Merge with EOM 1.48

author: angelos
Fix comment.

author: angelos
Add RIPEMD negotiation/configuration.

1 files changed, 16 insertions, 5 deletions

diff --git a/sbin/isakmpd/policy.c b/sbin/isakmpd/policy.c
index b097d377b0a..0ab47e14ece 100644
--- a/sbin/isakmpd/policy.c
+++ b/sbin/isakmpd/policy.c
@@ -1,5 +1,5 @@
-/*	$OpenBSD: policy.c,v 1.16 2000/10/09 23:27:31 niklas Exp $	*/
-/*	$EOM: policy.c,v 1.46 2000/10/09 22:08:29 angelos Exp $ */
+/*	$OpenBSD: policy.c,v 1.17 2000/10/16 23:28:43 niklas Exp $	*/
+/*	$EOM: policy.c,v 1.48 2000/10/14 20:19:51 angelos Exp $ */
 
 /*
  * Copyright (c) 1999, 2000 Angelos D. Keromytis.  All rights reserved.
@@ -290,6 +290,10 @@ policy_callback (char *name)
 		  ah_hash_alg = "sha";
 		  break;
 
+		case IPSEC_AH_RIPEMD:
+		  ah_hash_alg = "ripemd";
+		  break;
+
 		case IPSEC_AH_DES:
 		  ah_hash_alg = "des";
 		  break;
@@ -541,6 +545,10 @@ policy_callback (char *name)
 			  ah_auth_alg = "hmac-sha";
 			  break;
 
+			case IPSEC_AUTH_HMAC_RIPEMD:
+			  ah_auth_alg = "hmac-ripemd";
+			  break;
+
 			case IPSEC_AUTH_DES_MAC:
 			  ah_auth_alg = "des-mac";
 			  break;
@@ -562,6 +570,10 @@ policy_callback (char *name)
 			  esp_auth_alg = "hmac-sha";
 			  break;
 
+			case IPSEC_AUTH_HMAC_RIPEMD:
+			  esp_auth_alg = "hmac-ripemd";
+			  break;
+
 			case IPSEC_AUTH_DES_MAC:
 			  esp_auth_alg = "des-mac";
 			  break;
@@ -1521,9 +1533,8 @@ keynote_cert_get (u_int8_t *data, u_int32_t len)
 }
 
 /*
- * We just verify the signature on the certificates.
- * XXX Is this the right thing to do -- verify the signature on all
- * XXX credentials ?
+ * We just verify the signature on the credentials.
+ * On signature failure, just drop the whole payload.
  */
 int
 keynote_cert_validate (void *scert)