From: angelos <angelos@openbsd.org>
Date: Tue, 28 Mar 2000 07:04:02 +0000 (+0000)
Subject: Allow authentication-only ESP (must have broken it in the previous
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=31bce28b1361932a9e11a20f041e0191881d85cd;p=openbsd

Allow authentication-only ESP (must have broken it in the previous
round of commits).
---

diff --git a/sys/netinet/ip_esp.c b/sys/netinet/ip_esp.c
index 4713d5c3004..2abebc3285f 100644
--- a/sys/netinet/ip_esp.c
+++ b/sys/netinet/ip_esp.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ip_esp.c,v 1.35 2000/03/25 04:57:51 angelos Exp $ */
+/*	$OpenBSD: ip_esp.c,v 1.36 2000/03/28 07:04:02 angelos Exp $ */
 
 /*
  * The authors of this code are John Ioannidis (ji@tla.org),
@@ -110,43 +110,46 @@ esp_init(struct tdb *tdbp, struct xformsw *xsp, struct ipsecinit *ii)
     struct auth_hash *thash = NULL;
     struct cryptoini cria, crie;
 
-    switch (ii->ii_encalg)
+    if (ii->ii_encalg)
     {
-	case SADB_EALG_DESCBC:
-	    txform = &enc_xform_des;
-	    break;
+	switch (ii->ii_encalg)
+	{
+	    case SADB_EALG_DESCBC:
+		txform = &enc_xform_des;
+		break;
 
-	case SADB_EALG_3DESCBC:
-	    txform = &enc_xform_3des;
-	    break;
+	    case SADB_EALG_3DESCBC:
+		txform = &enc_xform_3des;
+		break;
 
-	case SADB_X_EALG_BLF:
-	    txform = &enc_xform_blf;
-	    break;
+	    case SADB_X_EALG_BLF:
+		txform = &enc_xform_blf;
+		break;
 
-	case SADB_X_EALG_CAST:
-	    txform = &enc_xform_cast5;
-	    break;
+	    case SADB_X_EALG_CAST:
+		txform = &enc_xform_cast5;
+		break;
 
-	case SADB_X_EALG_SKIPJACK:
-	    txform = &enc_xform_skipjack;
-	    break;
+	    case SADB_X_EALG_SKIPJACK:
+		txform = &enc_xform_skipjack;
+		break;
 
-	default:
-	    DPRINTF(("esp_init(): unsupported encryption algorithm %d specified\n", ii->ii_encalg));
-	    return EINVAL;
-    }
+	    default:
+		DPRINTF(("esp_init(): unsupported encryption algorithm %d specified\n", ii->ii_encalg));
+		return EINVAL;
+	}
 
-    if (ii->ii_enckeylen < txform->minkey)
-    {
-	DPRINTF(("esp_init(): keylength %d too small (min length is %d) for algorithm %s\n", ii->ii_enckeylen, txform->minkey, txform->name));
-	return EINVAL;
-    }
+	if (ii->ii_enckeylen < txform->minkey)
+	{
+	    DPRINTF(("esp_init(): keylength %d too small (min length is %d) for algorithm %s\n", ii->ii_enckeylen, txform->minkey, txform->name));
+	    return EINVAL;
+	}
     
-    if (ii->ii_enckeylen > txform->maxkey)
-    {
-	DPRINTF(("esp_init(): keylength %d too large (max length is %d) for algorithm %s\n", ii->ii_enckeylen, txform->maxkey, txform->name));
-	return EINVAL;
+	if (ii->ii_enckeylen > txform->maxkey)
+	{
+	    DPRINTF(("esp_init(): keylength %d too large (max length is %d) for algorithm %s\n", ii->ii_enckeylen, txform->maxkey, txform->name));
+	    return EINVAL;
+	}
     }
 
     if (ii->ii_authalg)
diff --git a/sys/netinet/ip_ipsp.c b/sys/netinet/ip_ipsp.c
index f6be7e24d00..3ef72b1e048 100644
--- a/sys/netinet/ip_ipsp.c
+++ b/sys/netinet/ip_ipsp.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ip_ipsp.c,v 1.81 2000/03/28 06:58:14 angelos Exp $	*/
+/*	$OpenBSD: ip_ipsp.c,v 1.82 2000/03/28 07:04:02 angelos Exp $	*/
 
 /*
  * The authors of this code are John Ioannidis (ji@tla.org),
@@ -1400,7 +1400,7 @@ tdb_init(struct tdb *tdbp, u_int16_t alg, struct ipsecinit *ii)
     DPRINTF(("tdb_init(): no alg %d for spi %08x, addr %s, proto %d\n", 
 	     alg, ntohl(tdbp->tdb_spi), ipsp_address(tdbp->tdb_dst),
 	     tdbp->tdb_sproto));
-    
+
     return EINVAL;
 }