summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBenoît Ganne <bganne@cisco.com>2023-01-03 18:35:04 +0100
committerNeale Ranns <neale@graphiant.com>2023-02-06 03:35:48 +0000
commitab412cdc07e19a872037e4034caa522398c4be07 (patch)
treeca3567b62b86fa890b0b89135c6ad51987898c94
parentaf2e88d964ff8bd8eca30c182ab00e178213c1d4 (diff)
ipsec: fix async crypto linked keys memory leak
Type: fix Change-Id: I7bd2696541c8b3824837e187de096fdde19b2c44 Signed-off-by: Benoît Ganne <bganne@cisco.com>
-rw-r--r--src/vnet/ipsec/ipsec_sa.c7
1 files changed, 6 insertions, 1 deletions
diff --git a/src/vnet/ipsec/ipsec_sa.c b/src/vnet/ipsec/ipsec_sa.c
index 295323b8f7e..12f8eceb343 100644
--- a/src/vnet/ipsec/ipsec_sa.c
+++ b/src/vnet/ipsec/ipsec_sa.c
@@ -484,7 +484,12 @@ ipsec_sa_del (ipsec_sa_t * sa)
(void) ipsec_call_add_del_callbacks (im, sa, sa_index, 0);
if (ipsec_sa_is_set_IS_ASYNC (sa))
- vnet_crypto_request_async_mode (0);
+ {
+ vnet_crypto_request_async_mode (0);
+ if (!ipsec_sa_is_set_IS_AEAD (sa))
+ vnet_crypto_key_del (vm, sa->async_op_data.linked_key_index);
+ }
+
if (ipsec_sa_is_set_UDP_ENCAP (sa) && ipsec_sa_is_set_IS_INBOUND (sa))
ipsec_unregister_udp_port (clib_net_to_host_u16 (sa->udp_hdr.dst_port),
!ipsec_sa_is_set_IS_TUNNEL_V6 (sa));