#
1.64 |
|
22-May-2022 |
riastradh |
opencrypto: Make freesession callback return void.
No functional change intended: all drivers already return zero unconditionally.
|
#
1.63 |
|
22-May-2022 |
riastradh |
cryptosoft(4): Prune dead branches. Assert session id validity.
|
#
1.62 |
|
22-May-2022 |
riastradh |
cryptosoft(4): Rip out nonsense to quietly ignore sid=0.
This is no longer necessary because crypto_freesession no longer calls into the driver for session ids that were never allocated in the first place.
|
Revision tags: thorpej-i2c-spi-conf2-base thorpej-futex2-base thorpej-cfargs2-base cjep_sun2x-base1 cjep_sun2x-base cjep_staticlib_x-base1 cjep_staticlib_x-base thorpej-i2c-spi-conf-base thorpej-cfargs-base
|
#
1.61 |
|
06-Apr-2021 |
knakahara |
Fix ATF failures, sorry.
|
#
1.60 |
|
05-Apr-2021 |
knakahara |
refactor: reduce access to swcr_sessions[i] directly
|
#
1.59 |
|
05-Apr-2021 |
knakahara |
refactor: reduce changing swcr_sesnum
|
#
1.58 |
|
05-Apr-2021 |
knakahara |
use kmem_{z,}alloc() instead of malloc()
|
Revision tags: thorpej-futex-base
|
#
1.57 |
|
04-Jul-2020 |
riastradh |
branches: 1.57.4; Fix kmem_free size in recent malloc->kmem conversion.
Should address this bracket report that has my name all over it:
https://mail-index.netbsd.org/current-users/2020/07/04/msg039059.html
|
#
1.56 |
|
29-Jun-2020 |
riastradh |
opencrypto: Switch from legacy rijndael API to new aes API.
While here, apply various rijndael->aes renames, reduce the size of aesxcbc_ctx by 480 bytes, and convert some malloc->kmem.
Leave in the symbol enc_xform_rijndael128 for now, though, so this doesn't break any kernel ABI.
|
#
1.55 |
|
14-Jun-2020 |
riastradh |
swcrypto(4): Simplify iv generation logic with cprng_fast.
|
Revision tags: bouyer-xenpvh-base2 phil-wifi-20200421 bouyer-xenpvh-base1 phil-wifi-20200411 bouyer-xenpvh-base is-mlppp-base phil-wifi-20200406 ad-namecache-base3 ad-namecache-base2 ad-namecache-base1 ad-namecache-base phil-wifi-20191119
|
#
1.54 |
|
12-Oct-2019 |
christos |
add (void *) intermediate casts to elide gcc function cast warnings. This is the simplest solution; choices: - add pragmas, complex and ugly (need to be gcc-specific) - add -Wno to COPTS. Needs to be done in many makefiles because of rump - add intermediate functions: slows down things
|
Revision tags: netbsd-9-2-RELEASE netbsd-9-1-RELEASE netbsd-9-0-RELEASE netbsd-9-0-RC2 netbsd-9-0-RC1 netbsd-9-base
|
#
1.53 |
|
11-Jul-2019 |
christos |
Disable unloading until we keep track of references
|
Revision tags: phil-wifi-20190609 isaki-audio2-base pgoyette-compat-merge-20190127 pgoyette-compat-20190127 pgoyette-compat-20190118 pgoyette-compat-1226 pgoyette-compat-1126 pgoyette-compat-1020 pgoyette-compat-0930 pgoyette-compat-0906 pgoyette-compat-0728 phil-wifi-base pgoyette-compat-0625 pgoyette-compat-0521 pgoyette-compat-0502 pgoyette-compat-0422 pgoyette-compat-0415 pgoyette-compat-0407 pgoyette-compat-0330 pgoyette-compat-0322 pgoyette-compat-0315 pgoyette-compat-base tls-maxphys-base-20171202 nick-nhusb-base-20170825 perseant-stdc-iso10646-base
|
#
1.52 |
|
23-Jun-2017 |
knakahara |
branches: 1.52.6; fix cryptosoft.c:r1.51 mistake. swcrypto_attach() must not be called from module_init_class().
swcrypto_attach() will call softint_establish(), it must be called after cpus attached. module_init_class() is too early to call softint_establish().
|
Revision tags: netbsd-8-base
|
#
1.51 |
|
01-Jun-2017 |
knakahara |
branches: 1.51.2; swcrypto0 was initialized twice. Fix like pseudo network interfaces.
ok by pgoyette@n.o.
|
Revision tags: prg-localcount2-base3
|
#
1.50 |
|
17-May-2017 |
knakahara |
opencrypto: cleanup debug messages.
|
Revision tags: prg-localcount2-base2 prg-localcount2-base1 prg-localcount2-base pgoyette-localcount-20170426 bouyer-socketcan-base1
|
#
1.49 |
|
18-Apr-2017 |
maya |
branches: 1.49.2; Remove duplicate assignment. We assign the same value unconditionally just before.
from clang static analyzer
XXX surrounding code seems fishy
|
#
1.48 |
|
13-Apr-2017 |
ozaki-r |
Fix usage of MD5Final/SHA1Final
Passing NULL as the digest parameter is wrong.
|
Revision tags: jdolecek-ncq-base pgoyette-localcount-20170320 nick-nhusb-base-20170204 bouyer-socketcan-base pgoyette-localcount-20170107 nick-nhusb-base-20161204 pgoyette-localcount-20161104 nick-nhusb-base-20161004 localcount-20160914 pgoyette-localcount-20160806 pgoyette-localcount-20160726 pgoyette-localcount-base nick-nhusb-base-20160907 nick-nhusb-base-20160529 nick-nhusb-base-20160422 nick-nhusb-base-20160319 nick-nhusb-base-20151226 nick-nhusb-base-20150921
|
#
1.47 |
|
20-Aug-2015 |
christos |
branches: 1.47.2; 1.47.4; include "ioconf.h" to get the 'void <driver>attach(int count);' prototype.
|
Revision tags: netbsd-7-2-RELEASE netbsd-7-1-2-RELEASE netbsd-7-1-1-RELEASE netbsd-7-1-RELEASE netbsd-7-1-RC2 netbsd-7-nhusb-base-20170116 netbsd-7-1-RC1 netbsd-7-0-2-RELEASE netbsd-7-nhusb-base netbsd-7-0-1-RELEASE netbsd-7-0-RELEASE netbsd-7-0-RC3 netbsd-7-0-RC2 netbsd-7-0-RC1 nick-nhusb-base-20150606 nick-nhusb-base-20150406 nick-nhusb-base netbsd-7-base tls-earlyentropy-base tls-maxphys-base
|
#
1.46 |
|
02-Jul-2014 |
riastradh |
branches: 1.46.4; If we register with pmf on attach, deregister on detach.
|
#
1.45 |
|
21-Jun-2014 |
christos |
register with pmf.
|
Revision tags: yamt-pagecache-base9 riastradh-xf86-video-intel-2-7-1-pre-2-21-15 riastradh-drm2-base3 rmind-smpnet-nbase rmind-smpnet-base
|
#
1.44 |
|
01-Jan-2014 |
pgoyette |
branches: 1.44.2; Modularize the opencrypto components and link to the build
|
#
1.43 |
|
12-Sep-2013 |
martin |
Remove unused variable
|
Revision tags: riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base
|
#
1.42 |
|
24-Jun-2013 |
riastradh |
branches: 1.42.2; Replace consttime_bcmp/explicit_bzero by consttime_memequal/explicit_memset.
consttime_memequal is the same as the old consttime_bcmp. explicit_memset is to memset as explicit_bzero was to bcmp.
Passes amd64 release and i386/ALL, but I'm sure I missed some spots, so please let me know.
|
Revision tags: agc-symver-base
|
#
1.41 |
|
02-Feb-2013 |
christos |
fix compilation
|
Revision tags: yamt-pagecache-base8 yamt-pagecache-base7 yamt-pagecache-base6
|
#
1.40 |
|
30-Aug-2012 |
drochner |
branches: 1.40.2; Add "consttime_bcmp" and "explicit_bzero" functions for both kernel abd userland, as proposed on tech-security, with explicit_bzero using a volatile function pointer as suggested by Alan Barrett. Both do what the name says. For userland, both are prefixed by "__" to keep them out of the user namespace. Change some memset/memcmp uses to the new functions where it makes sense -- these are just some examples, more to come.
|
Revision tags: netbsd-6-0-6-RELEASE netbsd-6-1-5-RELEASE netbsd-6-1-4-RELEASE netbsd-6-0-5-RELEASE netbsd-6-1-3-RELEASE netbsd-6-0-4-RELEASE netbsd-6-1-2-RELEASE netbsd-6-0-3-RELEASE netbsd-6-1-1-RELEASE netbsd-6-0-2-RELEASE netbsd-6-1-RELEASE netbsd-6-1-RC4 netbsd-6-1-RC3 netbsd-6-1-RC2 netbsd-6-1-RC1 netbsd-6-0-1-RELEASE matt-nb6-plus-nbase netbsd-6-0-RELEASE netbsd-6-0-RC2 matt-nb6-plus-base netbsd-6-0-RC1 jmcneill-usbmp-base10 yamt-pagecache-base5 jmcneill-usbmp-base9 yamt-pagecache-base4 jmcneill-usbmp-base8 jmcneill-usbmp-base7 jmcneill-usbmp-base6 jmcneill-usbmp-base5 jmcneill-usbmp-base4 jmcneill-usbmp-base3 jmcneill-usbmp-pre-base2 jmcneill-usbmp-base2 netbsd-6-base jmcneill-usbmp-base
|
#
1.39 |
|
28-Nov-2011 |
tls |
Remove arc4random() and arc4randbytes() from the kernel API. Replace arc4random() hacks in rump with stubs that call the host arc4random() to get numbers that are hopefully actually random (arc4random() keyed with stack junk is not). This should fix some of the currently failing anita tests -- we should no longer generate duplicate "random" MAC addresses in the test environment.
|
Revision tags: jmcneill-audiomp3-base yamt-pagecache-base3 yamt-pagecache-base2 yamt-pagecache-base rmind-uvmplock-nbase rmind-uvmplock-base
|
#
1.38 |
|
07-Jun-2011 |
drochner |
branches: 1.38.2; use a simple counter as IV for AES-GMAC as suggested in RFC4543
|
Revision tags: cherry-xenmp-base
|
#
1.37 |
|
26-May-2011 |
drochner |
branches: 1.37.2; pull in AES-GCM/GMAC support from OpenBSD This is still somewhat experimental. Tested between 2 similar boxes so far. There is much potential for performance improvement. For now, I've changed the gmac code to accept any data alignment, as the "char *" pointer suggests. As the code is practically used, 32-bit alignment can be assumed, at the cost of data copies. I don't know whether bytewise access or copies are worse performance-wise. For efficient implementations using SSE2 instructions on x86, even stricter alignment requirements might arise.
|
#
1.36 |
|
24-May-2011 |
drochner |
copy AES-XCBC-MAC support from KAME IPSEC to FAST_IPSEC For this to fit, an API change in cryptosoft was adopted from OpenBSD (addition of a "Setkey" method to hashes) which was done for GCM/GMAC support there, so it might be useful in the future anyway. tested against KAME IPSEC AFAICT, FAST_IPSEC now supports as much as KAME.
|
#
1.35 |
|
24-May-2011 |
drochner |
move the "context size" struct member (which is a pure software implementation thing) from the abstract xform descriptor to the cryptosoft implementation part -- for sanity, and now clients of opencrypto don't depend on headers of cipher implementations anymore
|
#
1.34 |
|
24-May-2011 |
drochner |
Change the way the IV is generated for AES-CTR: use a simple counter instead of arc4random(). AES-CTR is sensitive against IV recurrence (with the same key / nonce), and a random number doesn't give that guarantee. This needs a little API change in cryptosoft -- I've suggested it to Open/FreeBSD, might change it depending on feedback. Thanks to Steven Bellovin for hints.
|
#
1.33 |
|
23-May-2011 |
drochner |
add an AES-CTR xform, from OpenBSD
|
#
1.32 |
|
23-May-2011 |
drochner |
-in the descriptor for encryption xforms, split the "blocksize" field into "blocksize" and "IV size" -add an "reinit" function pointer which, if set, means that the xform does its IV handling itself and doesn't want the default CBC handling by the framework (poor name, but left that way to avoid unecessary differences) This syncs with Open/FreeBSD, purpose is to allow non-CBC transforms. Refer to ivsize instead of blocksize where appropriate. (At this point, blocksize and ivsize are identical.)
|
#
1.31 |
|
21-May-2011 |
drochner |
fix a logics bug (which has been here from the beginning) which made that only 96 random bits were used for IV generation, this caused eg that the last 4 bytes of the IV in ESP/AES-CBC were constant, leaking kernel memory affects FAST_IPSEC only
|
#
1.30 |
|
05-May-2011 |
drochner |
support camellia-cbc by swcrypt
|
Revision tags: bouyer-quota2-nbase
|
#
1.29 |
|
25-Feb-2011 |
drochner |
make the use of SHA2-HMAC by FAST_IPSEC compliant to current standards: -RFC2104 says that the block size of the hash algorithm must be used for key/ipad/opad calculations. While formerly all ciphers used a block length of 64, SHA384 and SHA512 use 128 bytes. So we can't use the HMAC_BLOCK_LEN constant anymore. Add a new field to "struct auth_hash" for the per-cipher blocksize. -Due to this, there can't be a single "CRYPTO_SHA2_HMAC" external name anymore. Replace this by 3 for the 3 different keysizes. This was done by Open/FreeBSD before. -Also fix the number of authenticator bits used tor ESP and AH to conform to RFC4868, and remove uses of AH_HMAC_HASHLEN which did assume a fixed authenticator size of 12 bytes.
FAST_IPSEC will not interoperate with KAME IPSEC anymore if sha2 is used, because the latter doesn't implement these standards. It should interoperate with at least modern Free/OpenBSD now. (I've only tested with NetBSD-current/FAST_IPSEC on both ends.)
|
#
1.28 |
|
24-Feb-2011 |
drochner |
small modifications in dealing with the unknown result size of compression/ decompression: -seperate the IPCOMP specific rule that compression must not grow the data from general compression semantics: Introduce a special name CRYPTO_DEFLATE_COMP_NOGROW/comp_algo_deflate_nogrow to describe the IPCOMP semantics and use it there. (being here, fix the check so that equal size is considered failure as well as required by RFC2393) Customers of CRYPTO_DEFLATE_COMP/comp_algo_deflate now always get deflated data back, even if they are not smaller than the original. -allow to pass a "size hint" to the DEFLATE decompression function which is used for the initial buffer allocation. Due to the changes done there, additional allocations and extra copies are avoided if the initial allocation is sufficient. Set the size hint to MCLBYTES (=2k) in IPCOMP which should be good for many use cases.
|
Revision tags: bouyer-quota2-base
|
#
1.27 |
|
10-Feb-2011 |
drochner |
Don't store temporary values in the opencrypto session data struct which can be shared by multiple threads -- pass them on the stack instead. Add some "const" to document this. (One _could_ use the session struct for temporary stuff with proper locking, but it seems unnecessary here.) Also remove the unused SW_crc member in the session struct. From Wolfgang Stukenbrock per PR kern/44472.
|
Revision tags: jruoho-x86intr-base matt-mips64-premerge-20101231 uebayasi-xip-base4 uebayasi-xip-base3 yamt-nfs-mp-base11 uebayasi-xip-base2 yamt-nfs-mp-base10
|
#
1.26 |
|
02-Aug-2010 |
jakllsch |
branches: 1.26.2; 1.26.4; Consistently use a single CRYPTO_SESID2HID-like macro. Improve CRYPTO_DEBUG printing a bit: print pointers with %p print unsigned with %u rather than %d use CRYPTO_SESID2LID instead of just casting to uint32_t
|
Revision tags: uebayasi-xip-base1 yamt-nfs-mp-base9 uebayasi-xip-base matt-premerge-20091211 yamt-nfs-mp-base8 yamt-nfs-mp-base7 jymxensuspend-base yamt-nfs-mp-base6 yamt-nfs-mp-base5 yamt-nfs-mp-base4 jym-xensuspend-nbase yamt-nfs-mp-base3 nick-hppapmap-base4 nick-hppapmap-base3 jym-xensuspend-base nick-hppapmap-base
|
#
1.25 |
|
18-Apr-2009 |
tsutsui |
branches: 1.25.2; 1.25.4; Remove extra whitespace added by a stupid tool. XXX: more in src/sys/arch
|
#
1.24 |
|
25-Mar-2009 |
darran |
Fixes PR kern/41069 and PR kern/41070.
Extends the Opencrypto API to allow the destination buffer size to be specified when its not the same size as the input buffer (i.e. for operations like compress and decompress). The crypto_op and crypt_n_op structures gain a u_int dst_len field. The session_op structure gains a comp_alg field to specify a compression algorithm. Moved four ioctls to new ids; CIOCGSESSION, CIOCNGSESSION, CIOCCRYPT, and CIOCNCRYPTM. Added four backward compatible ioctls; OCIOCGSESSION, OCIOCNGSESSION, OCIOCCRYPT, and OCIOCNCRYPTM.
Backward compatibility is maintained in ocryptodev.h and ocryptodev.c which implement the original ioctls and set dst_len and comp_alg to 0.
Adds user-space access to compression features.
Adds software gzip support (CRYPTO_GZIP_COMP).
Adds the fast version of crc32 from zlib to libkern. This should be generally useful and provide a place to start normalizing the various crc32 routines in the kernel. The crc32 routine is used in this patch to support GZIP.
With input and support from tls@NetBSD.org.
|
#
1.23 |
|
18-Mar-2009 |
cegger |
bcopy -> memcpy
|
#
1.22 |
|
18-Mar-2009 |
cegger |
bzero -> memset
|
Revision tags: nick-hppapmap-base2 mjf-devfs2-base
|
#
1.21 |
|
17-Dec-2008 |
cegger |
branches: 1.21.2; kill MALLOC and FREE macros.
|
Revision tags: matt-nb5-mips64-premerge-20101231 matt-nb5-mips64-k15 netbsd-5-0-2-RELEASE matt-nb5-mips64-premerge-20091211 matt-nb5-mips64-u2-k2-k4-k7-k8-k9 matt-nb4-mips64-k7-u2a-k9b matt-nb5-mips64-u1-k1-k5 netbsd-5-0-1-RELEASE netbsd-5-0-RELEASE netbsd-5-0-RC4 netbsd-5-0-RC3 netbsd-5-0-RC2 netbsd-5-0-RC1 haad-dm-base2 haad-nbase2 ad-audiomp2-base netbsd-5-base matt-mips64-base2 haad-dm-base1 wrstuden-revivesa-base-4 wrstuden-revivesa-base-3 wrstuden-revivesa-base-2 haad-dm-base wrstuden-revivesa-base-1 simonb-wapbl-nbase yamt-pf42-base4 simonb-wapbl-base yamt-pf42-base3 hpcarm-cleanup-nbase yamt-pf42-baseX yamt-pf42-base2 yamt-nfs-mp-base2 wrstuden-revivesa-base yamt-nfs-mp-base yamt-pf42-base ad-socklock-base1 yamt-lazymbuf-base15 yamt-lazymbuf-base14 keiichi-mipv6-nbase nick-net80211-sync-base keiichi-mipv6-base matt-armv6-nbase mjf-devfs-base hpcarm-cleanup-base
|
#
1.20 |
|
04-Feb-2008 |
tls |
branches: 1.20.6; 1.20.10; 1.20.18; 1.20.20; 1.20.26; Rework opencrypto to use a spin mutex (crypto_mtx) instead of "splcrypto" (actually splnet) and condvars instead of tsleep/wakeup. Fix a few miscellaneous problems and add some debugging printfs while there.
Restore set of CRYPTO_F_DONE in crypto_done() which was lost at some point after this code came from FreeBSD -- it made it impossible to wait properly for a condition.
Add flags analogous to the "crp" flags to the key operation's krp struct. Add a new flag, CRYPTO_F_ONRETQ which tells us a request finished before the kthread had a chance to dequeue it and call its callback -- this was letting requests stick on the queues before even though done and copied out.
Callers of crypto_newsession() or crypto_freesession() must now take the mutex. Change netipsec to do so. Dispatch takes the mutex itself as needed.
This was tested fairly extensively with the cryptosoft backend and lightly with a new hardware driver. It has not been tested with FAST_IPSEC; I am unable to ascertain whether FAST_IPSEC currently works at all in our tree.
pjd@FreeBSD.ORG, ad@NetBSD.ORG, and darran@snark.us pointed me in the right direction several times in the course of this. Remaining bugs are mine alone.
|
#
1.19 |
|
02-Feb-2008 |
tls |
Add CRYPTO_*_HMAC_96 defines -- missed this file in previous commit.
|
#
1.18 |
|
01-Feb-2008 |
tls |
This code never worked on a released version of FreeBSD in the form it's been in in our tree, and certainly does not work on any version of FreeBSD now. Run through unifdef -D__NetBSD__ -U__FreeBSD__ yielding a small reduction of size and a dramatic improvement in readability.
No, this does not yield any meaningful decrease in patchability (unlike mechanical changes that touch live source lines) -- try it and see.
|
Revision tags: nick-csl-alignment-base5 bouyer-xeni386-merge1 matt-armv6-prevmlocking vmlocking2-base3 bouyer-xeni386-nbase yamt-kmem-base3 cube-autoconf-base yamt-kmem-base2 bouyer-xeni386-base yamt-kmem-base vmlocking2-base2 reinoud-bufcleanup-nbase vmlocking2-base1 jmcneill-base bouyer-xenamd64-base2 vmlocking-nbase yamt-x86pmap-base4 bouyer-xenamd64-base yamt-x86pmap-base3 yamt-x86pmap-base2 yamt-x86pmap-base matt-armv6-base matt-mips64-base jmcneill-pm-base nick-csl-alignment-base yamt-idlelwp-base8 thorpej-atomic-base reinoud-bufcleanup-base mjf-ufs-trans-base vmlocking-base
|
#
1.17 |
|
04-Mar-2007 |
christos |
branches: 1.17.16; 1.17.22; Kill caddr_t; there will be some MI fallout, but it will be fixed shortly.
|
Revision tags: ad-audiomp-base
|
#
1.16 |
|
17-Feb-2007 |
daniel |
branches: 1.16.2; Add an opencrypto provider for the AES xcrypt instructions found on VIA C5P and later cores (also known as 'ACE', which is part of the VIA PadLock security engine). Ported from OpenBSD.
Reviewed on tech-crypto and port-i386, no objections to commiting this.
|
Revision tags: netbsd-4-0-1-RELEASE wrstuden-fixsa-newbase wrstuden-fixsa-base-1 netbsd-4-0-RELEASE netbsd-4-0-RC5 matt-nb4-arm-base netbsd-4-0-RC4 netbsd-4-0-RC3 netbsd-4-0-RC2 netbsd-4-0-RC1 wrstuden-fixsa-base post-newlock2-merge newlock2-nbase yamt-splraiseipl-base5 yamt-splraiseipl-base4 yamt-splraiseipl-base3 newlock2-base netbsd-4-base
|
#
1.15 |
|
16-Nov-2006 |
christos |
__unused removal on arguments; approved by core.
|
Revision tags: yamt-splraiseipl-base2
|
#
1.14 |
|
12-Oct-2006 |
christos |
- sprinkle __unused on function decls. - fix a couple of unused bugs - no more -Wno-unused for i386
|
Revision tags: abandoned-netbsd-4-base yamt-splraiseipl-base yamt-pdpolicy-base9 yamt-pdpolicy-base8 yamt-pdpolicy-base7 yamt-pdpolicy-base6 chap-midi-nbase gdamore-uart-base yamt-pdpolicy-base5 chap-midi-base yamt-pdpolicy-base4 elad-kernelauth-base simonb-timecounters-base rpaulo-netinet-merge-pcb-base
|
#
1.13 |
|
02-Apr-2006 |
dsl |
branches: 1.13.8; 1.13.10; malloc data the size the pointer points to, not the size of a pointer. Maybe we get away with this (at least on 32bit archs) because the structure is 24 bytes and I bet the minimum allocation size is 32. Fixed coverty CIDs 2732 and 2733
|
Revision tags: yamt-pdpolicy-base3
|
#
1.12 |
|
17-Mar-2006 |
christos |
don't use MALLOC with a non-constant size; use malloc instead.
|
Revision tags: peter-altq-base yamt-pdpolicy-base2 yamt-pdpolicy-base yamt-uio_vmspace-base5 yamt-readahead-base3 ktrace-lwp-base
|
#
1.11 |
|
25-Nov-2005 |
thorpej |
branches: 1.11.4; 1.11.6; 1.11.8; 1.11.10; 1.11.12; swcr -> swcrypto
|
#
1.10 |
|
25-Nov-2005 |
thorpej |
- De-couple the software crypto implementation from the rest of the framework. There is no need to waste the space if you are only using algoritms provided by hardware accelerators. To get the software implementations, add "pseudo-device swcr" to your kernel config. - Lazily initialize the opencrypto framework when crypto drivers (either hardware or swcr) register themselves with the framework.
|
Revision tags: netbsd-3-1-1-RELEASE netbsd-3-0-3-RELEASE netbsd-3-1-RELEASE netbsd-3-0-2-RELEASE netbsd-3-1-RC4 netbsd-3-1-RC3 netbsd-3-1-RC2 netbsd-3-1-RC1 netbsd-3-0-1-RELEASE netbsd-3-0-RELEASE netbsd-3-0-RC6 netbsd-3-0-RC5 netbsd-3-0-RC4 netbsd-3-0-RC3 yamt-readahead-base2 netbsd-3-0-RC2 yamt-readahead-pervnode yamt-readahead-perfile yamt-readahead-base netbsd-3-0-RC1 yamt-vop-base3 yamt-vop-base2 thorpej-vnode-attr-base yamt-vop-base yamt-km-base4 yamt-km-base3 netbsd-3-base kent-audio2-base
|
#
1.9 |
|
26-Feb-2005 |
perry |
branches: 1.9.4; 1.9.10; nuke trailing whitespace
|
Revision tags: netbsd-2-0-3-RELEASE netbsd-2-1-RELEASE netbsd-2-1-RC6 netbsd-2-1-RC5 netbsd-2-1-RC4 netbsd-2-1-RC3 netbsd-2-1-RC2 netbsd-2-1-RC1 netbsd-2-0-2-RELEASE yamt-km-base2 yamt-km-base netbsd-2-0-1-RELEASE kent-audio1-beforemerge netbsd-2-base kent-audio1-base netbsd-2-0-RELEASE netbsd-2-0-RC5 netbsd-2-0-RC4 netbsd-2-0-RC3 netbsd-2-0-RC2 netbsd-2-0-RC1 netbsd-2-0-base
|
#
1.8 |
|
27-Aug-2003 |
thorpej |
branches: 1.8.4; 1.8.10; 1.8.12; Some const poisoning.
|
#
1.7 |
|
26-Aug-2003 |
thorpej |
Remove a bunch of unnecessary includes.
|
#
1.6 |
|
25-Aug-2003 |
thorpej |
It's bad form to use the <opencrypto/rmd160.h> header file while using the crypto/ripemd160/rmd160.c implementation. Remove the opencrypto-local copies of these files entirely.
|
#
1.5 |
|
30-Jul-2003 |
jonathan |
Garbage-collect references to OpenBSD-only <dev/rndvar.h>.
|
#
1.4 |
|
28-Jul-2003 |
jonathan |
Remove vestiges of OpenBSD <sys/md5k.h> header.
|
#
1.3 |
|
27-Jul-2003 |
jonathan |
Cleanup traces of previous standalone m_apply()/m_getptr().
|
#
1.2 |
|
26-Jul-2003 |
jonathan |
Fix authentication hashes requested via /dev/crypto. The handler for userland hashes case was partly omitted in the OpenBSD -> FreeBSD port.
|
#
1.1 |
|
25-Jul-2003 |
jonathan |
Commit initial NetBSD port of the OpenCrypto Framework (OCF). This code is derived from Sam Leffler's FreeBSD port of OCF, which is in turn a port of Angelos Keromytis's OpenBSD work. Credit to Sam and Angelos, any blame for the NetBSD port to me.
|
#
1.61 |
|
06-Apr-2021 |
knakahara |
Fix ATF failures, sorry.
|
#
1.60 |
|
05-Apr-2021 |
knakahara |
refactor: reduce access to swcr_sessions[i] directly
|
#
1.59 |
|
05-Apr-2021 |
knakahara |
refactor: reduce changing swcr_sesnum
|
#
1.58 |
|
05-Apr-2021 |
knakahara |
use kmem_{z,}alloc() instead of malloc()
|
Revision tags: thorpej-cfargs-base thorpej-futex-base
|
#
1.57 |
|
04-Jul-2020 |
riastradh |
Fix kmem_free size in recent malloc->kmem conversion.
Should address this bracket report that has my name all over it:
https://mail-index.netbsd.org/current-users/2020/07/04/msg039059.html
|
#
1.56 |
|
29-Jun-2020 |
riastradh |
opencrypto: Switch from legacy rijndael API to new aes API.
While here, apply various rijndael->aes renames, reduce the size of aesxcbc_ctx by 480 bytes, and convert some malloc->kmem.
Leave in the symbol enc_xform_rijndael128 for now, though, so this doesn't break any kernel ABI.
|
#
1.55 |
|
14-Jun-2020 |
riastradh |
swcrypto(4): Simplify iv generation logic with cprng_fast.
|
Revision tags: bouyer-xenpvh-base2 phil-wifi-20200421 bouyer-xenpvh-base1 phil-wifi-20200411 bouyer-xenpvh-base is-mlppp-base phil-wifi-20200406 ad-namecache-base3 ad-namecache-base2 ad-namecache-base1 ad-namecache-base phil-wifi-20191119
|
#
1.54 |
|
12-Oct-2019 |
christos |
add (void *) intermediate casts to elide gcc function cast warnings. This is the simplest solution; choices: - add pragmas, complex and ugly (need to be gcc-specific) - add -Wno to COPTS. Needs to be done in many makefiles because of rump - add intermediate functions: slows down things
|
Revision tags: netbsd-9-1-RELEASE netbsd-9-0-RELEASE netbsd-9-0-RC2 netbsd-9-0-RC1 netbsd-9-base
|
#
1.53 |
|
11-Jul-2019 |
christos |
Disable unloading until we keep track of references
|
Revision tags: phil-wifi-20190609 isaki-audio2-base pgoyette-compat-merge-20190127 pgoyette-compat-20190127 pgoyette-compat-20190118 pgoyette-compat-1226 pgoyette-compat-1126 pgoyette-compat-1020 pgoyette-compat-0930 pgoyette-compat-0906 pgoyette-compat-0728 phil-wifi-base pgoyette-compat-0625 pgoyette-compat-0521 pgoyette-compat-0502 pgoyette-compat-0422 pgoyette-compat-0415 pgoyette-compat-0407 pgoyette-compat-0330 pgoyette-compat-0322 pgoyette-compat-0315 pgoyette-compat-base tls-maxphys-base-20171202 nick-nhusb-base-20170825 perseant-stdc-iso10646-base
|
#
1.52 |
|
23-Jun-2017 |
knakahara |
branches: 1.52.6; fix cryptosoft.c:r1.51 mistake. swcrypto_attach() must not be called from module_init_class().
swcrypto_attach() will call softint_establish(), it must be called after cpus attached. module_init_class() is too early to call softint_establish().
|
Revision tags: netbsd-8-base
|
#
1.51 |
|
01-Jun-2017 |
knakahara |
branches: 1.51.2; swcrypto0 was initialized twice. Fix like pseudo network interfaces.
ok by pgoyette@n.o.
|
Revision tags: prg-localcount2-base3
|
#
1.50 |
|
17-May-2017 |
knakahara |
opencrypto: cleanup debug messages.
|
Revision tags: prg-localcount2-base2 prg-localcount2-base1 prg-localcount2-base pgoyette-localcount-20170426 bouyer-socketcan-base1
|
#
1.49 |
|
18-Apr-2017 |
maya |
branches: 1.49.2; Remove duplicate assignment. We assign the same value unconditionally just before.
from clang static analyzer
XXX surrounding code seems fishy
|
#
1.48 |
|
13-Apr-2017 |
ozaki-r |
Fix usage of MD5Final/SHA1Final
Passing NULL as the digest parameter is wrong.
|
Revision tags: jdolecek-ncq-base pgoyette-localcount-20170320 nick-nhusb-base-20170204 bouyer-socketcan-base pgoyette-localcount-20170107 nick-nhusb-base-20161204 pgoyette-localcount-20161104 nick-nhusb-base-20161004 localcount-20160914 pgoyette-localcount-20160806 pgoyette-localcount-20160726 pgoyette-localcount-base nick-nhusb-base-20160907 nick-nhusb-base-20160529 nick-nhusb-base-20160422 nick-nhusb-base-20160319 nick-nhusb-base-20151226 nick-nhusb-base-20150921
|
#
1.47 |
|
20-Aug-2015 |
christos |
branches: 1.47.2; 1.47.4; include "ioconf.h" to get the 'void <driver>attach(int count);' prototype.
|
Revision tags: netbsd-7-2-RELEASE netbsd-7-1-2-RELEASE netbsd-7-1-1-RELEASE netbsd-7-1-RELEASE netbsd-7-1-RC2 netbsd-7-nhusb-base-20170116 netbsd-7-1-RC1 netbsd-7-0-2-RELEASE netbsd-7-nhusb-base netbsd-7-0-1-RELEASE netbsd-7-0-RELEASE netbsd-7-0-RC3 netbsd-7-0-RC2 netbsd-7-0-RC1 nick-nhusb-base-20150606 nick-nhusb-base-20150406 nick-nhusb-base netbsd-7-base tls-earlyentropy-base tls-maxphys-base
|
#
1.46 |
|
02-Jul-2014 |
riastradh |
branches: 1.46.4; If we register with pmf on attach, deregister on detach.
|
#
1.45 |
|
21-Jun-2014 |
christos |
register with pmf.
|
Revision tags: yamt-pagecache-base9 riastradh-xf86-video-intel-2-7-1-pre-2-21-15 riastradh-drm2-base3 rmind-smpnet-nbase rmind-smpnet-base
|
#
1.44 |
|
01-Jan-2014 |
pgoyette |
branches: 1.44.2; Modularize the opencrypto components and link to the build
|
#
1.43 |
|
12-Sep-2013 |
martin |
Remove unused variable
|
Revision tags: riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base
|
#
1.42 |
|
24-Jun-2013 |
riastradh |
branches: 1.42.2; Replace consttime_bcmp/explicit_bzero by consttime_memequal/explicit_memset.
consttime_memequal is the same as the old consttime_bcmp. explicit_memset is to memset as explicit_bzero was to bcmp.
Passes amd64 release and i386/ALL, but I'm sure I missed some spots, so please let me know.
|
Revision tags: agc-symver-base
|
#
1.41 |
|
02-Feb-2013 |
christos |
fix compilation
|
Revision tags: yamt-pagecache-base8 yamt-pagecache-base7 yamt-pagecache-base6
|
#
1.40 |
|
30-Aug-2012 |
drochner |
branches: 1.40.2; Add "consttime_bcmp" and "explicit_bzero" functions for both kernel abd userland, as proposed on tech-security, with explicit_bzero using a volatile function pointer as suggested by Alan Barrett. Both do what the name says. For userland, both are prefixed by "__" to keep them out of the user namespace. Change some memset/memcmp uses to the new functions where it makes sense -- these are just some examples, more to come.
|
Revision tags: netbsd-6-0-6-RELEASE netbsd-6-1-5-RELEASE netbsd-6-1-4-RELEASE netbsd-6-0-5-RELEASE netbsd-6-1-3-RELEASE netbsd-6-0-4-RELEASE netbsd-6-1-2-RELEASE netbsd-6-0-3-RELEASE netbsd-6-1-1-RELEASE netbsd-6-0-2-RELEASE netbsd-6-1-RELEASE netbsd-6-1-RC4 netbsd-6-1-RC3 netbsd-6-1-RC2 netbsd-6-1-RC1 netbsd-6-0-1-RELEASE matt-nb6-plus-nbase netbsd-6-0-RELEASE netbsd-6-0-RC2 matt-nb6-plus-base netbsd-6-0-RC1 jmcneill-usbmp-base10 yamt-pagecache-base5 jmcneill-usbmp-base9 yamt-pagecache-base4 jmcneill-usbmp-base8 jmcneill-usbmp-base7 jmcneill-usbmp-base6 jmcneill-usbmp-base5 jmcneill-usbmp-base4 jmcneill-usbmp-base3 jmcneill-usbmp-pre-base2 jmcneill-usbmp-base2 netbsd-6-base jmcneill-usbmp-base
|
#
1.39 |
|
28-Nov-2011 |
tls |
Remove arc4random() and arc4randbytes() from the kernel API. Replace arc4random() hacks in rump with stubs that call the host arc4random() to get numbers that are hopefully actually random (arc4random() keyed with stack junk is not). This should fix some of the currently failing anita tests -- we should no longer generate duplicate "random" MAC addresses in the test environment.
|
Revision tags: jmcneill-audiomp3-base yamt-pagecache-base3 yamt-pagecache-base2 yamt-pagecache-base rmind-uvmplock-nbase rmind-uvmplock-base
|
#
1.38 |
|
07-Jun-2011 |
drochner |
branches: 1.38.2; use a simple counter as IV for AES-GMAC as suggested in RFC4543
|
Revision tags: cherry-xenmp-base
|
#
1.37 |
|
26-May-2011 |
drochner |
branches: 1.37.2; pull in AES-GCM/GMAC support from OpenBSD This is still somewhat experimental. Tested between 2 similar boxes so far. There is much potential for performance improvement. For now, I've changed the gmac code to accept any data alignment, as the "char *" pointer suggests. As the code is practically used, 32-bit alignment can be assumed, at the cost of data copies. I don't know whether bytewise access or copies are worse performance-wise. For efficient implementations using SSE2 instructions on x86, even stricter alignment requirements might arise.
|
#
1.36 |
|
24-May-2011 |
drochner |
copy AES-XCBC-MAC support from KAME IPSEC to FAST_IPSEC For this to fit, an API change in cryptosoft was adopted from OpenBSD (addition of a "Setkey" method to hashes) which was done for GCM/GMAC support there, so it might be useful in the future anyway. tested against KAME IPSEC AFAICT, FAST_IPSEC now supports as much as KAME.
|
#
1.35 |
|
24-May-2011 |
drochner |
move the "context size" struct member (which is a pure software implementation thing) from the abstract xform descriptor to the cryptosoft implementation part -- for sanity, and now clients of opencrypto don't depend on headers of cipher implementations anymore
|
#
1.34 |
|
24-May-2011 |
drochner |
Change the way the IV is generated for AES-CTR: use a simple counter instead of arc4random(). AES-CTR is sensitive against IV recurrence (with the same key / nonce), and a random number doesn't give that guarantee. This needs a little API change in cryptosoft -- I've suggested it to Open/FreeBSD, might change it depending on feedback. Thanks to Steven Bellovin for hints.
|
#
1.33 |
|
23-May-2011 |
drochner |
add an AES-CTR xform, from OpenBSD
|
#
1.32 |
|
23-May-2011 |
drochner |
-in the descriptor for encryption xforms, split the "blocksize" field into "blocksize" and "IV size" -add an "reinit" function pointer which, if set, means that the xform does its IV handling itself and doesn't want the default CBC handling by the framework (poor name, but left that way to avoid unecessary differences) This syncs with Open/FreeBSD, purpose is to allow non-CBC transforms. Refer to ivsize instead of blocksize where appropriate. (At this point, blocksize and ivsize are identical.)
|
#
1.31 |
|
21-May-2011 |
drochner |
fix a logics bug (which has been here from the beginning) which made that only 96 random bits were used for IV generation, this caused eg that the last 4 bytes of the IV in ESP/AES-CBC were constant, leaking kernel memory affects FAST_IPSEC only
|
#
1.30 |
|
05-May-2011 |
drochner |
support camellia-cbc by swcrypt
|
Revision tags: bouyer-quota2-nbase
|
#
1.29 |
|
25-Feb-2011 |
drochner |
make the use of SHA2-HMAC by FAST_IPSEC compliant to current standards: -RFC2104 says that the block size of the hash algorithm must be used for key/ipad/opad calculations. While formerly all ciphers used a block length of 64, SHA384 and SHA512 use 128 bytes. So we can't use the HMAC_BLOCK_LEN constant anymore. Add a new field to "struct auth_hash" for the per-cipher blocksize. -Due to this, there can't be a single "CRYPTO_SHA2_HMAC" external name anymore. Replace this by 3 for the 3 different keysizes. This was done by Open/FreeBSD before. -Also fix the number of authenticator bits used tor ESP and AH to conform to RFC4868, and remove uses of AH_HMAC_HASHLEN which did assume a fixed authenticator size of 12 bytes.
