diff options
| author | Markus Friedl <markus@cvs.openbsd.org> | 2005-05-10 13:42:12 +0000 |
|---|---|---|
| committer | Markus Friedl <markus@cvs.openbsd.org> | 2005-05-10 13:42:12 +0000 |
| commit | 871030bbf20d828a2cf476cf4e1e751a1cf70c3d (patch) | |
| tree | cf82fc6a2aa620810c4c200abc5df94df3334c5b | |
| parent | 0d5699d5552a32f081891a1e532434a13e6a8885 (diff) | |
support NULL encryption for ESP; ok hshoexer, ho
| -rw-r--r-- | sys/crypto/cryptosoft.c | 5 | ||||
| -rw-r--r-- | sys/net/pfkeyv2.c | 3 | ||||
| -rw-r--r-- | sys/net/pfkeyv2_convert.c | 6 | ||||
| -rw-r--r-- | sys/netinet/ip_esp.c | 11 |
4 files changed, 20 insertions, 5 deletions
diff --git a/sys/crypto/cryptosoft.c b/sys/crypto/cryptosoft.c index 1b582f99879..e1fdd00cae4 100644 --- a/sys/crypto/cryptosoft.c +++ b/sys/crypto/cryptosoft.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cryptosoft.c,v 1.43 2005/05/02 22:19:10 markus Exp $ */ +/* $OpenBSD: cryptosoft.c,v 1.44 2005/05/10 13:42:11 markus Exp $ */ /* * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu) @@ -94,6 +94,9 @@ swcr_encdec(struct cryptodesc *crd, struct swcr_data *sw, caddr_t buf, if (crd->crd_len % blks) return EINVAL; + if (exf == &enc_xform_null) + return (0); + if (outtype == CRYPTO_BUF_MBUF) m = (struct mbuf *) buf; else diff --git a/sys/net/pfkeyv2.c b/sys/net/pfkeyv2.c index 1a67f9e25f2..fc503aaccaf 100644 --- a/sys/net/pfkeyv2.c +++ b/sys/net/pfkeyv2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfkeyv2.c,v 1.101 2005/04/04 22:18:47 hshoexer Exp $ */ +/* $OpenBSD: pfkeyv2.c,v 1.102 2005/05/10 13:42:11 markus Exp $ */ /* * @(#)COPYRIGHT 1.1 (NRL) 17 January 1995 @@ -94,6 +94,7 @@ static int nregistered = 0; static int npromisc = 0; static const struct sadb_alg ealgs[] = { + { SADB_EALG_NULL, 0, 0, 0 }, { SADB_EALG_DESCBC, 64, 64, 64 }, { SADB_EALG_3DESCBC, 64, 192, 192 }, { SADB_X_EALG_BLF, 64, 40, BLF_MAXKEYLEN * 8}, diff --git a/sys/net/pfkeyv2_convert.c b/sys/net/pfkeyv2_convert.c index 7552bd67693..54a44f13765 100644 --- a/sys/net/pfkeyv2_convert.c +++ b/sys/net/pfkeyv2_convert.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfkeyv2_convert.c,v 1.21 2004/08/10 16:17:05 ho Exp $ */ +/* $OpenBSD: pfkeyv2_convert.c,v 1.22 2005/05/10 13:42:11 markus Exp $ */ /* * The author of this code is Angelos D. Keromytis (angelos@keromytis.org) * @@ -214,6 +214,10 @@ export_sa(void **p, struct tdb *tdb) if (tdb->tdb_encalgxform) { switch (tdb->tdb_encalgxform->type) { + case CRYPTO_NULL: + sadb_sa->sadb_sa_encrypt = SADB_EALG_NULL; + break; + case CRYPTO_DES_CBC: sadb_sa->sadb_sa_encrypt = SADB_EALG_DESCBC; break; diff --git a/sys/netinet/ip_esp.c b/sys/netinet/ip_esp.c index 57f22ccb83b..47cff502423 100644 --- a/sys/netinet/ip_esp.c +++ b/sys/netinet/ip_esp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_esp.c,v 1.88 2003/12/10 07:22:43 itojun Exp $ */ +/* $OpenBSD: ip_esp.c,v 1.89 2005/05/10 13:42:11 markus Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr) and @@ -97,6 +97,10 @@ esp_init(struct tdb *tdbp, struct xformsw *xsp, struct ipsecinit *ii) if (ii->ii_encalg) { switch (ii->ii_encalg) { + case SADB_EALG_NULL: + txform = &enc_xform_null; + break; + case SADB_EALG_DESCBC: txform = &enc_xform_des; break; @@ -141,7 +145,10 @@ esp_init(struct tdb *tdbp, struct xformsw *xsp, struct ipsecinit *ii) DPRINTF(("esp_init(): initialized TDB with enc algorithm %s\n", txform->name)); - tdbp->tdb_ivlen = txform->blocksize; + if (ii->ii_encalg == SADB_EALG_NULL) + tdbp->tdb_ivlen = 0; + else + tdbp->tdb_ivlen = txform->blocksize; if (tdbp->tdb_flags & TDBF_HALFIV) tdbp->tdb_ivlen /= 2; } |