| Age | Commit message (Collapse) | Author |
|---|
|
deflate(); this hurts interop with broken old openbsd releases; ok reyk@
|
|
a high compression ratio, e.g. for ping -s 10000 -p aa
- deal with inflate returning Z_BUF_ERROR if the output buffer is full.
this can happen in some edge cases with upgraded libz from 2004
ok mikeb@
|
|
|
|
ok jsing, markus
|
|
ancient code looked pretty crummy.
ok deraadt@
|
|
|
|
|
|
rather than requiring each algorithm to provide their own memory handling.
This matches the interface already provided by cryptosoft for
authentication algorithms and removes the need for zerokey functions.
ok mikeb@
|
|
|
|
rename the structure internals to id32_* in anticipation of an
idgen16() that might come in the future.
|
|
ok beck
|
|
with ESN AAD is 12 bytes long so it's faster to zero out 4
bytes than to copy 12. Without ESN it's either copying or
zeroing out 8 bytes but we'll rely on the cache locality here.
|
|
Number are provided to the GCM as an Additional Authenticated
Data. Usually an SPI and a lower 32-bit part of the ESN are
contained within the same memory buffer whereas an upper part
of the ESN comes from an external location. To accommodate
that RFC 4303, Section 3.3.2.1 states that upper part of the
ESN is hashed in the end. Unfortunately this advice is not
applicable for the combined authentication/encryption modes
and RFC 4106 decided not to follow that advice, effectively
requiring large API changes to accommodate that poor choice.
For now implement a kludge that will take an effect in case
CRD_F_ESN flag is set in the crypto operation descriptor.
Successfully tested against Linux 3.2 with strongSwan 4.6.4.
|
|
supply correct AAD length to the final round of hashing.
While here rename swcr_combined to swcr_authenc.
|
|
ok guenther millert kettenis
|
|
region since it's passed to the hardware directly.
Tested by Yoshihisa Matsushita <y at m8a ! org>, thanks!
ok kettenis miod
|
|
Part of the work to remove -Wno-uninitialized.
ok mikeb@
|
|
in RFC4302 and RFC4303. Right now only software crypto engine is
capable of doing it.
Replay check was rewritten to implement algorithm described in the
Appendix A of RFC4303 and the window size was increased to 64.
Tested against OpenBSD, Linux (strongswan) and Windows.
No objection from the usual suspects.
|
|
Pointed out by Michael W. Bombardieri on tech@.
ok deraadt
|
|
anticipation of further changes to closef(). No binary change.
ok krw@ miod@ deraadt@
|
|
or fd_{lo,hi}maps members, or when doing a read for a write. Fixes hangs
when an rthreaded processes sleeps while copying the fd table for fork()
and catches another thread with the lock.
ok jsing@ tedu@
|
|
|
|
code. Missing chunks of the API are imported from the libc version,
with a few #ifdef's to port it into the kernel environment.
The bootblocks already used the newer code, and should encounter no
surprises since there are so few changes to the existing files. In
the kernel, ipcomp and kernel ppp are changed to the new API.
ipcomp has been tested.
ok tedu the brave
|
|
|
|
to cuio_copydata() and make sure we don't loop forever if the end of
an iov matches the cipher block boundary.
ok mikeb, deraadt
|
|
|
|
ok mikeb
|
|
ok mikeb
|
|
|
|
ok mikeb
|
|
explicit_bzero() where required
ok markus mikeb
|
|
ok mikeb
|
|
instead save one bcopy() per block by alternating between two iv buffers;
ok mikeb@
|
|
file it will be used from.
requested by/ok mikeb@
|
|
which should have been declared as CRYPTO_ALGORITHM_MAX + 1,
fix this and reserve enough space for the VIA additions as well.
ok/comments from mikeb & deraadt
|
|
|
|
|
|
There's not much use for the declassified cipher from the 80's
with a questionable license these days. According to the FIPS
drafts, Skipjack reaches its EOL in December 2010.
The libc portion will be removed after the ports hackathon.
djm and thib agree, no objections from deraadt
Thanks to jsg for digging up FIPS drafts.
|
|
|
|
described in FIPS SP 800-38D.
This implementation supports 16 byte authentication tag only,
splitting transformation into two parts: encryption and
authentication. Encryption is handled by the existing
AES-CTR implementation, while authentication requires new
AES_GMAC hash function.
Additional routine is added to the software crypto driver
to deal with peculiarities of a combined authentication-
encryption transformation.
With suggestions from reyk, naddy and toby.
|
|
Move pool initialization to init_crypto and zap the crypto_pool_initialized
variable. This way we don't have to check if the pool are initialized every
time we do a crypto_getreq().
However, also perform the crypto initialisation earlier in init_main so
that the crypto pools are initialised before they are used.
ok mikeb@ thib@ deraadt@
|
|
init_crypto() being called from late in init_main(). In particular, this
breaks softraid crypto volumes that are assembled at boot.
No cookies for thib/mikeb!
"Back it out, right now" deraadt@
|
|
things things do
ok nicm
|
|
timingsafe_bcmp().
ok deraadt@; committed over WPA.
|
|
potentially up to 64KB, so we'll need something fancier than
dma_alloc().
|
|
The splvm protection is needed after all, as we are walking the list
of registered crypto drivers and doing that unprotected is unwise.
Pointed out by kettenis@
|
|
variable. This way we don't have to check if the pool are initialized every
time we do a crypto_getreq().
Move splvm lower as it isnt need all through crypto_newsession().
tiny KNF nit.
From mikeb
OK deraadt@
|
|
are required to detect that.
Change the function to take a wait argument (used in nfs server, but
M_NOWAIT everywhere else for now) and to return an error
ok claudio@ henning@ krw@
|
|
moved from a special kthread to workqs.
OK dlg@
|
|
and make the loop invartiants <= CRYPTO_ALGORITHM_MAX
Do this also for the CRK_ALGORITHM_MAX this also fixes
the a bug that caused us to skip CRK_DH_COMPUTE_KEY.
ok deraadt@
|
