src - OpenBSD base system

Age	Commit message (Collapse)	Author
2005-08-05	don't panic for SADB_ADD w/o enc/auth, with and ok hshoexer@	Markus Friedl

2005-08-02	use arc4random for random packet padding (largely acedemic because it is	Damien Miller
	deprecated anyway); ok hshoexer@
2005-07-31	Introduce bpf_mtap_af and bpf_mtap_hdr to be used when passing a mbuf chain	Christopher Pascoe
	to bpf with either an address family or other header added. These helpers only allocate a much smaller struct m_hdr on the stack when needed, rather than leaving 256 byte struct mbufs on the stack in deep call paths. Also removes a fair bit of duplicated code. commit now, tune after deraadt@
2005-05-28	Add SA replay counter synchronization to pfsync(4). Required for IPsec	Hakan Olsson
	failover gateways. ok mcbride@, "looks good" hshoexer@
2005-05-27	comment out unused PACKET_TAG_IPSEC_IN_CRYPTO_DONE code; ok hshoexer	Markus Friedl

2005-05-25	AESCTR support for ESP (RFC 3686); ok hshoexer	Markus Friedl

2005-05-10	support NULL encryption for ESP; ok hshoexer, ho	Markus Friedl

2003-12-10	de-register. deraadt ok	Jun-ichiro itojun Hagino

2003-08-14	m_copyback()'s 4th arg is const void *, nuke (caddr_t) casts.	Jason Wright

2003-07-24	conform to RFC2367 on SADB_xx naming (local name must be prefixed with	Jun-ichiro itojun Hagino
	SADB_X_xx)
2003-07-24	hmac-sha2-{256,384,512} support in AH/ESP auth. markus ok	Jun-ichiro itojun Hagino

2003-07-09	fix whitespace	Markus Friedl

2003-05-03	just as a safety measure, set m_flags to 0 for mbufs allocated on stack.	Jun-ichiro itojun Hagino
	dhartmei ok
2003-04-02	o sanity check mbuf earlier.	Todd C. Miller
	o return errno, not NULL. o add some missing error values o proper crypto_freereq() in ip_ipcomp.c From Patrick Latifi; OK angelos@
2003-03-31	Avoid using FREEd data when we get a crypto error; Patrick Latifi	Todd C. Miller
	Also move the session ID reset into the crp_etype == EAGAIN case (noticed by angelos@). OK jason@ and angelos@
2003-02-28	Based on several comments from tedu:	Jason Wright
	- two variables 'err' and 'error', whacked - missing initialization in the error path for the case where an SA expired while off in crypto land. - a small bit of knf.
2003-02-21	kill unused variables	Ted Unangst
	ok jason@
2003-02-12	Remove commons; inspired by netbsd.	Jason Wright

2003-02-01	m_pad() is expected to have free'd the mbuf if it returns NULL, so	Daniel Hartmeier
	free it in one (rare) error condition. ok angelos@
2002-11-07	Check for invalid payload lengths also for NULL enc. markus@, angelos@ ok.	Hakan Olsson

2002-07-30	Be sure to check the integrity verifier for packets that didn't have it done	Jason Wright
	in hardware; from angelos
2002-07-05	Free crp_opaque only after we've determined we're not going to	Angelos D. Keromytis
	re-submit it. From sam@errno.com
2002-06-18	KNF	Angelos D. Keromytis

2002-06-18	Initialize mo to NULL, for good measure -- sam@errno.com	Angelos D. Keromytis

2002-06-18	Same as with ip_ah.c (fix unreachable reference-after-free)	Angelos D. Keromytis

2002-05-31	Fix a DoS attack whereby an attacker could cause the replay counter to	Angelos D. Keromytis
	advance with unauthenticated packets, thereby causing valid packets to be discarded as replays. This has been sitting in my tree for a while, and I've forgotten who it was that pointed out the problem.
2001-06-26	KNF	Angelos D. Keromytis

2001-06-25	Copyright.	Angelos D. Keromytis

2001-06-23	merge crypto/crypto{dev,}.h to crypto/cryptodev.h, to avoid name conflicts ↵	Theo de Raadt
	inside OpenSSL codebase
2001-06-13	Use blocksize, not ivmask	Angelos D. Keromytis

2001-06-08	Trim include files.	Angelos D. Keromytis

2001-06-05	Add a few DPRINTF()'s	Angelos D. Keromytis

2001-06-01	The IPsec-aware NIC cards don't pass the ICV for later verification	Angelos D. Keromytis
	by the stack; that means, if we have a tag it means the ICV was successfully verified and we don't need to do anything else. As well, we don't need any other status information from the NIC.
2001-05-30	Update to match prototypes.	Angelos D. Keromytis

2001-05-30	Handle TDBF_SKIPCRYPTO on output, and PACKET_TAG_IPSEC_IN_CRYPTO_DONE	Angelos D. Keromytis
	on input.
2001-05-27	Pass a NULL packet tag for now to ipsp_common_input_cb().	Angelos D. Keromytis

2001-05-17	convert mbuf and cluster allocation to pool, mostly from NetBSD	Niels Provos
	okay art@ miod@
2001-05-13	initial cut at /dev/crypto support. takes original mbuf "try, and discard	Theo de Raadt
	if we fail" semantics and extends to two varients of data movement: mbuf, or an iovec style block.
2001-05-12	Move bzero() after test for correct allocation (jj@wabbitt.org)	Angelos D. Keromytis

2001-04-14	Minor changes, preparing for real socket-attached TDBs; also, more	Angelos D. Keromytis
	information will be stored in the TDB. ok ho@ provos@
2001-04-06	Move offsetof define into sys/param.h	Constantine Sapuntzakis

2001-03-28	Allow tdbi's to appear in mbufs throughout the stack; this allows	Angelos D. Keromytis
	security properties of the packets to be pushed up to the application (not done yet). Eventually, this will be turned into a packet attributes framework. Make sure tdbi's are free'd/cleared properly whenever drivers (or NFS) does weird things with mbufs.
2001-03-23	Fix slow mbuf leak.	Angelos D. Keromytis

2001-03-15	convert SA expirations to the new timeouts.	Michael Shalayeff
	simplifies expirations handling a lot. tdb_exp_timeout and tdb_soft_timeout are made consistant throughout the code to be a relative time offsets, just like first_use timeouts. tested on singlehost isakmpd setup. lots of dangling spaces and tabs removed. angelos@ ok
2000-11-17	HMAC96->HMAC	Angelos D. Keromytis

2000-10-09	AES support.	Angelos D. Keromytis

2000-09-19	Lots and lots of changes.	Angelos D. Keromytis

2000-06-18	Use M_NOWAIT instead of M_DONTWAIT in MALLOC() (even though they're	Angelos D. Keromytis
	defined to be the same in mbuf.h)
2000-06-18	The callbacks need to set the appropriate spl level now.	Angelos D. Keromytis

2000-06-15	What was the offending payload length?	Angelos D. Keromytis