diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2016-01-26 11:13:13 +0100 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2016-02-01 10:51:02 +0100 |
| commit | 9c773f8d112d7374e77ee804e89f5b6b5da84f16 (patch) | |
| tree | 336bfc5373973c4e3b0b9717b117cc48732e961e /src/libcharon/plugins/eap_simaka_sql/test.sql | |
| parent | b5c2ed5016a00b3d580abf4f3a61eae8d4776027 (diff) | |
| download | strongswan-9c773f8d112d7374e77ee804e89f5b6b5da84f16.tar.bz2 strongswan-9c773f8d112d7374e77ee804e89f5b6b5da84f16.tar.xz | |
ha: Properly sync IKEv1 IV if gateway is initiator
To handle Phase 2 exchanges on the other HA host we need to sync the last
block of the last Phase 1 message (or the last expected IV). If the
gateway is the initiator of a Main Mode SA the last message is an
inbound message. When handling such messages the expected IV is not
updated until it is successfully decrypted so we can't sync the IV
when processing the still encrypted (!plain) message. However, as responder,
i.e. if the last message is an outbound message, the reverse applies, that
is, we get the next IV after successfully encrypting the message, not
while handling the plain message.
Fixes #1267.
Diffstat (limited to 'src/libcharon/plugins/eap_simaka_sql/test.sql')
0 files changed, 0 insertions, 0 deletions