[Swan] SHA2 support for ESP in KLIPS?

Elison Niven elison.niven at cyberoam.com
Tue Jun 25 09:15:09 EEST 2013


I never had KERNEL_ALG undefined.
This if condition never passed :

#ifdef KERNEL_ALG
     if (kernel_alg_esp_auth_ok(pi->attrs.auth, NULL)) {

So it went to the default case below.
Changing it to

if (!kernel_alg_esp_auth_ok(pi->attrs.auth, NULL)) {

worked and pluto no longer gives the assertion.
After doing this however, I still get the same error in KLIPS as 
earlier.

This patch proposed here also does the same change in ikev1_quick.c : 
https://www.openswan.org/issues/331

On Tuesday 25 June 2013 09:12:12 AM IST, Paul Wouters wrote:
> On Tue, 25 Jun 2013, David McCullough wrote:
>
>>> Looking at IKE_ALG, it seems that we always need it and the #ifdef
>>> should just be killed. The same for KERNEL_ALG too?
>>>
>>> In fact, this one even seems to have mixed up the two:
>>>
>>> #ifdef KERNEL_ALG
>>>                 alg_info_addref(IKETOINFO(c->alg_info_ike));
>>> #endif
>>>
>>>
>>> So I'd like to suggest we clean these defines up and remove them, as
>>> the
>>> code seems to be always required.
>>
>> Agreed.
>
> Done and tested with netkey and klips (though it should not have
> affected the kernel stack)
>
> Paul
> _______________________________________________
> Swan mailing list
> Swan at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan
>
>

--
Best Regards,
Elison Niven



More information about the Swan mailing list