CVS commit: src/sys/sys

[Taylor R Campbell]

Module Name:src
Committed By:   riastradh
Date:   Tue Jun 30 06:25:15 UTC 2020

Modified Files:
src/sys/sys: param.h

Log Message:
NetBSD 6.99.69 welcomes you, and hopes you enjoy your new AES API.


To generate a diff of this commit:
cvs rdiff -u -r1.671 -r1.672 src/sys/sys/param.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/doc

[Sevan Janiyan]

Module Name:src
Committed By:   sevan
Date:   Tue Jun 30 05:19:19 UTC 2020

Modified Files:
src/doc: 3RDPARTY

Log Message:
Lua 5.4.0 is out


To generate a diff of this commit:
cvs rdiff -u -r1.1731 -r1.1732 src/doc/3RDPARTY

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/tests/dev/cgd

[Taylor R Campbell]

Module Name:src
Committed By:   riastradh
Date:   Tue Jun 30 04:17:31 UTC 2020

Modified Files:
src/tests/dev/cgd: t_cgd_adiantum.c

Log Message:
Missed a spot -- one more 32-bit sign-compare issue.


To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.3 src/tests/dev/cgd/t_cgd_adiantum.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/sys

[Taylor R Campbell]

Module Name:src
Committed By:   riastradh
Date:   Tue Jun 30 04:14:56 UTC 2020

Modified Files:
src/sys/netipsec: files.netipsec xform_esp.c
src/sys/opencrypto: cryptodev.c cryptosoft_xform.c xform.c xform.h

Log Message:
Rename enc_xform_rijndael128 -> enc_xform_aes.

Update netipsec dependency.


To generate a diff of this commit:
cvs rdiff -u -r1.14 -r1.15 src/sys/netipsec/files.netipsec
cvs rdiff -u -r1.99 -r1.100 src/sys/netipsec/xform_esp.c
cvs rdiff -u -r1.105 -r1.106 src/sys/opencrypto/cryptodev.c
cvs rdiff -u -r1.29 -r1.30 src/sys/opencrypto/cryptosoft_xform.c
cvs rdiff -u -r1.30 -r1.31 src/sys/opencrypto/xform.c
cvs rdiff -u -r1.20 -r1.21 src/sys/opencrypto/xform.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/tests/dev/cgd

[Taylor R Campbell]

Module Name:src
Committed By:   riastradh
Date:   Tue Jun 30 04:15:46 UTC 2020

Modified Files:
src/tests/dev/cgd: t_cgd_adiantum.c

Log Message:
Fix sign-compare issue on 32-bit systems.

Built fine on amd64, where all unsigned values are representable in
ssize_t, but I didn't try building on i386, where they're not.


To generate a diff of this commit:
cvs rdiff -u -r1.1 -r1.2 src/tests/dev/cgd/t_cgd_adiantum.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/doc

[Taylor R Campbell]

Module Name:src
Committed By:   riastradh
Date:   Tue Jun 30 00:26:12 UTC 2020

Modified Files:
src/doc: CHANGES

Log Message:
Note kernel AES rework.


To generate a diff of this commit:
cvs rdiff -u -r1.2705 -r1.2706 src/doc/CHANGES

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/sys/arch

[Taylor R Campbell]

Module Name:src
Committed By:   riastradh
Date:   Mon Jun 29 23:58:44 UTC 2020

Modified Files:
src/sys/arch/amd64/conf: ALL
src/sys/arch/x86/x86: via_padlock.c

Log Message:
Make padlock(4) compile on amd64.


To generate a diff of this commit:
cvs rdiff -u -r1.154 -r1.155 src/sys/arch/amd64/conf/ALL
cvs rdiff -u -r1.30 -r1.31 src/sys/arch/x86/x86/via_padlock.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/sys/arch/arm

[Taylor R Campbell]

Module Name:src
Committed By:   riastradh
Date:   Mon Jun 29 23:54:06 UTC 2020

Modified Files:
src/sys/arch/arm/arm32: cpu.c
src/sys/arch/arm/include: cpu.h
src/sys/arch/arm/vfp: vfp_init.c

Log Message:
Implement fpu_kern_enter/leave for arm32.


To generate a diff of this commit:
cvs rdiff -u -r1.145 -r1.146 src/sys/arch/arm/arm32/cpu.c
cvs rdiff -u -r1.110 -r1.111 src/sys/arch/arm/include/cpu.h
cvs rdiff -u -r1.64 -r1.65 src/sys/arch/arm/vfp/vfp_init.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/sys

[Taylor R Campbell]

Module Name:src
Committed By:   riastradh
Date:   Mon Jun 29 23:56:31 UTC 2020

Modified Files:
src/sys/arch/aarch64/aarch64: cpu.c
src/sys/arch/aarch64/conf: files.aarch64
src/sys/arch/arm/conf: files.arm
src/sys/arch/arm/vfp: vfp_init.c
Added Files:
src/sys/crypto/aes/arch/arm: aes_neon.c aes_neon.h aes_neon_impl.c
aes_neon_impl.h aes_neon_subr.c arm_neon.h files.aesneon

Log Message:
New permutation-based AES implementation using ARM NEON.

Also derived from Mike Hamburg's public-domain vpaes code.


