crypto: fix chained buffer integrity support

Type: fix Change-Id: I984a3e577a4209e41d046eaf3a8eef8986dc6147 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-03-08 10:22:51 +01:00
parent edda5926e0
commit 5c481ff732
2 changed files with 16 additions and 2 deletions
--- a/src/plugins/crypto_sw_scheduler/main.c
+++ b/src/plugins/crypto_sw_scheduler/main.c
@ -170,7 +170,21 @@ cryptodev_sw_scheduler_sgl (vlib_main_t * vm,
 	break;
    }

-  ASSERT (offset == 0 && len == 0);
+  ASSERT (offset == 0);
+  if (n_chunks && len)
+    {
+      /* Some async crypto users can use buffers in creative ways, let's allow
+       * some flexibility here...
+       * Current example is ESP decrypt with ESN in async mode: it will stash
+       * ESN at the end of the last buffer (if it can) because it must be part
+       * of the integrity check but it will not update the buffer length.
+       * Fixup the last operation chunk length if we have room.
+       */
+      ASSERT (vlib_buffer_space_left_at_end (vm, nb) >= len);
+      if (vlib_buffer_space_left_at_end (vm, nb) >= len)
+	ch->len += len;
+    }
+
  op->chunk_index = chunk_index;
  op->n_chunks = n_chunks;
 }
--- a/test/test_ipsec_esp.py
+++ b/test/test_ipsec_esp.py
@ -21,7 +21,7 @@ from vpp_ip import DpoProto
 from vpp_papi import VppEnum

 NUM_PKTS = 67
-engines_supporting_chain_bufs = ["openssl"]
+engines_supporting_chain_bufs = ["openssl", "async"]
 engines = ["ia32", "ipsecmb", "openssl"]