crypto-openssl-gcm: account for failed decrypts

Change-Id: I749c5a9d58128fd6d0fb8284e56b8f89cf91c609
Signed-off-by: Neale Ranns <nranns@cisco.com>
(cherry picked from commit 1b1d1e9e84b007721a0c2ae2092df7cea662e09d)

diff --git a/src/plugins/crypto_openssl/main.c b/src/plugins/crypto_openssl/main.c
index 9a78cb4..71dff03 100644 (file)
--- a/src/plugins/crypto_openssl/main.c
+++ b/src/plugins/crypto_openssl/main.c
@@ -136,7 +136,7 @@ openssl_ops_dec_gcm (vlib_main_t * vm, vnet_crypto_op_t * ops[], u32 n_ops,
   openssl_per_thread_data_t *ptd = vec_elt_at_index (per_thread_data,
                                                     vm->thread_index);
   EVP_CIPHER_CTX *ctx = ptd->evp_cipher_ctx;
-  u32 i;
+  u32 i, n_fail = 0;
   for (i = 0; i < n_ops; i++)
     {
       vnet_crypto_op_t *op = ops[i];
@@ -152,9 +152,12 @@ openssl_ops_dec_gcm (vlib_main_t * vm, vnet_crypto_op_t * ops[], u32 n_ops,
       if (EVP_DecryptFinal_ex (ctx, op->dst + len, &len) > 0)
        op->status = VNET_CRYPTO_OP_STATUS_COMPLETED;
       else
-       op->status = VNET_CRYPTO_OP_STATUS_FAIL_DECRYPT;
+       {
+         n_fail++;
+         op->status = VNET_CRYPTO_OP_STATUS_FAIL_DECRYPT;
+       }
     }
-  return n_ops;
+  return n_ops - n_fail;
 }
 
 static_always_inline u32