]> git.ipfire.org Git - thirdparty/strongswan.git/commit
projects / thirdparty / strongswan.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 2a9323a) | patch
ikev2: Delay IKE key derivation until next message
authorTobias Brunner <tobias@strongswan.org>
Fri, 16 Jul 2021 15:39:12 +0000 (17:39 +0200)
committerTobias Brunner <tobias@strongswan.org>
Wed, 29 Jun 2022 08:28:50 +0000 (10:28 +0200)
commit44629bbadbd4d7f0c3ca5f8f73237b1b49b1f6f3
tree925950aa824be19333e49400208dc980af18750atree | snapshot
parent2a9323a18a1d7f42a4f90672176e9184d55ca305commit | diff
ikev2: Delay IKE key derivation until next message

In particular as responder, this delays costly cryptographic operations
until the IKE_AUTH request is received, which is preferable to reduce
the impact of DoS attacks.

Another advantage is that the key material is not changed until all tasks
built or processed a message.
src/libcharon/sa/ikev2/task_manager_v2.c diff | blob | blame | history
src/libcharon/sa/ikev2/tasks/ike_init.c diff | blob | blame | history
src/libcharon/sa/ikev2/tasks/ike_init.h diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.