b01edfb515
r361390 decreased blocksize of AES-CTR from 16 to 1. Because of that ESP payload is no longer aligned to 16 bytes before being encrypted and sent. This is a good change since RFC3686 specifies that the last block doesn't need to be aligned. Since FreeBSD before r361390 couldn't decrypt partial blocks encrypted with AES-CTR we need to enforce 16 byte alignment in order to preserve compatibility. Add a sysctl(on by default) to control it. Submitted by: Kornel Duleba <mindal@semihalf.com> Reviewed by: jhb Obtained from: Semihalf Sponsored by: Stormshield Differential Revision: https://reviews.freebsd.org/D24999 |
||
---|---|---|
.. | ||
ah_var.h | ||
ah.h | ||
esp_var.h | ||
esp.h | ||
ipcomp_var.h | ||
ipcomp.h | ||
ipsec6.h | ||
ipsec_input.c | ||
ipsec_mbuf.c | ||
ipsec_mod.c | ||
ipsec_output.c | ||
ipsec_pcb.c | ||
ipsec_support.h | ||
ipsec.c | ||
ipsec.h | ||
key_debug.c | ||
key_debug.h | ||
key_var.h | ||
key.c | ||
key.h | ||
keydb.h | ||
keysock.c | ||
keysock.h | ||
subr_ipsec.c | ||
udpencap.c | ||
xform_ah.c | ||
xform_esp.c | ||
xform_ipcomp.c | ||
xform_tcp.c | ||
xform.h |