To generate a diff of this commit:
cvs rdiff -u -r1.49 -r1.50 src/sys/arch/aarch64/aarch64/cpu.c
cvs rdiff -u -r1.23 -r1.24 src/sys/arch/aarch64/conf/files.aarch64
cvs rdiff -u -r1.157 -r1.158 src/sys/arch/arm/conf/files.arm
cvs rdiff -u -r1.65 -r1.66 src/sys/arch/arm/vfp/vfp_init.c
cvs rdiff -u -r0 -r1.1 src/sys/crypto/aes/arch/arm/aes_neon.c \
src/sys/crypto/aes/arch/arm/aes_neon.h \
src/sys/crypto/aes/arch/arm/aes_neon_impl.c \
src/sys/crypto/aes/arch/arm/aes_neon_impl.h \
src/sys/crypto/aes/arch/arm/aes_neon_subr.c \
src/sys/crypto/aes/arch/arm/arm_neon.h \
src/sys/crypto/aes/arch/arm/files.aesneon

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/sys/crypto/aes/arch/arm

[Taylor R Campbell]

Module Name:src
Committed By:   riastradh
Date:   Mon Jun 29 23:57:56 UTC 2020

Modified Files:
src/sys/crypto/aes/arch/arm: aes_neon.c files.aesneon
Added Files:
src/sys/crypto/aes/arch/arm: aes_neon_32.S

Log Message:
Provide hand-written AES NEON assembly for arm32.

gcc does a lousy job at compiling 128-bit NEON intrinsics on arm32;
hand-writing it made it about 12x faster, by avoiding a zillion loads
and stores to spill everything and the kitchen sink onto the stack.
(But gcc does fine on aarch64, presumably because it has twice as
many registers and doesn't have to deal with q2=d4/d5 overlapping.)


To generate a diff of this commit:
cvs rdiff -u -r1.1 -r1.2 src/sys/crypto/aes/arch/arm/aes_neon.c \
src/sys/crypto/aes/arch/arm/files.aesneon
cvs rdiff -u -r0 -r1.1 src/sys/crypto/aes/arch/arm/aes_neon_32.S

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/sys

[Taylor R Campbell]

Module Name:src
Committed By:   riastradh
Date:   Mon Jun 29 23:53:12 UTC 2020

Modified Files:
src/sys/arch/aarch64/aarch64: fpu.c
src/sys/crypto/aes/arch/arm: aes_armv8.c
Added Files:
src/sys/arch/arm/include: fpu.h
Removed Files:
src/sys/arch/aarch64/include: fpu.h

Log Message:
Move aarch64/fpu.h to arm/fpu.h.


To generate a diff of this commit:
cvs rdiff -u -r1.4 -r1.5 src/sys/arch/aarch64/aarch64/fpu.c
cvs rdiff -u -r1.1 -r0 src/sys/arch/aarch64/include/fpu.h
cvs rdiff -u -r0 -r1.1 src/sys/arch/arm/include/fpu.h
cvs rdiff -u -r1.1 -r1.2 src/sys/crypto/aes/arch/arm/aes_armv8.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/sys

[Taylor R Campbell]

Module Name:src
Committed By:   riastradh
Date:   Mon Jun 29 23:51:35 UTC 2020

Modified Files:
src/sys/arch/x86/conf: files.x86
src/sys/arch/x86/x86: identcpu.c
src/sys/crypto/aes/arch/x86: immintrin.h
Added Files:
src/sys/crypto/aes/arch/x86: aes_ssse3.c aes_ssse3.h aes_ssse3_impl.c
aes_ssse3_impl.h aes_ssse3_subr.c files.aee3

Log Message:
New permutation-based AES implementation using SSSE3.

This covers a lot of CPUs -- particularly lower-end CPUs over the
past decade which lack AES-NI.

Derived from Mike Hamburg's public domain vpaes software; see
 for details.


To generate a diff of this commit:
cvs rdiff -u -r1.115 -r1.116 src/sys/arch/x86/conf/files.x86
cvs rdiff -u -r1.110 -r1.111 src/sys/arch/x86/x86/identcpu.c
cvs rdiff -u -r0 -r1.1 src/sys/crypto/aes/arch/x86/aes_ssse3.c \
src/sys/crypto/aes/arch/x86/aes_ssse3.h \
src/sys/crypto/aes/arch/x86/aes_ssse3_impl.c \
src/sys/crypto/aes/arch/x86/aes_ssse3_impl.h \
src/sys/crypto/aes/arch/x86/aes_ssse3_subr.c \
src/sys/crypto/aes/arch/x86/files.aee3
cvs rdiff -u -r1.1 -r1.2 src/sys/crypto/aes/arch/x86/immintrin.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/sys/crypto/aes/arch/x86

[Taylor R Campbell]

Module Name:src
Committed By:   riastradh
Date:   Mon Jun 29 23:50:05 UTC 2020

Modified Files:
src/sys/crypto/aes/arch/x86: aes_sse2.h aes_sse2_impl.c aes_sse2_impl.h
files.aessse2
Added Files:
src/sys/crypto/aes/arch/x86: aes_sse2_subr.c

Log Message:
Split SSE2 logic into separate units.

Ensure that there are no paths into files compiled with -msse -msse2
at all except via fpu_kern_enter.

I didn't run into a practical problem with this, but let's not leave
a ticking time bomb for subsequent toolchain changes in case the mere
declaration of local __m128i variables causes trouble.


To generate a diff of this commit:
cvs rdiff -u -r1.1 -r1.2 src/sys/crypto/aes/arch/x86/aes_sse2.h \
src/sys/crypto/aes/arch/x86/aes_sse2_impl.c \
src/sys/crypto/aes/arch/x86/aes_sse2_impl.h \
src/sys/crypto/aes/arch/x86/files.aessse2
cvs rdiff -u -r0 -r1.1 src/sys/crypto/aes/arch/x86/aes_sse2_subr.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/sys/uvm

[Taylor R Campbell]

Module Name:src
Committed By:   riastradh
Date:   Mon Jun 29 23:40:28 UTC 2020

Modified Files:
src/sys/uvm: uvm_swap.c

Log Message:
uvm: Make sure swap encryption IV is 128-bit-aligned on stack.