FAST_IPSEC will not interoperate with KAME IPSEC anymore if sha2 is used, because the latter doesn't implement these standards. It should interoperate with at least modern Free/OpenBSD now. (I've only tested with NetBSD-current/FAST_IPSEC on both ends.)
|
#
1.28 |
|
24-Feb-2011 |
drochner |
small modifications in dealing with the unknown result size of compression/ decompression: -seperate the IPCOMP specific rule that compression must not grow the data from general compression semantics: Introduce a special name CRYPTO_DEFLATE_COMP_NOGROW/comp_algo_deflate_nogrow to describe the IPCOMP semantics and use it there. (being here, fix the check so that equal size is considered failure as well as required by RFC2393) Customers of CRYPTO_DEFLATE_COMP/comp_algo_deflate now always get deflated data back, even if they are not smaller than the original. -allow to pass a "size hint" to the DEFLATE decompression function which is used for the initial buffer allocation. Due to the changes done there, additional allocations and extra copies are avoided if the initial allocation is sufficient. Set the size hint to MCLBYTES (=2k) in IPCOMP which should be good for many use cases.
|
Revision tags: bouyer-quota2-base
|
#
1.27 |
|
10-Feb-2011 |
drochner |
Don't store temporary values in the opencrypto session data struct which can be shared by multiple threads -- pass them on the stack instead. Add some "const" to document this. (One _could_ use the session struct for temporary stuff with proper locking, but it seems unnecessary here.) Also remove the unused SW_crc member in the session struct. From Wolfgang Stukenbrock per PR kern/44472.
|
Revision tags: jruoho-x86intr-base matt-mips64-premerge-20101231 uebayasi-xip-base4 uebayasi-xip-base3 yamt-nfs-mp-base11 uebayasi-xip-base2 yamt-nfs-mp-base10
|
#
1.26 |
|
02-Aug-2010 |
jakllsch |
branches: 1.26.2; 1.26.4; Consistently use a single CRYPTO_SESID2HID-like macro. Improve CRYPTO_DEBUG printing a bit: print pointers with %p print unsigned with %u rather than %d use CRYPTO_SESID2LID instead of just casting to uint32_t
|
Revision tags: uebayasi-xip-base1 yamt-nfs-mp-base9 uebayasi-xip-base matt-premerge-20091211 yamt-nfs-mp-base8 yamt-nfs-mp-base7 jymxensuspend-base yamt-nfs-mp-base6 yamt-nfs-mp-base5 yamt-nfs-mp-base4 jym-xensuspend-nbase yamt-nfs-mp-base3 nick-hppapmap-base4 nick-hppapmap-base3 jym-xensuspend-base nick-hppapmap-base
|
#
1.25 |
|
18-Apr-2009 |
tsutsui |
branches: 1.25.2; 1.25.4; Remove extra whitespace added by a stupid tool. XXX: more in src/sys/arch
|
#
1.24 |
|
25-Mar-2009 |
darran |
Fixes PR kern/41069 and PR kern/41070.
Extends the Opencrypto API to allow the destination buffer size to be specified when its not the same size as the input buffer (i.e. for operations like compress and decompress). The crypto_op and crypt_n_op structures gain a u_int dst_len field. The session_op structure gains a comp_alg field to specify a compression algorithm. Moved four ioctls to new ids; CIOCGSESSION, CIOCNGSESSION, CIOCCRYPT, and CIOCNCRYPTM. Added four backward compatible ioctls; OCIOCGSESSION, OCIOCNGSESSION, OCIOCCRYPT, and OCIOCNCRYPTM.
Backward compatibility is maintained in ocryptodev.h and ocryptodev.c which implement the original ioctls and set dst_len and comp_alg to 0.
Adds user-space access to compression features.
Adds software gzip support (CRYPTO_GZIP_COMP).
Adds the fast version of crc32 from zlib to libkern. This should be generally useful and provide a place to start normalizing the various crc32 routines in the kernel. The crc32 routine is used in this patch to support GZIP.
With input and support from tls@NetBSD.org.
|
#
1.23 |
|
18-Mar-2009 |
cegger |
bcopy -> memcpy
|
#
1.22 |
|
18-Mar-2009 |
cegger |
bzero -> memset
|
Revision tags: nick-hppapmap-base2 mjf-devfs2-base
|
#
1.21 |
|
17-Dec-2008 |
cegger |
branches: 1.21.2; kill MALLOC and FREE macros.
|
Revision tags: matt-nb5-mips64-premerge-20101231 matt-nb5-mips64-k15 netbsd-5-0-2-RELEASE matt-nb5-mips64-premerge-20091211 matt-nb5-mips64-u2-k2-k4-k7-k8-k9 matt-nb4-mips64-k7-u2a-k9b matt-nb5-mips64-u1-k1-k5 netbsd-5-0-1-RELEASE netbsd-5-0-RELEASE netbsd-5-0-RC4 netbsd-5-0-RC3 netbsd-5-0-RC2 netbsd-5-0-RC1 haad-dm-base2 haad-nbase2 ad-audiomp2-base netbsd-5-base matt-mips64-base2 haad-dm-base1 wrstuden-revivesa-base-4 wrstuden-revivesa-base-3 wrstuden-revivesa-base-2 haad-dm-base wrstuden-revivesa-base-1 simonb-wapbl-nbase yamt-pf42-base4 simonb-wapbl-base yamt-pf42-base3 hpcarm-cleanup-nbase yamt-pf42-baseX yamt-pf42-base2 yamt-nfs-mp-base2 wrstuden-revivesa-base yamt-nfs-mp-base yamt-pf42-base ad-socklock-base1 yamt-lazymbuf-base15 yamt-lazymbuf-base14 keiichi-mipv6-nbase nick-net80211-sync-base keiichi-mipv6-base matt-armv6-nbase mjf-devfs-base hpcarm-cleanup-base
|
#
1.20 |
|
04-Feb-2008 |
tls |
branches: 1.20.6; 1.20.10; 1.20.18; 1.20.20; 1.20.26; Rework opencrypto to use a spin mutex (crypto_mtx) instead of "splcrypto" (actually splnet) and condvars instead of tsleep/wakeup. Fix a few miscellaneous problems and add some debugging printfs while there.
Restore set of CRYPTO_F_DONE in crypto_done() which was lost at some point after this code came from FreeBSD -- it made it impossible to wait properly for a condition.
Add flags analogous to the "crp" flags to the key operation's krp struct. Add a new flag, CRYPTO_F_ONRETQ which tells us a request finished before the kthread had a chance to dequeue it and call its callback -- this was letting requests stick on the queues before even though done and copied out.
Callers of crypto_newsession() or crypto_freesession() must now take the mutex. Change netipsec to do so. Dispatch takes the mutex itself as needed.
This was tested fairly extensively with the cryptosoft backend and lightly with a new hardware driver. It has not been tested with FAST_IPSEC; I am unable to ascertain whether FAST_IPSEC currently works at all in our tree.
pjd@FreeBSD.ORG, ad@NetBSD.ORG, and darran@snark.us pointed me in the right direction several times in the course of this. Remaining bugs are mine alone.
|
#
1.19 |
|
02-Feb-2008 |
tls |
Add CRYPTO_*_HMAC_96 defines -- missed this file in previous commit.
|
#
1.18 |
|
01-Feb-2008 |
tls |
This code never worked on a released version of FreeBSD in the form it's been in in our tree, and certainly does not work on any version of FreeBSD now. Run through unifdef -D__NetBSD__ -U__FreeBSD__ yielding a small reduction of size and a dramatic improvement in readability.
No, this does not yield any meaningful decrease in patchability (unlike mechanical changes that touch live source lines) -- try it and see.
|
Revision tags: nick-csl-alignment-base5 bouyer-xeni386-merge1 matt-armv6-prevmlocking vmlocking2-base3 bouyer-xeni386-nbase yamt-kmem-base3 cube-autoconf-base yamt-kmem-base2 bouyer-xeni386-base yamt-kmem-base vmlocking2-base2 reinoud-bufcleanup-nbase vmlocking2-base1 jmcneill-base bouyer-xenamd64-base2 vmlocking-nbase yamt-x86pmap-base4 bouyer-xenamd64-base yamt-x86pmap-base3 yamt-x86pmap-base2 yamt-x86pmap-base matt-armv6-base matt-mips64-base jmcneill-pm-base nick-csl-alignment-base yamt-idlelwp-base8 thorpej-atomic-base reinoud-bufcleanup-base mjf-ufs-trans-base vmlocking-base
|
#
1.17 |
|
04-Mar-2007 |
christos |
branches: 1.17.16; 1.17.22; Kill caddr_t; there will be some MI fallout, but it will be fixed shortly.
|
Revision tags: ad-audiomp-base
|
#
1.16 |
|
17-Feb-2007 |
daniel |
branches: 1.16.2; Add an opencrypto provider for the AES xcrypt instructions found on VIA C5P and later cores (also known as 'ACE', which is part of the VIA PadLock security engine). Ported from OpenBSD.
Reviewed on tech-crypto and port-i386, no objections to commiting this.
|
Revision tags: netbsd-4-0-1-RELEASE wrstuden-fixsa-newbase wrstuden-fixsa-base-1 netbsd-4-0-RELEASE netbsd-4-0-RC5 matt-nb4-arm-base netbsd-4-0-RC4 netbsd-4-0-RC3 netbsd-4-0-RC2 netbsd-4-0-RC1 wrstuden-fixsa-base post-newlock2-merge newlock2-nbase yamt-splraiseipl-base5 yamt-splraiseipl-base4 yamt-splraiseipl-base3 newlock2-base netbsd-4-base
|
#
1.15 |
|
16-Nov-2006 |
christos |
__unused removal on arguments; approved by core.
|
Revision tags: yamt-splraiseipl-base2
|
#
1.14 |
|
12-Oct-2006 |
christos |
- sprinkle __unused on function decls. - fix a couple of unused bugs - no more -Wno-unused for i386
|
Revision tags: abandoned-netbsd-4-base yamt-splraiseipl-base yamt-pdpolicy-base9 yamt-pdpolicy-base8 yamt-pdpolicy-base7 yamt-pdpolicy-base6 chap-midi-nbase gdamore-uart-base yamt-pdpolicy-base5 chap-midi-base yamt-pdpolicy-base4 elad-kernelauth-base simonb-timecounters-base rpaulo-netinet-merge-pcb-base
|
#
1.13 |
|
02-Apr-2006 |
dsl |
branches: 1.13.8; 1.13.10; malloc data the size the pointer points to, not the size of a pointer. Maybe we get away with this (at least on 32bit archs) because the structure is 24 bytes and I bet the minimum allocation size is 32. Fixed coverty CIDs 2732 and 2733
|
Revision tags: yamt-pdpolicy-base3
|
#
1.12 |
|
17-Mar-2006 |
christos |
don't use MALLOC with a non-constant size; use malloc instead.
|
Revision tags: peter-altq-base yamt-pdpolicy-base2 yamt-pdpolicy-base yamt-uio_vmspace-base5 yamt-readahead-base3 ktrace-lwp-base
|
#
1.11 |
|
25-Nov-2005 |
thorpej |
branches: 1.11.4; 1.11.6; 1.11.8; 1.11.10; 1.11.12; swcr -> swcrypto
|
#
1.10 |
|
25-Nov-2005 |
thorpej |
- De-couple the software crypto implementation from the rest of the framework. There is no need to waste the space if you are only using algoritms provided by hardware accelerators. To get the software implementations, add "pseudo-device swcr" to your kernel config. - Lazily initialize the opencrypto framework when crypto drivers (either hardware or swcr) register themselves with the framework.
|
Revision tags: netbsd-3-1-1-RELEASE netbsd-3-0-3-RELEASE netbsd-3-1-RELEASE netbsd-3-0-2-RELEASE netbsd-3-1-RC4 netbsd-3-1-RC3 netbsd-3-1-RC2 netbsd-3-1-RC1 netbsd-3-0-1-RELEASE netbsd-3-0-RELEASE netbsd-3-0-RC6 netbsd-3-0-RC5 netbsd-3-0-RC4 netbsd-3-0-RC3 yamt-readahead-base2 netbsd-3-0-RC2 yamt-readahead-pervnode yamt-readahead-perfile yamt-readahead-base netbsd-3-0-RC1 yamt-vop-base3 yamt-vop-base2 thorpej-vnode-attr-base yamt-vop-base yamt-km-base4 yamt-km-base3 netbsd-3-base kent-audio2-base
|
#
1.9 |
|
26-Feb-2005 |
perry |
branches: 1.9.4; 1.9.10; nuke trailing whitespace
|
Revision tags: netbsd-2-0-3-RELEASE netbsd-2-1-RELEASE netbsd-2-1-RC6 netbsd-2-1-RC5 netbsd-2-1-RC4 netbsd-2-1-RC3 netbsd-2-1-RC2 netbsd-2-1-RC1 netbsd-2-0-2-RELEASE yamt-km-base2 yamt-km-base netbsd-2-0-1-RELEASE kent-audio1-beforemerge netbsd-2-base kent-audio1-base netbsd-2-0-RELEASE netbsd-2-0-RC5 netbsd-2-0-RC4 netbsd-2-0-RC3 netbsd-2-0-RC2 netbsd-2-0-RC1 netbsd-2-0-base
|
#
1.8 |
|
27-Aug-2003 |
thorpej |
branches: 1.8.4; 1.8.10; 1.8.12; Some const poisoning.
|
#
1.7 |
|
26-Aug-2003 |
thorpej |
Remove a bunch of unnecessary includes.
|
#
1.6 |
|
25-Aug-2003 |
thorpej |
It's bad form to use the <opencrypto/rmd160.h> header file while using the crypto/ripemd160/rmd160.c implementation. Remove the opencrypto-local copies of these files entirely.
|
#
1.5 |
|
30-Jul-2003 |
jonathan |
Garbage-collect references to OpenBSD-only <dev/rndvar.h>.
|
#
1.4 |
|
28-Jul-2003 |
jonathan |
Remove vestiges of OpenBSD <sys/md5k.h> header.
|
#
1.3 |
|
27-Jul-2003 |
jonathan |
Cleanup traces of previous standalone m_apply()/m_getptr().
|
#
1.2 |
|
26-Jul-2003 |
jonathan |
Fix authentication hashes requested via /dev/crypto. The handler for userland hashes case was partly omitted in the OpenBSD -> FreeBSD port.
|
#
1.1 |
|
25-Jul-2003 |
jonathan |
Commit initial NetBSD port of the OpenCrypto Framework (OCF). This code is derived from Sam Leffler's FreeBSD port of OCF, which is in turn a port of Angelos Keromytis's OpenBSD work. Credit to Sam and Angelos, any blame for the NetBSD port to me.
|
#
1.60 |
|
05-Apr-2021 |
knakahara |
refactor: reduce access to swcr_sessions[i] directly
|
#
1.59 |
|
05-Apr-2021 |
knakahara |
refactor: reduce changing swcr_sesnum
|
#
1.58 |
|
05-Apr-2021 |
knakahara |
use kmem_{z,}alloc() instead of malloc()
|
Revision tags: thorpej-cfargs-base thorpej-futex-base
|
#
1.57 |
|
04-Jul-2020 |
riastradh |
Fix kmem_free size in recent malloc->kmem conversion.
Should address this bracket report that has my name all over it:
https://mail-index.netbsd.org/current-users/2020/07/04/msg039059.html
|
#
1.56 |
|
29-Jun-2020 |
riastradh |
opencrypto: Switch from legacy rijndael API to new aes API.
While here, apply various rijndael->aes renames, reduce the size of aesxcbc_ctx by 480 bytes, and convert some malloc->kmem.
Leave in the symbol enc_xform_rijndael128 for now, though, so this doesn't break any kernel ABI.
|
#
1.55 |
|
14-Jun-2020 |
riastradh |
swcrypto(4): Simplify iv generation logic with cprng_fast.
|
Revision tags: bouyer-xenpvh-base2 phil-wifi-20200421 bouyer-xenpvh-base1 phil-wifi-20200411 bouyer-xenpvh-base is-mlppp-base phil-wifi-20200406 ad-namecache-base3 ad-namecache-base2 ad-namecache-base1 ad-namecache-base phil-wifi-20191119
|
#
1.54 |
|
12-Oct-2019 |
christos |
add (void *) intermediate casts to elide gcc function cast warnings. This is the simplest solution; choices: - add pragmas, complex and ugly (need to be gcc-specific) - add -Wno to COPTS. Needs to be done in many makefiles because of rump - add intermediate functions: slows down things
|
Revision tags: netbsd-9-1-RELEASE netbsd-9-0-RELEASE netbsd-9-0-RC2 netbsd-9-0-RC1 netbsd-9-base
|
#
1.53 |
|
11-Jul-2019 |
christos |
Disable unloading until we keep track of references
|
Revision tags: phil-wifi-20190609 isaki-audio2-base pgoyette-compat-merge-20190127 pgoyette-compat-20190127 pgoyette-compat-20190118 pgoyette-compat-1226 pgoyette-compat-1126 pgoyette-compat-1020 pgoyette-compat-0930 pgoyette-compat-0906 pgoyette-compat-0728 phil-wifi-base pgoyette-compat-0625 pgoyette-compat-0521 pgoyette-compat-0502 pgoyette-compat-0422 pgoyette-compat-0415 pgoyette-compat-0407 pgoyette-compat-0330 pgoyette-compat-0322 pgoyette-compat-0315 pgoyette-compat-base tls-maxphys-base-20171202 nick-nhusb-base-20170825 perseant-stdc-iso10646-base
|
#
1.52 |
|
23-Jun-2017 |
knakahara |
branches: 1.52.6; fix cryptosoft.c:r1.51 mistake. swcrypto_attach() must not be called from module_init_class().
swcrypto_attach() will call softint_establish(), it must be called after cpus attached. module_init_class() is too early to call softint_establish().
|
Revision tags: netbsd-8-base
|
#
1.51 |
|
01-Jun-2017 |
knakahara |
branches: 1.51.2; swcrypto0 was initialized twice. Fix like pseudo network interfaces.
ok by pgoyette@n.o.
|
Revision tags: prg-localcount2-base3
|
#
1.50 |
|
17-May-2017 |
knakahara |
opencrypto: cleanup debug messages.
|
Revision tags: prg-localcount2-base2 prg-localcount2-base1 prg-localcount2-base pgoyette-localcount-20170426 bouyer-socketcan-base1
|
#
1.49 |
|
18-Apr-2017 |
maya |
branches: 1.49.2; Remove duplicate assignment. We assign the same value unconditionally just before.
from clang static analyzer
XXX surrounding code seems fishy
|
#
1.48 |
|
13-Apr-2017 |
ozaki-r |
Fix usage of MD5Final/SHA1Final
Passing NULL as the digest parameter is wrong.
|
Revision tags: jdolecek-ncq-base pgoyette-localcount-20170320 nick-nhusb-base-20170204 bouyer-socketcan-base pgoyette-localcount-20170107 nick-nhusb-base-20161204 pgoyette-localcount-20161104 nick-nhusb-base-20161004 localcount-20160914 pgoyette-localcount-20160806 pgoyette-localcount-20160726 pgoyette-localcount-base nick-nhusb-base-20160907 nick-nhusb-base-20160529 nick-nhusb-base-20160422 nick-nhusb-base-20160319 nick-nhusb-base-20151226 nick-nhusb-base-20150921
|
#
1.47 |
|
20-Aug-2015 |
christos |
branches: 1.47.2; 1.47.4; include "ioconf.h" to get the 'void <driver>attach(int count);' prototype.
|
Revision tags: netbsd-7-2-RELEASE netbsd-7-1-2-RELEASE netbsd-7-1-1-RELEASE netbsd-7-1-RELEASE netbsd-7-1-RC2 netbsd-7-nhusb-base-20170116 netbsd-7-1-RC1 netbsd-7-0-2-RELEASE netbsd-7-nhusb-base netbsd-7-0-1-RELEASE netbsd-7-0-RELEASE netbsd-7-0-RC3 netbsd-7-0-RC2 netbsd-7-0-RC1 nick-nhusb-base-20150606 nick-nhusb-base-20150406 nick-nhusb-base netbsd-7-base tls-earlyentropy-base tls-maxphys-base
|
#
1.46 |
|
02-Jul-2014 |
riastradh |
branches: 1.46.4; If we register with pmf on attach, deregister on detach.
|
#
1.45 |
|
21-Jun-2014 |
christos |
register with pmf.
|
Revision tags: yamt-pagecache-base9 riastradh-xf86-video-intel-2-7-1-pre-2-21-15 riastradh-drm2-base3 rmind-smpnet-nbase rmind-smpnet-base
|
#
1.44 |
|
01-Jan-2014 |
pgoyette |
branches: 1.44.2; Modularize the opencrypto components and link to the build
|
#
1.43 |
|
12-Sep-2013 |
martin |
Remove unused variable
|
Revision tags: riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base
|
#
1.42 |
|
24-Jun-2013 |
riastradh |
branches: 1.42.2; Replace consttime_bcmp/explicit_bzero by consttime_memequal/explicit_memset.
consttime_memequal is the same as the old consttime_bcmp. explicit_memset is to memset as explicit_bzero was to bcmp.
Passes amd64 release and i386/ALL, but I'm sure I missed some spots, so please let me know.
|
Revision tags: agc-symver-base
|
#
1.41 |
|
02-Feb-2013 |
christos |
fix compilation
|
Revision tags: yamt-pagecache-base8 yamt-pagecache-base7 yamt-pagecache-base6
|
#
1.40 |
|
30-Aug-2012 |
drochner |
branches: 1.40.2; Add "consttime_bcmp" and "explicit_bzero" functions for both kernel abd userland, as proposed on tech-security, with explicit_bzero using a volatile function pointer as suggested by Alan Barrett. Both do what the name says. For userland, both are prefixed by "__" to keep them out of the user namespace. Change some memset/memcmp uses to the new functions where it makes sense -- these are just some examples, more to come.
|
Revision tags: netbsd-6-0-6-RELEASE netbsd-6-1-5-RELEASE netbsd-6-1-4-RELEASE netbsd-6-0-5-RELEASE netbsd-6-1-3-RELEASE netbsd-6-0-4-RELEASE netbsd-6-1-2-RELEASE netbsd-6-0-3-RELEASE netbsd-6-1-1-RELEASE netbsd-6-0-2-RELEASE netbsd-6-1-RELEASE netbsd-6-1-RC4 netbsd-6-1-RC3 netbsd-6-1-RC2 netbsd-6-1-RC1 netbsd-6-0-1-RELEASE matt-nb6-plus-nbase netbsd-6-0-RELEASE netbsd-6-0-RC2 matt-nb6-plus-base netbsd-6-0-RC1 jmcneill-usbmp-base10 yamt-pagecache-base5 jmcneill-usbmp-base9 yamt-pagecache-base4 jmcneill-usbmp-base8 jmcneill-usbmp-base7 jmcneill-usbmp-base6 jmcneill-usbmp-base5 jmcneill-usbmp-base4 jmcneill-usbmp-base3 jmcneill-usbmp-pre-base2 jmcneill-usbmp-base2 netbsd-6-base jmcneill-usbmp-base
|
#
1.39 |
|
28-Nov-2011 |
tls |
Remove arc4random() and arc4randbytes() from the kernel API. Replace arc4random() hacks in rump with stubs that call the host arc4random() to get numbers that are hopefully actually random (arc4random() keyed with stack junk is not). This should fix some of the currently failing anita tests -- we should no longer generate duplicate "random" MAC addresses in the test environment.
|
Revision tags: jmcneill-audiomp3-base yamt-pagecache-base3 yamt-pagecache-base2 yamt-pagecache-base rmind-uvmplock-nbase rmind-uvmplock-base
|
#
1.38 |
|
07-Jun-2011 |
drochner |
branches: 1.38.2; use a simple counter as IV for AES-GMAC as suggested in RFC4543
|
Revision tags: cherry-xenmp-base
|
#
1.37 |
|
26-May-2011 |
drochner |
branches: 1.37.2; pull in AES-GCM/GMAC support from OpenBSD This is still somewhat experimental. Tested between 2 similar boxes so far. There is much potential for performance improvement. For now, I've changed the gmac code to accept any data alignment, as the "char *" pointer suggests. As the code is practically used, 32-bit alignment can be assumed, at the cost of data copies. I don't know whether bytewise access or copies are worse performance-wise. For efficient implementations using SSE2 instructions on x86, even stricter alignment requirements might arise.
|
#
1.36 |
|
24-May-2011 |
drochner |
copy AES-XCBC-MAC support from KAME IPSEC to FAST_IPSEC For this to fit, an API change in cryptosoft was adopted from OpenBSD (addition of a "Setkey" method to hashes) which was done for GCM/GMAC support there, so it might be useful in the future anyway. tested against KAME IPSEC AFAICT, FAST_IPSEC now supports as much as KAME.
|
#
1.35 |
|
24-May-2011 |
drochner |
move the "context size" struct member (which is a pure software implementation thing) from the abstract xform descriptor to the cryptosoft implementation part -- for sanity, and now clients of opencrypto don't depend on headers of cipher implementations anymore
|
#
1.34 |
|
24-May-2011 |
drochner |
Change the way the IV is generated for AES-CTR: use a simple counter instead of arc4random(). AES-CTR is sensitive against IV recurrence (with the same key / nonce), and a random number doesn't give that guarantee. This needs a little API change in cryptosoft -- I've suggested it to Open/FreeBSD, might change it depending on feedback. Thanks to Steven Bellovin for hints.
|
#
1.33 |
|
23-May-2011 |
drochner |
add an AES-CTR xform, from OpenBSD
|
#
1.32 |
|
23-May-2011 |
drochner |
-in the descriptor for encryption xforms, split the "blocksize" field into "blocksize" and "IV size" -add an "reinit" function pointer which, if set, means that the xform does its IV handling itself and doesn't want the default CBC handling by the framework (poor name, but left that way to avoid unecessary differences) This syncs with Open/FreeBSD, purpose is to allow non-CBC transforms. Refer to ivsize instead of blocksize where appropriate. (At this point, blocksize and ivsize are identical.)
|
#
1.31 |
|
21-May-2011 |
drochner |
fix a logics bug (which has been here from the beginning) which made that only 96 random bits were used for IV generation, this caused eg that the last 4 bytes of the IV in ESP/AES-CBC were constant, leaking kernel memory affects FAST_IPSEC only
|
#
1.30 |
|
05-May-2011 |
drochner |
support camellia-cbc by swcrypt
|
Revision tags: bouyer-quota2-nbase
|
#
1.29 |
|
25-Feb-2011 |
drochner |
make the use of SHA2-HMAC by FAST_IPSEC compliant to current standards: -RFC2104 says that the block size of the hash algorithm must be used for key/ipad/opad calculations. While formerly all ciphers used a block length of 64, SHA384 and SHA512 use 128 bytes. So we can't use the HMAC_BLOCK_LEN constant anymore. Add a new field to "struct auth_hash" for the per-cipher blocksize. -Due to this, there can't be a single "CRYPTO_SHA2_HMAC" external name anymore. Replace this by 3 for the 3 different keysizes. This was done by Open/FreeBSD before. -Also fix the number of authenticator bits used tor ESP and AH to conform to RFC4868, and remove uses of AH_HMAC_HASHLEN which did assume a fixed authenticator size of 12 bytes.
FAST_IPSEC will not interoperate with KAME IPSEC anymore if sha2 is used, because the latter doesn't implement these standards. It should interoperate with at least modern Free/OpenBSD now. (I've only tested with NetBSD-current/FAST_IPSEC on both ends.)
|
#
1.28 |
|
24-Feb-2011 |
drochner |
small modifications in dealing with the unknown result size of compression/ decompression: -seperate the IPCOMP specific rule that compression must not grow the data from general compression semantics: Introduce a special name CRYPTO_DEFLATE_COMP_NOGROW/comp_algo_deflate_nogrow to describe the IPCOMP semantics and use it there. (being here, fix the check so that equal size is considered failure as well as required by RFC2393) Customers of CRYPTO_DEFLATE_COMP/comp_algo_deflate now always get deflated data back, even if they are not smaller than the original. -allow to pass a "size hint" to the DEFLATE decompression function which is used for the initial buffer allocation. Due to the changes done there, additional allocations and extra copies are avoided if the initial allocation is sufficient. Set the size hint to MCLBYTES (=2k) in IPCOMP which should be good for many use cases.
|
Revision tags: bouyer-quota2-base
|
#
1.27 |
|
10-Feb-2011 |
drochner |
Don't store temporary values in the opencrypto session data struct which can be shared by multiple threads -- pass them on the stack instead. Add some "const" to document this. (One _could_ use the session struct for temporary stuff with proper locking, but it seems unnecessary here.) Also remove the unused SW_crc member in the session struct. From Wolfgang Stukenbrock per PR kern/44472.
|
Revision tags: jruoho-x86intr-base matt-mips64-premerge-20101231 uebayasi-xip-base4 uebayasi-xip-base3 yamt-nfs-mp-base11 uebayasi-xip-base2 yamt-nfs-mp-base10
|
#
1.26 |
|
02-Aug-2010 |
jakllsch |
branches: 1.26.2; 1.26.4; Consistently use a single CRYPTO_SESID2HID-like macro. Improve CRYPTO_DEBUG printing a bit: print pointers with %p print unsigned with %u rather than %d use CRYPTO_SESID2LID instead of just casting to uint32_t
|
Revision tags: uebayasi-xip-base1 yamt-nfs-mp-base9 uebayasi-xip-base matt-premerge-20091211 yamt-nfs-mp-base8 yamt-nfs-mp-base7 jymxensuspend-base yamt-nfs-mp-base6 yamt-nfs-mp-base5 yamt-nfs-mp-base4 jym-xensuspend-nbase yamt-nfs-mp-base3 nick-hppapmap-base4 nick-hppapmap-base3 jym-xensuspend-base nick-hppapmap-base
|
#
1.25 |
|
18-Apr-2009 |
tsutsui |
branches: 1.25.2; 1.25.4; Remove extra whitespace added by a stupid tool. XXX: more in src/sys/arch
|
#
1.24 |
|
25-Mar-2009 |
darran |
Fixes PR kern/41069 and PR kern/41070.
Extends the Opencrypto API to allow the destination buffer size to be specified when its not the same size as the input buffer (i.e. for operations like compress and decompress). The crypto_op and crypt_n_op structures gain a u_int dst_len field. The session_op structure gains a comp_alg field to specify a compression algorithm. Moved four ioctls to new ids; CIOCGSESSION, CIOCNGSESSION, CIOCCRYPT, and CIOCNCRYPTM. Added four backward compatible ioctls; OCIOCGSESSION, OCIOCNGSESSION, OCIOCCRYPT, and OCIOCNCRYPTM.
Backward compatibility is maintained in ocryptodev.h and ocryptodev.c which implement the original ioctls and set dst_len and comp_alg to 0.
Adds user-space access to compression features.
Adds software gzip support (CRYPTO_GZIP_COMP).
Adds the fast version of crc32 from zlib to libkern. This should be generally useful and provide a place to start normalizing the various crc32 routines in the kernel. The crc32 routine is used in this patch to support GZIP.
With input and support from tls@NetBSD.org.
|
#
1.23 |
|
18-Mar-2009 |
cegger |
bcopy -> memcpy
|
#
1.22 |
|
18-Mar-2009 |
cegger |
bzero -> memset
|
Revision tags: nick-hppapmap-base2 mjf-devfs2-base
|
#
1.21 |
|
17-Dec-2008 |
cegger |
branches: 1.21.2; kill MALLOC and FREE macros.
|
Revision tags: matt-nb5-mips64-premerge-20101231 matt-nb5-mips64-k15 netbsd-5-0-2-RELEASE matt-nb5-mips64-premerge-20091211 matt-nb5-mips64-u2-k2-k4-k7-k8-k9 matt-nb4-mips64-k7-u2a-k9b matt-nb5-mips64-u1-k1-k5 netbsd-5-0-1-RELEASE netbsd-5-0-RELEASE netbsd-5-0-RC4 netbsd-5-0-RC3 netbsd-5-0-RC2 netbsd-5-0-RC1 haad-dm-base2 haad-nbase2 ad-audiomp2-base netbsd-5-base matt-mips64-base2 haad-dm-base1 wrstuden-revivesa-base-4 wrstuden-revivesa-base-3 wrstuden-revivesa-base-2 haad-dm-base wrstuden-revivesa-base-1 simonb-wapbl-nbase yamt-pf42-base4 simonb-wapbl-base yamt-pf42-base3 hpcarm-cleanup-nbase yamt-pf42-baseX yamt-pf42-base2 yamt-nfs-mp-base2 wrstuden-revivesa-base yamt-nfs-mp-base yamt-pf42-base ad-socklock-base1 yamt-lazymbuf-base15 yamt-lazymbuf-base14 keiichi-mipv6-nbase nick-net80211-sync-base keiichi-mipv6-base matt-armv6-nbase mjf-devfs-base hpcarm-cleanup-base
|
#
1.20 |
|
04-Feb-2008 |
tls |
branches: 1.20.6; 1.20.10; 1.20.18; 1.20.20; 1.20.26; Rework opencrypto to use a spin mutex (crypto_mtx) instead of "splcrypto" (actually splnet) and condvars instead of tsleep/wakeup. Fix a few miscellaneous problems and add some debugging printfs while there.
Restore set of CRYPTO_F_DONE in crypto_done() which was lost at some point after this code came from FreeBSD -- it made it impossible to wait properly for a condition.
Add flags analogous to the "crp" flags to the key operation's krp struct. Add a new flag, CRYPTO_F_ONRETQ which tells us a request finished before the kthread had a chance to dequeue it and call its callback -- this was letting requests stick on the queues before even though done and copied out.
Callers of crypto_newsession() or crypto_freesession() must now take the mutex. Change netipsec to do so. Dispatch takes the mutex itself as needed.
This was tested fairly extensively with the cryptosoft backend and lightly with a new hardware driver. It has not been tested with FAST_IPSEC; I am unable to ascertain whether FAST_IPSEC currently works at all in our tree.
pjd@FreeBSD.ORG, ad@NetBSD.ORG, and darran@snark.us pointed me in the right direction several times in the course of this. Remaining bugs are mine alone.
|
#
1.19 |
|
02-Feb-2008 |
tls |
Add CRYPTO_*_HMAC_96 defines -- missed this file in previous commit.
|
#
1.18 |
|
01-Feb-2008 |
tls |
This code never worked on a released version of FreeBSD in the form it's been in in our tree, and certainly does not work on any version of FreeBSD now. Run through unifdef -D__NetBSD__ -U__FreeBSD__ yielding a small reduction of size and a dramatic improvement in readability.
No, this does not yield any meaningful decrease in patchability (unlike mechanical changes that touch live source lines) -- try it and see.
|
Revision tags: nick-csl-alignment-base5 bouyer-xeni386-merge1 matt-armv6-prevmlocking vmlocking2-base3 bouyer-xeni386-nbase yamt-kmem-base3 cube-autoconf-base yamt-kmem-base2 bouyer-xeni386-base yamt-kmem-base vmlocking2-base2 reinoud-bufcleanup-nbase vmlocking2-base1 jmcneill-base bouyer-xenamd64-base2 vmlocking-nbase yamt-x86pmap-base4 bouyer-xenamd64-base yamt-x86pmap-base3 yamt-x86pmap-base2 yamt-x86pmap-base matt-armv6-base matt-mips64-base jmcneill-pm-base nick-csl-alignment-base yamt-idlelwp-base8 thorpej-atomic-base reinoud-bufcleanup-base mjf-ufs-trans-base vmlocking-base
|
#
1.17 |
|
04-Mar-2007 |
christos |
branches: 1.17.16; 1.17.22; Kill caddr_t; there will be some MI fallout, but it will be fixed shortly.
|
Revision tags: ad-audiomp-base
|
#
1.16 |
|
17-Feb-2007 |
daniel |
branches: 1.16.2; Add an opencrypto provider for the AES xcrypt instructions found on VIA C5P and later cores (also known as 'ACE', which is part of the VIA PadLock security engine). Ported from OpenBSD.
Reviewed on tech-crypto and port-i386, no objections to commiting this.
|
Revision tags: netbsd-4-0-1-RELEASE wrstuden-fixsa-newbase wrstuden-fixsa-base-1 netbsd-4-0-RELEASE netbsd-4-0-RC5 matt-nb4-arm-base netbsd-4-0-RC4 netbsd-4-0-RC3 netbsd-4-0-RC2 netbsd-4-0-RC1 wrstuden-fixsa-base post-newlock2-merge newlock2-nbase yamt-splraiseipl-base5 yamt-splraiseipl-base4 yamt-splraiseipl-base3 newlock2-base netbsd-4-base
|
#
1.15 |
|
16-Nov-2006 |
christos |
__unused removal on arguments; approved by core.
|
Revision tags: yamt-splraiseipl-base2
|
#
1.14 |
|
12-Oct-2006 |
christos |
- sprinkle __unused on function decls. - fix a couple of unused bugs - no more -Wno-unused for i386
|
Revision tags: abandoned-netbsd-4-base yamt-splraiseipl-base yamt-pdpolicy-base9 yamt-pdpolicy-base8 yamt-pdpolicy-base7 yamt-pdpolicy-base6 chap-midi-nbase gdamore-uart-base yamt-pdpolicy-base5 chap-midi-base yamt-pdpolicy-base4 elad-kernelauth-base simonb-timecounters-base rpaulo-netinet-merge-pcb-base
|
#
1.13 |
|
02-Apr-2006 |
dsl |
branches: 1.13.8; 1.13.10; malloc data the size the pointer points to, not the size of a pointer. Maybe we get away with this (at least on 32bit archs) because the structure is 24 bytes and I bet the minimum allocation size is 32. Fixed coverty CIDs 2732 and 2733
|
Revision tags: yamt-pdpolicy-base3
|
#
1.12 |
|
17-Mar-2006 |
christos |
don't use MALLOC with a non-constant size; use malloc instead.
|
Revision tags: peter-altq-base yamt-pdpolicy-base2 yamt-pdpolicy-base yamt-uio_vmspace-base5 yamt-readahead-base3 ktrace-lwp-base
|
#
1.11 |
|
25-Nov-2005 |
thorpej |
branches: 1.11.4; 1.11.6; 1.11.8; 1.11.10; 1.11.12; swcr -> swcrypto
|
#
1.10 |
|
25-Nov-2005 |
thorpej |
- De-couple the software crypto implementation from the rest of the framework. There is no need to waste the space if you are only using algoritms provided by hardware accelerators. To get the software implementations, add "pseudo-device swcr" to your kernel config. - Lazily initialize the opencrypto framework when crypto drivers (either hardware or swcr) register themselves with the framework.
|
Revision tags: netbsd-3-1-1-RELEASE netbsd-3-0-3-RELEASE netbsd-3-1-RELEASE netbsd-3-0-2-RELEASE netbsd-3-1-RC4 netbsd-3-1-RC3 netbsd-3-1-RC2 netbsd-3-1-RC1 netbsd-3-0-1-RELEASE netbsd-3-0-RELEASE netbsd-3-0-RC6 netbsd-3-0-RC5 netbsd-3-0-RC4 netbsd-3-0-RC3 yamt-readahead-base2 netbsd-3-0-RC2 yamt-readahead-pervnode yamt-readahead-perfile yamt-readahead-base netbsd-3-0-RC1 yamt-vop-base3 yamt-vop-base2 thorpej-vnode-attr-base yamt-vop-base yamt-km-base4 yamt-km-base3 netbsd-3-base kent-audio2-base
|
#
1.9 |
|
26-Feb-2005 |
perry |
branches: 1.9.4; 1.9.10; nuke trailing whitespace
|
Revision tags: netbsd-2-0-3-RELEASE netbsd-2-1-RELEASE netbsd-2-1-RC6 netbsd-2-1-RC5 netbsd-2-1-RC4 netbsd-2-1-RC3 netbsd-2-1-RC2 netbsd-2-1-RC1 netbsd-2-0-2-RELEASE yamt-km-base2 yamt-km-base netbsd-2-0-1-RELEASE kent-audio1-beforemerge netbsd-2-base kent-audio1-base netbsd-2-0-RELEASE netbsd-2-0-RC5 netbsd-2-0-RC4 netbsd-2-0-RC3 netbsd-2-0-RC2 netbsd-2-0-RC1 netbsd-2-0-base
|
#
1.8 |
|
27-Aug-2003 |
thorpej |
branches: 1.8.4; 1.8.10; 1.8.12; Some const poisoning.
|
#
1.7 |
|
26-Aug-2003 |
thorpej |
Remove a bunch of unnecessary includes.
|
#
1.6 |
|
25-Aug-2003 |
thorpej |
It's bad form to use the <opencrypto/rmd160.h> header file while using the crypto/ripemd160/rmd160.c implementation. Remove the opencrypto-local copies of these files entirely.
|
#
1.5 |
|
30-Jul-2003 |
jonathan |
Garbage-collect references to OpenBSD-only <dev/rndvar.h>.
|
#
1.4 |
|
28-Jul-2003 |
jonathan |
Remove vestiges of OpenBSD <sys/md5k.h> header.
|
#
1.3 |
|
27-Jul-2003 |
jonathan |
Cleanup traces of previous standalone m_apply()/m_getptr().
|
#
1.2 |
|
26-Jul-2003 |
jonathan |
Fix authentication hashes requested via /dev/crypto. The handler for userland hashes case was partly omitted in the OpenBSD -> FreeBSD port.
|
#
1.1 |
|
25-Jul-2003 |
jonathan |
Commit initial NetBSD port of the OpenCrypto Framework (OCF). This code is derived from Sam Leffler's FreeBSD port of OCF, which is in turn a port of Angelos Keromytis's OpenBSD work. Credit to Sam and Angelos, any blame for the NetBSD port to me.
|
#
1.57 |
|
04-Jul-2020 |
riastradh |
Fix kmem_free size in recent malloc->kmem conversion.
Should address this bracket report that has my name all over it:
https://mail-index.netbsd.org/current-users/2020/07/04/msg039059.html
|
#
1.56 |
|
29-Jun-2020 |
riastradh |
opencrypto: Switch from legacy rijndael API to new aes API.
While here, apply various rijndael->aes renames, reduce the size of aesxcbc_ctx by 480 bytes, and convert some malloc->kmem.
Leave in the symbol enc_xform_rijndael128 for now, though, so this doesn't break any kernel ABI.
|
#
1.55 |
|
14-Jun-2020 |
riastradh |
swcrypto(4): Simplify iv generation logic with cprng_fast.
|
Revision tags: bouyer-xenpvh-base2 phil-wifi-20200421 bouyer-xenpvh-base1 phil-wifi-20200411 bouyer-xenpvh-base is-mlppp-base phil-wifi-20200406 ad-namecache-base3 ad-namecache-base2 ad-namecache-base1 ad-namecache-base phil-wifi-20191119
|
#
1.54 |
|
12-Oct-2019 |
christos |
add (void *) intermediate casts to elide gcc function cast warnings. This is the simplest solution; choices: - add pragmas, complex and ugly (need to be gcc-specific) - add -Wno to COPTS. Needs to be done in many makefiles because of rump - add intermediate functions: slows down things
|
Revision tags: netbsd-9-0-RELEASE netbsd-9-0-RC2 netbsd-9-0-RC1 netbsd-9-base
|
#
1.53 |
|
11-Jul-2019 |
christos |
Disable unloading until we keep track of references
|
Revision tags: phil-wifi-20190609 isaki-audio2-base pgoyette-compat-merge-20190127 pgoyette-compat-20190127 pgoyette-compat-20190118 pgoyette-compat-1226 pgoyette-compat-1126 pgoyette-compat-1020 pgoyette-compat-0930 pgoyette-compat-0906 pgoyette-compat-0728 phil-wifi-base pgoyette-compat-0625 pgoyette-compat-0521 pgoyette-compat-0502 pgoyette-compat-0422 pgoyette-compat-0415 pgoyette-compat-0407 pgoyette-compat-0330 pgoyette-compat-0322 pgoyette-compat-0315 pgoyette-compat-base tls-maxphys-base-20171202 nick-nhusb-base-20170825 perseant-stdc-iso10646-base
|
#
1.52 |
|
23-Jun-2017 |
knakahara |
branches: 1.52.6; fix cryptosoft.c:r1.51 mistake. swcrypto_attach() must not be called from module_init_class().
swcrypto_attach() will call softint_establish(), it must be called after cpus attached. module_init_class() is too early to call softint_establish().
|
Revision tags: netbsd-8-base
|
#
1.51 |
|
01-Jun-2017 |
knakahara |
branches: 1.51.2; swcrypto0 was initialized twice. Fix like pseudo network interfaces.
ok by pgoyette@n.o.
|
Revision tags: prg-localcount2-base3
|
#
1.50 |
|
17-May-2017 |
knakahara |
opencrypto: cleanup debug messages.
|
Revision tags: prg-localcount2-base2 prg-localcount2-base1 prg-localcount2-base pgoyette-localcount-20170426 bouyer-socketcan-base1
|
#
1.49 |
|
18-Apr-2017 |
maya |
branches: 1.49.2; Remove duplicate assignment. We assign the same value unconditionally just before.
from clang static analyzer
XXX surrounding code seems fishy
|
#
1.48 |
|
13-Apr-2017 |
ozaki-r |
Fix usage of MD5Final/SHA1Final
Passing NULL as the digest parameter is wrong.
|
Revision tags: jdolecek-ncq-base pgoyette-localcount-20170320 nick-nhusb-base-20170204 bouyer-socketcan-base pgoyette-localcount-20170107 nick-nhusb-base-20161204 pgoyette-localcount-20161104 nick-nhusb-base-20161004 localcount-20160914 pgoyette-localcount-20160806 pgoyette-localcount-20160726 pgoyette-localcount-base nick-nhusb-base-20160907 nick-nhusb-base-20160529 nick-nhusb-base-20160422 nick-nhusb-base-20160319 nick-nhusb-base-20151226 nick-nhusb-base-20150921
|
#
1.47 |
|
20-Aug-2015 |
christos |
branches: 1.47.2; 1.47.4; include "ioconf.h" to get the 'void <driver>attach(int count);' prototype.
|
Revision tags: netbsd-7-2-RELEASE netbsd-7-1-2-RELEASE netbsd-7-1-1-RELEASE netbsd-7-1-RELEASE netbsd-7-1-RC2 netbsd-7-nhusb-base-20170116 netbsd-7-1-RC1 netbsd-7-0-2-RELEASE netbsd-7-nhusb-base netbsd-7-0-1-RELEASE netbsd-7-0-RELEASE netbsd-7-0-RC3 netbsd-7-0-RC2 netbsd-7-0-RC1 nick-nhusb-base-20150606 nick-nhusb-base-20150406 nick-nhusb-base netbsd-7-base tls-earlyentropy-base tls-maxphys-base
|
#
1.46 |
|
02-Jul-2014 |
riastradh |
branches: 1.46.4; If we register with pmf on attach, deregister on detach.
|
#
1.45 |
|
21-Jun-2014 |
christos |
register with pmf.
|
Revision tags: yamt-pagecache-base9 riastradh-xf86-video-intel-2-7-1-pre-2-21-15 riastradh-drm2-base3 rmind-smpnet-nbase rmind-smpnet-base
|
#
1.44 |
|
01-Jan-2014 |
pgoyette |
branches: 1.44.2; Modularize the opencrypto components and link to the build
|
#
1.43 |
|
12-Sep-2013 |
martin |
Remove unused variable
|
Revision tags: riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base
|
#
1.42 |
|
24-Jun-2013 |
riastradh |
branches: 1.42.2; Replace consttime_bcmp/explicit_bzero by consttime_memequal/explicit_memset.
consttime_memequal is the same as the old consttime_bcmp. explicit_memset is to memset as explicit_bzero was to bcmp.
Passes amd64 release and i386/ALL, but I'm sure I missed some spots, so please let me know.
|
Revision tags: agc-symver-base
|
#
1.41 |
|
02-Feb-2013 |
christos |
fix compilation
|
Revision tags: yamt-pagecache-base8 yamt-pagecache-base7 yamt-pagecache-base6
|
#
1.40 |
|
30-Aug-2012 |
drochner |
branches: 1.40.2; Add "consttime_bcmp" and "explicit_bzero" functions for both kernel abd userland, as proposed on tech-security, with explicit_bzero using a volatile function pointer as suggested by Alan Barrett. Both do what the name says. For userland, both are prefixed by "__" to keep them out of the user namespace. Change some memset/memcmp uses to the new functions where it makes sense -- these are just some examples, more to come.
|
Revision tags: netbsd-6-0-6-RELEASE netbsd-6-1-5-RELEASE netbsd-6-1-4-RELEASE netbsd-6-0-5-RELEASE netbsd-6-1-3-RELEASE netbsd-6-0-4-RELEASE netbsd-6-1-2-RELEASE netbsd-6-0-3-RELEASE netbsd-6-1-1-RELEASE netbsd-6-0-2-RELEASE netbsd-6-1-RELEASE netbsd-6-1-RC4 netbsd-6-1-RC3 netbsd-6-1-RC2 netbsd-6-1-RC1 netbsd-6-0-1-RELEASE matt-nb6-plus-nbase netbsd-6-0-RELEASE netbsd-6-0-RC2 matt-nb6-plus-base netbsd-6-0-RC1 jmcneill-usbmp-base10 yamt-pagecache-base5 jmcneill-usbmp-base9 yamt-pagecache-base4 jmcneill-usbmp-base8 jmcneill-usbmp-base7 jmcneill-usbmp-base6 jmcneill-usbmp-base5 jmcneill-usbmp-base4 jmcneill-usbmp-base3 jmcneill-usbmp-pre-base2 jmcneill-usbmp-base2 netbsd-6-base jmcneill-usbmp-base
|
#
1.39 |
|
28-Nov-2011 |
tls |
Remove arc4random() and arc4randbytes() from the kernel API. Replace arc4random() hacks in rump with stubs that call the host arc4random() to get numbers that are hopefully actually random (arc4random() keyed with stack junk is not). This should fix some of the currently failing anita tests -- we should no longer generate duplicate "random" MAC addresses in the test environment.
|
Revision tags: jmcneill-audiomp3-base yamt-pagecache-base3 yamt-pagecache-base2 yamt-pagecache-base rmind-uvmplock-nbase rmind-uvmplock-base
|
#
1.38 |
|
07-Jun-2011 |
drochner |
branches: 1.38.2; use a simple counter as IV for AES-GMAC as suggested in RFC4543
|
Revision tags: cherry-xenmp-base
|
#
1.37 |
|
26-May-2011 |
drochner |
branches: 1.37.2; pull in AES-GCM/GMAC support from OpenBSD This is still somewhat experimental. Tested between 2 similar boxes so far. There is much potential for performance improvement. For now, I've changed the gmac code to accept any data alignment, as the "char *" pointer suggests. As the code is practically used, 32-bit alignment can be assumed, at the cost of data copies. I don't know whether bytewise access or copies are worse performance-wise. For efficient implementations using SSE2 instructions on x86, even stricter alignment requirements might arise.
|
#
1.36 |
|
24-May-2011 |
drochner |
copy AES-XCBC-MAC support from KAME IPSEC to FAST_IPSEC For this to fit, an API change in cryptosoft was adopted from OpenBSD (addition of a "Setkey" method to hashes) which was done for GCM/GMAC support there, so it might be useful in the future anyway. tested against KAME IPSEC AFAICT, FAST_IPSEC now supports as much as KAME.
|
#
1.35 |
|
24-May-2011 |
drochner |
move the "context size" struct member (which is a pure software implementation thing) from the abstract xform descriptor to the cryptosoft implementation part -- for sanity, and now clients of opencrypto don't depend on headers of cipher implementations anymore
|
#
1.34 |
|
24-May-2011 |
drochner |
Change the way the IV is generated for AES-CTR: use a simple counter instead of arc4random(). AES-CTR is sensitive against IV recurrence (with the same key / nonce), and a random number doesn't give that guarantee. This needs a little API change in cryptosoft -- I've suggested it to Open/FreeBSD, might change it depending on feedback. Thanks to Steven Bellovin for hints.
|
#
1.33 |
|
23-May-2011 |
drochner |
add an AES-CTR xform, from OpenBSD
|
#
1.32 |
|
23-May-2011 |
drochner |
-in the descriptor for encryption xforms, split the "blocksize" field into "blocksize" and "IV size" -add an "reinit" function pointer which, if set, means that the xform does its IV handling itself and doesn't want the default CBC handling by the framework (poor name, but left that way to avoid unecessary differences) This syncs with Open/FreeBSD, purpose is to allow non-CBC transforms. Refer to ivsize instead of blocksize where appropriate. (At this point, blocksize and ivsize are identical.)
|
#
1.31 |
|
21-May-2011 |
drochner |
fix a logics bug (which has been here from the beginning) which made that only 96 random bits were used for IV generation, this caused eg that the last 4 bytes of the IV in ESP/AES-CBC were constant, leaking kernel memory affects FAST_IPSEC only
|
#
1.30 |
|
05-May-2011 |
drochner |
support camellia-cbc by swcrypt
|
Revision tags: bouyer-quota2-nbase
|
#
1.29 |
|
25-Feb-2011 |
drochner |
make the use of SHA2-HMAC by FAST_IPSEC compliant to current standards: -RFC2104 says that the block size of the hash algorithm must be used for key/ipad/opad calculations. While formerly all ciphers used a block length of 64, SHA384 and SHA512 use 128 bytes. So we can't use the HMAC_BLOCK_LEN constant anymore. Add a new field to "struct auth_hash" for the per-cipher blocksize. -Due to this, there can't be a single "CRYPTO_SHA2_HMAC" external name anymore. Replace this by 3 for the 3 different keysizes. This was done by Open/FreeBSD before. -Also fix the number of authenticator bits used tor ESP and AH to conform to RFC4868, and remove uses of AH_HMAC_HASHLEN which did assume a fixed authenticator size of 12 bytes.
FAST_IPSEC will not interoperate with KAME IPSEC anymore if sha2 is used, because the latter doesn't implement these standards. It should interoperate with at least modern Free/OpenBSD now. (I've only tested with NetBSD-current/FAST_IPSEC on both ends.)
|
#
1.28 |
|
24-Feb-2011 |
drochner |
small modifications in dealing with the unknown result size of compression/ decompression: -seperate the IPCOMP specific rule that compression must not grow the data from general compression semantics: Introduce a special name CRYPTO_DEFLATE_COMP_NOGROW/comp_algo_deflate_nogrow to describe the IPCOMP semantics and use it there. (being here, fix the check so that equal size is considered failure as well as required by RFC2393) Customers of CRYPTO_DEFLATE_COMP/comp_algo_deflate now always get deflated data back, even if they are not smaller than the original. -allow to pass a "size hint" to the DEFLATE decompression function which is used for the initial buffer allocation. Due to the changes done there, additional allocations and extra copies are avoided if the initial allocation is sufficient. Set the size hint to MCLBYTES (=2k) in IPCOMP which should be good for many use cases.
|
Revision tags: bouyer-quota2-base
|
#
1.27 |
|
10-Feb-2011 |
drochner |
Don't store temporary values in the opencrypto session data struct which can be shared by multiple threads -- pass them on the stack instead. Add some "const" to document this. (One _could_ use the session struct for temporary stuff with proper locking, but it seems unnecessary here.) Also remove the unused SW_crc member in the session struct. From Wolfgang Stukenbrock per PR kern/44472.
|
Revision tags: jruoho-x86intr-base matt-mips64-premerge-20101231 uebayasi-xip-base4 uebayasi-xip-base3 yamt-nfs-mp-base11 uebayasi-xip-base2 yamt-nfs-mp-base10
|
#
1.26 |
|
02-Aug-2010 |
jakllsch |
branches: 1.26.2; 1.26.4; Consistently use a single CRYPTO_SESID2HID-like macro. Improve CRYPTO_DEBUG printing a bit: print pointers with %p print unsigned with %u rather than %d use CRYPTO_SESID2LID instead of just casting to uint32_t
|
Revision tags: uebayasi-xip-base1 yamt-nfs-mp-base9 uebayasi-xip-base matt-premerge-20091211 yamt-nfs-mp-base8 yamt-nfs-mp-base7 jymxensuspend-base yamt-nfs-mp-base6 yamt-nfs-mp-base5 yamt-nfs-mp-base4 jym-xensuspend-nbase yamt-nfs-mp-base3 nick-hppapmap-base4 nick-hppapmap-base3 jym-xensuspend-base nick-hppapmap-base
|
#
1.25 |
|
18-Apr-2009 |
tsutsui |
branches: 1.25.2; 1.25.4; Remove extra whitespace added by a stupid tool. XXX: more in src/sys/arch
|
#
1.24 |
|
25-Mar-2009 |
darran |
Fixes PR kern/41069 and PR kern/41070.
Extends the Opencrypto API to allow the destination buffer size to be specified when its not the same size as the input buffer (i.e. for operations like compress and decompress). The crypto_op and crypt_n_op structures gain a u_int dst_len field. The session_op structure gains a comp_alg field to specify a compression algorithm. Moved four ioctls to new ids; CIOCGSESSION, CIOCNGSESSION, CIOCCRYPT, and CIOCNCRYPTM. Added four backward compatible ioctls; OCIOCGSESSION, OCIOCNGSESSION, OCIOCCRYPT, and OCIOCNCRYPTM.
Backward compatibility is maintained in ocryptodev.h and ocryptodev.c which implement the original ioctls and set dst_len and comp_alg to 0.
Adds user-space access to compression features.
Adds software gzip support (CRYPTO_GZIP_COMP).
Adds the fast version of crc32 from zlib to libkern. This should be generally useful and provide a place to start normalizing the various crc32 routines in the kernel. The crc32 routine is used in this patch to support GZIP.
With input and support from tls@NetBSD.org.
|
#
1.23 |
|
18-Mar-2009 |
cegger |
bcopy -> memcpy
|
#
1.22 |
|
18-Mar-2009 |
cegger |
bzero -> memset
|
Revision tags: nick-hppapmap-base2 mjf-devfs2-base
|
#
1.21 |
|
17-Dec-2008 |
cegger |
branches: 1.21.2; kill MALLOC and FREE macros.
|
Revision tags: matt-nb5-mips64-premerge-20101231 matt-nb5-mips64-k15 netbsd-5-0-2-RELEASE matt-nb5-mips64-premerge-20091211 matt-nb5-mips64-u2-k2-k4-k7-k8-k9 matt-nb4-mips64-k7-u2a-k9b matt-nb5-mips64-u1-k1-k5 netbsd-5-0-1-RELEASE netbsd-5-0-RELEASE netbsd-5-0-RC4 netbsd-5-0-RC3 netbsd-5-0-RC2 netbsd-5-0-RC1 haad-dm-base2 haad-nbase2 ad-audiomp2-base netbsd-5-base matt-mips64-base2 haad-dm-base1 wrstuden-revivesa-base-4 wrstuden-revivesa-base-3 wrstuden-revivesa-base-2 haad-dm-base wrstuden-revivesa-base-1 simonb-wapbl-nbase yamt-pf42-base4 simonb-wapbl-base yamt-pf42-base3 hpcarm-cleanup-nbase yamt-pf42-baseX yamt-pf42-base2 yamt-nfs-mp-base2 wrstuden-revivesa-base yamt-nfs-mp-base yamt-pf42-base ad-socklock-base1 yamt-lazymbuf-base15 yamt-lazymbuf-base14 keiichi-mipv6-nbase nick-net80211-sync-base keiichi-mipv6-base matt-armv6-nbase mjf-devfs-base hpcarm-cleanup-base
|
#
1.20 |
|
04-Feb-2008 |
tls |
branches: 1.20.6; 1.20.10; 1.20.18; 1.20.20; 1.20.26; Rework opencrypto to use a spin mutex (crypto_mtx) instead of "splcrypto" (actually splnet) and condvars instead of tsleep/wakeup. Fix a few miscellaneous problems and add some debugging printfs while there.
Restore set of CRYPTO_F_DONE in crypto_done() which was lost at some point after this code came from FreeBSD -- it made it impossible to wait properly for a condition.
Add flags analogous to the "crp" flags to the key operation's krp struct. Add a new flag, CRYPTO_F_ONRETQ which tells us a request finished before the kthread had a chance to dequeue it and call its callback -- this was letting requests stick on the queues before even though done and copied out.
Callers of crypto_newsession() or crypto_freesession() must now take the mutex. Change netipsec to do so. Dispatch takes the mutex itself as needed.
This was tested fairly extensively with the cryptosoft backend and lightly with a new hardware driver. It has not been tested with FAST_IPSEC; I am unable to ascertain whether FAST_IPSEC currently works at all in our tree.
pjd@FreeBSD.ORG, ad@NetBSD.ORG, and darran@snark.us pointed me in the right direction several times in the course of this. Remaining bugs are mine alone.
|
#
1.19 |
|
02-Feb-2008 |
tls |
Add CRYPTO_*_HMAC_96 defines -- missed this file in previous commit.
|
#
1.18 |
|
01-Feb-2008 |
tls |
This code never worked on a released version of FreeBSD in the form it's been in in our tree, and certainly does not work on any version of FreeBSD now. Run through unifdef -D__NetBSD__ -U__FreeBSD__ yielding a small reduction of size and a dramatic improvement in readability.
No, this does not yield any meaningful decrease in patchability (unlike mechanical changes that touch live source lines) -- try it and see.
|
Revision tags: nick-csl-alignment-base5 bouyer-xeni386-merge1 matt-armv6-prevmlocking vmlocking2-base3 bouyer-xeni386-nbase yamt-kmem-base3 cube-autoconf-base yamt-kmem-base2 bouyer-xeni386-base yamt-kmem-base vmlocking2-base2 reinoud-bufcleanup-nbase vmlocking2-base1 jmcneill-base bouyer-xenamd64-base2 vmlocking-nbase yamt-x86pmap-base4 bouyer-xenamd64-base yamt-x86pmap-base3 yamt-x86pmap-base2 yamt-x86pmap-base matt-armv6-base matt-mips64-base jmcneill-pm-base nick-csl-alignment-base yamt-idlelwp-base8 thorpej-atomic-base reinoud-bufcleanup-base mjf-ufs-trans-base vmlocking-base
|
#
1.17 |
|
04-Mar-2007 |
christos |
branches: 1.17.16; 1.17.22; Kill caddr_t; there will be some MI fallout, but it will be fixed shortly.
|
Revision tags: ad-audiomp-base
|
#
1.16 |
|
17-Feb-2007 |
daniel |
branches: 1.16.2; Add an opencrypto provider for the AES xcrypt instructions found on VIA C5P and later cores (also known as 'ACE', which is part of the VIA PadLock security engine). Ported from OpenBSD.
Reviewed on tech-crypto and port-i386, no objections to commiting this.
|
Revision tags: netbsd-4-0-1-RELEASE wrstuden-fixsa-newbase wrstuden-fixsa-base-1 netbsd-4-0-RELEASE netbsd-4-0-RC5 matt-nb4-arm-base netbsd-4-0-RC4 netbsd-4-0-RC3 netbsd-4-0-RC2 netbsd-4-0-RC1 wrstuden-fixsa-base post-newlock2-merge newlock2-nbase yamt-splraiseipl-base5 yamt-splraiseipl-base4 yamt-splraiseipl-base3 newlock2-base netbsd-4-base
|
#
1.15 |
|
16-Nov-2006 |
christos |
__unused removal on arguments; approved by core.
|
Revision tags: yamt-splraiseipl-base2
|
#
1.14 |
|
12-Oct-2006 |
christos |
- sprinkle __unused on function decls. - fix a couple of unused bugs - no more -Wno-unused for i386
|
Revision tags: abandoned-netbsd-4-base yamt-splraiseipl-base yamt-pdpolicy-base9 yamt-pdpolicy-base8 yamt-pdpolicy-base7 yamt-pdpolicy-base6 chap-midi-nbase gdamore-uart-base yamt-pdpolicy-base5 chap-midi-base yamt-pdpolicy-base4 elad-kernelauth-base simonb-timecounters-base rpaulo-netinet-merge-pcb-base
|
#
1.13 |
|
02-Apr-2006 |
dsl |
branches: 1.13.8; 1.13.10; malloc data the size the pointer points to, not the size of a pointer. Maybe we get away with this (at least on 32bit archs) because the structure is 24 bytes and I bet the minimum allocation size is 32. Fixed coverty CIDs 2732 and 2733
|
Revision tags: yamt-pdpolicy-base3
|
#
1.12 |
|
17-Mar-2006 |
christos |
don't use MALLOC with a non-constant size; use malloc instead.
|
Revision tags: peter-altq-base yamt-pdpolicy-base2 yamt-pdpolicy-base yamt-uio_vmspace-base5 yamt-readahead-base3 ktrace-lwp-base
|
#
1.11 |
|
25-Nov-2005 |
thorpej |
branches: 1.11.4; 1.11.6; 1.11.8; 1.11.10; 1.11.12; swcr -> swcrypto
|
#
1.10 |
|
25-Nov-2005 |
thorpej |
- De-couple the software crypto implementation from the rest of the framework. There is no need to waste the space if you are only using algoritms provided by hardware accelerators. To get the software implementations, add "pseudo-device swcr" to your kernel config. - Lazily initialize the opencrypto framework when crypto drivers (either hardware or swcr) register themselves with the framework.
|
Revision tags: netbsd-3-1-1-RELEASE netbsd-3-0-3-RELEASE netbsd-3-1-RELEASE netbsd-3-0-2-RELEASE netbsd-3-1-RC4 netbsd-3-1-RC3 netbsd-3-1-RC2 netbsd-3-1-RC1 netbsd-3-0-1-RELEASE netbsd-3-0-RELEASE netbsd-3-0-RC6 netbsd-3-0-RC5 netbsd-3-0-RC4 netbsd-3-0-RC3 yamt-readahead-base2 netbsd-3-0-RC2 yamt-readahead-pervnode yamt-readahead-perfile yamt-readahead-base netbsd-3-0-RC1 yamt-vop-base3 yamt-vop-base2 thorpej-vnode-attr-base yamt-vop-base yamt-km-base4 yamt-km-base3 netbsd-3-base kent-audio2-base
|
#
1.9 |
|
26-Feb-2005 |
perry |
branches: 1.9.4; 1.9.10; nuke trailing whitespace
|
Revision tags: netbsd-2-0-3-RELEASE netbsd-2-1-RELEASE netbsd-2-1-RC6 netbsd-2-1-RC5 netbsd-2-1-RC4 netbsd-2-1-RC3 netbsd-2-1-RC2 netbsd-2-1-RC1 netbsd-2-0-2-RELEASE yamt-km-base2 yamt-km-base netbsd-2-0-1-RELEASE kent-audio1-beforemerge netbsd-2-base kent-audio1-base netbsd-2-0-RELEASE netbsd-2-0-RC5 netbsd-2-0-RC4 netbsd-2-0-RC3 netbsd-2-0-RC2 netbsd-2-0-RC1 netbsd-2-0-base
|
#
1.8 |
|
27-Aug-2003 |
thorpej |
branches: 1.8.4; 1.8.10; 1.8.12; Some const poisoning.
|
#
1.7 |
|
26-Aug-2003 |
thorpej |
Remove a bunch of unnecessary includes.
|
#
1.6 |
|
25-Aug-2003 |
thorpej |
It's bad form to use the <opencrypto/rmd160.h> header file while using the crypto/ripemd160/rmd160.c implementation. Remove the opencrypto-local copies of these files entirely.
|
#
1.5 |
|
30-Jul-2003 |
jonathan |
Garbage-collect references to OpenBSD-only <dev/rndvar.h>.
|
#
1.4 |
|
28-Jul-2003 |
jonathan |
Remove vestiges of OpenBSD <sys/md5k.h> header.
|
#
1.3 |
|
27-Jul-2003 |
jonathan |
Cleanup traces of previous standalone m_apply()/m_getptr().
|
#
1.2 |
|
26-Jul-2003 |
jonathan |
Fix authentication hashes requested via /dev/crypto. The handler for userland hashes case was partly omitted in the OpenBSD -> FreeBSD port.
|
#
1.1 |
|
25-Jul-2003 |
jonathan |
Commit initial NetBSD port of the OpenCrypto Framework (OCF). This code is derived from Sam Leffler's FreeBSD port of OCF, which is in turn a port of Angelos Keromytis's OpenBSD work. Credit to Sam and Angelos, any blame for the NetBSD port to me.
|
#
1.56 |
|
29-Jun-2020 |
riastradh |
opencrypto: Switch from legacy rijndael API to new aes API.
While here, apply various rijndael->aes renames, reduce the size of aesxcbc_ctx by 480 bytes, and convert some malloc->kmem.
Leave in the symbol enc_xform_rijndael128 for now, though, so this doesn't break any kernel ABI.
|
#
1.55 |
|
14-Jun-2020 |
riastradh |
swcrypto(4): Simplify iv generation logic with cprng_fast.
|
Revision tags: bouyer-xenpvh-base2 phil-wifi-20200421 bouyer-xenpvh-base1 phil-wifi-20200411 bouyer-xenpvh-base is-mlppp-base phil-wifi-20200406 ad-namecache-base3 ad-namecache-base2 ad-namecache-base1 ad-namecache-base phil-wifi-20191119
|
#
1.54 |
|
12-Oct-2019 |
christos |
add (void *) intermediate casts to elide gcc function cast warnings. This is the simplest solution; choices: - add pragmas, complex and ugly (need to be gcc-specific) - add -Wno to COPTS. Needs to be done in many makefiles because of rump - add intermediate functions: slows down things
|
Revision tags: netbsd-9-0-RELEASE netbsd-9-0-RC2 netbsd-9-0-RC1 netbsd-9-base
|
#
1.53 |
|
11-Jul-2019 |
christos |
Disable unloading until we keep track of references
|
Revision tags: phil-wifi-20190609 isaki-audio2-base pgoyette-compat-merge-20190127 pgoyette-compat-20190127 pgoyette-compat-20190118 pgoyette-compat-1226 pgoyette-compat-1126 pgoyette-compat-1020 pgoyette-compat-0930 pgoyette-compat-0906 pgoyette-compat-0728 phil-wifi-base pgoyette-compat-0625 pgoyette-compat-0521 pgoyette-compat-0502 pgoyette-compat-0422 pgoyette-compat-0415 pgoyette-compat-0407 pgoyette-compat-0330 pgoyette-compat-0322 pgoyette-compat-0315 pgoyette-compat-base tls-maxphys-base-20171202 nick-nhusb-base-20170825 perseant-stdc-iso10646-base
|
#
1.52 |
|
23-Jun-2017 |
knakahara |
branches: 1.52.6; fix cryptosoft.c:r1.51 mistake. swcrypto_attach() must not be called from module_init_class().
swcrypto_attach() will call softint_establish(), it must be called after cpus attached. module_init_class() is too early to call softint_establish().
|
Revision tags: netbsd-8-base
|
#
1.51 |
|
01-Jun-2017 |
knakahara |
branches: 1.51.2; swcrypto0 was initialized twice. Fix like pseudo network interfaces.
ok by pgoyette@n.o.
|
Revision tags: prg-localcount2-base3
|
#
1.50 |
|
17-May-2017 |
knakahara |
opencrypto: cleanup debug messages.
|
Revision tags: prg-localcount2-base2 prg-localcount2-base1 prg-localcount2-base pgoyette-localcount-20170426 bouyer-socketcan-base1
|
#
1.49 |
|
18-Apr-2017 |
maya |
branches: 1.49.2; Remove duplicate assignment. We assign the same value unconditionally just before.
from clang static analyzer
XXX surrounding code seems fishy
|
#
1.48 |
|
13-Apr-2017 |
ozaki-r |
Fix usage of MD5Final/SHA1Final
Passing NULL as the digest parameter is wrong.
|
Revision tags: jdolecek-ncq-base pgoyette-localcount-20170320 nick-nhusb-base-20170204 bouyer-socketcan-base pgoyette-localcount-20170107 nick-nhusb-base-20161204 pgoyette-localcount-20161104 nick-nhusb-base-20161004 localcount-20160914 pgoyette-localcount-20160806 pgoyette-localcount-20160726 pgoyette-localcount-base nick-nhusb-base-20160907 nick-nhusb-base-20160529 nick-nhusb-base-20160422 nick-nhusb-base-20160319 nick-nhusb-base-20151226 nick-nhusb-base-20150921
|
#
1.47 |
|
20-Aug-2015 |
christos |
branches: 1.47.2; 1.47.4; include "ioconf.h" to get the 'void <driver>attach(int count);' prototype.
|
Revision tags: netbsd-7-2-RELEASE netbsd-7-1-2-RELEASE netbsd-7-1-1-RELEASE netbsd-7-1-RELEASE netbsd-7-1-RC2 netbsd-7-nhusb-base-20170116 netbsd-7-1-RC1 netbsd-7-0-2-RELEASE netbsd-7-nhusb-base netbsd-7-0-1-RELEASE netbsd-7-0-RELEASE netbsd-7-0-RC3 netbsd-7-0-RC2 netbsd-7-0-RC1 nick-nhusb-base-20150606 nick-nhusb-base-20150406 nick-nhusb-base netbsd-7-base tls-earlyentropy-base tls-maxphys-base
|
#
1.46 |
|
02-Jul-2014 |
riastradh |
branches: 1.46.4; If we register with pmf on attach, deregister on detach.
|
#
1.45 |
|
21-Jun-2014 |
christos |
register with pmf.
|
Revision tags: yamt-pagecache-base9 riastradh-xf86-video-intel-2-7-1-pre-2-21-15 riastradh-drm2-base3 rmind-smpnet-nbase rmind-smpnet-base
|
#
1.44 |
|
01-Jan-2014 |
pgoyette |
branches: 1.44.2; Modularize the opencrypto components and link to the build
|
#
1.43 |
|
12-Sep-2013 |
martin |
Remove unused variable
|
Revision tags: riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base
|
#
1.42 |
|
24-Jun-2013 |
riastradh |
branches: 1.42.2; Replace consttime_bcmp/explicit_bzero by consttime_memequal/explicit_memset.
consttime_memequal is the same as the old consttime_bcmp. explicit_memset is to memset as explicit_bzero was to bcmp.
Passes amd64 release and i386/ALL, but I'm sure I missed some spots, so please let me know.
|
Revision tags: agc-symver-base
|
#
1.41 |
|
02-Feb-2013 |
christos |
fix compilation
|
Revision tags: yamt-pagecache-base8 yamt-pagecache-base7 yamt-pagecache-base6
|
#
1.40 |
|
30-Aug-2012 |
drochner |
branches: 1.40.2; Add "consttime_bcmp" and "explicit_bzero" functions for both kernel abd userland, as proposed on tech-security, with explicit_bzero using a volatile function pointer as suggested by Alan Barrett. Both do what the name says. For userland, both are prefixed by "__" to keep them out of the user namespace. Change some memset/memcmp uses to the new functions where it makes sense -- these are just some examples, more to come.
|
Revision tags: netbsd-6-0-6-RELEASE netbsd-6-1-5-RELEASE netbsd-6-1-4-RELEASE netbsd-6-0-5-RELEASE netbsd-6-1-3-RELEASE netbsd-6-0-4-RELEASE netbsd-6-1-2-RELEASE netbsd-6-0-3-RELEASE netbsd-6-1-1-RELEASE netbsd-6-0-2-RELEASE netbsd-6-1-RELEASE netbsd-6-1-RC4 netbsd-6-1-RC3 netbsd-6-1-RC2 netbsd-6-1-RC1 netbsd-6-0-1-RELEASE matt-nb6-plus-nbase netbsd-6-0-RELEASE netbsd-6-0-RC2 matt-nb6-plus-base netbsd-6-0-RC1 jmcneill-usbmp-base10 yamt-pagecache-base5 jmcneill-usbmp-base9 yamt-pagecache-base4 jmcneill-usbmp-base8 jmcneill-usbmp-base7 jmcneill-usbmp-base6 jmcneill-usbmp-base5 jmcneill-usbmp-base4 jmcneill-usbmp-base3 jmcneill-usbmp-pre-base2 jmcneill-usbmp-base2 netbsd-6-base jmcneill-usbmp-base
|
#
1.39 |
|
28-Nov-2011 |
tls |
Remove arc4random() and arc4randbytes() from the kernel API. Replace arc4random() hacks in rump with stubs that call the host arc4random() to get numbers that are hopefully actually random (arc4random() keyed with stack junk is not). This should fix some of the currently failing anita tests -- we should no longer generate duplicate "random" MAC addresses in the test environment.
|
Revision tags: jmcneill-audiomp3-base yamt-pagecache-base3 yamt-pagecache-base2 yamt-pagecache-base rmind-uvmplock-nbase rmind-uvmplock-base
|
#
1.38 |
|
07-Jun-2011 |
drochner |
branches: 1.38.2; use a simple counter as IV for AES-GMAC as suggested in RFC4543
|
Revision tags: cherry-xenmp-base
|
#
1.37 |
|
26-May-2011 |
drochner |
branches: 1.37.2; pull in AES-GCM/GMAC support from OpenBSD This is still somewhat experimental. Tested between 2 similar boxes so far. There is much potential for performance improvement. For now, I've changed the gmac code to accept any data alignment, as the "char *" pointer suggests. As the code is practically used, 32-bit alignment can be assumed, at the cost of data copies. I don't know whether bytewise access or copies are worse performance-wise. For efficient implementations using SSE2 instructions on x86, even stricter alignment requirements might arise.
|
#
1.36 |
|
24-May-2011 |
drochner |
copy AES-XCBC-MAC support from KAME IPSEC to FAST_IPSEC For this to fit, an API change in cryptosoft was adopted from OpenBSD (addition of a "Setkey" method to hashes) which was done for GCM/GMAC support there, so it might be useful in the future anyway. tested against KAME IPSEC AFAICT, FAST_IPSEC now supports as much as KAME.
|
#
1.35 |
|
24-May-2011 |
drochner |
move the "context size" struct member (which is a pure software implementation thing) from the abstract xform descriptor to the cryptosoft implementation part -- for sanity, and now clients of opencrypto don't depend on headers of cipher implementations anymore
|
#
1.34 |
|
24-May-2011 |
drochner |
Change the way the IV is generated for AES-CTR: use a simple counter instead of arc4random(). AES-CTR is sensitive against IV recurrence (with the same key / nonce), and a random number doesn't give that guarantee. This needs a little API change in cryptosoft -- I've suggested it to Open/FreeBSD, might change it depending on feedback. Thanks to Steven Bellovin for hints.
|
#
1.33 |
|
23-May-2011 |
drochner |
add an AES-CTR xform, from OpenBSD
|
#
1.32 |
|
23-May-2011 |
drochner |
-in the descriptor for encryption xforms, split the "blocksize" field into "blocksize" and "IV size" -add an "reinit" function pointer which, if set, means that the xform does its IV handling itself and doesn't want the default CBC handling by the framework (poor name, but left that way to avoid unecessary differences) This syncs with Open/FreeBSD, purpose is to allow non-CBC transforms. Refer to ivsize instead of blocksize where appropriate. (At this point, blocksize and ivsize are identical.)
|
#
1.31 |
|
21-May-2011 |
drochner |
fix a logics bug (which has been here from the beginning) which made that only 96 random bits were used for IV generation, this caused eg that the last 4 bytes of the IV in ESP/AES-CBC were constant, leaking kernel memory affects FAST_IPSEC only
|
#
1.30 |
|
05-May-2011 |
drochner |
support camellia-cbc by swcrypt
|
Revision tags: bouyer-quota2-nbase
|
#
1.29 |
|
25-Feb-2011 |
drochner |
make the use of SHA2-HMAC by FAST_IPSEC compliant to current standards: -RFC2104 says that the block size of the hash algorithm must be used for key/ipad/opad calculations. While formerly all ciphers used a block length of 64, SHA384 and SHA512 use 128 bytes. So we can't use the HMAC_BLOCK_LEN constant anymore. Add a new field to "struct auth_hash" for the per-cipher blocksize. -Due to this, there can't be a single "CRYPTO_SHA2_HMAC" external name anymore. Replace this by 3 for the 3 different keysizes. This was done by Open/FreeBSD before. -Also fix the number of authenticator bits used tor ESP and AH to conform to RFC4868, and remove uses of AH_HMAC_HASHLEN which did assume a fixed authenticator size of 12 bytes.
FAST_IPSEC will not interoperate with KAME IPSEC anymore if sha2 is used, because the latter doesn't implement these standards. It should interoperate with at least modern Free/OpenBSD now. (I've only tested with NetBSD-current/FAST_IPSEC on both ends.)
|
#
1.28 |
|
24-Feb-2011 |
drochner |
small modifications in dealing with the unknown result size of compression/ decompression: -seperate the IPCOMP specific rule that compression must not grow the data from general compression semantics: Introduce a special name CRYPTO_DEFLATE_COMP_NOGROW/comp_algo_deflate_nogrow to describe the IPCOMP semantics and use it there. (being here, fix the check so that equal size is considered failure as well as required by RFC2393) Customers of CRYPTO_DEFLATE_COMP/comp_algo_deflate now always get deflated data back, even if they are not smaller than the original. -allow to pass a "size hint" to the DEFLATE decompression function which is used for the initial buffer allocation. Due to the changes done there, additional allocations and extra copies are avoided if the initial allocation is sufficient. Set the size hint to MCLBYTES (=2k) in IPCOMP which should be good for many use cases.
|
Revision tags: bouyer-quota2-base
|
#
1.27 |
|
10-Feb-2011 |
drochner |
Don't store temporary values in the opencrypto session data struct which can be shared by multiple threads -- pass them on the stack instead. Add some "const" to document this. (One _could_ use the session struct for temporary stuff with proper locking, but it seems unnecessary here.) Also remove the unused SW_crc member in the session struct. From Wolfgang Stukenbrock per PR kern/44472.
|
Revision tags: jruoho-x86intr-base matt-mips64-premerge-20101231 uebayasi-xip-base4 uebayasi-xip-base3 yamt-nfs-mp-base11 uebayasi-xip-base2 yamt-nfs-mp-base10
|
#
1.26 |
|
02-Aug-2010 |
jakllsch |
branches: 1.26.2; 1.26.4; Consistently use a single CRYPTO_SESID2HID-like macro. Improve CRYPTO_DEBUG printing a bit: print pointers with %p print unsigned with %u rather than %d use CRYPTO_SESID2LID instead of just casting to uint32_t
|
Revision tags: uebayasi-xip-base1 yamt-nfs-mp-base9 uebayasi-xip-base matt-premerge-20091211 yamt-nfs-mp-base8 yamt-nfs-mp-base7 jymxensuspend-base yamt-nfs-mp-base6 yamt-nfs-mp-base5 yamt-nfs-mp-base4 jym-xensuspend-nbase yamt-nfs-mp-base3 nick-hppapmap-base4 nick-hppapmap-base3 jym-xensuspend-base nick-hppapmap-base
|
#
1.25 |
|
18-Apr-2009 |
tsutsui |
branches: 1.25.2; 1.25.4; Remove extra whitespace added by a stupid tool. XXX: more in src/sys/arch
|
#
1.24 |
|
25-Mar-2009 |
darran |
Fixes PR kern/41069 and PR kern/41070.
Extends the Opencrypto API to allow the destination buffer size to be specified when its not the same size as the input buffer (i.e. for operations like compress and decompress). The crypto_op and crypt_n_op structures gain a u_int dst_len field. The session_op structure gains a comp_alg field to specify a compression algorithm. Moved four ioctls to new ids; CIOCGSESSION, CIOCNGSESSION, CIOCCRYPT, and CIOCNCRYPTM. Added four backward compatible ioctls; OCIOCGSESSION, OCIOCNGSESSION, OCIOCCRYPT, and OCIOCNCRYPTM.
Backward compatibility is maintained in ocryptodev.h and ocryptodev.c which implement the original ioctls and set dst_len and comp_alg to 0.
Adds user-space access to compression features.
Adds software gzip support (CRYPTO_GZIP_COMP).
Adds the fast version of crc32 from zlib to libkern. This should be generally useful and provide a place to start normalizing the various crc32 routines in the kernel. The crc32 routine is used in this patch to support GZIP.
With input and support from tls@NetBSD.org.
|
#
1.23 |
|
18-Mar-2009 |
cegger |
bcopy -> memcpy
|
#
1.22 |
|
18-Mar-2009 |
cegger |
bzero -> memset
|
Revision tags: nick-hppapmap-base2 mjf-devfs2-base
|
#
1.21 |
|
17-Dec-2008 |
cegger |
branches: 1.21.2; kill MALLOC and FREE macros.
|
Revision tags: matt-nb5-mips64-premerge-20101231 matt-nb5-mips64-k15 netbsd-5-0-2-RELEASE matt-nb5-mips64-premerge-20091211 matt-nb5-mips64-u2-k2-k4-k7-k8-k9 matt-nb4-mips64-k7-u2a-k9b matt-nb5-mips64-u1-k1-k5 netbsd-5-0-1-RELEASE netbsd-5-0-RELEASE netbsd-5-0-RC4 netbsd-5-0-RC3 netbsd-5-0-RC2 netbsd-5-0-RC1 haad-dm-base2 haad-nbase2 ad-audiomp2-base netbsd-5-base matt-mips64-base2 haad-dm-base1 wrstuden-revivesa-base-4 wrstuden-revivesa-base-3 wrstuden-revivesa-base-2 haad-dm-base wrstuden-revivesa-base-1 simonb-wapbl-nbase yamt-pf42-base4 simonb-wapbl-base yamt-pf42-base3 hpcarm-cleanup-nbase yamt-pf42-baseX yamt-pf42-base2 yamt-nfs-mp-base2 wrstuden-revivesa-base yamt-nfs-mp-base yamt-pf42-base ad-socklock-base1 yamt-lazymbuf-base15 yamt-lazymbuf-base14 keiichi-mipv6-nbase nick-net80211-sync-base keiichi-mipv6-base matt-armv6-nbase mjf-devfs-base hpcarm-cleanup-base
|
#
1.20 |
|
04-Feb-2008 |
tls |
branches: 1.20.6; 1.20.10; 1.20.18; 1.20.20; 1.20.26; Rework opencrypto to use a spin mutex (crypto_mtx) instead of "splcrypto" (actually splnet) and condvars instead of tsleep/wakeup. Fix a few miscellaneous problems and add some debugging printfs while there.
Restore set of CRYPTO_F_DONE in crypto_done() which was lost at some point after this code came from FreeBSD -- it made it impossible to wait properly for a condition.
Add flags analogous to the "crp" flags to the key operation's krp struct. Add a new flag, CRYPTO_F_ONRETQ which tells us a request finished before the kthread had a chance to dequeue it and call its callback -- this was letting requests stick on the queues before even though done and copied out.
Callers of crypto_newsession() or crypto_freesession() must now take the mutex. Change netipsec to do so. Dispatch takes the mutex itself as needed.
This was tested fairly extensively with the cryptosoft backend and lightly with a new hardware driver. It has not been tested with FAST_IPSEC; I am unable to ascertain whether FAST_IPSEC currently works at all in our tree.
pjd@FreeBSD.ORG, ad@NetBSD.ORG, and darran@snark.us pointed me in the right direction several times in the course of this. Remaining bugs are mine alone.
|
#
1.19 |
|
02-Feb-2008 |
tls |
Add CRYPTO_*_HMAC_96 defines -- missed this file in previous commit.
|
#
1.18 |
|
01-Feb-2008 |
tls |
This code never worked on a released version of FreeBSD in the form it's been in in our tree, and certainly does not work on any version of FreeBSD now. Run through unifdef -D__NetBSD__ -U__FreeBSD__ yielding a small reduction of size and a dramatic improvement in readability.
No, this does not yield any meaningful decrease in patchability (unlike mechanical changes that touch live source lines) -- try it and see.
|
Revision tags: nick-csl-alignment-base5 bouyer-xeni386-merge1 matt-armv6-prevmlocking vmlocking2-base3 bouyer-xeni386-nbase yamt-kmem-base3 cube-autoconf-base yamt-kmem-base2 bouyer-xeni386-base yamt-kmem-base vmlocking2-base2 reinoud-bufcleanup-nbase vmlocking2-base1 jmcneill-base bouyer-xenamd64-base2 vmlocking-nbase yamt-x86pmap-base4 bouyer-xenamd64-base yamt-x86pmap-base3 yamt-x86pmap-base2 yamt-x86pmap-base matt-armv6-base matt-mips64-base jmcneill-pm-base nick-csl-alignment-base yamt-idlelwp-base8 thorpej-atomic-base reinoud-bufcleanup-base mjf-ufs-trans-base vmlocking-base
|
#
1.17 |
|
04-Mar-2007 |
christos |
branches: 1.17.16; 1.17.22; Kill caddr_t; there will be some MI fallout, but it will be fixed shortly.
|
Revision tags: ad-audiomp-base
|
#
1.16 |
|
17-Feb-2007 |
daniel |
branches: 1.16.2; Add an opencrypto provider for the AES xcrypt instructions found on VIA C5P and later cores (also known as 'ACE', which is part of the VIA PadLock security engine). Ported from OpenBSD.
Reviewed on tech-crypto and port-i386, no objections to commiting this.
|
Revision tags: netbsd-4-0-1-RELEASE wrstuden-fixsa-newbase wrstuden-fixsa-base-1 netbsd-4-0-RELEASE netbsd-4-0-RC5 matt-nb4-arm-base netbsd-4-0-RC4 netbsd-4-0-RC3 netbsd-4-0-RC2 netbsd-4-0-RC1 wrstuden-fixsa-base post-newlock2-merge newlock2-nbase yamt-splraiseipl-base5 yamt-splraiseipl-base4 yamt-splraiseipl-base3 newlock2-base netbsd-4-base
|
#
1.15 |
|
16-Nov-2006 |
christos |
__unused removal on arguments; approved by core.
|
Revision tags: yamt-splraiseipl-base2
|
#
1.14 |
|
12-Oct-2006 |
christos |
- sprinkle __unused on function decls. - fix a couple of unused bugs - no more -Wno-unused for i386
|
Revision tags: abandoned-netbsd-4-base yamt-splraiseipl-base yamt-pdpolicy-base9 yamt-pdpolicy-base8 yamt-pdpolicy-base7 yamt-pdpolicy-base6 chap-midi-nbase gdamore-uart-base yamt-pdpolicy-base5 chap-midi-base yamt-pdpolicy-base4 elad-kernelauth-base simonb-timecounters-base rpaulo-netinet-merge-pcb-base
|
#
1.13 |
|
02-Apr-2006 |
dsl |
branches: 1.13.8; 1.13.10; malloc data the size the pointer points to, not the size of a pointer. Maybe we get away with this (at least on 32bit archs) because the structure is 24 bytes and I bet the minimum allocation size is 32. Fixed coverty CIDs 2732 and 2733
|
Revision tags: yamt-pdpolicy-base3
|
#
1.12 |
|
17-Mar-2006 |
christos |
don't use MALLOC with a non-constant size; use malloc instead.
|
Revision tags: peter-altq-base yamt-pdpolicy-base2 yamt-pdpolicy-base yamt-uio_vmspace-base5 yamt-readahead-base3 ktrace-lwp-base
|
#
1.11 |
|
25-Nov-2005 |
thorpej |
branches: 1.11.4; 1.11.6; 1.11.8; 1.11.10; 1.11.12; swcr -> swcrypto
|
#
1.10 |
|
25-Nov-2005 |
thorpej |
- De-couple the software crypto implementation from the rest of the framework. There is no need to waste the space if you are only using algoritms provided by hardware accelerators. To get the software implementations, add "pseudo-device swcr" to your kernel config. - Lazily initialize the opencrypto framework when crypto drivers (either hardware or swcr) register themselves with the framework.
|
Revision tags: netbsd-3-1-1-RELEASE netbsd-3-0-3-RELEASE netbsd-3-1-RELEASE netbsd-3-0-2-RELEASE netbsd-3-1-RC4 netbsd-3-1-RC3 netbsd-3-1-RC2 netbsd-3-1-RC1 netbsd-3-0-1-RELEASE netbsd-3-0-RELEASE netbsd-3-0-RC6 netbsd-3-0-RC5 netbsd-3-0-RC4 netbsd-3-0-RC3 yamt-readahead-base2 netbsd-3-0-RC2 yamt-readahead-pervnode yamt-readahead-perfile yamt-readahead-base netbsd-3-0-RC1 yamt-vop-base3 yamt-vop-base2 thorpej-vnode-attr-base yamt-vop-base yamt-km-base4 yamt-km-base3 netbsd-3-base kent-audio2-base
|
#
1.9 |
|
26-Feb-2005 |
perry |
branches: 1.9.4; 1.9.10; nuke trailing whitespace
|
Revision tags: netbsd-2-0-3-RELEASE netbsd-2-1-RELEASE netbsd-2-1-RC6 netbsd-2-1-RC5 netbsd-2-1-RC4 netbsd-2-1-RC3 netbsd-2-1-RC2 netbsd-2-1-RC1 netbsd-2-0-2-RELEASE yamt-km-base2 yamt-km-base netbsd-2-0-1-RELEASE kent-audio1-beforemerge netbsd-2-base kent-audio1-base netbsd-2-0-RELEASE netbsd-2-0-RC5 netbsd-2-0-RC4 netbsd-2-0-RC3 netbsd-2-0-RC2 netbsd-2-0-RC1 netbsd-2-0-base
|
#
1.8 |
|
27-Aug-2003 |
thorpej |
branches: 1.8.4; 1.8.10; 1.8.12; Some const poisoning.
|
#
1.7 |
|
26-Aug-2003 |
thorpej |
Remove a bunch of unnecessary includes.
|
#
1.6 |
|
25-Aug-2003 |
thorpej |
It's bad form to use the <opencrypto/rmd160.h> header file while using the crypto/ripemd160/rmd160.c implementation. Remove the opencrypto-local copies of these files entirely.
|
#
1.5 |
|
30-Jul-2003 |
jonathan |
Garbage-collect references to OpenBSD-only <dev/rndvar.h>.
|
#
1.4 |
|
28-Jul-2003 |
jonathan |
Remove vestiges of OpenBSD <sys/md5k.h> header.
|
#
1.3 |
|
27-Jul-2003 |
jonathan |
Cleanup traces of previous standalone m_apply()/m_getptr().
|
#
1.2 |
|
26-Jul-2003 |
jonathan |
Fix authentication hashes requested via /dev/crypto. The handler for userland hashes case was partly omitted in the OpenBSD -> FreeBSD port.
|
#
1.1 |
|
25-Jul-2003 |
jonathan |
Commit initial NetBSD port of the OpenCrypto Framework (OCF). This code is derived from Sam Leffler's FreeBSD port of OCF, which is in turn a port of Angelos Keromytis's OpenBSD work. Credit to Sam and Angelos, any blame for the NetBSD port to me.
|
#
1.55 |
|
14-Jun-2020 |
riastradh |
swcrypto(4): Simplify iv generation logic with cprng_fast.
|
Revision tags: bouyer-xenpvh-base2 phil-wifi-20200421 bouyer-xenpvh-base1 phil-wifi-20200411 bouyer-xenpvh-base is-mlppp-base phil-wifi-20200406 ad-namecache-base3 ad-namecache-base2 ad-namecache-base1 ad-namecache-base phil-wifi-20191119
|
#
1.54 |
|
12-Oct-2019 |
christos |
add (void *) intermediate casts to elide gcc function cast warnings. This is the simplest solution; choices: - add pragmas, complex and ugly (need to be gcc-specific) - add -Wno to COPTS. Needs to be done in many makefiles because of rump - add intermediate functions: slows down things
|
Revision tags: netbsd-9-0-RELEASE netbsd-9-0-RC2 netbsd-9-0-RC1 netbsd-9-base
|
#
1.53 |
|
11-Jul-2019 |
christos |
Disable unloading until we keep track of references
|
Revision tags: phil-wifi-20190609 isaki-audio2-base pgoyette-compat-merge-20190127 pgoyette-compat-20190127 pgoyette-compat-20190118 pgoyette-compat-1226 pgoyette-compat-1126 pgoyette-compat-1020 pgoyette-compat-0930 pgoyette-compat-0906 pgoyette-compat-0728 phil-wifi-base pgoyette-compat-0625 pgoyette-compat-0521 pgoyette-compat-0502 pgoyette-compat-0422 pgoyette-compat-0415 pgoyette-compat-0407 pgoyette-compat-0330 pgoyette-compat-0322 pgoyette-compat-0315 pgoyette-compat-base tls-maxphys-base-20171202 nick-nhusb-base-20170825 perseant-stdc-iso10646-base
|
#
1.52 |
|
23-Jun-2017 |
knakahara |
branches: 1.52.6; fix cryptosoft.c:r1.51 mistake. swcrypto_attach() must not be called from module_init_class().
swcrypto_attach() will call softint_establish(), it must be called after cpus attached. module_init_class() is too early to call softint_establish().
|
Revision tags: netbsd-8-base
|
#
1.51 |
|
01-Jun-2017 |
knakahara |
branches: 1.51.2; swcrypto0 was initialized twice. Fix like pseudo network interfaces.
ok by pgoyette@n.o.
|
Revision tags: prg-localcount2-base3
|
#
1.50 |
|
17-May-2017 |
knakahara |
opencrypto: cleanup debug messages.
|
Revision tags: prg-localcount2-base2 prg-localcount2-base1 prg-localcount2-base pgoyette-localcount-20170426 bouyer-socketcan-base1
|
#
1.49 |
|
18-Apr-2017 |
maya |
branches: 1.49.2; Remove duplicate assignment. We assign the same value unconditionally just before.
from clang static analyzer
XXX surrounding code seems fishy
|
#
1.48 |
|
13-Apr-2017 |
ozaki-r |
Fix usage of MD5Final/SHA1Final
Passing NULL as the digest parameter is wrong.
|
Revision tags: jdolecek-ncq-base pgoyette-localcount-20170320 nick-nhusb-base-20170204 bouyer-socketcan-base pgoyette-localcount-20170107 nick-nhusb-base-20161204 pgoyette-localcount-20161104 nick-nhusb-base-20161004 localcount-20160914 pgoyette-localcount-20160806 pgoyette-localcount-20160726 pgoyette-localcount-base nick-nhusb-base-20160907 nick-nhusb-base-20160529 nick-nhusb-base-20160422 nick-nhusb-base-20160319 nick-nhusb-base-20151226 nick-nhusb-base-20150921
|
#
1.47 |
|
20-Aug-2015 |
christos |
branches: 1.47.2; 1.47.4; include "ioconf.h" to get the 'void <driver>attach(int count);' prototype.
|
Revision tags: netbsd-7-2-RELEASE netbsd-7-1-2-RELEASE netbsd-7-1-1-RELEASE netbsd-7-1-RELEASE netbsd-7-1-RC2 netbsd-7-nhusb-base-20170116 netbsd-7-1-RC1 netbsd-7-0-2-RELEASE netbsd-7-nhusb-base netbsd-7-0-1-RELEASE netbsd-7-0-RELEASE netbsd-7-0-RC3 netbsd-7-0-RC2 netbsd-7-0-RC1 nick-nhusb-base-20150606 nick-nhusb-base-20150406 nick-nhusb-base netbsd-7-base tls-earlyentropy-base tls-maxphys-base
|
#
1.46 |
|
02-Jul-2014 |
riastradh |
branches: 1.46.4; If we register with pmf on attach, deregister on detach.
|
#
1.45 |
|
21-Jun-2014 |
christos |
register with pmf.
|
Revision tags: yamt-pagecache-base9 riastradh-xf86-video-intel-2-7-1-pre-2-21-15 riastradh-drm2-base3 rmind-smpnet-nbase rmind-smpnet-base
|
#
1.44 |
|
01-Jan-2014 |
pgoyette |
branches: 1.44.2; Modularize the opencrypto components and link to the build
|
#
1.43 |
|
12-Sep-2013 |
martin |
Remove unused variable
|
Revision tags: riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base
|
#
1.42 |
|
24-Jun-2013 |
riastradh |
branches: 1.42.2; Replace consttime_bcmp/explicit_bzero by consttime_memequal/explicit_memset.
consttime_memequal is the same as the old consttime_bcmp. explicit_memset is to memset as explicit_bzero was to bcmp.
Passes amd64 release and i386/ALL, but I'm sure I missed some spots, so please let me know.
|
Revision tags: agc-symver-base
|
#
1.41 |
|
02-Feb-2013 |
christos |
fix compilation
|
Revision tags: yamt-pagecache-base8 yamt-pagecache-base7 yamt-pagecache-base6
|
#
1.40 |
|
30-Aug-2012 |
drochner |
branches: 1.40.2; Add "consttime_bcmp" and "explicit_bzero" functions for both kernel abd userland, as proposed on tech-security, with explicit_bzero using a volatile function pointer as suggested by Alan Barrett. Both do what the name says. For userland, both are prefixed by "__" to keep them out of the user namespace. Change some memset/memcmp uses to the new functions where it makes sense -- these are just some examples, more to come.
|
Revision tags: netbsd-6-0-6-RELEASE netbsd-6-1-5-RELEASE netbsd-6-1-4-RELEASE netbsd-6-0-5-RELEASE netbsd-6-1-3-RELEASE netbsd-6-0-4-RELEASE netbsd-6-1-2-RELEASE netbsd-6-0-3-RELEASE netbsd-6-1-1-RELEASE netbsd-6-0-2-RELEASE netbsd-6-1-RELEASE netbsd-6-1-RC4 netbsd-6-1-RC3 netbsd-6-1-RC2 netbsd-6-1-RC1 netbsd-6-0-1-RELEASE matt-nb6-plus-nbase netbsd-6-0-RELEASE netbsd-6-0-RC2 matt-nb6-plus-base netbsd-6-0-RC1 jmcneill-usbmp-base10 yamt-pagecache-base5 jmcneill-usbmp-base9 yamt-pagecache-base4 jmcneill-usbmp-base8 jmcneill-usbmp-base7 jmcneill-usbmp-base6 jmcneill-usbmp-base5 jmcneill-usbmp-base4 jmcneill-usbmp-base3 jmcneill-usbmp-pre-base2 jmcneill-usbmp-base2 netbsd-6-base jmcneill-usbmp-base
|
#
1.39 |
|
28-Nov-2011 |
tls |
Remove arc4random() and arc4randbytes() from the kernel API. Replace arc4random() hacks in rump with stubs that call the host arc4random() to get numbers that are hopefully actually random (arc4random() keyed with stack junk is not). This should fix some of the currently failing anita tests -- we should no longer generate duplicate "random" MAC addresses in the test environment.
|
Revision tags: jmcneill-audiomp3-base yamt-pagecache-base3 yamt-pagecache-base2 yamt-pagecache-base rmind-uvmplock-nbase rmind-uvmplock-base
|
#
1.38 |
|
07-Jun-2011 |
drochner |
branches: 1.38.2; use a simple counter as IV for AES-GMAC as suggested in RFC4543
|
Revision tags: cherry-xenmp-base
|
#
1.37 |
|
26-May-2011 |
drochner |
branches: 1.37.2; pull in AES-GCM/GMAC support from OpenBSD This is still somewhat experimental. Tested between 2 similar boxes so far. There is much potential for performance improvement. For now, I've changed the gmac code to accept any data alignment, as the "char *" pointer suggests. As the code is practically used, 32-bit alignment can be assumed, at the cost of data copies. I don't know whether bytewise access or copies are worse performance-wise. For efficient implementations using SSE2 instructions on x86, even stricter alignment requirements might arise.
|
#
1.36 |
|
24-May-2011 |
drochner |
copy AES-XCBC-MAC support from KAME IPSEC to FAST_IPSEC For this to fit, an API change in cryptosoft was adopted from OpenBSD (addition of a "Setkey" method to hashes) which was done for GCM/GMAC support there, so it might be useful in the future anyway. tested against KAME IPSEC AFAICT, FAST_IPSEC now supports as much as KAME.
|
#
1.35 |
|
24-May-2011 |
drochner |
move the "context size" struct member (which is a pure software implementation thing) from the abstract xform descriptor to the cryptosoft implementation part -- for sanity, and now clients of opencrypto don't depend on headers of cipher implementations anymore
|
#
1.34 |
|
24-May-2011 |
drochner |
Change the way the IV is generated for AES-CTR: use a simple counter instead of arc4random(). AES-CTR is sensitive against IV recurrence (with the same key / nonce), and a random number doesn't give that guarantee. This needs a little API change in cryptosoft -- I've suggested it to Open/FreeBSD, might change it depending on feedback. Thanks to Steven Bellovin for hints.
|
#
1.33 |
|
23-May-2011 |
drochner |
add an AES-CTR xform, from OpenBSD
|
#
1.32 |
|
23-May-2011 |
drochner |
-in the descriptor for encryption xforms, split the "blocksize" field into "blocksize" and "IV size" -add an "reinit" function pointer which, if set, means that the xform does its IV handling itself and doesn't want the default CBC handling by the framework (poor name, but left that way to avoid unecessary differences) This syncs with Open/FreeBSD, purpose is to allow non-CBC transforms. Refer to ivsize instead of blocksize where appropriate. (At this point, blocksize and ivsize are identical.)
|
#
1.31 |
|
21-May-2011 |
drochner |
fix a logics bug (which has been here from the beginning) which made that only 96 random bits were used for IV generation, this caused eg that the last 4 bytes of the IV in ESP/AES-CBC were constant, leaking kernel memory affects FAST_IPSEC only
|
#
1.30 |
|
05-May-2011 |
drochner |
support camellia-cbc by swcrypt
|
Revision tags: bouyer-quota2-nbase
|
#
1.29 |
|
25-Feb-2011 |
drochner |
make the use of SHA2-HMAC by FAST_IPSEC compliant to current standards: -RFC2104 says that the block size of the hash algorithm must be used for key/ipad/opad calculations. While formerly all ciphers used a block length of 64, SHA384 and SHA512 use 128 bytes. So we can't use the HMAC_BLOCK_LEN constant anymore. Add a new field to "struct auth_hash" for the per-cipher blocksize. -Due to this, there can't be a single "CRYPTO_SHA2_HMAC" external name anymore. Replace this by 3 for the 3 different keysizes. This was done by Open/FreeBSD before. -Also fix the number of authenticator bits used tor ESP and AH to conform to RFC4868, and remove uses of AH_HMAC_HASHLEN which did assume a fixed authenticator size of 12 bytes.
FAST_IPSEC will not interoperate with KAME IPSEC anymore if sha2 is used, because the latter doesn't implement these standards. It should interoperate with at least modern Free/OpenBSD now. (I've only tested with NetBSD-current/FAST_IPSEC on both ends.)
|
#
1.28 |
|
24-Feb-2011 |
drochner |
small modifications in dealing with the unknown result size of compression/ decompression: -seperate the IPCOMP specific rule that compression must not grow the data from general compression semantics: Introduce a special name CRYPTO_DEFLATE_COMP_NOGROW/comp_algo_deflate_nogrow to describe the IPCOMP semantics and use it there. (being here, fix the check so that equal size is considered failure as well as required by RFC2393) Customers of CRYPTO_DEFLATE_COMP/comp_algo_deflate now always get deflated data back, even if they are not smaller than the original. -allow to pass a "size hint" to the DEFLATE decompression function which is used for the initial buffer allocation. Due to the changes done there, additional allocations and extra copies are avoided if the initial allocation is sufficient. Set the size hint to MCLBYTES (=2k) in IPCOMP which should be good for many use cases.
|
Revision tags: bouyer-quota2-base
|
#
1.27 |
|
10-Feb-2011 |
drochner |
Don't store temporary values in the opencrypto session data struct which can be shared by multiple threads -- pass them on the stack instead. Add some "const" to document this. (One _could_ use the session struct for temporary stuff with proper locking, but it seems unnecessary here.) Also remove the unused SW_crc member in the session struct. From Wolfgang Stukenbrock per PR kern/44472.
|
Revision tags: jruoho-x86intr-base matt-mips64-premerge-20101231 uebayasi-xip-base4 uebayasi-xip-base3 yamt-nfs-mp-base11 uebayasi-xip-base2 yamt-nfs-mp-base10
|
#
1.26 |
|
02-Aug-2010 |
jakllsch |
branches: 1.26.2; 1.26.4; Consistently use a single CRYPTO_SESID2HID-like macro. Improve CRYPTO_DEBUG printing a bit: print pointers with %p print unsigned with %u rather than %d use CRYPTO_SESID2LID instead of just casting to uint32_t
|
Revision tags: uebayasi-xip-base1 yamt-nfs-mp-base9 uebayasi-xip-base matt-premerge-20091211 yamt-nfs-mp-base8 yamt-nfs-mp-base7 jymxensuspend-base yamt-nfs-mp-base6 yamt-nfs-mp-base5 yamt-nfs-mp-base4 jym-xensuspend-nbase yamt-nfs-mp-base3 nick-hppapmap-base4 nick-hppapmap-base3 jym-xensuspend-base nick-hppapmap-base
|
#
1.25 |
|
18-Apr-2009 |
tsutsui |
branches: 1.25.2; 1.25.4; Remove extra whitespace added by a stupid tool. XXX: more in src/sys/arch
|
#
1.24 |
|
25-Mar-2009 |
darran |
Fixes PR kern/41069 and PR kern/41070.
Extends the Opencrypto API to allow the destination buffer size to be specified when its not the same size as the input buffer (i.e. for operations like compress and decompress). The crypto_op and crypt_n_op structures gain a u_int dst_len field. The session_op structure gains a comp_alg field to specify a compression algorithm. Moved four ioctls to new ids; CIOCGSESSION, CIOCNGSESSION, CIOCCRYPT, and CIOCNCRYPTM. Added four backward compatible ioctls; OCIOCGSESSION, OCIOCNGSESSION, OCIOCCRYPT, and OCIOCNCRYPTM.
Backward compatibility is maintained in ocryptodev.h and ocryptodev.c which implement the original ioctls and set dst_len and comp_alg to 0.
Adds user-space access to compression features.
Adds software gzip support (CRYPTO_GZIP_COMP).
Adds the fast version of crc32 from zlib to libkern. This should be generally useful and provide a place to start normalizing the various crc32 routines in the kernel. The crc32 routine is used in this patch to support GZIP.
With input and support from tls@NetBSD.org.
|
#
1.23 |
|
18-Mar-2009 |
cegger |
bcopy -> memcpy
|
#
1.22 |
|
18-Mar-2009 |
cegger |
bzero -> memset
|
Revision tags: nick-hppapmap-base2 mjf-devfs2-base
|
#
1.21 |
|
17-Dec-2008 |
cegger |
branches: 1.21.2; kill MALLOC and FREE macros.
|
Revision tags: matt-nb5-mips64-premerge-20101231 matt-nb5-mips64-k15 netbsd-5-0-2-RELEASE matt-nb5-mips64-premerge-20091211 matt-nb5-mips64-u2-k2-k4-k7-k8-k9 matt-nb4-mips64-k7-u2a-k9b matt-nb5-mips64-u1-k1-k5 netbsd-5-0-1-RELEASE netbsd-5-0-RELEASE netbsd-5-0-RC4 netbsd-5-0-RC3 netbsd-5-0-RC2 netbsd-5-0-RC1 haad-dm-base2 haad-nbase2 ad-audiomp2-base netbsd-5-base matt-mips64-base2 haad-dm-base1 wrstuden-revivesa-base-4 wrstuden-revivesa-base-3 wrstuden-revivesa-base-2 haad-dm-base wrstuden-revivesa-base-1 simonb-wapbl-nbase yamt-pf42-base4 simonb-wapbl-base yamt-pf42-base3 hpcarm-cleanup-nbase yamt-pf42-baseX yamt-pf42-base2 yamt-nfs-mp-base2 wrstuden-revivesa-base yamt-nfs-mp-base yamt-pf42-base ad-socklock-base1 yamt-lazymbuf-base15 yamt-lazymbuf-base14 keiichi-mipv6-nbase nick-net80211-sync-base keiichi-mipv6-base matt-armv6-nbase mjf-devfs-base hpcarm-cleanup-base
|
#
1.20 |
|
04-Feb-2008 |
tls |
branches: 1.20.6; 1.20.10; 1.20.18; 1.20.20; 1.20.26; Rework opencrypto to use a spin mutex (crypto_mtx) instead of "splcrypto" (actually splnet) and condvars instead of tsleep/wakeup. Fix a few miscellaneous problems and add some debugging printfs while there.
Restore set of CRYPTO_F_DONE in crypto_done() which was lost at some point after this code came from FreeBSD -- it made it impossible to wait properly for a condition.
Add flags analogous to the "crp" flags to the key operation's krp struct. Add a new flag, CRYPTO_F_ONRETQ which tells us a request finished before the kthread had a chance to dequeue it and call its callback -- this was letting requests stick on the queues before even though done and copied out.
