AAD lengths are needed in crypto API but not in IPSEC API. So, application should ignore AAD capability values in IPSEC API.
Signed-off-by: Petri Savolainen <petri.savolai...@linaro.org> --- include/odp/api/spec/ipsec.h | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/include/odp/api/spec/ipsec.h b/include/odp/api/spec/ipsec.h index f5f84588..7e75b4bf 100644 --- a/include/odp/api/spec/ipsec.h +++ b/include/odp/api/spec/ipsec.h @@ -753,7 +753,9 @@ int odp_ipsec_cipher_capability(odp_cipher_alg_t cipher, * Outputs all supported configuration options for the algorithm. Output is * sorted (from the smallest to the largest) first by digest length, then by key * length. Use this information to select key lengths, etc authentication - * algorithm options for SA creation (odp_ipsec_crypto_param_t). + * algorithm options for SA creation (odp_ipsec_crypto_param_t). Application + * must ignore values for AAD length capabilities as those are not relevant for + * IPSEC API (fixed in IPSEC RFCs). * * @param auth Authentication algorithm * @param[out] capa Array of capability structures for output -- 2.13.0