aboutsummaryrefslogtreecommitdiffstats
path: root/src/vnet
diff options
context:
space:
mode:
authorNeale Ranns <nranns@cisco.com>2019-08-27 12:26:14 +0000
committerDave Barach <openvpp@barachs.net>2019-08-27 13:49:55 +0000
commit2cdcd0cf4004b2c0d1d3b891e381aac5735c21f1 (patch)
tree5efcdd7cd73e7d1da4ba6aede88908df93f460c2 /src/vnet
parent8e9e0eccb280619f10d287dad3f79541ade03adc (diff)
ipsec: Fix NULL encryption algorithm
Type: fix Ticket: VPP-1756 the block-size was set to 0 resulting in incorrect placement of the ESP footer. add tests for NULL encrypt + integ. Change-Id: I8ab3afda8e68f9ff649540cba3f2cac68f12bbba Signed-off-by: Neale Ranns <nranns@cisco.com>
Diffstat (limited to 'src/vnet')
-rw-r--r--src/vnet/ipsec/ipsec.c7
-rw-r--r--src/vnet/ipsec/ipsec_if.c3
2 files changed, 9 insertions, 1 deletions
diff --git a/src/vnet/ipsec/ipsec.c b/src/vnet/ipsec/ipsec.c
index 388179976c7..9f3e1d36507 100644
--- a/src/vnet/ipsec/ipsec.c
+++ b/src/vnet/ipsec/ipsec.c
@@ -320,6 +320,13 @@ ipsec_init (vlib_main_t * vm)
vec_validate (im->crypto_algs, IPSEC_CRYPTO_N_ALG - 1);
+ a = im->crypto_algs + IPSEC_CRYPTO_ALG_NONE;
+ a->enc_op_id = VNET_CRYPTO_OP_NONE;
+ a->dec_op_id = VNET_CRYPTO_OP_NONE;
+ a->alg = VNET_CRYPTO_ALG_NONE;
+ a->iv_size = 0;
+ a->block_size = 1;
+
a = im->crypto_algs + IPSEC_CRYPTO_ALG_DES_CBC;
a->enc_op_id = VNET_CRYPTO_OP_DES_CBC_ENC;
a->dec_op_id = VNET_CRYPTO_OP_DES_CBC_DEC;
diff --git a/src/vnet/ipsec/ipsec_if.c b/src/vnet/ipsec/ipsec_if.c
index 0b8f997dbd0..f7f8ec79323 100644
--- a/src/vnet/ipsec/ipsec_if.c
+++ b/src/vnet/ipsec/ipsec_if.c
@@ -238,7 +238,8 @@ ipsec_tunnel_feature_set (ipsec_main_t * im, ipsec_tunnel_if_t * t, u8 enable)
ipsec_sa_t *sa;
sa = ipsec_sa_get (t->output_sa_index);
- if (sa->crypto_alg == IPSEC_CRYPTO_ALG_NONE)
+ if (sa->crypto_alg == IPSEC_CRYPTO_ALG_NONE &&
+ sa->integ_alg == IPSEC_INTEG_ALG_NONE)
{
esp4_feature_index = im->esp4_no_crypto_tun_feature_index;
esp6_feature_index = im->esp6_no_crypto_tun_feature_index;