Handle invalid IKEv1 hashes more specifically.
authorTobias Brunner <tobias@strongswan.org>
Fri, 25 Nov 2011 16:59:39 +0000 (17:59 +0100)
committerTobias Brunner <tobias@strongswan.org>
Tue, 20 Mar 2012 16:31:08 +0000 (17:31 +0100)
src/libcharon/encoding/message.c
src/libcharon/encoding/payloads/notify_payload.h
src/libcharon/sa/task_manager_v1.c

index 3b45b76..6c6004f 100644 (file)
@@ -1942,7 +1942,7 @@ METHOD(message_t, parse_body, status_t,
                                DBG1(DBG_ENC, "our hash does not match received %B",
                                         &other_hash);
                                chunk_free(&hash);
-                               return VERIFY_ERROR;
+                               return FAILED;
                        }
                        DBG2(DBG_ENC, "verified IKEv1 message with hash %B", &hash);
                        chunk_free(&hash);
index 1fc3109..9539231 100644 (file)
@@ -51,6 +51,8 @@ enum notify_type_t {
        /* IKEv1 only */
        PAYLOAD_MALFORMED = 16,
        INVALID_KE_PAYLOAD = 17,
+       /* IKEv1 only */
+       INVALID_HASH_INFORMATION = 23,
        AUTHENTICATION_FAILED = 24,
        SINGLE_PAIR_REQUIRED = 34,
        NO_ADDITIONAL_SAS = 35,
index c1868f2..5c9c926 100644 (file)
@@ -717,7 +717,7 @@ static status_t parse_message(private_task_manager_t *this, message_t *msg)
                        case FAILED:
                                DBG1(DBG_IKE, "integrity check failed");
                                send_notify_response(this, msg,
-                                                                        PAYLOAD_MALFORMED, chunk_empty);
+                                                                        INVALID_HASH_INFORMATION, chunk_empty);
                                break;
                        case INVALID_STATE:
                                DBG1(DBG_IKE, "found encrypted message, but no keys available");