[Swan-commit] Changes to ref refs/heads/master

Fri Feb 28 00:29:46 UTC 2020

New commits:
commit 412a6e8d8642a9a28bfe3d221526a30874f3a975
Merge: 5c060cf fda30e0
Author: Andrew Cagney <cagney at gnu.org>
Date:   Thu Feb 27 19:23:10 2020 -0500

    x509: merge lsw_add_{rsa,ecdsa}_secret() into lsw_add_secret()
    
    Part of the never ending RSA+ECDSA merge saga.
    
    Also:
    
    - fix leak when an RSA key in ipsec.secrets doesn't load
    - fix leaks when an NSS private key doesn't load
    - use ckaid when searching for an existing private key
      (ECDSA's code for doing this was broken)
    
    Merge commit 'fda30e0fbabfce1159e4ca7ab51ff5709bbe3bf5'

commit fda30e0fbabfce1159e4ca7ab51ff5709bbe3bf5
Author: Andrew Cagney <cagney at gnu.org>
Date:   Thu Feb 27 13:40:13 2020 -0500

    x509: add struct pubkey_type .secret_sane(), fix leak failing to read RSA ipsec.secrets
    
    ECDSA keys are assumed to be sane.

commit f0cf8cdf112a5ed2342c32b1b3a7d6e5f0866257
Author: Andrew Cagney <cagney at gnu.org>
Date:   Thu Feb 27 12:21:37 2020 -0500

    x509: use the ckaid to identify a duplicate private key
    
    Both for RSA and CKAID (CKAID was broken).
    
    brave or foolish?

commit 256c5fe65e318ca41d72c668e6dba0d608f71c23
Author: Andrew Cagney <cagney at gnu.org>
Date:   Thu Feb 27 11:48:56 2020 -0500

    x509: hopefully stop invalid (RSA) keys leaking
    
    this adds .pubkey_type to private_key_stuff (PKS) so .free_secret_content
    can be called given just a PKS.

commit 5d46c84321dec40dfe460d7052b349ef3263b15f
Author: Andrew Cagney <cagney at gnu.org>
Date:   Thu Feb 27 11:07:54 2020 -0500

    x509: mush add_{rsa,ckaid}_to_ecdsa_privkey() into {ECDSA,RSA}_unpack_secret_content()
    
    Add to struct pubkey_type as .unpack_secret_content().
    Also add and stub struct pubkey_type .free_secret_content() - if the
    rsa key is invalid the content is leaked (since?).

commit d96e68fdef494e639f3d4dd6f4588a2937ed8482
Author: Andrew Cagney <cagney at gnu.org>
Date:   Wed Feb 26 20:37:40 2020 -0500

    ckaid: assume malloc works - replace form_ckaid_nss() with clone_nss_ckaid()

commit 1ef1f91cccc1ba67c30c6b466fe1426bb3ee3eca
Author: Andrew Cagney <cagney at gnu.org>
Date:   Wed Feb 26 14:40:26 2020 -0500

    x509: slice the common head off add_ckaid_to_{ecdsa,rsa}_privkey() grafting it into lsw_add_secret()

commit 41c74f378637f3bbb1cd22349792ba176b0896d2
Author: Andrew Cagney <cagney at gnu.org>
Date:   Wed Feb 26 13:41:48 2020 -0500

    x509: blungeon lsw_extract_nss_cert_privkey_RSA,ECDSA}() into lsw_add_secret()

commit a8c45dbe86d375a5fdf2618f56075cce561e8eb6
Author: Andrew Cagney <cagney at gnu.org>
Date:   Wed Feb 26 13:31:31 2020 -0500

    x509: stuff both lsw_add_{rsa,ecdsa}_secret() into lsw_add_secret()

commit bab6d9c264ddb0b6cf1cda213abdb1d5b770811b
Author: Andrew Cagney <cagney at gnu.org>
Date:   Wed Feb 26 13:11:56 2020 -0500

    x508: add lsw_add_secret()+add_pubkey_secret(), wrap lsw_add_{rsa,ecdsa}_secret()