From: Horia Geanta Subject: [PATCH 1/5] crypto: talitos - fix icv management on outbound direction Date: Thu, 2 Aug 2012 17:16:37 +0300 Message-ID: <1343917001-20001-1-git-send-email-horia.geanta@freescale.com> Mime-Version: 1.0 Content-Type: text/plain Cc: Herbert Xu , "David S. Miller" , Kim Phillips To: Return-path: Received: from am1ehsobe003.messaging.microsoft.com ([213.199.154.206]:3539 "EHLO am1outboundpool.messaging.microsoft.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752397Ab2HBORo (ORCPT ); Thu, 2 Aug 2012 10:17:44 -0400 Sender: linux-crypto-owner@vger.kernel.org List-ID: For IPsec encryption, in the case when: -the input buffer is fragmented (edesc->src_nents > 0) -the output buffer is not fragmented (edesc->dst_nents = 0) the ICV is not output in the link table, but after the encrypted payload. Copying the ICV must be avoided in this case; consequently the condition edesc->dma_len > 0 must be more specific, i.e. must depend on the type of the output buffer - fragmented or not. Testing was performed by modifying testmgr to support src != dst, since currently native kernel IPsec does in-place encryption (src == dst). Signed-off-by: Horia Geanta --- drivers/crypto/talitos.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/drivers/crypto/talitos.c b/drivers/crypto/talitos.c index efff788..9d56763 100644 --- a/drivers/crypto/talitos.c +++ b/drivers/crypto/talitos.c @@ -825,7 +825,7 @@ static void ipsec_esp_encrypt_done(struct device *dev, ipsec_esp_unmap(dev, edesc, areq); /* copy the generated ICV to dst */ - if (edesc->dma_len) { + if (edesc->dst_nents) { icvdata = &edesc->link_tbl[edesc->src_nents + edesc->dst_nents + 2]; sg = sg_last(areq->dst, edesc->dst_nents); -- 1.7.3.4