src - OpenBSD base system

Age	Commit message (Collapse)	Author
2020-06-21	curve25519 for wireguard.	David Gwynne
	via Matt Dunwoodie and Jason A. Donenfeld ok deraadt@
2020-06-21	add blake2s for wireguard.	David Gwynne
	via Matt Dunwoodie and Jason A. Donenfeld ok deraadt@
2020-05-29	rndvar.h not needed here	Theo de Raadt

2020-04-15	idgen32(9): use time_uptime(9) for rekey timestamps, not time_second(9)	cheloha
	Timestamp contexts with a monotonic clock. time_second(9) can jump, stretching or truncating our rekey interval. time_uptime(9) will not jump around. ok djm@
2020-03-30	Break crypto_unregister() sanity check into two expressions, making it	Kenneth R Westerback
	clearer what is being checked. Original suggestion from kettenis@.
2020-03-29	Don't access past end of cc_alg[] when trying to avoid	Kenneth R Westerback
	unregistering an invalid algorithm. CID 1453298 ok kettenis@ (with suggested improvements to come)
2019-01-09	free(9) sizes.	Martin Pieuchot
	ok visa@
2018-05-31	Add sizes for free().	Frederic Cambus
	OK visa@
2018-04-09	Move some AES-related defines into xform.h to reduce duplication.	Visa Hankala
	gmac.c is left untouched for now to preserve layering. OK mikeb@, deraadt@
2018-01-05	Sync with the code in libc	Mike Belopuhov
	OK millert; original commit message by tedu@: memcpy from the right place. at this point, the used variable is not relevant. from Mark Karpilovskij. ok millert
2017-11-30	Fix the IPL and flags of the MP-safe crypto taskq. Now a sane IPL	Visa Hankala
	is passed to the mutex implementation, and the queue actually runs without the kernel lock. Tested by dhill@ OK mikeb@, dhill@, kettenis@
2017-08-10	the userland crypto interface died long ago, can clean up the header	Ted Unangst

2017-05-31	make the AES-XTS mode a little more constant-time, though the AES	Damien Miller
	implementation that it depends on currently isn't. ok mikeb tom
2017-05-17	Revert MI AES-XTS code back to T-tables amid poor performance	Mike Belopuhov
	Suffered by many, the revert tested by stsp@.
2017-05-02	Switch 802.11 crypto over to the new AES	Mike Belopuhov
	OK stsp@
2017-05-02	Switch glxsb(4), VIA padlock and AES-NI drivers over to the new AES	Mike Belopuhov

2017-05-02	Switch OCF and IPsec over to the new AES	Mike Belopuhov
	ok djm
2017-04-30	Constant time AES implementation	Mike Belopuhov
	This introduces a 32-bit constant time AES implementation from Thomas Pornin originally for BearSSL and then adjusted by Thomas and myself to fit OpenBSD kernel. One of the additional features is an API for encryption and decryption subkey expansion in the format specified by NIST in FIPS 197. Tested by myself and naddy@, ok djm@
2017-04-12	The kernel has to slightly different version of SipHash_Final but with	Florian Obser
	the same bug as just fixed in userland: ---------- SipHash_Final() was assuming the digest was 64-bit aligned, resulting in misaligned memory accesses with armv7 ramdisk -Os bsd.rd ping ok florian millert ---------- OK deraadt@
2017-02-07	Reduce the per-packet allocation costs for crypto operations (cryptop)	Patrick Wildt
	by pre-allocating two cryptodesc objects and storing them in an array instead of a linked list. If more than two cryptodesc objects are required use mallocarray to fetch them. Adapt the drivers to the new API. This change results in one pool-get per ESP packet instead of three. It also simplifies softraid crypto where more cryptodesc objects are allocated than used. From, with and ok markus@, ok bluhm@ "looks sane" mpi@
2017-02-07	The return code of crp_callback is never checked, so it is not	Alexander Bluhm
	useful to propagate the error. When an error occurs in an asynchronous network path, incrementing a counter is the right thing. There are four places where an error is not accounted, just add a comment for now. OK mpi@ visa@
2016-09-19	convert bcopy to memcpy. from david hill	Ted Unangst

