Remove support for IPsec algorithms deprecated in r348205 and r360202.

Examples of depecrated algorithms in manual pages and sample configs
are updated where relevant.  I removed the one example of combining
ESP and AH (vs using a cipher and auth in ESP) as RFC 8221 says this
combination is NOT RECOMMENDED.

Specifically, this removes support for the following ciphers:
- des-cbc
- 3des-cbc
- blowfish-cbc
- cast128-cbc
- des-deriv
- des-32iv
- camellia-cbc

This also removes support for the following authentication algorithms:
- hmac-md5
- keyed-md5
- keyed-sha1
- hmac-ripemd160

Reviewed by:	cem, gnn (older verisons)
Relnotes:	yes
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D24342

11 files changed, 53 insertions, 202 deletions

diff --git a/lib/libipsec/pfkey_dump.c b/lib/libipsec/pfkey_dump.c
index e3ea7639d5c4..a002bc459038 100644
--- a/lib/libipsec/pfkey_dump.c
+++ b/lib/libipsec/pfkey_dump.c
@@ -57,22 +57,10 @@ __FBSDID("$FreeBSD$");
 #include "libpfkey.h"
 
 /* cope with old kame headers - ugly */
-#ifndef SADB_X_AALG_MD5
-#define SADB_X_AALG_MD5		SADB_AALG_MD5	
-#endif
-#ifndef SADB_X_AALG_SHA
-#define SADB_X_AALG_SHA		SADB_AALG_SHA
-#endif
 #ifndef SADB_X_AALG_NULL
 #define SADB_X_AALG_NULL	SADB_AALG_NULL
 #endif
 
-#ifndef SADB_X_EALG_BLOWFISHCBC
-#define SADB_X_EALG_BLOWFISHCBC	SADB_EALG_BLOWFISHCBC
-#endif
-#ifndef SADB_X_EALG_CAST128CBC
-#define SADB_X_EALG_CAST128CBC	SADB_EALG_CAST128CBC
-#endif
 #ifndef SADB_X_EALG_RC5CBC
 #ifdef SADB_EALG_RC5CBC
 #define SADB_X_EALG_RC5CBC	SADB_EALG_RC5CBC
@@ -147,10 +135,7 @@ static char *str_state[] = {
 
 static struct val2str str_alg_auth[] = {
 	{ SADB_AALG_NONE, "none", },
-	{ SADB_AALG_MD5HMAC, "hmac-md5", },
 	{ SADB_AALG_SHA1HMAC, "hmac-sha1", },
-	{ SADB_X_AALG_MD5, "md5", },
-	{ SADB_X_AALG_SHA, "sha", },
 	{ SADB_X_AALG_NULL, "null", },
 	{ SADB_X_AALG_TCP_MD5, "tcp-md5", },
 #ifdef SADB_X_AALG_SHA2_256
@@ -162,9 +147,6 @@ static struct val2str str_alg_auth[] = {
 #ifdef SADB_X_AALG_SHA2_512
 	{ SADB_X_AALG_SHA2_512, "hmac-sha2-512", },
 #endif
-#ifdef SADB_X_AALG_RIPEMD160HMAC
-	{ SADB_X_AALG_RIPEMD160HMAC, "hmac-ripemd160", },
-#endif
 #ifdef SADB_X_AALG_AES_XCBC_MAC
 	{ SADB_X_AALG_AES_XCBC_MAC, "aes-xcbc-mac", },
 #endif
@@ -173,14 +155,10 @@ static struct val2str str_alg_auth[] = {
 
 static struct val2str str_alg_enc[] = {
 	{ SADB_EALG_NONE, "none", },
-	{ SADB_EALG_DESCBC, "des-cbc", },
-	{ SADB_EALG_3DESCBC, "3des-cbc", },
 	{ SADB_EALG_NULL, "null", },
 #ifdef SADB_X_EALG_RC5CBC
 	{ SADB_X_EALG_RC5CBC, "rc5-cbc", },
 #endif
-	{ SADB_X_EALG_CAST128CBC, "cast128-cbc", },
-	{ SADB_X_EALG_BLOWFISHCBC, "blowfish-cbc", },
 #ifdef SADB_X_EALG_RIJNDAELCBC
 	{ SADB_X_EALG_RIJNDAELCBC, "rijndael-cbc", },
 #endif
@@ -193,9 +171,6 @@ static struct val2str str_alg_enc[] = {
 #ifdef SADB_X_EALG_AESGCM16
 	{ SADB_X_EALG_AESGCM16, "aes-gcm-16", },
 #endif
-#ifdef SADB_X_EALG_CAMELLIACBC
-	{ SADB_X_EALG_CAMELLIACBC, "camellia-cbc", },
-#endif
 	{ -1, NULL, },
 };
 
diff --git a/sbin/setkey/sample.cf b/sbin/setkey/sample.cf
index c534fa10f1c4..2a3485cdcd14 100644
--- a/sbin/setkey/sample.cf
+++ b/sbin/setkey/sample.cf
@@ -34,9 +34,9 @@
 # parameters when you configure by manual keying.
 