Will help hardware-assisted AES.


To generate a diff of this commit:
cvs rdiff -u -r1.194 -r1.195 src/sys/uvm/uvm_swap.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/sys/crypto/aes/arch/x86

[Taylor R Campbell]

Module Name:src
Committed By:   riastradh
Date:   Mon Jun 29 23:41:35 UTC 2020

Modified Files:
src/sys/crypto/aes/arch/x86: aes_via.c

Log Message:
VIA AES: Batch AES-XTS computation into eight blocks at a time.

Experimental -- performance improvement is not clearly worth the
complexity.


To generate a diff of this commit:
cvs rdiff -u -r1.1 -r1.2 src/sys/crypto/aes/arch/x86/aes_via.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/sys

[Taylor R Campbell]

Module Name:src
Committed By:   riastradh
Date:   Mon Jun 29 23:47:54 UTC 2020

Modified Files:
src/sys/arch/x86/conf: files.x86
src/sys/arch/x86/x86: identcpu.c
src/sys/crypto/aes: aes.h
Added Files:
src/sys/crypto/aes/arch/x86: aes_sse2.c aes_sse2.h aes_sse2_dec.c
aes_sse2_enc.c aes_sse2_impl.c aes_sse2_impl.h files.aessse2
immintrin.h immintrin_ext.h

Log Message:
New SSE2-based bitsliced AES implementation.

This should work on essentially all x86 CPUs of the last two decades,
and may improve throughput over the portable C aes_ct implementation
from BearSSL by

(a) reducing the number of vector operations in sequence, and
(b) batching four rather than two blocks in parallel.

Derived from BearSSL'S aes_ct64 implementation adjusted so that where
aes_ct64 uses 64-bit q[0],...,q[7], aes_sse2 uses (q[0], q[4]), ...,
(q[3], q[7]), each tuple representing a pair of 64-bit quantities
stacked in a single 128-bit register.  This translation was done very
naively, and mostly reduces the cost of ShiftRows and data movement
without doing anything to address the S-box or (Inv)MixColumns, which
spread all 64-bit quantities across separate registers and ignore the
upper halves.

Unfortunately, SSE2 -- which is all that is guaranteed on all amd64
CPUs -- doesn't have PSHUFB, which would help out a lot more.  For
example, vpaes relies on that.  Perhaps there are enough CPUs out
there with PSHUFB but not AES-NI to make it worthwhile to import or
adapt vpaes too.

Note: This includes local definitions of various Intel compiler
intrinsics for gcc and clang in terms of their __builtin_* &c.,
because the necessary header files are not available during the
kernel build.  This is a kludge -- we should fix it properly; the
present approach is expedient but not ideal.


To generate a diff of this commit:
cvs rdiff -u -r1.114 -r1.115 src/sys/arch/x86/conf/files.x86
cvs rdiff -u -r1.109 -r1.110 src/sys/arch/x86/x86/identcpu.c
cvs rdiff -u -r1.1 -r1.2 src/sys/crypto/aes/aes.h
cvs rdiff -u -r0 -r1.1 src/sys/crypto/aes/arch/x86/aes_sse2.c \
src/sys/crypto/aes/arch/x86/aes_sse2.h \
src/sys/crypto/aes/arch/x86/aes_sse2_dec.c \
src/sys/crypto/aes/arch/x86/aes_sse2_enc.c \
src/sys/crypto/aes/arch/x86/aes_sse2_impl.c \
src/sys/crypto/aes/arch/x86/aes_sse2_impl.h \
src/sys/crypto/aes/arch/x86/files.aessse2 \
src/sys/crypto/aes/arch/x86/immintrin.h \
src/sys/crypto/aes/arch/x86/immintrin_ext.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src

[Taylor R Campbell]

Module Name:src
Committed By:   riastradh
Date:   Mon Jun 29 23:44:02 UTC 2020

Modified Files:
src/distrib/sets/lists/debug: mi
src/distrib/sets/lists/tests: mi
src/sys/conf: files
src/sys/dev: cgd_crypto.c
src/sys/rump/kern/lib/libcrypto: Makefile
src/tests/dev/cgd: Makefile
Added Files:
src/sys/crypto/adiantum: adiantum.c adiantum.h adiantum_selftest.c
files.adiantum
src/tests/dev/cgd: t_cgd_adiantum.c

Log Message:
New cgd cipher adiantum.

Adiantum is a wide-block cipher, built out of AES, XChaCha12,
Poly1305, and NH, defined in

   Paul Crowley and Eric Biggers, `Adiantum: length-preserving
   encryption for entry-level processors', IACR Transactions on
   Symmetric Cryptology 2018(4), pp. 39--61.

Adiantum provides better security than a narrow-block cipher with CBC
or XTS, because every bit of each sector affects every other bit,
whereas with CBC each block of plaintext only affects the following
blocks of ciphertext in the disk sector, and with XTS each block of
plaintext only affects its own block of ciphertext and nothing else.

Adiantum generally provides much better performance than
constant-time AES-CBC or AES-XTS software do without hardware
support, and performance comparable to or better than the
variable-time (i.e., leaky) AES-CBC and AES-XTS software we had
before.  (Note: Adiantum also uses AES as a subroutine, but only once
per disk sector.  It takes only a small fraction of the time spent by
Adiantum, so there's relatively little performance impact to using
constant-time AES software over using variable-time AES software for
it.)

Adiantum naturally scales to essentially arbitrary disk sector sizes;
sizes >=1024-bytes take the most advantage of Adiantum's design for
performance, so 4096-byte sectors would be a natural choice if we
taught cgd to change the disk sector size.  (However, it's a
different cipher for each disk sector size, so it _must_ be a cgd
parameter.)

