[Swan-commit] Changes to ref refs/heads/master
Andrew Cagney
cagney at vault.libreswan.fi
Thu Jul 5 16:23:42 UTC 2018
New commits:
commit 6e1368a4a51ab42ffa0e229e6c6b1b649776fd6e
Author: Andrew Cagney <cagney at gnu.org>
Date: Thu Jul 5 11:54:50 2018 -0400
ikev1: delete kernel_alg_esp_sadb_alg(), gut check_kernel_encrypt_alg()
In check_kernel_encrypt_alg() use encrypt_has_key_bit_length() to
verify the crypt algorithms key lengths.
But wait there's more:
- the algorithm parser should have already done this check so
it is probably redundant
- while the old code appeared to use spdb_alg extracted from the kernel
when checking key lengths that appearance is deceptive, for algorithms
we're currently interested in (e.g., AES_GCM) those values are
hard wired into pluto
- the code is assuming that the kernel supports all key lengths
listed in the ike_alg DB; for current algorithms I'm pretty sure that's
true (and if it isn't then the place to fix it is in the parser and
not here
More information about the Swan-commit
mailing list