mirror of
https://github.com/openbsd/src.git
synced 2025-01-03 06:45:37 -08:00
After deleting hifn(4) the only provider for the LZS compression
algorithm is gone. Reomve all LZS references from the tree. The v42bis in isakmpd also looks unsupported. OK mvs@ patrick@ sthen@
This commit is contained in:
parent
fd04fa5bfc
commit
7834797cf9
@ -1,4 +1,4 @@
|
||||
.\" $OpenBSD: sysctl.2,v 1.44 2021/05/18 05:26:26 claudio Exp $
|
||||
.\" $OpenBSD: sysctl.2,v 1.45 2021/10/22 12:30:53 bluhm Exp $
|
||||
.\"
|
||||
.\" Copyright (c) 1993
|
||||
.\" The Regents of the University of California. All rights reserved.
|
||||
@ -27,7 +27,7 @@
|
||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
.\" SUCH DAMAGE.
|
||||
.\"
|
||||
.Dd $Mdocdate: May 18 2021 $
|
||||
.Dd $Mdocdate: October 22 2021 $
|
||||
.Dt SYSCTL 2
|
||||
.Os
|
||||
.Sh NAME
|
||||
@ -1520,15 +1520,8 @@ The default value is 0.
|
||||
.It Li ip.ipsec-comp-alg Pq Va net.inet.ip.ipsec-comp-alg
|
||||
The compression algorithm to use with an IP Compression Association
|
||||
.Pq IPCA .
|
||||
Possible values are
|
||||
.Dq deflate
|
||||
and
|
||||
.Dq lzs .
|
||||
Note that lzs is only available with
|
||||
.Xr hifn 4 .
|
||||
See
|
||||
.Xr ipsecctl 8
|
||||
for more information.
|
||||
Currently the only possible value is
|
||||
.Dq deflate .
|
||||
.It Li ip.ipsec-enc-alg Pq Va net.inet.ip.ipsec-enc-alg
|
||||
This is the default encryption algorithm the kernel will instruct key
|
||||
management daemons to negotiate when establishing security
|
||||
|
@ -1,3 +1,2 @@
|
||||
ipcomp from 3ffe::1 to 3ffe::2 spi 0x1000:0x1001
|
||||
ipcomp from 3ffe::3 to 3ffe::4 spi 0x2000:0x2001 comp deflate
|
||||
ipcomp from 3ffe::5 to 3ffe::6 spi 0x3000:0x3001 comp lzs
|
||||
|
@ -2,5 +2,3 @@ ipcomp tunnel from 3ffe::1 to 3ffe::2 spi 0x00001000 comp deflate
|
||||
ipcomp tunnel from 3ffe::2 to 3ffe::1 spi 0x00001001 comp deflate
|
||||
ipcomp tunnel from 3ffe::3 to 3ffe::4 spi 0x00002000 comp deflate
|
||||
ipcomp tunnel from 3ffe::4 to 3ffe::3 spi 0x00002001 comp deflate
|
||||
ipcomp tunnel from 3ffe::5 to 3ffe::6 spi 0x00003000 comp lzs
|
||||
ipcomp tunnel from 3ffe::6 to 3ffe::5 spi 0x00003001 comp lzs
|
||||
|
@ -1,3 +1,2 @@
|
||||
ipcomp from 1.1.1.1 to 2.2.2.2 spi 0x1000:0x1001
|
||||
ipcomp from 3.3.3.3 to 4.4.4.4 spi 0x2000:0x2001 comp deflate
|
||||
ipcomp from 5.5.5.5 to 6.6.6.6 spi 0x3000:0x3001 comp lzs
|
||||
|
@ -2,5 +2,3 @@ ipcomp tunnel from 1.1.1.1 to 2.2.2.2 spi 0x00001000 comp deflate
|
||||
ipcomp tunnel from 2.2.2.2 to 1.1.1.1 spi 0x00001001 comp deflate
|
||||
ipcomp tunnel from 3.3.3.3 to 4.4.4.4 spi 0x00002000 comp deflate
|
||||
ipcomp tunnel from 4.4.4.4 to 3.3.3.3 spi 0x00002001 comp deflate
|
||||
ipcomp tunnel from 5.5.5.5 to 6.6.6.6 spi 0x00003000 comp lzs
|
||||
ipcomp tunnel from 6.6.6.6 to 5.5.5.5 spi 0x00003001 comp lzs
|
||||
|
@ -1,4 +1,4 @@
|
||||
.\" $OpenBSD: ipsec.conf.5,v 1.159 2020/02/16 11:28:28 kn Exp $
|
||||
.\" $OpenBSD: ipsec.conf.5,v 1.160 2021/10/22 12:30:54 bluhm Exp $
|
||||
.\"
|
||||
.\" Copyright (c) 2004 Mathieu Sauve-Frankel All rights reserved.
