272461 |
03-Oct-2014 |
gjb |
Copy stable/10@r272459 to releng/10.1 as part of the 10.1-RELEASE process.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
|
268034 |
30-Jun-2014 |
kib |
MFC r267815: Put the aesni_cipher_setup() and aesni_cipher_process() functions into the file which is compiled with SSE disabled.
|
268033 |
30-Jun-2014 |
kib |
MFC r267767: Add FPU_KERN_KTHR flag to fpu_kern_enter(9). Apply the flag to padlock(4) and aesni(4). In aesni_cipher_process(), do not leak FPU context state on error.
|
258623 |
26-Nov-2013 |
jmg |
MFC r258399,258492: mark aesni module _SYNC, improves performance ~27%...
Approved by: re (glebius)
|
258212 |
16-Nov-2013 |
jmg |
MFC r257757: fix issues w/ AES-NI on unaligned data blocks...
Approved by: re (kib)
|
256281 |
10-Oct-2013 |
gjb |
Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
|
255187 |
03-Sep-2013 |
jmg |
Use the fact that the AES-NI instructions can be pipelined to improve performance... Use SSE2 instructions for calculating the XTS tweek factor... Let the compiler do more work and handle register allocation by using intrinsics, now only the key schedule is in assembly...
Replace .byte hard coded instructions w/ the proper instructions now that both clang and gcc support them...
On my machine, pulling the code to userland I saw performance go from ~150MB/sec to 2GB/sec in XTS mode. GELI on GNOP saw a more modest increase of about 3x due to other system overhead (geom and opencrypto)...
These changes allow almost full disk io rate w/ geli...
Reviewed by: -current, -security Thanks to: Mike Hamburg for the XTS tweek algorithm
|
253214 |
11-Jul-2013 |
andre |
Fix const propagation issues to make GCC happy.
Submitted by: Michael Butler <imb@protected-networks.net>
|
253208 |
11-Jul-2013 |
andre |
SipHash is a cryptographically strong pseudo-random function (a.k.a. keyed hash function) optimized for speed on short messages returning a 64bit hash/ digest value.
SipHash is simpler and much faster than other secure MACs and competitive in speed with popular non-cryptographic hash functions. It uses a 128-bit key without the hidden cost of a key expansion step. SipHash iterates a simple round function consisting of four additions, four xors, and six rotations, interleaved with xors of message blocks for a pre-defined number of compression and finalization rounds. The absence of secret load/store addresses or secret branch conditions avoid timing attacks. No state is shared between messages. Hashing is deterministic and doesn't use nonces. It is not susceptible to length extension attacks.
Target applications include network traffic authentication, message authentication (MAC) and hash-tables protection against hash-flooding denial-of-service attacks.
The number of update/finalization rounds is defined during initialization:
SipHash24_Init() for the fast and reasonable strong version. SipHash48_Init() for the strong version (half as fast).
SipHash usage is similar to other hash functions:
struct SIPHASH_CTX ctx; char *k = "16bytes long key" char *s = "string"; uint64_t h = 0; SipHash24_Init(&ctx); SipHash_SetKey(&ctx, k); SipHash_Update(&ctx, s, strlen(s)); SipHash_Final(&h, &ctx); /* or */ h = SipHash_End(&ctx); /* or */ h = SipHash24(&ctx, k, s, strlen(s));
It was designed by Jean-Philippe Aumasson and Daniel J. Bernstein and is described in the paper "SipHash: a fast short-input PRF", 2012.09.18: https://131002.net/siphash/siphash.pdf Permanent ID: b9a943a805fbfc6fde808af9fc0ecdfa
Implemented by: andre (based on the paper) Reviewed by: cperciva
|
253119 |
09-Jul-2013 |
delphij |
Sync with KAME.
MFC after: 1 month
|
253090 |
09-Jul-2013 |
rmh |
Allow assert() to operate correctly when building userland code.
|
247061 |
20-Feb-2013 |
pjd |
When porting XTS-related code from OpenBSD I forgot to update copyright (only OpenBSD was credited in one of two commits). Fix it.
Reported by: Theo de Raadt <deraadt@cvs.openbsd.org> Reviewed by: Damien Miller <djm@mindrot.org>
|
241394 |
10-Oct-2012 |
kevlo |
Revert previous commit...
Pointyhat to: kevlo (myself)
|
241370 |
09-Oct-2012 |
kevlo |
Prefer NULL over 0 for pointers
|
230426 |
21-Jan-2012 |
kib |
Add support for the extended FPU states on amd64, both for native 64bit and 32bit ABIs. As a side-effect, it enables AVX on capable CPUs.
In particular:
- Query the CPU support for XSAVE, list of the supported extensions and the required size of FPU save area. The hw.use_xsave tunable is provided for disabling XSAVE, and hw.xsave_mask may be used to select the enabled extensions.
- Remove the FPU save area from PCB and dynamically allocate the (run-time sized) user save area on the top of the kernel stack, right above the PCB. Reorganize the thread0 PCB initialization to postpone it after BSP is queried for save area size.
- The dumppcb, stoppcbs and susppcbs now do not carry the FPU state as well. FPU state is only useful for suspend, where it is saved in dynamically allocated suspfpusave area.
- Use XSAVE and XRSTOR to save/restore FPU state, if supported and enabled.
- Define new mcontext_t flag _MC_HASFPXSTATE, indicating that mcontext_t has a valid pointer to out-of-struct extended FPU state. Signal handlers are supplied with stack-allocated fpu state. The sigreturn(2) and setcontext(2) syscall honour the flag, allowing the signal handlers to inspect and manipilate extended state in the interrupted context.
- The getcontext(2) never returns extended state, since there is no place in the fixed-sized mcontext_t to place variable-sized save area. And, since mcontext_t is embedded into ucontext_t, makes it impossible to fix in a reasonable way. Instead of extending getcontext(2) syscall, provide a sysarch(2) facility to query extended FPU state.
- Add ptrace(2) support for getting and setting extended state; while there, implement missed PT_I386_{GET,SET}XMMREGS for 32bit binaries.
- Change fpu_kern KPI to not expose struct fpu_kern_ctx layout to consumers, making it opaque. Internally, struct fpu_kern_ctx now contains a space for the extended state. Convert in-kernel consumers of fpu_kern KPI both on i386 and amd64.
First version of the support for AVX was submitted by Tim Bird <tim.bird am sony com> on behalf of Sony. This version was written from scratch.
Tested by: pho (previous version), Yamagi Burmeister <lists yamagi org> MFC after: 1 month
|
226839 |
27-Oct-2011 |
pjd |
Update Copyright.
MFC after: 3 days
|
226837 |
27-Oct-2011 |
pjd |
Improve AES-NI performance for AES-XTS: - Operate on uint64_t types when doing XORing, etc. instead of uint8_t. - Don't bzero() temporary block for every AES block. Do it once for entire data block. - AES-NI is available only on little endian architectures. Simplify code that takes block number from IV.
Benchmarks:
Memory-backed md(4) device, software AES-XTS, 4kB sector:
# dd if=/dev/md0.eli bs=1m 59.61MB/s
Memory-backed md(4) device, old AES-NI AES-XTS, 4kB sector:
# dd if=/dev/md0.eli bs=1m 97.29MB/s
Memory-backed md(4) device, new AES-NI AES-XTS, 4kB sector:
# dd if=/dev/md0.eli bs=1m 221.26MB/s
127% performance improvement between old and new code.
Harddisk, raw speed:
# dd if=/dev/ada0 bs=1m 137.63MB/s
Harddisk, software AES-XTS, 4kB sector:
# dd if=/dev/ada0.eli bs=1m 47.83MB/s (34% of raw disk speed)
Harddisk, old AES-NI AES-XTS, 4kB sector:
# dd if=/dev/ada0.eli bs=1m 68.33MB/s (49% of raw disk speed)
Harddisk, new AES-NI AES-XTS, 4kB sector:
# dd if=/dev/ada0.eli bs=1m 108.35MB/s (78% of raw disk speed)
58% performance improvement between old and new code.
