rpms-fedora-extras/strongswan
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Re-enable python subpackage, re-enable upstream tests

Browse Source 
- patch to use --no-isolation with python by Carlos Rodriguez-Fernandez
- python dependencies fixed so pip no longer tries to download items
- apply upstream patch to remove md2 support - now all tests pass again
This commit is contained in:
Paul Wouters
2025-09-24 15:44:22 -04:00
parent 84430ef729
commit 043053ad27
2 changed files with 518 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

514
strongswan-6.0.2-no-md5-b3011e8e.patch Normal file
View File

@@ -0,0 +1,514 @@
From b3011e8e87a1fad1bfb026448fc37b80b7cfc007 Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Tue, 23 Sep 2025 14:59:37 +0200
Subject: [PATCH] Remove support for MD2
No part of IKE/IPsec or X.509 uses MD2 anymore, so there really is no
reason to still support it (unlike MD4 that is used in EAP-MSCHAPv2,
MD5 that's used in EAP-MD5, or SHA-1 that's used for e.g. NAT-D hashes).
It caused test vectors to fail on systems where OpenSSL is built with
MD2 support but has it disabled at runtime.
---
src/libstrongswan/asn1/oid.txt | 4 +-
.../credentials/containers/pkcs12.c | 1 -
src/libstrongswan/crypto/hashers/hasher.c | 15 ---
src/libstrongswan/crypto/hashers/hasher.h | 16 +--
src/libstrongswan/crypto/xofs/xof.c | 1 -
.../plugins/gcrypt/gcrypt_hasher.c | 3 -
.../plugins/openssl/openssl_plugin.c | 3 -
.../plugins/pkcs11/pkcs11_hasher.c | 1 -
.../plugins/pkcs11/pkcs11_plugin.c | 1 -
.../plugins/test_vectors/Makefile.am | 1 -
.../plugins/test_vectors/test_vectors.h | 7 -
.../plugins/test_vectors/test_vectors/md2.c | 64 ---------
src/libstrongswan/tests/suites/test_hasher.c | 127 +++++++++---------
13 files changed, 71 insertions(+), 173 deletions(-)
delete mode 100644 src/libstrongswan/plugins/test_vectors/test_vectors/md2.c
diff --git a/src/libstrongswan/asn1/oid.txt b/src/libstrongswan/asn1/oid.txt
index f58a44d326..b9c3189cd2 100644
--- a/src/libstrongswan/asn1/oid.txt
+++ b/src/libstrongswan/asn1/oid.txt
@@ -94,7 +94,7 @@
0x01 "PKCS"
0x01 "PKCS-1"
0x01 "rsaEncryption" OID_RSA_ENCRYPTION
- 0x02 "md2WithRSAEncryption" OID_MD2_WITH_RSA
+ 0x02 "md2WithRSAEncryption"
0x04 "md5WithRSAEncryption" OID_MD5_WITH_RSA
0x05 "sha-1WithRSAEncryption" OID_SHA1_WITH_RSA
0x07 "id-RSAES-OAEP" OID_RSAES_OAEP
@@ -148,7 +148,7 @@
0x05 "secretBag"
0x06 "safeContentsBag"
0x02 "digestAlgorithm"
- 0x02 "md2" OID_MD2
+ 0x02 "md2"
0x05 "md5" OID_MD5
0x07 "hmacWithSHA1" OID_HMAC_SHA1
