Imported Upstream version 5.2.0

5 files changed, 96 insertions, 13 deletions

diff --git a/src/libstrongswan/credentials/auth_cfg.c b/src/libstrongswan/credentials/auth_cfg.c
index 4ff9aa6dd..aeeb4198f 100644
--- a/src/libstrongswan/credentials/auth_cfg.c
+++ b/src/libstrongswan/credentials/auth_cfg.c
@@ -452,7 +452,7 @@ METHOD(auth_cfg_t, get, void*,
 		case AUTH_RULE_ECDSA_STRENGTH:
 			return (void*)0;
 		case AUTH_RULE_SIGNATURE_SCHEME:
-			return HASH_UNKNOWN;
+			return (void*)HASH_UNKNOWN;
 		case AUTH_RULE_CRL_VALIDATION:
 		case AUTH_RULE_OCSP_VALIDATION:
 			return (void*)VALIDATION_FAILED;
diff --git a/src/libstrongswan/credentials/certificates/crl.h b/src/libstrongswan/credentials/certificates/crl.h
index 4191c5935..8a48bd7ff 100644
--- a/src/libstrongswan/credentials/certificates/crl.h
+++ b/src/libstrongswan/credentials/certificates/crl.h
@@ -28,18 +28,30 @@ typedef enum crl_reason_t crl_reason_t;
 #include <library.h>
 #include <credentials/certificates/certificate.h>
 
+/* <wincrypt.h> comes with CRL_REASON clashing with ours. Even if the values
+ * are identical, we undef them here to use our enum instead of defines. */
+#ifdef WIN32
+# undef CRL_REASON_UNSPECIFIED
+# undef CRL_REASON_KEY_COMPROMISE
+# undef CRL_REASON_CA_COMPROMISE
+# undef CRL_REASON_AFFILIATION_CHANGED
+# undef CRL_REASON_SUPERSEDED
+# undef CRL_REASON_CERTIFICATE_HOLD
+# undef CRL_REASON_REMOVE_FROM_CRL
+#endif
+
 /**
  * RFC 2459 CRL reason codes
  */
 enum crl_reason_t {
-	CRL_REASON_UNSPECIFIED			= 0,
-	CRL_REASON_KEY_COMPROMISE		 = 1,
-	CRL_REASON_CA_COMPROMISE		  = 2,
-	CRL_REASON_AFFILIATION_CHANGED	= 3,
-	CRL_REASON_SUPERSEDED			 = 4,
-	CRL_REASON_CESSATION_OF_OPERATON  = 5,
-	CRL_REASON_CERTIFICATE_HOLD	   = 6,
-	CRL_REASON_REMOVE_FROM_CRL		= 8,
+	CRL_REASON_UNSPECIFIED				= 0,
+	CRL_REASON_KEY_COMPROMISE			= 1,
+	CRL_REASON_CA_COMPROMISE			= 2,
+	CRL_REASON_AFFILIATION_CHANGED		= 3,
+	CRL_REASON_SUPERSEDED				= 4,
+	CRL_REASON_CESSATION_OF_OPERATON	= 5,
+	CRL_REASON_CERTIFICATE_HOLD			= 6,
+	CRL_REASON_REMOVE_FROM_CRL			= 8,
 };
 
 /**
diff --git a/src/libstrongswan/credentials/cred_encoding.h b/src/libstrongswan/credentials/cred_encoding.h
index 27a887f27..a6c9c30af 100644
--- a/src/libstrongswan/credentials/cred_encoding.h
+++ b/src/libstrongswan/credentials/cred_encoding.h
@@ -89,6 +89,8 @@ enum cred_encoding_type_t {
 	PUBKEY_DNSKEY,
 	/** SSHKEY encoding (Base64) */
 	PUBKEY_SSHKEY,
+	/** RSA modulus only */
+	PUBKEY_RSA_MODULUS,
 