 # ESP transport mode is recommended for TCP port number 110 between
-# Host-A and Host-B. Encryption algorithm is blowfish-cbc whose key
-# is "kamekame", and authentication algorithm is hmac-sha1 whose key
-# is "this is the test key".
+# Host-A and Host-B. Encryption algorithm is aes-cbc whose key
+# is "kamekamekamekamekamekamekamekame", and authentication algorithm is
+# hmac-sha2-512 whose key is "this is the test key".
 #
 #       ============ ESP ============
 #       |                           |
@@ -50,17 +50,17 @@ spdadd fec0::11[110] fec0::10[any] tcp -P in ipsec
 	esp/transport//use ;
 add fec0::10 fec0::11 esp 0x10001
 	-m transport
-	-E blowfish-cbc "kamekame"
-	-A hmac-sha1 "this is the test key" ;
+	-E aes-cbc "kamekamekamekamekamekamekamekame"
+	-A hmac-sha2-512 "this is the test key" ;
 add fec0::11 fec0::10 esp 0x10002
 	-m transport
-	-E blowfish-cbc "kamekame"
-	-A hmac-sha1 "this is the test key" ;
+	-E aes-cbc "kamekamekamekamekamekamekamekame"
+	-A hmac-sha2-512 "this is the test key" ;
 
 # "[any]" is wildcard of port number.  Note that "[0]" is the number of
 # zero in port number.
 
-# Security protocol is old AH tunnel mode, i.e. RFC1826, with keyed-md5
+# Security protocol is old AH tunnel mode, i.e. RFC1826, with hmac-sha2-256
 # whose key is "this is the test" as authentication algorithm.
 # That protocol takes place between Gateway-A and Gateway-B.
 #
@@ -76,10 +76,10 @@ spdadd 10.0.2.0/24 10.0.1.0/24 any -P in ipsec
 	ah/tunnel/172.16.0.2-172.16.0.1/require ;
 add 172.16.0.1 172.16.0.2 ah-old 0x10003
 	-m any
-	-A keyed-md5 "this is the test" ;
+	-A hmac-sha2-256 "this is the test" ;
 add 172.16.0.2 172.16.0.1 ah-old 0x10004
 	-m any
-	-A keyed-md5 "this is the test" ;
+	-A hmac-sha2-256 "this is the test" ;
 
 # If port number field is omitted such above then "[any]" is employed.
 # -m specifies the mode of SA to be used.  "-m any" means wildcard of
@@ -93,15 +93,15 @@ spdadd 10.0.1.0/24 10.0.2.0/24 any -P in ipsec
 	ah/tunnel/172.16.0.1-172.16.0.2/require ;
 add 172.16.0.1 172.16.0.2 ah-old 0x10003
 	-m tunnel
-	-A keyed-md5 "this is the test" ;
+	-A hmac-sha2-256 "this is the test" ;
 add 172.16.0.2 172.16.0.1 ah-old 0x10004
 	-m tunnel
-	-A keyed-md5 "this is the test" ;
+	-A hmac-sha2-256 "this is the test" ;
 
 # AH transport mode followed by ESP tunnel mode is required between
 # Gateway-A and Gateway-B.
-# Encryption algorithm is 3des-cbc, and authentication algorithm for ESP
-# is hmac-sha1.  Authentication algorithm for AH is hmac-md5.
+# Encryption algorithm is aes-cbc, and authentication algorithm for ESP
+# is hmac-sha2-512.  Authentication algorithm for AH is hmac-sha2-256.
 #
 #                           ========== AH =========
 #                           |  ======= ESP =====  |
@@ -118,25 +118,25 @@ spdadd fec0:0:0:2::/64 fec0:0:0:1::/64 any -P in ipsec
 	ah/transport//require ;
 add fec0:0:0:1::1 fec0:0:0:2::1 esp 0x10001
 	-m tunnel
-	-E 3des-cbc "kamekame12341234kame1234"
-	-A hmac-sha1 "this is the test key" ;
+	-E aes-cbc "kamekame12341234kamekame12341234"
+	-A hmac-sha2-512 "this is the test key" ;
 add fec0:0:0:1::1 fec0:0:0:2::1 ah 0x10001
 	-m transport
-	-A hmac-md5 "this is the test" ;
+	-A hmac-sha2-256 "this is the test" ;
 add fec0:0:0:2::1 fec0:0:0:1::1 esp 0x10001
 	-m tunnel
-	-E 3des-cbc "kamekame12341234kame1234"
-	-A hmac-sha1 "this is the test key" ;
+	-E aes-cbc "kamekame12341234kamekame12341234"
+	-A hmac-sha2-512 "this is the test key" ;
 add fec0:0:0:2::1 fec0:0:0:1::1 ah 0x10001
 	-m transport
-	-A hmac-md5 "this is the test" ;
+	-A hmac-sha2-256 "this is the test" ;
 
