ipsec: fix async crypto linked keys memory leak

[vpp.git] / src / vnet / ipsec / ipsec_sa.c

diff --git a/src/vnet/ipsec/ipsec_sa.c b/src/vnet/ipsec/ipsec_sa.c
index 295323b..12f8ece 100644 (file)
--- a/src/vnet/ipsec/ipsec_sa.c
+++ b/src/vnet/ipsec/ipsec_sa.c
@@ -484,7 +484,12 @@ ipsec_sa_del (ipsec_sa_t * sa)
   (void) ipsec_call_add_del_callbacks (im, sa, sa_index, 0);
 
   if (ipsec_sa_is_set_IS_ASYNC (sa))
-    vnet_crypto_request_async_mode (0);
+    {
+      vnet_crypto_request_async_mode (0);
+      if (!ipsec_sa_is_set_IS_AEAD (sa))
+       vnet_crypto_key_del (vm, sa->async_op_data.linked_key_index);
+    }
+
   if (ipsec_sa_is_set_UDP_ENCAP (sa) && ipsec_sa_is_set_IS_INBOUND (sa))
     ipsec_unregister_udp_port (clib_net_to_host_u16 (sa->udp_hdr.dst_port),
                               !ipsec_sa_is_set_IS_TUNNEL_V6 (sa));