0x08 "hmacWithSHA224" OID_HMAC_SHA224
diff --git a/src/libstrongswan/credentials/containers/pkcs12.c b/src/libstrongswan/credentials/containers/pkcs12.c
index d738910077..be0c750393 100644
--- a/src/libstrongswan/credentials/containers/pkcs12.c
+++ b/src/libstrongswan/credentials/containers/pkcs12.c
@@ -83,7 +83,6 @@ static bool derive_key(hash_algorithm_t hash, chunk_t unicode, chunk_t salt,
}
switch (hash)
{
- case HASH_MD2:
case HASH_MD5:
case HASH_SHA1:
case HASH_SHA224:
diff --git a/src/libstrongswan/crypto/hashers/hasher.c b/src/libstrongswan/crypto/hashers/hasher.c
index 2fed3b4133..444a59c5f0 100644
--- a/src/libstrongswan/crypto/hashers/hasher.c
+++ b/src/libstrongswan/crypto/hashers/hasher.c
@@ -30,7 +30,6 @@ ENUM_BEGIN(hash_algorithm_names, HASH_SHA1, HASH_IDENTITY,
"HASH_IDENTITY");
ENUM_NEXT(hash_algorithm_names, HASH_UNKNOWN, HASH_SHA3_512, HASH_IDENTITY,
"HASH_UNKNOWN",
- "HASH_MD2",
"HASH_MD4",
"HASH_MD5",
"HASH_SHA2_224",
@@ -48,7 +47,6 @@ ENUM_BEGIN(hash_algorithm_short_names, HASH_SHA1, HASH_IDENTITY,
"identity");
ENUM_NEXT(hash_algorithm_short_names, HASH_UNKNOWN, HASH_SHA3_512, HASH_IDENTITY,
"unknown",
- "md2",
"md4",
"md5",
"sha224",
@@ -66,7 +64,6 @@ ENUM_BEGIN(hash_algorithm_short_names_upper, HASH_SHA1, HASH_IDENTITY,
"IDENTITY");
ENUM_NEXT(hash_algorithm_short_names_upper, HASH_UNKNOWN, HASH_SHA3_512, HASH_IDENTITY,
"UNKNOWN",
- "MD2",
"MD4",
"MD5",
"SHA2_224",
@@ -91,8 +88,6 @@ size_t hasher_hash_size(hash_algorithm_t alg)
return HASH_SIZE_SHA384;
case HASH_SHA512:
return HASH_SIZE_SHA512;
- case HASH_MD2:
- return HASH_SIZE_MD2;
case HASH_MD4:
return HASH_SIZE_MD4;
case HASH_MD5:
@@ -121,9 +116,6 @@ hash_algorithm_t hasher_algorithm_from_oid(int oid)
{
switch (oid)
{
- case OID_MD2:
- case OID_MD2_WITH_RSA:
- return HASH_MD2;
case OID_MD5:
case OID_MD5_WITH_RSA:
return HASH_MD5;
@@ -323,7 +315,6 @@ integrity_algorithm_t hasher_algorithm_to_integrity(hash_algorithm_t alg,
return AUTH_HMAC_SHA2_512_512;
}
break;
- case HASH_MD2:
case HASH_MD4:
case HASH_SHA224:
case HASH_SHA3_224:
@@ -350,7 +341,6 @@ bool hasher_algorithm_for_ikev2(hash_algorithm_t alg)
case HASH_SHA512:
return TRUE;
case HASH_UNKNOWN:
- case HASH_MD2:
case HASH_MD4:
case HASH_MD5:
case HASH_SHA1:
@@ -373,9 +363,6 @@ int hasher_algorithm_to_oid(hash_algorithm_t alg)
switch (alg)
{
- case HASH_MD2:
- oid = OID_MD2;
- break;
case HASH_MD5:
oid = OID_MD5;
break;
@@ -422,8 +409,6 @@ int hasher_signature_algorithm_to_oid(hash_algorithm_t alg, key_type_t key)
case KEY_RSA:
switch (alg)
{
- case HASH_MD2:
