#
968f5fdd |
| 31-May-2002 |
angelos <angelos@openbsd.org> |
Fix a DoS attack whereby an attacker could cause the replay counter to advance with unauthenticated packets, thereby causing valid packets to be discarded as replays. This has been sitting in my tree
Fix a DoS attack whereby an attacker could cause the replay counter to advance with unauthenticated packets, thereby causing valid packets to be discarded as replays. This has been sitting in my tree for a while, and I've forgotten who it was that pointed out the problem.
show more ...
|
#
bfa34291 |
| 26-Jun-2001 |
angelos <angelos@openbsd.org> |
KNF
|
#
0775ebe4 |
| 25-Jun-2001 |
angelos <angelos@openbsd.org> |
Copyright.
|
#
82eb8fde |
| 23-Jun-2001 |
deraadt <deraadt@openbsd.org> |
merge crypto/crypto{dev,}.h to crypto/cryptodev.h, to avoid name conflicts inside OpenSSL codebase
|
#
c2fe50a3 |
| 13-Jun-2001 |
angelos <angelos@openbsd.org> |
Use blocksize, not ivmask
|
#
a9f680bd |
| 08-Jun-2001 |
angelos <angelos@openbsd.org> |
Trim include files.
|
#
4eb3b699 |
| 05-Jun-2001 |
angelos <angelos@openbsd.org> |
Add a few DPRINTF()'s
|
#
eaf7bb5b |
| 01-Jun-2001 |
angelos <angelos@openbsd.org> |
The IPsec-aware NIC cards don't pass the ICV for later verification by the stack; that means, if we have a tag it means the ICV was successfully verified and we don't need to do anything else. As wel
The IPsec-aware NIC cards don't pass the ICV for later verification by the stack; that means, if we have a tag it means the ICV was successfully verified and we don't need to do anything else. As well, we don't need any other status information from the NIC.
show more ...
|
#
da628552 |
| 30-May-2001 |
angelos <angelos@openbsd.org> |
Update to match prototypes.
|
#
53619f9d |
| 30-May-2001 |
angelos <angelos@openbsd.org> |
Handle TDBF_SKIPCRYPTO on output, and PACKET_TAG_IPSEC_IN_CRYPTO_DONE on input.
|
#
cb47643e |
| 27-May-2001 |
angelos <angelos@openbsd.org> |
Pass a NULL packet tag for now to ipsp_common_input_cb().
|
#
a7702d29 |
| 17-May-2001 |
provos <provos@openbsd.org> |
convert mbuf and cluster allocation to pool, mostly from NetBSD okay art@ miod@
|
#
4385f535 |
| 13-May-2001 |
deraadt <deraadt@openbsd.org> |
initial cut at /dev/crypto support. takes original mbuf "try, and discard if we fail" semantics and extends to two varients of data movement: mbuf, or an iovec style block.
|
#
01770fb1 |
| 12-May-2001 |
angelos <angelos@openbsd.org> |
Move bzero() after test for correct allocation (jj@wabbitt.org)
|
#
7ad80b24 |
| 14-Apr-2001 |
angelos <angelos@openbsd.org> |
Minor changes, preparing for real socket-attached TDBs; also, more information will be stored in the TDB. ok ho@ provos@
|
#
140c8ec3 |
| 06-Apr-2001 |
csapuntz <csapuntz@openbsd.org> |
Move offsetof define into sys/param.h
|
#
2b1f9644 |
| 28-Mar-2001 |
angelos <angelos@openbsd.org> |
Allow tdbi's to appear in mbufs throughout the stack; this allows security properties of the packets to be pushed up to the application (not done yet). Eventually, this will be turned into a packet a
Allow tdbi's to appear in mbufs throughout the stack; this allows security properties of the packets to be pushed up to the application (not done yet). Eventually, this will be turned into a packet attributes framework.
Make sure tdbi's are free'd/cleared properly whenever drivers (or NFS) does weird things with mbufs.
show more ...
|
#
3d6a2727 |
| 23-Mar-2001 |
angelos <angelos@openbsd.org> |
Fix slow mbuf leak.
|
#
a999564b |
| 15-Mar-2001 |
mickey <mickey@openbsd.org> |
convert SA expirations to the new timeouts. simplifies expirations handling a lot. tdb_exp_timeout and tdb_soft_timeout are made consistant throughout the code to be a relative time offsets, just lik
convert SA expirations to the new timeouts. simplifies expirations handling a lot. tdb_exp_timeout and tdb_soft_timeout are made consistant throughout the code to be a relative time offsets, just like first_use timeouts. tested on singlehost isakmpd setup. lots of dangling spaces and tabs removed. angelos@ ok
show more ...
|
#
b1dedf31 |
| 17-Nov-2000 |
angelos <angelos@openbsd.org> |
*HMAC96->*HMAC
|
#
2f4e59a6 |
| 09-Oct-2000 |
angelos <angelos@openbsd.org> |
AES support.
|
#
b1efc16c |
| 19-Sep-2000 |
angelos <angelos@openbsd.org> |
Lots and lots of changes.
|
#
ab920023 |
| 18-Jun-2000 |
angelos <angelos@openbsd.org> |
Use M_NOWAIT instead of M_DONTWAIT in MALLOC() (even though they're defined to be the same in mbuf.h)
|
#
7e9b246d |
| 18-Jun-2000 |
angelos <angelos@openbsd.org> |
The callbacks need to set the appropriate spl level now.
|
#
093a5d56 |
| 15-Jun-2000 |
angelos <angelos@openbsd.org> |
What was the offending payload length?
|