{
u32 n_left_from, *from, next_index, *to_next, thread_index;
ipsec_main_t *im = &ipsec_main;
- ipsec_proto_main_t *em = &ipsec_proto_main;
from = vlib_frame_vector_args (from_frame);
n_left_from = from_frame->n_vectors;
- int icv_size = 0;
+ int icv_size;
next_index = node->cached_next_index;
thread_index = vm->thread_index;
(&ipsec_sa_counters, thread_index, sa_index0,
1, i_b0->current_length);
- icv_size =
- em->ipsec_proto_main_integ_algs[sa0->integ_alg].trunc_size;
+ icv_size = sa0->integ_trunc_size;
if (PREDICT_TRUE (sa0->integ_alg != IPSEC_INTEG_ALG_NONE))
{
u8 sig[64];
- u8 digest[64];
- clib_memset (sig, 0, sizeof (sig));
- clib_memset (digest, 0, sizeof (digest));
+ u8 digest[icv_size];
u8 *icv = ah0->auth_data;
memcpy (digest, icv, icv_size);
clib_memset (icv, 0, icv_size);
icv_padding_len =
ah_calc_icv_padding_len (icv_size, 0 /* is_ipv6 */ );
}
- hmac_calc (sa0->integ_alg, sa0->integ_key.data,
- sa0->integ_key.len, (u8 *) ih4, i_b0->current_length,
- sig, sa0->use_esn, sa0->seq_hi);
+ hmac_calc (vm, sa0, (u8 *) ih4, i_b0->current_length, sig);
if (PREDICT_FALSE (memcmp (digest, sig, icv_size)))
{