : 0;
	310	+ }
	311	+
	312	+ printk("ixp: ixCryptoAccCtxRegister failed %d\n", status);
	313	+ return -1;
	314	+}
	315	+
	316	+static void
	317	+ixp_register_cb(UINT32 ctx_id, IX_MBUF *bufp, IxCryptoAccStatus status)
	318	+{
	319	+ if (bufp) {
	320	+ IX_MBUF_MLEN(bufp) = IX_MBUF_PKT_LEN(bufp) = 0;
	321	+ kfree(IX_MBUF_MDATA(bufp));
	322	+ IX_MBUF_MDATA(bufp) = NULL;
	323	+ }
	324	+
	325	+ if (IX_CRYPTO_ACC_STATUS_WAIT == status)
	326	+ return;
	327	+ if (IX_CRYPTO_ACC_STATUS_SUCCESS == status)
	328	+ ixp_registered = 1;
	329	+ else
	330	+ ixp_registered = -1;
	331	+}
	332	+
	333	+static void
	334	+ixp_perform_cb(
	335	+ UINT32 ctx_id,
	336	+ IX_MBUF *sbufp,
	337	+ IX_MBUF *dbufp,
	338	+ IxCryptoAccStatus status)
	339	+{
	340	+ request_t *r = NULL;
	341	+ unsigned long flags;
	342	+
	343	+ /* do all requests but take at least 1 second */
	344	+ spin_lock_irqsave(&ocfbench_counter_lock, flags);
	345	+ total++;
	346	+ if (total > request_num && jstart + HZ < jiffies) {
	347	+ outstanding--;
	348	+ spin_unlock_irqrestore(&ocfbench_counter_lock, flags);
	349	+ return;
	350	+ }
	351	+
	352	+ if (!sbufp \|\| !(r = IX_MBUF_PRIV(sbufp))) {
	353	+ printk("crappo %p %p\n", sbufp, r);
	354	+ outstanding--;
	355	+ spin_unlock_irqrestore(&ocfbench_counter_lock, flags);
	356	+ return;
	357	+ }
	358	+ spin_unlock_irqrestore(&ocfbench_counter_lock, flags);
	359	+
	360	+ schedule_work(&r->work);
	361	+}
	362	+
	363	+static void
	364	+ixp_request(void *arg)
	365	+{
	366	+ request_t *r = arg;
	367	+ IxCryptoAccStatus status;
	368	+ unsigned long flags;
	369	+
	370	+ memset(&r->mbuf, 0, sizeof(r->mbuf));
	371	+ IX_MBUF_MLEN(&r->mbuf) = IX_MBUF_PKT_LEN(&r->mbuf) = request_size + 64;
	372	+ IX_MBUF_MDATA(&r->mbuf) = r->buffer;
	373	+ IX_MBUF_PRIV(&r->mbuf) = r;
	374	+ status = ixCryptoAccAuthCryptPerform(ixp_ctx_id, &r->mbuf, NULL,
	375	+ 0, request_size, 0, request_size, request_size, r->buffer);
	376	+ if (IX_CRYPTO_ACC_STATUS_SUCCESS != status) {
	377	+ printk("status1 = %d\n", status);
	378	+ spin_lock_irqsave(&ocfbench_counter_lock, flags);
	379	+ outstanding--;
	380	+ spin_unlock_irqrestore(&ocfbench_counter_lock, flags);
	381	+ return;
	382	+ }
	383	+ return;
	384	+}
	385	+
	386	+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,20)
	387	+static void
	388	+ixp_request_wq(struct work_struct *work)
	389	+{
	390	+ request_t *r = container_of(work, request_t, work);
	391	+ ixp_request(r);
	392	+}
	393	+#endif
	394	+
	395	+static void
	396	+ixp_done(void)
	397	+{
	398	+ /* we should free the session here but I am lazy :-) */
	399	+}
	400	+
	401	+/*************************************************************************/
	402	+#endif /* BENCH_IXP_ACCESS_LIB */
	403	+/*************************************************************************/
	404	+
	405	+int
	406	+ocfbench_init(void)
	407	+{
	408	+ int i;
	409	+ unsigned long mbps;
	410	+ unsigned long flags;