The paper presents a similar construction HPolyC.  The salient
difference is that HPolyC uses Poly1305 directly, whereas Adiantum
uses Poly1395(NH(...)).  NH is annoying because it requires a
1072-byte key, which means the test vectors are ginormous, and
changing keys is costly; HPolyC avoids these shortcomings by using
Poly1305 directly, but HPolyC is measurably slower, costing about
1.5x what Adiantum costs on 4096-byte sectors.

For the purposes of cgd, we will reuse each key for many messages,
and there will be very few keys in total (one per cgd volume) so --
except for the annoying verbosity of test vectors -- the tradeoff
weighs in the favour of Adiantum, especially if we teach cgd to do
>>512-byte sectors.

For now, everything that Adiantum needs beyond what's already in the
kernel is gathered into a single file, including NH, Poly1305, and
XChaCha12.  We can split those out -- and reuse them, and provide MD
tuned implementations, and so on -- as needed; this is just a first
pass to get Adiantum implemented for experimentation.


To generate a diff of this commit:
cvs rdiff -u -r1.319 -r1.320 src/distrib/sets/lists/debug/mi
cvs rdiff -u -r1.862 -r1.863 src/distrib/sets/lists/tests/mi
cvs rdiff -u -r1.1270 -r1.1271 src/sys/conf/files
cvs rdiff -u -r0 -r1.1 src/sys/crypto/adiantum/adiantum.c \
src/sys/crypto/adiantum/adiantum.h \
src/sys/crypto/adiantum/adiantum_selftest.c \
src/sys/crypto/adiantum/files.adiantum
cvs rdiff -u -r1.25 -r1.26 src/sys/dev/cgd_crypto.c
cvs rdiff -u -r1.7 -r1.8 src/sys/rump/kern/lib/libcrypto/Makefile
cvs rdiff -u -r1.10 -r1.11 src/tests/dev/cgd/Makefile
cvs rdiff -u -r0 -r1.1 src/tests/dev/cgd/t_cgd_adiantum.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/sys

[Taylor R Campbell]

Module Name:src
Committed By:   riastradh
Date:   Mon Jun 29 23:39:31 UTC 2020

Modified Files:
src/sys/arch/x86/conf: files.x86
src/sys/arch/x86/x86: identcpu.c
Added Files:
src/sys/crypto/aes/arch/x86: aes_via.c aes_via.h files.aesvia

Log Message:
Add AES implementation with VIA ACE.


To generate a diff of this commit:
cvs rdiff -u -r1.113 -r1.114 src/sys/arch/x86/conf/files.x86
cvs rdiff -u -r1.108 -r1.109 src/sys/arch/x86/x86/identcpu.c
cvs rdiff -u -r0 -r1.1 src/sys/crypto/aes/arch/x86/aes_via.c \
src/sys/crypto/aes/arch/x86/aes_via.h \
src/sys/crypto/aes/arch/x86/files.aesvia

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/sys/arch/x86

[Taylor R Campbell]

Module Name:src
Committed By:   riastradh
Date:   Mon Jun 29 23:38:02 UTC 2020

Modified Files:
src/sys/arch/x86/conf: files.x86
src/sys/arch/x86/include: via_padlock.h
src/sys/arch/x86/x86: via_padlock.c

Log Message:
padlock(4): Remove legacy rijndael API use.

This doesn't actually need to compute AES -- it just needs the
standard AES key schedule, so use the BearSSL constant-time key
schedule implementation.

XXX Compile-tested only.
XXX The byte-order business here seems highly questionable.


To generate a diff of this commit:
cvs rdiff -u -r1.112 -r1.113 src/sys/arch/x86/conf/files.x86
cvs rdiff -u -r1.9 -r1.10 src/sys/arch/x86/include/via_padlock.h
cvs rdiff -u -r1.29 -r1.30 src/sys/arch/x86/x86/via_padlock.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/sys/crypto/aes

[Taylor R Campbell]

Module Name:src
Committed By:   riastradh
Date:   Mon Jun 29 23:36:59 UTC 2020

Modified Files:
src/sys/crypto/aes: aes_bear.h aes_ct.c aes_ct_dec.c aes_impl.c

Log Message:
Provide the standard AES key schedule.

Different AES implementations prefer different variations on it, but
some of them -- notably VIA -- require the standard key schedule to
be available and don't provide hardware support for computing it
themselves.  So adapt BearSSL's logic to generate the standard key
schedule (and decryption keys, with InvMixColumns), rather than the
bitsliced key schedule that BearSSL uses natively.


To generate a diff of this commit:
cvs rdiff -u -r1.1 -r1.2 src/sys/crypto/aes/aes_bear.h \
src/sys/crypto/aes/aes_ct.c src/sys/crypto/aes/aes_ct_dec.c \
src/sys/crypto/aes/aes_impl.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/sys/dev

[Taylor R Campbell]

Module Name:src
Committed By:   riastradh
Date:   Mon Jun 29 23:36:07 UTC 2020

Modified Files:
src/sys/dev: cgd.c cgd_crypto.c cgd_crypto.h

Log Message:
cgd(4): Align IVs on the stack.

This will make it easier for some hardware crypto support.


To generate a diff of this commit:
cvs rdiff -u -r1.136 -r1.137 src/sys/dev/cgd.c
cvs rdiff -u -r1.24 -r1.25 src/sys/dev/cgd_crypto.c
cvs rdiff -u -r1.12 -r1.13 src/sys/dev/cgd_crypto.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/sys/dev

[Taylor R Campbell]

Module Name:src
Committed By:   riastradh
Date:   Mon Jun 29 23:35:26 UTC 2020

Modified Files:
src/sys/dev: cgd.c

Log Message:
cgd(4): Print which key size is broken when a self-test fails.

