for counter mode), and AES-GCM. Both of these modes have been added to
the aesni module.
Included is a set of tests to validate that the software and aesni
module calculate the correct values. These use the NIST KAT test
vectors. To run the test, you will need to install a soon to be
committed port, nist-kat that will install the vectors. Using a port
is necessary as the test vectors are around 25MB.
All the man pages were updated. I have added a new man page, crypto.7,
which includes a description of how to use each mode. All the new modes
and some other AES modes are present. It would be good for someone
else to go through and document the other modes.
A new ioctl was added to support AEAD modes which AES-GCM is one of them.
Without this ioctl, it is not possible to test AEAD modes from userland.
Add a timing safe bcmp for use to compare MACs. Previously we were using
bcmp which could leak timing info and result in the ability to forge
messages.
Add a minor optimization to the aesni module so that single segment
mbufs don't get copied and instead are updated in place. The aesni
module needs to be updated to support blocked IO so segmented mbufs
don't have to be copied.
We require that the IV be specified for all calls for both GCM and ICM.
This is to ensure proper use of these functions.
Obtained from: p4: //depot/projects/opencrypto
Relnotes: yes
Sponsored by: FreeBSD Foundation
Sponsored by: NetGate
A variant of this code has been tested on amd64/i386 for some time by
EMC/Isilon on 10-STABLE/11-CURRENT. It builds on other architectures, but the
code will remain off until it's proven it works on virtual hardware or real
hardware on other architectures
Sponsored by: EMC / Isilon Storage Division
A variant of this code has been tested on amd64/i386 for some time by
EMC/Isilon on 10-STABLE/11-CURRENT. It builds on other architectures, but the
code will remain off until it's proven it works on virtual hardware or real
hardware on other architectures
Sponsored by: EMC / Isilon Storage Division
lib/libthr/tests
A variant of this code has been tested on amd64/i386 for some time by
EMC/Isilon on 10-STABLE/11-CURRENT. It builds on other architectures, but the
code will remain off until it's proven it works on virtual hardware or real
hardware on other architectures
Original work by: pho
Sponsored by: EMC / Isilon Storage Division
500 new testcases
Various TODOs have been sprinkled around the Makefiles for items that even need
to be ported (missing features), testcases have issues with building/linking, or
issues at runtime.
A variant of this code has been tested extensively on amd64 and i386
10-STABLE/11-CURRENT for several months without issue. It builds on other
architectures, but the code will remain off until I have prove it works on
virtual hardware or real hardware on other architectures
In collaboration with: pho, Casey Peel <casey.peel@isilon.com>
Sponsored by: EMC / Isilon Storage Division
pjdfstest execution is opt-in and must be done as root due to some of the
assumptions made by the test suite and lack of error checking in the non-root
case
A description of how to execute pjdfstest with kyua is provided in
share/pjdfstest/README
Phabric: D824 (an earlier prototype patch)
MFC after: 1 month
Relnotes: yes
Sponsored by: EMC / Isilon Storage Division
Directories for /usr/lib{,32}/{i18n,private} were missing from the mtree
file, which caused installworld to install the files that should be in
the directory as the name of the directory.
This will prevent vim users from accidentally checking in buggy mtree files
(mixed tabs/spaces).
MFC after: 2 weeks
Sponsored by: EMC / Isilon Storage Division
many thanks for their continued support of FreeBSD.
While I'm there, also implement a new build knob, WITHOUT_HYPERV to
disable building and installing of the HyperV utilities when necessary.
The HyperV utilities are only built for i386 and amd64 targets.
This is a stable/10 candidate for inclusion with 10.1-RELEASE.
Submitted by: Wei Hu <weh microsoft com>
MFC after: 1 week
tree support includes a device tree source compiler dtc(8) which
converts .dts files into .dtb files. /boot/loader will load dtb files
from this directory by default, allowing for fewer differences between
images for different SoCs. Compiled dts files will wind up here
eventually as an alternative to embedding them into the kernel.
Document this in hier(7), as well as add missing entries for
/boot/firmware and /boot/zfs, though the latter two should only be
considered place holders if someone wants to make them better.
particularly useful for services such as "network" (netif) where each
interface can now have its own separate configuration file.
Add /etc/rc.conf.d to the mtree file so it is always present.
MFC after: 3 days
UNIX systems, eg. MacOS X and Solaris. It uses Sun-compatible map format,
has proper kernel support, and LDAP integration.
There are still a few outstanding problems; they will be fixed shortly.
Reviewed by: allanjude@, emaste@, kib@, wblock@ (earlier versions)
Phabric: D523
MFC after: 2 weeks
Relnotes: yes
Sponsored by: The FreeBSD Foundation
This change consists of two merges from projects/zfsd/head along with the
addition of an ATF test case for the new functionality.
sbin/devd/tests/Makefile
sbin/devd/tests/client_test.c
Add ATF test cases for reading events from both devd socket types.
r266519:
sbin/devd/devd.8
sbin/devd/devd.cc
Create a new socket, of type SOCK_SEQPACKET, for communicating with
clients. SOCK_SEQPACKET sockets preserve record boundaries,
simplying code in the client. The old SOCK_STREAM socket is retained
for backwards-compatibility with existing clients.
r269993:
sbin/devd/devd.8
Fix grammar bug.
