[Swan-commit] Changes to ref refs/heads/main
Andrew Cagney
cagney at vault.libreswan.fi
Thu Mar 4 02:22:50 UTC 2021
New commits:
commit 4d9739f92d124cbed666dc10fe10677e4e71f4d3
Merge: ac09742 a32eb98
Author: Andrew Cagney <cagney at gnu.org>
Date: Wed Mar 3 21:21:42 2021 -0500
ikev2: suppress pexpect(shared DH secret == NULL) triggered by intermediate exchange
Merge commit 'a32eb98eb578383786c13885fc3e7bd16104df9e' into main
commit a32eb98eb578383786c13885fc3e7bd16104df9e
Author: Andrew Cagney <cagney at gnu.org>
Date: Wed Mar 3 20:42:13 2021 -0500
ikev2: hack to suppress intermediate exchange PEXPECT
The function:
ikev2_state_transition_fn ikev2_in_IKE_SA_INIT_R_or_IKE_INTERMEDIATE_R_out_IKE_AUTH_I_or_IKE_INTERMEDIATE_I()
shared by (wait for it) IKE_SA_INIT and IKE_INTERMEDIATE response
transitions always computes the shared DH secret.
It probably shouldn't.
Hack around it by wrapping above in two stub functions:
ikev2_state_transition_fn ikev2_in_IKE_SA_INIT_R_out_IKE_AUTH_I_or_IKE_INTERMEDIATE_I()
ikev2_state_transition_fn ikev2_in_IKE_INTERMEDIATE_R_out_IKE_AUTH_I_or_IKE_INTERMEDIATE_I()
and then in the latter (IKE_INTERMEDIATE_R), delete the old shared
DH secret before proceeding.
commit b463f5209da6143c7e698e89e18ed47f114e6d72
Author: Andrew Cagney <cagney at gnu.org>
Date: Wed Mar 3 16:15:30 2021 -0500
ikev2: really really really spell out the packets each IKE transition handles
Replace inI1outR3 et.al. - with intermediate exchanges the number
scheme no longer makes sense. Use the form:
in_IKE_..._[IR]_or IKE_..._[IR]_out_IKE_..._[IR]or IKE_..._[IR]()
so there's no question as to what packets and what direction.
(leave child exchanges alone)
More information about the Swan-commit
mailing list