path: root/drivers/crypto/talitos.c
diff options
authorHoria Geanta <horia.geanta@freescale.com>2012-08-02 17:16:37 +0300
committerHerbert Xu <herbert@gondor.apana.org.au>2012-08-28 23:56:26 +0800
commit60542505b0bccbc5e2e518c9dd6bee9a30546061 (patch)
tree26c11e2662308780dc4719e4254111414ad9d194 /drivers/crypto/talitos.c
parentb286e00304f9c1d27b93753536ac5246a287dd55 (diff)
crypto: talitos - fix icv management on outbound direction
For IPsec encryption, in the case when: -the input buffer is fragmented (edesc->src_nents > 0) -the output buffer is not fragmented (edesc->dst_nents = 0) the ICV is not output in the link table, but after the encrypted payload. Copying the ICV must be avoided in this case; consequently the condition edesc->dma_len > 0 must be more specific, i.e. must depend on the type of the output buffer - fragmented or not. Testing was performed by modifying testmgr to support src != dst, since currently native kernel IPsec does in-place encryption (src == dst). Signed-off-by: Horia Geanta <horia.geanta@freescale.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'drivers/crypto/talitos.c')
1 files changed, 1 insertions, 1 deletions
diff --git a/drivers/crypto/talitos.c b/drivers/crypto/talitos.c
index b299f0902827..8653f601b95f 100644
--- a/drivers/crypto/talitos.c
+++ b/drivers/crypto/talitos.c
@@ -825,7 +825,7 @@ static void ipsec_esp_encrypt_done(struct device *dev,
ipsec_esp_unmap(dev, edesc, areq);
/* copy the generated ICV to dst */
- if (edesc->dma_len) {
+ if (edesc->dst_nents) {
icvdata = &edesc->link_tbl[edesc->src_nents +
edesc->dst_nents + 2];
sg = sg_last(areq->dst, edesc->dst_nents);