ligang/vpp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

crypto: fix chained buffer integrity support

Browse Source 
Type: fix

Change-Id: I984a3e577a4209e41d046eaf3a8eef8986dc6147
Signed-off-by: Benoît Ganne <bganne@cisco.com>
This commit is contained in:
Benoît Ganne
2021-03-08 10:22:51 +01:00
committed by Fan Zhang
parent edda5926e0
commit 5c481ff732
2 changed files with 16 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
src/plugins/crypto_sw_scheduler/main.c
View File

@ -170,7 +170,21 @@ cryptodev_sw_scheduler_sgl (vlib_main_t * vm,
break; break;
} }
ASSERT (offset == 0 && len == 0); ASSERT (offset == 0);
if (n_chunks && len)
{
/* Some async crypto users can use buffers in creative ways, let's allow
* some flexibility here...
* Current example is ESP decrypt with ESN in async mode: it will stash
* ESN at the end of the last buffer (if it can) because it must be part
* of the integrity check but it will not update the buffer length.
* Fixup the last operation chunk length if we have room.
*/
ASSERT (vlib_buffer_space_left_at_end (vm, nb) >= len);
if (vlib_buffer_space_left_at_end (vm, nb) >= len)
ch->len += len;
}
op->chunk_index = chunk_index; op->chunk_index = chunk_index;
op->n_chunks = n_chunks; op->n_chunks = n_chunks;
} }

2
test/test_ipsec_esp.py
View File

@ -21,7 +21,7 @@ from vpp_ip import DpoProto
from vpp_papi import VppEnum from vpp_papi import VppEnum
NUM_PKTS = 67 NUM_PKTS = 67
engines_supporting_chain_bufs = ["openssl"] engines_supporting_chain_bufs = ["openssl", "async"]
engines = ["ia32", "ipsecmb", "openssl"] engines = ["ia32", "ipsecmb", "openssl"]