 # ESP tunnel mode is required between Host-A and Gateway-A.
-# Encryption algorithm is cast128-cbc, and authentication algorithm
-# for ESP is hmac-sha1.
+# Encryption algorithm is aes-cbc, and authentication algorithm
+# for ESP is hmac-sha2-256.
 # ESP transport mode is recommended between Host-A and Host-B.
-# Encryption algorithm is rc5-cbc,  and authentication algorithm
-# for ESP is hmac-md5.
+# Encryption algorithm is aes-ctr,  and authentication algorithm
+# for ESP is hmac-sha2-512.
 #
 #       ================== ESP =================
 #       |  ======= ESP =======                 |
@@ -153,18 +153,18 @@ spdadd fec0:0:0:2::1[80] fec0:0:0:1::1[any] tcp -P in ipsec
 	esp/tunnel/fec0:0:0:2::1-fec0:0:0:1::1/require ;
 add fec0:0:0:1::1 fec0:0:0:2::2 esp 0x10001
 	-m transport
-	-E cast128-cbc "12341234"
-	-A hmac-sha1 "this is the test key" ;
+	-E aes-cbc "kamekame12341234kamekame12341234"
+	-A hmac-sha2-256 "this is the test key" ;
 add fec0:0:0:1::1 fec0:0:0:2::1 esp 0x10002
-	-E rc5-cbc "kamekame"
-	-A hmac-md5 "this is the test" ;
+	-E aes-ctr "kamekame12341234kamekame12341234f00f"
+	-A hmac-sha2-512 "this is the test" ;
 add fec0:0:0:2::2 fec0:0:0:1::1 esp 0x10003
 	-m transport
-	-E cast128-cbc "12341234"
-	-A hmac-sha1 "this is the test key" ;
+	-E aes-cbc "kamekame12341234kamekame12341234"
+	-A hmac-sha2-256 "this is the test key" ;
 add fec0:0:0:2::1 fec0:0:0:1::1 esp 0x10004
-	-E rc5-cbc "kamekame"
-	-A hmac-md5 "this is the test" ;
+	-E aes-ctr "kamekame12341234kamekame12341234f00f"
+	-A hmac-sha2-512 "this is the test" ;
 
 # By "get" command, you can get a entry of either SP or SA.
 get fec0:0:0:1::1 fec0:0:0:2::2 ah 0x10004 ;
@@ -189,29 +189,14 @@ flush ah ;
 
