[Bug 263379] [regression] [ipsec] compatibility broken between stable/12 and stable/13 opencrypto in AEAD mode

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 263379] [regression] [ipsec] compatibility broken between stable/12 and stable/13 opencrypto in AEAD mode"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Mon, 18 Apr 2022 19:05:08 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263379

--- Comment #6 from Eugene Grosbein <eugen@freebsd.org> ---
(In reply to John Baldwin from comment #3)

I was told that aes-gcm-16 should not be used with static keys for anything
other then debugging, so I'm experimenting with -E aes-cbc ... -A hmac-sha2-512
and it still fails with EINVAL (same way). And same way it fails replacing
hmac-sha2-512 with hmac-sha2-256 or with hmac-sha1.

Does stable/13 support Encrypt-then-Auth (ETA) mode and if so, which algos?

-- 
You are receiving this mail because:
You are on the CC list for the bug.