Remove support for MD2

No part of IKE/IPsec or X.509 uses MD2 anymore, so there really is no
reason to still support it (unlike MD4 that is used in EAP-MSCHAPv2,
MD5 that's used in EAP-MD5, or SHA-1 that's used for e.g. NAT-D hashes).

It caused test vectors to fail on systems where OpenSSL is built with
MD2 support but has it disabled at runtime.

src/libstrongswan/asn1/oid.txt

@@ -94,7 +94,7 @@
             0x01             "PKCS"
               0x01           "PKCS-1"
                 0x01         "rsaEncryption"			OID_RSA_ENCRYPTION
-                0x02         "md2WithRSAEncryption"		OID_MD2_WITH_RSA
+                0x02         "md2WithRSAEncryption"
                 0x04         "md5WithRSAEncryption"		OID_MD5_WITH_RSA
                 0x05         "sha-1WithRSAEncryption"	OID_SHA1_WITH_RSA
                 0x07         "id-RSAES-OAEP"			OID_RSAES_OAEP
@@ -148,7 +148,7 @@
                     0x05     "secretBag"
                     0x06     "safeContentsBag"
             0x02             "digestAlgorithm"
-              0x02           "md2"						OID_MD2
+              0x02           "md2"
               0x05           "md5"						OID_MD5
               0x07           "hmacWithSHA1"				OID_HMAC_SHA1
               0x08           "hmacWithSHA224"			OID_HMAC_SHA224

src/libstrongswan/credentials/containers/pkcs12.c

@@ -83,7 +83,6 @@ static bool derive_key(hash_algorithm_t hash, chunk_t unicode, chunk_t salt,
 	}
 	switch (hash)
 	{
-		case HASH_MD2:
 		case HASH_MD5:
 		case HASH_SHA1:
 		case HASH_SHA224:

src/libstrongswan/crypto/hashers/hasher.c

@@ -30,7 +30,6 @@ ENUM_BEGIN(hash_algorithm_names, HASH_SHA1, HASH_IDENTITY,
 	"HASH_IDENTITY");
 ENUM_NEXT(hash_algorithm_names, HASH_UNKNOWN, HASH_SHA3_512, HASH_IDENTITY,
 	"HASH_UNKNOWN",
-	"HASH_MD2",
 	"HASH_MD4",
 	"HASH_MD5",
 	"HASH_SHA2_224",
@@ -48,7 +47,6 @@ ENUM_BEGIN(hash_algorithm_short_names, HASH_SHA1, HASH_IDENTITY,
 	"identity");
 ENUM_NEXT(hash_algorithm_short_names, HASH_UNKNOWN, HASH_SHA3_512, HASH_IDENTITY,
 	"unknown",
-	"md2",
 	"md4",
 	"md5",
 	"sha224",
@@ -66,7 +64,6 @@ ENUM_BEGIN(hash_algorithm_short_names_upper, HASH_SHA1, HASH_IDENTITY,
 	"IDENTITY");
 ENUM_NEXT(hash_algorithm_short_names_upper, HASH_UNKNOWN, HASH_SHA3_512, HASH_IDENTITY,
 	"UNKNOWN",
-	"MD2",
 	"MD4",
 	"MD5",
 	"SHA2_224",
@@ -91,8 +88,6 @@ size_t hasher_hash_size(hash_algorithm_t alg)
 			return HASH_SIZE_SHA384;
 		case HASH_SHA512:
 			return HASH_SIZE_SHA512;
-		case HASH_MD2:
-			return HASH_SIZE_MD2;
 		case HASH_MD4:
 			return HASH_SIZE_MD4;
 		case HASH_MD5:
@@ -121,9 +116,6 @@ hash_algorithm_t hasher_algorithm_from_oid(int oid)
 {
 	switch (oid)
 	{
-		case OID_MD2:
-		case OID_MD2_WITH_RSA:
-			return HASH_MD2;
 		case OID_MD5:
 		case OID_MD5_WITH_RSA:
 			return HASH_MD5;
@@ -323,7 +315,6 @@ integrity_algorithm_t hasher_algorithm_to_integrity(hash_algorithm_t alg,
 					return AUTH_HMAC_SHA2_512_512;
 			}
 			break;
-		case HASH_MD2:
 		case HASH_MD4:
 		case HASH_SHA224:
 		case HASH_SHA3_224:
@@ -350,7 +341,6 @@ bool hasher_algorithm_for_ikev2(hash_algorithm_t alg)
 		case HASH_SHA512:
 			return TRUE;
 		case HASH_UNKNOWN:
-		case HASH_MD2:
 		case HASH_MD4:
 		case HASH_MD5:
 		case HASH_SHA1:
@@ -373,9 +363,6 @@ int hasher_algorithm_to_oid(hash_algorithm_t alg)
 
