From ruben@helium.verweg.com Thu Jan 4 13:52:19 2007 Return-Path: Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id DD2D016A403 for ; Thu, 4 Jan 2007 13:52:19 +0000 (UTC) (envelope-from ruben@helium.verweg.com) Received: from helium.verweg.com (helium.xs4all.nl [194.109.251.55]) by mx1.freebsd.org (Postfix) with ESMTP id 6AA6613C44B for ; Thu, 4 Jan 2007 13:52:19 +0000 (UTC) (envelope-from ruben@helium.verweg.com) Received: from helium.verweg.com (localhost.verweg.com [IPv6:::1]) by helium.verweg.com (8.13.8/8.13.8) with ESMTP id l04DbWUX002165 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Thu, 4 Jan 2007 14:37:37 +0100 (CET) (envelope-from ruben@helium.verweg.com) Received: (from ruben@localhost) by helium.verweg.com (8.13.8/8.13.8/Submit) id l04DbRDf002164; Thu, 4 Jan 2007 14:37:27 +0100 (CET) (envelope-from ruben) Message-Id: <200701041337.l04DbRDf002164@helium.verweg.com> Date: Thu, 4 Jan 2007 14:37:27 +0100 (CET) From: Ruben van Staveren Reply-To: Ruben van Staveren To: FreeBSD-gnats-submit@freebsd.org Cc: Subject: Inconsistency between tcp-md5 keylengths in IPSEC and FAST_IPSEC X-Send-Pr-Version: 3.113 X-GNATS-Notify: >Number: 107520 >Category: kern >Synopsis: Inconsistency between tcp-md5 keylengths in IPSEC and FAST_IPSEC >Confidential: no >Severity: serious >Priority: medium >Responsible: bms >State: closed >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Jan 04 14:00:30 GMT 2007 >Closed-Date: Thu Feb 08 12:46:42 GMT 2007 >Last-Modified: Thu Feb 8 12:50:11 GMT 2007 >Originator: Ruben van Staveren >Release: FreeBSD 6.2-PRERELEASE i386 >Organization: >Environment: System: FreeBSD helium.verweg.com 6.2-PRERELEASE FreeBSD 6.2-PRERELEASE #27: Thu Jan 4 13:59:46 CET 2007 root@helium.verweg.com:/usr/obj/usr/cvsup/6-stable/src/sys/HELIUM-SMP i386 >Description: The use of echo 'add 192.168.1.1 192.168.1.34 tcp 0x1000 -A tcp-md5 "1234567890abcdefghijk;' | setkey -c is non consistent between kernels compiled with FAST_IPSEC (works) and IPSEC (key is too long) apparently, kernels with option IPSEC only accepts keys 10 characters in length at most for tcp-md5 >How-To-Repeat: echo 'add 192.168.1.1 192.168.1.34 tcp 0x1000 -A tcp-md5 "1234567890abcdefghijk;' | setkey -c on kernels either compiled with options FAST_IPSEC or options IPSEC options IPSEC_ESP both need to have options TCP_SIGNATURE #include support for RFC 2385 device crypto And "options IPSEC" need to have additionally device cryptodev >Fix: Either use FAST_IPSEC kernels or allow the same keylength limits for IPSEC kernels >Release-Note: >Audit-Trail: Responsible-Changed-From-To: freebsd-bugs->bms Responsible-Changed-By: bms Responsible-Changed-When: Sun Feb 4 18:28:33 UTC 2007 Responsible-Changed-Why: It's my baby and I'll cry if I want to. http://www.freebsd.org/cgi/query-pr.cgi?pr=107520 State-Changed-From-To: open->patched State-Changed-By: bms State-Changed-When: Mon Feb 5 11:06:06 UTC 2007 State-Changed-Why: patched in -current http://www.freebsd.org/cgi/query-pr.cgi?pr=107520 From: dfilter@FreeBSD.ORG (dfilter service) To: bug-followup@FreeBSD.org Cc: Subject: Re: kern/107520: commit references a PR Date: Mon, 5 Feb 2007 11:19:05 +0000 (UTC) bms 2007-02-05 11:18:47 UTC FreeBSD src repository Modified files: sys/netinet6 ah_core.c Log: Forced commit; Vim ate my homework^Wkeystroke. Fix an incorrect TCP-MD5 key length check for the !FAST_IPSEC case. PR: 104422, 107520 MFC after: 3 days Revision Changes Path 1.29 +0 -0 src/sys/netinet6/ah_core.c _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org" State-Changed-From-To: patched->closed State-Changed-By: bms State-Changed-When: Thu Feb 8 12:46:25 UTC 2007 State-Changed-Why: MFC http://www.freebsd.org/cgi/query-pr.cgi?pr=107520 From: dfilter@FreeBSD.ORG (dfilter service) To: bug-followup@FreeBSD.org Cc: Subject: Re: kern/107520: commit references a PR Date: Thu, 8 Feb 2007 12:46:49 +0000 (UTC) bms 2007-02-08 12:46:15 UTC FreeBSD src repository Modified files: (Branch: RELENG_6) sys/netinet6 ah_core.c Log: MFC rev 1.29: Fix an incorrect TCP-MD5 key length check for the !FAST_IPSEC case. PR: 104422, 107520 MFC after: 3 days Revision Changes Path 1.25.2.2 +1 -1 src/sys/netinet6/ah_core.c _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org" >Unformatted: