[Swan-commit] Changes to ref refs/heads/main
Andrew Cagney
cagney at vault.libreswan.fi
Fri Apr 2 18:33:06 UTC 2021
New commits:
commit c439c2dfe3eee3beb116743d4dac1c8a2212761a
Author: Andrew Cagney <cagney at gnu.org>
Date: Fri Apr 2 14:24:33 2021 -0400
testing: more authentication tweaks
commit cb6f1e729f90a8e854eb9ab47633f28e4afc1417
Author: Andrew Cagney <cagney at gnu.org>
Date: Fri Apr 2 11:14:51 2021 -0400
ikev2: some authentication log cleanups
- drop some redundant log lines; notably:
Digital Signature authentication using %s failed in %s
(should the "authenticated using ..." log line include this
trivia or is that just too much information and all that
matters is that it was authenticated?)
- prefix with "authentication failed: "
- log with RC_LOG_SERIOUS
(but ignore anything connected to pre-shared-key)
commit d1f61f2e38a2406a4d50caeac27a4fdab8a6b3b4
Author: Andrew Cagney <cagney at gnu.org>
Date: Fri Apr 2 09:38:55 2021 -0400
crypto: don't be subtle about who generates the signature authenticated log line
These generate the authenticated log line:
v2_check_auth() -> v2_authsig_and_log()
check_signature_gen() -> authsig_and_log_using_pubkey()
ikev2_verify_ecdsa_hash() -> v2_authsig_and_log_using_ECDSA_pubkey()
ikev2_verify_rsa_hash() -> v2_authsig_and_log_using_ECDSA_pubkey()
These do (should) not:
ikev2_verify_rsa_hash() -> v2_sigauth_using_RSA_pubkey()
ikev2_verify_ecdsa_hash() -> v2_sigauth_using_ECDSA_pubkey()
try_signature_fn -> sigauth_using_pubkey_fn
Which makes it hard to miss:
if (!authsig_and_log*())
log(exactly the same error)
commit 43e9d54c37f22b39d4bb6a6f9f74b6745699ef2d
Author: Andrew Cagney <cagney at gnu.org>
Date: Fri Apr 2 09:16:05 2021 -0400
kvm: simplify code handling ./kvm result
More information about the Swan-commit
mailing list