202091 – IPsec aes-gcm does not support ICV8 or ICV12

Bug 202091 - IPsec aes-gcm does not support ICV8 or ICV12

Summary: IPsec aes-gcm does not support ICV8 or ICV12

Status:	New

Alias:	None

Product:	Base System
Classification:	Unclassified
Component:	kern (show other bugs)
Version:	CURRENT
Hardware:	Any Any

Importance:	--- Affects Some People
Assignee:	George V. Neville-Neil

URL:
Keywords:

Depends on:
Blocks:

Reported:	2015-08-04 20:03 UTC by John-Mark Gurney
Modified:	2015-08-04 20:04 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description John-Mark Gurney freebsd_committer

2015-08-04 20:03:51 UTC

setkey does not support ICV8 or ICV12.

With the recent changes I made, I know the kernel support ICV16, but it will break if ICV8 or ICV12 is used.  This could be panics or corrupted packets.

Test and verify that ICV8 and ICV12 cannot be set in the kernel on an SA, or fix them, though this may be harder to do.

Format For Printing
- XML
- Clone This Bug
- Top of page