diff options
Diffstat (limited to 'sbin')
| -rw-r--r-- | sbin/ipsecctl/ipsec.conf.5 | 11 | ||||
| -rw-r--r-- | sbin/ipsecctl/ipsecctl.h | 4 | ||||
| -rw-r--r-- | sbin/ipsecctl/parse.y | 3 | ||||
| -rw-r--r-- | sbin/ipsecctl/pfkdump.c | 6 | ||||
| -rw-r--r-- | sbin/ipsecctl/pfkey.c | 5 |
5 files changed, 9 insertions, 20 deletions
diff --git a/sbin/ipsecctl/ipsec.conf.5 b/sbin/ipsecctl/ipsec.conf.5 index d8b28704309..4d3557d1184 100644 --- a/sbin/ipsecctl/ipsec.conf.5 +++ b/sbin/ipsecctl/ipsec.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ipsec.conf.5,v 1.129 2010/09/23 11:43:51 mikeb Exp $ +.\" $OpenBSD: ipsec.conf.5,v 1.130 2010/10/06 22:19:20 mikeb Exp $ .\" .\" Copyright (c) 2004 Mathieu Sauve-Frankel All rights reserved. .\" @@ -22,7 +22,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: September 23 2010 $ +.Dd $Mdocdate: October 6 2010 $ .Dt IPSEC.CONF 5 .Os .Sh NAME @@ -620,14 +620,11 @@ keyword: .It Li aes-256-gmac Ta "288 bits" Ta "[phase 2 only]" .It Li blowfish Ta "160 bits" .It Li cast Ta "128 bits" -.It Li skipjack Ta "80 bits" .It Li null Ta "(none)" Ta "[phase 2 only]" .El .Pp -Use of DES or Skipjack as an encryption algorithm is not recommended -(except for backwards compatibility) due to their short key length. -Furthermore, attacks on Skipjack have shown severe weaknesses -in its structure. +Use of DES as an encryption algorithm is not recommended +(except for backwards compatibility) due to its short key length. .Pp DES requires 8 bytes to form a 56-bit key and 3DES requires 24 bytes to form its 168-bit key. diff --git a/sbin/ipsecctl/ipsecctl.h b/sbin/ipsecctl/ipsecctl.h index d0d88109eda..b88b07ab525 100644 --- a/sbin/ipsecctl/ipsecctl.h +++ b/sbin/ipsecctl/ipsecctl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ipsecctl.h,v 1.60 2010/09/22 14:04:09 mikeb Exp $ */ +/* $OpenBSD: ipsecctl.h,v 1.61 2010/10/06 22:19:20 mikeb Exp $ */ /* * Copyright (c) 2004, 2005 Hans-Joerg Hoexer <hshoexer@openbsd.org> * @@ -66,7 +66,7 @@ enum { ENCXF_AES_128, ENCXF_AES_192, ENCXF_AES_256, ENCXF_AESCTR, ENCXF_AES_128_GCM, ENCXF_AES_192_GCM, ENCXF_AES_256_GCM, ENCXF_AES_128_GMAC, ENCXF_AES_192_GMAC, ENCXF_AES_256_GMAC, - ENCXF_BLOWFISH, ENCXF_CAST128, ENCXF_NULL, ENCXF_SKIPJACK + ENCXF_BLOWFISH, ENCXF_CAST128, ENCXF_NULL }; enum { COMPXF_UNKNOWN, COMPXF_DEFLATE, COMPXF_LZS diff --git a/sbin/ipsecctl/parse.y b/sbin/ipsecctl/parse.y index 0afe1c29767..d978faa9606 100644 --- a/sbin/ipsecctl/parse.y +++ b/sbin/ipsecctl/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.149 2010/09/22 14:04:09 mikeb Exp $ */ +/* $OpenBSD: parse.y,v 1.150 2010/10/06 22:19:20 mikeb Exp $ */ /* * Copyright (c) 2002, 2003, 2004 Henning Brauer <henning@openbsd.org> @@ -116,7 +116,6 @@ const struct ipsec_xf encxfs[] = { { "blowfish", ENCXF_BLOWFISH, 5, 56, 0 }, { "cast128", ENCXF_CAST128, 5, 16, 0 }, { "null", ENCXF_NULL, 0, 0, 0 }, - { "skipjack", ENCXF_SKIPJACK, 10, 10, 0 }, { NULL, 0, 0, 0, 0 }, }; diff --git a/sbin/ipsecctl/pfkdump.c b/sbin/ipsecctl/pfkdump.c index 8c502d0b85c..6c9cfff01de 100644 --- a/sbin/ipsecctl/pfkdump.c +++ b/sbin/ipsecctl/pfkdump.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfkdump.c,v 1.28 2010/09/22 14:04:09 mikeb Exp $ */ +/* $OpenBSD: pfkdump.c,v 1.29 2010/10/06 22:19:20 mikeb Exp $ */ /* * Copyright (c) 2003 Markus Friedl. All rights reserved. @@ -184,7 +184,6 @@ struct idname enc_types[] = { { SADB_EALG_NULL, "null", NULL }, { SADB_X_EALG_RC4, "rc4", NULL }, { SADB_X_EALG_RC5, "rc5", NULL }, - { SADB_X_EALG_SKIPJACK, "skipjack", NULL }, { 0, NULL, NULL } }; @@ -748,9 +747,6 @@ pfkey_print_sa(struct sadb_msg *msg, int opts) case SADB_EALG_NULL: xfs.encxf = &encxfs[ENCXF_NULL]; break; - case SADB_X_EALG_SKIPJACK: - xfs.encxf = &encxfs[ENCXF_SKIPJACK]; - break; } } if (sa->sadb_sa_auth) { diff --git a/sbin/ipsecctl/pfkey.c b/sbin/ipsecctl/pfkey.c index ad8dc2c14ad..0c134162419 100644 --- a/sbin/ipsecctl/pfkey.c +++ b/sbin/ipsecctl/pfkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfkey.c,v 1.50 2010/09/22 14:04:09 mikeb Exp $ */ +/* $OpenBSD: pfkey.c,v 1.51 2010/10/06 22:19:20 mikeb Exp $ */ /* * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org> * Copyright (c) 2003, 2004 Markus Friedl <markus@openbsd.org> @@ -515,9 +515,6 @@ pfkey_sa(int sd, u_int8_t satype, u_int8_t action, u_int32_t spi, case ENCXF_NULL: sa.sadb_sa_encrypt = SADB_EALG_NULL; break; - case ENCXF_SKIPJACK: - sa.sadb_sa_encrypt = SADB_X_EALG_SKIPJACK; - break; default: warnx("unsupported encryption algorithm %d", xfs->encxf->id); |