You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
At least with openssl3 the esp decryption code (esp.c) appears to not expect padding and so fails to decrypt the last segment. I learned that can be fixed by setting up the context to expect padding, e.g by calling
EVP_CIPHER_CTX_set_padding(ctx, 0);
after context initialization.
Also needed to remove this line:
/* http://www.mail-archive.com/[email protected]/msg23435.html */
packet_size +=EVP_CIPHER_CTX_block_size(ctx);
I couldn't track down the source of this, and it broke the correct packet_size.
One more thing: for some reason the procedure only updates out_pkthdr->len, but not out_pkthdr->caplen.
attaching the changes I did. Works for me. esp.patch
The text was updated successfully, but these errors were encountered:
At least with openssl3 the esp decryption code (esp.c) appears to not expect padding and so fails to decrypt the last segment. I learned that can be fixed by setting up the context to expect padding, e.g by calling
EVP_CIPHER_CTX_set_padding(ctx, 0);
after context initialization.
Also needed to remove this line:
/* http://www.mail-archive.com/[email protected]/msg23435.html */
packet_size +=EVP_CIPHER_CTX_block_size(ctx);
I couldn't track down the source of this, and it broke the correct packet_size.
One more thing: for some reason the procedure only updates out_pkthdr->len, but not out_pkthdr->caplen.
attaching the changes I did. Works for me.
esp.patch
The text was updated successfully, but these errors were encountered: