[strongSwan-dev] TLS negotiation failing on power pc 64

Avesh Agarwal avesh.ncsu at gmail.com
Thu Jan 8 15:10:37 CET 2015


Hi Martin,

Thanks. I will test the patch but I am not sure whether it can solve the
issue. Because in tls.c, while building records, the value of type should
be set to 0 in every invocation in the while loop which is not happening.
If type is not reset to 0, it will retain its previous value, and will
cause erroneous (*type == ) to be true later leading to failed negotiation.
ppc64 being a stricter architecture caught this whereas x86/64 did not.

Anyway, I will test your patch and let you know.
Thanks
Avesh


On Thu, Jan 8, 2015 at 5:19 AM, Martin Willi <martin at strongswan.org> wrote:

> Hi Avesh,
>
> > It turns out that unintialization of record type in the while loop during
> > building of TLS records in tls.c is wreaking havoc on ppc64. I have come
> up
> > with a preliminary patch for upstream review
>
> Thanks for your in-depth analysis and your patch. There is definitely a
> bug while building those records.
>
> I've tried to address this in a slightly different way. The upper layers
> return NEED_MORE if any record has been created. So we actually should
> check for that return type before querying the type output parameter.
>
> Please try the attached patch; I don't have a PPC64 architecture at
> hand, so your feedback is much appreciated.
>
> Regards
> Martin
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20150108/c2ceae26/attachment.html>


More information about the Dev mailing list