[Openswan dev] assertion failed with AES and no keylen
Ken Bantoft
ken at xelerance.com
Fri May 14 14:03:43 CEST 2004
Thanks, Mathieu, I've merged this into 1.x, so it will be in 1.04 final.
On Fri, 14 May 2004, Mathieu Lafon wrote:
> There is a failed assertion in kernel.c when the other peer want to use
> AES but has not sent the KEY_LENGTH attribute :
>
> #3: responding to Quick Mode
> | kernel_alg_esp_enc_keylen():alg_id=12, keylen=16
> | keymat_len=32 key_len=32 authkeylen=16
> #3: ASSERTION FAILED at kernel.c:2301: st->st_esp.keymat_len == key_len
> + ei->authkeylen
>
> This has been detected during interoperability tests with Bewan LanBooster
> 6104xg.
>
> In that case, AES-128 should be used (see kernel_alg.c for comments on
> that)
> but we want enough keying material for a 256b key.
>
> Proposed patch (Openswan-1) :
>
> diff -u -r1.3 kernel.c
> --- openswan/pluto/kernel.c 4 May 2004 12:51:24 -0000 1.3
> +++ openswan/pluto/kernel.c 14 May 2004 09:54:14 -0000
> @@ -2280,8 +2280,12 @@
> (int)key_len, (int)ei->enckeylen);
> goto fail;
> }
> - } else {
> + } else {
> +#ifndef NO_KERNEL_ALG
> + key_len =
> kernel_alg_esp_enc_keylen(st->st_esp.attrs.transid);
> +#else
> key_len = ei->enckeylen;
> +#endif
> }
> /* Grrrrr.... f*cking 7 bits jurassic algos */
>
>
>
--
Ken Bantoft VP Business Development
ken at xelerance.com Xelerance Corporation
sip://toronto.xelerance.com http://www.xelerance.com
The future is here. It's just not evenly distributed yet.
-- William Gibson
More information about the Dev
mailing list