xform_esp.c - OpenGrok cross reference for /freebsd/sys/netipsec/xform

Deleted Added

sdiffudifftextold (2320ec8b..)new (dfa9422b..)

xform_esp.c (2320ec8b7380604dbddd8880daf6c7c6f76d4350)	xform_esp.c (dfa9422b4a41712ab6f90f88d82bc90942e1243d)
1/* $FreeBSD$ / 2/ $OpenBSD: ip_esp.c,v 1.69 2001/06/26 06:18:59 angelos Exp $ / 3/- 4 * The authors of this code are John Ioannidis (ji@tla.org), 5 * Angelos D. Keromytis (kermit@csd.uch.gr) and 6 * Niels Provos (provos@physnet.uni-hamburg.de). 7 * 8 * The original version of this code was written by John Ioannidis --- 745 unchanged lines hidden (view full) --- 754 espstat.esps_hdrops++; /* XXX diffs from openbsd / 755 error = ENOBUFS; 756 goto bad; 757 } 758 759 / Initialize ESP header. */ 760 bcopy((caddr_t) &sav->spi, mtod(mo, caddr_t) + roff, sizeof(u_int32_t)); 761 if (sav->replay) {	1/* $FreeBSD$ / 2/ $OpenBSD: ip_esp.c,v 1.69 2001/06/26 06:18:59 angelos Exp $ / 3/- 4 * The authors of this code are John Ioannidis (ji@tla.org), 5 * Angelos D. Keromytis (kermit@csd.uch.gr) and 6 * Niels Provos (provos@physnet.uni-hamburg.de). 7 * 8 * The original version of this code was written by John Ioannidis --- 745 unchanged lines hidden (view full) --- 754 espstat.esps_hdrops++; /* XXX diffs from openbsd / 755 error = ENOBUFS; 756 goto bad; 757 } 758 759 / Initialize ESP header. */ 760 bcopy((caddr_t) &sav->spi, mtod(mo, caddr_t) + roff, sizeof(u_int32_t)); 761 if (sav->replay) {
762 u_int32_t replay = htonl(++(sav->replay->count));	762 u_int32_t replay; 763 764 /* Emulate replay attack when ipsec_replay is TRUE. */ 765 if (!ipsec_replay) 766 sav->replay->count++; 767 replay = htonl(sav->replay->count);
763 bcopy((caddr_t) &replay, 764 mtod(mo, caddr_t) + roff + sizeof(u_int32_t), 765 sizeof(u_int32_t)); 766 } 767 768 /* 769 * Add padding -- better to do it ourselves than use the crypto engine, 770 * although if/when we support compression, we'd have to do that. --- 166 unchanged lines hidden (view full) --- 937 espstat.esps_hist[sav->alg_enc]++; 938 if (sav->tdb_authalgxform != NULL) 939 ahstat.ahs_hist[sav->alg_auth]++; 940 941 /* Release crypto descriptors. */ 942 free(tc, M_XDATA); 943 crypto_freereq(crp); 944	768 bcopy((caddr_t) &replay, 769 mtod(mo, caddr_t) + roff + sizeof(u_int32_t), 770 sizeof(u_int32_t)); 771 } 772 773 /* 774 * Add padding -- better to do it ourselves than use the crypto engine, 775 * although if/when we support compression, we'd have to do that. --- 166 unchanged lines hidden (view full) --- 942 espstat.esps_hist[sav->alg_enc]++; 943 if (sav->tdb_authalgxform != NULL) 944 ahstat.ahs_hist[sav->alg_auth]++; 945 946 /* Release crypto descriptors. */ 947 free(tc, M_XDATA); 948 crypto_freereq(crp); 949
	950 /* Emulate man-in-the-middle attack when ipsec_integrity is TRUE. / 951 if (ipsec_integrity) { 952 static unsigned char ipseczeroes[AH_HMAC_HASHLEN]; 953 struct auth_hash esph; 954 955 /* 956 * Corrupt HMAC if we want to test integrity verification of 957 * the other side. 958 */ 959 esph = sav->tdb_authalgxform; 960 if (esph != NULL) { 961 m_copyback(m, m->m_pkthdr.len - AH_HMAC_HASHLEN, 962 AH_HMAC_HASHLEN, ipseczeroes); 963 } 964 } 965
945 /* NB: m is reclaimed by ipsec_process_done. / 946 err = ipsec_process_done(m, isr); 947 KEY_FREESAV(&sav); 948 IPSECREQUEST_UNLOCK(isr); 949 NET_UNLOCK_GIANT(); 950 return err; 951bad: 952 if (sav) --- 36 unchanged lines hidden* ---	966 /* NB: m is reclaimed by ipsec_process_done. / 967 err = ipsec_process_done(m, isr); 968 KEY_FREESAV(&sav); 969 IPSECREQUEST_UNLOCK(isr); 970 NET_UNLOCK_GIANT(); 971 return err; 972bad: 973 if (sav) --- 36 unchanged lines hidden* ---