- return OID_MD2_WITH_RSA;
case HASH_MD5:
return OID_MD5_WITH_RSA;
case HASH_SHA1:
diff --git a/src/libstrongswan/crypto/hashers/hasher.h b/src/libstrongswan/crypto/hashers/hasher.h
index ad434035da..0a4237cd93 100644
--- a/src/libstrongswan/crypto/hashers/hasher.h
+++ b/src/libstrongswan/crypto/hashers/hasher.h
@@ -45,17 +45,15 @@ enum hash_algorithm_t {
HASH_IDENTITY = 5,
/* use private use range for algorithms not defined/permitted by RFC 7427 */
HASH_UNKNOWN = 1024,
- HASH_MD2 = 1025,
- HASH_MD4 = 1026,
- HASH_MD5 = 1027,
- HASH_SHA224 = 1028,
- HASH_SHA3_224 = 1029,
- HASH_SHA3_256 = 1030,
- HASH_SHA3_384 = 1031,
- HASH_SHA3_512 = 1032
+ HASH_MD4 = 1025,
+ HASH_MD5 = 1026,
+ HASH_SHA224 = 1027,
+ HASH_SHA3_224 = 1028,
+ HASH_SHA3_256 = 1029,
+ HASH_SHA3_384 = 1030,
+ HASH_SHA3_512 = 1031
};
-#define HASH_SIZE_MD2 16
#define HASH_SIZE_MD4 16
#define HASH_SIZE_MD5 16
#define HASH_SIZE_SHA1 20
diff --git a/src/libstrongswan/crypto/xofs/xof.c b/src/libstrongswan/crypto/xofs/xof.c
index 7c1eb37e42..f21e037a5a 100644
--- a/src/libstrongswan/crypto/xofs/xof.c
+++ b/src/libstrongswan/crypto/xofs/xof.c
@@ -60,7 +60,6 @@ ext_out_function_t xof_mgf1_from_hash_algorithm(hash_algorithm_t alg)
return XOF_MGF1_SHA3_384;
case HASH_IDENTITY:
case HASH_UNKNOWN:
- case HASH_MD2:
case HASH_MD4:
case HASH_MD5:
break;
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c b/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c
index 29f86a5139..5e30ac7dc3 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c
@@ -92,9 +92,6 @@ gcrypt_hasher_t *gcrypt_hasher_create(hash_algorithm_t algo)
switch (algo)
{
- case HASH_MD2:
- gcrypt_alg = GCRY_MD_MD2;
- break;
case HASH_MD4:
gcrypt_alg = GCRY_MD_MD4;
break;
diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c
index c3e1d2e173..ef7fe8908f 100644
--- a/src/libstrongswan/plugins/openssl/openssl_plugin.c
+++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c
@@ -400,9 +400,6 @@ METHOD(plugin_t, get_features, int,
PLUGIN_PROVIDE(CRYPTER, ENCR_NULL, 0),
/* hashers */
PLUGIN_REGISTER(HASHER, openssl_hasher_create),
-#ifndef OPENSSL_NO_MD2
- PLUGIN_PROVIDE(HASHER, HASH_MD2),
-#endif
#ifndef OPENSSL_NO_MD4
PLUGIN_PROVIDE(HASHER, HASH_MD4),
#endif
diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_hasher.c b/src/libstrongswan/plugins/pkcs11/pkcs11_hasher.c
index e5ac18ed8c..409a05a2ab 100644
--- a/src/libstrongswan/plugins/pkcs11/pkcs11_hasher.c
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_hasher.c
