diff options
author | Horia Geanta <horia.geanta@freescale.com> | 2012-08-02 10:16:37 -0400 |
---|---|---|
committer | Herbert Xu <herbert@gondor.apana.org.au> | 2012-08-28 11:56:26 -0400 |
commit | 60542505b0bccbc5e2e518c9dd6bee9a30546061 (patch) | |
tree | 26c11e2662308780dc4719e4254111414ad9d194 /drivers/crypto | |
parent | b286e00304f9c1d27b93753536ac5246a287dd55 (diff) |
crypto: talitos - fix icv management on outbound direction
For IPsec encryption, in the case when:
-the input buffer is fragmented (edesc->src_nents > 0)
-the output buffer is not fragmented (edesc->dst_nents = 0)
the ICV is not output in the link table, but after the encrypted payload.
Copying the ICV must be avoided in this case; consequently the condition
edesc->dma_len > 0 must be more specific, i.e. must depend on the type
of the output buffer - fragmented or not.
Testing was performed by modifying testmgr to support src != dst,
since currently native kernel IPsec does in-place encryption
(src == dst).
Signed-off-by: Horia Geanta <horia.geanta@freescale.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'drivers/crypto')
-rw-r--r-- | drivers/crypto/talitos.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/drivers/crypto/talitos.c b/drivers/crypto/talitos.c index b299f0902827..8653f601b95f 100644 --- a/drivers/crypto/talitos.c +++ b/drivers/crypto/talitos.c | |||
@@ -825,7 +825,7 @@ static void ipsec_esp_encrypt_done(struct device *dev, | |||
825 | ipsec_esp_unmap(dev, edesc, areq); | 825 | ipsec_esp_unmap(dev, edesc, areq); |
826 | 826 | ||
827 | /* copy the generated ICV to dst */ | 827 | /* copy the generated ICV to dst */ |
828 | if (edesc->dma_len) { | 828 | if (edesc->dst_nents) { |
829 | icvdata = &edesc->link_tbl[edesc->src_nents + | 829 | icvdata = &edesc->link_tbl[edesc->src_nents + |
830 | edesc->dst_nents + 2]; | 830 | edesc->dst_nents + 2]; |
831 | sg = sg_last(areq->dst, edesc->dst_nents); | 831 | sg = sg_last(areq->dst, edesc->dst_nents); |