aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c4
-rw-r--r--src/libstrongswan/crypto/hashers/hasher.c2
-rw-r--r--src/libstrongswan/tests/suites/test_hasher.c6
3 files changed, 5 insertions, 7 deletions
diff --git a/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c b/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c
index 19ea72d0b..b2b1ef289 100644
--- a/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c
+++ b/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c
@@ -156,14 +156,12 @@ static array_t *select_signature_schemes(keymat_v2_t *keymat,
}
enumerator->destroy(enumerator);
- /* for RSA we tried at least SHA-512, also try other schemes down to
- * what we'd use with classic authentication */
+ /* for RSA we tried at least SHA-512, also try other schemes */
if (key_type == KEY_RSA)
{
signature_scheme_t schemes[] = {
SIGN_RSA_EMSA_PKCS1_SHA2_384,
SIGN_RSA_EMSA_PKCS1_SHA2_256,
- SIGN_RSA_EMSA_PKCS1_SHA1,
}, contained;
bool found;
int i, j;
diff --git a/src/libstrongswan/crypto/hashers/hasher.c b/src/libstrongswan/crypto/hashers/hasher.c
index 26aab0ccc..6b5c05c46 100644
--- a/src/libstrongswan/crypto/hashers/hasher.c
+++ b/src/libstrongswan/crypto/hashers/hasher.c
@@ -287,7 +287,6 @@ bool hasher_algorithm_for_ikev2(hash_algorithm_t alg)
switch (alg)
{
case HASH_IDENTITY:
- case HASH_SHA1:
case HASH_SHA256:
case HASH_SHA384:
case HASH_SHA512:
@@ -296,6 +295,7 @@ bool hasher_algorithm_for_ikev2(hash_algorithm_t alg)
case HASH_MD2:
case HASH_MD4:
case HASH_MD5:
+ case HASH_SHA1:
case HASH_SHA224:
case HASH_SHA3_224:
case HASH_SHA3_256:
diff --git a/src/libstrongswan/tests/suites/test_hasher.c b/src/libstrongswan/tests/suites/test_hasher.c
index 6a83fe777..9f7741969 100644
--- a/src/libstrongswan/tests/suites/test_hasher.c
+++ b/src/libstrongswan/tests/suites/test_hasher.c
@@ -201,9 +201,9 @@ START_TEST(test_hasher_from_integrity)
size_t length;
length = 0;
- ck_assert(hasher_algorithm_from_integrity(auths[_i].auth, NULL) ==
+ ck_assert(hasher_algorithm_from_integrity(auths[_i].auth, NULL) ==
auths[_i].alg);
- ck_assert(hasher_algorithm_from_integrity(auths[_i].auth, &length) ==
+ ck_assert(hasher_algorithm_from_integrity(auths[_i].auth, &length) ==
auths[_i].alg);
ck_assert(length == auths[_i].length);
}
@@ -226,7 +226,7 @@ typedef struct {
static hasher_ikev2_t ikev2[] = {
{ HASH_IDENTITY, TRUE },
- { HASH_SHA1, TRUE },
+ { HASH_SHA1, FALSE },
{ HASH_SHA256, TRUE },
{ HASH_SHA384, TRUE },
{ HASH_SHA512, TRUE },
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-19 23:43:40 +0000