summaryrefslogtreecommitdiff
path: root/src/libcharon/sa/ikev2
diff options
context:
space:
mode:
authorYves-Alexis Perez <corsac@debian.org>2018-06-04 09:59:21 +0200
committerYves-Alexis Perez <corsac@debian.org>2018-06-04 09:59:21 +0200
commit51a71ee15c1bcf0e82f363a16898f571e211f9c3 (patch)
tree2a03e117d072c55cfe2863d26b73e64d933e7ad8 /src/libcharon/sa/ikev2
parent7793611ee71b576dd9c66dee327349fa64e38740 (diff)
downloadvyos-strongswan-51a71ee15c1bcf0e82f363a16898f571e211f9c3.tar.gz
vyos-strongswan-51a71ee15c1bcf0e82f363a16898f571e211f9c3.zip
New upstream version 5.6.3
Diffstat (limited to 'src/libcharon/sa/ikev2')
-rw-r--r--src/libcharon/sa/ikev2/authenticators/eap_authenticator.c2
-rw-r--r--src/libcharon/sa/ikev2/authenticators/eap_authenticator.h2
-rw-r--r--src/libcharon/sa/ikev2/authenticators/psk_authenticator.c2
-rw-r--r--src/libcharon/sa/ikev2/authenticators/psk_authenticator.h2
-rw-r--r--src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c35
-rw-r--r--src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.h2
-rw-r--r--src/libcharon/sa/ikev2/connect_manager.c2
-rw-r--r--src/libcharon/sa/ikev2/connect_manager.h2
-rw-r--r--src/libcharon/sa/ikev2/keymat_v2.c6
-rw-r--r--src/libcharon/sa/ikev2/keymat_v2.h2
-rw-r--r--src/libcharon/sa/ikev2/mediation_manager.c2
-rw-r--r--src/libcharon/sa/ikev2/mediation_manager.h2
-rw-r--r--src/libcharon/sa/ikev2/task_manager_v2.c20
-rw-r--r--src/libcharon/sa/ikev2/tasks/child_create.c109
-rw-r--r--src/libcharon/sa/ikev2/tasks/child_delete.c9
-rw-r--r--src/libcharon/sa/ikev2/tasks/child_delete.h2
-rw-r--r--src/libcharon/sa/ikev2/tasks/child_rekey.c6
-rw-r--r--src/libcharon/sa/ikev2/tasks/ike_auth.c2
-rw-r--r--src/libcharon/sa/ikev2/tasks/ike_auth.h2
-rw-r--r--src/libcharon/sa/ikev2/tasks/ike_auth_lifetime.c2
-rw-r--r--src/libcharon/sa/ikev2/tasks/ike_auth_lifetime.h2
-rw-r--r--src/libcharon/sa/ikev2/tasks/ike_cert_post.c2
-rw-r--r--src/libcharon/sa/ikev2/tasks/ike_cert_post.h2
-rw-r--r--src/libcharon/sa/ikev2/tasks/ike_cert_pre.c2
-rw-r--r--src/libcharon/sa/ikev2/tasks/ike_cert_pre.h2
-rw-r--r--src/libcharon/sa/ikev2/tasks/ike_config.c2
-rw-r--r--src/libcharon/sa/ikev2/tasks/ike_config.h2
-rw-r--r--src/libcharon/sa/ikev2/tasks/ike_delete.h2
-rw-r--r--src/libcharon/sa/ikev2/tasks/ike_dpd.c2
-rw-r--r--src/libcharon/sa/ikev2/tasks/ike_dpd.h2
-rw-r--r--src/libcharon/sa/ikev2/tasks/ike_init.h2
-rw-r--r--src/libcharon/sa/ikev2/tasks/ike_me.c2
-rw-r--r--src/libcharon/sa/ikev2/tasks/ike_me.h2
-rw-r--r--src/libcharon/sa/ikev2/tasks/ike_mobike.h4
-rw-r--r--src/libcharon/sa/ikev2/tasks/ike_natd.c2
-rw-r--r--src/libcharon/sa/ikev2/tasks/ike_natd.h2
-rw-r--r--src/libcharon/sa/ikev2/tasks/ike_reauth.c2
-rw-r--r--src/libcharon/sa/ikev2/tasks/ike_reauth.h2
-rw-r--r--src/libcharon/sa/ikev2/tasks/ike_redirect.c2
-rw-r--r--src/libcharon/sa/ikev2/tasks/ike_redirect.h2
-rw-r--r--src/libcharon/sa/ikev2/tasks/ike_rekey.c2
-rw-r--r--src/libcharon/sa/ikev2/tasks/ike_vendor.c2
-rw-r--r--src/libcharon/sa/ikev2/tasks/ike_vendor.h2
-rw-r--r--src/libcharon/sa/ikev2/tasks/ike_verify_peer_cert.c2
-rw-r--r--src/libcharon/sa/ikev2/tasks/ike_verify_peer_cert.h2
45 files changed, 172 insertions, 93 deletions
diff --git a/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c b/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c
index 3ab59fada..bcf262725 100644
--- a/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c
+++ b/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c
