#
1.35 |
|
22-May-2022 |
riastradh |
opencrypto: Make freesession callback return void.
No functional change intended: all drivers already return zero unconditionally.
|
#
1.34 |
|
22-May-2022 |
riastradh |
padlock(4): Prune dead branches. Assert session id validity.
|
#
1.33 |
|
22-May-2022 |
riastradh |
padlock(4): Return zero, not error, if we've issued crypto_done.
|
#
1.32 |
|
22-May-2022 |
andvar |
fix various small typos, mainly in comments.
|
Revision tags: thorpej-i2c-spi-conf2-base thorpej-futex2-base thorpej-cfargs2-base cjep_sun2x-base1 cjep_sun2x-base cjep_staticlib_x-base1 cjep_staticlib_x-base thorpej-i2c-spi-conf-base thorpej-cfargs-base thorpej-futex-base
|
#
1.31 |
|
29-Jun-2020 |
riastradh |
Make padlock(4) compile on amd64.
|
#
1.30 |
|
29-Jun-2020 |
riastradh |
padlock(4): Remove legacy rijndael API use.
This doesn't actually need to compute AES -- it just needs the standard AES key schedule, so use the BearSSL constant-time key schedule implementation.
XXX Compile-tested only. XXX The byte-order business here seems highly questionable.
|
#
1.29 |
|
14-Jun-2020 |
riastradh |
padlock(4): Don't use prev msg's last block as IV for next msg in CBC.
This violates the security contract of the CBC construction, which requires that the IV be unpredictable in advance; an adaptive adversary can exploit this to verify plaintext guesses.
XXX Compile-tested only.
|
Revision tags: bouyer-xenpvh-base2 phil-wifi-20200421 bouyer-xenpvh-base1 phil-wifi-20200411 bouyer-xenpvh-base phil-wifi-20200406
|
#
1.28 |
|
07-Mar-2020 |
maya |
Fold constant. err is always 0, so switch to return 0;
|
#
1.27 |
|
07-Mar-2020 |
fcambus |
Return error values directly where appropriate, instead of using the err variable.
|
Revision tags: netbsd-9-2-RELEASE netbsd-9-1-RELEASE is-mlppp-base ad-namecache-base3 netbsd-9-0-RELEASE netbsd-9-0-RC2 ad-namecache-base2 ad-namecache-base1 ad-namecache-base netbsd-9-0-RC1 phil-wifi-20191119 netbsd-9-base phil-wifi-20190609 isaki-audio2-base pgoyette-compat-20190127 pgoyette-compat-20190118 pgoyette-compat-1226 pgoyette-compat-1126 pgoyette-compat-1020 pgoyette-compat-0930 pgoyette-compat-0906 pgoyette-compat-0728
|
#
1.26 |
|
14-Jul-2018 |
maxv |
Add splhigh() around the FPU code, we don't want to be preempted in the middle, this could corrupt the FPU state and trigger undefined behavior.
Intentionally use splhigh and not kpreempt_disable, to match the generic x86 FPU code.
Compile-tested only (I don't have VIA).
Found by Maya almost a year ago.
|
Revision tags: netbsd-8-2-RELEASE netbsd-8-1-RELEASE netbsd-8-1-RC1 netbsd-8-0-RELEASE phil-wifi-base pgoyette-compat-0625 netbsd-8-0-RC2 pgoyette-compat-0521 pgoyette-compat-0502 pgoyette-compat-0422 netbsd-8-0-RC1 pgoyette-compat-0415 pgoyette-compat-0407 pgoyette-compat-0330 pgoyette-compat-0322 pgoyette-compat-0315 pgoyette-compat-base tls-maxphys-base-20171202 matt-nb8-mediatek-base nick-nhusb-base-20170825 perseant-stdc-iso10646-base netbsd-8-base prg-localcount2-base3 prg-localcount2-base2 prg-localcount2-base1 prg-localcount2-base pgoyette-localcount-20170426 bouyer-socketcan-base1 jdolecek-ncq-base pgoyette-localcount-20170320 nick-nhusb-base-20170204 bouyer-socketcan-base pgoyette-localcount-20170107 nick-nhusb-base-20161204 pgoyette-localcount-20161104 nick-nhusb-base-20161004 localcount-20160914 pgoyette-localcount-20160806 pgoyette-localcount-20160726 pgoyette-localcount-base nick-nhusb-base-20160907 nick-nhusb-base-20160529 nick-nhusb-base-20160422 nick-nhusb-base-20160319
|
#
1.25 |
|
27-Feb-2016 |
tls |
branches: 1.25.16; 1.25.18; Remove callout-based RNG support in VIA crypto driver; add VIA RNG backend for cpu_rng.
|
Revision tags: nick-nhusb-base-20151226 nick-nhusb-base-20150921 nick-nhusb-base-20150606
|
#
1.24 |
|
13-Apr-2015 |
riastradh |
Convert arch/x86 to use <sys/rnd*.h>. Omit needless includes.
|
Revision tags: nick-nhusb-base-20150406 nick-nhusb-base
|
#
1.23 |
|
16-Nov-2014 |
ozaki-r |
branches: 1.23.2; Replace callout_stop with callout_halt
In order to call callout_destroy for a callout safely, we have to ensure the function of the callout is not running and pending. To do so, we should use callout_halt, not callout_stop.
Discussed with martin@ and riastradh@.
|
Revision tags: netbsd-7-base tls-maxphys-base
|
#
1.22 |
|
10-Aug-2014 |
tls |
branches: 1.22.2; Merge tls-earlyentropy branch into HEAD.
|
Revision tags: netbsd-6-0-6-RELEASE netbsd-6-1-5-RELEASE yamt-pagecache-base9 netbsd-6-1-4-RELEASE netbsd-6-0-5-RELEASE tls-earlyentropy-base riastradh-xf86-video-intel-2-7-1-pre-2-21-15 riastradh-drm2-base3 netbsd-6-1-3-RELEASE netbsd-6-0-4-RELEASE netbsd-6-1-2-RELEASE netbsd-6-0-3-RELEASE rmind-smpnet-nbase netbsd-6-1-1-RELEASE riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base rmind-smpnet-base netbsd-6-0-2-RELEASE netbsd-6-1-RELEASE netbsd-6-1-RC4 netbsd-6-1-RC3 agc-symver-base netbsd-6-1-RC2 netbsd-6-1-RC1 yamt-pagecache-base8 netbsd-6-0-1-RELEASE yamt-pagecache-base7 matt-nb6-plus-nbase yamt-pagecache-base6 netbsd-6-0-RELEASE netbsd-6-0-RC2 matt-nb6-plus-base netbsd-6-0-RC1 jmcneill-usbmp-base10 yamt-pagecache-base5 jmcneill-usbmp-base9 yamt-pagecache-base4 jmcneill-usbmp-base8 jmcneill-usbmp-base7 jmcneill-usbmp-base6 jmcneill-usbmp-base5 jmcneill-usbmp-base4 jmcneill-usbmp-base3 jmcneill-usbmp-base2 netbsd-6-base
|
#
1.21 |
|
02-Feb-2012 |
tls |
branches: 1.21.2; 1.21.6; 1.21.20; Entropy-pool implementation move and cleanup.
1) Move core entropy-pool code and source/sink/sample management code to sys/kern from sys/dev.
2) Remove use of NRND as test for presence of entropy-pool code throughout source tree.
3) Remove use of RND_ENABLED in device drivers as microoptimization to avoid expensive operations on disabled entropy sources; make the rnd_add calls do this directly so all callers benefit.
4) Fix bug in recent rnd_add_data()/rnd_add_uint32() changes that might have lead to slight entropy overestimation for some sources.
5) Add new source types for environmental sensors, power sensors, VM system events, and skew between clocks, with a sample implementation for each.
ok releng to go in before the branch due to the difficulty of later pullup (widespread #ifdef removal and moved files). Tested with release builds on amd64 and evbarm and live testing on amd64.
|
#
1.20 |
|
17-Jan-2012 |
jakllsch |
In addition to %[er]ax, rep xstore-rng also clobbers %[er]cx and %[er]di. As such, mark them as outputs, as is done in the VIA Padlock example code. Additionally, let's assume that VIAC3_RNG_BUFSIZ is in bytes and not DWords. Furthermore assume that there are not 1 but NBBY bits of entropy per byte.
Fixes PR kern/45847 for me.
|
#
1.19 |
|
17-Jan-2012 |
jakllsch |
leading whitespace too!
|
#
1.18 |
|
17-Jan-2012 |
jakllsch |
drop trailing whitespace
|
Revision tags: jmcneill-usbmp-pre-base2 jmcneill-usbmp-base
|
#
1.17 |
|
28-Nov-2011 |
tls |
branches: 1.17.2; Fix one last dangling use of arc4randbytes().
|
#
1.16 |
|
19-Nov-2011 |
tls |
First step of random number subsystem rework described in <20111022023242.BA26F14A158@mail.netbsd.org>. This change includes the following:
An initial cleanup and minor reorganization of the entropy pool code in sys/dev/rnd.c and sys/dev/rndpool.c. Several bugs are fixed. Some effort is made to accumulate entropy more quickly at boot time.
A generic interface, "rndsink", is added, for stream generators to request that they be re-keyed with good quality entropy from the pool as soon as it is available.
The arc4random()/arc4randbytes() implementation in libkern is adjusted to use the rndsink interface for rekeying, which helps address the problem of low-quality keys at boot time.
An implementation of the FIPS 140-2 statistical tests for random number generator quality is provided (libkern/rngtest.c). This is based on Greg Rose's implementation from Qualcomm.
A new random stream generator, nist_ctr_drbg, is provided. It is based on an implementation of the NIST SP800-90 CTR_DRBG by Henric Jungheim. This generator users AES in a modified counter mode to generate a backtracking-resistant random stream.
An abstraction layer, "cprng", is provided for in-kernel consumers of randomness. The arc4random/arc4randbytes API is deprecated for in-kernel use. It is replaced by "cprng_strong". The current cprng_fast implementation wraps the existing arc4random implementation. The current cprng_strong implementation wraps the new CTR_DRBG implementation. Both interfaces are rekeyed from the entropy pool automatically at intervals justifiable from best current cryptographic practice.
In some quick tests, cprng_fast() is about the same speed as the old arc4randbytes(), and cprng_strong() is about 20% faster than rnd_extract_data(). Performance is expected to improve.
The AES code in src/crypto/rijndael is no longer an optional kernel component, as it is required by cprng_strong, which is not an optional kernel component.
The entropy pool output is subjected to the rngtest tests at startup time; if it fails, the system will reboot. There is approximately a 3/10000 chance of a false positive from these tests. Entropy pool _input_ from hardware random numbers is subjected to the rngtest tests at attach time, as well as the FIPS continuous-output test, to detect bad or stuck hardware RNGs; if any are detected, they are detached, but the system continues to run.
A problem with rndctl(8) is fixed -- datastructures with pointers in arrays are no longer passed to userspace (this was not a security problem, but rather a major issue for compat32). A new kernel will require a new rndctl.
The sysctl kern.arandom() and kern.urandom() nodes are hooked up to the new generators, but the /dev/*random pseudodevices are not, yet.
Manual pages for the new kernel interfaces are forthcoming.
|
Revision tags: jmcneill-audiomp3-base yamt-pagecache-base3 yamt-pagecache-base2 yamt-pagecache-base rmind-uvmplock-nbase cherry-xenmp-base rmind-uvmplock-base jym-xensuspend-nbase jym-xensuspend-base
|
#
1.15 |
|
24-May-2011 |
drochner |
branches: 1.15.4; move the "context size" struct member (which is a pure software implementation thing) from the abstract xform descriptor to the cryptosoft implementation part -- for sanity, and now clients of opencrypto don't depend on headers of cipher implementations anymore
|
Revision tags: bouyer-quota2-nbase
|
#
1.14 |
|
19-Feb-2011 |
jmcneill |
modularize VIA PadLock support - retire options VIA_PADLOCK, replace with 'padlock0 at cpu0' - driver supports attach & detach - support building as a module
|
Revision tags: uebayasi-xip-base7 bouyer-quota2-base jruoho-x86intr-base matt-mips64-premerge-20101231 uebayasi-xip-base6 uebayasi-xip-base5 uebayasi-xip-base4 uebayasi-xip-base3 yamt-nfs-mp-base11 uebayasi-xip-base2 yamt-nfs-mp-base10 uebayasi-xip-base1
|
#
1.13 |
|
22-Apr-2010 |
jym |
branches: 1.13.2; 1.13.4; Uses cpu_feature, so include <machine/cpuvar.h>
|
#
1.12 |
|
18-Apr-2010 |
jym |
This patch fixes the NX regression issue observed on amd64 kernels, where per-page execution right was disabled (therefore leading to the inability of the kernel to detect fraudulent use of memory mappings marked as not being executable).
- replace cpu_feature and ci_feature_flags variables by cpu_feature and ci_feat_val arrays. This makes it cleaner and brings kernel code closer to the design of cpuctl(8). A warning will be raised for each CPU that does not expose the same features as the Boot Processor (BP).
- the blacklist of CPU features is now a macro defined in the specialreg.h header, instead of hardcoding it inside MD initialization code; fix comments.
- replace checks against CPUID_TSC with the cpu_hascounter() function.
- clean up the code in init_x86_64(), as cpu_feature variables are set inside cpu_probe().
- use cpu_init_msrs() for i386. It will be eventually used later for NX feature under i386 PAE kernels.
- remove code that checks for CPUID_NOX in amd64 mptramp.S, this is already performed by cpu_hatch() through cpu_init_msrs().
- remove cpu_signature and feature_flags members from struct mpbios_proc (they were never used).
This patch was tested with i386 MONOLITHIC, XEN3PAE_DOM0 and XEN3_DOM0 under a native i386 host, and amd64 GENERIC, XEN3_DOM0 via QEMU virtual machines.
XXX Should kernel rev be bumped?
XXX A similar patch should be pulled-up for NetBSD-5, hopefully tomorrow.
|
Revision tags: yamt-nfs-mp-base9 uebayasi-xip-base matt-premerge-20091211 yamt-nfs-mp-base8 yamt-nfs-mp-base7 jymxensuspend-base yamt-nfs-mp-base6 yamt-nfs-mp-base5 yamt-nfs-mp-base4 yamt-nfs-mp-base3 nick-hppapmap-base4 nick-hppapmap-base3 nick-hppapmap-base
|
#
1.11 |
|
01-Apr-2009 |
tls |
branches: 1.11.2; 1.11.4; Fix probe for VIA C3 and successors -- these are CPU family 6, not 5. The broken probe was causing the VIA padlock driver to never attach! Now we can see that its AES appears to be broken -- it makes FAST_IPSEC ESP not work, on systems where it works fine with cryptosoft.