 # XXX
 add ::1 ::1 esp 10001 -m transport -E null ;
-add ::1 ::1 esp 10002 -m transport -E des-deriv "12341234" ;
-add ::1 ::1 esp-old 10003 -m transport -E des-32iv "12341234" ;
 add ::1 ::1 esp 10004 -m transport -E null -A null ;
-add ::1 ::1 esp 10005 -m transport -E null -A hmac-md5 "1234123412341234" ;
 add ::1 ::1 esp 10006 -m tunnel -E null -A hmac-sha1 "12341234123412341234" ;
-add ::1 ::1 esp 10007 -m transport -E null -A keyed-md5 "1234123412341234" ;
-add ::1 ::1 esp 10008 -m any -E null -A keyed-sha1 "12341234123412341234" ;
-add ::1 ::1 esp 10009 -m transport -E des-cbc "testtest" ;
-add ::1 ::1 esp 10010 -m transport -E 3des-cbc "testtest12341234testtest" ;
-add ::1 ::1 esp 10011 -m tunnel -E cast128-cbc "testtest1234" ;
-add ::1 ::1 esp 10012 -m tunnel -E blowfish-cbc "testtest1234" ;
-add ::1 ::1 esp 10013 -m tunnel -E rc5-cbc "testtest1234" ;
-add ::1 ::1 esp 10014 -m any -E rc5-cbc "testtest1234" ;
 add ::1 ::1 esp 10015 -m transport -f zero-pad -E null ;
 add ::1 ::1 esp 10016 -m tunnel -f random-pad -r 8 -lh 100 -ls 80 -E null ;
 add ::1 ::1 esp 10017 -m transport -f seq-pad -f nocyclic-seq -E null ;
 add ::1 ::1 esp 10018 -m transport -E null ;
 #add ::1 ::1 ah 20000 -m transport -A null ;
-add ::1 ::1 ah 20001 -m any -A hmac-md5 "1234123412341234";
 add ::1 ::1 ah 20002 -m tunnel -A hmac-sha1 "12341234123412341234";
-add ::1 ::1 ah 20003 -m transport -A keyed-md5 "1234123412341234";
-add ::1 ::1 ah-old 20004 -m transport -A keyed-md5 "1234123412341234";
-add ::1 ::1 ah 20005 -m transport -A keyed-sha1 "12341234123412341234";
 #add ::1 ::1 ipcomp 30000 -C oui ;
 add ::1 ::1 ipcomp 30001 -C deflate ;
 #add ::1 ::1 ipcomp 30002 -C lzs ;
diff --git a/sbin/setkey/setkey.8 b/sbin/setkey/setkey.8
index 8132bebab097..82a4bb1d02cc 100644
--- a/sbin/setkey/setkey.8
+++ b/sbin/setkey/setkey.8
@@ -29,7 +29,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd April 9, 2017
+.Dd May 01, 2020
 .Dt SETKEY 8
 .Os
 .\"
@@ -588,14 +588,8 @@ of the
 parameter:
 .Bd -literal -offset indent
 algorithm	keylen (bits)	comment
-hmac-md5	128		ah: rfc2403
-		128		ah-old: rfc2085
 hmac-sha1	160		ah: rfc2404
 		160		ah-old: 128bit ICV (no document)
-keyed-md5	128		ah: 96bit ICV (no document)
-		128		ah-old: rfc1828
-keyed-sha1	160		ah: 96bit ICV (no document)
-		160		ah-old: 128bit ICV (no document)
 null		0 to 2048	for debugging
 hmac-sha2-256	256		ah: 128bit ICV (RFC4868)
 		256		ah-old: 128bit ICV (no document)
@@ -603,8 +597,6 @@ hmac-sha2-384	384		ah: 192bit ICV (RFC4868)
 		384		ah-old: 128bit ICV (no document)
 hmac-sha2-512	512		ah: 256bit ICV (RFC4868)
 		512		ah-old: 128bit ICV (no document)
-hmac-ripemd160	160		ah: 96bit ICV (RFC2857)
-				ah-old: 128bit ICV (no document)
 aes-xcbc-mac	128		ah: 96bit ICV (RFC3566)
 		128		ah-old: 128bit ICV (no document)
 tcp-md5		8 to 640	tcp: rfc2385
@@ -619,16 +611,10 @@ of the
 parameter:
 .Bd -literal -offset indent
 algorithm	keylen (bits)	comment
-des-cbc		64		esp-old: rfc1829, esp: rfc2405
-3des-cbc	192		rfc2451
 null		0 to 2048	rfc2410
-blowfish-cbc	40 to 448	rfc2451
-cast128-cbc	40 to 128	rfc2451
-des-deriv	64		ipsec-ciph-des-derived-01
 rijndael-cbc	128/192/256	rfc3602
 aes-ctr		160/224/288	draft-ietf-ipsec-ciph-aes-ctr-03
 aes-gcm-16	160/224/288	rfc4106
-camellia-cbc	128/192/256	rfc4312
 .Ed
 .Pp
 Note that the first 128/192/256 bits of a key for
@@ -653,24 +639,17 @@ deflate		rfc2394
 .\"
 .Sh EXAMPLES
 Add an ESP SA between two IPv6 addresses using the
-des-cbc encryption algorithm.
+AES-GCM encryption algorithm.
 .Bd -literal -offset indent
 add 3ffe:501:4819::1 3ffe:501:481d::1 esp 123457
-	-E des-cbc 0x3ffe05014819ffff ;
+	-E aes-gcm-16 0x3ffe050148193ffe050148193ffe050148193ffe ;
 .Pp
 .Ed
 .\"
 Add an authentication SA between two FQDN specified hosts:
 .Bd -literal -offset indent
 add -6 myhost.example.com yourhost.example.com ah 123456
-	-A hmac-sha1 "AH SA configuration!" ;
-.Pp
-.Ed
-Use both ESP and AH between two numerically specified hosts:
-.Bd -literal -offset indent
-add 10.0.11.41 10.0.11.33 esp 0x10001
-	-E des-cbc 0x3ffe05014819ffff
-	-A hmac-md5 "authentication!!" ;
+	-A hmac-sha2-256 "AH SA configuration!" ;
 .Pp
 .Ed
 Get the SA information associated with first example above:
diff --git a/sbin/setkey/test-pfkey.c b/sbin/setkey/test-pfkey.c
index aead9d851dd0..ba702c80eb37 100644
--- a/sbin/setkey/test-pfkey.c
+++ b/sbin/setkey/test-pfkey.c
@@ -319,15 +319,15 @@ key_setsadbprop()
 	m_prop.sadb_prop_reserved[1] = 0;
 	m_prop.sadb_prop_reserved[2] = 0;
 
