crypto: fix bad-hmac in sw scheduler if async mode

When IPsec async mode is enabled, packets don't pass through the tunnel
if ciphers other than AES GCM are used for child SAs. An error that
arises is "bad-hmac" in the "crypto-dispatch" node.

On the encryption stage, the VNET_CRYPTO_OP_FLAG_HMAC_CHECK flag is set
for the integrity crypto operation when it's not supposed to. It seems
that the flag remains from the previous operation.

With this change, zero flags of crypto operations in the SW scheduler
during operation filling.

Type: fix
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Change-Id: Iabac253474e95cb01f9ec0933f3c4860f8a5289c

diff --git a/src/plugins/crypto_sw_scheduler/main.c b/src/plugins/crypto_sw_scheduler/main.c
index 2e4ad42..980fa14 100644 (file)
--- a/src/plugins/crypto_sw_scheduler/main.c
+++ b/src/plugins/crypto_sw_scheduler/main.c
@@ -255,6 +255,7 @@ crypto_sw_scheduler_convert_link_crypto (vlib_main_t * vm,
   integ_op->digest = fe->digest;
   integ_op->digest_len = digest_len;
   integ_op->key_index = key->index_integ;
+  crypto_op->flags = integ_op->flags = 0;
   if (is_enc)
     crypto_op->flags |= VNET_CRYPTO_OP_FLAG_INIT_IV;
   else