	411	+
	412	+ printk("Crypto Speed tests\n");
	413	+
	414	+ requests = kmalloc(sizeof(request_t) * request_q_len, GFP_KERNEL);
	415	+ if (!requests) {
	416	+ printk("malloc failed\n");
	417	+ return -EINVAL;
	418	+ }
	419	+
	420	+ for (i = 0; i < request_q_len; i++) {
	421	+ /* +64 for return data */
	422	+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,20)
	423	+ INIT_WORK(&requests[i].work, ocf_request_wq);
	424	+#else
	425	+ INIT_WORK(&requests[i].work, ocf_request, &requests[i]);
	426	+#endif
	427	+ requests[i].buffer = kmalloc(request_size + 128, GFP_DMA);
	428	+ if (!requests[i].buffer) {
	429	+ printk("malloc failed\n");
	430	+ return -EINVAL;
	431	+ }
	432	+ memset(requests[i].buffer, '0' + i, request_size + 128);
	433	+ }
	434	+
	435	+ /*
	436	+ * OCF benchmark
	437	+ */
	438	+ printk("OCF: testing ...\n");
	439	+ if (ocf_init() == -1)
	440	+ return -EINVAL;
	441	+
	442	+ spin_lock_init(&ocfbench_counter_lock);
	443	+ total = outstanding = 0;
	444	+ jstart = jiffies;
	445	+ for (i = 0; i < request_q_len; i++) {
	446	+ spin_lock_irqsave(&ocfbench_counter_lock, flags);
	447	+ outstanding++;
	448	+ spin_unlock_irqrestore(&ocfbench_counter_lock, flags);
	449	+ ocf_request(&requests[i]);
	450	+ }
	451	+ while (outstanding > 0)
	452	+ schedule();
	453	+ jstop = jiffies;
	454	+
	455	+ mbps = 0;
	456	+ if (jstop > jstart) {
	457	+ mbps = (unsigned long) total * (unsigned long) request_size * 8;
	458	+ mbps /= ((jstop - jstart) * 1000) / HZ;
	459	+ }
	460	+ printk("OCF: %d requests of %d bytes in %d jiffies (%d.%03d Mbps)\n",
	461	+ total, request_size, (int)(jstop - jstart),
	462	+ ((int)mbps) / 1000, ((int)mbps) % 1000);
	463	+ ocf_done();
	464	+
	465	+#ifdef BENCH_IXP_ACCESS_LIB
	466	+ /*
	467	+ * IXP benchmark
	468	+ */
	469	+ printk("IXP: testing ...\n");
	470	+ ixp_init();
	471	+ total = outstanding = 0;
	472	+ jstart = jiffies;
	473	+ for (i = 0; i < request_q_len; i++) {
	474	+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,20)
	475	+ INIT_WORK(&requests[i].work, ixp_request_wq);
	476	+#else
	477	+ INIT_WORK(&requests[i].work, ixp_request, &requests[i]);
	478	+#endif
	479	+ spin_lock_irqsave(&ocfbench_counter_lock, flags);
	480	+ outstanding++;
	481	+ spin_unlock_irqrestore(&ocfbench_counter_lock, flags);
	482	+ ixp_request(&requests[i]);
	483	+ }
	484	+ while (outstanding > 0)
	485	+ schedule();
	486	+ jstop = jiffies;
	487	+
	488	+ mbps = 0;
	489	+ if (jstop > jstart) {
	490	+ mbps = (unsigned long) total * (unsigned long) request_size * 8;
	491	+ mbps /= ((jstop - jstart) * 1000) / HZ;
	492	+ }
	493	+ printk("IXP: %d requests of %d bytes in %d jiffies (%d.%03d Mbps)\n",
	494	+ total, request_size, jstop - jstart,
	495	+ ((int)mbps) / 1000, ((int)mbps) % 1000);
	496	+ ixp_done();
	497	+#endif /* BENCH_IXP_ACCESS_LIB */
	498	+
	499	+ for (i = 0; i < request_q_len; i++)
	500	+ kfree(requests[i].buffer);
