| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
| |
Just copyin the IV into the crypto descriptor directly. This avoids
copying the IV twice for each operation.
Sponsored by: Chelsio Communications
Notes:
svn path=/stable/11/; revision=330129
|
| |
|
|
|
|
|
|
|
|
| |
In particular, no probes were present for AEAD requests, but also for
some other error cases in other ioctl requests.
Sponsored by: Chelsio Communications
Notes:
svn path=/stable/11/; revision=329887
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Software crypto implementations don't care how the buffer is laid out,
but hardware implementations may assume that the AAD is always before
the plain/cipher text and that the hash/tag is immediately after the end
of the plain/cipher text.
In particular, this arrangement matches the layout of both IPSec packets
and TLS frames. Linux's crypto framework also assumes this layout for
AEAD requests.
Sponsored by: Chelsio Communications
Notes:
svn path=/stable/11/; revision=329773
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
318090:
Use const with some read-only buffers in opencrypto APIs.
- Mark the source buffer for a copyback operation as const in the kernel
API.
- Use const with input-only buffers in crypto ioctl structures used with
/dev/crypto.
319475:
Fix some new errors and a warning in cryptotest.
- Use a new 'char *key' to allocate storage for keys and assign the
pointer to the session2_op 'const char *' members after the key is
initialized.
- Mark the 'find' variable used in crfind() static so that crfind()
doesn't return a pointer to stack garbage.
Sponsored by: Chelsio Communications
Notes:
svn path=/stable/11/; revision=329343
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
r326588,r326708,r326784,r326914,r327390,r328446,r326090,r326143,r326144,
r326182,r326384,r326421,r326440,r326441,r326442,r326443,r326444,r326445,
r326446,r326447,r326448,r326484,r326485,r326486,r326487,r326488,r326490,
r326491,r326492,r326493,r326494,r326495,r326504,r326507,r326509,r326584,
r326585,r326586,r326587,r326588,r326589,r326590,r326591,r326592,r326593,
r326594,r326600,r326616,r326671,r326707,r326708,r326709,r326710,r326711,
r326712,r326714,r326720,r326768,r326772,r326784,r326792,r326812,r326854,
r326855,r326856,r326858,r326886,r326887,r326914,r326926,r326927,r326960,
r326961,r326962,r326963,r327351,r327453,r327390,r327523,r327524,r326489,
r327880,r328437,r328438,r328439,r328441,r328446,r328448,r328449,r328612,
r328613,r328615
While here, undo our libfdt hack of not including <stdlib.h> if we're
compiling _STANDALONE.
r324844: When building standalone, don't define errno. Let the definition from
stand.h override. This is similar to what we do in the kernel.
r326089: loader.efi: efipart does not recognize partitionless disks
r326090: net_parse_rootpath() has no parameters
r326143: Fix theoretical integer overflow issues. If the product here is
r326144: Mark the func pointer as __dead2. It looks up loader_main, which
r326182: Modify all FreeBSD bootloaders on PowerPC AIM (Book-S) systems
r326384: Use const pointers to avoid casting away constness.
r326421: loader.efi: efipart should exclude iPXE stub block protocol
r326440: Remove stale dependency on ufsread.c
r326441: Minor flags cleanup
r326442: Cleanup CFALGS usage here
r326443: We don't need both _STAND and _STANDALONE, use the latter.
r326444: Move geli to common DO32 stuff
r326445: Fix random() and srandom() prototypes to match the standard.
r326446: Undefine _STANDALONE since this is test code.
r326447: Tweaks to the beri boot loader so that it builds w/o warnings.
r326448: Fix all warnings related to geli and ZFS support on x86.
r326484: Const poison the propname.
r326485: Delcare md_load in libofw.h. Make all prototypes match for ofw
r326486: Include machine/md_var to pick up __syncicache prototype.
r326487: Cast mdp (a vm_offset_t) to void * to match prototype.
r326488: e_entry can be smaller than a pointer. Cast it to an intptr_t
r326490: Declare our strange brand of main().
r326491: Disconnet ps3 from the build. There's too many warnings to fix.
r326492: Cast void * pointer to char * so the arg matches the %s format.
r326493: Provide a md_load64 prototype.
r326494: Mark two things as unused (since they are only sometimes used)
r326495: Now it's safe to bump WARNS to 1.
r326504: Switch to proper MK_LOADER_GELI tests.
r326507: increase maximum size of zfsboot
r326509: loader.efi: add note about iPXE into the efipart.c
r326584: When building standalone, include stand.h rather than the kernel
r326585: Include ficl.h before anything else
r326586: No need to include the userland md5.h, the kernel one is just fine.
r326587: Use the kernel relative paths, rather than the userland relative
paths
r326588: Need to include skein in the include path
r326589: Make sure we include the right path for skein.h
r326590: Prefer stdint.h to inttypes.h
r326591: This isn't NetBSD specific code. Include these for any kernel /
r326592: Don't inherit CFLAGS. This a specialized test program.
r326593: Stop building with the standard system headers.
r326594: Now that we offer a semi-sane standards-ish set of #include files,
stop hacking includes with sed.
r326600: Since this is contrib code, create an upstreamable version of my
r326616: dhcp_try_rfc1048() is not used any more
r326671: Avoid setting -Wno-tentative-definition-incomplete-type with gcc.
r326707: Add partial support signal.h functioanlity. Pull in
machine/signal.h
r326708: Remove _KERNEL hack now that errno.h does the right thing when
built standalone.
r326709: Provide implementations for iscntrl, ispunct and isgraph.
r326710: Put the files we're copying over into a few variables and clean
hings up.
r326711: Const poison a couple of interfaces.
r326712: Create interp class.
r326714: boot1.c needs EFI_ZFS_BOOT too, so add it globally.
r326720: This path belongs in ficl/Makefile, not the common defines for
users
r326768: Fix a comment to be more accurate
r326772: Fix regression with lua import
r326784: Revert part of 362772. It was causing problems for includes
r326792: Attempt to unbreak buildworld
r326812: Revert r326792, r326784, r326772, r326712
r326854: libefi: make efichar.h more usable in stand code
r326855: Cargo cut a fix for the regressions r326585 caused.
r326856: Fix comments after bump in size.
r326858: Revert r326855: Cargo cut a fix for the regressions r326585 caused.
r326886: Panic in sbrk if setheap hasn't been called yet. This is preferable
o a mysterious crash
r326887: Remove the 'mini libstand in libstand' that util.[ch] provided.
r326914: Move loader-only defines to loader.mk from defs.mk
r326926: Move loader help file definitions to being 100% inside of
loader.mk.
r326927: libficl is only ever used in a loader (never a boot) program. Move
it.
r326960: Simplify things a little. The RETURN macro isn't required.
r326961: Interact is always called with NULL. Simplify code a little
r326962: Hoist btx include stuff to i386/Makefile.inc
r326963: No need to use relative paths like this here.
r327351: Fix ubldr. uboot/lib uses defines for the loader.
r327453: Add a validbcd() routine that uses the bcd2bin_data[] array
r327390: Garbage-collect loader.ps3. It is currently disconnected from the
build and kboot replaces.
r327523: Don't clobber system LDFLAGS for beri boot loaders.
r327524: Use 'extern uint8_t' instead of 'extern void' for external symbols.
r326489: Allow this file to be used in libsa without warning...
r327880: Move getsecs() prototype to stand.h from net.h so it can be used
r328437: Split panic routine
r328438: Implement abort() as a call to panic.
r328439: Provide abs form stdlib.h.
r328441: abort() should be marked __dead2 since it won't return.
r328446: Now that exit is __dead2, we need to tag ub_exit() as __dead2.
r328448: Make exit() never return until host_exit can be written.
r328449: Tag unreachable places as such. I left the while (1); in place
r328612: Move strtold wrapper from strtol.c to its own strtold.c.
r328613: Kill copies of strtol and strtoul.
r328615: Update stand.h for changes for strto*l
PR: 223969
Notes:
svn path=/stable/11/; revision=329175
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
r313047,r313166,r313328,r313332,r313333,r313337,r313348,r313349,r313389,
r313442,r313451,r313575,r313645,r313710,r314114,r314213,r314275,r314945,
r314948,r315008,r315408,r315427,r315645,r315646,r315648,r315653,r315850,
r316064,r316078,r316079,r316100,r316104,r316111,r316112,r316171,r316279,
r316280,r316287,r316311,r316343,r316424,r316436
r311458: Use compiler driver to link BERI boot loaders
r312237: loader.efi: find_currdev() can leak memory
r312314: loader: move device path definitions to include/efidevp.h
r312374: loader: efi devpath api usage should be more aware of NULL pointers
r312947: Remove "-Xassembler -G0" from CFLAGS.
r313042: loader.efi environment related cleanups
r313047: loader: disk/part api needs to use uint64_t offsets
r313166: loader: libefi/env.c warnings in arm build
r313328: loader: Implement disk_ioctl() to support DIOCGSECTORSIZE and
DIOCGMEDIASIZE.
r313332: loader: bcache read ahead block count should take account the large
sectors
r313333: loader: Replace EFI part devices.
r313337: loader: 313329 missed ZFS guard in loader/main.c
r313348: loader: biosdisk fix for 2+TB disks
r313349: loader: disk io should not use alloca()
r313389: efipart is also using the '%S' printf format, add -Wno-format for
it.
r313442: loader: possible NULL pointer dereference in efipart.c
r313451: loader: possible NULL pointer dereference in bcache.c
r313575: makefs: make the buffer functions look exactly like the kernel ones
r313645: loader: implement MEDIA_FILEPATH_DP support in efipart
r313710: loader: cstyle fixes and DIOCGMEDIASIZE should use uint64_t
r314114: Use LDFLAGS with CC instead of _LDFLAGS.
r314213: Remove control+r handling from geliboot's pwgets()
r314275: Remove unused macro from common/drv.c.
r314945: Some style(9) fixes. No functional changes.
r314948: Try to extract the RFC1048 data from PXE.
r315008: r314948 seems to be missing a variable or two that will break
r315408: loader: remove open_disk cache
r315427: loader: biosdisk should report IO error from INT13
r315645: loader: disk_cleanup was left in userboot_disk.c
r315646: loader: pxe.h constants have wrong values
r315648: libstand: verify value provided by nfs.read_size
r315653: loader: verify the value from dhcp.interface-mtu and use snprintf
o set mtu
r315850: The original author abused Nd (one-line description, used by
makewhatis)
r316064: Fix build with path names with 'align' or 'nop' in them.
r316078: gpt*boot: Save a bit more memory when LOADER_NO_GELI_SUPPORT is
specified
r316079: Simply retire the sedification of the boot2.s file.
r316100: Remove -fno-guess-branch-probability and -fno-unit-at-a-time.
r316104: Use `NO_WCAST_ALIGN` instead of spelling it out as -Wno-cast-align
in CFLAGS
r316111: loader: move bios getsecs into time.c
r316112: loader: ls command should display file types properly
r316171: xfsread inlined uses more space, so remove the inline tag.
r316279: loader: efipart should check disk size from partition table
r316280: loader: simplify efi_zfs_probe and avoid double probing for zfs.
r316287: Remove OLD_NFSV2 from loader and libstand
r316311: Add explicit_bzero() to libstand, and switch GELIBoot to using it
r316343: Implement boot-time encryption key passing (keybuf)
r316424: Fix sparc64 build broken by r316343 and r316076
r316436: Restore EFI boot environment functionality broken in r313333
PR: 216940 217298 217935
Notes:
svn path=/stable/11/; revision=329099
|
| |
|
|
| |
Notes:
svn path=/stable/11/; revision=318245
|
| |
|
|
|
|
|
|
|
|
| |
opencrypto AES-ICM: Fix heap corruption typo
PR: 204009
Approved by: re (kib)
Notes:
svn path=/stable/11/; revision=303849
|
| |
|
|
|
|
|
|
|
| |
No functional change.
Reviewed by: jmg
Notes:
svn path=/head/; revision=299202
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Keep xform.c as a meta-file including the broken out bits
existing code that includes xform.c continues to work as normal
Individual algorithms can now be reused elsewhere, including outside
of the kernel
Reviewed by: bapt (previous version), gnn, delphij
Approved by: secteam
MFC after: 1 week
Sponsored by: ScaleEngine Inc.
Differential Revision: https://reviews.freebsd.org/D4674
Notes:
svn path=/head/; revision=292963
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
cperciva's libmd implementation is 5-30% faster
The same was done for SHA256 previously in r263218
cperciva's implementation was lacking SHA-384 which I implemented, validated against OpenSSL and the NIST documentation
Extend sbin/md5 to create sha384(1)
Chase dependancies on sys/crypto/sha2/sha2.{c,h} and replace them with sha512{c.c,.h}
Reviewed by: cperciva, des, delphij
Approved by: secteam, bapt (mentor)
MFC after: 2 weeks
Sponsored by: ScaleEngine Inc.
Differential Revision: https://reviews.freebsd.org/D3929
Notes:
svn path=/head/; revision=292782
|
| |
|
|
|
|
|
|
| |
As of r258541, KDTRACE_HOOKS is defined in opt_global.h, so opt_kdtrace.h
is not needed when defining SDT(9) probes.
Notes:
svn path=/head/; revision=291153
|
| |
|
|
|
|
|
|
|
|
|
| |
Set zero ivsize for enc_xform_null and remove special handling from
xform_esp.c.
Reviewed by: gnn
Differential Revision: https://reviews.freebsd.org/D1503
Notes:
svn path=/head/; revision=290924
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
defines the keys differently than NIST does, so we have to muck with
key lengths and nonce/IVs to be standard compliant...
Remove the iv from secasvar as it was unused...
Add a counter protected by a mutex to ensure that the counter for GCM
and ICM will never be repeated.. This is a requirement for security..
I would use atomics, but we don't have a 64bit one on all platforms..
Fix a bug where IPsec was depending upon the OCF to ensure that the
blocksize was always at least 4 bytes to maintain alignment... Move
this logic into IPsec so changes to OCF won't break IPsec...
In one place, espx was always non-NULL, so don't test that it's
non-NULL before doing work..
minor style cleanups...
drop setting key and klen as they were not used...
Enforce that OCF won't pass invalid key lengths to AES that would
panic the machine...
This was has been tested by others too... I tested this against
NetBSD 6.1.5 using mini-test suite in
https://github.com/jmgurney/ipseccfgs and the only things that don't
pass are keyed md5 and sha1, and 3des-deriv (setkey syntax error),
all other modes listed in setkey's man page... The nice thing is
that NetBSD uses setkey, so same config files were used on both...
Reviewed by: gnn
Notes:
svn path=/head/; revision=286292
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Though confusing, GCM using ICM_BLOCK_LEN, but ICM does not is
correct... GCM is built on ICM, but uses a function other than
swcr_encdec... swcr_encdec cannot handle partial blocks which is
why it must still use AES_BLOCK_LEN and is why XTS was broken by the
commit...
Thanks to the tests for helping sure I didn't break GCM w/ an earlier
patch...
I did run the tests w/o this patch, and need to figure out why they
did not fail, clearly more tests are needed...
Prodded by: peter
Notes:
svn path=/head/; revision=285526
|
| |
|
|
|
|
|
|
|
|
|
| |
mode and with hardware support on systems that have AESNI instructions.
Differential Revision: D2936
Reviewed by: jmg, eri, cognet
Sponsored by: Rubicon Communications (Netgate)
Notes:
svn path=/head/; revision=285336
|
| |
|
|
|
|
|
|
|
| |
doing this memory allocation...
Reviewed by: ae
Notes:
svn path=/head/; revision=285247
|
| |
|
|
|
|
|
|
|
|
| |
when it wraps, it's still >= 0...
Reported by: Coverity
CID: 1017564
Notes:
svn path=/head/; revision=284616
|
| |
|
|
|
|
|
|
|
|
| |
opencrypto:deflate:deflate_global:bad DTrace probe, which is defined to
have
MFC after: 1 week
Notes:
svn path=/head/; revision=283511
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It is not network-specific code and would
be better as part of libkern instead.
Move zlib.h and zutil.h from net/ to sys/
Update includes to use sys/zlib.h and sys/zutil.h instead of net/
Submitted by: Steve Kiernan stevek@juniper.net
Obtained from: Juniper Networks, Inc.
GitHub Pull Request: https://github.com/freebsd/freebsd/pull/28
Relnotes: yes
Notes:
svn path=/head/; revision=281855
|
| |
|
|
|
|
|
| |
Sponsored by: Netflix, Inc.
Notes:
svn path=/head/; revision=281196
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
for counter mode), and AES-GCM. Both of these modes have been added to
the aesni module.
Included is a set of tests to validate that the software and aesni
module calculate the correct values. These use the NIST KAT test
vectors. To run the test, you will need to install a soon to be
committed port, nist-kat that will install the vectors. Using a port
is necessary as the test vectors are around 25MB.
All the man pages were updated. I have added a new man page, crypto.7,
which includes a description of how to use each mode. All the new modes
and some other AES modes are present. It would be good for someone
else to go through and document the other modes.
A new ioctl was added to support AEAD modes which AES-GCM is one of them.
Without this ioctl, it is not possible to test AEAD modes from userland.
Add a timing safe bcmp for use to compare MACs. Previously we were using
bcmp which could leak timing info and result in the ability to forge
messages.
Add a minor optimization to the aesni module so that single segment
mbufs don't get copied and instead are updated in place. The aesni
module needs to be updated to support blocked IO so segmented mbufs
don't have to be copied.
We require that the IV be specified for all calls for both GCM and ICM.
This is to ensure proper use of these functions.
Obtained from: p4: //depot/projects/opencrypto
Relnotes: yes
Sponsored by: FreeBSD Foundation
Sponsored by: NetGate
Notes:
svn path=/head/; revision=275732
|
| |
|
|
| |
Notes:
svn path=/head/; revision=271983
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
struct kinfo_file.
- Move the various fill_*_info() methods out of kern_descrip.c and into the
various file type implementations.
- Rework the support for kinfo_ofile to generate a suitable kinfo_file object
for each file and then convert that to a kinfo_ofile structure rather than
keeping a second, different set of code that directly manipulates
type-specific file information.
- Remove the shm_path() and ksem_info() layering violations.
Differential Revision: https://reviews.freebsd.org/D775
Reviewed by: kib, glebius (earlier version)
Notes:
svn path=/head/; revision=271976
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Add invfo_rdwr() (for read and write), invfo_ioctl(), invfo_poll(),
and invfo_kqfilter() for use by file types that do not support the
respective operations. Home-grown versions of invfo_poll() were
universally broken (they returned an errno value, invfo_poll()
uses poll_no_poll() to return an appropriate event mask). Home-grown
ioctl routines also tended to return an incorrect errno (invfo_ioctl
returns ENOTTY).
- Use the invfo_*() functions instead of local versions for
unsupported file operations.
- Reorder fileops members to match the order in the structure definition
to make it easier to spot missing members.
- Add several missing methods to linuxfileops used by the OFED shim
layer: fo_write(), fo_truncate(), fo_kqfilter(), and fo_stat(). Most
of these used invfo_*(), but a dummy fo_stat() implementation was
added.
Notes:
svn path=/head/; revision=271489
|
| |
|
|
|
|
|
|
|
|
|
| |
This will allow us to more easily test the software versions of these
routines...
Considering that we've never had an software asymetric implmentation,
it's doubtful anyone has this enabled...
Notes:
svn path=/head/; revision=262994
|
| |
|
|
|
|
|
|
|
|
| |
use the proper macro instead of hand rolling it...
Reviewed by: jhb (only the malloc change)
MFC after: 1 week
Notes:
svn path=/head/; revision=262993
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
swcr_newsession can change the pointer for swcr_sessions which races with
swcr_process which is looking up entries in this array.
Add a rwlock that protects changes to the array pointer so that
swcr_newsession and swcr_process no longer race.
Original patch by: Steve O'Hara-Smith <Steve.OHaraSmith@isilon.com>
Reviewed by: jmg
Sponsored by: EMC / Isilon Storage Division
Notes:
svn path=/head/; revision=261251
|
| |
|
|
|
|
|
| |
of least pain I could find.
Notes:
svn path=/head/; revision=259109
|
| |
|
|
|
|
|
|
|
|
|
| |
In its stead use the Solaris / illumos approach of emulating '-' (dash)
in probe names with '__' (two consecutive underscores).
Reviewed by: markj
MFC after: 3 weeks
Notes:
svn path=/head/; revision=258622
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
option, unbreak the lock tracing release semantic by embedding
calls to LOCKSTAT_PROFILE_RELEASE_LOCK() direclty in the inlined
version of the releasing functions for mutex, rwlock and sxlock.
Failing to do so skips the lockstat_probe_func invokation for
unlocking.
- As part of the LOCKSTAT support is inlined in mutex operation, for
kernel compiled without lock debugging options, potentially every
consumer must be compiled including opt_kdtrace.h.
Fix this by moving KDTRACE_HOOKS into opt_global.h and remove the
dependency by opt_kdtrace.h for all files, as now only KDTRACE_FRAMES
is linked there and it is only used as a compile-time stub [0].
[0] immediately shows some new bug as DTRACE-derived support for debug
in sfxge is broken and it was never really tested. As it was not
including correctly opt_kdtrace.h before it was never enabled so it
was kept broken for a while. Fix this by using a protection stub,
leaving sfxge driver authors the responsibility for fixing it
appropriately [1].
Sponsored by: EMC / Isilon storage division
Discussed with: rstone
[0] Reported by: rstone
[1] Discussed with: philip
Notes:
svn path=/head/; revision=258541
|
| |
|
|
|
|
|
|
|
|
|
| |
vnode backed file descriptors have this method implemented.
Reviewed by: kib
Sponsored by: Nginx, Inc.
Sponsored by: Netflix
Notes:
svn path=/head/; revision=254356
|
| |
|
|
|
|
|
|
|
|
| |
OpenBSD was credited in one of two commits). Fix it.
Reported by: Theo de Raadt <deraadt@cvs.openbsd.org>
Reviewed by: Damien Miller <djm@mindrot.org>
Notes:
svn path=/head/; revision=247061
|
| |
|
|
|
|
|
| |
Pointyhat to: kevlo (myself)
Notes:
svn path=/head/; revision=241394
|
| |
|
|
| |
Notes:
svn path=/head/; revision=241370
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
to implement fchown(2) and fchmod(2) support for several file types
that previously lacked it. Add MAC entries for chown/chmod done on
posix shared memory and (old) in-kernel posix semaphores.
Based on the submission by: glebius
Reviewed by: rwatson
Approved by: re (bz)
Notes:
svn path=/head/; revision=224914
|
| |
|
|
|
|
|
|
|
|
|
| |
and remove the falloc() version that lacks flag argument. This is done
to reduce the KPI bloat.
Requested by: jhb
X-MFC-note: do not
Notes:
svn path=/head/; revision=220245
|
| |
|
|
|
|
|
|
| |
Obtained from: Matthias Drochner <M.Drochner@fz-juelich.de>
MFC after: 3d
Notes:
svn path=/head/; revision=219026
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
probe method return BUS_PROBE_NOWILDCARD so it doesn't get attached to real
devices hanging off of nexus(4) with no specific devclass set. Actually, the
more desirable fix for this would be to get rid of the newbus interface of
cryptosoft(4) altogether but apparently crypto(9) was written with support
for cryptographic hardware in mind so that approach would require some KPI
breaking changes which don't seem worth it.
MFC after: 1 week
Notes:
svn path=/head/; revision=215295
|
| |
|
|
|
|
|
|
| |
Obtained from: OpenBSD
MFC after: 1 week
Notes:
svn path=/head/; revision=213068
|
| |
|
|
|
|
|
| |
MFC after: 1 week
Notes:
svn path=/head/; revision=213065
|
| |
|
|
|
|
|
|
|
|
|
|
| |
use '-' in probe names, matching the probe names in Solaris.[1]
Add userland SDT probes definitions to sys/sdt.h.
Sponsored by: The FreeBSD Foundation
Discussed with: rwaston [1]
Notes:
svn path=/head/; revision=211616
|
| |
|
|
| |
Notes:
svn path=/head/; revision=211181
|
| |
|
|
|
|
|
|
| |
Reviewed by: bz
MFC after: 3 weeks
Notes:
svn path=/head/; revision=210631
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
context from in-kernel execution of padlock instructions and to handle
spurious FPUDNA exceptions that sometime are raised when doing padlock
calculations.
Globally mark crypto(9) kthread as using FPU.
Reviewed by: pjd
Hardware provided by: Sentex Communications
Tested by: pho
PR: amd64/135014
MFC after: 1 month
Notes:
svn path=/head/; revision=208834
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
how hashed MD5/SHA are implemented, abusing Final() for padding and
sw_octx to transport the key from the beginning to the end.
Enlightened about what was going on here by: cperciva
Reviewed by: cperciva
MFC After: 3 days
X-MFC with: r187826
PR: kern/126468
Notes:
svn path=/head/; revision=201898
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
the compression was useless as well. Make sure to not update the data
and return, else we would waste resources when decompressing.
This also avoids the copyback() changing data other consumers like
xform_ipcomp.c would have ignored because of no win and sent out without
noting that compression was used, resulting in invalid packets at the
receiver.
MFC after: 5 days
Notes:
svn path=/head/; revision=199906
|
| |
|
|
|
|
|
| |
MFC after: 5 days
Notes:
svn path=/head/; revision=199904
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is needed to avoid running into out of buffer situations
where we cannot alloc a new buffer because we hit the array size
limit (ZBUF).
Use a combined allocation for the struct and the actual data buffer
to not increase the number of malloc calls. [1]
Defer initialization of zbuf until we actually need it.
Make sure the output buffer will be large enough in all cases.
Details discussed with: kib [1]
Reviewed by: kib [1]
MFC after: 6 days
Notes:
svn path=/head/; revision=199895
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
replacement but only use it for inflate. For deflate use Z_FINISH
as Z_SYNC_FLUSH adds a trailing marker in some cases that inflate(),
despite the comment in zlib, does npt seem to cope well with, resulting
in errors when uncompressing exactly fills the outbut buffer without
a Z_STREAM_END and a successive call returns an error.
MFC after: 6 days
Notes:
svn path=/head/; revision=199887
|
