After deleting hifn(4) the only provider for the LZS compression

algorithm is gone. Reomve all LZS references from the tree. The v42bis in isakmpd also looks unsupported. OK mvs@ patrick@ sthen@
2025-01-03 06:45:37 -08:00 · 2021-10-22 12:30:53 +00:00 · 2021-10-22 12:30:53 +00:00 · 7834797cf9
commit 7834797cf9
parent fd04fa5bfc
22 changed files with 28 additions and 109 deletions
--- a/lib/libc/sys/sysctl.2
+++ b/lib/libc/sys/sysctl.2
@ -1,4 +1,4 @@
-.\"	$OpenBSD: sysctl.2,v 1.44 2021/05/18 05:26:26 claudio Exp $
+.\"	$OpenBSD: sysctl.2,v 1.45 2021/10/22 12:30:53 bluhm Exp $
 .\"
 .\" Copyright (c) 1993
 .\"	The Regents of the University of California.  All rights reserved.
@ -27,7 +27,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: May 18 2021 $
+.Dd $Mdocdate: October 22 2021 $
 .Dt SYSCTL 2
 .Os
 .Sh NAME
@ -1520,15 +1520,8 @@ The default value is 0.
 .It Li ip.ipsec-comp-alg Pq Va net.inet.ip.ipsec-comp-alg
 The compression algorithm to use with an IP Compression Association
 .Pq IPCA .
-Possible values are
+Currently the only possible value is
-.Dq deflate
+.Dq deflate .
 and
 .Dq lzs .
 Note that lzs is only available with
 .Xr hifn 4 .
 See
 .Xr ipsecctl 8
 for more information.
 .It Li ip.ipsec-enc-alg Pq Va net.inet.ip.ipsec-enc-alg
 This is the default encryption algorithm the kernel will instruct key
 management daemons to negotiate when establishing security
--- a/regress/sbin/ipsecctl/sa20.in
+++ b/regress/sbin/ipsecctl/sa20.in
@ -1,3 +1,2 @@
 ipcomp from 3ffe::1 to 3ffe::2 spi 0x1000:0x1001
 ipcomp from 3ffe::3 to 3ffe::4 spi 0x2000:0x2001 comp deflate
 ipcomp from 3ffe::5 to 3ffe::6 spi 0x3000:0x3001 comp lzs
--- a/regress/sbin/ipsecctl/sa20.ok
+++ b/regress/sbin/ipsecctl/sa20.ok
@ -2,5 +2,3 @@ ipcomp tunnel from 3ffe::1 to 3ffe::2 spi 0x00001000 comp deflate
 ipcomp tunnel from 3ffe::2 to 3ffe::1 spi 0x00001001 comp deflate
 ipcomp tunnel from 3ffe::3 to 3ffe::4 spi 0x00002000 comp deflate
 ipcomp tunnel from 3ffe::4 to 3ffe::3 spi 0x00002001 comp deflate
 ipcomp tunnel from 3ffe::5 to 3ffe::6 spi 0x00003000 comp lzs
 ipcomp tunnel from 3ffe::6 to 3ffe::5 spi 0x00003001 comp lzs
--- a/regress/sbin/ipsecctl/sa8.in
+++ b/regress/sbin/ipsecctl/sa8.in
@ -1,3 +1,2 @@
 ipcomp from 1.1.1.1 to 2.2.2.2 spi 0x1000:0x1001
 ipcomp from 3.3.3.3 to 4.4.4.4 spi 0x2000:0x2001 comp deflate
 ipcomp from 5.5.5.5 to 6.6.6.6 spi 0x3000:0x3001 comp lzs
--- a/regress/sbin/ipsecctl/sa8.ok
+++ b/regress/sbin/ipsecctl/sa8.ok
@ -2,5 +2,3 @@ ipcomp tunnel from 1.1.1.1 to 2.2.2.2 spi 0x00001000 comp deflate
 ipcomp tunnel from 2.2.2.2 to 1.1.1.1 spi 0x00001001 comp deflate
 ipcomp tunnel from 3.3.3.3 to 4.4.4.4 spi 0x00002000 comp deflate
 ipcomp tunnel from 4.4.4.4 to 3.3.3.3 spi 0x00002001 comp deflate
 ipcomp tunnel from 5.5.5.5 to 6.6.6.6 spi 0x00003000 comp lzs
 ipcomp tunnel from 6.6.6.6 to 5.5.5.5 spi 0x00003001 comp lzs
--- a/sbin/ipsecctl/ipsec.conf.5
+++ b/sbin/ipsecctl/ipsec.conf.5
@ -1,4 +1,4 @@
-.\"	$OpenBSD: ipsec.conf.5,v 1.159 2020/02/16 11:28:28 kn Exp $
+.\"	$OpenBSD: ipsec.conf.5,v 1.160 2021/10/22 12:30:54 bluhm Exp $
 .\"
 .\" Copyright (c) 2004 Mathieu Sauve-Frankel  All rights reserved.
