From: Kefu Chai <kchai@redhat.com>
Date: Tue, 3 Apr 2018 09:16:30 +0000 (+0800)
Subject: auth: the outbuf of AES should be multiple of block size
X-Git-Tag: v14.0.0~67^2~6
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=7635485d34c99671030a10e1da67945c19b4fc88;p=ceph.git

auth: the outbuf of AES should be multiple of block size

Signed-off-by: Kefu Chai <kchai@redhat.com>
(cherry picked from commit 3cfcd02af6381022081d51367f7338bde1fcb1d2)
---

diff --git a/src/auth/Crypto.cc b/src/auth/Crypto.cc
index ffe1d41b2179..7dedb069c6ae 100644
--- a/src/auth/Crypto.cc
+++ b/src/auth/Crypto.cc
@@ -135,9 +135,9 @@ static int nss_aes_operation(
 			     const bufferlist& in, bufferlist& out,
 			     std::string *error)
 {
-  // sample source said this has to be at least size of input + 8,
-  // but i see 15 still fail with SEC_ERROR_OUTPUT_LEN
-  bufferptr out_tmp(in.length()+16);
+  // we are using CEPH_AES_IV for the IV param, so take it into consideration.
+  bufferptr out_tmp{round_up_to(in.length() + sizeof(CEPH_AES_IV),
+                                AES_BLOCK_LEN)};
   bufferlist incopy;
 
   SECStatus ret;