diff options
Diffstat (limited to 'sbin/isakmpd')
-rw-r--r-- | sbin/isakmpd/ipsec.c | 8 | ||||
-rw-r--r-- | sbin/isakmpd/pf_key_v2.c | 5 | ||||
-rw-r--r-- | sbin/isakmpd/policy.c | 5 | ||||
-rw-r--r-- | sbin/isakmpd/sa.c | 10 |
4 files changed, 18 insertions, 10 deletions
diff --git a/sbin/isakmpd/ipsec.c b/sbin/isakmpd/ipsec.c index 372d69a8181..82bad92a94f 100644 --- a/sbin/isakmpd/ipsec.c +++ b/sbin/isakmpd/ipsec.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ipsec.c,v 1.72 2002/11/21 12:09:20 ho Exp $ */ +/* $OpenBSD: ipsec.c,v 1.73 2003/05/12 21:43:21 ho Exp $ */ /* $EOM: ipsec.c,v 1.143 2000/12/11 23:57:42 niklas Exp $ */ /* @@ -891,7 +891,8 @@ ipsec_validate_transform_id (u_int8_t proto, u_int8_t transform_id) transform_id < IPSEC_AH_MD5 || transform_id > IPSEC_AH_DES ? -1 : 0; case IPSEC_PROTO_IPSEC_ESP: return transform_id < IPSEC_ESP_DES_IV64 - || (transform_id > IPSEC_ESP_AES && transform_id < IPSEC_ESP_AES_MARS) + || (transform_id > IPSEC_ESP_AES_128_CTR + && transform_id < IPSEC_ESP_AES_MARS) || transform_id > IPSEC_ESP_AES_TWOFISH ? -1 : 0; case IPSEC_PROTO_IPCOMP: return transform_id < IPSEC_IPCOMP_OUI @@ -1702,7 +1703,8 @@ ipsec_esp_enckeylength (struct proto *proto) if (!iproto->keylen) return 16; return iproto->keylen / 8; - case IPSEC_ESP_AES: + case IPSEC_ESP_AES_128_CBC: + case IPSEC_ESP_AES_128_CTR: if (!iproto->keylen) return 16; /* Fallthrough */ diff --git a/sbin/isakmpd/pf_key_v2.c b/sbin/isakmpd/pf_key_v2.c index cf84e447df6..832902990ef 100644 --- a/sbin/isakmpd/pf_key_v2.c +++ b/sbin/isakmpd/pf_key_v2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_key_v2.c,v 1.125 2003/05/11 02:16:54 markus Exp $ */ +/* $OpenBSD: pf_key_v2.c,v 1.126 2003/05/12 21:43:21 ho Exp $ */ /* $EOM: pf_key_v2.c,v 1.79 2000/12/12 00:33:19 niklas Exp $ */ /* @@ -911,7 +911,8 @@ pf_key_v2_set_spi (struct sa *sa, struct proto *proto, int incoming, break; #ifdef SADB_X_EALG_AES - case IPSEC_ESP_AES: + case IPSEC_ESP_AES_128_CBC: + /* case IPSEC_ESP_AES_128_CTR: */ ssa.sadb_sa_encrypt = SADB_X_EALG_AES; break; #endif diff --git a/sbin/isakmpd/policy.c b/sbin/isakmpd/policy.c index d8dcae5cc7d..47e6a141a09 100644 --- a/sbin/isakmpd/policy.c +++ b/sbin/isakmpd/policy.c @@ -1,4 +1,4 @@ -/* $OpenBSD: policy.c,v 1.57 2002/11/14 16:38:05 ho Exp $ */ +/* $OpenBSD: policy.c,v 1.58 2003/05/12 21:43:22 ho Exp $ */ /* $EOM: policy.c,v 1.49 2000/10/24 13:33:39 niklas Exp $ */ /* @@ -293,7 +293,8 @@ policy_callback (char *name) esp_enc_alg = "3des"; break; - case IPSEC_ESP_AES: + case IPSEC_ESP_AES_128_CBC: + case IPSEC_ESP_AES_128_CTR: esp_enc_alg = "aes"; break; diff --git a/sbin/isakmpd/sa.c b/sbin/isakmpd/sa.c index 90101de08ff..c022cb5b1bc 100644 --- a/sbin/isakmpd/sa.c +++ b/sbin/isakmpd/sa.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sa.c,v 1.65 2002/11/21 12:09:20 ho Exp $ */ +/* $OpenBSD: sa.c,v 1.66 2003/05/12 21:43:22 ho Exp $ */ /* $EOM: sa.c,v 1.112 2000/12/12 00:22:52 niklas Exp $ */ /* @@ -535,8 +535,12 @@ report_proto (FILE *fd, struct proto *proto) fprintf (fd, "3DES\n"); break; - case IPSEC_ESP_AES: - fprintf (fd, "Rijndael-128/AES\n"); + case IPSEC_ESP_AES_128_CBC: + fprintf (fd, "AES-128 (CBC)\n"); + break; + + case IPSEC_ESP_AES_128_CTR: + fprintf (fd, "AES-128 (CTR)\n"); break; case IPSEC_ESP_CAST: |