summaryrefslogtreecommitdiffstats
path: root/src/plugins
diff options
context:
space:
mode:
Diffstat (limited to 'src/plugins')
-rw-r--r--src/plugins/crypto_openssl/main.c2
-rw-r--r--src/plugins/dpdk/ipsec/esp_decrypt.c6
2 files changed, 5 insertions, 3 deletions
diff --git a/src/plugins/crypto_openssl/main.c b/src/plugins/crypto_openssl/main.c
index fd749d04926..7362d6bd16e 100644
--- a/src/plugins/crypto_openssl/main.c
+++ b/src/plugins/crypto_openssl/main.c
@@ -169,7 +169,7 @@ openssl_ops_dec_gcm (vlib_main_t * vm, vnet_crypto_op_t * ops[], u32 n_ops,
else
{
n_fail++;
- op->status = VNET_CRYPTO_OP_STATUS_FAIL_DECRYPT;
+ op->status = VNET_CRYPTO_OP_STATUS_FAIL_BAD_HMAC;
}
}
return n_ops - n_fail;
diff --git a/src/plugins/dpdk/ipsec/esp_decrypt.c b/src/plugins/dpdk/ipsec/esp_decrypt.c
index 4982db7ee6d..a82f63e6e5b 100644
--- a/src/plugins/dpdk/ipsec/esp_decrypt.c
+++ b/src/plugins/dpdk/ipsec/esp_decrypt.c
@@ -235,7 +235,8 @@ dpdk_esp_decrypt_inline (vlib_main_t * vm,
}
/* anti-replay check */
- if (ipsec_sa_anti_replay_check (sa0, &esp0->seq))
+ if (ipsec_sa_anti_replay_check
+ (sa0, clib_host_to_net_u32 (esp0->seq)))
{
clib_warning ("failed anti-replay check");
if (is_ip6)
@@ -549,7 +550,8 @@ dpdk_esp_decrypt_post_inline (vlib_main_t * vm,
iv_size = cipher_alg->iv_len;
- ipsec_sa_anti_replay_advance (sa0, esp0->seq);
+ ipsec_sa_anti_replay_advance (sa0,
+ clib_host_to_net_u32 (esp0->seq));
/* if UDP encapsulation is used adjust the address of the IP header */
if (ipsec_sa_is_set_UDP_ENCAP (sa0)