-	/* the 1st is ESP DES-CBC HMAC-MD5 */
+	/* the 1st is ESP AES-GCM-16 */
 	m_comb = (struct sadb_comb *)buf;
-	m_comb->sadb_comb_auth = SADB_AALG_MD5HMAC;
-	m_comb->sadb_comb_encrypt = SADB_EALG_DESCBC;
+	m_comb->sadb_comb_auth = SADB_AALG_NONE;
+	m_comb->sadb_comb_encrypt = SADB_X_EALG_AESGCM16;
 	m_comb->sadb_comb_flags = 0;
-	m_comb->sadb_comb_auth_minbits = 8;
-	m_comb->sadb_comb_auth_maxbits = 96;
-	m_comb->sadb_comb_encrypt_minbits = 64;
-	m_comb->sadb_comb_encrypt_maxbits = 64;
+	m_comb->sadb_comb_auth_minbits = 0;
+	m_comb->sadb_comb_auth_maxbits = 0;
+	m_comb->sadb_comb_encrypt_minbits = 128;
+	m_comb->sadb_comb_encrypt_maxbits = 256;
 	m_comb->sadb_comb_reserved = 0;
 	m_comb->sadb_comb_soft_allocations = 0;
 	m_comb->sadb_comb_hard_allocations = 0;
@@ -338,15 +338,15 @@ key_setsadbprop()
 	m_comb->sadb_comb_soft_usetime = 0;
 	m_comb->sadb_comb_hard_usetime = 0;
 
-	/* the 2st is ESP 3DES-CBC and AH HMAC-SHA1 */
+	/* the 2nd is ESP AES-CBC and AH HMAC-SHA2-256 */
 	m_comb = (struct sadb_comb *)(buf + sizeof(*m_comb));
-	m_comb->sadb_comb_auth = SADB_AALG_SHA1HMAC;
-	m_comb->sadb_comb_encrypt = SADB_EALG_3DESCBC;
+	m_comb->sadb_comb_auth = SADB_X_AALG_SHA2_256;
+	m_comb->sadb_comb_encrypt = SADB_X_EALG_RIJNDAELCBC;
 	m_comb->sadb_comb_flags = 0;
-	m_comb->sadb_comb_auth_minbits = 8;
-	m_comb->sadb_comb_auth_maxbits = 96;
-	m_comb->sadb_comb_encrypt_minbits = 64;
-	m_comb->sadb_comb_encrypt_maxbits = 64;
+	m_comb->sadb_comb_auth_minbits = 256;
+	m_comb->sadb_comb_auth_maxbits = 256;
+	m_comb->sadb_comb_encrypt_minbits = 128;
+	m_comb->sadb_comb_encrypt_maxbits = 256;
 	m_comb->sadb_comb_reserved = 0;
 	m_comb->sadb_comb_soft_allocations = 0;
 	m_comb->sadb_comb_hard_allocations = 0;
@@ -457,8 +457,8 @@ key_setsadbsa()
 	m_sa.sadb_sa_spi = htonl(0x12345678);
 	m_sa.sadb_sa_replay = 4;
 	m_sa.sadb_sa_state = 0;
-	m_sa.sadb_sa_auth = SADB_AALG_MD5HMAC;
-	m_sa.sadb_sa_encrypt = SADB_EALG_DESCBC;
+	m_sa.sadb_sa_auth = SADB_AALG_NONE;
+	m_sa.sadb_sa_encrypt = SADB_X_EALG_AESGCM16;
 	m_sa.sadb_sa_flags = 0;
 
 	memcpy(m_buf + m_len, &m_sa, sizeof(struct sadb_sa));
diff --git a/sbin/setkey/token.l b/sbin/setkey/token.l
index 0c0ceb728a94..86d10fee4532 100644
--- a/sbin/setkey/token.l
+++ b/sbin/setkey/token.l
@@ -147,31 +147,20 @@ tcp		{ yylval.num = 0; return(PR_TCP); }
 
 	/* authentication alogorithm */
 {hyphen}A	{ BEGIN S_AUTHALG; return(F_AUTH); }
-<S_AUTHALG>hmac-md5	{ yylval.num = SADB_AALG_MD5HMAC; BEGIN INITIAL; return(ALG_AUTH); }
 <S_AUTHALG>hmac-sha1	{ yylval.num = SADB_AALG_SHA1HMAC; BEGIN INITIAL; return(ALG_AUTH); }
-<S_AUTHALG>keyed-md5	{ yylval.num = SADB_X_AALG_MD5; BEGIN INITIAL; return(ALG_AUTH); }
-<S_AUTHALG>keyed-sha1	{ yylval.num = SADB_X_AALG_SHA; BEGIN INITIAL; return(ALG_AUTH); }
 <S_AUTHALG>hmac-sha2-256 { yylval.num = SADB_X_AALG_SHA2_256; BEGIN INITIAL; return(ALG_AUTH); }
 <S_AUTHALG>hmac-sha2-384 { yylval.num = SADB_X_AALG_SHA2_384; BEGIN INITIAL; return(ALG_AUTH); }
 <S_AUTHALG>hmac-sha2-512 { yylval.num = SADB_X_AALG_SHA2_512; BEGIN INITIAL; return(ALG_AUTH); }
-<S_AUTHALG>hmac-ripemd160 { yylval.num = SADB_X_AALG_RIPEMD160HMAC; BEGIN INITIAL; return(ALG_AUTH); }
 <S_AUTHALG>aes-xcbc-mac { yylval.num = SADB_X_AALG_AES_XCBC_MAC; BEGIN INITIAL; return(ALG_AUTH); }
 <S_AUTHALG>tcp-md5	{ yylval.num = SADB_X_AALG_TCP_MD5; BEGIN INITIAL; return(ALG_AUTH); }
 <S_AUTHALG>null { yylval.num = SADB_X_AALG_NULL; BEGIN INITIAL; return(ALG_AUTH_NOKEY); }
 
 	/* encryption alogorithm */
 {hyphen}E	{ BEGIN S_ENCALG; return(F_ENC); }
-<S_ENCALG>des-cbc	{ yylval.num = SADB_EALG_DESCBC; BEGIN INITIAL; return(ALG_ENC); }
-<S_ENCALG>3des-cbc	{ yylval.num = SADB_EALG_3DESCBC; BEGIN INITIAL; return(ALG_ENC); }
 <S_ENCALG>null		{ yylval.num = SADB_EALG_NULL; BEGIN INITIAL; return(ALG_ENC); }
 <S_ENCALG>simple	{ yylval.num = SADB_EALG_NULL; BEGIN INITIAL; return(ALG_ENC_OLD); }
-<S_ENCALG>blowfish-cbc	{ yylval.num = SADB_X_EALG_BLOWFISHCBC; BEGIN INITIAL; return(ALG_ENC); }
-<S_ENCALG>cast128-cbc	{ yylval.num = SADB_X_EALG_CAST128CBC; BEGIN INITIAL; return(ALG_ENC); }
-<S_ENCALG>des-deriv	{ yylval.num = SADB_EALG_DESCBC; BEGIN INITIAL; return(ALG_ENC_DESDERIV); }
-<S_ENCALG>des-32iv	{ yylval.num = SADB_EALG_DESCBC; BEGIN INITIAL; return(ALG_ENC_DES32IV); }
 <S_ENCALG>rijndael-cbc	{ yylval.num = SADB_X_EALG_RIJNDAELCBC; BEGIN INITIAL; return(ALG_ENC); }
 <S_ENCALG>aes-ctr	{ yylval.num = SADB_X_EALG_AESCTR; BEGIN INITIAL; return(ALG_ENC_SALT); }
-<S_ENCALG>camellia-cbc	{ yylval.num = SADB_X_EALG_CAMELLIACBC; BEGIN INITIAL; return(ALG_ENC); }
 <S_ENCALG>aes-gcm-16	{ yylval.num = SADB_X_EALG_AESGCM16; BEGIN INITIAL; return(ALG_ENC_SALT); }
 
 	/* compression algorithms */
diff --git a/sys/netipsec/ipsec.c b/sys/netipsec/ipsec.c
index c6454547c5c2..f8ba71cf6635 100644
--- a/sys/netipsec/ipsec.c
+++ b/sys/netipsec/ipsec.c
@@ -217,11 +217,6 @@ SYSCTL_INT(_net_inet_ipsec, OID_AUTO, filtertunnel,
 SYSCTL_VNET_PCPUSTAT(_net_inet_ipsec, OID_AUTO, ipsecstats, struct ipsecstat,
     ipsec4stat, "IPsec IPv4 statistics.");
 
-struct timeval ipsec_warn_interval = { .tv_sec = 1, .tv_usec = 0 };
-SYSCTL_TIMEVAL_SEC(_net_inet_ipsec, OID_AUTO, crypto_warn_interval, CTLFLAG_RW,
-    &ipsec_warn_interval,
-    "Delay in seconds between warnings of deprecated IPsec crypto algorithms.");
-
 #ifdef REGRESSION
 /*
  * When set to 1, IPsec will send packets with the same sequence number.
diff --git a/sys/netipsec/ipsec.h b/sys/netipsec/ipsec.h
index 345faa3618c8..0124b12c20cd 100644
--- a/sys/netipsec/ipsec.h
+++ b/sys/netipsec/ipsec.h
@@ -287,8 +287,6 @@ VNET_DECLARE(int, crypto_support);
 VNET_DECLARE(int, async_crypto);
 VNET_DECLARE(int, natt_cksum_policy);
 