Rework code to detect and (if necessary) enable VIA crypto and RNG. Add RNG support to VIA padlock driver. In the process, have a quick go at debugging the AES support but no luck thus far.
|
Revision tags: nick-hppapmap-base2 mjf-devfs2-base
|
#
1.10 |
|
17-Dec-2008 |
cegger |
branches: 1.10.2; kill MALLOC and FREE macros.
|
Revision tags: matt-nb5-mips64-premerge-20101231 matt-nb5-mips64-k15 netbsd-5-1-RC1 netbsd-5-0-2-RELEASE matt-nb5-mips64-premerge-20091211 matt-nb5-mips64-u2-k2-k4-k7-k8-k9 matt-nb4-mips64-k7-u2a-k9b matt-nb5-mips64-u1-k1-k5 netbsd-5-0-1-RELEASE netbsd-5-0-RELEASE netbsd-5-0-RC4 netbsd-5-0-RC3 netbsd-5-0-RC2 netbsd-5-0-RC1 haad-dm-base2 haad-nbase2 ad-audiomp2-base netbsd-5-base matt-mips64-base2 haad-dm-base1 wrstuden-revivesa-base-4 wrstuden-revivesa-base-3 wrstuden-revivesa-base-2 haad-dm-base wrstuden-revivesa-base-1 simonb-wapbl-nbase yamt-pf42-base4 simonb-wapbl-base yamt-pf42-base3 hpcarm-cleanup-nbase yamt-pf42-baseX yamt-pf42-base2 yamt-pf42-X yamt-nfs-mp-base2 wrstuden-revivesa-base yamt-nfs-mp-base yamt-pf42-base
|
#
1.9 |
|
16-Apr-2008 |
cegger |
branches: 1.9.4; 1.9.12; 1.9.14; 1.9.20; - use aprint_*_dev and device_xname - use POSIX integer types
|
Revision tags: ad-socklock-base1 yamt-lazymbuf-base15 yamt-lazymbuf-base14 keiichi-mipv6-nbase nick-net80211-sync-base keiichi-mipv6-base matt-armv6-nbase mjf-devfs-base hpcarm-cleanup-base
|
#
1.8 |
|
02-Feb-2008 |
tls |
branches: 1.8.6; From Darran Hunt at Coyote Point: don't truncate HMAC to 96 bits unless actually asked to.
Fixed in FreeBSD a while ago, discussed on tech-kern and tech-crypto.
|
Revision tags: bouyer-xeni386-nbase bouyer-xeni386-base matt-armv6-base
|
#
1.7 |
|
04-Jan-2008 |
ad |
Start detangling lock.h from intr.h. This is likely to cause short term breakage, but the mess of dependencies has been regularly breaking the build recently anyhow.
|
Revision tags: vmlocking2-base3 yamt-kmem-base3 cube-autoconf-base yamt-kmem-base2 yamt-kmem-base vmlocking2-base2 reinoud-bufcleanup-nbase vmlocking2-base1 jmcneill-base bouyer-xenamd64-base2 vmlocking-nbase yamt-x86pmap-base4 bouyer-xenamd64-base jmcneill-pm-base reinoud-bufcleanup-base
|
#
1.6 |
|
17-Oct-2007 |
garbled |
branches: 1.6.2; 1.6.8; Merge the ppcoea-renovation branch to HEAD.
This branch was a major cleanup and rototill of many of the various OEA cpu based PPC ports that focused on sharing as much code as possible between the various ports to eliminate near-identical copies of files in every tree. Additionally there is a new PIC system that unifies the interface to interrupt code for all different OEA ppc arches. The work for this branch was done by a variety of people, too long to list here.
TODO: bebox still needs work to complete the transition to -renovation. ofppc still needs a bunch of work, which I will be looking at. ev64260 still needs to be renovated amigappc was not attempted.
NOTES: pmppc was removed as an arch, and moved to a evbppc target.
|
Revision tags: nick-csl-alignment-base5 yamt-x86pmap-base3 yamt-x86pmap-base2 yamt-x86pmap-base nick-csl-alignment-base matt-mips64-base ppcoea-renovation-base mjf-ufs-trans-base vmlocking-base
|
#
1.5 |
|
03-Jul-2007 |
christos |
branches: 1.5.10; Support for VIA Esther (From FreeBSD)
|
Revision tags: yamt-idlelwp-base8 thorpej-atomic-base
|
#
1.4 |
|
21-Mar-2007 |
xtraeme |
branches: 1.4.4; Add missing $ in the RCS ID.
|
#
1.3 |
|
11-Mar-2007 |
christos |
branches: 1.3.2; 1.3.4; more caddr_t lossage
|
#
1.2 |
|
04-Mar-2007 |
christos |
branches: 1.2.2; Kill caddr_t; there will be some MI fallout, but it will be fixed shortly.
|
Revision tags: ad-audiomp-base
|
#
1.1 |
|
17-Feb-2007 |
daniel |
branches: 1.1.2; 1.1.4; Add an opencrypto provider for the AES xcrypt instructions found on VIA C5P and later cores (also known as 'ACE', which is part of the VIA PadLock security engine). Ported from OpenBSD.
Reviewed on tech-crypto and port-i386, no objections to commiting this.
|
#
1.31 |
|
29-Jun-2020 |
riastradh |
Make padlock(4) compile on amd64.
|
#
1.30 |
|
29-Jun-2020 |
riastradh |
padlock(4): Remove legacy rijndael API use.
This doesn't actually need to compute AES -- it just needs the standard AES key schedule, so use the BearSSL constant-time key schedule implementation.
XXX Compile-tested only. XXX The byte-order business here seems highly questionable.
|
#
1.29 |
|
14-Jun-2020 |
riastradh |
padlock(4): Don't use prev msg's last block as IV for next msg in CBC.
This violates the security contract of the CBC construction, which requires that the IV be unpredictable in advance; an adaptive adversary can exploit this to verify plaintext guesses.
XXX Compile-tested only.
|
Revision tags: bouyer-xenpvh-base2 phil-wifi-20200421 bouyer-xenpvh-base1 phil-wifi-20200411 bouyer-xenpvh-base phil-wifi-20200406
|
#
1.28 |
|
07-Mar-2020 |
maya |
Fold constant. err is always 0, so switch to return 0;
|
#
1.27 |
|
07-Mar-2020 |
fcambus |
Return error values directly where appropriate, instead of using the err variable.
|
Revision tags: is-mlppp-base ad-namecache-base3 netbsd-9-0-RELEASE netbsd-9-0-RC2 ad-namecache-base2 ad-namecache-base1 ad-namecache-base netbsd-9-0-RC1 phil-wifi-20191119 netbsd-9-base phil-wifi-20190609 isaki-audio2-base pgoyette-compat-20190127 pgoyette-compat-20190118 pgoyette-compat-1226 pgoyette-compat-1126 pgoyette-compat-1020 pgoyette-compat-0930 pgoyette-compat-0906 pgoyette-compat-0728
|
#
1.26 |
|
14-Jul-2018 |
maxv |
Add splhigh() around the FPU code, we don't want to be preempted in the middle, this could corrupt the FPU state and trigger undefined behavior.
Intentionally use splhigh and not kpreempt_disable, to match the generic x86 FPU code.
Compile-tested only (I don't have VIA).
Found by Maya almost a year ago.
|
Revision tags: netbsd-8-2-RELEASE netbsd-8-1-RELEASE netbsd-8-1-RC1 netbsd-8-0-RELEASE phil-wifi-base pgoyette-compat-0625 netbsd-8-0-RC2 pgoyette-compat-0521 pgoyette-compat-0502 pgoyette-compat-0422 netbsd-8-0-RC1 pgoyette-compat-0415 pgoyette-compat-0407 pgoyette-compat-0330 pgoyette-compat-0322 pgoyette-compat-0315 pgoyette-compat-base tls-maxphys-base-20171202 matt-nb8-mediatek-base nick-nhusb-base-20170825 perseant-stdc-iso10646-base netbsd-8-base prg-localcount2-base3 prg-localcount2-base2 prg-localcount2-base1 prg-localcount2-base pgoyette-localcount-20170426 bouyer-socketcan-base1 jdolecek-ncq-base pgoyette-localcount-20170320 nick-nhusb-base-20170204 bouyer-socketcan-base pgoyette-localcount-20170107 nick-nhusb-base-20161204 pgoyette-localcount-20161104 nick-nhusb-base-20161004 localcount-20160914 pgoyette-localcount-20160806 pgoyette-localcount-20160726 pgoyette-localcount-base nick-nhusb-base-20160907 nick-nhusb-base-20160529 nick-nhusb-base-20160422 nick-nhusb-base-20160319
|
#
1.25 |
|
27-Feb-2016 |
tls |
branches: 1.25.16; 1.25.18; Remove callout-based RNG support in VIA crypto driver; add VIA RNG backend for cpu_rng.
|
Revision tags: nick-nhusb-base-20151226 nick-nhusb-base-20150921 nick-nhusb-base-20150606
|
#
1.24 |
|
13-Apr-2015 |
riastradh |
Convert arch/x86 to use <sys/rnd*.h>. Omit needless includes.
|
Revision tags: nick-nhusb-base-20150406 nick-nhusb-base
|
#
1.23 |
|
16-Nov-2014 |
ozaki-r |
branches: 1.23.2; Replace callout_stop with callout_halt
In order to call callout_destroy for a callout safely, we have to ensure the function of the callout is not running and pending. To do so, we should use callout_halt, not callout_stop.
Discussed with martin@ and riastradh@.
|
Revision tags: netbsd-7-base tls-maxphys-base
|
#
1.22 |
|
10-Aug-2014 |
tls |
branches: 1.22.2; Merge tls-earlyentropy branch into HEAD.
|
Revision tags: netbsd-6-0-6-RELEASE netbsd-6-1-5-RELEASE yamt-pagecache-base9 netbsd-6-1-4-RELEASE netbsd-6-0-5-RELEASE tls-earlyentropy-base riastradh-xf86-video-intel-2-7-1-pre-2-21-15 riastradh-drm2-base3 netbsd-6-1-3-RELEASE netbsd-6-0-4-RELEASE netbsd-6-1-2-RELEASE netbsd-6-0-3-RELEASE rmind-smpnet-nbase netbsd-6-1-1-RELEASE riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base rmind-smpnet-base netbsd-6-0-2-RELEASE netbsd-6-1-RELEASE netbsd-6-1-RC4 netbsd-6-1-RC3 agc-symver-base netbsd-6-1-RC2 netbsd-6-1-RC1 yamt-pagecache-base8 netbsd-6-0-1-RELEASE yamt-pagecache-base7 matt-nb6-plus-nbase yamt-pagecache-base6 netbsd-6-0-RELEASE netbsd-6-0-RC2 matt-nb6-plus-base netbsd-6-0-RC1 jmcneill-usbmp-base10 yamt-pagecache-base5 jmcneill-usbmp-base9 yamt-pagecache-base4 jmcneill-usbmp-base8 jmcneill-usbmp-base7 jmcneill-usbmp-base6 jmcneill-usbmp-base5 jmcneill-usbmp-base4 jmcneill-usbmp-base3 jmcneill-usbmp-base2 netbsd-6-base
|
#
1.21 |
|
02-Feb-2012 |
tls |
branches: 1.21.2; 1.21.6; 1.21.20; Entropy-pool implementation move and cleanup.
1) Move core entropy-pool code and source/sink/sample management code to sys/kern from sys/dev.
2) Remove use of NRND as test for presence of entropy-pool code throughout source tree.
3) Remove use of RND_ENABLED in device drivers as microoptimization to avoid expensive operations on disabled entropy sources; make the rnd_add calls do this directly so all callers benefit.
4) Fix bug in recent rnd_add_data()/rnd_add_uint32() changes that might have lead to slight entropy overestimation for some sources.
5) Add new source types for environmental sensors, power sensors, VM system events, and skew between clocks, with a sample implementation for each.
ok releng to go in before the branch due to the difficulty of later pullup (widespread #ifdef removal and moved files). Tested with release builds on amd64 and evbarm and live testing on amd64.
|
#
1.20 |
|
17-Jan-2012 |
jakllsch |
In addition to %[er]ax, rep xstore-rng also clobbers %[er]cx and %[er]di. As such, mark them as outputs, as is done in the VIA Padlock example code. Additionally, let's assume that VIAC3_RNG_BUFSIZ is in bytes and not DWords. Furthermore assume that there are not 1 but NBBY bits of entropy per byte.
Fixes PR kern/45847 for me.
|
#
1.19 |
|
17-Jan-2012 |
jakllsch |
leading whitespace too!
|
#
1.18 |
|
17-Jan-2012 |
jakllsch |
drop trailing whitespace
|
Revision tags: jmcneill-usbmp-pre-base2 jmcneill-usbmp-base
|
#
1.17 |
|
28-Nov-2011 |
tls |
branches: 1.17.2; Fix one last dangling use of arc4randbytes().
|
#
1.16 |
|
19-Nov-2011 |
tls |
First step of random number subsystem rework described in <20111022023242.BA26F14A158@mail.netbsd.org>. This change includes the following:
An initial cleanup and minor reorganization of the entropy pool code in sys/dev/rnd.c and sys/dev/rndpool.c. Several bugs are fixed. Some effort is made to accumulate entropy more quickly at boot time.
A generic interface, "rndsink", is added, for stream generators to request that they be re-keyed with good quality entropy from the pool as soon as it is available.
The arc4random()/arc4randbytes() implementation in libkern is adjusted to use the rndsink interface for rekeying, which helps address the problem of low-quality keys at boot time.
An implementation of the FIPS 140-2 statistical tests for random number generator quality is provided (libkern/rngtest.c). This is based on Greg Rose's implementation from Qualcomm.
A new random stream generator, nist_ctr_drbg, is provided. It is based on an implementation of the NIST SP800-90 CTR_DRBG by Henric Jungheim. This generator users AES in a modified counter mode to generate a backtracking-resistant random stream.
An abstraction layer, "cprng", is provided for in-kernel consumers of randomness. The arc4random/arc4randbytes API is deprecated for in-kernel use. It is replaced by "cprng_strong". The current cprng_fast implementation wraps the existing arc4random implementation. The current cprng_strong implementation wraps the new CTR_DRBG implementation. Both interfaces are rekeyed from the entropy pool automatically at intervals justifiable from best current cryptographic practice.
In some quick tests, cprng_fast() is about the same speed as the old arc4randbytes(), and cprng_strong() is about 20% faster than rnd_extract_data(). Performance is expected to improve.
The AES code in src/crypto/rijndael is no longer an optional kernel component, as it is required by cprng_strong, which is not an optional kernel component.
The entropy pool output is subjected to the rngtest tests at startup time; if it fails, the system will reboot. There is approximately a 3/10000 chance of a false positive from these tests. Entropy pool _input_ from hardware random numbers is subjected to the rngtest tests at attach time, as well as the FIPS continuous-output test, to detect bad or stuck hardware RNGs; if any are detected, they are detached, but the system continues to run.
A problem with rndctl(8) is fixed -- datastructures with pointers in arrays are no longer passed to userspace (this was not a security problem, but rather a major issue for compat32). A new kernel will require a new rndctl.
The sysctl kern.arandom() and kern.urandom() nodes are hooked up to the new generators, but the /dev/*random pseudodevices are not, yet.
Manual pages for the new kernel interfaces are forthcoming.
|
Revision tags: jmcneill-audiomp3-base yamt-pagecache-base3 yamt-pagecache-base2 yamt-pagecache-base rmind-uvmplock-nbase cherry-xenmp-base rmind-uvmplock-base jym-xensuspend-nbase jym-xensuspend-base
|
#
1.15 |
|
24-May-2011 |
drochner |
branches: 1.15.4; move the "context size" struct member (which is a pure software implementation thing) from the abstract xform descriptor to the cryptosoft implementation part -- for sanity, and now clients of opencrypto don't depend on headers of cipher implementations anymore
|
Revision tags: bouyer-quota2-nbase
|
#
1.14 |
|
19-Feb-2011 |
jmcneill |
modularize VIA PadLock support - retire options VIA_PADLOCK, replace with 'padlock0 at cpu0' - driver supports attach & detach - support building as a module
|
Revision tags: uebayasi-xip-base7 bouyer-quota2-base jruoho-x86intr-base matt-mips64-premerge-20101231 uebayasi-xip-base6 uebayasi-xip-base5 uebayasi-xip-base4 uebayasi-xip-base3 yamt-nfs-mp-base11 uebayasi-xip-base2 yamt-nfs-mp-base10 uebayasi-xip-base1
|
#
1.13 |
|
22-Apr-2010 |
jym |
branches: 1.13.2; 1.13.4; Uses cpu_feature, so include <machine/cpuvar.h>
|
#
1.12 |
|
18-Apr-2010 |
jym |
This patch fixes the NX regression issue observed on amd64 kernels, where per-page execution right was disabled (therefore leading to the inability of the kernel to detect fraudulent use of memory mappings marked as not being executable).
