From ab412cdc07e19a872037e4034caa522398c4be07 Mon Sep 17 00:00:00 2001
From: Benoît Ganne <bganne@cisco.com>
Date: Tue, 3 Jan 2023 18:35:04 +0100
Subject: ipsec: fix async crypto linked keys memory leak
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Type: fix

Change-Id: I7bd2696541c8b3824837e187de096fdde19b2c44
Signed-off-by: Benoît Ganne <bganne@cisco.com>
---
 src/vnet/ipsec/ipsec_sa.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'src/vnet/ipsec')

diff --git a/src/vnet/ipsec/ipsec_sa.c b/src/vnet/ipsec/ipsec_sa.c
index 295323b8f7e..12f8eceb343 100644
--- a/src/vnet/ipsec/ipsec_sa.c
+++ b/src/vnet/ipsec/ipsec_sa.c
@@ -484,7 +484,12 @@ ipsec_sa_del (ipsec_sa_t * sa)
   (void) ipsec_call_add_del_callbacks (im, sa, sa_index, 0);
 
   if (ipsec_sa_is_set_IS_ASYNC (sa))
-    vnet_crypto_request_async_mode (0);
+    {
+      vnet_crypto_request_async_mode (0);
+      if (!ipsec_sa_is_set_IS_AEAD (sa))
+	vnet_crypto_key_del (vm, sa->async_op_data.linked_key_index);
+    }
+
   if (ipsec_sa_is_set_UDP_ENCAP (sa) && ipsec_sa_is_set_IS_INBOUND (sa))
     ipsec_unregister_udp_port (clib_net_to_host_u16 (sa->udp_hdr.dst_port),
 			       !ipsec_sa_is_set_IS_TUNNEL_V6 (sa));
-- 
cgit 1.2.3-korg