security/racoon/patches/patch-ae


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37

$NetBSD: patch-ae,v 1.1 2000/08/04 00:25:06 thorpej Exp $
--- cfparse.y.orig	Thu Aug  3 16:14:39 2000
+++ cfparse.y	Thu Aug  3 16:19:14 2000
@@ -1107,6 +1107,7 @@
 	|	ALGORITHM_CLASS ALGORITHMTYPE keylength EOS
 		{
 			int doi;
+			int defklen;
 
 			doi = algtype2doi($1, $2);
 			if (doi == -1) {
@@ -1116,9 +1117,22 @@
 			switch ($1) {
 			case algclass_isakmp_enc:
 				prhead->spspec->algclass[algclass_isakmp_enc] = doi;
-				if (check_keylen($1, $2, $3) == -1)
-					return -1;
-				prhead->spspec->encklen = $3;
+				defklen = default_keylen($1, $2);
+				if (defklen == 0) {
+					if ($3) {
+						yyerror("keylen not allowed");
+						return -1;
+					}
+				} else {
+					if ($3 && check_keylen($1, $2, $3) < 0) {
+						yyerror("invalid keylen %d", $3);
+						return -1;
+					}
+				}
+				if ($3)
+					prhead->spspec->encklen = $3;
+				else
+					prhead->spspec->encklen = defklen;
 				break;
 			case algclass_isakmp_hash:
 				prhead->spspec->algclass[algclass_isakmp_hash] = doi;