#
1.24 |
|
12-Mar-2021 |
jsg |
spelling
ok mpi@
|
#
1.23 |
|
09-Jan-2021 |
gnezdo |
Enforce range with sysctl_int_bounded in swap_encrypt_ctl
OK millert@
|
Revision tags: OPENBSD_5_8_BASE OPENBSD_5_9_BASE OPENBSD_6_0_BASE OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE
|
#
1.22 |
|
06-May-2015 |
dlg |
make SWAP_KEY_GET symmetrical with SWAP_KEY_PUT by having it call a function in uvm_swap_encrypt.c instead of doing stuff inline.
lets me remove an extern from the header too.
ok kettenis@
|
#
1.21 |
|
04-May-2015 |
dlg |
reduce the scope of things that include uvm_swap_encrypt.h.
uvm_meter.c needs it to route the sysctl, uvm_swap.c needs it to use the functionality, and uvm_swap_encrypt.c needs it to for obvious reasons. userland sysctl already includes it explicitely.
everything else doesnt and shouldnt care.
ok miod@
|
#
1.20 |
|
14-Mar-2015 |
jsg |
Remove some includes include-what-you-use claims don't have any direct symbols used. Tested for indirect use by compiling amd64/i386/sparc64 kernels.
ok tedu@ deraadt@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.19 |
|
18-Nov-2014 |
tedu |
move arc4random prototype to systm.h. more appropriate for most code to include that than rdnvar.h. ok deraadt dlg
|
#
1.18 |
|
14-Sep-2014 |
jsg |
remove uneeded proc.h includes ok mpi@ kspillner@
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE OPENBSD_5_5_BASE OPENBSD_5_6_BASE
|
#
1.17 |
|
11-Jan-2011 |
deraadt |
for key material that is being being discarded, convert bzero() to explicit_bzero() where required ok markus mikeb
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.16 |
|
20-Apr-2010 |
tedu |
remove proc.h include from uvm_map.h. This has far reaching effects, as sysctl.h was reliant on this particular include, and many drivers included sysctl.h unnecessarily. remove sysctl.h or add proc.h as needed. ok deraadt
|
Revision tags: OPENBSD_4_6_BASE OPENBSD_4_7_BASE
|
#
1.15 |
|
23-Mar-2009 |
oga |
turn a for (i = 0; i < size; i++) arc4random(); loop into arc4random_buf().
Since that function is now so small (2 lines), inline it into it's only user.
Shaves some bytes (104 on amd64).
ok deraadt@, blambert@. djm@ liked an earlier diff.
|
Revision tags: OPENBSD_3_8_BASE OPENBSD_3_9_BASE OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE OPENBSD_4_4_BASE OPENBSD_4_5_BASE
|
#
1.14 |
|
26-Mar-2005 |
deraadt |
encrypt swap by default. cheap, and why not. can be disabled by people who have machines that hit swap a lot. decided after survey of developers, we found that most turned this on. ok various
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.13 |
|
29-Nov-2004 |
hshoexer |
ansi + some knf, no binary change
ok deraadt
|
Revision tags: OPENBSD_3_5_BASE OPENBSD_3_6_BASE SMP_SYNC_A SMP_SYNC_B
|
#
1.12 |
|
26-Dec-2003 |
markus |
- use 1/2 space for rijndael context in ipsec - rijndael_set_key_enc_only() sets up context for encryption only - rijndael_set_key() always sets up full context - rijndaelKeySetupDec() gets back original protoype - uvm: use _enc_only() interface with hshoexer@, ok deraadt@
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE OPENBSD_3_4_BASE UBC_SYNC_A UBC_SYNC_B
|
#
1.11 |
|
02-Jul-2002 |
nate |
inital -> initial
|
Revision tags: OPENBSD_3_1_BASE UBC_BASE
|
#
1.10 |
|
06-Nov-2001 |
miod |
branches: 1.10.2; Replace inclusion of <vm/foo.h> with the correct <uvm/bar.h> when necessary. (Look ma, I might have broken the tree)
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.9 |
|
24-Aug-2001 |
markus |
switch to the optimised AES reference code from http://www.esat.kuleuven.ac.be/~rijmen/rijndael/rijndael-fst-3.0.zip the same code is used by ssh, so please make sure to update usr.sbin/ssh/rijndael.c if you change this code. tested on sparc (jason) and with swap encryption (me); ok deraadt@, provos@
|
#
1.8 |
|
06-Aug-2001 |
mickey |
remove vm_conf.h; art@ ok
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.7 |
|
29-Jan-2001 |
niklas |
$OpenBSD$
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.6 |
|
07-Sep-2000 |
art |
Convert bzero to memset(X, 0..) and bcopy to memcpy. This is to match (make diffs smaller) the code in NetBSD. new gcc inlines those functions, so this could also be a performance win.
