FreeBSD source tree https://cgit-dev.freebsd.org/src/atom?h=releng%2F12.2 2019-03-14T02:46:03Z 2019-03-14T02:46:03Z Sean Eric Fagan sef@FreeBSD.org 2019-03-14T02:46:03Z urn:sha1:7f4deb98366ee78d84c76a310f48b59cb53f0bee r344140: Add CBC-MAC authentication. r344141: Add AES-CCM encryption, and plumb into OCF. r344142: Pasting in a source control line missed the last quote. Fixed. r344143: Fix another issue from r344141, having to do with size of a shift amount. This did not show up in my testing. r344388: It turns out that setting the IV length is necessary with CCM in OpenSSL. This adds that back. r344547: Fix another bug introduced during the review process of r344140: the tag wasn't being computed properly due to chaning a >= comparison to an == comparison. 2018-08-17T00:30:04Z Conrad Meyer cem@FreeBSD.org 2018-08-17T00:30:04Z urn:sha1:01d5de8fca77a55ddd9bc79db3078c9f2ccdbab1 The wrapper is a thin shim around libsodium's Poly-1305 implementation. For now, we just use the C algorithm and do not attempt to build the SSE-optimized variant for x86 processors. The algorithm support has not yet been plumbed through cryptodev, or added to cryptosoft. 2018-05-19T00:04:01Z Matt Macy mmacy@FreeBSD.org 2018-05-19T00:04:01Z urn:sha1:cccc969bc7f50a0f47f19bb8d195994630a500ea We can't modify vendor code so there's no signal in warnings from it. Similarly -Waddress-of-packed-member is not useful on networking code as access to packed structures is fundamental to its operation. 2018-04-21T02:08:56Z Conrad Meyer cem@FreeBSD.org 2018-04-21T02:08:56Z urn:sha1:3b8d52d3717189ac1172d8e43a5e7397fd003e84 Leave libb2 pristine and silence the warnings for mjg. 2018-03-29T04:02:50Z Conrad Meyer cem@FreeBSD.org 2018-03-29T04:02:50Z urn:sha1:61590291a8be2f70a88cc0d5411f19d6093824e2 Mostly this is a thin shim around existing code to integrate with enc_xform and cryptosoft (+ cryptodev). Expand the cryptodev buffer used to match that of Chacha20's native block size as a performance enhancement for chacha20_xform_crypt_multi. 2018-03-21T16:18:14Z Conrad Meyer cem@FreeBSD.org 2018-03-21T16:18:14Z urn:sha1:0e33efe4e4b5d24e2d416938af8bc6e6e4160ec8 The upstream repository is on github BLAKE2/libb2. Files landed in sys/contrib/libb2 are the unmodified upstream files, except for one difference: secure_zero_memory's contents have been replaced with explicit_bzero() only because the previous implementation broke powerpc link. Preferential use of explicit_bzero() is in progress upstream, so it is anticipated we will be able to drop this diff in the future. sys/crypto/blake2 contains the source files needed to port libb2 to our build system, a wrapped (limited) variant of the algorithm to match the API of our auth_transform softcrypto abstraction, incorporation into the Open Crypto Framework (OCF) cryptosoft(4) driver, as well as an x86 SSE/AVX accelerated OCF driver, blake2(4). Optimized variants of blake2 are compiled for a number of x86 machines (anything from SSE2 to AVX + XOP). On those machines, FPU context will need to be explicitly saved before using blake2(4)-provided algorithms directly. Use via cryptodev / OCF saves FPU state automatically, and use via the auth_transform softcrypto abstraction does not use FPU. The intent of the OCF driver is mostly to enable testing in userspace via /dev/crypto. ATF tests are added with published KAT test vectors to validate correctness. Reviewed by: jhb, markj Obtained from: github BLAKE2/libb2 Differential Revision: https://reviews.freebsd.org/D14662 2017-07-01T21:18:06Z Allan Jude allanjude@FreeBSD.org 2017-07-01T21:18:06Z urn:sha1:929b476ae6c8ebcda6021593f52d87eadbf706f9 This patch was inspired by an opposite change made to shrink the code for the boot loader. On my i7-4770, it increases the skein1024 speed from 470 to 550 MB/s Reviewed by: sbruno MFC after: 1 month Sponsored by: ScaleEngine Inc. Differential Revision: https://reviews.freebsd.org/D7824 2017-03-04T10:10:17Z Enji Cooper ngie@FreeBSD.org 2017-03-04T10:10:17Z urn:sha1:193d9e768ba63fcfb187cfd17f461f7d41345048 This simplifies make output/logic Tested with: `cd sys/modules; make ALL_MODULES=` on amd64 MFC after: 1 month Sponsored by: Dell EMC Isilon 2016-05-29T01:15:36Z Allan Jude allanjude@FreeBSD.org 2016-05-29T01:15:36Z urn:sha1:b468a9ff1d3a70c6d14cf2b49574cbbcc60ff997 Connect it to userland (libmd, libcrypt, sbin/md5) and kernel (crypto.ko) Support for skein as a ZFS checksum algorithm was introduced in r289422 but is disconnected because FreeBSD lacked a Skein implementation. A further commit will enable it in ZFS. Reviewed by: cem Sponsored by: ScaleEngine Inc. Differential Revision: https://reviews.freebsd.org/D6166 2015-12-27T17:33:59Z Allan Jude allanjude@FreeBSD.org 2015-12-27T17:33:59Z urn:sha1:7a3f5d11fb3873674a1f7e27bcc9a5f7ce279390 cperciva's libmd implementation is 5-30% faster The same was done for SHA256 previously in r263218 cperciva's implementation was lacking SHA-384 which I implemented, validated against OpenSSL and the NIST documentation Extend sbin/md5 to create sha384(1) Chase dependancies on sys/crypto/sha2/sha2.{c,h} and replace them with sha512{c.c,.h} Reviewed by: cperciva, des, delphij Approved by: secteam, bapt (mentor) MFC after: 2 weeks Sponsored by: ScaleEngine Inc. Differential Revision: https://reviews.freebsd.org/D3929