From nobody Mon Apr 18 21:05:14 2022 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id B468711D15D1 for ; Mon, 18 Apr 2022 21:05:14 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4KhzwV1kCTz3DK1 for ; Mon, 18 Apr 2022 21:05:14 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 1617E1A57F for ; Mon, 18 Apr 2022 21:05:14 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 23IL5DXw013683 for ; Mon, 18 Apr 2022 21:05:13 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 23IL5Det013682 for net@FreeBSD.org; Mon, 18 Apr 2022 21:05:13 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 263379] [regression] [ipsec] compatibility broken between stable/12 and stable/13 opencrypto in AEAD mode Date: Mon, 18 Apr 2022 21:05:14 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 13.1-STABLE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: jhb@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: jhb@FreeBSD.org X-Bugzilla-Flags: mfc-stable13? X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@freebsd.org MIME-Version: 1.0 ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1650315914; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=BxiW25T0zRrmRkRhJ+s/NBwzvcq5MgozfpD73w6jLkQ=; b=vCGtxXrM/2Na6+a2whcORdE6uQAeI7U35Xw0XIekinBH4g69JFMZT0DDM9hgv2Jn4O3Ce9 9W7WupGZRSRmJwMX07aAuy1o7obuTZWVxDyXxQsYf8iDj8rbfSsWQdj0aMFDUCHy/dDefF kIwluqiHGnujU2Iddm4V1G0RBsZ+ZNX/+TPYBfq8FiJR/2V/HFJCt69+nzOgxFwAWkIuXs 5TCiq1OZfgnHn89sOeQeBDqDU802OlYEiXs4Ms0CGRdQ3gkWxGLUeX7VEcYUdbvWjyfh6Y BgTP9e+Hz9vkgw04kH5Y70BHza5BA763H1CStouYYO6JjcJeZpGHoYA8bt1RsQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1650315914; a=rsa-sha256; cv=none; b=eKWiGaqXFzuPA7V7ronfUfw+cltN4xA3USpHym/CNU9A1HlUmce/Rn6QkN5qMf0lj2zybq ZbVV5H9E06521hw9cENFfBmoChQ9M11BkxWS98wpSJ4wfa2A16efG3f3uXtHl1WlMWzInl Ce2nK1kjqPQiNVLdd/senuxNiLa/pyesscW5FzuF0XYdsiMAm/ELnPLPNfOWpDFOCeorQE DbKOgdYE+YSttjP5LKvmO3Az5brnnmviNqOOmVhYPPqYDCKAEN1LvxGTOG8wvVDWiUtu2K NM4p5t0jiegofu2DNrbC8QbIlNJBn7iqB+O9U7/bswIG50LRoExYx5uRqb9H5Q== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D263379 --- Comment #8 from John Baldwin --- (In reply to Eugene Grosbein from comment #6) Static keys are not good for AES-GCM or AES-CTR as the sequence number can rollover yes. Even for AES-CBC I would be hesitant to rely on static keys rather than using an IKE daemon to permit dynamic keys. stable/13 should w= ork fine with ETA combos such as AES-CBC with SHA1/256/512 HMACs. Note that the key for AES-CBC is shorter than for AES-CTR/GCM as it is "only" the actual = AES key (so 16, 24, or 32 bytes) and doesn't include the extra 4 bytes for the implicit part of the IV. (And setkey just reports "EINVAL" for all manner = of errors, so it's rather hard to figure out why setkey fails in my experience= , so my best guess is you are reusing the GCM key but need to remove the last 4 bytes.) The kyua tests test AES-CBC (both 128 and 256 bit keys) with SHA1-HMAC and SHA2-256-HMAC. In regards to stable/12, yes, I think it is also late and a warning might n= ot be seen by many users (and almost said as much). stable/12 is still suppor= ted until 2024 so a 12.4 doesn't seem completely unlikely however. --=20 You are receiving this mail because: You are on the CC list for the bug.=