Commit message (Collapse) | Author | Age | Files | Lines | ||
---|---|---|---|---|---|---|
... | ||||||
* | curve25519-x86_64: remove useless define | Jason A. Donenfeld | 2018-09-12 | 1 | -1/+0 | |
| | ||||||
* | chacha20: add constant for words in block | Jason A. Donenfeld | 2018-09-12 | 2 | -2/+3 | |
| | ||||||
* | poly1305: rename finish to final | Jason A. Donenfeld | 2018-09-11 | 5 | -13/+13 | |
| | ||||||
* | kconfig: make NEON depend on CPU_V7 | Jason A. Donenfeld | 2018-09-11 | 1 | -3/+3 | |
| | ||||||
* | crypto: make sure UML is properly disabled | Jason A. Donenfeld | 2018-09-11 | 1 | -4/+4 | |
| | ||||||
* | crypto: do not use compound literals in selftests | Jason A. Donenfeld | 2018-09-11 | 2 | -7704/+7710 | |
| | | | | | | | gcc can't apply section attributes to compound literals, so we can't mark the actual data as __initconst. We thus waste space instead, but this shouldn't matter much, since it's cleared after init anyway, and because this is only for debugging. | |||||
* | blake2s-x86_64: fix whitespace errors | Jason A. Donenfeld | 2018-09-10 | 1 | -2/+2 | |
| | ||||||
* | version: bump snapshot0.0.20180910 | Jason A. Donenfeld | 2018-09-10 | 2 | -2/+2 | |
| | ||||||
* | poly1305: switch to donna | Jason A. Donenfeld | 2018-09-10 | 3 | -183/+398 | |
| | ||||||
* | poly1305: rewrite self tests from scratch | Jason A. Donenfeld | 2018-09-08 | 1 | -1529/+831 | |
| | | | | This removes the old cruft and makes things a bit more idiomatic. | |||||
* | compat: move simd.h from crypto to compat since it's going upstream | Jason A. Donenfeld | 2018-09-06 | 2 | -0/+4 | |
| | ||||||
* | compat: arch-namespace certain includes | Jason A. Donenfeld | 2018-09-06 | 5 | -8/+8 | |
| | ||||||
* | compat: support neon.h on old kernels | Jason A. Donenfeld | 2018-09-06 | 2 | -0/+14 | |
| | | | | Reported-by: Philipp Richter <richterphilipp.pops@gmail.com> | |||||
* | crypto: use CRYPTOGAMS license | Jason A. Donenfeld | 2018-09-06 | 9 | -23/+27 | |
| | ||||||
* | curve25519: arm: do not modify sp directly | Jason A. Donenfeld | 2018-09-06 | 1 | -3/+3 | |
| | | | | | | Thumb doesn't like this. Reported-by: Roman Mamedov <rm@romanrm.net> | |||||
* | version: bump snapshot0.0.20180904 | Jason A. Donenfeld | 2018-09-04 | 2 | -2/+2 | |
| | ||||||
* | global: always find OOM unlikely | Jason A. Donenfeld | 2018-09-04 | 6 | -17/+17 | |
| | | | | Suggested-by: Sultan Alsawaf <sultanxda@gmail.com> | |||||
* | global: prefer sizeof(*pointer) when possible | Jason A. Donenfeld | 2018-09-04 | 15 | -53/+44 | |
| | | | | Suggested-by: Sultan Alsawaf <sultanxda@gmail.com> | |||||
* | global: satisfy check_patch.pl errors | Jason A. Donenfeld | 2018-09-03 | 6 | -26/+27 | |
| | ||||||
* | crypto: import zinc | Jason A. Donenfeld | 2018-09-03 | 56 | -6553/+13141 | |
| | ||||||
* | uapi: reformat | Jason A. Donenfeld | 2018-09-02 | 1 | -81/+83 | |
| | ||||||
* | tools: ipc: do not warn on unrecognized netlink attributes | Jason A. Donenfeld | 2018-09-02 | 1 | -17/+0 | |
| | | | | It makes extending things more difficult. | |||||
