Hi,
I have just found out, that recent openssl 1.0.2 commit
929b0d70c19f60227f89fac63f22a21f21950823
breaks hmac when using openssl plugin for hmac functions (well, at least
strongswan hmac prf sha256 self
tests fail). If I remove the lines (in openssl crypto/hmac/hmac.c)
110
Hi Luka,
I have just found out, that recent openssl 1.0.2 commit
929b0d70c19f60227f89fac63f22a21f21950823
breaks hmac when using openssl plugin for hmac functions
This commit prevents the pre-initialization with an empty key we use to
avoid any non-initialized use of HMAC_Update(). Most
Please let me know if there is a fix for openssl since changing the
load order of plugin is not recommended.
If you are using OpenSSL 1.0.2a, you might try the strongSwan fix
provided at [1].
Regards
Martin
[1]http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=openssl-hmac
]
-Original Message-
From: Andreas Steffen [mailto:andreas.stef...@strongswan.org]
Sent: Friday, March 27, 2015 5:01 PM
To: Ko, HsuenJu; users@lists.strongswan.org
Subject: Re: [strongSwan] failure with ike using sha2
Hi Bettina,
are you sure that you loaded the sha2 plugin because the HMAC
, HsuenJu
Cc: users@lists.strongswan.org
Subject: Re: [strongSwan] failure with ike using sha2
Please let me know if there is a fix for openssl since changing the
load order of plugin is not recommended.
If you are using OpenSSL 1.0.2a, you might try the strongSwan fix provided at
[1
Hi ,
I got error of key derivation failed when I configured ike using sha2. I
don't have problem with md5 or sha1. And I am using strongswan 5.1.1. Here is
the corresponding log. Can someone tell me what I did wrong or is this a bug?
Thanks!
Bettina
ike=aes128-sha256-modp2048!
Mar 27
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hello,
That sounds like the plugin that provides those algorithms is broken.
You can try to work around that by making charon
load another plugin, which provides the PRF algorithms for those
signature algorithms, before the one you are using right
Hi Noel,
Thank you for the help. I will give it a try.
Bettina
-Original Message-
From: Noel Kuntze [mailto:n...@familie-kuntze.de]
Sent: Friday, March 27, 2015 12:36 PM
To: Ko, HsuenJu; users@lists.strongswan.org
Subject: Re: [strongSwan] failure with ike using sha2
-BEGIN PGP
Subject: Re: [strongSwan] failure with ike using sha2
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hello Bettina,
First, you have to find out what plugin currently provides those algorithms.
Do that by examining the list of loaded plugins in the output of ipsec
statusall.
On my box, sha1 and sha2
: Re: [strongSwan] failure with ike using sha2
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hello,
That sounds like the plugin that provides those algorithms is broken.
You can try to work around that by making charon load another plugin, which
provides the PRF algorithms for those signature
Hi Bettina,
are you sure that you loaded the sha2 plugin because the HMAC-SHA2
algorithms for the prf_plus seem to fail. ipsec statusall should list
the sha2 plugin.
Regards
Andreas
On 03/27/2015 04:05 PM, Ko, HsuenJu wrote:
Hi ,
I got error of “key derivation failed” when I configured ike
11 matches
Mail list logo
