crypto: Add ChaCha20-Poly1305 and XChaCha20-Poly1305 AEAD Derived from OpenBSD with significant modifications by me: - Removed unused code to hook into the cryptosoft framework. - Adjusted the interface to align with the IETF RFC document (e.g., make the nonce a byte string other than a uint64_t), so that the code becomes more generic. References: - RFC 8439: ChaCha20 and Poly1305 for IETF Protocols - RFC draft: XChaCha: eXtended-nonce ChaCha and AEAD_XChaCha20_Poly1305
csprng: Update to use crypto/chacha20 (a better version) The CSPRNG code was already using Chacha20 (from crypto/chacha) to generate the random stream. However, the 'crypto/chacha20' version has been tweaked for and better suited to random stream generation. The enhancements include: - Provide the KEYSTREAM_ONLY mode to help ease the invocation and improve performance. - Allow to use a 128-bit counter to avoid worrying about overflow (i.e., nonce reuse). This also remove the burden on the caller to check for counter overflow and rotate nonce. - Can be embedded for better compiler optimization. The 'crypto/chacha20' was imported on 2023-02-25 from FreeBSD to implement the libc arc4random(3) API. After the CSPRNG migration, the old 'crypto/chacha' version become unused and will be removed in a later commit. Referred to FreeBSD and OpenBSD.
kernel - Add per-process capability-based restrictions * This new system allows userland to set capability restrictions which turns off numerous kernel features and root accesses. These restrictions are inherited by sub-processes recursively. Once set, restrictions cannot be removed. Basic restrictions that mimic an unadorned jail can be enabled without creating a jail, but generally speaking real security also requires creating a chrooted filesystem topology, and a jail is still needed to really segregate processes from each other. If you do so, however, you can (for example) disable mount/umount and most global root-only features. * Add new system calls and a manual page for syscap_get(2) and syscap_set(2) * Add sys/caps.h * Add the "setcaps" userland utility and manual page. * Remove priv.9 and the priv_check infrastructure, replacing it with a newly designed caps infrastructure. * The intention is to add path restriction lists and similar features to improve jailess security in the near future, and to optimize the priv_check code.
kernel/pvscsi: Port pvscsi(4) over to DragonFly. * Currently, MSI-X support is missing. * If loaded as a module, it has to be in loader.conf. I don't know if that is different on FreeBSD. Reported-by: Georg Bege <georg@bege.email> Tested-by: Georg Bege <georg@bege.email> (on a VPS from IONOS) Pierre-Alain TORET <pierre-alain.toret@protonmail.com> (on Linux Workstation Pro 17) myself (on Windows Workstation 17 Player)
kernel - fbsd kpi support, add sleepq*() API (untested) * Initial sleepq*() API. We use our tsleep*() API underneath it. This is a horrible API so add a note that it should only be used for FreeBSD compat stuff. - Add tsleep/wakeup domains to implement the two sleepq*() queues. - Track blocking refs per queue in the sleepq API - Do not track individual threads (just let tsleep*()/wakeup*() do its thing). - objcache for wchan, 1K hash table for now, and retain a cache of available wchan structures in the hash table (up to 4 per slot). - Include the hash-slot spin lock as FreeBSD compat code will use it for interlock tests. - Relax sleepq_signal() a bit, allowing it to wakeup more than one thread (the DragonFly wakeup_*_one*() is a bit non-deterministic). * For now add discrete fields to the thread structure. Its a bit of bloat but its better than dynamically allocating a side-structure. We already use our tsleep*() API and related fields underneath. Add a few more needed for tracking the wchan structure, the queue, and the timeout. * Add sbintime_t type (as 64-bit ticks), and a sbticks global counter. Monotonic ticks since boot, 64 bits.
ext2fs: Remove sys/gnu/vfs/ext2fs and make sys/vfs/ext2fs the default This commit removes the old+unstable GPL ext2 implementation, and makes the new FreeBSD based ext2 implementation (since cfe603905713d4e92a7956678970d5dff8e913f2) the default. - Remove sys/gnu/vfs. - Rename sys/vfs/ext2fs/ext2fs_freebsd.ko -> ext2fs.ko. - Modify unusual userspace program which includes kernel struct. - Bump __DragonFly_version to 600107.