Rewrite the kernel FPU handling code. The new code saves the FPU state
in cpu_switch() instead of at the kernel edge and gets rid of the FPU
state tracking in struct cpu_info and struct pcb. This fixes the random
crashes seen with SMP kernels on Apple M1.

ok patrick@

Stop setting etype in the MD crypto code. So far we have set the etype
and returned the error, which made the MI crypto code set the etype for
a second time. We still have to set etype after calling the MD process
function, as the callers of crypto_invoke() still expect error handling
to be shown through the etype. But at least now all MD crypto code does
not have to worry about that anymore. Once the callers are changed to
not look at etype anymore, we can get rid of it completely.

ok tobhe@

Retire asynchronous crypto API as it is no longer required by any driver and
adds unnecessary complexity. Dedicated crypto offloading devices are not common
anymore. Modern CPU crypto acceleration works synchronously, eliminating the need
for callbacks.

Replace all occurrences of crypto_dispatch() with crypto_invoke(), which is
blocking and only returns after the operation has completed or an error occured.
Invoke callback functions directly from the consumer (e.g. IPsec, softraid)
instead of relying on the crypto driver to call crypto_done().

ok bluhm@ mvs@ patrick@

The kernel crypto framework sometimes returned an error, sometimes
the callback was called, and sometimes both. So the caller of that
API could not release resources correctly.
A bunch of errors can or should not happen, replace them with an
assert. Remove redundant checks. crypto_invoke() should not return
the error, but pass it via callback.
Some old hardware drivers keep part of their inconsistency as I
cannot test them.
OK mpi@

The properties of the crypto algorithms never change. Declare them
constant. Then they are mapped as read only.
OK deraadt@ dlg@

Add cryptox(4), a driver for armv8 cryptographic extensions.
The driver currently only supports AES-CBC mode but can easily
be extended to other algorithms and modes.
The aesv8-armx.S file was generated from the CRYPTOGAMS project.

Asked to commit by and ok patrick@

Stop setting etype in the MD crypto code. So far we have set the etype
and returned the error, which made the MI crypto code set the etype for
a second time. We still have to set etype after calling the MD process
function, as the callers of crypto_invoke() still expect error handling
to be shown through the etype. But at least now all MD crypto code does
not have to worry about that anymore. Once the callers are changed to
not look at etype anymore, we can get rid of it completely.

ok tobhe@

Retire asynchronous crypto API as it is no longer required by any driver and
adds unnecessary complexity. Dedicated crypto offloading devices are not common
anymore. Modern CPU crypto acceleration works synchronously, eliminating the need
for callbacks.

Replace all occurrences of crypto_dispatch() with crypto_invoke(), which is
blocking and only returns after the operation has completed or an error occured.
Invoke callback functions directly from the consumer (e.g. IPsec, softraid)
instead of relying on the crypto driver to call crypto_done().

ok bluhm@ mvs@ patrick@

The kernel crypto framework sometimes returned an error, sometimes
the callback was called, and sometimes both. So the caller of that
API could not release resources correctly.
A bunch of errors can or should not happen, replace them with an
assert. Remove redundant checks. crypto_invoke() should not return
the error, but pass it via callback.
Some old hardware drivers keep part of their inconsistency as I
cannot test them.
OK mpi@

The properties of the crypto algorithms never change. Declare them
constant. Then they are mapped as read only.
OK deraadt@ dlg@

Add cryptox(4), a driver for armv8 cryptographic extensions.
The driver currently only supports AES-CBC mode but can easily
be extended to other algorithms and modes.
The aesv8-armx.S file was generated from the CRYPTOGAMS project.

Asked to commit by and ok patrick@

The kernel crypto framework sometimes returned an error, sometimes
the callback was called, and sometimes both. So the caller of that
API could not release resources correctly.
A bunch of errors can or should not happen, replace them with an
assert. Remove redundant checks. crypto_invoke() should not return
the error, but pass it via callback.
Some old hardware drivers keep part of their inconsistency as I
cannot test them.
OK mpi@

The properties of the crypto algorithms never change. Declare them
constant. Then they are mapped as read only.
OK deraadt@ dlg@

Add cryptox(4), a driver for armv8 cryptographic extensions.
The driver currently only supports AES-CBC mode but can easily
be extended to other algorithms and modes.
The aesv8-armx.S file was generated from the CRYPTOGAMS project.

Asked to commit by and ok patrick@

The properties of the crypto algorithms never change. Declare them
constant. Then they are mapped as read only.
OK deraadt@ dlg@

Add cryptox(4), a driver for armv8 cryptographic extensions.
The driver currently only supports AES-CBC mode but can easily
be extended to other algorithms and modes.
The aesv8-armx.S file was generated from the CRYPTOGAMS project.

Asked to commit by and ok patrick@

Add cryptox(4), a driver for armv8 cryptographic extensions.
The driver currently only supports AES-CBC mode but can easily
be extended to other algorithms and modes.
The aesv8-armx.S file was generated from the CRYPTOGAMS project.

Asked to commit by and ok patrick@