[prev in list] [next in list] [prev in thread] [next in thread]
List: libreswan-dev
Subject: Re: [Swan-dev] new test failures
From: Andrew Cagney <andrew.cagney () gmail ! com>
Date: 2019-02-14 19:27:04
Message-ID: CAJeAr6u5dxM3_sAE+=WX-4T6mzuckXu1BzwQzt6OvftUifqJag () mail ! gmail ! com
[Download RAW message or body]
I've pushed the following changes:
- only allow both <integ> and <prf> when impaired (this "feature" was
never announced in CHANGES)
- only show a proposals integrity when it, encryption, and PRF aren't consistent
(and the only way to do that is with --impair)
And I've parked a change so things are pretty much always ordered
<encr>-<integ>-... vis:
algparse -v2 'ike=aes_gcm-sha1-dh14'
AES_GCM_16-HMAC_SHA1-MODP2048
algparse -v2 'ike=aes_gcm-none-sha1-dh14'
AES_GCM_16-HMAC_SHA1-MODP2048
(I suspect it should print AES_GCM-none-... to)
> > so what happens now with ike=aes-sha2-sha2-dh14 ?
>
> algparse -v2 'ike=aes-sha2-sha2-dh14'
> AES_CBC-HMAC_SHA2_256-MODP2048
>
> i.e., it hides integrity HMAC_SHA2_256_128 because it was derived from the PRF.
>
> I'll change fmt_proposal() to do this more generally - provided all
> the integrity algorithms are 1:1 derived from a PRF then they are
> hidden.
>
> (I tried hacking things so <aead>-none-<prf>-... <aead>-<prf>- and
> <encr>-<integ>-... work but it gets messy)
_______________________________________________
Swan-dev mailing list
Swan-dev@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-dev
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic