Project

General

Profile

Actions

Regression #11524

closed

Using SHA1 or SHA256 with AES-NI may fail if AES-NI attempts to accelerate hashing

Added by Jim Pingle 11 months ago. Updated 7 months ago.

Status:
Closed
Priority:
Very High
Assignee:
Category:
Hardware / Drivers
Target version:
Start date:
02/24/2021
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
21.05
Release Notes:
Default
Affected Version:
2.5.0
Affected Architecture:
All

Description

Based on at least one report, it appears AES-NI on Plus 21.02/2.5.0 has an issue with SHA-256 and some clients, notably Android and Apple clients.

https://forum.netgate.com/topic/161268/ipsec-tunnels-using-sha256-may-not-connect

If the tunnel is switched to a different hash or if AES-NI is disabled, the problems do not occur. There is no problem when using other accelerators such as QAT, only AES-NI appears to be affected.

Per Mark J the AES-NI driver in Plus 21.02/2.5.0 now supports accelerating SHA, so it's possible there is a difference in the implementation of SHA-256 in AES-NI than in the OS.

Historically there were differences with SHA-256 on FreeBSD which could lead to similar problems. It was standardized on the RFC 4868 implementation about 10 years ago (ref: http://lists.freebsd.org/pipermail/svn-src-head/2011-February/025040.html )


Files

disable-sha.patch (474 Bytes) disable-sha.patch Jan de Groot, 04/16/2021 01:46 PM
Actions

Also available in: Atom PDF