| #
b670c9ba |
| 11-Jun-2025 |
Ahmad Khalifa <vexeduxr@FreeBSD.org> |
newbus: replace leftover device unit wildcards
Reviewed by: imp, jhb
Approved by: imp (mentor)
Differential Revision: https://reviews.freebsd.org/D50913
|
|
Revision tags: release/14.3.0, release/13.4.0-p5, release/13.5.0-p1, release/14.2.0-p3, release/13.5.0, release/14.2.0-p2, release/14.1.0-p8, release/13.4.0-p4, release/14.1.0-p7, release/14.2.0-p1, release/13.4.0-p3, release/14.2.0, release/13.4.0, release/14.1.0, release/13.3.0 |
|
| #
fdafd315 |
| 24-Nov-2023 |
Warner Losh <imp@FreeBSD.org> |
sys: Automated cleanup of cdefs and other formatting
Apply the following automated changes to try to eliminate
no-longer-needed sys/cdefs.h includes as well as now-empty
blank lines in a row.
Remov
sys: Automated cleanup of cdefs and other formatting
Apply the following automated changes to try to eliminate
no-longer-needed sys/cdefs.h includes as well as now-empty
blank lines in a row.
Remove /^#if.*\n#endif.*\n#include\s+<sys/cdefs.h>.*\n/
Remove /\n+#include\s+<sys/cdefs.h>.*\n+#if.*\n#endif.*\n+/
Remove /\n+#if.*\n#endif.*\n+/
Remove /^#if.*\n#endif.*\n/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/types.h>/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/param.h>/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/capsicum.h>/
Sponsored by: Netflix
show more ...
|
|
Revision tags: release/14.0.0 |
|
| #
685dc743 |
| 16-Aug-2023 |
Warner Losh <imp@FreeBSD.org> |
sys: Remove $FreeBSD$: one-line .c pattern
Remove /^[\s*]*__FBSDID\("\$FreeBSD\$"\);?\s*\n/
|
|
Revision tags: release/13.2.0, release/12.4.0, release/13.1.0 |
|
| #
ab050b2b |
| 07-May-2022 |
John Baldwin <jhb@FreeBSD.org> |
crypto: Remove unused devclass arguments to DRIVER_MODULE.
|
| #
50722514 |
| 18-Jan-2022 |
Mark Johnston <markj@FreeBSD.org> |
cryptosoft: Avoid referencing end-of-buffer cursors
Once a crypto cursor has reached the end of its buffer, it is invalid to
call crypto_cursor_segment() for at least some crypto buffer types.
Reorg
cryptosoft: Avoid referencing end-of-buffer cursors
Once a crypto cursor has reached the end of its buffer, it is invalid to
call crypto_cursor_segment() for at least some crypto buffer types.
Reorganize loops to avoid this.
Fixes: cfb7b942bed7 ("cryptosoft: Use multi-block encrypt/decrypt for non-AEAD ciphers.")
Fixes: a221a8f4a0de ("cryptosoft: Use multi-block encrypt/decrypt for AES-GCM.")
Fixes: f8580fcaa1e1 ("cryptosoft: Use multi-block encrypt/decrypt for AES-CCM.")
Fixes: 5022c68732e6 ("cryptosoft: Use multi-block encrypt/decrypt for ChaCha20-Poly1305.")
Reported and tested by: madpilot
Discussed with: jhb
Sponsored by: The FreeBSD Foundation
show more ...
|
| #
5022c687 |
| 11-Jan-2022 |
John Baldwin <jhb@FreeBSD.org> |
cryptosoft: Use multi-block encrypt/decrypt for ChaCha20-Poly1305.
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D33758
|
| #
f8580fca |
| 11-Jan-2022 |
John Baldwin <jhb@FreeBSD.org> |
cryptosoft: Use multi-block encrypt/decrypt for AES-CCM.
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D33757
|
| #
a221a8f4 |
| 11-Jan-2022 |
John Baldwin <jhb@FreeBSD.org> |
cryptosoft: Use multi-block encrypt/decrypt for AES-GCM.
