From: Alexander Chernavin Date: Mon, 28 Dec 2020 09:29:13 +0000 (-0500) Subject: crypto: fix bad-hmac in sw scheduler if async mode X-Git-Tag: v21.10-rc0~565 X-Git-Url: https://gerrit.fd.io/r/gitweb?a=commitdiff_plain;h=74b2a9b2c6a3d25cd02b1757816ce1a598a03a03;p=vpp.git crypto: fix bad-hmac in sw scheduler if async mode When IPsec async mode is enabled, packets don't pass through the tunnel if ciphers other than AES GCM are used for child SAs. An error that arises is "bad-hmac" in the "crypto-dispatch" node. On the encryption stage, the VNET_CRYPTO_OP_FLAG_HMAC_CHECK flag is set for the integrity crypto operation when it's not supposed to. It seems that the flag remains from the previous operation. With this change, zero flags of crypto operations in the SW scheduler during operation filling. Type: fix Signed-off-by: Alexander Chernavin Change-Id: Iabac253474e95cb01f9ec0933f3c4860f8a5289c --- diff --git a/src/plugins/crypto_sw_scheduler/main.c b/src/plugins/crypto_sw_scheduler/main.c index 2e4ad428ea0..980fa14e5f1 100644 --- a/src/plugins/crypto_sw_scheduler/main.c +++ b/src/plugins/crypto_sw_scheduler/main.c @@ -255,6 +255,7 @@ crypto_sw_scheduler_convert_link_crypto (vlib_main_t * vm, integ_op->digest = fe->digest; integ_op->digest_len = digest_len; integ_op->key_index = key->index_integ; + crypto_op->flags = integ_op->flags = 0; if (is_enc) crypto_op->flags |= VNET_CRYPTO_OP_FLAG_INIT_IV; else