https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=222684
--- Comment #18 from Conrad Meyer ---
*** Bug 215946 has been marked as a duplicate of this bug. ***
--
You are receiving this mail because:
You are the assignee for the bug.
___
freebsd-bugs@fr
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=222684
Conrad Meyer changed:
What|Removed |Added
Resolution|--- |FIXED
Status|New
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=222684
--- Comment #16 from commit-h...@freebsd.org ---
A commit references this bug:
Author: cem
Date: Mon Jun 4 18:51:07 UTC 2018
New revision: 334625
URL: https://svnweb.freebsd.org/changeset/base/334625
Log:
Correctly handle the padding fo
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=222684
--- Comment #15 from Conrad Meyer ---
Thanks for testing!
--
You are receiving this mail because:
You are the assignee for the bug.
___
freebsd-bugs@freebsd.org mailing list
https://lists.freebs
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=222684
--- Comment #14 from Jason Mader ---
(In reply to Conrad Meyer from comment #13)
The patch worked for me!
--
You are receiving this mail because:
You are the assignee for the bug.
___
freebsd-b
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=222684
--- Comment #13 from Conrad Meyer ---
I don't have a great way to test this stuff. Here's a port of the ipv6 padding
fix (untested). Jason, please test if you can. Thanks!
https://reviews.freebsd.org/D15661
--
You are receiving this m
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=222684
--- Comment #12 from Conrad Meyer ---
A nice git view of NetBSD ipsec history is here:
https://github.com/NetBSD/src/commits/trunk/sys/netipsec
There is probably a lot of good stuff for us to pull from there (possibly
security-related), no
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=222684
--- Comment #11 from Conrad Meyer ---
(In reply to Jason Mader from comment #10)
Neat. I'll take a look at the NetBSD changes.
--
You are receiving this mail because:
You are the assignee for the bug.
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=222684
--- Comment #10 from Jason Mader ---
I tried this on NetBSD, and hmac-sha2-384 is working with Linux now.
--
You are receiving this mail because:
You are the assignee for the bug.
___
freebsd-bu
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=222684
--- Comment #9 from Andrey V. Elsukov ---
Hi,
Maxim reported that he fixed the problem in NetBSD, can you look at this?
http://mail-index.netbsd.org/source-changes/2018/05/30/msg095589.html
http://mail-index.netbsd.org/source-change
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=222684
--- Comment #8 from Jason Mader ---
(In reply to Conrad Meyer from comment #7)
I don't see changes to the NetBSD ah_output() and ah_hdrsiz() functions either.
--
You are receiving this mail because:
You are the assignee for the bug.
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=222684
--- Comment #7 from Conrad Meyer ---
(In reply to Jason Mader from comment #6)
Ah, that is unfortunate. Thanks. I don't see anything in the NetBSD link
related to AH MAC length padding.
--
You are receiving this mail because:
You are th
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=222684
--- Comment #6 from Jason Mader ---
(In reply to Conrad Meyer from comment #5)
Nope, only because I don't believe Linux ip xfrm has that algorithm,
>From IP-XFRM(8):
Authentication algorithms include digest_null, hmac(md5), hmac(sha1),
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=222684
--- Comment #5 from Conrad Meyer ---
(In reply to Jason Mader from comment #4)
Ah, got it, thanks! I'm not familiar with NetBSD IPSec work and don't know how
much is shared.
Based on a 20 byte MAC like HMAC-SHA1 working and an 8 byte alig
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=222684
--- Comment #4 from Jason Mader ---
(In reply to Conrad Meyer from comment #3)
Correct. All I meant, with the considerable of changes to NetBSD IPsec (which I
thought FreeBSD was similar to), if this had been caught already this would be
a
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=222684
--- Comment #3 from Conrad Meyer ---
I think FreeBSD is probably in the wrong here. ah_output() does not appear to
round-up ah/MAC length at all, and the ah_hdrsiz() helper unconditionally
rounds to 32 bits, not 64.
--
You are receiving
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=222684
--- Comment #2 from Conrad Meyer ---
It is totally plausible that FreeBSD's Ipv6 IPSEC is broken, but I don't see
what NetBSD's got to do with it.
--
You are receiving this mail because:
You are the assignee for the bug.
_
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=222684
Jason Mader changed:
What|Removed |Added
Version|11.1-RELEASE|CURRENT
--- Comment #1 from Jason Ma
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=222684
Jason Mader changed:
What|Removed |Added
Summary|AH hmac-sha2-384 is |IPv6 AH hmac-sha2-384 is
19 matches
Mail list logo
