From 8b205f5e0a3ecc2159b2047b72b636fd5b51e9b8 Mon Sep 17 00:00:00 2001
From: Hajimu UMEMOTO <ume@FreeBSD.org>
Date: Thu, 13 May 2004 15:46:28 +0000
Subject: [PATCH] check if the null encryption is supported or not.

Requested by:	bms
Obtained from:	KAME
---
 sbin/setkey/parse.y     | 12 +++++++++++-
 usr.sbin/setkey/parse.y | 12 +++++++++++-
 2 files changed, 22 insertions(+), 2 deletions(-)

diff --git a/sbin/setkey/parse.y b/sbin/setkey/parse.y
index 0693a9642142..d6bb8c4fbd13 100644
--- a/sbin/setkey/parse.y
+++ b/sbin/setkey/parse.y
@@ -1,5 +1,5 @@
 /*	$FreeBSD$	*/
-/*	$KAME: parse.y,v 1.81 2003/07/01 04:01:48 itojun Exp $	*/
+/*	$KAME: parse.y,v 1.82 2004/04/15 08:03:57 sakane Exp $	*/
 
 /*
  * Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
@@ -323,6 +323,11 @@ enc_alg
 
 			p_key_enc_len = 0;
 			p_key_enc = NULL;
+			if (ipsec_check_keylen(SADB_EXT_SUPPORTED_ENCRYPT,
+			    p_alg_enc, PFKEY_UNUNIT64(p_key_enc_len)) < 0) {
+				yyerror(ipsec_strerror());
+				return -1;
+			}
 		}
 	|	ALG_ENC key_string {
 			if ($1 < 0) {
@@ -349,6 +354,11 @@ enc_alg
 
 			p_key_enc_len = 0;
 			p_key_enc = NULL;
+			if (ipsec_check_keylen(SADB_EXT_SUPPORTED_ENCRYPT,
+			    p_alg_enc, PFKEY_UNUNIT64(p_key_enc_len)) < 0) {
+				yyerror(ipsec_strerror());
+				return -1;
+			}
 		}
 	|	ALG_ENC_DESDERIV key_string
 		{
diff --git a/usr.sbin/setkey/parse.y b/usr.sbin/setkey/parse.y
index 0693a9642142..d6bb8c4fbd13 100644
--- a/usr.sbin/setkey/parse.y
+++ b/usr.sbin/setkey/parse.y
@@ -1,5 +1,5 @@
 /*	$FreeBSD$	*/
-/*	$KAME: parse.y,v 1.81 2003/07/01 04:01:48 itojun Exp $	*/
+/*	$KAME: parse.y,v 1.82 2004/04/15 08:03:57 sakane Exp $	*/
 
 /*
  * Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
@@ -323,6 +323,11 @@ enc_alg
 
 			p_key_enc_len = 0;
 			p_key_enc = NULL;
+			if (ipsec_check_keylen(SADB_EXT_SUPPORTED_ENCRYPT,
+			    p_alg_enc, PFKEY_UNUNIT64(p_key_enc_len)) < 0) {
+				yyerror(ipsec_strerror());
+				return -1;
+			}
 		}
 	|	ALG_ENC key_string {
 			if ($1 < 0) {
@@ -349,6 +354,11 @@ enc_alg
 
 			p_key_enc_len = 0;
 			p_key_enc = NULL;
+			if (ipsec_check_keylen(SADB_EXT_SUPPORTED_ENCRYPT,
+			    p_alg_enc, PFKEY_UNUNIT64(p_key_enc_len)) < 0) {
+				yyerror(ipsec_strerror());
+				return -1;
+			}
 		}
 	|	ALG_ENC_DESDERIV key_string
 		{