[Swan-commit] Changes to ref refs/heads/main
Andrew Cagney
cagney at vault.libreswan.fi
Wed Sep 15 04:00:05 UTC 2021
New commits:
commit 66fe07bf696dde79cd35094c79438ed63a9c5de9
Author: Andrew Cagney <cagney at gnu.org>
Date: Tue Sep 14 17:30:39 2021 -0400
ikev2: cleanup ikev2_states.[hc]
Make log_v2_payload_errors() and ikev2_verify_payloads() static.
commit 2ba1ea02dffe40569a7abf50d81e07f2028723a1
Author: Andrew Cagney <cagney at gnu.org>
Date: Tue Sep 14 17:12:36 2021 -0400
ikev2: split fragmentation and transition lookup code
Replace code searching through all possible transitions (regardless of
state) while similtaneously trying to juggle fragments, decryption and
SKEYSEED.
Roughly:
- if the state is .v2.secure:
- use the state's transition to check if the message is plausable
- accumulate fragments, then decrypt / unpack
- if needed, segway into SKEYSEED
(the SKEYSEED should be computed in the background; scary)
- call find_v2_state_transition() (which matches payloads against just
the curren state's transitions)
commit c205d6de661838e2d972ff91c72487d37eeb1342
Author: Andrew Cagney <cagney at gnu.org>
Date: Mon Sep 13 18:16:57 2021 -0400
ikev2: add struct finite_state .v2.secured
- in ikev2_states, set .v2.secured as needed
- in init_ikev2() passert() that all secured states
only accept secured (aka SK) payloads
- in find_v2_state_transition() use .v2.secured
instead of SK
More information about the Swan-commit
mailing list