Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 305940 Details for
Bug 439771
[IPv6-DoD] openswan and strongswan fail to interoperate with IKEv2
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
Use the correct algorithm for ID hashing
openswan-ike-prf-integ-mixup.patch (text/plain), 3.90 KB, created by
Herbert Xu
on 2008-05-19 13:22:15 UTC
(
hide
)
Description:
Use the correct algorithm for ID hashing
Filename:
MIME Type:
Creator:
Herbert Xu
Created:
2008-05-19 13:22:15 UTC
Size:
3.90 KB
patch
obsolete
>Only in openswan-2.6.12: OBJ.linux.x86_64 >Only in openswan-2.6.12/programs/pluto: core >diff -ur openswan-2.6.12.orig/programs/pluto/crypt_start_dh.c openswan-2.6.12/programs/pluto/crypt_start_dh.c >--- openswan-2.6.12.orig/programs/pluto/crypt_start_dh.c 2008-04-22 11:55:38.000000000 +0800 >+++ openswan-2.6.12/programs/pluto/crypt_start_dh.c 2008-05-19 20:00:11.000000000 +0800 >@@ -262,8 +262,8 @@ > > DBG(DBG_CONTROLMORE > , DBG_log("calculating skeyseed using prf=%s integ=%s cipherkey=%s" >- , enum_name(&trans_type_prf_names, st->st_oakley.integ_hash) >- , enum_name(&trans_type_integ_names, st->st_oakley.prf_hash) >+ , enum_name(&trans_type_prf_names, st->st_oakley.prf_hash) >+ , enum_name(&trans_type_integ_names, st->st_oakley.integ_hash) > , enum_name(&trans_type_encr_names, st->st_oakley.encrypt))); > > /* convert appropriate data to dhq */ >diff -ur openswan-2.6.12.orig/programs/pluto/ikev2_parent.c openswan-2.6.12/programs/pluto/ikev2_parent.c >--- openswan-2.6.12.orig/programs/pluto/ikev2_parent.c 2008-04-22 11:55:38.000000000 +0800 >+++ openswan-2.6.12/programs/pluto/ikev2_parent.c 2008-05-19 21:01:39.000000000 +0800 >@@ -1272,8 +1272,7 @@ > unsigned char *id_start; > unsigned int id_len; > >- /* XXX probably should be prf_hasher, not integ_hasher */ >- hmac_init_chunk(&id_ctx, pst->st_oakley.integ_hasher, pst->st_skey_pi); >+ hmac_init_chunk(&id_ctx, pst->st_oakley.prf_hasher, pst->st_skey_pi); > build_id_payload((struct isakmp_ipsec_id *)&r_id, &id_b, &c->spd.this); > r_id.isai_critical = ISAKMP_PAYLOAD_CRITICAL; > { /* decide to send CERT payload */ >@@ -1303,7 +1302,7 @@ > DBG(DBG_CRYPT, DBG_dump_chunk("idhash calc pi", pst->st_skey_pi)); > DBG(DBG_CRYPT, DBG_dump("idhash calc I2", id_start, id_len)); > hmac_update(&id_ctx, id_start, id_len); >- idhash = alloca(pst->st_oakley.integ_hasher->hash_digest_len); >+ idhash = alloca(pst->st_oakley.prf_hasher->hash_digest_len); > hmac_final(idhash, &id_ctx); > } > >@@ -1526,13 +1525,13 @@ > unsigned char *idstart=id_pbs->start + 4; > unsigned int idlen =pbs_room(id_pbs)-4; > >- hmac_init_chunk(&id_ctx, st->st_oakley.integ_hasher, st->st_skey_pi); >+ hmac_init_chunk(&id_ctx, st->st_oakley.prf_hasher, st->st_skey_pi); > > /* calculate hash of IDi for AUTH below */ > DBG(DBG_CRYPT, DBG_dump_chunk("idhash verify pi", st->st_skey_pi)); > DBG(DBG_CRYPT, DBG_dump("idhash verify I2", idstart, idlen)); > hmac_update(&id_ctx, idstart, idlen); >- idhash_in = alloca(st->st_oakley.integ_hasher->hash_digest_len); >+ idhash_in = alloca(st->st_oakley.prf_hasher->hash_digest_len); > hmac_final(idhash_in, &id_ctx); > } > >@@ -1666,7 +1665,7 @@ > unsigned char *id_start; > unsigned int id_len; > >- hmac_init_chunk(&id_ctx, st->st_oakley.integ_hasher >+ hmac_init_chunk(&id_ctx, st->st_oakley.prf_hasher > , st->st_skey_pr); > build_id_payload((struct isakmp_ipsec_id *)&r_id, &id_b, > &c->spd.this); >@@ -1694,7 +1693,7 @@ > DBG(DBG_CRYPT, DBG_dump_chunk("idhash calc pr", st->st_skey_pr)); > DBG(DBG_CRYPT, DBG_dump("idhash calc R2",id_start, id_len)); > hmac_update(&id_ctx, id_start, id_len); >- idhash_out = alloca(st->st_oakley.integ_hasher->hash_digest_len); >+ idhash_out = alloca(st->st_oakley.prf_hasher->hash_digest_len); > hmac_final(idhash_out, &id_ctx); > } > >@@ -1828,13 +1827,13 @@ > unsigned char *idstart=id_pbs->start + 4; > unsigned int idlen =pbs_room(id_pbs)-4; > >- hmac_init_chunk(&id_ctx, pst->st_oakley.integ_hasher, pst->st_skey_pr); >+ hmac_init_chunk(&id_ctx, pst->st_oakley.prf_hasher, pst->st_skey_pr); > > /* calculate hash of IDr for AUTH below */ > DBG(DBG_CRYPT, DBG_dump_chunk("idhash verify pr", pst->st_skey_pr)); > DBG(DBG_CRYPT, DBG_dump("idhash auth R2", idstart, idlen)); > hmac_update(&id_ctx, idstart, idlen); >- idhash_in = alloca(pst->st_oakley.integ_hasher->hash_digest_len); >+ idhash_in = alloca(pst->st_oakley.prf_hasher->hash_digest_len); > hmac_final(idhash_in, &id_ctx); > } >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 439771
:
299701
|
299702
|
299703
|
299704
|
299705
|
299706
|
300892
|
303405
|
303894
|
303895
|
303896
|
303963
|
303964
|
304445
|
305744
|
305745
| 305940