#
303975 |
|
11-Aug-2016 |
gjb |
Copy stable/11@r303970 to releng/11.0 as part of the 11.0-RELEASE cycle.
Prune svn:mergeinfo from the new branch, and rename it to RC1.
Update __FreeBSD_version.
Use the quarterly branch for the default FreeBSD.conf pkg(8) repo and the dvd1.iso packages population.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation |
#
302408 |
|
08-Jul-2016 |
gjb |
Copy head@r302406 to stable/11 as part of the 11.0-RELEASE cycle. Prune svn:mergeinfo from the new branch, as nothing has been merged here.
Additional commits post-branch will follow.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
|
#
298808 |
|
29-Apr-2016 |
pfg |
sys/geom: spelling fixes in comments.
No functional change.
|
#
292782 |
|
27-Dec-2015 |
allanjude |
Replace sys/crypto/sha2/sha2.c with lib/libmd/sha512c.c
cperciva's libmd implementation is 5-30% faster
The same was done for SHA256 previously in r263218
cperciva's implementation was lacking SHA-384 which I implemented, validated against OpenSSL and the NIST documentation
Extend sbin/md5 to create sha384(1)
Chase dependancies on sys/crypto/sha2/sha2.{c,h} and replace them with sha512{c.c,.h}
Reviewed by: cperciva, des, delphij Approved by: secteam, bapt (mentor) MFC after: 2 weeks Sponsored by: ScaleEngine Inc. Differential Revision: https://reviews.freebsd.org/D3929
|
#
152966 |
|
30-Nov-2005 |
sobomax |
Kill leading whilespace.
|
#
143418 |
|
11-Mar-2005 |
ume |
stop including rijndael-api-fst.h from rijndael.h. this is required to integrate opencrypto into crypto.
|
#
139778 |
|
06-Jan-2005 |
imp |
/* -> /*- for copyright notices, minor format tweaks as necessary
|
#
138888 |
|
15-Dec-2004 |
brueffer |
Fix typo in a comment.
MFC after: 3 days
|
#
135084 |
|
11-Sep-2004 |
phk |
Respect that G_BDE_MAXKEYS is a compile time variable.
|
#
120876 |
|
07-Oct-2003 |
phk |
Interior decoration changes.
|
#
113010 |
|
03-Apr-2003 |
phk |
Use sys/endian.h instead of geom_enc.c for endian-agnostfication.
|
#
112594 |
|
25-Mar-2003 |
phk |
Forward compatibility: NULL check the passed in meta argument.
|
#
112367 |
|
18-Mar-2003 |
phk |
Including <sys/stdint.h> is (almost?) universally only to be able to use %j in printfs, so put a newsted include in <sys/systm.h> where the printf prototype lives and save everybody else the trouble.
|
#
110541 |
|
08-Feb-2003 |
phk |
Move the g_stat struct to its own .h file, we will export it to other code.
Insted of embedding a struct g_stat in consumers and providers, merely include a pointer.
Remove a couple of <sys/time.h> includes now unneeded.
Add a special allocator for struct g_stat. This allocator will allocate entire pages and hand out g_stat functions from there. The "id" field indicates free/used status.
Add "/dev/geom.stats" device driver whic exports the pages from the allocator to userland with mmap(2) in read-only mode.
This mmap(2) interface should be considered a non-public interface and the functions in libgeom (not yet committed) should be used to access the statistics data.
|
#
110518 |
|
07-Feb-2003 |
phk |
Add the new statistics structure, put one in consumers and providers. include <sys/time.h> as necessary.
|
#
108052 |
|
18-Dec-2002 |
phk |
Fix two blunders in the mapping functions which can lead to corrupt data, for request sizes larger than the sectorsize or for multi-key setups.
See warning mailed to current@ for details of recovery.
Found by: Marcus Reid <marcus@blazingdot.com>
|
#
107450 |
|
01-Dec-2002 |
phk |
Use unsigned for an index.
Sponsored by: DARPA & NAI Labs. Approved by: re (blanket).
|
#
106407 |
|
04-Nov-2002 |
phk |
Run a revision on the GBDE encryption facility.
Replace ARC4 with SHA2-512. Change lock-structure encoding to use random ordering rather for obscurity. Encrypt lock-structure with AES/256 instead of AES/128. Change kkey derivation to be MD5 hash based. Watch for malloc(M_NOWAIT) failures and ditch our cache when they happen. Remove clause 3 of the license with NAI Labs consent.
Many thanks to "Lucky Green" <shamrock@cypherpunks.to> and "David Wagner" <daw@cs.berkeley.edu>, for code reading, inputs and suggestions.
This code has still not been stared at for 10 years by a gang of hard-core cryptographers. Discretion advised.
NB: These changes result in the on-disk format changing: dump/restore needed.
Sponsored by: DARPA & NAI Labs.
|
#
106226 |
|
30-Oct-2002 |
phk |
Change the kkey generation cherry-picker to use MD5.
Sponsored by: DARPA & NAI Labs
|
#
105512 |
|
20-Oct-2002 |
phk |
Constify input to the arc4 seed function. Implement the lockfile hunting in sector zero.
Sponsored by: DARPA & NAI Labs.
|
#
105464 |
|
19-Oct-2002 |
phk |
Add Geom Based Disk Encryption to the tree.
This is an encryption module designed for to secure denial of access to the contents of "cold disks" with or without destruction activation.
Major features:
* Based on AES, MD5 and ARC4 algorithms. * Four cryptographic barriers: 1) Pass-phrase encrypts the master key. 2) Pass-phrase + Lock data locates master key. 3) 128 bit key derived from 2048 bit master key protects sector key. 3) 128 bit random single-use sector keys protect data payload. * Up to four different changeable pass-phrases. * Blackening feature for provable destruction of master key material. * Isotropic disk contents offers no information about sector contents. * Configurable destination sector range allows steganographic deployment.
This commit adds the kernel part, separate commits will follow for the userland utility and documentation.
This software was developed for the FreeBSD Project by Poul-Henning Kamp and NAI Labs, the Security Research Division of Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS research program.
Many thanks to Robert Watson, CBOSS Principal Investigator for making this possible.
Sponsored by: DARPA & NAI Labs.
|