aboutsummaryrefslogtreecommitdiffstatshomepage
Commit message (Collapse)AuthorAgeFilesLines
...
* curve25519-x86_64: remove useless defineJason A. Donenfeld2018-09-121-1/+0
|
* chacha20: add constant for words in blockJason A. Donenfeld2018-09-122-2/+3
|
* poly1305: rename finish to finalJason A. Donenfeld2018-09-115-13/+13
|
* kconfig: make NEON depend on CPU_V7Jason A. Donenfeld2018-09-111-3/+3
|
* crypto: make sure UML is properly disabledJason A. Donenfeld2018-09-111-4/+4
|
* crypto: do not use compound literals in selftestsJason A. Donenfeld2018-09-112-7704/+7710
| | | | | | | gcc can't apply section attributes to compound literals, so we can't mark the actual data as __initconst. We thus waste space instead, but this shouldn't matter much, since it's cleared after init anyway, and because this is only for debugging.
* blake2s-x86_64: fix whitespace errorsJason A. Donenfeld2018-09-101-2/+2
|
* version: bump snapshot0.0.20180910Jason A. Donenfeld2018-09-102-2/+2
|
* poly1305: switch to donnaJason A. Donenfeld2018-09-103-183/+398
|
* poly1305: rewrite self tests from scratchJason A. Donenfeld2018-09-081-1529/+831
| | | | This removes the old cruft and makes things a bit more idiomatic.
* compat: move simd.h from crypto to compat since it's going upstreamJason A. Donenfeld2018-09-062-0/+4
|
* compat: arch-namespace certain includesJason A. Donenfeld2018-09-065-8/+8
|
* compat: support neon.h on old kernelsJason A. Donenfeld2018-09-062-0/+14
| | | | Reported-by: Philipp Richter <richterphilipp.pops@gmail.com>
* crypto: use CRYPTOGAMS licenseJason A. Donenfeld2018-09-069-23/+27
|
* curve25519: arm: do not modify sp directlyJason A. Donenfeld2018-09-061-3/+3
| | | | | | Thumb doesn't like this. Reported-by: Roman Mamedov <rm@romanrm.net>
* version: bump snapshot0.0.20180904Jason A. Donenfeld2018-09-042-2/+2
|
* global: always find OOM unlikelyJason A. Donenfeld2018-09-046-17/+17
| | | | Suggested-by: Sultan Alsawaf <sultanxda@gmail.com>
* global: prefer sizeof(*pointer) when possibleJason A. Donenfeld2018-09-0415-53/+44
| | | | Suggested-by: Sultan Alsawaf <sultanxda@gmail.com>
* global: satisfy check_patch.pl errorsJason A. Donenfeld2018-09-036-26/+27
|
* crypto: import zincJason A. Donenfeld2018-09-0356-6553/+13141
|
* uapi: reformatJason A. Donenfeld2018-09-021-81/+83
|
* tools: ipc: do not warn on unrecognized netlink attributesJason A. Donenfeld2018-09-021-17/+0
| | | | It makes extending things more difficult.
* netlink: insert peer version placeholderJason A. Donenfeld2018-09-023-3/+17
| | | | | | | While we don't want people to ever use old protocols, people will complain if the API "changes", so explicitly make the unset protocol mean the latest, and add a dummy mechanism of specifying the protocol on a per-peer basis, which we hope nobody actually ever uses.
* curve25519-arm: prefix immediates with #Jason A. Donenfeld2018-08-281-18/+18
|
* curve25519-arm: do not waste 32 bytes of stackJason A. Donenfeld2018-08-281-88/+88
|
* curve25519-arm: use ordinary prolog and epilogueSamuel Neves2018-08-281-18/+6
| | | | Signed-off-by: Samuel Neves <sneves@dei.uc.pt>
* curve25519-arm: add spaces after commasJason A. Donenfeld2018-08-281-2074/+2074
|
* curve25519-arm: cleanups from lkmlJason A. Donenfeld2018-08-281-33/+30
| | | | Suggested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
* curve25519-arm: reformatJason A. Donenfeld2018-08-281-2096/+2096
|
* curve25519-x86_64: let the compiler decide when/how to load constantsSamuel Neves2018-08-281-5/+2
| | | | Signed-off-by: Samuel Neves <sneves@dei.uc.pt>
* curve25519-hacl64: use formally verified C for comparisonsJason A. Donenfeld2018-08-281-6/+19
| | | | | | The previous code had been proved in Z3, but this new code from upstream KreMLin is directly generated from the F*, which is preferable. The assembly generated is identical.
* crypto: use unaligned helpersJason A. Donenfeld2018-08-289-55/+61
| | | | | | This is not useful for WireGuard, but for the general use case we probably want it this way, and the speed difference is mostly lost in the noise.
