| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2010-01-10 | Fix two bugs in IPsec/HMAC-SHA2: | Markus Friedl | |
| (1) use correct (message) block size of 128 byte (instead of 64 bytes) for HMAC-SHA512/384 (RFC4634). (2) RFC4868 specifies that HMAC-SHA-{256,384,512} is truncated to nnn/2 bits, while we still use 96 bits. 96 bits have been specified in draft-ietf-ipsec-ciph-sha-256-00 while draft-ietf-ipsec-ciph-sha-256-01 changed it to 128 bits. WARNING: this change makes IPsec with SHA-256 (the default) incompatible with older OpenBSD versions and other IPsec-implementations that share this bug. ok+tests naddy, fries; requested by reyk/deraadt | |||
| 2009-09-03 | crypto hardware (eg, hifn) establishes its interrupt handler at | David Gwynne | |
| IPL_NET. when the hardware finishes some work for the crypto subsystem and therefore something in the kernel that wanted crypto done, it calls crypto_done from that interrupt handler. one of the things that uses crypto is ipsec. when crypto is done for ipsec it then pushes the packet along the network stack. the problem is that all the structures inside the network stack are only protected at splsoftnet. we could be in the middle of modifications to the pf state table or the pfsync queues when we get a hifn interrupt and then go stomp on the same structures. the solution is to defer the completions so they can do the right spl protections. this basically reverts r1.46 of src/sys/crypto/crypto.c. found by naddy@ | |||
| 2008-06-09 | Implement the AES XTS mode of operation for the crypto(9) framework. | Damien Miller | |
| XTS is a "tweaked" AES mode that has properties that are desirable for block device encryption and it is specified in the IEEE P1619-2007 standard for this purpose. prodded by & ok hshoexer@ | |||
| 2007-11-28 | finish conversion to workq. remove list remnants, and put spl in the right | Ted Unangst | |
| places. handle the no workq case here. ok deraadt | |||
| 2007-05-27 | make crp_buf a void *. caddr_t implies bufferness, it's not. | Ted Unangst | |
| ok deraadt jason | |||
| 2006-05-31 | remove some silly casts. put spl calls after all declarations. | Ted Unangst | |
| put one splx in a better spot. make a variable size MALLOC use malloc. remove null test after malloc(M_WAITOK). add PR_NOWAIT flag to pool_get instead of 0. change callbacks to correct type. ok brad deraadt markus mickey | |||
| 2005-05-25 | AESCTR support for ESP (RFC 3686); ok hshoexer | Markus Friedl | |
| 2003-08-14 | mirror change in mbufs: cuio_copyback's 4th arg is now const void * | Jason Wright | |
| 2003-07-24 | increase ALG_MAX_RESULT_LEN to 64 bytes for sha2-512 | Markus Friedl | |
| 2003-07-24 | hmac-sha2-{256,384,512} support in AH/ESP auth. markus ok | Jun-ichiro itojun Hagino | |
| 2003-06-03 | license cleanup regarding term 4 | Theo de Raadt | |
| 2003-06-03 | Fastpath for userland crypto requests. This change makes userland | Bob Beck | |
| crypto requests attempt to call the crypto driver directly to process crypto layer requests, as opposed to queueing them in the kernel crypto thread. If we can't use the crypto devices (i.e. they're busy) we fall back to queueing the request up in the crypto thread as before. This does allow for faster performance in some cases (smaller requests, how small seems to be dependent on the card/cpu combination) where context switching is a major issue in performance. ok deraadt@ jason@ | |||
| 2003-02-15 | skeleton support for LZS compression | Jason Wright | |
| 2003-02-15 | CRD_F_COMP isn't so special that it needs 4 bits for a binary flag | Jason Wright | |
| 2002-11-21 | From Angelos: | Jason Wright | |
| - simplistic load balancing across multiple cards - simplified registration process - a few style nits. | |||
| 2002-11-12 | Add a CRYPTO_NULL xform (it's a do nothing, but nice for measuring the | Jason Wright | |