As a side-note, GELI with AES-NI using AES-CBC can achive native disk speed.
MFC after: 3 days
|
219178 |
02-Mar-2011 |
kib |
Fix a bug in the result of manual assembly.
Reported by: Stefan Grundmann <sg2342 googlemail com> PR: kern/155118 MFC after: 3 days
|
218918 |
21-Feb-2011 |
brucec |
Make private functions static.
PR: kern/43611 Submitted by: Matt Emmerton <matt at gsicomp.on.ca> Reviewed by: kib MFC after: 3 days
|
215942 |
27-Nov-2010 |
kib |
Remove DEBUG sections.
MFC after: 3 days
|
215864 |
26-Nov-2010 |
kib |
MFaesni r215427: Only save FPU context when not executing in the context of the crypto thread.
Tested by: Mike Tancsa MFC after: 1 week
|
215427 |
17-Nov-2010 |
kib |
Only save FPU context when not executing in the context of the crypto thread.
Tested by: Mike Tancsa
|
213797 |
13-Oct-2010 |
dim |
Change two missed instances of 'retq' in aeskeys_i386.S to 'retl', which makes it possible to assemble this file with gas from newer binutils.
Reviewed by: kib
|
213166 |
25-Sep-2010 |
pjd |
Fix two copy&paste bugs.
MFC after: 2 weeks
|
213069 |
23-Sep-2010 |
pjd |
Add support for CRYPTO_AES_XTS.
MFC after: 1 week
|
213066 |
23-Sep-2010 |
pjd |
Add support for CRD_F_KEY_EXPLICIT flag.
MFC after: 1 week
|
213064 |
23-Sep-2010 |
pjd |
Simplify code a bit.
MFC after: 1 week
|
210409 |
23-Jul-2010 |
kib |
Crypto(4) driver for AESNI.
The aeskeys_{amd64,i386}.S content was mostly obtained from OpenBSD, no objections to the license from core.
Hardware provided by: Sentex Communications Tested by: fabient, pho (previous versions) MFC after: 1 month
|
208834 |
05-Jun-2010 |
kib |
Use the fpu_kern_enter() interface to properly separate usermode FPU context from in-kernel execution of padlock instructions and to handle spurious FPUDNA exceptions that sometime are raised when doing padlock calculations.
Globally mark crypto(9) kthread as using FPU.
Reviewed by: pjd Hardware provided by: Sentex Communications Tested by: pho PR: amd64/135014 MFC after: 1 month
|
192883 |
27-May-2009 |
vanhu |
Changed to M_NOWAIT when reallocing psc_buf in padlock_sha_update(), as we already hold the non sleepable crypto_driver_mutex.
Approved by: gnn(mentor) Obtained from: NETASQ MFC after: 2 weeks
|
188171 |
05-Feb-2009 |
imp |
identify routine takes driver_t *, not device_t *.
|
187112 |
12-Jan-2009 |
jkim |
Connect padlock(4) to amd64 build for VIA Nano processors.
|
186179 |
16-Dec-2008 |
mav |
Avoid 256 integer divisions per rc4_init() call. Replace it with using separate index variable.
It gives more then double rc4_init() performance increase on tested i386 P4. It also gives about 15% speedup to PPTP VPN with stateless MPPE encryption (by ng_mppc) which calls rc4_init() for every packet.
|
185026 |
17-Nov-2008 |
philip |
Fix a potential NULL-pointer dereference in padlock(4).
Spotted by: Coverity (via pjd) MFC after: 1 week
|
181478 |
09-Aug-2008 |
pjd |
Simplify session selection/allocation.
|
181477 |
09-Aug-2008 |
pjd |
- Fix freeing session on newsession failure. - Update copyright years.
|
181476 |
09-Aug-2008 |
pjd |
Implify sessions freeing loop.
|
181475 |
09-Aug-2008 |
pjd |
We don't have to drop a lock around malloc(M_NOWAIT).
|
181474 |
09-Aug-2008 |
pjd |
When freeing session, restore its ID after zeroing memory.
Bug tracked down by: Patrick Lamaiziere <patfbsd@davenulle.org>
|
181473 |
09-Aug-2008 |
pjd |
Sessions in-use are at the end of the queue, so use TAILQ_FOREACH_REVERSE() when looking for them.
Idea from: Patrick Lamaiziere <patfbsd@davenulle.org>
|
180626 |
20-Jul-2008 |
pjd |
Convert lock that protects sessions list from a mutex to a rwlock. Now we can use read lock in fast path (padlock_process()).
|
175360 |
15-Jan-2008 |
sobomax |
Make test00 compilable again.
|
171167 |
03-Jul-2007 |
gnn |
Commit the change from FAST_IPSEC to IPSEC. The FAST_IPSEC option is now deprecated, as well as the KAME IPsec code. What was FAST_IPSEC is now IPSEC.
Approved by: re Sponsored by: Secure Computing
|
169425 |
09-May-2007 |
gnn |
Integrate the Camellia Block Cipher. For more information see RFC 4132 and its bibliography.
Submitted by: Tomoyuki Okazaki <okazaki at kick dot gr dot jp> MFC after: 1 month
|
167755 |
21-Mar-2007 |
sam |
Overhaul driver/subsystem api's: o make all crypto drivers have a device_t; pseudo drivers like the s/w crypto driver synthesize one o change the api between the crypto subsystem and drivers to use kobj; cryptodev_if.m defines this api o use the fact that all crypto drivers now have a device_t to add support for specifying which of several potential devices to use when doing crypto operations o add new ioctls that allow user apps to select a specific crypto device to use (previous ioctls maintained for compatibility) o overhaul crypto subsystem code to eliminate lots of cruft and hide implementation details from drivers o bring in numerous fixes from Michale Richardson/hifn; mostly for 795x parts o add an optional mechanism for mmap'ing the hifn 795x public key h/w to user space for use by openssl (not enabled by default) o update crypto test tools to use new ioctl's and add cmd line options to specify a device to use for tests
These changes will also enable much future work on improving the core crypto subsystem; including proper load balancing and interposing code between the core and drivers to dispatch small operations to the s/w driver as appropriate.
These changes were instigated by the work of Michael Richardson.
Reviewed by: pjd Approved by: re
|
163602 |
22-Oct-2006 |
kevlo |
Initialize T1 to silent gcc warning.
Approved by: cognet
|
162316 |
15-Sep-2006 |
pjd |
Less magic.
MFC after: 3 days
|
161661 |
26-Aug-2006 |
kan |
GCC 3.4.6 gets confused on this file and produces bogus warning. Shut it up.
|
160785 |
28-Jul-2006 |
pjd |
Remove trailing spaces.
|
160784 |
28-Jul-2006 |
pjd |
Use existing roundup2() macro.
Suggested by: njl
|
160677 |
25-Jul-2006 |
pjd |
Remove redundant check committed by accident.
|
160676 |
25-Jul-2006 |
pjd |
Avoid memory allocations when the given address is already 16 bytes aligned. Such an address can be used directly in padlock's AES. This improves speed of geli(8) significantly:
# sysctl kern.geom.zero.clear=0 # geli onetime -s 4096 gzero # dd if=/dev/gzero.eli of=/dev/null bs=1m count=1000
Before: 113MB/s After: 203MB/s
BTW. If sector size is set to 128kB, I can read at 276MB/s :)
|
160675 |
25-Jul-2006 |
pjd |
Modify PADLOCK_ALIGN() macro, so when the given address is already 16 bytes aligned, it will be used directly, not 'address + 16'.
|
160674 |
25-Jul-2006 |
pjd |
Style fixes.
|
160582 |
22-Jul-2006 |
pjd |
Implement support for HMAC/SHA1 and HMAC/SHA256 acceleration found in new VIA CPUs. For older CPUs HMAC/SHA1 and HMAC/SHA256 (and others) will still be done in software.
