1 files changed, 31 insertions, 5 deletions

diff --git a/usr.sbin/bgpd/pfkey.c b/usr.sbin/bgpd/pfkey.c
index 92136c2bf2c..6da7de6519c 100644
--- a/usr.sbin/bgpd/pfkey.c
+++ b/usr.sbin/bgpd/pfkey.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pfkey.c,v 1.62 2022/02/06 09:51:19 claudio Exp $ */
+/*	$OpenBSD: pfkey.c,v 1.63 2022/06/15 14:09:30 claudio Exp $ */
 
 /*
  * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
@@ -590,6 +590,32 @@ fail:
 	return (-1);
 }
 
+static uint8_t
+pfkey_auth_alg(enum auth_alg alg)
+{
+	switch (alg) {
+	case AUTH_AALG_SHA1HMAC:
+		return SADB_AALG_SHA1HMAC;
+	case AUTH_AALG_MD5HMAC:
+		return SADB_AALG_MD5HMAC;
+	default:
+		return SADB_AALG_NONE;
+	}
+}
+
+static uint8_t
+pfkey_enc_alg(enum auth_enc_alg alg)
+{
+	switch (alg) {
+	case AUTH_EALG_3DESCBC:
+		return SADB_EALG_3DESCBC;
+	case AUTH_EALG_AES:
+		return SADB_X_EALG_AES;
+	default:
+		return SADB_AALG_NONE;
+	}
+}
+
 static int
 pfkey_ipsec_establish(struct peer *p)
 {
@@ -616,10 +642,10 @@ pfkey_ipsec_establish(struct peer *p)
 		if (pfkey_send(pfkey_fd, satype, SADB_ADD, 0,
 		    local_addr, &p->conf.remote_addr,
 		    p->conf.auth.spi_out,
-		    p->conf.auth.auth_alg_out,
+		    pfkey_auth_alg(p->conf.auth.auth_alg_out),
 		    p->conf.auth.auth_keylen_out,
 		    p->conf.auth.auth_key_out,
-		    p->conf.auth.enc_alg_out,
+		    pfkey_enc_alg(p->conf.auth.enc_alg_out),
 		    p->conf.auth.enc_keylen_out,
 		    p->conf.auth.enc_key_out,
 		    0, 0) == -1)
@@ -629,10 +655,10 @@ pfkey_ipsec_establish(struct peer *p)
 		if (pfkey_send(pfkey_fd, satype, SADB_ADD, 0,
 		    &p->conf.remote_addr, local_addr,
 		    p->conf.auth.spi_in,
-		    p->conf.auth.auth_alg_in,
+		    pfkey_auth_alg(p->conf.auth.auth_alg_in),
 		    p->conf.auth.auth_keylen_in,
 		    p->conf.auth.auth_key_in,
-		    p->conf.auth.enc_alg_in,
+		    pfkey_enc_alg(p->conf.auth.enc_alg_in),
 		    p->conf.auth.enc_keylen_in,
 		    p->conf.auth.enc_key_in,
 		    0, 0) == -1)