Note we found a compress=yes regression bug. We fixed it but are rerunning all test cases now...
Sent from my iPhone > On Jul 6, 2014, at 16:57, Bernhard Held <[email protected]> wrote: > > Am 06.07.2014 03:15, schrieb Paul Wouters: >> On Sat, 5 Jul 2014, Bernhard Held wrote: >> >>> I'm applying the attached patch to turn the "connection list" message >>> >>> ESP algorithms wanted: AES_GCM_C(20)_256-NONE(0)_000; >>> pfsgroup=MODP2048(14) >>> ESP algorithms loaded: none >>> >>> into: >>> >>> ESP algorithms wanted: AES_GCM_C(20)_256-NONE(0)_000; >>> pfsgroup=MODP2048(14) >>> ESP algorithms loaded: AES_GCM_C(20)_256-NONE(0)_000 >>> >>> The problem is that kernel_alg_esp_enc_ok() is called several times >>> with key_len = 0, which causes a failure of the check of the AES_GCM >>> key length. A few lines further down in kernel_alg_esp_enc_ok() a >>> comment even tells us that "if key_len specified, it must be in >>> range". This is what my patch is introducing for the first test too. >>> >>> It's just a cosmetic problem, libreswan can establish a SA. However, >>> it's very misleading and makes finding the right key length pretty hard. >> >> I ran into the same issue and had included a patch for it as well: >> >> https://github.com/libreswan/libreswan/commit/2be652fea52eaf3e25671c4b2ddd5ff4f1a10342 >> >> >> commit 2be652fea52eaf3e25671c4b2ddd5ff4f1a10342 >> Author: Paul Wouters <[email protected]> >> Date: Thu Jul 3 12:37:21 2014 -0400 >> >> kernel_alg_esp_enc_ok(): improve key size handling >> >> - If ealg is not registered, don't return "ok" (also already spotted >> by Hugh) >> - If key_len is specified, enforce some size restrictions >> (this duplicates code elsewhere and should be split off in a >> separate function) >> >> Paul > > Ok, I missed this one. > > The support and maintenance of libreswan & xl2tpd are outstanding. Thanks a > lot for the excellent work! > > Bernhard > _______________________________________________ > Swan-dev mailing list > [email protected] > https://lists.libreswan.org/mailman/listinfo/swan-dev _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
