#
272461 |
|
02-Oct-2014 |
gjb |
Copy stable/10@r272459 to releng/10.1 as part of the 10.1-RELEASE process.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation |
#
256281 |
|
10-Oct-2013 |
gjb |
Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
|
#
215295 |
|
14-Nov-2010 |
marius |
Let cryptosoft(4) add its pseudo-device with a specific unit number and its probe method return BUS_PROBE_NOWILDCARD so it doesn't get attached to real devices hanging off of nexus(4) with no specific devclass set. Actually, the more desirable fix for this would be to get rid of the newbus interface of cryptosoft(4) altogether but apparently crypto(9) was written with support for cryptographic hardware in mind so that approach would require some KPI breaking changes which don't seem worth it.
MFC after: 1 week
|
#
213068 |
|
23-Sep-2010 |
pjd |
Add support for AES-XTS.
Obtained from: OpenBSD MFC after: 1 week
|
#
201898 |
|
09-Jan-2010 |
bz |
Add comments trying to explain what bad things happen here, i.e. how hashed MD5/SHA are implemented, abusing Final() for padding and sw_octx to transport the key from the beginning to the end.
Enlightened about what was going on here by: cperciva Reviewed by: cperciva MFC After: 3 days X-MFC with: r187826 PR: kern/126468
|
#
199906 |
|
29-Nov-2009 |
bz |
In case the compression result is the same size as the orignal version, the compression was useless as well. Make sure to not update the data and return, else we would waste resources when decompressing.
This also avoids the copyback() changing data other consumers like xform_ipcomp.c would have ignored because of no win and sent out without noting that compression was used, resulting in invalid packets at the receiver.
MFC after: 5 days
|
#
188154 |
|
05-Feb-2009 |
imp |
Fix return type for detach routine (should be int) Fix first parameter for identify routine (should be driver_t *)
|
#
187826 |
|
28-Jan-2009 |
bz |
While OpenBSD's crypto/ framework has sha1 and md5 implementations that can cope with a result buffer of NULL in the "Final" function, we cannot. Thus pass in a temporary buffer long enough for either md5 or sha1 results so that we do not panic.
PR: bin/126468 MFC after: 1 week
|
#
184477 |
|
30-Oct-2008 |
dfr |
Don't hang if encrypting/decrypting using struct iovecs where one of the iovecs ends on a crypto block boundary.
|
#
184205 |
|
23-Oct-2008 |
des |
Retire the MALLOC and FREE macros. They are an abomination unto style(9).
MFC after: 3 months
|
#
169425 |
|
09-May-2007 |
gnn |
Integrate the Camellia Block Cipher. For more information see RFC 4132 and its bibliography.
Submitted by: Tomoyuki Okazaki <okazaki at kick dot gr dot jp> MFC after: 1 month
|
#
167755 |
|
21-Mar-2007 |
sam |
Overhaul driver/subsystem api's: o make all crypto drivers have a device_t; pseudo drivers like the s/w crypto driver synthesize one o change the api between the crypto subsystem and drivers to use kobj; cryptodev_if.m defines this api o use the fact that all crypto drivers now have a device_t to add support for specifying which of several potential devices to use when doing crypto operations o add new ioctls that allow user apps to select a specific crypto device to use (previous ioctls maintained for compatibility) o overhaul crypto subsystem code to eliminate lots of cruft and hide implementation details from drivers o bring in numerous fixes from Michale Richardson/hifn; mostly for 795x parts o add an optional mechanism for mmap'ing the hifn 795x public key h/w to user space for use by openssl (not enabled by default) o update crypto test tools to use new ioctl's and add cmd line options to specify a device to use for tests
These changes will also enable much future work on improving the core crypto subsystem; including proper load balancing and interposing code between the core and drivers to dispatch small operations to the s/w driver as appropriate.
These changes were instigated by the work of Michael Richardson.
Reviewed by: pjd Approved by: re
|
#
159242 |
|
04-Jun-2006 |
pjd |
Use newly added functions to simplify the code.
|
#
159234 |
|
04-Jun-2006 |
pjd |
Move COPYDATA() and COPYBACK() macros to cryptodev.h, they will be used in padlock(4) as well.
|
#
159229 |
|
04-Jun-2006 |
pjd |
Rename HMAC_BLOCK_MAXLEN to HMAC_MAX_BLOCK_LEN to be consistent with EALG_MAX_BLOCK_LEN.
|
#
159228 |
|
04-Jun-2006 |
pjd |
Rename AALG_MAX_RESULT_LEN to HASH_MAX_LEN to look more constent with other defines.
|
#
159223 |
|
04-Jun-2006 |
pjd |
Kill an unused argument.
|
#
158703 |
|
17-May-2006 |
pjd |
- Fix a very old bug in HMAC/SHA{384,512}. When HMAC is using SHA384 or SHA512, the blocksize is 128 bytes, not 64 bytes as anywhere else. The bug also exists in NetBSD, OpenBSD and various other independed implementations I look at. - We cannot decide which hash function to use for HMAC based on the key length, because any HMAC function can use any key length. To fix it split CRYPTO_SHA2_HMAC into three algorithm: CRYPTO_SHA2_256_HMAC, CRYPTO_SHA2_384_HMAC and CRYPTO_SHA2_512_HMAC. Those names are consistent with OpenBSD's naming. - Remove authsize field from auth_hash structure. - Allow consumer to define size of hash he wants to receive. This allows to use HMAC not only for IPsec, where 96 bits MAC is requested. The size of requested MAC is defined at newsession time in the cri_mlen field - when 0, entire MAC will be returned. - Add swcr_authprepare() function which prepares authentication key. - Allow to provide key for every authentication operation, not only at newsession time by honoring CRD_F_KEY_EXPLICIT flag. - Make giving key at newsession time optional - don't try to operate on it if its NULL. - Extend COPYBACK()/COPYDATA() macros to handle CRYPTO_BUF_CONTIG buffer type as well. - Accept CRYPTO_BUF_IOV buffer type in swcr_authcompute() as we have cuio_apply() now. - 16 bits for key length (SW_klen) is more than enough.
Reviewed by: sam
|
#
157637 |
|
10-Apr-2006 |
pjd |
- Simplify the code by using arc4rand(9) instead of arc4random(9) in a loop. - Correct a comment.
MFC after: 2 weeks
|
#
157205 |
|
28-Mar-2006 |
pjd |
Fix memory leak which occurs when crypto.ko module is unloaded.
Discussed with: sam MFC after 3 days
|
#
143406 |
|
11-Mar-2005 |
ume |
refer opencrypto/cast.h directly.
|
#
139825 |
|
07-Jan-2005 |
imp |
/* -> /*- for license, minor formatting changes
|
#
125330 |
|
02-Feb-2004 |
phk |
Add CRD_F_KEY_EXPLICIT which allows the key to be changed per operation, just like it was possible to change the IV.
Currently supported on Hifn and software engines only.
Approved by: sam@
|
#
123564 |
|
16-Dec-2003 |
bms |
style(9) pass and type fixups.
Submitted by: bde
|
#
123557 |
|
15-Dec-2003 |
bms |
Push m_apply() and m_getptr() up into the colleciton of standard mbuf routines, and purge them from opencrypto.
Reviewed by: sam Obtained from: NetBSD Sponsored by: spc.org
|
#
116924 |
|
27-Jun-2003 |
sam |
Add support to eliminate a context switch per crypto op when using the software crypto device:
o record crypto device capabilities in each session id o add a capability that indicates if the crypto driver operates synchronously o tag the software crypto driver as operating synchronously
This commit also introduces crypto session id macros that cleanup their construction and querying.
|
#
116191 |
|
11-Jun-2003 |
obrien |
Use __FBSDID().
|
#
104908 |
|
11-Oct-2002 |
mike |
Change iov_base's type from `char *' to the standard `void *'. All uses of iov_base which assume its type is `char *' (in order to do pointer arithmetic) have been updated to cast iov_base to `char *'.
|
#
104476 |
|
04-Oct-2002 |
sam |
In-kernel crypto framework derived from openbsd. This facility provides a consistent interface to h/w and s/w crypto algorithms for use by the kernel and (for h/w at least) by user-mode apps. Access for user-level code is through a /dev/crypto device that'll eventually be used by openssl to (potentially) accelerate many applications. Coming soon is an IPsec that makes use of this service to accelerate ESP, AH, and IPCOMP protocols.
Included here is the "core" crypto support, /dev/crypto driver, various crypto algorithms that are not already present in the KAME crypto area, and support routines used by crypto device drivers.
Obtained from: openbsd
|