New commits:
commit 7e963933ec4efb34cadf39be2fc4df545372f3aa
Author: Andrew Cagney <[email protected]>
Date: Fri Nov 22 14:54:36 2024 -0500
ikev1: extract .v1_decrypt_iv from the larval Quick Mode Child SA
It should be in .st_v1_iv. PEXPECT this to be consistent with
.st_v1_new_iv.
Also bail early when the Child SA is busy with offloaded
crypto: while crypto is happening;
.st_v1_iv contains the previous or no IV
.st_v1_new_iv contains the updated iv from the packat that
triggered crypto
i.e., without this the pexpect fails. See:
#1930 IKEv1 encrypts INVALID_ID_INFORMATION with wrong IV
commit f96b57a4df493f8e3e4b7666cfafab57bd7a18a8
Author: Andrew Cagney <[email protected]>
Date: Fri Nov 22 14:52:10 2024 -0500
ikev1: explicitly reject unfragmented and unencrypted Quick Mode message
Do it early and explicitly, instead of later in the tail code.
_______________________________________________
Swan-commit mailing list -- [email protected]
To unsubscribe send an email to [email protected]
