diff options
| author | tobhe <tobhe@cvs.openbsd.org> | 2021-01-21 16:46:48 +0000 |
|---|---|---|
| committer | tobhe <tobhe@cvs.openbsd.org> | 2021-01-21 16:46:48 +0000 |
| commit | 0be656db44e6ee7cd1809a9c5b383be13398b20c (patch) | |
| tree | f478b7329e4081d29bb2915871d78b41e4901e95 /sbin/iked/config.c | |
| parent | 0a6e01ddb88c03c59a18f08956f3232c6f860475 (diff) | |
Add support for INVALID_KE_PAYLOAD in CREATE_CHILD_SA
exchange. In the case of an invalid KE error, retry
CREATE_CHILD_SA exchange with different group instead
of restarting the full IKE handshake.
ok markus@
Diffstat (limited to 'sbin/iked/config.c')
| -rw-r--r-- | sbin/iked/config.c | 20 |
1 files changed, 14 insertions, 6 deletions
diff --git a/sbin/iked/config.c b/sbin/iked/config.c index a77e5320381..7df23d84bba 100644 --- a/sbin/iked/config.c +++ b/sbin/iked/config.c @@ -1,4 +1,4 @@ -/* $OpenBSD: config.c,v 1.74 2020/11/29 21:00:43 tobhe Exp $ */ +/* $OpenBSD: config.c,v 1.75 2021/01/21 16:46:47 tobhe Exp $ */ /* * Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de> @@ -84,8 +84,7 @@ config_free_kex(struct iked_kex *kex) ibuf_release(kex->kex_inonce); ibuf_release(kex->kex_rnonce); - if (kex->kex_dhgroup != NULL) - group_free(kex->kex_dhgroup); + group_free(kex->kex_dhgroup); ibuf_release(kex->kex_dhiexchange); ibuf_release(kex->kex_dhrexchange); @@ -140,8 +139,7 @@ config_free_sa(struct iked *env, struct iked_sa *sa) ibuf_release(sa->sa_inonce); ibuf_release(sa->sa_rnonce); - if (sa->sa_dhgroup != NULL) - group_free(sa->sa_dhgroup); + group_free(sa->sa_dhgroup); ibuf_release(sa->sa_dhiexchange); ibuf_release(sa->sa_dhrexchange); @@ -408,7 +406,7 @@ config_add_transform(struct iked_proposal *prop, unsigned int type, } struct iked_transform * -config_findtransform(struct iked_proposals *props, uint8_t type, +config_findtransform_ext(struct iked_proposals *props, uint8_t type, int id, unsigned int proto) { struct iked_proposal *prop; @@ -422,6 +420,9 @@ config_findtransform(struct iked_proposals *props, uint8_t type, continue; for (i = 0; i < prop->prop_nxforms; i++) { xform = prop->prop_xforms + i; + /* optional lookup of specific transform */ + if (id >= 0 && xform->xform_id != id) + continue; if (xform->xform_type == type) return (xform); } @@ -430,6 +431,13 @@ config_findtransform(struct iked_proposals *props, uint8_t type, return (NULL); } +struct iked_transform * +config_findtransform(struct iked_proposals *props, uint8_t type, + unsigned int proto) +{ + return config_findtransform_ext(props, type, -1, proto); +} + struct iked_user * config_new_user(struct iked *env, struct iked_user *new) { |