From e439e07721fe1b7ce6b76555539f14337adac972 Mon Sep 17 00:00:00 2001
From: ume <ume@FreeBSD.org>
Date: Thu, 13 May 2004 15:46:28 +0000
Subject: check if the null encryption is supported or not.

Requested by:	bms
Obtained from:	KAME
---
 usr.sbin/setkey/parse.y | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

(limited to 'usr.sbin/setkey/parse.y')

diff --git a/usr.sbin/setkey/parse.y b/usr.sbin/setkey/parse.y
index 0693a96..d6bb8c4 100644
--- a/usr.sbin/setkey/parse.y
+++ b/usr.sbin/setkey/parse.y
@@ -1,5 +1,5 @@
 /*	$FreeBSD$	*/
-/*	$KAME: parse.y,v 1.81 2003/07/01 04:01:48 itojun Exp $	*/
+/*	$KAME: parse.y,v 1.82 2004/04/15 08:03:57 sakane Exp $	*/
 
 /*
  * Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
@@ -323,6 +323,11 @@ enc_alg
 
 			p_key_enc_len = 0;
 			p_key_enc = NULL;
+			if (ipsec_check_keylen(SADB_EXT_SUPPORTED_ENCRYPT,
+			    p_alg_enc, PFKEY_UNUNIT64(p_key_enc_len)) < 0) {
+				yyerror(ipsec_strerror());
+				return -1;
+			}
 		}
 	|	ALG_ENC key_string {
 			if ($1 < 0) {
@@ -349,6 +354,11 @@ enc_alg
 
 			p_key_enc_len = 0;
 			p_key_enc = NULL;
+			if (ipsec_check_keylen(SADB_EXT_SUPPORTED_ENCRYPT,
+			    p_alg_enc, PFKEY_UNUNIT64(p_key_enc_len)) < 0) {
+				yyerror(ipsec_strerror());
+				return -1;
+			}
 		}
 	|	ALG_ENC_DESDERIV key_string
 		{
-- 
cgit v1.1