summaryrefslogtreecommitdiffstats
path: root/sys/crypto/cryptosoft.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Add support for the Extended (64-bit) Sequence Number as definedmikeb2012-06-291-6/+25
| | | | | | | | | | | | in RFC4302 and RFC4303. Right now only software crypto engine is capable of doing it. Replay check was rewritten to implement algorithm described in the Appendix A of RFC4303 and the window size was increased to 64. Tested against OpenBSD, Linux (strongswan) and Windows. No objection from the usual suspects.
* fix encryption for uio_iovcnt > 1 by passing the absolute offset 'count'markus2011-01-111-3/+16
| | | | | | to cuio_copydata() and make sure we don't loop forever if the end of an iov matches the cipher block boundary. ok mikeb, deraadt
* add explicit_bzero() calls before free()ing key materialderaadt2011-01-111-6/+6
| | | | ok mikeb
* accidental commit of a pending diff relating to something elsederaadt2011-01-111-21/+8
|
* for key material that is being being discarded, convert bzero() toderaadt2011-01-111-8/+21
| | | | | explicit_bzero() where required ok markus mikeb
* use the do {} while construct in the copying macrosderaadt2010-12-221-9/+15
| | | | ok mikeb
* remove dead code (ivp did always point to iv in the decrypt path).markus2010-12-211-38/+14
| | | | | instead save one bcopy() per block by alternating between two iv buffers; ok mikeb@
* Retire Skipjackmikeb2010-10-061-8/+1
| | | | | | | | | | | There's not much use for the declassified cipher from the 80's with a questionable license these days. According to the FIPS drafts, Skipjack reaches its EOL in December 2010. The libc portion will be removed after the ports hackathon. djm and thib agree, no objections from deraadt Thanks to jsg for digging up FIPS drafts.
* zero out auth hash context before freeing it; ok matthew millertmikeb2010-10-061-2/+4
|
* OCF support for the Galois/Counter Mode (GCM) for AES asmikeb2010-09-221-1/+192
| | | | | | | | | | | | | | | | described in FIPS SP 800-38D. This implementation supports 16 byte authentication tag only, splitting transformation into two parts: encryption and authentication. Encryption is handled by the existing AES-CTR implementation, while authentication requires new AES_GMAC hash function. Additional routine is added to the software crypto driver to deal with peculiarities of a combined authentication- encryption transformation. With suggestions from reyk, naddy and toby.
* m_copyback can fail to allocate memory, but is a void fucntion so gymnasticsblambert2010-07-021-3/+3
| | | | | | | | | are required to detect that. Change the function to take a wait argument (used in nfs server, but M_NOWAIT everywhere else for now) and to return an error ok claudio@ henning@ krw@
* remove proc.h include from uvm_map.h. This has far reaching effects, astedu2010-04-201-2/+1
| | | | | | sysctl.h was reliant on this particular include, and many drivers included sysctl.h unnecessarily. remove sysctl.h or add proc.h as needed. ok deraadt
* Fix two bugs in IPsec/HMAC-SHA2:markus2010-01-101-8/+24
| | | | | | | | | | | | | | | (1) use correct (message) block size of 128 byte (instead of 64 bytes) for HMAC-SHA512/384 (RFC4634). (2) RFC4868 specifies that HMAC-SHA-{256,384,512} is truncated to nnn/2 bits, while we still use 96 bits. 96 bits have been specified in draft-ietf-ipsec-ciph-sha-256-00 while draft-ietf-ipsec-ciph-sha-256-01 changed it to 128 bits. WARNING: this change makes IPsec with SHA-256 (the default) incompatible with older OpenBSD versions and other IPsec-implementations that share this bug. ok+tests naddy, fries; requested by reyk/deraadt
* Implement the AES XTS mode of operation for the crypto(9) framework.djm2008-06-091-5/+39
| | | | | | | | XTS is a "tweaked" AES mode that has properties that are desirable for block device encryption and it is specified in the IEEE P1619-2007 standard for this purpose. prodded by & ok hshoexer@
* rename arc4random_bytes => arc4random_buf to match libc's nicer name;djm2008-06-091-2/+2
| | | | ok deraadt@