 	switch (alg)
 	{
-		case HASH_MD2:
-			oid = OID_MD2;
-			break;
 		case HASH_MD5:
 			oid = OID_MD5;
 			break;
@@ -422,8 +409,6 @@ int hasher_signature_algorithm_to_oid(hash_algorithm_t alg, key_type_t key)
 		case KEY_RSA:
 			switch (alg)
 			{
-				case HASH_MD2:
-					return OID_MD2_WITH_RSA;
 				case HASH_MD5:
 					return OID_MD5_WITH_RSA;
 				case HASH_SHA1:

src/libstrongswan/crypto/hashers/hasher.h

@@ -45,17 +45,15 @@ enum hash_algorithm_t {
 	HASH_IDENTITY		= 5,
 	/* use private use range for algorithms not defined/permitted by RFC 7427 */
 	HASH_UNKNOWN 		= 1024,
-	HASH_MD2 			= 1025,
-	HASH_MD4			= 1026,
-	HASH_MD5 			= 1027,
-	HASH_SHA224			= 1028,
-	HASH_SHA3_224		= 1029,
-	HASH_SHA3_256		= 1030,
-	HASH_SHA3_384		= 1031,
-	HASH_SHA3_512		= 1032
+	HASH_MD4			= 1025,
+	HASH_MD5 			= 1026,
+	HASH_SHA224			= 1027,
+	HASH_SHA3_224		= 1028,
+	HASH_SHA3_256		= 1029,
+	HASH_SHA3_384		= 1030,
+	HASH_SHA3_512		= 1031
 };
 
-#define HASH_SIZE_MD2		16
 #define HASH_SIZE_MD4		16
 #define HASH_SIZE_MD5		16
 #define HASH_SIZE_SHA1		20

src/libstrongswan/crypto/xofs/xof.c

@@ -60,7 +60,6 @@ ext_out_function_t xof_mgf1_from_hash_algorithm(hash_algorithm_t alg)
 			return XOF_MGF1_SHA3_384;
 		case HASH_IDENTITY:
 		case HASH_UNKNOWN:
-		case HASH_MD2:
 		case HASH_MD4:
 		case HASH_MD5:
 			break;

src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c

@@ -92,9 +92,6 @@ gcrypt_hasher_t *gcrypt_hasher_create(hash_algorithm_t algo)
 
 	switch (algo)
 	{
-		case HASH_MD2:
-			gcrypt_alg = GCRY_MD_MD2;
-			break;
 		case HASH_MD4:
 			gcrypt_alg = GCRY_MD_MD4;
 			break;

src/libstrongswan/plugins/openssl/openssl_plugin.c

@@ -400,9 +400,6 @@ METHOD(plugin_t, get_features, int,
 			PLUGIN_PROVIDE(CRYPTER, ENCR_NULL, 0),
 		/* hashers */
 		PLUGIN_REGISTER(HASHER, openssl_hasher_create),
-#ifndef OPENSSL_NO_MD2
-			PLUGIN_PROVIDE(HASHER, HASH_MD2),
-#endif
 #ifndef OPENSSL_NO_MD4
 			PLUGIN_PROVIDE(HASHER, HASH_MD4),
 #endif

src/libstrongswan/plugins/pkcs11/pkcs11_hasher.c

@@ -234,7 +234,6 @@ static CK_MECHANISM_PTR algo_to_mechanism(hash_algorithm_t algo, size_t *size)
 		CK_MECHANISM mechanism;
 		size_t size;
 	} mappings[] = {
-		{HASH_MD2,		{CKM_MD2,		NULL, 0},	HASH_SIZE_MD2},
 		{HASH_MD5,		{CKM_MD5,		NULL, 0},	HASH_SIZE_MD5},
 		{HASH_SHA1,		{CKM_SHA_1,		NULL, 0},	HASH_SIZE_SHA1},
 		{HASH_SHA256,	{CKM_SHA256,	NULL, 0},	HASH_SIZE_SHA256},

src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c

@@ -189,7 +189,6 @@ METHOD(plugin_t, get_features, int,
 {
 	static plugin_feature_t f_hash[] = {
 		PLUGIN_REGISTER(HASHER, pkcs11_hasher_create),
-			PLUGIN_PROVIDE(HASHER, HASH_MD2),
 			PLUGIN_PROVIDE(HASHER, HASH_MD5),
 			PLUGIN_PROVIDE(HASHER, HASH_SHA1),
 			PLUGIN_PROVIDE(HASHER, HASH_SHA256),

src/libstrongswan/plugins/test_vectors/Makefile.am

@@ -37,7 +37,6 @@ libstrongswan_test_vectors_la_SOURCES = \
 	test_vectors/rc5.c \
 	test_vectors/serpent_cbc.c \
 	test_vectors/twofish_cbc.c \
-	test_vectors/md2.c \
 	test_vectors/md4.c \
 	test_vectors/md5.c \
 	test_vectors/md5_hmac.c \

src/libstrongswan/plugins/test_vectors/test_vectors.h

@@ -160,13 +160,6 @@ TEST_VECTOR_SIGNER(sha512_hmac_s1)
 TEST_VECTOR_SIGNER(sha512_hmac_s2)
 TEST_VECTOR_SIGNER(sha512_hmac_s3)
 
-TEST_VECTOR_HASHER(md2_1)
-TEST_VECTOR_HASHER(md2_2)
-TEST_VECTOR_HASHER(md2_3)
-TEST_VECTOR_HASHER(md2_4)
-TEST_VECTOR_HASHER(md2_5)
-TEST_VECTOR_HASHER(md2_6)
-TEST_VECTOR_HASHER(md2_7)
 TEST_VECTOR_HASHER(md4_1)
 TEST_VECTOR_HASHER(md4_2)
 TEST_VECTOR_HASHER(md4_3)

src/libstrongswan/plugins/test_vectors/test_vectors/md2.c

@@ -1,64 +0,0 @@
-/*
- * Copyright (C) 2009 Martin Willi
- *
- * Copyright (C) secunet Security Networks AG
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the Licenseor (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be usefulbut
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#include <crypto/crypto_tester.h>
-
-/**
- * MD2 vectors from RFC 1319
- */
-hasher_test_vector_t md2_1 = {
-	.alg = HASH_MD2, .len = 0,
-	.data	= "",
-	.hash	= "\x83\x50\xe5\xa3\xe2\x4c\x15\x3d\xf2\x27\x5c\x9f\x80\x69\x27\x73"
-};
-
-hasher_test_vector_t md2_2 = {
-	.alg = HASH_MD2, .len = 1,
-	.data	= "a",
-	.hash	= "\x32\xec\x01\xec\x4a\x6d\xac\x72\xc0\xab\x96\xfb\x34\xc0\xb5\xd1"
-};
-
-hasher_test_vector_t md2_3 = {
-	.alg = HASH_MD2, .len = 3,
-	.data	= "abc",
-	.hash	= "\xda\x85\x3b\x0d\x3f\x88\xd9\x9b\x30\x28\x3a\x69\xe6\xde\xd6\xbb"
-};
-
-hasher_test_vector_t md2_4 = {
-	.alg = HASH_MD2, .len = 14,
-	.data	= "message digest",
-	.hash	= "\xab\x4f\x49\x6b\xfb\x2a\x53\x0b\x21\x9f\xf3\x30\x31\xfe\x06\xb0"
-};
-
-hasher_test_vector_t md2_5 = {
-	.alg = HASH_MD2, .len = 26,
-	.data	= "abcdefghijklmnopqrstuvwxyz",
-	.hash	= "\x4e\x8d\xdf\xf3\x65\x02\x92\xab\x5a\x41\x08\xc3\xaa\x47\x94\x0b"
-};
-
-hasher_test_vector_t md2_6 = {
-	.alg = HASH_MD2, .len = 62,
-	.data	= "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
-	.hash	= "\xda\x33\xde\xf2\xa4\x2d\xf1\x39\x75\x35\x28\x46\xc3\x03\x38\xcd"
-};
-
-hasher_test_vector_t md2_7 = {
-	.alg = HASH_MD2, .len = 80,
-	.data	= "1234567890123456789012345678901234567890"
-			  "1234567890123456789012345678901234567890",
-	.hash	= "\xd5\x97\x6f\x79\xd8\x3d\x3a\x0d\xc9\x80\x6c\x3c\x66\xf3\xef\xd8"
-};
-