Can be gleaned from the test index but this is a little quicker.


To generate a diff of this commit:
cvs rdiff -u -r1.135 -r1.136 src/sys/dev/cgd.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/sys/opencrypto

[Taylor R Campbell]

Module Name:src
Committed By:   riastradh
Date:   Mon Jun 29 23:34:48 UTC 2020

Modified Files:
src/sys/opencrypto: aesxcbcmac.c aesxcbcmac.h cryptosoft.c
cryptosoft_xform.c files.opencrypto gmac.c gmac.h xform.c

Log Message:
opencrypto: Switch from legacy rijndael API to new aes API.

While here, apply various rijndael->aes renames, reduce the size
of aesxcbc_ctx by 480 bytes, and convert some malloc->kmem.

Leave in the symbol enc_xform_rijndael128 for now, though, so this
doesn't break any kernel ABI.


To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.3 src/sys/opencrypto/aesxcbcmac.c \
src/sys/opencrypto/gmac.h
cvs rdiff -u -r1.1 -r1.2 src/sys/opencrypto/aesxcbcmac.h
cvs rdiff -u -r1.55 -r1.56 src/sys/opencrypto/cryptosoft.c
cvs rdiff -u -r1.28 -r1.29 src/sys/opencrypto/cryptosoft_xform.c
cvs rdiff -u -r1.29 -r1.30 src/sys/opencrypto/files.opencrypto \
src/sys/opencrypto/xform.c
cvs rdiff -u -r1.3 -r1.4 src/sys/opencrypto/gmac.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/sys/uvm

[Taylor R Campbell]

Module Name:src
Committed By:   riastradh
Date:   Mon Jun 29 23:33:46 UTC 2020

Modified Files:
src/sys/uvm: files.uvm uvm_swap.c

Log Message:
uvm(9): Switch from legacy rijndael API to new aes API.


To generate a diff of this commit:
cvs rdiff -u -r1.34 -r1.35 src/sys/uvm/files.uvm
cvs rdiff -u -r1.193 -r1.194 src/sys/uvm/uvm_swap.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/sys

[Taylor R Campbell]

Module Name:src
Committed By:   riastradh
Date:   Mon Jun 29 23:33:05 UTC 2020

Modified Files:
src/sys/conf: files
src/sys/dev: cgd_crypto.c

Log Message:
cgd(4): Switch from legacy rijndael API to new aes API.


To generate a diff of this commit:
cvs rdiff -u -r1.1269 -r1.1270 src/sys/conf/files
cvs rdiff -u -r1.23 -r1.24 src/sys/dev/cgd_crypto.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/sys/arch/i386

[Taylor R Campbell]

Module Name:src
Committed By:   riastradh
Date:   Mon Jun 29 23:32:24 UTC 2020

Modified Files:
src/sys/arch/i386/conf: files.i386
src/sys/arch/i386/pci: glxsb.c

Log Message:
glxsb(4): Remove rijndael dependency.

This doesn't actually seem to depend on it in any way.

XXX Compile-tested only.


To generate a diff of this commit:
cvs rdiff -u -r1.403 -r1.404 src/sys/arch/i386/conf/files.i386
cvs rdiff -u -r1.15 -r1.16 src/sys/arch/i386/pci/glxsb.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/sys

[Taylor R Campbell]

Module Name:src
Committed By:   riastradh
Date:   Mon Jun 29 23:31:42 UTC 2020

Modified Files:
src/sys/arch/aarch64/aarch64: cpu.c
src/sys/arch/aarch64/conf: files.aarch64
Added Files:
src/sys/crypto/aes/arch/arm: aes_armv8.c aes_armv8.h aes_armv8_64.S
files.aesarmv8

Log Message:
Implement AES in kernel using ARMv8.0-AES on aarch64.


To generate a diff of this commit:
cvs rdiff -u -r1.48 -r1.49 src/sys/arch/aarch64/aarch64/cpu.c
cvs rdiff -u -r1.22 -r1.23 src/sys/arch/aarch64/conf/files.aarch64
cvs rdiff -u -r0 -r1.1 src/sys/crypto/aes/arch/arm/aes_armv8.c \
src/sys/crypto/aes/arch/arm/aes_armv8.h \
src/sys/crypto/aes/arch/arm/aes_armv8_64.S \
src/sys/crypto/aes/arch/arm/files.aesarmv8

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/sys

[Taylor R Campbell]

Module Name:src
Committed By:   riastradh
Date:   Mon Jun 29 23:29:40 UTC 2020

Modified Files:
src/sys/arch/x86/conf: files.x86
src/sys/arch/x86/x86: identcpu.c
Added Files:
src/sys/crypto/aes/arch/x86: aes_ni.c aes_ni.h aes_ni_64.S files.aesni

Log Message:
Add x86 AES-NI support.

Limited to amd64 for now.  In principle, AES-NI should work in 32-bit
mode, and there may even be some 32-bit-only CPUs that support
AES-NI, but that requires work to adapt the assembly.