Callers of crypto_newsession() or crypto_freesession() must now take the mutex. Change netipsec to do so. Dispatch takes the mutex itself as needed.
This was tested fairly extensively with the cryptosoft backend and lightly with a new hardware driver. It has not been tested with FAST_IPSEC; I am unable to ascertain whether FAST_IPSEC currently works at all in our tree.
pjd@FreeBSD.ORG, ad@NetBSD.ORG, and darran@snark.us pointed me in the right direction several times in the course of this. Remaining bugs are mine alone.
|
#
1.19 |
|
02-Feb-2008 |
tls |
Add CRYPTO_*_HMAC_96 defines -- missed this file in previous commit.
|
#
1.18 |
|
01-Feb-2008 |
tls |
This code never worked on a released version of FreeBSD in the form it's been in in our tree, and certainly does not work on any version of FreeBSD now. Run through unifdef -D__NetBSD__ -U__FreeBSD__ yielding a small reduction of size and a dramatic improvement in readability.
No, this does not yield any meaningful decrease in patchability (unlike mechanical changes that touch live source lines) -- try it and see.
|
Revision tags: nick-csl-alignment-base5 bouyer-xeni386-merge1 matt-armv6-prevmlocking vmlocking2-base3 bouyer-xeni386-nbase yamt-kmem-base3 cube-autoconf-base yamt-kmem-base2 bouyer-xeni386-base yamt-kmem-base vmlocking2-base2 reinoud-bufcleanup-nbase vmlocking2-base1 jmcneill-base bouyer-xenamd64-base2 vmlocking-nbase yamt-x86pmap-base4 bouyer-xenamd64-base yamt-x86pmap-base3 yamt-x86pmap-base2 yamt-x86pmap-base matt-armv6-base matt-mips64-base jmcneill-pm-base nick-csl-alignment-base yamt-idlelwp-base8 thorpej-atomic-base reinoud-bufcleanup-base mjf-ufs-trans-base vmlocking-base
|
#
1.17 |
|
04-Mar-2007 |
christos |
branches: 1.17.16; 1.17.22; Kill caddr_t; there will be some MI fallout, but it will be fixed shortly.
|
Revision tags: ad-audiomp-base
|
#
1.16 |
|
17-Feb-2007 |
daniel |
branches: 1.16.2; Add an opencrypto provider for the AES xcrypt instructions found on VIA C5P and later cores (also known as 'ACE', which is part of the VIA PadLock security engine). Ported from OpenBSD.
Reviewed on tech-crypto and port-i386, no objections to commiting this.
|
Revision tags: netbsd-4-0-1-RELEASE wrstuden-fixsa-newbase wrstuden-fixsa-base-1 netbsd-4-0-RELEASE netbsd-4-0-RC5 matt-nb4-arm-base netbsd-4-0-RC4 netbsd-4-0-RC3 netbsd-4-0-RC2 netbsd-4-0-RC1 wrstuden-fixsa-base post-newlock2-merge newlock2-nbase yamt-splraiseipl-base5 yamt-splraiseipl-base4 yamt-splraiseipl-base3 newlock2-base netbsd-4-base
|
#
1.15 |
|
16-Nov-2006 |
christos |
__unused removal on arguments; approved by core.
|
Revision tags: yamt-splraiseipl-base2
|
#
1.14 |
|
12-Oct-2006 |
christos |
- sprinkle __unused on function decls. - fix a couple of unused bugs - no more -Wno-unused for i386
|
Revision tags: abandoned-netbsd-4-base yamt-splraiseipl-base yamt-pdpolicy-base9 yamt-pdpolicy-base8 yamt-pdpolicy-base7 yamt-pdpolicy-base6 chap-midi-nbase gdamore-uart-base yamt-pdpolicy-base5 chap-midi-base yamt-pdpolicy-base4 elad-kernelauth-base simonb-timecounters-base rpaulo-netinet-merge-pcb-base
|
#
1.13 |
|
02-Apr-2006 |
dsl |
branches: 1.13.8; 1.13.10; malloc data the size the pointer points to, not the size of a pointer. Maybe we get away with this (at least on 32bit archs) because the structure is 24 bytes and I bet the minimum allocation size is 32. Fixed coverty CIDs 2732 and 2733
|
Revision tags: yamt-pdpolicy-base3
|
#
1.12 |
|
17-Mar-2006 |
christos |
don't use MALLOC with a non-constant size; use malloc instead.
|
Revision tags: peter-altq-base yamt-pdpolicy-base2 yamt-pdpolicy-base yamt-uio_vmspace-base5 yamt-readahead-base3 ktrace-lwp-base
|
#
1.11 |
|
25-Nov-2005 |
thorpej |
branches: 1.11.4; 1.11.6; 1.11.8; 1.11.10; 1.11.12; swcr -> swcrypto
|
#
1.10 |
|
25-Nov-2005 |
thorpej |
- De-couple the software crypto implementation from the rest of the framework. There is no need to waste the space if you are only using algoritms provided by hardware accelerators. To get the software implementations, add "pseudo-device swcr" to your kernel config. - Lazily initialize the opencrypto framework when crypto drivers (either hardware or swcr) register themselves with the framework.
|
Revision tags: netbsd-3-1-1-RELEASE netbsd-3-0-3-RELEASE netbsd-3-1-RELEASE netbsd-3-0-2-RELEASE netbsd-3-1-RC4 netbsd-3-1-RC3 netbsd-3-1-RC2 netbsd-3-1-RC1 netbsd-3-0-1-RELEASE netbsd-3-0-RELEASE netbsd-3-0-RC6 netbsd-3-0-RC5 netbsd-3-0-RC4 netbsd-3-0-RC3 yamt-readahead-base2 netbsd-3-0-RC2 yamt-readahead-pervnode yamt-readahead-perfile yamt-readahead-base netbsd-3-0-RC1 yamt-vop-base3 yamt-vop-base2 thorpej-vnode-attr-base yamt-vop-base yamt-km-base4 yamt-km-base3 netbsd-3-base kent-audio2-base
|
#
1.9 |
|
26-Feb-2005 |
perry |
branches: 1.9.4; 1.9.10; nuke trailing whitespace
|
Revision tags: netbsd-2-0-3-RELEASE netbsd-2-1-RELEASE netbsd-2-1-RC6 netbsd-2-1-RC5 netbsd-2-1-RC4 netbsd-2-1-RC3 netbsd-2-1-RC2 netbsd-2-1-RC1 netbsd-2-0-2-RELEASE yamt-km-base2 yamt-km-base netbsd-2-0-1-RELEASE kent-audio1-beforemerge netbsd-2-base kent-audio1-base netbsd-2-0-RELEASE netbsd-2-0-RC5 netbsd-2-0-RC4 netbsd-2-0-RC3 netbsd-2-0-RC2 netbsd-2-0-RC1 netbsd-2-0-base
|
#
1.8 |
|
27-Aug-2003 |
thorpej |
branches: 1.8.4; 1.8.10; 1.8.12; Some const poisoning.
|
#
1.7 |
|
26-Aug-2003 |
thorpej |
Remove a bunch of unnecessary includes.
|
#
1.6 |
|
25-Aug-2003 |
thorpej |
It's bad form to use the <opencrypto/rmd160.h> header file while using the crypto/ripemd160/rmd160.c implementation. Remove the opencrypto-local copies of these files entirely.
|
#
1.5 |
|
30-Jul-2003 |
jonathan |
Garbage-collect references to OpenBSD-only <dev/rndvar.h>.
|
#
1.4 |
|
28-Jul-2003 |
jonathan |
Remove vestiges of OpenBSD <sys/md5k.h> header.
|
#
1.3 |
|
27-Jul-2003 |
jonathan |
Cleanup traces of previous standalone m_apply()/m_getptr().
|
#
1.2 |
|
26-Jul-2003 |
jonathan |
Fix authentication hashes requested via /dev/crypto. The handler for userland hashes case was partly omitted in the OpenBSD -> FreeBSD port.
|
#
1.1 |
|
25-Jul-2003 |
jonathan |
Commit initial NetBSD port of the OpenCrypto Framework (OCF). This code is derived from Sam Leffler's FreeBSD port of OCF, which is in turn a port of Angelos Keromytis's OpenBSD work. Credit to Sam and Angelos, any blame for the NetBSD port to me.
|
#
1.54 |
|
12-Oct-2019 |
christos |
add (void *) intermediate casts to elide gcc function cast warnings. This is the simplest solution; choices: - add pragmas, complex and ugly (need to be gcc-specific) - add -Wno to COPTS. Needs to be done in many makefiles because of rump - add intermediate functions: slows down things
|
Revision tags: netbsd-9-base
|
#
1.53 |
|
11-Jul-2019 |
christos |
Disable unloading until we keep track of references
|
Revision tags: phil-wifi-20190609 isaki-audio2-base pgoyette-compat-merge-20190127 pgoyette-compat-20190127 pgoyette-compat-20190118 pgoyette-compat-1226 pgoyette-compat-1126 pgoyette-compat-1020 pgoyette-compat-0930 pgoyette-compat-0906 pgoyette-compat-0728 phil-wifi-base pgoyette-compat-0625 pgoyette-compat-0521 pgoyette-compat-0502 pgoyette-compat-0422 pgoyette-compat-0415 pgoyette-compat-0407 pgoyette-compat-0330 pgoyette-compat-0322 pgoyette-compat-0315 pgoyette-compat-base tls-maxphys-base-20171202 nick-nhusb-base-20170825 perseant-stdc-iso10646-base
|
#
1.52 |
|
23-Jun-2017 |
knakahara |
fix cryptosoft.c:r1.51 mistake. swcrypto_attach() must not be called from module_init_class().
swcrypto_attach() will call softint_establish(), it must be called after cpus attached. module_init_class() is too early to call softint_establish().
|
Revision tags: netbsd-8-base
|
#
1.51 |
|
01-Jun-2017 |
knakahara |
branches: 1.51.2; swcrypto0 was initialized twice. Fix like pseudo network interfaces.
ok by pgoyette@n.o.
|
Revision tags: prg-localcount2-base3
|
#
1.50 |
|
17-May-2017 |
knakahara |
opencrypto: cleanup debug messages.
|
Revision tags: prg-localcount2-base2 prg-localcount2-base1 prg-localcount2-base pgoyette-localcount-20170426 bouyer-socketcan-base1
|
#
1.49 |
|
18-Apr-2017 |
maya |
branches: 1.49.2; Remove duplicate assignment. We assign the same value unconditionally just before.
from clang static analyzer
XXX surrounding code seems fishy
|
#
1.48 |
|
13-Apr-2017 |
ozaki-r |
Fix usage of MD5Final/SHA1Final
Passing NULL as the digest parameter is wrong.
|
Revision tags: jdolecek-ncq-base pgoyette-localcount-20170320 nick-nhusb-base-20170204 bouyer-socketcan-base pgoyette-localcount-20170107 nick-nhusb-base-20161204 pgoyette-localcount-20161104 nick-nhusb-base-20161004 localcount-20160914 pgoyette-localcount-20160806 pgoyette-localcount-20160726 pgoyette-localcount-base nick-nhusb-base-20160907 nick-nhusb-base-20160529 nick-nhusb-base-20160422 nick-nhusb-base-20160319 nick-nhusb-base-20151226 nick-nhusb-base-20150921
|
#
1.47 |
|
20-Aug-2015 |
christos |
branches: 1.47.2; 1.47.4; include "ioconf.h" to get the 'void <driver>attach(int count);' prototype.
|
Revision tags: netbsd-7-2-RELEASE netbsd-7-1-2-RELEASE netbsd-7-1-1-RELEASE netbsd-7-1-RELEASE netbsd-7-1-RC2 netbsd-7-nhusb-base-20170116 netbsd-7-1-RC1 netbsd-7-0-2-RELEASE netbsd-7-nhusb-base netbsd-7-0-1-RELEASE netbsd-7-0-RELEASE netbsd-7-0-RC3 netbsd-7-0-RC2 netbsd-7-0-RC1 nick-nhusb-base-20150606 nick-nhusb-base-20150406 nick-nhusb-base netbsd-7-base tls-earlyentropy-base tls-maxphys-base
|
#
1.46 |
|
02-Jul-2014 |
riastradh |
branches: 1.46.4; If we register with pmf on attach, deregister on detach.
|
#
1.45 |
|
21-Jun-2014 |
christos |
register with pmf.
|
Revision tags: yamt-pagecache-base9 riastradh-xf86-video-intel-2-7-1-pre-2-21-15 riastradh-drm2-base3 rmind-smpnet-nbase rmind-smpnet-base
|
#
1.44 |
|
01-Jan-2014 |
pgoyette |
branches: 1.44.2; Modularize the opencrypto components and link to the build
|
#
1.43 |
|
12-Sep-2013 |
martin |
Remove unused variable
|
Revision tags: riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base
|
#
1.42 |
|
24-Jun-2013 |
riastradh |
branches: 1.42.2; Replace consttime_bcmp/explicit_bzero by consttime_memequal/explicit_memset.
consttime_memequal is the same as the old consttime_bcmp. explicit_memset is to memset as explicit_bzero was to bcmp.
Passes amd64 release and i386/ALL, but I'm sure I missed some spots, so please let me know.
|
Revision tags: agc-symver-base
|
#
1.41 |
|
02-Feb-2013 |
christos |
fix compilation
|
Revision tags: yamt-pagecache-base8 yamt-pagecache-base7 yamt-pagecache-base6
|
#
1.40 |
|
30-Aug-2012 |
drochner |
branches: 1.40.2; Add "consttime_bcmp" and "explicit_bzero" functions for both kernel abd userland, as proposed on tech-security, with explicit_bzero using a volatile function pointer as suggested by Alan Barrett. Both do what the name says. For userland, both are prefixed by "__" to keep them out of the user namespace. Change some memset/memcmp uses to the new functions where it makes sense -- these are just some examples, more to come.
|
Revision tags: netbsd-6-0-6-RELEASE netbsd-6-1-5-RELEASE netbsd-6-1-4-RELEASE netbsd-6-0-5-RELEASE netbsd-6-1-3-RELEASE netbsd-6-0-4-RELEASE netbsd-6-1-2-RELEASE netbsd-6-0-3-RELEASE netbsd-6-1-1-RELEASE netbsd-6-0-2-RELEASE netbsd-6-1-RELEASE netbsd-6-1-RC4 netbsd-6-1-RC3 netbsd-6-1-RC2 netbsd-6-1-RC1 netbsd-6-0-1-RELEASE matt-nb6-plus-nbase netbsd-6-0-RELEASE netbsd-6-0-RC2 matt-nb6-plus-base netbsd-6-0-RC1 jmcneill-usbmp-base10 yamt-pagecache-base5 jmcneill-usbmp-base9 yamt-pagecache-base4 jmcneill-usbmp-base8 jmcneill-usbmp-base7 jmcneill-usbmp-base6 jmcneill-usbmp-base5 jmcneill-usbmp-base4 jmcneill-usbmp-base3 jmcneill-usbmp-pre-base2 jmcneill-usbmp-base2 netbsd-6-base jmcneill-usbmp-base
|
#
1.39 |
|
28-Nov-2011 |
tls |
Remove arc4random() and arc4randbytes() from the kernel API. Replace arc4random() hacks in rump with stubs that call the host arc4random() to get numbers that are hopefully actually random (arc4random() keyed with stack junk is not). This should fix some of the currently failing anita tests -- we should no longer generate duplicate "random" MAC addresses in the test environment.
|
Revision tags: jmcneill-audiomp3-base yamt-pagecache-base3 yamt-pagecache-base2 yamt-pagecache-base rmind-uvmplock-nbase rmind-uvmplock-base
|
#
1.38 |
|
07-Jun-2011 |
drochner |
branches: 1.38.2; use a simple counter as IV for AES-GMAC as suggested in RFC4543
|
Revision tags: cherry-xenmp-base
|
#
1.37 |
|
26-May-2011 |
drochner |
branches: 1.37.2; pull in AES-GCM/GMAC support from OpenBSD This is still somewhat experimental. Tested between 2 similar boxes so far. There is much potential for performance improvement. For now, I've changed the gmac code to accept any data alignment, as the "char *" pointer suggests. As the code is practically used, 32-bit alignment can be assumed, at the cost of data copies. I don't know whether bytewise access or copies are worse performance-wise. For efficient implementations using SSE2 instructions on x86, even stricter alignment requirements might arise.
|
#
1.36 |
|
24-May-2011 |
drochner |
copy AES-XCBC-MAC support from KAME IPSEC to FAST_IPSEC For this to fit, an API change in cryptosoft was adopted from OpenBSD (addition of a "Setkey" method to hashes) which was done for GCM/GMAC support there, so it might be useful in the future anyway. tested against KAME IPSEC AFAICT, FAST_IPSEC now supports as much as KAME.
|
#
1.35 |
|
24-May-2011 |
drochner |
move the "context size" struct member (which is a pure software implementation thing) from the abstract xform descriptor to the cryptosoft implementation part -- for sanity, and now clients of opencrypto don't depend on headers of cipher implementations anymore
|
#
1.34 |
|
24-May-2011 |
drochner |
Change the way the IV is generated for AES-CTR: use a simple counter instead of arc4random(). AES-CTR is sensitive against IV recurrence (with the same key / nonce), and a random number doesn't give that guarantee. This needs a little API change in cryptosoft -- I've suggested it to Open/FreeBSD, might change it depending on feedback. Thanks to Steven Bellovin for hints.
|
#
1.33 |
|
23-May-2011 |
drochner |
add an AES-CTR xform, from OpenBSD
|
#
1.32 |
|
23-May-2011 |
drochner |
-in the descriptor for encryption xforms, split the "blocksize" field into "blocksize" and "IV size" -add an "reinit" function pointer which, if set, means that the xform does its IV handling itself and doesn't want the default CBC handling by the framework (poor name, but left that way to avoid unecessary differences) This syncs with Open/FreeBSD, purpose is to allow non-CBC transforms. Refer to ivsize instead of blocksize where appropriate. (At this point, blocksize and ivsize are identical.)
|
#
1.31 |
|
21-May-2011 |
drochner |
fix a logics bug (which has been here from the beginning) which made that only 96 random bits were used for IV generation, this caused eg that the last 4 bytes of the IV in ESP/AES-CBC were constant, leaking kernel memory affects FAST_IPSEC only
|
#
1.30 |
|
05-May-2011 |
drochner |
support camellia-cbc by swcrypt
|
Revision tags: bouyer-quota2-nbase
|
#
1.29 |
|
25-Feb-2011 |
drochner |
make the use of SHA2-HMAC by FAST_IPSEC compliant to current standards: -RFC2104 says that the block size of the hash algorithm must be used for key/ipad/opad calculations. While formerly all ciphers used a block length of 64, SHA384 and SHA512 use 128 bytes. So we can't use the HMAC_BLOCK_LEN constant anymore. Add a new field to "struct auth_hash" for the per-cipher blocksize. -Due to this, there can't be a single "CRYPTO_SHA2_HMAC" external name anymore. Replace this by 3 for the 3 different keysizes. This was done by Open/FreeBSD before. -Also fix the number of authenticator bits used tor ESP and AH to conform to RFC4868, and remove uses of AH_HMAC_HASHLEN which did assume a fixed authenticator size of 12 bytes.
FAST_IPSEC will not interoperate with KAME IPSEC anymore if sha2 is used, because the latter doesn't implement these standards. It should interoperate with at least modern Free/OpenBSD now. (I've only tested with NetBSD-current/FAST_IPSEC on both ends.)
|
#
1.28 |
|
24-Feb-2011 |
drochner |
small modifications in dealing with the unknown result size of compression/ decompression: -seperate the IPCOMP specific rule that compression must not grow the data from general compression semantics: Introduce a special name CRYPTO_DEFLATE_COMP_NOGROW/comp_algo_deflate_nogrow to describe the IPCOMP semantics and use it there. (being here, fix the check so that equal size is considered failure as well as required by RFC2393) Customers of CRYPTO_DEFLATE_COMP/comp_algo_deflate now always get deflated data back, even if they are not smaller than the original. -allow to pass a "size hint" to the DEFLATE decompression function which is used for the initial buffer allocation. Due to the changes done there, additional allocations and extra copies are avoided if the initial allocation is sufficient. Set the size hint to MCLBYTES (=2k) in IPCOMP which should be good for many use cases.
|
Revision tags: bouyer-quota2-base
|
#
1.27 |
|
10-Feb-2011 |
drochner |
Don't store temporary values in the opencrypto session data struct which can be shared by multiple threads -- pass them on the stack instead. Add some "const" to document this. (One _could_ use the session struct for temporary stuff with proper locking, but it seems unnecessary here.) Also remove the unused SW_crc member in the session struct. From Wolfgang Stukenbrock per PR kern/44472.
|
Revision tags: jruoho-x86intr-base matt-mips64-premerge-20101231 uebayasi-xip-base4 uebayasi-xip-base3 yamt-nfs-mp-base11 uebayasi-xip-base2 yamt-nfs-mp-base10
|
#
1.26 |
|
02-Aug-2010 |
jakllsch |
branches: 1.26.2; 1.26.4; Consistently use a single CRYPTO_SESID2HID-like macro. Improve CRYPTO_DEBUG printing a bit: print pointers with %p print unsigned with %u rather than %d use CRYPTO_SESID2LID instead of just casting to uint32_t
|
Revision tags: uebayasi-xip-base1 yamt-nfs-mp-base9 uebayasi-xip-base matt-premerge-20091211 yamt-nfs-mp-base8 yamt-nfs-mp-base7 jymxensuspend-base yamt-nfs-mp-base6 yamt-nfs-mp-base5 yamt-nfs-mp-base4 jym-xensuspend-nbase yamt-nfs-mp-base3 nick-hppapmap-base4 nick-hppapmap-base3 jym-xensuspend-base nick-hppapmap-base
|
#
1.25 |
|
18-Apr-2009 |
tsutsui |
branches: 1.25.2; 1.25.4; Remove extra whitespace added by a stupid tool. XXX: more in src/sys/arch
|
#
1.24 |
|
25-Mar-2009 |
darran |
Fixes PR kern/41069 and PR kern/41070.
Extends the Opencrypto API to allow the destination buffer size to be specified when its not the same size as the input buffer (i.e. for operations like compress and decompress). The crypto_op and crypt_n_op structures gain a u_int dst_len field. The session_op structure gains a comp_alg field to specify a compression algorithm. Moved four ioctls to new ids; CIOCGSESSION, CIOCNGSESSION, CIOCCRYPT, and CIOCNCRYPTM. Added four backward compatible ioctls; OCIOCGSESSION, OCIOCNGSESSION, OCIOCCRYPT, and OCIOCNCRYPTM.
Backward compatibility is maintained in ocryptodev.h and ocryptodev.c which implement the original ioctls and set dst_len and comp_alg to 0.
Adds user-space access to compression features.
Adds software gzip support (CRYPTO_GZIP_COMP).
Adds the fast version of crc32 from zlib to libkern. This should be generally useful and provide a place to start normalizing the various crc32 routines in the kernel. The crc32 routine is used in this patch to support GZIP.
With input and support from tls@NetBSD.org.
|
#
1.23 |
|
18-Mar-2009 |
cegger |
bcopy -> memcpy
|
#
1.22 |
|
18-Mar-2009 |
cegger |
bzero -> memset
|
Revision tags: nick-hppapmap-base2 mjf-devfs2-base
|
#
1.21 |
|
17-Dec-2008 |
cegger |
branches: 1.21.2; kill MALLOC and FREE macros.
|
Revision tags: matt-nb5-mips64-premerge-20101231 matt-nb5-mips64-k15 netbsd-5-0-2-RELEASE matt-nb5-mips64-premerge-20091211 matt-nb5-mips64-u2-k2-k4-k7-k8-k9 matt-nb4-mips64-k7-u2a-k9b matt-nb5-mips64-u1-k1-k5 netbsd-5-0-1-RELEASE netbsd-5-0-RELEASE netbsd-5-0-RC4 netbsd-5-0-RC3 netbsd-5-0-RC2 netbsd-5-0-RC1 haad-dm-base2 haad-nbase2 ad-audiomp2-base netbsd-5-base matt-mips64-base2 haad-dm-base1 wrstuden-revivesa-base-4 wrstuden-revivesa-base-3 wrstuden-revivesa-base-2 haad-dm-base wrstuden-revivesa-base-1 simonb-wapbl-nbase yamt-pf42-base4 simonb-wapbl-base yamt-pf42-base3 hpcarm-cleanup-nbase yamt-pf42-baseX yamt-pf42-base2 yamt-nfs-mp-base2 wrstuden-revivesa-base yamt-nfs-mp-base yamt-pf42-base ad-socklock-base1 yamt-lazymbuf-base15 yamt-lazymbuf-base14 keiichi-mipv6-nbase nick-net80211-sync-base keiichi-mipv6-base matt-armv6-nbase mjf-devfs-base hpcarm-cleanup-base
|
#
1.20 |
|
04-Feb-2008 |
tls |
branches: 1.20.6; 1.20.10; 1.20.18; 1.20.20; 1.20.26; Rework opencrypto to use a spin mutex (crypto_mtx) instead of "splcrypto" (actually splnet) and condvars instead of tsleep/wakeup. Fix a few miscellaneous problems and add some debugging printfs while there.
Restore set of CRYPTO_F_DONE in crypto_done() which was lost at some point after this code came from FreeBSD -- it made it impossible to wait properly for a condition.
Add flags analogous to the "crp" flags to the key operation's krp struct. Add a new flag, CRYPTO_F_ONRETQ which tells us a request finished before the kthread had a chance to dequeue it and call its callback -- this was letting requests stick on the queues before even though done and copied out.
Callers of crypto_newsession() or crypto_freesession() must now take the mutex. Change netipsec to do so. Dispatch takes the mutex itself as needed.
This was tested fairly extensively with the cryptosoft backend and lightly with a new hardware driver. It has not been tested with FAST_IPSEC; I am unable to ascertain whether FAST_IPSEC currently works at all in our tree.
pjd@FreeBSD.ORG, ad@NetBSD.ORG, and darran@snark.us pointed me in the right direction several times in the course of this. Remaining bugs are mine alone.
|
#
1.19 |
|
02-Feb-2008 |
tls |
Add CRYPTO_*_HMAC_96 defines -- missed this file in previous commit.
|
#
1.18 |
|
01-Feb-2008 |
tls |
This code never worked on a released version of FreeBSD in the form it's been in in our tree, and certainly does not work on any version of FreeBSD now. Run through unifdef -D__NetBSD__ -U__FreeBSD__ yielding a small reduction of size and a dramatic improvement in readability.
No, this does not yield any meaningful decrease in patchability (unlike mechanical changes that touch live source lines) -- try it and see.
|
Revision tags: nick-csl-alignment-base5 bouyer-xeni386-merge1 matt-armv6-prevmlocking vmlocking2-base3 bouyer-xeni386-nbase yamt-kmem-base3 cube-autoconf-base yamt-kmem-base2 bouyer-xeni386-base yamt-kmem-base vmlocking2-base2 reinoud-bufcleanup-nbase vmlocking2-base1 jmcneill-base bouyer-xenamd64-base2 vmlocking-nbase yamt-x86pmap-base4 bouyer-xenamd64-base yamt-x86pmap-base3 yamt-x86pmap-base2 yamt-x86pmap-base matt-armv6-base matt-mips64-base jmcneill-pm-base nick-csl-alignment-base yamt-idlelwp-base8 thorpej-atomic-base reinoud-bufcleanup-base mjf-ufs-trans-base vmlocking-base
|
#
1.17 |
|
04-Mar-2007 |
christos |
branches: 1.17.16; 1.17.22; Kill caddr_t; there will be some MI fallout, but it will be fixed shortly.
|
Revision tags: ad-audiomp-base
|
#
1.16 |
|
17-Feb-2007 |
daniel |
branches: 1.16.2; Add an opencrypto provider for the AES xcrypt instructions found on VIA C5P and later cores (also known as 'ACE', which is part of the VIA PadLock security engine). Ported from OpenBSD.
Reviewed on tech-crypto and port-i386, no objections to commiting this.
|
Revision tags: netbsd-4-0-1-RELEASE wrstuden-fixsa-newbase wrstuden-fixsa-base-1 netbsd-4-0-RELEASE netbsd-4-0-RC5 matt-nb4-arm-base netbsd-4-0-RC4 netbsd-4-0-RC3 netbsd-4-0-RC2 netbsd-4-0-RC1 wrstuden-fixsa-base post-newlock2-merge newlock2-nbase yamt-splraiseipl-base5 yamt-splraiseipl-base4 yamt-splraiseipl-base3 newlock2-base netbsd-4-base
|
#
1.15 |
|
16-Nov-2006 |
christos |
__unused removal on arguments; approved by core.
|
Revision tags: yamt-splraiseipl-base2
|
#
1.14 |
|
12-Oct-2006 |
christos |
- sprinkle __unused on function decls. - fix a couple of unused bugs - no more -Wno-unused for i386
|
Revision tags: abandoned-netbsd-4-base yamt-splraiseipl-base yamt-pdpolicy-base9 yamt-pdpolicy-base8 yamt-pdpolicy-base7 yamt-pdpolicy-base6 chap-midi-nbase gdamore-uart-base yamt-pdpolicy-base5 chap-midi-base yamt-pdpolicy-base4 elad-kernelauth-base simonb-timecounters-base rpaulo-netinet-merge-pcb-base
|
#
1.13 |
|
02-Apr-2006 |
dsl |
branches: 1.13.8; 1.13.10; malloc data the size the pointer points to, not the size of a pointer. Maybe we get away with this (at least on 32bit archs) because the structure is 24 bytes and I bet the minimum allocation size is 32. Fixed coverty CIDs 2732 and 2733
|
Revision tags: yamt-pdpolicy-base3
|
#
1.12 |
|
17-Mar-2006 |
christos |
don't use MALLOC with a non-constant size; use malloc instead.
|
Revision tags: peter-altq-base yamt-pdpolicy-base2 yamt-pdpolicy-base yamt-uio_vmspace-base5 yamt-readahead-base3 ktrace-lwp-base
|
#
1.11 |
|
25-Nov-2005 |
thorpej |
branches: 1.11.4; 1.11.6; 1.11.8; 1.11.10; 1.11.12; swcr -> swcrypto
|
#
1.10 |
|
25-Nov-2005 |
thorpej |
- De-couple the software crypto implementation from the rest of the framework. There is no need to waste the space if you are only using algoritms provided by hardware accelerators. To get the software implementations, add "pseudo-device swcr" to your kernel config. - Lazily initialize the opencrypto framework when crypto drivers (either hardware or swcr) register themselves with the framework.
|
Revision tags: netbsd-3-1-1-RELEASE netbsd-3-0-3-RELEASE netbsd-3-1-RELEASE netbsd-3-0-2-RELEASE netbsd-3-1-RC4 netbsd-3-1-RC3 netbsd-3-1-RC2 netbsd-3-1-RC1 netbsd-3-0-1-RELEASE netbsd-3-0-RELEASE netbsd-3-0-RC6 netbsd-3-0-RC5 netbsd-3-0-RC4 netbsd-3-0-RC3 yamt-readahead-base2 netbsd-3-0-RC2 yamt-readahead-pervnode yamt-readahead-perfile yamt-readahead-base netbsd-3-0-RC1 yamt-vop-base3 yamt-vop-base2 thorpej-vnode-attr-base yamt-vop-base yamt-km-base4 yamt-km-base3 netbsd-3-base kent-audio2-base
|
#
1.9 |
|
26-Feb-2005 |
perry |
branches: 1.9.4; 1.9.10; nuke trailing whitespace
|
Revision tags: netbsd-2-0-3-RELEASE netbsd-2-1-RELEASE netbsd-2-1-RC6 netbsd-2-1-RC5 netbsd-2-1-RC4 netbsd-2-1-RC3 netbsd-2-1-RC2 netbsd-2-1-RC1 netbsd-2-0-2-RELEASE yamt-km-base2 yamt-km-base netbsd-2-0-1-RELEASE kent-audio1-beforemerge netbsd-2-base kent-audio1-base netbsd-2-0-RELEASE netbsd-2-0-RC5 netbsd-2-0-RC4 netbsd-2-0-RC3 netbsd-2-0-RC2 netbsd-2-0-RC1 netbsd-2-0-base
|
#
1.8 |
|
27-Aug-2003 |
thorpej |
branches: 1.8.4; 1.8.10; 1.8.12; Some const poisoning.
|
#
1.7 |
|
26-Aug-2003 |
thorpej |
Remove a bunch of unnecessary includes.
|
#
1.6 |
|
25-Aug-2003 |
thorpej |
It's bad form to use the <opencrypto/rmd160.h> header file while using the crypto/ripemd160/rmd160.c implementation. Remove the opencrypto-local copies of these files entirely.
|
#
1.5 |
|
30-Jul-2003 |
jonathan |
Garbage-collect references to OpenBSD-only <dev/rndvar.h>.
|
#
1.4 |
|
28-Jul-2003 |
jonathan |
Remove vestiges of OpenBSD <sys/md5k.h> header.
|
#
1.3 |
|
27-Jul-2003 |
jonathan |
Cleanup traces of previous standalone m_apply()/m_getptr().
|
#
1.2 |
|
26-Jul-2003 |
jonathan |
Fix authentication hashes requested via /dev/crypto. The handler for userland hashes case was partly omitted in the OpenBSD -> FreeBSD port.
|
#
1.1 |
|
25-Jul-2003 |
jonathan |
Commit initial NetBSD port of the OpenCrypto Framework (OCF). This code is derived from Sam Leffler's FreeBSD port of OCF, which is in turn a port of Angelos Keromytis's OpenBSD work. Credit to Sam and Angelos, any blame for the NetBSD port to me.
|
#
1.53 |
|
11-Jul-2019 |
christos |
Disable unloading until we keep track of references
|
Revision tags: phil-wifi-20190609 isaki-audio2-base pgoyette-compat-merge-20190127 pgoyette-compat-20190127 pgoyette-compat-20190118 pgoyette-compat-1226 pgoyette-compat-1126 pgoyette-compat-1020 pgoyette-compat-0930 pgoyette-compat-0906 pgoyette-compat-0728 phil-wifi-base pgoyette-compat-0625 pgoyette-compat-0521 pgoyette-compat-0502 pgoyette-compat-0422 pgoyette-compat-0415 pgoyette-compat-0407 pgoyette-compat-0330 pgoyette-compat-0322 pgoyette-compat-0315 pgoyette-compat-base tls-maxphys-base-20171202 nick-nhusb-base-20170825 perseant-stdc-iso10646-base
|
#
1.52 |
|
23-Jun-2017 |
knakahara |
fix cryptosoft.c:r1.51 mistake. swcrypto_attach() must not be called from module_init_class().
swcrypto_attach() will call softint_establish(), it must be called after cpus attached. module_init_class() is too early to call softint_establish().
|
Revision tags: netbsd-8-base
|
#
1.51 |
|
01-Jun-2017 |
knakahara |
branches: 1.51.2; swcrypto0 was initialized twice. Fix like pseudo network interfaces.
ok by pgoyette@n.o.
|
Revision tags: prg-localcount2-base3
|
#
1.50 |
|
17-May-2017 |
knakahara |
opencrypto: cleanup debug messages.
|
Revision tags: prg-localcount2-base2 prg-localcount2-base1 prg-localcount2-base pgoyette-localcount-20170426 bouyer-socketcan-base1
|
#
1.49 |
|
18-Apr-2017 |
maya |
branches: 1.49.2; Remove duplicate assignment. We assign the same value unconditionally just before.
from clang static analyzer
XXX surrounding code seems fishy
|
#
1.48 |
|
13-Apr-2017 |
ozaki-r |
Fix usage of MD5Final/SHA1Final
Passing NULL as the digest parameter is wrong.
|
Revision tags: jdolecek-ncq-base pgoyette-localcount-20170320 nick-nhusb-base-20170204 bouyer-socketcan-base pgoyette-localcount-20170107 nick-nhusb-base-20161204 pgoyette-localcount-20161104 nick-nhusb-base-20161004 localcount-20160914 pgoyette-localcount-20160806 pgoyette-localcount-20160726 pgoyette-localcount-base nick-nhusb-base-20160907 nick-nhusb-base-20160529 nick-nhusb-base-20160422 nick-nhusb-base-20160319 nick-nhusb-base-20151226 nick-nhusb-base-20150921
|
#
1.47 |
|
20-Aug-2015 |
christos |
branches: 1.47.2; 1.47.4; include "ioconf.h" to get the 'void <driver>attach(int count);' prototype.
|
Revision tags: netbsd-7-2-RELEASE netbsd-7-1-2-RELEASE netbsd-7-1-1-RELEASE netbsd-7-1-RELEASE netbsd-7-1-RC2 netbsd-7-nhusb-base-20170116 netbsd-7-1-RC1 netbsd-7-0-2-RELEASE netbsd-7-nhusb-base netbsd-7-0-1-RELEASE netbsd-7-0-RELEASE netbsd-7-0-RC3 netbsd-7-0-RC2 netbsd-7-0-RC1 nick-nhusb-base-20150606 nick-nhusb-base-20150406 nick-nhusb-base netbsd-7-base tls-earlyentropy-base tls-maxphys-base
|
#
1.46 |
|
02-Jul-2014 |
riastradh |
branches: 1.46.4; If we register with pmf on attach, deregister on detach.
|
#
1.45 |
|
21-Jun-2014 |
christos |
register with pmf.
|
Revision tags: yamt-pagecache-base9 riastradh-xf86-video-intel-2-7-1-pre-2-21-15 riastradh-drm2-base3 rmind-smpnet-nbase rmind-smpnet-base
|
#
1.44 |
|
01-Jan-2014 |
pgoyette |
branches: 1.44.2; Modularize the opencrypto components and link to the build
|
#
1.43 |
|
12-Sep-2013 |
martin |
Remove unused variable
|
Revision tags: riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base
|
#
1.42 |
|
24-Jun-2013 |
riastradh |
branches: 1.42.2; Replace consttime_bcmp/explicit_bzero by consttime_memequal/explicit_memset.
consttime_memequal is the same as the old consttime_bcmp. explicit_memset is to memset as explicit_bzero was to bcmp.
Passes amd64 release and i386/ALL, but I'm sure I missed some spots, so please let me know.
|
Revision tags: agc-symver-base
|
#
1.41 |
|
02-Feb-2013 |
christos |
fix compilation
|
Revision tags: yamt-pagecache-base8 yamt-pagecache-base7 yamt-pagecache-base6
|
#
1.40 |
|
30-Aug-2012 |
drochner |
branches: 1.40.2; Add "consttime_bcmp" and "explicit_bzero" functions for both kernel abd userland, as proposed on tech-security, with explicit_bzero using a volatile function pointer as suggested by Alan Barrett. Both do what the name says. For userland, both are prefixed by "__" to keep them out of the user namespace. Change some memset/memcmp uses to the new functions where it makes sense -- these are just some examples, more to come.
|
Revision tags: netbsd-6-0-6-RELEASE netbsd-6-1-5-RELEASE netbsd-6-1-4-RELEASE netbsd-6-0-5-RELEASE netbsd-6-1-3-RELEASE netbsd-6-0-4-RELEASE netbsd-6-1-2-RELEASE netbsd-6-0-3-RELEASE netbsd-6-1-1-RELEASE netbsd-6-0-2-RELEASE netbsd-6-1-RELEASE netbsd-6-1-RC4 netbsd-6-1-RC3 netbsd-6-1-RC2 netbsd-6-1-RC1 netbsd-6-0-1-RELEASE matt-nb6-plus-nbase netbsd-6-0-RELEASE netbsd-6-0-RC2 matt-nb6-plus-base netbsd-6-0-RC1 jmcneill-usbmp-base10 yamt-pagecache-base5 jmcneill-usbmp-base9 yamt-pagecache-base4 jmcneill-usbmp-base8 jmcneill-usbmp-base7 jmcneill-usbmp-base6 jmcneill-usbmp-base5 jmcneill-usbmp-base4 jmcneill-usbmp-base3 jmcneill-usbmp-pre-base2 jmcneill-usbmp-base2 netbsd-6-base jmcneill-usbmp-base
|
#
1.39 |
|
28-Nov-2011 |
tls |
Remove arc4random() and arc4randbytes() from the kernel API. Replace arc4random() hacks in rump with stubs that call the host arc4random() to get numbers that are hopefully actually random (arc4random() keyed with stack junk is not). This should fix some of the currently failing anita tests -- we should no longer generate duplicate "random" MAC addresses in the test environment.
|
Revision tags: jmcneill-audiomp3-base yamt-pagecache-base3 yamt-pagecache-base2 yamt-pagecache-base rmind-uvmplock-nbase rmind-uvmplock-base
|
#
1.38 |
|
07-Jun-2011 |
drochner |
branches: 1.38.2; use a simple counter as IV for AES-GMAC as suggested in RFC4543
|
Revision tags: cherry-xenmp-base
|
#
1.37 |
|
26-May-2011 |
drochner |
branches: 1.37.2; pull in AES-GCM/GMAC support from OpenBSD This is still somewhat experimental. Tested between 2 similar boxes so far. There is much potential for performance improvement. For now, I've changed the gmac code to accept any data alignment, as the "char *" pointer suggests. As the code is practically used, 32-bit alignment can be assumed, at the cost of data copies. I don't know whether bytewise access or copies are worse performance-wise. For efficient implementations using SSE2 instructions on x86, even stricter alignment requirements might arise.
|
#
1.36 |
|
24-May-2011 |
drochner |
copy AES-XCBC-MAC support from KAME IPSEC to FAST_IPSEC For this to fit, an API change in cryptosoft was adopted from OpenBSD (addition of a "Setkey" method to hashes) which was done for GCM/GMAC support there, so it might be useful in the future anyway. tested against KAME IPSEC AFAICT, FAST_IPSEC now supports as much as KAME.
|
#
1.35 |
|
24-May-2011 |
drochner |
move the "context size" struct member (which is a pure software implementation thing) from the abstract xform descriptor to the cryptosoft implementation part -- for sanity, and now clients of opencrypto don't depend on headers of cipher implementations anymore
|
#
1.34 |
|
24-May-2011 |
drochner |
Change the way the IV is generated for AES-CTR: use a simple counter instead of arc4random(). AES-CTR is sensitive against IV recurrence (with the same key / nonce), and a random number doesn't give that guarantee. This needs a little API change in cryptosoft -- I've suggested it to Open/FreeBSD, might change it depending on feedback. Thanks to Steven Bellovin for hints.
|
#
1.33 |
|
23-May-2011 |
drochner |
add an AES-CTR xform, from OpenBSD
|
#
1.32 |
|
23-May-2011 |
drochner |
-in the descriptor for encryption xforms, split the "blocksize" field into "blocksize" and "IV size" -add an "reinit" function pointer which, if set, means that the xform does its IV handling itself and doesn't want the default CBC handling by the framework (poor name, but left that way to avoid unecessary differences) This syncs with Open/FreeBSD, purpose is to allow non-CBC transforms. Refer to ivsize instead of blocksize where appropriate. (At this point, blocksize and ivsize are identical.)
|
#
1.31 |
|
21-May-2011 |
drochner |
fix a logics bug (which has been here from the beginning) which made that only 96 random bits were used for IV generation, this caused eg that the last 4 bytes of the IV in ESP/AES-CBC were constant, leaking kernel memory affects FAST_IPSEC only
|
#
1.30 |
|
05-May-2011 |
drochner |
support camellia-cbc by swcrypt
|
Revision tags: bouyer-quota2-nbase
|
#
1.29 |
|
25-Feb-2011 |
drochner |
make the use of SHA2-HMAC by FAST_IPSEC compliant to current standards: -RFC2104 says that the block size of the hash algorithm must be used for key/ipad/opad calculations. While formerly all ciphers used a block length of 64, SHA384 and SHA512 use 128 bytes. So we can't use the HMAC_BLOCK_LEN constant anymore. Add a new field to "struct auth_hash" for the per-cipher blocksize. -Due to this, there can't be a single "CRYPTO_SHA2_HMAC" external name anymore. Replace this by 3 for the 3 different keysizes. This was done by Open/FreeBSD before. -Also fix the number of authenticator bits used tor ESP and AH to conform to RFC4868, and remove uses of AH_HMAC_HASHLEN which did assume a fixed authenticator size of 12 bytes.
FAST_IPSEC will not interoperate with KAME IPSEC anymore if sha2 is used, because the latter doesn't implement these standards. It should interoperate with at least modern Free/OpenBSD now. (I've only tested with NetBSD-current/FAST_IPSEC on both ends.)
|
#
1.28 |
|
24-Feb-2011 |
drochner |
small modifications in dealing with the unknown result size of compression/ decompression: -seperate the IPCOMP specific rule that compression must not grow the data from general compression semantics: Introduce a special name CRYPTO_DEFLATE_COMP_NOGROW/comp_algo_deflate_nogrow to describe the IPCOMP semantics and use it there. (being here, fix the check so that equal size is considered failure as well as required by RFC2393) Customers of CRYPTO_DEFLATE_COMP/comp_algo_deflate now always get deflated data back, even if they are not smaller than the original. -allow to pass a "size hint" to the DEFLATE decompression function which is used for the initial buffer allocation. Due to the changes done there, additional allocations and extra copies are avoided if the initial allocation is sufficient. Set the size hint to MCLBYTES (=2k) in IPCOMP which should be good for many use cases.
|
Revision tags: bouyer-quota2-base
|
#
1.27 |
|
10-Feb-2011 |
drochner |
Don't store temporary values in the opencrypto session data struct which can be shared by multiple threads -- pass them on the stack instead. Add some "const" to document this. (One _could_ use the session struct for temporary stuff with proper locking, but it seems unnecessary here.) Also remove the unused SW_crc member in the session struct. From Wolfgang Stukenbrock per PR kern/44472.
|
Revision tags: jruoho-x86intr-base matt-mips64-premerge-20101231 uebayasi-xip-base4 uebayasi-xip-base3 yamt-nfs-mp-base11 uebayasi-xip-base2 yamt-nfs-mp-base10
|
#
1.26 |
|
02-Aug-2010 |
jakllsch |
branches: 1.26.2; 1.26.4; Consistently use a single CRYPTO_SESID2HID-like macro. Improve CRYPTO_DEBUG printing a bit: print pointers with %p print unsigned with %u rather than %d use CRYPTO_SESID2LID instead of just casting to uint32_t
|
Revision tags: uebayasi-xip-base1 yamt-nfs-mp-base9 uebayasi-xip-base matt-premerge-20091211 yamt-nfs-mp-base8 yamt-nfs-mp-base7 jymxensuspend-base yamt-nfs-mp-base6 yamt-nfs-mp-base5 yamt-nfs-mp-base4 jym-xensuspend-nbase yamt-nfs-mp-base3 nick-hppapmap-base4 nick-hppapmap-base3 jym-xensuspend-base nick-hppapmap-base
|
#
1.25 |
|
18-Apr-2009 |
tsutsui |
branches: 1.25.2; 1.25.4; Remove extra whitespace added by a stupid tool. XXX: more in src/sys/arch
|
#
1.24 |
|
25-Mar-2009 |
darran |
Fixes PR kern/41069 and PR kern/41070.
Extends the Opencrypto API to allow the destination buffer size to be specified when its not the same size as the input buffer (i.e. for operations like compress and decompress). The crypto_op and crypt_n_op structures gain a u_int dst_len field. The session_op structure gains a comp_alg field to specify a compression algorithm. Moved four ioctls to new ids; CIOCGSESSION, CIOCNGSESSION, CIOCCRYPT, and CIOCNCRYPTM. Added four backward compatible ioctls; OCIOCGSESSION, OCIOCNGSESSION, OCIOCCRYPT, and OCIOCNCRYPTM.
Backward compatibility is maintained in ocryptodev.h and ocryptodev.c which implement the original ioctls and set dst_len and comp_alg to 0.
Adds user-space access to compression features.
Adds software gzip support (CRYPTO_GZIP_COMP).
Adds the fast version of crc32 from zlib to libkern. This should be generally useful and provide a place to start normalizing the various crc32 routines in the kernel. The crc32 routine is used in this patch to support GZIP.
With input and support from tls@NetBSD.org.
|
#
1.23 |
|
18-Mar-2009 |
cegger |
bcopy -> memcpy
|
#
1.22 |
|
18-Mar-2009 |
cegger |
bzero -> memset
|
Revision tags: nick-hppapmap-base2 mjf-devfs2-base
|
#
1.21 |
|
17-Dec-2008 |
cegger |
branches: 1.21.2; kill MALLOC and FREE macros.
|
Revision tags: matt-nb5-mips64-premerge-20101231 matt-nb5-mips64-k15 netbsd-5-0-2-RELEASE matt-nb5-mips64-premerge-20091211 matt-nb5-mips64-u2-k2-k4-k7-k8-k9 matt-nb4-mips64-k7-u2a-k9b matt-nb5-mips64-u1-k1-k5 netbsd-5-0-1-RELEASE netbsd-5-0-RELEASE netbsd-5-0-RC4 netbsd-5-0-RC3 netbsd-5-0-RC2 netbsd-5-0-RC1 haad-dm-base2 haad-nbase2 ad-audiomp2-base netbsd-5-base matt-mips64-base2 haad-dm-base1 wrstuden-revivesa-base-4 wrstuden-revivesa-base-3 wrstuden-revivesa-base-2 haad-dm-base wrstuden-revivesa-base-1 simonb-wapbl-nbase yamt-pf42-base4 simonb-wapbl-base yamt-pf42-base3 hpcarm-cleanup-nbase yamt-pf42-baseX yamt-pf42-base2 yamt-nfs-mp-base2 wrstuden-revivesa-base yamt-nfs-mp-base yamt-pf42-base ad-socklock-base1 yamt-lazymbuf-base15 yamt-lazymbuf-base14 keiichi-mipv6-nbase nick-net80211-sync-base keiichi-mipv6-base matt-armv6-nbase mjf-devfs-base hpcarm-cleanup-base
|
#
1.20 |
|
04-Feb-2008 |
tls |
branches: 1.20.6; 1.20.10; 1.20.18; 1.20.20; 1.20.26; Rework opencrypto to use a spin mutex (crypto_mtx) instead of "splcrypto" (actually splnet) and condvars instead of tsleep/wakeup. Fix a few miscellaneous problems and add some debugging printfs while there.
Restore set of CRYPTO_F_DONE in crypto_done() which was lost at some point after this code came from FreeBSD -- it made it impossible to wait properly for a condition.
Add flags analogous to the "crp" flags to the key operation's krp struct. Add a new flag, CRYPTO_F_ONRETQ which tells us a request finished before the kthread had a chance to dequeue it and call its callback -- this was letting requests stick on the queues before even though done and copied out.
Callers of crypto_newsession() or crypto_freesession() must now take the mutex. Change netipsec to do so. Dispatch takes the mutex itself as needed.
This was tested fairly extensively with the cryptosoft backend and lightly with a new hardware driver. It has not been tested with FAST_IPSEC; I am unable to ascertain whether FAST_IPSEC currently works at all in our tree.
pjd@FreeBSD.ORG, ad@NetBSD.ORG, and darran@snark.us pointed me in the right direction several times in the course of this. Remaining bugs are mine alone.
|
#
1.19 |
|
02-Feb-2008 |
tls |
Add CRYPTO_*_HMAC_96 defines -- missed this file in previous commit.
|
#
1.18 |
|
01-Feb-2008 |
tls |
This code never worked on a released version of FreeBSD in the form it's been in in our tree, and certainly does not work on any version of FreeBSD now. Run through unifdef -D__NetBSD__ -U__FreeBSD__ yielding a small reduction of size and a dramatic improvement in readability.
No, this does not yield any meaningful decrease in patchability (unlike mechanical changes that touch live source lines) -- try it and see.
|
Revision tags: nick-csl-alignment-base5 bouyer-xeni386-merge1 matt-armv6-prevmlocking vmlocking2-base3 bouyer-xeni386-nbase yamt-kmem-base3 cube-autoconf-base yamt-kmem-base2 bouyer-xeni386-base yamt-kmem-base vmlocking2-base2 reinoud-bufcleanup-nbase vmlocking2-base1 jmcneill-base bouyer-xenamd64-base2 vmlocking-nbase yamt-x86pmap-base4 bouyer-xenamd64-base yamt-x86pmap-base3 yamt-x86pmap-base2 yamt-x86pmap-base matt-armv6-base matt-mips64-base jmcneill-pm-base nick-csl-alignment-base yamt-idlelwp-base8 thorpej-atomic-base reinoud-bufcleanup-base mjf-ufs-trans-base vmlocking-base
|
#
1.17 |
|
04-Mar-2007 |
christos |
branches: 1.17.16; 1.17.22; Kill caddr_t; there will be some MI fallout, but it will be fixed shortly.
|
Revision tags: ad-audiomp-base
|
#
1.16 |
|
17-Feb-2007 |
daniel |
branches: 1.16.2; Add an opencrypto provider for the AES xcrypt instructions found on VIA C5P and later cores (also known as 'ACE', which is part of the VIA PadLock security engine). Ported from OpenBSD.
Reviewed on tech-crypto and port-i386, no objections to commiting this.
|
Revision tags: netbsd-4-0-1-RELEASE wrstuden-fixsa-newbase wrstuden-fixsa-base-1 netbsd-4-0-RELEASE netbsd-4-0-RC5 matt-nb4-arm-base netbsd-4-0-RC4 netbsd-4-0-RC3 netbsd-4-0-RC2 netbsd-4-0-RC1 wrstuden-fixsa-base post-newlock2-merge newlock2-nbase yamt-splraiseipl-base5 yamt-splraiseipl-base4 yamt-splraiseipl-base3 newlock2-base netbsd-4-base
|
#
1.15 |
|
16-Nov-2006 |
christos |
__unused removal on arguments; approved by core.
|
Revision tags: yamt-splraiseipl-base2
|
#
1.14 |
|
12-Oct-2006 |
christos |
- sprinkle __unused on function decls. - fix a couple of unused bugs - no more -Wno-unused for i386
|
Revision tags: abandoned-netbsd-4-base yamt-splraiseipl-base yamt-pdpolicy-base9 yamt-pdpolicy-base8 yamt-pdpolicy-base7 yamt-pdpolicy-base6 chap-midi-nbase gdamore-uart-base yamt-pdpolicy-base5 chap-midi-base yamt-pdpolicy-base4 elad-kernelauth-base simonb-timecounters-base rpaulo-netinet-merge-pcb-base
|
#
1.13 |
|
02-Apr-2006 |
dsl |
branches: 1.13.8; 1.13.10; malloc data the size the pointer points to, not the size of a pointer. Maybe we get away with this (at least on 32bit archs) because the structure is 24 bytes and I bet the minimum allocation size is 32. Fixed coverty CIDs 2732 and 2733
|
Revision tags: yamt-pdpolicy-base3
|
#
1.12 |
|
17-Mar-2006 |
christos |
don't use MALLOC with a non-constant size; use malloc instead.
|
Revision tags: peter-altq-base yamt-pdpolicy-base2 yamt-pdpolicy-base yamt-uio_vmspace-base5 yamt-readahead-base3 ktrace-lwp-base
|
#
1.11 |
|
25-Nov-2005 |
thorpej |
branches: 1.11.4; 1.11.6; 1.11.8; 1.11.10; 1.11.12; swcr -> swcrypto
|
#
1.10 |
|
25-Nov-2005 |
thorpej |
- De-couple the software crypto implementation from the rest of the framework. There is no need to waste the space if you are only using algoritms provided by hardware accelerators. To get the software implementations, add "pseudo-device swcr" to your kernel config. - Lazily initialize the opencrypto framework when crypto drivers (either hardware or swcr) register themselves with the framework.
|
Revision tags: netbsd-3-1-1-RELEASE netbsd-3-0-3-RELEASE netbsd-3-1-RELEASE netbsd-3-0-2-RELEASE netbsd-3-1-RC4 netbsd-3-1-RC3 netbsd-3-1-RC2 netbsd-3-1-RC1 netbsd-3-0-1-RELEASE netbsd-3-0-RELEASE netbsd-3-0-RC6 netbsd-3-0-RC5 netbsd-3-0-RC4 netbsd-3-0-RC3 yamt-readahead-base2 netbsd-3-0-RC2 yamt-readahead-pervnode yamt-readahead-perfile yamt-readahead-base netbsd-3-0-RC1 yamt-vop-base3 yamt-vop-base2 thorpej-vnode-attr-base yamt-vop-base yamt-km-base4 yamt-km-base3 netbsd-3-base kent-audio2-base
|
#
1.9 |
|
26-Feb-2005 |
perry |
branches: 1.9.4; 1.9.10; nuke trailing whitespace
|
Revision tags: netbsd-2-0-3-RELEASE netbsd-2-1-RELEASE netbsd-2-1-RC6 netbsd-2-1-RC5 netbsd-2-1-RC4 netbsd-2-1-RC3 netbsd-2-1-RC2 netbsd-2-1-RC1 netbsd-2-0-2-RELEASE yamt-km-base2 yamt-km-base netbsd-2-0-1-RELEASE kent-audio1-beforemerge netbsd-2-base kent-audio1-base netbsd-2-0-RELEASE netbsd-2-0-RC5 netbsd-2-0-RC4 netbsd-2-0-RC3 netbsd-2-0-RC2 netbsd-2-0-RC1 netbsd-2-0-base
|
#
1.8 |
|
27-Aug-2003 |
thorpej |
branches: 1.8.4; 1.8.10; 1.8.12; Some const poisoning.
|
#
1.7 |
|
26-Aug-2003 |
thorpej |
Remove a bunch of unnecessary includes.
|
#
1.6 |
|
25-Aug-2003 |
thorpej |
It's bad form to use the <opencrypto/rmd160.h> header file while using the crypto/ripemd160/rmd160.c implementation. Remove the opencrypto-local copies of these files entirely.
|
#
1.5 |
|
30-Jul-2003 |
jonathan |
Garbage-collect references to OpenBSD-only <dev/rndvar.h>.
|
#
1.4 |
|
28-Jul-2003 |
jonathan |
Remove vestiges of OpenBSD <sys/md5k.h> header.
|
#
1.3 |
|
27-Jul-2003 |
jonathan |
Cleanup traces of previous standalone m_apply()/m_getptr().
|
#
1.2 |
|
26-Jul-2003 |
jonathan |
Fix authentication hashes requested via /dev/crypto. The handler for userland hashes case was partly omitted in the OpenBSD -> FreeBSD port.
|
#
1.1 |
|
25-Jul-2003 |
jonathan |
Commit initial NetBSD port of the OpenCrypto Framework (OCF). This code is derived from Sam Leffler's FreeBSD port of OCF, which is in turn a port of Angelos Keromytis's OpenBSD work. Credit to Sam and Angelos, any blame for the NetBSD port to me.
|
#
1.52 |
|
23-Jun-2017 |
knakahara |
fix cryptosoft.c:r1.51 mistake. swcrypto_attach() must not be called from module_init_class().
swcrypto_attach() will call softint_establish(), it must be called after cpus attached. module_init_class() is too early to call softint_establish().
|
Revision tags: netbsd-8-base
|
#
1.51 |
|
01-Jun-2017 |
knakahara |
swcrypto0 was initialized twice. Fix like pseudo network interfaces.
ok by pgoyette@n.o.
|
Revision tags: prg-localcount2-base3
|
#
1.50 |
|
17-May-2017 |
knakahara |
opencrypto: cleanup debug messages.
|
Revision tags: prg-localcount2-base2 prg-localcount2-base1 prg-localcount2-base pgoyette-localcount-20170426 bouyer-socketcan-base1
|
#
1.49 |
|
18-Apr-2017 |
maya |
branches: 1.49.2; Remove duplicate assignment. We assign the same value unconditionally just before.
from clang static analyzer
XXX surrounding code seems fishy
|
#
1.48 |
|
13-Apr-2017 |
ozaki-r |
Fix usage of MD5Final/SHA1Final
Passing NULL as the digest parameter is wrong.
|
Revision tags: jdolecek-ncq-base pgoyette-localcount-20170320 nick-nhusb-base-20170204 bouyer-socketcan-base pgoyette-localcount-20170107 nick-nhusb-base-20161204 pgoyette-localcount-20161104 nick-nhusb-base-20161004 localcount-20160914 pgoyette-localcount-20160806 pgoyette-localcount-20160726 pgoyette-localcount-base nick-nhusb-base-20160907 nick-nhusb-base-20160529 nick-nhusb-base-20160422 nick-nhusb-base-20160319 nick-nhusb-base-20151226 nick-nhusb-base-20150921
|
#
1.47 |
|
20-Aug-2015 |
christos |
branches: 1.47.2; 1.47.4; include "ioconf.h" to get the 'void <driver>attach(int count);' prototype.
|
Revision tags: netbsd-7-1-RELEASE netbsd-7-1-RC2 netbsd-7-nhusb-base-20170116 netbsd-7-1-RC1 netbsd-7-0-2-RELEASE netbsd-7-nhusb-base netbsd-7-0-1-RELEASE netbsd-7-0-RELEASE netbsd-7-0-RC3 netbsd-7-0-RC2 netbsd-7-0-RC1 nick-nhusb-base-20150606 nick-nhusb-base-20150406 nick-nhusb-base netbsd-7-base tls-earlyentropy-base tls-maxphys-base
|
#
1.46 |
|
02-Jul-2014 |
riastradh |
branches: 1.46.4; If we register with pmf on attach, deregister on detach.
|
#
1.45 |
|
21-Jun-2014 |
christos |
register with pmf.
|
Revision tags: yamt-pagecache-base9 riastradh-xf86-video-intel-2-7-1-pre-2-21-15 riastradh-drm2-base3 rmind-smpnet-nbase rmind-smpnet-base
|
#
1.44 |
|
01-Jan-2014 |
pgoyette |
branches: 1.44.2; Modularize the opencrypto components and link to the build
|
#
1.43 |
|
12-Sep-2013 |
martin |
Remove unused variable
|
Revision tags: riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base
|
#
1.42 |
|
24-Jun-2013 |
riastradh |
branches: 1.42.2; Replace consttime_bcmp/explicit_bzero by consttime_memequal/explicit_memset.
consttime_memequal is the same as the old consttime_bcmp. explicit_memset is to memset as explicit_bzero was to bcmp.
Passes amd64 release and i386/ALL, but I'm sure I missed some spots, so please let me know.
|
Revision tags: agc-symver-base
|
#
1.41 |
|
02-Feb-2013 |
christos |
fix compilation
|
Revision tags: yamt-pagecache-base8 yamt-pagecache-base7 yamt-pagecache-base6
|
#
1.40 |
|
30-Aug-2012 |
drochner |
branches: 1.40.2; Add "consttime_bcmp" and "explicit_bzero" functions for both kernel abd userland, as proposed on tech-security, with explicit_bzero using a volatile function pointer as suggested by Alan Barrett. Both do what the name says. For userland, both are prefixed by "__" to keep them out of the user namespace. Change some memset/memcmp uses to the new functions where it makes sense -- these are just some examples, more to come.
|
Revision tags: netbsd-6-0-6-RELEASE netbsd-6-1-5-RELEASE netbsd-6-1-4-RELEASE netbsd-6-0-5-RELEASE netbsd-6-1-3-RELEASE netbsd-6-0-4-RELEASE netbsd-6-1-2-RELEASE netbsd-6-0-3-RELEASE netbsd-6-1-1-RELEASE netbsd-6-0-2-RELEASE netbsd-6-1-RELEASE netbsd-6-1-RC4 netbsd-6-1-RC3 netbsd-6-1-RC2 netbsd-6-1-RC1 netbsd-6-0-1-RELEASE matt-nb6-plus-nbase netbsd-6-0-RELEASE netbsd-6-0-RC2 matt-nb6-plus-base netbsd-6-0-RC1 jmcneill-usbmp-base10 yamt-pagecache-base5 jmcneill-usbmp-base9 yamt-pagecache-base4 jmcneill-usbmp-base8 jmcneill-usbmp-base7 jmcneill-usbmp-base6 jmcneill-usbmp-base5 jmcneill-usbmp-base4 jmcneill-usbmp-base3 jmcneill-usbmp-pre-base2 jmcneill-usbmp-base2 netbsd-6-base jmcneill-usbmp-base
|
#
1.39 |
|
28-Nov-2011 |
tls |
Remove arc4random() and arc4randbytes() from the kernel API. Replace arc4random() hacks in rump with stubs that call the host arc4random() to get numbers that are hopefully actually random (arc4random() keyed with stack junk is not). This should fix some of the currently failing anita tests -- we should no longer generate duplicate "random" MAC addresses in the test environment.
|
Revision tags: jmcneill-audiomp3-base yamt-pagecache-base3 yamt-pagecache-base2 yamt-pagecache-base rmind-uvmplock-nbase rmind-uvmplock-base
|
#
1.38 |
|
07-Jun-2011 |
drochner |
branches: 1.38.2; use a simple counter as IV for AES-GMAC as suggested in RFC4543
|
Revision tags: cherry-xenmp-base
|
#
1.37 |
|
26-May-2011 |
drochner |
branches: 1.37.2; pull in AES-GCM/GMAC support from OpenBSD This is still somewhat experimental. Tested between 2 similar boxes so far. There is much potential for performance improvement. For now, I've changed the gmac code to accept any data alignment, as the "char *" pointer suggests. As the code is practically used, 32-bit alignment can be assumed, at the cost of data copies. I don't know whether bytewise access or copies are worse performance-wise. For efficient implementations using SSE2 instructions on x86, even stricter alignment requirements might arise.
|
#
1.36 |
|
24-May-2011 |
drochner |
copy AES-XCBC-MAC support from KAME IPSEC to FAST_IPSEC For this to fit, an API change in cryptosoft was adopted from OpenBSD (addition of a "Setkey" method to hashes) which was done for GCM/GMAC support there, so it might be useful in the future anyway. tested against KAME IPSEC AFAICT, FAST_IPSEC now supports as much as KAME.
|
#
1.35 |
|
24-May-2011 |
drochner |
move the "context size" struct member (which is a pure software implementation thing) from the abstract xform descriptor to the cryptosoft implementation part -- for sanity, and now clients of opencrypto don't depend on headers of cipher implementations anymore
|
#
1.34 |
|
24-May-2011 |
drochner |
Change the way the IV is generated for AES-CTR: use a simple counter instead of arc4random(). AES-CTR is sensitive against IV recurrence (with the same key / nonce), and a random number doesn't give that guarantee. This needs a little API change in cryptosoft -- I've suggested it to Open/FreeBSD, might change it depending on feedback. Thanks to Steven Bellovin for hints.
|
#
1.33 |
|
23-May-2011 |
drochner |
add an AES-CTR xform, from OpenBSD
|
#
1.32 |
|
23-May-2011 |
drochner |
-in the descriptor for encryption xforms, split the "blocksize" field into "blocksize" and "IV size" -add an "reinit" function pointer which, if set, means that the xform does its IV handling itself and doesn't want the default CBC handling by the framework (poor name, but left that way to avoid unecessary differences) This syncs with Open/FreeBSD, purpose is to allow non-CBC transforms. Refer to ivsize instead of blocksize where appropriate. (At this point, blocksize and ivsize are identical.)
|
#
1.31 |
|
21-May-2011 |
drochner |
fix a logics bug (which has been here from the beginning) which made that only 96 random bits were used for IV generation, this caused eg that the last 4 bytes of the IV in ESP/AES-CBC were constant, leaking kernel memory affects FAST_IPSEC only
|
#
1.30 |
|
05-May-2011 |
drochner |
support camellia-cbc by swcrypt
|
Revision tags: bouyer-quota2-nbase
|
#
1.29 |
|
25-Feb-2011 |
drochner |
make the use of SHA2-HMAC by FAST_IPSEC compliant to current standards: -RFC2104 says that the block size of the hash algorithm must be used for key/ipad/opad calculations. While formerly all ciphers used a block length of 64, SHA384 and SHA512 use 128 bytes. So we can't use the HMAC_BLOCK_LEN constant anymore. Add a new field to "struct auth_hash" for the per-cipher blocksize. -Due to this, there can't be a single "CRYPTO_SHA2_HMAC" external name anymore. Replace this by 3 for the 3 different keysizes. This was done by Open/FreeBSD before. -Also fix the number of authenticator bits used tor ESP and AH to conform to RFC4868, and remove uses of AH_HMAC_HASHLEN which did assume a fixed authenticator size of 12 bytes.
FAST_IPSEC will not interoperate with KAME IPSEC anymore if sha2 is used, because the latter doesn't implement these standards. It should interoperate with at least modern Free/OpenBSD now. (I've only tested with NetBSD-current/FAST_IPSEC on both ends.)
|
#
1.28 |
|
24-Feb-2011 |
drochner |
small modifications in dealing with the unknown result size of compression/ decompression: -seperate the IPCOMP specific rule that compression must not grow the data from general compression semantics: Introduce a special name CRYPTO_DEFLATE_COMP_NOGROW/comp_algo_deflate_nogrow to describe the IPCOMP semantics and use it there. (being here, fix the check so that equal size is considered failure as well as required by RFC2393) Customers of CRYPTO_DEFLATE_COMP/comp_algo_deflate now always get deflated data back, even if they are not smaller than the original. -allow to pass a "size hint" to the DEFLATE decompression function which is used for the initial buffer allocation. Due to the changes done there, additional allocations and extra copies are avoided if the initial allocation is sufficient. Set the size hint to MCLBYTES (=2k) in IPCOMP which should be good for many use cases.
|
Revision tags: bouyer-quota2-base
|
#
1.27 |
|
10-Feb-2011 |
drochner |
Don't store temporary values in the opencrypto session data struct which can be shared by multiple threads -- pass them on the stack instead. Add some "const" to document this. (One _could_ use the session struct for temporary stuff with proper locking, but it seems unnecessary here.) Also remove the unused SW_crc member in the session struct. From Wolfgang Stukenbrock per PR kern/44472.
|
Revision tags: jruoho-x86intr-base matt-mips64-premerge-20101231 uebayasi-xip-base4 uebayasi-xip-base3 yamt-nfs-mp-base11 uebayasi-xip-base2 yamt-nfs-mp-base10
|
#
1.26 |
|
02-Aug-2010 |
jakllsch |
branches: 1.26.2; 1.26.4; Consistently use a single CRYPTO_SESID2HID-like macro. Improve CRYPTO_DEBUG printing a bit: print pointers with %p print unsigned with %u rather than %d use CRYPTO_SESID2LID instead of just casting to uint32_t
|
Revision tags: uebayasi-xip-base1 yamt-nfs-mp-base9 uebayasi-xip-base matt-premerge-20091211 yamt-nfs-mp-base8 yamt-nfs-mp-base7 jymxensuspend-base yamt-nfs-mp-base6 yamt-nfs-mp-base5 yamt-nfs-mp-base4 jym-xensuspend-nbase yamt-nfs-mp-base3 nick-hppapmap-base4 nick-hppapmap-base3 jym-xensuspend-base nick-hppapmap-base
|
#
1.25 |
|
18-Apr-2009 |
tsutsui |
branches: 1.25.2; 1.25.4; Remove extra whitespace added by a stupid tool. XXX: more in src/sys/arch
|
#
1.24 |
|
25-Mar-2009 |
darran |
Fixes PR kern/41069 and PR kern/41070.
Extends the Opencrypto API to allow the destination buffer size to be specified when its not the same size as the input buffer (i.e. for operations like compress and decompress). The crypto_op and crypt_n_op structures gain a u_int dst_len field. The session_op structure gains a comp_alg field to specify a compression algorithm. Moved four ioctls to new ids; CIOCGSESSION, CIOCNGSESSION, CIOCCRYPT, and CIOCNCRYPTM. Added four backward compatible ioctls; OCIOCGSESSION, OCIOCNGSESSION, OCIOCCRYPT, and OCIOCNCRYPTM.
Backward compatibility is maintained in ocryptodev.h and ocryptodev.c which implement the original ioctls and set dst_len and comp_alg to 0.
Adds user-space access to compression features.
Adds software gzip support (CRYPTO_GZIP_COMP).
Adds the fast version of crc32 from zlib to libkern. This should be generally useful and provide a place to start normalizing the various crc32 routines in the kernel. The crc32 routine is used in this patch to support GZIP.
With input and support from tls@NetBSD.org.
|
#
1.23 |
|
18-Mar-2009 |
cegger |
bcopy -> memcpy
|
#
1.22 |
|
18-Mar-2009 |
cegger |
bzero -> memset
|
Revision tags: nick-hppapmap-base2 mjf-devfs2-base
|
#
1.21 |
|
17-Dec-2008 |
cegger |
branches: 1.21.2; kill MALLOC and FREE macros.
|
Revision tags: matt-nb5-mips64-premerge-20101231 matt-nb5-mips64-k15 netbsd-5-0-2-RELEASE matt-nb5-mips64-premerge-20091211 matt-nb5-mips64-u2-k2-k4-k7-k8-k9 matt-nb4-mips64-k7-u2a-k9b matt-nb5-mips64-u1-k1-k5 netbsd-5-0-1-RELEASE netbsd-5-0-RELEASE netbsd-5-0-RC4 netbsd-5-0-RC3 netbsd-5-0-RC2 netbsd-5-0-RC1 haad-dm-base2 haad-nbase2 ad-audiomp2-base netbsd-5-base matt-mips64-base2 haad-dm-base1 wrstuden-revivesa-base-4 wrstuden-revivesa-base-3 wrstuden-revivesa-base-2 haad-dm-base wrstuden-revivesa-base-1 simonb-wapbl-nbase yamt-pf42-base4 simonb-wapbl-base yamt-pf42-base3 hpcarm-cleanup-nbase yamt-pf42-baseX yamt-pf42-base2 yamt-nfs-mp-base2 wrstuden-revivesa-base yamt-nfs-mp-base yamt-pf42-base ad-socklock-base1 yamt-lazymbuf-base15 yamt-lazymbuf-base14 keiichi-mipv6-nbase nick-net80211-sync-base keiichi-mipv6-base matt-armv6-nbase mjf-devfs-base hpcarm-cleanup-base
|
#
1.20 |
|
04-Feb-2008 |
tls |
branches: 1.20.6; 1.20.10; 1.20.18; 1.20.20; 1.20.26; Rework opencrypto to use a spin mutex (crypto_mtx) instead of "splcrypto" (actually splnet) and condvars instead of tsleep/wakeup. Fix a few miscellaneous problems and add some debugging printfs while there.
Restore set of CRYPTO_F_DONE in crypto_done() which was lost at some point after this code came from FreeBSD -- it made it impossible to wait properly for a condition.
Add flags analogous to the "crp" flags to the key operation's krp struct. Add a new flag, CRYPTO_F_ONRETQ which tells us a request finished before the kthread had a chance to dequeue it and call its callback -- this was letting requests stick on the queues before even though done and copied out.
Callers of crypto_newsession() or crypto_freesession() must now take the mutex. Change netipsec to do so. Dispatch takes the mutex itself as needed.
This was tested fairly extensively with the cryptosoft backend and lightly with a new hardware driver. It has not been tested with FAST_IPSEC; I am unable to ascertain whether FAST_IPSEC currently works at all in our tree.
pjd@FreeBSD.ORG, ad@NetBSD.ORG, and darran@snark.us pointed me in the right direction several times in the course of this. Remaining bugs are mine alone.
|
#
1.19 |
|
02-Feb-2008 |
tls |
Add CRYPTO_*_HMAC_96 defines -- missed this file in previous commit.
|
#
1.18 |
|
01-Feb-2008 |
tls |
This code never worked on a released version of FreeBSD in the form it's been in in our tree, and certainly does not work on any version of FreeBSD now. Run through unifdef -D__NetBSD__ -U__FreeBSD__ yielding a small reduction of size and a dramatic improvement in readability.
No, this does not yield any meaningful decrease in patchability (unlike mechanical changes that touch live source lines) -- try it and see.
|
Revision tags: nick-csl-alignment-base5 bouyer-xeni386-merge1 matt-armv6-prevmlocking vmlocking2-base3 bouyer-xeni386-nbase yamt-kmem-base3 cube-autoconf-base yamt-kmem-base2 bouyer-xeni386-base yamt-kmem-base vmlocking2-base2 reinoud-bufcleanup-nbase vmlocking2-base1 jmcneill-base bouyer-xenamd64-base2 vmlocking-nbase yamt-x86pmap-base4 bouyer-xenamd64-base yamt-x86pmap-base3 yamt-x86pmap-base2 yamt-x86pmap-base matt-armv6-base matt-mips64-base jmcneill-pm-base nick-csl-alignment-base yamt-idlelwp-base8 thorpej-atomic-base reinoud-bufcleanup-base mjf-ufs-trans-base vmlocking-base
|
#
1.17 |
|
04-Mar-2007 |
christos |
branches: 1.17.16; 1.17.22; Kill caddr_t; there will be some MI fallout, but it will be fixed shortly.
|
Revision tags: ad-audiomp-base
|
#
1.16 |
|
17-Feb-2007 |
daniel |
branches: 1.16.2; Add an opencrypto provider for the AES xcrypt instructions found on VIA C5P and later cores (also known as 'ACE', which is part of the VIA PadLock security engine). Ported from OpenBSD.
