On amd64: # ./isakmpd -d -DA=80 2>&1 |grep -A15 KE_NONCE 014147.212770 Negt 80 ike_phase_1_post_exchange_KE_NONCE: g^xy: 014147.212845 Negt 80 3566c7dc adeac30a 7690c318 8a974fea a97f59d4 391c3e51 32dab30e 863ef192 014147.212972 Negt 80 711d7920 2f702636 4312a76b b0ed881e eb9b2cc1 a793145a a679905f bdd84176 014147.212998 Negt 80 2b980c74 d22b9f12 572554ac 8898036e ebdb1a3c efb056f6 ac3108e1 cc9b0262 014147.213062 Negt 80 ab693ccb b9a0c931 8b741fb3 6d341382 8575647a af929c5a f09c5d72 759fa5e7 014147.213080 Negt 10 MATS pre_shared_gen_skeyid: START 014147.213136 Negt 10 MATS ike_auth_get_key: 6FS6o7d5247hnb7M7kW 014147.213168 Cryp 60 hash_get: requested algorithm 1 014147.213229 Negt 10 MATS pre_shared_gen_skeyid: nonce_i: 014147.213251 Negt 10 fb40c23d fa26a01b aadea179 3ac3c675 014147.213274 Negt 10 MATS pre_shared_gen_skeyid: nonce_r: 014147.213333 Negt 10 fb85e612 29a5c670 d1ed0e52 e63f4a37 014147.213356 Negt 10 MATS pre_shared_gen_skeyid: skeyid: 014147.213406 Negt 10 52e3f141 9b0205c0 4ae4be28 37326748 6fe521be 014147.213469 Negt 80 ike_phase_1_post_exchange_KE_NONCE: SKEYID: 014147.213492 Negt 80 52e3f141 9b0205c0 4ae4be28 37326748 6fe521be 014147.213525 Cryp 60 hash_get: requested algorithm 1 014147.213591 Negt 80 ike_phase_1_post_exchange_KE_NONCE: SKEYID_d: 014147.213613 Negt 80 c872f31e c146f14d 64875361 d38b2220 1b974bf9 014147.213664 Negt 80 ike_phase_1_post_exchange_KE_NONCE: SKEYID_a: 014147.213686 Negt 80 349538c6 8e462dce 1ec2f7fc 8310ee0a 36a397bd 014147.213739 Negt 80 ike_phase_1_post_exchange_KE_NONCE: SKEYID_e: 014147.213761 Negt 80 51183104 f7d9bc30 491a5900 815dba10 5af8408c 014147.213804 Cryp 60 hash_get: requested algorithm 1 014147.213841 Cryp 40 crypto_init: key: 014147.213891 Cryp 40 9eb4addc 94957d07 594c1316 ba406618 1a644f82 fba7ffd1 On i386: # ./isakmpd -d -DA=80 2>&1 |grep -A15 KE_NONCE 014147.238275 Negt 80 ike_phase_1_post_exchange_KE_NONCE: g^xy: 014147.238294 Negt 80 3566c7dc adeac30a 7690c318 8a974fea a97f59d4 391c3e51 32dab30e 863ef192 014147.238310 Negt 80 711d7920 2f702636 4312a76b b0ed881e eb9b2cc1 a793145a a679905f bdd84176 014147.238325 Negt 80 2b980c74 d22b9f12 572554ac 8898036e ebdb1a3c efb056f6 ac3108e1 cc9b0262 014147.238340 Negt 80 ab693ccb b9a0c931 8b741fb3 6d341382 8575647a af929c5a f09c5d72 759fa5e7 014147.238347 Negt 10 MATS pre_shared_gen_skeyid: START 014147.238357 Negt 10 MATS ike_auth_get_key: 6FS6o7d5247hnb7M7kW 014147.238400 Cryp 60 hash_get: requested algorithm 1 014147.238426 Negt 10 MATS pre_shared_gen_skeyid: nonce_i: 014147.238450 Negt 10 fb40c23d fa26a01b aadea179 3ac3c675 014147.238471 Negt 10 MATS pre_shared_gen_skeyid: nonce_r: 014147.238495 Negt 10 fb85e612 29a5c670 d1ed0e52 e63f4a37 014147.238523 Negt 10 MATS pre_shared_gen_skeyid: skeyid: 014147.238548 Negt 10 e59dd4eb 82e00e75 25a7a039 f74a2b73 bb60d0eb 014147.238569 Negt 80 ike_phase_1_post_exchange_KE_NONCE: SKEYID: 014147.238597 Negt 80 e59dd4eb 82e00e75 25a7a039 f74a2b73 bb60d0eb 014147.238619 Cryp 60 hash_get: requested algorithm 1 014147.238662 Negt 80 ike_phase_1_post_exchange_KE_NONCE: SKEYID_d: 014147.238675 Negt 80 b1c85da3 3e5cd92e 3b7093a1 3a49745d 332c970e 014147.238693 Negt 80 ike_phase_1_post_exchange_KE_NONCE: SKEYID_a: 014147.238723 Negt 80 2eb16c4a e63f6384 83a15eb8 0b88b467 c2f9744f 014147.238753 Negt 80 ike_phase_1_post_exchange_KE_NONCE: SKEYID_e: 014147.238790 Negt 80 d7837776 59a3b7e3 0a02a811 c5e2f80d 1bde3e1e 014147.238810 Cryp 60 hash_get: requested algorithm 1 014147.238850 Cryp 40 crypto_init: key: 014147.238876 Cryp 40 348ecbdc 4b3e14f6 8bc0c5a7 954b422b 4484fa60 9b121d7f (the messages marked with MATS was added by me for debugging...) The result is that the keys doesn't match... The bug is that SHA1 and MD5 hash alg. that is included in isakmpd source does not work on amd64 (probably also affects other 64-bit archs). How-To-Repeat: Configure a VPN with pre-shared keys between a amd64 host and a i386 host.
Responsible Changed From-To: freebsd-ports-bugs->simon Over to maintainer
Responsible Changed From-To: simon->freebsd-ports-bugs Return to the pool since I doubt I will get around to working on this any time soon. Basically the idea of the patch seems correct, but it needs more work to actually compile (and the real fix is to upgrade to a non-ancient isakmpd snapshot and just use base system versions of said functions instead of compat versions included with isakmpd).
Responsible Changed From-To: freebsd-ports-bugs->alepulver I'll take it.
alepulver 2007-09-29 22:12:20 UTC FreeBSD ports repository Modified files: security/isakmpd Makefile security/isakmpd/files patch-Makefile.sysdep Added files: security/isakmpd/files patch-sysdep-common-libsysdep-sha1.c patch-sysdep-common-md5.h patch-sysdep-common-sha1.h Log: - Make it work on 64-bit systems. - Avoid the build failing when OpenSSL is installed as a port too. PR: ports/94921 Submitted by: Mats Palmgren <mats.palmgren@bredband.net> Revision Changes Path 1.30 +5 -1 ports/security/isakmpd/Makefile 1.5 +8 -7 ports/security/isakmpd/files/patch-Makefile.sysdep 1.1 +67 -0 ports/security/isakmpd/files/patch-sysdep-common-libsysdep-sha1.c (new) 1.1 +32 -0 ports/security/isakmpd/files/patch-sysdep-common-md5.h (new) 1.1 +26 -0 ports/security/isakmpd/files/patch-sysdep-common-sha1.h (new) _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
State Changed From-To: open->closed Committed. Thanks!