d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
b01edfb515
freebsd-dev/sys/netipsec
History
Marcin Wojtas b01edfb515 Fix AES-CTR compatibility issue in ipsec 
r361390 decreased blocksize of AES-CTR from 16 to 1.
Because of that ESP payload is no longer aligned to 16 bytes
before being encrypted and sent.
This is a good change since RFC3686 specifies that the last block
doesn't need to be aligned.
Since FreeBSD before r361390 couldn't decrypt partial blocks encrypted
with AES-CTR we need to enforce 16 byte alignment in order to preserve
compatibility.
Add a sysctl(on by default) to control it.

Submitted by: Kornel Duleba <mindal@semihalf.com>
Reviewed by: jhb
Obtained from: Semihalf
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D24999
2020-05-26 14:16:26 +00:00
..
ah_var.h
ah.h sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
esp_var.h
esp.h sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
ipcomp_var.h sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
ipcomp.h sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
ipsec6.h sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
ipsec_input.c Add inpcb pointer to struct ipsec_ctx_data and pass it to the pfil hook 2017-07-31 11:04:35 +00:00
ipsec_mbuf.c Merge r1.22-1.23 from NetBSD: 2018-04-26 12:23:31 +00:00
ipsec_mod.c
ipsec_output.c sys: general adoption of SPDX licensing ID tags. 2017-11-27 15:23:17 +00:00
ipsec_pcb.c Remove unused argument to priv_check_cred. 2018-12-11 19:32:16 +00:00
ipsec_support.h
ipsec.c Remove support for IPsec algorithms deprecated in r348205 and r360202. 2020-05-02 00:06:58 +00:00
ipsec.h Remove support for IPsec algorithms deprecated in r348205 and r360202. 2020-05-02 00:06:58 +00:00
key_debug.c r335795 build fix: make static functions static 2018-06-29 14:51:36 +00:00
key_debug.h sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
key_var.h sys: further adoption of SPDX licensing ID tags. 2017-11-20 19:43:44 +00:00
key.c Remove support for IPsec algorithms deprecated in r348205 and r360202. 2020-05-02 00:06:58 +00:00
key.h Replace read_random(9) with more appropriate arc4rand(9) KPIs 2019-04-04 01:02:50 +00:00
keydb.h OCF: Add a typedef for session identifiers 2018-07-13 23:46:07 +00:00
keysock.c Mark more nodes as CTLFLAG_MPSAFE or CTLFLAG_NEEDGIANT (17 of many) 2020-02-26 14:26:36 +00:00
keysock.h Remove obsoleted and unused key_sendup() function. 2018-03-11 18:03:55 +00:00
subr_ipsec.c Fix witness warning in xform_init(). 2018-09-26 14:47:51 +00:00
udpencap.c Fix possible double releasing for SA reference. 2017-09-01 11:51:07 +00:00
xform_ah.c Add support for optional separate output buffers to in-kernel crypto. 2020-05-25 22:12:04 +00:00
xform_esp.c Fix AES-CTR compatibility issue in ipsec 2020-05-26 14:16:26 +00:00
xform_ipcomp.c Add support for optional separate output buffers to in-kernel crypto. 2020-05-25 22:12:04 +00:00
xform_tcp.c fix locking within tcp_ipsec_pcbctl() to match ipsec4_pcbctl(), ipsec4_pcbctl() 2018-07-04 17:10:07 +00:00
xform.h Refactor driver and consumer interfaces for OCF (in-kernel crypto). 2020-03-27 18:25:23 +00:00