| @@ -1,15 +1,15 @@ | | | @@ -1,15 +1,15 @@ |
1 | .\" $OpenBSD: crypto.9,v 1.25 2003/07/11 13:47:41 jmc Exp $ | | 1 | .\" $OpenBSD: crypto.9,v 1.25 2003/07/11 13:47:41 jmc Exp $ |
2 | .\" $NetBSD: opencrypto.9,v 1.6 2009/03/12 12:43:13 joerg Exp $ | | 2 | .\" $NetBSD: opencrypto.9,v 1.7 2009/05/04 19:40:02 wiz Exp $ |
3 | .\" | | 3 | .\" |
4 | .\" The author of this man page is Angelos D. Keromytis (angelos@cis.upenn.edu) | | 4 | .\" The author of this man page is Angelos D. Keromytis (angelos@cis.upenn.edu) |
5 | .\" | | 5 | .\" |
6 | .\" Copyright (c) 2000, 2001 Angelos D. Keromytis | | 6 | .\" Copyright (c) 2000, 2001 Angelos D. Keromytis |
7 | .\" | | 7 | .\" |
8 | .\" Permission to use, copy, and modify this software with or without fee | | 8 | .\" Permission to use, copy, and modify this software with or without fee |
9 | .\" is hereby granted, provided that this entire notice is included in | | 9 | .\" is hereby granted, provided that this entire notice is included in |
10 | .\" all source code copies of any software which is or includes a copy or | | 10 | .\" all source code copies of any software which is or includes a copy or |
11 | .\" modification of this software. | | 11 | .\" modification of this software. |
12 | .\" | | 12 | .\" |
13 | .\" THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR | | 13 | .\" THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR |
14 | .\" IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY | | 14 | .\" IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY |
15 | .\" REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE | | 15 | .\" REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE |
| @@ -127,27 +127,27 @@ establish, use, and tear down sessions. | | | @@ -127,27 +127,27 @@ establish, use, and tear down sessions. |
127 | Sessions are used to cache cryptographic information in a particular driver | | 127 | Sessions are used to cache cryptographic information in a particular driver |
128 | (or associated hardware), so initialization is not needed with every request. | | 128 | (or associated hardware), so initialization is not needed with every request. |
129 | Consumers of cryptographic services pass a set of | | 129 | Consumers of cryptographic services pass a set of |
130 | descriptors that instruct the framework (and the drivers registered | | 130 | descriptors that instruct the framework (and the drivers registered |
131 | with it) of the operations that should be applied on the data (more | | 131 | with it) of the operations that should be applied on the data (more |
132 | than one cryptographic operation can be requested). | | 132 | than one cryptographic operation can be requested). |
133 | .Pp | | 133 | .Pp |
134 | Keying operations are supported as well. | | 134 | Keying operations are supported as well. |
135 | Unlike the symmetric operators described above, | | 135 | Unlike the symmetric operators described above, |
136 | these sessionless commands perform mathematical operations using | | 136 | these sessionless commands perform mathematical operations using |
137 | input and output parameters. | | 137 | input and output parameters. |
138 | .Pp | | 138 | .Pp |
139 | Since the consumers may not be associated with a process, drivers may | | 139 | Since the consumers may not be associated with a process, drivers may |
140 | not use condition variables: | | 140 | not use condition variables: |
141 | .Xr condvar 9 . | | 141 | .Xr condvar 9 . |
142 | The same holds for the framework. | | 142 | The same holds for the framework. |
143 | Thus, a callback mechanism is used | | 143 | Thus, a callback mechanism is used |
144 | to notify a consumer that a request has been completed (the | | 144 | to notify a consumer that a request has been completed (the |
145 | callback is specified by the consumer on an per-request basis). | | 145 | callback is specified by the consumer on an per-request basis). |
146 | The callback is invoked by the framework whether the request was | | 146 | The callback is invoked by the framework whether the request was |
147 | successfully completed or not. | | 147 | successfully completed or not. |
148 | An error indication is provided in the latter case. | | 148 | An error indication is provided in the latter case. |
149 | A specific error code, | | 149 | A specific error code, |
150 | .Er EAGAIN , | | 150 | .Er EAGAIN , |
151 | is used to indicate that a session number has changed and that the | | 151 | is used to indicate that a session number has changed and that the |
152 | request may be re-submitted immediately with the new session number. | | 152 | request may be re-submitted immediately with the new session number. |
153 | Errors are only returned to the invoking function if not | | 153 | Errors are only returned to the invoking function if not |
| @@ -554,29 +554,29 @@ returns | | | @@ -554,29 +554,29 @@ returns |
554 | .Er EINVAL | | 554 | .Er EINVAL |
555 | if its argument or the callback function was | | 555 | if its argument or the callback function was |
556 | .Dv NULL , | | 556 | .Dv NULL , |
557 | and 0 otherwise. | | 557 | and 0 otherwise. |
558 | The callback is provided with an error code in case of failure, in the | | 558 | The callback is provided with an error code in case of failure, in the |
559 | .Fa crp_etype | | 559 | .Fa crp_etype |
560 | field. | | 560 | field. |
561 | .Sh FILES | | 561 | .Sh FILES |
562 | .Bl -tag -width sys/crypto/crypto.c | | 562 | .Bl -tag -width sys/crypto/crypto.c |
563 | .It Pa sys/crypto/crypto.c | | 563 | .It Pa sys/crypto/crypto.c |
564 | most of the framework code | | 564 | most of the framework code |
565 | .El | | 565 | .El |
566 | .Sh SEE ALSO | | 566 | .Sh SEE ALSO |
567 | .Xr condvar 9 , | | | |
568 | .Xr ipsec 4 , | | 567 | .Xr ipsec 4 , |
569 | .Xr pcmcia 4 , | | 568 | .Xr pcmcia 4 , |
| | | 569 | .Xr condvar 9 , |
570 | .Xr malloc 9 | | 570 | .Xr malloc 9 |
571 | .Rs | | 571 | .Rs |
572 | .%A "Angelos D. Keromytis" | | 572 | .%A "Angelos D. Keromytis" |
573 | .%A "Jason L. Wright" | | 573 | .%A "Jason L. Wright" |
574 | .%A "Theo de Raadt" | | 574 | .%A "Theo de Raadt" |
575 | .%T "The Design of the OpenBSD Cryptographic Framework" | | 575 | .%T "The Design of the OpenBSD Cryptographic Framework" |
576 | .%I "Usenix" | | 576 | .%I "Usenix" |
577 | .%N "2003" | | 577 | .%N "2003" |
578 | .%D "June 2003" | | 578 | .%D "June 2003" |
579 | .Re | | 579 | .Re |
580 | .Sh HISTORY | | 580 | .Sh HISTORY |
581 | The cryptographic framework first appeared in | | 581 | The cryptographic framework first appeared in |
582 | .Ox 2.7 | | 582 | .Ox 2.7 |