| bandwidth of the kernel API). It's only available from userland and then only if kern.cryptodevallowsoft=1. | |||
| 2002-07-17 | I don't know why this breaks things for me when sshd starts on sparc64. | Artur Grabowski | |
| But after wasting the whole day trying to just locate the problem I don't care. Back out since this wasn't tested and showed to anyone else. | |||
| 2002-07-16 | Add CRYPTO_ALGORITHM_ALL | Angelos D. Keromytis | |
| 2002-06-11 | kernel changes to make asymmetric crypto work in userland | Bob Beck | |
| - modify getfeat to return something more useful to us on devices (like lofn and everything else until jason fixes it) that can't do rsa stuff, etc and can only do mod_exp.. - error handling fixes so we correctly fail to software when we can't deal with a particular key size - add sysctl kern.userasymcrypto to turn on/off userland asymmetric crypto via /dev/crypto - 1 == on, 0 == off, default is off | |||
| 2002-06-09 | Don't use an int for the flags, when the structure uses | Angelos D. Keromytis | |
| u_int8_t. Also, make sure the logic is correct (bad theo!) | |||
| 2002-05-18 | not ready to export fcrypt to userland yet; spotted by lebel | Theo de Raadt | |
| 2002-05-18 | export struct fcrypt to userland | Theo de Raadt | |
| 2002-04-24 | kernel API does not need the userland addresses, make them go away | Theo de Raadt | |
| 2002-04-23 | initial hack at a CIOCSYMFEAT ioctl | Theo de Raadt | |
| 2002-04-23 | driver queueing & callback code for keying operations | Theo de Raadt | |
| 2002-04-08 | Credit DARPA/USAF appropriately. | Jason Wright | |
| 2002-03-14 | First round of __P removal in sys | Todd C. Miller | |
| 2002-03-04 | remove old PK stuff | Theo de Raadt | |
| 2002-03-02 | do some more renaming | Theo de Raadt | |
| 2002-03-02 | initial cut at crypto_sop definitions for symmetric crypto | Theo de Raadt | |
| 2002-03-01 | remove CRYPTO_BUF_CONTIG and convert to handle iovs. okay deraadt@ | Niels Provos | |
| 2002-03-01 | helper functions for uio (cuio_apply and cuio_getptr) okay deraadt@ | Niels Provos | |
| 2002-02-24 | license repair, angelos ok | Theo de Raadt | |
| 2002-01-29 | Remove the iov2pages/mbuf2pages API... All of the relevant arch's support | Jason Wright | |
| bus_dma(9) which actually does this job correctly. | |||
| 2001-11-09 | be way more sure that software cannot be used | Theo de Raadt | |
| 2001-08-28 | Getting closer to working userland MAC. | ben | |
| 2001-08-22 | add RC4 and SHA1 support | Theo de Raadt | |
| 2001-08-05 | put in tags for ARC4 to please ben, who now has no excuses | Theo de Raadt | |
| 2001-07-05 | Stylistic changes. | Angelos D. Keromytis | |
| 2001-07-05 | Compression support for IPComp. Include files only. angelos@ ok. | Jean-Jacques Bernard-Gundol | |
| 2001-06-25 | Add crypto_check_alg(), from jgarfiel@seas.upenn.edu | Angelos D. Keromytis | |
| 2001-06-25 | Update comments. | Angelos D. Keromytis | |
| 2001-06-24 | Fix RSA structure. | Angelos D. Keromytis | |
| 2001-06-23 | Remove unneeded crp_iv field, set the right flags for IV handling in | Angelos D. Keromytis | |
| the crypto device. | |||
| 2001-06-23 | New prototype for crypto_register(), to take into account maximum key | Angelos D. Keromytis | |
| length (for PK operations) and various flags. Structures for public key operations (DH, RSA, DSA). A lot of this work was done by jgarfiel@seas.upenn.edu | |||
| 2001-06-23 | merge crypto/crypto{dev,}.h to crypto/cryptodev.h, to avoid name conflicts ↵ | Theo de Raadt | |
| inside OpenSSL codebase | |||
| 2001-06-01 | CRIOGET is a _IOWR ioctl | Theo de Raadt | |
| 2001-05-13 | copyrights and $OpenBSD$ tags | Jason Wright | |
| 2001-05-13 | initial cut at /dev/crypto support. takes original mbuf "try, and discard | Theo de Raadt | |
| if we fail" semantics and extends to two varients of data movement: mbuf, or an iovec style block. | |||
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |