| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2003-08-14 | m_copyback()'s 4th arg is const void *, nuke (caddr_t) casts. | Jason Wright | |
| 2003-07-24 | conform to RFC2367 on SADB_xx naming (local name must be prefixed with | Jun-ichiro itojun Hagino | |
| SADB_X_xx) | |||
| 2003-07-24 | hmac-sha2-{256,384,512} support in AH/ESP auth. markus ok | Jun-ichiro itojun Hagino | |
| 2003-07-09 | do not flip ip_len/ip_off in netinet stack. deraadt ok. | Jun-ichiro itojun Hagino | |
| (please test, especially PF portion) | |||
| 2003-05-03 | just as a safety measure, set m_flags to 0 for mbufs allocated on stack. | Jun-ichiro itojun Hagino | |
| dhartmei ok | |||
| 2003-04-02 | o sanity check mbuf earlier. | Todd C. Miller | |
| o return errno, not NULL. o add some missing error values o proper crypto_freereq() in ip_ipcomp.c From Patrick Latifi; OK angelos@ | |||
| 2003-03-31 | Avoid using FREEd data when we get a crypto error; Patrick Latifi | Todd C. Miller | |
| Also move the session ID reset into the crp_etype == EAGAIN case (noticed by angelos@). OK jason@ and angelos@ | |||
| 2003-02-28 | Based on several comments from tedu: | Jason Wright | |
| - two variables 'err' and 'error', whacked - missing initialization in the error path for the case where an SA expired while off in crypto land. - a small bit of knf. | |||
| 2003-02-12 | Remove commons; inspired by netbsd. | Jason Wright | |
| 2002-07-05 | Free crp_opaque only after we've determined we're not going to | Angelos D. Keromytis | |
| re-submit it. From sam@errno.com | |||
| 2002-06-26 | Update correct statistic if m_inject() fails --- from sam@errno.com | Angelos D. Keromytis | |
| 2002-06-18 | KNF | Angelos D. Keromytis | |
| 2002-06-18 | Initialize mo to NULL, for good measure -- sam@errno.com | Angelos D. Keromytis | |
| 2002-06-18 | Fix reference to free'ed location (unreachable condition because of | Angelos D. Keromytis | |
| spl protection, but better safe...) --- pointed out by sam@errno.com | |||
| 2002-06-09 | Set/clear M_AUTH_AH. | Angelos D. Keromytis | |
| 2002-05-31 | Fix a DoS attack whereby an attacker could cause the replay counter to | Angelos D. Keromytis | |
| advance with unauthenticated packets, thereby causing valid packets to be discarded as replays. This has been sitting in my tree for a while, and I've forgotten who it was that pointed out the problem. | |||
| 2001-06-26 | KNF | Angelos D. Keromytis | |
| 2001-06-25 | Copyright. | Angelos D. Keromytis | |
| 2001-06-23 | merge crypto/crypto{dev,}.h to crypto/cryptodev.h, to avoid name conflicts ↵ | Theo de Raadt | |
| inside OpenSSL codebase | |||
| 2001-06-23 | Remove unneeded ip_id convertions. | Federico G. Schwindt | |
| Instead of using HTONS macro in some places, use htons directly in the struct member and save us a few bytes. Fix comment. | |||
| 2001-06-08 | Trim include files. | Angelos D. Keromytis | |
| 2001-06-01 | The IPsec-aware NIC cards don't pass the ICV for later verification | Angelos D. Keromytis | |
| by the stack; that means, if we have a tag it means the ICV was successfully verified and we don't need to do anything else. As well, we don't need any other status information from the NIC. | |||
| 2001-05-30 | Update to match prototypes. | Angelos D. Keromytis | |
| 2001-05-30 | Handle TDBF_SKIPCRYPTO on output, and PACKET_TAG_IPSEC_IN_CRYPTO_DONE | Angelos D. Keromytis | |
| on input. | |||
| 2001-05-27 | Probably a good idea to pass the NULL to the correct function... | Angelos D. Keromytis | |
| 2001-05-27 | Pass a NULL packet tag for now to ipsp_common_input_cb(). | Angelos D. Keromytis | |
| 2001-05-17 | convert mbuf and cluster allocation to pool, mostly from NetBSD | Niels Provos | |
| okay art@ miod@ | |||
| 2001-05-13 | initial cut at /dev/crypto support. takes original mbuf "try, and discard | Theo de Raadt | |
| if we fail" semantics and extends to two varients of data movement: mbuf, or an iovec style block. | |||
