Commit edf1a852 authored by HardenedBSD Sync Service's avatar HardenedBSD Sync Service
Browse files

Merge branch 'freebsd/current/main' into hardened/current/master

parents 8783789e e438f0a9
......@@ -704,17 +704,19 @@ contrib/zstd/lib/decompress/zstd_decompress_block.c optional zstdio \
compile-with "${ZSTD_C} ${ZSTD_DECOMPRESS_BLOCK_FLAGS}"
contrib/zstd/lib/decompress/huf_decompress.c optional zstdio compile-with ${ZSTD_C}
# Blake 2
contrib/libb2/blake2b-ref.c optional crypto | ipsec | ipsec_support | !random_loadable random_fenestrasx \
contrib/libb2/blake2b-ref.c optional crypto | !random_loadable random_fenestrasx \
compile-with "${NORMAL_C} -I$S/crypto/blake2 -Wno-cast-qual -DSUFFIX=_ref -Wno-unused-function"
contrib/libb2/blake2s-ref.c optional crypto | ipsec | ipsec_support \
contrib/libb2/blake2s-ref.c optional crypto \
compile-with "${NORMAL_C} -I$S/crypto/blake2 -Wno-cast-qual -DSUFFIX=_ref -Wno-unused-function"
crypto/blake2/blake2-sw.c optional crypto | ipsec | ipsec_support \
crypto/blake2/blake2-sw.c optional crypto \
compile-with "${NORMAL_C} -I$S/crypto/blake2 -Wno-cast-qual"
crypto/camellia/camellia.c optional crypto | ipsec | ipsec_support
crypto/camellia/camellia-api.c optional crypto | ipsec | ipsec_support
crypto/camellia/camellia.c optional crypto
crypto/camellia/camellia-api.c optional crypto
crypto/chacha20/chacha.c standard
crypto/chacha20/chacha-sw.c optional crypto | ipsec | ipsec_support
crypto/chacha20/chacha-sw.c optional crypto
crypto/chacha20_poly1305.c optional crypto
crypto/curve25519.c optional crypto \
compile-with "${NORMAL_C} -I$S/contrib/libsodium/src/libsodium/include -I$S/crypto/libsodium"
crypto/des/des_ecb.c optional netsmb
crypto/des/des_setkey.c optional netsmb
crypto/openssl/ossl.c optional ossl
......@@ -726,16 +728,14 @@ crypto/openssl/ossl_sha256.c optional ossl
crypto/openssl/ossl_sha512.c optional ossl
crypto/rc4/rc4.c optional netgraph_mppc_encryption
crypto/rijndael/rijndael-alg-fst.c optional crypto | ekcd | geom_bde | \
ipsec | ipsec_support | !random_loadable | wlan_ccmp
!random_loadable | wlan_ccmp
crypto/rijndael/rijndael-api-fst.c optional ekcd | geom_bde | !random_loadable
crypto/rijndael/rijndael-api.c optional crypto | ipsec | ipsec_support | \
wlan_ccmp
crypto/sha1.c optional carp | crypto | ether | ipsec | \
ipsec_support | netgraph_mppc_encryption | sctp
crypto/sha2/sha256c.c optional crypto | ekcd | geom_bde | ipsec | \
ipsec_support | !random_loadable | sctp | zfs
crypto/sha2/sha512c.c optional crypto | geom_bde | ipsec | \
ipsec_support | zfs
crypto/rijndael/rijndael-api.c optional crypto | wlan_ccmp
crypto/sha1.c optional carp | crypto | ether | \
netgraph_mppc_encryption | sctp
crypto/sha2/sha256c.c optional crypto | ekcd | geom_bde | \
!random_loadable | sctp | zfs
crypto/sha2/sha512c.c optional crypto | geom_bde | zfs
crypto/skein/skein.c optional crypto | zfs
crypto/skein/skein_block.c optional crypto | zfs
crypto/siphash/siphash.c optional inet | inet6
......@@ -4081,33 +4081,33 @@ libkern/strtoul.c standard
libkern/strtouq.c standard
libkern/strvalid.c standard
libkern/timingsafe_bcmp.c standard
contrib/zlib/adler32.c optional crypto | geom_uzip | ipsec | \
ipsec_support | mxge | ddb_ctf | gzio | zfs | zlib
contrib/zlib/compress.c optional crypto | geom_uzip | ipsec | \
ipsec_support | mxge | ddb_ctf | gzio | zfs | zlib \
contrib/zlib/adler32.c optional crypto | geom_uzip | \
mxge | ddb_ctf | gzio | zfs | zlib
contrib/zlib/compress.c optional crypto | geom_uzip | \
mxge | ddb_ctf | gzio | zfs | zlib \
compile-with "${NORMAL_C} -Wno-cast-qual"
contrib/zlib/crc32.c optional crypto | geom_uzip | ipsec | \
ipsec_support | mxge | ddb_ctf | gzio | zfs | zlib
contrib/zlib/deflate.c optional crypto | geom_uzip | ipsec | \
ipsec_support | mxge | ddb_ctf | gzio | zfs | zlib \
contrib/zlib/crc32.c optional crypto | geom_uzip | \
mxge | ddb_ctf | gzio | zfs | zlib
contrib/zlib/deflate.c optional crypto | geom_uzip | \
mxge | ddb_ctf | gzio | zfs | zlib \
compile-with "${NORMAL_C} -Wno-cast-qual"
contrib/zlib/inffast.c optional crypto | geom_uzip | ipsec | \
ipsec_support | mxge | ddb_ctf | gzio | zfs | zlib
contrib/zlib/inflate.c optional crypto | geom_uzip | ipsec | \
ipsec_support | mxge | ddb_ctf | gzio | zfs | zlib
contrib/zlib/inftrees.c optional crypto | geom_uzip | ipsec | \
ipsec_support | mxge | ddb_ctf | gzio | zfs | zlib
contrib/zlib/trees.c optional crypto | geom_uzip | ipsec | \
ipsec_support | mxge | ddb_ctf | gzio | zfs | zlib
contrib/zlib/uncompr.c optional crypto | geom_uzip | ipsec | \
ipsec_support | mxge | ddb_ctf | gzio | zfs | zlib \
contrib/zlib/inffast.c optional crypto | geom_uzip | \
mxge | ddb_ctf | gzio | zfs | zlib
contrib/zlib/inflate.c optional crypto | geom_uzip | \
mxge | ddb_ctf | gzio | zfs | zlib
contrib/zlib/inftrees.c optional crypto | geom_uzip | \
mxge | ddb_ctf | gzio | zfs | zlib
contrib/zlib/trees.c optional crypto | geom_uzip | \
mxge | ddb_ctf | gzio | zfs | zlib
contrib/zlib/uncompr.c optional crypto | geom_uzip | \
mxge | ddb_ctf | gzio | zfs | zlib \
compile-with "${NORMAL_C} -Wno-cast-qual"
contrib/zlib/zutil.c optional crypto | geom_uzip | ipsec | \
ipsec_support | mxge | ddb_ctf | gzio | zfs | zlib
dev/zlib/zlib_mod.c optional crypto | geom_uzip | ipsec | \
ipsec_support | mxge | ddb_ctf | gzio | zfs | zlib
dev/zlib/zcalloc.c optional crypto | geom_uzip | ipsec | \
ipsec_support | mxge | ddb_ctf | gzio | zfs | zlib
contrib/zlib/zutil.c optional crypto | geom_uzip | \
mxge | ddb_ctf | gzio | zfs | zlib
dev/zlib/zlib_mod.c optional crypto | geom_uzip | \
mxge | ddb_ctf | gzio | zfs | zlib
dev/zlib/zcalloc.c optional crypto | geom_uzip | \
mxge | ddb_ctf | gzio | zfs | zlib
net/altq/altq_cbq.c optional altq
net/altq/altq_codel.c optional altq
net/altq/altq_hfsc.c optional altq
......@@ -4942,22 +4942,34 @@ dev/mlx5/mlx5_en/mlx5_en_port_buffer.c optional mlx5en pci inet inet6 \
# crypto support
opencrypto/cbc_mac.c optional crypto
