| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2001-06-26 | KNF | Angelos D. Keromytis | |
| 2001-06-25 | Copyright. | Angelos D. Keromytis | |
| 2001-06-23 | merge crypto/crypto{dev,}.h to crypto/cryptodev.h, to avoid name conflicts ↵ | Theo de Raadt | |
| inside OpenSSL codebase | |||
| 2001-06-13 | Use blocksize, not ivmask | Angelos D. Keromytis | |
| 2001-06-08 | Trim include files. | Angelos D. Keromytis | |
| 2001-06-05 | Add a few DPRINTF()'s | Angelos D. Keromytis | |
| 2001-06-01 | The IPsec-aware NIC cards don't pass the ICV for later verification | Angelos D. Keromytis | |
| by the stack; that means, if we have a tag it means the ICV was successfully verified and we don't need to do anything else. As well, we don't need any other status information from the NIC. | |||
| 2001-05-30 | Update to match prototypes. | Angelos D. Keromytis | |
| 2001-05-30 | Handle TDBF_SKIPCRYPTO on output, and PACKET_TAG_IPSEC_IN_CRYPTO_DONE | Angelos D. Keromytis | |
| on input. | |||
| 2001-05-27 | Pass a NULL packet tag for now to ipsp_common_input_cb(). | Angelos D. Keromytis | |
| 2001-05-17 | convert mbuf and cluster allocation to pool, mostly from NetBSD | Niels Provos | |
| okay art@ miod@ | |||
| 2001-05-13 | initial cut at /dev/crypto support. takes original mbuf "try, and discard | Theo de Raadt | |
| if we fail" semantics and extends to two varients of data movement: mbuf, or an iovec style block. | |||
| 2001-05-12 | Move bzero() after test for correct allocation (jj@wabbitt.org) | Angelos D. Keromytis | |
| 2001-04-14 | Minor changes, preparing for real socket-attached TDBs; also, more | Angelos D. Keromytis | |
| information will be stored in the TDB. ok ho@ provos@ | |||
| 2001-04-06 | Move offsetof define into sys/param.h | Constantine Sapuntzakis | |
| 2001-03-28 | Allow tdbi's to appear in mbufs throughout the stack; this allows | Angelos D. Keromytis | |
| security properties of the packets to be pushed up to the application (not done yet). Eventually, this will be turned into a packet attributes framework. Make sure tdbi's are free'd/cleared properly whenever drivers (or NFS) does weird things with mbufs. | |||
| 2001-03-23 | Fix slow mbuf leak. | Angelos D. Keromytis | |
| 2001-03-15 | convert SA expirations to the new timeouts. | Michael Shalayeff | |
| simplifies expirations handling a lot. tdb_exp_timeout and tdb_soft_timeout are made consistant throughout the code to be a relative time offsets, just like first_use timeouts. tested on singlehost isakmpd setup. lots of dangling spaces and tabs removed. angelos@ ok | |||
| 2000-11-17 | *HMAC96->*HMAC | Angelos D. Keromytis | |
| 2000-10-09 | AES support. | Angelos D. Keromytis | |
| 2000-09-19 | Lots and lots of changes. | Angelos D. Keromytis | |
| 2000-06-18 | Use M_NOWAIT instead of M_DONTWAIT in MALLOC() (even though they're | Angelos D. Keromytis | |
| defined to be the same in mbuf.h) | |||
| 2000-06-18 | The callbacks need to set the appropriate spl level now. | Angelos D. Keromytis | |
| 2000-06-15 | What was the offending payload length? | Angelos D. Keromytis | |
| 2000-06-14 | Initialize tc_ptr to zero if authentication is not used. | Angelos D. Keromytis | |
| 2000-06-06 | Get rid of tdb_ref, keep indirect pointer to TDB. | Angelos D. Keromytis | |
| 2000-06-01 | Check for invalid TDBs right away in the callbacks. | Angelos D. Keromytis | |
| 2000-05-15 | Fix sanity check that caused really short packets (ICMPs with less | Angelos D. Keromytis | |
| than 8 bytes of payload) to be dropped. Did not affect TCP/UDP packets and most ICMP packets. | |||
| 2000-04-25 | when fixing up the header, copy from the right sized datatype (fixes IPsec | Jason Wright | |