CR: https://reviews.freebsd.org/rS266519
MFC after: 5 days
Sponsored by: Spectra Logic
Rename all of the TAP test applications from <test> to <test>_test
to match the convention described in the TestSuite wiki page
Phabric: D538
Approved by: jmmv (mentor)
Sponsored by: EMC / Isilon Storage Division
Test LD_LIBRARY_PATH_FDS by linking a binary that requires a shared
library that isn't in any of the usual search paths. Ensure this fails
when we don't supply LD_LIBRARY_PATH_FDS or we pass invalid information
in it. Ensure it works when we pass the correct directory in various
places in the variable.
Approved by: rwatson (mentor)
MFC after: 3 weeks
Sponsored by: DARPA/AFRL
The change to expand_number (r204654) broke detection of too large sizes and
relative sizes ('+'/'-').
Also add some tests.
PR: 190735
Submitted by: Kirk Russell
MFC after: 1 week
In r266650, we made libatf-c and libatf-c++ private libraries so that no
components outside of the source tree could unintendedly depend on them.
This change does the same for the "atf-sh library" by moving the atf-sh
interpreter from its public location in /usr/bin/ to the private location
in /usr/libexec/. Our build system will ensure that our own test programs
use the right binary, but users won't be able to depend on atf-sh by
"mistake".
Committing this now to ride the UPDATING notice added with r267172 today.
We should not be leaking these interfaces to the outside world given
that it's much easier for third-party components to use the devel/atf
package from ports.
As a side-effect, we can also drop the ATF pkgconfig and aclocal files
from the base system. Nothing in the base system needs these, and it
was quite ugly to have to get them installed only so that a few ports
could build. The offending ports have been fixed to depend on
devel/atf explicitly.
Reviewed by: bapt
Convert libdevctl to use devd's new SEQPACKET socket.
lib/libdevctl/consumer.cc
lib/libdevctl/event_buffer.cc
lib/libdevctl/event_buffer.h
lib/libdevctl/reader.cc
lib/libdevctl/reader.h
Read from the new /var/run/devd.seqpacket.pipe instead of
/var/run/devd.pipe. Since it preserves record boundaries,
we can eliminate all the repacketization code in
EventBuffer::ExtractEvent as well as much supporting code
from the Reader class.
lib/libdevctl/consumer.cc
Make the pipe nonblocking. Previously, we avoided blocking
by using the FIONREAD ioctl, but this is simpler.
cddl/sbin/zfsd/case_file.cc
cddl/sbin/zfsd/tests/zfsd_unittest.cc
cddl/sbin/zfsd/vdev.cc
cddl/sbin/zfsd/zfsd.cc
cddl/sbin/zfsd/zfsd.h
cddl/sbin/zfsd/zfsd_event.cc
Update zfsd according to the libdevctl changes. The only
nontrivial change is to CaseFile::DeSerialize, which
elimintes the use of IStreamReader.
cddl/sbin/zfsd/case_file.cc
For an unknown reason, sometimes the std::ios::failbit
will get set on caseStream. Instead of checking for
!eof(), check for good(). That method checks the
eofbit, errorbit, and failbit.
livdevctl cleanup (from gibbs)
lib/libdevctl/event.cc:
lib/libdevctl/event.h:
Remove the event class's name from its Builder method. It's
perfectly clear that DevfsEvent::Builder() is the DevfsEvent
class's Builder function.
cddl/sbin/zfsd/zfsd.cc:
cddl/sbin/zfsd/zfsd_event.cc:
cddl/sbin/zfsd/zfsd_event.h:
Conform to new libdevct Builder naming convention.
Fix autoreplace by physical path when a hotspare is present
cddl/sbin/zfsd/case_file.cc
Fix logic error in CaseFile::Replace regarding whether the
replacement device is a spare or not.
Reviewed by: gibbs
Sponsored by: Spectra Logic
The CUSE library is a wrapper for the devfs kernel functionality which
is exposed through /dev/cuse . In order to function the CUSE kernel
code must either be enabled in the kernel configuration file or loaded
separately as a module. Currently none of the committed items are
connected to the default builds, except for installing the needed
header files. The CUSE code will be connected to the default world and
kernel builds in a follow-up commit.
The CUSE module was written by Hans Petter Selasky, somewhat inspired
by similar functionality found in FUSE. The CUSE library can be used
for many purposes. Currently CUSE is used when running Linux kernel
drivers in user-space, which need to create a character device node to
communicate with its applications. CUSE has full support for almost
all devfs functionality found in the kernel:
- kevents
- read
- write
- ioctl
- poll
- open
- close
- mmap
- private per file handle data
Requested by several people. Also see "multimedia/cuse4bsd-kmod" in
ports.