From af73eda08059f0168738d63c29ab09e0b8cf211c Mon Sep 17 00:00:00 2001 From: Damjan Marion Date: Wed, 20 Mar 2019 16:30:54 +0100 Subject: ipsec: fix esn handling Change-Id: I27f24095309082363ba0d0ba4bd69e2c0741dc1c Signed-off-by: Damjan Marion --- src/vnet/ipsec/esp.h | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) (limited to 'src/vnet') diff --git a/src/vnet/ipsec/esp.h b/src/vnet/ipsec/esp.h index 8e61d9d751d..b0364b59d29 100644 --- a/src/vnet/ipsec/esp.h +++ b/src/vnet/ipsec/esp.h @@ -220,17 +220,13 @@ hmac_calc (vlib_main_t * vm, ipsec_sa_t * sa, u8 * data, int data_len, op->len = data_len; op->dst = signature; op->hmac_trunc_len = sa->integ_trunc_size; -#if 0 - HMAC_Init_ex (ctx, key, key_len, md, NULL); - - HMAC_Update (ctx, data, data_len); - - if (PREDICT_TRUE (use_esn)) - HMAC_Update (ctx, (u8 *) & seq_hi, sizeof (seq_hi)); - HMAC_Final (ctx, signature, &len); + if (sa->use_esn) + { + op->len += 4; + clib_memcpy (data + data_len, &sa->seq_hi, 4); + } -#endif vnet_crypto_process_ops (vm, op, 1); return sa->integ_trunc_size; } -- cgit 1.2.3-korg