diff options
Diffstat (limited to 'src/plugins')
-rw-r--r-- | src/plugins/crypto_openssl/main.c | 2 | ||||
-rw-r--r-- | src/plugins/dpdk/ipsec/esp_decrypt.c | 6 |
2 files changed, 5 insertions, 3 deletions
diff --git a/src/plugins/crypto_openssl/main.c b/src/plugins/crypto_openssl/main.c index fd749d04926..7362d6bd16e 100644 --- a/src/plugins/crypto_openssl/main.c +++ b/src/plugins/crypto_openssl/main.c @@ -169,7 +169,7 @@ openssl_ops_dec_gcm (vlib_main_t * vm, vnet_crypto_op_t * ops[], u32 n_ops, else { n_fail++; - op->status = VNET_CRYPTO_OP_STATUS_FAIL_DECRYPT; + op->status = VNET_CRYPTO_OP_STATUS_FAIL_BAD_HMAC; } } return n_ops - n_fail; diff --git a/src/plugins/dpdk/ipsec/esp_decrypt.c b/src/plugins/dpdk/ipsec/esp_decrypt.c index 4982db7ee6d..a82f63e6e5b 100644 --- a/src/plugins/dpdk/ipsec/esp_decrypt.c +++ b/src/plugins/dpdk/ipsec/esp_decrypt.c @@ -235,7 +235,8 @@ dpdk_esp_decrypt_inline (vlib_main_t * vm, } /* anti-replay check */ - if (ipsec_sa_anti_replay_check (sa0, &esp0->seq)) + if (ipsec_sa_anti_replay_check + (sa0, clib_host_to_net_u32 (esp0->seq))) { clib_warning ("failed anti-replay check"); if (is_ip6) @@ -549,7 +550,8 @@ dpdk_esp_decrypt_post_inline (vlib_main_t * vm, iv_size = cipher_alg->iv_len; - ipsec_sa_anti_replay_advance (sa0, esp0->seq); + ipsec_sa_anti_replay_advance (sa0, + clib_host_to_net_u32 (esp0->seq)); /* if UDP encapsulation is used adjust the address of the IP header */ if (ipsec_sa_is_set_UDP_ENCAP (sa0) |