aboutsummaryrefslogtreecommitdiffstatshomepage
Commit message (Collapse)AuthorAgeFilesLines
...
* chacha20poly1305: use slow crypto on -rt kernelsJason A. Donenfeld2018-06-131-1/+1
| | | | | | | | | | | | | | In rt kernels, spinlocks call schedule(), which means preemption can't be disabled. The FPU disables preemption. Hence, we can either restructure things to move the calls to kernel_fpu_begin/end to be really close to the actual crypto routines, or we can do the slower lazier solution of just not using the FPU at all on -rt kernels. This patch goes with the latter lazy solution. The reason why we don't place the calls to kernel_fpu_begin/end close to the crypto routines in the first place is that they're very expensive, as it usually involves a call to XSAVE. So on sane kernels, we benefit from only having to call it once.
* tools: support getentropy(3)Jason A. Donenfeld2018-06-081-0/+11
|
* tools: encoding: add missing static array constraintsJason A. Donenfeld2018-06-063-5/+5
|
* wg-quick: android: change name of intentJason A. Donenfeld2018-06-041-1/+1
|
* chacha20: add missing include to headerJason A. Donenfeld2018-06-021-0/+1
|
* wg-quick: android: delay setting users until endJason A. Donenfeld2018-05-311-1/+6
| | | | | | | `ndc users add` eventually invokes SOCK_DESTROY on user sockets, causing them to reconnect. By delaying this until after routes are set, we ensure that the sockets reconnect using the tunnel, rather than the old route.
* version: bump snapshot0.0.20180531Jason A. Donenfeld2018-05-312-2/+2
|
* qemu: bump default versionJason A. Donenfeld2018-05-311-1/+1
|
* tools: constanter time encodingJason A. Donenfeld2018-05-312-22/+28
|
* device: do not assume dst is always validJason A. Donenfeld2018-05-311-1/+1
| | | | | | The new flow offloading feature at the moment does not set the dst. We have a patch pending to fix this upstream, but in the meantime, work around it here.
* poly1305: mips: compute S on flyRené van Dorst2018-05-311-31/+22
| | | | | | This reduces memory access and the total opaque size. Signed-off-by: René van Dorst <opensource@vdorst.com>
* chacha20poly1305: test for authtag failureJason A. Donenfeld2018-05-311-3/+21
|
* chacha20poly1305: test scattergather functions tooJason A. Donenfeld2018-05-311-2/+44
|
* crypto: consistent constificationJason A. Donenfeld2018-05-316-23/+23
|
* wg-quick: darwin: set DNS servers after delay on route changeJason A. Donenfeld2018-05-311-2/+6
| | | | | | This works around a race condition in macOS's network daemons, while also adding one in the form of possibly calling kill -ALRM on a stale PID; unfortunately bash can't wait from a trap.
* chacha20poly1305: combine stack variables into unionJason A. Donenfeld2018-05-312-62/+64
|
* chacha20poly1305: split up into separate filesJason A. Donenfeld2018-05-3110-627/+740
|
* curve25519: x86_64: make symbol staticJason A. Donenfeld2018-05-291-2/+2
|
* curve25519: x86_64: satisfy sparseJason A. Donenfeld2018-05-291-260/+260
|
* wg-quick: freebsd: configure as p2p linkJason A. Donenfeld2018-05-271-3/+5
|
* wg-quick: darwin: add multiple IP addressesJason A. Donenfeld2018-05-271-2/+2
|
* wg-quick: determine IPs when saving interfaceJason A. Donenfeld2018-05-273-12/+14
|
* compat: don't clash with get_random_u32 backportsJason A. Donenfeld2018-05-241-3/+2
| | | | | | Our previous heuristic wasn't good enough, since CopperheadOS backported CANARY_MASK without backporting get_random_u32, as Qualcomm did, so now we just entirely rename all invocations of the function.