* | netlink: insert peer version placeholder | Jason A. Donenfeld | 2018-09-02 | 3 | -3/+17 | |
| | | | | | | | While we don't want people to ever use old protocols, people will complain if the API "changes", so explicitly make the unset protocol mean the latest, and add a dummy mechanism of specifying the protocol on a per-peer basis, which we hope nobody actually ever uses. | |||||
* | curve25519-arm: prefix immediates with # | Jason A. Donenfeld | 2018-08-28 | 1 | -18/+18 | |
| | ||||||
* | curve25519-arm: do not waste 32 bytes of stack | Jason A. Donenfeld | 2018-08-28 | 1 | -88/+88 | |
| | ||||||
* | curve25519-arm: use ordinary prolog and epilogue | Samuel Neves | 2018-08-28 | 1 | -18/+6 | |
| | | | | Signed-off-by: Samuel Neves <sneves@dei.uc.pt> | |||||
* | curve25519-arm: add spaces after commas | Jason A. Donenfeld | 2018-08-28 | 1 | -2074/+2074 | |
| | ||||||
* | curve25519-arm: cleanups from lkml | Jason A. Donenfeld | 2018-08-28 | 1 | -33/+30 | |
| | | | | Suggested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> | |||||
* | curve25519-arm: reformat | Jason A. Donenfeld | 2018-08-28 | 1 | -2096/+2096 | |
| | ||||||
* | curve25519-x86_64: let the compiler decide when/how to load constants | Samuel Neves | 2018-08-28 | 1 | -5/+2 | |
| | | | | Signed-off-by: Samuel Neves <sneves@dei.uc.pt> | |||||
* | curve25519-hacl64: use formally verified C for comparisons | Jason A. Donenfeld | 2018-08-28 | 1 | -6/+19 | |
| | | | | | | The previous code had been proved in Z3, but this new code from upstream KreMLin is directly generated from the F*, which is preferable. The assembly generated is identical. | |||||
* | crypto: use unaligned helpers | Jason A. Donenfeld | 2018-08-28 | 9 | -55/+61 | |
| | | | | | | This is not useful for WireGuard, but for the general use case we probably want it this way, and the speed difference is mostly lost in the noise. | |||||
* | Kconfig: use new-style help marker | Jason A. Donenfeld | 2018-08-28 | 1 | -2/+2 | |
| | ||||||
* | compat: rng_is_initialized made it into 4.19 | Jason A. Donenfeld | 2018-08-28 | 1 | -53/+53 | |
| | ||||||
* | global: run through clang-format | Jason A. Donenfeld | 2018-08-28 | 28 | -795/+1654 | |
| | | | | | | | This is the worst commit in the whole repo, making the code much less readable, but so it goes with upstream maintainers. We are now woefully wrapped at 80 columns. | |||||
* | wg-quick: check correct variable for route deduplication | Jason A. Donenfeld | 2018-08-21 | 1 | -1/+1 | |
| | | | | Reported-by: John Sager <john@sager.me.uk> | |||||
* | wg-quick: darwin: prefer system paths for tools | Jason A. Donenfeld | 2018-08-12 | 1 | -1/+1 | |
| | | | | | | | | | | | | The only things wg-quick(8) needs from Homebrew are bash(1) and wg(8). Other than that, it's explicitly coded against the native system utilities. Since wg-quick(8) and bash(1) are invoked in auto_su by their full absolute path (via $SELF and $BASH, respectively), we can simply set the $PATH to be prefixed by the default system binary paths. This way, if users install tools that conflict with system tools -- such as GNU coreutils -- we won't accidently call those. Reported-by: Deirdre Connolly <durumcrustulum@gmail.com> | |||||