To generate a diff of this commit:
cvs rdiff -u -r1.111 -r1.112 src/sys/arch/x86/conf/files.x86
cvs rdiff -u -r1.107 -r1.108 src/sys/arch/x86/x86/identcpu.c
cvs rdiff -u -r0 -r1.1 src/sys/crypto/aes/arch/x86/aes_ni.c \
src/sys/crypto/aes/arch/x86/aes_ni.h \
src/sys/crypto/aes/arch/x86/aes_ni_64.S \
src/sys/crypto/aes/arch/x86/files.aesni

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/sys

[Taylor R Campbell]

Module Name:src
Committed By:   riastradh
Date:   Mon Jun 29 23:27:52 UTC 2020

Modified Files:
src/sys/conf: files
src/sys/rump/kern/lib/libcrypto: Makefile
Added Files:
src/sys/crypto/aes: aes.h aes_bear.c aes_bear.h aes_ct.c aes_ct_dec.c
aes_ct_enc.c aes_impl.c aes_rijndael.c aes_selftest.c files.aes
Removed Files:
src/sys/crypto/rijndael: files.rijndael rijndael-alg-fst.c
rijndael-api-fst.c rijndael.c rijndael_local.h

Log Message:
Rework AES in kernel to finally address CVE-2005-1797.

1. Rip out old variable-time reference implementation.
2. Replace it by BearSSL's constant-time 32-bit logic.
   => Obtained from commit dda1f8a0c46e15b4a235163470ff700b2f13dcc5.
   => We could conditionally adopt the 64-bit logic too, which would
  likely give a modest performance boost on 64-bit platforms
  without AES-NI, but that's a bit more trouble.
3. Select the AES implementation at boot-time; allow an MD override.
   => Use self-tests to verify basic correctness at boot.
   => The implementation selection policy is rather rudimentary at
  the moment but it is isolated to one place so it's easy to
  change later on.

This (a) plugs a host of timing attacks on, e.g., cgd, and (b) paves
the way to take advantage of CPU support for AES -- both things we
should've done a decade ago.  Downside: Computing AES takes 2-3x the
CPU time.  But that's what hardware support will be coming for.

Rudimentary measurement of performance impact done by:

mount -t tmpfs tmpfs /tmp
dd if=/dev/zero of=/tmp/disk bs=1m count=512
vnconfig -cv vnd0 /tmp/disk
cgdconfig -s cgd0 /dev/vnd0 aes-cbc 256 < /dev/zero
dd if=/dev/rcgd0d of=/dev/null bs=64k
dd if=/dev/zero of=/dev/rcgd0d bs=64k

The AES-CBC encryption performance impact is closer to 3x because it
is inherently sequential; the AES-CBC decryption impact is closer to
2x because the bitsliced AES logic can process two blocks at once.

Discussed on tech-kern:

https://mail-index.NetBSD.org/tech-kern/2020/06/18/msg026505.html


To generate a diff of this commit:
cvs rdiff -u -r1.1268 -r1.1269 src/sys/conf/files
cvs rdiff -u -r0 -r1.1 src/sys/crypto/aes/aes.h src/sys/crypto/aes/aes_bear.c \
src/sys/crypto/aes/aes_bear.h src/sys/crypto/aes/aes_ct.c \
src/sys/crypto/aes/aes_ct_dec.c src/sys/crypto/aes/aes_ct_enc.c \
src/sys/crypto/aes/aes_impl.c src/sys/crypto/aes/aes_rijndael.c \
src/sys/crypto/aes/aes_selftest.c src/sys/crypto/aes/files.aes
cvs rdiff -u -r1.7 -r0 src/sys/crypto/rijndael/files.rijndael \
src/sys/crypto/rijndael/rijndael-alg-fst.c
cvs rdiff -u -r1.25 -r0 src/sys/crypto/rijndael/rijndael-api-fst.c
cvs rdiff -u -r1.8 -r0 src/sys/crypto/rijndael/rijndael.c
cvs rdiff -u -r1.6 -r0 src/sys/crypto/rijndael/rijndael_local.h
cvs rdiff -u -r1.6 -r1.7 src/sys/rump/kern/lib/libcrypto/Makefile

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/sys/arch/aarch64

[Taylor R Campbell]

Module Name:src
Committed By:   riastradh
Date:   Mon Jun 29 23:22:27 UTC 2020

Modified Files:
src/sys/arch/aarch64/aarch64: cpu.c fpu.c
src/sys/arch/aarch64/include: cpu.h machdep.h
Added Files:
src/sys/arch/aarch64/include: fpu.h

Log Message:
Draft fpu_kern_enter/leave on aarch64.


To generate a diff of this commit:
cvs rdiff -u -r1.47 -r1.48 src/sys/arch/aarch64/aarch64/cpu.c
cvs rdiff -u -r1.3 -r1.4 src/sys/arch/aarch64/aarch64/fpu.c
cvs rdiff -u -r1.22 -r1.23 src/sys/arch/aarch64/include/cpu.h
cvs rdiff -u -r0 -r1.1 src/sys/arch/aarch64/include/fpu.h
cvs rdiff -u -r1.11 -r1.12 src/sys/arch/aarch64/include/machdep.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src

[Taylor R Campbell]

Module Name:src
Committed By:   riastradh
Date:   Mon Jun 29 23:04:57 UTC 2020

Modified Files:
src/sys/arch/amd64/amd64: amd64_trap.S
src/sys/dev/scsipi: if_se.c
src/usr.sbin/postinstall: postinstall.in

Log Message:
Nix trailing whitespace.


To generate a diff of this commit:
cvs rdiff -u -r1.52 -r1.53 src/sys/arch/amd64/amd64/amd64_trap.S
cvs rdiff -u -r1.107 -r1.108 src/sys/dev/scsipi/if_se.c
cvs rdiff -u -r1.29 -r1.30 src/usr.sbin/postinstall/postinstall.in

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/usr.bin/printf

[Valeriy E. Ushakov]

Module Name:src
Committed By:   uwe
Date:   Mon Jun 29 22:50:11 UTC 2020

Modified Files:
src/usr.bin/printf: printf.1

Log Message:
Add quotes around command substitution in the example
so that it works regardless of IFS and buts.
Requested by kre@


To generate a diff of this commit:
cvs rdiff -u -r1.34 -r1.35 src/usr.bin/printf/printf.1

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/sys/arch/xen/xen

[Jaromir Dolecek]

Module Name:src
Committed By:   jdolecek
Date:   Mon Jun 29 21:45:50 UTC 2020

Modified Files:
src/sys/arch/xen/xen: xbd_xenbus.c

Log Message:
when using two linked requests for I/O (i.e. when backend doesn't support
INDIRECT segments), make sure to clear req_bp for both of them

fixes a misfired assertion in BLKIF_OP_FLUSH_DISKCACHE - PR port-xen/55431


To generate a diff of this commit:
cvs rdiff -u -r1.127 -r1.128 src/sys/arch/xen/xen/xbd_xenbus.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/tests/lib/libc/stdlib

[Maya Rashish]

Module Name:src
Committed By:   maya
Date:   Mon Jun 29 20:53:40 UTC 2020

Modified Files:
src/tests/lib/libc/stdlib: t_mbtowc.c

Log Message:
Avoid copyright issues and name the listed author as the copyright holder.

In a private email, Miloslav had agreed that if they had written the
test, then it can be licensed bsd-2-clause. I am going to assume this
is true as the file names Miloslav as the author.

This test was likely sent to tcsh (not netbsd) that had changed bug
report systems since.


To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.3 src/tests/lib/libc/stdlib/t_mbtowc.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/sys/arch/ia64/include

[Sean Cole]

Module Name:src
Committed By:   scole
Date:   Mon Jun 29 17:09:33 UTC 2020

Modified Files:
src/sys/arch/ia64/include: mcontext.h

Log Message:
Fix for last checkin, don't try use non-existent register from a (currently) 
dummy struct


To generate a diff of this commit:
cvs rdiff -u -r1.11 -r1.12 src/sys/arch/ia64/include/mcontext.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/tests/lib/libc

[Jukka Ruohonen]

Module Name:src
Committed By:   jruoho
Date:   Mon Jun 29 14:22:11 UTC 2020

Modified Files:
src/tests/lib/libc/stdio: Makefile
src/tests/lib/libc/stdlib: Makefile

Log Message:
Use -Wl,--no-fatal-warnings for the mktemp(3) test.


To generate a diff of this commit:
cvs rdiff -u -r1.13 -r1.14 src/tests/lib/libc/stdio/Makefile
cvs rdiff -u -r1.30 -r1.31 src/tests/lib/libc/stdlib/Makefile

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/usr.bin/cal

[Kimmo Suominen]

Module Name:src
Committed By:   kim
Date:   Mon Jun 29 14:01:14 UTC 2020

Modified Files:
src/usr.bin/cal: cal.c

Log Message:
Use two-letter weekday abbreviations in the heading

This matches output from ncal (a.k.a. cal) as found in FreeBSD and
bsdmainutils. (Why had "T" been found more ambiguous than "S" already?)


To generate a diff of this commit:
cvs rdiff -u -r1.29 -r1.30 src/usr.bin/cal/cal.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/share/wscons/fonts

[Frederic Cambus]

Module Name:src
Committed By:   fcambus
Date:   Mon Jun 29 09:57:46 UTC 2020

Modified Files:
src/share/wscons/fonts: spleen-5x8.fnt.uue

Log Message:
Update Spleen wscons fonts to version 1.8.0, bringing the following
improvements:

- Improve ampersand character, making it more consistent with other
  sizes (5x8 version)


To generate a diff of this commit:
cvs rdiff -u -r1.1 -r1.2 src/share/wscons/fonts/spleen-5x8.fnt.uue

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/sys/arch/amd64/include

[Jaromir Dolecek]

Module Name:src
Committed By:   jdolecek
Date:   Mon Jun 29 09:56:51 UTC 2020

Modified Files:
src/sys/arch/amd64/include: param.h

Log Message:
increase UPAGES (used for lwp kernel stack) for SVS so the the
amount of actually usable kernel stack is the same for SVS and
non-SVS kernels (currently 12 KiB)

discussed with maxv@, part of investigation for PR kern/S55402


To generate a diff of this commit:
cvs rdiff -u -r1.37 -r1.38 src/sys/arch/amd64/include/param.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/sys/dev/wsfont

[Frederic Cambus]

Module Name:src
Committed By:   fcambus
Date:   Mon Jun 29 09:45:35 UTC 2020

Modified Files:
src/sys/dev/wsfont: spleen5x8.h

Log Message:
Update Spleen kernel fonts to version 1.8.0, bringing the following
improvements:

- Improve ampersand character, making it more consistent with other
  sizes (5x8 version)


To generate a diff of this commit:
cvs rdiff -u -r1.4 -r1.5 src/sys/dev/wsfont/spleen5x8.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/sys/dev/i2c

[SAITOH Masanobu]

Module Name:src
Committed By:   msaitoh
Date:   Mon Jun 29 09:24:07 UTC 2020

Modified Files:
src/sys/dev/i2c: sdtemp.c

Log Message:
 Check the return value of iic_acquire_bus(). This function may fail.

 One of the case is driver's detaching phase on shutdown. mutex_tryenter()
might fail and return with EBUSY. To avoid calling iic_release_bus() without
taking lock, check the return value of iic_acquire_bus().


