| Commit message (Expand) | Author | Age | Files | Lines |
* | Add support for IPsec ESN and pass relevant information to crypto layer | Marcin Wojtas | 2020-10-16 | 1 | -0/+16 |
* | Implement anti-replay algorithm with ESN support | Marcin Wojtas | 2020-10-16 | 1 | -3/+6 |
* | Simplify IPsec transform-specific teardown. | John Baldwin | 2020-06-25 | 1 | -10/+3 |
* | Use zfree() to explicitly zero IPsec keys. | John Baldwin | 2020-06-25 | 1 | -3/+0 |
* | Consistently include opt_ipsec.h for consumers of <netipsec/ipsec.h>. | John Baldwin | 2020-05-29 | 1 | -0/+1 |
* | Add support for optional separate output buffers to in-kernel crypto. | John Baldwin | 2020-05-25 | 1 | -8/+4 |
* | Don't pass bogus keys down for NULL algorithms. | John Baldwin | 2020-05-02 | 1 | -2/+4 |
* | Remove support for IPsec algorithms deprecated in r348205 and r360202. | John Baldwin | 2020-05-02 | 1 | -25/+1 |
* | Refactor driver and consumer interfaces for OCF (in-kernel crypto). | John Baldwin | 2020-03-27 | 1 | -46/+32 |
* | Fix m_pullup() problem after removing PULLDOWN_TESTs and KAME EXT_*macros. | Bjoern A. Zeeb | 2019-12-01 | 1 | -6/+8 |
* | netinet*: replace IP6_EXTHDR_GET() | Bjoern A. Zeeb | 2019-11-15 | 1 | -3/+3 |
* | Make the warning intervals for deprecated crypto algorithms tunable. | John Baldwin | 2019-06-11 | 1 | -5/+4 |
* | Add deprecation warnings for IPsec algorithms deprecated in RFC 8221. | John Baldwin | 2019-05-23 | 1 | -0/+22 |
* | OpenCrypto: Convert sessions to opaque handles instead of integers | Conrad Meyer | 2018-07-18 | 1 | -10/+9 |
* | OCF: Add a typedef for session identifiers | Conrad Meyer | 2018-07-13 | 1 | -4/+4 |
* | Correctly handle the padding for IPv6-AH, as specified by RFC4302 | Conrad Meyer | 2018-06-04 | 1 | -20/+36 |
* | Set the proper vnet in IPsec callback functions. | John Baldwin | 2018-03-20 | 1 | -0/+10 |
* | Check packet length to do not make out of bounds access. Also save ah_nxt | Andrey V. Elsukov | 2018-02-19 | 1 | -1/+14 |
* | Adopt revision 1.76 and 1.77 from NetBSD: | Andrey V. Elsukov | 2018-01-24 | 1 | -42/+26 |
* | Merge revision 1.35 from NetBSD: | Andrey V. Elsukov | 2018-01-24 | 1 | -2/+2 |
* | Do pass removing some write-only variables from the kernel. | Alexander Kabaev | 2017-12-25 | 1 | -5/+0 |
* | crypto(9) is called from ipsec in CRYPTO_F_CBIFSYNC mode. This is working | Fabien Thomas | 2017-11-03 | 1 | -0/+4 |
* | opencrypto: Loosen restriction on HMAC key sizes | Conrad Meyer | 2017-09-26 | 1 | -2/+2 |
* | Disable IPsec debugging code by default when IPSEC_DEBUG kernel option | Andrey V. Elsukov | 2017-05-29 | 1 | -3/+3 |
* | Fix possible double releasing for SA and SP references. | Andrey V. Elsukov | 2017-05-23 | 1 | -0/+2 |
* | Fix possible double releasing for SA reference. | Andrey V. Elsukov | 2017-05-23 | 1 | -10/+15 |
* | Merge projects/ipsec into head/. | Andrey V. Elsukov | 2017-02-06 | 1 | -188/+127 |
* | IPsec RFC6479 support for replay window sizes up to 2^32 - 32 packets. | Fabien Thomas | 2016-11-25 | 1 | -0/+5 |
* | Take extra reference to security policy before calling crypto_dispatch(). | Andrey V. Elsukov | 2015-09-30 | 1 | -0/+1 |
* | these are comparing authenticators and need to be constant time... | John-Mark Gurney | 2015-07-31 | 1 | -1/+1 |
* | RFC4868 section 2.3 requires that the output be half... This fixes | John-Mark Gurney | 2015-07-29 | 1 | -2/+31 |
* | Add support for AES modes to IPSec. These modes work both in software only | George V. Neville-Neil | 2015-07-09 | 1 | -25/+10 |
* | Fix possible use after free due to security policy deletion. | Andrey V. Elsukov | 2015-04-27 | 1 | -2/+5 |
* | Change ipsec_address() and ipsec_logsastr() functions to take two | Andrey V. Elsukov | 2015-04-18 | 1 | -21/+19 |
* | Remove now unused mtag argument from ipsec*_common_input_cb. | Andrey V. Elsukov | 2014-12-11 | 1 | -2/+2 |
* | Remove code related to PACKET_TAG_IPSEC_IN_CRYPTO_DONE mbuf tag. | Andrey V. Elsukov | 2014-12-11 | 1 | -81/+37 |
* | Remove route chaching support from ipsec code. It isn't used for some time. | Andrey V. Elsukov | 2014-12-02 | 1 | -1/+0 |
* | Remove SYSCTL_VNET_* macros, and simply put CTLFLAG_VNET where needed. | Gleb Smirnoff | 2014-11-07 | 1 | -4/+4 |
* | Provide includes that are needed in these files, and before were read | Gleb Smirnoff | 2013-10-26 | 1 | -0/+2 |
* | Migrate structs ahstat, espstat, ipcompstat, ipipstat, pfkeystat, | Andrey V. Elsukov | 2013-07-09 | 1 | -3/+8 |
* | Use corresponding macros to update statistics for AH, ESP, IPIP, IPCOMP, | Andrey V. Elsukov | 2013-06-20 | 1 | -26/+26 |
* | Do not reduce ip_len by size of IP header in the ip_input() | Gleb Smirnoff | 2012-10-23 | 1 | -3/+0 |
* | Couple of changes missed from r241913, which converted | Gleb Smirnoff | 2012-10-22 | 1 | -17/+7 |
* | Eliminate 'err' variable and just use existing 'error'. | Pawel Jakub Dawidek | 2011-11-26 | 1 | -3/+2 |
* | Simplify code a bit. | Pawel Jakub Dawidek | 2011-11-26 | 1 | -6/+3 |
* | Make IPsec compile without INET adding appropriate #ifdef checks. | Bjoern A. Zeeb | 2011-04-27 | 1 | -14/+17 |
* | Optimisation in IPSEC(4): | Fabien Thomas | 2011-03-31 | 1 | -12/+9 |
* | Fix two SA refcount: | Fabien Thomas | 2011-03-31 | 1 | -0/+1 |
* | Fixed IPsec's HMAC_SHA256-512 support to be RFC4868 compliant. | VANHULLEBUS Yvan | 2011-02-18 | 1 | -2/+22 |
* | Merge the remainder of kern_vimage.c and vimage.h into vnet.c and | Robert Watson | 2009-08-01 | 1 | -1/+0 |