Hello *,
while debugging some broken IPsec connections, I stumbled across these log lines:
Mar 7 09:55:52 maverick kernel: alg: No test for seqiv(rfc4106(gcm(aes))) (seqiv(rfc4106-gcm-aesni)) Mar 7 09:56:14 maverick kernel: alg: No test for seqiv(rfc7539esp(chacha20,poly1305)) (seqiv(rfc7539esp(chacha20-simd,poly1305-simd)))
Is this something we should care about?
Thanks, and best regards, Peter Müller
Hi,
These are always showing because we have support for these tests disabled in the kernel.
I have no idea why we should enable them. If crypto was broken, users would notice very quickly.
You can submit a patch to enable this in the kernel. Please verify before, obvs.
-Michael
On 7 Mar 2020, at 09:18, Peter Müller peter.mueller@ipfire.org wrote:
Hello *,
while debugging some broken IPsec connections, I stumbled across these log lines:
Mar 7 09:55:52 maverick kernel: alg: No test for seqiv(rfc4106(gcm(aes))) (seqiv(rfc4106-gcm-aesni)) Mar 7 09:56:14 maverick kernel: alg: No test for seqiv(rfc7539esp(chacha20,poly1305)) (seqiv(rfc7539esp(chacha20-simd,poly1305-simd)))
Is this something we should care about?
Thanks, and best regards, Peter Müller
-
Michael Tremer -
Peter Müller