opencrypto/criov.c optional crypto | ipsec | ipsec_support
opencrypto/crypto.c optional crypto | ipsec | ipsec_support
opencrypto/criov.c optional crypto
opencrypto/crypto.c optional crypto
opencrypto/cryptodev.c optional cryptodev
opencrypto/cryptodev_if.m optional crypto | ipsec | ipsec_support
opencrypto/cryptosoft.c optional crypto | ipsec | ipsec_support
opencrypto/cryptodeflate.c optional crypto | ipsec | ipsec_support
opencrypto/gmac.c optional crypto | ipsec | ipsec_support
opencrypto/gfmult.c optional crypto | ipsec | ipsec_support
opencrypto/cryptodev_if.m optional crypto
opencrypto/cryptosoft.c optional crypto
opencrypto/cryptodeflate.c optional crypto
opencrypto/gmac.c optional crypto
opencrypto/gfmult.c optional crypto
opencrypto/ktls_ocf.c optional kern_tls
opencrypto/rmd160.c optional crypto | ipsec | ipsec_support
opencrypto/xform.c optional crypto | ipsec | ipsec_support
opencrypto/rmd160.c optional crypto
opencrypto/xform_aes_cbc.c optional crypto
opencrypto/xform_aes_icm.c optional crypto
opencrypto/xform_aes_xts.c optional crypto
opencrypto/xform_cbc_mac.c optional crypto
opencrypto/xform_chacha20_poly1305.c optional crypto \
compile-with "${NORMAL_C} -I$S/contrib/libsodium/src/libsodium/include -I$S/crypto/libsodium"
opencrypto/xform_cml.c optional crypto
opencrypto/xform_deflate.c optional crypto
opencrypto/xform_gmac.c optional crypto
opencrypto/xform_null.c optional crypto
opencrypto/xform_poly1305.c optional crypto \
compile-with "${NORMAL_C} -I$S/contrib/libsodium/src/libsodium/include -I$S/crypto/libsodium"
opencrypto/xform_rmd160.c optional crypto
opencrypto/xform_sha1.c optional crypto
opencrypto/xform_sha2.c optional crypto
contrib/libsodium/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c \
optional crypto \
compile-with "${NORMAL_C} -I$S/contrib/libsodium/src/libsodium/include/sodium -I$S/crypto/libsodium"
contrib/libsodium/src/libsodium/crypto_core/hchacha20/core_hchacha20.c \
optional crypto \
compile-with "${NORMAL_C} -I$S/contrib/libsodium/src/libsodium/include/sodium -I$S/crypto/libsodium"
......@@ -4967,6 +4979,12 @@ contrib/libsodium/src/libsodium/crypto_onetimeauth/poly1305/onetimeauth_poly1305
contrib/libsodium/src/libsodium/crypto_onetimeauth/poly1305/donna/poly1305_donna.c \
optional crypto \
compile-with "${NORMAL_C} -I$S/contrib/libsodium/src/libsodium/include/sodium -I$S/crypto/libsodium"
contrib/libsodium/src/libsodium/crypto_scalarmult/curve25519/scalarmult_curve25519.c \
optional crypto \
compile-with "${NORMAL_C} -I$S/contrib/libsodium/src/libsodium/include/sodium -I$S/crypto/libsodium"
contrib/libsodium/src/libsodium/crypto_scalarmult/curve25519/ref10/x25519_ref10.c \
optional crypto \
compile-with "${NORMAL_C} -I$S/contrib/libsodium/src/libsodium/include/sodium -I$S/crypto/libsodium"
contrib/libsodium/src/libsodium/crypto_stream/chacha20/stream_chacha20.c \
optional crypto \
compile-with "${NORMAL_C} -I$S/contrib/libsodium/src/libsodium/include/sodium -I$S/crypto/libsodium"
......
