auth: the outbuf of AES should be multiple of block size

author Kefu Chai <kchai@redhat.com>

Tue, 3 Apr 2018 09:16:30 +0000 (17:16 +0800)

committer Radoslaw Zarzynski <rzarzyns@redhat.com>

Fri, 18 May 2018 14:48:32 +0000 (10:48 -0400)
author Kefu Chai <kchai@redhat.com>
Tue, 3 Apr 2018 09:16:30 +0000 (17:16 +0800)
committer Radoslaw Zarzynski <rzarzyns@redhat.com>
Fri, 18 May 2018 14:48:32 +0000 (10:48 -0400)
diff --git a/src/auth/Crypto.cc b/src/auth/Crypto.cc

index ffe1d41b21791edf7e29c8cf549fa0c3a076e2ac..7dedb069c6ae6e3ed23fcb51c4d7df70ed548462 100644 (file)
--- a/src/auth/Crypto.cc
+++ b/src/auth/Crypto.cc
@@ -135,9 +135,9 @@ static int nss_aes_operation(
                              const bufferlist& in, bufferlist& out,
                              std::string *error)
  {
-  // sample source said this has to be at least size of input + 8,
-  // but i see 15 still fail with SEC_ERROR_OUTPUT_LEN
-  bufferptr out_tmp(in.length()+16);
+  // we are using CEPH_AES_IV for the IV param, so take it into consideration.
+  bufferptr out_tmp{round_up_to(in.length() + sizeof(CEPH_AES_IV),
+                                AES_BLOCK_LEN)};
    bufferlist incopy;
  
    SECStatus ret;
author	Kefu Chai <kchai@redhat.com>
	Tue, 3 Apr 2018 09:16:30 +0000 (17:16 +0800)
committer	Radoslaw Zarzynski <rzarzyns@redhat.com>
	Fri, 18 May 2018 14:48:32 +0000 (10:48 -0400)