[Bug 263379] [regression] [ipsec] compatibility broken between stable/12 and stable/13 opencrypto in AEAD mode

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263379 --- Comment #9 from Eugene Grosbein --- (In reply to John Baldwin from comment #8) > Static keys are not good for AES-GCM or AES-CTR as the sequence number can > rollover yes. Maybe it's worth mentioning in the setkey(8), too. > stable/

[Bug 263379] [regression] [ipsec] compatibility broken between stable/12 and stable/13 opencrypto in AEAD mode

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263379 --- Comment #8 from John Baldwin --- (In reply to Eugene Grosbein from comment #6) Static keys are not good for AES-GCM or AES-CTR as the sequence number can rollover yes. Even for AES-CBC I would be hesitant to rely on static keys rather

[Bug 263379] [regression] [ipsec] compatibility broken between stable/12 and stable/13 opencrypto in AEAD mode

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263379 --- Comment #7 from Eugene Grosbein --- (In reply to John Baldwin from comment #5) > In terms of how to inform other users, we could perhaps add a check to > stable/12 to warn users about using an explicit -A in combination with > AES-GC

[Bug 263379] [regression] [ipsec] compatibility broken between stable/12 and stable/13 opencrypto in AEAD mode

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263379 --- Comment #6 from Eugene Grosbein --- (In reply to John Baldwin from comment #3) I was told that aes-gcm-16 should not be used with static keys for anything other then debugging, so I'm experimenting with -E aes-cbc ... -A hmac-sha2-512

[Bug 263379] [regression] [ipsec] compatibility broken between stable/12 and stable/13 opencrypto in AEAD mode

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263379 --- Comment #5 from John Baldwin --- I have a review for the manpage at https://reviews.freebsd.org/D34947 (Eugene, I couldn't add you on the review via your freebsd.org username for some reason?) In terms of how to inform other users, we

[Bug 263379] [regression] [ipsec] compatibility broken between stable/12 and stable/13 opencrypto in AEAD mode

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263379 --- Comment #4 from Eugene Grosbein --- (In reply to John Baldwin from comment #3) I personally can deal with the problem in multiple ways but this PR is about migration ways suitable for most users. Yes, please correct setkey(8) manual pa

[Bug 263379] [regression] [ipsec] compatibility broken between stable/12 and stable/13 opencrypto in AEAD mode

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263379 --- Comment #3 from John Baldwin --- So the issue with the setkey manpage is it was written before AEAD algorithms were a thing and when you always had to use Encrypt-then-Auth (ETA) combinations of distinct ciphers and MACs. In general wh

[Bug 263379] [regression] [ipsec] compatibility broken between stable/12 and stable/13 opencrypto in AEAD mode

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263379 --- Comment #2 from Eugene Grosbein --- (In reply to John Baldwin from comment #1) I'm not an IPSec expert in any way. I tend to agree that this setup may be broken, if you say so. I'm talking about setkey(8) manual page that still states

[Bug 263379] [regression] [ipsec] compatibility broken between stable/12 and stable/13 opencrypto in AEAD mode

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263379 --- Comment #1 from John Baldwin --- To be clear, what do you think using AES-GCM with a separate SHA-512 HMAC should do? From the RFCs I have read, there is no defined standard for using a separate MAC with an AEAD cipher. For example, i

[Bug 255705] Routing does not honor mbuf_tag PACKET_TAG_IPFORWARD correctly

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=255705 --- Comment #7 from commit-h...@freebsd.org --- A commit in branch stable/13 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=17c9c2049004038ed6f2dc23a64cb9f74411ec52 commit 17c9c2049004038ed6f2dc23a64cb9f74411ec52 Author: