New commits:
commit ad7d8caa7863cf75ab26e33cc1900748ab7978a8
Merge: 58e3915c2f cbbb3817ed
Author: Andrew Cagney <cag...@gnu.org>
Date: Sat Sep 20 21:23:09 2025 -0400
Merge ikev2: don't allow duplicate KEMs between ADDKEs and KEM
close #2370 responder must only accept unique KE algorithms
commit cbbb3817ede9ea3a4d3c6c5cfa0ad2b835cb6a9a
Author: Andrew Cagney <cag...@gnu.org>
Date: Sat Sep 20 14:38:25 2025 -0400
ikev2: don't allow duplicate KEM algorithms between KEM and ADDKE*
Per RFC 9370:
However, for the ADDKE Transform Types, the responder's choice MUST
NOT contain duplicated algorithms (those with an identical Transform
ID and attributes), except for the Transform ID of NONE.
Use an lset_t to track what's already been selected
(and make no attempt to backtrack decisions).
commit 0a792c7463c42932af4fb0d3fece6c9ecbfcceec
Author: Andrew Cagney <cag...@gnu.org>
Date: Fri Sep 19 16:38:05 2025 -0400
testing: make ikev2-intermediate-05-addke-duplicate good
commit 4e140e8f130d6bb853d67f66387201e9487e6898
Author: Andrew Cagney <cag...@gnu.org>
Date: Fri Sep 19 15:14:43 2025 -0400
ikev2: reorg ikev2_process_proposals()
- allocate structures before call
- use return to bail; not break
commit b2e6b4413a487bfed6530475196c28f73ebe5d57
Author: Andrew Cagney <cag...@gnu.org>
Date: Sat Sep 20 21:15:08 2025 -0400
testing: fix ikev2-intermediate-06-addke2-dh19-addke4-none-addke6-dh20
it negotiated kem=dh19;addke2=dh19
_______________________________________________
Swan-commit mailing list -- swan-commit@lists.libreswan.org
To unsubscribe send an email to swan-commit-le...@lists.libreswan.org
