src - OpenBSD base system

Age	Commit message (Collapse)	Author
2008-11-04	Use defines for constants. Use __attribute__ bounded.	Hans-Joerg Hoexer
	ok markus@ (quite some time ago)
2008-10-30	reintroduce mutexes to workqs for locking.	David Gwynne
	tested by many on many archs including several alpha test. ok tedu@ go for it deraadt@
2008-09-06	match libc sha2(3) API changes for kernel; ok millert@	Damien Miller

2008-08-12	Implementation of the HMAC-MD5, HMAC-SHA1, HMAC-SHA256, AES-128-CMAC	Damien Bergamini
	and AES Key Wrap algorithms. They will replace/extend the non-generic implementation in net80211. AES-128-CMAC tested by sobrado@ (AlphaServer 1200), naddy@ (alpha/sparc64) and sthen@ (sparc64, armish). HMAC-* reviewed by hshoexer@ ok and hints from djm@
2008-07-21	gives this a chance to work on architectures with strict alignment	Damien Bergamini
	constraints.
2008-06-25	implement automatic time-based rekeying (every 10 minutes); ok deraadt@	Damien Miller

2008-06-09	Introduce a facility to generate unpredictable 32 bit numbers with	Damien Miller
	near maximal (2^32) cycle times. These are useful for network IDs in cases where there are negative consequences to ID prediction and/or reuse. Use the idgen32() functions to generate IPv6 IDs and NFS client/server XIDs. Pseudorandom permutation code in crypto/idgen.c based on public domain skip32.c from Greg Rose. feedback & ok thib@ deraadt@
2008-06-09	add myself to copyright	Damien Miller

2008-06-09	Implement the AES XTS mode of operation for the crypto(9) framework.	Damien Miller
	XTS is a "tweaked" AES mode that has properties that are desirable for block device encryption and it is specified in the IEEE P1619-2007 standard for this purpose. prodded by & ok hshoexer@
2008-06-09	constify arguments in wrapper functions; the lower level functions	Damien Miller
	were already done
2008-06-09	rename arc4random_bytes => arc4random_buf to match libc's nicer name;	Damien Miller
	ok deraadt@
2007-11-28	finish conversion to workq. remove list remnants, and put spl in the right	Ted Unangst
	places. handle the no workq case here. ok deraadt
2007-11-26	typos; ok jmc@	Martynas Venckus
	sys/netinet/in_pcb.c and sys/net/bridgestp.c ok henning@ sys/dev/pci/bktr/* ok jakemsr@
2007-11-25	convert crypto thread to workq. add WQ_DIRECTOK flag to workq.	Ted Unangst
	combined, this lets us use crypto before the thread is running and therefore cryptoraid can attach nice and early. ok/testing deraadt mbalmer marco
2007-11-14	do not call crypto_done() on errors, since the drivers already do this.	Markus Friedl
	otherwise we call the callback twice; fixes panics on crypto errors as seen on reboot; ok hshoexer
2007-09-15	fix error introduced by my previous commit:	Hans-Joerg Hoexer
	"MALLOC(*swd, ...)" vs. "swd = malloc(..." ok millert
2007-09-13	Here too: Convert MALLOC/FREE to malloc/free and use M_ZERO where applicable.	Hans-Joerg Hoexer
	error spotting and ok krw@
2007-09-11	Add __bounded__ attributes to prototypes.	Damien Miller
	Use (x & 0xff) rather than (x % 256) - compilers generate faster code. Add arc4_getbytes function to extract raw keystream ok markus@ tom@
2007-09-10	Make the hmac ipad/opad globals "const" and fixup the crypto functions	Henric Jungheim
	to match. ok deraadt@
2007-07-24	add rc4_skip() function that can be used to discard bytes from	Damien Bergamini
	the arc4 key stream. rc4_skip(ctx, len); is equivalent to: u_int8_t dummy[len]; rc4_crypt(ctx, dummy, dummy, len); except that is does not require storage space and that it saves some cpu cycles. ok deraadt@
2007-07-20	unbreak landisk kernel sha1 by working around a compiler bug;	Otto Moerbeek
	also brings kernel sha1 more in line with userland; discussed with miod@ and millert@;
2007-05-27	make the #defines in rijndael.h a bit more meaningful	Ted Unangst
	ok djm and with a hint from henning
2007-05-27	make crp_buf a void *. caddr_t implies bufferness, it's not.	Ted Unangst
	ok deraadt jason
2007-04-10	``it's'' -> ``its'' when the grammar gods require this change.	Miod Vallat

