sa.spi = ntohl (mp->spi);
sa.protocol = mp->protocol;
/* check for unsupported crypto-alg */
- if (mp->crypto_algorithm < IPSEC_CRYPTO_ALG_NONE ||
- mp->crypto_algorithm >= IPSEC_CRYPTO_N_ALG)
+ if (mp->crypto_algorithm >= IPSEC_CRYPTO_N_ALG)
{
clib_warning ("unsupported crypto-alg: '%U'", format_ipsec_crypto_alg,
mp->crypto_algorithm);
case IPSEC_IF_SET_KEY_TYPE_LOCAL_CRYPTO:
case IPSEC_IF_SET_KEY_TYPE_REMOTE_CRYPTO:
if (mp->alg < IPSEC_CRYPTO_ALG_AES_CBC_128 ||
- mp->alg > IPSEC_CRYPTO_N_ALG)
+ mp->alg >= IPSEC_CRYPTO_N_ALG)
{
rv = VNET_API_ERROR_UNIMPLEMENTED;
goto out;
break;
case IPSEC_IF_SET_KEY_TYPE_LOCAL_INTEG:
case IPSEC_IF_SET_KEY_TYPE_REMOTE_INTEG:
- if (mp->alg > IPSEC_INTEG_N_ALG)
+ if (mp->alg >= IPSEC_INTEG_N_ALG)
{
rv = VNET_API_ERROR_UNIMPLEMENTED;
goto out;