Page MenuHomeFreeBSD

sef (Sean Eric Fagan)
User

Projects

User does not belong to any projects.

User Details

User Since
May 15 2018, 3:36 AM (48 w, 4 d)

Recent Activity

Wed, Apr 10

sef accepted D19853: [security/nist-kat]: Add AES-CCM and plain SHA digest test vectors..
Wed, Apr 10, 7:35 PM
sef added inline comments to D19298: AESNI version of CCM+CBC-MAC.
Wed, Apr 10, 6:33 PM
sef updated the diff for D19298: AESNI version of CCM+CBC-MAC.

I lost the length descriptor prefix in the last change. I've put it back, and run cryptocheck with -A lengths of 0, 13, 16, 32, 192102, and 127091. (User-space can't test more than 256k unfortunately.)

Wed, Apr 10, 6:30 PM
sef updated the diff for D19298: AESNI version of CCM+CBC-MAC.

Review feedback incorporated.

Wed, Apr 10, 2:06 AM
sef added a comment to D19298: AESNI version of CCM+CBC-MAC.

New diff coming right after this.

Wed, Apr 10, 2:05 AM

Mon, Apr 8

sef added inline comments to D19298: AESNI version of CCM+CBC-MAC.
Mon, Apr 8, 6:51 PM

Sat, Apr 6

sef added a comment to D19298: AESNI version of CCM+CBC-MAC.

(I'll go through the rest of the comments this weekend.)

Sat, Apr 6, 12:27 AM
sef added a comment to D19298: AESNI version of CCM+CBC-MAC.
In D19298#425490, @cem wrote:

In this implementation, I'm not sure the 2-pass decrypt buys us anything. We already pre-allocate space (if input is non-contiguous) โ€” checking the tag first doesn't save us from a DoS in terms of memory use. If the (unexpected case) tag verification fails, we'd need to do extra work to clobber anything we output, maybe? I might be forgetting something about CCM.

Sat, Apr 6, 12:26 AM

Thu, Apr 4

sef updated the diff for D19298: AESNI version of CCM+CBC-MAC.

Per feedback from cem, remove aes_block_t. Note that I did use a uint8_t pointer for some of the work, rather than having annoying typecasts in function calls.

Thu, Apr 4, 8:38 PM
sef updated the diff for D19298: AESNI version of CCM+CBC-MAC.

Changed the GMAC_DIGEST_LEN uses to be sizeof(tag).

Thu, Apr 4, 7:27 PM
sef added a comment to D19298: AESNI version of CCM+CBC-MAC.

Responses to cem; a new patch incoming.

Thu, Apr 4, 7:24 PM

Thu, Mar 28

sef updated the diff for D19298: AESNI version of CCM+CBC-MAC.

Implement some (but not all, due to asking some questions) of the feedback from cem@.

Thu, Mar 28, 10:01 PM
sef added a comment to D19298: AESNI version of CCM+CBC-MAC.

Respond to cem. Updated diff to follow.

Thu, Mar 28, 10:00 PM

Wed, Mar 27

sef added a comment to D19298: AESNI version of CCM+CBC-MAC.

Ping anyone?

Wed, Mar 27, 8:59 PM

Mar 14 2019

sef committed rS345124: MFC r344140,r344141,r344142,r344143,r344388,r344547.
MFC r344140,r344141,r344142,r344143,r344388,r344547
Mar 14 2019, 2:46 AM

Mar 11 2019

sef committed rS344998: MFC r343882.
MFC r343882
Mar 11 2019, 3:02 AM
sef committed rS344997: MFC r343881.
MFC r343881
Mar 11 2019, 3:00 AM
sef committed rS344995: MFC r344402.
MFC r344402
Mar 11 2019, 2:43 AM

Mar 1 2019

sef added a comment to D19298: AESNI version of CCM+CBC-MAC.

Ping?

Mar 1 2019, 8:13 PM
sef added a comment to D19153: Handle SIGPIPE in gssd, and limit kgssapi RPC retries.
In D19153#415697, @avg wrote:

Somewhat belated question, would it make sense to mark the client created in sys_gssd_syscall() as interruptible?

Mar 1 2019, 5:58 PM

Feb 27 2019

sef committed rS344630: Have cryptocheck toggle kern.cryptodevallowsoft if necessary (this.
Have cryptocheck toggle kern.cryptodevallowsoft if necessary (this
Feb 27 2019, 7:27 PM
sef closed D19372: Have cryptocheck toggle kern.cryptodevallowsoft as needed.
Feb 27 2019, 7:27 PM
sef updated the diff for D19372: Have cryptocheck toggle kern.cryptodevallowsoft as needed.

Feedback from jhb. (Just uploaded for completeness sake; I'll be checking it in after I update my svn source, apply the patch, and do a buildworld just to make sure I didn't do anything stupid again.)

Feb 27 2019, 6:53 PM
sef added inline comments to D19372: Have cryptocheck toggle kern.cryptodevallowsoft as needed.
Feb 27 2019, 6:52 PM
sef updated the diff for D19372: Have cryptocheck toggle kern.cryptodevallowsoft as needed.

Move the #includes around per cem.

Feb 27 2019, 12:16 AM
sef added inline comments to D19372: Have cryptocheck toggle kern.cryptodevallowsoft as needed.
Feb 27 2019, 12:16 AM

Feb 26 2019

sef created D19372: Have cryptocheck toggle kern.cryptodevallowsoft as needed.
Feb 26 2019, 11:05 PM
sef committed rS344601: Set process title during zfs send..
Set process title during zfs send.
Feb 26 2019, 7:23 PM
sef closed D19184: Set process title during zfs send.
Feb 26 2019, 7:23 PM

Feb 25 2019

sef updated the diff for D19184: Set process title during zfs send.

mav pointed out that I'd missed the same changes to zfs_send_resume.

Feb 25 2019, 11:17 PM
sef committed rS344547: Fix another bug introduced during the review process of r344140:.
Fix another bug introduced during the review process of r344140:
Feb 25 2019, 7:14 PM

Feb 24 2019

sef added a comment to D19184: Set process title during zfs send.

Ping?

Feb 24 2019, 9:05 PM

Feb 23 2019

sef accepted D19098: Parallel zfs mounting.

Seems generally fine to me, although I haven't looked at the ZoL side for comparison.

Feb 23 2019, 7:51 AM
sef abandoned D17066: AES CCM-CBC cryptography code.
Feb 23 2019, 5:53 AM

Feb 22 2019

sef created D19298: AESNI version of CCM+CBC-MAC.
Feb 22 2019, 8:39 PM
sef added inline comments to D7538: Correct adaptation ZFS ARC memory pressure to FreeBSD.
Feb 22 2019, 8:15 PM ยท ZFS

Feb 21 2019

sef committed rS344451: Fix the usage error I introduced in r344192..
Fix the usage error I introduced in r344192.
Feb 21 2019, 10:49 PM
sef committed rS344402: * Handle SIGPIPE in gssd.
* Handle SIGPIPE in gssd
Feb 21 2019, 1:30 AM
sef closed D19153: Handle SIGPIPE in gssd, and limit kgssapi RPC retries.
Feb 21 2019, 1:30 AM

Feb 20 2019

sef committed rS344388: It turns out that setting the IV length is necessary with CCM in OpenSSL..
It turns out that setting the IV length is necessary with CCM in OpenSSL.
Feb 20 2019, 9:25 PM

Feb 19 2019

sef committed rS344294: Remove some redundant code in _posix1e_acl_strip_np.
Remove some redundant code in _posix1e_acl_strip_np
Feb 19 2019, 7:15 PM
sef closed D19240: Remove redundant code in acl_strip.
Feb 19 2019, 7:15 PM

Feb 18 2019

sef created D19240: Remove redundant code in acl_strip.
Feb 18 2019, 11:23 PM

Feb 17 2019

sef added a comment to D19184: Set process title during zfs send.

This might be a dumb question, but does the process title change often enough that setproctitle_fast() added in rS335939 should be used?

Feb 17 2019, 8:44 PM

Feb 16 2019

sef committed rS344192: Add support for a virtual hostname to nfsd.
Add support for a virtual hostname to nfsd
Feb 16 2019, 12:16 AM
sef closed D19191: Add support for a virtual hostname to nfsd.
Feb 16 2019, 12:16 AM

Feb 15 2019

sef updated the diff for D19184: Set process title during zfs send.

Update the man page date.

Feb 15 2019, 6:54 PM
sef updated the diff for D19191: Add support for a virtual hostname to nfsd.

Warn if the virtual hostname argument is too long. (Note that this is only a warning.)

Feb 15 2019, 6:44 PM
sef added a comment to D19191: Add support for a virtual hostname to nfsd.

Thanks for adding the strlen() check. I am going to be nitpicky and suggest an
error message be printed (not sure if the nfsd should fail or just log an error?),
since silently ignoring the "-V" argument could cause confusion too, I think?

Feb 15 2019, 5:32 PM
sef updated the diff for D19191: Add support for a virtual hostname to nfsd.

Fixed the date in the man page (although I guess it's already wrong :)), and don't set the virtual host if it's too long.

Feb 15 2019, 7:18 AM
sef committed rS344143: Fix another issue from r344141, having to do with size of a shift amount..
Fix another issue from r344141, having to do with size of a shift amount.
Feb 15 2019, 4:15 AM
sef committed rS344142: Pasting in a source control line missed the last quote. Fixed..
Pasting in a source control line missed the last quote. Fixed.
Feb 15 2019, 4:02 AM
sef committed rS344141: Add AES-CCM encryption, and plumb into OCF..
Add AES-CCM encryption, and plumb into OCF.
Feb 15 2019, 3:53 AM
sef closed D19090: Add AES-CCM encryption.
Feb 15 2019, 3:53 AM
sef committed rS344140: Add CBC-MAC authentication..
Add CBC-MAC authentication.
Feb 15 2019, 3:47 AM
sef closed D18592: Add CBC-MAC authentication code.
Feb 15 2019, 3:47 AM

Feb 14 2019

sef added inline comments to D19090: Add AES-CCM encryption.
Feb 14 2019, 9:21 PM
sef updated the diff for D19090: Add AES-CCM encryption.

cem's feedback.

Feb 14 2019, 9:05 PM
sef added a comment to D19090: Add AES-CCM encryption.

I was going to upload a new diff, but just got email that you've got more comments :).

Feb 14 2019, 9:04 PM
sef updated the diff for D19090: Add AES-CCM encryption.

Feedback from jhb.

Feb 14 2019, 8:24 PM
sef added inline comments to D19090: Add AES-CCM encryption.
Feb 14 2019, 8:23 PM
sef created D19191: Add support for a virtual hostname to nfsd.
Feb 14 2019, 6:08 AM
sef added a comment to D19090: Add AES-CCM encryption.

Ping?

Feb 14 2019, 3:34 AM
sef updated the diff for D19184: Set process title during zfs send.

I diff'd the wrong source tree. I just made sure this one built, and produced the correct results, e.g.

Feb 14 2019, 1:21 AM

Feb 13 2019

sef added a comment to D19184: Set process title during zfs send.

Ah I didn't realized that we haven't upstreamed it & thanks for forward-porting it for so many years...

Feb 13 2019, 9:57 PM
sef created D19184: Set process title during zfs send.
Feb 13 2019, 9:40 PM

Feb 12 2019

sef updated the diff for D19153: Handle SIGPIPE in gssd, and limit kgssapi RPC retries.

Took Rick's advice and moved the retry setting to a more specific place.

Feb 12 2019, 2:09 AM
sef added a reviewer for D19153: Handle SIGPIPE in gssd, and limit kgssapi RPC retries: dfr.
Feb 12 2019, 1:42 AM

Feb 11 2019

sef created D19153: Handle SIGPIPE in gssd, and limit kgssapi RPC retries.
Feb 11 2019, 11:52 PM
sef updated the diff for D19090: Add AES-CCM encryption.

Updating because I changed the CBC-MAC revision.

Feb 11 2019, 6:33 AM
sef updated the diff for D18592: Add CBC-MAC authentication code.

Feedback from cem (thanks!).

Feb 11 2019, 6:32 AM
sef added inline comments to D18592: Add CBC-MAC authentication code.
Feb 11 2019, 6:32 AM

Feb 10 2019

sef added a comment to D18592: Add CBC-MAC authentication code.

Ping? Is this one ok to go?

Feb 10 2019, 10:08 PM

Feb 7 2019

sef committed rS343882: r343881 had an uninitialized error. This fixes that..
r343881 had an uninitialized error. This fixes that.
Feb 7 2019, 10:10 PM
sef committed rS343881: r339008 broke repquota for UFS. This rectifies that..
r339008 broke repquota for UFS. This rectifies that.
Feb 7 2019, 9:51 PM
sef closed D18785: Fix quotas for UFS after r339008.
Feb 7 2019, 9:51 PM
sef added a reviewer for D18785: Fix quotas for UFS after r339008: delphij.
Feb 7 2019, 8:48 PM
sef updated the diff for D19090: Add AES-CCM encryption.

I changed my #ifdef CRYPT_DEBUG back to #if 0 in the parent branch/review, so this has the new version of that.

Feb 7 2019, 1:42 AM
sef updated the diff for D18592: Add CBC-MAC authentication code.

Per discussion in my other review, revert my change for the crypto debug macro ifdef.

Feb 7 2019, 1:41 AM
sef updated the diff for D19090: Add AES-CCM encryption.

Feedback from cem.

Feb 7 2019, 12:55 AM
sef added inline comments to D19090: Add AES-CCM encryption.
Feb 7 2019, 12:55 AM

Feb 6 2019

sef added a reviewer for D19090: Add AES-CCM encryption: mmacy.
Feb 6 2019, 7:35 PM
sef created D19090: Add AES-CCM encryption.
Feb 6 2019, 12:44 AM
sef added a child revision for D18592: Add CBC-MAC authentication code: D19090: Add AES-CCM encryption.
Feb 6 2019, 12:44 AM

Feb 5 2019

sef added a comment to D18592: Add CBC-MAC authentication code.
In D18592#408160, @jhb wrote:

I'm generally happy with this. The #if 0 -> #ifdef CRYPTO_DEBUG change still seems unrelated, but I don't care strongly about it either way.

Feb 5 2019, 7:12 PM

Feb 1 2019

sef added a comment to D18592: Add CBC-MAC authentication code.
In D18592#407488, @cem wrote:

I meant the second half of the sentence โ€” are you still working on feedback or not?

Feb 1 2019, 9:09 PM
sef added a comment to D18592: Add CBC-MAC authentication code.
In D18592#407486, @cem wrote:
In D18592#400076, @sef wrote:

NB: This is mostly tested simply by compilation, as I've still got some more feedback to incorporate.

Is this still the case or do you figure you've finished that? I was waiting for that to wrap up before I took another look.

Feb 1 2019, 9:02 PM
sef added a comment to D18592: Add CBC-MAC authentication code.

! In D18592#407482, @cem wrote:
Thanks!

Feb 1 2019, 8:54 PM
sef updated the diff for D18592: Add CBC-MAC authentication code.

Switch to using a single type macro.

Feb 1 2019, 8:18 PM
sef added inline comments to D18592: Add CBC-MAC authentication code.
Feb 1 2019, 7:34 PM
sef added inline comments to D18592: Add CBC-MAC authentication code.
Feb 1 2019, 7:19 PM
sef added inline comments to D18592: Add CBC-MAC authentication code.
Feb 1 2019, 6:57 PM

Jan 31 2019

sef committed rS343624: MFC r342928:.
MFC r342928:
Jan 31 2019, 10:08 PM
sef committed rS343623: MFC r342928:.
MFC r342928:
Jan 31 2019, 10:07 PM

Jan 30 2019

sef added inline comments to D18592: Add CBC-MAC authentication code.
Jan 30 2019, 2:02 AM
sef added inline comments to D18592: Add CBC-MAC authentication code.
Jan 30 2019, 1:56 AM

Jan 25 2019

sef accepted D18958: align nfsdumpstate column output.

Ok, seems good to me then.

Jan 25 2019, 5:41 PM
sef added a comment to D18958: align nfsdumpstate column output.

Hm, this will break the output. For the better, I think. Does it need a man page change as well?

Jan 25 2019, 5:32 PM

Jan 23 2019

sef added a comment to D18592: Add CBC-MAC authentication code.

Prod?

Jan 23 2019, 2:20 AM

Jan 11 2019

sef committed rS342928: Change ZFS quotas to return EINVAL when not present (matches man page)..
Change ZFS quotas to return EINVAL when not present (matches man page).
Jan 11 2019, 2:54 AM