2 files changed, 43 insertions, 6 deletions

diff --git a/src/libstrongswan/crypto/hashers/hasher.c b/src/libstrongswan/crypto/hashers/hasher.c
index 6cf828a36..580976222 100644
--- a/src/libstrongswan/crypto/hashers/hasher.c
+++ b/src/libstrongswan/crypto/hashers/hasher.c
@@ -68,9 +68,41 @@ hash_algorithm_t hasher_algorithm_from_oid(int oid)
 /*
  * Described in header.
  */
-hash_algorithm_t hasher_algorithm_from_integrity(integrity_algorithm_t integrity)
+hash_algorithm_t hasher_algorithm_from_integrity(integrity_algorithm_t alg,
+												 size_t *length)
 {
-	switch (integrity)
+	if (length)
+	{
+		switch (alg)
+		{
+			case AUTH_HMAC_MD5_96:
+			case AUTH_HMAC_SHA1_96:
+			case AUTH_HMAC_SHA2_256_96:
+				*length = 12;
+				break;
+			case AUTH_HMAC_MD5_128:
+			case AUTH_HMAC_SHA1_128:
+			case AUTH_HMAC_SHA2_256_128:
+				*length = 16;
+				break;
+			case AUTH_HMAC_SHA1_160:
+				*length = 20;
+				break;
+			case AUTH_HMAC_SHA2_384_192:
+				*length = 24;
+				break;
+			case AUTH_HMAC_SHA2_256_256:
+			case AUTH_HMAC_SHA2_512_256:
+				*length = 32;
+				break;
+			case AUTH_HMAC_SHA2_384_384:
+				*length = 48;
+				break;
+			default:
+				break;
+		}
+	}
+	switch (alg)
 	{
 		case AUTH_HMAC_MD5_96:
 		case AUTH_HMAC_MD5_128:
diff --git a/src/libstrongswan/crypto/hashers/hasher.h b/src/libstrongswan/crypto/hashers/hasher.h
index 4d0d66fcf..5325e017b 100644
--- a/src/libstrongswan/crypto/hashers/hasher.h
+++ b/src/libstrongswan/crypto/hashers/hasher.h
@@ -101,7 +101,7 @@ struct hasher_t {
 	size_t (*get_hash_size) (hasher_t *this);
 
 	/**
-	 * Resets the hashers state.
+	 * Resets the hasher's state.
 	 */
 	void (*reset) (hasher_t *this);
 
@@ -115,17 +115,22 @@ struct hasher_t {
  * Conversion of ASN.1 OID to hash algorithm.
  *
  * @param oid			ASN.1 OID
- * @return				hash algorithm, HASH_UNKNOWN if OID unsuported
+ * @return				hash algorithm, HASH_UNKNOWN if OID unsupported
  */
 hash_algorithm_t hasher_algorithm_from_oid(int oid);
 
 /**
  * Conversion of integrity algorithm to hash algorithm (if based on one).
  *
- * @param integrity		integrity algorithm
+ * If length is not NULL the length of the resulting signature is returned,
+ * which might be smaller than the output size of the underlying hash.
+ *
+ * @param alg			integrity algorithm
+ * @param length		returns signature length, if not NULL
  * @return				hash algorithm, HASH_UNKNOWN if not based on a hash
  */
-hash_algorithm_t hasher_algorithm_from_integrity(integrity_algorithm_t integrity);
+hash_algorithm_t hasher_algorithm_from_integrity(integrity_algorithm_t alg,
+												 size_t *length);
 
 /**
  * Conversion of hash algorithm into ASN.1 OID.