- replace cpu_feature and ci_feature_flags variables by cpu_feature and ci_feat_val arrays. This makes it cleaner and brings kernel code closer to the design of cpuctl(8). A warning will be raised for each CPU that does not expose the same features as the Boot Processor (BP).
- the blacklist of CPU features is now a macro defined in the specialreg.h header, instead of hardcoding it inside MD initialization code; fix comments.
- replace checks against CPUID_TSC with the cpu_hascounter() function.
- clean up the code in init_x86_64(), as cpu_feature variables are set inside cpu_probe().
- use cpu_init_msrs() for i386. It will be eventually used later for NX feature under i386 PAE kernels.
- remove code that checks for CPUID_NOX in amd64 mptramp.S, this is already performed by cpu_hatch() through cpu_init_msrs().
- remove cpu_signature and feature_flags members from struct mpbios_proc (they were never used).
This patch was tested with i386 MONOLITHIC, XEN3PAE_DOM0 and XEN3_DOM0 under a native i386 host, and amd64 GENERIC, XEN3_DOM0 via QEMU virtual machines.
XXX Should kernel rev be bumped?
XXX A similar patch should be pulled-up for NetBSD-5, hopefully tomorrow.
|
Revision tags: yamt-nfs-mp-base9 uebayasi-xip-base matt-premerge-20091211 yamt-nfs-mp-base8 yamt-nfs-mp-base7 jymxensuspend-base yamt-nfs-mp-base6 yamt-nfs-mp-base5 yamt-nfs-mp-base4 yamt-nfs-mp-base3 nick-hppapmap-base4 nick-hppapmap-base3 nick-hppapmap-base
|
#
1.11 |
|
01-Apr-2009 |
tls |
branches: 1.11.2; 1.11.4; Fix probe for VIA C3 and successors -- these are CPU family 6, not 5. The broken probe was causing the VIA padlock driver to never attach! Now we can see that its AES appears to be broken -- it makes FAST_IPSEC ESP not work, on systems where it works fine with cryptosoft.
Rework code to detect and (if necessary) enable VIA crypto and RNG. Add RNG support to VIA padlock driver. In the process, have a quick go at debugging the AES support but no luck thus far.
|
Revision tags: nick-hppapmap-base2 mjf-devfs2-base
|
#
1.10 |
|
17-Dec-2008 |
cegger |
branches: 1.10.2; kill MALLOC and FREE macros.
|
Revision tags: matt-nb5-mips64-premerge-20101231 matt-nb5-mips64-k15 netbsd-5-1-RC1 netbsd-5-0-2-RELEASE matt-nb5-mips64-premerge-20091211 matt-nb5-mips64-u2-k2-k4-k7-k8-k9 matt-nb4-mips64-k7-u2a-k9b matt-nb5-mips64-u1-k1-k5 netbsd-5-0-1-RELEASE netbsd-5-0-RELEASE netbsd-5-0-RC4 netbsd-5-0-RC3 netbsd-5-0-RC2 netbsd-5-0-RC1 haad-dm-base2 haad-nbase2 ad-audiomp2-base netbsd-5-base matt-mips64-base2 haad-dm-base1 wrstuden-revivesa-base-4 wrstuden-revivesa-base-3 wrstuden-revivesa-base-2 haad-dm-base wrstuden-revivesa-base-1 simonb-wapbl-nbase yamt-pf42-base4 simonb-wapbl-base yamt-pf42-base3 hpcarm-cleanup-nbase yamt-pf42-baseX yamt-pf42-base2 yamt-pf42-X yamt-nfs-mp-base2 wrstuden-revivesa-base yamt-nfs-mp-base yamt-pf42-base
|
#
1.9 |
|
16-Apr-2008 |
cegger |
branches: 1.9.4; 1.9.12; 1.9.14; 1.9.20; - use aprint_*_dev and device_xname - use POSIX integer types
|
Revision tags: ad-socklock-base1 yamt-lazymbuf-base15 yamt-lazymbuf-base14 keiichi-mipv6-nbase nick-net80211-sync-base keiichi-mipv6-base matt-armv6-nbase mjf-devfs-base hpcarm-cleanup-base
|
#
1.8 |
|
02-Feb-2008 |
tls |
branches: 1.8.6; From Darran Hunt at Coyote Point: don't truncate HMAC to 96 bits unless actually asked to.
Fixed in FreeBSD a while ago, discussed on tech-kern and tech-crypto.
|
Revision tags: bouyer-xeni386-nbase bouyer-xeni386-base matt-armv6-base
|
#
1.7 |
|
04-Jan-2008 |
ad |
Start detangling lock.h from intr.h. This is likely to cause short term breakage, but the mess of dependencies has been regularly breaking the build recently anyhow.
|
Revision tags: vmlocking2-base3 yamt-kmem-base3 cube-autoconf-base yamt-kmem-base2 yamt-kmem-base vmlocking2-base2 reinoud-bufcleanup-nbase vmlocking2-base1 jmcneill-base bouyer-xenamd64-base2 vmlocking-nbase yamt-x86pmap-base4 bouyer-xenamd64-base jmcneill-pm-base reinoud-bufcleanup-base
|
#
1.6 |
|
17-Oct-2007 |
garbled |
branches: 1.6.2; 1.6.8; Merge the ppcoea-renovation branch to HEAD.
This branch was a major cleanup and rototill of many of the various OEA cpu based PPC ports that focused on sharing as much code as possible between the various ports to eliminate near-identical copies of files in every tree. Additionally there is a new PIC system that unifies the interface to interrupt code for all different OEA ppc arches. The work for this branch was done by a variety of people, too long to list here.
TODO: bebox still needs work to complete the transition to -renovation. ofppc still needs a bunch of work, which I will be looking at. ev64260 still needs to be renovated amigappc was not attempted.
NOTES: pmppc was removed as an arch, and moved to a evbppc target.
|
Revision tags: nick-csl-alignment-base5 yamt-x86pmap-base3 yamt-x86pmap-base2 yamt-x86pmap-base nick-csl-alignment-base matt-mips64-base ppcoea-renovation-base mjf-ufs-trans-base vmlocking-base
|
#
1.5 |
|
03-Jul-2007 |
christos |
branches: 1.5.10; Support for VIA Esther (From FreeBSD)
|
Revision tags: yamt-idlelwp-base8 thorpej-atomic-base
|
#
1.4 |
|
21-Mar-2007 |
xtraeme |
branches: 1.4.4; Add missing $ in the RCS ID.
|
#
1.3 |
|
11-Mar-2007 |
christos |
branches: 1.3.2; 1.3.4; more caddr_t lossage
|
#
1.2 |
|
04-Mar-2007 |
christos |
branches: 1.2.2; Kill caddr_t; there will be some MI fallout, but it will be fixed shortly.
|
Revision tags: ad-audiomp-base
|
#
1.1 |
|
17-Feb-2007 |
daniel |
branches: 1.1.2; 1.1.4; Add an opencrypto provider for the AES xcrypt instructions found on VIA C5P and later cores (also known as 'ACE', which is part of the VIA PadLock security engine). Ported from OpenBSD.
Reviewed on tech-crypto and port-i386, no objections to commiting this.
|
#
1.29 |
|
14-Jun-2020 |
riastradh |
padlock(4): Don't use prev msg's last block as IV for next msg in CBC.
This violates the security contract of the CBC construction, which requires that the IV be unpredictable in advance; an adaptive adversary can exploit this to verify plaintext guesses.
XXX Compile-tested only.
|
Revision tags: bouyer-xenpvh-base2 phil-wifi-20200421 bouyer-xenpvh-base1 phil-wifi-20200411 bouyer-xenpvh-base phil-wifi-20200406
|
#
1.28 |
|
07-Mar-2020 |
maya |
Fold constant. err is always 0, so switch to return 0;
|
#
1.27 |
|
07-Mar-2020 |
fcambus |
Return error values directly where appropriate, instead of using the err variable.
|
Revision tags: is-mlppp-base ad-namecache-base3 netbsd-9-0-RELEASE netbsd-9-0-RC2 ad-namecache-base2 ad-namecache-base1 ad-namecache-base netbsd-9-0-RC1 phil-wifi-20191119 netbsd-9-base phil-wifi-20190609 isaki-audio2-base pgoyette-compat-20190127 pgoyette-compat-20190118 pgoyette-compat-1226 pgoyette-compat-1126 pgoyette-compat-1020 pgoyette-compat-0930 pgoyette-compat-0906 pgoyette-compat-0728
|
#
1.26 |
|
14-Jul-2018 |
maxv |
Add splhigh() around the FPU code, we don't want to be preempted in the middle, this could corrupt the FPU state and trigger undefined behavior.
Intentionally use splhigh and not kpreempt_disable, to match the generic x86 FPU code.
Compile-tested only (I don't have VIA).
Found by Maya almost a year ago.
|
Revision tags: netbsd-8-2-RELEASE netbsd-8-1-RELEASE netbsd-8-1-RC1 netbsd-8-0-RELEASE phil-wifi-base pgoyette-compat-0625 netbsd-8-0-RC2 pgoyette-compat-0521 pgoyette-compat-0502 pgoyette-compat-0422 netbsd-8-0-RC1 pgoyette-compat-0415 pgoyette-compat-0407 pgoyette-compat-0330 pgoyette-compat-0322 pgoyette-compat-0315 pgoyette-compat-base tls-maxphys-base-20171202 matt-nb8-mediatek-base nick-nhusb-base-20170825 perseant-stdc-iso10646-base netbsd-8-base prg-localcount2-base3 prg-localcount2-base2 prg-localcount2-base1 prg-localcount2-base pgoyette-localcount-20170426 bouyer-socketcan-base1 jdolecek-ncq-base pgoyette-localcount-20170320 nick-nhusb-base-20170204 bouyer-socketcan-base pgoyette-localcount-20170107 nick-nhusb-base-20161204 pgoyette-localcount-20161104 nick-nhusb-base-20161004 localcount-20160914 pgoyette-localcount-20160806 pgoyette-localcount-20160726 pgoyette-localcount-base nick-nhusb-base-20160907 nick-nhusb-base-20160529 nick-nhusb-base-20160422 nick-nhusb-base-20160319
|
#
1.25 |
|
27-Feb-2016 |
tls |
branches: 1.25.16; 1.25.18; Remove callout-based RNG support in VIA crypto driver; add VIA RNG backend for cpu_rng.
|
Revision tags: nick-nhusb-base-20151226 nick-nhusb-base-20150921 nick-nhusb-base-20150606
|
#
1.24 |
|
13-Apr-2015 |
riastradh |
Convert arch/x86 to use <sys/rnd*.h>. Omit needless includes.
|
Revision tags: nick-nhusb-base-20150406 nick-nhusb-base
|
#
1.23 |
|
16-Nov-2014 |
ozaki-r |
branches: 1.23.2; Replace callout_stop with callout_halt
In order to call callout_destroy for a callout safely, we have to ensure the function of the callout is not running and pending. To do so, we should use callout_halt, not callout_stop.
Discussed with martin@ and riastradh@.
|
Revision tags: netbsd-7-base tls-maxphys-base
|
#
1.22 |
|
10-Aug-2014 |
tls |
branches: 1.22.2; Merge tls-earlyentropy branch into HEAD.
|
Revision tags: netbsd-6-0-6-RELEASE netbsd-6-1-5-RELEASE yamt-pagecache-base9 netbsd-6-1-4-RELEASE netbsd-6-0-5-RELEASE tls-earlyentropy-base riastradh-xf86-video-intel-2-7-1-pre-2-21-15 riastradh-drm2-base3 netbsd-6-1-3-RELEASE netbsd-6-0-4-RELEASE netbsd-6-1-2-RELEASE netbsd-6-0-3-RELEASE rmind-smpnet-nbase netbsd-6-1-1-RELEASE riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base rmind-smpnet-base netbsd-6-0-2-RELEASE netbsd-6-1-RELEASE netbsd-6-1-RC4 netbsd-6-1-RC3 agc-symver-base netbsd-6-1-RC2 netbsd-6-1-RC1 yamt-pagecache-base8 netbsd-6-0-1-RELEASE yamt-pagecache-base7 matt-nb6-plus-nbase yamt-pagecache-base6 netbsd-6-0-RELEASE netbsd-6-0-RC2 matt-nb6-plus-base netbsd-6-0-RC1 jmcneill-usbmp-base10 yamt-pagecache-base5 jmcneill-usbmp-base9 yamt-pagecache-base4 jmcneill-usbmp-base8 jmcneill-usbmp-base7 jmcneill-usbmp-base6 jmcneill-usbmp-base5 jmcneill-usbmp-base4 jmcneill-usbmp-base3 jmcneill-usbmp-base2 netbsd-6-base
|
#
1.21 |
|
02-Feb-2012 |
tls |
branches: 1.21.2; 1.21.6; 1.21.20; Entropy-pool implementation move and cleanup.
1) Move core entropy-pool code and source/sink/sample management code to sys/kern from sys/dev.
2) Remove use of NRND as test for presence of entropy-pool code throughout source tree.
3) Remove use of RND_ENABLED in device drivers as microoptimization to avoid expensive operations on disabled entropy sources; make the rnd_add calls do this directly so all callers benefit.
4) Fix bug in recent rnd_add_data()/rnd_add_uint32() changes that might have lead to slight entropy overestimation for some sources.
5) Add new source types for environmental sensors, power sensors, VM system events, and skew between clocks, with a sample implementation for each.
ok releng to go in before the branch due to the difficulty of later pullup (widespread #ifdef removal and moved files). Tested with release builds on amd64 and evbarm and live testing on amd64.
|
#
1.20 |
|
17-Jan-2012 |
jakllsch |
In addition to %[er]ax, rep xstore-rng also clobbers %[er]cx and %[er]di. As such, mark them as outputs, as is done in the VIA Padlock example code. Additionally, let's assume that VIAC3_RNG_BUFSIZ is in bytes and not DWords. Furthermore assume that there are not 1 but NBBY bits of entropy per byte.
Fixes PR kern/45847 for me.
|
#
1.19 |
|
17-Jan-2012 |
jakllsch |
leading whitespace too!
|
#
1.18 |
|
17-Jan-2012 |
jakllsch |
drop trailing whitespace
|
Revision tags: jmcneill-usbmp-pre-base2 jmcneill-usbmp-base
|
#
1.17 |
|
28-Nov-2011 |
tls |
branches: 1.17.2; Fix one last dangling use of arc4randbytes().
|
#
1.16 |
|
19-Nov-2011 |
tls |
First step of random number subsystem rework described in <20111022023242.BA26F14A158@mail.netbsd.org>. This change includes the following:
An initial cleanup and minor reorganization of the entropy pool code in sys/dev/rnd.c and sys/dev/rndpool.c. Several bugs are fixed. Some effort is made to accumulate entropy more quickly at boot time.
A generic interface, "rndsink", is added, for stream generators to request that they be re-keyed with good quality entropy from the pool as soon as it is available.
The arc4random()/arc4randbytes() implementation in libkern is adjusted to use the rndsink interface for rekeying, which helps address the problem of low-quality keys at boot time.
An implementation of the FIPS 140-2 statistical tests for random number generator quality is provided (libkern/rngtest.c). This is based on Greg Rose's implementation from Qualcomm.
A new random stream generator, nist_ctr_drbg, is provided. It is based on an implementation of the NIST SP800-90 CTR_DRBG by Henric Jungheim. This generator users AES in a modified counter mode to generate a backtracking-resistant random stream.
