Commit 60542505 authored by Horia Geanta's avatar Horia Geanta Committed by Herbert Xu

crypto: talitos - fix icv management on outbound direction

For IPsec encryption, in the case when:
-the input buffer is fragmented (edesc->src_nents > 0)
-the output buffer is not fragmented (edesc->dst_nents = 0)
the ICV is not output in the link table, but after the encrypted payload.

Copying the ICV must be avoided in this case; consequently the condition
edesc->dma_len > 0 must be more specific, i.e. must depend on the type
of the output buffer - fragmented or not.

Testing was performed by modifying testmgr to support src != dst,
since currently native kernel IPsec does in-place encryption
(src == dst).
Signed-off-by: default avatarHoria Geanta <horia.geanta@freescale.com>
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
parent b286e003
...@@ -825,7 +825,7 @@ static void ipsec_esp_encrypt_done(struct device *dev, ...@@ -825,7 +825,7 @@ static void ipsec_esp_encrypt_done(struct device *dev,
ipsec_esp_unmap(dev, edesc, areq); ipsec_esp_unmap(dev, edesc, areq);
/* copy the generated ICV to dst */ /* copy the generated ICV to dst */
if (edesc->dma_len) { if (edesc->dst_nents) {
icvdata = &edesc->link_tbl[edesc->src_nents + icvdata = &edesc->link_tbl[edesc->src_nents +
edesc->dst_nents + 2]; edesc->dst_nents + 2];
sg = sg_last(areq->dst, edesc->dst_nents); sg = sg_last(areq->dst, edesc->dst_nents);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment