[Swan-commit] Changes to ref refs/heads/master
Andrew Cagney
cagney at vault.libreswan.fi
Mon Dec 10 16:38:36 UTC 2018
New commits:
commit cd61a32dd8054710babd2f14cf2933f827c331d6
Author: Andrew Cagney <cagney at gnu.org>
Date: Wed Dec 5 11:14:45 2018 -0500
ikev2: respond to 'corrupt' KE with v2N_INVALID_SYNTAX, not INVALID_KEY_INFORMATION
Pass KE's payload_digest to accept_KE() and return bool, that way callers
can decide which notification to use. Treat a NULL KE payload_digest as
an error (for instance a CREATE_CHILD_SA exchange where PFS was negotiated).
Have IKEv2 responder explicitly send the notification (don't rely on
convoluted STF_FAIL+v2N return path). For IKEv2 initiator, still
return STF_FAIL_v2N but note that it is somewhat pointless - either
STF_FATAL or STF_IGNORE is probably better.
Merge in accept_child_sa_KE() - caller can specify where to store KE.
More information about the Swan-commit
mailing list