summaryrefslogtreecommitdiffstats
path: root/src/vnet/ipsec
diff options
context:
space:
mode:
authorFilip Tehlar <ftehlar@cisco.com>2019-10-18 17:51:06 +0000
committerDamjan Marion <dmarion@me.com>2019-10-22 14:05:04 +0000
commitc41217ab85f8bdd68db717e95eecb5edc58d620b (patch)
tree820ecc3788bd209fda6417b291cca4c988b84a67 /src/vnet/ipsec
parentc9b2cfca9a9259477fdebb9b3321b3d8a329dd94 (diff)
ikev2: fix GCM cipher
Type: fix Change-Id: I382499061ff4b1c2cc1b70ebbf9725ff0e1be325 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Diffstat (limited to 'src/vnet/ipsec')
-rw-r--r--src/vnet/ipsec/ipsec_sa.c26
1 files changed, 17 insertions, 9 deletions
diff --git a/src/vnet/ipsec/ipsec_sa.c b/src/vnet/ipsec/ipsec_sa.c
index 11d6b10c4a4..f22458da562 100644
--- a/src/vnet/ipsec/ipsec_sa.c
+++ b/src/vnet/ipsec/ipsec_sa.c
@@ -163,8 +163,11 @@ ipsec_sa_add_and_lock (u32 id,
sa->protocol = proto;
sa->flags = flags;
sa->salt = salt;
- ipsec_sa_set_integ_alg (sa, integ_alg);
- clib_memcpy (&sa->integ_key, ik, sizeof (sa->integ_key));
+ if (integ_alg != IPSEC_INTEG_ALG_NONE)
+ {
+ ipsec_sa_set_integ_alg (sa, integ_alg);
+ clib_memcpy (&sa->integ_key, ik, sizeof (sa->integ_key));
+ }
ipsec_sa_set_crypto_alg (sa, crypto_alg);
clib_memcpy (&sa->crypto_key, ck, sizeof (sa->crypto_key));
ip46_address_copy (&sa->tunnel_src_addr, tun_src);
@@ -179,13 +182,17 @@ ipsec_sa_add_and_lock (u32 id,
return VNET_API_ERROR_KEY_LENGTH;
}
- sa->integ_key_index = vnet_crypto_key_add (vm,
- im->integ_algs[integ_alg].alg,
- (u8 *) ik->data, ik->len);
- if (~0 == sa->integ_key_index)
+ if (integ_alg != IPSEC_INTEG_ALG_NONE)
{
- pool_put (im->sad, sa);
- return VNET_API_ERROR_KEY_LENGTH;
+ sa->integ_key_index = vnet_crypto_key_add (vm,
+ im->
+ integ_algs[integ_alg].alg,
+ (u8 *) ik->data, ik->len);
+ if (~0 == sa->integ_key_index)
+ {
+ pool_put (im->sad, sa);
+ return VNET_API_ERROR_KEY_LENGTH;
+ }
}
err = ipsec_check_support_cb (im, sa);
@@ -291,7 +298,8 @@ ipsec_sa_del (ipsec_sa_t * sa)
dpo_reset (&sa->dpo);
}
vnet_crypto_key_del (vm, sa->crypto_key_index);
- vnet_crypto_key_del (vm, sa->integ_key_index);
+ if (sa->integ_alg != IPSEC_INTEG_ALG_NONE)
+ vnet_crypto_key_del (vm, sa->integ_key_index);
pool_put (im->sad, sa);
}