......@@ -172,7 +172,7 @@ dev/ice/ice_switch.c optional ice pci \
dev/ice/ice_vlan_mode.c optional ice pci \
compile-with "${NORMAL_C} -I$S/dev/ice"
ice_ddp.c optional ice_ddp \
compile-with "${AWK} -f $S/tools/fw_stub.awk ice_ddp.fw:ice_ddp:0x01031800 -mice_ddp -c${.TARGET}" \
compile-with "${AWK} -f $S/tools/fw_stub.awk ice_ddp.fw:ice_ddp:0x01031b00 -mice_ddp -c${.TARGET}" \
no-ctfconvert no-implicit-rule before-depend local \
clean "ice_ddp.c"
ice_ddp.fwo optional ice_ddp \
......@@ -181,8 +181,8 @@ ice_ddp.fwo optional ice_ddp \
no-implicit-rule \
clean "ice_ddp.fwo"
ice_ddp.fw optional ice_ddp \
dependency "$S/contrib/dev/ice/ice-1.3.24.0.pkg" \
compile-with "${CP} $S/contrib/dev/ice/ice-1.3.24.0.pkg ice_ddp.fw" \
dependency "$S/contrib/dev/ice/ice-1.3.27.0.pkg" \
compile-with "${CP} $S/contrib/dev/ice/ice-1.3.27.0.pkg ice_ddp.fw" \
no-obj no-implicit-rule \
clean "ice_ddp.fw"
dev/ioat/ioat.c optional ioat pci
......
......@@ -229,7 +229,7 @@ dev/ice/ice_switch.c optional ice pci \
dev/ice/ice_vlan_mode.c optional ice pci \
compile-with "${NORMAL_C} -I$S/dev/ice"
ice_ddp.c optional ice_ddp \
compile-with "${AWK} -f $S/tools/fw_stub.awk ice_ddp.fw:ice_ddp:0x01031800 -mice_ddp -c${.TARGET}" \
compile-with "${AWK} -f $S/tools/fw_stub.awk ice_ddp.fw:ice_ddp:0x01031b00 -mice_ddp -c${.TARGET}" \
no-ctfconvert no-implicit-rule before-depend local \
clean "ice_ddp.c"
ice_ddp.fwo optional ice_ddp \
......@@ -238,8 +238,8 @@ ice_ddp.fwo optional ice_ddp \
no-implicit-rule \
clean "ice_ddp.fwo"
ice_ddp.fw optional ice_ddp \
dependency "$S/contrib/dev/ice/ice-1.3.24.0.pkg" \
compile-with "${CP} $S/contrib/dev/ice/ice-1.3.24.0.pkg ice_ddp.fw" \
dependency "$S/contrib/dev/ice/ice-1.3.27.0.pkg" \
compile-with "${CP} $S/contrib/dev/ice/ice-1.3.27.0.pkg ice_ddp.fw" \
no-obj no-implicit-rule \
clean "ice_ddp.fw"
......
......@@ -74,7 +74,7 @@ dev/ice/ice_switch.c optional ice pci powerpc64 \
dev/ice/ice_vlan_mode.c optional ice pci powerpc64 \
compile-with "${NORMAL_C} -I$S/dev/ice"
ice_ddp.c optional ice_ddp powerpc64 \
compile-with "${AWK} -f $S/tools/fw_stub.awk ice_ddp.fw:ice_ddp:0x01031800 -mice_ddp -c${.TARGET}" \
compile-with "${AWK} -f $S/tools/fw_stub.awk ice_ddp.fw:ice_ddp:0x01031b00 -mice_ddp -c${.TARGET}" \
no-ctfconvert no-implicit-rule before-depend local \
clean "ice_ddp.c"
ice_ddp.fwo optional ice_ddp powerpc64 \
......@@ -83,8 +83,8 @@ ice_ddp.fwo optional ice_ddp powerpc64 \
no-implicit-rule \
clean "ice_ddp.fwo"
ice_ddp.fw optional ice_ddp powerpc64 \
dependency "$S/contrib/dev/ice/ice-1.3.24.0.pkg" \
compile-with "${CP} $S/contrib/dev/ice/ice-1.3.24.0.pkg ice_ddp.fw" \
dependency "$S/contrib/dev/ice/ice-1.3.27.0.pkg" \
compile-with "${CP} $S/contrib/dev/ice/ice-1.3.27.0.pkg ice_ddp.fw" \
no-obj no-implicit-rule \
clean "ice_ddp.fw"
dev/ixl/if_ixl.c optional ixl pci powerpc64 \
......