@@ -234,7 +234,6 @@ static CK_MECHANISM_PTR algo_to_mechanism(hash_algorithm_t algo, size_t *size)
CK_MECHANISM mechanism;
size_t size;
} mappings[] = {
- {HASH_MD2, {CKM_MD2, NULL, 0}, HASH_SIZE_MD2},
{HASH_MD5, {CKM_MD5, NULL, 0}, HASH_SIZE_MD5},
{HASH_SHA1, {CKM_SHA_1, NULL, 0}, HASH_SIZE_SHA1},
{HASH_SHA256, {CKM_SHA256, NULL, 0}, HASH_SIZE_SHA256},
diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c b/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c
index 5510db99f4..aa27f1e384 100644
--- a/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c
@@ -189,7 +189,6 @@ METHOD(plugin_t, get_features, int,
{
static plugin_feature_t f_hash[] = {
PLUGIN_REGISTER(HASHER, pkcs11_hasher_create),
- PLUGIN_PROVIDE(HASHER, HASH_MD2),
PLUGIN_PROVIDE(HASHER, HASH_MD5),
PLUGIN_PROVIDE(HASHER, HASH_SHA1),
PLUGIN_PROVIDE(HASHER, HASH_SHA256),
diff --git a/src/libstrongswan/plugins/test_vectors/Makefile.am b/src/libstrongswan/plugins/test_vectors/Makefile.am
index 6074027f7d..eaf6485abc 100644
--- a/src/libstrongswan/plugins/test_vectors/Makefile.am
+++ b/src/libstrongswan/plugins/test_vectors/Makefile.am
@@ -37,7 +37,6 @@ libstrongswan_test_vectors_la_SOURCES = \
test_vectors/rc5.c \
test_vectors/serpent_cbc.c \
test_vectors/twofish_cbc.c \
- test_vectors/md2.c \
test_vectors/md4.c \
test_vectors/md5.c \
test_vectors/md5_hmac.c \
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors.h b/src/libstrongswan/plugins/test_vectors/test_vectors.h
index bf8609cb62..85436ff74a 100644
--- a/src/libstrongswan/plugins/test_vectors/test_vectors.h
+++ b/src/libstrongswan/plugins/test_vectors/test_vectors.h
@@ -160,13 +160,6 @@ TEST_VECTOR_SIGNER(sha512_hmac_s1)
TEST_VECTOR_SIGNER(sha512_hmac_s2)
TEST_VECTOR_SIGNER(sha512_hmac_s3)
-TEST_VECTOR_HASHER(md2_1)
-TEST_VECTOR_HASHER(md2_2)
-TEST_VECTOR_HASHER(md2_3)
-TEST_VECTOR_HASHER(md2_4)
-TEST_VECTOR_HASHER(md2_5)
-TEST_VECTOR_HASHER(md2_6)
-TEST_VECTOR_HASHER(md2_7)
TEST_VECTOR_HASHER(md4_1)
TEST_VECTOR_HASHER(md4_2)
TEST_VECTOR_HASHER(md4_3)
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/md2.c b/src/libstrongswan/plugins/test_vectors/test_vectors/md2.c
deleted file mode 100644
index b2707a1317..0000000000
--- a/src/libstrongswan/plugins/test_vectors/test_vectors/md2.c
+++ /dev/null
@@ -1,64 +0,0 @@
-/*
- * Copyright (C) 2009 Martin Willi
- *
- * Copyright (C) secunet Security Networks AG
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the Licenseor (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be usefulbut
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include <crypto/crypto_tester.h>
