From 17b7a067a2885318ca2bbbd65a580e330cbe3a4b Mon Sep 17 00:00:00 2001
From: Neale Ranns <nranns@cisco.com>
Date: Tue, 27 Aug 2019 12:26:14 +0000
Subject: ipsec: Fix NULL encryption algorithm

Type: fix
Ticket: VPP-1756

the block-size was set to 0 resulting in incorrect placement of the ESP
footer.

add tests for NULL encrypt + integ.

Change-Id: I8ab3afda8e68f9ff649540cba3f2cac68f12bbba
Signed-off-by: Neale Ranns <nranns@cisco.com>
(cherry picked from commit 2cdcd0cf4004b2c0d1d3b891e381aac5735c21f1)
---
 src/vnet/ipsec/ipsec_if.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'src/vnet/ipsec/ipsec_if.c')

diff --git a/src/vnet/ipsec/ipsec_if.c b/src/vnet/ipsec/ipsec_if.c
index 0b8f997dbd0..f7f8ec79323 100644
--- a/src/vnet/ipsec/ipsec_if.c
+++ b/src/vnet/ipsec/ipsec_if.c
@@ -238,7 +238,8 @@ ipsec_tunnel_feature_set (ipsec_main_t * im, ipsec_tunnel_if_t * t, u8 enable)
   ipsec_sa_t *sa;
 
   sa = ipsec_sa_get (t->output_sa_index);
-  if (sa->crypto_alg == IPSEC_CRYPTO_ALG_NONE)
+  if (sa->crypto_alg == IPSEC_CRYPTO_ALG_NONE &&
+      sa->integ_alg == IPSEC_INTEG_ALG_NONE)
     {
       esp4_feature_index = im->esp4_no_crypto_tun_feature_index;
       esp6_feature_index = im->esp6_no_crypto_tun_feature_index;
-- 
cgit 1.2.3-korg