| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Make IPsec work with AES-GCM and AES-ICM (aka CTR) in OCF... IPsec
defines the keys differently than NIST does, so we have to muck with
key lengths and nonce/IVs to be standard compliant...
Remove the iv from secasvar as it was unused...
Add a counter protected by a mutex to ensure that the counter for GCM
and ICM will never be repeated.. This is a requirement for security..
I would use atomics, but we don't have a 64bit one on all platforms..
Fix a bug where IPsec was depending upon the OCF to ensure that the
blocksize was always at least 4 bytes to maintain alignment... Move
this logic into IPsec so changes to OCF won't break IPsec...
In one place, espx was always non-NULL, so don't test that it's
non-NULL before doing work..
minor style cleanups...
drop setting key and klen as they were not used...
Enforce that OCF won't pass invalid key lengths to AES that would
panic the machine...
This was has been tested by others too... I tested this against
NetBSD 6.1.5 using mini-test suite in
https://github.com/jmgurney/ipseccfgs and the only things that don't
pass are keyed md5 and sha1, and 3des-deriv (setkey syntax error),
all other modes listed in setkey's man page... The nice thing is
that NetBSD uses setkey, so same config files were used on both...
Reviewed by: gnn
TAG: IPSEC-HEAD
Issue: #4841
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix XTS, and name things a bit better...
Though confusing, GCM using ICM_BLOCK_LEN, but ICM does not is
correct... GCM is built on ICM, but uses a function other than
swcr_encdec... swcr_encdec cannot handle partial blocks which is
why it must still use AES_BLOCK_LEN and is why XTS was broken by the
commit...
Thanks to the tests for helping sure I didn't break GCM w/ an earlier
patch...
I did run the tests w/o this patch, and need to figure out why they
did not fail, clearly more tests are needed...
Prodded by: peter
TAG: IPSEC-HEAD
Issue: #4841
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add support for AES modes to IPSec. These modes work both in software only
mode and with hardware support on systems that have AESNI instructions.
Differential Revision: D2936
Reviewed by: jmg, eri, cognet
Sponsored by: Rubicon Communications (Netgate)
TAG: IPSEC-HEAD
Issue: #4841
|
|
|
|
|
| |
TAG: IPSEC-HEAD
Issue: #4841
|
|
|
|
|
|
|
|
|
|
| |
we may get here w/ non-sleepable locks held, so switch to _NOWAIT when
doing this memory allocation...
Reviewed by: ae
TAG: IPSEC-HEAD
Issue: #4841
|
|
|
|
|
|
|
|
|
|
|
| |
change the KASSERT so it is meaningful, var is unsigned, so even
when it wraps, it's still >= 0...
Reported by: Coverity
CID: 1017564
TAG: IPSEC-HEAD
Issue: #4841
|
|
|
|
|
|
|
|
|
|
|
| |
Use the correct number of arguments for the
opencrypto:deflate:deflate_global:bad DTrace probe, which is defined to
have
MFC after: 1 week
TAG: IPSEC-HEAD
Issue: #4841
|
|
|
|
|
|
|
|
|
| |
add the define to properly guard this header..
Sponsored by: Netflix, Inc.
TAG: IPSEC-HEAD
Issue: #4841
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add some new modes to OpenCrypto. These modes are AES-ICM (can be used
for counter mode), and AES-GCM. Both of these modes have been added to
the aesni module.
Included is a set of tests to validate that the software and aesni
module calculate the correct values. These use the NIST KAT test
vectors. To run the test, you will need to install a soon to be
committed port, nist-kat that will install the vectors. Using a port
is necessary as the test vectors are around 25MB.
All the man pages were updated. I have added a new man page, crypto.7,
which includes a description of how to use each mode. All the new modes
and some other AES modes are present. It would be good for someone
else to go through and document the other modes.
A new ioctl was added to support AEAD modes which AES-GCM is one of them.
Without this ioctl, it is not possible to test AEAD modes from userland.
Add a timing safe bcmp for use to compare MACs. Previously we were using
bcmp which could leak timing info and result in the ability to forge
messages.
Add a minor optimization to the aesni module so that single segment
mbufs don't get copied and instead are updated in place. The aesni
module needs to be updated to support blocked IO so segmented mbufs
don't have to be copied.
We require that the IV be specified for all calls for both GCM and ICM.
This is to ensure proper use of these functions.
Obtained from: p4: //depot/projects/opencrypto
Relnotes: yes
Sponsored by: FreeBSD Foundation
Sponsored by: NetGate
TAG: IPSEC-HEAD
Issue: #4841
|
|
|
|
|
|
|
| |
Fix build for kernels without COMPAT_FREEBSD32.