 	/** ASN.1 DER encoded certificate */
 	CERT_ASN1_DER,
diff --git a/src/libstrongswan/credentials/sets/cert_cache.c b/src/libstrongswan/credentials/sets/cert_cache.c
index e8f0e7ec0..563f4bdd5 100644
--- a/src/libstrongswan/credentials/sets/cert_cache.c
+++ b/src/libstrongswan/credentials/sets/cert_cache.c
@@ -16,7 +16,6 @@
 #include "cert_cache.h"
 
 #include <time.h>
-#include <sched.h>
 
 #include <library.h>
 #include <threading/rwlock.h>
diff --git a/src/libstrongswan/credentials/sets/mem_cred.c b/src/libstrongswan/credentials/sets/mem_cred.c
index b8da3f620..d8f568d36 100644
--- a/src/libstrongswan/credentials/sets/mem_cred.c
+++ b/src/libstrongswan/credentials/sets/mem_cred.c
@@ -307,8 +307,25 @@ METHOD(credential_set_t, create_private_enumerator, enumerator_t*,
 METHOD(mem_cred_t, add_key, void,
 	private_mem_cred_t *this, private_key_t *key)
 {
+	enumerator_t *enumerator;
+	private_key_t *current;
+
 	this->lock->write_lock(this->lock);
+
+	enumerator = this->keys->create_enumerator(this->keys);
+	while (enumerator->enumerate(enumerator, &current))
+	{
+		if (current->equals(current, key))
+		{
+			this->keys->remove_at(this->keys, enumerator);
+			current->destroy(current);
+			break;
+		}
+	}
+	enumerator->destroy(enumerator);
+
 	this->keys->insert_first(this->keys, key);
+
 	this->lock->unlock(this->lock);
 }
 
@@ -334,6 +351,44 @@ static void shared_entry_destroy(shared_entry_t *entry)
 }
 
 /**
+ * Check if two shared key entries equal
+ */
+static bool shared_entry_equals(shared_entry_t *a, shared_entry_t *b)
+{
+	enumerator_t *e1, *e2;
+	identification_t *id1, *id2;
+	bool equals = TRUE;
+
+	if (a->shared->get_type(a->shared) != b->shared->get_type(b->shared))
+	{
+		return FALSE;
+	}
+	if (!chunk_equals(a->shared->get_key(a->shared),
+					  b->shared->get_key(b->shared)))
+	{
+		return FALSE;
+	}
+	if (a->owners->get_count(a->owners) != b->owners->get_count(b->owners))
+	{
+		return FALSE;
+	}
+	e1 = a->owners->create_enumerator(a->owners);
+	e2 = b->owners->create_enumerator(b->owners);
+	while (e1->enumerate(e1, &id1) && e2->enumerate(e2, &id2))
+	{
+		if (!id1->equals(id1, id2))
+		{
+			equals = FALSE;
+			break;
+		}
+	}
+	e1->destroy(e1);
+	e2->destroy(e2);
+
+	return equals;
+}
+
+/**
  * Data for the shared_key enumerator
  */
 typedef struct {
@@ -435,15 +490,30 @@ METHOD(credential_set_t, create_shared_enumerator, enumerator_t*,
 METHOD(mem_cred_t, add_shared_list, void,
 	private_mem_cred_t *this, shared_key_t *shared, linked_list_t* owners)
 {
-	shared_entry_t *entry;
+	shared_entry_t *current, *new;
+	enumerator_t *enumerator;
 
-	INIT(entry,
+	INIT(new,
 		.shared = shared,
 		.owners = owners,
 	);
 
 	this->lock->write_lock(this->lock);
-	this->shared->insert_first(this->shared, entry);
+
+	enumerator = this->shared->create_enumerator(this->shared);
+	while (enumerator->enumerate(enumerator, &current))
+	{
+		if (shared_entry_equals(current, new))
+		{
+			this->shared->remove_at(this->shared, enumerator);
+			shared_entry_destroy(current);
+			break;
+		}
+	}
+	enumerator->destroy(enumerator);
+
+	this->shared->insert_first(this->shared, new);
+
 	this->lock->unlock(this->lock);
 }