	501	+ kfree(requests);
	502	+ return -EINVAL; /* always fail to load so it can be re-run quickly ;-) */
	503	+}
	504	+
	505	+static void __exit ocfbench_exit(void)
	506	+{
	507	+}
	508	+
	509	+module_init(ocfbench_init);
	510	+module_exit(ocfbench_exit);
	511	+
	512	+MODULE_LICENSE("BSD");
	513	+MODULE_AUTHOR("David McCullough <david_mccullough@mcafee.com>");
	514	+MODULE_DESCRIPTION("Benchmark various in-kernel crypto speeds");
	1	+#ifndef _BSD_COMPAT_H_
	2	+#define _BSD_COMPAT_H_ 1
	3	+/****************************************************************************/
	4	+/*
	5	+ * Provide compat routines for older linux kernels and BSD kernels
	6	+ *
	7	+ * Written by David McCullough <david_mccullough@mcafee.com>
	8	+ * Copyright (C) 2010 David McCullough <david_mccullough@mcafee.com>
	9	+ *
	10	+ * LICENSE TERMS
	11	+ *
	12	+ * The free distribution and use of this software in both source and binary
	13	+ * form is allowed (with or without changes) provided that:
	14	+ *
	15	+ * 1. distributions of this source code include the above copyright
	16	+ * notice, this list of conditions and the following disclaimer;
	17	+ *
	18	+ * 2. distributions in binary form include the above copyright
	19	+ * notice, this list of conditions and the following disclaimer
	20	+ * in the documentation and/or other associated materials;
	21	+ *
	22	+ * 3. the copyright holder's name is not used to endorse products
	23	+ * built using this software without specific written permission.
	24	+ *
	25	+ * ALTERNATIVELY, provided that this notice is retained in full, this file
	26	+ * may be distributed under the terms of the GNU General Public License (GPL),
	27	+ * in which case the provisions of the GPL apply INSTEAD OF those given above.
	28	+ *
	29	+ * DISCLAIMER
	30	+ *
	31	+ * This software is provided 'as is' with no explicit or implied warranties
	32	+ * in respect of its properties, including, but not limited to, correctness
	33	+ * and/or fitness for purpose.
	34	+ */
	35	+/****************************************************************************/
	36	+#ifdef __KERNEL__
	37	+#include <linux/version.h>
	38	+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,38) && !defined(AUTOCONF_INCLUDED)
	39	+#include <linux/config.h>
	40	+#endif
	41	+
	42	+/*
	43	+ * fake some BSD driver interface stuff specifically for OCF use
	44	+ */
	45	+
	46	+typedef struct ocf_device *device_t;
	47	+
	48	+typedef struct {
	49	+ int (cryptodev_newsession)(device_t dev, u_int32_t sidp, struct cryptoini *cri);
	50	+ int (*cryptodev_freesession)(device_t dev, u_int64_t tid);
	51	+ int (cryptodev_process)(device_t dev, struct cryptop crp, int hint);
	52	+ int (cryptodev_kprocess)(device_t dev, struct cryptkop krp, int hint);
	53	+} device_method_t;
	54	+#define DEVMETHOD(id, func) id: func
	55	+
	56	+struct ocf_device {
	57	+ char name[32]; /* the driver name */
