aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorAlexander Chernavin <achernavin@netgate.com>2020-12-28 04:29:13 -0500
committerNeale Ranns <neale@graphiant.com>2021-02-09 19:47:05 +0000
commit74b2a9b2c6a3d25cd02b1757816ce1a598a03a03 (patch)
tree7dd4cc9940fc1345300f0621b4c43980800ff25d /src
parent447d55b86c3cff97c57c6b6c44cedb53667da397 (diff)
crypto: fix bad-hmac in sw scheduler if async mode
When IPsec async mode is enabled, packets don't pass through the tunnel if ciphers other than AES GCM are used for child SAs. An error that arises is "bad-hmac" in the "crypto-dispatch" node. On the encryption stage, the VNET_CRYPTO_OP_FLAG_HMAC_CHECK flag is set for the integrity crypto operation when it's not supposed to. It seems that the flag remains from the previous operation. With this change, zero flags of crypto operations in the SW scheduler during operation filling. Type: fix Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: Iabac253474e95cb01f9ec0933f3c4860f8a5289c
Diffstat (limited to 'src')
-rw-r--r--src/plugins/crypto_sw_scheduler/main.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/src/plugins/crypto_sw_scheduler/main.c b/src/plugins/crypto_sw_scheduler/main.c
index 2e4ad428ea0..980fa14e5f1 100644
--- a/src/plugins/crypto_sw_scheduler/main.c
+++ b/src/plugins/crypto_sw_scheduler/main.c
@@ -255,6 +255,7 @@ crypto_sw_scheduler_convert_link_crypto (vlib_main_t * vm,
integ_op->digest = fe->digest;
integ_op->digest_len = digest_len;
integ_op->key_index = key->index_integ;
+ crypto_op->flags = integ_op->flags = 0;
if (is_enc)
crypto_op->flags |= VNET_CRYPTO_OP_FLAG_INIT_IV;
else