|
||||
.\"
|
||||
@ -22,7 +22,7 @@
|
||||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.Dd $Mdocdate: February 16 2020 $
|
||||
.Dd $Mdocdate: October 22 2021 $
|
||||
.Dt IPSEC.CONF 5
|
||||
.Os
|
||||
.Sh NAME
|
||||
@ -907,20 +907,6 @@ If no algorithm is specified,
|
||||
will choose
|
||||
.Ar hmac-sha2-256
|
||||
by default.
|
||||
.\".It Xo
|
||||
.\".Ic comp
|
||||
.\".Aq Ar algorithm
|
||||
.\".Xc
|
||||
.\"The compression algorithm to be used.
|
||||
.\"Possible algorithms are
|
||||
.\".Ar deflate
|
||||
.\"and
|
||||
.\".Ar lzs .
|
||||
.\"Note that
|
||||
.\".Ar lzs
|
||||
.\"is only available with
|
||||
.\".Xr hifn 4
|
||||
.\"because of the patent held by Hifn, Inc.
|
||||
.It Ic enc Ar algorithm
|
||||
For ESP
|
||||
an encryption algorithm can be specified.
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: ipsecctl.h,v 1.74 2020/02/07 13:01:34 bluhm Exp $ */
|
||||
/* $OpenBSD: ipsecctl.h,v 1.75 2021/10/22 12:30:54 bluhm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2004, 2005 Hans-Joerg Hoexer <hshoexer@openbsd.org>
|
||||
*
|
||||
@ -71,7 +71,7 @@ enum {
|
||||
ENCXF_BLOWFISH, ENCXF_CAST128, ENCXF_CHACHA20_POLY1305, ENCXF_NULL
|
||||
};
|
||||
enum {
|
||||
COMPXF_UNKNOWN, COMPXF_DEFLATE, COMPXF_LZS
|
||||
COMPXF_UNKNOWN, COMPXF_DEFLATE
|
||||
};
|
||||
enum {
|
||||
GROUPXF_UNKNOWN, GROUPXF_NONE, GROUPXF_1, GROUPXF_2, GROUPXF_5,
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: parse.y,v 1.180 2021/10/15 15:01:27 naddy Exp $ */
|
||||
/* $OpenBSD: parse.y,v 1.181 2021/10/22 12:30:54 bluhm Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2002, 2003, 2004 Henning Brauer <henning@openbsd.org>
|
||||
@ -129,7 +129,6 @@ const struct ipsec_xf encxfs[] = {
|
||||
const struct ipsec_xf compxfs[] = {
|
||||
{ "unknown", COMPXF_UNKNOWN, 0, 0 },
|
||||
{ "deflate", COMPXF_DEFLATE, 0, 0 },
|
||||
{ "lzs", COMPXF_LZS, 0, 0 },
|
||||
{ NULL, 0, 0, 0 },
|
||||
};
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: pfkdump.c,v 1.54 2021/07/14 22:39:26 tobhe Exp $ */
|
||||
/* $OpenBSD: pfkdump.c,v 1.55 2021/10/22 12:30:54 bluhm Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2003 Markus Friedl. All rights reserved.
