diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2017-05-26 11:23:12 +0200 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2017-05-26 11:23:12 +0200 |
| commit | 4366494d72c58ab6a926f60b1639d3e76e5c9213 (patch) | |
| tree | 8ba3d05f025225e21f2d156d60c1abacc766b74f /src/starter | |
| parent | 7b476029e6475ed5d5e4511760b1fe489385c4db (diff) | |
| parent | 0afe0eca67d696a4842462dea949739ba0554a8b (diff) | |
| download | strongswan-4366494d72c58ab6a926f60b1639d3e76e5c9213.tar.bz2 strongswan-4366494d72c58ab6a926f60b1639d3e76e5c9213.tar.xz | |
Merge branch 'sha-256-96'
Adds an option to locally configure 96-bit truncation for HMAC-SHA256
when negotiated using the official algorithm identifier. This is for
compatibility with peers that incorrectly use this shorter truncation
(like Linux does by default).
Fixes #1353.
Diffstat (limited to 'src/starter')
| -rw-r--r-- | src/starter/args.c | 1 | ||||
| -rw-r--r-- | src/starter/confread.h | 2 | ||||
| -rw-r--r-- | src/starter/keywords.h | 1 | ||||
| -rw-r--r-- | src/starter/keywords.txt | 1 | ||||
| -rw-r--r-- | src/starter/starterstroke.c | 1 |
5 files changed, 6 insertions, 0 deletions
diff --git a/src/starter/args.c b/src/starter/args.c index 7f010d350..477a52082 100644 --- a/src/starter/args.c +++ b/src/starter/args.c @@ -165,6 +165,7 @@ static const token_info_t token_info[] = { ARG_TIME, offsetof(starter_conn_t, dpd_timeout), NULL }, { ARG_ENUM, offsetof(starter_conn_t, dpd_action), LST_dpd_action }, { ARG_ENUM, offsetof(starter_conn_t, close_action), LST_dpd_action }, + { ARG_ENUM, offsetof(starter_conn_t, sha256_96), LST_bool }, { ARG_TIME, offsetof(starter_conn_t, inactivity), NULL }, { ARG_MISC, 0, NULL /* KW_MODECONFIG */ }, { ARG_MISC, 0, NULL /* KW_XAUTH */ }, diff --git a/src/starter/confread.h b/src/starter/confread.h index 2b974d1bc..8ee730daa 100644 --- a/src/starter/confread.h +++ b/src/starter/confread.h @@ -162,6 +162,8 @@ struct starter_conn { dpd_action_t close_action; + bool sha256_96; + time_t inactivity; bool me_mediation; diff --git a/src/starter/keywords.h b/src/starter/keywords.h index 94af493f8..0cb46a740 100644 --- a/src/starter/keywords.h +++ b/src/starter/keywords.h @@ -64,6 +64,7 @@ enum kw_token_t { KW_DPDTIMEOUT, KW_DPDACTION, KW_CLOSEACTION, + KW_SHA256_96, KW_INACTIVITY, KW_MODECONFIG, KW_XAUTH, diff --git a/src/starter/keywords.txt b/src/starter/keywords.txt index ee0bd31e1..3f92dc83f 100644 --- a/src/starter/keywords.txt +++ b/src/starter/keywords.txt @@ -61,6 +61,7 @@ dpddelay, KW_DPDDELAY dpdtimeout, KW_DPDTIMEOUT dpdaction, KW_DPDACTION closeaction, KW_CLOSEACTION +sha256_96, KW_SHA256_96 inactivity, KW_INACTIVITY modeconfig, KW_MODECONFIG xauth, KW_XAUTH diff --git a/src/starter/starterstroke.c b/src/starter/starterstroke.c index b92c00c87..90af9372a 100644 --- a/src/starter/starterstroke.c +++ b/src/starter/starterstroke.c @@ -220,6 +220,7 @@ int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn) msg->add_conn.dpd.timeout = conn->dpd_timeout; msg->add_conn.dpd.action = conn->dpd_action; msg->add_conn.close_action = conn->close_action; + msg->add_conn.sha256_96 = conn->sha256_96; msg->add_conn.inactivity = conn->inactivity; msg->add_conn.ikeme.mediation = conn->me_mediation; push_string(&msg, add_conn.ikeme.mediated_by, conn->me_mediated_by); |