Dynamic Device Personalization (DDP) Package
============================================
OS Default Dynamic Device Personalization (DDP) Package
======================================================================
July 7, 2020
......@@ -8,15 +8,15 @@ Contents
- Overview
- Safe Mode
- Notes
- Installation & Troubleshooting
- Installation & Troubleshooting
- Legal
Overview
========
Adapters based on the Intel(R) Ethernet Controller 800 Series require a Dynamic
Device Personalization (DDP) package file to enable advanced features (such as
dynamic tunneling, Flow Director, RSS, and ADQ).
Devices based on the Intel(R) Ethernet 800 Series require a Dynamic Device
Personalization (DDP) package file to enable advanced features (such as dynamic
tunneling, Intel(R) Ethernet Flow Director, RSS, and ADQ).
DDP allows you to change the packet processing pipeline of a device by applying
a profile package to the device at runtime. Profiles can be used to, for
......@@ -28,18 +28,15 @@ The DDP package loads during device initialization. The driver checks to see if
the DDP package is present and compatible. If this file exists, the driver will
load it into the device. If the DDP package file is missing or incompatible
with the driver, the driver will go into Safe Mode where it will use the
configuration contained in the device's NVM. See "Safe Mode" later in this
README for more information.
A general purpose, OS-default DDP package is automatically installed with all
supported Intel Ethernet Controller 800 Series drivers on Microsoft* Windows*,
ESX*, FreeBSD*, and Linux* operating systems. Additional DDP packages are
available to address needs for specific market segments. For example, a
telecommunications (Comms) DDP package is available to support certain
market-specific protocols in addition to the protocols in the OS-default
package.
configuration contained in the device's NVM. Refer to the Intel(R) Ethernet
Adapters and Devices User Guide for more information on Safe Mode.
A general-purpose, default DDP package is automatically installed with all
supported Intel Ethernet 800 Series drivers on supported operating systems.
Additional DDP packages are available to address needs for specific market
segments or targeted solutions.
The OS-default DDP package supports the following:
The default DDP package supports the following:
- MAC
- EtherType
- VLAN
......@@ -68,8 +65,8 @@ Safe Mode disables advanced and performance features, and supports only basic
traffic and minimal functionality, such as updating the NVM or downloading a
new driver or DDP package.
See the Intel(R) Ethernet Adapters and Devices User Guide for more details on
DDP and Safe Mode.
Refer to the Intel(R) Ethernet Adapters and Devices User Guide for more details
on DDP and Safe Mode.
Notes
......@@ -109,7 +106,7 @@ If you encounter issues with the DDP package file, download the latest driver.
FreeBSD
-------
The FreeBSD driver automatically installs the default DDP package file during
driver installation. See the ice driver README for general installation and
driver installation. See the base driver README for general installation and
building instructions.
The DDP package loads during device initialization. The driver looks for the
......@@ -125,18 +122,18 @@ installation so that the driver loads the DDP package automatically.
Linux
-----
The Linux driver automatically installs the default DDP package file during
driver installation. See the ice driver README for general installation and
driver installation. Read the base driver README for general installation and
building instructions.
The DDP package loads during device initialization. The driver looks for
intel/ice/ddp/ice.pkg in your firmware root (typically /lib/firmware/ or
/lib/firmware/updates/) and checks that it contains a valid DDP package file.
The ice.pkg file is a symbolic link to the default DDP package file installed
by the linux-firmware software package or the ice out-of-tree driver
installation.
by the linux-firmware software package or the out-of-tree driver installation.
