diff options
| author | Niklas Hallqvist <niklas@cvs.openbsd.org> | 2000-02-25 17:22:23 +0000 |
|---|---|---|
| committer | Niklas Hallqvist <niklas@cvs.openbsd.org> | 2000-02-25 17:22:23 +0000 |
| commit | 47167191f09ba0d3c55764f63f6be1d9bcb1aa4b (patch) | |
| tree | 9a41404f68abbda16d65e8e9ae962264ab250adc | |
| parent | cc0c6d1ce46466d46adff1d1b61c7bcd670d2456 (diff) | |
Merge with EOM 1.117
author: angelos
Move the check after we get rid of the unused protos.
author: niklas
Made debug logging a compile time selectable feature
| -rw-r--r-- | sbin/isakmpd/ike_quick_mode.c | 219 |
1 files changed, 112 insertions, 107 deletions
diff --git a/sbin/isakmpd/ike_quick_mode.c b/sbin/isakmpd/ike_quick_mode.c index 919ad19898e..c0853cb046d 100644 --- a/sbin/isakmpd/ike_quick_mode.c +++ b/sbin/isakmpd/ike_quick_mode.c @@ -1,5 +1,5 @@ -/* $OpenBSD: ike_quick_mode.c,v 1.32 2000/02/19 19:31:32 niklas Exp $ */ -/* $EOM: ike_quick_mode.c,v 1.115 2000/02/19 07:46:31 niklas Exp $ */ +/* $OpenBSD: ike_quick_mode.c,v 1.33 2000/02/25 17:22:22 niklas Exp $ */ +/* $EOM: ike_quick_mode.c,v 1.117 2000/02/25 07:06:22 angelos Exp $ */ /* * Copyright (c) 1998, 1999, 2000 Niklas Hallqvist. All rights reserved. @@ -244,8 +244,8 @@ check_policy (struct exchange *exchange, struct sa *sa, struct sa *isakmp_sa) /* Check what policy said. */ if (result < 0) { - log_debug (LOG_MISC, 40, "check_policy: kn_do_query returned %d", - result); + LOG_DBG ((LOG_MISC, 40, "check_policy: kn_do_query returned %d", + result)); return 0; } @@ -678,8 +678,8 @@ initiator_send_HASH_SA_NONCE (struct message *msg) id = ipsec_build_id (local_id, &sz); if (!id) return -1; - log_debug_buf (LOG_MISC, 90, "initiator_send_HASH_SA_NONCE: IDic", id, - sz); + LOG_DBG_BUF ((LOG_MISC, 90, "initiator_send_HASH_SA_NONCE: IDic", id, + sz)); if (message_add_payload (msg, ISAKMP_PAYLOAD_ID, id, sz, 1)) { free (id); @@ -689,8 +689,8 @@ initiator_send_HASH_SA_NONCE (struct message *msg) id = ipsec_build_id (remote_id, &sz); if (!id) return -1; - log_debug_buf (LOG_MISC, 90, "initiator_send_HASH_SA_NONCE: IDrc", id, - sz); + LOG_DBG_BUF ((LOG_MISC, 90, "initiator_send_HASH_SA_NONCE: IDrc", id, + sz)); if (message_add_payload (msg, ISAKMP_PAYLOAD_ID, id, sz, 1)) { free (id); @@ -818,9 +818,10 @@ initiator_recv_HASH_SA_NONCE (struct message *msg) } memcpy (ie->id_ci, idp->p, ie->id_ci_sz); idp->flags |= PL_MARK; - log_debug_buf (LOG_MISC, 90, - "initiator_recv_HASH_SA_NONCE: IDci", - ie->id_ci + ISAKMP_GEN_SZ, ie->id_ci_sz - ISAKMP_GEN_SZ); + LOG_DBG_BUF ((LOG_MISC, 90, + "initiator_recv_HASH_SA_NONCE: IDci", + ie->id_ci + ISAKMP_GEN_SZ, ie->id_ci_sz + - ISAKMP_GEN_SZ)); idp = TAILQ_NEXT (idp, link); ie->id_cr_sz = GET_ISAKMP_GEN_LENGTH (idp->p); @@ -833,9 +834,10 @@ initiator_recv_HASH_SA_NONCE (struct message *msg) } memcpy (ie->id_cr, idp->p, ie->id_cr_sz); idp->flags |= PL_MARK; - log_debug_buf (LOG_MISC, 90, - "initiator_recv_HASH_SA_NONCE: IDcr", - ie->id_cr + ISAKMP_GEN_SZ, ie->id_cr_sz - ISAKMP_GEN_SZ); + LOG_DBG_BUF ((LOG_MISC, 90, + "initiator_recv_HASH_SA_NONCE: IDcr", + ie->id_cr + ISAKMP_GEN_SZ, ie->id_cr_sz + - ISAKMP_GEN_SZ)); } /* Build the protection suite in our SA. */ @@ -854,15 +856,6 @@ initiator_recv_HASH_SA_NONCE (struct message *msg) /* XXX Check that the chosen transform matches an offer. */ ipsec_decode_transform (msg, sa, proto, xf->p); - -#ifdef USE_POLICY - if (!check_policy (exchange, sa, msg->isakmp_sa)) - { - message_drop (msg, ISAKMP_NOTIFY_NO_PROPOSAL_CHOSEN, 0, 1, 0); - log_print ("initiator_recv_HASH_SA_NONCE: policy check failed"); - return -1; - } -#endif } /* Now remove offers that we don't need anymore. */ @@ -873,35 +866,44 @@ initiator_recv_HASH_SA_NONCE (struct message *msg) proto_free (proto); } +#ifdef USE_POLICY + if (!check_policy (exchange, sa, msg->isakmp_sa)) + { + message_drop (msg, ISAKMP_NOTIFY_NO_PROPOSAL_CHOSEN, 0, 1, 0); + log_print ("initiator_recv_HASH_SA_NONCE: policy check failed"); + return -1; + } +#endif + /* Mark the SA as handled. */ sa_p->flags |= PL_MARK; /* Allocate the prf and start calculating our HASH(1). XXX Share? */ - log_debug_buf (LOG_MISC, 90, "initiator_recv_HASH_SA_NONCE: SKEYID_a", - isa->skeyid_a, isa->skeyid_len); + LOG_DBG_BUF ((LOG_MISC, 90, "initiator_recv_HASH_SA_NONCE: SKEYID_a", + isa->skeyid_a, isa->skeyid_len)); prf = prf_alloc (isa->prf_type, hash->type, isa->skeyid_a, isa->skeyid_len); if (!prf) return -1; prf->Init (prf->prfctx); - log_debug_buf (LOG_MISC, 90, "initiator_recv_HASH_SA_NONCE: message_id", - exchange->message_id, ISAKMP_HDR_MESSAGE_ID_LEN); + LOG_DBG_BUF ((LOG_MISC, 90, "initiator_recv_HASH_SA_NONCE: message_id", + exchange->message_id, ISAKMP_HDR_MESSAGE_ID_LEN)); prf->Update (prf->prfctx, exchange->message_id, ISAKMP_HDR_MESSAGE_ID_LEN); - log_debug_buf (LOG_MISC, 90, "initiator_recv_HASH_SA_NONCE: NONCE_I_b", - exchange->nonce_i, exchange->nonce_i_len); + LOG_DBG_BUF ((LOG_MISC, 90, "initiator_recv_HASH_SA_NONCE: NONCE_I_b", + exchange->nonce_i, exchange->nonce_i_len)); prf->Update (prf->prfctx, exchange->nonce_i, exchange->nonce_i_len); rest = hashp->p + GET_ISAKMP_GEN_LENGTH (hashp->p); rest_len = (GET_ISAKMP_HDR_LENGTH (msg->iov[0].iov_base) - (rest - (u_int8_t*)msg->iov[0].iov_base)); - log_debug_buf (LOG_MISC, 90, - "initiator_recv_HASH_SA_NONCE: payloads after HASH(2)", rest, - rest_len); + LOG_DBG_BUF ((LOG_MISC, 90, + "initiator_recv_HASH_SA_NONCE: payloads after HASH(2)", rest, + rest_len)); prf->Update (prf->prfctx, rest, rest_len); prf->Final (hash->digest, prf->prfctx); prf_free (prf); - log_debug_buf (LOG_MISC, 80, - "initiator_recv_HASH_SA_NONCE: computed HASH(2)", - hash->digest, hashsize); + LOG_DBG_BUF ((LOG_MISC, 80, + "initiator_recv_HASH_SA_NONCE: computed HASH(2)", + hash->digest, hashsize)); if (memcmp (hashp->p + ISAKMP_HASH_DATA_OFF, hash->digest, hashsize) != 0) { message_drop (msg, ISAKMP_NOTIFY_INVALID_HASH_INFORMATION, 0, 1, 0); @@ -957,26 +959,26 @@ initiator_send_HASH (struct message *msg) } /* Allocate the prf and start calculating our HASH(3). XXX Share? */ - log_debug_buf (LOG_MISC, 90, "initiator_send_HASH: SKEYID_a", isa->skeyid_a, - isa->skeyid_len); + LOG_DBG_BUF ((LOG_MISC, 90, "initiator_send_HASH: SKEYID_a", isa->skeyid_a, + isa->skeyid_len)); prf = prf_alloc (isa->prf_type, isa->hash, isa->skeyid_a, isa->skeyid_len); if (!prf) return -1; prf->Init (prf->prfctx); prf->Update (prf->prfctx, "\0", 1); - log_debug_buf (LOG_MISC, 90, "initiator_send_HASH: message_id", - exchange->message_id, ISAKMP_HDR_MESSAGE_ID_LEN); + LOG_DBG_BUF ((LOG_MISC, 90, "initiator_send_HASH: message_id", + exchange->message_id, ISAKMP_HDR_MESSAGE_ID_LEN)); prf->Update (prf->prfctx, exchange->message_id, ISAKMP_HDR_MESSAGE_ID_LEN); - log_debug_buf (LOG_MISC, 90, "initiator_send_HASH: NONCE_I_b", - exchange->nonce_i, exchange->nonce_i_len); + LOG_DBG_BUF ((LOG_MISC, 90, "initiator_send_HASH: NONCE_I_b", + exchange->nonce_i, exchange->nonce_i_len)); prf->Update (prf->prfctx, exchange->nonce_i, exchange->nonce_i_len); - log_debug_buf (LOG_MISC, 90, "initiator_send_HASH: NONCE_R_b", - exchange->nonce_r, exchange->nonce_r_len); + LOG_DBG_BUF ((LOG_MISC, 90, "initiator_send_HASH: NONCE_R_b", + exchange->nonce_r, exchange->nonce_r_len)); prf->Update (prf->prfctx, exchange->nonce_r, exchange->nonce_r_len); prf->Final (buf + ISAKMP_GEN_SZ, prf->prfctx); prf_free (prf); - log_debug_buf (LOG_MISC, 90, "initiator_send_HASH: HASH(3)", - buf + ISAKMP_GEN_SZ, hashsize); + LOG_DBG_BUF ((LOG_MISC, 90, "initiator_send_HASH: HASH(3)", + buf + ISAKMP_GEN_SZ, hashsize)); if (ie->group) message_register_post_send (msg, gen_g_xy); @@ -1053,9 +1055,10 @@ post_quick_mode (struct message *msg) if (keymat != iproto->keymat[i]) { /* Hash in last round's KEYMAT. */ - log_debug_buf (LOG_MISC, 90, - "post_quick_mode: last KEYMAT", - keymat - prf->blocksize, prf->blocksize); + LOG_DBG_BUF ((LOG_MISC, 90, + "post_quick_mode: last KEYMAT", + keymat - prf->blocksize, + prf->blocksize)); prf->Update (prf->prfctx, keymat - prf->blocksize, prf->blocksize); } @@ -1063,30 +1066,30 @@ post_quick_mode (struct message *msg) /* If PFS is used hash in g^xy. */ if (ie->g_xy) { - log_debug_buf (LOG_MISC, 90, "post_quick_mode: g^xy", - ie->g_xy, ie->g_x_len); + LOG_DBG_BUF ((LOG_MISC, 90, "post_quick_mode: g^xy", + ie->g_xy, ie->g_x_len)); prf->Update (prf->prfctx, ie->g_xy, ie->g_x_len); } - log_debug (LOG_MISC, 90, - "post_quick_mode: suite %d proto %d", proto->no, - proto->proto); + LOG_DBG ((LOG_MISC, 90, + "post_quick_mode: suite %d proto %d", proto->no, + proto->proto)); prf->Update (prf->prfctx, &proto->proto, 1); - log_debug_buf (LOG_MISC, 90, "post_quick_mode: SPI", - proto->spi[i], proto->spi_sz[i]); + LOG_DBG_BUF ((LOG_MISC, 90, "post_quick_mode: SPI", + proto->spi[i], proto->spi_sz[i])); prf->Update (prf->prfctx, proto->spi[i], proto->spi_sz[i]); - log_debug_buf (LOG_MISC, 90, "post_quick_mode: Ni_b", - exchange->nonce_i, exchange->nonce_i_len); + LOG_DBG_BUF ((LOG_MISC, 90, "post_quick_mode: Ni_b", + exchange->nonce_i, exchange->nonce_i_len)); prf->Update (prf->prfctx, exchange->nonce_i, exchange->nonce_i_len); - log_debug_buf (LOG_MISC, 90, "post_quick_mode: Nr_b", - exchange->nonce_r, exchange->nonce_r_len); + LOG_DBG_BUF ((LOG_MISC, 90, "post_quick_mode: Nr_b", + exchange->nonce_r, exchange->nonce_r_len)); prf->Update (prf->prfctx, exchange->nonce_r, exchange->nonce_r_len); prf->Final (keymat, prf->prfctx); } prf_free (prf); - log_debug_buf (LOG_MISC, 90, "post_quick_mode: KEYMAT", - iproto->keymat[i], ie->keymat_len); + LOG_DBG_BUF ((LOG_MISC, 90, "post_quick_mode: KEYMAT", + iproto->keymat[i], ie->keymat_len)); } } } @@ -1142,26 +1145,26 @@ responder_recv_HASH_SA_NONCE (struct message *msg) * Check the payload's integrity. * XXX Share with ipsec_fill_in_hash? */ - log_debug_buf (LOG_MISC, 90, "responder_recv_HASH_SA_NONCE: SKEYID_a", - isa->skeyid_a, isa->skeyid_len); + LOG_DBG_BUF ((LOG_MISC, 90, "responder_recv_HASH_SA_NONCE: SKEYID_a", + isa->skeyid_a, isa->skeyid_len)); prf = prf_alloc (isa->prf_type, isa->hash, isa->skeyid_a, isa->skeyid_len); if (!prf) goto cleanup; prf->Init (prf->prfctx); - log_debug_buf (LOG_MISC, 90, "responder_recv_HASH_SA_NONCE: message_id", - exchange->message_id, ISAKMP_HDR_MESSAGE_ID_LEN); + LOG_DBG_BUF ((LOG_MISC, 90, "responder_recv_HASH_SA_NONCE: message_id", + exchange->message_id, ISAKMP_HDR_MESSAGE_ID_LEN)); prf->Update (prf->prfctx, exchange->message_id, ISAKMP_HDR_MESSAGE_ID_LEN); - log_debug_buf (LOG_MISC, 90, - "responder_recv_HASH_SA_NONCE: message after HASH", - hash + hash_len, - msg->iov[0].iov_len - ISAKMP_HDR_SZ - hash_len); + LOG_DBG_BUF ((LOG_MISC, 90, + "responder_recv_HASH_SA_NONCE: message after HASH", + hash + hash_len, + msg->iov[0].iov_len - ISAKMP_HDR_SZ - hash_len)); prf->Update (prf->prfctx, hash + hash_len, msg->iov[0].iov_len - ISAKMP_HDR_SZ - hash_len); prf->Final (my_hash, prf->prfctx); prf_free (prf); - log_debug_buf (LOG_MISC, 90, - "responder_recv_HASH_SA_NONCE: computed HASH(1)", my_hash, - hash_len - ISAKMP_GEN_SZ); + LOG_DBG_BUF ((LOG_MISC, 90, + "responder_recv_HASH_SA_NONCE: computed HASH(1)", my_hash, + hash_len - ISAKMP_GEN_SZ)); if (memcmp (hash + ISAKMP_GEN_SZ, my_hash, hash_len - ISAKMP_GEN_SZ) != 0) { message_drop (msg, ISAKMP_NOTIFY_INVALID_HASH_INFORMATION, 0, 1, 0); @@ -1196,9 +1199,10 @@ responder_recv_HASH_SA_NONCE (struct message *msg) } memcpy (ie->id_ci, idp->p, ie->id_ci_sz); idp->flags |= PL_MARK; - log_debug_buf (LOG_MISC, 90, - "responder_recv_HASH_SA_NONCE: IDci", - ie->id_ci + ISAKMP_GEN_SZ, ie->id_ci_sz - ISAKMP_GEN_SZ); + LOG_DBG_BUF ((LOG_MISC, 90, + "responder_recv_HASH_SA_NONCE: IDci", + ie->id_ci + ISAKMP_GEN_SZ, ie->id_ci_sz + - ISAKMP_GEN_SZ)); idp = TAILQ_NEXT (idp, link); ie->id_cr_sz = GET_ISAKMP_GEN_LENGTH (idp->p); @@ -1211,9 +1215,10 @@ responder_recv_HASH_SA_NONCE (struct message *msg) } memcpy (ie->id_cr, idp->p, ie->id_cr_sz); idp->flags |= PL_MARK; - log_debug_buf (LOG_MISC, 90, - "responder_recv_HASH_SA_NONCE: IDcr", - ie->id_cr + ISAKMP_GEN_SZ, ie->id_cr_sz - ISAKMP_GEN_SZ); + LOG_DBG_BUF ((LOG_MISC, 90, + "responder_recv_HASH_SA_NONCE: IDcr", + ie->id_cr + ISAKMP_GEN_SZ, ie->id_cr_sz + - ISAKMP_GEN_SZ)); } else { @@ -1454,8 +1459,8 @@ responder_send_HASH_SA_NONCE (struct message *msg) return -1; } memcpy (id, ie->id_ci, sz); - log_debug_buf (LOG_MISC, 90, "responder_send_HASH_SA_NONCE: IDic", id, - sz); + LOG_DBG_BUF ((LOG_MISC, 90, "responder_send_HASH_SA_NONCE: IDic", id, + sz)); if (message_add_payload (msg, ISAKMP_PAYLOAD_ID, id, sz, 1)) { free (id); @@ -1470,8 +1475,8 @@ responder_send_HASH_SA_NONCE (struct message *msg) return -1; } memcpy (id, ie->id_cr, sz); - log_debug_buf (LOG_MISC, 90, "responder_send_HASH_SA_NONCE: IDrc", id, - sz); + LOG_DBG_BUF ((LOG_MISC, 90, "responder_send_HASH_SA_NONCE: IDrc", id, + sz)); if (message_add_payload (msg, ISAKMP_PAYLOAD_ID, id, sz, 1)) { free (id); @@ -1480,19 +1485,19 @@ responder_send_HASH_SA_NONCE (struct message *msg) } /* Allocate the prf and start calculating our HASH(2). XXX Share? */ - log_debug (LOG_MISC, 95, "responder_recv_HASH: isakmp_sa %p isa %p", - isakmp_sa, isa); - log_debug_buf (LOG_MISC, 90, "responder_send_HASH_SA_NONCE: SKEYID_a", - isa->skeyid_a, isa->skeyid_len); + LOG_DBG ((LOG_MISC, 95, "responder_recv_HASH: isakmp_sa %p isa %p", + isakmp_sa, isa)); + LOG_DBG_BUF ((LOG_MISC, 90, "responder_send_HASH_SA_NONCE: SKEYID_a", + isa->skeyid_a, isa->skeyid_len)); prf = prf_alloc (isa->prf_type, hash->type, isa->skeyid_a, isa->skeyid_len); if (!prf) return -1; prf->Init (prf->prfctx); - log_debug_buf (LOG_MISC, 90, "responder_send_HASH_SA_NONCE: message_id", - exchange->message_id, ISAKMP_HDR_MESSAGE_ID_LEN); + LOG_DBG_BUF ((LOG_MISC, 90, "responder_send_HASH_SA_NONCE: message_id", + exchange->message_id, ISAKMP_HDR_MESSAGE_ID_LEN)); prf->Update (prf->prfctx, exchange->message_id, ISAKMP_HDR_MESSAGE_ID_LEN); - log_debug_buf (LOG_MISC, 90, "responder_send_HASH_SA_NONCE: NONCE_I_b", - exchange->nonce_i, exchange->nonce_i_len); + LOG_DBG_BUF ((LOG_MISC, 90, "responder_send_HASH_SA_NONCE: NONCE_I_b", + exchange->nonce_i, exchange->nonce_i_len)); prf->Update (prf->prfctx, exchange->nonce_i, exchange->nonce_i_len); /* Loop over all payloads after HASH(2). */ @@ -1502,15 +1507,15 @@ responder_send_HASH_SA_NONCE (struct message *msg) snprintf (header, 80, "responder_send_HASH_SA_NONCE: payload %d after HASH(2)", i - 1); - log_debug_buf (LOG_MISC, 90, header, msg->iov[i].iov_base, - msg->iov[i].iov_len); + LOG_DBG_BUF ((LOG_MISC, 90, header, msg->iov[i].iov_base, + msg->iov[i].iov_len)); prf->Update (prf->prfctx, msg->iov[i].iov_base, msg->iov[i].iov_len); } prf->Final (buf + ISAKMP_HASH_DATA_OFF, prf->prfctx); prf_free (prf); snprintf (header, 80, "responder_send_HASH_SA_NONCE: HASH_%c", initiator ? 'I' : 'R'); - log_debug_buf (LOG_MISC, 80, header, buf + ISAKMP_HASH_DATA_OFF, hashsize); + LOG_DBG_BUF ((LOG_MISC, 80, header, buf + ISAKMP_HASH_DATA_OFF, hashsize)); if (ie->group) message_register_post_send (msg, gen_g_xy); @@ -1537,7 +1542,7 @@ gen_g_xy (struct message *msg) log_print ("gen_g_xy: dh_create_shared failed"); return; } - log_debug_buf (LOG_MISC, 80, "gen_g_xy: g^xy", ie->g_xy, ie->g_x_len); + LOG_DBG_BUF ((LOG_MISC, 80, "gen_g_xy: g^xy", ie->g_xy, ie->g_x_len)); } static int @@ -1565,29 +1570,29 @@ responder_recv_HASH (struct message *msg) } /* Allocate the prf and start calculating our HASH(3). XXX Share? */ - log_debug (LOG_MISC, 95, "responder_recv_HASH: isakmp_sa %p isa %p", - isakmp_sa, isa); - log_debug_buf (LOG_MISC, 90, "responder_recv_HASH: SKEYID_a", isa->skeyid_a, - isa->skeyid_len); + LOG_DBG ((LOG_MISC, 95, "responder_recv_HASH: isakmp_sa %p isa %p", + isakmp_sa, isa)); + LOG_DBG_BUF ((LOG_MISC, 90, "responder_recv_HASH: SKEYID_a", isa->skeyid_a, + isa->skeyid_len)); prf = prf_alloc (isa->prf_type, isa->hash, isa->skeyid_a, isa->skeyid_len); if (!prf) goto cleanup; prf->Init (prf->prfctx); prf->Update (prf->prfctx, "\0", 1); - log_debug_buf (LOG_MISC, 90, "responder_recv_HASH: message_id", - exchange->message_id, ISAKMP_HDR_MESSAGE_ID_LEN); + LOG_DBG_BUF ((LOG_MISC, 90, "responder_recv_HASH: message_id", + exchange->message_id, ISAKMP_HDR_MESSAGE_ID_LEN)); prf->Update (prf->prfctx, exchange->message_id, ISAKMP_HDR_MESSAGE_ID_LEN); - log_debug_buf (LOG_MISC, 90, "responder_recv_HASH: NONCE_I_b", - exchange->nonce_i, exchange->nonce_i_len); + LOG_DBG_BUF ((LOG_MISC, 90, "responder_recv_HASH: NONCE_I_b", + exchange->nonce_i, exchange->nonce_i_len)); prf->Update (prf->prfctx, exchange->nonce_i, exchange->nonce_i_len); - log_debug_buf (LOG_MISC, 90, "responder_recv_HASH: NONCE_R_b", - exchange->nonce_r, exchange->nonce_r_len); + LOG_DBG_BUF ((LOG_MISC, 90, "responder_recv_HASH: NONCE_R_b", + exchange->nonce_r, exchange->nonce_r_len)); prf->Update (prf->prfctx, exchange->nonce_r, exchange->nonce_r_len); prf->Final (my_hash, prf->prfctx); prf_free (prf); - log_debug_buf (LOG_MISC, 90, - "responder_recv_HASH: computed HASH(3)", my_hash, - hash_len - ISAKMP_GEN_SZ); + LOG_DBG_BUF ((LOG_MISC, 90, + "responder_recv_HASH: computed HASH(3)", my_hash, + hash_len - ISAKMP_GEN_SZ)); if (memcmp (hash + ISAKMP_GEN_SZ, my_hash, hash_len - ISAKMP_GEN_SZ) != 0) { message_drop (msg, ISAKMP_NOTIFY_INVALID_HASH_INFORMATION, 0, 1, 0); |