| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
| |
as we already hold the non sleepable crypto_driver_mutex.
Approved by: gnn(mentor)
Obtained from: NETASQ
MFC after: 2 weeks
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
separate index variable.
It gives more then double rc4_init() performance increase on tested i386 P4.
It also gives about 15% speedup to PPTP VPN with stateless MPPE encryption
(by ng_mppc) which calls rc4_init() for every packet.
|
|
|
|
|
| |
Spotted by: Coverity (via pjd)
MFC after: 1 week
|
| |
|
|
|
|
| |
- Update copyright years.
|
| |
|
| |
|
|
|
|
| |
Bug tracked down by: Patrick Lamaiziere <patfbsd@davenulle.org>
|
|
|
|
|
|
| |
when looking for them.
Idea from: Patrick Lamaiziere <patfbsd@davenulle.org>
|
|
|
|
| |
Now we can use read lock in fast path (padlock_process()).
|
| |
|
|
|
|
|
|
|
|
| |
option is now deprecated, as well as the KAME IPsec code.
What was FAST_IPSEC is now IPSEC.
Approved by: re
Sponsored by: Secure Computing
|
|
|
|
|
|
|
| |
and its bibliography.
Submitted by: Tomoyuki Okazaki <okazaki at kick dot gr dot jp>
MFC after: 1 month
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
o make all crypto drivers have a device_t; pseudo drivers like the s/w
crypto driver synthesize one
o change the api between the crypto subsystem and drivers to use kobj;
cryptodev_if.m defines this api
o use the fact that all crypto drivers now have a device_t to add support
for specifying which of several potential devices to use when doing
crypto operations
o add new ioctls that allow user apps to select a specific crypto device
to use (previous ioctls maintained for compatibility)
o overhaul crypto subsystem code to eliminate lots of cruft and hide
implementation details from drivers
o bring in numerous fixes from Michale Richardson/hifn; mostly for
795x parts
o add an optional mechanism for mmap'ing the hifn 795x public key h/w
to user space for use by openssl (not enabled by default)
o update crypto test tools to use new ioctl's and add cmd line options
to specify a device to use for tests
These changes will also enable much future work on improving the core
crypto subsystem; including proper load balancing and interposing code
between the core and drivers to dispatch small operations to the s/w
driver as appropriate.
These changes were instigated by the work of Michael Richardson.
Reviewed by: pjd
Approved by: re
|
|
|
|
| |
Approved by: cognet
|
|
|
|
| |
MFC after: 3 days
|
|
|
|
| |
Shut it up.
|
| |
|
|
|
|
| |
Suggested by: njl
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Such an address can be used directly in padlock's AES.
This improves speed of geli(8) significantly:
# sysctl kern.geom.zero.clear=0
# geli onetime -s 4096 gzero
# dd if=/dev/gzero.eli of=/dev/null bs=1m count=1000
Before: 113MB/s
After: 203MB/s
BTW. If sector size is set to 128kB, I can read at 276MB/s :)
|
|
|
|
| |
aligned, it will be used directly, not 'address + 16'.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
new VIA CPUs.
For older CPUs HMAC/SHA1 and HMAC/SHA256 (and others) will still be done
in software.
Move symmetric cryptography (currently only AES-CBC 128/192/256) to
padlock_cipher.c file. Move HMAC cryptography to padlock_hash.c file.
Hardware from: Centaur Technologies
|
|
|
|
| |
MFC after: 3 days
|
|
|
|
|
|
|
|
|
| |
them twice.
This is possible for example in situation when session is used in
authentication context, then freed and then used in encryption context
and freed - in encryption context ses_ictx and ses_octx are not touched
at newsession time, but padlock_freesession could still try to free them
when they are not NULL.
|
|
|
|
|
|
|
|
| |
instead of probing again.
Adjust style(9) somewhat in probe.c
Reviewed by: pjd
MFC after: 1 week
|
|
|
|
| |
Reported by: Rong-en Fan <grafan@gmail.com>
|
|
|
|
|
|
|
|
| |
with fast_ipsec(4) and geli(8) authentication (comming soon).
If consumer requests only for HMAC algorithm (without encryption), return
EINVAL.
- Add support for the CRD_F_KEY_EXPLICIT flag, for both encryption and
authentication.
|
|
|
|
| |
Return an error instead of encrypting/decrypting data with a wrong key.
|
| |
|
|
|
|
|
|
| |
HW donated by: Mike Tancsa <mike@sentex.net>
Most of the code obtained from: OpenBSD
MFC after: 3 days
|
| |
|
|
|
|
|
|
|
| |
kernel and world, so KASSERT() needs to be wrapped within an #ifdef
_KERNEL / #endif pair.
Reported by: krion, tinderbox
|
|
|
|
|
|
|
|
|
| |
It checked other algorithms against this bug and it seems they aren't
affected.
Reported by: Mike Tancsa <mike@sentex.net>
PR: i386/84860
Reviewed by: phk, cperciva(x2)
|
|
|
|
| |
Reported by: phk
|
|
|
|
|
|
| |
the two became almost identical since latest KAME merge.
Discussed with: sam
|
| |
|
|
|
|
| |
this is required to integrate opencrypto into crypto.
|
| |
|
| |
|
| |
|
|
|
|
| |
OK'ed by: core
|
|
|
|
| |
80386 (I386_CPU) support from the kernel.
|
|
|
|
| |
any fake value.
|
| |
|
| |
|
|
|
|
| |
Reported by: tinderbox
|