If you encounter issues with the DDP package file, you may need to download an
updated driver or DDP package file. See the log messages for more information.
updated driver or DDP package file. Refer to the log messages for more
information.
You can install specific DDP package files for different physical devices in
the same system. To install a specific DDP package:
......@@ -177,7 +174,7 @@ If the directory does not yet exist, create it before copying the file.
5. Reload the driver with the new package.
NOTE: The presence of a device-specific DDP package file overrides the loading
of the default DDP package file (ice.pkg).
of the default DDP package file.
Legal / Disclaimers
......
/*-
* SPDX-License-Identifier: BSD-2-Clause-FreeBSD
*
* Copyright (c) 2021 The FreeBSD Foundation
*
* This software was developed by Ararat River Consulting, LLC under
* sponsorship from the FreeBSD Foundation.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include <crypto/curve25519.h>
#include <sodium/crypto_scalarmult_curve25519.h>
bool
curve25519(uint8_t *public, const uint8_t *secret,
const uint8_t *basepoint)
{
return (crypto_scalarmult_curve25519(public, secret,
basepoint) == 0);
}
bool
curve25519_generate_public(uint8_t *public, const uint8_t *secret)
{
return (crypto_scalarmult_curve25519_base(public, secret) == 0);
}
/*-
* SPDX-License-Identifier: BSD-2-Clause-FreeBSD
*
* Copyright (c) 2021 The FreeBSD Foundation
*
* This software was developed by Ararat River Consulting, LLC under
* sponsorship from the FreeBSD Foundation.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifndef __CRYPTO_CURVE25519_H__
#define __CRYPTO_CURVE25519_H__
#include <sys/libkern.h>
#define CURVE25519_KEY_SIZE 32
bool curve25519(uint8_t *public, const uint8_t *secret,
const uint8_t *basepoint);
bool curve25519_generate_public(uint8_t *public,
const uint8_t *secret);
static __inline void
curve25519_clamp_secret(uint8_t *secret)
{
secret[0] &= 248;
secret[31] &= 127;
secret[31] |= 64;
}
static __inline void
curve25519_generate_secret(uint8_t *secret)
{
arc4random_buf(secret, CURVE25519_KEY_SIZE);
curve25519_clamp_secret(secret);
}
#endif /* __CRYPTO_CURVE25519_H__ */
/* This file is in the public domain */
/* $FreeBSD$ */
#define abort() \
panic("libsodium error at %s:%d", __FILE__, __LINE__)
/* This file is in the public domain. */
/*
* ISC License
*
* Copyright (c) 2013-2018
* Frank Denis <j at pureftpd dot org>
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
......@@ -12,3 +29,15 @@ sodium_memzero(void *b, size_t n)
{
explicit_bzero(b, n);
}
int
sodium_is_zero(const unsigned char *n, const size_t nlen)