	58	+ char nameunit[32]; /* the driver name + HW instance */
	59	+ int unit;
	60	+ device_method_t methods;
	61	+ void *softc;
	62	+};
	63	+
	64	+#define CRYPTODEV_NEWSESSION(dev, sid, cri) \
	65	+ ((*(dev)->methods.cryptodev_newsession)(dev,sid,cri))
	66	+#define CRYPTODEV_FREESESSION(dev, sid) \
	67	+ ((*(dev)->methods.cryptodev_freesession)(dev, sid))
	68	+#define CRYPTODEV_PROCESS(dev, crp, hint) \
	69	+ ((*(dev)->methods.cryptodev_process)(dev, crp, hint))
	70	+#define CRYPTODEV_KPROCESS(dev, krp, hint) \
	71	+ ((*(dev)->methods.cryptodev_kprocess)(dev, krp, hint))
	72	+
	73	+#define device_get_name(dev) ((dev)->name)
	74	+#define device_get_nameunit(dev) ((dev)->nameunit)
	75	+#define device_get_unit(dev) ((dev)->unit)
	76	+#define device_get_softc(dev) ((dev)->softc)
	77	+
	78	+#define softc_device_decl \
	79	+ struct ocf_device _device; \
	80	+ device_t
	81	+
	82	+#define softc_device_init(_sc, _name, _unit, _methods) \
	83	+ if (1) {\
	84	+ strncpy((_sc)->_device.name, _name, sizeof((_sc)->_device.name) - 1); \
	85	+ snprintf((_sc)->_device.nameunit, sizeof((_sc)->_device.name), "%s%d", _name, _unit); \
	86	+ (_sc)->_device.unit = _unit; \
	87	+ (_sc)->_device.methods = _methods; \
	88	+ (_sc)->_device.softc = (void *) _sc; \
	89	+ (device_t )((softc_get_device(_sc))+1) = &(_sc)->_device; \
	90	+ } else
	91	+
	92	+#define softc_get_device(_sc) (&(_sc)->_device)
	93	+
	94	+/*
	95	+ * iomem support for 2.4 and 2.6 kernels
	96	+ */
	97	+#include <linux/version.h>
	98	+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
	99	+#define ocf_iomem_t unsigned long
	100	+
	101	+/*
	102	+ * implement simple workqueue like support for older kernels
	103	+ */
	104	+
	105	+#include <linux/tqueue.h>
	106	+
	107	+#define work_struct tq_struct
	108	+
	109	+#define INIT_WORK(wp, fp, ap) \
	110	+ do { \
	111	+ (wp)->sync = 0; \
	112	+ (wp)->routine = (fp); \
	113	+ (wp)->data = (ap); \
	114	+ } while (0)
	115	+
	116	+#define schedule_work(wp) \
	117	+ do { \
	118	+ queue_task((wp), &tq_immediate); \
	119	+ mark_bh(IMMEDIATE_BH); \
	120	+ } while (0)
	121	+
	122	+#define flush_scheduled_work() run_task_queue(&tq_immediate)
	123	+
	124	+#else
	125	+#define ocf_iomem_t void __iomem *
	126	+
	127	+#include <linux/workqueue.h>
	128	+
	129	+#endif
	130	+
	131	+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,26)
	132	+#include <linux/fdtable.h>
	133	+#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,11)
	134	+#define files_fdtable(files) (files)
	135	+#endif
	136	+
	137	+#ifdef MODULE_PARM
	138	+#undef module_param /* just in case */
	139	+#define module_param(a,b,c) MODULE_PARM(a,"i")
	140	+#endif
	141	+
	142	+#define bzero(s,l) memset(s,0,l)
	143	+#define bcopy(s,d,l) memcpy(d,s,l)
	144	+#define bcmp(x, y, l) memcmp(x,y,l)
	145	+
	146	+#define MIN(x,y) ((x) < (y) ? (x) : (y))
	147	+
	148	+#define device_printf(dev, a...) ({ \
