summaryrefslogtreecommitdiff
path: root/sys/crypto
AgeCommit message (Collapse)Author
2016-09-02Remove variables 'm' and 'uio' that are only ever assigned toTom Cosgrove
(in swcr_authenc()) ok mikeb@, who pointed out that I'd missed uio
2016-04-18Add a mechanism for dispatching mpsafe crypto operations. This adds a newMark Kettenis
CRYPTOCAP_F_MPSAFE flag that crypto implementations can set to indicate that their cc_process() implementation can safely run without holding the kernel lock. ok mikeb@
2015-12-10Remove plain DES from the kernel crypto framework, including the cryptoChristian Weisgerber
accelerator drivers. No longer used by anything. ok sthen@ mikeb@
2015-11-18Cleanup gotos as suggested by jsing@ along with spaces and label namesMike Belopuhov
2015-11-13remove unused ARC4 support; ok mikeb@Christian Weisgerber
2015-11-13Remove unused non HMAC versions of MD5 and SHA1; ok mpi, deraadt, naddyMike Belopuhov
2015-11-12remove a few unused definesMike Belopuhov
2015-11-12another define from the dsa eraMike Belopuhov
2015-11-12spacingMike Belopuhov
2015-11-07Update copyright informationMike Belopuhov
2015-11-07Pass AES_GMAC context as a void pointer to cut down on casts in xform.cMike Belopuhov
2015-11-07Allow overriding ghash_update() with an optimized MD function. UseChristian Weisgerber
this on amd64 to provide a version that uses the PCLMUL instruction on CPUs that support it but don't have AESNI. ok mikeb@
2015-11-06Instead of multiplying with 0..1, extend the bit into a mask and do an AND.Christian Weisgerber
The same technique was already used a few lines above. ok mikeb@
2015-11-04Pass context as a void pointer to cut down on casts in xform.cMike Belopuhov
2015-11-03Remove two unused definesMike Belopuhov
2015-11-03Enable Chacha20-Poly1305 in the software crypto driverMike Belopuhov
ok naddy, jsing, reyk
2015-11-03Hook up Chacha20-Poly1305 to the OpenBSD Cryptographic FrameworkMike Belopuhov
ok naddy, jsing
2015-11-03Chacha20-Poly1305 AEAD construction as described in RFC7634 and RFC7539Mike Belopuhov
ok naddy, jsing
2015-10-29Import Poly1305 Message Authentication CodeMike Belopuhov
Poly1305 is a one-time authenticator designed by Daniel J. Bernstein. This is a slightly adjusted public domain implementation by Andrew Moon found at https://github.com/floodyberry/poly1305-donna ok jsing, previous version ok djm, looked at by reyk@
2015-10-27Use verbose defines instead of hardcoded values for clarity whenMike Belopuhov
initializing hash objects. No binary or functional change.
2015-10-27Sync chacha_ivsetup to the version in ssh so that we couldMike Belopuhov
specify custom counter value when setting up Chacha context. ok reyk djm
2015-10-26Use axf's hashsize as a block size in the authenticated encryption routine.Mike Belopuhov
No change for GCM, however upcoming changes will rely on this.
2015-08-31two fairly simple sizes for free()Theo de Raadt
2015-08-28fairly simple sizes for free(); ok teduTheo de Raadt
2015-03-16Include <sys/param.h> rather than <sys/types.h> when also includingMiod Vallat
<sys/systm.h>; fixes build on vax due to <machine/macros.h> redeclaring some functions from <lib/libkern/libkern.h> as inlines.
