[Openswan Users] Problems with openswan-1.0.6 aggressive mode!?
Ken Bantoft
ken at xelerance.com
Fri Jul 16 16:11:23 CEST 2004
Thanks for the patch!
Have you tried non-aggressive mode connections with your patch applied?
Just curious before I merge the changes in - don't want to break other
types of connections.
On Fri, 16 Jul 2004, Tsukasa Kanazawa wrote:
> I tried connection by agg-mode between (openswan-1.0.6) and (super-freeswan -1.99.8).
> The following error messages are outputted by responder.
>
> The value is not contained in last Phase 1 IV:!?
>
> I analyzed the source code and discovered the small bug.
> Although it is changed in main-mode so that (last-phase1-IV) may be stored in (st->st_phase1_iv),
> it is not performed in aggressive-mode.
>
> I applied following patch to ipsec_doi.c.
>
> --- ipsec_doi.c.orig 2004-04-04 01:48:10.000000000 +0900
> +++ ipsec_doi.c 2004-07-16 11:07:12.000000000 +0900
> @@ -2057,13 +2057,13 @@
> union hash_ctx ctx;
>
> DBG_cond_dump(DBG_CRYPT, "last Phase 1 IV:"
> - , st->st_ph1_iv, st->st_ph1_iv_len);
> + , st->st_iv, st->st_iv_len);
>
> st->st_new_iv_len = h->hash_digest_size;
> passert(st->st_new_iv_len <= sizeof(st->st_new_iv));
>
> h->hash_init(&ctx);
> - h->hash_update(&ctx, st->st_ph1_iv, st->st_ph1_iv_len);
> + h->hash_update(&ctx, st->st_iv, st->st_iv_len);
> passert(*msgid != 0);
> h->hash_update(&ctx, (const u_char *)msgid, sizeof(*msgid));
> h->hash_final(st->st_new_iv, &ctx);
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.openswan.org
> http://lists.openswan.org/mailman/listinfo/users
>
--
Ken Bantoft VP Business Development
ken at xelerance.com Xelerance Corporation
sip://toronto.xelerance.com http://www.xelerance.com
More information about the Users
mailing list