|
#
1.5 |
|
14-Jun-2000 |
provos |
put in own ctl level for swapencrypt.
|
#
1.4 |
|
27-May-2000 |
provos |
use rijndael instead of blowfish because of faster key setup. break swap paritions into sections, each section has own encryption key. if a section's key becomes unreferenced, erase it.
|
#
1.3 |
|
26-May-2000 |
provos |
use encrypted blocknumber as IV
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.2 |
|
29-Feb-2000 |
markus |
<crypto/blf.h>
|
Revision tags: SMP_BASE
|
#
1.1 |
|
30-Dec-1999 |
provos |
branches: 1.1.2; swap encryption for UVM, option UVM_SWAP_ENCRYPT. needs to be enabled via sysctl. Pages are encrypted with the Blowfish encryption algorithm, the key is initialized randomly on first swap out, ensuring that entropy has accumulated in the kernel randomness pool. Eventually, swap encryption will be decided on a process by process basis, e.g. a process that reads from a cryptographic filesystem will enable swap encrypt for its pages. okay art@ and deraadt@.
|
#
1.23 |
|
09-Jan-2021 |
gnezdo |
Enforce range with sysctl_int_bounded in swap_encrypt_ctl
OK millert@
|
Revision tags: OPENBSD_5_8_BASE OPENBSD_5_9_BASE OPENBSD_6_0_BASE OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE
|
#
1.22 |
|
06-May-2015 |
dlg |
make SWAP_KEY_GET symmetrical with SWAP_KEY_PUT by having it call a function in uvm_swap_encrypt.c instead of doing stuff inline.
lets me remove an extern from the header too.
ok kettenis@
|
#
1.21 |
|
04-May-2015 |
dlg |
reduce the scope of things that include uvm_swap_encrypt.h.
uvm_meter.c needs it to route the sysctl, uvm_swap.c needs it to use the functionality, and uvm_swap_encrypt.c needs it to for obvious reasons. userland sysctl already includes it explicitely.
everything else doesnt and shouldnt care.
ok miod@
|
#
1.20 |
|
14-Mar-2015 |
jsg |
Remove some includes include-what-you-use claims don't have any direct symbols used. Tested for indirect use by compiling amd64/i386/sparc64 kernels.
ok tedu@ deraadt@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.19 |
|
18-Nov-2014 |
tedu |
move arc4random prototype to systm.h. more appropriate for most code to include that than rdnvar.h. ok deraadt dlg
|
#
1.18 |
|
14-Sep-2014 |
jsg |
remove uneeded proc.h includes ok mpi@ kspillner@
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE OPENBSD_5_5_BASE OPENBSD_5_6_BASE
|
#
1.17 |
|
11-Jan-2011 |
deraadt |
for key material that is being being discarded, convert bzero() to explicit_bzero() where required ok markus mikeb
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.16 |
|
20-Apr-2010 |
tedu |
remove proc.h include from uvm_map.h. This has far reaching effects, as sysctl.h was reliant on this particular include, and many drivers included sysctl.h unnecessarily. remove sysctl.h or add proc.h as needed. ok deraadt
|
Revision tags: OPENBSD_4_6_BASE OPENBSD_4_7_BASE
|
#
1.15 |
|
23-Mar-2009 |
oga |
turn a for (i = 0; i < size; i++) arc4random(); loop into arc4random_buf().
Since that function is now so small (2 lines), inline it into it's only user.
Shaves some bytes (104 on amd64).
ok deraadt@, blambert@. djm@ liked an earlier diff.
|
Revision tags: OPENBSD_3_8_BASE OPENBSD_3_9_BASE OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE OPENBSD_4_4_BASE OPENBSD_4_5_BASE
|
#
1.14 |
|
26-Mar-2005 |
deraadt |
encrypt swap by default. cheap, and why not. can be disabled by people who have machines that hit swap a lot. decided after survey of developers, we found that most turned this on. ok various
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.13 |
|
29-Nov-2004 |
hshoexer |
ansi + some knf, no binary change
ok deraadt
|
Revision tags: OPENBSD_3_5_BASE OPENBSD_3_6_BASE SMP_SYNC_A SMP_SYNC_B
|
#
1.12 |
|
26-Dec-2003 |
markus |
- use 1/2 space for rijndael context in ipsec - rijndael_set_key_enc_only() sets up context for encryption only - rijndael_set_key() always sets up full context - rijndaelKeySetupDec() gets back original protoype - uvm: use _enc_only() interface with hshoexer@, ok deraadt@
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE OPENBSD_3_4_BASE UBC_SYNC_A UBC_SYNC_B
|
#
1.11 |
|
02-Jul-2002 |
nate |
inital -> initial
|
Revision tags: OPENBSD_3_1_BASE UBC_BASE
|
#
1.10 |
|
06-Nov-2001 |
miod |
branches: 1.10.2; Replace inclusion of <vm/foo.h> with the correct <uvm/bar.h> when necessary. (Look ma, I might have broken the tree)
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.9 |
|
24-Aug-2001 |
markus |
switch to the optimised AES reference code from http://www.esat.kuleuven.ac.be/~rijmen/rijndael/rijndael-fst-3.0.zip the same code is used by ssh, so please make sure to update usr.sbin/ssh/rijndael.c if you change this code. tested on sparc (jason) and with swap encryption (me); ok deraadt@, provos@
|
#
1.8 |
|
06-Aug-2001 |
mickey |
remove vm_conf.h; art@ ok
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.7 |
|
29-Jan-2001 |
niklas |
$OpenBSD$
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.6 |
|
07-Sep-2000 |
art |
Convert bzero to memset(X, 0..) and bcopy to memcpy. This is to match (make diffs smaller) the code in NetBSD. new gcc inlines those functions, so this could also be a performance win.
|
#
1.5 |
|
14-Jun-2000 |
provos |
put in own ctl level for swapencrypt.
|
#
1.4 |
|
27-May-2000 |
provos |
use rijndael instead of blowfish because of faster key setup. break swap paritions into sections, each section has own encryption key. if a section's key becomes unreferenced, erase it.
|
#
1.3 |
|
26-May-2000 |
provos |
use encrypted blocknumber as IV
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.2 |
|
29-Feb-2000 |
markus |
<crypto/blf.h>
|
Revision tags: SMP_BASE
|
#
1.1 |
|
30-Dec-1999 |
provos |
branches: 1.1.2; swap encryption for UVM, option UVM_SWAP_ENCRYPT. needs to be enabled via sysctl. Pages are encrypted with the Blowfish encryption algorithm, the key is initialized randomly on first swap out, ensuring that entropy has accumulated in the kernel randomness pool. Eventually, swap encryption will be decided on a process by process basis, e.g. a process that reads from a cryptographic filesystem will enable swap encrypt for its pages. okay art@ and deraadt@.
|
Revision tags: OPENBSD_5_8_BASE OPENBSD_5_9_BASE OPENBSD_6_0_BASE OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.22 |
|
06-May-2015 |
dlg |
make SWAP_KEY_GET symmetrical with SWAP_KEY_PUT by having it call a function in uvm_swap_encrypt.c instead of doing stuff inline.
lets me remove an extern from the header too.
ok kettenis@
|
#
1.21 |
|
04-May-2015 |
dlg |
reduce the scope of things that include uvm_swap_encrypt.h.
uvm_meter.c needs it to route the sysctl, uvm_swap.c needs it to use the functionality, and uvm_swap_encrypt.c needs it to for obvious reasons. userland sysctl already includes it explicitely.
everything else doesnt and shouldnt care.
ok miod@
|
#
1.20 |
|
14-Mar-2015 |
jsg |
Remove some includes include-what-you-use claims don't have any direct symbols used. Tested for indirect use by compiling amd64/i386/sparc64 kernels.
ok tedu@ deraadt@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.19 |
|
18-Nov-2014 |
tedu |
move arc4random prototype to systm.h. more appropriate for most code to include that than rdnvar.h. ok deraadt dlg
|
#
1.18 |
|
14-Sep-2014 |
jsg |
remove uneeded proc.h includes ok mpi@ kspillner@
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE OPENBSD_5_5_BASE OPENBSD_5_6_BASE
|
#
1.17 |
|
11-Jan-2011 |
deraadt |
for key material that is being being discarded, convert bzero() to explicit_bzero() where required ok markus mikeb
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.16 |
|
20-Apr-2010 |
tedu |
remove proc.h include from uvm_map.h. This has far reaching effects, as sysctl.h was reliant on this particular include, and many drivers included sysctl.h unnecessarily. remove sysctl.h or add proc.h as needed. ok deraadt
|
Revision tags: OPENBSD_4_6_BASE OPENBSD_4_7_BASE
|
#
1.15 |
|
23-Mar-2009 |
oga |
turn a for (i = 0; i < size; i++) arc4random(); loop into arc4random_buf().
Since that function is now so small (2 lines), inline it into it's only user.
Shaves some bytes (104 on amd64).
ok deraadt@, blambert@. djm@ liked an earlier diff.
|
Revision tags: OPENBSD_3_8_BASE OPENBSD_3_9_BASE OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE OPENBSD_4_4_BASE OPENBSD_4_5_BASE
|
#
1.14 |
|
26-Mar-2005 |
deraadt |
encrypt swap by default. cheap, and why not. can be disabled by people who have machines that hit swap a lot. decided after survey of developers, we found that most turned this on. ok various
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.13 |
|
29-Nov-2004 |
hshoexer |
ansi + some knf, no binary change
ok deraadt
|
Revision tags: OPENBSD_3_5_BASE OPENBSD_3_6_BASE SMP_SYNC_A SMP_SYNC_B
|
#
1.12 |
|
26-Dec-2003 |
markus |
- use 1/2 space for rijndael context in ipsec - rijndael_set_key_enc_only() sets up context for encryption only - rijndael_set_key() always sets up full context - rijndaelKeySetupDec() gets back original protoype - uvm: use _enc_only() interface with hshoexer@, ok deraadt@
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE OPENBSD_3_4_BASE UBC_SYNC_A UBC_SYNC_B
|
#
1.11 |
|
02-Jul-2002 |
nate |
inital -> initial
|
Revision tags: OPENBSD_3_1_BASE UBC_BASE
|
#
1.10 |
|
06-Nov-2001 |
miod |
branches: 1.10.2; Replace inclusion of <vm/foo.h> with the correct <uvm/bar.h> when necessary. (Look ma, I might have broken the tree)
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.9 |
|
24-Aug-2001 |
markus |
switch to the optimised AES reference code from http://www.esat.kuleuven.ac.be/~rijmen/rijndael/rijndael-fst-3.0.zip the same code is used by ssh, so please make sure to update usr.sbin/ssh/rijndael.c if you change this code. tested on sparc (jason) and with swap encryption (me); ok deraadt@, provos@
|
#
1.8 |
|
06-Aug-2001 |
mickey |
remove vm_conf.h; art@ ok
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.7 |
|
29-Jan-2001 |
niklas |
$OpenBSD$
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.6 |
|
07-Sep-2000 |
art |
Convert bzero to memset(X, 0..) and bcopy to memcpy. This is to match (make diffs smaller) the code in NetBSD. new gcc inlines those functions, so this could also be a performance win.
|
#
1.5 |
|
14-Jun-2000 |
provos |
put in own ctl level for swapencrypt.
|
#
1.4 |
|
27-May-2000 |
provos |
use rijndael instead of blowfish because of faster key setup. break swap paritions into sections, each section has own encryption key. if a section's key becomes unreferenced, erase it.
|
#
1.3 |
|
26-May-2000 |
provos |
use encrypted blocknumber as IV
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.2 |
|
29-Feb-2000 |
markus |
<crypto/blf.h>
|
Revision tags: SMP_BASE
|
#
1.1 |
|
30-Dec-1999 |
provos |
branches: 1.1.2; swap encryption for UVM, option UVM_SWAP_ENCRYPT. needs to be enabled via sysctl. Pages are encrypted with the Blowfish encryption algorithm, the key is initialized randomly on first swap out, ensuring that entropy has accumulated in the kernel randomness pool. Eventually, swap encryption will be decided on a process by process basis, e.g. a process that reads from a cryptographic filesystem will enable swap encrypt for its pages. okay art@ and deraadt@.
|