The NetBSD Project

CVS log for src/sys/rump/kern/lib/libcrypto/Makefile

[BACK] Up to [cvs.NetBSD.org] / src / sys / rump / kern / lib / libcrypto

Request diff between arbitrary revisions


Default branch: MAIN


Revision 1.23 / (download) - annotate - [select for diffs], Sat Aug 21 09:08:55 2021 UTC (2 years, 7 months ago) by christos
Branch: MAIN
CVS Tags: thorpej-ifq-base, thorpej-ifq, thorpej-altq-separation-base, thorpej-altq-separation, netbsd-10-base, netbsd-10-0-RELEASE, netbsd-10-0-RC6, netbsd-10-0-RC5, netbsd-10-0-RC4, netbsd-10-0-RC3, netbsd-10-0-RC2, netbsd-10-0-RC1, netbsd-10, bouyer-sunxi-drm-base, bouyer-sunxi-drm, HEAD
Changes since 1.22: +2 -2 lines
Diff to previous 1.22 (colored)

rename glue.c to sodium_module.c

Revision 1.22 / (download) - annotate - [select for diffs], Sat Aug 21 08:47:23 2021 UTC (2 years, 7 months ago) by christos
Branch: MAIN
Changes since 1.21: +15 -12 lines
Diff to previous 1.21 (colored)

Add glue.c for libsodium (suggested by riastradh). Tidy up.

Revision 1.21 / (download) - annotate - [select for diffs], Thu Aug 27 14:01:36 2020 UTC (3 years, 7 months ago) by riastradh
Branch: MAIN
CVS Tags: thorpej-i2c-spi-conf2-base, thorpej-i2c-spi-conf2, thorpej-i2c-spi-conf-base, thorpej-i2c-spi-conf, thorpej-futex2-base, thorpej-futex2, thorpej-futex-base, thorpej-futex, thorpej-cfargs2-base, thorpej-cfargs2, thorpej-cfargs-base, thorpej-cfargs, cjep_sun2x-base1, cjep_sun2x-base, cjep_sun2x, cjep_staticlib_x-base1, cjep_staticlib_x-base, cjep_staticlib_x
Changes since 1.20: +1 -5 lines
Diff to previous 1.20 (colored)

Move address hashing from init_main.c to kern_sysctl.c.

This way rump gets it automatically.  Make sure blake2s is in
librumpkern.so, not just in librumpkern_crypto.so, for this to work.

Revision 1.20 / (download) - annotate - [select for diffs], Wed Aug 26 15:49:56 2020 UTC (3 years, 7 months ago) by riastradh
Branch: MAIN
Changes since 1.19: +25 -25 lines
Diff to previous 1.19 (colored)

Tidy up libsodium makefile and config fragments.

Revision 1.19 / (download) - annotate - [select for diffs], Fri Aug 21 06:37:30 2020 UTC (3 years, 7 months ago) by riastradh
Branch: MAIN
Changes since 1.18: +2 -2 lines
Diff to previous 1.18 (colored)

Disable libsodium HAVE_TI_MODE for now.

This may reduce performance by not taking advantage of 64x64->128
multiplications on some platforms, but let's worry about that later
and fix the build on the other platforms instead.

Revision 1.18 / (download) - annotate - [select for diffs], Fri Aug 21 06:30:46 2020 UTC (3 years, 7 months ago) by riastradh
Branch: MAIN
Changes since 1.17: +7 -2 lines
Diff to previous 1.17 (colored)

Split flags onto separate lines, sorted, to make diffs easier.

Revision 1.17 / (download) - annotate - [select for diffs], Fri Aug 21 06:27:41 2020 UTC (3 years, 7 months ago) by riastradh
Branch: MAIN
Changes since 1.16: +2 -2 lines
Diff to previous 1.16 (colored)

Disable -Wshadow for libsodium.

Evidently ed25519_ref10.c has a global and a local both named `d'.

Revision 1.16 / (download) - annotate - [select for diffs], Thu Aug 20 21:33:43 2020 UTC (3 years, 7 months ago) by riastradh
Branch: MAIN
Changes since 1.15: +2 -1 lines
Diff to previous 1.15 (colored)

Missed a spot -- add sys/crypto/blake2 to .PATH here.

Revision 1.15 / (download) - annotate - [select for diffs], Thu Aug 20 21:30:32 2020 UTC (3 years, 7 months ago) by riastradh
Branch: MAIN
Changes since 1.14: +2 -5 lines
Diff to previous 1.14 (colored)

Fix vestiges of libb2.

