| Commit message (Expand) | Author | Age | Files | Lines |
* | Add support for IPsec ESN and pass relevant information to crypto layer | Marcin Wojtas | 2020-10-16 | 1 | -14/+104 |
* | Implement anti-replay algorithm with ESN support | Marcin Wojtas | 2020-10-16 | 1 | -2/+3 |
* | Simplify IPsec transform-specific teardown. | John Baldwin | 2020-06-25 | 1 | -10/+6 |
* | Use zfree() to explicitly zero IPsec keys. | John Baldwin | 2020-06-25 | 1 | -3/+1 |
* | Consistently include opt_ipsec.h for consumers of <netipsec/ipsec.h>. | John Baldwin | 2020-05-29 | 1 | -0/+1 |
* | Fix AES-CTR compatibility issue in ipsec | Marcin Wojtas | 2020-05-26 | 1 | -1/+12 |
* | Add support for optional separate output buffers to in-kernel crypto. | John Baldwin | 2020-05-25 | 1 | -8/+4 |
* | Don't pass bogus keys down for NULL algorithms. | John Baldwin | 2020-05-02 | 1 | -3/+5 |
* | Remove support for IPsec algorithms deprecated in r348205 and r360202. | John Baldwin | 2020-05-02 | 1 | -25/+0 |
* | Fix name of 3DES cipher in deprecation warning. | John Baldwin | 2020-04-22 | 1 | -1/+1 |
* | Deprecate 3des support in IPsec for FreeBSD 13. | John Baldwin | 2020-04-22 | 1 | -1/+5 |
* | Update comments about IVs used in IPsec ESP. | John Baldwin | 2020-04-20 | 1 | -16/+30 |
* | Generate IVs directly in esp_output. | John Baldwin | 2020-04-20 | 1 | -4/+4 |
* | Refactor driver and consumer interfaces for OCF (in-kernel crypto). | John Baldwin | 2020-03-27 | 1 | -106/+67 |
* | Fix m_pullup() problem after removing PULLDOWN_TESTs and KAME EXT_*macros. | Bjoern A. Zeeb | 2019-12-01 | 1 | -6/+8 |
* | Add support for dummy ESP packets with next header field equal to | Andrey V. Elsukov | 2019-11-27 | 1 | -0/+7 |
* | netinet*: replace IP6_EXTHDR_GET() | Bjoern A. Zeeb | 2019-11-15 | 1 | -2/+9 |
* | Make the warning intervals for deprecated crypto algorithms tunable. | John Baldwin | 2019-06-11 | 1 | -5/+4 |
* | Add deprecation warnings for IPsec algorithms deprecated in RFC 8221. | John Baldwin | 2019-05-23 | 1 | -0/+23 |
* | Replace read_random(9) with more appropriate arc4rand(9) KPIs | Conrad Meyer | 2019-04-04 | 1 | -1/+1 |
* | OpenCrypto: Convert sessions to opaque handles instead of integers | Conrad Meyer | 2018-07-18 | 1 | -6/+6 |
* | OCF: Add a typedef for session identifiers | Conrad Meyer | 2018-07-13 | 1 | -4/+5 |
* | Set the proper vnet in IPsec callback functions. | John Baldwin | 2018-03-20 | 1 | -0/+10 |
* | Do pass removing some write-only variables from the kernel. | Alexander Kabaev | 2017-12-25 | 1 | -2/+0 |
* | crypto(9) is called from ipsec in CRYPTO_F_CBIFSYNC mode. This is working | Fabien Thomas | 2017-11-03 | 1 | -0/+4 |
* | Disable IPsec debugging code by default when IPSEC_DEBUG kernel option | Andrey V. Elsukov | 2017-05-29 | 1 | -3/+3 |
* | Fix possible double releasing for SA and SP references. | Andrey V. Elsukov | 2017-05-23 | 1 | -0/+2 |
* | Fix possible double releasing for SA reference. | Andrey V. Elsukov | 2017-05-23 | 1 | -11/+14 |
* | Merge projects/ipsec into head/. | Andrey V. Elsukov | 2017-02-06 | 1 | -195/+130 |
* | IPsec RFC6479 support for replay window sizes up to 2^32 - 32 packets. | Fabien Thomas | 2016-11-25 | 1 | -0/+2 |
* | Use explicitly specified ivsize instead of blocksize when we mean IV size. | Andrey V. Elsukov | 2015-11-16 | 1 | -7/+1 |
* | Take extra reference to security policy before calling crypto_dispatch(). | Andrey V. Elsukov | 2015-09-30 | 1 | -0/+1 |
* | Make IPsec work with AES-GCM and AES-ICM (aka CTR) in OCF... IPsec | John-Mark Gurney | 2015-08-04 | 1 | -81/+89 |
* | these are comparing authenticators and need to be constant time... | John-Mark Gurney | 2015-07-31 | 1 | -1/+1 |
* | Clean up this header file... | John-Mark Gurney | 2015-07-31 | 1 | -2/+0 |
* | RFC4868 section 2.3 requires that the output be half... This fixes | John-Mark Gurney | 2015-07-29 | 1 | -24/+6 |
* | Summary: Fix LINT build. The names of the new AES modes were not | George V. Neville-Neil | 2015-07-10 | 1 | -3/+3 |
* | Add support for AES modes to IPSec. These modes work both in software only | George V. Neville-Neil | 2015-07-09 | 1 | -48/+89 |
* | Fix possible use after free due to security policy deletion. | Andrey V. Elsukov | 2015-04-27 | 1 | -2/+5 |
* | Change ipsec_address() and ipsec_logsastr() functions to take two | Andrey V. Elsukov | 2015-04-18 | 1 | -29/+30 |
* | Remove now unused mtag argument from ipsec*_common_input_cb. | Andrey V. Elsukov | 2014-12-11 | 1 | -2/+2 |
* | Remove code related to PACKET_TAG_IPSEC_IN_CRYPTO_DONE mbuf tag. | Andrey V. Elsukov | 2014-12-11 | 1 | -72/+34 |
* | Remove route chaching support from ipsec code. It isn't used for some time. | Andrey V. Elsukov | 2014-12-02 | 1 | -1/+0 |
* | Remove SYSCTL_VNET_* macros, and simply put CTLFLAG_VNET where needed. | Gleb Smirnoff | 2014-11-07 | 1 | -2/+2 |
* | Provide includes that are needed in these files, and before were read | Gleb Smirnoff | 2013-10-26 | 1 | -0/+2 |
* | Migrate structs ahstat, espstat, ipcompstat, ipipstat, pfkeystat, | Andrey V. Elsukov | 2013-07-09 | 1 | -3/+9 |
* | Use corresponding macros to update statistics for AH, ESP, IPIP, IPCOMP, | Andrey V. Elsukov | 2013-06-20 | 1 | -28/+28 |
* | Remove unused 'plen' variable. | Pawel Jakub Dawidek | 2011-11-26 | 1 | -2/+1 |
* | The esp_max_ivlen global variable is not needed, we can just use | Pawel Jakub Dawidek | 2011-11-26 | 1 | -16/+1 |
* | malloc(M_WAITOK) never fails, so there is no need to check for NULL. | Pawel Jakub Dawidek | 2011-11-26 | 1 | -4/+0 |