summaryrefslogtreecommitdiff
path: root/src/libcharon/config
diff options
context:
space:
mode:
authorYves-Alexis Perez <corsac@corsac.net>2017-11-21 10:22:31 +0100
committerYves-Alexis Perez <corsac@corsac.net>2017-11-21 10:22:31 +0100
commite1d78dc2faaa06e7c3f71ef674a71e4de2f0758e (patch)
treeae0c8b5f4cd8289d0797882ea18969f33ea59a1e /src/libcharon/config
parent11d6b62db969bdd808d0f56706cb18f113927a31 (diff)
downloadvyos-strongswan-e1d78dc2faaa06e7c3f71ef674a71e4de2f0758e.tar.gz
vyos-strongswan-e1d78dc2faaa06e7c3f71ef674a71e4de2f0758e.zip
New upstream version 5.6.1
Diffstat (limited to 'src/libcharon/config')
-rw-r--r--src/libcharon/config/child_cfg.h3
-rw-r--r--src/libcharon/config/ike_cfg.c1
-rw-r--r--src/libcharon/config/proposal.c15
-rw-r--r--src/libcharon/config/proposal.h2
4 files changed, 12 insertions, 9 deletions
diff --git a/src/libcharon/config/child_cfg.h b/src/libcharon/config/child_cfg.h
index a102c459c..93904ec71 100644
--- a/src/libcharon/config/child_cfg.h
+++ b/src/libcharon/config/child_cfg.h
@@ -310,6 +310,9 @@ enum child_cfg_option_t {
/** Force 96-bit truncation for SHA-256 */
OPT_SHA256_96 = (1<<6),
+
+ /** Set mark on inbound SAs */
+ OPT_MARK_IN_SA = (1<<7),
};
/**
diff --git a/src/libcharon/config/ike_cfg.c b/src/libcharon/config/ike_cfg.c
index 93300781d..64413204b 100644
--- a/src/libcharon/config/ike_cfg.c
+++ b/src/libcharon/config/ike_cfg.c
@@ -580,6 +580,7 @@ bool ike_cfg_has_address(ike_cfg_t *cfg, host_t *addr, bool local)
host = host_create_from_string(str, 0);
if (host && addr->ip_equals(addr, host))
{
+ host->destroy(host);
found = TRUE;
break;
}
diff --git a/src/libcharon/config/proposal.c b/src/libcharon/config/proposal.c
index 6c71f78d3..46c3c9400 100644
--- a/src/libcharon/config/proposal.c
+++ b/src/libcharon/config/proposal.c
@@ -872,9 +872,10 @@ static bool proposal_add_supported_ike(private_proposal_t *this, bool aead)
case AUTH_AES_XCBC_96:
case AUTH_AES_CMAC_96:
case AUTH_HMAC_SHA1_96:
- case AUTH_HMAC_MD5_96:
add_algorithm(this, INTEGRITY_ALGORITHM, integrity, 0);
break;
+ case AUTH_HMAC_MD5_96:
+ /* no, thanks */
default:
break;
}
@@ -908,9 +909,11 @@ static bool proposal_add_supported_ike(private_proposal_t *this, bool aead)
switch (prf)
{
case PRF_HMAC_SHA1:
- case PRF_HMAC_MD5:
add_algorithm(this, PSEUDO_RANDOM_FUNCTION, prf, 0);
break;
+ case PRF_HMAC_MD5:
+ /* no, thanks */
+ break;
default:
break;
}
@@ -970,6 +973,8 @@ static bool proposal_add_supported_ike(private_proposal_t *this, bool aead)
/* only for testing purposes */
break;
case MODP_768_BIT:
+ case MODP_1024_BIT:
+ case MODP_1536_BIT:
/* weak */
break;
case MODP_1024_160:
@@ -977,7 +982,6 @@ static bool proposal_add_supported_ike(private_proposal_t *this, bool aead)
case MODP_2048_256:
/* RFC 5114 primes are of questionable source */
break;
- case MODP_1536_BIT:
case ECP_224_BIT:
case ECP_224_BP:
case ECP_192_BIT:
@@ -985,7 +989,6 @@ static bool proposal_add_supported_ike(private_proposal_t *this, bool aead)
/* rarely used */
break;
case MODP_2048_BIT:
- case MODP_1024_BIT:
add_algorithm(this, DIFFIE_HELLMAN_GROUP, group, 0);
break;
default:
@@ -1017,14 +1020,11 @@ proposal_t *proposal_create_default(protocol_id_t protocol)
add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128);
add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 192);
add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 256);
- add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_3DES, 0);
- add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 256);
add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0);
add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0);
add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0);
add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0);
add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0);
- add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0);
add_algorithm(this, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0);
break;
case PROTO_AH:
@@ -1033,7 +1033,6 @@ proposal_t *proposal_create_default(protocol_id_t protocol)
add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0);
add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0);
add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0);
- add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0);
add_algorithm(this, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0);
break;
default:
diff --git a/src/libcharon/config/proposal.h b/src/libcharon/config/proposal.h
index 2bdf3454f..0dc70f4c5 100644
--- a/src/libcharon/config/proposal.h
+++ b/src/libcharon/config/proposal.h
@@ -82,7 +82,7 @@ struct proposal_t {
uint16_t alg, uint16_t key_size);
/**
- * Get an enumerator over algorithms for a specifc algo type.
+ * Get an enumerator over algorithms for a specific algo type.
*
* @param type kind of algorithm
* @return enumerator over uint16_t alg, uint16_t key_size