[prev in list] [next in list] [prev in thread] [next in thread]
List: openswan-dev
Subject: Re: [Openswan dev] OpenSwan 2.6.22 bug when parsing modp specs in
From: Diego Rivera <diego.rivera () rbxglobal ! com>
Date: 2009-08-11 2:00:20
Message-ID: 4A80D0B4.9040908 () rbxglobal ! com
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
[Attachment #4 (text/html)]
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Ooops... it seems I spoke too soon - this patch didn't address the
problem.<br>
<br>
Diego Rivera wrote:
<blockquote cite="mid:4A80A2A6.5030101@rbxglobal.com" type="cite">
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
More info - it seems that the problem is only when parsing ike=
directives. Strangely enough, when it complains, it refers to "esp"
parsing which clearly isn't the case. The ";" syntax is accepted in
ESP. Sadly, it needs to be added for IKE as well. I did find one part
of the code where the parser context's modp_getbyname wasn't being
appropriately assigned. I've come up with this one-liner patch to fix
that.<br>
<br>
Since at this point I don't know how the parser machine works (haven't
taken the time to study it), I'll leave it to you guys to figure out if
this is correct.<br>
<br>
diff -ruN openswan-2.6.22.orig/lib/libopenswan/alg_info.c
openswan-2.6.22/lib/libopenswan/alg_info.c<br>
--- openswan-2.6.22.orig/lib/libopenswan/alg_info.c 2009-06-22
20:53:08.000000000 -0600<br>
+++ openswan-2.6.22/lib/libopenswan/alg_info.c 2009-08-10
16:37:00.000000000 -0600<br>
@@ -563,6 +563,7 @@<br>
<br>
p_ctx->ealg_getbyname=ealg_getbyname_esp;<br>
p_ctx->aalg_getbyname=aalg_getbyname_esp;<br>
+ p_ctx->modp_getbyname=modp_getbyname_esp;<br>
<br>
}<br>
<br>
<br>
Diego Rivera wrote:
<blockquote cite="mid:4A80A015.9040200@rbxglobal.com" type="cite">When
using configurations such as:<br>
<br>
ike=3des-sha1;modp1024<br>
esp=3des-sha1;modp1024<br>
<br>
The parser always fails in ST_AA with "Non alphanum or valid separator
found in auth string" ($/lib/libopenswan/alg_info.c:482). It seems the
upper level parser machine isn't accepting the use of ';' as a valid
character in the algorithm specifier. When using an alternate syntax
suggested by Paul Wouters similar to "3des-sha1-modp1024", the error is
"Non initial digit found for auth keylen" (state ST_AA_END, same file,
line 496).<br>
<br>
Please advise if there is a workaround or if code will need to be
changed in order to ensure that specific configurations limit their
proposals (i.e. one particular config I need to limit to a single
proposal, using a specific algorithm-hash-modp combo).<br>
<br>
Thanks.<br>
<br>
<div class="moz-signature">-- <br>
<style type="text/css">
p { margin: 0; }
</style>
<div
style="font-family: Arial; font-size: 10pt; color: rgb(0, 0, 0);"><font
size="1"> Diego Rivera<br>
Director / System Operations<br>
Roundbox Global : <span
style="font-style: italic; color: rgb(102, 102, 102);">enterprise :
technology : genius</span><br>
------------------------------------------------------------------------------------------------------------------<br>
Avenida 11 y Calle 7-9, Barrio Amón, San José, Costa Rica<br>
tel: +1 (404) 567-5000 ext. 2147 | cel: +(506) 8393-0772 | fax: +(506)
2258-3695<br>
email: <a moz-do-not-send="true"
href="mailto:diego.rivera@rbxglobal.com">diego.rivera@rbxglobal.com</a>
> <a moz-do-not-send="true" href="http://www.rbxglobal.com">www.rbxglobal.com</a><br>
------------------------------------------------------------------------------------------------------------------<br>
</font> </div>
</div>
</blockquote>
<br>
<div class="moz-signature">-- <br>
<style type="text/css">
p { margin: 0; }
</style>
<div style="font-family: Arial; font-size: 10pt; color: rgb(0, 0, 0);"><font
size="1"> Diego Rivera<br>
Director / System Operations<br>
Roundbox Global : <span
style="font-style: italic; color: rgb(102, 102, 102);">enterprise :
technology : genius</span><br>
------------------------------------------------------------------------------------------------------------------<br>
Avenida 11 y Calle 7-9, Barrio Amón, San José, Costa Rica<br>
tel: +1 (404) 567-5000 ext. 2147 | cel: +(506) 8393-0772 | fax: +(506)
2258-3695<br>
email: <a moz-do-not-send="true"
href="mailto:diego.rivera@rbxglobal.com">diego.rivera@rbxglobal.com</a>
> <a moz-do-not-send="true" href="http://www.rbxglobal.com">www.rbxglobal.com</a><br>
------------------------------------------------------------------------------------------------------------------<br>
</font> </div>
</div>
<pre wrap="">
<hr size="4" width="90%">
_______________________________________________
Dev mailing list
<a class="moz-txt-link-abbreviated" \
href="mailto:Dev@openswan.org">Dev@openswan.org</a> <a class="moz-txt-link-freetext" \
href="http://lists.openswan.org/mailman/listinfo/dev">http://lists.openswan.org/mailman/listinfo/dev</a>
</pre>
</blockquote>
<br>
<div class="moz-signature">-- <br>
<style type="text/css">
p { margin: 0; }
</style>
<div style="font-family: Arial; font-size: 10pt; color: rgb(0, 0, 0);">
<font size="1"> Diego Rivera<br>
Director / System Operations<br>
Roundbox Global : <span
style="font-style: italic; color: rgb(102, 102, 102);">enterprise :
technology : genius</span><br>
------------------------------------------------------------------------------------------------------------------<br>
Avenida 11 y Calle 7-9, Barrio Amón, San José, Costa Rica<br>
tel: +1 (404) 567-5000 ext. 2147 | cel: +(506) 8393-0772 | fax: +(506)
2258-3695<br>
email: <a href="mailto:diego.rivera@rbxglobal.com">diego.rivera@rbxglobal.com</a>
> <a href="http://www.rbxglobal.com">www.rbxglobal.com</a><br>
------------------------------------------------------------------------------------------------------------------<br>
</font> </div>
</div>
</body>
</html>
["signature.asc" (application/pgp-signature)]
_______________________________________________
Dev mailing list
Dev@openswan.org
http://lists.openswan.org/mailman/listinfo/dev
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic