Commit Graph

72 Commits

Author SHA1 Message Date
ad 59d979c5f1 Pass an ipl argument to pool_init/POOL_INIT to be used when initializing
the pool's lock.
2007-03-12 18:18:22 +00:00
christos 53524e44ef Kill caddr_t; there will be some MI fallout, but it will be fixed shortly. 2007-03-04 05:59:00 +00:00
daniel c339e55881 Add an opencrypto provider for the AES xcrypt instructions found on VIA
C5P and later cores (also known as 'ACE', which is part of the VIA PadLock
security engine). Ported from OpenBSD.

Reviewed on tech-crypto and port-i386, no objections to commiting this.
2007-02-17 00:28:23 +00:00
daniel 9a3687b724 crypto_init does not call crypto_init0 only once, because the marker
created with ONCE_DECL() is local. This results in reinitializing
the driver list when crypto_get_driverid() (and leaks memory). Fix
this by making the marker static.

Fixes PR/35412.

Ack freza@.
2007-01-12 12:00:27 +00:00
christos 168cd830d2 __unused removal on arguments; approved by core. 2006-11-16 01:32:37 +00:00
christos 31a62606ea Merge kernel and userland rmd160 and sha2 implementation.
XXX: We still install rmd160.h and sha2.h in /usr/include/crypto, unlike
the other hash functions which get installed in /usr/include for compatibility.
2006-10-27 21:20:48 +00:00
mrg e76360da33 avoid yet another GCC uninitialised warning error that only comes
up with -O3.
2006-10-20 21:50:41 +00:00
christos 4d595fd7b1 - sprinkle __unused on function decls.
- fix a couple of unused bugs
- no more -Wno-unused for i386
2006-10-12 01:30:41 +00:00
christos cb09e23ee7 fix incomplete initializer 2006-08-29 23:45:23 +00:00
ad f474dceb13 Use the LWP cached credentials where sane. 2006-07-23 22:06:03 +00:00
kardel de4337ab21 merge FreeBSD timecounters from branch simonb-timecounters
- struct timeval time is gone
  time.tv_sec -> time_second
- struct timeval mono_time is gone
  mono_time.tv_sec -> time_uptime
- access to time via
	{get,}{micro,nano,bin}time()
	get* versions are fast but less precise
- support NTP nanokernel implementation (NTP API 4)
- further reading:
  Timecounter Paper: http://phk.freebsd.dk/pubs/timecounter.pdf
  NTP Nanokernel: http://www.eecis.udel.edu/~mills/ntp/html/kern.html
2006-06-07 22:33:33 +00:00
elad fc9422c9d9 integrate kauth. 2006-05-14 21:31:52 +00:00
christos 5e406be836 Coverity CID 1083: Avoid possible NULL pointer deref. 2006-04-04 17:30:20 +00:00
dsl 2d31b1673e malloc data the size the pointer points to, not the size of a pointer.
Maybe we get away with this (at least on 32bit archs) because the structure
is 24 bytes and I bet the minimum allocation size is 32.
Fixed coverty CIDs 2732 and 2733
2006-04-02 18:29:12 +00:00
christos 5a57baa413 don't use MALLOC with a non-constant size; use malloc instead. 2006-03-17 23:29:07 +00:00
christos 5403b0bea4 sprinkle DPRINTF()... 2006-03-06 00:50:44 +00:00
christos 03d1230d6c Add the 3 missing sysctl we are supposed to export. 2006-03-06 00:49:42 +00:00
yamt ec5a93183a merge yamt-uio_vmspace branch.
- use vmspace rather than proc or lwp where appropriate.
  the latter is more natural to specify an address space.
  (and less likely to be abused for random purposes.)
- fix a swdmover race.
2006-03-01 12:38:10 +00:00
yamt dae53410a7 - tweak RUN_ONCE api to allow init_func returns an error.
- physio: handle failure of workqueue_create.
2006-01-16 21:45:38 +00:00
christos 95e1ffb156 merge ktrace-lwp. 2005-12-11 12:16:03 +00:00
thorpej cfc81086d9 swcr -> swcrypto 2005-11-25 16:41:31 +00:00
thorpej 7bc6d90c9d - De-couple the software crypto implementation from the rest of the
framework.  There is no need to waste the space if you are only using
  algoritms provided by hardware accelerators.  To get the software
  implementations, add "pseudo-device swcr" to your kernel config.
- Lazily initialize the opencrypto framework when crypto drivers
  (either hardware or swcr) register themselves with the framework.
2005-11-25 16:16:46 +00:00
jonathan 2632a233ba No change. Forced commit to record commit message for previous revision, viz:
Fix vulnerability to a denial-of-service attack which passes a
length-0 crypto op. Check for zero length and return EINVAL, taken from:

    http://cvsweb.FreeBSD.org/src/sys/opencrypto/cryptodev.c.diff?r1=1.25&r2=1.26

Original FreeBSD log mesage:

  Modified files:
    sys/opencrypto       cryptodev.c
  Log:
  Fix bogus check. It was possible to panic the kernel by giving 0 length.
  This is actually a local DoS, as every user can use /dev/crypto if there
  is crypto hardware in the system and cryptodev.ko is loaded (or compiled
  into the kernel).

  Reported by:    Mike Tancsa <mike@sentex.net>


thanks to Sam Leffler for passing on a heads-up about this issue.
2005-08-22 23:11:47 +00:00
jonathan 867a03c37c *** empty log message *** 2005-08-22 23:06:34 +00:00
christos 8789058cbb Sprinkle const. 2005-05-29 21:23:17 +00:00
perry bcfcddbac1 nuke trailing whitespace 2005-02-26 22:31:44 +00:00
christos 31c81b28f5 Cloning cleanup:
1. make fileops const
2. add 2 new negative errno's to `officially' support the cloning hack:
    - EDUPFD (used to overload ENODEV)
    - EMOVEFD (used to overload ENXIO)
3. Created an fdclone() function to encapsulate the operations needed for
   EMOVEFD, and made all cloners use it.
4. Centralize the local noop/badop fileops functions to:
   fnullop_fcntl, fnullop_poll, fnullop_kqfilter, fbadop_stat
2004-11-30 04:25:43 +00:00
skrll f7155e40f6 There's no need to pass a proc value when using UIO_SYSSPACE with
vn_rdwr(9) and uiomove(9).

OK'd by Jason Thorpe
2004-09-17 14:11:20 +00:00
jonathan a9d00c0805 Change control knob for /dev/crypto to only allow requests which
will be hardware-accelerated. Avoids copyin()/copyout() overhead and
spending exceessive tie inside the kernel.

Pullup after: 24 hours, or confirmation by Jason Thorpe that this is the
consensus tech-kern agreed upon last summer.
2004-04-29 02:17:36 +00:00
jonathan 01c51dab61 Split opencrypto configuration into an attribute, usable by inkernel
clients, and a pseudo-device for userspace access.

The attribute is named `opencrypto'. The pseudo-device is renamed to
"crypto", which has a dependency on "opencrypto". The sys/conf/majors
entry and pseudo-device attach entrypoint are updated to match the
new pseudo-device name.

Fast IPsec (sys/netipsec/files.ipsec) now lists a dependency on the
"opencrypto" attribute.  Drivers for crypto accelerators (ubsec,
hifn775x) also pull in opencrypto, as providers of opencrypto transforms.
2003-12-31 16:44:26 +00:00
jonathan 6ec8242194 Wrap noisy pointless message about denied userspace requests with
`#ifdef CRYPTO_DEBUG', per Jason Thorpe's  suggestion.
2003-11-19 04:14:07 +00:00
jonathan 86b22c558b Fix typo. 2003-11-19 03:24:20 +00:00
jonathan 22b38bb12a Clean up userlevel access to software kernel transforms, in preparation
for using /dev/crypto for OpenSSL:

1. Add comments explaining crypto_devallowsoft, explaining the
OpenBSD-style three-way logic actully implemented in crypto_newsession().

2. Pass crypto_devallowsoft as the final argument to crypto_newsession(),
instead of a constant 0 value.

3. Set the default value of crypto_devallowsoft to 1, to allow
/dev/crypto access only for hardware-supported transforms.

Items 1-3 may be revised to match the FreeBSD two-way logic, if the
consensus is that there's no point to forcing software transforms.
But as a first step, let the description match what the code actually does.

GC unused variables usercrypto, userasmcrypto, cryptodevallowsoft from
cryptodev.c, in favour of variables crypto_usercrypto, crypto_userasmcrypto,
crypto_devallowsoft, which are used as well as defined in crypto.c.
2003-11-19 03:18:33 +00:00
jonathan a91ce15e10 Remove erroneous '2 *' from 'bzero(*sched, 2 * sizeof(rijndael_ctx));'
After using AES from sys/crypto, we only malloc sizeof(rijndael_ctx),
and we were bzero()ing past the end of the aes ctx, leading to panics.
2003-11-18 23:01:39 +00:00
tls 1f93975cf8 Move the Skipjack algorithm from sys/opencrypto to sys/crypto/skipjack.
There are now no cryptographic algorithms in sys/opencrypto, which,
according to the comment formerly in files.opencrypto, was the original
intent.
2003-11-16 12:07:50 +00:00
jonathan 2862355ab1 Remove '#ifdef notdef' around userspace ioctl() requests for
pure (non-HMAC) MD5 and SHA1.
2003-11-16 00:16:06 +00:00
scw a02e49b067 Fix a genuine uninitialised variable. 2003-11-09 11:09:11 +00:00
lha 5b649f6771 Implement nanouptime as a function to avoid 'dereferencing type-punned pointer'.
No token after #endif
2003-09-21 20:56:01 +00:00
cjep 3f3139be59 comment typo 2003-09-06 18:40:15 +00:00
thorpej c171c20800 Fix-up a few things missed in the rijndael_set_key() change. 2003-08-27 14:55:36 +00:00
itojun 725b73043b simplify rijndael.c API - always schedule encrypt/decrypt key.
reviewed by thorpej
2003-08-27 14:23:25 +00:00
thorpej 7e87fbb23b Some const poisoning. 2003-08-27 00:20:56 +00:00
thorpej 538c811bc6 Tidy up the namespace of this a little. 2003-08-27 00:12:37 +00:00
thorpej 24b18cc20a Use the Blowfish in crypto/blowfish, which has hooks for using tuned
assembly for the transform.
2003-08-27 00:05:26 +00:00
thorpej c8a0fb53df In Blowfish_initstate(), make the initstate static, otherwise the
compiler will emit code to first copy it onto the stack before
copying it into the destination context structure.  With this change,
it will only be copied once.
2003-08-26 20:20:17 +00:00
thorpej 6de9ce0437 Move the opencrypto CAST-128 implementation to crypto/cast128, removing
the old one.  Rename the functions/structures from cast_* to cast128_*.
Adapt the KAME IPsec to use the new CAST-128 code, which has a simpler
API and smaller footprint.
2003-08-26 16:37:36 +00:00
thorpej 4db0bbc2b8 Remove a bunch of unnecessary includes. 2003-08-26 15:01:38 +00:00
thorpej 4612234689 G/C extra /. 2003-08-26 14:24:35 +00:00
thorpej aa6632baa6 G/C opencrypto's local copy of rijndael. Adapt the extant rijndael
code for opencrypto's use by adding the simplified API that opencrypto
expects.
2003-08-26 14:24:05 +00:00
thorpej db3b5e3692 Remove extra /. 2003-08-26 02:54:11 +00:00