@@ -1,7 +1,7 @@
/*
* Copyright (C) 2012 Tobias Brunner
* Copyright (C) 2006-2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/ikev2/authenticators/eap_authenticator.h b/src/libcharon/sa/ikev2/authenticators/eap_authenticator.h
index d81ebd562..859a21431 100644
--- a/src/libcharon/sa/ikev2/authenticators/eap_authenticator.h
+++ b/src/libcharon/sa/ikev2/authenticators/eap_authenticator.h
@@ -1,6 +1,6 @@
/*
* Copyright (C) 2006-2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/ikev2/authenticators/psk_authenticator.c b/src/libcharon/sa/ikev2/authenticators/psk_authenticator.c
index 535581068..c1decb130 100644
--- a/src/libcharon/sa/ikev2/authenticators/psk_authenticator.c
+++ b/src/libcharon/sa/ikev2/authenticators/psk_authenticator.c
@@ -1,7 +1,7 @@
/*
* Copyright (C) 2005-2009 Martin Willi
* Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/ikev2/authenticators/psk_authenticator.h b/src/libcharon/sa/ikev2/authenticators/psk_authenticator.h
index 91c534145..7ae86b664 100644
--- a/src/libcharon/sa/ikev2/authenticators/psk_authenticator.h
+++ b/src/libcharon/sa/ikev2/authenticators/psk_authenticator.h
@@ -1,6 +1,6 @@
/*
* Copyright (C) 2006-2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c b/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c
index 65baf8771..652b837fe 100644
--- a/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c
+++ b/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2008-2017 Tobias Brunner
+ * Copyright (C) 2008-2018 Tobias Brunner
* Copyright (C) 2005-2009 Martin Willi
* Copyright (C) 2005 Jan Hutter
* HSR Hochschule fuer Technik Rapperswil
@@ -23,6 +23,7 @@
#include <asn1/asn1.h>
#include <asn1/oid.h>
#include <collections/array.h>
+#include <credentials/certificates/x509.h>
typedef struct private_pubkey_authenticator_t private_pubkey_authenticator_t;
@@ -164,7 +165,7 @@ static array_t *select_signature_schemes(keymat_v2_t *keymat,
signature_scheme_t schemes[] = {
SIGN_RSA_EMSA_PKCS1_SHA2_384,
SIGN_RSA_EMSA_PKCS1_SHA2_256,
- }, contained;
+ };
bool found;
int i, j;
@@ -174,8 +175,8 @@ static array_t *select_signature_schemes(keymat_v2_t *keymat,
found = FALSE;
for (j = 0; j < array_count(selected); j++)
{
- array_get(selected, j, &contained);
- if (scheme == contained)
+ array_get(selected, j, &config);
+ if (scheme == config->scheme)
{
found = TRUE;
break;
@@ -414,6 +415,29 @@ METHOD(authenticator_t, build, status_t,
return status;
}
+/**
+ * Check if the end-entity certificate, if any, is compliant with RFC 4945
+ */
+static bool is_compliant_cert(auth_cfg_t *auth)
+{
+ certificate_t *cert;
+ x509_t *x509;
+
+ cert = auth->get(auth, AUTH_RULE_SUBJECT_CERT);
+ if (!cert || cert->get_type(cert) != CERT_X509)
+ {
+ return TRUE;
+ }
+ x509 = (x509_t*)cert;
+ if (x509->get_flags(x509) & X509_IKE_COMPLIANT)
+ {
+ return TRUE;
+ }
+ DBG1(DBG_IKE, "rejecting certificate without digitalSignature or "
+ "nonRepudiation keyUsage flags");
+ return FALSE;
+}
+
METHOD(authenticator_t, process, status_t,
private_pubkey_authenticator_t *this, message_t *message)
{
@@ -479,7 +503,8 @@ METHOD(authenticator_t, process, status_t,
while (enumerator->enumerate(enumerator, &public, &current_auth))
{
if (public->verify(public, params->scheme, params->params, octets,
- auth_data))
+ auth_data) &&
+ is_compliant_cert(current_auth))
{
if (auth_method != AUTH_DS)
{
diff --git a/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.h b/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.h
