diff options
| author | Angelos D. Keromytis <angelos@cvs.openbsd.org> | 2000-03-28 07:04:03 +0000 |
|---|---|---|
| committer | Angelos D. Keromytis <angelos@cvs.openbsd.org> | 2000-03-28 07:04:03 +0000 |
| commit | dcd5f23ea5851d7202f6c813ba7d18b378e29919 (patch) | |
| tree | 96b28535a80cf506c4f47aef4f393bb5a77a75f1 /sys | |
| parent | 2054a7c4dc3d3314da8cee458473442656483c6c (diff) | |
Allow authentication-only ESP (must have broken it in the previous
round of commits).
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/netinet/ip_esp.c | 63 | ||||
| -rw-r--r-- | sys/netinet/ip_ipsp.c | 4 |
2 files changed, 35 insertions, 32 deletions
diff --git a/sys/netinet/ip_esp.c b/sys/netinet/ip_esp.c index 4713d5c3004..2abebc3285f 100644 --- a/sys/netinet/ip_esp.c +++ b/sys/netinet/ip_esp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_esp.c,v 1.35 2000/03/25 04:57:51 angelos Exp $ */ +/* $OpenBSD: ip_esp.c,v 1.36 2000/03/28 07:04:02 angelos Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), @@ -110,43 +110,46 @@ esp_init(struct tdb *tdbp, struct xformsw *xsp, struct ipsecinit *ii) struct auth_hash *thash = NULL; struct cryptoini cria, crie; - switch (ii->ii_encalg) + if (ii->ii_encalg) { - case SADB_EALG_DESCBC: - txform = &enc_xform_des; - break; + switch (ii->ii_encalg) + { + case SADB_EALG_DESCBC: + txform = &enc_xform_des; + break; - case SADB_EALG_3DESCBC: - txform = &enc_xform_3des; - break; + case SADB_EALG_3DESCBC: + txform = &enc_xform_3des; + break; - case SADB_X_EALG_BLF: - txform = &enc_xform_blf; - break; + case SADB_X_EALG_BLF: + txform = &enc_xform_blf; + break; - case SADB_X_EALG_CAST: - txform = &enc_xform_cast5; - break; + case SADB_X_EALG_CAST: + txform = &enc_xform_cast5; + break; - case SADB_X_EALG_SKIPJACK: - txform = &enc_xform_skipjack; - break; + case SADB_X_EALG_SKIPJACK: + txform = &enc_xform_skipjack; + break; - default: - DPRINTF(("esp_init(): unsupported encryption algorithm %d specified\n", ii->ii_encalg)); - return EINVAL; - } + default: + DPRINTF(("esp_init(): unsupported encryption algorithm %d specified\n", ii->ii_encalg)); + return EINVAL; + } - if (ii->ii_enckeylen < txform->minkey) - { - DPRINTF(("esp_init(): keylength %d too small (min length is %d) for algorithm %s\n", ii->ii_enckeylen, txform->minkey, txform->name)); - return EINVAL; - } + if (ii->ii_enckeylen < txform->minkey) + { + DPRINTF(("esp_init(): keylength %d too small (min length is %d) for algorithm %s\n", ii->ii_enckeylen, txform->minkey, txform->name)); + return EINVAL; + } - if (ii->ii_enckeylen > txform->maxkey) - { - DPRINTF(("esp_init(): keylength %d too large (max length is %d) for algorithm %s\n", ii->ii_enckeylen, txform->maxkey, txform->name)); - return EINVAL; + if (ii->ii_enckeylen > txform->maxkey) + { + DPRINTF(("esp_init(): keylength %d too large (max length is %d) for algorithm %s\n", ii->ii_enckeylen, txform->maxkey, txform->name)); + return EINVAL; + } } if (ii->ii_authalg) diff --git a/sys/netinet/ip_ipsp.c b/sys/netinet/ip_ipsp.c index f6be7e24d00..3ef72b1e048 100644 --- a/sys/netinet/ip_ipsp.c +++ b/sys/netinet/ip_ipsp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ipsp.c,v 1.81 2000/03/28 06:58:14 angelos Exp $ */ +/* $OpenBSD: ip_ipsp.c,v 1.82 2000/03/28 07:04:02 angelos Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), @@ -1400,7 +1400,7 @@ tdb_init(struct tdb *tdbp, u_int16_t alg, struct ipsecinit *ii) DPRINTF(("tdb_init(): no alg %d for spi %08x, addr %s, proto %d\n", alg, ntohl(tdbp->tdb_spi), ipsp_address(tdbp->tdb_dst), tdbp->tdb_sproto)); - + return EINVAL; } |