From 74b2a9b2c6a3d25cd02b1757816ce1a598a03a03 Mon Sep 17 00:00:00 2001 From: Alexander Chernavin Date: Mon, 28 Dec 2020 04:29:13 -0500 Subject: [PATCH] crypto: fix bad-hmac in sw scheduler if async mode When IPsec async mode is enabled, packets don't pass through the tunnel if ciphers other than AES GCM are used for child SAs. An error that arises is "bad-hmac" in the "crypto-dispatch" node. On the encryption stage, the VNET_CRYPTO_OP_FLAG_HMAC_CHECK flag is set for the integrity crypto operation when it's not supposed to. It seems that the flag remains from the previous operation. With this change, zero flags of crypto operations in the SW scheduler during operation filling. Type: fix Signed-off-by: Alexander Chernavin Change-Id: Iabac253474e95cb01f9ec0933f3c4860f8a5289c --- src/plugins/crypto_sw_scheduler/main.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/plugins/crypto_sw_scheduler/main.c b/src/plugins/crypto_sw_scheduler/main.c index 2e4ad428ea0..980fa14e5f1 100644 --- a/src/plugins/crypto_sw_scheduler/main.c +++ b/src/plugins/crypto_sw_scheduler/main.c @@ -255,6 +255,7 @@ crypto_sw_scheduler_convert_link_crypto (vlib_main_t * vm, integ_op->digest = fe->digest; integ_op->digest_len = digest_len; integ_op->key_index = key->index_integ; + crypto_op->flags = integ_op->flags = 0; if (is_enc) crypto_op->flags |= VNET_CRYPTO_OP_FLAG_INIT_IV; else -- 2.16.6