diff options
author | Alexander Chernavin <achernavin@netgate.com> | 2020-12-28 04:29:13 -0500 |
---|---|---|
committer | Neale Ranns <neale@graphiant.com> | 2021-02-09 19:47:05 +0000 |
commit | 74b2a9b2c6a3d25cd02b1757816ce1a598a03a03 (patch) | |
tree | 7dd4cc9940fc1345300f0621b4c43980800ff25d /src/plugins/crypto_native | |
parent | 447d55b86c3cff97c57c6b6c44cedb53667da397 (diff) |
crypto: fix bad-hmac in sw scheduler if async mode
When IPsec async mode is enabled, packets don't pass through the tunnel
if ciphers other than AES GCM are used for child SAs. An error that
arises is "bad-hmac" in the "crypto-dispatch" node.
On the encryption stage, the VNET_CRYPTO_OP_FLAG_HMAC_CHECK flag is set
for the integrity crypto operation when it's not supposed to. It seems
that the flag remains from the previous operation.
With this change, zero flags of crypto operations in the SW scheduler
during operation filling.
Type: fix
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: Iabac253474e95cb01f9ec0933f3c4860f8a5289c
Diffstat (limited to 'src/plugins/crypto_native')
0 files changed, 0 insertions, 0 deletions