 .\"
@ -22,7 +22,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: February 16 2020 $
+.Dd $Mdocdate: October 22 2021 $
 .Dt IPSEC.CONF 5
 .Os
 .Sh NAME
@ -907,20 +907,6 @@ If no algorithm is specified,
 will choose
 .Ar hmac-sha2-256
 by default.
 .\".It Xo
 .\".Ic comp
 .\".Aq Ar algorithm
 .\".Xc
 .\"The compression algorithm to be used.
 .\"Possible algorithms are
 .\".Ar deflate
 .\"and
 .\".Ar lzs .
 .\"Note that
 .\".Ar lzs
 .\"is only available with
 .\".Xr hifn 4
 .\"because of the patent held by Hifn, Inc.
 .It Ic enc Ar algorithm
 For ESP
 an encryption algorithm can be specified.
--- a/sbin/ipsecctl/ipsecctl.h
+++ b/sbin/ipsecctl/ipsecctl.h
@ -1,4 +1,4 @@
-/*	$OpenBSD: ipsecctl.h,v 1.74 2020/02/07 13:01:34 bluhm Exp $	*/
+/*	$OpenBSD: ipsecctl.h,v 1.75 2021/10/22 12:30:54 bluhm Exp $	*/
 /*
 * Copyright (c) 2004, 2005 Hans-Joerg Hoexer <hshoexer@openbsd.org>
 *
@ -71,7 +71,7 @@ enum {
 	ENCXF_BLOWFISH, ENCXF_CAST128, ENCXF_CHACHA20_POLY1305, ENCXF_NULL
 };
 enum {
-	COMPXF_UNKNOWN, COMPXF_DEFLATE, COMPXF_LZS
+	COMPXF_UNKNOWN, COMPXF_DEFLATE
 };
 enum {
 	GROUPXF_UNKNOWN, GROUPXF_NONE, GROUPXF_1, GROUPXF_2, GROUPXF_5,
--- a/sbin/ipsecctl/parse.y
+++ b/sbin/ipsecctl/parse.y
@ -1,4 +1,4 @@
-/*	$OpenBSD: parse.y,v 1.180 2021/10/15 15:01:27 naddy Exp $	*/
+/*	$OpenBSD: parse.y,v 1.181 2021/10/22 12:30:54 bluhm Exp $	*/
 /*
 * Copyright (c) 2002, 2003, 2004 Henning Brauer <henning@openbsd.org>
@ -129,7 +129,6 @@ const struct ipsec_xf encxfs[] = {
 const struct ipsec_xf compxfs[] = {
 	{ "unknown",		COMPXF_UNKNOWN,		0,	0 },
 	{ "deflate",		COMPXF_DEFLATE,		0,	0 },
 	{ "lzs",		COMPXF_LZS,		0,	0 },
 	{ NULL,			0,			0,	0 },
 };
--- a/sbin/ipsecctl/pfkdump.c
+++ b/sbin/ipsecctl/pfkdump.c
@ -1,4 +1,4 @@
-/*	$OpenBSD: pfkdump.c,v 1.54 2021/07/14 22:39:26 tobhe Exp $	*/
+/*	$OpenBSD: pfkdump.c,v 1.55 2021/10/22 12:30:54 bluhm Exp $	*/
 /*
 * Copyright (c) 2003 Markus Friedl.  All rights reserved.
