summaryrefslogtreecommitdiff
path: root/sys/netinet/ip_esp.c
AgeCommit message (Expand)Author
2012-06-29Add support for the Extended (64-bit) Sequence Number as definedMike Belopuhov
2011-01-11for key material that is being being discarded, convert bzero() toTheo de Raadt
2010-12-21don't leak mbuf if padding failes; ok mikeb@Markus Friedl
2010-10-06Retire SkipjackMike Belopuhov
2010-09-23remove m_pad in favor of m_inject as it's equivalent to m_injectMike Belopuhov
2010-09-22Support for AES-GCM-16 and ENCR_NULL_AUTH_AES_GMAC in ESP as perMike Belopuhov
2010-07-20Switch some obvious network stack MAC comparisons from bcmp() toMatthew Dempsky
2010-07-09Add support for using IPsec in multiple rdomains.Reyk Floeter
2010-07-02m_copyback can fail to allocate memory, but is a void fucntion so gymnasticsBret Lambert
2010-07-01Allow to specify an alternative enc(4) interface for an SA. AllReyk Floeter
2010-06-29Replace enc(4) with a new implementation as a cloner device. We stillReyk Floeter
2010-01-10Fix two bugs in IPsec/HMAC-SHA2:Markus Friedl
2008-06-09rename arc4random_bytes => arc4random_buf to match libc's nicer name;Damien Miller
2007-11-19Remove the #define ENCDEBUG that slipped through somehow.Marco Pfatschbacher
2007-10-17Convert MALLOC/FREE to malloc/free.Hans-Joerg Hoexer
2007-10-06Oops. Forgot to do FREE -> free when I did MALLOC -> malloc.Kenneth R Westerback
2007-10-03MALLOC+bzero -> malloc+M_ZERO.Kenneth R Westerback
2006-12-15make enc(4) count; ok markus@ henning@ deraadt@Otto Moerbeek
2006-09-21ugly trailing ws; from bret dot lambert at gmailOtto Moerbeek
2006-05-28Only preemptively increase the replay counter for outbound TDBs.Ryan Thomas McBride
2006-03-25allow bpf(4) to ignore packets based on their direction (inbound orDamien Miller
2005-12-20use M_READONLY when trying to find out whether we have to copyMarkus Friedl
2005-08-05don't panic for SADB_ADD w/o enc/auth, with and ok hshoexer@Markus Friedl
2005-08-02use arc4random for random packet padding (largely acedemic because it isDamien Miller
2005-07-31Introduce bpf_mtap_af and bpf_mtap_hdr to be used when passing a mbuf chainChristopher Pascoe
2005-05-28Add SA replay counter synchronization to pfsync(4). Required for IPsecHakan Olsson
2005-05-27comment out unused PACKET_TAG_IPSEC_IN_CRYPTO_DONE code; ok hshoexerMarkus Friedl
2005-05-25AESCTR support for ESP (RFC 3686); ok hshoexerMarkus Friedl
2005-05-10support NULL encryption for ESP; ok hshoexer, hoMarkus Friedl
2003-12-10de-register. deraadt okJun-ichiro itojun Hagino
2003-08-14m_copyback()'s 4th arg is const void *, nuke (caddr_t) casts.Jason Wright
2003-07-24conform to RFC2367 on SADB_xx naming (local name must be prefixed withJun-ichiro itojun Hagino
2003-07-24hmac-sha2-{256,384,512} support in AH/ESP auth. markus okJun-ichiro itojun Hagino
2003-07-09fix whitespaceMarkus Friedl
2003-05-03just as a safety measure, set m_flags to 0 for mbufs allocated on stack.Jun-ichiro itojun Hagino
2003-04-02o sanity check mbuf earlier.Todd C. Miller
2003-03-31Avoid using FREEd data when we get a crypto error; Patrick LatifiTodd C. Miller
2003-02-28Based on several comments from tedu:Jason Wright
2003-02-21kill unused variablesTed Unangst
2003-02-12Remove commons; inspired by netbsd.Jason Wright
2003-02-01m_pad() is expected to have free'd the mbuf if it returns NULL, soDaniel Hartmeier
2002-11-07Check for invalid payload lengths also for NULL enc. markus@, angelos@ ok.Hakan Olsson
2002-07-30Be sure to check the integrity verifier for packets that didn't have it doneJason Wright
2002-07-05Free crp_opaque only after we've determined we're not going toAngelos D. Keromytis
2002-06-18KNFAngelos D. Keromytis
2002-06-18Initialize mo to NULL, for good measure -- sam@errno.comAngelos D. Keromytis
2002-06-18Same as with ip_ah.c (fix unreachable reference-after-free)Angelos D. Keromytis
2002-05-31Fix a DoS attack whereby an attacker could cause the replay counter toAngelos D. Keromytis
2001-06-26KNFAngelos D. Keromytis
2001-06-25Copyright.Angelos D. Keromytis