From 48524a9072c1c7cda964f8777d3a08a1aa63c533 Mon Sep 17 00:00:00 2001
From: Benoît Ganne <bganne@cisco.com>
Date: Fri, 22 Jan 2021 18:11:37 +0100
Subject: crypto: fix ops flags in crypto sw scheduler
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The crypto op flags must be reset to frame flags minus invalid values
depending of the operation, instead of forcing them to specific values.

Type: fix

Change-Id: Ib02c2a738bbca6962394b3c03088d516d0da56a0
Signed-off-by: Benoît Ganne <bganne@cisco.com>
---
 src/plugins/crypto_sw_scheduler/main.c | 9 ++-------
 src/vnet/ipsec/esp_decrypt.c           | 2 ++
 2 files changed, 4 insertions(+), 7 deletions(-)

(limited to 'src')

diff --git a/src/plugins/crypto_sw_scheduler/main.c b/src/plugins/crypto_sw_scheduler/main.c
index 980fa14e5f1..29f91b36345 100644
--- a/src/plugins/crypto_sw_scheduler/main.c
+++ b/src/plugins/crypto_sw_scheduler/main.c
@@ -148,8 +148,6 @@ cryptodev_sw_scheduler_sgl (vlib_main_t * vm,
   u32 n_chunks = 0;
   u32 chunk_index = vec_len (ptd->chunks);
 
-  op->flags |= VNET_CRYPTO_OP_FLAG_CHAINED_BUFFERS;
-
   while (len)
     {
       if (nb->current_data + nb->current_length > offset)
@@ -251,15 +249,12 @@ crypto_sw_scheduler_convert_link_crypto (vlib_main_t * vm,
   crypto_op->iv = fe->iv;
   crypto_op->key_index = key->index_crypto;
   crypto_op->user_data = 0;
+  crypto_op->flags = fe->flags & ~VNET_CRYPTO_OP_FLAG_HMAC_CHECK;
   integ_op->op = integ_op_id;
   integ_op->digest = fe->digest;
   integ_op->digest_len = digest_len;
   integ_op->key_index = key->index_integ;
-  crypto_op->flags = integ_op->flags = 0;
-  if (is_enc)
-    crypto_op->flags |= VNET_CRYPTO_OP_FLAG_INIT_IV;
-  else
-    integ_op->flags |= VNET_CRYPTO_OP_FLAG_HMAC_CHECK;
+  integ_op->flags = fe->flags & ~VNET_CRYPTO_OP_FLAG_INIT_IV;
   crypto_op->user_data = integ_op->user_data = index;
 }
 
diff --git a/src/vnet/ipsec/esp_decrypt.c b/src/vnet/ipsec/esp_decrypt.c
index ea5a99c6fa1..8c4a9e22182 100644
--- a/src/vnet/ipsec/esp_decrypt.c
+++ b/src/vnet/ipsec/esp_decrypt.c
@@ -632,6 +632,8 @@ esp_decrypt_prepare_async_frame (vlib_main_t *vm, vlib_node_runtime_t *node,
       key_index = sa0->linked_key_index;
       integ_start_offset = payload - b->data;
       integ_len = len;
+      if (PREDICT_TRUE (sa0->integ_op_id != VNET_CRYPTO_OP_NONE))
+	flags |= VNET_CRYPTO_OP_FLAG_HMAC_CHECK;
 
       if (pd->is_chain)
 	{
-- 
cgit 1.2.3-korg