FreeBSD source tree https://cgit-dev.freebsd.org/src/atom?h=releng%2F12.2 2020-08-26T21:35:28Z 2020-08-26T21:35:28Z John Baldwin jhb@FreeBSD.org 2020-08-26T21:35:28Z urn:sha1:57c3b9669790fe42621335bda14b008866644262 2020-07-27T14:16:27Z Mark Johnston markj@FreeBSD.org 2020-07-27T14:16:27Z urn:sha1:90f72e67af415dacc0e58042277ebbe4cde03c16 crypto(9): Stop checking for failures from malloc(M_WAITOK). PR: 240545 2020-05-05T04:37:05Z John Baldwin jhb@FreeBSD.org 2020-05-05T04:37:05Z urn:sha1:e3a82e730771f308b7da4c46fcc7e422f9f692d2 2020-01-20T11:54:00Z John Baldwin jhb@FreeBSD.org 2020-01-20T11:54:00Z urn:sha1:6f1a0cedbef0da2632b17bdeafce5ad0c49773a2 Negative lengths are always invalid. The key length should also be zero for hash algorithms that do not accept a key. admbugs: 949 2020-01-20T11:19:55Z John Baldwin jhb@FreeBSD.org 2020-01-20T11:19:55Z urn:sha1:60fbfbe4cd40ba23439c2faa76300f289e9b00b6 356507: Add a reference count to cryptodev sessions. This prevents use-after-free races with crypto requests (which may sleep) and CIOCFSESSION as well as races from current CIOCFSESSION requests. 356520: Remove no-longer-used function prototype. admbugs: 949 Sponsored by: Chelsio Communications 2019-10-07T20:41:55Z John Baldwin jhb@FreeBSD.org 2019-10-07T20:41:55Z urn:sha1:fc85a25dc689c5cfb4e5c47028eee55a1588d6eb Warn when actual operations are performed instead of when sessions are created. The /dev/crypto engine in OpenSSL 1.0.x tries to create sessions for all possible algorithms each time it is initialized resulting in spurious warnings. 2019-09-11T23:41:09Z Alexander Motin mav@FreeBSD.org 2019-09-11T23:41:09Z urn:sha1:bc37c2432e21fbd738a32e3ac893f5637afb5521 Right now, aesni_cipher_alloc does a bit of special-casing for CRYPTO_F_IOV, to not do any allocation if the first uio is large enough for the requested size. While working on ZFS crypto port, I ran into horrible performance because the code uses scatter-gather, and many of the times the data to encrypt was in the second entry. This code looks through the list, and tries to see if there is a single uio that can contain the requested data, and, if so, uses that. This has a slight impact on the current consumers, in that the check is a little more complicated for the ones that use CRYPTO_F_IOV -- but none of them meet the criteria for testing more than one. 2019-08-21T22:42:08Z John Baldwin jhb@FreeBSD.org 2019-08-21T22:42:08Z urn:sha1:01b476c8b8650e010c36be030797c74323998b78 Make the warning intervals for deprecated crypto algorithms tunable. 348970: Make the warning intervals for deprecated crypto algorithms tunable. New sysctl/tunables can now set the interval (in seconds) between rate-limited crypto warnings. The new sysctls are: - kern.cryptodev_warn_interval for /dev/crypto - net.inet.ipsec.crypto_warn_interval for IPsec - kern.kgssapi_warn_interval for KGSSAPI 348974: Move declaration of warninterval out from under COMPAT_FREEBSD32. This fixes builds of kernels without COMPAT_FREEBSD32. 2019-08-20T01:30:35Z John Baldwin jhb@FreeBSD.org 2019-08-20T01:30:35Z urn:sha1:1c08844fdf8bee7b5b3805d20730b7a30b922d68 These algorithms are deprecated algorithms that will have no in-kernel consumers in FreeBSD 13. Specifically, deprecate the following algorithms: - ARC4 - Blowfish - CAST128 - DES - 3DES - MD5-HMAC - Skipjack Relnotes: yes 2019-06-16T10:46:02Z Marius Strobl marius@FreeBSD.org 2019-06-16T10:46:02Z urn:sha1:aca179ccf351cf07ab7e14c5f6cd93806497855d As struct cryptop is wrapped in #ifdef _KERNEL, userland doesn't need to drag in <sys/_task.h> either.