diff options
author | Tobias Brunner <tobias@strongswan.org> | 2014-08-15 17:52:15 +0200 |
---|---|---|
committer | Tobias Brunner <tobias@strongswan.org> | 2014-09-12 13:56:18 +0200 |
commit | 8a6b01dd2ae3e6aacb3f5383914b41844dbb2e50 (patch) | |
tree | fccfea21e087495961d9e20f401eea3f219fdcf4 /src/libcharon/encoding | |
parent | 2e62f51bcc087ee8fbb673469e52b4485915e18f (diff) | |
download | strongswan-8a6b01dd2ae3e6aacb3f5383914b41844dbb2e50.tar.bz2 strongswan-8a6b01dd2ae3e6aacb3f5383914b41844dbb2e50.tar.xz |
ikev1: Don't cache last block of INFORMATIONAL messages as IV
We don't expect a response with the same MID, but apparently some
devices (e.g. FRITZ!Box) do that for DPDs, while still treating the
response as a new exchange. By storing the last message block as IV
we can't decrypt the first block of such a response.
Fixes #661.
Diffstat (limited to 'src/libcharon/encoding')
-rw-r--r-- | src/libcharon/encoding/message.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/libcharon/encoding/message.c b/src/libcharon/encoding/message.c index 0f5f40ada..f6f13ae2f 100644 --- a/src/libcharon/encoding/message.c +++ b/src/libcharon/encoding/message.c @@ -1632,7 +1632,7 @@ METHOD(message_t, generate, status_t, chunk = generator->get_chunk(generator, &lenpos); htoun32(lenpos, chunk.len); this->packet->set_data(this->packet, chunk_clone(chunk)); - if (this->is_encrypted) + if (this->is_encrypted && this->exchange_type != INFORMATIONAL_V1) { /* update the IV for the next IKEv1 message */ chunk_t last_block; @@ -2142,7 +2142,7 @@ METHOD(message_t, parse_body, status_t, } chunk_free(&hash); } - if (this->is_encrypted) + if (this->is_encrypted && this->exchange_type != INFORMATIONAL_V1) { /* message verified, confirm IV */ if (!keymat_v1->confirm_iv(keymat_v1, this->message_id)) { |