The order of arguments to proposals_negotiate makes a difference.

'key->pol_proposals' should be the peer proposal as it is derived from a received SA payload, 'p->p_proposal' comes from a locally configured policy. ok patrick@
author: tobhe <tobhe@openbsd.org> 2020-04-28 17:56:45 +0000
committer: tobhe <tobhe@openbsd.org> 2020-04-28 17:56:45 +0000
commit: a738df56a44b90687e5448807dd66d7be9fba42f (patch)
tree: 138ba7610c07555540aaa297b2b2489b19fcc5ae /sbin/iked/policy.c
parent: Enable all clocks referenced by the imxesdhc(4) device tree node. Usually (diff)
download: wireguard-openbsd-a738df56a44b90687e5448807dd66d7be9fba42f.tar.xz
wireguard-openbsd-a738df56a44b90687e5448807dd66d7be9fba42f.zip
1 files changed, 3 insertions, 3 deletions
diff --git a/sbin/iked/policy.c b/sbin/iked/policy.c
index aa320248dd5..2be475a2e56 100644
--- a/sbin/iked/policy.c
+++ b/sbin/iked/policy.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: policy.c,v 1.59 2020/04/23 20:17:48 tobhe Exp $	*/
+/*	$OpenBSD: policy.c,v 1.60 2020/04/28 17:56:45 tobhe Exp $	*/
 
 /*
  * Copyright (c) 2010-2013 Reyk Floeter <reyk@openbsd.org>
@@ -172,8 +172,8 @@ policy_test(struct iked *env, struct iked_policy *key)
 
 			/* Make sure the proposals are compatible */
 			if (TAILQ_FIRST(&key->pol_proposals) &&
-			    proposals_negotiate(NULL, &key->pol_proposals,
-			    &p->pol_proposals, 0) == -1) {
+			    proposals_negotiate(NULL, &p->pol_proposals,
+			    &key->pol_proposals, 0) == -1) {
 				p = TAILQ_NEXT(p, pol_entry);
 				continue;
 			}
author	tobhe <tobhe@openbsd.org>	2020-04-28 17:56:45 +0000
committer	tobhe <tobhe@openbsd.org>	2020-04-28 17:56:45 +0000
commit	a738df56a44b90687e5448807dd66d7be9fba42f (patch)
tree	138ba7610c07555540aaa297b2b2489b19fcc5ae /sbin/iked/policy.c
parent	Enable all clocks referenced by the imxesdhc(4) device tree node. Usually (diff)
download	wireguard-openbsd-a738df56a44b90687e5448807dd66d7be9fba42f.tar.xz wireguard-openbsd-a738df56a44b90687e5448807dd66d7be9fba42f.zip