diff options
author | tobhe <tobhe@cvs.openbsd.org> | 2020-10-19 17:02:58 +0000 |
---|---|---|
committer | tobhe <tobhe@cvs.openbsd.org> | 2020-10-19 17:02:58 +0000 |
commit | d5e8e4fcde2236801b1a54cb94da4ffc4ad95f24 (patch) | |
tree | e232c5aa315feff523f70ababd588e3e943acf5c | |
parent | 3ebc89ba9fa6c3c542e63cfe670de895c0e03881 (diff) |
Handle NO_PROPOSAL_CHOSEN as IKE_AUTH initiator.
ok markus@
-rw-r--r-- | sbin/iked/iked.h | 3 | ||||
-rw-r--r-- | sbin/iked/ikev2.c | 10 | ||||
-rw-r--r-- | sbin/iked/ikev2_pld.c | 9 |
3 files changed, 19 insertions, 3 deletions
diff --git a/sbin/iked/iked.h b/sbin/iked/iked.h index ecfd74cbb3f..3dba84d8096 100644 --- a/sbin/iked/iked.h +++ b/sbin/iked/iked.h @@ -1,4 +1,4 @@ -/* $OpenBSD: iked.h,v 1.167 2020/10/03 20:23:08 tobhe Exp $ */ +/* $OpenBSD: iked.h,v 1.168 2020/10/19 17:02:57 tobhe Exp $ */ /* * Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de> @@ -632,6 +632,7 @@ struct iked_message { #define IKED_MSG_FLAGS_IPCOMP_SUPPORTED 0x0080 #define IKED_MSG_FLAGS_USE_TRANSPORT 0x0100 #define IKED_MSG_FLAGS_TEMPORARY_FAILURE 0x0200 +#define IKED_MSG_FLAGS_NO_PROPOSAL_CHOSEN 0x0400 struct iked_user { diff --git a/sbin/iked/ikev2.c b/sbin/iked/ikev2.c index a4e50318c90..73cd953c32d 100644 --- a/sbin/iked/ikev2.c +++ b/sbin/iked/ikev2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ikev2.c,v 1.267 2020/10/09 08:59:15 tobhe Exp $ */ +/* $OpenBSD: ikev2.c,v 1.268 2020/10/19 17:02:57 tobhe Exp $ */ /* * Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de> @@ -1069,6 +1069,14 @@ ikev2_init_recv(struct iked *env, struct iked_message *msg, msg->msg_sa = NULL; return; } + if (msg->msg_flags & IKED_MSG_FLAGS_NO_PROPOSAL_CHOSEN) { + log_info("%s: failed to negotiate IKE SA", + SPI_SA(sa, __func__)); + ikev2_ike_sa_setreason(sa, "no proposal chosen"); + sa_state(env, sa, IKEV2_STATE_CLOSED); + msg->msg_sa = NULL; + return; + } (void)ikev2_ike_auth_recv(env, sa, msg); break; diff --git a/sbin/iked/ikev2_pld.c b/sbin/iked/ikev2_pld.c index 63b431c7857..edb13024bbd 100644 --- a/sbin/iked/ikev2_pld.c +++ b/sbin/iked/ikev2_pld.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ikev2_pld.c,v 1.103 2020/10/09 08:59:16 tobhe Exp $ */ +/* $OpenBSD: ikev2_pld.c,v 1.104 2020/10/19 17:02:57 tobhe Exp $ */ /* * Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de> @@ -1178,6 +1178,13 @@ ikev2_pld_notify(struct iked *env, struct ikev2_payload *pld, } msg->msg_parent->msg_flags |= IKED_MSG_FLAGS_CHILD_SA_NOT_FOUND; break; + case IKEV2_N_NO_PROPOSAL_CHOSEN: + if (!msg->msg_e) { + log_debug("%s: IKEV2_N_NO_PROPOSAL_CHOSEN not encrypted", + __func__); + return (-1); + } + msg->msg_parent->msg_flags |= IKED_MSG_FLAGS_NO_PROPOSAL_CHOSEN; case IKEV2_N_MOBIKE_SUPPORTED: if (!msg->msg_e) { log_debug("%s: N_MOBIKE_SUPPORTED not encrypted", |