diff options
| author | Yves-Alexis Perez <corsac@corsac.net> | 2017-04-01 16:26:44 +0200 |
|---|---|---|
| committer | Yves-Alexis Perez <corsac@corsac.net> | 2017-04-01 16:26:44 +0200 |
| commit | dc9380af81fbce8e1a9532b07bc671b9d346101b (patch) | |
| tree | 219f7df0b01243ac1c41c7f679d1b4c6aef36b27 /src/libcharon/config/proposal.c | |
| parent | 212c0ba74c0e453497b840f9cd131ec99f73754a (diff) | |
| parent | 05ddd767992d68bb38c7f16ece142e8c2e9ae016 (diff) | |
| download | vyos-strongswan-dc9380af81fbce8e1a9532b07bc671b9d346101b.tar.gz vyos-strongswan-dc9380af81fbce8e1a9532b07bc671b9d346101b.zip | |
Merge tag 'upstream/5.5.2'
Upstream version 5.5.2
Diffstat (limited to 'src/libcharon/config/proposal.c')
| -rw-r--r-- | src/libcharon/config/proposal.c | 24 |
1 files changed, 19 insertions, 5 deletions
diff --git a/src/libcharon/config/proposal.c b/src/libcharon/config/proposal.c index 011c0b8b0..a2dc113a5 100644 --- a/src/libcharon/config/proposal.c +++ b/src/libcharon/config/proposal.c @@ -273,7 +273,8 @@ static bool select_algo(private_proposal_t *this, proposal_t *other, } METHOD(proposal_t, select_proposal, proposal_t*, - private_proposal_t *this, proposal_t *other, bool private) + private_proposal_t *this, proposal_t *other, bool other_remote, + bool private) { proposal_t *selected; @@ -285,7 +286,17 @@ METHOD(proposal_t, select_proposal, proposal_t*, return NULL; } - selected = proposal_create(this->protocol, other->get_number(other)); + if (other_remote) + { + selected = proposal_create(this->protocol, other->get_number(other)); + selected->set_spi(selected, other->get_spi(other)); + } + else + { + selected = proposal_create(this->protocol, this->number); + selected->set_spi(selected, this->spi); + + } if (!select_algo(this, other, selected, ENCRYPTION_ALGORITHM, private) || !select_algo(this, other, selected, PSEUDO_RANDOM_FUNCTION, private) || @@ -298,7 +309,6 @@ METHOD(proposal_t, select_proposal, proposal_t*, } DBG2(DBG_CFG, " proposal matches"); - selected->set_spi(selected, other->get_spi(other)); return selected; } @@ -915,6 +925,8 @@ static bool proposal_add_supported_ike(private_proposal_t *this, bool aead) case ECP_256_BP: case ECP_384_BP: case ECP_512_BP: + case CURVE_25519: + case CURVE_448: case NTRU_128_BIT: case NTRU_192_BIT: case NTRU_256_BIT: @@ -956,9 +968,12 @@ static bool proposal_add_supported_ike(private_proposal_t *this, bool aead) case MODP_768_BIT: /* weak */ break; + case MODP_1024_160: case MODP_2048_224: + case MODP_2048_256: + /* RFC 5114 primes are of questionable source */ + break; case MODP_1536_BIT: - case MODP_1024_160: case ECP_224_BIT: case ECP_224_BP: case ECP_192_BIT: @@ -966,7 +981,6 @@ static bool proposal_add_supported_ike(private_proposal_t *this, bool aead) /* rarely used */ break; case MODP_2048_BIT: - case MODP_2048_256: case MODP_1024_BIT: add_algorithm(this, DIFFIE_HELLMAN_GROUP, group, 0); break; |