@ -184,7 +184,6 @@ struct idname comp_types[] = {
 	{ SADB_X_CALG_NONE,		"none",			NULL },
 	{ SADB_X_CALG_OUI,		"oui",			NULL },
 	{ SADB_X_CALG_DEFLATE,		"deflate",		NULL },
 	{ SADB_X_CALG_LZS,		"lzs",			NULL },
 	{ 0,				NULL,			NULL }
 };
@ -756,9 +755,6 @@ pfkey_print_sa(struct sadb_msg *msg, int opts)
 			case SADB_X_CALG_DEFLATE:
 				xfs.compxf = &compxfs[COMPXF_DEFLATE];
 				break;
 			case SADB_X_CALG_LZS:
 				xfs.compxf = &compxfs[COMPXF_LZS];
 				break;
 			}
 		}
 	} else if (r.satype == IPSEC_TCPMD5) {
--- a/sbin/ipsecctl/pfkey.c
+++ b/sbin/ipsecctl/pfkey.c
@ -1,4 +1,4 @@
-/*	$OpenBSD: pfkey.c,v 1.62 2020/02/07 13:01:34 bluhm Exp $	*/
+/*	$OpenBSD: pfkey.c,v 1.63 2021/10/22 12:30:54 bluhm Exp $	*/
 /*
 * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
 * Copyright (c) 2003, 2004 Markus Friedl <markus@openbsd.org>
@ -527,9 +527,6 @@ pfkey_sa(int sd, u_int8_t satype, u_int8_t action, u_int32_t spi,
 		case COMPXF_DEFLATE:
 			sa.sadb_sa_encrypt = SADB_X_CALG_DEFLATE;
 			break;
 		case COMPXF_LZS:
 			sa.sadb_sa_encrypt = SADB_X_CALG_LZS;
 			break;
 		default:
 			warnx("unsupported compression algorithm %d",
 			    xfs->compxf->id);
--- a/sbin/isakmpd/ipsec.c
+++ b/sbin/isakmpd/ipsec.c
@ -1,4 +1,4 @@
-/* $OpenBSD: ipsec.c,v 1.150 2018/01/15 09:54:48 mpi Exp $	 */
+/* $OpenBSD: ipsec.c,v 1.151 2021/10/22 12:30:53 bluhm Exp $	 */
 /* $EOM: ipsec.c,v 1.143 2000/12/11 23:57:42 niklas Exp $	 */
 /*
@ -1019,7 +1019,7 @@ ipsec_validate_transform_id(u_int8_t proto, u_int8_t transform_id)
 		    transform_id > IPSEC_ESP_AES_TWOFISH ? -1 : 0;
 	case IPSEC_PROTO_IPCOMP:
 		return transform_id < IPSEC_IPCOMP_OUI ||
-		    transform_id > IPSEC_IPCOMP_V42BIS ? -1 : 0;
+		    transform_id > IPSEC_IPCOMP_DEFLATE ? -1 : 0;
 	}
 }
--- a/sbin/isakmpd/ipsec_num.cst
+++ b/sbin/isakmpd/ipsec_num.cst
@ -1,4 +1,4 @@
-#	$OpenBSD: ipsec_num.cst,v 1.20 2017/10/27 08:29:32 mpi Exp $
+#	$OpenBSD: ipsec_num.cst,v 1.21 2021/10/22 12:30:54 bluhm Exp $
 #	$EOM: ipsec_num.cst,v 1.5 2000/10/13 17:56:52 angelos Exp $
 #
@ -257,8 +257,6 @@ IPSEC_ESP
 IPSEC_IPCOMP
  OUI					1
  DEFLATE				2
  LZS					3
  V42BIS				4
 .
 # IPSEC notify message types.
--- a/sbin/isakmpd/isakmpd.policy.5
+++ b/sbin/isakmpd/isakmpd.policy.5
@ -1,4 +1,4 @@
-.\" $OpenBSD: isakmpd.policy.5,v 1.48 2016/01/11 09:52:03 jmc Exp $
+.\" $OpenBSD: isakmpd.policy.5,v 1.49 2021/10/22 12:30:54 bluhm Exp $
 .\" $EOM: isakmpd.policy.5,v 1.24 2000/11/23 12:55:25 niklas Exp $
 .\"
 .\" Copyright (c) 1999-2001, Angelos D. Keromytis.  All rights reserved.
@ -26,7 +26,7 @@
 .\"
 .\" Manual page, using -mandoc macros
 .\"
-.Dd $Mdocdate: January 11 2016 $
+.Dd $Mdocdate: October 22 2021 $
 .Dt ISAKMPD.POLICY 5
 .Os
 .Sh NAME
@ -356,10 +356,8 @@ Always set to
 .It comp_alg
 One of
 .Va oui ,
 .Va deflate ,
 .Va lzs ,
 or
-.Va v42bis ,
+.Va deflate ,
 based on the compression algorithm specified in the compression
 proposal.