-
-/**
- * MD2 vectors from RFC 1319
- */
-hasher_test_vector_t md2_1 = {
- .alg = HASH_MD2, .len = 0,
- .data = "",
- .hash = "\x83\x50\xe5\xa3\xe2\x4c\x15\x3d\xf2\x27\x5c\x9f\x80\x69\x27\x73"
-};
-
-hasher_test_vector_t md2_2 = {
- .alg = HASH_MD2, .len = 1,
- .data = "a",
- .hash = "\x32\xec\x01\xec\x4a\x6d\xac\x72\xc0\xab\x96\xfb\x34\xc0\xb5\xd1"
-};
-
-hasher_test_vector_t md2_3 = {
- .alg = HASH_MD2, .len = 3,
- .data = "abc",
- .hash = "\xda\x85\x3b\x0d\x3f\x88\xd9\x9b\x30\x28\x3a\x69\xe6\xde\xd6\xbb"
-};
-
-hasher_test_vector_t md2_4 = {
- .alg = HASH_MD2, .len = 14,
- .data = "message digest",
- .hash = "\xab\x4f\x49\x6b\xfb\x2a\x53\x0b\x21\x9f\xf3\x30\x31\xfe\x06\xb0"
-};
-
-hasher_test_vector_t md2_5 = {
- .alg = HASH_MD2, .len = 26,
- .data = "abcdefghijklmnopqrstuvwxyz",
- .hash = "\x4e\x8d\xdf\xf3\x65\x02\x92\xab\x5a\x41\x08\xc3\xaa\x47\x94\x0b"
-};
-
-hasher_test_vector_t md2_6 = {
- .alg = HASH_MD2, .len = 62,
- .data = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
- .hash = "\xda\x33\xde\xf2\xa4\x2d\xf1\x39\x75\x35\x28\x46\xc3\x03\x38\xcd"
-};
-
-hasher_test_vector_t md2_7 = {
- .alg = HASH_MD2, .len = 80,
- .data = "1234567890123456789012345678901234567890"
- "1234567890123456789012345678901234567890",
- .hash = "\xd5\x97\x6f\x79\xd8\x3d\x3a\x0d\xc9\x80\x6c\x3c\x66\xf3\xef\xd8"
-};
-
diff --git a/src/libstrongswan/tests/suites/test_hasher.c b/src/libstrongswan/tests/suites/test_hasher.c
index c07eed8d93..3bdcc7e3d7 100644
--- a/src/libstrongswan/tests/suites/test_hasher.c
+++ b/src/libstrongswan/tests/suites/test_hasher.c
@@ -28,41 +28,39 @@ typedef struct {
key_type_t key;
}hasher_oid_t;
+/* make sure to adjust offsets in constructor when changing this array */
static hasher_oid_t oids[] = {
- { OID_MD2, HASH_MD2, KEY_ANY }, /* 0 */
- { OID_MD5, HASH_MD5, KEY_ANY }, /* 1 */
- { OID_SHA1, HASH_SHA1, KEY_ANY }, /* 2 */
- { OID_SHA224, HASH_SHA224, KEY_ANY }, /* 3 */
- { OID_SHA256, HASH_SHA256, KEY_ANY }, /* 4 */
- { OID_SHA384, HASH_SHA384, KEY_ANY }, /* 5 */
- { OID_SHA512, HASH_SHA512, KEY_ANY }, /* 6 */
- { OID_SHA3_224, HASH_SHA3_224, KEY_ANY }, /* 7 */
- { OID_SHA3_256, HASH_SHA3_256, KEY_ANY }, /* 8 */
- { OID_SHA3_384, HASH_SHA3_384, KEY_ANY }, /* 9 */
- { OID_SHA3_512, HASH_SHA3_512, KEY_ANY }, /* 10 */
- { OID_UNKNOWN, HASH_UNKNOWN, KEY_ANY }, /* 11 */
- { OID_MD2_WITH_RSA, HASH_MD2, KEY_RSA }, /* 12 */
- { OID_MD5_WITH_RSA, HASH_MD5, KEY_RSA }, /* 13 */
- { OID_SHA1_WITH_RSA, HASH_SHA1, KEY_RSA }, /* 14 */