index 82bfea23b..c98e97eb9 100644
--- a/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.h
+++ b/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.h
@@ -1,7 +1,7 @@
/*
* Copyright (C) 2008 Tobias Brunner
* Copyright (C) 2006-2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/ikev2/connect_manager.c b/src/libcharon/sa/ikev2/connect_manager.c
index 35856788c..ba602fc4a 100644
--- a/src/libcharon/sa/ikev2/connect_manager.c
+++ b/src/libcharon/sa/ikev2/connect_manager.c
@@ -1,6 +1,6 @@
/*
* Copyright (C) 2007-2008 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/ikev2/connect_manager.h b/src/libcharon/sa/ikev2/connect_manager.h
index e667e1f70..bac261b35 100644
--- a/src/libcharon/sa/ikev2/connect_manager.h
+++ b/src/libcharon/sa/ikev2/connect_manager.h
@@ -1,6 +1,6 @@
/*
* Copyright (C) 2007-2008 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/ikev2/keymat_v2.c b/src/libcharon/sa/ikev2/keymat_v2.c
index 0c41c68d0..f8b23b66e 100644
--- a/src/libcharon/sa/ikev2/keymat_v2.c
+++ b/src/libcharon/sa/ikev2/keymat_v2.c
@@ -1,7 +1,7 @@
/*
* Copyright (C) 2015 Tobias Brunner
* Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -303,8 +303,8 @@ METHOD(keymat_v2_t, derive_ike_keys, bool,
chunk_t nonce_i, chunk_t nonce_r, ike_sa_id_t *id,
pseudo_random_function_t rekey_function, chunk_t rekey_skd)
{
- chunk_t skeyseed, key, secret, full_nonce, fixed_nonce, prf_plus_seed;
- chunk_t spi_i, spi_r;
+ chunk_t skeyseed = chunk_empty, key, secret, full_nonce, fixed_nonce;
+ chunk_t prf_plus_seed, spi_i, spi_r;
prf_plus_t *prf_plus = NULL;
uint16_t alg, key_size, int_alg;
prf_t *rekey_prf = NULL;
diff --git a/src/libcharon/sa/ikev2/keymat_v2.h b/src/libcharon/sa/ikev2/keymat_v2.h
index 084ed40f0..5dc9cda38 100644
--- a/src/libcharon/sa/ikev2/keymat_v2.h
+++ b/src/libcharon/sa/ikev2/keymat_v2.h
@@ -1,6 +1,6 @@
/*
* Copyright (C) 2011-2015 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/ikev2/mediation_manager.c b/src/libcharon/sa/ikev2/mediation_manager.c
index bf5b2f4b3..ffb566591 100644
--- a/src/libcharon/sa/ikev2/mediation_manager.c
+++ b/src/libcharon/sa/ikev2/mediation_manager.c
@@ -1,6 +1,6 @@
/*
* Copyright (C) 2007 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/ikev2/mediation_manager.h b/src/libcharon/sa/ikev2/mediation_manager.h
index 5212bdb86..640b55eee 100644
--- a/src/libcharon/sa/ikev2/mediation_manager.h
+++ b/src/libcharon/sa/ikev2/mediation_manager.h
@@ -1,6 +1,6 @@
/*
* Copyright (C) 2007 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/ikev2/task_manager_v2.c b/src/libcharon/sa/ikev2/task_manager_v2.c
index 5c0ec49f0..fff567233 100644
--- a/src/libcharon/sa/ikev2/task_manager_v2.c
+++ b/src/libcharon/sa/ikev2/task_manager_v2.c
@@ -1794,9 +1794,25 @@ static void trigger_mbb_reauth(private_task_manager_t *this)
enumerator = this->ike_sa->create_child_sa_enumerator(this->ike_sa);
while (enumerator->enumerate(enumerator, &child_sa))
{
+ child_create_t *child_create;
+
+ switch (child_sa->get_state(child_sa))
+ {
+ case CHILD_REKEYED:
+ case CHILD_DELETED:
+ /* ignore CHILD_SAs in these states */
+ continue;
+ default:
+ break;
+ }
cfg = child_sa->get_config(child_sa);
- new->queue_task(new, &child_create_create(new, cfg->get_ref(cfg),
- FALSE, NULL, NULL)->task);
+ child_create = child_create_create(new, cfg->get_ref(cfg),
+ FALSE, NULL, NULL);
+ child_create->use_reqid(child_create, child_sa->get_reqid(child_sa));
