[Swan-commit] Changes to ref refs/heads/master

Andrew Cagney cagney at vault.libreswan.fi
Thu Jul 5 16:23:42 UTC 2018

New commits:
commit 6e1368a4a51ab42ffa0e229e6c6b1b649776fd6e
Author: Andrew Cagney <cagney at gnu.org>
Date:   Thu Jul 5 11:54:50 2018 -0400

    ikev1: delete kernel_alg_esp_sadb_alg(), gut check_kernel_encrypt_alg()
    In check_kernel_encrypt_alg() use encrypt_has_key_bit_length() to
    verify the crypt algorithms key lengths.
    But wait there's more:
    - the algorithm parser should have already done this check so
      it is probably redundant
    - while the old code appeared to use spdb_alg extracted from the kernel
      when checking key lengths that appearance is deceptive,  for algorithms
      we're currently interested in (e.g., AES_GCM) those values are
      hard wired into pluto
    - the code is assuming that the kernel supports all key lengths
      listed in the ike_alg DB; for current algorithms I'm pretty sure that's
      true (and if it isn't then the place to fix it is in the parser and
      not here

More information about the Swan-commit mailing list