* fix error introduced by my previous commit:hshoexer2007-09-151-2/+2
| | | | | | "MALLOC(*swd, ...)" vs. "swd = malloc(..." ok millert
* Here too: Convert MALLOC/FREE to malloc/free and use M_ZERO where applicable.hshoexer2007-09-131-12/+9
| | | | error spotting and ok krw@
* Make the hmac ipad/opad globals "const" and fixup the crypto functionshenric2007-09-101-3/+3
| | | | | | to match. ok deraadt@
* Avoid void * arithmetic, okay deraadt@, suggestions from millert@pedro2006-12-291-2/+2
|
* AESCTR support for ESP (RFC 3686); ok hshoexermarkus2005-05-251-16/+31
|
* support NULL encryption for ESP; ok hshoexer, homarkus2005-05-101-1/+4
|
* simplify by using arc4random_bytes(), ok djm, hshoexermarkus2005-05-021-22/+3
|
* Allow the setkey function of a transform to fail, eg. when an insufficienthshoexer2004-12-201-3/+6
| | | | | | | | number of key bits is supplied. Only AES and DES/3DES might fail. ok and help markus@
* Replace RSA-derived md5 code with code derived from Colin Plumb's PD version.millert2004-05-071-2/+2
| | | | | | This moves md5.c out of libkern and into sys/crypto where it belongs (as requested by markus@). Note that md5.c is still mandatory (dev/rnd.c uses it). Verified with IPsec + hmac-md5 and tcp md5sig. OK henning@ and hshoexer@
* leak; vgirish at tenet.res.in; via angelos; ok hshoexer, henning, deraadtmarkus2004-04-141-1/+4
|
* hmac-sha2-{256,384,512} support in AH/ESP auth. markus okitojun2003-07-241-1/+19
|
* There's no cleaning necessary for deflate compression, so remove it fromjason2003-02-211-6/+1
| | | | the switch.
* From Angelos:jason2002-11-211-31/+25
| | | | | | - simplistic load balancing across multiple cards - simplified registration process - a few style nits.
* Add a CRYPTO_NULL xform (it's a do nothing, but nice for measuring thejason2002-11-121-1/+8
| | | | | bandwidth of the kernel API). It's only available from userland and then only if kern.cryptodevallowsoft=1.
* minor tweaksderaadt2002-04-261-34/+33
|
* KNFderaadt2002-04-221-34/+34
|
* fix possible alignment problem; with markus@, angelos@ deraadt@ ok.fgsch2002-04-031-3/+6
|
* Don't keep the last blocksize-bytes of ciphertext for use as the nextangelos2002-03-191-15/+17
| | | | | | | plaintext's IV, in CBC mode. Use arc4random() to acquire fresh IVs per message instead (particularly useful for IPsec). This avoids the CBC oracle attack. provos@ ok
* export MD5/SHA1 via /dev/crypto; ok provos@, beck@markus2002-03-051-5/+46
| | | | tested with cryptosoft and kern.cryptodevallowsoft=1
* remove CRYPTO_BUF_CONTIG and convert to handle iovs. okay deraadt@provos2002-03-011-161/+222
|
* be way more sure that software cannot be usedderaadt2001-11-091-2/+2
|
* remove IPCOMP. derradt@ ok.jjbg2001-08-081-5/+1
|
* #ifdef IPCOMP stuff properlyderaadt2001-07-051-5/+5
|
* Support for compression. angelos@ ok.jjbg2001-07-051-2/+116
|
* Update copyright; you can use this with or without fee (unless yourangelos2001-06-251-3/+3
| | | | name is Theo Deraadt)
* New prototype for crypto_register(), to take into account maximum keyangelos2001-06-231-12/+22
| | | | | | | length (for PK operations) and various flags. Structures for public key operations (DH, RSA, DSA). A lot of this work was done by jgarfiel@seas.upenn.edu
* merge crypto/crypto{dev,}.h to crypto/cryptodev.h, to avoid name conflicts inside OpenSSL codebasederaadt2001-06-231-2/+2
|
* KNFderaadt2001-06-161-647/+587
|
* Don't bother migrating software sessions, as this might lead toangelos2001-06-061-14/+1
| | | | session leakage.
* fix $OpenBSD$ headerderaadt2001-05-151-1/+1
|
* initial cut at /dev/crypto support. takes original mbuf "try, and discardderaadt2001-05-131-2/+2
| | | | | if we fail" semantics and extends to two varients of data movement: mbuf, or an iovec style block.
* Use the M_CRYPTO_DATA and M_CRYPTO_OPS malloc types.angelos2001-05-051-16/+21
|
* *HMAC96->*HMACangelos2000-11-171-16/+16
|
* indentation nits.art2000-11-091-3/+3
|
* Forgot to commit this, necessary for AES support.angelos2000-10-151-1/+8
|
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.