* version: bump snapshot0.0.20180524Jason A. Donenfeld2018-05-242-2/+2
|
* wg-quick: freebsd: work around security vulnerabilities in bashJason A. Donenfeld2018-05-241-7/+29
|
* wg-quick: allow enumeration of socket filesJason A. Donenfeld2018-05-232-2/+2
| | | | | These OSes have an unpriv'd ifconfig, so this isn't an even larger info leak.
* wg-quick: better bash completion for non-renaming OSesJason A. Donenfeld2018-05-231-5/+14
|
* wg-quick: support FreeBSD/Darwin search pathJason A. Donenfeld2018-05-234-16/+39
|
* tools: always pass -v as first argument to installJason A. Donenfeld2018-05-231-7/+7
| | | | This lets crippled OSes sed out our -v more easily.
* wg-quick: openbsd: add new implementationJason A. Donenfeld2018-05-221-0/+451
|
* wg-quick: freebsd: add new implementationJason A. Donenfeld2018-05-222-16/+434
|
* wg-quick: darwin: do not remove routes when no real interfaceJason A. Donenfeld2018-05-221-0/+1
|
* wg-quick: darwin: rename namefile environment variableJason A. Donenfeld2018-05-221-1/+1
| | | | This paves the way for an openbsd implementation.
* tools: fix OpenBSD buildFilippo Valsorda2018-05-224-2/+4
| | | | | License: MIT Signed-off-by: Filippo Valsorda <valsorda@google.com>
* compat: work around qcom 4.9 backportsJason A. Donenfeld2018-05-221-0/+3
| | | | | | | Qualcomm backported the get_random_u32 patch, even though kernel.org didn't, which is a problem. They also backported another patch in the same place which defines a new macro variable, so use this as a differentiator.
* qemu: bump default kernel for gcc 8.1Jason A. Donenfeld2018-05-221-1/+1
|
* allowedips: set pointer to null before freeingJason A. Donenfeld2018-05-221-2/+3
|
* ncat-client-server: do not always call sudo and use env bashJason A. Donenfeld2018-05-221-2/+3
|
* version: bump snapshot0.0.20180519Jason A. Donenfeld2018-05-192-2/+2
|
* timers: no need to clear keepalive in persistent keepaliveJason A. Donenfeld2018-05-191-4/+1
| | | | | | | | We do this after sending the keepalive anyway. This is something of a regression, though, since before we'd cancel and then send, but now we send and then cancel, so it introduces a potential race, but hopefully that isn't too big of a deal.
* timers: clear send_keepalive timer on sending handshake responseJason A. Donenfeld2018-05-193-6/+12
| | | | | | We reorganize this into also doing so on sending keepalives itself, which means the state machine is much more consistent, even if this was already implied.
* timers: fix up commentJason A. Donenfeld2018-05-191-2/+2
|
* timers: remove slack_timeJason A. Donenfeld2018-05-191-8/+2
| | | | | It's already done implicitly by recent kernels and it's not adding much here.
* timers: reinitialize state on initJason A. Donenfeld2018-05-181-0/+3
|
* tools: fix errno propagation and messagesJason A. Donenfeld2018-05-185-9/+8
|
* timers: round up instead of down in slack_timeJason A. Donenfeld2018-05-181-2/+2
| | | | | | | | | On systems with a 100hz tick, this causes handshakes to be retried in slightly less than 5 seconds, which means they aren't sent at all. This has the effect of the handshakes entirely stopping their retry cycle until the next data packet is sent. Reported-by: Andrew He <andrewhe@mit.edu>
* chacha20poly1305: add mips32 implementationRené van Dorst2018-05-184-5/+913
| | | | Signed-off-by: René van Dorst <opensource@vdorst.com>
* device: remove allowedips before individual peersJason A. Donenfeld2018-05-181-1/+1
| | | | This avoids an O(n^2) traversal in favor of an O(n) one.
* wg-quick: darwin: simpler inclusion checkJason A. Donenfeld2018-05-171-1/+1
|
* wg-quick: darwin: reorder functionsJason A. Donenfeld2018-05-171-19/+19
|
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.