diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2017-05-26 11:23:12 +0200 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2017-05-26 11:23:12 +0200 |
| commit | 4366494d72c58ab6a926f60b1639d3e76e5c9213 (patch) | |
| tree | 8ba3d05f025225e21f2d156d60c1abacc766b74f /src/libcharon/sa/child_sa.c | |
| parent | 7b476029e6475ed5d5e4511760b1fe489385c4db (diff) | |
| parent | 0afe0eca67d696a4842462dea949739ba0554a8b (diff) | |
| download | strongswan-4366494d72c58ab6a926f60b1639d3e76e5c9213.tar.bz2 strongswan-4366494d72c58ab6a926f60b1639d3e76e5c9213.tar.xz | |
Merge branch 'sha-256-96'
Adds an option to locally configure 96-bit truncation for HMAC-SHA256
when negotiated using the official algorithm identifier. This is for
compatibility with peers that incorrectly use this shorter truncation
(like Linux does by default).
Fixes #1353.
Diffstat (limited to 'src/libcharon/sa/child_sa.c')
| -rw-r--r-- | src/libcharon/sa/child_sa.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/src/libcharon/sa/child_sa.c b/src/libcharon/sa/child_sa.c index 1d615915f..e1ffc2aae 100644 --- a/src/libcharon/sa/child_sa.c +++ b/src/libcharon/sa/child_sa.c @@ -802,6 +802,14 @@ static status_t install_internal(private_child_sa_t *this, chunk_t encr, this->proposal->get_algorithm(this->proposal, EXTENDED_SEQUENCE_NUMBERS, &esn, NULL); + if (int_alg == AUTH_HMAC_SHA2_256_128 && + this->config->has_option(this->config, OPT_SHA256_96)) + { + DBG2(DBG_CHD, " using %N with 96-bit truncation", + integrity_algorithm_names, int_alg); + int_alg = AUTH_HMAC_SHA2_256_96; + } + if (!this->reqid_allocated && !this->static_reqid) { status = charon->kernel->alloc_reqid(charon->kernel, my_ts, other_ts, |