Add support for the Extended (64-bit) Sequence Number as defined

in RFC4302 and RFC4303. Right now only software crypto engine is capable of doing it. Replay check was rewritten to implement algorithm described in the Appendix A of RFC4303 and the window size was increased to 64. Tested against OpenBSD, Linux (strongswan) and Windows. No objection from the usual suspects.
author: mikeb <mikeb@openbsd.org> 2012-06-29 14:48:04 +0000
committer: mikeb <mikeb@openbsd.org> 2012-06-29 14:48:04 +0000
commit: 6b4cbaf181c6b60701d9fb888fd0e7a4333eecbd (patch)
tree: 6be475c581e86aa2256881bf6b0ac25279758749 /sys/net/pfkeyv2_parsemessage.c
parent: regen (diff)
download: wireguard-openbsd-6b4cbaf181c6b60701d9fb888fd0e7a4333eecbd.tar.xz
wireguard-openbsd-6b4cbaf181c6b60701d9fb888fd0e7a4333eecbd.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/sys/net/pfkeyv2_parsemessage.c b/sys/net/pfkeyv2_parsemessage.c
index b85eb919eac..2d8f6d26eaa 100644
--- a/sys/net/pfkeyv2_parsemessage.c
+++ b/sys/net/pfkeyv2_parsemessage.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pfkeyv2_parsemessage.c,v 1.45 2012/03/28 19:43:21 claudio Exp $	*/
+/*	$OpenBSD: pfkeyv2_parsemessage.c,v 1.46 2012/06/29 14:48:04 mikeb Exp $	*/
 
 /*
  *	@(#)COPYRIGHT	1.1 (NRL) 17 January 1995
@@ -430,7 +430,7 @@ pfkeyv2_parsemessage(void *p, int len, void **headers)
 				return (EINVAL);
 			}
 
-			if (sadb_sa->sadb_sa_replay > 32) {
+			if (sadb_sa->sadb_sa_replay > 64) {
 				DPRINTF(("pfkeyv2_parsemessage: unsupported "
 				    "replay window size %d in SA extension "
 				    "header %d\n", sadb_sa->sadb_sa_replay,
author	mikeb <mikeb@openbsd.org>	2012-06-29 14:48:04 +0000
committer	mikeb <mikeb@openbsd.org>	2012-06-29 14:48:04 +0000
commit	6b4cbaf181c6b60701d9fb888fd0e7a4333eecbd (patch)
tree	6be475c581e86aa2256881bf6b0ac25279758749 /sys/net/pfkeyv2_parsemessage.c
parent	regen (diff)
download	wireguard-openbsd-6b4cbaf181c6b60701d9fb888fd0e7a4333eecbd.tar.xz wireguard-openbsd-6b4cbaf181c6b60701d9fb888fd0e7a4333eecbd.zip