Reviewed on tech-crypto and port-i386, no objections to commiting this.
|
Revision tags: netbsd-4-0-1-RELEASE wrstuden-fixsa-newbase wrstuden-fixsa-base-1 netbsd-4-0-RELEASE netbsd-4-0-RC5 matt-nb4-arm-base netbsd-4-0-RC4 netbsd-4-0-RC3 netbsd-4-0-RC2 netbsd-4-0-RC1 wrstuden-fixsa-base post-newlock2-merge newlock2-nbase yamt-splraiseipl-base5 yamt-splraiseipl-base4 yamt-splraiseipl-base3 newlock2-base netbsd-4-base
|
#
1.15 |
|
16-Nov-2006 |
christos |
__unused removal on arguments; approved by core.
|
Revision tags: yamt-splraiseipl-base2
|
#
1.14 |
|
12-Oct-2006 |
christos |
- sprinkle __unused on function decls. - fix a couple of unused bugs - no more -Wno-unused for i386
|
Revision tags: abandoned-netbsd-4-base yamt-splraiseipl-base yamt-pdpolicy-base9 yamt-pdpolicy-base8 yamt-pdpolicy-base7 yamt-pdpolicy-base6 chap-midi-nbase gdamore-uart-base yamt-pdpolicy-base5 chap-midi-base yamt-pdpolicy-base4 elad-kernelauth-base simonb-timecounters-base rpaulo-netinet-merge-pcb-base
|
#
1.13 |
|
02-Apr-2006 |
dsl |
branches: 1.13.8; 1.13.10; malloc data the size the pointer points to, not the size of a pointer. Maybe we get away with this (at least on 32bit archs) because the structure is 24 bytes and I bet the minimum allocation size is 32. Fixed coverty CIDs 2732 and 2733
|
Revision tags: yamt-pdpolicy-base3
|
#
1.12 |
|
17-Mar-2006 |
christos |
don't use MALLOC with a non-constant size; use malloc instead.
|
Revision tags: peter-altq-base yamt-pdpolicy-base2 yamt-pdpolicy-base yamt-uio_vmspace-base5 yamt-readahead-base3 ktrace-lwp-base
|
#
1.11 |
|
25-Nov-2005 |
thorpej |
branches: 1.11.4; 1.11.6; 1.11.8; 1.11.10; 1.11.12; swcr -> swcrypto
|
#
1.10 |
|
25-Nov-2005 |
thorpej |
- De-couple the software crypto implementation from the rest of the framework. There is no need to waste the space if you are only using algoritms provided by hardware accelerators. To get the software implementations, add "pseudo-device swcr" to your kernel config. - Lazily initialize the opencrypto framework when crypto drivers (either hardware or swcr) register themselves with the framework.
|
Revision tags: netbsd-3-1-1-RELEASE netbsd-3-0-3-RELEASE netbsd-3-1-RELEASE netbsd-3-0-2-RELEASE netbsd-3-1-RC4 netbsd-3-1-RC3 netbsd-3-1-RC2 netbsd-3-1-RC1 netbsd-3-0-1-RELEASE netbsd-3-0-RELEASE netbsd-3-0-RC6 netbsd-3-0-RC5 netbsd-3-0-RC4 netbsd-3-0-RC3 yamt-readahead-base2 netbsd-3-0-RC2 yamt-readahead-pervnode yamt-readahead-perfile yamt-readahead-base netbsd-3-0-RC1 yamt-vop-base3 yamt-vop-base2 thorpej-vnode-attr-base yamt-vop-base yamt-km-base4 yamt-km-base3 netbsd-3-base kent-audio2-base
|
#
1.9 |
|
26-Feb-2005 |
perry |
branches: 1.9.4; 1.9.10; nuke trailing whitespace
|
Revision tags: netbsd-2-0-3-RELEASE netbsd-2-1-RELEASE netbsd-2-1-RC6 netbsd-2-1-RC5 netbsd-2-1-RC4 netbsd-2-1-RC3 netbsd-2-1-RC2 netbsd-2-1-RC1 netbsd-2-0-2-RELEASE yamt-km-base2 yamt-km-base netbsd-2-0-1-RELEASE kent-audio1-beforemerge netbsd-2-base kent-audio1-base netbsd-2-0-RELEASE netbsd-2-0-RC5 netbsd-2-0-RC4 netbsd-2-0-RC3 netbsd-2-0-RC2 netbsd-2-0-RC1 netbsd-2-0-base
|
#
1.8 |
|
27-Aug-2003 |
thorpej |
branches: 1.8.4; 1.8.10; 1.8.12; Some const poisoning.
|
#
1.7 |
|
26-Aug-2003 |
thorpej |
Remove a bunch of unnecessary includes.
|
#
1.6 |
|
25-Aug-2003 |
thorpej |
It's bad form to use the <opencrypto/rmd160.h> header file while using the crypto/ripemd160/rmd160.c implementation. Remove the opencrypto-local copies of these files entirely.
|
#
1.5 |
|
30-Jul-2003 |
jonathan |
Garbage-collect references to OpenBSD-only <dev/rndvar.h>.
|
#
1.4 |
|
28-Jul-2003 |
jonathan |
Remove vestiges of OpenBSD <sys/md5k.h> header.
|
#
1.3 |
|
27-Jul-2003 |
jonathan |
Cleanup traces of previous standalone m_apply()/m_getptr().
|
#
1.2 |
|
26-Jul-2003 |
jonathan |
Fix authentication hashes requested via /dev/crypto. The handler for userland hashes case was partly omitted in the OpenBSD -> FreeBSD port.
|
#
1.1 |
|
25-Jul-2003 |
jonathan |
Commit initial NetBSD port of the OpenCrypto Framework (OCF). This code is derived from Sam Leffler's FreeBSD port of OCF, which is in turn a port of Angelos Keromytis's OpenBSD work. Credit to Sam and Angelos, any blame for the NetBSD port to me.
|
#
1.51 |
|
01-Jun-2017 |
knakahara |
swcrypto0 was initialized twice. Fix like pseudo network interfaces.
ok by pgoyette@n.o.
|
Revision tags: prg-localcount2-base3
|
#
1.50 |
|
17-May-2017 |
knakahara |
opencrypto: cleanup debug messages.
|
Revision tags: prg-localcount2-base2 prg-localcount2-base1 prg-localcount2-base pgoyette-localcount-20170426 bouyer-socketcan-base1
|
#
1.49 |
|
18-Apr-2017 |
maya |
branches: 1.49.2; Remove duplicate assignment. We assign the same value unconditionally just before.
from clang static analyzer
XXX surrounding code seems fishy
|
#
1.48 |
|
13-Apr-2017 |
ozaki-r |
Fix usage of MD5Final/SHA1Final
Passing NULL as the digest parameter is wrong.
|
Revision tags: jdolecek-ncq-base pgoyette-localcount-20170320 nick-nhusb-base-20170204 bouyer-socketcan-base pgoyette-localcount-20170107 nick-nhusb-base-20161204 pgoyette-localcount-20161104 nick-nhusb-base-20161004 localcount-20160914 pgoyette-localcount-20160806 pgoyette-localcount-20160726 pgoyette-localcount-base nick-nhusb-base-20160907 nick-nhusb-base-20160529 nick-nhusb-base-20160422 nick-nhusb-base-20160319 nick-nhusb-base-20151226 nick-nhusb-base-20150921
|
#
1.47 |
|
20-Aug-2015 |
christos |
branches: 1.47.2; 1.47.4; include "ioconf.h" to get the 'void <driver>attach(int count);' prototype.
|
Revision tags: netbsd-7-1-RELEASE netbsd-7-1-RC2 netbsd-7-nhusb-base-20170116 netbsd-7-1-RC1 netbsd-7-0-2-RELEASE netbsd-7-nhusb-base netbsd-7-0-1-RELEASE netbsd-7-0-RELEASE netbsd-7-0-RC3 netbsd-7-0-RC2 netbsd-7-0-RC1 nick-nhusb-base-20150606 nick-nhusb-base-20150406 nick-nhusb-base netbsd-7-base tls-earlyentropy-base tls-maxphys-base
|
#
1.46 |
|
02-Jul-2014 |
riastradh |
branches: 1.46.4; If we register with pmf on attach, deregister on detach.
|
#
1.45 |
|
21-Jun-2014 |
christos |
register with pmf.
|
Revision tags: yamt-pagecache-base9 riastradh-xf86-video-intel-2-7-1-pre-2-21-15 riastradh-drm2-base3 rmind-smpnet-nbase rmind-smpnet-base
|
#
1.44 |
|
01-Jan-2014 |
pgoyette |
branches: 1.44.2; Modularize the opencrypto components and link to the build
|
#
1.43 |
|
12-Sep-2013 |
martin |
Remove unused variable
|
Revision tags: riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base
|
#
1.42 |
|
24-Jun-2013 |
riastradh |
branches: 1.42.2; Replace consttime_bcmp/explicit_bzero by consttime_memequal/explicit_memset.
consttime_memequal is the same as the old consttime_bcmp. explicit_memset is to memset as explicit_bzero was to bcmp.
Passes amd64 release and i386/ALL, but I'm sure I missed some spots, so please let me know.
|
Revision tags: agc-symver-base
|
#
1.41 |
|
02-Feb-2013 |
christos |
fix compilation
|
Revision tags: yamt-pagecache-base8 yamt-pagecache-base7 yamt-pagecache-base6
|
#
1.40 |
|
30-Aug-2012 |
drochner |
branches: 1.40.2; Add "consttime_bcmp" and "explicit_bzero" functions for both kernel abd userland, as proposed on tech-security, with explicit_bzero using a volatile function pointer as suggested by Alan Barrett. Both do what the name says. For userland, both are prefixed by "__" to keep them out of the user namespace. Change some memset/memcmp uses to the new functions where it makes sense -- these are just some examples, more to come.
|
Revision tags: netbsd-6-0-6-RELEASE netbsd-6-1-5-RELEASE netbsd-6-1-4-RELEASE netbsd-6-0-5-RELEASE netbsd-6-1-3-RELEASE netbsd-6-0-4-RELEASE netbsd-6-1-2-RELEASE netbsd-6-0-3-RELEASE netbsd-6-1-1-RELEASE netbsd-6-0-2-RELEASE netbsd-6-1-RELEASE netbsd-6-1-RC4 netbsd-6-1-RC3 netbsd-6-1-RC2 netbsd-6-1-RC1 netbsd-6-0-1-RELEASE matt-nb6-plus-nbase netbsd-6-0-RELEASE netbsd-6-0-RC2 matt-nb6-plus-base netbsd-6-0-RC1 jmcneill-usbmp-base10 yamt-pagecache-base5 jmcneill-usbmp-base9 yamt-pagecache-base4 jmcneill-usbmp-base8 jmcneill-usbmp-base7 jmcneill-usbmp-base6 jmcneill-usbmp-base5 jmcneill-usbmp-base4 jmcneill-usbmp-base3 jmcneill-usbmp-pre-base2 jmcneill-usbmp-base2 netbsd-6-base jmcneill-usbmp-base
|
#
1.39 |
|
28-Nov-2011 |
tls |
Remove arc4random() and arc4randbytes() from the kernel API. Replace arc4random() hacks in rump with stubs that call the host arc4random() to get numbers that are hopefully actually random (arc4random() keyed with stack junk is not). This should fix some of the currently failing anita tests -- we should no longer generate duplicate "random" MAC addresses in the test environment.
|
Revision tags: jmcneill-audiomp3-base yamt-pagecache-base3 yamt-pagecache-base2 yamt-pagecache-base rmind-uvmplock-nbase rmind-uvmplock-base
|
#
1.38 |
|
07-Jun-2011 |
drochner |
branches: 1.38.2; use a simple counter as IV for AES-GMAC as suggested in RFC4543
|
Revision tags: cherry-xenmp-base
|
#
1.37 |
|
26-May-2011 |
drochner |
branches: 1.37.2; pull in AES-GCM/GMAC support from OpenBSD This is still somewhat experimental. Tested between 2 similar boxes so far. There is much potential for performance improvement. For now, I've changed the gmac code to accept any data alignment, as the "char *" pointer suggests. As the code is practically used, 32-bit alignment can be assumed, at the cost of data copies. I don't know whether bytewise access or copies are worse performance-wise. For efficient implementations using SSE2 instructions on x86, even stricter alignment requirements might arise.
|
#
1.36 |
|
24-May-2011 |
drochner |
copy AES-XCBC-MAC support from KAME IPSEC to FAST_IPSEC For this to fit, an API change in cryptosoft was adopted from OpenBSD (addition of a "Setkey" method to hashes) which was done for GCM/GMAC support there, so it might be useful in the future anyway. tested against KAME IPSEC AFAICT, FAST_IPSEC now supports as much as KAME.
|
#
1.35 |
|
24-May-2011 |
drochner |
move the "context size" struct member (which is a pure software implementation thing) from the abstract xform descriptor to the cryptosoft implementation part -- for sanity, and now clients of opencrypto don't depend on headers of cipher implementations anymore
|
#
1.34 |
|
24-May-2011 |
drochner |
Change the way the IV is generated for AES-CTR: use a simple counter instead of arc4random(). AES-CTR is sensitive against IV recurrence (with the same key / nonce), and a random number doesn't give that guarantee. This needs a little API change in cryptosoft -- I've suggested it to Open/FreeBSD, might change it depending on feedback. Thanks to Steven Bellovin for hints.
|
#
1.33 |
|
23-May-2011 |
drochner |
add an AES-CTR xform, from OpenBSD
|
#
1.32 |
|
23-May-2011 |
drochner |
-in the descriptor for encryption xforms, split the "blocksize" field into "blocksize" and "IV size" -add an "reinit" function pointer which, if set, means that the xform does its IV handling itself and doesn't want the default CBC handling by the framework (poor name, but left that way to avoid unecessary differences) This syncs with Open/FreeBSD, purpose is to allow non-CBC transforms. Refer to ivsize instead of blocksize where appropriate. (At this point, blocksize and ivsize are identical.)
|
#
1.31 |
|
21-May-2011 |
drochner |
fix a logics bug (which has been here from the beginning) which made that only 96 random bits were used for IV generation, this caused eg that the last 4 bytes of the IV in ESP/AES-CBC were constant, leaking kernel memory affects FAST_IPSEC only
|
#
1.30 |
|
05-May-2011 |
drochner |
support camellia-cbc by swcrypt
|
Revision tags: bouyer-quota2-nbase
|
#
1.29 |
|
25-Feb-2011 |
drochner |
make the use of SHA2-HMAC by FAST_IPSEC compliant to current standards: -RFC2104 says that the block size of the hash algorithm must be used for key/ipad/opad calculations. While formerly all ciphers used a block length of 64, SHA384 and SHA512 use 128 bytes. So we can't use the HMAC_BLOCK_LEN constant anymore. Add a new field to "struct auth_hash" for the per-cipher blocksize. -Due to this, there can't be a single "CRYPTO_SHA2_HMAC" external name anymore. Replace this by 3 for the 3 different keysizes. This was done by Open/FreeBSD before. -Also fix the number of authenticator bits used tor ESP and AH to conform to RFC4868, and remove uses of AH_HMAC_HASHLEN which did assume a fixed authenticator size of 12 bytes.
FAST_IPSEC will not interoperate with KAME IPSEC anymore if sha2 is used, because the latter doesn't implement these standards. It should interoperate with at least modern Free/OpenBSD now. (I've only tested with NetBSD-current/FAST_IPSEC on both ends.)
|
#
1.28 |
|
24-Feb-2011 |
drochner |
small modifications in dealing with the unknown result size of compression/ decompression: -seperate the IPCOMP specific rule that compression must not grow the data from general compression semantics: Introduce a special name CRYPTO_DEFLATE_COMP_NOGROW/comp_algo_deflate_nogrow to describe the IPCOMP semantics and use it there. (being here, fix the check so that equal size is considered failure as well as required by RFC2393) Customers of CRYPTO_DEFLATE_COMP/comp_algo_deflate now always get deflated data back, even if they are not smaller than the original. -allow to pass a "size hint" to the DEFLATE decompression function which is used for the initial buffer allocation. Due to the changes done there, additional allocations and extra copies are avoided if the initial allocation is sufficient. Set the size hint to MCLBYTES (=2k) in IPCOMP which should be good for many use cases.
|
Revision tags: bouyer-quota2-base
|
#
1.27 |
|
10-Feb-2011 |
drochner |
Don't store temporary values in the opencrypto session data struct which can be shared by multiple threads -- pass them on the stack instead. Add some "const" to document this. (One _could_ use the session struct for temporary stuff with proper locking, but it seems unnecessary here.) Also remove the unused SW_crc member in the session struct. From Wolfgang Stukenbrock per PR kern/44472.
|
Revision tags: jruoho-x86intr-base matt-mips64-premerge-20101231 uebayasi-xip-base4 uebayasi-xip-base3 yamt-nfs-mp-base11 uebayasi-xip-base2 yamt-nfs-mp-base10
|
#
1.26 |
|
02-Aug-2010 |
jakllsch |
branches: 1.26.2; 1.26.4; Consistently use a single CRYPTO_SESID2HID-like macro. Improve CRYPTO_DEBUG printing a bit: print pointers with %p print unsigned with %u rather than %d use CRYPTO_SESID2LID instead of just casting to uint32_t
|
Revision tags: uebayasi-xip-base1 yamt-nfs-mp-base9 uebayasi-xip-base matt-premerge-20091211 yamt-nfs-mp-base8 yamt-nfs-mp-base7 jymxensuspend-base yamt-nfs-mp-base6 yamt-nfs-mp-base5 yamt-nfs-mp-base4 jym-xensuspend-nbase yamt-nfs-mp-base3 nick-hppapmap-base4 nick-hppapmap-base3 jym-xensuspend-base nick-hppapmap-base
|
#
1.25 |
|
18-Apr-2009 |
tsutsui |
branches: 1.25.2; 1.25.4; Remove extra whitespace added by a stupid tool. XXX: more in src/sys/arch
|
#
1.24 |
|
25-Mar-2009 |
darran |
Fixes PR kern/41069 and PR kern/41070.
Extends the Opencrypto API to allow the destination buffer size to be specified when its not the same size as the input buffer (i.e. for operations like compress and decompress). The crypto_op and crypt_n_op structures gain a u_int dst_len field. The session_op structure gains a comp_alg field to specify a compression algorithm. Moved four ioctls to new ids; CIOCGSESSION, CIOCNGSESSION, CIOCCRYPT, and CIOCNCRYPTM. Added four backward compatible ioctls; OCIOCGSESSION, OCIOCNGSESSION, OCIOCCRYPT, and OCIOCNCRYPTM.
Backward compatibility is maintained in ocryptodev.h and ocryptodev.c which implement the original ioctls and set dst_len and comp_alg to 0.
Adds user-space access to compression features.
Adds software gzip support (CRYPTO_GZIP_COMP).
Adds the fast version of crc32 from zlib to libkern. This should be generally useful and provide a place to start normalizing the various crc32 routines in the kernel. The crc32 routine is used in this patch to support GZIP.
With input and support from tls@NetBSD.org.
|
#
1.23 |
|
18-Mar-2009 |
cegger |
bcopy -> memcpy
|
#
1.22 |
|
18-Mar-2009 |
cegger |
bzero -> memset
|
Revision tags: nick-hppapmap-base2 mjf-devfs2-base
|
#
1.21 |
|
17-Dec-2008 |
cegger |
branches: 1.21.2; kill MALLOC and FREE macros.
|
Revision tags: matt-nb5-mips64-premerge-20101231 matt-nb5-mips64-k15 netbsd-5-0-2-RELEASE matt-nb5-mips64-premerge-20091211 matt-nb5-mips64-u2-k2-k4-k7-k8-k9 matt-nb4-mips64-k7-u2a-k9b matt-nb5-mips64-u1-k1-k5 netbsd-5-0-1-RELEASE netbsd-5-0-RELEASE netbsd-5-0-RC4 netbsd-5-0-RC3 netbsd-5-0-RC2 netbsd-5-0-RC1 haad-dm-base2 haad-nbase2 ad-audiomp2-base netbsd-5-base matt-mips64-base2 haad-dm-base1 wrstuden-revivesa-base-4 wrstuden-revivesa-base-3 wrstuden-revivesa-base-2 haad-dm-base wrstuden-revivesa-base-1 simonb-wapbl-nbase yamt-pf42-base4 simonb-wapbl-base yamt-pf42-base3 hpcarm-cleanup-nbase yamt-pf42-baseX yamt-pf42-base2 yamt-nfs-mp-base2 wrstuden-revivesa-base yamt-nfs-mp-base yamt-pf42-base ad-socklock-base1 yamt-lazymbuf-base15 yamt-lazymbuf-base14 keiichi-mipv6-nbase nick-net80211-sync-base keiichi-mipv6-base matt-armv6-nbase mjf-devfs-base hpcarm-cleanup-base
|
#
1.20 |
|
04-Feb-2008 |
tls |
branches: 1.20.6; 1.20.10; 1.20.18; 1.20.20; 1.20.26; Rework opencrypto to use a spin mutex (crypto_mtx) instead of "splcrypto" (actually splnet) and condvars instead of tsleep/wakeup. Fix a few miscellaneous problems and add some debugging printfs while there.
Restore set of CRYPTO_F_DONE in crypto_done() which was lost at some point after this code came from FreeBSD -- it made it impossible to wait properly for a condition.
Add flags analogous to the "crp" flags to the key operation's krp struct. Add a new flag, CRYPTO_F_ONRETQ which tells us a request finished before the kthread had a chance to dequeue it and call its callback -- this was letting requests stick on the queues before even though done and copied out.
Callers of crypto_newsession() or crypto_freesession() must now take the mutex. Change netipsec to do so. Dispatch takes the mutex itself as needed.
This was tested fairly extensively with the cryptosoft backend and lightly with a new hardware driver. It has not been tested with FAST_IPSEC; I am unable to ascertain whether FAST_IPSEC currently works at all in our tree.
pjd@FreeBSD.ORG, ad@NetBSD.ORG, and darran@snark.us pointed me in the right direction several times in the course of this. Remaining bugs are mine alone.
|
#
1.19 |
|
02-Feb-2008 |
tls |
Add CRYPTO_*_HMAC_96 defines -- missed this file in previous commit.
|
#
1.18 |
|
01-Feb-2008 |
tls |
This code never worked on a released version of FreeBSD in the form it's been in in our tree, and certainly does not work on any version of FreeBSD now. Run through unifdef -D__NetBSD__ -U__FreeBSD__ yielding a small reduction of size and a dramatic improvement in readability.
No, this does not yield any meaningful decrease in patchability (unlike mechanical changes that touch live source lines) -- try it and see.
|
Revision tags: nick-csl-alignment-base5 bouyer-xeni386-merge1 matt-armv6-prevmlocking vmlocking2-base3 bouyer-xeni386-nbase yamt-kmem-base3 cube-autoconf-base yamt-kmem-base2 bouyer-xeni386-base yamt-kmem-base vmlocking2-base2 reinoud-bufcleanup-nbase vmlocking2-base1 jmcneill-base bouyer-xenamd64-base2 vmlocking-nbase yamt-x86pmap-base4 bouyer-xenamd64-base yamt-x86pmap-base3 yamt-x86pmap-base2 yamt-x86pmap-base matt-armv6-base matt-mips64-base jmcneill-pm-base nick-csl-alignment-base yamt-idlelwp-base8 thorpej-atomic-base reinoud-bufcleanup-base mjf-ufs-trans-base vmlocking-base
|
#
1.17 |
|
04-Mar-2007 |
christos |
branches: 1.17.16; 1.17.22; Kill caddr_t; there will be some MI fallout, but it will be fixed shortly.
|
Revision tags: ad-audiomp-base
|
#
1.16 |
|
17-Feb-2007 |
daniel |
branches: 1.16.2; Add an opencrypto provider for the AES xcrypt instructions found on VIA C5P and later cores (also known as 'ACE', which is part of the VIA PadLock security engine). Ported from OpenBSD.
Reviewed on tech-crypto and port-i386, no objections to commiting this.
|
Revision tags: netbsd-4-0-1-RELEASE wrstuden-fixsa-newbase wrstuden-fixsa-base-1 netbsd-4-0-RELEASE netbsd-4-0-RC5 matt-nb4-arm-base netbsd-4-0-RC4 netbsd-4-0-RC3 netbsd-4-0-RC2 netbsd-4-0-RC1 wrstuden-fixsa-base post-newlock2-merge newlock2-nbase yamt-splraiseipl-base5 yamt-splraiseipl-base4 yamt-splraiseipl-base3 newlock2-base netbsd-4-base
|
#
1.15 |
|
16-Nov-2006 |
christos |
__unused removal on arguments; approved by core.
|
Revision tags: yamt-splraiseipl-base2
|
#
1.14 |
|
12-Oct-2006 |
christos |
- sprinkle __unused on function decls. - fix a couple of unused bugs - no more -Wno-unused for i386
|
Revision tags: abandoned-netbsd-4-base yamt-splraiseipl-base yamt-pdpolicy-base9 yamt-pdpolicy-base8 yamt-pdpolicy-base7 yamt-pdpolicy-base6 chap-midi-nbase gdamore-uart-base yamt-pdpolicy-base5 chap-midi-base yamt-pdpolicy-base4 elad-kernelauth-base simonb-timecounters-base rpaulo-netinet-merge-pcb-base
|
#
1.13 |
|
02-Apr-2006 |
dsl |
branches: 1.13.8; 1.13.10; malloc data the size the pointer points to, not the size of a pointer. Maybe we get away with this (at least on 32bit archs) because the structure is 24 bytes and I bet the minimum allocation size is 32. Fixed coverty CIDs 2732 and 2733
|
Revision tags: yamt-pdpolicy-base3
|
#
1.12 |
|
17-Mar-2006 |
christos |
don't use MALLOC with a non-constant size; use malloc instead.
|
Revision tags: peter-altq-base yamt-pdpolicy-base2 yamt-pdpolicy-base yamt-uio_vmspace-base5 yamt-readahead-base3 ktrace-lwp-base
|
#
1.11 |
|
25-Nov-2005 |
thorpej |
branches: 1.11.4; 1.11.6; 1.11.8; 1.11.10; 1.11.12; swcr -> swcrypto
|
#
1.10 |
|
25-Nov-2005 |
thorpej |
- De-couple the software crypto implementation from the rest of the framework. There is no need to waste the space if you are only using algoritms provided by hardware accelerators. To get the software implementations, add "pseudo-device swcr" to your kernel config. - Lazily initialize the opencrypto framework when crypto drivers (either hardware or swcr) register themselves with the framework.
|
Revision tags: netbsd-3-1-1-RELEASE netbsd-3-0-3-RELEASE netbsd-3-1-RELEASE netbsd-3-0-2-RELEASE netbsd-3-1-RC4 netbsd-3-1-RC3 netbsd-3-1-RC2 netbsd-3-1-RC1 netbsd-3-0-1-RELEASE netbsd-3-0-RELEASE netbsd-3-0-RC6 netbsd-3-0-RC5 netbsd-3-0-RC4 netbsd-3-0-RC3 yamt-readahead-base2 netbsd-3-0-RC2 yamt-readahead-pervnode yamt-readahead-perfile yamt-readahead-base netbsd-3-0-RC1 yamt-vop-base3 yamt-vop-base2 thorpej-vnode-attr-base yamt-vop-base yamt-km-base4 yamt-km-base3 netbsd-3-base kent-audio2-base
|
#
1.9 |
|
26-Feb-2005 |
perry |
branches: 1.9.4; 1.9.10; nuke trailing whitespace
|
Revision tags: netbsd-2-0-3-RELEASE netbsd-2-1-RELEASE netbsd-2-1-RC6 netbsd-2-1-RC5 netbsd-2-1-RC4 netbsd-2-1-RC3 netbsd-2-1-RC2 netbsd-2-1-RC1 netbsd-2-0-2-RELEASE yamt-km-base2 yamt-km-base netbsd-2-0-1-RELEASE kent-audio1-beforemerge netbsd-2-base kent-audio1-base netbsd-2-0-RELEASE netbsd-2-0-RC5 netbsd-2-0-RC4 netbsd-2-0-RC3 netbsd-2-0-RC2 netbsd-2-0-RC1 netbsd-2-0-base
|
#
1.8 |
|
27-Aug-2003 |
thorpej |
branches: 1.8.4; 1.8.10; 1.8.12; Some const poisoning.
|
#
1.7 |
|
26-Aug-2003 |
thorpej |
Remove a bunch of unnecessary includes.
|
#
1.6 |
|
25-Aug-2003 |
thorpej |
It's bad form to use the <opencrypto/rmd160.h> header file while using the crypto/ripemd160/rmd160.c implementation. Remove the opencrypto-local copies of these files entirely.
|
#
1.5 |
|
30-Jul-2003 |
jonathan |
Garbage-collect references to OpenBSD-only <dev/rndvar.h>.
|
#
1.4 |
|
28-Jul-2003 |
jonathan |
Remove vestiges of OpenBSD <sys/md5k.h> header.
|
#
1.3 |
|
27-Jul-2003 |
jonathan |
Cleanup traces of previous standalone m_apply()/m_getptr().
|
#
1.2 |
|
26-Jul-2003 |
jonathan |
Fix authentication hashes requested via /dev/crypto. The handler for userland hashes case was partly omitted in the OpenBSD -> FreeBSD port.
|
#
1.1 |
|
25-Jul-2003 |
jonathan |
Commit initial NetBSD port of the OpenCrypto Framework (OCF). This code is derived from Sam Leffler's FreeBSD port of OCF, which is in turn a port of Angelos Keromytis's OpenBSD work. Credit to Sam and Angelos, any blame for the NetBSD port to me.
|
#
1.50 |
|
17-May-2017 |
knakahara |
opencrypto: cleanup debug messages.
|
Revision tags: prg-localcount2-base2 prg-localcount2-base1 prg-localcount2-base pgoyette-localcount-20170426 bouyer-socketcan-base1
|
#
1.49 |
|
18-Apr-2017 |
maya |
branches: 1.49.2; Remove duplicate assignment. We assign the same value unconditionally just before.
from clang static analyzer
XXX surrounding code seems fishy
|
#
1.48 |
|
13-Apr-2017 |
ozaki-r |
Fix usage of MD5Final/SHA1Final
Passing NULL as the digest parameter is wrong.
|
Revision tags: jdolecek-ncq-base pgoyette-localcount-20170320 nick-nhusb-base-20170204 bouyer-socketcan-base pgoyette-localcount-20170107 nick-nhusb-base-20161204 pgoyette-localcount-20161104 nick-nhusb-base-20161004 localcount-20160914 pgoyette-localcount-20160806 pgoyette-localcount-20160726 pgoyette-localcount-base nick-nhusb-base-20160907 nick-nhusb-base-20160529 nick-nhusb-base-20160422 nick-nhusb-base-20160319 nick-nhusb-base-20151226 nick-nhusb-base-20150921
|
#
1.47 |
|
20-Aug-2015 |
christos |
branches: 1.47.2; 1.47.4; include "ioconf.h" to get the 'void <driver>attach(int count);' prototype.
|
Revision tags: netbsd-7-1-RELEASE netbsd-7-1-RC2 netbsd-7-nhusb-base-20170116 netbsd-7-1-RC1 netbsd-7-0-2-RELEASE netbsd-7-nhusb-base netbsd-7-0-1-RELEASE netbsd-7-0-RELEASE netbsd-7-0-RC3 netbsd-7-0-RC2 netbsd-7-0-RC1 nick-nhusb-base-20150606 nick-nhusb-base-20150406 nick-nhusb-base netbsd-7-base tls-earlyentropy-base tls-maxphys-base
|
#
1.46 |
|
02-Jul-2014 |
riastradh |
branches: 1.46.4; If we register with pmf on attach, deregister on detach.
|
#
1.45 |
|
21-Jun-2014 |
christos |
register with pmf.
|
Revision tags: yamt-pagecache-base9 riastradh-xf86-video-intel-2-7-1-pre-2-21-15 riastradh-drm2-base3 rmind-smpnet-nbase rmind-smpnet-base
|
#
1.44 |
|
01-Jan-2014 |
pgoyette |
branches: 1.44.2; Modularize the opencrypto components and link to the build
|
#
1.43 |
|
12-Sep-2013 |
martin |
Remove unused variable
|
Revision tags: riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base
|
#
1.42 |
|
24-Jun-2013 |
riastradh |
branches: 1.42.2; Replace consttime_bcmp/explicit_bzero by consttime_memequal/explicit_memset.
consttime_memequal is the same as the old consttime_bcmp. explicit_memset is to memset as explicit_bzero was to bcmp.
Passes amd64 release and i386/ALL, but I'm sure I missed some spots, so please let me know.
|
Revision tags: agc-symver-base
|
#
1.41 |
|
02-Feb-2013 |
christos |
fix compilation
|
Revision tags: yamt-pagecache-base8 yamt-pagecache-base7 yamt-pagecache-base6
|
#
1.40 |
|
30-Aug-2012 |
drochner |
branches: 1.40.2; Add "consttime_bcmp" and "explicit_bzero" functions for both kernel abd userland, as proposed on tech-security, with explicit_bzero using a volatile function pointer as suggested by Alan Barrett. Both do what the name says. For userland, both are prefixed by "__" to keep them out of the user namespace. Change some memset/memcmp uses to the new functions where it makes sense -- these are just some examples, more to come.
|
Revision tags: netbsd-6-0-6-RELEASE netbsd-6-1-5-RELEASE netbsd-6-1-4-RELEASE netbsd-6-0-5-RELEASE netbsd-6-1-3-RELEASE netbsd-6-0-4-RELEASE netbsd-6-1-2-RELEASE netbsd-6-0-3-RELEASE netbsd-6-1-1-RELEASE netbsd-6-0-2-RELEASE netbsd-6-1-RELEASE netbsd-6-1-RC4 netbsd-6-1-RC3 netbsd-6-1-RC2 netbsd-6-1-RC1 netbsd-6-0-1-RELEASE matt-nb6-plus-nbase netbsd-6-0-RELEASE netbsd-6-0-RC2 matt-nb6-plus-base netbsd-6-0-RC1 jmcneill-usbmp-base10 yamt-pagecache-base5 jmcneill-usbmp-base9 yamt-pagecache-base4 jmcneill-usbmp-base8 jmcneill-usbmp-base7 jmcneill-usbmp-base6 jmcneill-usbmp-base5 jmcneill-usbmp-base4 jmcneill-usbmp-base3 jmcneill-usbmp-pre-base2 jmcneill-usbmp-base2 netbsd-6-base jmcneill-usbmp-base
|
#
1.39 |
|
28-Nov-2011 |
tls |
Remove arc4random() and arc4randbytes() from the kernel API. Replace arc4random() hacks in rump with stubs that call the host arc4random() to get numbers that are hopefully actually random (arc4random() keyed with stack junk is not). This should fix some of the currently failing anita tests -- we should no longer generate duplicate "random" MAC addresses in the test environment.
|
Revision tags: jmcneill-audiomp3-base yamt-pagecache-base3 yamt-pagecache-base2 yamt-pagecache-base rmind-uvmplock-nbase rmind-uvmplock-base
|
#
1.38 |
|
07-Jun-2011 |
drochner |
branches: 1.38.2; use a simple counter as IV for AES-GMAC as suggested in RFC4543
|
Revision tags: cherry-xenmp-base
|
#
1.37 |
|
26-May-2011 |
drochner |
branches: 1.37.2; pull in AES-GCM/GMAC support from OpenBSD This is still somewhat experimental. Tested between 2 similar boxes so far. There is much potential for performance improvement. For now, I've changed the gmac code to accept any data alignment, as the "char *" pointer suggests. As the code is practically used, 32-bit alignment can be assumed, at the cost of data copies. I don't know whether bytewise access or copies are worse performance-wise. For efficient implementations using SSE2 instructions on x86, even stricter alignment requirements might arise.
|
#
1.36 |
|
24-May-2011 |
drochner |
copy AES-XCBC-MAC support from KAME IPSEC to FAST_IPSEC For this to fit, an API change in cryptosoft was adopted from OpenBSD (addition of a "Setkey" method to hashes) which was done for GCM/GMAC support there, so it might be useful in the future anyway. tested against KAME IPSEC AFAICT, FAST_IPSEC now supports as much as KAME.
|
#
1.35 |
|
24-May-2011 |
drochner |
move the "context size" struct member (which is a pure software implementation thing) from the abstract xform descriptor to the cryptosoft implementation part -- for sanity, and now clients of opencrypto don't depend on headers of cipher implementations anymore
|
#
1.34 |
|
24-May-2011 |
drochner |
Change the way the IV is generated for AES-CTR: use a simple counter instead of arc4random(). AES-CTR is sensitive against IV recurrence (with the same key / nonce), and a random number doesn't give that guarantee. This needs a little API change in cryptosoft -- I've suggested it to Open/FreeBSD, might change it depending on feedback. Thanks to Steven Bellovin for hints.
|
#
1.33 |
|
23-May-2011 |
drochner |
add an AES-CTR xform, from OpenBSD
|
#
1.32 |
|
23-May-2011 |
drochner |
-in the descriptor for encryption xforms, split the "blocksize" field into "blocksize" and "IV size" -add an "reinit" function pointer which, if set, means that the xform does its IV handling itself and doesn't want the default CBC handling by the framework (poor name, but left that way to avoid unecessary differences) This syncs with Open/FreeBSD, purpose is to allow non-CBC transforms. Refer to ivsize instead of blocksize where appropriate. (At this point, blocksize and ivsize are identical.)
|
#
1.31 |
|
21-May-2011 |
drochner |
fix a logics bug (which has been here from the beginning) which made that only 96 random bits were used for IV generation, this caused eg that the last 4 bytes of the IV in ESP/AES-CBC were constant, leaking kernel memory affects FAST_IPSEC only
|
#
1.30 |
|
05-May-2011 |
drochner |
support camellia-cbc by swcrypt
|
Revision tags: bouyer-quota2-nbase
|
#
1.29 |
|
25-Feb-2011 |
drochner |
make the use of SHA2-HMAC by FAST_IPSEC compliant to current standards: -RFC2104 says that the block size of the hash algorithm must be used for key/ipad/opad calculations. While formerly all ciphers used a block length of 64, SHA384 and SHA512 use 128 bytes. So we can't use the HMAC_BLOCK_LEN constant anymore. Add a new field to "struct auth_hash" for the per-cipher blocksize. -Due to this, there can't be a single "CRYPTO_SHA2_HMAC" external name anymore. Replace this by 3 for the 3 different keysizes. This was done by Open/FreeBSD before. -Also fix the number of authenticator bits used tor ESP and AH to conform to RFC4868, and remove uses of AH_HMAC_HASHLEN which did assume a fixed authenticator size of 12 bytes.
