ipsec: fix esn handling Change-Id: I27f24095309082363ba0d0ba4bd69e2c0741dc1c Signed-off-by: Damjan Marion <damarion@cisco.com>

commit: af73eda08059f0168738d63c29ab09e0b8cf211c [log] [tgz]
author: Damjan Marion <damarion@cisco.com> Wed Mar 20 16:30:54 2019 +0100
committer: Florin Coras <florin.coras@gmail.com> Fri Mar 22 14:53:33 2019 +0000
tree: fa3c83547a2929e9194eba1396c8fc00cd04f440
parent: 00a442068d353fd60cbd743f2dfb42ee7407d267 [diff] [blame]
diff --git a/src/vnet/ipsec/esp.h b/src/vnet/ipsec/esp.h
index 8e61d9d..b0364b5 100644
--- a/src/vnet/ipsec/esp.h
+++ b/src/vnet/ipsec/esp.h

@@ -220,17 +220,13 @@
   op->len = data_len;
   op->dst = signature;
   op->hmac_trunc_len = sa->integ_trunc_size;
-#if 0
 
-  HMAC_Init_ex (ctx, key, key_len, md, NULL);
+  if (sa->use_esn)
+    {
+      op->len += 4;
+      clib_memcpy (data + data_len, &sa->seq_hi, 4);
+    }
 
-  HMAC_Update (ctx, data, data_len);
-
-  if (PREDICT_TRUE (use_esn))
-    HMAC_Update (ctx, (u8 *) & seq_hi, sizeof (seq_hi));
-  HMAC_Final (ctx, signature, &len);
-
-#endif
   vnet_crypto_process_ops (vm, op, 1);
   return sa->integ_trunc_size;
 }
commit	af73eda08059f0168738d63c29ab09e0b8cf211c	[log] [tgz]
author	Damjan Marion <damarion@cisco.com>	Wed Mar 20 16:30:54 2019 +0100
committer	Florin Coras <florin.coras@gmail.com>	Fri Mar 22 14:53:33 2019 +0000
tree	fa3c83547a2929e9194eba1396c8fc00cd04f440
parent	00a442068d353fd60cbd743f2dfb42ee7407d267 [diff] [blame]