[Swan-commit] Changes to ref refs/heads/master
Paul Wouters
paul at vault.libreswan.fi
Fri May 16 21:06:46 EEST 2014
New commits:
commit ebd8ef579a4ac3affa13680e92391be3386927c9
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri May 16 14:00:29 2014 -0400
pluto: Added int crypto_req_keysize(int ksproto, int algo);
This will return the RFC default key size for an algorithm.
ksproto is used to ask for v1, v2 or ESP algorithms.
This function is for use in the out_sa() functions. We need this as for
some algos, according to the RFCs we MUST send a key length, and we
currently do not always do that. For example for AES, CAST, CAMELLIA
this is required. Current code only does this for ESP_AES.
The reason we don't set a missing key size on loading the conn, is that
we don't want to break current logic on the responder. So if we loaded a
conn with ike=aes we will accept aes128, aes192 and aes256, even though on
outgoing connections for that conn we will only use the default aes128.
If we would set aes128 upon loading, we would start rejecting aes192
and aes256 on incoming connections.
(code that will implement adding OAKLEY_KEY_LENGTH and KEY_LENGTH coming soon)
commit e621a3a64f2463e48e75e243a0fd63de82669cec
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri May 16 09:27:44 2014 -0400
rsasigkey: fix typo in message
More information about the Swan-commit
mailing list