Move symmetric cryptography (currently only AES-CBC 128/192/256) to padlock_cipher.c file. Move HMAC cryptography to padlock_hash.c file.
Hardware from: Centaur Technologies
|
160573 |
22-Jul-2006 |
pjd |
Correct few bzero()s.
MFC after: 3 days
|
160568 |
22-Jul-2006 |
pjd |
Set ses_ictx and ses_octx to NULL after freeing them, so we won't free them twice. This is possible for example in situation when session is used in authentication context, then freed and then used in encryption context and freed - in encryption context ses_ictx and ses_octx are not touched at newsession time, but padlock_freesession could still try to free them when they are not NULL.
|
160325 |
13-Jul-2006 |
mr |
Use the already stored VIA RNG probe information instead of probing again. Adjust style(9) somewhat in probe.c
Reviewed by: pjd MFC after: 1 week
|
159405 |
08-Jun-2006 |
pjd |
Fix gratuitous compiler warning.
Reported by: Rong-en Fan <grafan@gmail.com>
|
159279 |
05-Jun-2006 |
pjd |
- Pretend to accelerate various HMAC algorithms, so padlock(4) can be used with fast_ipsec(4) and geli(8) authentication (comming soon). If consumer requests only for HMAC algorithm (without encryption), return EINVAL. - Add support for the CRD_F_KEY_EXPLICIT flag, for both encryption and authentication.
|
157899 |
20-Apr-2006 |
pjd |
padlock(4) doesn't support explicitly provided keys yet. Return an error instead of encrypting/decrypting data with a wrong key.
|
157684 |
12-Apr-2006 |
pjd |
On padlock initialization, allocate memory with M_WAITOK.
|
149211 |
18-Aug-2005 |
pjd |
Add VIA/ACE "PadLock" support as a crypto(9) driver.
HW donated by: Mike Tancsa <mike@sentex.net> Most of the code obtained from: OpenBSD MFC after: 3 days
|
149176 |
17-Aug-2005 |
pjd |
Assert proper key size also in userland by defining KASSERT in !_KERNEL case.
|
149169 |
17-Aug-2005 |
cperciva |
Unbreak the world build (in sbin/gbde). This file is used by both kernel and world, so KASSERT() needs to be wrapped within an #ifdef _KERNEL / #endif pair.
Reported by: krion, tinderbox
|
149143 |
16-Aug-2005 |
pjd |
Check key size for rijndael, as invalid key size can lead to kernel panic. It checked other algorithms against this bug and it seems they aren't affected.
Reported by: Mike Tancsa <mike@sentex.net> PR: i386/84860 Reviewed by: phk, cperciva(x2)
|
143431 |
11-Mar-2005 |
ume |
gbde(8) is also rejndael user.
Reported by: phk
|
143423 |
11-Mar-2005 |
ume |
just use crypto/rijndael, and nuke opencrypto/rindael.[ch]. the two became almost identical since latest KAME merge.
Discussed with: sam
|
143420 |
11-Mar-2005 |
ume |
integrate rijndael-alg-fst.h into rijndael.h.
|
143418 |
11-Mar-2005 |
ume |
stop including rijndael-api-fst.h from rijndael.h. this is required to integrate opencrypto into crypto.
|
143410 |
11-Mar-2005 |
ume |
sys/crypto/md5.[ch] is used from nowhere. So, just nuke them.
|
143406 |
11-Mar-2005 |
ume |
refer opencrypto/cast.h directly.
|
143354 |
10-Mar-2005 |
ume |
use cast128 in opencrypto to nuke duplicate code.
|
139103 |
21-Dec-2004 |
ru |
Start the dreaded NOFOO -> NO_FOO conversion.
