(ipsec) cleanup unused ciphers, add null cipher for testing purposes, fix some...

(ipsec) cleanup unused ciphers, add null cipher for testing purposes, fix some php warnings on empty arrays (cherry picked from commit feae22dd)

(ipsec) cleanup unused ciphers, add null cipher for testing purposes, fix some...
(ipsec) cleanup unused ciphers, add null cipher for testing purposes, fix some php warnings on empty arrays (cherry picked from commit feae22dd)
f5596d78 · Ad Schellevis · Franco Fichtner · d79decd0 · f5596d78 · f5596d78
Commit f5596d78 authored May 13, 2016 by Ad Schellevis Committed by Franco Fichtner May 24, 2016
Hide whitespace changes
Inline Side-by-side

Showing with 12 additions and 10 deletions

ipsec.inc src/etc/inc/ipsec.inc +3 -8

vpn_ipsec.php src/www/vpn_ipsec.php +3 -1

vpn_ipsec_phase2.php src/www/vpn_ipsec_phase2.php +6 -1

No files found.
--- a/src/etc/inc/ipsec.inc
+++ b/src/etc/inc/ipsec.inc
@@ -39,9 +39,6 @@ $ipsec_loglevels = array("dmn" => "Daemon", "mgr" => "SA Manager", "ike" => "IKE

 $p1_ealgos = array(
    'aes' => array( 'name' => 'AES', 'keysel' => array( 'lo' => 128, 'hi' => 256, 'step' => 64 ) ),
-    'aes128gcm' => array( 'name' => 'AES128-GCM', 'keysel' => array( 'lo' => 64, 'hi' => 128, 'step' => 32 ) ),
-    'aes192gcm' => array( 'name' => 'AES192-GCM', 'keysel' => array( 'lo' => 64, 'hi' => 128, 'step' => 32 ) ),
-    'aes256gcm' => array( 'name' => 'AES256-GCM', 'keysel' => array( 'lo' => 64, 'hi' => 128, 'step' => 32 ) ),
    'blowfish' => array( 'name' => 'Blowfish', 'keysel' => array( 'lo' => 128, 'hi' => 256, 'step' => 64 ) ),
    '3des' => array( 'name' => '3DES' ),
    'cast128' => array( 'name' => 'CAST128' ),
@@ -50,13 +47,11 @@ $p1_ealgos = array(

 $p2_ealgos = array(
    'aes' => array( 'name' => 'AES', 'keysel' => array( 'lo' => 128, 'hi' => 256, 'step' => 64 ) ),
-    'aes128gcm' => array( 'name' => 'AES128-GCM', 'keysel' => array( 'lo' => 64, 'hi' => 128, 'step' => 32 ) ),
-    'aes192gcm' => array( 'name' => 'AES192-GCM', 'keysel' => array( 'lo' => 64, 'hi' => 128, 'step' => 32 ) ),
-    'aes256gcm' => array( 'name' => 'AES256-GCM', 'keysel' => array( 'lo' => 64, 'hi' => 128, 'step' => 32 ) ),
    'blowfish' => array( 'name' => 'Blowfish', 'keysel' => array( 'lo' => 128, 'hi' => 256, 'step' => 64 ) ),
    '3des' => array( 'name' => '3DES' ),
    'cast128' => array( 'name' => 'CAST128' ),
-    'des' => array( 'name' => 'DES' )
+    'des' => array( 'name' => 'DES' ),
+    'null' => array( 'name' => gettext("NULL (no encryption)"))
 );

 $p2_halgos = array(
@@ -1200,7 +1195,7 @@ EOD;
                            $tmpconf .= "\tesp = " . join(',', $ealgoESPsp2arr[$idx]) . "!\n";
                        }
                        if (!empty($ealgoAHsp2arr[$idx])) {
-                            $connEntry .= "\tah = " . join(',', $ealgoAHsp2arr[$idx]) . "!\n";
+                            $tmpconf .= "\tah = " . join(',', $ealgoAHsp2arr[$idx]) . "!\n";
                        }
                        $ipsecconf .= $tmpconf;
                    }

--- a/src/www/vpn_ipsec.php
+++ b/src/www/vpn_ipsec.php
@@ -536,6 +536,7 @@ $( document ).ready(function() {
                                endif;?>
                                <td class="hidden-xs">
 <?php
+                                if (!empty($ph2ent['encryption-algorithm-option'])) {
                                  foreach ($ph2ent['encryption-algorithm-option'] as $k => $ph2ea) {
                                      if ($k > 0) {
                                          echo ", ";
@@ -548,7 +549,8 @@ $( document ).ready(function() {
                                              echo " ({$ph2ea['keylen']} " . gettext("bits") . ")";
                                          }
                                      }
-                                  }?>
+                                  }
+                                }?>
                                </td>
                                <td class="hidden-xs">
 <?php

--- a/src/www/vpn_ipsec_phase2.php
+++ b/src/www/vpn_ipsec_phase2.php
@@ -189,7 +189,12 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
        }
        idinfo_to_pconfig("local", $config['ipsec']['phase2'][$p2index]['localid'], $pconfig);
        idinfo_to_pconfig("remote", $config['ipsec']['phase2'][$p2index]['remoteid'], $pconfig);
-        ealgos_to_pconfig($config['ipsec']['phase2'][$p2index]['encryption-algorithm-option'], $pconfig);
+        if (!empty($config['ipsec']['phase2'][$p2index]['encryption-algorithm-option'])) {
+            ealgos_to_pconfig($config['ipsec']['phase2'][$p2index]['encryption-algorithm-option'], $pconfig);
+        } else {
+            $pconfig['ealgos'] = array();
+        }
+
        if (isset($config['ipsec']['phase2'][$p2index]['mobile'])) {
            $pconfig['mobile'] = true;
        }