X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=src%2Fvnet%2Fipsec%2Fesp_encrypt.c;h=da9c56a7e03eed1c4c4cfad727b18313765eb881;hb=5b8911020ee5512d76c8daccaa199878ed7cbc01;hp=68aeb60885c4e21cecaa57530687219189af19a7;hpb=3871bd3a07dfc775c29ea333d10c05ced2fea80e;p=vpp.git

diff --git a/src/vnet/ipsec/esp_encrypt.c b/src/vnet/ipsec/esp_encrypt.c
index 68aeb60885c..da9c56a7e03 100644
--- a/src/vnet/ipsec/esp_encrypt.c
+++ b/src/vnet/ipsec/esp_encrypt.c
@@ -379,7 +379,7 @@ esp_encrypt_chain_integ (vlib_main_t * vm, ipsec_per_thread_data_t * ptd,
 always_inline void
 esp_prepare_sync_op (vlib_main_t *vm, ipsec_per_thread_data_t *ptd,
 		     vnet_crypto_op_t **crypto_ops,
-		     vnet_crypto_op_t **integ_ops, ipsec_sa_t *sa0,
+		     vnet_crypto_op_t **integ_ops, ipsec_sa_t *sa0, u32 seq_hi,
 		     u8 *payload, u16 payload_len, u8 iv_sz, u8 icv_sz, u32 bi,
 		     vlib_buffer_t **b, vlib_buffer_t *lb, u32 hdr_len,
 		     esp_header_t *esp)
@@ -408,7 +408,7 @@ esp_prepare_sync_op (vlib_main_t *vm, ipsec_per_thread_data_t *ptd,
 	    {
 	      /* constuct aad in a scratch space in front of the nonce */
 	      op->aad = (u8 *) nonce - sizeof (esp_aead_t);
-	      op->aad_len = esp_aad_fill (op->aad, esp, sa0);
+	      op->aad_len = esp_aad_fill (op->aad, esp, sa0, seq_hi);
 	      op->tag = payload + op->len;
 	      op->tag_len = 16;
 	    }
@@ -465,8 +465,8 @@ esp_prepare_sync_op (vlib_main_t *vm, ipsec_per_thread_data_t *ptd,
 	}
       else if (ipsec_sa_is_set_USE_ESN (sa0))
 	{
-	  u32 seq_hi = clib_net_to_host_u32 (sa0->seq_hi);
-	  clib_memcpy_fast (op->digest, &seq_hi, sizeof (seq_hi));
+	  u32 tmp = clib_net_to_host_u32 (seq_hi);
+	  clib_memcpy_fast (op->digest, &tmp, sizeof (seq_hi));
 	  op->len += sizeof (seq_hi);
 	}
     }
@@ -508,7 +508,7 @@ esp_prepare_async_frame (vlib_main_t *vm, ipsec_per_thread_data_t *ptd,
 	{
 	  /* constuct aad in a scratch space in front of the nonce */
 	  aad = (u8 *) nonce - sizeof (esp_aead_t);
-	  esp_aad_fill (aad, esp, sa);
+	  esp_aad_fill (aad, esp, sa, sa->seq_hi);
 	  key_index = sa->crypto_key_index;
 	}
       else
@@ -956,9 +956,9 @@ esp_encrypt_inline (vlib_main_t *vm, vlib_node_runtime_t *node,
 				   async_next_node, lb);
 	}
       else
-	esp_prepare_sync_op (vm, ptd, crypto_ops, integ_ops, sa0, payload,
-			     payload_len, iv_sz, icv_sz, n_sync, b, lb,
-			     hdr_len, esp);
+	esp_prepare_sync_op (vm, ptd, crypto_ops, integ_ops, sa0, sa0->seq_hi,
+			     payload, payload_len, iv_sz, icv_sz, n_sync, b,
+			     lb, hdr_len, esp);
 
       vlib_buffer_advance (b[0], 0LL - hdr_len);