From 5c481ff732caef6cbd4e3c095e802f095a920d82 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Beno=C3=AEt=20Ganne?= Date: Mon, 8 Mar 2021 10:22:51 +0100 Subject: [PATCH] crypto: fix chained buffer integrity support MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Type: fix Change-Id: I984a3e577a4209e41d046eaf3a8eef8986dc6147 Signed-off-by: Benoît Ganne --- src/plugins/crypto_sw_scheduler/main.c | 16 +++++++++++++++- test/test_ipsec_esp.py | 2 +- 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/src/plugins/crypto_sw_scheduler/main.c b/src/plugins/crypto_sw_scheduler/main.c index 29f91b36345..fa2611f065c 100644 --- a/src/plugins/crypto_sw_scheduler/main.c +++ b/src/plugins/crypto_sw_scheduler/main.c @@ -170,7 +170,21 @@ cryptodev_sw_scheduler_sgl (vlib_main_t * vm, break; } - ASSERT (offset == 0 && len == 0); + ASSERT (offset == 0); + if (n_chunks && len) + { + /* Some async crypto users can use buffers in creative ways, let's allow + * some flexibility here... + * Current example is ESP decrypt with ESN in async mode: it will stash + * ESN at the end of the last buffer (if it can) because it must be part + * of the integrity check but it will not update the buffer length. + * Fixup the last operation chunk length if we have room. + */ + ASSERT (vlib_buffer_space_left_at_end (vm, nb) >= len); + if (vlib_buffer_space_left_at_end (vm, nb) >= len) + ch->len += len; + } + op->chunk_index = chunk_index; op->n_chunks = n_chunks; } diff --git a/test/test_ipsec_esp.py b/test/test_ipsec_esp.py index acff595996b..95703f5a076 100644 --- a/test/test_ipsec_esp.py +++ b/test/test_ipsec_esp.py @@ -21,7 +21,7 @@ from vpp_ip import DpoProto from vpp_papi import VppEnum NUM_PKTS = 67 -engines_supporting_chain_bufs = ["openssl"] +engines_supporting_chain_bufs = ["openssl", "async"] engines = ["ia32", "ipsecmb", "openssl"] -- 2.16.6