Menu
▾
▴
Re: [Ipsec-tools-devel] Crypto interoperability problems
|
From: Ganesan R. <rga...@us...> - 2005-04-05 10:53:19
|
>>>>> "VANHULLEBUS" == VANHULLEBUS Yvan <va...@fr...> writes: > I just have another situation which confirms that we have crypto > problems, at least with DES, and maybe also with 3DES and/or DH group > 5. > Various people (including myself) already had some strange failed > negociations with other implementations (including KAME's racoon), > which were solved by replacing DES with another algorithm on both > ends. We encountered encountered a similar problem with some other software using OpenSSL APIs. It turned out that the problem is a bug in padding with the OpenSSL EVP APIs. Padding is turned on by default in the EVP APIs and the padding is added even if the block is already aligned. This was not a problem with the older APIs that racoon is using. The work around is to turn off padding at cipher init time. Ganesan -- Ganesan Rajagopal (rganesan at debian.org) | GPG Key: 1024D/5D8C12EA Web: http://employees.org/~rganesan | http://rganesan.blogspot.com |