]> git.ipfire.org Git - thirdparty/openvpn.git/commit
projects / thirdparty / openvpn.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: fed6764) | patch
DCO: support key rotation notifications
authorKristof Provost <kp@FreeBSD.org>
Fri, 14 Apr 2023 09:42:27 +0000 (11:42 +0200)
committerGert Doering <gert@greenie.muc.de>
Mon, 8 May 2023 08:57:53 +0000 (10:57 +0200)
commitec71489bfc7c1d798f5f6de8e9fc187b9127072c
treec344a6e0c364af155ec919cfa1f427513876d498tree
parentfed67642dccbcf115952df0709a98929c1fc52b8commit | diff
DCO: support key rotation notifications

Allow the kernel driver to notify us that it's time to renegotiate keys.
The intent is to avoid IV re-use after 2^32 packets.

This is a first draft intended for discussion. The accompanying kernel
change for FreeBSD can be found in https://reviews.freebsd.org/D39570

Signed-off-by: Kristof Provost <kprovost@netgate.com>
Acked-by: Antonio Quartulli <antonio@openvpn.net>
Message-Id: <20230414094227.9153-1-kprovost@netgate.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg26590.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
src/openvpn/dco_freebsd.c diff | blob | blame | history
src/openvpn/dco_freebsd.h diff | blob | blame | history
src/openvpn/forward.c diff | blob | blame | history
src/openvpn/multi.c diff | blob | blame | history
src/openvpn/ovpn_dco_freebsd.h diff | blob | blame | history
src/openvpn/ssl.c diff | blob | blame | history
src/openvpn/ssl.h diff | blob | blame | history
Mirror of https://github.com/OpenVPN/openvpn.git