b01edfb515
r361390 decreased blocksize of AES-CTR from 16 to 1. Because of that ESP payload is no longer aligned to 16 bytes before being encrypted and sent. This is a good change since RFC3686 specifies that the last block doesn't need to be aligned. Since FreeBSD before r361390 couldn't decrypt partial blocks encrypted with AES-CTR we need to enforce 16 byte alignment in order to preserve compatibility. Add a sysctl(on by default) to control it. Submitted by: Kornel Duleba <mindal@semihalf.com> Reviewed by: jhb Obtained from: Semihalf Sponsored by: Stormshield Differential Revision: https://reviews.freebsd.org/D24999 |
||
|---|---|---|
| .. | ||
| ah_var.h | ||
| ah.h | ||
| esp_var.h | ||
| esp.h | ||
| ipcomp_var.h | ||
| ipcomp.h | ||
| ipsec6.h | ||
| ipsec_input.c | ||
| ipsec_mbuf.c | ||
| ipsec_mod.c | ||
| ipsec_output.c | ||
| ipsec_pcb.c | ||
| ipsec_support.h | ||
| ipsec.c | ||
| ipsec.h | ||
| key_debug.c | ||
| key_debug.h | ||
| key_var.h | ||
| key.c | ||
| key.h | ||
| keydb.h | ||
| keysock.c | ||
| keysock.h | ||
| subr_ipsec.c | ||
| udpencap.c | ||
| xform_ah.c | ||
| xform_esp.c | ||
| xform_ipcomp.c | ||
| xform_tcp.c | ||
| xform.h | ||