aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/contrib (unfollow)
Commit message (Collapse)AuthorFilesLines
2018-09-16crypto: make MITJason A. Donenfeld39-39/+39
2018-09-16qemu: always pull and reset against integration treeJason A. Donenfeld1-0/+5
2018-09-16global: remove non-essential inline annotationsJason A. Donenfeld5-30/+23
2018-09-16send/receive: reduce number of sg entriesJason A. Donenfeld2-2/+2
This reduces stack usage to quell warnings on powerpc.
2018-09-15simd: add __must_check annotationJason A. Donenfeld1-2/+2
Suggested-by: Andy Lutomirski <luto@amacapital.net>
2018-09-13chacha20-arm: swap scalar and neon functionsJason A. Donenfeld1-697/+697
This brings us closer to the original code.
2018-09-12poly1305: precompute 5*r in init instead of blocksJason A. Donenfeld2-6/+18
2018-09-12curve25519-x86_64: remove useless defineJason A. Donenfeld1-1/+0
2018-09-12chacha20: add constant for words in blockJason A. Donenfeld2-2/+3
2018-09-11poly1305: rename finish to finalJason A. Donenfeld5-13/+13
2018-09-11kconfig: make NEON depend on CPU_V7Jason A. Donenfeld1-3/+3
2018-09-11crypto: make sure UML is properly disabledJason A. Donenfeld1-4/+4
2018-09-11crypto: do not use compound literals in selftestsJason A. Donenfeld2-7704/+7710
gcc can't apply section attributes to compound literals, so we can't mark the actual data as __initconst. We thus waste space instead, but this shouldn't matter much, since it's cleared after init anyway, and because this is only for debugging.
2018-09-10blake2s-x86_64: fix whitespace errorsJason A. Donenfeld1-2/+2
2018-09-10version: bump snapshot0.0.20180910Jason A. Donenfeld2-2/+2
2018-09-10poly1305: switch to donnaJason A. Donenfeld3-183/+398
2018-09-08poly1305: rewrite self tests from scratchJason A. Donenfeld1-1529/+831
This removes the old cruft and makes things a bit more idiomatic.
2018-09-06compat: move simd.h from crypto to compat since it's going upstreamJason A. Donenfeld2-0/+4
2018-09-06compat: arch-namespace certain includesJason A. Donenfeld5-8/+8
2018-09-06compat: support neon.h on old kernelsJason A. Donenfeld2-0/+14
Reported-by: Philipp Richter <richterphilipp.pops@gmail.com>
2018-09-06crypto: use CRYPTOGAMS licenseJason A. Donenfeld9-23/+27
2018-09-06curve25519: arm: do not modify sp directlyJason A. Donenfeld1-3/+3
Thumb doesn't like this. Reported-by: Roman Mamedov <rm@romanrm.net>
2018-09-04version: bump snapshot0.0.20180904Jason A. Donenfeld2-2/+2
2018-09-04global: always find OOM unlikelyJason A. Donenfeld6-17/+17
Suggested-by: Sultan Alsawaf <sultanxda@gmail.com>
2018-09-04global: prefer sizeof(*pointer) when possibleJason A. Donenfeld15-53/+44
Suggested-by: Sultan Alsawaf <sultanxda@gmail.com>
2018-09-03global: satisfy check_patch.pl errorsJason A. Donenfeld6-26/+27
2018-09-03crypto: import zincJason A. Donenfeld56-6553/+13141
2018-09-02uapi: reformatJason A. Donenfeld1-81/+83
2018-09-02tools: ipc: do not warn on unrecognized netlink attributesJason A. Donenfeld1-17/+0
It makes extending things more difficult.
2018-09-02netlink: insert peer version placeholderJason A. Donenfeld3-3/+17
While we don't want people to ever use old protocols, people will complain if the API "changes", so explicitly make the unset protocol mean the latest, and add a dummy mechanism of specifying the protocol on a per-peer basis, which we hope nobody actually ever uses.
