New upstream version 5.6.3

author: Yves-Alexis Perez <corsac@debian.org> 2018-06-04 09:59:21 +0200
committer: Yves-Alexis Perez <corsac@debian.org> 2018-06-04 09:59:21 +0200
commit: 51a71ee15c1bcf0e82f363a16898f571e211f9c3 (patch)
tree: 2a03e117d072c55cfe2863d26b73e64d933e7ad8 /src/libstrongswan/plugins/openssl
parent: 7793611ee71b576dd9c66dee327349fa64e38740 (diff)
download: vyos-strongswan-51a71ee15c1bcf0e82f363a16898f571e211f9c3.tar.gz
vyos-strongswan-51a71ee15c1bcf0e82f363a16898f571e211f9c3.zip
22 files changed, 32 insertions, 21 deletions
diff --git a/src/libstrongswan/plugins/openssl/openssl_crl.c b/src/libstrongswan/plugins/openssl/openssl_crl.c
index 88f7a67c2..bb5f20dcf 100644
--- a/src/libstrongswan/plugins/openssl/openssl_crl.c
+++ b/src/libstrongswan/plugins/openssl/openssl_crl.c
@@ -358,7 +358,7 @@ METHOD(certificate_t, get_validity, bool,
 	{
 		*not_after = this->nextUpdate;
 	}
-	return t <= this->nextUpdate;
+	return (t >= this->thisUpdate && t <= this->nextUpdate);
 }
 
 METHOD(certificate_t, get_encoding, bool,
diff --git a/src/libstrongswan/plugins/openssl/openssl_crypter.c b/src/libstrongswan/plugins/openssl/openssl_crypter.c
index b9085f9aa..74beb762e 100644
--- a/src/libstrongswan/plugins/openssl/openssl_crypter.c
+++ b/src/libstrongswan/plugins/openssl/openssl_crypter.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/openssl/openssl_crypter.h b/src/libstrongswan/plugins/openssl/openssl_crypter.h
index b12e7a6ab..2c5ef0b28 100644
--- a/src/libstrongswan/plugins/openssl/openssl_crypter.h
+++ b/src/libstrongswan/plugins/openssl/openssl_crypter.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c
index 8e9c1183f..a567f5f4f 100644
--- a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c
+++ b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2008-2010 Tobias Brunner
  * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.h b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.h
index 5de5520b5..43d1f3fa8 100644
--- a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.h
+++ b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c
index 11185e0c7..19de540b6 100644
--- a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c
+++ b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008-2013 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.h b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.h
index fd60732b9..2f58c976d 100644
--- a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.h
+++ b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c
index faa940839..ba41c508f 100644
--- a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c
+++ b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2009 Martin Willi
  * Copyright (C) 2008 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.h b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.h
index 8094083a7..00c82aced 100644
--- a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.h
+++ b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/openssl/openssl_gcm.c b/src/libstrongswan/plugins/openssl/openssl_gcm.c
index 5ef885b16..4b096f049 100644
--- a/src/libstrongswan/plugins/openssl/openssl_gcm.c
+++ b/src/libstrongswan/plugins/openssl/openssl_gcm.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2013 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/openssl/openssl_gcm.h b/src/libstrongswan/plugins/openssl/openssl_gcm.h
index 4ae268bd6..a64c90129 100644
--- a/src/libstrongswan/plugins/openssl/openssl_gcm.h
+++ b/src/libstrongswan/plugins/openssl/openssl_gcm.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2013 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/openssl/openssl_hmac.c b/src/libstrongswan/plugins/openssl/openssl_hmac.c
index 16e707116..e3f44defa 100644
--- a/src/libstrongswan/plugins/openssl/openssl_hmac.c
+++ b/src/libstrongswan/plugins/openssl/openssl_hmac.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2012 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/openssl/openssl_hmac.h b/src/libstrongswan/plugins/openssl/openssl_hmac.h
index 95ab6bfc3..f77e9acfb 100644
--- a/src/libstrongswan/plugins/openssl/openssl_hmac.h
+++ b/src/libstrongswan/plugins/openssl/openssl_hmac.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2012 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/openssl/openssl_pkcs12.c b/src/libstrongswan/plugins/openssl/openssl_pkcs12.c
index bbd400cac..c59c77b5b 100644
--- a/src/libstrongswan/plugins/openssl/openssl_pkcs12.c
+++ b/src/libstrongswan/plugins/openssl/openssl_pkcs12.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2013 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/openssl/openssl_pkcs12.h b/src/libstrongswan/plugins/openssl/openssl_pkcs12.h
index 5c3e5933d..3d6b5cb68 100644
--- a/src/libstrongswan/plugins/openssl/openssl_pkcs12.h
+++ b/src/libstrongswan/plugins/openssl/openssl_pkcs12.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2013 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.h b/src/libstrongswan/plugins/openssl/openssl_plugin.h
index 0762c37b9..a9c220a03 100644
--- a/src/libstrongswan/plugins/openssl/openssl_plugin.h
+++ b/src/libstrongswan/plugins/openssl/openssl_plugin.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.h b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.h
index 021257d3c..5654bcb58 100644
--- a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.h
+++ b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/openssl/openssl_sha1_prf.c b/src/libstrongswan/plugins/openssl/openssl_sha1_prf.c
index 3a6d2f193..8371bc17f 100644
--- a/src/libstrongswan/plugins/openssl/openssl_sha1_prf.c
+++ b/src/libstrongswan/plugins/openssl/openssl_sha1_prf.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2010 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/openssl/openssl_sha1_prf.h b/src/libstrongswan/plugins/openssl/openssl_sha1_prf.h
index 384e328e2..49db884ad 100644
--- a/src/libstrongswan/plugins/openssl/openssl_sha1_prf.h
+++ b/src/libstrongswan/plugins/openssl/openssl_sha1_prf.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2010 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/openssl/openssl_util.c b/src/libstrongswan/plugins/openssl/openssl_util.c
index 6580e1c7d..b7f969f73 100644
--- a/src/libstrongswan/plugins/openssl/openssl_util.c
+++ b/src/libstrongswan/plugins/openssl/openssl_util.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2009 Martin Willi
  * Copyright (C) 2008 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/openssl/openssl_util.h b/src/libstrongswan/plugins/openssl/openssl_util.h
index 7c5c367f7..80e557fa8 100644
--- a/src/libstrongswan/plugins/openssl/openssl_util.h
+++ b/src/libstrongswan/plugins/openssl/openssl_util.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2008 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
diff --git a/src/libstrongswan/plugins/openssl/openssl_x509.c b/src/libstrongswan/plugins/openssl/openssl_x509.c
index 60c08770b..fae2d678f 100644
--- a/src/libstrongswan/plugins/openssl/openssl_x509.c
+++ b/src/libstrongswan/plugins/openssl/openssl_x509.c
@@ -668,6 +668,9 @@ static bool parse_keyUsage_ext(private_openssl_x509_t *this,
 {
 	ASN1_BIT_STRING *usage;
 
+	/* to be compliant with RFC 4945 specific KUs have to be included */
+	this->flags &= ~X509_IKE_COMPLIANT;
+
 	usage = X509V3_EXT_d2i(ext);
 	if (usage)
 	{
@@ -682,6 +685,11 @@ static bool parse_keyUsage_ext(private_openssl_x509_t *this,
 			{
 				this->flags |= X509_CRL_SIGN;
 			}
+			if (flags & X509v3_KU_DIGITAL_SIGNATURE ||
+				flags & X509v3_KU_NON_REPUDIATION)
+			{
+				this->flags |= X509_IKE_COMPLIANT;
+			}
 			if (flags & X509v3_KU_KEY_CERT_SIGN)
 			{
 				/* we use the caBasicContraint, MUST be set */
@@ -988,6 +996,9 @@ static bool parse_extensions(private_openssl_x509_t *this)
 	STACK_OF(X509_EXTENSION) *extensions;
 	int i, num;
 
+	/* unless we see a keyUsage extension we are compliant with RFC 4945 */
+	this->flags |= X509_IKE_COMPLIANT;
+
 	extensions = X509_get0_extensions(this->x509);
 	if (extensions)
 	{
author	Yves-Alexis Perez <corsac@debian.org>	2018-06-04 09:59:21 +0200
committer	Yves-Alexis Perez <corsac@debian.org>	2018-06-04 09:59:21 +0200
commit	51a71ee15c1bcf0e82f363a16898f571e211f9c3 (patch)
tree	2a03e117d072c55cfe2863d26b73e64d933e7ad8 /src/libstrongswan/plugins/openssl
parent	7793611ee71b576dd9c66dee327349fa64e38740 (diff)
download	vyos-strongswan-51a71ee15c1bcf0e82f363a16898f571e211f9c3.tar.gz vyos-strongswan-51a71ee15c1bcf0e82f363a16898f571e211f9c3.zip