+ child_create->use_marks(child_create,
+ child_sa->get_mark(child_sa, TRUE).value,
+ child_sa->get_mark(child_sa, FALSE).value);
+ new->queue_task(new, &child_create->task);
children = TRUE;
}
enumerator->destroy(enumerator);
diff --git a/src/libcharon/sa/ikev2/tasks/child_create.c b/src/libcharon/sa/ikev2/tasks/child_create.c
index 85dac6d59..c90af23b9 100644
--- a/src/libcharon/sa/ikev2/tasks/child_create.c
+++ b/src/libcharon/sa/ikev2/tasks/child_create.c
@@ -277,13 +277,11 @@ static bool ts_list_is_host(linked_list_t *list, host_t *host)
}
/**
- * Allocate SPIs and update proposals, we also promote the selected DH group
+ * Allocate local SPI
*/
static bool allocate_spi(private_child_create_t *this)
{
- enumerator_t *enumerator;
proposal_t *proposal;
- linked_list_t *other_dh_groups;
if (this->initiator)
{
@@ -301,41 +299,51 @@ static bool allocate_spi(private_child_create_t *this)
this->proto = this->proposal->get_protocol(this->proposal);
}
this->my_spi = this->child_sa->alloc_spi(this->child_sa, this->proto);
- if (this->my_spi)
+ return this->my_spi != 0;
+}
+
+/**
+ * Update the proposals with the allocated SPIs as initiator and check the DH
+ * group and promote it if necessary
+ */
+static bool update_and_check_proposals(private_child_create_t *this)
+{
+ enumerator_t *enumerator;
+ proposal_t *proposal;
+ linked_list_t *other_dh_groups;
+ bool found = FALSE;
+
+ other_dh_groups = linked_list_create();
+ enumerator = this->proposals->create_enumerator(this->proposals);
+ while (enumerator->enumerate(enumerator, &proposal))
{
- if (this->initiator)
- {
- other_dh_groups = linked_list_create();
- enumerator = this->proposals->create_enumerator(this->proposals);
- while (enumerator->enumerate(enumerator, &proposal))
+ proposal->set_spi(proposal, this->my_spi);
+
+ /* move the selected DH group to the front, if any */
+ if (this->dh_group != MODP_NONE)
+ { /* proposals that don't contain the selected group are
+ * moved to the back */
+ if (!proposal->promote_dh_group(proposal, this->dh_group))
{
- proposal->set_spi(proposal, this->my_spi);
-
- /* move the selected DH group to the front, if any */
- if (this->dh_group != MODP_NONE &&
- !proposal->promote_dh_group(proposal, this->dh_group))
- { /* proposals that don't contain the selected group are
- * moved to the back */
- this->proposals->remove_at(this->proposals, enumerator);
- other_dh_groups->insert_last(other_dh_groups, proposal);
- }
+ this->proposals->remove_at(this->proposals, enumerator);
+ other_dh_groups->insert_last(other_dh_groups, proposal);
}
- enumerator->destroy(enumerator);
- enumerator = other_dh_groups->create_enumerator(other_dh_groups);
- while (enumerator->enumerate(enumerator, (void**)&proposal))
- { /* no need to remove from the list as we destroy it anyway*/
- this->proposals->insert_last(this->proposals, proposal);
+ else
+ {
+ found = TRUE;
}
- enumerator->destroy(enumerator);
- other_dh_groups->destroy(other_dh_groups);
- }
- else
- {
- this->proposal->set_spi(this->proposal, this->my_spi);
}
- return TRUE;
}
- return FALSE;
+ enumerator->destroy(enumerator);
+ enumerator = other_dh_groups->create_enumerator(other_dh_groups);
+ while (enumerator->enumerate(enumerator, (void**)&proposal))
+ { /* no need to remove from the list as we destroy it anyway*/
+ this->proposals->insert_last(this->proposals, proposal);
+ }
+ enumerator->destroy(enumerator);