{
size_t i;
volatile unsigned char d = 0U;
for (i = 0U; i < nlen; i++) {
d |= n[i];
}
return 1 & ((d - 1) >> 8);
}
......@@ -13,9 +13,12 @@ LIBSODIUM=${SRCTOP}/sys/contrib/libsodium/src/libsodium
.PATH: ${SRCTOP}/sys/crypto/blake2
.PATH: ${SRCTOP}/sys/crypto/chacha20
.PATH: ${SRCTOP}/sys/contrib/libb2
.PATH: ${LIBSODIUM}/crypto_core/ed25519/ref10
.PATH: ${LIBSODIUM}/crypto_core/hchacha20
.PATH: ${LIBSODIUM}/crypto_onetimeauth/poly1305
.PATH: ${LIBSODIUM}/crypto_onetimeauth/poly1305/donna
.PATH: ${LIBSODIUM}/crypto_scalarmult/curve25519
.PATH: ${LIBSODIUM}/crypto_scalarmult/curve25519/ref10
.PATH: ${LIBSODIUM}/crypto_stream/chacha20
.PATH: ${LIBSODIUM}/crypto_stream/chacha20/ref
.PATH: ${LIBSODIUM}/crypto_verify/sodium
......@@ -23,7 +26,10 @@ LIBSODIUM=${SRCTOP}/sys/contrib/libsodium/src/libsodium
KMOD = crypto
SRCS = crypto.c cryptodev_if.c
SRCS += criov.c cryptosoft.c xform.c
SRCS += criov.c cryptosoft.c
SRCS += xform_aes_cbc.c xform_aes_icm.c xform_aes_xts.c xform_cml.c
SRCS += xform_deflate.c xform_gmac.c xform_null.c xform_rmd160.c
SRCS += xform_sha1.c xform_sha2.c
SRCS += cryptodeflate.c rmd160.c rijndael-alg-fst.c rijndael-api.c rijndael-api-fst.c
SRCS += camellia.c camellia-api.c
SRCS += des_ecb.c des_enc.c des_setkey.c
......@@ -63,6 +69,8 @@ SRCS += xform_chacha20_poly1305.c
CFLAGS.xform_chacha20_poly1305.c+= -I${LIBSODIUM_INC} -I${LIBSODIUM_COMPAT}
SRCS += xform_poly1305.c
CFLAGS.xform_poly1305.c += -I${LIBSODIUM_INC} -I${LIBSODIUM_COMPAT}
SRCS += ed25519_ref10.c
CFLAGS.ed25519_ref10.c += -I${LIBSODIUM_INC}/sodium -I${LIBSODIUM_COMPAT}
SRCS += core_hchacha20.c
CFLAGS.core_hchacha20.c += -I${LIBSODIUM_INC}/sodium -I${LIBSODIUM_COMPAT}
SRCS += onetimeauth_poly1305.c
......@@ -73,6 +81,10 @@ SRCS += stream_chacha20.c
CFLAGS.stream_chacha20.c += -I${LIBSODIUM_INC}/sodium -I${LIBSODIUM_COMPAT}
SRCS += chacha20_ref.c
CFLAGS.chacha20_ref.c += -I${LIBSODIUM_INC}/sodium -I${LIBSODIUM_COMPAT}
SRCS += scalarmult_curve25519.c
CFLAGS.scalarmult_curve25519.c += -I${LIBSODIUM_INC}/sodium -I${LIBSODIUM_COMPAT}
SRCS += x25519_ref10.c
CFLAGS.x25519_ref10.c += -I${LIBSODIUM_INC}/sodium -I${LIBSODIUM_COMPAT}
SRCS += verify.c
CFLAGS.verify.c += -I${LIBSODIUM_INC}/sodium -I${LIBSODIUM_COMPAT}
SRCS += randombytes.c
......@@ -80,6 +92,9 @@ CFLAGS.randombytes.c += -I${LIBSODIUM_INC} -I${LIBSODIUM_COMPAT}
SRCS += utils.c
CFLAGS.utils.c += -I${LIBSODIUM_INC} -I${LIBSODIUM_COMPAT}
SRCS += curve25519.c
CFLAGS.curve25519.c += -I${LIBSODIUM_INC} -I${LIBSODIUM_COMPAT}
SRCS += opt_param.h cryptodev_if.h bus_if.h device_if.h
SRCS += opt_compat.h
SRCS += opt_ddb.h
......
# $FreeBSD$
KMOD= ice_ddp
FIRMWS= ${SRCTOP}/sys/contrib/dev/ice/ice-1.3.24.0.pkg:ice_ddp:0x01031800
FIRMWS= ${SRCTOP}/sys/contrib/dev/ice/ice-1.3.27.0.pkg:ice_ddp:0x01031b00
.include <bsd.kmod.mk>
......@@ -209,6 +209,7 @@ struct iflib_ctx {
#define isc_rxd_refill ifc_txrx.ift_rxd_refill
#define isc_rxd_flush ifc_txrx.ift_rxd_flush
#define isc_legacy_intr ifc_txrx.ift_legacy_intr
#define isc_txq_select ifc_txrx.ift_txq_select
eventhandler_tag ifc_vlan_attach_event;
eventhandler_tag ifc_vlan_detach_event;
struct ether_addr ifc_mac;
......@@ -4153,11 +4154,14 @@ iflib_if_transmit(if_t ifp, struct mbuf *m)
MPASS(m->m_nextpkt == NULL);
/* ALTQ-enabled interfaces always use queue 0. */
qidx = 0;
if ((NTXQSETS(ctx) > 1) && M_HASHTYPE_GET(m) && !ALTQ_IS_ENABLED(&ifp->if_snd))
/* Use driver-supplied queue selection method if it exists */
if (ctx->isc_txq_select)
qidx = ctx->isc_txq_select(ctx->ifc_softc, m);
/* If not, use iflib's standard method */
else if ((NTXQSETS(ctx) > 1) && M_HASHTYPE_GET(m) && !ALTQ_IS_ENABLED(&ifp->if_snd))
qidx = QIDX(ctx, m);
/*
* XXX calculate buf_ring based on flowid (divvy up bits?)
*/
/* Set TX queue */
txq = &ctx->ifc_txqs[qidx];
#ifdef DRIVER_BACKPRESSURE
......
......@@ -187,6 +187,7 @@ typedef struct if_txrx {
void (*ift_rxd_refill) (void * , if_rxd_update_t iru);
void (*ift_rxd_flush) (void *, uint16_t qsidx, uint8_t flidx, qidx_t pidx);
int (*ift_legacy_intr) (void *);
qidx_t (*ift_txq_select) (void *, struct mbuf *);
} *if_txrx_t;
typedef struct if_softc_ctx {
......@@ -397,7 +398,6 @@ typedef enum {
* emulating ethernet
*/
#define IFLIB_PSEUDO_ETHER 0x80000
/*
* Interface has an admin completion queue
*/
......@@ -407,6 +407,16 @@ typedef enum {
*/
#define IFLIB_PRESERVE_TX_INDICES 0x200000
/* The following IFLIB_FEATURE_* defines are for driver modules to determine
* what features this version of iflib supports. They shall be defined to the
* first __FreeBSD_version that introduced the feature.
*/
/*
* Driver can set its own TX queue selection function
* as ift_txq_select in struct if_txrx
*/
#define IFLIB_FEATURE_QUEUE_SELECT 1400050
/*
* These enum values are used in iflib_needs_restart to indicate to iflib
* functions whether or not the interface needs restarting when certain events
......
......@@ -42,6 +42,7 @@
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/malloc.h>
#include <sys/mbuf.h>
#include <sys/socket.h>
#include <sys/syslog.h>
......@@ -108,6 +109,8 @@ SYSCTL_VNET_PCPUSTAT(_net_inet_ah, IPSECCTL_STATS, stats, struct ahstat,
ahstat, "AH statistics (struct ahstat, netipsec/ah_var.h)");
#endif
static MALLOC_DEFINE(M_AH, "ah", "IPsec AH");
static unsigned char ipseczeroes[256]; /* larger than an ip6 extension hdr */
static int ah_input_cb(struct cryptop*);
......@@ -426,7 +429,7 @@ ah_massage_headers(struct mbuf **m0, int proto, int skip, int alg, int out)
if (m->m_len <= skip) {
ptr = (unsigned char *) malloc(
skip - sizeof(struct ip6_hdr),
M_XDATA, M_NOWAIT);
M_AH, M_NOWAIT);
if (ptr == NULL) {
DPRINTF(("%s: failed to allocate memory"
"for IPv6 headers\n",__func__));
......@@ -505,7 +508,7 @@ ah_massage_headers(struct mbuf **m0, int proto, int skip, int alg, int out)
__func__, off));
error6:
if (alloc)
free(ptr, M_XDATA);
free(ptr, M_AH);
m_freem(m);
return EINVAL;
}
......@@ -514,7 +517,7 @@ ah_massage_headers(struct mbuf **m0, int proto, int skip, int alg, int out)