| #
296373 |
|
04-Mar-2016 |
marius |
- Copy stable/10@296371 to releng/10.3 in preparation for 10.3-RC1
builds.
- Update newvers.sh to reflect RC1.
- Update __FreeBSD_version to reflect 10.3.
- Update default pkg(8) configuration to use the quarterly branch.
Approved by: re (implicit) |
| #
266749 |
|
27-May-2014 |
marius |
MFC: r259428
Clear content of keyfiles loaded by the loader after processing them.
MFC: r259429
Clear some more places with potentially sensitive data.
|
| #
262318 |
|
22-Feb-2014 |
delphij |
MFC r261618:
In g_eli_crypto_hmac_init(), zero out after using the ipad buffer,
k_ipad.
Note that the two consumers in geli(4) are not affected by this
issue because the way the code is constructed and as such, we
believe there is no security impact with or without this change
with geli(4)'s usage.
Reported by: Serge van den Boom <serge vdboom.org>
Reviewed by: pjd
|
| #
256281 |
|
10-Oct-2013 |
gjb |
Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
|
| #
213072 |
|
23-Sep-2010 |
pjd |
Update copyright years.
MFC after: 1 week
|
| #
213070 |
|
23-Sep-2010 |
pjd |
Add support for AES-XTS. This will be the default now.
MFC after: 1 week
|
| #
173746 |
|
19-Nov-2007 |
jb |
On some arches, openssl is built with OPENSSL_NO_CAMELLIA, so the
code here needs to depend on that too.
|
| #
172031 |
|
01-Sep-2007 |
pjd |
Add support for Camellia encryption algorithm.
PR: kern/113790
Submitted by: Yoshisato YANAGISAWA <yanagisawa@csg.is.titech.ac.jp>
Approved by: re (bmah)
|
| #
167755 |
|
21-Mar-2007 |
sam |
Overhaul driver/subsystem api's:
o make all crypto drivers have a device_t; pseudo drivers like the s/w
crypto driver synthesize one
o change the api between the crypto subsystem and drivers to use kobj;
cryptodev_if.m defines this api
o use the fact that all crypto drivers now have a device_t to add support
for specifying which of several potential devices to use when doing
crypto operations
o add new ioctls that allow user apps to select a specific crypto device
to use (previous ioctls maintained for compatibility)
o overhaul crypto subsystem code to eliminate lots of cruft and hide
implementation details from drivers
o bring in numerous fixes from Michale Richardson/hifn; mostly for
795x parts
o add an optional mechanism for mmap'ing the hifn 795x public key h/w
to user space for use by openssl (not enabled by default)
o update crypto test tools to use new ioctl's and add cmd line options
to specify a device to use for tests
These changes will also enable much future work on improving the core
crypto subsystem; including proper load balancing and interposing code
between the core and drivers to dispatch small operations to the s/w
driver as appropriate.
These changes were instigated by the work of Michael Richardson.
Reviewed by: pjd
Approved by: re
|
| #
157900 |
|
20-Apr-2006 |
pjd |
geli(8) provides keys on newsession time, so remove CRD_F_KEY_EXPLICIT flag
as HW crypto drivers don't support it.
|
| #
155174 |
|
01-Feb-2006 |
pjd |
Remove trailing spaces.
|
| #
148456 |
|
27-Jul-2005 |
pjd |
Add GEOM_ELI class which provides GEOM providers encryption.
For features list and usage see manual page: geli(8).
Sponsored by: Wheel Sp. z o.o.
http://www.wheel.pl
MFC after: 1 week
|