src/libstrongswan/tests/suites/test_hasher.c

@@ -28,41 +28,39 @@ typedef struct {
 	key_type_t key;
 }hasher_oid_t;
 
+/* make sure to adjust offsets in constructor when changing this array */
 static hasher_oid_t oids[] = {
-	{ OID_MD2, HASH_MD2, KEY_ANY },                                /*  0 */
-	{ OID_MD5, HASH_MD5, KEY_ANY },                                /*  1 */
-	{ OID_SHA1, HASH_SHA1, KEY_ANY },                              /*  2 */
-	{ OID_SHA224, HASH_SHA224, KEY_ANY },                          /*  3 */
-	{ OID_SHA256, HASH_SHA256, KEY_ANY },                          /*  4 */
-	{ OID_SHA384, HASH_SHA384, KEY_ANY },                          /*  5 */
-	{ OID_SHA512, HASH_SHA512, KEY_ANY },                          /*  6 */
-	{ OID_SHA3_224, HASH_SHA3_224, KEY_ANY },                      /*  7 */
-	{ OID_SHA3_256, HASH_SHA3_256, KEY_ANY },                      /*  8 */
-	{ OID_SHA3_384, HASH_SHA3_384, KEY_ANY },                      /*  9 */
-	{ OID_SHA3_512, HASH_SHA3_512, KEY_ANY },                      /* 10 */
-	{ OID_UNKNOWN, HASH_UNKNOWN, KEY_ANY },                        /* 11 */
-	{ OID_MD2_WITH_RSA, HASH_MD2, KEY_RSA },                       /* 12 */
-	{ OID_MD5_WITH_RSA, HASH_MD5, KEY_RSA },                       /* 13 */
-	{ OID_SHA1_WITH_RSA, HASH_SHA1, KEY_RSA },                     /* 14 */
-	{ OID_SHA224_WITH_RSA, HASH_SHA224, KEY_RSA },                 /* 15 */
-	{ OID_SHA256_WITH_RSA, HASH_SHA256, KEY_RSA },                 /* 16 */
-	{ OID_SHA384_WITH_RSA, HASH_SHA384, KEY_RSA },                 /* 17 */
-	{ OID_SHA512_WITH_RSA, HASH_SHA512, KEY_RSA },                 /* 18 */
-	{ OID_RSASSA_PKCS1V15_WITH_SHA3_224, HASH_SHA3_224, KEY_RSA }, /* 19 */
-	{ OID_RSASSA_PKCS1V15_WITH_SHA3_256, HASH_SHA3_256, KEY_RSA }, /* 20 */
-	{ OID_RSASSA_PKCS1V15_WITH_SHA3_384, HASH_SHA3_384, KEY_RSA }, /* 21 */
-	{ OID_RSASSA_PKCS1V15_WITH_SHA3_512, HASH_SHA3_512, KEY_RSA }, /* 22 */
-	{ OID_UNKNOWN, HASH_UNKNOWN, KEY_RSA },                        /* 23 */
-	{ OID_ED25519, HASH_IDENTITY, KEY_ED25519 },                   /* 24 */
-	{ OID_UNKNOWN, HASH_UNKNOWN, KEY_ED25519 },                    /* 25 */
-	{ OID_ED448, HASH_IDENTITY, KEY_ED448 },                       /* 26 */
-	{ OID_UNKNOWN, HASH_UNKNOWN, KEY_ED448 },                      /* 27 */
-	{ OID_ECDSA_WITH_SHA1, HASH_SHA1, KEY_ECDSA },                 /* 28 */
-	{ OID_ECDSA_WITH_SHA256, HASH_SHA256, KEY_ECDSA },             /* 29 */
-	{ OID_ECDSA_WITH_SHA384, HASH_SHA384, KEY_ECDSA },             /* 30 */
-	{ OID_ECDSA_WITH_SHA512, HASH_SHA512, KEY_ECDSA },             /* 31 */
-	{ OID_UNKNOWN, HASH_UNKNOWN, KEY_ECDSA },                      /* 32 */
-
+	{ OID_MD5, HASH_MD5, KEY_ANY },                                /*  0 */
+	{ OID_SHA1, HASH_SHA1, KEY_ANY },                              /*  1 */
+	{ OID_SHA224, HASH_SHA224, KEY_ANY },                          /*  2 */
+	{ OID_SHA256, HASH_SHA256, KEY_ANY },                          /*  3 */
+	{ OID_SHA384, HASH_SHA384, KEY_ANY },                          /*  4 */
+	{ OID_SHA512, HASH_SHA512, KEY_ANY },                          /*  5 */
+	{ OID_SHA3_224, HASH_SHA3_224, KEY_ANY },                      /*  6 */
+	{ OID_SHA3_256, HASH_SHA3_256, KEY_ANY },                      /*  7 */
+	{ OID_SHA3_384, HASH_SHA3_384, KEY_ANY },                      /*  8 */
+	{ OID_SHA3_512, HASH_SHA3_512, KEY_ANY },                      /*  9 */
+	{ OID_UNKNOWN, HASH_UNKNOWN, KEY_ANY },                        /* 10 */
+	{ OID_MD5_WITH_RSA, HASH_MD5, KEY_RSA },                       /* 11 */
+	{ OID_SHA1_WITH_RSA, HASH_SHA1, KEY_RSA },                     /* 12 */
+	{ OID_SHA224_WITH_RSA, HASH_SHA224, KEY_RSA },                 /* 13 */
+	{ OID_SHA256_WITH_RSA, HASH_SHA256, KEY_RSA },                 /* 14 */
+	{ OID_SHA384_WITH_RSA, HASH_SHA384, KEY_RSA },                 /* 15 */
+	{ OID_SHA512_WITH_RSA, HASH_SHA512, KEY_RSA },                 /* 16 */
+	{ OID_RSASSA_PKCS1V15_WITH_SHA3_224, HASH_SHA3_224, KEY_RSA }, /* 17 */
+	{ OID_RSASSA_PKCS1V15_WITH_SHA3_256, HASH_SHA3_256, KEY_RSA }, /* 18 */
+	{ OID_RSASSA_PKCS1V15_WITH_SHA3_384, HASH_SHA3_384, KEY_RSA }, /* 19 */
+	{ OID_RSASSA_PKCS1V15_WITH_SHA3_512, HASH_SHA3_512, KEY_RSA }, /* 20 */
+	{ OID_UNKNOWN, HASH_UNKNOWN, KEY_RSA },                        /* 21 */
+	{ OID_ED25519, HASH_IDENTITY, KEY_ED25519 },                   /* 22 */
+	{ OID_UNKNOWN, HASH_UNKNOWN, KEY_ED25519 },                    /* 23 */
+	{ OID_ED448, HASH_IDENTITY, KEY_ED448 },                       /* 24 */
+	{ OID_UNKNOWN, HASH_UNKNOWN, KEY_ED448 },                      /* 25 */
+	{ OID_ECDSA_WITH_SHA1, HASH_SHA1, KEY_ECDSA },                 /* 26 */
+	{ OID_ECDSA_WITH_SHA256, HASH_SHA256, KEY_ECDSA },             /* 27 */
+	{ OID_ECDSA_WITH_SHA384, HASH_SHA384, KEY_ECDSA },             /* 28 */
+	{ OID_ECDSA_WITH_SHA512, HASH_SHA512, KEY_ECDSA },             /* 29 */
+	{ OID_UNKNOWN, HASH_UNKNOWN, KEY_ECDSA },                      /* 30 */
 };
 