- { OID_SHA224_WITH_RSA, HASH_SHA224, KEY_RSA }, /* 15 */
- { OID_SHA256_WITH_RSA, HASH_SHA256, KEY_RSA }, /* 16 */
- { OID_SHA384_WITH_RSA, HASH_SHA384, KEY_RSA }, /* 17 */
- { OID_SHA512_WITH_RSA, HASH_SHA512, KEY_RSA }, /* 18 */
- { OID_RSASSA_PKCS1V15_WITH_SHA3_224, HASH_SHA3_224, KEY_RSA }, /* 19 */
- { OID_RSASSA_PKCS1V15_WITH_SHA3_256, HASH_SHA3_256, KEY_RSA }, /* 20 */
- { OID_RSASSA_PKCS1V15_WITH_SHA3_384, HASH_SHA3_384, KEY_RSA }, /* 21 */
- { OID_RSASSA_PKCS1V15_WITH_SHA3_512, HASH_SHA3_512, KEY_RSA }, /* 22 */
- { OID_UNKNOWN, HASH_UNKNOWN, KEY_RSA }, /* 23 */
- { OID_ED25519, HASH_IDENTITY, KEY_ED25519 }, /* 24 */
- { OID_UNKNOWN, HASH_UNKNOWN, KEY_ED25519 }, /* 25 */
- { OID_ED448, HASH_IDENTITY, KEY_ED448 }, /* 26 */
- { OID_UNKNOWN, HASH_UNKNOWN, KEY_ED448 }, /* 27 */
- { OID_ECDSA_WITH_SHA1, HASH_SHA1, KEY_ECDSA }, /* 28 */
- { OID_ECDSA_WITH_SHA256, HASH_SHA256, KEY_ECDSA }, /* 29 */
- { OID_ECDSA_WITH_SHA384, HASH_SHA384, KEY_ECDSA }, /* 30 */
- { OID_ECDSA_WITH_SHA512, HASH_SHA512, KEY_ECDSA }, /* 31 */
- { OID_UNKNOWN, HASH_UNKNOWN, KEY_ECDSA }, /* 32 */
-
+ { OID_MD5, HASH_MD5, KEY_ANY }, /* 0 */
+ { OID_SHA1, HASH_SHA1, KEY_ANY }, /* 1 */
+ { OID_SHA224, HASH_SHA224, KEY_ANY }, /* 2 */
+ { OID_SHA256, HASH_SHA256, KEY_ANY }, /* 3 */
+ { OID_SHA384, HASH_SHA384, KEY_ANY }, /* 4 */
+ { OID_SHA512, HASH_SHA512, KEY_ANY }, /* 5 */
+ { OID_SHA3_224, HASH_SHA3_224, KEY_ANY }, /* 6 */
+ { OID_SHA3_256, HASH_SHA3_256, KEY_ANY }, /* 7 */
+ { OID_SHA3_384, HASH_SHA3_384, KEY_ANY }, /* 8 */
+ { OID_SHA3_512, HASH_SHA3_512, KEY_ANY }, /* 9 */
+ { OID_UNKNOWN, HASH_UNKNOWN, KEY_ANY }, /* 10 */
+ { OID_MD5_WITH_RSA, HASH_MD5, KEY_RSA }, /* 11 */
+ { OID_SHA1_WITH_RSA, HASH_SHA1, KEY_RSA }, /* 12 */
+ { OID_SHA224_WITH_RSA, HASH_SHA224, KEY_RSA }, /* 13 */
+ { OID_SHA256_WITH_RSA, HASH_SHA256, KEY_RSA }, /* 14 */
+ { OID_SHA384_WITH_RSA, HASH_SHA384, KEY_RSA }, /* 15 */
+ { OID_SHA512_WITH_RSA, HASH_SHA512, KEY_RSA }, /* 16 */
+ { OID_RSASSA_PKCS1V15_WITH_SHA3_224, HASH_SHA3_224, KEY_RSA }, /* 17 */
+ { OID_RSASSA_PKCS1V15_WITH_SHA3_256, HASH_SHA3_256, KEY_RSA }, /* 18 */
+ { OID_RSASSA_PKCS1V15_WITH_SHA3_384, HASH_SHA3_384, KEY_RSA }, /* 19 */
+ { OID_RSASSA_PKCS1V15_WITH_SHA3_512, HASH_SHA3_512, KEY_RSA }, /* 20 */
+ { OID_UNKNOWN, HASH_UNKNOWN, KEY_RSA }, /* 21 */
+ { OID_ED25519, HASH_IDENTITY, KEY_ED25519 }, /* 22 */
+ { OID_UNKNOWN, HASH_UNKNOWN, KEY_ED25519 }, /* 23 */
+ { OID_ED448, HASH_IDENTITY, KEY_ED448 }, /* 24 */
+ { OID_UNKNOWN, HASH_UNKNOWN, KEY_ED448 }, /* 25 */
