diff options
| author | Yves-Alexis Perez <corsac@corsac.net> | 2017-04-01 16:26:44 +0200 |
|---|---|---|
| committer | Yves-Alexis Perez <corsac@corsac.net> | 2017-04-01 16:26:44 +0200 |
| commit | 05ddd767992d68bb38c7f16ece142e8c2e9ae016 (patch) | |
| tree | 302c618be306d4ed3c7f9fc58a1f6aaad4dd252f /src/libcharon/config/proposal.c | |
| parent | 25663e04c3ab01ef8dc9f906608282319cfea2db (diff) | |
| download | vyos-strongswan-05ddd767992d68bb38c7f16ece142e8c2e9ae016.tar.gz vyos-strongswan-05ddd767992d68bb38c7f16ece142e8c2e9ae016.zip | |
New upstream version 5.5.2
Diffstat (limited to 'src/libcharon/config/proposal.c')
| -rw-r--r-- | src/libcharon/config/proposal.c | 24 |
1 files changed, 19 insertions, 5 deletions
diff --git a/src/libcharon/config/proposal.c b/src/libcharon/config/proposal.c index 011c0b8b0..a2dc113a5 100644 --- a/src/libcharon/config/proposal.c +++ b/src/libcharon/config/proposal.c @@ -273,7 +273,8 @@ static bool select_algo(private_proposal_t *this, proposal_t *other, } METHOD(proposal_t, select_proposal, proposal_t*, - private_proposal_t *this, proposal_t *other, bool private) + private_proposal_t *this, proposal_t *other, bool other_remote, + bool private) { proposal_t *selected; @@ -285,7 +286,17 @@ METHOD(proposal_t, select_proposal, proposal_t*, return NULL; } - selected = proposal_create(this->protocol, other->get_number(other)); + if (other_remote) + { + selected = proposal_create(this->protocol, other->get_number(other)); + selected->set_spi(selected, other->get_spi(other)); + } + else + { + selected = proposal_create(this->protocol, this->number); + selected->set_spi(selected, this->spi); + + } if (!select_algo(this, other, selected, ENCRYPTION_ALGORITHM, private) || !select_algo(this, other, selected, PSEUDO_RANDOM_FUNCTION, private) || @@ -298,7 +309,6 @@ METHOD(proposal_t, select_proposal, proposal_t*, } DBG2(DBG_CFG, " proposal matches"); - selected->set_spi(selected, other->get_spi(other)); return selected; } @@ -915,6 +925,8 @@ static bool proposal_add_supported_ike(private_proposal_t *this, bool aead) case ECP_256_BP: case ECP_384_BP: case ECP_512_BP: + case CURVE_25519: + case CURVE_448: case NTRU_128_BIT: case NTRU_192_BIT: case NTRU_256_BIT: @@ -956,9 +968,12 @@ static bool proposal_add_supported_ike(private_proposal_t *this, bool aead) case MODP_768_BIT: /* weak */ break; + case MODP_1024_160: case MODP_2048_224: + case MODP_2048_256: + /* RFC 5114 primes are of questionable source */ + break; case MODP_1536_BIT: - case MODP_1024_160: case ECP_224_BIT: case ECP_224_BP: case ECP_192_BIT: @@ -966,7 +981,6 @@ static bool proposal_add_supported_ike(private_proposal_t *this, bool aead) /* rarely used */ break; case MODP_2048_BIT: - case MODP_2048_256: case MODP_1024_BIT: add_algorithm(this, DIFFIE_HELLMAN_GROUP, group, 0); break; |