This permits requests to provide the AAD in a separate side buffer
instead of as a region in the crypto request input buffer. This is
useful when the main data buffer might not contain the full AAD
(e.g. for TLS or IPsec with ESN).
Unlike separate IVs which are constrained in size and stored in an
array in struct cryptop, separate AAD is provided by the caller
setting a new crp_aad pointer to the buffer. The caller must ensure
the pointer remains valid and the buffer contents static until the
request is completed (e.g. when the callback routine is invoked).
As with separate output buffers, not all drivers support this feature.
Consumers must request use of this feature via a new session flag.
To aid in driver testing, kern.crypto.cryptodev_separate_aad can be
set to force /dev/crypto requests to use a separate AAD buffer.
Discussed with: cem
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D25288
There are cases when gif_interfaces cannot be replaced
with cloned_interfaces, such as tunnels with external IPv6 addresses
and internal IPv4 or vice versa. Such configuration requires
extra invocation of ifconfig(8) and supported with gif_interfaces only.
Fix manual page and provide some examples.
MFC after: 1 week
X-MFC-With: 362502
The Quarter Century of Unix book said that 1BSD was released March 1979.
However, the 1BSD tape image that's on Kirk's historical unix collection has an
earlier date.
It was common practice, at the time, to create a new copy of the tape from the
master system when a new tape was to go out, so several different versions of
1BSD, etc were shipped from Berkerely. The date on the 1BSD tape in the Berkeley
archives on Kirk's DVD is dated in January 16 1979 on the label, and has dates
as late as Jan 29 (there's an UPDATE file that says this includes updates
through this date). Note this date as well.
This is in preparation for enabling a loadable SCTP stack. Analogous to
IPSEC/IPSEC_SUPPORT, the SCTP_SUPPORT kernel option must be configured
in order to support a loadable SCTP implementation.
Discussed with: tuexen
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
The arguments for VFS_CHECKEXP() were changed by r362158.
Also, the numsecflavors and secflavors arguments were not documented,
so add these as well.
This is a content change.
Prepare support to be able to handle font data in loader, consolidate
data structures to sys/font.h and update vtfontcvt.
vtfontcvt update is about to output set of glyphs in form of C source,
the implementation does allow to output compressed or uncompressed font
bitmaps.
Reviewed by: bcr
Differential Revision: https://reviews.freebsd.org/D24189
the debug messages. While here, clean up some variable naming.
Reviewed by: bcr (manpages), emaste
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D25230
pthread_get_name_np() and pthread_set_name_np().
This re-applies r361770 after compatibility fixes.
Reviewed by: antoine, jkim, markj
Tested by: antoine (exp-run)
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D25117
applications, which often depend on this being the case. There's a new
sysctl, compat.linux.default_openfiles, to control this behaviour.
Reviewed by: kevans, emaste, bcr (manpages)
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D25177
Use this in GELI to print out a different message when accelerated
software such as AESNI is used vs plain software crypto.
While here, simplify the logic in GELI a bit for determing which type
of crypto driver was chosen the first time by examining the
capabilities of the matched driver after a single call to
crypto_newsession rather than making separate calls with different
flags.
Reviewed by: delphij
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D25126
As timeout(9) was removed and all consumers were converted to
callout(9), reference it instead for the description of sbt, pr,
and flags arguments.
Reviewed by: trasz
Differential Revision: https://reviews.freebsd.org/D25165
As of r361857 all BINUTILS options are disabled by default - ports
have been changed to depend on binutils if they require GNU as, and
all base system assembly files have been switched to use Clang's
integrated assembler.
Relnotes: Yes
Sponsored by: The FreeBSD Foundation
Add xref to all SIM devices we currently have (including a rough indication
which ones are likely to fail).
Update to include all the CAM options.
Fix a few igor nits while I'm here.
for pthread_get_name_np() and pthread_set_name_np(), to be
compatible with Linux.
PR: 238404
Proposed and reviewed by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D25117
which happens on some laptops after returning to legacy multiplexing mode
at initialization stage.
PR: 242542
Reported by: Felix Palmen <felix@palmen-it.de>
MFC after: 1 week
2.11BSD was announced on March 14, 1991 in comp.bugs.2bsd by
Steven M. Schultz. The document has a 'revised January 1991'
date at the top.