2016-09-15	all pools have their ipl set via pool_setipl, so fold it into pool_init.	David Gwynne
	the ioff argument to pool_init() is unused and has been for many years, so this replaces it with an ipl argument. because the ipl will be set on init we no longer need pool_setipl. most of these changes have been done with coccinelle using the spatch below. cocci sucks at formatting code though, so i fixed that by hand. the manpage and subr_pool.c bits i did myself. ok tedu@ jmatthew@ @ipl@ expression pp; expression ipl; expression s, a, o, f, m, p; @@ -pool_init(pp, s, a, o, f, m, p); -pool_setipl(pp, ipl); +pool_init(pp, s, a, ipl, f, m, p);
2016-09-02	Remove variables 'm' and 'uio' that are only ever assigned to	Tom Cosgrove
	(in swcr_authenc()) ok mikeb@, who pointed out that I'd missed uio
2016-04-18	Add a mechanism for dispatching mpsafe crypto operations. This adds a new	Mark Kettenis
	CRYPTOCAP_F_MPSAFE flag that crypto implementations can set to indicate that their cc_process() implementation can safely run without holding the kernel lock. ok mikeb@
2015-12-10	Remove plain DES from the kernel crypto framework, including the crypto	Christian Weisgerber
	accelerator drivers. No longer used by anything. ok sthen@ mikeb@
2015-11-18	Cleanup gotos as suggested by jsing@ along with spaces and label names	Mike Belopuhov

2015-11-13	remove unused ARC4 support; ok mikeb@	Christian Weisgerber

2015-11-13	Remove unused non HMAC versions of MD5 and SHA1; ok mpi, deraadt, naddy	Mike Belopuhov

2015-11-12	remove a few unused defines	Mike Belopuhov

2015-11-12	another define from the dsa era	Mike Belopuhov

2015-11-12	spacing	Mike Belopuhov

2015-11-07	Update copyright information	Mike Belopuhov

2015-11-07	Pass AES_GMAC context as a void pointer to cut down on casts in xform.c	Mike Belopuhov

2015-11-07	Allow overriding ghash_update() with an optimized MD function. Use	Christian Weisgerber
	this on amd64 to provide a version that uses the PCLMUL instruction on CPUs that support it but don't have AESNI. ok mikeb@
2015-11-06	Instead of multiplying with 0..1, extend the bit into a mask and do an AND.	Christian Weisgerber
	The same technique was already used a few lines above. ok mikeb@
2015-11-04	Pass context as a void pointer to cut down on casts in xform.c	Mike Belopuhov

2015-11-03	Remove two unused defines	Mike Belopuhov

2015-11-03	Enable Chacha20-Poly1305 in the software crypto driver	Mike Belopuhov
	ok naddy, jsing, reyk
2015-11-03	Hook up Chacha20-Poly1305 to the OpenBSD Cryptographic Framework	Mike Belopuhov
	ok naddy, jsing
2015-11-03	Chacha20-Poly1305 AEAD construction as described in RFC7634 and RFC7539	Mike Belopuhov
	ok naddy, jsing
2015-10-29	Import Poly1305 Message Authentication Code	Mike Belopuhov
	Poly1305 is a one-time authenticator designed by Daniel J. Bernstein. This is a slightly adjusted public domain implementation by Andrew Moon found at https://github.com/floodyberry/poly1305-donna ok jsing, previous version ok djm, looked at by reyk@
2015-10-27	Use verbose defines instead of hardcoded values for clarity when	Mike Belopuhov
	initializing hash objects. No binary or functional change.
2015-10-27	Sync chacha_ivsetup to the version in ssh so that we could	Mike Belopuhov
	specify custom counter value when setting up Chacha context. ok reyk djm
2015-10-26	Use axf's hashsize as a block size in the authenticated encryption routine.	Mike Belopuhov
	No change for GCM, however upcoming changes will rely on this.
2015-08-31	two fairly simple sizes for free()	Theo de Raadt

2015-08-28	fairly simple sizes for free(); ok tedu	Theo de Raadt

2015-03-16	Include <sys/param.h> rather than <sys/types.h> when also including	Miod Vallat
	<sys/systm.h>; fixes build on vax due to <machine/macros.h> redeclaring some functions from <lib/libkern/libkern.h> as inlines.
2015-03-14	Remove wrong reference to zlib.	Loganaden Velvindron
	OK deraadt@
2015-03-14	Remove some includes include-what-you-use claims don't	Jonathan Gray
	have any direct symbols used. Tested for indirect use by compiling amd64/i386/sparc64 kernels. ok tedu@ deraadt@