summaryrefslogtreecommitdiffstats
path: root/sys/netipsec/xform_esp.c
diff options
context:
space:
mode:
Diffstat (limited to 'sys/netipsec/xform_esp.c')
-rw-r--r--sys/netipsec/xform_esp.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/sys/netipsec/xform_esp.c b/sys/netipsec/xform_esp.c
index a556167..cd9c312 100644
--- a/sys/netipsec/xform_esp.c
+++ b/sys/netipsec/xform_esp.c
@@ -761,8 +761,10 @@ esp_output(
if (sav->replay) {
u_int32_t replay;
+#ifdef REGRESSION
/* Emulate replay attack when ipsec_replay is TRUE. */
if (!ipsec_replay)
+#endif
sav->replay->count++;
replay = htonl(sav->replay->count);
bcopy((caddr_t) &replay,
@@ -947,6 +949,7 @@ esp_output_cb(struct cryptop *crp)
free(tc, M_XDATA);
crypto_freereq(crp);
+#ifdef REGRESSION
/* Emulate man-in-the-middle attack when ipsec_integrity is TRUE. */
if (ipsec_integrity) {
static unsigned char ipseczeroes[AH_HMAC_HASHLEN];
@@ -962,6 +965,7 @@ esp_output_cb(struct cryptop *crp)
AH_HMAC_HASHLEN, ipseczeroes);
}
}
+#endif
/* NB: m is reclaimed by ipsec_process_done. */
err = ipsec_process_done(m, isr);
OpenPOWER on IntegriCloud