An abstraction layer, "cprng", is provided for in-kernel consumers of randomness. The arc4random/arc4randbytes API is deprecated for in-kernel use. It is replaced by "cprng_strong". The current cprng_fast implementation wraps the existing arc4random implementation. The current cprng_strong implementation wraps the new CTR_DRBG implementation. Both interfaces are rekeyed from the entropy pool automatically at intervals justifiable from best current cryptographic practice.
In some quick tests, cprng_fast() is about the same speed as the old arc4randbytes(), and cprng_strong() is about 20% faster than rnd_extract_data(). Performance is expected to improve.
The AES code in src/crypto/rijndael is no longer an optional kernel component, as it is required by cprng_strong, which is not an optional kernel component.
The entropy pool output is subjected to the rngtest tests at startup time; if it fails, the system will reboot. There is approximately a 3/10000 chance of a false positive from these tests. Entropy pool _input_ from hardware random numbers is subjected to the rngtest tests at attach time, as well as the FIPS continuous-output test, to detect bad or stuck hardware RNGs; if any are detected, they are detached, but the system continues to run.
A problem with rndctl(8) is fixed -- datastructures with pointers in arrays are no longer passed to userspace (this was not a security problem, but rather a major issue for compat32). A new kernel will require a new rndctl.
The sysctl kern.arandom() and kern.urandom() nodes are hooked up to the new generators, but the /dev/*random pseudodevices are not, yet.
Manual pages for the new kernel interfaces are forthcoming.
|
Revision tags: jmcneill-audiomp3-base yamt-pagecache-base3 yamt-pagecache-base2 yamt-pagecache-base rmind-uvmplock-nbase cherry-xenmp-base rmind-uvmplock-base jym-xensuspend-nbase jym-xensuspend-base
|
#
1.15 |
|
24-May-2011 |
drochner |
branches: 1.15.4; move the "context size" struct member (which is a pure software implementation thing) from the abstract xform descriptor to the cryptosoft implementation part -- for sanity, and now clients of opencrypto don't depend on headers of cipher implementations anymore
|
Revision tags: bouyer-quota2-nbase
|
#
1.14 |
|
19-Feb-2011 |
jmcneill |
modularize VIA PadLock support - retire options VIA_PADLOCK, replace with 'padlock0 at cpu0' - driver supports attach & detach - support building as a module
|
Revision tags: uebayasi-xip-base7 bouyer-quota2-base jruoho-x86intr-base matt-mips64-premerge-20101231 uebayasi-xip-base6 uebayasi-xip-base5 uebayasi-xip-base4 uebayasi-xip-base3 yamt-nfs-mp-base11 uebayasi-xip-base2 yamt-nfs-mp-base10 uebayasi-xip-base1
|
#
1.13 |
|
22-Apr-2010 |
jym |
branches: 1.13.2; 1.13.4; Uses cpu_feature, so include <machine/cpuvar.h>
|
#
1.12 |
|
18-Apr-2010 |
jym |
This patch fixes the NX regression issue observed on amd64 kernels, where per-page execution right was disabled (therefore leading to the inability of the kernel to detect fraudulent use of memory mappings marked as not being executable).
- replace cpu_feature and ci_feature_flags variables by cpu_feature and ci_feat_val arrays. This makes it cleaner and brings kernel code closer to the design of cpuctl(8). A warning will be raised for each CPU that does not expose the same features as the Boot Processor (BP).
- the blacklist of CPU features is now a macro defined in the specialreg.h header, instead of hardcoding it inside MD initialization code; fix comments.
- replace checks against CPUID_TSC with the cpu_hascounter() function.
- clean up the code in init_x86_64(), as cpu_feature variables are set inside cpu_probe().
- use cpu_init_msrs() for i386. It will be eventually used later for NX feature under i386 PAE kernels.
- remove code that checks for CPUID_NOX in amd64 mptramp.S, this is already performed by cpu_hatch() through cpu_init_msrs().
- remove cpu_signature and feature_flags members from struct mpbios_proc (they were never used).
This patch was tested with i386 MONOLITHIC, XEN3PAE_DOM0 and XEN3_DOM0 under a native i386 host, and amd64 GENERIC, XEN3_DOM0 via QEMU virtual machines.
XXX Should kernel rev be bumped?
XXX A similar patch should be pulled-up for NetBSD-5, hopefully tomorrow.
|
Revision tags: yamt-nfs-mp-base9 uebayasi-xip-base matt-premerge-20091211 yamt-nfs-mp-base8 yamt-nfs-mp-base7 jymxensuspend-base yamt-nfs-mp-base6 yamt-nfs-mp-base5 yamt-nfs-mp-base4 yamt-nfs-mp-base3 nick-hppapmap-base4 nick-hppapmap-base3 nick-hppapmap-base
|
#
1.11 |
|
01-Apr-2009 |
tls |
branches: 1.11.2; 1.11.4; Fix probe for VIA C3 and successors -- these are CPU family 6, not 5. The broken probe was causing the VIA padlock driver to never attach! Now we can see that its AES appears to be broken -- it makes FAST_IPSEC ESP not work, on systems where it works fine with cryptosoft.
Rework code to detect and (if necessary) enable VIA crypto and RNG. Add RNG support to VIA padlock driver. In the process, have a quick go at debugging the AES support but no luck thus far.
|
Revision tags: nick-hppapmap-base2 mjf-devfs2-base
|
#
1.10 |
|
17-Dec-2008 |
cegger |
branches: 1.10.2; kill MALLOC and FREE macros.
|
Revision tags: matt-nb5-mips64-premerge-20101231 matt-nb5-mips64-k15 netbsd-5-1-RC1 netbsd-5-0-2-RELEASE matt-nb5-mips64-premerge-20091211 matt-nb5-mips64-u2-k2-k4-k7-k8-k9 matt-nb4-mips64-k7-u2a-k9b matt-nb5-mips64-u1-k1-k5 netbsd-5-0-1-RELEASE netbsd-5-0-RELEASE netbsd-5-0-RC4 netbsd-5-0-RC3 netbsd-5-0-RC2 netbsd-5-0-RC1 haad-dm-base2 haad-nbase2 ad-audiomp2-base netbsd-5-base matt-mips64-base2 haad-dm-base1 wrstuden-revivesa-base-4 wrstuden-revivesa-base-3 wrstuden-revivesa-base-2 haad-dm-base wrstuden-revivesa-base-1 simonb-wapbl-nbase yamt-pf42-base4 simonb-wapbl-base yamt-pf42-base3 hpcarm-cleanup-nbase yamt-pf42-baseX yamt-pf42-base2 yamt-pf42-X yamt-nfs-mp-base2 wrstuden-revivesa-base yamt-nfs-mp-base yamt-pf42-base
|
#
1.9 |
|
16-Apr-2008 |
cegger |
branches: 1.9.4; 1.9.12; 1.9.14; 1.9.20; - use aprint_*_dev and device_xname - use POSIX integer types
|
Revision tags: ad-socklock-base1 yamt-lazymbuf-base15 yamt-lazymbuf-base14 keiichi-mipv6-nbase nick-net80211-sync-base keiichi-mipv6-base matt-armv6-nbase mjf-devfs-base hpcarm-cleanup-base
|
#
1.8 |
|
02-Feb-2008 |
tls |
branches: 1.8.6; From Darran Hunt at Coyote Point: don't truncate HMAC to 96 bits unless actually asked to.
Fixed in FreeBSD a while ago, discussed on tech-kern and tech-crypto.
|
Revision tags: bouyer-xeni386-nbase bouyer-xeni386-base matt-armv6-base
|
#
1.7 |
|
04-Jan-2008 |
ad |
Start detangling lock.h from intr.h. This is likely to cause short term breakage, but the mess of dependencies has been regularly breaking the build recently anyhow.
|
Revision tags: vmlocking2-base3 yamt-kmem-base3 cube-autoconf-base yamt-kmem-base2 yamt-kmem-base vmlocking2-base2 reinoud-bufcleanup-nbase vmlocking2-base1 jmcneill-base bouyer-xenamd64-base2 vmlocking-nbase yamt-x86pmap-base4 bouyer-xenamd64-base jmcneill-pm-base reinoud-bufcleanup-base
|
#
1.6 |
|
17-Oct-2007 |
garbled |
branches: 1.6.2; 1.6.8; Merge the ppcoea-renovation branch to HEAD.
This branch was a major cleanup and rototill of many of the various OEA cpu based PPC ports that focused on sharing as much code as possible between the various ports to eliminate near-identical copies of files in every tree. Additionally there is a new PIC system that unifies the interface to interrupt code for all different OEA ppc arches. The work for this branch was done by a variety of people, too long to list here.
TODO: bebox still needs work to complete the transition to -renovation. ofppc still needs a bunch of work, which I will be looking at. ev64260 still needs to be renovated amigappc was not attempted.
NOTES: pmppc was removed as an arch, and moved to a evbppc target.
|
Revision tags: nick-csl-alignment-base5 yamt-x86pmap-base3 yamt-x86pmap-base2 yamt-x86pmap-base nick-csl-alignment-base matt-mips64-base ppcoea-renovation-base mjf-ufs-trans-base vmlocking-base
|
#
1.5 |
|
03-Jul-2007 |
christos |
branches: 1.5.10; Support for VIA Esther (From FreeBSD)
|
Revision tags: yamt-idlelwp-base8 thorpej-atomic-base
|
#
1.4 |
|
21-Mar-2007 |
xtraeme |
branches: 1.4.4; Add missing $ in the RCS ID.
|
#
1.3 |
|
11-Mar-2007 |
christos |
branches: 1.3.2; 1.3.4; more caddr_t lossage
|
#
1.2 |
|
04-Mar-2007 |
christos |
branches: 1.2.2; Kill caddr_t; there will be some MI fallout, but it will be fixed shortly.
|
Revision tags: ad-audiomp-base
|
#
1.1 |
|
17-Feb-2007 |
daniel |
branches: 1.1.2; 1.1.4; Add an opencrypto provider for the AES xcrypt instructions found on VIA C5P and later cores (also known as 'ACE', which is part of the VIA PadLock security engine). Ported from OpenBSD.
Reviewed on tech-crypto and port-i386, no objections to commiting this.
|
#
1.28 |
|
07-Mar-2020 |
maya |
Fold constant. err is always 0, so switch to return 0;
|
#
1.27 |
|
07-Mar-2020 |
fcambus |
Return error values directly where appropriate, instead of using the err variable.
|
Revision tags: ad-namecache-base3 netbsd-9-0-RELEASE netbsd-9-0-RC2 ad-namecache-base2 ad-namecache-base1 ad-namecache-base netbsd-9-0-RC1 phil-wifi-20191119 netbsd-9-base phil-wifi-20190609 isaki-audio2-base pgoyette-compat-20190127 pgoyette-compat-20190118 pgoyette-compat-1226 pgoyette-compat-1126 pgoyette-compat-1020 pgoyette-compat-0930 pgoyette-compat-0906 pgoyette-compat-0728
|
#
1.26 |
|
14-Jul-2018 |
maxv |
Add splhigh() around the FPU code, we don't want to be preempted in the middle, this could corrupt the FPU state and trigger undefined behavior.
Intentionally use splhigh and not kpreempt_disable, to match the generic x86 FPU code.
Compile-tested only (I don't have VIA).
Found by Maya almost a year ago.
|
Revision tags: netbsd-8-1-RELEASE netbsd-8-1-RC1 netbsd-8-0-RELEASE phil-wifi-base pgoyette-compat-0625 netbsd-8-0-RC2 pgoyette-compat-0521 pgoyette-compat-0502 pgoyette-compat-0422 netbsd-8-0-RC1 pgoyette-compat-0415 pgoyette-compat-0407 pgoyette-compat-0330 pgoyette-compat-0322 pgoyette-compat-0315 pgoyette-compat-base tls-maxphys-base-20171202 matt-nb8-mediatek-base nick-nhusb-base-20170825 perseant-stdc-iso10646-base netbsd-8-base prg-localcount2-base3 prg-localcount2-base2 prg-localcount2-base1 prg-localcount2-base pgoyette-localcount-20170426 bouyer-socketcan-base1 jdolecek-ncq-base pgoyette-localcount-20170320 nick-nhusb-base-20170204 bouyer-socketcan-base pgoyette-localcount-20170107 nick-nhusb-base-20161204 pgoyette-localcount-20161104 nick-nhusb-base-20161004 localcount-20160914 pgoyette-localcount-20160806 pgoyette-localcount-20160726 pgoyette-localcount-base nick-nhusb-base-20160907 nick-nhusb-base-20160529 nick-nhusb-base-20160422 nick-nhusb-base-20160319
|
#
1.25 |
|
27-Feb-2016 |
tls |
branches: 1.25.16; 1.25.18; Remove callout-based RNG support in VIA crypto driver; add VIA RNG backend for cpu_rng.
|
Revision tags: nick-nhusb-base-20151226 nick-nhusb-base-20150921 nick-nhusb-base-20150606
|
#
1.24 |
|
13-Apr-2015 |
riastradh |
Convert arch/x86 to use <sys/rnd*.h>. Omit needless includes.
|
Revision tags: nick-nhusb-base-20150406 nick-nhusb-base
|
#
1.23 |
|
16-Nov-2014 |
ozaki-r |
branches: 1.23.2; Replace callout_stop with callout_halt
In order to call callout_destroy for a callout safely, we have to ensure the function of the callout is not running and pending. To do so, we should use callout_halt, not callout_stop.
Discussed with martin@ and riastradh@.
|
Revision tags: netbsd-7-base tls-maxphys-base
|
#
1.22 |
|
10-Aug-2014 |
tls |
branches: 1.22.2; Merge tls-earlyentropy branch into HEAD.
|
Revision tags: netbsd-6-0-6-RELEASE netbsd-6-1-5-RELEASE yamt-pagecache-base9 netbsd-6-1-4-RELEASE netbsd-6-0-5-RELEASE tls-earlyentropy-base riastradh-xf86-video-intel-2-7-1-pre-2-21-15 riastradh-drm2-base3 netbsd-6-1-3-RELEASE netbsd-6-0-4-RELEASE netbsd-6-1-2-RELEASE netbsd-6-0-3-RELEASE rmind-smpnet-nbase netbsd-6-1-1-RELEASE riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base rmind-smpnet-base netbsd-6-0-2-RELEASE netbsd-6-1-RELEASE netbsd-6-1-RC4 netbsd-6-1-RC3 agc-symver-base netbsd-6-1-RC2 netbsd-6-1-RC1 yamt-pagecache-base8 netbsd-6-0-1-RELEASE yamt-pagecache-base7 matt-nb6-plus-nbase yamt-pagecache-base6 netbsd-6-0-RELEASE netbsd-6-0-RC2 matt-nb6-plus-base netbsd-6-0-RC1 jmcneill-usbmp-base10 yamt-pagecache-base5 jmcneill-usbmp-base9 yamt-pagecache-base4 jmcneill-usbmp-base8 jmcneill-usbmp-base7 jmcneill-usbmp-base6 jmcneill-usbmp-base5 jmcneill-usbmp-base4 jmcneill-usbmp-base3 jmcneill-usbmp-base2 netbsd-6-base
|
#
1.21 |
|
02-Feb-2012 |
tls |
branches: 1.21.2; 1.21.6; 1.21.20; Entropy-pool implementation move and cleanup.
1) Move core entropy-pool code and source/sink/sample management code to sys/kern from sys/dev.
2) Remove use of NRND as test for presence of entropy-pool code throughout source tree.
3) Remove use of RND_ENABLED in device drivers as microoptimization to avoid expensive operations on disabled entropy sources; make the rnd_add calls do this directly so all callers benefit.
4) Fix bug in recent rnd_add_data()/rnd_add_uint32() changes that might have lead to slight entropy overestimation for some sources.
5) Add new source types for environmental sensors, power sensors, VM system events, and skew between clocks, with a sample implementation for each.
ok releng to go in before the branch due to the difficulty of later pullup (widespread #ifdef removal and moved files). Tested with release builds on amd64 and evbarm and live testing on amd64.
|
#
1.20 |
|
17-Jan-2012 |
jakllsch |
In addition to %[er]ax, rep xstore-rng also clobbers %[er]cx and %[er]di. As such, mark them as outputs, as is done in the VIA Padlock example code. Additionally, let's assume that VIAC3_RNG_BUFSIZ is in bytes and not DWords. Furthermore assume that there are not 1 but NBBY bits of entropy per byte.
Fixes PR kern/45847 for me.
|
#
1.19 |
|
17-Jan-2012 |
jakllsch |
leading whitespace too!
|
#
1.18 |
|
17-Jan-2012 |
jakllsch |
drop trailing whitespace
|
Revision tags: jmcneill-usbmp-pre-base2 jmcneill-usbmp-base
|
#
1.17 |
|
28-Nov-2011 |
tls |
branches: 1.17.2; Fix one last dangling use of arc4randbytes().
|
#
1.16 |
|
19-Nov-2011 |
tls |
First step of random number subsystem rework described in <20111022023242.BA26F14A158@mail.netbsd.org>. This change includes the following:
An initial cleanup and minor reorganization of the entropy pool code in sys/dev/rnd.c and sys/dev/rndpool.c. Several bugs are fixed. Some effort is made to accumulate entropy more quickly at boot time.
A generic interface, "rndsink", is added, for stream generators to request that they be re-keyed with good quality entropy from the pool as soon as it is available.
The arc4random()/arc4randbytes() implementation in libkern is adjusted to use the rndsink interface for rekeying, which helps address the problem of low-quality keys at boot time.
An implementation of the FIPS 140-2 statistical tests for random number generator quality is provided (libkern/rngtest.c). This is based on Greg Rose's implementation from Qualcomm.
A new random stream generator, nist_ctr_drbg, is provided. It is based on an implementation of the NIST SP800-90 CTR_DRBG by Henric Jungheim. This generator users AES in a modified counter mode to generate a backtracking-resistant random stream.
An abstraction layer, "cprng", is provided for in-kernel consumers of randomness. The arc4random/arc4randbytes API is deprecated for in-kernel use. It is replaced by "cprng_strong". The current cprng_fast implementation wraps the existing arc4random implementation. The current cprng_strong implementation wraps the new CTR_DRBG implementation. Both interfaces are rekeyed from the entropy pool automatically at intervals justifiable from best current cryptographic practice.
In some quick tests, cprng_fast() is about the same speed as the old arc4randbytes(), and cprng_strong() is about 20% faster than rnd_extract_data(). Performance is expected to improve.
The AES code in src/crypto/rijndael is no longer an optional kernel component, as it is required by cprng_strong, which is not an optional kernel component.
The entropy pool output is subjected to the rngtest tests at startup time; if it fails, the system will reboot. There is approximately a 3/10000 chance of a false positive from these tests. Entropy pool _input_ from hardware random numbers is subjected to the rngtest tests at attach time, as well as the FIPS continuous-output test, to detect bad or stuck hardware RNGs; if any are detected, they are detached, but the system continues to run.
A problem with rndctl(8) is fixed -- datastructures with pointers in arrays are no longer passed to userspace (this was not a security problem, but rather a major issue for compat32). A new kernel will require a new rndctl.
The sysctl kern.arandom() and kern.urandom() nodes are hooked up to the new generators, but the /dev/*random pseudodevices are not, yet.
Manual pages for the new kernel interfaces are forthcoming.
|
Revision tags: jmcneill-audiomp3-base yamt-pagecache-base3 yamt-pagecache-base2 yamt-pagecache-base rmind-uvmplock-nbase cherry-xenmp-base rmind-uvmplock-base jym-xensuspend-nbase jym-xensuspend-base
|
#
1.15 |
|
24-May-2011 |
drochner |
branches: 1.15.4; move the "context size" struct member (which is a pure software implementation thing) from the abstract xform descriptor to the cryptosoft implementation part -- for sanity, and now clients of opencrypto don't depend on headers of cipher implementations anymore
|
Revision tags: bouyer-quota2-nbase
|
#
1.14 |
|
19-Feb-2011 |
jmcneill |
modularize VIA PadLock support - retire options VIA_PADLOCK, replace with 'padlock0 at cpu0' - driver supports attach & detach - support building as a module
|
Revision tags: uebayasi-xip-base7 bouyer-quota2-base jruoho-x86intr-base matt-mips64-premerge-20101231 uebayasi-xip-base6 uebayasi-xip-base5 uebayasi-xip-base4 uebayasi-xip-base3 yamt-nfs-mp-base11 uebayasi-xip-base2 yamt-nfs-mp-base10 uebayasi-xip-base1
|
#
1.13 |
|
22-Apr-2010 |
jym |
branches: 1.13.2; 1.13.4; Uses cpu_feature, so include <machine/cpuvar.h>
|
#
1.12 |
|
18-Apr-2010 |
jym |
This patch fixes the NX regression issue observed on amd64 kernels, where per-page execution right was disabled (therefore leading to the inability of the kernel to detect fraudulent use of memory mappings marked as not being executable).
- replace cpu_feature and ci_feature_flags variables by cpu_feature and ci_feat_val arrays. This makes it cleaner and brings kernel code closer to the design of cpuctl(8). A warning will be raised for each CPU that does not expose the same features as the Boot Processor (BP).
- the blacklist of CPU features is now a macro defined in the specialreg.h header, instead of hardcoding it inside MD initialization code; fix comments.
- replace checks against CPUID_TSC with the cpu_hascounter() function.
- clean up the code in init_x86_64(), as cpu_feature variables are set inside cpu_probe().
- use cpu_init_msrs() for i386. It will be eventually used later for NX feature under i386 PAE kernels.
- remove code that checks for CPUID_NOX in amd64 mptramp.S, this is already performed by cpu_hatch() through cpu_init_msrs().
- remove cpu_signature and feature_flags members from struct mpbios_proc (they were never used).
This patch was tested with i386 MONOLITHIC, XEN3PAE_DOM0 and XEN3_DOM0 under a native i386 host, and amd64 GENERIC, XEN3_DOM0 via QEMU virtual machines.
XXX Should kernel rev be bumped?
XXX A similar patch should be pulled-up for NetBSD-5, hopefully tomorrow.
|
Revision tags: yamt-nfs-mp-base9 uebayasi-xip-base matt-premerge-20091211 yamt-nfs-mp-base8 yamt-nfs-mp-base7 jymxensuspend-base yamt-nfs-mp-base6 yamt-nfs-mp-base5 yamt-nfs-mp-base4 yamt-nfs-mp-base3 nick-hppapmap-base4 nick-hppapmap-base3 nick-hppapmap-base
|
#
1.11 |
|
01-Apr-2009 |
tls |
branches: 1.11.2; 1.11.4; Fix probe for VIA C3 and successors -- these are CPU family 6, not 5. The broken probe was causing the VIA padlock driver to never attach! Now we can see that its AES appears to be broken -- it makes FAST_IPSEC ESP not work, on systems where it works fine with cryptosoft.
Rework code to detect and (if necessary) enable VIA crypto and RNG. Add RNG support to VIA padlock driver. In the process, have a quick go at debugging the AES support but no luck thus far.
|
Revision tags: nick-hppapmap-base2 mjf-devfs2-base
|
#
1.10 |
|
17-Dec-2008 |
cegger |
branches: 1.10.2; kill MALLOC and FREE macros.
|
Revision tags: matt-nb5-mips64-premerge-20101231 matt-nb5-mips64-k15 netbsd-5-1-RC1 netbsd-5-0-2-RELEASE matt-nb5-mips64-premerge-20091211 matt-nb5-mips64-u2-k2-k4-k7-k8-k9 matt-nb4-mips64-k7-u2a-k9b matt-nb5-mips64-u1-k1-k5 netbsd-5-0-1-RELEASE netbsd-5-0-RELEASE netbsd-5-0-RC4 netbsd-5-0-RC3 netbsd-5-0-RC2 netbsd-5-0-RC1 haad-dm-base2 haad-nbase2 ad-audiomp2-base netbsd-5-base matt-mips64-base2 haad-dm-base1 wrstuden-revivesa-base-4 wrstuden-revivesa-base-3 wrstuden-revivesa-base-2 haad-dm-base wrstuden-revivesa-base-1 simonb-wapbl-nbase yamt-pf42-base4 simonb-wapbl-base yamt-pf42-base3 hpcarm-cleanup-nbase yamt-pf42-baseX yamt-pf42-base2 yamt-pf42-X yamt-nfs-mp-base2 wrstuden-revivesa-base yamt-nfs-mp-base yamt-pf42-base
|
#
1.9 |
|
16-Apr-2008 |
cegger |
branches: 1.9.4; 1.9.12; 1.9.14; 1.9.20; - use aprint_*_dev and device_xname - use POSIX integer types
|
Revision tags: ad-socklock-base1 yamt-lazymbuf-base15 yamt-lazymbuf-base14 keiichi-mipv6-nbase nick-net80211-sync-base keiichi-mipv6-base matt-armv6-nbase mjf-devfs-base hpcarm-cleanup-base
|
#
1.8 |
|
02-Feb-2008 |
tls |
branches: 1.8.6; From Darran Hunt at Coyote Point: don't truncate HMAC to 96 bits unless actually asked to.
Fixed in FreeBSD a while ago, discussed on tech-kern and tech-crypto.
|
Revision tags: bouyer-xeni386-nbase bouyer-xeni386-base matt-armv6-base
|
#
1.7 |
|
04-Jan-2008 |
ad |
Start detangling lock.h from intr.h. This is likely to cause short term breakage, but the mess of dependencies has been regularly breaking the build recently anyhow.
|
Revision tags: vmlocking2-base3 yamt-kmem-base3 cube-autoconf-base yamt-kmem-base2 yamt-kmem-base vmlocking2-base2 reinoud-bufcleanup-nbase vmlocking2-base1 jmcneill-base bouyer-xenamd64-base2 vmlocking-nbase yamt-x86pmap-base4 bouyer-xenamd64-base jmcneill-pm-base reinoud-bufcleanup-base
|
#
1.6 |
|
17-Oct-2007 |
garbled |
branches: 1.6.2; 1.6.8; Merge the ppcoea-renovation branch to HEAD.
This branch was a major cleanup and rototill of many of the various OEA cpu based PPC ports that focused on sharing as much code as possible between the various ports to eliminate near-identical copies of files in every tree. Additionally there is a new PIC system that unifies the interface to interrupt code for all different OEA ppc arches. The work for this branch was done by a variety of people, too long to list here.
TODO: bebox still needs work to complete the transition to -renovation. ofppc still needs a bunch of work, which I will be looking at. ev64260 still needs to be renovated amigappc was not attempted.
NOTES: pmppc was removed as an arch, and moved to a evbppc target.
|
Revision tags: nick-csl-alignment-base5 yamt-x86pmap-base3 yamt-x86pmap-base2 yamt-x86pmap-base nick-csl-alignment-base matt-mips64-base ppcoea-renovation-base mjf-ufs-trans-base vmlocking-base
|
#
1.5 |
|
03-Jul-2007 |
christos |
branches: 1.5.10; Support for VIA Esther (From FreeBSD)
|
Revision tags: yamt-idlelwp-base8 thorpej-atomic-base
|
#
1.4 |
|
21-Mar-2007 |
xtraeme |
branches: 1.4.4; Add missing $ in the RCS ID.
|
#
1.3 |
|
11-Mar-2007 |
christos |
branches: 1.3.2; 1.3.4; more caddr_t lossage
|
#
1.2 |
|
04-Mar-2007 |
christos |
branches: 1.2.2; Kill caddr_t; there will be some MI fallout, but it will be fixed shortly.
|
Revision tags: ad-audiomp-base
|
#
1.1 |
|
17-Feb-2007 |
daniel |
branches: 1.1.2; 1.1.4; Add an opencrypto provider for the AES xcrypt instructions found on VIA C5P and later cores (also known as 'ACE', which is part of the VIA PadLock security engine). Ported from OpenBSD.
Reviewed on tech-crypto and port-i386, no objections to commiting this.
|
#
1.27 |
|
07-Mar-2020 |
fcambus |
Return error values directly where appropriate, instead of using the err variable.
|
Revision tags: ad-namecache-base3 netbsd-9-0-RELEASE netbsd-9-0-RC2 ad-namecache-base2 ad-namecache-base1 ad-namecache-base netbsd-9-0-RC1 phil-wifi-20191119 netbsd-9-base phil-wifi-20190609 isaki-audio2-base pgoyette-compat-20190127 pgoyette-compat-20190118 pgoyette-compat-1226 pgoyette-compat-1126 pgoyette-compat-1020 pgoyette-compat-0930 pgoyette-compat-0906 pgoyette-compat-0728
|
#
1.26 |
|
14-Jul-2018 |
maxv |
Add splhigh() around the FPU code, we don't want to be preempted in the middle, this could corrupt the FPU state and trigger undefined behavior.
Intentionally use splhigh and not kpreempt_disable, to match the generic x86 FPU code.
Compile-tested only (I don't have VIA).
Found by Maya almost a year ago.
|
Revision tags: netbsd-8-1-RELEASE netbsd-8-1-RC1 netbsd-8-0-RELEASE phil-wifi-base pgoyette-compat-0625 netbsd-8-0-RC2 pgoyette-compat-0521 pgoyette-compat-0502 pgoyette-compat-0422 netbsd-8-0-RC1 pgoyette-compat-0415 pgoyette-compat-0407 pgoyette-compat-0330 pgoyette-compat-0322 pgoyette-compat-0315 pgoyette-compat-base tls-maxphys-base-20171202 matt-nb8-mediatek-base nick-nhusb-base-20170825 perseant-stdc-iso10646-base netbsd-8-base prg-localcount2-base3 prg-localcount2-base2 prg-localcount2-base1 prg-localcount2-base pgoyette-localcount-20170426 bouyer-socketcan-base1 jdolecek-ncq-base pgoyette-localcount-20170320 nick-nhusb-base-20170204 bouyer-socketcan-base pgoyette-localcount-20170107 nick-nhusb-base-20161204 pgoyette-localcount-20161104 nick-nhusb-base-20161004 localcount-20160914 pgoyette-localcount-20160806 pgoyette-localcount-20160726 pgoyette-localcount-base nick-nhusb-base-20160907 nick-nhusb-base-20160529 nick-nhusb-base-20160422 nick-nhusb-base-20160319
|
#
1.25 |
|
27-Feb-2016 |
tls |
branches: 1.25.16; 1.25.18; Remove callout-based RNG support in VIA crypto driver; add VIA RNG backend for cpu_rng.
|
Revision tags: nick-nhusb-base-20151226 nick-nhusb-base-20150921 nick-nhusb-base-20150606
|
#
1.24 |
|
13-Apr-2015 |
riastradh |
Convert arch/x86 to use <sys/rnd*.h>. Omit needless includes.
|
Revision tags: nick-nhusb-base-20150406 nick-nhusb-base
|
#
1.23 |
|
16-Nov-2014 |
ozaki-r |
branches: 1.23.2; Replace callout_stop with callout_halt
In order to call callout_destroy for a callout safely, we have to ensure the function of the callout is not running and pending. To do so, we should use callout_halt, not callout_stop.