+ { OID_ECDSA_WITH_SHA1, HASH_SHA1, KEY_ECDSA }, /* 26 */
+ { OID_ECDSA_WITH_SHA256, HASH_SHA256, KEY_ECDSA }, /* 27 */
+ { OID_ECDSA_WITH_SHA384, HASH_SHA384, KEY_ECDSA }, /* 28 */
+ { OID_ECDSA_WITH_SHA512, HASH_SHA512, KEY_ECDSA }, /* 29 */
+ { OID_UNKNOWN, HASH_UNKNOWN, KEY_ECDSA }, /* 30 */
};
START_TEST(test_hasher_from_oid)
@@ -174,32 +172,32 @@ typedef struct {
size_t length;
}hasher_auth_t;
+/* make sure to adjust offsets in constructor when changing this array */
static hasher_auth_t auths[] = {
- { AUTH_UNDEFINED, HASH_MD2, 0 },
- { AUTH_UNDEFINED, HASH_MD4, 0 },
- { AUTH_UNDEFINED, HASH_SHA224, 0 },
- { AUTH_UNDEFINED, 9, 0 },
- { AUTH_UNDEFINED, HASH_UNKNOWN, 0 },
- { AUTH_HMAC_MD5_96, HASH_MD5, 12 },
- { AUTH_HMAC_SHA1_96, HASH_SHA1, 12 },
- { AUTH_HMAC_SHA2_256_96, HASH_SHA256, 12 },
- { AUTH_HMAC_MD5_128, HASH_MD5, 16 },
- { AUTH_HMAC_SHA1_128, HASH_SHA1, 16 },
- { AUTH_HMAC_SHA2_256_128, HASH_SHA256, 16 },
- { AUTH_HMAC_SHA1_160, HASH_SHA1, 20 },
- { AUTH_HMAC_SHA2_384_192, HASH_SHA384, 24 },
- { AUTH_HMAC_SHA2_256_256, HASH_SHA256, 32 },
- { AUTH_HMAC_SHA2_512_256, HASH_SHA512, 32 },
- { AUTH_HMAC_SHA2_384_384, HASH_SHA384, 48 },
- { AUTH_HMAC_SHA2_512_512, HASH_SHA512, 64 },
- { AUTH_AES_CMAC_96, HASH_UNKNOWN, 0 },
- { AUTH_AES_128_GMAC, HASH_UNKNOWN, 0 },
- { AUTH_AES_192_GMAC, HASH_UNKNOWN, 0 },
- { AUTH_AES_256_GMAC, HASH_UNKNOWN, 0 },
- { AUTH_AES_XCBC_96, HASH_UNKNOWN, 0 },
- { AUTH_DES_MAC, HASH_UNKNOWN, 0 },
- { AUTH_CAMELLIA_XCBC_96, HASH_UNKNOWN, 0 },
- { 0, HASH_UNKNOWN, 0 }
+ { AUTH_UNDEFINED, HASH_MD4, 0 }, /* 0 */
+ { AUTH_UNDEFINED, HASH_SHA224, 0 }, /* 1 */
+ { AUTH_UNDEFINED, 9, 0 }, /* 2 */
+ { AUTH_UNDEFINED, HASH_UNKNOWN, 0 }, /* 3 */
+ { AUTH_HMAC_MD5_96, HASH_MD5, 12 }, /* 4 */
+ { AUTH_HMAC_SHA1_96, HASH_SHA1, 12 }, /* 5 */
+ { AUTH_HMAC_SHA2_256_96, HASH_SHA256, 12 }, /* 6 */
+ { AUTH_HMAC_MD5_128, HASH_MD5, 16 }, /* 7 */
+ { AUTH_HMAC_SHA1_128, HASH_SHA1, 16 }, /* 8 */
+ { AUTH_HMAC_SHA2_256_128, HASH_SHA256, 16 }, /* 9 */
+ { AUTH_HMAC_SHA1_160, HASH_SHA1, 20 }, /* 10 */
+ { AUTH_HMAC_SHA2_384_192, HASH_SHA384, 24 }, /* 11 */
+ { AUTH_HMAC_SHA2_256_256, HASH_SHA256, 32 }, /* 12 */
+ { AUTH_HMAC_SHA2_512_256, HASH_SHA512, 32 }, /* 13 */
+ { AUTH_HMAC_SHA2_384_384, HASH_SHA384, 48 }, /* 14 */
+ { AUTH_HMAC_SHA2_512_512, HASH_SHA512, 64 }, /* 15 */
+ { AUTH_AES_CMAC_96, HASH_UNKNOWN, 0 }, /* 16 */
+ { AUTH_AES_128_GMAC, HASH_UNKNOWN, 0 }, /* 17 */
+ { AUTH_AES_192_GMAC, HASH_UNKNOWN, 0 }, /* 18 */
+ { AUTH_AES_256_GMAC, HASH_UNKNOWN, 0 }, /* 19 */
+ { AUTH_AES_XCBC_96, HASH_UNKNOWN, 0 }, /* 20 */
+ { AUTH_DES_MAC, HASH_UNKNOWN, 0 }, /* 21 */
+ { AUTH_CAMELLIA_XCBC_96, HASH_UNKNOWN, 0 }, /* 22 */
+ { 0, HASH_UNKNOWN, 0 } /* 23 */
};
START_TEST(test_hasher_from_integrity)
@@ -237,7 +235,6 @@ static hasher_ikev2_t ikev2[] = {
{ HASH_SHA384, TRUE },
{ HASH_SHA512, TRUE },
{ HASH_UNKNOWN, FALSE },
- { HASH_MD2, FALSE },
{ HASH_MD4, FALSE },
{ HASH_MD5, FALSE },
{ HASH_SHA224, FALSE },
@@ -262,15 +259,15 @@ Suite *hasher_suite_create()
s = suite_create("hasher");
tc = tcase_create("from_oid");
- tcase_add_loop_test(tc, test_hasher_from_oid, 0, 28);
+ tcase_add_loop_test(tc, test_hasher_from_oid, 0, 26);
suite_add_tcase(s, tc);
tc = tcase_create("to_oid");
- tcase_add_loop_test(tc, test_hasher_to_oid, 0, 12);
+ tcase_add_loop_test(tc, test_hasher_to_oid, 0, 11);
suite_add_tcase(s, tc);
tc = tcase_create("sig_to_oid");
- tcase_add_loop_test(tc, test_hasher_sig_to_oid, 11, countof(oids));
+ tcase_add_loop_test(tc, test_hasher_sig_to_oid, 10, countof(oids));
suite_add_tcase(s, tc);
tc = tcase_create("from_sig_scheme");
@@ -283,11 +280,11 @@ Suite *hasher_suite_create()
suite_add_tcase(s, tc);
tc = tcase_create("from_integrity");
- tcase_add_loop_test(tc, test_hasher_from_integrity, 4, countof(auths));
+ tcase_add_loop_test(tc, test_hasher_from_integrity, 3, countof(auths));
suite_add_tcase(s, tc);
tc = tcase_create("to_integrity");
- tcase_add_loop_test(tc, test_hasher_to_integrity, 0, 17);
+ tcase_add_loop_test(tc, test_hasher_to_integrity, 0, 16);
suite_add_tcase(s, tc);
tc = tcase_create("for_ikev2");

5
strongswan.spec
View File

@@ -23,8 +23,11 @@ Source2: https://download.strongswan.org/STRONGSWAN-RELEASE-PGP-KEY
Source3: tmpfiles-strongswan.conf Source3: tmpfiles-strongswan.conf
# https://github.com/strongswan/strongswan/issues/1198 (also pinged upstream via email) # https://github.com/strongswan/strongswan/issues/1198 (also pinged upstream via email)
Patch1: strongswan-5.9.7-error-no-format.patch Patch1: strongswan-5.9.7-error-no-format.patch
# this patch doesn't seem to help unfortunately # Use isolation to prevent pip attempting to download during build
Patch2: strongswan-6.0.2-no-isolation.patch Patch2: strongswan-6.0.2-no-isolation.patch
# Remove MD2, which causes test case failures due to fedora crypto policies
# https://github.com/strongswan/strongswan/commit/b3011e8e87a1fad1bfb026448fc37b80b7cfc007
Patch3: strongswan-6.0.2-no-md5-b3011e8e.patch
BuildRequires: autoconf BuildRequires: autoconf
BuildRequires: automake BuildRequires: automake