|
| 1 | +From 03caa63de1e34c29dd3e7e835070d363ca197bfd Mon Sep 17 00:00:00 2001 |
| 2 | +From: Andrew Cagney <cagney@gnu.org> |
| 3 | +Date: Wed, 27 Mar 2024 10:43:19 -0400 |
| 4 | +Subject: [PATCH] ikev1: in compute_proto_keymat() only allow explicitly |
| 5 | + handled ESP algorithms |
| 6 | + |
| 7 | +--- |
| 8 | + programs/pluto/ikev1_quick.c | 41 ++++++++++++++---------------------- |
| 9 | + 1 file changed, 16 insertions(+), 25 deletions(-) |
| 10 | + |
| 11 | +diff --git a/programs/pluto/ikev1_quick.c b/programs/pluto/ikev1_quick.c |
| 12 | +index 70f29166019..0067b13b01c 100644 |
| 13 | +--- a/programs/pluto/ikev1_quick.c |
| 14 | ++++ b/programs/pluto/ikev1_quick.c |
| 15 | +@@ -203,7 +203,7 @@ static bool emit_subnet_id(enum perspective perspective, |
| 16 | + * RFC 2409 "IKE" section 5.5 |
| 17 | + * specifies how this is to be done. |
| 18 | + */ |
| 19 | +-static void compute_proto_keymat(struct state *st, |
| 20 | ++static bool compute_proto_keymat(struct state *st, |
| 21 | + uint8_t protoid, |
| 22 | + struct ipsec_proto_info *pi, |
| 23 | + const char *satypename) |
| 24 | +@@ -297,27 +297,13 @@ static void compute_proto_keymat(struct state *st, |
| 25 | + } |
| 26 | + break; |
| 27 | + |
| 28 | +- case ESP_CAST: |
| 29 | +- case ESP_TWOFISH: |
| 30 | +- case ESP_SERPENT: |
| 31 | +- /* ESP_SEED is for IKEv1 only and not supported. Its number in IKEv2 has been re-used */ |
| 32 | +- bad_case(pi->attrs.transattrs.ta_ikev1_encrypt); |
| 33 | +- |
| 34 | +- default: |
| 35 | +- /* bytes */ |
| 36 | +- needed_len = encrypt_max_key_bit_length(pi->attrs.transattrs.ta_encrypt) / BITS_PER_BYTE; |
| 37 | +- if (needed_len > 0) { |
| 38 | +- /* XXX: check key_len coupling with kernel.c's */ |
| 39 | +- if (pi->attrs.transattrs.enckeylen) { |
| 40 | +- needed_len = |
| 41 | +- pi->attrs.transattrs.enckeylen |
| 42 | +- / BITS_PER_BYTE; |
| 43 | +- dbg("compute_proto_keymat: key_len=%d from peer", |
| 44 | +- (int)needed_len); |
| 45 | +- } |
| 46 | +- break; |
| 47 | +- } |
| 48 | +- bad_case(pi->attrs.transattrs.ta_ikev1_encrypt); |
| 49 | ++ default: |
| 50 | ++ { |
| 51 | ++ enum_buf eb; |
| 52 | ++ llog(RC_LOG, st->st_logger, "rejecting request for keymat for %s", |
| 53 | ++ str_enum(&esp_transformid_names, protoid, &eb)); |
| 54 | ++ return false; |
| 55 | ++ } |
| 56 | + } |
| 57 | + dbg("compute_proto_keymat: needed_len (after ESP enc)=%d", (int)needed_len); |
| 58 | + needed_len += pi->attrs.transattrs.ta_integ->integ_keymat_size; |
| 59 | +@@ -359,14 +345,17 @@ static void compute_proto_keymat(struct state *st, |
| 60 | + DBG_dump_hunk(" inbound:", pi->inbound.keymat); |
| 61 | + DBG_dump_hunk(" outbound:", pi->outbound.keymat); |
| 62 | + } |
| 63 | ++ |
| 64 | ++ return true; |
| 65 | + } |
| 66 | + |
| 67 | +-static void compute_keymats(struct state *st) |
| 68 | ++static bool compute_keymats(struct state *st) |
| 69 | + { |
| 70 | + if (st->st_ah.present) |
| 71 | +- compute_proto_keymat(st, PROTO_IPSEC_AH, &st->st_ah, "AH"); |
| 72 | ++ return compute_proto_keymat(st, PROTO_IPSEC_AH, &st->st_ah, "AH"); |
| 73 | + if (st->st_esp.present) |
| 74 | +- compute_proto_keymat(st, PROTO_IPSEC_ESP, &st->st_esp, "ESP"); |
| 75 | ++ return compute_proto_keymat(st, PROTO_IPSEC_ESP, &st->st_esp, "ESP"); |
| 76 | ++ return false; |
| 77 | + } |
| 78 | + |
| 79 | + /* |
| 80 | +@@ -1460,7 +1449,9 @@ static stf_status quick_inI1_outR1_continue12_tail(struct state *st, struct msg_ |
| 81 | + fixup_v1_HASH(st, &hash_fixup, st->st_v1_msgid.id, rbody.cur); |
| 82 | + |
| 83 | + /* Derive new keying material */ |
| 84 | +- compute_keymats(st); |
| 85 | ++ if (!compute_keymats(st)) { |
| 86 | ++ return STF_FATAL; |
| 87 | ++ } |
| 88 | + |
| 89 | + /* Tell the kernel to establish the new inbound SA |
| 90 | + * (unless the commit bit is set -- which we don't support). |
0 commit comments