* | version: bump snapshot0.0.20180809 | Jason A. Donenfeld | 2018-08-09 | 2 | -2/+2 | |
| | ||||||
* | netlink: don't start over iteration on multipart non-first allowedips | Jason A. Donenfeld | 2018-08-09 | 2 | -2/+28 | |
| | | | | Reported-by: Matt Layher <mdlayher@gmail.com> | |||||
* | timers: include header in right file | Jason A. Donenfeld | 2018-08-09 | 2 | -2/+2 | |
| | ||||||
* | curve25519-hacl64: correct u64_gte_mask | Samuel Neves | 2018-08-07 | 1 | -3/+1 | |
| | | | | | | | | | | | | | | | | | | | Remove signed right shifts. Previously u64_gte_mask was only correct for x < 2^63. Z3 script proving correctness: >>> from z3 import * >>> >>> x = BitVec("x", 64) >>> y = BitVec("y", 64) >>> >>> t = LShR(x^((x^y)|((x-y)^y)), 63) - 1 >>> >>> prove(If(UGE(x, y), BitVecVal(-1, 64), BitVecVal(0, 64)) == t) proved Signed-off-by: Samuel Neves <sneves@dei.uc.pt> | |||||
* | curve25519-hacl64: simplify u64_eq_mask | Samuel Neves | 2018-08-07 | 1 | -8/+3 | |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Avoid signed right shift. Z3 script showing equivalence: >>> from z3 import * >>> >>> x = BitVec("x", 64) >>> y = BitVec("y", 64) >>> >>> # Before ... x_ = ~(x ^ y) >>> x_ &= x_ << 32 >>> x_ &= x_ << 16 >>> x_ &= x_ << 8 >>> x_ &= x_ << 4 >>> x_ &= x_ << 2 >>> x_ &= x_ << 1 >>> x_ >>= 63 >>> >>> # After ... y_ = x ^ y >>> y_ = y_ | -y_ >>> y_ = LShR(y_, 63) - 1 >>> >>> prove(x_ == y_) proved Signed-off-by: Samuel Neves <sneves@dei.uc.pt> | |||||
* | chacha20: use memmove in case buffers overlap | Jason A. Donenfeld | 2018-08-07 | 1 | -1/+1 | |
| | | | | Suggested-by: Samuel Neves <sneves@dei.uc.pt> | |||||
* | curve25519-x86_64: avoid use of r12 | Jason A. Donenfeld | 2018-08-07 | 1 | -107/+107 | |
| | | | | | | | This causes problems with RAP and KERNEXEC for PaX, as r12 is a reserved register. Suggested-by: PaX Team <pageexec@freemail.hu> | |||||
* | qemu: add easy git harness | Jason A. Donenfeld | 2018-08-06 | 1 | -1/+8 | |
| | ||||||
* | chacha20poly1305: selftest: use arrays for test vectors | Jason A. Donenfeld | 2018-08-06 | 1 | -777/+3577 | |
| | ||||||
* | crypto: move simd context to specific type | Jason A. Donenfeld | 2018-08-06 | 11 | -147/+153 | |
| | | | | Suggested-by: Andy Lutomirski <luto@kernel.org> | |||||
* | compat: better atomic acquire/release backport | Jason A. Donenfeld | 2018-08-04 | 1 | -16/+10 | |
| | ||||||
* | send: switch handshake stamp to an atomic | Jason A. Donenfeld | 2018-08-04 | 4 | -14/+12 | |
| | | | | | | | | | | | Rather than abusing the handshake lock, we're much better off just using a boring atomic64 for this. It's simpler and performs better. Also, while we're at it, we set the handshake stamp both before and after the calculations, in case the calculations block for a really long time waiting for the RNG to initialize. Otherwise it's possible that when the RNG finally initializes, two handshakes are sent back to back, which isn't sensible. | |||||
* | version: bump snapshot0.0.20180802 | Jason A. Donenfeld | 2018-08-03 | 2 | -2/+2 | |
| |