Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | simd: encapsulate fpu amortization into nice functions | Jason A. Donenfeld | 2018-06-17 | 7 | -71/+83 |
| | |||||
* | queueing: re-enable preemption periodically to lower latency | Jason A. Donenfeld | 2018-06-16 | 2 | -0/+18 |
| | |||||
* | queueing: remove useless spinlocks on sc | Jason A. Donenfeld | 2018-06-16 | 3 | -5/+1 |
| | | | | Since these are the only consumers, there's no need for locking. | ||||
* | tools: getentropy requires 10.12 | Jason A. Donenfeld | 2018-06-14 | 1 | -1/+7 |
| | |||||
* | chacha20poly1305: use slow crypto on -rt kernels on arm too | Jason A. Donenfeld | 2018-06-14 | 1 | -1/+1 |
| | |||||
* | version: bump snapshot0.0.20180613 | Jason A. Donenfeld | 2018-06-13 | 2 | -2/+2 |
| | |||||
* | chacha20poly1305: use slow crypto on -rt kernels | Jason A. Donenfeld | 2018-06-13 | 1 | -1/+1 |
| | | | | | | | | | | | | | | In rt kernels, spinlocks call schedule(), which means preemption can't be disabled. The FPU disables preemption. Hence, we can either restructure things to move the calls to kernel_fpu_begin/end to be really close to the actual crypto routines, or we can do the slower lazier solution of just not using the FPU at all on -rt kernels. This patch goes with the latter lazy solution. The reason why we don't place the calls to kernel_fpu_begin/end close to the crypto routines in the first place is that they're very expensive, as it usually involves a call to XSAVE. So on sane kernels, we benefit from only having to call it once. | ||||
* | tools: support getentropy(3) | Jason A. Donenfeld | 2018-06-08 | 1 | -0/+11 |
| | |||||
* | tools: encoding: add missing static array constraints | Jason A. Donenfeld | 2018-06-06 | 3 | -5/+5 |
| | |||||
* | wg-quick: android: change name of intent | Jason A. Donenfeld | 2018-06-04 | 1 | -1/+1 |
| | |||||
* | chacha20: add missing include to header | Jason A. Donenfeld | 2018-06-02 | 1 | -0/+1 |
| | |||||
* | wg-quick: android: delay setting users until end | Jason A. Donenfeld | 2018-05-31 | 1 | -1/+6 |
| | | | | | | | `ndc users add` eventually invokes SOCK_DESTROY on user sockets, causing them to reconnect. By delaying this until after routes are set, we ensure that the sockets reconnect using the tunnel, rather than the old route. | ||||
* | version: bump snapshot0.0.20180531 | Jason A. Donenfeld | 2018-05-31 | 2 | -2/+2 |
| | |||||
* | qemu: bump default version | Jason A. Donenfeld | 2018-05-31 | 1 | -1/+1 |
| | |||||
* | tools: constanter time encoding | Jason A. Donenfeld | 2018-05-31 | 2 | -22/+28 |
| | |||||
* | device: do not assume dst is always valid | Jason A. Donenfeld | 2018-05-31 | 1 | -1/+1 |
| | | | | | | The new flow offloading feature at the moment does not set the dst. We have a patch pending to fix this upstream, but in the meantime, work around it here. | ||||
* | poly1305: mips: compute S on fly | René van Dorst | 2018-05-31 | 1 | -31/+22 |
| | | | | | | This reduces memory access and the total opaque size. Signed-off-by: René van Dorst <opensource@vdorst.com> | ||||
* | chacha20poly1305: test for authtag failure | Jason A. Donenfeld | 2018-05-31 | 1 | -3/+21 |
| | |||||
* | chacha20poly1305: test scattergather functions too | Jason A. Donenfeld | 2018-05-31 | 1 | -2/+44 |
| | |||||
* | crypto: consistent constification | Jason A. Donenfeld | 2018-05-31 | 6 | -23/+23 |
| | |||||
* | wg-quick: darwin: set DNS servers after delay on route change | Jason A. Donenfeld | 2018-05-31 | 1 | -2/+6 |
| | | | | | | This works around a race condition in macOS's network daemons, while also adding one in the form of possibly calling kill -ALRM on a stale PID; unfortunately bash can't wait from a trap. | ||||
* | chacha20poly1305: combine stack variables into union | Jason A. Donenfeld | 2018-05-31 | 2 | -62/+64 |
| | |||||
* | chacha20poly1305: split up into separate files | Jason A. Donenfeld | 2018-05-31 | 10 | -627/+740 |
| | |||||
* | curve25519: x86_64: make symbol static | Jason A. Donenfeld | 2018-05-29 | 1 | -2/+2 |
