summaryrefslogtreecommitdiffstats
path: root/sys/crypto (follow)
Commit message (Collapse)AuthorAgeFilesLines
* free(9) sizes.mpi2019-01-092-7/+7
| | | | ok visa@
* Add sizes for free().fcambus2018-05-311-6/+7
| | | | OK visa@
* Move some AES-related defines into xform.h to reduce duplication.visa2018-04-092-10/+10
| | | | | | gmac.c is left untouched for now to preserve layering. OK mikeb@, deraadt@
* Sync with the code in libcmikeb2018-01-051-2/+2
| | | | | | | | OK millert; original commit message by tedu@: memcpy from the right place. at this point, the used variable is not relevant. from Mark Karpilovskij. ok millert
* Fix the IPL and flags of the MP-safe crypto taskq. Now a sane IPLvisa2017-11-301-2/+2
| | | | | | | | is passed to the mutex implementation, and the queue actually runs without the kernel lock. Tested by dhill@ OK mikeb@, dhill@, kettenis@
* the userland crypto interface died long ago, can clean up the headertedu2017-08-101-36/+1
|
* make the AES-XTS mode a little more constant-time, though the AESdjm2017-05-311-5/+4
| | | | | | implementation that it depends on currently isn't. ok mikeb tom
* Revert MI AES-XTS code back to T-tables amid poor performancemikeb2017-05-172-8/+11
| | | | Suffered by many, the revert tested by stsp@.
* Switch 802.11 crypto over to the new AESmikeb2017-05-024-17/+17
| | | | OK stsp@
* Switch glxsb(4), VIA padlock and AES-NI drivers over to the new AESmikeb2017-05-021-0/+2
|
* Switch OCF and IPsec over to the new AESmikeb2017-05-025-47/+42
| | | | ok djm
* Constant time AES implementationmikeb2017-04-302-0/+922
| | | | | | | | | | This introduces a 32-bit constant time AES implementation from Thomas Pornin originally for BearSSL and then adjusted by Thomas and myself to fit OpenBSD kernel. One of the additional features is an API for encryption and decryption subkey expansion in the format specified by NIST in FIPS 197. Tested by myself and naddy@, ok djm@
* The kernel has to slightly different version of SipHash_Final but withflorian2017-04-121-4/+3
| | | | | | | | | | | | the same bug as just fixed in userland: ---------- SipHash_Final() was assuming the digest was 64-bit aligned, resulting in misaligned memory accesses with armv7 ramdisk -Os bsd.rd ping ok florian millert ---------- OK deraadt@
* Reduce the per-packet allocation costs for crypto operations (cryptop)patrick2017-02-073-32/+31
| | | | | | | | | | | | | | by pre-allocating two cryptodesc objects and storing them in an array instead of a linked list. If more than two cryptodesc objects are required use mallocarray to fetch them. Adapt the drivers to the new API. This change results in one pool-get per ESP packet instead of three. It also simplifies softraid crypto where more cryptodesc objects are allocated than used. From, with and ok markus@, ok bluhm@ "looks sane" mpi@
* The return code of crp_callback is never checked, so it is notbluhm2017-02-071-2/+2
| | | | | | | | useful to propagate the error. When an error occurs in an asynchronous network path, incrementing a counter is the right thing. There are four places where an error is not accounted, just add a comment for now. OK mpi@ visa@
* convert bcopy to memcpy. from david hilltedu2016-09-194-13/+13
|
* all pools have their ipl set via pool_setipl, so fold it into pool_init.dlg2016-09-151-7/+5
| | | | | | | | | | | | | | | | | | | | | | the ioff argument to pool_init() is unused and has been for many years, so this replaces it with an ipl argument. because the ipl will be set on init we no longer need pool_setipl. most of these changes have been done with coccinelle using the spatch below. cocci sucks at formatting code though, so i fixed that by hand. the manpage and subr_pool.c bits i did myself. ok tedu@ jmatthew@ @ipl@ expression pp; expression ipl; expression s, a, o, f, m, p; @@ -pool_init(pp, s, a, o, f, m, p); -pool_setipl(pp, ipl); +pool_init(pp, s, a, ipl, f, m, p);
* Remove variables 'm' and 'uio' that are only ever assigned totom2016-09-021-5/+1
| | | | | | (in swcr_authenc()) ok mikeb@, who pointed out that I'd missed uio
* Add a mechanism for dispatching mpsafe crypto operations. This adds a newkettenis2016-04-182-4/+19
| | | | | | | | CRYPTOCAP_F_MPSAFE flag that crypto implementations can set to indicate that their cc_process() implementation can safely run without holding the kernel lock. ok mikeb@
* Remove plain DES from the kernel crypto framework, including the cryptonaddy2015-12-107-168/+33
| | | | accelerator drivers. No longer used by anything. ok sthen@ mikeb@
* Cleanup gotos as suggested by jsing@ along with spaces and label namesmikeb2015-11-181-8/+7
|
* remove unused ARC4 support; ok mikeb@naddy2015-11-133-31/+20
|
* Remove unused non HMAC versions of MD5 and SHA1; ok mpi, deraadt, naddymikeb2015-11-134-70/+21
|
* remove a few unused definesmikeb2015-11-122-7/+3
|
* another define from the dsa eramikeb2015-11-121-2/+1
|
* spacingmikeb2015-11-121-2/+1
|
* Update copyright informationmikeb2015-11-073-7/+12
|
* Pass AES_GMAC context as a void pointer to cut down on casts in xform.cmikeb2015-11-073-28/+27
