diff options
author | Tobias Brunner <tobias@strongswan.org> | 2017-10-16 18:09:38 +0200 |
---|---|---|
committer | Tobias Brunner <tobias@strongswan.org> | 2017-11-08 16:48:10 +0100 |
commit | 6f97c0d50bad5f0d9868d4a8a91ae39c91f8cdac (patch) | |
tree | 1ebf237771c949594e22cc479dcb660a0fcb7642 /src/libcharon | |
parent | 24b2ede283d6753ea6e2484607705f0a493d1f1e (diff) | |
download | strongswan-6f97c0d50bad5f0d9868d4a8a91ae39c91f8cdac.tar.bz2 strongswan-6f97c0d50bad5f0d9868d4a8a91ae39c91f8cdac.tar.xz |
ikev2: Enumerate RSA/PSS schemes and use them if enabled
Diffstat (limited to 'src/libcharon')
-rw-r--r-- | src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c | 18 |
1 files changed, 11 insertions, 7 deletions
diff --git a/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c b/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c index 08d15ef00..b34b5085f 100644 --- a/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c +++ b/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c @@ -176,16 +176,20 @@ static array_t *select_signature_schemes(keymat_v2_t *keymat, * and supported by the other peer */ enumerator = signature_schemes_for_key(key_type, private->get_keysize(private)); - while (enumerator->enumerate(enumerator, &scheme)) + while (enumerator->enumerate(enumerator, &config)) { + if (config->scheme == SIGN_RSA_EMSA_PSS && + !lib->settings->get_bool(lib->settings, "%s.rsa_pss", FALSE, + lib->ns)) + { + continue; + } if (keymat->hash_algorithm_supported(keymat, - hasher_from_signature_scheme(scheme, - NULL))) + hasher_from_signature_scheme(config->scheme, + config->params))) { - INIT(config, - .scheme = scheme, - ) - array_insert(selected, ARRAY_TAIL, config); + array_insert(selected, ARRAY_TAIL, + signature_params_clone(config)); } } enumerator->destroy(enumerator); |