+ other_dh_groups->destroy(other_dh_groups);
+
+ return this->dh_group == MODP_NONE || found;
}
/**
@@ -532,10 +540,15 @@ static status_t select_and_install(private_child_create_t *this,
}
this->other_spi = this->proposal->get_spi(this->proposal);
- if (!this->initiator && !allocate_spi(this))
- { /* responder has no SPI allocated yet */
- DBG1(DBG_IKE, "allocating SPI failed");
- return FAILED;
+ if (!this->initiator)
+ {
+ if (!allocate_spi(this))
+ {
+ /* responder has no SPI allocated yet */
+ DBG1(DBG_IKE, "allocating SPI failed");
+ return FAILED;
+ }
+ this->proposal->set_spi(this->proposal, this->my_spi);
}
this->child_sa->set_proposal(this->child_sa, this->proposal);
@@ -981,7 +994,12 @@ static void process_payloads(private_child_create_t *this, message_t *message)
this->dh = this->keymat->keymat.create_dh(
&this->keymat->keymat, this->dh_group);
}
- if (this->dh)
+ else if (this->dh)
+ {
+ this->dh_failed = this->dh->get_dh_group(this->dh) !=
+ ke_payload->get_dh_group_number(ke_payload);
+ }
+ if (this->dh && !this->dh_failed)
{
this->dh_failed = !this->dh->set_other_public_value(this->dh,
ke_payload->get_key_exchange_data(ke_payload));
@@ -1111,6 +1129,14 @@ METHOD(task_t, build_i, status_t,
return FAILED;
}
+ if (!update_and_check_proposals(this))
+ {
+ DBG1(DBG_IKE, "requested DH group %N not contained in any of our "
+ "proposals",
+ diffie_hellman_group_names, this->dh_group);
+ return FAILED;
+ }
+
if (this->dh_group != MODP_NONE)
{
this->dh = this->keymat->keymat.create_dh(&this->keymat->keymat,
@@ -1544,6 +1570,15 @@ METHOD(task_t, process_i, status_t,
memcpy(&group, data.ptr, data.len);
group = ntohs(group);
}
+ if (this->retry)
+ {
+ DBG1(DBG_IKE, "already retried with DH group %N, ignore"
+ "requested %N", diffie_hellman_group_names,
+ this->dh_group, diffie_hellman_group_names, group);
+ handle_child_sa_failure(this, message);
+ /* an error in CHILD_SA creation is not critical */
+ return SUCCESS;
+ }
DBG1(DBG_IKE, "peer didn't accept DH group %N, "
"it requested %N", diffie_hellman_group_names,
this->dh_group, diffie_hellman_group_names, group);
diff --git a/src/libcharon/sa/ikev2/tasks/child_delete.c b/src/libcharon/sa/ikev2/tasks/child_delete.c
index 164f8fc03..6c8b29018 100644
--- a/src/libcharon/sa/ikev2/tasks/child_delete.c
+++ b/src/libcharon/sa/ikev2/tasks/child_delete.c
@@ -265,6 +265,8 @@ static void process_payloads(private_child_delete_t *this, message_t *message)
case CHILD_REKEYED:
entry->rekeyed = TRUE;
break;
+ case CHILD_DELETED:
+ /* already deleted but not yet destroyed, ignore */
case CHILD_DELETING:
/* we don't send back a delete if we already initiated
* a delete ourself */
@@ -324,6 +326,7 @@ static status_t destroy_and_reestablish(private_child_delete_t *this)
while (enumerator->enumerate(enumerator, (void**)&entry))
{
child_sa = entry->child_sa;
+ child_sa->set_state(child_sa, CHILD_DELETED);
/* signal child down event if we weren't rekeying */
protocol = child_sa->get_protocol(child_sa);
if (!entry->rekeyed)
@@ -374,8 +377,8 @@ static status_t destroy_and_reestablish(private_child_delete_t *this)
break;
case ACTION_ROUTE:
charon->traps->install(charon->traps,
- this->ike_sa->get_peer_cfg(this->ike_sa), child_cfg,
- reqid);
+ this->ike_sa->get_peer_cfg(this->ike_sa),
+ child_cfg);
break;
default:
break;
@@ -456,7 +459,7 @@ METHOD(task_t, build_i, status_t,
this->spi = child_sa->get_spi(child_sa, TRUE);
}
- if (child_sa->get_state(child_sa) == CHILD_DELETING)