Discussed with martin@ and riastradh@.
|
Revision tags: netbsd-7-base tls-maxphys-base
|
#
1.22 |
|
10-Aug-2014 |
tls |
branches: 1.22.2; Merge tls-earlyentropy branch into HEAD.
|
Revision tags: netbsd-6-0-6-RELEASE netbsd-6-1-5-RELEASE yamt-pagecache-base9 netbsd-6-1-4-RELEASE netbsd-6-0-5-RELEASE tls-earlyentropy-base riastradh-xf86-video-intel-2-7-1-pre-2-21-15 riastradh-drm2-base3 netbsd-6-1-3-RELEASE netbsd-6-0-4-RELEASE netbsd-6-1-2-RELEASE netbsd-6-0-3-RELEASE rmind-smpnet-nbase netbsd-6-1-1-RELEASE riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base rmind-smpnet-base netbsd-6-0-2-RELEASE netbsd-6-1-RELEASE netbsd-6-1-RC4 netbsd-6-1-RC3 agc-symver-base netbsd-6-1-RC2 netbsd-6-1-RC1 yamt-pagecache-base8 netbsd-6-0-1-RELEASE yamt-pagecache-base7 matt-nb6-plus-nbase yamt-pagecache-base6 netbsd-6-0-RELEASE netbsd-6-0-RC2 matt-nb6-plus-base netbsd-6-0-RC1 jmcneill-usbmp-base10 yamt-pagecache-base5 jmcneill-usbmp-base9 yamt-pagecache-base4 jmcneill-usbmp-base8 jmcneill-usbmp-base7 jmcneill-usbmp-base6 jmcneill-usbmp-base5 jmcneill-usbmp-base4 jmcneill-usbmp-base3 jmcneill-usbmp-base2 netbsd-6-base
|
#
1.21 |
|
02-Feb-2012 |
tls |
branches: 1.21.2; 1.21.6; 1.21.20; Entropy-pool implementation move and cleanup.
1) Move core entropy-pool code and source/sink/sample management code to sys/kern from sys/dev.
2) Remove use of NRND as test for presence of entropy-pool code throughout source tree.
3) Remove use of RND_ENABLED in device drivers as microoptimization to avoid expensive operations on disabled entropy sources; make the rnd_add calls do this directly so all callers benefit.
4) Fix bug in recent rnd_add_data()/rnd_add_uint32() changes that might have lead to slight entropy overestimation for some sources.
5) Add new source types for environmental sensors, power sensors, VM system events, and skew between clocks, with a sample implementation for each.
ok releng to go in before the branch due to the difficulty of later pullup (widespread #ifdef removal and moved files). Tested with release builds on amd64 and evbarm and live testing on amd64.
|
#
1.20 |
|
17-Jan-2012 |
jakllsch |
In addition to %[er]ax, rep xstore-rng also clobbers %[er]cx and %[er]di. As such, mark them as outputs, as is done in the VIA Padlock example code. Additionally, let's assume that VIAC3_RNG_BUFSIZ is in bytes and not DWords. Furthermore assume that there are not 1 but NBBY bits of entropy per byte.
Fixes PR kern/45847 for me.
|
#
1.19 |
|
17-Jan-2012 |
jakllsch |
leading whitespace too!
|
#
1.18 |
|
17-Jan-2012 |
jakllsch |
drop trailing whitespace
|
Revision tags: jmcneill-usbmp-pre-base2 jmcneill-usbmp-base
|
#
1.17 |
|
28-Nov-2011 |
tls |
branches: 1.17.2; Fix one last dangling use of arc4randbytes().
|
#
1.16 |
|
19-Nov-2011 |
tls |
First step of random number subsystem rework described in <20111022023242.BA26F14A158@mail.netbsd.org>. This change includes the following:
An initial cleanup and minor reorganization of the entropy pool code in sys/dev/rnd.c and sys/dev/rndpool.c. Several bugs are fixed. Some effort is made to accumulate entropy more quickly at boot time.
A generic interface, "rndsink", is added, for stream generators to request that they be re-keyed with good quality entropy from the pool as soon as it is available.
The arc4random()/arc4randbytes() implementation in libkern is adjusted to use the rndsink interface for rekeying, which helps address the problem of low-quality keys at boot time.
An implementation of the FIPS 140-2 statistical tests for random number generator quality is provided (libkern/rngtest.c). This is based on Greg Rose's implementation from Qualcomm.
A new random stream generator, nist_ctr_drbg, is provided. It is based on an implementation of the NIST SP800-90 CTR_DRBG by Henric Jungheim. This generator users AES in a modified counter mode to generate a backtracking-resistant random stream.
An abstraction layer, "cprng", is provided for in-kernel consumers of randomness. The arc4random/arc4randbytes API is deprecated for in-kernel use. It is replaced by "cprng_strong". The current cprng_fast implementation wraps the existing arc4random implementation. The current cprng_strong implementation wraps the new CTR_DRBG implementation. Both interfaces are rekeyed from the entropy pool automatically at intervals justifiable from best current cryptographic practice.
In some quick tests, cprng_fast() is about the same speed as the old arc4randbytes(), and cprng_strong() is about 20% faster than rnd_extract_data(). Performance is expected to improve.
The AES code in src/crypto/rijndael is no longer an optional kernel component, as it is required by cprng_strong, which is not an optional kernel component.
The entropy pool output is subjected to the rngtest tests at startup time; if it fails, the system will reboot. There is approximately a 3/10000 chance of a false positive from these tests. Entropy pool _input_ from hardware random numbers is subjected to the rngtest tests at attach time, as well as the FIPS continuous-output test, to detect bad or stuck hardware RNGs; if any are detected, they are detached, but the system continues to run.
A problem with rndctl(8) is fixed -- datastructures with pointers in arrays are no longer passed to userspace (this was not a security problem, but rather a major issue for compat32). A new kernel will require a new rndctl.
The sysctl kern.arandom() and kern.urandom() nodes are hooked up to the new generators, but the /dev/*random pseudodevices are not, yet.
Manual pages for the new kernel interfaces are forthcoming.
|
Revision tags: jmcneill-audiomp3-base yamt-pagecache-base3 yamt-pagecache-base2 yamt-pagecache-base rmind-uvmplock-nbase cherry-xenmp-base rmind-uvmplock-base jym-xensuspend-nbase jym-xensuspend-base
|
#
1.15 |
|
24-May-2011 |
drochner |
branches: 1.15.4; move the "context size" struct member (which is a pure software implementation thing) from the abstract xform descriptor to the cryptosoft implementation part -- for sanity, and now clients of opencrypto don't depend on headers of cipher implementations anymore
|
Revision tags: bouyer-quota2-nbase
|
#
1.14 |
|
19-Feb-2011 |
jmcneill |
modularize VIA PadLock support - retire options VIA_PADLOCK, replace with 'padlock0 at cpu0' - driver supports attach & detach - support building as a module
|
Revision tags: uebayasi-xip-base7 bouyer-quota2-base jruoho-x86intr-base matt-mips64-premerge-20101231 uebayasi-xip-base6 uebayasi-xip-base5 uebayasi-xip-base4 uebayasi-xip-base3 yamt-nfs-mp-base11 uebayasi-xip-base2 yamt-nfs-mp-base10 uebayasi-xip-base1
|
#
1.13 |
|
22-Apr-2010 |
jym |
branches: 1.13.2; 1.13.4; Uses cpu_feature, so include <machine/cpuvar.h>
|
#
1.12 |
|
18-Apr-2010 |
jym |
This patch fixes the NX regression issue observed on amd64 kernels, where per-page execution right was disabled (therefore leading to the inability of the kernel to detect fraudulent use of memory mappings marked as not being executable).
- replace cpu_feature and ci_feature_flags variables by cpu_feature and ci_feat_val arrays. This makes it cleaner and brings kernel code closer to the design of cpuctl(8). A warning will be raised for each CPU that does not expose the same features as the Boot Processor (BP).
- the blacklist of CPU features is now a macro defined in the specialreg.h header, instead of hardcoding it inside MD initialization code; fix comments.
- replace checks against CPUID_TSC with the cpu_hascounter() function.
- clean up the code in init_x86_64(), as cpu_feature variables are set inside cpu_probe().
- use cpu_init_msrs() for i386. It will be eventually used later for NX feature under i386 PAE kernels.
- remove code that checks for CPUID_NOX in amd64 mptramp.S, this is already performed by cpu_hatch() through cpu_init_msrs().
- remove cpu_signature and feature_flags members from struct mpbios_proc (they were never used).
This patch was tested with i386 MONOLITHIC, XEN3PAE_DOM0 and XEN3_DOM0 under a native i386 host, and amd64 GENERIC, XEN3_DOM0 via QEMU virtual machines.
XXX Should kernel rev be bumped?
XXX A similar patch should be pulled-up for NetBSD-5, hopefully tomorrow.
|
Revision tags: yamt-nfs-mp-base9 uebayasi-xip-base matt-premerge-20091211 yamt-nfs-mp-base8 yamt-nfs-mp-base7 jymxensuspend-base yamt-nfs-mp-base6 yamt-nfs-mp-base5 yamt-nfs-mp-base4 yamt-nfs-mp-base3 nick-hppapmap-base4 nick-hppapmap-base3 nick-hppapmap-base
|
#
1.11 |
|
01-Apr-2009 |
tls |
branches: 1.11.2; 1.11.4; Fix probe for VIA C3 and successors -- these are CPU family 6, not 5. The broken probe was causing the VIA padlock driver to never attach! Now we can see that its AES appears to be broken -- it makes FAST_IPSEC ESP not work, on systems where it works fine with cryptosoft.
Rework code to detect and (if necessary) enable VIA crypto and RNG. Add RNG support to VIA padlock driver. In the process, have a quick go at debugging the AES support but no luck thus far.
|
Revision tags: nick-hppapmap-base2 mjf-devfs2-base
|
#
1.10 |
|
17-Dec-2008 |
cegger |
branches: 1.10.2; kill MALLOC and FREE macros.
|
Revision tags: matt-nb5-mips64-premerge-20101231 matt-nb5-mips64-k15 netbsd-5-1-RC1 netbsd-5-0-2-RELEASE matt-nb5-mips64-premerge-20091211 matt-nb5-mips64-u2-k2-k4-k7-k8-k9 matt-nb4-mips64-k7-u2a-k9b matt-nb5-mips64-u1-k1-k5 netbsd-5-0-1-RELEASE netbsd-5-0-RELEASE netbsd-5-0-RC4 netbsd-5-0-RC3 netbsd-5-0-RC2 netbsd-5-0-RC1 haad-dm-base2 haad-nbase2 ad-audiomp2-base netbsd-5-base matt-mips64-base2 haad-dm-base1 wrstuden-revivesa-base-4 wrstuden-revivesa-base-3 wrstuden-revivesa-base-2 haad-dm-base wrstuden-revivesa-base-1 simonb-wapbl-nbase yamt-pf42-base4 simonb-wapbl-base yamt-pf42-base3 hpcarm-cleanup-nbase yamt-pf42-baseX yamt-pf42-base2 yamt-pf42-X yamt-nfs-mp-base2 wrstuden-revivesa-base yamt-nfs-mp-base yamt-pf42-base
|
#
1.9 |
|
16-Apr-2008 |
cegger |
branches: 1.9.4; 1.9.12; 1.9.14; 1.9.20; - use aprint_*_dev and device_xname - use POSIX integer types
|
Revision tags: ad-socklock-base1 yamt-lazymbuf-base15 yamt-lazymbuf-base14 keiichi-mipv6-nbase nick-net80211-sync-base keiichi-mipv6-base matt-armv6-nbase mjf-devfs-base hpcarm-cleanup-base
|
#
1.8 |
|
02-Feb-2008 |
tls |
branches: 1.8.6; From Darran Hunt at Coyote Point: don't truncate HMAC to 96 bits unless actually asked to.
Fixed in FreeBSD a while ago, discussed on tech-kern and tech-crypto.
|
Revision tags: bouyer-xeni386-nbase bouyer-xeni386-base matt-armv6-base
|
#
1.7 |
|
04-Jan-2008 |
ad |
Start detangling lock.h from intr.h. This is likely to cause short term breakage, but the mess of dependencies has been regularly breaking the build recently anyhow.
|
Revision tags: vmlocking2-base3 yamt-kmem-base3 cube-autoconf-base yamt-kmem-base2 yamt-kmem-base vmlocking2-base2 reinoud-bufcleanup-nbase vmlocking2-base1 jmcneill-base bouyer-xenamd64-base2 vmlocking-nbase yamt-x86pmap-base4 bouyer-xenamd64-base jmcneill-pm-base reinoud-bufcleanup-base
|
#
1.6 |
|
17-Oct-2007 |
garbled |
branches: 1.6.2; 1.6.8; Merge the ppcoea-renovation branch to HEAD.
This branch was a major cleanup and rototill of many of the various OEA cpu based PPC ports that focused on sharing as much code as possible between the various ports to eliminate near-identical copies of files in every tree. Additionally there is a new PIC system that unifies the interface to interrupt code for all different OEA ppc arches. The work for this branch was done by a variety of people, too long to list here.
TODO: bebox still needs work to complete the transition to -renovation. ofppc still needs a bunch of work, which I will be looking at. ev64260 still needs to be renovated amigappc was not attempted.
NOTES: pmppc was removed as an arch, and moved to a evbppc target.
|
Revision tags: nick-csl-alignment-base5 yamt-x86pmap-base3 yamt-x86pmap-base2 yamt-x86pmap-base nick-csl-alignment-base matt-mips64-base ppcoea-renovation-base mjf-ufs-trans-base vmlocking-base
|
#
1.5 |
|
03-Jul-2007 |
christos |
branches: 1.5.10; Support for VIA Esther (From FreeBSD)
|
Revision tags: yamt-idlelwp-base8 thorpej-atomic-base
|
#
1.4 |
|
21-Mar-2007 |
xtraeme |
branches: 1.4.4; Add missing $ in the RCS ID.
|
#
1.3 |
|
11-Mar-2007 |
christos |
branches: 1.3.2; 1.3.4; more caddr_t lossage
|
#
1.2 |
|
04-Mar-2007 |
christos |
branches: 1.2.2; Kill caddr_t; there will be some MI fallout, but it will be fixed shortly.
|
Revision tags: ad-audiomp-base
|
#
1.1 |
|
17-Feb-2007 |
daniel |
branches: 1.1.2; 1.1.4; Add an opencrypto provider for the AES xcrypt instructions found on VIA C5P and later cores (also known as 'ACE', which is part of the VIA PadLock security engine). Ported from OpenBSD.
Reviewed on tech-crypto and port-i386, no objections to commiting this.
|
Revision tags: isaki-audio2-base pgoyette-compat-20190127 pgoyette-compat-20190118 pgoyette-compat-1226 pgoyette-compat-1126 pgoyette-compat-1020 pgoyette-compat-0930 pgoyette-compat-0906 pgoyette-compat-0728
|
#
1.26 |
|
14-Jul-2018 |
maxv |
Add splhigh() around the FPU code, we don't want to be preempted in the middle, this could corrupt the FPU state and trigger undefined behavior.
Intentionally use splhigh and not kpreempt_disable, to match the generic x86 FPU code.
Compile-tested only (I don't have VIA).