Revision 1.14 / (download) - annotate - [select for diffs], Thu Aug 20 21:21:32 2020 UTC (3 years, 7 months ago) by riastradh
Branch: MAIN
Changes since 1.13: +48 -2 lines
Diff to previous 1.13 (colored)

[ozaki-r] Changes to the kernel core for wireguard

Revision 1.13 / (download) - annotate - [select for diffs], Tue Jul 28 20:15:07 2020 UTC (3 years, 8 months ago) by riastradh
Branch: MAIN
Changes since 1.12: +1 -7 lines
Diff to previous 1.12 (colored)

Rewrite cprng_fast in terms of new ChaCha API.

Revision 1.12 / (download) - annotate - [select for diffs], Sun Jul 26 04:25:49 2020 UTC (3 years, 8 months ago) by riastradh
Branch: MAIN
Changes since 1.11: +14 -14 lines
Diff to previous 1.11 (colored)

Fix more sort order.

Revision 1.11 / (download) - annotate - [select for diffs], Sun Jul 26 04:25:14 2020 UTC (3 years, 8 months ago) by riastradh
Branch: MAIN
Changes since 1.10: +4 -2 lines
Diff to previous 1.10 (colored)

Add missing aes_ccm.c, aes_ccm_mbuf.c.  Fix sort order.

Revision 1.10 / (download) - annotate - [select for diffs], Sun Jul 26 04:03:45 2020 UTC (3 years, 8 months ago) by riastradh
Branch: MAIN
Changes since 1.9: +7 -1 lines
Diff to previous 1.9 (colored)

Add chacha to rump libcrypto.

Revision 1.9 / (download) - annotate - [select for diffs], Sat Jul 25 22:40:08 2020 UTC (3 years, 8 months ago) by riastradh
Branch: MAIN
Changes since 1.8: +1 -2 lines
Diff to previous 1.8 (colored)

Remove now-unused legacy rijndael API.

Revision 1.8 / (download) - annotate - [select for diffs], Mon Jun 29 23:44:01 2020 UTC (3 years, 9 months ago) by riastradh
Branch: MAIN
Changes since 1.7: +7 -2 lines
Diff to previous 1.7 (colored)

New cgd cipher adiantum.

Adiantum is a wide-block cipher, built out of AES, XChaCha12,
Poly1305, and NH, defined in

   Paul Crowley and Eric Biggers, `Adiantum: length-preserving
   encryption for entry-level processors', IACR Transactions on
   Symmetric Cryptology 2018(4), pp. 39--61.

Adiantum provides better security than a narrow-block cipher with CBC
or XTS, because every bit of each sector affects every other bit,
whereas with CBC each block of plaintext only affects the following
blocks of ciphertext in the disk sector, and with XTS each block of
plaintext only affects its own block of ciphertext and nothing else.

Adiantum generally provides much better performance than
constant-time AES-CBC or AES-XTS software do without hardware
support, and performance comparable to or better than the
variable-time (i.e., leaky) AES-CBC and AES-XTS software we had
before.  (Note: Adiantum also uses AES as a subroutine, but only once
per disk sector.  It takes only a small fraction of the time spent by
Adiantum, so there's relatively little performance impact to using
constant-time AES software over using variable-time AES software for
it.)

Adiantum naturally scales to essentially arbitrary disk sector sizes;
sizes >=1024-bytes take the most advantage of Adiantum's design for
performance, so 4096-byte sectors would be a natural choice if we
taught cgd to change the disk sector size.  (However, it's a
different cipher for each disk sector size, so it _must_ be a cgd
parameter.)

The paper presents a similar construction HPolyC.  The salient
difference is that HPolyC uses Poly1305 directly, whereas Adiantum
uses Poly1395(NH(...)).  NH is annoying because it requires a
1072-byte key, which means the test vectors are ginormous, and
changing keys is costly; HPolyC avoids these shortcomings by using
Poly1305 directly, but HPolyC is measurably slower, costing about
1.5x what Adiantum costs on 4096-byte sectors.

For the purposes of cgd, we will reuse each key for many messages,
and there will be very few keys in total (one per cgd volume) so --
except for the annoying verbosity of test vectors -- the tradeoff
weighs in the favour of Adiantum, especially if we teach cgd to do
>>512-byte sectors.

For now, everything that Adiantum needs beyond what's already in the
kernel is gathered into a single file, including NH, Poly1305, and
XChaCha12.  We can split those out -- and reuse them, and provide MD
tuned implementations, and so on -- as needed; this is just a first
pass to get Adiantum implemented for experimentation.

Revision 1.7 / (download) - annotate - [select for diffs], Mon Jun 29 23:27:52 2020 UTC (3 years, 9 months ago) by riastradh
Branch: MAIN
Changes since 1.6: +11 -5 lines
Diff to previous 1.6 (colored)

Rework AES in kernel to finally address CVE-2005-1797.

1. Rip out old variable-time reference implementation.
2. Replace it by BearSSL's constant-time 32-bit logic.
   => Obtained from commit dda1f8a0c46e15b4a235163470ff700b2f13dcc5.
   => We could conditionally adopt the 64-bit logic too, which would
      likely give a modest performance boost on 64-bit platforms
      without AES-NI, but that's a bit more trouble.
3. Select the AES implementation at boot-time; allow an MD override.
   => Use self-tests to verify basic correctness at boot.
   => The implementation selection policy is rather rudimentary at
      the moment but it is isolated to one place so it's easy to
      change later on.

This (a) plugs a host of timing attacks on, e.g., cgd, and (b) paves
the way to take advantage of CPU support for AES -- both things we
should've done a decade ago.  Downside: Computing AES takes 2-3x the
CPU time.  But that's what hardware support will be coming for.

Rudimentary measurement of performance impact done by:

mount -t tmpfs tmpfs /tmp
dd if=/dev/zero of=/tmp/disk bs=1m count=512
vnconfig -cv vnd0 /tmp/disk
cgdconfig -s cgd0 /dev/vnd0 aes-cbc 256 < /dev/zero
dd if=/dev/rcgd0d of=/dev/null bs=64k
dd if=/dev/zero of=/dev/rcgd0d bs=64k

The AES-CBC encryption performance impact is closer to 3x because it
is inherently sequential; the AES-CBC decryption impact is closer to
2x because the bitsliced AES logic can process two blocks at once.

Discussed on tech-kern:

https://mail-index.NetBSD.org/tech-kern/2020/06/18/msg026505.html

Revision 1.4.18.2 / (download) - annotate - [select for diffs], Mon Apr 13 08:05:18 2020 UTC (4 years ago) by martin
Branch: phil-wifi
Changes since 1.4.18.1: +1 -2 lines
Diff to previous 1.4.18.1 (colored) to branchpoint 1.4 (colored) next main 1.5 (colored)

Mostly merge changes from HEAD upto 20200411

Revision 1.4.18.1 / (download) - annotate - [select for diffs], Wed Apr 8 14:09:01 2020 UTC (4 years ago) by martin
Branch: phil-wifi
Changes since 1.4: +2 -6 lines
Diff to previous 1.4 (colored)

Merge changes from current as of 20200406

Revision 1.6 / (download) - annotate - [select for diffs], Thu Dec 5 03:57:55 2019 UTC (4 years, 4 months ago) by riastradh
Branch: MAIN
CVS Tags: phil-wifi-20200421, phil-wifi-20200411, phil-wifi-20200406, is-mlppp-base, is-mlppp, bouyer-xenpvh-base2, bouyer-xenpvh-base1, bouyer-xenpvh-base, bouyer-xenpvh, ad-namecache-base3, ad-namecache-base2, ad-namecache-base1, ad-namecache-base, ad-namecache
Changes since 1.5: +2 -6 lines
Diff to previous 1.5 (colored)

Missed a spot in the crypto/arc4 deletion.

Revision 1.3.8.1 / (download) - annotate - [select for diffs], Tue Sep 3 12:30:46 2019 UTC (4 years, 7 months ago) by martin
Branch: netbsd-7-0
Changes since 1.3: +2 -3 lines
Diff to previous 1.3 (colored) next main 1.4 (colored)

Pull up following revision(s) (requested by riastradh in ticket #1705):

	sys/crypto/nist_hash_drbg/nist_hash_drbg.c: revision 1.1
	sys/crypto/nist_hash_drbg/nist_hash_drbg.h: revision 1.1
	sys/rump/kern/lib/libcrypto/Makefile: revision 1.5
	sys/crypto/nist_hash_drbg/files.nist_hash_drbg: revision 1.1
	sys/rump/librump/rumpkern/Makefile.rumpkern: revision 1.176
	sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes256.h: file removal
	sys/crypto/nist_ctr_drbg/nist_ctr_drbg_config.h: file removal
	sys/conf/files: revision 1.1238
	sys/dev/rndpseudo.c: revision 1.38
	sys/crypto/nist_ctr_drbg/nist_ctr_drbg.c: file removal
	sys/sys/cprng.h: revision 1.13 - 1.15
	sys/crypto/nist_ctr_drbg/nist_ctr_drbg.h: file removal
	sys/crypto/nist_ctr_drbg/nist_ctr_aes_rijndael.h: file removal
	sys/crypto/nist_ctr_drbg/files.nist_ctr_drbg: file removal
	sys/kern/subr_cprng.c: revision 1.31
	sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes128.h: file removal

cprng.h: use static __inline for consistency with other include
headers and remove an unused function.

 -

Switch from NIST CTR_DRBG with AES to NIST Hash_DRBG with SHA-256.

Benefits:
- larger seeds -- a 128-bit key alone is not enough for `128-bit security'
- better resistance to timing side channels than AES
- a better-understood security story (<a  rel="nofollow" href="https://eprint.iacr.org/2018/349">https://eprint.iacr.org/2018/349</a>)
- no loss in compliance with US government standards that nobody ever
  got fired for choosing, at least in the US-dominated western world
- no dirty endianness tricks
- self-tests

Drawbacks:
- performance hit: throughput is reduced to about 1/3 in naive measurements
  => possible to mitigate by using hardware SHA-256 instructions
  => all you really need is 32 bytes to seed a userland PRNG anyway
  => if we just used ChaCha this would go away...

Revision 1.3.12.1 / (download) - annotate - [select for diffs], Tue Sep 3 12:28:30 2019 UTC (4 years, 7 months ago) by martin
Branch: netbsd-7-1
Changes since 1.3: +2 -3 lines
Diff to previous 1.3 (colored) next main 1.4 (colored)

Pull up following revision(s) (requested by riastradh in ticket #1705):

	sys/crypto/nist_hash_drbg/nist_hash_drbg.c: revision 1.1
	sys/crypto/nist_hash_drbg/nist_hash_drbg.h: revision 1.1
	sys/rump/kern/lib/libcrypto/Makefile: revision 1.5
	sys/crypto/nist_hash_drbg/files.nist_hash_drbg: revision 1.1
	sys/rump/librump/rumpkern/Makefile.rumpkern: revision 1.176
	sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes256.h: file removal
	sys/crypto/nist_ctr_drbg/nist_ctr_drbg_config.h: file removal
	sys/conf/files: revision 1.1238
	sys/dev/rndpseudo.c: revision 1.38
	sys/crypto/nist_ctr_drbg/nist_ctr_drbg.c: file removal
	sys/sys/cprng.h: revision 1.13 - 1.15
	sys/crypto/nist_ctr_drbg/nist_ctr_drbg.h: file removal
	sys/crypto/nist_ctr_drbg/nist_ctr_aes_rijndael.h: file removal
	sys/crypto/nist_ctr_drbg/files.nist_ctr_drbg: file removal
	sys/kern/subr_cprng.c: revision 1.31
	sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes128.h: file removal

cprng.h: use static __inline for consistency with other include
headers and remove an unused function.

 -

Switch from NIST CTR_DRBG with AES to NIST Hash_DRBG with SHA-256.

Benefits:
- larger seeds -- a 128-bit key alone is not enough for `128-bit security'
- better resistance to timing side channels than AES
- a better-understood security story (<a  rel="nofollow" href="https://eprint.iacr.org/2018/349">https://eprint.iacr.org/2018/349</a>)
- no loss in compliance with US government standards that nobody ever
  got fired for choosing, at least in the US-dominated western world
- no dirty endianness tricks
- self-tests

Drawbacks:
- performance hit: throughput is reduced to about 1/3 in naive measurements
  => possible to mitigate by using hardware SHA-256 instructions
  => all you really need is 32 bytes to seed a userland PRNG anyway
  => if we just used ChaCha this would go away...

Revision 1.3.4.1 / (download) - annotate - [select for diffs], Tue Sep 3 12:20:42 2019 UTC (4 years, 7 months ago) by martin
Branch: netbsd-7
Changes since 1.3: +2 -3 lines
Diff to previous 1.3 (colored) next main 1.4 (colored)

Pull up following revision(s) (requested by riastradh in ticket #1705):

	sys/crypto/nist_hash_drbg/nist_hash_drbg.c: revision 1.1
	sys/crypto/nist_hash_drbg/nist_hash_drbg.h: revision 1.1
	sys/rump/kern/lib/libcrypto/Makefile: revision 1.5
	sys/crypto/nist_hash_drbg/files.nist_hash_drbg: revision 1.1
	sys/rump/librump/rumpkern/Makefile.rumpkern: revision 1.176
	sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes256.h: file removal
	sys/crypto/nist_ctr_drbg/nist_ctr_drbg_config.h: file removal
	sys/conf/files: revision 1.1238
	sys/dev/rndpseudo.c: revision 1.38
	sys/crypto/nist_ctr_drbg/nist_ctr_drbg.c: file removal
	sys/sys/cprng.h: revision 1.13 - 1.15
	sys/crypto/nist_ctr_drbg/nist_ctr_drbg.h: file removal
	sys/crypto/nist_ctr_drbg/nist_ctr_aes_rijndael.h: file removal
	sys/crypto/nist_ctr_drbg/files.nist_ctr_drbg: file removal
	sys/kern/subr_cprng.c: revision 1.31
	sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes128.h: file removal

cprng.h: use static __inline for consistency with other include
headers and remove an unused function.

 -

Switch from NIST CTR_DRBG with AES to NIST Hash_DRBG with SHA-256.

Benefits:
- larger seeds -- a 128-bit key alone is not enough for `128-bit security'
- better resistance to timing side channels than AES
- a better-understood security story (<a  rel="nofollow" href="https://eprint.iacr.org/2018/349">https://eprint.iacr.org/2018/349</a>)
- no loss in compliance with US government standards that nobody ever
  got fired for choosing, at least in the US-dominated western world
- no dirty endianness tricks
- self-tests

Drawbacks:
- performance hit: throughput is reduced to about 1/3 in naive measurements
  => possible to mitigate by using hardware SHA-256 instructions
  => all you really need is 32 bytes to seed a userland PRNG anyway
  => if we just used ChaCha this would go away...

Revision 1.4.10.1 / (download) - annotate - [select for diffs], Tue Sep 3 12:08:21 2019 UTC (4 years, 7 months ago) by martin
Branch: netbsd-8
CVS Tags: netbsd-8-2-RELEASE
Changes since 1.4: +2 -3 lines
Diff to previous 1.4 (colored) next main 1.5 (colored)

Pull up following revision(s) (requested by riastradh in ticket #1365):

	sys/crypto/nist_hash_drbg/nist_hash_drbg.c: revision 1.1
	sys/crypto/nist_hash_drbg/nist_hash_drbg.h: revision 1.1
	sys/rump/kern/lib/libcrypto/Makefile: revision 1.5
	sys/crypto/nist_hash_drbg/files.nist_hash_drbg: revision 1.1
	sys/rump/librump/rumpkern/Makefile.rumpkern: revision 1.176
	sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes256.h: file removal
	sys/crypto/nist_ctr_drbg/nist_ctr_drbg_config.h: file removal
	sys/conf/files: revision 1.1238
	sys/dev/rndpseudo.c: revision 1.38
	sys/crypto/nist_ctr_drbg/nist_ctr_drbg.c: file removal
	sys/sys/cprng.h: revision 1.13 - 1.15
	sys/crypto/nist_ctr_drbg/nist_ctr_drbg.h: file removal
	sys/crypto/nist_ctr_drbg/nist_ctr_aes_rijndael.h: file removal
	sys/crypto/nist_ctr_drbg/files.nist_ctr_drbg: file removal
	sys/kern/subr_cprng.c: revision 1.31
	sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes128.h: file removal

cprng.h: use static __inline for consistency with other include
headers and remove an unused function.

 -

Switch from NIST CTR_DRBG with AES to NIST Hash_DRBG with SHA-256.

Benefits:
- larger seeds -- a 128-bit key alone is not enough for `128-bit security'
- better resistance to timing side channels than AES
- a better-understood security story (<a  rel="nofollow" href="https://eprint.iacr.org/2018/349">https://eprint.iacr.org/2018/349</a>)
- no loss in compliance with US government standards that nobody ever
  got fired for choosing, at least in the US-dominated western world
- no dirty endianness tricks
- self-tests

Drawbacks:
- performance hit: throughput is reduced to about 1/3 in naive measurements
  => possible to mitigate by using hardware SHA-256 instructions
  => all you really need is 32 bytes to seed a userland PRNG anyway
  => if we just used ChaCha this would go away...

