[Openswan Users] Problems with openswan-1.0.6 aggressive mode!?

Ken Bantoft ken at xelerance.com
Fri Jul 16 16:11:23 CEST 2004


Thanks for the patch!

Have you tried non-aggressive mode connections with your patch applied?  
Just curious before I merge the changes in - don't want to break other 
types of connections.


On Fri, 16 Jul 2004, Tsukasa Kanazawa wrote:

> I tried connection by agg-mode between (openswan-1.0.6) and (super-freeswan -1.99.8).
> The following error messages are outputted by responder.
> 
> The value is not contained in last Phase 1 IV:!?
> 
> I analyzed the source code and discovered the small bug.
> Although it is changed in main-mode so that (last-phase1-IV) may be stored in (st->st_phase1_iv), 
> it is not performed in aggressive-mode.
> 
> I applied following patch to ipsec_doi.c.
> 
> --- ipsec_doi.c.orig	2004-04-04 01:48:10.000000000 +0900
> +++ ipsec_doi.c	2004-07-16 11:07:12.000000000 +0900
> @@ -2057,13 +2057,13 @@
>      union hash_ctx ctx;
>  
>      DBG_cond_dump(DBG_CRYPT, "last Phase 1 IV:"
> -	, st->st_ph1_iv, st->st_ph1_iv_len);
> +	, st->st_iv, st->st_iv_len);
>  
>      st->st_new_iv_len = h->hash_digest_size;
>      passert(st->st_new_iv_len <= sizeof(st->st_new_iv));
>  
>      h->hash_init(&ctx);
> -    h->hash_update(&ctx, st->st_ph1_iv, st->st_ph1_iv_len);
> +    h->hash_update(&ctx, st->st_iv, st->st_iv_len);
>      passert(*msgid != 0);
>      h->hash_update(&ctx, (const u_char *)msgid, sizeof(*msgid));
>      h->hash_final(st->st_new_iv, &ctx);
> 
> 
> 
> _______________________________________________
> Users mailing list
> Users at lists.openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> 

-- 
Ken Bantoft			VP Business Development
ken at xelerance.com		Xelerance Corporation
sip://toronto.xelerance.com	http://www.xelerance.com



More information about the Users mailing list