auth: the outbuf of AES should be multiple of block size

author Kefu Chai <kchai@redhat.com>

Tue, 3 Apr 2018 09:16:30 +0000 (17:16 +0800)

committer Sage Weil <sage@redhat.com>

Thu, 24 May 2018 18:28:16 +0000 (13:28 -0500)
author Kefu Chai <kchai@redhat.com>
Tue, 3 Apr 2018 09:16:30 +0000 (17:16 +0800)
committer Sage Weil <sage@redhat.com>
Thu, 24 May 2018 18:28:16 +0000 (13:28 -0500)
diff --git a/src/auth/Crypto.cc b/src/auth/Crypto.cc

index e5445eeec6c22137ba42f49b603ce424eeebfd2b..d777c36995f75125b3f9a81440773b66bc9b4327 100644 (file)
--- a/src/auth/Crypto.cc
+++ b/src/auth/Crypto.cc
@@ -135,9 +135,9 @@ static int nss_aes_operation(
                              const bufferlist& in, bufferlist& out,
                              std::string *error)
  {
-  // sample source said this has to be at least size of input + 8,
-  // but i see 15 still fail with SEC_ERROR_OUTPUT_LEN
-  bufferptr out_tmp(in.length()+16);
+  // we are using CEPH_AES_IV for the IV param, so take it into consideration.
+  bufferptr out_tmp{round_up_to(in.length() + sizeof(CEPH_AES_IV),
+                                AES_BLOCK_LEN)};
    bufferlist incopy;
  
    SECStatus ret;
author	Kefu Chai <kchai@redhat.com>
	Tue, 3 Apr 2018 09:16:30 +0000 (17:16 +0800)
committer	Sage Weil <sage@redhat.com>
	Thu, 24 May 2018 18:28:16 +0000 (13:28 -0500)