Imported Upstream version 5.3.4

author: Yves-Alexis Perez <corsac@debian.org> 2015-11-18 14:49:27 +0100
committer: Yves-Alexis Perez <corsac@debian.org> 2015-11-18 14:49:27 +0100
commit: 1e980d6be0ef0e243c6fe82b5e855454b97e24a4 (patch)
tree: 0d59eec2ce2ed332434ae80fc78a44db9ad293c5 /src/libstrongswan/credentials
parent: 5dca9ea0e2931f0e2a056c7964d311bcc30a01b8 (diff)
download: vyos-strongswan-1e980d6be0ef0e243c6fe82b5e855454b97e24a4.tar.gz
vyos-strongswan-1e980d6be0ef0e243c6fe82b5e855454b97e24a4.zip
3 files changed, 57 insertions, 33 deletions
diff --git a/src/libstrongswan/credentials/auth_cfg.c b/src/libstrongswan/credentials/auth_cfg.c
index 1e93f021a..9988d8021 100644
--- a/src/libstrongswan/credentials/auth_cfg.c
+++ b/src/libstrongswan/credentials/auth_cfg.c
@@ -951,9 +951,9 @@ static void merge(private_auth_cfg_t *this, private_auth_cfg_t *other, bool copy
 	{
 		entry_t entry;
 
-		while (array_remove(other->entries, ARRAY_HEAD, &entry))
-		{
-			array_insert(this->entries, ARRAY_TAIL, &entry);
+		while (array_remove(other->entries, ARRAY_TAIL, &entry))
+		{	/* keep order but prefer new values (esp. for single valued ones) */
+			array_insert(this->entries, ARRAY_HEAD, &entry);
 		}
 		array_compress(other->entries);
 	}
diff --git a/src/libstrongswan/credentials/keys/public_key.c b/src/libstrongswan/credentials/keys/public_key.c
index bd5915e60..d6f211a34 100644
--- a/src/libstrongswan/credentials/keys/public_key.c
+++ b/src/libstrongswan/credentials/keys/public_key.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2015 Tobias Brunner
  * Copyright (C) 2007 Martin Willi
- * Copyright (C) 2014 Andreas Steffen
+ * Copyright (C) 2014-2015 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -27,7 +27,7 @@ ENUM(key_type_names, KEY_ANY, KEY_BLISS,
 	"BLISS"
 );
 
-ENUM(signature_scheme_names, SIGN_UNKNOWN, SIGN_BLISS_WITH_SHA512,
+ENUM(signature_scheme_names, SIGN_UNKNOWN, SIGN_BLISS_WITH_SHA3_512,
 	"UNKNOWN",
 	"RSA_EMSA_PKCS1_NULL",
 	"RSA_EMSA_PKCS1_MD5",
@@ -44,9 +44,12 @@ ENUM(signature_scheme_names, SIGN_UNKNOWN, SIGN_BLISS_WITH_SHA512,
 	"ECDSA-256",
 	"ECDSA-384",
 	"ECDSA-521",
-	"BLISS_WITH_SHA256",
-	"BLISS_WITH_SHA384",
-	"BLISS_WITH_SHA512",
+	"BLISS_WITH_SHA2_256",
+	"BLISS_WITH_SHA2_384",
+	"BLISS_WITH_SHA2_512",
+	"BLISS_WITH_SHA3_256",
+	"BLISS_WITH_SHA3_384",
+	"BLISS_WITH_SHA3_512",
 );
 