Revision 1.4.22.1 / (download) - annotate - [select for diffs], Tue Sep 3 07:47:59 2019 UTC (4 years, 7 months ago) by martin
Branch: netbsd-9
CVS Tags: netbsd-9-3-RELEASE, netbsd-9-2-RELEASE, netbsd-9-1-RELEASE, netbsd-9-0-RELEASE, netbsd-9-0-RC2, netbsd-9-0-RC1
Changes since 1.4: +2 -3 lines
Diff to previous 1.4 (colored) next main 1.5 (colored)

Pull up following revision(s) (requested by riastradh in ticket #173):

	sys/crypto/nist_hash_drbg/nist_hash_drbg.c: revision 1.1
	sys/crypto/nist_hash_drbg/nist_hash_drbg.h: revision 1.1
	sys/rump/kern/lib/libcrypto/Makefile: revision 1.5
	sys/crypto/nist_hash_drbg/files.nist_hash_drbg: revision 1.1
	sys/rump/librump/rumpkern/Makefile.rumpkern: revision 1.176
	sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes256.h: file removal
	sys/crypto/nist_ctr_drbg/nist_ctr_drbg_config.h: file removal
	sys/conf/files: revision 1.1238
	sys/dev/rndpseudo.c: revision 1.38
	sys/crypto/nist_ctr_drbg/nist_ctr_drbg.c: file removal
	sys/sys/cprng.h: revision 1.15
	sys/crypto/nist_ctr_drbg/nist_ctr_drbg.h: file removal
	sys/crypto/nist_ctr_drbg/nist_ctr_aes_rijndael.h: file removal
	sys/crypto/nist_ctr_drbg/files.nist_ctr_drbg: file removal
	sys/kern/subr_cprng.c: revision 1.31
	sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes128.h: file removal

Switch from NIST CTR_DRBG with AES to NIST Hash_DRBG with SHA-256.

Benefits:
- larger seeds -- a 128-bit key alone is not enough for `128-bit security'
- better resistance to timing side channels than AES
- a better-understood security story (<a  rel="nofollow" href="https://eprint.iacr.org/2018/349">https://eprint.iacr.org/2018/349</a>)
- no loss in compliance with US government standards that nobody ever
  got fired for choosing, at least in the US-dominated western world
- no dirty endianness tricks
- self-tests

Drawbacks:
- performance hit: throughput is reduced to about 1/3 in naive measurements
  => possible to mitigate by using hardware SHA-256 instructions
  => all you really need is 32 bytes to seed a userland PRNG anyway
  => if we just used ChaCha this would go away...

XXX pullup-7
XXX pullup-8
XXX pullup-9

Revision 1.5 / (download) - annotate - [select for diffs], Mon Sep 2 20:09:30 2019 UTC (4 years, 7 months ago) by riastradh
Branch: MAIN
CVS Tags: phil-wifi-20191119
Changes since 1.4: +2 -3 lines
Diff to previous 1.4 (colored)

Switch from NIST CTR_DRBG with AES to NIST Hash_DRBG with SHA-256.

Benefits:

- larger seeds -- a 128-bit key alone is not enough for `128-bit security'
- better resistance to timing side channels than AES
- a better-understood security story (https://eprint.iacr.org/2018/349)
- no loss in compliance with US government standards that nobody ever
  got fired for choosing, at least in the US-dominated western world
- no dirty endianness tricks
- self-tests

Drawbacks:

- performance hit: throughput is reduced to about 1/3 in naive measurements
  => possible to mitigate by using hardware SHA-256 instructions
  => all you really need is 32 bytes to seed a userland PRNG anyway
  => if we just used ChaCha this would go away...

XXX pullup-7
XXX pullup-8
XXX pullup-9

Revision 1.1.20.2 / (download) - annotate - [select for diffs], Sun Dec 3 11:39:14 2017 UTC (6 years, 4 months ago) by jdolecek
Branch: tls-maxphys
Changes since 1.1.20.1: +1 -0 lines
Diff to previous 1.1.20.1 (colored) to branchpoint 1.1 (colored) next main 1.2 (colored)

update from HEAD

Revision 1.3.6.1 / (download) - annotate - [select for diffs], Sun Dec 27 12:10:15 2015 UTC (8 years, 3 months ago) by skrll
Branch: nick-nhusb
Changes since 1.3: +2 -1 lines
Diff to previous 1.3 (colored) next main 1.4 (colored)

Sync with HEAD (as of 26th Dec)