TAG: IPSEC-HEAD
Issue: #4841
|
|
|
|
|
|
|
|
|
|
|
|
| |
allow the kern.cryptodevallowsoft sysctl to enable symetric/hashes too...
This will allow us to more easily test the software versions of these
routines...
Considering that we've never had an software asymetric implmentation,
it's doubtful anyone has this enabled...
TAG: IPSEC-HEAD
Issue: #4841
|
|
|
|
|
|
|
|
|
|
|
|
| |
some minor clean up.. Always _ZERO memory so mtx_init won't panic...
use the proper macro instead of hand rolling it...
Reviewed by: jhb (only the malloc change)
MFC after: 1 week
TAG: IPSEC-HEAD
Issue: #4841
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Prevent races in accesses of the software crypto session array.
swcr_newsession can change the pointer for swcr_sessions which races with
swcr_process which is looking up entries in this array.
Add a rwlock that protects changes to the array pointer so that
swcr_newsession and swcr_process no longer race.
Original patch by: Steve O'Hara-Smith <Steve.OHaraSmith@isilon.com>
Reviewed by: jmg
Sponsored by: EMC / Isilon Storage Division
TAG: IPSEC-HEAD
Issue: #4841
|
|
|
|
|
|
|
| |
Only fix the dependency of opt_kdtrach.h on crypto files.
TAG: IPSEC-HEAD
Issue: #4841
|
|
|
|
|
|
|
|
|
| |
Revert "Importing pfSense patch aesgcm.soft.1.patch"
This reverts commit 46e99a8858f1c843c1774e472c11d422ca2163ae.
TAG: IPSEC-HEAD
Issue: #4841
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
vnode backed file descriptors have this method implemented.
Reviewed by: kib
Sponsored by: Nginx, Inc.
Sponsored by: Netflix
|
|
|
|
|
|
|
| |
OpenBSD was credited in one of two commits). Fix it.
Reported by: Theo de Raadt <deraadt@cvs.openbsd.org>
Reviewed by: Damien Miller <djm@mindrot.org>
|
|
|
|
| |
Pointyhat to: kevlo (myself)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
to implement fchown(2) and fchmod(2) support for several file types
that previously lacked it. Add MAC entries for chown/chmod done on
posix shared memory and (old) in-kernel posix semaphores.
Based on the submission by: glebius
Reviewed by: rwatson
Approved by: re (bz)
|
|
|
|
|
|
|
|
| |
and remove the falloc() version that lacks flag argument. This is done
to reduce the KPI bloat.
Requested by: jhb
X-MFC-note: do not
|
|
|
|
|
| |
Obtained from: Matthias Drochner <M.Drochner@fz-juelich.de>
MFC after: 3d
|
|
|
|
|
|
|
|
|
|
|
| |
probe method return BUS_PROBE_NOWILDCARD so it doesn't get attached to real
devices hanging off of nexus(4) with no specific devclass set. Actually, the
more desirable fix for this would be to get rid of the newbus interface of
cryptosoft(4) altogether but apparently crypto(9) was written with support
for cryptographic hardware in mind so that approach would require some KPI
breaking changes which don't seem worth it.
MFC after: 1 week
|
|
|
|
|
| |
Obtained from: OpenBSD
MFC after: 1 week
|
|
|
|
| |
MFC after: 1 week
|
|
|
|
|
|
|
|
|
| |
use '-' in probe names, matching the probe names in Solaris.[1]
Add userland SDT probes definitions to sys/sdt.h.
Sponsored by: The FreeBSD Foundation
Discussed with: rwaston [1]
|
| |
|
|
|
|
|
| |
Reviewed by: bz
MFC after: 3 weeks
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
context from in-kernel execution of padlock instructions and to handle
spurious FPUDNA exceptions that sometime are raised when doing padlock
calculations.
Globally mark crypto(9) kthread as using FPU.
Reviewed by: pjd
Hardware provided by: Sentex Communications
Tested by: pho
PR: amd64/135014
MFC after: 1 month
|
|
|
|
|
|
|
|
|
|
|
| |
how hashed MD5/SHA are implemented, abusing Final() for padding and
sw_octx to transport the key from the beginning to the end.
Enlightened about what was going on here by: cperciva
Reviewed by: cperciva
MFC After: 3 days
X-MFC with: r187826
PR: kern/126468
|
|
|
|
|
|
|
|
|
|
|
|
| |
the compression was useless as well. Make sure to not update the data
and return, else we would waste resources when decompressing.