	149	+ printk("%s: ", device_get_nameunit(dev)); printk(a); \
	150	+ })
	151	+
	152	+#undef printf
	153	+#define printf(fmt...) printk(fmt)
	154	+
	155	+#define KASSERT(c,p) if (!(c)) { printk p ; } else
	156	+
	157	+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
	158	+#define ocf_daemonize(str) \
	159	+ daemonize(); \
	160	+ spin_lock_irq(&current->sigmask_lock); \
	161	+ sigemptyset(&current->blocked); \
	162	+ recalc_sigpending(current); \
	163	+ spin_unlock_irq(&current->sigmask_lock); \
	164	+ sprintf(current->comm, str);
	165	+#else
	166	+#define ocf_daemonize(str) daemonize(str);
	167	+#endif
	168	+
	169	+#define TAILQ_INSERT_TAIL(q,d,m) list_add_tail(&(d)->m, (q))
	170	+#define TAILQ_EMPTY(q) list_empty(q)
	171	+#define TAILQ_FOREACH(v, q, m) list_for_each_entry(v, q, m)
	172	+
	173	+#define read_random(p,l) get_random_bytes(p,l)
	174	+
	175	+#define DELAY(x) ((x) > 2000 ? mdelay((x)/1000) : udelay(x))
	176	+#define strtoul simple_strtoul
	177	+
	178	+#define pci_get_vendor(dev) ((dev)->vendor)
	179	+#define pci_get_device(dev) ((dev)->device)
	180	+
	181	+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
	182	+#define pci_set_consistent_dma_mask(dev, mask) (0)
	183	+#endif
	184	+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,10)
	185	+#define pci_dma_sync_single_for_cpu pci_dma_sync_single
	186	+#endif
	187	+
	188	+#ifndef DMA_32BIT_MASK
	189	+#define DMA_32BIT_MASK 0x00000000ffffffffULL
	190	+#endif
	191	+
	192	+#ifndef htole32
	193	+#define htole32(x) cpu_to_le32(x)
	194	+#endif
	195	+#ifndef htobe32
	196	+#define htobe32(x) cpu_to_be32(x)
	197	+#endif
	198	+#ifndef htole16
	199	+#define htole16(x) cpu_to_le16(x)
	200	+#endif
	201	+#ifndef htobe16
	202	+#define htobe16(x) cpu_to_be16(x)
	203	+#endif
	204	+
	205	+/* older kernels don't have these */
	206	+
	207	+#include <asm/irq.h>
	208	+#if !defined(IRQ_NONE) && !defined(IRQ_RETVAL)
	209	+#define IRQ_NONE
	210	+#define IRQ_HANDLED
	211	+#define IRQ_WAKE_THREAD
	212	+#define IRQ_RETVAL
	213	+#define irqreturn_t void
	214	+typedef irqreturn_t (irq_handler_t)(int irq, void arg, struct pt_regs *regs);
	215	+#endif
	216	+#ifndef IRQF_SHARED
	217	+#define IRQF_SHARED SA_SHIRQ
	218	+#endif
	219	+
	220	+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,5,0)
	221	+# define strlcpy(dest,src,len) \
	222	+ ({strncpy(dest,src,(len)-1); ((char *)dest)[(len)-1] = '\0'; })
	223	+#endif
	224	+
	225	+#ifndef MAX_ERRNO
	226	+#define MAX_ERRNO 4095
	227	+#endif
	228	+#ifndef IS_ERR_VALUE
	229	+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,5,5)
	230	+#include <linux/err.h>
	231	+#endif
	232	+#ifndef IS_ERR_VALUE
	233	+#define IS_ERR_VALUE(x) ((unsigned long)(x) >= (unsigned long)-MAX_ERRNO)
	234	+#endif
	235	+#endif
	236	+
	237	+/*
	238	+ * common debug for all
	239	+ */
	240	+#if 1
	241	+#define dprintk(a...) do { if (debug) printk(a); } while(0)
	242	+#else
	243	+#define dprintk(a...)