| on big-endian machines) | |||
| 2000-04-06 | only call get_random_bytes() once in m_pad() | Theo de Raadt | |
| 2000-03-30 | Only allocate space for a copy of the authenticator if authentication | Angelos D. Keromytis | |
| is in use. | |||
| 2000-03-29 | Note to self: test before committing. | Angelos D. Keromytis | |
| 2000-03-29 | Conform to crypto framework changes for IVs. | Angelos D. Keromytis | |
| 2000-03-28 | Allow authentication-only ESP (must have broken it in the previous | Angelos D. Keromytis | |
| round of commits). | |||
| 2000-03-25 | Fix typo causing crash if ESP was used with only authentication or | Angelos D. Keromytis | |
| encryption (not both). Problem noted by jason@openbsd.org | |||
| 2000-03-21 | Fix casting so it compiles on alphas (testing by janjaap@stack.nl, | Angelos D. Keromytis | |
| closing pr #1150) | |||
| 2000-03-17 | Cryptographic services framework, and software "device driver". The | Angelos D. Keromytis | |
| idea is to support various cryptographic hardware accelerators (which may be (detachable) cards, secondary/tertiary/etc processors, software crypto, etc). Supports session migration between crypto devices. What it doesn't (yet) support: - multiple instances of the same algorithm used in the same session - use of multiple crypto drivers in the same session - asymmetric crypto No support for a userland device yet. IPsec code path modified to allow for asynchronous cryptography (callbacks used in both input and output processing). Some unrelated code simplification done in the process (especially for AH). Development of this code kindly supported by Network Security Technologies (NSTI). The code was writen mostly in Greece, and is being committed from Montreal. | |||
| 2000-02-07 | fix include file path related to ip6. | Jun-ichiro itojun Hagino | |
| 2000-01-27 | Merge "old" and "new" ESP and AH in two files (one for each). | Angelos D. Keromytis | |
| Fix a couple of buglets with ingress flow deletion. tcpdump on enc0 should now show all outgoing packets *before* being processed, and all incoming packets *after* being processed. Good to be in Canada (land of the free commits). | |||
| 1999-12-09 | Ok, no more IPsec for OpenBSD...I've had enough with it. | Angelos D. Keromytis | |
| 1999-12-09 | IPv6 support should now be complete (well, we need the right hooks in | Angelos D. Keromytis | |
| ip6_input()) | |||
| 1999-12-07 | New ah_new_input(), protocol-independent processing (still lacking | Angelos D. Keromytis | |
| IPv6-specific protocol header processing). | |||
| 1999-12-06 | New ESP code that's v4 and v6 friendly. | Angelos D. Keromytis | |
| 1999-11-04 | gettdb() should be at spltdb(). | Hakan Olsson | |
| 1999-10-29 | Support multiple enc interfaces. | Angelos D. Keromytis | |
| 1999-07-05 | remove bogus entry from if_enc address list; and rename enc_softc to encif | Theo de Raadt | |
| 1999-05-16 | spltdb introduced, protection for tdb lists and related structures, so | Niklas Hallqvist | |
| they won't disappear behind our back by an expiration. Cleanup expiration logic too. | |||
| 1999-05-14 | A new scalable IPsec SA expiration model. | Niklas Hallqvist | |
| 1999-04-11 | Introduce net.inet.{ah,esp}.enable sysctl controls that are off by default. | Niklas Hallqvist | |
| If you are going to use either of AH or ESP or both, enable these in /etc/sysctl.conf. Also correct the IPSec debugging sysctl code, it is now named net.inet.ip.encdebug. Some corrected function signatures too. | |||
| 1999-04-09 | Make the tdbi handling more robust, removes a panic case | Niklas Hallqvist | |
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |