Age | Commit message (Collapse) | Author |
|
implementation that it depends on currently isn't.
ok mikeb tom
|
|
Suffered by many, the revert tested by stsp@.
|
|
OK stsp@
|
|
|
|
ok djm
|
|
This introduces a 32-bit constant time AES implementation from
Thomas Pornin originally for BearSSL and then adjusted by Thomas
and myself to fit OpenBSD kernel. One of the additional features
is an API for encryption and decryption subkey expansion in the
format specified by NIST in FIPS 197.
Tested by myself and naddy@, ok djm@
|
|
the same bug as just fixed in userland:
----------
SipHash_Final() was assuming the digest was 64-bit aligned, resulting in
misaligned memory accesses with armv7 ramdisk -Os bsd.rd ping
ok florian millert
----------
OK deraadt@
|
|
by pre-allocating two cryptodesc objects and storing them in an array
instead of a linked list. If more than two cryptodesc objects are
required use mallocarray to fetch them. Adapt the drivers to the new
API.
This change results in one pool-get per ESP packet instead of three.
It also simplifies softraid crypto where more cryptodesc objects are
allocated than used.
From, with and ok markus@, ok bluhm@
"looks sane" mpi@
|
|
useful to propagate the error. When an error occurs in an asynchronous
network path, incrementing a counter is the right thing. There are
four places where an error is not accounted, just add a comment for
now.
OK mpi@ visa@
|
|
|
|
the ioff argument to pool_init() is unused and has been for many
years, so this replaces it with an ipl argument. because the ipl
will be set on init we no longer need pool_setipl.
most of these changes have been done with coccinelle using the spatch
below. cocci sucks at formatting code though, so i fixed that by hand.
the manpage and subr_pool.c bits i did myself.
ok tedu@ jmatthew@
@ipl@
expression pp;
expression ipl;
expression s, a, o, f, m, p;
@@
-pool_init(pp, s, a, o, f, m, p);
-pool_setipl(pp, ipl);
+pool_init(pp, s, a, ipl, f, m, p);
|
|
(in swcr_authenc())
ok mikeb@, who pointed out that I'd missed uio
|
|
CRYPTOCAP_F_MPSAFE flag that crypto implementations can set to indicate that
their cc_process() implementation can safely run without holding the kernel
lock.
ok mikeb@
|
|
accelerator drivers. No longer used by anything. ok sthen@ mikeb@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
this on amd64 to provide a version that uses the PCLMUL instruction
on CPUs that support it but don't have AESNI. ok mikeb@
|
|
The same technique was already used a few lines above. ok mikeb@
|
|
|
|
|
|
ok naddy, jsing, reyk
|
|
ok naddy, jsing
|
|
ok naddy, jsing
|
|
Poly1305 is a one-time authenticator designed by Daniel J. Bernstein.
This is a slightly adjusted public domain implementation by Andrew Moon
found at https://github.com/floodyberry/poly1305-donna
ok jsing, previous version ok djm, looked at by reyk@
|
|
initializing hash objects. No binary or functional change.
|
|
specify custom counter value when setting up Chacha context.
ok reyk djm
|
|
No change for GCM, however upcoming changes will rely on this.
|
|
|
|
|
|
<sys/systm.h>; fixes build on vax due to <machine/macros.h> redeclaring
some functions from <lib/libkern/libkern.h> as inlines.
|
|
OK deraadt@
|
|
have any direct symbols used. Tested for indirect use by compiling
amd64/i386/sparc64 kernels.
ok tedu@ deraadt@
|
|
No actual change, but makes it easier to reuse the code elsewhere.
Suggested by Andre Smagin
|
|
interrupt context to a taskq running in a thread. however, there
is a concern that if we do that then we allow accidental use of
sleeping APIs in this work, which will make it harder to move the
work back to interrupts in the future.
guenther and kettenis came up with the idea of marking a proc with
CANTSLEEP which the sleep paths can check and panic on.
this builds on that so you create taskqs that run with CANTSLEEP
set except when they need to sleep for more tasks to run.
the taskq_create api is changed to take a flags argument so users
can specify CANTSLEEP. MPSAFE is also passed via this flags field
now. this means archs that defined IPL_MPSAFE to 0 can now create
mpsafe taskqs too.
lots of discussion at s2k15
ok guenther@ miod@ mpi@ tedu@ pelikan@
|
|
that are only used in this file.
tedu argues if something sucks we would fault before we can get to
these, and they dont do anything except maths. these symbols dont
need to be visible to ddb.
originally from Fritjof Bornebusch
suggested by and ok tedu@
|
|
when workqs were introduced, we provided a second argument so you
could pass a thing and some context to work on it in. there were
very few things that took advantage of the second argument, so when
i introduced pools i suggested removing it. since tasks were meant
to replace workqs, it was requested that we keep the second argument
to make porting from workqs to tasks easier.
now that workqs are gone, i had a look at the use of the second
argument again and found only one good use of it (vdsp(4) on sparc64
if you're interested) and a tiny handful of questionable uses. the
vast majority of tasks only used a single argument. i have since
modified all tasks that used two args to only use one, so now we
can remove the second argument.
so this is a mechanical change. all tasks only passed NULL as their
second argument, so we can just remove it.
ok krw@
|
|
things will happen when machines have 8 byte longs.
|
|
|
|
ok deraadt
|
|
extra warnings with gcc 3, due to the way we use siphash in the filesystem
code.
With dlg@
|
|
simplify a bit more, swapping only aligned values and then using memcpy
to fill the digest. fix confirmed by jsg.
ok jsg kettenis millert
|
|
looks good to deraadt@ miod@ and tedu@
|
|
context and making digest required to Final.
|
|
|