* Kconfig: use new-style help markerJason A. Donenfeld2018-08-281-2/+2
|
* compat: rng_is_initialized made it into 4.19Jason A. Donenfeld2018-08-281-53/+53
|
* global: run through clang-formatJason A. Donenfeld2018-08-2828-795/+1654
| | | | | | | This is the worst commit in the whole repo, making the code much less readable, but so it goes with upstream maintainers. We are now woefully wrapped at 80 columns.
* wg-quick: check correct variable for route deduplicationJason A. Donenfeld2018-08-211-1/+1
| | | | Reported-by: John Sager <john@sager.me.uk>
* wg-quick: darwin: prefer system paths for toolsJason A. Donenfeld2018-08-121-1/+1
| | | | | | | | | | | | The only things wg-quick(8) needs from Homebrew are bash(1) and wg(8). Other than that, it's explicitly coded against the native system utilities. Since wg-quick(8) and bash(1) are invoked in auto_su by their full absolute path (via $SELF and $BASH, respectively), we can simply set the $PATH to be prefixed by the default system binary paths. This way, if users install tools that conflict with system tools -- such as GNU coreutils -- we won't accidently call those. Reported-by: Deirdre Connolly <durumcrustulum@gmail.com>
* version: bump snapshot0.0.20180809Jason A. Donenfeld2018-08-092-2/+2
|
* netlink: don't start over iteration on multipart non-first allowedipsJason A. Donenfeld2018-08-092-2/+28
| | | | Reported-by: Matt Layher <mdlayher@gmail.com>
* timers: include header in right fileJason A. Donenfeld2018-08-092-2/+2
|
* curve25519-hacl64: correct u64_gte_maskSamuel Neves2018-08-071-3/+1
| | | | | | | | | | | | | | | | | | | Remove signed right shifts. Previously u64_gte_mask was only correct for x < 2^63. Z3 script proving correctness: >>> from z3 import * >>> >>> x = BitVec("x", 64) >>> y = BitVec("y", 64) >>> >>> t = LShR(x^((x^y)|((x-y)^y)), 63) - 1 >>> >>> prove(If(UGE(x, y), BitVecVal(-1, 64), BitVecVal(0, 64)) == t) proved Signed-off-by: Samuel Neves <sneves@dei.uc.pt>
* curve25519-hacl64: simplify u64_eq_maskSamuel Neves2018-08-071-8/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Avoid signed right shift. Z3 script showing equivalence: >>> from z3 import * >>> >>> x = BitVec("x", 64) >>> y = BitVec("y", 64) >>> >>> # Before ... x_ = ~(x ^ y) >>> x_ &= x_ << 32 >>> x_ &= x_ << 16 >>> x_ &= x_ << 8 >>> x_ &= x_ << 4 >>> x_ &= x_ << 2 >>> x_ &= x_ << 1 >>> x_ >>= 63 >>> >>> # After ... y_ = x ^ y >>> y_ = y_ | -y_ >>> y_ = LShR(y_, 63) - 1 >>> >>> prove(x_ == y_) proved Signed-off-by: Samuel Neves <sneves@dei.uc.pt>
* chacha20: use memmove in case buffers overlapJason A. Donenfeld2018-08-071-1/+1
| | | | Suggested-by: Samuel Neves <sneves@dei.uc.pt>
* curve25519-x86_64: avoid use of r12Jason A. Donenfeld2018-08-071-107/+107
| | | | | | | This causes problems with RAP and KERNEXEC for PaX, as r12 is a reserved register. Suggested-by: PaX Team <pageexec@freemail.hu>
* qemu: add easy git harnessJason A. Donenfeld2018-08-061-1/+8
|
* chacha20poly1305: selftest: use arrays for test vectorsJason A. Donenfeld2018-08-061-777/+3577
|
* crypto: move simd context to specific typeJason A. Donenfeld2018-08-0611-147/+153
| | | | Suggested-by: Andy Lutomirski <luto@kernel.org>
* compat: better atomic acquire/release backportJason A. Donenfeld2018-08-041-16/+10
|
* send: switch handshake stamp to an atomicJason A. Donenfeld2018-08-044-14/+12
| | | | | | | | | | | Rather than abusing the handshake lock, we're much better off just using a boring atomic64 for this. It's simpler and performs better. Also, while we're at it, we set the handshake stamp both before and after the calculations, in case the calculations block for a really long time waiting for the RNG to initialize. Otherwise it's possible that when the RNG finally initializes, two handshakes are sent back to back, which isn't sensible.
* version: bump snapshot0.0.20180802Jason A. Donenfeld2018-08-032-2/+2
|
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.