2015-03-14Remove wrong reference to zlib.Loganaden Velvindron
OK deraadt@
2015-03-14Remove some includes include-what-you-use claims don'tJonathan Gray
have any direct symbols used. Tested for indirect use by compiling amd64/i386/sparc64 kernels. ok tedu@ deraadt@
2015-02-20Use standard spelling for types, and rename local variable from "free".Ted Unangst
No actual change, but makes it easier to reuse the code elsewhere. Suggested by Andre Smagin
2015-02-09we want to defer work traditionally (in openbsd) handled in anDavid Gwynne
interrupt context to a taskq running in a thread. however, there is a concern that if we do that then we allow accidental use of sleeping APIs in this work, which will make it harder to move the work back to interrupts in the future. guenther and kettenis came up with the idea of marking a proc with CANTSLEEP which the sleep paths can check and panic on. this builds on that so you create taskqs that run with CANTSLEEP set except when they need to sleep for more tasks to run. the taskq_create api is changed to take a flags argument so users can specify CANTSLEEP. MPSAFE is also passed via this flags field now. this means archs that defined IPL_MPSAFE to 0 can now create mpsafe taskqs too. lots of discussion at s2k15 ok guenther@ miod@ mpi@ tedu@ pelikan@
2015-02-07keep this in sync a bit with userland by putting static on functionsDavid Gwynne
that are only used in this file. tedu argues if something sucks we would fault before we can get to these, and they dont do anything except maths. these symbols dont need to be visible to ddb. originally from Fritjof Bornebusch suggested by and ok tedu@
2015-01-27remove the second void * argument on tasks.David Gwynne
when workqs were introduced, we provided a second argument so you could pass a thing and some context to work on it in. there were very few things that took advantage of the second argument, so when i introduced pools i suggested removing it. since tasks were meant to replace workqs, it was requested that we keep the second argument to make porting from workqs to tasks easier. now that workqs are gone, i had a look at the use of the second argument again and found only one good use of it (vdsp(4) on sparc64 if you're interested) and a tiny handful of questionable uses. the vast majority of tasks only used a single argument. i have since modified all tasks that used two args to only use one, so now we can remove the second argument. so this is a mechanical change. all tasks only passed NULL as their second argument, so we can just remove it. ok krw@
2015-01-16Less code, more better. No longer need to worry about what mysteriousTed Unangst
things will happen when machines have 8 byte longs.
2015-01-15remove static version stringTed Unangst
2015-01-15simplify des headers by stripping out all the unnecessary userland bitsTed Unangst
ok deraadt
2015-01-04Use __buffer__ instead of __string__ as the __bounded type. The former causesMiod Vallat
extra warnings with gcc 3, due to the way we use siphash in the filesystem code. With dlg@
2014-12-31recent changes broke alignment requirements on arm.Ted Unangst
simplify a bit more, swapping only aligned values and then using memcpy to fill the digest. fix confirmed by jsg. ok jsg kettenis millert
2014-12-30add __bounded as appropriate.David Gwynne
looks good to deraadt@ miod@ and tedu@
2014-12-28convert bcopy to memcpy in md5 and sha1. also be consistent about clearingTed Unangst
context and making digest required to Final.
2014-12-28remove KPDK. not really used, and a bad choice anyway. ok naddyTed Unangst
2014-12-23as in libc, always assume digest is passed to Final. no null allowed.Ted Unangst
2014-12-23as in libc, there's no need to check for calling Init on null contextTed Unangst
2014-12-23use endian.h swap macros instead of home grown versionsTed Unangst
2014-12-20openbsd rcisdTed Unangst
2014-12-19make the code look more like libc by changing Transform to take the stateTed Unangst
ok millert
2014-12-19convert bcopy/zero to memcpy. ok deraadt djmTed Unangst
2014-12-18only unroll on i386 and amd64 (where confirmed to be much faster).Ted Unangst
naddy found sparc64 gets a little slower when unrolled. ok deraadt
2014-12-17unroll loops for sha2. quite a bit faster for amd64.Ted Unangst
ok deraadt millert
2014-11-17Sync our kernel AES code to the one shipped in OpenSSL/LibreSSL.Mike Belopuhov
This includes a commit made by Andy Polyakov <appro at openssl ! org> to the OpenSSL source tree on Wed, 28 Jun 2006 with the following message: "Mitigate cache-collision timing attack on last round." OK naddy, miod
2014-11-16Defining the interface in terms of char * means most callers areTed Unangst
required to cast their pointers, which is ugly and possibly error prone. accidentally casting an int to a pointer, for example, instead of the address of the int. implicit void * casting is safer. This updates the kernel hash interfaces to use void *. Similar changes are possible for userland. I think it's safe, but there may be some peculiar source compatbility issues there, so let's just do the kernel first. ok dlg millert
2014-11-12Improve performance of an internal loop by saving up on branchingMike Belopuhov
Pointed out by John-Mark Gurney <jmg at funkthat ! com>, thanks!