summaryrefslogtreecommitdiff
path: root/proto/babel/config.Y
diff options
context:
space:
mode:
Diffstat (limited to 'proto/babel/config.Y')
-rw-r--r--proto/babel/config.Y22
1 files changed, 10 insertions, 12 deletions
diff --git a/proto/babel/config.Y b/proto/babel/config.Y
index 5e0710b5..05210fa4 100644
--- a/proto/babel/config.Y
+++ b/proto/babel/config.Y
@@ -103,26 +103,24 @@ babel_iface_finish:
{
struct password_item *pass;
uint len = 0, i = 0;
+
WALK_LIST(pass, *BABEL_IFACE->passwords)
{
/* Set default crypto algorithm (HMAC-SHA256) */
if (!pass->alg)
pass->alg = ALG_HMAC_SHA256;
- if (pass->alg & ALG_HMAC) {
- if (pass->length < mac_type_length(pass->alg) ||
- pass->length > mac_type_block_size(pass->alg))
- cf_error("key length %d is not between output size %d and block size %d for algorithm %s",
- pass->length, mac_type_length(pass->alg),
- mac_type_block_size(pass->alg), mac_type_name(pass->alg));
- } else if (!(pass->alg == ALG_BLAKE2S_128 || pass->alg == ALG_BLAKE2S_256 ||
- pass->alg == ALG_BLAKE2B_256 || pass->alg == ALG_BLAKE2B_512)) {
- cf_error("Only HMAC and Blake algorithms are supported");
- }
+ if (!((pass->alg & ALG_HMAC) ||
+ (pass->alg == ALG_BLAKE2S_128) ||
+ (pass->alg == ALG_BLAKE2S_256) ||
+ (pass->alg == ALG_BLAKE2B_256) ||
+ (pass->alg == ALG_BLAKE2B_512)))
+ cf_error("Only HMAC and Blake2 algorithms are supported");
len += mac_type_length(pass->alg);
i++;
}
+
BABEL_IFACE->mac_num_keys = i;
BABEL_IFACE->mac_total_len = len;
}
@@ -146,9 +144,9 @@ babel_iface_item:
| NEXT HOP IPV4 ipa { BABEL_IFACE->next_hop_ip4 = $4; if (!ipa_is_ip4($4)) cf_error("Must be an IPv4 address"); }
| NEXT HOP IPV6 ipa { BABEL_IFACE->next_hop_ip6 = $4; if (!ipa_is_ip6($4)) cf_error("Must be an IPv6 address"); }
| AUTHENTICATION NONE { BABEL_IFACE->auth_type = BABEL_AUTH_NONE; }
- | AUTHENTICATION MAC { BABEL_IFACE->auth_type = BABEL_AUTH_MAC; }
+ | AUTHENTICATION MAC { BABEL_IFACE->auth_type = BABEL_AUTH_MAC; BABEL_IFACE->auth_permissive = 0; }
| AUTHENTICATION MAC PERMISSIVE { BABEL_IFACE->auth_type = BABEL_AUTH_MAC; BABEL_IFACE->auth_permissive = 1; }
- | password_list { }
+ | password_list
;
babel_iface_opts:
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-23 08:39:10 +0000