+ if (child_sa->get_state(child_sa) == CHILD_DELETED)
{ /* DELETEs for this CHILD_SA were already exchanged, but it was not yet
* destroyed to allow delayed packets to get processed */
this->ike_sa->destroy_child_sa(this->ike_sa, this->protocol, this->spi);
diff --git a/src/libcharon/sa/ikev2/tasks/child_delete.h b/src/libcharon/sa/ikev2/tasks/child_delete.h
index 1e9b2d2f7..6b0006e6e 100644
--- a/src/libcharon/sa/ikev2/tasks/child_delete.h
+++ b/src/libcharon/sa/ikev2/tasks/child_delete.h
@@ -1,6 +1,6 @@
/*
* Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/ikev2/tasks/child_rekey.c b/src/libcharon/sa/ikev2/tasks/child_rekey.c
index f90056658..d5188c0bc 100644
--- a/src/libcharon/sa/ikev2/tasks/child_rekey.c
+++ b/src/libcharon/sa/ikev2/tasks/child_rekey.c
@@ -145,8 +145,7 @@ static void find_child(private_child_rekey_t *this, message_t *message)
child_sa = this->ike_sa->get_child_sa(this->ike_sa, protocol,
spi, FALSE);
if (child_sa &&
- child_sa->get_state(child_sa) == CHILD_DELETING &&
- child_sa->get_outbound_state(child_sa) == CHILD_OUTBOUND_NONE)
+ child_sa->get_state(child_sa) == CHILD_DELETED)
{ /* ignore rekeyed CHILD_SAs we keep around */
return;
}
@@ -213,7 +212,8 @@ METHOD(task_t, build_i, status_t,
message) != NEED_MORE)
{
schedule_delayed_rekey(this);
- return FAILED;
+ message->set_exchange_type(message, EXCHANGE_TYPE_UNDEFINED);
+ return SUCCESS;
}
if (message->get_exchange_type(message) == CREATE_CHILD_SA)
{
diff --git a/src/libcharon/sa/ikev2/tasks/ike_auth.c b/src/libcharon/sa/ikev2/tasks/ike_auth.c
index aeaa701c9..6b63197d5 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_auth.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_auth.c
@@ -2,7 +2,7 @@
* Copyright (C) 2012-2015 Tobias Brunner
* Copyright (C) 2005-2009 Martin Willi
* Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/ikev2/tasks/ike_auth.h b/src/libcharon/sa/ikev2/tasks/ike_auth.h
index ca864a710..c9e42ff54 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_auth.h
+++ b/src/libcharon/sa/ikev2/tasks/ike_auth.h
@@ -1,6 +1,6 @@
/*
* Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/ikev2/tasks/ike_auth_lifetime.c b/src/libcharon/sa/ikev2/tasks/ike_auth_lifetime.c
index 47b0a3ed1..495a353c5 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_auth_lifetime.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_auth_lifetime.c
@@ -1,6 +1,6 @@
/*
* Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/ikev2/tasks/ike_auth_lifetime.h b/src/libcharon/sa/ikev2/tasks/ike_auth_lifetime.h
index 4d5087ff5..f6862ca27 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_auth_lifetime.h
+++ b/src/libcharon/sa/ikev2/tasks/ike_auth_lifetime.h
@@ -1,6 +1,6 @@
/*
* Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/ikev2/tasks/ike_cert_post.c b/src/libcharon/sa/ikev2/tasks/ike_cert_post.c
index 5a9e08de2..68af6e35b 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_cert_post.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_cert_post.c
@@ -1,7 +1,7 @@
/*
* Copyright (C) 2008 Tobias Brunner
* Copyright (C) 2006-2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/ikev2/tasks/ike_cert_post.h b/src/libcharon/sa/ikev2/tasks/ike_cert_post.h
index 34606b1e8..fb1614b43 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_cert_post.h
+++ b/src/libcharon/sa/ikev2/tasks/ike_cert_post.h
@@ -1,6 +1,6 @@
/*
