src - OpenBSD base system

Age	Commit message (Collapse)	Author
2009-07-05	Buffer in RMD160_CTX is length RMD160_BLOCK_LENGTH not RMD160_DIGEST_LENGTH.	Todd C. Miller
	Userland version was already correct. From Jason Fritcher. OK deraadt@
2009-02-17	variable no longer used	Theo de Raadt

2009-02-17	The loop here preparing the uio always added the length of the first	Owain Ainsworth
	iovec, not the correct one. It worked ok since iovcnt was always 1. Since it's unlikely to be any other number, remove the loop and just add the one length we care about. "go ahead" deraadt@.
2008-11-04	Use defines for constants. Use __attribute__ bounded.	Hans-Joerg Hoexer
	ok markus@ (quite some time ago)
2008-10-30	reintroduce mutexes to workqs for locking.	David Gwynne
	tested by many on many archs including several alpha test. ok tedu@ go for it deraadt@
2008-09-06	match libc sha2(3) API changes for kernel; ok millert@	Damien Miller

2008-08-12	Implementation of the HMAC-MD5, HMAC-SHA1, HMAC-SHA256, AES-128-CMAC	Damien Bergamini
	and AES Key Wrap algorithms. They will replace/extend the non-generic implementation in net80211. AES-128-CMAC tested by sobrado@ (AlphaServer 1200), naddy@ (alpha/sparc64) and sthen@ (sparc64, armish). HMAC-* reviewed by hshoexer@ ok and hints from djm@
2008-07-21	gives this a chance to work on architectures with strict alignment	Damien Bergamini
	constraints.
2008-06-25	implement automatic time-based rekeying (every 10 minutes); ok deraadt@	Damien Miller

2008-06-09	Introduce a facility to generate unpredictable 32 bit numbers with	Damien Miller
	near maximal (2^32) cycle times. These are useful for network IDs in cases where there are negative consequences to ID prediction and/or reuse. Use the idgen32() functions to generate IPv6 IDs and NFS client/server XIDs. Pseudorandom permutation code in crypto/idgen.c based on public domain skip32.c from Greg Rose. feedback & ok thib@ deraadt@
2008-06-09	add myself to copyright	Damien Miller

2008-06-09	Implement the AES XTS mode of operation for the crypto(9) framework.	Damien Miller
	XTS is a "tweaked" AES mode that has properties that are desirable for block device encryption and it is specified in the IEEE P1619-2007 standard for this purpose. prodded by & ok hshoexer@
2008-06-09	constify arguments in wrapper functions; the lower level functions	Damien Miller
	were already done
2008-06-09	rename arc4random_bytes => arc4random_buf to match libc's nicer name;	Damien Miller
	ok deraadt@
2007-11-28	finish conversion to workq. remove list remnants, and put spl in the right	Ted Unangst
	places. handle the no workq case here. ok deraadt
2007-11-26	typos; ok jmc@	Martynas Venckus
	sys/netinet/in_pcb.c and sys/net/bridgestp.c ok henning@ sys/dev/pci/bktr/* ok jakemsr@
2007-11-25	convert crypto thread to workq. add WQ_DIRECTOK flag to workq.	Ted Unangst
	combined, this lets us use crypto before the thread is running and therefore cryptoraid can attach nice and early. ok/testing deraadt mbalmer marco
2007-11-14	do not call crypto_done() on errors, since the drivers already do this.	Markus Friedl
	otherwise we call the callback twice; fixes panics on crypto errors as seen on reboot; ok hshoexer
2007-09-15	fix error introduced by my previous commit:	Hans-Joerg Hoexer
	"MALLOC(*swd, ...)" vs. "swd = malloc(..." ok millert
2007-09-13	Here too: Convert MALLOC/FREE to malloc/free and use M_ZERO where applicable.	Hans-Joerg Hoexer
	error spotting and ok krw@
2007-09-11	Add __bounded__ attributes to prototypes.	Damien Miller
	Use (x & 0xff) rather than (x % 256) - compilers generate faster code. Add arc4_getbytes function to extract raw keystream ok markus@ tom@
2007-09-10	Make the hmac ipad/opad globals "const" and fixup the crypto functions	Henric Jungheim
	to match. ok deraadt@
2007-07-24	add rc4_skip() function that can be used to discard bytes from	Damien Bergamini
	the arc4 key stream. rc4_skip(ctx, len); is equivalent to: u_int8_t dummy[len]; rc4_crypt(ctx, dummy, dummy, len); except that is does not require storage space and that it saves some cpu cycles. ok deraadt@
2007-07-20	unbreak landisk kernel sha1 by working around a compiler bug;	Otto Moerbeek
	also brings kernel sha1 more in line with userland; discussed with miod@ and millert@;
2007-05-27	make the #defines in rijndael.h a bit more meaningful	Ted Unangst
	ok djm and with a hint from henning
2007-05-27	make crp_buf a void *. caddr_t implies bufferness, it's not.	Ted Unangst
	ok deraadt jason
2007-04-10	``it's'' -> ``its'' when the grammar gods require this change.	Miod Vallat

2007-02-21	Don't use arbitrary 128 bytes as size of the blf key array if we know exactly	Alexander von Gernler
	how much blowfish takes at max, which is 72 bytes. Also define a constant for this in the include file, suggested by ray@. ok pedro@ thib@ tedu@
2007-02-19	minimum blocksize for ESP is 32 bit, so adjust blocksize of NULL	Hans-Joerg Hoexer
	encryption accordingly. Makes NULL encryption useable with ESP. Noticed by Martin Hedenfalk <martin.hedenfalk at gmail.com>. ok markus@
2006-12-29	Avoid void * arithmetic, okay deraadt@, suggestions from millert@	Pedro Martelletto

2006-11-19	typo; from bret lambert	Jason McIntyre
	ok pedro
2006-10-25	pr5274 fix localhost dos with oversized values	Ted Unangst
	ok deraadt
2006-05-31	remove some silly casts. put spl calls after all declarations.	Ted Unangst
	put one splx in a better spot. make a variable size MALLOC use malloc. remove null test after malloc(M_WAITOK). add PR_NOWAIT flag to pool_get instead of 0. change callbacks to correct type. ok brad deraadt markus mickey
2006-03-23	kill evil \r; from cedric	Michael Shalayeff

2006-03-21	Implementation of the Michael MIC as defined in IEEE 802.11i for TKIP.	Reyk Floeter
	The MIC generates a weak 64bit digest protected by an additional key. Obviously, this digest alg is required for future IEEE 802.11i/WPA support. test vectors passed on alpha amd64 mvme68k mvme88k sgi sparc sparc64 vax i386 ok djm@
2006-03-04	splimp -> splvm	Brad Smith
	ok miod@
2005-08-18	do not allow 0-length transforms; from freebsd	Theo de Raadt

2005-06-13	get rid of ifdef MSDOS, no binary change	Hans-Joerg Hoexer
	ok markus@
2005-05-25	AESCTR support for ESP (RFC 3686); ok hshoexer	Markus Friedl

2005-05-10	support NULL encryption for ESP; ok hshoexer, ho	Markus Friedl

2005-05-02	simplify by using arc4random_bytes(), ok djm, hshoexer	Markus Friedl

2005-03-24	major knf	Hans-Joerg Hoexer
	fix spelling in comment, by rohee@ no binary change ok deraadt@
2005-03-24	ansi and tiny knf	Hans-Joerg Hoexer
	ok deraadt@
2004-12-21	Don't use crypto thread for callbacks.	Marco Pfatschbacher
	This primarily improves IPsec performance when using crypto accelerators. With help from markus@, tested by wvdputte@. ok deraadt@, markus@
2004-12-20	Allow the setkey function of a transform to fail, eg. when an insufficient	Hans-Joerg Hoexer
	number of key bits is supplied. Only AES and DES/3DES might fail. ok and help markus@
2004-12-15	minimum key length of aes is 128 bit, not 64.	Hans-Joerg Hoexer
	ok markus
2004-12-14	indentation and some knf, no binary change	Hans-Joerg Hoexer
	ok + help markus
2004-06-26	Ansification of defalte-/lsz-stubs.	Hans-Joerg Hoexer
	ok jfb@
2004-06-20	In crypto_thread(), always save return value from splimp(). We were only	Aaron Campbell
	storing it once on kernel startup. Scary. "holy crap" --deraadt. art@ ok Unclear if this was actually a problem in practice, but this doesn't hurt.
2004-05-07	Replace RSA-derived md5 code with code derived from Colin Plumb's PD version.	Todd C. Miller
	This moves md5.c out of libkern and into sys/crypto where it belongs (as requested by markus@). Note that md5.c is still mandatory (dev/rnd.c uses it). Verified with IPsec + hmac-md5 and tcp md5sig. OK henning@ and hshoexer@