diff options
| author | Hans-Joerg Hoexer <hshoexer@cvs.openbsd.org> | 2005-11-24 11:52:08 +0000 |
|---|---|---|
| committer | Hans-Joerg Hoexer <hshoexer@cvs.openbsd.org> | 2005-11-24 11:52:08 +0000 |
| commit | d7826759d3df119d214d67c8a85c0b53eff83041 (patch) | |
| tree | 42d1b9e4657c4f16d504e3d04e0abe5817fd3756 | |
| parent | 2cf7c4efd42cfae7cadf401bd542847522227b38 (diff) | |
Remove old-style keyed sha1/md5. We only support hmac-sha1/md5.
Noticed the hard way by <raff at brodewicz dot pl>
| -rw-r--r-- | sbin/ipsecctl/ike.c | 6 | ||||
| -rw-r--r-- | sbin/ipsecctl/ipsecctl.h | 4 | ||||
| -rw-r--r-- | sbin/ipsecctl/parse.y | 4 | ||||
| -rw-r--r-- | sbin/ipsecctl/pfkey.c | 8 |
4 files changed, 5 insertions, 17 deletions
diff --git a/sbin/ipsecctl/ike.c b/sbin/ipsecctl/ike.c index 83a0c8af4e5..3237ff89618 100644 --- a/sbin/ipsecctl/ike.c +++ b/sbin/ipsecctl/ike.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ike.c,v 1.9 2005/11/12 16:41:39 deraadt Exp $ */ +/* $OpenBSD: ike.c,v 1.10 2005/11/24 11:52:07 hshoexer Exp $ */ /* * Copyright (c) 2005 Hans-Joerg Hoexer <hshoexer@openbsd.org> * @@ -145,11 +145,9 @@ ike_section_qm(struct ipsec_addr_wrap *src, struct ipsec_addr_wrap *dst, if (qmxfs->authxf) { switch (qmxfs->authxf->id) { case AUTHXF_HMAC_MD5: - case AUTHXF_MD5: fprintf(fd, "MD5"); break; case AUTHXF_HMAC_SHA1: - case AUTHXF_SHA1: fprintf(fd, "SHA"); break; case AUTHXF_HMAC_RIPEMD160: @@ -215,11 +213,9 @@ ike_section_mm(struct ipsec_addr_wrap *peer, struct ipsec_transforms *mmxfs, if (mmxfs->authxf) { switch (mmxfs->authxf->id) { case AUTHXF_HMAC_MD5: - case AUTHXF_MD5: fprintf(fd, "MD5"); break; case AUTHXF_HMAC_SHA1: - case AUTHXF_SHA1: fprintf(fd, "SHA"); break; default: diff --git a/sbin/ipsecctl/ipsecctl.h b/sbin/ipsecctl/ipsecctl.h index f0340cf6e06..9c7e86029f8 100644 --- a/sbin/ipsecctl/ipsecctl.h +++ b/sbin/ipsecctl/ipsecctl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ipsecctl.h,v 1.23 2005/11/12 21:49:38 hshoexer Exp $ */ +/* $OpenBSD: ipsecctl.h,v 1.24 2005/11/24 11:52:07 hshoexer Exp $ */ /* * Copyright (c) 2004, 2005 Hans-Joerg Hoexer <hshoexer@openbsd.org> * @@ -58,7 +58,7 @@ enum { enum { AUTHXF_UNKNOWN, AUTHXF_NONE, AUTHXF_HMAC_MD5, AUTHXF_HMAC_RIPEMD160, AUTHXF_HMAC_SHA1, AUTHXF_HMAC_SHA2_256, AUTHXF_HMAC_SHA2_384, - AUTHXF_HMAC_SHA2_512, AUTHXF_MD5, AUTHXF_SHA1 + AUTHXF_HMAC_SHA2_512 }; enum { ENCXF_UNKNOWN, ENCXF_NONE, ENCXF_3DES_CBC, ENCXF_DES_CBC, ENCXF_AES, diff --git a/sbin/ipsecctl/parse.y b/sbin/ipsecctl/parse.y index d2b222ece0d..d7df1646299 100644 --- a/sbin/ipsecctl/parse.y +++ b/sbin/ipsecctl/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.40 2005/11/12 21:57:34 hshoexer Exp $ */ +/* $OpenBSD: parse.y,v 1.41 2005/11/24 11:52:07 hshoexer Exp $ */ /* * Copyright (c) 2002, 2003, 2004 Henning Brauer <henning@openbsd.org> @@ -62,8 +62,6 @@ const struct ipsec_xf authxfs[] = { { "hmac-sha2-256", AUTHXF_HMAC_SHA2_256, 32, 0 }, { "hmac-sha2-384", AUTHXF_HMAC_SHA2_384, 48, 0 }, { "hmac-sha2-512", AUTHXF_HMAC_SHA2_512, 64, 0 }, - { "md5", AUTHXF_MD5, 16, 0 }, - { "sha1", AUTHXF_SHA1, 20, 0 }, { NULL, 0, 0, 0 }, }; diff --git a/sbin/ipsecctl/pfkey.c b/sbin/ipsecctl/pfkey.c index 4a92e27cbbf..12500c8a8fe 100644 --- a/sbin/ipsecctl/pfkey.c +++ b/sbin/ipsecctl/pfkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfkey.c,v 1.30 2005/11/12 16:41:39 deraadt Exp $ */ +/* $OpenBSD: pfkey.c,v 1.31 2005/11/24 11:52:07 hshoexer Exp $ */ /* * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org> * Copyright (c) 2003, 2004 Markus Friedl <markus@openbsd.org> @@ -383,12 +383,6 @@ pfkey_sa(int sd, u_int8_t satype, u_int8_t action, u_int32_t spi, case AUTHXF_HMAC_SHA2_512: sa.sadb_sa_auth = SADB_X_AALG_SHA2_512; break; - case AUTHXF_MD5: - sa.sadb_sa_auth = SADB_X_AALG_MD5; - break; - case AUTHXF_SHA1: - sa.sadb_sa_auth = SADB_X_AALG_SHA1; - break; default: warnx("unsupported authentication algorithm %d", xfs->authxf->id); |