Found by Maya almost a year ago.
|
Revision tags: netbsd-8-0-RELEASE phil-wifi-base pgoyette-compat-0625 netbsd-8-0-RC2 pgoyette-compat-0521 pgoyette-compat-0502 pgoyette-compat-0422 netbsd-8-0-RC1 pgoyette-compat-0415 pgoyette-compat-0407 pgoyette-compat-0330 pgoyette-compat-0322 pgoyette-compat-0315 pgoyette-compat-base tls-maxphys-base-20171202 matt-nb8-mediatek-base nick-nhusb-base-20170825 perseant-stdc-iso10646-base netbsd-8-base prg-localcount2-base3 prg-localcount2-base2 prg-localcount2-base1 prg-localcount2-base pgoyette-localcount-20170426 bouyer-socketcan-base1 jdolecek-ncq-base pgoyette-localcount-20170320 nick-nhusb-base-20170204 bouyer-socketcan-base pgoyette-localcount-20170107 nick-nhusb-base-20161204 pgoyette-localcount-20161104 nick-nhusb-base-20161004 localcount-20160914 pgoyette-localcount-20160806 pgoyette-localcount-20160726 pgoyette-localcount-base nick-nhusb-base-20160907 nick-nhusb-base-20160529 nick-nhusb-base-20160422 nick-nhusb-base-20160319
|
#
1.25 |
|
27-Feb-2016 |
tls |
branches: 1.25.16; Remove callout-based RNG support in VIA crypto driver; add VIA RNG backend for cpu_rng.
|
Revision tags: nick-nhusb-base-20151226 nick-nhusb-base-20150921 nick-nhusb-base-20150606
|
#
1.24 |
|
13-Apr-2015 |
riastradh |
Convert arch/x86 to use <sys/rnd*.h>. Omit needless includes.
|
Revision tags: nick-nhusb-base-20150406 nick-nhusb-base
|
#
1.23 |
|
16-Nov-2014 |
ozaki-r |
branches: 1.23.2; Replace callout_stop with callout_halt
In order to call callout_destroy for a callout safely, we have to ensure the function of the callout is not running and pending. To do so, we should use callout_halt, not callout_stop.
Discussed with martin@ and riastradh@.
|
Revision tags: netbsd-7-base tls-maxphys-base
|
#
1.22 |
|
10-Aug-2014 |
tls |
branches: 1.22.2; Merge tls-earlyentropy branch into HEAD.
|
Revision tags: netbsd-6-0-6-RELEASE netbsd-6-1-5-RELEASE yamt-pagecache-base9 netbsd-6-1-4-RELEASE netbsd-6-0-5-RELEASE tls-earlyentropy-base riastradh-xf86-video-intel-2-7-1-pre-2-21-15 riastradh-drm2-base3 netbsd-6-1-3-RELEASE netbsd-6-0-4-RELEASE netbsd-6-1-2-RELEASE netbsd-6-0-3-RELEASE rmind-smpnet-nbase netbsd-6-1-1-RELEASE riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base rmind-smpnet-base netbsd-6-0-2-RELEASE netbsd-6-1-RELEASE netbsd-6-1-RC4 netbsd-6-1-RC3 agc-symver-base netbsd-6-1-RC2 netbsd-6-1-RC1 yamt-pagecache-base8 netbsd-6-0-1-RELEASE yamt-pagecache-base7 matt-nb6-plus-nbase yamt-pagecache-base6 netbsd-6-0-RELEASE netbsd-6-0-RC2 matt-nb6-plus-base netbsd-6-0-RC1 jmcneill-usbmp-base10 yamt-pagecache-base5 jmcneill-usbmp-base9 yamt-pagecache-base4 jmcneill-usbmp-base8 jmcneill-usbmp-base7 jmcneill-usbmp-base6 jmcneill-usbmp-base5 jmcneill-usbmp-base4 jmcneill-usbmp-base3 jmcneill-usbmp-base2 netbsd-6-base
|
#
1.21 |
|
02-Feb-2012 |
tls |
branches: 1.21.2; 1.21.6; 1.21.20; Entropy-pool implementation move and cleanup.
1) Move core entropy-pool code and source/sink/sample management code to sys/kern from sys/dev.
2) Remove use of NRND as test for presence of entropy-pool code throughout source tree.
3) Remove use of RND_ENABLED in device drivers as microoptimization to avoid expensive operations on disabled entropy sources; make the rnd_add calls do this directly so all callers benefit.
4) Fix bug in recent rnd_add_data()/rnd_add_uint32() changes that might have lead to slight entropy overestimation for some sources.
5) Add new source types for environmental sensors, power sensors, VM system events, and skew between clocks, with a sample implementation for each.
ok releng to go in before the branch due to the difficulty of later pullup (widespread #ifdef removal and moved files). Tested with release builds on amd64 and evbarm and live testing on amd64.
|
#
1.20 |
|
17-Jan-2012 |
jakllsch |
In addition to %[er]ax, rep xstore-rng also clobbers %[er]cx and %[er]di. As such, mark them as outputs, as is done in the VIA Padlock example code. Additionally, let's assume that VIAC3_RNG_BUFSIZ is in bytes and not DWords. Furthermore assume that there are not 1 but NBBY bits of entropy per byte.
Fixes PR kern/45847 for me.
|
#
1.19 |
|
17-Jan-2012 |
jakllsch |
leading whitespace too!
|
#
1.18 |
|
17-Jan-2012 |
jakllsch |
drop trailing whitespace
|
Revision tags: jmcneill-usbmp-pre-base2 jmcneill-usbmp-base
|
#
1.17 |
|
28-Nov-2011 |
tls |
branches: 1.17.2; Fix one last dangling use of arc4randbytes().
|
#
1.16 |
|
19-Nov-2011 |
tls |
First step of random number subsystem rework described in <20111022023242.BA26F14A158@mail.netbsd.org>. This change includes the following:
An initial cleanup and minor reorganization of the entropy pool code in sys/dev/rnd.c and sys/dev/rndpool.c. Several bugs are fixed. Some effort is made to accumulate entropy more quickly at boot time.
A generic interface, "rndsink", is added, for stream generators to request that they be re-keyed with good quality entropy from the pool as soon as it is available.
The arc4random()/arc4randbytes() implementation in libkern is adjusted to use the rndsink interface for rekeying, which helps address the problem of low-quality keys at boot time.
An implementation of the FIPS 140-2 statistical tests for random number generator quality is provided (libkern/rngtest.c). This is based on Greg Rose's implementation from Qualcomm.
A new random stream generator, nist_ctr_drbg, is provided. It is based on an implementation of the NIST SP800-90 CTR_DRBG by Henric Jungheim. This generator users AES in a modified counter mode to generate a backtracking-resistant random stream.
An abstraction layer, "cprng", is provided for in-kernel consumers of randomness. The arc4random/arc4randbytes API is deprecated for in-kernel use. It is replaced by "cprng_strong". The current cprng_fast implementation wraps the existing arc4random implementation. The current cprng_strong implementation wraps the new CTR_DRBG implementation. Both interfaces are rekeyed from the entropy pool automatically at intervals justifiable from best current cryptographic practice.
In some quick tests, cprng_fast() is about the same speed as the old arc4randbytes(), and cprng_strong() is about 20% faster than rnd_extract_data(). Performance is expected to improve.
The AES code in src/crypto/rijndael is no longer an optional kernel component, as it is required by cprng_strong, which is not an optional kernel component.
The entropy pool output is subjected to the rngtest tests at startup time; if it fails, the system will reboot. There is approximately a 3/10000 chance of a false positive from these tests. Entropy pool _input_ from hardware random numbers is subjected to the rngtest tests at attach time, as well as the FIPS continuous-output test, to detect bad or stuck hardware RNGs; if any are detected, they are detached, but the system continues to run.
A problem with rndctl(8) is fixed -- datastructures with pointers in arrays are no longer passed to userspace (this was not a security problem, but rather a major issue for compat32). A new kernel will require a new rndctl.
The sysctl kern.arandom() and kern.urandom() nodes are hooked up to the new generators, but the /dev/*random pseudodevices are not, yet.
Manual pages for the new kernel interfaces are forthcoming.
|
Revision tags: jmcneill-audiomp3-base yamt-pagecache-base3 yamt-pagecache-base2 yamt-pagecache-base rmind-uvmplock-nbase cherry-xenmp-base rmind-uvmplock-base jym-xensuspend-nbase jym-xensuspend-base
|
#
1.15 |
|
24-May-2011 |
drochner |
branches: 1.15.4; move the "context size" struct member (which is a pure software implementation thing) from the abstract xform descriptor to the cryptosoft implementation part -- for sanity, and now clients of opencrypto don't depend on headers of cipher implementations anymore
|
Revision tags: bouyer-quota2-nbase
|
#
1.14 |
|
19-Feb-2011 |
jmcneill |
modularize VIA PadLock support - retire options VIA_PADLOCK, replace with 'padlock0 at cpu0' - driver supports attach & detach - support building as a module
|
Revision tags: uebayasi-xip-base7 bouyer-quota2-base jruoho-x86intr-base matt-mips64-premerge-20101231 uebayasi-xip-base6 uebayasi-xip-base5 uebayasi-xip-base4 uebayasi-xip-base3 yamt-nfs-mp-base11 uebayasi-xip-base2 yamt-nfs-mp-base10 uebayasi-xip-base1
|
#
1.13 |
|
22-Apr-2010 |
jym |
branches: 1.13.2; 1.13.4; Uses cpu_feature, so include <machine/cpuvar.h>
|
#
1.12 |
|
18-Apr-2010 |
jym |
This patch fixes the NX regression issue observed on amd64 kernels, where per-page execution right was disabled (therefore leading to the inability of the kernel to detect fraudulent use of memory mappings marked as not being executable).
- replace cpu_feature and ci_feature_flags variables by cpu_feature and ci_feat_val arrays. This makes it cleaner and brings kernel code closer to the design of cpuctl(8). A warning will be raised for each CPU that does not expose the same features as the Boot Processor (BP).
- the blacklist of CPU features is now a macro defined in the specialreg.h header, instead of hardcoding it inside MD initialization code; fix comments.
- replace checks against CPUID_TSC with the cpu_hascounter() function.
- clean up the code in init_x86_64(), as cpu_feature variables are set inside cpu_probe().
- use cpu_init_msrs() for i386. It will be eventually used later for NX feature under i386 PAE kernels.
- remove code that checks for CPUID_NOX in amd64 mptramp.S, this is already performed by cpu_hatch() through cpu_init_msrs().
- remove cpu_signature and feature_flags members from struct mpbios_proc (they were never used).
This patch was tested with i386 MONOLITHIC, XEN3PAE_DOM0 and XEN3_DOM0 under a native i386 host, and amd64 GENERIC, XEN3_DOM0 via QEMU virtual machines.
XXX Should kernel rev be bumped?
XXX A similar patch should be pulled-up for NetBSD-5, hopefully tomorrow.
|
Revision tags: yamt-nfs-mp-base9 uebayasi-xip-base matt-premerge-20091211 yamt-nfs-mp-base8 yamt-nfs-mp-base7 jymxensuspend-base yamt-nfs-mp-base6 yamt-nfs-mp-base5 yamt-nfs-mp-base4 yamt-nfs-mp-base3 nick-hppapmap-base4 nick-hppapmap-base3 nick-hppapmap-base
|
#
1.11 |
|
01-Apr-2009 |
tls |
branches: 1.11.2; 1.11.4; Fix probe for VIA C3 and successors -- these are CPU family 6, not 5. The broken probe was causing the VIA padlock driver to never attach! Now we can see that its AES appears to be broken -- it makes FAST_IPSEC ESP not work, on systems where it works fine with cryptosoft.
Rework code to detect and (if necessary) enable VIA crypto and RNG. Add RNG support to VIA padlock driver. In the process, have a quick go at debugging the AES support but no luck thus far.
|
Revision tags: nick-hppapmap-base2 mjf-devfs2-base
|
#
1.10 |
|
17-Dec-2008 |
cegger |
branches: 1.10.2; kill MALLOC and FREE macros.
|
Revision tags: matt-nb5-mips64-premerge-20101231 matt-nb5-mips64-k15 netbsd-5-1-RC1 netbsd-5-0-2-RELEASE matt-nb5-mips64-premerge-20091211 matt-nb5-mips64-u2-k2-k4-k7-k8-k9 matt-nb4-mips64-k7-u2a-k9b matt-nb5-mips64-u1-k1-k5 netbsd-5-0-1-RELEASE netbsd-5-0-RELEASE netbsd-5-0-RC4 netbsd-5-0-RC3 netbsd-5-0-RC2 netbsd-5-0-RC1 haad-dm-base2 haad-nbase2 ad-audiomp2-base netbsd-5-base matt-mips64-base2 haad-dm-base1 wrstuden-revivesa-base-4 wrstuden-revivesa-base-3 wrstuden-revivesa-base-2 haad-dm-base wrstuden-revivesa-base-1 simonb-wapbl-nbase yamt-pf42-base4 simonb-wapbl-base yamt-pf42-base3 hpcarm-cleanup-nbase yamt-pf42-baseX yamt-pf42-base2 yamt-pf42-X yamt-nfs-mp-base2 wrstuden-revivesa-base yamt-nfs-mp-base yamt-pf42-base
|
#
1.9 |
|
16-Apr-2008 |
cegger |
branches: 1.9.4; 1.9.12; 1.9.14; 1.9.20; - use aprint_*_dev and device_xname - use POSIX integer types
|
Revision tags: ad-socklock-base1 yamt-lazymbuf-base15 yamt-lazymbuf-base14 keiichi-mipv6-nbase nick-net80211-sync-base keiichi-mipv6-base matt-armv6-nbase mjf-devfs-base hpcarm-cleanup-base
|
#
1.8 |
|
02-Feb-2008 |
tls |
branches: 1.8.6; From Darran Hunt at Coyote Point: don't truncate HMAC to 96 bits unless actually asked to.
Fixed in FreeBSD a while ago, discussed on tech-kern and tech-crypto.
|
Revision tags: bouyer-xeni386-nbase bouyer-xeni386-base matt-armv6-base
|
#
1.7 |
|
04-Jan-2008 |
ad |
Start detangling lock.h from intr.h. This is likely to cause short term breakage, but the mess of dependencies has been regularly breaking the build recently anyhow.
|
Revision tags: vmlocking2-base3 yamt-kmem-base3 cube-autoconf-base yamt-kmem-base2 yamt-kmem-base vmlocking2-base2 reinoud-bufcleanup-nbase vmlocking2-base1 jmcneill-base bouyer-xenamd64-base2 vmlocking-nbase yamt-x86pmap-base4 bouyer-xenamd64-base jmcneill-pm-base reinoud-bufcleanup-base
|
#
1.6 |
|
17-Oct-2007 |
garbled |
branches: 1.6.2; 1.6.8; Merge the ppcoea-renovation branch to HEAD.
This branch was a major cleanup and rototill of many of the various OEA cpu based PPC ports that focused on sharing as much code as possible between the various ports to eliminate near-identical copies of files in every tree. Additionally there is a new PIC system that unifies the interface to interrupt code for all different OEA ppc arches. The work for this branch was done by a variety of people, too long to list here.
TODO: bebox still needs work to complete the transition to -renovation. ofppc still needs a bunch of work, which I will be looking at. ev64260 still needs to be renovated amigappc was not attempted.
NOTES: pmppc was removed as an arch, and moved to a evbppc target.
|
Revision tags: nick-csl-alignment-base5 yamt-x86pmap-base3 yamt-x86pmap-base2 yamt-x86pmap-base nick-csl-alignment-base matt-mips64-base ppcoea-renovation-base mjf-ufs-trans-base vmlocking-base
|
#
1.5 |
|
03-Jul-2007 |
christos |
branches: 1.5.10; Support for VIA Esther (From FreeBSD)
|
Revision tags: yamt-idlelwp-base8 thorpej-atomic-base
|
#
1.4 |
|
21-Mar-2007 |
xtraeme |
branches: 1.4.4; Add missing $ in the RCS ID.
|
#
1.3 |
|
11-Mar-2007 |
christos |
branches: 1.3.2; 1.3.4; more caddr_t lossage
|
#
1.2 |
|
04-Mar-2007 |
christos |
branches: 1.2.2; Kill caddr_t; there will be some MI fallout, but it will be fixed shortly.
|
Revision tags: ad-audiomp-base
|
#
1.1 |
|
17-Feb-2007 |
daniel |
branches: 1.1.2; 1.1.4; Add an opencrypto provider for the AES xcrypt instructions found on VIA C5P and later cores (also known as 'ACE', which is part of the VIA PadLock security engine). Ported from OpenBSD.