FAST_IPSEC will not interoperate with KAME IPSEC anymore if sha2 is used, because the latter doesn't implement these standards. It should interoperate with at least modern Free/OpenBSD now. (I've only tested with NetBSD-current/FAST_IPSEC on both ends.)
|
#
1.28 |
|
24-Feb-2011 |
drochner |
small modifications in dealing with the unknown result size of compression/ decompression: -seperate the IPCOMP specific rule that compression must not grow the data from general compression semantics: Introduce a special name CRYPTO_DEFLATE_COMP_NOGROW/comp_algo_deflate_nogrow to describe the IPCOMP semantics and use it there. (being here, fix the check so that equal size is considered failure as well as required by RFC2393) Customers of CRYPTO_DEFLATE_COMP/comp_algo_deflate now always get deflated data back, even if they are not smaller than the original. -allow to pass a "size hint" to the DEFLATE decompression function which is used for the initial buffer allocation. Due to the changes done there, additional allocations and extra copies are avoided if the initial allocation is sufficient. Set the size hint to MCLBYTES (=2k) in IPCOMP which should be good for many use cases.
|
Revision tags: bouyer-quota2-base
|
#
1.27 |
|
10-Feb-2011 |
drochner |
Don't store temporary values in the opencrypto session data struct which can be shared by multiple threads -- pass them on the stack instead. Add some "const" to document this. (One _could_ use the session struct for temporary stuff with proper locking, but it seems unnecessary here.) Also remove the unused SW_crc member in the session struct. From Wolfgang Stukenbrock per PR kern/44472.
|
Revision tags: jruoho-x86intr-base matt-mips64-premerge-20101231 uebayasi-xip-base4 uebayasi-xip-base3 yamt-nfs-mp-base11 uebayasi-xip-base2 yamt-nfs-mp-base10
|
#
1.26 |
|
02-Aug-2010 |
jakllsch |
branches: 1.26.2; 1.26.4; Consistently use a single CRYPTO_SESID2HID-like macro. Improve CRYPTO_DEBUG printing a bit: print pointers with %p print unsigned with %u rather than %d use CRYPTO_SESID2LID instead of just casting to uint32_t
|
Revision tags: uebayasi-xip-base1 yamt-nfs-mp-base9 uebayasi-xip-base matt-premerge-20091211 yamt-nfs-mp-base8 yamt-nfs-mp-base7 jymxensuspend-base yamt-nfs-mp-base6 yamt-nfs-mp-base5 yamt-nfs-mp-base4 jym-xensuspend-nbase yamt-nfs-mp-base3 nick-hppapmap-base4 nick-hppapmap-base3 jym-xensuspend-base nick-hppapmap-base
|
#
1.25 |
|
18-Apr-2009 |
tsutsui |
branches: 1.25.2; 1.25.4; Remove extra whitespace added by a stupid tool. XXX: more in src/sys/arch
|
#
1.24 |
|
25-Mar-2009 |
darran |
Fixes PR kern/41069 and PR kern/41070.
Extends the Opencrypto API to allow the destination buffer size to be specified when its not the same size as the input buffer (i.e. for operations like compress and decompress). The crypto_op and crypt_n_op structures gain a u_int dst_len field. The session_op structure gains a comp_alg field to specify a compression algorithm. Moved four ioctls to new ids; CIOCGSESSION, CIOCNGSESSION, CIOCCRYPT, and CIOCNCRYPTM. Added four backward compatible ioctls; OCIOCGSESSION, OCIOCNGSESSION, OCIOCCRYPT, and OCIOCNCRYPTM.
Backward compatibility is maintained in ocryptodev.h and ocryptodev.c which implement the original ioctls and set dst_len and comp_alg to 0.
Adds user-space access to compression features.
Adds software gzip support (CRYPTO_GZIP_COMP).
Adds the fast version of crc32 from zlib to libkern. This should be generally useful and provide a place to start normalizing the various crc32 routines in the kernel. The crc32 routine is used in this patch to support GZIP.
With input and support from tls@NetBSD.org.
|
#
1.23 |
|
18-Mar-2009 |
cegger |
bcopy -> memcpy
|
#
1.22 |
|
18-Mar-2009 |
cegger |
bzero -> memset
|
Revision tags: nick-hppapmap-base2 mjf-devfs2-base
|
#
1.21 |
|
17-Dec-2008 |
cegger |
branches: 1.21.2; kill MALLOC and FREE macros.
|
Revision tags: matt-nb5-mips64-premerge-20101231 matt-nb5-mips64-k15 netbsd-5-0-2-RELEASE matt-nb5-mips64-premerge-20091211 matt-nb5-mips64-u2-k2-k4-k7-k8-k9 matt-nb4-mips64-k7-u2a-k9b matt-nb5-mips64-u1-k1-k5 netbsd-5-0-1-RELEASE netbsd-5-0-RELEASE netbsd-5-0-RC4 netbsd-5-0-RC3 netbsd-5-0-RC2 netbsd-5-0-RC1 haad-dm-base2 haad-nbase2 ad-audiomp2-base netbsd-5-base matt-mips64-base2 haad-dm-base1 wrstuden-revivesa-base-4 wrstuden-revivesa-base-3 wrstuden-revivesa-base-2 haad-dm-base wrstuden-revivesa-base-1 simonb-wapbl-nbase yamt-pf42-base4 simonb-wapbl-base yamt-pf42-base3 hpcarm-cleanup-nbase yamt-pf42-baseX yamt-pf42-base2 yamt-nfs-mp-base2 wrstuden-revivesa-base yamt-nfs-mp-base yamt-pf42-base ad-socklock-base1 yamt-lazymbuf-base15 yamt-lazymbuf-base14 keiichi-mipv6-nbase nick-net80211-sync-base keiichi-mipv6-base matt-armv6-nbase mjf-devfs-base hpcarm-cleanup-base
|
#
1.20 |
|
04-Feb-2008 |
tls |
branches: 1.20.6; 1.20.10; 1.20.18; 1.20.20; 1.20.26; Rework opencrypto to use a spin mutex (crypto_mtx) instead of "splcrypto" (actually splnet) and condvars instead of tsleep/wakeup. Fix a few miscellaneous problems and add some debugging printfs while there.
Restore set of CRYPTO_F_DONE in crypto_done() which was lost at some point after this code came from FreeBSD -- it made it impossible to wait properly for a condition.
Add flags analogous to the "crp" flags to the key operation's krp struct. Add a new flag, CRYPTO_F_ONRETQ which tells us a request finished before the kthread had a chance to dequeue it and call its callback -- this was letting requests stick on the queues before even though done and copied out.
Callers of crypto_newsession() or crypto_freesession() must now take the mutex. Change netipsec to do so. Dispatch takes the mutex itself as needed.
This was tested fairly extensively with the cryptosoft backend and lightly with a new hardware driver. It has not been tested with FAST_IPSEC; I am unable to ascertain whether FAST_IPSEC currently works at all in our tree.
pjd@FreeBSD.ORG, ad@NetBSD.ORG, and darran@snark.us pointed me in the right direction several times in the course of this. Remaining bugs are mine alone.
|
#
1.19 |
|
02-Feb-2008 |
tls |
Add CRYPTO_*_HMAC_96 defines -- missed this file in previous commit.
|
#
1.18 |
|
01-Feb-2008 |
tls |
This code never worked on a released version of FreeBSD in the form it's been in in our tree, and certainly does not work on any version of FreeBSD now. Run through unifdef -D__NetBSD__ -U__FreeBSD__ yielding a small reduction of size and a dramatic improvement in readability.
No, this does not yield any meaningful decrease in patchability (unlike mechanical changes that touch live source lines) -- try it and see.
|
Revision tags: nick-csl-alignment-base5 bouyer-xeni386-merge1 matt-armv6-prevmlocking vmlocking2-base3 bouyer-xeni386-nbase yamt-kmem-base3 cube-autoconf-base yamt-kmem-base2 bouyer-xeni386-base yamt-kmem-base vmlocking2-base2 reinoud-bufcleanup-nbase vmlocking2-base1 jmcneill-base bouyer-xenamd64-base2 vmlocking-nbase yamt-x86pmap-base4 bouyer-xenamd64-base yamt-x86pmap-base3 yamt-x86pmap-base2 yamt-x86pmap-base matt-armv6-base matt-mips64-base jmcneill-pm-base nick-csl-alignment-base yamt-idlelwp-base8 thorpej-atomic-base reinoud-bufcleanup-base mjf-ufs-trans-base vmlocking-base
|
#
1.17 |
|
04-Mar-2007 |
christos |
branches: 1.17.16; 1.17.22; Kill caddr_t; there will be some MI fallout, but it will be fixed shortly.
|
Revision tags: ad-audiomp-base
|
#
1.16 |
|
17-Feb-2007 |
daniel |
branches: 1.16.2; Add an opencrypto provider for the AES xcrypt instructions found on VIA C5P and later cores (also known as 'ACE', which is part of the VIA PadLock security engine). Ported from OpenBSD.
Reviewed on tech-crypto and port-i386, no objections to commiting this.
|
Revision tags: netbsd-4-0-1-RELEASE wrstuden-fixsa-newbase wrstuden-fixsa-base-1 netbsd-4-0-RELEASE netbsd-4-0-RC5 matt-nb4-arm-base netbsd-4-0-RC4 netbsd-4-0-RC3 netbsd-4-0-RC2 netbsd-4-0-RC1 wrstuden-fixsa-base post-newlock2-merge newlock2-nbase yamt-splraiseipl-base5 yamt-splraiseipl-base4 yamt-splraiseipl-base3 newlock2-base netbsd-4-base
|
#
1.15 |
|
16-Nov-2006 |
christos |
__unused removal on arguments; approved by core.
|
Revision tags: yamt-splraiseipl-base2
|
#
1.14 |
|
12-Oct-2006 |
christos |
- sprinkle __unused on function decls. - fix a couple of unused bugs - no more -Wno-unused for i386
|
Revision tags: abandoned-netbsd-4-base yamt-splraiseipl-base yamt-pdpolicy-base9 yamt-pdpolicy-base8 yamt-pdpolicy-base7 yamt-pdpolicy-base6 chap-midi-nbase gdamore-uart-base yamt-pdpolicy-base5 chap-midi-base yamt-pdpolicy-base4 elad-kernelauth-base simonb-timecounters-base rpaulo-netinet-merge-pcb-base
|
#
1.13 |
|
02-Apr-2006 |
dsl |
branches: 1.13.8; 1.13.10; malloc data the size the pointer points to, not the size of a pointer. Maybe we get away with this (at least on 32bit archs) because the structure is 24 bytes and I bet the minimum allocation size is 32. Fixed coverty CIDs 2732 and 2733
|
Revision tags: yamt-pdpolicy-base3
|
#
1.12 |
|
17-Mar-2006 |
christos |
don't use MALLOC with a non-constant size; use malloc instead.
|
Revision tags: peter-altq-base yamt-pdpolicy-base2 yamt-pdpolicy-base yamt-uio_vmspace-base5 yamt-readahead-base3 ktrace-lwp-base
|
#
1.11 |
|
25-Nov-2005 |
thorpej |
branches: 1.11.4; 1.11.6; 1.11.8; 1.11.10; 1.11.12; swcr -> swcrypto
|
#
1.10 |
|
25-Nov-2005 |
thorpej |
- De-couple the software crypto implementation from the rest of the framework. There is no need to waste the space if you are only using algoritms provided by hardware accelerators. To get the software implementations, add "pseudo-device swcr" to your kernel config. - Lazily initialize the opencrypto framework when crypto drivers (either hardware or swcr) register themselves with the framework.
|
Revision tags: netbsd-3-1-1-RELEASE netbsd-3-0-3-RELEASE netbsd-3-1-RELEASE netbsd-3-0-2-RELEASE netbsd-3-1-RC4 netbsd-3-1-RC3 netbsd-3-1-RC2 netbsd-3-1-RC1 netbsd-3-0-1-RELEASE netbsd-3-0-RELEASE netbsd-3-0-RC6 netbsd-3-0-RC5 netbsd-3-0-RC4 netbsd-3-0-RC3 yamt-readahead-base2 netbsd-3-0-RC2 yamt-readahead-pervnode yamt-readahead-perfile yamt-readahead-base netbsd-3-0-RC1 yamt-vop-base3 yamt-vop-base2 thorpej-vnode-attr-base yamt-vop-base yamt-km-base4 yamt-km-base3 netbsd-3-base kent-audio2-base
|
#
1.9 |
|
26-Feb-2005 |
perry |
branches: 1.9.4; 1.9.10; nuke trailing whitespace
|
Revision tags: netbsd-2-0-3-RELEASE netbsd-2-1-RELEASE netbsd-2-1-RC6 netbsd-2-1-RC5 netbsd-2-1-RC4 netbsd-2-1-RC3 netbsd-2-1-RC2 netbsd-2-1-RC1 netbsd-2-0-2-RELEASE yamt-km-base2 yamt-km-base netbsd-2-0-1-RELEASE kent-audio1-beforemerge netbsd-2-base kent-audio1-base netbsd-2-0-RELEASE netbsd-2-0-RC5 netbsd-2-0-RC4 netbsd-2-0-RC3 netbsd-2-0-RC2 netbsd-2-0-RC1 netbsd-2-0-base
|
#
1.8 |
|
27-Aug-2003 |
thorpej |
branches: 1.8.4; 1.8.10; 1.8.12; Some const poisoning.
|
#
1.7 |
|
26-Aug-2003 |
thorpej |
Remove a bunch of unnecessary includes.
|
#
1.6 |
|
25-Aug-2003 |
thorpej |
It's bad form to use the <opencrypto/rmd160.h> header file while using the crypto/ripemd160/rmd160.c implementation. Remove the opencrypto-local copies of these files entirely.
|
#
1.5 |
|
30-Jul-2003 |
jonathan |
Garbage-collect references to OpenBSD-only <dev/rndvar.h>.
|
#
1.4 |
|
28-Jul-2003 |
jonathan |
Remove vestiges of OpenBSD <sys/md5k.h> header.
|
#
1.3 |
|
27-Jul-2003 |
jonathan |
Cleanup traces of previous standalone m_apply()/m_getptr().
|
#
1.2 |
|
26-Jul-2003 |
jonathan |
Fix authentication hashes requested via /dev/crypto. The handler for userland hashes case was partly omitted in the OpenBSD -> FreeBSD port.
|
#
1.1 |
|
25-Jul-2003 |
jonathan |
Commit initial NetBSD port of the OpenCrypto Framework (OCF). This code is derived from Sam Leffler's FreeBSD port of OCF, which is in turn a port of Angelos Keromytis's OpenBSD work. Credit to Sam and Angelos, any blame for the NetBSD port to me.
|
Revision tags: prg-localcount2-base pgoyette-localcount-20170426 bouyer-socketcan-base1
|
#
1.49 |
|
18-Apr-2017 |
maya |
Remove duplicate assignment. We assign the same value unconditionally just before.
from clang static analyzer
XXX surrounding code seems fishy
|
#
1.48 |
|
13-Apr-2017 |
ozaki-r |
Fix usage of MD5Final/SHA1Final
Passing NULL as the digest parameter is wrong.
|
Revision tags: jdolecek-ncq-base pgoyette-localcount-20170320 nick-nhusb-base-20170204 bouyer-socketcan-base pgoyette-localcount-20170107 nick-nhusb-base-20161204 pgoyette-localcount-20161104 nick-nhusb-base-20161004 localcount-20160914 pgoyette-localcount-20160806 pgoyette-localcount-20160726 pgoyette-localcount-base nick-nhusb-base-20160907 nick-nhusb-base-20160529 nick-nhusb-base-20160422 nick-nhusb-base-20160319 nick-nhusb-base-20151226 nick-nhusb-base-20150921
|
#
1.47 |
|
20-Aug-2015 |
christos |
branches: 1.47.2; 1.47.4; include "ioconf.h" to get the 'void <driver>attach(int count);' prototype.
|
Revision tags: netbsd-7-1-RELEASE netbsd-7-1-RC2 netbsd-7-nhusb-base-20170116 netbsd-7-1-RC1 netbsd-7-0-2-RELEASE netbsd-7-nhusb-base netbsd-7-0-1-RELEASE netbsd-7-0-RELEASE netbsd-7-0-RC3 netbsd-7-0-RC2 netbsd-7-0-RC1 nick-nhusb-base-20150606 nick-nhusb-base-20150406 nick-nhusb-base netbsd-7-base tls-earlyentropy-base tls-maxphys-base
|
#
1.46 |
|
02-Jul-2014 |
riastradh |
branches: 1.46.4; If we register with pmf on attach, deregister on detach.
|
#
1.45 |
|
21-Jun-2014 |
christos |
register with pmf.
|
Revision tags: yamt-pagecache-base9 riastradh-xf86-video-intel-2-7-1-pre-2-21-15 riastradh-drm2-base3 rmind-smpnet-nbase rmind-smpnet-base
|
#
1.44 |
|
01-Jan-2014 |
pgoyette |
branches: 1.44.2; Modularize the opencrypto components and link to the build
|
#
1.43 |
|
12-Sep-2013 |
martin |
Remove unused variable
|
Revision tags: riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base
|
#
1.42 |
|
24-Jun-2013 |
riastradh |
branches: 1.42.2; Replace consttime_bcmp/explicit_bzero by consttime_memequal/explicit_memset.
consttime_memequal is the same as the old consttime_bcmp. explicit_memset is to memset as explicit_bzero was to bcmp.
Passes amd64 release and i386/ALL, but I'm sure I missed some spots, so please let me know.
|
Revision tags: agc-symver-base
|
#
1.41 |
|
02-Feb-2013 |
christos |
fix compilation
|
Revision tags: yamt-pagecache-base8 yamt-pagecache-base7 yamt-pagecache-base6
|
#
1.40 |
|
30-Aug-2012 |
drochner |
branches: 1.40.2; Add "consttime_bcmp" and "explicit_bzero" functions for both kernel abd userland, as proposed on tech-security, with explicit_bzero using a volatile function pointer as suggested by Alan Barrett. Both do what the name says. For userland, both are prefixed by "__" to keep them out of the user namespace. Change some memset/memcmp uses to the new functions where it makes sense -- these are just some examples, more to come.
|
Revision tags: netbsd-6-0-6-RELEASE netbsd-6-1-5-RELEASE netbsd-6-1-4-RELEASE netbsd-6-0-5-RELEASE netbsd-6-1-3-RELEASE netbsd-6-0-4-RELEASE netbsd-6-1-2-RELEASE netbsd-6-0-3-RELEASE netbsd-6-1-1-RELEASE netbsd-6-0-2-RELEASE netbsd-6-1-RELEASE netbsd-6-1-RC4 netbsd-6-1-RC3 netbsd-6-1-RC2 netbsd-6-1-RC1 netbsd-6-0-1-RELEASE matt-nb6-plus-nbase netbsd-6-0-RELEASE netbsd-6-0-RC2 matt-nb6-plus-base netbsd-6-0-RC1 jmcneill-usbmp-base10 yamt-pagecache-base5 jmcneill-usbmp-base9 yamt-pagecache-base4 jmcneill-usbmp-base8 jmcneill-usbmp-base7 jmcneill-usbmp-base6 jmcneill-usbmp-base5 jmcneill-usbmp-base4 jmcneill-usbmp-base3 jmcneill-usbmp-pre-base2 jmcneill-usbmp-base2 netbsd-6-base jmcneill-usbmp-base
|
#
1.39 |
|
28-Nov-2011 |
tls |
Remove arc4random() and arc4randbytes() from the kernel API. Replace arc4random() hacks in rump with stubs that call the host arc4random() to get numbers that are hopefully actually random (arc4random() keyed with stack junk is not). This should fix some of the currently failing anita tests -- we should no longer generate duplicate "random" MAC addresses in the test environment.
|
Revision tags: jmcneill-audiomp3-base yamt-pagecache-base3 yamt-pagecache-base2 yamt-pagecache-base rmind-uvmplock-nbase rmind-uvmplock-base
|
#
1.38 |
|
07-Jun-2011 |
drochner |
branches: 1.38.2; use a simple counter as IV for AES-GMAC as suggested in RFC4543
|
Revision tags: cherry-xenmp-base
|
#
1.37 |
|
26-May-2011 |
drochner |
branches: 1.37.2; pull in AES-GCM/GMAC support from OpenBSD This is still somewhat experimental. Tested between 2 similar boxes so far. There is much potential for performance improvement. For now, I've changed the gmac code to accept any data alignment, as the "char *" pointer suggests. As the code is practically used, 32-bit alignment can be assumed, at the cost of data copies. I don't know whether bytewise access or copies are worse performance-wise. For efficient implementations using SSE2 instructions on x86, even stricter alignment requirements might arise.
|
#
1.36 |
|
24-May-2011 |
drochner |
copy AES-XCBC-MAC support from KAME IPSEC to FAST_IPSEC For this to fit, an API change in cryptosoft was adopted from OpenBSD (addition of a "Setkey" method to hashes) which was done for GCM/GMAC support there, so it might be useful in the future anyway. tested against KAME IPSEC AFAICT, FAST_IPSEC now supports as much as KAME.
|
#
1.35 |
|
24-May-2011 |
drochner |
move the "context size" struct member (which is a pure software implementation thing) from the abstract xform descriptor to the cryptosoft implementation part -- for sanity, and now clients of opencrypto don't depend on headers of cipher implementations anymore
|
#
1.34 |
|
24-May-2011 |
drochner |
Change the way the IV is generated for AES-CTR: use a simple counter instead of arc4random(). AES-CTR is sensitive against IV recurrence (with the same key / nonce), and a random number doesn't give that guarantee. This needs a little API change in cryptosoft -- I've suggested it to Open/FreeBSD, might change it depending on feedback. Thanks to Steven Bellovin for hints.
|
#
1.33 |
|
23-May-2011 |
drochner |
add an AES-CTR xform, from OpenBSD
|
#
1.32 |
|
23-May-2011 |
drochner |
-in the descriptor for encryption xforms, split the "blocksize" field into "blocksize" and "IV size" -add an "reinit" function pointer which, if set, means that the xform does its IV handling itself and doesn't want the default CBC handling by the framework (poor name, but left that way to avoid unecessary differences) This syncs with Open/FreeBSD, purpose is to allow non-CBC transforms. Refer to ivsize instead of blocksize where appropriate. (At this point, blocksize and ivsize are identical.)
|
#
1.31 |
|
21-May-2011 |
drochner |
fix a logics bug (which has been here from the beginning) which made that only 96 random bits were used for IV generation, this caused eg that the last 4 bytes of the IV in ESP/AES-CBC were constant, leaking kernel memory affects FAST_IPSEC only
|
#
1.30 |
|
05-May-2011 |
drochner |
support camellia-cbc by swcrypt
|
Revision tags: bouyer-quota2-nbase
|
#
1.29 |
|
25-Feb-2011 |
drochner |
make the use of SHA2-HMAC by FAST_IPSEC compliant to current standards: -RFC2104 says that the block size of the hash algorithm must be used for key/ipad/opad calculations. While formerly all ciphers used a block length of 64, SHA384 and SHA512 use 128 bytes. So we can't use the HMAC_BLOCK_LEN constant anymore. Add a new field to "struct auth_hash" for the per-cipher blocksize. -Due to this, there can't be a single "CRYPTO_SHA2_HMAC" external name anymore. Replace this by 3 for the 3 different keysizes. This was done by Open/FreeBSD before. -Also fix the number of authenticator bits used tor ESP and AH to conform to RFC4868, and remove uses of AH_HMAC_HASHLEN which did assume a fixed authenticator size of 12 bytes.
FAST_IPSEC will not interoperate with KAME IPSEC anymore if sha2 is used, because the latter doesn't implement these standards. It should interoperate with at least modern Free/OpenBSD now. (I've only tested with NetBSD-current/FAST_IPSEC on both ends.)
|
#
1.28 |
|
24-Feb-2011 |
drochner |
small modifications in dealing with the unknown result size of compression/ decompression: -seperate the IPCOMP specific rule that compression must not grow the data from general compression semantics: Introduce a special name CRYPTO_DEFLATE_COMP_NOGROW/comp_algo_deflate_nogrow to describe the IPCOMP semantics and use it there. (being here, fix the check so that equal size is considered failure as well as required by RFC2393) Customers of CRYPTO_DEFLATE_COMP/comp_algo_deflate now always get deflated data back, even if they are not smaller than the original. -allow to pass a "size hint" to the DEFLATE decompression function which is used for the initial buffer allocation. Due to the changes done there, additional allocations and extra copies are avoided if the initial allocation is sufficient. Set the size hint to MCLBYTES (=2k) in IPCOMP which should be good for many use cases.
|
Revision tags: bouyer-quota2-base
|
#
1.27 |
|
10-Feb-2011 |
drochner |
Don't store temporary values in the opencrypto session data struct which can be shared by multiple threads -- pass them on the stack instead. Add some "const" to document this. (One _could_ use the session struct for temporary stuff with proper locking, but it seems unnecessary here.) Also remove the unused SW_crc member in the session struct. From Wolfgang Stukenbrock per PR kern/44472.
|
Revision tags: jruoho-x86intr-base matt-mips64-premerge-20101231 uebayasi-xip-base4 uebayasi-xip-base3 yamt-nfs-mp-base11 uebayasi-xip-base2 yamt-nfs-mp-base10
|
#
1.26 |
|
02-Aug-2010 |
jakllsch |
branches: 1.26.2; 1.26.4; Consistently use a single CRYPTO_SESID2HID-like macro. Improve CRYPTO_DEBUG printing a bit: print pointers with %p print unsigned with %u rather than %d use CRYPTO_SESID2LID instead of just casting to uint32_t
|
Revision tags: uebayasi-xip-base1 yamt-nfs-mp-base9 uebayasi-xip-base matt-premerge-20091211 yamt-nfs-mp-base8 yamt-nfs-mp-base7 jymxensuspend-base yamt-nfs-mp-base6 yamt-nfs-mp-base5 yamt-nfs-mp-base4 jym-xensuspend-nbase yamt-nfs-mp-base3 nick-hppapmap-base4 nick-hppapmap-base3 jym-xensuspend-base nick-hppapmap-base
|
#
1.25 |
|
18-Apr-2009 |
tsutsui |
branches: 1.25.2; 1.25.4; Remove extra whitespace added by a stupid tool. XXX: more in src/sys/arch
|
#
1.24 |
|
25-Mar-2009 |
darran |
Fixes PR kern/41069 and PR kern/41070.
Extends the Opencrypto API to allow the destination buffer size to be specified when its not the same size as the input buffer (i.e. for operations like compress and decompress). The crypto_op and crypt_n_op structures gain a u_int dst_len field. The session_op structure gains a comp_alg field to specify a compression algorithm. Moved four ioctls to new ids; CIOCGSESSION, CIOCNGSESSION, CIOCCRYPT, and CIOCNCRYPTM. Added four backward compatible ioctls; OCIOCGSESSION, OCIOCNGSESSION, OCIOCCRYPT, and OCIOCNCRYPTM.
Backward compatibility is maintained in ocryptodev.h and ocryptodev.c which implement the original ioctls and set dst_len and comp_alg to 0.
Adds user-space access to compression features.
Adds software gzip support (CRYPTO_GZIP_COMP).
Adds the fast version of crc32 from zlib to libkern. This should be generally useful and provide a place to start normalizing the various crc32 routines in the kernel. The crc32 routine is used in this patch to support GZIP.
With input and support from tls@NetBSD.org.
|
#
1.23 |
|
18-Mar-2009 |
cegger |
bcopy -> memcpy
|
#
1.22 |
|
18-Mar-2009 |
cegger |
bzero -> memset
|
Revision tags: nick-hppapmap-base2 mjf-devfs2-base
|
#
1.21 |
|
17-Dec-2008 |
cegger |
branches: 1.21.2; kill MALLOC and FREE macros.
|
Revision tags: matt-nb5-mips64-premerge-20101231 matt-nb5-mips64-k15 netbsd-5-0-2-RELEASE matt-nb5-mips64-premerge-20091211 matt-nb5-mips64-u2-k2-k4-k7-k8-k9 matt-nb4-mips64-k7-u2a-k9b matt-nb5-mips64-u1-k1-k5 netbsd-5-0-1-RELEASE netbsd-5-0-RELEASE netbsd-5-0-RC4 netbsd-5-0-RC3 netbsd-5-0-RC2 netbsd-5-0-RC1 haad-dm-base2 haad-nbase2 ad-audiomp2-base netbsd-5-base matt-mips64-base2 haad-dm-base1 wrstuden-revivesa-base-4 wrstuden-revivesa-base-3 wrstuden-revivesa-base-2 haad-dm-base wrstuden-revivesa-base-1 simonb-wapbl-nbase yamt-pf42-base4 simonb-wapbl-base yamt-pf42-base3 hpcarm-cleanup-nbase yamt-pf42-baseX yamt-pf42-base2 yamt-nfs-mp-base2 wrstuden-revivesa-base yamt-nfs-mp-base yamt-pf42-base ad-socklock-base1 yamt-lazymbuf-base15 yamt-lazymbuf-base14 keiichi-mipv6-nbase nick-net80211-sync-base keiichi-mipv6-base matt-armv6-nbase mjf-devfs-base hpcarm-cleanup-base
|
#
1.20 |
|
04-Feb-2008 |
tls |
branches: 1.20.6; 1.20.10; 1.20.18; 1.20.20; 1.20.26; Rework opencrypto to use a spin mutex (crypto_mtx) instead of "splcrypto" (actually splnet) and condvars instead of tsleep/wakeup. Fix a few miscellaneous problems and add some debugging printfs while there.
Restore set of CRYPTO_F_DONE in crypto_done() which was lost at some point after this code came from FreeBSD -- it made it impossible to wait properly for a condition.
Add flags analogous to the "crp" flags to the key operation's krp struct. Add a new flag, CRYPTO_F_ONRETQ which tells us a request finished before the kthread had a chance to dequeue it and call its callback -- this was letting requests stick on the queues before even though done and copied out.
Callers of crypto_newsession() or crypto_freesession() must now take the mutex. Change netipsec to do so. Dispatch takes the mutex itself as needed.
This was tested fairly extensively with the cryptosoft backend and lightly with a new hardware driver. It has not been tested with FAST_IPSEC; I am unable to ascertain whether FAST_IPSEC currently works at all in our tree.
pjd@FreeBSD.ORG, ad@NetBSD.ORG, and darran@snark.us pointed me in the right direction several times in the course of this. Remaining bugs are mine alone.
|
#
1.19 |
|
02-Feb-2008 |
tls |
Add CRYPTO_*_HMAC_96 defines -- missed this file in previous commit.
|
#
1.18 |
|
01-Feb-2008 |
tls |
This code never worked on a released version of FreeBSD in the form it's been in in our tree, and certainly does not work on any version of FreeBSD now. Run through unifdef -D__NetBSD__ -U__FreeBSD__ yielding a small reduction of size and a dramatic improvement in readability.
No, this does not yield any meaningful decrease in patchability (unlike mechanical changes that touch live source lines) -- try it and see.
|
Revision tags: nick-csl-alignment-base5 bouyer-xeni386-merge1 matt-armv6-prevmlocking vmlocking2-base3 bouyer-xeni386-nbase yamt-kmem-base3 cube-autoconf-base yamt-kmem-base2 bouyer-xeni386-base yamt-kmem-base vmlocking2-base2 reinoud-bufcleanup-nbase vmlocking2-base1 jmcneill-base bouyer-xenamd64-base2 vmlocking-nbase yamt-x86pmap-base4 bouyer-xenamd64-base yamt-x86pmap-base3 yamt-x86pmap-base2 yamt-x86pmap-base matt-armv6-base matt-mips64-base jmcneill-pm-base nick-csl-alignment-base yamt-idlelwp-base8 thorpej-atomic-base reinoud-bufcleanup-base mjf-ufs-trans-base vmlocking-base
|
#
1.17 |
|
04-Mar-2007 |
christos |
branches: 1.17.16; 1.17.22; Kill caddr_t; there will be some MI fallout, but it will be fixed shortly.
|
Revision tags: ad-audiomp-base
|
#
1.16 |
|
17-Feb-2007 |
daniel |
branches: 1.16.2; Add an opencrypto provider for the AES xcrypt instructions found on VIA C5P and later cores (also known as 'ACE', which is part of the VIA PadLock security engine). Ported from OpenBSD.
Reviewed on tech-crypto and port-i386, no objections to commiting this.
|
Revision tags: netbsd-4-0-1-RELEASE wrstuden-fixsa-newbase wrstuden-fixsa-base-1 netbsd-4-0-RELEASE netbsd-4-0-RC5 matt-nb4-arm-base netbsd-4-0-RC4 netbsd-4-0-RC3 netbsd-4-0-RC2 netbsd-4-0-RC1 wrstuden-fixsa-base post-newlock2-merge newlock2-nbase yamt-splraiseipl-base5 yamt-splraiseipl-base4 yamt-splraiseipl-base3 newlock2-base netbsd-4-base
|
#
1.15 |
|
16-Nov-2006 |
christos |
__unused removal on arguments; approved by core.
|
Revision tags: yamt-splraiseipl-base2
|
#
1.14 |
|
12-Oct-2006 |
christos |
- sprinkle __unused on function decls. - fix a couple of unused bugs - no more -Wno-unused for i386
|
Revision tags: abandoned-netbsd-4-base yamt-splraiseipl-base yamt-pdpolicy-base9 yamt-pdpolicy-base8 yamt-pdpolicy-base7 yamt-pdpolicy-base6 chap-midi-nbase gdamore-uart-base yamt-pdpolicy-base5 chap-midi-base yamt-pdpolicy-base4 elad-kernelauth-base simonb-timecounters-base rpaulo-netinet-merge-pcb-base
|
#
1.13 |
|
02-Apr-2006 |
dsl |
branches: 1.13.8; 1.13.10; malloc data the size the pointer points to, not the size of a pointer. Maybe we get away with this (at least on 32bit archs) because the structure is 24 bytes and I bet the minimum allocation size is 32. Fixed coverty CIDs 2732 and 2733
|
Revision tags: yamt-pdpolicy-base3
|
#
1.12 |
|
17-Mar-2006 |
christos |
don't use MALLOC with a non-constant size; use malloc instead.
|
Revision tags: peter-altq-base yamt-pdpolicy-base2 yamt-pdpolicy-base yamt-uio_vmspace-base5 yamt-readahead-base3 ktrace-lwp-base
|
#
1.11 |
|
25-Nov-2005 |
thorpej |
branches: 1.11.4; 1.11.6; 1.11.8; 1.11.10; 1.11.12; swcr -> swcrypto
|
#
1.10 |
|
25-Nov-2005 |
thorpej |
- De-couple the software crypto implementation from the rest of the framework. There is no need to waste the space if you are only using algoritms provided by hardware accelerators. To get the software implementations, add "pseudo-device swcr" to your kernel config. - Lazily initialize the opencrypto framework when crypto drivers (either hardware or swcr) register themselves with the framework.
|
Revision tags: netbsd-3-1-1-RELEASE netbsd-3-0-3-RELEASE netbsd-3-1-RELEASE netbsd-3-0-2-RELEASE netbsd-3-1-RC4 netbsd-3-1-RC3 netbsd-3-1-RC2 netbsd-3-1-RC1 netbsd-3-0-1-RELEASE netbsd-3-0-RELEASE netbsd-3-0-RC6 netbsd-3-0-RC5 netbsd-3-0-RC4 netbsd-3-0-RC3 yamt-readahead-base2 netbsd-3-0-RC2 yamt-readahead-pervnode yamt-readahead-perfile yamt-readahead-base netbsd-3-0-RC1 yamt-vop-base3 yamt-vop-base2 thorpej-vnode-attr-base yamt-vop-base yamt-km-base4 yamt-km-base3 netbsd-3-base kent-audio2-base
|
#
1.9 |
|
26-Feb-2005 |
perry |
branches: 1.9.4; 1.9.10; nuke trailing whitespace
|
Revision tags: netbsd-2-0-3-RELEASE netbsd-2-1-RELEASE netbsd-2-1-RC6 netbsd-2-1-RC5 netbsd-2-1-RC4 netbsd-2-1-RC3 netbsd-2-1-RC2 netbsd-2-1-RC1 netbsd-2-0-2-RELEASE yamt-km-base2 yamt-km-base netbsd-2-0-1-RELEASE kent-audio1-beforemerge netbsd-2-base kent-audio1-base netbsd-2-0-RELEASE netbsd-2-0-RC5 netbsd-2-0-RC4 netbsd-2-0-RC3 netbsd-2-0-RC2 netbsd-2-0-RC1 netbsd-2-0-base
|
#
1.8 |
|
27-Aug-2003 |
thorpej |
branches: 1.8.4; 1.8.10; 1.8.12; Some const poisoning.
|
#
1.7 |
|
26-Aug-2003 |
thorpej |
Remove a bunch of unnecessary includes.
|
#
1.6 |
|
25-Aug-2003 |
thorpej |
It's bad form to use the <opencrypto/rmd160.h> header file while using the crypto/ripemd160/rmd160.c implementation. Remove the opencrypto-local copies of these files entirely.
|
#
1.5 |
|
30-Jul-2003 |
jonathan |
Garbage-collect references to OpenBSD-only <dev/rndvar.h>.
|
#
1.4 |
|
28-Jul-2003 |
jonathan |
Remove vestiges of OpenBSD <sys/md5k.h> header.
|
#
1.3 |
|
27-Jul-2003 |
jonathan |
Cleanup traces of previous standalone m_apply()/m_getptr().
|
#
1.2 |
|
26-Jul-2003 |
jonathan |
Fix authentication hashes requested via /dev/crypto. The handler for userland hashes case was partly omitted in the OpenBSD -> FreeBSD port.
|
#
1.1 |
|
25-Jul-2003 |
jonathan |
Commit initial NetBSD port of the OpenCrypto Framework (OCF). This code is derived from Sam Leffler's FreeBSD port of OCF, which is in turn a port of Angelos Keromytis's OpenBSD work. Credit to Sam and Angelos, any blame for the NetBSD port to me.
|