summaryrefslogtreecommitdiff
path: root/sys/netinet/ip_esp.c
AgeCommit message (Expand)Author
2003-05-03just as a safety measure, set m_flags to 0 for mbufs allocated on stack.Jun-ichiro itojun Hagino
2003-04-02o sanity check mbuf earlier.Todd C. Miller
2003-03-31Avoid using FREEd data when we get a crypto error; Patrick LatifiTodd C. Miller
2003-02-28Based on several comments from tedu:Jason Wright
2003-02-21kill unused variablesTed Unangst
2003-02-12Remove commons; inspired by netbsd.Jason Wright
2003-02-01m_pad() is expected to have free'd the mbuf if it returns NULL, soDaniel Hartmeier
2002-11-07Check for invalid payload lengths also for NULL enc. markus@, angelos@ ok.Hakan Olsson
2002-07-30Be sure to check the integrity verifier for packets that didn't have it doneJason Wright
2002-07-05Free crp_opaque only after we've determined we're not going toAngelos D. Keromytis
2002-06-18KNFAngelos D. Keromytis
2002-06-18Initialize mo to NULL, for good measure -- sam@errno.comAngelos D. Keromytis
2002-06-18Same as with ip_ah.c (fix unreachable reference-after-free)Angelos D. Keromytis
2002-05-31Fix a DoS attack whereby an attacker could cause the replay counter toAngelos D. Keromytis
2001-06-26KNFAngelos D. Keromytis
2001-06-25Copyright.Angelos D. Keromytis
2001-06-23merge crypto/crypto{dev,}.h to crypto/cryptodev.h, to avoid name conflicts in...Theo de Raadt
2001-06-13Use blocksize, not ivmaskAngelos D. Keromytis
2001-06-08Trim include files.Angelos D. Keromytis
2001-06-05Add a few DPRINTF()'sAngelos D. Keromytis
2001-06-01The IPsec-aware NIC cards don't pass the ICV for later verificationAngelos D. Keromytis
2001-05-30Update to match prototypes.Angelos D. Keromytis
2001-05-30Handle TDBF_SKIPCRYPTO on output, and PACKET_TAG_IPSEC_IN_CRYPTO_DONEAngelos D. Keromytis
2001-05-27Pass a NULL packet tag for now to ipsp_common_input_cb().Angelos D. Keromytis
2001-05-17convert mbuf and cluster allocation to pool, mostly from NetBSDNiels Provos
2001-05-13initial cut at /dev/crypto support. takes original mbuf "try, and discardTheo de Raadt
2001-05-12Move bzero() after test for correct allocation (jj@wabbitt.org)Angelos D. Keromytis
2001-04-14Minor changes, preparing for real socket-attached TDBs; also, moreAngelos D. Keromytis
2001-04-06Move offsetof define into sys/param.hConstantine Sapuntzakis
2001-03-28Allow tdbi's to appear in mbufs throughout the stack; this allowsAngelos D. Keromytis
2001-03-23Fix slow mbuf leak.Angelos D. Keromytis
2001-03-15convert SA expirations to the new timeouts.Michael Shalayeff
2000-11-17*HMAC96->*HMACAngelos D. Keromytis
2000-10-09AES support.Angelos D. Keromytis
2000-09-19Lots and lots of changes.Angelos D. Keromytis
2000-06-18Use M_NOWAIT instead of M_DONTWAIT in MALLOC() (even though they'reAngelos D. Keromytis
2000-06-18The callbacks need to set the appropriate spl level now.Angelos D. Keromytis
2000-06-15What was the offending payload length?Angelos D. Keromytis
2000-06-14Initialize tc_ptr to zero if authentication is not used.Angelos D. Keromytis
2000-06-06Get rid of tdb_ref, keep indirect pointer to TDB.Angelos D. Keromytis
2000-06-01Check for invalid TDBs right away in the callbacks.Angelos D. Keromytis
2000-05-15Fix sanity check that caused really short packets (ICMPs with lessAngelos D. Keromytis
2000-04-25when fixing up the header, copy from the right sized datatype (fixes IPsecJason Wright
2000-04-06only call get_random_bytes() once in m_pad()Theo de Raadt
2000-03-30Only allocate space for a copy of the authenticator if authenticationAngelos D. Keromytis
2000-03-29Note to self: test before committing.Angelos D. Keromytis
2000-03-29Conform to crypto framework changes for IVs.Angelos D. Keromytis
2000-03-28Allow authentication-only ESP (must have broken it in the previousAngelos D. Keromytis
2000-03-25Fix typo causing crash if ESP was used with only authentication orAngelos D. Keromytis
2000-03-21Fix casting so it compiles on alphas (testing by janjaap@stack.nl,Angelos D. Keromytis