[Swan-commit] Changes to ref refs/heads/main
Andrew Cagney
cagney at vault.libreswan.fi
Tue Sep 21 22:23:42 UTC 2021
New commits:
commit 2937650736bf22efb54d12958195f7c11009e220
Author: Andrew Cagney <cagney at gnu.org>
Date: Tue Sep 21 15:10:59 2021 -0400
ikev2: clarify IKE_SA_INIT/unprotected vs other exchanges
- rework comments
- note why SK/SKF need to be unpacked
- more passert()s
commit e26e15a9988f84507894fc19e5e2132add8a69be
Author: Andrew Cagney <cagney at gnu.org>
Date: Tue Sep 21 15:43:37 2021 -0400
ikev2: add cheap explicit and early check that the matching IKE SA is secured
If the exchange isn't IKE_SA_INIT, two things need to be established:
- the IKE SA is secured (only accepting integrity protected messages)
- the message really is protected
this tick the first
It was happening, but only after parsing the payload.
commit fa9eda6f33221dd8c98604ffe93dcc43a2000892
Author: Andrew Cagney <cagney at gnu.org>
Date: Tue Sep 21 15:20:03 2021 -0400
ikev2: rename *_secured_*() -> *_protected_*() for exchange functions
i.e.,
complete_secured_but_fatal_exchange()
process_secured_v2_message()
IKEv2 describes how a message is integrity protected.
(secured IKE SAs only allow protected messages)
More information about the Swan-commit
mailing list