| From: Andrew Cagney <[email protected]>
| On 5 January 2016 at 18:29, Paul Wouters <[email protected]> wrote:
| > void get_cookie(bool initiator, u_int8_t *cookie, int length,
| > const ip_address *addr)
| > {
| > u_char buffer[SHA1_DIGEST_SIZE];
| > SHA1_CTX ctx;
| >
| > do {
| > if (initiator) {
| > get_rnd_bytes(cookie, length);
| > } else {
| > /* Responder cookie */
| > /* This looks as good as any way */
| > size_t addr_length;
| > static u_int32_t counter = 0;
| > unsigned char addr_buff[
| > sizeof(union { struct in_addr A;
| > struct in6_addr B;
| > })];
| >
| > addr_length =
| > addrbytesof(addr, addr_buff,
| > sizeof(addr_buff));
| > SHA1Init(&ctx);
| > SHA1Update(&ctx, addr_buff, addr_length);
| > SHA1Update(&ctx, secret_of_the_day,
| > sizeof(secret_of_the_day));
| > counter++;
| > SHA1Update(&ctx, (const void *) &counter,
| > sizeof(counter));
| > SHA1Final(buffer, &ctx);
| > memcpy(cookie, buffer, length);
| > }
| > } while (is_zero_cookie(cookie)); /* probably never loops */
| > }
|
| It seems to be feeding SHA1 crud found on the stack?
I'm not seeing that. Could you be more specific?
_______________________________________________
Swan-dev mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-dev