* Copyright (C) 2007-2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/ikev2/tasks/ike_cert_pre.c b/src/libcharon/sa/ikev2/tasks/ike_cert_pre.c
index ca17494de..284e59bb1 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_cert_pre.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_cert_pre.c
@@ -1,7 +1,7 @@
/*
* Copyright (C) 2008 Tobias Brunner
* Copyright (C) 2006-2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/ikev2/tasks/ike_cert_pre.h b/src/libcharon/sa/ikev2/tasks/ike_cert_pre.h
index c1f8635ce..8542497bc 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_cert_pre.h
+++ b/src/libcharon/sa/ikev2/tasks/ike_cert_pre.h
@@ -1,6 +1,6 @@
/*
* Copyright (C) 2007-2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/ikev2/tasks/ike_config.c b/src/libcharon/sa/ikev2/tasks/ike_config.c
index 6c42b81a6..4a8acb97e 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_config.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_config.c
@@ -1,7 +1,7 @@
/*
* Copyright (C) 2007 Martin Willi
* Copyright (C) 2006-2007 Fabian Hartmann, Noah Heusser
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/ikev2/tasks/ike_config.h b/src/libcharon/sa/ikev2/tasks/ike_config.h
index e35457645..9bf666c81 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_config.h
+++ b/src/libcharon/sa/ikev2/tasks/ike_config.h
@@ -1,6 +1,6 @@
/*
* Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/ikev2/tasks/ike_delete.h b/src/libcharon/sa/ikev2/tasks/ike_delete.h
index 2d5d7cb3a..5d571f769 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_delete.h
+++ b/src/libcharon/sa/ikev2/tasks/ike_delete.h
@@ -1,6 +1,6 @@
/*
* Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/ikev2/tasks/ike_dpd.c b/src/libcharon/sa/ikev2/tasks/ike_dpd.c
index 7a33f7938..d025a046d 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_dpd.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_dpd.c
@@ -1,6 +1,6 @@
/*
* Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/ikev2/tasks/ike_dpd.h b/src/libcharon/sa/ikev2/tasks/ike_dpd.h
index 026871610..7b30bdc9c 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_dpd.h
+++ b/src/libcharon/sa/ikev2/tasks/ike_dpd.h
@@ -1,6 +1,6 @@
/*
* Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/ikev2/tasks/ike_init.h b/src/libcharon/sa/ikev2/tasks/ike_init.h
index ab169954d..d40d447c1 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_init.h
+++ b/src/libcharon/sa/ikev2/tasks/ike_init.h
@@ -1,6 +1,6 @@
/*
* Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/ikev2/tasks/ike_me.c b/src/libcharon/sa/ikev2/tasks/ike_me.c
index f077ccfb5..8023da1fc 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_me.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_me.c
@@ -1,6 +1,6 @@
/*
* Copyright (C) 2007-2008 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/ikev2/tasks/ike_me.h b/src/libcharon/sa/ikev2/tasks/ike_me.h
index 44a4ce69c..9e5405b61 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_me.h
+++ b/src/libcharon/sa/ikev2/tasks/ike_me.h
@@ -1,6 +1,6 @@
/*
* Copyright (C) 2007 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/ikev2/tasks/ike_mobike.h b/src/libcharon/sa/ikev2/tasks/ike_mobike.h
index bb2318c9c..288b87178 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_mobike.h
+++ b/src/libcharon/sa/ikev2/tasks/ike_mobike.h
@@ -1,6 +1,6 @@
/*
* Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -63,7 +63,7 @@ struct ike_mobike_t {
void (*dpd)(ike_mobike_t *this);
/**
- * Transmision hook, called by task manager.
