diff options
author | Filip Tehlar <ftehlar@cisco.com> | 2019-10-18 17:51:06 +0000 |
---|---|---|
committer | Damjan Marion <dmarion@me.com> | 2019-10-22 14:05:04 +0000 |
commit | c41217ab85f8bdd68db717e95eecb5edc58d620b (patch) | |
tree | 820ecc3788bd209fda6417b291cca4c988b84a67 /src/vnet/ipsec | |
parent | c9b2cfca9a9259477fdebb9b3321b3d8a329dd94 (diff) |
ikev2: fix GCM cipher
Type: fix
Change-Id: I382499061ff4b1c2cc1b70ebbf9725ff0e1be325
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Diffstat (limited to 'src/vnet/ipsec')
-rw-r--r-- | src/vnet/ipsec/ipsec_sa.c | 26 |
1 files changed, 17 insertions, 9 deletions
diff --git a/src/vnet/ipsec/ipsec_sa.c b/src/vnet/ipsec/ipsec_sa.c index 11d6b10c4a4..f22458da562 100644 --- a/src/vnet/ipsec/ipsec_sa.c +++ b/src/vnet/ipsec/ipsec_sa.c @@ -163,8 +163,11 @@ ipsec_sa_add_and_lock (u32 id, sa->protocol = proto; sa->flags = flags; sa->salt = salt; - ipsec_sa_set_integ_alg (sa, integ_alg); - clib_memcpy (&sa->integ_key, ik, sizeof (sa->integ_key)); + if (integ_alg != IPSEC_INTEG_ALG_NONE) + { + ipsec_sa_set_integ_alg (sa, integ_alg); + clib_memcpy (&sa->integ_key, ik, sizeof (sa->integ_key)); + } ipsec_sa_set_crypto_alg (sa, crypto_alg); clib_memcpy (&sa->crypto_key, ck, sizeof (sa->crypto_key)); ip46_address_copy (&sa->tunnel_src_addr, tun_src); @@ -179,13 +182,17 @@ ipsec_sa_add_and_lock (u32 id, return VNET_API_ERROR_KEY_LENGTH; } - sa->integ_key_index = vnet_crypto_key_add (vm, - im->integ_algs[integ_alg].alg, - (u8 *) ik->data, ik->len); - if (~0 == sa->integ_key_index) + if (integ_alg != IPSEC_INTEG_ALG_NONE) { - pool_put (im->sad, sa); - return VNET_API_ERROR_KEY_LENGTH; + sa->integ_key_index = vnet_crypto_key_add (vm, + im-> + integ_algs[integ_alg].alg, + (u8 *) ik->data, ik->len); + if (~0 == sa->integ_key_index) + { + pool_put (im->sad, sa); + return VNET_API_ERROR_KEY_LENGTH; + } } err = ipsec_check_support_cb (im, sa); @@ -291,7 +298,8 @@ ipsec_sa_del (ipsec_sa_t * sa) dpo_reset (&sa->dpo); } vnet_crypto_key_del (vm, sa->crypto_key_index); - vnet_crypto_key_del (vm, sa->integ_key_index); + if (sa->integ_alg != IPSEC_INTEG_ALG_NONE) + vnet_crypto_key_del (vm, sa->integ_key_index); pool_put (im->sad, sa); } |