2007-02-21	Don't use arbitrary 128 bytes as size of the blf key array if we know exactly	Alexander von Gernler
	how much blowfish takes at max, which is 72 bytes. Also define a constant for this in the include file, suggested by ray@. ok pedro@ thib@ tedu@
2007-02-19	minimum blocksize for ESP is 32 bit, so adjust blocksize of NULL	Hans-Joerg Hoexer
	encryption accordingly. Makes NULL encryption useable with ESP. Noticed by Martin Hedenfalk <martin.hedenfalk at gmail.com>. ok markus@
2006-12-29	Avoid void * arithmetic, okay deraadt@, suggestions from millert@	Pedro Martelletto

2006-11-19	typo; from bret lambert	Jason McIntyre
	ok pedro
2006-10-25	pr5274 fix localhost dos with oversized values	Ted Unangst
	ok deraadt
2006-05-31	remove some silly casts. put spl calls after all declarations.	Ted Unangst
	put one splx in a better spot. make a variable size MALLOC use malloc. remove null test after malloc(M_WAITOK). add PR_NOWAIT flag to pool_get instead of 0. change callbacks to correct type. ok brad deraadt markus mickey
2006-03-23	kill evil \r; from cedric	Michael Shalayeff

2006-03-21	Implementation of the Michael MIC as defined in IEEE 802.11i for TKIP.	Reyk Floeter
	The MIC generates a weak 64bit digest protected by an additional key. Obviously, this digest alg is required for future IEEE 802.11i/WPA support. test vectors passed on alpha amd64 mvme68k mvme88k sgi sparc sparc64 vax i386 ok djm@
2006-03-04	splimp -> splvm	Brad Smith
	ok miod@
2005-08-18	do not allow 0-length transforms; from freebsd	Theo de Raadt

2005-06-13	get rid of ifdef MSDOS, no binary change	Hans-Joerg Hoexer
	ok markus@
2005-05-25	AESCTR support for ESP (RFC 3686); ok hshoexer	Markus Friedl

2005-05-10	support NULL encryption for ESP; ok hshoexer, ho	Markus Friedl

2005-05-02	simplify by using arc4random_bytes(), ok djm, hshoexer	Markus Friedl

2005-03-24	major knf	Hans-Joerg Hoexer
	fix spelling in comment, by rohee@ no binary change ok deraadt@
2005-03-24	ansi and tiny knf	Hans-Joerg Hoexer
	ok deraadt@
2004-12-21	Don't use crypto thread for callbacks.	Marco Pfatschbacher
	This primarily improves IPsec performance when using crypto accelerators. With help from markus@, tested by wvdputte@. ok deraadt@, markus@
2004-12-20	Allow the setkey function of a transform to fail, eg. when an insufficient	Hans-Joerg Hoexer
	number of key bits is supplied. Only AES and DES/3DES might fail. ok and help markus@
2004-12-15	minimum key length of aes is 128 bit, not 64.	Hans-Joerg Hoexer
	ok markus
2004-12-14	indentation and some knf, no binary change	Hans-Joerg Hoexer
	ok + help markus
2004-06-26	Ansification of defalte-/lsz-stubs.	Hans-Joerg Hoexer
	ok jfb@
2004-06-20	In crypto_thread(), always save return value from splimp(). We were only	Aaron Campbell
	storing it once on kernel startup. Scary. "holy crap" --deraadt. art@ ok Unclear if this was actually a problem in practice, but this doesn't hurt.
2004-05-07	Replace RSA-derived md5 code with code derived from Colin Plumb's PD version.	Todd C. Miller
	This moves md5.c out of libkern and into sys/crypto where it belongs (as requested by markus@). Note that md5.c is still mandatory (dev/rnd.c uses it). Verified with IPsec + hmac-md5 and tcp md5sig. OK henning@ and hshoexer@
2004-05-03	Rev 1.4 was bogus (committed from the wrong tree), this repairs it.	Todd C. Miller

2004-05-03	some minor KNF	Todd C. Miller

2004-04-29	The data pointer passed to the transform function may not be properly	Todd C. Miller
	aligned so copy it in a way that a) is endian indepenent and b) does not rely on alignment. Problem found and solution tested by hshoexer@