summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authortobhe <tobhe@cvs.openbsd.org>2020-10-19 17:02:58 +0000
committertobhe <tobhe@cvs.openbsd.org>2020-10-19 17:02:58 +0000
commitd5e8e4fcde2236801b1a54cb94da4ffc4ad95f24 (patch)
treee232c5aa315feff523f70ababd588e3e943acf5c
parent3ebc89ba9fa6c3c542e63cfe670de895c0e03881 (diff)
Handle NO_PROPOSAL_CHOSEN as IKE_AUTH initiator.
ok markus@
-rw-r--r--sbin/iked/iked.h3
-rw-r--r--sbin/iked/ikev2.c10
-rw-r--r--sbin/iked/ikev2_pld.c9
3 files changed, 19 insertions, 3 deletions
diff --git a/sbin/iked/iked.h b/sbin/iked/iked.h
index ecfd74cbb3f..3dba84d8096 100644
--- a/sbin/iked/iked.h
+++ b/sbin/iked/iked.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: iked.h,v 1.167 2020/10/03 20:23:08 tobhe Exp $ */
+/* $OpenBSD: iked.h,v 1.168 2020/10/19 17:02:57 tobhe Exp $ */
/*
* Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de>
@@ -632,6 +632,7 @@ struct iked_message {
#define IKED_MSG_FLAGS_IPCOMP_SUPPORTED 0x0080
#define IKED_MSG_FLAGS_USE_TRANSPORT 0x0100
#define IKED_MSG_FLAGS_TEMPORARY_FAILURE 0x0200
+#define IKED_MSG_FLAGS_NO_PROPOSAL_CHOSEN 0x0400
struct iked_user {
diff --git a/sbin/iked/ikev2.c b/sbin/iked/ikev2.c
index a4e50318c90..73cd953c32d 100644
--- a/sbin/iked/ikev2.c
+++ b/sbin/iked/ikev2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ikev2.c,v 1.267 2020/10/09 08:59:15 tobhe Exp $ */
+/* $OpenBSD: ikev2.c,v 1.268 2020/10/19 17:02:57 tobhe Exp $ */
/*
* Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de>
@@ -1069,6 +1069,14 @@ ikev2_init_recv(struct iked *env, struct iked_message *msg,
msg->msg_sa = NULL;
return;
}
+ if (msg->msg_flags & IKED_MSG_FLAGS_NO_PROPOSAL_CHOSEN) {
+ log_info("%s: failed to negotiate IKE SA",
+ SPI_SA(sa, __func__));
+ ikev2_ike_sa_setreason(sa, "no proposal chosen");
+ sa_state(env, sa, IKEV2_STATE_CLOSED);
+ msg->msg_sa = NULL;
+ return;
+ }
(void)ikev2_ike_auth_recv(env, sa, msg);
break;
diff --git a/sbin/iked/ikev2_pld.c b/sbin/iked/ikev2_pld.c
index 63b431c7857..edb13024bbd 100644
--- a/sbin/iked/ikev2_pld.c
+++ b/sbin/iked/ikev2_pld.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ikev2_pld.c,v 1.103 2020/10/09 08:59:16 tobhe Exp $ */
+/* $OpenBSD: ikev2_pld.c,v 1.104 2020/10/19 17:02:57 tobhe Exp $ */
/*
* Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de>
@@ -1178,6 +1178,13 @@ ikev2_pld_notify(struct iked *env, struct ikev2_payload *pld,
}
msg->msg_parent->msg_flags |= IKED_MSG_FLAGS_CHILD_SA_NOT_FOUND;
break;
+ case IKEV2_N_NO_PROPOSAL_CHOSEN:
+ if (!msg->msg_e) {
+ log_debug("%s: IKEV2_N_NO_PROPOSAL_CHOSEN not encrypted",
+ __func__);
+ return (-1);
+ }
+ msg->msg_parent->msg_flags |= IKED_MSG_FLAGS_NO_PROPOSAL_CHOSEN;
case IKEV2_N_MOBIKE_SUPPORTED:
if (!msg->msg_e) {
log_debug("%s: N_MOBIKE_SUPPORTED not encrypted",