[Swan-commit] Changes to ref refs/heads/master
Andrew Cagney
cagney at vault.libreswan.fi
Fri Feb 28 00:29:46 UTC 2020
New commits:
commit 412a6e8d8642a9a28bfe3d221526a30874f3a975
Merge: 5c060cf fda30e0
Author: Andrew Cagney <cagney at gnu.org>
Date: Thu Feb 27 19:23:10 2020 -0500
x509: merge lsw_add_{rsa,ecdsa}_secret() into lsw_add_secret()
Part of the never ending RSA+ECDSA merge saga.
Also:
- fix leak when an RSA key in ipsec.secrets doesn't load
- fix leaks when an NSS private key doesn't load
- use ckaid when searching for an existing private key
(ECDSA's code for doing this was broken)
Merge commit 'fda30e0fbabfce1159e4ca7ab51ff5709bbe3bf5'
commit fda30e0fbabfce1159e4ca7ab51ff5709bbe3bf5
Author: Andrew Cagney <cagney at gnu.org>
Date: Thu Feb 27 13:40:13 2020 -0500
x509: add struct pubkey_type .secret_sane(), fix leak failing to read RSA ipsec.secrets
ECDSA keys are assumed to be sane.
commit f0cf8cdf112a5ed2342c32b1b3a7d6e5f0866257
Author: Andrew Cagney <cagney at gnu.org>
Date: Thu Feb 27 12:21:37 2020 -0500
x509: use the ckaid to identify a duplicate private key
Both for RSA and CKAID (CKAID was broken).
brave or foolish?
commit 256c5fe65e318ca41d72c668e6dba0d608f71c23
Author: Andrew Cagney <cagney at gnu.org>
Date: Thu Feb 27 11:48:56 2020 -0500
x509: hopefully stop invalid (RSA) keys leaking
this adds .pubkey_type to private_key_stuff (PKS) so .free_secret_content
can be called given just a PKS.
commit 5d46c84321dec40dfe460d7052b349ef3263b15f
Author: Andrew Cagney <cagney at gnu.org>
Date: Thu Feb 27 11:07:54 2020 -0500
x509: mush add_{rsa,ckaid}_to_ecdsa_privkey() into {ECDSA,RSA}_unpack_secret_content()
Add to struct pubkey_type as .unpack_secret_content().
Also add and stub struct pubkey_type .free_secret_content() - if the
rsa key is invalid the content is leaked (since?).
commit d96e68fdef494e639f3d4dd6f4588a2937ed8482
Author: Andrew Cagney <cagney at gnu.org>
Date: Wed Feb 26 20:37:40 2020 -0500
ckaid: assume malloc works - replace form_ckaid_nss() with clone_nss_ckaid()
commit 1ef1f91cccc1ba67c30c6b466fe1426bb3ee3eca
Author: Andrew Cagney <cagney at gnu.org>
Date: Wed Feb 26 14:40:26 2020 -0500
x509: slice the common head off add_ckaid_to_{ecdsa,rsa}_privkey() grafting it into lsw_add_secret()
commit 41c74f378637f3bbb1cd22349792ba176b0896d2
Author: Andrew Cagney <cagney at gnu.org>
Date: Wed Feb 26 13:41:48 2020 -0500
x509: blungeon lsw_extract_nss_cert_privkey_RSA,ECDSA}() into lsw_add_secret()
commit a8c45dbe86d375a5fdf2618f56075cce561e8eb6
Author: Andrew Cagney <cagney at gnu.org>
Date: Wed Feb 26 13:31:31 2020 -0500
x509: stuff both lsw_add_{rsa,ecdsa}_secret() into lsw_add_secret()
commit bab6d9c264ddb0b6cf1cda213abdb1d5b770811b
Author: Andrew Cagney <cagney at gnu.org>
Date: Wed Feb 26 13:11:56 2020 -0500
x508: add lsw_add_secret()+add_pubkey_secret(), wrap lsw_add_{rsa,ecdsa}_secret()
More information about the Swan-commit
mailing list