Revision 1.4 / (download) - annotate - [select for diffs], Mon Oct 19 16:16:37 2015 UTC (8 years, 5 months ago) by pooka
Branch: MAIN
CVS Tags: tls-maxphys-base-20171202, prg-localcount2-base3, prg-localcount2-base2, prg-localcount2-base1, prg-localcount2-base, prg-localcount2, phil-wifi-base, phil-wifi-20190609, pgoyette-localcount-base, pgoyette-localcount-20170426, pgoyette-localcount-20170320, pgoyette-localcount-20170107, pgoyette-localcount-20161104, pgoyette-localcount-20160806, pgoyette-localcount-20160726, pgoyette-localcount, pgoyette-compat-merge-20190127, pgoyette-compat-base, pgoyette-compat-20190127, pgoyette-compat-20190118, pgoyette-compat-1226, pgoyette-compat-1126, pgoyette-compat-1020, pgoyette-compat-0930, pgoyette-compat-0906, pgoyette-compat-0728, pgoyette-compat-0625, pgoyette-compat-0521, pgoyette-compat-0502, pgoyette-compat-0422, pgoyette-compat-0415, pgoyette-compat-0407, pgoyette-compat-0330, pgoyette-compat-0322, pgoyette-compat-0315, pgoyette-compat, perseant-stdc-iso10646-base, perseant-stdc-iso10646, nick-nhusb-base-20170825, nick-nhusb-base-20170204, nick-nhusb-base-20161204, nick-nhusb-base-20161004, nick-nhusb-base-20160907, nick-nhusb-base-20160529, nick-nhusb-base-20160422, nick-nhusb-base-20160319, nick-nhusb-base-20151226, netbsd-9-base, netbsd-8-base, netbsd-8-1-RELEASE, netbsd-8-1-RC1, netbsd-8-0-RELEASE, netbsd-8-0-RC2, netbsd-8-0-RC1, matt-nb8-mediatek-base, matt-nb8-mediatek, localcount-20160914, jdolecek-ncq-base, jdolecek-ncq, isaki-audio2-base, isaki-audio2, bouyer-socketcan-base1, bouyer-socketcan-base, bouyer-socketcan
Branch point for: phil-wifi, netbsd-9, netbsd-8
Changes since 1.3: +2 -1 lines
Diff to previous 1.3 (colored)

Add a COMMENT describing what each component roughly does.

"make describe" prints the comment.

Requested/inspired by Vincent Schwarzer on rumpkernel-users

Revision 1.1.20.1 / (download) - annotate - [select for diffs], Wed Aug 20 00:04:40 2014 UTC (9 years, 7 months ago) by tls
Branch: tls-maxphys
Changes since 1.1: +9 -4 lines
Diff to previous 1.1 (colored)

Rebase to HEAD as of a few days ago.

Revision 1.1.10.1 / (download) - annotate - [select for diffs], Thu May 22 11:41:14 2014 UTC (9 years, 10 months ago) by yamt
Branch: yamt-pagecache
Changes since 1.1: +9 -4 lines
Diff to previous 1.1 (colored) next main 1.2 (colored)

sync with head.

for a reference, the tree before this commit was tagged
as yamt-pagecache-tag8.

this commit was splitted into small chunks to avoid
a limitation of cvs.  ("Protocol error: too many arguments")

Revision 1.1.24.1 / (download) - annotate - [select for diffs], Sun May 18 17:46:17 2014 UTC (9 years, 10 months ago) by rmind
Branch: rmind-smpnet
Changes since 1.1: +9 -4 lines
Diff to previous 1.1 (colored) next main 1.2 (colored)

sync with head

Revision 1.3 / (download) - annotate - [select for diffs], Fri Jan 17 01:32:53 2014 UTC (10 years, 2 months ago) by pooka
Branch: MAIN
CVS Tags: yamt-pagecache-base9, tls-maxphys-base, tls-earlyentropy-base, tls-earlyentropy, rmind-smpnet-nbase, rmind-smpnet-base, riastradh-xf86-video-intel-2-7-1-pre-2-21-15, riastradh-drm2-base3, nick-nhusb-base-20150921, nick-nhusb-base-20150606, nick-nhusb-base-20150406, nick-nhusb-base, netbsd-7-nhusb-base-20170116, netbsd-7-nhusb-base, netbsd-7-nhusb, netbsd-7-base, netbsd-7-2-RELEASE, netbsd-7-1-RELEASE, netbsd-7-1-RC2, netbsd-7-1-RC1, netbsd-7-1-2-RELEASE, netbsd-7-1-1-RELEASE, netbsd-7-0-RELEASE, netbsd-7-0-RC3, netbsd-7-0-RC2, netbsd-7-0-RC1, netbsd-7-0-2-RELEASE, netbsd-7-0-1-RELEASE
Branch point for: nick-nhusb, netbsd-7-1, netbsd-7-0, netbsd-7
Changes since 1.2: +3 -2 lines
Diff to previous 1.2 (colored)