|
* Allow overriding ghash_update() with an optimized MD function. Usenaddy2015-11-072-6/+12
| | | | | this on amd64 to provide a version that uses the PCLMUL instruction on CPUs that support it but don't have AESNI. ok mikeb@
* Instead of multiplying with 0..1, extend the bit into a mask and do an AND.naddy2015-11-061-4/+4
| | | | The same technique was already used a few lines above. ok mikeb@
* Pass context as a void pointer to cut down on casts in xform.cmikeb2015-11-043-24/+24
|
* Remove two unused definesmikeb2015-11-031-3/+1
|
* Enable Chacha20-Poly1305 in the software crypto drivermikeb2015-11-031-1/+25
| | | | ok naddy, jsing, reyk
* Hook up Chacha20-Poly1305 to the OpenBSD Cryptographic Frameworkmikeb2015-11-033-6/+33
| | | | ok naddy, jsing
* Chacha20-Poly1305 AEAD construction as described in RFC7634 and RFC7539mikeb2015-11-032-0/+173
| | | | ok naddy, jsing
* Import Poly1305 Message Authentication Codemikeb2015-10-292-0/+326
| | | | | | | | Poly1305 is a one-time authenticator designed by Daniel J. Bernstein. This is a slightly adjusted public domain implementation by Andrew Moon found at https://github.com/floodyberry/poly1305-donna ok jsing, previous version ok djm, looked at by reyk@
* Use verbose defines instead of hardcoded values for clarity whenmikeb2015-10-271-7/+7
| | | | initializing hash objects. No binary or functional change.
* Sync chacha_ivsetup to the version in ssh so that we couldmikeb2015-10-271-4/+4
| | | | | | specify custom counter value when setting up Chacha context. ok reyk djm
* Use axf's hashsize as a block size in the authenticated encryption routine.mikeb2015-10-261-7/+7
| | | | No change for GCM, however upcoming changes will rely on this.
* two fairly simple sizes for free()deraadt2015-08-311-3/+4
|
* fairly simple sizes for free(); ok teduderaadt2015-08-281-3/+5
|
* Include <sys/param.h> rather than <sys/types.h> when also includingmiod2015-03-161-2/+2
| | | | | <sys/systm.h>; fixes build on vax due to <machine/macros.h> redeclaring some functions from <lib/libkern/libkern.h> as inlines.
* Remove wrong reference to zlib.logan2015-03-141-2/+2
| | | | OK deraadt@
* Remove some includes include-what-you-use claims don'tjsg2015-03-146-13/+5
| | | | | | | have any direct symbols used. Tested for indirect use by compiling amd64/i386/sparc64 kernels. ok tedu@ deraadt@
* Use standard spelling for types, and rename local variable from "free".tedu2015-02-202-25/+25
| | | | | No actual change, but makes it easier to reuse the code elsewhere. Suggested by Andre Smagin
* we want to defer work traditionally (in openbsd) handled in andlg2015-02-091-2/+2
| | | | | | | | | | | | | | | | | | | | | interrupt context to a taskq running in a thread. however, there is a concern that if we do that then we allow accidental use of sleeping APIs in this work, which will make it harder to move the work back to interrupts in the future. guenther and kettenis came up with the idea of marking a proc with CANTSLEEP which the sleep paths can check and panic on. this builds on that so you create taskqs that run with CANTSLEEP set except when they need to sleep for more tasks to run. the taskq_create api is changed to take a flags argument so users can specify CANTSLEEP. MPSAFE is also passed via this flags field now. this means archs that defined IPL_MPSAFE to 0 can now create mpsafe taskqs too. lots of discussion at s2k15 ok guenther@ miod@ mpi@ tedu@ pelikan@
* keep this in sync a bit with userland by putting static on functionsdlg2015-02-071-5/+5
| | | | | | | | | | | that are only used in this file. tedu argues if something sucks we would fault before we can get to these, and they dont do anything except maths. these symbols dont need to be visible to ddb. originally from Fritjof Bornebusch suggested by and ok tedu@
* remove the second void * argument on tasks.dlg2015-01-271-4/+3
| | | | | | | | | | | | | | | | | | | | | when workqs were introduced, we provided a second argument so you could pass a thing and some context to work on it in. there were very few things that took advantage of the second argument, so when i introduced pools i suggested removing it. since tasks were meant to replace workqs, it was requested that we keep the second argument to make porting from workqs to tasks easier. now that workqs are gone, i had a look at the use of the second argument again and found only one good use of it (vdsp(4) on sparc64 if you're interested) and a tiny handful of questionable uses. the vast majority of tasks only used a single argument. i have since modified all tasks that used two args to only use one, so now we can remove the second argument. so this is a mechanical change. all tasks only passed NULL as their second argument, so we can just remove it. ok krw@
* Less code, more better. No longer need to worry about what mysterioustedu2015-01-161-52/+2
| | | | things will happen when machines have 8 byte longs.
* remove static version stringtedu2015-01-151-3/+1
|
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.