summaryrefslogtreecommitdiff
path: root/sys/netinet/ip_input.c
diff options
context:
space:
mode:
authorPatrick Wildt <patrick@cvs.openbsd.org>2017-11-08 13:33:50 +0000
committerPatrick Wildt <patrick@cvs.openbsd.org>2017-11-08 13:33:50 +0000
commit918103455ceabf54af40927fdf81e9470a75ed3b (patch)
tree598400b6fa914601d359d751accff1557a1b27fa /sys/netinet/ip_input.c
parent845801f35e98a3088def9d60715087298e6511ba (diff)
In the final RFC 5903 the computation for the DH shared secret changed.
Instead of the full point, only the X point is included. The member g_xy is always the shared secret but so far its buffer has been allocated using the size of the public points. Since this is a different size now, as the shared secret for EC Groups should only store the x point, we need another member to specify the length of g_xy. Since this is a backwards incompatible change older isakmpds won't be able to negotiate if you use EC groups. Bump the version of our own vendor tag so peers can try to keep compatibility based on the presen- ted tag. This could be used to implement backwards compatibility to older isakmpds. Prompted by and ok mpi@
Diffstat (limited to 'sys/netinet/ip_input.c')
0 files changed, 0 insertions, 0 deletions