[Swan-commit] Changes to ref refs/heads/master

Andrew Cagney cagney at vault.libreswan.fi
Tue Jul 24 21:25:44 UTC 2018

New commits:
commit 15f1993ea9888e242357bd931dac216feb3c25df
Author: Andrew Cagney <cagney at gnu.org>
Date:   Mon Jul 23 21:56:12 2018 -0400

    ikev1: fix optional key-length regression in an ESP proposal
    Merge ESP algorithm checks that were scattered across
    check_kernel_encrypt_alg, parse_ipsec_transform() and
    parse_ipsec_sa_body() into ikev1_verify_esp().  For key-length, just
    check it is valid, and that earlier code handled the missing /
    optional cases.
    In parse_ipsec_transform() remove all but the checks for a missing or
    optional key-length.  When optional, force .enckeylen to .keydeflen
    (it will remain 0 when 'null' encryption).  This way latter code can
    assume .enckeylen is correct and check it.
    In parse_ipsec_sa_body() use ikev1_verify_esp() to verify each
    proposal as it is parsed and not at the end after it has been sort of
    Delete check_kernel_encrypt_alg() as no longer used.
    Delete crypto_req_keysize(CRK_ESPorAH,...) as no longer used.
    Regression in 6e1368a4a51ab42ffa0e229e6c6b1b649776fd6e spotted
    by Hugh.

More information about the Swan-commit mailing list