|
||||
@ -184,7 +184,6 @@ struct idname comp_types[] = {
|
||||
{ SADB_X_CALG_NONE, "none", NULL },
|
||||
{ SADB_X_CALG_OUI, "oui", NULL },
|
||||
{ SADB_X_CALG_DEFLATE, "deflate", NULL },
|
||||
{ SADB_X_CALG_LZS, "lzs", NULL },
|
||||
{ 0, NULL, NULL }
|
||||
};
|
||||
|
||||
@ -756,9 +755,6 @@ pfkey_print_sa(struct sadb_msg *msg, int opts)
|
||||
case SADB_X_CALG_DEFLATE:
|
||||
xfs.compxf = &compxfs[COMPXF_DEFLATE];
|
||||
break;
|
||||
case SADB_X_CALG_LZS:
|
||||
xfs.compxf = &compxfs[COMPXF_LZS];
|
||||
break;
|
||||
}
|
||||
}
|
||||
} else if (r.satype == IPSEC_TCPMD5) {
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: pfkey.c,v 1.62 2020/02/07 13:01:34 bluhm Exp $ */
|
||||
/* $OpenBSD: pfkey.c,v 1.63 2021/10/22 12:30:54 bluhm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
|
||||
* Copyright (c) 2003, 2004 Markus Friedl <markus@openbsd.org>
|
||||
@ -527,9 +527,6 @@ pfkey_sa(int sd, u_int8_t satype, u_int8_t action, u_int32_t spi,
|
||||
case COMPXF_DEFLATE:
|
||||
sa.sadb_sa_encrypt = SADB_X_CALG_DEFLATE;
|
||||
break;
|
||||
case COMPXF_LZS:
|
||||
sa.sadb_sa_encrypt = SADB_X_CALG_LZS;
|
||||
break;
|
||||
default:
|
||||
warnx("unsupported compression algorithm %d",
|
||||
xfs->compxf->id);
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: ipsec.c,v 1.150 2018/01/15 09:54:48 mpi Exp $ */
|
||||
/* $OpenBSD: ipsec.c,v 1.151 2021/10/22 12:30:53 bluhm Exp $ */
|
||||
/* $EOM: ipsec.c,v 1.143 2000/12/11 23:57:42 niklas Exp $ */
|
||||
|
||||
/*
|
||||
@ -1019,7 +1019,7 @@ ipsec_validate_transform_id(u_int8_t proto, u_int8_t transform_id)
|
||||
transform_id > IPSEC_ESP_AES_TWOFISH ? -1 : 0;
|
||||
case IPSEC_PROTO_IPCOMP:
|
||||
return transform_id < IPSEC_IPCOMP_OUI ||
|
||||
transform_id > IPSEC_IPCOMP_V42BIS ? -1 : 0;
|
||||
transform_id > IPSEC_IPCOMP_DEFLATE ? -1 : 0;
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
# $OpenBSD: ipsec_num.cst,v 1.20 2017/10/27 08:29:32 mpi Exp $
|
||||
# $OpenBSD: ipsec_num.cst,v 1.21 2021/10/22 12:30:54 bluhm Exp $
|
||||
# $EOM: ipsec_num.cst,v 1.5 2000/10/13 17:56:52 angelos Exp $
|
||||
|
||||
#
|
||||
@ -257,8 +257,6 @@ IPSEC_ESP
|
||||
IPSEC_IPCOMP
|
||||
OUI 1
|
||||
DEFLATE 2
|
||||
LZS 3
|
||||
V42BIS 4
|
||||
.
|
||||
|
||||
# IPSEC notify message types.
|
||||
|
@ -1,4 +1,4 @@
|
||||
.\" $OpenBSD: isakmpd.policy.5,v 1.48 2016/01/11 09:52:03 jmc Exp $
|
||||
.\" $OpenBSD: isakmpd.policy.5,v 1.49 2021/10/22 12:30:54 bluhm Exp $
|
||||
.\" $EOM: isakmpd.policy.5,v 1.24 2000/11/23 12:55:25 niklas Exp $
|
||||
.\"
|
||||
.\" Copyright (c) 1999-2001, Angelos D. Keromytis. All rights reserved.
|
||||
@ -26,7 +26,7 @@
|
||||
.\"
|
||||
.\" Manual page, using -mandoc macros
|
||||
.\"
|
||||
.Dd $Mdocdate: January 11 2016 $
|
||||
.Dd $Mdocdate: October 22 2021 $
|
||||
.Dt ISAKMPD.POLICY 5
|
||||
.Os
|
||||
.Sh NAME
|
||||
@ -356,10 +356,8 @@ Always set to
|
||||
.It comp_alg
|
||||
One of
|
||||
.Va oui ,
|
||||
.Va deflate ,
|
||||
.Va lzs ,
|
||||
or
|
||||
.Va v42bis ,
|
||||
.Va deflate ,
|
||||
based on the compression algorithm specified in the compression
|
||||
proposal.