 ENUM(encryption_scheme_names, ENCRYPT_UNKNOWN, ENCRYPT_RSA_OAEP_SHA512,
@@ -137,12 +140,18 @@ signature_scheme_t signature_scheme_from_oid(int oid)
 		case OID_ECDSA_WITH_SHA512:
 			return SIGN_ECDSA_WITH_SHA512_DER;
 		case OID_BLISS_PUBLICKEY:
-		case OID_BLISS_WITH_SHA512:
-			return SIGN_BLISS_WITH_SHA512;
-		case OID_BLISS_WITH_SHA256:
-			return SIGN_BLISS_WITH_SHA256;
-		case OID_BLISS_WITH_SHA384:
-			return SIGN_BLISS_WITH_SHA384;
+		case OID_BLISS_WITH_SHA2_512:
+			return SIGN_BLISS_WITH_SHA2_512;
+		case OID_BLISS_WITH_SHA2_384:
+			return SIGN_BLISS_WITH_SHA2_384;
+		case OID_BLISS_WITH_SHA2_256:
+			return SIGN_BLISS_WITH_SHA2_256;
+		case OID_BLISS_WITH_SHA3_512:
+			return SIGN_BLISS_WITH_SHA3_512;
+		case OID_BLISS_WITH_SHA3_384:
+			return SIGN_BLISS_WITH_SHA3_384;
+		case OID_BLISS_WITH_SHA3_256:
+			return SIGN_BLISS_WITH_SHA3_256;
 	}
 	return SIGN_UNKNOWN;
 }
@@ -181,12 +190,18 @@ int signature_scheme_to_oid(signature_scheme_t scheme)
 			return OID_ECDSA_WITH_SHA384;
 		case SIGN_ECDSA_WITH_SHA512_DER:
 			return OID_ECDSA_WITH_SHA512;
-		case SIGN_BLISS_WITH_SHA256:
-			return OID_BLISS_WITH_SHA256;
-		case SIGN_BLISS_WITH_SHA384:
-			return OID_BLISS_WITH_SHA384;
-		case SIGN_BLISS_WITH_SHA512:
-			return OID_BLISS_WITH_SHA512;
+		case SIGN_BLISS_WITH_SHA2_256:
+			return OID_BLISS_WITH_SHA2_256;
+		case SIGN_BLISS_WITH_SHA2_384:
+			return OID_BLISS_WITH_SHA2_384;
+		case SIGN_BLISS_WITH_SHA2_512:
+			return OID_BLISS_WITH_SHA2_512;
+		case SIGN_BLISS_WITH_SHA3_256:
+			return OID_BLISS_WITH_SHA3_256;
+		case SIGN_BLISS_WITH_SHA3_384:
+			return OID_BLISS_WITH_SHA3_384;
+		case SIGN_BLISS_WITH_SHA3_512:
+			return OID_BLISS_WITH_SHA3_512;
 	}
 	return OID_UNKNOWN;
 }
@@ -207,9 +222,9 @@ static struct {
 	{ SIGN_ECDSA_WITH_SHA256_DER, KEY_ECDSA, 256 },
 	{ SIGN_ECDSA_WITH_SHA384_DER, KEY_ECDSA, 384 },
 	{ SIGN_ECDSA_WITH_SHA512_DER, KEY_ECDSA, 0 },
-	{ SIGN_BLISS_WITH_SHA256,     KEY_BLISS, 128 },
-	{ SIGN_BLISS_WITH_SHA384,     KEY_BLISS, 192 },
-	{ SIGN_BLISS_WITH_SHA512,     KEY_BLISS, 0 },
+	{ SIGN_BLISS_WITH_SHA2_256,   KEY_BLISS, 128 },
+	{ SIGN_BLISS_WITH_SHA2_384,   KEY_BLISS, 192 },
+	{ SIGN_BLISS_WITH_SHA2_512,   KEY_BLISS, 0 }
 };
 
 /**
@@ -284,9 +299,12 @@ key_type_t key_type_from_signature_scheme(signature_scheme_t scheme)
 		case SIGN_ECDSA_384:
 		case SIGN_ECDSA_521:
 			return KEY_ECDSA;
-		case SIGN_BLISS_WITH_SHA256:
-		case SIGN_BLISS_WITH_SHA384:
-		case SIGN_BLISS_WITH_SHA512:
+		case SIGN_BLISS_WITH_SHA2_256:
+		case SIGN_BLISS_WITH_SHA2_384:
+		case SIGN_BLISS_WITH_SHA2_512:
+		case SIGN_BLISS_WITH_SHA3_256:
+		case SIGN_BLISS_WITH_SHA3_384:
+		case SIGN_BLISS_WITH_SHA3_512:
 			return KEY_BLISS;
 	}
 	return KEY_ANY;
diff --git a/src/libstrongswan/credentials/keys/public_key.h b/src/libstrongswan/credentials/keys/public_key.h
index 66e98b294..ce48f9b7e 100644
--- a/src/libstrongswan/credentials/keys/public_key.h
+++ b/src/libstrongswan/credentials/keys/public_key.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2015 Tobias Brunner
  * Copyright (C) 2007 Martin Willi
- * Copyright (C) 2014 Andreas Steffen
+ * Copyright (C) 2014-2015 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -94,12 +94,18 @@ enum signature_scheme_t {
 	SIGN_ECDSA_384,
 	/** ECDSA on the P-521 curve with SHA-512 as in RFC 4754           */
 	SIGN_ECDSA_521,
-	/** BLISS with SHA-256                                             */
-	SIGN_BLISS_WITH_SHA256,
-	/** BLISS with SHA-384                                             */
-	SIGN_BLISS_WITH_SHA384,
-	/** BLISS with SHA-512                                             */
-	SIGN_BLISS_WITH_SHA512,
+	/** BLISS with SHA-2_256                                           */
+	SIGN_BLISS_WITH_SHA2_256,
+	/** BLISS with SHA-2_384                                           */
+	SIGN_BLISS_WITH_SHA2_384,
+	/** BLISS with SHA-2_512                                           */
+	SIGN_BLISS_WITH_SHA2_512,
+	/** BLISS with SHA-3_256                                           */
+	SIGN_BLISS_WITH_SHA3_256,
+	/** BLISS with SHA-3_384                                           */
+	SIGN_BLISS_WITH_SHA3_384,
+	/** BLISS with SHA-3_512                                           */
+	SIGN_BLISS_WITH_SHA3_512,
 };
 
 /**
author	Yves-Alexis Perez <corsac@debian.org>	2015-11-18 14:49:27 +0100
committer	Yves-Alexis Perez <corsac@debian.org>	2015-11-18 14:49:27 +0100
commit	1e980d6be0ef0e243c6fe82b5e855454b97e24a4 (patch)
tree	0d59eec2ce2ed332434ae80fc78a44db9ad293c5 /src/libstrongswan/credentials
parent	5dca9ea0e2931f0e2a056c7964d311bcc30a01b8 (diff)
download	vyos-strongswan-1e980d6be0ef0e243c6fe82b5e855454b97e24a4.tar.gz vyos-strongswan-1e980d6be0ef0e243c6fe82b5e855454b97e24a4.zip