From 89c27818b3bba409ed8e4ccacc9be37384b46705 Mon Sep 17 00:00:00 2001 From: Radu Nicolau Date: Fri, 4 May 2018 12:51:53 +0100 Subject: ipsec: allow null/null for crypto/integ algorithms pair Change-Id: Ic1e189c22e3d344d165e0eab05ccb667eef088a9 Signed-off-by: Radu Nicolau --- src/vnet/ipsec/ipsec_api.c | 2 +- src/vnet/ipsec/ipsec_cli.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'src/vnet/ipsec') diff --git a/src/vnet/ipsec/ipsec_api.c b/src/vnet/ipsec/ipsec_api.c index 6fb4f556c50..74f993af85a 100644 --- a/src/vnet/ipsec/ipsec_api.c +++ b/src/vnet/ipsec/ipsec_api.c @@ -194,7 +194,7 @@ static void vl_api_ipsec_sad_add_del_entry_t_handler sa.spi = ntohl (mp->spi); sa.protocol = mp->protocol; /* check for unsupported crypto-alg */ - if (mp->crypto_algorithm < IPSEC_CRYPTO_ALG_AES_CBC_128 || + if (mp->crypto_algorithm < IPSEC_CRYPTO_ALG_NONE || mp->crypto_algorithm >= IPSEC_CRYPTO_N_ALG) { clib_warning ("unsupported crypto-alg: '%U'", format_ipsec_crypto_alg, diff --git a/src/vnet/ipsec/ipsec_cli.c b/src/vnet/ipsec/ipsec_cli.c index 09134e3901b..ef57d52ef67 100644 --- a/src/vnet/ipsec/ipsec_cli.c +++ b/src/vnet/ipsec/ipsec_cli.c @@ -106,7 +106,7 @@ ipsec_sa_add_del_command_fn (vlib_main_t * vm, (line_input, "crypto-alg %U", unformat_ipsec_crypto_alg, &sa.crypto_alg)) { - if (sa.crypto_alg < IPSEC_CRYPTO_ALG_AES_CBC_128 || + if (sa.crypto_alg < IPSEC_CRYPTO_ALG_NONE || sa.crypto_alg >= IPSEC_CRYPTO_N_ALG) { error = clib_error_return (0, "unsupported crypto-alg: '%U'", @@ -121,7 +121,7 @@ ipsec_sa_add_del_command_fn (vlib_main_t * vm, else if (unformat (line_input, "integ-alg %U", unformat_ipsec_integ_alg, &sa.integ_alg)) { - if (sa.integ_alg < IPSEC_INTEG_ALG_SHA1_96 || + if (sa.integ_alg < IPSEC_INTEG_ALG_NONE || sa.integ_alg >= IPSEC_INTEG_N_ALG) { error = clib_error_return (0, "unsupported integ-alg: '%U'", -- cgit 1.2.3-korg