|
||||
.It comp_dict_size
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: pf_key_v2.c,v 1.201 2019/11/29 22:06:19 tobhe Exp $ */
|
||||
/* $OpenBSD: pf_key_v2.c,v 1.202 2021/10/22 12:30:54 bluhm Exp $ */
|
||||
/* $EOM: pf_key_v2.c,v 1.79 2000/12/12 00:33:19 niklas Exp $ */
|
||||
|
||||
/*
|
||||
@ -1032,10 +1032,6 @@ pf_key_v2_set_spi(struct sa *sa, struct proto *proto, int incoming,
|
||||
ssa.sadb_sa_encrypt = SADB_X_CALG_DEFLATE;
|
||||
break;
|
||||
|
||||
case IPSEC_IPCOMP_LZS:
|
||||
ssa.sadb_sa_encrypt = SADB_X_CALG_LZS;
|
||||
break;
|
||||
|
||||
default:
|
||||
break;
|
||||
}
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: policy.c,v 1.101 2019/07/03 03:24:02 deraadt Exp $ */
|
||||
/* $OpenBSD: policy.c,v 1.102 2021/10/22 12:30:54 bluhm Exp $ */
|
||||
/* $EOM: policy.c,v 1.49 2000/10/24 13:33:39 niklas Exp $ */
|
||||
|
||||
/*
|
||||
@ -346,14 +346,6 @@ policy_callback(char *name)
|
||||
case IPSEC_IPCOMP_DEFLATE:
|
||||
comp_alg = "deflate";
|
||||
break;
|
||||
|
||||
case IPSEC_IPCOMP_LZS:
|
||||
comp_alg = "lzs";
|
||||
break;
|
||||
|
||||
case IPSEC_IPCOMP_V42BIS:
|
||||
comp_alg = "v42bis";
|
||||
break;
|
||||
}
|
||||
|
||||
break;
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: cryptodev.h,v 1.78 2021/10/21 23:03:48 tobhe Exp $ */
|
||||
/* $OpenBSD: cryptodev.h,v 1.79 2021/10/22 12:30:53 bluhm Exp $ */
|
||||
|
||||
/*
|
||||
* The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)
|
||||
@ -91,7 +91,6 @@
|
||||
#define CRYPTO_AES_CBC 7 /* 128 bit blocksize -- the same as above */
|
||||
#define CRYPTO_DEFLATE_COMP 8 /* Deflate compression algorithm */
|
||||
#define CRYPTO_NULL 9
|
||||
#define CRYPTO_LZS_COMP 10 /* LZS compression algorithm */
|
||||
#define CRYPTO_SHA2_256_HMAC 11
|
||||
#define CRYPTO_SHA2_384_HMAC 12
|
||||
#define CRYPTO_SHA2_512_HMAC 13
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: xform.c,v 1.60 2021/07/08 09:22:30 bluhm Exp $ */
|
||||
/* $OpenBSD: xform.c,v 1.61 2021/10/22 12:30:53 bluhm Exp $ */
|
||||
/*
|
||||
* The authors of this code are John Ioannidis (ji@tla.org),
|
||||
* Angelos D. Keromytis (kermit@csd.uch.gr),
|
||||
@ -106,7 +106,6 @@ int SHA512Update_int(void *, const u_int8_t *, u_int16_t);
|
||||
|
||||
u_int32_t deflate_compress(u_int8_t *, u_int32_t, u_int8_t **);
|
||||
u_int32_t deflate_decompress(u_int8_t *, u_int32_t, u_int8_t **);
|
||||
u_int32_t lzs_dummy(u_int8_t *, u_int32_t, u_int8_t **);
|
||||
|
||||
struct aes_ctr_ctx {
|
||||
AES_CTX ac_key;
|
||||
@ -306,12 +305,6 @@ const struct comp_algo comp_algo_deflate = {
|
||||
deflate_decompress
|
||||
};
|
||||
|
||||
const struct comp_algo comp_algo_lzs = {
|
||||
CRYPTO_LZS_COMP, "LZS",
|
||||
90, lzs_dummy,
|
||||
lzs_dummy
|
||||
};
|
||||
|
||||
/*
|
||||
* Encryption wrapper routines.
|
||||
*/
|
||||
@ -618,10 +611,3 @@ deflate_decompress(u_int8_t *data, u_int32_t size, u_int8_t **out)
|
||||
{
|
||||
return deflate_global(data, size, 1, out);
|
||||
}
|
||||
|
||||
u_int32_t
|
||||
lzs_dummy(u_int8_t *data, u_int32_t size, u_int8_t **out)
|
||||
{
|
||||
*out = NULL;
|
||||
return (0);
|
||||
}
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: xform.h,v 1.31 2021/07/08 09:22:30 bluhm Exp $ */
|
||||
/* $OpenBSD: xform.h,v 1.32 2021/10/22 12:30:53 bluhm Exp $ */
|
||||
|
||||
/*
|
||||
* The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)
|
||||
@ -107,6 +107,5 @@ extern const struct auth_hash auth_hash_gmac_aes_256;
|
||||
extern const struct auth_hash auth_hash_chacha20_poly1305;
|
||||
|
||||
extern const struct comp_algo comp_algo_deflate;
|
||||
extern const struct comp_algo comp_algo_lzs;
|
||||
|
||||
#endif /* _CRYPTO_XFORM_H_ */
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: pfkeyv2.c,v 1.219 2021/07/20 16:32:28 bluhm Exp $ */
|
||||
/* $OpenBSD: pfkeyv2.c,v 1.220 2021/10/22 12:30:53 bluhm Exp $ */
|
||||
|
||||
/*
|
||||
* @(#)COPYRIGHT 1.1 (NRL) 17 January 1995
|
||||
@ -118,8 +118,7 @@ static const struct sadb_alg aalgs[] = {
|
||||
};
|
||||
|
||||
static const struct sadb_alg calgs[] = {
|
||||
{ SADB_X_CALG_DEFLATE, 0, 0, 0},
|
||||
{ SADB_X_CALG_LZS, 0, 0, 0}
|
||||
{ SADB_X_CALG_DEFLATE, 0, 0, 0}
|
||||
};
|
||||
|
||||
struct pool pkpcb_pool;
|
||||
@ -2268,11 +2267,6 @@ pfkeyv2_acquire(struct ipsec_policy *ipo, union sockaddr_union *gw,
|
||||
sadb_comb->sadb_comb_encrypt = SADB_X_CALG_DEFLATE;
|
||||
sadb_comb->sadb_comb_encrypt_minbits = 0;
|
||||
sadb_comb->sadb_comb_encrypt_maxbits = 0;
|
||||
} else if (!strncasecmp(ipsec_def_comp, "lzs",
|
||||
sizeof("lzs"))) {
|
||||
sadb_comb->sadb_comb_encrypt = SADB_X_CALG_LZS;
|
||||
sadb_comb->sadb_comb_encrypt_minbits = 0;
|
||||
sadb_comb->sadb_comb_encrypt_maxbits = 0;
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: pfkeyv2.h,v 1.90 2021/07/14 22:39:26 tobhe Exp $ */
|
||||
/* $OpenBSD: pfkeyv2.h,v 1.91 2021/10/22 12:30:53 bluhm Exp $ */
|
||||
/*
|
||||
* @(#)COPYRIGHT 1.1 (NRL) January 1998
|
||||
*
|
||||
@ -351,8 +351,7 @@ struct sadb_x_mtu {
|
||||
#define SADB_X_CALG_NONE 0
|
||||
#define SADB_X_CALG_OUI 1
|
||||
#define SADB_X_CALG_DEFLATE 2
|
||||
#define SADB_X_CALG_LZS 3
|
||||
#define SADB_X_CALG_MAX 3
|
||||
#define SADB_X_CALG_MAX 2
|
||||
|
||||
#define SADB_SAFLAGS_PFS 0x001 /* perfect forward secrecy */
|
||||
#define SADB_X_SAFLAGS_TUNNEL 0x004 /* Force tunneling */
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: pfkeyv2_convert.c,v 1.74 2021/07/27 17:13:03 mvs Exp $ */
|
||||
/* $OpenBSD: pfkeyv2_convert.c,v 1.75 2021/10/22 12:30:53 bluhm Exp $ */
|
||||
/*
|
||||
* The author of this code is Angelos D. Keromytis (angelos@keromytis.org)
|
||||
*
|
||||
@ -171,9 +171,6 @@ export_sa(void **p, struct tdb *tdb)
|
||||
case CRYPTO_DEFLATE_COMP:
|
||||
sadb_sa->sadb_sa_encrypt = SADB_X_CALG_DEFLATE;
|
||||
break;
|
||||
case CRYPTO_LZS_COMP:
|
||||
sadb_sa->sadb_sa_encrypt = SADB_X_CALG_LZS;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: ip_ipcomp.c,v 1.77 2021/10/21 22:59:07 tobhe Exp $ */
|
||||
/* $OpenBSD: ip_ipcomp.c,v 1.78 2021/10/22 12:30:53 bluhm Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2001 Jean-Jacques Bernard-Gundol (jj@wabbitt.org)
|
||||
@ -90,10 +90,6 @@ ipcomp_init(struct tdb *tdbp, const struct xformsw *xsp, struct ipsecinit *ii)
|
||||
case SADB_X_CALG_DEFLATE:
|
||||
tcomp = &comp_algo_deflate;
|
||||
break;
|
||||
case SADB_X_CALG_LZS:
|
||||
tcomp = &comp_algo_lzs;
|
||||
break;
|
||||
|
||||
default:
|
||||
DPRINTF("unsupported compression algorithm %d specified",
|
||||
ii->ii_compalg);
|
||||
|
Loading…
Reference in New Issue
Block a user