Patch/1 in the official repo is dated March 31, 1991, and an identical copy of
it was posted to comp.bugs.2bsd on May 5, 1991. Patch 2 in 22 parts was likewise
posted May 18, 1991. This makes the Feb 1992 date too late. It's possible it's a
typo for Feb 1991 since that lines up with the announcement being 2 weeks
later. Without an extant copy of the 2.11 tape, however, it's hard to say for
sure. Go with the date we have the most independent, direct evidence for, which
is the announcement date.
The retirement of obsolete binutils 2.17.50 has been in progress for
quite some time. All tools other than GNU as were removed prior to this
commit, and it was built only on amd64 - installed as /usr/bin/as, and
used as a bootstrap tool.
The amd64 exp-run has completed and failures have now been addressed in
the individual ports, so disable it by default.
PR: 233611, 205250 [exp-run]
Sponsored by: The FreeBSD Foundation
The retirement of obsolete binutils 2.17.50 has been in progress for
quite some time. All tools other than GNU as were removed prior to this
commit, and it was built only on two archs:
i386, installed as /usr/bin/as
amd64, installed as /usr/bin/as and as a bootstrap tool
The i386 exp-run has completed and failures have been addressed in the
individual ports, so disable it there.
PR: 233611, 205250 [exp-run]
Sponsored by: The FreeBSD Foundation
r316063 installed pf's embedded libevent as a private lib, with headers
in /usr/include/private/event. Unfortunately we also have a copy of
libevent v2 included in ntp, which needed to be updated for compatibility
with OpenSSL 1.1.
As unadorned 'libevent' generally refers to libevent v2, be explicit that
this one is libevent v1.
Reviewed by: vangyzen (earlier)
Differential Revision: https://reviews.freebsd.org/D17275
ports/devel/linux_libusb builds FreeBSD libusb with GCC 4.8.5
from devel/linux-c7-devtools. Restore the tests for older GCC
in bsd.sys.mk to accomodate such ports.
Reported by: tijl
Sponsored by: Dell EMC Isilon
Some crypto consumers such as GELI and KTLS for file-backed sendfile
need to store their output in a separate buffer from the input.
Currently these consumers copy the contents of the input buffer into
the output buffer and queue an in-place crypto operation on the output
buffer. Using a separate output buffer avoids this copy.
- Create a new 'struct crypto_buffer' describing a crypto buffer
containing a type and type-specific fields. crp_ilen is gone,
instead buffers that use a flat kernel buffer have a cb_buf_len
field for their length. The length of other buffer types is
inferred from the backing store (e.g. uio_resid for a uio).
Requests now have two such structures: crp_buf for the input buffer,
and crp_obuf for the output buffer.
- Consumers now use helper functions (crypto_use_*,
e.g. crypto_use_mbuf()) to configure the input buffer. If an output
buffer is not configured, the request still modifies the input
buffer in-place. A consumer uses a second set of helper functions
(crypto_use_output_*) to configure an output buffer.
- Consumers must request support for separate output buffers when
creating a crypto session via the CSP_F_SEPARATE_OUTPUT flag and are
only permitted to queue a request with a separate output buffer on
sessions with this flag set. Existing drivers already reject
sessions with unknown flags, so this permits drivers to be modified
to support this extension without requiring all drivers to change.
- Several data-related functions now have matching versions that
operate on an explicit buffer (e.g. crypto_apply_buf,
crypto_contiguous_subsegment_buf, bus_dma_load_crp_buf).
- Most of the existing data-related functions operate on the input
buffer. However crypto_copyback always writes to the output buffer
if a request uses a separate output buffer.
- For the regions in input/output buffers, the following conventions
are followed:
- AAD and IV are always present in input only and their
fields are offsets into the input buffer.
- payload is always present in both buffers. If a request uses a
separate output buffer, it must set a new crp_payload_start_output
field to the offset of the payload in the output buffer.
- digest is in the input buffer for verify operations, and in the
output buffer for compute operations. crp_digest_start is relative
to the appropriate buffer.
- Add a crypto buffer cursor abstraction. This is a more general form
of some bits in the cryptosoft driver that tried to always use uio's.
However, compared to the original code, this avoids rewalking the uio
iovec array for requests with multiple vectors. It also avoids
allocate an iovec array for mbufs and populating it by instead walking
the mbuf chain directly.
- Update the cryptosoft(4) driver to support separate output buffers
making use of the cursor abstraction.
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D24545