Reviewed on tech-crypto and port-i386, no objections to commiting this.
|
Revision tags: nick-nhusb-base-20161204 pgoyette-localcount-20161104 nick-nhusb-base-20161004 localcount-20160914 pgoyette-localcount-20160806 pgoyette-localcount-20160726 pgoyette-localcount-base nick-nhusb-base-20160907 nick-nhusb-base-20160529 nick-nhusb-base-20160422 nick-nhusb-base-20160319
|
#
1.25 |
|
27-Feb-2016 |
tls |
Remove callout-based RNG support in VIA crypto driver; add VIA RNG backend for cpu_rng.
|
Revision tags: nick-nhusb-base-20151226 nick-nhusb-base-20150921 nick-nhusb-base-20150606
|
#
1.24 |
|
13-Apr-2015 |
riastradh |
Convert arch/x86 to use <sys/rnd*.h>. Omit needless includes.
|
Revision tags: nick-nhusb-base-20150406 nick-nhusb-base
|
#
1.23 |
|
16-Nov-2014 |
ozaki-r |
branches: 1.23.2; Replace callout_stop with callout_halt
In order to call callout_destroy for a callout safely, we have to ensure the function of the callout is not running and pending. To do so, we should use callout_halt, not callout_stop.
Discussed with martin@ and riastradh@.
|
Revision tags: netbsd-7-base tls-maxphys-base
|
#
1.22 |
|
10-Aug-2014 |
tls |
branches: 1.22.2; Merge tls-earlyentropy branch into HEAD.
|
Revision tags: netbsd-6-0-6-RELEASE netbsd-6-1-5-RELEASE yamt-pagecache-base9 netbsd-6-1-4-RELEASE netbsd-6-0-5-RELEASE tls-earlyentropy-base riastradh-xf86-video-intel-2-7-1-pre-2-21-15 riastradh-drm2-base3 netbsd-6-1-3-RELEASE netbsd-6-0-4-RELEASE netbsd-6-1-2-RELEASE netbsd-6-0-3-RELEASE rmind-smpnet-nbase netbsd-6-1-1-RELEASE riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base rmind-smpnet-base netbsd-6-0-2-RELEASE netbsd-6-1-RELEASE netbsd-6-1-RC4 netbsd-6-1-RC3 agc-symver-base netbsd-6-1-RC2 netbsd-6-1-RC1 yamt-pagecache-base8 netbsd-6-0-1-RELEASE yamt-pagecache-base7 matt-nb6-plus-nbase yamt-pagecache-base6 netbsd-6-0-RELEASE netbsd-6-0-RC2 matt-nb6-plus-base netbsd-6-0-RC1 jmcneill-usbmp-base10 yamt-pagecache-base5 jmcneill-usbmp-base9 yamt-pagecache-base4 jmcneill-usbmp-base8 jmcneill-usbmp-base7 jmcneill-usbmp-base6 jmcneill-usbmp-base5 jmcneill-usbmp-base4 jmcneill-usbmp-base3 jmcneill-usbmp-base2 netbsd-6-base
|
#
1.21 |
|
02-Feb-2012 |
tls |
branches: 1.21.2; 1.21.6; 1.21.20; Entropy-pool implementation move and cleanup.
1) Move core entropy-pool code and source/sink/sample management code to sys/kern from sys/dev.
2) Remove use of NRND as test for presence of entropy-pool code throughout source tree.
3) Remove use of RND_ENABLED in device drivers as microoptimization to avoid expensive operations on disabled entropy sources; make the rnd_add calls do this directly so all callers benefit.
4) Fix bug in recent rnd_add_data()/rnd_add_uint32() changes that might have lead to slight entropy overestimation for some sources.
5) Add new source types for environmental sensors, power sensors, VM system events, and skew between clocks, with a sample implementation for each.
ok releng to go in before the branch due to the difficulty of later pullup (widespread #ifdef removal and moved files). Tested with release builds on amd64 and evbarm and live testing on amd64.
|
#
1.20 |
|
17-Jan-2012 |
jakllsch |
In addition to %[er]ax, rep xstore-rng also clobbers %[er]cx and %[er]di. As such, mark them as outputs, as is done in the VIA Padlock example code. Additionally, let's assume that VIAC3_RNG_BUFSIZ is in bytes and not DWords. Furthermore assume that there are not 1 but NBBY bits of entropy per byte.
Fixes PR kern/45847 for me.
|
#
1.19 |
|
17-Jan-2012 |
jakllsch |
leading whitespace too!
|
#
1.18 |
|
17-Jan-2012 |
jakllsch |
drop trailing whitespace
|
Revision tags: jmcneill-usbmp-pre-base2 jmcneill-usbmp-base
|
#
1.17 |
|
28-Nov-2011 |
tls |
branches: 1.17.2; Fix one last dangling use of arc4randbytes().
|
#
1.16 |
|
19-Nov-2011 |
tls |
First step of random number subsystem rework described in <20111022023242.BA26F14A158@mail.netbsd.org>. This change includes the following:
An initial cleanup and minor reorganization of the entropy pool code in sys/dev/rnd.c and sys/dev/rndpool.c. Several bugs are fixed. Some effort is made to accumulate entropy more quickly at boot time.
A generic interface, "rndsink", is added, for stream generators to request that they be re-keyed with good quality entropy from the pool as soon as it is available.
The arc4random()/arc4randbytes() implementation in libkern is adjusted to use the rndsink interface for rekeying, which helps address the problem of low-quality keys at boot time.
An implementation of the FIPS 140-2 statistical tests for random number generator quality is provided (libkern/rngtest.c). This is based on Greg Rose's implementation from Qualcomm.
A new random stream generator, nist_ctr_drbg, is provided. It is based on an implementation of the NIST SP800-90 CTR_DRBG by Henric Jungheim. This generator users AES in a modified counter mode to generate a backtracking-resistant random stream.
An abstraction layer, "cprng", is provided for in-kernel consumers of randomness. The arc4random/arc4randbytes API is deprecated for in-kernel use. It is replaced by "cprng_strong". The current cprng_fast implementation wraps the existing arc4random implementation. The current cprng_strong implementation wraps the new CTR_DRBG implementation. Both interfaces are rekeyed from the entropy pool automatically at intervals justifiable from best current cryptographic practice.
In some quick tests, cprng_fast() is about the same speed as the old arc4randbytes(), and cprng_strong() is about 20% faster than rnd_extract_data(). Performance is expected to improve.
The AES code in src/crypto/rijndael is no longer an optional kernel component, as it is required by cprng_strong, which is not an optional kernel component.
The entropy pool output is subjected to the rngtest tests at startup time; if it fails, the system will reboot. There is approximately a 3/10000 chance of a false positive from these tests. Entropy pool _input_ from hardware random numbers is subjected to the rngtest tests at attach time, as well as the FIPS continuous-output test, to detect bad or stuck hardware RNGs; if any are detected, they are detached, but the system continues to run.
A problem with rndctl(8) is fixed -- datastructures with pointers in arrays are no longer passed to userspace (this was not a security problem, but rather a major issue for compat32). A new kernel will require a new rndctl.
The sysctl kern.arandom() and kern.urandom() nodes are hooked up to the new generators, but the /dev/*random pseudodevices are not, yet.
Manual pages for the new kernel interfaces are forthcoming.
|
Revision tags: jmcneill-audiomp3-base yamt-pagecache-base3 yamt-pagecache-base2 yamt-pagecache-base rmind-uvmplock-nbase cherry-xenmp-base rmind-uvmplock-base jym-xensuspend-nbase jym-xensuspend-base
|
#
1.15 |
|
24-May-2011 |
drochner |
branches: 1.15.4; move the "context size" struct member (which is a pure software implementation thing) from the abstract xform descriptor to the cryptosoft implementation part -- for sanity, and now clients of opencrypto don't depend on headers of cipher implementations anymore
|
Revision tags: bouyer-quota2-nbase
|
#
1.14 |
|
19-Feb-2011 |
jmcneill |
modularize VIA PadLock support - retire options VIA_PADLOCK, replace with 'padlock0 at cpu0' - driver supports attach & detach - support building as a module
|
Revision tags: uebayasi-xip-base7 bouyer-quota2-base jruoho-x86intr-base matt-mips64-premerge-20101231 uebayasi-xip-base6 uebayasi-xip-base5 uebayasi-xip-base4 uebayasi-xip-base3 yamt-nfs-mp-base11 uebayasi-xip-base2 yamt-nfs-mp-base10 uebayasi-xip-base1
|
#
1.13 |
|
22-Apr-2010 |
jym |
branches: 1.13.2; 1.13.4; Uses cpu_feature, so include <machine/cpuvar.h>
|
#
1.12 |
|
18-Apr-2010 |
jym |
This patch fixes the NX regression issue observed on amd64 kernels, where per-page execution right was disabled (therefore leading to the inability of the kernel to detect fraudulent use of memory mappings marked as not being executable).
- replace cpu_feature and ci_feature_flags variables by cpu_feature and ci_feat_val arrays. This makes it cleaner and brings kernel code closer to the design of cpuctl(8). A warning will be raised for each CPU that does not expose the same features as the Boot Processor (BP).
- the blacklist of CPU features is now a macro defined in the specialreg.h header, instead of hardcoding it inside MD initialization code; fix comments.
- replace checks against CPUID_TSC with the cpu_hascounter() function.
- clean up the code in init_x86_64(), as cpu_feature variables are set inside cpu_probe().
- use cpu_init_msrs() for i386. It will be eventually used later for NX feature under i386 PAE kernels.
- remove code that checks for CPUID_NOX in amd64 mptramp.S, this is already performed by cpu_hatch() through cpu_init_msrs().
- remove cpu_signature and feature_flags members from struct mpbios_proc (they were never used).
This patch was tested with i386 MONOLITHIC, XEN3PAE_DOM0 and XEN3_DOM0 under a native i386 host, and amd64 GENERIC, XEN3_DOM0 via QEMU virtual machines.
XXX Should kernel rev be bumped?
XXX A similar patch should be pulled-up for NetBSD-5, hopefully tomorrow.
|
Revision tags: yamt-nfs-mp-base9 uebayasi-xip-base matt-premerge-20091211 yamt-nfs-mp-base8 yamt-nfs-mp-base7 jymxensuspend-base yamt-nfs-mp-base6 yamt-nfs-mp-base5 yamt-nfs-mp-base4 yamt-nfs-mp-base3 nick-hppapmap-base4 nick-hppapmap-base3 nick-hppapmap-base
|
#
1.11 |
|
01-Apr-2009 |
tls |
branches: 1.11.2; 1.11.4; Fix probe for VIA C3 and successors -- these are CPU family 6, not 5. The broken probe was causing the VIA padlock driver to never attach! Now we can see that its AES appears to be broken -- it makes FAST_IPSEC ESP not work, on systems where it works fine with cryptosoft.
Rework code to detect and (if necessary) enable VIA crypto and RNG. Add RNG support to VIA padlock driver. In the process, have a quick go at debugging the AES support but no luck thus far.
|
Revision tags: nick-hppapmap-base2 mjf-devfs2-base
|
#
1.10 |
|
17-Dec-2008 |
cegger |
branches: 1.10.2; kill MALLOC and FREE macros.
|
Revision tags: matt-nb5-mips64-premerge-20101231 matt-nb5-mips64-k15 netbsd-5-1-RC1 netbsd-5-0-2-RELEASE matt-nb5-mips64-premerge-20091211 matt-nb5-mips64-u2-k2-k4-k7-k8-k9 matt-nb4-mips64-k7-u2a-k9b matt-nb5-mips64-u1-k1-k5 netbsd-5-0-1-RELEASE netbsd-5-0-RELEASE netbsd-5-0-RC4 netbsd-5-0-RC3 netbsd-5-0-RC2 netbsd-5-0-RC1 haad-dm-base2 haad-nbase2 ad-audiomp2-base netbsd-5-base matt-mips64-base2 haad-dm-base1 wrstuden-revivesa-base-4 wrstuden-revivesa-base-3 wrstuden-revivesa-base-2 haad-dm-base wrstuden-revivesa-base-1 simonb-wapbl-nbase yamt-pf42-base4 simonb-wapbl-base yamt-pf42-base3 hpcarm-cleanup-nbase yamt-pf42-baseX yamt-pf42-base2 yamt-pf42-X yamt-nfs-mp-base2 wrstuden-revivesa-base yamt-nfs-mp-base yamt-pf42-base
|
#
1.9 |
|
16-Apr-2008 |
cegger |
branches: 1.9.4; 1.9.12; 1.9.14; 1.9.20; - use aprint_*_dev and device_xname - use POSIX integer types
|
Revision tags: ad-socklock-base1 yamt-lazymbuf-base15 yamt-lazymbuf-base14 keiichi-mipv6-nbase nick-net80211-sync-base keiichi-mipv6-base matt-armv6-nbase mjf-devfs-base hpcarm-cleanup-base
|
#
1.8 |
|
02-Feb-2008 |
tls |
branches: 1.8.6; From Darran Hunt at Coyote Point: don't truncate HMAC to 96 bits unless actually asked to.
Fixed in FreeBSD a while ago, discussed on tech-kern and tech-crypto.
|
Revision tags: bouyer-xeni386-nbase bouyer-xeni386-base matt-armv6-base
|
#
1.7 |
|
04-Jan-2008 |
ad |
Start detangling lock.h from intr.h. This is likely to cause short term breakage, but the mess of dependencies has been regularly breaking the build recently anyhow.
|
Revision tags: vmlocking2-base3 yamt-kmem-base3 cube-autoconf-base yamt-kmem-base2 yamt-kmem-base vmlocking2-base2 reinoud-bufcleanup-nbase vmlocking2-base1 jmcneill-base bouyer-xenamd64-base2 vmlocking-nbase yamt-x86pmap-base4 bouyer-xenamd64-base jmcneill-pm-base reinoud-bufcleanup-base
|
#
1.6 |
|
17-Oct-2007 |
garbled |
branches: 1.6.2; 1.6.8; Merge the ppcoea-renovation branch to HEAD.
This branch was a major cleanup and rototill of many of the various OEA cpu based PPC ports that focused on sharing as much code as possible between the various ports to eliminate near-identical copies of files in every tree. Additionally there is a new PIC system that unifies the interface to interrupt code for all different OEA ppc arches. The work for this branch was done by a variety of people, too long to list here.
TODO: bebox still needs work to complete the transition to -renovation. ofppc still needs a bunch of work, which I will be looking at. ev64260 still needs to be renovated amigappc was not attempted.
NOTES: pmppc was removed as an arch, and moved to a evbppc target.
|
Revision tags: nick-csl-alignment-base5 yamt-x86pmap-base3 yamt-x86pmap-base2 yamt-x86pmap-base nick-csl-alignment-base matt-mips64-base ppcoea-renovation-base mjf-ufs-trans-base vmlocking-base
|
#
1.5 |
|
03-Jul-2007 |
christos |
branches: 1.5.10; Support for VIA Esther (From FreeBSD)
|
Revision tags: yamt-idlelwp-base8 thorpej-atomic-base
|
#
1.4 |
|
21-Mar-2007 |
xtraeme |
branches: 1.4.4; Add missing $ in the RCS ID.
|
#
1.3 |
|
11-Mar-2007 |
christos |
branches: 1.3.2; 1.3.4; more caddr_t lossage
|
#
1.2 |
|
04-Mar-2007 |
christos |
branches: 1.2.2; Kill caddr_t; there will be some MI fallout, but it will be fixed shortly.
|
Revision tags: ad-audiomp-base
|
#
1.1 |
|
17-Feb-2007 |
daniel |
branches: 1.1.2; 1.1.4; Add an opencrypto provider for the AES xcrypt instructions found on VIA C5P and later cores (also known as 'ACE', which is part of the VIA PadLock security engine). Ported from OpenBSD.
Reviewed on tech-crypto and port-i386, no objections to commiting this.
|