OK'ed by: core
|
137784 |
16-Nov-2004 |
jhb |
Initiate deorbit burn sequence for 80386 support in FreeBSD: Remove 80386 (I386_CPU) support from the kernel.
|
136910 |
24-Oct-2004 |
ru |
For variables that are only checked with defined(), don't provide any fake value.
|
130443 |
14-Jun-2004 |
obrien |
Use __FBSDID().
|
125105 |
27-Jan-2004 |
des |
Fix a reentrancy issue in md5_calc().
|
122531 |
12-Nov-2003 |
ume |
avoid module name conflict with opencrypto/rijndael.c.
Reported by: tinderbox
|
122509 |
11-Nov-2003 |
ume |
cleanup rijndael API. since there are naming conflicts with opencrypto, #define was added to rename functions intend to avoid conflicts.
Obtained from: KAME
|
122410 |
10-Nov-2003 |
ume |
rijndael-alg-fst.[ch]: - redo updating.
rijndael-api-fst.[ch]: - switch to use new low level rijndael api. - stop using u8, u16 and u32. - space cleanup.
Tested by: gbde(8) and phk's test program
|
121259 |
19-Oct-2003 |
phk |
Add a testcase which validates that the same buffer can be passed to rijndael_blockDecrypt() as both input and output.
This property is important because inside rijndael we can get away with allocating just a 16 byte "work" buffer on the stack (which is very cheap), whereas the calling code would need to allocate the full sized buffer, and in all likelyhood would have to do so with an expensive malloc(9).
|
121257 |
19-Oct-2003 |
ume |
- revert to old rijndael code. new rijndael code broke gbde. - since aes-xcbc-mac and aes-ctr require functions in new rijndael code, aes-xcbc-mac and aes-ctr are disabled for now.
|
121085 |
14-Oct-2003 |
ume |
Fix alignment problem on 64 bit arch. I only tested if it doesn't break anything on i368. Since I have no 64 bit machine, I cannot test it, actually.
Reported by: jmallett
|
121072 |
13-Oct-2003 |
ume |
use BF_ecb_encrypt().
Obtained from: KAME
|
121050 |
12-Oct-2003 |
ume |
simplify and update rijndael code.
Obtained from: KAME
|
121044 |
12-Oct-2003 |
ume |
use opencrypto for RMD160.
Requested by: sam
|
121040 |
12-Oct-2003 |
ume |
drop useless define.
|
121039 |
12-Oct-2003 |
ume |
use bswap32() for big endian arch.
Reported by: tinderbox via kris
|
121022 |
12-Oct-2003 |
ume |
RIPEMD160 support
Obtained from: KAME
|
120970 |
10-Oct-2003 |
ume |
switch cast128 implementation to implementation by Steve Reid; smaller footprint.
Obtained from: KAME
|
120206 |
18-Sep-2003 |
ume |
one more opossite conditiion.
Reported by: "lg" <zevlg@yandex.ru>
|
120157 |
17-Sep-2003 |
ume |
condition of padLen check was opposite.
Reported by: "lg" <zevlg@yandex.ru> Reviewed by: Lev Walkin <vlm@netli.com>
|
119890 |
08-Sep-2003 |
phk |
Correctly bzero the entire context, not just the first sizeof(void *) bytes.
Found by: Juergen Buchmueller <pullmoll@stop1984.com>
|
116174 |
10-Jun-2003 |
obrien |
Use __FBSDID().
|
113800 |
21-Apr-2003 |
obrien |
Assembly files put thru the C preprocessor need to have C style comments.
|
109833 |
25-Jan-2003 |
silby |
Remove some unnecessary casts.
|
109318 |
15-Jan-2003 |
sam |
make rc4 crypto support a module so other modules can depend on it
Submitted by: imp Reviewed by: imp
|
106287 |
01-Nov-2002 |
phk |
Make this compilable from userland as well.
|
105099 |
14-Oct-2002 |
phk |
Don't panic when we can just return an error code.
|
100081 |
15-Jul-2002 |
markm |
Fix some really pedantic GCC warnings.