 .It comp_dict_size
--- a/sbin/isakmpd/pf_key_v2.c
+++ b/sbin/isakmpd/pf_key_v2.c
@ -1,4 +1,4 @@
-/* $OpenBSD: pf_key_v2.c,v 1.201 2019/11/29 22:06:19 tobhe Exp $  */
+/* $OpenBSD: pf_key_v2.c,v 1.202 2021/10/22 12:30:54 bluhm Exp $  */
 /* $EOM: pf_key_v2.c,v 1.79 2000/12/12 00:33:19 niklas Exp $	 */
 /*
@ -1032,10 +1032,6 @@ pf_key_v2_set_spi(struct sa *sa, struct proto *proto, int incoming,
 			ssa.sadb_sa_encrypt = SADB_X_CALG_DEFLATE;
 			break;
 		case IPSEC_IPCOMP_LZS:
 			ssa.sadb_sa_encrypt = SADB_X_CALG_LZS;
 			break;
 		default:
 			break;
 		}
--- a/sbin/isakmpd/policy.c
+++ b/sbin/isakmpd/policy.c
@ -1,4 +1,4 @@
-/* $OpenBSD: policy.c,v 1.101 2019/07/03 03:24:02 deraadt Exp $	 */
+/* $OpenBSD: policy.c,v 1.102 2021/10/22 12:30:54 bluhm Exp $	 */
 /* $EOM: policy.c,v 1.49 2000/10/24 13:33:39 niklas Exp $ */
 /*
@ -346,14 +346,6 @@ policy_callback(char *name)
 				case IPSEC_IPCOMP_DEFLATE:
 					comp_alg = "deflate";
 					break;
 				case IPSEC_IPCOMP_LZS:
 					comp_alg = "lzs";
 					break;
 				case IPSEC_IPCOMP_V42BIS:
 					comp_alg = "v42bis";
 					break;
 				}
 				break;
--- a/sys/crypto/cryptodev.h
+++ b/sys/crypto/cryptodev.h
@ -1,4 +1,4 @@
-/*	$OpenBSD: cryptodev.h,v 1.78 2021/10/21 23:03:48 tobhe Exp $	*/
+/*	$OpenBSD: cryptodev.h,v 1.79 2021/10/22 12:30:53 bluhm Exp $	*/
 /*
 * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)
@ -91,7 +91,6 @@
 #define CRYPTO_AES_CBC		7  /* 128 bit blocksize -- the same as above */
 #define CRYPTO_DEFLATE_COMP	8  /* Deflate compression algorithm */
 #define CRYPTO_NULL		9
 #define CRYPTO_LZS_COMP		10 /* LZS compression algorithm */
 #define CRYPTO_SHA2_256_HMAC	11
 #define CRYPTO_SHA2_384_HMAC	12
 #define CRYPTO_SHA2_512_HMAC	13
--- a/sys/crypto/xform.c
+++ b/sys/crypto/xform.c
@ -1,4 +1,4 @@
-/*	$OpenBSD: xform.c,v 1.60 2021/07/08 09:22:30 bluhm Exp $	*/
+/*	$OpenBSD: xform.c,v 1.61 2021/10/22 12:30:53 bluhm Exp $	*/
 /*
 * The authors of this code are John Ioannidis (ji@tla.org),
 * Angelos D. Keromytis (kermit@csd.uch.gr),
@ -106,7 +106,6 @@ int SHA512Update_int(void *, const u_int8_t *, u_int16_t);
 u_int32_t deflate_compress(u_int8_t *, u_int32_t, u_int8_t **);
 u_int32_t deflate_decompress(u_int8_t *, u_int32_t, u_int8_t **);
 u_int32_t lzs_dummy(u_int8_t *, u_int32_t, u_int8_t **);
 struct aes_ctr_ctx {
 	AES_CTX		ac_key;
@ -306,12 +305,6 @@ const struct comp_algo comp_algo_deflate = {
 	deflate_decompress
 };
 const struct comp_algo comp_algo_lzs = {
 	CRYPTO_LZS_COMP, "LZS",
 	90, lzs_dummy,
 	lzs_dummy
 };
 /*
 * Encryption wrapper routines.