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D33756
|
| #
69e533c3 |
| 11-Jan-2022 |
John Baldwin <jhb@FreeBSD.org> |
swcr_encdec: Rename blks to blksz.
This better reflects the variables purpose and matches other functions
in this file.
Requested by: markj
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
D
swcr_encdec: Rename blks to blksz.
This better reflects the variables purpose and matches other functions
in this file.
Requested by: markj
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D33755
show more ...
|
| #
cfb7b942 |
| 11-Jan-2022 |
John Baldwin <jhb@FreeBSD.org> |
cryptosoft: Use multi-block encrypt/decrypt for non-AEAD ciphers.
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D33531
|
| #
8f35841f |
| 11-Jan-2022 |
John Baldwin <jhb@FreeBSD.org> |
crypto: Add support for the XChaCha20-Poly1305 AEAD cipher.
This cipher is a wrapper around the ChaCha20-Poly1305 AEAD cipher
which accepts a larger nonce. Part of the nonce is used along with
the
crypto: Add support for the XChaCha20-Poly1305 AEAD cipher.
This cipher is a wrapper around the ChaCha20-Poly1305 AEAD cipher
which accepts a larger nonce. Part of the nonce is used along with
the key as an input to HChaCha20 to generate a derived key used for
ChaCha20-Poly1305.
This cipher is used by WireGuard.
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D33523
show more ...
|
| #
c3a688ef |
| 30-Dec-2021 |
John Baldwin <jhb@FreeBSD.org> |
OCF: Hook up plain RIPEMD160 in cryptosoft and /dev/crypto.
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D33612
|
| #
04781697 |
| 17-Dec-2021 |
John Baldwin <jhb@FreeBSD.org> |
cryptosoft: Use POLY1305_BLOCK_LEN instead of a magic number.
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D33528
|
| #
7051c579 |
| 17-Dec-2021 |
John Baldwin <jhb@FreeBSD.org> |
cryptosoft: Consolidate calls to explicit_bzero.
Group sensitive on-stack variables into anonymous structs so that they
can be cleared with a single call to explicit_bzero rather than
multiple calls
cryptosoft: Consolidate calls to explicit_bzero.
Group sensitive on-stack variables into anonymous structs so that they
can be cleared with a single call to explicit_bzero rather than
multiple calls.
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D33527
show more ...
|
| #
1c9b25a5 |
| 17-Dec-2021 |
John Baldwin <jhb@FreeBSD.org> |
cryptosoft: Reuse 'blk' to hold the initial nonce in swcr_gmac.
Reusing the storage removes the need for an additional explicit_bzero.
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
Differ
cryptosoft: Reuse 'blk' to hold the initial nonce in swcr_gmac.
Reusing the storage removes the need for an additional explicit_bzero.
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D33526
show more ...
|
| #
49bb1307 |
| 17-Dec-2021 |
John Baldwin <jhb@FreeBSD.org> |
cryptosoft: Remove unused 'iv' in swcr_ccm_cbc_mac.
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D33525
|
| #
2cd83828 |
| 16-Dec-2021 |
John Baldwin <jhb@FreeBSD.org> |
cryptosoft: Remove CBC handling from swcr_encdec.
All of the CBC ciphers now handle block chaining in the enc_xform.
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
Differential Revision: h
cryptosoft: Remove CBC handling from swcr_encdec.
All of the CBC ciphers now handle block chaining in the enc_xform.
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D33489
show more ...
|
| #
aa268175 |
| 15-Dec-2021 |
John Baldwin <jhb@FreeBSD.org> |
cryptosoft: Don't treat CRYPTO_NULL_HMAC as an hmac algorithm.
Despite it's name, CRYPTO_NULL_HMAC is actually an unkeyed digest
similar to plain SHA-1 rather than a keyed HMAC algorithm.
Reported
cryptosoft: Don't treat CRYPTO_NULL_HMAC as an hmac algorithm.
Despite it's name, CRYPTO_NULL_HMAC is actually an unkeyed digest
similar to plain SHA-1 rather than a keyed HMAC algorithm.
Reported by: syzbot+17d7c656f1a797b0faae@syzkaller.appspotmail.com
Discussed with: markj
Fixes: 6113a08b98e4 cryptosoft: Fully support per-operation keys for auth algorithms.
Sponsored by: The FreeBSD Foundation
show more ...
|
| #
dc475c9b |
| 09-Dec-2021 |
John Baldwin <jhb@FreeBSD.org> |
cryptosoft: Stop single-threading requests within a session.
All of the request handlers no longer modify session state, so remove
the mutex limiting operations to one per session. In addition, cha
cryptosoft: Stop single-threading requests within a session.
All of the request handlers no longer modify session state, so remove
the mutex limiting operations to one per session. In addition, change
the pointer to the session state passed to process callbacks to const.
Suggested by: mjg
Reviewed by: mjg, markj
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D33317
show more ...
|
| #
6113a08b |
| 09-Dec-2021 |
John Baldwin <jhb@FreeBSD.org> |
cryptosoft: Fully support per-operation keys for auth algorithms.
Only pre-allocate auth contexts when a session-wide key is provided or
for sessions without keys. For sessions with per-operation k
cryptosoft: Fully support per-operation keys for auth algorithms.
Only pre-allocate auth contexts when a session-wide key is provided or
for sessions without keys. For sessions with per-operation keys,
always initialize the on-stack context directly rather than
initializing the session context in swcr_authprepare (now removed) and
then copying that session context into the on-stack context.
This approach permits parallel auth operations without needing a
serializing lock. In addition, the previous code assumed that auth
sessions always provided an initial key unlike cipher sessions which
assume either an initial key or per-op keys.
While here, fix the Blake2 auth transforms to function like other auth
transforms where Setkey is invoked after Init rather than before.
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D33316
show more ...
|
| #
b54d1284 |
| 09-Dec-2021 |
John Baldwin <jhb@FreeBSD.org> |
cryptosoft: Allocate cipher contexts on the stack during operations.
As is done with authentication contexts, allocate cipher contexts on
the stack while completing requests. This permits safely di
cryptosoft: Allocate cipher contexts on the stack during operations.
As is done with authentication contexts, allocate cipher contexts on
the stack while completing requests. This permits safely dispatching
concurrent requests on a single session. The cipher context in the
session is now only allocated when a session key is provided during
session setup to serve as a template to initialize the on-stack
context similar to auth operations.
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D33198
show more ...
|
| #
f313909a |
| 09-Dec-2021 |
John Baldwin <jhb@FreeBSD.org> |
cryptosoft: Rename sw_kschedule member to sw_ctx.
The cipher context isn't always a key schedule, so use a more generic
name.
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
Differential Re
cryptosoft: Rename sw_kschedule member to sw_ctx.
The cipher context isn't always a key schedule, so use a more generic
name.
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D33197
show more ...
|
| #
ab91fb6c |
| 09-Dec-2021 |
John Baldwin <jhb@FreeBSD.org> |
crypto: Refactor software support for AEAD ciphers.
Extend struct enc_xform to add new members to handle auth operations
for AEAD ciphers. In particular, AEAD operations in cryptosoft no
longer use
crypto: Refactor software support for AEAD ciphers.
Extend struct enc_xform to add new members to handle auth operations
for AEAD ciphers. In particular, AEAD operations in cryptosoft no
longer use a struct auth_hash. Instead, the setkey and reinit methods
of struct enc_xform are responsible for initializing both the cipher
and auth state.
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D33196
show more ...
|
| #
c172a407 |
| 09-Dec-2021 |
John Baldwin <jhb@FreeBSD.org> |
cryptosoft: Reject AES-CCM/GCM sessions with invalid key lengths.
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D33195
|
| #
6e17a2e0 |
| 09-Dec-2021 |
John Baldwin <jhb@FreeBSD.org> |
crypto: Validate AES-GCM IV length in check_csp().
This centralizes the check for valid nonce lengths for AES-GCM.
While here, remove some duplicate checks for valid AES-GCM tag lengths
from ccp(4)
crypto: Validate AES-GCM IV length in check_csp().
This centralizes the check for valid nonce lengths for AES-GCM.
While here, remove some duplicate checks for valid AES-GCM tag lengths
from ccp(4) and ccr(4).
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D33194
show more ...
|