summaryrefslogtreecommitdiff
path: root/src/libstrongswan/credentials
diff options
context:
space:
mode:
authorYves-Alexis Perez <corsac@corsac.net>2018-02-19 18:17:21 +0100
committerYves-Alexis Perez <corsac@corsac.net>2018-02-19 18:17:21 +0100
commit7793611ee71b576dd9c66dee327349fa64e38740 (patch)
treef1379ec1aed52a3c772874d4ed690b90975b9623 /src/libstrongswan/credentials
parente1d78dc2faaa06e7c3f71ef674a71e4de2f0758e (diff)
downloadvyos-strongswan-7793611ee71b576dd9c66dee327349fa64e38740.tar.gz
vyos-strongswan-7793611ee71b576dd9c66dee327349fa64e38740.zip
New upstream version 5.6.2
Diffstat (limited to 'src/libstrongswan/credentials')
-rw-r--r--src/libstrongswan/credentials/auth_cfg.c10
-rw-r--r--src/libstrongswan/credentials/cred_encoding.c2
-rw-r--r--src/libstrongswan/credentials/keys/signature_params.c6
-rw-r--r--src/libstrongswan/credentials/sets/cert_cache.c2
4 files changed, 12 insertions, 8 deletions
diff --git a/src/libstrongswan/credentials/auth_cfg.c b/src/libstrongswan/credentials/auth_cfg.c
index d1be7b401..278c67405 100644
--- a/src/libstrongswan/credentials/auth_cfg.c
+++ b/src/libstrongswan/credentials/auth_cfg.c
@@ -73,9 +73,6 @@ static inline bool is_multi_value_rule(auth_rule_t type)
case AUTH_RULE_AUTH_CLASS:
case AUTH_RULE_EAP_TYPE:
case AUTH_RULE_EAP_VENDOR:
- case AUTH_RULE_RSA_STRENGTH:
- case AUTH_RULE_ECDSA_STRENGTH:
- case AUTH_RULE_BLISS_STRENGTH:
case AUTH_RULE_IDENTITY:
case AUTH_RULE_IDENTITY_LOOSE:
case AUTH_RULE_EAP_IDENTITY:
@@ -94,6 +91,9 @@ static inline bool is_multi_value_rule(auth_rule_t type)
case AUTH_RULE_CA_CERT:
case AUTH_RULE_IM_CERT:
case AUTH_RULE_CERT_POLICY:
+ case AUTH_RULE_RSA_STRENGTH:
+ case AUTH_RULE_ECDSA_STRENGTH:
+ case AUTH_RULE_BLISS_STRENGTH:
case AUTH_RULE_SIGNATURE_SCHEME:
case AUTH_RULE_IKE_SIGNATURE_SCHEME:
case AUTH_HELPER_IM_CERT:
@@ -737,8 +737,8 @@ METHOD(auth_cfg_t, add_pubkey_constraints, void,
}
enumerator->destroy(enumerator);
- /* if no explicit IKE signature contraints were added we add them for all
- * configured signature contraints */
+ /* if no explicit IKE signature constraints were added we add them for all
+ * configured signature constraints */
if (ike && !ike_added &&
lib->settings->get_bool(lib->settings,
"%s.signature_authentication_constraints", TRUE,
diff --git a/src/libstrongswan/credentials/cred_encoding.c b/src/libstrongswan/credentials/cred_encoding.c
index 303816391..d6523821e 100644
--- a/src/libstrongswan/credentials/cred_encoding.c
+++ b/src/libstrongswan/credentials/cred_encoding.c
@@ -39,7 +39,7 @@ struct private_cred_encoding_t {
hashtable_t *cache[CRED_ENCODING_MAX];
/**
- * Registered encoding fuctions, cred_encoder_t
+ * Registered encoding functions, cred_encoder_t
*/
linked_list_t *encoders;
diff --git a/src/libstrongswan/credentials/keys/signature_params.c b/src/libstrongswan/credentials/keys/signature_params.c
index 6b4d22e7b..8f42fb940 100644
--- a/src/libstrongswan/credentials/keys/signature_params.c
+++ b/src/libstrongswan/credentials/keys/signature_params.c
@@ -280,13 +280,17 @@ bool rsa_pss_params_parse(chunk_t asn1, int level0, rsa_pss_params_t *params)
case RSASSA_PSS_PARAMS_MGF_ALG:
if (object.len)
{
- chunk_t hash;
+ chunk_t hash = chunk_empty;
alg = asn1_parse_algorithmIdentifier(object, level, &hash);
if (alg != OID_MGF1)
{
goto end;
}
+ if (!hash.len)
+ {
+ goto end;
+ }
alg = asn1_parse_algorithmIdentifier(hash, level+1, NULL);
params->mgf1_hash = hasher_algorithm_from_oid(alg);
if (params->mgf1_hash == HASH_UNKNOWN)
diff --git a/src/libstrongswan/credentials/sets/cert_cache.c b/src/libstrongswan/credentials/sets/cert_cache.c
index 0e64f0350..f1579c60a 100644
--- a/src/libstrongswan/credentials/sets/cert_cache.c
+++ b/src/libstrongswan/credentials/sets/cert_cache.c
@@ -239,7 +239,7 @@ METHOD(cert_cache_t, issued_by, bool,
}
/**
- * certificate enumerator implemenation
+ * certificate enumerator implementation
*/
typedef struct {
/** implements enumerator_t interface */
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-13 00:31:20 +0000