diff options
author | Yves-Alexis Perez <corsac@corsac.net> | 2017-11-21 10:22:31 +0100 |
---|---|---|
committer | Yves-Alexis Perez <corsac@corsac.net> | 2017-11-21 10:22:31 +0100 |
commit | e1d78dc2faaa06e7c3f71ef674a71e4de2f0758e (patch) | |
tree | ae0c8b5f4cd8289d0797882ea18969f33ea59a1e /src/libcharon/config | |
parent | 11d6b62db969bdd808d0f56706cb18f113927a31 (diff) | |
download | vyos-strongswan-e1d78dc2faaa06e7c3f71ef674a71e4de2f0758e.tar.gz vyos-strongswan-e1d78dc2faaa06e7c3f71ef674a71e4de2f0758e.zip |
New upstream version 5.6.1
Diffstat (limited to 'src/libcharon/config')
-rw-r--r-- | src/libcharon/config/child_cfg.h | 3 | ||||
-rw-r--r-- | src/libcharon/config/ike_cfg.c | 1 | ||||
-rw-r--r-- | src/libcharon/config/proposal.c | 15 | ||||
-rw-r--r-- | src/libcharon/config/proposal.h | 2 |
4 files changed, 12 insertions, 9 deletions
diff --git a/src/libcharon/config/child_cfg.h b/src/libcharon/config/child_cfg.h index a102c459c..93904ec71 100644 --- a/src/libcharon/config/child_cfg.h +++ b/src/libcharon/config/child_cfg.h @@ -310,6 +310,9 @@ enum child_cfg_option_t { /** Force 96-bit truncation for SHA-256 */ OPT_SHA256_96 = (1<<6), + + /** Set mark on inbound SAs */ + OPT_MARK_IN_SA = (1<<7), }; /** diff --git a/src/libcharon/config/ike_cfg.c b/src/libcharon/config/ike_cfg.c index 93300781d..64413204b 100644 --- a/src/libcharon/config/ike_cfg.c +++ b/src/libcharon/config/ike_cfg.c @@ -580,6 +580,7 @@ bool ike_cfg_has_address(ike_cfg_t *cfg, host_t *addr, bool local) host = host_create_from_string(str, 0); if (host && addr->ip_equals(addr, host)) { + host->destroy(host); found = TRUE; break; } diff --git a/src/libcharon/config/proposal.c b/src/libcharon/config/proposal.c index 6c71f78d3..46c3c9400 100644 --- a/src/libcharon/config/proposal.c +++ b/src/libcharon/config/proposal.c @@ -872,9 +872,10 @@ static bool proposal_add_supported_ike(private_proposal_t *this, bool aead) case AUTH_AES_XCBC_96: case AUTH_AES_CMAC_96: case AUTH_HMAC_SHA1_96: - case AUTH_HMAC_MD5_96: add_algorithm(this, INTEGRITY_ALGORITHM, integrity, 0); break; + case AUTH_HMAC_MD5_96: + /* no, thanks */ default: break; } @@ -908,9 +909,11 @@ static bool proposal_add_supported_ike(private_proposal_t *this, bool aead) switch (prf) { case PRF_HMAC_SHA1: - case PRF_HMAC_MD5: add_algorithm(this, PSEUDO_RANDOM_FUNCTION, prf, 0); break; + case PRF_HMAC_MD5: + /* no, thanks */ + break; default: break; } @@ -970,6 +973,8 @@ static bool proposal_add_supported_ike(private_proposal_t *this, bool aead) /* only for testing purposes */ break; case MODP_768_BIT: + case MODP_1024_BIT: + case MODP_1536_BIT: /* weak */ break; case MODP_1024_160: @@ -977,7 +982,6 @@ static bool proposal_add_supported_ike(private_proposal_t *this, bool aead) case MODP_2048_256: /* RFC 5114 primes are of questionable source */ break; - case MODP_1536_BIT: case ECP_224_BIT: case ECP_224_BP: case ECP_192_BIT: @@ -985,7 +989,6 @@ static bool proposal_add_supported_ike(private_proposal_t *this, bool aead) /* rarely used */ break; case MODP_2048_BIT: - case MODP_1024_BIT: add_algorithm(this, DIFFIE_HELLMAN_GROUP, group, 0); break; default: @@ -1017,14 +1020,11 @@ proposal_t *proposal_create_default(protocol_id_t protocol) add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128); add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 192); add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 256); - add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_3DES, 0); - add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 256); add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0); add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0); add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0); add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0); add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0); - add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0); add_algorithm(this, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0); break; case PROTO_AH: @@ -1033,7 +1033,6 @@ proposal_t *proposal_create_default(protocol_id_t protocol) add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0); add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0); add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0); - add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0); add_algorithm(this, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0); break; default: diff --git a/src/libcharon/config/proposal.h b/src/libcharon/config/proposal.h index 2bdf3454f..0dc70f4c5 100644 --- a/src/libcharon/config/proposal.h +++ b/src/libcharon/config/proposal.h @@ -82,7 +82,7 @@ struct proposal_t { uint16_t alg, uint16_t key_size); /** - * Get an enumerator over algorithms for a specifc algo type. + * Get an enumerator over algorithms for a specific algo type. * * @param type kind of algorithm * @return enumerator over uint16_t alg, uint16_t key_size |