2018-08-28curve25519-arm: prefix immediates with #Jason A. Donenfeld1-18/+18
2018-08-28curve25519-arm: do not waste 32 bytes of stackJason A. Donenfeld1-88/+88
2018-08-28curve25519-arm: use ordinary prolog and epilogueSamuel Neves1-18/+6
Signed-off-by: Samuel Neves <sneves@dei.uc.pt>
2018-08-28curve25519-arm: add spaces after commasJason A. Donenfeld1-2074/+2074
2018-08-28curve25519-arm: cleanups from lkmlJason A. Donenfeld1-33/+30
Suggested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
2018-08-28curve25519-arm: reformatJason A. Donenfeld1-2096/+2096
2018-08-28curve25519-x86_64: let the compiler decide when/how to load constantsSamuel Neves1-5/+2
Signed-off-by: Samuel Neves <sneves@dei.uc.pt>
2018-08-28curve25519-hacl64: use formally verified C for comparisonsJason A. Donenfeld1-6/+19
The previous code had been proved in Z3, but this new code from upstream KreMLin is directly generated from the F*, which is preferable. The assembly generated is identical.
2018-08-28crypto: use unaligned helpersJason A. Donenfeld9-55/+61
This is not useful for WireGuard, but for the general use case we probably want it this way, and the speed difference is mostly lost in the noise.
2018-08-28Kconfig: use new-style help markerJason A. Donenfeld1-2/+2
2018-08-28compat: rng_is_initialized made it into 4.19Jason A. Donenfeld1-53/+53
2018-08-28global: run through clang-formatJason A. Donenfeld28-795/+1654
This is the worst commit in the whole repo, making the code much less readable, but so it goes with upstream maintainers. We are now woefully wrapped at 80 columns.
2018-08-21wg-quick: check correct variable for route deduplicationJason A. Donenfeld1-1/+1
Reported-by: John Sager <john@sager.me.uk>
2018-08-12wg-quick: darwin: prefer system paths for toolsJason A. Donenfeld1-1/+1
The only things wg-quick(8) needs from Homebrew are bash(1) and wg(8). Other than that, it's explicitly coded against the native system utilities. Since wg-quick(8) and bash(1) are invoked in auto_su by their full absolute path (via $SELF and $BASH, respectively), we can simply set the $PATH to be prefixed by the default system binary paths. This way, if users install tools that conflict with system tools -- such as GNU coreutils -- we won't accidently call those. Reported-by: Deirdre Connolly <durumcrustulum@gmail.com>
2018-08-09version: bump snapshot0.0.20180809Jason A. Donenfeld2-2/+2
2018-08-09netlink: don't start over iteration on multipart non-first allowedipsJason A. Donenfeld2-2/+28
Reported-by: Matt Layher <mdlayher@gmail.com>
2018-08-09timers: include header in right fileJason A. Donenfeld2-2/+2
2018-08-07curve25519-hacl64: correct u64_gte_maskSamuel Neves1-3/+1
Remove signed right shifts. Previously u64_gte_mask was only correct for x < 2^63. Z3 script proving correctness: >>> from z3 import * >>> >>> x = BitVec("x", 64) >>> y = BitVec("y", 64) >>> >>> t = LShR(x^((x^y)|((x-y)^y)), 63) - 1 >>> >>> prove(If(UGE(x, y), BitVecVal(-1, 64), BitVecVal(0, 64)) == t) proved Signed-off-by: Samuel Neves <sneves@dei.uc.pt>
2018-08-07curve25519-hacl64: simplify u64_eq_maskSamuel Neves1-8/+3
Avoid signed right shift. Z3 script showing equivalence: >>> from z3 import * >>> >>> x = BitVec("x", 64) >>> y = BitVec("y", 64) >>> >>> # Before ... x_ = ~(x ^ y) >>> x_ &= x_ << 32 >>> x_ &= x_ << 16 >>> x_ &= x_ << 8 >>> x_ &= x_ << 4 >>> x_ &= x_ << 2 >>> x_ &= x_ << 1 >>> x_ >>= 63 >>> >>> # After ... y_ = x ^ y >>> y_ = y_ | -y_ >>> y_ = LShR(y_, 63) - 1 >>> >>> prove(x_ == y_) proved Signed-off-by: Samuel Neves <sneves@dei.uc.pt>
2018-08-07chacha20: use memmove in case buffers overlapJason A. Donenfeld1-1/+1
Suggested-by: Samuel Neves <sneves@dei.uc.pt>
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.