|
97231 |
24-May-2002 |
suz |
Fixed AES encryption algorithm bug
PR: kern/38465 Obtained from: Ramana Yarlagadda <ramana.yarlagadda@analog.com>
|
95192 |
21-Apr-2002 |
markm |
Remove macros that are defined elsewhere.
|
95023 |
19-Apr-2002 |
suz |
just merged cosmetic changes from KAME to ease sync between KAME and FreeBSD. (based on freebsd4-snap-20020128)
Reviewed by: ume MFC after: 1 week
|
92756 |
20-Mar-2002 |
alfred |
Remove __P.
|
91671 |
05-Mar-2002 |
ume |
- Speedup 3DES by using assembly code for i386. - Sync des/blowfish to more recent openssl.
Obtained from: KAME/NetBSD MFC after: 2 weeks
|
91313 |
26-Feb-2002 |
ume |
off by one error in Aaron Gifford's code. KAME PR 393.
PR: kern/34242 Submitted by: Aaron D. Gifford <agifford@infowest.com> MFC after: 1 week
|
86975 |
27-Nov-2001 |
ume |
fixed the cast128 calculation with a short cipher key length. the memory was overridden when the key length was less than 16 bytes.
Obtained from: KAME MFC after: 1 week
|
79150 |
03-Jul-2001 |
ume |
properly check DES weak key. KAME PR 363.
Obtained from: KAME MFC after: 1 week
|
78358 |
16-Jun-2001 |
ume |
less warning
warning: cast discards qualifiers from pointer target type
|
78064 |
11-Jun-2001 |
ume |
Sync with recent KAME. This work was based on kame-20010528-freebsd43-snap.tgz and some critical problem after the snap was out were fixed. There are many many changes since last KAME merge.
TODO: - The definitions of SADB_* in sys/net/pfkeyv2.h are still different from RFC2407/IANA assignment because of binary compatibility issue. It should be fixed under 5-CURRENT. - ip6po_m member of struct ip6_pktopts is no longer used. But, it is still there because of binary compatibility issue. It should be removed under 5-CURRENT.
Reviewed by: itojun Obtained from: KAME MFC after: 3 weeks
|
74074 |
10-Mar-2001 |
markm |
Kernel crypto need binary key material, not symbolic ascii.
|
67958 |
30-Oct-2000 |
kris |
This commit was generated by cvs2svn to compensate for changes in r67957, which included commits to RCS files with non-trunk default branches.
|
66890 |
09-Oct-2000 |
archie |
Fix broken const'ness in declaration of sha1_loop().
|
62587 |
04-Jul-2000 |
itojun |
sync with kame tree as of july00. tons of bug fixes/improvements.
API changes: - additional IPv6 ioctls - IPsec PF_KEY API was changed, it is mandatory to upgrade setkey(8). (also syntax change)
|
59391 |
19-Apr-2000 |
phk |
Remove ~25 unneeded #include <sys/conf.h> Remove ~60 unneeded #include <sys/malloc.h>
|
59108 |
09-Apr-2000 |
archie |
A simplified RC4 implementation for kernel use.
|
59107 |
09-Apr-2000 |
archie |
Fix bogus const-ness in declaration of sha1_loop().
|
57121 |
10-Feb-2000 |
shin |
Prototype fix for IPsec authentication related functions
Some of IPsec authentication related functions should have 'const' for its 2nd argument, but not now. But if someone try to use them, and passed const data for those functions, then much bogus compile warnings will be generated. So those funcs prototype should be modified.
Requested by: archie Approved by: jkh
|
55206 |
29-Dec-1999 |
peter |
Change #ifdef KERNEL to #ifdef _KERNEL in the public headers. "KERNEL" is an application space macro and the applications are supposed to be free to use it as they please (but cannot). This is consistant with the other BSD's who made this change quite some time ago. More commits to come.
|
55009 |
22-Dec-1999 |
shin |
IPSEC support in the kernel. pr_input() routines prototype is also changed to support IPSEC and IPV6 chained protocol headers.
Reviewed by: freebsd-arch, cvs-committers Obtained from: KAME project
|