[Swan-commit] Changes to ref refs/heads/main

Andrew Cagney cagney at vault.libreswan.fi
Thu Mar 4 02:22:50 UTC 2021


New commits:
commit 4d9739f92d124cbed666dc10fe10677e4e71f4d3
Merge: ac09742 a32eb98
Author: Andrew Cagney <cagney at gnu.org>
Date:   Wed Mar 3 21:21:42 2021 -0500

    ikev2: suppress pexpect(shared DH secret == NULL) triggered by intermediate exchange
    
    Merge commit 'a32eb98eb578383786c13885fc3e7bd16104df9e' into main

commit a32eb98eb578383786c13885fc3e7bd16104df9e
Author: Andrew Cagney <cagney at gnu.org>
Date:   Wed Mar 3 20:42:13 2021 -0500

    ikev2: hack to suppress intermediate exchange PEXPECT
    
    The function:
      ikev2_state_transition_fn ikev2_in_IKE_SA_INIT_R_or_IKE_INTERMEDIATE_R_out_IKE_AUTH_I_or_IKE_INTERMEDIATE_I()
    shared by (wait for it) IKE_SA_INIT and IKE_INTERMEDIATE response
    transitions always computes the shared DH secret.
    
    It probably shouldn't.
    
    Hack around it by wrapping above in two stub functions:
      ikev2_state_transition_fn ikev2_in_IKE_SA_INIT_R_out_IKE_AUTH_I_or_IKE_INTERMEDIATE_I()
      ikev2_state_transition_fn ikev2_in_IKE_INTERMEDIATE_R_out_IKE_AUTH_I_or_IKE_INTERMEDIATE_I()
    and then in the latter (IKE_INTERMEDIATE_R), delete the old shared
    DH secret before proceeding.

commit b463f5209da6143c7e698e89e18ed47f114e6d72
Author: Andrew Cagney <cagney at gnu.org>
Date:   Wed Mar 3 16:15:30 2021 -0500

    ikev2: really really really spell out the packets each IKE transition handles
    
    Replace inI1outR3 et.al. - with intermediate exchanges the number
    scheme no longer makes sense.  Use the form:
      in_IKE_..._[IR]_or IKE_..._[IR]_out_IKE_..._[IR]or IKE_..._[IR]()
    so there's no question as to what packets and what direction.
    
    (leave child exchanges alone)



More information about the Swan-commit mailing list