summaryrefslogtreecommitdiff
path: root/sys/crypto
AgeCommit message (Collapse)Author
2002-08-16fix size in MALLOC/bzero call, from sam@errno.com, ok deraadt@Daniel Hartmeier
2002-07-17I don't know why this breaks things for me when sshd starts on sparc64.Artur Grabowski
But after wasting the whole day trying to just locate the problem I don't care. Back out since this wasn't tested and showed to anyone else.
2002-07-16Double-pass over drivers, first hardware only, then software (if weAngelos D. Keromytis
are interested in software).
2002-07-16Fix a typo, cleanup on session migration code in crypto_invoke(), andAngelos D. Keromytis
add a convention that if the driver returns ERESTART as an error message of its process method, the crypto framework will unregister the driver and migrate all its sessions. After discussion with Sam Leffler and Jason Wright.
2002-07-16Add CRYPTO_ALGORITHM_ALLAngelos D. Keromytis
2002-07-10proper cdev_decl(crypto) and no private protosMichael Shalayeff
2002-07-10use right sizeof in memcpy; markus okTheo de Raadt
2002-07-02inital -> initialNathan Binkert
2002-06-19ansiTheo de Raadt
2002-06-19re-enable both crypto operationsTheo de Raadt
2002-06-12looks slightly betterTheo de Raadt
2002-06-12undo 1.46; fixes double free (the keys are freed on session close).Markus Friedl
passes regress/sys/crypto
2002-06-12so let us analyse the development process here:Theo de Raadt
- complete breakage of symmetric userland crypto - fast commit without review by other developers - no regression test run (markus points out regression crash kernel) Hence, we must disable userland crypto for now, until it gets repaired by these people who don't follow process....
2002-06-11kernel changes to make asymmetric crypto work in userlandBob Beck
- modify getfeat to return something more useful to us on devices (like lofn and everything else until jason fixes it) that can't do rsa stuff, etc and can only do mod_exp.. - error handling fixes so we correctly fail to software when we can't deal with a particular key size - add sysctl kern.userasymcrypto to turn on/off userland asymmetric crypto via /dev/crypto - 1 == on, 0 == off, default is off
2002-06-10fix ivory tower greek fix. ok angelos@Bob Beck
2002-06-10You should always free the keys, not just on error --- the cryptoAngelos D. Keromytis
framework doesn't hold on to these.
2002-06-10__FUNCTION__ -> __func__Marc Espie
2002-06-09Don't use an int for the flags, when the structure usesAngelos D. Keromytis
u_int8_t. Also, make sure the logic is correct (bad theo!)
2002-06-07Handle csecreate errors. deraadt@ and beck@Thomas Nordin
2002-05-18not ready to export fcrypt to userland yet; spotted by lebelTheo de Raadt
2002-05-18export struct fcrypt to userlandTheo de Raadt
2002-05-08Don't deref null pointer in failure case.Jason Wright
2002-04-2732 bit constraint is wrong, we thinkTheo de Raadt
2002-04-26minor tweaksTheo de Raadt
2002-04-26disable cryptodevallowsoft again; constrain key bit sizes to % 32cryptodev.cTheo de Raadt
2002-04-24kernel API does not need the userland addresses, make them go awayTheo de Raadt
2002-04-23initial hack at a CIOCSYMFEAT ioctlTheo de Raadt
2002-04-23driver queueing & callback code for keying operationsTheo de Raadt
2002-04-22KNFTheo de Raadt
2002-04-08Credit DARPA/USAF appropriately.Jason Wright
2002-04-03fix possible alignment problem; with markus@, angelos@ deraadt@ ok.Federico G. Schwindt
2002-04-03disable userland crypto for 3.1Theo de Raadt
2002-03-19Don't keep the last blocksize-bytes of ciphertext for use as the nextAngelos D. Keromytis
plaintext's IV, in CBC mode. Use arc4random() to acquire fresh IVs per message instead (particularly useful for IPsec). This avoids the CBC oracle attack. provos@ ok
2002-03-15Kill #if __STDC__ used to do K&R vs. ANSI varargs/stdarg; just do thingsTodd C. Miller
the ANSI way.
2002-03-14First round of __P removal in sysTodd C. Miller
2002-03-05export MD5/SHA1 via /dev/crypto; ok provos@, beck@Markus Friedl
tested with cryptosoft and kern.cryptodevallowsoft=1
2002-03-04parts that copy in PK parametersTheo de Raadt
2002-03-04remove old PK stuffTheo de Raadt
2002-03-04crypto_check_alg() is not neededTheo de Raadt
2002-03-02do some more renamingTheo de Raadt
2002-03-02initial cut at crypto_sop definitions for symmetric cryptoTheo de Raadt
2002-03-01sysctl for cryptodevallowsoft - /dev/crypto will allow the software engineNiels Provos
to be used if there are no hardware cards. mostly for debugging and regression.
2002-03-01remove CRYPTO_BUF_CONTIG and convert to handle iovs. okay deraadt@Niels Provos
2002-03-01helper functions for uio (cuio_apply and cuio_getptr) okay deraadt@Niels Provos
2002-02-24license repair, angelos okTheo de Raadt
2002-02-23sysctl kern.usercryptoTheo de Raadt
2002-02-08- Rename FILE_{,UN}USE to FREF and FRELE. USE is a bad verb and we don't haveArtur Grabowski
the same semantics as NetBSD anyway, so it's good to avoid name collissions. - Always fdremove before freeing the file, not the other way around. - falloc FREFs the file. - have FILE_SET_MATURE FRELE the file (It feels like a good ortogonality to falloc FREFing the file). - Use closef as much as possible instead of ffree in error paths of falloc:ing functions. closef is much more careful with the fd and can deal with the fd being forcibly closed by dup2. Also try to avoid manually calling *fo_close when closef can do that for us (this makes some error paths mroe complicated (sys_socketpair and sys_pipe), but others become simpler (sys_open)).
2002-01-29Remove the iov2pages/mbuf2pages API... All of the relevant arch's supportJason Wright
bus_dma(9) which actually does this job correctly.
2002-01-23It looks like there has been one crack smoking and a few cut and pastes.Artur Grabowski
PR_FREEHEADER should not be set in pool_init by the caller. It shouldn't be set in pool_init at all. Besides, it's going away soon anyway.
2002-01-23Pool deals fairly well with physical memory shortage, but it doesn't dealArtur Grabowski
well (not at all) with shortages of the vm_map where the pages are mapped (usually kmem_map). Try to deal with it: - group all information the backend allocator for a pool in a separate struct. The pool will only have a pointer to that struct. - change the pool_init API to reflect that. - link all pools allocating from the same allocator on a linked list. - Since an allocator is responsible to wait for physical memory it will only fail (waitok) when it runs out of its backing vm_map, carefully drain pools using the same allocator so that va space is freed. (see comments in code for caveats and details). - change pool_reclaim to return if it actually succeeded to free some memory, use that information to make draining easier and more efficient. - get rid of PR_URGENT, noone uses it.