| 2001-05-12 | Move bzero() after test for correct allocation (jj@wabbitt.org) | Angelos D. Keromytis | |
| 2001-04-14 | Minor changes, preparing for real socket-attached TDBs; also, more | Angelos D. Keromytis | |
| information will be stored in the TDB. ok ho@ provos@ | |||
| 2001-04-06 | Move offsetof define into sys/param.h | Constantine Sapuntzakis | |
| 2001-03-28 | Allow tdbi's to appear in mbufs throughout the stack; this allows | Angelos D. Keromytis | |
| security properties of the packets to be pushed up to the application (not done yet). Eventually, this will be turned into a packet attributes framework. Make sure tdbi's are free'd/cleared properly whenever drivers (or NFS) does weird things with mbufs. | |||
| 2001-03-15 | convert SA expirations to the new timeouts. | Michael Shalayeff | |
| simplifies expirations handling a lot. tdb_exp_timeout and tdb_soft_timeout are made consistant throughout the code to be a relative time offsets, just like first_use timeouts. tested on singlehost isakmpd setup. lots of dangling spaces and tabs removed. angelos@ ok | |||
| 2001-02-20 | tighten IPv4 option header processing (we may want to do more). | Jun-ichiro itojun Hagino | |
| reviewed by angelos. | |||
| 2000-11-17 | *HMAC96->*HMAC | Angelos D. Keromytis | |
| 2000-09-19 | Lots and lots of changes. | Angelos D. Keromytis | |
| 2000-08-03 | Careful with ip_off | Angelos D. Keromytis | |
| 2000-06-20 | try to cope with AH6 with scoped address case better. | Jun-ichiro itojun Hagino | |
| 2000-06-18 | Use M_NOWAIT instead of M_DONTWAIT in MALLOC() (even though they're | Angelos D. Keromytis | |
| defined to be the same in mbuf.h) | |||
| 2000-06-18 | The callbacks need to set the appropriate spl level now. | Angelos D. Keromytis | |
| 2000-06-06 | Get rid of tdb_ref, keep indirect pointer to TDB. | Angelos D. Keromytis | |
| 2000-06-01 | Check for invalid TDBs right away in the callbacks. | Angelos D. Keromytis | |
| 2000-04-25 | when fixing up the header, copy from the right sized datatype (fixes IPsec | Jason Wright | |
| on big-endian machines) | |||
| 2000-03-21 | Fix casting so it compiles on alphas (testing by janjaap@stack.nl, | Angelos D. Keromytis | |
| closing pr #1150) | |||
| 2000-03-17 | Cryptographic services framework, and software "device driver". The | Angelos D. Keromytis | |
| idea is to support various cryptographic hardware accelerators (which may be (detachable) cards, secondary/tertiary/etc processors, software crypto, etc). Supports session migration between crypto devices. What it doesn't (yet) support: - multiple instances of the same algorithm used in the same session - use of multiple crypto drivers in the same session - asymmetric crypto No support for a userland device yet. IPsec code path modified to allow for asynchronous cryptography (callbacks used in both input and output processing). Some unrelated code simplification done in the process (especially for AH). Development of this code kindly supported by Network Security Technologies (NSTI). The code was writen mostly in Greece, and is being committed from Montreal. | |||
| 2000-02-07 | fix include file path related to ip6. | Jun-ichiro itojun Hagino | |
| 2000-01-27 | Merge "old" and "new" ESP and AH in two files (one for each). | Angelos D. Keromytis | |
| Fix a couple of buglets with ingress flow deletion. tcpdump on enc0 should now show all outgoing packets *before* being processed, and all incoming packets *after* being processed. Good to be in Canada (land of the free commits). | |||
| 1999-12-09 | Ok, no more IPsec for OpenBSD...I've had enough with it. | Angelos D. Keromytis | |
| 1999-12-07 | Forgot a printf... | Angelos D. Keromytis | |
| 1999-12-07 | New ah_new_input(), protocol-independent processing (still lacking | Angelos D. Keromytis | |
| IPv6-specific protocol header processing). | |||
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |