#
685dc743 |
|
16-Aug-2023 |
Warner Losh <imp@FreeBSD.org> |
sys: Remove $FreeBSD$: one-line .c pattern Remove /^[\s*]*__FBSDID\("\$FreeBSD\$"\);?\s*\n/
|
#
fd6dd33d |
|
24-Oct-2022 |
Konstantin Belousov <kib@FreeBSD.org> |
opencrypto: fix null esp crypt Fixes: 3e9470482a1357eef90d007b27ec5d9725ae1111 Reviewed by: jhb Sponsored by: Nvidia networking MFC after: 1 week Differential revision: https://reviews.freebsd.org/D37113
|
#
8179db52 |
|
01-Jul-2022 |
Mark Johnston <markj@FreeBSD.org> |
crypto: Fix the NULL_HMAC finalizer The current implementation leaves the digest buffer partially uninitialized. Reported by: syzkaller Reviewed by: jhb MFC after: 1 week Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D35547
|
#
d7f0b3ce |
|
11-Jan-2022 |
John Baldwin <jhb@FreeBSD.org> |
crypto: Re-add encrypt/decrypt_multi hooks to enc_xform. These callbacks allow multiple contiguous blocks to be manipulated in a single call. Note that any trailing partial block for a stream cipher must still be passed to encrypt/decrypt_last. While here, document the setkey and reinit hooks and reorder the hooks in 'struct enc_xform' to better reflect the life cycle. Reviewed by: markj Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D33529
|
#
d8787d4f |
|
26-Jul-2021 |
Mark Johnston <markj@FreeBSD.org> |
crypto: Constify all transform descriptors No functional change intended. Reviewed by: ae, jhb MFC after: 1 week Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D31196
|
#
d3d79e96 |
|
03-Nov-2020 |
John Baldwin <jhb@FreeBSD.org> |
Consistently use C99 fixed-width types in the in-kernel crypto code. Reviewed by: markj Sponsored by: Chelsio Communications Differential Revision: https://reviews.freebsd.org/D27061
|
#
9b6b2f86 |
|
10-Jun-2020 |
John Baldwin <jhb@FreeBSD.org> |
Adjust crypto_apply function callbacks for OCF. - crypto_apply() is only used for reading a buffer to compute a digest, so change the data pointer to a const pointer. - To better match m_apply(), change the data pointer type to void * and the length from uint16_t to u_int. The length field in particular matters as none of the apply logic was splitting requests larger than UINT16_MAX. - Adjust the auth_xform Update callback to match the function prototype passed to crypto_apply() and crypto_apply_buf(). This removes the needs for casts when using the Update callback. - Change the Reinit and Setkey callbacks to also use a u_int length instead of uint16_t. - Update auth transforms for the changes. While here, use C99 initializers for auth_hash structures and avoid casts on callbacks. Reviewed by: cem Sponsored by: Chelsio Communications Differential Revision: https://reviews.freebsd.org/D25171
|
#
3e947048 |
|
20-May-2020 |
John Baldwin <jhb@FreeBSD.org> |
Various cleanups to the software encryption transform interface. - Consistently use 'void *' for key schedules / key contexts instead of a mix of 'caddr_t', 'uint8_t *', and 'void *'. - Add a ctxsize member to enc_xform similar to what auth transforms use and require callers to malloc/zfree the context. The setkey callback now supplies the caller-allocated context pointer and the zerokey callback is removed. Callers now always use zfree() to ensure key contexts are zeroed. - Consistently use C99 initializers for all statically-initialized instances of 'struct enc_xform'. - Change the encrypt and decrypt functions to accept separate in and out buffer pointers. Almost all of the backend crypto functions already supported separate input and output buffers and this makes it simpler to support separate buffers in OCF. - Remove xform_userland.h shim to permit transforms to be compiled in userland. Transforms no longer call malloc/free directly. Reviewed by: cem (earlier version) Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D24855
|
#
821fe3d3 |
|
21-Aug-2019 |
John Baldwin <jhb@FreeBSD.org> |
Use 'const' for keys and IVs passed to software encryption algorithms. Specifically, use 'const' for the key passed to the 'setkey' method and 'const' for the 'iv' passed to the 'reinit' method. Reviewed by: cem Sponsored by: Chelsio Communications Differential Revision: https://reviews.freebsd.org/D21347
|
#
255811d7 |
|
26-Sep-2017 |
Conrad Meyer <cem@FreeBSD.org> |
opencrypto: Use C99 initializers for auth_hash instances A misordering in the Via padlock driver really strongly suggested that these should use C99 named initializers. No functional change. Sponsored by: Dell EMC Isilon
|
#
3693b188 |
|
26-Sep-2017 |
Conrad Meyer <cem@FreeBSD.org> |
opencrypto: Loosen restriction on HMAC key sizes Theoretically, HMACs do not actually have any limit on key sizes. Transforms should compact input keys larger than the HMAC block size by using the transform (hash) on the input key. (Short input keys are padded out with zeros to the HMAC block size.) Still, not all FreeBSD crypto drivers that provide HMAC functionality handle longer-than-blocksize keys appropriately, so enforce a "maximum" key length in the crypto API for auth_hashes that previously expressed a requirement. (The "maximum" is the size of a single HMAC block for the given transform.) Unconstrained auth_hashes are left as-is. I believe the previous hardcoded sizes were committed in the original import of opencrypto from OpenBSD and are due to specific protocol details of IPSec. Note that none of the previous sizes actually matched the appropriate HMAC block size. The previous hardcoded sizes made the SHA tests in cryptotest.py useless for testing FreeBSD crypto drivers; none of the NIST-KAT example inputs had keys sized to the previous expectations. The following drivers were audited to check that they handled keys up to the block size of the HMAC safely: Software HMAC: * padlock(4) * cesa * glxsb * safe(4) * ubsec(4) Hardware accelerated HMAC: * ccr(4) * hifn(4) * sec(4) (Only supports up to 64 byte keys despite claiming to support SHA2 HMACs, but validates input key sizes) * cryptocteon (MIPS) * nlmsec (MIPS) * rmisec (MIPS) (Amusingly, does not appear to use key material at all -- presumed broken) Reviewed by: jhb (previous version), rlibby (previous version) Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D12437
|
#
2155bb23 |
|
30-Dec-2015 |
Allan Jude <allanjude@FreeBSD.org> |
Break up opencrypto/xform.c so it can be reused piecemeal Keep xform.c as a meta-file including the broken out bits existing code that includes xform.c continues to work as normal Individual algorithms can now be reused elsewhere, including outside of the kernel Reviewed by: bapt (previous version), gnn, delphij Approved by: secteam MFC after: 1 week Sponsored by: ScaleEngine Inc. Differential Revision: https://reviews.freebsd.org/D4674
|