To generate a diff of this commit:
cvs rdiff -u -r1.37 -r1.38 src/sys/dev/i2c/sdtemp.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/external/bsd/kyua-cli/tests/kyua-cli

[Luke Mewburn]

Module Name:src
Committed By:   lukem
Date:   Mon Jun 29 08:55:00 UTC 2020

Modified Files:
src/external/bsd/kyua-cli/tests/kyua-cli/bootstrap: Makefile
src/external/bsd/kyua-cli/tests/kyua-cli/cli: Makefile
src/external/bsd/kyua-cli/tests/kyua-cli/engine: Makefile
src/external/bsd/kyua-cli/tests/kyua-cli/engine/drivers: Makefile
src/external/bsd/kyua-cli/tests/kyua-cli/examples: Makefile
src/external/bsd/kyua-cli/tests/kyua-cli/integration/helpers: Makefile
src/external/bsd/kyua-cli/tests/kyua-cli/store: Makefile
src/external/bsd/kyua-cli/tests/kyua-cli/utils: Makefile
src/external/bsd/kyua-cli/tests/kyua-cli/utils/cmdline: Makefile
src/external/bsd/kyua-cli/tests/kyua-cli/utils/config: Makefile
src/external/bsd/kyua-cli/tests/kyua-cli/utils/format: Makefile
src/external/bsd/kyua-cli/tests/kyua-cli/utils/fs: Makefile
src/external/bsd/kyua-cli/tests/kyua-cli/utils/logging: Makefile
src/external/bsd/kyua-cli/tests/kyua-cli/utils/process: Makefile
src/external/bsd/kyua-cli/tests/kyua-cli/utils/signals: Makefile
src/external/bsd/kyua-cli/tests/kyua-cli/utils/sqlite: Makefile
src/external/bsd/kyua-cli/tests/kyua-cli/utils/text: Makefile

Log Message:
kyua-cli: fix build of .cpp files

Fix assignment of SRCS for C++ sources that use .cpp instead of .cc.


To generate a diff of this commit:
cvs rdiff -u -r1.1 -r1.2 \
src/external/bsd/kyua-cli/tests/kyua-cli/bootstrap/Makefile
cvs rdiff -u -r1.1 -r1.2 \
src/external/bsd/kyua-cli/tests/kyua-cli/cli/Makefile
cvs rdiff -u -r1.1 -r1.2 \
src/external/bsd/kyua-cli/tests/kyua-cli/engine/Makefile
cvs rdiff -u -r1.1 -r1.2 \
src/external/bsd/kyua-cli/tests/kyua-cli/engine/drivers/Makefile
cvs rdiff -u -r1.1 -r1.2 \
src/external/bsd/kyua-cli/tests/kyua-cli/examples/Makefile
cvs rdiff -u -r1.1 -r1.2 \
src/external/bsd/kyua-cli/tests/kyua-cli/integration/helpers/Makefile
cvs rdiff -u -r1.1 -r1.2 \
src/external/bsd/kyua-cli/tests/kyua-cli/store/Makefile
cvs rdiff -u -r1.1 -r1.2 \
src/external/bsd/kyua-cli/tests/kyua-cli/utils/Makefile
cvs rdiff -u -r1.1 -r1.2 \
src/external/bsd/kyua-cli/tests/kyua-cli/utils/cmdline/Makefile
cvs rdiff -u -r1.1 -r1.2 \
src/external/bsd/kyua-cli/tests/kyua-cli/utils/config/Makefile
cvs rdiff -u -r1.1 -r1.2 \
src/external/bsd/kyua-cli/tests/kyua-cli/utils/format/Makefile
cvs rdiff -u -r1.1 -r1.2 \
src/external/bsd/kyua-cli/tests/kyua-cli/utils/fs/Makefile
cvs rdiff -u -r1.1 -r1.2 \
src/external/bsd/kyua-cli/tests/kyua-cli/utils/logging/Makefile
cvs rdiff -u -r1.1 -r1.2 \
src/external/bsd/kyua-cli/tests/kyua-cli/utils/process/Makefile
cvs rdiff -u -r1.1 -r1.2 \
src/external/bsd/kyua-cli/tests/kyua-cli/utils/signals/Makefile
cvs rdiff -u -r1.1 -r1.2 \
src/external/bsd/kyua-cli/tests/kyua-cli/utils/sqlite/Makefile
cvs rdiff -u -r1.1 -r1.2 \
src/external/bsd/kyua-cli/tests/kyua-cli/utils/text/Makefile

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/external/gpl3/gcc/usr.bin

[Luke Mewburn]

Module Name:src
Committed By:   lukem
Date:   Mon Jun 29 08:34:17 UTC 2020

Modified Files:
src/external/gpl3/gcc/usr.bin/cc1: Makefile
src/external/gpl3/gcc/usr.bin/cc1obj: Makefile
src/external/gpl3/gcc/usr.bin/cc1plus: Makefile

Log Message:
Fix addition of C++ .cc source to SRCS

Fix assumption that all of the source files are .c, as some are .cc.


To generate a diff of this commit:
cvs rdiff -u -r1.17 -r1.18 src/external/gpl3/gcc/usr.bin/cc1/Makefile
cvs rdiff -u -r1.15 -r1.16 src/external/gpl3/gcc/usr.bin/cc1obj/Makefile
cvs rdiff -u -r1.12 -r1.13 src/external/gpl3/gcc/usr.bin/cc1plus/Makefile

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/external/gpl3/gcc/usr.bin/lto-wrapper

[Luke Mewburn]

Module Name:src
Committed By:   lukem
Date:   Mon Jun 29 08:30:42 UTC 2020

Modified Files:
src/external/gpl3/gcc/usr.bin/lto-wrapper: Makefile

Log Message:
use ggc-none.c not ggc-none.o in SRCS


To generate a diff of this commit:
cvs rdiff -u -r1.4 -r1.5 src/external/gpl3/gcc/usr.bin/lto-wrapper/Makefile

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.