From 89c27818b3bba409ed8e4ccacc9be37384b46705 Mon Sep 17 00:00:00 2001 From: Radu Nicolau Date: Fri, 4 May 2018 12:51:53 +0100 Subject: [PATCH] ipsec: allow null/null for crypto/integ algorithms pair Change-Id: Ic1e189c22e3d344d165e0eab05ccb667eef088a9 Signed-off-by: Radu Nicolau --- src/plugins/dpdk/ipsec/ipsec.c | 1 + src/vat/api_format.c | 8 ++++---- src/vnet/ipsec/ipsec_api.c | 2 +- src/vnet/ipsec/ipsec_cli.c | 4 ++-- 4 files changed, 8 insertions(+), 7 deletions(-) diff --git a/src/plugins/dpdk/ipsec/ipsec.c b/src/plugins/dpdk/ipsec/ipsec.c index 3574f3eced0..5933cf9573e 100644 --- a/src/plugins/dpdk/ipsec/ipsec.c +++ b/src/plugins/dpdk/ipsec/ipsec.c @@ -555,6 +555,7 @@ dpdk_ipsec_check_support (ipsec_sa_t * sa) if (sa->integ_alg == IPSEC_INTEG_ALG_NONE) switch (sa->crypto_alg) { + case IPSEC_CRYPTO_ALG_NONE: case IPSEC_CRYPTO_ALG_AES_GCM_128: case IPSEC_CRYPTO_ALG_AES_GCM_192: case IPSEC_CRYPTO_ALG_AES_GCM_256: diff --git a/src/vat/api_format.c b/src/vat/api_format.c index 7e17c9adc6d..924986e03e8 100644 --- a/src/vat/api_format.c +++ b/src/vat/api_format.c @@ -15168,7 +15168,7 @@ api_ipsec_sad_add_del_entry (vat_main_t * vam) if (unformat (i, "crypto_alg %U", unformat_ipsec_crypto_alg, &crypto_alg)) { - if (crypto_alg < IPSEC_CRYPTO_ALG_AES_CBC_128 || + if (crypto_alg < IPSEC_CRYPTO_ALG_NONE || crypto_alg >= IPSEC_CRYPTO_N_ALG) { clib_warning ("unsupported crypto-alg: '%U'", @@ -15182,7 +15182,7 @@ api_ipsec_sad_add_del_entry (vat_main_t * vam) if (unformat (i, "integ_alg %U", unformat_ipsec_integ_alg, &integ_alg)) { - if (integ_alg < IPSEC_INTEG_ALG_SHA1_96 || + if (integ_alg < IPSEC_INTEG_ALG_NONE || integ_alg >= IPSEC_INTEG_N_ALG) { clib_warning ("unsupported integ-alg: '%U'", @@ -15340,7 +15340,7 @@ api_ipsec_tunnel_if_add_del (vat_main_t * vam) if (unformat (i, "crypto_alg %U", unformat_ipsec_crypto_alg, &crypto_alg)) { - if (crypto_alg < IPSEC_CRYPTO_ALG_AES_CBC_128 || + if (crypto_alg < IPSEC_CRYPTO_ALG_NONE || crypto_alg >= IPSEC_CRYPTO_N_ALG) { errmsg ("unsupported crypto-alg: '%U'\n", @@ -15352,7 +15352,7 @@ api_ipsec_tunnel_if_add_del (vat_main_t * vam) if (unformat (i, "integ_alg %U", unformat_ipsec_integ_alg, &integ_alg)) { - if (integ_alg < IPSEC_INTEG_ALG_SHA1_96 || + if (integ_alg < IPSEC_INTEG_ALG_NONE || integ_alg >= IPSEC_INTEG_N_ALG) { errmsg ("unsupported integ-alg: '%U'\n", diff --git a/src/vnet/ipsec/ipsec_api.c b/src/vnet/ipsec/ipsec_api.c index 6fb4f556c50..74f993af85a 100644 --- a/src/vnet/ipsec/ipsec_api.c +++ b/src/vnet/ipsec/ipsec_api.c @@ -194,7 +194,7 @@ static void vl_api_ipsec_sad_add_del_entry_t_handler sa.spi = ntohl (mp->spi); sa.protocol = mp->protocol; /* check for unsupported crypto-alg */ - if (mp->crypto_algorithm < IPSEC_CRYPTO_ALG_AES_CBC_128 || + if (mp->crypto_algorithm < IPSEC_CRYPTO_ALG_NONE || mp->crypto_algorithm >= IPSEC_CRYPTO_N_ALG) { clib_warning ("unsupported crypto-alg: '%U'", format_ipsec_crypto_alg, diff --git a/src/vnet/ipsec/ipsec_cli.c b/src/vnet/ipsec/ipsec_cli.c index 09134e3901b..ef57d52ef67 100644 --- a/src/vnet/ipsec/ipsec_cli.c +++ b/src/vnet/ipsec/ipsec_cli.c @@ -106,7 +106,7 @@ ipsec_sa_add_del_command_fn (vlib_main_t * vm, (line_input, "crypto-alg %U", unformat_ipsec_crypto_alg, &sa.crypto_alg)) { - if (sa.crypto_alg < IPSEC_CRYPTO_ALG_AES_CBC_128 || + if (sa.crypto_alg < IPSEC_CRYPTO_ALG_NONE || sa.crypto_alg >= IPSEC_CRYPTO_N_ALG) { error = clib_error_return (0, "unsupported crypto-alg: '%U'", @@ -121,7 +121,7 @@ ipsec_sa_add_del_command_fn (vlib_main_t * vm, else if (unformat (line_input, "integ-alg %U", unformat_ipsec_integ_alg, &sa.integ_alg)) { - if (sa.integ_alg < IPSEC_INTEG_ALG_SHA1_96 || + if (sa.integ_alg < IPSEC_INTEG_ALG_NONE || sa.integ_alg >= IPSEC_INTEG_N_ALG) { error = clib_error_return (0, "unsupported integ-alg: '%U'", -- 2.16.6