Use subr_cprng.c instead of stub implementation.  Rijndael migrates from
rumpkern_crypto to rumpkern due to it being mandatory for cprng.

Revision 1.2 / (download) - annotate - [select for diffs], Tue Jan 14 17:05:50 2014 UTC (10 years, 3 months ago) by pgoyette
Branch: MAIN
Changes since 1.1: +7 -3 lines
Diff to previous 1.1 (colored)

Add the MODULE parts for blowfish and des.

Add camellia algorithm.  (pooka@ says no lib version change required)

Revision 1.1.6.2 / (download) - annotate - [select for diffs], Sat Mar 5 20:56:13 2011 UTC (13 years, 1 month ago) by rmind
Branch: rmind-uvmplock
Changes since 1.1.6.1: +32 -0 lines
Diff to previous 1.1.6.1 (colored) to branchpoint 1.1 (colored) next main 1.2 (colored)

sync with head

Revision 1.1.6.1, Sun Dec 5 20:11:22 2010 UTC (13 years, 4 months ago) by rmind
Branch: rmind-uvmplock
Changes since 1.1: +0 -32 lines
FILE REMOVED

file Makefile was added on branch rmind-uvmplock on 2011-03-05 20:56:13 +0000

Revision 1.1 / (download) - annotate - [select for diffs], Sun Dec 5 20:11:22 2010 UTC (13 years, 4 months ago) by pooka
Branch: MAIN
CVS Tags: yamt-pagecache-tag8, yamt-pagecache-base8, yamt-pagecache-base7, yamt-pagecache-base6, yamt-pagecache-base5, yamt-pagecache-base4, yamt-pagecache-base3, yamt-pagecache-base2, yamt-pagecache-base, rmind-uvmplock-nbase, rmind-uvmplock-base, riastradh-drm2-base2, riastradh-drm2-base1, riastradh-drm2-base, riastradh-drm2, netbsd-6-base, netbsd-6-1-RELEASE, netbsd-6-1-RC4, netbsd-6-1-RC3, netbsd-6-1-RC2, netbsd-6-1-RC1, netbsd-6-1-5-RELEASE, netbsd-6-1-4-RELEASE, netbsd-6-1-3-RELEASE, netbsd-6-1-2-RELEASE, netbsd-6-1-1-RELEASE, netbsd-6-1, netbsd-6-0-RELEASE, netbsd-6-0-RC2, netbsd-6-0-RC1, netbsd-6-0-6-RELEASE, netbsd-6-0-5-RELEASE, netbsd-6-0-4-RELEASE, netbsd-6-0-3-RELEASE, netbsd-6-0-2-RELEASE, netbsd-6-0-1-RELEASE, netbsd-6-0, netbsd-6, matt-nb6-plus-nbase, matt-nb6-plus-base, matt-nb6-plus, matt-mips64-premerge-20101231, khorben-n900, jruoho-x86intr-base, jruoho-x86intr, jmcneill-usbmp-pre-base2, jmcneill-usbmp-base9, jmcneill-usbmp-base8, jmcneill-usbmp-base7, jmcneill-usbmp-base6, jmcneill-usbmp-base5, jmcneill-usbmp-base4, jmcneill-usbmp-base3, jmcneill-usbmp-base2, jmcneill-usbmp-base10, jmcneill-usbmp-base, jmcneill-usbmp, jmcneill-audiomp3-base, jmcneill-audiomp3, cherry-xenmp-base, cherry-xenmp, bouyer-quota2-nbase, bouyer-quota2-base, bouyer-quota2, agc-symver-base, agc-symver
Branch point for: yamt-pagecache, tls-maxphys, rmind-uvmplock, rmind-smpnet

rumpcrypto should never have been its own faction, so finally make
it a component under kern, i.e. rumpcrypto -> rumpkern_crypto.

This form allows you to request diff's between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.




CVSweb <webmaster@jp.NetBSD.org>