	244	+#endif
	245	+
	246	+#ifndef SLAB_ATOMIC
	247	+/* Changed in 2.6.20, must use GFP_ATOMIC now */
	248	+#define SLAB_ATOMIC GFP_ATOMIC
	249	+#endif
	250	+
	251	+/*
	252	+ * need some additional support for older kernels */
	253	+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,2)
	254	+#define pci_register_driver_compat(driver, rc) \
	255	+ do { \
	256	+ if ((rc) > 0) { \
	257	+ (rc) = 0; \
	258	+ } else if (rc == 0) { \
	259	+ (rc) = -ENODEV; \
	260	+ } else { \
	261	+ pci_unregister_driver(driver); \
	262	+ } \
	263	+ } while (0)
	264	+#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,10)
	265	+#define pci_register_driver_compat(driver,rc) ((rc) = (rc) < 0 ? (rc) : 0)
	266	+#else
	267	+#define pci_register_driver_compat(driver,rc)
	268	+#endif
	269	+
	270	+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,24)
	271	+
	272	+#include <linux/mm.h>
	273	+#include <asm/scatterlist.h>
	274	+
	275	+static inline void sg_set_page(struct scatterlist sg, struct page page,
	276	+ unsigned int len, unsigned int offset)
	277	+{
	278	+ sg->page = page;
	279	+ sg->offset = offset;
	280	+ sg->length = len;
	281	+}
	282	+
	283	+static inline void sg_virt(struct scatterlist sg)
	284	+{
	285	+ return page_address(sg->page) + sg->offset;
	286	+}
	287	+
	288	+#define sg_init_table(sg, n)
	289	+
	290	+#define sg_mark_end(sg)
	291	+
	292	+#endif
	293	+
	294	+#ifndef late_initcall
	295	+#define late_initcall(init) module_init(init)
	296	+#endif
	297	+
	298	+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,4) \|\| !defined(CONFIG_SMP)
	299	+#define ocf_for_each_cpu(cpu) for ((cpu) = 0; (cpu) == 0; (cpu)++)
	300	+#else
	301	+#define ocf_for_each_cpu(cpu) for_each_present_cpu(cpu)
	302	+#endif
	303	+
	304	+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,27)
	305	+#include <linux/sched.h>
	306	+#define kill_proc(p,s,v) send_sig(s,find_task_by_vpid(p),0)
	307	+#endif
	308	+
	309	+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,4)
	310	+
	311	+struct ocf_thread {
	312	+ struct task_struct *task;
	313	+ int (func)(void arg);
	314	+ void *arg;
	315	+};
	316	+
	317	+/* thread startup helper func */
	318	+static inline int ocf_run_thread(void *arg)
	319	+{
	320	+ struct ocf_thread t = (struct ocf_thread ) arg;
	321	+ if (!t)
	322	+ return -1; /* very bad */
	323	+ t->task = current;
	324	+ daemonize();
	325	+ spin_lock_irq(&current->sigmask_lock);
	326	+ sigemptyset(&current->blocked);
	327	+ recalc_sigpending(current);
	328	+ spin_unlock_irq(&current->sigmask_lock);
	329	+ return (*t->func)(t->arg);
	330	+}
	331	+
	332	+#define kthread_create(f,a,fmt...) \
	333	+ ({ \
	334	+ struct ocf_thread t; \
	335	+ pid_t p; \
	336	+ t.task = NULL; \
	337	+ t.func = (f); \
	338	+ t.arg = (a); \
	339	+ p = kernel_thread(ocf_run_thread, &t, CLONE_FS\|CLONE_FILES); \
	340	+ while (p != (pid_t) -1 && t.task == NULL) \
	341	+ schedule(); \
	342	+ if (t.task) \
	343	+ snprintf(t.task->comm, sizeof(t.task->comm), fmt); \
	344	+ (t.task); \
	345	+ })
	346	+
	347	+#define kthread_bind(t,cpu) /**/
	348	+
	349	+#define kthread_should_stop() (strcmp(current->comm, "stopping") == 0)
	350	+
	351	+#define kthread_stop(t) \
	352	+ ({ \
	353	+ strcpy((t)->comm, "stopping"); \
	354	+ kill_proc((t)->pid, SIGTERM, 1); \
	355	+ do { \
	356	+ schedule(); \
	357	+ } while (kill_proc((t)->pid, SIGTERM, 1) == 0); \
	358	+ })
	359	+
	360	+#else
	361	+#include <linux/kthread.h>
	362	+#endif
	363	+
	364	+
	365	+#if LINUX_VERSION_CODE < KERNEL_VERSION(3,2,0)
	366	+#define skb_frag_page(x) ((x)->page)
	367	+#endif
	368	+
	369	+#endif /* __KERNEL__ */
	370	+
	371	+/****************************************************************************/
	372	+#endif /* _BSD_COMPAT_H_ */
	1	+# for SGlinux builds
	2	+-include $(ROOTDIR)/modules/.config
	3	+
	4	+obj-$(CONFIG_OCF_OCFNULL) += ocfnull.o
	5	+
	6	+obj ?= .
	7	+EXTRA_CFLAGS += -I$(obj)/..
	8	+
	9	+ifdef TOPDIR
	10	+-include $(TOPDIR)/Rules.make
	11	+endif