FreeBSD source tree https://cgit-dev.freebsd.org/src/atom?h=releng%2F12.2 2019-08-21T22:42:08Z 2019-08-21T22:42:08Z John Baldwin jhb@FreeBSD.org 2019-08-21T22:42:08Z urn:sha1:01b476c8b8650e010c36be030797c74323998b78 Make the warning intervals for deprecated crypto algorithms tunable. 348970: Make the warning intervals for deprecated crypto algorithms tunable. New sysctl/tunables can now set the interval (in seconds) between rate-limited crypto warnings. The new sysctls are: - kern.cryptodev_warn_interval for /dev/crypto - net.inet.ipsec.crypto_warn_interval for IPsec - kern.kgssapi_warn_interval for KGSSAPI 348974: Move declaration of warninterval out from under COMPAT_FREEBSD32. This fixes builds of kernels without COMPAT_FREEBSD32. 2019-08-20T00:50:17Z John Baldwin jhb@FreeBSD.org 2019-08-20T00:50:17Z urn:sha1:f74c746635988c12dd7fa7b9b347840ed2797eb6 Add warnings for Kerberos GSS algorithms deprecated in RFCs 6649 and 8429. All of these algorithms are explicitly marked SHOULD NOT in one of these RFCs. Specifically, RFC 6649 deprecates all algorithms using DES as well as the "export-friendly" variant of RC4. RFC 8429 deprecates Triple DES and the remaining RC4 algorithms. Relnotes: yes 2019-03-11T02:42:49Z Sean Eric Fagan sef@FreeBSD.org 2019-03-11T02:42:49Z urn:sha1:b679e99764b87a94c3ee71fcc1d2308c77209df7 * Handle SIGPIPE in gssd We've got some cases where the other end of gssd's AF_LOCAL socket gets closed, resulting in an error (and SIGPIPE) when it tries to do I/O to it. Closing without cleaning up means the next time nfsd starts up, it hangs, unkillably; this allows gssd to handle that particular error. * Limit the retry cound in gssd_syscall to 5. The default is INT_MAX, which effectively means forever. And it's an uninterruptable RPC call, so it will never stop. The two changes mitigate the problem. 2018-07-18T00:56:25Z Conrad Meyer cem@FreeBSD.org 2018-07-18T00:56:25Z urn:sha1:1b0909d51a8aa8b5ec5a61c2dc1a69642976a732 Track session objects in the framework, and pass handles between the framework (OCF), consumers, and drivers. Avoid redundancy and complexity in individual drivers by allocating session memory in the framework and providing it to drivers in ::newsession(). Session handles are no longer integers with information encoded in various high bits. Use of the CRYPTO_SESID2FOO() macros should be replaced with the appropriate crypto_ses2foo() function on the opaque session handle. Convert OCF drivers (in particular, cryptosoft, as well as myriad others) to the opaque handle interface. Discard existing session tracking as much as possible (quick pass). There may be additional code ripe for deletion. Convert OCF consumers (ipsec, geom_eli, krb5, cryptodev) to handle-style interface. The conversion is largely mechnical. The change is documented in crypto.9. Inspired by https://lists.freebsd.org/pipermail/freebsd-arch/2018-January/018835.html . No objection from: ae (ipsec portion) Reported by: jhb 2018-07-16T19:01:05Z Conrad Meyer cem@FreeBSD.org 2018-07-16T19:01:05Z urn:sha1:1df7f41560f3772da6b3023344f0c12aedf1119b These were missed in the earlier r336269. No functional change. Sponsored by: Dell EMC Isilon 2018-02-14T00:12:03Z Conrad Meyer cem@FreeBSD.org 2018-02-14T00:12:03Z urn:sha1:a4f2dfa6fae1b1b56eaf536698ac623a25ce1b2d CID: 1385956 Reported by: Coverity Sponsored by: Dell EMC Isilon 2018-02-11T18:37:08Z Brooks Davis brooks@FreeBSD.org 2018-02-11T18:37:08Z urn:sha1:ad704a34bc2c77a0d8a132b96aa0134363a0a5c5 The usage is simpler, documented, and more common. Reviewed by: cem Sponsored by: DARPA, AFRL Differential Revision: https://reviews.freebsd.org/D14227 2017-11-27T15:49:00Z Pedro F. Giffuni pfg@FreeBSD.org 2017-11-27T15:49:00Z urn:sha1:4de8ade94c36f471c086a50e3af89185abb32041 Mainly focus on files that use BSD 2-Clause license, however the tool I was using misidentified many licenses so this was mostly a manual - error prone - task. The Software Package Data Exchange (SPDX) group provides a specification to make it easier for automated tools to detect and summarize well known opensource licenses. We are gradually adopting the specification, noting that the tags are considered only advisory and do not, in any way, superceed or replace the license texts. No functional change intended. 2016-05-03T22:05:03Z Pedro F. Giffuni pfg@FreeBSD.org 2016-05-03T22:05:03Z urn:sha1:696efc839c323ab3198b6449031e7a61663e5376 No functional change. 2016-04-26T18:11:45Z Conrad Meyer cem@FreeBSD.org 2016-04-26T18:11:45Z urn:sha1:be0edef16363eb4e1c92b35cd54d89ef8f695eb0 Reported by: Coverity CIDs: 1007046, 1007047, 1007048 Sponsored by: EMC / Isilon Storage Division