| | |||||
* | curve25519: x86_64: satisfy sparse | Jason A. Donenfeld | 2018-05-29 | 1 | -260/+260 |
| | |||||
* | wg-quick: freebsd: configure as p2p link | Jason A. Donenfeld | 2018-05-27 | 1 | -3/+5 |
| | |||||
* | wg-quick: darwin: add multiple IP addresses | Jason A. Donenfeld | 2018-05-27 | 1 | -2/+2 |
| | |||||
* | wg-quick: determine IPs when saving interface | Jason A. Donenfeld | 2018-05-27 | 3 | -12/+14 |
| | |||||
* | compat: don't clash with get_random_u32 backports | Jason A. Donenfeld | 2018-05-24 | 1 | -3/+2 |
| | | | | | | Our previous heuristic wasn't good enough, since CopperheadOS backported CANARY_MASK without backporting get_random_u32, as Qualcomm did, so now we just entirely rename all invocations of the function. | ||||
* | version: bump snapshot0.0.20180524 | Jason A. Donenfeld | 2018-05-24 | 2 | -2/+2 |
| | |||||
* | wg-quick: freebsd: work around security vulnerabilities in bash | Jason A. Donenfeld | 2018-05-24 | 1 | -7/+29 |
| | |||||
* | wg-quick: allow enumeration of socket files | Jason A. Donenfeld | 2018-05-23 | 2 | -2/+2 |
| | | | | | These OSes have an unpriv'd ifconfig, so this isn't an even larger info leak. | ||||
* | wg-quick: better bash completion for non-renaming OSes | Jason A. Donenfeld | 2018-05-23 | 1 | -5/+14 |
| | |||||
* | wg-quick: support FreeBSD/Darwin search path | Jason A. Donenfeld | 2018-05-23 | 4 | -16/+39 |
| | |||||
* | tools: always pass -v as first argument to install | Jason A. Donenfeld | 2018-05-23 | 1 | -7/+7 |
| | | | | This lets crippled OSes sed out our -v more easily. | ||||
* | wg-quick: openbsd: add new implementation | Jason A. Donenfeld | 2018-05-22 | 1 | -0/+451 |
| | |||||
* | wg-quick: freebsd: add new implementation | Jason A. Donenfeld | 2018-05-22 | 2 | -16/+434 |
| | |||||
* | wg-quick: darwin: do not remove routes when no real interface | Jason A. Donenfeld | 2018-05-22 | 1 | -0/+1 |
| | |||||
* | wg-quick: darwin: rename namefile environment variable | Jason A. Donenfeld | 2018-05-22 | 1 | -1/+1 |
| | | | | This paves the way for an openbsd implementation. | ||||
* | tools: fix OpenBSD build | Filippo Valsorda | 2018-05-22 | 4 | -2/+4 |
| | | | | | License: MIT Signed-off-by: Filippo Valsorda <valsorda@google.com> | ||||
* | compat: work around qcom 4.9 backports | Jason A. Donenfeld | 2018-05-22 | 1 | -0/+3 |
| | | | | | | | Qualcomm backported the get_random_u32 patch, even though kernel.org didn't, which is a problem. They also backported another patch in the same place which defines a new macro variable, so use this as a differentiator. | ||||
* | qemu: bump default kernel for gcc 8.1 | Jason A. Donenfeld | 2018-05-22 | 1 | -1/+1 |
| | |||||
* | allowedips: set pointer to null before freeing | Jason A. Donenfeld | 2018-05-22 | 1 | -2/+3 |
| | |||||
* | ncat-client-server: do not always call sudo and use env bash | Jason A. Donenfeld | 2018-05-22 | 1 | -2/+3 |
| | |||||
* | version: bump snapshot0.0.20180519 | Jason A. Donenfeld | 2018-05-19 | 2 | -2/+2 |
| | |||||
* | timers: no need to clear keepalive in persistent keepalive | Jason A. Donenfeld | 2018-05-19 | 1 | -4/+1 |
| | | | | | | | | We do this after sending the keepalive anyway. This is something of a regression, though, since before we'd cancel and then send, but now we send and then cancel, so it introduces a potential race, but hopefully that isn't too big of a deal. | ||||
* | timers: clear send_keepalive timer on sending handshake response | Jason A. Donenfeld | 2018-05-19 | 3 | -6/+12 |
| | | | | | | We reorganize this into also doing so on sending keepalives itself, which means the state machine is much more consistent, even if this was already implied. | ||||
* | timers: fix up comment | Jason A. Donenfeld | 2018-05-19 | 1 | -2/+2 |
| | |||||
* | timers: remove slack_time | Jason A. Donenfeld | 2018-05-19 | 1 | -8/+2 |
| | | | | | It's already done implicitly by recent kernels and it's not adding much here. | ||||
* | timers: reinitialize state on init | Jason A. Donenfeld | 2018-05-18 | 1 | -0/+3 |
| |