Feature #1064
Updated by Tobias Brunner about 10 years ago
While trying to get AES128 I saw:
<pre>
received proposals: ESP:AES_CBC_256/HMAC_SHA1_96/MODP_1024/NO_EXT_SEQ, ESP:AES_CBC_192/HMAC_SHA1_96/MODP_1024/NO_EXT_SEQ, ESP:AES_CBC/HMAC_SHA1_96/MODP_1024/NO_EXT_SEQ, ...
configured proposals: ESP:AES_CBC_128/HMAC_SHA1_96/MODP_1024/NO_EXT_SEQ, ESP:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/BLOWFISH_CBC_256/HMAC_SHA1_96/AES_XCBC_96...
no matching proposal found, sending NO_PROPOSAL_CHOSEN
</pre>
So I debugged and found FritzBox was sending key size 0 (meaning AES128?)
So I patched proposal.c from
<pre>
if (alg1 == alg2 && ks1 == ks2)
</pre>
to
<pre>
if (alg1 == alg2 && (ks1 == ks2 || ks1==128 && ks2==0))
</pre>
and it worked.
Is FritzBox sending 0 for 128 and is this compliant?
Thank you!
Daniel
<pre>
received proposals: ESP:AES_CBC_256/HMAC_SHA1_96/MODP_1024/NO_EXT_SEQ, ESP:AES_CBC_192/HMAC_SHA1_96/MODP_1024/NO_EXT_SEQ, ESP:AES_CBC/HMAC_SHA1_96/MODP_1024/NO_EXT_SEQ, ...
configured proposals: ESP:AES_CBC_128/HMAC_SHA1_96/MODP_1024/NO_EXT_SEQ, ESP:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/BLOWFISH_CBC_256/HMAC_SHA1_96/AES_XCBC_96...
no matching proposal found, sending NO_PROPOSAL_CHOSEN
</pre>
So I debugged and found FritzBox was sending key size 0 (meaning AES128?)
So I patched proposal.c from
<pre>
if (alg1 == alg2 && ks1 == ks2)
</pre>
to
<pre>
if (alg1 == alg2 && (ks1 == ks2 || ks1==128 && ks2==0))
</pre>
and it worked.
Is FritzBox sending 0 for 128 and is this compliant?
Thank you!
Daniel