+ * Transmission hook, called by task manager.
*
* The task manager calls this hook whenever it transmits a packet. It
* allows the mobike task to send the packet on multiple paths to do path
diff --git a/src/libcharon/sa/ikev2/tasks/ike_natd.c b/src/libcharon/sa/ikev2/tasks/ike_natd.c
index f3f32d7af..8ea903ec8 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_natd.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_natd.c
@@ -1,7 +1,7 @@
/*
* Copyright (C) 2006-2007 Martin Willi
* Copyright (C) 2006 Tobias Brunner, Daniel Roethlisberger
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/ikev2/tasks/ike_natd.h b/src/libcharon/sa/ikev2/tasks/ike_natd.h
index 9c571b8e6..3e5af5bcf 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_natd.h
+++ b/src/libcharon/sa/ikev2/tasks/ike_natd.h
@@ -1,6 +1,6 @@
/*
* Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/ikev2/tasks/ike_reauth.c b/src/libcharon/sa/ikev2/tasks/ike_reauth.c
index 6f90339ea..b9f6c02a8 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_reauth.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_reauth.c
@@ -1,6 +1,6 @@
/*
* Copyright (C) 2006-2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/ikev2/tasks/ike_reauth.h b/src/libcharon/sa/ikev2/tasks/ike_reauth.h
index e2e48f0d4..3733f21c8 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_reauth.h
+++ b/src/libcharon/sa/ikev2/tasks/ike_reauth.h
@@ -1,6 +1,6 @@
/*
* Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/ikev2/tasks/ike_redirect.c b/src/libcharon/sa/ikev2/tasks/ike_redirect.c
index f82c80f71..2c565c43a 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_redirect.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_redirect.c
@@ -1,6 +1,6 @@
/*
* Copyright (C) 2015 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/ikev2/tasks/ike_redirect.h b/src/libcharon/sa/ikev2/tasks/ike_redirect.h
index afa00ce5d..5abc9acde 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_redirect.h
+++ b/src/libcharon/sa/ikev2/tasks/ike_redirect.h
@@ -1,6 +1,6 @@
/*
* Copyright (C) 2015 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/ikev2/tasks/ike_rekey.c b/src/libcharon/sa/ikev2/tasks/ike_rekey.c
index 2f0552a33..11123b415 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_rekey.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_rekey.c
@@ -363,7 +363,7 @@ METHOD(task_t, process_i, status_t,
/* IKE_SAs in state IKE_REKEYED are silently deleted, so we use
* IKE_REKEYING */
this->new_sa->set_state(this->new_sa, IKE_REKEYING);
- if (this->new_sa->delete(this->new_sa) == DESTROY_ME)
+ if (this->new_sa->delete(this->new_sa, FALSE) == DESTROY_ME)
{
this->new_sa->destroy(this->new_sa);
}
diff --git a/src/libcharon/sa/ikev2/tasks/ike_vendor.c b/src/libcharon/sa/ikev2/tasks/ike_vendor.c
index f72fbc437..8d8969ea0 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_vendor.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_vendor.c
@@ -1,6 +1,6 @@
/*
* Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/ikev2/tasks/ike_vendor.h b/src/libcharon/sa/ikev2/tasks/ike_vendor.h
index 86c711636..29832cbe9 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_vendor.h
+++ b/src/libcharon/sa/ikev2/tasks/ike_vendor.h
@@ -1,6 +1,6 @@
/*
* Copyright (C) 2009 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/ikev2/tasks/ike_verify_peer_cert.c b/src/libcharon/sa/ikev2/tasks/ike_verify_peer_cert.c
index 069d51d00..941b43023 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_verify_peer_cert.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_verify_peer_cert.c
@@ -1,6 +1,6 @@
/*
* Copyright (C) 2015 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
diff --git a/src/libcharon/sa/ikev2/tasks/ike_verify_peer_cert.h b/src/libcharon/sa/ikev2/tasks/ike_verify_peer_cert.h
index 3d9aae0b3..0e48562eb 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_verify_peer_cert.h
+++ b/src/libcharon/sa/ikev2/tasks/ike_verify_peer_cert.h
@@ -1,6 +1,6 @@
/*
* Copyright (C) 2015 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the