 START_TEST(test_hasher_from_oid)
@@ -174,32 +172,32 @@ typedef struct {
 	size_t length;
 }hasher_auth_t;
 
+/* make sure to adjust offsets in constructor when changing this array */
 static hasher_auth_t auths[] = {
-	{ AUTH_UNDEFINED, HASH_MD2, 0 },
-	{ AUTH_UNDEFINED, HASH_MD4, 0 },
-	{ AUTH_UNDEFINED, HASH_SHA224, 0 },
-	{ AUTH_UNDEFINED, 9, 0 },
-	{ AUTH_UNDEFINED, HASH_UNKNOWN, 0 },
-	{ AUTH_HMAC_MD5_96, HASH_MD5, 12 },
-	{ AUTH_HMAC_SHA1_96, HASH_SHA1, 12 },
-	{ AUTH_HMAC_SHA2_256_96, HASH_SHA256, 12 },
-	{ AUTH_HMAC_MD5_128, HASH_MD5, 16 },
-	{ AUTH_HMAC_SHA1_128, HASH_SHA1, 16 },
-	{ AUTH_HMAC_SHA2_256_128, HASH_SHA256, 16 },
-	{ AUTH_HMAC_SHA1_160, HASH_SHA1, 20 },
-	{ AUTH_HMAC_SHA2_384_192, HASH_SHA384, 24 },
-	{ AUTH_HMAC_SHA2_256_256, HASH_SHA256, 32 },
-	{ AUTH_HMAC_SHA2_512_256, HASH_SHA512, 32 },
-	{ AUTH_HMAC_SHA2_384_384, HASH_SHA384, 48 },
-	{ AUTH_HMAC_SHA2_512_512, HASH_SHA512, 64 },
-	{ AUTH_AES_CMAC_96, HASH_UNKNOWN, 0 },
-	{ AUTH_AES_128_GMAC, HASH_UNKNOWN, 0 },
-	{ AUTH_AES_192_GMAC, HASH_UNKNOWN, 0 },
-	{ AUTH_AES_256_GMAC, HASH_UNKNOWN, 0 },
-	{ AUTH_AES_XCBC_96, HASH_UNKNOWN, 0 },
-	{ AUTH_DES_MAC, HASH_UNKNOWN, 0 },
-	{ AUTH_CAMELLIA_XCBC_96, HASH_UNKNOWN, 0 },
-	{ 0, HASH_UNKNOWN, 0 }
+	{ AUTH_UNDEFINED, HASH_MD4, 0 },             /*  0 */
+	{ AUTH_UNDEFINED, HASH_SHA224, 0 },          /*  1 */
+	{ AUTH_UNDEFINED, 9, 0 },                    /*  2 */
+	{ AUTH_UNDEFINED, HASH_UNKNOWN, 0 },         /*  3 */
+	{ AUTH_HMAC_MD5_96, HASH_MD5, 12 },          /*  4 */
+	{ AUTH_HMAC_SHA1_96, HASH_SHA1, 12 },        /*  5 */
+	{ AUTH_HMAC_SHA2_256_96, HASH_SHA256, 12 },  /*  6 */
+	{ AUTH_HMAC_MD5_128, HASH_MD5, 16 },         /*  7 */
+	{ AUTH_HMAC_SHA1_128, HASH_SHA1, 16 },       /*  8 */
+	{ AUTH_HMAC_SHA2_256_128, HASH_SHA256, 16 }, /*  9 */
+	{ AUTH_HMAC_SHA1_160, HASH_SHA1, 20 },       /* 10 */
+	{ AUTH_HMAC_SHA2_384_192, HASH_SHA384, 24 }, /* 11 */
+	{ AUTH_HMAC_SHA2_256_256, HASH_SHA256, 32 }, /* 12 */
+	{ AUTH_HMAC_SHA2_512_256, HASH_SHA512, 32 }, /* 13 */
+	{ AUTH_HMAC_SHA2_384_384, HASH_SHA384, 48 }, /* 14 */
+	{ AUTH_HMAC_SHA2_512_512, HASH_SHA512, 64 }, /* 15 */
+	{ AUTH_AES_CMAC_96, HASH_UNKNOWN, 0 },       /* 16 */
+	{ AUTH_AES_128_GMAC, HASH_UNKNOWN, 0 },      /* 17 */
+	{ AUTH_AES_192_GMAC, HASH_UNKNOWN, 0 },      /* 18 */
+	{ AUTH_AES_256_GMAC, HASH_UNKNOWN, 0 },      /* 19 */
+	{ AUTH_AES_XCBC_96, HASH_UNKNOWN, 0 },       /* 20 */
+	{ AUTH_DES_MAC, HASH_UNKNOWN, 0 },           /* 21 */
+	{ AUTH_CAMELLIA_XCBC_96, HASH_UNKNOWN, 0 },  /* 22 */
+	{ 0, HASH_UNKNOWN, 0 }                       /* 23 */
 };
 
