Age | Commit message (Collapse) | Author | |
---|---|---|---|
2005-08-18 | do not allow 0-length transforms; from freebsd | Theo de Raadt | |
2005-05-25 | AESCTR support for ESP (RFC 3686); ok hshoexer | Markus Friedl | |
2004-05-07 | Replace RSA-derived md5 code with code derived from Colin Plumb's PD version. | Todd C. Miller | |
This moves md5.c out of libkern and into sys/crypto where it belongs (as requested by markus@). Note that md5.c is still mandatory (dev/rnd.c uses it). Verified with IPsec + hmac-md5 and tcp md5sig. OK henning@ and hshoexer@ | |||
2004-03-14 | disable mac for now, they are not usable with current hardware; ok deraadt@ | Markus Friedl | |
2003-09-23 | Replace select backends with poll backends. selscan() and pollscan() | Todd C. Miller | |
now call the poll backend. With this change we implement greater poll(2) functionality instead of emulating it via the select backend. Adapted from NetBSD and including some changes from FreeBSD. Tested by many, deraadt@ OK | |||
2003-06-10 | don't allow /dev/crypto to be opened ifndef CRYPTO (the thread hasn't been | Jason Wright | |
started, so all operations will hang later on anyway). | |||
2003-06-03 | license cleanup regarding term 4 | Theo de Raadt | |
2003-06-03 | Fastpath for userland crypto requests. This change makes userland | Bob Beck | |
crypto requests attempt to call the crypto driver directly to process crypto layer requests, as opposed to queueing them in the kernel crypto thread. If we can't use the crypto devices (i.e. they're busy) we fall back to queueing the request up in the crypto thread as before. This does allow for faster performance in some cases (smaller requests, how small seems to be dependent on the card/cpu combination) where context switching is a major issue in performance. ok deraadt@ jason@ | |||
2003-05-30 | move max limit back down to 65536-4 | Jason Wright | |
2002-11-21 | From Angelos: | Jason Wright | |
- simplistic load balancing across multiple cards - simplified registration process - a few style nits. | |||
2002-11-12 | Add a CRYPTO_NULL xform (it's a do nothing, but nice for measuring the | Jason Wright | |
bandwidth of the kernel API). It's only available from userland and then only if kern.cryptodevallowsoft=1. | |||
2002-07-10 | proper cdev_decl(crypto) and no private protos | Michael Shalayeff | |
2002-06-19 | ansi | Theo de Raadt | |
2002-06-19 | re-enable both crypto operations | Theo de Raadt | |
2002-06-12 | looks slightly better | Theo de Raadt | |
2002-06-12 | undo 1.46; fixes double free (the keys are freed on session close). | Markus Friedl | |
passes regress/sys/crypto | |||
2002-06-12 | so let us analyse the development process here: | Theo de Raadt | |
- complete breakage of symmetric userland crypto - fast commit without review by other developers - no regression test run (markus points out regression crash kernel) Hence, we must disable userland crypto for now, until it gets repaired by these people who don't follow process.... | |||
2002-06-11 | kernel changes to make asymmetric crypto work in userland | Bob Beck | |
- modify getfeat to return something more useful to us on devices (like lofn and everything else until jason fixes it) that can't do rsa stuff, etc and can only do mod_exp.. - error handling fixes so we correctly fail to software when we can't deal with a particular key size - add sysctl kern.userasymcrypto to turn on/off userland asymmetric crypto via /dev/crypto - 1 == on, 0 == off, default is off | |||
2002-06-10 | You should always free the keys, not just on error --- the crypto | Angelos D. Keromytis | |
framework doesn't hold on to these. | |||
2002-06-07 | Handle csecreate errors. deraadt@ and beck@ | Thomas Nordin | |
2002-05-18 | not ready to export fcrypt to userland yet; spotted by lebel | Theo de Raadt | |
2002-05-18 | export struct fcrypt to userland | Theo de Raadt | |
2002-05-08 | Don't deref null pointer in failure case. | Jason Wright | |
2002-04-27 | 32 bit constraint is wrong, we think | Theo de Raadt | |
2002-04-26 | disable cryptodevallowsoft again; constrain key bit sizes to % 32cryptodev.c | Theo de Raadt | |
2002-04-24 | kernel API does not need the userland addresses, make them go away | Theo de Raadt | |
2002-04-23 | initial hack at a CIOCSYMFEAT ioctl | Theo de Raadt | |
2002-04-23 | driver queueing & callback code for keying operations | Theo de Raadt | |
2002-04-08 | Credit DARPA/USAF appropriately. | Jason Wright | |
2002-04-03 | disable userland crypto for 3.1 | Theo de Raadt | |
2002-03-14 | First round of __P removal in sys | Todd C. Miller | |
2002-03-05 | export MD5/SHA1 via /dev/crypto; ok provos@, beck@ | Markus Friedl | |
tested with cryptosoft and kern.cryptodevallowsoft=1 | |||
2002-03-04 | parts that copy in PK parameters | Theo de Raadt | |
2002-03-01 | sysctl for cryptodevallowsoft - /dev/crypto will allow the software engine | Niels Provos | |
to be used if there are no hardware cards. mostly for debugging and regression. | |||
2002-02-23 | sysctl kern.usercrypto | Theo de Raadt | |
2002-02-08 | - Rename FILE_{,UN}USE to FREF and FRELE. USE is a bad verb and we don't have | Artur Grabowski | |
the same semantics as NetBSD anyway, so it's good to avoid name collissions. - Always fdremove before freeing the file, not the other way around. - falloc FREFs the file. - have FILE_SET_MATURE FRELE the file (It feels like a good ortogonality to falloc FREFing the file). - Use closef as much as possible instead of ffree in error paths of falloc:ing functions. closef is much more careful with the fd and can deal with the fd being forcibly closed by dup2. Also try to avoid manually calling *fo_close when closef can do that for us (this makes some error paths mroe complicated (sys_socketpair and sys_pipe), but others become simpler (sys_open)). | |||
2001-11-13 | garbage in my last commit | Theo de Raadt | |
2001-11-09 | be way more sure that software cannot be used | Theo de Raadt | |
2001-11-08 | indent | Theo de Raadt | |
2001-10-26 | - every new fd created by falloc() is marked as larval and should not be used | Artur Grabowski | |
any anyone. Every caller of falloc matures the fd when it's usable. - Since every lookup in the fd table must now check this flag and all of them do the same thing, move all the necessary checks into a function - fd_getfile. | |||
2001-09-03 | do not screw up the reference counts | Theo de Raadt | |
2001-08-28 | Getting closer to working userland MAC. | ben | |
2001-08-24 | KNF | Theo de Raadt | |
2001-08-17 | Add RC4 support. | ben | |
2001-06-24 | Remove whitespace. | Angelos D. Keromytis | |
2001-06-23 | Adjust length. | Angelos D. Keromytis | |
2001-06-23 | Use C-style comments... | Angelos D. Keromytis | |
2001-06-23 | Initialize crd_skip | Angelos D. Keromytis | |
2001-06-23 | Remove unneeded crp_iv field, set the right flags for IV handling in | Angelos D. Keromytis | |
the crypto device. | |||
2001-06-23 | merge crypto/crypto{dev,}.h to crypto/cryptodev.h, to avoid name conflicts ↵ | Theo de Raadt | |
inside OpenSSL codebase |