-extern struct timeval ipsec_warn_interval;
-
 #define	IPSECSTAT_INC(name)	\
     VNET_PCPUSTAT_ADD(struct ipsecstat, ipsec4stat, name, 1)
 #define	V_ip4_esp_trans_deflev	VNET(ip4_esp_trans_deflev)
diff --git a/sys/netipsec/key.c b/sys/netipsec/key.c
index e6ffea434f5e..f97c2195af9d 100644
--- a/sys/netipsec/key.c
+++ b/sys/netipsec/key.c
@@ -583,13 +583,8 @@ static struct supported_ealgs {
 	int sadb_alg;
 	const struct enc_xform *xform;
 } supported_ealgs[] = {
-	{ SADB_EALG_DESCBC,		&enc_xform_des },
-	{ SADB_EALG_3DESCBC,		&enc_xform_3des },
 	{ SADB_X_EALG_AES,		&enc_xform_rijndael128 },
-	{ SADB_X_EALG_BLOWFISHCBC,	&enc_xform_blf },
-	{ SADB_X_EALG_CAST128CBC,	&enc_xform_cast5 },
 	{ SADB_EALG_NULL,		&enc_xform_null },
-	{ SADB_X_EALG_CAMELLIACBC,	&enc_xform_camellia },
 	{ SADB_X_EALG_AESCTR,		&enc_xform_aes_icm },
 	{ SADB_X_EALG_AESGCM16,		&enc_xform_aes_nist_gcm },
 	{ SADB_X_EALG_AESGMAC,		&enc_xform_aes_nist_gmac },
@@ -600,11 +595,7 @@ static struct supported_aalgs {
 	const struct auth_hash *xform;
 } supported_aalgs[] = {
 	{ SADB_X_AALG_NULL,		&auth_hash_null },
-	{ SADB_AALG_MD5HMAC,		&auth_hash_hmac_md5 },
 	{ SADB_AALG_SHA1HMAC,		&auth_hash_hmac_sha1 },
-	{ SADB_X_AALG_RIPEMD160HMAC,	&auth_hash_hmac_ripemd_160 },
-	{ SADB_X_AALG_MD5,		&auth_hash_key_md5 },
-	{ SADB_X_AALG_SHA,		&auth_hash_key_sha1 },
 	{ SADB_X_AALG_SHA2_256,		&auth_hash_hmac_sha2_256 },
 	{ SADB_X_AALG_SHA2_384,		&auth_hash_hmac_sha2_384 },
 	{ SADB_X_AALG_SHA2_512,		&auth_hash_hmac_sha2_512 },
@@ -6381,8 +6372,6 @@ key_getsizes_ah(const struct auth_hash *ah, int alg, u_int16_t* min,
 		 * key size is restricted.  Enforce this here.
 		 */
 		switch (alg) {
-		case SADB_X_AALG_MD5:	*min = *max = 16; break;
-		case SADB_X_AALG_SHA:	*min = *max = 20; break;
 		case SADB_X_AALG_NULL:	*min = 1; *max = 256; break;
 		case SADB_X_AALG_SHA2_256: *min = *max = 32; break;
 		case SADB_X_AALG_SHA2_384: *min = *max = 48; break;
@@ -6413,7 +6402,6 @@ key_getcomb_ah()
 #if 1
 		/* we prefer HMAC algorithms, not old algorithms */
 		if (i != SADB_AALG_SHA1HMAC &&
-		    i != SADB_AALG_MD5HMAC  &&
 		    i != SADB_X_AALG_SHA2_256 &&
 		    i != SADB_X_AALG_SHA2_384 &&
 		    i != SADB_X_AALG_SHA2_512)
diff --git a/sys/netipsec/xform_ah.c b/sys/netipsec/xform_ah.c
index 834376634d5a..9c6026481ddf 100644
--- a/sys/netipsec/xform_ah.c
+++ b/sys/netipsec/xform_ah.c
@@ -108,7 +108,6 @@ SYSCTL_VNET_PCPUSTAT(_net_inet_ah, IPSECCTL_STATS, stats, struct ahstat,
 #endif
 
 static unsigned char ipseczeroes[256];	/* larger than an ip6 extension hdr */
-static struct timeval md5warn, ripewarn, kpdkmd5warn, kpdksha1warn;
 
 static int ah_input_cb(struct cryptop*);
 static int ah_output_cb(struct cryptop*);
@@ -185,25 +184,6 @@ ah_init0(struct secasvar *sav, struct xformsw *xsp,
 		return EINVAL;
 	}
 
-	switch (sav->alg_auth) {
-	case SADB_AALG_MD5HMAC:
-		if (ratecheck(&md5warn, &ipsec_warn_interval))
-			gone_in(13, "MD5-HMAC authenticator for IPsec");
-		break;
-	case SADB_X_AALG_RIPEMD160HMAC:
-		if (ratecheck(&ripewarn, &ipsec_warn_interval))
-			gone_in(13, "RIPEMD160-HMAC authenticator for IPsec");
-		break;
-	case SADB_X_AALG_MD5:
-		if (ratecheck(&kpdkmd5warn, &ipsec_warn_interval))
-			gone_in(13, "Keyed-MD5 authenticator for IPsec");
-		break;
-	case SADB_X_AALG_SHA:
-		if (ratecheck(&kpdksha1warn, &ipsec_warn_interval))
-			gone_in(13, "Keyed-SHA1 authenticator for IPsec");
-		break;
-	}
-
 	/*
 	 * Verify the replay state block allocation is consistent with
 	 * the protocol type.  We check here so we can make assumptions
@@ -317,11 +297,7 @@ ah_massage_headers(struct mbuf **m0, int proto, int skip, int alg, int out)
 			ip->ip_tos = 0;
 		ip->ip_ttl = 0;
 		ip->ip_sum = 0;
-
-		if (alg == CRYPTO_MD5_KPDK || alg == CRYPTO_SHA1_KPDK)
-			ip->ip_off &= htons(IP_DF);
-		else
-			ip->ip_off = htons(0);
+		ip->ip_off = htons(0);
 
 		ptr = mtod(m, unsigned char *);
 
diff --git a/sys/netipsec/xform_esp.c b/sys/netipsec/xform_esp.c
index 2195f28d70c6..22ffc92f5cb9 100644
--- a/sys/netipsec/xform_esp.c
+++ b/sys/netipsec/xform_esp.c
@@ -94,8 +94,6 @@ SYSCTL_VNET_PCPUSTAT(_net_inet_esp, IPSECCTL_STATS, stats,
     struct espstat, espstat,
     "ESP statistics (struct espstat, netipsec/esp_var.h");
 
-static struct timeval deswarn, blfwarn, castwarn, camelliawarn, tdeswarn;
-
 static int esp_input_cb(struct cryptop *op);
 static int esp_output_cb(struct cryptop *crp);
 
@@ -159,29 +157,6 @@ esp_init(struct secasvar *sav, struct xformsw *xsp)
 		return EINVAL;
 	}
 
-	switch (sav->alg_enc) {
-	case SADB_EALG_DESCBC:
-		if (ratecheck(&deswarn, &ipsec_warn_interval))
-			gone_in(13, "DES cipher for IPsec");
-		break;
-	case SADB_EALG_3DESCBC:
-		if (ratecheck(&tdeswarn, &ipsec_warn_interval))
-			gone_in(13, "3DES cipher for IPsec");
-		break;
-	case SADB_X_EALG_BLOWFISHCBC:
-		if (ratecheck(&blfwarn, &ipsec_warn_interval))
-			gone_in(13, "Blowfish cipher for IPsec");
-		break;
-	case SADB_X_EALG_CAST128CBC:
-		if (ratecheck(&castwarn, &ipsec_warn_interval))
-			gone_in(13, "CAST cipher for IPsec");
-		break;
-	case SADB_X_EALG_CAMELLIACBC:
-		if (ratecheck(&camelliawarn, &ipsec_warn_interval))
-			gone_in(13, "Camellia cipher for IPsec");
-		break;
-	}
-
 	/* subtract off the salt, RFC4106, 8.1 and RFC3686, 5.1 */
 	keylen = _KEYLEN(sav->key_enc) - SAV_ISCTRORGCM(sav) * 4;
 	if (txform->minkey > keylen || keylen > txform->maxkey) {
diff --git a/usr.bin/netstat/ipsec.c b/usr.bin/netstat/ipsec.c
index 778fad17b605..679b1ce6320a 100644
--- a/usr.bin/netstat/ipsec.c
+++ b/usr.bin/netstat/ipsec.c
@@ -123,15 +123,11 @@ struct val2str {
 
 static struct val2str ipsec_ahnames[] = {
 	{ SADB_AALG_NONE, "none", },
-	{ SADB_AALG_MD5HMAC, "hmac-md5", },
 	{ SADB_AALG_SHA1HMAC, "hmac-sha1", },
-	{ SADB_X_AALG_MD5, "keyed-md5", },
-	{ SADB_X_AALG_SHA, "keyed-sha1", },
 	{ SADB_X_AALG_NULL, "null", },
 	{ SADB_X_AALG_SHA2_256, "hmac-sha2-256", },
 	{ SADB_X_AALG_SHA2_384, "hmac-sha2-384", },
 	{ SADB_X_AALG_SHA2_512, "hmac-sha2-512", },
-	{ SADB_X_AALG_RIPEMD160HMAC, "hmac-ripemd160", },
 	{ SADB_X_AALG_AES_XCBC_MAC, "aes-xcbc-mac", },
 	{ SADB_X_AALG_TCP_MD5, "tcp-md5", },
 	{ SADB_X_AALG_AES128GMAC, "aes-gmac-128", },
@@ -142,13 +138,8 @@ static struct val2str ipsec_ahnames[] = {
 
 static struct val2str ipsec_espnames[] = {
 	{ SADB_EALG_NONE, "none", },
-	{ SADB_EALG_DESCBC, "des-cbc", },
-	{ SADB_EALG_3DESCBC, "3des-cbc", },
 	{ SADB_EALG_NULL, "null", },
-	{ SADB_X_EALG_CAST128CBC, "cast128-cbc", },
-	{ SADB_X_EALG_BLOWFISHCBC, "blowfish-cbc", },
 	{ SADB_X_EALG_RIJNDAELCBC, "rijndael-cbc", },
-	{ SADB_X_EALG_CAMELLIACBC, "camellia-cbc", },
 	{ SADB_X_EALG_AESCTR, "aes-ctr", },
 	{ SADB_X_EALG_AESGCM16, "aes-gcm-16", },
 	{ SADB_X_EALG_AESGMAC, "aes-gmac", },