 */
@ -618,10 +611,3 @@ deflate_decompress(u_int8_t *data, u_int32_t size, u_int8_t **out)
 {
 	return deflate_global(data, size, 1, out);
 }
 u_int32_t
 lzs_dummy(u_int8_t *data, u_int32_t size, u_int8_t **out)
 {
 	*out = NULL;
 	return (0);
 }
--- a/sys/crypto/xform.h
+++ b/sys/crypto/xform.h
@ -1,4 +1,4 @@
-/*	$OpenBSD: xform.h,v 1.31 2021/07/08 09:22:30 bluhm Exp $	*/
+/*	$OpenBSD: xform.h,v 1.32 2021/10/22 12:30:53 bluhm Exp $	*/
 /*
 * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)
@ -107,6 +107,5 @@ extern const struct auth_hash auth_hash_gmac_aes_256;
 extern const struct auth_hash auth_hash_chacha20_poly1305;
 extern const struct comp_algo comp_algo_deflate;
 extern const struct comp_algo comp_algo_lzs;
 #endif /* _CRYPTO_XFORM_H_ */
--- a/sys/net/pfkeyv2.c
+++ b/sys/net/pfkeyv2.c
@ -1,4 +1,4 @@
-/* $OpenBSD: pfkeyv2.c,v 1.219 2021/07/20 16:32:28 bluhm Exp $ */
+/* $OpenBSD: pfkeyv2.c,v 1.220 2021/10/22 12:30:53 bluhm Exp $ */
 /*
 *	@(#)COPYRIGHT	1.1 (NRL) 17 January 1995
@ -118,8 +118,7 @@ static const struct sadb_alg aalgs[] = {
 };
 static const struct sadb_alg calgs[] = {
-	{ SADB_X_CALG_DEFLATE, 0, 0, 0},
+	{ SADB_X_CALG_DEFLATE, 0, 0, 0}
 	{ SADB_X_CALG_LZS, 0, 0, 0}
 };
 struct pool pkpcb_pool;
@ -2268,11 +2267,6 @@ pfkeyv2_acquire(struct ipsec_policy *ipo, union sockaddr_union *gw,
 				sadb_comb->sadb_comb_encrypt = SADB_X_CALG_DEFLATE;
 				sadb_comb->sadb_comb_encrypt_minbits = 0;
 				sadb_comb->sadb_comb_encrypt_maxbits = 0;
 			} else if (!strncasecmp(ipsec_def_comp, "lzs",
 			    sizeof("lzs"))) {
 				sadb_comb->sadb_comb_encrypt = SADB_X_CALG_LZS;
 				sadb_comb->sadb_comb_encrypt_minbits = 0;
 				sadb_comb->sadb_comb_encrypt_maxbits = 0;
 			}
 		}
--- a/sys/net/pfkeyv2.h
+++ b/sys/net/pfkeyv2.h
@ -1,4 +1,4 @@
-/* $OpenBSD: pfkeyv2.h,v 1.90 2021/07/14 22:39:26 tobhe Exp $ */
+/* $OpenBSD: pfkeyv2.h,v 1.91 2021/10/22 12:30:53 bluhm Exp $ */
 /*
 *	@(#)COPYRIGHT	1.1 (NRL) January 1998
 *
@ -351,8 +351,7 @@ struct sadb_x_mtu {
 #define SADB_X_CALG_NONE	0
 #define SADB_X_CALG_OUI		1
 #define SADB_X_CALG_DEFLATE	2
-#define SADB_X_CALG_LZS		3
+#define SADB_X_CALG_MAX		2
 #define SADB_X_CALG_MAX		3
 #define SADB_SAFLAGS_PFS		0x001	/* perfect forward secrecy */
 #define SADB_X_SAFLAGS_TUNNEL		0x004	/* Force tunneling */
--- a/sys/net/pfkeyv2_convert.c
+++ b/sys/net/pfkeyv2_convert.c
@ -1,4 +1,4 @@
-/*	$OpenBSD: pfkeyv2_convert.c,v 1.74 2021/07/27 17:13:03 mvs Exp $	*/
+/*	$OpenBSD: pfkeyv2_convert.c,v 1.75 2021/10/22 12:30:53 bluhm Exp $	*/
 /*
 * The author of this code is Angelos D. Keromytis (angelos@keromytis.org)
 *
@ -171,9 +171,6 @@ export_sa(void **p, struct tdb *tdb)
 		case CRYPTO_DEFLATE_COMP:
 			sadb_sa->sadb_sa_encrypt = SADB_X_CALG_DEFLATE;
 			break;
 		case CRYPTO_LZS_COMP:
 			sadb_sa->sadb_sa_encrypt = SADB_X_CALG_LZS;
 			break;
 		}
 	}
--- a/sys/netinet/ip_ipcomp.c
+++ b/sys/netinet/ip_ipcomp.c
@ -1,4 +1,4 @@
-/* $OpenBSD: ip_ipcomp.c,v 1.77 2021/10/21 22:59:07 tobhe Exp $ */
+/* $OpenBSD: ip_ipcomp.c,v 1.78 2021/10/22 12:30:53 bluhm Exp $ */
 /*
 * Copyright (c) 2001 Jean-Jacques Bernard-Gundol (jj@wabbitt.org)
@ -90,10 +90,6 @@ ipcomp_init(struct tdb *tdbp, const struct xformsw *xsp, struct ipsecinit *ii)
 	case SADB_X_CALG_DEFLATE:
 		tcomp = &comp_algo_deflate;
 		break;
 	case SADB_X_CALG_LZS:
 		tcomp = &comp_algo_lzs;
 		break;
 	default:
 		DPRINTF("unsupported compression algorithm %d specified",
 		    ii->ii_compalg);