This also avoids the copyback() changing data other consumers like
xform_ipcomp.c would have ignored because of no win and sent out without
noting that compression was used, resulting in invalid packets at the
receiver.
MFC after: 5 days
|
|
|
|
| |
MFC after: 5 days
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is needed to avoid running into out of buffer situations
where we cannot alloc a new buffer because we hit the array size
limit (ZBUF).
Use a combined allocation for the struct and the actual data buffer
to not increase the number of malloc calls. [1]
Defer initialization of zbuf until we actually need it.
Make sure the output buffer will be large enough in all cases.
Details discussed with: kib [1]
Reviewed by: kib [1]
MFC after: 6 days
|
|
|
|
|
|
|
|
|
|
| |
replacement but only use it for inflate. For deflate use Z_FINISH
as Z_SYNC_FLUSH adds a trailing marker in some cases that inflate(),
despite the comment in zlib, does npt seem to cope well with, resulting
in errors when uncompressing exactly fills the outbut buffer without
a Z_STREAM_END and a successive call returns an error.
MFC after: 6 days
|
|
|
|
|
|
| |
They are not nice but they were helpful.
MFC after: 6 days
|
|
|
|
| |
MFC after: 6 days
|
|
|
|
|
|
|
|
| |
the return context, but from the original context.
Before repeating operation clear DONE flag and error.
Reviewed by: sam
Obtained from: Wheel Sp. z o.o. (http://www.wheel.pl)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cryptodev uses UIO structure do get data from userspace and pass it to
cryptographic engines. Initially UIO size is equal to size of data passed to
engine, but if UIO is prepared for hash calculation an additional small space
is created to hold result of operation.
While creating space for the result, UIO I/O vector size is correctly
extended, but uio_resid field in UIO structure is not modified.
As bus_dma code uses uio_resid field to determine size of UIO DMA mapping,
resulting mapping hasn't correct size. This leads to a crash if all the
following conditions are met:
1. Hardware cryptographic accelerator writes result of hash operation
using DMA.
2. Size of input data is less or equal than (n * PAGE_SIZE),
3. Size of input data plus size of hash result is grather than
(n * PAGE_SIZE, where n is the same as in point 2.
This patch fixes this problem by adding size of the extenstion to uio_resid
field in UIO structure.
Submitted by: Piotr Ziecik kosmo ! semihalf dot com
Reviewed by: philip
Obtained from: Semihalf
|
|
|
|
| |
Fix first parameter for identify routine (should be driver_t *)
|
|
|
|
|
|
|
|
|
| |
can cope with a result buffer of NULL in the "Final" function, we cannot.
Thus pass in a temporary buffer long enough for either md5 or sha1 results
so that we do not panic.
PR: bin/126468
MFC after: 1 week
|
|
|
|
| |
iovecs ends on a crypto block boundary.
|
|
|
|
|
| |
be careful not to fix anything that was already broken; the NFSv4 code is
particularly bad in this respect.
|
|
|
|
| |
MFC after: 3 months
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This makes it possible to support ftruncate() on non-vnode file types in
the future.
- 'struct fileops' grows a 'fo_truncate' method to handle an ftruncate() on
a given file descriptor.
- ftruncate() moves to kern/sys_generic.c and now just fetches a file
object and invokes fo_truncate().
- The vnode-specific portions of ftruncate() move to vn_truncate() in
vfs_vnops.c which implements fo_truncate() for vnode file types.
- Non-vnode file types return EINVAL in their fo_truncate() method.
Submitted by: rwatson
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Introduce a finit() which is used to initailize the fields of struct file
in such a way that the ops vector is only valid after the data, type,
and flags are valid.
- Protect f_flag and f_count with atomic operations.
- Remove the global list of all files and associated accounting.
- Rewrite the unp garbage collection such that it no longer requires
the global list of all files and instead uses a list of all unp sockets.
- Mark sockets in the accept queue so we don't incorrectly gc them.
Tested by: kris, pho
|
|
|
|
|
|
|
|
|
|
|
| |
to kproc_xxx as they actually make whole processes.
Thos makes way for us to add REAL kthread_create() and friends
that actually make theads. it turns out that most of these
calls actually end up being moved back to the thread version
when it's added. but we need to make this cosmetic change first.
I'd LOVE to do this rename in 7.0 so that we can eventually MFC the
new kthread_xxx() calls.
|
|
|
|
|
|
|
|
| |
Convert malloc()/bzero() to malloc(M_ZERO).
Obtained from: OpenBSD
MFC after: 3 days
Approved by: re (kensmith)
|