crypto: fix chained buffer integrity support

Type: fix

Change-Id: I984a3e577a4209e41d046eaf3a8eef8986dc6147
Signed-off-by: Benoît Ganne <bganne@cisco.com>

2 files changed, 16 insertions, 2 deletions

diff --git a/src/plugins/crypto_sw_scheduler/main.c b/src/plugins/crypto_sw_scheduler/main.c
index 29f91b36345..fa2611f065c 100644
--- a/src/plugins/crypto_sw_scheduler/main.c
+++ b/src/plugins/crypto_sw_scheduler/main.c
@@ -170,7 +170,21 @@ cryptodev_sw_scheduler_sgl (vlib_main_t * vm,
 	break;
     }
 
-  ASSERT (offset == 0 && len == 0);
+  ASSERT (offset == 0);
+  if (n_chunks && len)
+    {
+      /* Some async crypto users can use buffers in creative ways, let's allow
+       * some flexibility here...
+       * Current example is ESP decrypt with ESN in async mode: it will stash
+       * ESN at the end of the last buffer (if it can) because it must be part
+       * of the integrity check but it will not update the buffer length.
+       * Fixup the last operation chunk length if we have room.
+       */
+      ASSERT (vlib_buffer_space_left_at_end (vm, nb) >= len);
+      if (vlib_buffer_space_left_at_end (vm, nb) >= len)
+	ch->len += len;
+    }
+
   op->chunk_index = chunk_index;
   op->n_chunks = n_chunks;
 }
diff --git a/test/test_ipsec_esp.py b/test/test_ipsec_esp.py
index acff595996b..95703f5a076 100644
--- a/test/test_ipsec_esp.py
+++ b/test/test_ipsec_esp.py
@@ -21,7 +21,7 @@ from vpp_ip import DpoProto
 from vpp_papi import VppEnum
 
 NUM_PKTS = 67
-engines_supporting_chain_bufs = ["openssl"]
+engines_supporting_chain_bufs = ["openssl", "async"]
 engines = ["ia32", "ipsecmb", "openssl"]