New commits:
commit 4d9739f92d124cbed666dc10fe10677e4e71f4d3
Merge: ac09742 a32eb98
Author: Andrew Cagney <[email protected]>
Date: Wed Mar 3 21:21:42 2021 -0500
ikev2: suppress pexpect(shared DH secret == NULL) triggered by intermediate
exchange
Merge commit 'a32eb98eb578383786c13885fc3e7bd16104df9e' into main
commit a32eb98eb578383786c13885fc3e7bd16104df9e
Author: Andrew Cagney <[email protected]>
Date: Wed Mar 3 20:42:13 2021 -0500
ikev2: hack to suppress intermediate exchange PEXPECT
The function:
ikev2_state_transition_fn
ikev2_in_IKE_SA_INIT_R_or_IKE_INTERMEDIATE_R_out_IKE_AUTH_I_or_IKE_INTERMEDIATE_I()
shared by (wait for it) IKE_SA_INIT and IKE_INTERMEDIATE response
transitions always computes the shared DH secret.
It probably shouldn't.
Hack around it by wrapping above in two stub functions:
ikev2_state_transition_fn
ikev2_in_IKE_SA_INIT_R_out_IKE_AUTH_I_or_IKE_INTERMEDIATE_I()
ikev2_state_transition_fn
ikev2_in_IKE_INTERMEDIATE_R_out_IKE_AUTH_I_or_IKE_INTERMEDIATE_I()
and then in the latter (IKE_INTERMEDIATE_R), delete the old shared
DH secret before proceeding.
commit b463f5209da6143c7e698e89e18ed47f114e6d72
Author: Andrew Cagney <[email protected]>
Date: Wed Mar 3 16:15:30 2021 -0500
ikev2: really really really spell out the packets each IKE transition
handles
Replace inI1outR3 et.al. - with intermediate exchanges the number
scheme no longer makes sense. Use the form:
in_IKE_..._[IR]_or IKE_..._[IR]_out_IKE_..._[IR]or IKE_..._[IR]()
so there's no question as to what packets and what direction.
(leave child exchanges alone)
_______________________________________________
Swan-commit mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-commit