 START_TEST(test_hasher_from_integrity)
@@ -237,7 +235,6 @@ static hasher_ikev2_t ikev2[] = {
 	{ HASH_SHA384,   TRUE  },
 	{ HASH_SHA512,   TRUE  },
 	{ HASH_UNKNOWN,  FALSE },
-	{ HASH_MD2,      FALSE },
 	{ HASH_MD4,      FALSE },
 	{ HASH_MD5,      FALSE },
 	{ HASH_SHA224,   FALSE },
@@ -262,15 +259,15 @@ Suite *hasher_suite_create()
 	s = suite_create("hasher");
 
 	tc = tcase_create("from_oid");
-	tcase_add_loop_test(tc, test_hasher_from_oid, 0, 28);
+	tcase_add_loop_test(tc, test_hasher_from_oid, 0, 26);
 	suite_add_tcase(s, tc);
 
 	tc = tcase_create("to_oid");
-	tcase_add_loop_test(tc, test_hasher_to_oid, 0, 12);
+	tcase_add_loop_test(tc, test_hasher_to_oid, 0, 11);
 	suite_add_tcase(s, tc);
 
 	tc = tcase_create("sig_to_oid");
-	tcase_add_loop_test(tc, test_hasher_sig_to_oid, 11, countof(oids));
+	tcase_add_loop_test(tc, test_hasher_sig_to_oid, 10, countof(oids));
 	suite_add_tcase(s, tc);
 
 	tc = tcase_create("from_sig_scheme");
@@ -283,11 +280,11 @@ Suite *hasher_suite_create()
 	suite_add_tcase(s, tc);
 
 	tc = tcase_create("from_integrity");
-	tcase_add_loop_test(tc, test_hasher_from_integrity, 4, countof(auths));
+	tcase_add_loop_test(tc, test_hasher_from_integrity, 3, countof(auths));
 	suite_add_tcase(s, tc);
 
 	tc = tcase_create("to_integrity");
-	tcase_add_loop_test(tc, test_hasher_to_integrity, 0, 17);
+	tcase_add_loop_test(tc, test_hasher_to_integrity, 0, 16);
 	suite_add_tcase(s, tc);
 
 	tc = tcase_create("for_ikev2");