Hi,
On Sun, Jul 03, 2016 at 11:07:27AM +0200, Ren?? Ammerlaan wrote:
> I???ve created a patch for ecdsa support in iked. Also found a bug
> in handling auth_eap, because that value is never initialised to 0. I
> also updated the dsa sign functions with the newer EVP_Digest so
> it???s aligned with the rest of the code, but it???s not required for
> ecdsa support.
>
> The ecdsa signature should contain only plain r and s, so the
> signature is converted to that format. I???ve tested compatibility
> with OSX and IOS and both seem to be working fine.
>
sorry for the delay - but thanks for your diff!
I'm resending your diff in chunks, here is the first one:
- When parsing the configuration. initialize the auth structure
correctly, as parse.y's $$ is not zero-initialized.
OK?
Reyk
Index: sbin/iked/parse.y
===================================================================
RCS file: /cvs/src/sbin/iked/parse.y,v
retrieving revision 1.55
diff -u -p -u -p -r1.55 parse.y
--- sbin/iked/parse.y 21 Jun 2016 21:35:24 -0000 1.55
+++ sbin/iked/parse.y 20 Jul 2016 11:42:12 -0000
@@ -811,15 +811,19 @@ ipcomp : /* empty */ { $$ =
0; }
ikeauth : /* empty */ {
$$.auth_method = IKEV2_AUTH_RSA_SIG;
+ $$.auth_eap = 0;
$$.auth_length = 0;
}
| RSA {
$$.auth_method = IKEV2_AUTH_RSA_SIG;
+ $$.auth_eap = 0;
$$.auth_length = 0;
}
| PSK keyspec {
memcpy(&$$, &$2, sizeof($$));
$$.auth_method = IKEV2_AUTH_SHARED_KEY_MIC;
+ $$.auth_eap = 0;
+ $$.auth_length = 0;
}
| EAP STRING {
unsigned int i;
